51

Does anyone know how to solve this? I tried many things, but none of them worked.

And when I click more details I get this:

at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
atsun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.RootCertStore.loadCertStore(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.ImmutableCertStore.load(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$000(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
sstn
  • 3,024
  • 18
  • 30
  • What exactly are you trying to do? Posting some example code would be helpful. – Jonik Jun 27 '09 at 11:48
  • And please post what things you tried already? – akarnokd Jun 27 '09 at 12:26
  • 2
    It don't look like Tomi has written any KeyStore-related code; this stack is simply an Applet getting started. It looks like the class loader is having trouble preparing to verify applet signatures. – erickson Jun 27 '09 at 17:16
  • @erickson: Yes. Now I see it too. But without an OP response we cannot proceed further I'm afraid. – akarnokd Jun 27 '09 at 18:28
  • How did you generate the JKS file? checkout this thread: https://stackoverflow.com/a/59312913/7051466 – Zak Aroui Dec 12 '19 at 21:30

14 Answers14

93

You may corrupt the file during copy/transfer.

Are you using maven? If you are copying keystore file with "filter=true", you may corrupt the file.

Please check the file size.

Kurtulus Oksuztepe
  • 931
  • 6
  • 3
  • 2
    Great! I really helped me. Could you, please, clarify why does the filtering parameter corrupts the keystore? – Dmitry Jul 30 '13 at 14:39
  • Thanks for filter=true ... saved my day – Amandeep Kamboj Feb 23 '17 at 13:17
  • in my case, the `maven-cargo-plugin` container configuration should use `...` for binary files, rather than ``, as per [the maven:cargo documentation](https://codehaus-cargo.github.io/cargo/Configuration+files+option.html) – krevelen Mar 13 '18 at 15:02
44

Maybe maven encoding you KeyStore, you can set filtering=false to fix this problem.

<build>
    ...
    <resources>
        <resource>
            ...
            <!-- set filtering=false to fix -->
            <filtering>false</filtering>
            ...
        </resource>
    </resources>
</build>
xiezefan
  • 541
  • 5
  • 5
16

(Re)installing the latest JDK (e.g. Oracle's) fixed it for me.

Prior to installing the latest JDK, when I executed the following command in Terminal.app:

keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v

It resulted in:

keytool error: java.io.IOException: Invalid keystore format
java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at sun.security.tools.keytool.Main.doCommands(Main.java:792)
    at sun.security.tools.keytool.Main.run(Main.java:340)
    at sun.security.tools.keytool.Main.main(Main.java:333)

But, after installing the latest Oracle JDK and restarting Terminal, executing the following command:

keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v

Results in:

Enter keystore password:

Which indicates that the keytool on path can access the keystore.

Gary S. Weaver
  • 7,806
  • 4
  • 36
  • 60
  • 1
    This worked for me - just installing the latest, which Mac had already 'updated' as a patch or something - but only once I started a new terminal window so the path used the new java update. Particularly useful were the commands replicating the error and demonstrating the issue had been resolved (although because of the $(java_home) reference, those worked in the terminal where the gradle command didn't work, which was a bit confusing)! – android.weasel Oct 25 '16 at 22:42
  • This command helped me validate the jks file (keytool -list -keystore ) – SudoPlz Apr 28 '20 at 20:21
11

I had the same issue with different versions of keytool:

C:\Program Files\Java\jdk1.8.0_51\bin\keytool

but the same keystore file worked fine with

"C:\Program Files\Java\jre1.8.0_201\bin\keytool"

I know it is an old thread but have lost a lot of hours figuring this out... :D

Community
  • 1
  • 1
Shoaeb
  • 473
  • 5
  • 16
  • 4
    Just a short shot: between Versions 51 and 201 the unlimited crypto policy in Java got enabled, so maybe you should install the unlimited crypto files from Oracle in your "old" Java (you will find a lot of topics here). – Michael Fehr Jun 19 '20 at 10:15
  • Just using the JRE instead of JDK for the same version 1.8.0_202 was enough for me. – Jaydo Feb 16 '22 at 04:25
5

I think the keystore file you want to use has a different or unsupported format in respect to your Java version. Could you post some more info of your task?

In general, to solve this issue you might need to recreate the whole keystore (using some other JDK version for example). In export-import the keys between the old and the new one - if you manage to open the old one somewhere else.

If it is simply an unsupported version, try the BouncyCastle crypto provider for example (although I'm not sure If it adds support to Java for more keystore types?).

Edit: I looked at the feature spec of BC.

akarnokd
  • 67,096
  • 14
  • 149
  • 183
5

for me that issue happened because i generated .jks file on my laptop with 1.8.0_251 and i copied it on server witch had java 1.8.0_45 and when I used that .jks file in my code i got java.io.IOException: Invalid Keystore format.

to solve this issue i generated .jks file directly on the server instead of copy there from my laptop which had different java version.

Fariba
  • 593
  • 1
  • 8
  • 25
4

Your keystore is broken, and you will have to restore or regenerate it.

Thorbjørn Ravn Andersen
  • 71,889
  • 31
  • 184
  • 335
3

I ran into the problem with openJDK on ubuntu, had to install Oracle JDK to get it working.

You can follow this guide on google sites to do that.

Sadiq Ali
  • 1,222
  • 2
  • 14
  • 22
2

You can generate the debug keystore by running this command in the android/app/ directory:

keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000

Or just download from official template https://raw.githubusercontent.com/facebook/react-native/master/template/android/app/debug.keystore

Adiii
  • 44,267
  • 6
  • 120
  • 114
Beaudry Jean Sauvenel
  • 21
  • 1
1

Same issue here, I have Oracle JDK installed and my keystore was created using that, but in the jceks format

keytool -importkeystore -destkeystore client.keystore \
    -srckeystore redislabs_user.p12 -srcstoretype pkcs12 \
    -deststoretype jceks -alias client-cert

I deleted the -deststoretype jceks option and it worked fine :)

ruloweb
  • 534
  • 6
  • 9
0

go to build clean the project then rebuild your project it worked for me.

ultimate
  • 11
  • 1
0

I came across this issue while running keytool command. There is an other way to run the keytool command, mentioned here: https://developers.google.com/android/guides/client-auth using gradlew command.

When I ran in debug mode ./gradlew signingReport --debug got to know that gradle plugin required java 11 and my local has java8. Downloaded java11 and updated Path. Ran the command (Make sure you open a new terminal so that java path is reflected to 11). Works like a charm !!!

saiyan
  • 501
  • 1
  • 4
  • 20
0

In my case, I was running the project with Java version 1.8. and the Keystore.jks file that I generated from java 16. I changed my project java version to 16 and the error goes away.

Please check the JDK version with which you are generating the keystore and the JDK version for your project are the same or not. If they are different, either generate the keystore from the same JDK on which your current project is running or change the project JDK.

Hritik Kumar
  • 71
  • 2
  • 6
0

It may be necessary to run cmd as administrator. the paths to specify the .jks file must be / and not \.

If they open the cmd with the path where the .jks file is located, they only put in the /key.jks path

Jairo Rodriguez
  • 186
  • 1
  • 5