Menu
▾
▴
[SignServer-develop] RES: RES: Worker's questions and Error WSDL
|
From: Marcos F. <mar...@ho...> - 2013-01-14 19:13:21
|
Hi Markus,
By the reference of Tomas, I create a second instance of JBOSS, one to Ejbca
and another to SignServer. I configured the second instance following some
guides and all the installation of EJBCA and SignServer was fine.
I put the default ports to work with 1 before the normal ports, like 8080 =
18080.
When I try to call bin/signserver.sh setproperties
doc/sample-configs/qs_pdfsigner_configuration.properties, the signserver
insist to call the 127.0.0.1:1099, thowing a Error:
org.signserver.common.ServiceLocator - Error Looking up signserver
interface.
I'm sure that I change the ports well. Where am I wrong?
Regards
-----Mensagem original-----
De: Markus Kilås [mailto:ma...@pr...]
Enviada em: quinta-feira, 10 de janeiro de 2013 07:08
Para: sig...@li...
Assunto: Re: [SignServer-develop] RES: Worker's questions and Error WSDL
Marcos,
What you could try is to first make sure you can access the WSDL file using
the same URL in an web browser.
If you get an certificate warning, it did not work and you would have to
import your CA certificate to the browser. When you have got that to work
you should make sure your trust store contains that CA certificate.
Best regards,
Markus
On 2013-01-09 21:02, Marcos Fontana wrote:
>
> ----------------------------------------------------------------------
> --
> From: Marcos Fontana
> Sent: 09/01/2013 17:10
> To: 'Markus Kilås'
> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>
> Hi Markus,
>
> Have you already got this: HTTP transport error:
> javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate?
>
> I tested with tomcat.jks and truststore.jks. Both contain the right
> certificates that is used to use SSL validation and nothing works. =(
>
> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
> transport
> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
> bad_certificate
> at
> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getO
> utput(
> Unknown Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proces
> s(Unkn
> own Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proces
> sReque
> st(Unknown Source)
> at
> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest
> (Unkno
> wn Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
> at
> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
> Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
Source)
> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
Source)
> at $Proxy30.process(Unknown Source)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVal
> idatio
> nWS.java:176)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVal
> idatio
> nWS.java:144)
> at
> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValida
> tionWS
> .java:208)
> at
>
certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:141)
> at certificate.principal.Principal.main(Principal.java:70)
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quarta-feira,
> 9 de janeiro de 2013 05:12
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-08 18:59, Marcos Fontana wrote:
>> Hi Markus,
>>
>> First, thanks for the support.
>>
>> I still getting the WSDL problem.
>>
>> A question: the trustStore must contain which certificate? the server
>> certificate or the certificate of who will signin the document?
>
> The certificate of the issuer of the server certificate. That is the
> CA that signed the server certificate.
>
> The purpose of the trust store is to list all CA certificates your
> client application will trust when verifying the server certificate
> sent by the server when the connection is established.
>
>>
>> System.setProperty("javax.net.ssl.trustStore",
>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>
>> Another question: If i create a service that will sign/validate
>> documents of diferente peoples, which one with their own certificate,
>> must i create a worker for which one of them? Or can I do it by that
>> example Signing and Validating an XML document. For this comands,
>> in the case of a PDF, there is some way to do it like in the web
>> demos page, including the logo and that other informations or just
>> having the worker configured wll that is included?
>
> Each worker signs with one key-pair and uses one certificate so if you
> want to use different key-pairs/certificates for different people then
> you would need to have different workers for them.
>
> The "Signing and Validating an XML document" example in the
> integration chapter of the manual shows how an client application can
> request an XML document to be signed and then validated.
>
> Similarly to the code for signing an XML document you can also do this
> for PDF documents. Just let the byte array 'unsigned' be the content
> of the PDF document and replace DemoXMLSigner with the name of your
> PDFSigner. If you configure the PDFSigner to use a logo that will also
> be included just if you called it from the demo web page.
>
> Validation is currently not supported for PDF documents though.
>
> Best regards,
> Markus
>
>
>>
>> Regards
>> ---------------------------------------------------------------------
>> -
>> --
>> From: Markus Kilås
>> Sent: 06/01/2013 11:27
>> To: sig...@li...
>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>> Hi,
>>>
>>
>> Hi Marcos,
>>
>>>
>>>
>>> When Im are setting properties by the command:
>>>
>>>
>>>
>>> bin/signserver.sh setproperties
>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>
>>>
>>>
>>> I got the console error: Error reading property file. Is there some
>>> place that I can see this log?
>>>
>>
>> You can get this error is the file is not existing or in any other
>> way not readable. Make sure that the file can be read by for instance
>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>> Unfortunately this is not logged anywhere in more detail than what is
>> printed on the console.
>>
>>>
>>>
>>> The configurations are right. Another question, what is the
>>> difference by worker and signer?
>>
>> A Worker is an entity in SignServer which has an Worker ID and a
>> configuration and can be called to perform some work. A signer is a
>> type of worker which uses a crypto token to sign something.
>>
>>>
>>>
>>>
>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>
>> That property sets the worker name to "PDFSigner" for the new worker
>> which is about to be added. The WORKERGENID1 means that a new worker
>> with the next available ID will be created.
>>
>> If you instead want to define the worker ID you could replace
>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>> recommended if you want to be able to apply (setproperties) the file
>> again without having a new worker to be created.
>>
>>>
>>>
>>>
>>> And another question, Im getting this error when i try to
>>> instantiate the object os WSDL in this line
>>>
>>> : ISigningAndValidation _signserver_ =
>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>
>>>
>>>
>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>> failed with:
>>>
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unk
>>> n
>>> own
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkno
>>> w
>>> n
>>> Source)
>>>
>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>
>>> at
>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServe
>>> r
>>> WSService.java:42_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndV
>>> a
>>> lidationWS.java:120_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndV
>>> a
>>> lidationWS.java:83_)
>>>
>>> at
>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.j
>>> a
>>> va:145_)
>>>
>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>
>>> Caused by: _java.net.SocketException_:
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>
>>> at
>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>> Source)
>>>
>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNew
>>> H
>>> ttpClient(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connec
>>> t
>>> (Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unk
>>> n
>>> own
>>> Source)
>>>
>>> at java.net.URL.openStream(Unknown Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(U
>>> n
>>> known
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Un
>>> k
>>> nown Source)
>>>
>>> ... 11 more
>>>
>>
>> Have you defined the javax.net.ssl.trustStore and
>> javax.net.ssl.trustStorePassword system properties?
>>
>> See
>> http://signserver.org/manual/integration.html#Signing%20and%20validat
>> i
>> ng%20an%20XML%20document
>> for an example.
>>
>>
>> Best regards,
>> Markus
>>
>>
>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>> subscription and training. Please see www.primekey.se
>> <http://www.primekey.se> <http://www.primekey.se> or contact
>> in...@pr... for more information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>>
>
>
----------------------------------------------------------------------------
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC,
Windows 8 Apps, JavaScript and much more. Keep your skills current with
LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and
experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
SignServer-develop mailing list
Sig...@li...
https://lists.sourceforge.net/lists/listinfo/signserver-develop
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
Lançamento: 01/08/13
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
Lançamento: 01/14/13
|
