用于pkcs12密钥库密钥的NoSuchAlgorithm

时间:2015-12-28 14:55:13

标签: java ssl keystore pkcs#12

我正在编写一个示例程序,用于从java应用程序查询供应商的Web服务。我不是从服务器做这个,它是一个java命令行桌面应用程序。编辑:使用Java 7。

我有供应商提供的证书 - 一个包含识别供应商的链,另一个是识别我公司的密钥库。我已将供应商证书导入到cacerts中,并且相信它可以正常工作,因为它消除了我在创建Service对象时遇到的错误。

当我实际尝试运行对webservice的远程调用时,我收到NoSuchAlgorithm错误;这是否意味着pkcs12不是有效类型的密钥库? Keystore Explorer可以读取这个密钥库,让我相信使用pkcs12应该是可能的。

所以我想知道我做错了什么,例如,我是否需要为PKCS12类型密钥做些什么。由于我使用VM命令行选项指定了密钥库,因此我也很困惑为什么SSL调试信息不​​会列出该密钥库。

我使用以下选项运行它:

-Djavax.net.debug=ssl -Djavax.net.ssl.keystore="S:\Vendor Documentation\9.07\Web Services\MyCompanykickoff\VendorSaaSWebServices-Customer.pfx" -Djavax.net.ssl.keyStorePassword=cX5L9CTj -Djavax.net.ssl.keyStoreType=pkcs12

我得到以下输出:

run:
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync1
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEncryptedSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
keyStore is : 
keyStore type is : pkcs12

keyStore provider is : 
init keystore
default context init failed: java.security.KeyStoreException: pkcs12
 not found
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
  at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
  at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)
  at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:123)
  at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:626)
  at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:585)
  at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
  at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
  at com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
all done
  at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:177)
  at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:203)
  at stsclientexample3.STSClientExample3.main(STSClientExample3.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198)
  at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205)
  at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:361)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:378)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:473)
  at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:270)
  at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:327)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:974)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
  at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)
  ... 11 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at java.security.Provider$Service.newInstance(Provider.java:1262)
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
  at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
  at javax.net.ssl.SSLContext.getDefault(SSLContext.java:97)
  at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:121)
  at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:333)
  at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:291)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
  at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
  at java.net.URL.openConnection(URL.java:1018)
  at com.sun.xml.internal.ws.api.EndpointAddress.openConnection(EndpointAddress.java:202)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.createHttpConnection(HttpClientTransport.java:202)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:102)
  ... 11 more
Caused by: java.security.KeyStoreException: pkcs12
 not found
  at java.security.KeyStore.getInstance(KeyStore.java:616)
  at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:603)
  at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:495)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
  at java.lang.Class.newInstance0(Class.java:372)
  at java.lang.Class.newInstance(Class.java:325)
  at java.security.Provider$Service.newInstance(Provider.java:1238)
  ... 24 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12
 KeyStore not available
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
  at java.security.Security.getImpl(Security.java:695)
  at java.security.KeyStore.getInstance(KeyStore.java:613)
  ... 33 more
BUILD SUCCESSFUL (total time: 0 seconds)

好的'Netbeans,告诉我我的构建成功了......

如果有人仍然想要代码:

package stsclientexample3;

import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import javax.xml.ws.Service.Mode;
import javax.xml.ws.soap.AddressingFeature;

import org.oasis_open.docs.ws_sx.ws_trust._200512.RequestSecurityTokenType;

public class STSClientExample3 {

    public static void main(String[] args) {
        try
        {
    final Service service 
      = Service.create( 
              new URL("file://\\project\\VendorDemo\\DocumentAPIv22Methods\\EchoSignDocumentService22Demo\\Java\\STSClientExample2\\web\\WEB-INF\\wsdl\\SecurityTokenService.wsdl"),
                        new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "SecurityTokenService") 
                       );
    Iterator<QName> ports = service.getPorts();
    while (ports.hasNext()) {
        QName port = ports.next();
        System.out.println(port.toString());
    }

    final Dispatch dispatch 
      = service.createDispatch(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "CustomBinding_IWSTrust13Sync"), 
                                JAXBContext.newInstance("org.oasis_open.docs.ws_sx.ws_trust._200512"), 
                                Mode.PAYLOAD, 
                                new AddressingFeature()
                              );

    final BindingProvider provider = (BindingProvider) dispatch;

    final Map requestContext = provider.getRequestContext();

    requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");

    final RequestSecurityTokenType request = new RequestSecurityTokenType();

    dispatch.invoke(new JAXBElement<RequestSecurityTokenType>
                          (new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestSecurityToken"), 
                            RequestSecurityTokenType.class, 
                            request)
                          );
        }
         catch (Exception e) { e.printStackTrace(); }
        System.out.println("all done");
    }

    public static void disableCertificates()
    {
        try {
            TrustManager[] trustAllCerts = 
            {new X509TrustManager() 
                {
                    public X509Certificate[] getAcceptedIssuers() { return null; }
                    public void checkClientTrusted(X509Certificate[] certs, String authType) { }
                    public void checkServerTrusted(X509Certificate[] certs, String authType) { }
                }
            };
            SSLContext sc = SSLContext.getInstance("SSL");
            HostnameVerifier hv 
                    = new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } };
            sc.init(null, trustAllCerts, new SecureRandom());

            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(hv);
        } 
        catch (Exception localException) 
        {
            System.out.println("Problem disabling SSL certificates: " + localException.getMessage());
        }
    }

}

2 个答案:

答案 0 :(得分:1)

我犯了一个愚蠢的错误,导致NoSuchAlgorithm例外。

如果您(或阅读此帖子的任何人)在使用SpringBoot时收到此错误,请检查您的application.properties并确保您 没有写入密钥库类型值像这样:

server.ssl.key-store-type="PKCS12"

请注意引号 不应该

删除它们后,异常就消失了。\

我正在使用Java 1.8:

java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)

PS 我知道这与问题没有多大关系,但是对NoSuchAlgorithm例外的Google查询引导我访问此页面,所以我认为这将是一个好地方写这个建议。

答案 1 :(得分:0)

确保文件YOUR_JDK/jre/lib/security/java.security中的下一行设置为“true”:

#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true