search

1and1 / CompositeJKS

Load a custom Java Keystore into the SSL Context without replacing the system CA list.
MIT License
30 stars 9 forks source link

SunX509 KeyManagerFactory not available - running IBM JVM #2

Closed ghost closed 6 years ago

ghost commented 6 years ago

I have implemented the code for Composite-JKS as described for my java client. I used Maven to add the dependency and added the SslContextUtils.mergeWithSystem(getClass().getClassLoader().getResourceAsStream("trust.jks")); statement to my java client. When I execute this statement, I receive the following error:

java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:171) at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:12) at com.oneandone.compositejks.SslContextUtils.getSystemKeyManager(SslContextUtils.java:85) at com.oneandone.compositejks.SslContextUtils.buildMergedWithSystem(SslContextUtils.java:71) at com.oneandone.compositejks.SslContextUtils.mergeWithSystem(SslContextUtils.java:27) at com.oneandone.compositejks.SslContextUtils.mergeWithSystem(SslContextUtils.java:41) at com.ibm.zss.client.boundary.ZssAPIResource.(ZssAPIResource.java:43) at com.ibm.zss.client.boundary.ZssAPIService.(ZssAPIService.java:38) at com.ibm.zss.client.ZssAPIServiceTest.setUpBeforeClass(ZssAPIServiceTest.java:32) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:24) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)

I found similar issues for other projects which indicate that the problem is that the SunX509 KeyManagerFactory is not available on a system running the IBM JVM. The solution was to allow the algorithm to be configurable. (See https://code.google.com/archive/p/javapns/issues/39 and https://code.google.com/archive/p/javapns/issues/41)

Is this option already configurable for CompositeJKS or can you add this support?

bastianeicher commented 6 years ago

Thanks for reporting this issue.

I have introduced a new static field SslContextUtils.X509Algorithm in commit 6e5314d. It defaults to SunX509 but can be overriden for use on other JVMs.

I will create a new release of CompositeJKS that includes this commit soon.