Menu
▾
▴
signserver-develop
You can subscribe to this list here.
| 2008 |
Jan
(1) |
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(4) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(4) |
Dec
|
| 2010 |
Jan
(1) |
Feb
|
Mar
|
Apr
(4) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(3) |
| 2012 |
Jan
(1) |
Feb
(8) |
Mar
(10) |
Apr
|
May
(12) |
Jun
(2) |
Jul
(28) |
Aug
(15) |
Sep
(12) |
Oct
(2) |
Nov
|
Dec
(16) |
| 2013 |
Jan
(30) |
Feb
(1) |
Mar
|
Apr
(11) |
May
(2) |
Jun
(11) |
Jul
(15) |
Aug
(4) |
Sep
(1) |
Oct
(10) |
Nov
(1) |
Dec
(2) |
| 2014 |
Jan
(8) |
Feb
(13) |
Mar
(12) |
Apr
(24) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(2) |
Oct
(1) |
Nov
(2) |
Dec
(1) |
| 2015 |
Jan
(3) |
Feb
(6) |
Mar
|
Apr
|
May
(7) |
Jun
(7) |
Jul
(3) |
Aug
(5) |
Sep
(1) |
Oct
(8) |
Nov
(6) |
Dec
|
| 2016 |
Jan
|
Feb
(3) |
Mar
(5) |
Apr
(9) |
May
(26) |
Jun
(8) |
Jul
|
Aug
|
Sep
(11) |
Oct
(8) |
Nov
(1) |
Dec
(2) |
| 2017 |
Jan
(4) |
Feb
(7) |
Mar
(7) |
Apr
(4) |
May
(1) |
Jun
(5) |
Jul
(3) |
Aug
(3) |
Sep
(1) |
Oct
(4) |
Nov
(5) |
Dec
(1) |
| 2018 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
(1) |
Mar
(2) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
(2) |
Dec
|
| 2020 |
Jan
(3) |
Feb
|
Mar
(2) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
(1) |
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2025 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Markus K. <ma...@pr...> - 2013-01-16 09:23:31
|
On 2013-01-15 18:05, Marcos Fontana wrote:
> Markus, there is some way to change the naming identifier in the signserver
> installation to avoid this error? If no, there is another way to do it?
Can you describe more what you are trying to achieve?
>From the stacktrace below it looks like either you are using the
SignServer CLI but connecting to EJBCA or that you use EJBCA and
connecting to SignServer.
If you are running multiple JBoss instances on different hosts and/or
ports, are you sure you have changed jndi.properties.jboss and run "ant
deploy" so jndi.properties contains the right hostname and JNDI port for
the JBoss running SignServer?
Best regards,
Markus
>
> Regards,
>
> javax.naming.NamingException: Could not dereference object [Root exception
> is java.lang.reflect.UndeclaredThrowableException]
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1504)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
> at javax.naming.InitialContext.lookup(Unknown Source)
> at
> org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
> at
> org.ejbca.core.model.util.EjbRemoteHelper.getCertficateRequestSession(EjbRem
> oteHelper.java:255)
> at
> certificate.model.ModelCertificado.<init>(ModelCertificado.java:36)
> at certificate.principal.Principal.main(Principal.java:29)
> Caused by: java.lang.reflect.UndeclaredThrowableException
> at $Proxy0.createProxyBusiness(Unknown Source)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
> eateProxy(SessionProxyObjectFactory.java:129)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
> oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
> (ProxyObjectFactory.java:158)
> at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
> at
> org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1496)
> ... 7 more
> Caused by: org.jboss.aop.NotFoundInDispatcherException: Object with oid:
> ProxyFactory/ejbca/CertificateRequestSessionBean/ejbca/CertificateRequestSes
> sionRemote was not found in the Dispatcher
> at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:85)
> at
> org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingIn
> vocationHandler.java:82)
> at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
> at
> org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerTh
> read.java:744)
> at
> org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThr
> ead.java:697)
> at
> org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524
> )
> at
> org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
> at
> org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.
> java:211)
> at org.jboss.remoting.Client.invoke(Client.java:1724)
> at org.jboss.remoting.Client.invoke(Client.java:629)
> at
> org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
> eptor.java:60)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at
> org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
> ocalProxyFactoryInterceptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> at $Proxy0.createProxyBusiness(Unknown Source)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
> eateProxy(SessionProxyObjectFactory.java:129)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
> oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
> (ProxyObjectFactory.java:158)
> at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
> at
> org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1496)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
> at javax.naming.InitialContext.lookup(Unknown Source)
> at
> org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
> at
> org.ejbca.core.model.util.EjbRemoteHelper.getCertficateRequestSession(EjbRem
> oteHelper.java:255)
> at
> certificate.model.ModelCertificado.<init>(ModelCertificado.java:36)
> at certificate.principal.Principal.main(Principal.java:29)
> at
> org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
> eptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at
> org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
> ocalProxyFactoryInterceptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> ... 14 more
>
> javax.naming.NamingException: Could not dereference object [Root exception
> is java.lang.reflect.UndeclaredThrowableException]
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1504)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
> at javax.naming.InitialContext.lookup(Unknown Source)
> at
> org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
> at
> org.ejbca.core.model.util.EjbRemoteHelper.getCaSession(EjbRemoteHelper.java:
> 101)
> at
> org.ejbca.util.InterfaceCache.getCaSession(InterfaceCache.java:76)
> at
> certificate.model.ModelCertificado.<init>(ModelCertificado.java:37)
> at certificate.principal.Principal.main(Principal.java:29)
> Caused by: java.lang.reflect.UndeclaredThrowableException
> at $Proxy0.createProxyBusiness(Unknown Source)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
> eateProxy(SessionProxyObjectFactory.java:129)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
> oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
> (ProxyObjectFactory.java:158)
> at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
> at
> org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1496)
> ... 8 more
> Caused by: org.jboss.aop.NotFoundInDispatcherException: Object with oid:
> ProxyFactory/ejbca/CaSessionBean/ejbca/CaSessionRemote was not found in the
> Dispatcher
> at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:85)
> at
> org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingIn
> vocationHandler.java:82)
> at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
> at
> org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerTh
> read.java:744)
> at
> org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThr
> ead.java:697)
> at
> org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524
> )
> at
> org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
> at
> org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.
> java:211)
> at org.jboss.remoting.Client.invoke(Client.java:1724)
> at org.jboss.remoting.Client.invoke(Client.java:629)
> at
> org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
> eptor.java:60)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at
> org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
> ocalProxyFactoryInterceptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> at $Proxy0.createProxyBusiness(Unknown Source)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
> eateProxy(SessionProxyObjectFactory.java:129)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
> oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
> (ProxyObjectFactory.java:158)
> at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
> at
> org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1496)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
> at javax.naming.InitialContext.lookup(Unknown Source)
> at
> org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
> at
> org.ejbca.core.model.util.EjbRemoteHelper.getCaSession(EjbRemoteHelper.java:
> 101)
> at
> org.ejbca.util.InterfaceCache.getCaSession(InterfaceCache.java:76)
> at
> certificate.model.ModelCertificado.<init>(ModelCertificado.java:37)
> at certificate.principal.Principal.main(Principal.java:29)
> at
> org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
> eptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at
> org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
> ocalProxyFactoryInterceptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> ... 15 more
>
> javax.naming.NamingException: Could not dereference object [Root exception
> is java.lang.reflect.UndeclaredThrowableException]
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1504)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
> at javax.naming.InitialContext.lookup(Unknown Source)
> at
> org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
> at
> org.ejbca.core.model.util.EjbRemoteHelper.getCertStoreSession(EjbRemoteHelpe
> r.java:157)
> at
> org.ejbca.util.InterfaceCache.getCertificateStoreSession(InterfaceCache.java
> :92)
> at
> certificate.model.ModelCertificado.emitirCertificado2(ModelCertificado.java:
> 80)
> at certificate.principal.Principal.main(Principal.java:31)
> Caused by: java.lang.reflect.UndeclaredThrowableException
> at $Proxy0.createProxyBusiness(Unknown Source)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
> eateProxy(SessionProxyObjectFactory.java:129)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
> oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
> (ProxyObjectFactory.java:158)
> at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
> at
> org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1496)
> ... 8 more
> Caused by: org.jboss.aop.NotFoundInDispatcherException: Object with oid:
> ProxyFactory/ejbca/CertificateStoreSessionBean/ejbca/CertificateStoreSession
> Remote was not found in the Dispatcher
> at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:85)
> at
> org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingIn
> vocationHandler.java:82)
> at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
> at
> org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerTh
> read.java:744)
> at
> org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThr
> ead.java:697)
> at
> org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524
> )
> at
> org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
> at
> org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.
> java:211)
> at org.jboss.remoting.Client.invoke(Client.java:1724)
> at org.jboss.remoting.Client.invoke(Client.java:629)
> at
> org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
> eptor.java:60)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at
> org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
> ocalProxyFactoryInterceptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> at $Proxy0.createProxyBusiness(Unknown Source)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
> eateProxy(SessionProxyObjectFactory.java:129)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
> oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
> at
> org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
> (ProxyObjectFactory.java:158)
> at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
> at
> org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
> at
> org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
> java:1496)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
> at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
> at javax.naming.InitialContext.lookup(Unknown Source)
> at
> org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
> at
> org.ejbca.core.model.util.EjbRemoteHelper.getCertStoreSession(EjbRemoteHelpe
> r.java:157)
> at
> org.ejbca.util.InterfaceCache.getCertificateStoreSession(InterfaceCache.java
> :92)
> at
> certificate.model.ModelCertificado.emitirCertificado2(ModelCertificado.java:
> 80)
> at certificate.principal.Principal.main(Principal.java:31)
> at
> org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
> eptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at
> org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
> ocalProxyFactoryInterceptor.java:72)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
> 2)
> at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
> ... 15 more
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: segunda-feira, 14 de janeiro de 2013 19:23
> Para: Marcos Fontana
> Cc: signserver-develop
> Assunto: Re: [SignServer-develop] RES: RES: Worker's questions and Error
> WSDL
>
> On 2013-01-14 20:13, Marcos Fontana wrote:
>> Hi Markus,
>>
>> By the reference of Tomas, I create a second instance of JBOSS, one to
>> Ejbca and another to SignServer. I configured the second instance
>> following some guides and all the installation of EJBCA and SignServer was
> fine.
>>
>> I put the default ports to work with 1 before the normal ports, like
>> 8080 = 18080.
>>
>> When I try to call bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties, the
>> signserver insist to call the 127.0.0.1:1099, thowing a Error:
>> org.signserver.common.ServiceLocator - Error Looking up signserver
>> interface.
>>
>> I'm sure that I change the ports well. Where am I wrong?
>
> You need to edit bin/jndi.properties.jboss and set the right port in
> java.naming.provider.url and then run "ant". After that bin/jndi.properties
> should contain the right port.
>
>
> Best regards,
> Markus
>
>>
>> Regards
>>
>> -----Mensagem original-----
>> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quinta-feira,
>> 10 de janeiro de 2013 07:08
>> Para: sig...@li...
>> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error
>> WSDL
>>
>> Marcos,
>>
>> What you could try is to first make sure you can access the WSDL file
>> using the same URL in an web browser.
>>
>> If you get an certificate warning, it did not work and you would have
>> to import your CA certificate to the browser. When you have got that
>> to work you should make sure your trust store contains that CA
> certificate.
>>
>>
>> Best regards,
>> Markus
>>
>> On 2013-01-09 21:02, Marcos Fontana wrote:
>>>
>>> ---------------------------------------------------------------------
>>> -
>>> --
>>> From: Marcos Fontana
>>> Sent: 09/01/2013 17:10
>>> To: 'Markus Kilås'
>>> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> Hi Markus,
>>>
>>> Have you already got this: HTTP transport error:
>>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> bad_certificate?
>>>
>>> I tested with tomcat.jks and truststore.jks. Both contain the right
>>> certificates that is used to use SSL validation and nothing works. =(
>>>
>>> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
>>> transport
>>> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>> bad_certificate
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.get
>>> O
>>> utput(
>>> Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>>> s
>>> s(Unkn
>>> own Source)
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>>> s
>>> sReque
>>> st(Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processReques
>>> t
>>> (Unkno
>>> wn Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
>>> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
>>> Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
>> Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
>> Source)
>>> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
>> Source)
>>> at $Proxy30.process(Unknown Source)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>>> l
>>> idatio
>>> nWS.java:176)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>>> l
>>> idatio
>>> nWS.java:144)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValid
>>> a
>>> tionWS
>>> .java:208)
>>> at
>>>
>> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java
>> :141)
>>> at certificate.principal.Principal.main(Principal.java:70)
>>>
>>> -----Mensagem original-----
>>> De: Markus Kilås [mailto:ma...@pr...] Enviada em:
>>> quarta-feira,
>>> 9 de janeiro de 2013 05:12
>>> Para: sig...@li...
>>> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> On 2013-01-08 18:59, Marcos Fontana wrote:
>>>> Hi Markus,
>>>>
>>>> First, thanks for the support.
>>>>
>>>> I still getting the WSDL problem.
>>>>
>>>> A question: the trustStore must contain which certificate? the
>>>> server certificate or the certificate of who will signin the document?
>>>
>>> The certificate of the issuer of the server certificate. That is the
>>> CA that signed the server certificate.
>>>
>>> The purpose of the trust store is to list all CA certificates your
>>> client application will trust when verifying the server certificate
>>> sent by the server when the connection is established.
>>>
>>>>
>>>> System.setProperty("javax.net.ssl.trustStore",
>>>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>>>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>>>
>>>> Another question: If i create a service that will sign/validate
>>>> documents of diferente peoples, which one with their own
>>>> certificate, must i create a worker for which one of them? Or can I
>>>> do it by that example “Signing and Validating an XML document”. For
>>>> this comands, in the case of a PDF, there is some way to do it like
>>>> in the web demos page, including the logo and that other
>>>> informations or just having the worker configured wll that is included?
>>>
>>> Each worker signs with one key-pair and uses one certificate so if
>>> you want to use different key-pairs/certificates for different people
>>> then you would need to have different workers for them.
>>>
>>> The "Signing and Validating an XML document" example in the
>>> integration chapter of the manual shows how an client application can
>>> request an XML document to be signed and then validated.
>>>
>>> Similarly to the code for signing an XML document you can also do
>>> this for PDF documents. Just let the byte array 'unsigned' be the
>>> content of the PDF document and replace DemoXMLSigner with the name
>>> of your PDFSigner. If you configure the PDFSigner to use a logo that
>>> will also be included just if you called it from the demo web page.
>>>
>>> Validation is currently not supported for PDF documents though.
>>>
>>> Best regards,
>>> Markus
>>>
>>>
>>>>
>>>> Regards
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --
>>>> From: Markus Kilås
>>>> Sent: 06/01/2013 11:27
>>>> To: sig...@li...
>>>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>>
>>>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>>>> Hi,
>>>>>
>>>>
>>>> Hi Marcos,
>>>>
>>>>>
>>>>>
>>>>> When I’m are setting properties by the command:
>>>>>
>>>>>
>>>>>
>>>>> bin/signserver.sh setproperties
>>>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>>>
>>>>>
>>>>>
>>>>> I got the console error: Error reading property file. Is there some
>>>>> place that I can see this log?
>>>>>
>>>>
>>>> You can get this error is the file is not existing or in any other
>>>> way not readable. Make sure that the file can be read by for
>>>> instance running "less
> doc/sample-configs/qs_pdfsigner_configuration.properties".
>>>> Unfortunately this is not logged anywhere in more detail than what
>>>> is printed on the console.
>>>>
>>>>>
>>>>>
>>>>> The configurations are right. Another question, what is the
>>>>> difference by worker and signer?
>>>>
>>>> A Worker is an entity in SignServer which has an Worker ID and a
>>>> configuration and can be called to perform some work. A signer is a
>>>> type of worker which uses a crypto token to sign something.
>>>>
>>>>>
>>>>>
>>>>>
>>>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>>>
>>>> That property sets the worker name to "PDFSigner" for the new worker
>>>> which is about to be added. The WORKERGENID1 means that a new worker
>>>> with the next available ID will be created.
>>>>
>>>> If you instead want to define the worker ID you could replace
>>>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>>>> recommended if you want to be able to apply (setproperties) the file
>>>> again without having a new worker to be created.
>>>>
>>>>>
>>>>>
>>>>>
>>>>> And another question, I’m getting this error when i try to
>>>>> instantiate the object os WSDL in this line
>>>>>
>>>>> : ISigningAndValidation _signserver_ =
>>>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>>>
>>>>>
>>>>>
>>>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl.
>>>>> It failed with:
>>>>>
>>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Un
>>>>> k
>>>>> n
>>>>> own
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkn
>>>>> o
>>>>> w
>>>>> n
>>>>> Source)
>>>>>
>>>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>>>
>>>>> at
>>>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServ
>>>>> e
>>>>> r
>>>>> WSService.java:42_)
>>>>>
>>>>> at
>>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>>> V
>>>>> a
>>>>> lidationWS.java:120_)
>>>>>
>>>>> at
>>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>>> V
>>>>> a
>>>>> lidationWS.java:83_)
>>>>>
>>>>> at
>>>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.
>>>>> j
>>>>> a
>>>>> va:145_)
>>>>>
>>>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>>>
>>>>> Caused by: _java.net.SocketException_:
>>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>>>
>>>>> at
>>>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>>>> Source)
>>>>>
>>>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>>>
>>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>>
>>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>>
>>>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNe
>>>>> w
>>>>> H
>>>>> ttpClient(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.conne
>>>>> c
>>>>> t
>>>>> (Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Un
>>>>> k
>>>>> n
>>>>> own
>>>>> Source)
>>>>>
>>>>> at java.net.URL.openStream(Unknown Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(
>>>>> U
>>>>> n
>>>>> known
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(U
>>>>> n
>>>>> k
>>>>> nown Source)
>>>>>
>>>>> ... 11 more
>>>>>
>>>>
>>>> Have you defined the javax.net.ssl.trustStore and
>>>> javax.net.ssl.trustStorePassword system properties?
>>>>
>>>> See
>>>> http://signserver.org/manual/integration.html#Signing%20and%20valida
>>>> t
>>>> i
>>>> ng%20an%20XML%20document
>>>> for an example.
>>>>
>>>>
>>>> Best regards,
>>>> Markus
>>>>
>>>>
>>>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>>>> subscription and training. Please see www.primekey.se
>>>> <http://www.primekey.se> <http://www.primekey.se> or contact
>>>> in...@pr... for more information.
>>>> http://www.primekey.se/Services/Support/
>>>> http://www.primekey.se/Services/Training/
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> ------
>> --
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
>> current with LearnDevNow - 3,200 step-by-step video tutorials by
>> Microsoft MVPs and experts. ON SALE this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122712
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
>> Lançamento: 01/08/13
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
>> Lançamento: 01/14/13
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
>> more at:
>> http://p.sf.net/sfu/learnmore_122412
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
>
>
> --
> Kind regards,
> Markus Kilås
> Security Consultant & Developer
>
> PrimeKey Solutions AB
>
> Anderstorpsv. 16
> 171 54 Solna
> Sweden
>
> Phone: +46 70 424 94 85
> Skype: markusatskype
> Email: mar...@pr...
>
> www.primekey.se
>
>
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
> Lançamento: 01/14/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6034 - Data de
> Lançamento: 01/15/13
>
>
> ------------------------------------------------------------------------------
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
|
From: Markus K. <ma...@pr...> - 2013-01-16 09:19:39
|
On 2013-01-15 13:20, Marcos Fontana wrote:
> Ok, done. And another, why the signserver can't read the keystore by the
> ../ejbca/p12/tomcat.jks? The EJBCA is just in the same folder as SignServer.
Hi Marcos,
I am not sure I understand exactly what you want to do. What do you mean
by that SignServer can't read it?
Normally the tomcat.jks is the keystore containing the web server
key-pair and certificate that the application server will use. When you
deploy SignServer, unless j2ee.web-nohttps is set to true, the build
script will copy the keystore from SIGNSERVER_HOME/p12/tomcat.jks to JBoss.
>
> I tried all the ways possibles.
What have you tried?
Best regards,
Markus
>
> Regards
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: segunda-feira, 14 de janeiro de 2013 19:23
> Para: Marcos Fontana
> Cc: signserver-develop
> Assunto: Re: [SignServer-develop] RES: RES: Worker's questions and Error
> WSDL
>
> On 2013-01-14 20:13, Marcos Fontana wrote:
>> Hi Markus,
>>
>> By the reference of Tomas, I create a second instance of JBOSS, one to
>> Ejbca and another to SignServer. I configured the second instance
>> following some guides and all the installation of EJBCA and SignServer was
> fine.
>>
>> I put the default ports to work with 1 before the normal ports, like
>> 8080 = 18080.
>>
>> When I try to call bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties, the
>> signserver insist to call the 127.0.0.1:1099, thowing a Error:
>> org.signserver.common.ServiceLocator - Error Looking up signserver
>> interface.
>>
>> I'm sure that I change the ports well. Where am I wrong?
>
> You need to edit bin/jndi.properties.jboss and set the right port in
> java.naming.provider.url and then run "ant". After that bin/jndi.properties
> should contain the right port.
>
>
> Best regards,
> Markus
>
>>
>> Regards
>>
>> -----Mensagem original-----
>> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quinta-feira,
>> 10 de janeiro de 2013 07:08
>> Para: sig...@li...
>> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error
>> WSDL
>>
>> Marcos,
>>
>> What you could try is to first make sure you can access the WSDL file
>> using the same URL in an web browser.
>>
>> If you get an certificate warning, it did not work and you would have
>> to import your CA certificate to the browser. When you have got that
>> to work you should make sure your trust store contains that CA
> certificate.
>>
>>
>> Best regards,
>> Markus
>>
>> On 2013-01-09 21:02, Marcos Fontana wrote:
>>>
>>> ---------------------------------------------------------------------
>>> -
>>> --
>>> From: Marcos Fontana
>>> Sent: 09/01/2013 17:10
>>> To: 'Markus Kilås'
>>> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> Hi Markus,
>>>
>>> Have you already got this: HTTP transport error:
>>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> bad_certificate?
>>>
>>> I tested with tomcat.jks and truststore.jks. Both contain the right
>>> certificates that is used to use SSL validation and nothing works. =(
>>>
>>> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
>>> transport
>>> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>> bad_certificate
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.get
>>> O
>>> utput(
>>> Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>>> s
>>> s(Unkn
>>> own Source)
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>>> s
>>> sReque
>>> st(Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processReques
>>> t
>>> (Unkno
>>> wn Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
>>> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
>>> Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
>> Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
>> Source)
>>> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
>> Source)
>>> at $Proxy30.process(Unknown Source)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>>> l
>>> idatio
>>> nWS.java:176)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>>> l
>>> idatio
>>> nWS.java:144)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValid
>>> a
>>> tionWS
>>> .java:208)
>>> at
>>>
>> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java
>> :141)
>>> at certificate.principal.Principal.main(Principal.java:70)
>>>
>>> -----Mensagem original-----
>>> De: Markus Kilås [mailto:ma...@pr...] Enviada em:
>>> quarta-feira,
>>> 9 de janeiro de 2013 05:12
>>> Para: sig...@li...
>>> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> On 2013-01-08 18:59, Marcos Fontana wrote:
>>>> Hi Markus,
>>>>
>>>> First, thanks for the support.
>>>>
>>>> I still getting the WSDL problem.
>>>>
>>>> A question: the trustStore must contain which certificate? the
>>>> server certificate or the certificate of who will signin the document?
>>>
>>> The certificate of the issuer of the server certificate. That is the
>>> CA that signed the server certificate.
>>>
>>> The purpose of the trust store is to list all CA certificates your
>>> client application will trust when verifying the server certificate
>>> sent by the server when the connection is established.
>>>
>>>>
>>>> System.setProperty("javax.net.ssl.trustStore",
>>>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>>>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>>>
>>>> Another question: If i create a service that will sign/validate
>>>> documents of diferente peoples, which one with their own
>>>> certificate, must i create a worker for which one of them? Or can I
>>>> do it by that example “Signing and Validating an XML document”. For
>>>> this comands, in the case of a PDF, there is some way to do it like
>>>> in the web demos page, including the logo and that other
>>>> informations or just having the worker configured wll that is included?
>>>
>>> Each worker signs with one key-pair and uses one certificate so if
>>> you want to use different key-pairs/certificates for different people
>>> then you would need to have different workers for them.
>>>
>>> The "Signing and Validating an XML document" example in the
>>> integration chapter of the manual shows how an client application can
>>> request an XML document to be signed and then validated.
>>>
>>> Similarly to the code for signing an XML document you can also do
>>> this for PDF documents. Just let the byte array 'unsigned' be the
>>> content of the PDF document and replace DemoXMLSigner with the name
>>> of your PDFSigner. If you configure the PDFSigner to use a logo that
>>> will also be included just if you called it from the demo web page.
>>>
>>> Validation is currently not supported for PDF documents though.
>>>
>>> Best regards,
>>> Markus
>>>
>>>
>>>>
>>>> Regards
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --
>>>> From: Markus Kilås
>>>> Sent: 06/01/2013 11:27
>>>> To: sig...@li...
>>>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>>
>>>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>>>> Hi,
>>>>>
>>>>
>>>> Hi Marcos,
>>>>
>>>>>
>>>>>
>>>>> When I’m are setting properties by the command:
>>>>>
>>>>>
>>>>>
>>>>> bin/signserver.sh setproperties
>>>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>>>
>>>>>
>>>>>
>>>>> I got the console error: Error reading property file. Is there some
>>>>> place that I can see this log?
>>>>>
>>>>
>>>> You can get this error is the file is not existing or in any other
>>>> way not readable. Make sure that the file can be read by for
>>>> instance running "less
> doc/sample-configs/qs_pdfsigner_configuration.properties".
>>>> Unfortunately this is not logged anywhere in more detail than what
>>>> is printed on the console.
>>>>
>>>>>
>>>>>
>>>>> The configurations are right. Another question, what is the
>>>>> difference by worker and signer?
>>>>
>>>> A Worker is an entity in SignServer which has an Worker ID and a
>>>> configuration and can be called to perform some work. A signer is a
>>>> type of worker which uses a crypto token to sign something.
>>>>
>>>>>
>>>>>
>>>>>
>>>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>>>
>>>> That property sets the worker name to "PDFSigner" for the new worker
>>>> which is about to be added. The WORKERGENID1 means that a new worker
>>>> with the next available ID will be created.
>>>>
>>>> If you instead want to define the worker ID you could replace
>>>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>>>> recommended if you want to be able to apply (setproperties) the file
>>>> again without having a new worker to be created.
>>>>
>>>>>
>>>>>
>>>>>
>>>>> And another question, I’m getting this error when i try to
>>>>> instantiate the object os WSDL in this line
>>>>>
>>>>> : ISigningAndValidation _signserver_ =
>>>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>>>
>>>>>
>>>>>
>>>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl.
>>>>> It failed with:
>>>>>
>>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Un
>>>>> k
>>>>> n
>>>>> own
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkn
>>>>> o
>>>>> w
>>>>> n
>>>>> Source)
>>>>>
>>>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>>>
>>>>> at
>>>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServ
>>>>> e
>>>>> r
>>>>> WSService.java:42_)
>>>>>
>>>>> at
>>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>>> V
>>>>> a
>>>>> lidationWS.java:120_)
>>>>>
>>>>> at
>>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>>> V
>>>>> a
>>>>> lidationWS.java:83_)
>>>>>
>>>>> at
>>>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.
>>>>> j
>>>>> a
>>>>> va:145_)
>>>>>
>>>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>>>
>>>>> Caused by: _java.net.SocketException_:
>>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>>>
>>>>> at
>>>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>>>> Source)
>>>>>
>>>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>>>
>>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>>
>>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>>
>>>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNe
>>>>> w
>>>>> H
>>>>> ttpClient(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.conne
>>>>> c
>>>>> t
>>>>> (Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Un
>>>>> k
>>>>> n
>>>>> own
>>>>> Source)
>>>>>
>>>>> at java.net.URL.openStream(Unknown Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(
>>>>> U
>>>>> n
>>>>> known
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(U
>>>>> n
>>>>> k
>>>>> nown Source)
>>>>>
>>>>> ... 11 more
>>>>>
>>>>
>>>> Have you defined the javax.net.ssl.trustStore and
>>>> javax.net.ssl.trustStorePassword system properties?
>>>>
>>>> See
>>>> http://signserver.org/manual/integration.html#Signing%20and%20valida
>>>> t
>>>> i
>>>> ng%20an%20XML%20document
>>>> for an example.
>>>>
>>>>
>>>> Best regards,
>>>> Markus
>>>>
>>>>
>>>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>>>> subscription and training. Please see www.primekey.se
>>>> <http://www.primekey.se> <http://www.primekey.se> or contact
>>>> in...@pr... for more information.
>>>> http://www.primekey.se/Services/Support/
>>>> http://www.primekey.se/Services/Training/
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> ------
>> --
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
>> current with LearnDevNow - 3,200 step-by-step video tutorials by
>> Microsoft MVPs and experts. ON SALE this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122712
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
>> Lançamento: 01/08/13
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
>> Lançamento: 01/14/13
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
>> more at:
>> http://p.sf.net/sfu/learnmore_122412
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
>
>
> --
> Kind regards,
> Markus Kilås
> Security Consultant & Developer
>
> PrimeKey Solutions AB
>
> Anderstorpsv. 16
> 171 54 Solna
> Sweden
>
> Phone: +46 70 424 94 85
> Skype: markusatskype
> Email: mar...@pr...
>
> www.primekey.se
>
>
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
> Lançamento: 01/14/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
> Lançamento: 01/14/13
>
>
> ------------------------------------------------------------------------------
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
|
From: Marcos F. <mar...@ho...> - 2013-01-15 17:05:20
|
Markus, there is some way to change the naming identifier in the signserver
installation to avoid this error? If no, there is another way to do it?
Regards,
javax.naming.NamingException: Could not dereference object [Root exception
is java.lang.reflect.UndeclaredThrowableException]
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1504)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
at javax.naming.InitialContext.lookup(Unknown Source)
at
org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
at
org.ejbca.core.model.util.EjbRemoteHelper.getCertficateRequestSession(EjbRem
oteHelper.java:255)
at
certificate.model.ModelCertificado.<init>(ModelCertificado.java:36)
at certificate.principal.Principal.main(Principal.java:29)
Caused by: java.lang.reflect.UndeclaredThrowableException
at $Proxy0.createProxyBusiness(Unknown Source)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
eateProxy(SessionProxyObjectFactory.java:129)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
at
org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
(ProxyObjectFactory.java:158)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
at
org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1496)
... 7 more
Caused by: org.jboss.aop.NotFoundInDispatcherException: Object with oid:
ProxyFactory/ejbca/CertificateRequestSessionBean/ejbca/CertificateRequestSes
sionRemote was not found in the Dispatcher
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:85)
at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingIn
vocationHandler.java:82)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at
org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerTh
read.java:744)
at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThr
ead.java:697)
at
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524
)
at
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.
java:211)
at org.jboss.remoting.Client.invoke(Client.java:1724)
at org.jboss.remoting.Client.invoke(Client.java:629)
at
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
eptor.java:60)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at
org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
ocalProxyFactoryInterceptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
at $Proxy0.createProxyBusiness(Unknown Source)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
eateProxy(SessionProxyObjectFactory.java:129)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
at
org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
(ProxyObjectFactory.java:158)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
at
org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1496)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
at javax.naming.InitialContext.lookup(Unknown Source)
at
org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
at
org.ejbca.core.model.util.EjbRemoteHelper.getCertficateRequestSession(EjbRem
oteHelper.java:255)
at
certificate.model.ModelCertificado.<init>(ModelCertificado.java:36)
at certificate.principal.Principal.main(Principal.java:29)
at
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
eptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at
org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
ocalProxyFactoryInterceptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
... 14 more
javax.naming.NamingException: Could not dereference object [Root exception
is java.lang.reflect.UndeclaredThrowableException]
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1504)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
at javax.naming.InitialContext.lookup(Unknown Source)
at
org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
at
org.ejbca.core.model.util.EjbRemoteHelper.getCaSession(EjbRemoteHelper.java:
101)
at
org.ejbca.util.InterfaceCache.getCaSession(InterfaceCache.java:76)
at
certificate.model.ModelCertificado.<init>(ModelCertificado.java:37)
at certificate.principal.Principal.main(Principal.java:29)
Caused by: java.lang.reflect.UndeclaredThrowableException
at $Proxy0.createProxyBusiness(Unknown Source)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
eateProxy(SessionProxyObjectFactory.java:129)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
at
org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
(ProxyObjectFactory.java:158)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
at
org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1496)
... 8 more
Caused by: org.jboss.aop.NotFoundInDispatcherException: Object with oid:
ProxyFactory/ejbca/CaSessionBean/ejbca/CaSessionRemote was not found in the
Dispatcher
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:85)
at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingIn
vocationHandler.java:82)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at
org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerTh
read.java:744)
at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThr
ead.java:697)
at
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524
)
at
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.
java:211)
at org.jboss.remoting.Client.invoke(Client.java:1724)
at org.jboss.remoting.Client.invoke(Client.java:629)
at
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
eptor.java:60)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at
org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
ocalProxyFactoryInterceptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
at $Proxy0.createProxyBusiness(Unknown Source)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
eateProxy(SessionProxyObjectFactory.java:129)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
at
org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
(ProxyObjectFactory.java:158)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
at
org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1496)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
at javax.naming.InitialContext.lookup(Unknown Source)
at
org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
at
org.ejbca.core.model.util.EjbRemoteHelper.getCaSession(EjbRemoteHelper.java:
101)
at
org.ejbca.util.InterfaceCache.getCaSession(InterfaceCache.java:76)
at
certificate.model.ModelCertificado.<init>(ModelCertificado.java:37)
at certificate.principal.Principal.main(Principal.java:29)
at
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
eptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at
org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
ocalProxyFactoryInterceptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
... 15 more
javax.naming.NamingException: Could not dereference object [Root exception
is java.lang.reflect.UndeclaredThrowableException]
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1504)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
at javax.naming.InitialContext.lookup(Unknown Source)
at
org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
at
org.ejbca.core.model.util.EjbRemoteHelper.getCertStoreSession(EjbRemoteHelpe
r.java:157)
at
org.ejbca.util.InterfaceCache.getCertificateStoreSession(InterfaceCache.java
:92)
at
certificate.model.ModelCertificado.emitirCertificado2(ModelCertificado.java:
80)
at certificate.principal.Principal.main(Principal.java:31)
Caused by: java.lang.reflect.UndeclaredThrowableException
at $Proxy0.createProxyBusiness(Unknown Source)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
eateProxy(SessionProxyObjectFactory.java:129)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
at
org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
(ProxyObjectFactory.java:158)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
at
org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1496)
... 8 more
Caused by: org.jboss.aop.NotFoundInDispatcherException: Object with oid:
ProxyFactory/ejbca/CertificateStoreSessionBean/ejbca/CertificateStoreSession
Remote was not found in the Dispatcher
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:85)
at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingIn
vocationHandler.java:82)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at
org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerTh
read.java:744)
at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThr
ead.java:697)
at
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524
)
at
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.
java:211)
at org.jboss.remoting.Client.invoke(Client.java:1724)
at org.jboss.remoting.Client.invoke(Client.java:629)
at
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
eptor.java:60)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at
org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
ocalProxyFactoryInterceptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
at $Proxy0.createProxyBusiness(Unknown Source)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.cr
eateProxy(SessionProxyObjectFactory.java:129)
at
org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionPr
oxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
at
org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance
(ProxyObjectFactory.java:158)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
at
org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1479)
at
org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.
java:1496)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
at javax.naming.InitialContext.lookup(Unknown Source)
at
org.ejbca.core.ejb.JndiHelper.getRemoteSession(JndiHelper.java:57)
at
org.ejbca.core.model.util.EjbRemoteHelper.getCertStoreSession(EjbRemoteHelpe
r.java:157)
at
org.ejbca.util.InterfaceCache.getCertificateStoreSession(InterfaceCache.java
:92)
at
certificate.model.ModelCertificado.emitirCertificado2(ModelCertificado.java:
80)
at certificate.principal.Principal.main(Principal.java:31)
at
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterc
eptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at
org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsL
ocalProxyFactoryInterceptor.java:72)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:10
2)
at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
... 15 more
-----Mensagem original-----
De: Markus Kilås [mailto:ma...@pr...]
Enviada em: segunda-feira, 14 de janeiro de 2013 19:23
Para: Marcos Fontana
Cc: signserver-develop
Assunto: Re: [SignServer-develop] RES: RES: Worker's questions and Error
WSDL
On 2013-01-14 20:13, Marcos Fontana wrote:
> Hi Markus,
>
> By the reference of Tomas, I create a second instance of JBOSS, one to
> Ejbca and another to SignServer. I configured the second instance
> following some guides and all the installation of EJBCA and SignServer was
fine.
>
> I put the default ports to work with 1 before the normal ports, like
> 8080 = 18080.
>
> When I try to call bin/signserver.sh setproperties
> doc/sample-configs/qs_pdfsigner_configuration.properties, the
> signserver insist to call the 127.0.0.1:1099, thowing a Error:
> org.signserver.common.ServiceLocator - Error Looking up signserver
> interface.
>
> I'm sure that I change the ports well. Where am I wrong?
You need to edit bin/jndi.properties.jboss and set the right port in
java.naming.provider.url and then run "ant". After that bin/jndi.properties
should contain the right port.
Best regards,
Markus
>
> Regards
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quinta-feira,
> 10 de janeiro de 2013 07:08
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error
> WSDL
>
> Marcos,
>
> What you could try is to first make sure you can access the WSDL file
> using the same URL in an web browser.
>
> If you get an certificate warning, it did not work and you would have
> to import your CA certificate to the browser. When you have got that
> to work you should make sure your trust store contains that CA
certificate.
>
>
> Best regards,
> Markus
>
> On 2013-01-09 21:02, Marcos Fontana wrote:
>>
>> ---------------------------------------------------------------------
>> -
>> --
>> From: Marcos Fontana
>> Sent: 09/01/2013 17:10
>> To: 'Markus Kilås'
>> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>>
>> Hi Markus,
>>
>> Have you already got this: HTTP transport error:
>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> bad_certificate?
>>
>> I tested with tomcat.jks and truststore.jks. Both contain the right
>> certificates that is used to use SSL validation and nothing works. =(
>>
>> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
>> transport
>> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> bad_certificate
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.get
>> O
>> utput(
>> Unknown Source)
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>> s
>> s(Unkn
>> own Source)
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>> s
>> sReque
>> st(Unknown Source)
>> at
>> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processReques
>> t
>> (Unkno
>> wn Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
>> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
>> Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
> Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
> Source)
>> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
> Source)
>> at $Proxy30.process(Unknown Source)
>> at
>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>> l
>> idatio
>> nWS.java:176)
>> at
>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>> l
>> idatio
>> nWS.java:144)
>> at
>> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValid
>> a
>> tionWS
>> .java:208)
>> at
>>
> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java
> :141)
>> at certificate.principal.Principal.main(Principal.java:70)
>>
>> -----Mensagem original-----
>> De: Markus Kilås [mailto:ma...@pr...] Enviada em:
>> quarta-feira,
>> 9 de janeiro de 2013 05:12
>> Para: sig...@li...
>> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-08 18:59, Marcos Fontana wrote:
>>> Hi Markus,
>>>
>>> First, thanks for the support.
>>>
>>> I still getting the WSDL problem.
>>>
>>> A question: the trustStore must contain which certificate? the
>>> server certificate or the certificate of who will signin the document?
>>
>> The certificate of the issuer of the server certificate. That is the
>> CA that signed the server certificate.
>>
>> The purpose of the trust store is to list all CA certificates your
>> client application will trust when verifying the server certificate
>> sent by the server when the connection is established.
>>
>>>
>>> System.setProperty("javax.net.ssl.trustStore",
>>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>>
>>> Another question: If i create a service that will sign/validate
>>> documents of diferente peoples, which one with their own
>>> certificate, must i create a worker for which one of them? Or can I
>>> do it by that example Signing and Validating an XML document. For
>>> this comands, in the case of a PDF, there is some way to do it like
>>> in the web demos page, including the logo and that other
>>> informations or just having the worker configured wll that is included?
>>
>> Each worker signs with one key-pair and uses one certificate so if
>> you want to use different key-pairs/certificates for different people
>> then you would need to have different workers for them.
>>
>> The "Signing and Validating an XML document" example in the
>> integration chapter of the manual shows how an client application can
>> request an XML document to be signed and then validated.
>>
>> Similarly to the code for signing an XML document you can also do
>> this for PDF documents. Just let the byte array 'unsigned' be the
>> content of the PDF document and replace DemoXMLSigner with the name
>> of your PDFSigner. If you configure the PDFSigner to use a logo that
>> will also be included just if you called it from the demo web page.
>>
>> Validation is currently not supported for PDF documents though.
>>
>> Best regards,
>> Markus
>>
>>
>>>
>>> Regards
>>> --------------------------------------------------------------------
>>> -
>>> -
>>> --
>>> From: Markus Kilås
>>> Sent: 06/01/2013 11:27
>>> To: sig...@li...
>>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>>> Hi,
>>>>
>>>
>>> Hi Marcos,
>>>
>>>>
>>>>
>>>> When Im are setting properties by the command:
>>>>
>>>>
>>>>
>>>> bin/signserver.sh setproperties
>>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>>
>>>>
>>>>
>>>> I got the console error: Error reading property file. Is there some
>>>> place that I can see this log?
>>>>
>>>
>>> You can get this error is the file is not existing or in any other
>>> way not readable. Make sure that the file can be read by for
>>> instance running "less
doc/sample-configs/qs_pdfsigner_configuration.properties".
>>> Unfortunately this is not logged anywhere in more detail than what
>>> is printed on the console.
>>>
>>>>
>>>>
>>>> The configurations are right. Another question, what is the
>>>> difference by worker and signer?
>>>
>>> A Worker is an entity in SignServer which has an Worker ID and a
>>> configuration and can be called to perform some work. A signer is a
>>> type of worker which uses a crypto token to sign something.
>>>
>>>>
>>>>
>>>>
>>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>>
>>> That property sets the worker name to "PDFSigner" for the new worker
>>> which is about to be added. The WORKERGENID1 means that a new worker
>>> with the next available ID will be created.
>>>
>>> If you instead want to define the worker ID you could replace
>>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>>> recommended if you want to be able to apply (setproperties) the file
>>> again without having a new worker to be created.
>>>
>>>>
>>>>
>>>>
>>>> And another question, Im getting this error when i try to
>>>> instantiate the object os WSDL in this line
>>>>
>>>> : ISigningAndValidation _signserver_ =
>>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>>
>>>>
>>>>
>>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl.
>>>> It failed with:
>>>>
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Un
>>>> k
>>>> n
>>>> own
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkn
>>>> o
>>>> w
>>>> n
>>>> Source)
>>>>
>>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>>
>>>> at
>>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServ
>>>> e
>>>> r
>>>> WSService.java:42_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>> V
>>>> a
>>>> lidationWS.java:120_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>> V
>>>> a
>>>> lidationWS.java:83_)
>>>>
>>>> at
>>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.
>>>> j
>>>> a
>>>> va:145_)
>>>>
>>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>>
>>>> Caused by: _java.net.SocketException_:
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>>
>>>> at
>>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>>> Source)
>>>>
>>>> at
>>>> javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>>> Source)
>>>>
>>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>>> Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNe
>>>> w
>>>> H
>>>> ttpClient(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.conne
>>>> c
>>>> t
>>>> (Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Un
>>>> k
>>>> n
>>>> own
>>>> Source)
>>>>
>>>> at java.net.URL.openStream(Unknown Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(
>>>> U
>>>> n
>>>> known
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(U
>>>> n
>>>> k
>>>> nown Source)
>>>>
>>>> ... 11 more
>>>>
>>>
>>> Have you defined the javax.net.ssl.trustStore and
>>> javax.net.ssl.trustStorePassword system properties?
>>>
>>> See
>>> http://signserver.org/manual/integration.html#Signing%20and%20valida
>>> t
>>> i
>>> ng%20an%20XML%20document
>>> for an example.
>>>
>>>
>>> Best regards,
>>> Markus
>>>
>>>
>>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>>> subscription and training. Please see www.primekey.se
>>> <http://www.primekey.se> <http://www.primekey.se> or contact
>>> in...@pr... for more information.
>>> http://www.primekey.se/Services/Support/
>>> http://www.primekey.se/Services/Training/
>>>
>>>
>>
>>
>
>
>
> ----------------------------------------------------------------------
> ------
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
> current with LearnDevNow - 3,200 step-by-step video tutorials by
> Microsoft MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
> Lançamento: 01/08/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
> Lançamento: 01/14/13
>
>
> ----------------------------------------------------------------------
> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
> skills current with LearnDevNow - 3,200 step-by-step video tutorials
> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
> more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
Lançamento: 01/14/13
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6034 - Data de
Lançamento: 01/15/13
|
|
From: Marcos F. <mar...@ho...> - 2013-01-15 12:30:11
|
Ok, done. And another, why the signserver can't read the keystore by the
../ejbca/p12/tomcat.jks? The EJBCA is just in the same folder as SignServer.
I tried all the ways possibles.
Regards
-----Mensagem original-----
De: Markus Kilås [mailto:ma...@pr...]
Enviada em: segunda-feira, 14 de janeiro de 2013 19:23
Para: Marcos Fontana
Cc: signserver-develop
Assunto: Re: [SignServer-develop] RES: RES: Worker's questions and Error
WSDL
On 2013-01-14 20:13, Marcos Fontana wrote:
> Hi Markus,
>
> By the reference of Tomas, I create a second instance of JBOSS, one to
> Ejbca and another to SignServer. I configured the second instance
> following some guides and all the installation of EJBCA and SignServer was
fine.
>
> I put the default ports to work with 1 before the normal ports, like
> 8080 = 18080.
>
> When I try to call bin/signserver.sh setproperties
> doc/sample-configs/qs_pdfsigner_configuration.properties, the
> signserver insist to call the 127.0.0.1:1099, thowing a Error:
> org.signserver.common.ServiceLocator - Error Looking up signserver
> interface.
>
> I'm sure that I change the ports well. Where am I wrong?
You need to edit bin/jndi.properties.jboss and set the right port in
java.naming.provider.url and then run "ant". After that bin/jndi.properties
should contain the right port.
Best regards,
Markus
>
> Regards
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quinta-feira,
> 10 de janeiro de 2013 07:08
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error
> WSDL
>
> Marcos,
>
> What you could try is to first make sure you can access the WSDL file
> using the same URL in an web browser.
>
> If you get an certificate warning, it did not work and you would have
> to import your CA certificate to the browser. When you have got that
> to work you should make sure your trust store contains that CA
certificate.
>
>
> Best regards,
> Markus
>
> On 2013-01-09 21:02, Marcos Fontana wrote:
>>
>> ---------------------------------------------------------------------
>> -
>> --
>> From: Marcos Fontana
>> Sent: 09/01/2013 17:10
>> To: 'Markus Kilås'
>> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>>
>> Hi Markus,
>>
>> Have you already got this: HTTP transport error:
>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> bad_certificate?
>>
>> I tested with tomcat.jks and truststore.jks. Both contain the right
>> certificates that is used to use SSL validation and nothing works. =(
>>
>> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
>> transport
>> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> bad_certificate
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.get
>> O
>> utput(
>> Unknown Source)
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>> s
>> s(Unkn
>> own Source)
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>> s
>> sReque
>> st(Unknown Source)
>> at
>> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processReques
>> t
>> (Unkno
>> wn Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
>> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
>> Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
> Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
> Source)
>> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
> Source)
>> at $Proxy30.process(Unknown Source)
>> at
>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>> l
>> idatio
>> nWS.java:176)
>> at
>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>> l
>> idatio
>> nWS.java:144)
>> at
>> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValid
>> a
>> tionWS
>> .java:208)
>> at
>>
> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java
> :141)
>> at certificate.principal.Principal.main(Principal.java:70)
>>
>> -----Mensagem original-----
>> De: Markus Kilås [mailto:ma...@pr...] Enviada em:
>> quarta-feira,
>> 9 de janeiro de 2013 05:12
>> Para: sig...@li...
>> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-08 18:59, Marcos Fontana wrote:
>>> Hi Markus,
>>>
>>> First, thanks for the support.
>>>
>>> I still getting the WSDL problem.
>>>
>>> A question: the trustStore must contain which certificate? the
>>> server certificate or the certificate of who will signin the document?
>>
>> The certificate of the issuer of the server certificate. That is the
>> CA that signed the server certificate.
>>
>> The purpose of the trust store is to list all CA certificates your
>> client application will trust when verifying the server certificate
>> sent by the server when the connection is established.
>>
>>>
>>> System.setProperty("javax.net.ssl.trustStore",
>>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>>
>>> Another question: If i create a service that will sign/validate
>>> documents of diferente peoples, which one with their own
>>> certificate, must i create a worker for which one of them? Or can I
>>> do it by that example Signing and Validating an XML document. For
>>> this comands, in the case of a PDF, there is some way to do it like
>>> in the web demos page, including the logo and that other
>>> informations or just having the worker configured wll that is included?
>>
>> Each worker signs with one key-pair and uses one certificate so if
>> you want to use different key-pairs/certificates for different people
>> then you would need to have different workers for them.
>>
>> The "Signing and Validating an XML document" example in the
>> integration chapter of the manual shows how an client application can
>> request an XML document to be signed and then validated.
>>
>> Similarly to the code for signing an XML document you can also do
>> this for PDF documents. Just let the byte array 'unsigned' be the
>> content of the PDF document and replace DemoXMLSigner with the name
>> of your PDFSigner. If you configure the PDFSigner to use a logo that
>> will also be included just if you called it from the demo web page.
>>
>> Validation is currently not supported for PDF documents though.
>>
>> Best regards,
>> Markus
>>
>>
>>>
>>> Regards
>>> --------------------------------------------------------------------
>>> -
>>> -
>>> --
>>> From: Markus Kilås
>>> Sent: 06/01/2013 11:27
>>> To: sig...@li...
>>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>>> Hi,
>>>>
>>>
>>> Hi Marcos,
>>>
>>>>
>>>>
>>>> When Im are setting properties by the command:
>>>>
>>>>
>>>>
>>>> bin/signserver.sh setproperties
>>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>>
>>>>
>>>>
>>>> I got the console error: Error reading property file. Is there some
>>>> place that I can see this log?
>>>>
>>>
>>> You can get this error is the file is not existing or in any other
>>> way not readable. Make sure that the file can be read by for
>>> instance running "less
doc/sample-configs/qs_pdfsigner_configuration.properties".
>>> Unfortunately this is not logged anywhere in more detail than what
>>> is printed on the console.
>>>
>>>>
>>>>
>>>> The configurations are right. Another question, what is the
>>>> difference by worker and signer?
>>>
>>> A Worker is an entity in SignServer which has an Worker ID and a
>>> configuration and can be called to perform some work. A signer is a
>>> type of worker which uses a crypto token to sign something.
>>>
>>>>
>>>>
>>>>
>>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>>
>>> That property sets the worker name to "PDFSigner" for the new worker
>>> which is about to be added. The WORKERGENID1 means that a new worker
>>> with the next available ID will be created.
>>>
>>> If you instead want to define the worker ID you could replace
>>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>>> recommended if you want to be able to apply (setproperties) the file
>>> again without having a new worker to be created.
>>>
>>>>
>>>>
>>>>
>>>> And another question, Im getting this error when i try to
>>>> instantiate the object os WSDL in this line
>>>>
>>>> : ISigningAndValidation _signserver_ =
>>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>>
>>>>
>>>>
>>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl.
>>>> It failed with:
>>>>
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Un
>>>> k
>>>> n
>>>> own
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkn
>>>> o
>>>> w
>>>> n
>>>> Source)
>>>>
>>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>>
>>>> at
>>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServ
>>>> e
>>>> r
>>>> WSService.java:42_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>> V
>>>> a
>>>> lidationWS.java:120_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>> V
>>>> a
>>>> lidationWS.java:83_)
>>>>
>>>> at
>>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.
>>>> j
>>>> a
>>>> va:145_)
>>>>
>>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>>
>>>> Caused by: _java.net.SocketException_:
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>>
>>>> at
>>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>>> Source)
>>>>
>>>> at
>>>> javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>>> Source)
>>>>
>>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>>> Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNe
>>>> w
>>>> H
>>>> ttpClient(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.conne
>>>> c
>>>> t
>>>> (Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Un
>>>> k
>>>> n
>>>> own
>>>> Source)
>>>>
>>>> at java.net.URL.openStream(Unknown Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(
>>>> U
>>>> n
>>>> known
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(U
>>>> n
>>>> k
>>>> nown Source)
>>>>
>>>> ... 11 more
>>>>
>>>
>>> Have you defined the javax.net.ssl.trustStore and
>>> javax.net.ssl.trustStorePassword system properties?
>>>
>>> See
>>> http://signserver.org/manual/integration.html#Signing%20and%20valida
>>> t
>>> i
>>> ng%20an%20XML%20document
>>> for an example.
>>>
>>>
>>> Best regards,
>>> Markus
>>>
>>>
>>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>>> subscription and training. Please see www.primekey.se
>>> <http://www.primekey.se> <http://www.primekey.se> or contact
>>> in...@pr... for more information.
>>> http://www.primekey.se/Services/Support/
>>> http://www.primekey.se/Services/Training/
>>>
>>>
>>
>>
>
>
>
> ----------------------------------------------------------------------
> ------
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
> current with LearnDevNow - 3,200 step-by-step video tutorials by
> Microsoft MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
> Lançamento: 01/08/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
> Lançamento: 01/14/13
>
>
> ----------------------------------------------------------------------
> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
> skills current with LearnDevNow - 3,200 step-by-step video tutorials
> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
> more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
Lançamento: 01/14/13
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
Lançamento: 01/14/13
|
|
From: Markus K. <ma...@pr...> - 2013-01-14 21:23:17
|
On 2013-01-14 20:13, Marcos Fontana wrote:
> Hi Markus,
>
> By the reference of Tomas, I create a second instance of JBOSS, one to Ejbca
> and another to SignServer. I configured the second instance following some
> guides and all the installation of EJBCA and SignServer was fine.
>
> I put the default ports to work with 1 before the normal ports, like 8080 =
> 18080.
>
> When I try to call bin/signserver.sh setproperties
> doc/sample-configs/qs_pdfsigner_configuration.properties, the signserver
> insist to call the 127.0.0.1:1099, thowing a Error:
> org.signserver.common.ServiceLocator - Error Looking up signserver
> interface.
>
> I'm sure that I change the ports well. Where am I wrong?
You need to edit bin/jndi.properties.jboss and set the right port in
java.naming.provider.url and then run "ant". After that
bin/jndi.properties should contain the right port.
Best regards,
Markus
>
> Regards
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: quinta-feira, 10 de janeiro de 2013 07:08
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error WSDL
>
> Marcos,
>
> What you could try is to first make sure you can access the WSDL file using
> the same URL in an web browser.
>
> If you get an certificate warning, it did not work and you would have to
> import your CA certificate to the browser. When you have got that to work
> you should make sure your trust store contains that CA certificate.
>
>
> Best regards,
> Markus
>
> On 2013-01-09 21:02, Marcos Fontana wrote:
>>
>> ----------------------------------------------------------------------
>> --
>> From: Marcos Fontana
>> Sent: 09/01/2013 17:10
>> To: 'Markus Kilås'
>> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>>
>> Hi Markus,
>>
>> Have you already got this: HTTP transport error:
>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> bad_certificate?
>>
>> I tested with tomcat.jks and truststore.jks. Both contain the right
>> certificates that is used to use SSL validation and nothing works. =(
>>
>> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
>> transport
>> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> bad_certificate
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getO
>> utput(
>> Unknown Source)
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proces
>> s(Unkn
>> own Source)
>> at
>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proces
>> sReque
>> st(Unknown Source)
>> at
>> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest
>> (Unkno
>> wn Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
>> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
>> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
>> Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
> Source)
>> at
>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
> Source)
>> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
> Source)
>> at $Proxy30.process(Unknown Source)
>> at
>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVal
>> idatio
>> nWS.java:176)
>> at
>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVal
>> idatio
>> nWS.java:144)
>> at
>> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValida
>> tionWS
>> .java:208)
>> at
>>
> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:141)
>> at certificate.principal.Principal.main(Principal.java:70)
>>
>> -----Mensagem original-----
>> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quarta-feira,
>> 9 de janeiro de 2013 05:12
>> Para: sig...@li...
>> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-08 18:59, Marcos Fontana wrote:
>>> Hi Markus,
>>>
>>> First, thanks for the support.
>>>
>>> I still getting the WSDL problem.
>>>
>>> A question: the trustStore must contain which certificate? the server
>>> certificate or the certificate of who will signin the document?
>>
>> The certificate of the issuer of the server certificate. That is the
>> CA that signed the server certificate.
>>
>> The purpose of the trust store is to list all CA certificates your
>> client application will trust when verifying the server certificate
>> sent by the server when the connection is established.
>>
>>>
>>> System.setProperty("javax.net.ssl.trustStore",
>>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>>
>>> Another question: If i create a service that will sign/validate
>>> documents of diferente peoples, which one with their own certificate,
>>> must i create a worker for which one of them? Or can I do it by that
>>> example “Signing and Validating an XML document”. For this comands,
>>> in the case of a PDF, there is some way to do it like in the web
>>> demos page, including the logo and that other informations or just
>>> having the worker configured wll that is included?
>>
>> Each worker signs with one key-pair and uses one certificate so if you
>> want to use different key-pairs/certificates for different people then
>> you would need to have different workers for them.
>>
>> The "Signing and Validating an XML document" example in the
>> integration chapter of the manual shows how an client application can
>> request an XML document to be signed and then validated.
>>
>> Similarly to the code for signing an XML document you can also do this
>> for PDF documents. Just let the byte array 'unsigned' be the content
>> of the PDF document and replace DemoXMLSigner with the name of your
>> PDFSigner. If you configure the PDFSigner to use a logo that will also
>> be included just if you called it from the demo web page.
>>
>> Validation is currently not supported for PDF documents though.
>>
>> Best regards,
>> Markus
>>
>>
>>>
>>> Regards
>>> ---------------------------------------------------------------------
>>> -
>>> --
>>> From: Markus Kilås
>>> Sent: 06/01/2013 11:27
>>> To: sig...@li...
>>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>>> Hi,
>>>>
>>>
>>> Hi Marcos,
>>>
>>>>
>>>>
>>>> When I’m are setting properties by the command:
>>>>
>>>>
>>>>
>>>> bin/signserver.sh setproperties
>>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>>
>>>>
>>>>
>>>> I got the console error: Error reading property file. Is there some
>>>> place that I can see this log?
>>>>
>>>
>>> You can get this error is the file is not existing or in any other
>>> way not readable. Make sure that the file can be read by for instance
>>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>>> Unfortunately this is not logged anywhere in more detail than what is
>>> printed on the console.
>>>
>>>>
>>>>
>>>> The configurations are right. Another question, what is the
>>>> difference by worker and signer?
>>>
>>> A Worker is an entity in SignServer which has an Worker ID and a
>>> configuration and can be called to perform some work. A signer is a
>>> type of worker which uses a crypto token to sign something.
>>>
>>>>
>>>>
>>>>
>>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>>
>>> That property sets the worker name to "PDFSigner" for the new worker
>>> which is about to be added. The WORKERGENID1 means that a new worker
>>> with the next available ID will be created.
>>>
>>> If you instead want to define the worker ID you could replace
>>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>>> recommended if you want to be able to apply (setproperties) the file
>>> again without having a new worker to be created.
>>>
>>>>
>>>>
>>>>
>>>> And another question, I’m getting this error when i try to
>>>> instantiate the object os WSDL in this line
>>>>
>>>> : ISigningAndValidation _signserver_ =
>>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>>
>>>>
>>>>
>>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>>> failed with:
>>>>
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unk
>>>> n
>>>> own
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkno
>>>> w
>>>> n
>>>> Source)
>>>>
>>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>>
>>>> at
>>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServe
>>>> r
>>>> WSService.java:42_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndV
>>>> a
>>>> lidationWS.java:120_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndV
>>>> a
>>>> lidationWS.java:83_)
>>>>
>>>> at
>>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.j
>>>> a
>>>> va:145_)
>>>>
>>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>>
>>>> Caused by: _java.net.SocketException_:
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>>
>>>> at
>>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>>> Source)
>>>>
>>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>>> Source)
>>>>
>>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>>> Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNew
>>>> H
>>>> ttpClient(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connec
>>>> t
>>>> (Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unk
>>>> n
>>>> own
>>>> Source)
>>>>
>>>> at java.net.URL.openStream(Unknown Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(U
>>>> n
>>>> known
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Un
>>>> k
>>>> nown Source)
>>>>
>>>> ... 11 more
>>>>
>>>
>>> Have you defined the javax.net.ssl.trustStore and
>>> javax.net.ssl.trustStorePassword system properties?
>>>
>>> See
>>> http://signserver.org/manual/integration.html#Signing%20and%20validat
>>> i
>>> ng%20an%20XML%20document
>>> for an example.
>>>
>>>
>>> Best regards,
>>> Markus
>>>
>>>
>>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>>> subscription and training. Please see www.primekey.se
>>> <http://www.primekey.se> <http://www.primekey.se> or contact
>>> in...@pr... for more information.
>>> http://www.primekey.se/Services/Support/
>>> http://www.primekey.se/Services/Training/
>>>
>>>
>>
>>
>
>
>
> ----------------------------------------------------------------------------
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC,
> Windows 8 Apps, JavaScript and much more. Keep your skills current with
> LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and
> experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
> Lançamento: 01/08/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
> Lançamento: 01/14/13
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
|
From: Marcos F. <mar...@ho...> - 2013-01-14 19:13:21
|
Hi Markus,
By the reference of Tomas, I create a second instance of JBOSS, one to Ejbca
and another to SignServer. I configured the second instance following some
guides and all the installation of EJBCA and SignServer was fine.
I put the default ports to work with 1 before the normal ports, like 8080 =
18080.
When I try to call bin/signserver.sh setproperties
doc/sample-configs/qs_pdfsigner_configuration.properties, the signserver
insist to call the 127.0.0.1:1099, thowing a Error:
org.signserver.common.ServiceLocator - Error Looking up signserver
interface.
I'm sure that I change the ports well. Where am I wrong?
Regards
-----Mensagem original-----
De: Markus Kilås [mailto:ma...@pr...]
Enviada em: quinta-feira, 10 de janeiro de 2013 07:08
Para: sig...@li...
Assunto: Re: [SignServer-develop] RES: Worker's questions and Error WSDL
Marcos,
What you could try is to first make sure you can access the WSDL file using
the same URL in an web browser.
If you get an certificate warning, it did not work and you would have to
import your CA certificate to the browser. When you have got that to work
you should make sure your trust store contains that CA certificate.
Best regards,
Markus
On 2013-01-09 21:02, Marcos Fontana wrote:
>
> ----------------------------------------------------------------------
> --
> From: Marcos Fontana
> Sent: 09/01/2013 17:10
> To: 'Markus Kilås'
> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>
> Hi Markus,
>
> Have you already got this: HTTP transport error:
> javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate?
>
> I tested with tomcat.jks and truststore.jks. Both contain the right
> certificates that is used to use SSL validation and nothing works. =(
>
> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
> transport
> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
> bad_certificate
> at
> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getO
> utput(
> Unknown Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proces
> s(Unkn
> own Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proces
> sReque
> st(Unknown Source)
> at
> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest
> (Unkno
> wn Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
> at
> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
> Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
Source)
> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
Source)
> at $Proxy30.process(Unknown Source)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVal
> idatio
> nWS.java:176)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVal
> idatio
> nWS.java:144)
> at
> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValida
> tionWS
> .java:208)
> at
>
certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:141)
> at certificate.principal.Principal.main(Principal.java:70)
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quarta-feira,
> 9 de janeiro de 2013 05:12
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-08 18:59, Marcos Fontana wrote:
>> Hi Markus,
>>
>> First, thanks for the support.
>>
>> I still getting the WSDL problem.
>>
>> A question: the trustStore must contain which certificate? the server
>> certificate or the certificate of who will signin the document?
>
> The certificate of the issuer of the server certificate. That is the
> CA that signed the server certificate.
>
> The purpose of the trust store is to list all CA certificates your
> client application will trust when verifying the server certificate
> sent by the server when the connection is established.
>
>>
>> System.setProperty("javax.net.ssl.trustStore",
>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>
>> Another question: If i create a service that will sign/validate
>> documents of diferente peoples, which one with their own certificate,
>> must i create a worker for which one of them? Or can I do it by that
>> example Signing and Validating an XML document. For this comands,
>> in the case of a PDF, there is some way to do it like in the web
>> demos page, including the logo and that other informations or just
>> having the worker configured wll that is included?
>
> Each worker signs with one key-pair and uses one certificate so if you
> want to use different key-pairs/certificates for different people then
> you would need to have different workers for them.
>
> The "Signing and Validating an XML document" example in the
> integration chapter of the manual shows how an client application can
> request an XML document to be signed and then validated.
>
> Similarly to the code for signing an XML document you can also do this
> for PDF documents. Just let the byte array 'unsigned' be the content
> of the PDF document and replace DemoXMLSigner with the name of your
> PDFSigner. If you configure the PDFSigner to use a logo that will also
> be included just if you called it from the demo web page.
>
> Validation is currently not supported for PDF documents though.
>
> Best regards,
> Markus
>
>
>>
>> Regards
>> ---------------------------------------------------------------------
>> -
>> --
>> From: Markus Kilås
>> Sent: 06/01/2013 11:27
>> To: sig...@li...
>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>> Hi,
>>>
>>
>> Hi Marcos,
>>
>>>
>>>
>>> When Im are setting properties by the command:
>>>
>>>
>>>
>>> bin/signserver.sh setproperties
>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>
>>>
>>>
>>> I got the console error: Error reading property file. Is there some
>>> place that I can see this log?
>>>
>>
>> You can get this error is the file is not existing or in any other
>> way not readable. Make sure that the file can be read by for instance
>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>> Unfortunately this is not logged anywhere in more detail than what is
>> printed on the console.
>>
>>>
>>>
>>> The configurations are right. Another question, what is the
>>> difference by worker and signer?
>>
>> A Worker is an entity in SignServer which has an Worker ID and a
>> configuration and can be called to perform some work. A signer is a
>> type of worker which uses a crypto token to sign something.
>>
>>>
>>>
>>>
>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>
>> That property sets the worker name to "PDFSigner" for the new worker
>> which is about to be added. The WORKERGENID1 means that a new worker
>> with the next available ID will be created.
>>
>> If you instead want to define the worker ID you could replace
>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>> recommended if you want to be able to apply (setproperties) the file
>> again without having a new worker to be created.
>>
>>>
>>>
>>>
>>> And another question, Im getting this error when i try to
>>> instantiate the object os WSDL in this line
>>>
>>> : ISigningAndValidation _signserver_ =
>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>
>>>
>>>
>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>> failed with:
>>>
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unk
>>> n
>>> own
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkno
>>> w
>>> n
>>> Source)
>>>
>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>
>>> at
>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServe
>>> r
>>> WSService.java:42_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndV
>>> a
>>> lidationWS.java:120_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndV
>>> a
>>> lidationWS.java:83_)
>>>
>>> at
>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.j
>>> a
>>> va:145_)
>>>
>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>
>>> Caused by: _java.net.SocketException_:
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>
>>> at
>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>> Source)
>>>
>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNew
>>> H
>>> ttpClient(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connec
>>> t
>>> (Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unk
>>> n
>>> own
>>> Source)
>>>
>>> at java.net.URL.openStream(Unknown Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(U
>>> n
>>> known
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Un
>>> k
>>> nown Source)
>>>
>>> ... 11 more
>>>
>>
>> Have you defined the javax.net.ssl.trustStore and
>> javax.net.ssl.trustStorePassword system properties?
>>
>> See
>> http://signserver.org/manual/integration.html#Signing%20and%20validat
>> i
>> ng%20an%20XML%20document
>> for an example.
>>
>>
>> Best regards,
>> Markus
>>
>>
>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>> subscription and training. Please see www.primekey.se
>> <http://www.primekey.se> <http://www.primekey.se> or contact
>> in...@pr... for more information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>>
>
>
----------------------------------------------------------------------------
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC,
Windows 8 Apps, JavaScript and much more. Keep your skills current with
LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and
experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
SignServer-develop mailing list
Sig...@li...
https://lists.sourceforge.net/lists/listinfo/signserver-develop
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
Lançamento: 01/08/13
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
Lançamento: 01/14/13
|
|
From: Markus K. <ma...@pr...> - 2013-01-10 09:08:26
|
Marcos,
What you could try is to first make sure you can access the WSDL file
using the same URL in an web browser.
If you get an certificate warning, it did not work and you would have to
import your CA certificate to the browser. When you have got that to
work you should make sure your trust store contains that CA certificate.
Best regards,
Markus
On 2013-01-09 21:02, Marcos Fontana wrote:
>
> ------------------------------------------------------------------------
> From: Marcos Fontana
> Sent: 09/01/2013 17:10
> To: 'Markus Kilås'
> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>
> Hi Markus,
>
> Have you already got this: HTTP transport error:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate?
>
> I tested with tomcat.jks and truststore.jks. Both contain the right
> certificates that is used to use SSL validation and nothing works. =(
>
> com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport
> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
> bad_certificate
> at
> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(
> Unknown Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unkn
> own Source)
> at
> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processReque
> st(Unknown Source)
> at
> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unkno
> wn Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
> at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
> Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
> at
> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
> at $Proxy30.process(Unknown Source)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
> nWS.java:176)
> at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
> nWS.java:144)
> at
> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValidationWS
> .java:208)
> at
> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:141)
> at certificate.principal.Principal.main(Principal.java:70)
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: quarta-feira, 9 de janeiro de 2013 05:12
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-08 18:59, Marcos Fontana wrote:
>> Hi Markus,
>>
>> First, thanks for the support.
>>
>> I still getting the WSDL problem.
>>
>> A question: the trustStore must contain which certificate? the server
>> certificate or the certificate of who will signin the document?
>
> The certificate of the issuer of the server certificate. That is the CA that
> signed the server certificate.
>
> The purpose of the trust store is to list all CA certificates your client
> application will trust when verifying the server certificate sent by the
> server when the connection is established.
>
>>
>> System.setProperty("javax.net.ssl.trustStore",
>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>
>> Another question: If i create a service that will sign/validate
>> documents of diferente peoples, which one with their own certificate,
>> must i create a worker for which one of them? Or can I do it by that
>> example “Signing and Validating an XML document”. For this comands, in
>> the case of a PDF, there is some way to do it like in the web demos
>> page, including the logo and that other informations or just having
>> the worker configured wll that is included?
>
> Each worker signs with one key-pair and uses one certificate so if you want
> to use different key-pairs/certificates for different people then you would
> need to have different workers for them.
>
> The "Signing and Validating an XML document" example in the integration
> chapter of the manual shows how an client application can request an XML
> document to be signed and then validated.
>
> Similarly to the code for signing an XML document you can also do this for
> PDF documents. Just let the byte array 'unsigned' be the content of the PDF
> document and replace DemoXMLSigner with the name of your PDFSigner. If you
> configure the PDFSigner to use a logo that will also be included just if you
> called it from the demo web page.
>
> Validation is currently not supported for PDF documents though.
>
> Best regards,
> Markus
>
>
>>
>> Regards
>> ----------------------------------------------------------------------
>> --
>> From: Markus Kilås
>> Sent: 06/01/2013 11:27
>> To: sig...@li...
>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>> Hi,
>>>
>>
>> Hi Marcos,
>>
>>>
>>>
>>> When I’m are setting properties by the command:
>>>
>>>
>>>
>>> bin/signserver.sh setproperties
>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>
>>>
>>>
>>> I got the console error: Error reading property file. Is there some
>>> place that I can see this log?
>>>
>>
>> You can get this error is the file is not existing or in any other way
>> not readable. Make sure that the file can be read by for instance
>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>> Unfortunately this is not logged anywhere in more detail than what is
>> printed on the console.
>>
>>>
>>>
>>> The configurations are right. Another question, what is the
>>> difference by worker and signer?
>>
>> A Worker is an entity in SignServer which has an Worker ID and a
>> configuration and can be called to perform some work. A signer is a
>> type of worker which uses a crypto token to sign something.
>>
>>>
>>>
>>>
>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>
>> That property sets the worker name to "PDFSigner" for the new worker
>> which is about to be added. The WORKERGENID1 means that a new worker
>> with the next available ID will be created.
>>
>> If you instead want to define the worker ID you could replace
>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>> recommended if you want to be able to apply (setproperties) the file
>> again without having a new worker to be created.
>>
>>>
>>>
>>>
>>> And another question, I’m getting this error when i try to
>>> instantiate the object os WSDL in this line
>>>
>>> : ISigningAndValidation _signserver_ =
>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>
>>>
>>>
>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>> failed with:
>>>
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>>> own
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>>> n
>>> Source)
>>>
>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>
>>> at
>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>>> WSService.java:42_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:120_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:83_)
>>>
>>> at
>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>>> va:145_)
>>>
>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>
>>> Caused by: _java.net.SocketException_:
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>
>>> at
>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>> Source)
>>>
>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>>> ttpClient(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>>> (Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>>> own
>>> Source)
>>>
>>> at java.net.URL.openStream(Unknown Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>>> known
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>>> nown Source)
>>>
>>> ... 11 more
>>>
>>
>> Have you defined the javax.net.ssl.trustStore and
>> javax.net.ssl.trustStorePassword system properties?
>>
>> See
>> http://signserver.org/manual/integration.html#Signing%20and%20validati
>> ng%20an%20XML%20document
>> for an example.
>>
>>
>> Best regards,
>> Markus
>>
>>
>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>> subscription and training. Please see www.primekey.se <http://www.primekey.se>
>> <http://www.primekey.se> or contact in...@pr... for more
>> information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>>
>
>
|
|
From: Marcos F. <mar...@ho...> - 2013-01-09 20:03:03
|
________________________________
From: Marcos Fontana
Sent: 09/01/2013 17:10
To: 'Markus Kilås'
Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
Hi Markus,
Have you already got this: HTTP transport error:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate?
I tested with tomcat.jks and truststore.jks. Both contain the right
certificates that is used to use SSL validation and nothing works. =(
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport
error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
bad_certificate
at
com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(
Unknown Source)
at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unkn
own Source)
at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processReque
st(Unknown Source)
at
com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unkno
wn Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
Source)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
at $Proxy30.process(Unknown Source)
at
org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
nWS.java:176)
at
org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidatio
nWS.java:144)
at
org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValidationWS
.java:208)
at
certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:141)
at certificate.principal.Principal.main(Principal.java:70)
-----Mensagem original-----
De: Markus Kilås [mailto:ma...@pr...]
Enviada em: quarta-feira, 9 de janeiro de 2013 05:12
Para: sig...@li...
Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
On 2013-01-08 18:59, Marcos Fontana wrote:
> Hi Markus,
>
> First, thanks for the support.
>
> I still getting the WSDL problem.
>
> A question: the trustStore must contain which certificate? the server
> certificate or the certificate of who will signin the document?
The certificate of the issuer of the server certificate. That is the CA that
signed the server certificate.
The purpose of the trust store is to list all CA certificates your client
application will trust when verifying the server certificate sent by the
server when the connection is established.
>
> System.setProperty("javax.net.ssl.trustStore",
> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>
> Another question: If i create a service that will sign/validate
> documents of diferente peoples, which one with their own certificate,
> must i create a worker for which one of them? Or can I do it by that
> example “Signing and Validating an XML document”. For this comands, in
> the case of a PDF, there is some way to do it like in the web demos
> page, including the logo and that other informations or just having
> the worker configured wll that is included?
Each worker signs with one key-pair and uses one certificate so if you want
to use different key-pairs/certificates for different people then you would
need to have different workers for them.
The "Signing and Validating an XML document" example in the integration
chapter of the manual shows how an client application can request an XML
document to be signed and then validated.
Similarly to the code for signing an XML document you can also do this for
PDF documents. Just let the byte array 'unsigned' be the content of the PDF
document and replace DemoXMLSigner with the name of your PDFSigner. If you
configure the PDFSigner to use a logo that will also be included just if you
called it from the demo web page.
Validation is currently not supported for PDF documents though.
Best regards,
Markus
>
> Regards
> ----------------------------------------------------------------------
> --
> From: Markus Kilås
> Sent: 06/01/2013 11:27
> To: sig...@li...
> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-04 17:55, Marcos Fontana wrote:
>> Hi,
>>
>
> Hi Marcos,
>
>>
>>
>> When I’m are setting properties by the command:
>>
>>
>>
>> bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>
>>
>>
>> I got the console error: Error reading property file. Is there some
>> place that I can see this log?
>>
>
> You can get this error is the file is not existing or in any other way
> not readable. Make sure that the file can be read by for instance
> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
> Unfortunately this is not logged anywhere in more detail than what is
> printed on the console.
>
>>
>>
>> The configurations are right. Another question, what is the
>> difference by worker and signer?
>
> A Worker is an entity in SignServer which has an Worker ID and a
> configuration and can be called to perform some work. A signer is a
> type of worker which uses a crypto token to sign something.
>
>>
>>
>>
>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>
> That property sets the worker name to "PDFSigner" for the new worker
> which is about to be added. The WORKERGENID1 means that a new worker
> with the next available ID will be created.
>
> If you instead want to define the worker ID you could replace
> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
> recommended if you want to be able to apply (setproperties) the file
> again without having a new worker to be created.
>
>>
>>
>>
>> And another question, I’m getting this error when i try to
>> instantiate the object os WSDL in this line
>>
>> : ISigningAndValidation _signserver_ =
>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>
>>
>>
>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>> failed with:
>>
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>> own
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>> n
>> Source)
>>
>> at javax.xml.ws.Service.<init>(Unknown Source)
>>
>> at
>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>> WSService.java:42_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>> lidationWS.java:120_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>> lidationWS.java:83_)
>>
>> at
>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>> va:145_)
>>
>> at certificate.principal.Principal.main(_Principal.java:70_)
>>
>> Caused by: _java.net.SocketException_:
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>
>> at
>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>> Source)
>>
>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>> Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>> Source)
>>
>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>> Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>> ttpClient(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>> (Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>> own
>> Source)
>>
>> at java.net.URL.openStream(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>> known
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>> nown Source)
>>
>> ... 11 more
>>
>
> Have you defined the javax.net.ssl.trustStore and
> javax.net.ssl.trustStorePassword system properties?
>
> See
> http://signserver.org/manual/integration.html#Signing%20and%20validati
> ng%20an%20XML%20document
> for an example.
>
>
> Best regards,
> Markus
>
>
> PrimeKey Solutions offers a commercial EJBCA & SignServer support
> subscription and training. Please see www.primekey.se
> <http://www.primekey.se> or contact in...@pr... for more
> information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
>
>
----------------------------------------------------------------------------
--
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and
much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612
_______________________________________________
SignServer-develop mailing list
Sig...@li...
https://lists.sourceforge.net/lists/listinfo/signserver-develop
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
Lançamento: 01/08/13
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
Lançamento: 01/08/13
|
|
From: Markus K. <ma...@pr...> - 2013-01-09 07:11:32
|
On 2013-01-08 18:59, Marcos Fontana wrote:
> Hi Markus,
>
> First, thanks for the support.
>
> I still getting the WSDL problem.
>
> A question: the trustStore must contain which certificate? the server
> certificate or the certificate of who will signin the document?
The certificate of the issuer of the server certificate. That is the CA
that signed the server certificate.
The purpose of the trust store is to list all CA certificates your
client application will trust when verifying the server certificate sent
by the server when the connection is established.
>
> System.setProperty("javax.net.ssl.trustStore",
> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>
> Another question: If i create a service that will sign/validate
> documents of diferente peoples, which one with their own certificate,
> must i create a worker for which one of them? Or can I do it by that
> example “Signing and Validating an XML document”. For this comands, in
> the case of a PDF, there is some way to do it like in the web demos
> page, including the logo and that other informations or just having the
> worker configured wll that is included?
Each worker signs with one key-pair and uses one certificate so if you
want to use different key-pairs/certificates for different people then
you would need to have different workers for them.
The "Signing and Validating an XML document" example in the integration
chapter of the manual shows how an client application can request an XML
document to be signed and then validated.
Similarly to the code for signing an XML document you can also do this
for PDF documents. Just let the byte array 'unsigned' be the content of
the PDF document and replace DemoXMLSigner with the name of your
PDFSigner. If you configure the PDFSigner to use a logo that will also
be included just if you called it from the demo web page.
Validation is currently not supported for PDF documents though.
Best regards,
Markus
>
> Regards
> ------------------------------------------------------------------------
> From: Markus Kilås
> Sent: 06/01/2013 11:27
> To: sig...@li...
> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-04 17:55, Marcos Fontana wrote:
>> Hi,
>>
>
> Hi Marcos,
>
>>
>>
>> When I’m are setting properties by the command:
>>
>>
>>
>> bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>
>>
>>
>> I got the console error: Error reading property file. Is there some
>> place that I can see this log?
>>
>
> You can get this error is the file is not existing or in any other way
> not readable. Make sure that the file can be read by for instance
> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
> Unfortunately this is not logged anywhere in more detail than what is
> printed on the console.
>
>>
>>
>> The configurations are right. Another question, what is the difference
>> by worker and signer?
>
> A Worker is an entity in SignServer which has an Worker ID and a
> configuration and can be called to perform some work. A signer is a type
> of worker which uses a crypto token to sign something.
>
>>
>>
>>
>> The ID or Worker name, in the case of PDF, is the PDFSigner, configured
>> in this line: WORKERGENID1.NAME=PDFSigner?
>
> That property sets the worker name to "PDFSigner" for the new worker
> which is about to be added. The WORKERGENID1 means that a new worker
> with the next available ID will be created.
>
> If you instead want to define the worker ID you could replace
> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
> recommended if you want to be able to apply (setproperties) the file
> again without having a new worker to be created.
>
>>
>>
>>
>> And another question, I’m getting this error when i try to instantiate
>> the object os WSDL in this line
>>
>> : ISigningAndValidation _signserver_ =
>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>
>>
>>
>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>> failed with:
>>
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown
>> Source)
>>
>> at javax.xml.ws.Service.<init>(Unknown Source)
>>
>> at
>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServerWSService.java:42_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:120_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:83_)
>>
>> at
>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.java:145_)
>>
>> at certificate.principal.Principal.main(_Principal.java:70_)
>>
>> Caused by: _java.net.SocketException_:
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>
>> at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>> Source)
>>
>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>> Source)
>>
>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
>> Source)
>>
>> at java.net.URL.openStream(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown Source)
>>
>> ... 11 more
>>
>
> Have you defined the javax.net.ssl.trustStore and
> javax.net.ssl.trustStorePassword system properties?
>
> See
> http://signserver.org/manual/integration.html#Signing%20and%20validating%20an%20XML%20document
> for an example.
>
>
> Best regards,
> Markus
>
>
> PrimeKey Solutions offers a commercial EJBCA & SignServer support
> subscription and training. Please see www.primekey.se
> <http://www.primekey.se> or contact
> in...@pr... for more information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
>
>
|
|
From: Markus K. <ejb...@pr...> - 2013-01-09 06:36:46
|
On 2013-01-08 14:27, Marcos Fontana wrote:
> Now, when i try to sign a PDF, im getting this in log file:
This are two different errors, one about authorization and one about a
missing field in the request.
>
> HTTP Status 400 - Request error:
>
> Autorization failed:Error, client aithenticatin is required.
This means that you have sent a request to a worker which requires
client certificate authentication. If you specify a worker property
called AUTH with the value CLIENTCERT or don't configure the property at
all the default is to require client certificate authentication. You
would then have to access the worker using a port which requires client
certificate authentication (ie. 8443).
>
> Bad request: Missing field 'data' in request. But I'm filling the field,
> selecting a PDF document to sign.
Which page are you using, which fields have you filled in and which of
the Submit buttons have you clicked? Notice that on the generic sign
page there are two submit buttons one corresponding to if you past the
document in the text area and an other that should be used if you upload
the document from a file.
Best regards,
Markus
>
> -----Original Message-----
> From: Markus Kilås
> Sent: Tuesday, January 8, 2013 9:39 AM
> To: Marcos Fontana
> Cc: signserver-develop
> Subject: Re: [SignServer-develop] RES: RES: Worker's questions and Error
> WSDL
>
> On 2013-01-07 19:58, Marcos Fontana wrote:
>> Ok, problem solved, I needed to restart the application server, that in
>> the
>> guide was not described, and created a lot of workers with same
>> configuration. There is some way to delete the workers?
>
> To remove a worker use:
> $ bin/signserver.sh removeworker WORKERID
> $ bin/signserver.sh reload WORKERID
>
>>
>> Now I'm getting the error :
>>
>> HTTP Status 503 - Service Temporally Unavailable
>>
>> The server is currently unable to handle the request:
>> Key usage limit exceeded or not initialized for worker 50.
>
> For the key usage counter the worker needs to be reloaded and activated
> (if not auto-activated).
>
> $ bin/signserver.sh activatecryptotoken WORKERID
>
>>
>> Have this some relation with 'Unlimited Strength Jurisdiction Policy"?
>
> Not directly unless stronger keys are used. Usually we have the
> Unlimited Strength Jurisdiction Policy installed.
>
>
> Best regards,
> Markus
>
>>
>> Regards
>>
>> -----Mensagem original-----
>> De: Markus Kilås [mailto:ma...@pr...]
>> Enviada em: segunda-feira, 7 de janeiro de 2013 14:10
>> Para: sig...@li...
>> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error WSDL
>>
>> On 2013-01-07 16:44, Marcos Fontana wrote:
>>> The error in the propertie file was my fault in the path of it in the
>>> commando line.
>>>
>>>
>>>
>>> Now, whem im trying to Sign a PDF for example, I’m getting this error:
>>> EXCEPTION: org.signserver.common.CryptoTokenOfflineException:
>>> Signtoken isn't active.;
>>>
>>>
>>>
>>> Look my pdf configuration file:
>>>
>>>
>>>
>>> ## Global properties
>>>
>>>
>>>
>>> GLOB.WORKERGENID1.CLASSPATH =
>>> org.signserver.module.pdfsigner.PDFSigner
>>>
>>> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>>> org.signserver.server.cryptotokens.SoftCryptoToken
>>>
>>> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>>> org.signserver.server.cryptotokens.P12CryptoToken
>>>
>>> #GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>>> org.signserver.server.cryptotokens.PKCS11CryptoToken
>>>
>>
>> You are defining the GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH worker
>> property
>> multiple times. It is undefined which one will be used but as you are
>> getting CryptoTokenOfflineException I would suspect it was the
>> P12 one this time.
>>
>> Remove the definition that you should not use.
>>
>>>
>>>
>>>
>>>
>>> ## General properties
>>>
>>>
>>>
>>> WORKERGENID1.NAME=PDFSigner
>>>
>>> WORKERGENID1.AUTHTYPE=NOAUTH
>>>
>>>
>>>
>>>
>>>
>>> ## SoftCryptoToken properties
>>>
>>>
>>>
>>> WORKERGENID1.KEYDATA=AAABJjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBA
>>> KJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4
>>> //9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYa
>>> iN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXE
>>> GUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqo
>>> KcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQA
>>> ABMIwggS+AgEAMA0GCSqGSIb3DQEBAQUABIIEqDCCBKQCAQACggEBAKJCST1ZD6592ueaz
>>> ugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2
>>> PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTi
>>> Fqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u
>>> /JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuq
>>> Uc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQKCAQA7pJX7YPNstoJ
>>> yw+ruTbAv40kXDe2mLHwR/B2D3M/ZVPFqcZoHbWarFpRNwtsT+lq7UmkjXY8UmYRJo5bh/
>>> o7+up3OeLf38k0fnR0YjWtV+fZB4hETPMacfv5PHXS0iouNxwUqYhyNvhw1srcl/fzqx4k
>>> BuErU2A1EK+thQPq
>> +
>> NkNo/VJTAcw0cLIcH5fxIOP5MHqDsdSPMGhVg26OHdNdKZBYpS9VzvWG4jPgld23go6bXDCJ6ITo
>> D3XTudZOymnv29wf38HT3/q+NNbO5Xk3Rj+l1M8dvyRefK8PLpaVSw2z8FXG6D5eayi04cjWhEUc
>> K8rvLaVXwsg4JLQz4H8xAoGBAOxMP0z/3D1MR1yrNUkmvCXu1SnNDBdqC/6lmUt8/Wr+AsKjYxtw
>> stQBRG8DrGUYWKTapsScV0gfL0mbWD7LVc08CC0o7X7TlUsAyurnbvWDwMcs9Nw2yHPDx1a/1bYh
>> ssCjQdjzVzDX7Ezcm/j/8y2ZzL51CWLaeeLX2paLgf7fAoGBAK/Jr54NZo2Jk2b6uYUQESk7Ud8A
>> wdGzP4o/6MK6U72iB5U2Zh9+bzs9rfccRNxOBS99pcvOuagM13gcxwF6oMxvnVtCgAcsJH/Tax0M
>> gzns0Ot6ajV0Zo9EywEYef21/qoo+K2ukN8ALB1HjcpHXjmJuJSCXqmDKoRCnsTKQzXFAoGBALBL
>> RqLs9WTqRweVWIEGHDN016aDK7VAUkifRhpy2yL69hY/Dg8H6vOPKn5k0DbwjhoYY3mmZtwRIBeb
>> hZ/71jzzv+npch9APk8h/UJ6fmc/8BDpspmlabIs68kGAK0MwS9F3je9fVyci9jgcqG4W7a223Fx
>> IhqVg4BBqPzOgqMjAoGBAJPn2PHdSJpyVSnib9I7sJTGqp493tZ4QVArccbWS7tU55huiwKYuTJZ
>> NVSj3nSW2NoamDOhnqh9FZakb/UYns8kYnv0uhBO3e8HjiqE6q0ESsy21UJgzCJjuYMUeyAzzzCR
>> BJvuM0rOtE92cyDtZ6R18m5SOx/Zkx5xh3EA1ggZAoGABqN+F3aZ7rQlQ8JXYpuKuNJjIeH7bClY
>> jGO7QeqR/feI5qiDCyTns5qjGiRbG/G6NQdvGGE+S6f3EmEB1dmnkgK+UOu/NEZcCVVv/6GrYqCw
>> z0Nd0JSSiB
>> F
>> 9rmueU5lccdwsnXU/ZwXZtpn14M3YPTFAy4z+SQR82R3pwrSW9pY\=
>>>
>>> WORKERGENID1.SIGNERCERTCHAIN=MIIElTCCAn2gAwIBAgIIBT9pktCBJIowDQYJKoZIh
>>> vcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3Rpbmc
>>> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA5NTAzN1oXD
>>> TIxMDUyNzA5NTAzN1owRzERMA8GA1UEAwwIU2lnbmVyIDIxEDAOBgNVBAsMB1Rlc3Rpbmc
>>> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFA
>>> AOCAQ8AMIIBCgKCAQEAokJJPVkPrn3a55rO6A3Bnbe0nfJR9IDSI8AmFhYEBLoKfiavx0o
>>> MdbdDe+Dkwv78xBkgbj//2lhMCVmss90RzY+d0d0rg2SP8y/DsyxwriqCfuM7lnlgvSHCY
>>> woX8+uDM7zI53ykKVhqI3ttyFPa8RsjfFOIWqf39++sJUheW4j9x9rutf6qgtjxOYPQwDy
>>> gT9cIVpM7ZehhqVYlcQZRsprMg55s2SN/a78krAW51msoIDgd9+zbsIvzuGqCspO3AN8b2
>>> m8tlHTlA/E4+3OZkSqgpx8FSKIfbKUa866pRzptvcbL/wpFxYkyxqcB6o7CFnWbr3gUPpz
>>> 8KjuY7ypMmwIDAQABo38wfTAdBgNVHQ4EFgQUSkR/B71idJmR8deZziBAqSzWzhMwDAYDV
>>> R0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8
>>> EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA
>>> 4ICAQA+pQuI1QmZLdheCVmc+k1h53uIv9pBnBKSbKn0/CVznmlPOpJIwwuzcLfCesa6gkG
>>> 6BabHJwMrU/SpZuW
>> u
>> rHxdEKe6fS/ngYnIjFI5R0Kgl1czqq/tXDjGEpv2x0tZECqLFrkC7a+gjXJPE8TDj8nvi40pcKFv
>> v2tbRiyYrIPIxefrXmkT91F3zUKbQL0iW7Aot/0Klj+i4uivqFu359OymJ2C5wJOyZqPPsxUvTdA
>> 2EZNX4BseFvJREmvx1CAgZkANZD4Qzn1b/0WrXfYsbWA4cBeTRR7vjGajBc/oGo2wki0dJksImU8
>> b2dLEf3n3M9dfxiFEAnl3YKDmT21wamO/hRdWklT+7Ivz6SFnW6HneT42IMNkC4k3d0i0Y2/q7XN
>> 5rvMFbH1n6O4NUqHIkzbCtVljV6+XESmMseyJGKlY6RD7jnhEJq6dGPGSr5h6SAohYljs5Y1e/Dy
>> g243sP75ZO7HfOYPd2Sp+p5R5szWOuZp5UtLFBhuwlI41LnpuL+4t25LjNHoGhzZCl1rxqcSBGVK
>> LG2sN0XVXfqrt/EykOAV0WW+S72tRPI73eq0AeRJRRfzcZiequi694eP10Ehh/iiOpQ28yfhsWDv
>> MIxu8o8oK+hpgQvCwecP7rupdqM9OQYnePb53dd8Tt4hw4WhvSWC/9aNfFXc3jwbHVy5Rw\=\=;M
>> IIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb
>> 3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTA
>> lNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ
>> 0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFM
>> IICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/R
>> TOu4G4f6CT
>> k
>> d6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02w
>> d6JEEkbdKZv+MJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzD
>> d6JEEkbdKZv+MA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9G
>> d6JEEkbdKZv+JujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVA
>> d6JEEkbdKZv+Bhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+
>> d6JEEkbdKZv+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvED
>> d6JEEkbdKZv+NDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1
>> d6JEEkbdKZv+o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cf
>> d6JEEkbdKZv+jFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHg
>> d6JEEkbdKZv+IGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0C
>> d6JEEkbdKZv+LY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7o
>> d6JEEkbdKZv+rbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU
>> d6JEEkbdKZv+IHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
>> d6JEEkbdKZv+DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfK
>> d6JEEkbdKZv+KsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9F
>> d6JEEkbdKZv+XThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPw
>> d6JEEkbdKZv+LLqdsA8Io60kuES4JnQahPdLkf
>> m
>> 70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw
>> 46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7k
>> agqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0
>> wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLw
>> iEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgj
>> Ndo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SAT
>> eyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA\=\=
>>>
>>>
>>>
>>>
>>>
>>> ## P12CryptoToken properties
>>>
>>>
>>>
>>> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.
>>> p12
>>>
>>> #WORKERGENID1.KEYSTOREPASSWORD=123456
>>>
>>>
>>>
>>>
>>>
>>> ## PKCS11CryptoToken properties
>>>
>>>
>>>
>>> #WORKERGENID1.sharedLibrary=/home/tomas/dev/Utimaco/libcs2_pkcs11.so
>>>
>>> #WORKERGENID1.slot=1
>>>
>>> #WORKERGENID1.defaultKey=defaultKey
>>>
>>> #WORKERGENID1.pin foo123
>>>
>>>
>>>
>>> When the server, by the demo page, try to sign a document, which key
>>> pair it use? Is it in the line:
>>> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12?
>>
>> That depends on which signtoken you define. If it is a SoftCryptoToken
>> then
>> it is the KEYDATA property but if is a P12CryptoToken then it is the
>> KEYSTOREPATH property.
>>
>>>
>>>
>>>
>>> Is this the keystore generated by ejbca? If yes, should I point to
>>> ejbca/p12/tomcat.p12?
>>
>> No, the KEYSTOREPATH is the path to the keystore containing the signing
>> key
>> to sign documents with if you have chosen to use the P12CryptoToken.
>>
>>>
>>>
>>>
>>> ======================================================================
>>> ========================================================
>>>
>>> And, at last, for the WSDL error, this is what I’m doing, how
>>> described on the guide:
>>>
>>>
>>>
>>> System./setProperty/("javax.net.ssl.keyStoreType", "JKS");
>>>
>>> System./setProperty/("javax.net.ssl.keyStore",
>>> "C:\\Users\\Marcos\\Desktop\\p12\\yMariano.jks");
>>>
>>> System./setProperty/("javax.net.ssl.keyStorePassword
>>> ", "a1b2c3");
>>>
>>>
>>>
>>> System./setProperty/("javax.net.ssl.trustStoreType",
>>> "JKS");
>>>
>>> System./setProperty/("javax.net.ssl.trustStore",
>>> "C:\\Projeto\\workspace\\ejbca\\p12\\truststore.jks");
>>>
>>>
>>> System./setProperty/("javax.net.ssl.trustStorePassword",
>>> "myPassword");
>>>
>>>
>>>
>>> The keystore is loaded to sign the document, right?
>>
>> No, the keystore in the system property is used for client authenticated
>> TLS
>> (ie if you access the web service on port 8443).
>>>
>>> The truststore is loaded too.
>>>
>>>
>>>
>>> Is it something wrong?
>>
>> It looks correct assuming that the file paths and passwords are correct
>> and
>> that the truststore/keystore contains correct certificates.
>>
>> Best regards,
>> Markus
>>
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> *De:*Marcos Fontana [mailto:mar...@ho...]
>>> *Enviada em:* segunda-feira, 7 de janeiro de 2013 08:33
>>> *Para:* Marcos Paulo Fontana
>>> *Assunto:* FW: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>>
>>>
>>>
>>>
>>> Enviado pelo meu Windows Phone
>>>
>>> ----------------------------------------------------------------------
>>> --
>>>
>>> *From: *Markus Kilås
>>> *Sent: *06/01/2013 11:27
>>> *To: *sig...@li...
>>> <mailto:sig...@li...>
>>> *Subject: *Re: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>>> Hi,
>>>>
>>>
>>> Hi Marcos,
>>>
>>>>
>>>>
>>>> When I’m are setting properties by the command:
>>>>
>>>>
>>>>
>>>> bin/signserver.sh setproperties
>>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>>
>>>>
>>>>
>>>> I got the console error: Error reading property file. Is there some
>>>> place that I can see this log?
>>>>
>>>
>>> You can get this error is the file is not existing or in any other way
>>> not readable. Make sure that the file can be read by for instance
>>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>>> Unfortunately this is not logged anywhere in more detail than what is
>>> printed on the console.
>>>
>>>>
>>>>
>>>> The configurations are right. Another question, what is the
>>>> difference by worker and signer?
>>>
>>> A Worker is an entity in SignServer which has an Worker ID and a
>>> configuration and can be called to perform some work. A signer is a
>>> type of worker which uses a crypto token to sign something.
>>>
>>>>
>>>>
>>>>
>>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>>
>>> That property sets the worker name to "PDFSigner" for the new worker
>>> which is about to be added. The WORKERGENID1 means that a new worker
>>> with the next available ID will be created.
>>>
>>> If you instead want to define the worker ID you could replace
>>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>>> recommended if you want to be able to apply (setproperties) the file
>>> again without having a new worker to be created.
>>>
>>>>
>>>>
>>>>
>>>> And another question, I’m getting this error when i try to
>>>> instantiate the object os WSDL in this line
>>>>
>>>> : ISigningAndValidation _signserver_ =
>>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>>
>>>>
>>>>
>>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>>> failed with:
>>>>
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>>>> own
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>>>> n
>>>> Source)
>>>>
>>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>>
>>>> at
>>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>>>> WSService.java:42_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>>> lidationWS.java:120_)
>>>>
>>>> at
>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>>> lidationWS.java:83_)
>>>>
>>>> at
>>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>>>> va:145_)
>>>>
>>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>>
>>>> Caused by: _java.net.SocketException_:
>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>>
>>>> at
>>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>>> Source)
>>>>
>>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>>> Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>>> Source)
>>>>
>>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>>> Source)
>>>>
>>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>>>> ttpClient(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>>>> (Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>>> Source)
>>>>
>>>> at
>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>>>> own
>>>> Source)
>>>>
>>>> at java.net.URL.openStream(Unknown Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>>>> known
>>>> Source)
>>>>
>>>> at
>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>>>> nown Source)
>>>>
>>>> ... 11 more
>>>>
>>>
>>> Have you defined the javax.net.ssl.trustStore and
>>> javax.net.ssl.trustStorePassword system properties?
>>>
>>> See
>>> http://signserver.org/manual/integration.html#Signing%20and%20validati
>>> ng%20an%20XML%20document
>>> for an example.
>>>
>>>
>>> Best regards,
>>> Markus
>>>
>>>
>>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>>> subscription and training. Please see www.primekey.se
>>> <http://www.primekey.se> or contact in...@pr...
>>> <mailto:in...@pr...> for more information.
>>> http://www.primekey.se/Services/Support/
>>> http://www.primekey.se/Services/Training/
>>>
>>>
>>>
>>> ----------------------------------------------------------------------
>>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>>> by Microsoft MVPs and experts. ON SALE this month only -- learn more
>>> at:
>>> http://p.sf.net/sfu/learnmore_123012
>>> _______________________________________________
>>> SignServer-develop mailing list
>>> Sig...@li...
>>> <mailto:Sig...@li...>
>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>
>>> ----------------------------------------------------------------------
>>> --
>>> ----------------------------------------------------------------------
>>> --
>>>
>>> Nenhum vírus encontrado nessa mensagem.
>>> Verificado por AVG - www.avgbrasil.com.br
>>> <http://www.avgbrasil.com.br>
>>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
>>> Lançamento: 01/06/13
>>>
>>>
>>>
>>> ----------------------------------------------------------------------
>>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>>> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
>>> more at:
>>> http://p.sf.net/sfu/learnmore_122412
>>>
>>>
>>>
>>> _______________________________________________
>>> SignServer-develop mailing list
>>> Sig...@li...
>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>
>>
>>
>>
>> --
>> Kind regards,
>> Markus Kilås
>> Security Consultant & Developer
>>
>> PrimeKey Solutions AB
>>
>> Anderstorpsv. 16
>> 171 54 Solna
>> Sweden
>>
>> Phone: +46 70 424 94 85
>> Skype: markusatskype
>> Email: mar...@pr...
>>
>> www.primekey.se
>>
>>
>>
>> ----------------------------------------------------------------------------
>> --
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC,
>> Windows 8 Apps, JavaScript and much more. Keep your skills current with
>> LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and
>> experts. SALE $99.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122412
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
>> Lançamento: 01/06/13
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
>> Lançamento: 01/06/13
>>
>>
>> ------------------------------------------------------------------------------
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
>> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
>> MVPs and experts. SALE $99.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122412
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
>
--
PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
|
|
From: Marcos F. <mar...@ho...> - 2013-01-08 17:59:40
|
Hi Markus,
First, thanks for the support.
I still getting the WSDL problem.
A question: the trustStore must contain which certificate? the server certificate or the certificate of who will signin the document?
System.setProperty("javax.net.ssl.trustStore", "C:/Users/Marcos/Desktop/p12/mFontana.p12");
System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
Another question: If i create a service that will sign/validate documents of diferente peoples, which one with their own certificate, must i create a worker for which one of them? Or can I do it by that example “Signing and Validating an XML document”. For this comands, in the case of a PDF, there is some way to do it like in the web demos page, including the logo and that other informations or just having the worker configured wll that is included?
Regards
--------------------------------------------------------------------------------
From: Markus Kilås
Sent: 06/01/2013 11:27
To: sig...@li...
Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
On 2013-01-04 17:55, Marcos Fontana wrote:
> Hi,
>
Hi Marcos,
>
>
> When I’m are setting properties by the command:
>
>
>
> bin/signserver.sh setproperties
> doc/sample-configs/qs_pdfsigner_configuration.properties
>
>
>
> I got the console error: Error reading property file. Is there some
> place that I can see this log?
>
You can get this error is the file is not existing or in any other way
not readable. Make sure that the file can be read by for instance
running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
Unfortunately this is not logged anywhere in more detail than what is
printed on the console.
>
>
> The configurations are right. Another question, what is the difference
> by worker and signer?
A Worker is an entity in SignServer which has an Worker ID and a
configuration and can be called to perform some work. A signer is a type
of worker which uses a crypto token to sign something.
>
>
>
> The ID or Worker name, in the case of PDF, is the PDFSigner, configured
> in this line: WORKERGENID1.NAME=PDFSigner?
That property sets the worker name to "PDFSigner" for the new worker
which is about to be added. The WORKERGENID1 means that a new worker
with the next available ID will be created.
If you instead want to define the worker ID you could replace
WORKERGENID1 with for instance WORKER47 (or any other ID). This is
recommended if you want to be able to apply (setproperties) the file
again without having a new worker to be created.
>
>
>
> And another question, I’m getting this error when i try to instantiate
> the object os WSDL in this line
>
> : ISigningAndValidation _signserver_ =
> *new*SigningAndValidationWS("localhost", 8442, *true*);
>
>
>
> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
> failed with:
>
> _java.security.NoSuchAlgorithmException_: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown
> Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>
> at
> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown
> Source)
>
> at javax.xml.ws.Service.<init>(Unknown Source)
>
> at
> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServerWSService.java:42_)
>
> at
> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:120_)
>
> at
> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:83_)
>
> at
> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.java:145_)
>
> at certificate.principal.Principal.main(_Principal.java:70_)
>
> Caused by: _java.net.SocketException_:
> _java.security.NoSuchAlgorithmException_: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>
> at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
> Source)
>
> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
> Source)
>
> at sun.net.NetworkClient.doConnect(Unknown Source)
>
> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>
> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown
> Source)
>
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
>
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
>
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
>
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> Source)
>
> at java.net.URL.openStream(Unknown Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown
> Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown Source)
>
> ... 11 more
>
Have you defined the javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword system properties?
See
http://signserver.org/manual/integration.html#Signing%20and%20validating%20an%20XML%20document
for an example.
Best regards,
Markus
PrimeKey Solutions offers a commercial EJBCA & SignServer support
subscription and training. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_123012
_______________________________________________
SignServer-develop mailing list
Sig...@li...
https://lists.sourceforge.net/lists/listinfo/signserver-develop
--------------------------------------------------------------------------------
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de Lançamento: 01/06/13
|
|
From: Marcos F. <mar...@ho...> - 2013-01-08 13:27:25
|
Now, when i try to sign a PDF, im getting this in log file:
HTTP Status 400 - Request error:
Autorization failed:Error, client aithenticatin is required.
Bad request: Missing field 'data' in request. But I'm filling the field,
selecting a PDF document to sign.
-----Original Message-----
From: Markus Kilås
Sent: Tuesday, January 8, 2013 9:39 AM
To: Marcos Fontana
Cc: signserver-develop
Subject: Re: [SignServer-develop] RES: RES: Worker's questions and Error
WSDL
On 2013-01-07 19:58, Marcos Fontana wrote:
> Ok, problem solved, I needed to restart the application server, that in
> the
> guide was not described, and created a lot of workers with same
> configuration. There is some way to delete the workers?
To remove a worker use:
$ bin/signserver.sh removeworker WORKERID
$ bin/signserver.sh reload WORKERID
>
> Now I'm getting the error :
>
> HTTP Status 503 - Service Temporally Unavailable
>
> The server is currently unable to handle the request:
> Key usage limit exceeded or not initialized for worker 50.
For the key usage counter the worker needs to be reloaded and activated
(if not auto-activated).
$ bin/signserver.sh activatecryptotoken WORKERID
>
> Have this some relation with 'Unlimited Strength Jurisdiction Policy"?
Not directly unless stronger keys are used. Usually we have the
Unlimited Strength Jurisdiction Policy installed.
Best regards,
Markus
>
> Regards
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: segunda-feira, 7 de janeiro de 2013 14:10
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error WSDL
>
> On 2013-01-07 16:44, Marcos Fontana wrote:
>> The error in the propertie file was my fault in the path of it in the
>> commando line.
>>
>>
>>
>> Now, whem im trying to Sign a PDF for example, I’m getting this error:
>> EXCEPTION: org.signserver.common.CryptoTokenOfflineException:
>> Signtoken isn't active.;
>>
>>
>>
>> Look my pdf configuration file:
>>
>>
>>
>> ## Global properties
>>
>>
>>
>> GLOB.WORKERGENID1.CLASSPATH =
>> org.signserver.module.pdfsigner.PDFSigner
>>
>> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>> org.signserver.server.cryptotokens.SoftCryptoToken
>>
>> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>> org.signserver.server.cryptotokens.P12CryptoToken
>>
>> #GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>> org.signserver.server.cryptotokens.PKCS11CryptoToken
>>
>
> You are defining the GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH worker
> property
> multiple times. It is undefined which one will be used but as you are
> getting CryptoTokenOfflineException I would suspect it was the
> P12 one this time.
>
> Remove the definition that you should not use.
>
>>
>>
>>
>>
>> ## General properties
>>
>>
>>
>> WORKERGENID1.NAME=PDFSigner
>>
>> WORKERGENID1.AUTHTYPE=NOAUTH
>>
>>
>>
>>
>>
>> ## SoftCryptoToken properties
>>
>>
>>
>> WORKERGENID1.KEYDATA=AAABJjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBA
>> KJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4
>> //9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYa
>> iN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXE
>> GUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqo
>> KcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQA
>> ABMIwggS+AgEAMA0GCSqGSIb3DQEBAQUABIIEqDCCBKQCAQACggEBAKJCST1ZD6592ueaz
>> ugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2
>> PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTi
>> Fqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u
>> /JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuq
>> Uc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQKCAQA7pJX7YPNstoJ
>> yw+ruTbAv40kXDe2mLHwR/B2D3M/ZVPFqcZoHbWarFpRNwtsT+lq7UmkjXY8UmYRJo5bh/
>> o7+up3OeLf38k0fnR0YjWtV+fZB4hETPMacfv5PHXS0iouNxwUqYhyNvhw1srcl/fzqx4k
>> BuErU2A1EK+thQPq
> +
> NkNo/VJTAcw0cLIcH5fxIOP5MHqDsdSPMGhVg26OHdNdKZBYpS9VzvWG4jPgld23go6bXDCJ6ITo
> D3XTudZOymnv29wf38HT3/q+NNbO5Xk3Rj+l1M8dvyRefK8PLpaVSw2z8FXG6D5eayi04cjWhEUc
> K8rvLaVXwsg4JLQz4H8xAoGBAOxMP0z/3D1MR1yrNUkmvCXu1SnNDBdqC/6lmUt8/Wr+AsKjYxtw
> stQBRG8DrGUYWKTapsScV0gfL0mbWD7LVc08CC0o7X7TlUsAyurnbvWDwMcs9Nw2yHPDx1a/1bYh
> ssCjQdjzVzDX7Ezcm/j/8y2ZzL51CWLaeeLX2paLgf7fAoGBAK/Jr54NZo2Jk2b6uYUQESk7Ud8A
> wdGzP4o/6MK6U72iB5U2Zh9+bzs9rfccRNxOBS99pcvOuagM13gcxwF6oMxvnVtCgAcsJH/Tax0M
> gzns0Ot6ajV0Zo9EywEYef21/qoo+K2ukN8ALB1HjcpHXjmJuJSCXqmDKoRCnsTKQzXFAoGBALBL
> RqLs9WTqRweVWIEGHDN016aDK7VAUkifRhpy2yL69hY/Dg8H6vOPKn5k0DbwjhoYY3mmZtwRIBeb
> hZ/71jzzv+npch9APk8h/UJ6fmc/8BDpspmlabIs68kGAK0MwS9F3je9fVyci9jgcqG4W7a223Fx
> IhqVg4BBqPzOgqMjAoGBAJPn2PHdSJpyVSnib9I7sJTGqp493tZ4QVArccbWS7tU55huiwKYuTJZ
> NVSj3nSW2NoamDOhnqh9FZakb/UYns8kYnv0uhBO3e8HjiqE6q0ESsy21UJgzCJjuYMUeyAzzzCR
> BJvuM0rOtE92cyDtZ6R18m5SOx/Zkx5xh3EA1ggZAoGABqN+F3aZ7rQlQ8JXYpuKuNJjIeH7bClY
> jGO7QeqR/feI5qiDCyTns5qjGiRbG/G6NQdvGGE+S6f3EmEB1dmnkgK+UOu/NEZcCVVv/6GrYqCw
> z0Nd0JSSiB
> F
> 9rmueU5lccdwsnXU/ZwXZtpn14M3YPTFAy4z+SQR82R3pwrSW9pY\=
>>
>> WORKERGENID1.SIGNERCERTCHAIN=MIIElTCCAn2gAwIBAgIIBT9pktCBJIowDQYJKoZIh
>> vcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3Rpbmc
>> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA5NTAzN1oXD
>> TIxMDUyNzA5NTAzN1owRzERMA8GA1UEAwwIU2lnbmVyIDIxEDAOBgNVBAsMB1Rlc3Rpbmc
>> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFA
>> AOCAQ8AMIIBCgKCAQEAokJJPVkPrn3a55rO6A3Bnbe0nfJR9IDSI8AmFhYEBLoKfiavx0o
>> MdbdDe+Dkwv78xBkgbj//2lhMCVmss90RzY+d0d0rg2SP8y/DsyxwriqCfuM7lnlgvSHCY
>> woX8+uDM7zI53ykKVhqI3ttyFPa8RsjfFOIWqf39++sJUheW4j9x9rutf6qgtjxOYPQwDy
>> gT9cIVpM7ZehhqVYlcQZRsprMg55s2SN/a78krAW51msoIDgd9+zbsIvzuGqCspO3AN8b2
>> m8tlHTlA/E4+3OZkSqgpx8FSKIfbKUa866pRzptvcbL/wpFxYkyxqcB6o7CFnWbr3gUPpz
>> 8KjuY7ypMmwIDAQABo38wfTAdBgNVHQ4EFgQUSkR/B71idJmR8deZziBAqSzWzhMwDAYDV
>> R0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8
>> EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA
>> 4ICAQA+pQuI1QmZLdheCVmc+k1h53uIv9pBnBKSbKn0/CVznmlPOpJIwwuzcLfCesa6gkG
>> 6BabHJwMrU/SpZuW
> u
> rHxdEKe6fS/ngYnIjFI5R0Kgl1czqq/tXDjGEpv2x0tZECqLFrkC7a+gjXJPE8TDj8nvi40pcKFv
> v2tbRiyYrIPIxefrXmkT91F3zUKbQL0iW7Aot/0Klj+i4uivqFu359OymJ2C5wJOyZqPPsxUvTdA
> 2EZNX4BseFvJREmvx1CAgZkANZD4Qzn1b/0WrXfYsbWA4cBeTRR7vjGajBc/oGo2wki0dJksImU8
> b2dLEf3n3M9dfxiFEAnl3YKDmT21wamO/hRdWklT+7Ivz6SFnW6HneT42IMNkC4k3d0i0Y2/q7XN
> 5rvMFbH1n6O4NUqHIkzbCtVljV6+XESmMseyJGKlY6RD7jnhEJq6dGPGSr5h6SAohYljs5Y1e/Dy
> g243sP75ZO7HfOYPd2Sp+p5R5szWOuZp5UtLFBhuwlI41LnpuL+4t25LjNHoGhzZCl1rxqcSBGVK
> LG2sN0XVXfqrt/EykOAV0WW+S72tRPI73eq0AeRJRRfzcZiequi694eP10Ehh/iiOpQ28yfhsWDv
> MIxu8o8oK+hpgQvCwecP7rupdqM9OQYnePb53dd8Tt4hw4WhvSWC/9aNfFXc3jwbHVy5Rw\=\=;M
> IIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb
> 3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTA
> lNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ
> 0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFM
> IICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/R
> TOu4G4f6CT
> k
> d6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02w
> d6JEEkbdKZv+MJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzD
> d6JEEkbdKZv+MA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9G
> d6JEEkbdKZv+JujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVA
> d6JEEkbdKZv+Bhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+
> d6JEEkbdKZv+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvED
> d6JEEkbdKZv+NDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1
> d6JEEkbdKZv+o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cf
> d6JEEkbdKZv+jFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHg
> d6JEEkbdKZv+IGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0C
> d6JEEkbdKZv+LY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7o
> d6JEEkbdKZv+rbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU
> d6JEEkbdKZv+IHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
> d6JEEkbdKZv+DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfK
> d6JEEkbdKZv+KsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9F
> d6JEEkbdKZv+XThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPw
> d6JEEkbdKZv+LLqdsA8Io60kuES4JnQahPdLkf
> m
> 70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw
> 46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7k
> agqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0
> wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLw
> iEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgj
> Ndo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SAT
> eyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA\=\=
>>
>>
>>
>>
>>
>> ## P12CryptoToken properties
>>
>>
>>
>> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.
>> p12
>>
>> #WORKERGENID1.KEYSTOREPASSWORD=123456
>>
>>
>>
>>
>>
>> ## PKCS11CryptoToken properties
>>
>>
>>
>> #WORKERGENID1.sharedLibrary=/home/tomas/dev/Utimaco/libcs2_pkcs11.so
>>
>> #WORKERGENID1.slot=1
>>
>> #WORKERGENID1.defaultKey=defaultKey
>>
>> #WORKERGENID1.pin foo123
>>
>>
>>
>> When the server, by the demo page, try to sign a document, which key
>> pair it use? Is it in the line:
>> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12?
>
> That depends on which signtoken you define. If it is a SoftCryptoToken
> then
> it is the KEYDATA property but if is a P12CryptoToken then it is the
> KEYSTOREPATH property.
>
>>
>>
>>
>> Is this the keystore generated by ejbca? If yes, should I point to
>> ejbca/p12/tomcat.p12?
>
> No, the KEYSTOREPATH is the path to the keystore containing the signing
> key
> to sign documents with if you have chosen to use the P12CryptoToken.
>
>>
>>
>>
>> ======================================================================
>> ========================================================
>>
>> And, at last, for the WSDL error, this is what I’m doing, how
>> described on the guide:
>>
>>
>>
>> System./setProperty/("javax.net.ssl.keyStoreType", "JKS");
>>
>> System./setProperty/("javax.net.ssl.keyStore",
>> "C:\\Users\\Marcos\\Desktop\\p12\\yMariano.jks");
>>
>> System./setProperty/("javax.net.ssl.keyStorePassword
>> ", "a1b2c3");
>>
>>
>>
>> System./setProperty/("javax.net.ssl.trustStoreType",
>> "JKS");
>>
>> System./setProperty/("javax.net.ssl.trustStore",
>> "C:\\Projeto\\workspace\\ejbca\\p12\\truststore.jks");
>>
>>
>> System./setProperty/("javax.net.ssl.trustStorePassword",
>> "myPassword");
>>
>>
>>
>> The keystore is loaded to sign the document, right?
>
> No, the keystore in the system property is used for client authenticated
> TLS
> (ie if you access the web service on port 8443).
>>
>> The truststore is loaded too.
>>
>>
>>
>> Is it something wrong?
>
> It looks correct assuming that the file paths and passwords are correct
> and
> that the truststore/keystore contains correct certificates.
>
> Best regards,
> Markus
>
>>
>>
>>
>> Regards,
>>
>>
>>
>> *De:*Marcos Fontana [mailto:mar...@ho...]
>> *Enviada em:* segunda-feira, 7 de janeiro de 2013 08:33
>> *Para:* Marcos Paulo Fontana
>> *Assunto:* FW: [SignServer-develop] Worker's questions and Error WSDL
>>
>>
>>
>>
>>
>> Enviado pelo meu Windows Phone
>>
>> ----------------------------------------------------------------------
>> --
>>
>> *From: *Markus Kilås
>> *Sent: *06/01/2013 11:27
>> *To: *sig...@li...
>> <mailto:sig...@li...>
>> *Subject: *Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>> Hi,
>>>
>>
>> Hi Marcos,
>>
>>>
>>>
>>> When I’m are setting properties by the command:
>>>
>>>
>>>
>>> bin/signserver.sh setproperties
>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>
>>>
>>>
>>> I got the console error: Error reading property file. Is there some
>>> place that I can see this log?
>>>
>>
>> You can get this error is the file is not existing or in any other way
>> not readable. Make sure that the file can be read by for instance
>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>> Unfortunately this is not logged anywhere in more detail than what is
>> printed on the console.
>>
>>>
>>>
>>> The configurations are right. Another question, what is the
>>> difference by worker and signer?
>>
>> A Worker is an entity in SignServer which has an Worker ID and a
>> configuration and can be called to perform some work. A signer is a
>> type of worker which uses a crypto token to sign something.
>>
>>>
>>>
>>>
>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>
>> That property sets the worker name to "PDFSigner" for the new worker
>> which is about to be added. The WORKERGENID1 means that a new worker
>> with the next available ID will be created.
>>
>> If you instead want to define the worker ID you could replace
>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>> recommended if you want to be able to apply (setproperties) the file
>> again without having a new worker to be created.
>>
>>>
>>>
>>>
>>> And another question, I’m getting this error when i try to
>>> instantiate the object os WSDL in this line
>>>
>>> : ISigningAndValidation _signserver_ =
>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>
>>>
>>>
>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>> failed with:
>>>
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>>> own
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>>> n
>>> Source)
>>>
>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>
>>> at
>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>>> WSService.java:42_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:120_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:83_)
>>>
>>> at
>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>>> va:145_)
>>>
>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>
>>> Caused by: _java.net.SocketException_:
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>
>>> at
>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>> Source)
>>>
>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>>> ttpClient(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>>> (Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>>> own
>>> Source)
>>>
>>> at java.net.URL.openStream(Unknown Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>>> known
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>>> nown Source)
>>>
>>> ... 11 more
>>>
>>
>> Have you defined the javax.net.ssl.trustStore and
>> javax.net.ssl.trustStorePassword system properties?
>>
>> See
>> http://signserver.org/manual/integration.html#Signing%20and%20validati
>> ng%20an%20XML%20document
>> for an example.
>>
>>
>> Best regards,
>> Markus
>>
>>
>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>> subscription and training. Please see www.primekey.se
>> <http://www.primekey.se> or contact in...@pr...
>> <mailto:in...@pr...> for more information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>> by Microsoft MVPs and experts. ON SALE this month only -- learn more
>> at:
>> http://p.sf.net/sfu/learnmore_123012
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> <mailto:Sig...@li...>
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>> ----------------------------------------------------------------------
>> --
>> ----------------------------------------------------------------------
>> --
>>
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> <http://www.avgbrasil.com.br>
>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
>> Lançamento: 01/06/13
>>
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
>> more at:
>> http://p.sf.net/sfu/learnmore_122412
>>
>>
>>
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
>
>
> --
> Kind regards,
> Markus Kilås
> Security Consultant & Developer
>
> PrimeKey Solutions AB
>
> Anderstorpsv. 16
> 171 54 Solna
> Sweden
>
> Phone: +46 70 424 94 85
> Skype: markusatskype
> Email: mar...@pr...
>
> www.primekey.se
>
>
>
> ----------------------------------------------------------------------------
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC,
> Windows 8 Apps, JavaScript and much more. Keep your skills current with
> LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and
> experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
> Lançamento: 01/06/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
> Lançamento: 01/06/13
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
|
|
From: Markus K. <ejb...@pr...> - 2013-01-08 11:39:05
|
On 2013-01-07 19:58, Marcos Fontana wrote:
> Ok, problem solved, I needed to restart the application server, that in the
> guide was not described, and created a lot of workers with same
> configuration. There is some way to delete the workers?
To remove a worker use:
$ bin/signserver.sh removeworker WORKERID
$ bin/signserver.sh reload WORKERID
>
> Now I'm getting the error :
>
> HTTP Status 503 - Service Temporally Unavailable
>
> The server is currently unable to handle the request:
> Key usage limit exceeded or not initialized for worker 50.
For the key usage counter the worker needs to be reloaded and activated
(if not auto-activated).
$ bin/signserver.sh activatecryptotoken WORKERID
>
> Have this some relation with 'Unlimited Strength Jurisdiction Policy"?
Not directly unless stronger keys are used. Usually we have the
Unlimited Strength Jurisdiction Policy installed.
Best regards,
Markus
>
> Regards
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: segunda-feira, 7 de janeiro de 2013 14:10
> Para: sig...@li...
> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error WSDL
>
> On 2013-01-07 16:44, Marcos Fontana wrote:
>> The error in the propertie file was my fault in the path of it in the
>> commando line.
>>
>>
>>
>> Now, whem im trying to Sign a PDF for example, I’m getting this error:
>> EXCEPTION: org.signserver.common.CryptoTokenOfflineException:
>> Signtoken isn't active.;
>>
>>
>>
>> Look my pdf configuration file:
>>
>>
>>
>> ## Global properties
>>
>>
>>
>> GLOB.WORKERGENID1.CLASSPATH =
>> org.signserver.module.pdfsigner.PDFSigner
>>
>> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>> org.signserver.server.cryptotokens.SoftCryptoToken
>>
>> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>> org.signserver.server.cryptotokens.P12CryptoToken
>>
>> #GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
>> org.signserver.server.cryptotokens.PKCS11CryptoToken
>>
>
> You are defining the GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH worker property
> multiple times. It is undefined which one will be used but as you are
> getting CryptoTokenOfflineException I would suspect it was the
> P12 one this time.
>
> Remove the definition that you should not use.
>
>>
>>
>>
>>
>> ## General properties
>>
>>
>>
>> WORKERGENID1.NAME=PDFSigner
>>
>> WORKERGENID1.AUTHTYPE=NOAUTH
>>
>>
>>
>>
>>
>> ## SoftCryptoToken properties
>>
>>
>>
>> WORKERGENID1.KEYDATA=AAABJjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBA
>> KJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4
>> //9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYa
>> iN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXE
>> GUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqo
>> KcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQA
>> ABMIwggS+AgEAMA0GCSqGSIb3DQEBAQUABIIEqDCCBKQCAQACggEBAKJCST1ZD6592ueaz
>> ugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2
>> PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTi
>> Fqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u
>> /JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuq
>> Uc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQKCAQA7pJX7YPNstoJ
>> yw+ruTbAv40kXDe2mLHwR/B2D3M/ZVPFqcZoHbWarFpRNwtsT+lq7UmkjXY8UmYRJo5bh/
>> o7+up3OeLf38k0fnR0YjWtV+fZB4hETPMacfv5PHXS0iouNxwUqYhyNvhw1srcl/fzqx4k
>> BuErU2A1EK+thQPq
> +
> NkNo/VJTAcw0cLIcH5fxIOP5MHqDsdSPMGhVg26OHdNdKZBYpS9VzvWG4jPgld23go6bXDCJ6ITo
> D3XTudZOymnv29wf38HT3/q+NNbO5Xk3Rj+l1M8dvyRefK8PLpaVSw2z8FXG6D5eayi04cjWhEUc
> K8rvLaVXwsg4JLQz4H8xAoGBAOxMP0z/3D1MR1yrNUkmvCXu1SnNDBdqC/6lmUt8/Wr+AsKjYxtw
> stQBRG8DrGUYWKTapsScV0gfL0mbWD7LVc08CC0o7X7TlUsAyurnbvWDwMcs9Nw2yHPDx1a/1bYh
> ssCjQdjzVzDX7Ezcm/j/8y2ZzL51CWLaeeLX2paLgf7fAoGBAK/Jr54NZo2Jk2b6uYUQESk7Ud8A
> wdGzP4o/6MK6U72iB5U2Zh9+bzs9rfccRNxOBS99pcvOuagM13gcxwF6oMxvnVtCgAcsJH/Tax0M
> gzns0Ot6ajV0Zo9EywEYef21/qoo+K2ukN8ALB1HjcpHXjmJuJSCXqmDKoRCnsTKQzXFAoGBALBL
> RqLs9WTqRweVWIEGHDN016aDK7VAUkifRhpy2yL69hY/Dg8H6vOPKn5k0DbwjhoYY3mmZtwRIBeb
> hZ/71jzzv+npch9APk8h/UJ6fmc/8BDpspmlabIs68kGAK0MwS9F3je9fVyci9jgcqG4W7a223Fx
> IhqVg4BBqPzOgqMjAoGBAJPn2PHdSJpyVSnib9I7sJTGqp493tZ4QVArccbWS7tU55huiwKYuTJZ
> NVSj3nSW2NoamDOhnqh9FZakb/UYns8kYnv0uhBO3e8HjiqE6q0ESsy21UJgzCJjuYMUeyAzzzCR
> BJvuM0rOtE92cyDtZ6R18m5SOx/Zkx5xh3EA1ggZAoGABqN+F3aZ7rQlQ8JXYpuKuNJjIeH7bClY
> jGO7QeqR/feI5qiDCyTns5qjGiRbG/G6NQdvGGE+S6f3EmEB1dmnkgK+UOu/NEZcCVVv/6GrYqCw
> z0Nd0JSSiB
> F
> 9rmueU5lccdwsnXU/ZwXZtpn14M3YPTFAy4z+SQR82R3pwrSW9pY\=
>>
>> WORKERGENID1.SIGNERCERTCHAIN=MIIElTCCAn2gAwIBAgIIBT9pktCBJIowDQYJKoZIh
>> vcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3Rpbmc
>> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA5NTAzN1oXD
>> TIxMDUyNzA5NTAzN1owRzERMA8GA1UEAwwIU2lnbmVyIDIxEDAOBgNVBAsMB1Rlc3Rpbmc
>> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFA
>> AOCAQ8AMIIBCgKCAQEAokJJPVkPrn3a55rO6A3Bnbe0nfJR9IDSI8AmFhYEBLoKfiavx0o
>> MdbdDe+Dkwv78xBkgbj//2lhMCVmss90RzY+d0d0rg2SP8y/DsyxwriqCfuM7lnlgvSHCY
>> woX8+uDM7zI53ykKVhqI3ttyFPa8RsjfFOIWqf39++sJUheW4j9x9rutf6qgtjxOYPQwDy
>> gT9cIVpM7ZehhqVYlcQZRsprMg55s2SN/a78krAW51msoIDgd9+zbsIvzuGqCspO3AN8b2
>> m8tlHTlA/E4+3OZkSqgpx8FSKIfbKUa866pRzptvcbL/wpFxYkyxqcB6o7CFnWbr3gUPpz
>> 8KjuY7ypMmwIDAQABo38wfTAdBgNVHQ4EFgQUSkR/B71idJmR8deZziBAqSzWzhMwDAYDV
>> R0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8
>> EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA
>> 4ICAQA+pQuI1QmZLdheCVmc+k1h53uIv9pBnBKSbKn0/CVznmlPOpJIwwuzcLfCesa6gkG
>> 6BabHJwMrU/SpZuW
> u
> rHxdEKe6fS/ngYnIjFI5R0Kgl1czqq/tXDjGEpv2x0tZECqLFrkC7a+gjXJPE8TDj8nvi40pcKFv
> v2tbRiyYrIPIxefrXmkT91F3zUKbQL0iW7Aot/0Klj+i4uivqFu359OymJ2C5wJOyZqPPsxUvTdA
> 2EZNX4BseFvJREmvx1CAgZkANZD4Qzn1b/0WrXfYsbWA4cBeTRR7vjGajBc/oGo2wki0dJksImU8
> b2dLEf3n3M9dfxiFEAnl3YKDmT21wamO/hRdWklT+7Ivz6SFnW6HneT42IMNkC4k3d0i0Y2/q7XN
> 5rvMFbH1n6O4NUqHIkzbCtVljV6+XESmMseyJGKlY6RD7jnhEJq6dGPGSr5h6SAohYljs5Y1e/Dy
> g243sP75ZO7HfOYPd2Sp+p5R5szWOuZp5UtLFBhuwlI41LnpuL+4t25LjNHoGhzZCl1rxqcSBGVK
> LG2sN0XVXfqrt/EykOAV0WW+S72tRPI73eq0AeRJRRfzcZiequi694eP10Ehh/iiOpQ28yfhsWDv
> MIxu8o8oK+hpgQvCwecP7rupdqM9OQYnePb53dd8Tt4hw4WhvSWC/9aNfFXc3jwbHVy5Rw\=\=;M
> IIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb
> 3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTA
> lNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ
> 0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFM
> IICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/R
> TOu4G4f6CT
> k
> d6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02w
> d6JEEkbdKZv+MJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzD
> d6JEEkbdKZv+MA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9G
> d6JEEkbdKZv+JujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVA
> d6JEEkbdKZv+Bhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+
> d6JEEkbdKZv+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvED
> d6JEEkbdKZv+NDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1
> d6JEEkbdKZv+o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cf
> d6JEEkbdKZv+jFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHg
> d6JEEkbdKZv+IGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0C
> d6JEEkbdKZv+LY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7o
> d6JEEkbdKZv+rbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU
> d6JEEkbdKZv+IHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
> d6JEEkbdKZv+DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfK
> d6JEEkbdKZv+KsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9F
> d6JEEkbdKZv+XThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPw
> d6JEEkbdKZv+LLqdsA8Io60kuES4JnQahPdLkf
> m
> 70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw
> 46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7k
> agqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0
> wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLw
> iEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgj
> Ndo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SAT
> eyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA\=\=
>>
>>
>>
>>
>>
>> ## P12CryptoToken properties
>>
>>
>>
>> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.
>> p12
>>
>> #WORKERGENID1.KEYSTOREPASSWORD=123456
>>
>>
>>
>>
>>
>> ## PKCS11CryptoToken properties
>>
>>
>>
>> #WORKERGENID1.sharedLibrary=/home/tomas/dev/Utimaco/libcs2_pkcs11.so
>>
>> #WORKERGENID1.slot=1
>>
>> #WORKERGENID1.defaultKey=defaultKey
>>
>> #WORKERGENID1.pin foo123
>>
>>
>>
>> When the server, by the demo page, try to sign a document, which key
>> pair it use? Is it in the line:
>> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12?
>
> That depends on which signtoken you define. If it is a SoftCryptoToken then
> it is the KEYDATA property but if is a P12CryptoToken then it is the
> KEYSTOREPATH property.
>
>>
>>
>>
>> Is this the keystore generated by ejbca? If yes, should I point to
>> ejbca/p12/tomcat.p12?
>
> No, the KEYSTOREPATH is the path to the keystore containing the signing key
> to sign documents with if you have chosen to use the P12CryptoToken.
>
>>
>>
>>
>> ======================================================================
>> ========================================================
>>
>> And, at last, for the WSDL error, this is what I’m doing, how
>> described on the guide:
>>
>>
>>
>> System./setProperty/("javax.net.ssl.keyStoreType", "JKS");
>>
>> System./setProperty/("javax.net.ssl.keyStore",
>> "C:\\Users\\Marcos\\Desktop\\p12\\yMariano.jks");
>>
>> System./setProperty/("javax.net.ssl.keyStorePassword
>> ", "a1b2c3");
>>
>>
>>
>> System./setProperty/("javax.net.ssl.trustStoreType",
>> "JKS");
>>
>> System./setProperty/("javax.net.ssl.trustStore",
>> "C:\\Projeto\\workspace\\ejbca\\p12\\truststore.jks");
>>
>>
>> System./setProperty/("javax.net.ssl.trustStorePassword",
>> "myPassword");
>>
>>
>>
>> The keystore is loaded to sign the document, right?
>
> No, the keystore in the system property is used for client authenticated TLS
> (ie if you access the web service on port 8443).
>>
>> The truststore is loaded too.
>>
>>
>>
>> Is it something wrong?
>
> It looks correct assuming that the file paths and passwords are correct and
> that the truststore/keystore contains correct certificates.
>
> Best regards,
> Markus
>
>>
>>
>>
>> Regards,
>>
>>
>>
>> *De:*Marcos Fontana [mailto:mar...@ho...]
>> *Enviada em:* segunda-feira, 7 de janeiro de 2013 08:33
>> *Para:* Marcos Paulo Fontana
>> *Assunto:* FW: [SignServer-develop] Worker's questions and Error WSDL
>>
>>
>>
>>
>>
>> Enviado pelo meu Windows Phone
>>
>> ----------------------------------------------------------------------
>> --
>>
>> *From: *Markus Kilås
>> *Sent: *06/01/2013 11:27
>> *To: *sig...@li...
>> <mailto:sig...@li...>
>> *Subject: *Re: [SignServer-develop] Worker's questions and Error WSDL
>>
>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>> Hi,
>>>
>>
>> Hi Marcos,
>>
>>>
>>>
>>> When I’m are setting properties by the command:
>>>
>>>
>>>
>>> bin/signserver.sh setproperties
>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>
>>>
>>>
>>> I got the console error: Error reading property file. Is there some
>>> place that I can see this log?
>>>
>>
>> You can get this error is the file is not existing or in any other way
>> not readable. Make sure that the file can be read by for instance
>> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
>> Unfortunately this is not logged anywhere in more detail than what is
>> printed on the console.
>>
>>>
>>>
>>> The configurations are right. Another question, what is the
>>> difference by worker and signer?
>>
>> A Worker is an entity in SignServer which has an Worker ID and a
>> configuration and can be called to perform some work. A signer is a
>> type of worker which uses a crypto token to sign something.
>>
>>>
>>>
>>>
>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>
>> That property sets the worker name to "PDFSigner" for the new worker
>> which is about to be added. The WORKERGENID1 means that a new worker
>> with the next available ID will be created.
>>
>> If you instead want to define the worker ID you could replace
>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>> recommended if you want to be able to apply (setproperties) the file
>> again without having a new worker to be created.
>>
>>>
>>>
>>>
>>> And another question, I’m getting this error when i try to
>>> instantiate the object os WSDL in this line
>>>
>>> : ISigningAndValidation _signserver_ =
>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>
>>>
>>>
>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>>> failed with:
>>>
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>>> own
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>>> n
>>> Source)
>>>
>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>
>>> at
>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>>> WSService.java:42_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:120_)
>>>
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>>> lidationWS.java:83_)
>>>
>>> at
>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>>> va:145_)
>>>
>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>
>>> Caused by: _java.net.SocketException_:
>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>
>>> at
>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>> Source)
>>>
>>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>> Source)
>>>
>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>> Source)
>>>
>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>>> ttpClient(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>>> (Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>> Source)
>>>
>>> at
>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>>> own
>>> Source)
>>>
>>> at java.net.URL.openStream(Unknown Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>>> known
>>> Source)
>>>
>>> at
>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>>> nown Source)
>>>
>>> ... 11 more
>>>
>>
>> Have you defined the javax.net.ssl.trustStore and
>> javax.net.ssl.trustStorePassword system properties?
>>
>> See
>> http://signserver.org/manual/integration.html#Signing%20and%20validati
>> ng%20an%20XML%20document
>> for an example.
>>
>>
>> Best regards,
>> Markus
>>
>>
>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>> subscription and training. Please see www.primekey.se
>> <http://www.primekey.se> or contact in...@pr...
>> <mailto:in...@pr...> for more information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>> by Microsoft MVPs and experts. ON SALE this month only -- learn more
>> at:
>> http://p.sf.net/sfu/learnmore_123012
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> <mailto:Sig...@li...>
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>> ----------------------------------------------------------------------
>> --
>> ----------------------------------------------------------------------
>> --
>>
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> <http://www.avgbrasil.com.br>
>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
>> Lançamento: 01/06/13
>>
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
>> more at:
>> http://p.sf.net/sfu/learnmore_122412
>>
>>
>>
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
>
>
> --
> Kind regards,
> Markus Kilås
> Security Consultant & Developer
>
> PrimeKey Solutions AB
>
> Anderstorpsv. 16
> 171 54 Solna
> Sweden
>
> Phone: +46 70 424 94 85
> Skype: markusatskype
> Email: mar...@pr...
>
> www.primekey.se
>
>
>
> ----------------------------------------------------------------------------
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC,
> Windows 8 Apps, JavaScript and much more. Keep your skills current with
> LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and
> experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
> Lançamento: 01/06/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
> Lançamento: 01/06/13
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
|
|
From: Markus K. <ma...@pr...> - 2013-01-08 11:03:02
|
Hi Marcos, Please send the questions to the mailing list so that everybody can benefit from the answers. We answer questions on the mailing list on an best-effort basis. If you need professional support please contact PrimeKey. See answer below. On 2013-01-07 19:00, Marcos Fontana wrote: > Markus, can ejbca and signserver run on the same port? Cause I’m > getting this: _java.net.SocketException_: Software caused connection > abort: recv failed. > > > > I saw in some forums, this can be cause some other program on the same > port is causing that. Multiple processes can not bind to the same port on the same network interface. For instance two application servers can not both bind to all interfaces of port 8080 (ie. 0.0.0.0:8080). However there are ways if you want to run multiple application server on the same machine. Google for "multiple jboss instances on one machine". Best regards, Markus PrimeKey Solutions > > ------------------------------------------------------------------------ > > Nenhum vírus encontrado nessa mensagem. > Verificado por AVG - www.avgbrasil.com.br <http://www.avgbrasil.com.br> > Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de > Lançamento: 01/06/13 > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Marcos F. <mar...@ho...> - 2013-01-07 18:58:43
|
Ok, problem solved, I needed to restart the application server, that in the
guide was not described, and created a lot of workers with same
configuration. There is some way to delete the workers?
Now I'm getting the error :
HTTP Status 503 - Service Temporally Unavailable
The server is currently unable to handle the request:
Key usage limit exceeded or not initialized for worker 50.
Have this some relation with 'Unlimited Strength Jurisdiction Policy"?
Regards
-----Mensagem original-----
De: Markus Kilås [mailto:ma...@pr...]
Enviada em: segunda-feira, 7 de janeiro de 2013 14:10
Para: sig...@li...
Assunto: Re: [SignServer-develop] RES: Worker's questions and Error WSDL
On 2013-01-07 16:44, Marcos Fontana wrote:
> The error in the propertie file was my fault in the path of it in the
> commando line.
>
>
>
> Now, whem im trying to Sign a PDF for example, Im getting this error:
> EXCEPTION: org.signserver.common.CryptoTokenOfflineException:
> Signtoken isn't active.;
>
>
>
> Look my pdf configuration file:
>
>
>
> ## Global properties
>
>
>
> GLOB.WORKERGENID1.CLASSPATH =
> org.signserver.module.pdfsigner.PDFSigner
>
> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.SoftCryptoToken
>
> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.P12CryptoToken
>
> #GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.PKCS11CryptoToken
>
You are defining the GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH worker property
multiple times. It is undefined which one will be used but as you are
getting CryptoTokenOfflineException I would suspect it was the
P12 one this time.
Remove the definition that you should not use.
>
>
>
>
> ## General properties
>
>
>
> WORKERGENID1.NAME=PDFSigner
>
> WORKERGENID1.AUTHTYPE=NOAUTH
>
>
>
>
>
> ## SoftCryptoToken properties
>
>
>
> WORKERGENID1.KEYDATA=AAABJjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBA
> KJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4
> //9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYa
> iN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXE
> GUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqo
> KcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQA
> ABMIwggS+AgEAMA0GCSqGSIb3DQEBAQUABIIEqDCCBKQCAQACggEBAKJCST1ZD6592ueaz
> ugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2
> PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTi
> Fqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u
> /JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuq
> Uc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQKCAQA7pJX7YPNstoJ
> yw+ruTbAv40kXDe2mLHwR/B2D3M/ZVPFqcZoHbWarFpRNwtsT+lq7UmkjXY8UmYRJo5bh/
> o7+up3OeLf38k0fnR0YjWtV+fZB4hETPMacfv5PHXS0iouNxwUqYhyNvhw1srcl/fzqx4k
> BuErU2A1EK+thQPq
+
NkNo/VJTAcw0cLIcH5fxIOP5MHqDsdSPMGhVg26OHdNdKZBYpS9VzvWG4jPgld23go6bXDCJ6ITo
D3XTudZOymnv29wf38HT3/q+NNbO5Xk3Rj+l1M8dvyRefK8PLpaVSw2z8FXG6D5eayi04cjWhEUc
K8rvLaVXwsg4JLQz4H8xAoGBAOxMP0z/3D1MR1yrNUkmvCXu1SnNDBdqC/6lmUt8/Wr+AsKjYxtw
stQBRG8DrGUYWKTapsScV0gfL0mbWD7LVc08CC0o7X7TlUsAyurnbvWDwMcs9Nw2yHPDx1a/1bYh
ssCjQdjzVzDX7Ezcm/j/8y2ZzL51CWLaeeLX2paLgf7fAoGBAK/Jr54NZo2Jk2b6uYUQESk7Ud8A
wdGzP4o/6MK6U72iB5U2Zh9+bzs9rfccRNxOBS99pcvOuagM13gcxwF6oMxvnVtCgAcsJH/Tax0M
gzns0Ot6ajV0Zo9EywEYef21/qoo+K2ukN8ALB1HjcpHXjmJuJSCXqmDKoRCnsTKQzXFAoGBALBL
RqLs9WTqRweVWIEGHDN016aDK7VAUkifRhpy2yL69hY/Dg8H6vOPKn5k0DbwjhoYY3mmZtwRIBeb
hZ/71jzzv+npch9APk8h/UJ6fmc/8BDpspmlabIs68kGAK0MwS9F3je9fVyci9jgcqG4W7a223Fx
IhqVg4BBqPzOgqMjAoGBAJPn2PHdSJpyVSnib9I7sJTGqp493tZ4QVArccbWS7tU55huiwKYuTJZ
NVSj3nSW2NoamDOhnqh9FZakb/UYns8kYnv0uhBO3e8HjiqE6q0ESsy21UJgzCJjuYMUeyAzzzCR
BJvuM0rOtE92cyDtZ6R18m5SOx/Zkx5xh3EA1ggZAoGABqN+F3aZ7rQlQ8JXYpuKuNJjIeH7bClY
jGO7QeqR/feI5qiDCyTns5qjGiRbG/G6NQdvGGE+S6f3EmEB1dmnkgK+UOu/NEZcCVVv/6GrYqCw
z0Nd0JSSiB
F
9rmueU5lccdwsnXU/ZwXZtpn14M3YPTFAy4z+SQR82R3pwrSW9pY\=
>
> WORKERGENID1.SIGNERCERTCHAIN=MIIElTCCAn2gAwIBAgIIBT9pktCBJIowDQYJKoZIh
> vcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3Rpbmc
> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA5NTAzN1oXD
> TIxMDUyNzA5NTAzN1owRzERMA8GA1UEAwwIU2lnbmVyIDIxEDAOBgNVBAsMB1Rlc3Rpbmc
> xEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFA
> AOCAQ8AMIIBCgKCAQEAokJJPVkPrn3a55rO6A3Bnbe0nfJR9IDSI8AmFhYEBLoKfiavx0o
> MdbdDe+Dkwv78xBkgbj//2lhMCVmss90RzY+d0d0rg2SP8y/DsyxwriqCfuM7lnlgvSHCY
> woX8+uDM7zI53ykKVhqI3ttyFPa8RsjfFOIWqf39++sJUheW4j9x9rutf6qgtjxOYPQwDy
> gT9cIVpM7ZehhqVYlcQZRsprMg55s2SN/a78krAW51msoIDgd9+zbsIvzuGqCspO3AN8b2
> m8tlHTlA/E4+3OZkSqgpx8FSKIfbKUa866pRzptvcbL/wpFxYkyxqcB6o7CFnWbr3gUPpz
> 8KjuY7ypMmwIDAQABo38wfTAdBgNVHQ4EFgQUSkR/B71idJmR8deZziBAqSzWzhMwDAYDV
> R0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8
> EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA
> 4ICAQA+pQuI1QmZLdheCVmc+k1h53uIv9pBnBKSbKn0/CVznmlPOpJIwwuzcLfCesa6gkG
> 6BabHJwMrU/SpZuW
u
rHxdEKe6fS/ngYnIjFI5R0Kgl1czqq/tXDjGEpv2x0tZECqLFrkC7a+gjXJPE8TDj8nvi40pcKFv
v2tbRiyYrIPIxefrXmkT91F3zUKbQL0iW7Aot/0Klj+i4uivqFu359OymJ2C5wJOyZqPPsxUvTdA
2EZNX4BseFvJREmvx1CAgZkANZD4Qzn1b/0WrXfYsbWA4cBeTRR7vjGajBc/oGo2wki0dJksImU8
b2dLEf3n3M9dfxiFEAnl3YKDmT21wamO/hRdWklT+7Ivz6SFnW6HneT42IMNkC4k3d0i0Y2/q7XN
5rvMFbH1n6O4NUqHIkzbCtVljV6+XESmMseyJGKlY6RD7jnhEJq6dGPGSr5h6SAohYljs5Y1e/Dy
g243sP75ZO7HfOYPd2Sp+p5R5szWOuZp5UtLFBhuwlI41LnpuL+4t25LjNHoGhzZCl1rxqcSBGVK
LG2sN0XVXfqrt/EykOAV0WW+S72tRPI73eq0AeRJRRfzcZiequi694eP10Ehh/iiOpQ28yfhsWDv
MIxu8o8oK+hpgQvCwecP7rupdqM9OQYnePb53dd8Tt4hw4WhvSWC/9aNfFXc3jwbHVy5Rw\=\=;M
IIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb
3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTA
lNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ
0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFM
IICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/R
TOu4G4f6CT
k
d6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02w
d6JEEkbdKZv+MJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzD
d6JEEkbdKZv+MA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9G
d6JEEkbdKZv+JujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVA
d6JEEkbdKZv+Bhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+
d6JEEkbdKZv+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvED
d6JEEkbdKZv+NDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1
d6JEEkbdKZv+o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cf
d6JEEkbdKZv+jFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHg
d6JEEkbdKZv+IGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0C
d6JEEkbdKZv+LY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7o
d6JEEkbdKZv+rbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU
d6JEEkbdKZv+IHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
d6JEEkbdKZv+DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfK
d6JEEkbdKZv+KsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9F
d6JEEkbdKZv+XThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPw
d6JEEkbdKZv+LLqdsA8Io60kuES4JnQahPdLkf
m
70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw
46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7k
agqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0
wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLw
iEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgj
Ndo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SAT
eyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA\=\=
>
>
>
>
>
> ## P12CryptoToken properties
>
>
>
> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.
> p12
>
> #WORKERGENID1.KEYSTOREPASSWORD=123456
>
>
>
>
>
> ## PKCS11CryptoToken properties
>
>
>
> #WORKERGENID1.sharedLibrary=/home/tomas/dev/Utimaco/libcs2_pkcs11.so
>
> #WORKERGENID1.slot=1
>
> #WORKERGENID1.defaultKey=defaultKey
>
> #WORKERGENID1.pin foo123
>
>
>
> When the server, by the demo page, try to sign a document, which key
> pair it use? Is it in the line:
> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12?
That depends on which signtoken you define. If it is a SoftCryptoToken then
it is the KEYDATA property but if is a P12CryptoToken then it is the
KEYSTOREPATH property.
>
>
>
> Is this the keystore generated by ejbca? If yes, should I point to
> ejbca/p12/tomcat.p12?
No, the KEYSTOREPATH is the path to the keystore containing the signing key
to sign documents with if you have chosen to use the P12CryptoToken.
>
>
>
> ======================================================================
> ========================================================
>
> And, at last, for the WSDL error, this is what Im doing, how
> described on the guide:
>
>
>
> System./setProperty/("javax.net.ssl.keyStoreType", "JKS");
>
> System./setProperty/("javax.net.ssl.keyStore",
> "C:\\Users\\Marcos\\Desktop\\p12\\yMariano.jks");
>
> System./setProperty/("javax.net.ssl.keyStorePassword
> ", "a1b2c3");
>
>
>
> System./setProperty/("javax.net.ssl.trustStoreType",
> "JKS");
>
> System./setProperty/("javax.net.ssl.trustStore",
> "C:\\Projeto\\workspace\\ejbca\\p12\\truststore.jks");
>
>
> System./setProperty/("javax.net.ssl.trustStorePassword",
> "myPassword");
>
>
>
> The keystore is loaded to sign the document, right?
No, the keystore in the system property is used for client authenticated TLS
(ie if you access the web service on port 8443).
>
> The truststore is loaded too.
>
>
>
> Is it something wrong?
It looks correct assuming that the file paths and passwords are correct and
that the truststore/keystore contains correct certificates.
Best regards,
Markus
>
>
>
> Regards,
>
>
>
> *De:*Marcos Fontana [mailto:mar...@ho...]
> *Enviada em:* segunda-feira, 7 de janeiro de 2013 08:33
> *Para:* Marcos Paulo Fontana
> *Assunto:* FW: [SignServer-develop] Worker's questions and Error WSDL
>
>
>
>
>
> Enviado pelo meu Windows Phone
>
> ----------------------------------------------------------------------
> --
>
> *From: *Markus Kilås
> *Sent: *06/01/2013 11:27
> *To: *sig...@li...
> <mailto:sig...@li...>
> *Subject: *Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-04 17:55, Marcos Fontana wrote:
>> Hi,
>>
>
> Hi Marcos,
>
>>
>>
>> When Im are setting properties by the command:
>>
>>
>>
>> bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>
>>
>>
>> I got the console error: Error reading property file. Is there some
>> place that I can see this log?
>>
>
> You can get this error is the file is not existing or in any other way
> not readable. Make sure that the file can be read by for instance
> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
> Unfortunately this is not logged anywhere in more detail than what is
> printed on the console.
>
>>
>>
>> The configurations are right. Another question, what is the
>> difference by worker and signer?
>
> A Worker is an entity in SignServer which has an Worker ID and a
> configuration and can be called to perform some work. A signer is a
> type of worker which uses a crypto token to sign something.
>
>>
>>
>>
>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>
> That property sets the worker name to "PDFSigner" for the new worker
> which is about to be added. The WORKERGENID1 means that a new worker
> with the next available ID will be created.
>
> If you instead want to define the worker ID you could replace
> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
> recommended if you want to be able to apply (setproperties) the file
> again without having a new worker to be created.
>
>>
>>
>>
>> And another question, Im getting this error when i try to
>> instantiate the object os WSDL in this line
>>
>> : ISigningAndValidation _signserver_ =
>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>
>>
>>
>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>> failed with:
>>
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unkn
>> own
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknow
>> n
>> Source)
>>
>> at javax.xml.ws.Service.<init>(Unknown Source)
>>
>> at
>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServer
>> WSService.java:42_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>> lidationWS.java:120_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndVa
>> lidationWS.java:83_)
>>
>> at
>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.ja
>> va:145_)
>>
>> at certificate.principal.Principal.main(_Principal.java:70_)
>>
>> Caused by: _java.net.SocketException_:
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>
>> at
>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>> Source)
>>
>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>> Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>> Source)
>>
>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>> Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewH
>> ttpClient(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
>> (Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
>> own
>> Source)
>>
>> at java.net.URL.openStream(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Un
>> known
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unk
>> nown Source)
>>
>> ... 11 more
>>
>
> Have you defined the javax.net.ssl.trustStore and
> javax.net.ssl.trustStorePassword system properties?
>
> See
> http://signserver.org/manual/integration.html#Signing%20and%20validati
> ng%20an%20XML%20document
> for an example.
>
>
> Best regards,
> Markus
>
>
> PrimeKey Solutions offers a commercial EJBCA & SignServer support
> subscription and training. Please see www.primekey.se
> <http://www.primekey.se> or contact in...@pr...
> <mailto:in...@pr...> for more information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
>
>
>
> ----------------------------------------------------------------------
> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
> skills current with LearnDevNow - 3,200 step-by-step video tutorials
> by Microsoft MVPs and experts. ON SALE this month only -- learn more
> at:
> http://p.sf.net/sfu/learnmore_123012
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> <mailto:Sig...@li...>
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> ----------------------------------------------------------------------
> --
> ----------------------------------------------------------------------
> --
>
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> <http://www.avgbrasil.com.br>
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
> Lançamento: 01/06/13
>
>
>
> ----------------------------------------------------------------------
> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
> skills current with LearnDevNow - 3,200 step-by-step video tutorials
> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
> more at:
> http://p.sf.net/sfu/learnmore_122412
>
>
>
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
----------------------------------------------------------------------------
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC,
Windows 8 Apps, JavaScript and much more. Keep your skills current with
LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and
experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412
_______________________________________________
SignServer-develop mailing list
Sig...@li...
https://lists.sourceforge.net/lists/listinfo/signserver-develop
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
Lançamento: 01/06/13
-----
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
Lançamento: 01/06/13
|
|
From: Markus K. <ma...@pr...> - 2013-01-07 16:09:49
|
On 2013-01-07 16:44, Marcos Fontana wrote:
> The error in the propertie file was my fault in the path of it in the
> commando line.
>
>
>
> Now, whem im trying to Sign a PDF for example, I’m getting this error:
> EXCEPTION: org.signserver.common.CryptoTokenOfflineException: Signtoken
> isn't active.;
>
>
>
> Look my pdf configuration file:
>
>
>
> ## Global properties
>
>
>
> GLOB.WORKERGENID1.CLASSPATH = org.signserver.module.pdfsigner.PDFSigner
>
> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.SoftCryptoToken
>
> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.P12CryptoToken
>
> #GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.PKCS11CryptoToken
>
You are defining the GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH worker
property multiple times. It is undefined which one will be used but as
you are getting CryptoTokenOfflineException I would suspect it was the
P12 one this time.
Remove the definition that you should not use.
>
>
>
>
> ## General properties
>
>
>
> WORKERGENID1.NAME=PDFSigner
>
> WORKERGENID1.AUTHTYPE=NOAUTH
>
>
>
>
>
> ## SoftCryptoToken properties
>
>
>
> WORKERGENID1.KEYDATA=AAABJjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQAABMIwggS+AgEAMA0GCSqGSIb3DQEBAQUABIIEqDCCBKQCAQACggEBAKJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQKCAQA7pJX7YPNstoJyw+ruTbAv40kXDe2mLHwR/B2D3M/ZVPFqcZoHbWarFpRNwtsT+lq7UmkjXY8UmYRJo5bh/o7+up3OeLf38k0fnR0YjWtV+fZB4hETPMacfv5PHXS0iouNxwUqYhyNvhw1srcl/fzqx4kBuErU2A1EK+thQPq
+
NkNo/VJTAcw0cLIcH5fxIOP5MHqDsdSPMGhVg26OHdNdKZBYpS9VzvWG4jPgld23go6bXDCJ6IToD3XTudZOymnv29wf38HT3/q+NNbO5Xk3Rj+l1M8dvyRefK8PLpaVSw2z8FXG6D5eayi04cjWhEUcK8rvLaVXwsg4JLQz4H8xAoGBAOxMP0z/3D1MR1yrNUkmvCXu1SnNDBdqC/6lmUt8/Wr+AsKjYxtwstQBRG8DrGUYWKTapsScV0gfL0mbWD7LVc08CC0o7X7TlUsAyurnbvWDwMcs9Nw2yHPDx1a/1bYhssCjQdjzVzDX7Ezcm/j/8y2ZzL51CWLaeeLX2paLgf7fAoGBAK/Jr54NZo2Jk2b6uYUQESk7Ud8AwdGzP4o/6MK6U72iB5U2Zh9+bzs9rfccRNxOBS99pcvOuagM13gcxwF6oMxvnVtCgAcsJH/Tax0Mgzns0Ot6ajV0Zo9EywEYef21/qoo+K2ukN8ALB1HjcpHXjmJuJSCXqmDKoRCnsTKQzXFAoGBALBLRqLs9WTqRweVWIEGHDN016aDK7VAUkifRhpy2yL69hY/Dg8H6vOPKn5k0DbwjhoYY3mmZtwRIBebhZ/71jzzv+npch9APk8h/UJ6fmc/8BDpspmlabIs68kGAK0MwS9F3je9fVyci9jgcqG4W7a223FxIhqVg4BBqPzOgqMjAoGBAJPn2PHdSJpyVSnib9I7sJTGqp493tZ4QVArccbWS7tU55huiwKYuTJZNVSj3nSW2NoamDOhnqh9FZakb/UYns8kYnv0uhBO3e8HjiqE6q0ESsy21UJgzCJjuYMUeyAzzzCRBJvuM0rOtE92cyDtZ6R18m5SOx/Zkx5xh3EA1ggZAoGABqN+F3aZ7rQlQ8JXYpuKuNJjIeH7bClYjGO7QeqR/feI5qiDCyTns5qjGiRbG/G6NQdvGGE+S6f3EmEB1dmnkgK+UOu/NEZcCVVv/6GrYqCwz0Nd0JSSiB
F
9rmueU5lccdwsnXU/ZwXZtpn14M3YPTFAy4z+SQR82R3pwrSW9pY\=
>
> WORKERGENID1.SIGNERCERTCHAIN=MIIElTCCAn2gAwIBAgIIBT9pktCBJIowDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA5NTAzN1oXDTIxMDUyNzA5NTAzN1owRzERMA8GA1UEAwwIU2lnbmVyIDIxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokJJPVkPrn3a55rO6A3Bnbe0nfJR9IDSI8AmFhYEBLoKfiavx0oMdbdDe+Dkwv78xBkgbj//2lhMCVmss90RzY+d0d0rg2SP8y/DsyxwriqCfuM7lnlgvSHCYwoX8+uDM7zI53ykKVhqI3ttyFPa8RsjfFOIWqf39++sJUheW4j9x9rutf6qgtjxOYPQwDygT9cIVpM7ZehhqVYlcQZRsprMg55s2SN/a78krAW51msoIDgd9+zbsIvzuGqCspO3AN8b2m8tlHTlA/E4+3OZkSqgpx8FSKIfbKUa866pRzptvcbL/wpFxYkyxqcB6o7CFnWbr3gUPpz8KjuY7ypMmwIDAQABo38wfTAdBgNVHQ4EFgQUSkR/B71idJmR8deZziBAqSzWzhMwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQA+pQuI1QmZLdheCVmc+k1h53uIv9pBnBKSbKn0/CVznmlPOpJIwwuzcLfCesa6gkG6BabHJwMrU/SpZuW
u
rHxdEKe6fS/ngYnIjFI5R0Kgl1czqq/tXDjGEpv2x0tZECqLFrkC7a+gjXJPE8TDj8nvi40pcKFvv2tbRiyYrIPIxefrXmkT91F3zUKbQL0iW7Aot/0Klj+i4uivqFu359OymJ2C5wJOyZqPPsxUvTdA2EZNX4BseFvJREmvx1CAgZkANZD4Qzn1b/0WrXfYsbWA4cBeTRR7vjGajBc/oGo2wki0dJksImU8b2dLEf3n3M9dfxiFEAnl3YKDmT21wamO/hRdWklT+7Ivz6SFnW6HneT42IMNkC4k3d0i0Y2/q7XN5rvMFbH1n6O4NUqHIkzbCtVljV6+XESmMseyJGKlY6RD7jnhEJq6dGPGSr5h6SAohYljs5Y1e/Dyg243sP75ZO7HfOYPd2Sp+p5R5szWOuZp5UtLFBhuwlI41LnpuL+4t25LjNHoGhzZCl1rxqcSBGVKLG2sN0XVXfqrt/EykOAV0WW+S72tRPI73eq0AeRJRRfzcZiequi694eP10Ehh/iiOpQ28yfhsWDvMIxu8o8oK+hpgQvCwecP7rupdqM9OQYnePb53dd8Tt4hw4WhvSWC/9aNfFXc3jwbHVy5Rw\=\=;MIIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/RTOu4G4f6CT
k
d6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02wMJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzDMA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9GJujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVABhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvEDNDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cfjFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHgIGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0CLY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7orbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUIHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfKKsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9FXThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPwLLqdsA8Io60kuES4JnQahPdLkf
m
70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7kagqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLwiEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgjNdo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SATeyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA\=\=
>
>
>
>
>
> ## P12CryptoToken properties
>
>
>
> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12
>
> #WORKERGENID1.KEYSTOREPASSWORD=123456
>
>
>
>
>
> ## PKCS11CryptoToken properties
>
>
>
> #WORKERGENID1.sharedLibrary=/home/tomas/dev/Utimaco/libcs2_pkcs11.so
>
> #WORKERGENID1.slot=1
>
> #WORKERGENID1.defaultKey=defaultKey
>
> #WORKERGENID1.pin foo123
>
>
>
> When the server, by the demo page, try to sign a document, which key
> pair it use? Is it in the line:
> #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12?
That depends on which signtoken you define. If it is a SoftCryptoToken
then it is the KEYDATA property but if is a P12CryptoToken then it is
the KEYSTOREPATH property.
>
>
>
> Is this the keystore generated by ejbca? If yes, should I point to
> ejbca/p12/tomcat.p12?
No, the KEYSTOREPATH is the path to the keystore containing the signing
key to sign documents with if you have chosen to use the P12CryptoToken.
>
>
>
> ==============================================================================================================================
>
> And, at last, for the WSDL error, this is what I’m doing, how described
> on the guide:
>
>
>
> System./setProperty/("javax.net.ssl.keyStoreType", "JKS");
>
> System./setProperty/("javax.net.ssl.keyStore",
> "C:\\Users\\Marcos\\Desktop\\p12\\yMariano.jks");
>
> System./setProperty/("javax.net.ssl.keyStorePassword ",
> "a1b2c3");
>
>
>
> System./setProperty/("javax.net.ssl.trustStoreType",
> "JKS");
>
> System./setProperty/("javax.net.ssl.trustStore",
> "C:\\Projeto\\workspace\\ejbca\\p12\\truststore.jks");
>
>
> System./setProperty/("javax.net.ssl.trustStorePassword", "myPassword");
>
>
>
> The keystore is loaded to sign the document, right?
No, the keystore in the system property is used for client authenticated
TLS (ie if you access the web service on port 8443).
>
> The truststore is loaded too.
>
>
>
> Is it something wrong?
It looks correct assuming that the file paths and passwords are correct
and that the truststore/keystore contains correct certificates.
Best regards,
Markus
>
>
>
> Regards,
>
>
>
> *De:*Marcos Fontana [mailto:mar...@ho...]
> *Enviada em:* segunda-feira, 7 de janeiro de 2013 08:33
> *Para:* Marcos Paulo Fontana
> *Assunto:* FW: [SignServer-develop] Worker's questions and Error WSDL
>
>
>
>
>
> Enviado pelo meu Windows Phone
>
> ------------------------------------------------------------------------
>
> *From: *Markus Kilås
> *Sent: *06/01/2013 11:27
> *To: *sig...@li...
> <mailto:sig...@li...>
> *Subject: *Re: [SignServer-develop] Worker's questions and Error WSDL
>
> On 2013-01-04 17:55, Marcos Fontana wrote:
>> Hi,
>>
>
> Hi Marcos,
>
>>
>>
>> When I’m are setting properties by the command:
>>
>>
>>
>> bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>
>>
>>
>> I got the console error: Error reading property file. Is there some
>> place that I can see this log?
>>
>
> You can get this error is the file is not existing or in any other way
> not readable. Make sure that the file can be read by for instance
> running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
> Unfortunately this is not logged anywhere in more detail than what is
> printed on the console.
>
>>
>>
>> The configurations are right. Another question, what is the difference
>> by worker and signer?
>
> A Worker is an entity in SignServer which has an Worker ID and a
> configuration and can be called to perform some work. A signer is a type
> of worker which uses a crypto token to sign something.
>
>>
>>
>>
>> The ID or Worker name, in the case of PDF, is the PDFSigner, configured
>> in this line: WORKERGENID1.NAME=PDFSigner?
>
> That property sets the worker name to "PDFSigner" for the new worker
> which is about to be added. The WORKERGENID1 means that a new worker
> with the next available ID will be created.
>
> If you instead want to define the worker ID you could replace
> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
> recommended if you want to be able to apply (setproperties) the file
> again without having a new worker to be created.
>
>>
>>
>>
>> And another question, I’m getting this error when i try to instantiate
>> the object os WSDL in this line
>>
>> : ISigningAndValidation _signserver_ =
>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>
>>
>>
>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
>> failed with:
>>
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown
>> Source)
>>
>> at javax.xml.ws.Service.<init>(Unknown Source)
>>
>> at
>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServerWSService.java:42_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:120_)
>>
>> at
>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:83_)
>>
>> at
>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.java:145_)
>>
>> at certificate.principal.Principal.main(_Principal.java:70_)
>>
>> Caused by: _java.net.SocketException_:
>> _java.security.NoSuchAlgorithmException_: Error constructing
>> implementation (algorithm: Default, provider: SunJSSE, class:
>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>
>> at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>> Source)
>>
>> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>> Source)
>>
>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
>>
>> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
>> Source)
>>
>> at
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
>>
>> at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
>> Source)
>>
>> at java.net.URL.openStream(Unknown Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown
>> Source)
>>
>> at
>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown Source)
>>
>> ... 11 more
>>
>
> Have you defined the javax.net.ssl.trustStore and
> javax.net.ssl.trustStorePassword system properties?
>
> See
> http://signserver.org/manual/integration.html#Signing%20and%20validating%20an%20XML%20document
> for an example.
>
>
> Best regards,
> Markus
>
>
> PrimeKey Solutions offers a commercial EJBCA & SignServer support
> subscription and training. Please see www.primekey.se
> <http://www.primekey.se> or contact
> in...@pr... <mailto:in...@pr...> for more information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_123012
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> <mailto:Sig...@li...>
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> ------------------------------------------------------------------------
> ------------------------------------------------------------------------
>
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br <http://www.avgbrasil.com.br>
> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de
> Lançamento: 01/06/13
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
>
>
>
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
|
From: Marcos F. <mar...@ho...> - 2013-01-07 15:44:57
|
The error in the propertie file was my fault in the path of it in the commando line.
Now, whem im trying to Sign a PDF for example, I’m getting this error: EXCEPTION: org.signserver.common.CryptoTokenOfflineException: Signtoken isn't active.;
Look my pdf configuration file:
## Global properties
GLOB.WORKERGENID1.CLASSPATH = org.signserver.module.pdfsigner.PDFSigner
GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.SoftCryptoToken
GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.P12CryptoToken
#GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.PKCS11CryptoToken
## General properties
WORKERGENID1.NAME=PDFSigner
WORKERGENID1.AUTHTYPE=NOAUTH
## SoftCryptoToken properties
WORKERGENID1.KEYDATA=AAABJjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQAABMIwggS+AgEAMA0GCSqGSIb3DQEBAQUABIIEqDCCBKQCAQACggEBAKJCST1ZD6592ueazugNwZ23tJ3yUfSA0iPAJhYWBAS6Cn4mr8dKDHW3Q3vg5ML+/MQZIG4//9pYTAlZrLPdEc2PndHdK4Nkj/Mvw7MscK4qgn7jO5Z5YL0hwmMKF/PrgzO8yOd8pClYaiN7bchT2vEbI3xTiFqn9/fvrCVIXluI/cfa7rX+qoLY8TmD0MA8oE/XCFaTO2XoYalWJXEGUbKazIOebNkjf2u/JKwFudZrKCA4Hffs27CL87hqgrKTtwDfG9pvLZR05QPxOPtzmZEqoKcfBUiiH2ylGvOuqUc6bb3Gy/8KRcWJMsanAeqOwhZ1m694FD6c/Co7mO8qTJsCAwEAAQKCAQA7pJX7YPNstoJyw+ruTbAv40kXDe2mLHwR/B2D3M/ZVPFqcZoHbWarFpRNwtsT+lq7UmkjXY8UmYRJo5bh/o7+up3OeLf38k0fnR0YjWtV+fZB4hETPMacfv5PHXS0iouNxwUqYhyNvhw1srcl/fzqx4kBuErU2A1EK+thQPq+NkNo/VJTAcw0cLIcH5fxIOP5MHqDsdSPMGhVg26OHdNdKZBYpS9VzvWG4jPgld23go6bXDCJ6IToD3XTudZOymnv29wf38HT3/q+NNbO5Xk3Rj+l1M8dvyRefK8PLpaVSw2z8FXG6D5eayi04cjWhEUcK8rvLaVXwsg4JLQz4H8xAoGBAOxMP0z/3D1MR1yrNUkmvCXu1SnNDBdqC/6lmUt8/Wr+AsKjYxtwstQBRG8DrGUYWKTapsScV0gfL0mbWD7LVc08CC0o7X7TlUsAyurnbvWDwMcs9Nw2yHPDx1a/1bYhssCjQdjzVzDX7Ezcm/j/8y2ZzL51CWLaeeLX2paLgf7fAoGBAK/Jr54NZo2Jk2b6uYUQESk7Ud8AwdGzP4o/6MK6U72iB5U2Zh9+bzs9rfccRNxOBS99pcvOuagM13gcxwF6oMxvnVtCgAcsJH/Tax0Mgzns0Ot6ajV0Zo9EywEYef21/qoo+K2ukN8ALB1HjcpHXjmJuJSCXqmDKoRCnsTKQzXFAoGBALBLRqLs9WTqRweVWIEGHDN016aDK7VAUkifRhpy2yL69hY/Dg8H6vOPKn5k0DbwjhoYY3mmZtwRIBebhZ/71jzzv+npch9APk8h/UJ6fmc/8BDpspmlabIs68kGAK0MwS9F3je9fVyci9jgcqG4W7a223FxIhqVg4BBqPzOgqMjAoGBAJPn2PHdSJpyVSnib9I7sJTGqp493tZ4QVArccbWS7tU55huiwKYuTJZNVSj3nSW2NoamDOhnqh9FZakb/UYns8kYnv0uhBO3e8HjiqE6q0ESsy21UJgzCJjuYMUeyAzzzCRBJvuM0rOtE92cyDtZ6R18m5SOx/Zkx5xh3EA1ggZAoGABqN+F3aZ7rQlQ8JXYpuKuNJjIeH7bClYjGO7QeqR/feI5qiDCyTns5qjGiRbG/G6NQdvGGE+S6f3EmEB1dmnkgK+UOu/NEZcCVVv/6GrYqCwz0Nd0JSSiBF9rmueU5lccdwsnXU/ZwXZtpn14M3YPTFAy4z+SQR82R3pwrSW9pY\=
WORKERGENID1.SIGNERCERTCHAIN=MIIElTCCAn2gAwIBAgIIBT9pktCBJIowDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA5NTAzN1oXDTIxMDUyNzA5NTAzN1owRzERMA8GA1UEAwwIU2lnbmVyIDIxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokJJPVkPrn3a55rO6A3Bnbe0nfJR9IDSI8AmFhYEBLoKfiavx0oMdbdDe+Dkwv78xBkgbj//2lhMCVmss90RzY+d0d0rg2SP8y/DsyxwriqCfuM7lnlgvSHCYwoX8+uDM7zI53ykKVhqI3ttyFPa8RsjfFOIWqf39++sJUheW4j9x9rutf6qgtjxOYPQwDygT9cIVpM7ZehhqVYlcQZRsprMg55s2SN/a78krAW51msoIDgd9+zbsIvzuGqCspO3AN8b2m8tlHTlA/E4+3OZkSqgpx8FSKIfbKUa866pRzptvcbL/wpFxYkyxqcB6o7CFnWbr3gUPpz8KjuY7ypMmwIDAQABo38wfTAdBgNVHQ4EFgQUSkR/B71idJmR8deZziBAqSzWzhMwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQA+pQuI1QmZLdheCVmc+k1h53uIv9pBnBKSbKn0/CVznmlPOpJIwwuzcLfCesa6gkG6BabHJwMrU/SpZuWurHxdEKe6fS/ngYnIjFI5R0Kgl1czqq/tXDjGEpv2x0tZECqLFrkC7a+gjXJPE8TDj8nvi40pcKFvv2tbRiyYrIPIxefrXmkT91F3zUKbQL0iW7Aot/0Klj+i4uivqFu359OymJ2C5wJOyZqPPsxUvTdA2EZNX4BseFvJREmvx1CAgZkANZD4Qzn1b/0WrXfYsbWA4cBeTRR7vjGajBc/oGo2wki0dJksImU8b2dLEf3n3M9dfxiFEAnl3YKDmT21wamO/hRdWklT+7Ivz6SFnW6HneT42IMNkC4k3d0i0Y2/q7XN5rvMFbH1n6O4NUqHIkzbCtVljV6+XESmMseyJGKlY6RD7jnhEJq6dGPGSr5h6SAohYljs5Y1e/Dyg243sP75ZO7HfOYPd2Sp+p5R5szWOuZp5UtLFBhuwlI41LnpuL+4t25LjNHoGhzZCl1rxqcSBGVKLG2sN0XVXfqrt/EykOAV0WW+S72tRPI73eq0AeRJRRfzcZiequi694eP10Ehh/iiOpQ28yfhsWDvMIxu8o8oK+hpgQvCwecP7rupdqM9OQYnePb53dd8Tt4hw4WhvSWC/9aNfFXc3jwbHVy5Rw\=\=;MIIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/RTOu4G4f6CTkd6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02wMJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzDMA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9GJujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVABhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvEDNDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cfjFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHgIGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0CLY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7orbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUIHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfKKsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9FXThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPwLLqdsA8Io60kuES4JnQahPdLkfm70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7kagqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLwiEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgjNdo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SATeyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA\=\=
## P12CryptoToken properties
#WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12
#WORKERGENID1.KEYSTOREPASSWORD=123456
## PKCS11CryptoToken properties
#WORKERGENID1.sharedLibrary=/home/tomas/dev/Utimaco/libcs2_pkcs11.so
#WORKERGENID1.slot=1
#WORKERGENID1.defaultKey=defaultKey
#WORKERGENID1.pin foo123
When the server, by the demo page, try to sign a document, which key pair it use? Is it in the line: #WORKERGENID1.KEYSTOREPATH=D:/My_Projects/SignServer_WorkSpace/tomcat.p12?
Is this the keystore generated by ejbca? If yes, should I point to ejbca/p12/tomcat.p12?
==============================================================================================================================
And, at last, for the WSDL error, this is what I’m doing, how described on the guide:
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStore", "C:\\Users\\Marcos\\Desktop\\p12\\yMariano.jks");
System.setProperty("javax.net.ssl.keyStorePassword ", "a1b2c3");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore", "C:\\Projeto\\workspace\\ejbca\\p12\\truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "myPassword");
The keystore is loaded to sign the document, right?
The truststore is loaded too.
Is it something wrong?
Regards,
De: Marcos Fontana [mailto:mar...@ho...]
Enviada em: segunda-feira, 7 de janeiro de 2013 08:33
Para: Marcos Paulo Fontana
Assunto: FW: [SignServer-develop] Worker's questions and Error WSDL
Enviado pelo meu Windows Phone
_____
From: Markus Kilås
Sent: 06/01/2013 11:27
To: <mailto:sig...@li...> sig...@li...
Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
On 2013-01-04 17:55, Marcos Fontana wrote:
> Hi,
>
Hi Marcos,
>
>
> When I’m are setting properties by the command:
>
>
>
> bin/signserver.sh setproperties
> doc/sample-configs/qs_pdfsigner_configuration.properties
>
>
>
> I got the console error: Error reading property file. Is there some
> place that I can see this log?
>
You can get this error is the file is not existing or in any other way
not readable. Make sure that the file can be read by for instance
running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
Unfortunately this is not logged anywhere in more detail than what is
printed on the console.
>
>
> The configurations are right. Another question, what is the difference
> by worker and signer?
A Worker is an entity in SignServer which has an Worker ID and a
configuration and can be called to perform some work. A signer is a type
of worker which uses a crypto token to sign something.
>
>
>
> The ID or Worker name, in the case of PDF, is the PDFSigner, configured
> in this line: WORKERGENID1.NAME=PDFSigner?
That property sets the worker name to "PDFSigner" for the new worker
which is about to be added. The WORKERGENID1 means that a new worker
with the next available ID will be created.
If you instead want to define the worker ID you could replace
WORKERGENID1 with for instance WORKER47 (or any other ID). This is
recommended if you want to be able to apply (setproperties) the file
again without having a new worker to be created.
>
>
>
> And another question, I’m getting this error when i try to instantiate
> the object os WSDL in this line
>
> : ISigningAndValidation _signserver_ =
> *new*SigningAndValidationWS("localhost", 8442, *true*);
>
>
>
> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
> failed with:
>
> _java.security.NoSuchAlgorithmException_: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown
> Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>
> at
> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown
> Source)
>
> at javax.xml.ws.Service.<init>(Unknown Source)
>
> at
> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServerWSService.java:42_)
>
> at
> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:120_)
>
> at
> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:83_)
>
> at
> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.java:145_)
>
> at certificate.principal.Principal.main(_Principal.java:70_)
>
> Caused by: _java.net.SocketException_:
> _java.security.NoSuchAlgorithmException_: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>
> at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
> Source)
>
> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
> Source)
>
> at sun.net.NetworkClient.doConnect(Unknown Source)
>
> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>
> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown
> Source)
>
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
>
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
>
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
>
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> Source)
>
> at java.net.URL.openStream(Unknown Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown
> Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown Source)
>
> ... 11 more
>
Have you defined the javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword system properties?
See
http://signserver.org/manual/integration.html#Signing%20and%20validating%20an%20XML%20document
for an example.
Best regards,
Markus
PrimeKey Solutions offers a commercial EJBCA & SignServer support
subscription and training. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_123012
_______________________________________________
SignServer-develop mailing list
Sig...@li...
https://lists.sourceforge.net/lists/listinfo/signserver-develop
_____
_____
Nenhum vírus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6014 - Data de Lançamento: 01/06/13
|
|
From: Markus K. <ma...@pr...> - 2013-01-06 13:27:14
|
On 2013-01-04 17:55, Marcos Fontana wrote:
> Hi,
>
Hi Marcos,
>
>
> When I’m are setting properties by the command:
>
>
>
> bin/signserver.sh setproperties
> doc/sample-configs/qs_pdfsigner_configuration.properties
>
>
>
> I got the console error: Error reading property file. Is there some
> place that I can see this log?
>
You can get this error is the file is not existing or in any other way
not readable. Make sure that the file can be read by for instance
running "less doc/sample-configs/qs_pdfsigner_configuration.properties".
Unfortunately this is not logged anywhere in more detail than what is
printed on the console.
>
>
> The configurations are right. Another question, what is the difference
> by worker and signer?
A Worker is an entity in SignServer which has an Worker ID and a
configuration and can be called to perform some work. A signer is a type
of worker which uses a crypto token to sign something.
>
>
>
> The ID or Worker name, in the case of PDF, is the PDFSigner, configured
> in this line: WORKERGENID1.NAME=PDFSigner?
That property sets the worker name to "PDFSigner" for the new worker
which is about to be added. The WORKERGENID1 means that a new worker
with the next available ID will be created.
If you instead want to define the worker ID you could replace
WORKERGENID1 with for instance WORKER47 (or any other ID). This is
recommended if you want to be able to apply (setproperties) the file
again without having a new worker to be created.
>
>
>
> And another question, I’m getting this error when i try to instantiate
> the object os WSDL in this line
>
> : ISigningAndValidation _signserver_ =
> *new*SigningAndValidationWS("localhost", 8442, *true*);
>
>
>
> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
> https://localhost:8442/signserver/signserverws/signserverws?wsdl. It
> failed with:
>
> _java.security.NoSuchAlgorithmException_: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown
> Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>
> at
> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown Source)
>
> at
> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown
> Source)
>
> at javax.xml.ws.Service.<init>(Unknown Source)
>
> at
> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServerWSService.java:42_)
>
> at
> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:120_)
>
> at
> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAndValidationWS.java:83_)
>
> at
> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.java:145_)
>
> at certificate.principal.Principal.main(_Principal.java:70_)
>
> Caused by: _java.net.SocketException_:
> _java.security.NoSuchAlgorithmException_: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>
> at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
> Source)
>
> at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
> Source)
>
> at sun.net.NetworkClient.doConnect(Unknown Source)
>
> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>
> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
>
> at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
>
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown
> Source)
>
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
>
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
>
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
>
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> Source)
>
> at java.net.URL.openStream(Unknown Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown
> Source)
>
> at
> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown Source)
>
> ... 11 more
>
Have you defined the javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword system properties?
See
http://signserver.org/manual/integration.html#Signing%20and%20validating%20an%20XML%20document
for an example.
Best regards,
Markus
PrimeKey Solutions offers a commercial EJBCA & SignServer support
subscription and training. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
|
|
From: Marcos F. <mar...@ho...> - 2013-01-04 16:55:14
|
Hi,
When I'm are setting properties by the command:
bin/signserver.sh setproperties
doc/sample-configs/qs_pdfsigner_configuration.properties
I got the console error: Error reading property file. Is there some place
that I can see this log?
The configurations are right. Another question, what is the difference by
worker and signer?
The ID or Worker name, in the case of PDF, is the PDFSigner, configured in
this line: WORKERGENID1.NAME=PDFSigner?
And another question, I'm getting this error when i try to instantiate the
object os WSDL in this line
: ISigningAndValidation signserver = new
SigningAndValidationWS("localhost", 8442, true);
javax.xml.ws.WebServiceException: Failed to access the WSDL at:
https://localhost:8442/signserver/signserverws/signserverws?wsdl. It failed
with:
java.security.NoSuchAlgorithmException: Error constructing implementation
(algorithm: Default, provider: SunJSSE, class:
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
at
com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Unknown
Source)
at
com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
Source)
at com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
Source)
at
com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unknown
Source)
at javax.xml.ws.Service.<init>(Unknown Source)
at
org.signserver.protocol.ws.gen.SignServerWSService.<init>(SignServerWSServic
e.java:42)
at
org.signserver.client.api.SigningAndValidationWS.<init>(SigningAndValidation
WS.java:120)
at
org.signserver.client.api.SigningAndValidationWS.<init>(SigningAndValidation
WS.java:83)
at
certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java:145)
at certificate.principal.Principal.main(Principal.java:70)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException:
Error constructing implementation (algorithm: Default, provider: SunJSSE,
class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
Source)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClie
nt(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknow
n Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
at java.net.URL.openStream(Unknown Source)
at
com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(Unknown
Source)
at
com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(Unknown
Source)
... 11 more
_____
Nenhum virus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versao: 2013.0.2805 / Banco de dados de virus: 2637/6008 - Data de
Lancamento: 01/03/13
|
|
From: <ant...@yo...> - 2012-12-29 00:39:14
|
integrated. You could check manually, there is not son much files. I am on vacation until the 7th of january so sorry if I do not answer. Best regards, Antoine Yousign |
|
From: Markus K. <ma...@pr...> - 2012-12-28 07:50:37
|
Hi Nancy, On 2012-12-28 05:42, Nancy Dang wrote: > Hi Markus, Antoine, > > It's so great to hear about the forthcoming versions. > > @Antoine: Thank you for your kindness. I've tried to apply the patch > at https://jira.primekey.se/browse/DSS-457 but there was some error. I'm > using SignServer 3.2 and realize that the patch is for 3.5. Should I > apply all the previous patches before this one? I think the patch was for the trunk branch of SignServer. Details for how to check it out from our repository at SourceForge can be found here: http://sourceforge.net/projects/signserver/develop?source=navbar It is possible though that even the trunk has changed since the patch was made so the patch might not apply completely. Best regards, Markus > > Here is the screenshot: > Inline image 1 > > Best Regards, > > > On Thu, Dec 27, 2012 at 2:44 PM, Markus Kilås <ma...@pr... > <mailto:ma...@pr...>> wrote: > > Hi Antoine, Nancy, > > On 2012-12-27 07:47, ant...@yo... > <mailto:ant...@yo...> wrote: > > Hi Nancy, > > > > For when do you need this functionality ? You could integrate yourself > > the code (with the diff file in the link below) or wait for the > > integration in signserver. > > > > @Markus : I just see that the integration is scheduled for signserver > > 3.5, is it possible to do it before ? > > It all come down to our available resources and customer requirements. > However, 3.5 might not be so far away as we are planning on releasing > 3.3 in the beginning of next year and 3.4 just 1-2 months later. > > > Best regards, > Markus > > > > > Here's the address of the ticket : > > https://jira.primekey.se/browse/DSS-457 > > > > Have a nice day. > > > > Best regards, > > -- > PrimeKey Solutions offers a commercial EJBCA & SignServer support > subscription and training. Please see www.primekey.se > <http://www.primekey.se> or contact > in...@pr... <mailto:in...@pr...> for more information. > http://www.primekey.se/Services/Support/ > http://www.primekey.se/Services/Training/ > > > > > > > Antoine > > > > > > On Thu, 27 Dec 2012 09:26:20 +0700, Nancy Dang > <nan...@gm... <mailto:nan...@gm...>> > > wrote: > >> Hi Antoine Louiset, > >> > >> Thank you for your response. I'm trying the 2nd solution as I need to > >> use many certificates in my system. However, it takes time to read > >> through the code :) Thanks again for your idea. > >> > >> In my system, the certificates belong to users, not the server (or > >> signer). Each user will have different certificate (+private key) but > >> they don't have a token to store those information. My plan is to > >> store those information on the server and when a user needs to sign a > >> document, he will have a signer did it. > >> > >> The private key of each user will not change frequently but there are > >> many private keys. So different workers have to work with different > >> private keys. > >> > >> Best regards, > >> > >> On Thu, Dec 27, 2012 at 4:24 AM, wrote: > >> On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang > >> wrote: > >> > >>> Hi, > >> > > >> > I would like to customize the project in a way that allows me to > >> > choose which certificate is used to sign the data. > >> > > >> > Currently, to my knowledge, I need to specify a .p12 file in the > >> > property file of each signer. That file will then be used for > >> signing. > >> > I want to change the source code so that the worker can be > >> reloaded > >> > (or started) by some command like this: > >> > > >> > # bin/signserver.sh reload 3 001 > >> > > >> > where 3 is the worker ID and 001 is the certificate ID from a > >> > database. > >> > > >> > I'm new to Sign Server and still dig in. Please help me with some > >> > ideas how to do this. Or at least answer the question: Is this > >> > possible? > >> > > >> > Thank you very much. > >> > >> Hi, > >> > >> Welcome to the community ! > >> > >> You should use a JKS file to store your private keys and your > >> certificates. It will be faster. > >> > >> I have 2 suggestions. Perhaps, you could change the property > >> "defaultkey" in the configuration of the worker. The defaultkey > >> corresponds to the alias of the private key stored in the keystore. > >> > >> Otherwise, I develop a new functionality which could interest you. > >> In > >> the configuration of the worker, I add one property where you > >> specify > >> different parameters that the client of signserver has to specify. > >> In > >> my > >> case, I need the alias of the private key used to sign. These > >> properties > >> are stored in the metadata which could be sent for example by Web > >> Services. In that case, you just have to change in the different > >> workers > >> the line getPrivateKey(alias) and put alias with the one sent. > >> > >> Do not hesitate to tell me if you don't understand something. > >> > >> Will you often change the private key to use ? How many private keys > >> will you use ? If it is not an important number, you should use > >> different workers with different values of the property > >> "defaultkey". > >> > >> Best regards, > >> > >> Antoine Louiset > >> Yousign > > > > > > > ------------------------------------------------------------------------------ > > Master Visual Studio, SharePoint, SQL, ASP.NET <http://ASP.NET>, > C# 2012, HTML5, CSS, > > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills > current > > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > > MVPs and experts. ON SALE this month only -- learn more at: > > http://p.sf.net/sfu/learnmore_122712 > > _______________________________________________ > > SignServer-develop mailing list > > Sig...@li... > <mailto:Sig...@li...> > > https://lists.sourceforge.net/lists/listinfo/signserver-develop > > > > > > -- > Kind regards, > Markus Kilås > Security Consultant & Developer > > PrimeKey Solutions AB > > Anderstorpsv. 16 > 171 54 Solna > Sweden > > Phone: +46 70 424 94 85 > Skype: markusatskype > Email: mar...@pr... <mailto:mar...@pr...> > > www.primekey.se <http://www.primekey.se> > > > > > > -- > Nancy -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Markus K. <ma...@pr...> - 2012-12-28 07:43:16
|
Great Nancy, I guess you also had to change the GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH to use the P12CryptoToken. Best regards, Markus On 2012-12-28 08:35, Nancy Dang wrote: > Solved. It turns out that I haven't set the right property. > > > > On Fri, Dec 28, 2012 at 11:07 AM, Nancy Dang <nan...@gm... > <mailto:nan...@gm...>> wrote: > > Hi there, > > I'm trying out some demos with the PDF signer. > > As far I understand, we can sign by 2 methods: > *(1) Use a fixed certificate: *from these properties: > > * WORKERGENID1.SIGNERCERTIFICATE > * WORKERGENID1.SIGNERCERTCHAIN > * WORKERGENID1.KEYDATA > > */(2) Use a .p12 file/*: in WORKERGENID1.KEYSTOREPATH > > Everything works fine when I use (1) but with (2), I cannot sign the > document. I got this response when apply *getconfig* > " Either this isn't a Signer or no Signer Certificate have been > uploaded to it." > Can someone make it clear for me? Thank you very much. > -- > Nancy > > > > > -- > Nancy > > > ------------------------------------------------------------------------------ > Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and > much more. Get web development skills now with LearnDevNow - > 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. > SALE $99.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122812 > > > > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Nancy D. <nan...@gm...> - 2012-12-28 07:35:53
|
Solved. It turns out that I haven't set the right property. On Fri, Dec 28, 2012 at 11:07 AM, Nancy Dang <nan...@gm...> wrote: > Hi there, > > I'm trying out some demos with the PDF signer. > > As far I understand, we can sign by 2 methods: > *(1) Use a fixed certificate: *from these properties: > > - WORKERGENID1.SIGNERCERTIFICATE > - WORKERGENID1.SIGNERCERTCHAIN > - WORKERGENID1.KEYDATA > > *(2) Use a .p12 file*: in WORKERGENID1.KEYSTOREPATH > > Everything works fine when I use (1) but with (2), I cannot sign the > document. I got this response when apply *getconfig* > " Either this isn't a Signer or no Signer Certificate have been uploaded > to it." > Can someone make it clear for me? Thank you very much. > -- > Nancy > -- Nancy |
|
From: Nancy D. <nan...@gm...> - 2012-12-28 04:08:01
|
Hi there, I'm trying out some demos with the PDF signer. As far I understand, we can sign by 2 methods: *(1) Use a fixed certificate: *from these properties: - WORKERGENID1.SIGNERCERTIFICATE - WORKERGENID1.SIGNERCERTCHAIN - WORKERGENID1.KEYDATA *(2) Use a .p12 file*: in WORKERGENID1.KEYSTOREPATH Everything works fine when I use (1) but with (2), I cannot sign the document. I got this response when apply *getconfig* " Either this isn't a Signer or no Signer Certificate have been uploaded to it." Can someone make it clear for me? Thank you very much. -- Nancy |
|
From: Markus K. <ma...@pr...> - 2012-12-27 07:44:38
|
Hi Antoine, Nancy, On 2012-12-27 07:47, ant...@yo... wrote: > Hi Nancy, > > For when do you need this functionality ? You could integrate yourself > the code (with the diff file in the link below) or wait for the > integration in signserver. > > @Markus : I just see that the integration is scheduled for signserver > 3.5, is it possible to do it before ? It all come down to our available resources and customer requirements. However, 3.5 might not be so far away as we are planning on releasing 3.3 in the beginning of next year and 3.4 just 1-2 months later. Best regards, Markus > > Here's the address of the ticket : > https://jira.primekey.se/browse/DSS-457 > > Have a nice day. > > Best regards, -- PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ > > > Antoine > > > On Thu, 27 Dec 2012 09:26:20 +0700, Nancy Dang <nan...@gm...> > wrote: >> Hi Antoine Louiset, >> >> Thank you for your response. I'm trying the 2nd solution as I need to >> use many certificates in my system. However, it takes time to read >> through the code :) Thanks again for your idea. >> >> In my system, the certificates belong to users, not the server (or >> signer). Each user will have different certificate (+private key) but >> they don't have a token to store those information. My plan is to >> store those information on the server and when a user needs to sign a >> document, he will have a signer did it. >> >> The private key of each user will not change frequently but there are >> many private keys. So different workers have to work with different >> private keys. >> >> Best regards, >> >> On Thu, Dec 27, 2012 at 4:24 AM, wrote: >> On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang >> wrote: >> >>> Hi, >> > >> > I would like to customize the project in a way that allows me to >> > choose which certificate is used to sign the data. >> > >> > Currently, to my knowledge, I need to specify a .p12 file in the >> > property file of each signer. That file will then be used for >> signing. >> > I want to change the source code so that the worker can be >> reloaded >> > (or started) by some command like this: >> > >> > # bin/signserver.sh reload 3 001 >> > >> > where 3 is the worker ID and 001 is the certificate ID from a >> > database. >> > >> > I'm new to Sign Server and still dig in. Please help me with some >> > ideas how to do this. Or at least answer the question: Is this >> > possible? >> > >> > Thank you very much. >> >> Hi, >> >> Welcome to the community ! >> >> You should use a JKS file to store your private keys and your >> certificates. It will be faster. >> >> I have 2 suggestions. Perhaps, you could change the property >> "defaultkey" in the configuration of the worker. The defaultkey >> corresponds to the alias of the private key stored in the keystore. >> >> Otherwise, I develop a new functionality which could interest you. >> In >> the configuration of the worker, I add one property where you >> specify >> different parameters that the client of signserver has to specify. >> In >> my >> case, I need the alias of the private key used to sign. These >> properties >> are stored in the metadata which could be sent for example by Web >> Services. In that case, you just have to change in the different >> workers >> the line getPrivateKey(alias) and put alias with the one sent. >> >> Do not hesitate to tell me if you don't understand something. >> >> Will you often change the private key to use ? How many private keys >> will you use ? If it is not an important number, you should use >> different workers with different values of the property >> "defaultkey". >> >> Best regards, >> >> Antoine Louiset >> Yousign > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. ON SALE this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122712 > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
8 messages has been excluded from this view by a project administrator.
