Hi, I have a Spring Boot 3 app with Java 17 and I'm using Bundles running on Ubuntu 24.04 Linux, with keystore.p12 and truststore.p12 files in PKCS12 format. All theese works ok for the project, but the problem I'm having es that WireMockServer does not like something on theese files, or happens something that I can't find out. This is the Bundles config in application.yml

spring:
   ssl:
      bundle:
         jks:
            client:
               reload-on-update: true
               keystore:
                  location: classpath:${keystore/server-keystore.p12}
                  password: (a password)
                  type: PKCS12
               truststore:
                  location: classpath:${keystore/server-truststore.p12}
                  password: (a password)
                  type: PKCS12

wiremock:
   enabled: true
   port: 8081

server:
   port: 8441
   ssl:
      enabled: true
      enabled-protocols: TLSv1.3
      client-auth: none
      bundle: server

And this is the WireMockConfig configuration class:

@Configuration
public class WireMockConfig {

    @Value("${wiremock.enabled}")
    private boolean wireMockEnabled;

    @Value("${wiremock.port:0}")
    private int wireMockPort;

    @Value("${server.ssl.enabled}")
    private boolean sslEnabled;

    @Value("${spring.ssl.bundle.jks.client.keystore.location}")
    private String jksClientKeystoreLocation;

    @Value("${spring.ssl.bundle.jks.client.keystore.password}")
    private String jksClientKeystorePassword;

    @Value("${spring.ssl.bundle.jks.client.keystore.type}")
    private String jksClientKeystoreType;

    private WireMockServer wireMockServer;

    @Bean
    public WireMockServer wireMockServer() {
        if (wireMockEnabled && wireMockPort > 0) {
            if (sslEnabled) {
                // Configuración de SSL
                wireMockServer = new WireMockServer(wireMockConfig()
                        .keystorePath(jksClientKeystoreLocation)
                        .keystorePassword(jksClientKeystorePassword)
                        .keystoreType(jksClientKeystoreType)
                        .httpsPort(wireMockPort));
            } else {
                wireMockServer = new WireMockServer(wireMockConfig()
                        .port(wireMockPort));
            }
            wireMockServer.start();
            return wireMockServer;
        }
        return null;
    }

    @PreDestroy
    public void stopWireMockServer() {
        if (wireMockServer != null && wireMockServer.isRunning()) {
            wireMockServer.stop();
        }
    }
}

The jksClientKeystoreLocation variable have "classpath:keystore/server-keystore.p12" The jksClientKeystorePassword variable have the correct password The jksClientKeystoreType variable have "PKCS12" value When running the application I have this error:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wireMockServer' defined in class path resource [com/cnd/bndp/controller/config/WireMockConfig.class]: Failed to instantiate [com.github.tomakehurst.wiremock.WireMockServer]: Factory method 'wireMockServer' threw exception with message: java.lang.RuntimeException: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
...
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.github.tomakehurst.wiremock.WireMockServer]: Factory method 'wireMockServer' threw exception with message: java.lang.RuntimeException: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
...
Caused by: com.github.tomakehurst.wiremock.common.FatalStartupException: java.lang.RuntimeException: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
...
Caused by: java.lang.RuntimeException: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
...
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
...
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
	at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:862)
	at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:942)
	at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:735)
	at java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:325)
	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2205)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:371)
	at java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:257)
	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:361)
	... 55 common frames omitted

Any idea what could cause this? Very thanks!

Hi, are you seeing any errors or stack traces ?

Yeah, sorry, I pressed Enter while writing all the info 🙂

Hi. Sorry for the delay in getting back to you. Been a little busy in the office. Great to hear you have solved the problem. Could you let us know what the issue was ?

I did set the truststore configuration and taked out an applicationReady event in which I did some test call to a mocked service that caused the problem. Calling the same mocked endpoint from Postman did solve it. I think that it have something related to the app not really ready for calling the test endpoint inside the applicationReady event.