Widlfly 9:java.security.ProviderException:无法派生键

时间:2017-02-21 21:57:53

标签: ssl wildfly wildfly-9

我在尝试调用https rest服务时遇到以下错误:

Caused by: java.security.ProviderException: Could not derive key
    sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:133)
    sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:163)
    javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:648)
    sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:101)
    sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1067)
    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
    sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    ... 36 more
    Caused by: java.security.InvalidAlgorithmParameterException
    sun.security.ec.ECDHKeyAgreement.deriveKey(Native Method)
    sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:130)
    ... 46 more
    java.security.ProviderException: Could not derive key

有趣的是,如果我使用Java 1.8执行相同的代码作为独立代码,它可以正常工作。

在Wildfly 9中部署代码后,问题开始发生.Wildfly 9在Java 1.8上运行,与工作独立版本完全相同。所以,我不认为它是一个java问题,更多的是Wildfly问题。

我尝试在Standalone和wildfly上比较-Djavax.net.debug = all。以下是来自wildfly部署代码的片段。

    [0m[0m13:35:26,100 INFO  [stdout] (default task-2) *** ECDHClientKeyExchange
    [0m[0m13:35:26,104 INFO  [stdout] (default task-2) ECDH Public value:  { 4, 43, 99, 163, 253, 189, 137, 10, 221, 205, 19, 183, 173, 128, 171, 32, 35, 249, 144, 154, 197, 102, 78, 161, 23, 240, 209, 125, 129, 106, 224, 33, 219, 6, 207, 105, 238, 187, 181, 124, 194, 13, 0, 223, 88, 212, 101, 163, 19, 119, 41, 100, 36, 79, 235, 57, 65, 112, 71, 194, 43, 36, 244, 78, 174 }
    [0m[0m13:35:26,104 INFO  [stdout] (default task-2) [write] MD5 and SHA1 hashes:  len = 70
    [0m[0m13:35:26,106 INFO  [stdout] (default task-2) 0000: 10 00 00 42 41 04 2B 63   A3 FD BD 89 0A DD CD 13  ...BA.+c........
    [0m[0m13:35:26,108 INFO  [stdout] (default task-2) 0010: B7 AD 80 AB 20 23 F9 90   9A C5 66 4E A1 17 F0 D1  .... #....fN....
    [0m[0m13:35:26,110 INFO  [stdout] (default task-2) 0020: 7D 81 6A E0 21 DB 06 CF   69 EE BB B5 7C C2 0D 00  ..j.!...i.......
    [0m[0m13:35:26,111 INFO  [stdout] (default task-2) 0030: DF 58 D4 65 A3 13 77 29   64 24 4F EB 39 41 70 47  .X.e..w)d$O.9ApG
    [0m[0m13:35:26,112 INFO  [stdout] (default task-2) 0040: C2 2B 24 F4 4E AE                                  .+$.N.
    [0m[0m13:35:26,113 INFO  [stdout] (default task-2) default task-2, WRITE: TLSv1 Handshake, length = 70
    [0m[0m13:35:26,113 INFO  [stdout] (default task-2) [Raw write]: length = 75
    [0m[0m13:35:26,115 INFO  [stdout] (default task-2) 0000: 16 03 01 00 46 10 00 00   42 41 04 2B 63 A3 FD BD  ....F...BA.+c...
    [0m[0m13:35:26,116 INFO  [stdout] (default task-2) 0010: 89 0A DD CD 13 B7 AD 80   AB 20 23 F9 90 9A C5 66  ......... #....f
    [0m[0m13:35:26,118 INFO  [stdout] (default task-2) 0020: 4E A1 17 F0 D1 7D 81 6A   E0 21 DB 06 CF 69 EE BB  N......j.!...i..
    [0m[0m13:35:26,120 INFO  [stdout] (default task-2) 0030: B5 7C C2 0D 00 DF 58 D4   65 A3 13 77 29 64 24 4F  ......X.e..w)d$O
    [0m[0m13:35:26,121 INFO  [stdout] (default task-2) 0040: EB 39 41 70 47 C2 2B 24   F4 4E AE                 .9ApG.+$.N.
    [0m[0m13:35:26,138 INFO  [stdout] (default task-2) default task-2, handling exception: java.security.ProviderException: Could not derive key
    [0m[0m13:35:26,138 INFO  [stdout] (default task-2) %% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
    [0m[0m13:35:26,139 INFO  [stdout] (default task-2) default task-2, SEND TLSv1 ALERT:  fatal, description = internal_error
    [0m[0m

13:35:26,139 INFO  [stdout] (default task-2) default task-2, WRITE: TLSv1 Alert, length = 2
[0m[0m13:35:26,139 INFO  [stdout] (default task-2) [Raw write]: length = 7
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) 0000: 15 03 01 00 02 02 50                               ......P
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) default task-2, called closeSocket()
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) default task-2, called close()
[0m[0m13:35:26,141 INFO  [stdout] (default task-2) default task-2, called closeInternal(true)
[0m[31m13:35:26,142 ERROR [stderr] (default task-2) javax.net.ssl.SSLException: java.security.ProviderException: Could not derive key

我已尝试应用在线提及的所有修复程序,但问题仍然存在。任何指针/帮助将非常感激。感谢。

2 个答案:

答案 0 :(得分:2)

经过多次诊断,我能够解决这个问题。

在我目前的环境中,我在wildfly 9之上运行ColdFusion。上面的特定代码是从ColdFusion页面中调用的。我发现COldFusion的默认安全提供程序JsafeJCE就是问题所在。所以,我删除了" JsafeJCE"提供者和代码执行就像一个魅力。

使用下面的代码删除JsafeJCE:

<cfobject type="Java" class="java.security.Security" name="providerObj">;
<cfscript>providerObj.removeProvider("JsafeJCE");</cfscript>

摘要 - ColdFusion安装提供了安全提供程序的问题。

答案 1 :(得分:0)

我也曾遇到过这个错误。我们尝试切换java版本,但它没有帮助。原来这个错误是由一个不同的项目引起的,该项目部署在同一台服务器上。也许它启用了一些特殊的SSL配置。