javax.net.ssl.SSLException:意外错误:java.security.InvalidAlgorithmParameterException

问题描述 投票:0回答:1

它是 LDAP 的 Java Web 应用程序,我正在实现 LDAPS,因此在添加自签名 cert ssl 证书时我面临这个问题。

keytool -genkeypair -keyalg RSA -keysize 2048 -alias localhost -keystore keystore.jks -storepass your_password -validity 365 -keypass your_password -dname "CN=localhost"

keytool -export -alias localhost -keystore keystore.jks -file localhost.crt -storepass your_password

keytool -import -trustcacerts -alias localhost -file localhost.crt -keystore keystorename.jks -storepass 你的密码

密钥库在 src/main/resources 中创建

spring应用yml文件 LDAP: 网址:ldaps://localhost:10636 基础:uid=admin,ou=系统 用户名:uid=admin 密码:你的密码 基础环境: javax.net.ssl.trust-store:类路径:keystorename.jks javax.net.ssl.trust-store-password:changeit javax.net.ssl.trust-store-type:JKS javax.net.ssl.trust-store-provider:SUN javax.net.ssl.trust-store-alias: localhost

String Keystore = "[redacted]";
System.setProperty("javax.net.ssl.trustStore", Keystore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.debug", "ssl,handshake");



org.springframework.ldap.CommunicationException: simple bind failed: localhost:10636; nested exception is javax.naming.CommunicationException: simple bind failed: localhost:10636 [Root exception is javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
    at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
    at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
    at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:570)
.........
Caused by: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:129)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
    at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1314)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:408)
    at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
    at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:970)
    at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
    at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
    at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:398)
    at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:371)
    at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
    at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
    ... 99 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89)
    at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
    at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:308)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:176)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:188)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    ... 107 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
    at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
    at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
    at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:86)

在java cacertes中导入证书并给出信任存储的路径和密码,但仍然信任锚参数必须为非空错误。

spring ssl spring-security ldap apacheds
1个回答
0
投票

我认为这与指定truststore的路径有关。您需要将以下配置添加到您的 JVM。

-Djavax.net.ssl.trustStore="/path/to/truststore/mytruststore.jks"
-Djavax.net.ssl.trustStorePassword="changeit"

如果您在 IDE 中运行它,请从运行配置或某些 ini 文件中更改它。 希望这能解决问题。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.