"java.io.IOException: keystore password was incorrect" on KeyStore load

Question

I've generated a pfx file following the nexts steps:

openssl pkcs8 –in CSD01.key –inform DER –out CSD01.pem

openssl x509 –in CSD01.cer –inform DER –out CSD01cer.pem

openssl pkcs12 –export –inkey CSD01.pem –in CSD01cer.pem –out CSD01.pfx

Now, I'm trying to read this CSD01.pfx file with this Java code:

public static PrivateKey getPrivateKey(File file)
        throws KeyStoreException,
        IOException,
        CertificateException,
        NoSuchAlgorithmException,
        UnrecoverableKeyException {
    KeyStore ks = KeyStore.getInstance("PKCS12");
    ks.load(new FileInputStream(file), pwdPFX);
    String alias = ks.aliases().nextElement();

    return (PrivateKey) ks.getKey(alias, pwdPFX);
}

where pwdPFX is:

final static char[] pwdPFX = "12345678a".toCharArray();

but the line ks.load throws the following error:

Exception in thread "main" java.io.IOException: keystore password was incorrect
    at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2079)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at Main.getCertificate(Main.java:105)
    at Main.main(Main.java:51)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    ... 4 more

I'm sure that the password is correct, because i tried with "openssl pkcs12 -in CSD01.pfx -noout" and works fine.

If I open the PFX file winth openssl info I get:

MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Certificate bag
Bag Attributes
    localKeyID: CA D8 B0 AA 79 40 AE C6 65 D9 DB 97 55 B9 95 B8 63 14 09 C4
subject=CN = BERENICE XIMO QUEZADA, name = BERENICE XIMO QUEZADA, O = BERENICE XIMO QUEZADA, C = MX, emailAddress = pruebas@pruebas.gob.mx, x500UniqueIdentifier = XIQB891116QE4, serialNumber = XIQB891116MGRMZR05
issuer=CN = AC UAT, O = SERVICIO DE ADMINISTRACION TRIBUTARIA, OU = SAT-IES Authority, emailAddress = oscar.martinez@sat.gob.mx, street = 3ra cerrada de cadiz, postalCode = 06370, C = MX, ST = CIUDAD DE MEXICO, L = COYOACAN, x500UniqueIdentifier = 2.5.4.45, unstructuredName = responsable: ACDMA-SAT
-----BEGIN CERTIFICATE-----
MIIF1DCCA7ygAwIBAgIUMzAwMDEwMDAwMDA0MDAwMDIzMTEwDQYJKoZIhvcNAQEL
BQAwggErMQ8wDQYDVQQDDAZBQyBVQVQxLjAsBgNVBAoMJVNFUlZJQ0lPIERFIEFE
TUlOSVNUUkFDSU9OIFRSSUJVVEFSSUExGjAYBgNVBAsMEVNBVC1JRVMgQXV0aG9y
aXR5MSgwJgYJKoZIhvcNAQkBFhlvc2Nhci5tYXJ0aW5lekBzYXQuZ29iLm14MR0w
GwYDVQQJDBQzcmEgY2VycmFkYSBkZSBjYWRpejEOMAwGA1UEEQwFMDYzNzAxCzAJ
BgNVBAYTAk1YMRkwFwYDVQQIDBBDSVVEQUQgREUgTUVYSUNPMREwDwYDVQQHDAhD
T1lPQUNBTjERMA8GA1UELRMIMi41LjQuNDUxJTAjBgkqhkiG9w0BCQITFnJlc3Bv
bnNhYmxlOiBBQ0RNQS1TQVQwHhcNMTkwNTI4MjE1ODQyWhcNMjMwNTI3MjE1ODQy
WjCByTEeMBwGA1UEAxMVQkVSRU5JQ0UgWElNTyBRVUVaQURBMR4wHAYDVQQpExVC
RVJFTklDRSBYSU1PIFFVRVpBREExHjAcBgNVBAoTFUJFUkVOSUNFIFhJTU8gUVVF
WkFEQTELMAkGA1UEBhMCTVgxJTAjBgkqhkiG9w0BCQEWFnBydWViYXNAcHJ1ZWJh
cy5nb2IubXgxFjAUBgNVBC0TDVhJUUI4OTExMTZRRTQxGzAZBgNVBAUTElhJUUI4
OTExMTZNR1JNWlIwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJL
U6Iu3cOyJ14hkh9mjCy3XN5i1M36+60vnwTap8Uv1vQQxJqIB4WK85CSJxujhZE0
XY2OT6QPJMQ3kqcuMk8Yz+KptHq51Uhs4jiShI0GGoVUqZ/8qSmY+DnYM/WGvSzu
aMMm+cMwgMVYusKHE5FI+K39ht9aSP045KIR84ImnDuVp6DJeUaHEtlqspnQfMvZ
HfmT71IT7niBJOWYThjmCKMX6Y5tnlng8pOs9hjwHzlpUhVlGRjjUSJjeIZZY66k
gbQcpOFCUsoyR2SbOZDMWSqlsXNsRZ5sjICxFrMqZ6GoCzobx7tn6WYisTVvMIvk
NHzi8a8idyAMVrDhNb0CAwEAAaNPME0wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC
A9gwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEF
BQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAFFyKKTbclgM9SellL9BCWusArCHwtERU
XnaFzQzVbcXzZ9rrXoiXLo8OCCkE5fT4ig8FcWiH1bkh6ZABQSHKcEEY9ewJWZpD
3bA8E7DLHfDHmG1EqRKStajIG1aq3GSvFAetMvJE2epFsWvkO7CkN2hNT9SwsFkB
Yl+aiCP27LzQ4uD+mXJ6Pg79nD/ayuQDa7RGJ6u5KHY1I66xcpVxOegQr+zolYQ6
RfAye6Fk6JxUnYBVXtnsC3GLpB0fMb+53NZGzARVD9/762A3dy3GHlMWs9FVoRN7
DBJyNsVSlAodi9ClETC3Tr7WuXIzPZTbu17JEcqgL6Ovrk6L/SLULvhDe89eBmZH
GIm5Vaye2X1OeY+CmpKZ0nMzu16+hOhE3ecRTmxHFUCWzyHuH8qyBetiJY64vyHM
wgbyqwM3Lk7lEQowhYb4s8vGyJgb0qQoyt0lACbtkM73CwzasPTtxnHZFKzt0C9a
YIZvSVQidmK5EbGNh5YWL8tk352Sqjk4yxlZRqH8SkKHoMjPOrTcBJJwzWWQtz9h
Ol78kLqcYi+TK4ZWvunGXtZqDyQ2omhZBokSAHqUDjcRmOnuMpazF68j8U73Bz2v
oQtimMJlB/yyT6luFlzUbEK3ckUYBkk0PKxDe/6T7NXj+H4UWhpTivKnrqNWL7qA
HLSP1tnmG8s=
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC, Iteration 2048, PRF hmacWithSHA256
Bag Attributes
    localKeyID: CA D8 B0 AA 79 40 AE C6 65 D9 DB 97 55 B9 95 B8 63 14 09 C4
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhs0ebbW1sEUCAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDxOi/SPLOi3i/67n4/XN8uBIIE
0K8Mf9M+g8JycHvNARou/+RiO6UHdmaU7zi9IA4PzO/l4oAme5diCANtSe4UHiXr
e0dynCWOiJzVZ1DZOxE1oMalZI2+FTC/J8/IVLvwQLe08CWUB/30tE0sn2uF4DHd
+o3/sUnAyt78EYJ8hXiA3OZ6np14qvPCbdayEYhsblkIHriOG0KDNxutDtlpc/LB
7t/xmUpF1ZleQx/hnLza3449xxYmSIV/bwjgVJb/VpTG+rWSw+jnjhvHGzDSxsfa
4zehk5oqr1RUdr3bP994ncU8ARSx6Psjq4EomWih27gWmdZNG/YEuh8QcDidZYBr
8KoiVqUQsDtF/ZefslAdAt/VBROr63XrLEMBZgl9osPGXqEbRxGV2p+lyvS0kVhk
d3OnM/+vJZgmTrfxsYfcZ8gFLbtkkATr4jZ1+kAYcS0hidKpl34M3k22NzAaYodV
9S12ZVhGm3QW2NGsmHCCSjt65017ZZ+JIGZQHbDpRkeIaQRG/ZuzVoEKLsDX6Urp
dOnq27ZisonJhbJ6DOr3M/STp43VU1MZYhCJ4c7Sc6jDVqykbCSWXnTDMfY462JC
MU4ffSK0tps7ZAgLQkz8J4rEwYvYinndM9/75kcXZbNyuKd57pNe80L5UqtbHe9P
7iuJYuN609Bz6xBbkMQrdwnUxirvQuIQ9qBeV8p4zQBjKi93WHM1DSeyckq6U/aj
5s1PvB9XMrkN3fIC5b3cYyBywMzxRMrOUbRTiCei4nCDbAm4lfz2Vp5s+K68f3ak
5aPpMV0ssmKfV5otApHuGLq1S16YYXVAWso2I7e7Ngovn2Gk/gPBCE5EXa9bF+7T
6Bi+8Cv5n0WNQrpe9++A29k8ji/Dw+ps2g5woaN3UWsMdntgjndIlpKJbf09J6xi
CXhl3ycC8bzmvm/dNfVqXgUkLpkmMm+Fah4mCd/u7sEcMSzNyeEwMU8pyVvshOeQ
yd/HnrpHOKdLrFLGll+X91CQjuPl7Z6/k6+/j6/raekiAHW0T8469Vog0gt2v391
UT6QKlC8JyBoVXsF8DYTGhsDXceYMFmpWqmyB/Iqp04/dLRXf+Cdibc4u8GD9LaS
6fZcxb3jbOctxsVxmJyIzASTTt3fTN5C4alTVejo/Pis/U3ae5SaX3y1Fjt1xhvw
/y2aaS0HyDSo9/+Yibj/F/QOLSn4Czd6KymGgye53jApQULpkeg0tA/HAuy7kpCJ
ucHdH3aUfHUgqo6IQqR8dWH1rxcGEqbPNRYIKn/+Db+1598effYaCbgQzQ1TnN3S
eEDSkh8NtzwOWtmQDYWrFKuicHa1W/QybdUfHYFtjpiVknil0a89WkTBbvjzU5Ux
5lU3dozkH/ZLwV1bl7RnaYrS+/U6Kwx9TAJNhP/MpDJsZXigQ/gAdleC9Pi3pfHV
3t2Pn40GoYTvrdPIOWJTeG7fJCoS0eBXxAcemrEsawbxTCrNwyuWNLZkFFblDmLZ
MMn0wu2LXb3zbBpfSEvVSsBszuATZPfvKs+2jbdAQnEyGnltZLXO2ELhHKISWSWq
+7/3qXuEcfhmp5IBP/zRrZvkXj6nnjnDB03FZtRgyeDIzlQN+m0NX8nd0fo/vMlS
CvlBrSNct3Z23u8EoCCYAGRd9XRtJ9Dh/9AxCIDqi03m
-----END ENCRYPTED PRIVATE KEY-----

What Am I doing wrong?

Answer 1

as @dave_thompson_085 mentioned, the problem is due to the version of jdk. The solution would be to use jdk 8u311 from oracle instead of corretto