Changelog

File-Exchange on MacOS has limited the access towards files for services. This means for MacOS packages the File-Exchange does not have access to the following folders and it's subfolders:

• Documents

• Downloads

• Pictures

• Movies

• Music

Folders such as the following still have access:

• Applications

• User's Home folder (self created folders) with exclusion of the first list

The reason of this restriction from Apple can be found in there release notes here under the section Launch Daemons and Agents

v3.4.10

Proxy v3.3.2

Bug

• The KeySign proxy develop installer is packaged with the wrong SSL keystore

• The proxy keeps opening a UAC window at startup

API v3.4.10

Bug

• Eherkenning - Wrong error message : Failed to log the user in the session

Component	Version
Proxy	v3.3.2
JavaScript	v3.4.2

V3.4.9

Component	Version
Proxy	v3.3.1
JavaScript	v3.4.2

Bug

• Pin Obfuscation not working for all modules

• Download type with implicit type creation used wrong path

• Windows launching the API in a localAppData folder with a user which holds a & fails in Windows

• Airbus selects wrong Non-Repudiation cert

Story

• base64 encode the PIN before sending it to the API

V3.4.8

Component	Version
Proxy	v3.3.1
JavaScript	v3.4.0

Bug

MacOS File exchange private folder should not be allowed to be used as the OS prevents the use of these folders

V3.4.7

Component	Version
Proxy	v3.3.1
JavaScript	v3.4.0

Bug

• PKCS11 module error codes arent mapped correctly

• Update the Eherkenning module to allow non hashed data for signatures

• Certinomis Wrong pin returns incorrect error response

Story

• Chambersign token integration

V3.4.6

This release contains a known bug with Luxid, this will be patched in a upcoming release.

Component	Version
Proxy	v3.3.1
JavaScript	v3.4.0

API

Bug

• Certinomis integration with official middleware version

V3.4.5

This release contains a known bug with Luxid, this will be patched in a upcoming release.

Component	Version
Proxy	v3.3.1
JavaScript	v3.4.0

API

Bug

• macOS pin entry popup remains open after timeout

• WIN - The sandbox is not able to register to the api

Story

• I want to enable module for Certinomis

• Migrate certigna integration with the latest token

V3.4.4

This release contains a known bug with Luxid, this will be patched in a upcoming release.

Component	Version
Proxy	v3.3.1
JavaScript	v3.3.0

API

Bug

• Download file - folder creation is not correct

V3.4.3

This release contains a known bug with Luxid, this will be patched in a upcoming release.

Component	Version
Proxy	v3.3.1
JavaScript	v3.3.0

API

Bug

• Windows users with spaces cause proxy init script to not work

V3.4.2

This release contains a known bug with Luxid, this will be patched in a upcoming release.

Component	Version
Proxy	v3.3.1
JavaScript	v3.3.0

API

Bug

• MAC - Sandbox not running on macos high sierra

• Sandbox restart mechanism spawns mutiple functioning sandboxes but doesnt wait for the port registration

• MAC - sandbox not working on macos big sur

Story

• Update retry mechanism to restart the sandbox after a failure

V3.4.1

This release contains a known bug with Luxid, this will be patched in the upcoming.

Component	Version
Proxy	v3.3.1
JavaScript	v3.3.0

Proxy v3.3.1

Bug

• Trust1Connector in shared environment fails to register towards Proxy

• Usernames with spaces cannot consent

• play.pid file prohibits play api to start after reboot

API

Bug

• Sandbox is unable to retrieve usernames with special characters

• Create type with initial path keeps adding // at the beginning of the path

• Issue signing with eHerkenning token

• Stop T1C components script in shared environments stops for all users

• Trust1Connector in shared environment fails to register towards Proxy

• Usernames with spaces cannot consent

• play.pid file prohibits play api to start after reboot

Improvement

• Provide DNS Signed certificate to avoid DNS resolve issues

V3.4.0

This release contains a known bug with Luxid, this will be patched in the upcoming.

Component	Version
Proxy	v3.3.0
JavaScript	v3.3.0

API

Bug

• Update Sandbox http ports to not interfere excluded ports

• File-exchange download does not overwrite the file if its already present.

• ListTypeContent on C folder throws an error because there is a hidden/swapfile already in use

• CreateType adds an extra / at the start of the path

• When the Machine restart the API runs on a different port. This causes the consent to not be valid anymore

• CreateType and UpdateType do not show a modal from the proposed folder

• E-Herkenning module signing and authentication is not working anymore

Story

• Sandbox must start on a free port and register itself towards the API

V3.3.3

Component	Version
Proxy	v3.3.0
JavaScript	v3.3.0

API

Story

• Algorithm reference should be optional and be preslected the best algorithm if not presented

• Added the system's current epoch timestamp to the expired JWT error message

• Add cache headers to responses to prevent browser caching issues

V3.3.2

Component	Version
Proxy	v3.3.0
JavaScript	v3.3.0

API

Bug

• Beid v1.8 sign sometimes added the LE

V3.3.1

Component	Version
Proxy	v3.3.0
JavaScript	v3.3.0

API

Bug

• Return interface to previous state to prevent breaking applications

Story

• Trust1Connector API should be able to connect to the DS in a proxy network

V3.3.0

Dependencies

Component	Version
Proxy	v3.3.0
JavaScript	v3.2.13

API

Story

• I want to enable module for Airbus

• A new version of the trust1connector should have an update option in the MSI

• Make synchronization schedule 15 minute interval occur not at the start of hour, but from startup

Bug

• Update certificate model to correctly handle multiple certificates

Proxy

Story

• Make synchronization schedule 15 minute interval occur not at the start of hour, but from startup

v3.2.8

Beid 1.8 has different algorithms compared to 1.7. In a future release the Trust1Connector will merge these so the same values can be used for 1.7 and 1.8

Dependencies

Component	Version
Proxy	v3.2.7
JavaScript	v3.2.12

API

Bug

• Log file for Sandbox-windows should be saved to the Log folder

• Entity and Type return same error code for not found and already exists

• Decryption of pin should not be blocking initialisation or any pin use-case

• Pkcs11 module and os dialog return decryption error

Story

• I want to enable the module for BeID 1.8

• Integration jcop3

v3.2.7

Dependencies

Component	Version
Proxy	v3.2.7
JavaScript	v3.2.12

Proxy

Bug

• Error handler does not build the Error-code correctly

API

Bug

• Rawprint module returns error when executing print request

• Rawprint OpenAPI specification contains model error

• T1C Api returns 404 instead of 503 when the GRPC server is not available

• Return appropriate http status code 503 when the sandbox service is unavailable instead of 404

• Client errors do not return a valid error-code

Story

• Configure the memory and disk buffers to accept file uploads up to 50Mb

• File download in file exchange should support multipart form-data

v3.2.6

Dependencies

Component	Version
Proxy	v3.2.6
JavaScript	v3.2.10

Bug

• Chambersign can only be used when installation done with admin rights

• Log files build up after time which takes a lot of space on the hard disk after a while

• Remoteloading split Tx, RX and SW was only present in TX value

Story

• I want to enable the module for Chambersign

• I want to enable the module for Certigna

• The Trust1Connector API/Proxy should support wildcards in its CORS whitelist

• Rotate the logs on a time- and size-based policy

v3.2.5

Dependencies

Component	Version
Proxy	v3.2.3
JavaScript	v3.2.9

Bug

• Updatable Trust1Connector does not trigger an OS dialog

• Application names with spaces cause issues application lifecycle management

• Entity and type response object inconsistency

• Sandbox does not start when system boots without internet connection available

• Remoteloading split TX, RX and SW value based on APDU response

Story

• T1C API endpoint to prolong the consent cookie

• Update error codes of the proxy so they do not interfere with the error codes of the regular API

• Align error codes returned from the sandbox service with the API

• Integrate the printer driver

• Use Device certificate to encrypt the pin value sent in clear text

• Change the JWE communication from headers to request body in order to prevent header size limit errors

• Include memory management for the Java process spawned by the OS

• I want to enable the module for Chambersign

• I want to enable the module for Certigna

• I want to enable the module for eHerkenning

• I want to enable module for Print Writer

v3.2.4

Dependencies

Component	Version
Proxy	v3.2.2
JavaScript	v3.2.8

Bug

• Resetting the bulk pin does not remove the pin from the cache

v3.2.3

Dependencies

Component	Version
Proxy	v3.2.2
JavaScript	v3.2.8

Bug

• T1C does not work with FireFox

• when the pkcs11 is not initialized correctly in sandbox, calling directly the other functions, sandbox crashes

• Some EMV cards return 'beid' as suggested module

• Packaging automatic file recognition in Wix adds admin registry key entries to the installer for included DLL files

Story

• Provide a eHerkenning module for NL

• Integration of the eHerkenning (NL) PKCS11 module in Token Interface

• As an integrator I want errors to be consistent, clear and comprehensive

• Integrate remote loading module

v3.2.2

Dependencies

Component	Version
Proxy	v3.2.2
JavaScript	v3.2.8

Bug

• Remove v2.4.3 from T1C-lib-JS repository

• Crelan signing fails when data is different from 16 byte hex string

• Diplad sign operation fails when using specific Crelan reader

• The sandbox does not recover when using branded/custom package installers

• Allow bulk sign - does not work in JS

• Diplad description - verified but was already fixed in 3.2.1

• The T1C-API only syncs the cors list at startup, not during scheduled sync

Improvement

• Provide separate implementation for Belgian eID with Crelan reader

Story

• Skip CORS when running in develop mode

• Log output of shared environment initialisation script to file

v3.2.1

Dependencies

Component	Version
Proxy	v3.2.1
JavaScript	v3.2.8

Bug

• Diplad card description in get readers response not aligned with v2

• Diplad card crashes/does not work with cards with 1 revoked non-repudiation certificate and 1 additional valid non-repuditation certificate

• Reset Bulk Pin method in JS SDK returns a 404

• Crelan signing fails in sandbox

• serialnumber wrong mapping in pkcs11 objects

• no session flag found in input parameters when fetching certificates with PKCS11 objects

• Bulk sign query parameter encoding in JS SDK is wrong

Story

• As a T1C-API service I want to my pid handling more robust

• Update PKCS11 objects token information with mechanism information

v3.2.0

Dependencies

Component	Version
Proxy	v3.2.0
JavaScript	v3.2.8

Bug

• Diplad signing operator implicit deleted error. Makes GRPC crash

• Fix typo error in open-api yaml specification

• Registration shuts down Trust1Connector

• Update openapi yaml with pkcs11 objects endpoints

• Providing the pin popup with an invalid pin simply reopens the pin popup for another try

• Canceling pin causes the pin popup to reappear

• Pin input timeout on Windows crashes the dialog windows and terminates sandbox

• "issuer" property of T1C-API token biometric data is not present in JS SDK

• Compile MacOS version of T1C-Sandbox post upgrade cmake 2019

• Fix LuxID issues after recompilation with VS 2019

• Bulk signing with card with PACE layer does not temporarily store the PACE info

• Reset Bulk PIN endpoint should be a POST request to avoid caching issues

• openPinDialog crashes when called after previous request timed out

Improvement

• Add images & logo's to the Windows installer

• Implement authentication in JWT + Document with example

• Remove grpc port from config in JS

Story

• As an integrator I want to have the Wacom functionality in REST available

• Integrate Wacom JS SDK

• As a developer, I want JWT's to be validated in the proxy

• Windows installer includes the firewall settings upfront

• Pkcs11 Custom exception handling

• As a developer I want the T1C SDK to be provided as an NPM package

• Parse certificates in the Trust1Connector JS so we can provide detailed info about the certificate

• Update proxy with h2 database

• Reduce the size of the shared environment intialisation JAR

• Integrate Crelan in T1C JS SDK

• Enable Diplad in JS module factory

• Allow manual trigger of registration and synchronization

• Use a stable unique identifier as device id

• Make use of Java11 LTS as packaged JRE

v3.1.4

Bug

• File digests config doesn't take the path differences between Mac OS and Windows into account

• PKCS11 configuration cookie cannot be created on Windows devices

• PKCS11 returns null pointer exception when no pin is provided

• Unresolved address excpetion when the Trust1Connector is installed or started without internet connection

Story

• As an end user I can use RMC with the new T1C v3 for the belgian eID and the file exchange

• Windows installers are signed with the Trust1Team certificate

• All endpoints communicating with smardcards/tokens/... need to be protected by means of JWT

• Support for silent install on Win Platforms

• Remove sensitive system info from API & Proxy exposed on /info endpoint

• Remove from API & Proxy the temp folder path on the /info

• Provide the possibility to use PKCS11 objects instead of keystores

• Integrate PKCS11 container in the sandbox-service

• Maintain a transaction log with labels

• Ability to do bulk signing with the generic token interface

v3.1.3

Bug

• PKCS11 SlotId in config issue

• Fileexchange when canceling file or directory dialogs, no error is thrown but an empty path is returned

• Catch errors with regards to the GRPC service nog being running

• File IO needs to check if access rights for file are fulfilled otherwise return 803

• Fileexchange v2 recovery failed due to wrong encoding

• T1C JS SDK fix typo for responseObject info endpoint

• Typescript typings are conflicting with eachother (generics)

• T1C SDK pkcs11generic slots should be numbers instead of strings

Story

• Cookie implementation for the Trust1Connector JS SDK in shared environments

v3.1.2

Bug

• check fileexchange file/directory access rights before executing the command

• After reinstallation the v3.0.1 of the t1c api config defines its running in a shared environment but there are no other instances running on the machine

• When no connector is installed no valid error code is returned in JS

• Play.pid blocking reinstallation of Trust1Connector API

Task

• Move file location of the T1C v3 file-exchange config to the new folder structure instead of using the old folder structure

Story

• Audit logging for tampering checks in the Trust1Connector

• Configure logging for T1C-API

• Keep audit record for lifecycle changes T1C-API (restart sandbox, ...)

• As an integrator I want to have the RemoteLoading functionality in REST available

• Keep DS logs for 1 year

• As the Trust1Connector I want the Sandbox to have an automatic recovery when an unexpected shutdown happens

• Add parameter validation to each endpoint which requires it