java - 操作系统 : the trustAnchors parameter must be non-empty

Question

我正在使用 macOS 10.12.6 (16G1510)。我的 Java 是:

$ java -version
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)

$ /usr/libexec/java_home -V
Matching Java Virtual Machines (3):
    1.8.0_172, x86_64:  "Java SE 8" /Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home
    1.6.0_65-b14-468, x86_64:   "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
    1.6.0_65-b14-468, i386: "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home

/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home

有/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts，但是没有security子文件夹/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home/lib/.

我找到了修复程序cd $(/usr/libexec/java_home -v 1.7)/jre/lib/security
ln -fsh/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts 来自 here .但在这种情况下，/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home/jre/lib/security/cacerts 存在并将被覆盖。

当我在 scala 中运行 spark 作业时，出现以下错误:

ForkJoinPool-1-worker-13, handling exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

我搜索了一下，发现/etc/ssl/certs/java/cacerts中可能缺少一些东西，但这是针对ubuntu的。我不知道如何在 mac 中验证和解决这个问题。顺便说一句，我的 mac 中没有 /etc/ssl/certs/java 目录。

欢迎任何想法。谢谢

更新

现在，/Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home/jre/lib/security/cacerts -> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts。问题未已解决。

而且我发现 /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts 不存在。

Answer 1

这是 my answer to "Updating java 6 cacerts with those from java 8 的微小变化

情况:需要在本地使用jdk6进行对比测试。观察:所有 maven 启动的下载都失败，peer not authenticated。问题:jdk6 安装的关键安全文件解析到不存在的位置。

事物的版本:

working $ $mvn --version
Apache Maven 3.1.1 (0728685237757ffbf44136acec0402957f723d9a; 2013-09-17 09:22:22-0600)
Maven home: /usr/local/Cellar/maven@3.1/3.1.1/libexec
Java version: 1.6.0_65, vendor: Apple Inc.
Java home: /Library/Java/JavaVirtualMachines/jdk1.6.0_65.jdk/Contents/Home
Default locale: en_US, platform encoding: MacRoman
OS name: "mac os x", version: "10.13.6", arch: "x86_64", family: "mac"

一个有效的解决方案:用指向(有效的)jdk 中相应文件的链接替换损坏的符号链接(symbolic link)

# store path to java 6 home
tmp $ j6Security=$(/usr/libexec/java_home -v '1.6*')/lib/security;

# show pre-update state
tmp $ ls -la  "$j6Security"
total 16
drwxr-xr-x  10 root  wheel    320 Jan 20 19:39 .
drwxr-xr-x  41 root  wheel   1312 Jan 20 19:39 ..
-rw-r--r--   1 root  wheel   2469 Jul 14  2015 US_export_policy.jar
lrwxr-xr-x   1 root  wheel     79 Jan 20 19:39 blacklist -> /System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/blacklist
lrwxr-xr-x   1 root  wheel     81 Jan 20 19:39 cacerts -> /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
-rw-r--r--   1 root  wheel   3443 Jul 14  2015 java.policy
-rw-r--r--   1 root  wheel  13458 Jul 14  2015 java.security
-rw-r--r--   1 root  wheel   2486 Jul 14  2015 local_policy.jar
-rw-r--r--   1 root  wheel    347 Jul 14  2015 sunpkcs11-macosx.cfg
lrwxr-xr-x   1 root  wheel     87 Jan 20 19:39 trusted.libraries -> /System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/trusted.libraries

# store path to current (i.e., switcher) home
tmp $ jXSecurity=/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security;

# replace (broken) j6 files with symlink to current files
tmp $ for file in blacklist cacerts trusted.libraries; do src="${jXSecurity}/${file}" tgt="${j6Security}/${file}"; test -f $tgt && sudo rm $tgt; sudo ln -s "$src" "$tgt"; done

# show post-update state
tmp $ ls -la "$j6Security"
total 16
drwxr-xr-x  10 root  wheel    320 Jan 20 20:33 .
drwxr-xr-x  41 root  wheel   1312 Jan 20 19:39 ..
-rw-r--r--   1 root  wheel   2469 Jul 14  2015 US_export_policy.jar
lrwxr-xr-x   1 root  wheel     87 Jan 20 20:33 blacklist -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/blacklist
lrwxr-xr-x   1 root  wheel     85 Jan 20 20:33 cacerts -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts
-rw-r--r--   1 root  wheel   3443 Jul 14  2015 java.policy
-rw-r--r--   1 root  wheel  13458 Jul 14  2015 java.security
-rw-r--r--   1 root  wheel   2486 Jul 14  2015 local_policy.jar
-rw-r--r--   1 root  wheel    347 Jul 14  2015 sunpkcs11-macosx.cfg
lrwxr-xr-x   1 root  wheel     95 Jan 20 20:33 trusted.libraries -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/trusted.libraries

起初，我固定到 java 8，类似于 j8Security=$(/usr/libexec/java_home -v '1.8*') 而不是 jXSecurity=/Library/Internet Plug -Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/trusted.libraries。此外，您可以只复制文件而不是链接。 (复制对我来说“感觉”更糟，但链接到特定的工作版本似乎更安全。我只是想了解 macos 是如何设置并在我停止的地方停止的。)

我努力在网上找到一个确切的解决方案，但有一些引起了我的注意并且似乎值得强调:*如果 cacerts 商店的类型发生了变化* 在未来的 java 版本中，链接到“当前”版本(java 插件自动更新的虚拟版本)可能会导致问题。如果这与您有关，固定(或复制)可能更好。 (我的主要 jdk 是 jdk8，我没有看到更新的版本出现在我的工作中。:L)

对于那些在完成工作时喜欢 bash 一行的人:

ls -la "$j6Security"; j6Security=$(/usr/libexec/java_home -v '1.6*')/lib/security; jXSecurity=/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security; for file in blacklist cacerts trusted.libraries; do src="${jXSecurity}/${file}" tgt="${j6Security}/${file}"; test -f $tgt && sudo rm $tgt; sudo ln -s "$src" "$tgt"; done; ls -la "$j6Security"

或者只是命令

ls -la "$j6Security"
j6Security=$(/usr/libexec/java_home -v '1.6*')/lib/security
jXSecurity=/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security
for file in blacklist cacerts trusted.libraries; do
  src="${jXSecurity}/${file}" tgt="${j6Security}/${file}"
  test -f $tgt && sudo rm $tgt
  sudo ln -s "$src" "$tgt"
done
ls -la "$j6Security"

注意事项: - $jXSecurity 需要引号，因为需要保留“Internet 插件”中的空间。 (赋值不需要引号，因为空格是用反斜杠 (\) 转义的。) - 我确实尝试过重新安装。 - macos java 6 旧版安装程序可在 https://support.apple.com/downloads/java-6 获得. - 我的机器上有 1.6.0_37-b06-434.jdk/ 之前的许多操作系统升级，它以类似的方式损坏。 (这是我最初遇到问题时使用的版本。我在探索 inter tubes 时才找到较新的下载。)