search

open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
72 stars 40 forks source link

Error during signing #131

Open matswiderski opened 7 months ago

matswiderski commented 7 months ago

Hello I am unable to find an answer on the internet so I am asking for help. I am trying to sign document using both methods

Signature signature = SignatureBuilder
        .aSignature(container)
        .withSignatureToken(signatureToken)
        .invokeSigning()
DataToSign dataToSign = SignatureBuilder
              .aSignature(container)
              .withSigningCertificate(signingCert)
              .withSignatureDigestAlgorithm(DigestAlgorithm.SHA512)
              .buildDataToSign()

And both of them cause the same error:

javax.script.ScriptException: eu.europa.esig.dss.model.DSSException: Unable to instantiate default RevocationDataVerifier. Reason : SECURITY : unable to set attribute(s)! [http://javax.xml.XMLConstants/property/accessExternalDTD: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.; http://javax.xml.XMLConstants/property/accessExternalSchema: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalSchema' is not recognized.] javax.script.ScriptException: eu.europa.esig.dss.model.DSSException: Unable to instantiate default RevocationDataVerifier. Reason : SECURITY : unable to set attribute(s)! [http://javax.xml.XMLConstants/property/accessExternalDTD: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.; http://javax.xml.XMLConstants/property/accessExternalSchema: org.xml.sax.SAXNotRecognizedException: Property 'http://javax.xml.XMLConstants/property/accessExternalSchema' is not recognized.]

Im using Java 17.0.3.1 and digidoc4j 5.2.0 Is something wrong with my xml document or it is a bug? Also if I downgrade to lower version Im getting error: Access denied to TSP service http://tsa.sk.ee javax.script.ScriptException: Access denied to TSP service http://tsa.sk.ee

naare commented 7 months ago

Hello,

Could you please send your signing certificate to help@ria.ee so we can analyze further.

As background information:

If you use default configuration then digidoc4j tries to access Estonian specific TimeStamp and OCSP services (which require access to use them). You can configure any freely available time stamp service that is listed in any trust list referenced by EU LOTL. OCSP service must correspond to the certificate you are using for signing (the certificate must be issued by CA that is listed in any trust list referenced by EU LOTL). You can find additional information on configuring here: https://github.com/open-eid/digidoc4j/wiki/Questions-&-Answers#using-a-yaml-file-for-configuration (TSP_SOURCE and OCSP_SOURCE parameters correspondingly). If your signing certificate contains AIA OCSP url then you can configure automatic usage of AIA OCSP source (PREFER_AIA_OCSP: true). All the parameters can be configured programmatically as well.