diff --git a/README.md b/README.md index f0f3369..f65222b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ > **⚠️ Important Notice: Cache Configuration Update** > -> We recently migrated the `autofirma-nix` repository from one of the creators' accounts to the Nix Community's organization. +> We recently migrated the `autofirma-nix` repository from one of the creators' accounts to the Nix Community's organization. > As part of this migration, the binary cache has also changed. To avoid unnecessary compilations in your local machine, please update your `flake.nix` configuration to use the new cache. Replace the `nixConfig` section in your `flake.nix` file with the following: > > ```nix @@ -22,9 +22,9 @@ This repository provides a suite of tools needed to interact with Spain’s public administration, alongside NixOS and Home Manager modules for easy integration. These tools include: -- **AutoFirma** for digitally signing documents -- **DNIeRemote** for using an NFC-based national ID with an Android device as an NFC reader -- **Configurador FNMT-RCM** for securely requesting the personal certificate from the Spanish Royal Mint (**Fábrica Nacional de Moneda y Timbre**) +- **Autofirma** for digitally signing documents +- **DNIeRemote** for using an NFC-based national ID with an Android device as an NFC reader +- **Configurador FNMT-RCM** for securely requesting the personal certificate from the Spanish Royal Mint (**Fábrica Nacional de Moneda y Timbre**) ## Usage Example @@ -32,17 +32,17 @@ alongside NixOS and Home Manager modules for easy integration. These tools inclu $ nix run --accept-flake-config github:nix-community/autofirma-nix#dnieremote ``` -## AutoFirma on NixOS and Home Manager +## Autofirma on NixOS and Home Manager -A NixOS module is provided to enable AutoFirma on NixOS and another one for Home Manager. -You only need to enable one of them, depending on whether you want AutoFirma +A NixOS module is provided to enable Autofirma on NixOS and another one for Home Manager. +You only need to enable one of them, depending on whether you want Autofirma system-wide or at the user level. ### Home Manager Configuration -The integration of AutoFirma in Home Manager enables the `autofirma` command for +The integration of Autofirma in Home Manager enables the `autofirma` command for signing PDF documents and configures the Firefox browser (if enabled through -`programs.firefox.enable`) to use AutoFirma on websites that require it. +`programs.firefox.enable`) to use Autofirma on websites that require it. Additionally, you can enable DNIe integration, including NFC-based DNIe from an Android mobile via DNIeRemote. @@ -98,7 +98,7 @@ Manager installation method. Below are examples for a standalone configuration. config = { programs.autofirma.enable = true; programs.autofirma.firefoxIntegration.profiles = { - myprofile = { # The name of the Firefox profile where AutoFirma will be enabled + myprofile = { # The name of the Firefox profile where Autofirma will be enabled enable = true; }; }; @@ -130,9 +130,9 @@ Manager installation method. Below are examples for a standalone configuration. ### NixOS Configuration -The AutoFirma integration in NixOS enables the `autofirma` command for signing PDF +The Autofirma integration in NixOS enables the `autofirma` command for signing PDF documents and configures the Firefox browser (if enabled through -`programs.firefox.enable`) to use AutoFirma on websites that require it. +`programs.firefox.enable`) to use Autofirma on websites that require it. Additionally, you can enable DNIe integration, including NFC-based DNIe from an Android mobile via DNIeRemote. @@ -154,7 +154,7 @@ Android mobile via DNIeRemote. autofirma-nix.nixosModules.default ({ pkgs, config, ... }: { programs.autofirma.enable = true; - programs.autofirma.firefoxIntegration.enable = true; # Let Firefox use AutoFirma + programs.autofirma.firefoxIntegration.enable = true; # Let Firefox use Autofirma programs.dnieremote.enable = true; @@ -196,11 +196,11 @@ it. The following NixOS options determine which certificates are accepted or blocked in the system *truststore*, directly affecting **autofirma-nix**: -- **`security.pki.certificateFiles`** +- **`security.pki.certificateFiles`** Adds additional certificates to the global *truststore*. If any match the official list, **autofirma-nix** will accept them. -- **`security.pki.caCertificateBlacklist`** +- **`security.pki.caCertificateBlacklist`** Blocks specific certificates. Even if they are on the official list, **autofirma-nix** will exclude them if they appear in this blacklist. @@ -227,7 +227,7 @@ official list. ### Security devices do not seem to update or do not appear -If you have installed AutoFirma and enabled Firefox integration, but Firefox does not +If you have installed Autofirma and enabled Firefox integration, but Firefox does not detect the security devices, you may need to remove the `pkcs11.txt` file from the Firefox profile folder. For instance, if you enabled the Home Manager module and the profile is named `myprofile`, the file is located in `~/.mozilla/firefox/myprofile/pkcs11.txt`. @@ -262,7 +262,7 @@ SEVERE: El almacen no contiene ningun certificado que se pueda usar para firmar: This occurs because your certificates have expired, as indicated by the “NotAfter:” date. If the certificates are not expired because you recently renewed them, but you used -AutoFirma before this renewal, it is possible that OpenSC has cached your old certificates. +Autofirma before this renewal, it is possible that OpenSC has cached your old certificates. To fix this, you need to delete the OpenSC cache. [By default, it is located at $HOME/.cache/opensc](https://github.com/OpenSC/OpenSC/wiki/Environment-variables). diff --git a/docs/src/introduction.md b/docs/src/introduction.md index 17b3c89..63a0156 100644 --- a/docs/src/introduction.md +++ b/docs/src/introduction.md @@ -2,7 +2,7 @@ Welcome to **autofirma-nix**! This project provides a suite of tools to interact with Spain’s public administration, seamlessly integrating into your NixOS and Home Manager setup. It includes: -- **AutoFirma** for digitally signing documents and authenticating on various Spanish administration websites—because ink and paper are so last century. -- **DNIeRemote** for using an NFC-based national ID via an Android device—no more digging through drawers for that card reader you haven’t seen since 2010. -- **Configurador FNMT-RCM** for securely requesting personal certificates from the Spanish Royal Mint—yes, the mint that makes actual coins. -- Integration with **Mozilla Firefox** (provided on both the NixOS and the Home Manager modules) that allows Firefox to communicate with AutoFirma, as required by some sites—now with automatic setup! +- **Autofirma** for digitally signing documents and authenticating on various Spanish administration websites—because ink and paper are so last century. +- **DNIeRemote** for using an NFC-based national ID via an Android device—no more digging through drawers for that card reader you haven’t seen since 2010. +- **Configurador FNMT-RCM** for securely requesting personal certificates from the Spanish Royal Mint—yes, the mint that makes actual coins. +- Integration with **Mozilla Firefox** (provided on both the NixOS and the Home Manager modules) that allows Firefox to communicate with Autofirma, as required by some sites—now with automatic setup! diff --git a/docs/src/security.md b/docs/src/security.md index dc1db1d..f21dcf9 100644 --- a/docs/src/security.md +++ b/docs/src/security.md @@ -1,34 +1,34 @@ # Security -AutoFirma chats with remote servers in a couple of different ways to handle document signing and authentication. Here’s the lowdown on these scenarios and how certificates fit into the bigger picture. +Autofirma chats with remote servers in a couple of different ways to handle document signing and authentication. Here’s the lowdown on these scenarios and how certificates fit into the bigger picture. ## Browser-based scenario -In most cases, your friendly web browser takes care of the heavy lifting for server authentication: it connects to the remote server and confirms the server’s identity with its own certificate store. After that, the browser opens a WebSocket to AutoFirma, relaying commands back and forth. For this communication to work, a SSL certificate is created and added to Firefox; depending on the installation method you chose is located either in `/etc/AutoFirma` or in `$HOME/.afirma/AutoFirma`. +In most cases, your friendly web browser takes care of the heavy lifting for server authentication: it connects to the remote server and confirms the server’s identity with its own certificate store. After that, the browser opens a WebSocket to Autofirma, relaying commands back and forth. For this communication to work, a SSL certificate is created and added to Firefox; depending on the installation method you chose is located either in `/etc/Autofirma` or in `$HOME/.afirma/Autofirma`. ## Direct connection scenario -Sometimes, the browser tells AutoFirma to talk directly to the remote server. In that case, AutoFirma itself must determine which Certificate Authorities (CAs) are valid. This is where certificate management in AutoFirma becomes important. +Sometimes, the browser tells Autofirma to talk directly to the remote server. In that case, Autofirma itself must determine which Certificate Authorities (CAs) are valid. This is where certificate management in Autofirma becomes important. ## Managing certificates in autofirma-nix -AutoFirma trusts a certificate only if it meets two conditions: +Autofirma trusts a certificate only if it meets two conditions: -1. **Official Provider** +1. **Official Provider** It must come from one of the providers published in the Spanish Government’s authorized list. -2. **System CA Store** - It must also appear in your system’s *ca-bundle* (or *cacerts*) on NixOS. If your NixOS configuration blocks or adds a certificate, AutoFirma respects that setting. +2. **System CA Store** + It must also appear in your system’s *ca-bundle* (or *cacerts*) on NixOS. If your NixOS configuration blocks or adds a certificate, Autofirma respects that setting. -If a certificate is missing from the system CA store or explicitly blocked, AutoFirma will ignore it—even if it shows up on the official list. +If a certificate is missing from the system CA store or explicitly blocked, Autofirma will ignore it—even if it shows up on the official list. ### Relevant NixOS options -- **`security.pki.certificateFiles`** - Adds extra certificates to the global truststore. If a certificate is on the official list, and you include it here, AutoFirma will trust it. +- **`security.pki.certificateFiles`** + Adds extra certificates to the global truststore. If a certificate is on the official list, and you include it here, Autofirma will trust it. -- **`security.pki.caCertificateBlacklist`** - Blocks specific certificates. Even if one is on the official list, AutoFirma ignores it if it appears here. +- **`security.pki.caCertificateBlacklist`** + Blocks specific certificates. Even if one is on the official list, Autofirma ignores it if it appears here. #### Minimal example @@ -46,5 +46,5 @@ If a certificate is missing from the system CA store or explicitly blocked, Auto } ``` -In this snippet, if `./my-certificate.crt` is on the official list, AutoFirma will trust it, while any certificate from `Izenpe.com` is blacklisted, no matter what. +In this snippet, if `./my-certificate.crt` is on the official list, Autofirma will trust it, while any certificate from `Izenpe.com` is blacklisted, no matter what. diff --git a/docs/src/troubleshooting.md b/docs/src/troubleshooting.md index d4789fc..6accf84 100644 --- a/docs/src/troubleshooting.md +++ b/docs/src/troubleshooting.md @@ -4,7 +4,7 @@ Encountering issues? Here are some tips to get you back on track: ## Security devices do not seem to update or do not appear -If you have installed AutoFirma and enabled Firefox integration, but Firefox does not +If you have installed Autofirma and enabled Firefox integration, but Firefox does not detect the security devices, you may need to remove the `pkcs11.txt` file from the Firefox profile folder. For instance, if you enabled the Home Manager module and the profile is named `myprofile`, the file is located in `~/.mozilla/firefox/myprofile/pkcs11.txt`. @@ -39,7 +39,7 @@ SEVERE: El almacen no contiene ningun certificado que se pueda usar para firmar: This occurs because your certificates have expired, as indicated by the “NotAfter:” date. If the certificates are not expired because you recently renewed them, but you used -AutoFirma before this renewal, it is possible that OpenSC has cached your old certificates. +Autofirma before this renewal, it is possible that OpenSC has cached your old certificates. To fix this, you need to delete the OpenSC cache. [By default, it is located at $HOME/.cache/opensc](https://github.com/OpenSC/OpenSC/wiki/Environment-variables). diff --git a/flake.nix b/flake.nix index ee75e62..35489a7 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "A Nix flake for AutoFirma and related Spanish e-signature tools."; + description = "A Nix flake for Autofirma and related Spanish e-signature tools."; nixConfig = { extra-substituters = [ @@ -180,7 +180,7 @@ packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") (lib.filterAttrs (n: _v: !(builtins.elem n blacklistPackages)) self'.packages); checks = { # NixOS Modules - ## AutoFirma + ## Autofirma nixos-autofirma-cli-sign-document = pkgs.callPackage ./nix/tests/nixos/autofirma/cli/sign-document.nix { inherit self; }; nixos-autofirma-firefoxIntegration-protocol-handler = pkgs.callPackage ./nix/tests/nixos/autofirma/firefoxIntegration/protocol-handler { inherit self; }; nixos-autofirma-firefoxIntegration-connection-method-websocket = pkgs.callPackage ./nix/tests/nixos/autofirma/firefoxIntegration/connection-method/websocket { inherit self; }; @@ -188,7 +188,7 @@ nixos-autofirma-firefoxIntegration-connection-method-auxiliary-servers = pkgs.callPackage ./nix/tests/nixos/autofirma/firefoxIntegration/connection-method/auxiliary-servers { inherit self; }; # Home Manager Modules ## HM installed as a NixOS Module - ### AutoFirma + ### Autofirma hm-as-nixos-module-autofirma-cli-sign-document = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/cli/sign-document.nix { inherit self home-manager; }; hm-as-nixos-module-autofirma-firefoxIntegration-protocol-handler = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/firefoxIntegration/protocol-handler { inherit self home-manager; }; hm-as-nixos-module-autofirma-firefoxIntegration-connection-method-websocket = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/firefoxIntegration/connection-method/websocket { inherit self home-manager; }; @@ -196,7 +196,7 @@ hm-as-nixos-module-autofirma-firefoxIntegration-connection-method-auxiliary-servers = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/firefoxIntegration/connection-method/auxiliary-servers { inherit self home-manager; }; hm-as-nixos-module-autofirma-config-omitAskOnClose = pkgs.callPackage ./nix/tests/hm-as-nixos-module/autofirma/config/omitAskOnClose.nix { inherit self home-manager; }; # HM standalone installation - ### AutoFirma + ### Autofirma hm-standalone-autofirma-cli-sign-document = pkgs.callPackage ./nix/tests/hm-standalone/autofirma/cli/sign-document.nix { inherit self home-manager; }; hm-standalone-autofirma-firefoxIntegration-protocol-handler = pkgs.callPackage ./nix/tests/hm-standalone/autofirma/firefoxIntegration/protocol-handler { inherit self home-manager; }; hm-standalone-autofirma-firefoxIntegration-connection-method-websocket = pkgs.callPackage ./nix/tests/hm-standalone/autofirma/firefoxIntegration/connection-method/websocket { inherit self home-manager; }; diff --git a/nix/autofirma/create-autofirma-cert b/nix/autofirma/create-autofirma-cert index 8fa9697..9da0343 100644 --- a/nix/autofirma/create-autofirma-cert +++ b/nix/autofirma/create-autofirma-cert @@ -4,7 +4,7 @@ if [[ "$1" == '--verbose' ]]; then fi _autofirma_dir="$1" -_autofirma_ca="${_autofirma_dir}/AutoFirma_ROOT.cer" +_autofirma_ca="${_autofirma_dir}/Autofirma_ROOT.cer" _autofirma_pfx="${_autofirma_dir}/autofirma.pfx" _cert_days="3650" _cert_cn="AutoFirma ROOT" diff --git a/nix/autofirma/default.nix b/nix/autofirma/default.nix index e280b00..38e4655 100644 --- a/nix/autofirma/default.nix +++ b/nix/autofirma/default.nix @@ -32,7 +32,6 @@ patches = [ ./patches/clienteafirma/pr-367.patch - ./patches/clienteafirma/certutilpath.patch ./patches/clienteafirma/etc_config.patch ./patches/clienteafirma/aarch64_elf.patch # Until https://github.com/ctt-gob-es/clienteafirma/pull/435 gets merged ] @@ -79,9 +78,6 @@ # Register the xmldoclet plugin in the pom.xml for documentation generation update-plugin-version-by-groupId "org.apache.maven.plugins" "maven-javadoc-plugin" "${javadocVersion}" add-xml-doclet-to-javadoc-plugin "${javadocVersion}" "${xmlDocletVersion}" - - substituteInPlace afirma-ui-simple-configurator/src/main/java/es/gob/afirma/standalone/configurator/ConfiguratorFirefoxLinux.java \ - --replace-fail '@certutilpath' '${nss.tools}/bin/certutil' ''; dontFixup = true; @@ -178,8 +174,7 @@ installPhase = '' runHook preInstall mkdir -p $out/bin $out/lib/AutoFirma - install -Dm644 afirma-simple/target/AutoFirma.jar $out/lib/AutoFirma - install -Dm644 afirma-ui-simple-configurator/target/AutoFirmaConfigurador.jar $out/lib/AutoFirma + install -Dm644 afirma-simple/target/autofirma.jar $out/lib/AutoFirma install -Dm644 preferences.json $out/lib/AutoFirma/preferences.json runHook postInstall @@ -219,7 +214,7 @@ --add-flags "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" \ --add-flags "-Dawt.useSystemAAFontSettings=lcd" \ --add-flags "-Dswing.aatext=true" \ - --add-flags "-jar ${autofirma-jar}/lib/AutoFirma/AutoFirma.jar" + --add-flags "-jar ${autofirma-jar}/lib/AutoFirma/autofirma.jar" substituteInPlace $out/etc/firefox/pref/AutoFirma.js \ --replace-fail /usr/bin/autofirma $out/bin/autofirma @@ -239,8 +234,8 @@ }; desktopItem = makeDesktopItem { - name = "AutoFirma"; - desktopName = "AutoFirma"; + name = "Autofirma"; + desktopName = "Autofirma"; genericName = "Herramienta de firma"; exec = "autofirma %u"; icon = "${thisPkg}/lib/AutoFirma/AutoFirma.png"; @@ -266,7 +261,7 @@ in ln -s ${thisPkg}/etc/firefox/pref/AutoFirma.js $out/etc/firefox/pref/AutoFirma.js ''; extraBwrapArgs = [ - "--ro-bind-try /etc/AutoFirma /etc/AutoFirma" + "--ro-bind-try /etc/Autofirma /etc/Autofirma" ]; passthru = { clienteafirma = thisPkg; diff --git a/nix/autofirma/hm-module.nix b/nix/autofirma/hm-module.nix index dae9d56..33c2890 100644 --- a/nix/autofirma/hm-module.nix +++ b/nix/autofirma/hm-module.nix @@ -61,12 +61,12 @@ in { literalExpression "`programs.autofirma.truststore.package` with applied configuration"; description = '' - The AutoFirma truststore package after applying configuration. + The Autofirma truststore package after applying configuration. ''; }; }; options.programs.autofirma = { - enable = mkEnableOption "AutoFirma"; + enable = mkEnableOption "Autofirma"; package = mkPackageOption inputs.self.packages.${system} "autofirma" {}; finalPackage = mkOption { type = types.package; @@ -79,7 +79,7 @@ in { literalExpression "`programs.autofirma.package` with applied configuration"; description = '' - The AutoFirma package after applying configuration. + The Autofirma package after applying configuration. ''; }; @@ -96,15 +96,15 @@ in { description = "Profile name."; }; - enable = mkEnableOption "Enable AutoFirma in this firefox profile."; + enable = mkEnableOption "Enable Autofirma in this firefox profile."; }; })); - description = "Firefox profiles to integrate AutoFirma with."; + description = "Firefox profiles to integrate Autofirma with."; }; config = mkOption { type = autofirma-prefs-format.type; - description = "Settings to apply to the AutoFirma package."; + description = "Settings to apply to the Autofirma package."; default = { }; }; @@ -114,7 +114,7 @@ in { (mkIf true { createAutoFirmaCert = lib.hm.dag.entryAfter ["writeBoundary"] '' verboseEcho Running create-autofirma-cert - run ${lib.getExe create-autofirma-cert} $VERBOSE_ARG ${config.home.homeDirectory}/.afirma/AutoFirma + run ${lib.getExe create-autofirma-cert} $VERBOSE_ARG ${config.home.homeDirectory}/.afirma/Autofirma ''; }) (mkIf ((boolsToStrings cfg.config) != defaultAutofirmaSettings) { @@ -135,7 +135,7 @@ in { programs.firefox.policies.Certificates = mkIf anyFirefoxIntegrationProfileIsEnabled { ImportEnterpriseRoots = true; - Install = [ "${config.home.homeDirectory}/.afirma/AutoFirma/AutoFirma_ROOT.cer" ]; + Install = [ "${config.home.homeDirectory}/.afirma/Autofirma/Autofirma_ROOT.cer" ]; }; programs.firefox.profiles = flip mapAttrs cfg.firefoxIntegration.profiles (name: {enable, ...}: { settings = mkIf enable { diff --git a/nix/autofirma/module.nix b/nix/autofirma/module.nix index 852b779..76083cc 100644 --- a/nix/autofirma/module.nix +++ b/nix/autofirma/module.nix @@ -23,13 +23,13 @@ in { literalExpression "`programs.autofirma.truststore.package` with applied configuration"; description = '' - The AutoFirma truststore package after applying configuration. + The Autofirma truststore package after applying configuration. ''; }; }; options.programs.autofirma = { - enable = mkEnableOption "AutoFirma"; + enable = mkEnableOption "Autofirma"; fixJavaCerts = mkEnableOption "Fix Java certificates"; package = mkPackageOption inputs.self.packages.${system} "autofirma" {}; finalPackage = mkOption { @@ -43,7 +43,7 @@ in { literalExpression "`programs.autofirma.package` with applied configuration"; description = '' - The AutoFirma package after applying configuration. + The Autofirma package after applying configuration. ''; }; firefoxIntegration.enable = mkEnableOption "Firefox integration"; @@ -59,18 +59,18 @@ in { "${cfg.finalPackage}/etc/firefox/pref/AutoFirma.js" ]; policies.Certificates.ImportEnterpriseRoots = true; - policies.Certificates.Install = [ "/etc/AutoFirma/AutoFirma_ROOT.cer" ]; + policies.Certificates.Install = [ "/etc/Autofirma/Autofirma_ROOT.cer" ]; }; }; config.systemd.services = mkIf (cfg.enable && cfg.firefoxIntegration.enable) { create-autofirma-cert = { enable = true; - description = "Create certificate for AutoFirma and browser communication"; + description = "Create certificate for Autofirma and browser communication"; wants = [ "display-manager.service" ]; serviceConfig = { Type = "oneshot"; - ExecStart = "${lib.getExe create-autofirma-cert} /etc/AutoFirma"; + ExecStart = "${lib.getExe create-autofirma-cert} /etc/Autofirma"; RemainAfterExit = true; }; wantedBy = [ "multi-user.target" ]; diff --git a/nix/autofirma/patches/clienteafirma/certutilpath.patch b/nix/autofirma/patches/clienteafirma/certutilpath.patch deleted file mode 100644 index 2d05cf1..0000000 --- a/nix/autofirma/patches/clienteafirma/certutilpath.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/afirma-ui-simple-configurator/src/main/java/es/gob/afirma/standalone/configurator/ConfiguratorFirefoxLinux.java b/afirma-ui-simple-configurator/src/main/java/es/gob/afirma/standalone/configurator/ConfiguratorFirefoxLinux.java -index 05aa49a81..194996a48 100644 ---- a/afirma-ui-simple-configurator/src/main/java/es/gob/afirma/standalone/configurator/ConfiguratorFirefoxLinux.java -+++ b/afirma-ui-simple-configurator/src/main/java/es/gob/afirma/standalone/configurator/ConfiguratorFirefoxLinux.java -@@ -33,8 +33,8 @@ final class ConfiguratorFirefoxLinux { - private static final Logger LOGGER = Logger.getLogger("es.gob.afirma"); //$NON-NLS-1$ - - private static final String FILE_AUTOFIRMA_CERTIFICATE = "AutoFirma_ROOT.cer"; //$NON-NLS-1$ -- private static final String CERTUTIL_EXE = "certutil"; //$NON-NLS-1$ -- private static final String CERTUTIL_RELATIVE_PATH = "certutil" + File.separator + CERTUTIL_EXE; //$NON-NLS-1$ -+ private static final String CERTUTIL_EXE = "@certutilpath"; //$NON-NLS-1$ -+ private static final String CERTUTIL_RELATIVE_PATH = "certutil" + File.separator + "certutil"; //$NON-NLS-1$ - - private static final String PROFILES_INI_RELATIVE_PATH = ".mozilla/firefox/profiles.ini";//$NON-NLS-1$ - private static final String PROFILES_INI_RELATIVE_PATH_UBUNTU_22 = "snap/firefox/common/.mozilla/firefox/profiles.ini"; //$NON-NLS-1$ diff --git a/nix/autofirma/patches/clienteafirma/etc_config.patch b/nix/autofirma/patches/clienteafirma/etc_config.patch index f9c67c9..82727f6 100644 --- a/nix/autofirma/patches/clienteafirma/etc_config.patch +++ b/nix/autofirma/patches/clienteafirma/etc_config.patch @@ -1,14 +1,14 @@ diff --git a/afirma-simple/src/main/java/es/gob/afirma/standalone/protocol/SecureSocketUtils.java b/afirma-simple/src/main/java/es/gob/afirma/standalone/protocol/SecureSocketUtils.java -index 4485c27aa..6e96cb830 100644 +index e925ac3ff..fd5838557 100644 --- a/afirma-simple/src/main/java/es/gob/afirma/standalone/protocol/SecureSocketUtils.java +++ b/afirma-simple/src/main/java/es/gob/afirma/standalone/protocol/SecureSocketUtils.java @@ -65,7 +65,8 @@ class SecureSocketUtils { - * @return Almacén de claves o {@code null} si no se encontró. */ - private static File getKeyStoreFile() { - -- File appDir = AutoFirmaUtil.getApplicationDirectory(); -+ // Check first in /etc for the KeyStoreFile -+ File appDir = new File("/etc/AutoFirma"); - - if (appDir != null && new File(appDir, KEYSTORE_NAME).exists() - && new File(appDir, CA_ROOT_NAME).exists()) { + * @return Almacén de claves o {@code null} si no se encontró. */ + private static File getKeyStoreFile() { + +- File appDir = DesktopUtil.getApplicationDirectory(); ++ // Check first in /etc for the KeyStoreFile ++ File appDir = new File("/etc/Autofirma"); + + if (appDir != null && new File(appDir, KEYSTORE_NAME).exists() + && new File(appDir, CA_ROOT_NAME).exists()) {