Статус: Участник
Группы: Участники
Зарегистрирован: 25.10.2021(UTC) Сообщений: 17  Откуда: Воронеж
|
С сертификатом с серийным номером 2bb3cb0044adabbb405a1276f661ae94 проверка подписи прошла успешно.
Спасибо за помощь!
|
|
|
|
|
|
Статус: Участник
Группы: Участники
Зарегистрирован: 25.10.2021(UTC) Сообщений: 17 Откуда: Воронеж
|
Столкнулись с проблемой при проверке CADES_T подписи при развернутом в openshift spring-boot приложении. У нас возникает старая ошибка: Код:
ru.CryptoPro.CAdES.exception.TimeStampValidationException: Timestamp is invalid
at ru.CryptoPro.CAdES.CAdESSignerTImpl.d(Unknown Source) ~[CAdES-1.0.jar!/:?]
at ru.CryptoPro.CAdES.CAdESSignerTImpl.verify(Unknown Source) ~[CAdES-1.0.jar!/:?]
at ru.CryptoPro.CAdES.cl_1.verify(Unknown Source) ~[CAdES-1.0.jar!/:?]
at ru.CryptoPro.CAdES.cl_1.verify(Unknown Source) ~[CAdES-1.0.jar!/:?]
at ru.rencredit.services.crypto_pro.crypto.operation.JWTVerifyCadesTSignature.execute_aroundBody0(JWTVerifyCadesTSignature.java:34) ~[classes!/:2.1.3-SNAPSHOT]
at ru.rencredit.services.crypto_pro.crypto.operation.JWTVerifyCadesTSignature$AjcClosure1.run(JWTVerifyCadesTSignature.java:1) ~[classes!/:2.1.3-SNAPSHOT]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:167) ~[aspectjrt-1.9.5.jar!/:?]
at ru.rencredit.starters.aoplogging.LoggingAspect.logMethodExecutionWithValuesAndResult(LoggingAspect.java:118) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.starters.aoplogging.LoggingAspect.ajc$inlineAccessMethod$ru_rencredit_starters_aoplogging_LoggingAspect$ru_rencredit_starters_aoplogging_LoggingAspect$logMethodExecutionWithValuesAndResult(LoggingAspect.java:1) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.starters.aoplogging.LoggingAspect.logServiceExecution(LoggingAspect.java:25) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.services.crypto_pro.crypto.operation.JWTVerifyCadesTSignature.execute(JWTVerifyCadesTSignature.java:24) ~[classes!/:2.1.3-SNAPSHOT]
at ru.rencredit.services.crypto_pro.manager.impl.CryptoProManagerJWTImpl.verifyJWT_aroundBody0(CryptoProManagerJWTImpl.java:42) ~[classes!/:2.1.3-SNAPSHOT]
at ru.rencredit.services.crypto_pro.manager.impl.CryptoProManagerJWTImpl$AjcClosure1.run(CryptoProManagerJWTImpl.java:1) ~[classes!/:2.1.3-SNAPSHOT]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:167) ~[aspectjrt-1.9.5.jar!/:?]
at ru.rencredit.starters.aoplogging.LoggingAspect.logMethodExecutionWithValuesAndResult(LoggingAspect.java:118) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.starters.aoplogging.LoggingAspect.ajc$inlineAccessMethod$ru_rencredit_starters_aoplogging_LoggingAspect$ru_rencredit_starters_aoplogging_LoggingAspect$logMethodExecutionWithValuesAndResult(LoggingAspect.java:1) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.starters.aoplogging.LoggingAspect.logServiceExecution(LoggingAspect.java:25) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.services.crypto_pro.manager.impl.CryptoProManagerJWTImpl.verifyJWT(CryptoProManagerJWTImpl.java:34) ~[classes!/:2.1.3-SNAPSHOT]
at ru.rencredit.services.crypto_pro.service.impl.CryptoProServiceImpl.verifyJWTCadesT(CryptoProServiceImpl.java:125) ~[classes!/:2.1.3-SNAPSHOT]
at ru.rencredit.services.crypto_pro.controller.CryptoProController.verifyJWTCadesT_aroundBody16(CryptoProController.java:196) ~[classes!/:2.1.3-SNAPSHOT]
at ru.rencredit.services.crypto_pro.controller.CryptoProController$AjcClosure17.run(CryptoProController.java:1) ~[classes!/:2.1.3-SNAPSHOT]
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:167) ~[aspectjrt-1.9.5.jar!/:?]
at ru.rencredit.starters.aoplogging.LoggingAspect.logMethodExecutionWithValuesAndResult(LoggingAspect.java:118) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.starters.aoplogging.LoggingAspect.ajc$inlineAccessMethod$ru_rencredit_starters_aoplogging_LoggingAspect$ru_rencredit_starters_aoplogging_LoggingAspect$logMethodExecutionWithValuesAndResult(LoggingAspect.java:1) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.starters.aoplogging.LoggingAspect.logServiceExecution(LoggingAspect.java:25) ~[aop-logging-spring-boot-starter-2.0.0.jar!/:2.0.0]
at ru.rencredit.services.crypto_pro.controller.CryptoProController.verifyJWTCadesT(CryptoProController.java:194) ~[classes!/:2.1.3-SNAPSHOT]
at ru.rencredit.services.crypto_pro.controller.CryptoProController$$FastClassBySpringCGLIB$$c49d182a.invoke(<generated>) ~[classes!/:2.1.3-SNAPSHOT]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:769) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.validation.beanvalidation.MethodValidationInterceptor.invoke(MethodValidationInterceptor.java:120) ~[spring-context-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at ru.rencredit.starters.redmetrics.aop.RedMetricsAspect.updateMetrics(RedMetricsAspect.java:127) ~[redmetrics-spring-boot-autoconfigure-1.2.1.jar!/:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:747) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:689) ~[spring-aop-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at ru.rencredit.services.crypto_pro.controller.CryptoProController$$EnhancerBySpringCGLIB$$871073d2.verifyJWTCadesT(<generated>) ~[classes!/:2.1.3-SNAPSHOT]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:888) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at ru.rencredit.services.toolkit.rest.components.LoggingFilter.doFilterInternal(LoggingFilter.java:69) ~[toolkit-6.1.0.jar!/:6.1.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at ru.rencredit.services.toolkit.rest.components.MdcHeadersFilter.doFilterInternal(MdcHeadersFilter.java:35) ~[toolkit-6.1.0.jar!/:6.1.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108) ~[spring-boot-actuator-2.2.4.RELEASE.jar!/:2.2.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.3.RELEASE.jar!/:5.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at brave.servlet.TracingFilter.doFilter(TracingFilter.java:82) ~[brave-instrumentation-servlet-5.9.3.jar!/:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.30.jar!/:9.0.30]
at java.lang.Thread.run(Thread.java:829) [?:?]
В нашем случае мы используем собственный truststore, в который загружается рутовый сертификат для проверки подписи. Приложение мы стартуем со следующими флагами: Код:
-Djavax.net.ssl.trustStore=/opt/services/jks/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit
Мы используем следующую версию библиотеки крипто про: jcp-2-0-41940-A При проверки данной подписи локально(когда в cacerts java загружен нужный нам рутовый сертификат) проходит успешно. Падаем при проверки данной подписи на развернутом приложении в openshift. Подскажите, работает ли библиотека крипто про с кастомным truststore? Из логов крито про вижу только: Код:
Loading JCP 2.0.41940-A
JCP has been loaded.
|
|
|
|
|
|
Статус: Сотрудник
Группы: Участники
Зарегистрирован: 06.12.2008(UTC) Сообщений: 3,963 Откуда: Крипто-Про Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 704 раз в 665 постах
|
javax.net.ssl.trustStore - trust store для ssl, в тех случаях, когда библиотека/приложение читает из свойства javax.net.ssl.trustStore. В случае JCP это делает только модуль cpSSL.jar для TLS. |
|
|
|
|
|
|
Статус: Участник
Группы: Участники
Зарегистрирован: 25.10.2021(UTC) Сообщений: 17 Откуда: Воронеж
|
Евгений, я правильно понимаю что для проверки CADES_T подписи нам нужно грузить сертификат только в cacerts JAVA_HOME?
|
|
|
|
|
|
Статус: Сотрудник
Группы: Участники
Зарегистрирован: 06.12.2008(UTC) Сообщений: 3,963 Откуда: Крипто-Про Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 704 раз в 665 постах
|
Автор: oleg172  Евгений, я правильно понимаю что для проверки CADES_T подписи нам нужно грузить сертификат только в cacerts JAVA_HOME? Да. |
|
|
|
|
|
|
Быстрый переход
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.
Important Information:
The Форум КриптоПро uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
