search

rouxemmanuel / DigitalSigning

Digital Signing Alfresco plugin
45 stars 39 forks source link

Error Uploading Certs - Unable to upload any type of authenticated cert #33

Closed trevrr closed 7 years ago

trevrr commented 7 years ago

Hi, I'm getting the following error when uploading any cert;

The following has evaluated to null or missing: ==> signingKey.properties["dgtsgn:keyAlgorithm"] [in template "org/alfresco/plugin/digitalSigning/webscript/upload/upload.post.html.ftl" at line 2, column 443]

Tip: If the failing expression is known to be legally null/missing, either specify a default value with myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#e lse>when-missing</#if>. (These only cover the last step of the expression; to cover the whole expression, use parenthessis: (myOptionVar.foo)!myDefault, (myOptionVar.foo)??

The failing instruction (FTL stack trace): ==> ${signingKey.properties["dgtsgn:keyAl... [in template "org/alfresco/plugin/digitalSigning/webscript/upload/upload.post.html.ftl" at line 2, column 441]

if keyInfos?? [in template "org/alfresco/plugin/digitalSigning/webscript/upload/upload.post.html.ftl" at line 2, column 424]

I've updated to the latest git. Managed to get mvn install to run for DigitalSigningAlfresco and DigitalSigningShare.

I applied the amps. Then restarted Tomcat. But I'm still seeing the above error.

I ran DigitalSigningVerify and got the following:

java -jar DigitalSigningVerifySign-1.0.0.jar /home/trevor/testCerts/test_pkcs12.pfx xxxxx

  • Certificate info for alias : trev sig test
    • Version : 3
    • Serial number : e947ee79f71ace01
    • Subjetc DN : EMAILADDRESS=trevor@xxxxx.com, CN=Trev, OU=IT, O=AAG, L=Shannon, ST=Clare, C=IE
    • Issuer DN : EMAILADDRESS=trevor@xxxxx.com, CN=Trev, OU=IT, O=AAG, L=Shannon, ST=Clare, C=IE
    • Valide from : Sun Mar 26 23:38:04 IST 2017
    • Valide to : Mon Mar 26 23:38:04 IST 2018
    • Algorithm : SHA256withRSA

My cert seems fine. But it's just not uploading via the dashlet. Any help would be greatly appreciated. Thank you, Trevor.

trevrr commented 7 years ago

I used the following procedure to generate the cert:

openssl genrsa -out test.key 2048 openssl req -new -key test.key -out test.csr openssl x509 -req -days 365 -in test.csr -signkey test.key -out test.crt openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in test.crt -inkey test.key -out test_pkcs12.pfx -name YourAlias

trevrr commented 7 years ago

Could someone perhaps send me a test certificate that they KNOW is working? At least then I can rule out my cert generation script, OpenSSL versions and the like.

trevrr commented 7 years ago

I'm going to close this issue. It really needs to be documented clearly what type of cert setup actually works. I've managed to setup a signature by using the following on OSX (El Capitan).

openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -out myCert.pfx -name myCert -in myCert.crt -inkey myCert.key