пользовательский , промежуточные , рутовые импортированы в CSP tools
Так же они лежат в папке

System.setProperty("com.sun.security.enableCRLDP", "false");
System.setProperty("com.ibm.security.enableCRLDP", "false");

KeyStore keyStore = KeyStore.getInstance("HDImageStore");
keyStore.load(null, null);

KeyManagerFactory kmf = KeyManagerFactory.getInstance("GostX509");
kmf.init(keyStore, "xxxx".toCharArray()); // пароль к ключу для отбора по типу и паролю

SSLContext sslCtx = SSLContext.getInstance("GostTLS");
sslCtx.init(kmf.getKeyManagers(), null, null);

SSLSocketFactory sslSocketFactory = sslCtx.getSocketFactory();

ЛОГ

2020-03-02 12:55:42.668 DEBUG 8100 --- [nio-8098-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to ru.is.edo.tls1_2.controller.WebControlle
r#request(String, String, String, String, String)
2020-03-02 12:55:45.061 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.JCP.tools.JCPLogger : Loading JCP 2.0.40714
2020-03-02 12:55:46.680 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.JCP.tools.JCPLogger : JCP loaded.
2020-03-02 12:55:46.797 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 12:55:46.961 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 12:55:47.086 WARN 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : %% No appropriate keys for handshake
PATH: C:\Users\dvevgraf\Local Settings\Application Data\Crypto Pro
2020-03-02 12:55:47.096 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl init.
2020-03-02 12:55:47.099 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trustStore is : No File Available, using empty ke
ystore.
2020-03-02 12:55:47.099 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trustStore type is : CertStore
2020-03-02 12:55:47.100 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trustStore provider is :
2020-03-02 12:55:47.100 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : init truststore
2020-03-02 12:55:47.107 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trigger seeding of SecureRandom
2020-03-02 12:55:47.108 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : done seeding SecureRandom
2020-03-02 12:55:47.108 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl initialized.
2020-03-02 12:55:47.113 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : keyStore is :
2020-03-02 12:55:47.113 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : keyStore type is :
2020-03-02 12:55:47.114 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : keyStore provider is :
2020-03-02 12:55:47.114 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : init keystore
2020-03-02 12:55:47.115 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : init keymanager of type GostX509
2020-03-02 12:55:47.142 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 12:55:47.150 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 12:55:47.156 WARN 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : %% No appropriate keys for handshake
PATH: C:\Users\dvevgraf\Local Settings\Application Data\Crypto Pro
2020-03-02 12:55:47.157 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trustStore is : No File Available, using empty ke
ystore.
2020-03-02 12:55:47.157 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trustStore type is : CertStore
2020-03-02 12:55:47.158 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trustStore provider is :
2020-03-02 12:55:47.158 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : init truststore
2020-03-02 12:55:47.159 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl init.
2020-03-02 12:55:47.162 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : trigger seeding of SecureRandom
2020-03-02 12:55:47.162 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : done seeding SecureRandom
2020-03-02 12:55:47.163 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl initialized.
2020-03-02 12:55:47.164 INFO 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : DefaultSSLContext initialized.
2020-03-02 12:55:47.408 WARN 8100 --- [nio-8098-exec-4] ru.CryptoPro.ssl.SSLLogger : http-nio-8098-exec-4, handling exception: java.lan
g.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
2020-03-02 12:55:47.412 DEBUG 8100 --- [nio-8098-exec-4] o.s.web.servlet.DispatcherServlet : Failed to complete request: javax.net.ssl.SSLExcep
tion: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

В папку сложили уже все
-a--- 20.01.2020 17:21 6119 Operator_WMS.pfx
-a--- 25.02.2020 20:43 3218 PAO_MegaFon_GOST2012.p7b
-a--- 02.03.2020 14:34 219 run.cmd
-a--- 02.03.2020 14:27 23785611 tls1_2-l.jar
-a--- 02.03.2020 12:34 1681 tlsca.p7b
-a--- 02.03.2020 12:34 1143 tlscaroot.p7b


Код такой !
KeyStore trustStore = KeyStore.getInstance("HDImageStore","JCP");
trustStore.load(new FileInputStream( TRUST_STORE_PATH ), TRUST_STORE_PASSWD.toCharArray());

// Менеджер хранилища
TrustManagerFactory tmf = TrustManagerFactory.getInstance("GostX509");
tmf.init(trustStore);
TrustManager tms[] = tmf.getTrustManagers();


Получаем
va.io.FileNotFoundException: C:\Distr\certs (Access is denied)
at java.io.FileInputStream.open0(Native Method) ~[na:1.8.0_121]
at java.io.FileInputStream.open(Unknown Source) ~[na:1.8.0_121]
at java.io.FileInputStream.<init>(Unknown Source) ~[na:1.8.0_121]
at java.io.FileInputStream.<init>(Unknown Source) ~[na:1.8.0_121]
at ru.is.edo.tls1_2.controller.WebController.request(WebController.java:94) ~[classes!/:l]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_121]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_121]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_121]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_121]

Нет доступа к файлу у того пользователя, под которым запускаете код.

Странный набор файлов. Что из этого хранилище доверенных сертификатов? certs - это папка или файл? Должно быть хранилище доверенных корневых сертификатов.

Отредактировано пользователем 2 марта 2020 г. 15:33:35(UTC)  | Причина: Не указана

Посмотрите документацию + рук-во разработчика.
CSP никакого отношения к JCP (Java) не имеет (разве что папка с ключевыми контейнерами на диске общая). Нужно создать хранилище доверенных корневых сертификатов (формата CertStore или иного: JKS и т.д.) и поместить туда корневой сертификат цепочки сертификатов другой стороны (куда подключаетесь), задать это хранилище в коде (это вы уже сделали).

Отредактировано пользователем 2 марта 2020 г. 17:33:41(UTC)  | Причина: Не указана

Экспортнул сертификат через виндовую утилиту
DER encoded binary X.509 (.CER)

Создал хранилище
keytool -import -v -trustcacerts -alias Root -file c:\Distr\cert\pao.cer -keystore c:\Distr\cert\.keystorev -storepas
s 11111111 -storetype HDImageStore -sigalg GOST3411withGOST3410EL -provider ru.CryptoPro.JCP.JCP

Файл подсунул
>dir "C:\Users\dvevgraf\Local Settings\Application Data\Crypto Pro"
Directory of C:\Users\dvevgraf\Local Settings\Application Data\Crypto Pro
02.03.2020 19:59 <DIR> .
02.03.2020 19:59 <DIR> ..
02.03.2020 19:46 1†334 .keystorev


Подсунул хранилище при запуске
java -jar C:\Distr\curl32\bin\tls1_2-l.jar ^
--debug=false ^
--TRUST_STORE_PASSWD=11111111 ^
--TRUST_STORE_PATH=.keystorev ^
-Djavax.net.ssl.trustStore=.keystorev ^
-Djavax.net.ssl.trustStorePassword=11111111


Удалось программно считать
ru.CryptoPro.JCP.tools.JCPLogger : JCP loaded.
r.i.edo.tls1_2.controller.WebController : certStr S:CN="ѕјќ \"ћега‘он\"", O="ѕјќ \"ћега‘он\
"", L=ћосква, C=RU, ST=77 г. ћосква, STREET= адашевска€ наб. д. 30, OID.1.2.643.3.131.1.1=#120C303037383132303134353630, OID.1.2.643.100.1=#120D313032
37383039313639353835
I:CN="ѕјќ \"ћега‘он\"", O="ѕјќ \"ћега‘он\"", L=ћосква, C=RU, ST=77 г. ћосква, STREET= адашевска€ наб. д. 30, OID.1.2.643.3.131.1.1=#120C30303738313230
3134353630, OID.1.2.643.100.1=#120D31303237383039313639353835


Но при подключении все равно ошибка the trustAnchors parameter must be non-empty
2020-03-02 20:01:00.242 INFO 11212 --- [nio-8098-exec-3] o.s.web.servlet.DispatcherServlet : Completed initialization in 32 ms
2020-03-02 20:01:00.418 INFO 11212 --- [nio-8098-exec-3] r.i.edo.tls1_2.controller.WebController : KeyManagerFactory
2020-03-02 20:01:00.572 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:01.258 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:01.488 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:01.709 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:01.889 WARN 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% No appropriate keys for handshake
PATH: C:\Users\dvevgraf\Local Settings\Application Data\Crypto Pro
2020-03-02 20:01:01.890 INFO 11212 --- [nio-8098-exec-3] r.i.edo.tls1_2.controller.WebController : sslCtx
2020-03-02 20:01:01.948 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl init.
2020-03-02 20:01:01.984 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : trigger seeding of SecureRandom
2020-03-02 20:01:01.988 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : done seeding SecureRandom
2020-03-02 20:01:01.989 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl initialized.
2020-03-02 20:01:01.997 INFO 11212 --- [nio-8098-exec-3] r.i.edo.tls1_2.controller.WebController : HttpsURLConnection
2020-03-02 20:01:02.003 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : keyStore is :
2020-03-02 20:01:02.004 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : keyStore type is :
2020-03-02 20:01:02.005 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : keyStore provider is :
2020-03-02 20:01:02.006 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : init keystore
2020-03-02 20:01:02.007 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : init keymanager of type GostX509
2020-03-02 20:01:02.036 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:02.061 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:02.076 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:02.092 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% adding as private keys %%
2020-03-02 20:01:02.097 WARN 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : %% No appropriate keys for handshake
PATH: C:\Users\dvevgraf\Local Settings\Application Data\Crypto Pro
2020-03-02 20:01:02.099 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : trustStore is : No File Available, using empty keystore.
2020-03-02 20:01:02.100 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : trustStore type is : CertStore
2020-03-02 20:01:02.102 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : trustStore provider is :
2020-03-02 20:01:02.102 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : init truststore
2020-03-02 20:01:02.103 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl init.
2020-03-02 20:01:02.145 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : trigger seeding of SecureRandom
2020-03-02 20:01:02.147 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : done seeding SecureRandom
2020-03-02 20:01:02.149 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : SSLContextImpl initialized.
2020-03-02 20:01:02.150 INFO 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : DefaultSSLContext initialized.
2020-03-02 20:01:02.286 WARN 11212 --- [nio-8098-exec-3] ru.CryptoPro.ssl.SSLLogger : http-nio-8098-exec-3, handling exception: java.la
ng.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
2020-03-02 20:01:02.296 ERROR 11212 --- [nio-8098-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet]
in context with path [] threw exception

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter
must be non-empty
at ru.CryptoPro.ssl.cl_2.a(Unknown Source) ~[cpSSL.jar:40714]
at ru.CryptoPro.ssl.SSLSocketImpl.a(Unknown Source) ~[cpSSL.jar:40714]
at ru.CryptoPro.ssl.SSLSocketImpl.a(Unknown Source) ~[cpSSL.jar:40714]
at ru.CryptoPro.ssl.SSLSocketImpl.a(Unknown Source) ~[cpSSL.jar:40714]
at ru.CryptoPro.ssl.SSLSocketImpl.b(Unknown Source) ~[cpSSL.jar:40714]
at ru.CryptoPro.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[cpSSL.jar:40714]