v3.3.1

Fix:

• check for correct value of uninitialized Niomon identity when configuration is loaded from environment variables, this fixes default identities not being loaded from files when Niomon identity is not set in configuration

v3.3.0

Added:

• backend response verification can be enabled via configuration

  • json: "verifyNiomonResponse": true
  • env: UBIRCH_VERIFY_NIOMON_RESPONSE=true

• default identities for backend response verification are stored in files and copied into docker image at build

• default identities for backend response verification are automatically loaded from files at application startup

• alternative identities for backend response verification can be set via configuration

  • json:

      "niomonIdentity": {
        "uuid": "<niomon UUID>",
        "publicKey": "<niomon public key bytes [base64]>"
      }
    

  • env:

    UBIRCH_NIOMON_IDENTITY=uuid:<niomon UUID>,publicKey:<niomon public key bytes [base64]>
    

• added fields to signing response

  • "operation": "<chain | anchor | disable | enable | delete>"
  • "responseSignatureVerified": <true | false>
  • "responseChainVerified": <true | false>

• added X-Err error headers from niomon response to HTTP response headers

v3.2.0

Changed:

• added abstraction layer for SQL queries
• go functions to access PostgreSQL and SQLite databases are generated from SQL queries using sqlc (github.com/kyleconroy/sqlc/cmd/sqlc@v1.16.0)

Added:

• added unit test execution to github actions

v3.1.1

Changed:

• minor refactoring
• renamed command line flag to set the configuration directory to -config-directory path/to/config

v3.1.0

Added:

• support of SQL database schema migration using files as described here https://github.com/golang-migrate/migrate/blob/master/MIGRATIONS.md
  • postgreSQL migration files can be added to main/adapters/database/postgres/migrations
  • SQLite migration files can be added to main/adapters/database/sqlite/migrations

Removed:

• deprecated support of migration from legacy file based context into database
  • to migrate the legacy file based context into the database, the user will have to use v3.0.0 and run it with the --migrate flag once
• removed support of --migrate flag
  • schema version will be checked upon startup automatically and migrated if necessary

Changed:

• to set the configuration directory, the path to the configuration file now has to be passed as command line flag in the form -configdirectory path/to/configdir

v3.0.0

With the release of v3.0.0 we introduce the support of SQLite database context management and offline functionality. This enables the client to be used as application for embedded devices, as well as servers.

Changed:

• configuration changes:

  • renamed configuration parameter for static authentication token

    • json: registerAuth -> staticAuth
    • envconfig: UBIRCH_REGISTERAUTH -> UBIRCH_STATIC_AUTH

  • setting a static authentication token in the configuration is now optional, but mandatory if at least one of
    the following endpoints is enabled

  • endpoints that require a static authentication token, i.e. identity registration, CSR creation and key
    de-/re-activation, must be enabled explicitly via configuration parameters:

    • json: enableRegistrationEndpoint envconfig: UBIRCH_ENABLE_REGISTRATION_ENDPOINT (boolean)
    • json: enableCSRCreationEndpoint envconfig: UBIRCH_ENABLE_CSR_CREATION_ENDPOINT (boolean)
    • json: enableDeactivationEndpoint envconfig: UBIRCH_ENABLE_DEACTIVATION_ENDPOINT (boolean)

  • since SQLite database support was added, the configuration parameter for the database DSN was renamed

    • json: postgresDSN -> dbDSN
    • envconfig: UBIRCH_POSTGRES_DSN -> UBIRCH_DB_DSN

  • the database driver, i.e. "postgres" or "sqlite", has to be set in the configuration via the following
    parameter

    • json: dbDriver envconfig: UBIRCH_DB_DRIVER (string)

Added:

• configuration additions:

  • individually configurable HTTP client timeouts for requests to upstream servers

    • json: identityServiceTimeoutMs envconfig: UBIRCH_IDENTITY_SERVICE_TIMEOUT_MS (integer)

    • json: authServiceTimeoutMs envconfig: UBIRCH_AUTH_SERVICE_TIMEOUT_MS (integer)

    • json: verifyServiceTimeoutMs envconfig: UBIRCH_VERIFY_SERVICE_TIMEOUT_MS (integer)

    • json: verificationTimeoutMs envconfig: UBIRCH_VERIFICATION_TIMEOUT_MS (integer)

    • if timeout values are not set in the configuration, the following default values will be used

      defaultIdentityServiceTimeoutMs = 10_000
      defaultAuthServiceTimeoutMs     = 2_000
      defaultVerifyServiceTimeoutMs   = 600
      defaultVerificationTimeoutMs    = 2_000
      

• API additions

  • endpoints for offline signing and verification functionality

    • /${uuid}/offline - Offline Sealing Hashes (chained) - original data
    • /${uuid}/offline/hash - Offline Sealing Hashes (chained) - hash
    • /${uuid}/anchor/offline - Offline Sealing Hashes (no chain) - original data
    • /${uuid}/anchor/offline/hash - Offline Sealing Hashes (no chain) - hash
    • /verify/offline - Offline Verification - original data
    • /verify/offline/hash - Offline Verification - hash

    added support for persistent storage of external identities in order to verify UPPs in offline mode without need
    of retrieving public key from UBIRCH identity service

• other

  • context migration from legacy context files to SQLite or postgres database
    • migration can be initiated by passing command-line flag --migrate
    • after successful migration, the process will exit with status 0, otherwise 1.

Removed:

• deprecated support of database schema migration for postgres

v3.0.0-beta

Changed:

• renamed configuration parameter for static authentication token

  • json: registerAuth -> staticAuth
  • envconfig: UBIRCH_REGISTERAUTH -> UBIRCH_STATIC_AUTH

• setting a static authentication token in the configuration is now optional, but mandatory if at least one of the following endpoints is enabled

• endpoints that require a static authentication token, i.e. identity registration, CSR creation and key de-/re-activation, must be enabled explicitly via configuration parameters:

  • json: enableRegistrationEndpoint envconfig: UBIRCH_ENABLE_REGISTRATION_ENDPOINT (boolean)
  • json: enableCSRCreationEndpoint envconfig: UBIRCH_ENABLE_CSR_CREATION_ENDPOINT (boolean)
  • json: enableDeactivationEndpoint envconfig: UBIRCH_ENABLE_DEACTIVATION_ENDPOINT (boolean)

Added:

• SQLite database support

  • database driver selection and DSN setting via configuration
    • config.json:

        "dbDriver": "<postgres | sqlite>",
        "dbDSN": "<data source name for database>",

    • env:

      UBIRCH_DB_DRIVER=<postgres | sqlite>
      UBIRCH_DB_DSN=<data source name for database>

  • context migration from legacy context files to SQLite or postgres database
    • migration can be initiated by passing command-line flag --migrate
    • after successful migration, the process will exit with status 0, otherwise 1.

• endpoints for offline signing and verification functionality

  • /${uuid}/offline | Offline Sealing Hashes (chained) - original data |
  • /${uuid}/offline/hash | Offline Sealing Hashes (chained) - hash |
  • /${uuid}/anchor/offline | Offline Sealing Hashes (no chain) - original data |
  • /${uuid}/anchor/offline/hash | Offline Sealing Hashes (no chain) - hash |
  • /verify/offline | Offline Verification - original data |
  • /verify/offline/hash | Offline Verification - hash |

• individually configurable HTTP client timeouts for requests to upstream servers

  • json: identityServiceTimeoutMs envconfig: UBIRCH_IDENTITY_SERVICE_TIMEOUT_MS (integer)

  • json: authServiceTimeoutMs envconfig: UBIRCH_AUTH_SERVICE_TIMEOUT_MS (integer)

  • json: verifyServiceTimeoutMs envconfig: UBIRCH_VERIFY_SERVICE_TIMEOUT_MS (integer)

  • json: verificationTimeoutMs envconfig: UBIRCH_VERIFICATION_TIMEOUT_MS (integer)

  • if timeout values are not set in the configuration, the following default values will be used

    defaultIdentityServiceTimeoutMs = 10_000
    defaultAuthServiceTimeoutMs     = 2_000
    defaultVerifyServiceTimeoutMs   = 600
    defaultVerificationTimeoutMs    = 2_000
    

• added support for persistent storage of external identities in order to verify UPPs in offline mode without need of retrieving public key from UBIRCH identity service

Removed:

• removed postgresDSN configuration parameter (replaced by dbDSN / UBIRCH_DB_DSN)

  • config.json:

      "postgresDSN": "<data source name for postgres database>",

  • env:

    UBIRCH_POSTGRES_DSN=<data source name for postgres database>

• deprecated support of database schema migration for postgres

v2.2.3

Changed:

• make log messages searchable in kibana by renaming the JSON field key for messages from "msg" to "message"

v2.2.2

Changed:

• minor clean up

Fixed:

• fix findings of gosec tool
• fix findings of golangci-lint tool

This release does not contain any functional changes.

v2.2.1

Changed:

• cache token after successful authentication instead of password hash
  This change enhances performance since performing key derivation for each incoming request is expensive.