Am 13.10.18 um 21:53 schrieb Tilman Hausherr:
Could somebody who is on linux or uses openjdk test this code? I know it works
on windows with oracle jdk but I'd like to know about others.
I'd like to know whether it works on linux (is an
InvalidAlgorithmParameterException trace getting printed or is a different
exception being thrown?) or with openjdk (does the cacerts file exist?)
I'm running fedora 28 with
OpenJDK Runtime Environment (build 1.8.0_181-b15)
OpenJDK 64-Bit Server VM (build 25.181-b15, mixed mode)
and I've got the following exception
Exception in thread "main" java.security.KeyStoreException: Windows-ROOT not
found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at TestTilman.getRootCertificates(TestTilman.java:43)
at TestTilman.main(TestTilman.java:17)
Caused by: java.security.NoSuchAlgorithmException: Windows-ROOT KeyStore not
available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:728)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 2 more
I have to follow two symlinks to get the "real" cacerts file.
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181.b15-5.fc28.x86_64/jre/lib/security/cacerts
-> /etc/pki/java/cacerts
/etc/pki/java/cacerts -> /etc/pki/ca-trust/extracted/java/cacerts
Andreas
If all is good, then the set returned is not empty.
Tilman
private Set<X509Certificate> getRootCertificates()
throws GeneralSecurityException, IOException
{
Set<X509Certificate> rootCertificates = new HashSet<>();
// https://stackoverflow.com/questions/3508050/
String filename = System.getProperty("java.home") +
"/lib/security/cacerts";
KeyStore keystore;
try (FileInputStream is = new FileInputStream(filename))
{
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, null);
}
PKIXParameters params = new PKIXParameters(keystore);
for (TrustAnchor trustAnchor : params.getTrustAnchors())
{
rootCertificates.add(trustAnchor.getTrustedCert());
}
//
https://www.oracle.com/technetwork/articles/javase/security-137537.html
try
{
keystore = KeyStore.getInstance("Windows-ROOT");
keystore.load(null, null);
params = new PKIXParameters(keystore);
for (TrustAnchor trustAnchor : params.getTrustAnchors())
{
rootCertificates.add(trustAnchor.getTrustedCert());
}
}
catch (InvalidAlgorithmParameterException ex)
{
// not on windows
ex.printStackTrace();
}
return rootCertificates;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
