我有Java环境Java 7,我无法根据客户的要求将Java版本升级到8。
我需要连接支持TLSv1.2的网址,因此我启用了-Dhttps.protocols=TLSv1.2,-Djavax.net.ssl.trustStore=<keystoreFilePath>和-Djavax.net.ssl.trustStorePassword=<password>
我得到了以下异常:
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1054)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:341)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.NoSuchAlgorithmException: SHA224withRSA Signature not available
at java.security.Signature.getInstance(Signature.java:224)
at sun.security.ssl.JsseJce.getSignature(JsseJce.java:241)
at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1552)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1049)
我已经针对已经面临的问题提供了解决方案,但是所有需要升级到Java版本的解决方案(当然,我已经检查了那些不包含SHA224withRSA签名的提供商提供的所有签名)。
供参考:
SUN version 1.7
Alg.Alias.Signature.SHA1/DSA
Alg.Alias.Signature.1.2.840.10040.4.3
Alg.Alias.Signature.DSS
SecureRandom.SHA1PRNG ImplementedIn
KeyStore.JKS
Alg.Alias.MessageDigest.SHA-1
MessageDigest.SHA
KeyStore.CaseExactJKS
CertStore.com.sun.security.IndexedCollection ImplementedIn
Alg.Alias.Signature.DSA
KeyFactory.DSA ImplementedIn
KeyStore.JKS ImplementedIn
AlgorithmParameters.DSA ImplementedIn
Signature.NONEwithDSA
Alg.Alias.CertificateFactory.X509
CertStore.com.sun.security.IndexedCollection
Provider.id className
Alg.Alias.Signature.SHA-1/DSA
CertificateFactory.X.509 ImplementedIn
Signature.SHA1withDSA KeySize
KeyFactory.DSA
CertPathValidator.PKIX ImplementedIn
Configuration.JavaLoginConfig
Alg.Alias.Signature.OID.1.2.840.10040.4.3
Alg.Alias.KeyFactory.1.2.840.10040.4.1
MessageDigest.MD5 ImplementedIn
Alg.Alias.Signature.RawDSA
Provider.id name
Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1
CertPathBuilder.PKIX ValidationAlgorithm
Policy.JavaPolicy
Alg.Alias.AlgorithmParameters.1.3.14.3.2.12
Alg.Alias.Signature.SHA/DSA
Alg.Alias.KeyPairGenerator.1.3.14.3.2.12
MessageDigest.SHA-384
Signature.SHA1withDSA ImplementedIn
AlgorithmParameterGenerator.DSA
Signature.NONEwithDSA SupportedKeyClasses
MessageDigest.SHA-512
CertPathBuilder.PKIX
Alg.Alias.Signature.1.3.14.3.2.27
CertPathBuilder.PKIX ImplementedIn
Provider.id version
AlgorithmParameters.DSA
Signature.SHA1withDSA SupportedKeyClasses
CertStore.Collection
AlgorithmParameterGenerator.DSA ImplementedIn
KeyPairGenerator.DSA KeySize
CertStore.LDAP
CertificateFactory.X.509
SecureRandom.NativePRNG
CertStore.LDAP LDAPSchema
CertStore.LDAP ImplementedIn
KeyPairGenerator.DSA ImplementedIn
CertPathValidator.PKIX ValidationAlgorithm
CertStore.Collection ImplementedIn
Alg.Alias.Signature.1.3.14.3.2.13
CertPathValidator.PKIX
Alg.Alias.MessageDigest.SHA1
AlgorithmParameterGenerator.DSA KeySize
SecureRandom.SHA1PRNG
Signature.SHA1withDSA
Alg.Alias.KeyFactory.1.3.14.3.2.12
KeyPairGenerator.DSA
MessageDigest.SHA ImplementedIn
Provider.id info
Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1
Alg.Alias.Signature.SHAwithDSA
MessageDigest.MD5
Alg.Alias.Signature.DSAWithSHA1
MessageDigest.SHA-256
Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1
MessageDigest.MD2
SunRsaSign version 1.7
Alg.Alias.Signature.OID.1.2.840.113549.1.1.4
Alg.Alias.Signature.OID.1.2.840.113549.1.1.2
Alg.Alias.KeyFactory.1.2.840.113549.1.1
Signature.SHA512withRSA SupportedKeyClasses
Provider.id version
Signature.MD5withRSA SupportedKeyClasses
Alg.Alias.Signature.1.2.840.113549.1.1.13
KeyPairGenerator.RSA
Alg.Alias.Signature.1.2.840.113549.1.1.12
Alg.Alias.Signature.1.2.840.113549.1.1.11
KeyFactory.RSA
Alg.Alias.Signature.1.3.14.3.2.29
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1
Signature.MD2withRSA
Signature.SHA384withRSA
Signature.MD5withRSA
Provider.id info
Signature.SHA1withRSA SupportedKeyClasses
Signature.SHA1withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.5
Signature.SHA256withRSA
Alg.Alias.Signature.1.2.840.113549.1.1.4
Provider.id className
Alg.Alias.Signature.OID.1.2.840.113549.1.1.13
Alg.Alias.Signature.OID.1.2.840.113549.1.1.12
Alg.Alias.Signature.1.2.840.113549.1.1.2
Alg.Alias.Signature.OID.1.2.840.113549.1.1.11
Signature.MD2withRSA SupportedKeyClasses
Provider.id name
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1
Signature.SHA384withRSA SupportedKeyClasses
Signature.SHA512withRSA
Signature.SHA256withRSA SupportedKeyClasses
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1
SunEC version 1.7
KeyFactory.EC
Signature.SHA1withECDSA ImplementedIn
Provider.id version
KeyPairGenerator.EC ImplementedIn
Signature.SHA1withECDSA SupportedKeyClasses
AlgorithmParameters.EC
Signature.SHA512withECDSA SupportedKeyClasses
KeyAgreement.ECDH
Alg.Alias.KeyPairGenerator.EllipticCurve
KeyAgreement.ECDH ImplementedIn
Signature.NONEwithECDSA SupportedKeyClasses
Signature.SHA256withECDSA
Alg.Alias.AlgorithmParameters.EllipticCurve
KeyPairGenerator.EC
AlgorithmParameters.EC SupportedCurves
Signature.SHA512withECDSA ImplementedIn
Signature.SHA384withECDSA SupportedKeyClasses
Signature.NONEwithECDSA
Provider.id info
Signature.SHA512withECDSA
Alg.Alias.KeyFactory.EllipticCurve
AlgorithmParameters.EC ImplementedIn
Signature.NONEwithECDSA ImplementedIn
Provider.id className
Signature.SHA384withECDSA ImplementedIn
KeyFactory.EC ImplementedIn
Signature.SHA256withECDSA ImplementedIn
AlgorithmParameters.EC KeySize
KeyPairGenerator.EC KeySize
Provider.id name
Signature.SHA256withECDSA SupportedKeyClasses
Signature.SHA1withECDSA
Signature.SHA384withECDSA
KeyAgreement.ECDH SupportedKeyClasses
Signature.SHA1withECDSA KeySize
SunJSSE version 1.7
Signature.MD5andSHA1withRSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.2
Alg.Alias.KeyManagerFactory.PKIX
Provider.id name
KeyManagerFactory.NewSunX509
Alg.Alias.Signature.OID.1.3.14.3.2.29
Signature.MD2withRSA
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1
Provider.id version
KeyManagerFactory.SunX509
KeyFactory.RSA
TrustManagerFactory.SunX509
Alg.Alias.TrustManagerFactory.X.509
SSLContext.TLSv1.2
SSLContext.TLSv1.1
Signature.MD5withRSA
Alg.Alias.SSLContext.SSLv3
Alg.Alias.SSLContext.SSL
KeyStore.PKCS12
Alg.Alias.TrustManagerFactory.SunPKIX
Alg.Alias.SSLContext.TLS
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1
SSLContext.Default
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1
Provider.id info
Signature.SHA1withRSA
TrustManagerFactory.PKIX
SSLContext.TLSv1
Alg.Alias.Signature.1.3.14.3.2.29
Alg.Alias.Signature.1.2.840.113549.1.1.5
Alg.Alias.TrustManagerFactory.X509
Provider.id className
Alg.Alias.Signature.1.2.840.113549.1.1.4
Alg.Alias.KeyFactory.1.2.840.113549.1.1
Alg.Alias.Signature.1.2.840.113549.1.1.2
KeyPairGenerator.RSA
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5
Alg.Alias.Signature.OID.1.2.840.113549.1.1.4
SunJCE version 1.7
Cipher.Blowfish SupportedKeyFormats
AlgorithmParameters.DESede
AlgorithmParameters.DES
Cipher.DES SupportedPaddings
AlgorithmParameters.Blowfish
Cipher.DESedeWrap SupportedKeyFormats
Alg.Alias.KeyAgreement.1.2.840.113549.1.3.1
AlgorithmParameterGenerator.DiffieHellman
Cipher.RSA SupportedPaddings
Alg.Alias.Cipher.TripleDES
Cipher.ARCFOUR SupportedModes
Mac.SslMacSHA1 SupportedKeyFormats
KeyGenerator.DES
Provider.id version
KeyGenerator.DESede
Alg.Alias.SecretKeyFactory.PBE
Alg.Alias.KeyFactory.1.2.840.113549.1.3.1
Mac.HmacSHA1
Cipher.PBEWithMD5AndDES
Cipher.AES SupportedModes
Cipher.AESWrap SupportedModes
SecretKeyFactory.DESede
KeyGenerator.SunTlsKeyMaterial
AlgorithmParameters.OAEP
Cipher.AES SupportedKeyFormats
AlgorithmParameters.RC2
AlgorithmParameters.PBE
Alg.Alias.KeyPairGenerator.DH
Alg.Alias.KeyAgreement.OID.1.2.840.113549.1.3.1
Cipher.AES
KeyGenerator.RC2
Mac.HmacSHA512
Provider.id info
Cipher.AES SupportedPaddings
Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.12.1.6
Cipher.Blowfish SupportedPaddings
Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.12.1.3
Alg.Alias.KeyGenerator.SunTls12KeyMaterial
KeyStore.JCEKS
Cipher.Blowfish SupportedModes
Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12
Mac.HmacSHA384 SupportedKeyFormats
Cipher.DESedeWrap
Cipher.ARCFOUR SupportedPaddings
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.3.1
Cipher.PBEWithMD5AndTripleDES
Alg.Alias.Cipher.1.2.840.113549.1.12.1.6
Alg.Alias.Cipher.1.2.840.113549.1.12.1.3
Mac.HmacSHA256 SupportedKeyFormats
Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret
Alg.Alias.AlgorithmParameterGenerator.1.2.840.113549.1.3.1
Cipher.PBEWithSHA1AndDESede
Alg.Alias.KeyGenerator.SunTls12MasterSecret
SecretKeyFactory.PBEWithMD5AndDES
KeyPairGenerator.DiffieHellman
Cipher.RC2 SupportedModes
Alg.Alias.AlgorithmParameters.Rijndael
KeyAgreement.DiffieHellman SupportedKeyClasses
Mac.HmacMD5 SupportedKeyFormats
KeyGenerator.SunTlsRsaPremasterSecret
Cipher.AESWrap SupportedKeyFormats
SecretKeyFactory.DES
Cipher.AESWrap SupportedPaddings
Provider.id name
KeyGenerator.HmacSHA512
Mac.HmacSHA256
Cipher.ARCFOUR SupportedKeyFormats
Cipher.DES SupportedModes
Cipher.RSA SupportedKeyClasses
SecretKeyFactory.PBEWithMD5AndTripleDES
Cipher.PBEWithSHA1AndRC2_40
AlgorithmParameters.DiffieHellman
Mac.HmacMD5
Cipher.RSA
Mac.SslMacMD5
Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.5.3
Cipher.DESede SupportedPaddings
Alg.Alias.AlgorithmParameterGenerator.OID.1.2.840.113549.1.3.1
Cipher.DESede
Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.3.1
Alg.Alias.AlgorithmParameters.1.2.840.113549.1.5.3
Mac.HmacSHA512 SupportedKeyFormats
Mac.HmacPBESHA1 SupportedKeyFormats
Alg.Alias.AlgorithmParameterGenerator.DH
Cipher.DESedeWrap SupportedPaddings
Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.5.12
Alg.Alias.AlgorithmParameters.1.2.840.113549.1.3.1
Mac.HmacPBESHA1
Cipher.DES SupportedKeyFormats
AlgorithmParameters.PBEWithMD5AndTripleDES
Cipher.DESedeWrap SupportedModes
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.3.1
Alg.Alias.Cipher.OID.1.2.840.113549.1.5.3
AlgorithmParameters.AES
Alg.Alias.AlgorithmParameters.TripleDES
Alg.Alias.SecretKeyFactory.TripleDES
KeyGenerator.HmacSHA256
Alg.Alias.KeyGenerator.TripleDES
Alg.Alias.AlgorithmParameters.DH
KeyGenerator.AES
Cipher.RC2 SupportedPaddings
Alg.Alias.Cipher.RC4
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.3.1
Mac.HmacSHA384
SecretKeyFactory.PBKDF2WithHmacSHA1
Provider.id className
Cipher.DES
Cipher.Blowfish
KeyGenerator.SunTlsMasterSecret
KeyGenerator.HmacSHA1
Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.3
KeyGenerator.SunTlsPrf
SecretKeyFactory.PBEWithSHA1AndDESede
KeyGenerator.ARCFOUR
Alg.Alias.KeyAgreement.DH
Alg.Alias.KeyGenerator.Rijndael
AlgorithmParameters.PBEWithSHA1AndDESede
Alg.Alias.KeyGenerator.RC4
Alg.Alias.Cipher.OID.1.2.840.113549.1.12.1.6
Alg.Alias.Cipher.OID.1.2.840.113549.1.12.1.3
Mac.SslMacMD5 SupportedKeyFormats
Mac.HmacSHA1 SupportedKeyFormats
Cipher.DESede SupportedKeyFormats
Cipher.RC2
KeyGenerator.SunTls12Prf
SecretKeyFactory.PBEWithSHA1AndRC2_40
KeyGenerator.HmacMD5
AlgorithmParameters.PBEWithSHA1AndRC2_40
KeyGenerator.HmacSHA384
Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6
KeyFactory.DiffieHellman
Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3
AlgorithmParameters.PBEWithMD5AndDES
Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6
Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3
Cipher.AESWrap
Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.5.3
Alg.Alias.Cipher.Rijndael
Cipher.RSA SupportedModes
Cipher.DESede SupportedModes
Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.12.1.6
Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.12.1.3
Cipher.ARCFOUR
Alg.Alias.Cipher.1.2.840.113549.1.5.3
Mac.SslMacSHA1
KeyAgreement.DiffieHellman
Cipher.RC2 SupportedKeyFormats
Alg.Alias.KeyFactory.DH
KeyGenerator.Blowfish
SunJGSS version 1.7
GssApiMechanism.1.3.6.1.5.5.2
Provider.id info
Provider.id className
Provider.id version
GssApiMechanism.1.2.840.113554.1.2.2
Provider.id name
SunSASL version 1.7
SaslClientFactory.NTLM
Provider.id className
SaslClientFactory.CRAM-MD5
Provider.id version
SaslClientFactory.EXTERNAL
SaslClientFactory.PLAIN
SaslClientFactory.DIGEST-MD5
SaslServerFactory.NTLM
Provider.id name
SaslClientFactory.GSSAPI
SaslServerFactory.DIGEST-MD5
SaslServerFactory.CRAM-MD5
SaslServerFactory.GSSAPI
Provider.id info
XMLDSig version 1.0
Alg.Alias.TransformService.ENVELOPED
Alg.Alias.TransformService.XSLT
Provider.id name
TransformService.http://www.w3.org/2006/12/xml-c14n11#WithComments
TransformService.http://www.w3.org/TR/1999/REC-xslt-19991116 MechanismType
TransformService.http://www.w3.org/2001/10/xml-exc-c14n#WithComments MechanismType
TransformService.http://www.w3.org/2000/09/xmldsig#base64 MechanismType
TransformService.http://www.w3.org/2006/12/xml-c14n11
TransformService.http://www.w3.org/2002/06/xmldsig-filter2 MechanismType
TransformService.http://www.w3.org/2001/10/xml-exc-c14n# MechanismType
TransformService.http://www.w3.org/TR/1999/REC-xpath-19991116 MechanismType
TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments MechanismType
TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315
Provider.id version
KeyInfoFactory.DOM
Alg.Alias.TransformService.XPATH
TransformService.http://www.w3.org/2000/09/xmldsig#enveloped-signature
Alg.Alias.TransformService.BASE64
TransformService.http://www.w3.org/2006/12/xml-c14n11 MechanismType
Alg.Alias.TransformService.EXCLUSIVE_WITH_COMMENTS
TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315 MechanismType
Provider.id info
TransformService.http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
Alg.Alias.TransformService.INCLUSIVE
Alg.Alias.TransformService.XPATH2
TransformService.http://www.w3.org/2000/09/xmldsig#enveloped-signature MechanismType
TransformService.http://www.w3.org/TR/1999/REC-xslt-19991116
TransformService.http://www.w3.org/TR/1999/REC-xpath-19991116
Alg.Alias.TransformService.EXCLUSIVE
TransformService.http://www.w3.org/2006/12/xml-c14n11#WithComments MechanismType
TransformService.http://www.w3.org/2001/10/xml-exc-c14n#
TransformService.http://www.w3.org/2000/09/xmldsig#base64
XMLSignatureFactory.DOM
TransformService.http://www.w3.org/2002/06/xmldsig-filter2
Provider.id className
TransformService.http://www.w3.org/2001/10/xml-exc-c14n#WithComments
Alg.Alias.TransformService.INCLUSIVE_WITH_COMMENTS
SunPCSC version 1.7
Provider.id info
Provider.id className
Provider.id version
Provider.id name
TerminalFactory.PC/SC
但我无法升级到Java 8,因为客户端的要求不是升级到Java 8。
请在不升级到Java 8的情况下提供解决方案。 提前谢谢。
答案 0 :(得分:1)
我已经检查了java版本(1.7)和&amp ;; (1.8)在我的机器上。我的一个项目运行在jdk 1.7.0_80上,它不支持SHA224withRSA算法,如果您处于相同的情况,那么升级到最新版本的java至少(Java SE 7 Update 131),因为我&#39 ;阅读它应该有与java 8类似的算法。如果没有更新java的选项,那么尝试在pom或jar文件中添加 org.bouncycastle bcprov-jdk15on maven依赖项你的项目&amp;也可以在java代码中添加你在哪里构建SSLContext / HttpClient包含在下面的行:
Security.addProvider(new BouncyCastleProvider());
还尝试安装Java Cryptography Extension(JCE)Unlimited Strength Jurisdiction Policy Files 7,但它对我没有用!!
答案 1 :(得分:0)
如果有人对JAVA 8 + SHA224有疑问。
迁移到Java 8(v101)后,我遇到了相同的错误,因为我的应用程序同时在SunMSCAPI和SHA224中使用私钥。寻找答案我发现降级到8.0.51版可以解决它(可以在小于100的另一个版本中使用)。
原因:启用SunMSCAPI后,他们从默认提供程序中删除了SHA224。 来源:https://bugs.openjdk.java.net/browse/JDK-8064330