netty ssl错误File does not contain valid private key

最新推荐文章于 2024-07-17 08:27:35 发布

原创最新推荐文章于 2024-07-17 08:27:35 发布 · 5.4k 阅读

0 ·

CC 4.0 BY-SA版权

后端专栏收录该内容

26 篇文章

订阅专栏

本文介绍了在遇到Netty SSL错误'File does not contain valid private key'时，由于Netty4不支持PKCS12格式的私钥，如何将私钥转换为PKCS8格式以解决问题。参考链接提供了详细步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

   public static void main(String[] args) throws Exception {
        ContextProvider.onStart();
        File keyFile = new File("/out/my.key"); 
        File crtFile = new File("/out/my.crt");
        EventLoopGroup bossGroup = new NioEventLoopGroup(); // (1)
        EventLoopGroup workerGroup = new NioEventLoopGroup();
        try {
            /** 使用已有的证书 */
            final SslContext ctx = SslContextBuilder.forServer(crtFile,
                    keyFile, "123456").build();
            ServerBootstrap b = new ServerBootstrap(); // (2)
            b.group(bossGroup, workerGroup)
                    .channel(NioServerSocketChannel.class) // (3)
                    .childHandler(new ChannelInitializer<SocketChannel>() { // (4)
                        @Override
                        public void initChannel(SocketChannel ch) throws Exception {
                            ChannelPipeline pipe = ch.pipeline();
                            if (ch.localAddress().getPort() == 443) {
                                pipe.addLast(ctx.newHandler(ch.alloc()));
                            }
                            pipe.addLast(new RtspDecoder()).addLast(new RTSPHandler());
                            pipe.addLast(new ReadTimeoutHandler(30));
                        }
                    })
                    .option(ChannelOption.SO_BACKLOG, 128)          // (5)
                    .childOption(ChannelOption.SO_KEEPALIVE, true); // (6)
            List<ChannelFuture> futures = new ArrayList<>();
            futures.add(b.bind(80));
            futures.add(b.bind(443));
            for (ChannelFuture f : futures) {
                f.channel().closeFuture().sync();
            }
        } catch (Exception ex) {
            logger.error("start netty failed, ", ex);
        } finally {
            workerGroup.shutdownGracefully();
            bossGroup.shutdownGracefully();
        }
    }

结果报错

java.lang.IllegalArgumentException: File does not contain valid private key: \out\my.key
        at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:270) ~[netty-all-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:90) ~[netty-all-4.1.32.Final.jar:4.1.32.Final]
        at com.eques.eqhome.Main.Main.main(Main.java:153) [classes/:?]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_151]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_151]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_151]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_151]
        at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:294) [exec-maven-plugin-1.5.0.jar:?]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
Caused by: java.security.KeyException: could not find a PKCS #8 private key in input stream (see http://netty.io/wiki/sslcontextbuilder-and-private-key.html for more information)
        at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:128) ~[netty-all-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:109) ~[netty-all-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1015) ~[netty-all-4.1.32.Final.jar:4.1.32.Final]
        at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:268) ~[netty-all-4.1.32.Final.jar:4.1.32.Final]
        ... 8 more

因为netty4不支持pkcs12格式的私钥, 所以需要将私钥转换成pkcs8格式. 见
https://blog.youkuaiyun.com/wzj_whut/article/details/85715347#pkcs12pkcs8_50

openssl pkcs8 -in my.key -topk8 -out my.pk8