Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access `sun.security.x509` in JDK 11 without modules?

(tl,dr at the end) We have a small method that generates self-signed SSL certificate and it obviously depends on sun.security.x509. Currently we are still building it using JDK8 because of that, even though the rest of the codebase (it's only small, single library) is build using JDK11 and run with JVM11.

Unfortunately there aren't replacement in the main JDK, as per (and CertificateFactory has little to nothing with generating certificates, contrary to what it's javadoc states…):

  • https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8165481
  • https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8058778

One option would be to use BouncyCastle, but that's additional 4MB that we really don't need, especially for such small task so I was pondering ways to access it while

From what I saw, the package and required classes are still package and relevant classes are still there (see sun.security.x509 on github but when building it (using maven) I get error:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project: Compilation failure: Compilation failure:
[ERROR] OldSelfSignedCertificateGenerator.java:[20,25] package sun.security.x509 does not exist
[ERROR] OldSelfSignedCertificateGenerator.java:[71,45] cannot find symbol
[ERROR]   symbol:   class X509CertInfo
[ERROR]   location: class OldSelfSignedCertificateGenerator

I was searching a bit and adding:

<arg>--add-exports</arg><arg>java.base/sun.security.x509=ALL-UNNAMED</arg>

to maven-compiler-plugin and it somewhat worked - I only get WARNING not regarding sun.security.x509 package:

[WARNING] OldSelfSignedCertificateGenerator.java:[20,25] sun.security.x509.AlgorithmId is internal proprietary API and may be removed in a future release

BUT! Now it seems I entered (unwillingly!) module system and it complains about access to other, basic Java classes (and one more our dependency):

[ERROR] CertificateUtil.java:[35,17] package java.util.logging is not visible
  (package java.util.logging is declared in module java.logging, but module java.base does not read it)

I tried adding java.logging module in the same manner to exports but without much success. It also seems that I would have to convert both this library and it's dependency to module system, which is not really desired.

The question is somewhat related to How to generate a self-signed certificate using only JDK supported classes?


tl,dr; is there a way to compile library using sun.security.x509 package under JDK 11 without module system? Some simple switch?

like image 690
Wojtek Avatar asked Apr 10 '20 22:04

Wojtek


2 Answers

It turns out that presumably it has to do with the fact that builds produced by newer JDK (9+) Versions won't be executable under JDK8:

<plugin>
    <artifactId>maven-compiler-plugin</artifactId>
    <configuration>
        <source>9</source>
        <target>9</target>
        <release combine.self="override"></release>
        <compilerArgs>
            <arg>--add-exports</arg><arg>java.base/sun.security.x509=ALL-UNNAMED</arg>
        </compilerArgs>
    </configuration>
</plugin>
like image 118
Wojtek Avatar answered Oct 16 '22 22:10

Wojtek


To include sun.security.[somePackage] classes in gradle you may add:

tasks.withType(AbstractCompile) {
    options.compilerArgs += ["--add-exports", "java.base/sun.security.util=ALL-UNNAMED"]
    options.compilerArgs += ["--add-exports", "java.base/sun.security.pkcs=ALL-UNNAMED"]
}
like image 1
Дима Годиков Avatar answered Oct 16 '22 22:10

Дима Годиков