大家好,我是顺亿。今天来跟大家聊聊Applet数字签名的问题。很多人在使用keytool和jarsigner生成数字签名后,发现Applet在浏览器中加载时出现证书解析异常。这可怎么办呢?别急,今天我们就来分析一下这个问题。
问题分析
首先,我们来看一下异常信息:
java.security.cert.CertificateParsingException: no more data allowed for version 1 certificate
at sun.security.x509.X509CertInfo.parse(Unknown Source)
at sun.security.x509.X509CertInfo.(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.(Unknown Source)
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificates(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificates(Unknown Source)
at com.sun.deploy.security.WIExplorerCertStore.generateCertificate(Unknown Source)
at com.sun.deploy.security.WIExplorerCertStore.loadCertificates(Native Method)
at com.sun.deploy.security.WIExplorerCertStore.load(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
这个异常通常是因为证书版本过低导致的。在Applet中,证书版本必须为3或更高。
解决方案
解决这个问题的方法很简单,只需要生成一个版本为3或更高的证书即可。
- 使用keytool生成新的私钥和证书,指定版本为3:
keytool -genkey -alias myapplet -keyalg RSA -keysize 2048 -keystore mykeystore -storepass mypassword -validity 365 -dname "CN=MyApplet, OU=MyCompany, L=MyCity, ST=MyState, C=MyCountry" -certsytle RSA -x509 -v3
- 使用jarsigner对Applet应用进行签名:
jarsigner -keystore mykeystore -storepass mypassword -alias myapplet -signedjar myapplet_signed.jar myapplet.jar
这样,新的证书就生成了,Applet在浏览器中加载时应该就不会再出现证书解析异常了。
小结与拓展
今天我们分析了Applet数字签名失败的问题,并提供了相应的解决方案。需要注意的是,Applet已经逐渐被淘汰,建议大家在开发新项目时考虑使用更安全、更现代的技术。
我是顺亿,如果你对编程有任何疑问,欢迎来「趣航编程网」(www.vqhf.com)和我交流。
