个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
24
4
我正在尝试授权在 JRockit 6 上运行的旧 JBoss 5 使用 Let's encrypt 证书访问 CAS 服务器。
问题是 JDK6 不支持 Let's encrypt,所以 I added the root certificate到 cacerts 文件。
现在的问题是 JDK 6 不理解这么大的 key (java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive))所以我尝试通过将 bcprov-jdk15on-1.61.jar & bctls-jdk15on-1.61.jar 添加到 $JAVA_HOME/来切换到 Bouncy CaSTLe JCE/JCA jre/lib/ext 文件夹并添加 org.bouncycaSTLe.jce.provider.BouncyCaSTLeProvider 和 org.bouncycaSTLe.jsse.provider.BouncyCaSTLeJsseProvider 作为第一个安全提供者$JAVA_HOME/jre/lib/security/java.security 文件 as explained partly here .
在 java.lang.ArrayIndexOutOfBoundsException: 64 之后,我从 SunX509 切换到 X.509 ssl.KeyManagerFactory 的值。 键。java.security 文件中的算法
现在我有以下错误(我认为与 this thread on Oracle forum 相同):
java.security.NoSuchAlgorithmException: Algorithm ECDH not available
javax.crypto.KeyAgreement.getInstance(DashoA13*..)
org.bouncycastle.jcajce.util.DefaultJcaJceHelper.createKeyAgreement(Unknown Source)
org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.calculateKeyAgreement(Unknown Source)
org.bouncycastle.tls.crypto.impl.jcajce.JceTlsECDomain.calculateECDHAgreement(Unknown Source)
org.bouncycastle.tls.crypto.impl.jcajce.JceTlsECDH.calculateSecret(Unknown Source)
org.bouncycastle.tls.TlsECDHEKeyExchange.generatePreMasterSecret(Unknown Source)
org.bouncycastle.tls.TlsProtocol.establishMasterSecret(Unknown Source)
org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown Source)
org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:167)
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:216)
但是通过查看 org.bouncycastle.jcajce.provider.asymmetric.EC's sources org.bouncycastle.jce.provider.BouncyCastleProvider 应正确设置此类 KeyAgreement .
但实际上,因为它是 org.bouncycastle.jsse.provider.BouncyCastleJsseProvider这是在创建 https 客户端时使用的,此提供程序未注册此算法,我不知道如何执行此操作。
有人知道如何解决这个问题吗?
我还尝试将这些 jar 声明为对我的 war 的依赖项,并像这样明确地实例化它们:
static {
org.bouncycastle.jce.provider.BouncyCastleProvider bcp = new org.bouncycastle.jce.provider.BouncyCastleProvider();
java.security.Security.insertProviderAt(bcp, 1);
org.bouncycastle.jsse.provider.BouncyCastleJsseProvider bcjp = new org.bouncycastle.jsse.provider.BouncyCastleJsseProvider(bcp);
java.security.Security.insertProviderAt(bcjp, 1);
}
但是,我有这个堆栈 seems to be linked to a problem in JBoss :
java.lang.SecurityException: JCE cannot authenticate the provider BC
javax.crypto.Cipher.getInstance(DashoA13*..)
org.bouncycastle.jcajce.util.ProviderJcaJceHelper.createCipher(Unknown Source)
org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.hasEncryptionAlgorithm(Unknown Source)
org.bouncycastle.tls.TlsUtils.isSupportedCipherSuite(Unknown Source)
org.bouncycastle.tls.TlsUtils.getSupportedCipherSuites(Unknown Source)
org.bouncycastle.jsse.provider.ProvTlsClient.getSupportedCipherSuites(Unknown Source)
org.bouncycastle.tls.AbstractTlsClient.init(Unknown Source)
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:167)
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:216)
Caused by: java.util.jar.JarException: Cannot parse jar:file:/opt/jboss-5.1.0.GA/server/default/deploy/myapp.war/WEB-INF/lib/bcprov-jdk15on-1.61.jar!/
javax.crypto.SunJCE_c.a(DashoA13*..)
javax.crypto.SunJCE_b.b(DashoA13*..)
javax.crypto.SunJCE_b.a(DashoA13*..)
javax.crypto.Cipher.getInstance(DashoA13*..)
org.bouncycastle.jcajce.util.ProviderJcaJceHelper.createCipher(Unknown Source)
org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.hasEncryptionAlgorithm(Unknown Source)
org.bouncycastle.tls.TlsUtils.isSupportedCipherSuite(Unknown Source)
org.bouncycastle.tls.TlsUtils.getSupportedCipherSuites(Unknown Source)
org.bouncycastle.jsse.provider.ProvTlsClient.getSupportedCipherSuites(Unknown Source)
org.bouncycastle.tls.AbstractTlsClient.init(Unknown Source)
org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:167)
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:216)
以防万一,我有 opened the issue #514在 BouncyCaSTLe GitHub 上。
最佳答案
您所看到的与未注册的 BouncyCaSTLe JCE 提供程序一致。因此,对 ECDH 协议(protocol)的搜索并未在 JCE 搜索路径中找到它。
要动态注册提供者,只需将以下行添加到您的代码中
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new BouncyCastleJsseProvider());
根据 BouncyCastle Specifications 6.1节和测试样例代码BouncyCastle JSSE Test Code
我怀疑你没有正确启动环境
关于ssl - "Algorithm ECDH not available"在 JRockit 6 上使用 bcprov 和 bctls,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55971726/
24
4
0
为我的服务器应用程序使用 BouncyCaSTLe FIPS JSSE 和 TLS 提供程序。 org.bouncycastle bcpkix-fips
我想在我的 Java 项目中使用 BouncycaSTLe 的 TLS 实现。不知何故,似乎 bctls(bctls-jdk15on:156 是最新版本)不在 Maven 存储库中。 我检查了 mvn
我正在尝试授权在 JRockit 6 上运行的旧 JBoss 5 使用 Let's encrypt 证书访问 CAS 服务器。 问题是 JDK6 不支持 Let's encrypt,所以 I adde
我是一名优秀的程序员,十分优秀!