How to define key store in SoapUI it is giving error invalid keystore format. Which file i to define for that.
In my case, I use a .pfx file. On the SSL tab, I enter the path to the .pfx and the password. Then it "just works".
There is apparently a problem with v4.5, as some users (including a co-worker) are getting "invalid keystore format", with keystores that worked previously. See this link:
http://www.eviware.com/forum/viewtopic.php?f=4&t=13181&p=33196&hilit=p12#p33196
I had a different error with 4.5, so I'm back to 4.0 which is working fine for me. Perhaps your issue will go away if you use 4.0 instead.
Related
The case: I am maintaining a Java applet which uses the BouncyCastle libraries bcpkix-jdk15on-149.jar, and bcprov-jdk15on-149.jar.
Problem is when the applet is run on a JRE version 7_u40 enabled browser.
The behavior has changed from version 7_u25 in a way that it always prompts a modal window like "Security prompt for an app using a self-signed certificate" (which cannot be permanently hidden anymore), just to trust bcprov.
https://www.java.com/en/download/help/appsecuritydialogs.xml
As far as I know, this is because BC libraries are signed with the BouncyCastle certificate, issued by the "JCE Code Signing CA".
Because of that, the lib can perform and act as a cryptography provider.
BUT: the JRE can not build the certificate chain to trust the signature. It shows "provider : UNKNOWN"
I know i can remove that signature and sign by myself (I own a Thawte code sign certificate):
it works with bcpkix lib
it does not work with bcprov because it won't be considered as a valid cryptography provider (it won't be trusted by the JRE).
Am I right?
What can I do?
PS: I googled a lot to find the JCA root cert (to put it into the JRE truststore), without success... Is there a way to grab that root CA?
After a lot of search and some post in BC mailing list.... I found the solution, so I drop it here for others who may face that issue:
The solution is basically to sign the BC library a second time with my own certificate.
The JAR needs the JCA signature in order to be trusted as a cryptography provider, so do not remove it.
The JAR also needs (in addition) a code signature in order to be able to be run in the JVM (trusted by the JRE).
One last thing, some incompatibility happened on the signature technology:
BC lib is signed using SHA1 digest algorythm
jarsigner (on my computer) is doing the signature with SHA256 digest algorythm by default, which leads to a verification failure.
So I had to ask jarsigner to do it the SHA1 way. (for some reason both signatures have to be consistent from that point of view)
Here is the magic parameter of jarsigner command to add and make it happen:
-digestalg SHA1
Sample command:
jarsigner -keystore ./mykeystore.jks -storepass myPass -digestalg SHA1 bcprov-jdk15on-149.jar myAlias
... and you're done!
The following post gave me the tip: What prevents Java from verifying signed jars with multiple signature algorithms
We can also include the other stackoverflow post and the answer that helped me:
Putting the line:
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
Helped me getting rid of the exception.
Source:
jce cannot authenticate the provider bc
I am using svn repository with my iPhone project,
My problem is when i am try to check out project it's give me error
SVN : URL 'http://Presentation:81/svn/
'is malformed or the scheme or host or path is missing
Host is reachable on above URL.
My Xcode version is 4.1
Please suggest me how can i solve this problem?
svn does some things differently there. For example when using https://.. it sometimes complains that it couldn't verify a certificate while Safari and the rest of MacOS X perfectly can do it. The reason is that svn doesn't use the root cerficate storage of MacOS X and thus doesn't recognized manually added certificates but only uses its built in one I believe.
As you specify a hostname of "Presentation", it could very well be that svn does not autocomplete that name to the fully qualified domainname. So try with the full name instead.
Secondly the error string above starts the shown URL with a ' but doesn't end with one which somehow indicate you might have added a quote too much by mistake or it could simply be a copy&paste error.
I am very new to iOS development, I have an app all set and ready to be distributed, but I seem to get this error every single time I run the application on my DEVICE only, the iOS simulator works just fine. Heres the full error:
Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate. (-19011)
Here's the entire log:
Validate "/Users/masonsocha/Library/Developer/Xcode/DerivedData/Multibrowser-brgeiknbjgrywwehhohafjwxjqnk/Build/Products/App Store-iphoneos/Multibrowser.app"
cd /Users/masonsocha/Desktop/Apps/MultiBrowser
setenv PATH "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
setenv PRODUCT_TYPE com.apple.product-type.application
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/Validation "/Users/masonsocha/Library/Developer/Xcode/DerivedData/Multibrowser-brgeiknbjgrywwehhohafjwxjqnk/Build/Products/App Store-iphoneos/Multibrowser.app"
warning: Application failed codesign verification. The signature was invalid, contains disallowed entitlements, or it was not signed with an iPhone Distribution Certificate. (-19011)
Executable=/Users/masonsocha/Library/Developer/Xcode/DerivedData/Multibrowser-brgeiknbjgrywwehhohafjwxjqnk/Build/Products/App Store-iphoneos/Multibrowser.app/Multibrowser
codesign_wrapper-0.7.10: using Apple CA for profile evaluation
AssertMacros: trust_result == kSecTrustResultUnspecified, file: codesign_wrapper.c, line: 594
AssertMacros: profile, file: codesign_wrapper.c, line: 918
codesign_wrapper-0.7.10: Failed to load provision profile from: /Users/masonsocha/Library/Developer/Xcode/DerivedData/Multibrowser-brgeiknbjgrywwehhohafjwxjqnk/Build/Products/App Store-iphoneos/Multibrowser.app/embedded.mobileprovision
- (null)
I have already tried shortening the length of the project name, that did not help, I am currently using OSX Lion, on Xcode 4.3.2. I have spent all night pulling my hair out, please help!
May be xcode selects one of the development profile to sign the code with it.
Make sure it uses the distribution profile
press the project, in the Build Settings -> Code Signing section expand Code Signing Identity -> Release - > make sure that Any iOS SDK is referring to distribution profile.
I had the exact same issue..
Go to Keychain Access
Verify that you have your Public and Private keys set up correctly. This is a good reference https://developer.apple.com/legacy/library/technotes/tn2250/_index.html
I had previously adjusted my Keychain Certificate Preferences to make Outlook work but that pretty much screwed up XCode code signing..
After I set these to the "best attempt" setting (see screenshot) validation worked fine
You could solve it is not leaving the profile selection to xcode. Manually select the correct release profile in the project settings and it will go through.
I had same issue even after checking all signing stuff. I had the old "Can be debugged" setting in my entitlements file. Switching it to get-task-allowed fixed the problem. Apple has instructions on how to debug signing issues.
I had this problem but found that none of the above issues solved it. Eventually I found the solution by working through Apple's Technical Note (https://developer.apple.com/legacy/library/technotes/tn2250/_index.html) on the subject.
The specific problem in my case was an asset that was either missing or was hidden (I didn't find out which), but that wasn't flagged as a problem file anywhere else in the build process. I've outlined the steps I took to discover this below.
Archive the build, save for adhoc deployment.
Navigate to the ipa in finder, rename to .zip.
Double-click to unarchive, open the 'Payload' folder
Open a Terminal, and enter the following:
codesign --verify -vvvv -R='anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)' /Path/to/your/app.app
Instead of entering /Path/to/your/app.app, drag and drop the *.app file from the Payload folder into the terminal, ensure there's a space between the end of the command and the filename, and hit return.
I got an error in the output saying 'a sealed resource is missing or invalid', with the name of the file causing the problem (it began with a dot, which may have been the problem). When I searched for the filename in the XCode project browser I found the file, but when I looked in the Finder, it wasn't on disk.
The fix was simply to remove the file from the XCode project browser, and the error went away. I would definitely say to anyone getting a similar problem - work through Apple's tech notes. They're a bit badly worded but the solution is likely to be in there somewhere.
I had the same problem and solved it by:
Changing the Automatic Profile Selector value from "iPhone Developer" to "iPhone Distribution" according to section Assigning Provisioning Profiles to Build Configurations.
Download the Distribution Provisioning Profile and double-click on it in order to add it.
I moved the my project from one mac to another new one , i tried to built the project and there is no errors appear , when i tried to Archive it the following error appear
"The identity 'iPhone Distribution: Jeeran for Software Development' doesn't match any valid, non-expired certificate/private key pair in the default keychain"
Please advice me what i can do with error
Assuming archive and building for device was working fine on your old system, the most likely explanation is that you forgot to migrate your private key from your old mac.
Open up Keychain on the old mac:
Choose Category: Keys on the left pane
Find the key, not certificate (type "private key") that you were using to codesign.
Choose File | Export Items. Export the key as a *.p12 file.
Import on your new mac.
If you do it correctly, from Xcode Organizer under Provisioning Profiles you should not see any warnings.
EDIT
This issue is very common: documented at the top of Xcode FAQ
Everything you need to know is in the iOS Code Signing Setup, Process, and Troubleshooting technote
Including what to do if you no longer have access: How do I delete/revoke my certificates and start over fresh?
I know that this is very common problem and I have gone through almost all the similar threads out here but no luck! This started happening after I renewed my membership with Apple!
I have confirm that I have private and public key in Key Chain, the required certificate listed under My Certificate, have my development certificate, and AWDR certificated installed but still under XCode organizer I get message saying "profile doesn't match any valid certificate/private key pair in default key chain". I also restarted mac twice.
Also I have confirmed everything mentioned at http://developer.apple.com/library/ios/#qa/qa1618/_index.html
What else to do? I have been scratching my head since last 3-4 hours now without any luck!
Thanks.
You could try and have a look at the project.pbxproj located inside the .xcodeproj package (open it by right clicking and select 'Show package contents'). Search the file for PROVISIONING_PROFILE and make sure everything checks out to the correct profiles. I've had problems in the past when Xcode doesn't really update this file but when I do it manually it works.
After so much pain I exported keys from other MAC where it works and imported on my Machine and RESTARTED MAC then it started working!
I could have revoked the certificates and create them from scratch so while generating CA Authority request certificate private keys would be generated on my machine. Learn to save these keys in .p12 format on shared location so that you simply need to double click to install it again!