当我尝试使用 SSLContext 打开 LDAP 连接时,我收到如下证书验证错误。
javax.naming.CommunicationException: simple bind failed: <Host>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:327)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1689)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1084)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:1012)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:765)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:441)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
... 91 more
Caused by: java.security.cert.CertificateException: Certificates do not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1236)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1158)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1100)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1671)
... 104 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: RSASSA-PSS
at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:278)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1232)
... 107 more
我验证了最新的 Zulu JDK 8u252 支持 RSASSA-PSS 算法,打印提供者和签名算法如下
Provider p[] = Security.getProviders();
for (int i = 0; i < p.length; i++) {
log.debug(p[i].toString());
for (Enumeration e = p[i].keys(); e.hasMoreElements();)
log.debug("\t" + e.nextElement());
}
Will print Signature.RSASSA-PSS in one of the log line
此外,通过运行 KeyFactory.getInstance("RSASSA-PSS"),以下是签名算法的详细信息
result = {SunRsaSign@17319} size = 60
"Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Signature.SHA224withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.2" -> "MD2withRSA"
"Provider.id name" -> "SunRsaSign"
"Signature.SHA224withRSA" -> "sun.security.rsa.RSASignature$SHA224withRSA"
"Signature.RSASSA-PSS" -> "sun.security.rsa.RSAPSSSignature"
"Signature.SHA512withRSA" -> "sun.security.rsa.RSASignature$SHA512withRSA"
"Signature.MD5withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Signature.MD2withRSA" -> "sun.security.rsa.RSASignature$MD2withRSA"
"Signature.SHA512/256withRSA" -> "sun.security.rsa.RSASignature$SHA512_256withRSA"
"Signature.MD2withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"KeyFactory.RSASSA-PSS" -> "sun.security.rsa.RSAKeyFactory$PSS"
"Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1" -> "RSA"
"Provider.id version" -> "1.8"
"KeyFactory.RSA" -> "sun.security.rsa.RSAKeyFactory$Legacy"
"Signature.SHA512withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Signature.MD5withRSA" -> "sun.security.rsa.RSASignature$MD5withRSA"
"Signature.SHA256withRSA" -> "sun.security.rsa.RSASignature$SHA256withRSA"
"Signature.SHA512/256withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1" -> "RSA"
"KeyPairGenerator.RSASSA-PSS" -> "sun.security.rsa.RSAKeyPairGenerator$PSS"
"Signature.SHA1withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.16" -> "SHA512/256withRSA"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.15" -> "SHA512/224withRSA"
"AlgorithmParameters.RSASSA-PSS" -> "sun.security.rsa.PSSParameters"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.14" -> "SHA224withRSA"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.13" -> "SHA512withRSA"
"Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1" -> "RSA"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.12" -> "SHA384withRSA"
"Signature.SHA256withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.11" -> "SHA256withRSA"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Signature.SHA512/224withRSA" -> "sun.security.rsa.RSASignature$SHA512_224withRSA"
"Provider.id info" -> "Sun RSA signature provider"
"Signature.RSASSA-PSS SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.KeyFactory.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Signature.SHA1withRSA" -> "sun.security.rsa.RSASignature$SHA1withRSA"
"Signature.SHA384withRSA" -> "sun.security.rsa.RSASignature$SHA384withRSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.16" -> "SHA512/256withRSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.15" -> "SHA512/224withRSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.14" -> "SHA224withRSA"
"Alg.Alias.Signature.1.3.14.3.2.29" -> "SHA1withRSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.13" -> "SHA512withRSA"
"Signature.SHA512/224withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Alg.Alias.Signature.1.2.840.113549.1.1.12" -> "SHA384withRSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.5" -> "SHA1withRSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.11" -> "SHA256withRSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.4" -> "MD5withRSA"
"Provider.id className" -> "sun.security.rsa.SunRsaSign"
"Alg.Alias.KeyFactory.1.2.840.113549.1.1" -> "RSA"
"Alg.Alias.Signature.1.2.840.113549.1.1.10" -> "RSASSA-PSS"
"Signature.SHA384withRSA SupportedKeyClasses" -> "java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey"
"Alg.Alias.Signature.1.2.840.113549.1.1.2" -> "MD2withRSA"
"KeyPairGenerator.RSA" -> "sun.security.rsa.RSAKeyPairGenerator$Legacy"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.5" -> "SHA1withRSA"
"Alg.Alias.Signature.OID.1.2.840.113549.1.1.4" -> "MD5withRSA"
服务器证书的内容如下。注意签名算法是 RSASSA-PSS
Version: 3
SerialNumber: 2586886443162469273038800222551716765315891225
IssuerDN: <Issuer DN>
Start Date: Thu Mar 12 17:57:45 IST 2020
Final Date: Fri Mar 12 17:57:45 IST 2021
SubjectDN: <Subject DN>
Public Key: RSA Public Key
modulus: 879f18a4f644393d7bdd2047f4ab6888b788403aa5d2c94bec6e4fec6231c0663eec92f24ea6a7d7521915f976c8785d19f60a19a2e9208927465136b69ab7fb1edc9aad4ba3f571c06b224112b5f6e4bf97e2caabd2154e77913dfe1f1e1138c117f50b8c6574196d686abe0111637afe3f18d019e304fc0f0410e367ff92fed1835752a72b300cc245144d844422713bde9bbe29b3675edbc74e03dc2f15ba0d55974d924613a7b911352f6509ada93fe0fafc9ec4a9c529f3758ccd6cfc702b299f1593fd4036e55379591049b3b0c986199b8bdb2330d334c7b8be1b7eabda3061f17d5eec0cfc61ed9710f36deef546436bdb596b47293c81a01866c59b
public exponent: 10001
Signature Algorithm: RSASSA-PSS
Signature: 60622de6b5fcc485657a8b08f85791feb10ad70e
6832105575eaf71e91af49d6d4db80140b509741
4e4e2ff6b23d8702eba4bf08682546595896e2da
aa65cb1d4199c1226408a5055c15bad7dc9c16e9
8a5de7a8a11b64eb0a4c673d3ac3fb5146770d16
d5bd51b460d8de088c8c164af0e139670b676ec9
919f38145c57a0f39e971983c6129f9df1b7be63
8066d8897f82a06e066a7ee217ae399e3e4ff249
13aee87a75bb036b2296c328f123d2dd8f0f6284
e7473783ef6f6ed36849fb69de3a44bbfee9f26c
6b7fe9981fa1d123d8c64e1136ac6219a4ed3d54
04faa124db2af80564f6f13911b8595eec6768da
877943dfe69ded5bb23f40fc79d30d7d
Extensions:
critical(false) 1.3.6.1.4.1.311.20.2 value = BMPString(DomainController)
critical(false) 2.5.29.37 value = DER Sequence
ObjectIdentifier(1.3.6.1.5.5.7.3.2)
ObjectIdentifier(1.3.6.1.5.5.7.3.1)
critical(true) KeyUsage: 0xa0
critical(false) 1.2.840.113549.1.9.15 value = DER Sequence
DER Sequence
ObjectIdentifier(1.2.840.113549.3.2)
Integer(128)
DER Sequence
ObjectIdentifier(1.2.840.113549.3.4)
Integer(128)
DER Sequence
ObjectIdentifier(2.16.840.1.101.3.4.1.42)
DER Sequence
ObjectIdentifier(2.16.840.1.101.3.4.1.45)
DER Sequence
ObjectIdentifier(2.16.840.1.101.3.4.1.2)
DER Sequence
ObjectIdentifier(2.16.840.1.101.3.4.1.5)
DER Sequence
ObjectIdentifier(1.3.14.3.2.7)
DER Sequence
ObjectIdentifier(1.2.840.113549.3.7)
critical(false) 2.5.29.17 value = DER Sequence
Tagged [0] IMPLICIT
DER Sequence
ObjectIdentifier(1.3.6.1.4.1.311.25.1)
Tagged [0]
DER Octet String[16]
Tagged [2] IMPLICIT
DER Octet String[18]
critical(false) 2.5.29.14 value = DER Octet String[20]
critical(false) 2.5.29.35 value = DER Sequence
Tagged [0] IMPLICIT
DER Octet String[20]
critical(false) 2.5.29.31 value = DER Sequence
DER Sequence
Tagged [0]
Tagged [0]
Tagged [6] IMPLICIT
DER Octet String[186]
critical(false) 1.3.6.1.5.5.7.1.1 value = DER Sequence
DER Sequence
ObjectIdentifier(1.3.6.1.5.5.7.48.2)
Tagged [6] IMPLICIT
DER Octet String[161]
我已经禁用了 java.security 和 Java 中的大多数签名算法,如下所示
Security.setProperty("jdk.jar.disabledAlgorithms", "SSLv3, DSA keySize < 1024");
Security.setProperty("jdk.certpath.disabledAlgorithms", "SSLv3, DSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms", "SSLv3, DSA keySize < 1024");
在日志中,我使用 Security.getProperty("jdk.certpath.disabledAlgorithms") 禁用了上述算法
log.debug("jdk.certpath.disabledAlgorithms : " + Security.getProperty("jdk.certpath.disabledAlgorithms"));
log.debug("jdk.jar.disabledAlgorithms : " + Security.getProperty("jdk.jar.disabledAlgorithms"));
log.debug("jdk.tls.disabledAlgorithms : " + Security.getProperty("jdk.tls.disabledAlgorithms"));
Output:
jdk.certpath.disabledAlgorithms : SSLv3, DSA keySize < 1024
jdk.jar.disabledAlgorithms : SSLv3, DSA keySize < 1024
jdk.tls.disabledAlgorithms : SSLv3, DSA keySize < 1024
我正在初始化 SSLContext 如下
SSLSocketFactory sslFactory = null;
SSLContext sslc = SSLContext.getInstance("TLS");
sslc.init(null, new X509TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {.
for(X509Certificate cert: chain)
log.info(cert.toString());
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException { //authType=ECDHE_RSA
for(X509Certificate cert: chain)
log.info(cert.toString());
return;
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
}, new SecureRandom());
sslFactory = sslc.getSocketFactory();
由于我是加密新手并试图使用在线资源使其工作,我仍然缺少一些东西。任何人都可以帮助我哪里出错了吗?
更新:
在实例化自定义信任管理器时使用 X509ExtendedTrustManager 而不是 X509TrustManager 使其工作的一种方法。但是使用 X509ExtendedTrustManager 而不是 X509TrustManager 的潜在漏洞是什么?如此链接/评论中所述,在生产中使用它是不安全的。