java azure-keyvault jarsigner jar-signing

Getting error "AZUREKEYVAULT not found" while trying to sign the jar using jarsigner with Azure Key Vault Java 17/21

I have followed the documentation https://github.com/backwind1233/AzureDocs/blob/main/AzureJavaSDK/JCA/integrate_keyvault_JCA_provider_with_jarsigner.md#step-1--download-and-configure-jca-provider-jar and ran the command to sign the jar using the jarsigner with Azure Key Vault certificate combination but getting the below error.

jarsigner error: java.lang.RuntimeException: unable to instantiate keystore class: AZUREKEYVAULT not found java.lang.RuntimeException: unable to instantiate keystore class: AZUREKEYVAULT not found at jdk.jartool/sun.security.tools.jarsigner.Main.loadKeyStore(Main.java:2295) at jdk.jartool/sun.security.tools.jarsigner.Main.run(Main.java:303) at jdk.jartool/sun.security.tools.jarsigner.Main.main(Main.java:138)

I ran below command but getting the error "AZUREKEYVAULT not found". Tried many combination but not able to succeed.

jarsigner -keystore NONE -storetype AzureKeyVault \
          -sigalg SHA512withRSA \
          -signedjar /root/signed.jar /root/naveen.jar "jarsign" \
          -storepass '12345' \
          -providerPath /root/azure-security-keyvault-jca-2.8.1.jar \
          -providerName AzureKeyVault \
          -providerClass com.azure.security.keyvault.jca.KeyVaultJcaProvider \
          -J--module-path="/root/azure-security-keyvault-jca-2.8.1.jar" \
          -J--add-modules="com.azure.security.keyvault.jca" \
          -J-Dazure.keyvault.uri=https://abc.vault.azure.net  \
          -J-Dazure.keyvault.tenant-id=xxxxx \
          -J-Dazure.keyvault.client-id=Jxxxxx \
          -J-Dazure.keyvault.client-secret=xxxx \
          -debug

Command line args: [-keystore, NONE, -storetype, AzureKeyVault, -sigalg, SHA512withRSA, -signedjar, /root/signed.jar, /root/naveen.jar, jarsign, -storepass, 12345, -providerPath, /root/ttt.jar, -providerName, AzureKeyVault, -providerClass, com.azure.security.keyvault.jca.KeyVaultJcaProvider, -debug]
loadProviderByClass: com.azure.security.keyvault.jca.KeyVaultJcaProvider
May 03, 2024 11:33:21 PM com.azure.security.keyvault.jca.implementation.KeyVaultClient <init>
INFO: Using Azure Key Vault: https://filesigning-jar-poc.vault.azure.net
May 03, 2024 11:33:21 PM com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil getAccessToken
INFO: Getting access token using client ID / client secret
May 03, 2024 11:33:21 PM com.azure.security.keyvault.jca.implementation.KeyVaultClient <init>
INFO: Using Azure Key Vault: https://filesigning-jar-poc.vault.azure.net
May 03, 2024 11:33:21 PM com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil getAccessToken
INFO: Getting access token using client ID / client secret
May 03, 2024 11:33:21 PM com.azure.security.keyvault.jca.implementation.KeyVaultClient <init>
INFO: Using Azure Key Vault: https://filesigning-jar-poc.vault.azure.net
May 03, 2024 11:33:21 PM com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil getAccessToken
INFO: Getting access token using client ID / client secret
jarsigner error: java.lang.RuntimeException: unable to instantiate keystore class: AZUREKEYVAULT not found
java.lang.RuntimeException: unable to instantiate keystore class: AZUREKEYVAULT not found
        at jdk.jartool/sun.security.tools.jarsigner.Main.loadKeyStore(Main.java:2295)
        at jdk.jartool/sun.security.tools.jarsigner.Main.run(Main.java:303)
        at jdk.jartool/sun.security.tools.jarsigner.Main.main(Main.java:138)

Solution

Check if the Azure Key Vault JCA provider jar file is present in the correct location.
Run the command to check the classpath using the environment variable.

    echo $CLASSPATH

Validate if the Azure Key Vault JCA provider jar file is available in one of the directories mentioned in the classpath.
Delete the existing Azure Key Vault JCA provider jar file and download it again and move it to the location based on the Java Version.
The providerName should be "AzureKeyVault" and the providerClass should be "com.azure.security.keyvault.jca.KeyVaultJcaProvider" and pointing to the correct location of the Azure Key Vault JCA provider jar file.
The keystore type should set to AzureKeyVault and the password is correct.
Validate the Azure Key Vault URI, tenant ID, client ID, and client secret using in the command are correct and available.
Sign in to the Azure CLI and run the commands again or create the resources manually and use the values directly in the command.

Run the below commands to validate the Azure Key Vault JCA provide:

keytool -list -keystore NONE -storetype AzureKeyVault -storepass "" -providerName AzureKeyVault -providerClass com.azure.security.keyvault.jca.KeyVaultJcaProvider -J--module-path="<JAVA_HOME>\azure-security-keyvault-jca-2.8.1.jar" -J--add-modules="com.azure.security.keyvault.jca" -J-Dazure.keyvault.uri=https://keyvault.vault.azure.net/ -J-Dazure.keyvault.tenant-id=<tenant_id> -J-Dazure.keyvault.client-id=<client_id> -J-Dazure.keyvault.client-secret=<client_secret>

enter image description here

Use the below command to signin with jarsignal:

jarsigner   -keystore NONE -storetype AzureKeyVault -signedjar signerjar.jar "<jarfile.jar>" "mycert1.cert" -verbose  -storepass "" -providerName AzureKeyVault -providerClass com.azure.security.keyvault.jca.KeyVaultJcaProvider -J--module-path="<JAVA_HOME>\azure-security-keyvault-jca-2.8.1.jar" -J--add-modules="com.azure.security.keyvault.jca" -J-Dazure.keyvault.uri=https://keyvaultname.vault.azure.net/ J-Dazure.keyvault.tenant-id=<tenant_id> -J-Dazure.keyvault.client-id=<client_id> -J-Dazure.keyvault.client-secret=<client_secret>