NoSuchAlgorithm for pkcs12 keystore key

Question

I am writing an example program to query a vendor's webservice from a java application. I am not doing this from a server, it is a java command-line desktop application. EDIT: using Java 7.

I have certificates provided by the vendor -- one includes a chain to identify the vendor, the other is a keystore to identify my company. I have imported the vendor certs into cacerts, and believe that to be working since it eliminated an error I used to get when creating the Service object.

I am getting a NoSuchAlgorithm error when I actually attempt to run the remote call to the webservice; does this mean that pkcs12 is not a valid type of keystore? Keystore Explorer can read this keystore, leading me to believe that using pkcs12 should be possible somehow.

So I want to know what I'm doing wrong, for instance, whether there is something I need to do for a PKCS12 type key. Since I specify a keystore with a VM command line option, I'm also puzzled why the SSL debug information does not list that keystore.

I run this with the following options:

-Djavax.net.debug=ssl -Djavax.net.ssl.keystore="S:\Vendor Documentation\9.07\Web Services\MyCompanykickoff\VendorSaaSWebServices-Customer.pfx" -Djavax.net.ssl.keyStorePassword=cX5L9CTj -Djavax.net.ssl.keyStoreType=pkcs12

And I get the following output:

run:
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EndorsingSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync
{http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice}CustomBinding_IWSTrust13Sync1
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEncryptedSupportingTokens" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Trust13" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss11" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0075: Policy assertion "{http://www.w3.org/2006/05/addressing/wsdl}UsingAddressing" was evaluated as "UNKNOWN".
Dec 28, 2015 9:03:46 AM [com.sun.xml.internal.ws.policy.EffectiveAlternativeSelector]  selectAlternatives
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness "UNKNOWN".
keyStore is : 
keyStore type is : pkcs12

keyStore provider is : 
init keystore
default context init failed: java.security.KeyStoreException: pkcs12
 not found
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
  at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:194)
  at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:122)
  at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:123)
  at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:626)
  at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:585)
  at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:570)
  at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:467)
  at com.sun.xml.internal.ws.client.Stub.process(Stub.java:308)
all done
  at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:177)
  at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:203)
  at stsclientexample3.STSClientExample3.main(STSClientExample3.java:72)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198)
  at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205)
  at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:361)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:162)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:378)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:473)
  at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:270)
  at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:327)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:974)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
  at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1090)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:105)
  ... 11 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  at java.security.Provider$Service.newInstance(Provider.java:1262)
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
  at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
  at javax.net.ssl.SSLContext.getDefault(SSLContext.java:97)
  at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:121)
  at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:333)
  at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:291)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:85)
  at sun.net.www.protocol.https.Handler.openConnection(Handler.java:62)
  at java.net.URL.openConnection(URL.java:1018)
  at com.sun.xml.internal.ws.api.EndpointAddress.openConnection(EndpointAddress.java:202)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.createHttpConnection(HttpClientTransport.java:202)
  at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:102)
  ... 11 more
Caused by: java.security.KeyStoreException: pkcs12
 not found
  at java.security.KeyStore.getInstance(KeyStore.java:616)
  at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultKeyManager(SSLContextImpl.java:603)
  at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:495)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
  at java.lang.Class.newInstance0(Class.java:372)
  at java.lang.Class.newInstance(Class.java:325)
  at java.security.Provider$Service.newInstance(Provider.java:1238)
  ... 24 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12
 KeyStore not available
  at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
  at java.security.Security.getImpl(Security.java:695)
  at java.security.KeyStore.getInstance(KeyStore.java:613)
  ... 33 more
BUILD SUCCESSFUL (total time: 0 seconds)

Good ol' Netbeans, telling me my build is successful...

In case someone still wants the code after all that:

package stsclientexample3;

import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.Service;
import javax.xml.ws.Service.Mode;
import javax.xml.ws.soap.AddressingFeature;

import org.oasis_open.docs.ws_sx.ws_trust._200512.RequestSecurityTokenType;

public class STSClientExample3 {

    public static void main(String[] args) {
        try
        {
    final Service service 
      = Service.create( 
              new URL("file://\\project\\VendorDemo\\DocumentAPIv22Methods\\EchoSignDocumentService22Demo\\Java\\STSClientExample2\\web\\WEB-INF\\wsdl\\SecurityTokenService.wsdl"),
                        new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "SecurityTokenService") 
                       );
    Iterator<QName> ports = service.getPorts();
    while (ports.hasNext()) {
        QName port = ports.next();
        System.out.println(port.toString());
    }

    final Dispatch dispatch 
      = service.createDispatch(new QName("http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice", "CustomBinding_IWSTrust13Sync"), 
                                JAXBContext.newInstance("org.oasis_open.docs.ws_sx.ws_trust._200512"), 
                                Mode.PAYLOAD, 
                                new AddressingFeature()
                              );

    final BindingProvider provider = (BindingProvider) dispatch;

    final Map requestContext = provider.getRequestContext();

    requestContext.put(BindingProvider.SOAPACTION_URI_PROPERTY, "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");

    final RequestSecurityTokenType request = new RequestSecurityTokenType();

    dispatch.invoke(new JAXBElement<RequestSecurityTokenType>
                          (new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestSecurityToken"), 
                            RequestSecurityTokenType.class, 
                            request)
                          );
        }
         catch (Exception e) { e.printStackTrace(); }
        System.out.println("all done");
    }

    public static void disableCertificates()
    {
        try {
            TrustManager[] trustAllCerts = 
            {new X509TrustManager() 
                {
                    public X509Certificate[] getAcceptedIssuers() { return null; }
                    public void checkClientTrusted(X509Certificate[] certs, String authType) { }
                    public void checkServerTrusted(X509Certificate[] certs, String authType) { }
                }
            };
            SSLContext sc = SSLContext.getInstance("SSL");
            HostnameVerifier hv 
                    = new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } };
            sc.init(null, trustAllCerts, new SecureRandom());

            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(hv);
        } 
        catch (Exception localException) 
        {
            System.out.println("Problem disabling SSL certificates: " + localException.getMessage());
        }
    }

}

Answer 1

I got a dumb mistake which caused the NoSuchAlgorithm exception.

If You (or anyone reading this post) is getting this error with SpringBoot, check Your application.properties and make sure that You didn't write the keystore type value like this:

server.ssl.key-store-type="PKCS12"

Note the quotation marks which shouldn't be there!

After removing them, the exception was gone.\

I am using Java 1.8:

java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.65-b01, mixed mode)

P.S. I know this is not that much connected to the question, but a Google query of the NoSuchAlgorithm exception led me to this page, so I thought it would be a good place to write this advice.