I'm trying to download a file over HTTPS in a jar using openjdk-12-jre on Buildroot. I would prefer to not have to modify the jar. The jar launches but dies with an error:
Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:118)
... 21 more
Caused by: java.lang.SecurityException: Can't read cryptographic policy directory: unlimited
at java.base/javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:324)
at java.base/javax.crypto.JceSecurity.access$000(JceSecurity.java:73)
at java.base/javax.crypto.JceSecurity$1.run(JceSecurity.java:109)
at java.base/javax.crypto.JceSecurity$1.run(JceSecurity.java:106)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:105)
... 21 more
After some Googling the error seems to stem from missing a directory under $JAVA_HOME/jre/lib/security/.
There was a workaround on the Debian issue tracker that involved creating a symlink - but it was outdated. Further, I am missing a large chunk of necessary files since the Buildroot install is quite minimal.
I also tried stealing the certificate store from my computer, but nothing changed - perhaps because of the difference in architecture?
How can I get Buildroot to generate the cacerts for OpenJDK?
