PAN*_*PAN 8 java ssl ssl-certificate
我有一个服务器端代码加载密钥库的应用程序 -
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyStoreFile), "password".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "privatepassword".toCharArray());
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(kmf.getKeyManagers(), null, null);
当我在密钥库中只有一个私钥时,这很好用.当我向密钥库添加另一个私钥(使用不同的密码)时,我收到了此错误
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
然后我尝试创建一个自定义keymanager,如下面的链接中所指定
@Bruno我尝试了你给出的建议.然而,这不起作用.我的定制密钥管理器工厂看起来像这样 -
class CustomKeyManager implements X509KeyManager {
private final KeyStore ks;
private final String alias;
public CustomKeyManager(KeyStore ks, String alias) {
this.ks = ks;
this.alias = alias;
}
@Override
public String[] getClientAliases(String paramString,
Principal[] paramArrayOfPrincipal) {
return new String[]{alias};
}
@Override
public String chooseClientAlias(String[] paramArrayOfString,
Principal[] paramArrayOfPrincipal, Socket paramSocket) {
// TODO Auto-generated method stub
return alias;
}
@Override
public String[] getServerAliases(String paramString,
Principal[] paramArrayOfPrincipal) {
// TODO Auto-generated method stub
return new String[] {alias};
}
@Override
public String chooseServerAlias(String paramString,
Principal[] paramArrayOfPrincipal, Socket paramSocket) {
// TODO Auto-generated method stub
return alias;
}
@Override
public X509Certificate[] getCertificateChain(String paramString) {
// TODO Auto-generated method stub
return null;
}
@Override
public PrivateKey getPrivateKey(String paramString) {
PrivateKey pk = null;
try { //have hardcoded this to the key i am working with
pk = (PrivateKey) ks.getKey("mykey", "privatepassword".toCharArray());
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return pk;
}
}
在我创建一个CustomKeyManager对象后,如果我调用getPrivateKey,我得到一个非null私钥 -
孙RSA私人CRT键,1024位模数:117260821110864021601500037071432398877761428124640545232618906306796101075244931231861318133902594657774603548686479580347869030216483422242066483203953111970007516384847036243243010603169399491545560497255823475630452314709747201644535089867367118834303975042348737995500693672037616900410158764770570813729 .......
这告诉我,我的getPrivateKey正在工作.
我以下面的方式使用CustomKeyManager
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyStoreFile), "password".toCharArray());
SSLContext sslCtx = SSLContext.getInstance("TLS");
CustomKeyManager ck = new CustomKeyManager(ks, "mykey");
KeyManager[] kms = new KeyManager[1];
kms[0] = ck;
System.out.println(ck.getPrivateKey("mykey")); //returns a non null value
sslCtx.init(kms , null, null); //throws an exception
我得到的例外是
javax.net.ssl.SSLHandshakeException:没有共同的密码套件
我创建和使用CustomKeyManager的方式是否有错误.另一件值得关注的事情是,如果我将断点设置为CustomKeyManager中的所有方法入口点,则不会命中它们.
Bru*_*uno 10
你UnrecoverableKeyException因为的KeyManager没有使用正确的密码发生.如您所说,您的两个私钥使用不同的密码.您链接到的代码在这里没有帮助,因为它只是包装现有的keymanager的行为,您只使用两个密码中的一个初始化.
如果您确实想要使用两个不同的密码,则需要getPrivateKey(String alias)在自定义中X509KeyManager实现以将此考虑在内.特别是,它必须KeyStore使用每个别名的正确密码从您的实例加载密钥(请参阅参考资料getKey(String alias, char[] password)).
| 归档时间: |
|
| 查看次数: |
35723 次 |
| 最近记录: |