Pero todos los jar no deben tener la misma firma? Si la quito como puedo hacerlo? y si lo vuelvo a firmar deberá llevar la misma firma que los demás? como puedo hacer esa firma? :S
El 3 de marzo de 2010 17:52, Ricardo Borillo <[email protected]>escribió: > Hola Javier, > > La config tiene buena pinta, pero lo que parece que está pasando es > que has añadido un fichero nuevo a un JAR firmado. > Esto está provocando que al cargarlo, la firma del JAR no valide al > haber alterado su contenido. > > El uji-config no es necesario firmarlo, así que o bien eliminas la > firma del JAR o lo firmas de nuevo después de añadir el nuevo > certificado. > > --- > Salut, > ==================================== > Ricardo Borillo Domenech > http://xml-utils.com > > > > 2010/3/3 Javier Padrón Romero <[email protected]>: > > Hola buenas tardes. Estoy usando la versión 2.1.0 de cryptoapplet > > Quiero ver como añadir una nueva CA para realizar firma XADES. Para > probarlo > > he obtenido un certificado de prueba de TC TrustCenter Class y lo he > > importado en el navegador. > > He modificado el fichero ujiCrypto.conf de añadiendo la siguiente > > información: > > > > DIGIDOC_OCSP_RESPONDER_COUNT=3 > > DIGIDOC_OCSP_RESPONDER_URL1=http://ocsp.accv.es > > DIGIDOC_OCSP_RESPONDER_URL2=http://ocsp.dnie.es > > DIGIDOC_OCSP_RESPONDER_URL3= > http://ocsp.ix.tcclass1.tcuniversal-i.trustcenter.de > > ---> línea que he añadido > > SIGN_OCSP_REQUESTS=false > > DIGIDOC_USE_NONCE=false > > DIGIDOC_CA_CERTS=10 > > DIGIDOC_CA_CERT1=jar://cagva.pem > > DIGIDOC_CA_CERT2=jar://rootca.pem > > DIGIDOC_CA_CERT3=jar://accv-ca2.pem > > DIGIDOC_CA_CERT4=jar://ACDNIE001.pem > > DIGIDOC_CA_CERT5=jar://ACDNIE002-SHA1.pem > > DIGIDOC_CA_CERT6=jar://ACDNIE003-SHA1.pem > > DIGIDOC_CA_CERT7=jar://NisuCa.pem > > DIGIDOC_CA_CERT8=jar://ujica.pem > > DIGIDOC_CA_CERT9=jar://fnmt.pem > > DIGIDOC_CA_CERT10=jar://tc1.crt ---> línea que he añadido > > > > He metido el fichero tc1.crt en el fichero jar > uji-config-2.1.0-signed.jar y > > abro la página donde tengo cargado el applet, le paso un fichero xml para > > que me lo firme de la siguiente forma: > > function sign(){ > > var fileToEncrypt= "file:///C:/Respuesta.xml"; > > var urlDestino= "adios"; > > //alert(fileToEncrypt); > > //alert(urlPhp); > > cp= document.getElementById('CryptoApplet'); > > cp.setLanguage("ES"); > > cp.setSignatureOutputFormat("XADES"); > > cp.setInputDataEncoding("PLAIN"); > > cp.signDataUrlToUrl(fileToEncrypt, urlDestino); > > } > > Y la traza de error que me da es esta: > > Java Plug-in 1.6.0_18 > > Usar versión JRE 1.6.0_18-b07 Java HotSpot(TM) Client VM > > Directorio local del usuario = C:\Documents and Settings\jpr > > ---------------------------------------------------- > > c: borrar ventana de consola > > f: finalizar objetos en la cola de finalización > > g: liberación de recursos > > h: presentar este mensaje de ayuda > > l: volcar lista del cargador de clases > > m: imprimir sintaxis de memoria > > o: activar registro > > q: ocultar consola > > r: recargar configuración de norma > > s: volcar propiedades del sistema y de despliegue > > t: volcar lista de subprocesos > > v: volcar pila de subprocesos > > x: borrar memoria caché del cargador de clases > > 0-5: establecer nivel de rastreo en <n> > > ---------------------------------------------------- > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.JSCommands [17:20:27,792] - New access to > browser > > window from Applet > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.SignatureApplet [17:20:27,824] - Nimbus > Look&Feel > > loaded > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript > > member: navigator > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript > > member: userAgent > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Detected user agent > > mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; bn; > > infopath.2; .net clr 2.0.50727; .net clr 3.0.4506.2152; .net clr > 3.5.30729; > > msn optimizedie8;eses; asktb5.5; bn) > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.AppHandler [17:20:27,855] - > > MicrosoftCryptoApi_0_3.dll already exists. Verifying existing DLL file > > 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB ....j..1g0..M5q. > > 0010: D4 C9 F9 90 .... > > > > --- > > 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB ....j..1g0..M5q. > > 0010: D4 C9 F9 90 .... > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Executing > System.load > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.AppHandler [17:20:27,886] - Navigator variable > set > > to IEXPLORER > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > > es.uji.security.ui.applet.SignatureApplet [17:20:27,948] - Call > JavaScript > > method: onInitOk > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.ui.applet.AppHandler [17:20:28,837] - Setting > > signOutputFormat to > > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.ui.applet.AppHandler [17:20:28,853] - Setting > > inputDataEncoding to PLAIN > > Initializing Window ... > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.ui.applet.JTreeCertificateBuilder [17:20:28,993] - > Building > > certificate tree > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading > user > > certificates from keystore MSCAPI > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading > > aliases from keystore > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - 2 aliases > > loaded > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found > > certificate whith alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL > > Serial=507646143499219750617377 > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading > > certificate with alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL > > Serial=507646143499219750617377 > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found > > certificate whith alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC > > TrustCenter Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE > > Serial=911916151748145241483548575707595 > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading > > certificate with alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC > TrustCenter > > Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE > > Serial=911916151748145241483548575707595 > > DEBUG Applet 1 LiveConnect Worker Thread > > es.uji.security.ui.applet.SignatureApplet [17:20:29,087] - Call > JavaScript > > method: onWindowShow > > ERROR Applet 1 LiveConnect Worker Thread > > es.uji.security.ui.applet.SignatureApplet [17:20:29,102] - Error calling > > onWindowShow > > netscape.javascript.JSException: No such method "onWindowShow" on > JavaScript > > object > > at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown > > Source) > > at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown > > Source) > > at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) > > at > > > es.uji.security.ui.applet.SignatureApplet.initializeWindow(SignatureApplet.java:231) > > at > > > es.uji.security.ui.applet.SignatureApplet.access$200(SignatureApplet.java:50) > > at > > > es.uji.security.ui.applet.SignatureApplet$15.run(SignatureApplet.java:609) > > at java.security.AccessController.doPrivileged(Native Method) > > at > > > es.uji.security.ui.applet.SignatureApplet.signDataUrlToUrl(SignatureApplet.java:594) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source) > > at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source) > > at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source) > > at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source) > > at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source) > > at > > > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown > > Source) > > at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown > > Source) > > at java.security.AccessController.doPrivileged(Native Method) > > at > > > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown > > Source) > > at > > > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown > > Source) > > at java.lang.Thread.run(Unknown Source) > > Window initialized > > STORE: MSCAPI > > START: 1SIGNATURECOUNT: 1 > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,566] > > - Getting selected certificate > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,566] > > - Selected certificate:CN=Javi Padrón, C=ES > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,566] > > - Validating certificate > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,566] > > - The certificate is valid > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,566] > > - Loading certificate store > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,566] > > - Certificate store loaded > > Certificate Alias: CN=TC TrustCenter Class 1 L1 CA IX, OU=TC TrustCenter > > Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE > > Serial=911916151748145241483548575707595 > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,566] > > - Loading signature format: > > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,613] > > - Signer Role: UNSET > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,613] > > - File Name: UNSET > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,613] > > - Content Type:application/binary > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,613] > > - Selected a digital signature certificate > > DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams > > [17:20:31,613] - Retrieving data from file:///C:/Respuesta.xml > > DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams > > [17:20:31,613] - Retrieved 2297 bytes > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,613] > > - Encoding: PLAIN > > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,629] > > - Signing data > > DEBUG thread-sig-0 > > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [17:20:31,629] > - > > Using XAdESSignatureFactory > > DEBUG thread-sig-0 > > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [17:20:31,644] > - > > UJI-MSCAPI provider found > > ERROR thread-sig-0 es.uji.security.ui.applet.SignatureThread > [17:20:31,660] > > - <html><font color='red'>No se ha podido calcular la firma</font></html> > > java.lang.SecurityException: SHA1 digest error for ujiCrypto.conf > > at sun.security.util.ManifestEntryVerifier.verify(Unknown Source) > > at java.util.jar.JarVerifier.processEntry(Unknown Source) > > at java.util.jar.JarVerifier.update(Unknown Source) > > at java.util.jar.JarVerifier$VerifierStream.read(Unknown Source) > > at java.io.FilterInputStream.read(Unknown Source) > > at java.io.FilterInputStream.read(Unknown Source) > > at java.util.Properties$LineReader.readLine(Unknown Source) > > at java.util.Properties.load0(Unknown Source) > > at java.util.Properties.load(Unknown Source) > > at > es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:33) > > at > es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:19) > > at > > > es.uji.security.crypto.config.ConfigManager.getInstance(ConfigManager.java:45) > > at > > > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory.formatSignature(OpenXAdESSignatureFactory.java:91) > > at > es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:298) > > DEBUG thread-sig-0 es.uji.security.ui.applet.AppHandler [17:20:31,660] - > > Call JavaScript method: onSignError > > netscape.javascript.JSException: No such method "onSignError" on > JavaScript > > object > > at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown > > Source) > > at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown > > Source) > > at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) > > at > > > es.uji.security.ui.applet.AppHandler.callJavaScriptCallbackFunction(AppHandler.java:422) > > at > es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:303) > > > > ¿Qué estoy haciendo mal? El applet funciona bien con certificados de > fnmt, > > pero yo tengo que poder añadirle otras CA's si no no me serviría para mi > > proyecto. > > Muchas gracias! > > _______________________________________________ > > CryptoApplet mailing list > > [email protected] > > http://llistes.uji.es/mailman/listinfo/cryptoapplet > > > > > _______________________________________________ > CryptoApplet mailing list > [email protected] > http://llistes.uji.es/mailman/listinfo/cryptoapplet >
_______________________________________________ CryptoApplet mailing list [email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
