我正在使用 java 9 运行以下命令:
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg pkcs11conf -list
并得到流动的错误:
keytool 错误:java.lang.Exception:Provider 找不到“sun.security.pkcs11.SunPKCS11”
在 Java 8 中它可以工作。
如何将 keytool 与 SunPKCS11 提供程序一起使用?
问题出在我的 pkcs11conf 文件上。 Java 不喜欢我的 DLL 路径中的单个反斜杠:
“C:\Path o\my\pkcs11lib\mypkcs11lib.dll”:错误
“C:\Path\to\my\pkcs11lib\mypkcs11lib.dll”:好的
Java 8 和 Java 9 的区别在于错误消息。
Java 9:
keytool error: java.lang.Exception: Provider "sun.security.pkcs11.SunPKCS11" not found
Java 8:
keytool error: java.lang.reflect.InvocationTargetException
当我将 -v 添加到命令中时,我意识到了这一点。
Java 9:
java.lang.Exception: Provider "sun.security.pkcs11.SunPKCS11" not found
at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:798)
at java.base/sun.security.tools.keytool.Main.run(Main.java:397)
at java.base/sun.security.tools.keytool.Main.main(Main.java:390)
Caused by: sun.security.pkcs11.ConfigurationException: Absolute path required for library value: xxx.dll
at jdk.crypto.cryptoki/sun.security.pkcs11.Config.parseLibrary(Config.java:682)
at jdk.crypto.cryptoki/sun.security.pkcs11.Config.parse(Config.java:392)
at jdk.crypto.cryptoki/sun.security.pkcs11.Config.<init>(Config.java:210)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
at java.base/sun.security.tools.KeyStoreUtil.loadProviderByName(KeyStoreUtil.java:285)
at java.base/sun.security.tools.KeyStoreUtil.loadProviderByClass(KeyStoreUtil.java:309)
at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:788)
... 2 more
Java 8:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at sun.security.tools.keytool.Main.doCommands(Unknown Source)
at sun.security.tools.keytool.Main.run(Unknown Source)
at sun.security.tools.keytool.Main.main(Unknown Source)
Caused by: java.security.ProviderException: Error parsing configuration
at sun.security.pkcs11.Config.getConfig(Config.java:88)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
... 7 more
Caused by: sun.security.pkcs11.ConfigurationException: Absolute path required for library value: xxx.dll
at sun.security.pkcs11.Config.parseLibrary(Config.java:690)
at sun.security.pkcs11.Config.parse(Config.java:398)
at sun.security.pkcs11.Config.<init>(Config.java:220)
我在 Linux 环境中遇到了同样的问题,设置一个环境变量解决了这个问题。
export JAVA_TOOL_OPTIONS="-Djava.security.debug=sunpkcs11,provider"
或者将其添加为 java 参数,以防 jarsigner。