个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
34
4
我正在编写一个示例程序来从 Java 应用程序查询供应商的 Web 服务。我不是从服务器上执行此操作,它是一个 java 命令行桌面应用程序。编辑:使用 Java 7。
我有供应商提供的证书 -- 一个包括用于识别供应商的链,另一个是用于识别我公司的 keystore 。我已将供应商证书导入到 cacerts 中,并且相信它可以正常工作,因为它消除了我过去在创建服务对象时遇到的错误。
当我实际尝试运行对 web 服务的远程调用时,我遇到了 NoSuchAlgorithm 错误;这是否意味着 pkcs12 不是有效类型的 keystore ? Keystore Explorer 可以读取这个 keystore ,这让我相信以某种方式使用 pkcs12 应该是可能的。
所以我想知道我做错了什么,例如,我是否需要为 PKCS12 类型的 key 做些什么。由于我使用 VM 命令行选项指定了一个 keystore ,所以我也很困惑为什么 SSL 调试信息没有列出该 keystore 。
我使用以下选项运行它:
-Djavax.net.debug=ssl -Djavax.net.ssl.keystore="S:\Vendor Documentation\9.07\Web Services\MyCompanykickoff\VendorSaaSWebServices-Customer.pfx" -Djavax.net.ssl.keyStorePassword=cX5L9CTj -Djavax.net.ssl.keyStoreType=pkcs12
我得到以下输出:
run:
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync1
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEncryptedSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
keyStore is :
keyStore type is : pkcs12
keyStore provider is :
init keystore
default context init failed: java.security.KeyStoreException: pkcs12
not found
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:123)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:626)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:585)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
all done
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:177)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:203)
at stsclientexample3.STSClientExample3.main(STSClientExample3.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205)
at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:361)
at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:378)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:473)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:270)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:327)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:974)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)
... 11 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Provider.java:1262)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:97)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:121)
at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:333)
at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:291)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
at java.net.URL.openConnection(URL.java:1018)
at com.sun.xml.internal.ws.api.EndpointAddress.openConnection(EndpointAddress.java:202)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.createHttpConnection(HttpClientTransport.java:202)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:102)
... 11 more
Caused by: java.security.KeyStoreException: pkcs12
not found
at java.security.KeyStore.getInstance(KeyStore.java:616)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:603)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:495)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at java.security.Provider$Service.newInstance(Provider.java:1238)
... 24 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12
KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:613)
... 33 more
BUILD SUCCESSFUL (total time: 0 seconds)
好的 Netbeans,告诉我构建成功...
万一有人仍然想要代码:
package stsclientexample3;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import javax.xml.ws.Service.Mode;
import javax.xml.ws.soap.AddressingFeature;
import org.oasis_open.docs.ws_sx.ws_trust._200512.RequestSecurityTokenType;
public class STSClientExample3 {
public static void main(String[] args) {
try
{
final Service service
= Service.create(
new URL("file://\\project\\VendorDemo\\DocumentAPIv22Methods\\EchoSignDocumentService22Demo\\Java\\STSClientExample2\\web\\WEB-INF\\wsdl\\SecurityTokenService.wsdl"),
new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "SecurityTokenService")
);
Iterator<QName> ports = service.getPorts();
while (ports.hasNext()) {
QName port = ports.next();
System.out.println(port.toString());
}
final Dispatch dispatch
= service.createDispatch(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "CustomBinding_IWSTrust13Sync"),
JAXBContext.newInstance("org.oasis_open.docs.ws_sx.ws_trust._200512"),
Mode.PAYLOAD,
new AddressingFeature()
);
final BindingProvider provider = (BindingProvider) dispatch;
final Map requestContext = provider.getRequestContext();
requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");
final RequestSecurityTokenType request = new RequestSecurityTokenType();
dispatch.invoke(new JAXBElement<RequestSecurityTokenType>
(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestSecurityToken"),
RequestSecurityTokenType.class,
request)
);
}
catch (Exception e) { e.printStackTrace(); }
System.out.println("all done");
}
public static void disableCertificates()
{
try {
TrustManager[] trustAllCerts =
{new X509TrustManager()
{
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}
};
SSLContext sc = SSLContext.getInstance("SSL");
HostnameVerifier hv
= new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } };
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
catch (Exception localException)
{
System.out.println("Problem disabling SSL certificates: " + localException.getMessage());
}
}
}
最佳答案
我遇到了一个导致 NoSuchAlgorithm 异常的愚蠢错误。
如果您(或阅读这篇文章的任何人)在使用 SpringBoot 时遇到此错误,请检查您的 application.properties 并确保您没有 像这样写 keystore 类型值:
server.ssl.key-store-type="PKCS12"
注意引号,不应该出现!
删除它们后,异常就消失了。\
我正在使用 Java 1.8:
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)
P.S. 我知道这与问题没有太大关系,但是 Google 对 NoSuchAlgorithm 异常的查询将我带到了这个页面,所以我认为它会是写这个建议的好地方。
关于java - pkcs12 keystore key 的 NoSuchAlgorithm,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34495750/
34
4
0
当我在工作区执行 certsign.sh 脚本时,出现以下错误 jarsigner 错误:java.lang.RuntimeException: keystore 加载:无效的 keystore 格式
如何: 生成 keystore 生成信任库 为了让 SSL 在客户端和服务器之间工作,我只需要 的帮助使用终端命令(Keytool 和 openssl)生成用于相互身份验证的 keystore 和信任
keystore 和信任库之间有什么区别? 最佳答案 keystore 包含私钥以及证书及其相应的公钥。 信任库包含来自您希望与之通信的其他方的证书,或来自您信任的可识别其他方的证书颁发机构的证书。
我已经尝试使用命令 keytool -import -keystore *.jks -alias alias_name -keypass alias_passwd -file *.x509.pem`
我试图找出.keystore文件和.jks文件之间的区别,但我找不到它。我知道 jks 代表“Java keystore”,两者都是存储键/值对的一种方式。 使用其中一种与另一种相比有什么区别或偏好吗
我有一个包含多个客户端证书的 Java keystore 文件。我希望在我的 Java 应用程序中仅选择这些证书之一来连接到服务。有没有简单的方法可以做到这一点?到目前为止,我找到解决方案的唯一方法是
我想知道是否有一种方法可以检测程序是在默认(调试) keystore (从 eclipse 运行时)还是在签名 keystore (发布到 Android 市场时)上运行 我在我的应用程序中使用谷歌地
我是Java世界的新手,虽然使用NetBeans代码创建Web应用程序工作正常,直到执行get方法,但当我试图执行SQL查询时,glassfish无法显示来自MSQL DB的数据并给出错误。我正在使用
在 Azure 管道中有以下任务 AzureResourceManagerTemplateDeployment@3 从 ARM 模板部署 Key Vault 然后,AzurePowerShell@5
我正在使用以下命令使用 OpenSSL 创建 keystore : openssl pkcs12 -export -in mycert.crt -inkey mykey.key \
在 Azure 管道中有以下任务 AzureResourceManagerTemplateDeployment@3 从 ARM 模板部署 Key Vault 然后,AzurePowerShell@5
我使用下面的代码尝试加载 keystore 文件,但收到 java.io.IOException: 无效的 keystore 格式异常。关于如何解决此问题或导致问题的原因有什么想法吗? 加载 keys
我目前正在评估 Artifactory Pro 版本的 jar 签名功能。我正在按照此处找到的手册进行操作:https://www.jfrog.com/confluence/display/RTF/W
当我尝试将证书添加到 Keystore 时,我遇到了一个奇怪的错误。 System.out.println(x509Certificate.getPublicKey()); // prints pub
作为加密和保存数据的一部分,我们使用 AES 算法和 openssl 生成了 key 。 openssl enc -aes-256-cbc -P -nosalt Openssl 已生成 KEY 和 I
这个问题在这里已经有了答案: 关闭 11 年前。 Possible Duplicate: I lost my .keystore file! 我丢失了在 Market 上发布的 Android 应用
我不小心删除了我的应用程序的 .keystore 文件,但我仍然有用于生成 .keystore 文件的 Keystore 密码。有什么方法可以使用密码恢复该文件吗? 最佳答案 不,这不可能。一旦你失去
我正在访问一个 https URL,证书已添加到我的应用程序 keystore 属性中。 但是,目标 https URL 的证书最近发生了变化。 我们不想重新编译代码并使用更新后的 keystore
所以我有一个应用程序,允许用户使用 HTTPS 配置服务器。服务器使用 Undertow。要向 Undertow 添加 HTTPS 处理程序,我需要调用 Keystore.getInstance("J
这个问题在这里已经有了答案: Truststore and Keystore Definitions (7 个答案) 关闭 6 年前。 我有一个 PKCS#12我将其视为 keystore 文件,因
我是一名优秀的程序员,十分优秀!