Demoiseller Signer - Loading a private key from a token

Asked

Viewed 1,430 times

0

In the documentation of Demoiselle Signer we have the following example to load the private key of a token:

KeyStoreLoader keyStoreLoader = KeyStoreLoaderFactory.factoryKeyStoreLoader();
KeyStore keyStore = keyStoreLoader.getKeyStore("pinnumber");
String certificateAlias = keyStore.aliases().nextElement();
PrivateKey chavePrivada = (PrivateKey)keyStore.getKey(certificateAlias, "pinnumber");

The first problem is that, using version 2.0.0 of the component, the method keyStoreLoader.getKeyStore has no arguments. So I tried to execute the code seguitne:

KeyStoreLoader keyStoreLoader = KeyStoreLoaderFactory.factoryKeyStoreLoader();
KeyStore keyStore = keyStoreLoader.getKeyStore();

And on the second line, I got the following error:

br.gov.frameworkdemoiselle.certificate.keystore.loader.KeyStoreLoaderException: No driver in the list is compatible with your hardware
    at br.gov.frameworkdemoiselle.certificate.keystore.loader.implementation.DriverKeyStoreLoader.getKeyStoreFromDrivers(DriverKeyStoreLoader.java:164)
    at br.gov.frameworkdemoiselle.certificate.keystore.loader.implementation.DriverKeyStoreLoader.getKeyStore(DriverKeyStoreLoader.java:89)
    at br.gov.serpro.sislv.assinatura.AssinarTest.getPrivateKeyFromToken(AssinarTest.java:43)

On the console, I got the following log:

log4j:WARN No such property [maxFileSize] in org.apache.log4j.PatternLayout.
[DEBUG 13:47:23 KeyStoreLoaderFactory] Fabricando KeyStore sem parametros
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_05
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_06
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_03
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_04
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_09
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_07
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_08
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_01
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_02
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_00
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_22
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_21
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_24::/usr/lib/libeToken.so na lista de drivers
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_23::/usr/lib/libeTPkcs11.so na lista de drivers
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_20
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_29
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_26
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_25
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_28
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_27
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_14
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_15
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_16
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_17
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_18
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_19
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_10
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_11
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_12
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_13
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_35
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_34
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_33
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_32
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_31
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_30::/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so na lista de drivers
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_37
[ERROR 13:47:23 Configuration] Impossivel carregar o driver TokenOuSmartCard_36
[DEBUG 13:47:23 KeyStoreLoaderFactory] Fabricando KeyStore no modo PKCS11 para Nao Windows
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_24::/usr/lib/libeToken.so na lista de drivers
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_23::/usr/lib/libeTPkcs11.so na lista de drivers
[DEBUG 13:47:23 Configuration] Adicionando o driver TokenOuSmartCard_30::/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so na lista de drivers

The token is connected to the computer and in Firefox I was able to use it.

My token is this one: https://expressodrive.serpro.gov.br/public.php?service=files&t=f50af9ae1b77c8a28fd1848c2707831d&download

Does Demoiselle Signer not support my token? Or is there some other problem there?

Note: in later tests I saw that the behavior is the same if the token is not connected to the machine.

EDITION 1


I made a new attempt based on the following code: https://github.com/ednaraoliveira/example-certificate/blob/master/SECertificate/src/main/java/simple/example/linux/CertificateSignerLinux.java

Now my code is like this:

char[] pin = Pin.PIN.toCharArray();
Provider p = new sun.security.pkcs11.SunPKCS11(DRIVERS_CONFIG);
Security.addProvider(p);
KeyStore keyStore = KeyStore.getInstance("PKCS11", "SunPKCS11-Provedor");
keyStore.load(null, pin);
String alias = keyStore.aliases().nextElement();
pKey = (PrivateKey) keyStore.getKey(alias, pin);
certificateChain = keyStore.getCertificateChain(alias);

And on the line keyStore.load(null, pin); got the error:

java.io.IOException: load failed
    at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:774)
    at java.security.KeyStore.load(KeyStore.java:1214)
    at br.gov.serpro.sislv.laudo.assinatura.AssinarTest.parseToken(AssinarTest.java:61)

Man drivers.config:

name = Provedor
#description = Token Pronova ePass2000
#library = /usr/lib/libepsng_p11.so

#description = Token Pro Azul
#library = /usr/lib/libeTPkcs11.so

description = Token Watchdata
library = /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so

ISSUE 2


Update: the last error occurred because the token password was not properly configured. Now that I’ve fixed it, the error has become:

br.gov.frameworkdemoiselle.certificate.ca.manager.CAManagerException: Nenhuma autoridade informada faz parte da cadeia de certificados do certificado informado
    at br.gov.frameworkdemoiselle.certificate.ca.manager.CAManager.validateRootCAs(CAManager.java:100)
    at br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.CAdESSigner.signer(CAdESSigner.java:519)
    at br.gov.serpro.sislv.laudo.assinatura.AssinarTest.shouldAssinarDocumento(AssinarTest.java:46)

This error happens in the following line: byte[] signed = signer.signer(documento);

Full test:

package br.gov.serpro.sislv.laudo.assinatura;

import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.util.Arrays;

import org.apache.commons.io.FileUtils;
import org.junit.Test;

import br.gov.frameworkdemoiselle.certificate.signer.factory.PKCS7Factory;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer;
import br.gov.serpro.sislv.utils.FileLoader;

public class AssinarTest {

    private static final String DRIVERS_CONFIG = "/home/34552143808/drivers.config";

    private PrivateKey pKey;
    private Certificate[] certificateChain;

    @Test
    public void shouldAssinarDocumento() throws Exception {
        parseToken();
        byte[] documento = getBytesFrom("assinatura/tema-228.pdf");
        PKCS7Signer signer = PKCS7Factory.getInstance().factoryDefault();
        signer.setCertificates(certificateChain);
        signer.setPrivateKey(pKey);
        byte[] signed = signer.signer(documento);
        System.out.println(signed);
    }

    private byte[] getBytesFrom(String path) throws IOException {
        FileLoader loader = new FileLoader(path);
        File documento = loader.getFile();
        return FileUtils.readFileToByteArray(documento);
    }

    private void parseToken() throws Exception {
        char[] pin = Pin.PIN.toCharArray();
        Provider p = new sun.security.pkcs11.SunPKCS11(DRIVERS_CONFIG);
        Security.addProvider(p);
        KeyStore keyStore = KeyStore.getInstance("PKCS11", "SunPKCS11-Provedor");
        keyStore.load(null, pin);
        String alias = keyStore.aliases().nextElement();
        pKey = (PrivateKey) keyStore.getKey(alias, pin);
        certificateChain = keyStore.getCertificateChain(alias);
    }

}

1 answer

0


Last steps to solve the problem:

1) leave the same version (no pom) between the components Demoiselle-Certificate-Signer, Demoiselle-Certificate-ca-icpbrasil and Demoiselle-Certificate-ca-icpbrasil-homologation.

2) Select policy via API: signer.setSignaturePolicy(new ADRBCMS_2_1());

Browser other questions tagged

You are not signed in. Login or sign up in order to post.