java - pkcs12 keystore key 的 NoSuchAlgorithm

标签 java ssl keystore pkcs#12

我正在编写一个示例程序来从 Java 应用程序查询供应商的 Web 服务。我不是从服务器上执行此操作,它是一个 java 命令行桌面应用程序。编辑:使用 Java 7。

我有供应商提供的证书 -- 一个包括用于识别供应商的链,另一个是用于识别我公司的 keystore 。我已将供应商证书导入到 cacerts 中,并且相信它可以正常工作,因为它消除了我过去在创建服务对象时遇到的错误。

当我实际尝试运行对 web 服务的远程调用时,我遇到了 NoSuchAlgorithm 错误;这是否意味着 pkcs12 不是有效类型的 keystore ? Keystore Explorer 可以读取这个 keystore ,这让我相信以某种方式使用 pkcs12 应该是可能的。

所以我想知道我做错了什么,例如,我是否需要为 PKCS12 类型的 key 做些什么。由于我使用 VM 命令行选项指定了一个 keystore ,所以我也很困惑为什么 SSL 调试信息没有列出该 keystore 。

我使用以下选项运行它:

-Djavax.net.debug=ssl -Djavax.net.ssl.keystore="S:\Vendor Documentation\9.07\Web Services\MyCompanykickoff\VendorSaaSWebServices-Customer.pfx" -Djavax.net.ssl.keyStorePassword=cX5L9CTj -Djavax.net.ssl.keyStoreType=pkcs12

我得到以下输出:

run:
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync1
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEncryptedSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
keyStore is : 
keyStore type is : pkcs12

keyStore provider is : 
init keystore
default context init failed: java.security.KeyStoreException: pkcs12
 not found
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
  at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
  at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)
  at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:123)
  at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:626)
  at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:585)
  at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
  at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
  at com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
all done
  at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:177)
  at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:203)
  at stsclientexample3.STSClientExample3.main(STSClientExample3.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198)
  at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205)
  at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:361)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:378)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:473)
  at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:270)
  at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:327)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:974)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
  at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)
  ... 11 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at java.security.Provider$Service.newInstance(Provider.java:1262)
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
  at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
  at javax.net.ssl.SSLContext.getDefault(SSLContext.java:97)
  at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:121)
  at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:333)
  at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:291)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
  at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
  at java.net.URL.openConnection(URL.java:1018)
  at com.sun.xml.internal.ws.api.EndpointAddress.openConnection(EndpointAddress.java:202)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.createHttpConnection(HttpClientTransport.java:202)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:102)
  ... 11 more
Caused by: java.security.KeyStoreException: pkcs12
 not found
  at java.security.KeyStore.getInstance(KeyStore.java:616)
  at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:603)
  at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:495)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
  at java.lang.Class.newInstance0(Class.java:372)
  at java.lang.Class.newInstance(Class.java:325)
  at java.security.Provider$Service.newInstance(Provider.java:1238)
  ... 24 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12
 KeyStore not available
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
  at java.security.Security.getImpl(Security.java:695)
  at java.security.KeyStore.getInstance(KeyStore.java:613)
  ... 33 more
BUILD SUCCESSFUL (total time: 0 seconds)

好的 Netbeans,告诉我构建成功...

万一有人仍然想要代码:

package stsclientexample3;

import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import javax.xml.ws.Service.Mode;
import javax.xml.ws.soap.AddressingFeature;

import org.oasis_open.docs.ws_sx.ws_trust._200512.RequestSecurityTokenType;

public class STSClientExample3 {

    public static void main(String[] args) {
        try
        {
    final Service service 
      = Service.create( 
              new URL("file://\\project\\VendorDemo\\DocumentAPIv22Methods\\EchoSignDocumentService22Demo\\Java\\STSClientExample2\\web\\WEB-INF\\wsdl\\SecurityTokenService.wsdl"),
                        new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "SecurityTokenService") 
                       );
    Iterator<QName> ports = service.getPorts();
    while (ports.hasNext()) {
        QName port = ports.next();
        System.out.println(port.toString());
    }

    final Dispatch dispatch 
      = service.createDispatch(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "CustomBinding_IWSTrust13Sync"), 
                                JAXBContext.newInstance("org.oasis_open.docs.ws_sx.ws_trust._200512"), 
                                Mode.PAYLOAD, 
                                new AddressingFeature()
                              );

    final BindingProvider provider = (BindingProvider) dispatch;

    final Map requestContext = provider.getRequestContext();

    requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");

    final RequestSecurityTokenType request = new RequestSecurityTokenType();

    dispatch.invoke(new JAXBElement<RequestSecurityTokenType>
                          (new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestSecurityToken"), 
                            RequestSecurityTokenType.class, 
                            request)
                          );
        }
         catch (Exception e) { e.printStackTrace(); }
        System.out.println("all done");
    }

    public static void disableCertificates()
    {
        try {
            TrustManager[] trustAllCerts = 
            {new X509TrustManager() 
                {
                    public X509Certificate[] getAcceptedIssuers() { return null; }
                    public void checkClientTrusted(X509Certificate[] certs, String authType) { }
                    public void checkServerTrusted(X509Certificate[] certs, String authType) { }
                }
            };
            SSLContext sc = SSLContext.getInstance("SSL");
            HostnameVerifier hv 
                    = new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } };
            sc.init(null, trustAllCerts, new SecureRandom());

            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(hv);
        } 
        catch (Exception localException) 
        {
            System.out.println("Problem disabling SSL certificates: " + localException.getMessage());
        }
    }

}

最佳答案

我遇到了一个导致 NoSuchAlgorithm 异常的愚蠢错误。

如果您(或阅读这篇文章的任何人)在使用 SpringBoot 时遇到此错误,请检查您的 application.properties 并确保您没有 像这样写 keystore 类型值:

server.ssl.key-store-type="PKCS12"

注意引号不应该出现!

删除它们后,异常就消失了。\

我正在使用 Java 1.8:

java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)

P.S. 我知道这与问题没有太大关系,但是 Google 对 NoSuchAlgorithm 异常的查询将我带到了这个页面,所以我认为它会是写这个建议的好地方。

关于java - pkcs12 keystore key 的 NoSuchAlgorithm,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34495750/

上一篇:java - 使用泛型类型中的 super 将 Map 流式传输到 Consumer 后使用 orElse 编译错误

下一篇:java - itext - 添加无边框的 png 图像

相关文章:

ssl - 自己为域的子域颁发 SSL 证书 我有一个 SSL 证书

java - 使用 KeyStore.getEntry() 时出现 UnsupportedOperationException?

Android->Settings->Security->StorageType get Value inside app

android - 不同帐户在 Google Play 商店发布的两个 apk 文件是否可以使用相同的 key / keystore 进行签名?

java - 不清楚动态绑定(bind)

Java - 扫描器 : reading line of record separated by Pipe | as delimiter

java - 在android中更改语言时如何更改操作栏语言

c# - SSL WCF "Could not establish trust relationship for the SSL/TLS secure channel with authority ' 本地主机'

java - GWT RemoteServiceServlet 请求滞后;没有反应

ssl - 了解 ssl 证书

©2024 IT工具网  联系我们