ssl java.security. NoSuchromException:找不到X509 KeyManagerFactory

oprakyz7  于 12个月前  发布在  Java
关注(0)|答案(4)|浏览(164)

我想创建SSL连接。我创建了密钥库。并试图使用x509。

final KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");

字符串
但我得到下面的异常控制台运行后。
Java.security. NoSuchromException:X509 KeyManagerFactory not available at sun.security.jca.GetInstance.getInstance(Unknown Source)at javax.net.ssl.KeyManagerFactory.getInstance(Unknown Source)SSLContext sc = SSLContext.getInstance(connectionType); final char[] keyPassPhrase =“changeit”.toCharArray(); //String [] array = Security.getProviders(); final KeyStore ks = KeyStore.getInstance(“jks”);

ks.load(new FileInputStream("ClientKeyStore"), keyPassPhrase);
        provider();
        final KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509"); // this line is problem

        // SunX509 : supporting only: [TLSv1, TLSv1.1, TLSv1.2]
        kmf.init(ks, keyPassPhrase);

        sc.init(kmf.getKeyManagers(), new TrustManager[] {
                new X509TrustManager(){
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                    @Override
                    public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                            throws CertificateException {

                    }
                    public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                            throws CertificateException {
                    }
                }
        },new SecureRandom());
        SSLSocketFactory factory = sc.getSocketFactory();
        SSLSocket socket=null;
        try{
            //socket = (SSLSocket) factory.createSocket("XXXX",xxxx);/
            socket = (SSLSocket) factory.createSocket(ipAddress, Integer.parseInt(ports[portIndex]));

            //convert to array
            String[] cipherSelectedArray;
            if(isSupported == 1 ) {
                cipherSelectedArray = new String[] {msupportedcipherList.get(cipherIndex).trim()};
            }
            else {
                cipherSelectedArray = new String[] {mnotSupportedcipherList.get(cipherIndex).trim()};
            }

            String []mselectedSSLOrTLSVersionArrray = new String[] {mselectedSSLOrTLSVersion};   // if passing these --> getting connection timeout

            socket.setEnabledProtocols(mselectedSSLOrTLSVersionArrray);
            socket.setEnabledCipherSuites(cipherSelectedArray);
            for(int i = 0; i<cipherSelectedArray.length ; i++) {
                //System.out.println("ciphers are :" +  cipherSelectedArray[i]);
            }

            socket.setSoTimeout(15000);

            socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {

                @Override
                public void handshakeCompleted(HandshakeCompletedEvent event) {
                    ////System.out.println("completed");

                }
            });


            socket.startHandshake(); //handshake                                            as "SunX509" does not support SSL. I need to create above one. Can someone help.   And also with "SunX509" i am getting                                              java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers problem with some ciphers. please help

oyxsuwqo

oyxsuwqo1#

算法提供程序无法识别您使用的参数X509
正如所描述的getInstance(String算法)的原因是清楚的。
如果没有Provider支持指定算法的KeyManagerFactorySpi实现,则抛出NoSuchalummException。
标准算法描述为here
我猜他们在KeyManagerFactory中支持PKIX, SunX509这两个算法
所以你必须使用SunX509而不是X509
看这里的表格

wbgh16ku

wbgh16ku2#

阅读堆栈跟踪告诉你的内容:
java.security. NoSuchromException:找不到X509 KeyManagerFactory
X509算法在您使用的安全提供程序中不可用。但是,下面的代码应该可以为您工作:

final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

字符串
请看一下这个Code Ranch article,它讨论了你的问题,还展示了如何从你的提供商那里找到可用的安全算法。

xpcnnkqh

xpcnnkqh3#

使用“SunX509”的问题在于它是特定于Oracle JRE的,在IBM JRE中不起作用,IBM JRE的默认值是“IbmX509”。与供应商无关的更好的解决方案是:

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

字符串
默认算法由<JRE_HOME>/lib/security/java.security中的安全属性“ssl.keyManagerFactory.algorithm”定义,在Oracle中默认为“SunX509”,在IBM JRE中默认为“IbmX509”(至少对于Java 8是这样)。

yvgpqqbh

yvgpqqbh4#

首先检查所需的算法是否在JDK jre的java.security中可用在我的情况下,我只是改变了算法的顺序,并在 Java.security中添加了一个安全提供程序,它工作了。
1.增加的安全性提供:
security.provider.12=sun.x.rsa.SunRsaSign
1.改变算法顺序:
发件人:
ssl.KeyManagerFactory.algorithm=SunX509
ssl.TrustManagerFactory.algorithm=PKIX

ssl.TrustManagerFactory.algorithm=PKIX
ssl.KeyManagerFactory.algorithm=SunX509
java.security路径:\jdk1.7.0_25\jre\lib\security\java.security
使用下面的代码检查您的JDK是否支持SunX509算法

public static void main(String[] args) {
    String algorithm = "SunX509";
    Provider provider = Security.getProvider("SunJSSE");

    if (provider != null && provider.getService("KeyManagerFactory", algorithm) != null) {
        System.out.println("SunJSSE provider supports the " + algorithm + " algorithm.");
    } else {
        System.out.println("SunJSSE provider does not support the " + algorithm + " algorithm.");
    }
}

字符串

相关问题