SI&C v. 1.6.1 - Release Notes

• Fix for local interceptors not having a ServerRequest object (JAC#682).
• Bind client socket to wildcard address instead of localhost (JAC#596).
• Added key storage providers and key manager algorithm selection for IBM J9 support (JAC#821).
• Added JSSE selection for key managers (JAC#821).
• Moved to JacORB 2.3.1 support (JAC#821).

SI&C v. 1.6.0 - Release Notes

• To differentiate between the Sic release for JacORB 2.1 and JacORB 2.3 we are incrementing the version number to 1.6.
• added the method setKeyStorePlugin(KeyStorePlugin plugin) to interfaces SSLClientCurrent and SSLServerCurrent to allow applications to control how KeyStore's are loaded and X509 Certificates are verified (JAC#575).

SI&C v. 1.5.4 - Release Notes

• port to jacorb23 / j2me foundation profile 1.1.2 with security optional package

SI&C v. 1.5.3 - Release Notes

• Refactored handling of authentication levels
• Added method setKeyStore(KeyStore, char[], boolean) to SSLClientCurrent and SSLServerCurrent to allow to use keystores independent of the type.
• added new socket factory com.prismtech.corba.jacorb.PortRangeSSLSocketFactory that allows to control the port range it should use to create sockets. Configuration via the properties jacorb.ssl.socket_factory.port_min and jacorb.ssl.socket_factory.port_max.

SI&C v. 1.5.2 - Release Notes

• Added enhancement fCFWUA0001C7: added method setTrustManagers(X509TrustManager[]) to interfaces SSLClientCurrent and SSLServerCurrent to allow setting a custom X509TrustManager implementation.
• Fixed defect fCFWUA0001D3: added property prismtech.sec.ssl_session_cache_size to control the size of the SSLSession cache. The default is 25.

SI&C v. 1.5.1 - Release Notes

• Replaced Class: Class com.prismtech.corba.security.util.AssertedIdentity has been replaced by com.prismtech.corba.security.AssertedIdentityCredential.
• Removed property: Setting the property jacorb.security.access_decision isn't necessary anymore.
• Removed property: Setting the property jacorb.security.jsse.trustees_from_ks isn't necessary anymore.
• Defect fCFWUA00016L resolved: Fixed missing configurability of log levels through properties.
• Defect fCFWUA00014T resolved: Allow to set a SecureRandom object to be used by the JSSE SSL layer through setSecureRandom(java.security.SecureRandom rnd) on SSLClientCurrent and SSLServerCurrent.
• Defect fCFWUA00016B resolved: (Workaround for JSSE bugs) Implemented custom TrustManager to work around problems JSSE is having with PKCS#12 keystores that don't have trusted certificate entries (liks JKS keystores).
• Defect fCFWUA00018B resolved: (see fCFWUA00016B, above)
• Defect fCFWUA000189 resolved: (see fCFWUA00016B, above)
• Defect fCFWUA00016H resolved: Added explicit checking of certificate validity when setting a keystore through SSLClientCurrent or SSLServerCurrent.
• Removed usage of BouncyCastle provider: PKCS#12 support also comes with the Sun JSSE SSL provider.
• Removed property: Setting the property prismtech.sec.add_bc_provider isn't necessary anymore (see above).
• CSIv2 client side changed: Setting username, password and identity to assert is now done through a new current object, the CSIv2ClientCurrent. Setting the identity through the SecurityLevel2 current isn't supported anymore.
• Removed property: Setting the property prismtech.csiv2.username isn't supported anymore (see above).
• Removed property: Setting the property prismtech.csiv2.password isn't supported anymore (see above).
• Logging changes: Setting and changing logging verbosity through the security policy configuration file isn't supported anymore.

SI&C v. 1.5.0 - Release Notes

SI&C v. 1.5 beta2 - Release Notes

• Method name change: Fixed typo in X509CertificateChainPrincipal, renamed method getCertificatChain() to getCertificateChain() (missing "e").
• SSLCurrent - Additional exception thrown: setPKCS12Keystore() on SSLClientCurrent and SSLServerCurrent now additionally declares java.security.UnrecoverableKeyException to be throwable.

SI&C v. 1.5 beta1 - Release Notes

• Java package change: moved complete code and properties into com.prismtech package.
• SSL Certificate Access and Key Material Setting: implemented interfaces as per SOW.
• KeyStore limitation: PKCS12 KeyStores should only contain one key and corresponding certificate chain. Otherwise, the result of getLocalPrincipal() may not match the actual certificate chain used by SSL.
• X509CertificateChainPrincipal limitation: as per SOW, calling hashCode() will yield an org.omg.CORBA.NO_IMPLEMENT exception.
• BouncyCastle limitation: when running with a "normal" J2SE 1.3, bcprov-jdk13-125.jar and jce-jdk13-125.jar must be added to the jre/lib/ext dir of the JRE installation. Otherwise, java will throw a SecurityException.
• Logging limitation: Configuring logging through the security policy configuration file, i.e. using the PolicyEditor may not work as expected.
• New property: prismtech.sec.add_bc_provider to control if the BouncyCastle security provider will be added or not. Defaults to "on".
• New property: prismtech.sec.enable_access_control to control if the SI&C access control mechanism will be turned on or off. Defaults to "on".

SI&C v. 1.4.1 - Release Notes

• Access Control: Access Control is now performed on all operations. In the previous release, the "internal" operations _is_a, _get_interface, _non_existent, _get_policy and _set_policy_overrides were excluded and could pass unchecked.
• Bugfix: client would only use CSIv2 if server supports both GSSUP userid+password authentication and identity assertions.
• Bugfix: the PolicyEditor was missing two jar files to allow IDL import.
• New Demo: Added a new demo for CSIv2 identity assertions.
• Shell scripts: Improved the setenv_cdc.sh and demo shell scripts.

SI&C v. 1.4 - Release Notes

• CSIv2 no CSIv2-level authentication independently of the rest of the SI&C product, only to be used in conjunction with SI&C.
• CSIv2 Documentation and a sourcecode example for identity assertions on the client side will follow in the next release.
• Dynamic policy updates when dynamic updates are configured, the SI&C uses a simple back-off mechanisms to determine when it is safe to create a new configuration object from a new file, i.e., to determine when a file copy operation has completed. Multiple, potentially intermittent file copies may leave the server in an unconsistent state.