Hola buenas tardes. Estoy usando la versión 2.1.0 de cryptoapplet Quiero ver como añadir una nueva CA para realizar firma XADES. Para probarlo he obtenido un certificado de prueba de TC TrustCenter Class y lo he importado en el navegador. He modificado el fichero ujiCrypto.conf de añadiendo la siguiente información:
*DIGIDOC_OCSP_RESPONDER_COUNT=3* *DIGIDOC_OCSP_RESPONDER_URL1=http://ocsp.accv.es* *DIGIDOC_OCSP_RESPONDER_URL2=http://ocsp.dnie.es* *DIGIDOC_OCSP_RESPONDER_URL3= http://ocsp.ix.tcclass1.tcuniversal-i.trustcenter.de ---> línea que he añadido* * * *SIGN_OCSP_REQUESTS=false* *DIGIDOC_USE_NONCE=false* * * *DIGIDOC_CA_CERTS=10* *DIGIDOC_CA_CERT1=jar://cagva.pem* *DIGIDOC_CA_CERT2=jar://rootca.pem* *DIGIDOC_CA_CERT3=jar://accv-ca2.pem* *DIGIDOC_CA_CERT4=jar://ACDNIE001.pem* *DIGIDOC_CA_CERT5=jar://ACDNIE002-SHA1.pem* *DIGIDOC_CA_CERT6=jar://ACDNIE003-SHA1.pem* *DIGIDOC_CA_CERT7=jar://NisuCa.pem* *DIGIDOC_CA_CERT8=jar://ujica.pem* *DIGIDOC_CA_CERT9=jar://fnmt.pem* *DIGIDOC_CA_CERT10=jar://tc1.crt ---> línea que he añadido* * * He metido el fichero tc1.crt en el fichero jar uji-config-2.1.0-signed.jar y abro la página donde tengo cargado el applet, le paso un fichero xml para que me lo firme de la siguiente forma: * function sign(){** ** * * ** var fileToEncrypt= "file:///C:/Respuesta.xml"; ** ** * * ** var urlDestino= "adios";* * ** //alert(fileToEncrypt);* * ** //alert(urlPhp);* * * * * * ** cp= document.getElementById('CryptoApplet');* * ** cp.setLanguage("ES");* * ** cp.setSignatureOutputFormat("XADES");* * ** cp.setInputDataEncoding("PLAIN");* * * * ** cp.signDataUrlToUrl(fileToEncrypt, urlDestino);* * **}* * * Y la traza de error que me da es esta: Java Plug-in 1.6.0_18 Usar versión JRE 1.6.0_18-b07 Java HotSpot(TM) Client VM Directorio local del usuario = C:\Documents and Settings\jpr ---------------------------------------------------- c: borrar ventana de consola f: finalizar objetos en la cola de finalización g: liberación de recursos h: presentar este mensaje de ayuda l: volcar lista del cargador de clases m: imprimir sintaxis de memoria o: activar registro q: ocultar consola r: recargar configuración de norma s: volcar propiedades del sistema y de despliegue t: volcar lista de subprocesos v: volcar pila de subprocesos x: borrar memoria caché del cargador de clases 0-5: establecer nivel de rastreo en <n> ---------------------------------------------------- DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.JSCommands [17:20:27,792] - New access to browser window from Applet DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.SignatureApplet [17:20:27,824] - Nimbus Look&Feel loaded DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript member: navigator DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript member: userAgent DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:20:27,855] - Detected user agent mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; bn; infopath.2; .net clr 2.0.50727; .net clr 3.0.4506.2152; .net clr 3.5.30729; msn optimizedie8;eses; asktb5.5; bn) DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:20:27,855] - MicrosoftCryptoApi_0_3.dll already exists. Verifying existing DLL file 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB ....j..1g0..M5q. 0010: D4 C9 F9 90 .... --- 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB ....j..1g0..M5q. 0010: D4 C9 F9 90 .... DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:20:27,855] - Executing System.load DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.AppHandler [17:20:27,886] - Navigator variable set to IEXPLORER DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 es.uji.security.ui.applet.SignatureApplet [17:20:27,948] - Call JavaScript method: onInitOk DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler [17:20:28,837] - Setting signOutputFormat to es.uji.security.crypto.openxades.OpenXAdESSignatureFactory DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler [17:20:28,853] - Setting inputDataEncoding to PLAIN Initializing Window ... DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.ui.applet.JTreeCertificateBuilder [17:20:28,993] - Building certificate tree DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading user certificates from keystore MSCAPI DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading aliases from keystore DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - 2 aliases loaded DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found certificate whith alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL Serial=507646143499219750617377 DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading certificate with alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL Serial=507646143499219750617377 DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found certificate whith alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC TrustCenter Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE Serial=911916151748145241483548575707595 DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading certificate with alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC TrustCenter Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE Serial=911916151748145241483548575707595 DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.ui.applet.SignatureApplet [17:20:29,087] - Call JavaScript method: onWindowShow ERROR Applet 1 LiveConnect Worker Thread es.uji.security.ui.applet.SignatureApplet [17:20:29,102] - Error calling onWindowShow netscape.javascript.JSException: No such method "onWindowShow" on JavaScript object at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source) at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source) at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) at es.uji.security.ui.applet.SignatureApplet.initializeWindow(SignatureApplet.java:231) at es.uji.security.ui.applet.SignatureApplet.access$200(SignatureApplet.java:50) at es.uji.security.ui.applet.SignatureApplet$15.run(SignatureApplet.java:609) at java.security.AccessController.doPrivileged(Native Method) at es.uji.security.ui.applet.SignatureApplet.signDataUrlToUrl(SignatureApplet.java:594) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source) at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source) at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source) at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source) at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source) at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown Source) at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source) at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Window initialized STORE: MSCAPI START: 1SIGNATURECOUNT: 1 DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] - Getting selected certificate DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] - Selected certificate:CN=Javi Padrón, C=ES DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] - Validating certificate DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] - The certificate is valid DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] - Loading certificate store DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] - Certificate store loaded Certificate Alias: CN=TC TrustCenter Class 1 L1 CA IX, OU=TC TrustCenter Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE Serial=911916151748145241483548575707595 DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] - Loading signature format: es.uji.security.crypto.openxades.OpenXAdESSignatureFactory DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] - Signer Role: UNSET DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] - File Name: UNSET DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] - Content Type:application/binary DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] - Selected a digital signature certificate DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams [17:20:31,613] - Retrieving data from file:///C:/Respuesta.xml DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams [17:20:31,613] - Retrieved 2297 bytes DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] - Encoding: PLAIN DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,629] - Signing data DEBUG thread-sig-0 es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [17:20:31,629] - Using XAdESSignatureFactory DEBUG thread-sig-0 es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [17:20:31,644] - UJI-MSCAPI provider found ERROR thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,660] - <html><font color='red'>No se ha podido calcular la firma</font></html> java.lang.SecurityException: SHA1 digest error for ujiCrypto.conf at sun.security.util.ManifestEntryVerifier.verify(Unknown Source) at java.util.jar.JarVerifier.processEntry(Unknown Source) at java.util.jar.JarVerifier.update(Unknown Source) at java.util.jar.JarVerifier$VerifierStream.read(Unknown Source) at java.io.FilterInputStream.read(Unknown Source) at java.io.FilterInputStream.read(Unknown Source) at java.util.Properties$LineReader.readLine(Unknown Source) at java.util.Properties.load0(Unknown Source) at java.util.Properties.load(Unknown Source) at es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:33) at es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:19) at es.uji.security.crypto.config.ConfigManager.getInstance(ConfigManager.java:45) at es.uji.security.crypto.openxades.OpenXAdESSignatureFactory.formatSignature(OpenXAdESSignatureFactory.java:91) at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:298) DEBUG thread-sig-0 es.uji.security.ui.applet.AppHandler [17:20:31,660] - Call JavaScript method: onSignError netscape.javascript.JSException: No such method "onSignError" on JavaScript object at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown Source) at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown Source) at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) at es.uji.security.ui.applet.AppHandler.callJavaScriptCallbackFunction(AppHandler.java:422) at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:303) ¿Qué estoy haciendo mal? El applet funciona bien con certificados de fnmt, pero yo tengo que poder añadirle otras CA's si no no me serviría para mi proyecto. Muchas gracias!
_______________________________________________ CryptoApplet mailing list [email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
