Ahí va toda la traza, incluidas la primera vez que se le da a Firmar, y la segunda, hasta la excepción, espero que no sea demasiado liosa :-S
***************************CONSOLA JAVA***************************************** Java Plug-in 1.6.0_16 Usar versión JRE 1.6.0_16-b01 Java HotSpot(TM) Client VM Directorio local del usuario = /home/rruiz ---------------------------------------------------- c: borrar ventana de consola f: finalizar objetos en la cola de finalización g: liberación de recursos h: presentar este mensaje de ayuda l: volcar lista del cargador de clases m: imprimir sintaxis de memoria o: activar registro q: ocultar consola r: recargar configuración de norma s: volcar propiedades del sistema y de despliegue t: volcar lista de subprocesos v: volcar pila de subprocesos x: borrar antememoria del cargador de clases 0-5: establecer nivel de rastreo en <n> ---------------------------------------------------- DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.JSCommands [17:08:59,403] - New access to browser window from Applet DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.SignatureApplet [17:08:59,456] - Nimbus Look&Feel loaded DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:08:59,466] - Recover JavaScript member: navigator DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:08:59,466] - Recover JavaScript member: userAgent DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:08:59,467] - Detected user agent mozilla/5.0 (x11; u; linux i686; es-es; rv:1.9.0.14) gecko/2009090216 ubuntu/9.04 (jaunty) firefox/3.0.14 DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:08:59,467] - Navigator variable set to MOZILLA _pk11LibPath: /usr/lib/nss/libsoftokn3.so DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.SignatureApplet [17:08:59,940] - Call JavaScript method: onInitOk DEBUG Applet 5 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler [17:09:03,985] - Setting inputDataEncoding to PLAIN DEBUG Applet 5 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler [17:09:03,994] - Setting signOutputFormat to es.uji.security.crypto.pdf.PDFSignatureFactory Obtenido path /usr/lib/opensc-pkcs11.so DEBUG Applet 5 LiveConnect Worker Thread es.uji.security.keystore.dnie.Dnie [17:09:04,076] - DNIe is not inserted or it can not be loaded <-----Aqui es donde se inicia el idioma-----> DEBUG Applet 5 LiveConnect Worker Thread es.uji.security.ui.applet.JTreeCertificateBuilder [17:09:04,229] - Building certificate tree DEBUG Applet 5 LiveConnect Worker Thread es.uji.security.ui.applet.SignatureApplet [17:09:04,370] - Call JavaScript method: onWindowShow STORE: PKCS11 START: 1SIGNATURECOUNT: 1 DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,323] - Getting selected certificate DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,323] - Selected certificate:CN=NOMBRE RUIZ PALACIOS RAFAEL - NIF 74874275Y, OU=501078173, OU=FNMT Clase 2 CA, O=FNMT, C=ES DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,323] - Validating certificate DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,323] - The certificate is valid DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,323] - Loading certificate store DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,510] - Certificate store loaded Certificate Alias: NOMBRE RUIZ PALACIOS RAFAEL - NIF 74874275Y's FNMT ID DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,512] - Loading signature format: es.uji.security.crypto.pdf.PDFSignatureFactory DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,570] - Selected a digital signature certificate DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams [17:09:10,571] - Retrieving data from http://localhost:8080/nuxeo/restAPI/default/e97d5ca4-161e-43a7-b36c-cca452152c9d/obtainConvertedFile DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams [17:09:10,902] - Retrieved null bytes DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,902] - Encoding: PLAIN *** Alias recogido de xcert.getAlias(): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) *** Clave recogida de kAux.getKey(xcert.getAlias()): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:10,920] - Signing data ***Key: SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) *** Clave recogida de signatureOptions.getPrivateKey(): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) ASK FOR: PDFSIG_CA_CERTSreturn value9 ASK FOR: PDFSIG_CA_CERT1return valuecagva.pem ASK FOR: PDFSIG_CA_CERT2return valuerootca.pem ASK FOR: PDFSIG_CA_CERT3return valueaccv-ca2.pem ASK FOR: PDFSIG_CA_CERT4return valueACDNIE001.pem ASK FOR: PDFSIG_CA_CERT5return valueACDNIE002-SHA1.pem ASK FOR: PDFSIG_CA_CERT6return valueACDNIE003-SHA1.pem ASK FOR: PDFSIG_CA_CERT7return valueNisuCa.pem ASK FOR: PDFSIG_CA_CERT8return valuetest.pem ASK FOR: PDFSIG_CA_CERT9return valuefnmt.pem ASK FOR: PDFSIG_VISIBLE_SIGNATUREreturn valuetrue ASK FOR: PDFSIG_VISIBLE_AREA_Xreturn value0 ASK FOR: PDFSIG_VISIBLE_AREA_Yreturn value830 ASK FOR: PDFSIG_VISIBLE_AREA_X2return value110 ASK FOR: PDFSIG_VISIBLE_AREA_Y2return value785 ASK FOR: PDFSIG_VISIBLE_AREA_PAGEreturn value1 ASK FOR: PDFSIG_VISIBLE_AREA_IMGFILEreturn valueuji.jpg ASK FOR: PDFSIG_TIMESTAMPINGreturn valuefalse *** Clave justo antes de sap.setCrypto(...): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) ASK FOR: PDFSIG_REASONreturn valueCryptoApplet digital signatures ASK FOR: PDFSIG_LOCATIONreturn valueSpain ASK FOR: PDFSIG_CONTACTreturn valueJaume I University Using provider: SunPKCS11-NSS Using provider: SunPKCS11-NSS DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:11,757] - The signature is valid DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:11,757] - Encoding for output PLAIN La URL de donde sacamos el PDF es: http://localhost:8080/nuxeo/restAPI/default/e97d5ca4-161e-43a7-b36c-cca452152c9d/signature?signerName=NOMBRE+RUIZ+PALACIOS+RAFAEL+-+NIF+74874275Y&signDate=Wed+Mar+03+17%3A09%3A11+CET+2010&expirationDate=Sat+Dec+01+13%3A37%3A01+CET+2012&fileName=PruebaFirma.odt DEBUG thread-sig-0 es.uji.security.ui.applet.io.NuxeoOutputParams [17:09:13,917] - Call JavaScript method: onSignOk START: 1 SIGNATURECOUNT: 1 DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.SignatureApplet [17:09:16,066] - Applet destroy called. Executing garbage collection DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-2 es.uji.security.ui.applet.JSCommands [17:09:16,473] - New access to browser window from Applet DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-2 es.uji.security.ui.applet.SignatureApplet [17:09:16,515] - Nimbus Look&Feel loaded _pk11LibPath: /usr/lib/nss/libsoftokn3.so DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-2 es.uji.security.ui.applet.SignatureApplet [17:09:16,723] - Call JavaScript method: onInitOk DEBUG Applet 6 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler [17:09:18,592] - Setting inputDataEncoding to PLAIN DEBUG Applet 6 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler [17:09:18,600] - Setting signOutputFormat to es.uji.security.crypto.pdf.PDFSignatureFactory Obtenido path /usr/lib/opensc-pkcs11.so DEBUG Applet 6 LiveConnect Worker Thread es.uji.security.keystore.dnie.Dnie [17:09:18,613] - DNIe is not inserted or it can not be loaded DEBUG Applet 6 LiveConnect Worker Thread es.uji.security.ui.applet.JTreeCertificateBuilder [17:09:18,650] - Building certificate tree DEBUG Applet 6 LiveConnect Worker Thread es.uji.security.ui.applet.SignatureApplet [17:09:18,701] - Call JavaScript method: onWindowShow STORE: PKCS11 START: 1SIGNATURECOUNT: 1 DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:24,952] - Getting selected certificate DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:24,952] - Selected certificate:CN=NOMBRE RUIZ PALACIOS RAFAEL - NIF 74874275Y, OU=501078173, OU=FNMT Clase 2 CA, O=FNMT, C=ES DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:24,952] - Validating certificate DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:24,952] - The certificate is valid DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:24,952] - Loading certificate store DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:25,059] - Certificate store loaded Certificate Alias: NOMBRE RUIZ PALACIOS RAFAEL - NIF 74874275Y's FNMT ID DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:25,064] - Loading signature format: es.uji.security.crypto.pdf.PDFSignatureFactory DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:25,064] - Selected a digital signature certificate DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams [17:09:25,064] - Retrieving data from http://localhost:8080/nuxeo/restAPI/default/e97d5ca4-161e-43a7-b36c-cca452152c9d/obtainConvertedFile DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams [17:09:25,411] - Retrieved null bytes DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:25,411] - Encoding: PLAIN *** Alias recogido de xcert.getAlias(): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) *** Clave recogida de kAux.getKey(xcert.getAlias()): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:25,416] - Signing data ***Key: SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) *** Clave recogida de signatureOptions.getPrivateKey(): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) ASK FOR: PDFSIG_CA_CERTSreturn value9 ASK FOR: PDFSIG_CA_CERT1return valuecagva.pem ASK FOR: PDFSIG_CA_CERT2return valuerootca.pem ASK FOR: PDFSIG_CA_CERT3return valueaccv-ca2.pem ASK FOR: PDFSIG_CA_CERT4return valueACDNIE001.pem ASK FOR: PDFSIG_CA_CERT5return valueACDNIE002-SHA1.pem ASK FOR: PDFSIG_CA_CERT6return valueACDNIE003-SHA1.pem ASK FOR: PDFSIG_CA_CERT7return valueNisuCa.pem ASK FOR: PDFSIG_CA_CERT8return valuetest.pem ASK FOR: PDFSIG_CA_CERT9return valuefnmt.pem ASK FOR: PDFSIG_VISIBLE_SIGNATUREreturn valuetrue ASK FOR: PDFSIG_VISIBLE_AREA_Xreturn value0 ASK FOR: PDFSIG_VISIBLE_AREA_Yreturn value830 ASK FOR: PDFSIG_VISIBLE_AREA_X2return value110 ASK FOR: PDFSIG_VISIBLE_AREA_Y2return value785 ASK FOR: PDFSIG_VISIBLE_AREA_PAGEreturn value1 ASK FOR: PDFSIG_VISIBLE_AREA_IMGFILEreturn valueuji.jpg ASK FOR: PDFSIG_TIMESTAMPINGreturn valuefalse *** Clave justo antes de sap.setCrypto(...): *** SunPKCS11-NSS RSA private key, 2048 bits (id 3430895948, token object, sensitive, extractable) ASK FOR: PDFSIG_REASONreturn valueCryptoApplet digital signatures ASK FOR: PDFSIG_LOCATIONreturn valueSpain ASK FOR: PDFSIG_CONTACTreturn valueJaume I University Using provider: SunPKCS11-NSS ExceptionConverter: java.security.InvalidKeyException: Private key must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding at sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:84) at sun.security.pkcs11.P11KeyFactory.engineTranslateKey(P11KeyFactory.java:115) at sun.security.pkcs11.P11KeyFactory.convertKey(P11KeyFactory.java:48) at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:326) at java.security.Signature$Delegate.engineInitSign(Signature.java:1095) at java.security.Signature.initSign(Signature.java:480) at com.lowagie.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:420) at com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(PdfSigGenericPKCS.java:106) at com.lowagie.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:928) at com.lowagie.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:847) at com.lowagie.text.pdf.PdfStamper.close(PdfStamper.java:183) at es.uji.security.crypto.pdf.PDFSignatureFactory.formatSignature(PDFSignatureFactory.java:224) at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:303) DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:09:25,505] - The signature is not valid java.lang.NullPointerException at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:320) ******************************************************************************** Quoting Ricardo Borillo <[email protected]>: > Hola Rafael, > > Sí que es un poco extraño ... > > Lo que parece que pasa es que no es capaz de acceder a la clave > privada, por eso te dice que no tiene la codificación adecuada o, al > ser nulo, falla y da una excepción. > > ¿Puedes pegar la traza entera por si vemos algo? > > --- > Salut, > ==================================== > Ricardo Borillo Domenech > http://xml-utils.com > > > > 2010/3/3 <[email protected]>: >> He traceado todo el código siguiendo la pila de la excepción, y el >> asunto es rarísimo, porque el error según se lee en la excepción, >> parece que es de la clave privada, pero la clave llega intacta a >> >> sap.setCrypto((PrivateKey) pk, chain, null, >> PdfSignatureAppearance.VERISIGN_SIGNED); >> >> incluso le he hecho un casting por si acaso, y además es la misma que >> se usa en la primera vez que se firma, que sí funciona. >> >> La verdad que no tengo ni idea de que puede ser. >> >> También he buscado algo por internet, pero nada. >> >> Ojalá alguien sepa algo!!! Porque de otra manera me voy a tener que >> dedicar a reiniciar el navegador cada vez que quiera firmar :-S >> >> Muchas Gracias!!! >> >> Rafa >> >> >> >> Quoting Ricardo Borillo <[email protected]>: >> >>> Hola Rafael, >>> >>> ¿Qué versión de CryptoApplet utilizas? >>> ¿Te pasa lo mismo con el test que tenemos publicado? >>> >>> http://proyectostic.uji.es/pr/cryptoapplet/samples/v2.1.0/test.html >>> >>> --- >>> Salut, >>> ==================================== >>> Ricardo Borillo Domenech >>> http://xml-utils.com >>> >>> >>> >>> 2010/3/2 <[email protected]>: >>>> Muy buenas a todos, >>>> >>>> Estoy usando CryptoApplet en una aplicación y ya lo tengo >>>> perfectamente integrado en el xhtml y con las funciones JavaScript >>>> necesarias, y me va muy bien, pero tengo un problema que no se de que >>>> puede ser, lo explico. >>>> >>>> El caso es que al acceder a la web en cuestión, se carga el applet >>>> (aparece la consola de Java), y me deja firmar la primera vez >>>> correctamente y sin problemas, por cierto, utilizo la función >>>> signDataUrlToUrl(urlIn, urlOut). >>>> Pero al intentar firmar la segunda vez consecutivamente me aparece la >>>> siguiente excepción con el mensaje "No se ha podido calcular la >>>> firma". Sin tocar absolutamente nada, la segunda vez que intento >>>> firmar consecutivamente me aparece eso. >>>> >>>> La única solución es volver a cargar el applet "completamente desde >>>> cero", es decir, no me vale recargar la página, porque el applet ya >>>> está cargado, tengo que cerrar el navegador y volverlo a arrancar, o >>>> cambiar de página y esperar a que el applet (consola de Java) se cierre. >>>> >>>> Espero haberme explicado bien, ¿alguien tiene alguna pista de lo que >>>> puede pasar? >>>> >>>> Muchas gracias!!! >>>> >>>> Rafa >>>> >>>> ***********************EXCEPCION********************************************** >>>> >>>> Using provider: SunPKCS11-NSS >>>> ExceptionConverter: java.security.InvalidKeyException: Private key >>>> must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding >>>> at >>>> sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:84) >>>> at >>>> sun.security.pkcs11.P11KeyFactory.engineTranslateKey(P11KeyFactory.java:115) >>>> at >>>> sun.security.pkcs11.P11KeyFactory.convertKey(P11KeyFactory.java:48) >>>> at >>>> sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:326) >>>> at >>>> java.security.Signature$Delegate.engineInitSign(Signature.java:1095) >>>> at java.security.Signature.initSign(Signature.java:480) >>>> at com.lowagie.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:420) >>>> at >>>> com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(PdfSigGenericPKCS.java:106) >>>> at >>>> com.lowagie.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:928) >>>> at >>>> com.lowagie.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:847) >>>> at com.lowagie.text.pdf.PdfStamper.close(PdfStamper.java:183) >>>> at >>>> es.uji.security.crypto.pdf.PDFSignatureFactory.formatSignature(PDFSignatureFactory.java:215) >>>> at >>>> es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:298) >>>> DEBUG thread-sig-1 es.uji.security.ui.applet.SignatureThread >>>> [18:37:56,453] - The signature is not valid >>>> java.lang.NullPointerException >>>> at >>>> es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:315) >>>> >>>> ****************************************************************************** >>>> >>>> _______________________________________________ >>>> CryptoApplet mailing list >>>> [email protected] >>>> http://llistes.uji.es/mailman/listinfo/cryptoapplet >>>> >>>> >>> _______________________________________________ >>> CryptoApplet mailing list >>> [email protected] >>> http://llistes.uji.es/mailman/listinfo/cryptoapplet >>> >> >> >> >> _______________________________________________ >> CryptoApplet mailing list >> [email protected] >> http://llistes.uji.es/mailman/listinfo/cryptoapplet >> >> > _______________________________________________ > CryptoApplet mailing list > [email protected] > http://llistes.uji.es/mailman/listinfo/cryptoapplet > _______________________________________________ CryptoApplet mailing list [email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
