5

Problem:

Using JPackage to create an executable for Windows does not work with KeyStore. It returns an error.

Code:

KeyStore.getInstance("Windows-MY");

will throw exception:

java.security.KeyStoreException: Windows-MY not found
  at java.base/java.security.KeyStore.getInstance(Unknown Source)
 ...
Caused by: java.security.NoSuchAlgorithmException: Windows-MY KeyStore not available
  at java.base/sun.security.jca.GetInstance.getInstance(Unknown Source) at java.base/java.security.Security.getImpl(Unknown Source)

Running the jpackage for Windows and trying to execute KeyStore.getInstance("Windows-MY"); returns the error above.

Running the application in the IDE without JPackage works fine.

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Thiago Bomfim
  • 408
  • 6
  • 12
  • 3
    Which Java version, and which distributor (e.g. Oracle, Eclipse Adoptium, etc) are you using, and which Windows version? I guess it is missing a module. At a guess, you may need to add `requires jdk.crypto.mscapi;` to your `module-info.java` or otherwise ensure it is included by jpackage. – Mark Rotteveel May 24 '23 at 11:39
  • Thanks, this is the problem, I just added the module jdk.crypto.mscapi and it works. In my case, I've added this way: "--add-modules javafx.controls,jdk.crypto.mscapi". Can you answer the question with these details? Maybe it will help others. – Thiago Bomfim May 24 '23 at 12:05
  • Not a duplicate, but here are some similar Q&A's for posterity: [JavaFX - ProviderNotFoundException: Provider not found](https://stackoverflow.com/q/73587338/6395627) and [JavaFX - SSLHandshakeException: Received fatal alert: handshake_failure \[duplicate\]](https://stackoverflow.com/q/73590370/6395627) (and its duplicates). – Slaw May 24 '23 at 23:44

1 Answers1

5

The support for the Windows-MY keystore is part of the module jdk.crypto.mscapi. I guess this doesn't get included with your current setup through jpackage. I don't have much experience with modules, but I guess you need to add requires jdk.crypto.mscapi; to your module-info.java, or - as you mentioned in the comments - add it to the jpackage command line with --add-modules (e.g. --add-modules jdk.crypto.mscapi).

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
  • 1
    Given `jdk.crypto.mscapi` is likely a "provider module", the most appropriate solution is using `--add-modules` in the`jlink` / `jpackage` command, compared to using a `requires` directive in your module-info descriptor. The `ServiceLoader` documentation recommends that an "application module" should never require a "provider module". The other option is to use `--bind-services`, but that is likely to pull in way more modules than actually needed. – Slaw May 24 '23 at 23:32