java.io.IOException: Keystore was tampered with

Hello everyone, would you help me to overcome this exception that's been bugging me for 2 days?

in my project there is a call to a web service of a public service, the functionality that invokes the serviziofunziona perfectly but to switch from the test environment to "production" require client authentication using a digital certificate issued by them.

I installed without problems certificate in a custom keystore, whose path and password will be included in the 'application during installation (because it will live together with other modules but will rimanerne "wildly" separated):

now I'm trying to place the use of this keystore in the code.
I have taken two paths:

simply by setting the properties of the system with "javax.net.ssl.xxx" but it does not work, the sergeant exception is raised:

java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
	at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
	at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:212)
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:81)
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:126)
	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:706)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:386)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
        ... 3 more
	at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
	at java.security.Provider$Service.newInstance(Provider.java:1245)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
	at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
	at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
	... 11 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
	at java.security.KeyStore.load(KeyStore.java:1185)
	at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
	at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
	at java.lang.Class.newInstance0(Class.java:355)
	at java.lang.Class.newInstance(Class.java:308)
	at java.security.Provider$Service.newInstance(Provider.java:1221)
	... 16 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
	... 27 more

Here is the code:

String url = (String)ParametriInstallazioneDao.getParameterValue("xxx.url");
	    String keystoreUrl = (String)ParametriInstallazioneDao.getParameterValue("xxx.keystoreUrl");
	    String keystorePassword = (String)ParametriInstallazioneDao.getParameterValue("xxx.keystorePassword");
	    String truststoreUrl = (String)ParametriInstallazioneDao.getParameterValue("xxx.truststoreUrl");
	    String truststorePassword = (String)ParametriInstallazioneDao.getParameterValue("xxx.truststorePassword");
	    
	    if(url==null)   throw new Exception("");
	    
	    if (keystoreUrl == null || keystorePassword == null || truststoreUrl == null || truststorePassword == null )    	throw new Exception("");
	    
	    String[][] properties = {  
	    	      { "javax.net.ssl.trustStore", truststoreUrl, },
	    	      { "javax.net.ssl.trustStorePassword", truststorePassword,} ,
	    	      { "javax.net.ssl.keyStore", keystoreUrl, },  
	    	      { "javax.net.ssl.keyStorePassword", keystorePassword, },  
	    	      { "javax.net.ssl.keyStoreType", "jks", }
	    	    };  
	    for (int i = 0; i < properties.length; i++)  
	       	System.getProperties().setProperty(properties[i][0], properties[i][1]);

HttpClient httpClient = new HttpClient();	
	    HostConfiguration hostConfig = httpClient.getHostConfiguration();
            PostMethod postMethod = new PostMethod(url);
	    postMethod.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler(5, false));
	    postMethod.getParams().setContentCharset("UTF-8");
	    String soapEnvelope = getSoapSuite(this.header.getHeader(azione), richiesta.xmlText() );
	    String codedRequest = this.encodeUTF8(soapEnvelope);	
            postMethod.setRequestBody(codedRequest);

int statusCode = httpClient.executeMethod(hostConfig, postMethod);
            
            ...

and then analyzing some of the alternatives, the result of hours of "google" I tried the following with no major improvements:

String url = (String)ParametriInstallazioneDao.getParameterValue("xxx.url");
	    String keystoreUrl = (String)ParametriInstallazioneDao.getParameterValue("xxx.keystoreUrl");
	    String keystorePassword = (String)ParametriInstallazioneDao.getParameterValue("xxx.keystorePassword");
	    String truststoreUrl = (String)ParametriInstallazioneDao.getParameterValue("xxx.truststoreUrl");
	    String truststorePassword = (String)ParametriInstallazioneDao.getParameterValue("xxx.truststorePassword");
	    URL keystoreUrlObj = new URL("file:"+keystoreUrl);
            URL trustStoreUrlObj = new URL("file:"+truststoreUrl);
	    int sslPort = (new Integer((String)ParametriInstallazioneDao.getParameterValue("it.eng.territoriale.medleg.inps.pdd.ssl.sslPort"))).intValue();
	    
	   if(url==null)   throw new Exception("");
	    
	    if (keystoreUrl == null || keystorePassword == null || truststoreUrl == null || truststorePassword == null )    	throw new Exception("");

HttpClient httpClient = new HttpClient();	
	    HostConfiguration hostConfig = httpClient.getHostConfiguration();
	    	    
	    AuthSSLProtocolSocketFactory authSSLFactory = new AuthSSLProtocolSocketFactory(keystoreUrlObj, keystorePassword, trustStoreUrlObj, truststorePassword);
	    Protocol protocol = new Protocol("https", authSSLFactory, sslPort);
	    Protocol.registerProtocol("https", protocol);
	    hostConfig.setHost(url, sslPort, protocol);

PostMethod postMethod = new PostMethod(url);
...
ecc
...

so I get an exception simpler but essentially the same:

java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
	at java.security.KeyStore.load(KeyStore.java:1185)
	at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:519)
	at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:365)
	at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:90)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:125)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:117)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:62)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:105)
	at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.<init>(AuthSSLProtocolSocketFactory.java:185)
... 3 more
	at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
	... 14 more
org.apache.commons.ssl.ProbablyBadPasswordException: Probably bad JKS password: java.io.IOException: Keystore was tampered with, or password was incorrect
	at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:570)
	at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:365)
	at org.apache.commons.ssl.KeyStoreBuilder.build(KeyStoreBuilder.java:90)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:125)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:117)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:62)
	at org.apache.commons.ssl.KeyMaterial.<init>(KeyMaterial.java:105)
	at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.<init>(AuthSSLProtocolSocketFactory.java:185)
... 3 more
	at java.lang.Thread.run(Thread.java:662)

This first obstacle seems to be behind us.
I changed my class to generate the ssl socket,
I checked out The password (actually it was stored on the database with a space for more ..)
I asked for the keystore file to the client in order to use its private key for the certificate import .
But even now I find myself in front of an exception that prevents me from going to include the certificate and for which boast plenty of time "gooooogle" was useless: I have found a lot, and I found nothing;

"keytool error java.lang.Exception: failed to Establish chain from reply".

I'm trying to run the following command keytool

Someone can help me?!