I have a keystore with a key pair generated by the following command:
keytool -genkeypair -v -alias test-agent -keypass test-agent -storepass 123456.ABC -keystore test-agent.keystore -storetype JKS
I fill the requested information for the certificate and the store with the key pair is generated correctly.
The following command:
keytool -list -keystore test-agent.keystore -storepass 123456.ABC -storetype JKS
Returns:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
test-agent, Jul 13, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): 7B:8F:D7:25:FF:34:D0:EF:44:87:46:E5:BF:18:C6:BF
Now I add the keystore file to my build path and try to load it with the following java code running on an OSX Lion:
public void loadKeyStore() {
try {
final Provider p = Security.getProvider("SUN");
final KeyStore keystore = KeyStore.getInstance("JKS",p);
final InputStream keyStoreInStream = this.getClass().getClassLoader().getResourceAsStream("test-agent.keystore");
if ( keyStoreInStream == null ) throw new RuntimeException("No keystore found!");
final char[] password = "123456.ABC".toCharArray();
try {
keystore.load(keyStoreInStream, password);
} catch (Exception e) {
log.error(String.format("Security library error! [%s]",e.getCause()),e);
}
} catch (KeyStoreException e) {
log.error("Can't initialize security library!",e);
}
}
The following exception is thrown:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
I've already tried to use PKCS12 (set both for keytool and in the code, respectively the provider in this case should be SunJSSE) which results in another exception:
java.io.IOException: DerInputStream.getLength(): lengthTag=111, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:347)
at sun.security.util.DerValue.<init>(DerValue.java:303)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200)
at java.security.KeyStore.load(KeyStore.java:1185)
I have no clue what the problem is. Can anybody give me a hint?
I found the solution. It was actually a problem with the deployment of my project. I use maven and its resource plugin does encode all files in the resource folder using UTF8. This encoding corrupted the keystore. The solution is to add an ignore filter option to the pom file and tell maven not to encode the keystore file.