Re: [Broker-J] unable to AutoGenerate self signed on Java17

Tue, 21 Feb 2023 06:05:29 -0800 

Hi,

JIRA QPID-8624 was created:

https://issues.apache.org/jira/browse/QPID-8624

Kind regards,
Daniil Kirilyuk


On Thu, Feb 16, 2023, 09:08 Daniil Kirilyuk <daniel.kiril...@gmail.com>
wrote:

> Hi,
>
>  Although QPID Broker-J 9.0 is intended to be run on the Java 11
> environment, we try to make it compatible with Java 17 as well. It
> seems that the tests for the described functionality lack. Could you
> please create a JIRA for this issue?
>
> As a workaround the mentioned JVM flags can be used, namely:
>
> --add-opens java.base/sun.security.tools.keytool=ALL-UNNAMED
> --add-opens java.base/sun.security.x509=ALL-UNNAMED
>
> Kind regards,
> Daniil Kirilyuk
>
> On Thu, 16 Feb 2023 at 01:22, Dan Langford <danlangf...@gmail.com> wrote:
> >
> > I have run QPID Broker-J 9.0 on openjdk17 for mac as well as temurin17
> for
> > linux. in both when i try to AutoGenerate a keystore with self signed
> cert
> > i get the following error:
> >
> > org.apache.qpid.server.configuration.IllegalConfigurationException:
> > Unable to construct keystore
> >     at
> org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.generatePrivateKeyAndCertificate(AutoGeneratedSelfSignedKeyStoreImpl.java:296)
> >     at
> org.apache.qpid.server.security.AutoGeneratedSelfSignedKeyStoreImpl.postResolve(AutoGeneratedSelfSignedKeyStoreImpl.java:169)
> >     ...
> >
> > Caused by: java.lang.IllegalAccessException: class
> > org.apache.qpid.server.transport.network.security.ssl.SSLUtil cannot
> > access class sun.security.tools.keytool.CertAndKeyGen (in module
> > java.base) because module java.base does not export
> > sun.security.tools.keytool to unnamed module @6b37576e
> >     at
> java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Unknown
> > Source)
> >     at java.base/java.lang.reflect.AccessibleObject.checkAccess(Unknown
> Source)
> >    ...
> >
> >
> > now i think i can start java with some flags to make some necessary
> > classes available however i feel like this behavior is likely
> > unintended.
> >
> > should users of Broker-J be expected to add runtime arguments to their
> > java process to generate the keystore? or is there some other config I
> > need for this to work? or is this an issue i should log in Jira?
> >
> >
> > in Java11 this works great.
>

Reply via email to