那些遇到过的问题

KeyStore.load()失败,显示“无效的密钥库格式”

Ama*_*ace 5 java keystore

在执行keystore.load()方法时,以下代码每次都会失败,并带有IOException“无效的密钥库格式”。已成功从.jar文件加载该文件。在Windows 10专业版上使用Java 1.8。Maven用于编译和组装jar文件,然后一起进行war并作为war文件部署到JBOSS服务器。我已经尝试过.getInstance和getDefault(),并且有同样的错误。

InputStream stream;
stream = Thread.currentThread().getContextClassLoader()
    .getResourceAsStream("cacerts.jks");
if (stream == null) {
    stream = CustomTrustManager.class.getClassLoader()
        .getResourceAsStream("cacerts.jks");
}
if(stream == null) {
    Log.error("Unable to load cacerts.jks. This is needed to make HTTPS connections to internal servers.");
    throw new NotFoundException();
}

KeyStore myTrustStore = KeyStore.getInstance("JKS");
myTrustStore.load(stream, "xxxxx".toCharArray());
Run Code Online (Sandbox Code Playgroud)

使用以下命令从自签名服务器证书“ server1.crt”文件生成“ cacerts.jks”文件:

keytool -v -import -alias devserver -file server1.crt -keystore cacerts.jks
Run Code Online (Sandbox Code Playgroud)

这成功完成,并命令:

keytool -list -keystore cacerts.jks
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

devserver, Aug 15, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): F6:7F:C9:95:0E:B8:59:07:24:23:67:93:43:B2:C9:AA:CD:5B:AF:68
Run Code Online (Sandbox Code Playgroud)

显示密钥库文件没有问题。我已经扫描了许多StackOverflow文章,但是没有一篇文章指出该问题的解决方案。在调试模式下,资源加载后,InputStream具有以下格式。我假设从.jar文件加载ZipFile类型是正常的。

在此处输入图片说明

感谢您对如何成功加载密钥库文件的任何见解。谢谢

下面的StackTrace:

2019-08-18 17:00:53,038 ERROR service.CustomTrustManager (CustomTrustManager.java:59) [default task-2] - KeyStore failed to laod
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:1.8.0_161]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:1.8.0_161]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_161]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:1.8.0_161]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_161]
at cinfin.thirdparty.service.CustomTrustManager.<init>(CustomTrustManager.java:57) [ThirdPartyWSCore-1.13.0.jar:1.13.0]
at cinfin.thirdparty.riskmeter.service.RiskMeterClientService.configureSSL(RiskMeterClientService.java:125) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.service.RiskMeterClientService.getHttpClient(RiskMeterClientService.java:103) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.service.RiskMeterClientService.getRiskMeterData(RiskMeterClientService.java:87) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.bo.RiskMeterBo.getRiskMeterData(RiskMeterBo.java:50) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.ws.RiskMeterService.getRiskMeterData(RiskMeterService.java:18) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:84) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at cinfin.thirdparty.metering.bo.MeteringAspectImpl.performVendorCall(MeteringAspectImpl.java:64) [ThirdPartyWSCore-1.13.0.jar:1.13.0]
at cinfin.thirdparty.metering.bo.MeteringAspectImpl.aroundMeteredAnnotationAdvice(MeteringAspectImpl.java:33) [ThirdPartyWSCore-1.13.0.jar:1.13.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:627) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:616) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at com.sun.proxy.$Proxy206.getRiskMeterData(Unknown Source) [?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:189) [cxf-rt-frontend-jaxrs-3.1.10.jar:3.1.10]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99) [cxf-rt-frontend-jaxrs-3.1.10.jar:3.1.10]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:223) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar!/:1.0.0.Final-redhat-1]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) [wildfly-undertow-7.0.9.GA-redhat-3.jar!/:7.0.9.GA-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) [wildfly-undertow-7.0.9.GA-redhat-3.jar!/:7.0.9.GA-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:324) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:803) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
Run Code Online (Sandbox Code Playgroud)

Omi*_*ron 6

二进制 JKS 文件可能被 Maven 资源插件过滤,这导致文件损坏,这是一个非常常见的问题:

构建期间复制到 Java 资源目录时 Maven 损坏了 WAV 文件

构建 jar 时 Maven 损坏了 source/main/resources 中的二进制文件

移动到资源文件夹时生成的证书停止工作

二进制文件基本上被视为文本文件,因此 jar 中的文件以 UTF-8 字符 ( 0xEFBFBDEFBFBD) 开头,而不是 JKS 的幻数 ( 0xFEEDFEED) 。

资源插件文档包含明确的警告:

不要过滤具有二进制内容(例如图像)的文件!这很可能会导致输出损坏。

可能的解决方案是:

  • 将资源文件夹拆分为已过滤的文件夹和未过滤的文件夹(请参阅此处
  • 全局禁用对扩展名为 .jks 的文件的过滤(请参阅此处

kri*_*aex -1

免责声明:这还不是完整的答案,但我需要一个与OP讨论的工具。如果这不能解决问题,我将再次删除答案。

我在 POJO 中复制了您的情况,如下所示:

$ openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out MyCertificate.crt -keyout MyKey.key
(answer all questions with RETURN = accept defaults)

$ keytool -v -import -alias devserver -file MyCertificate.crt -keystore src/main/resources/cacerts.jks -storetype JKS
Enter keystore password:  testtest
Re-enter new password: testtest
(...)
Trust this certificate? [no]:  yes
Certificate was added to keystore
[Storing src/main/resources/cacerts.jks]

$ keytool -list -keystore src/main/resources/cacerts.jks
Enter keystore password:  testtest
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

devserver, 24.08.2019, trustedCertEntry,
Certificate fingerprint (SHA-256): A2:E1:49:FB:9C:26:6B:8A:21:45:A4:AA:F4:86:A0:A7:82:B8:08:BE:75:A6:BF:E8:F5:13:9E:31:23:8E:B0:71
Run Code Online (Sandbox Code Playgroud)

现在在 Maven JAR 模块中创建一个类,类似于 OP 显示的代码:

package de.scrum_master.stackoverflow;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;

public class CustomTrustManager {
  public static void main(String[] args) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
    InputStream stream;
    stream = Thread.currentThread().getContextClassLoader().getResourceAsStream("cacerts.jks");
    System.out.println(stream);
    if (stream == null) {
      stream = CustomTrustManager.class.getClassLoader().getResourceAsStream("cacerts.jks");
    }
    if(stream == null) {
      System.out.println("Unable to load cacerts.jks. This is needed to make HTTPS connections to internal servers.");
      throw new RuntimeException("Keystore not found");
    }

    KeyStore myTrustStore = KeyStore.getInstance("JKS");
    myTrustStore.load(stream, "testtest".toCharArray());
    System.out.println("Keystore loaded");
  }
}
Run Code Online (Sandbox Code Playgroud)

现在构建项目并mvn clean package运行它:

$ java -cp target/my-sample-1.0-SNAPSHOT.jar de.scrum_master.stackoverflow.CustomTrustManager
sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream@3d4eac69
Keystore loaded
Run Code Online (Sandbox Code Playgroud)

所以基本上你的方法应该有效。如果没有,则可以连接到

  • 类加载(但我不这么认为,因为密钥存储似乎找到得很好),
  • 我在你的调用堆栈中看到的 AspectJ (或者更确切地说只是 Spring AOP)东西(也不太可能),
  • 您自己的自定义信任管理器或您的“风险计”类所做的任何事情。

请检查您在应用程序中使用的完全相同的密钥库是否可以像我的示例一样在简单的 JAR 中工作,没有容器或其他花哨的东西。如果是这样,您就知道问题不在于您的密钥存储。

那么请在这里提供一些反馈。

  • 您创建了一个 **PKCS12**(不是 JKS)密钥库,即使您将其命名为“.jks”,也可能是使用 Java 9 或更高版本的“keytool”。然后你尝试将其读取为 JKS,这应该而且确实失败了。这里的其他一切都无关紧要。 (3认同)

归档时间:

查看次数:

311 次

最近记录:

6 年,2 月 前
生成的证书在移动到资源文件夹时停止工作 14
Maven 在构建 jar 时损坏 src/main/resources 中的二进制文件 7
更多相关链接
相关归档
为什么更改总和顺序会返回不同的结果? 294
Java中的标记接口? 129
如何从字符串中提取数字并获得一组int? 102
字符串的Jdbctemplate查询:EmptyResultDataAccessException:结果大小不正确:预期1,实际0 99
如何在类路径中使用通配符添加多个jar? 95
如何在适配器中启动Activity? 67
如何在java中设置日期对象的时间 60
如何使用Java 8 Optionals,如果三者都存在则执行操作? 54
如何使用-Xlint编译:在Maven项目中取消选中? 53
是否可以在Java中合并迭代器? 44
难疑归档
如何制作一系列功能装饰器? 2647
是否有唯一的Android设备ID? 2645
比较Git中的两个分支? 2149
带请求正文的HTTP GET 1896
如何按字典值对字典列表进行排序? 1722
C#在foreach中重用变量是否有原因? 1631
你如何在YAML中阻止评论? 1272
检查Bash shell脚本中是否存在输入参数 1223
如何检查字符串是否包含Objective-C中的另一个字符串? 1200
按属性排序自定义对象的ArrayList 1093