Menu
▾
▴
Re: [SignServer-develop] RES: Worker's questions and Error WSDL
|
From: Markus K. <ma...@pr...> - 2013-01-10 09:08:26
|
Marcos,
What you could try is to first make sure you can access the WSDL file
using the same URL in an web browser.
If you get an certificate warning, it did not work and you would have to
import your CA certificate to the browser. When you have got that to
work you should make sure your trust store contains that CA certificate.
Best regards,
Markus
On 2013-01-09 21:02, Marcos Fontana wrote:
>
> ------------------------------------------------------------------------
> From: Marcos Fontana
> Sent: 09/01/2013 17:10
> To: 'Markus Kilås'
> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>
> Hi Markus,
>
> Have you already got this: HTTP transport error:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate?
>
> I tested with tomcat.jks and truststore.jks. Both contain the right
> certificates that is used to use SSL validation and nothing works. =(
>
> com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport
> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
> bad_certificate
> at
> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(
> Unknown Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unkn
> own Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processReque
> st(Unknown Source)
> at
> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unkno
> wn Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
> at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
> Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
> at $Proxy30.process(Unknown Source)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
> nWS.java:176)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
> nWS.java:144)
> at
> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValidationWS
> .java:208)
> at
> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:141)
> at certificate.principal.Principal.main(Principal.java:70)
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: quarta-feira, 9 de janeiro de 2013 05:12
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-08 18:59, Marcos Fontana wrote:
>> Hi Markus,
>>
>> First, thanks for the support.
>>
>> I still getting the WSDL problem.
>>
>> A question: the trustStore must contain which certificate? the server
>> certificate or the certificate of who will signin the document?
>
> The certificate of the issuer of the server certificate. That is the CA that
> signed the server certificate.
>
> The purpose of the trust store is to list all CA certificates your client
> application will trust when verifying the server certificate sent by the
> server when the connection is established.
>
>>
>> System.setProperty("javax.net.ssl.trustStore",
>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>
>> Another question: If i create a service that will sign/validate
>> documents of diferente peoples, which one with their own certificate,
>> must i create a worker for which one of them? Or can I do it by that
>> example “Signing and Validating an XML document”. For this comands, in
>> the case of a PDF, there is some way to do it like in the web demos
>> page, including the logo and that other informations or just having
>> the worker configured wll that is included?
>
> Each worker signs with one key-pair and uses one certificate so if you want
> to use different key-pairs/certificates for different people then you would
> need to have different workers for them.
>
> The "Signing and Validating an XML document" example in the integration
> chapter of the manual shows how an client application can request an XML
> document to be signed and then validated.
>
> Similarly to the code for signing an XML document you can also do this for
> PDF documents. Just let the byte array 'unsigned' be the content of the PDF
> document and replace DemoXMLSigner with the name of your PDFSigner. If you
> configure the PDFSigner to use a logo that will also be included just if you
> called it from the demo web page.
>
> Validation is currently not supported for PDF documents though.
>
> Best regards,
> Markus
>
>
>>
>> Regards
>> ----------------------------------------------------------------------
>> --
>> From: Markus Kilås
>> Sent: 06/01/2013 11:27
>> To: sig...@li...
>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>> Hi,
>>>
>>
>> Hi Marcos,
>>
>>>
>>>
>>> When I’m are setting properties by the command:
>>>
>>>
>>>
>>> bin/signserver.sh setproperties
>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>
>>>
>>>
>>> I got the console error: Error reading property file. Is there some
>>> place that I can see this log?
>>>
>>
>> You can get this error is the file is not existing or in any other way
>> not readable. Make sure that the file can be read by for instance
>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>> Unfortunately this is not logged anywhere in more detail than what is
>> printed on the console.
>>
>>>
>>>
>>> The configurations are right. Another question, what is the
>>> difference by worker and signer?
>>
>> A Worker is an entity in SignServer which has an Worker ID and a
>> configuration and can be called to perform some work. A signer is a
>> type of worker which uses a crypto token to sign something.
>>
>>>
>>>
>>>
>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>
>> That property sets the worker name to "PDFSigner" for the new worker
>> which is about to be added. The WORKERGENID1 means that a new worker
>> with the next available ID will be created.
>>
>> If you instead want to define the worker ID you could replace
>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>> recommended if you want to be able to apply (setproperties) the file
>> again without having a new worker to be created.
>>
>>>
>>>
>>>
>>> And another question, I’m getting this error when i try to
>>> instantiate the object os WSDL in this line
>>>
>>> : ISigningAndValidation _signserver_ =
>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>
>>>
>>>
>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>> failed with:
>>>
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>>> own
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>>> n
>>> Source)
>>>
>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>
>>> at
>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>>> WSService.java:42_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:120_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:83_)
>>>
>>> at
>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>>> va:145_)
>>>
>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>
>>> Caused by: _java.net.SocketException_:
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>
>>> at
>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>> Source)
>>>
>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>>> ttpClient(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>>> (Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>>> own
>>> Source)
>>>
>>> at java.net.URL.openStream(Unknown Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>>> known
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>>> nown Source)
>>>
>>> ... 11 more
>>>
>>
>> Have you defined the javax.net.ssl.trustStore and
>> javax.net.ssl.trustStorePassword system properties?
>>
>> See
>> http://signserver.org/manual/integration.html#Signing%20and%20validati
>> ng%20an%20XML%20document
>> for an example.
>>
>>
>> Best regards,
>> Markus
>>
>>
>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>> subscription and training. Please see www.primekey.se <http://www.primekey.se>
>> <http://www.primekey.se> or contact in...@pr... for more
>> information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>>
>
>
|
