CAIBSigner

package es.caib.signatura.impl;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.Vector;

import es.caib.signatura.api.ParsedCertificate;
import es.caib.signatura.api.SMIMEParser;
import es.caib.signatura.api.Signature;
import es.caib.signatura.api.SignatureCertNotFoundException;
import es.caib.signatura.api.SignatureException;
import es.caib.signatura.api.SignaturePrivKeyException;
import es.caib.signatura.api.SignatureProviderException;
import es.caib.signatura.api.SignatureTimestampException;
import es.caib.signatura.api.SignatureVerifyException;
import es.caib.signatura.api.Signer;
import es.caib.signatura.impl.ui.FirefoxSignerProfileChooser;

/**
 * Implementator class of the Signer interface.
 *
 */
public class CAIBSigner implements Signer {

	private static LinkedHashMap realSigners = null;
	private static LinkedHashMap remoteRealSigners = null;
	private SignaturaProperties properties = null;
	private static ClassLoaderFactory factory;
	private static Object lock = new Object();

	private SignerProviderInterface getSigner(String certificateName, String contentType)
		throws SignatureCertNotFoundException {

		boolean recognized = properties.needsRecognizedCertificate(contentType);
		Iterator signersIterator = realSigners.values().iterator();
		Iterator remoteSignersIterator = remoteRealSigners.values().iterator();

		LinkedList providers = new LinkedList(); //important que sigui LinkedList per a mantenir ordre
		LinkedList certs = new LinkedList(); //important que sigui LinkedList per a mantenir ordre

		while ( signersIterator.hasNext() ) {

			LocalSignerProviderInterface s = (LocalSignerProviderInterface)signersIterator.next();

			ParsedCertificate[] providerCerts;

			try {

				providerCerts = s.getCertList(recognized);

				for (int j = 0; j < providerCerts.length; j++) {

					if ( providerCerts[j].getCommonName().equals(certificateName) ) {

						// Si cada signer extiende de AbstractSigner, sólo se nos devolverá un certificado
						// con el Common Name que buscamos en cada llamada a s.getCertList, ya que se habrán
						// filtrado los duplicados gracias a la lógica implementada en AbstractSigner.
						providers.add(s);
						certs.add(providerCerts[j]);
						break;

					}

				}

			// No relanzamos la excepción para no interrumpir la ejecución.
			// Descartamos el signer y su certificado y seguimos.
			} catch (SignatureCertNotFoundException e) {
			} catch (SignaturePrivKeyException e) {
			} catch (ProviderException e){
			}

		}

		// Si encontramos el certificado que nos piden en alguno de los proveedores remotos
		// (por ahora sólo el que ataca al webservice de firma del ibkey-signer) devolvemos
		// ese signer y obviamos, por ahora, el filtro de certificados duplicados entre signers
		while ( remoteSignersIterator.hasNext() ) {

			RemoteSignerProviderInterface s = (RemoteSignerProviderInterface)remoteSignersIterator.next();

			String[] providerCerts;

			try {

				providerCerts = s.getCertList(recognized);

				for (int j = 0; j < providerCerts.length; j++) {

					if ( providerCerts[j].equals(certificateName) ) {
						System.out.println("Seleccionado "+certificateName+" con el provider "+s.getClass().getName());
						return s;
					}

				}

			// No relanzamos la excepción para no interrumpir la ejecución.
			// Descartamos el signer y su certificado y seguimos.
			} catch (SignatureCertNotFoundException e) {
			} catch (SignaturePrivKeyException e) {
			} catch (ProviderException e){
			}

		}

		if (SigDebug.isActive())
			SigDebug.write("CAIBSIGNER: filtrando certificados con el CN '" + certificateName + "' entre signers...");

		// Si hemos encontrado certificados, procedemos a mirar si hay
		// alguno repetido (mismo Common Name) entre los diferentes signers.
		// Retornamos el signer que contiene el certificado con fecha de emisión más reciente.
		if (certs.size() > 0) {

			LocalSignerProviderInterface s = null;
			Date validSince = null;

			// Recorremos los signers... MUY IMPORTANTE MANTENER EL ORDEN. SI PKCS11 primero, deve devolver PKCS11 y descartar duplicado de MSCRYPTOAPI

			int i=0;
			for(i=0;i<providers.size();i++) {

				LocalSignerProviderInterface key = (LocalSignerProviderInterface)providers.get(i);
				ParsedCertificate parsed = (ParsedCertificate)certs.get(i);

				if (SigDebug.isActive()) {
					SigDebug.write("CAIBSIGNER: comprobando signer " + key);
					SigDebug.write("CAIBSIGNER: Emisión: " + parsed.getValidSince().getTime());
				}

				if (validSince != null)
					if (SigDebug.isActive())
						SigDebug.write("CAIBSIGNER: Stored Emisión: " + validSince.getTime());
				else
					if (SigDebug.isActive())
						SigDebug.write("CAIBSIGNER: Stored Emisión: null");

				// Si es la primera iteración (validSince == null) o si el certificado que
				// tratamos tiene una fecha de emisión superior a la que hemos almacedado
				// nos quedamos con este signer, ya que, si hay certificados duplicados,
				// es el que tiene el certificado más nuevo
				if ( validSince == null || validSince.getTime() < parsed.getValidSince().getTime() ) {

					if (SigDebug.isActive()) {
						SigDebug.write("CAIBSIGNER: El certificado del signer " + key.getClass().getName() + " tiene una fecha de emisión más reciente que el del signer almacenado " + s.getClass().getName());
						SigDebug.write("CAIBSIGNER: Actualizando datos temporales");
					}

					validSince = parsed.getValidSince();
					s = key;

				} else {

					if (SigDebug.isActive()) {
						SigDebug.write("CAIBSIGNER: El certificado del signer " + key.getClass().getName() + " tiene una fecha de emisión menor o igual que el del signer almacenado " + s.getClass().getName());
						SigDebug.write("CAIBSIGNER: DESCARTADO...");
					}

				}

			}

			if (SigDebug.isActive())
				SigDebug.write("CAIBSIGNER: filtro de certificados duplicados para '" + certificateName + "' completado");

			// Retornamos el signer que hayamos encontrado o una excepción, según proceda.
			if ( s != null ) {
				System.out.println("Seleccionado "+certificateName+" con el provider "+s.getClass().getName());
				return s;

			} else {

				throw new SignatureCertNotFoundException();

			}

		} else {

			throw new SignatureCertNotFoundException();

		}

	}

	public String[] getCertList(String contentType)
		throws SignatureCertNotFoundException, SignaturePrivKeyException {

		synchronized (lock) {

			Vector v = new Vector();
			Collection signersCollection = realSigners.values();
			Collection remoteSignersCollection = remoteRealSigners.values();

			if (signersCollection != null) {

				Iterator signersIterator = signersCollection.iterator();

				if (signersIterator != null) {

					while ( signersIterator.hasNext() ) {

						LocalSignerProviderInterface s = (LocalSignerProviderInterface)signersIterator.next();

						ParsedCertificate certs[];
						boolean recognized = properties.needsRecognizedCertificate(contentType);

						try {
							certs = s.getCertList(recognized);
							for (int j = 0 ; j < certs.length; j++)
							{
								if (!v.contains(certs[j].getCommonName()))
									v.add(certs[j].getCommonName());
							}
						} catch (SignatureCertNotFoundException e) {
	//						System.err.println ("Provider "+s.getClass().getName());
	//						e.printStackTrace();
						} catch (SignaturePrivKeyException e) {
							e.printStackTrace();
						} catch(Throwable e) {
							System.err.println ("CANNOT LOAD on signature provider " + s.getClass().getName());
							e.printStackTrace();
						}

					}

				}

			}

			if (remoteSignersCollection != null) {

				Iterator remoteSignersIterator = remoteSignersCollection.iterator();

				if (remoteSignersIterator != null) {

					while ( remoteSignersIterator.hasNext() ) {

						RemoteSignerProviderInterface s = (RemoteSignerProviderInterface)remoteSignersIterator.next();

						String certs[];
						boolean recognized = properties.needsRecognizedCertificate(contentType);

						try {
							certs = s.getCertList(recognized);
							for (int j = 0 ; j < certs.length; j++)
							{
								if (!v.contains(certs[j]))
									v.add(certs[j]);
							}
						} catch (SignatureCertNotFoundException e) {
		//						System.err.println ("Provider "+s.getClass().getName());
		//						e.printStackTrace();
						} catch (SignaturePrivKeyException e) {
							e.printStackTrace();
						} catch(Throwable e) {
							System.err.println ("CANNOT LOAD on signature provider " + s.getClass().getName());
							e.printStackTrace();
						}

					}

				}

			}

			return (String[])v.toArray(new String[v.size()]);

		}

	}

	public Signature sign(String fileName, String certificateName,
			String password, String contentType) throws IOException,
			SignatureException {
		return sign (new FileInputStream (fileName), certificateName, password, contentType);
	}

	public Signature sign(InputStream contentStream, String certificateName,
			String password, String contentType) throws IOException,
			SignatureException {
		synchronized (lock){
			boolean recognized  = properties.needsRecognizedCertificate(contentType);
			boolean timeStamp = properties.needsTimeStamp(contentType);
			boolean rawSign = properties.needsRawSignature(contentType);
			SignerProviderInterface signer = getSigner (certificateName, contentType);

			if( password == null ) {
				if( SigDebug.isActive() ) SigDebug.write( "Password is null." );
				password = "";
			}
			if( SigDebug.isActive() ) {
				SigDebug.write( "CAIBSigned.sign: password is" + (password.length() == 0? "" : " not") + " empty." );
			}
			return signer.sign(contentStream, certificateName, password, contentType, recognized, timeStamp, rawSign);
		}
	}

	public Signature sign(URL url, String certificateName, String password, String contentType)
			throws IOException, SignatureException
	{
		return sign (url.openStream(), certificateName, password, contentType);
	}


    /**
     * Firma un PDF dejando la opción de si se soportan múltiples firmas o no (parámetro allowMultipleSignature).
     */
	public void signPDF(InputStream contentStream, OutputStream signedStream,
            String certificateName, String password, String contentType, String url,
            int position, boolean allowMultipleSignature)
        throws IOException, SignatureException {

        synchronized (lock) {

            boolean recognized  = properties.needsRecognizedCertificate(contentType);
            SignerProviderInterface signer = getSigner (certificateName, contentType);

            if ( SigDebug.isActive() ) {
            	SigDebug.write( "Comprovacio password null." );
            }

            if ( password == null ) {

                if ( SigDebug.isActive() )
                	SigDebug.write( "Posem el password a cadena buida." );

                password = "";

            }

            if ( SigDebug.isActive() )  {
                SigDebug.write( "CAIBSigned.sign: password " + (password.length() == 0? "es" : "no es") + " buit." );
            }

            signer.signPDF(contentStream, signedStream, certificateName, password, contentType, recognized, url, position, allowMultipleSignature);

        }

    }

	public void signPDF(InputStream pdfInputStream, OutputStream signedStream, String certificateName, String password, String contentType,  String textoAdicional, int stampOptions, float top, float left, float height, float width, float rotation, boolean allowMultipleSignature) throws IOException, SignatureException {
        synchronized (lock) {

            boolean recognized  = properties.needsRecognizedCertificate(contentType);
            SignerProviderInterface signer = getSigner (certificateName, contentType);

            if ( SigDebug.isActive() ) {
            	SigDebug.write( "Comprovacio password null." );
            }

            if ( password == null ) {

                if ( SigDebug.isActive() )
                	SigDebug.write( "Posem el password a cadena buida." );

                password = "";

            }

            if ( SigDebug.isActive() )  {
                SigDebug.write( "CAIBSigned.sign: password " + (password.length() == 0? "es" : "no es") + " buit." );
            }

            signer.signPDF(pdfInputStream, signedStream, certificateName, password, contentType, recognized, textoAdicional, stampOptions,top, left, height,width,rotation, allowMultipleSignature);

        }
	}

	/**
	 * Firma un PDF sin soporte para múltiples firmas.
	 */
    public void signPDF(InputStream contentStream, OutputStream signedStream,
            String certificateName, String password, String contentType, String url,
            int position)
        throws IOException, SignatureException {

    	signPDF(contentStream,signedStream,certificateName,password,contentType,url,position,false);

    }

    /**
     * Genera un PDF firmado, dando la opción de soportar múltiples firmas.
     * @deprecated
     */
    public OutputStream signPDF(InputStream contentStream,
			String certificateName, String password, String contentType, String url,
			int position, boolean allowMultipleSignature)
		throws IOException, SignatureException {

        OutputStream out = new ByteArrayOutputStream();
        signPDF(contentStream, out, certificateName, password, contentType, url, position, allowMultipleSignature);
        return out;

    }

    /**
     * Genera un PDF firmado, sin la opción de soportar múltiples firmas.
     * @deprecated
     */
    public OutputStream signPDF(InputStream contentStream,
			String certificateName, String password, String contentType, String url,
			int position)
		throws IOException, SignatureException {


    	return signPDF(contentStream,certificateName,password,contentType,url,position,false);

    }

    /**
     * Compulsa de un documento PDF
     */
    public void certifyDigitalCopy (InputStream contentStream, OutputStream signedStream, String certificateName,
  			String password, String contentType, String url, String localidad, float x, float y, float rotation)
  	throws IOException, SignatureException {

    	synchronized (lock) {

            boolean recognized  = properties.needsRecognizedCertificate(contentType);
            SignerProviderInterface signer = getSigner (certificateName, contentType);

            if ( SigDebug.isActive() ) {
            	SigDebug.write( "Comprovacio password null." );
            }

            if ( password == null ) {

                if ( SigDebug.isActive() )
                	SigDebug.write( "Posem el password a cadena buida." );

                password = "";

            }

            if ( SigDebug.isActive() )  {
                SigDebug.write( "CAIBSigned.certify: password " + (password.length() == 0? "es" : "no es") + " buit." );
            }

            signer.certifyDigitalCopy(contentStream, signedStream, certificateName, password, contentType, recognized, url, localidad, x, y, rotation,properties);

        }

    }

	/*
	 * Función principal de verificación de firma
	 */
	public boolean verify(InputStream contentStream, Signature signatureData)
			throws SignatureProviderException, IOException, SignatureVerifyException
	{
		try{
			boolean isVerified = false;
			isVerified = signatureData.verify(contentStream);
			return isVerified;
		} catch(SignatureVerifyException e){
			throw e;
		} catch(Exception e){
			throw new SignatureVerifyException(e);
		}
	}

	public  boolean verifyAPosterioriTimeStamp(InputStream contentStream, Signature signatureData)
	throws SignatureProviderException, IOException, SignatureVerifyException
	{
		boolean isVerified = false;
		try{
			isVerified = signatureData.verifyAPosterioriTimestamp(contentStream);
		}catch(SignatureVerifyException e){
			throw e;
		} catch(Exception e){
			throw new SignatureVerifyException(e);
		}
		return isVerified;
	}

	public boolean verify(String fileName, Signature signatureData)
			throws FileNotFoundException, SignatureProviderException, IOException, SignatureVerifyException
	{
		return verify( new FileInputStream(fileName) ,signatureData);
	}

	public boolean verify(URL url, Signature signatureData)
			throws SignatureProviderException, IOException, SignatureVerifyException
	{
		return verify( url.openStream() ,signatureData);
	}

	/*
	 * Funcions de verificacio a posteriori.
	 */

	public boolean verifyAPosterioriTimeStamp(String fileName, Signature signatureData)
			throws FileNotFoundException, SignatureProviderException, IOException, SignatureVerifyException
	{
		return verifyAPosterioriTimeStamp(new FileInputStream(fileName), signatureData);
	}

	public boolean verifyAPosterioriTimeStamp(URL url, Signature signatureData)
			throws SignatureProviderException, IOException, SignatureVerifyException
	{
		return verifyAPosterioriTimeStamp(url.openStream(), signatureData);
	}


	/*
	 * Altres funcions.
	 */
	public void generateSMIME(InputStream document, Signature signature,
			OutputStream smime) throws IOException {
		SMIMEGenerator smimeGenerator;
		try {
			Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.common.SMIMEGeneratorImpl");
			smimeGenerator = (SMIMEGenerator)c.newInstance();
		}
		catch(Exception e){
			throw new RuntimeException (e);
		}

	    InputStream in = smimeGenerator.generateSMIME(document,signature);

		byte b []= new byte [8192];
		int read;
		while ( (read = in.read(b)) > 0)
		{
			smime.write(b, 0, read);
		}
		in.close();
	}


  public void generateSMIMEParalell(InputStream document, Signature[] signatures, OutputStream smime) throws IOException, SignatureException {

    try {

      Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.common.GeneradorSMIMEParaleloImpl");
      GeneradorSMIMEParalelo generadorSMIMEParalelo = (GeneradorSMIMEParalelo)c.newInstance();
      SMIMEInputStream in = generadorSMIMEParalelo.generarSMIMEParalelo(document,signatures);

      byte b[] = new byte[8192];
      int read;
      while ( (read=in.read(b) ) > 0) {
        smime.write(b,0,read);
      }
      in.close();

    }catch (IOException iox) {
      throw iox;
    }catch (Exception e) {
      throw new SignatureException(e.getMessage());
    }
  }


	public Date getCurrentDate(String certificateName, String password,
			String contentType) throws SignatureTimestampException,
			SignatureException, IOException {
		if( password == null ) password = "";
		if( SigDebug.isActive() ) {
			SigDebug.write( "CAIBSigned.getCurrentDate: password " + (password.length() == 0? "is" : "is not") + " null." );
		}
		boolean recognized = properties.needsRecognizedCertificate(contentType);
		return getSigner(certificateName, contentType).getCurrentDate(certificateName, password, recognized);
	}

	public String getAPIVersion()
	{
		try {
			InputStream inputStream =  CAIBSigner.class.getResourceAsStream("version.properties");
		    if (inputStream==null)
		    {
		       throw new FileNotFoundException();
		    }
		    Properties tempProperties = new Properties();
		    tempProperties.load(inputStream);

		    inputStream.close();
		    return tempProperties.getProperty("Version");
		} catch (FileNotFoundException e) {
			throw new RuntimeException (e);
		} catch (IOException e) {
			throw new RuntimeException (e);
		}
	}

	/**
	 * @deprecated
	 * @throws FileNotFoundException
	 */
	public CAIBSigner () throws FileNotFoundException {
		preInitialize();

		try {
			properties = new SignaturaProperties();

		} catch (Exception e1) {
			throw new RuntimeException (e1);
		}
		initialize();
	}

	/**
	 *
	 * @param updateSite
	 * @param configurationFile
	 * @param propertiesCachePath
	 * @throws FileNotFoundException
	 */
	public CAIBSigner(String updateSite,URL configurationFile,String propertiesCachePath) throws FileNotFoundException {
		preInitialize();

		//Inicializamos las propiedades de firma
		try {
				properties = new SignaturaProperties(updateSite,configurationFile,propertiesCachePath);

		} catch (Exception e1) {
			throw new RuntimeException (e1);
		}
		initialize();
	}

	/**
	 *
	 * @param signerConfiguration
	 * @throws FileNotFoundException
	 */
	public CAIBSigner (Map signerConfiguration) throws FileNotFoundException
	{
		preInitialize();

		//Inicializamos las propiedades de firma
		try {
				properties = new SignaturaProperties(signerConfiguration);
		} catch (Exception e1) {
			throw new RuntimeException (e1);
		}
		initialize();
	}

	protected void preInitialize() throws FileNotFoundException{
		//registramos el security manager
		CAIBSecurityManager.register();

		//creamos el classloaderFactory que se encarga de gestionar la carga y acceso a las clases
		//también inicializamos las listas de signers disponibles (locales y remotos)
		if (factory == null) {
		    factory = ClassLoaderFactory.getFactory ();
		    realSigners = new LinkedHashMap();
		    remoteRealSigners = new LinkedHashMap();
		}
	}

	protected void initialize () throws FileNotFoundException {


		try {

			/*
			 * Cargamos dinámicamente los security providers de JCA
			 * de BouncyCastle y de LunaPCI
			 */

			if (Security.getProvider("BC") == null) {
				Provider p = (Provider) factory.getMasterClassLoader().loadClass("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance();
				Security.addProvider(p);
			}

			// Sólo intentamos cargar los providers de Luna si tenemos
			// disponible el JAR para Luna en la instalación del API de firma
			InputStream inputStream = factory.getMasterClassLoader().getResourceAsStream("es/caib/signatura/provider/impl/lunaPCI/LunaPCISigner.class");
			if (inputStream != null) {

				if (Security.getProvider("LunaJCE") == null) {
					Provider p = (Provider) factory.getMasterClassLoader().loadClass("com.chrysalisits.cryptox.LunaJCEProvider").newInstance();
					Security.addProvider(p);
				}

				if (Security.getProvider("LunaJCA") == null) {
					Provider p = (Provider) factory.getMasterClassLoader().loadClass("com.chrysalisits.crypto.LunaJCAProvider").newInstance();
					Security.addProvider(p);
				}

			}

		} catch(Exception e) {

			throw new RuntimeException (e);

		}


		// Si ningu no ha posat el nivell primer, posem el que hi hagi al fitxer
		// de properties, sino, deixem el que hi ha.
		if ( SigDebug.getLevel() == SigDebug.DEBUG_LEVEL_NONE ) {
			SigDebug.setLevel( properties.getProperty("debugLevel") );
		}


		/**
		 * Empezamos la carga de signers o proveedores de nuestra api
		 *
		 */
		//TRADISE / TRADISE-DEV
		if (System.getProperty("es.caib.provider.unactive") == null
				|| System.getProperty("es.caib.provider.unactive").indexOf("tradise") == -1) {

			try {
				addTradiseSigner( "tradise");
				SigDebug.write( "[DBG] ACTIVAT TRADISE." );
			} catch (FileNotFoundException e) {
					//quan no est� instal.lat
			} catch (Exception e) {
				e.printStackTrace();
			}

			File dirDev = new File (factory.getLibraryDir(), "tradise-dev");
			if (dirDev.isDirectory())
			{
				try {
					addTradiseSigner( "tradise-dev");
					SigDebug.write( "[DBG] ACTIVAT TRADISE TEST." );
				} catch (Exception e) {
					e.printStackTrace();
				}
			}

		}

		//PKCS11
		if (System.getProperty("es.caib.provider.unactive") == null
				|| System.getProperty("es.caib.provider.unactive").indexOf("PKCS11") == -1) {

			String drivers []= properties.getPKCS11Drivers();

			for (int i = 0; i < drivers.length; i++)
			{
				try{
					if(addPKCS11Signer(drivers[i]))
						SigDebug.write( "[DBG] ACTIVAT PKCS11 "+drivers[i]+"." );
				}
				catch (Throwable e){
					e.printStackTrace();
				}
			}

		}

		//MSCRYPTOAPI / MSCAPI
		//Sólo activamos este provider si estamos en un entorno windows
		if ( System.getProperty("os.name").contains("Windows") ) {

			if (System.getProperty("es.caib.provider.unactive") == null
					|| System.getProperty("es.caib.provider.unactive").indexOf("MSCRYPTOAPI") == -1) {

				try {
					addMscryptoapiSigner();

				}
				catch (Exception e){
					e.printStackTrace();
				}

			}

		}

		//LUNAPCI HSM
		if (System.getProperty("es.caib.provider.unactive") == null
				|| System.getProperty("es.caib.provider.unactive").indexOf("LUNAPCI") == -1) {

			try {
				if ( addLunaPCISigner() )
					SigDebug.write( "[DBG] ACTIVAT LUNAPCI." );
			}
			catch (Exception e){
				e.printStackTrace();
			}

		}

		//WEBSERVICE SIGNER CLIENT
		if (System.getProperty("es.caib.provider.unactive") == null
				|| System.getProperty("es.caib.provider.unactive").indexOf("WEBSERVICESIGNER") == -1) {

			try {
				if ( addWebServiceSigner() )
					SigDebug.write( "[DBG] ACTIVAT WEBSERVICESIGNER." );
			}
			catch (Throwable e){
				e.printStackTrace();
			}

		}

		//FIREFOX via NSS
		if (System.getProperty("es.caib.provider.unactive") == null
				|| System.getProperty("es.caib.provider.unactive").indexOf("FIREFOXSIGNER") == -1) {

			try{
				if ( addFirefoxSigner(factory) )
					SigDebug.write("[DBG] ACTIVAT FIREFOXSIGNER.");
			}
			catch (Throwable e){
				e.printStackTrace();
			}


		}

		// Sólo cargamos nuestro provider de BC si las propiedades de sistema necesarias
		// para que éste funcione se encuentran presentes.
		if ( System.getProperty("es.caib.provider.unactive") == null
				|| System.getProperty("es.caib.provider.unactive").indexOf("BC") == -1 ) {

			if ( System.getProperty("caib-crypto-keystore-password") != null ) {

				try {

					if(addBcCryptoApiSigner())
						SigDebug.write("[DBG] ACTIVAT BC.");

				} catch (Exception e) {

					if (e instanceof SignatureException
							&& e.getMessage().contains(".keystore")) {

						SigDebug.write("WARNING (BC): el usuario no posee keystore por defecto. No se cargará el signer de BC.");

					} else {

						e.printStackTrace();

					}

				}

			} else {

				SigDebug.write("[DBG] System properties needed for BC signer are not set");

			}

		}


	}

	private boolean addPKCS11Signer (String libraryName) throws Exception
	{

			File f = new File (libraryName);
			if ( f.isAbsolute())
			{
				String name = f.getName();
				if (realSigners.get(name) == null)
				{
					if(addPKCS11Signer (name, f)) return true;
				}
			} else {
				if (realSigners.get(libraryName) == null)
				{
					String path = System.getProperty("java.library.path");
					StringTokenizer tokenizer = new StringTokenizer (path, File.pathSeparator);
					while (tokenizer.hasMoreTokens())
					{
						File next = new File( tokenizer.nextToken() );
						f = new File (next, libraryName);
						if (addPKCS11Signer (libraryName, f))
							return true;
						f = new File (next, libraryName+".dll") ;
						if (addPKCS11Signer (libraryName, f))
							return true;

					}
				}else{
					return true;
				}
			}

		return false;
	}

	private boolean addPKCS11Signer(String libraryName, File f) throws Exception {
		if (f.canRead())
		{
			String providerName = properties.getPKCS11DriversDescription(libraryName);

				File cfg = File.createTempFile(libraryName, "pkcs11.cfg");
				PrintWriter writer = new PrintWriter (new FileWriter (cfg));
				writer.println("name="+libraryName);
				writer.println("library="+f.getAbsolutePath());
				writer.close();
				cfg.deleteOnExit();
				Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.pkcs11.PKCS11Signer");
				Constructor constructor = c.getConstructor(new Class [] {String.class,String.class});
				realSigners.put(libraryName, constructor.newInstance(new Object [] {cfg.getAbsolutePath(),providerName}));
				return true;


		}
		else
			return false;
	}

	private void addTradiseSigner (String name) throws ClassNotFoundException, InstantiationException, IllegalAccessException, FileNotFoundException
	{

		if (realSigners.get(name) == null)
		{
			ClassLoader loader = factory.getClassLoader(name);
			Class c = loader.loadClass("es.caib.signatura.provider.impl.tradise.TradiseSigner");
			realSigners.put(name, c.newInstance());
		}

	}

	private boolean addBcCryptoApiSigner()
			throws SignatureException, ClassNotFoundException, InstantiationException, IllegalAccessException
	{
		//PJR - si no comentamos esto, es necesario reiniciar jboss para que coja un cambio en la clave
		//if (realSigners.get("bccryptoapi") == null)
		//{
			Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.bccryptoapi.BcCryptoApiSigner");
			realSigners.put("bccryptoapi", c.newInstance());
		//}
		if ( SigDebug.isActive() )
			SigDebug.write("CAIBSigner: addBcCryptoApiSigner: Keystore certificates loaded.");

		return true;
	}

	private boolean addWebServiceSigner() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
		//PJR - si no comentamos esto, es necesario reiniciar jboss para que coja un cambio en la clave
		//if (remoteRealSigners.get("WebServiceSigner") == null)
		//{
			//AML - Sólo intentamos cargar el provider si existe el JAR del mismo
			InputStream inputStream = factory.getMasterClassLoader().getResourceAsStream("es/caib/signatura/provider/impl/webServiceSigner/WebServiceSigner.class");

			if (inputStream != null) {

				Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.webServiceSigner.WebServiceSigner");
				remoteRealSigners.put("WebServiceSigner", c.newInstance());

				if ( SigDebug.isActive() )
					SigDebug.write("CAIBSigner: addWebServiceSigner: WebServiceSigner loaded.");

				return true;

			}

			return false;
		//}
		//return true;

	}

	/**
	 * Añade mscryptoapi como proveedor de firma de la CAIB. Sólo se hace si se puede cargar la biblioteca dinámica mscryptofunctions.dll,
	 * que debe estar en el directorio JAVA_HOME\lib\signaturacaib\ del PC con windows del usuario
	 * @author Jesus Reyes (3digits)
	 */
	private void addMscryptoapiSigner() {
		if (realSigners.get("mscryptoapi") == null)
		{
			// Obtenemos versión completa x.y.z (e.g. 1.6.0_24)
			String fullVersion = System.getProperty("java.version");
			// Buscamos la posición del último punto
			int lastIndex = fullVersion.lastIndexOf(".");
			// Obtenemos todo lo que había antes de éste (e.g. 1.6)
			String version = fullVersion.substring(0, lastIndex);
			// Construímos un float para comparar fácilmente
 			float versionNumber = Float.valueOf(version).floatValue();
 			// Detectamos si el entorno JRE es de 64bits
 			boolean is64bits = (System.getProperty("os.arch").indexOf("64") != -1);

 			// Usamos el provider implementado usando API propia del JRE para acceso a la
 			// MSCAPI, introducida a partir de Java 1.6 y si estamos en un sistema de 64 bits.
 			// lo de los 64 bits es para no compilar nuestra dll en 64 bits

 			if (versionNumber >= 1.6 && is64bits) {

 				try {

 					//System.out.println("Usando provider MSCAPI");

 					Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.sunmscapi.SunMSCAPIProvider");
 					realSigners.put("mscryptoapi", c.newInstance());

 					if( SigDebug.isActive() )
 						SigDebug.write("CAIBSigner: addMscryptoapiSigner: es.caib.signatura.provider.impl.sunmscapi.SunMSCAPIProvider");

 					SigDebug.write( "[DBG] ACTIVAT MSCAPI." );
 				} catch (Throwable e) {

 					e.printStackTrace();
 					SigDebug.write("es.caib.signatura.provider.impl.sunmscapi.SunMSCAPIProvider cannot be loaded.");

 				}


 			// Si se está usando una versión de Java inferior a la 1.6 o un sistema de 32bits
 			// usamos el provider "antiguo" propio del sistema.
 			} else {

 				try {

 					//System.out.println("Usando provider MSCRYPTOAPI");

 					String libraryName = System.getProperty("java.home")+"\\lib\\signaturacaib\\mscryptofunctions.dll";

 					if( SigDebug.isActive() )
 						SigDebug.write("CAIBSigner: addMscryptoapiSigner: Path mscryptofunctions = " + libraryName);

 					File f = new File (libraryName);

 					if (f.canRead()){

 						Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.mscryptoapi.MscryptoapiSigner");
 						realSigners.put("mscryptoapi", c.newInstance());

 						if( SigDebug.isActive() )
 							SigDebug.write("CAIBSigner: addMscryptoapiSigner: Cargada mscryptofunctions.dll");

 					}

 					SigDebug.write( "[DBG] ACTIVAT MSCRYPTOAPI." );
 				} catch(Exception e)	{

 					e.printStackTrace();
 					SigDebug.write("mscryptofunctions.dll cannot be loaded.");

 				}

 			}
 		}

 	}

 	/**
 	 * Método que añade el Signer necesario para usar las funciones de los dispositivos LunaPCI.
 	 * @throws ClassNotFoundException
 	 * @throws InstantiationException
 	 * @throws IllegalAccessException
 	 */
 	private boolean addLunaPCISigner() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
 		//PJR - con esta comprobación, es necesario reiniciar para que coja los cambios en configuración
 		//if (realSigners.get("lunaPCI") == null)
 		//{
 			// Sólo intentamos cargar el provider si existe el JAR del mismo
 			InputStream inputStream = factory.getMasterClassLoader().getResourceAsStream("es/caib/signatura/provider/impl/lunaPCI/LunaPCISigner.class");

 			if (inputStream != null) {

 				Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.lunaPCI.LunaPCISigner");
 				realSigners.put("lunaPCI", c.newInstance());

 				if ( SigDebug.isActive() )
 					SigDebug.write("CAIBSigner: addLunaPCISigner: Cargados los certificados del dispositivo");

 				return true;

 			}

 			return false;
 		//}
 		//return true;

 	}

 	public SMIMEParser getSMIMEParser(InputStream smime) throws InstantiationException, IllegalAccessException, IOException, SignatureException {
 		return new SMIMEParserProxy(smime);
 	}

 	public ParsedCertificate parseCertificate(X509Certificate certificate) {
 		try {
 			Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.common.ParsedCertificateImpl");
 			Constructor constructor = c.getConstructor(new Class [] {X509Certificate[].class, boolean.class});
 			// El ParsedCertificateImp que retornem, sempre estará com si
 			// no estigués en un dispositiu segur.
 			return (ParsedCertificate) constructor.newInstance(new Object [] {new X509Certificate[] {certificate}, new Boolean(false)});
 		} catch (Exception e) {
 			throw new RuntimeException(e);
 		}
 	}


 		/**
 		 * http://download.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html
 		 * https://developer.mozilla.org/En/JSS
 		 * Añade un nuevo provider para firefox, con ciertas limitaciones
 		 * no va en MAC OSX 10.4, y sólo carga certificados software
 		 * @return
 		 */
 		private  boolean addFirefoxSigner(ClassLoaderFactory factory) throws Exception {
 			// Comprobar SO
 			// Encontrar librería dinámica softokn3.dll o libsoftokn3.so
 			// Buscar perfiles
 			// Iterar perfiles y cargar un signer por perfil/keystore

 			//comentamos esto para que cargue más de una vez el provider, y así pida la contraseña de nuevo
 			//if (realSigners.get("FIREFOXSIGNER") == null)
 			//{


 				String osName = null;
 				String[] nssDirs = null;
 				String nssLibraryDirectory = null;
 				String profilesPath = null;
 				String[] profileDirs = null;

 				String homeDir = System.getProperty("user.home").replaceAll("\\\\","/");

 				if ( System.getProperty("os.name").contains("Windows") ) {

 					osName = "windows";

 					String programFiles32=System.getenv("ProgramFiles").replaceAll("\\\\", "/");
 					String programFiles64=System.getenv("ProgramFiles(x86)");

 					//mirar a program files 32 bits i 64 bits !!! (ufff)
 					if(programFiles64!=null && !"".equals(programFiles64)){
 						//windows 64 bits
 						programFiles64=programFiles64.replaceAll("\\\\", "/");
 						if(System.getProperty("os.arch").indexOf("64")!=-1){
 							//carreguem firefox 64 bits
 							nssDirs = new String[] {
 									programFiles64+"/Mozilla Firefox"
 							};
 						}else{
 							//carreguem firefox 32 bits
 							nssDirs = new String[] {
 									programFiles32+"/Mozilla Firefox"
 							};
 						}
 					}else{
 						//windows 32 bits
 						nssDirs = new String[] {
 								programFiles32+"/Mozilla Firefox"
 						};

 					}

 					String appdata=System.getenv("APPDATA").replaceAll("\\\\", "/");
 					profileDirs = new String[] {
 							appdata+"/Mozilla/Firefox/Profiles"
 					};

 				} else if ( System.getProperty("os.name").contains("Linux") ) {

 					osName = "linux";


 					//sabemos que firefox tiene el directorio dependiente de la versión, así que filtramos todos los directorios que contengan firefox para iniciar la búsqueda
 					File sysLibPath=new File("/usr/lib");
 					File[] firefoxLibDirs=sysLibPath.listFiles(new FileFilter() {

 						public boolean accept(File pathname) {
 							if(pathname.getAbsolutePath().contains("firefox")) return true;
 							return false;
 						}
 					});

 					//convertimos de File[] a String[]
 					nssDirs=new String [firefoxLibDirs.length];

 					int i=0;
 					for(i=0;i<firefoxLibDirs.length;i++){
 						nssDirs[i]=firefoxLibDirs[i].getAbsolutePath();
 					}


 					//Buscamos los directorios de perfiles

 					profileDirs = new String[] {
 						homeDir + "/.mozilla/firefox"
 					};


 				} else if ( System.getProperty("os.name").contains("Mac OS") ) {

 					osName = "mac";


 					nssDirs = new String[] {
 						"/Applications/Firefox.app/Contents/MacOS"
 					};


 					profileDirs = new String[] {
 							homeDir+"/Library/Mozilla/Firefox/Profiles",
 							homeDir+"/Library/Application Support/Firefox/Profiles"
 					};


 				} else {

 					SigDebug.write("WARNING: OS not supported yet '" + System.getProperty("os.name") + "'");
 					return false;

 				}

 				// Buscamos en qué directorio se encuentra la librería dinámica softokn3
 				for(int i=0;i<nssDirs.length;i++)
 					SigDebug.write("NSSDir: "+nssDirs[i]);

 				if(nssDirs!=null)
 					nssLibraryDirectory = firefoxSignerFindNSSLibraryDirectory(nssDirs, osName);

 				SigDebug.write("nssLibraryDirectory: "+nssLibraryDirectory);

 				if (nssLibraryDirectory == null) {
 					SigDebug.write("WARNING: NSS library directory not found");
 					return false;
 				}

 				// Cargamos resto de librerías dinámicas necesarias
 				firefoxSignerLoadNSSLibraries(nssLibraryDirectory, osName);

 				// Buscamos en qué directorio se encuentran los perfiles de Firefox del usuario
 				profilesPath = firefoxSignerFindProfilesDirectory(profileDirs);
 				if ( profilesPath == null ) {
 					SigDebug.write("WARNING: Profiles directory not found");
 					return false;
 				}

 				// Listar prerfiles de Firefox
 				File profilesDir = new File( profilesPath );
 				File[] profilesDirFiles = firefoxSignerFilterProfileDirectories( profilesDir.listFiles() );

 				if (profilesDirFiles.length > 0) {

 					int i = 0;

 					try {

 						// Si hay más de un perfil toca preguntar al usuario qué perfil
 						// quiere cargar como keystore. Si no, usamos el único que hay (índice 0).
 						if (profilesDirFiles.length > 1)
 							i = firefoxSignerAskForUserProfile(profilesDirFiles);

 						String providerConfig = firefoxSignerGetProviderConfig(profilesDirFiles[i], profilesPath, nssLibraryDirectory);

 						Class c = factory.getMasterClassLoader().loadClass("es.caib.signatura.provider.impl.firefox.FirefoxSigner");
 						Constructor constructor = c.getConstructor(new Class [] {String.class, String.class});
 						realSigners.put(
 								"FIREFOXSIGNER",
 								constructor.newInstance(new Object [] {providerConfig, profilesDirFiles[i].getName()})
 						);

 					}catch (InvocationTargetException e) {
 						e.getTargetException().printStackTrace();
 						return false;

 					} catch (Exception e) {

 						e.printStackTrace();
 						return false;

 					}

 				} else {

 					SigDebug.write("WARNING: No avalaible Firefox profiles found");
 					return false;

 				}
 			//}
 			return true;


 		}

 		/**
 		 * Diálogo que se le presenta al usuario para que seleccione el perfil de Firefox
 		 * del cual se leerán los certificados almacenados.
 		 * @param profilesDirFiles
 		 * @return
 		 * @throws Exception
 		 */
 		private static int firefoxSignerAskForUserProfile(File[] profilesDirFiles) throws Exception {

 			return FirefoxSignerProfileChooser.getFirefoxProfile(profilesDirFiles);

 		}

 		/**
 		 * Método que devuelve la ruta del directorio que almacena la librería dinámica softokn3.
 		 * @param dirs
 		 * @param osName
 		 * @return
 		 */
 		private static String firefoxSignerFindNSSLibraryDirectory(String[] dirs, String osName) {

 			boolean found = false;
 			String nssLibraryDirectory = null;
 			String libName = null;

 			if ( "windows".equals(osName) )
 				libName = "/softokn3.dll";
 			else if ( "linux".equals(osName) )
 				libName = "/libsoftokn3.so";
 			else if ( "mac".equals(osName) )
 				libName = "/libsoftokn3.dylib";
 			else
 				// Devolvemos null y, al comprobar este valor de retorno, la
 				// carga del FirefoxSigner se interrumpirá.
 				return null;

 			for (int i = 0; i < dirs.length; i++) {

 				found = new File( dirs[i] + libName ).exists();

 				if ( found ) {
 					nssLibraryDirectory = dirs[i];
 					break;
 				}

 			}

 			return nssLibraryDirectory;

 		}

 		/**
 		 * Método que devuelve la ruta hacia el directorio que contiene los perfiles de usuario
 		 * de Firefox del usuario que ejecuta el API de firma.
 		 * @param dirs
 		 * @return
 		 */
 		private static String firefoxSignerFindProfilesDirectory(String[] dirs) {

 			boolean found = false;
 			String profilesPath = null;

 			for (int i = 0; i < dirs.length; i++) {

 				found = new File( dirs[i] ).exists() && new File( dirs[i] ).isDirectory();

 				if ( found ) {
 					profilesPath = dirs[i];
 					break;
 				}

 			}

 			return profilesPath;

 		}

 		/**
 		 * Método que carga las librerías dinámicas necesarias, junto a la de softokn3,
 		 * para poder acceder al keystore PKCS11 de Firefox mediante NSS.
 		 * @param nssLibraryDirectory
 		 * @param osName
 		 */
 		private static void firefoxSignerLoadNSSLibraries(String nssLibraryDirectory, String osName) {

 			if ( "windows".equals(osName) ) {

 				try{System.load(nssLibraryDirectory + "/mozcrt19.dll");}catch(UnsatisfiedLinkError e){e.printStackTrace();}
 				try{System.load(nssLibraryDirectory + "/sqlite3.dll");}catch(UnsatisfiedLinkError e){e.printStackTrace();}
 				try{System.load(nssLibraryDirectory + "/nspr4.dll");}catch(UnsatisfiedLinkError e){e.printStackTrace();}
 				try{System.load(nssLibraryDirectory + "/plc4.dll");}catch(UnsatisfiedLinkError e){e.printStackTrace();}
 				try{System.load(nssLibraryDirectory + "/plds4.dll");}catch(UnsatisfiedLinkError e){e.printStackTrace();}
 				try{System.load(nssLibraryDirectory + "/nssutil3.dll");}catch(UnsatisfiedLinkError e){e.printStackTrace();}

 			} else if ( "linux".equals(osName) || "mac".equals(osName)  ) {
 				//cargamos todas las dlls del directorio
 				File nssLibDir=new File(nssLibraryDirectory);
 				File [] nssLibs=nssLibDir.listFiles(new FileFilter() {
 					public boolean accept(File pathname) {
 						if(pathname.getAbsolutePath().endsWith(".so") || pathname.getAbsolutePath().endsWith(".dylib")) return true;
 						return false;
 					}
 				});
 				int i=0;
 				for(i=0;i<nssLibs.length;i++)
 					try{System.load(nssLibs[i].getAbsolutePath());}catch(UnsatisfiedLinkError e){e.printStackTrace();}


 			}

 		}

 		/**
 		 * Método que se encarga de detectar qué directorios especificados son perfiles de Firefox.
 		 * @param dirs
 		 * @return
 		 */
 		private static File[] firefoxSignerFilterProfileDirectories(File[] dirs) {


 			Vector out = new Vector();

 			for (int i = 0; i < dirs.length; i++) {

 				String dir = dirs[i].getName();

 				// Los nombres de los directorios que contiene perfiles siguen un esquema
 				// de nombres de este tipo: 8 letras "al azar" + . + nombre del perfil.
 				if (dir.length() > 8 && dir.charAt(8) == '.' && !dir.contains("profiles.ini"))
 					out.add( dirs[i] );

 			}

 			return (File[])out.toArray(new File[out.size()]);

 		}

 		/**
 		 * Método que genera la configuración para la carga del provider SunPKCS11, el cual
 		 * se usará para acceder al keystore de Firefox mediante NSS.
 		 * http://www.forosdelweb.com/f45/como-acceder-keystore-firefox-664947/
 		 * @param profileDir
 		 * @param profilesPath
 		 * @param nssLibraryDirectory
 		 * @return
 		 * @throws FileNotFoundException
 		 */
 		private static String firefoxSignerGetProviderConfig(File profileDir, String profilesPath, String nssLibraryDirectory) throws FileNotFoundException {

 			String profileDirName = profileDir.getName();

 //			System.out.println("================================================================================");
 //			System.out.println( profileDirName.substring(9) );
 //			System.out.println( "Profile directory: " + profileDir.getAbsolutePath() );
 //			System.out.println("================================================================================");

 			String nssSecmodDirectory = profilesPath + "/" + profileDirName;


 			if(System.getProperty("os.name").contains("Windows")){
 				if(System.getProperty("java.version").contains("7")){
 					//tradüim a short path http://bugs.sun.com/view_bug.do?bug_id=6581254
 					nssLibraryDirectory=getWindowsShortPath(new File(nssLibraryDirectory)).replaceAll("\\\\", "\\\\");
 					nssSecmodDirectory=getWindowsShortPath(new File(nssSecmodDirectory.replaceAll("/","\\\\"))).replaceAll("\\\\", "\\\\").replaceAll("\\\\","/");
 				}else{
 					nssLibraryDirectory=new File(nssLibraryDirectory).getAbsolutePath().replaceAll("\\\\", "\\\\");
 					nssSecmodDirectory=new File(nssSecmodDirectory).getAbsolutePath().replaceAll("\\\\", "\\\\").replaceAll("\\\\","/");
 				}
 			}

 			String providerCfg = "name = NSS" + profileDirName + "\n"+
 			"nssLibraryDirectory = " + nssLibraryDirectory + "\n"+
 			"nssSecmodDirectory = \"" + nssSecmodDirectory + "\"\n"+
 			"nssDbMode = readOnly\n" +
 			"nssModule = keystore\n";

 			//System.out.println( providerCfg );

 			return providerCfg;

 		}


 		public static String getWindowsShortPath(File f) throws FileNotFoundException{
 			if(!f.exists()) throw new FileNotFoundException("Cannot get short path of a non existing file");

 			String shortpath = "";
 	        StringTokenizer tokenizer = new StringTokenizer(f.getAbsolutePath(), "\\");
 	        String temp = null;
 	        String nextTemp=null;
 	        while(tokenizer.hasMoreTokens() == true)
 	        {
 	        	int counter=1;

 	        	temp=(temp==null)?tokenizer.nextToken():nextTemp;
 	        	nextTemp=tokenizer.nextToken();
 	        	String tempShortpath=null;
 	        	do{
 	        		if(temp.length() > 8)
 	        			tempShortpath = temp.replaceAll(" ","").substring(0, 6) + "~"+counter + "\\";
 	        		else
 	        			tempShortpath = temp + "\\";

 	        		counter++;
 	        		//System.out.println(shortpath+tempShortpath+nextTemp + " exists: "+new File(shortpath+tempShortpath+nextTemp).exists());
 	        	}while(!new File(shortpath+tempShortpath+nextTemp).exists() && counter<100);
 	        	if(counter==100) throw new FileNotFoundException("Short path counter limit exceeded");

 	        	shortpath+=tempShortpath;

 	        }
 	        return shortpath+nextTemp;
 		}
 	}