我正在尝试保护在Jetty上运行的Web服务。 该服务是使用sparkjava v.2.3实现的,它具有用于此目的的特定命令:
secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword);
因此,我使用此命令并使用keytool实用程序生成密钥库文件:
keytool -genkeypair -keystore keystore.jks -alias $MYHOST -keyalg RSA -keysize 2048 -dname "CN=$MYHOST"
提供了密码并获得了此keystore.jks文件,但是当我尝试启动我的服务时,我收到以下异常:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) ~[na:1.8.0_45]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) ~[na:1.8.0_45]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_45]
at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:52) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.ssl.SslContextFactory.loadTrustStore(SslContextFactory.java:1046) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:338) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:260) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:244) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.Server.doStart(Server.java:384) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at spark.webserver.JettySparkServer.ignite(JettySparkServer.java:131) ~[spark-core-2.3.jar:na]
at spark.SparkInstance.lambda$init$0(SparkInstance.java:341) [spark-core-2.3.jar:na]
at spark.SparkInstance$$Lambda$7/1326393666.run(Unknown Source) [spark-core-2.3.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
恕我直言,keystore.jks有效,因为从中生成的证书已成功安装。 进一步调查问题我正在查看sun.security.provider.JavaKeyStore的源代码,并看到以下代码:
645 int xMagic = dis.readInt();
646 int xVersion = dis.readInt();
647
648 if (xMagic!=MAGIC ||
649 (xVersion!=VERSION_1 && xVersion!=VERSION_2)) {
650 throw new IOException("Invalid keystore format");
651 }
652
提到在同一文件中定义的上述常量:
68 private static final int MAGIC = 0xfeedfeed;
69 private static final int VERSION_1 = 0x01;
70 private static final int VERSION_2 = 0x02;
71
现在我使用hexdump实用程序打开keystore.jks文件并查看其顶部:
$ hexdump -C keystore.jks
00000000 fe ed fe ed 00 00 00 02 00 00 00 01 00 00 00 01 |................|
所以,基于我所看到的,xMagic变量等于MAGIC常量,xVersion等于VERSION_2。它不应抛出此异常,但确实如此。
如果有人能说明我在这里所缺少的内容以及如何使其发挥作用,我将非常感激。
答案 0 :(得分:0)
我确实找到了问题的原因。 密钥库文件很好,但信任库已损坏。 不幸的是,它使用相同的代码进行检查,并且没有在错误消息中指定它是哪个文件。 如果下一版本中的Spark开发团队将此信息包含在异常消息中,那将非常有用。