Code below fails every time with IOException of "Invalid keystore format" when performing the keystore.load() method. The file is loaded from the .jar file successfully. Using Java 1.8 on Windows 10 Pro. Maven is used compile and assemble the jar files and then war together and deploy to JBOSS server as a war file. I have tried .getInstance with getDefault() as well with the same error.
InputStream stream;
stream = Thread.currentThread().getContextClassLoader()
.getResourceAsStream("cacerts.jks");
if (stream == null) {
stream = CustomTrustManager.class.getClassLoader()
.getResourceAsStream("cacerts.jks");
}
if(stream == null) {
Log.error("Unable to load cacerts.jks. This is needed to make HTTPS connections to internal servers.");
throw new NotFoundException();
}
KeyStore myTrustStore = KeyStore.getInstance("JKS");
myTrustStore.load(stream, "xxxxx".toCharArray());
The "cacerts.jks" file is generated from a self-signed server certificate "server1.crt" file using the following command:
keytool -v -import -alias devserver -file server1.crt -keystore cacerts.jks
This completes successfully and command:
keytool -list -keystore cacerts.jks
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
devserver, Aug 15, 2019, trustedCertEntry,
Certificate fingerprint (SHA1): F6:7F:C9:95:0E:B8:59:07:24:23:67:93:43:B2:C9:AA:CD:5B:AF:68
Shows no problems with keystore file. I have scanned many StackOverflow articles but none point to a solution for the issue. In debug mode the InputStream has the following format once the resource is loaded. I assume the ZipFile type is normal from loading from a .jar file.
Appreciate any insight on how to load the keystore file successfully. Thanks
StackTrace below:
2019-08-18 17:00:53,038 ERROR service.CustomTrustManager (CustomTrustManager.java:59) [default task-2] - KeyStore failed to laod
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:1.8.0_161]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:1.8.0_161]
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_161]
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:1.8.0_161]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_161]
at cinfin.thirdparty.service.CustomTrustManager.<init>(CustomTrustManager.java:57) [ThirdPartyWSCore-1.13.0.jar:1.13.0]
at cinfin.thirdparty.riskmeter.service.RiskMeterClientService.configureSSL(RiskMeterClientService.java:125) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.service.RiskMeterClientService.getHttpClient(RiskMeterClientService.java:103) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.service.RiskMeterClientService.getRiskMeterData(RiskMeterClientService.java:87) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.bo.RiskMeterBo.getRiskMeterData(RiskMeterBo.java:50) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at cinfin.thirdparty.riskmeter.ws.RiskMeterService.getRiskMeterData(RiskMeterService.java:18) [ThirdPartyWSRiskMeter-1.0.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:84) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at cinfin.thirdparty.metering.bo.MeteringAspectImpl.performVendorCall(MeteringAspectImpl.java:64) [ThirdPartyWSCore-1.13.0.jar:1.13.0]
at cinfin.thirdparty.metering.bo.MeteringAspectImpl.aroundMeteredAnnotationAdvice(MeteringAspectImpl.java:33) [ThirdPartyWSCore-1.13.0.jar:1.13.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:627) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:616) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) [spring-aop-4.3.24.RELEASE.jar:4.3.24.RELEASE]
at com.sun.proxy.$Proxy206.getRiskMeterData(Unknown Source) [?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:189) [cxf-rt-frontend-jaxrs-3.1.10.jar:3.1.10]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99) [cxf-rt-frontend-jaxrs-3.1.10.jar:3.1.10]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:223) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar!/:1.0.0.Final-redhat-1]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274) [cxf-rt-transports-http-3.1.10.jar:3.1.10]
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) [wildfly-undertow-7.0.9.GA-redhat-3.jar!/:7.0.9.GA-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) [wildfly-undertow-7.0.9.GA-redhat-3.jar!/:7.0.9.GA-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) [undertow-servlet-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:324) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:803) [undertow-core-1.3.31.Final-redhat-3.jar!/:1.3.31.Final-redhat-3]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
The binary JKS file was probably filtered by the Maven Resources Plugin, which resulted in a corrupted file and is a pretty common problem:
Maven corrupts WAV file when copying to Java resource dir during build
Maven corrupting binary files in source/main/resources when building jar
generated certificate stops working when moved to resources folder
The binary file was basically treated as a text file and therefore the file in the jar starts with UTF-8 characters (0xEFBFBDEFBFBD
) instead of the magic number for JKS (0xFEEDFEED
).
The Resources Plugin documentation contains an explicit warning:
Do not filter files with binary content like images! This will most likely result in corrupt output.
Possible solutions are:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With