Something is likely wrong with your keystore itself, as it happens during PKCS12KeyStore.engineGetKey.
Try using the command line keytool to dump the various keys (public and private), see which one it fails on. You could also use a tool like Java KeyStore Explorer (a nice UI for keystores) - https://keystore-explorer.org/ Joakim Erdfelt / joa...@webtide.com On Thu, Aug 19, 2021 at 9:25 AM Daniel Wilkins <daniel.wilk...@genesys.com> wrote: > Hi, I’ve been trying to track down a failure in using a TLS key on top of > Jetty. I had weird behavior on the app above so I downloaded standalone > jetty and tried it. This config seems to be minimal enough for me to see > what’s happening: > > --module=https > jetty.https.port=8443 > jetty.secure.port=8443 > jetty.keystore=etc/keystore > jetty.keystore.password=[secret value] > jetty.keystore.format=jks > > Everything else is the default settings in the start.ini file. I initially > tried using a truststore as well but it doesn’t get that far when it fails > to load the keystore. The key itself is just a password-protected 2048 bit > rsa key. I also tried converting the key to the pkcs12 format and jetty > started saying that the password was wrong, but that was just an aside; I’m > more than happy to get it to work with JKS. > > When I try to run it on the latest jetty 9.43 I get a trail of exceptions > which bottom out at this: > Caused by: javax.crypto.BadPaddingException: Given final block not > properly padded. Such issues can arise if a bad key is used during > decryption. > at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975) > at > com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056) > at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853) > at > com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:405) > at > com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:437) > at javax.crypto.Cipher.doFinal(Cipher.java:2168) > at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:371) > ... 33 more > > The error message hints at this being caused by a bad key, but I’m able to > view/manipulate the key in key tool as well as Keystore Explorer. This key > is also used without any problems in other services of ours which don’t use > Jetty. > > Does anyone have a clue what might be going on here? I know that the > errors don’t appear to come from jetty itself, but I feel like it has to be > involved somewhere considering how keytools, keystore explorer, and other > java services seem to be able to load it. > > Thanks. > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
