gpt4 book ai didi

java - TrustStore 初始化失败但 KeyStore 成功

转载 作者:行者123 更新时间:2023-11-28 22:25:17 28 4
gpt4 key购买 nike

我正在尝试配置 Tomcat,以便我的 Web 应用程序可以使用 LDAPS。在 UAT 服务器上一切正常,但由于某种原因,生产服务器无法初始化信任库。我已经打开调试(通过 -Djavax.net.debug=all),错误是:

default context init failed: java.io.IOException: Keystore was tampered with, or password was incorrect

我 100% 确定密码是正确的,因为我已经运行了 keytool 并列出了信任库的内容,并从工作中的 UAT 服务器获取了相同的文件。

作为实验,我将 Tomcat 配置为对 keystore 和信任库使用相同的存储文件(我意识到这不是典型的设置,但根据我的理解,文件格式等是相同的,因此它们应该都加载):

-Djavax.net.ssl.trustStorePassword=xxx
-Djavax.net.ssl.trustStore=C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\.keystore
-Djavax.net.ssl.keyStorePassword=xxx
-Djavax.net.ssl.keyStore=C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\.keystore

keystore 有效:

keyStore is : C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin.keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509 ***
found key for : tomcat

虽然信任库失败.. 相同的文件和密码!:

trustStore is: C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin.keystore
trustStore type is : jks
trustStore provider is :
init truststore
default context init failed: java.io.IOException: Keystore was tampered with, or password was incorrect

从 Web 应用程序中,堆栈跟踪有更多详细信息(我不确定它是否有帮助。我研究了 TrustManagerFactoryImpl 的 Java 源代码并将其与日志记录相匹配,但它没有解释行为)

javax.naming.CommunicationException: <ldap url>:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)]
at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.mycompany.fde.util.LDAPHelper.initialBindSSL(LDAPHelper.java:116)
at com.mycompany.fde.util.LDAPHelper.<init>(LDAPHelper.java:91)
at com.mycompany.fde.util.LDAPHelper.getInstance(LDAPHelper.java:58)
at com.mycompany.fde.server.work.StartupWork.startupStage1(StartupWork.java:224)
at com.mycompany.fde.server.work.StartupWork.call(StartupWork.java:121)
at com.mycompany.fde.server.work.StartupWork.call(StartupWork.java:47)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
... 24 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getDefault(Unknown Source)
at javax.net.ssl.SSLSocketFactory.getDefault(Unknown Source)
... 29 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(Unknown Source)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(Unknown Source)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
... 35 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
... 45 more

我完全不知所措 - 任何帮助/想法将不胜感激!

最佳答案

感谢大家的帮助,我终于发现不知为何,确实有人在Catalina.properties中设置了truststore密码(通过javax.net.ssl.trustStorePassword)。看起来这甚至比 Tomcat UI 中设置的 java 变量更优先:(

关于java - TrustStore 初始化失败但 KeyStore 成功,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47840637/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com