martes, 28 de agosto de 2018

Certificados y Java (I). Manejar certificados PKCS#11 (Smart Card) y PKCS12 (fichero .p12)

0. Introducción


Nuestro objetivo es poder firmar un fichero. Para ello, debemos tener un certificado a mano para poder firmar.

Veamos como leemos un certificado de tarjeta (Smart Card) tipo PKSC#11

Para ello debemos tener instalado correctamente el certificado digital. En una entrada anterior se instaló el lector de tarjetas Zoweetek y una tarjeta de la ACCV.


1. Creamos un proyecto Maven


En Eclipse File-New-Other-MavenProject y marcamos "Create a simple project (skip archetype selection) y Next

Elegimos:

  • Group Id: org.ximodante
  • Artificact Id: JavaCertificates
Y lo demás por omisión y Finish
Vamos al pom.xml y le añadimos las librería que nos hacen falta, quedando así:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>org.ximodante</groupId>
  <artifactId>JavaCertificates</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  
  <properties>
    <failOnMissingWebXml>false</failOnMissingWebXml>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <maven.compiler.plugin>3.8.0</maven.compiler.plugin>
    <maven.compiler.source>10</maven.compiler.source>
    <maven.compiler.target>10</maven.compiler.target>
    <bouncycastle.version>1.60</bouncycastle.version>
    <apache.pdfbox.version>2.0.11</apache.pdfbox.version>
  
  </properties>
  
  <dependencies>
    
    <!-- 1. PDFBOX para majejar PDFs -->    
    <!-- https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox -->
    <dependency>
      <groupId>org.apache.pdfbox</groupId>
      <artifactId>pdfbox</artifactId>
      <version>${apache.pdfbox.version}</version>
    </dependency>
    
    <!-- 2. XMPBOX para majejar XMP (Abobe extensible metadata) -->    
    <!-- https://mvnrepository.com/artifact/org.apache.pdfbox/xmpbox -->
    <dependency>
      <groupId>org.apache.pdfbox</groupId>
      <artifactId>xmpbox</artifactId>
      <version>${apache.pdfbox.version}</version>
    </dependency>
    
    
    <!-- 3. BOUNCYCASTLE para manejar todo el tema de certificados -->    
    <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcprov-jdk15on</artifactId>
      <version>${bouncycastle.version}</version>
    </dependency>
    
    <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk15on -->
    <dependency>
      <groupId>org.bouncycastle</groupId>
      <artifactId>bcmail-jdk15on</artifactId>
       <version>${bouncycastle.version}</version>
    </dependency>
    
        
  </dependencies>
  
</project>

NOTA: Para este primer post, solo nos interesan las librería BouncyCastle.


2. Clase abstacta para el manejo de certificados


Creamos una clase llamada PKCSUtils


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
package org.ximodante.certificatemanagers;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;

public class PKCSUtils {
 
 
 public static String[][] CARD_DRIVERS = 
  new String[][] 
   { {"WIN_G&D","c:\\windows\\system32\\aetpkss1.dll"},
     {"WIN_SIEMENS_OLD","c:\\windows\\system32\\siecap11.dll"},
     {"UNIX_G&D","/usr/lib/libaetpkss.so.3"}
   };
    
 public static OsTypes getOsType() {
  String OSName=System.getProperty("os.name").toLowerCase();
  if (OSName.indexOf("win") >= 0 ) return OsTypes.WINDOWS;
  else if (OSName.indexOf("nix") >= 0 || OSName.indexOf("nux") >= 0 || OSName.indexOf("aix") > 0 ) return OsTypes.UNIX;
  else if (OSName.indexOf("mac") >= 0 ) return OsTypes.MAC;
  else return OsTypes.ERROR;
 }
 
 public static String getJavaVersion() {
  return System.getProperty("java.version");
 }
 
 /**
  * Return location of the Smart Card driver. It is indicated in CARD_DRIVERS
  * 
  * example call: getPKCS11ConfigString("UNIX_G&D")
  * 
  * @param smartCardDriverdriver
  * @return
  */
 public static String getPKCS11ConfigString(String smartCardDriverdriver) {
  // See See https://stackoverflow.com/a/46524444/7704658 to indicate not a file but the content of the configuration
  // a prefix= "--" is used to know it is not a file name
  String PKCS11CfgStr="";
  if (!getJavaVersion().startsWith("1.")) PKCS11CfgStr="-- ";
  PKCS11CfgStr=PKCS11CfgStr + "name = SmartCard"; 
  boolean found=false;
  for (String[] as: CARD_DRIVERS) {
   if (as[0].equalsIgnoreCase(smartCardDriverdriver) && !found) { 
    PKCS11CfgStr= PKCS11CfgStr + "\n library = " + as[1];
    found=true;
   }
  } 
  
  if (!found) throw new java.lang.RuntimeException("Driver name: " + smartCardDriverdriver + " NOT FOUND in PKCS11Utils.CARD_DRIVERS");
        return PKCS11CfgStr;
 }
 
 /**
  * Get a Keystore from a PKCS11 Certificate (Smart Card)
  * 
  * Example call
  *    getPKCS11KeyStore("UNIX_G&D", "mySmartCardPassword")
  *    
  * @param smartCardDriver : Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword
  * @return a Java KeyStore
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException 
  * @throws SecurityException 
  * @throws NoSuchMethodException 
  * @throws InvocationTargetException 
  * @throws IllegalArgumentException 
  * @throws IllegalAccessException 
  * @throws InstantiationException 
  */
 public static KeyStore getPKCS11KeyStore(String smartCardDriver, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  
  String pkcs11config=getPKCS11ConfigString(smartCardDriver);
  Provider pkcs11Provider = null;
  
  // As the class does not exists in Java 9 +, we will construct it by reflection or the compiler crashes
  if (getJavaVersion().startsWith("1.")) {
   byte[] pkcs11configBytes = pkcs11config.getBytes();
   ByteArrayInputStream configStream =  new ByteArrayInputStream(pkcs11configBytes);
   Class<?> plcs11Class = Class.forName("sun.security.pkcs11.SunPKCS11");
   Constructor<?> constructor = plcs11Class.getConstructor(new Class[]{ByteArrayInputStream.class}); 
   pkcs11Provider = (Provider) constructor.newInstance(configStream);
  
  // For JaVA 9+
  } else {
   pkcs11Provider = Security.getProvider("SunPKCS11");
   pkcs11Provider = pkcs11Provider.configure(pkcs11config);
  }  
  Security.addProvider(pkcs11Provider); 
         
  KeyStore ks = KeyStore.getInstance("PKCS11", pkcs11Provider);
  ks.load(null, CertificatePassword.toCharArray());
  
  return ks;
 }
 
 /**
  * 
  * @param certURL : The full name of the file for instance: "/home/myuser/certs/mycert.p12"
  * @param CertificatePassword: for instance "MyPassword"
  * @return a Java Keystore
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws FileNotFoundException
  * @throws IOException
  */
    public static KeyStore getPKCS12KeyStore(String certURL, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
     KeyStore ks = KeyStore.getInstance("PKCS12");
     if (CertificatePassword.length()>0) ks.load(new FileInputStream(certURL), CertificatePassword.toCharArray());
     else ks.load(new FileInputStream(certURL), null);
  return ks;
 }
 
    /**
     * Get the certificate chain from a java keystore
     * @param ks
     * @return
     * @throws KeyStoreException
     */
 public static Certificate[] getCertificateChain(KeyStore ks) throws KeyStoreException {
  String alias = (String) ks.aliases().nextElement();
  Certificate[] myCertChain = ks.getCertificateChain(alias);
  return myCertChain;
 }
 
 /**
  * Get the certificate chain from the parameter to access a Java Smart Card certificate
  * @param smartCardDriver Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword is the Smart Card Certificate
  * @return the certificate chain
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException
  * @throws NoSuchMethodException
  * @throws SecurityException
  * @throws InstantiationException
  * @throws IllegalAccessException
  * @throws IllegalArgumentException
  * @throws InvocationTargetException
  */
 public static Certificate[] getPKCS11CertificateChain(String smartCardDriver, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException   {
  KeyStore ks = getPKCS11KeyStore(smartCardDriver, CertificatePassword);
  return getCertificateChain(ks);
 }
 
    /**
     * get the alias of keystore
     * @param ks
     * @return
     * @throws KeyStoreException
     */
 public static String getCertAlias(KeyStore ks) throws KeyStoreException {
  return (String) ks.aliases().nextElement();
 }
 
 /**
  * Gets the alias defining the parameters of to access Smart card 
  * @param smartCardDriver Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword the smart card password
  * @return
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException
  * @throws NoSuchMethodException
  * @throws SecurityException
  * @throws InstantiationException
  * @throws IllegalAccessException
  * @throws IllegalArgumentException
  * @throws InvocationTargetException
  */
 public static String getPKCS11CertAlias(String smartCardDriver, String CertificatePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  KeyStore ks = getPKCS11KeyStore(smartCardDriver, CertificatePassword);
  return (String) ks.aliases().nextElement();
 }
    
 /**
  * Get the private key from a Java keystore knowing its password
  * @param ks
  * @param CertificatePassword
  * @return
  * @throws KeyStoreException
  * @throws UnrecoverableKeyException
  * @throws NoSuchAlgorithmException
  */
 public static PrivateKey getPrivateKey(KeyStore ks, String CertificatePassword) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
     String alias=getCertAlias(ks);
     return (PrivateKey) ks.getKey(alias, CertificatePassword.toCharArray());
 }
 
 /**
  * Get the private key from a smart card accessing by its configuration and password 
  * @param smartCardDriver Specifies the OS and the Card and it is defined in CARD_DRIVERS static parameter of the class
  * @param CertificatePassword the smart card password
  * @return
  * @throws KeyStoreException
  * @throws UnrecoverableKeyException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws ClassNotFoundException
  * @throws NoSuchMethodException
  * @throws SecurityException
  * @throws InstantiationException
  * @throws IllegalAccessException
  * @throws IllegalArgumentException
  * @throws InvocationTargetException
  */
 public static PrivateKey getPKCS11PrivateKey(String smartCardDriver, String CertificatePassword) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  KeyStore ks = getPKCS11KeyStore(smartCardDriver, CertificatePassword);
     String alias=getCertAlias(ks);
     return (PrivateKey) ks.getKey(alias, CertificatePassword.toCharArray());
 }
 
 /**
  * Tests 
  * @param args
  * @throws KeyStoreException
  * @throws NoSuchAlgorithmException
  * @throws CertificateException
  * @throws IOException
  * @throws UnrecoverableKeyException
  * @throws InvocationTargetException 
  * @throws IllegalArgumentException 
  * @throws IllegalAccessException 
  * @throws InstantiationException 
  * @throws SecurityException 
  * @throws NoSuchMethodException 
  * @throws ClassNotFoundException 
  */
 public static void main(String args[]) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
  String myCardPwd="MySmartCardPassword";
  String myP12Pwd="MyP12Password";
  
  String myCardDriver="UNIX_G&D";
  String myP12File="/home/myuser/mycert.p12";
  
  //0. Show java version and OOS 
  System.out.println("0.---------------------------------------------------------------------------");
  System.out.println(getJavaVersion());
  System.out.println(System.getProperty("os.name"));
  System.out.println(getOsType());
  System.out.println();
  
  //1. Test getPKCS11KeyStore
  System.out.println("1.---------------------------------------------------------------------------");
  KeyStore ks1=getPKCS11KeyStore(myCardDriver, myCardPwd);
  System.out.println(ks1.toString());
  System.out.println();
  
  //2. Test getPKCS12KeyStore
  System.out.println("2.---------------------------------------------------------------------------");
  KeyStore ks2=getPKCS12KeyStore(myP12File, myP12Pwd);
  System.out.println(ks2.toString());
  System.out.println();
  
  //3. Test getCertificateChain
  System.out.println("3.1.---------------------------------------------------------------------------");
  Certificate[] cert1 =getCertificateChain(ks1);
  System.out.println(cert1[0].toString());
  System.out.println();
  
  System.out.println("3.2.---------------------------------------------------------------------------");
  Certificate[] cert2 =getCertificateChain(ks2);
  System.out.println(cert2[0].toString());
  System.out.println();
  
  //4. Test getCertAlias
  System.out.println("4.---------------------------------------------------------------------------");
  String alias1 =getCertAlias(ks1);
  System.out.println(alias1);
  System.out.println();
  
  String alias2 =getCertAlias(ks1);
  System.out.println(alias2);
  System.out.println();
  
  //5. Test Private Key
  System.out.println("5.---------------------------------------------------------------------------");
  PrivateKey pKey1 =getPrivateKey(ks1, myCardPwd);
  System.out.print(pKey1.getFormat()+" ");
  System.out.print(pKey1.getAlgorithm()+" ");
  System.out.print(pKey1.getClass()+" ");
  System.out.println(pKey1.hashCode());
  System.out.println();
  
  PrivateKey pKey2 =getPrivateKey(ks2, myP12Pwd);
  System.out.print(pKey2.getFormat()+" ");
  System.out.print(pKey2.getAlgorithm()+" ");
  System.out.print(pKey2.getClass()+" ");
  System.out.println(pKey2.hashCode());
    
  
 }
}

Hay que saber:

  • Versión de Java que tenemos
  • Sistema Operativo
  • Drivers de la tarjeta PKCS11
Respecto a la versión de Java, como estamos desarrollando en Java 10, y la configuracion del pkcs#11 cambia a partir de Java 9, todo el código para versiones Java 1.8 y anteriores se tiene que hacer por reflexión, ya que las referencias a la clase sun.security.pkcs11.SunPKCS11 no existen en las nuevas versiones de Java, y por tanto da error de compilación si accedemos directamente a ella. Esto se tiene en cuenta en las líneas 93-100.

En Java 9+ no se permite pasar lo parámetros de configuración de las librerias en un String , pero en StackOverflow encuentran una manera de hacerlo que es meter un prefijo de "--" y entiende que no hay que ir a un fichero para leer los parámetros. (Líneas 50-53) 

Respecto al sistema operativo y los drivers de la tarjeta, se ha creado una constante CARD_DRIVERS en las líneas  23-27 que contiene las definiciones y accesos a las librerías de la tarjeta en función del sistema operativo. En este caso solo se ha puesto los drivers de las tarjetas G&D (Linux y Windowa) y Siemens (Solo Windows). Por tanto debereis proporcionar las localizaciones de los drivers de vuestra tarjeta para vuestro sistema operativo a esta variable

Para el caso de ver el certificado de la tarjeta, ver como se configura en entradas anteriores y comprovar que desde Firefox se puede vcr, y tener a mano la contraseña de la tarjeta. ¡No olvidar colocar la tarjeta en el lector!

Para los certificados en fichero ".p12" hay que tener localizada la ruta en disco al fichero y también su contraseña.

Cambiar las variables myCardPwd y myP12Pwd de las contraseñas y  cambiar UNIX_GD por vuestro driver en concreto de las líneas 253-257 

Si ejecutamos la clase la salida es:


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
0.---------------------------------------------------------------------------
10.0.1
Linux
UNIX

1.---------------------------------------------------------------------------
java.security.KeyStore@3c0f93f1

2.---------------------------------------------------------------------------
java.security.KeyStore@2db7a79b

3.1.---------------------------------------------------------------------------
[
[
  Version: V3
  Subject: C=ES, O=MI EMPRESA, OU=CERTIFICADO ELECTRONICO DE EMPLEADO , T=INFORMATICO, SURNAME=DANTE ROWAN, GIVENNAME=XIMO, SERIALNUMBER=00000000K, CN=XIMO DANTE ROWAN - DNI 00000000K
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 19021714822695416410640732937165993185780893482489530609330271353653833986865409884357525007345857232950358020644608398916280213715193060415883879832876531731740542555392415820427951721849049132493073141912997396086315448899421338622445988272776481734273508949312612164981823405217082043937698335240980137352749854111702007707185035537211696440848221707436761398140758722285712454822641762459224271273797613662488740802157152331603569593878761205385078263148512440183328837233707473664828559803695573085387432746298260369984396583140133936394510594711790250569261292925214068907097899413187072139398842014155739659889
  public exponent: 65537
  Validity: [From: Tue Mar 20 14:21:35 CET 2018,
               To: Fri Mar 19 14:21:35 CET 2021]
  Issuer: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120
  SerialNumber: [    0f2c933c 40619f66]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2F 30 2D 30 14 06 08   2B 06 01 05 05 07 0B 02  ./0-0...+.......
0010: 30 08 06 06 04 00 8E 46   01 01 30 08 06 06 04 00  0......F..0.....
0020: 8E 46 01 01 30 0B 06 06   04 00 8E 46 01 03 02 01  .F..0......F....
0030: 0F                                                 .


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://www.accv.es/gestcert/ACCVCA120.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.accv.es
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E8 40 9B 8E FB 66 3F C1   44 D8 A1 DF D4 4A 81 42  .@...f?.D....J.B
0010: 08 17 CB E5                                        ....
]
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://www.accv.es/fileadmin/Archivos/certificados/accvca120_der.crl]
   CRLIssuer:[C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.8149.3.13.4.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 30 82 01 94 1E 82 01 90   00 43 00 65 00 72 00 74  0........C.e.r.t
0010: 00 69 00 66 00 69 00 63   00 61 00 64 00 6F 00 20  .i.f.i.c.a.d.o. 
0020: 00 63 00 75 00 61 00 6C   00 69 00 66 00 69 00 63  .c.u.a.l.i.f.i.c
0030: 00 61 00 64 00 6F 00 20   00 70 00 61 00 72 00 61  .a.d.o. .p.a.r.a
0040: 00 20 00 45 00 6D 00 70   00 6C 00 65 00 61 00 64  . .E.m.p.l.e.a.d
0050: 00 6F 00 20 00 50 00 FA   00 62 00 6C 00 69 00 63  .o. .P...b.l.i.c
0060: 00 6F 00 20 00 65 00 78   00 70 00 65 00 64 00 69  .o. .e.x.p.e.d.i
0070: 00 64 00 6F 00 20 00 70   00 6F 00 72 00 20 00 65  .d.o. .p.o.r. .e
0080: 00 6C 00 20 00 49 00 6E   00 73 00 74 00 69 00 74  .l. .I.n.s.t.i.t
0090: 00 75 00 74 00 6F 00 20   00 56 00 61 00 6C 00 65  .u.t.o. .V.a.l.e
00A0: 00 6E 00 63 00 69 00 61   00 6E 00 6F 00 20 00 64  .n.c.i.a.n.o. .d
00B0: 00 65 00 20 00 46 00 69   00 6E 00 61 00 6E 00 7A  .e. .F.i.n.a.n.z
00C0: 00 61 00 73 00 20 00 2D   00 20 00 41 00 43 00 43  .a.s. .-. .A.C.C
00D0: 00 56 00 20 00 28 00 50   00 6C 00 61 00 7A 00 61  .V. .(.P.l.a.z.a
00E0: 00 20 00 4E 00 E1 00 70   00 6F 00 6C 00 65 00 73  . .N...p.o.l.e.s
00F0: 00 20 00 79 00 20 00 53   00 69 00 63 00 69 00 6C  . .y. .S.i.c.i.l
0100: 00 69 00 61 00 2C 00 20   00 36 00 2E 00 20 00 56  .i.a.,. .6... .V
0110: 00 61 00 6C 00 65 00 6E   00 63 00 69 00 61 00 20  .a.l.e.n.c.i.a. 
0120: 00 43 00 50 00 20 00 34   00 36 00 30 00 30 00 33  .C.P. .4.6.0.0.3
0130: 00 2C 00 20 00 45 00 53   00 50 00 41 00 D1 00 41  .,. .E.S.P.A...A
0140: 00 2E 00 20 00 43 00 49   00 46 00 20 00 51 00 39  ... .C.I.F. .Q.9
0150: 00 36 00 35 00 30 00 30   00 31 00 30 00 43 00 29  .6.5.0.0.1.0.C.)
0160: 00 2E 00 20 00 43 00 50   00 53 00 20 00 79 00 20  ... .C.P.S. .y. 
0170: 00 43 00 50 00 20 00 65   00 6E 00 20 00 68 00 74  .C.P. .e.n. .h.t
0180: 00 74 00 70 00 3A 00 2F   00 2F 00 77 00 77 00 77  .t.p.:././.w.w.w
0190: 00 2E 00 61 00 63 00 63                            ...a.c.c

], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 24 68 74 74 70 3A 2F   2F 77 77 77 2E 61 63 63  .$http://www.acc
0010: 76 2E 65 73 2F 6C 65 67   69 73 6C 61 63 69 6F 6E  v.es/legislacion
0020: 5F 63 2E 68 74 6D                                  _c.htm

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  emailProtection
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  RFC822Name: ximodante@gmail.com
  UID=73912286S, CN=XIMO|DANTE|ROWAN, OID.2.16.724.1.3.5.3.2.11=INFORMATICO, OID.2.16.724.1.3.5.3.2.10=, OID.2.16.724.1.3.5.3.2.9=XIMODANTE@GMAIL.COM, OID.2.16.724.1.3.5.3.2.8=ROWAN, OID.2.16.724.1.3.5.3.2.7=DANTE, OID.2.16.724.1.3.5.3.2.6=XIMO, OID.2.16.724.1.3.5.3.2.5=, OID.2.16.724.1.3.5.3.2.4=00000000H, OID.2.16.724.1.3.5.3.2.3=00000000H, OID.2.16.724.1.3.5.3.2.2=MI EMPRESA, OID.2.16.724.1.3.5.3.2.1=certificado electrónico de empleado
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E6 5F 75 0C 37 CA 44 62   D0 B0 90 9B A3 49 CA 22  ._u.7.Db.....I."
0010: 96 85 79 A5                                        ..y.
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 5F 35 1F 50 9D 8E 36 76   F0 BD C4 A4 86 41 2D 2F  _5.P..6v.....A-/
0010: 28 CF 3C 8D 5B 8A F0 0D   D2 F8 F0 01 F8 35 DF 0A  (.<.[........5..
0020: 14 4D 4A 53 49 9E DF 51   BF 4E 61 EC B3 99 63 D0  .MJSI..Q.Na...c.
0030: CC 5B EE D5 21 01 93 26   D3 3B 66 1E 72 31 CA 23  .[..!..&.;f.r1.#
0040: 4A 5F B2 D9 78 BE 03 0E   97 82 4C F1 92 31 94 06  J_..x.....L..1..
0050: 97 92 8B 2E 33 FF A9 31   34 F8 F7 FB 01 2B 07 1D  ....3..14....+..
0060: F9 C5 49 1E FC 44 3C 81   A9 22 0A BC 92 1E AA BD  ..I..D<.."......
0070: 3E FD F6 EC CA 1E 94 A1   40 68 0B 92 A1 8D B5 59  >.......@h.....Y
0080: D2 A9 60 F6 50 05 58 E3   5C EC 29 BD EA C1 D7 95  ..`.P.X.\.).....
0090: 90 E6 8B DA 11 30 8A CE   75 58 AF 99 54 9F 13 13  .....0..uX..T...
00A0: D0 CC 41 2C F2 DC C7 C1   2A 27 CF FA 0F 89 AD FC  ..A,....*'......
00B0: D9 42 68 3A 52 B0 0D 0B   4C EB 03 3C EE 64 BC 5C  .Bh:R...L..<.d.\
00C0: 7B 1F 02 39 3F 1D EB DF   D6 E0 1F BA EB E0 8A 14  ...9?...........
00D0: FD 7B 6A 9C 31 E7 98 88   BB F3 E7 75 2B C1 74 B6  ..j.1......u+.t.
00E0: 51 2B B4 29 E4 98 7D C0   F2 03 F0 35 6A EB BB 4E  Q+.).......5j..N
00F0: 18 E5 82 68 B4 D3 01 4F   17 4A 09 29 6F 83 D2 50  ...h...O.J.)o..P
0100: 4A 65 AD BF 2E CA DB 7C   8E 02 DD B6 9C 1C A3 F4  Je..............
0110: A5 24 C9 DA 1C E5 05 2D   E1 50 45 E6 7A D1 E5 0D  .$.....-.PE.z...
0120: 04 E5 C4 5B 68 9F 64 3A   40 90 2E E5 C2 50 AD FC  ...[h.d:@....P..
0130: EC 44 75 B0 10 61 0B 97   F2 37 70 9F 90 D9 51 38  .Du..a...7p...Q8
0140: 79 CB 29 7D 15 0D B2 91   21 99 84 33 4D CB 57 80  y.).....!..3M.W.
0150: 5E 00 8D 05 46 EA 7A 33   B2 1E 03 8B 16 99 7D 74  ^...F.z3.......t
0160: 10 E9 33 FA CD 8A 34 EF   39 CD 46 D1 63 7B 0E 1F  ..3...4.9.F.c...
0170: 83 DD 1F CE A0 B6 87 0C   2E 3E 39 CE 19 FD D3 44  .........>9....D
0180: F5 F3 D0 7F 50 EB A4 9B   42 EC FB 3F 92 3B A7 C1  ....P...B..?.;..
0190: F8 C8 D0 AE 33 93 E8 FD   78 9F B3 24 0F EA C3 9C  ....3...x..$....
01A0: 05 2A 2B A7 F0 F0 1E B3   B2 50 1F C4 15 57 B8 CC  .*+......P...W..
01B0: 1A 1A 41 D3 62 42 AE 91   59 75 5E 27 49 71 71 EA  ..A.bB..Yu^'Iqq.
01C0: F3 F6 61 D6 32 C3 07 F5   F4 C2 33 67 0A 76 78 BA  ..a.2.....3g.vx.
01D0: 04 3F 8F 36 D5 F0 80 67   2C 01 80 F8 1F 8A DC 89  .?.6...g,.......
01E0: E4 CB FA 98 61 18 E4 0E   73 4B 9C CB DA C7 70 95  ....a...sK....p.
01F0: 92 EF FF 44 08 90 72 25   5D FA BB 54 3A 17 C9 42  ...D..r%]..T:..B

]

3.2.---------------------------------------------------------------------------
[
[
  Version: V3
  Subject: C=ES, O=ACCV, OU=Ciudadanos, SURNAME=DANTE ROWAN, GIVENNAME=XIMO, SERIALNUMBER=00000000K, CN=XIMO DANTE ROWAN - NIF:00000000K
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 21757130547546887926731287792570240531716684128927768517543627413859405485980142027347572350063970037860667217768728083194306284863331578611854854525535163472922153877080767307418651436474925502245400991196153728239177021417001651670871254677349563692351627223238730450941293371238545906699705924695419291880497656443177970251754674625184476860189356029686362811922598102001962238968212045384817598559466925299377599470182410916072150326389960741015440799734738117762739492302380894771825837694705499766527035717445176670596986088165048420218312673744319669479917012899370872874273446650279746235787115459471191975169
  public exponent: 65537
  Validity: [From: Wed Jun 01 14:11:08 CEST 2016,
               To: Sat Jun 01 14:11:08 CEST 2019]
  Issuer: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120
  SerialNumber: [    69bc4ec7 c373186f]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 22 30 20 30 14 06 08   2B 06 01 05 05 07 0B 02  ."0 0...+.......
0010: 30 08 06 06 04 00 8E 46   01 01 30 08 06 06 04 00  0......F..0.....
0020: 8E 46 01 01                                        .F..


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://www.accv.es/gestcert/ACCVCA120SHA2.cacert.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.accv.es
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E8 40 9B 8E FB 66 3F C1   44 D8 A1 DF D4 4A 81 42  .@...f?.D....J.B
0010: 08 17 CB E5                                        ....
]
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://www.accv.es/fileadmin/Archivos/certificados/accvca120_der.crl]
   CRLIssuer:[C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.8149.3.7.5.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 30 82 01 6C 1E 82 01 68   00 43 00 65 00 72 00 74  0..l...h.C.e.r.t
0010: 00 69 00 66 00 69 00 63   00 61 00 64 00 6F 00 20  .i.f.i.c.a.d.o. 
0020: 00 72 00 65 00 63 00 6F   00 6E 00 6F 00 63 00 69  .r.e.c.o.n.o.c.i
0030: 00 64 00 6F 00 20 00 70   00 61 00 72 00 61 00 20  .d.o. .p.a.r.a. 
0040: 00 43 00 69 00 75 00 64   00 61 00 64 00 61 00 6E  .C.i.u.d.a.d.a.n
0050: 00 6F 00 20 00 65 00 78   00 70 00 65 00 64 00 69  .o. .e.x.p.e.d.i
0060: 00 64 00 6F 00 20 00 70   00 6F 00 72 00 20 00 6C  .d.o. .p.o.r. .l
0070: 00 61 00 20 00 41 00 67   00 65 00 6E 00 63 00 69  .a. .A.g.e.n.c.i
0080: 00 61 00 20 00 64 00 65   00 20 00 54 00 65 00 63  .a. .d.e. .T.e.c
0090: 00 6E 00 6F 00 6C 00 6F   00 67 00 ED 00 61 00 20  .n.o.l.o.g...a. 
00A0: 00 79 00 20 00 43 00 65   00 72 00 74 00 69 00 66  .y. .C.e.r.t.i.f
00B0: 00 69 00 63 00 61 00 63   00 69 00 F3 00 6E 00 20  .i.c.a.c.i...n. 
00C0: 00 45 00 6C 00 65 00 63   00 74 00 72 00 F3 00 6E  .E.l.e.c.t.r...n
00D0: 00 69 00 63 00 61 00 20   00 28 00 50 00 6C 00 2E  .i.c.a. .(.P.l..
00E0: 00 20 00 43 00 E1 00 6E   00 6F 00 76 00 61 00 73  . .C...n.o.v.a.s
00F0: 00 20 00 64 00 65 00 6C   00 20 00 43 00 61 00 73  . .d.e.l. .C.a.s
0100: 00 74 00 69 00 6C 00 6C   00 6F 00 2C 00 20 00 31  .t.i.l.l.o.,. .1
0110: 00 2E 00 20 00 43 00 49   00 46 00 20 00 51 00 34  ... .C.I.F. .Q.4
0120: 00 36 00 30 00 31 00 31   00 35 00 36 00 45 00 29  .6.0.1.1.5.6.E.)
0130: 00 2E 00 20 00 43 00 50   00 53 00 20 00 79 00 20  ... .C.P.S. .y. 
0140: 00 43 00 50 00 20 00 65   00 6E 00 20 00 68 00 74  .C.P. .e.n. .h.t
0150: 00 74 00 70 00 3A 00 2F   00 2F 00 77 00 77 00 77  .t.p.:././.w.w.w
0160: 00 2E 00 61 00 63 00 63   00 76 00 2E 00 65 00 73  ...a.c.c.v...e.s

], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 24 68 74 74 70 3A 2F   2F 77 77 77 2E 61 63 63  .$http://www.acc
0010: 76 2E 65 73 2F 6C 65 67   69 73 6C 61 63 69 6F 6E  v.es/legislacion
0020: 5F 63 2E 68 74 6D                                  _c.htm

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  emailProtection
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  RFC822Name: ximodante@gmail.com
  UID=00000000K, CN=XIMO|DANTE|ROWAN
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 64 90 C5 0E A1 A8 84 FC   D1 CB 7A CE 6D FF 99 C1  d.........z.m...
0010: E0 C2 0C CA                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 1A 78 76 1F A9 4A A4 4F   61 9F 40 3B 92 C2 D4 DB  .xv..J.Oa.@;....
0010: 4E 85 84 E6 7C 66 30 CD   E8 25 FB FF C3 3B 6B D9  N....f0..%...;k.
0020: 21 99 9B AC D3 1D 8C 3D   02 3D F8 11 67 FE 70 77  !......=.=..g.pw
0030: 21 8C 94 80 F8 35 FF 83   9C 4A B3 F5 3E 58 70 BE  !....5...J..>Xp.
0040: 59 D6 C9 43 FA 50 0C B5   DA F8 BB 1B DE 20 A7 90  Y..C.P....... ..
0050: 42 61 3B 59 6D BE F7 3E   1C 24 95 6C ED 86 CE BE  Ba;Ym..>.$.l....
0060: E9 01 B3 D0 5A 49 6D A6   C3 BB 8E 1D E9 C3 29 3B  ....ZIm.......);
0070: CA 2E A4 74 62 0E 6C C6   3B 9E 71 A5 84 9D 1B 23  ...tb.l.;.q....#
0080: BE D1 EA DD 1F 25 A6 4D   E0 0B 3D 3F AB B3 E5 ED  .....%.M..=?....
0090: 84 FC 6A 74 01 03 C5 E5   35 0E F4 F8 36 97 BB B5  ..jt....5...6...
00A0: ED 0E 69 4C C7 70 41 1F   25 E7 CD 46 44 B1 C6 51  ..iL.pA.%..FD..Q
00B0: D0 A2 43 A1 9B FA 88 02   09 2B 8A 8F C0 7F 85 B7  ..C......+......
00C0: 7B 32 DB BB 3C FC AB 11   B8 80 C4 EE 05 FF DE CD  .2..<...........
00D0: 5F 85 4B BC EC 85 B3 E6   25 36 84 B0 A2 0C F5 12  _.K.....%6......
00E0: 35 B8 30 66 AD BA 43 B0   BD DA 7E BA 76 15 60 D6  5.0f..C.....v.`.
00F0: 7E CB FE 6F 07 25 59 5F   56 F2 1A 08 AD 5B 12 9D  ...o.%Y_V....[..
0100: 22 B0 5F 81 67 04 9E D9   9F B4 03 56 39 D1 5C 94  "._.g......V9.\.
0110: FB 85 18 E0 AE BE D1 50   8B D8 A1 A6 26 8B E2 B8  .......P....&...
0120: 6C 68 6F 58 78 F3 06 35   4B 68 A5 27 77 C3 B3 F8  lhoXx..5Kh.'w...
0130: 77 F7 DD 83 55 3A 9D D1   C0 12 CF CC D8 74 5F 74  w...U:.......t_t
0140: 26 1C 22 8D C2 E8 12 48   25 1F 48 07 BC 12 7C C1  &."....H%.H.....
0150: EA 2B 45 76 BB 6E E0 7C   DF 7C 3B B9 29 D3 E2 55  .+Ev.n....;.)..U
0160: B3 0C 13 5D 01 33 CF 7C   8B 59 68 42 91 69 DC D4  ...].3...YhB.i..
0170: 3A A5 79 4C 2C D6 60 8A   0F 08 25 9D A7 61 A9 35  :.yL,.`...%..a.5
0180: A2 6D 70 6A D2 14 7E 40   8E 05 D5 96 74 6C E0 19  .mpj...@....tl..
0190: D1 56 81 50 A2 86 CC 84   93 6B 6B CF 9F 7F EC D1  .V.P.....kk.....
01A0: 69 9A F9 47 6B A2 12 98   3E 99 F1 9F 3E 41 A6 0E  i..Gk...>...>A..
01B0: 48 1B C5 7B E8 5E E6 37   C4 09 8D 5D 48 F6 5A 28  H....^.7...]H.Z(
01C0: 14 8A 12 CB C1 31 EB 2D   0C FC B7 E7 A3 1D 4C C3  .....1.-......L.
01D0: D0 EE A1 7C 17 FB B4 10   01 AD CA AE 89 9D 98 BE  ................
01E0: C9 6F F4 6A C6 A3 5C 96   4C 7E 9B 63 31 FE 94 94  .o.j..\.L..c1...
01F0: C4 D1 6D ED E4 64 44 AB   E9 D2 F6 4A D3 22 A6 CF  ..m..dD....J."..

]

4.---------------------------------------------------------------------------
EPN1

EPN1

5.---------------------------------------------------------------------------
null RSA class sun.security.pkcs11.P11Key$P11PrivateKey 0

PKCS#8 RSA class sun.security.rsa.RSAPrivateCrtKeyImpl -2192210


3. Posibles problemas


1. No has puesto la tarjeta en el lector
2. No has definido la configuración de la tarjeta en la variable CARD_DRIVERS en las líneas  23-27
3. Si no tienes tarjeta y solo tienes el certificado p12, inhabilita los tests de la tarjeta.

Happy coding!


jueves, 23 de agosto de 2018

Maven (2) Proyectos multi-módulo

0. Introducción


Se va a seguir las bonísima guias de: 
Los proyectos multimódulo también se llaman aggregator projects. Y el mecanismo que los maneja en Maven es Reactor que recoge todos los módulos disponibles para ser ejecutados y los ordena y hace un build de uno en uno.

Veamos los pros y contras:

Pros:
  1. Se pueden tener un módulo con todas nuestras utilidades básicas  como tratamiento de ficheros, mapeadores de xml, generadores de bitácoras (logs), utiliades de reflexión, etc. Y así tenerlas siempre al dia y sin versiones anticuadas que pueden dar problemas.
  2. Se pueden crear módulos que sean independientes con sus ficheros de recursos (propiedades, persitence.xml..) que puedan ser aplicaciones por su cuenta.
  3. Se pueden crear módulos que dependan de otros, aprovechano el trabajo de módulos anteriores sin repetir código
Contras: (PERO TIENEN SOLUCIÓN)
  1. Hay que saber que un módulo en JPA solo mapea (reconoce) las clases que se han definido en él y no reconoce las clases definidas en otros módulos. Es decir, supongamos que tenemos 2 módulos, (modulo1 y modulo2) y al módulo2 le hemos indicado en el pom.xml que tiene una dependencia al modulo1, entonces el modulo2, puede ver a la clase Personas y usarla... pero las EntityManger definidas en el módulo2 no pueden ver a la clase Personas. Por tanto tenemos que tener un "persistence.xml" en el módulo1 que se encargue del manejo JPA de la clase Personas. 
  2. Los ficheros de recursos definidos en un módulo (dentro de src/main/resources), no son accesibles desde otro módulo (ficheros de propiedades, de internacionalización i18n, persistence.xml,..)
Pero...:
Hay que crear etiquetas <class> para cada clase que se tenga que utilizar dentro del persistence.xml 
  1. Parece ser que si tenemos un módulo final que obtenga un fichero tipo "war" para ser desplegado y que dependa de otros módulos, SI que podemos meter todos los recursos (propiedades, propiedades de internacionalización i18n, y persistence xml) en su src/main/resources, siempre que hagamos los siguientes pasos:  En el módulo padre: 1-> run as Maven clean, 2->Maven update project,  En la vendana de servidores 3-> Clean, 4-> Clean Tomcat Work directory. Ahora tenemos dos opciones a) Ejecutar el módulo hijo que va generar el war con Run on Server o la otra opción b) En el proyecto padre Run as Maven Build con Goals: clean package y Profiles: production. Con esto úlimo se generaran todos los jars y también el war del proyecto hijo.

2. Paso 1: Crear el proyecto padre (parent project)

Opción 1: Por línea de comandos

mvn archetype:create -DgroupId=org.proyecto -DartifactId=my-parent-project


Y le indicamos al pom.xml

<packaging>pom</packaging>


Opción 2: Si actuamos mediante Eclipse

File-New-Other-Maven-Maven Project-Next


Y ahora damos los nombre de grupo y artefacto de antes




Y ya temos el proyecto creado.

Importante, conviene darle ya la versió 1.0.0

3. Paso 2: Crear los proyectos submódulo o hijos


Opción 1: por línea de comandos

cd my-parent-project

mvn archetipe:generate -DgroupId=org.proyecto.core    -Dartifact=mycore

mvn archetipe:generate -DgroupId=org.proyecto.service -Dartifact=myservice

mvn archetipe:generate -DgroupId=org.proyecto.webaspp -Dartifact=mywebapp



Opción 2:  por Eclipse:

File-New-Other-Maven-Maven Module-Next


donde hacemos referencia al módulo padre



Ahora repetimos los mismos pasos para crear los módulos myservice y mywebapp

Y podemos ver que se han creado con esta estructura


4. Paso 3: Manejo de dependencias


Podemos declarar una dependencia en el padre y que se propague a todos sus hijos

Veamos el pom.xml del padre, en este caso la dependencia "lombok" puede ser utilizada por los hijos, es decir no hace falta declararla en los hijos.

Observemos también como hace referencia a los módulos hijos en el apartado modules

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>org.proyecto</groupId>
  <artifactId>my-parent-project</artifactId>
  <version>1.0.0</version>
  <packaging>pom</packaging>
  <name>MyParentProject</name>
  <description>Proyecto padre</description>
  
  <modules>
  	<module>mycore</module>
  	<module>myservice</module>
<module>mywebapp</module>
</modules>
<properties> <failOnMissingWebXml>false</failOnMissingWebXml> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <lombok.version>1.18.10</lombok.version> </properties> <dependencies> <!-- https://mvnrepository.com/artifact/org.projectlombok/lombok --> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>${lombok.version}</version> <scope>provided</scope> </dependency> </dependencies> </project>


Si se hubierta especificado la versión en el hijo, entonces no haría caso a la versión del padre.

Si queremos cambiar el empaquetado de un hijo (por ejemplo a war), se entra en el pom.xml de ese hijo y se indica

<packaging>war</packaging>

Y hacendo un mvn clean install o ejecutando el pom.xml delpadre con el boton derecho run as "Maven build ..." y metiendo en Goals  clean install, queda


Y al ejecutar nos falla porque busca el web.xml para poder hacer el packaging a war. En efecto veamos la traza


[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] my-parent-project                                                  [pom]
[INFO] mycore                                                             [jar]
[INFO] myservice                                                          [jar]
[INFO] mywebapp                                                           [war]
[INFO] 
[INFO] -------------------< org.proyecto:my-parent-project >-------------------
[INFO] Building my-parent-project 0.0.1-SNAPSHOT                          [1/4]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ my-parent-project ---
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ my-parent-project ---
[INFO] Installing /home/eduard/WorkSpace_Photon/my-parent-project/pom.xml to /home/eduard/.m2/repository/org/proyecto/my-parent-project/0.0.1-SNAPSHOT/my-parent-project-0.0.1-SNAPSHOT.pom
[INFO] 
[INFO] ------------------------< org.proyecto:mycore >-------------------------
[INFO] Building mycore 0.0.1-SNAPSHOT                                     [2/4]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ mycore ---
[INFO] Deleting /home/eduard/WorkSpace_Photon/my-parent-project/mycore/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ mycore ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 0 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ mycore ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ mycore ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 0 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ mycore ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ mycore ---
[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ mycore ---
[INFO] Building jar: /home/eduard/WorkSpace_Photon/my-parent-project/mycore/target/mycore-0.0.1-SNAPSHOT.jar
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ mycore ---
[INFO] Installing /home/eduard/WorkSpace_Photon/my-parent-project/mycore/target/mycore-0.0.1-SNAPSHOT.jar to /home/eduard/.m2/repository/org/proyecto/mycore/0.0.1-SNAPSHOT/mycore-0.0.1-SNAPSHOT.jar
[INFO] Installing /home/eduard/WorkSpace_Photon/my-parent-project/mycore/pom.xml to /home/eduard/.m2/repository/org/proyecto/mycore/0.0.1-SNAPSHOT/mycore-0.0.1-SNAPSHOT.pom
[INFO] 
[INFO] -----------------------< org.proyecto:myservice >-----------------------
[INFO] Building myservice 0.0.1-SNAPSHOT                                  [3/4]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ myservice ---
[INFO] Deleting /home/eduard/WorkSpace_Photon/my-parent-project/myservice/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ myservice ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 0 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ myservice ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ myservice ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 0 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ myservice ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ myservice ---
[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ myservice ---
[INFO] Building jar: /home/eduard/WorkSpace_Photon/my-parent-project/myservice/target/myservice-0.0.1-SNAPSHOT.jar
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ myservice ---
[INFO] Installing /home/eduard/WorkSpace_Photon/my-parent-project/myservice/target/myservice-0.0.1-SNAPSHOT.jar to /home/eduard/.m2/repository/org/proyecto/myservice/0.0.1-SNAPSHOT/myservice-0.0.1-SNAPSHOT.jar
[INFO] Installing /home/eduard/WorkSpace_Photon/my-parent-project/myservice/pom.xml to /home/eduard/.m2/repository/org/proyecto/myservice/0.0.1-SNAPSHOT/myservice-0.0.1-SNAPSHOT.pom
[INFO] 
[INFO] -----------------------< org.proyecto:mywebapp >------------------------
[INFO] Building mywebapp 0.0.1-SNAPSHOT                                   [4/4]
[INFO] --------------------------------[ war ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ mywebapp ---
[INFO] Deleting /home/eduard/WorkSpace_Photon/my-parent-project/mywebapp/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ mywebapp ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 0 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ mywebapp ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ mywebapp ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 0 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ mywebapp ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ mywebapp ---
[INFO] 
[INFO] --- maven-war-plugin:2.2:war (default-war) @ mywebapp ---
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.thoughtworks.xstream.core.util.Fields (file:/home/eduard/.m2/repository/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar) to field java.util.Properties.defaults
WARNING: Please consider reporting this to the maintainers of com.thoughtworks.xstream.core.util.Fields
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Packaging webapp
[INFO] Assembling webapp [mywebapp] in [/home/eduard/WorkSpace_Photon/my-parent-project/mywebapp/target/mywebapp-0.0.1-SNAPSHOT]
[INFO] Processing war project
[INFO] Webapp assembled in [9 msecs]
[INFO] Building war: /home/eduard/WorkSpace_Photon/my-parent-project/mywebapp/target/mywebapp-0.0.1-SNAPSHOT.war
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] my-parent-project 0.0.1-SNAPSHOT ................... SUCCESS [  0.232 s]
[INFO] mycore ............................................. SUCCESS [  0.509 s]
[INFO] myservice .......................................... SUCCESS [  0.020 s]
[INFO] mywebapp 0.0.1-SNAPSHOT ............................ FAILURE [  0.216 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.098 s
[INFO] Finished at: 2018-08-23T14:31:05+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-war-plugin:2.2:war (default-war) on project mywebapp: Error assembling WAR: webxml attribute is required (or pre-existing WEB-INF/web.xml if executing in update mode) -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :mywebapp


5. Paso 4: Módulos que dependen de otros

Supongamos que el módulo "myservice" depende del módulo "mycore"

entonces tendrá que haber una entrada de mycore en myservice

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 
  <modelVersion>4.0.0</modelVersion>
  
  <parent>
    <groupId>org.proyecto</groupId>
    <artifactId>my-parent-project</artifactId>
    <version>1.0.0</version>
  </parent>
  
  <groupId>org.proyecto.service</groupId>
  <artifactId>myservice</artifactId>
  <name>MyService</name>
  <description>Servicio</description>
  <version>1.0.0</version>
  
  <properties>
    <!-- Java version-->
    <java.version>13</java.version>  <!-- abans 12, 10 -->
  </properties>
  
  <dependencies>
    <dependency>
      <groupId>org.proyecto.core</groupId>
      <artifactId>mycore</artifactId>
      <version>1.0.0</version>
    </dependency>
  </dependencies>
  
</project>