问题:
Bouncy Castle-认证发布组织。bouncycastle。tls。TLSFatalert:certificate\u未知(46)
华展鹏
我正在尝试使我的应用程序符合FIPS,因此我添加了FIPS的配置。但我在构建微服务时遇到了以下错误。我正在获得认证问题。我的证书已存在于我的证书目录中。任何建议都会很有帮助。
Sat Mar 26 01:11:32.721 IST 2022 [main] [o.b.jsse.provider.ProvTlsClient: INFO ] - Client raised fatal(2) certificate_unknown(46) alert: Failed to read record
org.bouncycastle.tls.TlsFatalAlert: certificate_unknown(46)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.checkServerTrusted(ProvSSLSocketDirect.java:135)
at org.bouncycastle.jsse.provider.ProvTlsClient$1.notifyServerCertificate(ProvTlsClient.java:360)
at org.bouncycastle.tls.TlsUtils.processServerCertificate(TlsUtils.java:4690)
at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(TlsClientProtocol.java:790)
at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(TlsClientProtocol.java:676)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(TlsProtocol.java:691)
at org.bouncycastle.tls.TlsProtocol.processRecord(TlsProtocol.java:580)
at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:245)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:839)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:416)
at org.bouncycastle.tls.TlsClientProtocol.connect(TlsClientProtocol.java:86)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(ProvSSLSocketDirect.java:445)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.startHandshake(ProvSSLSocketDirect.java:426)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:361)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestExecutionCallbacks.evaluate(RunBeforeTestExecutionCallbacks.java:74)
at org.springframework.test.context.junit4.statements.RunAfterTestExecutionCallbacks.evaluate(RunAfterTestExecutionCallbacks.java:84)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:251)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:97)
at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329)
at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306)
at org.junit.runners.ParentRunner.run(ParentRunner.java:413)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190)
at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:365)
at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273)
at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238)
at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159)
at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:384)
at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:345)
at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:126)
at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:418)
Caused by: java.security.cert.CertificateException: No subject alternative name found matching IP address 10.14.202.191
at org.bouncycastle.jsse.provider.HostnameUtil.checkHostname(HostnameUtil.java:69)
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkEndpointID(ProvX509TrustManager.java:325)
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkEndpointID(ProvX509TrustManager.java:444)
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkExtendedTrust(ProvX509TrustManager.java:353)
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(ProvX509TrustManager.java:274)
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(ProvX509TrustManager.java:181)
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.checkServerTrusted(ProvSSLSocketDirect.java:131)
... 58 common frames omitted
共有1个答案
夏元明
HttpsURLConnection存在一个长期存在的错误,使其无法与第三方JSSE提供程序开箱即用地正常工作。我听说它可能会在最近的一些JDK版本中得到缓解,但我不确定细节。
我们在这里提供一些讨论和解决方法:https://github.com/bcgit/bc-java/issues/460。
然而,最简单的解决方案可能是使用不同的HTTPS客户端,例如Apache HttpClient。
类似资料:
-
我应该如何更改A方法?任何想法都是好的。提前谢谢。
-
我试图使用java BouncyCastle库解密和验证PGP消息,但遇到了一些问题,抱怨PartialInputStream过早结束。 我知道encrypt工作得很好,因为我可以在命令行上使用gpg解密和验证使用encrypt函数创建的消息。
-
代码在这里,使用BouncyCastle实现: 我希望能够读取此签名并使用公钥验证它。如何将其转换回BouncyCastle对象?
-
错误为:java.security.NoSuchProviderException:JCE无法验证提供程序BC。注意,我已经添加了这段代码:security.addProvider(new BouncyCastleProvider()); 这在使用spring boot embedded tomcat时可以很好地工作,但在导出到运行在wildfly服务器上的war文件时就不行了。 下面是我如何宣布
-
现有系统使用Bouncy Castle(.NET)生成签名,我需要使用Microsoft ECDsaCng类验证这些现有签名。 在我尝试用Microsoft类验证签名之前,一切都正常工作,此时它会生成一个异常,说明参数不正确。 有什么想法吗?
-
问题内容: 我试图将密码安全地存储在数据库中,为此,我选择存储使用PBKDF2函数生成的哈希值。我想使用弹性城堡库来执行此操作,但是我不知道为什么我无法通过使用JCE接口来使其工作…问题是,以三种不同的方式生成哈希值: 1.使用PBKDF2WithHmacSHA1秘密密钥由sun提供的工厂 。2.直接 使用有弹性的城堡api。3.通过JCE使用有弹性的城堡会 产生2个不同的值:前两个值相同,第三个