我已经从输入的 pfx 文件生成了一个 JKS 格式的 keystore 文件。在tomcat web应用中使用keystore文件时遇到异常,请有同样问题的 friend 帮忙解决。
异常:
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
... 124 common frames omitted
Caused by: org.opensaml.common.SAMLRuntimeException: Can't obtain SP signing key
at org.springframework.security.saml.key.JKSKeyManager.getCredential(JKSKeyManager.java:193) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.key.JKSKeyManager.getDefaultCredential(JKSKeyManager.java:205) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory.initializeDelegate(TLSProtocolSocketFactory.java:113) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory.<init>(TLSProtocolSocketFactory.java:77) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer.afterPropertiesSet(TLSProtocolConfigurer.java:50) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
... 131 common frames omitted
Caused by: org.opensaml.xml.security.SecurityException: Could not retrieve entry from keystore
at org.opensaml.xml.security.credential.KeyStoreCredentialResolver.resolveFromSource(KeyStoreCredentialResolver.java:136) ~[xmltooling-1.4.4.jar:na]
最佳答案
异常指出 openSAML 找不到您的 (SP) 私钥来签署 SAML 消息。
应该存在以下 SAML 配置(例如在 spring-security.xml 中)
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg type="org.springframework.core.io.Resource" value="file:/path/to/keystore/jks"/>
<constructor-arg type="java.lang.String" value="<keystorePassword>"/>
<constructor-arg>
<map>
<entry key="<keyAlias>" value="<privateKeyPassphrase>"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="<defaultKeyAlias>"/>
</bean>
如果你已经有了上面的配置,那么检查你的JKS是否包含别名为 的私钥/公钥对。
关于java - 从 pfx 文件生成的 JAVA jks keystore 问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58338238/