#1552: add certificates to truststore

[MarvMa]

This PR fixes #1552

Implemented changes:

• Added a new TruststoreCommandlet which is accessible via ide fix-tls-vpn-problem <url> command.
• Added a TruststoreUtil
  • Create or update a custom Truststore
  • Copy existing certificates from cacerts to custom truststore
  • Add a Certificate to the custom Truststore

The functionality has been tested on Windows 11 and WSL Debian.

Checklist for this PR

Make sure everything is checked before merging this PR. For further info please also see
our DoD.

• When running mvn clean test locally all tests pass and build is successful
• PR title is of the form #«issue-id»: «brief summary» (e.g. #921: fixed setup.bat). If no issue ID exists, title only.
• PR top-level comment summarizes what has been done and contains link to addressed issue(s)
• PR and issue(s) have suitable labels
• Issue is set to In Progress and assigned to you or there is no issue (might happen for very small PRs)
• You followed all coding conventions
• You have added the issue implemented by your PR in CHANGELOG.adoc unless issue is labeled
  with internal

Checklist for tool commandlets

Have you added a new «tool» as commandlet? There are the following additional checks:

• The tool can be installed automatically (during setup via settings) or via the commandlet call
• The tool is isolated in its IDEasy project, see Sandbox Principle
• The new tool is added to the table of tools in LICENSE.asciidoc
• The new commandlet is a command-wrapper for «tool»
• Proper help texts for all supported languages are added here
• The new commandlet installs potential dependencies automatically
• The variables «TOOL»_VERSION and «TOOL»_EDITION are honored by your commandlet
• The new commandlet is tested on all platforms it is available for or tested on all platforms that are in scope of the linked issue

[coveralls]

Pull Request Test Coverage Report for Build 23899438687

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 19 unchanged lines in 2 files lost coverage.
• Overall coverage decreased (-0.2%) to 70.468%

---

Files with Coverage Reduction	New Missed Lines	%
com/devonfw/tools/ide/commandlet/CommandletManagerImpl.java	8	90.16%
com/devonfw/tools/ide/network/NetworkStatusImpl.java	11	67.68%

Totals
Change from base Build 23894416328:	-0.2%
Covered Lines:	11068
Relevant Lines:	15066

---

💛 - Coveralls

[hohwille]

@MarvMa thanks for your PR. Excellent work! You really solved this complex problem nicely 🥇
It seems that some information was lost in the hand-over that I gave in earlier briefings and meetings to @lubska but I left review comments for that.

[hohwille]

A TLS/SSL handshake exception is something completely different and should not be handled in the same way.
In such case we do not have a self-signed certificate and our workaround will not help in any way.
I am also not fully convinced that unable to find valid certification path is always indicating our problem we are trying to fix but at least this is very slightly related.

[MarvMa]

I removed the TLS handshake and unable to find valid certification path from the check. But i added "unable to get local issuer certificate" because this should be related to our problem and that message occurs when trying to install plugins for vscode:
Installing extensions... Installing extension 'esbenp.prettier-vscode'... Error while installing extension esbenp.prettier-vscode: unable to get local issuer certificate Failed Installing Extensions: esbenp.prettier-vscode

[hohwille]

But the VSCode issue cannot be fixed by properly configuring the truststore for IDEasy.
VSCode is a separate tool run as an isolated process so it cannot know about our IDEasy truststore.
For me this still does not make sense.

[hohwille]

you already have TruststoreCommandlet.DEFAULT_TRUSTSTORE_PASSWORD.
Therefore, I would declare all these constants in one of the two places together and reference the String password to build the char[] constant.

[hohwille]

Great, thanks for the rework.
However, you still have the password "changeit" as a constant in TruststoreUtil and in TruststoreCommandletTest.
If I would change only one of the two constants it would break.
So why two constants then if they represent the same thing?

[hohwille]

@MarvMa thanks for the update. Very nice improvements. 👍
We are on the finishing line but before we can merge there are some few points to address.

[hohwille]

Suggested change

	if (this.url.getValueAsString() == null || this.url.getValueAsString().isBlank()) {
	if (endpointInput == null || endpointInput.isBlank()) {

[hohwille]

Why not just adding this to cmd.fix-vpn-tls-problem.detail?
Currently the I18N support in IDEasy is still questionable since all exception and log messages are hardcoded to English, but since we started this feature, it would be consistent to keep it also for this help text.

[hohwille]

But the VSCode issue cannot be fixed by properly configuring the truststore for IDEasy.
VSCode is a separate tool run as an isolated process so it cannot know about our IDEasy truststore.
For me this still does not make sense.

[hohwille]

Great, thanks for the rework.
However, you still have the password "changeit" as a constant in TruststoreUtil and in TruststoreCommandletTest.
If I would change only one of the two constants it would break.
So why two constants then if they represent the same thing?

[hohwille]

Now you added this option but do not use it.
This will confuse end-users if you provide a documented option that has no effect.
Either remove it again and we merge and can later add it, or if you keep it then make the truststore location and EnvironmentVariables retrieval dependent on the configured value.

[MarvMa]

i removed this feature for now to finish the issue.