I'm using Apache CXF (v2.7.3) to call a SOAP service over HTTPS. I can load the truststore from a file but not from the classpath - I get "Invalid keystore format" error.
I have this config in my cfx.xml file:
<http:conduit name="*.http-conduit">
<http:tlsClientParameters>
<sec:trustManagers>
<!-- For some reason, when I use the resource field, I get a "Invalid keystore format" exception -->
<sec:keyStore type="JKS" password="MYPASSWORD"
resource="truststore.jks" />
<!-- THIS WORKS FINE: <sec:keyStore type="JKS" password="MYPASSWORD"
file="/fullPathToMyTrustStore/truststore.jks" /> -->
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
I can load the trust store from file, but not from the classpath. I can tell from the exception that truststore.jks file is being found, but it is invalid. This is the stacktrace of exception thrown.
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getKeyStore(TLSParameterJaxBUtils.java:142)
at org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils.getTrustManagers(TLSParameterJaxBUtils.java:292)
at org.apache.cxf.configuration.jsse.TLSClientParametersConfig.createTLSClientParametersFromType(TLSClientParametersConfig.java:114)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:149)