Released on 7th August 2018

Technical Requirement

ECA-6978 - Implement Rest conventions

ECA-7022 - Specify license information for swagger dependencies

Bug

ECA-3298 - One Junit failure on DB2

ECA-4729 - getRequestServerName with ejbca behind a reverse proxy via ajp returns wrong server name

ECA-5416 - SoftCryptoToken used for database protection always debug logs stacktrace about PKCS12 keystore password

ECA-6292 - Common PKI CertHash OCSP extension should be a singleExtension instead of a responseExtension

ECA-6654 - PublicCryptoToken can't be used for database protection verification

ECA-6763 - EJB CLI still logs too much irrelevant info

ECA-6774 - Fix the active status logo in internal key binding.

ECA-6848 - Regression: 'Provide request info' hidden when only 'Select key algorithm' should be

ECA-6862 - CertificateDataSessionBean.findUsernameByIssuerDnAndSerialNumber declared final

ECA-6869 - Upgrade code for 6.11 creates access rules that are not normalized

ECA-6880 - fix unit tests for Commuity MariaDB+ubuntu+JBOSS711GA configuration

ECA-6887 - Return value for rejected approvals in EjbcaWS.getRemainingNumberOfApprovals(int) is incorrect

ECA-6895 - Refine behavior of ApprovalSessionBean.getRemainingNumberOfApprovals(int)

ECA-6901 - Handle non-DNs gracefully in CertTools.isDNReversed

ECA-6923 - Missed slashes in documentation links

ECA-6947 - Validator view not refreshed, editing Validators modifies cache content

ECA-6950 - Documentation: Custom certificate extension data link broken

ECA-6951 - Documentation links on Admin GUI overview page broken

ECA-6959 - Cache CA name lookup in RoleMembers page view scope

ECA-6997 - Database upgrade version comparison does not handle varying number if fields

ECA-7000 - Improve isFullQualifiedDomainName

ECA-7001 - ExternalCommandCertificateValidator handles stdout and stderr incorrectly

ECA-7004 - Public key blacklist validator fails match on RSA keys when not all algorithms are specified in validator

ECA-7014 - External Command Certificate Validator should fail on non-zero exit code

ECA-7015 - The enum constant UNKNOWN needs a corresponding case label in this enum switch

ECA-7016 - Unlikely argument problems in ACME implementation

ECA-7027 - WS API documentation has wrong URL

ECA-7031 - Documentation Link broken for 'Manage Publishers'

ECA-7040 - Regression: External RA (polling) does not work for Keystore Requests

ECA-7043 - Upgrade with long version number can fail

ECA-7057 - Fix documentation link from Public Web

ECA-7063 - Peer connector settings are not saved when creating a new peer connector

ECA-7078 - Jenkins builds failure for test EjbcaWSCVCTest

ECA-7079 - Jenkins builds failure for SystemTests of REST API

ECA-7080 - Jenkins builds failure for AcmeWorkflowTest of ACME

ECA-7083 - CaaValidator always succeeds when the domain ignore list matches

ECA-7084 - Fix Jenkins test error: Non unique method in RA Master API

ECA-7085 - Some JUnit tests don't run

ECA-7086 - Regression: Help labels and at least one option is gone from the CAA Validator

ECA-7088 - some REST-related unit tests are failing in EJBCA_TRUNK_UNIT_PUPPET

ECA-7090 - Swagger inputs in snakecase are not evaluated in REST method input

ECA-7094 - Error "Can't reset to root in the middle of the path" during `ant install` on JBoss ≥6.4.19

ECA-7099 - CRL generation as CRL Issue interval can miss some intervals

ECA-7100 - Revocation CA lookup for nonConflictingCertificateData does not use normalized DN format

ECA-7101 - EjbcaWS.getProfile leaks information about CA's and EEPs

ECA-7108 - X509CA.upgrade could upgrade CA Overlap Time wrong from ancient version

ECA-7111 - Troubleshooting missing from documentation

ECA-7112 - Fix test failure EndEntityProfileSessionBeanTest.testAuthorization

ECA-7115 - WS customLog call calculates CA ID wrong if caName is missing

ECA-7116 - WS customLog call swaps username and admin certificate parameters in log

ECA-7140 - Ignore Top Level Domains field in CAA Validators no longer work

ECA-7141 - orm entry for AcemNonceData incorrect for PostgreSQL

ECA-7142 - Documentation Link broken for under OcspKeyBinding Tab

ECA-7144 - RaMasterApi dispatches non-serializable objects

ECA-7145 - Invalid error handling for EjbcaWS.getProfile (remote)

ECA-7148 - Jenkin's job EJBCA_TRUNK_UNIT_PUPPET compilation failure

ECA-7149 - Jenkins job EJBCA_TRUNK_UNIT_PUPPET has failing unit test of RsaKeyValidatorTest.testRocaWeakKeys

ECA-7150 - Regression ejbca-db-cli crashes with ClassNotFoundException: AcmeNonceData

ECA-7155 - Manage ACME Aliases is linking to SCEP documentation

ECA-7157 - Fields notBefore and notAfter in the order object are optional

ECA-7158 - HEAD endpoint for new-order is missing and required for certbot compliance

ECA-7159 - REST API /expire offset and maxNumberofResults doesn't work on multiple nodes

ECA-7160 - HEAD endpoint for new-account is missing and required for certbot compliance

ECA-7167 - Regression: Cannot generate keystore with autogenerated password from RA

ECA-7173 - ConcurrentModificationException while editing end entity with custom, dynamic, extensions

ECA-7176 - Regression: RA Web upload CSR auto-parsing stopped working

ECA-7179 - Regression: RA Web cleanup deletes existing end entity

ECA-7180 - NPE in ProfileAndTraceInterceptor

ECA-7181 - CertBot fails due to null values in JSON

ECA-7182 - ACME Link headers are not encoded according to the standard

ECA-7183 - Fix ACME notAfter validation failure

ECA-7184 - Check for incorrect approval settings for ACME CA/profile fails

ECA-7192 - ziprelease excludes configdump.sh from release zip

New Feature

ECA-5711 - RA API call base for ACME

ECA-6750 - System tests: VA Publisher with Throwaway certs

ECA-6845 - Fixing unittests EJBCA_TRUNK_MARIADB_RHEL64_JBOSSEAP64_OPENJDK8 Jenkins build

ECA-6851 - Create automated test for ECAQA-3

ECA-6853 - Add Peer RA Protocol Rule for SCEP

ECA-6854 - Create automated test for ECAQA-76

ECA-6858 - Create automated test for ECAQA-67

ECA-6867 - Create automated test for ECAQA-24

ECA-6868 - Create automated test for ECAQA-62

ECA-6874 - Create module for REST API

ECA-6876 - Implement client certificate authentication for REST API

ECA-6878 - REST API call: List of CAs

ECA-6882 - Create JAXRS "certificate" endpoint in ejbca-rest-api module

ECA-6891 - POST service endpoint to certificatecontroller for requesting new server certificate

ECA-6893 - ACME: Implement dns-01 validation method

ECA-6896 - Create automated test for ECAQA-42

ECA-6897 - Create automated test for ECAQA-8

ECA-6898 - User documentation REST API

ECA-6902 - Create REST service for downloading CA certificates

ECA-6903 - REST method for revoking a certificate

ECA-6904 - GET method to get certificates that are about to expire

ECA-6934 - Add RA proxying of EjbcaWS.findUser(UserMatch) and EjbcaWS.editUser(UserDataVOWS)

ECA-6937 - Create a common exception handler for the REST API

ECA-6941 - Add Swagger to the REST API

ECA-6942 - Create automated test for ECAQA-74

ECA-6944 - Create automated test for ECAQA-28

ECA-6948 - Use HEX serial number as identifier in the REST API

ECA-6953 - REST Json provider configuration

ECA-6954 - REST exceptions cleanup

ECA-6955 - REST soft exceptions

ECA-6956 - Create remaining JUnit test for REST

ECA-6957 - REST system tests

ECA-6958 - REST Use profile names as input instead of ID

ECA-6964 - Refactor cert enrollment REST service to do profile and endentity lookups behind RaMasterApi to improve performance

ECA-6970 - Add RA Proxying of EjbcaWS.getAvailableCertificateProfiles

ECA-6971 - Add RA Proxying of EjbcaWS.getAvailableCAsInProfile

ECA-6972 - Add RA proxying to EjbcaWS.processCertReq

ECA-6973 - Add RA proxying to EjbcaWS.cvcRequest

ECA-6974 - Add RA proxying to EjbcaWS.customLog

ECA-6975 - Add RA proxying to EjbcaWS.findCerts

ECA-6982 - Add RA proxying to EjbcaWS.getAuthorizedEndEntityProfiles

ECA-6983 - Add RA proxying to EjbcaWS.getCertificate(String, String)

ECA-6984 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTime

ECA-6985 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTimeAndType

ECA-6986 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTimeAndIssuer

ECA-6987 - Add RA proxying to EjbcaWS.getLastCAChain

ECA-6988 - Add RA proxying to EjbcaWS.getProfile(int, String)

ECA-6989 - Add RA proxying to EjbcaWS. getLatestCRL

ECA-6990 - Add RA proxying to EjbcaWS.getRemainingNumberOfApprovals

ECA-6991 - Add RA proxying to EjbcaWS.isApproved(int)

ECA-6992 - Add RA proxying to EjbcaWS.isAuthorized(int)

ECA-6993 - Add RA proxying to EjbcaWS.pkcs12Req(String, String, String, String, String)

ECA-6994 - Add RA proxying to EjbcaWS.republishCertificate(int)

ECA-6999 - REST endpoint for keystore enrollment

ECA-7007 - REST endpoint to get CRL

ECA-7008 - REST endpoint to search for certificates

ECA-7010 - REST endpoint to check certificate revocation status

ECA-7011 - Start using Converters in REST related response, request and entity classes

ECA-7029 - Link Rest API documentation to the proper place

ECA-7030 - Prevent Swagger exposure in Production

ECA-7032 - Add RA proxying to EjbcaWS.getPublisherQueueLength(String)

ECA-7033 - REST endpoint to finalize enrollment after approval

ECA-7034 - Add RA proxying to EjbcaWS.revokeUser(String, int, boolean)

ECA-7035 - Add CLI command to list publishers

ECA-7038 - Extend EJBCA EJB CLI to allow adding RoleMembers of any supported type

ECA-7039 - Add Cavium Nitrox III as known HSM driver

ECA-7051 - Add protocol configuration for REST

ECA-7052 - Add REST APIs to Peer RA Protocol access rules

ECA-7053 - Add ACME to Peer RA Protocol access rules

ECA-7067 - Add positive audit log messages for all Validation operations

ECA-7076 - REST API - SystemTest - Authorized client requesting a new server certificate

ECA-7077 - REST API - SystemTest - Authorized client revokes a certificate

ECA-7092 - REST API license headers to Enterprise

ECA-7122 - Add RA proxying to EjbcaWS with request local instance first.

ECA-7126 - Add RA Proxying of EjbcaWS.getAvailableCAs

ECA-7127 - Rest APi unit tests are not run in Jenkins

ECA-7156 - Implement CAA identities

ECA-7178 - contacts should not be mandatory for ACME's POST newAccount endpoint

Task

ECA-6861 - Initial prototype of REST API

ECA-6871 - Add Fabiens cmp monitoring script to extras

ECA-6879 - Identification of certificates in REST API

ECA-6890 - Document Wildfly 12 configuration

ECA-6949 - Fix the Jenkins build EJBCA_TRUNK_MARIADB_RHEL64_JBOSSEAP64_OPENJDK8

ECA-7136 - Ensure quality in CAA Validator

ECA-7137 - Ensure quality in REST-API

ECA-7139 - Ensure quality in WS RA-proxying

Improvement

ECA-6090 - Add ability to specify multiple issuers in CAA validator

ECA-6162 - CT log request - optional full hierarchy, full Json request in debug log

ECA-6436 - Ability to set explicit.ecc.publickey.parameters for crypto tokens

ECA-6849 - Simplification of p11 token login (Crypto Token Activation)

ECA-6856 - Use consistent format of library license references

ECA-6863 - Fix easy to fix compiler warnings in Admin GUI classes

ECA-6873 - Improve handling when receiving SCEP getCACaps request for missing CA

ECA-6883 - Refactor X509CAInfo constructors to use build pattern

ECA-6884 - Run Web Tests on windows

ECA-6885 - CMP: add senderKID to responses when they are signed

ECA-6888 - unidfnr.enabled should have a default value

ECA-6892 - Create exhaustive regression tests for ApprovalSessionBean.getRemainingNumberOfApprovals(int)

ECA-6900 - Shift "Contributors" page from ejbca.org into Confluence Documentation

ECA-6905 - ACME draft-12 update: Remove tls-sni-02 and oob-01

ECA-6906 - ACME draft-12 update: Use camelcase instead of dash

ECA-6907 - ACME draft-12 update: New finalize workflow

ECA-6908 - ACME draft-12 update: Update and review all JavaDoc

ECA-6910 - ACME draft-12 update: Remove authz and cert resources "up" Link

ECA-6911 - ACME draft-12 update: newNonce should respond with HTTP 200

ECA-6912 - ACME draft-12 update: Update AcmeAccount creation workflow

ECA-6913 - ACME draft-12 update: Directory meta info should indicate if external account is required

ECA-6914 - ACME draft-12 update: Wildcard certificate issuance

ECA-6915 - ACME draft-12 update: Remove AcmeAuthorization scope

ECA-6916 - ACME draft-12 update: Update AcmeChallenge workflow

ECA-6917 - ACME draft-12 update: Verify response code for wrong content type

ECA-6918 - ACME: AcmeAccount should belong to an AcmeConfiguration

ECA-6920 - ACME persistence: AcmeNonceData

ECA-6922 - ACME draft-06 cleanup: Remove custom JAX-B serialization

ECA-6924 - ACME: Verify certbot compliance

ECA-6926 - ACME: Enable as part of release

ECA-6931 - ACME: Implement the missing calls in RaMasterApi to allow proxy use

ECA-6932 - ACME UI Configuration: GlobalAcmeConfiguration and AcmeConfigurations

ECA-6960 - ACME draft-12 update: Remove authzDeactivate resource "up" Link

ECA-6966 - Info log details when a database upgrade is started

ECA-6977 - Certificate Transparency, add verification of embedded SCTs and upgrade version of google/certificate-transparency-java

ECA-6980 - Remove root certificate from CT submission

ECA-6981 - GUI: Crypto Tokens form usability

ECA-6995 - GUI: End Entities search result revocation usability

ECA-7005 - Small improvement to CT debug logging

ECA-7017 - REST Jackson library unification

ECA-7018 - Add ACME to modular protocols configuration

ECA-7020 - When a CT log returns an error, log at info level instead of debug

ECA-7028 - modify REST enrollKeystore to accept JSON body rather than query parameters

ECA-7036 - Unidfnr data class should have unid as part of protection string.

ECA-7037 - File system property to disable X.509 client cert requirement for Admin GUI

ECA-7041 - Access rule '/cryptotoken/keys/generate/' is required to create CSR for OCSP Key Binding

ECA-7044 - Support Role namespace in EJB CLI

ECA-7045 - Reorganize crypto tokens documentation into a concept and an operational section

ECA-7048 - Adapt new RA API methods to RA API Guidelines

ECA-7049 - Make sure all RA API methods work both locally and remotely, where applicable

ECA-7056 - Create a "CA Overview" page in the documentation

ECA-7081 - Log all CRL parameters used when making a decision to generate a CRL or not

ECA-7087 - improve EJBCA_TRUNK_UNIT_PUPPET jenkins build (or runsa ant target) somehow, so that build error would make the build red

ECA-7091 - Remove Norwegian FNR from log

ECA-7095 - Enable "Don’t allow ROCA weak keys" in CA/B Forum RSA Key Validation Template

ECA-7097 - Merge REST revocation response classes

ECA-7113 - Make the dns resolver and iana root anchor configurable for acme

ECA-7121 - REST - return correct response code from POST and PUT endpoints

ECA-7123 - REST revocationstatus returns 'revoked' for non-existing entries

ECA-7124 - Complete IEjbcaWS JavaDoc for new RA master API calls.

ECA-7129 - Use static json for static swagger REST API documentation

ECA-7131 - SystemTest for REST Certificates search

ECA-7132 - Remove "default" ACME alias

ECA-7134 - Improve REST endpoint Swagger descriptions

ECA-7147 - Use consistent serial number response format in REST API

ECA-7166 - Update the documentation links for the OCSP keybindings page

ECA-7172 - Add new index for searches on AuditRecordData

ECA-7174 - Improve ProfileAndTraceInterceptor to print arguments properly

ECA-7177 - Increase CRL upload size from 60 KB to 250 MB

ECA-7186 - ACME Configuration: Hide EMPTY profile and add info text about Default CA etc.

ECA-7191 - Add request/response logging for REST calls