java.io.IOException: Invalid keystore format Spring Security SAML Extension

Question

I have successfully gotten the Spring Security SAML Extension sample application to run. Now, I'm trying to integrate it into my main application. Before I tried to integrate with my application, I created a sample application to integrate it with and it works fine. In my sample application, I used the keystore from downloaded sample application. Now, I'm trying to use the same keystore and I'm getting the following error:

Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataGenerator.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in ServletContext resource [/WEB-INF/spring/securityContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.saml.key.JKSKeyManager]: Constructor threw exception; nested exception is java.lang.RuntimeException: Error initializing keystore at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:596) at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:289) ... 89 more Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in ServletContext resource [/WEB-INF/spring/securityContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.saml.key.JKSKeyManager]: Constructor threw exception; nested exception is java.lang.RuntimeException: Error initializing keystore at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:278) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1114) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1017) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:302) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:298) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1017) at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:960) at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:858) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:553) ... 91 more Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.saml.key.JKSKeyManager]: Constructor threw exception; nested exception is java.lang.RuntimeException: Error initializing keystore at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:164) at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:125) at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:270) ... 103 more Caused by: java.lang.RuntimeException: Error initializing keystore at org.springframework.security.saml.key.JKSKeyManager.initialize(JKSKeyManager.java:121) at org.springframework.security.saml.key.JKSKeyManager.(JKSKeyManager.java:79) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148) ... 105 more Caused by: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.springframework.security.saml.key.JKSKeyManager.initialize(JKSKeyManager.java:117) ... 111 more

Here is the bean configuration for the JKSKeyManager:

<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
        <constructor-arg value="classpath:security/samlKeystore.jks" />
        <constructor-arg type="java.lang.String" value="nalle123" />
        <constructor-arg>
            <map>
                <entry key="apollo" value="nalle123" />
            </map>
        </constructor-arg>
        <constructor-arg type="java.lang.String" value="apollo" />
    </bean>

Can anyone help me with what's causing this error?

Answer 1

I had a similar issue; I figured Maven was filtering out my resources and adding this solved the problem:

   <resource>
        <directory>src/main/resources</directory>
        <filtering>true</filtering>
        <excludes>
            <exclude>**/*.jks</exclude>
        </excludes>
    </resource>
    <resource>
        <directory>src/main/resources</directory>
        <filtering>false</filtering>
        <includes>
            <include>**/*.jks</include>
        </includes>
    </resource>

Answer 2

I had the same issue. Maven was copying the binary file incorrectly.

I had to add the following to my maven-resources-plugin:

<nonFilteredFileExtensions>
    <nonFilteredFileExtension>jks</nonFilteredFileExtension>
</nonFilteredFileExtensions>

You can test this by running the command in your target directory:

keytool -list -keystore ~/<your_project_target_directory>/security/samlKeystore.jks

When my maven was copying the file incorrectly I was getting:

keytool error: java.io.IOException: Invalid keystore format

Once I added the nonFilteredFileExtension I was immediately prompted for the password.