Comments (28)
lijianl
commented on June 14, 2024
1
i have find a way to deal this: looks like 128bit or 256 bit problem
- download https://www.oracle.com/java/technologies/javase-jce8-downloads.html#license-lightbox
- replace the same jar in ${home}/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security
but i still busying with finding the way to solve this with code rather than update jar in jdk.
as for code way, i think you guys are better at with code
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
Hi @lijianl
Thank you for reporting this issue! I have tried it locally with the JDK version you have specified, but with the test suite of this project which I am using I was not able to reproduce. Would it be possible to share your certificate chain and private key in pem format? Or just generate a similar one which you are able to share? This will make it easier for me to debug the issue.
Looking at the stacktrace I think the later JDK version does not support your private key algorithm or is a bug in the JDK similar to this one #76 which also happened when updating the JDK and they fixed it in a later version.
I am looking forward to the pem files
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
i have find a way to deal this: looks like 128bit or 256 bit problem
- download https://www.oracle.com/java/technologies/javase-jce8-downloads.html#license-lightbox
- replace the same jar in ${home}/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security
but i still busying with finding the way to solve this with code rather than update jar in jdk.
as for code way, i think you guys are better at with code
sorry, this dot work
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
This looks like the issue what you are having: https://stackoverflow.com/questions/1179672/how-to-avoid-installing-unlimited-strength-jce-policy-files-when-deploying-an
Can you try to add the following statement somewhere at the highest level of your application, maybe in a static block:
Security.setProperty("crypto.policy", "limited");
If that does not work, you can apply this Java Cryptography Extension (JCE) with Unlimited Strength to your jdk: https://www.oracle.com/nl/java/technologies/javase-jce8-downloads.html
If you don't want to apply the extension and the first option also does not work, you can try the following snippet: https://stackoverflow.com/a/28136100/6777695
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
pem comtet
{
"certificate": "-----BEGIN CERTIFICATE-----\nMIIGbzCCBVegAwIBAgIRAP4J5O+S9ovhyULVmMSmRaMwDQYJKoZIhvcNAQELBQAw\nga0xCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\nU2VydmljZTEjMCEGA1UECwwaQmFua2x5J3MgU2VjdXJpdHkgUGxhdGZvcm0xCzAJ\nBgNVBAgMAlNQMTAwLgYDVQQDDCdTREJWQSAtIEJBTktMWSBDTElFTlQgQVVUSEVO\nVElDQVRJT04gQ0ExEjAQBgNVBAcMCVNhbyBQYXVsbzAeFw0yMjA0MDQxMjUyMzVa\nFw0yMzA0MDQxMzUyMzVaMIH2MRcwFQYDVQQFEw44NjY1NjgzNTAwMDExMDERMA8G\nA1UEDxMIT3BlbiBBcGkxNDAyBgoJkiaJk/IsZAEBEyRmODA4NDU0NS1kNzQxLTQ4\nMmQtYTJhNS00NTgyN2Y0ZjY1YjIxCzAJBgNVBAYTAkJSMRQwEgYDVQQKDAtTREJf\nTk9WQURBWDELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEUMBIGA1UE\nCwwLU0RCX05PVkFEQVgxODA2BgNVBAMML3NkYl9ub3ZhZGF4LmNsaWVudC1hdXRo\nLnNhbmRib3guYmFua2x5LnNlcnZpY2VzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\nMIICCgKCAgEA1zRJQpLRa5+YfuGPM1cPjeJNuB5tT3BkuvD5helZHGIhfhYtQHvo\nMBhg9pvp+sHzbS6q3uIsmAafwN5yvoFgT7s65bLNWycZzCUqTGl+VcGr7qO9mVEy\nk6GV9EvfZwFZ4SM/1FTH7U38rcpz8WC+4HL+3SYOvlrJXmwlG2wvkr8hgIuIjx2G\nBO8hQETw3Z3+y3kvHgNkvYuGk9Cc/Llc4Sqf7/hZKjBFfYbTjZyxWYZGkfIkLEtt\nehRyivt8gITezCsDgKMtuWKI0OYGbIsCwloStAbrt9sNzOQY6eyxNDG2tQbrZYN3\nQLxhq1Tz30EgQQ9jXIYmcj23a9ipPiCYzZFp235jEQ3TNwLX6ftNKb7WLSJGjj38\nmhzG7qCrMAb8VrBcH+biquJt8yKl9nZ6XBqpUFRrXqncZsECBoJFLI5n2XqX/78G\nkG4vK/yhYuv9mvNFIGET6pLrhH29OR/F68C58eDq4hZbmKGx+LdrQPGtv3Agl1qj\nr9pWa+KuHVXeageQYD2QsXNYLJRDE8F8MArDdG4UYet6aCt8k44WODfURqZ2dmRM\nnN/6A5RXj98FZfFln7iWrIC3Ft1jnA3JSPEGNV8kWE5XBxRVrioFgN1N3J5Y6AJg\nhVpQhSHHmpwIC/GGP6hJmvRLeyEUuSqX9EOuUafMN9PVpNkA+B0/dLsCAwEAAaOC\nAT0wggE5MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAU5IX/qDEa9xagekAHt9/dTIOA\nIQowHQYDVR0OBBYEFAZ0h/1vDsNHrHjRpXxWqx+qpjU4MA4GA1UdDwEB/wQEAwIF\noDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdAYDVR0fBG0wazBpoGeg\nZYZjaHR0cDovL3NkYnZhLWJhbmtseS1jYS1jcmxzLnMzLnVzLWVhc3QtMS5hbWF6\nb25hd3MuY29tL2NybC8xYjE4NjYzYS1jMDE5LTQ0NTctYWI1YS1mMGNjODZkYTcz\nMTguY3JsMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAYYraHR0cDovL29jc3Au\nYWNtLXBjYS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTANBgkqhkiG9w0BAQsFAAOC\nAQEATFrh6c8EiE+7CLlUpyeNaf3r6O1YApvv1jhEmYlcDbPGqJVZXfgZ2lHaV0IE\nCaFiRsFsANRbJLLx6lhvKLsXqfyuPgeV1uSZ4b0RppywF62VEtEMPPRWziOWRAAk\ndlAAQM4weZyPe38ly8qPBhUttNvqKzGbxD5L98bmKZK4M/GWgrOeRICx+bjgVIb/\n+v+PCML7iUAcFoqJG88I8qu16sB15TO/XIwXmesFBVmMnPzXJ/HcVIT1DSQnqnJM\nsxZzLliVkEP/z2brz8SECpiemnwZLlO9NeERVDBVEBLFyhaQNXbSBHaO4XfRl89g\nVcIxBuTOJXD4f1SohvFO8NtonQ==\n-----END CERTIFICATE-----",
"certificateChain": "-----BEGIN CERTIFICATE-----\nMIIFFDCCA/ygAwIBAgIRANcnwU81BC6MXiWaKt+HeDQwDQYJKoZIhvcNAQELBQAw\ngbExCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\nU2VydmljZTEjMCEGA1UECwwaQmFua2x5J3MgU2VjdXJpdHkgUGxhdGZvcm0xCzAJ\nBgNVBAgMAlNQMTQwMgYDVQQDDCtTREJWQSAtIEJBTktMWSBQTEFURk9STSBTRUNV\nUklUWSBQUklWQVRFIENBMRIwEAYDVQQHDAlTYW8gUGF1bG8wHhcNMjIwMzA2MTU1\nNTI4WhcNMjUwMzA2MTY1NTI4WjCBrTELMAkGA1UEBhMCQlIxJjAkBgNVBAoMHUJh\nbmtseSAtIEJhbmtpbmcgYXMgYSBTZXJ2aWNlMSMwIQYDVQQLDBpCYW5rbHkncyBT\nZWN1cml0eSBQbGF0Zm9ybTELMAkGA1UECAwCU1AxMDAuBgNVBAMMJ1NEQlZBIC0g\nQkFOS0xZIENMSUVOVCBBVVRIRU5USUNBVElPTiBDQTESMBAGA1UEBwwJU2FvIFBh\ndWxvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspdixeqeu7jshXVe\nOwOTrXbrYiwELGUWcbHPyY55hOpTwFMMVNrNwDXA3zLRx1kfOuOTUYOXgWCgtm5K\n6lK04fMlAcJyA6GIb8g/peTDJK3jtPGlqfWwQn7hy7jSUPfcMtkLbZuenq5j9Azs\nPRo1/7sdoGiLgHabQ5TtfIUJBPFFX1FfGuP6b/gXj+1zj8xCFasIk+TWnNxukgzo\nU9LCMrYjO5SxqanMRlbJIeemBe/GROaDS/Xy5sgWmabA8EkBdZTZ8OUrkbkYE12O\nJFV7cPzuz8js87pF+6jLGAfW/LLWSUn2s+1gWisR12ZwAHsgBHybgrRZ6xc67Xis\nSKhUywIDAQABo4IBJzCCASMwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAW\ngBRBAUtYSOY46kBOXdyc12Aqv3yIbTAdBgNVHQ4EFgQU5IX/qDEa9xagekAHt9/d\nTIOAIQowDgYDVR0PAQH/BAQDAgGGMHQGA1UdHwRtMGswaaBnoGWGY2h0dHA6Ly9z\nZGJ2YS1iYW5rbHktY2EtY3Jscy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9j\ncmwvMTI4OGQxYTAtZjg2Mi00ZTFjLTg2MGQtY2ExZmI1MDAwOWUzLmNybDBHBggr\nBgEFBQcBAQQ7MDkwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmFjbS1wY2EudXMt\nZWFzdC0xLmFtYXpvbmF3cy5jb20wDQYJKoZIhvcNAQELBQADggEBAEAHoVZ4g/nG\nR6Bzma/fzF64IFteVCTD7vQOeCVVnhlD5Y9dPQYEbgQx/yAJEk7+L+TcYyYYAsG5\nzD1yRGEC+gucK47DgSFTUxLol1BZ78o//DxBX+cGiFfKQpKRue51n9X85FqCKzN3\nJrk2+0Jj2akXtOq2E8i2r04z12+1q1v/j9SiSeAPV+AiooJksobBrbCYJiSiM50U\nLrsiVG+pdVvZdvaK4Tw2DOgkB1Uz771Bp6KMlXNGKDihIAot5GOt2QSq+4s6cA2a\nnmMxr387c0DFhTe5So6WOdBPgwyjJp8ub/hNVXV2D0XCTJ14lowcxGeTlFnuBxhx\nSq4CeXaAwmo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFAjCCA+qgAwIBAgIRAIU2tITMtN3M8pgiFzW0rRAwDQYJKoZIhvcNAQELBQAw\ngZsxCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\nU2VydmljZTEfMB0GA1UECwwWQmFua2x5IFByaXZhdGUgUm9vdCBDQTELMAkGA1UE\nCAwCU1AxIjAgBgNVBAMMGVNEQlZBIC0gQkFOS0xZIFBSSVZBVEUgQ0ExEjAQBgNV\nBAcMCVNhbyBQYXVsbzAeFw0yMjAzMDYxNTUyMzRaFw0yODAzMDYxNjUyMzRaMIGx\nMQswCQYDVQQGEwJCUjEmMCQGA1UECgwdQmFua2x5IC0gQmFua2luZyBhcyBhIFNl\ncnZpY2UxIzAhBgNVBAsMGkJhbmtseSdzIFNlY3VyaXR5IFBsYXRmb3JtMQswCQYD\nVQQIDAJTUDE0MDIGA1UEAwwrU0RCVkEgLSBCQU5LTFkgUExBVEZPUk0gU0VDVVJJ\nVFkgUFJJVkFURSBDQTESMBAGA1UEBwwJU2FvIFBhdWxvMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAqDX2IvQibfopzmWPjhPK/7h9hTparzs7IA+E+Y93\nJBicY1deyw8trOuiHElMkStkwk6fPGJ7o844TYc9xaD96XTjdf5DbCbur0OL2Fou\napj3SdhM5imcWczA/AvR65/6fQQOAsrY+L8fj0oLyoU8z7lNjHTHCdS+9kTrhpXS\nFIaus4nibfwHMDkhRIk0a2n7L9pNxjBiBv9qAGxt9SHX/WDHSI69JVUHXxnxhxJo\nYsfkkyrN7v8duS9V1I+LpLcw3gs5G3ik6GCqwIKjWF/E6R8+HxD7iBkOLirVAqjU\nrCRa0BQ4ob523U2yaumsD7RFe10YVPL4OhK8s2KEJdyLNwIDAQABo4IBJzCCASMw\nEgYDVR0TAQH/BAgwBgEB/wIBATAfBgNVHSMEGDAWgBSZ/YbVNehye0BdbSMvFD8w\nR6jO9zAdBgNVHQ4EFgQUQQFLWEjmOOpATl3cnNdgKr98iG0wDgYDVR0PAQH/BAQD\nAgGGMHQGA1UdHwRtMGswaaBnoGWGY2h0dHA6Ly9zZGJ2YS1iYW5rbHktY2EtY3Js\ncy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9jcmwvYjk1NzVlN2YtZjBhMy00\nYmE0LWFkZTItNjJiODgzOGZiZDZkLmNybDBHBggrBgEFBQcBAQQ7MDkwNwYIKwYB\nBQUHMAGGK2h0dHA6Ly9vY3NwLmFjbS1wY2EudXMtZWFzdC0xLmFtYXpvbmF3cy5j\nb20wDQYJKoZIhvcNAQELBQADggEBAHjSGhc8hXlCbuEsXlGUWXKHEWsWaEMFn6io\nV9VnQ4T2l6umx576eCza11nB2/eXI/kTi5h0pbG7zzZAH/XBmaGQD2FltLRq1tTA\n4BlclNkcOw648u6q2p9m42ZXZixpv6+ahDMznhUA/DPUDlWZ6TGgtjtQTthkS6B5\n/PVsvPt1RDU1PUo8Fa3ejOErGJPy8FahDlvP3iZkkVUksn1LyAYUMf2+LRCJNOjU\nhWwpQvzf4dTeWBVEzqanlPPOdta61NKCzrWmO75VbItPegs4E3ZCtctysV18p0CT\nG+qOsKFNCybArMZ5nciy0+7zl2t3y9AIG/BcqoPtPIIDgJdIWz8=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEBTCCAu2gAwIBAgIRAJzOXoNEpgkIvfOtOQEpzWMwDQYJKoZIhvcNAQELBQAw\ngZsxCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\nU2VydmljZTEfMB0GA1UECwwWQmFua2x5IFByaXZhdGUgUm9vdCBDQTELMAkGA1UE\nCAwCU1AxIjAgBgNVBAMMGVNEQlZBIC0gQkFOS0xZIFBSSVZBVEUgQ0ExEjAQBgNV\nBAcMCVNhbyBQYXVsbzAeFw0yMjAzMDYxNTQzMzJaFw0zMjAzMDYxNjQzMzJaMIGb\nMQswCQYDVQQGEwJCUjEmMCQGA1UECgwdQmFua2x5IC0gQmFua2luZyBhcyBhIFNl\ncnZpY2UxHzAdBgNVBAsMFkJhbmtseSBQcml2YXRlIFJvb3QgQ0ExCzAJBgNVBAgM\nAlNQMSIwIAYDVQQDDBlTREJWQSAtIEJBTktMWSBQUklWQVRFIENBMRIwEAYDVQQH\nDAlTYW8gUGF1bG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl4mlI\n5Pa8T6X9G8rdLm8K+u4BPbrtrh9WuMJf6wfW+wrKfWuGihasKSeJ3klPp25u4EJr\nkzT/2JlrGfzTSCQGYTR6WU2tVRE2JU1UrF5D42cV1fq2OjX2vvKETgsH3Spv6/Dn\ngUE59nP5gM0JVP1b9NSPQX7kbkJI0EYhzEO4q9+ufW8pYSzuEXJUAg3Xf+goJK2x\niPYZ54Ce6OAu/3wQgc/lES1H3S7qilrWX7zbxZgxrRxdQusXi9JnDOpVniMAPlDd\nF1BOPASQXslTaS47Wqs4geMKhhGnSMENYhMyBz95/jJIMxTiIeQ2h+Dwpcb7tDhY\nmAP4jXTdQ6L8GCofAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\nFJn9htU16HJ7QF1tIy8UPzBHqM73MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B\nAQsFAAOCAQEAX3NBjjEMVO9CUEFeep++3u1YFkLWHIY6vAKlznc3b+cieUyiaYnB\nF9pE56xQhsppEmiX5tdjjVMiIcQNEx0yUGStMe4QMVELEJ0RKPCyetPrRUHYOE55\nGKAk5k13alBhkD6xOW8Myowk7W051GyEQPD1vWvzysmc0B9FYv+INCunjh+qBD5c\ne5HnFkbrC8AG+gb4PB2ji7VdbRat2Zxi9YD2pImWCKwduOTeSt1/lpTimFhqBvqF\nL+fhIAsC2UT0BPyCSB4RRuI4fPZoB2rt3X+VhD8IBNo56KYtvJDzMCM7+mXwHgOm\nnfyhm83nZijj8W4RSjPBu9Su3p9f4azydA==\n-----END CERTIFICATE-----",
"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIJtDBeBgkqhkiG9w0BBQ0wUTAwBgkqhkiG9w0BBQwwIwQQH2LBrKI11P1lmLRJ\nc2yjSAIBATAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQoBgB/kLjCGQXbk2A\n5VayHgSCCVBtQ2TVOeZtx0PJZuB2Q0IobcORGvci4kIRmtrsEuvRf7b+Gdo96hb+\nKw71EVl9dZY0tomHge1GwpD+cZHJiwPjd1tHRvsTNUEMgDkk2Pw6ENV8bLx9X+1w\nqEOsn30TKp3pOlHGHsruSWG767dWS0CilvE3KwtEaGJMuL7CC7Ntj/FbQ9XM2o+m\nMO+NFg/k3e7qR8Z41hKN4HEfgSVH3XzSsE935PRW3Zh9mKD08NP6taXjg1YPzyOG\np7lbJHQlwElrkbFvXM72gDl9HlgyKaqCvUIAisUH+UTd74Y6h7R2s1omTtfz+Fl9\nPw7Ck/a5EFbXRLQsrColY8oP8VAWDYdHW8BEJ5kI2YMwmgkzSebo/4R0aJAXfKX0\n05Vlu7xGXy7DUhLp0M7AFdjTu4VzQk20jlj3cI2tDSgapXcXvHR0dziyewciJKul\nE/eLG5jZ1ETRUQFpcoNacZpZhbBIrAefbehCzDMt4XqYEB4dnfWFSbRavt3FsE/e\n36YFgPl6P8PUf3bCWz4WbJL4nYYbzIoI/TEOTli6ttt/9AAGJ987G1Rga+VAmAyw\nXxMqpWg8S1mbOPA9PA+QnYBJWAuqV0yRTbieeMatjOJq77CmF15hMRRdh1seryX+\nF3w1pjCVqHwU6nQLe3QOCByK7vd5piJKs8vVhqfT0D+9nUK/vJOfwEFqyYISRGRL\ns/bOT4rgifyTKViwUsniUaGex9FKx6PPRDR9GiKVhhC1yzVlMORc3g2sRIouxzld\nHXaweabpjCrIgJm6zNHSBE9hnhpsbAs+2UbyULcCCvTM+iOU+tYdYm99eiL9f5xE\nHGOPhIXwgGrgv2VmJ1GjuE5FAyO3LqtDuE3Cov3IsNOu5WSayb+fNrW/6Y038cWn\nC+R5U0cF15+F/MJ0OuG0RK25V4Mo4H01h52rrL91AfnvqW4U5BpxhHk12KDU0req\nh4YCZcqzApIHLbsPY3j0h/oWVwramIJPZQMpZ9+hF674BYDzQZc2mZzfwqRnU6Pz\nquVJ14Ak6Y67fGsU+/48aFuZp1V6FWA6wqGKsIzCOGmWqNmzI2Ih7/QAPmDgUk75\n78q2RMV+d1S8vjtbQe5sbjPZNAzUSKEv9sW2RVTcMWueUqikSraF16RGMcq94MR5\nQPGQ8SIsHWv7opxuwsD5vNv+S2nUkKTqYekOqA0nJobGrjxSe0T3BeSFVj/lIlI/\npKXMkh9ihKafK9Z6auTB5QcSQM1cts4ZPkuwfN5n6s2zpBVuDDz1oErB0Kk2Qngc\np7qAYSq9760RoLpXywMBL0hqIOufYneg2s6R4cQ5RfQyj0+E1t9cLg0c+IiPT/rj\ntdd8jmPZ16k08bKr1SvLWSXnSGy0z5rrxgpK2NIfTWxSo4lFCjDK9nCVRKdmHlHQ\ni+1R0mI+KM2+5fHnu7iGv4ABF2e/5XQruCuwEtB8JApvkoLs3cls9dQEum6WJVOH\nbeIY7s9mqjuAu0unbSnjpxv8jqTiNCwQOICMAi97GrohhqB5zOza4nBWNAFPfny8\nNjaiGyK1B3YfDU9B/RywalnxFdOxbkJvR4PJuTUacVio0cI/Ce69nkq3r63t7PsD\nOA6QMJVE88On/TT7eBV3oRWtOtz0641fpitGfAPjuzPO63Epk1hfE1+hdQ6tZrPO\nkgE6t1kYW2JB/wdNmxr+Bd26wSQGagzuczWWftWFSsXIhjw0yMvbBiung4I4vFLD\nzJFCQguonbnEZ5+X7v91KucurMFYrtI+A55SaLmd86jMOka+NuCQHsYINZqMaQVC\nS/4tjCzlCMKkeSwsygzpecrqunVp2iXXoaH5wlencVISyrfbAsTangpJa8tzTMO6\npxucA3Bga8c34rOesPzVn2BQx3PoLf1N7K6Z1Q26sxdw1yZ9VYWBZ8+2jx3AzEzB\nHLCMYRtwZMf7VnKDjN3+XxuEVHrfeuk6e0VQhcpi6+e7BD7QsNm6M4laoMnCnZLV\nO38WXtcr0U/e7iLhqXSHcDLEp01/0hBFcNTISK50smZuhJi0bfJ8V1xR5zewLqXP\nU2eB0V/yNmsU1Mfo0dyT4pHomsZyvRo+Wfbi1j+yqbuq41b4foqoG5tE3d3kpzkb\nASgl6MZq3XosERji256vmKhP9TER8J7LSoiYls5r/ziEVREZBqjnZxn76HNq1dtq\n9gRLLcWwsHLjCy1vpCXU3dWQWz2WktYPf9910B+JZImI94A1MRF8ZlmAm+DnmYU1\nIQbDzXcTfKGrO8do5eenIVhcqxkbj3GrDDP3bDcjcYpAoXE9Z01s+6qhimAoC1O1\nq4Rd9sCwG8GYySZviC0OXBVUPWJUGE//dvzBBsGsO+LpqKRpeFjREq7xVLi7e5Uz\nm8yePDVHZLA66IlXvz3BaP/FI0E4R7Ptuve2C2G+kidbzoIPRHm+IFlN+HeQUANt\nN+snQi5LO70NsrzeLo42FZ84dzM9IH0ZDpT1P/AxxOxa6Xaq+tKXY+0XeKzJXYwd\nXueFsqzfJY/kWesXkNcvvbu83QfnkDW0t/oT4StPl7TDqmRsITIqGKuQ7I6akjIA\nMc0VsKpcsEl1ewKHh1T00Xb6fZSpgYj4stRbb4qt+DyWZmV1j/WFoqUZCLCb+Qi7\nB7/eeqjO3rkuT6re6g5UMN2JeDRyYd67bUjhXp35h84erwf8+ExxZpE5iy0EuaZU\nL+y6V3jy8DbafZHo9emNUHkIZXE4RDDmgYd1pjt3nBJeujQGmjd0ilm2a7626uoY\nOic2Iq+RFNACBMEG6rN//KG6P+4lmRpQaR+EdwuUbDygdiI8AUXUl5Z+ARhhb3mz\nuiKfG7qovnLvoQgwCURX7Vmi/djneNKCo7UV9nw4OklWpVSSQUkqP4nb8Pwhowmw\nn15w8H7S1U0WZ3+JcM7pQXEnvyk0489MtbHvD5fp1QkEUnyudb9jfqY1pRo+Edu6\ngL68ht6ljT4QSQphFV+hPJ0AKyF7FCN2jpm9tfRIEtLrMD9EmJuO2yZMEjSxpusX\nl+9CO3AJ8aE+KRLqKLdFruB0jy5JyQGLfMZoDzwj64ROM/vYfTdTCPTsKaFcS2a+\nqLl5edVqSrze9s6sg7s2HjvLrvKdgEo6oCh+hcWx2W/rIlER5OQYRkFXiCChdU/7\n+h6w05j6+UrhzSOcpiDBPus+8gsitaCENJ4RFMhheoGOQYPSDjOCuQ==\n-----END ENCRYPTED PRIVATE KEY-----\n",
"passphrase": "124d0ce5&b188&11ec&a252&0a6baf81486b&#novadax#&@20220401065052&$",
}
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
solved in this way
public class JCEConverterForOldJDK {
public static void openJCELimit() {
try {
/**
* 1. upgrade jdk to unlimit jce
* 2. replace to unlimit jcr jar
* 3. f**k => private static final boolean isRestricted;
* 4. Security.setProperty("crypto.policy", "limited");
*/
Field field = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted");
field.setAccessible(true); // private
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL); // final
field.set(null, false);
} catch (ClassNotFoundException | NoSuchFieldException | SecurityException | IllegalArgumentException
| IllegalAccessException ex) {
ex.printStackTrace(System.err);
logger.error(ex);
}
}
public static PrivateKey stringToPrivateKey(String s, char[] password) throws IOException, PKCSException {
PrivateKeyInfo pki;
try (PEMParser pemParser = new PEMParser(new StringReader(s))) {
Object o = pemParser.readObject();
if (o instanceof PKCS8EncryptedPrivateKeyInfo) { // encrypted private key in pkcs8-format
PKCS8EncryptedPrivateKeyInfo epki = (PKCS8EncryptedPrivateKeyInfo) o;
JcePKCSPBEInputDecryptorProviderBuilder builder = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider("BC");
InputDecryptorProvider idp = builder.build(password);
pki = epki.decryptPrivateKeyInfo(idp);
} else if (o instanceof PEMEncryptedKeyPair) { // encrypted private key in pkcs8-format
PEMEncryptedKeyPair epki = (PEMEncryptedKeyPair) o;
PEMKeyPair pkp = epki.decryptKeyPair(new BcPEMDecryptorProvider(password));
pki = pkp.getPrivateKeyInfo();
} else if (o instanceof PEMKeyPair) { // unencrypted private key
PEMKeyPair pkp = (PEMKeyPair) o;
pki = pkp.getPrivateKeyInfo();
} else {
throw new PKCSException("Invalid encrypted private key class: " + o.getClass().getName());
}
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
return converter.getPrivateKey(pki);
}
}
public static PrivateKey loadRSAPrivateKeyfromPEM(String privateKey, char[] password) throws IOException, PKCSException {
Security.addProvider(new BouncyCastleProvider());
return stringToPrivateKey(privateKey, password);
}
public static X509ExtendedKeyManager getKeyManager(CertificateResponse certificate) {
List<Certificate> certificates = CertificateUtils.parsePemCertificate(certificate.getCertificate());
openJCELimit(); // on start JVM
try {
PrivateKey rsaPrivateKey = loadRSAPrivateKeyfromPEM(certificate.getPrivateKey(), certificate.getPassphrase().toCharArray());
KeyStore identityStore = KeyStoreUtils.createIdentityStore(rsaPrivateKey, certificate.getPassphrase().toCharArray(), certificates);
X509ExtendedKeyManager keyManager = KeyManagerUtils.createKeyManager(identityStore, certificate.getPassphrase().toCharArray());
return keyManager;
} catch (IOException e) {
logger.error(e);
} catch (PKCSException e) {
logger.error(e);
}
return null;
}
}
however another error unable to create InputDecryptor: JCE cannot authenticate the provider BC
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
My advice would be just to update to the latest version of JDK 1.8.0_311 if possible, but I assume that is not possible for your project. I have tried with the same version as yours which you provided, 1.8.0_131-b11, and I also get the same exception now. I have resolved that with the following snippet:
import nl.altindag.ssl.util.PemUtils;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Map;
public class App {
private static final String trustedCertificateContent = "" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIGbzCCBVegAwIBAgIRAP4J5O+S9ovhyULVmMSmRaMwDQYJKoZIhvcNAQELBQAw\n" +
"ga0xCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" +
"U2VydmljZTEjMCEGA1UECwwaQmFua2x5J3MgU2VjdXJpdHkgUGxhdGZvcm0xCzAJ\n" +
"BgNVBAgMAlNQMTAwLgYDVQQDDCdTREJWQSAtIEJBTktMWSBDTElFTlQgQVVUSEVO\n" +
"VElDQVRJT04gQ0ExEjAQBgNVBAcMCVNhbyBQYXVsbzAeFw0yMjA0MDQxMjUyMzVa\n" +
"Fw0yMzA0MDQxMzUyMzVaMIH2MRcwFQYDVQQFEw44NjY1NjgzNTAwMDExMDERMA8G\n" +
"A1UEDxMIT3BlbiBBcGkxNDAyBgoJkiaJk/IsZAEBEyRmODA4NDU0NS1kNzQxLTQ4\n" +
"MmQtYTJhNS00NTgyN2Y0ZjY1YjIxCzAJBgNVBAYTAkJSMRQwEgYDVQQKDAtTREJf\n" +
"Tk9WQURBWDELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEUMBIGA1UE\n" +
"CwwLU0RCX05PVkFEQVgxODA2BgNVBAMML3NkYl9ub3ZhZGF4LmNsaWVudC1hdXRo\n" +
"LnNhbmRib3guYmFua2x5LnNlcnZpY2VzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\n" +
"MIICCgKCAgEA1zRJQpLRa5+YfuGPM1cPjeJNuB5tT3BkuvD5helZHGIhfhYtQHvo\n" +
"MBhg9pvp+sHzbS6q3uIsmAafwN5yvoFgT7s65bLNWycZzCUqTGl+VcGr7qO9mVEy\n" +
"k6GV9EvfZwFZ4SM/1FTH7U38rcpz8WC+4HL+3SYOvlrJXmwlG2wvkr8hgIuIjx2G\n" +
"BO8hQETw3Z3+y3kvHgNkvYuGk9Cc/Llc4Sqf7/hZKjBFfYbTjZyxWYZGkfIkLEtt\n" +
"ehRyivt8gITezCsDgKMtuWKI0OYGbIsCwloStAbrt9sNzOQY6eyxNDG2tQbrZYN3\n" +
"QLxhq1Tz30EgQQ9jXIYmcj23a9ipPiCYzZFp235jEQ3TNwLX6ftNKb7WLSJGjj38\n" +
"mhzG7qCrMAb8VrBcH+biquJt8yKl9nZ6XBqpUFRrXqncZsECBoJFLI5n2XqX/78G\n" +
"kG4vK/yhYuv9mvNFIGET6pLrhH29OR/F68C58eDq4hZbmKGx+LdrQPGtv3Agl1qj\n" +
"r9pWa+KuHVXeageQYD2QsXNYLJRDE8F8MArDdG4UYet6aCt8k44WODfURqZ2dmRM\n" +
"nN/6A5RXj98FZfFln7iWrIC3Ft1jnA3JSPEGNV8kWE5XBxRVrioFgN1N3J5Y6AJg\n" +
"hVpQhSHHmpwIC/GGP6hJmvRLeyEUuSqX9EOuUafMN9PVpNkA+B0/dLsCAwEAAaOC\n" +
"AT0wggE5MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAU5IX/qDEa9xagekAHt9/dTIOA\n" +
"IQowHQYDVR0OBBYEFAZ0h/1vDsNHrHjRpXxWqx+qpjU4MA4GA1UdDwEB/wQEAwIF\n" +
"oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdAYDVR0fBG0wazBpoGeg\n" +
"ZYZjaHR0cDovL3NkYnZhLWJhbmtseS1jYS1jcmxzLnMzLnVzLWVhc3QtMS5hbWF6\n" +
"b25hd3MuY29tL2NybC8xYjE4NjYzYS1jMDE5LTQ0NTctYWI1YS1mMGNjODZkYTcz\n" +
"MTguY3JsMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAYYraHR0cDovL29jc3Au\n" +
"YWNtLXBjYS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTANBgkqhkiG9w0BAQsFAAOC\n" +
"AQEATFrh6c8EiE+7CLlUpyeNaf3r6O1YApvv1jhEmYlcDbPGqJVZXfgZ2lHaV0IE\n" +
"CaFiRsFsANRbJLLx6lhvKLsXqfyuPgeV1uSZ4b0RppywF62VEtEMPPRWziOWRAAk\n" +
"dlAAQM4weZyPe38ly8qPBhUttNvqKzGbxD5L98bmKZK4M/GWgrOeRICx+bjgVIb/\n" +
"+v+PCML7iUAcFoqJG88I8qu16sB15TO/XIwXmesFBVmMnPzXJ/HcVIT1DSQnqnJM\n" +
"sxZzLliVkEP/z2brz8SECpiemnwZLlO9NeERVDBVEBLFyhaQNXbSBHaO4XfRl89g\n" +
"VcIxBuTOJXD4f1SohvFO8NtonQ==\n" +
"-----END CERTIFICATE-----";
private static final String certificateChainContent = "" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIFFDCCA/ygAwIBAgIRANcnwU81BC6MXiWaKt+HeDQwDQYJKoZIhvcNAQELBQAw\n" +
"gbExCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" +
"U2VydmljZTEjMCEGA1UECwwaQmFua2x5J3MgU2VjdXJpdHkgUGxhdGZvcm0xCzAJ\n" +
"BgNVBAgMAlNQMTQwMgYDVQQDDCtTREJWQSAtIEJBTktMWSBQTEFURk9STSBTRUNV\n" +
"UklUWSBQUklWQVRFIENBMRIwEAYDVQQHDAlTYW8gUGF1bG8wHhcNMjIwMzA2MTU1\n" +
"NTI4WhcNMjUwMzA2MTY1NTI4WjCBrTELMAkGA1UEBhMCQlIxJjAkBgNVBAoMHUJh\n" +
"bmtseSAtIEJhbmtpbmcgYXMgYSBTZXJ2aWNlMSMwIQYDVQQLDBpCYW5rbHkncyBT\n" +
"ZWN1cml0eSBQbGF0Zm9ybTELMAkGA1UECAwCU1AxMDAuBgNVBAMMJ1NEQlZBIC0g\n" +
"QkFOS0xZIENMSUVOVCBBVVRIRU5USUNBVElPTiBDQTESMBAGA1UEBwwJU2FvIFBh\n" +
"dWxvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspdixeqeu7jshXVe\n" +
"OwOTrXbrYiwELGUWcbHPyY55hOpTwFMMVNrNwDXA3zLRx1kfOuOTUYOXgWCgtm5K\n" +
"6lK04fMlAcJyA6GIb8g/peTDJK3jtPGlqfWwQn7hy7jSUPfcMtkLbZuenq5j9Azs\n" +
"PRo1/7sdoGiLgHabQ5TtfIUJBPFFX1FfGuP6b/gXj+1zj8xCFasIk+TWnNxukgzo\n" +
"U9LCMrYjO5SxqanMRlbJIeemBe/GROaDS/Xy5sgWmabA8EkBdZTZ8OUrkbkYE12O\n" +
"JFV7cPzuz8js87pF+6jLGAfW/LLWSUn2s+1gWisR12ZwAHsgBHybgrRZ6xc67Xis\n" +
"SKhUywIDAQABo4IBJzCCASMwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAW\n" +
"gBRBAUtYSOY46kBOXdyc12Aqv3yIbTAdBgNVHQ4EFgQU5IX/qDEa9xagekAHt9/d\n" +
"TIOAIQowDgYDVR0PAQH/BAQDAgGGMHQGA1UdHwRtMGswaaBnoGWGY2h0dHA6Ly9z\n" +
"ZGJ2YS1iYW5rbHktY2EtY3Jscy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9j\n" +
"cmwvMTI4OGQxYTAtZjg2Mi00ZTFjLTg2MGQtY2ExZmI1MDAwOWUzLmNybDBHBggr\n" +
"BgEFBQcBAQQ7MDkwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmFjbS1wY2EudXMt\n" +
"ZWFzdC0xLmFtYXpvbmF3cy5jb20wDQYJKoZIhvcNAQELBQADggEBAEAHoVZ4g/nG\n" +
"R6Bzma/fzF64IFteVCTD7vQOeCVVnhlD5Y9dPQYEbgQx/yAJEk7+L+TcYyYYAsG5\n" +
"zD1yRGEC+gucK47DgSFTUxLol1BZ78o//DxBX+cGiFfKQpKRue51n9X85FqCKzN3\n" +
"Jrk2+0Jj2akXtOq2E8i2r04z12+1q1v/j9SiSeAPV+AiooJksobBrbCYJiSiM50U\n" +
"LrsiVG+pdVvZdvaK4Tw2DOgkB1Uz771Bp6KMlXNGKDihIAot5GOt2QSq+4s6cA2a\n" +
"nmMxr387c0DFhTe5So6WOdBPgwyjJp8ub/hNVXV2D0XCTJ14lowcxGeTlFnuBxhx\n" +
"Sq4CeXaAwmo=\n" +
"-----END CERTIFICATE-----\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIFAjCCA+qgAwIBAgIRAIU2tITMtN3M8pgiFzW0rRAwDQYJKoZIhvcNAQELBQAw\n" +
"gZsxCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" +
"U2VydmljZTEfMB0GA1UECwwWQmFua2x5IFByaXZhdGUgUm9vdCBDQTELMAkGA1UE\n" +
"CAwCU1AxIjAgBgNVBAMMGVNEQlZBIC0gQkFOS0xZIFBSSVZBVEUgQ0ExEjAQBgNV\n" +
"BAcMCVNhbyBQYXVsbzAeFw0yMjAzMDYxNTUyMzRaFw0yODAzMDYxNjUyMzRaMIGx\n" +
"MQswCQYDVQQGEwJCUjEmMCQGA1UECgwdQmFua2x5IC0gQmFua2luZyBhcyBhIFNl\n" +
"cnZpY2UxIzAhBgNVBAsMGkJhbmtseSdzIFNlY3VyaXR5IFBsYXRmb3JtMQswCQYD\n" +
"VQQIDAJTUDE0MDIGA1UEAwwrU0RCVkEgLSBCQU5LTFkgUExBVEZPUk0gU0VDVVJJ\n" +
"VFkgUFJJVkFURSBDQTESMBAGA1UEBwwJU2FvIFBhdWxvMIIBIjANBgkqhkiG9w0B\n" +
"AQEFAAOCAQ8AMIIBCgKCAQEAqDX2IvQibfopzmWPjhPK/7h9hTparzs7IA+E+Y93\n" +
"JBicY1deyw8trOuiHElMkStkwk6fPGJ7o844TYc9xaD96XTjdf5DbCbur0OL2Fou\n" +
"apj3SdhM5imcWczA/AvR65/6fQQOAsrY+L8fj0oLyoU8z7lNjHTHCdS+9kTrhpXS\n" +
"FIaus4nibfwHMDkhRIk0a2n7L9pNxjBiBv9qAGxt9SHX/WDHSI69JVUHXxnxhxJo\n" +
"YsfkkyrN7v8duS9V1I+LpLcw3gs5G3ik6GCqwIKjWF/E6R8+HxD7iBkOLirVAqjU\n" +
"rCRa0BQ4ob523U2yaumsD7RFe10YVPL4OhK8s2KEJdyLNwIDAQABo4IBJzCCASMw\n" +
"EgYDVR0TAQH/BAgwBgEB/wIBATAfBgNVHSMEGDAWgBSZ/YbVNehye0BdbSMvFD8w\n" +
"R6jO9zAdBgNVHQ4EFgQUQQFLWEjmOOpATl3cnNdgKr98iG0wDgYDVR0PAQH/BAQD\n" +
"AgGGMHQGA1UdHwRtMGswaaBnoGWGY2h0dHA6Ly9zZGJ2YS1iYW5rbHktY2EtY3Js\n" +
"cy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9jcmwvYjk1NzVlN2YtZjBhMy00\n" +
"YmE0LWFkZTItNjJiODgzOGZiZDZkLmNybDBHBggrBgEFBQcBAQQ7MDkwNwYIKwYB\n" +
"BQUHMAGGK2h0dHA6Ly9vY3NwLmFjbS1wY2EudXMtZWFzdC0xLmFtYXpvbmF3cy5j\n" +
"b20wDQYJKoZIhvcNAQELBQADggEBAHjSGhc8hXlCbuEsXlGUWXKHEWsWaEMFn6io\n" +
"V9VnQ4T2l6umx576eCza11nB2/eXI/kTi5h0pbG7zzZAH/XBmaGQD2FltLRq1tTA\n" +
"4BlclNkcOw648u6q2p9m42ZXZixpv6+ahDMznhUA/DPUDlWZ6TGgtjtQTthkS6B5\n" +
"/PVsvPt1RDU1PUo8Fa3ejOErGJPy8FahDlvP3iZkkVUksn1LyAYUMf2+LRCJNOjU\n" +
"hWwpQvzf4dTeWBVEzqanlPPOdta61NKCzrWmO75VbItPegs4E3ZCtctysV18p0CT\n" +
"G+qOsKFNCybArMZ5nciy0+7zl2t3y9AIG/BcqoPtPIIDgJdIWz8=\n" +
"-----END CERTIFICATE-----\n" +
"-----BEGIN CERTIFICATE-----\n" +
"MIIEBTCCAu2gAwIBAgIRAJzOXoNEpgkIvfOtOQEpzWMwDQYJKoZIhvcNAQELBQAw\n" +
"gZsxCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" +
"U2VydmljZTEfMB0GA1UECwwWQmFua2x5IFByaXZhdGUgUm9vdCBDQTELMAkGA1UE\n" +
"CAwCU1AxIjAgBgNVBAMMGVNEQlZBIC0gQkFOS0xZIFBSSVZBVEUgQ0ExEjAQBgNV\n" +
"BAcMCVNhbyBQYXVsbzAeFw0yMjAzMDYxNTQzMzJaFw0zMjAzMDYxNjQzMzJaMIGb\n" +
"MQswCQYDVQQGEwJCUjEmMCQGA1UECgwdQmFua2x5IC0gQmFua2luZyBhcyBhIFNl\n" +
"cnZpY2UxHzAdBgNVBAsMFkJhbmtseSBQcml2YXRlIFJvb3QgQ0ExCzAJBgNVBAgM\n" +
"AlNQMSIwIAYDVQQDDBlTREJWQSAtIEJBTktMWSBQUklWQVRFIENBMRIwEAYDVQQH\n" +
"DAlTYW8gUGF1bG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl4mlI\n" +
"5Pa8T6X9G8rdLm8K+u4BPbrtrh9WuMJf6wfW+wrKfWuGihasKSeJ3klPp25u4EJr\n" +
"kzT/2JlrGfzTSCQGYTR6WU2tVRE2JU1UrF5D42cV1fq2OjX2vvKETgsH3Spv6/Dn\n" +
"gUE59nP5gM0JVP1b9NSPQX7kbkJI0EYhzEO4q9+ufW8pYSzuEXJUAg3Xf+goJK2x\n" +
"iPYZ54Ce6OAu/3wQgc/lES1H3S7qilrWX7zbxZgxrRxdQusXi9JnDOpVniMAPlDd\n" +
"F1BOPASQXslTaS47Wqs4geMKhhGnSMENYhMyBz95/jJIMxTiIeQ2h+Dwpcb7tDhY\n" +
"mAP4jXTdQ6L8GCofAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" +
"FJn9htU16HJ7QF1tIy8UPzBHqM73MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B\n" +
"AQsFAAOCAQEAX3NBjjEMVO9CUEFeep++3u1YFkLWHIY6vAKlznc3b+cieUyiaYnB\n" +
"F9pE56xQhsppEmiX5tdjjVMiIcQNEx0yUGStMe4QMVELEJ0RKPCyetPrRUHYOE55\n" +
"GKAk5k13alBhkD6xOW8Myowk7W051GyEQPD1vWvzysmc0B9FYv+INCunjh+qBD5c\n" +
"e5HnFkbrC8AG+gb4PB2ji7VdbRat2Zxi9YD2pImWCKwduOTeSt1/lpTimFhqBvqF\n" +
"L+fhIAsC2UT0BPyCSB4RRuI4fPZoB2rt3X+VhD8IBNo56KYtvJDzMCM7+mXwHgOm\n" +
"nfyhm83nZijj8W4RSjPBu9Su3p9f4azydA==\n" +
"-----END CERTIFICATE-----";
private static final String privateKeyContent = "" +
"-----BEGIN ENCRYPTED PRIVATE KEY-----\n" +
"MIIJtDBeBgkqhkiG9w0BBQ0wUTAwBgkqhkiG9w0BBQwwIwQQH2LBrKI11P1lmLRJ\n" +
"c2yjSAIBATAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQoBgB/kLjCGQXbk2A\n" +
"5VayHgSCCVBtQ2TVOeZtx0PJZuB2Q0IobcORGvci4kIRmtrsEuvRf7b+Gdo96hb+\n" +
"Kw71EVl9dZY0tomHge1GwpD+cZHJiwPjd1tHRvsTNUEMgDkk2Pw6ENV8bLx9X+1w\n" +
"qEOsn30TKp3pOlHGHsruSWG767dWS0CilvE3KwtEaGJMuL7CC7Ntj/FbQ9XM2o+m\n" +
"MO+NFg/k3e7qR8Z41hKN4HEfgSVH3XzSsE935PRW3Zh9mKD08NP6taXjg1YPzyOG\n" +
"p7lbJHQlwElrkbFvXM72gDl9HlgyKaqCvUIAisUH+UTd74Y6h7R2s1omTtfz+Fl9\n" +
"Pw7Ck/a5EFbXRLQsrColY8oP8VAWDYdHW8BEJ5kI2YMwmgkzSebo/4R0aJAXfKX0\n" +
"05Vlu7xGXy7DUhLp0M7AFdjTu4VzQk20jlj3cI2tDSgapXcXvHR0dziyewciJKul\n" +
"E/eLG5jZ1ETRUQFpcoNacZpZhbBIrAefbehCzDMt4XqYEB4dnfWFSbRavt3FsE/e\n" +
"36YFgPl6P8PUf3bCWz4WbJL4nYYbzIoI/TEOTli6ttt/9AAGJ987G1Rga+VAmAyw\n" +
"XxMqpWg8S1mbOPA9PA+QnYBJWAuqV0yRTbieeMatjOJq77CmF15hMRRdh1seryX+\n" +
"F3w1pjCVqHwU6nQLe3QOCByK7vd5piJKs8vVhqfT0D+9nUK/vJOfwEFqyYISRGRL\n" +
"s/bOT4rgifyTKViwUsniUaGex9FKx6PPRDR9GiKVhhC1yzVlMORc3g2sRIouxzld\n" +
"HXaweabpjCrIgJm6zNHSBE9hnhpsbAs+2UbyULcCCvTM+iOU+tYdYm99eiL9f5xE\n" +
"HGOPhIXwgGrgv2VmJ1GjuE5FAyO3LqtDuE3Cov3IsNOu5WSayb+fNrW/6Y038cWn\n" +
"C+R5U0cF15+F/MJ0OuG0RK25V4Mo4H01h52rrL91AfnvqW4U5BpxhHk12KDU0req\n" +
"h4YCZcqzApIHLbsPY3j0h/oWVwramIJPZQMpZ9+hF674BYDzQZc2mZzfwqRnU6Pz\n" +
"quVJ14Ak6Y67fGsU+/48aFuZp1V6FWA6wqGKsIzCOGmWqNmzI2Ih7/QAPmDgUk75\n" +
"78q2RMV+d1S8vjtbQe5sbjPZNAzUSKEv9sW2RVTcMWueUqikSraF16RGMcq94MR5\n" +
"QPGQ8SIsHWv7opxuwsD5vNv+S2nUkKTqYekOqA0nJobGrjxSe0T3BeSFVj/lIlI/\n" +
"pKXMkh9ihKafK9Z6auTB5QcSQM1cts4ZPkuwfN5n6s2zpBVuDDz1oErB0Kk2Qngc\n" +
"p7qAYSq9760RoLpXywMBL0hqIOufYneg2s6R4cQ5RfQyj0+E1t9cLg0c+IiPT/rj\n" +
"tdd8jmPZ16k08bKr1SvLWSXnSGy0z5rrxgpK2NIfTWxSo4lFCjDK9nCVRKdmHlHQ\n" +
"i+1R0mI+KM2+5fHnu7iGv4ABF2e/5XQruCuwEtB8JApvkoLs3cls9dQEum6WJVOH\n" +
"beIY7s9mqjuAu0unbSnjpxv8jqTiNCwQOICMAi97GrohhqB5zOza4nBWNAFPfny8\n" +
"NjaiGyK1B3YfDU9B/RywalnxFdOxbkJvR4PJuTUacVio0cI/Ce69nkq3r63t7PsD\n" +
"OA6QMJVE88On/TT7eBV3oRWtOtz0641fpitGfAPjuzPO63Epk1hfE1+hdQ6tZrPO\n" +
"kgE6t1kYW2JB/wdNmxr+Bd26wSQGagzuczWWftWFSsXIhjw0yMvbBiung4I4vFLD\n" +
"zJFCQguonbnEZ5+X7v91KucurMFYrtI+A55SaLmd86jMOka+NuCQHsYINZqMaQVC\n" +
"S/4tjCzlCMKkeSwsygzpecrqunVp2iXXoaH5wlencVISyrfbAsTangpJa8tzTMO6\n" +
"pxucA3Bga8c34rOesPzVn2BQx3PoLf1N7K6Z1Q26sxdw1yZ9VYWBZ8+2jx3AzEzB\n" +
"HLCMYRtwZMf7VnKDjN3+XxuEVHrfeuk6e0VQhcpi6+e7BD7QsNm6M4laoMnCnZLV\n" +
"O38WXtcr0U/e7iLhqXSHcDLEp01/0hBFcNTISK50smZuhJi0bfJ8V1xR5zewLqXP\n" +
"U2eB0V/yNmsU1Mfo0dyT4pHomsZyvRo+Wfbi1j+yqbuq41b4foqoG5tE3d3kpzkb\n" +
"ASgl6MZq3XosERji256vmKhP9TER8J7LSoiYls5r/ziEVREZBqjnZxn76HNq1dtq\n" +
"9gRLLcWwsHLjCy1vpCXU3dWQWz2WktYPf9910B+JZImI94A1MRF8ZlmAm+DnmYU1\n" +
"IQbDzXcTfKGrO8do5eenIVhcqxkbj3GrDDP3bDcjcYpAoXE9Z01s+6qhimAoC1O1\n" +
"q4Rd9sCwG8GYySZviC0OXBVUPWJUGE//dvzBBsGsO+LpqKRpeFjREq7xVLi7e5Uz\n" +
"m8yePDVHZLA66IlXvz3BaP/FI0E4R7Ptuve2C2G+kidbzoIPRHm+IFlN+HeQUANt\n" +
"N+snQi5LO70NsrzeLo42FZ84dzM9IH0ZDpT1P/AxxOxa6Xaq+tKXY+0XeKzJXYwd\n" +
"XueFsqzfJY/kWesXkNcvvbu83QfnkDW0t/oT4StPl7TDqmRsITIqGKuQ7I6akjIA\n" +
"Mc0VsKpcsEl1ewKHh1T00Xb6fZSpgYj4stRbb4qt+DyWZmV1j/WFoqUZCLCb+Qi7\n" +
"B7/eeqjO3rkuT6re6g5UMN2JeDRyYd67bUjhXp35h84erwf8+ExxZpE5iy0EuaZU\n" +
"L+y6V3jy8DbafZHo9emNUHkIZXE4RDDmgYd1pjt3nBJeujQGmjd0ilm2a7626uoY\n" +
"Oic2Iq+RFNACBMEG6rN//KG6P+4lmRpQaR+EdwuUbDygdiI8AUXUl5Z+ARhhb3mz\n" +
"uiKfG7qovnLvoQgwCURX7Vmi/djneNKCo7UV9nw4OklWpVSSQUkqP4nb8Pwhowmw\n" +
"n15w8H7S1U0WZ3+JcM7pQXEnvyk0489MtbHvD5fp1QkEUnyudb9jfqY1pRo+Edu6\n" +
"gL68ht6ljT4QSQphFV+hPJ0AKyF7FCN2jpm9tfRIEtLrMD9EmJuO2yZMEjSxpusX\n" +
"l+9CO3AJ8aE+KRLqKLdFruB0jy5JyQGLfMZoDzwj64ROM/vYfTdTCPTsKaFcS2a+\n" +
"qLl5edVqSrze9s6sg7s2HjvLrvKdgEo6oCh+hcWx2W/rIlER5OQYRkFXiCChdU/7\n" +
"+h6w05j6+UrhzSOcpiDBPus+8gsitaCENJ4RFMhheoGOQYPSDjOCuQ==\n" +
"-----END ENCRYPTED PRIVATE KEY-----\n";
private static final char[] privateKeyPassword = "124d0ce5&b188&11ec&a252&0a6baf81486b&#novadax#&@20220401065052&$".toCharArray();
public static void main(String[] args) {
removeCryptographyRestrictions();
X509ExtendedKeyManager keyManager = PemUtils.parseIdentityMaterial(certificateChainContent, privateKeyContent, privateKeyPassword);
X509ExtendedTrustManager trustManager = PemUtils.parseTrustMaterial(trustedCertificateContent);
System.out.println("Done");
}
private static void removeCryptographyRestrictions() {
if (!isRestrictedCryptography()) {
return;
}
try {
final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity");
final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions");
final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission");
Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted");
isRestrictedField.setAccessible(true);
setFinalStatic(isRestrictedField, true);
isRestrictedField.set(null, false);
final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy");
defaultPolicyField.setAccessible(true);
final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null);
final Field perms = cryptoPermissions.getDeclaredField("perms");
perms.setAccessible(true);
((Map<?, ?>) perms.get(defaultPolicy)).clear();
final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE");
instance.setAccessible(true);
defaultPolicy.add((Permission) instance.get(null));
} catch (Exception e) {
e.printStackTrace();
}
}
static void setFinalStatic(Field field, Object newValue) throws Exception {
field.setAccessible(true);
Field modifiersField = Field.class.getDeclaredField("modifiers");
modifiersField.setAccessible(true);
modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
field.set(null, newValue);
}
private static boolean isRestrictedCryptography() {
// This simply matches the Oracle JRE, but not OpenJDK.
return "Java(TM) SE Runtime Environment".equals(System.getProperty("java.runtime.name"));
}
}The method removeCryptographyRestrictions does the magic trick. I found it here: https://stackoverflow.com/a/44056166/6777695
I have used the private key, certificate chain and certificate which you have shared earlier and pasted in the example above. It looks a bit verbose, but if you scroll to the main method you will understand what is happening. Can you also try on your side and share your results?
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
running on Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
the problem still there
Caused by: org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.13 not available: Wrong algorithm: AES or Rijndael required
at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
at nl.altindag.ssl.decryptor.BouncyFunction.lambda$andThen$0(BouncyFunction.java:22)
at nl.altindag.ssl.util.PemUtils.extractPrivateKeyInfo(PemUtils.java:493)
... 56 common frames omitted
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.13 not available: Wrong algorithm: AES or Rijndael required
at org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
... 59 common frames omitted
Caused by: java.security.InvalidKeyException: Wrong algorithm: AES or Rijndael required
at com.sun.crypto.provider.AESCrypt.init(AESCrypt.java:83)
at com.sun.crypto.provider.CipherBlockChaining.init(CipherBlockChaining.java:93)
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:591)
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:619)
at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:355)
at javax.crypto.Cipher.implInit(Cipher.java:810)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1539)
at javax.crypto.Cipher.init(Cipher.java:1470)
... 60 common frames omitted
My advice would be just to update to the latest version of JDK 1.8.0_311 if possible, but I assume that is not possible for your project. I have tried with the same version as yours which you provided, 1.8.0_131-b11, and I also get the same exception now. I have resolved that with the following snippet:
import nl.altindag.ssl.util.PemUtils; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509ExtendedTrustManager; import java.lang.reflect.Field; import java.lang.reflect.Modifier; import java.security.Permission; import java.security.PermissionCollection; import java.util.Map; public class App { private static final String trustedCertificateContent = "" + "-----BEGIN CERTIFICATE-----\n" + "MIIGbzCCBVegAwIBAgIRAP4J5O+S9ovhyULVmMSmRaMwDQYJKoZIhvcNAQELBQAw\n" + "ga0xCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" + "U2VydmljZTEjMCEGA1UECwwaQmFua2x5J3MgU2VjdXJpdHkgUGxhdGZvcm0xCzAJ\n" + "BgNVBAgMAlNQMTAwLgYDVQQDDCdTREJWQSAtIEJBTktMWSBDTElFTlQgQVVUSEVO\n" + "VElDQVRJT04gQ0ExEjAQBgNVBAcMCVNhbyBQYXVsbzAeFw0yMjA0MDQxMjUyMzVa\n" + "Fw0yMzA0MDQxMzUyMzVaMIH2MRcwFQYDVQQFEw44NjY1NjgzNTAwMDExMDERMA8G\n" + "A1UEDxMIT3BlbiBBcGkxNDAyBgoJkiaJk/IsZAEBEyRmODA4NDU0NS1kNzQxLTQ4\n" + "MmQtYTJhNS00NTgyN2Y0ZjY1YjIxCzAJBgNVBAYTAkJSMRQwEgYDVQQKDAtTREJf\n" + "Tk9WQURBWDELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEUMBIGA1UE\n" + "CwwLU0RCX05PVkFEQVgxODA2BgNVBAMML3NkYl9ub3ZhZGF4LmNsaWVudC1hdXRo\n" + "LnNhbmRib3guYmFua2x5LnNlcnZpY2VzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\n" + "MIICCgKCAgEA1zRJQpLRa5+YfuGPM1cPjeJNuB5tT3BkuvD5helZHGIhfhYtQHvo\n" + "MBhg9pvp+sHzbS6q3uIsmAafwN5yvoFgT7s65bLNWycZzCUqTGl+VcGr7qO9mVEy\n" + "k6GV9EvfZwFZ4SM/1FTH7U38rcpz8WC+4HL+3SYOvlrJXmwlG2wvkr8hgIuIjx2G\n" + "BO8hQETw3Z3+y3kvHgNkvYuGk9Cc/Llc4Sqf7/hZKjBFfYbTjZyxWYZGkfIkLEtt\n" + "ehRyivt8gITezCsDgKMtuWKI0OYGbIsCwloStAbrt9sNzOQY6eyxNDG2tQbrZYN3\n" + "QLxhq1Tz30EgQQ9jXIYmcj23a9ipPiCYzZFp235jEQ3TNwLX6ftNKb7WLSJGjj38\n" + "mhzG7qCrMAb8VrBcH+biquJt8yKl9nZ6XBqpUFRrXqncZsECBoJFLI5n2XqX/78G\n" + "kG4vK/yhYuv9mvNFIGET6pLrhH29OR/F68C58eDq4hZbmKGx+LdrQPGtv3Agl1qj\n" + "r9pWa+KuHVXeageQYD2QsXNYLJRDE8F8MArDdG4UYet6aCt8k44WODfURqZ2dmRM\n" + "nN/6A5RXj98FZfFln7iWrIC3Ft1jnA3JSPEGNV8kWE5XBxRVrioFgN1N3J5Y6AJg\n" + "hVpQhSHHmpwIC/GGP6hJmvRLeyEUuSqX9EOuUafMN9PVpNkA+B0/dLsCAwEAAaOC\n" + "AT0wggE5MAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAU5IX/qDEa9xagekAHt9/dTIOA\n" + "IQowHQYDVR0OBBYEFAZ0h/1vDsNHrHjRpXxWqx+qpjU4MA4GA1UdDwEB/wQEAwIF\n" + "oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdAYDVR0fBG0wazBpoGeg\n" + "ZYZjaHR0cDovL3NkYnZhLWJhbmtseS1jYS1jcmxzLnMzLnVzLWVhc3QtMS5hbWF6\n" + "b25hd3MuY29tL2NybC8xYjE4NjYzYS1jMDE5LTQ0NTctYWI1YS1mMGNjODZkYTcz\n" + "MTguY3JsMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAYYraHR0cDovL29jc3Au\n" + "YWNtLXBjYS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTANBgkqhkiG9w0BAQsFAAOC\n" + "AQEATFrh6c8EiE+7CLlUpyeNaf3r6O1YApvv1jhEmYlcDbPGqJVZXfgZ2lHaV0IE\n" + "CaFiRsFsANRbJLLx6lhvKLsXqfyuPgeV1uSZ4b0RppywF62VEtEMPPRWziOWRAAk\n" + "dlAAQM4weZyPe38ly8qPBhUttNvqKzGbxD5L98bmKZK4M/GWgrOeRICx+bjgVIb/\n" + "+v+PCML7iUAcFoqJG88I8qu16sB15TO/XIwXmesFBVmMnPzXJ/HcVIT1DSQnqnJM\n" + "sxZzLliVkEP/z2brz8SECpiemnwZLlO9NeERVDBVEBLFyhaQNXbSBHaO4XfRl89g\n" + "VcIxBuTOJXD4f1SohvFO8NtonQ==\n" + "-----END CERTIFICATE-----"; private static final String certificateChainContent = "" + "-----BEGIN CERTIFICATE-----\n" + "MIIFFDCCA/ygAwIBAgIRANcnwU81BC6MXiWaKt+HeDQwDQYJKoZIhvcNAQELBQAw\n" + "gbExCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" + "U2VydmljZTEjMCEGA1UECwwaQmFua2x5J3MgU2VjdXJpdHkgUGxhdGZvcm0xCzAJ\n" + "BgNVBAgMAlNQMTQwMgYDVQQDDCtTREJWQSAtIEJBTktMWSBQTEFURk9STSBTRUNV\n" + "UklUWSBQUklWQVRFIENBMRIwEAYDVQQHDAlTYW8gUGF1bG8wHhcNMjIwMzA2MTU1\n" + "NTI4WhcNMjUwMzA2MTY1NTI4WjCBrTELMAkGA1UEBhMCQlIxJjAkBgNVBAoMHUJh\n" + "bmtseSAtIEJhbmtpbmcgYXMgYSBTZXJ2aWNlMSMwIQYDVQQLDBpCYW5rbHkncyBT\n" + "ZWN1cml0eSBQbGF0Zm9ybTELMAkGA1UECAwCU1AxMDAuBgNVBAMMJ1NEQlZBIC0g\n" + "QkFOS0xZIENMSUVOVCBBVVRIRU5USUNBVElPTiBDQTESMBAGA1UEBwwJU2FvIFBh\n" + "dWxvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspdixeqeu7jshXVe\n" + "OwOTrXbrYiwELGUWcbHPyY55hOpTwFMMVNrNwDXA3zLRx1kfOuOTUYOXgWCgtm5K\n" + "6lK04fMlAcJyA6GIb8g/peTDJK3jtPGlqfWwQn7hy7jSUPfcMtkLbZuenq5j9Azs\n" + "PRo1/7sdoGiLgHabQ5TtfIUJBPFFX1FfGuP6b/gXj+1zj8xCFasIk+TWnNxukgzo\n" + "U9LCMrYjO5SxqanMRlbJIeemBe/GROaDS/Xy5sgWmabA8EkBdZTZ8OUrkbkYE12O\n" + "JFV7cPzuz8js87pF+6jLGAfW/LLWSUn2s+1gWisR12ZwAHsgBHybgrRZ6xc67Xis\n" + "SKhUywIDAQABo4IBJzCCASMwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAW\n" + "gBRBAUtYSOY46kBOXdyc12Aqv3yIbTAdBgNVHQ4EFgQU5IX/qDEa9xagekAHt9/d\n" + "TIOAIQowDgYDVR0PAQH/BAQDAgGGMHQGA1UdHwRtMGswaaBnoGWGY2h0dHA6Ly9z\n" + "ZGJ2YS1iYW5rbHktY2EtY3Jscy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9j\n" + "cmwvMTI4OGQxYTAtZjg2Mi00ZTFjLTg2MGQtY2ExZmI1MDAwOWUzLmNybDBHBggr\n" + "BgEFBQcBAQQ7MDkwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmFjbS1wY2EudXMt\n" + "ZWFzdC0xLmFtYXpvbmF3cy5jb20wDQYJKoZIhvcNAQELBQADggEBAEAHoVZ4g/nG\n" + "R6Bzma/fzF64IFteVCTD7vQOeCVVnhlD5Y9dPQYEbgQx/yAJEk7+L+TcYyYYAsG5\n" + "zD1yRGEC+gucK47DgSFTUxLol1BZ78o//DxBX+cGiFfKQpKRue51n9X85FqCKzN3\n" + "Jrk2+0Jj2akXtOq2E8i2r04z12+1q1v/j9SiSeAPV+AiooJksobBrbCYJiSiM50U\n" + "LrsiVG+pdVvZdvaK4Tw2DOgkB1Uz771Bp6KMlXNGKDihIAot5GOt2QSq+4s6cA2a\n" + "nmMxr387c0DFhTe5So6WOdBPgwyjJp8ub/hNVXV2D0XCTJ14lowcxGeTlFnuBxhx\n" + "Sq4CeXaAwmo=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIFAjCCA+qgAwIBAgIRAIU2tITMtN3M8pgiFzW0rRAwDQYJKoZIhvcNAQELBQAw\n" + "gZsxCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" + "U2VydmljZTEfMB0GA1UECwwWQmFua2x5IFByaXZhdGUgUm9vdCBDQTELMAkGA1UE\n" + "CAwCU1AxIjAgBgNVBAMMGVNEQlZBIC0gQkFOS0xZIFBSSVZBVEUgQ0ExEjAQBgNV\n" + "BAcMCVNhbyBQYXVsbzAeFw0yMjAzMDYxNTUyMzRaFw0yODAzMDYxNjUyMzRaMIGx\n" + "MQswCQYDVQQGEwJCUjEmMCQGA1UECgwdQmFua2x5IC0gQmFua2luZyBhcyBhIFNl\n" + "cnZpY2UxIzAhBgNVBAsMGkJhbmtseSdzIFNlY3VyaXR5IFBsYXRmb3JtMQswCQYD\n" + "VQQIDAJTUDE0MDIGA1UEAwwrU0RCVkEgLSBCQU5LTFkgUExBVEZPUk0gU0VDVVJJ\n" + "VFkgUFJJVkFURSBDQTESMBAGA1UEBwwJU2FvIFBhdWxvMIIBIjANBgkqhkiG9w0B\n" + "AQEFAAOCAQ8AMIIBCgKCAQEAqDX2IvQibfopzmWPjhPK/7h9hTparzs7IA+E+Y93\n" + "JBicY1deyw8trOuiHElMkStkwk6fPGJ7o844TYc9xaD96XTjdf5DbCbur0OL2Fou\n" + "apj3SdhM5imcWczA/AvR65/6fQQOAsrY+L8fj0oLyoU8z7lNjHTHCdS+9kTrhpXS\n" + "FIaus4nibfwHMDkhRIk0a2n7L9pNxjBiBv9qAGxt9SHX/WDHSI69JVUHXxnxhxJo\n" + "YsfkkyrN7v8duS9V1I+LpLcw3gs5G3ik6GCqwIKjWF/E6R8+HxD7iBkOLirVAqjU\n" + "rCRa0BQ4ob523U2yaumsD7RFe10YVPL4OhK8s2KEJdyLNwIDAQABo4IBJzCCASMw\n" + "EgYDVR0TAQH/BAgwBgEB/wIBATAfBgNVHSMEGDAWgBSZ/YbVNehye0BdbSMvFD8w\n" + "R6jO9zAdBgNVHQ4EFgQUQQFLWEjmOOpATl3cnNdgKr98iG0wDgYDVR0PAQH/BAQD\n" + "AgGGMHQGA1UdHwRtMGswaaBnoGWGY2h0dHA6Ly9zZGJ2YS1iYW5rbHktY2EtY3Js\n" + "cy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9jcmwvYjk1NzVlN2YtZjBhMy00\n" + "YmE0LWFkZTItNjJiODgzOGZiZDZkLmNybDBHBggrBgEFBQcBAQQ7MDkwNwYIKwYB\n" + "BQUHMAGGK2h0dHA6Ly9vY3NwLmFjbS1wY2EudXMtZWFzdC0xLmFtYXpvbmF3cy5j\n" + "b20wDQYJKoZIhvcNAQELBQADggEBAHjSGhc8hXlCbuEsXlGUWXKHEWsWaEMFn6io\n" + "V9VnQ4T2l6umx576eCza11nB2/eXI/kTi5h0pbG7zzZAH/XBmaGQD2FltLRq1tTA\n" + "4BlclNkcOw648u6q2p9m42ZXZixpv6+ahDMznhUA/DPUDlWZ6TGgtjtQTthkS6B5\n" + "/PVsvPt1RDU1PUo8Fa3ejOErGJPy8FahDlvP3iZkkVUksn1LyAYUMf2+LRCJNOjU\n" + "hWwpQvzf4dTeWBVEzqanlPPOdta61NKCzrWmO75VbItPegs4E3ZCtctysV18p0CT\n" + "G+qOsKFNCybArMZ5nciy0+7zl2t3y9AIG/BcqoPtPIIDgJdIWz8=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEBTCCAu2gAwIBAgIRAJzOXoNEpgkIvfOtOQEpzWMwDQYJKoZIhvcNAQELBQAw\n" + "gZsxCzAJBgNVBAYTAkJSMSYwJAYDVQQKDB1CYW5rbHkgLSBCYW5raW5nIGFzIGEg\n" + "U2VydmljZTEfMB0GA1UECwwWQmFua2x5IFByaXZhdGUgUm9vdCBDQTELMAkGA1UE\n" + "CAwCU1AxIjAgBgNVBAMMGVNEQlZBIC0gQkFOS0xZIFBSSVZBVEUgQ0ExEjAQBgNV\n" + "BAcMCVNhbyBQYXVsbzAeFw0yMjAzMDYxNTQzMzJaFw0zMjAzMDYxNjQzMzJaMIGb\n" + "MQswCQYDVQQGEwJCUjEmMCQGA1UECgwdQmFua2x5IC0gQmFua2luZyBhcyBhIFNl\n" + "cnZpY2UxHzAdBgNVBAsMFkJhbmtseSBQcml2YXRlIFJvb3QgQ0ExCzAJBgNVBAgM\n" + "AlNQMSIwIAYDVQQDDBlTREJWQSAtIEJBTktMWSBQUklWQVRFIENBMRIwEAYDVQQH\n" + "DAlTYW8gUGF1bG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl4mlI\n" + "5Pa8T6X9G8rdLm8K+u4BPbrtrh9WuMJf6wfW+wrKfWuGihasKSeJ3klPp25u4EJr\n" + "kzT/2JlrGfzTSCQGYTR6WU2tVRE2JU1UrF5D42cV1fq2OjX2vvKETgsH3Spv6/Dn\n" + "gUE59nP5gM0JVP1b9NSPQX7kbkJI0EYhzEO4q9+ufW8pYSzuEXJUAg3Xf+goJK2x\n" + "iPYZ54Ce6OAu/3wQgc/lES1H3S7qilrWX7zbxZgxrRxdQusXi9JnDOpVniMAPlDd\n" + "F1BOPASQXslTaS47Wqs4geMKhhGnSMENYhMyBz95/jJIMxTiIeQ2h+Dwpcb7tDhY\n" + "mAP4jXTdQ6L8GCofAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + "FJn9htU16HJ7QF1tIy8UPzBHqM73MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B\n" + "AQsFAAOCAQEAX3NBjjEMVO9CUEFeep++3u1YFkLWHIY6vAKlznc3b+cieUyiaYnB\n" + "F9pE56xQhsppEmiX5tdjjVMiIcQNEx0yUGStMe4QMVELEJ0RKPCyetPrRUHYOE55\n" + "GKAk5k13alBhkD6xOW8Myowk7W051GyEQPD1vWvzysmc0B9FYv+INCunjh+qBD5c\n" + "e5HnFkbrC8AG+gb4PB2ji7VdbRat2Zxi9YD2pImWCKwduOTeSt1/lpTimFhqBvqF\n" + "L+fhIAsC2UT0BPyCSB4RRuI4fPZoB2rt3X+VhD8IBNo56KYtvJDzMCM7+mXwHgOm\n" + "nfyhm83nZijj8W4RSjPBu9Su3p9f4azydA==\n" + "-----END CERTIFICATE-----"; private static final String privateKeyContent = "" + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" + "MIIJtDBeBgkqhkiG9w0BBQ0wUTAwBgkqhkiG9w0BBQwwIwQQH2LBrKI11P1lmLRJ\n" + "c2yjSAIBATAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQoBgB/kLjCGQXbk2A\n" + "5VayHgSCCVBtQ2TVOeZtx0PJZuB2Q0IobcORGvci4kIRmtrsEuvRf7b+Gdo96hb+\n" + "Kw71EVl9dZY0tomHge1GwpD+cZHJiwPjd1tHRvsTNUEMgDkk2Pw6ENV8bLx9X+1w\n" + "qEOsn30TKp3pOlHGHsruSWG767dWS0CilvE3KwtEaGJMuL7CC7Ntj/FbQ9XM2o+m\n" + "MO+NFg/k3e7qR8Z41hKN4HEfgSVH3XzSsE935PRW3Zh9mKD08NP6taXjg1YPzyOG\n" + "p7lbJHQlwElrkbFvXM72gDl9HlgyKaqCvUIAisUH+UTd74Y6h7R2s1omTtfz+Fl9\n" + "Pw7Ck/a5EFbXRLQsrColY8oP8VAWDYdHW8BEJ5kI2YMwmgkzSebo/4R0aJAXfKX0\n" + "05Vlu7xGXy7DUhLp0M7AFdjTu4VzQk20jlj3cI2tDSgapXcXvHR0dziyewciJKul\n" + "E/eLG5jZ1ETRUQFpcoNacZpZhbBIrAefbehCzDMt4XqYEB4dnfWFSbRavt3FsE/e\n" + "36YFgPl6P8PUf3bCWz4WbJL4nYYbzIoI/TEOTli6ttt/9AAGJ987G1Rga+VAmAyw\n" + "XxMqpWg8S1mbOPA9PA+QnYBJWAuqV0yRTbieeMatjOJq77CmF15hMRRdh1seryX+\n" + "F3w1pjCVqHwU6nQLe3QOCByK7vd5piJKs8vVhqfT0D+9nUK/vJOfwEFqyYISRGRL\n" + "s/bOT4rgifyTKViwUsniUaGex9FKx6PPRDR9GiKVhhC1yzVlMORc3g2sRIouxzld\n" + "HXaweabpjCrIgJm6zNHSBE9hnhpsbAs+2UbyULcCCvTM+iOU+tYdYm99eiL9f5xE\n" + "HGOPhIXwgGrgv2VmJ1GjuE5FAyO3LqtDuE3Cov3IsNOu5WSayb+fNrW/6Y038cWn\n" + "C+R5U0cF15+F/MJ0OuG0RK25V4Mo4H01h52rrL91AfnvqW4U5BpxhHk12KDU0req\n" + "h4YCZcqzApIHLbsPY3j0h/oWVwramIJPZQMpZ9+hF674BYDzQZc2mZzfwqRnU6Pz\n" + "quVJ14Ak6Y67fGsU+/48aFuZp1V6FWA6wqGKsIzCOGmWqNmzI2Ih7/QAPmDgUk75\n" + "78q2RMV+d1S8vjtbQe5sbjPZNAzUSKEv9sW2RVTcMWueUqikSraF16RGMcq94MR5\n" + "QPGQ8SIsHWv7opxuwsD5vNv+S2nUkKTqYekOqA0nJobGrjxSe0T3BeSFVj/lIlI/\n" + "pKXMkh9ihKafK9Z6auTB5QcSQM1cts4ZPkuwfN5n6s2zpBVuDDz1oErB0Kk2Qngc\n" + "p7qAYSq9760RoLpXywMBL0hqIOufYneg2s6R4cQ5RfQyj0+E1t9cLg0c+IiPT/rj\n" + "tdd8jmPZ16k08bKr1SvLWSXnSGy0z5rrxgpK2NIfTWxSo4lFCjDK9nCVRKdmHlHQ\n" + "i+1R0mI+KM2+5fHnu7iGv4ABF2e/5XQruCuwEtB8JApvkoLs3cls9dQEum6WJVOH\n" + "beIY7s9mqjuAu0unbSnjpxv8jqTiNCwQOICMAi97GrohhqB5zOza4nBWNAFPfny8\n" + "NjaiGyK1B3YfDU9B/RywalnxFdOxbkJvR4PJuTUacVio0cI/Ce69nkq3r63t7PsD\n" + "OA6QMJVE88On/TT7eBV3oRWtOtz0641fpitGfAPjuzPO63Epk1hfE1+hdQ6tZrPO\n" + "kgE6t1kYW2JB/wdNmxr+Bd26wSQGagzuczWWftWFSsXIhjw0yMvbBiung4I4vFLD\n" + "zJFCQguonbnEZ5+X7v91KucurMFYrtI+A55SaLmd86jMOka+NuCQHsYINZqMaQVC\n" + "S/4tjCzlCMKkeSwsygzpecrqunVp2iXXoaH5wlencVISyrfbAsTangpJa8tzTMO6\n" + "pxucA3Bga8c34rOesPzVn2BQx3PoLf1N7K6Z1Q26sxdw1yZ9VYWBZ8+2jx3AzEzB\n" + "HLCMYRtwZMf7VnKDjN3+XxuEVHrfeuk6e0VQhcpi6+e7BD7QsNm6M4laoMnCnZLV\n" + "O38WXtcr0U/e7iLhqXSHcDLEp01/0hBFcNTISK50smZuhJi0bfJ8V1xR5zewLqXP\n" + "U2eB0V/yNmsU1Mfo0dyT4pHomsZyvRo+Wfbi1j+yqbuq41b4foqoG5tE3d3kpzkb\n" + "ASgl6MZq3XosERji256vmKhP9TER8J7LSoiYls5r/ziEVREZBqjnZxn76HNq1dtq\n" + "9gRLLcWwsHLjCy1vpCXU3dWQWz2WktYPf9910B+JZImI94A1MRF8ZlmAm+DnmYU1\n" + "IQbDzXcTfKGrO8do5eenIVhcqxkbj3GrDDP3bDcjcYpAoXE9Z01s+6qhimAoC1O1\n" + "q4Rd9sCwG8GYySZviC0OXBVUPWJUGE//dvzBBsGsO+LpqKRpeFjREq7xVLi7e5Uz\n" + "m8yePDVHZLA66IlXvz3BaP/FI0E4R7Ptuve2C2G+kidbzoIPRHm+IFlN+HeQUANt\n" + "N+snQi5LO70NsrzeLo42FZ84dzM9IH0ZDpT1P/AxxOxa6Xaq+tKXY+0XeKzJXYwd\n" + "XueFsqzfJY/kWesXkNcvvbu83QfnkDW0t/oT4StPl7TDqmRsITIqGKuQ7I6akjIA\n" + "Mc0VsKpcsEl1ewKHh1T00Xb6fZSpgYj4stRbb4qt+DyWZmV1j/WFoqUZCLCb+Qi7\n" + "B7/eeqjO3rkuT6re6g5UMN2JeDRyYd67bUjhXp35h84erwf8+ExxZpE5iy0EuaZU\n" + "L+y6V3jy8DbafZHo9emNUHkIZXE4RDDmgYd1pjt3nBJeujQGmjd0ilm2a7626uoY\n" + "Oic2Iq+RFNACBMEG6rN//KG6P+4lmRpQaR+EdwuUbDygdiI8AUXUl5Z+ARhhb3mz\n" + "uiKfG7qovnLvoQgwCURX7Vmi/djneNKCo7UV9nw4OklWpVSSQUkqP4nb8Pwhowmw\n" + "n15w8H7S1U0WZ3+JcM7pQXEnvyk0489MtbHvD5fp1QkEUnyudb9jfqY1pRo+Edu6\n" + "gL68ht6ljT4QSQphFV+hPJ0AKyF7FCN2jpm9tfRIEtLrMD9EmJuO2yZMEjSxpusX\n" + "l+9CO3AJ8aE+KRLqKLdFruB0jy5JyQGLfMZoDzwj64ROM/vYfTdTCPTsKaFcS2a+\n" + "qLl5edVqSrze9s6sg7s2HjvLrvKdgEo6oCh+hcWx2W/rIlER5OQYRkFXiCChdU/7\n" + "+h6w05j6+UrhzSOcpiDBPus+8gsitaCENJ4RFMhheoGOQYPSDjOCuQ==\n" + "-----END ENCRYPTED PRIVATE KEY-----\n"; private static final char[] privateKeyPassword = "124d0ce5&b188&11ec&a252&0a6baf81486b&#novadax#&@20220401065052&$".toCharArray(); public static void main(String[] args) { removeCryptographyRestrictions(); X509ExtendedKeyManager keyManager = PemUtils.parseIdentityMaterial(certificateChainContent, privateKeyContent, privateKeyPassword); X509ExtendedTrustManager trustManager = PemUtils.parseTrustMaterial(trustedCertificateContent); System.out.println("Done"); } private static void removeCryptographyRestrictions() { if (!isRestrictedCryptography()) { return; } try { final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity"); final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions"); final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission"); Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted"); isRestrictedField.setAccessible(true); setFinalStatic(isRestrictedField, true); isRestrictedField.set(null, false); final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy"); defaultPolicyField.setAccessible(true); final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null); final Field perms = cryptoPermissions.getDeclaredField("perms"); perms.setAccessible(true); ((Map<?, ?>) perms.get(defaultPolicy)).clear(); final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE"); instance.setAccessible(true); defaultPolicy.add((Permission) instance.get(null)); } catch (Exception e) { e.printStackTrace(); } } static void setFinalStatic(Field field, Object newValue) throws Exception { field.setAccessible(true); Field modifiersField = Field.class.getDeclaredField("modifiers"); modifiersField.setAccessible(true); modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL); field.set(null, newValue); } private static boolean isRestrictedCryptography() { // This simply matches the Oracle JRE, but not OpenJDK. return "Java(TM) SE Runtime Environment".equals(System.getProperty("java.runtime.name")); } }The method
removeCryptographyRestrictionsdoes the magic trick. I found it here: https://stackoverflow.com/a/44056166/6777695I have used the private key, certificate chain and certificate which you have shared earlier and pasted in the example above. It looks a bit verbose, but if you scroll to the main method you will understand what is happening. Can you also try on your side and share your results?
running on Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
the problem still there
Caused by: org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.13 not available: Wrong algorithm: AES or Rijndael required
at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
at nl.altindag.ssl.decryptor.BouncyFunction.lambda$andThen$0(BouncyFunction.java:22)
at nl.altindag.ssl.util.PemUtils.extractPrivateKeyInfo(PemUtils.java:493)
... 56 common frames omitted
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.13 not available: Wrong algorithm: AES or Rijndael required
at org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
... 59 common frames omitted
Caused by: java.security.InvalidKeyException: Wrong algorithm: AES or Rijndael required
at com.sun.crypto.provider.AESCrypt.init(AESCrypt.java:83)
at com.sun.crypto.provider.CipherBlockChaining.init(CipherBlockChaining.java:93)
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:591)
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:619)
at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:355)
at javax.crypto.Cipher.implInit(Cipher.java:810)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1539)
at javax.crypto.Cipher.init(Cipher.java:1470)
... 60 common frames omitted
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
Can you try if adding BouncyCastle as a SecurityProvider solves your issue?
Security.addProvider(new BouncyCastleProvider());
Or else I am out of option as I have tried to reproduce your issue on an Ubuntu environment with JDK 1.8.0_131-b11 with the given certificates while it was resolved with the example hacky solution which I gave earlier. I need to admit that I could not reproduce the exact same exception message. The one which I had was: java.security.InvalidKeyException: Illegal key size instead java.security.InvalidKeyException: Wrong algorithm: AES or Rijndael required. Maybe the generated certificates you gave to me are slightly different than what you are using privately, but thats an assumption...
A last resort could be asking the community for help at Stackoverflow as this issue is more related to the JDK than this library and the underlying library.
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
2. Contents
new error for this jce-cannot-authenticate-the-provider-bc
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
Aha, this seems like a progress. Can you add the following dependency and see if the same error is still occuring?
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
</dependency>from sslcontext-kickstart.
lijianl
commented on June 14, 2024
Aha, this seems like a progress. Can you add the following dependency and see if the same error is still occuring?
<dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.70</version> </dependency>
useless for add the dependency,
also try ro jarsigner in SHA1, faild when verify
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
Caused by: org.bouncycastle.operator.OperatorCreationException: unable to create InputDecryptor: JCE cannot authenticate the provider BC
at org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder$1.get(Unknown Source)
... 47 common frames omitted
Caused by: java.security.NoSuchProviderException: JCE cannot authenticate the provider BC
at javax.crypto.JceSecurity.getInstance(JceSecurity.java:100)
at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:204)
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createSecretKeyFactory(Unknown Source)
... 48 common frames omitted
defeated by this !!!
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
Aha, this seems like a progress. Can you add the following dependency and see if the same error is still occuring?
<dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.70</version> </dependency>useless for add the dependency,
also try ro jarsigner in SHA1, faild when verify
also try these bcprov-jdk15to18-171.jar + bcprov-ext-jdk15to18-171.jar ; same error !!!
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
Can you try the following steps:
- Download Bouncy Castle Jar from Maven Central: https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on/1.70
- Copy Bouncy Castle Jar to
$JAVA_HOME/jre/lib/ext/ - Register BC provider in Java Security by editing the file
$JAVA_HOME/jre/lib/security/java.security. Add under linesecurity.provider.1=sun.security.provider.Sunthe following line:security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProviderand bump the numbers in the line below.
So the file initially will look something like this:
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
And after your changes on the second line bouncy castly should appear and the numbers needs to be corrected after the prefix security.provider.
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
Please make a backup first before changing anything. The list above might look different on your side, so don't copy and past the whole content, just add security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider after security.provider.1=sun.security.provider.Sun and adjust the other numbers.
Looking forward to hear from you and if this will work.
from sslcontext-kickstart.
lijianl
commented on June 14, 2024
solved, but need copy bcprov-jdk15on-1.70.jar to lib/ext
take a week to solve this, thanks for all replay
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
Awesome, really nice to hear that we were able to solve this issue! It was nice debugging it, have a nice day!
from sslcontext-kickstart.
lxjoyner4029
commented on June 14, 2024
Question do the file type have to be .pem or can it be .cer for certificate and .key for Privatekey
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
@lxjoyner4029 no it can be anything, even .banana i prefer to use .pem on the main page readme, but there is no convention. The community is mostly using .crt or .cer which either is binary or base64 encoded string (pem). The library tries to read the content, regardless of the file extension.
from sslcontext-kickstart.
lxjoyner4029
commented on June 14, 2024
Started getting JCE cannot authenticate the provider BC, I tried placing bouncycastle jar in jre/lib/ext and adding the line statment to java.security and still did not work are there any other resolutions pertaining to bouncycastle not able to authenticate the privatekey.
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
Which java version are you using?
from sslcontext-kickstart.
lxjoyner
commented on June 14, 2024
Java version JDK 11.0.17 and using Gradle 7.1.1 springboot environment
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
And which JDK vendor are you using by the way?
from sslcontext-kickstart.
lxjoyner4029
commented on June 14, 2024
Oracle Corporation is the vendor
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
I am not able to reproduce your issue. It would be helpful if you can create and provide a git repo where this issue is reproducible. In that way I can try it out on my side and help you by providing maybe the solution or else I cannot help you.
from sslcontext-kickstart.
lxjoyner4029
commented on June 14, 2024
I noticed in JDK 11+ there is no longer a jre folder or a ext folder
from sslcontext-kickstart.
lxjoyner4029
commented on June 14, 2024
So is BouncyCastle compatible with JDK 11+
from sslcontext-kickstart.
Hakky54
commented on June 14, 2024
Yes bouncy castle is supported on JDK 11. The initial issue which the OP had was related to JDK 8 and the solution I provided is applicable for JDK 8.
from sslcontext-kickstart.
Related Issues (20)
- New System Keystores in Windows HOT 4
- Potential Regression in 8.1.3 (#4c16ca8) HOT 8
- withSystemTrustMaterial cannot create TrustStore because certificate is absent HOT 7
- MacCertificateUtils: Invoke "security" without the need of a shell HOT 6
- Hot reload for certificate in Quarkus HOT 7
- Dependency on bcpkix-jdk15on introduces vulnerability CVE-2023-33201 HOT 2
- Disable "Acceptable client certificate CA names" on MTLS client connect.
- Hostname verifier doesn't work with JDK Http Client HOT 4
- No available authentication scheme HOT 8
- Add Support For `withoutProtocols` + `withoutCiphers` HOT 3
- Question about Classic Configuration Migration HOT 18
- When using pem utils v8.2.0 dependency in android, Duplicate class error in org.bouncycastle HOT 3
- Loading the keystore takes a very long time in some rare cases HOT 9
- JDK9+ jdeps error HOT 6
- Implementing Dynamic SSL Pinning Using Base64 Encoded Server Certificate? HOT 6
- PKIX path building failed (client-side) when using certificates from Let's Encyrpt HOT 9
- aarch64 macOS runner support HOT 6
- FTPs - None of the TrustManagers trust this certificate chain HOT 3
- Loading of System-Certificates takes long or forever when USB-Token Software is installed. HOT 8
- Trust Anchor not found on Android HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslcontext-kickstart.