development / build news
 
 
-- FILE ---------------------------------------------------------------------
-- name       : BuildNews.txt
-- project    : BoarderZone: Development Environment
-- created    : Leon Poyyayil - 2003-01-25
-- language   : English
-- environment: the human readers mind ... ;-)
-- copyright  : (c) 1990-2021 by Leon Poyyayil (private), Switzerland
-- license    : this is free software licensed under the GPL. see COPYING
-----------------------------------------------------------------------------

This file contains a description of the major code changes between builds of
the java and web-site code for BoarderZone.net which are relevant to developers.
See doc/BuildVersioning.txt for a more detailed description of how to read it.


=============================================================================
version: 0.21.821
creator: Leon Poyyayil
created: 2021-06-30 00:13:47
status:  release
----------------------------
- build process:
  - lib/cbor-java.jar: new library
  - lib/cbor4j.jar: new library
  - lib/cose4j.jar: new library
  - updated all javadoc library references (incl. JDK)
- package net.boarderzone.asn.support:
  - AsnOIDFormatterImplExt.properties: added OIDs for ICAO ePassport
- package net.boarderzone.cbor: new package for CBOR related functionality
  - CborTool: new class for convenient CBOR parsing and writing
  - CborXml: new class for converting arbitrary CBOR to/from XML
- package net.boarderzone.modules.geomap:
  - MapPanel:  fixed NPE in case of unavailable tiles
  - MapTileProviderImplYandexMaps: logging warning upon instantiation as
    this provider doesn't seem to work anymore (since 2021-06-29)
- package net.boarderzone.plugins.filehandler.cborxmleditor:
  new file handler to edit CBOR data as XML with schema validation
- package net.boarderzone.plugins.filehandler.jcetool:
  - AddEntryWizardState: added field for "SuggestedExtensions"
  - AddEntryWizardStepConfirmCertificateRequest: storing CSR extensions
    in wizard state for later use during certificate issuance
  - AddEntryWizardStepEnterExtensions: loading suggested extensions from
    wizard state upon start, to allow making use of the extensions received
    from the PKCS#10 CSR at the beginning
  - JceKeyStoreViewer: added support for loading the contents of ICAO
    MasterList files which contain Country Signing CA certificates
  - JceKeyStoreEditor: changed enabling of button to set the password of
    an entry so that it will be enabled for keys, regardless of whether
    they have a certificate attached or not. Securosys HSM was marking
    such entries as "trusted certificates" which resulted that action to
    be disabled ...
- package net.boarderzone.plugins.filehandler.texteditor:
  - JsonEditor: new plugin for specialized JSON editing capabilities
  - JsonEditorHandler: new file handler
  - JsonNormalizeAction: new action for normalizing JSON content
  - JsonPrettyPrintAction: new action for pretty printing JSON content
  - TextEditor: added support for customization through derivation
  - TextEditorHandler: moved most code into separate base class
  - TextEditorHandlerBase: new base class for shared code
- package net.boarderzone.security:
  - CertificateInspectionTool:
    - fixed NPE in case of strange DN components
    - corrected to better support DN components with escaping characters
  - CertificateVerificationTool: changed to only log a warning stack trace if
    the logger is in debug mode when certificate signature verification fails
- package net.boarderzone.security.gui:
  - PKCS10ViewerPanel: added tab with extension request details
- package net.boarderzone.util:
  - Base45Tool: added methods to validate input data before parsing
  - Base64Tool:
    - added methods to encode/decode to/from the URL variant of Base-64
    - fixed to reject more than 2 padding characters
    - fixed to reject padding characters embedded within the actual data
  - NamedString:
    - fixed parsing to support escaping of delimiter with \ to prevent
      accidentally splitting components
    - added support for (automatic) removal of escaping characters


=============================================================================
version: 0.21.820
creator: Leon Poyyayil
created: 2021-06-21 02:28:40
status:  developmental
----------------------------
- build process:
  - finished migration to JDK 1.8 to produce JDK 1.8 compatible byte code,
    e.g. to require a Java 8 JVM
    => code still not using lambda expressions as this is not supported by
       the retroguard obfuscator ... (future task to update this)
    => but allows to make use of new platform APIs
  - updated all file headers to specify JDK 1.8
  - lib/acme4j.jar: updated to 2.11
  - lib/jose4j.jar: updated to 0.7.7
  - lib.dev/*: updated all own libs and tools
  - lib.dev/JavaParserMetrics/*: updated to prevent unit-tests from being part
    of the generated metrics report
  - lib.dev/log4j.jar: updated to 2.14.1
  - lib.dev/slf4j-api.jar: updated to 1.7.25
- package net.boarderzone.afw:
  - Application:
    - added setting of system property "app.process" with the JVM process ID
    - adapted to updated Log4j to ensure usage of the BasicContextSelector
      => necessary to do this manually here to better support usage of the
         libraries in webapps which have a different need for context selectors
  - ApplicationDependency.xml: changed to require Log4j 2.14.1
- package net.boarderzone.apps.net.acmeclient:
  - AcmeClient: migrated to latest version of ACME library to support v2 protocol
    - removed options 'authorize' and 'acme-auto-authorize' as this
      always happens with ACMEv2
    - added option 'acme-contact' to specify a contact URI upon registration
    - added option 'acme-tos' to help in determining whether terms-of-service
      need to be confirmed or not
    - added option 'acme-validity-strict' to allow turning off strict checking
      of validity period mismatches on received certificate chains
      => necessary because Let's Encrypt returns a chain where the root CA
      certificate has a shorter lifetime than the issuing CA. this is a
      temporary compatibily measure to support old Android devices which don't
      have the new LE root CA certificate in their trust stores ...
    - fixed to not report "unsupported extensions" when something goes wrong
      during certificate chain status examination
    - fixed reporting of certificate chain indices
    - added possibility to dump the received certificates prior to validity
      checking (in debug mode) for troubleshooting
    - improved to load the root certificate before actually attempting to
      issue or renew a certificate to ensure that validation will be possible.
      => no more fatal validation error after issuance due to problems with
      the root certificate ...
  - AcmeClientDependency.xml: changed to require new library versions
- package net.boarderzone.asn:
  - AsnContainerValueInfo: added method getSubItem(int...) to directly access
    a possibly deeply nested sub-item in one call
- package net.boarderzone.asn.support:
  - AsnOIDFormatter: added new methods formatNice()
  - AsnOIDFormatterImpl: implemented new methods formatNice()
  - AsnOIDFormatterImplExt.properties:
    - corrected some minor mappings to prevent duplicate names for different
      (obsolete) OIDs
    - added ePassport OID mappings
  - AsnXml: added setting of the new optional "z" attribute on the OID element to
    contain the name of the last component only for better readability
  - AsnXml.xsd: added optional attribute "z" on the OID element
- package net.boarderzone.asn.value:
  - AsnContainerValueBase: implemented new method getSubItem(int...)
- package net.boarderzone.gui.widget:
  - ComponentFactory:
    - added new utility methods to create text fields, spinners and single
      column layout panels
    - simplified to have only a single getResourceString() method with variable
      argument list parameter for the message parameters
  - DirectoryListPanel: added support for encoding files to Base45 and raw ZLib
  - DirectoryTreePanel: added support for encoding files to Base45 and raw ZLib
  - EmptyIcon: new utility class
  - FileHandlerRegistryHelper: truncate the error message when opening a file
    fails to prevent the error dialog from getting too large
    (the full error message can still be seen in the details ...)
  - GenericPanelDialog: added accessor method for OK button
  - GridLayoutTool: added utility methods for single column layouts
  - LoggerConsole: adapted to changed Log4j API
  - MessageDialog: limiting the maximum length of the displayed error message
    to prevent overly large dialogs (potentially exceeding the screen size)
  - SimpleMutableListModel: new simple list model
  - SystemInformationFrame: added display of host name and process ID
- package net.boarderzone.plugins.filehandler.jcetools:
  - AddEntryWizard: added support for new step to enter custom extensions
  - AddEntryWizardState: added support for storing custom extensions
  - AddEntryWizardStepEnterAlternativeName: added support for UPN and DC-GUID
  - AddEntryWizardStepEnterExtensions: new step to enter custom extensions
  - AddEntryWizardStepIssueCertificate: added support for new custom extensions
- package net.boarderzone.plugins.filehandler.mscerttpleditor:
  - new file handler to edit MS certificate template XML files
- package net.boarderzone.plugins.filehandler.packviewer:
  - Packviewer: added support for decoding Base45 and raw ZLib encoded files
- package net.boarderzone.security:
  - AlternativeName:
    - added convenience methods for manipulating OtherNames:
      - UserPrincipalName
      - DomainControllerGUID
    - added support for using an AsnOIDFormatter for formatting to string
    - changed to display the text content in formatted output for the
      new UserPrincipalName and DomainControllerGUID variants
  - CertificateInspectionTool:
    - changed to use the AlternativeName.format() method for displaying the
      OtherName variants and thus re-use the support for the new variants
    - extended method getFullDN() to support using the defined ASN.1 OIDs in
      case some components of the DN are not known and represented as their
      numeric OID form in the given string: they will be replaced by the
      last component name of the OID if that is known
    - further extended method getFullDN() to attempt decoding component values
      in case they are represented as HEX values prefixed with a '#' sign
      (as is the case for some toString() implementations of X.500 names)
  - CertificateVerificationTool: added possibility to turn off strict checking
    of certificate validity period mismatches (Let's Encrypt returns a chain
    where the root certificate has a shorter lifetime than the issuing CA ...)
  - ExtendedKeyUsageOIDs: new constant pool for commonly used OIDs
  - ExtensionTool: new utility class to extract extensions from certs
  - ExtensionValue: new interface for generic handling of Extension values
  - ExtensionValue*: new utiltiy classes
  - KeyStoreEntryInfo: fixed detection of secret keys to default to true if it
    is a key entry but no certificate is present while the entry is still
    inaccessible due to a still unknown key password
    => this allows to recognize secret keys with a key password when opening
       a keystore (correct icon selected rather than "unknown")
  - X509CertificateChain: new utility class
  - X509Tool: new utility class
- package net.boarderzone.security.gui:
  - ExtensionEditor*: new utiltiy classes
  - ExtensionHandler*: new utiltiy classes
  - ExtensionListModel: new JList model
  - ExtensionPanel: new GUI class for a list of extensions
  - ExtensionSelection*: new GUI classes for selecting an extension type
  - JceCertViewerPanel: added new tab for extensions
  - OIDEditPanel: new class
  - OIDEditorDialog: new class
  - OIDField: new GUI class
  - OIDListPanel: new class
- package net.boarderzone.util:
  - Base45DecodingInputStream: new decoder stream class
  - Base45EncodingOutputStream: new encoder stream class
  - Base45FormatException: new I/O exception sub class
  - Base45Tool: new utility to en/decode Base45
  - Base64Tool:
    - fixed isValidBase64() to reject more bad input
    - fixed decode() to reject invalid padding when checking data format
  - CompressedFileKind: added ZLIB and BASE45 with corresponding support in helper methods
  - DirectoryIteratorActionFileCompressBase: added support for ZLIB and BASE45
  - EOL: added method enforce()
  - ExceptionTool: added possibility to limit the maximum length of the message
  - HexTool: fixed isValidHex() to reject more bad input
  - LoggerFactoryLog4j:
    - changed to not hard-wire usage of the BasicContextSelector to better
      support automatic configuration in webapps
    - adapted dynamic configuration update to new logj4 version to ensure
      existing loggers will update their configuration too
  - Platform: added constants to determine the JVM process ID
  - Radix: new utility class
  - StringTool: added utility methods limit() and appendSeparated()
  - TimePeriod: new utility class
- package net.boarderzone.util.xml:
  - XmlDOMHolder: new utility class
  - XmlMessageHelper: new utility class
  - XmlNamespaceContext: new utility class
  - XmlSerializer: removed legacy (pre JDK 1.5) code


-- EOF ----------------------------------------------------------------------