我正在尝试保护在 Jetty 上运行的 Web 服务。该服务是使用 sparkjava v.2.3 实现的,它具有用于此目的的特定命令:
secure(keystoreFile, keystorePassword, truststoreFile, truststorePassword);
因此,我使用了这个命令并使用 keytool 实用程序生成了密钥库文件:
keytool -genkeypair -keystore keystore.jks -alias $MYHOST -keyalg RSA -keysize 2048 -dname "CN=$MYHOST"
提供了密码并获得了这个 keystore.jks 文件,但是当我尝试启动我的服务时,我得到了以下异常:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) ~[na:1.8.0_45]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) ~[na:1.8.0_45]
at java.security.KeyStore.load(KeyStore.java:1445) ~[na:1.8.0_45]
at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:52) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.ssl.SslContextFactory.loadTrustStore(SslContextFactory.java:1046) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:338) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:260) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:244) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.server.Server.doStart(Server.java:384) ~[jetty-server-9.3.3.v20150827.jar:9.3.3.v20150827]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68) ~[jetty-util-9.3.3.v20150827.jar:9.3.3.v20150827]
at spark.webserver.JettySparkServer.ignite(JettySparkServer.java:131) ~[spark-core-2.3.jar:na]
at spark.SparkInstance.lambda$init$0(SparkInstance.java:341) [spark-core-2.3.jar:na]
at spark.SparkInstance$$Lambda$7/1326393666.run(Unknown Source) [spark-core-2.3.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
恕我直言,keystore.jks 是有效的,因为从中生成的证书已成功安装。进一步调查问题我正在查看 sun.security.provider.JavaKeyStore 的源代码并查看以下代码:
645 int xMagic = dis.readInt();
646 int xVersion = dis.readInt();
647
648 if (xMagic!=MAGIC ||
649 (xVersion!=VERSION_1 && xVersion!=VERSION_2)) {
650 throw new IOException("Invalid keystore format");
651 }
652
上面提到的在同一文件中定义的常量:
68 private static final int MAGIC = 0xfeedfeed;
69 private static final int VERSION_1 = 0x01;
70 private static final int VERSION_2 = 0x02;
71
现在我正在使用 hexdump 实用程序打开 keystore.jks 文件并在其顶部查看:
$ hexdump -C keystore.jks
00000000 fe ed fe ed 00 00 00 02 00 00 00 01 00 00 00 01 |................|
所以,根据我所看到的,xMagic 变量等于 MAGIC 常量,xVersion 等于 VERSION_2。它不应该抛出这个异常,但它会。
如果有人能阐明我在这里缺少什么以及如何使其发挥作用,我将不胜感激。