我已经使用Openssl模块创建了.crt和.key文件,并尝试将这些证书保存到使用pyjks模块创建的Java密钥库中。 我能够保存它们,但是在密钥库中列出证书时遇到以下错误:
Error:
keytool error: java.security.cert.CertificateParsingException: signed fields invalid
java.security.cert.CertificateParsingException: signed fields invalid
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1791)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:755)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.tools.keytool.Main.doCommands(Main.java:839)
at sun.security.tools.keytool.Main.run(Main.java:368)
at sun.security.tools.keytool.Main.main(Main.java:361)
我的代码,用于创建证书,密钥库并将证书保存在密钥库中
def save_to_keystore(keystore_name,keystore_password=constants.keystore_pwd,
155 store_entry=None):
156
157 ks = jks.KeyStore.load(keystore_name, keystore_password)
158 if isinstance(store_entry,str):
159 store_entry = [store_entry]
160 for entry in store_entry:
161 print entry
162 alias = os.path.basename(entry) + "_alias"
163 try:
164 new_entry = jks.TrustedCertEntry.new(alias, open(entry, 'rb').read())
165 ks.entries[alias]=new_entry
166 except:
167 print_err("Failed to add new entry")
168 ks.save(keystore_name, keystore_password)
144 def generate_java_keystore(keystore_name,keystore_password=constants.keystore_pwd,store_entry=[]):
145 try:
146 ks = jks.KeyStore.new('jks',store_entry)
147 ks.save(keystore_name,keystore_password)
148 return keystore_name
149 except:
150 print_err("Failed keystore with same name exists")
151 raise
和密钥创建是从以下引用: How do I create and sign certificates with Python's pyOpenSSL?