Java SSLContext.init()在Linux上使用OpenJDK 13 + 14调用时挂起

huangapple
go评论72阅读模式
英文:

Java SSLContext.init() hangs when called with OpenJDK 13 + 14 on Linux

问题

我有这段小代码,它是我目前正在开发的一个较大应用程序的一部分。在Windows 10上使用OpenJDK 13和14执行时,它能够正常工作。但是在Linux上使用OpenJDK 13或14执行时,SSLContext.init()方法会一直挂起,永远不会完成。没有异常,也没有错误消息。有没有人有解决办法,或者对可能出了什么问题有什么想法?

// 用于启用Undertow服务器HTTPS的SSLContext
SSLContext context;
try {
    System.out.println("Keystore加载");
    var keyStore = KeyStore.getInstance(new File("./bin/keystore.pkcs12"), "123456".toCharArray());
    System.out.println("Keystore已加载");

    System.out.println("创建KeyManagerFactory");
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, "123456".toCharArray());
    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
    System.out.println("KeyManagerFactory已创建");

    System.out.println("初始化SSLContext");
    System.out.println("创建SecureRandom");
    SecureRandom instanceStrong = SecureRandom.getInstanceStrong();
    System.out.println("SecureRandom已创建");
    System.out.println("创建SSLContext");
    context = SSLContext.getInstance("TLS");
    System.out.println("SSLContext已创建");
    context.init(keyManagers, null, instanceStrong);
    System.out.println("SSLContext的KeyManagers已设置");
    System.out.println("SSLContext已初始化");
} catch (Exception e) {
    System.out.println("初始化SSLContext时出错:" + e.getMessage());
    e.printStackTrace();
    return;
}
英文:

I have this small piece of code which is part of a larger application I am currently developing. When executed on Windows 10 with both OpenJDK 13 and 14 it works just fine. But when executed on Linux with OpenJDK 13 or 14 - the SSLContext.init() method just hangs. It never finishes. No exception, no error messages. Does anyone have a solution, or an idea about what could be wrong?

// SSSLContext for enabling Undertow server HTTPS
    SSLContext context;
    try{
        System.out.println("Keystore loading");
        var keyStore = KeyStore.getInstance(new File("./bin/keystore.pkcs12"), "123456".toCharArray());
        System.out.println("Keystore loaded");

        System.out.println("Creating KeyManagerFactory");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, "123456".toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        System.out.println("KeyManagerFactory created");

        System.out.println("Initializing SSLContext");
        System.out.println("Creating SecureRandom");
        SecureRandom instanceStrong = SecureRandom.getInstanceStrong();
        System.out.println("SecureRandom created");
        System.out.println("Creating SSLContext");
        context = SSLContext.getInstance("TLS");
        System.out.println("SSLContext created");
        **context.init(keyManagers, null, instanceStrong);**
        System.out.println("SSLContext KeyManagers set");
        System.out.println("SSLContext initialized");
    } catch (Exception e) {
        System.out.println("Error initializing SSLContext: " + e.getMessage());
        e.printStackTrace();
        return;
    }

答案1

得分: 2

我将代码示例中的这一行进行了更改:

SecureRandom instanceStrong = SecureRandom.getInstanceStrong();

更改为:

SecureRandom instanceStrong = SecureRandom.getInstance("NativePRNGNonBlocking");

现在在Linux上也可以成功运行Undertow了!看起来问题确实是由于SecureRandom.getInstanceStrong()的阻塞性质引起的。

非常感谢你建议在哪里查找,@andrewjames!!

英文:

I switched this line (in the code example above):

SecureRandom instanceStrong = SecureRandom.getInstanceStrong();

To this line

SecureRandom instanceStrong = SecureRandom.getInstance("NativePRNGNonBlocking");

And now I can get Undertow up and running on Linux too! Seems it was the blocking nature of SecureRandom.getInstanceStrong() that caused the problem.

Thanks a lot for suggesting where to look @andrewjames !!

huangapple
  • 本文由 发表于 2020年4月4日 19:41:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/61027546.html
  • java
  • linux
  • ssl
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定