Menu
▾
▴
signserver-develop
You can subscribe to this list here.
| 2008 |
Jan
(1) |
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(4) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(4) |
Dec
|
| 2010 |
Jan
(1) |
Feb
|
Mar
|
Apr
(4) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(3) |
| 2012 |
Jan
(1) |
Feb
(8) |
Mar
(10) |
Apr
|
May
(12) |
Jun
(2) |
Jul
(28) |
Aug
(15) |
Sep
(12) |
Oct
(2) |
Nov
|
Dec
(16) |
| 2013 |
Jan
(30) |
Feb
(1) |
Mar
|
Apr
(11) |
May
(2) |
Jun
(11) |
Jul
(15) |
Aug
(4) |
Sep
(1) |
Oct
(10) |
Nov
(1) |
Dec
(2) |
| 2014 |
Jan
(8) |
Feb
(13) |
Mar
(12) |
Apr
(24) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(2) |
Oct
(1) |
Nov
(2) |
Dec
(1) |
| 2015 |
Jan
(3) |
Feb
(6) |
Mar
|
Apr
|
May
(7) |
Jun
(7) |
Jul
(3) |
Aug
(5) |
Sep
(1) |
Oct
(8) |
Nov
(6) |
Dec
|
| 2016 |
Jan
|
Feb
(3) |
Mar
(5) |
Apr
(9) |
May
(26) |
Jun
(8) |
Jul
|
Aug
|
Sep
(11) |
Oct
(8) |
Nov
(1) |
Dec
(2) |
| 2017 |
Jan
(4) |
Feb
(7) |
Mar
(7) |
Apr
(4) |
May
(1) |
Jun
(5) |
Jul
(3) |
Aug
(3) |
Sep
(1) |
Oct
(4) |
Nov
(5) |
Dec
(1) |
| 2018 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
(1) |
Mar
(2) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
(2) |
Dec
|
| 2020 |
Jan
(3) |
Feb
|
Mar
(2) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
(1) |
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2025 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ant...@yo...> - 2012-12-27 07:04:17
|
Hi Nancy, For when do you need this functionality ? You could integrate yourself the code (with the diff file in the link below) or wait for the integration in signserver. @Markus : I just see that the integration is scheduled for signserver 3.5, is it possible to do it before ? Here's the address of the ticket : https://jira.primekey.se/browse/DSS-457 Have a nice day. Best regards, Antoine On Thu, 27 Dec 2012 09:26:20 +0700, Nancy Dang <nan...@gm...> wrote: > Hi Antoine Louiset, > > Thank you for your response. I'm trying the 2nd solution as I need to > use many certificates in my system. However, it takes time to read > through the code :) Thanks again for your idea. > > In my system, the certificates belong to users, not the server (or > signer). Each user will have different certificate (+private key) but > they don't have a token to store those information. My plan is to > store those information on the server and when a user needs to sign a > document, he will have a signer did it. > > The private key of each user will not change frequently but there are > many private keys. So different workers have to work with different > private keys. > > Best regards, > > On Thu, Dec 27, 2012 at 4:24 AM, wrote: > On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang > wrote: > >> Hi, > > > > I would like to customize the project in a way that allows me to > > choose which certificate is used to sign the data. > > > > Currently, to my knowledge, I need to specify a .p12 file in the > > property file of each signer. That file will then be used for > signing. > > I want to change the source code so that the worker can be > reloaded > > (or started) by some command like this: > > > > # bin/signserver.sh reload 3 001 > > > > where 3 is the worker ID and 001 is the certificate ID from a > > database. > > > > I'm new to Sign Server and still dig in. Please help me with some > > ideas how to do this. Or at least answer the question: Is this > > possible? > > > > Thank you very much. > > Hi, > > Welcome to the community ! > > You should use a JKS file to store your private keys and your > certificates. It will be faster. > > I have 2 suggestions. Perhaps, you could change the property > "defaultkey" in the configuration of the worker. The defaultkey > corresponds to the alias of the private key stored in the keystore. > > Otherwise, I develop a new functionality which could interest you. > In > the configuration of the worker, I add one property where you > specify > different parameters that the client of signserver has to specify. > In > my > case, I need the alias of the private key used to sign. These > properties > are stored in the metadata which could be sent for example by Web > Services. In that case, you just have to change in the different > workers > the line getPrivateKey(alias) and put alias with the one sent. > > Do not hesitate to tell me if you don't understand something. > > Will you often change the private key to use ? How many private keys > will you use ? If it is not an important number, you should use > different workers with different values of the property > "defaultkey". > > Best regards, > > Antoine Louiset > Yousign |
|
From: Nancy D. <nan...@gm...> - 2012-12-27 02:26:28
|
Hi Antoine Louiset, Thank you for your response. I'm trying the 2nd solution as I need to use many certificates in my system. However, it takes time to read through the code :) Thanks again for your idea. In my system, the certificates belong to users, not the server (or signer). Each user will have different certificate (+private key) but they don't have a token to store those information. My plan is to store those information on the server and when a user needs to sign a document, he will have a signer did it. The private key of each user will not change frequently but there are many private keys. So different workers have to work with different private keys. Best regards, On Thu, Dec 27, 2012 at 4:24 AM, <ant...@yo...> wrote: > On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang <nan...@gm...> > wrote: > > Hi, > > > > I would like to customize the project in a way that allows me to > > choose which certificate is used to sign the data. > > > > Currently, to my knowledge, I need to specify a .p12 file in the > > property file of each signer. That file will then be used for signing. > > I want to change the source code so that the worker can be reloaded > > (or started) by some command like this: > > > > # bin/signserver.sh reload 3 001 > > > > where 3 is the worker ID and 001 is the certificate ID from a > > database. > > > > I'm new to Sign Server and still dig in. Please help me with some > > ideas how to do this. Or at least answer the question: Is this > > possible? > > > > Thank you very much. > > > Hi, > > Welcome to the community ! > > You should use a JKS file to store your private keys and your > certificates. It will be faster. > > I have 2 suggestions. Perhaps, you could change the property > "defaultkey" in the configuration of the worker. The defaultkey > corresponds to the alias of the private key stored in the keystore. > > Otherwise, I develop a new functionality which could interest you. In > the configuration of the worker, I add one property where you specify > different parameters that the client of signserver has to specify. In > my > case, I need the alias of the private key used to sign. These > properties > are stored in the metadata which could be sent for example by Web > Services. In that case, you just have to change in the different > workers > the line getPrivateKey(alias) and put alias with the one sent. > > Do not hesitate to tell me if you don't understand something. > > Will you often change the private key to use ? How many private keys > will you use ? If it is not an important number, you should use > different workers with different values of the property "defaultkey". > > Best regards, > > > Antoine Louiset > Yousign > > > > -- Nancy |
|
From: <ant...@yo...> - 2012-12-26 23:19:16
|
On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang <nan...@gm...> wrote: > Hi, > > I would like to customize the project in a way that allows me to > choose which certificate is used to sign the data. > > Currently, to my knowledge, I need to specify a .p12 file in the > property file of each signer. That file will then be used for signing. > I want to change the source code so that the worker can be reloaded > (or started) by some command like this: > > # bin/signserver.sh reload 3 001 > > where 3 is the worker ID and 001 is the certificate ID from a > database. > > I'm new to Sign Server and still dig in. Please help me with some > ideas how to do this. Or at least answer the question: Is this > possible? > > Thank you very much. Hi, Welcome to the community ! You should use a JKS file to store your private keys and your certificates. It will be faster. I have 2 suggestions. Perhaps, you could change the property "defaultkey" in the configuration of the worker. The defaultkey corresponds to the alias of the private key stored in the keystore. Otherwise, I develop a new functionality which could interest you. In the configuration of the worker, I add one property where you specify different parameters that the client of signserver has to specify. In my case, I need the alias of the private key used to sign. These properties are stored in the metadata which could be sent for example by Web Services. In that case, you just have to change in the different workers the line getPrivateKey(alias) and put alias with the one sent. Do not hesitate to tell me if you don't understand something. Will you often change the private key to use ? How many private keys will you use ? If it is not an important number, you should use different workers with different values of the property "defaultkey". Best regards, Antoine Louiset Yousign |
|
From: Nancy D. <nan...@gm...> - 2012-12-26 09:48:57
|
Hi, I would like to customize the project in a way that allows me to choose which certificate is used to sign the data. Currently, to my knowledge, I need to specify a .p12 file in the property file of each signer. That file will then be used for signing. I want to change the source code so that the worker can be reloaded (or started) by some command like this: # bin/signserver.sh reload 3 001 where 3 is the worker ID and 001 is the certificate ID from a database. I'm new to Sign Server and still dig in. Please help me with some ideas how to do this. Or at least answer the question: Is this possible? Thank you very much. -- Nancy |
|
From: Markus K. <ma...@pr...> - 2012-12-19 11:45:43
|
The PrimeKey SignServer team is happy to announce that SignServer 3.2.4 has been released! This is a minor maintenance release - in total 7 features, options, bugs and stabilizations have been fixed or added. Development continues beyond this version and all requests from the community are scheduled for SignServer 3.3.0 or later releases. More information is available at the project web site and the complete changelog can be viewed in the issue tracker. The most noteworthy changes can be seen below. New features and improvements: - Installation script contributed by Antoine Louiset. - Added test cases for TimeStampSigner with other key algorithms than RSA. - Improved feature list at signserver.org. Bug fixes: - Using a worker ID with the Client CLI did not work. - JBoss 5 threw exception on SignServer shutdown. - Renewal worker did not use the supplied DN in the request. - StatusPropertiesWorker required a crypto token to be configured. Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel). Regards, The PrimeKey SignServer team |
|
From: Markus K. <ma...@pr...> - 2012-12-04 16:17:49
|
On 2012-12-04 15:48, ant...@yo... wrote: > Thanks Markus for your fast answer ! > > I just want to manage workers on my server so is it possible to do it > without the admin CLI ? If you just want to edit worker properties and install certificates etc, not doing anything advanced, then it could be possible to do it using the Admin GUI (bin/admingui.sh -ws) which runs over web services. But if you need to add new workers and do more advanced stuff you will need the admin CLI. > > It is really easy to deploy the ear but the ear alone is not usefull or > maybe I don't know how to proceed. You see what I mean ? Sure, you need some sort of admin interface to activate workers etc. Having the admin CLI on the server is the normal solution. Best regards, Markus > > Have a good afternoon. > > Best regards, > > > Antoine > > On Tue, 04 Dec 2012 15:26:58 +0100, Markus Kilås <ma...@pr...> > wrote: >> Hi Antoine, >> >> The ear file is the only thing that is strictly required to run SignServer. >> >> If you want the AdminCLI and not build on the server you can build >> SignServer an a different machine and then copy it over to the server. >> Either you copy over everything or you try to find only the things you >> need like SignServer-AdminCLI.jar and all of its dependencies as well as >> the wrapper script and jndi.properties etc. >> >> There is also an Ant target available for building an binary >> distribution that should be possible to copy directly to the server: >> $ bin/ant release:binary-tarball >> >> >> Best regards, >> Markus >> >> >> On 2012-12-04 10:29, ant...@yo... wrote: >>> Hi everyone, >>> >>> I would like to deploy signserver on my server. Is it possible to just >>> copy the ear file and to build the admincli to manage workers ? Or do I >>> need to build and deploy completely signserver on the machine ? >>> >>> Thanks for your help. >>> >>> Best regards, >>> >>> >>> Antoine Louiset >>> >>> >>> ------------------------------------------------------------------------------ >>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >>> Remotely access PCs and mobile devices and provide instant support >>> Improve your efficiency, and focus on delivering more value-add services >>> Discover what IT Professionals Know. Rescue delivers >>> http://p.sf.net/sfu/logmein_12329d2d >>> _______________________________________________ >>> SignServer-develop mailing list >>> Sig...@li... >>> https://lists.sourceforge.net/lists/listinfo/signserver-develop >>> > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: <ant...@yo...> - 2012-12-04 14:48:49
|
Thanks Markus for your fast answer ! I just want to manage workers on my server so is it possible to do it without the admin CLI ? It is really easy to deploy the ear but the ear alone is not usefull or maybe I don't know how to proceed. You see what I mean ? Have a good afternoon. Best regards, Antoine On Tue, 04 Dec 2012 15:26:58 +0100, Markus Kilås <ma...@pr...> wrote: > Hi Antoine, > > The ear file is the only thing that is strictly required to run SignServer. > > If you want the AdminCLI and not build on the server you can build > SignServer an a different machine and then copy it over to the server. > Either you copy over everything or you try to find only the things you > need like SignServer-AdminCLI.jar and all of its dependencies as well as > the wrapper script and jndi.properties etc. > > There is also an Ant target available for building an binary > distribution that should be possible to copy directly to the server: > $ bin/ant release:binary-tarball > > > Best regards, > Markus > > > On 2012-12-04 10:29, ant...@yo... wrote: >> Hi everyone, >> >> I would like to deploy signserver on my server. Is it possible to just >> copy the ear file and to build the admincli to manage workers ? Or do I >> need to build and deploy completely signserver on the machine ? >> >> Thanks for your help. >> >> Best regards, >> >> >> Antoine Louiset >> >> >> ------------------------------------------------------------------------------ >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >> Remotely access PCs and mobile devices and provide instant support >> Improve your efficiency, and focus on delivering more value-add services >> Discover what IT Professionals Know. Rescue delivers >> http://p.sf.net/sfu/logmein_12329d2d >> _______________________________________________ >> SignServer-develop mailing list >> Sig...@li... >> https://lists.sourceforge.net/lists/listinfo/signserver-develop >> |
|
From: Markus K. <ma...@pr...> - 2012-12-04 14:28:21
|
Hi Antoine, The ear file is the only thing that is strictly required to run SignServer. If you want the AdminCLI and not build on the server you can build SignServer an a different machine and then copy it over to the server. Either you copy over everything or you try to find only the things you need like SignServer-AdminCLI.jar and all of its dependencies as well as the wrapper script and jndi.properties etc. There is also an Ant target available for building an binary distribution that should be possible to copy directly to the server: $ bin/ant release:binary-tarball Best regards, Markus On 2012-12-04 10:29, ant...@yo... wrote: > Hi everyone, > > I would like to deploy signserver on my server. Is it possible to just > copy the ear file and to build the admincli to manage workers ? Or do I > need to build and deploy completely signserver on the machine ? > > Thanks for your help. > > Best regards, > > > Antoine Louiset > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: <ant...@yo...> - 2012-12-04 14:14:25
|
Hi everyone, I would like to deploy signserver on my server. Is it possible to just copy the ear file and to build the admincli to manage workers ? Or do I need to build and deploy completely signserver on the machine ? Thanks for your help. Best regards, Antoine Louiset |
|
From: Markus K. <ma...@pr...> - 2012-10-18 15:01:57
|
That would be the DSS-168 issue with OpenJDK. There is a workaround described in the issue. BR, Markus Antoine Louiset <ant...@yo...> wrote: >Hi everyone, > >I try to launch tests of signserver 3.2.3. > >I have got one failure and one error. The error is : > >ODFSignerTest test01SignOdt Error SignServerException calling >signer with id 5678 : Problem signing odf document >org.signserver.common.SignServerException: SignServerException calling >signer with id 5678 : Problem signing odf document >at >org.signserver.ejb.WorkerSessionBean.process(WorkerSessionBean.java:276) >at >com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1011) >at >com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:175) >at >com.sun.ejb.containers.BaseContainer.invokeTargetBeanMethod(BaseContainer.java:2929) >at >com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4020) >at >com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:203) >at >com.sun.ejb.containers.EJBObjectInvocationHandlerDelegate.invoke(EJBObjectInvocationHandlerDelegate.java:77) >at $Proxy129.process(Unknown Source) >at >com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie._invoke(ReflectiveTie.java:154) >at >com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatchToServant(CorbaServerRequestDispatcherImpl.java:687) >at >com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:227) >... >Caused by: java.lang.ArrayIndexOutOfBoundsException: 23 >at >com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.index(NameSpaceSymbTable.java:375) >at >com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.get(NameSpaceSymbTable.java:402) >at >com.sun.org.apache.xml.internal.security.c14n.implementations.NameSpaceSymbTable.addMappingAndRender(NameSpaceSymbTable.java:227) >at >com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315.handleAttributesSubtree(Canonicalizer20010315.java:105) >at >com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.canonicalizeSubTree(CanonicalizerBase.java:275) >at >com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:194) >at >com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:123) >at >com.sun.org.apache.xml.internal.security.c14n.CanonicalizerSpi.engineCanonicalize(CanonicalizerSpi.java:101) >at >com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.engineCanonicalize(CanonicalizerBase.java:138) >at >com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14N.enginePerformTransform(TransformC14N.java:69) >at >com.sun.org.apache.xml.internal.security.transforms.Transform.performTransform(Transform.java:350) >at >org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.transform(ApacheCanonicalizer.java:239) > > >Is this error the same as https://jira.primekey.se/browse/DSS-168 ? > >The failure is : >HealthCheckTest test04DownForMaintenance Failure status >response: OK expected:<500> but was:<200> > >junit.framework.AssertionFailedError: status response: OK >expected:<500> >but was:<200> >at >org.signserver.web.WebTestCase.assertStatusReturned(WebTestCase.java:62) >at >org.signserver.web.WebTestCase.assertStatusReturned(WebTestCase.java:47) >at >org.signserver.web.HealthCheckTest.test04DownForMaintenance(HealthCheckTest.java:128) > > >Congratulations for this new version. > > >Have a nice day ! > > >Antoine > > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Everyone hates slow websites. So do we. >Make your web apps faster with AppDynamics >Download AppDynamics Lite for free today: >http://p.sf.net/sfu/appdyn_sfd2d_oct > >------------------------------------------------------------------------ > >_______________________________________________ >SignServer-develop mailing list >Sig...@li... >https://lists.sourceforge.net/lists/listinfo/signserver-develop -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. |
|
From: Antoine L. <ant...@yo...> - 2012-10-18 14:29:25
|
Hi everyone, I try to launch tests of signserver 3.2.3. I have got one failure and one error. The error is : ODFSignerTest test01SignOdt Error SignServerException calling signer with id 5678 : Problem signing odf document org.signserver.common.SignServerException: SignServerException calling signer with id 5678 : Problem signing odf document at org.signserver.ejb.WorkerSessionBean.process(WorkerSessionBean.java:276) at com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1011) at com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:175) at com.sun.ejb.containers.BaseContainer.invokeTargetBeanMethod(BaseContainer.java:2929) at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4020) at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:203) at com.sun.ejb.containers.EJBObjectInvocationHandlerDelegate.invoke(EJBObjectInvocationHandlerDelegate.java:77) at $Proxy129.process(Unknown Source) at com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie._invoke(ReflectiveTie.java:154) at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatchToServant(CorbaServerRequestDispatcherImpl.java:687) at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:227) ... Caused by: java.lang.ArrayIndexOutOfBoundsException: 23 at com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.index(NameSpaceSymbTable.java:375) at com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.get(NameSpaceSymbTable.java:402) at com.sun.org.apache.xml.internal.security.c14n.implementations.NameSpaceSymbTable.addMappingAndRender(NameSpaceSymbTable.java:227) at com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer20010315.handleAttributesSubtree(Canonicalizer20010315.java:105) at com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.canonicalizeSubTree(CanonicalizerBase.java:275) at com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:194) at com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.engineCanonicalizeSubTree(CanonicalizerBase.java:123) at com.sun.org.apache.xml.internal.security.c14n.CanonicalizerSpi.engineCanonicalize(CanonicalizerSpi.java:101) at com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase.engineCanonicalize(CanonicalizerBase.java:138) at com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14N.enginePerformTransform(TransformC14N.java:69) at com.sun.org.apache.xml.internal.security.transforms.Transform.performTransform(Transform.java:350) at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.transform(ApacheCanonicalizer.java:239) Is this error the same as https://jira.primekey.se/browse/DSS-168 ? The failure is : HealthCheckTest test04DownForMaintenance Failure status response: OK expected:<500> but was:<200> junit.framework.AssertionFailedError: status response: OK expected:<500> but was:<200> at org.signserver.web.WebTestCase.assertStatusReturned(WebTestCase.java:62) at org.signserver.web.WebTestCase.assertStatusReturned(WebTestCase.java:47) at org.signserver.web.HealthCheckTest.test04DownForMaintenance(HealthCheckTest.java:128) Congratulations for this new version. Have a nice day ! Antoine |
|
From: Markus K. <ma...@pr...> - 2012-09-28 15:35:59
|
The PrimeKey SignServer team is happy to announce that SignServer 3.2.3 has been released! This is a maintenance release - in total 34 features, options, bugs and stabilizations have been fixed or added. Development continues beyond this version and all requests from the community are scheduled for SignServer 3.2.4 or later releases. More information is available at the project web site and the complete changelog can be viewed in the issue tracker. The most noteworthy changes can be seen below. Major new features and improvements: - Support for SignServer without database - Configurable to disable the key usage counter - Signer certificate check in Health check for all Signers - Check that the timestamp signer certificate is included in the certificate chain - Health check response of TimeStampSigner now considers status of time source - Down-for-maintenance support in Health check - Support for supplying filename as request metadata Bug fixes: - Client CLI only supported 10 arguments on Windows - Null value was inserted when removing last wsadmin on Oracle - PDF Signature could not be larger than 15000 bytes - Sample configuration for renewal worker not functional - Various documentation updates Notice: - Same internal API changes has been done as part of DSS-528. If you have custom code some changes might be required. Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel). Regards, The PrimeKey SignServer team |
|
From: Markus K. <ma...@pr...> - 2012-09-21 15:52:35
|
Hi Luis, On 2012-09-20 18:26, Luis Maia wrote: > Hi everyone, > > I've been developing a module for performing a very specific set of Xades Signatures (using Xades4J) and corresponding verification. > > I've noticed that you included Xades in your roadmap, any news on what is being developed and which library are you intending to support? We have XAdES in the roadmap as we have seen some interest for it. However, I don't think any work has started on it yet and we haven't scheduled a date for it to start either. Just that we would like to add support for it in the future. We are open to suggestions on which libraries to use. > The module i'm developing is using a very specific server-side logic but it can perform multiple signatures with the signatures supported in Xades4J. That sounds interesting. > > Maybe if no code for this was produced and someone wants to pick this i could release some portions of interest i had working (the generic stuff). I think we are very interested in contributions in this area to get things going. If you have something to contribute already you can create an issue on https://jira.primekey.se and we can have a look and start discussing on how to best integrate it. > > Also, the developer of the Xades4J library is aware of the interest in signserver and having a wider audience using his stuff, from our previous email exchanges he showed interest in cooperating with the signserver integration and paving the roadmap for his library... That is great to hear. I had a quick look at the Xades4J project page (http://code.google.com/p/xades4j/) and it looks very promising. Best regards, Markus Kilås > > > Best Regards, > Luis Maia. > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://ad.doubleclick.net/clk;258768047;13503038;j? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Luis M. <lm...@ro...> - 2012-09-20 16:26:59
|
Hi everyone, I've been developing a module for performing a very specific set of Xades Signatures (using Xades4J) and corresponding verification. I've noticed that you included Xades in your roadmap, any news on what is being developed and which library are you intending to support? The module i'm developing is using a very specific server-side logic but it can perform multiple signatures with the signatures supported in Xades4J. Maybe if no code for this was produced and someone wants to pick this i could release some portions of interest i had working (the generic stuff). Also, the developer of the Xades4J library is aware of the interest in signserver and having a wider audience using his stuff, from our previous email exchanges he showed interest in cooperating with the signserver integration and paving the roadmap for his library... Best Regards, Luis Maia. |
|
From: Markus K. <ma...@pr...> - 2012-09-12 09:16:27
|
Hi Antoine, On 2012-09-11 19:47, Antoine Louiset wrote: > Hi Markus, > > Thanks for your answer. I try the first option, try to sign the document > sample-certified-nochangesallowed.pdf like my client will do it and > there is the same error message. A certified PDF can not be signed again. If the error message does not state that then there is a bug that we check for double objects before checking so the document is not certified. We should then correct the error message. You can open an ticket for that. > > I think the problem comes from the fact that there is already a > signature in the pdf I want to sign. Do you get the same error message also for other documents already signed but not certified? > > I could test if you want on a clean install of signserver but it might > no changes the problem. > > Maybe we have to test this functionnality more. Do you want me to add a > ticket for it ? If you get this error message also for not certified documents then you can open an other ticket for that. Best regards, Markus > > Best regards, > > > Antoine > > Le 10/09/2012 17:39, Markus Kilås a écrit : >> would do it. To test and see that the issue isn't with the unit >> tests. > > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Antoine L. <ant...@yo...> - 2012-09-11 17:48:25
|
Hi Markus, Thanks for your answer. I try the first option, try to sign the document sample-certified-nochangesallowed.pdf like my client will do it and there is the same error message. I think the problem comes from the fact that there is already a signature in the pdf I want to sign. I could test if you want on a clean install of signserver but it might no changes the problem. Maybe we have to test this functionnality more. Do you want me to add a ticket for it ? Best regards, Antoine Le 10/09/2012 17:39, Markus Kilås a écrit : > would do it. To test and see that the issue isn't with the unit > tests. |
|
From: Markus K. <ma...@pr...> - 2012-09-10 15:39:56
|
I mean if you submit the documents to be signed the same way as your client would do it. To test and see that the issue isn't with the unit tests. An other option would be to setup the standard unmodified PDFSigner, enable RefuseDoubleIndirectObjects and upload the documents to see if there is a problem. Maybe there are "double indirect objects" in the sample PDFs or it is just a false positive. In any case it would be nice to know. Best regards, Markus On 2012-09-10 11:05, Antoine Louiset wrote: > Hi Markus, > > How can I do that ? I can not use the demo web page because I add > parameters which are compulsory for me and which are not sent in the > demo web page. > > Best regards, > > > Antoine > > Le 10/09/2012 10:56, Markus Kilås a écrit : >> Hi Antoine, >> >> Do you also get this error if you try to sign those documents manually >> (ie. not running the unit test) but uploading them by your self? >> >> >> Best regards, >> Markus >> >> On 2012-09-10 10:49, Antoine Louiset wrote: >>> Hi everyone, >>> >>> I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, >>> this option is always activated for all my pdf workers. >>> >>> When I run my unit tests, I have an Exception "SignServerException >>> calling signer with id 5675 : Incorrect document" because of this >>> option. >>> >>> The documents to sign are sample-certified-signingallowed.pdf, >>> sample-certified-formfillingallowed.pdf, >>> sample-certified-nochangesallowed.pdf present in the src/test/pdf >>> folder. >>> >>> This option is very important for me, I do not want to let >>> vulnerabilities. >>> >>> Thanks for your help and have a nice day. >>> >>> Best regards, >>> >>> >>> Antoine L. >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. >>> Discussions >>> will include endpoint security, mobile security and the latest in >>> malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> SignServer-develop mailing list >>> Sig...@li... >>> https://lists.sourceforge.net/lists/listinfo/signserver-develop >>> >> >> > > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Antoine L. <ant...@yo...> - 2012-09-10 09:05:25
|
Hi Markus, How can I do that ? I can not use the demo web page because I add parameters which are compulsory for me and which are not sent in the demo web page. Best regards, Antoine Le 10/09/2012 10:56, Markus Kilås a écrit : > Hi Antoine, > > Do you also get this error if you try to sign those documents manually > (ie. not running the unit test) but uploading them by your self? > > > Best regards, > Markus > > On 2012-09-10 10:49, Antoine Louiset wrote: >> Hi everyone, >> >> I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, >> this option is always activated for all my pdf workers. >> >> When I run my unit tests, I have an Exception "SignServerException >> calling signer with id 5675 : Incorrect document" because of this option. >> >> The documents to sign are sample-certified-signingallowed.pdf, >> sample-certified-formfillingallowed.pdf, >> sample-certified-nochangesallowed.pdf present in the src/test/pdf folder. >> >> This option is very important for me, I do not want to let vulnerabilities. >> >> Thanks for your help and have a nice day. >> >> Best regards, >> >> >> Antoine L. >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> SignServer-develop mailing list >> Sig...@li... >> https://lists.sourceforge.net/lists/listinfo/signserver-develop >> > > |
|
From: Markus K. <ma...@pr...> - 2012-09-10 08:56:19
|
Hi Antoine, Do you also get this error if you try to sign those documents manually (ie. not running the unit test) but uploading them by your self? Best regards, Markus On 2012-09-10 10:49, Antoine Louiset wrote: > Hi everyone, > > I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, > this option is always activated for all my pdf workers. > > When I run my unit tests, I have an Exception "SignServerException > calling signer with id 5675 : Incorrect document" because of this option. > > The documents to sign are sample-certified-signingallowed.pdf, > sample-certified-formfillingallowed.pdf, > sample-certified-nochangesallowed.pdf present in the src/test/pdf folder. > > This option is very important for me, I do not want to let vulnerabilities. > > Thanks for your help and have a nice day. > > Best regards, > > > Antoine L. > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Antoine L. <ant...@yo...> - 2012-09-10 08:50:10
|
Hi everyone, I activate the option RefuseDoubleIndirectObjects in PDFSigner.java, this option is always activated for all my pdf workers. When I run my unit tests, I have an Exception "SignServerException calling signer with id 5675 : Incorrect document" because of this option. The documents to sign are sample-certified-signingallowed.pdf, sample-certified-formfillingallowed.pdf, sample-certified-nochangesallowed.pdf present in the src/test/pdf folder. This option is very important for me, I do not want to let vulnerabilities. Thanks for your help and have a nice day. Best regards, Antoine L. |
|
From: Tomas G. <to...@pr...> - 2012-09-05 19:18:48
|
Hi, We have upgraded the Jira for EJBCA and SignServer,at https://jira.primekey.se/, to the latest version of Jira 5. It's quite different from Jira 3, so go play :-) Cheers, Tomas |
|
From: Markus K. <ma...@pr...> - 2012-09-05 19:15:16
|
Hi Antoine, We plan to release SignServer 3.2.3 before the end of September. The installation procedures should not have changed as far as I can see. You can see the details about what has changed here: https://jira.primekey.se/browse/DSS#selectedTab=com.atlassian.jira.plugin.system.project%3Aroadmap-panel Best regards, Markus On 2012-09-05 09:12, Antoine Louiset wrote: > Hi, > > Do you know when the next version of signserver will be released ? > > Maybe I will modify my installation script of signserver after. > > Have a nice day. > > > > Antoine > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
|
From: Antoine L. <ant...@yo...> - 2012-09-05 07:12:47
|
Hi, Do you know when the next version of signserver will be released ? Maybe I will modify my installation script of signserver after. Have a nice day. Antoine |
|
From: Antoine L. <ant...@yo...> - 2012-08-31 09:35:51
|
Hi Markus, Thanks for your answer. I will do like that. I would prefer to add it directly in the ejb... I understand the problems of changing the compilation files. Have a nice weekend. Best regards, Antoine Le 30/08/2012 09:11, Markus Kilås a écrit : > Hi Antoine, > > On 2012-08-29 15:27, Antoine Louiset wrote: >> Hi everyone, >> >> I want to create my own Authorizer class, so I had one class in >> Signserver-ejb to do this. >> >> In the isAuthorized method, I want to call a web service. So I add a web >> service client with netbeans in signserver-ejb. No problem here, when I >> clean and build this ejb, it works. >> >> The problem comes when I want to run : ant clean deploy for the project. >> The build fails because it doesn't find the generated sources (generated >> by jax ws). >> >> The cause is that in signserver.xmli, there is a tag javac which starts >> the compilation of signserver-ejb. The generated sources are not present >> at this moment so it fails. >> >> Why signserver-ejb is build like that and not with its build.xml ? > From the beginning the different sub projects did not have there own > build xml and everything was built from signserver.xmli. Now we are > switching to use the build scripts generated by NetBeans IDE. In trunk > the change of the build script has got further and SignServer-ejb.jar is > built just like any other module. > >> I try to exclude this file in the javac tag, the compilation works but >> signserver-ejb.jar in dist-server directory does not include this file >> while it is present in the output jar of the module >> (modules/signserver-ejb/build/). >> >> Do you have any ideas to solve this problem ? > If it is possible to not have the code inside SignServer-ejb but instead > create a sub project for your customer Authorizer I would recommend > that. In that case your project would be a Java Library project and the > jar file end up in signerserver.ear/lib. > > For instance you can have a look at SignServer-Module-Renewal which uses > web services. > > > Best regards, > Markus > >> Thanks a lot. >> >> Have a good afternoon. >> >> Best regards, >> >> >> Antoine Louiset >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> >> >> >> _______________________________________________ >> SignServer-develop mailing list >> Sig...@li... >> https://lists.sourceforge.net/lists/listinfo/signserver-develop >> > > |
|
From: Markus K. <ma...@pr...> - 2012-08-30 07:12:00
|
Hi Antoine, On 2012-08-29 15:27, Antoine Louiset wrote: > Hi everyone, > > I want to create my own Authorizer class, so I had one class in > Signserver-ejb to do this. > > In the isAuthorized method, I want to call a web service. So I add a web > service client with netbeans in signserver-ejb. No problem here, when I > clean and build this ejb, it works. > > The problem comes when I want to run : ant clean deploy for the project. > The build fails because it doesn't find the generated sources (generated > by jax ws). > > The cause is that in signserver.xmli, there is a tag javac which starts > the compilation of signserver-ejb. The generated sources are not present > at this moment so it fails. > > Why signserver-ejb is build like that and not with its build.xml ? >From the beginning the different sub projects did not have there own build xml and everything was built from signserver.xmli. Now we are switching to use the build scripts generated by NetBeans IDE. In trunk the change of the build script has got further and SignServer-ejb.jar is built just like any other module. > > I try to exclude this file in the javac tag, the compilation works but > signserver-ejb.jar in dist-server directory does not include this file > while it is present in the output jar of the module > (modules/signserver-ejb/build/). > > Do you have any ideas to solve this problem ? If it is possible to not have the code inside SignServer-ejb but instead create a sub project for your customer Authorizer I would recommend that. In that case your project would be a Java Library project and the jar file end up in signerserver.ear/lib. For instance you can have a look at SignServer-Module-Renewal which uses web services. Best regards, Markus > > Thanks a lot. > > Have a good afternoon. > > Best regards, > > > Antoine Louiset > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- Kind regards, Markus Kilås Security Consultant & Developer PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
8 messages has been excluded from this view by a project administrator.
