azuredocs's People
Contributors
Watchers
azuredocs's Issues
Jarsigner error with Azure Key Vault JCA
Hi, We are trying to use jarsigner to sign a jar file using the certificate from Azure Key Vault Premium but getting the below error.
We have followed the instructions as it is but still doesn't work. I was successful in signing using keytool certificate and keystore with jarsigner for the same certificate. But failing when trying to do via Azure Key Vault provider.
My command:
jarsigner -keystore NONE -storetype AzureKeyVault
-signedjar signerjar.jar <my_jar_file.jar>
-verbose -storepass ""
-providerName AzureKeyVault
-providerClass com.azure.security.keyvault.jca.KeyVaultJcaProvider
-J-Dazure.keyvault.uri=https://.vault.azure.net/
-J-Dazure.keyvault.tenant-id=***********
-J-Dazure.keyvault.client-id=************
-J-Dazure.keyvault.client-secret=*********************
Output and Error:
Picked up JAVA_TOOL_OPTIONS: -Djava.vendor="Sun Microsystems Inc."
Sep 20, 2023 1:28:38 PM com.azure.security.keyvault.jca.implementation.KeyVaultClient
INFO: Using Azure Key Vault: https://.vault.azure.net/
Sep 20, 2023 1:28:38 PM com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil getAccessToken
INFO: Getting access token using client ID / client secret
Sep 20, 2023 1:28:39 PM com.azure.security.keyvault.jca.implementation.utils.HttpUtil post
WARNING: Unable to finish the http post request.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:221)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:140)
at com.azure.security.keyvault.jca.implementation.utils.HttpUtil.post(HttpUtil.java:95)
at com.azure.security.keyvault.jca.implementation.utils.HttpUtil.post(HttpUtil.java:70)
at com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil.getAccessToken(AccessTokenUtil.java:107)
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAccessTokenByHttpRequest(KeyVaultClient.java:213)
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAccessToken(KeyVaultClient.java:194)
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAliases(KeyVaultClient.java:233)
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificates(KeyVaultCertificates.java:142)
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificatesIfNeeded(KeyVaultCertificates.java:130)
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.getAliases(KeyVaultCertificates.java:100)
at com.azure.security.keyvault.jca.KeyVaultKeyStore.(KeyVaultKeyStore.java:144)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.security.Provider$Service.newInstance(Provider.java:1595)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:698)
at java.security.KeyStore.getInstance(KeyStore.java:896)
at sun.security.tools.jarsigner.Main.loadKeyStore(Main.java:2038)
at sun.security.tools.jarsigner.Main.run(Main.java:273)
at sun.security.tools.jarsigner.Main.main(Main.java:128)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 43 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 49 more
jarsigner error: java.lang.RuntimeException: unable to instantiate keystore class: AZUREKEYVAULT not found
how we can sign Java jar files with Azure Key Vault
Hi backwind1233,
We tried using with Integrate KeyVault JCA provider with Jarsigner Doc to sign our jar files however, currently we are encounter the below error:
jarsigner error: java.lang.RuntimeException: private key is not a DSA or RSA key
And a certificate must be stored on an HSM so that is not an option:
Reissue your Code Signing certificate (digicert.com)
Could you please help on this?
Thanks,
Question regarding integrate_keyvault_JCA_provider_with_jarsigner.md
I have been looking to perform jar signing using key vault and stumbled across your documentation https://github.com/backwind1233/AzureDocs/blob/main/AzureJavaSDK/JCA/integrate_keyvault_JCA_provider_with_jarsigner.md
As I understand it, the extension mechanism has been removed from the latest version of Java, im using 17. My understanding of java is pretty limited so I was wondering what the process would be if using Java 17 for example
Any help is appreciated. it also links back to this discussion here Azure/azure-sdk-for-java#35677 as we use a HSM backed key vault
jarsigner: Certificate chain not found for: <certificate>. <certificate> must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
jarsigner: Certificate chain not found for: . must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
What did I miss?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.