Spring SAML:解密加密密钥时出错,没有安装的提供程序支持此密钥

  • Z时代
  • 2024-01-10
  • 分类:问答

我已经参考了Spring SAML手册来创建私钥和导入公共证书。但是我仍然面临加密/解密问题。

我已经使用手册中提到的以下命令创建了一个JKS文件,如下所示

导入IDP公共证书的命令

keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file testIdp.cer

用于私钥的命令

keytool -genkeypair -alias myprivatealias -keypass changeit -keystore samlKeystore.jks

私钥和密钥库的密码均定义为“ changeit”

我已经将securityContext配置如下

<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
    <constructor-arg value="classpath:security/samlKeystore.jks"/>
    <constructor-arg type="java.lang.String" value="changeit"/>
    <constructor-arg>
        <map>
            <entry key="myprivatealias" value="changeit"/>
        </map>
    </constructor-arg>
    <constructor-arg type="java.lang.String" value="myprivatealias"/>
</bean>

我可以看到idpDiscovery页面,可以在其中选择IDP。我也可以查看IDP的登录页面。但是,当我提供用户凭据时,出现以下异常。

。(类:spring-

saml jar的WebSSOProfileConsumerImpl)

ERROR org.opensaml.xml.encryption.Decrypter  - Error decrypting encrypted key
org.apache.xml.security.encryption.XMLEncryptionException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
Original Exception was java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1479)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:697)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:628)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:783)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: sun.security.provider.DSAPrivateKey
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1475)
... 46 more
740323 [http-8080-2] ERROR org.opensaml.xml.encryption.Decrypter  - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
740324 [http-8080-2] ERROR org.opensaml.xml.encryption.Decrypter  - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
740325 [http-8080-2] ERROR org.opensaml.saml2.encryption.Decrypter  - SAML Decrypter encountered an error decrypting element content

谁能让我知道我要去哪里错了吗?

替代命令使用私钥生成,而不是上面提到的

keytool -genkey -alias privatekeyalias -keyalg RSA -keystore samlKeystore.jks

如果使用此命令并更新JKS文件,则会收到另一个异常,称为 。

Caused by: java.security.InvalidKeyException: Key is too long for unwrapping
at com.sun.crypto.provider.RSACipher.engineUnwrap(DashoA13*..)
at javax.crypto.Cipher.unwrap(DashoA13*..)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477)
... 46 more
41   [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter  - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
42   [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter  - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
42   [http-8080-1] ERROR org.opensaml.saml2.encryption.Decrypter  - SAML Decrypter encountered an error decrypting element content

谁能帮我解决这个问题?

回答:

该问题是由于在应用程序中使用与通过以下方式生成的密钥库不同的密钥库引起的:

keytool -genkeypair -alias privatekeyalias -keypass samplePrivateKeyPass -keystore samlKeystore.jks -keyalg RSA -sigalg SHA1WithRSA

以上是 Spring SAML:解密加密密钥时出错,没有安装的提供程序支持此密钥 的全部内容, 来源链接: utcz.com/qa/421683.html

回到顶部