v2.2.0

A Java 8-compatible release with back-ported changes (mainly OCSP-related fixes) from the main branch and updated dependencies.

Version 2 will continue to support Java 8, while version 3 requires Java 11 or newer.

Java 8 support has been extended until at least March 2026. If you need Java 8 support after that, please request it in this issue comments.

Minor backwards-incompatible changes

Although we adhere to semantic versioning principles, the following backwards-incompatible changes are included in the minor version 2.2.0. The updates are primarily structural and cosmetic rather than essential functionality changes, therefore we consider them compatible with a minor version increment.

Maven group ID updated to eu.webeid

The Maven group ID has been changed from org.webeid to eu.webeid. This change corresponds with the package namespace, domain of the official project website and emphasizes the focus on European Union eID cards.

Optional return values in CertificateData

The certificate subject field extraction methods in the CertificateData utility class now return Optional<String> instead of String. This change clarifies when a field is absent as opposed to when a certificate parsing error occurs. Users of these methods must now check for Optional<String> presence with isPresent() or using methods like orElse() or orElseThrow() to handle missing values.

Example

The old version 2-compatible Web eID Spring Boot example application was updated to use this version with these changes, which demonstrate how to adapt to the new Optional API and configuration changes. Note that digital signing will not work in this version of the example as only authentication was updated.

What's Changed

• Java 8 compatible v2.2.0 release by @mrts in #92

Full Changelog: v2.1.2...v2.2.0

v3.2.0

v3.2.0 is a feature and maintenance release that adds support for ID-card authentication when Extended Key Usage is not present in authentication certificate (like for example in Belgian and Finnish ID-cards), includes several dependency upgrades and merging web-eid-spring-boot-example into web-eid-authtoken-validation-java repository under web-eid-authtoken-validation-java/example.

Version 3 requires Java 11 or later, version 2 is compatible with Java 8.

What's Changed

• Github code scanning alert: Deprecated method or constructor invocation by @svenzik in #73
• Update web-eid-authtoken-validation-java dependencies by @svenzik in #75
• Allow id-card authentication when Extended Key Usage is not present in certificate by @svenzik in #72
• Move web-eid-spring-boot-example into web-eid-authtoken-validation-java/example by @svenzik in #76
• Add debug statement when returning early by @svenzik in #77
• Add plucky support by @kristelmerilain in #80
• Bump version to 3.2.0, update dependencies by @mrts in #84
• example: bump version to 3.2.0, update dependencies by @mrts in #85
• Add v2.7.0 release by @mrts in #86

Full Changelog: v3.1.1...v3.2.0

New Contributors

• @svenzik made their first contribution in #73

v3.1.1

v3.1.1 is a bug fix and maintenance release that fixes OcspService.validateResponderCertificate() to use system time for validation and makes SubjectCertificateNotRevokedValidator thread-safe.

What's Changed

• Use system time in OcspService.validateResponderCertificate() by @mrts in #64
• Make SubjectCertificateNotRevokedValidator thread-safe by @mrts in #69
• Fix expired test certificate in AuthTokenSignatureTest by @mrts in #71
• Bump version to 3.1.1 and update dependencies by @mrts in #70

Full Changelog: v3.1.0...v3.1.1

v3.1.0

Minor backwards-incompatible changes

Although we adhere to semantic versioning principles, the following backwards-incompatible changes are included in the minor version 3.1.0. The updates are primarily structural and cosmetic rather than essential functionality changes, therefore we consider them compatible with a minor version increment.

Maven group ID updated to eu.webeid

The Maven group ID has been changed from org.webeid to eu.webeid. This change corresponds with the package namespace, domain of the official project website and emphasizes the focus on European Union eID cards.

Optional return values in CertificateData

The certificate subject field extraction methods in the CertificateData utility class now return Optional<String> instead of String. This change clarifies when a field is absent as opposed to when a certificate parsing error occurs. Users of these methods must now check for Optional<String> presence with isPresent() or using methods like orElse() or orElseThrow() to handle missing values.

What's changed

• Use java 17 for SonarCloud by @metsma in #49
• Encode correctly OCSP NONCE extension by @metsma in #51
• Nonce support was added to EstEID 2015 by @metsma in #52
• Update copyright year by @metsma in #57
• Update JJWT to version 0.12 and use Jackson ObjectReader, update other dependencies by @mrts in #58
• fix: use system time in OcspResponseValidator.validateCertificateStatusUpdateTime() by @mrts in #55
• build(deps): bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78 by @dependabot in #61
• Use Optional in CertificateData by @mrts in #60
• Validate relevant CA only by @mrts in #59
• Fix incorrect groupId and challenge token code example in README by @zutnop in #53
• Update group ID to eu.webeid.security, amend REAME by @mrts in #63
• Bump version to 3.1.0 by @mrts in #62

New contributors

• @zutnop made their first contribution in #53

Full Changelog: v3.0.1...v3.1.0

v3.0.1

v3.0.1 is a minor maintenance release that includes several dependency upgrades, most importantly BouncyCastle and jackson-databind. Additionally, it features adjustment of the OCSP nonce length to 32 bytes, enhancements in the build process to generate source and Javadoc JARs alongside the library JAR and a fix to an expired certificate in tests.

Full changelog: v3.0.0...v3.0.1.

Packages

The release Maven package along with source and Javadoc JARs is available in the GitLab Package Repository.

v3.0.0

Changes

v3.0.0 is a major release that requires Java 11. It uses the built-in HttpClient instead of OkHttpClient for OCSP requests, OkHttpClient dependency is no longer included. The public API has not changed.

If needed, you can continue using OkHttpClient by implementing the OcspClient interface with OkHttpClient and inject the implementation using the AuthTokenValidatorBuilder.withOcspClient() method.

Full changelog: v2.1.2...v3.0.0.

Packages

The release Maven package is available in the GitLab Package Repository.

v2.1.2

Changes

v2.1.2 is a minor maintenance release, bumping jackson-databind from 2.13.4.1 to 2.13.4.2 and adding other minor changes.

Full changelog: v2.1.1...v2.1.2.

Packages

The release Maven package is available in the GitLab Package Repository.

v2.1.1

Changes

Bump jackson-databind from 2.13.4 to 2.13.4.1.

Packages

The release Maven package is available in the GitLab Package Repository.

v2.1.0

Changes

• Allow overriding the OCSP client with AuthTokenValidatorBuilder.withOcspClient(). This gives the possibility to either configure the request timeouts, proxies etc of the OkHttpClient instance used by OkHttpOcspClient or provide an implementation that uses an altogether different HTTP client, for example the built-in HttpClient provided by Java 9+.
• Remove the Guava dependency that was used in only a few places.

Full list of changes is in the v2.1.0 milestone.

Packages

Maven package is available in the GitLab Package Repository.

v2.0.1

Changes

• allow more than one responder certificate in the OCSP response.

Full list of changes is in the v2.0.1 milestone.

Packages

Maven package is available in the GitLab Package Repository.