Hola Javier, Me alegro de que ya esté resuelto :)
Con el ujiCrypto.conf es suficiente. --- Salut, ==================================== Ricardo Borillo Domenech http://xml-utils.com 2009/9/10 Javier Padrón Romero <[email protected]>: > Muchas gracias Ricardo, ya está! > El fichero jdigidoc.cfg también es necesario modificarlo? o basta con tocar > el ujicrypto.conf? > > El 10 de septiembre de 2009 13:45, Ricardo Borillo > <[email protected]> escribió: >> >> Hola Javier, >> >> En la distribución original, el JAR de configuración se proporciona >> firmado. Si modificas este JAR, la firma deja de ser válida, por lo >> que tienes dos opciones: >> >> *. Eliminar la firma existente al ser opcional en este JAR. >> *. Firmar de nuevo este JAR con el mismo certificado que el resto de JARs. >> >> Si estás en la misma situación que al principio, es posible que el que >> no te haya entendido sea yo :( >> >> --- >> Salut, >> ==================================== >> Ricardo Borillo Domenech >> http://xml-utils.com >> >> >> >> 2009/9/10 Javier Padrón Romero <[email protected]>: >> > Ahora ya si que no entiendo nada. >> > Yo toqué el jar de configuración para usar mis certificados y es cuando >> > dejo >> > de funcionar, por eso intenté volver a firmarlo. Firme todos con el >> > mismo >> > certificado. >> > Si ahora dices que el jar de configuracion no tiene porque ir firmado... >> > estoy en la misma situación que cuando mandé el primer mail, no? la >> > distribución original, con el fichero de configuración modificado y me >> > daría >> > el error de que no se ha podido cargar la configuración. >> > >> > :S >> > >> > >> > >> > >> > El 9 de septiembre de 2009 18:54, Ricardo Borillo >> > <[email protected]> escribió: >> >> >> >> Hola Javier, >> >> >> >> El fichero de config tiene buena pinta, estoy casi seguro de que el >> >> problema está en la firma de los JARs. >> >> >> >> El JAR de configuración no es necesario que esté firmado, pero >> >> nosotros los firmamos todos en la distribución. >> >> Es importante que todos los JARs estén firmados con el mismo >> >> certificado. >> >> >> >> En el trunk del proyecto hemos incluido un keystore con un certificado >> >> que puedes utilizar para la firma. >> >> A la hora de compilar con maven en la versión 2.0.5 puedes indicar que >> >> utilice este keystore, pero luego hay que tener todos los JARs >> >> restantes firmados con el mismo certificado. >> >> >> >> En resumen. Intenta eliminar los ficheros del META-INF del jar >> >> ujiConfig referentes a la firma, pues este JAR no es necesario que >> >> vaya firmado. >> >> Si sigues teniendo problemas, comprueba que todos están firmados con >> >> el mismo certificado (incluso el xmlsec, etc). >> >> >> >> --- >> >> Salut, >> >> ==================================== >> >> Ricardo Borillo Domenech >> >> http://xml-utils.com >> >> >> >> >> >> >> >> 2009/9/9 Javier Padrón Romero <[email protected]>: >> >> > Hola Ricardo, tengo que firmarlo de alguna forma específica. Lo he >> >> > firmado >> >> > normalmente: >> >> > Creo una clave firmada por mi: keytool -genkey -alias firma >> >> > (relleno >> >> > todo >> >> > lo que me pide) >> >> > Firmo los jar uno a uno : jarsigner nombre.jar firma >> >> > Ahora ni siquiera me inicializa el applet. >> >> > Si compruebo la firma de los jar con jarsigner me da el siguiente >> >> > error >> >> > >> >> > F:\firma\V2.0.5\aps>f:\jdk1.5.0_19\bin\jarsigner.exe -verify -verbose >> >> > -certs >> >> > ujiConfig-2.0.5.jar >> >> > jarsigner: java.lang.SecurityException: invalid SHA1 signature file >> >> > digest >> >> > for ujiCrypto.conf >> >> > >> >> > >> >> > Que es algo parecido al de la traza de error que me da al ejecutar el >> >> > applet >> >> > >> >> > >> >> > security: Comprobar si el certificado está en el almacén permanente >> >> > de >> >> > certificados de despliegue >> >> > security: Comprobar si el certificado está en el almacén de >> >> > certificados >> >> > de >> >> > la sesión de despliegue >> >> > basic: Receptor de progreso suprimido: >> >> > sun.plugin.util.grayboxpainter$grayboxprogressliste...@1b60280 >> >> > Exception in thread "thread >> >> > applet-es.uji.dsign.applet2.SignatureApplet-1" >> >> > java.lang.ExceptionInInitializerError >> >> > at org.apache.log4j.Logger.getRootLogger(Logger.java:104) >> >> > at >> >> > es.uji.dsign.applet2.SignatureApplet.init(SignatureApplet.java:53) >> >> > at >> >> > sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown >> >> > Source) >> >> > at java.lang.Thread.run(Unknown Source) >> >> > Caused by: java.lang.SecurityException: invalid SHA1 signature file >> >> > digest >> >> > for ujiCrypto.conf >> >> > at sun.security.util.SignatureFileVerifier.verifySection(Unknown >> >> > Source) >> >> > at sun.security.util.SignatureFileVerifier.processImpl(Unknown >> >> > Source) >> >> > at sun.security.util.SignatureFileVerifier.process(Unknown Source) >> >> > at java.util.jar.JarVerifier.processEntry(Unknown Source) >> >> > at java.util.jar.JarVerifier.update(Unknown Source) >> >> > at java.util.jar.JarFile.initializeVerifier(Unknown Source) >> >> > at java.util.jar.JarFile.getInputStream(Unknown Source) >> >> > at sun.net.www.protocol.jar.JarURLConnection.getInputStream(Unknown >> >> > Source) >> >> > at >> >> > >> >> > >> >> > sun.plugin.net.protocol.jar.CachedJarURLConnection.getInputStream(Unknown >> >> > Source) >> >> > at java.net.URL.openStream(Unknown Source) >> >> > at >> >> > >> >> > >> >> > org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:424) >> >> > at >> >> > >> >> > >> >> > org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:460) >> >> > at org.apache.log4j.LogManager.<clinit>(LogManager.java:145) >> >> > ... 4 more >> >> > >> >> > Perdona pero es la primera vez que me pego con java y me está >> >> > costando >> >> > bastante arranacar el applet. >> >> > >> >> > Otra cosa, el fichero de config que te he pegado antes, esta bien >> >> > cofigurado >> >> > o me falta algo? >> >> > >> >> > Un saludo y muchisimas gracias >> >> > >> >> > >> >> > >> >> > >> >> > El 9 de septiembre de 2009 14:26, Ricardo Borillo >> >> > <[email protected]> escribió: >> >> > >> >> >> >> >> >> Has vuelto a firmar el JAR despues de modificarlo? >> >> >> Creo que el error viene por ahí ... >> >> >> >> >> >> --- >> >> >> Salut, >> >> >> ==================================== >> >> >> Ricardo Borillo Domenech >> >> >> http://xml-utils.com >> >> >> >> >> >> >> >> >> >> >> >> 2009/9/9 Javier Padrón Romero <[email protected]>: >> >> >> > Hola Ricardo, muchas gracias, este es el fichero config, la parte >> >> >> > modificada. Los fichero cacert y SYSTEMCERT estan dentro del jar >> >> >> > >> >> >> > ## (XAdES-X-L) Digidoc related stuff >> >> >> > >> >> >> > ## >> >> >> > >> >> >> > # >> >> >> > >> >> >> > DIGIDOC_OCSP_RESPONDER_COUNT=3 >> >> >> > >> >> >> > DIGIDOC_OCSP_RESPONDER_URL1=http://ocsp.pki.gva.es >> >> >> > >> >> >> > DIGIDOC_OCSP_RESPONDER_URL2=http://ocsp.dnie.es >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > DIGIDOC_OCSP_RESPONDER_URL3=http://localhost:8080/ejbca/publicweb/status/ocsp >> >> >> > >> >> >> > >> >> >> > >> >> >> > SIGN_OCSP_REQUESTS=false >> >> >> > >> >> >> > DIGIDOC_CA_CERTS=8 >> >> >> > >> >> >> > DIGIDOC_CA_CERT1=jar://cagva.pem >> >> >> > >> >> >> > DIGIDOC_CA_CERT2=jar://rootca.pem >> >> >> > >> >> >> > DIGIDOC_CA_CERT3=jar://accv-ca2.pem >> >> >> > >> >> >> > DIGIDOC_CA_CERT4=jar://ACDNIE001.pem >> >> >> > >> >> >> > DIGIDOC_CA_CERT5=jar://ACDNIE002-SHA1.pem >> >> >> > >> >> >> > DIGIDOC_CA_CERT6=jar://ACDNIE003-SHA1.pem >> >> >> > >> >> >> > DIGIDOC_CA_CERT7=jar://NisuCa.pem >> >> >> > >> >> >> > DIGIDOC_CA_CERT8=jar://cacert.pem >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > DIGIDOC_OCSP_COUNT=3 >> >> >> > >> >> >> > DIGIDOC_OCSP1_CN=ocsp-gva >> >> >> > >> >> >> > DIGIDOC_OCSP1_CERT=jar://ocsp-gva.crt >> >> >> > >> >> >> > DIGIDOC_OCSP1_CA_CERT=jar://cagva.pem >> >> >> > >> >> >> > DIGIDOC_OCSP1_CA_CN=CAGVA >> >> >> > >> >> >> > DIGIDOC_OCSP2_CN=AV DNIE FNMT >> >> >> > >> >> >> > DIGIDOC_OCSP2_CERT=jar://DNIEOCSP.pem >> >> >> > >> >> >> > DIGIDOC_OCSP2_CA_CERT=jar://ACDNIE001.pem >> >> >> > >> >> >> > DIGIDOC_OCSP2_CA_CN=AC DNIE 001 >> >> >> > >> >> >> > DIGIDOC_OCSP3_CN=OCSPSignerCertificate >> >> >> > >> >> >> > DIGIDOC_OCSP3_CERT=jar://SYSTEMCERT.crt >> >> >> > >> >> >> > DIGIDOC_OCSP3_CA_CERT=jar://cacert.pem >> >> >> > >> >> >> > DIGIDOC_OCSP3_CA_CN=AdminCA1 >> >> >> > >> >> >> > # OCSP, CRL or none selectors >> >> >> > >> >> >> > DIGIDOC_CERT_VERIFIER=OCSP >> >> >> > >> >> >> > DIGIDOC_SIGNATURE_VERIFIER=OCSP >> >> >> > >> >> >> > # Set this value to false if you are not adding an ocsp >> >> >> > >> >> >> > # confirmation to your signatures, otherwise, an exception >> >> >> > >> >> >> > # will be thrown if the confirmation does not exists. >> >> >> > >> >> >> > DIGIDOC_DEMAND_OCSP_CONFIRMATION_ON_VERIFY=true >> >> >> > >> >> >> > >> >> >> > >> >> >> > # Set this value to 0 if you do not want >> >> >> > >> >> >> > # compute the tsp. >> >> >> > >> >> >> > #DIGIDOC_TSA_COUNT=0 >> >> >> > >> >> >> > DIGIDOC_TSA_COUNT=1 >> >> >> > >> >> >> > >> >> >> > >> >> >> > DIGIDOC_TSA1_CERT=jar://tsa1_accv.der >> >> >> > >> >> >> > DIGIDOC_TSA1_CA_CERT=jar://tsa1_accv.der >> >> >> > >> >> >> > DIGIDOC_TSA1_USE_NONCE=true >> >> >> > >> >> >> > DIGIDOC_TSA1_ASK_CERT=false >> >> >> > >> >> >> > DIGIDOC_TSA1_URL=http://tss.accv.es:8318/tsa >> >> >> > >> >> >> > DIGIDOC_TSA1_CN=CAGVA >> >> >> > >> >> >> > DIGIDOC_TSA1_CA_CN=CAGVA >> >> >> > >> >> >> > DIGIDOC_TSA1_SN=12 >> >> >> > >> >> >> > DIGIDOC_MAX_TSA_TIME_ERR_SECS=60 >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > El 9 de septiembre de 2009 13:53, Ricardo Borillo >> >> >> > <[email protected]> escribió: >> >> >> >> >> >> >> >> Hola Javier, >> >> >> >> >> >> >> >> ¿Puedes pegar la sección modificada completa de tu fichero de >> >> >> >> config? >> >> >> >> >> >> >> >> --- >> >> >> >> Salut, >> >> >> >> ==================================== >> >> >> >> Ricardo Borillo Domenech >> >> >> >> http://xml-utils.com >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> 2009/9/9 Javier Padrón Romero <[email protected]>: >> >> >> >> > Hola a todos, >> >> >> >> > >> >> >> >> > He modificado el fichero ujiCrypto.conf para añadir mi CA y mi >> >> >> >> > url >> >> >> >> > de >> >> >> >> > OCSP >> >> >> >> > (estoy trabajando con una CA propia configurada por mi en >> >> >> >> > EJBCA) >> >> >> >> > lo >> >> >> >> > que >> >> >> >> > hago >> >> >> >> > para modificarlo es en la parte de XADES añadir a la lista de >> >> >> >> > autoridades la >> >> >> >> > mía, sin tocar las otras. >> >> >> >> > Me da el siguiente error: >> >> >> >> > >> >> >> >> > No se ha podido calcular la firma: No se ha podido cargar la >> >> >> >> > configuración >> >> >> >> > >> >> >> >> > >> >> >> >> > Antes de tocar la configuración seleccionaba mi certificado, me >> >> >> >> > pedia >> >> >> >> > autorización para usarlo y me decia que no se podia calcular la >> >> >> >> > firma, >> >> >> >> > normal porque no estaba configurada la autoridad certificadora. >> >> >> >> > Pero >> >> >> >> > ahora >> >> >> >> > cuando elijo el certificado sin pedirme la autorizacion para >> >> >> >> > usarlo >> >> >> >> > directamente me da ese error >> >> >> >> > >> >> >> >> > Esta es la traza del error: >> >> >> >> > >> >> >> >> > navigator: IEXPLORER >> >> >> >> > basic: Applet initialized >> >> >> >> > basic: Receptor de progreso suprimido: >> >> >> >> > sun.plugin.util.grayboxpainter$grayboxprogressliste...@1d36dfe >> >> >> >> > basic: Applet made visible >> >> >> >> > basic: Starting applet >> >> >> >> > basic: Applet started >> >> >> >> > basic: Told clients applet is started >> >> >> >> > Returning ksh= >> >> >> >> > {iexplorer=es.uji.dsign.crypto.keystore.mscapikeyst...@ba5bdb} >> >> >> >> > STORE: MSCapiKeyStore >> >> >> >> > START: 1SIGNATURECOUNT: 1 >> >> >> >> > Certificate Alias: C=SE, O=EJBCA Sample, CN=AdminCA1 >> >> >> >> > Serial=3675108209664361913 >> >> >> >> > java.lang.SecurityException: SHA1 digest error for >> >> >> >> > ujiCrypto.conf >> >> >> >> > at sun.security.util.ManifestEntryVerifier.verify(Unknown >> >> >> >> > Source) >> >> >> >> > at java.util.jar.JarVerifier.processEntry(Unknown Source) >> >> >> >> > at java.util.jar.JarVerifier.update(Unknown Source) >> >> >> >> > at java.util.jar.JarVerifier$VerifierStream.read(Unknown >> >> >> >> > Source) >> >> >> >> > at java.io.FilterInputStream.read(Unknown Source) >> >> >> >> > at java.io.FilterInputStream.read(Unknown Source) >> >> >> >> > at java.util.Properties$LineReader.readLine(Unknown Source) >> >> >> >> > at java.util.Properties.load0(Unknown Source) >> >> >> >> > at java.util.Properties.load(Unknown Source) >> >> >> >> > at >> >> >> >> > es.uji.dsign.util.ConfigHandler.<init>(ConfigHandler.java:29) >> >> >> >> > at >> >> >> >> > >> >> >> >> > >> >> >> >> > es.uji.dsign.util.ConfigHandler.getProperties(ConfigHandler.java:77) >> >> >> >> > at >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > es.uji.dsign.crypto.XAdESSignatureFactory.formatSignature(XAdESSignatureFactory.java:76) >> >> >> >> > at >> >> >> >> > >> >> >> >> > es.uji.dsign.applet2.SignatureThread.run(SignatureThread.java:230) >> >> >> >> > es.uji.dsign.applet2.Exceptions.SignatureAppletException: >> >> >> >> > <html><font >> >> >> >> > color='red'>No s'ha pogut calcular la signatura :: No es va >> >> >> >> > poder >> >> >> >> > carregar >> >> >> >> > la configuració. >> >> >> >> > at >> >> >> >> > >> >> >> >> > es.uji.dsign.applet2.SignatureThread.run(SignatureThread.java:244) >> >> >> >> > >> >> >> >> > >> >> >> >> > Muchas gracias. >> >> >> >> > _______________________________________________ >> >> >> >> > CryptoApplet mailing list >> >> >> >> > [email protected] >> >> >> >> > http://llistes.uji.es/mailman/listinfo/cryptoapplet >> >> >> >> > >> >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> > >> >> > >> > >> > > > _______________________________________________ CryptoApplet mailing list [email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
