From dev-return-58866-archive-asf-public=cust-asf.ponee.io@pdfbox.apache.org Sun Oct 14 09:55:02 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 61271180670 for ; Sun, 14 Oct 2018 09:55:02 +0200 (CEST) Received: (qmail 52607 invoked by uid 500); 14 Oct 2018 07:55:01 -0000 Mailing-List: contact dev-help@pdfbox.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@pdfbox.apache.org Delivered-To: mailing list dev@pdfbox.apache.org Received: (qmail 52548 invoked by uid 99); 14 Oct 2018 07:55:00 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 14 Oct 2018 07:55:00 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id CA4591A11EE for ; Sun, 14 Oct 2018 07:54:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.98 X-Spam-Level: X-Spam-Status: No, score=0.98 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 7JIJr5Y2qeco for ; Sun, 14 Oct 2018 07:54:57 +0000 (UTC) Received: from mailout09.t-online.de (mailout09.t-online.de [194.25.134.84]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id C90D95F3ED for ; Sun, 14 Oct 2018 07:54:56 +0000 (UTC) Received: from fwd40.aul.t-online.de (fwd40.aul.t-online.de [172.20.26.139]) by mailout09.t-online.de (Postfix) with SMTP id E95BF4259FEC for ; Sun, 14 Oct 2018 09:54:55 +0200 (CEST) Received: from [192.168.2.108] (E4+6IgZAZhONDAFmBZCgo2-C6DuFwdGdjj+5WYOQlMMibcZtYIYF-AaPOK2LBF2Qs2@[84.151.176.140]) by fwd40.t-online.de with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted) esmtp id 1gBbEf-3X7EDg0; Sun, 14 Oct 2018 09:54:49 +0200 Subject: Re: linux / openjdk test To: dev@pdfbox.apache.org References: <5e47ea52-b9e1-6a02-db83-d27caf653d87@t-online.de> From: Tilman Hausherr Message-ID: <59c2305c-f986-8c3c-e342-a3416a3db9d5@t-online.de> Date: Sun, 14 Oct 2018 09:54:49 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-ID: E4+6IgZAZhONDAFmBZCgo2-C6DuFwdGdjj+5WYOQlMMibcZtYIYF-AaPOK2LBF2Qs2 X-TOI-MSGID: bbfc34ac-8ff6-4529-96b4-92855ec833e6 Am 14.10.2018 um 09:32 schrieb Itai: > Running on Debian with OpenJDK 1.8.0_171 yields the following exception: > > java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > com.sun.javafx.application.LauncherImpl.launchApplicationWithArgs(LauncherImpl.java:389) > at > com.sun.javafx.application.LauncherImpl.launchApplication(LauncherImpl.java:328) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at sun.launcher.LauncherHelper$FXHelper.main(LauncherHelper.java:767) > Caused by: java.security.KeyStoreException: Windows-ROOT not found > at java.security.KeyStore.getInstance(KeyStore.java:851) > at sample.Main.getRootCertificates(Main.java:73) > at sample.Main.main(Main.java:46) > ... 11 more > Caused by: java.security.NoSuchAlgorithmException: Windows-ROOT KeyStore > not available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at java.security.Security.getImpl(Security.java:695) > at java.security.KeyStore.getInstance(KeyStore.java:848) > ... 13 more > > > The file lib/security/cacerts does exist (it's a symbolic link to > /etc/ssl/certs/java/cacerts at least on my setup) Thanks! I'll change my code soon. Although I've received a mail (which may or may not have been for the list) "JDK roots are for SSL" and pointing me to https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers Tilman > > On Sat, Oct 13, 2018 at 10:53 PM Tilman Hausherr > wrote: > >> Could somebody who is on linux or uses openjdk test this code? I know >> it works on windows with oracle jdk but I'd like to know about others. >> >> I'd like to know whether it works on linux (is an >> InvalidAlgorithmParameterException trace getting printed or is a >> different exception being thrown?) or with openjdk (does the cacerts >> file exist?) >> >> If all is good, then the set returned is not empty. >> >> Tilman >> >> >> private Set getRootCertificates() >> throws GeneralSecurityException, IOException >> { >> Set rootCertificates = new HashSet<>(); >> >> // https://stackoverflow.com/questions/3508050/ >> String filename = System.getProperty("java.home") + >> "/lib/security/cacerts"; >> KeyStore keystore; >> try (FileInputStream is = new FileInputStream(filename)) >> { >> keystore = KeyStore.getInstance(KeyStore.getDefaultType()); >> keystore.load(is, null); >> } >> PKIXParameters params = new PKIXParameters(keystore); >> for (TrustAnchor trustAnchor : params.getTrustAnchors()) >> { >> rootCertificates.add(trustAnchor.getTrustedCert()); >> } >> >> // >> https://www.oracle.com/technetwork/articles/javase/security-137537.html >> try >> { >> keystore = KeyStore.getInstance("Windows-ROOT"); >> keystore.load(null, null); >> params = new PKIXParameters(keystore); >> for (TrustAnchor trustAnchor : params.getTrustAnchors()) >> { >> rootCertificates.add(trustAnchor.getTrustedCert()); >> } >> } >> catch (InvalidAlgorithmParameterException ex) >> { >> // not on windows >> >> ex.printStackTrace(); >> >> } >> >> return rootCertificates; >> } >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org >> For additional commands, e-mail: dev-help@pdfbox.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For additional commands, e-mail: dev-help@pdfbox.apache.org