Пытаюсь построить CAdes-BES подпись.
Код:
Код: KeyStore keyStore = getKeyStoreWithPathAndPassword(keyStorePath,keyStorePassword);
KeyStore trustedStore = getTrustedKeyStore(trustStorePath,trustStorePassword);
// Reading the key and the certificates.
//
// Чтение ключа.
Map<String,PublicKey> keys = getPublicKeys(aliases,keyStore,keyStorePassword);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(aliases[0], password);
PublicKey publicKey= keys.get(aliases[2]);
Certificate pKeyCert = keyStore.getCertificate(aliases[0]);
String[] aliases2 = Arrays.copyOfRange(aliases,1,aliases.length-1);
Map<String,Certificate> chainCerts = getCertsFromKeyStore(aliases2,trustedStore);
Map<String,CertSavingAction> actions = getSavingActions(aliases2,new ArrayList<String>());
checkCertificate("C:\\Program Files\\Amazon Corretto\\jdk1.8.0_212\\jre\\lib\\security\\cacerts",
"C:\\Temp\\cacerts\\cacerts",chainCerts,actions);
List<X509Certificate> chain = getCertChainFromMap(chainCerts,pKeyCert,aliases[0],aliases2);
// Signing the data
CAdESSignature cAdESSignature = new CAdESSignature();
CollectionStore store = new CollectionStore(getCertHolderList(chain));
cAdESSignature.setCertificateStore(store);
chainCerts.put("Prihozheva",pKeyCert);
verifyCerts(chainCerts,publicKey,providerMap.get("JCP"));
addSignerToSignature(cAdESSignature,privateKey,chain);
ByteArrayOutputStream signatureStream = new ByteArrayOutputStream();
try {
cAdESSignature.open(signatureStream);
cAdESSignature.update(data);
cAdESSignature.close();
} finally {
signatureStream.close();
}
return signatureStream.toByteArray();
Во время выполнения строки [1] получаю следующий эксепшен:
online: trueFor online validation by CRLDP parameter 'com.sun.security.enableCRLDP' (Oracle) or 'com.ibm.security.enableCRLDP' (IBM) must be set 'true' to enable or 'ocsp.enable' must be set 'true' (OCSP), or CRL passed for offline validation
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.CAdES.cl_1.addSigner(Unknown Source) ~[CAdES.jar:41473]
at ru.ets.http.HttpContext.addSignerToSignature(HttpContext.java:443) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.http.HttpContext.signCadesBes(HttpContext.java:598) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.http.HttpContext.loginBrCert9(HttpContext.java:2228) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrCertLoginConnector.login(BrCertLoginConnector.java:33) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrUploadJob.login(BrUploadJob.java:67) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrUploadJob.runJob(BrUploadJob.java:141) ~[business-logic-1.0-SNAPSHOT.jar:?]
... 5 more
Caused by: java.security.cert.CertPathValidatorException: Could not determine revocation status
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) ~[?:1.8.0_212]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233) ~[?:1.8.0_212]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141) ~[?:1.8.0_212]
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) ~[?:1.8.0_212]
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_212]
at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source) ~[JCPRevCheck.jar:41473]
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_212]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.CAdES.cl_1.addSigner(Unknown Source) ~[CAdES.jar:41473]
at ru.ets.http.HttpContext.addSignerToSignature(HttpContext.java:443) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.http.HttpContext.signCadesBes(HttpContext.java:598) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.http.HttpContext.loginBrCert9(HttpContext.java:2228) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrCertLoginConnector.login(BrCertLoginConnector.java:33) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrUploadJob.login(BrUploadJob.java:67) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrUploadJob.runJob(BrUploadJob.java:141) ~[business-logic-1.0-SNAPSHOT.jar:?]
... 5 more
Caused by: java.security.cert.CertPathValidatorException: Could not determine revocation status
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source) ~[JCPRevCheck.jar:41473]
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source) ~[JCPRevCheck.jar:41473]
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source) ~[JCPRevCheck.jar:41473]
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source) ~[JCPRevCheck.jar:41473]
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source) ~[JCPRevCheck.jar:41473]
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a(Unknown Source) ~[JCPRevCheck.jar:41473]
at ru.CryptoPro.reprov.certpath.CrlRevocationChecker.check(Unknown Source) ~[JCPRevCheck.jar:41473]
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) ~[?:1.8.0_212]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233) ~[?:1.8.0_212]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141) ~[?:1.8.0_212]
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) ~[?:1.8.0_212]
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_212]
at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source) ~[JCPRevCheck.jar:41473]
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_212]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.AdES.certificate.BaseCertificateChainValidatorImpl.validate(Unknown Source) ~[AdES-core.jar:41473]
at ru.CryptoPro.CAdES.cl_1.addSigner(Unknown Source) ~[CAdES.jar:41473]
at ru.ets.http.HttpContext.addSignerToSignature(HttpContext.java:443) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.http.HttpContext.signCadesBes(HttpContext.java:598) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.http.HttpContext.loginBrCert9(HttpContext.java:2228) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrCertLoginConnector.login(BrCertLoginConnector.java:33) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrUploadJob.login(BrUploadJob.java:67) ~[business-logic-1.0-SNAPSHOT.jar:?]
at ru.ets.bo.scheduler.job.BrUploadJob.runJob(BrUploadJob.java:141) ~[business-logic-1.0-SNAPSHOT.jar:?]
... 5 more
Настройки в CSP и JCP:
csp_jcp_screenshot.png
(54kb) загружен 1 раз(а).Соответственно, вопросы:
1. Можно ли как-то отключить проверку статуса отзыва, чтобы этой ошибки не было?
2. Можно ли как-то другим способом исправить эту ошибку?
3. На что влияет изменение настроек:
Код:Security.setProperty("ocsp.enable",flag1);
System.setProperty("com.sun.security.enableCRLDP", flag2);
System.setProperty("com.ibm.security.enableCRLDP", flag2);
Пробовал все четыре варианта, не изменилось ничего.
4. Как можно изменить настройки JCP и CSP через java код? Есть ли такая возможность?
