Спасибо за ответ. Мне как раз и надо проверить, что сертификат, который сейчас истек, на дату из штампа времени вполне себе действовал.
Возможно, цепочку и не получится восстановить. Но ведь подпись должна быть валидна в этом случае. А мы получаем исключение из verify
Сертификат из штампа времени полностью прошел проверку и математически, и по цепочке.
*11:38:18.527 JCPLogger : Basic signature validation completed.
*11:38:18.527 JCPLogger : Validating the signature identifier.
*11:38:18.529 JCPLogger : %%% Signer is verified %%%
*11:38:18.530 JCPLogger : Valid timestamp found!
*11:38:18.530 JCPLogger : %%% Verifying signer... %%%
*11:38:18.531 JCPLogger : Basic signature validation...
*11:38:18.531 JCPLogger : Verifying binary signature...
*11:38:18.531 JCPLogger : Find a provider that implements the digest algorithm 1.2.643.7.1.1.2.2 (JCP)
*11:38:18.532 JCPLogger : Find a provider that implements the digest algorithm 1.2.643.7.1.1.2.2 (JCP)
*11:38:18.533 JCPLogger : ENTRY
*11:38:18.533 JCPLogger : RETURN
*11:38:18.533 JCPLogger : ENTRY
*11:38:18.534 JCPLogger : RETURN
*11:38:18.534 JCPLogger : ENTRY
*11:38:18.538 JCPLogger : RETURN
*11:38:18.538 JCPLogger : Raw signature is verified by the certificate
serial number: ******
subject: OID.1.2.643.100.1=#******, OID.1.2.643.100.3=#******, OID.1.2.643.100.4=#******, EMAILADDRESS=******, O="******", CN="******", SURNAME=******, GIVENNAME=******, C=RU, L=МОСКВА, ST=г. Москва, STREET="******"
signature provider: JCP
*11:38:18.538 JCPLogger : Building signer certificate chain...
*11:38:18.539 JCPLogger : %%% Building certificate chain for certificate:
serial number: ******
subject: OID.1.2.643.100.1=#******, OID.1.2.643.100.3=#******, OID.1.2.643.100.4=#******, EMAILADDRESS=******, O="******", CN="******", SURNAME=******, GIVENNAME=******, C=RU, L=МОСКВА, ST=г. Москва, STREET="******"
issuer: CN="ООО \"КОМПАНИЯ \"ТЕНЗОР\"", O="ООО \"КОМПАНИЯ \"ТЕНЗОР\"", OU=Удостоверяющий центр, STREET="Московский проспект, д. 12", L=г. Ярославль, ST=76 Ярославская область, C=RU, OID.1.2.643.3.131.1.1=#120C303037363035303136303330, OID.1.2.643.100.1=#120D31303237363030373837393934, EMAILADDRESS=ca_tensor@tensor.ru
%%%
*11:38:18.539 JCPLogger : Find a provider that implements the signature algorithm identifier 1.2.643.7.1.1.3.2 (JCP)
*11:38:18.540 JCPLogger : %%% Building the certificate chain for the target certificate
serial number: ******
subject: OID.1.2.643.100.1=#******, OID.1.2.643.100.3=#******, OID.1.2.643.100.4=#******, EMAILADDRESS=******, O="******", CN="******", SURNAME=******, GIVENNAME=******, C=RU, L=МОСКВА, ST=г. Москва, STREET="******"
issuer: CN="ООО \"КОМПАНИЯ \"ТЕНЗОР\"", O="ООО \"КОМПАНИЯ \"ТЕНЗОР\"", OU=Удостоверяющий центр, STREET="Московский проспект, д. 12", L=г. Ярославль, ST=76 Ярославская область, C=RU, OID.1.2.643.3.131.1.1=#120C303037363035303136303330, OID.1.2.643.100.1=#120D31303237363030373837393934, EMAILADDRESS=ca_tensor@tensor.ru
signature provider: JCP
validation date: null
native implementation: true
%%%
*11:38:18.540 JCPLogger : Date for building of the certificate chain: null
*11:38:18.541 INFO 6456 --- [io-11011-exec-2] JCPLogger : System Preference Node: /ru/CryptoPro/reprov.disable_tsp_cert_app_ext_checker=false
*11:38:18.541 INFO 6456 --- [io-11011-exec-2] JCPLogger : System Preference Node: /ru/CryptoPro/reprov.disable_enroll_cert_type_ext_checker=false
*11:38:18.542 JCPLogger : %%% Build chain for certificate:
serial number: ******
subject: OID.1.2.643.100.1=#******, OID.1.2.643.100.3=#******, OID.1.2.643.100.4=#******, EMAILADDRESS=******, O="******", CN="******", SURNAME=******, GIVENNAME=******, C=RU, L=МОСКВА, ST=г. Москва, STREET="******"
issuer: CN="ООО \"КОМПАНИЯ \"ТЕНЗОР\"", O="ООО \"КОМПАНИЯ \"ТЕНЗОР\"", OU=Удостоверяющий центр, STREET="Московский проспект, д. 12", L=г. Ярославль, ST=76 Ярославская область, C=RU, OID.1.2.643.3.131.1.1=#120C303037363035303136303330, OID.1.2.643.100.1=#120D31303237363030373837393934, EMAILADDRESS=ca_tensor@tensor.ru
Valid from: 06.09.21 19:00 until: 06.09.22 19:10
*11:38:18.542 JCPLogger : SunCertPathBuilder.buildForward()...
*11:38:18.552 JCPLogger : SunCertPathBuilder.depthFirstSearchForward(ОГРН=******, СНИЛС=******, КПП=******, EMAILADDRESS=******, O="******", CN="******", SN=******, G=******, C=RU, L=МОСКВА, ST=г. Москва, STREET="******", State [
issuerDN of last cert: null
traversedCACerts: 0
init: true
keyParamsNeeded: false
subjectNamesTraversed:
[]]
)
*11:38:18.552 JCPLogger : ForwardBuilder.getMatchingCerts()...
*11:38:18.553 JCPLogger : ForwardBuilder.getMatchingEECerts()...
*11:38:18.553 JCPLogger : ForwardBuilder.getMatchingCACerts()...
*11:38:18.553 JCPLogger : ForwardBuilder.getMatchingCACerts(): ca is target
*11:38:18.554 JCPLogger : ForwardBuilder.getMatchingCACerts: found 0 CA certs
*11:38:18.554 JCPLogger : SunCertPathBuilder.depthFirstSearchForward(): certs.size= 0
*11:38:18.554 JCPLogger : SunCertPathBuilder.engineBuild: 2nd pass
*11:38:18.555 JCPLogger : SunCertPathBuilder.buildForward()...
*11:38:18.564 JCPLogger : SunCertPathBuilder.depthFirstSearchForward(ОГРН=******, СНИЛС=******, КПП=******, EMAILADDRESS=******, O="******", CN="******", SN=******, G=******, C=RU, L=МОСКВА, ST=г. Москва, STREET="******", State [
issuerDN of last cert: null
traversedCACerts: 0
init: true
keyParamsNeeded: false
subjectNamesTraversed:
[]]
)
*11:38:18.564 JCPLogger : ForwardBuilder.getMatchingCerts()...
*11:38:18.564 JCPLogger : ForwardBuilder.getMatchingEECerts()...
*11:38:18.565 JCPLogger : ForwardBuilder.getMatchingCACerts()...
*11:38:18.565 JCPLogger : ForwardBuilder.getMatchingCACerts(): ca is target
*11:38:18.566 JCPLogger : ForwardBuilder.getMatchingCACerts: found 0 CA certs
*11:38:18.566 JCPLogger : SunCertPathBuilder.depthFirstSearchForward(): certs.size= 0
*11:38:18.568 JCPLogger : THROW
ru.CryptoPro.reprov.certpath.JCPCertPathBuilderException: unable to find valid certification path to requested target
at ru.CryptoPro.reprov.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[JCPRevCheck.jar:41789]
at ru.CryptoPro.reprov.CPCertPathBuilder.engineBuild(Unknown Source) ~[JCPRevCheck.jar:41789]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_221]
at ru.CryptoPro.AdES.certificate.CertificateChainBuilderImpl$1CertPathBuilderWrapper.build(Unknown Source) ~[AdES-core.jar:39852]
at ru.CryptoPro.AdES.certificate.CertificateChainBuilderImpl.build(Unknown Source) [AdES-core.jar:39852]
at ru.CryptoPro.AdES.certificate.CertificateChainBuilderImpl.build(Unknown Source) [AdES-core.jar:39852]
at ru.CryptoPro.AdES.external.signature.AdESSigner.build(Unknown Source) [AdES-core.jar:39852]
at ru.CryptoPro.CAdES.CAdESSignerPKCS7Impl.verify(Unknown Source) [CAdES.jar:39852]
at ru.CryptoPro.CAdES.CAdESSignerBESImpl.verify(Unknown Source) [CAdES.jar:39852]
at ru.CryptoPro.CAdES.CAdESSignerTImpl.verify(Unknown Source) [CAdES.jar:39852]
at ru.CryptoPro.CAdES.cl_0.verify(Unknown Source) [CAdES.jar:39852]
at ru.CryptoPro.CAdES.cl_0.verify(Unknown Source) [CAdES.jar:39852]
