Closed manbucy closed 2 years ago
Hi @manbucy
Thank you for the very detailed issue description. It is very helpful when investigating this issue, I really appreciate it! I have tried this out locally and for me this issue is not happening, see below for the screenshot:
As you can see one certificate is loaded and also visible within the trustmanager of the sslcontext. I think this issue is caused by CertificateUtils not being able to find the certificate on your classpath, but to be sure I need to ask if you can retry something on your side. Can you put the statement of CertificateUtils on a separate line and check whether the list is empty or has elements? So basically the following snippet:
List<Certificate> certificates = CertificateUtils.loadCertificate("ca.crt");
SSLFactory sslFactory = SSLFactory.builder()
.withTrustMaterial(certificates)
.build();
@Hakky54 Thank you for your reply, i have put the statement of CertificateUtils on a separate line, but the trustedCerts is still emply.
but when i use jdk11, I found the sslcontext become correct.
sun.security.pkcs12.PKCS12KeyStore.setCertEntry(String alias, Certificate cert, Set<Attribute> attributes)
JDK-10+0 and previous versions are entries.put(alias, certEntry);
source code
JDK-10+1 and later versions are entries.put(alias.toLowerCase(Locale.ENGLISH), certEntry);
source code
I tried jdk 1.8.0_302 which did not have this issue. I currently don't have my dev environment next to me, so i will come back to you in 4 hours and try out with jdk 1.8.0_202 locally
I have retried it with jdk 1.8.0_202 and indeed that issue is present over there and your PR changes fixes it. Very well investigated! I am amazed for your detailed research. Thank you very much for this issue and pull request. I have approved the PR and merged it.
Just out of curiosity, why are you using jdk 1.8.0_202 and not using the latest version of jdk 1.8?
Just out of curiosity, why are you using jdk 1.8.0_202 and not using the latest version of jdk 1.8?
This JDK1.8.0_202 was installed in 2019 when it was the latest version and I haven't updated it since. Jdk1.8.0_202, on the other hand, is the last OTN License release that many companies will choose.
Yes, very understandable and I didn't know about the OTN license!
I have just released your fix which is now available at version 7.4.1
. Good luck, please let me know if you have any other improvements 😄
Describe the bug Hello, I am going to create an SSLContext with the following code, but the resulting SSLContext does not appear to be complete and its trustedCerts is empty.
the content of ca.crt
Environmental Data:
Additional context I found out the cause of the problem, when create
X509TrustManagerImpl
, its trustedCerts is already empty.sun.security.ssl.X509TrustManagerImpl
sun.security.validator.KeyStores.getTrustedCerts(KeyStore var0)
java.security.KeyStore.isCertificateEntry(String alias)
sun.security.pkcs12.PKCS12KeyStore.engineIsCertificateEntry(String var1)
the entries keys has the capital letters, but the parametervar1
is lowercase lettersCan you consider changing alias to lowercase in the
nl.altindag.ssl.util.KeyStoreUtils.createTrustStore(List<T> certificates)
ornl.altindag.ssl.util.CertificateUtils.generateAlias(Certificate certificate)