Messages posted by: igor.conti

Hi Tommy,

That's some good news but the new release sems to be the 1.2.7 and my problem concerned JCAPI v2 (I no longer use JCAPI v1) is there a new release for this version too ? I don't find it where can I download it ?

Regards,
Igor

Hi Tommy,

OK that's not too bad for us but the number of organisms that use Sophos is really incredible (Avast don't cause any problem and it's free) and we have to explain that its a false-positive (isn't it ?...

) and that they have to make an exception for this file.

The policy of Sophos is a bit paranoid (they explain that clearly on their website) : if the dll contains some pattern that already been used in a virus then it kills it.

I'll wait for some good news from you.

Regards,
Igor

Hi Tommy,

Since we have upgraded to JCAPI v2 (a week ago) we have some problems : JCAPI32.dll is detected as a malware by Sophos antivirus (Trojan.Mal/Packer) and then the following error occurs (normal because the antivirus deletes the dll as soon as it is copied in the Temp directory)


Exception in thread "AWT-EventQueue-2" java.lang.ExceptionInInitializerError

            at websign.process.Kernel.<init>(Kernel.java:158)

            at websign.ui.WebSign.<init>(WebSign.java:106)

            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

            at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

            at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

            at java.lang.reflect.Constructor.newInstance(Unknown Source)

            at java.lang.Class.newInstance0(Unknown Source)

            at java.lang.Class.newInstance(Unknown Source)

            at interbatloader.InterbatLoader.startSubApplet(InterbatLoader.java:662)

            at interbatloader.InterbatLoader.access$600(InterbatLoader.java:63)

            at interbatloader.InterbatLoader$4.run(InterbatLoader.java:475)

            at java.awt.event.InvocationEvent.dispatch(Unknown Source)

            at java.awt.EventQueue.dispatchEventImpl(Unknown Source)

            at java.awt.EventQueue.access$000(Unknown Source)

            at java.awt.EventQueue$1.run(Unknown Source)

            at java.awt.EventQueue$1.run(Unknown Source)

            at java.security.AccessController.doPrivileged(Native Method)

            at java.security.AccessControlContext$1.doIntersectionPrivilege(Unknown Source)

            at java.awt.EventQueue.dispatchEvent(Unknown Source)

            at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)

            at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)

            at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

            at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

            at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

            at java.awt.EventDispatchThread.run(Unknown Source)

Caused by: java.security.ProviderException: C:\Documents and Settings\yves\Local Settings\Temp\JCAPI32.dll: Accès refusé

            at com.pheox.jcapi.o.a(Unknown Source)

            at com.pheox.jcapi.JCAPIProvider.<clinit>(Unknown Source)

            ... 25 more

Of course I think that there's no malware because other antivirus don't detect it (Avast for example).
Could you give me your opinion about this problem.

Edit : same problem with some versions of BitDefender

Thank you in advance.

Regards,
Igor

Hi Tommy,

Nice to hear (read

) you too.

Your new RC don't work properly (see error log below) but your post has given me an idea and I solved my problem by upgrading BouncyCastle to version 1.46 and specifying JCAPI for key recovery provider and BouncyCastle for content processing provider like this :


InputStream fin = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(key).setProvider("JCAPI").setContentProvider("BC")).getContentStream();

And it works perfectly so the new release is not useful anymore for me but I'm here for more tests if you need because it could be useful for other ones.

Here is the error log with your new release :


java.lang.IllegalStateException: You must first initialize this instance before calling this method.

	at com.pheox.jcapi.r.a(Unknown Source)

	at com.pheox.jcapi.JCAPISymmetricCipherDynamic.engineDoFinal(Unknown Source)

	at javax.crypto.Cipher.doFinal(Cipher.java:1969)

	at javax.crypto.CipherInputStream.close(CipherInputStream.java:299)

	at java.io.BufferedInputStream.close(Unknown Source)

	at java.io.FilterInputStream.close(Unknown Source)

	at java.io.BufferedInputStream.close(Unknown Source)

	at easyopen.process.signcrypt.SignCryptManager.decrypt(SignCryptManager.java:2716)

	at easyopen.process.signcrypt.SignCryptManager.traiteCrypt(SignCryptManager.java:687)

	at easyopen.process.Kernel.processFiles(Kernel.java:466)

	at easyopen.process.Kernel.traite(Kernel.java:233)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:113)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:106)

	at javax.swing.SwingWorker$1.call(Unknown Source)

	at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)

	at java.util.concurrent.FutureTask.run(Unknown Source)

	at javax.swing.SwingWorker.run(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

	at java.lang.Thread.run(Unknown Source)

Regards,
Igor

Hi Tommy,

A little problem ocuurs when I try to decrypt using JCAPI provider, here is the error log :


org.bouncycastle.cms.CMSException: can't find algorithm.

	at org.bouncycastle.cms.RecipientInformation.getContentFromSessionKey(Unknown Source)

	at org.bouncycastle.cms.KeyTransRecipientInformation.getContentStream(Unknown Source)

	at org.bouncycastle.cms.KeyTransRecipientInformation.getContentStream(Unknown Source)

	at easyopen.process.signcrypt.SignCryptManager.decrypt(SignCryptManager.java:2573)

	at easyopen.process.signcrypt.SignCryptManager.traiteCrypt(SignCryptManager.java:625)

	at easyopen.process.Kernel.processFiles(Kernel.java:466)

	at easyopen.process.Kernel.traite(Kernel.java:233)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:113)

	at easyopen.ui.AccueilPanel$Task.doInBackground(AccueilPanel.java:106)

	at javax.swing.SwingWorker$1.call(Unknown Source)

	at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)

	at java.util.concurrent.FutureTask.run(Unknown Source)

	at javax.swing.SwingWorker.run(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

	at java.lang.Thread.run(Unknown Source)

Caused by: java.security.NoSuchAlgorithmException: no such algorithm: 1.2.840.113549.3.7 for provider JCAPI

	at sun.security.jca.GetInstance.getService(Unknown Source)

	at sun.security.jca.GetInstance.getInstance(Unknown Source)

	at java.security.Security.getImpl(Unknown Source)

	at java.security.AlgorithmParameters.getInstance(Unknown Source)

	at org.bouncycastle.cms.CMSEnvelopedHelper.createAlgorithmParams(Unknown Source)

	at org.bouncycastle.cms.CMSEnvelopedHelper.createAlgorithmParameters(Unknown Source)

	... 16 more

The algorithm OID points to TripleDES but is not listed in the aliases supported by JCAPI v2. This OID doesn't create any problem with JCAPI v1.

Is there a mean to add this alias to JCAPI provider dynamically ?
If not could you provide a new release of JCAPI v2 that contains this alias ?

Thank you in advance.

Regards,
Igor

Hi Tommy,

My configuration is the following :

Windows XP Professionnel (Service Pack 3)
IE 8 (8.0.6001.18702)
Java 1.6.0_30 (ou Java 1.7.0_02)

I hope that this will help you.

Regards,
Igor

Hi Tommy,

Great, it works perfectly.

I've tested it with Java 1.6.0_30 and Java 1.7.0_02.

The previous version seemed to work with other web browsers (Firefox, Chrome) or systems (Vista, Seven) even with a 64bits system ; I suppose that this one will also do.

I hope that you will make a "final" version as soon as possible.

Thank you.

Regards,
Igor

Hi Tommy,

I've noticed a new problem with JCAPI v2 : when I launch a Java applet that needs JCAPI v2 in Internet Explorer 8 on a 32bits system the same popup as before ("Internal error occurs") appears and IE crash.

When I try this on a command line mode, with another Web Browser, or on a 64bits system there's no problem.

When IE crash a trace file (attached to this post) appears on my Desktop and in this file I can see that the problem comes from JCAPI32.dll.

Except this one I can't get any trace such as Java console or Windows report.

I've also joined to this post a zip file that contains all the necessary to reproduce the problem : just unzip it where you want and edit the JNLP file to remplace the path "C:/Travail/Projets/WebSignShort/dist/" at line 2 with the path to the JNLP file (with / instead of \ and a / at the end of the path). Then you can launch the launch.html file.

I hope that this would help you to find the problem.

Thank you.

Regards,
Igor

Hi Tommy,

Sorry for the time I made to respond but I wasn't at work since my last post.

Of course the SHA-1 hash of my JCAPI.jar is different from the one I downloaded, because I had to sign the jar-file in order not to getting a window asking people to accept signatures for all of the APIs I use (JCAPI, BouncyCastle, ...) : so people get only one window to accept my signature.

The size of the files are not the same too because of that signature.

I made the same thing with the previous version of JCAPI and with JCAPI v2 (signed and launched with Java 1.6.0_29) and it worked perfectly.

The problem appears when I sign and launch JCAPI v2 with Java 1.7.0_01.

EDIT : OK it seems I've found the problem : I've tried to sign JCAPI v2 with Java 1.6.0_29 and run it with Java 1.7.0_01 and it worked. So after many searches I've found that Java 7 norm for signature is no more SHA-1 but SHA-256 by default so i've added the option -digestalg SHA1 to the jarsigner command of Java 1.7.0_01 and runned it with Java 1.7.0_01 and it worked.

I suppose then that if you sign JCAPI v2 with SHA-1 I have to do the same and if you provide a SHA-256 signature then I can use the default algorithm of Java 1.7.0_01 signature.

I hope that this information will help in the future but now could you please provide me an unlimited version of JCAPI v2 with the correction you made for msamblanet (with SHA-1 or SHA-256 signature as you prefer I will easily adapt my jarsigner command to your signature even if SHA-256 is more secure).

Regards,
Igor

Hi Tommy,

The files I uploaded in the previous post were obtained with Java version 1.7.0_01, but I have also made the test with Java version 1.6.0_29 and it works perfectly with this version but it hangs with my other applet (first post) on the JVM version 1.6.0_29.

I've attached to this post a zip file with the files you wanted for the two versions of the JVM (1.6.0_29 and 1.7.0_01) and the outputs of the test.

I hope this will help you.

Regards,
Igor

Hi Tommy,

I've made the test and the test class and the output from the command line that launch the application are attached to this post.

Note that on my IDE (Netbeans 7.0.1) the class JCAPIProvider is not found in package com.pheox.jcapi but I could pass through this error and build the jar.

Regards,
Igor

Hi Tommy,

There's no problem with your time of response : less than 24 hours, that's excellent !

I've tested the applet on another computer with Vista Family Edition 32 bits and Mozilla Firefox and the problem occurs the same way but I've managed to get an explicit Java console in the attached file. It seems that this is quite similar to the one published by msamblanet in the previous post.

Maybe will this help you a bit more.

EDIT : I've tried to use the file you gave to msamblanet on the same computer and I get another error showed in the attached file.

Regards,
Igor

Hi Tommy,

I have begun to use JCAPI v2 (32bits & 64 bits) in my applets but I have a problem : when the applet reaches the line

Security.addProvider(new JCAPIProvider());

the JVM hangs and shows the message in the picture joined (Internal error occured!" with the title "Loader Error"). Then when I close Internet Explorer it creates a text file on my desktop that is the error log of the navigator joined.

When the error occures nothing is shown on the Java console even if I enable jcapi logging with the system property "jcapi.logging". Moreover if I try to show environment info with JCAPIUtil.getEnvironmentInfo() it hangs the same way even if I set this command before the constructor.

I've tried to use the JCAPI.jar you gave to msamblanet in the precedent topic because his problem seems similar to mine but it didn't resolve anything. I've also tried other JVM releases such as JRE 1.6.0_29 or JRE 1.7.0_01 but this didn't resolve the problem.

I'm using Windows XP 32 bits and Internet Explorer 8 with Administrator rights.

Could you please help me ?

Regards,
Igor

Hi Tommy,

Luckily, I've found an other version of the same SmartCard (and token) and I've made some tests on my personnal computer at home which is on Windows XP and it worked properly.

So the problem doesn't come from JCAPI : the service that permits the communication between the token and Windows was badly installed on the Vista computer because of a lack of administrator's rights.

Moreover I've made some researchs on the error code 0xEA and it's a code that means "more data available" which confirm my first hypothesis of a bad communication between the two sides.

So I think we could say that this issue is RESOLVED.

See you.

Regards,
Igor

Hi Tommy,

It's been a long time since we talked. How are you ?

I post this message because I have a problem when I use JCAPI with a ypsID SmartCard S1 from Sagem.

The problem occurs while signing a document using BouncyCastle with JCAPI provider, I get the following error message :

java.io.IOException: error creating signature.
java.security.SignatureException: Exception raised in JCAPI.DLL:
JCAPISignature_sign() - Could not sign the hash.
Error code: 0xea
at
org.bouncycastle.cms.CMSSignedDataStreamGenerator$CmsSignedDataOutputStream.close(Unknown Source)

This happens on a computer with Windows Vista and I would like to know if you know something about this error, if it has already occurs with someone else, and what it is meaning.

This information could tell me if the problem commes from my applet or from JCAPI, in the second case I would make further tests such as importing PKCS11 driver of the token or testing if JCAPI v2 would make a better work.

Thank you in advance.

Regards,
Igor.