signserver-develop

Re: [Signserver-develop] API problem

[Markus K. <ma...@pr...>]

Hello Antoine,

I guess you are using JBoss as the application server. You will need to
use HTTPS as we no longer support HTTP for web service calls to JBoss.

The sample code needs to be updated to use HTTPS (port 8442 or 8443). I
have created an issue for it in our issue tracker where you can also see
the details about why:
https://jira.primekey.se/browse/DSS-439

You can use something like the following to use HTTPS on the port 8442:
---
System.setProperty("javax.net.ssl.trustStore", "p12/truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
ISigningAndValidation signserver = new
SigningAndValidationWS("localhost", 8442, true);
----
Where truststore.jks is a keystore containing the issuing CA certificate
of the web server certificate as a trusted entry.


Best regards,
Markus

On 12/05/2011 10:34 AM, Antoine Louiset wrote:
> Hello,
>
> I try to use signingandvalidationapi. I get the example on
> signserver.org <http://signserver.org> :
>
> public static void main(String[] args) {
>        try {
>         ISigningAndValidation signserver = new
> SigningAndValidationWS("localhost", 8080);
>
>         // Document to sign
>         byte[] unsigned = "<document><name>Some
> content</name></document>".getBytes();
>         byte[] signed;
>
>         // Signing
>         GenericSignResponse signResp = signserver.sign("XMLSigner",
> unsigned);
>         signed = signResp.getProcessedData();
>         System.out.println("Signed: " + new String(signed));
>
>         // Validating
>         GenericValidationResponse validateResp =
> signserver.validate("DemoXMLValidator", signed);
>         System.out.println("Valid: " + validateResp.isValid());
>
>         if(validateResp.getSignerCertificate() != null) {
>             if(validateResp.getSignerCertificate() instanceof
> X509Certificate) {
>                 X509Certificate signerCert = (X509Certificate)
> validateResp.getSignerCertificate();
>                 System.out.println("Signed by: " +
> signerCert.getSubjectDN().getName());
>             }
>         }
>       } catch (Exception ex) {
>         ex.printStackTrace();
>       }
>     }
>
>
> I got an error message :
> com.sun.xml.ws.client.ClientTransportException: HTTP transport error:
> javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake
>     at
> com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119)
>     at
> com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:128)
>     at
> com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
>     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
>     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
>     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
>     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
>     at com.sun.xml.ws.client.Stub.process(Stub.java:235)
>     at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
>     at
> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
>     at
> com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
>     at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
>     at $Proxy30.process(Unknown Source)
>     at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidationWS.java:146)
>     at
> org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidationWS.java:127)
>     at
> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValidationWS.java:177)
>     at SignServerClient.main(SignServerClient.java:83)
> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
> connection during handshake
>     at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
>     at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
>     at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
>     at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
>     at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
>     at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
>     at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
>     at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
>     at
> com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:107)
>     ... 16 more
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>     at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
>     at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
>     ... 24 more
>
> I have been trying to resolve it during 3 days without any results.
> What can I do ?
>
> Thanks a lot!
>
>
>
> Antoine
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure 
> contains a definitive record of customers, application performance, 
> security threats, fraudulent activity, and more. Splunk takes this 
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
>
>
> _______________________________________________
> Signserver-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop


-- 
Kind regards,
Markus Kilås
Security Consultant & Developer

PrimeKey Solutions AB

Anderstorpsv. 16
171 54 Solna
Sweden

Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...

www.primekey.se

[Signserver-develop] API problem

[Antoine L. <ant...@gm...>]

Hello,

I try to use signingandvalidationapi. I get the example on signserver.org :

public static void main(String[] args) {
       try {
        ISigningAndValidation signserver = new
SigningAndValidationWS("localhost", 8080);

        // Document to sign
        byte[] unsigned = "<document><name>Some
content</name></document>".getBytes();
        byte[] signed;

        // Signing
        GenericSignResponse signResp = signserver.sign("XMLSigner",
unsigned);
        signed = signResp.getProcessedData();
        System.out.println("Signed: " + new String(signed));

        // Validating
        GenericValidationResponse validateResp =
signserver.validate("DemoXMLValidator", signed);
        System.out.println("Valid: " + validateResp.isValid());

        if(validateResp.getSignerCertificate() != null) {
            if(validateResp.getSignerCertificate() instanceof
X509Certificate) {
                X509Certificate signerCert = (X509Certificate)
validateResp.getSignerCertificate();
                System.out.println("Signed by: " +
signerCert.getSubjectDN().getName());
            }
        }
      } catch (Exception ex) {
        ex.printStackTrace();
      }
    }


I got an error message :
com.sun.xml.ws.client.ClientTransportException: HTTP transport error:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
    at
com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119)
    at
com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:128)
    at
com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
    at com.sun.xml.ws.client.Stub.process(Stub.java:235)
    at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
    at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
    at
com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
    at $Proxy30.process(Unknown Source)
    at
org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidationWS.java:146)
    at
org.signserver.client.api.SigningAndValidationWS.process(SigningAndValidationWS.java:127)
    at
org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValidationWS.java:177)
    at SignServerClient.main(SignServerClient.java:83)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
    at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
    at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
    at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
    at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
    at
com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:107)
    ... 16 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798)
    ... 24 more

I have been trying to resolve it during 3 days without any results. What
can I do ?

Thanks a lot!



Antoine

[Signserver-develop] SignServer 3.2.0 released

[Markus K. <ma...@pr...>]

The PrimeKey SignServer team is happy to announce that SignServer 3.2.0
has been released!

This is a major release - in total 49 features, options, bugs and
stabilizations have been fixed or added. The most noteworthy changes can
be seen below.

Development continues beyond this version and all requests from the
community [1] are scheduled for SignServer 3.2.1 or later releases.

More information is available at the project web site [2] and the
complete changelog can be viewed in the issue tracker [3].


Major new features and improvements:
 - Administration Web Service (WS) interface
 - Administration GUI desktop application
 - Client command line interface (CLI)
 - Support for GlassFish Server 2.1.1
 - Support for JBoss Application Server 5.1.0
 - Support for Oracle Database
 - Semi-automatic key generation and certificate renewal from EJBCA
 - Improved audit and transaction logging
 - Improved project structure dividing the modules in sub-projects
 - Front page listing all demo web pages


Read the full changelog for details
(https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel).



Regards,
The PrimeKey SignServer team

[Signserver-develop] SignServer 3.1.5 released

[Markus K. <ma...@pr...>]

The PrimeKey SignServer team is happy to announce that SignServer 3.1.5
has been released!

This is just a minor maintenance release preparing for the upcoming 3.2
– in total 7 features, options, bugs and stabilizations have been fixed
or added. The most noteworthy changes can be seen below.


New features and improvements:
 - Support for HTTPS in the SigningAndValidation API
 - Harden the PDF Signer against PDF signature collisions
 - Function in the build script for create source-only release archives


Bug fixes:
 - Problem in a unit test for certain dates
 - NPE in TimeStampSigner if certificate is missing


Read the full changelog for details
(https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel).



Regards,
The PrimeKey SignServer team

[Signserver-develop] SignServer 3.1.3 released

[Markus K. <ma...@pr...>]

The PrimeKey SignServer team is happy to announce that SignServer 3.1.3
has been released!

This is a maintenance release - in total 9 features, options, bugs and
stabilizations have been fixed or added. The most noteworthy changes can
be seen below.



New features and improvements:
 - Counter for limiting the number of signatures before key renewal is
required
 - Service that periodically writes current values of key usage counters
and signer validity to file
 - Support for workers dispatching requests to other worker(s)
 - Print SignServer version at startup
 - Unit test for checking validity using PrivateKeyUsagePeriod

Bug fixes:
 - Correct filename not returned when using IE6
 - Displaying signing certificate for MRTDSODSigner now also works for
soft cryptotokens
 - Check signer validity periods now also works for soft cryptokens



Read the full changelog for details
(https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel).



Regards,
The PrimeKey SignServer team

Re: [Signserver-develop] SignServer : does it store files ?

[Markus K. <ejb...@pr...>]

Hi,

That sounds like an interesting and good use case for SignServer.

What we not yet have is support for encryption but that should not be
too hard to add. If you are planning of doing the development we can
give you some pointers to get you started otherwise if you want to
sponsor the development PrimeKey could possibly do it.


Regards,
Markus


Grégory DOUGUET wrote:
> Hi Markus,
>
> Thanks for replying.
>
> I'm looking for an archiving system with token, timestamp, certificates and
> encryption support. Which SignServer seems to be.
>
> SignServer will be deployed as a WebService and will develop the numerous
> plugins to store documents from Alfresco, SugarCRM etc... wherever safe
> electronic document archiving is needed.
>
> I'm not sure EJBCA is needed in that case, just SignServer since the
> certificates have to come from a CA to be fully secured.
>
> Regards,
> Grégory DOUGUET
>
> Le 13 avril 2010 11:52, Markus Kilås <ejb...@pr...> a écrit :
>
>   
>> Hi Grégory,
>>
>> SignServer has some support for archiving of the signed documents
>> however it is unfortunately not so well documented. Some information is
>> available here:
>>
>> http://www.signserver.org/manual/complete.en.html#Archiving%20Responses%20%28SignServer%20only%29
>>
>> http://www.signserver.org/manual/complete.en.html#Command%20Line%20Interface
>>
>> The documents are then stored in the database and can be queried by
>> archive ID, client IP address or client certificate etc.
>>
>> SignServer and EJBCA are two separate applications but both can run in
>> the same JBoss instance. What type of integration are you interested in?
>>
>> Best Regards,
>> Markus
>>
>> Grégory DOUGUET wrote:
>>     
>>> Hi,
>>>
>>> I just discovered SignServer and I was wondering if it just signs files
>>>       
>> and
>>     
>>> give timestamps, or does it store tokens and files in a database which
>>>       
>> can
>>     
>>> be queried ?
>>>
>>> And another question is : is SignServer integrated in EJCBA ?
>>>
>>> Thank you,
>>> Grégory DOUGUET
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>>       
>> ------------------------------------------------------------------------------
>>     
>>> Download Intel&#174; Parallel Studio Eval
>>> Try the new software tools for yourself. Speed compiling, find bugs
>>> proactively, and fine-tune applications for parallel performance.
>>> See why Intel Parallel Studio got high marks during beta.
>>> http://p.sf.net/sfu/intel-sw-dev
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Signserver-develop mailing list
>>> Sig...@li...
>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>
>>>       
>> --
>>
>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>> training for EJBCA. Please see www.primekey.se or contact in...@pr...for more information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>>
>>     
>
>   


-- 

PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

Re: [Signserver-develop] SignServer : does it store files ?

[Grégory D. <gdo...@in...>]

Hi Markus,

Thanks for replying.

I'm looking for an archiving system with token, timestamp, certificates and
encryption support. Which SignServer seems to be.

SignServer will be deployed as a WebService and will develop the numerous
plugins to store documents from Alfresco, SugarCRM etc... wherever safe
electronic document archiving is needed.

I'm not sure EJBCA is needed in that case, just SignServer since the
certificates have to come from a CA to be fully secured.

Regards,
Grégory DOUGUET

Le 13 avril 2010 11:52, Markus Kilås <ejb...@pr...> a écrit :

> Hi Grégory,
>
> SignServer has some support for archiving of the signed documents
> however it is unfortunately not so well documented. Some information is
> available here:
>
> http://www.signserver.org/manual/complete.en.html#Archiving%20Responses%20%28SignServer%20only%29
>
> http://www.signserver.org/manual/complete.en.html#Command%20Line%20Interface
>
> The documents are then stored in the database and can be queried by
> archive ID, client IP address or client certificate etc.
>
> SignServer and EJBCA are two separate applications but both can run in
> the same JBoss instance. What type of integration are you interested in?
>
> Best Regards,
> Markus
>
> Grégory DOUGUET wrote:
> > Hi,
> >
> > I just discovered SignServer and I was wondering if it just signs files
> and
> > give timestamps, or does it store tokens and files in a database which
> can
> > be queried ?
> >
> > And another question is : is SignServer integrated in EJCBA ?
> >
> > Thank you,
> > Grégory DOUGUET
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> ------------------------------------------------------------------------------
> > Download Intel&#174; Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Signserver-develop mailing list
> > Sig...@li...
> > https://lists.sourceforge.net/lists/listinfo/signserver-develop
> >
>
>
> --
>
> PrimeKey Solutions offers a commercial EJBCA support subscription and
> training for EJBCA. Please see www.primekey.se or contact in...@pr...for more information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
>
>

Re: [Signserver-develop] SignServer : does it store files ?

[Markus K. <ejb...@pr...>]

Hi Grégory,

SignServer has some support for archiving of the signed documents
however it is unfortunately not so well documented. Some information is
available here:
http://www.signserver.org/manual/complete.en.html#Archiving%20Responses%20%28SignServer%20only%29
http://www.signserver.org/manual/complete.en.html#Command%20Line%20Interface

The documents are then stored in the database and can be queried by
archive ID, client IP address or client certificate etc.

SignServer and EJBCA are two separate applications but both can run in
the same JBoss instance. What type of integration are you interested in?

Best Regards,
Markus

Grégory DOUGUET wrote:
> Hi,
>
> I just discovered SignServer and I was wondering if it just signs files and
> give timestamps, or does it store tokens and files in a database which can
> be queried ?
>
> And another question is : is SignServer integrated in EJCBA ?
>
> Thank you,
> Grégory DOUGUET
>
>   
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> ------------------------------------------------------------------------
>
> _______________________________________________
> Signserver-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>   


-- 

PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

[Signserver-develop] SignServer : does it store files ?

[Grégory D. <gdo...@in...>]

Hi,

I just discovered SignServer and I was wondering if it just signs files and
give timestamps, or does it store tokens and files in a database which can
be queried ?

And another question is : is SignServer integrated in EJCBA ?

Thank you,
Grégory DOUGUET

[Signserver-develop] Svn commit rights policy

[Tomas G. <to...@pr...>]

Hi developers of EJBCA and SignServer,

Required by customers, and the work in progress toward common criteria 
evaluation, we will start enforcing the following policy regarding 
commit access to subversion repositories.

The purpose of this is to maintain assurance that unauthorized 
modifications are not being done to the repositories. This is a strong 
requirement for CC evaluation.

The policy we will start enforcing is:
- After 6 months without svn activity, commit privileges will be withdrawn.

This is not meant to shut anyone out, anyone can still submit patches 
for review and they will be committed. But we can not count on that 
non-active developers monitors everything being done under their name.

Remember that it is as easy to re-instate commit privileges that it is 
to remove them.

If you have any comments, feel fee to speak up.

Kind regards,
Tomas Gustavsson
PrimeKey

Re: [Signserver-develop] Signer of a xml file with its style sheet

[Markus K. <ejb...@pr...>]

I'm still not sure I understand you fully. With a package you mean a
ZIP-file containing two XML documents - one that is the actual XML
document and another that is the style sheet (XSLT)? Or is it one
document which also contains the style sheet?

SignServer currently only signs single XML documents and does not follow
references to other documents.

Perhaps you could send a sample document?

Best Regards,
Markus


LE BLIGUET Marie wrote:
> Thanks for the quick response, I had not looked at this page yet.
> The purpose of my project is to sign a package of an XML document and its style sheet, in order to be sure of how the XML was "seen" by the user at the moment of the signature.
> 
> Is SignServer able to sign such a package?
> 
> Best Regards
> Marie LE BLIGUET
> 
> 
> -----Message d'origine-----
> De : Markus Kilås [mailto:ejb...@pr...] 
> Envoyé : mercredi 4 novembre 2009 14:10
> À : LE BLIGUET Marie
> Cc : sig...@li...
> Objet : Re: [Signserver-develop] Signer of a xml file with its style sheet
> 
> Hello Marie,
> 
> There are some quick start instructions for the XML Signer/Validator on
> the installation page:
> http://www.signserver.org/installationguide.html#XML%20signer
> 
> I am not sure I understand what you mean by signing with the xml
> documents style sheet. The XMLSigner should be able to sign all
> well-formed XML documents and the XMLValidator should then be able to
> validate them if it is configured with the right certificates.
> 
> 
> Best Regards,
> Markus
> 
> 
> LE BLIGUET Marie wrote:
>> Hello,
>>
>>  
>>
>> I'm just beginning a project where I have to sign a xml document with
>> its style sheet. Can SignServer do this signature with a person
>> certificate and with the server certificate? In the new features list
>> there is a XML signer/validator mentioned, but I did not find it in the
>> documentation for SignServer 3.1.
>>
>> Could you tell me if SignServer can sign xml documents (and validate
>> them) and where I can find documentation on this feature?
>>
>>  
>>
>> Best Regards
>>
>>  
>>
>> Marie Le Bliguet
>>
>>  
>>
>>  
>>
>>  
>>
>>
>> ------------------------------------------------------------------------
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
>> trial. Simplify your report design, integration and deployment - and focus on 
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Signserver-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
> 
> 


-- 

PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
in...@pr... for more information.
http://download.primekey.se/documents/ejbca_subscription.pdf
http://download.primekey.se/documents/ejbca_training.pdf

Re: [Signserver-develop] Signer of a xml file with its style sheet

[LE B. M. <Mar...@so...>]

Thanks for the quick response, I had not looked at this page yet.
The purpose of my project is to sign a package of an XML document and its style sheet, in order to be sure of how the XML was "seen" by the user at the moment of the signature.

Is SignServer able to sign such a package?

Best Regards
Marie LE BLIGUET


-----Message d'origine-----
De : Markus Kilås [mailto:ejb...@pr...] 
Envoyé : mercredi 4 novembre 2009 14:10
À : LE BLIGUET Marie
Cc : sig...@li...
Objet : Re: [Signserver-develop] Signer of a xml file with its style sheet

Hello Marie,

There are some quick start instructions for the XML Signer/Validator on
the installation page:
http://www.signserver.org/installationguide.html#XML%20signer

I am not sure I understand what you mean by signing with the xml
documents style sheet. The XMLSigner should be able to sign all
well-formed XML documents and the XMLValidator should then be able to
validate them if it is configured with the right certificates.


Best Regards,
Markus


LE BLIGUET Marie wrote:
> Hello,
> 
>  
> 
> I'm just beginning a project where I have to sign a xml document with
> its style sheet. Can SignServer do this signature with a person
> certificate and with the server certificate? In the new features list
> there is a XML signer/validator mentioned, but I did not find it in the
> documentation for SignServer 3.1.
> 
> Could you tell me if SignServer can sign xml documents (and validate
> them) and where I can find documentation on this feature?
> 
>  
> 
> Best Regards
> 
>  
> 
> Marie Le Bliguet
> 
>  
> 
>  
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
> trial. Simplify your report design, integration and deployment - and focus on 
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Signserver-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop


-- 

PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
in...@pr... for more information.
http://download.primekey.se/documents/ejbca_subscription.pdf
http://download.primekey.se/documents/ejbca_training.pdf

Re: [Signserver-develop] Signer of a xml file with its style sheet

[Markus K. <ejb...@pr...>]

Hello Marie,

There are some quick start instructions for the XML Signer/Validator on
the installation page:
http://www.signserver.org/installationguide.html#XML%20signer

I am not sure I understand what you mean by signing with the xml
documents style sheet. The XMLSigner should be able to sign all
well-formed XML documents and the XMLValidator should then be able to
validate them if it is configured with the right certificates.


Best Regards,
Markus


LE BLIGUET Marie wrote:
> Hello,
> 
>  
> 
> I’m just beginning a project where I have to sign a xml document with
> its style sheet. Can SignServer do this signature with a person
> certificate and with the server certificate? In the new features list
> there is a XML signer/validator mentioned, but I did not find it in the
> documentation for SignServer 3.1.
> 
> Could you tell me if SignServer can sign xml documents (and validate
> them) and where I can find documentation on this feature?
> 
>  
> 
> Best Regards
> 
>  
> 
> Marie Le Bliguet
> 
>  
> 
>  
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
> trial. Simplify your report design, integration and deployment - and focus on 
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Signserver-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop


-- 

PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
in...@pr... for more information.
http://download.primekey.se/documents/ejbca_subscription.pdf
http://download.primekey.se/documents/ejbca_training.pdf

[Signserver-develop] Signer of a xml file with its style sheet

[LE B. M. <Mar...@so...>]

Hello,

 

I'm just beginning a project where I have to sign a xml document with
its style sheet. Can SignServer do this signature with a person
certificate and with the server certificate? In the new features list
there is a XML signer/validator mentioned, but I did not find it in the
documentation for SignServer 3.1.

Could you tell me if SignServer can sign xml documents (and validate
them) and where I can find documentation on this feature?

 

Best Regards

 

Marie Le Bliguet

 

 

 

[Signserver-develop] Dropping support for java 5?

[Tomas G. <to...@pr...>]

Hi,

we plan to drop support for java 5 for SignServer 3.1. Since there are
not many current installations that we know of using java 5, it seems
better to get rid of it a soon as possible.

Sun is dropping support for java 5 on october 30, so it's good timing
for the SignServer project.

Anyone opposing?

Cheers,
Tomas

Re: [Signserver-develop] signserver and the ws

[Philip V. <ph...@pr...>]

Hi Didine

What exists is chapter 14 in the manual and junit tests that can act as
an example for Java at
src/test/org/signserver/protocol/ws/TestMainWebService

But if you send me some details of what you want to accomplish to
philip(a)primekey.se I might help you, even though my php knowledge is
very limited.

Regards Philip

Didine skrev:
> Hello,
>
> Is there any tutorial on how to communicate with the signserver web
> service using PHP or any other language ?
> Thanks for your answers.
>
> --
> Didine Wayde.
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> ------------------------------------------------------------------------
>
> _______________________________________________
> Signserver-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>   

[Signserver-develop] signserver and the ws

[Didine <di...@gm...>]

Hello,

Is there any tutorial on how to communicate with the signserver web service
using PHP or any other language ?
Thanks for your answers.

--
Didine Wayde.

Re: [Signserver-develop] Secure log

[Edre Q. M. <ed...@lc...>]

<div>Hello Philip,<br><br>How can I enable archiving? Is there any place to find instructions on it?<br><br>Thanks,<br>Edré.<br><br></div><font color="#990099">-----Philip Vendil &lt;ph...@pr...&gt; escreveu: -----<br><br></font><blockquote style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;">Para: sig...@li...<br>De: Philip Vendil &lt;ph...@pr...&gt;<br>Data: 26/11/2008 18:05<br>Assunto: Re: [Signserver-develop] Secure log<br><br><font face="Courier New,Courier,espaço simples" size="3">Hello Edre<br><br>It depends on what you mean by secure logging. It's possible to archive<br>all the timestamps issued by the TSA by setting the ARCHIVE setting.<br>Since the timestamp is signed by the TSA it can in some respect be<br>considered as a secure log of what the TSA have done.<br><br>If this isn't the functionality that you're looking for, let me know and<br>I can look into it.<br><br>// Philip<br><br><br><br>Edre Quintao Moreira skrev:<br>&gt; Hi,<br>&gt;<br>&gt; Is there any way to configure secure logging on SignServer TSA out of<br>&gt; the box?<br>&gt;<br>&gt; Thanks,<br>&gt; Edré.<br>&gt; ------------------------------------------------------------------------<br>&gt;<br>&gt; -------------------------------------------------------------------------<br>&gt; This SF.Net email is sponsored by the Moblin Your Move Developer's challenge<br>&gt; Build the coolest Linux based applications with Moblin SDK &amp; win great prizes<br>&gt; Grand prize is a trip for two to an Open Source event anywhere in the world<br>&gt; <a href="http://moblin-contest.org/redirect.php?banner_id=100&amp;url=/">http://moblin-contest.org/redirect.php?banner_id=100&amp;url=/</a><br>&gt; ------------------------------------------------------------------------<br>&gt;<br>&gt; _______________________________________________<br>&gt; Signserver-develop mailing list<br>&gt; Sig...@li...<br>&gt; <a href="https://lists.sourceforge.net/lists/listinfo/signserver-develop">https://lists.sourceforge.net/lists/listinfo/signserver-develop</a><br>&gt; &nbsp; <br><br><br>-------------------------------------------------------------------------<br>This SF.Net email is sponsored by the Moblin Your Move Developer's challenge<br>Build the coolest Linux based applications with Moblin SDK &amp; win great prizes<br>Grand prize is a trip for two to an Open Source event anywhere in the world<br><a href="http://moblin-contest.org/redirect.php?banner_id=100&amp;url=/">http://moblin-contest.org/redirect.php?banner_id=100&amp;url=/</a><br>_______________________________________________<br>Signserver-develop mailing list<br>Sig...@li...<br><a href="https://lists.sourceforge.net/lists/listinfo/signserver-develop">https://lists.sourceforge.net/lists/listinfo/signserver-develop</a><br></font>
</blockquote><br>

Re: [Signserver-develop] Secure log

[Philip V. <ph...@pr...>]

Hi again.

No, there is no such functionality in the SignServer framework yet. But
I can clearly see the usage for it. I will probably add an task about
this in our roapmap system for some form of pluggable logging. But
SignServer is currently in heavy development so it's hard to tell when I
will have time to look at it.

Regards
Philip


Edre Quintao Moreira skrev:
>
> Hi Phillip,
>
> I'm thinking about auditing, some way of establishing a sequence of
> signatures such that it's impossible to TSA server include one in the
> midle (I mean in a relative past time).
>
> Thanks a lot!
> Edré.
>
> Ocultação de detalhes inativa dePhilip Vendil
> <ph...@pr...>Philip Vendil <ph...@pr...>
>
>
>                         *Philip Vendil <ph...@pr...>*
>
>                         26/11/2008 18:03
>
> 	
>
> Para
> 	
> Edre Quintao Moreira <ed...@lc...>
>
> cc
> 	
>
> Assunto
> 	
> Re: [Signserver-develop] Secure log
>
> 	
>
>
> Hello Edre
>
> It depends on what you mean by secure logging. It's possible to archive
> all the timestamps issued by the TSA by setting the ARCHIVE setting.
> Since the timestamp is signed by the TSA it can in some respect be
> considered as a secure log of what the TSA have done.
>
> If this isn't the functionality that you're looking for, let me know and
> I can look into it.
>
> // Philip
>
>
> Edre Quintao Moreira skrev:
> > Hi,
> >
> > Is there any way to configure secure logging on SignServer TSA out of
> > the box?
> >
> > Thanks,
> > Edré.
> > ------------------------------------------------------------------------
> >
> >
> -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> > Build the coolest Linux based applications with Moblin SDK & win
> great prizes
> > Grand prize is a trip for two to an Open Source event anywhere in
> the world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Signserver-develop mailing list
> > Sig...@li...
> > https://lists.sourceforge.net/lists/listinfo/signserver-develop
> >  
>
>

Re: [Signserver-develop] Secure log

[Philip V. <ph...@pr...>]

Hello Edre

It depends on what you mean by secure logging. It's possible to archive
all the timestamps issued by the TSA by setting the ARCHIVE setting.
Since the timestamp is signed by the TSA it can in some respect be
considered as a secure log of what the TSA have done.

If this isn't the functionality that you're looking for, let me know and
I can look into it.

// Philip



Edre Quintao Moreira skrev:
> Hi,
>
> Is there any way to configure secure logging on SignServer TSA out of
> the box?
>
> Thanks,
> Edré.
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Signserver-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>   

[Signserver-develop] Secure log

[Edre Q. M. <ed...@lc...>]

<font size="2">Hi,<br><br>Is there any way to configure secure logging on SignServer TSA out of the box?<br><br>Thanks,<br>Edré.<br></font>

Re: [Signserver-develop] Cannot see web service from LAN

[Ejbca s. <ejb...@pr...>]

In your log file you can see that you have started the web service on 
port 80, not 8080. Try 80 instead.
----
06:51:44,338 INFO  [Http11Protocol] Starting Coyote HTTP/1.1 on 
http-127.0.0.1-80
----

You probably configured port 80 in the properties file?

Regards,
Tomas


Adam Cleobury - IESA wrote:
> I have just built a Signserver setup running under CentOS 4.6 which I 
> have hosted in VMWare Server.
> 
>  
> 
> Everything seems to work with the exception that the server is not 
> listening on port 8080.
> 
>  
> 
> If I do netstat |grep 8080 it shows that the port is listening in 
> CentOS. I can run the test script successfully. If I open a browser and 
> point it to the wsdl using localhost I can see the webservice page and 
> the service description.
> 
>  
> 
> If I attempt to do the same using its local ip 192.168.1.92 address 
> instead of 127.0.0.1 I get a connection refused error.
> 
>  
> 
> I have removed all rules from iptables and disabled the firewall.
> 
>  
> 
> I changed the default port to 80 with same results.
> 
>  
> 
> The only thing I see is that in the startup script results for 
> jboss/run.sh there are 2 error messages at the end when initializing the 
> JAX-WS
> 
>  
> 
>  
> 
> Content of last few lines:
> 
>  
> 
> 06:51:35,649 INFO  [TomcatDeployer] deploy, 
> ctxPath=/signserver/signserverws, 
> warUrl=.../tmp/deploy/tmp40672signserver.ear-contents/signserverws-exp.war/
> 
> 06:51:36,086 ERROR [STDERR] Feb 21, 2008 6:51:36 AM 
> com.sun.xml.ws.transport.http.servlet.WSServletContextListener 
> contextInitialized
> 
> INFO: WSSERVLET12: JAX-WS context listener initializing
> 
> 06:51:40,965 ERROR [STDERR] Feb 21, 2008 6:51:40 AM 
> com.sun.xml.ws.transport.http.servlet.WSServletDelegate <init>
> 
> INFO: WSSERVLET14: JAX-WS servlet initializing
> 
> 06:51:41,040 INFO  [TomcatDeployer] deploy, ctxPath=/signserver, 
> warUrl=.../tmp/deploy/tmp40672signserver.ear-contents/web-exp.war/
> 
> 06:51:41,257 INFO  [StartServicesServlet] Init, Sign Server startup.
> 
> 06:51:43,454 INFO  [EARDeployer] Started J2EE application: 
> file:/opt/jboss-4.2.2.GA/server/default/deploy/signserver.ear
> 
> 06:51:44,338 INFO  [Http11Protocol] Starting Coyote HTTP/1.1 on 
> http-127.0.0.1-80
> 
> 06:51:44,459 INFO  [AjpProtocol] Starting Coyote AJP/1.3 on 
> ajp-127.0.0.1-8009
> 
> 06:51:44,491 INFO  [Server] JBoss (MX MicroKernel) [4.2.2.GA (build: 
> SVNTag=JBoss_4_2_2_GA date=200710221139)] Started in 1m:628ms
> 
>  
> 
> Any help would be really appreciated
> 
>  
> 
>  
> 
> Thanks
> 
>  
> 
> Adam
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Signserver-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop

[Signserver-develop] Cannot see web service from LAN

[Adam C. - I. <ad...@ie...>]

I have just built a Signserver setup running under CentOS 4.6 which I have
hosted in VMWare Server. 

 

Everything seems to work with the exception that the server is not listening
on port 8080.

 

If I do netstat |grep 8080 it shows that the port is listening in CentOS. I
can run the test script successfully. If I open a browser and point it to
the wsdl using localhost I can see the webservice page and the service
description.

 

If I attempt to do the same using its local ip 192.168.1.92 address instead
of 127.0.0.1 I get a connection refused error.

 

I have removed all rules from iptables and disabled the firewall.

 

I changed the default port to 80 with same results.

 

The only thing I see is that in the startup script results for jboss/run.sh
there are 2 error messages at the end when initializing the JAX-WS

 

 

Content of last few lines:

 

06:51:35,649 INFO  [TomcatDeployer] deploy,
ctxPath=/signserver/signserverws,
warUrl=.../tmp/deploy/tmp40672signserver.ear-contents/signserverws-exp.war/

06:51:36,086 ERROR [STDERR] Feb 21, 2008 6:51:36 AM
com.sun.xml.ws.transport.http.servlet.WSServletContextListener
contextInitialized

INFO: WSSERVLET12: JAX-WS context listener initializing

06:51:40,965 ERROR [STDERR] Feb 21, 2008 6:51:40 AM
com.sun.xml.ws.transport.http.servlet.WSServletDelegate <init>

INFO: WSSERVLET14: JAX-WS servlet initializing

06:51:41,040 INFO  [TomcatDeployer] deploy, ctxPath=/signserver,
warUrl=.../tmp/deploy/tmp40672signserver.ear-contents/web-exp.war/

06:51:41,257 INFO  [StartServicesServlet] Init, Sign Server startup.

06:51:43,454 INFO  [EARDeployer] Started J2EE application:
file:/opt/jboss-4.2.2.GA/server/default/deploy/signserver.ear

06:51:44,338 INFO  [Http11Protocol] Starting Coyote HTTP/1.1 on
http-127.0.0.1-80

06:51:44,459 INFO  [AjpProtocol] Starting Coyote AJP/1.3 on
ajp-127.0.0.1-8009

06:51:44,491 INFO  [Server] JBoss (MX MicroKernel) [4.2.2.GA (build:
SVNTag=JBoss_4_2_2_GA date=200710221139)] Started in 1m:628ms

 

Any help would be really appreciated

 

 

Thanks

 

Adam

[Signserver-develop] Announcing SignServer - Version SignServer 3.0

[Henrik A. <ki...@us...>]

After a lot of redesign work and new features is the version 3.0 Beta 1
of the SignServer ready to be released. It have migrated into EJB3, and
have new types of services available.

Some of the new features:
* Complete refactorisation of J2EE from EJB2 to EJB3 to simplify
further development.
* Renamed component Service to TimedService since 3.0 supports other
services.
* A TimedService can now be configured with a 'cron-like' settings
to have services executed in other than just periodical intervals.
* A Validation Service API used to validate certificate from
different issuers. The Validation Service API have it's own easy to use
Web Service used to integrate with other platforms.
* A Group Key Service API used to generate and manage group keys,
symmetric or asymmetric.
* Possibility to have customized authorization of requests, not just
the built in client certificate authorization list.
* The name SignToken is changed to CryptoToken and introduced a new
concept of ExtendedCryptoToken that supports symmetric operations.
* The RMI-SSL interface have been removed and replaced with a JAX-WS
interface with a simple client framework supporting different
load-balance or high availability policies.
* All request data have changed from serialization to
externalization to be easier to translate to other platforms.
* A completely new MailSigner API based upon the JAMES SMTP server
to perform automated cryptographic operations on e-mails very similar to
the plug-ins for the SignServer.
* Java 1.4 is no longer supported.
* A lot of new JUnit tests in the test suite.
* A PDF Signer that can add a signature to a PDF document through a
simple HTML interface.
* PKCS11 Crypto Token to connect to different PKCS11 implementations.


** Bug
     * [DSS-15] - WebService implementation is broken with java 6 update 3
     * [DSS-14] - PrimeCardHSM sign token does not work

** New Feature
     * [DSS-16] - Extend release build to build dual license
     * [DSS-10] - PDF signer plug-in
     * [DSS-11] - PKCS#11 HSM interface for signing tokens


//Signserver team

[Signserver-develop] SignServer V 3.0 Release Party

[Henrik A. <ki...@us...>]

     /*Welcome to*/
     /*SignServer V 3.0 Release Party */
     /2008-02-08/

     After a lot of development during the autumn is the SignServer 3.0
     ready to be released. This will be celebrated with a dinner at the
     Chinese restaurant Grand Palace on Friday the 8:th of Februari at
     Västra Finnbodavägen in Nacka.

     /Pre-drinks at 17
     Dinner at 18

     /If you plan to come, reply to /ki...@us.../ before
     Tuesday the 5 th./

     Welcome!
     SignServer Project Management Team
     /