Release eumw-1.1.2

.hgtags

@@ -20,3 +20,5 @@ a642705f08408a92390a630e88983470adb5b6e3 eumw-1.0.6
 6f5416237c12951f787b173076a3249f4ea7eb2d eumw-1.1.1.RC1
 9a7e2d39e97e2fb6be62227a1dd9b46ba0098961 eumw-1.1.1.RC2
 4868dfe3363f32b42c160d3d68aa17d9eebdb70b eumw-1.1.1.RC3
+a65d8995de6f6f209f5b99a2b2ca65bfca19ed57 eumw-1.1.1
+04dd90b525d5ca1351fbcf0310c97e8a68ccb4e6 eumw-1.1.2-RC1

configuration-wizard/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>1.1.1</version>
+        <version>1.1.2</version>
     </parent>
     <artifactId>configuration-wizard</artifactId>
 

databasemigration/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<artifactId>eumw</artifactId>
 		<groupId>de.governikus.eumw</groupId>
-		<version>1.1.1</version>
+		<version>1.1.2</version>
 	</parent>
 	<artifactId>database-migration</artifactId>
 

dvca-connection-configurator/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>1.1.1</version>
+        <version>1.1.2</version>
     </parent>
     <artifactId>dvca-connection-configurator</artifactId>
     <name>dvca-connection-configurator</name>

eidas-common/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>de.governikus.eumw</groupId>
 		<artifactId>eumw</artifactId>
-		<version>1.1.1</version>
+		<version>1.1.2</version>
 	</parent>
 	<artifactId>eidas-common</artifactId>
 

eidas-demo/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>1.1.1</version>
+        <version>1.1.2</version>
     </parent>
     <artifactId>eidas-demo</artifactId>
 

eidas-middleware/docker/Dockerfile

@@ -17,7 +17,7 @@ USER eidas-middleware
 WORKDIR /opt/eidas-middleware
 
 # Download the release from github
-RUN wget https://github.com/Governikus/eidas-middleware/releases/download/${VERSION}/eidas-middleware-${VERSION}.jar
+RUN wget https://repo.govkg.de/repository/autent-releases//de/governikus/eumw/eidas-middleware/1.1.1/eidas-middleware-1.1.1.jar
 
 RUN    mv eidas-middleware*.jar eidas-middleware.jar &&\
     mkdir -p ${CONFIG_DIR}

eidas-middleware/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>1.1.1</version>
+        <version>1.1.2</version>
     </parent>
     <artifactId>eidas-middleware</artifactId>
 

eidas-starterkit/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>de.governikus.eumw</groupId>
 		<artifactId>eumw</artifactId>
-		<version>1.1.1</version>
+		<version>1.1.2</version>
 	</parent>
 	<artifactId>eidas-starterkit</artifactId>
 

password-generator/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>1.1.1</version>
+        <version>1.1.2</version>
     </parent>
     <artifactId>password-generator</artifactId>
 

pom.xml

@@ -14,7 +14,7 @@
 
     <groupId>de.governikus.eumw</groupId>
     <artifactId>eumw</artifactId>
-    <version>1.1.1</version>
+    <version>1.1.2</version>
     <packaging>pom</packaging>
 
     <name>EU Middleware</name>
@@ -37,7 +37,7 @@
     <scm>
         <url>https://github.com/Governikus/${project.artifactId}</url>
         <connection>${governikus.scm.connection}</connection>
-      <tag>eumw-1.1.1</tag>
+      <tag>eumw-1.1.2</tag>
   </scm>
 
     <developers>
@@ -67,25 +67,6 @@
         </developer>
     </developers>
 
-    <repositories>
-        <repository>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-            <id>bintray-governikus-public</id>
-            <name>bintray</name>
-            <url>https://dl.bintray.com/governikus/public</url>
-        </repository>
-        <repository>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-            <id>jcenter</id>
-            <name>jcenter</name>
-            <url>https://jcenter.bintray.com</url>
-        </repository>
-    </repositories>
-
     <distributionManagement>
         <repository>
             <id>${governikus.site.distributionId}</id>
@@ -111,10 +92,10 @@
         <maven.compiler.target>1.8</maven.compiler.target>
 
         <!-- crypto -->
-        <version.bouncycastle>1.61</version.bouncycastle>
+        <version.bouncycastle>1.64</version.bouncycastle>
         <version.javasupport>7.3.0</version.javasupport>
-        <version.opensaml>3.3.1-GOV5</version.opensaml>
-        <version.xmlsec>2.1.3</version.xmlsec>
+        <version.opensaml>3.3.1-GOV6</version.opensaml>
+        <version.xmlsec>2.1.4</version.xmlsec>
 
         <version.cxf>3.3.1</version.cxf>
         <version.spring>5.1.6.RELEASE</version.spring>
@@ -352,7 +333,7 @@
                     <configuration>
                         <keystore>NONE</keystore>
                         <storetype>PKCS11</storetype>
-                        <tsa>http://timestamp.globalsign.com/scripts/timestamp.dll</tsa>
+                        <tsa>${globalsign.tsa}</tsa>
                         <providerClass>sun.security.pkcs11.SunPKCS11</providerClass>
                         <providerArg>${globalsign.config}</providerArg>
                         <alias>${globalsign.alias}</alias>

poseidas-configuration/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>1.1.1</version>
+        <version>1.1.2</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

poseidas/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>de.governikus.eumw</groupId>
 		<artifactId>eumw</artifactId>
-		<version>1.1.1</version>
+		<version>1.1.2</version>
 	</parent>
 	<artifactId>poseidas</artifactId>
 

poseidas/src/main/java/de/governikus/eumw/poseidas/cardbase/crypto/sm/AESSecureMessaging.java

@@ -1,11 +1,10 @@
 /*
- * Copyright (c) 2019 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except
- * in compliance with the Licence. You may obtain a copy of the Licence at:
- * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing,
- * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS
- * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and
- * limitations under the Licence.
+ * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the
+ * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance
+ * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless
+ * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an
+ * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the
+ * specific language governing permissions and limitations under the Licence.
  */
 
 package de.governikus.eumw.poseidas.cardbase.crypto.sm;
@@ -26,12 +25,14 @@
 import de.governikus.eumw.poseidas.cardbase.ArrayUtil;
 import de.governikus.eumw.poseidas.cardbase.AssertUtil;
 import de.governikus.eumw.poseidas.cardbase.ByteUtil;
+import de.governikus.eumw.poseidas.cardbase.Hex;
 import de.governikus.eumw.poseidas.cardbase.asn1.ASN1;
 import de.governikus.eumw.poseidas.cardbase.asn1.ASN1Constants;
 import de.governikus.eumw.poseidas.cardbase.card.CommandAPDUConstants;
 import de.governikus.eumw.poseidas.cardbase.card.SecureMessaging;
 import de.governikus.eumw.poseidas.cardbase.card.SecureMessagingException;
 import de.governikus.eumw.poseidas.cardbase.crypto.CipherUtil;
+import lombok.extern.slf4j.Slf4j;
 
 
 /**
@@ -41,6 +42,7 @@
  * @author Jens Wothe, jw@bos-bremen.de
  * @author Arne Stahlbock, ast@bos-bremen.de
  */
+@Slf4j
 public class AESSecureMessaging implements SecureMessaging
 {
 
@@ -91,9 +93,8 @@ public CommandAPDU encipherCommand(CommandAPDU command) throws
     byte[] macDOBytes = createMacDO(secureHeaderPaddedBytes, cryptogramDOBytes, neDOBytes);
     byte[] dataFieldBytes = ByteUtil.combine(new byte[][]{cryptogramDOBytes, neDOBytes, macDOBytes});
     int l = getNewLe(neDOBytes, dataFieldBytes);
-    CommandAPDU result = new CommandAPDU(secureHeaderBytes[0], secureHeaderBytes[1], secureHeaderBytes[2],
-                                         secureHeaderBytes[3], dataFieldBytes, l);
-    return result;
+    return new CommandAPDU(secureHeaderBytes[0], secureHeaderBytes[1], secureHeaderBytes[2], secureHeaderBytes[3],
+                           dataFieldBytes, l);
   }
 
   private int getNewLe(byte[] neDOBytes, byte[] dataFieldBytes)
@@ -141,15 +142,11 @@ public ResponseAPDU decipherResponse(ResponseAPDU response) throws
     AssertUtil.notNull(response, "response");
     this.material.getIvParameterSpec().increaseSSC();
 
-    byte[] responseBytes = response.getBytes();
-    if (responseBytes.length == 2)
-    {
-      return response;
-    }
     byte[] responseData = response.getData();
     if (ArrayUtil.isNullOrEmpty(responseData))
     {
-      return response;
+      log.warn("Error 6419: no data");
+      throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE, "response is not encrypted", null);
     }
     ASN1[] childs = getDataChilds(responseData);
     byte[] encDataDOBytes = null;
@@ -205,12 +202,16 @@ else if (SMConstants.TAG_BYTE_DO_CRYPTOGRPAHIC_CHECKSUM == tag)
       }
       else
       {
-        throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE,
-                                           "unrecognized DO at response", null);
+        if (tag >= 0x61 && tag <= 0x76)
+        {
+          log.warn("Error 6419: data object {}", Hex.hexify(child.getEncoded()));
+        }
+        throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE, "unrecognized DO at response", null);
       }
     }
     checkMac(macDOBytes, macData);
     byte[] dataBytes = getDataBytes(encDataDOBytes, encTag);
+    byte[] responseBytes = response.getBytes();
     byte[] result = ByteUtil.combine(new byte[][]{
                                                   dataBytes,
                                                   processDOBytes != null ? processDOBytes
@@ -267,8 +268,7 @@ private void checkMac(byte[] macDOBytes, byte[] macData) throws SecureMessagingE
     {
       // invalidate key material so the channel can no longer be used
       this.material = null;
-      throw new SecureMessagingException(SecureMessagingException.CODE_CARD,
-                                         "no checksum received from card", null);
+      throw new SecureMessagingException(SecureMessagingException.CODE_CARD, "no checksum received from card", null);
     }
     else
     {
@@ -369,8 +369,7 @@ private byte[] createCryptogramDO(CommandAPDU command) throws SecureMessagingExc
       ASN1 result;
       if (command.getINS() % 2 == 0)
       {
-        byte[] paddedCryptogram = ByteUtil.combine(new byte[]{SMConstants.PADDING_INDICATOR_BYTE_ISO},
-                                                   cryptogram);
+        byte[] paddedCryptogram = ByteUtil.combine(new byte[]{SMConstants.PADDING_INDICATOR_BYTE_ISO}, cryptogram);
         result = new ASN1(SMConstants.TAG_BYTE_DO_CRYPTOGRAM, paddedCryptogram);
       }
       else

poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/read/Read.java

@@ -1,11 +1,10 @@
 /*
- * Copyright (c) 2019 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except
- * in compliance with the Licence. You may obtain a copy of the Licence at:
- * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing,
- * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS
- * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and
- * limitations under the Licence.
+ * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the
+ * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance
+ * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless
+ * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an
+ * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the
+ * specific language governing permissions and limitations under the Licence.
  */
 
 package de.governikus.eumw.poseidas.cardserver.eac.functions.read;
@@ -41,8 +40,7 @@
  * @author Jens Wothe, jw@bos-bremen.de
  */
 public class Read extends AbstractFunctionStep<ReadParameter, ReadResult> implements
-  FunctionStep<ReadParameter, ReadResult>, TransmitCommandCreator<ReadParameter>,
-  TransmitResultEvaluator<ReadResult>
+  FunctionStep<ReadParameter, ReadResult>, TransmitCommandCreator<ReadParameter>, TransmitResultEvaluator<ReadResult>
 {
 
   /**
@@ -98,8 +96,9 @@ public List<InputAPDUInfoType> create(ReadParameter parameter, List<ResponseAPDU
     }
     else
     {
-      command = new CommandAPDU((byte)0x00, (byte)0xb0, parameter.getSfi() != null
-        ? (parameter.getSfi() | 0x80) : (byte)(parameter.getOffset() / 256),
+      command = new CommandAPDU((byte)0x00, (byte)0xb0,
+                                parameter.getSfi() != null ? (parameter.getSfi() | 0x80)
+                                  : (byte)(parameter.getOffset() / 256),
                                 (byte)(parameter.getOffset() % 256), null, parameter.getLength());
     }
     return InputAPDUInfoTypeUtil.create(command, acceptedResponseList);
@@ -109,14 +108,14 @@ public List<InputAPDUInfoType> create(ReadParameter parameter, List<ResponseAPDU
   @Override
   public ReadResult evaluate(TransmitAPDUResult transmitResult, int[] responseIndices)
   {
-    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult,
-                                                                  responseIndices,
-                                                                  getMinimumCount(),
-                                                                  getMaximumCount());
     if (transmitResult.getThrowable() != null)
     {
       return new ReadResult(transmitResult.getThrowable());
     }
+    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult,
+                                                                  responseIndices,
+                                                                  getMinimumCount(),
+                                                                  getMaximumCount());
     ResponseAPDU resp = new ResponseAPDU(transmitResult.getData().getOutputAPDU().get(responseIndices[0]));
     if (resp.getSW() == SmartCardCodeConstants.SUCCESSFULLY_PROCESSED
         || resp.getSW() == SmartCardCodeConstants.EOF_READ)