java - KeyStoreException : No private keys found in keystore with not-yet-commons-ssl-0. 3.11.jar

标签 java ssl httpclient ssl-certificate

使用过程中 Client certificates for authentication , 我决定使用 not-yet-commons-ssl-0.3.11.jar .这导致了另一个问题 - 在 EasySSLProtocolSocketFactoryStrictSSLProtocolSocketFactory 上调用构造函数的简单操作将产生异常。

代码,隔离在一个简单的 cmd 行应用程序中:

public class CertTest {

public static void main(String[] args) {

    System.setProperty("javax.net.debug", "ssl,handshake"); // SSL DEBUG INFO
    String keystore = "/usr/java/jdk1.6.0_11/jre/lib/security/cacerts";
    String keystorePassword = "changeit";

System.setProperty("javax.net.ssl.keyStore", keystore);
System.setProperty("javax.net.ssl.keyStorePassword", keystorePassword);
//        System.setProperty("javax.net.ssl.trustStore", keystore);
//        System.setProperty("javax.net.ssl.trustStorePassword", keystorePassword);

    try {
        org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory factory = 
            new     org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory();
    }
    catch (Exception e) {
        System.out.println (e);
    }

}

为了隔离旧库的问题,我将上面的代码放在包含这些 jar 的目录中(这些是类路径中唯一的 jar):

  1. httpclient-4.0.1.jar
  2. not-yet-commons-ssl-0.3.11.jar
  3. commons-httpclient-3.1.jar
  4. httpcore-4.0.1.jar

因此,使用 cacerts keystore 中的一些客户端证书,我得到: org.apache.commons.ssl.ProbablyBadPasswordException:可能是错误的 JKS key 密码:java.security.UnrecoverableKeyException:密码不能为 null

如果我使用 keytool 删除我加载的所有客户端证书,则异常变为

**Caused by: java.security.KeyStoreException: No private keys found in keystore!**
at org.apache.commons.ssl.KeyStoreBuilder.validate(KeyStoreBuilder.java:269)
at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:129)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:179)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:170)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:160)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:64)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:114)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:89)
at org.apache.commons.ssl.SSL.(SSL.java:142)
at org.apache.commons.ssl.SSLClient.(SSLClient.java:59)
at org.apache.commons.ssl.HttpSecureProtocol.(HttpSecureProtocol.java:55)
at org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory.(EasySSLProtocolSocketFactory.java:94)

输出中的片段:

keyStore is : /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f

whole bunch of default trusted certs snipped here...
trigger seeding of SecureRandom
done seeding SecureRandom
@@@@@@@@@@ EXCEPTION
java.security.KeyStoreException: No private keys found in keystore!

有什么想法吗?

最佳答案

java.security.KeyStoreException: No private keys found in keystore!

此异常特别提示您尝试加载的 keystore 中没有私钥。
对于 Java 的默认信任库 cacerts,这是正确的!

但是使用您发布的代码(意味着您实际上没有发布任何代码)或者您没有说明您正在尝试加载的 keystore 的任何事实,这不可能帮助您解决这个问题。

关于java - KeyStoreException : No private keys found in keystore with not-yet-commons-ssl-0. 3.11.jar,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8663358/

相关文章:

java - 使用增强的 for 循环时更改数组列表大小

java - 如果每个异常捕获都应该记录它?

c# - Http Client 现有连接被远程主机强行关闭

java - 通过 HttpClient 接受所有 Cookie

android - Javax.net.ssl.SSLHandshakeException : javax.net.ssl.SSLProtocolException : SSL handshake aborted: Failure in SSL library, 通常是协议(protocol)错误

java - 使用 DefaultHttpClient 设置语言环境?

java - 我需要帮助调整随机代码的宽度

java - JSR 303 验证 : Pass in an Object/Context Information at runtime?

php - 带有 Apache 服务器 SSL 的 PHP 中的 Websocket

java - 带有 CA 签名证书的 2 路 TLS