OSX:trustAnchors参数必须为非空

时间:2018-10-24 14:40:36

标签: java macos ssl java-8 ssl-certificate

我正在使用macOS 10.12.6 (16G1510)。 我的Java是:

$ java -version
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)

$ /usr/libexec/java_home -V
Matching Java Virtual Machines (3):
    1.8.0_172, x86_64:  "Java SE 8" /Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home
    1.6.0_65-b14-468, x86_64:   "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
    1.6.0_65-b14-468, i386: "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home

/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home

/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts,但security下没有/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home/lib/子文件夹。

我从here找到了一个修复程序cd $(/usr/libexec/java_home -v 1.7)/jre/lib/security ln -fsh /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts。但在这种情况下,/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home/jre/lib/security/cacerts存在并且将被覆盖。

当我在Scala中运行Spark工作时,出现以下错误:

ForkJoinPool-1-worker-13, handling exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

我搜索并发现/etc/ssl/certs/java/cacerts中可能缺少某些内容,但这是针对ubuntu的。我不知道如何在Mac中验证和解决此问题。顺便说一句,我的Mac中没有/etc/ssl/certs/java目录。

欢迎任何想法。谢谢

更新

现在,/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home/jre/lib/security/cacerts-> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts。问题已解决。

我发现/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts不存在。

3 个答案:

答案 0 :(得分:0)

这是对my answer to "Updating java 6 cacerts with those from java 8

的细微变化

情况:需要在本地使用jdk6进行比较测试。 观察:所有Maven发起的下载均失败,并带有peer not authenticated。 问题:jdk6安装的密钥安全文件已解析到不存在的位置。

事物的版本:

working $ $mvn --version
Apache Maven 3.1.1 (0728685237757ffbf44136acec0402957f723d9a; 2013-09-17 09:22:22-0600)
Maven home: /usr/local/Cellar/maven@3.1/3.1.1/libexec
Java version: 1.6.0_65, vendor: Apple Inc.
Java home: /Library/Java/JavaVirtualMachines/jdk1.6.0_65.jdk/Contents/Home
Default locale: en_US, platform encoding: MacRoman
OS name: "mac os x", version: "10.13.6", arch: "x86_64", family: "mac"

A 工作解决方案:用(工作中的)jdk中的对应文件的链接替换损坏的符号链接

# store path to java 6 home
tmp $ j6Security=$(/usr/libexec/java_home -v '1.6*')/lib/security;

# show pre-update state
tmp $ ls -la  "$j6Security"
total 16
drwxr-xr-x  10 root  wheel    320 Jan 20 19:39 .
drwxr-xr-x  41 root  wheel   1312 Jan 20 19:39 ..
-rw-r--r--   1 root  wheel   2469 Jul 14  2015 US_export_policy.jar
lrwxr-xr-x   1 root  wheel     79 Jan 20 19:39 blacklist -> /System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/blacklist
lrwxr-xr-x   1 root  wheel     81 Jan 20 19:39 cacerts -> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
-rw-r--r--   1 root  wheel   3443 Jul 14  2015 java.policy
-rw-r--r--   1 root  wheel  13458 Jul 14  2015 java.security
-rw-r--r--   1 root  wheel   2486 Jul 14  2015 local_policy.jar
-rw-r--r--   1 root  wheel    347 Jul 14  2015 sunpkcs11-macosx.cfg
lrwxr-xr-x   1 root  wheel     87 Jan 20 19:39 trusted.libraries -> /System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/trusted.libraries

# store path to current (i.e., switcher) home
tmp $ jXSecurity=/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security;

# replace (broken) j6 files with symlink to current files
tmp $ for file in blacklist cacerts trusted.libraries; do src="${jXSecurity}/${file}" tgt="${j6Security}/${file}"; test -f $tgt && sudo rm $tgt; sudo ln -s "$src" "$tgt"; done

# show post-update state
tmp $ ls -la "$j6Security"
total 16
drwxr-xr-x  10 root  wheel    320 Jan 20 20:33 .
drwxr-xr-x  41 root  wheel   1312 Jan 20 19:39 ..
-rw-r--r--   1 root  wheel   2469 Jul 14  2015 US_export_policy.jar
lrwxr-xr-x   1 root  wheel     87 Jan 20 20:33 blacklist -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/blacklist
lrwxr-xr-x   1 root  wheel     85 Jan 20 20:33 cacerts -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts
-rw-r--r--   1 root  wheel   3443 Jul 14  2015 java.policy
-rw-r--r--   1 root  wheel  13458 Jul 14  2015 java.security
-rw-r--r--   1 root  wheel   2486 Jul 14  2015 local_policy.jar
-rw-r--r--   1 root  wheel    347 Jul 14  2015 sunpkcs11-macosx.cfg
lrwxr-xr-x   1 root  wheel     95 Jan 20 20:33 trusted.libraries -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/trusted.libraries

首先,我将Java固定为j8Security=$(/usr/libexec/java_home -v '1.8*')而不是jXSecurity=/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/trusted.libraries。另外,除了链接之外,您还可以复制文件。 (复制“感觉”对我来说更糟,但是链接到特定的工作版本似乎更安全。我只是想了解macOS的设置方式以及在我停止的位置停止了操作。)

我在网上很难找到确切的解决方案,但是吸引了我的注意力并似乎值得重点介绍的内容: *如果cacerts商店的类型已更改* 在Java的未来版本中,链接到“当前”版本(Java插件自动更新的虚拟版本)可能会导致问题。如果您对此感到担心,则固定(或复制)可能会更好。 (我的主要jdk是jdk8,在我的工作中看不到较新的版本。:L)

对于在完成工作时喜欢bash一线的人:

ls -la "$j6Security"; j6Security=$(/usr/libexec/java_home -v '1.6*')/lib/security; jXSecurity=/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security; for file in blacklist cacerts trusted.libraries; do src="${jXSecurity}/${file}" tgt="${j6Security}/${file}"; test -f $tgt && sudo rm $tgt; sudo ln -s "$src" "$tgt"; done; ls -la "$j6Security"

或者只是命令

ls -la "$j6Security"
j6Security=$(/usr/libexec/java_home -v '1.6*')/lib/security
jXSecurity=/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security
for file in blacklist cacerts trusted.libraries; do
  src="${jXSecurity}/${file}" tgt="${j6Security}/${file}"
  test -f $tgt && sudo rm $tgt
  sudo ln -s "$src" "$tgt"
done
ls -la "$j6Security"

注意:  -$jXSecurity周围需要使用引号,因为需要保留“ Internet插件”中的空间。 (该分配不需要引号,因为空格以反斜杠(\)进行转义。)  -我确实尝试过重新安装。  -https://support.apple.com/downloads/java-6上提供了macOS Java 6旧版安装程序。  -我以前在机器上进行过许多操作系统升级,其中1.6.0_37-b06-434.jdk/处于损坏状态,并且以类似的方式损坏了。 (这是我最初遇到此问题时所使用的版本。在浏览Inter管时,我才发现较新的下载内容。)

答案 1 :(得分:0)

我与Corretto-11.0.6有类似的问题。花了几个小时后,发现此release中的问题已得到解决。它也可以与Corretto-11.0.7配合使用,后者是Corretto 11的最新版本。

答案 2 :(得分:-2)

我有类似的问题。 我在〜/ .bash_profile

中添加了以下内容
IndexError: list index out of range

然后 export JAVA_HOME=$(/usr/libexec/java_home) export JAVA_TOOL_OPTIONS="-Djavax.net.ssl.trustAnchors=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts"

加载更改。