AggCat Java Framework Cannot Read Certificate File

Question

I'm integrating the AggCat Java API into my webserver. Unfortunately, the AggCat 1.0 Java framework cannot read my Java keystore (.jks) file correctly when I run it on a Tomcat (or GlassFish) web server.

I verified this by running the following identical code through a stand-alone Java program (where it worked perfectly), and then tried calling it in a Tomcat Servlet's method:

public static void main(String[] args){
     AggCatTester aggcat = new AggCatTester();
     aggcat.testAggcat();
}

public void testAggcat() {
    Config.setProperty(Config.KEY_STORE_FILE, "./keystore.jks");
    Config.setProperty(Config.KEY_STORE_PASSWORD, "XXXXXXXX");
    Config.setProperty(Config.OAUTH_URL,
            "https://oauth.intuit.com/oauth/v1/get_access_token_by_saml");
    Config.setProperty(Config.CERT_ALIAS, "XXX");
    Config.setProperty(Config.KEY_PASSWORD, "XXXXXXXXX");

    OAuthAuthorizer oauth = new OAuthAuthorizer(consumerKey,
            consumerSecret, samlProviderId, userId);
    er.service = new AggCatService(new com.intuit.ipp.aggcat.core.Context(oauth));


    InstitutionDetail details = er.service.getInstitutionDetails(455);
    System.out.println(details.getInstitutionName());
}

When I call the testAggcat() method from a stand-alone command-line java program, it works no problem and prints the Institution defined by ID 455. When I call the testAggCat() method from a servlet, I get an "UnrecoverableKeyException" that says my keystore password is invalid with the following stacktrace:

    SEVERE: com.intuit.ipp.aggcat.exception.OAuthException: com.intuit.ipp.aggcat.exception.AggCatException: Exception while reading the certificate file
    at com.intuit.ipp.aggcat.util.OAuthUtil.getOAuthTokens(OAuthUtil.java:82)
    at com.intuit.ipp.aggcat.util.OAuthUtil.getOAuthTokens(OAuthUtil.java:57)
    at com.intuit.ipp.aggcat.core.OAuthAuthorizer.<init>(OAuthAuthorizer.java:85)
    at com.astar.zloty.webservice.rest.impl.EmployeeResource.initialize(EmployeeResource.java:97)
    at com.astar.zloty.webservice.rest.impl.EmployeeResource.testApi(EmployeeResource.java:72)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
    at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
    at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
    at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
    at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
    at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
    at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:708)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
    at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
    at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
    at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
    at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
    at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
    at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
    at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
    at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
    at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
    at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
    at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
    at java.lang.Thread.run(Thread.java:680)
    Caused by: com.intuit.ipp.aggcat.exception.SamlAssertionException: com.intuit.ipp.aggcat.exception.AggCatException: Exception while reading the certificate file
    at com.intuit.ipp.aggcat.util.SamlUtil.createSignedSAMLPayload(SamlUtil.java:159)
    at com.intuit.ipp.aggcat.util.OAuthUtil.getOAuthTokens(OAuthUtil.java:72)
    ... 48 more
    Caused by: com.intuit.ipp.aggcat.exception.AggCatException: Exception while reading the certificate file
    at com.intuit.ipp.aggcat.util.SAMLCredentials.<init>(SAMLCredentials.java:60)
    at com.intuit.ipp.aggcat.util.SamlUtil.createSignedSAMLPayload(SamlUtil.java:155)
    ... 49 more
    Caused by: com.intuit.ipp.aggcat.exception.AggCatException: Exception when loading the cert.
    at com.intuit.ipp.aggcat.util.SAMLCredentials.loadCredential(SAMLCredentials.java:118)
    at com.intuit.ipp.aggcat.util.SAMLCredentials.<init>(SAMLCredentials.java:58)
    ... 50 more
    Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at com.intuit.ipp.aggcat.util.SAMLCredentials.loadCredential(SAMLCredentials.java:94)
    ... 51 more
    Caused by: java.security.UnrecoverableKeyException: Password verification failed
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
    ... 54 more

Answer 1

Could you submit a support ticket (http://developer.intuit.com/Support.html) with the war file so I can verify the structure of the app and contents of the config ?

Answer 2

I was facing this issue. My problem went away by putting the keystore.jks file directly at the root of the classpath instead of placing it in some folder in the classpath.

keystore.jks