只要将带有keytool的第一个密钥导入wso2carbon.jks文件(并重新启动服务),我的服务就无法正常启动并记录以下错误:
TID: [0] [EMM] [2014-03-06 23:46:42,106] ERROR
{org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiverDS} - Can not
create and start Agent Server
{org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiverDS}
org.wso2.carbon.databridge.core.exception.DataBridgeException: Cannot start agent server
on port 7711
at
org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiver.startSecureEventTransmission(ThriftDataReceiver.java:129)
at org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiver.start(ThriftDataReceiver.java:101)
at org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiverDS.activate(ThriftDataReceiverDS.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:347)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:451)
at org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:517)
at org.wso2.carbon.core.init.CarbonServerManager.start(CarbonServerManager.java:219)
at org.wso2.carbon.core.internal.CarbonCoreServiceComponent.activate(CarbonCoreServiceComponent.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:347)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433)
at org.eclipse.equinox.http.servlet.internal.Activator.registerHttpService(Activator.java:81)
at org.eclipse.equinox.http.servlet.internal.Activator.addProxyServlet(Activator.java:60)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.init(ProxyServlet.java:40)
at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.init(DelegationServlet.java:38)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1267)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1186)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1081)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5027)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5314)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: org.wso2.carbon.databridge.commons.exception.TransportException: Thrift transport exception occurred
at org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiver.startSecureEventTransmission(ThriftDataReceiver.java:150)
at org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiver.startSecureEventTransmission(ThriftDataReceiver.java:127)
... 63 more
Caused by: org.apache.thrift.transport.TTransportException: Error creating the transport
at org.apache.thrift.transport.TSSLTransportFactory.createSSLContext(TSSLTransportFactory.java:201)
at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:102)
at org.wso2.carbon.databridge.receiver.thrift.internal.ThriftDataReceiver.startSecureEventTransmission(ThriftDataReceiver.java:146)
... 64 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:792)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:259)
at org.apache.thrift.transport.TSSLTransportFactory.createSSLContext(TSSLTransportFactory.java:187)
... 66 more
我已经尝试用证书做各种各样的事情,但是我没能成功设置一个完全运行的服务。 任何人都可以帮助我逐步通过证书处理,因为遵循手册显然由于某种原因没有成功。 备注:我没有iOS证书,我按照wso2手册使用openSSL生成了所有证书。 我执行了这个命令来生成这个特定的(KEYSTORE)p12文件,以便在wso2carbon.jks中导入。 我是否首先需要手动删除该文件夹中的所有jks文件,还是应该将其导入到现有文件中? 还有什么我可能做错了? 感谢您的支持。
答案 0 :(得分:4)
根据您的旧问题,我假设您正在尝试配置Android管理部分。文档中大多数与证书相关的内容都与iOS相关联。如果您想试用Android配置,可以跳过其中的大部分内容。只需跳过CA / RA代。
配置Android时,只需要一个密钥库即可配置Android代理应用。您可以在Android client configurations找到分步配置。在此链接中,它已指向iOS CA生成,因为如果您同时配置iOS和Android,则已执行此步骤。否则你只需要执行这些命令。
openssl genrsa -out <CA PRIVATE KEY> 4096
For example: openssl genrsa -out ca_private.key 4096
openssl req -new -key <CA PRIVATE KEY> -out <CA CSR>
For example: openssl req -new -key ca_private.key -out ca.csr
openssl x509 -req -days <DAYS> -in <CA CSR> -signkey <CA PRIVATE KEY> -out <CA CRT> -extensions v3_ca
For example: openssl x509 -req -days 365 -in ca.csr -signkey ca_private.key -out ca.crt -extensions v3_ca
openssl rsa -in <CA PRIVATE KEY> -text > <CA PRIVATE PEM>
For example: openssl rsa -in ca_private.key -text > ca_private.pem
openssl x509 -in <CA CRT> -out <CA CERT PEM>
For example: openssl x509 -in ca.crt -out ca_cert.pem
以下命令结束时,您应该拥有ca_cert.pem。
现在您需要将此ca文件导出到pkcs12中。命令如下。
openssl pkcs12 -export -out ca.p12 -inkey ca_private.pem -in ca_cert.pem -name "cacert"
现在你得到了ca.p12文件。
只需执行以下命令即可创建密钥库文件。
keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -destkeystore wso2mobilemdm.jks
正如我在其他帖子wso2-mdm-android-agent-issue中所提到的,你可以将其重命名为bks文件格式,或者你可以使用portecle将其转换为bks,因为Android希望你以bouncycastle格式制作密钥库文件。然后按照文档中的提法嵌入这些bks并重新编译Android代理程序代码。
为了更好地开始,您需要清除所有内容并获取新的WSO2 EMM zip文件。提取它并从头开始。从您那里记录我的感觉是您现有的wso2carbon.jks已损坏。生成时不要将生成的CA导入其中,并使用我在上一步中提到的新密钥库文件。
希望这会有所帮助。
答案 1 :(得分:3)
试试这个,
首先尝试使用HTTP协议连接到服务器。只需在MDM代理的CommonUtilities.java文件中将SERVER_PORT更改为9763,将SERVER_PROTOCOL更改为http://即可。
如果成功,请检查您的BKS生成选项,特别是主机名。它是唯一可能出错的地方。尝试上面,让我们知道结果。
答案 2 :(得分:1)
我也在努力解决这个问题,但终于弄明白了。我调试了应用程序,发现在移动设备上选择IP时会检查BKS,如果失败,则不会出错。然而,这意味着身份验证仍然无效,并且在您尝试连接之前输入接下来的几个屏幕时会出现错误。要解决此问题,我执行了以下操作: -
这将负责服务器部分。只需编辑\ repository \ conf下的mdm-config.xml,与文档不同,请记住我在上面统一了所有密码以使其更容易,因此请确保将它们设置为wso2carbon。忽略iOS部分,突然出现&#34;密钥库部分&#34;需要完成。
另外,编辑sso-idp-config.xml,并根据需要更改ip addesses。
现在,转到BKS。这部分只是文档中提到的 含糊 。获取bcprov-jdk15on-146.jar已下载。为简单起见,将其复制到当前临时文件夹。我尝试了bcprov-jdk15on-150.jar,但由于某种原因它没有用。
现在在此文件夹中运行此命令(因为我运行了多个版本的Java,因此我的Keytool路径搞砸了): -
&#34;%JAVA_HOME%\ BIN \密钥工具&#34; -importcert -trustcacerts -keystore emm_truststore.bks -storetype bks -storepass wso2carbon -file ca_cert.pem -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ./bcprov-jdk15on-146.jar
现在,这将在temp文件夹中与其他Certs一起创建BKS文件。现在将此emm_truststore.bks复制回res / raw下的代理文件夹,覆盖它。
在MDM项目中,还要检查&#34;公共静态字符串SENDER_ID =&#34;在导出之前更改IP地址等时在配置文件中。
清理项目,然后重建它。现在您已准备好导出。我做的是将wso2mobilemdm.jks复制到我的android项目的根目录,因为它已经使用了正确的格式。但您可以导出,并为此创建一个新密钥。注意,这与您创建的BKS无关,这是为了在设备上运行apk来签名。
如果你现在运行它应该工作。当您尝试向服务器进行身份验证时,您将看到活动。