Si se modifica el JAR y este estaba firmado, es posible que no te vaya. En principio el uji-config no es necesario que vaya confirmado, con lo que se puede borrar la firma del JAR.
2011/11/25 ABINZANO MURILLO JOSE JAVIER <[email protected]>: > Hola de nuevo > > Muchas gracias por la pista. He conseguido el keystore del cliente, y con... > > keytool -list -v -keystore cas.keystore > > he podido comprobar que contiene los mismos certificados que yo tenía en > ficheros aparte, y descubrir sus alias para poder utilizarlos desde > ujiCrypto.conf > > Luego he cambiado las referencias en ujiCrypto.conf, para que apuntaran al > keystore, y CASI lo consigue. Al final de este correo os paso la salida de > la consola de java (desde el onInitOK), por si se os ocurre algo al verla, > pero para mí que ese keystore tiene algún defecto. Tampoco quiero haceros > perder más tiempo cuando con los certificados por separado consigo firmar > sin problemas... > > Saludos: Javier Abínzano > > ----------------------- > > DEBUG thread applet-es.uji.security.ui.applet.SignatureApplet-1 > es.uji.security.ui.applet.SignatureApplet [11:54:09,096] - Call JavaScript > method: onInitOk > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.AppHandler [11:54:19,578] - Setting > signOutputFormat to > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.AppHandler [11:54:19,593] - Setting > inputDataEncoding to PLAIN > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.SignatureApplet [11:54:19,609] - Init window > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,718] - Building > certificate tree > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,718] - Loading user > certificates from keystore MSCAPI > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,718] - Loading > aliases from keystore > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - 4 aliases > loaded > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found > certificate whith alias OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading > certificate with alias OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found > certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF > Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading > certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF > Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found > certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF > Q-4500146H), O=JCCM, C=ES Serial=96645770944666008273160649392354122771 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading > certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF > Q-4500146H), O=JCCM, C=ES Serial=96645770944666008273160649392354122771 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found > certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF > Q-4500146H), O=JCCM, C=ES Serial=23354082312485453175376988941333319377 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading > certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF > Q-4500146H), O=JCCM, C=ES Serial=23354082312485453175376988941333319377 > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new > CA FNMT > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new > certificate NOMBRE RODRIGUEZ PEREZ JUAN MANUEL - NIF 51669070 > (digitalSignature, keyEncipherment) > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new > CA SESCAM (NIF Q-4500146H) > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new > certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (nonRepudiation) > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new > certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (digitalSignature) > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new > certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (keyEncipherment, > dataEncipherment) > DEBUG Applet 1 LiveConnect Worker Thread > es.uji.security.ui.applet.SignatureApplet [11:54:19,890] - Call JavaScript > method: onWindowShow > STORE: MSCAPI > START: 1SIGNATURECOUNT: 1 > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Getting selected certificate > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Selected certificate:CN=A LUMNO4 CSJ - DNI 11444555P, GIVENNAME=A, > SURNAME=LUMNO4 CSJ, SERIALNUMBER=11444555P, T=INFORMATICO, OU=aali11, > OU=certificado electrónico de empleado público, O=SESCAM, C=ES > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Validating certificate > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - The certificate is valid > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Loading certificate store > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Certificate store loaded > Certificate Alias: CN=SESCAM CA Entidades Finales, O=SESCAM (NIF > Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343 > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Loading signature format: > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Signer Role: citizen > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - File Name: UNSET > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Content Type:application/binary > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Selected a digital signature certificate > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Encoding: PLAIN > DEBUG thread-sig-0 es.uji.security.keystore.mscapi.MsCapiKeyStore > [11:54:23,952] - Loading aliases from keystore > DEBUG thread-sig-0 es.uji.security.keystore.mscapi.MsCapiKeyStore > [11:54:23,968] - 4 aliases loaded > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] > - [OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298, CN=SESCAM CA > Entidades Finales, O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES > Serial=24479927294867302867012332203021340343, CN=SESCAM CA Entidades > Finales, O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES > Serial=96645770944666008273160649392354122771, CN=SESCAM CA Entidades > Finales, O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES > Serial=23354082312485453175376988941333319377] > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] > - Private key format: null > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] > - Private key algorithm: RSA > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] > - Provider: UJI-MSCAPI > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,968] > - Signing data > DEBUG thread-sig-0 > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [11:54:23,968] - > Using XAdESSignatureFactory > DEBUG thread-sig-0 > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [11:54:23,968] - > UJI-MSCAPI provider found > [Fatal Error] :1:1: Content is not allowed in prolog. > DEBUG thread-sig-0 es.uji.security.crypto.openxades.digidoc.DataFile > [11:54:24,061] - calculateFileSizeAndDigest(D0) > DEBUG thread-sig-0 es.uji.security.crypto.openxades.digidoc.DataFile > [11:54:24,155] - DataFile: 'D0' length: 31 digest: > 8e42MOeIyQy7r9p4iL6L/UG+9yI= > DEBUG thread-sig-0 > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [11:54:30,123] - > Signing XAdES info. XAdES signature length 256 > ERROR thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:30,373] > - <html><font color='red'>No se ha podido calcular la firma</font></html> > es.uji.security.crypto.timestamp.TokenVerifyException: Unable to decipher > pkcs#9 encoded attributes > at > es.uji.security.crypto.timestamp.TSResponseToken.verify(TSResponseToken.java:215) > at > es.uji.security.crypto.timestamp.TSResponseToken.verify(TSResponseToken.java:187) > at > es.uji.security.crypto.openxades.OpenXAdESSignatureFactory.formatSignature(OpenXAdESSignatureFactory.java:213) > at > es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:452) > DEBUG thread-sig-0 es.uji.security.ui.applet.AppHandler [11:54:30,373] - > Call JavaScript method: onSignError > es.uji.security.ui.applet.SignatureAppletException > at > es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:460) > > > > > _______________________________________________ > CryptoApplet mailing list > [email protected] > http://llistes.uji.es/mailman/listinfo/cryptoapplet > > -- Salut, ==================================== Ricardo Borillo Domenech http://xml-utils.com / http://twitter.com/borillo _______________________________________________ CryptoApplet mailing list [email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
