Changes required for web-eid-authtoken-validation-java v2.2.0

WE2-1132

Signed-off-by: Mart Somermaa <[email protected]>

Author: mrts

.github/workflows/maven-build.yml

@@ -7,18 +7,19 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v4
         with:
-          java-version: 1.8
+          distribution: temurin 
+          java-version: 8
 
       - name: Cache Maven packages
-        uses: actions/cache@v1
+        uses: actions/cache@v4
         with:
           path: ~/.m2
-          key: ${{ runner.os }}-m2-v8-${{ secrets.CACHE_VERSION }}-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2-v8-${{ secrets.CACHE_VERSION }}
+          key: ${{ runner.os }}-m2-v8-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2-v8
 
       - name: Build
         run: mvn --batch-mode compile

pom.xml

@@ -20,13 +20,32 @@
 		<java.version>1.8</java.version>
 		<maven-surefire-plugin.version>2.22.1</maven-surefire-plugin.version>
 		<caffeine.version>2.8.5</caffeine.version>
-		<webeid.version>2.1.2</webeid.version>
+		<webeid.version>2.2.0</webeid.version>
 		<digidoc4j.version>4.3.0</digidoc4j.version>
 		<guava.version>32.0.1-jre</guava.version>
-		<okhttp.version>4.10.0</okhttp.version>
+		<okhttp.version>5.3.0</okhttp.version>
 		<jmockit.version>1.44</jmockit.version>
 	</properties>
 
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>com.squareup.okhttp3</groupId>
+				<artifactId>okhttp-bom</artifactId>
+				<version>${okhttp.version}</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+			<dependency>
+				<groupId>org.jetbrains.kotlin</groupId>
+				<artifactId>kotlin-bom</artifactId>
+				<version>2.2.21</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -56,8 +75,7 @@
 		</dependency>
 		<dependency>
 			<groupId>com.squareup.okhttp3</groupId>
-			<artifactId>okhttp</artifactId>
-			<version>${okhttp.version}</version>
+			<artifactId>okhttp-jvm</artifactId>
 		</dependency>
 
 		<dependency>
@@ -66,7 +84,7 @@
 			<version>${digidoc4j.version}</version>
 		</dependency>
 		<dependency>
-			<groupId>org.webeid.security</groupId>
+			<groupId>eu.webeid.security</groupId>
 			<artifactId>authtoken-validation</artifactId>
 			<version>${webeid.version}</version>
 		</dependency>

src/main/java/eu/webeid/example/security/WebEidAuthentication.java

@@ -38,7 +38,7 @@ public class WebEidAuthentication extends PreAuthenticatedAuthenticationToken im
 
     public static Authentication fromCertificate(X509Certificate userCertificate, List<GrantedAuthority> authorities) throws CertificateEncodingException {
         final String principalName = getPrincipalNameFromCertificate(userCertificate);
-        final String idCode = Objects.requireNonNull(CertificateData.getSubjectIdCode(userCertificate));
+        final String idCode = CertificateData.getSubjectIdCode(userCertificate).orElseThrow(NullPointerException::new);
         return new WebEidAuthentication(principalName, idCode, authorities);
     }
 
@@ -53,11 +53,11 @@ private WebEidAuthentication(String principalName, String idCode, List<GrantedAu
 
     private static String getPrincipalNameFromCertificate(X509Certificate userCertificate) throws CertificateEncodingException {
         try {
-            return Objects.requireNonNull(CertificateData.getSubjectGivenName(userCertificate)) + ' ' +
-                    Objects.requireNonNull(CertificateData.getSubjectSurname(userCertificate));
-        } catch (CertificateEncodingException e) {
+            return CertificateData.getSubjectGivenName(userCertificate).orElseThrow(NullPointerException::new) + ' ' +
+                    CertificateData.getSubjectSurname(userCertificate).orElseThrow(NullPointerException::new);
+        } catch (CertificateEncodingException | NullPointerException e) {
             // Organization certificates do not have given name and surname fields.
-            return Objects.requireNonNull(CertificateData.getSubjectCN(userCertificate));
+            return CertificateData.getSubjectCN(userCertificate).orElseThrow(NullPointerException::new);
         }
     }
 

src/main/java/eu/webeid/example/service/SigningService.java

@@ -81,7 +81,7 @@ private HttpSession currentSession() {
      */
     public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentication authentication) throws CertificateException, NoSuchAlgorithmException, IOException {
         X509Certificate certificate = certificateDTO.toX509Certificate();
-        if (!authentication.getIdCode().equals(CertificateData.getSubjectIdCode(certificate))) {
+        if (!authentication.getIdCode().equals(CertificateData.getSubjectIdCode(certificate).orElseThrow(NullPointerException::new))) {
             throw new IllegalArgumentException("Authenticated subject ID code differs from " +
                     "signing certificate subject ID code");
         }

src/main/resources/certs/dev/TestESTEID2025.cer

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAregAwIBAgIUNtXxgsJYFy9r5Opm2j2LcsnZYtkwCgYIKoZIzj0EAwMw
+XTEZMBcGA1UEAwwQVGVzdCBFRUdvdkNBMjAyNTEXMBUGA1UEYQwOTlRSRUUtMTcw
+NjYwNDkxGjAYBgNVBAoMEVpldGVzIEVzdG9uaWEgT8OcMQswCQYDVQQGEwJFRTAe
+Fw0yNDExMDQxMjU5NTVaFw0zOTExMDMxMjU5NTRaMFwxGDAWBgNVBAMMD1Rlc3Qg
+RVNURUlEMjAyNTEXMBUGA1UEYQwOTlRSRUUtMTcwNjYwNDkxGjAYBgNVBAoMEVpl
+dGVzIEVzdG9uaWEgT8OcMQswCQYDVQQGEwJFRTB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABC8Uc5s70j1iWMZNbQyVYpDmwp4Ad5HlQmFB9noY2yBeDKL2KHKQG31SDTbo
+KlBz7JUWsmaxF1Vj6ZkKAwcltO2cBnEU1B5H8hWgk5Un61GZxhX2wPkwJLm7vjyi
+dKmftqOCATcwggEzMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAU4Vbf
+rsSXORfv3goMbOVys4vVchAwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzAChi1o
+dHRwOi8vY3J0LXRlc3QuZWlkcGtpLmVlL3Rlc3RFRUdvdkNBMjAyNS5jcnQwQgYD
+VR0gBDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0dHBzOi8vcmVwb3NpdG9y
+eS10ZXN0LmVpZHBraS5lZTA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY3JsLXRl
+c3QuZWlkcGtpLmVlL3Rlc3RFRUdvdkNBMjAyNS5jcmwwHQYDVR0OBBYEFO7ylT+M
+svxRnoTm5l6EEX5CuiA2MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBl
+AjEA3qECw4GIfbeoC5cFhtiPJRfFlzsjRGVBtQTH6DNbZsm+EF6Gc28/iZFX1H6n
+UTRlAjAiwooqEyVbxA1KqT6PwVl1BXNbF59j6MaiNR43dYeJxrdOnxleR50EVdIC
+DJFEm2E=
+-----END CERTIFICATE-----

src/main/resources/certs/prod/ESTEID2025.cer

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDzCCApagAwIBAgIUUFQrcGtK7/jCP+GyAOTPvbglGlcwCgYIKoZIzj0EAwMw
+WDEUMBIGA1UEAwwLRUVHb3ZDQTIwMjUxFzAVBgNVBGEMDk5UUkVFLTE3MDY2MDQ5
+MRowGAYDVQQKDBFaZXRlcyBFc3RvbmlhIE/DnDELMAkGA1UEBhMCRUUwHhcNMjUw
+NTA3MTMyMDA3WhcNNDAwNTAzMTMyMDA2WjBXMRMwEQYDVQQDDApFU1RFSUQyMDI1
+MRcwFQYDVQRhDA5OVFJFRS0xNzA2NjA0OTEaMBgGA1UECgwRWmV0ZXMgRXN0b25p
+YSBPw5wxCzAJBgNVBAYTAkVFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdSEmb1An
+xN7G22CCEQ3ts2YZNieTUZP4Vc4iObhmL/um4EXkiA4HgyCiR5T6olKAEkPdxFBs
+fmcLoPN+TmBO8ZpLGEqy1Vwf59ahDW7dQiLXTIAEiGCoXSWI9MvtHDZ2o4IBIDCC
+ARwwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBSqgKibD7tLpn7FAvRy
+zSzxpSnZtzBABggrBgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly9jcnQu
+ZWlkcGtpLmVlL0VFR292Q0EyMDI1LmNydDA9BgNVHSAENjA0MDIGBFUdIAAwKjAo
+BggrBgEFBQcCARYcaHR0cHM6Ly9yZXBvc2l0b3J5LmVpZHBraS5lZTA1BgNVHR8E
+LjAsMCqgKKAmhiRodHRwOi8vY3JsLmVpZHBraS5lZS9FRUdvdkNBMjAyNS5jcmww
+HQYDVR0OBBYEFJLAOLC4NhJo9crtZu5HKohtpo3oMA4GA1UdDwEB/wQEAwIBBjAK
+BggqhkjOPQQDAwNnADBkAjANipgLQqdM985dSFZfKvU9A7Sz2YdmmUSZBxu0lL7Q
+XKzqa0ZDyXmf03NPLNAC6dICMBQiROZbLoPezO9LDl847UbENx85hloLlzweWjqP
+rY++Xj8FjCD1C9hnblsVgj3XAA==
+-----END CERTIFICATE-----