7

我正在尝试获取一个专门org.apache.ws.security.components.crypto.Merlin使用org.apache.ws.security.components.crypto.CryptoFactoryCryptoFactory.getInstance(properties)方法的实例。

这将始终抛出

java.lang.RuntimeException: org.apache.ws.security.components.crypto.Merlin cannot create instance

这实际上是由

java.security.UnrecoverableKeyException: Password verification failed

密钥库文件上的密码已在命令行中使用 keytool 进行检查,并且正确。

密钥库是通过以下过程生成的:

CMD 窗口详述 keytool -genkey -keystore testkeystore.jks

它位于 Eclipse 项目的根目录中。

测试申请如下:

public class App {
    public static void main(String[] args) throws CredentialException,
            IOException {
        System.out.println("Starting");
        Properties p = new Properties();
        p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
                "password");
        p.setProperty("org.apache.ws.security.crypto.provider",
                "org.apache.ws.security.components.crypto.Merlin");
        p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
                "jks");
        p.setProperty("org.apache.ws.security.crypto.merlin.file", "./testkeystore.jks");

        Crypto crypto = CryptoFactory.getInstance(p);
        System.out.println(" Complete ");

    }
}

并生成以下异常:

Exception in thread "main" java.lang.RuntimeException: org.apache.ws.security.components.crypto.Merlin cannot create instance
    at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:225)
    at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
    at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:73)
    at com.restart.test.cryptotest2.App.main(App.java:22)
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
    at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:211)
    ... 3 more
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials.
    at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:174)
    at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:135)
    at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:71)
    ... 8 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
    at java.security.KeyStore.load(KeyStore.java:1214)
    at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:168)
    ... 10 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
    ... 13 more

cmd窗口中显示的密码设置为“密码”,但所有帐户都拒绝了它,我可以毫无问题地更改密码keytool -storepasswd,所以我知道我提供的密码是正确的;谁能建议这里可能出了什么问题?我已经尝试调试了整整一天,但没有成功。

如果我可以提供任何其他信息,请告诉我。

编辑 -

构建此测试需要以下 maven 依赖项:

   <dependency> 
      <groupId>org.apache.ws.security</groupId> 
      <artifactId>wss4j</artifactId> 
      <version>1.5.8</version> 
      <scope>provided</scope>
    </dependency>
4

2 回答 2

3

在阅读了用户的评论后,我针对不同版本的 JDK/JRE 构建了它并且它工作了,在下载了 rt.java 的源代码并逐步完成之后,我发现 CryptoBase 类正在实例化两个 JavaKeyStore,第一个(是我的 . jks 文件),它实例化得很好,但第二个是cacerts密钥库,jre\lib\security>其中没有changeit导致失败的默认密码;

我现在已经更改了 jre 密钥库的密码,并且在我原来的 jre/jdk 中工作正常。

于 2013-05-02T09:10:09.947 回答
2

我认为您的问题与库有关,因为 stacktrace 说

'org.apache.ws.security.components.crypto.Merlin 无法创建实例'

这意味着您没有(或版本不正确)WSS4J 库。

于 2013-05-02T08:46:22.247 回答