Hola Javier, Todos los JARs que estén firmados, deben llevar la misma firma. Pero puedes tener algunos sin firmar ...
Cada JAR incluye unos ficheros en la carpeta META-INF que contienen la firma. Si ejecutas un "jar tvf uji-config-2.1.0-signed.jar" los verás: 2375 Mon Feb 22 22:12:00 CET 2010 META-INF/MANIFEST.MF 2441 Mon Feb 22 22:12:00 CET 2010 META-INF/UJI.SF 964 Mon Feb 22 22:12:00 CET 2010 META-INF/UJI.RSA Si los borras del JAR, ya está solucionado. En caso de querer firmar de nuevo JAR, debes utilizar el comando "jarsigner" y el certificado que está en el fichero uji.keystore que se incluye en la distribución. --- Salut, ==================================== Ricardo Borillo Domenech http://xml-utils.com 2010/3/3 Javier Padrón Romero <[email protected]>: > Pero todos los jar no deben tener la misma firma? > Si la quito como puedo hacerlo? y si lo vuelvo a firmar deberá llevar la > misma firma que los demás? como puedo hacer esa firma? :S > > El 3 de marzo de 2010 17:52, Ricardo Borillo <[email protected]> > escribió: >> >> Hola Javier, >> >> La config tiene buena pinta, pero lo que parece que está pasando es >> que has añadido un fichero nuevo a un JAR firmado. >> Esto está provocando que al cargarlo, la firma del JAR no valide al >> haber alterado su contenido. >> >> El uji-config no es necesario firmarlo, así que o bien eliminas la >> firma del JAR o lo firmas de nuevo después de añadir el nuevo >> certificado. >> >> --- >> Salut, >> ==================================== >> Ricardo Borillo Domenech >> http://xml-utils.com >> >> >> >> 2010/3/3 Javier Padrón Romero <[email protected]>: >> > Hola buenas tardes. Estoy usando la versión 2.1.0 de cryptoapplet >> > Quiero ver como añadir una nueva CA para realizar firma XADES. Para >> > probarlo >> > he obtenido un certificado de prueba de TC TrustCenter Class y lo he >> > importado en el navegador. >> > He modificado el fichero ujiCrypto.conf de añadiendo la siguiente >> > información: >> > >> > DIGIDOC_OCSP_RESPONDER_COUNT=3 >> > DIGIDOC_OCSP_RESPONDER_URL1=http://ocsp.accv.es >> > DIGIDOC_OCSP_RESPONDER_URL2=http://ocsp.dnie.es >> > >> > DIGIDOC_OCSP_RESPONDER_URL3=http://ocsp.ix.tcclass1.tcuniversal-i.trustcenter.de >> > ---> línea que he añadido >> > SIGN_OCSP_REQUESTS=false >> > DIGIDOC_USE_NONCE=false >> > DIGIDOC_CA_CERTS=10 >> > DIGIDOC_CA_CERT1=jar://cagva.pem >> > DIGIDOC_CA_CERT2=jar://rootca.pem >> > DIGIDOC_CA_CERT3=jar://accv-ca2.pem >> > DIGIDOC_CA_CERT4=jar://ACDNIE001.pem >> > DIGIDOC_CA_CERT5=jar://ACDNIE002-SHA1.pem >> > DIGIDOC_CA_CERT6=jar://ACDNIE003-SHA1.pem >> > DIGIDOC_CA_CERT7=jar://NisuCa.pem >> > DIGIDOC_CA_CERT8=jar://ujica.pem >> > DIGIDOC_CA_CERT9=jar://fnmt.pem >> > DIGIDOC_CA_CERT10=jar://tc1.crt ---> línea que he añadido >> > >> > He metido el fichero tc1.crt en el fichero jar >> > uji-config-2.1.0-signed.jar y >> > abro la página donde tengo cargado el applet, le paso un fichero xml >> > para >> > que me lo firme de la siguiente forma: >> > function sign(){ >> > var fileToEncrypt= "file:///C:/Respuesta.xml"; >> > var urlDestino= "adios"; >> > //alert(fileToEncrypt); >> > //alert(urlPhp); >> > cp= document.getElementById('CryptoApplet'); >> > cp.setLanguage("ES"); >> > cp.setSignatureOutputFormat("XADES"); >> > cp.setInputDataEncoding("PLAIN"); >> > cp.signDataUrlToUrl(fileToEncrypt, urlDestino); >> > } >> > Y la traza de error que me da es esta: >> > Java Plug-in 1.6.0_18 >> > Usar versión JRE 1.6.0_18-b07 Java HotSpot(TM) Client VM >> > Directorio local del usuario = C:\Documents and Settings\jpr >> > ---------------------------------------------------- >> > c: borrar ventana de consola >> > f: finalizar objetos en la cola de finalización >> > g: liberación de recursos >> > h: presentar este mensaje de ayuda >> > l: volcar lista del cargador de clases >> > m: imprimir sintaxis de memoria >> > o: activar registro >> > q: ocultar consola >> > r: recargar configuración de norma >> > s: volcar propiedades del sistema y de despliegue >> > t: volcar lista de subprocesos >> > v: volcar pila de subprocesos >> > x: borrar memoria caché del cargador de clases >> > 0-5: establecer nivel de rastreo en <n> >> > ---------------------------------------------------- >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.JSCommands [17:20:27,792] - New access to >> > browser >> > window from Applet >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.SignatureApplet [17:20:27,824] - Nimbus >> > Look&Feel >> > loaded >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript >> > member: navigator >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Recover JavaScript >> > member: userAgent >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Detected user >> > agent >> > mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; bn; >> > infopath.2; .net clr 2.0.50727; .net clr 3.0.4506.2152; .net clr >> > 3.5.30729; >> > msn optimizedie8;eses; asktb5.5; bn) >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.AppHandler [17:20:27,855] - >> > MicrosoftCryptoApi_0_3.dll already exists. Verifying existing DLL file >> > 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB >> > ....j..1g0..M5q. >> > 0010: D4 C9 F9 90 .... >> > >> > --- >> > 0000: 0E 15 8D 9F 6A C5 8B 31 - 67 30 BE 8F 4D 35 71 AB >> > ....j..1g0..M5q. >> > 0010: D4 C9 F9 90 .... >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.AppHandler [17:20:27,855] - Executing >> > System.load >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.AppHandler [17:20:27,886] - Navigator variable >> > set >> > to IEXPLORER >> > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 >> > es.uji.security.ui.applet.SignatureApplet [17:20:27,948] - Call >> > JavaScript >> > method: onInitOk >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.ui.applet.AppHandler [17:20:28,837] - Setting >> > signOutputFormat to >> > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.ui.applet.AppHandler [17:20:28,853] - Setting >> > inputDataEncoding to PLAIN >> > Initializing Window ... >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.ui.applet.JTreeCertificateBuilder [17:20:28,993] - >> > Building >> > certificate tree >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading >> > user >> > certificates from keystore MSCAPI >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading >> > aliases from keystore >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - 2 >> > aliases >> > loaded >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found >> > certificate whith alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL >> > Serial=507646143499219750617377 >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading >> > certificate with alias CN=HEALTHY CONTROL, DC=HEALTHY, DC=LOCAL >> > Serial=507646143499219750617377 >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Found >> > certificate whith alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC >> > TrustCenter Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE >> > Serial=911916151748145241483548575707595 >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.keystore.mscapi.MsCapiKeyStore [17:20:28,993] - Loading >> > certificate with alias CN=TC TrustCenter Class 1 L1 CA IX, OU=TC >> > TrustCenter >> > Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE >> > Serial=911916151748145241483548575707595 >> > DEBUG Applet 1 LiveConnect Worker Thread >> > es.uji.security.ui.applet.SignatureApplet [17:20:29,087] - Call >> > JavaScript >> > method: onWindowShow >> > ERROR Applet 1 LiveConnect Worker Thread >> > es.uji.security.ui.applet.SignatureApplet [17:20:29,102] - Error calling >> > onWindowShow >> > netscape.javascript.JSException: No such method "onWindowShow" on >> > JavaScript >> > object >> > at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown >> > Source) >> > at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown >> > Source) >> > at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) >> > at >> > >> > es.uji.security.ui.applet.SignatureApplet.initializeWindow(SignatureApplet.java:231) >> > at >> > >> > es.uji.security.ui.applet.SignatureApplet.access$200(SignatureApplet.java:50) >> > at >> > >> > es.uji.security.ui.applet.SignatureApplet$15.run(SignatureApplet.java:609) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at >> > >> > es.uji.security.ui.applet.SignatureApplet.signDataUrlToUrl(SignatureApplet.java:594) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >> > at java.lang.reflect.Method.invoke(Unknown Source) >> > at sun.plugin.javascript.JSInvoke.invoke(Unknown Source) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >> > at java.lang.reflect.Method.invoke(Unknown Source) >> > at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source) >> > at sun.plugin2.liveconnect.JavaClass$MethodInfo.invoke(Unknown Source) >> > at sun.plugin2.liveconnect.JavaClass$MemberBundle.invoke(Unknown Source) >> > at sun.plugin2.liveconnect.JavaClass.invoke0(Unknown Source) >> > at sun.plugin2.liveconnect.JavaClass.invoke(Unknown Source) >> > at >> > >> > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$DefaultInvocationDelegate.invoke(Unknown >> > Source) >> > at >> > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$3.run(Unknown >> > Source) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at >> > >> > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown >> > Source) >> > at >> > >> > sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run(Unknown >> > Source) >> > at java.lang.Thread.run(Unknown Source) >> > Window initialized >> > STORE: MSCAPI >> > START: 1SIGNATURECOUNT: 1 >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,566] >> > - Getting selected certificate >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,566] >> > - Selected certificate:CN=Javi Padrón, C=ES >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,566] >> > - Validating certificate >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,566] >> > - The certificate is valid >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,566] >> > - Loading certificate store >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,566] >> > - Certificate store loaded >> > Certificate Alias: CN=TC TrustCenter Class 1 L1 CA IX, OU=TC TrustCenter >> > Class 1 L1 CA, O=TC TrustCenter GmbH, C=DE >> > Serial=911916151748145241483548575707595 >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,566] >> > - Loading signature format: >> > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,613] >> > - Signer Role: UNSET >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,613] >> > - File Name: UNSET >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,613] >> > - Content Type:application/binary >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,613] >> > - Selected a digital signature certificate >> > DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams >> > [17:20:31,613] - Retrieving data from file:///C:/Respuesta.xml >> > DEBUG thread-sig-0 es.uji.security.ui.applet.io.URLInputParams >> > [17:20:31,613] - Retrieved 2297 bytes >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,613] >> > - Encoding: PLAIN >> > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,629] >> > - Signing data >> > DEBUG thread-sig-0 >> > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory >> > [17:20:31,629] - >> > Using XAdESSignatureFactory >> > DEBUG thread-sig-0 >> > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory >> > [17:20:31,644] - >> > UJI-MSCAPI provider found >> > ERROR thread-sig-0 es.uji.security.ui.applet.SignatureThread >> > [17:20:31,660] >> > - <html><font color='red'>No se ha podido calcular la >> > firma</font></html> >> > java.lang.SecurityException: SHA1 digest error for ujiCrypto.conf >> > at sun.security.util.ManifestEntryVerifier.verify(Unknown Source) >> > at java.util.jar.JarVerifier.processEntry(Unknown Source) >> > at java.util.jar.JarVerifier.update(Unknown Source) >> > at java.util.jar.JarVerifier$VerifierStream.read(Unknown Source) >> > at java.io.FilterInputStream.read(Unknown Source) >> > at java.io.FilterInputStream.read(Unknown Source) >> > at java.util.Properties$LineReader.readLine(Unknown Source) >> > at java.util.Properties.load0(Unknown Source) >> > at java.util.Properties.load(Unknown Source) >> > at >> > es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:33) >> > at >> > es.uji.security.crypto.config.ConfigManager.<init>(ConfigManager.java:19) >> > at >> > >> > es.uji.security.crypto.config.ConfigManager.getInstance(ConfigManager.java:45) >> > at >> > >> > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory.formatSignature(OpenXAdESSignatureFactory.java:91) >> > at >> > es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:298) >> > DEBUG thread-sig-0 es.uji.security.ui.applet.AppHandler [17:20:31,660] - >> > Call JavaScript method: onSignError >> > netscape.javascript.JSException: No such method "onSignError" on >> > JavaScript >> > object >> > at sun.plugin2.main.client.MessagePassingJSObject.newJSException(Unknown >> > Source) >> > at sun.plugin2.main.client.MessagePassingJSObject.waitForReply(Unknown >> > Source) >> > at sun.plugin2.main.client.MessagePassingJSObject.call(Unknown Source) >> > at >> > >> > es.uji.security.ui.applet.AppHandler.callJavaScriptCallbackFunction(AppHandler.java:422) >> > at >> > es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:303) >> > >> > ¿Qué estoy haciendo mal? El applet funciona bien con certificados de >> > fnmt, >> > pero yo tengo que poder añadirle otras CA's si no no me serviría para mi >> > proyecto. >> > Muchas gracias! >> > _______________________________________________ >> > CryptoApplet mailing list >> > [email protected] >> > http://llistes.uji.es/mailman/listinfo/cryptoapplet >> > >> > >> _______________________________________________ >> CryptoApplet mailing list >> [email protected] >> http://llistes.uji.es/mailman/listinfo/cryptoapplet > > > _______________________________________________ > CryptoApplet mailing list > [email protected] > http://llistes.uji.es/mailman/listinfo/cryptoapplet > > _______________________________________________ CryptoApplet mailing list [email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
