Changelog
File-Exchange on MacOS has limited the access towards files for services. This means for MacOS packages the File-Exchange does not have access to the following folders and it's subfolders:
Documents
Downloads
Pictures
Movies
Music
Folders such as the following still have access:
Applications
User's Home folder (self created folders) with exclusion of the first list
The reason of this restriction from Apple can be found in there release notes here under the section Launch Daemons and Agents
v3.4.10
Proxy v3.3.2
Bug
The KeySign proxy develop installer is packaged with the wrong SSL keystore
The proxy keeps opening a UAC window at startup
API v3.4.10
Bug
Eherkenning - Wrong error message : Failed to log the user in the session
V3.4.9
Bug
Pin Obfuscation not working for all modules
Download type with implicit type creation used wrong path
Windows launching the API in a localAppData folder with a user which holds a & fails in Windows
Airbus selects wrong Non-Repudiation cert
Story
base64 encode the PIN before sending it to the API
V3.4.8
Bug
MacOS File exchange private folder should not be allowed to be used as the OS prevents the use of these folders
V3.4.7
Bug
PKCS11 module error codes arent mapped correctly
Update the Eherkenning module to allow non hashed data for signatures
Certinomis Wrong pin returns incorrect error response
Story
Chambersign token integration
V3.4.6
This release contains a known bug with Luxid, this will be patched in a upcoming release.
API
Bug
Certinomis integration with official middleware version
V3.4.5
This release contains a known bug with Luxid, this will be patched in a upcoming release.
API
Bug
macOS pin entry popup remains open after timeout
WIN - The sandbox is not able to register to the api
Story
I want to enable module for Certinomis
Migrate certigna integration with the latest token
V3.4.4
This release contains a known bug with Luxid, this will be patched in a upcoming release.
API
Bug
Download file - folder creation is not correct
V3.4.3
This release contains a known bug with Luxid, this will be patched in a upcoming release.
API
Bug
Windows users with spaces cause proxy init script to not work
V3.4.2
This release contains a known bug with Luxid, this will be patched in a upcoming release.
API
Bug
MAC - Sandbox not running on macos high sierra
Sandbox restart mechanism spawns mutiple functioning sandboxes but doesnt wait for the port registration
MAC - sandbox not working on macos big sur
Story
Update retry mechanism to restart the sandbox after a failure
V3.4.1
This release contains a known bug with Luxid, this will be patched in the upcoming.
Proxy v3.3.1
Bug
Trust1Connector in shared environment fails to register towards Proxy
Usernames with spaces cannot consent
play.pid file prohibits play api to start after reboot
API
Bug
Sandbox is unable to retrieve usernames with special characters
Create type with initial path keeps adding // at the beginning of the path
Issue signing with eHerkenning token
Stop T1C components script in shared environments stops for all users
Trust1Connector in shared environment fails to register towards Proxy
Usernames with spaces cannot consent
play.pid file prohibits play api to start after reboot
Improvement
Provide DNS Signed certificate to avoid DNS resolve issues
V3.4.0
This release contains a known bug with Luxid, this will be patched in the upcoming.
API
Bug
Update Sandbox http ports to not interfere excluded ports
File-exchange download does not overwrite the file if its already present.
ListTypeContent on C folder throws an error because there is a hidden/swapfile already in use
CreateType adds an extra / at the start of the path
When the Machine restart the API runs on a different port. This causes the consent to not be valid anymore
CreateType and UpdateType do not show a modal from the proposed folder
E-Herkenning module signing and authentication is not working anymore
Story
Sandbox must start on a free port and register itself towards the API
V3.3.3
API
Story
Algorithm reference should be optional and be preslected the best algorithm if not presented
Added the system's current epoch timestamp to the expired JWT error message
Add cache headers to responses to prevent browser caching issues
V3.3.2
API
Bug
Beid v1.8 sign sometimes added the LE
V3.3.1
API
Bug
Return interface to previous state to prevent breaking applications
Story
Trust1Connector API should be able to connect to the DS in a proxy network
V3.3.0
Dependencies
API
Story
I want to enable module for Airbus
A new version of the trust1connector should have an update option in the MSI
Make synchronization schedule 15 minute interval occur not at the start of hour, but from startup
Bug
Update certificate model to correctly handle multiple certificates
Proxy
Story
Make synchronization schedule 15 minute interval occur not at the start of hour, but from startup
v3.2.8
Beid 1.8 has different algorithms compared to 1.7. In a future release the Trust1Connector will merge these so the same values can be used for 1.7 and 1.8
Dependencies
API
Bug
Log file for Sandbox-windows should be saved to the Log folder
Entity and Type return same error code for not found and already exists
Decryption of pin should not be blocking initialisation or any pin use-case
Pkcs11 module and os dialog return decryption error
Story
I want to enable the module for BeID 1.8
Integration jcop3
v3.2.7
Dependencies
Proxy
Bug
Error handler does not build the Error-code correctly
API
Bug
Rawprint module returns error when executing print request
Rawprint OpenAPI specification contains model error
T1C Api returns 404 instead of 503 when the GRPC server is not available
Return appropriate http status code 503 when the sandbox service is unavailable instead of 404
Client errors do not return a valid error-code
Story
Configure the memory and disk buffers to accept file uploads up to 50Mb
File download in file exchange should support multipart form-data
v3.2.6
Dependencies
Bug
Chambersign can only be used when installation done with admin rights
Log files build up after time which takes a lot of space on the hard disk after a while
Remoteloading split Tx, RX and SW was only present in TX value
Story
I want to enable the module for Chambersign
I want to enable the module for Certigna
The Trust1Connector API/Proxy should support wildcards in its CORS whitelist
Rotate the logs on a time- and size-based policy
v3.2.5
Dependencies
Bug
Updatable Trust1Connector does not trigger an OS dialog
Application names with spaces cause issues application lifecycle management
Entity and type response object inconsistency
Sandbox does not start when system boots without internet connection available
Remoteloading split TX, RX and SW value based on APDU response
Story
T1C API endpoint to prolong the consent cookie
Update error codes of the proxy so they do not interfere with the error codes of the regular API
Align error codes returned from the sandbox service with the API
Integrate the printer driver
Use Device certificate to encrypt the pin value sent in clear text
Change the JWE communication from headers to request body in order to prevent header size limit errors
Include memory management for the Java process spawned by the OS
I want to enable the module for Chambersign
I want to enable the module for Certigna
I want to enable the module for eHerkenning
I want to enable module for Print Writer
v3.2.4
Dependencies
Bug
Resetting the bulk pin does not remove the pin from the cache
v3.2.3
Dependencies
Bug
T1C does not work with FireFox
when the pkcs11 is not initialized correctly in sandbox, calling directly the other functions, sandbox crashes
Some EMV cards return 'beid' as suggested module
Packaging automatic file recognition in Wix adds admin registry key entries to the installer for included DLL files
Story
Provide a eHerkenning module for NL
Integration of the eHerkenning (NL) PKCS11 module in Token Interface
As an integrator I want errors to be consistent, clear and comprehensive
Integrate remote loading module
v3.2.2
Dependencies
Bug
Remove v2.4.3 from T1C-lib-JS repository
Crelan signing fails when data is different from 16 byte hex string
Diplad sign operation fails when using specific Crelan reader
The sandbox does not recover when using branded/custom package installers
Allow bulk sign - does not work in JS
Diplad description - verified but was already fixed in 3.2.1
The T1C-API only syncs the cors list at startup, not during scheduled sync
Improvement
Provide separate implementation for Belgian eID with Crelan reader
Story
Skip CORS when running in develop mode
Log output of shared environment initialisation script to file
v3.2.1
Dependencies
Bug
Diplad card description in get readers response not aligned with v2
Diplad card crashes/does not work with cards with 1 revoked non-repudiation certificate and 1 additional valid non-repuditation certificate
Reset Bulk Pin method in JS SDK returns a 404
Crelan signing fails in sandbox
serialnumber wrong mapping in pkcs11 objects
no session flag found in input parameters when fetching certificates with PKCS11 objects
Bulk sign query parameter encoding in JS SDK is wrong
Story
As a T1C-API service I want to my pid handling more robust
Update PKCS11 objects token information with mechanism information
v3.2.0
Dependencies
Bug
Diplad signing operator implicit deleted error. Makes GRPC crash
Fix typo error in open-api yaml specification
Registration shuts down Trust1Connector
Update openapi yaml with pkcs11 objects endpoints
Providing the pin popup with an invalid pin simply reopens the pin popup for another try
Canceling pin causes the pin popup to reappear
Pin input timeout on Windows crashes the dialog windows and terminates sandbox
"issuer" property of T1C-API token biometric data is not present in JS SDK
Compile MacOS version of T1C-Sandbox post upgrade cmake 2019
Fix LuxID issues after recompilation with VS 2019
Bulk signing with card with PACE layer does not temporarily store the PACE info
Reset Bulk PIN endpoint should be a POST request to avoid caching issues
openPinDialog crashes when called after previous request timed out
Improvement
Add images & logo's to the Windows installer
Implement authentication in JWT + Document with example
Remove grpc port from config in JS
Story
As an integrator I want to have the Wacom functionality in REST available
Integrate Wacom JS SDK
As a developer, I want JWT's to be validated in the proxy
Windows installer includes the firewall settings upfront
Pkcs11 Custom exception handling
As a developer I want the T1C SDK to be provided as an NPM package
Parse certificates in the Trust1Connector JS so we can provide detailed info about the certificate
Update proxy with h2 database
Reduce the size of the shared environment intialisation JAR
Integrate Crelan in T1C JS SDK
Enable Diplad in JS module factory
Allow manual trigger of registration and synchronization
Use a stable unique identifier as device id
Make use of Java11 LTS as packaged JRE
v3.1.4
Bug
File digests config doesn't take the path differences between Mac OS and Windows into account
PKCS11 configuration cookie cannot be created on Windows devices
PKCS11 returns null pointer exception when no pin is provided
Unresolved address excpetion when the Trust1Connector is installed or started without internet connection
Story
As an end user I can use RMC with the new T1C v3 for the belgian eID and the file exchange
Windows installers are signed with the Trust1Team certificate
All endpoints communicating with smardcards/tokens/... need to be protected by means of JWT
Support for silent install on Win Platforms
Remove sensitive system info from API & Proxy exposed on /info endpoint
Remove from API & Proxy the temp folder path on the /info
Provide the possibility to use PKCS11 objects instead of keystores
Integrate PKCS11 container in the sandbox-service
Maintain a transaction log with labels
Ability to do bulk signing with the generic token interface
v3.1.3
Bug
PKCS11 SlotId in config issue
Fileexchange when canceling file or directory dialogs, no error is thrown but an empty path is returned
Catch errors with regards to the GRPC service nog being running
File IO needs to check if access rights for file are fulfilled otherwise return 803
Fileexchange v2 recovery failed due to wrong encoding
T1C JS SDK fix typo for responseObject info endpoint
Typescript typings are conflicting with eachother (generics)
T1C SDK pkcs11generic slots should be numbers instead of strings
Story
Cookie implementation for the Trust1Connector JS SDK in shared environments
v3.1.2
Bug
check fileexchange file/directory access rights before executing the command
After reinstallation the v3.0.1 of the t1c api config defines its running in a shared environment but there are no other instances running on the machine
When no connector is installed no valid error code is returned in JS
Play.pid blocking reinstallation of Trust1Connector API
Task
Move file location of the T1C v3 file-exchange config to the new folder structure instead of using the old folder structure
Story
Audit logging for tampering checks in the Trust1Connector
Configure logging for T1C-API
Keep audit record for lifecycle changes T1C-API (restart sandbox, ...)
As an integrator I want to have the RemoteLoading functionality in REST available
Keep DS logs for 1 year
As the Trust1Connector I want the Sandbox to have an automatic recovery when an unexpected shutdown happens
Add parameter validation to each endpoint which requires it
Last updated