我创建了一个KeyStore来保存Web服务器中的一组私钥。创建KeyStore.jks文件后,我成功添加了一个私钥并从密钥库中检索它。但是,当我尝试添加新密钥时,我会在EOFException中获得KeyStore.load(...)。
public void setPrivateKey(String deviceSerialNumber, PrivateKey priv) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, InvalidKeySpecException, NotSupportedException {
File privateKeyFile = getFile(Constants.JKS_PRIVATE_FILE_NAME);//Get the KeyStore.jks file
synchronized (privateKeyFile) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(privateKeyFile), Constants.JKS_PRIVATE_FILE_PASSWORD); //This is where the error happens
FileOutputStream file = null;
try {
file = new FileOutputStream(privateKeyFile);//Get the JKS file with the private keys
//Write the private key to the file
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(Constants.JKS_PRIVATE_FILE_PASSWORD);
KeyStore.PrivateKeyEntry pke = new KeyStore.PrivateKeyEntry(priv, new Certificate[] { createCertificate() });
keyStore.setEntry(deviceSerialNumber, pke, protParam);
//Save changes to key store file
keyStore.store(file, Constants.JKS_PRIVATE_FILE_PASSWORD);
} finally {
file.close();//Close the private key file output stream
}
}
}
public PrivateKey getPrivateKey(String deviceSerialNumber) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, InvalidKeySpecException, NotSupportedException, UnrecoverableEntryException {
PrivateKey key = null;
File privateKeyFile = getFile(Constants.JKS_PRIVATE_FILE_NAME);//Get the keyStore.jks file
synchronized (privateKeyFile) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(privateKeyFile), Constants.JKS_PRIVATE_FILE_PASSWORD);
FileOutputStream file = null;
try {
file = new FileOutputStream(privateKeyFile);//Get the JKS file with the private keys
//Write the private key to the jks file
boolean isKeyEntry = keyStore.isKeyEntry(deviceSerialNumber);//Check if there is a key with the alias deviceSerialnumber
if (isKeyEntry) {//If the key does exist
System.err.println("Key does exist!!!!1");
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(Constants.JKS_PRIVATE_FILE_PASSWORD);
KeyStore.PrivateKeyEntry pke = (PrivateKeyEntry) keyStore.getEntry(deviceSerialNumber, protParam);
key = pke.getPrivateKey();
} else {//If the key does not exist
System.err.println("No key!!!!!!!!");
//HANDLE THIS
return null;
}
} finally {
file.close();//Close the private key file output stream
}
}
return key;
}
private Certificate createCertificate() throws CertificateException, IOException {
FileInputStream fis = new FileInputStream(getFile(Constants.CERTIFICATE_FILE));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> c = cf.generateCertificates(fis);
Iterator<? extends Certificate> i = c.iterator();
if (i.hasNext())
return (Certificate) i.next();
else
return null;
}
第二次调用该方法以向密钥库添加其他私钥时,setPrivateKey(...)在keyStore.load(...)发生错误。
我使用keytool生成KeyStore.jks文件和server.cer文件
keytool -genkey -alias keyAlias -keyalg RSA -keystore KeyStore.jks -keypass password -storepass password
keytool -export -alias keyAlias -file server.cer -keystore KeyStore.jks -storepass password
我是否在从密钥库存储和检索私钥的方式上做错了什么?如何阻止EOFException发生?
答案 0 :(得分:1)
删除此行getPrivateKey
file = new FileOutputStream(privateKeyFile);
它未被使用并关闭您之前创建的FileInputStream,而不是输出流。您在同一个文件上有两个开放流
keyStore.load(new FileInputStream(privateKeyFile), Constants.JKS_PRIVATE_FILE_PASSWORD);