java.security.InvalidKeyException:PBES2 AlgorithmParameters不可用

时间:2014-02-13 18:50:00

标签: java security ssl

尝试在客户端和服务器之间进行TLS握手。但是,更改密码规范步骤失败了。同样在客户端收到如下所述的异常:我无法理解为什么我收到如下所示的奇怪异常。

这是什么意思?关于如何解决这个问题的任何想法?

我在Java 7下运行它。

  

java.security.NoSuchAlgorithmException:PBES2 AlgorithmParameters not   可在   sun.security.jca.GetInstance.getInstance(GetInstance.java:159)at at   java.security.Security.getImpl(Security.java:695)at   java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:146)     在com.certicom.security.pkcs.pkcs5.g。(未知来源)at   com.certicom.security.pkcs.pkcs5.i.a(未知来源)at   com.certicom.security.sslplus.b.a(未知来源)at   com.certicom.security.cert.internal.x509.PKCS8.decrypt(未知来源)     在   com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentity(未知   来源)com.certicom.tls.cert.CertLoader.loadLocalIdentity(未知)   来源)在com.certicom.tls.interfaceimpl.i.a(未知来源)at   com.certicom.tls.TLSContext.loadLocalIdentity(未知来源)at   com.onstar.emxp.util.TLSClient.loadCert(TLSClient.java:66)at   com.onstar.adc.pd.connection.TLSContextLoader.getTLSContext(TLSContextLoader.java:27)     在com.onstar.adc.pd.PacketClient.run(PacketClient.java:74)

     

java.security.InvalidKeyException:PBES2 AlgorithmParameters没有   可在com.certicom.security.pkcs.pkcs5.g获取。(未知   来源)在com.certicom.security.pkcs.pkcs5.i.a(未知来源)at at   com.certicom.security.sslplus.b.a(未知来源)at   com.certicom.security.cert.internal.x509.PKCS8.decrypt(未知来源)     在   com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentity(未知   来源)com.certicom.tls.cert.CertLoader.loadLocalIdentity(未知)   来源)在com.certicom.tls.interfaceimpl.i.a(未知来源)at   com.certicom.tls.TLSContext.loadLocalIdentity(未知来源)at   com.onstar.emxp.util.TLSClient.loadCert(TLSClient.java:66)at   com.onstar.adc.pd.connection.TLSContextLoader.getTLSContext(TLSContextLoader.java:27)     在com.onstar.adc.pd.PacketClient.run(PacketClient.java:74)

     

java.security.KeyManagementException at   com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentity(未知   来源)com.certicom.tls.cert.CertLoader.loadLocalIdentity(未知)   来源)在com.certicom.tls.interfaceimpl.i.a(未知来源)at   com.certicom.tls.TLSContext.loadLocalIdentity(未知来源)at   com.onstar.emxp.util.TLSClient.loadCert(TLSClient.java:66)at   com.onstar.adc.pd.connection.TLSContextLoader.getTLSContext(TLSContextLoader.java:27)     在com.onstar.adc.pd.PacketClient.run(PacketClient.java:74)警告:   无法加载证书数据包服务器   java.security.KeyManagementException

执行tls握手的客户端代码:

    socket = new Socket(host, port);
    InputSSLIOStream inputStream = new InputSSLIOStream(
    socket.getInputStream());
    OutputSSLIOStream outputStream = new OutputSSLIOStream(
    socket.getOutputStream());
    TLSConnection tlsConnection = tlsContextLoader.getTLSContext()
                    .getClientConnection(inputStream, outputStream, "server");
    tlsConnection.startHandshake();
    socket.setSoTimeout(30000);
    OutputStream tlsOutputStream = tlsConnection.getOutputStream();
    InputStream tlsInputStream = tlsConnection.getInputStream();

My TLS Context loader:

public class TLSContextLoader
{
    public TLSContext getTLSContext()
            throws Exception
    {
        TLSContext localTLSContext = new TLSContext();
        localTLSContext.setIsStrongCipherSuiteLimited(false);
        localTLSContext.setHelloProtocol("TLS1-ONLY");
        localTLSContext.setEllipticCurves(new String[] { "secp256r1" });
        localTLSContext.setClientAuthModes(new String[] { "ECDSA_SIGN" });
        localTLSContext.setDebugFlag();
        localTLSContext.setEccDraftCompatibility(-1);
        localTLSContext.setX509BasicConstraintBug(true);
        TLSClient.loadCert(localTLSContext, "packetserver");
        localTLSContext.setPSKParam(new byte[] { 49 });
        localTLSContext.loadTrustedCertificates(KeyLoader.getTrustedStream("rootca"));

        localTLSContext.setRNG(new SecureRandom(generateSeed()));
        LocalTrustManager localLocalTrustManager = new LocalTrustManager();
        localTLSContext.setTrustManager(localLocalTrustManager);
        localTLSContext.setEnabledCipherSuites(EMXPArrays.csvToArray("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"));

        localTLSContext.setNeedClientAuth(false);
        return localTLSContext;
    }

    private byte[] generateSeed() {
        String str = new String();
        str = str + "IDH" + System.identityHashCode(str);
        Runtime localRuntime = Runtime.getRuntime();
        str = str + "FM" + localRuntime.freeMemory();
        str = str + "CT" + System.currentTimeMillis();
        Properties localProperties = System.getProperties();
        Enumeration localEnumeration = localProperties.elements();
        while (localEnumeration.hasMoreElements()) {
            str = str + localEnumeration.nextElement();
        }
        str = str + "VHC" + str.hashCode();
        return str.getBytes();
    }
}

1 个答案:

答案 0 :(得分:0)

上述问题得以解决。在客户端使用certicom库是为了安全,而在服务器端则使用JDK 7。当客户端和服务器都基于JDK 7安全库时,客户端能够与服务器通信并协商握手。