13
votes

I try to use SSL on spring boot 2.2.0 with embeded tomcat 9.0.26 but tomcat can not load JKS file stream closed.

Here is application properties:

server.port=443
server.ssl.key-store-type=JKS
server.ssl.key-store=C:\\Keystore\\mykey.jks
server.ssl.key-store-password=cccc 
server.ssl.key-alias=*.mydomain.com

Exception:

org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:215) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.0.RELEASE.jar!/:5.2.0.RELEASE] at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at eu.soluma.app.SolumaTdvApplication.main(SolumaTdvApplication.java:34) ~[classes!/:0.0.1-SNAPSHOT] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:567) ~[na:na] at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[SolumaTDV-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[SolumaTDV-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.Launcher.launch(Launcher.java:51) ~[SolumaTDV-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52) ~[SolumaTDV-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT] Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed at org.apache.catalina.core.StandardService.addConnector(StandardService.java:231) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) ~[spring-boot-2.2.0.BUILD-SNAPSHOT.jar!/:2.2.0.BUILD-SNAPSHOT] ... 18 common frames omitted Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] ... 20 common frames omitted Caused by: java.lang.IllegalArgumentException: Stream closed at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1210) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:585) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] ... 22 common frames omitted Caused by: java.io.IOException: Stream closed at java.base/java.io.BufferedInputStream.getBufIfOpen(BufferedInputStream.java:176) ~[na:na] at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:342) ~[na:na] at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) ~[na:na] at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271) ~[na:na] at java.base/java.security.DigestInputStream.read(DigestInputStream.java:125) ~[na:na] at java.base/java.io.DataInputStream.readInt(DataInputStream.java:392) ~[na:na] at java.base/sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:659) ~[na:na] at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[na:na] at java.base/java.security.KeyStore.load(KeyStore.java:1472) ~[na:na] at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ~[tomcat-embed-core-9.0.26.jar!/:9.0.26] ... 28 common frames omitted

3
have you tried putting the path to your keystore in "double quotes" and with single slashes ? e.g. server.ssl.key-store="C:\Keystore\mykey.jks"Tommy Brettschneider
Have you tried prefixing the location with file:?M. Deinum
Yes I tried both tips but no luckuser2803095
What's the question here, exactly?TylerH

3 Answers

25
votes

It is a regression introduced in Tomcat 9.0.25 that will be fixed in 9.0.27.

7
votes

Thanks Pedro. I have the issue with Spring Boot 2.1.9.RELEASE and can confirm that it is resolved by downgrading to 2.1.8.

1
votes

2.1.10.RELEASE also corrects the problem seen in 2.1.9.