使用过程中 Client certificates for authentication , 我决定使用 not-yet-commons-ssl-0.3.11.jar .这导致了另一个问题 - 在 EasySSLProtocolSocketFactory 或 StrictSSLProtocolSocketFactory 上调用构造函数的简单操作将产生异常。
代码,隔离在一个简单的 cmd 行应用程序中:
public class CertTest {
public static void main(String[] args) {
System.setProperty("javax.net.debug", "ssl,handshake"); // SSL DEBUG INFO
String keystore = "/usr/java/jdk1.6.0_11/jre/lib/security/cacerts";
String keystorePassword = "changeit";
System.setProperty("javax.net.ssl.keyStore", keystore);
System.setProperty("javax.net.ssl.keyStorePassword", keystorePassword);
// System.setProperty("javax.net.ssl.trustStore", keystore);
// System.setProperty("javax.net.ssl.trustStorePassword", keystorePassword);
try {
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory factory =
new org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory();
}
catch (Exception e) {
System.out.println (e);
}
}
为了隔离旧库的问题,我将上面的代码放在包含这些 jar 的目录中(这些是类路径中唯一的 jar):
- httpclient-4.0.1.jar
- not-yet-commons-ssl-0.3.11.jar
- commons-httpclient-3.1.jar
- httpcore-4.0.1.jar
因此,使用 cacerts keystore 中的一些客户端证书,我得到:
org.apache.commons.ssl.ProbablyBadPasswordException:可能是错误的 JKS key 密码:java.security.UnrecoverableKeyException:密码不能为 null
如果我使用 keytool 删除我加载的所有客户端证书,则异常变为
**Caused by: java.security.KeyStoreException: No private keys found in keystore!**
at org.apache.commons.ssl.KeyStoreBuilder.validate(KeyStoreBuilder.java:269)
at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:129)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:179)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:170)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:160)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:64)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:114)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:89)
at org.apache.commons.ssl.SSL.(SSL.java:142)
at org.apache.commons.ssl.SSLClient.(SSLClient.java:59)
at org.apache.commons.ssl.HttpSecureProtocol.(HttpSecureProtocol.java:55)
at org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory.(EasySSLProtocolSocketFactory.java:94)
输出中的片段:
keyStore is : /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
whole bunch of default trusted certs snipped here...
trigger seeding of SecureRandom
done seeding SecureRandom
@@@@@@@@@@ EXCEPTION
java.security.KeyStoreException: No private keys found in keystore!
有什么想法吗?
最佳答案
java.security.KeyStoreException: No private keys found in keystore!
此异常特别提示您尝试加载的 keystore 中没有私钥。
对于 Java 的默认信任库 cacerts,这是正确的!
但是使用您发布的代码(意味着您实际上没有发布任何代码)或者您没有说明您正在尝试加载的 keystore 的任何事实,这不可能帮助您解决这个问题。
关于java - KeyStoreException : No private keys found in keystore with not-yet-commons-ssl-0. 3.11.jar,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8663358/