Крипто-модуль Газпромбанка на Debian 12
Возникла проблема при попытке запуска крипто модуля Газпромбанка на Debian 12 для входа в ГПБ Бизнес онлайн с помощю ЭЦП. Лицензия CryptoPro SCP 5 Установлена. Если просто запустить crypto-module.jar
user@Z:/home/user$ sudo java --module-path /usr/share/openjfx/lib/ --add-modules javafx.controls -jar /home/user/Soft/Crypto-module/crypto-module.jar
Крипто модуль запускается, Газпромбанк видит его, однако после запроса на использование ключей и моего разрешения, Газпробанк выдаёт внутреннюю ошибку сервера:
Код ошибки: 99
java.security.KeyStoreException:
java.security.NoSuchProviderException:
no such provider: JCP
Лог крипто модуля:
22-08-2023 14:42:56.571 - INFO [0.1-8899-exec-7] {ontroller.CryptoServiceControllerAPIBase} : Auth data certificate block: User Authorization Data. Certificate Info: информация о сертификате
22-08-2023 14:42:56.575 - ERROR [0.1-8899-exec-7] {crypto.cryptounit.CryptoUnitJCACryptoPro} : Message signing error
java.security.KeyStoreException: java.security.NoSuchProviderException: no such provider: JCP
at ru.sftcomp.crypto.keystore.KeyStoreCryptoPro.init(KeyStoreCryptoPro.java:122)
at ru.sftcomp.crypto.cryptounit.CryptoUnitJCACryptoPro.sign(CryptoUnitJCACryptoPro.java:271)
at ru.sftcomp.eco.cryptomodule.secure.KeyContainer.sign(KeyContainer.java:388)
at ru.sftcomp.eco.cryptomodule.controller.CryptoServiceControllerAPIv1.initKey(CryptoServiceControllerAPIv1.java:249)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.zalando.logbook.servlet.LogbookFilter.doFilter(LogbookFilter.java:74)
at org.zalando.logbook.servlet.HttpFilter.doFilter(HttpFilter.java:31)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.security.NoSuchProviderException: no such provider: JCP
at java.base/sun.security.jca.GetInstance.getService(GetInstance.java:83)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.base/java.security.Security.getImpl(Security.java:679)
at java.base/java.security.KeyStore.getInstance(KeyStore.java:919)
at ru.sftcomp.crypto.keystore.KeyStoreCryptoPro.init(KeyStoreCryptoPro.java:119)
... 58 common frames omitted
При этом вся информация о сертификате указана верно. В инструкции CryptoPro JCP сказано что с JVM 10+ (у меня 17) установка не осуществляется а работа производиться через прописывание провайдера в java.security и подключением библиотек через -classpath. Файл java.security:
security.provider.1=SUN
security.provider.2=SunRsaSign
security.provider.3=SunEC
security.provider.4=SunJSSE
security.provider.5=SunJCE
security.provider.6=SunJGSS
security.provider.7=SunSASL
security.provider.8=XMLDSig
security.provider.9=SunPCSC
security.provider.10=JdkLDAP
security.provider.11=JdkSASL
security.provider.12=SunPKCS11
security.provider.13=JCP
security.provider.14=CryptoProvider
security.provider.15=RevCheck
При запуске crypto-module.jar с библиотеками CryptoPro JCP данной командой:
user@Z:/opt/java-csp-5.0.44122-A-1aacf3ef$ sudo java --module-path /usr/share/openjfx/lib/ --add-modules javafx.controls -Xbootclasspath/a:.:./forms_rt.jar:./asn1rt.jar:./ASN1P.jar:./JCP.jar:./JCSP.jar:./JCryptoP.jar:./JCPRevCheck.jar:./JCPxml.jar: -jar /home/user/Soft/Crypto-module/crypto-module.jar
Крипто модуль запускается однако в его логе много ошибок:
22-08-2023 15:09:46.845 - WARN [JavaFX-Launcher] {u.CryptoPro.JCP.tools.logger.BasicLogger} : Error creating AlgIdSpec.
java.lang.ClassCastException: class com.objsys.asn1j.runtime.Asn1OpenType cannot be cast to class ru.CryptoPro.JCP.ASN.PKIX1Explicit88._gost2001PubKey_Type (com.objsys.asn1j.runtime.Asn1OpenType and ru.CryptoPro.JCP.ASN.PKIX1Explicit88._gost2001PubKey_Type are in unnamed module of loader 'bootstrap')
at ru.CryptoPro.JCP.params.AlgIdSpec.<init>(Unknown Source)
at ru.CryptoPro.JCP.Key.GostPublicKey.a(Unknown Source)
at ru.CryptoPro.JCP.Key.GostKeyFactory.engineGeneratePublic(Unknown Source)
at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:351)
at java.base/sun.security.x509.X509Key.buildX509Key(X509Key.java:224)
at java.base/sun.security.x509.X509Key.parse(X509Key.java:171)
at java.base/sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
at java.base/sun.security.x509.X509CertInfo.parse(X509CertInfo.java:674)
at java.base/sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1793)
at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:184)
at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
at java.base/sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:242)
at java.base/java.security.KeyStore.load(KeyStore.java:1473)
at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390)
at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336)
at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57)
at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49)
at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282)
at java.base/sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:94)
at java.base/javax.net.ssl.SSLContext.init(SSLContext.java:314)
at org.apache.tomcat.util.net.jsse.JSSESSLContext.init(JSSESSLContext.java:53)
at org.apache.tomcat.util.net.jsse.JSSEUtil.initialise(JSSEUtil.java:106)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getImplementedProtocols(JSSEUtil.java:73)
at org.apache.tomcat.util.net.SSLUtilBase.<init>(SSLUtilBase.java:92)
at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:61)
at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:56)
at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(JSSEImplementation.java:59)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:96)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:234)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1313)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:614)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1072)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:234)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:282)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:213)
at org.springframework.boot.web.servlet.context.WebServerStartStopLifecycle.start(WebServerStartStopLifecycle.java:43)
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:178)
at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:54)
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:356)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:155)
at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:123)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:935)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:586)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:740)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:415)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164)
at ru.sftcomp.eco.cryptomodule.CryptoServiceConfiguration.runContext(CryptoServiceConfiguration.java:82)
at ru.sftcomp.eco.cryptomodule.CryptoServiceClientApplication.init(CryptoServiceClientApplication.java:45)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.launchApplication1(LauncherImpl.java:824)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.lambda$launchApplication$2(LauncherImpl.java:195)
at java.base/java.lang.Thread.run(Thread.java:833)
22-08-2023 15:09:46.853 - WARN [JavaFX-Launcher] {u.CryptoPro.JCP.tools.logger.BasicLogger} : decode error: 101
22-08-2023 15:09:46.853 - WARN [JavaFX-Launcher] {u.CryptoPro.JCP.tools.logger.BasicLogger} : ERROR
java.security.spec.InvalidKeySpecException: null
at ru.CryptoPro.JCP.Key.GostPublicKey.a(Unknown Source)
at ru.CryptoPro.JCP.Key.GostKeyFactory.engineGeneratePublic(Unknown Source)
at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:351)
at java.base/sun.security.x509.X509Key.buildX509Key(X509Key.java:224)
at java.base/sun.security.x509.X509Key.parse(X509Key.java:171)
at java.base/sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
at java.base/sun.security.x509.X509CertInfo.parse(X509CertInfo.java:674)
at java.base/sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1793)
at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:184)
at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
at java.base/sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:242)
at java.base/java.security.KeyStore.load(KeyStore.java:1473)
at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390)
at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336)
at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57)
at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49)
at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282)
at java.base/sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:94)
at java.base/javax.net.ssl.SSLContext.init(SSLContext.java:314)
at org.apache.tomcat.util.net.jsse.JSSESSLContext.init(JSSESSLContext.java:53)
at org.apache.tomcat.util.net.jsse.JSSEUtil.initialise(JSSEUtil.java:106)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getImplementedProtocols(JSSEUtil.java:73)
at org.apache.tomcat.util.net.SSLUtilBase.<init>(SSLUtilBase.java:92)
at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:61)
at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:56)
at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(JSSEImplementation.java:59)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:96)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:234)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1313)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:614)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1072)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:234)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:282)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:213)
at org.springframework.boot.web.servlet.context.WebServerStartStopLifecycle.start(WebServerStartStopLifecycle.java:43)
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:178)
at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:54)
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:356)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:155)
at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:123)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:935)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:586)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:740)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:415)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164)
at ru.sftcomp.eco.cryptomodule.CryptoServiceConfiguration.runContext(CryptoServiceConfiguration.java:82)
at ru.sftcomp.eco.cryptomodule.CryptoServiceClientApplication.init(CryptoServiceClientApplication.java:45)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.launchApplication1(LauncherImpl.java:824)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.lambda$launchApplication$2(LauncherImpl.java:195)
at java.base/java.lang.Thread.run(Thread.java:833)
А при попытке входа в Газпромбанк он видит крипто модуль однако выдаёт не запрос о использовании ключеё а сразу ошибку:
Код ошибки: 99
java.io.IOException: subject key, nul
Источник: Stack Overflow на русском