java - XAdES4j verification certificate chain -

-

i have problem verify xades signatures in application uses xades4j api. try verify 2 singed files, 1.docx , 2.pdf. when verify 2.pdf exception

18:03:38.230 [http-listener-1(5)] error p.c.k.i.repository.pki.digitalsignverifierservice - invalid certification path.  xades4j.providers.cannotbuildcertificationpathexception: unable find valid certification path requested target     @ xades4j.providers.impl.pkixcertificatevalidationprovider.validate(pkixcertificatevalidationprovider.java:257) ~[xades4j-1.3.1.jar:na]     @ xades4j.verification.xadesverifierimpl.verify(xadesverifierimpl.java:175) ~[xades4j-1.3.1.jar:na]     @ pl.comp.kbf.services.ejb.repository.pki.digitalsignverifierserviceimpl.verifyfilesignature(digitalsignverifierserviceimpl.java:95) ~[kbfportalejb.jar/:na]     @ pl.comp.kbf.services.ejb.repository.pki.digitalsignverifierserviceimpl$proxy$_$$_weldclientproxy.verifyfilesignature(unknown source) [kbfportalejb.jar/:na]     @ pl.comp.kbf.portal.documents.registered.filesignaturebean.verifyxadessignature(filesignaturebean.java:210) [filesignaturebean.class:na]     @ pl.comp.kbf.portal.documents.registered.filesignaturebean.verifysignature(filesignaturebean.java:174) [filesignaturebean.class:na]     @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) ~[na:1.7.0_75]     @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:57) ~[na:1.7.0_75]     @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43) ~[na:1.7.0_75]     @ java.lang.reflect.method.invoke(method.java:606) ~[na:1.7.0_75]     @ com.sun.el.parser.astvalue.invoke(astvalue.java:289) [javax.el.jar:3.0.1-b03]     @ com.sun.el.methodexpressionimpl.invoke(methodexpressionimpl.java:304) [javax.el.jar:3.0.1-b03]     @ org.jboss.weld.util.el.forwardingmethodexpression.invoke(forwardingmethodexpression.java:40) [weld-osgi-bundle.jar:2014-06-18 10:59]     @ org.jboss.weld.el.weldmethodexpression.invoke(weldmethodexpression.java:50) [weld-osgi-bundle.jar:2014-06-18 10:59]     @ com.sun.faces.facelets.el.tagmethodexpression.invoke(tagmethodexpression.java:105) [javax.faces.jar:2.2.7]     @ javax.faces.component.methodbindingmethodexpressionadapter.invoke(methodbindingmethodexpressionadapter.java:87) [javax.faces.jar:2.2.7]     @ com.sun.faces.application.actionlistenerimpl.processaction(actionlistenerimpl.java:102) [javax.faces.jar:2.2.7]     @ javax.faces.component.uicommand.broadcast(uicommand.java:315) [javax.faces.jar:2.2.7]     @ javax.faces.component.uiviewroot.broadcastevents(uiviewroot.java:790) [javax.faces.jar:2.2.7]     @ javax.faces.component.uiviewroot.processapplication(uiviewroot.java:1282) [javax.faces.jar:2.2.7]     @ com.sun.faces.lifecycle.invokeapplicationphase.execute(invokeapplicationphase.java:81) [javax.faces.jar:2.2.7]     @ com.sun.faces.lifecycle.phase.dophase(phase.java:101) [javax.faces.jar:2.2.7]     @ com.sun.faces.lifecycle.lifecycleimpl.execute(lifecycleimpl.java:198) [javax.faces.jar:2.2.7]     @ javax.faces.webapp.facesservlet.service(facesservlet.java:646) [javax.faces.jar:2.2.7]     @ org.apache.catalina.core.standardwrapper.service(standardwrapper.java:1682) [web-core.jar:na]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:344) [web-core.jar:na]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:214) [web-core.jar:na]     @ org.primefaces.webapp.filter.fileuploadfilter.dofilter(fileuploadfilter.java:105) [primefaces-5.1.jar:5.1]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:256) [web-core.jar:na]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:214) [web-core.jar:na]     @ org.ocpsoft.rewrite.servlet.rewritefilter.dofilter(rewritefilter.java:205) [rewrite-servlet-2.0.12.final.jar:2.0.12.final]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:256) [web-core.jar:na]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:214) [web-core.jar:na]     @ org.apache.catalina.core.applicationdispatcher.doinvoke(applicationdispatcher.java:873) [web-core.jar:na]     @ org.apache.catalina.core.applicationdispatcher.invoke(applicationdispatcher.java:739) [web-core.jar:na]     @ org.apache.catalina.core.applicationdispatcher.processrequest(applicationdispatcher.java:575) [web-core.jar:na]     @ org.apache.catalina.core.applicationdispatcher.dodispatch(applicationdispatcher.java:546) [web-core.jar:na]     @ org.apache.catalina.core.applicationdispatcher.dispatch(applicationdispatcher.java:428) [web-core.jar:na]     @ org.apache.catalina.core.applicationdispatcher.forward(applicationdispatcher.java:378) [web-core.jar:na]     @ org.ocpsoft.rewrite.servlet.impl.httprewriteresulthandler.handleresult(httprewriteresulthandler.java:41) [rewrite-servlet-2.0.12.final.jar:2.0.12.final]     @ org.ocpsoft.rewrite.servlet.rewritefilter.rewrite(rewritefilter.java:268) [rewrite-servlet-2.0.12.final.jar:2.0.12.final]     @ org.ocpsoft.rewrite.servlet.rewritefilter.dofilter(rewritefilter.java:188) [rewrite-servlet-2.0.12.final.jar:2.0.12.final]     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:256) [web-core.jar:na]     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:214) [web-core.jar:na]     @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:316) [web-core.jar:na]     @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:160) [web-core.jar:na]     @ org.apache.catalina.core.standardpipeline.doinvoke(standardpipeline.java:734) [web-core.jar:na]     @ org.apache.catalina.core.standardpipeline.invoke(standardpipeline.java:673) [web-core.jar:na]     @ com.sun.enterprise.web.webpipeline.invoke(webpipeline.java:99) [web-glue.jar:na]     @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:174) [web-core.jar:na]     @ org.apache.catalina.connector.coyoteadapter.doservice(coyoteadapter.java:415) [web-core.jar:na]     @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:282) [web-core.jar:na]     @ com.sun.enterprise.v3.services.impl.containermapper$httphandlercallable.call(containermapper.java:459) [kernel.jar:na]     @ com.sun.enterprise.v3.services.impl.containermapper.service(containermapper.java:167) [kernel.jar:na]     @ org.glassfish.grizzly.http.server.httphandler.runservice(httphandler.java:201) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.http.server.httphandler.dohandle(httphandler.java:175) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.http.server.httpserverfilter.handleread(httpserverfilter.java:235) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.filterchain.executorresolver$9.execute(executorresolver.java:119) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.filterchain.defaultfilterchain.executefilter(defaultfilterchain.java:284) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.filterchain.defaultfilterchain.executechainpart(defaultfilterchain.java:201) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.filterchain.defaultfilterchain.execute(defaultfilterchain.java:133) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.filterchain.defaultfilterchain.process(defaultfilterchain.java:112) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.processorexecutor.execute(processorexecutor.java:77) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.nio.transport.tcpniotransport.fireioevent(tcpniotransport.java:561) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.strategies.abstractiostrategy.fireioevent(abstractiostrategy.java:112) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.strategies.workerthreadiostrategy.run0(workerthreadiostrategy.java:117) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.strategies.workerthreadiostrategy.access$100(workerthreadiostrategy.java:56) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.strategies.workerthreadiostrategy$workerthreadrunnable.run(workerthreadiostrategy.java:137) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.threadpool.abstractthreadpool$worker.dowork(abstractthreadpool.java:565) [nucleus-grizzly-all.jar:na]     @ org.glassfish.grizzly.threadpool.abstractthreadpool$worker.run(abstractthreadpool.java:545) [nucleus-grizzly-all.jar:na]     @ java.lang.thread.run(thread.java:745) [na:1.7.0_75] caused by: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target     @ sun.security.provider.certpath.suncertpathbuilder.enginebuild(suncertpathbuilder.java:196) ~[na:1.7.0_75]     @ java.security.cert.certpathbuilder.build(certpathbuilder.java:268) ~[na:1.7.0_75]     @ xades4j.providers.impl.pkixcertificatevalidationprovider.validate(pkixcertificatevalidationprovider.java:253) ~[xades4j-1.3.1.jar:na]     ... 70 common frames omitted

i know signature 2.pdf signed expired, want verify without exception... when verify not expired 1.docx in aplication verification successfull. try verify both files online , in 2 cases verification successfull. below want show certificate chain in 2 files.

1.docx

2.pdf

in first file put 1 .cer file java keystore , load file cert store. in second file put 2 .cer files, first , second element of chain. problem?

the built-in certificate verifier () you're using always defines verification date. should what's causing validation failure, since certificate not expire doesn't fail.

if need different behavior, should provide own certificatevalidationprovider , configure it on verification profile.

edit: if refer documentation, you'll see verification date supplied certificate verifier. date determined info in signature, namely timestamp may present.


Comments

Post a Comment

Popular posts from this blog

c# - Better 64-bit byte array hash -

-
i need hash algorithm produces 64-bit hash code ( long ) fewer collisions string.gethashcode() , fast (no expensive calls cryptographic functions). here's implementation of fnv still shows 3% of collisions after testing 2 million random strings. need number way lower. void main() { const string chars = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!#@$%^&*()_+}{\":?><,./;'[]0123456789\\"; const int n = 2000000; var random = new random(); var hashes = new hashset<long>(); int collisions = 0; for(int = 0; < n; i++) { var len = random.next(chars.length); var str = new char[len]; (int j = 0; j < len; j++) { str[j] = chars[random.next(chars.length)]; } var s = new string(str); if(!hashes.add(get64bithash( s ))) collisions++; } console.writeline("collision percentage after " + n + " random strings: " + ((doubl
Read more

webrtc - Which ICE candidate am I using and why? -

-
[questions in bold below] i have setup kurento media server 5.1.3 in datacenter behind firewall running os ubuntu 14.04. has 2 network cards: 222.222.222.222 (eth0 - private ip) 111.111.111.111 (eth1 - public ip) attached below sdp (setremotedescription) when browser connected kurento media server type: answer, sdp: v=0 o=- 5487318114793304426 0 in ip4 0.0.0.0 s=kurento media server c=in ip4 0.0.0.0 t=0 0 a=group:bundle audio video m=audio 59068 rtp/savpf 111 0 c=in ip4 111.111.111.111 a=rtpmap:111 opus/48000/2 a=rtpmap:0 pcmu/8000 a=sendrecv a=rtcp:59068 in ip4 111.111.111.111 a=rtcp-mux a=ssrc:669011897 cname:user39019747@host-6e83e4c2 a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=mid:audio b=as:20 a=ice-ufrag:ymdk a=ice-pwd:lylifk5ueqzpwm91ddj37e a=fingerprint:sha-256 ff:0f:81:8c:41:4e:b4:b6:c6:d8:36:f3:d6:5f:09:fd:5f:af:13:b3:9d:fc:12:66:ac:f3:56:d6:5b:0a:73:5d a=candidate:1 1 udp 2013266431 111.111.111.111 55239 typ host a=candidate:2 1 udp
Read more

php - Zend Framework / Skeleton-Application / Composer install issue -

-
i trying create zend framework application using skeleton in netbeans. when run composer install, following error message: "c:\php\php.exe" "c:\composer\composer.phar" "--ansi" "--no-interaction" "update" "--dev" using deprecated option "dev". dev packages installed default now. loading composer repositories package information updating dependencies (including require-dev) requirements not resolved installable set of packages. problem 1 - package requires php >=5.5 php version (5.4.42) not satisfy requirement. problem 2 - installation request zendframework/zendframework 2.5.1 -> satisfiable zendframework/zendframework[2.5.1]. - zendframework/zendframework 2.5.1 requires php >=5.5 -> php version (5.4.42) not satisfy requirement. done. apparently, zend framework only needs php 5.3+ contradicts above. need use php 5.4. my composer.json following: { "name": "
Read more