NoSuchAlgorithmException：通过 JAVA 8 连接到 SSL 网站时构建实现时出错

Question

我在这个异常上做了很多谷歌，发现了很多提示，但没有找到任何解决方案或原因（可能是我错过了其中的任何一个），所以最后用疲惫的眼睛发布问题寻求帮助。

我有一个网站 URL，即https://oesinternational.mkcl.org/，LB上安装了 SSL 证书，而 Web 服务器在 LB 后面。 Web 服务器在端口 80 上具有带有 JAVA 8 的 tomcat 7。因此 LB 在 443 端口上接收请求并将其转发到 80 端口上的 Web 服务器，Web 服务器将响应发送给 LB 和 LB 给最终用户。

在浏览器上一切正常，但是当我尝试使用 JAVA 连接到这个 URL 时，它抛出异常

java.net.SocketException：java.security.NoSuchAlgorithmException：构建实现时出错（算法：默认，提供者：SunJSSE，类：sun.security.ssl.SSLContextImpl$DefaultSSLContext）

代码：

url = new URL("https://oesinternational.mkcl.org/");
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod("GET");
connection.connect(); //this method throwing the exception

完整的堆栈跟踪如下：

java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
    at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248)
    at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:255)
    at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:405)
    at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
    at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
    at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156)
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
    at mkcl.oesclient.sync.controllers.ServerConnectionCheckHelper.isSSLCertficateInstalled(ServerConnectionCheckHelper.java:73)
    at mkcl.oesclient.sync.controllers.ServerConnectionCheckHelper.checkConnectionToESB(ServerConnectionCheckHelper.java:35)
    at mkcl.oesclient.sync.controllers.SynchronizeDataController.SyncMasterData(SynchronizeDataController.java:118)
    at mkcl.oesclient.sync.controllers.SynchronizeDataController.syncMasterAjax(SynchronizeDataController.java:90)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:870)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:776)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:978)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:870)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:855)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.sitemesh.webapp.contentfilter.ContentBufferingFilter.bufferAndPostProcess(ContentBufferingFilter.java:169)
    at org.sitemesh.webapp.contentfilter.ContentBufferingFilter.doFilter(ContentBufferingFilter.java:126)
    at org.sitemesh.config.ConfigurableSiteMeshFilter.doFilter(ConfigurableSiteMeshFilter.java:163)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1686)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
    at java.security.Provider$Service.newInstance(Provider.java:1617)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
    at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
    at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
    at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
    at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:332)
    at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:289)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:94)
    at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
    at sun.net.www.protocol.https.Handler.openConnection(Handler.java:57)
    at java.net.URL.openConnection(URL.java:979)
    at mkcl.oesclient.sync.controllers.ServerConnectionCheckHelper.isSSLCertficateInstalled(ServerConnectionCheckHelper.java:71)
    ... 45 more
Caused by: java.security.UnrecoverableKeyException: Password must not be null
    at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:132)
    at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
    at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
    at java.security.KeyStore.getKey(KeyStore.java:1023)
    at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
    at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
    at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
    at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getKeyManagers(SSLContextImpl.java:979)
    at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(SSLContextImpl.java:864)
    at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:1019)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at java.security.Provider$Service.newInstance(Provider.java:1595)
    ... 57 more

在 google 上搜索时，我知道“SunJSSE”提供程序不支持 SHA256RSA 签名算法（参考JAVADOC ），并且网站上的证书使用签名算法 SHA256RSA（检查下图）。

我想知道：

1. JAVA 8 中不支持的 SHA256RSA 签名算法实现是否导致问题？
2. 如果是，那么最好的解决方案是什么？ 如果没有，那么我做错了什么？

Answer 1

1. JAVA 8 中不支持的 SHA256RSA 签名算法实现是否导致问题？

不。 SunJSSE 没有实现这个算法，但是SunRsaSign在所有系统上都实现了。 （SunMSCA 仅适用于 Windows natvie 商店，OracleUcrypto 仅适用于 Solaris SPARC。）

2. ...如果不是，那么我做错了什么？

堆栈跟踪中的（最内层）原因是

Caused by: java.security.UnrecoverableKeyException: Password must not be null

在尝试打开（默认）密钥库时。

您必须为密钥库提供正确的密码。 您正在使用默认工厂和上下文，并且似乎没有覆盖任何内容，因此密钥库密码必须在系统属性javax.net.ssl.keyStorePassword 。

或者根本不提供密钥库，因为这台服务器（实际上是执行 SSL/TLS 终止的 LB）不需要客户端身份验证。