英文:
Quarkus native image: Load a PKCS12 file at runtime
问题
I have a Quarkus application which implements the server side of a ProtoBuf-over-TLS communications channel and loads a PFX/P12 file at runtime to get the server certificate and private key.
The application runs fine as a when run from the built jar, but when I try running the native image, I get an error indicating that the PKCS12 algorithm cannot be found. It seems like native images expect to have the security artifact pulled-in at build time. Do I have this correct? Is there any way to work-around this?
Example code:
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import io.quarkus.runtime.QuarkusApplication;
import io.quarkus.runtime.annotations.QuarkusMain;
@QuarkusMain
public class KeystoreTest implements QuarkusApplication {
String keystoreFile = "/home/sm-dp/... server.pfx";
String keystoreSecret = "secret";
@Override
public int run(String... args) throws Exception {
KeyStore keystore = KeyStore.getInstance("PKCS12");
try (InputStream fis = new FileInputStream(new File(keystoreFile))) {
keystore.load(fis, keystoreSecret.toCharArray());
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX");
keyManagerFactory.init(keystore, keystoreSecret.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
return 0;
}
}
Stacktrace:
java.security.KeyStoreException: PKCS12 not found
...
【注意】请确保在代码中使用正确的中文注释。
英文:
I have a Quarkus application which implements the server side of a ProtoBuf-over-TLS communications channel and loads a PFX/P12 file at runtime to get the server certificate and private key.
The application runs fine as a when run from the built jar, but when I try running the native image, I get an error indicating that the PKCS12 algorithm cannot be found. It seems like native images expect to have the security artifact pulled-in at build time. Do I have this correct? Is there any way to work-around this?
Example code:
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import io.quarkus.runtime.QuarkusApplication;
import io.quarkus.runtime.annotations.QuarkusMain;
@QuarkusMain
public class KeystoreTest implements QuarkusApplication {
String keystoreFile = "/home/sm-dp/... server.pfx";
String keystoreSecret = "secret";
@Override
public int run(String... args) throws Exception {
KeyStore keystore = KeyStore.getInstance("PKCS12");
try (InputStream fis = new FileInputStream(new File(keystoreFile))) {
keystore.load(fis, keystoreSecret.toCharArray());
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX");
keyManagerFactory.init(keystore, keystoreSecret.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
return 0;
}
}
Stacktrace:
java.security.KeyStoreException: PKCS12 not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at com.mcleodnet.KeystoreTest.run(KeystoreTest.java:21)
at com.mcleodnet.KeystoreTest_ClientProxy.run(KeystoreTest_ClientProxy.zig:157)
at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:112)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:61)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:38)
at io.quarkus.runner.GeneratedMain.main(GeneratedMain.zig:30)
Caused by: java.security.NoSuchAlgorithmException: class configured for KeyStore (provider: SunJSSE) cannot be found.
at java.security.Provider$Service.getImplClass(Provider.java:1649)
at java.security.Provider$Service.newInstance(Provider.java:1592)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 6 more
Caused by: java.lang.ClassNotFoundException: sun.security.pkcs12.PKCS12KeyStore
at com.oracle.svm.core.hub.ClassForNameSupport.forName(ClassForNameSupport.java:60)
at java.lang.Class.forName(DynamicHub.java:1194)
at java.security.Provider$Service.getImplClass(Provider.java:1634)
... 11 more
</details>
# 答案1
**得分**: 1
尝试将 `quarkus.native.enable-all-security-services=true` 添加到您的配置中。
如果不起作用,您可以在您的应用程序类中添加 `@RegisterForReflection(targets = sun.security.pkcs12.PKCS12KeyStore.class)`。
<details>
<summary>英文:</summary>
Try to add `quarkus.native.enable-all-security-services=true` to your configuration.
If it's not working, you can add a `@RegisterForReflection(targets = sun.security.pkcs12.PKCS12KeyStore.class)` to one of your application class.
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论