Skip to content

Jarsigner error with Azure Key Vault JCA #2

New issue
New issue
Open
Open
Jarsigner error with Azure Key Vault JCA#2
@vjayant93

Description

@vjayant93
vjayant93
opened on Sep 21, 2023

Hi, We are trying to use jarsigner to sign a jar file using the certificate from Azure Key Vault Premium but getting the below error.

We have followed the instructions as it is but still doesn't work. I was successful in signing using keytool certificate and keystore with jarsigner for the same certificate. But failing when trying to do via Azure Key Vault provider.

My command:

jarsigner -keystore NONE -storetype AzureKeyVault
-signedjar signerjar.jar <my_jar_file.jar>
-verbose -storepass ""
-providerName AzureKeyVault
-providerClass com.azure.security.keyvault.jca.KeyVaultJcaProvider
-J-Dazure.keyvault.uri=https://.vault.azure.net/
-J-Dazure.keyvault.tenant-id=***********
-J-Dazure.keyvault.client-id=************
-J-Dazure.keyvault.client-secret=*********************

Output and Error:

Picked up JAVA_TOOL_OPTIONS: -Djava.vendor="Sun Microsystems Inc."
Sep 20, 2023 1:28:38 PM com.azure.security.keyvault.jca.implementation.KeyVaultClient
INFO: Using Azure Key Vault: https://.vault.azure.net/
Sep 20, 2023 1:28:38 PM com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil getAccessToken
INFO: Getting access token using client ID / client secret
Sep 20, 2023 1:28:39 PM com.azure.security.keyvault.jca.implementation.utils.HttpUtil post
WARNING: Unable to finish the http post request.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:221)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165)
at com.azure.security.keyvault.jca.implementation.shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:140)
at com.azure.security.keyvault.jca.implementation.utils.HttpUtil.post(HttpUtil.java:95)
at com.azure.security.keyvault.jca.implementation.utils.HttpUtil.post(HttpUtil.java:70)
at com.azure.security.keyvault.jca.implementation.utils.AccessTokenUtil.getAccessToken(AccessTokenUtil.java:107)
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAccessTokenByHttpRequest(KeyVaultClient.java:213)
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAccessToken(KeyVaultClient.java:194)
at com.azure.security.keyvault.jca.implementation.KeyVaultClient.getAliases(KeyVaultClient.java:233)
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificates(KeyVaultCertificates.java:142)
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.refreshCertificatesIfNeeded(KeyVaultCertificates.java:130)
at com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates.getAliases(KeyVaultCertificates.java:100)
at com.azure.security.keyvault.jca.KeyVaultKeyStore.(KeyVaultKeyStore.java:144)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.security.Provider$Service.newInstance(Provider.java:1595)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:698)
at java.security.KeyStore.getInstance(KeyStore.java:896)
at sun.security.tools.jarsigner.Main.loadKeyStore(Main.java:2038)
at sun.security.tools.jarsigner.Main.run(Main.java:273)
at sun.security.tools.jarsigner.Main.main(Main.java:128)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 43 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 49 more

jarsigner error: java.lang.RuntimeException: unable to instantiate keystore class: AZUREKEYVAULT not found

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions