Hola de nuevo
Muchas gracias por la pista. He conseguido el keystore del cliente, y con...
keytool -list -v -keystore cas.keystore
he podido comprobar que contiene los mismos certificados que yo tenía en
ficheros aparte, y descubrir sus alias para poder utilizarlos desde
ujiCrypto.conf
Luego he cambiado las referencias en ujiCrypto.conf, para que apuntaran al
keystore, y CASI lo consigue. Al final de este correo os paso la salida de la
consola de java (desde el onInitOK), por si se os ocurre algo al verla, pero
para mí que ese keystore tiene algún defecto. Tampoco quiero haceros perder más
tiempo cuando con los certificados por separado consigo firmar sin problemas...
Saludos: Javier Abínzano
-----------------------
DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1
es.uji.security.ui.applet.SignatureApplet [11:54:09,096] - Call JavaScript
method: onInitOk
DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler
[11:54:19,578] - Setting signOutputFormat to
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory
DEBUG Applet 1 LiveConnect Worker Thread es.uji.security.ui.applet.AppHandler
[11:54:19,593] - Setting inputDataEncoding to PLAIN
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.SignatureApplet [11:54:19,609] - Init window
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,718] - Building
certificate tree
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,718] - Loading user
certificates from keystore MSCAPI
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,718] - Loading aliases
from keystore
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - 4 aliases loaded
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found
certificate whith alias OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading
certificate with alias OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found
certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF
Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading
certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF
Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found
certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF
Q-4500146H), O=JCCM, C=ES Serial=96645770944666008273160649392354122771
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading
certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF
Q-4500146H), O=JCCM, C=ES Serial=96645770944666008273160649392354122771
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found
certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF
Q-4500146H), O=JCCM, C=ES Serial=23354082312485453175376988941333319377
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading
certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF
Q-4500146H), O=JCCM, C=ES Serial=23354082312485453175376988941333319377
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new CA
FNMT
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new
certificate NOMBRE RODRIGUEZ PEREZ JUAN MANUEL - NIF 51669070
(digitalSignature, keyEncipherment)
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new CA
SESCAM (NIF Q-4500146H)
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new
certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (nonRepudiation)
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new
certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (digitalSignature)
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new
certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (keyEncipherment,
dataEncipherment)
DEBUG Applet 1 LiveConnect Worker Thread
es.uji.security.ui.applet.SignatureApplet [11:54:19,890] - Call JavaScript
method: onWindowShow
STORE: MSCAPI
START: 1SIGNATURECOUNT: 1
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] -
Getting selected certificate
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] -
Selected certificate:CN=A LUMNO4 CSJ - DNI 11444555P, GIVENNAME=A,
SURNAME=LUMNO4 CSJ, SERIALNUMBER=11444555P, T=INFORMATICO, OU=aali11,
OU=certificado electrónico de empleado público, O=SESCAM, C=ES
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] -
Validating certificate
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] -
The certificate is valid
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] -
Loading certificate store
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] -
Certificate store loaded
Certificate Alias: CN=SESCAM CA Entidades Finales, O=SESCAM (NIF Q-4500146H),
O=JCCM, C=ES Serial=24479927294867302867012332203021340343
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] -
Loading signature format:
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] -
Signer Role: citizen
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] -
File Name: UNSET
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] -
Content Type:application/binary
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] -
Selected a digital signature certificate
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] -
Encoding: PLAIN
DEBUG thread-sig-0 es.uji.security.keystore.mscapi.MsCapiKeyStore
[11:54:23,952] - Loading aliases from keystore
DEBUG thread-sig-0 es.uji.security.keystore.mscapi.MsCapiKeyStore
[11:54:23,968] - 4 aliases loaded
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] -
[OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298, CN=SESCAM CA Entidades
Finales, O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES
Serial=24479927294867302867012332203021340343, CN=SESCAM CA Entidades Finales,
O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES
Serial=96645770944666008273160649392354122771, CN=SESCAM CA Entidades Finales,
O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES
Serial=23354082312485453175376988941333319377]
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] -
Private key format: null
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] -
Private key algorithm: RSA
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] -
Provider: UJI-MSCAPI
DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] -
Signing data
DEBUG thread-sig-0 es.uji.security.crypto.openxades.OpenXAdESSignatureFactory
[11:54:23,968] - Using XAdESSignatureFactory
DEBUG thread-sig-0 es.uji.security.crypto.openxades.OpenXAdESSignatureFactory
[11:54:23,968] - UJI-MSCAPI provider found
[Fatal Error] :1:1: Content is not allowed in prolog.
DEBUG thread-sig-0 es.uji.security.crypto.openxades.digidoc.DataFile
[11:54:24,061] - calculateFileSizeAndDigest(D0)
DEBUG thread-sig-0 es.uji.security.crypto.openxades.digidoc.DataFile
[11:54:24,155] - DataFile: 'D0' length: 31 digest: 8e42MOeIyQy7r9p4iL6L/UG+9yI=
DEBUG thread-sig-0 es.uji.security.crypto.openxades.OpenXAdESSignatureFactory
[11:54:30,123] - Signing XAdES info. XAdES signature length 256
ERROR thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:30,373] -
<html><font color='red'>No se ha podido calcular la firma</font></html>
es.uji.security.crypto.timestamp.TokenVerifyException: Unable to decipher
pkcs#9 encoded attributes
at
es.uji.security.crypto.timestamp.TSResponseToken.verify(TSResponseToken.java:215)
at
es.uji.security.crypto.timestamp.TSResponseToken.verify(TSResponseToken.java:187)
at
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory.formatSignature(OpenXAdESSignatureFactory.java:213)
at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:452)
DEBUG thread-sig-0 es.uji.security.ui.applet.AppHandler [11:54:30,373] - Call
JavaScript method: onSignError
es.uji.security.ui.applet.SignatureAppletException
at es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:460)
_______________________________________________
CryptoApplet mailing list
[email protected]
http://llistes.uji.es/mailman/listinfo/cryptoapplet
