Hola, Ricardo
¿Qué habría que hacer para borrar la firma del "uji-config-2.1.1-signed.jar",
como recomiendas? Porque creo que, como sospechas, mis problemas actuales
podrían venir de ahí...
Saludos y gracias: Javier Abínzano
-----Mensaje original-----
De: "Ricardo Borillo Doménech" <[email protected]>
Enviado el 25/11/2011 14:58:10
Para: "Llista de correu per al CryptoApplet" <[email protected]>
Asunto: Re: [CryptoApplet] Una consulta sobre rutas de configu ración
Si se modifica el JAR y este estaba firmado, es posible que no te vaya. En
principio el uji-config no es necesario que vaya confirmado, con lo que se
puede borrar la firma del JAR. 2011/11/25 ABINZANO MURILLO JOSE JAVIER
<[email protected]>: > Hola de nuevo > > Muchas gracias por la pista.
He conseguido el keystore del cliente, y con... > > keytool -list -v -keystore
cas.keystore > > he podido comprobar que contiene los mismos certificados que
yo tenía en > ficheros aparte, y descubrir sus alias para poder utilizarlos
desde > ujiCrypto.conf > > Luego he cambiado las referencias en ujiCrypto.conf,
para que apuntaran al > keystore, y CASI lo consigue. Al final de este correo
os paso la salida de > la consola de java (desde el onInitOK), por si se os
ocurre algo al verla, > pero para mí que ese keystore tiene algún defecto.
Tampoco quiero haceros > perder más tiempo cuando con los certificados por
separado consigo firmar > sin problemas... > > Saludos: Javier Abínzano > >
----------------------- > > DEBUG thread
applet-es.uji.security.ui.applet.SignatureApplet-1 >
es.uji.security.ui.applet.SignatureApplet [11:54:09,096] - Call JavaScript >
method: onInitOk > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.AppHandler [11:54:19,578] - Setting >
signOutputFormat to >
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > DEBUG Applet 1
LiveConnect Worker Thread > es.uji.security.ui.applet.AppHandler [11:54:19,593]
- Setting > inputDataEncoding to PLAIN > DEBUG Applet 1 LiveConnect Worker
Thread > es.uji.security.ui.applet.SignatureApplet [11:54:19,609] - Init window
> DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,718] - Building >
certificate tree > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,718] - Loading user >
certificates from keystore MSCAPI > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,718] - Loading >
aliases from keystore > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - 4 aliases >
loaded > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found >
certificate whith alias OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298 >
DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading >
certificate with alias OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298 >
DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found >
certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF >
Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343 > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading >
certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF >
Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343 > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found >
certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF >
Q-4500146H), O=JCCM, C=ES Serial=96645770944666008273160649392354122771 > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading >
certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF >
Q-4500146H), O=JCCM, C=ES Serial=96645770944666008273160649392354122771 > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Found >
certificate whith alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF >
Q-4500146H), O=JCCM, C=ES Serial=23354082312485453175376988941333319377 > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.keystore.mscapi.MsCapiKeyStore [11:54:19,734] - Loading >
certificate with alias CN=SESCAM CA Entidades Finales, O=SESCAM (NIF >
Q-4500146H), O=JCCM, C=ES Serial=23354082312485453175376988941333319377 > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new >
CA FNMT > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new >
certificate NOMBRE RODRIGUEZ PEREZ JUAN MANUEL - NIF 51669070 >
(digitalSignature, keyEncipherment) > DEBUG Applet 1 LiveConnect Worker Thread
> es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new
> CA SESCAM (NIF Q-4500146H) > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new >
certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (nonRepudiation) > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new >
certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (digitalSignature) > DEBUG
Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.JTreeCertificateBuilder [11:54:19,750] - Added new >
certificate A LUMNO4 CSJ - DNI 11444555P, GIVENN (keyEncipherment, >
dataEncipherment) > DEBUG Applet 1 LiveConnect Worker Thread >
es.uji.security.ui.applet.SignatureApplet [11:54:19,890] - Call JavaScript >
method: onWindowShow > STORE: MSCAPI > START: 1SIGNATURECOUNT: 1 > DEBUG
thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > -
Getting selected certificate > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Selected
certificate:CN=A LUMNO4 CSJ - DNI 11444555P, GIVENNAME=A, > SURNAME=LUMNO4 CSJ,
SERIALNUMBER=11444555P, T=INFORMATICO, OU=aali11, > OU=certificado electrónico
de empleado público, O=SESCAM, C=ES > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Validating
certificate > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread
[11:54:23,921] > - The certificate is valid > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Loading
certificate store > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,921] > - Certificate store
loaded > Certificate Alias: CN=SESCAM CA Entidades Finales, O=SESCAM (NIF >
Q-4500146H), O=JCCM, C=ES Serial=24479927294867302867012332203021340343 > DEBUG
thread-sig-0 es.uji.security.ui.applet.SignatureThread [11:54:23,921] > -
Loading signature format: >
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Signer Role:
citizen > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread
[11:54:23,952] > - File Name: UNSET > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Content
Type:application/binary > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Selected a digital
signature certificate > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,952] > - Encoding: PLAIN >
DEBUG thread-sig-0 es.uji.security.keystore.mscapi.MsCapiKeyStore >
[11:54:23,952] - Loading aliases from keystore > DEBUG thread-sig-0
es.uji.security.keystore.mscapi.MsCapiKeyStore > [11:54:23,968] - 4 aliases
loaded > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread
[11:54:23,968] > - [OU=FNMT Clase 2 CA, O=FNMT, C=ES Serial=1018756298,
CN=SESCAM CA > Entidades Finales, O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES >
Serial=24479927294867302867012332203021340343, CN=SESCAM CA Entidades >
Finales, O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES >
Serial=96645770944666008273160649392354122771, CN=SESCAM CA Entidades >
Finales, O=SESCAM (NIF Q-4500146H), O=JCCM, C=ES >
Serial=23354082312485453175376988941333319377] > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,968] > - Private key
format: null > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread
[11:54:23,968] > - Private key algorithm: RSA > DEBUG thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:23,968] > - Provider:
UJI-MSCAPI > DEBUG thread-sig-0 es.uji.security.ui.applet.SignatureThread
[11:54:23,968] > - Signing data > DEBUG thread-sig-0 >
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [11:54:23,968] - >
Using XAdESSignatureFactory > DEBUG thread-sig-0 >
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [11:54:23,968] - >
UJI-MSCAPI provider found > [Fatal Error] :1:1: Content is not allowed in
prolog. > DEBUG thread-sig-0 es.uji.security.crypto.openxades.digidoc.DataFile
> [11:54:24,061] - calculateFileSizeAndDigest(D0) > DEBUG thread-sig-0
es.uji.security.crypto.openxades.digidoc.DataFile > [11:54:24,155] - DataFile:
'D0' length: 31 digest: > 8e42MOeIyQy7r9p4iL6L/UG+9yI= > DEBUG thread-sig-0 >
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory [11:54:30,123] - >
Signing XAdES info. XAdES signature length 256 > ERROR thread-sig-0
es.uji.security.ui.applet.SignatureThread [11:54:30,373] > - <html><font
color='red'>No se ha podido calcular la firma</font></html> >
es.uji.security.crypto.timestamp.TokenVerifyException: Unable to decipher >
pkcs#9 encoded attributes > at >
es.uji.security.crypto.timestamp.TSResponseToken.verify(TSResponseToken.java:215)
> at >
es.uji.security.crypto.timestamp.TSResponseToken.verify(TSResponseToken.java:187)
> at >
es.uji.security.crypto.openxades.OpenXAdESSignatureFactory.formatSignature(OpenXAdESSignatureFactory.java:213)
> at >
es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:452) > DEBUG
thread-sig-0 es.uji.security.ui.applet.AppHandler [11:54:30,373] - > Call
JavaScript method: onSignError >
es.uji.security.ui.applet.SignatureAppletException > at >
es.uji.security.ui.applet.SignatureThread.run(SignatureThread.java:460) > > > >
> _______________________________________________ > CryptoApplet mailing list >
[email protected] >
http://llistes.uji.es/mailman/listinfo/cryptoapplet > > -- Salut,
==================================== Ricardo Borillo Domenech
http://xml-utils.com / http://twitter.com/borillo
_______________________________________________ CryptoApplet mailing list
[email protected] http://llistes.uji.es/mailman/listinfo/cryptoapplet
_______________________________________________
CryptoApplet mailing list
[email protected]
http://llistes.uji.es/mailman/listinfo/cryptoapplet
