Статус: Активный участник
Группы: Участники
Зарегистрирован: 21.12.2016(UTC) Сообщений: 50  Откуда: Сургут Сказал(а) «Спасибо»: 10 раз
Поблагодарили: 3 раз в 2 постах
|
Добрый день. Есть машина Windows server 2012 r2 Установлено JDK 24 Код:C:\Program Files\Far Manager>java -version
java version "24" 2025-03-18
Java(TM) SE Runtime Environment (build 24+36-3646)
Java HotSpot(TM) 64-Bit Server VM (build 24+36-3646, mixed mode, sharing)
Код:C:\Program Files\Far Manager>javac -version
javac 24
Скачали jcp-2.0.41940-A Распаковали, запустили Код:ControlPane.bat C:\t_farm\jdk-24
Прописали лицензию и путь к HDImageStore В файле C:\t_farm\jdk-24\conf\security\java.security добавили строчки: Код:security.provider.14=JCP
security.provider.15=RevCheck
security.provider.16=Crypto
Прописали все нужные сертификаты: Код:C:\t_farm\jdk-24\bin\keytool -keystore C:/t_farm/jdk-24/lib/security/cacerts -importcert -alias gis-smev-2024-2025-2012_test -file C:/Users/U3962/Documents/42943.cer
C:\t_farm\jdk-24\bin\keytool -keystore C:/t_farm/jdk-24/lib/security/cacerts -importcert -alias cbcer-2024-2025-2012_test -file C:/Users/U3962/Documents/CB.cer
C:\t_farm\jdk-24\bin\keytool -keystore C:/t_farm/jdk-24/lib/security/cacerts -importcert -alias cifra-2024-2025-2012_test -file C:/Users/U3962/Documents/CIFRA.cer
C:\t_farm\jdk-24\bin\keytool -keystore C:/t_farm/jdk-24/lib/security/cacerts -importcert -alias taxcom-2024-2025-2012_test -file C:/Users/U3962/Documents/taxcom.cer
C:\t_farm\jdk-24\bin\keytool -keystore C:/t_farm/jdk-24/lib/security/cacerts -importcert -alias tsa-2024-2025-2012_test -file C:/Users/U3962/Documents/tsa.cer
Пробуем запустить программку которая делает CADES_T подписи. Выходит ошибка (если ту же программку запустить на jre1.8.0_121 и jcp-2.0.39014 - то работает нормально): Код:HDImageStore = gis-smev-2024-2025-2012
Mar 24, 2025 3:33:31 PM ru.CryptoPro.ssl.Provider b
INFO: JCP license isServer: true
Mar 24, 2025 3:33:32 PM ru.CryptoPro.JCP.tools.Starter <init>
INFO: Loading JCP 0.0.0.0.0
Mar 24, 2025 3:33:32 PM ru.CryptoPro.JCP.tools.Starter <init>
INFO: JCP has been loaded.
Mar 24, 2025 3:33:35 PM ru.CryptoPro.JCP.tools.SelfTesterBase c
SEVERE: [main] :: [ru.CryptoPro.JCP.tools.SelfTester_JCP] :: test 29 crashed twi
ce!
Mar 24, 2025 3:33:35 PM ru.CryptoPro.JCP.tools.SelfTesterBase checkClassInternal
SEVERE: [main] :: [ru.CryptoPro.JCP.tools.SelfTester_JCP] :: Corrupted: ru.Crypt
oPro.JCP.KeyStore.JCPKeyStore
ru.CryptoPro.JCP.tools.SelfTesterException
at ru.CryptoPro.JCP.tools.TestVerifyClassJar.run(Unknown Source)
at ru.CryptoPro.JCP.tools.SelfTesterBase.b(Unknown Source)
at ru.CryptoPro.JCP.tools.SelfTesterBase.a(Unknown Source)
at ru.CryptoPro.JCP.tools.SelfTesterBase.checkClassInternal(Unknown Sour
ce)
at ru.CryptoPro.JCP.tools.SelfTester_JCP.checkClass(Unknown Source)
at ru.CryptoPro.JCP.tools.Starter.a(Unknown Source)
at ru.CryptoPro.JCP.tools.Starter.check(Unknown Source)
at ru.CryptoPro.JCP.KeyStore.JCPKeyStore.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(KeyStore.java:1497)
at CADES_T.CADES_T.sign_cades_t(CADES_T.java:210)
at CADES_T.CADES_T.main(CADES_T.java:100)
Caused by: java.security.PrivilegedActionException: java.io.IOException
at java.base/java.security.AccessController.wrapException(AccessControll
er.java:394)
at java.base/java.security.AccessController.doPrivileged(AccessControlle
r.java:256)
... 11 more
Caused by: java.io.IOException
at ru.CryptoPro.JCP.tools.JarChecker.checkURLSign(Unknown Source)
at ru.CryptoPro.JCP.tools.cl_34.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessControlle
r.java:251)
... 11 more
Caused by: java.io.IOException: Digest of Jar file content is absent or invalid.
Manifest file is corrupted
at ru.CryptoPro.JCP.tools.JarChecker.b(Unknown Source)
at ru.CryptoPro.JCP.tools.JarChecker.c(Unknown Source)
at ru.CryptoPro.JCP.tools.JarChecker.checkJARSign(Unknown Source)
... 14 more
Exception in thread "main" ru.CryptoPro.JCP.tools.SelfTesterException: [main] ::
[ru.CryptoPro.JCP.tools.SelfTester_JCP] :: null
at ru.CryptoPro.JCP.tools.SelfTesterBase.checkClassInternal(Unknown Sour
ce)
at ru.CryptoPro.JCP.tools.SelfTester_JCP.checkClass(Unknown Source)
at ru.CryptoPro.JCP.tools.Starter.a(Unknown Source)
at ru.CryptoPro.JCP.tools.Starter.check(Unknown Source)
at ru.CryptoPro.JCP.KeyStore.JCPKeyStore.engineLoad(Unknown Source)
at java.base/java.security.KeyStore.load(KeyStore.java:1497)
at CADES_T.CADES_T.sign_cades_t(CADES_T.java:210)
at CADES_T.CADES_T.main(CADES_T.java:100)
Caused by: ru.CryptoPro.JCP.tools.SelfTesterException
at ru.CryptoPro.JCP.tools.TestVerifyClassJar.run(Unknown Source)
at ru.CryptoPro.JCP.tools.SelfTesterBase.b(Unknown Source)
at ru.CryptoPro.JCP.tools.SelfTesterBase.a(Unknown Source)
... 8 more
Caused by: java.security.PrivilegedActionException: java.io.IOException
at java.base/java.security.AccessController.wrapException(AccessControll
er.java:394)
at java.base/java.security.AccessController.doPrivileged(AccessControlle
r.java:256)
... 11 more
Caused by: java.io.IOException
at ru.CryptoPro.JCP.tools.JarChecker.checkURLSign(Unknown Source)
at ru.CryptoPro.JCP.tools.cl_34.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(AccessControlle
r.java:251)
... 11 more
Caused by: java.io.IOException: Digest of Jar file content is absent or invalid.
Manifest file is corrupted
at ru.CryptoPro.JCP.tools.JarChecker.b(Unknown Source)
at ru.CryptoPro.JCP.tools.JarChecker.c(Unknown Source)
at ru.CryptoPro.JCP.tools.JarChecker.checkJARSign(Unknown Source)
... 14 more
Подскажите, что не так? сама программа: Код:package CADES_T;
import ru.CryptoPro.JCP.*;
import ru.CryptoPro.JCP.Util.JCPInit;
import ru.CryptoPro.CAdES.CAdESSignature;
import ru.CryptoPro.CAdES.CAdESType;
import ru.CryptoPro.CAdES.exception.*;
import java.io.*;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.*;
import org.bouncycastle.cert.X509CertificateHolder;
import java.nio.file.Files;
import java.nio.file.Paths;
public class CADES_T {
public static void main(String[] args) throws UnrecoverableKeyException, CAdESException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, CRLException {
String in_fnsme;
String ou_fnsme ;
String s_store ;
String s_cer ;
String s_pass ;
String s_tsp ;
try
{
in_fnsme =args[0];
ou_fnsme =args[1];
s_store =args[2];
s_cer = args[3];
s_pass =args[4];
s_tsp =args[5];
}
catch (Exception e)
{
System.out.println(e.getMessage());
in_fnsme ="res_13681924154_orig.xml";
ou_fnsme ="res_13532125435_orig.xml.sig";
s_store = "HDImageStore";
s_cer = "gis-smev-2024-2025-2012";
s_pass = "xxxxxxxx";
s_tsp ="http://tax4.tensor.ru/tsp/";
}
byte[] cadesCms=sign_cades_t(in_fnsme,s_store,s_cer,s_pass,s_tsp);
FileOutputStream outs = new FileOutputStream(ou_fnsme);
outs.write(cadesCms);
outs.close();
}
//getPublicKeyOid
private static String getPublicKeyOid(PrivateKey privateKey) {
String privateKeyAlgorithm = privateKey.getAlgorithm();
if (privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_EL_2012_256_NAME) ||
privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_DH_2012_256_NAME)) {
return JCP.GOST_PARAMS_SIG_2012_256_KEY_OID;
} // if
else if (privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_EL_2012_512_NAME) ||
privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_DH_2012_512_NAME)) {
return JCP.GOST_PARAMS_SIG_2012_512_KEY_OID;
} // if
System.out.println("!!!GOST_EL_KEY_OID!!!");
return JCP.GOST_EL_KEY_OID;
}
//getDigestOid
private static String getDigestOid(PrivateKey privateKey) {
String privateKeyAlgorithm = privateKey.getAlgorithm();
if (privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_EL_2012_256_NAME) ||
privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_DH_2012_256_NAME)) {
System.out.println("!!!2012_256!!!");
return JCP.GOST_DIGEST_2012_256_OID;
} // if
else if (privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_EL_2012_512_NAME) ||
privateKeyAlgorithm.equalsIgnoreCase(JCP.GOST_DH_2012_512_NAME)) {
System.out.println("!!!2012_512!!!");
return JCP.GOST_DIGEST_2012_512_OID;
} // if
System.out.println("!!!GOST_DIGEST_OID!!!");
return JCP.GOST_DIGEST_OID;
}
//sign cades_t
private static byte[] sign_cades_t (String file_to_sign, String s_store, String s_cer, String s_pass, String s_tsp) throws CAdESException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, CRLException
{
//enable online check
System.setProperty("ru.CryptoPro.reprov.enableCRLDP", "true");
System.setProperty("com.sun.security.enableCRLDP", "true"); // для sun jvm
System.setProperty("com.ibm.security.enableCRLDP", "true"); // или ibm jvm
System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
System.setProperty("ru.CryptoPro.reprov.enableAIAcaIssuers", "true");
//System.setProperty("jcsp.disable.jarsigner.verify", "true");
String cer_story = s_store;
String cer_alias = s_cer;
String cer_pass_str = s_pass;
System.out.println("HDImageStore = "+cer_alias);
char[] cer_pass = cer_pass_str.toCharArray();
JCPInit.initProviders(false);
//load key store
KeyStore keyStore = KeyStore.getInstance( cer_story );
keyStore.load( null, null );
PrivateKey privateKey = (PrivateKey) keyStore.getKey( cer_alias, cer_pass );
//prepare chain
X509Certificate cert = (X509Certificate) keyStore.getCertificate( cer_alias );
List<X509Certificate> chain = Arrays.asList( cert );
//new cades sign
CAdESSignature cadesSignature = new CAdESSignature( true );
//add certs in sign
Collection<X509CertificateHolder> holderList = new ArrayList<X509CertificateHolder>();
for (X509Certificate cert1 : chain)
{
holderList.add(new X509CertificateHolder(cert1.getEncoded()));
}
cadesSignature.setCertificateStore(new CollectionStore(holderList));
//data to sign
byte[] src = Files.readAllBytes(Paths.get(file_to_sign));
cadesSignature.addSigner( "JCP", getDigestOid(privateKey),getPublicKeyOid(privateKey),privateKey, chain, CAdESType.CAdES_T, s_tsp, false );
// Будущая подпись в виде массива.
ByteArrayOutputStream signatureStream = new ByteArrayOutputStream();
// Подготовка контекста.
cadesSignature.open( signatureStream );
// Хеширование.
cadesSignature.update( src );
// Создание подписи с выводом в signatureStream.
cadesSignature.close();
signatureStream.close();
// Получаем подпись в виде массива.
return signatureStream.toByteArray();
}
}
Нашел тут же на форуме ответ - https://www.cryptopro.ru...aspx?g=posts&t=19626Нужно пересобрать JAR архив, и в моем случае заменить параметр Код:extract required libraries into generated jar
на Код:package required libraries into generated jar
Также, добавлена строка Код:JCPInit.initProviders(false);
Без нее из IDE все работает, а при запуске JAR - не может инициировать HDImageStore Отредактировано пользователем 24 марта 2025 г. 15:31:14(UTC)
| Причина: Не указана
|
