从 pfx 文件生成的 JAVA jks 密钥库存在问题
Issue with JAVA jks keystore generated from pfx file
我已经从输入的 pfx 文件生成了 JKS 格式的密钥库文件。在tomcat web 应用程序中使用密钥库文件时,遇到异常,如果有人遇到同样的问题,请帮助。
异常:
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
... 124 common frames omitted
Caused by: org.opensaml.common.SAMLRuntimeException: Can't obtain SP signing key
at org.springframework.security.saml.key.JKSKeyManager.getCredential(JKSKeyManager.java:193) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.key.JKSKeyManager.getDefaultCredential(JKSKeyManager.java:205) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory.initializeDelegate(TLSProtocolSocketFactory.java:113) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory.<init>(TLSProtocolSocketFactory.java:77) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer.afterPropertiesSet(TLSProtocolConfigurer.java:50) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
... 131 common frames omitted
Caused by: org.opensaml.xml.security.SecurityException: Could not retrieve entry from keystore
at org.opensaml.xml.security.credential.KeyStoreCredentialResolver.resolveFromSource(KeyStoreCredentialResolver.java:136) ~[xmltooling-1.4.4.jar:na]
异常表明 openSAML 找不到您的 (SP) 私钥来签署 SAML 消息。
应该存在以下 SAML 配置(例如 spring-security.xml)
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg type="org.springframework.core.io.Resource" value="file:/path/to/keystore/jks"/>
<constructor-arg type="java.lang.String" value="<keystorePassword>"/>
<constructor-arg>
<map>
<entry key="<keyAlias>" value="<privateKeyPassphrase>"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="<defaultKeyAlias>"/>
</bean>
如果您已经有了上述配置,请检查您的 JKS 是否包含别名为 .private/public 的密钥对。
我已经从输入的 pfx 文件生成了 JKS 格式的密钥库文件。在tomcat web 应用程序中使用密钥库文件时,遇到异常,如果有人遇到同样的问题,请帮助。
异常:
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
... 124 common frames omitted
Caused by: org.opensaml.common.SAMLRuntimeException: Can't obtain SP signing key
at org.springframework.security.saml.key.JKSKeyManager.getCredential(JKSKeyManager.java:193) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.key.JKSKeyManager.getDefaultCredential(JKSKeyManager.java:205) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory.initializeDelegate(TLSProtocolSocketFactory.java:113) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory.<init>(TLSProtocolSocketFactory.java:77) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer.afterPropertiesSet(TLSProtocolConfigurer.java:50) ~[spring-security-saml2-core-1.0.3.RELEASE.jar:1.0.3.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570) ~[spring-beans-4.1.7.RELEASE.jar:4.1.7.RELEASE]
... 131 common frames omitted
Caused by: org.opensaml.xml.security.SecurityException: Could not retrieve entry from keystore
at org.opensaml.xml.security.credential.KeyStoreCredentialResolver.resolveFromSource(KeyStoreCredentialResolver.java:136) ~[xmltooling-1.4.4.jar:na]
异常表明 openSAML 找不到您的 (SP) 私钥来签署 SAML 消息。
应该存在以下 SAML 配置(例如 spring-security.xml)
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg type="org.springframework.core.io.Resource" value="file:/path/to/keystore/jks"/>
<constructor-arg type="java.lang.String" value="<keystorePassword>"/>
<constructor-arg>
<map>
<entry key="<keyAlias>" value="<privateKeyPassphrase>"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="<defaultKeyAlias>"/>
</bean>
如果您已经有了上述配置,请检查您的 JKS 是否包含别名为 .private/public 的密钥对。