Quarkus本机映像:在运行时加载PKCS12文件

huangapple go评论79阅读模式
英文:

Quarkus native image: Load a PKCS12 file at runtime

问题

I have a Quarkus application which implements the server side of a ProtoBuf-over-TLS communications channel and loads a PFX/P12 file at runtime to get the server certificate and private key.

The application runs fine as a when run from the built jar, but when I try running the native image, I get an error indicating that the PKCS12 algorithm cannot be found. It seems like native images expect to have the security artifact pulled-in at build time. Do I have this correct? Is there any way to work-around this?

Example code:

import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;

import io.quarkus.runtime.QuarkusApplication;
import io.quarkus.runtime.annotations.QuarkusMain;

@QuarkusMain
public class KeystoreTest implements QuarkusApplication {
    String keystoreFile = "/home/sm-dp/... server.pfx";
    String keystoreSecret = "secret";

    @Override
    public int run(String... args) throws Exception {
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        try (InputStream fis = new FileInputStream(new File(keystoreFile))) {
            keystore.load(fis, keystoreSecret.toCharArray());
        }

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX");
        keyManagerFactory.init(keystore, keystoreSecret.toCharArray());

        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init(keyManagerFactory.getKeyManagers(), null, null);

        return 0;
    }
}

Stacktrace:

java.security.KeyStoreException: PKCS12 not found
...

【注意】请确保在代码中使用正确的中文注释。

英文:

I have a Quarkus application which implements the server side of a ProtoBuf-over-TLS communications channel and loads a PFX/P12 file at runtime to get the server certificate and private key.

The application runs fine as a when run from the built jar, but when I try running the native image, I get an error indicating that the PKCS12 algorithm cannot be found. It seems like native images expect to have the security artifact pulled-in at build time. Do I have this correct? Is there any way to work-around this?

Example code:

import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;

import io.quarkus.runtime.QuarkusApplication;
import io.quarkus.runtime.annotations.QuarkusMain;

@QuarkusMain
public class KeystoreTest implements QuarkusApplication {
	String keystoreFile = "/home/sm-dp/... server.pfx";
	String keystoreSecret = "secret";

	@Override
	public int run(String... args) throws Exception {
		KeyStore keystore = KeyStore.getInstance("PKCS12");
		try (InputStream fis = new FileInputStream(new File(keystoreFile))) {
			keystore.load(fis, keystoreSecret.toCharArray());
		}

		KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("PKIX");
		keyManagerFactory.init(keystore, keystoreSecret.toCharArray());

		SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
		sslContext.init(keyManagerFactory.getKeyManagers(), null, null);

		return 0;
	}
}

Stacktrace:

java.security.KeyStoreException: PKCS12 not found
	at java.security.KeyStore.getInstance(KeyStore.java:851)
	at com.mcleodnet.KeystoreTest.run(KeystoreTest.java:21)
	at com.mcleodnet.KeystoreTest_ClientProxy.run(KeystoreTest_ClientProxy.zig:157)
	at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:112)
	at io.quarkus.runtime.Quarkus.run(Quarkus.java:61)
	at io.quarkus.runtime.Quarkus.run(Quarkus.java:38)
	at io.quarkus.runner.GeneratedMain.main(GeneratedMain.zig:30)
Caused by: java.security.NoSuchAlgorithmException: class configured for KeyStore (provider: SunJSSE) cannot be found.
	at java.security.Provider$Service.getImplClass(Provider.java:1649)
	at java.security.Provider$Service.newInstance(Provider.java:1592)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
	at java.security.Security.getImpl(Security.java:695)
	at java.security.KeyStore.getInstance(KeyStore.java:848)
	... 6 more
Caused by: java.lang.ClassNotFoundException: sun.security.pkcs12.PKCS12KeyStore
	at com.oracle.svm.core.hub.ClassForNameSupport.forName(ClassForNameSupport.java:60)
	at java.lang.Class.forName(DynamicHub.java:1194)
	at java.security.Provider$Service.getImplClass(Provider.java:1634)
	... 11 more




</details>


# 答案1
**得分**: 1

尝试将 `quarkus.native.enable-all-security-services=true` 添加到您的配置中。

如果不起作用,您可以在您的应用程序类中添加 `@RegisterForReflection(targets = sun.security.pkcs12.PKCS12KeyStore.class)`。

<details>
<summary>英文:</summary>

Try to add `quarkus.native.enable-all-security-services=true` to your configuration.

If it&#39;s not working, you can add a `@RegisterForReflection(targets = sun.security.pkcs12.PKCS12KeyStore.class)` to one of your application class.

</details>



huangapple
  • 本文由 发表于 2020年8月11日 04:36:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/63347673.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定