收到此错误 - 不支持受公钥保护的 PKCS12
[英]Getting this error - public key protected PKCS12 not supported
问题描述
I'm trying to use java.security.Keystore in scala application
我正在尝试在 scala 应用程序中使用 java.security.Keystore
Below is how my code looks like -下面是我的代码的样子 -
val ks: KeyStore = KeyStore.getInstance("PKCS12")
val keyManagerFactory: KeyManagerFactory = KeyManagerFactory.getInstance("SunX509")
val tmf: TrustManagerFactory = TrustManagerFactory.getInstance("SunX509")
val sslContext: SSLContext = SSLContext.getInstance("TLS")
case Some(password) =>
val pwdChars: Array[Char] = password.toCharArray
val keystore: InputStream = KEYSTORE match { // for live override dev certificate
case Some(path) =>
new FileInputStream(path)
case None =>
getClass.getClassLoader.getResourceAsStream("myResource")
}
ks.load(keystore, pwdChars)
keyManagerFactory.init(ks, pwdChars)
tmf.init(ks)
sslContext.init(keyManagerFactory.getKeyManagers, tmf.getTrustManagers, new SecureRandom)
Some(ConnectionContext.https(sslContext))
But when I publish this particular package on my mac & try to use it in a different service I'm getting this particular ERROR -但是当我在我的 Mac 上发布这个特定的 package 并尝试在不同的服务中使用它时,我得到了这个特定的错误 -
[error] java.io.IOException: public key protected PKCS12 not supported
[error] at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1958)
[error] at java.security.KeyStore.load(KeyStore.java:1445)
[error] at com.f1000.baseservice.BaseMicroService$.createHTTPSContext(BaseMicroService.scala:69)
[error] at com.f1000.StaticInfomicroservice.StaticInfoMicroService$.createWebServer(StaticInfoMicroService.scala:36)
[error] at com.f1000.StaticInfomicroservice.StaticInfoMicroService$.$anonfun$main$1(StaticInfoMicroService.scala:61)
[error] at com.f1000.StaticInfomicroservice.StaticInfoMicroService$.$anonfun$main$1$adapted(StaticInfoMicroService.scala:58)
[error] at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
[error] at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1402)
[error] at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
[error] at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
[error] at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
[error] at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
This error is generally occuring if I publish the package on a mac machine but when I publish the same on a Windows machine, it works perfectly fine.如果我在 Mac 机器上发布 package,通常会出现此错误,但当我在 Windows 机器上发布时,它工作得很好。
Do you think that this might be something specific to Mac?你认为这可能是 Mac 特有的东西吗?
2 个解决方案
解决方案1
0 2021-11-05 14:20:50
Just FYI since a I and a coworker spent a couple of hours figuring this out.仅供参考,因为我和一个同事花了几个小时来解决这个问题。 We got this message when loading a Java Keystore with a cert from a consultant our company hired.我们在加载带有我们公司聘请的顾问的证书的 Java 密钥库时收到此消息。
The consultant's cert was the next level up in the trust chain, so the Keystore had our cert and the consultant's cert.顾问的证书是信任链中的下一级,所以 Keystore 有我们的证书和顾问的证书。 The problem was that the consultant had included two of its certs, one with signature encrypted with SHA-1 and one with SHA-256.问题是顾问包含了两个证书,一个带有用 SHA-1 加密的签名,另一个带有 SHA-256。 Our cert had its signature encrypted with SHA-256.我们的证书的签名使用 SHA-256 加密。 We saw this error intermittently (the kind that drives you nuts) until we removed the SHA-1 encrypted cert from the keystore.在我们从密钥库中删除了 SHA-1 加密证书之前,我们间歇性地看到了这个错误(那种让你发疯的错误)。
解决方案2
0 2022-03-30 14:41:42
I faced the same error in situation when keystore binary file was corrupted by jinja2 templating engine in ansible. Disabling templating for keystore fix the issue.当密钥库二进制文件在 ansible 中被 jinja2 模板引擎损坏时,我遇到了同样的错误。禁用密钥库模板修复了这个问题。
As well, you can check file corruption by opening keystore via keytool JDK util.同样,您可以通过 keytool JDK util 打开密钥库来检查文件是否损坏。
keytool -list -v -keystore yourkeystore
In my case, keytool swow me the same error message.就我而言,keytool 向我展示了相同的错误消息。
public key protected PKCS12 not supported
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.