Reputation: 572
SSL Java java.io.IOException: Invalid keystore format
I am testing SSL in java with SSLServerSocket and other classes in the java.ssl package. When I run the following code, I get the exception java.io.IOException: Invalid keystore format. My code:
package testing;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManager;
public class SSLServerTest {
public static void main(String[] args) {
try {
int port = 3000;
SSLContext sc = SSLContext.getInstance("TLSv1.2");
KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = new FileInputStream("key.txt");
try {
ks.load(ksIs, "Bennett556".toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "Bennett556".toCharArray());
sc.init(kmf.getKeyManagers(), new TrustManager[] {}, null);
ServerSocketFactory ssocketFactory = sc.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket) ssocketFactory
.createServerSocket(port);
ssocket.setEnabledProtocols(new String[] { "SSLv3" });
Socket socket = ssocket.accept();
BufferedReader in = new BufferedReader(new InputStreamReader(
socket.getInputStream()));
PrintWriter out = new PrintWriter(socket.getOutputStream());
out.println("Hello, Securly!");
out.close();
in.close();
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
File key.txt: 1268312345812304612348712634283427346 I am guessing I should put something else in the key.txt file, but I do not know what to put in it. Probably a searilized object.
EDIT: Client Code:
package testing;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
public class SSLClientTest {
public static void main(String[] args) {
int port = 3000;
String host = "localhost";
try {
SSLContext sc = SSLContext.getInstance("TLSv1.2");
KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = new FileInputStream("key.txt");
try {
ks.load(ksIs, "Bennett556".toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "Bennett556".toCharArray());
sc.init(kmf.getKeyManagers(), new TrustManager[] {}, null);
SocketFactory factory = sc.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.startHandshake();
BufferedReader in = new BufferedReader(new InputStreamReader(
socket.getInputStream()));
String str = "";
while ((str = in.readLine()) != null)
System.out.println(str);
in.close();
socket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
Upvotes: 18
Views: 131913
Answers (12)
Reputation: 504
I found this worked for me on a Mac when I was having trouble with
keytool -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
Go to System Settings from the Apple menu and search for Java. A window will open with Java details. Check to see if an update is needed. After I updated Java, and ran the keytool command it worked fine.
Upvotes: 0
Reputation: 1183
For debugging purposes, here is the original code. https://github.com/openjdk/jdk/blob/9a9add8825a040565051a09010b29b099c2e7d49/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java#L650
This was a big help to me. I was generating Java 11 certs and trying to use them with Java 8. Check your 0xFEED FEED (Magic) and 0x0002. These should be the first bytes of your jks. Or in int...
-2
-19
-2
-19
0
0
0
2
If your JKS doesn't start with that, you know you have a problem.
Upvotes: 0
Reputation: 11
For me i used the absolute path with the file: prefix to make it work. when I used only the name of the file it was giving me invalid keystore format error.
I hope this helps.
KeyStore keyStore = KeyStore.getInstance("JKS");
ApplicationContext applicationContext = new ClassPathXmlApplicationContext();
Resource res = applicationContext.getResource("file:///Users/blibanos/Downloads/peoplefiles.jks");
try (InputStream in = res.getInputStream()) {
keyStore.load(in, password);
}
```
Upvotes: 0
Reputation: 2902
mac users
updating JDK in System Preferences -> JAVA -> JAVA Control Panel -> Update tab
from java version "1.8.0_231" to "1.8.0_333" fixed the issue
Upvotes: 0
Reputation: 1
I recently had the same problem even though I was using a valid .jks file... the code used to work fine but suddenly it started giving "Invalid keystore format"
The answer given earlier to set the pom.xml resource filtering value to "false" worked for me too e.g.,
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
</resource>
</resources>
Upvotes: 0
Reputation: 820
For my case i have used different versions of keytool and java, once i switched to same jdk they got fixed.
Upvotes: 12
Reputation: 31
How did you generate the JKS file? I tried all suggested solutions but none worked for me. I was getting the same error when trying to read (in my code) a JKS file that I generated using OpenJDK Zulu 11's keytool.
I fixed this by instead generating the JKS file using the "KeyStore Explorer" tool, which I believe uses oracle JDK internally. Using the tool, I basically created a JKS file and added my trusted certificate to it.
I hope this helps.
Upvotes: 1
Reputation: 909
I had exactly the same issue. Indeed, the keystore file was invalid and not related to the JDK//JRE version. The problem in my case was caused by Maven. I was using the following option in my pom file:
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
The "true" value in the filtering was messing with the key file. Therefore, the keyfile that was available in my classpath when Spring run was not exactly the same I had under my directory "src/main/resources" and that caused the Invalid Keystore Format exception. When I tested with keytool I was using the one under the "resources" folder so that was misleading the real issue.
Solving the issue: in your pom.xml file, change the value for "filtering" to "false". Another way of solving the issue was to specify explicitly the location of the keystore in the application.properties file. So instead of:
server.ssl.key-store: classpath:keystore.jks
I used
server.ssl.key-store: keystore/keystore.jks
Upvotes: 24
Reputation: 12352
I was seeing this exception:
Invalid keystore format
while running a java application using JRE-1.8.0_40 on CentOS 6.6 64-bit linux.
On using JRE-1.8.0_172, the exception went away.
Upvotes: 2
Reputation: 1475
I faced with the same problem when load keystore with the following code:
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
Resource resource = new ClassPathResource(file);
trustStore.load(resource.getInputStream(), password.toCharArray());
It turned out to be the JDK issue, it doesn't work with jre1.8.0_25. when I upgrade JDK version to the latest jre1.8.0_121, it works.
Upvotes: 8
Related Questions
- java.io.IOException: Invalid Keystore format
- added certificate to java keystore, still error
- keytool error: java.lang.Exception: Keystore file exists, but is empty
- Tomcat 7 and invalid keystore format
- java.io.IOException: Invalid keystore format using Tomcat server
- KeyStore and TrustStore mismatch
- SSL certificate in keystore not working
- Java keytool error: java.lang.Exception: Input not an X.509 certificate
- SSL Keystore path error
- Java: Invalid Keystore format Error