• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

keystore format

 
Greenhorn
Posts: 19
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

Possibly a Wildfly configuration issue, hence posting on this forum.

I am using Apache WSS4J (Web Services Security) through CXF and Spring to sign and encrypt a message request.
The application is deployed in Wildfly.

However, at the start of the sign and encryption process, I am getting the "Invalid keystore format" error.


org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:958)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:365)
... 30 more
2015-05-18 14:23:33,791 DEBUG org.apache.ws.security.components.crypto.Merlin 369 Invalid keystore format
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:365)
at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:187)



When I looked the source code for sun.security.provider.JavaKeyStore.engineLoad line 650, this what I found

645 int xMagic = dis.readInt();
646 int xVersion = dis.readInt();
647
648 if (xMagic!=MAGIC ||
649 (xVersion!=VERSION_1 && xVersion!=VERSION_2)) {
650 throw new IOException("Invalid keystore format");
651 }


http://www.docjar.com/html/api/sun/security/provider/JavaKeyStore.java.html

where

68 private static final int MAGIC = 0xfeedfeed;
69 private static final int VERSION_1 = 0x01;
70 private static final int VERSION_2 = 0x02


It seems the cause is due to the failure of the check on line 648/649.

Any suggestion as to :-
what this check is all about ?
How I can overcome this ?


Also could this be due to a Wildfly configuration setting that I may have missed out ?

Thank you for your help.

Pete
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Keystore is a core component of Java. A Keystore database (file) can be created in various different formats, but J(2)EE likes the "JKS" format. From the error that you are getting, I'd say that the keystore in question isn't a valid JKS-form database file.

I recommend looking at the docs for the Java keytool utility. It should provide some info on how to analyze (and create!) a keystore.
 
Pete Long
Greenhorn
Posts: 19
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Hi

I have done a little more investigation and this is what I have determined.

I am putting the JKS file ( valid ) in the WEB-INF directory. So in effect, when the war is created, the JKS file is in the war file.

When I deploy the application, the war file gets exploded into a temporary directory. I determined the location of this directory
by stepping through via the debugger.
If I goto the WEB-INF directory where the war file has been exploded and perform the command

keytool -list -v -keystore keystore.jks

I get a "java.io.IOException: Invalid keystore format" repoprted.

So it seems like the JKS file is getting corrupted when the war is exploded into a temporary directory.

Incidently, if I perform

keytool -list -v -keystore keystore.jks

in the WEB-INF of my src code, no errors reported.

Tim, you are correct that the JKS file is invalid but it is invalid because it appears to be corrupted.

I have put the JKS file in the "configuration" directory under standalone but the application is not picking the JKS file.


Any suggestions as to how I put the JKS file outside of the war file and application can still pick the JKS file up ?
I presume this is possible but just need help with what the configuration settings requred to acheive this.

Any help will be appreicated. Thank you.

Pete



 
Tim Holloway
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I definitely wouldn't put secured information such as a keystore inside a web application. It should be located in a place external to both the webapp and the webapp server.

What I normally do to make life easier is define a JNDI resource containing the filesystem absolute location of the external file. That way I can configure it flexibly without having to make mods to the WAR. This can be especially useful if you do like me and use Windows for development and Solaris/Unix for deployment, as their filesystem standards are completely different.
 
Pete Long
Greenhorn
Posts: 19
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Tim,


I too have almost the same set up as you - " Windows for development and Linux for deployment,"

As to your suggestion of "define a JNDI resource containing the filesystem absolute location of the external file",

would you be able to give an example of how this can be done on WildFly please.

I must admit, it has been quite an interesting problem to look into.

Again very much appreicated your help.

Regards
Pete
 
Pete Long
Greenhorn
Posts: 19
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Hi

see link https://coderanch.com/forums/posts/reqResolved/650611 to my not so good work around to get access to the external file.

Pete
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic