I'm using the below code to attempt to load a keystore file and I'm getting an java.io.IOException: Invalid keystore format Exception. Any ideas on how to troubleshoot this or what is causing the issue?
Load Keystore File:
final FileInputStream keyFile = new FileInputStream(filePath
+ "key.p7b");
final KeyStore keyStore = KeyStore.getInstance("JKS");
String storepass = "pwd";
keyStore.load(keyFile, storepass.toCharArray());
Exception:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
On request, my comment as an answer:
p7b is a certificate file, not a keystore file. You must convert it first. Apparently OpenSSL can help with that.
I have a problema like that when I try to create a keystore file with a Sun/Oracle JDK in Portuguese... The portuguese version of JDK (or my Windows PT-BR, I don't know yet) have this bug... I needed to make the keystore file in an English operational system.
Related
We are using a NewRelic java agent to monitor java application. The application uses a custom trust store with .jks extension. However the agent by default or by explicitly specifying the path to the trust store does not identify the trust store and throws an error.
How can we use this trust store without changing the extension as we need to use as it is.
INFO: Using ca_bundle_path:
D:\Java\jdk1.8.0_311\jre\lib\security\cacerts
2022-01-24T16:55:40,590+0530 [7048 1] com.newrelic ERROR: Unable to
generate ca_bundle_path certificate. Verify the certificate format.
Will not process further certs.
java.security.cert.CertificateException: Could not parse certificate:
java.io.IOException: Empty input
The Java agent relies on the default X.509 CertificateFactory that only accepts .pem files.
Relevant lines:
try (InputStream is = new BufferedInputStream(new FileInputStream(caBundlePath))) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// ...
caCerts.add((X509Certificate) cf.generateCertificate(is));
// ...
}
https://github.com/newrelic/newrelic-java-agent/blob/f18215d145bd6992c0fe74a8c503459799e108ca/newrelic-agent/src/main/java/com/newrelic/agent/transport/apache/ApacheSSLManager.java#L54-L58
If you can override the SPI for the X.509 CertificateFactory for one that accepts .pks files you might be able to use your file.
Am trying to read the installed certificates by using code
KeyStore ks = KeyStore.getInstance("Windows-MY")
ks.load(null, null)
Enumeration<String> enumeration = ks.aliases()
while (enumeration.hasMoreElements()) {
String string = (String) enumeration.nextElement()
System.out.println(string)
}
this code list out the installed certificates on windows but on linux doesn't? tried by changing the keystore providers also.
I'm not sure what you mean with "read browsers certificates".
Are you trying to read certificates from the default Java keystore? What's your goal?
KeyStore.getInstance(..) instantiates a keystore with a specific type (JKS, for example). When you want to read from a specific keystore, you need to specify the path to the keystore and make the KeyStore instance load that file.
See http://www.java2s.com/Code/Java/Security/RetrievingaKeyPairfromaKeyStore.htm for an example and https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html for more details.
Edited: updated answer after clarified question.
You can find more info on reading browser keystores in Linux on:
http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/keystores.html
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/JSS
applet with SunMSCapi not working in linux
http://forums.mozillazine.org/viewtopic.php?p=12037571
Try with libsoftokn3.so of NSS.
See my answer here, "Approach 1".
The key is to find where libsoftokn3.so is, and use it as the libfile to construct a config file, and then a KeyStore.
You can get the Default Type.
Try the below code
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
I'm in the process of WS security. In my application user may give JKS file or PK12 file.
I load the keystore file using the following code,
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(inStream, "pass".toCharArray());
It is throwing Invalid keystore format
So is there any way to find if the file is JKS or PK12 or any other else?
Should I get it from the user what kind of file he is using?
I'm new to this, correct me if my understanding is wrong. I apology for wasting your time, if this is duplicate.
I get an error on this line:
final KeyStore keyStore = KeyStore.getInstance("BKS");
the error i get is:
java.security.KeyStoreException: BKS not found
at java.security.KeyStore.getInstance(Unknown Source)
at AppListen.<init>(AppListen.java:84)
i added bcprov-jdk16-146.jar to the "Referenced Libraries" but still no luck.
My overall program allows an android phone to be used as mouse and keyboard for a computer using an SSL socket connection. The android app has the same line with no errors.
What am i doing wrong?
EDIT:
Maybe this is common knowledge for most, but it wasn't for me, so for those like me this is what i did.
The reason i was using BKS was because that's the only format allowed by android, but i didnt know that you only needed it on the android side, you can use another format on the server and then make a copy of the key and convert it to BKS to use on the android, eliminating the need for BouncyCastle.
I used a JKS key for the server and than converted a copy of that key to BKS to use on the android using a program called portecle.
Include BouncyCastle library in the project and add provider in code
Security.addProvider(new BouncyCastleProvider());
KeyStore keyStore = KeyStore.getInstance("BKS");
I am trying to use Java to read a certificate that I received from an external party. The code is throwing the following error:
java.lang.RuntimeException: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor
The code:
FileInputStream ksfis = new FileInputStream(this.getCertificateFile());
ksbufin = new BufferedInputStream(ksfis);
certificate = (X509Certificate)
CertificateFactory.getInstance("X.509").generateCertificate(ksbufin);
To make sure the problem was not in the code, I created a self-signed certificate and used it with the code, and it worked fine. I have installed both certificates in the system key chain, and they both are valid. I am using a Mac and Java 1.6.
Any idea why I get the above exception when I load the external Party certificate? Do you think it got corrupted during transfer? If it did, it should not show up as valid on the local system, right?
Try to type this using openssl, and then import the result:
openssl x509 -outform der -in certificate.pem -out certificate.der
or use the Java Bouncy Castle functionality in the lightweight API:
http://www.bouncycastle.org/docs/pkixdocs1.5on/org/bouncycastle/openssl/PEMReader.html
You may encode the result again and then use the "X509" CertificateBuilder in Java to get a JCE defined certificate, e.g.
ByteArrayInputStream certStream = new ByteArrayInputStream(binaryCert);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certStream);