java 导致:javax.net.ssl.SSLProtocolException:无法解码命名组:x25519

问题描述 投票:0回答:1

我需要一些帮助。

我正在编写一个使用 java kubernetes 客户端的 JavaFX 应用程序https://github.com/kubernetes-client/java,而它又使用 bouncyCastle。

当我从 Intellij 运行应用程序时,一切正常。但是,当我使用 jlink-plugin 打包应用程序然后运行它时 - 它失败并出现错误:

Caused by: io.kubernetes.client.openapi.ApiException: Message: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519
HTTP response code: 0
HTTP response body: null
HTTP response headers: null
        at [email protected]/io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:1032)
        at [email protected]/io.kubernetes.client.openapi.apis.CoreV1Api.listNamespaceWithHttpInfo(CoreV1Api.java:24473)
        at [email protected]/io.kubernetes.client.openapi.apis.CoreV1Api.access$40900(CoreV1Api.java:77)
        at [email protected]/io.kubernetes.client.openapi.apis.CoreV1Api$APIlistNamespaceRequest.execute(CoreV1Api.java:24638)
        at [email protected]/io.github.vcvitaly.k8cp.client.impl.KubeClientImpl.getNamespaces(KubeClientImpl.java:69)
        ... 55 common frames omitted
Caused by: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
        at java.base/sun.security.ssl.KeyShareExtension$SHKeyShareConsumer.consume(KeyShareExtension.java:682)

我能够通过调试进行连接,并且 KeyShareExtension$SHKeyShareConsumer.consume 处导致的错误是: 

java.security.spec.InvalidKeySpecException: key spec not recognized

那个答案建议添加一个安全提供程序,我尝试了两种方法但没有成功:

  1. Security.addProvider(new BouncyCastleProvider());
    添加到主类
  2. security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
    添加到 
    build/image/lib/security/java.security

重要的时刻是我必须将 

'--ignore-signing-information'
添加到 jlink 选项,否则它会失败:

Error: signed modular JAR /home/vcvitaly/IdeaProjects/k8cp/build/jlinkbase/jlinkjars/bcpkix-jdk18on-1.77.jar
is currently not supported, use --ignore-signing-information to suppress error

这是我的build.gradle

import org.openjfx.gradle.JavaFXPlatform

plugins {
    id 'java'
    id 'application'
    id 'org.javamodularity.moduleplugin' version '1.8.12'
    id 'org.openjfx.javafxplugin' version '0.1.0'
    id "com.google.osdetector" version "1.7.3"
    id 'org.beryx.jlink' version '3.0.1'
    id "io.freefair.lombok" version "8.6"
}

group 'io.github.vcvitaly'
version '1.0-SNAPSHOT'

repositories {
    mavenCentral()
}

ext {
    junitVersion = '5.10.2'
    platform = getPlatform()
    javaVer = JavaVersion.VERSION_21
}

java {
    sourceCompatibility = javaVer
}

tasks.withType(JavaCompile) {
    options.encoding = 'UTF-8'
}

application {
    mainModule = 'io.github.vcvitaly.k8cp'
    mainClass = 'io.github.vcvitaly.k8cp.App'
}

javafx {
    version = javaVer
    modules = ['javafx.controls', 'javafx.fxml']
}

dependencies {
    implementation('org.controlsfx:controlsfx:11.1.2')
    implementation('net.synedra:validatorfx:0.4.0') {
        exclude(group: 'org.openjfx')
    }
    implementation('org.kordamp.ikonli:ikonli-javafx:12.3.1')
    implementation 'org.kordamp.ikonli:ikonli-fontawesome-pack:12.3.1'
    implementation 'org.kordamp.ikonli:ikonli-fontawesome5-pack:12.3.1'
    implementation 'org.kordamp.ikonli:ikonli-material2-pack:12.3.1'
//    implementation('org.kordamp.bootstrapfx:bootstrapfx-core:0.4.0')

    implementation 'ch.qos.logback:logback-core:1.5.2'
    implementation 'org.slf4j:slf4j-api:2.0.12'
    implementation 'ch.qos.logback:logback-classic:1.5.2'

    implementation ("io.kubernetes:client-java:20.0.0") {
        exclude group: "com.google.code.findbugs", module: "jsr305"
        exclude group: "com.amazonaws", module: "aws-java-sdk-sts"
    }

    testImplementation "org.junit.jupiter:junit-jupiter-api:${junitVersion}"
    testImplementation "org.junit.jupiter:junit-jupiter-params:${junitVersion}"
    testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${junitVersion}"

    testImplementation 'org.mockito:mockito-core:5.11.0'
    testImplementation "org.assertj:assertj-core:3.25.1"
    testImplementation "org.testfx:testfx-junit5:4.0.18"
}

test {
    useJUnitPlatform()
}

jlink {
    imageZip = project.file("${buildDir}/distributions/app-${javafx.platform.classifier}.zip")
    options = [
//            '--strip-debug', // TODO uncomment
            '--compress', '2',
            '--no-header-files',
            '--no-man-pages'
//            '--ignore-signing-information'
    ]
    launcher {
        name = 'app'
    }
}

jlinkZip {
    group = 'distribution'
}

tasks.register('dist') {
    dependsOn clean, jlinkZip
    description "Calls clean and then jlinkZip"
}

configurations
        .matching(it -> it.name.contains("downloadSources"))
        .configureEach {
    attributes {
        attribute(Usage.USAGE_ATTRIBUTE, objects.named(Usage, Usage.JAVA_RUNTIME))
        attribute(OperatingSystemFamily.OPERATING_SYSTEM_ATTRIBUTE, objects.named(OperatingSystemFamily, platform.osFamily))
        attribute(MachineArchitecture.ARCHITECTURE_ATTRIBUTE, objects.named(MachineArchitecture, platform.arch))
    }
}

def getPlatform() {
    return JavaFXPlatform.detect(osdetector);
}

和我的模块信息:

module io.github.vcvitaly.k8cp {
    requires javafx.controls;
    requires javafx.fxml;

    requires java.annotation;
//    requires jsr305;

    requires org.controlsfx.controls;
    requires net.synedra.validatorfx;
    requires org.kordamp.ikonli.javafx;
    requires org.kordamp.ikonli.fontawesome5;

    requires org.slf4j;
    requires ch.qos.logback.core;
    requires ch.qos.logback.classic;

    requires static lombok;
    requires io.kubernetes.client.java;
    requires io.kubernetes.client.java.api;

    requires org.apache.commons.io;
    requires org.yaml.snakeyaml;
    requires com.google.gson;
    requires kotlin.stdlib;
    requires org.apache.commons.lang3;
    requires org.bouncycastle.pkix;
    requires org.bouncycastle.provider;
    requires org.bouncycastle.util;

    requires jdk.jdwp.agent;

    opens io.github.vcvitaly.k8cp to javafx.fxml;
    exports io.github.vcvitaly.k8cp;
    exports io.github.vcvitaly.k8cp.controller;
    exports io.github.vcvitaly.k8cp.controller.menu;
    exports io.github.vcvitaly.k8cp.controller.pane;
    exports io.github.vcvitaly.k8cp.controller.init;
    exports io.github.vcvitaly.k8cp.domain;
    exports io.github.vcvitaly.k8cp.enumeration;
    exports io.github.vcvitaly.k8cp.util;
    exports io.github.vcvitaly.k8cp.exception;
    opens io.github.vcvitaly.k8cp.controller to javafx.fxml;
    opens io.github.vcvitaly.k8cp.controller.menu to javafx.fxml;
    opens io.github.vcvitaly.k8cp.controller.init to javafx.fxml;
    opens io.github.vcvitaly.k8cp.controller.pane to javafx.fxml;
    opens io.github.vcvitaly.k8cp.util to javafx.fxml;
}

有什么想法吗?

java bouncycastle java-module java-security jlink
1个回答
0
投票

感谢这个页面,上面写着

Since the error pointed to an algorithm mismatch somewhere in the
code the security providers must have been altered. 
The culprit was a static initialization in the DockerTokenUtil class:



static {
    Security.removeProvider("SunEC");
    Security.removeProvider("EC");
    Security.addProvider(new BouncyCastleProvider());
}
This piece of code would remove the default providers globally and
replace it with the bouncy castle implementation, since x255519 is
an EC then the mismatch was thrown because the Bouncy Castle
implementation didn’t match it.

我做了一个猜测,并能够通过添加到模块信息来解决它

requires jdk.crypto.ec;
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.