Я пытаюсь проверить цепочку сертификатов на основе алгоритма SHA256withECDSA.Я использую Java JDK 11.
При запуске метода CertPathValidator.getInstance("PKIX").validate возникает сбой Unrecognized algorithm for signature parameters SHA256withECDSA.
Основная причина выглядит следующим образом:
// null
providerSunEC.getService("AlgorithmParameters", "SHA256withECDSA");
Однако таких параметров подписи нет: экземпляр X509CertImpl содержит AlgorithmId с algid 1.2.840.10045.4.3.2 и параметрами OID.1.2.840.10045.3.1.7 (в кодировке DER, это должно быть prime256v1), что должно бытьпо умолчанию и поддерживается только один.
Мне кажется, что это может быть весьма неправильно, так как избыточный prime256v1 можно и нужно опускать, но я не знаю, как его реализовать, так как он находится внутри кода Java.
Это трассировка стека:
Caused by: java.security.cert.CertPathValidatorException: signature check failed
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at net.corda.core.internal.InternalUtils.validate(InternalUtils.kt:469)
... 64 more
Caused by: java.security.cert.CertificateException: Unrecognized algorithm for signature parameters SHA256withECDSA
at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:445)
at java.base/sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
at java.base/sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 69 more
Это цепочка сертификатов:
-----BEGIN CERTIFICATE-----
MIICDjCCAaugAwIBAgIIL8JlejRD9+AwFAYIKoZIzj0EAwIGCCqGSM49AwEHMDcx
CzAJBgNVBAYTAkNIMQ8wDQYDVQQHDAZadXJpY2gxFzAVBgNVBAoMDk5vdGFyeSBT
ZXJ2aWNlMB4XDTE5MDUxODAwMDAwMFoXDTI3MDUyMDAwMDAwMFowNzELMAkGA1UE
BhMCQ0gxDzANBgNVBAcMBlp1cmljaDEXMBUGA1UECgwOTm90YXJ5IFNlcnZpY2Uw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATQ5/8MzkZLIrlCmJwW36VFYN8qs/Qh
O4VVdsU54u/NvXr4ZHdvuhUshPusxger2tmTQ1G74JeHasiYuXRK7w5+o4GWMIGT
MB0GA1UdDgQWBBQU0zTXsjkN2A97z/YWgIat6XynDDAMBgNVHRMBAf8EAjAAMAsG
A1UdDwQEAwIDqDAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAw
HwYDVR0jBBgwFoAU93fYF/b7cP07vc/w+joyfiG/AR0wEQYKKwYBBAGDimIBAQQD
AgEFMBQGCCqGSM49BAMCBggqhkjOPQMBBwNHADBEAiBwb2uZZjD8qAoxHOxpbajB
RQ6LCIjkbUN2f8my0X00lAIge/qClByuVWeAkibOLM0rxs9tdpU8JMBKlFCQltXj
iBM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICjTCCAimgAwIBAgIIfN0wQLUbHR8wFAYIKoZIzj0EAwIGCCqGSM49AwEHMGMx
CzAJBgNVBAYTAlVTMREwDwYDVQQHEwhOZXcgWW9yazEOMAwGA1UECxMFQ29yZGEx
FjAUBgNVBAoTDVIzIEhvbGRDbyBMTEMxGTAXBgNVBAMTEENvcmRhIERvb3JtYW4g
Q0EwHhcNMTkwNTE4MDAwMDAwWhcNMjcwNTIwMDAwMDAwWjA3MQswCQYDVQQGEwJD
SDEPMA0GA1UEBwwGWnVyaWNoMRcwFQYDVQQKDA5Ob3RhcnkgU2VydmljZTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABNrSB6SrX1F//yNl58QWH14ittAcPs0KIcGg
2KFzF6Y1aHzHdZPvE9M1ErJW3A/ElrfXBtYeVqUch9155ZvL0gyjgegwgeUwHQYD
VR0OBBYEFPd32Bf2+3D9O73P8Po6Mn4hvwEdMA8GA1UdEwEB/wQFMAMBAf8wCwYD
VR0PBAQDAgGGMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAf
BgNVHSMEGDAWgBTr7i4wFSlArhmYHthv431/B6LCEzARBgorBgEEAYOKYgEBBAMC
AQQwTQYDVR0eAQH/BEMwQaA9MDukOTA3MQswCQYDVQQGEwJDSDEPMA0GA1UEBwwG
WnVyaWNoMRcwFQYDVQQKDA5Ob3RhcnkgU2VydmljZaEAMBQGCCqGSM49BAMCBggq
hkjOPQMBBwNIADBFAiEA7RJ9ofluL3ainww+zUbKBpAMgbdjE/54EkCy2wZJVRQC
IBq7Hb1jUa5VlpMWiB1LjkzUX7Zyovv3i14d+iRkjIIW
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICXjCCAfugAwIBAgIIHVb6wd3RHhIwFAYIKoZIzj0EAwIGCCqGSM49AwEHMFgx
GzAZBgNVBAMMEkNvcmRhIE5vZGUgUm9vdCBDQTELMAkGA1UECgwCUjMxDjAMBgNV
BAsMBWNvcmRhMQ8wDQYDVQQHDAZMb25kb24xCzAJBgNVBAYTAlVLMB4XDTE4MDcx
MDAwMDAwMFoXDTI3MDUyMDAwMDAwMFowYzELMAkGA1UEBhMCVVMxETAPBgNVBAcT
CE5ldyBZb3JrMQ4wDAYDVQQLEwVDb3JkYTEWMBQGA1UEChMNUjMgSG9sZENvIExM
QzEZMBcGA1UEAxMQQ29yZGEgRG9vcm1hbiBDQTBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABAPL3qAm4WZms5ciBVoxMQXfK7uTmHRVvWfWQ+QVYP3bMHSguHZRzB3v
7EOE8RZpGDan+w007Xj7XR0+xG9SxmCjgZkwgZYwHQYDVR0OBBYEFOvuLjAVKUCu
GZge2G/jfX8HosITMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgGGMCMGA1Ud
JQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAfBgNVHSMEGDAWgBR8rqnf
uUgBKxOJC5rmRYUcORcHczARBgorBgEEAYOKYgEBBAMCAQEwFAYIKoZIzj0EAwIG
CCqGSM49AwEHA0cAMEQCIBmzQXpnCo9eAxkhwMt0bBr1Q0APJXF0KuBRsFBWAa6S
AiBgx6G8G9Ij7B8+y65ItLKVcs7Kh6Rdnr5/1zB/yPwfrg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICCTCCAbCgAwIBAgIIcFe0qctqSucwCgYIKoZIzj0EAwIwWDEbMBkGA1UEAwwS
Q29yZGEgTm9kZSBSb290IENBMQswCQYDVQQKDAJSMzEOMAwGA1UECwwFY29yZGEx
DzANBgNVBAcMBkxvbmRvbjELMAkGA1UEBhMCVUswHhcNMTcwNTIyMDAwMDAwWhcN
MjcwNTIwMDAwMDAwWjBYMRswGQYDVQQDDBJDb3JkYSBOb2RlIFJvb3QgQ0ExCzAJ
BgNVBAoMAlIzMQ4wDAYDVQQLDAVjb3JkYTEPMA0GA1UEBwwGTG9uZG9uMQswCQYD
VQQGEwJVSzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGlm6LFHrVkzfuUHin36
Jrm1aUMarX/NUZXw8n8gSiJmsZPlUEplJ+f/lzZMky5EZPTtCciG34pnOP0eiMd/
JTCjZDBiMB0GA1UdDgQWBBR8rqnfuUgBKxOJC5rmRYUcORcHczALBgNVHQ8EBAMC
AYYwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgDaL4SguKsNeTT7SeUkFdoCBACeG8
GqO4M1KlfimphQwCICiq00hDanT5W8bTLqE7GIGuplf/O8AABlpWrUg6uiUB
-----END CERTIFICATE-----