1

我正在尝试基于SHA256withECDSA算法验证证书的证书链。我正在使用 Java JDK 11。

运行该CertPathValidator.getInstance("PKIX").validate方法时,我遇到了 crash Unrecognized algorithm for signature parameters SHA256withECDSA

根本原因似乎如下:

// null
providerSunEC.getService("AlgorithmParameters", "SHA256withECDSA");

但是,没有这样的签名参数:X509CertImpl实例包含一个AlgorithmIdwithalgid 1.2.840.10045.4.3.2和 params OID.1.2.840.10045.3.1.7(DER 编码,应该是prime256v1),这应该是默认的,并且是唯一受支持的。

我的感觉可能是非常错误的,冗余prime256v1可以而且应该被省略,但我不知道如何实现它,因为它在 Java 代码中。

这是堆栈跟踪:

Caused by: java.security.cert.CertPathValidatorException: signature check failed
    at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
    at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)
    at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
    at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
    at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
    at net.corda.core.internal.InternalUtils.validate(InternalUtils.kt:469)
    ... 64 more
Caused by: java.security.cert.CertificateException: Unrecognized algorithm for signature parameters SHA256withECDSA
    at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:445)
    at java.base/sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
    at java.base/sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)
    at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
    ... 69 more

这是证书链:

-----BEGIN CERTIFICATE-----
MIICDjCCAaugAwIBAgIIL8JlejRD9+AwFAYIKoZIzj0EAwIGCCqGSM49AwEHMDcx
CzAJBgNVBAYTAkNIMQ8wDQYDVQQHDAZadXJpY2gxFzAVBgNVBAoMDk5vdGFyeSBT
ZXJ2aWNlMB4XDTE5MDUxODAwMDAwMFoXDTI3MDUyMDAwMDAwMFowNzELMAkGA1UE
BhMCQ0gxDzANBgNVBAcMBlp1cmljaDEXMBUGA1UECgwOTm90YXJ5IFNlcnZpY2Uw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATQ5/8MzkZLIrlCmJwW36VFYN8qs/Qh
O4VVdsU54u/NvXr4ZHdvuhUshPusxger2tmTQ1G74JeHasiYuXRK7w5+o4GWMIGT
MB0GA1UdDgQWBBQU0zTXsjkN2A97z/YWgIat6XynDDAMBgNVHRMBAf8EAjAAMAsG
A1UdDwQEAwIDqDAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAw
HwYDVR0jBBgwFoAU93fYF/b7cP07vc/w+joyfiG/AR0wEQYKKwYBBAGDimIBAQQD
AgEFMBQGCCqGSM49BAMCBggqhkjOPQMBBwNHADBEAiBwb2uZZjD8qAoxHOxpbajB
RQ6LCIjkbUN2f8my0X00lAIge/qClByuVWeAkibOLM0rxs9tdpU8JMBKlFCQltXj
iBM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICjTCCAimgAwIBAgIIfN0wQLUbHR8wFAYIKoZIzj0EAwIGCCqGSM49AwEHMGMx
CzAJBgNVBAYTAlVTMREwDwYDVQQHEwhOZXcgWW9yazEOMAwGA1UECxMFQ29yZGEx
FjAUBgNVBAoTDVIzIEhvbGRDbyBMTEMxGTAXBgNVBAMTEENvcmRhIERvb3JtYW4g
Q0EwHhcNMTkwNTE4MDAwMDAwWhcNMjcwNTIwMDAwMDAwWjA3MQswCQYDVQQGEwJD
SDEPMA0GA1UEBwwGWnVyaWNoMRcwFQYDVQQKDA5Ob3RhcnkgU2VydmljZTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABNrSB6SrX1F//yNl58QWH14ittAcPs0KIcGg
2KFzF6Y1aHzHdZPvE9M1ErJW3A/ElrfXBtYeVqUch9155ZvL0gyjgegwgeUwHQYD
VR0OBBYEFPd32Bf2+3D9O73P8Po6Mn4hvwEdMA8GA1UdEwEB/wQFMAMBAf8wCwYD
VR0PBAQDAgGGMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAf
BgNVHSMEGDAWgBTr7i4wFSlArhmYHthv431/B6LCEzARBgorBgEEAYOKYgEBBAMC
AQQwTQYDVR0eAQH/BEMwQaA9MDukOTA3MQswCQYDVQQGEwJDSDEPMA0GA1UEBwwG
WnVyaWNoMRcwFQYDVQQKDA5Ob3RhcnkgU2VydmljZaEAMBQGCCqGSM49BAMCBggq
hkjOPQMBBwNIADBFAiEA7RJ9ofluL3ainww+zUbKBpAMgbdjE/54EkCy2wZJVRQC
IBq7Hb1jUa5VlpMWiB1LjkzUX7Zyovv3i14d+iRkjIIW
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICXjCCAfugAwIBAgIIHVb6wd3RHhIwFAYIKoZIzj0EAwIGCCqGSM49AwEHMFgx
GzAZBgNVBAMMEkNvcmRhIE5vZGUgUm9vdCBDQTELMAkGA1UECgwCUjMxDjAMBgNV
BAsMBWNvcmRhMQ8wDQYDVQQHDAZMb25kb24xCzAJBgNVBAYTAlVLMB4XDTE4MDcx
MDAwMDAwMFoXDTI3MDUyMDAwMDAwMFowYzELMAkGA1UEBhMCVVMxETAPBgNVBAcT
CE5ldyBZb3JrMQ4wDAYDVQQLEwVDb3JkYTEWMBQGA1UEChMNUjMgSG9sZENvIExM
QzEZMBcGA1UEAxMQQ29yZGEgRG9vcm1hbiBDQTBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABAPL3qAm4WZms5ciBVoxMQXfK7uTmHRVvWfWQ+QVYP3bMHSguHZRzB3v
7EOE8RZpGDan+w007Xj7XR0+xG9SxmCjgZkwgZYwHQYDVR0OBBYEFOvuLjAVKUCu
GZge2G/jfX8HosITMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgGGMCMGA1Ud
JQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAfBgNVHSMEGDAWgBR8rqnf
uUgBKxOJC5rmRYUcORcHczARBgorBgEEAYOKYgEBBAMCAQEwFAYIKoZIzj0EAwIG
CCqGSM49AwEHA0cAMEQCIBmzQXpnCo9eAxkhwMt0bBr1Q0APJXF0KuBRsFBWAa6S
AiBgx6G8G9Ij7B8+y65ItLKVcs7Kh6Rdnr5/1zB/yPwfrg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICCTCCAbCgAwIBAgIIcFe0qctqSucwCgYIKoZIzj0EAwIwWDEbMBkGA1UEAwwS
Q29yZGEgTm9kZSBSb290IENBMQswCQYDVQQKDAJSMzEOMAwGA1UECwwFY29yZGEx
DzANBgNVBAcMBkxvbmRvbjELMAkGA1UEBhMCVUswHhcNMTcwNTIyMDAwMDAwWhcN
MjcwNTIwMDAwMDAwWjBYMRswGQYDVQQDDBJDb3JkYSBOb2RlIFJvb3QgQ0ExCzAJ
BgNVBAoMAlIzMQ4wDAYDVQQLDAVjb3JkYTEPMA0GA1UEBwwGTG9uZG9uMQswCQYD
VQQGEwJVSzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGlm6LFHrVkzfuUHin36
Jrm1aUMarX/NUZXw8n8gSiJmsZPlUEplJ+f/lzZMky5EZPTtCciG34pnOP0eiMd/
JTCjZDBiMB0GA1UdDgQWBBR8rqnfuUgBKxOJC5rmRYUcORcHczALBgNVHQ8EBAMC
AYYwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgDaL4SguKsNeTT7SeUkFdoCBACeG8
GqO4M1KlfimphQwCICiq00hDanT5W8bTLqE7GIGuplf/O8AABlpWrUg6uiUB
-----END CERTIFICATE-----
4

0 回答 0