Java 无法发送密钥
我想将密钥库对象从服务器传输到客户端应用程序: 我正在做以下工作:Java 无法发送密钥,java,servlets,keystore,Java,Servlets,Keystore,我想将密钥库对象从服务器传输到客户端应用程序: 我正在做以下工作: response.reset(); response.setBufferSize(10240); response.setContentType(contentType); response.setHeader("Content-Length", String.valueOf(keystoreFile.length())); response.setHeader("Content-Disposition", "atta
response.reset();
response.setBufferSize(10240);
response.setContentType(contentType);
response.setHeader("Content-Length", String.valueOf(keystoreFile.length()));
response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\"");
BufferedInputStream input = null;
BufferedOutputStream output = null;
try{
input = new BufferedInputStream(new FileInputStream(keystoreFile), DEFAULT_BUFFER_SIZE);
output = new BufferedOutputStream(response.getOutputStream(), DEFAULT_BUFFER_SIZE);
output.write(KeyStoreUtil.getFileByteArray(input));
}finally{
input.close();
output.close();
}
但该文件在客户端损坏,在获取密钥库时出错,原因如下:
java.io.EOFException
at java.io.DataInputStream.readInt(DataInputStream.ja
at com.sun.crypto.provider.JceKeyStore.engineLoad(Jce
at java.security.KeyStore.load(KeyStore.java:1214)
实际上,我看到的是,正在创建文件:
如果我在命令提示符下以以下方式运行命令:
keytool -list -storetype jceks -keystore aeskeystore.jck
Enter keystore password:
我得到一个错误:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
getFileByteArray如下所示:
public static byte[] getFileByteArray(InputStream fileInputStream) {
if (fileInputStream != null) {
int readLine = 0;
byte[] data = new byte[16384];
ByteArrayOutputStream fileBuffer = new ByteArrayOutputStream();
try {
while ((readLine = fileInputStream.read(data, 0, data.length)) != -1) {
fileBuffer.write(data, 0, readLine);
}
return fileBuffer.toByteArray();
} catch (IOException e) {
logger.error("Error occurred while reading keyfile::::"
+ e.getMessage());
}
}
return null;
}
您不是在传输对象,而是在传输文件。显然,KeyStoreUtil.getFileByteArray()有问题,您出于某种原因没有发布它,或者客户端代码也有问题,同上,但是为什么要传输keystore?这是一个表面上无效的安全漏洞。所以现在你已经发布了一半丢失的代码,你还没有回答我的问题。