Java – spring boot 2.1 embedded Tomcat – incorrect keystore password
Update – > add security addProvider(new BouncyCastleProvider()); Solved this problem
Adding ActiveMQ broker to my configuration causes the following error If I delete the JMS configuration, this error disappears
java.security.UnrecoverableKeyException: Failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: pad block corrupted
Spring Boot 2.1. 1. Release @ enablejms of embedded Tomcat and SSL ActiveMQ
Update: I deleted my jmsconfiguration. Com from the application Class, everything is working@ Enabling JMS must do something to override something I will systematically review the beans in this configuration class until I find the exact culprit I never thought that my JMS active MQ configuration would conflict with the SSL configuration of my embedded Tomcat server
I have narrowed it down to the following JMS related beans related to the reason If I get rid of JMS configuration completely, I won't get a password error It seems that these things are irrelevant, but they are to some extent
@Bean
public BrokerService broker() throws Exception {
final BrokerService broker = new BrokerService();
Using the following configuration, I made an error when starting spring boot If I delete all @ configuration classes and start spring boot, the configuration works normally I've tried PKCs, JKS and the files I've tried: I've moved the files without any fun I know the password is correct because it will start normally. If I delete my configuration class, I can use 443 / SSL to hit the server
server.contextPath=/my server.tomcat.additional-tld-skip-patterns=*.jar server.compression.enabled=true server.port=443 server.ssl.key-store:classpath:local-keystore.jks server.ssl.key-store-password:password server.ssl.keyStoreType:JKS server.ssl.keyAlias:tomcat
An error was encountered
org.apache.catalina.LifecycleException: Protocol handler start Failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1001)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPrevIoUslyRemovedConnectors(TomcatWebServer.java:259)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:311)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:164)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248)
at com.jjkane.Application.main(Application.java:65)
Caused by: java.lang.IllegalArgumentException: keystore password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1067)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1149)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:561)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:998)
... 14 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2108)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:179)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:203)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
... 20 common frames omitted
java.security.UnrecoverableKeyException: Failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: pad block corrupted
Update: the same error occurred after this modification
server.contextPath=/my server.tomcat.additional-tld-skip-patterns=*.jar server.compression.enabled=true server.port=443 server.ssl.key-store=classpath:local-keystore.p12 server.ssl.key-store-password=tomcat server.ssl.key-password=tomcat server.ssl.keyStoreType=PKCS12 server.ssl.keyAlias=tomcat
Solution
You may be using the Java version before JDK 8u161. In this case, you can solve this exception by adding Java cryptography extension (JCE) unlimited strength judgment policy files to the Java installation Problems usually arise when encryption / decryption is completed with a longer key size Inflatable castles are also the solution to this problem
Another solution is to upgrade your Java to the above version or later