Am 14.10.2018 um 09:32 schrieb Itai:
Running on Debian with OpenJDK 1.8.0_171 yields the following exception:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
com.sun.javafx.application.LauncherImpl.launchApplicationWithArgs(LauncherImpl.java:389)
at
com.sun.javafx.application.LauncherImpl.launchApplication(LauncherImpl.java:328)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at sun.launcher.LauncherHelper$FXHelper.main(LauncherHelper.java:767)
Caused by: java.security.KeyStoreException: Windows-ROOT not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at sample.Main.getRootCertificates(Main.java:73)
at sample.Main.main(Main.java:46)
... 11 more
Caused by: java.security.NoSuchAlgorithmException: Windows-ROOT KeyStore
not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 13 more
The file lib/security/cacerts does exist (it's a symbolic link to
/etc/ssl/certs/java/cacerts at least on my setup)
Thanks! I'll change my code soon.
Although I've received a mail (which may or may not have been for the
list) "JDK roots are for SSL" and pointing me to
https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers
Tilman
On Sat, Oct 13, 2018 at 10:53 PM Tilman Hausherr <[email protected]>
wrote:
Could somebody who is on linux or uses openjdk test this code? I know
it works on windows with oracle jdk but I'd like to know about others.
I'd like to know whether it works on linux (is an
InvalidAlgorithmParameterException trace getting printed or is a
different exception being thrown?) or with openjdk (does the cacerts
file exist?)
If all is good, then the set returned is not empty.
Tilman
private Set<X509Certificate> getRootCertificates()
throws GeneralSecurityException, IOException
{
Set<X509Certificate> rootCertificates = new HashSet<>();
// https://stackoverflow.com/questions/3508050/
String filename = System.getProperty("java.home") +
"/lib/security/cacerts";
KeyStore keystore;
try (FileInputStream is = new FileInputStream(filename))
{
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, null);
}
PKIXParameters params = new PKIXParameters(keystore);
for (TrustAnchor trustAnchor : params.getTrustAnchors())
{
rootCertificates.add(trustAnchor.getTrustedCert());
}
//
https://www.oracle.com/technetwork/articles/javase/security-137537.html
try
{
keystore = KeyStore.getInstance("Windows-ROOT");
keystore.load(null, null);
params = new PKIXParameters(keystore);
for (TrustAnchor trustAnchor : params.getTrustAnchors())
{
rootCertificates.add(trustAnchor.getTrustedCert());
}
}
catch (InvalidAlgorithmParameterException ex)
{
// not on windows
ex.printStackTrace();
}
return rootCertificates;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
