You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by Dan Langford <da...@gmail.com> on 2023/02/16 00:21:53 UTC

[Broker-J] unable to AutoGenerate self signed on Java17

I have run QPID Broker-J 9.0 on openjdk17 for mac as well as temurin17 for
linux. in both when i try to AutoGenerate a keystore with self signed cert
i get the following error:

org.apache.qpid.server.configuration.IllegalConfigurationException:
Unable to construct keystore
    at org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.generatePrivateKeyAndCertificate(AutoGeneratedSelfSignedKeyStoreImpl.java:296)
    at org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.postResolve(AutoGeneratedSelfSignedKeyStoreImpl.java:169)
    ...

Caused by: java.lang.IllegalAccessException: class
org.apache.qpid.server.transport.network.security.ssl.SSLUtil cannot
access class sun.security.tools.keytool.CertAndKeyGen (in module
java.base) because module java.base does not export
sun.security.tools.keytool to unnamed module @6b37576e
    at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Unknown
Source)
    at java.base/java.lang.reflect.AccessibleObject.checkAccess(Unknown Source)
   ...


now i think i can start java with some flags to make some necessary
classes available however i feel like this behavior is likely
unintended.

should users of Broker-J be expected to add runtime arguments to their
java process to generate the keystore? or is there some other config I
need for this to work? or is this an issue i should log in Jira?


in Java11 this works great.

Re: [Broker-J] unable to AutoGenerate self signed on Java17

Posted by Dan Langford <da...@gmail.com>.

thank you Daniil

On Tue, Feb 21, 2023 at 7:05 AM Daniil Kirilyuk <da...@gmail.com>
wrote:

> Hi,
>
> JIRA QPID-8624 was created:
>
> https://issues.apache.org/jira/browse/QPID-8624
>
> Kind regards,
> Daniil Kirilyuk
>
>
> On Thu, Feb 16, 2023, 09:08 Daniil Kirilyuk <da...@gmail.com>
> wrote:
>
> > Hi,
> >
> >  Although QPID Broker-J 9.0 is intended to be run on the Java 11
> > environment, we try to make it compatible with Java 17 as well. It
> > seems that the tests for the described functionality lack. Could you
> > please create a JIRA for this issue?
> >
> > As a workaround the mentioned JVM flags can be used, namely:
> >
> > --add-opens java.base/sun.security.tools.keytool=ALL-UNNAMED
> > --add-opens java.base/sun.security.x509=ALL-UNNAMED
> >
> > Kind regards,
> > Daniil Kirilyuk
> >
> > On Thu, 16 Feb 2023 at 01:22, Dan Langford <da...@gmail.com>
> wrote:
> > >
> > > I have run QPID Broker-J 9.0 on openjdk17 for mac as well as temurin17
> > for
> > > linux. in both when i try to AutoGenerate a keystore with self signed
> > cert
> > > i get the following error:
> > >
> > > org.apache.qpid.server.configuration.IllegalConfigurationException:
> > > Unable to construct keystore
> > >     at
> >
> org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.generatePrivateKeyAndCertificate(AutoGeneratedSelfSignedKeyStoreImpl.java:296)
> > >     at
> >
> org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.postResolve(AutoGeneratedSelfSignedKeyStoreImpl.java:169)
> > >     ...
> > >
> > > Caused by: java.lang.IllegalAccessException: class
> > > org.apache.qpid.server.transport.network.security.ssl.SSLUtil cannot
> > > access class sun.security.tools.keytool.CertAndKeyGen (in module
> > > java.base) because module java.base does not export
> > > sun.security.tools.keytool to unnamed module @6b37576e
> > >     at
> >
> java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Unknown
> > > Source)
> > >     at java.base/java.lang.reflect.AccessibleObject.checkAccess(Unknown
> > Source)
> > >    ...
> > >
> > >
> > > now i think i can start java with some flags to make some necessary
> > > classes available however i feel like this behavior is likely
> > > unintended.
> > >
> > > should users of Broker-J be expected to add runtime arguments to their
> > > java process to generate the keystore? or is there some other config I
> > > need for this to work? or is this an issue i should log in Jira?
> > >
> > >
> > > in Java11 this works great.
> >
>

Re: [Broker-J] unable to AutoGenerate self signed on Java17

Posted by Daniil Kirilyuk <da...@gmail.com>.

Hi,

JIRA QPID-8624 was created:

https://issues.apache.org/jira/browse/QPID-8624

Kind regards,
Daniil Kirilyuk


On Thu, Feb 16, 2023, 09:08 Daniil Kirilyuk <da...@gmail.com>
wrote:

> Hi,
>
>  Although QPID Broker-J 9.0 is intended to be run on the Java 11
> environment, we try to make it compatible with Java 17 as well. It
> seems that the tests for the described functionality lack. Could you
> please create a JIRA for this issue?
>
> As a workaround the mentioned JVM flags can be used, namely:
>
> --add-opens java.base/sun.security.tools.keytool=ALL-UNNAMED
> --add-opens java.base/sun.security.x509=ALL-UNNAMED
>
> Kind regards,
> Daniil Kirilyuk
>
> On Thu, 16 Feb 2023 at 01:22, Dan Langford <da...@gmail.com> wrote:
> >
> > I have run QPID Broker-J 9.0 on openjdk17 for mac as well as temurin17
> for
> > linux. in both when i try to AutoGenerate a keystore with self signed
> cert
> > i get the following error:
> >
> > org.apache.qpid.server.configuration.IllegalConfigurationException:
> > Unable to construct keystore
> >     at
> org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.generatePrivateKeyAndCertificate(AutoGeneratedSelfSignedKeyStoreImpl.java:296)
> >     at
> org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.postResolve(AutoGeneratedSelfSignedKeyStoreImpl.java:169)
> >     ...
> >
> > Caused by: java.lang.IllegalAccessException: class
> > org.apache.qpid.server.transport.network.security.ssl.SSLUtil cannot
> > access class sun.security.tools.keytool.CertAndKeyGen (in module
> > java.base) because module java.base does not export
> > sun.security.tools.keytool to unnamed module @6b37576e
> >     at
> java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Unknown
> > Source)
> >     at java.base/java.lang.reflect.AccessibleObject.checkAccess(Unknown
> Source)
> >    ...
> >
> >
> > now i think i can start java with some flags to make some necessary
> > classes available however i feel like this behavior is likely
> > unintended.
> >
> > should users of Broker-J be expected to add runtime arguments to their
> > java process to generate the keystore? or is there some other config I
> > need for this to work? or is this an issue i should log in Jira?
> >
> >
> > in Java11 this works great.
>

Re: [Broker-J] unable to AutoGenerate self signed on Java17

Posted by Daniil Kirilyuk <da...@gmail.com>.

Hi,

 Although QPID Broker-J 9.0 is intended to be run on the Java 11
environment, we try to make it compatible with Java 17 as well. It
seems that the tests for the described functionality lack. Could you
please create a JIRA for this issue?

As a workaround the mentioned JVM flags can be used, namely:

--add-opens java.base/sun.security.tools.keytool=ALL-UNNAMED
--add-opens java.base/sun.security.x509=ALL-UNNAMED

Kind regards,
Daniil Kirilyuk

On Thu, 16 Feb 2023 at 01:22, Dan Langford <da...@gmail.com> wrote:
>
> I have run QPID Broker-J 9.0 on openjdk17 for mac as well as temurin17 for
> linux. in both when i try to AutoGenerate a keystore with self signed cert
> i get the following error:
>
> org.apache.qpid.server.configuration.IllegalConfigurationException:
> Unable to construct keystore
>     at org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.generatePrivateKeyAndCertificate(AutoGeneratedSelfSignedKeyStoreImpl.java:296)
>     at org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.postResolve(AutoGeneratedSelfSignedKeyStoreImpl.java:169)
>     ...
>
> Caused by: java.lang.IllegalAccessException: class
> org.apache.qpid.server.transport.network.security.ssl.SSLUtil cannot
> access class sun.security.tools.keytool.CertAndKeyGen (in module
> java.base) because module java.base does not export
> sun.security.tools.keytool to unnamed module @6b37576e
>     at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Unknown
> Source)
>     at java.base/java.lang.reflect.AccessibleObject.checkAccess(Unknown Source)
>    ...
>
>
> now i think i can start java with some flags to make some necessary
> classes available however i feel like this behavior is likely
> unintended.
>
> should users of Broker-J be expected to add runtime arguments to their
> java process to generate the keystore? or is there some other config I
> need for this to work? or is this an issue i should log in Jira?
>
>
> in Java11 this works great.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org