我正在学习Bouncycastle并面临一些问题。 是否可以组合多个安全提供程序,例如我已经修改了我的java.security:
security.provider.11=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.12=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.13=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
然后在我的服务器端写了:
...
SSLContext sslContext = SSLContext.getInstance("TLS", "BCJSSE");
KeyManagerFactory keyMgrFact = KeyManagerFactory.getInstance(
"PKIX", "BCJSSE");
keyMgrFact.init(Utils.createServerKeyStore(), Utils.SERVER_PASSWORD);
...
它会引发错误:
public static KeyPair generateRootKeyPair()
throws Exception {
KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
return new KeyPair(
kFact.generatePublic(new X509EncodedKeySpec(rootPublicKey)),
kFact.generatePrivate(new PKCS8EncodedKeySpec(rootPrivateKey)));
}
错误消息:
Exception in thread "main" java.lang.NoSuchFieldError: id_hmacWithSHA3_224
at org.bouncycastle.jcajce.provider.digest.SHA3$Mappings.configure(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:221)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
at sun.security.jca.GetInstance.getService(GetInstance.java:81)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.KeyFactory.getInstance(KeyFactory.java:211)
at Utils.generateRootKeyPair(Utils.java:103)
at Utils.createRootCredential(Utils.java:199)
at Utils.createServerKeyStore(Utils.java:273)
at TLSServerExample.main(TLSServerExample.java:19)
我已经研究了几天,我认为这个问题的原因是包之间存在一些冲突:
bc-fips-1.0.0
bcprov-jdk15on-158.jar
bctls-fips-1.0.2.jar
如何解决这个问题? Thx in advancee!
答案 0 :(得分:0)
我和bouncycastle有类似的错误,我的情况不匹配或其版本
答案 1 :(得分:0)
主要是因为在您的应用程序启动时,将根据Java中的类加载顺序来加载旧版本的Bouncy Castle类。
启动https://stackoverflow.com/a/6686792时,您可以通过在命令行中添加-verbose:class
来检查从哪个jar充气城堡类加载对象。它会打印很多行,因此您必须搜索bcp,com.bouncycastle等术语。
对我来说,这是因为java lib目录(/ path / to / java / jdk / jre / lib / ext /)中存在与充气城堡相关的jar。如果使用的是Linux,请转到/ path / to / java / jdk / jre /并在终端上运行以下命令。
find . -type f -name "*.jar*" | grep bcp
这将告诉我们是否存在充气城堡罐子。 如果存在,您将在下面看到输出
./lib/ext/bcprov-jdk15on-1.50.jar
您可以升级或删除它(如果它不影响同一框上的您/其他服务)