Adoptium Temurin JDK 11 is breaking certificate install

[joaoafonso11]

🗣️ Foreword

Installing Adoptium Temurin JDK 11 is breaking the certificate install when using the java_certificate resource.

👻 Brief Description

When using Adoptium Temurin JDK 11 the java_certificate resource is trying to use an incorrect path to locate the keystore:
It should be $JAVA_HOME/lib/security/cacerts, instead it's using $JAVA_HOME/jre/lib/security/cacerts

It appears there is no jre folder for this Java distribution/version.

🥞 Cookbook version

11.1.1

👩‍🍳 Chef-Infra Version

16.1.16

🎩 Platform details

Test Kitchen version 3.5.0
Vagrant 2.3.4
CentOS Linux release 7.5.1804 (Core)

Steps To Reproduce

Steps to reproduce the behavior:

1. Install Adoptium Temurin JDK 11:

adoptopenjdk_install '11' do
  variant 'hotspot'
  url 'https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.17%2B8/OpenJDK11U-jdk_x64_linux_hotspot_11.0.17_8.tar.gz'
  checksum 'b8d46ed08ef4859476fe6421a7690d899ed83dce63f13fd894f994043177ef3c'
  java_home node['java']['java_home']
  default true
end

2. Install a certificate using java_certificate:

  java_certificate 'Install Crowd certificate' do
    cert_alias 'crowd'
    ssl_endpoint "crowd.example.com:443"
    action :install
  end

3. The error will show up:

 STDOUT: keytool error: java.lang.Exception: Keystore file does not exist: /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts
       java.lang.Exception: Keystore file does not exist: /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts
       	at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:902)
       	at java.base/sun.security.tools.keytool.Main.run(Main.java:412)
       	at java.base/sun.security.tools.keytool.Main.main(Main.java:405)
       STDERR:
       ---- End output of /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/bin/keytool -list -keystore /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts -storepass changeit -v ----
       Ran /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/bin/keytool -list -keystore /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts -storepass changeit -v returned 1
       [2023-01-16T05:50:59+00:00] FATAL: Error querying keystore for existing certificate: 1

4. As a workaround the keystore_path can be defined like so:

keystore_path "#{node['java']['java_home']}/lib/security/cacerts"

🚓 Expected behavior

A certificate should be installed using the correct path to the keystore.

[damacus]

Thanks for raising the issue, and you might have guessed. This cookbook doesn't support the newer variants, yet.

I'm going to reignite my PR this week and see if I can't get through the back log of java releases