访问 JDK 11 中的 `sun.security.x509`,无需使用模块?

huangapple go评论181阅读模式
英文:

Access `sun.security.x509` in JDK 11 without modules?

问题

(摘要:)
我们有一个小的方法用于生成自签名的SSL证书,它明显依赖于 sun.security.x509。目前,由于这个原因,我们仍然在使用JDK8构建它,尽管代码库的其余部分(仅是一个小型单一库)是使用JDK11构建和在JVM11上运行的。

不幸的是,在主要的JDK中没有替代方法,如下(而且 CertificateFactory 与生成证书几乎没有关系,与其javadoc所述相反...):

一个选项是使用BouncyCastle,但那是额外的4MB,我们实际上并不需要,特别是对于这么小的任务,因此我正在考虑在不涉及模块系统的情况下访问它。

据我所见,包和所需的类仍然存在(参见sun.security.x509在github上的链接),但是在构建它时(使用maven),我遇到了错误:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project: Compilation failure: Compilation failure:
[ERROR] OldSelfSignedCertificateGenerator.java:[20,25] package sun.security.x509 does not exist
[ERROR] OldSelfSignedCertificateGenerator.java:[71,45] cannot find symbol
[ERROR]   symbol:   class X509CertInfo
[ERROR]   location: class OldSelfSignedCertificateGenerator

我进行了一些搜索,并在 maven-compiler-plugin 中添加了以下内容:

<arg>--add-exports</arg><arg>java.base/sun.security.x509=ALL-UNNAMED</arg>

这在某种程度上起作用 - 我只收到与 sun.security.x509 包无关的 WARNING

[WARNING] OldSelfSignedCertificateGenerator.java:[20,25] sun.security.x509.AlgorithmId is internal proprietary API and may be removed in a future release

但是!现在似乎我无意中进入了模块系统,并且它抱怨无法访问其他基本的Java类(还有一个更多的依赖):

[ERROR] CertificateUtil.java:[35,17] package java.util.logging is not visible
  (package java.util.logging is declared in module java.logging, but module java.base does not read it)

我尝试以同样的方式向导出中添加 java.logging 模块,但没有太大的成功。而且似乎我还需要将这个库及其依赖项都转换为模块系统,这实际上并不是想要的。

问题与https://stackoverflow.com/questions/39143858/how-to-generate-a-self-signed-certificate-using-only-jdk-supported-classes 有些关联。


tl,dr;
在JDK 11下,有没有一种方式可以在不使用模块系统的情况下编译使用 sun.security.x509 包的库?是否有一些简单的开关可以实现这一点?

英文:

(tl,dr at the end)
We have a small method that generates self-signed SSL certificate and it obviously depends on sun.security.x509. Currently we are still building it using JDK8 because of that, even though the rest of the codebase (it's only small, single library) is build using JDK11 and run with JVM11.

Unfortunately there aren't replacement in the main JDK, as per (and CertificateFactory has little to nothing with generating certificates, contrary to what it's javadoc states…):

One option would be to use BouncyCastle, but that's additional 4MB that we really don't need, especially for such small task so I was pondering ways to access it while

From what I saw, the package and required classes are still package and relevant classes are still there (see sun.security.x509 on github but when building it (using maven) I get error:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project: Compilation failure: Compilation failure:
[ERROR] OldSelfSignedCertificateGenerator.java:[20,25] package sun.security.x509 does not exist
[ERROR] OldSelfSignedCertificateGenerator.java:[71,45] cannot find symbol
[ERROR]   symbol:   class X509CertInfo
[ERROR]   location: class OldSelfSignedCertificateGenerator

I was searching a bit and adding:

&lt;arg&gt;--add-exports&lt;/arg&gt;&lt;arg&gt;java.base/sun.security.x509=ALL-UNNAMED&lt;/arg&gt;

to maven-compiler-plugin and it somewhat worked - I only get WARNING not regarding sun.security.x509 package:

[WARNING] OldSelfSignedCertificateGenerator.java:[20,25] sun.security.x509.AlgorithmId is internal proprietary API and may be removed in a future release

BUT! Now it seems I entered (unwillingly!) module system and it complains about access to other, basic Java classes (and one more our dependency):

[ERROR] CertificateUtil.java:[35,17] package java.util.logging is not visible
  (package java.util.logging is declared in module java.logging, but module java.base does not read it)

I tried adding java.logging module in the same manner to exports but without much success. It also seems that I would have to convert both this library and it's dependency to module system, which is not really desired.

The question is somewhat related to https://stackoverflow.com/questions/39143858/how-to-generate-a-self-signed-certificate-using-only-jdk-supported-classes


tl,dr;
is there a way to compile library using sun.security.x509 package under JDK 11 without module system? Some simple switch?

答案1

得分: 13

&lt;plugin&gt;
    &lt;artifactId&gt;maven-compiler-plugin&lt;/artifactId&gt;
    &lt;configuration&gt;
        &lt;source&gt;9&lt;/source&gt;
        &lt;target&gt;9&lt;/target&gt;
        &lt;release combine.self=&quot;override&quot;&gt;&lt;/release&gt;
        &lt;compilerArgs&gt;
            &lt;arg&gt;--add-exports&lt;/arg&gt;&lt;arg&gt;java.base/sun.security.x509=ALL-UNNAMED&lt;/arg&gt;
        &lt;/compilerArgs&gt;
    &lt;/configuration&gt;
&lt;/plugin&gt;
英文:

It turns out that presumably it has to do with the fact that builds produced by newer JDK (9+) Versions won't be executable under JDK8:

&lt;plugin&gt;
    &lt;artifactId&gt;maven-compiler-plugin&lt;/artifactId&gt;
    &lt;configuration&gt;
        &lt;source&gt;9&lt;/source&gt;
        &lt;target&gt;9&lt;/target&gt;
        &lt;release combine.self=&quot;override&quot;&gt;&lt;/release&gt;
        &lt;compilerArgs&gt;
            &lt;arg&gt;--add-exports&lt;/arg&gt;&lt;arg&gt;java.base/sun.security.x509=ALL-UNNAMED&lt;/arg&gt;
        &lt;/compilerArgs&gt;
    &lt;/configuration&gt;
&lt;/plugin&gt;

答案2

得分: 2

要在Gradle中包含 sun.security.[somePackage] 类,您可以添加以下内容:

tasks.withType(AbstractCompile) {
    options.compilerArgs += ["--add-exports", "java.base/sun.security.util=ALL-UNNAMED"]
    options.compilerArgs += ["--add-exports", "java.base/sun.security.pkcs=ALL-UNNAMED"]
}
英文:

To include sun.security.[somePackage] classes in gradle you may add:

tasks.withType(AbstractCompile) {
    options.compilerArgs += [&quot;--add-exports&quot;, &quot;java.base/sun.security.util=ALL-UNNAMED&quot;]
    options.compilerArgs += [&quot;--add-exports&quot;, &quot;java.base/sun.security.pkcs=ALL-UNNAMED&quot;]
}

</details>



# 答案3
**得分**: 0

```xml
&lt;plugin&gt;
     &lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt;
        &lt;artifactId&gt;maven-surefire-plugin&lt;/artifactId&gt;
        &lt;version&gt;3.0.0-M5&lt;/version&gt;
        &lt;configuration&gt;
          &lt;argLine&gt;--add-opens java.base/sun.security.x509=ALL-UNNAMED&lt;/argLine&gt;
        &lt;/configuration&gt;
&lt;/plugin&gt;
英文:

I had a junit5 test with sun.security.x509 code inside. Test failed with such error although I had a 'maven-compiler-plugin' configured with additional compile parameters above.
I could fix test (on graalvm jdk 17) by adding additional config parameter to 'maven-surefire-plugin' like below.

&lt;plugin&gt;
     &lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt;
        &lt;artifactId&gt;maven-surefire-plugin&lt;/artifactId&gt;
        &lt;version&gt;3.0.0-M5&lt;/version&gt;
        &lt;configuration&gt;
          &lt;argLine&gt;--add-opens java.base/sun.security.x509=ALL-UNNAMED&lt;/argLine&gt;
        &lt;/configuration&gt;
&lt;/plugin&gt;

huangapple
  • 本文由 发表于 2020年4月11日 06:14:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/61149455.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定