Java pkcs12密钥库的Nosuch算法
我正在编写一个示例程序,从java应用程序中查询供应商的Web服务。我不是在服务器上做这件事,它是一个java命令行桌面应用程序。编辑:使用Java7 我有供应商提供的证书——一个包括识别供应商的链,另一个是识别我公司的密钥库。我已经将供应商证书导入到cacerts中,并且相信它可以正常工作,因为它消除了我在创建服务对象时经常遇到的错误 当我实际尝试运行对webservice的远程调用时,我得到了一个NoSuchAlgorithm错误;这是否意味着pkcs12不是有效的密钥库类型?keystoreexplorer可以阅读这个Keystore,这让我相信使用pkcs12应该是可能的 所以我想知道我做错了什么,例如,我是否需要为PKCS12类型的密钥做些什么。由于我使用VM命令行选项指定了一个密钥库,所以我还不明白为什么SSL调试信息没有列出该密钥库 我使用以下选项运行此操作:Java pkcs12密钥库的Nosuch算法,java,ssl,keystore,pkcs#12,Java,Ssl,Keystore,Pkcs#12,我正在编写一个示例程序,从java应用程序中查询供应商的Web服务。我不是在服务器上做这件事,它是一个java命令行桌面应用程序。编辑:使用Java7 我有供应商提供的证书——一个包括识别供应商的链,另一个是识别我公司的密钥库。我已经将供应商证书导入到cacerts中,并且相信它可以正常工作,因为它消除了我在创建服务对象时经常遇到的错误 当我实际尝试运行对webservice的远程调用时,我得到了一个NoSuchAlgorithm错误;这是否意味着pkcs12不是有效的密钥库类型?keystor
-Djavax.net.debug=ssl -Djavax.net.ssl.keystore="S:\Vendor Documentation\9.07\Web Services\MyCompanykickoff\VendorSaaSWebServices-Customer.pfx" -Djavax.net.ssl.keyStorePassword=cX5L9CTj -Djavax.net.ssl.keyStoreType=pkcs12
run:
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync1
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEncryptedSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector] selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
keyStore is :
keyStore type is : pkcs12
keyStore provider is :
init keystore
default context init failed: java.security.KeyStoreException: pkcs12
not found
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:123)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:626)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:585)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
at com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
all done
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:177)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:203)
at stsclientexample3.STSClientExample3.main(STSClientExample3.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205)
at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:361)
at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:378)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:473)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:270)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:327)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:974)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)
... 11 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Provider.java:1262)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:97)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:121)
at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:333)
at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:291)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
at java.net.URL.openConnection(URL.java:1018)
at com.sun.xml.internal.ws.api.EndpointAddress.openConnection(EndpointAddress.java:202)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.createHttpConnection(HttpClientTransport.java:202)
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:102)
... 11 more
Caused by: java.security.KeyStoreException: pkcs12
not found
at java.security.KeyStore.getInstance(KeyStore.java:616)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:603)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:495)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at java.security.Provider$Service.newInstance(Provider.java:1238)
... 24 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12
KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:613)
... 33 more
BUILD SUCCESSFUL (total time: 0 seconds)
运行:
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}“背书支持对话”被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}自定义绑定\u IWSTrust13Sync
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}自定义绑定\u IWSTrust13Sync1
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding”被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}“信任13”被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11“被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing”被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0019:在客户端选择了适合度为“未知”的次优策略替代方案。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEncryptedSupportingTokens”评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding”被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}“信任13”被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11“被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0075:策略断言“{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing”被评估为“未知”。
2015年12月28日上午9:03:46[com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]选择备选方案
警告:WSP0019:在客户端选择了适合度为“未知”的次优策略替代方案。
重点是:
密钥库类型为:pkcs12
密钥库提供程序是:
初始化密钥库
默认上下文初始化失败:java.security.KeyStoreException:pkcs12
找不到
com.sun.xml.internal.ws.client.ClientTransportException:HTTP传输错误:java.net.SocketException:java.security.nosuchalgorithException:构造实现时出错(算法:默认,提供程序:SunJSSE,类:sun.security.ssl.SSLContextImpl$DefaultSSLContext)
位于com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
位于com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
在com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)上
位于com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:123)
位于com.sun.xml.internal.ws.api.pipe.Fiber.\uuuu-doRun(Fiber.java:626)
位于com.sun.xml.internal.ws.api.pipe.Fiber.\u-doRun(Fiber.java:585)
位于com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
位于com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
位于com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
全部完成
在com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:177)上
位于com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:203)
在stsclientexample3.stsclientexample3.main(stsclientexample3.java:72)
原因:java.net.SocketException:java.security.nosuchalgorithexception:构造实现时出错(算法:默认,提供程序:SunJSSE,类:sun.security.ssl.SSLContextImpl$DefaultSSLContext)
位于javax.net.ssl.DefaultSSLSocketFactory.throweException(SSLSocketFactory.java:198)
在javax.net.ssl.DefaultSSLSocketF
package stsclientexample3;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import javax.xml.ws.Service.Mode;
import javax.xml.ws.soap.AddressingFeature;
import org.oasis_open.docs.ws_sx.ws_trust._200512.RequestSecurityTokenType;
public class STSClientExample3 {
public static void main(String[] args) {
try
{
final Service service
= Service.create(
new URL("file://\\project\\VendorDemo\\DocumentAPIv22Methods\\EchoSignDocumentService22Demo\\Java\\STSClientExample2\\web\\WEB-INF\\wsdl\\SecurityTokenService.wsdl"),
new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "SecurityTokenService")
);
Iterator<QName> ports = service.getPorts();
while (ports.hasNext()) {
QName port = ports.next();
System.out.println(port.toString());
}
final Dispatch dispatch
= service.createDispatch(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "CustomBinding_IWSTrust13Sync"),
JAXBContext.newInstance("org.oasis_open.docs.ws_sx.ws_trust._200512"),
Mode.PAYLOAD,
new AddressingFeature()
);
final BindingProvider provider = (BindingProvider) dispatch;
final Map requestContext = provider.getRequestContext();
requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");
final RequestSecurityTokenType request = new RequestSecurityTokenType();
dispatch.invoke(new JAXBElement<RequestSecurityTokenType>
(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestSecurityToken"),
RequestSecurityTokenType.class,
request)
);
}
catch (Exception e) { e.printStackTrace(); }
System.out.println("all done");
}
public static void disableCertificates()
{
try {
TrustManager[] trustAllCerts =
{new X509TrustManager()
{
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}
};
SSLContext sc = SSLContext.getInstance("SSL");
HostnameVerifier hv
= new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } };
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
catch (Exception localException)
{
System.out.println("Problem disabling SSL certificates: " + localException.getMessage());
}
}
}
#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true
server.ssl.key-store-type="PKCS12"
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)