Add support for the Java root store

Question

Add support for the Java root store

nabla-c0d3 opened this issue 7 years ago · comments

This would require:

Downloading the latest JRE at http://www.oracle.com/technetwork/java/javase/downloads/index.html
Parsing the cacerts file in it

Štefan Baebler · Answer 1 · Mon Jan 29 2018 19:50:15 GMT+0800 (China Standard Time)

An alternative to downloading the full JRE/JDK distribution is parsing the file in the OpenJDK Mercurial repository: http://hg.openjdk.java.net/jdk/jdk/file/tip/src/java.base/share/lib/security/cacerts

This information is derived from:

JDK enhancement proposal (JEP): http://openjdk.java.net/jeps/319 and
Jira ticket: https://bugs.openjdk.java.net/browse/JDK-8191486

Please note that OpenJDK an Oracle JDK are two different implementations of the same Java specification. They should be identical. To play it safe it might make sense to treat Oracle JDK and OpenJDK as having two different CA stores and eventually add support for both of them.

Alban Diquet · Answer 2 · Sat Feb 03 2018 11:33:13 GMT+0800 (China Standard Time)

Thanks for the details and I agree that they should be treated separately; the JEP says that

each CA must sign the Oracle Contributor Agreement (OCA), or an equivalent agreement, to grant Oracle the right to open-source their certificates. [...]. Those that do not sign an agreement will not be included at this time,

Hence the content of the stores will be different for sure.

Alban Diquet · Answer 3 · Mon May 14 2018 09:14:56 GMT+0800 (China Standard Time)

Implemented in #7