我正在使用Jboss eap 6.2和jdk 1.7.0_60
我正在加载一个像这样的密钥库(Groovy代码)
def keyStore = KeyStore.getInstance( 'PKCS12' )
new File("/opt/test/test.private.key.p12").withInputStream {
keyStore.load( it, 'myPassword'.toCharArray() )
}
这是一个webapp,所以我为每个GET运行该代码。第一次运行它时工作正常,我可以使用该密钥库进行HTTPS连接。但是第二次我在“包含keystore.load的新文件(...”闭包)的行上得到以下错误;
20:58:38,616 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/].[default]] (http-/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet default threw exception: org.jboss.resteasy.spi.UnhandledException: java.io.IOException: error constructing MAC: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
at org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:365) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:233) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:209) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:557) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.SynchronousDispatcher.invokePropagateNotFound(SynchronousDispatcher.java:169) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:212) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.plugins.server.servlet.FilterDispatcher.doFilter(FilterDispatcher.java:59) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:407) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]
Caused by: java.io.IOException: error constructing MAC: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source) [bcprov-jdk14-1.38.jar:1.38.0]
at java.security.KeyStore.load(KeyStore.java:1214) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:230) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120) [groovy-all-2.2.2.jar:2.2.2]
at com.myCo.ConfirmInfo$_fetchHouseholdInfo_closure1.doCall(ConfirmInfo.groovy:114) [:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90) [groovy-all-2.2.2.jar:2.2.2]
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:272) [groovy-all-2.2.2.jar:2.2.2]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909) [groovy-all-2.2.2.jar:2.2.2]
at groovy.lang.Closure.call(Closure.java:423) [groovy-all-2.2.2.jar:2.2.2]
at groovy.lang.Closure.call(Closure.java:439) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.IOGroovyMethods.withStream(IOGroovyMethods.java:1183) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.ResourceGroovyMethods.withInputStream(ResourceGroovyMethods.java:1555) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.dgm$868.invoke(Unknown Source) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:271) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-2.2.2.jar:2.2.2]
at com.myCo.ConfirmInfo.fetchHouseholdInfo(ConfirmInfo.groovy:113) [:]
at com.myCo.ConfirmInfo$Proxy$_$$_WeldClientProxy.fetchHouseholdInfo(ConfirmInfo$Proxy$_$$_WeldClientProxy.java) [:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:207) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:68) [groovy-all-2.2.2.jar:2.2.2]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124) [groovy-all-2.2.2.jar:2.2.2]
at com.myCo.saml.FfmReturnServlet.doPost(FfmReturnServlet.groovy:106) [:]
at com.myCo.saml.FfmReturnServlet$Proxy$_$$_WeldClientProxy.doPost(FfmReturnServlet$Proxy$_$$_WeldClientProxy.java) [:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542) [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]
我不知道为什么在第一次和第二次运行代码时这会有所不同。有什么想法吗?建议?谢谢!
答案 0 :(得分:1)
我不知道你的两次调用之间究竟发生了什么,但是因为你没有为PKCS12指定一个提供者,可能的解释是他们之间可能有些代码正在添加{{1} }提供程序,因此第二次BouncyCastle提供程序导致错误,如您在日志中看到的那样:
BouncyCastle这是可能的,因为像
Caused by: java.io.IOException: error constructing MAC: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source) [bcprov-jdk14-1.38.jar:1.38.0]
这样的JCE提供程序必须使用Oracle JCE证书进行签名才能在使用之前进行身份验证。 BouncyCastle提供了此代码的正确签名jar版本,可能您使用的是未签名版本或直接使用源代码。
所以我认为有两种可能的解决方案:
BouncyCastle已签名的jar版本,包含在您的类路径中,并在BouncyCastle的代码中指定BouncyCastle作为提供程序创建:PKCS12也可以使用
def keyStore = KeyStore.getInstance( 'PKCS12', new BouncyCastleProvider() )
new File("/opt/test/test.private.key.p12").withInputStream {
keyStore.load( it, 'myPassword'.toCharArray() )
}
,但为此必须在keyStore.getInstance( 'PKCS12' , 'BC')之前添加。
java.security.Security.Security.addProvider(new BouncyCastleProvider())使用其他提供商,例如PKCS12实施SunJSSE(有关详细信息,请参阅:http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html):PKCS12我更喜欢第一个选项,但是你可以尝试使用第二个选项,因为测试速度更快。
希望这有帮助,