Getting this error - public key protected PKCS12 not supported

Question

I'm trying to use java.security.Keystore in scala application

Below is how my code looks like -

    val ks: KeyStore = KeyStore.getInstance("PKCS12")
    val keyManagerFactory: KeyManagerFactory = KeyManagerFactory.getInstance("SunX509")
    val tmf: TrustManagerFactory = TrustManagerFactory.getInstance("SunX509")
    val sslContext: SSLContext = SSLContext.getInstance("TLS")

      case Some(password) =>
        val pwdChars: Array[Char] = password.toCharArray
        val keystore: InputStream = KEYSTORE match { // for live override dev certificate
          case Some(path) =>
            new FileInputStream(path)
          case None =>
            getClass.getClassLoader.getResourceAsStream("myResource")
        }
        ks.load(keystore, pwdChars)
        keyManagerFactory.init(ks, pwdChars)
        tmf.init(ks)
        sslContext.init(keyManagerFactory.getKeyManagers, tmf.getTrustManagers, new SecureRandom)
        Some(ConnectionContext.https(sslContext))

But when I publish this particular package on my mac & try to use it in a different service I'm getting this particular ERROR -

[error] java.io.IOException: public key protected PKCS12 not supported
[error]         at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1958)
[error]         at java.security.KeyStore.load(KeyStore.java:1445)
[error]         at com.f1000.baseservice.BaseMicroService$.createHTTPSContext(BaseMicroService.scala:69)
[error]         at com.f1000.StaticInfomicroservice.StaticInfoMicroService$.createWebServer(StaticInfoMicroService.scala:36)
[error]         at com.f1000.StaticInfomicroservice.StaticInfoMicroService$.$anonfun$main$1(StaticInfoMicroService.scala:61)
[error]         at com.f1000.StaticInfomicroservice.StaticInfoMicroService$.$anonfun$main$1$adapted(StaticInfoMicroService.scala:58)
[error]         at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
[error]         at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1402)
[error]         at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
[error]         at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
[error]         at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
[error]         at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)

This error is generally occuring if I publish the package on a mac machine but when I publish the same on a Windows machine, it works perfectly fine.

Do you think that this might be something specific to Mac?

Answer 1

I faced the same error in situation when keystore binary file was corrupted by jinja2 templating engine in ansible. Disabling templating for keystore fix the issue.

As well, you can check file corruption by opening keystore via keytool JDK util.

keytool -list -v -keystore yourkeystore

In my case, keytool swow me the same error message.

public key protected PKCS12 not supported

Answer 2

Just FYI since a I and a coworker spent a couple of hours figuring this out. We got this message when loading a Java Keystore with a cert from a consultant our company hired.

The consultant's cert was the next level up in the trust chain, so the Keystore had our cert and the consultant's cert. The problem was that the consultant had included two of its certs, one with signature encrypted with SHA-1 and one with SHA-256. Our cert had its signature encrypted with SHA-256. We saw this error intermittently (the kind that drives you nuts) until we removed the SHA-1 encrypted cert from the keystore.