open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
72 stars 39 forks source link

New estonian ID card support #55

Closed vadimkim closed 5 years ago

vadimkim commented 6 years ago

is it already implemented?

naare commented 6 years ago

We have not identified any problems in Digidoc4j 2.x in regards of new Estonian ID card. If you have specific use cases that do not work, then we are open to investigate.

vadimkim commented 5 years ago

New estonian ID card is using new OCSP responder. Digidoc4j does not contain aia.demo.sk.ee or aia.sk.ee provider configuration. Digidoc4j is not able to get responder URI dynamically from certificate as well. Instead it takes it from hard-coded configuration parameter "OcspSource". Together with "well known problem" that I have already reported this leads to situation where 2.x library can only verify either new or old certificate, but not both.

naare commented 5 years ago

The old SK OCSP RESPONDER 2011 works perfectly fine with new Estonian ID cards, so its possible to go on as is. You need to keep using it, if you want to create TimeMark based containers (LT_TM). But you are correct, AIA OCSP gives some additional opportunities on making ASICE containers. These use cases are planned in future releases.

vadimkim commented 5 years ago

Thanks for the hint, @naare. I will try to use OCSP 2011 with LT_TM profile.

naare commented 5 years ago

DD4J version 3.1.0 will include AIA OCSP handling.

naare commented 5 years ago

DD4J 3.1.0 is released