0
In the documentation of Demoiselle Signer we have the following example to load the private key of a token:
KeyStoreLoader keyStoreLoader = KeyStoreLoaderFactory.factoryKeyStoreLoader();
KeyStore keyStore = keyStoreLoader.getKeyStore("pinnumber");
String certificateAlias = keyStore.aliases().nextElement();
PrivateKey chavePrivada = (PrivateKey)keyStore.getKey(certificateAlias, "pinnumber");
The first problem is that, using version 2.0.0 of the component, the method keyStoreLoader.getKeyStore
has no arguments. So I tried to execute the code seguitne:
KeyStoreLoader keyStoreLoader = KeyStoreLoaderFactory.factoryKeyStoreLoader();
KeyStore keyStore = keyStoreLoader.getKeyStore();
And on the second line, I got the following error:
br.gov.frameworkdemoiselle.certificate.keystore.loader.KeyStoreLoaderException: No driver in the list is compatible with your hardware
at br.gov.frameworkdemoiselle.certificate.keystore.loader.implementation.DriverKeyStoreLoader.getKeyStoreFromDrivers(DriverKeyStoreLoader.java:164)
at br.gov.frameworkdemoiselle.certificate.keystore.loader.implementation.DriverKeyStoreLoader.getKeyStore(DriverKeyStoreLoader.java:89)
at br.gov.serpro.sislv.assinatura.AssinarTest.getPrivateKeyFromToken(AssinarTest.java:43)
On the console, I got the following log:
log4j:WARN No such property [maxFileSize] in org.apache.log4j.PatternLayout.
[DEBUG 13:47:23 KeyStoreLoaderFactory] Fabricando KeyStore sem parametros
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_05
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_06
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_03
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_04
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_09
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_07
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_08
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_01
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_02
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_00
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_22
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_21
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_24::/usr/lib/libeToken.so na lista de drivers
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_23::/usr/lib/libeTPkcs11.so na lista de drivers
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_20
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_29
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_26
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_25
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_28
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_27
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_14
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_15
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_16
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_17
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_18
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_19
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_10
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_11
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_12
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_13
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_35
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_34
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_33
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_32
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_31
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_30::/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so na lista de drivers
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_37
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_36
[DEBUG 13:47:23 KeyStoreLoaderFactory] Fabricando KeyStore no modo PKCS11 para Nao Windows
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_24::/usr/lib/libeToken.so na lista de drivers
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_23::/usr/lib/libeTPkcs11.so na lista de drivers
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_30::/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so na lista de drivers
The token is connected to the computer and in Firefox I was able to use it.
My token is this one: https://expressodrive.serpro.gov.br/public.php?service=files&t=f50af9ae1b77c8a28fd1848c2707831d&download
Does Demoiselle Signer not support my token? Or is there some other problem there?
Note: in later tests I saw that the behavior is the same if the token is not connected to the machine.
EDITION 1
I made a new attempt based on the following code: https://github.com/ednaraoliveira/example-certificate/blob/master/SECertificate/src/main/java/simple/example/linux/CertificateSignerLinux.java
Now my code is like this:
char[] pin = Pin.PIN.toCharArray();
Provider p = new sun.security.pkcs11.SunPKCS11(DRIVERS_CONFIG);
Security.addProvider(p);
KeyStore keyStore = KeyStore.getInstance("PKCS11", "SunPKCS11-Provedor");
keyStore.load(null, pin);
String alias = keyStore.aliases().nextElement();
pKey = (PrivateKey) keyStore.getKey(alias, pin);
certificateChain = keyStore.getCertificateChain(alias);
And on the line keyStore.load(null, pin);
got the error:
java.io.IOException: load failed
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:774)
at java.security.KeyStore.load(KeyStore.java:1214)
at br.gov.serpro.sislv.laudo.assinatura.AssinarTest.parseToken(AssinarTest.java:61)
Man drivers.config
:
name = Provedor
#description = Token Pronova ePass2000
#library = /usr/lib/libepsng_p11.so
#description = Token Pro Azul
#library = /usr/lib/libeTPkcs11.so
description = Token Watchdata
library = /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so
ISSUE 2
Update: the last error occurred because the token password was not properly configured. Now that I’ve fixed it, the error has become:
br.gov.frameworkdemoiselle.certificate.ca.manager.CAManagerException: Nenhuma autoridade informada faz parte da cadeia de certificados do certificado informado
at br.gov.frameworkdemoiselle.certificate.ca.manager.CAManager.validateRootCAs(CAManager.java:100)
at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.CAdESSigner.signer(CAdESSigner.java:519)
at br.gov.serpro.sislv.laudo.assinatura.AssinarTest.shouldAssinarDocumento(AssinarTest.java:46)
This error happens in the following line: byte[] signed = signer.signer(documento);
Full test:
package br.gov.serpro.sislv.laudo.assinatura;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.util.Arrays;
import org.apache.commons.io.FileUtils;
import org.junit.Test;
import br.gov.frameworkdemoiselle.certificate.signer.factory.PKCS7Factory;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer;
import br.gov.serpro.sislv.utils.FileLoader;
public class AssinarTest {
private static final String DRIVERS_CONFIG = "/home/34552143808/drivers.config";
private PrivateKey pKey;
private Certificate[] certificateChain;
@Test
public void shouldAssinarDocumento() throws Exception {
parseToken();
byte[] documento = getBytesFrom("assinatura/tema-228.pdf");
PKCS7Signer signer = PKCS7Factory.getInstance().factoryDefault();
signer.setCertificates(certificateChain);
signer.setPrivateKey(pKey);
byte[] signed = signer.signer(documento);
System.out.println(signed);
}
private byte[] getBytesFrom(String path) throws IOException {
FileLoader loader = new FileLoader(path);
File documento = loader.getFile();
return FileUtils.readFileToByteArray(documento);
}
private void parseToken() throws Exception {
char[] pin = Pin.PIN.toCharArray();
Provider p = new sun.security.pkcs11.SunPKCS11(DRIVERS_CONFIG);
Security.addProvider(p);
KeyStore keyStore = KeyStore.getInstance("PKCS11", "SunPKCS11-Provedor");
keyStore.load(null, pin);
String alias = keyStore.aliases().nextElement();
pKey = (PrivateKey) keyStore.getKey(alias, pin);
certificateChain = keyStore.getCertificateChain(alias);
}
}