NoClassDefFoundError/ClassNotFoundException when using GcpKmsClient.register()

tink-crypto / tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

https://developers.google.com/tink

Apache License 2.0

13.47k stars 1.18k forks source link

NoClassDefFoundError/ClassNotFoundException when using GcpKmsClient.register() #549

Closed Rob3681 closed 1 year ago

Rob3681 commented 2 years ago

Describe the bug

I get the following exceptions when using GcpKmsClient.register():

Exception in thread "main" java.lang.NoClassDefFoundError: com/google/api/client/json/jackson2/JacksonFactory
        at demo.App.main(App.java:22)
Caused by: java.lang.ClassNotFoundException: com.google.api.client.json.jackson2.JacksonFactory
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:636)
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:182)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:519)
        ... 1 more

My code looks something like this:

package demo;

import java.security.GeneralSecurityException;
import java.util.Optional;

import com.google.crypto.tink.integration.gcpkms.GcpKmsClient;

public class App {
    public static void main(String[] args) throws GeneralSecurityException {
        GcpKmsClient.register(Optional.of("gcp-kms://projects/xxxxx/locations/xxxxx/keyRings/xxxxx/cryptoKeys/xxxxx"), Optional.of("credentials.json"));
    }
}

My build.gradle file contains the following:

plugins {
    id 'application'
}

repositories {
    mavenCentral()
}

dependencies {
    implementation 'com.google.crypto.tink:tink-gcpkms:1.6.1'
}

application {
    mainClass = 'demo.App'
}

Version information

Language: Java 16
Version: 1.6.1

thaidn commented 2 years ago

Hmm, that's strange.

jackson-core is declared as a dependency in pom.xml.

Does it work if you add the following lines?

dependencies { implementation 'com.google.crypto.tink:tink-gcpkms:1.6.1' implementation 'com.fasterxml.jackson.core:jackson-core:2.12.1' }

StefanSchubert0001 commented 2 years ago

Same issue. You can seemingly quick-fix this by adding the following dependency

<dependency>
      <groupId>com.google.http-client</groupId>
      <artifactId>google-http-client-jackson2</artifactId>
      <version>1.40.1</version>
</dependency>

However, in there, the JacksonFactoryis deprecated

marcelsauer4711 commented 2 years ago

same issue here ... seems like the dependency to com.google.http-client:google-http-client-jackson2 has been removed somewhere between com.google.cloud:google-cloud-pubsub:1.110.x and com.google.cloud:google-cloud-pubsub:1.113.x

we are using 2.0.4 of

    <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>spring-cloud-gcp-starter-pubsub</artifactId>
    </dependency>

and

      <dependency>
        <groupId>com.google.crypto.tink</groupId>
        <artifactId>tink</artifactId>
        <version>1.6.1</version>
      </dependency>
      <dependency>
        <groupId>com.google.crypto.tink</groupId>
        <artifactId>tink-gcpkms</artifactId>
        <version>1.6.1</version>
      </dependency>

tobiasendres commented 2 years ago

Same issue here

thaidn commented 2 years ago

Someone reported in https://github.com/google/tink/issues/557 that upgrading to the latest version resolves the problem for them.

Have you tried that?

janhicken commented 2 years ago

I'm facing the same issue.

The Tink GCP KMS extension references the class com.google.api.client.json.jackson2.JacksonFactory in its com.google.crypto.tink.integration.gcpkms.GcpKmsClient class. However, there is no dependency to com.google.http-client:google-http-client-jackson2 declared anywhere in its pom.xml file.

It seems people are just lucky by having the above mentioned dependency in their classpath when working with GCP anyway, and that's why it works for them.

Furthermore, adding jackson-core as a dependency cannot solve the issue, because the missing class is not from Jackson but from the Google HTTP Client Library for Java. It seems that apart from the JacksonFactory usage, the Jackson library is completely unused, which means the dependencies to jackson-core, jackson-databind and jackson-databind-cbor can be removed altogether.

Moreover, the JacksonFactory is deprecated, it should be replaced with GsonFactory.

thaidn commented 2 years ago

Thanks. I'm taking a look and see that this should be fixed in 1.7.

janhicken commented 2 years ago

I think this issue has been fixed with 2069a8080c40b1e6a821d3e44e0cb3f3022bbedc.

However, there seems to be no release to include that fix yet.

juergw commented 1 year ago

Tink 1.7 was released in August 2022, and I think this should be fixed in 1.7. So I'm going to close this now. Please re-open if you think it is still a problem in 1.7.