KeyStoreException:在带有not-yet-commons-ssl-0.3.11.jar的密钥库中找不到私钥 [英] KeyStoreException: No private keys found in keystore with not-yet-commons-ssl-0.3.11.jar
问题描述
在使用用于身份验证的客户端证书的过程中,我决定使用 not-yet-commons-ssl-0.3.11.jar .这导致了另一个问题-在 EasySSLProtocolSocketFactory 或 StrictSSLProtocolSocketFactory 上调用构造函数的简单动作将产生一个异常.
In the course of using Client certificates for authentication, I decided to use not-yet-commons-ssl-0.3.11.jar. That has resulted in another issue - the simple act of invoking the constructor on EasySSLProtocolSocketFactory or StrictSSLProtocolSocketFactory will produce an exception.
代码,如在简单的cmd line应用程序中所隔离:
The code, as isolated in a simple cmd line app:
public class CertTest {
public static void main(String[] args) {
System.setProperty("javax.net.debug", "ssl,handshake"); // SSL DEBUG INFO
String keystore = "/usr/java/jdk1.6.0_11/jre/lib/security/cacerts";
String keystorePassword = "changeit";
System.setProperty("javax.net.ssl.keyStore", keystore);
System.setProperty("javax.net.ssl.keyStorePassword", keystorePassword);
// System.setProperty("javax.net.ssl.trustStore", keystore);
// System.setProperty("javax.net.ssl.trustStorePassword", keystorePassword);
try {
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory factory =
new org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory();
}
catch (Exception e) {
System.out.println (e);
}
}}
为了隔离旧版lib的问题,我将上面的代码放在带有这些jar的目录中(这些是classpath中唯一的jar):
To isolate issues with older libs, I put the above code in a directory with these jars (these are the ONLY jars in the classpath):
- httpclient-4.0.1.jar
- not-yet-commons-ssl-0.3.11.jar
- commons-httpclient-3.1.jar
- httpcore-4.0.1.jar
因此,有了 cacerts 密钥库中的一些客户端证书,我得到: org.apache.commons.ssl.ProbablyBadPasswordException:可能是错误的JKS-Key密码:java.security.UnrecoverableKeyException:密码不能为空
So, with some client certificates in the cacerts keystore, I get:
org.apache.commons.ssl.ProbablyBadPasswordException: Probably bad JKS-Key password: java.security.UnrecoverableKeyException: Password must not be null
如果我使用 keytool 删除我已加载的所有客户端证书,则异常更改为
If I use keytool to delete all the client certificates that I have loaded, then the exception changes to
**由于:java.security.KeyStoreException:在密钥库中找不到私钥!**
在org.apache.commons.ssl.KeyStoreBuilder.validate(KeyStoreBuilder.java:269)
在org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:129)
在org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:179)
在org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:170)
在org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:160)
在org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:64)
在org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:114)
在org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:89)
在org.apache.commons.ssl.SSL.(SSL.java:142)
在org.apache.commons.ssl.SSLClient.(SSLClient.java:59)
在org.apache.commons.ssl.HttpSecureProtocol.(HttpSecureProtocol.java:55)
在org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory.(EasySSLProtocolSocketFactory.java:94)
**Caused by: java.security.KeyStoreException: No private keys found in keystore!**
at org.apache.commons.ssl.KeyStoreBuilder.validate(KeyStoreBuilder.java:269)
at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:129)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:179)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:170)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:160)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:64)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:114)
at org.apache.commons.ssl.KeyMaterial.(KeyMaterial.java:89)
at org.apache.commons.ssl.SSL.(SSL.java:142)
at org.apache.commons.ssl.SSLClient.(SSLClient.java:59)
at org.apache.commons.ssl.HttpSecureProtocol.(HttpSecureProtocol.java:55)
at org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory.(EasySSLProtocolSocketFactory.java:94)
输出中的摘录:
keyStore是:/usr/java/jdk1.6.0_11/jre/lib/security/cacerts
keyStore类型为:jks
keyStore提供程序是:
初始化密钥库
SunX509类型的init密钥管理器
trustStore是:/usr/java/jdk1.6.0_11/jre/lib/security/cacerts
trustStore类型为:jks
trustStore提供程序是:
初始化信任库
添加为受信任的证书:
主题:CN = SwissSign白金CA-G2,O = SwissSign AG,C = CH
发行者:CN = SwissSign白金CA-G2,O = SwissSign AG,C = CH
算法:RSA;序列号:0x4eb200670c035d4f
一大堆默认的受信任证书在此处被剪掉了...
触发SecureRandom的种子
完成播种SecureRandom
@@@@@@@@@@@@例外
java.security.KeyStoreException:在密钥库中找不到私钥!
keyStore is : /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
whole bunch of default trusted certs snipped here...
trigger seeding of SecureRandom
done seeding SecureRandom
@@@@@@@@@@ EXCEPTION
java.security.KeyStoreException: No private keys found in keystore!
有什么想法吗?
推荐答案
java.security.KeyStoreException:在密钥库中找不到私钥!
java.security.KeyStoreException: No private keys found in keystore!
此异常专门抱怨您要加载的密钥库中没有私钥.
对于 cacerts (这是Java的默认信任库),这是正确的!
This exception specifically complains that there are no private keys in the keystore you are trying to load.
In the case of cacerts which is Java's default truststore this is true!
但是使用您已发布的代码(这意味着您实际上尚未发布任何代码),或者您没有对尝试加载的密钥库说任何话,就无法在此方面为您提供帮助.
But with the code you have posted (meaning you have not posted any code really) or the fact that you don't say anything about the keystore you are trying to load it is not possible to help you on this.
这篇关于KeyStoreException:在带有not-yet-commons-ssl-0.3.11.jar的密钥库中找不到私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
