java.security.InvalidKeyException:无效的密钥格式

时间:2018-07-23 13:49:16

标签: amazon-web-services amazon-cloudfront private-key

String distributionDomain = "d21geuebylb7j1.cloudfront.net";
    String privateKeyFilePath = "/Users/Desktop/rsa-private-key.der";
    String s3ObjectKey = "small.mp4";
    String policyResourcePath = "http://" + distributionDomain + "/" + s3ObjectKey;
    System.out.println(privateKeyFilePath);
    byte[] derPrivateKey = null;

我正在尝试为我的Cloudfront发行版签名的URL,但是我收到无效的密钥错误。我的rsa-private-key.der文件出现问题。如Cloudfront文档中所述,我已经从pem文件制作了此文件。 以下是我的错误日志:

Exception in thread "main" org.jets3t.service.CloudFrontServiceException: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
    at org.jets3t.service.CloudFrontService.signUrlCanned(CloudFrontService.java:2148)
    at test.SignedURL.main(SignedURL.java:74)
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
    at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:216)
    at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390)
    at org.jets3t.service.security.EncryptionUtil.signWithRsaSha1(EncryptionUtil.java:526)
    at org.jets3t.service.CloudFrontService.signUrlCanned(CloudFrontService.java:2133)
    ... 1 more
Caused by: java.security.InvalidKeyException: invalid key format
    at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:330)
    at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
    at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)
    at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
    at java.base/sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:315)
    at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:212)
    ... 4 more

1 个答案:

答案 0 :(得分:1)

我遇到了同样的问题,这解决了我的问题。

您可以尝试以下方法:

public enum CloudFrontUrlSigner
extends Enum<CloudFrontUrlSigner>
Utility class for generating pre-signed URLs for serving private CloudFront content. All dates must be in UTC. Use Calendar to set the timezone specifically before converting to a Date object, or else use DateUtils to turn a UTC date String into a Date object.
 Protocol protocol = Protocol.http;
 String distributionDomain = "d1b2c3a4g5h6.cloudfront.net";
 File privateKeyFile = new File("/path/to/cfcurlCloud/rsa-private-key.pem");
 String s3ObjectKey = "a/b/images.jpeg";
 String keyPairId = "APKAJCEOKRHC3XIVU5NA";
 Date dateLessThan = DateUtils.parseISO8601Date("2012-11-14T22:20:00.000Z");
 Date dateGreaterThan = DateUtils.parseISO8601Date("2011-11-14T22:20:00.000Z");
 String ipRange = "192.168.0.1/24";

 String url1 = CloudFrontUrlSigner.getSignedURLWithCannedPolicy(
              protocol, distributionDomain, privateKeyFile,
              s3ObjectKey, keyPairId, dateLessThan);

 String url2 = CloudFrontUrlSigner.getSignedURLWithCustomPolicy(
              protocol, distributionDomain, privateKeyFile,
              s3ObjectKey, keyPairId, dateLessThan,
              dateGreaterThan, ipRange);

这是AWS文档的链接:https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloudfront/CloudFrontUrlSigner.html