Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There were new errors in tests without making changes. #172

Closed
nekkiy opened this issue Oct 27, 2018 · 7 comments
Closed

There were new errors in tests without making changes. #172

nekkiy opened this issue Oct 27, 2018 · 7 comments

Comments

@nekkiy
Copy link
Contributor

nekkiy commented Oct 27, 2018

Today I built the project and catch an error in tests.

Tests in error: 
  testSignC(xades4j.production.SignerCTest): No certificates available in the key store
  testSignFileDetachedC(xades4j.production.SignerCTest): No certificates available in the key store
  testSignBESExternalRes(xades4j.production.SignerBESTest): No certificates available in the key store

Full build info is in error.txt
@luisgoncalves
Copy link
Owner

Locally and on Travis it seems to be fine. What environment are you running? Need to investigate/configure Travis build matrix, to build on more boxes...

https://travis-ci.org/luisgoncalves/xades4j/builds/447371890

@nekkiy
Copy link
Contributor Author

nekkiy commented Oct 29, 2018
edited

I created the Stackoverflow question for this problem.
Also next questions have similar problem:

I think need to migrate to JKS keystore format.

@luisgoncalves
Copy link
Owner

Can you test if creating a JKS keystore from the PKCS12 with keytool -importkeystore fixes this? If it can't process the PKCS12 in the first place, I'll try it later from my side.

Note: you may run into a different issue, which is outdated TSA CRL. You need to update it manually (still no better option for now...):

https://github.com/luisgoncalves/xades4j/blob/master/src/test/cert/gva/readme.txt

@nekkiy
Copy link
Contributor Author

nekkiy commented Nov 6, 2018

I created PR, but I take new error, even without making changes:

-------------------------------------------------------------------------------
Test set: xades4j.verification.XadesVerifierImplTest
-------------------------------------------------------------------------------
Tests run: 16, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.484 sec <<< FAILURE!
testVerifyBESExtrnlResEnrichC(xades4j.verification.XadesVerifierImplTest)  Time elapsed: 0.474 sec  <<< ERROR!
xades4j.verification.TimeStampInvalidSignatureException: Verification failed for property 'SignatureTimeStamp': invalid token signature
	at xades4j.verification.TimeStampVerifierBase.getEx(TimeStampVerifierBase.java:114)
	at xades4j.verification.TimeStampVerifierBase.verify(TimeStampVerifierBase.java:89)
	at xades4j.verification.TimeStampVerifierBase.verify(TimeStampVerifierBase.java:38)
	at xades4j.verification.QualifyingPropertiesVerifierImpl.verifyProperties(QualifyingPropertiesVerifierImpl.java:59)
	at xades4j.verification.XadesVerifierImpl.getValidationDate(XadesVerifierImpl.java:263)
	at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:185)
	at xades4j.verification.XadesVerifierImplTest.testVerifyBESExtrnlResEnrichC(XadesVerifierImplTest.java:159)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:252)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:141)
	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
	at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
	at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)
Caused by: xades4j.providers.TimeStampTokenTSACertException: cannot validate TSA certificate
	at xades4j.providers.impl.DefaultTimeStampVerificationProvider.verifyToken(DefaultTimeStampVerificationProvider.java:146)
	at xades4j.verification.TimeStampVerifierBase.verify(TimeStampVerifierBase.java:71)
	... 35 more
Caused by: xades4j.providers.CannotBuildCertificationPathException: unable to find valid certification path to requested target
	at xades4j.providers.impl.PKIXCertificateValidationProvider.validate(PKIXCertificateValidationProvider.java:257)
	at xades4j.providers.impl.DefaultTimeStampVerificationProvider.verifyToken(DefaultTimeStampVerificationProvider.java:133)
	... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at xades4j.providers.impl.PKIXCertificateValidationProvider.validate(PKIXCertificateValidationProvider.java:253)
	... 37 more

@nekkiy nekkiy mentioned this issue Nov 6, 2018
Merged
@luisgoncalves
Copy link
Owner

That's the problem I mentioned on my previous comment. On the dn-comparison branch I have already added an updated CRL for the TSA so that timestamp signature validation succeeds...

@nekkiy
Copy link
Contributor Author

nekkiy commented Nov 7, 2018

I added CRL.

@luisgoncalves
Copy link
Owner

Fix by #176

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nekkiy @luisgoncalves