search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.3k stars 1.14k forks source link

java Caused by: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519 #1605

Closed vcvitaly closed 7 months ago

vcvitaly commented 7 months ago

I need some help.

I writing a JavaFX app which uses java kubernetes client https://github.com/kubernetes-client/java which in turn uses bouncyCastle.

When I run the app from Intellij everything works. However when I package the app with jlink-plugin and then run it - it fails with the error:

Caused by: io.kubernetes.client.openapi.ApiException: Message: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519
HTTP response code: 0
HTTP response body: null
HTTP response headers: null
        at io.github.vcvitaly.merged.module@1.0-SNAPSHOT/io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:1032)
        at io.github.vcvitaly.merged.module@1.0-SNAPSHOT/io.kubernetes.client.openapi.apis.CoreV1Api.listNamespaceWithHttpInfo(CoreV1Api.java:24473)
        at io.github.vcvitaly.merged.module@1.0-SNAPSHOT/io.kubernetes.client.openapi.apis.CoreV1Api.access$40900(CoreV1Api.java:77)
        at io.github.vcvitaly.merged.module@1.0-SNAPSHOT/io.kubernetes.client.openapi.apis.CoreV1Api$APIlistNamespaceRequest.execute(CoreV1Api.java:24638)
        at io.github.vcvitaly.k8cp@1.0-SNAPSHOT/io.github.vcvitaly.k8cp.client.impl.KubeClientImpl.getNamespaces(KubeClientImpl.java:69)
        ... 55 common frames omitted
Caused by: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
        at java.base/sun.security.ssl.KeyShareExtension$SHKeyShareConsumer.consume(KeyShareExtension.java:682)
I was able to connect via debug and the causing error at KeyShareExtension$SHKeyShareConsumer.consume is: java.security.spec.InvalidKeySpecException: key spec not recognized

https://stackoverflow.com/questions/24810805/invalidkeyexception-key-spec-not-recognised answer suggests to add a security provider which I tried doing two ways with no success:

  1. Add Security.addProvider(new BouncyCastleProvider()); to the main class
  2. add security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider to build/image/lib/security/java.security The immportant moment is that I had to add '--ignore-signing-information' to jlink options because otherwise it was failing with:
Error: signed modular JAR /home/vcvitaly/IdeaProjects/k8cp/build/jlinkbase/jlinkjars/bcpkix-jdk18on-1.77.jar
is currently not supported, use --ignore-signing-information to suppress error

This is my build.gradle

import org.openjfx.gradle.JavaFXPlatform

plugins {
    id 'java'
    id 'application'
    id 'org.javamodularity.moduleplugin' version '1.8.12'
    id 'org.openjfx.javafxplugin' version '0.1.0'
    id "com.google.osdetector" version "1.7.3"
    id 'org.beryx.jlink' version '3.0.1'
    id "io.freefair.lombok" version "8.6"
}

group 'io.github.vcvitaly'
version '1.0-SNAPSHOT'

repositories {
    mavenCentral()
}

ext {
    junitVersion = '5.10.2'
    platform = getPlatform()
    javaVer = JavaVersion.VERSION_21
}

java {
    sourceCompatibility = javaVer
}

tasks.withType(JavaCompile) {
    options.encoding = 'UTF-8'
}

application {
    mainModule = 'io.github.vcvitaly.k8cp'
    mainClass = 'io.github.vcvitaly.k8cp.App'
}

javafx {
    version = javaVer
    modules = ['javafx.controls', 'javafx.fxml']
}

dependencies {
    implementation('org.controlsfx:controlsfx:11.1.2')
    implementation('net.synedra:validatorfx:0.4.0') {
        exclude(group: 'org.openjfx')
    }
    implementation('org.kordamp.ikonli:ikonli-javafx:12.3.1')
    implementation 'org.kordamp.ikonli:ikonli-fontawesome-pack:12.3.1'
    implementation 'org.kordamp.ikonli:ikonli-fontawesome5-pack:12.3.1'
    implementation 'org.kordamp.ikonli:ikonli-material2-pack:12.3.1'
//    implementation('org.kordamp.bootstrapfx:bootstrapfx-core:0.4.0')

    implementation 'ch.qos.logback:logback-core:1.5.2'
    implementation 'org.slf4j:slf4j-api:2.0.12'
    implementation 'ch.qos.logback:logback-classic:1.5.2'

    implementation ("io.kubernetes:client-java:20.0.0") {
        exclude group: "com.google.code.findbugs", module: "jsr305"
        exclude group: "com.amazonaws", module: "aws-java-sdk-sts"
    }

    testImplementation "org.junit.jupiter:junit-jupiter-api:${junitVersion}"
    testImplementation "org.junit.jupiter:junit-jupiter-params:${junitVersion}"
    testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${junitVersion}"

    testImplementation 'org.mockito:mockito-core:5.11.0'
    testImplementation "org.assertj:assertj-core:3.25.1"
    testImplementation "org.testfx:testfx-junit5:4.0.18"
}

test {
    useJUnitPlatform()
}

jlink {
    imageZip = project.file("${buildDir}/distributions/app-${javafx.platform.classifier}.zip")
    options = [
//            '--strip-debug', // TODO uncomment
            '--compress', '2',
            '--no-header-files',
            '--no-man-pages'
//            '--ignore-signing-information'
    ]
    launcher {
        name = 'app'
    }
}

jlinkZip {
    group = 'distribution'
}

tasks.register('dist') {
    dependsOn clean, jlinkZip
    description "Calls clean and then jlinkZip"
}

configurations
        .matching(it -> it.name.contains("downloadSources"))
        .configureEach {
    attributes {
        attribute(Usage.USAGE_ATTRIBUTE, objects.named(Usage, Usage.JAVA_RUNTIME))
        attribute(OperatingSystemFamily.OPERATING_SYSTEM_ATTRIBUTE, objects.named(OperatingSystemFamily, platform.osFamily))
        attribute(MachineArchitecture.ARCHITECTURE_ATTRIBUTE, objects.named(MachineArchitecture, platform.arch))
    }
}

def getPlatform() {
    return JavaFXPlatform.detect(osdetector);
}

and my module-info:

module io.github.vcvitaly.k8cp {
    requires javafx.controls;
    requires javafx.fxml;

    requires java.annotation;
//    requires jsr305;

    requires org.controlsfx.controls;
    requires net.synedra.validatorfx;
    requires org.kordamp.ikonli.javafx;
    requires org.kordamp.ikonli.fontawesome5;

    requires org.slf4j;
    requires ch.qos.logback.core;
    requires ch.qos.logback.classic;

    requires static lombok;
    requires io.kubernetes.client.java;
    requires io.kubernetes.client.java.api;

    requires org.apache.commons.io;
    requires org.yaml.snakeyaml;
    requires com.google.gson;
    requires kotlin.stdlib;
    requires org.apache.commons.lang3;
    requires org.bouncycastle.pkix;
    requires org.bouncycastle.provider;
    requires org.bouncycastle.util;

    requires jdk.jdwp.agent;

    opens io.github.vcvitaly.k8cp to javafx.fxml;
    exports io.github.vcvitaly.k8cp;
    exports io.github.vcvitaly.k8cp.controller;
    exports io.github.vcvitaly.k8cp.controller.menu;
    exports io.github.vcvitaly.k8cp.controller.pane;
    exports io.github.vcvitaly.k8cp.controller.init;
    exports io.github.vcvitaly.k8cp.domain;
    exports io.github.vcvitaly.k8cp.enumeration;
    exports io.github.vcvitaly.k8cp.util;
    exports io.github.vcvitaly.k8cp.exception;
    opens io.github.vcvitaly.k8cp.controller to javafx.fxml;
    opens io.github.vcvitaly.k8cp.controller.menu to javafx.fxml;
    opens io.github.vcvitaly.k8cp.controller.init to javafx.fxml;
    opens io.github.vcvitaly.k8cp.controller.pane to javafx.fxml;
    opens io.github.vcvitaly.k8cp.util to javafx.fxml;
}

Any thougths?

vcvitaly commented 7 months ago

Resolved it as described here: https://stackoverflow.com/a/78171207/8587732

by adding

requires jdk.crypto.ec;

to module-info

cipherboy commented 7 months ago

Closing as it appears to be solved and related to other tooling in the app's ecosystem; see Stack Overflow link above.