powered by Jive Software

java.io.IOException: Keystore was tampered with, or password was incorrect

Dear All,

I updated my snow leopard with Java update 1 and it caused my smack-based IM lib crashed when trying to open a connection to an ejabberd server:
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.jivesoftware.smack.ServerTrustManager.(ServerTrustManager.java:63)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:12 46)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:313)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:76)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)

Does anyone idea how to resolve this? Thank you in advance!

Best regards,

Imre

According to the result of a hard debugging, what i have learned is that the code is throwing exception here:

connectionSemaphore.tryAcquire(3 * waitTime, TimeUnit.MILLISECONDS);

in the method startup() of class PacketReader.

Could anyone help me with this?

After having dig deeper, i found this:

this code is called:

readerThread.start();

inside this code:

if parser.getName().equals(“proceed”)

case is active and this call is achieved:

connection.proceedTLSReceived();

and found this method call throw the exception:

context.init(kms,

new javax.net.ssl.TrustManager[]{new ServerTrustManager(serviceName, configuration)},

new java.security.SecureRandom());

The exception is coming from SSLContext of JavaSE. Why is working bad after having updated the Java under SL and how can i fix it?

Separating the code

context.init(kms,

new javax.net.ssl.TrustManager[]{new ServerTrustManager(serviceName, configuration)},

new java.security.SecureRandom());

to this:

javax.net.ssl.TrustManager[] t = new javax.net.ssl.TrustManager[]{new ServerTrustManager(serviceName, configuration)};

context.init(kms, t, new java.security.SecureRandom());

the constructor of ServerTrustManager class throws the exception with this code line:

trustStore.load(in, configuration.getTruststorePassword().toCharArray());

Values:

configuration.getTruststoreType(): jks

configuration.getTruststorePath(): /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/ca certs

configuration.getTruststorePassword():changeit

Any ideas anyone?

I made this sample code:

public class Truster {

public static void main(String[] args) {

try {

KeyStore trustStore =

KeyStore.getInstance(“jks”);

FileInputStream in = new FileInputStream(

“/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/c acerts”

);

trustStore.load(in,

“changeit”.toCharArray());

System.out.println("<>>>>>> 4 ");

}

catch (Exception e) {

e.printStackTrace();

}

}

}

It works on Snow leopard with build-in Java distribution but doesn’t work after java update 1 for SL.

Any idea?

After a successful dictionary attack, the password used by Apple for the keystore in the Update 1 is retrieved: “changeme”

I had to change it back to the standard “changeit” and it works now. Whew …

This worked to resolve the keystore error.

I used this command to reset the password: sudo keytool -storepasswd -new changeit -keystore /Library/Java/Home/lib/security/cacerts -storepass changeme