メインコンテンツまでスキップ

문서 헤더 1020 에러

개요

  • SHIELDRM 서비스 (ssevtr) 에서 컨테이너 링커를 통해 헤더 정보 가져올 때 1020 에러가 발생함
  • 1020은 헤더 복호화 시에 헤더키 에러입니다.
  • 이 문서는 1020 에러시에 확인 할수 있는 방안을 작성하였습니다
{"errorCode":1020,"message":"This document is not encrypted."}

ssevtr 로그

02:28:27.597 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO  start postDocItem (postDocItem():MessageController.java:64)
02:28:27.598 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO S365AccessToken : 1ohojFP3Ky... (getS365AccessToken():S365AuthAppTokenService.java:127)
02:28:27.598 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO S365AccessToken : 1ohojFP3Ky... (getS365AccessToken():S365AuthAppTokenService.java:127)
02:28:27.626 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO S365AccessToken : 1ohojFP3Ky... (getS365AccessToken():S365AuthAppTokenService.java:127)
02:28:27.675 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO S365AccessToken : 1ohojFP3Ky... (getS365AccessToken():S365AuthAppTokenService.java:127)
02:28:28.539 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO S365AccessToken : 1ohojFP3Ky... (getS365AccessToken():S365AuthAppTokenService.java:127)
02:28:28.631 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO eventType[ITEMADDED] (conditionalWork():DocumentConvertService.java:51)
02:28:28.719 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO File name : CypherDocsFlow_소개자료.pptx (work():DocumentConvertService.java:86)
02:28:28.720 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO File webUrl : https://security365demo.sharepoint.com/sites/SHIELDRM-demo/_layouts/15/Doc.aspx?sourcedoc=%7BFF890C02-CB78-422E-BB4E-69D6B0EDFB30%7D&file=CypherDocsFlow_%EC%86%8C%EA%B0%9C%EC%9E%90%EB%A3%8C.pptx&action=edit&mobileredirect=true (work():DocumentConvertService.java:87)
02:28:28.831 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO [CHECKOUT] Success : 204 (checkinCheckoutItem():GraphApiService.java:347)
02:28:28.944 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO downloadFileByUrl() File Download Path : /rmswork/CypherDocsFlow_%EC%86%8C%EA%B0%9C%EC%9E%90%EB%A3%8C_742fb468-c240-4ffe-b712-8cc8cac456d3.pptx (downloadFileByUrl():SharepointDriveItemService.java:163)
02:28:28.954 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO createNewFile : true (downloadFileByUrl():SharepointDriveItemService.java:166)
02:28:29.094 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO work() : dstFileName : /rmswork/CypherDocsFlow_%EC%86%8C%EA%B0%9C%EC%9E%90%EB%A3%8C_742fb468-c240-4ffe-b712-8cc8cac456d3.pptx (downloadAzureDriveItem():DocumentConvertService.java:191)
02:28:29.094 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO S365 Jwt : eyJ0eXAiOi... (getS365Jwt():S365AuthAppTokenService.java:110)
02:28:29.144 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO headerInfo : {"errorCode":1020,"message":"This document is not encrypted."} (getDocumentData():DocumentConvertService.java:576)
02:28:29.145 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO getDocumentData() Get DS Header Fail... (getDocumentData():DocumentConvertService.java:582)
02:28:29.252 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO undoCheckOutSitesItem() Success (undoCheckOutSitesItem():SharePointApiService.java:290)
02:28:29.262 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO deleteFile() Success: /rmswork/CypherDocsFlow_%EC%86%8C%EA%B0%9C%EC%9E%90%EB%A3%8C_742fb468-c240-4ffe-b712-8cc8cac456d3.pptx (deleteFile():SharepointDriveItemService.java:77)
02:28:29.263 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO sendLogForCloudLogger() (sendLogForCloudLogger():S365LogService.java:86)
02:28:29.263 [389:POST:/sites/c9594f29-0388-4e33-b0ff-d8e534331759/items/ff890c02-cb78-422e-bb4e-69d6b0edfb30:SHIELDrmEventReceiverWeb/1.0.0.4] INFO [256][Failed to get document header] (endApiException():ControllerCommon.java:20)

관련 TFS

ID제목링크
147856Document Security 하드코딩된 암호화 키 노출 취약점 개선링크

원인

  • 클라이언트가 로그인한 SCI서버에 헤더키 커스텀 정책 (DS_CUSTOM_HEADER_KEY)이 설정되어 있지 않음
  • 클라이언트는 최신버전 설치 (TFS 147856 가 적용된 클라이언트) - 20230717_B27_H04
  • 현재(2023-08-03)기준 컨테이너 링커에서는 구 헤더키(고정키)를 사용하여 헤더를 암/복호화 하므로 최신 클라이언트에서 만든 문서의 헤더를 복호화 하지 못함

해결 방법

  • 헤더키 커스텀 정책을 구 헤더키(고정키)로 세팅 후 → 정책 다시받기 → 새로 만든 보안문서에 대해서는 정상 동작 확인