java.security.KeyStoreException when trying to create HTTP instance

Hello,

I am running a code in a WAS container and when I try to create the HTTP instance like:

val x = Http()

I am receiving the error below.

ServletWrappe E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet com.avaya.ept.snapins.scalatemplate.web.RecordServlet: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: IBMJSSE2, class: com.ibm.jsse2.ag)
at java.security.Provider$Service.newInstance(Provider.java:1628)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:248)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:176)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:30)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:27)
at com.typesafe.sslconfig.ssl.Ciphers$.java17RecommendedCiphers$lzycompute(Ciphers.scala:29)
at com.typesafe.sslconfig.ssl.Ciphers$.java17RecommendedCiphers(Ciphers.scala:28)
at com.typesafe.sslconfig.ssl.Ciphers$anonfun$recommendedCiphers$2.apply(Ciphers.scala:26)
at com.typesafe.sslconfig.ssl.Ciphers$anonfun$recommendedCiphers$2.apply(Ciphers.scala:26)
at com.typesafe.sslconfig.ssl.package$.foldVersion(package.scala:39)
at com.typesafe.sslconfig.ssl.Ciphers$.recommendedCiphers(Ciphers.scala:24)
at com.typesafe.sslconfig.akka.AkkaSSLConfig.configureCipherSuites(AkkaSSLConfig.scala:186)
at com.typesafe.sslconfig.akka.AkkaSSLConfig.(AkkaSSLConfig.scala:90)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.createExtension(AkkaSSLConfig.scala:29)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.createExtension(AkkaSSLConfig.scala:19)
at akka.actor.ActorSystemImpl.registerExtension(ActorSystem.scala:917)
at akka.actor.ExtensionId$class.apply(Extension.scala:79)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.apply(AkkaSSLConfig.scala:24)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.apply(AkkaSSLConfig.scala:19)
at akka.http.scaladsl.HttpExt.(Http.scala:51)
at akka.http.scaladsl.Http$.createExtension(Http.scala:928)
at akka.http.scaladsl.Http$.createExtension(Http.scala:804)
at akka.actor.ActorSystemImpl.registerExtension(ActorSystem.scala:917)
at akka.actor.ExtensionId$class.apply(Extension.scala:79)
at akka.http.scaladsl.Http$.apply(Http.scala:923)
at com.avaya.ept.snapins.scalatemplate.web.RecordServlet.doPost(RecordServlet.scala:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1232)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:781)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:480)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:97)
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:967)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1107)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3951)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1014)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture$1.run(AsyncChannelFuture.java:205)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect
at com.ibm.jsse2.ae.a(ae.java:112)
at com.ibm.jsse2.ag.g(ag.java:19)
at com.ibm.jsse2.ag.(ag.java:1)
at sun.reflect.GeneratedConstructorAccessor493.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
at java.security.Provider$Service.newInstance(Provider.java:1606)
… 53 more

Is there any way to avoid the code tries to create an SSLContext instance?

I am saying that because I will just need to make an HTTP request using TCP protocol. I don’t have any intention to use SSL in my code at this time.

I guess it is picking up JVM system properties setup for the container or something like that.

Try manually providing a HttpConnectionContext, you should be able to use HttpConnectionContext.noEncryption()

Hi Johan, thanks for replying.

Can you be more specific? I think if I try sending this connection context to the Http instance it would be already created. I mean:

Http().setConnectionContext(HttpConnectionContext.noEncryption()) or something.

That time Http.apply was already called and the error would be thrown.

Is there a way to set this before creating the Http instance?

Ah, sorry, missed that it happened already when the Http extension was initialized. I cannot see a straight forward way to work around this. Please open up a ticket in the Akka HTTP issue tracker.