Dear All,
I updated my snow leopard with Java update 1 and it caused my smack-based IM lib crashed when trying to open a connection to an ejabberd server:
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.jivesoftware.smack.ServerTrustManager.(ServerTrustManager.java:63)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:12 46)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:313)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:76)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
Does anyone idea how to resolve this? Thank you in advance!
Best regards,
Imre
According to the result of a hard debugging, what i have learned is that the code is throwing exception here:
connectionSemaphore.tryAcquire(3 * waitTime, TimeUnit.MILLISECONDS);
in the method startup() of class PacketReader.
Could anyone help me with this?
After having dig deeper, i found this:
this code is called:
readerThread.start();
inside this code:
if parser.getName().equals(“proceed”)
case is active and this call is achieved:
connection.proceedTLSReceived();
and found this method call throw the exception:
context.init(kms,
new javax.net.ssl.TrustManager[]{new ServerTrustManager(serviceName, configuration)},
new java.security.SecureRandom());
The exception is coming from SSLContext of JavaSE. Why is working bad after having updated the Java under SL and how can i fix it?
Separating the code
context.init(kms,
new javax.net.ssl.TrustManager[]{new ServerTrustManager(serviceName, configuration)},
new java.security.SecureRandom());
to this:
javax.net.ssl.TrustManager[] t = new javax.net.ssl.TrustManager[]{new ServerTrustManager(serviceName, configuration)};
context.init(kms, t, new java.security.SecureRandom());
the constructor of ServerTrustManager class throws the exception with this code line:
trustStore.load(in, configuration.getTruststorePassword().toCharArray());
Values:
configuration.getTruststoreType(): jks
configuration.getTruststorePath(): /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/ca certs
configuration.getTruststorePassword():changeit
Any ideas anyone?
I made this sample code:
public class Truster {
public static void main(String[] args) {
try {
KeyStore trustStore =
KeyStore.getInstance(“jks”);
FileInputStream in = new FileInputStream(
“/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/c acerts”
);
trustStore.load(in,
“changeit”.toCharArray());
System.out.println("<>>>>>> 4 ");
}
catch (Exception e) {
e.printStackTrace();
}
}
}
It works on Snow leopard with build-in Java distribution but doesn’t work after java update 1 for SL.
Any idea?
After a successful dictionary attack, the password used by Apple for the keystore in the Update 1 is retrieved: “changeme”
I had to change it back to the standard “changeit” and it works now. Whew …
This worked to resolve the keystore error.
I used this command to reset the password: sudo keytool -storepasswd -new changeit -keystore /Library/Java/Home/lib/security/cacerts -storepass changeme