search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.36k stars 2.56k forks source link

Dev Services for MySQL doesn't work in FIPS-enabled environment even though it could #40526

Open michalvavrik opened 1 month ago

michalvavrik commented 1 month ago

Describe the bug

I cannot leverage Dev Services for MySQL when I develop my Quarkus application in FIPS-enabled environment. Quarkus JDBC MySQL extension works in FIPS-enabled environment (team I belong to run several tests that use MySQL in FIPS-enabled environment), however the dev service rely on TestContainers version that doesn't work in FIPS-enabled environment by default . I think it's similar thing that happened to Quarkus in past (see https://github.com/quarkusio/quarkus/issues/32910). The default authentication plugin used unsupported cipher. See how Camel tests worked around that https://github.com/apache/camel-quarkus/pull/6063 https://github.com/apache/camel-quarkus/issues/6061 https://github.com/apache/camel-quarkus/issues/6062.

Expected behavior

My team also uses TestContainers and experienced the same issue. The easiest workaround was to use log message as a waiting strategy (see here for a working example https://github.com/quarkus-qe/quarkus-test-suite/pull/1782/files#diff-162fe6553bac44cb3d154600cad3a11e4102ee420ff0460e1deb1659e88dbbcc ). However there are other workarounds like these that Camel Quarkus tests did. I also suppose there is a proper solution as well, but I will leave that to experts.

Personally I think it would be nice to be able to develop with the same environment setup as the application is going to run and Quarkus could make it easier with the Dev Service.

Actual behavior

Waiting for database connection timeouts, Quarkus cannot detect that the database is ready even though it is:

Database for default datasource (mysql) starting: 2024-05-08 20:42:35,177 INFO  [tc.doc.io/.0] (build-25) Waiting for database connection to become available at jdbc:mysql://localhost:32798/quarkus using query 'SELECT 1'

2024-05-08T20:46:50.515029Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.37'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server - GPL.

2024-05-08 20:48:36,727 INFO  [io.qua.dep.dev.IsolatedDevModeMain] (main) Attempting to start live reload endpoint to recover from previous Quarkus startup failure
2024-05-08 20:48:37,255 ERROR [io.qua.dep.dev.IsolatedDevModeMain] (main) Failed to start quarkus: java.lang.RuntimeException: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
    [error]: Build step io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor#launchDatabases threw an exception: java.lang.RuntimeException: org.testcontainers.containers.ContainerLaunchException: Container startup failed for image docker.io/mysql:8.0
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.startDevDb(DevServicesDatasourceProcessor.java:363)
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.launchDatabases(DevServicesDatasourceProcessor.java:142)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:849)
    at io.quarkus.builder.BuildContext.run(BuildContext.java:256)
    at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
    at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516)
    at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1521)
    at java.base/java.lang.Thread.run(Thread.java:840)
    at org.jboss.threads.JBossThread.run(JBossThread.java:483)
Caused by: org.testcontainers.containers.ContainerLaunchException: Container startup failed for image docker.io/mysql:8.0
    at org.testcontainers.containers.GenericContainer.doStart(GenericContainer.java:359)
    at org.testcontainers.containers.GenericContainer.start(GenericContainer.java:330)
    at io.quarkus.devservices.mysql.deployment.MySQLDevServicesProcessor$1.startDatabase(MySQLDevServicesProcessor.java:77)
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.startDevDb(DevServicesDatasourceProcessor.java:289)
    ... 13 more
Caused by: org.rnorth.ducttape.RetryCountExceededException: Retry limit hit with exception
    at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:88)
    at org.testcontainers.containers.GenericContainer.doStart(GenericContainer.java:344)
    ... 16 more
Caused by: org.testcontainers.containers.ContainerLaunchException: Could not create/start container
    at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:563)
    at org.testcontainers.containers.GenericContainer.lambda$doStart$0(GenericContainer.java:354)
    at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:81)
    ... 17 more
Caused by: java.lang.IllegalStateException: Container is started, but cannot be accessed by (JDBC URL: jdbc:mysql://localhost:32800/quarkus), please check container logs
    at org.testcontainers.containers.JdbcDatabaseContainer.waitUntilContainerStarted(JdbcDatabaseContainer.java:176)
    at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:500)
    ... 19 more
Caused by: java.sql.SQLException: Could not create new connection
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:262)
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:218)
    at org.testcontainers.containers.JdbcDatabaseContainer.waitUntilContainerStarted(JdbcDatabaseContainer.java:158)
    ... 20 more
Caused by: java.sql.SQLException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:130)
    at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:815)
    at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:438)
    at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:241)
    at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:189)
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:253)
    ... 22 more
Caused by: com.mysql.cj.exceptions.RSAException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at jdk.internal.reflect.GeneratedConstructorAccessor42.newInstance(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
    at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
    at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
    at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:104)
    at com.mysql.cj.protocol.ExportControlled.encryptWithRSAPublicKey(ExportControlled.java:275)
    at com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin.encryptPassword(Sha256PasswordPlugin.java:188)
    at com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin.encryptPassword(Sha256PasswordPlugin.java:178)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.encryptPassword(CachingSha2PasswordPlugin.java:163)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:143)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:49)
    at com.mysql.cj.protocol.a.NativeAuthenticationProvider.proceedHandshakeWithPluggableAuthentication(NativeAuthenticationProvider.java:446)
    at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:215)
    at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1428)
    at com.mysql.cj.NativeSession.connect(NativeSession.java:133)
    at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:935)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:805)
    ... 26 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
    at com.mysql.cj.protocol.ExportControlled.encryptWithRSAPublicKey(ExportControlled.java:271)
    ... 37 more
Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA-1AndMGF1Padding
    at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
    at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
    at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
    ... 38 more

    at io.quarkus.runner.bootstrap.AugmentActionImpl.runAugment(AugmentActionImpl.java:337)
    at io.quarkus.runner.bootstrap.AugmentActionImpl.createInitialRuntimeApplication(AugmentActionImpl.java:254)
    at io.quarkus.runner.bootstrap.AugmentActionImpl.createInitialRuntimeApplication(AugmentActionImpl.java:60)
    at io.quarkus.deployment.dev.IsolatedDevModeMain.firstStart(IsolatedDevModeMain.java:112)
    at io.quarkus.deployment.dev.IsolatedDevModeMain.accept(IsolatedDevModeMain.java:433)
    at io.quarkus.deployment.dev.IsolatedDevModeMain.accept(IsolatedDevModeMain.java:55)
    at io.quarkus.bootstrap.app.CuratedApplication.runInCl(CuratedApplication.java:138)
    at io.quarkus.bootstrap.app.CuratedApplication.runInAugmentClassLoader(CuratedApplication.java:93)
    at io.quarkus.deployment.dev.DevModeMain.start(DevModeMain.java:131)
    at io.quarkus.deployment.dev.DevModeMain.main(DevModeMain.java:62)
Caused by: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
    [error]: Build step io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcaunchDatabases threw an exception: java.lang.RuntimeException: org.testcontainers.containers.ContainerLaunchException: Container startup failed for image docker.io/mysql:8.0
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.startDevDb(DevServicesDatasourceProcessor.java:363)
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.launchDatabases(DevServicesDatasourceProcessor.java:142)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:849)
    at io.quarkus.builder.BuildContext.run(BuildContext.java:256)
    at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
    at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516)
    at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1521)
    at java.base/java.lang.Thread.run(Thread.java:840)
    at org.jboss.threads.JBossThread.run(JBossThread.java:483)
Caused by: org.testcontainers.containers.ContainerLaunchException: Container startup failed for image docker.io/mysql:8.0
    at org.testcontainers.containers.GenericContainer.doStart(GenericContainer.java:359)
    at org.testcontainers.containers.GenericContainer.start(GenericContainer.java:330)
    at io.quarkus.devservices.mysql.deployment.MySQLDevServicesProcessor$1.startDatabase(MySQLDevServicesProcessor.java:77)
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.startDevDb(DevServicesDatasourceProcessor.java:289)
    ... 13 more
Caused by: org.rnorth.ducttape.RetryCountExceededException: Retry limit hit with exception
    at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:88)
    at org.testcontainers.containers.GenericContainer.doStart(GenericContainer.java:344)
    ... 16 more
Caused by: org.testcontainers.containers.ContainerLaunchException: Could not create/start container
    at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:563)
    at org.testcontainers.containers.GenericContainer.lambda$doStart$0(GenericContainer.java:354)
    at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:81)
    ... 17 more
Caused by: java.lang.IllegalStateException: Container is started, but cannot be accessed by (JDBC URL: jdbc:mysql://localhost:32800/quarkus), please check container logs
    at org.testcontainers.containers.JdbcDatabaseContainer.waitUntilContainerStarted(JdbcDatabaseContainer.java:176)
    at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:500)
    ... 19 more
Caused by: java.sql.SQLException: Could not create new connection
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:262)
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:218)
    at org.testcontainers.containers.JdbcDatabaseContainer.waitUntilContainerStarted(JdbcDatabaseContainer.java:158)
    ... 20 more
Caused by: java.sql.SQLException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:130)
    at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:815)
    at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:438)
    at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:241)
    at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:189)
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:253)
    ... 22 more
Caused by: com.mysql.cj.exceptions.RSAException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at jdk.internal.reflect.GeneratedConstructorAccessor42.newInstance(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
    at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
    at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
    at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:104)
    at com.mysql.cj.protocol.ExportControlled.encryptWithRSAPublicKey(ExportControlled.java:275)
    at com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin.encryptPassword(Sha256PasswordPlugin.java:188)
    at com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin.encryptPassword(Sha256PasswordPlugin.java:178)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.encryptPassword(CachingSha2PasswordPlugin.java:163)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:143)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:49)
    at com.mysql.cj.protocol.a.NativeAuthenticationProvider.proceedHandshakeWithPluggableAuthentication(NativeAuthenticationProvider.java:446)
    at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:215)
    at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1428)
    at com.mysql.cj.NativeSession.connect(NativeSession.java:133)
    at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:935)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:805)
    ... 26 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
    at com.mysql.cj.protocol.ExportControlled.encryptWithRSAPublicKey(ExportControlled.java:271)
    ... 37 more
Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA-1AndMGF1Padding
    at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
    at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
    at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
    ... 38 more

    at io.quarkus.builder.Execution.run(Execution.java:123)
    at io.quarkus.builder.BuildExecutionBuilder.execute(BuildExecutionBuilder.java:79)
    at io.quarkus.deployment.QuarkusAugmentor.run(QuarkusAugmentor.java:160)
    at io.quarkus.runner.bootstrap.AugmentActionImpl.runAugment(AugmentActionImpl.java:333)
    ... 9 more
Caused by: java.lang.RuntimeException: org.testcontainers.containers.ContainerLaunchException: Container startup failed for image docker.io/mysql:8.0
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.startDevDb(DevServicesDatasourceProcessor.java:363)
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.launchDatabases(DevServicesDatasourceProcessor.java:142)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:849)
    at io.quarkus.builder.BuildContext.run(BuildContext.java:256)
    at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
    at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516)
    at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495)
    at org.jboss.threads.EnhancedQueueExecutor$Threrun(EnhancedQueueExecutor.java:1521)
    at java.base/java.lang.Thread.run(Thread.java:840)
    at org.jboss.threads.JBossThread.run(JBossThread.java:483)
Caused by: org.testcontainers.containers.ContainerLaunchException: Container startup failed for image docker.io/mysql:8.0
    at org.testcontainers.containers.GenericContainer.doStart(GenericContainer.java:359)
    at org.testcontainers.containers.GenericContainer.start(GenericContainer.java:330)
    at io.quarkus.devservices.mysql.deployment.MySQLDevServicesProcessor$1.startDatabase(MySQLDevServicesProcessor.java:77)
    at io.quarkus.datasource.deployment.devservices.DevServicesDatasourceProcessor.startDevDb(DevServicesDatasourceProcessor.java:289)
    ... 13 more
Caused by: org.rnorth.ducttape.RetryCountExceededException: Retry limit hit with exception
    at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:88)
    at org.testcontainers.containers.GenericContainer.doStart(GenericContainer.java:344)
    ... 16 more
Caused by: org.testcontainers.containers.ContainerLaunchException: Could not create/start container
    at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:563)
    at org.testcontainers.containers.GenericContainer.lambda$doStart$0(GenericContainer.java:354)
    at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:81)
    ... 17 more
Caused by: java.lang.IllegalStateException: Container is started, but cannot be accessed by (JDBC URL: jdbc:mysql://localhost:32800/quarkus), please check container logs
    at org.testcontainers.containers.JdbcDatabaseContainer.waitUntilContainerStarted(JdbcDatabaseContainer.java:176)
    at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:500)
    ... 19 more
Caused by: java.sql.SQLException: Could not create new connection
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:262)
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:218)
    at org.testcontainers.containers.JdbcDatabaseContainer.waitUntilContainerStarted(JdbcDatabaseContainer.java:158)
    ... 20 more
Caused by: java.sql.SQLException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:130)
    at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:815)
    at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:438)
    at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:241)
    at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:189)
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:253)
    ... 22 more
Caused by: com.mysql.cj.exceptions.RSAException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at jdk.internal.reflect.GeneratedConstructorAccessor42.newInstance(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
    at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
    at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
    at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:104)
    at com.mysql.cj.protocol.ExportControlled.encryptWithRSAPublicKey(ExportControlled.java:275)
    at com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin.encryptPassword(Sha256PasswordPlugin.java:188)
    at com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin.encryptPassword(Sha256PasswordPlugin.java:178)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.encryptPassword(CachingSha2PasswordPlugin.java:163)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:143)
    at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:49)
    at com.mysql.cj.protocol.a.NativeAuthenticationProvider.proceedHandshakeWithPluggableAuthentication(NativeAuthenticationProvider.java:446)
    at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:215)
    at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1428)
    at com.mysql.cj.NativeSession.connect(NativeSession.java:133)
    at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:935)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:805)
    ... 26 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
    at com.mysql.cj.protocol.ExportControlled.encryptWithRSAPublicKey(ExportControlled.java:271)
    ... 37 more
Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA-1AndMGF1Padding
    at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
    at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
    at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
    ... 38 more

How to Reproduce?

Steps to reproduce (you need FIPS-enabled environment):

mvn io.quarkus.platform:quarkus-maven-plugin:3.10.0:create \
    -DprojectGroupId=org.acme \
    -DprojectArtifactId=getting-started \
    -Dextensions='rest,hibernate-orm,jdbc-mysql'

cd getting-started

mvn quarkus:dev

Output of uname -a or ver

Fedora 38

Output of java -version

Red_Hat-17.0.10.0.7-1.el7openjdkportable

Quarkus version or git rev

3.10, 3.8.4

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.9.4

Additional information

No response

quarkus-bot[bot] commented 1 month ago

/cc @Karm (securepipeline), @geoand (devservices), @jerboaa (securepipeline), @stuartwdouglas (devservices)

jerboaa commented 1 month ago

Root cause is:

Caused by: java.sql.SQLException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:130)
    at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
    at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:815)
    at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:438)
    at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:241)
    at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:189)
    at org.testcontainers.containers.JdbcDatabaseContainer.createConnection(JdbcDatabaseContainer.java:253)
    ... 22 more

Cipher RSA/ECB/OAEPWithSHA-1AndMGF1Padding is not available with the SunPKCS11-NSS-FIPS provider. I'd suggest to massage the driver to use a more portable one.