martes, 28 de agosto de 2018

Certificados y Java (I). Manejar certificados PKCS#11 (Smart Card) y PKCS12 (fichero .p12)

0. Introducción


Nuestro objetivo es poder firmar un fichero. Para ello, debemos tener un certificado a mano para poder firmar.

Veamos como leemos un certificado de tarjeta (Smart Card) tipo PKSC#11

Para ello debemos tener instalado correctamente el certificado digital. En una entrada anterior se instaló el lector de tarjetas Zoweetek y una tarjeta de la ACCV.


1. Creamos un proyecto Maven


En Eclipse File-New-Other-MavenProject y marcamos "Create a simple project (skip archetype selection) y Next

Elegimos:

  • Group Id: org.ximodante
  • Artificact Id: JavaCertificates
Y lo demás por omisión y Finish
Vamos al pom.xml y le añadimos las librería que nos hacen falta, quedando así:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>org.ximodante</groupId>
  <artifactId>JavaCertificates</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  
  <properties>
    <failOnMissingWebXml>false</failOnMissingWebXml>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <maven.compiler.plugin>3.8.0</maven.compiler.plugin>
    <maven.compiler.source>10</maven.compiler.source>
    <maven.compiler.target>10</maven.compiler.target>
    <bouncycastle.version>1.60</bouncycastle.version>
    <apache.pdfbox.version>2.0.11</apache.pdfbox.version>
  
  </properties>
  
  <dependencies>
    
    <!-- 1. PDFBOX para majejar PDFs -->    
    <!-- https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox -->
    <dependency>
      <groupId>org.apache.pdfbox</groupId>
      <artifactId>pdfbox</artifactId>
      <version>${apache.pdfbox.version}</version>
    </dependency>
    
    <!-- 2. XMPBOX para majejar XMP (Abobe extensible metadata) -->    
    <!-- https://mvnrepository.com/artifact/org.apache.pdfbox/xmpbox -->
    <dependency>
      <groupId>org.apache.pdfbox</groupId>
      <artifactId>xmpbox</artifactId>
      <version>${apache.pdfbox.version}</version>
    </dependency>
    
    
    <!-- 3. BOUNCYCASTLE para manejar todo el tema de certificados -->    
    <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
      <version>${bouncycastle.version}</version>
    </dependency>
    
    <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk15on -->
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcmail-jdk15on</artifactId>
       <version>${bouncycastle.version}</version>
    </dependency>
    
        
  </dependencies>
  
</project>

NOTA: Para este primer post, solo nos interesan las librería BouncyCastle.


2. Clase abstacta para el manejo de certificados


Creamos una clase llamada PKCSUtils


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
package org.ximodante.certificatemanagers;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;

public class PKCSUtils {
 
 
 public static String[][] CARD_DRIVERS = 
  new String[][] 
   { {"WIN_G&D","c:\\windows\\system32\\aetpkss1.dll"},
     {"WIN_SIEMENS_OLD","c:\\windows\\system32\\siecap11.dll"},
     {"UNIX_G&D","/usr/lib/libaetpkss.so.3"}
   };
    
 public static OsTypes getOsType() {
  String OSName=System.getProperty("os.name").toLowerCase();
  if (OSName.indexOf("win") >= 0 ) return OsTypes.WINDOWS;
  else if (OSName.indexOf("nix") >= 0 || OSName.indexOf("nux") >= 0 || OSName.indexOf("aix") > 0 ) return OsTypes.UNIX;
  else if (OSName.indexOf("mac") >= 0 ) return OsTypes.MAC;
  else return OsTypes.ERROR;
 }
 
 public static String getJavaVersion() {
  return System.getProperty("java.version");
 }
 
 /**
  * Return location of the Smart Card driver. It is indicated in CARD_DRIVERS
  * 
  * example call: getPKCS11ConfigString("UNIX_G&D")
  * 
  * @param smartCardDriverdriver
  * @return
  */
 public static String getPKCS11ConfigString(String smartCardDriverdriver) {
  // See See https://stackoverflow.com/a/46524444/7704658 to indicate not a file but the content of the configuration
  // a prefix= "--" is used to know it is not a file name
  String PKCS11CfgStr="";
  if (!getJavaVersion().startsWith("1.")) PKCS11CfgStr="-- ";
  PKCS11CfgStr=PKCS11CfgStr + "name = SmartCard"; 
  boolean found=false;
  for (String[] as: CARD_DRIVERS) {
   if (as[0].equalsIgnoreCase(smartCardDriverdriver) && !found) { 
    PKCS11CfgStr= PKCS11CfgStr + "\n library = " + as[1];
    found=true;
   }
  } 
  
  if (!found) throw new java.lang.RuntimeException("Driver name: " + smartCardDriverdriver + " NOT FOUND in PKCS11Utils.CARD_DRIVERS");
        return PKCS11CfgStr;
 }
 
 /**
  * Get a Keystore from a PKCS11 Certificate (Smart Card)
  * 
  * Example call
  *    getPKCS11KeyStore("UNIX_G&D", "mySmartCardPassword")
  *    
  * @param smartCardDriver : Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword
  * @return a Java KeyStore
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException 
  * @throws SecurityException 
  * @throws NoSuchMethodException 
  * @throws InvocationTargetException 
  * @throws IllegalArgumentException 
  * @throws IllegalAccessException 
  * @throws InstantiationException 
  */
 public static KeyStore getPKCS11KeyStore(String smartCardDriver, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  
  String pkcs11config=getPKCS11ConfigString(smartCardDriver);
  Provider pkcs11Provider = null;
  
  // As the class does not exists in Java 9 +, we will construct it by reflection or the compiler crashes
  if (getJavaVersion().startsWith("1.")) {
   byte[] pkcs11configBytes = pkcs11config.getBytes();
   ByteArrayInputStream configStream =  new ByteArrayInputStream(pkcs11configBytes);
   Class<?> plcs11Class = Class.forName("sun.security.pkcs11.SunPKCS11");
   Constructor<?> constructor = plcs11Class.getConstructor(new Class[]{ByteArrayInputStream.class}); 
   pkcs11Provider = (Provider) constructor.newInstance(configStream);
  
  // For JaVA 9+
  } else {
   pkcs11Provider = Security.getProvider("SunPKCS11");
   pkcs11Provider = pkcs11Provider.configure(pkcs11config);
  }  
  Security.addProvider(pkcs11Provider); 
         
  KeyStore ks = KeyStore.getInstance("PKCS11", pkcs11Provider);
  ks.load(null, CertificatePassword.toCharArray());
  
  return ks;
 }
 
 /**
  * 
  * @param certURL : The full name of the file for instance: "/home/myuser/certs/mycert.p12"
  * @param CertificatePassword: for instance "MyPassword"
  * @return a Java Keystore
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws FileNotFoundException
  * @throws IOException
  */
    public static KeyStore getPKCS12KeyStore(String certURL, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
     KeyStore ks = KeyStore.getInstance("PKCS12");
     if (CertificatePassword.length()>0) ks.load(new FileInputStream(certURL), CertificatePassword.toCharArray());
     else ks.load(new FileInputStream(certURL), null);
  return ks;
 }
 
    /**
     * Get the certificate chain from a java keystore
     * @param ks
     * @return
     * @throws KeyStoreException
     */
 public static Certificate[] getCertificateChain(KeyStore ks) throws KeyStoreException {
  String alias = (String) ks.aliases().nextElement();
  Certificate[] myCertChain = ks.getCertificateChain(alias);
  return myCertChain;
 }
 
 /**
  * Get the certificate chain from the parameter to access a Java Smart Card certificate
  * @param smartCardDriver Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword is the Smart Card Certificate
  * @return the certificate chain
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException
  * @throws NoSuchMethodException
  * @throws SecurityException
  * @throws InstantiationException
  * @throws IllegalAccessException
  * @throws IllegalArgumentException
  * @throws InvocationTargetException
  */
 public static Certificate[] getPKCS11CertificateChain(String smartCardDriver, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException   {
  KeyStore ks = getPKCS11KeyStore(smartCardDriver, CertificatePassword);
  return getCertificateChain(ks);
 }
 
    /**
     * get the alias of keystore
     * @param ks
     * @return
     * @throws KeyStoreException
     */
 public static String getCertAlias(KeyStore ks) throws KeyStoreException {
  return (String) ks.aliases().nextElement();
 }
 
 /**
  * Gets the alias defining the parameters of to access Smart card 
  * @param smartCardDriver Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword the smart card password
  * @return
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException
  * @throws NoSuchMethodException
  * @throws SecurityException
  * @throws InstantiationException
  * @throws IllegalAccessException
  * @throws IllegalArgumentException
  * @throws InvocationTargetException
  */
 public static String getPKCS11CertAlias(String smartCardDriver, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  KeyStore ks = getPKCS11KeyStore(smartCardDriver, CertificatePassword);
  return (String) ks.aliases().nextElement();
 }
    
 /**
  * Get the private key from a Java keystore knowing its password
  * @param ks
  * @param CertificatePassword
  * @return
  * @throws KeyStoreException
  * @throws UnrecoverableKeyException
  * @throws NoSuchAlgorithmException
  */
 public static PrivateKey getPrivateKey(KeyStore ks, String CertificatePassword) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
     String alias=getCertAlias(ks);
     return (PrivateKey) ks.getKey(alias, CertificatePassword.toCharArray());
 }
 
 /**
  * Get the private key from a smart card accessing by its configuration and password 
  * @param smartCardDriver Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword the smart card password
  * @return
  * @throws KeyStoreException
  * @throws UnrecoverableKeyException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException
  * @throws NoSuchMethodException
  * @throws SecurityException
  * @throws InstantiationException
  * @throws IllegalAccessException
  * @throws IllegalArgumentException
  * @throws InvocationTargetException
  */
 public static PrivateKey getPKCS11PrivateKey(String smartCardDriver, String CertificatePassword) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  KeyStore ks = getPKCS11KeyStore(smartCardDriver, CertificatePassword);
     String alias=getCertAlias(ks);
     return (PrivateKey) ks.getKey(alias, CertificatePassword.toCharArray());
 }
 
 /**
  * Tests 
  * @param args
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws UnrecoverableKeyException
  * @throws InvocationTargetException 
  * @throws IllegalArgumentException 
  * @throws IllegalAccessException 
  * @throws InstantiationException 
  * @throws SecurityException 
  * @throws NoSuchMethodException 
  * @throws ClassNotFoundException 
  */
 public static void main(String args[]) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  String myCardPwd="MySmartCardPassword";
  String myP12Pwd="MyP12Password";
  
  String myCardDriver="UNIX_G&D";
  String myP12File="/home/myuser/mycert.p12";
  
  //0. Show java version and OOS 
  System.out.println("0.---------------------------------------------------------------------------");
  System.out.println(getJavaVersion());
  System.out.println(System.getProperty("os.name"));
  System.out.println(getOsType());
  System.out.println();
  
  //1. Test getPKCS11KeyStore
  System.out.println("1.---------------------------------------------------------------------------");
  KeyStore ks1=getPKCS11KeyStore(myCardDriver, myCardPwd);
  System.out.println(ks1.toString());
  System.out.println();
  
  //2. Test getPKCS12KeyStore
  System.out.println("2.---------------------------------------------------------------------------");
  KeyStore ks2=getPKCS12KeyStore(myP12File, myP12Pwd);
  System.out.println(ks2.toString());
  System.out.println();
  
  //3. Test getCertificateChain
  System.out.println("3.1.---------------------------------------------------------------------------");
  Certificate[] cert1 =getCertificateChain(ks1);
  System.out.println(cert1[0].toString());
  System.out.println();
  
  System.out.println("3.2.---------------------------------------------------------------------------");
  Certificate[] cert2 =getCertificateChain(ks2);
  System.out.println(cert2[0].toString());
  System.out.println();
  
  //4. Test getCertAlias
  System.out.println("4.---------------------------------------------------------------------------");
  String alias1 =getCertAlias(ks1);
  System.out.println(alias1);
  System.out.println();
  
  String alias2 =getCertAlias(ks1);
  System.out.println(alias2);
  System.out.println();
  
  //5. Test Private Key
  System.out.println("5.---------------------------------------------------------------------------");
  PrivateKey pKey1 =getPrivateKey(ks1, myCardPwd);
  System.out.print(pKey1.getFormat()+" ");
  System.out.print(pKey1.getAlgorithm()+" ");
  System.out.print(pKey1.getClass()+" ");
  System.out.println(pKey1.hashCode());
  System.out.println();
  
  PrivateKey pKey2 =getPrivateKey(ks2, myP12Pwd);
  System.out.print(pKey2.getFormat()+" ");
  System.out.print(pKey2.getAlgorithm()+" ");
  System.out.print(pKey2.getClass()+" ");
  System.out.println(pKey2.hashCode());
    
  
 }
}

Hay que saber:

  • Versión de Java que tenemos
  • Sistema Operativo
  • Drivers de la tarjeta PKCS11
Respecto a la versión de Java, como estamos desarrollando en Java 10, y la configuracion del pkcs#11 cambia a partir de Java 9, todo el código para versiones Java 1.8 y anteriores se tiene que hacer por reflexión, ya que las referencias a la clase sun.security.pkcs11.SunPKCS11 no existen en las nuevas versiones de Java, y por tanto da error de compilación si accedemos directamente a ella. Esto se tiene en cuenta en las líneas 93-100.

En Java 9+ no se permite pasar lo parámetros de configuración de las librerias en un String , pero en StackOverflow encuentran una manera de hacerlo que es meter un prefijo de "--" y entiende que no hay que ir a un fichero para leer los parámetros. (Líneas 50-53) 

Respecto al sistema operativo y los drivers de la tarjeta, se ha creado una constante CARD_DRIVERS en las líneas  23-27 que contiene las definiciones y accesos a las librerías de la tarjeta en función del sistema operativo. En este caso solo se ha puesto los drivers de las tarjetas G&D (Linux y Windowa) y Siemens (Solo Windows). Por tanto debereis proporcionar las localizaciones de los drivers de vuestra tarjeta para vuestro sistema operativo a esta variable

Para el caso de ver el certificado de la tarjeta, ver como se configura en entradas anteriores y comprovar que desde Firefox se puede vcr, y tener a mano la contraseña de la tarjeta. ¡No olvidar colocar la tarjeta en el lector!

Para los certificados en fichero ".p12" hay que tener localizada la ruta en disco al fichero y también su contraseña.

Cambiar las variables myCardPwd y myP12Pwd de las contraseñas y  cambiar UNIX_GD por vuestro driver en concreto de las líneas 253-257 

Si ejecutamos la clase la salida es:


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
0.---------------------------------------------------------------------------
10.0.1
Linux
UNIX

1.---------------------------------------------------------------------------
java.security.KeyStore@3c0f93f1

2.---------------------------------------------------------------------------
java.security.KeyStore@2db7a79b

3.1.---------------------------------------------------------------------------
[
[
  Version: V3
  Subject: C=ES, O=MI EMPRESA, OU=CERTIFICADO ELECTRONICO DE EMPLEADO , T=INFORMATICO, SURNAME=DANTE ROWAN, GIVENNAME=XIMO, SERIALNUMBER=00000000K, CN=XIMO DANTE ROWAN - DNI 00000000K
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 19021714822695416410640732937165993185780893482489530609330271353653833986865409884357525007345857232950358020644608398916280213715193060415883879832876531731740542555392415820427951721849049132493073141912997396086315448899421338622445988272776481734273508949312612164981823405217082043937698335240980137352749854111702007707185035537211696440848221707436761398140758722285712454822641762459224271273797613662488740802157152331603569593878761205385078263148512440183328837233707473664828559803695573085387432746298260369984396583140133936394510594711790250569261292925214068907097899413187072139398842014155739659889
  public exponent: 65537
  Validity: [From: Tue Mar 20 14:21:35 CET 2018,
               To: Fri Mar 19 14:21:35 CET 2021]
  Issuer: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120
  SerialNumber: [    0f2c933c 40619f66]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2F 30 2D 30 14 06 08   2B 06 01 05 05 07 0B 02  ./0-0...+.......
0010: 30 08 06 06 04 00 8E 46   01 01 30 08 06 06 04 00  0......F..0.....
0020: 8E 46 01 01 30 0B 06 06   04 00 8E 46 01 03 02 01  .F..0......F....
0030: 0F                                                 .


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://www.accv.es/gestcert/ACCVCA120.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.accv.es
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E8 40 9B 8E FB 66 3F C1   44 D8 A1 DF D4 4A 81 42  .@...f?.D....J.B
0010: 08 17 CB E5                                        ....
]
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://www.accv.es/fileadmin/Archivos/certificados/accvca120_der.crl]
   CRLIssuer:[C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.8149.3.13.4.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 30 82 01 94 1E 82 01 90   00 43 00 65 00 72 00 74  0........C.e.r.t
0010: 00 69 00 66 00 69 00 63   00 61 00 64 00 6F 00 20  .i.f.i.c.a.d.o. 
0020: 00 63 00 75 00 61 00 6C   00 69 00 66 00 69 00 63  .c.u.a.l.i.f.i.c
0030: 00 61 00 64 00 6F 00 20   00 70 00 61 00 72 00 61  .a.d.o. .p.a.r.a
0040: 00 20 00 45 00 6D 00 70   00 6C 00 65 00 61 00 64  . .E.m.p.l.e.a.d
0050: 00 6F 00 20 00 50 00 FA   00 62 00 6C 00 69 00 63  .o. .P...b.l.i.c
0060: 00 6F 00 20 00 65 00 78   00 70 00 65 00 64 00 69  .o. .e.x.p.e.d.i
0070: 00 64 00 6F 00 20 00 70   00 6F 00 72 00 20 00 65  .d.o. .p.o.r. .e
0080: 00 6C 00 20 00 49 00 6E   00 73 00 74 00 69 00 74  .l. .I.n.s.t.i.t
0090: 00 75 00 74 00 6F 00 20   00 56 00 61 00 6C 00 65  .u.t.o. .V.a.l.e
00A0: 00 6E 00 63 00 69 00 61   00 6E 00 6F 00 20 00 64  .n.c.i.a.n.o. .d
00B0: 00 65 00 20 00 46 00 69   00 6E 00 61 00 6E 00 7A  .e. .F.i.n.a.n.z
00C0: 00 61 00 73 00 20 00 2D   00 20 00 41 00 43 00 43  .a.s. .-. .A.C.C
00D0: 00 56 00 20 00 28 00 50   00 6C 00 61 00 7A 00 61  .V. .(.P.l.a.z.a
00E0: 00 20 00 4E 00 E1 00 70   00 6F 00 6C 00 65 00 73  . .N...p.o.l.e.s
00F0: 00 20 00 79 00 20 00 53   00 69 00 63 00 69 00 6C  . .y. .S.i.c.i.l
0100: 00 69 00 61 00 2C 00 20   00 36 00 2E 00 20 00 56  .i.a.,. .6... .V
0110: 00 61 00 6C 00 65 00 6E   00 63 00 69 00 61 00 20  .a.l.e.n.c.i.a. 
0120: 00 43 00 50 00 20 00 34   00 36 00 30 00 30 00 33  .C.P. .4.6.0.0.3
0130: 00 2C 00 20 00 45 00 53   00 50 00 41 00 D1 00 41  .,. .E.S.P.A...A
0140: 00 2E 00 20 00 43 00 49   00 46 00 20 00 51 00 39  ... .C.I.F. .Q.9
0150: 00 36 00 35 00 30 00 30   00 31 00 30 00 43 00 29  .6.5.0.0.1.0.C.)
0160: 00 2E 00 20 00 43 00 50   00 53 00 20 00 79 00 20  ... .C.P.S. .y. 
0170: 00 43 00 50 00 20 00 65   00 6E 00 20 00 68 00 74  .C.P. .e.n. .h.t
0180: 00 74 00 70 00 3A 00 2F   00 2F 00 77 00 77 00 77  .t.p.:././.w.w.w
0190: 00 2E 00 61 00 63 00 63                            ...a.c.c

], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 24 68 74 74 70 3A 2F   2F 77 77 77 2E 61 63 63  .$http://www.acc
0010: 76 2E 65 73 2F 6C 65 67   69 73 6C 61 63 69 6F 6E  v.es/legislacion
0020: 5F 63 2E 68 74 6D                                  _c.htm

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  emailProtection
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  RFC822Name: ximodante@gmail.com
  UID=73912286S, CN=XIMO|DANTE|ROWAN, OID.2.16.724.1.3.5.3.2.11=INFORMATICO, OID.2.16.724.1.3.5.3.2.10=, OID.2.16.724.1.3.5.3.2.9=XIMODANTE@GMAIL.COM, OID.2.16.724.1.3.5.3.2.8=ROWAN, OID.2.16.724.1.3.5.3.2.7=DANTE, OID.2.16.724.1.3.5.3.2.6=XIMO, OID.2.16.724.1.3.5.3.2.5=, OID.2.16.724.1.3.5.3.2.4=00000000H, OID.2.16.724.1.3.5.3.2.3=00000000H, OID.2.16.724.1.3.5.3.2.2=MI EMPRESA, OID.2.16.724.1.3.5.3.2.1=certificado electrónico de empleado
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E6 5F 75 0C 37 CA 44 62   D0 B0 90 9B A3 49 CA 22  ._u.7.Db.....I."
0010: 96 85 79 A5                                        ..y.
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 5F 35 1F 50 9D 8E 36 76   F0 BD C4 A4 86 41 2D 2F  _5.P..6v.....A-/
0010: 28 CF 3C 8D 5B 8A F0 0D   D2 F8 F0 01 F8 35 DF 0A  (.<.[........5..
0020: 14 4D 4A 53 49 9E DF 51   BF 4E 61 EC B3 99 63 D0  .MJSI..Q.Na...c.
0030: CC 5B EE D5 21 01 93 26   D3 3B 66 1E 72 31 CA 23  .[..!..&.;f.r1.#
0040: 4A 5F B2 D9 78 BE 03 0E   97 82 4C F1 92 31 94 06  J_..x.....L..1..
0050: 97 92 8B 2E 33 FF A9 31   34 F8 F7 FB 01 2B 07 1D  ....3..14....+..
0060: F9 C5 49 1E FC 44 3C 81   A9 22 0A BC 92 1E AA BD  ..I..D<.."......
0070: 3E FD F6 EC CA 1E 94 A1   40 68 0B 92 A1 8D B5 59  >.......@h.....Y
0080: D2 A9 60 F6 50 05 58 E3   5C EC 29 BD EA C1 D7 95  ..`.P.X.\.).....
0090: 90 E6 8B DA 11 30 8A CE   75 58 AF 99 54 9F 13 13  .....0..uX..T...
00A0: D0 CC 41 2C F2 DC C7 C1   2A 27 CF FA 0F 89 AD FC  ..A,....*'......
00B0: D9 42 68 3A 52 B0 0D 0B   4C EB 03 3C EE 64 BC 5C  .Bh:R...L..<.d.\
00C0: 7B 1F 02 39 3F 1D EB DF   D6 E0 1F BA EB E0 8A 14  ...9?...........
00D0: FD 7B 6A 9C 31 E7 98 88   BB F3 E7 75 2B C1 74 B6  ..j.1......u+.t.
00E0: 51 2B B4 29 E4 98 7D C0   F2 03 F0 35 6A EB BB 4E  Q+.).......5j..N
00F0: 18 E5 82 68 B4 D3 01 4F   17 4A 09 29 6F 83 D2 50  ...h...O.J.)o..P
0100: 4A 65 AD BF 2E CA DB 7C   8E 02 DD B6 9C 1C A3 F4  Je..............
0110: A5 24 C9 DA 1C E5 05 2D   E1 50 45 E6 7A D1 E5 0D  .$.....-.PE.z...
0120: 04 E5 C4 5B 68 9F 64 3A   40 90 2E E5 C2 50 AD FC  ...[h.d:@....P..
0130: EC 44 75 B0 10 61 0B 97   F2 37 70 9F 90 D9 51 38  .Du..a...7p...Q8
0140: 79 CB 29 7D 15 0D B2 91   21 99 84 33 4D CB 57 80  y.).....!..3M.W.
0150: 5E 00 8D 05 46 EA 7A 33   B2 1E 03 8B 16 99 7D 74  ^...F.z3.......t
0160: 10 E9 33 FA CD 8A 34 EF   39 CD 46 D1 63 7B 0E 1F  ..3...4.9.F.c...
0170: 83 DD 1F CE A0 B6 87 0C   2E 3E 39 CE 19 FD D3 44  .........>9....D
0180: F5 F3 D0 7F 50 EB A4 9B   42 EC FB 3F 92 3B A7 C1  ....P...B..?.;..
0190: F8 C8 D0 AE 33 93 E8 FD   78 9F B3 24 0F EA C3 9C  ....3...x..$....
01A0: 05 2A 2B A7 F0 F0 1E B3   B2 50 1F C4 15 57 B8 CC  .*+......P...W..
01B0: 1A 1A 41 D3 62 42 AE 91   59 75 5E 27 49 71 71 EA  ..A.bB..Yu^'Iqq.
01C0: F3 F6 61 D6 32 C3 07 F5   F4 C2 33 67 0A 76 78 BA  ..a.2.....3g.vx.
01D0: 04 3F 8F 36 D5 F0 80 67   2C 01 80 F8 1F 8A DC 89  .?.6...g,.......
01E0: E4 CB FA 98 61 18 E4 0E   73 4B 9C CB DA C7 70 95  ....a...sK....p.
01F0: 92 EF FF 44 08 90 72 25   5D FA BB 54 3A 17 C9 42  ...D..r%]..T:..B

]

3.2.---------------------------------------------------------------------------
[
[
  Version: V3
  Subject: C=ES, O=ACCV, OU=Ciudadanos, SURNAME=DANTE ROWAN, GIVENNAME=XIMO, SERIALNUMBER=00000000K, CN=XIMO DANTE ROWAN - NIF:00000000K
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 21757130547546887926731287792570240531716684128927768517543627413859405485980142027347572350063970037860667217768728083194306284863331578611854854525535163472922153877080767307418651436474925502245400991196153728239177021417001651670871254677349563692351627223238730450941293371238545906699705924695419291880497656443177970251754674625184476860189356029686362811922598102001962238968212045384817598559466925299377599470182410916072150326389960741015440799734738117762739492302380894771825837694705499766527035717445176670596986088165048420218312673744319669479917012899370872874273446650279746235787115459471191975169
  public exponent: 65537
  Validity: [From: Wed Jun 01 14:11:08 CEST 2016,
               To: Sat Jun 01 14:11:08 CEST 2019]
  Issuer: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120
  SerialNumber: [    69bc4ec7 c373186f]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 22 30 20 30 14 06 08   2B 06 01 05 05 07 0B 02  ."0 0...+.......
0010: 30 08 06 06 04 00 8E 46   01 01 30 08 06 06 04 00  0......F..0.....
0020: 8E 46 01 01                                        .F..


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://www.accv.es/gestcert/ACCVCA120SHA2.cacert.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.accv.es
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E8 40 9B 8E FB 66 3F C1   44 D8 A1 DF D4 4A 81 42  .@...f?.D....J.B
0010: 08 17 CB E5                                        ....
]
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://www.accv.es/fileadmin/Archivos/certificados/accvca120_der.crl]
   CRLIssuer:[C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.8149.3.7.5.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 30 82 01 6C 1E 82 01 68   00 43 00 65 00 72 00 74  0..l...h.C.e.r.t
0010: 00 69 00 66 00 69 00 63   00 61 00 64 00 6F 00 20  .i.f.i.c.a.d.o. 
0020: 00 72 00 65 00 63 00 6F   00 6E 00 6F 00 63 00 69  .r.e.c.o.n.o.c.i
0030: 00 64 00 6F 00 20 00 70   00 61 00 72 00 61 00 20  .d.o. .p.a.r.a. 
0040: 00 43 00 69 00 75 00 64   00 61 00 64 00 61 00 6E  .C.i.u.d.a.d.a.n
0050: 00 6F 00 20 00 65 00 78   00 70 00 65 00 64 00 69  .o. .e.x.p.e.d.i
0060: 00 64 00 6F 00 20 00 70   00 6F 00 72 00 20 00 6C  .d.o. .p.o.r. .l
0070: 00 61 00 20 00 41 00 67   00 65 00 6E 00 63 00 69  .a. .A.g.e.n.c.i
0080: 00 61 00 20 00 64 00 65   00 20 00 54 00 65 00 63  .a. .d.e. .T.e.c
0090: 00 6E 00 6F 00 6C 00 6F   00 67 00 ED 00 61 00 20  .n.o.l.o.g...a. 
00A0: 00 79 00 20 00 43 00 65   00 72 00 74 00 69 00 66  .y. .C.e.r.t.i.f
00B0: 00 69 00 63 00 61 00 63   00 69 00 F3 00 6E 00 20  .i.c.a.c.i...n. 
00C0: 00 45 00 6C 00 65 00 63   00 74 00 72 00 F3 00 6E  .E.l.e.c.t.r...n
00D0: 00 69 00 63 00 61 00 20   00 28 00 50 00 6C 00 2E  .i.c.a. .(.P.l..
00E0: 00 20 00 43 00 E1 00 6E   00 6F 00 76 00 61 00 73  . .C...n.o.v.a.s
00F0: 00 20 00 64 00 65 00 6C   00 20 00 43 00 61 00 73  . .d.e.l. .C.a.s
0100: 00 74 00 69 00 6C 00 6C   00 6F 00 2C 00 20 00 31  .t.i.l.l.o.,. .1
0110: 00 2E 00 20 00 43 00 49   00 46 00 20 00 51 00 34  ... .C.I.F. .Q.4
0120: 00 36 00 30 00 31 00 31   00 35 00 36 00 45 00 29  .6.0.1.1.5.6.E.)
0130: 00 2E 00 20 00 43 00 50   00 53 00 20 00 79 00 20  ... .C.P.S. .y. 
0140: 00 43 00 50 00 20 00 65   00 6E 00 20 00 68 00 74  .C.P. .e.n. .h.t
0150: 00 74 00 70 00 3A 00 2F   00 2F 00 77 00 77 00 77  .t.p.:././.w.w.w
0160: 00 2E 00 61 00 63 00 63   00 76 00 2E 00 65 00 73  ...a.c.c.v...e.s

], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 24 68 74 74 70 3A 2F   2F 77 77 77 2E 61 63 63  .$http://www.acc
0010: 76 2E 65 73 2F 6C 65 67   69 73 6C 61 63 69 6F 6E  v.es/legislacion
0020: 5F 63 2E 68 74 6D                                  _c.htm

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  emailProtection
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  RFC822Name: ximodante@gmail.com
  UID=00000000K, CN=XIMO|DANTE|ROWAN
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 64 90 C5 0E A1 A8 84 FC   D1 CB 7A CE 6D FF 99 C1  d.........z.m...
0010: E0 C2 0C CA                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 1A 78 76 1F A9 4A A4 4F   61 9F 40 3B 92 C2 D4 DB  .xv..J.Oa.@;....
0010: 4E 85 84 E6 7C 66 30 CD   E8 25 FB FF C3 3B 6B D9  N....f0..%...;k.
0020: 21 99 9B AC D3 1D 8C 3D   02 3D F8 11 67 FE 70 77  !......=.=..g.pw
0030: 21 8C 94 80 F8 35 FF 83   9C 4A B3 F5 3E 58 70 BE  !....5...J..>Xp.
0040: 59 D6 C9 43 FA 50 0C B5   DA F8 BB 1B DE 20 A7 90  Y..C.P....... ..
0050: 42 61 3B 59 6D BE F7 3E   1C 24 95 6C ED 86 CE BE  Ba;Ym..>.$.l....
0060: E9 01 B3 D0 5A 49 6D A6   C3 BB 8E 1D E9 C3 29 3B  ....ZIm.......);
0070: CA 2E A4 74 62 0E 6C C6   3B 9E 71 A5 84 9D 1B 23  ...tb.l.;.q....#
0080: BE D1 EA DD 1F 25 A6 4D   E0 0B 3D 3F AB B3 E5 ED  .....%.M..=?....
0090: 84 FC 6A 74 01 03 C5 E5   35 0E F4 F8 36 97 BB B5  ..jt....5...6...
00A0: ED 0E 69 4C C7 70 41 1F   25 E7 CD 46 44 B1 C6 51  ..iL.pA.%..FD..Q
00B0: D0 A2 43 A1 9B FA 88 02   09 2B 8A 8F C0 7F 85 B7  ..C......+......
00C0: 7B 32 DB BB 3C FC AB 11   B8 80 C4 EE 05 FF DE CD  .2..<...........
00D0: 5F 85 4B BC EC 85 B3 E6   25 36 84 B0 A2 0C F5 12  _.K.....%6......
00E0: 35 B8 30 66 AD BA 43 B0   BD DA 7E BA 76 15 60 D6  5.0f..C.....v.`.
00F0: 7E CB FE 6F 07 25 59 5F   56 F2 1A 08 AD 5B 12 9D  ...o.%Y_V....[..
0100: 22 B0 5F 81 67 04 9E D9   9F B4 03 56 39 D1 5C 94  "._.g......V9.\.
0110: FB 85 18 E0 AE BE D1 50   8B D8 A1 A6 26 8B E2 B8  .......P....&...
0120: 6C 68 6F 58 78 F3 06 35   4B 68 A5 27 77 C3 B3 F8  lhoXx..5Kh.'w...
0130: 77 F7 DD 83 55 3A 9D D1   C0 12 CF CC D8 74 5F 74  w...U:.......t_t
0140: 26 1C 22 8D C2 E8 12 48   25 1F 48 07 BC 12 7C C1  &."....H%.H.....
0150: EA 2B 45 76 BB 6E E0 7C   DF 7C 3B B9 29 D3 E2 55  .+Ev.n....;.)..U
0160: B3 0C 13 5D 01 33 CF 7C   8B 59 68 42 91 69 DC D4  ...].3...YhB.i..
0170: 3A A5 79 4C 2C D6 60 8A   0F 08 25 9D A7 61 A9 35  :.yL,.`...%..a.5
0180: A2 6D 70 6A D2 14 7E 40   8E 05 D5 96 74 6C E0 19  .mpj...@....tl..
0190: D1 56 81 50 A2 86 CC 84   93 6B 6B CF 9F 7F EC D1  .V.P.....kk.....
01A0: 69 9A F9 47 6B A2 12 98   3E 99 F1 9F 3E 41 A6 0E  i..Gk...>...>A..
01B0: 48 1B C5 7B E8 5E E6 37   C4 09 8D 5D 48 F6 5A 28  H....^.7...]H.Z(
01C0: 14 8A 12 CB C1 31 EB 2D   0C FC B7 E7 A3 1D 4C C3  .....1.-......L.
01D0: D0 EE A1 7C 17 FB B4 10   01 AD CA AE 89 9D 98 BE  ................
01E0: C9 6F F4 6A C6 A3 5C 96   4C 7E 9B 63 31 FE 94 94  .o.j..\.L..c1...
01F0: C4 D1 6D ED E4 64 44 AB   E9 D2 F6 4A D3 22 A6 CF  ..m..dD....J."..

]

4.---------------------------------------------------------------------------
EPN1

EPN1

5.---------------------------------------------------------------------------
null RSA class sun.security.pkcs11.P11Key$P11PrivateKey 0

PKCS#8 RSA class sun.security.rsa.RSAPrivateCrtKeyImpl -2192210


3. Posibles problemas


1. No has puesto la tarjeta en el lector
2. No has definido la configuración de la tarjeta en la variable CARD_DRIVERS en las líneas  23-27
3. Si no tienes tarjeta y solo tienes el certificado p12, inhabilita los tests de la tarjeta.

Happy coding!


1 comentario :

  1. Buenas!, muchas gracias por tu post.

    Me falla el OSType. He visto que se trata de una interface para implementar, pero como novatillo no sé muy bien cómo revisar el problema. Si implemento tu código me dice que la clase no puede ser implementada. ¿Me falta algo?

    ResponderEliminar