How to solve no conscrypt_openjdk_jni in java.library.path error?

Question

I want to sign my apk, so I executed the following command:

java -jar signapk.jar platform.x509.pem platform.pk8 app-debug.apk ~/Desktop/test.apk

but I got the following error:

Exception in thread "main" java.lang.UnsatisfiedLinkError: no conscrypt_openjdk_jni in java.library.path at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1867) at java.lang.Runtime.loadLibrary0(Runtime.java:870) at java.lang.System.loadLibrary(System.java:1122) at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:25) at org.conscrypt.NativeCrypto.(NativeCrypto.java:54) at org.conscrypt.OpenSSLBIOInputStream.(OpenSSLBIOInputStream.java:34) at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119) at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220) at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216) at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94) at org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339) at com.android.signapk.SignApk.readPublicKey(SignApk.java:182) at com.android.signapk.SignApk.main(SignApk.java:1087)

How to solve this error?

(openjdk version "1.8.0_141" OpenJDK Runtime Environment (build 1.8.0_141-8u141-b15-3~14.04-b15) OpenJDK 64-Bit Server VM (build 25.141-b15, mixed mode) )

Answer 1

I'm using Jetty, Kotlin, Java 8, and Maven. My solution was twofold. First in pom.xml, add Conscrypt:

<dependency>
    <groupId>org.conscrypt</groupId>
    <artifactId>conscrypt-openjdk</artifactId>
    <version>2.2.1</version>
    <classifier>linux-x86_64</classifier>
</dependency>

Note the <classifier> which needs to be right for your operating system. Pick one from the list here: https://github.com/google/conscrypt/

I like to put my configuration right in the code. Flame me if you like. I followed the instructions here: https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#conscrypt So right before setting up Jetty's sslContextFactory, I had to add:

    Security.addProvider(new OpenSSLProvider())

then after:

    // SSLv2Hello and SSLv3 are outdated and insecure.
    // TLSv1.3 works with Conscrypt, but not Java 8!
    sslContextFactory.setExcludeProtocols("SSLv2Hello", "SSLv3", "TLSv1.3")
    sslContextFactory.setProvider("Conscrypt");

I think that's what cleared it up. I made a lot of changes today.

I had a separate issue which was that my localhost SSL certificate was invalid. I started with this: Can you use a service worker with a self-signed certificate? but ended up grabbing a cert from a server and editing my /etc/hosts file to make localhost look like that server.

Answer 2

java -Xmx2048m -Djava.library.path="out/host/linux-x86/lib64" \
    -jar out/host/linux-x86/framework/signapk.jar \
    -w build/target/product/security/platform.x509.pem \
    build/target/product/security/platform.pk8 \
    FileNeedSign.apk FileNeedSign_Signed.apk