Menu
▾
▴
[SignServer-develop] RES: Worker's questions and Error WSDL
|
From: Marcos F. <mar...@ho...> - 2013-01-09 20:03:03
|
________________________________
From: Marcos Fontana
Sent: 09/01/2013 17:10
To: 'Markus Kilås'
Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
Hi Markus,
Have you already got this: HTTP transport error:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate?
I tested with tomcat.jks and truststore.jks. Both contain the right
certificates that is used to use SSL validation and nothing works. =(
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport
error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate
at
com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(
Unknown Source)
at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unkn
own Source)
at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processReque
st(Unknown Source)
at
com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unkno
wn Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
Source)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
at $Proxy30.process(Unknown Source)
at
org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
nWS.java:176)
at
org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
nWS.java:144)
at
org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValidationWS
.java:208)
at
certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:141)
at certificate.principal.Principal.main(Principal.java:70)
-----Mensagem original-----
De: Markus Kilås [mailto:ma...@pr...]
Enviada em: quarta-feira, 9 de janeiro de 2013 05:12
Para: sig...@li...
Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
On 2013-01-08 18:59, Marcos Fontana wrote:
> Hi Markus,
>
> First, thanks for the support.
>
> I still getting the WSDL problem.
>
> A question: the trustStore must contain which certificate? the server
> certificate or the certificate of who will signin the document?
The certificate of the issuer of the server certificate. That is the CA that
signed the server certificate.
The purpose of the trust store is to list all CA certificates your client
application will trust when verifying the server certificate sent by the
server when the connection is established.
>
> System.setProperty("javax.net.ssl.trustStore",
> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>
> Another question: If i create a service that will sign/validate
> documents of diferente peoples, which one with their own certificate,
> must i create a worker for which one of them? Or can I do it by that
> example “Signing and Validating an XML document”. For this comands, in
> the case of a PDF, there is some way to do it like in the web demos
> page, including the logo and that other informations or just having
> the worker configured wll that is included?
Each worker signs with one key-pair and uses one certificate so if you want
to use different key-pairs/certificates for different people then you would
need to have different workers for them.
The "Signing and Validating an XML document" example in the integration
chapter of the manual shows how an client application can request an XML
document to be signed and then validated.
Similarly to the code for signing an XML document you can also do this for
PDF documents. Just let the byte array 'unsigned' be the content of the PDF
document and replace DemoXMLSigner with the name of your PDFSigner. If you
configure the PDFSigner to use a logo that will also be included just if you
called it from the demo web page.
Validation is currently not supported for PDF documents though.
Best regards,
Markus
>
> Regards
> ----------------------------------------------------------------------
> --
> From: Markus Kilås
> Sent: 06/01/2013 11:27
> To: sig...@li...
> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-04 17:55, Marcos Fontana wrote:
>> Hi,
>>
>
> Hi Marcos,
>
>>
>>
>> When I’m are setting properties by the command:
>>
>>
>>
>> bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>
>>
>>
>> I got the console error: Error reading property file. Is there some
>> place that I can see this log?
>>
>
> You can get this error is the file is not existing or in any other way
> not readable. Make sure that the file can be read by for instance
> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
> Unfortunately this is not logged anywhere in more detail than what is
> printed on the console.
>
>>
>>
>> The configurations are right. Another question, what is the
>> difference by worker and signer?
>
> A Worker is an entity in SignServer which has an Worker ID and a
> configuration and can be called to perform some work. A signer is a
> type of worker which uses a crypto token to sign something.
>
>>
>>
>>
>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>
> That property sets the worker name to "PDFSigner" for the new worker
> which is about to be added. The WORKERGENID1 means that a new worker
> with the next available ID will be created.
>
> If you instead want to define the worker ID you could replace
> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
> recommended if you want to be able to apply (setproperties) the file
> again without having a new worker to be created.
>
>>
>>
>>
>> And another question, I’m getting this error when i try to
>> instantiate the object os WSDL in this line
>>
>> : ISigningAndValidation _signserver_ =
>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>
>>
>>
>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>> failed with:
>>
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>> own
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>> n
>> Source)
>>
>> at javax.xml.ws.Service.<init>(Unknown Source)
>>
>> at
>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>> WSService.java:42_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>> lidationWS.java:120_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>> lidationWS.java:83_)
>>
>> at
>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>> va:145_)
>>
>> at certificate.principal.Principal.main(_Principal.java:70_)
>>
>> Caused by: _java.net.SocketException_:
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>
>> at
>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>> Source)
>>
>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>> Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>> Source)
>>
>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>> Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>> ttpClient(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>> (Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>> own
>> Source)
>>
>> at java.net.URL.openStream(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>> known
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>> nown Source)
>>
>> ... 11 more
>>
>
> Have you defined the javax.net.ssl.trustStore and
> javax.net.ssl.trustStorePassword system properties?
>
> See
> http://signserver.org/manual/integration.html#Signing%20and%20validati
> ng%20an%20XML%20document
> for an example.
>
>
> Best regards,
> Markus
>
>
> PrimeKey Solutions offers a commercial EJBCA & SignServer support
> subscription and training. Please see www.primekey.se
> <http://www.primekey.se> or contact in...@pr... for more
> information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
>
>
----------------------------------------------------------------------------
--
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and
much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612
_______________________________________________
SignServer-develop mailing list
Sig...@li...
https://lists.sourceforge.net/lists/listinfo/signserver-develop
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
Lançamento: 01/08/13
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
Lançamento: 01/08/13
|
