esig / dss-demonstrations Goto Github PK

Examples of DSS integration

License: GNU Lesser General Public License v2.1

Batchfile 0.05% Java 79.64% JavaScript 2.36% CSS 2.82% HTML 14.97% Dockerfile 0.16%

dss-demonstrations's Introduction

Demonstrations for DSS : Digital Signature Service

This is the demonstration repository for project DSS : https://ec.europa.eu/digital-building-blocks/wikis/display/DIGITAL/eSignature.

Issue Tracker

Please, use the new JIRA for project is on https://ec.europa.eu/digital-building-blocks/tracker/projects/DSS/issues.

Maven repository

The release of DSS is published on Maven Central repository :

https://central.sonatype.com/search?q=eu.europa.ec.joinup.sd-dss

Demonstration

The demonstration bundle is deployed at https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo

DSS Standalone Application

In order to build the standalone application, the following modules are required:

dss-standalone-app;
dss-standalone-package.

If the build is successful, you will be able to find out the following containers in the directory /dss-standalone-app-package/target/:

dss-standalone-app-package-minimal.zip - contains the application code. Requires JDK ad JavaFX installed on a target machine in order to run the application;
dss-standalone-app-package-complete.zip - contains the application code, as well as JDK and JavaFX library code. Can be run on a machine whithout pre-installed libraries.

In order to launch the application, you will need to extract the archive and run the file dss-run.bat.

DSS Web Application

To build the DSS Web Application the following modules are required:

dss-demo-webapp;
dss-demo-bundle.

After a successful build, in the directory /dss-demo-bundle/target/ you will be able to find out two containers: dss-demo-bundle.zip and dss-demo-bundle.tar.gz. Despite the container type, the content of both files is the same. After extracting the content, you will need to run the file Webapp-Startup.bat in order to launch the server and the file Webapp-Shutdown.bat to stop the server. After running the server, the web-application will be available at the address http://localhost:8080/.

JavaDoc

The JavaDoc is available on https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/apidocs/index.html

Ready-to-use bundles

Bundles which contain the above demonstration can be downloaded from the Maven repository.

The code of the demonstration can be found on https://ec.europa.eu/digital-building-blocks/code/projects/ESIG/repos/dss-demos/browse

dss-demonstrations's People

Contributors

Stargazers

Watchers

dss-demonstrations's Issues

Is it possible to add custom certificates to DSS' list of trusted certificates?

Hi! I'm using the DSS webapp's HTTP API as part of a prototypical platform to validate digitally signed PDF documents. The PDFs in question are signed outside of DSS and the signatures are based on a self-signed certificate, which I'd like to import into DSS' list of trusted certificates.

May I kindly ask you how this may be done? So far, I've tried adding to the java keystore via keytool to no avail, unfortunately.

Thank you.

Configuration of the demonstration webapp's ip and port

Hi. I'm trying to figure out how to configure the ip and port of the webapp's HTTP server.

I've followed the thread of the startup procedure and found that the file dss-demo-bundle-5.11.1/apache-tomcat-8.5.82/conf/server.xml can be used to set the port by changing the value in the <Connector> tag. Are there other methods exposed to configure the webserver?

In particular:

Is there a way to configure the port via environment variables? The configuration file makes automatic deployment of the webapp a little cumbersome, as the port has to be configured by in-file substitution of the port value.
Is there a way to configure the loopback ip address for the server to bind to? For example, is it possible to use 127.255.0.1 instead of ipv4 localhost?

peruvian TSL error xml

Hello,
I am trying to validate the TSL of Peru

https://iofe.indecopi.gob.pe/TSL/tsl-pe.xml

And I am using the online validation engine.

INFO | Thread-4 | eu.europa.esig.dss.tsl.job.TLValidationJob | Online refresh is running...
2021-07-13 12:26:08,458 INFO | Thread-4 | eu.europa.esig.dss.tsl.job.TLValidationJob | Running analysis for 1 TLSource(s)
2021-07-13 12:34:52,834 ERROR | pool-2-thread-1 | eu.europa.esig.dss.tsl.runnable.TLAnalysis | Cannot parse the TL with the cache key 'https___iofe_indecopi_gob_pe_TSL_tsl_pe_xml' : Unable to parse binaries. Reason : 'cvc-complex-type.4: El atributo 'lang' debe aparecer en el elemento 'tsl:URI'.'
2021-07-13 12:34:52,840 INFO | pool-2-thread-1 | eu.europa.esig.dss.validation.CommonCertificateVerifier | + New CommonCertificateVerifier created.

According to the error there is a problem with the content of the XML, which I do not understand since the Test that they have in their liberia dds-tsl-validation is already configured in the tsl-pe.xml.

I will be grateful if you help me know if I should pass any other parameter.

Online refresh with https://www.ssi.gouv.fr/uploads/tl-fr.xml raises [Received fatal alert: protocol_version]

When deploying and running I got a persistent error in regards to "France" from "EU List of the Trusted Lists"

It seems related to TLS 1.3 (only) at the server side, any hint to fix this?

Here my logs

01-Mar-2023 09:04:25.491 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.72
01-Mar-2023 09:04:25.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Feb 18 2023 09:25:13 UTC
01-Mar-2023 09:04:25.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.72.0
01-Mar-2023 09:04:25.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
01-Mar-2023 09:04:25.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            5.15.49-linuxkit
01-Mar-2023 09:04:25.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          aarch64
01-Mar-2023 09:04:25.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /opt/java/openjdk
01-Mar-2023 09:04:25.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           17.0.6+10
01-Mar-2023 09:04:25.494 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Eclipse Adoptium
01-Mar-2023 09:04:25.494 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
01-Mar-2023 09:04:25.494 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
01-Mar-2023 09:04:25.497 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
01-Mar-2023 09:04:25.497 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
01-Mar-2023 09:04:25.497 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util=ALL-UNNAMED
01-Mar-2023 09:04:25.497 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttps.protocols=TLSv1.1,TLSv1.2,TLSv1.3
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
01-Mar-2023 09:04:25.498 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
01-Mar-2023 09:04:25.500 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.36] using APR version [1.7.0].
01-Mar-2023 09:04:25.500 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
01-Mar-2023 09:04:25.500 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
01-Mar-2023 09:04:25.502 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022]
01-Mar-2023 09:04:25.608 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
01-Mar-2023 09:04:25.615 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [191] milliseconds
01-Mar-2023 09:04:25.628 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
01-Mar-2023 09:04:25.628 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.72]
01-Mar-2023 09:04:25.635 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/ROOT.war]
....
2023-03-01 09:04:39,494  INFO | pool-2-thread-1 | eu.europa.esig.dss.tsl.job.TLValidationJob              | Online refresh is running... 
2023-03-01 09:04:39,495  INFO | pool-2-thread-1 | eu.europa.esig.dss.tsl.job.TLValidationJob              | Running analysis for 1 LOTLSource(s) 
...
2023-03-01 09:04:41,930  INFO | pool-2-thread-1 | eu.europa.esig.dss.tsl.job.TLValidationJob              | Analysis is DONE for 1 LOTLSource(s) 
2023-03-01 09:04:41,934  INFO | pool-2-thread-1 | eu.europa.esig.dss.tsl.job.TLValidationJob              | Running analysis for 33 TLSource(s) 
2023-03-01 09:04:42,456 ERROR | pool-1-thread-14 | eu.europa.esig.dss.tsl.runnable.AbstractAnalysis        | Unable to process GET call for url [https://www.ssi.gouv.fr/uploads/tl-fr.xml]. Reason : [Received fatal alert: protocol_version]

Standalone application for Mac OS

Looking at the documentation available at link https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/signature-standalone it's clear that is available only a version for windows platform.
The application nonetheless is written in Java, so it should be independent from running platform.

In order to make it usable on Mac OS Ventura (13), with Chip M1, I downloaded the sources from repo and I tried to compile the project by myself, but I couldn't because the build failed.
In order to make it work I needed to perform the following steps, I hope this will be considered to be added into the README to help other people working with Mac OS.

Modify dss-standalone-app pom adding dss repositories:

	<repositories>
		<repository>
			<id>cefdigital-nexus</id>
			<url>https://ec.europa.eu/digital-building-blocks/artifact/content/repositories/esignaturedss</url>
		</repository>
	</repositories>

Increase java fx version:

	<properties>
		<javafx.version>19</javafx.version>
	</properties>

Add the dependency to java fx graphics

		<dependency>
			<groupId>org.openjfx</groupId>
			<artifactId>javafx-graphics</artifactId>
			<version>${javafx.version}</version>
		</dependency>

Download java fx 19 (I actually downloaded 20 because 19 produced a runtime error) from https://gluonhq.com/products/javafx/ setting (of course :-) ) MacOS as Operating System and unzip the file to get the folder javafx-sdk-20)
Build and package the application via maven, using java 11 to compile (In case you have another jdk installed, you can use jenv to switch from one jdk to another)

mvn clean install -pl dss-standalone-app -am -DskipTests=true -U
mvn clean install -pl dss-standalone-app-package -am -DskipTests=true -U

Using finder go to folder of module dss-standalone-app-package open target folder and unzip the file with complete version (at this moment is dss-standalone-app-package-5.12.RC1-complete-zip.zip) by double clicking on the file
Launch the application:

cd ./dss-standalone-app-package/target/dss-standalone-app-package-5.12.RC1-complete-zip
java --module-path ~/Downloads/javafx-sdk-20/lib --add-modules=javafx.fxml,javafx.controls -jar dss-app.jar

PDF_NOT_ETSI error while trying to verify a signature with DSS Validation Tool

Hello! I finally ended my PAdES signature creation using PDFNet and OPENSSL and it is recognized by Adobe PDF Reader, but I have a problem while trying to verify it is DSS validation tool. I received the following error:

and in the detailed version, I saw this problem:

I tried to compare the signature with one realised with DSS tool, but I was not able to see the difference between those 2.

I attach here both signatures decoded from DER using Cyberchef:
-my signature
my_signature.txt
-dss signature
dss_signature.txt

Could you help me?
Best Wishes,
Ionut Corbu

Add link to the official JavaDocs

Add a link to the official JavaDocs to the README.md

That way, you can locate the JavaDocs from only looking at the GitHub repo.

Thanks

Demo WebApp v5.7 is unable to produce T, LT, LTA signatures

I use SOAP webservice to sign files with DSS DemoWebapp v5.7. B level signatures are OK via webservice, but got error message, when try to create T, LT, LTA signatures. Example parameter set:

<digestAlgorithm>SHA256</digestAlgorithm>
<encryptionAlgorithm>RSA</encryptionAlgorithm>
<signatureLevel>XAdES_BASELINE_LT</signatureLevel>
<signaturePackaging>ENVELOPING</signaturePackaging>

Error message in Tomcat:

2020-09-30 07:34:36,812  INFO | http-nio-8080-exec-9 | e.e.e.d.w.s.common.Remote
DocumentSignatureServiceImpl   | SignDocument in process...
2020-09-30 07:34:36,827  INFO | http-nio-8080-exec-9 | eu.europa.esig.dss.xades.
signature.XAdESLevelBaselineT  | ====> Extending: IN MEMORY DOCUMENT
2020-09-30 07:34:36,831  INFO | http-nio-8080-exec-9 | eu.europa.esig.dss.valida
tion.CommonCertificateVerifier | + New CommonCertificateVerifier created.
2020-09-30 07:34:36,842  INFO | http-nio-8080-exec-9 | e.e.esig.dss.xades.valida
tion.XAdESCertificateSource    | +XAdESCertificateSource
2020-09-30 07:34:36,843  WARN | http-nio-8080-exec-9 | org.apache.xml.security.s
ignature.XMLSignature          | Signature verification failed.
2020-09-30 07:34:36,843  WARN | http-nio-8080-exec-9 | eu.europa.esig.dss.xades.
validation.XAdESSignature      | Determining signing certificate from certificat
e candidates list failed: [Certificate #1: Signature verification failed]
2020-09-30 07:34:36,853  WARN | http-nio-8080-exec-9 | org.apache.cxf.phase.Phas
eInterceptorChain              | Application {http://soap.signature.ws.dss.esig.
europa.eu/}SoapDocumentSignatureServiceImplService#{http://signature.dss.esig.eu
ropa.eu/}signDocument has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Cryptographic signature verification has faile
d / Certificate #1: Signature verification failed
        at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractIn
voker.java:162)
        at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.createFault(AbstractJ
AXWSMethodInvoker.java:267)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker
.java:128)
        at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSM
ethodInvoker.java:232)
        at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.jav
a:85)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker
.java:74)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInv
okerInterceptor.java:59)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:51
1)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInv
okerInterceptor.java:126)
        at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecu
tor.java:37)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(Se
rviceInvokerInterceptor.java:131)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
orChain.java:308)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainIniti
ationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(Abstract
HTTPDestination.java:267)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(
ServletController.java:234)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletCont
roller.java:208)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletCont
roller.java:160)
        at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpr
ingServlet.java:225)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Ab
stractHTTPServlet.java:301)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractH
TTPServlet.java:220)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(Abstract
HTTPServlet.java:276)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:320)
        at org.springframework.security.web.access.ExceptionTranslationFilter.do
Filter(ExceptionTranslationFilter.java:118)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.session.SessionManagementFilter.doFi
lter(SessionManagementFilter.java:137)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.authentication.AnonymousAuthenticati
onFilter.doFilter(AnonymousAuthenticationFilter.java:111)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.servletapi.SecurityContextHolderAwar
eRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.savedrequest.RequestCacheAwareFilter
.doFilter(RequestCacheAwareFilter.java:63)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.authentication.logout.LogoutFilter.d
oFilter(LogoutFilter.java:116)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.header.HeaderWriterFilter.doHeadersA
fter(HeaderWriterFilter.java:92)
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterIn
ternal(HeaderWriterFilter.java:77)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
equestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.context.SecurityContextPersistenceFi
lter.doFilter(SecurityContextPersistenceFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.context.request.async.WebAsyncManage
rIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
equestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
lterChainProxy.java:215)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
nProxy.java:178)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
elegatingFilterProxy.java:358)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
ingFilterProxy.java:271)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:543)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:81)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce
ssLogValve.java:690)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java
:615)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLig
ht.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(Abstract
Protocol.java:818)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpo
int.java:1627)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBas
e.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
read.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: eu.europa.esig.dss.model.DSSException: Cryptographic signature verifi
cation has failed / Certificate #1: Signature verification failed
        at eu.europa.esig.dss.xades.signature.ExtensionBuilder.assertSignatureVa
lid(ExtensionBuilder.java:138)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT.extendSignatur
eTag(XAdESLevelBaselineT.java:165)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineLT.extendSignatu
reTag(XAdESLevelBaselineLT.java:62)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT.extendSignatur
es(XAdESLevelBaselineT.java:141)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT.extendSignatur
es(XAdESLevelBaselineT.java:80)
        at eu.europa.esig.dss.xades.signature.XAdESService.signDocument(XAdESSer
vice.java:156)
        at eu.europa.esig.dss.xades.signature.XAdESService.signDocument(XAdESSer
vice.java:55)
        at eu.europa.esig.dss.ws.signature.common.RemoteDocumentSignatureService
Impl.signDocument(RemoteDocumentSignatureServiceImpl.java:157)
        at eu.europa.esig.dss.ws.signature.soap.SoapDocumentSignatureServiceImpl
.signDocument(SoapDocumentSignatureServiceImpl.java:48)
        at sun.reflect.GeneratedMethodAccessor384.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(Abst
ractInvoker.java:179)
        at org.apache.cxf.jaxws.JAXWSMethodInvoker.performInvocation(JAXWSMethod
Invoker.java:66)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker
.java:96)
        ... 70 common frames omitted
2020-09-30 07:34:36,855  INFO | http-nio-8080-exec-9 | o.a.cxf.services.SoapDocu
mentSignatureService.FAULT_OUT | FAULT_OUT
    Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:
b2bcdddf-cba3-4955-b901-42f5fbeb50d3"; start="<[email protected]>"; st
art-info="text/xml"
    ResponseCode: 500
    ExchangeId: 1cb2250b-fabb-40e1-89bd-aaed0194b36e
    ServiceName: SoapDocumentSignatureServiceImplService
    PortName: SoapDocumentSignatureServiceImplPort
    PortTypeName: SoapDocumentSignatureService
    Headers: {}
    Payload:
--uuid:b2bcdddf-cba3-4955-c451-42f5fbec50d3
Content-Type: application/xop+xml; charset=UTF-8; type="text/xml"
Content-Transfer-Encoding: binary
Content-ID: <[email protected]>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body
><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Cryptographic signat
ure verification has failed / Certificate #1: Signature verification failed</fau
ltstring></soap:Fault></soap:Body></soap:Envelope>

These are OK on UI side with use of NexU.

Please teach how to create the jar file of dss-spi-x509-aia, which is not included in central repository

I wanted to create war in the maven project AAA, in order to include AAA in Tomcat.

AAA includes DefaultAIASource and OnlineAIASource.

And, in DSS api, they are included in the Package eu.europa.esig.dss.spi.x509.aia
(https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/apidocs/eu/europa/esig/dss/spi/x509/aia/package-summary.html)

Therefore, I made the following pom.xml in AAA.

<dependency>
	<groupId>eu.europa.ec.joinup.sd-dss</groupId>
	<artifactId>dss-spi-x509-aia</artifactId>
	<version>5.8</version>
</dependency>

However Error occured.
It's because dss-spi-x509-aia is not included in Sonatype Nexus Repository (central repository).

By the way, Maven first searches dss-spi-x509-aia in the central repository, and
if dss-spi-x509-aia is not included in the central repository, then
maven searches dss-spi-x509-aia in the local .m2 repository.

Therefore I want to create the jar file of dss-spi-x509-aia in order to store it in the local .m2 repository.

However I don't know how to create the jar file of dss-spi-x509-aia.

Can anyone teach me how to create the jar file of dss-spi-x509-aia?

Thanks in advance.

satoruotsubo

Add Dockerfile

It would be essential to the developers to have a quickly deployable/testable Docker- or docker-compose file.

[Feature Request] Add a spring boot webapp alternative

In my working context, instead of a solution with spring mvc (which is still valid), a solution with a webapp built with spring boot is more "favored".

My request is to add a maven project "dss-demo-webapp-boot "for those who prefer this solution.

VIsible signature via REST API

Hi,
does the REST API support PAdES Visible Signature ?
if Yes, i'll really appreciate a hint,
If No, any suggestion that would help.

DSS demonstration tool not recognising OCSP response for signing cert

Hello!
I'm trying to add LTV enable for my signature in PDF so I'm doing OCSP requests for the signing certificate and for the TSA certificate. The signing certificate is emitted by a CA created locally and the OCSP response is provided by a OCSP server which is done with OpenSSL.
When I'm trying to verify the signature in DSS, only the response for TSA is recognized (probably, my CA is not in the trusted list). But I don't know why Adobe is not recognizing either the LTV-enable status if I put my CA in their trusted list.
Here is the report from DSS:
DSS-Detailed-report.pdf
and here is my
file_signed.pdf

I don't know if I encapsulated ok the Certs and OCSPs in DSS field and I'm afraid that this could be the problem.

Could anyone help me? Thank you a lot!

Last Nowina Nexu Not Detected on the DSS-Demonstrations Web Site

Hello,

on our project, we are trying to use the dss-demonstrations to sign a digest with CAdES, JAdES signature.

dss-demonstrations site installation is running find and web site is running also.

Problem happens when we go on the page "sign a digest" section, at the bottom we have the following message: "NexU not detected or not started !".

We have installed the Nowina Nexu software coming from the page "https://nowina.lu/solutions/java-less-browser-signing-nexu/"

When it is installed, I use the Nowina Demo "https://lab.nowina.solutions/nexu-demo/" and it works perfectly to sign a pdf with my Belgium eID card and an USB Reader. It works perfectly on a MAC (with Chrome) and on a Windows PC.

Problems happens when I use the dss-demonstrations app:

With Mac PC and Chrome browser, my USB reader is not detected, so it seems that your app is not integrating well with the Nexu driver app. "NexU not detected or not started !". But with Nowina demo app, it works perfectly.
With Windows PC, USB Reader is detected, but when I select signing with Cades of a digest, signing process start and then in the middle of the process it stop with error .

So we are unable to sign any digest with your des-demonstrations App. (same behaviour if we use the https://ec.europa.eu/cefdigital/DSS/webapp-demo/sign-a-digest)

How can we solve that issue?

Error access illegal - dss-token

Hello,
I come using dss-token in my application but it shows me a runtime error:

I have only been able to solve this error by adding in the JVM:

--add-modules javafx.controls,javafx.fxml,javafx.graphics,javafx.base --add-opens jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED --add-opens java.base/java.security=ALL-UNNAMED

Now that I try to generate my JAR that error persists.

The java version used: 11
DSS-token: 5.8
dss.framework.version: 5.8

Thanks for the help.

Demo WebApp Signature Extension service produces erroneous T and LTA signature extensions

When trying to use the “Extend a signature” feature with a PDF document containing a PAdES qualified electronic signature together with the levels PAdES-BASELINE-T or PAdES-BASELINE-LTA, the following messages appear when validating the signatures (also using Demo WebApp):

The certificate is not related to a TSA/QTST!
The result of the timestamps validation process is not conclusive!
The algorithm is no longer considered reliable!

Validating the signed document before extending the signature produces no errors.

Diagnostic XML files and detailed validation reports are available here.

Add a command line demostration app

Adding a new command line demostration app could help developers and industry.
Thank you.

DSS Demo WebApp SOAP interface is unable to validate XAdES with multi documents

I use DSS Demo WebApp v5.7 to sign documents with SOAP webservice. I signed a document with XAdES_BASELINE_LTA level, detached packaging and ASiC_S container type. I see following in getDataToSign response:

<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
<ds:Reference Id="r-id-2d34b1394fb5942a843b9d2a7393c29c-1" URI="package.zip"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>

After signing process the signed file is container-signed-xades-baseline-lta.scs, which contains a package.zip named file. I am not sure, why it is present in container instead of 2 standalone files. When I try to validate signed file with DSS Demo following error is shown:

Oops... An error occurred! Unable to close entry
In log:

2020-12-04 11:20:42,146 WARN | http-nio-8080-exec-4 | eu.europa.esig.dss.asic.c
ommon.ASiCUtils | ZIP container contains a malformed, corrupted or not accessible entry! The entry is skipped. Reason: [Unexpected end of ZLIB input stream]
2020-12-04 11:20:42,206 ERROR | http-nio-8080-exec-4 | e.europa.esig.dss.web.con
troller.GlobalExceptionHandler | Unhandled exception occurred : Unable to close
entry eu.europa.esig.dss.model.DSSException: Unable to close entry

REST API certificate chain error

Hi,
I'm trying to use the REST API to sign a document using the signature value obtained from NexU
the picture below shows the paylod i use;

i got a 500 Error, related to the parsing of the certificate chain

Disable logs from o.a.c.services.RestDocumentValidationServiceImpl

Hi, i'd like to know how to disable logs about file bytes when validating a file. At the moment this is the response i got calling the /validation/validateSignature endpoint. I dont want to show this. Is there a config file to turn off logs ? Thanks

2022-12-19 09:58:33,528  INFO | http-nio-8080-exec-1 | o.a.c.services.RestDocumentValidationServiceImpl.REQ_IN | REQ_IN
    Address: http://localhost:8080/services/rest/validation/validateSignature
    HttpMethod: POST
    Content-Type: application/json
    ExchangeId: 7fb0f07d-d55f-4610-9d89-9011f6eca5cb
    Headers: {Accept=*/*, postman-token=fb1b7017-f5b3-4bde-a716-b4a8b5cb060f, host=localhost:8080, connection=keep-alive, content-type=application/json, Content-Length=1106, accept-encoding=gzip, deflate, br, user-agent=PostmanRuntime/7.29.2}
    Payload: {
    "signedDocument": {
        "name": "test.pdf",
        "bytes": "JVBERi0xLjQKJdPr6eEKMSAwIG9iago8PC9UaXRsZSAocGlwcG8pCi9Qcm9kdWNlciAoU2tpYS9QREYgbTExMCBHb29nbGUgRG9jcyBSZW5kZXJlcik+PgplbmRvYmoKMyAwIG9iago8PC9jYSAxCi9CTSAvTm9ybWFsPj4KZW5kb2JqCjQgMCBvYmoKPDwvTGVuZ3RoIDg0Pj4gc3RyZWFtCjEgMCAwIC0xIDAgNzkyIGNtCnEKLjc1IDAgMCAuNzUgMCAwIGNtCjEgMSAxIFJHIDEgMSAxIHJnCi9HMyBncwowIDAgODE2IDEwNTYgcmUKZgpRCgplbmRzdHJlYW0KZW5kb2JqCjIgMCBvYmoKPDwvVHlwZSAvUGFnZQovUmVzb3VyY2VzIDw8L1Byb2NTZXQgWy9QREYgL1RleHQgL0ltYWdlQiAvSW1hZ2VDIC9JbWFnZUldCi9FeHRHU3RhdGUgPDwvRzMgMyAwIFI+Pj4+Ci9NZWRpYUJveCBbMCAwIDYxMiA3OTJdCi9Db250ZW50cyA0IDAgUgovU3RydWN0UGFyZW50cyAwCi9QYXJlbnQgNSAwIFI+PgplbmRvYmoKNSAwIG9iago8PC9UeXBlIC9QYWdlcwovQ291bnQgM="
    }
}

Failure to find iaik:iaik_jce_me4se:pom:3.05

I get following error when execute Maven package phase.

Failure to find iaik:iaik_jce_me4se:pom:3.05 in https://apps.egiz.gv.at/maven/ was cached in the local repository, resolution will not be reattempted until the update interval of E-Government Innovationszentrum - EGIZ has elapsed or updates are forced

Is it possible to create PAdES-B-LT and PAdES-B-LTA documents via REST API?

Hello,
I am using the "DSS Demonstrations - Version 5.11" and trying to create PAdES-B-LT and PAdES-B-LTA documents with remote signature and remote timestamping from freetsa.org via rest-api.

PADES-B remote signatures can be easily created by calling "/signature/one-document/getDataToSign" and "/signature/one-document/signDocument".

Is it possible to use the REST API to create PAdES-B-LT and PAdES-B-LTA Documents with remote timestamps and remote OCSP calls?

Best Regards

Error compiling the demo

Demonstration site is down

Demonstration at https://joinup.ec.europa.eu/sd-dss/webapp-demo/home is unavailable now.

Is there a new location?

Visible Signature via RestAPI

Hi
when I sign a document via restAPI including the ImageParameters section the produced file reports that the document has been modified.

POST - /services/rest/signature/one-document/signDocument

"imageParameters" : {
  "alignmentHorizontal" : null,
  "alignmentVertical" : null,
  "imageScaling" : null,
  "backgroundColor" : null,
  "dpi" : null,
  "image" : null,
  "rotation" : null,
  "fieldParameters" : {
    "fieldId" : null,
    "originX" : 400,
    "originY" : 750,
    "width" : 60.0,
    "height" : 30.0,
    "page" : 1
  },
  "textParameters" : {
    "backgroundColor" : {
      "red" : 255,
      "green" : 255,
      "blue" : 255,
      "alpha" : 255
    },
    "font" : null,
    "textWrapping" : "FILL_BOX_AND_LINEBREAK",
    "padding" : null,
    "signerTextHorizontalAlignment" : "CENTER",
    "signerTextVerticalAlignment" : null,
    "signerTextPosition" : "TOP",
    "size" : 12,
    "text" : "Firmato digitalmente",
    "textColor" : {
      "red" : 0,
      "green" : 0,
      "blue" : 255,
      "alpha" : 255
    }
  },
  "zoom" : null
},

If i remove the ImageParameters section it works!

Please teach how to create the jar file of dss-spi-x509-aia, which is not included in central repository

I wanted to create war in the maven project AAA, in order to include AAA in Tomcat.

AAA includes DefaultAIASource and OnlineAIASource.

Therefore, I made the following pom.xml in AAA.

<dependency>
	<groupId>eu.europa.ec.joinup.sd-dss</groupId>
	<artifactId>dss-spi-x509-aia</artifactId>
	<version>5.8</version>
</dependency>

However Error occured.
It's because dss-spi-x509-aia is not included in Sonatype Nexus Repository (central repository).

Therefore I want to create the jar file of dss-spi-x509-aia in order to store it in the local .m2 repository.

However I don't know how to create the jar file of dss-spi-x509-aia.

Can anyone teach me how to create the jar file of dss-spi-x509-aia?

Thanks in advance.

NexU not detected or not started ! Download the open source version of NexU (more info)

https://ec.europa.eu/cefdigital/DSS/webapp-demo/sign-a-pdf

SigningCertificateV2 error in DSS verification

Hello! I'm trying to develop an API for PAdES Signatures using OpenSSL and I have an issue while adding signingCertificatev2 attribute which is required by PAdES standard. The slice of code where i work with signing certificate is this one:

ESS_SIGNING_CERT_V2* signing_cert = OSSL_ESS_signing_cert_v2_new_init(EVP_get_digestbyname(this->hash_type.c_str()), this->x509_cert, this->x509_chain, -1);

	int len_sign_cert = i2d_ESS_SIGNING_CERT_V2(signing_cert, NULL);

	unsigned char* encoded_data = (unsigned char*)malloc(len_sign_cert * sizeof(unsigned char));
	unsigned char* copy = encoded_data;
	i2d_ESS_SIGNING_CERT_V2(signing_cert, &encoded_data);

	ASN1_OCTET_STRING* octet_string = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(octet_string, copy, len_sign_cert);

	PKCS7_add_signed_attribute(p7Si, NID_id_smime_aa_signingCertificateV2, V_ASN1_OCTET_STRING, octet_string);

Now, the issue is that my signature is recognized by FoxitReader, but not by AdobeReader. The error that I encounter is this one:

In FoxitReader, the signature does not have any problem:

Using DSS Verification I obtained the following results:

The strange thing is that I can find the signingcertificatev2 field in the signature when I use cyberchef:

I was thinking that maybe I'm using wrong ESS_SIGNING_CERT_V2.
I attach the signature prettified with Cyberchef after decoding DER.
decoded asn1_signature.txt

I attach here also the report of DSS:
DSS-Detailed-report.pdf

I used a GemBox PKCS12 for testing.

Could you help me?
Best Wishes,
Ionut Corbu

Failure to find eu.europa.ec.joinup.sd-dss:dss-demo-webapp:war:5.5

I'm trying to build the example projects but I'm failing to do so because of the missing file -jar dependencies. The files are not in the Maven CEF neither can I find them anywhere else on the internet.

#6 @pvandenbroucke mentioned that the files are are manually uploaded. Where can I find them and how do I link them to my project?

Cheers!

Sign visible PDF with text and image error

I am making use of part of the code that is in this link:
https://github.com/esig/dss-demonstrations/blob/master/dss-rest-doc-generation/src/test/java/eu/europa/esig/dss/web/ws/RestDocumentationApp.java

Where is part of the code:

is generating the following error:

We are using the following version of the library:

I will appreciate a solution

Failure to find eu.europa.ec.joinup.sd-dss:dss-mock-tsa:jar:5.4

I added this repository to pom file, but unable to compile with following error message:

[ERROR] Failed to execute goal on project dss-demo-webapp: Could not resolve dependencies for project eu.europa.ec.joinup.sd-dss:dss-demo-webapp:war:5.4: Failure to find eu.europa.ec.joinup.sd-dss:dss-mock-tsa:jar:5.4 in https://ec.europa.eu/cefdigital/artifact/content/repositories/esignaturedss/ was cached in the local repository, resolution will not be reattempted until the update interval of cefdigital has elapsed or updates are forced

Failed to Import candidates for Configuration class in CXFConfig When running in a docker tomcat container

So i'm trying to run DSS in a tomcat container. Upon booting up the image it runs into the following exception:

tomcat | 2021-06-17 09:45:49,643 INFO | main | o.s.w.c.support.AnnotationConfigWebApplicationContext | Registering annotated classes: [class eu.europa.esig.dss.web.config.DSSBeanConfig] tomcat | 2021-06-17 09:45:49,771 INFO | main | o.s.context.annotation.ConfigurationClassParser | Properties location [classpath:dss-custom.properties] not resolvable: class path resource [dss-custom.properties] cannot be opened because it does not exist tomcat | 2021-06-17 09:45:49,783 WARN | main | o.s.w.c.support.AnnotationConfigWebApplicationContext | Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [eu.europa.esig.dss.web.config.DSSBeanConfig]; nested exception is java.lang.IllegalStateException: Failed to introspect annotated methods on class eu.europa.esig.dss.web.config.CXFConfig tomcat | 2021-06-17 09:45:49,797 ERROR | main | org.springframework.web.context.ContextLoader | Context initialization failed tomcat | org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [eu.europa.esig.dss.web.config.DSSBeanConfig]; nested exception is java.lang.IllegalStateException: Failed to introspect annotated methods on class eu.europa.esig.dss.web.config.CXFConfig tomcat | at org.springframework.context.annotation.ConfigurationClassParser.processImports(ConfigurationClassParser.java:621) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.doProcessConfigurationClass(ConfigurationClassParser.java:304) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.processConfigurationClass(ConfigurationClassParser.java:247) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.parse(ConfigurationClassParser.java:200) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.parse(ConfigurationClassParser.java:169) tomcat | at org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:308) tomcat | at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanDefinitionRegistry(ConfigurationClassPostProcessor.java:228) tomcat | at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:272) tomcat | at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:92) tomcat | at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687) tomcat | at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525) tomcat | at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443) tomcat | at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325) tomcat | at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) tomcat | at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4714) tomcat | at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5172) tomcat | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) tomcat | at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) tomcat | at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) tomcat | at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:692) tomcat | at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1184) tomcat | at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1925) tomcat | at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) tomcat | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) tomcat | at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) tomcat | at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118) tomcat | at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1094) tomcat | at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:476) tomcat | at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1611) tomcat | at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:319) tomcat | at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) tomcat | at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) tomcat | at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) tomcat | at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) tomcat | at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:829) tomcat | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) tomcat | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) tomcat | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) tomcat | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) tomcat | at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) tomcat | at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140) tomcat | at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) tomcat | at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) tomcat | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) tomcat | at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) tomcat | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) tomcat | at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) tomcat | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) tomcat | at org.apache.catalina.startup.Catalina.start(Catalina.java:772) tomcat | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) tomcat | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) tomcat | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) tomcat | at java.base/java.lang.reflect.Method.invoke(Method.java:566) tomcat | at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:342) tomcat | at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) tomcat | Caused by: java.lang.IllegalStateException: Failed to introspect annotated methods on class eu.europa.esig.dss.web.config.CXFConfig tomcat | at org.springframework.core.type.StandardAnnotationMetadata.getAnnotatedMethods(StandardAnnotationMetadata.java:163) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.retrieveBeanMethodMetadata(ConfigurationClassParser.java:385) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.doProcessConfigurationClass(ConfigurationClassParser.java:319) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.processConfigurationClass(ConfigurationClassParser.java:247) tomcat | at org.springframework.context.annotation.ConfigurationClassParser.processImports(ConfigurationClassParser.java:611) tomcat | ... 54 common frames omitted tomcat | Caused by: java.lang.NoClassDefFoundError: javax/xml/ws/Endpoint tomcat | at java.base/java.lang.Class.getDeclaredMethods0(Native Method) tomcat | at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3166) tomcat | at java.base/java.lang.Class.getDeclaredMethods(Class.java:2309) tomcat | at org.springframework.core.type.StandardAnnotationMetadata.getAnnotatedMethods(StandardAnnotationMetadata.java:152) tomcat | ... 58 common frames omitted tomcat | Caused by: java.lang.ClassNotFoundException: javax.xml.ws.Endpoint tomcat | at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1364) tomcat | at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1187) tomcat | ... 62 common frames omitted tomcat | 17-Jun-2021 09:45:49.810 SEVERE [main] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed to start. Full details will be found in the appropriate container log file tomcat | 17-Jun-2021 09:45:49.811 SEVERE [main] org.apache.catalina.core.StandardContext.startInternal Context [/dss] startup failed due to previous errors tomcat | 17-Jun-2021 09:45:49.898 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/dss] has finished in [4,111] ms

fileCacheDataLoader has no 'proxyPreferenceManager' property

Hi Pierrick,

we have our own webapp. While searching the issue i mentioned here: esig/dss#66 i compiled the demo and it has also a problem with the latest changed. Just wanted to mention.

fileCacheDataLoader has no 'proxyPreferenceManager' property

cheers

16:24:46.161 [main] WARN  o.s.c.s.GenericApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name        'fileCacheDataLoader' defined in class path resource [spring/applicationContext-core.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'proxyPreferenceManager' of bean class [eu.europa.esig.dss.client.http.commons.FileCacheDataLoader]: Bean property 'proxyPreferenceManager' is not writable or has an invalid setter method. Does the parameter type of the setter match the return        type of the getter?
16:24:46.161 [main] ERROR o.s.test.context.TestContextManager - Caught exception while allowing TestExecutionListener [org.springframework.test.context.support.DependencyInjectionTestExecutionListener@479885d] to prepare test inst       ance [eu.europa.esig.dss.web.service.XSLTServiceTest@41ad5874]
java.lang.IllegalStateException: Failed to load ApplicationContext
        at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContext(DefaultCacheAwareContextLoaderDelegate.java:124)
        at org.springframework.test.context.support.DefaultTestContext.getApplicationContext(DefaultTestContext.java:83)
        at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:117)
        at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.prepareTestInstance(DependencyInjectionTestExecutionListener.java:83)
        at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:230)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:228)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner$1.runReflectiveCall(SpringJUnit4ClassRunner.java:287)
        at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.methodBlock(SpringJUnit4ClassRunner.java:289)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:247)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:94)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
        at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
        at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:191)
        at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:252)
        at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:141)
        at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
        at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
        at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
        at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
        at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)

Cannot resolve at.gv.egiz:smcc:1.3.30

I am trying to compile the mocca-adapter module but at.gv.egiz:smcc dependency cannot be found. After manually browsing the repository at https://apps.egiz.gv.at/maven/at/gv/egiz/ I see that such dependency does not exist there.

Error when validating PDF file

When i try to validate the signatures on a PDF file inside the function SignedDocumentValidator.fromDocument(signedDocument) i got the following error Document format not recognized/handled.
More precisely the program fails with the byte check in getAsn1Encodable(). My file first tagByte is 37 and the desired value is 48.
How can i solve this problem ?

Is there a nice tutorial somewhere?

Hi,

I see tons of code everywhere and lengthly documentations.

However, what I miss is a simple example of how to use the DSS library. Something a little code snippet showing how to actually digitally sign a pdf for example. Could you please point me in the right direction?

I think basic usage examples of the library would be a great addition to the README.

Use additional trusted certificates in DSS DemoWebapp

I use following code in DSSBeanConfig to add additional trusted certificates to validate files, which was signed with test certificates.

  @Bean
    public CommonTrustedCertificateSource myListSource() {
        CommonTrustedCertificateSource trustedListsCertificateSource = new CommonTrustedCertificateSource();
        try {
            KeyStoreCertificateSource customKeystore = new KeyStoreCertificateSource(new File("C:\\certs\\Additional_trusted_TEST_certificates.jks"), KeyStore.getDefaultType(), "<mypass>");
            trustedListsCertificateSource.importAsTrusted(customKeystore);
        } catch (IOException e) {  }
        return trustedListsCertificateSource;
    }

    @Bean
    public CertificateVerifier certificateVerifier() {
        CommonCertificateVerifier certificateVerifier = new CommonCertificateVerifier();
        certificateVerifier.setCrlSource(new OnlineCRLSource());
        certificateVerifier.setOcspSource(onlineOcspSource());
        certificateVerifier.setAIASource(cachedAIASource());
        certificateVerifier.setTrustedCertSources(trustedListSource(), myListSource());

        // Default configs
        certificateVerifier.setAlertOnMissingRevocationData(new ExceptionOnStatusAlert());
        certificateVerifier.setCheckRevocationForUntrustedChains(false);

        return certificateVerifier;
    }

Indication is TOTAL_PASSED in validation result, but Qualification Details is "Unable to build a certificate chain up to a trusted list!"