Illegal reflective access by KeyAndCertificateFactoryFactory

[saeltz]

Describe the issue We're running mock servers in our integration tests and seeing log output regarding illegal reflective access, see below.

What you are trying to do A mockserver is stopped after running a suite of integration tests.

MockServer version 5.12.0

To Reproduce Steps to reproduce the issue:

1. Starting a mock server in a Scala project.
2. Running the integration tests on JDK 11.
3. Stopping the mock server.
4. Seeing the below log output.
5. Tests succeed.

Expected behaviour No warning about illegal reflective access. We want to update to JDK 17 soon.

MockServer Log

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.mockserver.socket.tls.KeyAndCertificateFactoryFactory (file:/home/runner/.cache/coursier/v1/https/repo1.maven.org/maven2/org/mock-server/mockserver-core/5.12.0/mockserver-core-5.12.0.jar) to constructor sun.security.util.DerValue(byte,java.lang.String)
WARNING: Please consider reporting this to the maintainers of org.mockserver.socket.tls.KeyAndCertificateFactoryFactory
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

[jamesdbloom]

This is sadly due to poor implementation inside the Java JDK. There is actually no way to test if access to certain classes is allowed without this error appearing despite the fact that the code is only checking the access and then adapting if there is no access. For some reason the JDK authors thought it would be a good idea to log the output in such a way that it was never realistically possible to configure.

In addition the reason this needs to be checked at all is because the introduction of modules in Java which breaks backwards compatibility in a massive way and makes it impossible to create libraries that support both Java 8 and 11+. In my opinion the whole approach to modules in Java is over opinionated and unnecessarily restrictive without achieving the aim / principles really needed, I suspect it may probably cause Java adoption to reduce over time.

This issue is now resolved however in the latest SNAPSHOT version by including a massive library to do all the TLS logic, called Bouncy Castle, previous this was done using JDK classes which kept the size of MockServer smaller.

If you use the SNAPSHOT version which will be released in 3-4 weeks then this output does not happen.

[saeltz]

This issue is now resolved however in the latest SNAPSHOT version

Thanks!

[xtermi2]

A Workarount is to go back to 5.11.2 until the next release is out, this works for us with JDK 16.

[jamesdbloom]

This is only a warning output by the JVM and it should not stop MockServer which has been tested with Java 17. It due to the poor way this has been implemented in the JDK so there is no way to test is access is possible without this warning being output. MockServer handle the failure and adjusts in the case access is not possible and outputs a message if it is required for bouncy caste to be available in the classpath.

[xtermi2]

@jamesdbloom Hmm, when I use 5.12.0 togehther with Java 16/17 I get this exception. Thought this is related with this issue.

• Java 11 with 5.12.0 or 5.11.2 is OK
• Java 16/17 with 5.11.2 is OK
• Java 16/17 with 5.12.0 NOK, see Exception

  java.lang.RuntimeException: failed to instantiate the BouncyCastle KeyAndCertificateFactory
  at org.mockserver.socket.tls.KeyAndCertificateFactoryFactory.createKeyAndCertificateFactory(KeyAndCertificateFactoryFactory.java:81)
  at org.mockserver.socket.tls.NettySslContextFactory.<init>(NettySslContextFactory.java:53)
  at org.mockserver.client.MockServerClient.<init>(MockServerClient.java:70)
  at org.mockserver.integration.ClientAndServer.<init>(ClientAndServer.java:34)
  at org.mockserver.junit.jupiter.MockServerExtension.<init>(MockServerExtension.java:20)
  at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
  at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
  at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
  at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
  at org.junit.platform.commons.util.ReflectionUtils.newInstance(ReflectionUtils.java:550)
  at org.junit.platform.commons.util.ReflectionUtils.newInstance(ReflectionUtils.java:525)
  at org.junit.jupiter.engine.extension.MutableExtensionRegistry.registerExtension(MutableExtensionRegistry.java:145)
  at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
  at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
  at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
  at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:276)
  at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
  at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
  at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
  at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
  at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
  at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
  at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
  at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
  at org.junit.jupiter.engine.extension.MutableExtensionRegistry.createRegistryFrom(MutableExtensionRegistry.java:103)
  at org.junit.jupiter.engine.descriptor.ExtensionUtils.populateNewExtensionRegistryFromExtendWithAnnotation(ExtensionUtils.java:74)
  at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.prepare(ClassBasedTestDescriptor.java:145)
  at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.prepare(ClassBasedTestDescriptor.java:80)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$prepare$2(NodeTestTask.java:123)
  at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.prepare(NodeTestTask.java:123)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:90)
  at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
  at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
  at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
  at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
  at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
  at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
  at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:35)
  at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
  at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:54)
  at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:107)
  at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:88)
  at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:54)
  at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:67)
  at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:52)
  at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:114)
  at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:86)
  at org.junit.platform.launcher.core.DefaultLauncherSession$DelegatingLauncher.execute(DefaultLauncherSession.java:86)
  at org.junit.platform.launcher.core.SessionPerRequestLauncher.execute(SessionPerRequestLauncher.java:53)
  at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.processAllTestClasses(JUnitPlatformTestClassProcessor.java:99)
  at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.access$000(JUnitPlatformTestClassProcessor.java:79)
  at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor.stop(JUnitPlatformTestClassProcessor.java:75)
  at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.stop(SuiteTestClassProcessor.java:61)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:568)
  at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
  at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
  at org.gradle.internal.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:33)
  at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:94)
  at jdk.proxy2/jdk.proxy2.$Proxy5.stop(Unknown Source)
  at org.gradle.api.internal.tasks.testing.worker.TestWorker$3.run(TestWorker.java:193)
  at org.gradle.api.internal.tasks.testing.worker.TestWorker.executeAndMaintainThreadName(TestWorker.java:129)
  at org.gradle.api.internal.tasks.testing.worker.TestWorker.execute(TestWorker.java:100)
  at org.gradle.api.internal.tasks.testing.worker.TestWorker.execute(TestWorker.java:60)
  at org.gradle.process.internal.worker.child.ActionExecutionWorker.execute(ActionExecutionWorker.java:56)
  at org.gradle.process.internal.worker.child.SystemApplicationClassLoaderWorker.call(SystemApplicationClassLoaderWorker.java:133)
  at org.gradle.process.internal.worker.child.SystemApplicationClassLoaderWorker.call(SystemApplicationClassLoaderWorker.java:71)
  at worker.org.gradle.process.internal.worker.GradleWorkerMain.run(GradleWorkerMain.java:69)
  at worker.org.gradle.process.internal.worker.GradleWorkerMain.main(GradleWorkerMain.java:74)