Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Got 'Invalid keystore format' when trying to set up an SSL connection

843811Mar 14 2008 — edited Jun 1 2008
Hello,

On Windows XP, JDK1.5_13:
I build a library module that can create an https connection supplying a certificate in a truststore. Used Apaches HttpClient 3.1 and the httpclient contrib library. To test this I used Tomcat, enabled SSL and added a keystore with certificate. I used a browser with the https url to get the certificate, stored it trusted in a keystore and tested the library with that keystore. This worked fine. The keystore was loaded and the connection established (even without supplying the keystore password).

Now I moved the library as is to a (RedHat) Linux machine, with JDK1.5_01. When I run the same test on this machine, I got the following stack trace:

java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:632)
at java.security.KeyStore.load(KeyStore.java:1150)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.createKeyStore(AuthSSLProtocolSocketFactory.java:222)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.createSSLContext(AuthSSLProtocolSocketFactory.java:292)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.getSSLContext(AuthSSLProtocolSocketFactory.java:331)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.createSocket(AuthSSLProtocolSocketFactory.java:368)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

I dug up the JavaKeyStore.engineLoad source and found that it trips over the next piece of code, where stream is the InputStream for the keystore file and password is the password for the keystore file.

if (password != null) {
md = getPreKeyedHash(password);
dis = new DataInputStream(new DigestInputStream(stream, md));
} else {
dis = new DataInputStream(stream);
}

// Body format: see store method

int xMagic = dis.readInt();
int xVersion = dis.readInt();

if (xMagic!=0xfeedfeed ||
(xVersion!=0x01 && xVersion!=0x02)) {
throw new IOException("Invalid keystore format");
}

Tried to use JDK1.5_15 on Linux machine, but got the same result.

Can anyone tell me why it works on a windows machine, and not on a linux machine and/or what I can do to get it working?

Regards,
Frank
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 29 2008
Added on Mar 14 2008
#other-security-apis-tools-and-issues
3 comments
4,499 views