Hola Javier, La config tiene buena pinta, pero lo que parece que está pasando es que has añadido un fichero nuevo a un JAR firmado. Esto está provocando que al cargarlo, la firma del JAR no valide al haber alterado su contenido.
El uji-config no es necesario firmarlo, así que o bien eliminas la firma del JAR o lo firmas de nuevo después de añadir el nuevo certificado. --- Salut, ==================================== Ricardo Borillo Domenech http://xml-utils.com 2010/3/3 Javier Padrón Romero <[email protected]>: > Hola buenas tardes. Estoy usando la versión 2.1.0 de cryptoapplet > Quiero ver como añadir una nueva CA para realizar firma XADES. Para probarlo > he obtenido un certificado de prueba de TC TrustCenter Class y lo he > importado en el navegador. > He modificado el fichero ujiCrypto.conf de añadiendo la siguiente > información: > > DIGIDOC_OCSP_RESPONDER_COUNT=3 > DIGIDOC_OCSP_RESPONDER_URL1=http://ocsp.accv.es > DIGIDOC_OCSP_RESPONDER_URL2=http://ocsp.dnie.es > DIGIDOC_OCSP_RESPONDER_URL3=http://ocsp.ix.tcclass1.tcuniversal-i.trustcenter.de > ---> línea que he añadido > SIGN_OCSP_REQUESTS=false > DIGIDOC_USE_NONCE=false > DIGIDOC_CA_CERTS=10 > DIGIDOC_CA_CERT1=jar://cagva.pem > DIGIDOC_CA_CERT2=jar://rootca.pem > DIGIDOC_CA_CERT3=jar://accv-ca2.pem > DIGIDOC_CA_CERT4=jar://ACDNIE001.pem > DIGIDOC_CA_CERT5=jar://ACDNIE002-SHA1.pem > DIGIDOC_CA_CERT6=jar://ACDNIE003-SHA1.pem > DIGIDOC_CA_CERT7=jar://NisuCa.pem > DIGIDOC_CA_CERT8=jar://ujica.pem > DIGIDOC_CA_CERT9=jar://fnmt.pem > DIGIDOC_CA_CERT10=jar://tc1.crt ---> línea que he añadido > > He metido el fichero tc1.crt en el fichero jar uji-config-2.1.0-signed.jar y > abro la página donde tengo cargado el applet, le paso un fichero xml para > que me lo firme de la siguiente forma: > function sign(){ > var fileToEncrypt= "file:///C:/Respuesta.xml"; > var urlDestino= "adios"; > //alert(fileToEncrypt); > //alert(urlPhp); > cp= document.getElementById('CryptoApplet'); > cp.setLanguage("ES"); > cp.setSignatureOutputFormat("XADES"); > cp.setInputDataEncoding("PLAIN"); > cp.signDataUrlToUrl(fileToEncrypt, urlDestino); > } > Y la traza de error que me da es esta: > Java Plug-in 1.6.0_18 > Usar versión JRE 1.6.0_18-b07 Java HotSpot(TM) Client VM > Directorio local del usuario = C:\Documents and Settings\jpr > ---------------------------------------------------- > c: borrar ventana de consola > f: finalizar objetos en la cola de finalización > g: liberación de recursos > h: presentar este mensaje de ayuda > l: volcar lista del cargador de clases > m: imprimir sintaxis de memoria > o: activar registro > q: ocultar consola > r: recargar configuración de norma > s: volcar propiedades del sistema y de despliegue > t: volcar lista de subprocesos > v: volcar pila de subprocesos > x: borrar memoria caché del cargador de clases > 0-5: establecer nivel de rastreo en <n> > ---------------------------------------------------- > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.JSCommands [17:20:27,792] - New access to browser > window from Applet > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.SignatureApplet [17:20:27,824] - Nimbus Look&Feel > loaded > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript > member: navigator > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript > member: userAgent > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Detected user agent > mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; bn; > infopath.2; .net clr 2.0.50727; .net clr 3.0.4506.2152; .net clr 3.5.30729; > msn optimizedie8;eses; asktb5.5; bn) > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.AppHandler [17:20:27,855] - > MicrosoftCryptoApi_0_3.dll already exists. Verifying existing DLL file > 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB ....j..1g0..M5q. > 0010: D4 C9 F9 90 .... > > --- > 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB ....j..1g0..M5q. > 0010: D4 C9 F9 90 .... > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Executing System.load > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.AppHandler [17:20:27,886] - Navigator variable set > to IEXPLORER > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.SignatureApplet [17:20:27,948] - Call JavaScript > method: onInitOk > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.AppHandler [17:20:28,837] - Setting > signOutputFormat to > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.AppHandler [17:20:28,853] - Setting > inputDataEncoding to PLAIN > Initializing Window ... > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [17:20:28,993] - Building > certificate tree > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading user > certificates from keystore MSCAPI > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading > aliases from keystore > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - 2 aliases > loaded > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found > certificate whith alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL > Serial=507646143499219750617377 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading > certificate with alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL > Serial=507646143499219750617377 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found > certificate whith alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC > TrustCenter Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE > Serial=911916151748145241483548575707595 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading > certificate with alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC TrustCenter > Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE > Serial=911916151748145241483548575707595 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.SignatureApplet [17:20:29,087] - Call JavaScript > method: onWindowShow > ERROR Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.SignatureApplet [17:20:29,102] - Error calling > onWindowShow > netscape.javascript.JSException: No such method "onWindowShow" on JavaScript > object > at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown > Source) > at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown > Source) > at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) > at > es.uji.security.ui.applet.SignatureApplet.initializeWindow(SignatureApplet.java:231) > at > es.uji.security.ui.applet.SignatureApplet.access$200(SignatureApplet.java:50) > at > es.uji.security.ui.applet.SignatureApplet$15.run(SignatureApplet.java:609) > at java.security.AccessController.doPrivileged(Native Method) > at > es.uji.security.ui.applet.SignatureApplet.signDataUrlToUrl(SignatureApplet.java:594) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source) > at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source) > at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source) > at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source) > at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source) > at > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown > Source) > at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown > Source) > at java.security.AccessController.doPrivileged(Native Method) > at > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown > Source) > at > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown > Source) > at java.lang.Thread.run(Unknown Source) > Window initialized > STORE: MSCAPI > START: 1SIGNATURECOUNT: 1 > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] > - Getting selected certificate > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] > - Selected certificate:CN=Javi Padrón, C=ES > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] > - Validating certificate > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] > - The certificate is valid > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] > - Loading certificate store > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] > - Certificate store loaded > Certificate Alias: CN=TC TrustCenter Class 1 L1 CA IX, OU=TC TrustCenter > Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE > Serial=911916151748145241483548575707595 > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,566] > - Loading signature format: > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] > - Signer Role: UNSET > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] > - File Name: UNSET > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] > - Content Type:application/binary > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] > - Selected a digital signature certificate > DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams > [17:20:31,613] - Retrieving data from file:///C:/Respuesta.xml > DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams > [17:20:31,613] - Retrieved 2297 bytes > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,613] > - Encoding: PLAIN > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,629] > - Signing data > DEBUG thread-sig-0 > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [17:20:31,629] - > Using XAdESSignatureFactory > DEBUG thread-sig-0 > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [17:20:31,644] - > UJI-MSCAPI provider found > ERROR thread-sig-0 es.uji.security.ui.applet.SignatureThread [17:20:31,660] > - <html><font color='red'>No se ha podido calcular la firma</font></html> > java.lang.SecurityException: SHA1 digest error for ujiCrypto.conf > at sun.security.util.ManifestEntryVerifier.verify(Unknown Source) > at java.util.jar.JarVerifier.processEntry(Unknown Source) > at java.util.jar.JarVerifier.update(Unknown Source) > at java.util.jar.JarVerifier$VerifierStream.read(Unknown Source) > at java.io.FilterInputStream.read(Unknown Source) > at java.io.FilterInputStream.read(Unknown Source) > at java.util.Properties$LineReader.readLine(Unknown Source) > at java.util.Properties.load0(Unknown Source) > at java.util.Properties.load(Unknown Source) > at es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:33) > at es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:19) > at > es.uji.security.crypto.config.ConfigManager.getInstance(ConfigManager.java:45) > at > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory.formatSignature(OpenXAdESSignatureFactory.java:91) > at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:298) > DEBUG thread-sig-0 es.uji.security.ui.applet.AppHandler [17:20:31,660] - > Call JavaScript method: onSignError > netscape.javascript.JSException: No such method "onSignError" on JavaScript > object > at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown > Source) > at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown > Source) > at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) > at > es.uji.security.ui.applet.AppHandler.callJavaScriptCallbackFunction(AppHandler.java:422) > at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:303) > > ¿Qué estoy haciendo mal? El applet funciona bien con certificados de fnmt, > pero yo tengo que poder añadirle otras CA's si no no me serviría para mi > proyecto. > Muchas gracias! > _______________________________________________ > CryptoApplet mailing list > [email protected] > http://llistes.uji.es/mailman/listinfo/cryptoapplet > > _______________________________________________ CryptoApplet mailing list [email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
