AutoFirma ins and outs (2). Minimum configuration to run SimpleAfirma.java class from package es.gob.afirma.standalone. pkcs11

0. Introduction

This file is in the subproject afirma-simple

1. Convert pom.xml to build.gradle

Here is the basic build.gradle file, that only needs to define dependencies as in the parent project we have defined the tasks and other definitions 

//============================BEGIN=======================================================

dependencies {
    /* Library dependencies part */
    api libs.junit

    /* Project dependencies part */
    api (project(":afirma-core")) 
    
}

//==================================END=================================================

The yellow marked code is the one you must change or add elements

Let's see the pom.xml from the project "afirma-crypto-ooxml"

//============================BEGIN=======================================================

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

    <modelVersion>4.0.0</modelVersion>
    <artifactId>afirma-crypto-ooxml</artifactId>
    <packaging>jar</packaging>

    <name>afirma-crypto-ooxml</name>
    <description>Modulo para la generacion de firmas OOXML</description>

    <parent>
        <groupId>es.gob.afirma</groupId>
        <artifactId>afirma-client</artifactId>
        <version>1.7.2</version>
    </parent>
    
    <dependencies>

        <dependency>
            <groupId>es.gob.afirma</groupId>
            <artifactId>afirma-core</artifactId>
            <version>${clienteafirma.version}</version>
        </dependency>

        <dependency>
            <groupId>es.gob.afirma</groupId>
            <artifactId>afirma-crypto-xades</artifactId>
            <version>${clienteafirma.version}</version>
        </dependency>
        
        <dependency>
            <groupId>es.gob.afirma</groupId>
            <artifactId>afirma-crypto-xmlsignature</artifactId>
            <version>${clienteafirma.version}</version>
        </dependency>

        <dependency>
              <groupId>es.uji.crypto.xades</groupId>
              <artifactId>jxades</artifactId>
        </dependency>
        
    </dependencies>
</project>

//==================================END=================================================

In this pom.xml we can see these elements:

nameafirma-crypto-ooxml

library dependenciesjxades     

project dependencies:  afirma-core , afirma-crypto-xades , afirma-crypto-xmlsignature   

Then the build.xml created from this pom.xml (note the colors) will be:

//==================================BEGIN=================================================


dependencies {
     /* AutoFirma */
    api libs.junit
    api libs.jxades            
        
    api (project(":afirma-core")) 
    api (project(":afirma-crypto-xades")) 
    api (project(":afirma-crypto-xmlsignature")) 
}


//==================================END=================================================


3. Downloading the project

I have modified some sources and added some dependencies.

Use this link to download the project.

4. Notes

1. The main class is in the project "afirma-simple"

afirma-simple/src/main/java/es/gob/afirma/standalone/SimpleAfirma.java


2. Some extra dependencies have been added to some projects (afirma-core)

In afirma-core:

implementation 'xerces:xercesImpl:2.12.2'


3. Some classes have been modified:

In afirma-crypto-xades:

afirma-crypto-xades/src/main/java/es/gob/afirma/signers/xades/XAdESUtil.java

lines 95, 96, and 97 have been commented

//============================BEGIN=======================================================

static {
        SECURE_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
        try {
            SECURE_BUILDER_FACTORY.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE.booleanValue());

            // Los siguientes atributos deberia establececerlos automaticamente la implementacion de
            // la biblioteca al habilitar la caracteristica anterior. Por si acaso, los establecemos
            // expresamente
            //SECURE_BUILDER_FACTORY.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
            //SECURE_BUILDER_FACTORY.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); //$NON-NLS-1$
            //SECURE_BUILDER_FACTORY.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); //$NON-NLS-1$        }
        }
        catch (final Exception e) {
            LOGGER.log(Level.SEVERE, "No se ha podido establecer la propiedad de seguridad en la factoria XML", e); //$NON-NLS-1$
        }
//==================================END=================================================

4. There is a text for windows only that has been commented as it does not run on Linux.

5. Execution

First, compile it (build)


The run the class 

afirma-simple/src/main/java/es/gob/afirma/standalone/SimpleAfirma.java

in Eclipse passing no arguments (gui mode) or  these ones (Run-as > Run Configurations




sign -i /home/eduard/prova_decrets/V1/2021/ES_L01462384_2021_DOC_RESOLUCIO_0001.pdf -o /home/eduard/prova_decrets/V1/2021/ES_L01462384_2021_DOC_RESOLUCIO_0001_FIRMA_XADES_PROVA_CAGADA_EDU20230119.xsig -format xades -store pkcs12:/home/eduard/WORKSPACES/WS_GRDL01/Ajuntament/X04-IF08/src/main/resources/certs/MY_CERT.ep_1650458863958.p12 -alias epn1 -password MY_PASSWORD -config "format=XAdES Detached"


5. Using pkcs11 (smart cards)

In this post, there are instructions for using smart cards or pkcs11. Basically follow these instructions for using smartcards in Ubuntu 18

a. Open keystore explorer and select File > Open Special > Open PKCS#11 


Select the library  /usr/lib/lib/libaetpkss.so  


and shows the certificates' aliases


So, our certificate will be referenced by

-store pkcs11:/usr/lib/libaetpkss.so -alias EPN1 -password myPassword

And the params to pass toAutofirma will be

sign  -i fileToSign.pdf -o signatureFile.xsig -format xades -config "mode=implicit" -store pkcs11:/usr/lib/libaetpkss.so -alias EPN1 -password myPassword

















Comments

Popular posts from this blog

ORVE WS (Dynamic) (4) Jackson XML mapper

ENI (1) ENI Document OR the Spanish Electronic Administration Mafia

ORVE WS (Dynamic) (12) Defiining the control tables