UPDATE -> Adding Security.addProvider(new BouncyCastleProvider()); fixes this issue
The following error is caused by the addition of ActiveMQ Broker into my configuration. If I remove the JMS configuration, this error goes away.
java.security.UnrecoverableKeyException: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: pad block corrupted
Spring Boot 2.1.1.RELEASE Embedded Tomcat with SSL ActiveMQ @EnableJMS
UPDATE: I removed my JMSConfiguration.class from the application and everything started to work. @EnableJMS must do something that overrides something. I'm going to systematically comment out beans in that config class until I find the exact culprit. I would have never thought my JMS Active MQ config would clash with my Embedded Tomcat Server's SSL config.
I've narrowed it down to the following JMS related bean that is the cause. If I completely get rid of the JMS config, then I do not get the error with the password. It would seem these things are unrelated, but they are somehow.
@Bean
public BrokerService broker() throws Exception {
final BrokerService broker = new BrokerService();
Using the configuration below, I get an error when starting Spring Boot. If I remove all of my @Configuration classes and just start Spring Boot, this configuration works fine. I've tried PKCS, JKS and I've tried file: and I've moved the file around and no joy. I know the password is correct because it will start normally, if I remove my configuration classes and I can hit the server just fine using 443/ssl...
server.contextPath=/my
server.tomcat.additional-tld-skip-patterns=*.jar
server.compression.enabled=true
server.port=443
server.ssl.key-store:classpath:local-keystore.jks
server.ssl.key-store-password:password
server.ssl.keyStoreType:JKS
server.ssl.keyAlias:tomcat
Error Encountered
org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1001)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:311)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:164)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:549)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:316)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248)
at com.jjkane.Application.main(Application.java:65)
Caused by: java.lang.IllegalArgumentException: keystore password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1067)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1149)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:561)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:998)
... 14 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2108)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:179)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:203)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
... 20 common frames omitted
java.security.UnrecoverableKeyException: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: pad block corrupted
UPDATE: Same error after this modification...
server.contextPath=/my
server.tomcat.additional-tld-skip-patterns=*.jar
server.compression.enabled=true
server.port=443
server.ssl.key-store=classpath:local-keystore.p12
server.ssl.key-store-password=tomcat
server.ssl.key-password=tomcat
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
You might be using java version previous to JDK 8u161,in this case this exception can be tackled by adding Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to the installation of Java. Issue generally occurs when encryption/decryption done with longer key size. Bouncy castle is also a solution to this issue. For more detail about JCE file please refer oracle site https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Another solution is to upgrade your java to mentioned or higher version.