2023年7月12日 22:06:33go评论121阅读模式

英文:

Micronaut - SSL with BouncyCastle Keystore - BCFKS not found

问题

我正在在一个Micronaut应用程序中启用SSL，特别需要使用BouncyCastle BCFKS类型的密钥库。但是应用程序不会运行，使用了提供的配置。

错误信息如下：

18:02:19.187 [default-nioEventLoopGroup-1-1] WARN  io.netty.channel.ChannelInitializer - Failed to initialize a channel. Closing: [id: 0x68615a0a]
io.micronaut.http.ssl.SslConfigurationException: An error occurred configuring SSL
    at io.micronaut.http.ssl.SslBuilder.getKeyManagerFactory(SslBuilder.java:111)
    at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.build(CertificateProvidedSslBuilder.java:98)
    at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.build(CertificateProvidedSslBuilder.java:92)
    at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.build(CertificateProvidedSslBuilder.java:85)
    at io.micronaut.http.server.netty.HttpPipelineBuilder.<init>(HttpPipelineBuilder.java:117)
    at io.micronaut.http.server.netty.NettyHttpServer.createPipelineBuilder(NettyHttpServer.java:723)
    at io.micronaut.http.server.netty.NettyHttpServer.access$100(NettyHttpServer.java:109)
    at io.micronaut.http.server.netty.NettyHttpServer$Listener.refresh(NettyHttpServer.java:762)
    at io.micronaut.http.server.netty.NettyHttpServer$Listener.setServerChannel(NettyHttpServer.java:771)
    at io.micronaut.http.server.netty.NettyHttpServer$1.initChannel(NettyHttpServer.java:501)
    ...
Caused by: java.security.KeyStoreException: BCFKS not found
    at java.security.KeyStore.getInstance(KeyStore.java:878)
    at io.micronaut.http.ssl.SslBuilder.load(SslBuilder.java:142)
    at io.micronaut.http.ssl.SslBuilder.getKeyStore(SslBuilder.java:126)
    at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.getKeyStore(CertificateProvidedSslBuilder.java:152)
    at io.micronaut.http.ssl.SslBuilder.getKeyManagerFactory(SslBuilder.java:100)
    ...
Caused by: java.security.NoSuchAlgorithmException: BCFKS KeyStore not available
    at java.security.Security.getImpl(Security.java:702)
    at java.security.KeyStore.getInstance(KeyStore.java:875)
    ...
18:02:19.193 [main] ERROR i.m.h.server.netty.NettyHttpServer - Error starting Micronaut server: null
io.netty.channel.StacklessClosedChannelException: null
at io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown Source)
18:02:19.225 [main] ERROR io.micronaut.runtime.Micronaut - Error starting Micronaut server: Unable to start Micronaut server on *:9090
io.micronaut.http.server.exceptions.ServerStartupException: Unable to start Micronaut server on *:9090
    at io.micronaut.http.server.netty.NettyHttpServer.bind(NettyHttpServer.java:541)
    at io.micronaut.http.server.netty.NettyHttpServer.start(NettyHttpServer.java:281)
    at io.micronaut.http.server.netty.NettyHttpServer.start(NettyHttpServer.java:104)
    at io.micronaut.runtime.Micronaut.lambda$start$2(Micronaut.java:81)
    ...

我尝试更改提供程序为各种选项，但每次都会收到相同的错误。需要知道我是否正确传递了密钥库类型和提供程序信息。我在各种论坛上看到人们使用JKS和PKCS12，但从未见过BCFKS。任何建议都将有所帮助。

Micronaut版本：3.8.7
Open-JDK：11（zulu）
使用以下依赖项：

implementation("org.bouncycastle:bc-fips:1.0.2.3")
implementation("org.bouncycastle:bcpkix-fips:1.0.7")
implementation("org.bouncycastle:bcpkix-jdk15on:1.47")

英文:

I'm enabling SSL in an micronaut application and specifically I need to use BouncyCastle BCFKS type keystore. But the application doesn't run with the config provided.

ssl:
  enabled: true
  key-store:
      path: file:usersDataKeyStore.keystore
      password: 123456
      type: BCFKS
      provider: org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider

The error I get is

18:02:19.187 [default-nioEventLoopGroup-1-1] WARN  io.netty.channel.ChannelInitializer - Failed to initialize a channel. Closing: [id: 0x68615a0a]
io.micronaut.http.ssl.SslConfigurationException: An error occurred configuring SSL
	at io.micronaut.http.ssl.SslBuilder.getKeyManagerFactory(SslBuilder.java:111)
	at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.build(CertificateProvidedSslBuilder.java:98)
	at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.build(CertificateProvidedSslBuilder.java:92)
	at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.build(CertificateProvidedSslBuilder.java:85)
	at io.micronaut.http.server.netty.HttpPipelineBuilder.&lt;init&gt;(HttpPipelineBuilder.java:117)
	at io.micronaut.http.server.netty.NettyHttpServer.createPipelineBuilder(NettyHttpServer.java:723)
	at io.micronaut.http.server.netty.NettyHttpServer.access$100(NettyHttpServer.java:109)
	at io.micronaut.http.server.netty.NettyHttpServer$Listener.refresh(NettyHttpServer.java:762)
	at io.micronaut.http.server.netty.NettyHttpServer$Listener.setServerChannel(NettyHttpServer.java:771)
	at io.micronaut.http.server.netty.NettyHttpServer$1.initChannel(NettyHttpServer.java:501)
	at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129)
	at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)
	at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:1114)
	at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
	at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:223)
	at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:381)
	at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:370)
	at io.netty.bootstrap.ServerBootstrap$1.initChannel(ServerBootstrap.java:148)
	at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129)
	at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)
	at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:1114)
	at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
	at io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46)
	at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463)
	at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115)
	at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650)
	at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:514)
	at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:429)
	at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:486)
	at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.security.KeyStoreException: BCFKS not found
	at java.base/java.security.KeyStore.getInstance(KeyStore.java:878)
	at io.micronaut.http.ssl.SslBuilder.load(SslBuilder.java:142)
	at io.micronaut.http.ssl.SslBuilder.getKeyStore(SslBuilder.java:126)
	at io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder.getKeyStore(CertificateProvidedSslBuilder.java:152)
	at io.micronaut.http.ssl.SslBuilder.getKeyManagerFactory(SslBuilder.java:100)
	... 36 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: BCFKS KeyStore not available
	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
	at java.base/java.security.Security.getImpl(Security.java:702)
	at java.base/java.security.KeyStore.getInstance(KeyStore.java:875)
	... 40 common frames omitted
18:02:19.193 [main] ERROR i.m.h.server.netty.NettyHttpServer - Error starting Micronaut server: null
io.netty.channel.StacklessClosedChannelException: null
	at io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown Source)
18:02:19.225 [main] ERROR io.micronaut.runtime.Micronaut - Error starting Micronaut server: Unable to start Micronaut server on *:9090
io.micronaut.http.server.exceptions.ServerStartupException: Unable to start Micronaut server on *:9090
	at io.micronaut.http.server.netty.NettyHttpServer.bind(NettyHttpServer.java:541)
	at io.micronaut.http.server.netty.NettyHttpServer.start(NettyHttpServer.java:281)
	at io.micronaut.http.server.netty.NettyHttpServer.start(NettyHttpServer.java:104)
	at io.micronaut.runtime.Micronaut.lambda$start$2(Micronaut.java:81)
	at java.base/java.util.Optional.ifPresent(Optional.java:183)
	at io.micronaut.runtime.Micronaut.start(Micronaut.java:79)
	at io.micronaut.runtime.Micronaut.run(Micronaut.java:323)
	at io.micronaut.runtime.Micronaut.run(Micronaut.java:309)
Caused by: io.netty.channel.StacklessClosedChannelException: null
	at io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown Source)

I tried to change the provider into various options, but I'm getting the same error all the time.
Need to know if I'm correctly passing on the information like Keystore type and provider.
I have seen in various forums that people have been using JKS and PKCS12, but never BCFKS. Any suggestions would be helpful.

Micronaut version : 3.8.7
Open-JDK : 11 (zulu)
Using the below dependencies
implementation(&quot;org.bouncycastle:bc-fips:1.0.2.3&quot;)
implementation(&quot;org.bouncycastle:bcpkix-fips:1.0.7&quot;)
implementation(&quot;org.bouncycastle:bcpkix-jdk15on:1.47&quot;)

答案1

得分: 1

根据我在micronaut-core源代码中所看到的内容，似乎从未提到SslConfiguration中的“provider”设置。特别是，SslBuilder.getKeyStore没有提及它。（我也不清楚“provider”设置是否应该是类名，还是提供程序的名称，例如在这种情况下是“BCFIPS”）。

如果我们假设您尚未在java.security提供程序列表中注册了BouncyCastleFipsProvider，那么这就解释了为什么KeyStore.getInstance找不到“BCFKS”的实现。

在java.security中注册BouncyCastleFipsProvider应该可以解决您的问题，但我还建议就被忽略的属性向micronaut提出问题。

英文:

From what I can see in the micronaut-core source code, nothing ever refers to the "provider" setting in the SslConfiguration. In particular, SslBuilder.getKeyStore does not refer to it. (I am also not clear on whether the "provider" setting should even be a class name, or instead the name of the provider i.e. "BCFIPS" in this case).

If we assume that you have not registered BouncyCastleFipsProvider in the java.security list of providers, this then explains why KeyStore.getInstance can not find an implementation for "BCFKS".

Registering BouncyCastleFipsProvider in java.security should get things working for you, but I would also suggest raising an issue with micronaut regarding the ignored property.

答案2

得分: 0

另一种解决方案：如果我们不想将我们的提供者添加到java.security中，因为它是JDK的配置文件，我们可以在Micronaut.run(...)之前的主函数中添加以下代码行。
这就是诀窍！

Security.addProvider(new BouncyCastleFipsProvider());

英文:

Another solution : If we do not want to add our provider in java.security, since its JDK's config file, we can add the below line of code in the main function before Micronaut.run(...).
That does the trick!

Security.addProvider(new BouncyCastleFipsProvider());

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

Micronaut – 使用BouncyCastle密钥库的SSL – 未找到BCFKS

问题

答案1

答案2

Jacoco代码覆盖率用于Gradle的Sonarqube 8

使用Gradle中的TOML版本文件

配置Jetty上的SSL

Kafka General A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论