Добрый день!
На убунту 22.04 мой код прекрасно работает и подписывает документы и строки, а на РЕД ОС 7.3.2 не хочет.
Версия КриптоПРо Ver:5.0.12600 (на 12800 тоже не пошло на ред ос)
Сразу вводные данные:
NAME="RED OS"
VERSION="MUROM (7.3.2)"
PLATFORM_ID="platform:el7"
ID="redos"
ID_LIKE="rhel centos fedora"
VERSION_ID="7.3.2"
PRETTY_NAME="RED OS MUROM (7.3.2)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redos:redos:7"
HOME_URL="http://red-soft.ru/ru/main_products.html#redos"
BUG_REPORT_URL="http://redos-support.red-soft.ru"
EDITION="Standard"
На РЕД ОС такая ошибка:2023-07-27 11:46:38.035 [INF] CommandManager:SetCommand - user System - message - Decompose queue message for cryptosigning
2023-07-27 11:46:38.136 [INF] CommandManager:SetCommand - user System - message - Begin cryptosigning CryptoSignerLinux
2023-07-27 11:46:39.017 [INF] LibCoreInitializer:Initialize - user System - message - LibCore is Initialized!
2023-07-27 11:46:39.017 [INF] CryptoSignerLinux:Sign - user System - message - Try to find certificate with serial number = 022B1FF500C3ACD1AD426EE14AD51C042B
2023-07-27 11:46:39.034 [INF] CryptoSignerLinux:Sign - user System - message - storeCerts.Count = 2
2023-07-27 11:46:39.035 [INF] CryptoSignerLinux:Sign - user System - message - Found ceritificate with SerialNumber = 03BC40E20023AF11874BCDDE2F194565E5
2023-07-27 11:46:39.035 [INF] CryptoSignerLinux:Sign - user System - message - Found ceritificate with SerialNumber = 022B1FF500C3ACD1AD426EE14AD51C042B
2023-07-27 11:46:39.038 [INF] CryptoSignerLinux:Sign - user System - message - For singnature will be used certificate with SubjectName.Name = CN="ООО ""xxxxx РОССИЯ""", SN=xxxxx, G=xxxxx, C=RU, S=77 г. Москва, L=Москва, STREET="xxx", O="ООО ""xxxxx РОССИЯ""", T=xxxxxx, OGRN=xxxxxx, SNILS=xxxxx, INN=xxxxx, E=xxxxxv@xxxxx.com
2023-07-27 11:46:39.038 [INF] CryptoSignerLinux:Sign - user System - message - This certificate HasPrivateKey = True
2023-07-27 11:46:39.143 [ERR] An unhandled exception has occurred while executing the request.
LibCore.Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Cryptography error
at LibCore.Internal.NativeCrypto.CapiHelper.SignValue(SafeProvHandle hProv, SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
at LibCore.Security.Cryptography.Gost3410_2012_256CryptoServiceProvider.SignHash(Byte[] rgbHash)
at LibCore.Security.Cryptography.Gost3410_2012_256CryptoServiceProvider.SignHash(Byte[] rgbHash, HashAlgorithmName hashAlgName)
at LibCore.Security.Cryptography.Gost3410_2012_256.TrySignHash(ReadOnlySpan`1 hash, Span`1 destination, HashAlgorithmName hashAlgorithm, Int32& bytesWritten)
at LibCore.Security.Cryptography.GostCmsSignature.Gost2012_256CmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, String& signatureAlgorithm, Byte[]& signatureValue)
at LibCore.Security.Cryptography.GostCmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, String& oid, ReadOnlyMemory`1& signatureValue)
at LibCore.Security.Cryptography.Pkcs.Detours.CmsSignerDetour.Prefix(ReadOnlyMemory`1 data, String contentTypeOid, Boolean silent, X509Certificate2Collection& chainCerts, CmsSigner __instance, Object& __result)
at System.Security.Cryptography.Pkcs.CmsSigner.Sign_Patch1(CmsSigner this, IntPtr retbuf, ReadOnlyMemory`1 data, String contentTypeOid, Boolean silent, X509Certificate2Collection& chainCerts)
at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
at Vekas.CryptoSignerService.Business.CryptoSignerLinux.Sign(String text) in E:\TempGit\CryptoSigner_master_2023-07-27_10-44-10\Software\Vekas.CryptoSignerService\Business\CryptoSignerLinux.cs:line 79
at CryptoSignerService.Managers.CommandManager.SetCommand(BaseCSDto`1 apiCommand) in E:\TempGit\CryptoSigner_master_2023-07-27_10-44-10\Software\Vekas.CryptoSignerService\Managers\CommandManager.cs:line 64
at lambda_method2(Closure , Object , Object[] )
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeNextActionFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2023-07-27 11:46:39.180 [ERR] Connection id "0HMSEFNUO0TE3", Request id "0HMSEFNUO0TE3:00000002": An unhandled exception was thrown by the application.
System.InvalidOperationException: The exception handler configured on ExceptionHandlerOptions produced a 404 status response. This InvalidOperationException containing the original exception was thrown since this is often due to a misconfigured ExceptionHandlingPath. If the exception handler is expected to return 404 status responses then set AllowStatusCode404Response to true.
---> LibCore.Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Cryptography error
at LibCore.Internal.NativeCrypto.CapiHelper.SignValue(SafeProvHandle hProv, SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
at LibCore.Security.Cryptography.Gost3410_2012_256CryptoServiceProvider.SignHash(Byte[] rgbHash)
at LibCore.Security.Cryptography.Gost3410_2012_256CryptoServiceProvider.SignHash(Byte[] rgbHash, HashAlgorithmName hashAlgName)
at LibCore.Security.Cryptography.Gost3410_2012_256.TrySignHash(ReadOnlySpan`1 hash, Span`1 destination, HashAlgorithmName hashAlgorithm, Int32& bytesWritten)
at LibCore.Security.Cryptography.GostCmsSignature.Gost2012_256CmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, String& signatureAlgorithm, Byte[]& signatureValue)
at LibCore.Security.Cryptography.GostCmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, String& oid, ReadOnlyMemory`1& signatureValue)
at LibCore.Security.Cryptography.Pkcs.Detours.CmsSignerDetour.Prefix(ReadOnlyMemory`1 data, String contentTypeOid, Boolean silent, X509Certificate2Collection& chainCerts, CmsSigner __instance, Object& __result)
at System.Security.Cryptography.Pkcs.CmsSigner.Sign_Patch1(CmsSigner this, IntPtr retbuf, ReadOnlyMemory`1 data, String contentTypeOid, Boolean silent, X509Certificate2Collection& chainCerts)
at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
at Vekas.CryptoSignerService.Business.CryptoSignerLinux.Sign(String text) in E:\TempGit\CryptoSigner_master_2023-07-27_10-44-10\Software\Vekas.CryptoSignerService\Business\CryptoSignerLinux.cs:line 79
at CryptoSignerService.Managers.CommandManager.SetCommand(BaseCSDto`1 apiCommand) in E:\TempGit\CryptoSigner_master_2023-07-27_10-44-10\Software\Vekas.CryptoSignerService\Managers\CommandManager.cs:line 64
at lambda_method2(Closure , Object , Object[] )
64 строка: foreach (var crt in storeCerts)
79 строка: signedCms.ComputeSignature(cmsSigner);
Ну и весь кусок кода
Код:
using (var store = new CpX509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadOnly);
var storeCerts = store.Certificates;
Logger.Info(this, "storeCerts.Count = " + storeCerts.Count);
if (storeCerts.Count > 0)
{
foreach (var crt in storeCerts)
{
Logger.Info(this, "Found ceritificate with SerialNumber = " + crt.SerialNumber);
if (crt.SerialNumber != null && crt.SerialNumber.Equals(CryptoKey.Thumbprint))
{
cert = crt;
Logger.Info(this,
"For singnature will be used certificate with SubjectName.Name = " + cert.SubjectName.Name);
Logger.Info(this, "This certificate HasPrivateKey = " + cert.HasPrivateKey);
byte[] bytesToHash = Encoding.Default.GetBytes(text);
using (var gostCert = cert)
{
var contentInfo = new ContentInfo(bytesToHash);
var signedCms = new SignedCms(contentInfo, Detached);
CmsSigner cmsSigner = new CmsSigner(gostCert);
signedCms.ComputeSignature(cmsSigner);
signature = signedCms.Encode();
Logger.Info(this, $"CMS Sign: {Convert.ToBase64String(signature)}");
signedCms.Decode(signature);
signedCms.CheckSignature(true);
return Result<string>.Success(Convert.ToBase64String(signature));
}
}
}
Logger.Info(this, $"Can't find certificate with serial number = " + CryptoKey.Thumbprint);
return Result<string>.Fail(this,
"Can't find certificate with serial number = " + CryptoKey.Thumbprint);
}
Logger.Info(this, $"Thehre is no certificates in storage");
return Result<string>.Fail(this, "Thehre is no certificates in storage");
}