You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by "BALDWIN, ALAN J [AG-Contractor/1000]" <al...@monsanto.com> on 2005/03/25 22:23:18 UTC

jks keystore Invalid keystore

Hi all, I'm trying to encrypt a soap message using symmetric AES encryption.  I have generated a key, which is encrypting and decrypting correctly (it's been tested).  Here is the code used to generate the key.  It is a jks type keystore.  I copied this file into my webservice source code, and ran a test case to pass in the security headers to the webservice.  The stack trace is what I get.  Is there a problem with jks keystores?  Is there something I'm missing?

Thanks a lot!

  -Alan Baldwin-


...key generation code...

    Security.addProvider(new com.sun.crypto.provider.SunJCE());

    KeyGenerator kg = KeyGenerator.getInstance("AES");

    Key key = kg.generateKey();

    KeyStore ks = KeyStore.getInstance("jks");
     
    ks.load(null,"security".toCharArray());
    ks.setKeyEntry("ecms",key,"security".toCharArray(), null);
      
    ks.store(new FileOutputStream("ecms.jks"), "security".toCharArray());


...my crypto.properties file...

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=ecms
org.apache.ws.security.crypto.merlin.alias.password=security
org.apache.ws.security.crypto.merlin.file=ecms.jks


...stack trace...

2005-03-25 13:59:14 INFO  [org.apache.ws.security.components.crypto.CryptoFactory] - <Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]>
java.io.IOException: Invalid keystore format
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:612)
	at java.security.KeyStore.load(KeyStore.java:652)
	at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:524)
	at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:116)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
......
......
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [Invalid keystore format]
	at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
	at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:116)
	... 43 more




...my wsdd...

<service name="MessageEcho" provider="java:MSG">
    <requestFlow>
      <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
        <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback"/>
        <parameter name="action" value="UsernameToken Encrypt"/>
        <parameter name="decryptionPropFile" value="crypto.properties"/>
      </handler>
    </requestFlow>
    <parameter name="allowedMethods" value="echo"/>
    <parameter name="className" 
      value="com.monsanto.ag.cf.service.jaxrpc.JaxRpcMessageEcho"/>
    <!--<wsdl/>-->
  </service>

Re: jks keystore Invalid keystore

Posted by Martin Stemplinger <ms...@gmx.de>.

BALDWIN, ALAN J [AG-Contractor/1000] schrieb am 03/25/2005 10:23 PM:
> ...key generation code...
> 
>     Security.addProvider(new com.sun.crypto.provider.SunJCE());
> 
>     KeyGenerator kg = KeyGenerator.getInstance("AES");
> 
>     Key key = kg.generateKey();
> 
>     KeyStore ks = KeyStore.getInstance("jks");
>      
>     ks.load(null,"security".toCharArray());
>     ks.setKeyEntry("ecms",key,"security".toCharArray(), null);
>       
>     ks.store(new FileOutputStream("ecms.jks"), "security".toCharArray());
> 
> 
> ...my crypto.properties file...
> 
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=security
> org.apache.ws.security.crypto.merlin.keystore.alias=ecms
> org.apache.ws.security.crypto.merlin.alias.password=security
> org.apache.ws.security.crypto.merlin.file=ecms.jks
> 
> 
> ...stack trace...
> 
> 2005-03-25 13:59:14 INFO  [org.apache.ws.security.components.crypto.CryptoFactory] - <Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]>
> java.io.IOException: Invalid keystore format
> 	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:612)
> 	at java.security.KeyStore.load(KeyStore.java:652)
> 	at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:524)
> 	at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:116)
> 	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> ......
> ......
> Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [Invalid keystore format]
> 	at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
> 	at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:116)
> 	... 43 more
> 
> 
> 
> 

can you read the keystore using keytool? I noticed that keystore that 
gave me errors when processed wtih keytools didn't work with wss4j either.

tht
Martin