Skip to content

Adoptium Temurin JDK 11 is breaking certificate installΒ #679

New issue
New issue
Open
Open
Adoptium Temurin JDK 11 is breaking certificate install#679
Assignees
damacus
Labels
BugSomething isn't workingFeature RequestEnhancement to existing functionality or new functionalityPriority: HighCritical work that must be completed
@joaoafonso11

Description

@joaoafonso11
joaoafonso11
opened on Jan 16, 2023

πŸ—£οΈ Foreword

Installing Adoptium Temurin JDK 11 is breaking the certificate install when using the java_certificate resource.

πŸ‘» Brief Description

When using Adoptium Temurin JDK 11 the java_certificate resource is trying to use an incorrect path to locate the keystore:
It should be $JAVA_HOME/lib/security/cacerts, instead it's using $JAVA_HOME/jre/lib/security/cacerts

It appears there is no jre folder for this Java distribution/version.

πŸ₯ž Cookbook version

11.1.1

πŸ‘©β€πŸ³ Chef-Infra Version

16.1.16

🎩 Platform details

Test Kitchen version 3.5.0
Vagrant 2.3.4
CentOS Linux release 7.5.1804 (Core)

Steps To Reproduce

Steps to reproduce the behavior:

  1. Install Adoptium Temurin JDK 11:
adoptopenjdk_install '11' do
  variant 'hotspot'
  url 'https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.17%2B8/OpenJDK11U-jdk_x64_linux_hotspot_11.0.17_8.tar.gz'
  checksum 'b8d46ed08ef4859476fe6421a7690d899ed83dce63f13fd894f994043177ef3c'
  java_home node['java']['java_home']
  default true
end
  1. Install a certificate using java_certificate:
  java_certificate 'Install Crowd certificate' do
    cert_alias 'crowd'
    ssl_endpoint "crowd.example.com:443"
    action :install
  end
  1. The error will show up:
 STDOUT: keytool error: java.lang.Exception: Keystore file does not exist: /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts
       java.lang.Exception: Keystore file does not exist: /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts
       	at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:902)
       	at java.base/sun.security.tools.keytool.Main.run(Main.java:412)
       	at java.base/sun.security.tools.keytool.Main.main(Main.java:405)
       STDERR:
       ---- End output of /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/bin/keytool -list -keystore /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts -storepass changeit -v ----
       Ran /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/bin/keytool -list -keystore /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts -storepass changeit -v returned 1
       [2023-01-16T05:50:59+00:00] FATAL: Error querying keystore for existing certificate: 1
  1. As a workaround the keystore_path can be defined like so:
keystore_path "#{node['java']['java_home']}/lib/security/cacerts"

πŸš“ Expected behavior

A certificate should be installed using the correct path to the keystore.

Metadata

Metadata

Assignees

Labels

BugSomething isn't workingFeature RequestEnhancement to existing functionality or new functionalityPriority: HighCritical work that must be completed

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions