Vitaly Chura
Reputation: 870
java Caused by: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519
I need some help.
I writing a JavaFX app which uses java kubernetes client https://github.com/kubernetes-client/java which in turn uses bouncyCastle.
When I run the app from Intellij everything works. However when I package the app with jlink-plugin and then run it - it fails with the error:
Caused by: io.kubernetes.client.openapi.ApiException: Message: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519
HTTP response code: 0
HTTP response body: null
HTTP response headers: null
at [email protected]/io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:1032)
at [email protected]/io.kubernetes.client.openapi.apis.CoreV1Api.listNamespaceWithHttpInfo(CoreV1Api.java:24473)
at [email protected]/io.kubernetes.client.openapi.apis.CoreV1Api.access$40900(CoreV1Api.java:77)
at [email protected]/io.kubernetes.client.openapi.apis.CoreV1Api$APIlistNamespaceRequest.execute(CoreV1Api.java:24638)
at [email protected]/io.github.vcvitaly.k8cp.client.impl.KubeClientImpl.getNamespaces(KubeClientImpl.java:69)
... 55 common frames omitted
Caused by: javax.net.ssl.SSLProtocolException: Cannot decode named group: x25519
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.KeyShareExtension$SHKeyShareConsumer.consume(KeyShareExtension.java:682)
I was able to connect via debug and the causing error at KeyShareExtension$SHKeyShareConsumer.consume is:
java.security.spec.InvalidKeySpecException: key spec not recognized
That answer suggests to add a security provider which I tried doing two ways with no success:
- Add
Security.addProvider(new BouncyCastleProvider());to the main class - add
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvidertobuild/image/lib/security/java.security
The immportant moment is that I had to add '--ignore-signing-information' to jlink options because otherwise it was failing with:
Error: signed modular JAR /home/vcvitaly/IdeaProjects/k8cp/build/jlinkbase/jlinkjars/bcpkix-jdk18on-1.77.jar
is currently not supported, use --ignore-signing-information to suppress error
This is my build.gradle
import org.openjfx.gradle.JavaFXPlatform
plugins {
id 'java'
id 'application'
id 'org.javamodularity.moduleplugin' version '1.8.12'
id 'org.openjfx.javafxplugin' version '0.1.0'
id "com.google.osdetector" version "1.7.3"
id 'org.beryx.jlink' version '3.0.1'
id "io.freefair.lombok" version "8.6"
}
group 'io.github.vcvitaly'
version '1.0-SNAPSHOT'
repositories {
mavenCentral()
}
ext {
junitVersion = '5.10.2'
platform = getPlatform()
javaVer = JavaVersion.VERSION_21
}
java {
sourceCompatibility = javaVer
}
tasks.withType(JavaCompile) {
options.encoding = 'UTF-8'
}
application {
mainModule = 'io.github.vcvitaly.k8cp'
mainClass = 'io.github.vcvitaly.k8cp.App'
}
javafx {
version = javaVer
modules = ['javafx.controls', 'javafx.fxml']
}
dependencies {
implementation('org.controlsfx:controlsfx:11.1.2')
implementation('net.synedra:validatorfx:0.4.0') {
exclude(group: 'org.openjfx')
}
implementation('org.kordamp.ikonli:ikonli-javafx:12.3.1')
implementation 'org.kordamp.ikonli:ikonli-fontawesome-pack:12.3.1'
implementation 'org.kordamp.ikonli:ikonli-fontawesome5-pack:12.3.1'
implementation 'org.kordamp.ikonli:ikonli-material2-pack:12.3.1'
// implementation('org.kordamp.bootstrapfx:bootstrapfx-core:0.4.0')
implementation 'ch.qos.logback:logback-core:1.5.2'
implementation 'org.slf4j:slf4j-api:2.0.12'
implementation 'ch.qos.logback:logback-classic:1.5.2'
implementation ("io.kubernetes:client-java:20.0.0") {
exclude group: "com.google.code.findbugs", module: "jsr305"
exclude group: "com.amazonaws", module: "aws-java-sdk-sts"
}
testImplementation "org.junit.jupiter:junit-jupiter-api:${junitVersion}"
testImplementation "org.junit.jupiter:junit-jupiter-params:${junitVersion}"
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:${junitVersion}"
testImplementation 'org.mockito:mockito-core:5.11.0'
testImplementation "org.assertj:assertj-core:3.25.1"
testImplementation "org.testfx:testfx-junit5:4.0.18"
}
test {
useJUnitPlatform()
}
jlink {
imageZip = project.file("${buildDir}/distributions/app-${javafx.platform.classifier}.zip")
options = [
// '--strip-debug', // TODO uncomment
'--compress', '2',
'--no-header-files',
'--no-man-pages'
// '--ignore-signing-information'
]
launcher {
name = 'app'
}
}
jlinkZip {
group = 'distribution'
}
tasks.register('dist') {
dependsOn clean, jlinkZip
description "Calls clean and then jlinkZip"
}
configurations
.matching(it -> it.name.contains("downloadSources"))
.configureEach {
attributes {
attribute(Usage.USAGE_ATTRIBUTE, objects.named(Usage, Usage.JAVA_RUNTIME))
attribute(OperatingSystemFamily.OPERATING_SYSTEM_ATTRIBUTE, objects.named(OperatingSystemFamily, platform.osFamily))
attribute(MachineArchitecture.ARCHITECTURE_ATTRIBUTE, objects.named(MachineArchitecture, platform.arch))
}
}
def getPlatform() {
return JavaFXPlatform.detect(osdetector);
}
and my module-info:
module io.github.vcvitaly.k8cp {
requires javafx.controls;
requires javafx.fxml;
requires java.annotation;
// requires jsr305;
requires org.controlsfx.controls;
requires net.synedra.validatorfx;
requires org.kordamp.ikonli.javafx;
requires org.kordamp.ikonli.fontawesome5;
requires org.slf4j;
requires ch.qos.logback.core;
requires ch.qos.logback.classic;
requires static lombok;
requires io.kubernetes.client.java;
requires io.kubernetes.client.java.api;
requires org.apache.commons.io;
requires org.yaml.snakeyaml;
requires com.google.gson;
requires kotlin.stdlib;
requires org.apache.commons.lang3;
requires org.bouncycastle.pkix;
requires org.bouncycastle.provider;
requires org.bouncycastle.util;
requires jdk.jdwp.agent;
opens io.github.vcvitaly.k8cp to javafx.fxml;
exports io.github.vcvitaly.k8cp;
exports io.github.vcvitaly.k8cp.controller;
exports io.github.vcvitaly.k8cp.controller.menu;
exports io.github.vcvitaly.k8cp.controller.pane;
exports io.github.vcvitaly.k8cp.controller.init;
exports io.github.vcvitaly.k8cp.domain;
exports io.github.vcvitaly.k8cp.enumeration;
exports io.github.vcvitaly.k8cp.util;
exports io.github.vcvitaly.k8cp.exception;
opens io.github.vcvitaly.k8cp.controller to javafx.fxml;
opens io.github.vcvitaly.k8cp.controller.menu to javafx.fxml;
opens io.github.vcvitaly.k8cp.controller.init to javafx.fxml;
opens io.github.vcvitaly.k8cp.controller.pane to javafx.fxml;
opens io.github.vcvitaly.k8cp.util to javafx.fxml;
}
Any thougths?
Upvotes: -1
Views: 463
Answers (1)
Vitaly Chura
Reputation: 870
Thanks to this page which says
Since the error pointed to an algorithm mismatch somewhere in the code the security providers must have been altered.
The culprit was a static initialization in the DockerTokenUtil class:
static {
Security.removeProvider("SunEC");
Security.removeProvider("EC");
Security.addProvider(new BouncyCastleProvider());
}
This piece of code would remove the default providers globally and replace it with the bouncy castle implementation, since x255519 is an EC then the mismatch was thrown because the Bouncy Castle implementation didn’t match it.
I made a guess and was able to resolve it by adding to module-info
requires jdk.crypto.ec;
Upvotes: 0
Related Questions
- How can I read a large text file line by line using Java?
- What is the point of "final class" in Java?
- Convert InputStream to byte array in Java
- When to use LinkedList over ArrayList in Java?
- How to decompile DEX into Java source code?
- Decode Base64 data in Java
- Converting 'ArrayList<String> to 'String[]' in Java
- java.lang.module.FindException: Module javafx.controls not found
- Can't build javafx project with gradle in intellij idea