Closed augi closed 3 years ago
I am not super familiar with the format here, but I think that the specific error message comes from metadata in the META-INF/MANIFEST.MF file for org.bouncycastle:bcprov-jdk15on:1.68. Here is what I found after downloading the artifact from https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.68:
$ unzip -c bcprov-jdk15on-1.68.jar META-INF/MANIFEST.MF | grep --line-number -C 1 edec/SignatureSpi$EdDSA
2631-
2632:Name: org/bouncycastle/jcajce/provider/asymmetric/edec/SignatureSpi$Ed
2633- 25519.class
--
--
4399-Name: META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric
4400: /edec/SignatureSpi.class
4401-SHA-256-Digest: 4pFp/tAj7g9Vn/ZXFesC6oDeyF+RIN8FAyangajSPKQ=
$ unzip -l bcprov-jdk15on-1.68.jar | grep versions/15
0 12-21-2020 18:15 META-INF/versions/15/
0 12-21-2020 18:15 META-INF/versions/15/org/
0 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/
0 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/
0 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/
0 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/
0 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/
385 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/SignatureSpi$EdDSA.class
395 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyFactorySpi$X448.class
393 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/SignatureSpi$Ed25519.class
523 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyPairGeneratorSpi$X448.class
389 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/SignatureSpi$Ed448.class
1340 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/BC11XDHPrivateKey.class
8197 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyFactorySpi.class
1348 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/BC15EdDSAPrivateKey.class
529 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyPairGeneratorSpi$X25519.class
448 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyPairGeneratorSpi$EdDSA.class
397 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyFactorySpi$Ed448.class
526 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyPairGeneratorSpi$Ed448.class
399 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyFactorySpi$X25519.class
445 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyPairGeneratorSpi$XDH.class
6593 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyPairGeneratorSpi.class
396 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyFactorySpi$EdDSA.class
4986 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/SignatureSpi.class
1570 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/BC15EdDSAPublicKey.class
401 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyFactorySpi$Ed25519.class
1421 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/BC11XDHPublicKey.class
392 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyFactorySpi$XDH.class
532 12-21-2020 18:15 META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/KeyPairGeneratorSpi$Ed25519.class
So I think maybe the question might be why this artifact has class files under a META-INF/versions/15
path, which appear to be compiled with Java 15?
the hex 3b
here is "major version 59":
$ unzip -p bcprov-jdk15on-1.68.jar META-INF/versions/15/org/bouncycastle/jcajce/provider/asymmetric/edec/SignatureSpi$EdDSA.class | xxd | head
00000000: cafe babe 0000 003b 00d2 0a00 0200 0307 .......;........
I think this is more of an issue with the bouncycastle packaging and asm than something with missinglink.
ah, the META-INF/versions/15
stuff is because it is a multi-release JAR file
$ unzip -p bcprov-jdk15on-1.68.jar META-INF/MANIFEST.MF | grep Multi-Release
Multi-Release: true
Yeah, exactly! The JAR seems to be valid. The question is how these JARs should be handled 🤔 Btw. we were running the build on AdoptOpenJDK11. Maybe it wouldn't fail when running on JDK15 but it would still be nice not to fail when running on JDK11.
Maybe it would make sense to just ignore classes from META-INF/versions
that cannot be parsed because of unsupported version, or something like this 🤔
It has been a long time since I have looked at the relevant code in missinglink, but I think this logic probably needs updating to deal with multi-release JARs, since it expects that every entry in the jar/zip file that ends in .class
should be loaded:
We are getting
Unsupported class file major version 59
exception when the project contains a dependency onorg.bouncycastle:bcprov-jdk15on:1.68
.It looks like the issue is that missinglink tries to load classes from
META-INF
.