I have a JCEKS keystore that I am loading from a war file as a resource. I am using the keystore to store secret keys for AES encryption. The keystore works fine when I attempt to read from it in a canned project where I open the file directly. When I access the keystore as a resource, however, I am getting the following exception:

java.io.IOException: Keystore was tampered with, or password was incorrect
    at com.sun.crypto.provider.JceKeyStore.engineLoad(DashoA13*..)
    at java.security.KeyStore.load(KeyStore.java:1185)

After doing a little Googling this makes me believe that the passwords I am using are incorrect, but after verifying that they are right I am still getting the error. Here is where I am attempting to load in the keystore data.

public class AegisDataStoreFactory {
    ...
    static {
        InputStream in = null;
        try{
            final Configuration conf = Configuration.getConfiguration();
            final KeyStore ks = KeyStore.getInstance("JCEKS");
            in = AegisDataStoreFactory.class.getResourceAsStream(KEYSTORE);
            final String password = conf.getProp("keyStorePassword").trim();
            ks.load(in, password.toCharArray());
            ...
        } finally {
            if(in != null) {
                in.close();
            }
        }
    }
    ...
}

The program fails on the load with the IOException. I am at a loss here. It works fine when I am not loading it from within a war. I am using Maven to generate the war file.

Any thoughts?

Edit:
I figured out what was happening. I use Maven for my build and during the build I had filtering enabled for resource files. Up to this point I didn’t have any binary files in my resources directory (I only had some property files that I wanted to have the filtering on). Once I excluded the keystore from the filtering, but still made sure that the keystore was moved, it worked.