我在尝试调用https rest服务时遇到以下错误:
Caused by: java.security.ProviderException: Could not derive key
sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:133)
sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:163)
javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:648)
sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:101)
sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1067)
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
... 36 more
Caused by: java.security.InvalidAlgorithmParameterException
sun.security.ec.ECDHKeyAgreement.deriveKey(Native Method)
sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:130)
... 46 more
java.security.ProviderException: Could not derive key
有趣的是,如果我使用Java 1.8执行相同的代码作为独立代码,它可以正常工作。
在Wildfly 9中部署代码后,问题开始发生.Wildfly 9在Java 1.8上运行,与工作独立版本完全相同。所以,我不认为它是一个java问题,更多的是Wildfly问题。
我尝试在Standalone和wildfly上比较-Djavax.net.debug = all。以下是来自wildfly部署代码的片段。
[0m[0m13:35:26,100 INFO [stdout] (default task-2) *** ECDHClientKeyExchange
[0m[0m13:35:26,104 INFO [stdout] (default task-2) ECDH Public value: { 4, 43, 99, 163, 253, 189, 137, 10, 221, 205, 19, 183, 173, 128, 171, 32, 35, 249, 144, 154, 197, 102, 78, 161, 23, 240, 209, 125, 129, 106, 224, 33, 219, 6, 207, 105, 238, 187, 181, 124, 194, 13, 0, 223, 88, 212, 101, 163, 19, 119, 41, 100, 36, 79, 235, 57, 65, 112, 71, 194, 43, 36, 244, 78, 174 }
[0m[0m13:35:26,104 INFO [stdout] (default task-2) [write] MD5 and SHA1 hashes: len = 70
[0m[0m13:35:26,106 INFO [stdout] (default task-2) 0000: 10 00 00 42 41 04 2B 63 A3 FD BD 89 0A DD CD 13 ...BA.+c........
[0m[0m13:35:26,108 INFO [stdout] (default task-2) 0010: B7 AD 80 AB 20 23 F9 90 9A C5 66 4E A1 17 F0 D1 .... #....fN....
[0m[0m13:35:26,110 INFO [stdout] (default task-2) 0020: 7D 81 6A E0 21 DB 06 CF 69 EE BB B5 7C C2 0D 00 ..j.!...i.......
[0m[0m13:35:26,111 INFO [stdout] (default task-2) 0030: DF 58 D4 65 A3 13 77 29 64 24 4F EB 39 41 70 47 .X.e..w)d$O.9ApG
[0m[0m13:35:26,112 INFO [stdout] (default task-2) 0040: C2 2B 24 F4 4E AE .+$.N.
[0m[0m13:35:26,113 INFO [stdout] (default task-2) default task-2, WRITE: TLSv1 Handshake, length = 70
[0m[0m13:35:26,113 INFO [stdout] (default task-2) [Raw write]: length = 75
[0m[0m13:35:26,115 INFO [stdout] (default task-2) 0000: 16 03 01 00 46 10 00 00 42 41 04 2B 63 A3 FD BD ....F...BA.+c...
[0m[0m13:35:26,116 INFO [stdout] (default task-2) 0010: 89 0A DD CD 13 B7 AD 80 AB 20 23 F9 90 9A C5 66 ......... #....f
[0m[0m13:35:26,118 INFO [stdout] (default task-2) 0020: 4E A1 17 F0 D1 7D 81 6A E0 21 DB 06 CF 69 EE BB N......j.!...i..
[0m[0m13:35:26,120 INFO [stdout] (default task-2) 0030: B5 7C C2 0D 00 DF 58 D4 65 A3 13 77 29 64 24 4F ......X.e..w)d$O
[0m[0m13:35:26,121 INFO [stdout] (default task-2) 0040: EB 39 41 70 47 C2 2B 24 F4 4E AE .9ApG.+$.N.
[0m[0m13:35:26,138 INFO [stdout] (default task-2) default task-2, handling exception: java.security.ProviderException: Could not derive key
[0m[0m13:35:26,138 INFO [stdout] (default task-2) %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
[0m[0m13:35:26,139 INFO [stdout] (default task-2) default task-2, SEND TLSv1 ALERT: fatal, description = internal_error
[0m[0m
13:35:26,139 INFO [stdout] (default task-2) default task-2, WRITE: TLSv1 Alert, length = 2
[0m[0m13:35:26,139 INFO [stdout] (default task-2) [Raw write]: length = 7
[0m[0m13:35:26,141 INFO [stdout] (default task-2) 0000: 15 03 01 00 02 02 50 ......P
[0m[0m13:35:26,141 INFO [stdout] (default task-2) default task-2, called closeSocket()
[0m[0m13:35:26,141 INFO [stdout] (default task-2) default task-2, called close()
[0m[0m13:35:26,141 INFO [stdout] (default task-2) default task-2, called closeInternal(true)
[0m[31m13:35:26,142 ERROR [stderr] (default task-2) javax.net.ssl.SSLException: java.security.ProviderException: Could not derive key
我已尝试应用在线提及的所有修复程序,但问题仍然存在。任何指针/帮助将非常感激。感谢。
答案 0 :(得分:2)
经过多次诊断,我能够解决这个问题。
在我目前的环境中,我在wildfly 9之上运行ColdFusion。上面的特定代码是从ColdFusion页面中调用的。我发现COldFusion的默认安全提供程序JsafeJCE就是问题所在。所以,我删除了" JsafeJCE"提供者和代码执行就像一个魅力。
使用下面的代码删除JsafeJCE:
<cfobject type="Java" class="java.security.Security" name="providerObj">;
<cfscript>providerObj.removeProvider("JsafeJCE");</cfscript>
摘要 - ColdFusion安装提供了安全提供程序的问题。
答案 1 :(得分:0)
我也曾遇到过这个错误。我们尝试切换java版本,但它没有帮助。原来这个错误是由一个不同的项目引起的,该项目部署在同一台服务器上。也许它启用了一些特殊的SSL配置。