(tl,dr at the end)
We have a small method that generates self-signed SSL certificate and it obviously depends on sun.security.x509
. Currently we are still building it using JDK8 because of that, even though the rest of the codebase (it's only small, single library) is build using JDK11 and run with JVM11.
Unfortunately there aren't replacement in the main JDK, as per (and CertificateFactory
has little to nothing with generating certificates, contrary to what it's javadoc states…):
One option would be to use BouncyCastle, but that's additional 4MB that we really don't need, especially for such small task so I was pondering ways to access it while
From what I saw, the package and required classes are still package and relevant classes are still there (see sun.security.x509
on github but when building it (using maven) I get error:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project: Compilation failure: Compilation failure:
[ERROR] OldSelfSignedCertificateGenerator.java:[20,25] package sun.security.x509 does not exist
[ERROR] OldSelfSignedCertificateGenerator.java:[71,45] cannot find symbol
[ERROR] symbol: class X509CertInfo
[ERROR] location: class OldSelfSignedCertificateGenerator
I was searching a bit and adding:
<arg>--add-exports</arg><arg>java.base/sun.security.x509=ALL-UNNAMED</arg>
to maven-compiler-plugin
and it somewhat worked - I only get WARNING
not regarding sun.security.x509
package:
[WARNING] OldSelfSignedCertificateGenerator.java:[20,25] sun.security.x509.AlgorithmId is internal proprietary API and may be removed in a future release
BUT! Now it seems I entered (unwillingly!) module system and it complains about access to other, basic Java classes (and one more our dependency):
[ERROR] CertificateUtil.java:[35,17] package java.util.logging is not visible
(package java.util.logging is declared in module java.logging, but module java.base does not read it)
I tried adding java.logging
module in the same manner to exports but without much success. It also seems that I would have to convert both this library and it's dependency to module system, which is not really desired.
The question is somewhat related to How to generate a self-signed certificate using only JDK supported classes?
tl,dr;
is there a way to compile library using sun.security.x509
package under JDK 11 without module system? Some simple switch?
It turns out that presumably it has to do with the fact that builds produced by newer JDK (9+) Versions won't be executable under JDK8:
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>9</source>
<target>9</target>
<release combine.self="override"></release>
<compilerArgs>
<arg>--add-exports</arg><arg>java.base/sun.security.x509=ALL-UNNAMED</arg>
</compilerArgs>
</configuration>
</plugin>
To include sun.security.[somePackage]
classes in gradle you may add:
tasks.withType(AbstractCompile) {
options.compilerArgs += ["--add-exports", "java.base/sun.security.util=ALL-UNNAMED"]
options.compilerArgs += ["--add-exports", "java.base/sun.security.pkcs=ALL-UNNAMED"]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With