8 Replies Latest reply: Apr 11, 2011 2:33 PM by 854472 RSS

    UnrecoverableKeyException: Cannot recover key - need help figuring out....

    843811
        System.setProperty("javax.net.ssl.keyStore","C:\\Program Files\\Java\\jdk1.6.0_07\\lib\\security\\keystore");
        System.setProperty("javax.net.ssl.keyStorePassword","changeit");
        URL  endpoint = new java.net.URL("https://foo.bar/services/ingest);
      ingestSoapBindingStub ingest = new ingestSoapBindingStub(endpoint,null);
      
       /***********auto generated from wsdl2java************/
      org.apache.axis.client.Call _call = createCall();
              _call.setOperation(_operations[0]);
              _call.setUseSOAPAction(true);
              _call.setSOAPActionURI("ingest");
              _call.setSOAPVersion(org.apache.axis.soap.SOAPConstants.SOAP11_CONSTANTS);
              _call.setOperationName(new javax.xml.namespace.QName("http://ingest.webservice.foobar.com", "ingest"));
              setRequestHeaders(_call);
              setAttachments(_call);
                 
            try {
                 java.lang.Object _resp = _call.invoke(new java.lang.Object[] {header}); //this call is causing error
               .....}
      
      I get the following error:
      
      faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
       faultSubcode: 
       faultString: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
       faultActor: 
       faultNode: 
       faultDetail: 
           {http://xml.apache.org/axis/}stackTrace:java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
           at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
           at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
           at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)  .....
           
      Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
           at java.security.Provider$Service.newInstance(Unknown Source)
           at sun.security.jca.GetInstance.getInstance(Unknown Source)
           at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:79)
           ... 45 more
      Caused by: java.security.UnrecoverableKeyException: Cannot recover key
           at sun.security.provider.KeyProtector.recover(Unknown Source)
           at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
           at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
           at java.security.KeyStore.getKey(Unknown Source)
           ... 53 more
      
           {http://xml.apache.org/axis/}hostname:foo-bar
      
      java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
           at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
           at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
           at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
           at java.awt.EventDispatchThread.run(Unknown Source)
      Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
           at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
           ... 42 more
      Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
           at java.security.Provider$Service.newInstance(Unknown Source)
           ... 45 more
      Caused by: java.security.UnrecoverableKeyException: Cannot recover key
           at sun.security.provider.KeyProtector.recover(Unknown Source)
           at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
           
           ... 53 more
       
      {code}
      So basically I have the keystore in there with my personal public and private key. The truststore doesnt seem to be needed as i get the same exact error when i do include it. i searched around and it seems others dont use the generated code and am not sure how to fix this.... am i missing something else in my keystores or it is something else? thanks!
      
      Edited by: shaselai on Sep 17, 2010 1:32 PM                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
        • 1. Re: UnrecoverableKeyException: Cannot recover key - need help figuring out....
          jschellSomeoneStoleMyAlias
          I believe there are some security forums. Might be better to post there.
          • 2. This Thread is now moved
            DarrylBurke
            Note: This thread was originally posted in the [Java Programming|http://forums.sun.com/forum.jspa?forumID=31] forum, but moved to this forum for closer topic alignment.
            • 3. Re: This Thread is now moved
              843811
              anyone can help or know the reason?
              • 4. Re: UnrecoverableKeyException: Cannot recover key - need help figuring out....
                EJP
                System.setProperty("javax.net.ssl.keyStore","C:\\Program Files\\Java\\jdk1.6.0_07\\lib\\security\\keystore");
                That's a strange place to put a keystore. It's your own personal property, not Java's. It should be with the application.
                Caused by: java.security.UnrecoverableKeyException: Cannot recover key
                     at sun.security.provider.KeyProtector.recover(Unknown Source)
                     at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
                     at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
                     at java.security.KeyStore.getKey(Unknown Source)
                I suspect you have the wrong keystore password.
                • 5. Re: UnrecoverableKeyException: Cannot recover key - need help figuring out....
                  843811
                  Hi,
                  i dont think it is the password to keystore problem... i originally had keystore pass as "changeit" and had the error you saw above.
                  I changed it to the cert's pass and got:
                  Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
                       at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
                       at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
                       at java.security.KeyStore.load(Unknown Source)
                       at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(Unknown Source)
                       at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(Unknown Source)
                       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                       at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
                       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
                       at java.lang.reflect.Constructor.newInstance(Unknown Source)
                       at java.lang.Class.newInstance0(Unknown Source)
                       at java.lang.Class.newInstance(Unknown Source)
                       ... 53 more
                  Caused by: java.security.UnrecoverableKeyException: Password verification failed
                       ... 64 more


                  which shows that the previous keystore pass is correct. So it seems the keystore was opened fine... do i need to provide the password of the cert anywhere? i am not sure where to put that... or I need the cert to be configured differently?


                  I also notice in some posts with similar problem people explicitly loads the cert which isn't the case here since it is done automatically... do i need to load the key somewhere or it should be taken care of automatically?
                  thanks

                  Edited by: shaselai on Sep 20, 2010 11:10 AM
                  • 6. Re: UnrecoverableKeyException: Cannot recover key - need help figuring out....
                    EJP
                    Looks like a corrupt keystore then. There's no need to load it yourself unless you are juggling multiple keystores or doing strange things at runtime, you're just writing existing code twice, and it wouldn't change anything.
                    • 7. Re: UnrecoverableKeyException: Cannot recover key - need help figuring out....
                      843811
                      i see... well here's the steps i took to generate the keystore and put the certs in:

                      1 .Get the .pfx file for the cert - got from our website - got similar cert and it installs on IE/FE fine so dont think it is the .pfx?
                      2. openssl.exe pkcs12 -in YourCert.pfx -nocerts -out privateKey.pem
                      3. openssl.exe pkcs12 -in YourCert.pfx -clcerts -nokeys -out publicCert.pem
                      4. openssl pkcs8 -topk8 -nocrypt -in privateKey.pem -inform PEM -out privateKey.der -outform DER
                      5. openssl x509 -in publicCert.pem -inform PEM -out publicCert.der -outform DER
                      6.java ImportKey privateKey.der publicCert.der

                      I thought I needed to import both private key and public key in keytool so i found a java class called "ImportKey" that does just that. It takes in priv and pub .der files (thats why i did 2-5) and put them in a new keystore. I used the SAME password as the cert's throughout as well. When i view the keystore i do see the cert in there and no errors...

                      And on the code for getting the cert -you said i dont need to do anything so that part that java does (i guess when i call .ingest()) should be 100% good right?

                      any suggestions?
                      • 8. Re: UnrecoverableKeyException: Cannot recover key - need help figuring out....
                        854472
                        I was having exactly the same problem. I could run keytool or openssl commands on it just fine so I doubted it was corrupted.

                        Here's how to solve it:

                        1. The keystore pw is used when you "load" the keystore.
                        2. Use the key's pw when you get the key.

                        Code:
                        keystore.load(new FileInputStream(certificateFile), passPhrase);
                        ...
                        PrivateKey myPrivateKey = (PrivateKey) keystore.getKey(keyAlias, keyPassword.toCharArray());