java.io.IOException: Invalid keystore format Spring Security SAML Extension

6
votes

I have successfully gotten the Spring Security SAML Extension sample application to run. Now, I'm trying to integrate it into my main application. Before I tried to integrate with my application, I created a sample application to integrate it with and it works fine. In my sample application, I used the keystore from downloaded sample application. Now, I'm trying to use the same keystore and I'm getting the following error:

Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataGenerator.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in ServletContext resource [/WEB-INF/spring/securityContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.saml.key.JKSKeyManager]: Constructor threw exception; nested exception is java.lang.RuntimeException: Error initializing keystore at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:596) at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:289) ... 89 more Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in ServletContext resource [/WEB-INF/spring/securityContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.saml.key.JKSKeyManager]: Constructor threw exception; nested exception is java.lang.RuntimeException: Error initializing keystore at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:278) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1114) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1017) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:302) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:298) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1017) at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:960) at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:858) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:553) ... 91 more Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.saml.key.JKSKeyManager]: Constructor threw exception; nested exception is java.lang.RuntimeException: Error initializing keystore at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:164) at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:125) at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:270) ... 103 more Caused by: java.lang.RuntimeException: Error initializing keystore at org.springframework.security.saml.key.JKSKeyManager.initialize(JKSKeyManager.java:121) at org.springframework.security.saml.key.JKSKeyManager.(JKSKeyManager.java:79) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148) ... 105 more Caused by: java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1214) at org.springframework.security.saml.key.JKSKeyManager.initialize(JKSKeyManager.java:117) ... 111 more

Here is the bean configuration for the JKSKeyManager:

<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
        <constructor-arg value="classpath:security/samlKeystore.jks" />
        <constructor-arg type="java.lang.String" value="nalle123" />
        <constructor-arg>
            <map>
                <entry key="apollo" value="nalle123" />
            </map>
        </constructor-arg>
        <constructor-arg type="java.lang.String" value="apollo" />
    </bean>

Can anyone help me with what's causing this error?

3
springspring-securityspring-saml

3 Answers

10
votes

I had a similar issue; I figured Maven was filtering out my resources and adding this solved the problem:

   <resource>
        <directory>src/main/resources</directory>
        <filtering>true</filtering>
        <excludes>
            <exclude>**/*.jks</exclude>
        </excludes>
    </resource>
    <resource>
        <directory>src/main/resources</directory>
        <filtering>false</filtering>
        <includes>
            <include>**/*.jks</include>
        </includes>
    </resource>
5
votes

I had the same issue. Maven was copying the binary file incorrectly.

I had to add the following to my maven-resources-plugin:

<nonFilteredFileExtensions>
    <nonFilteredFileExtension>jks</nonFilteredFileExtension>
</nonFilteredFileExtensions>

You can test this by running the command in your target directory:

keytool -list -keystore ~/<your_project_target_directory>/security/samlKeystore.jks

When my maven was copying the file incorrectly I was getting:

keytool error: java.io.IOException: Invalid keystore format

Once I added the nonFilteredFileExtension I was immediately prompted for the password.

-1
votes

You can start troubleshooting by replacing the samlKeystore.jks directly in the web archive you're deploying, with one directly from the Spring SAML sources. This can help you determine whether the problem is in the keystore, or in your code - most likely it's the keystore.

In case you're using Maven for building of your application, make sure that the key store is placed in the resources folder in your build, not in the java or webapp. Maven tends to corrupt the keystore during building unless it's placed in the resources folder.