mirrors/cryptomator
1
0
Fork 0
mirror of https://github.com/cryptomator/cryptomator.git synced 2026-05-14 08:41:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

skip fallback if failing to load

Browse Source
This commit is contained in:
Armin Schrenk
2026-02-26 15:48:35 +01:00
parent da3c5e901f
commit f884861373
1 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/main/java/org/cryptomator/networking/SSLContextWithWindowsCertStore.java
View File

@@ -1,10 +1,12 @@
package org.cryptomator.networking;
import org.cryptomator.common.Nullable;
import org.cryptomator.integrations.common.OperatingSystem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -21,12 +23,17 @@ import java.util.List;
@OperatingSystem(OperatingSystem.Value.WINDOWS)
public class SSLContextWithWindowsCertStore extends SSLContextDifferentTrustStoreBase implements SSLContextProvider {
private static final String DEFAULT_TRUSTSTORE_PASSWORD = "";
private static final Logger LOG = LoggerFactory.getLogger(SSLContextWithWindowsCertStore.class);
private static final String DEFAULT_TRUSTSTORE_PASSWORD = "changeit"; //default JDK cacerts password
@Override
KeyStore getTruststore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
var windowsKeyStore = KeyStore.getInstance("WINDOWS-ROOT");
var jdkKeyStore = getShippedCaCertsStore();
if (jdkKeyStore == null) {
return windowsKeyStore;
}
ensureLoaded(windowsKeyStore);
ensureLoaded(jdkKeyStore);
try {
@@ -38,15 +45,20 @@ public class SSLContextWithWindowsCertStore extends SSLContextDifferentTrustStor
}
}
KeyStore getShippedCaCertsStore() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
@Nullable
KeyStore getShippedCaCertsStore() {
var javaHome = Path.of(System.getProperty("java.home"));
var trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword", DEFAULT_TRUSTSTORE_PASSWORD).toCharArray();
for (var candidate : List.of(javaHome.resolve("lib/security/cacerts"), javaHome.resolve("conf/security/cacerts"))) {
if (Files.isRegularFile(candidate)) {
return KeyStore.getInstance(candidate.toFile(), trustStorePassword);
try {
if (Files.isRegularFile(candidate)) {
return KeyStore.getInstance(candidate.toFile(), trustStorePassword);
}
} catch (CertificateException | KeyStoreException | IOException | NoSuchAlgorithmException e) {
LOG.info("Unable to load fallback cacerts {} file. Skipping fallback.", candidate, e);
}
}
throw new NoSuchFileException("Could not locate cacerts below java.home: " + javaHome);
return null;
}
}