[quarkus-main]crypto test failure in native mode

[ffang]

Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved method during parsing: org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getPublicKeyData(). To diagnose the issue you can use the --allow-incomplete-classpath option. The missing method is then reported at run time when it is accessed the first time.
Detailed message:
Trace: 
	at parsing org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(Unknown Source)
Call path from entry point to org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(PGPPublicKey, byte[]): 
	at org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(Unknown Source)
	at org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator.generate(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.marshal(PGPKeyAccessDataFormat.java:239)
	at com.oracle.svm.reflect.PGPKeyAccessDataFormat_marshal_f535eafffea22b513073d7635a1591138d6c4506_654.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Method.java:566)
	at javax.xml.transform.TransformerException.printStackTrace(TransformerException.java:345)
	at javax.xml.transform.TransformerException.printStackTrace(TransformerException.java:285)
	at com.oracle.svm.jni.functions.JNIFunctions.ExceptionDescribe(JNIFunctions.java:777)
	at com.oracle.svm.core.code.IsolateEnterStub.JNIFunctions_ExceptionDescribe_b5412f7570bccae90b000bc37855f00408b2ad73(generated:0)

com.oracle.svm.core.util.UserError$UserException: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved method during parsing: org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getPublicKeyData(). To diagnose the issue you can use the --allow-incomplete-classpath option. The missing method is then reported at run time when it is accessed the first time.
Detailed message:
Trace: 
	at parsing org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(Unknown Source)
Call path from entry point to org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(PGPPublicKey, byte[]): 
	at org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(Unknown Source)
	at org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator.generate(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.marshal(PGPKeyAccessDataFormat.java:239)
	at com.oracle.svm.reflect.PGPKeyAccessDataFormat_marshal_f535eafffea22b513073d7635a1591138d6c4506_654.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Method.java:566)
	at javax.xml.transform.TransformerException.printStackTrace(TransformerException.java:345)
	at javax.xml.transform.TransformerException.printStackTrace(TransformerException.java:285)
	at com.oracle.svm.jni.functions.JNIFunctions.ExceptionDescribe(JNIFunctions.java:777)
	at com.oracle.svm.core.code.IsolateEnterStub.JNIFunctions_ExceptionDescribe_b5412f7570bccae90b000bc37855f00408b2ad73(generated:0)

	at com.oracle.svm.core.util.UserError.abort(UserError.java:82)
	at com.oracle.svm.hosted.FallbackFeature.reportAsFallback(FallbackFeature.java:233)
	at com.oracle.svm.hosted.NativeImageGenerator.runPointsToAnalysis(NativeImageGenerator.java:764)
	at com.oracle.svm.hosted.NativeImageGenerator.doRun(NativeImageGenerator.java:532)
	at com.oracle.svm.hosted.NativeImageGenerator.run(NativeImageGenerator.java:491)
	at com.oracle.svm.hosted.NativeImageGeneratorRunner.buildImage(NativeImageGeneratorRunner.java:380)
	at com.oracle.svm.hosted.NativeImageGeneratorRunner.build(NativeImageGeneratorRunner.java:543)
	at com.oracle.svm.hosted.NativeImageGeneratorRunner.main(NativeImageGeneratorRunner.java:119)
	at com.oracle.svm.hosted.NativeImageGeneratorRunner$JDK9Plus.main(NativeImageGeneratorRunner.java:573)
Caused by: com.oracle.graal.pointsto.constraints.UnsupportedFeatureException: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved method during parsing: org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getPublicKeyData(). To diagnose the issue you can use the --allow-incomplete-classpath option. The missing method is then reported at run time when it is accessed the first time.
Detailed message:
Trace: 
	at parsing org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(Unknown Source)
Call path from entry point to org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(PGPPublicKey, byte[]): 
	at org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator.encryptSessionInfo(Unknown Source)
	at org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator.generate(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.marshal(PGPKeyAccessDataFormat.java:239)
	at com.oracle.svm.reflect.PGPKeyAccessDataFormat_marshal_f535eafffea22b513073d7635a1591138d6c4506_654.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Method.java:566)
	at javax.xml.transform.TransformerException.printStackTrace(TransformerException.java:345)
	at javax.xml.transform.TransformerException.printStackTrace(TransformerException.java:285)
	at com.oracle.svm.jni.functions.JNIFunctions.ExceptionDescribe(JNIFunctions.java:777)
	at com.oracle.svm.core.code.IsolateEnterStub.JNIFunctions_ExceptionDescribe_b5412f7570bccae90b000bc37855f00408b2ad73(generated:0)

	at com.oracle.graal.pointsto.constraints.UnsupportedFeatures.report(UnsupportedFeatures.java:126)
	at com.oracle.svm.hosted.NativeImageGenerator.runPointsToAnalysis(NativeImageGenerator.java:761)
	... 6 more
Caused by: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved method during parsing: org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getPublicKeyData(). To diagnose the issue you can use the --allow-incomplete-classpath option. The missing method is then reported at run time when it is accessed the first time.
	at com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.reportUnresolvedElement(SharedGraphBuilderPhase.java:311)
	at com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.handleUnresolvedMethod(SharedGraphBuilderPhase.java:302)
	at com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.handleUnresolvedInvoke(SharedGraphBuilderPhase.java:256)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.genInvokeVirtual(BytecodeParser.java:1699)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.processBytecode(BytecodeParser.java:5371)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.iterateBytecodesForBlock(BytecodeParser.java:3431)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.handleBytecodeBlock(BytecodeParser.java:3391)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.processBlock(BytecodeParser.java:3236)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.build(BytecodeParser.java:1122)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.buildRootMethod(BytecodeParser.java:1007)
	at jdk.internal.vm.compiler/org.graalvm.compiler.java.GraphBuilderPhase$Instance.run(GraphBuilderPhase.java:84)
	at com.oracle.svm.hosted.phases.SharedGraphBuilderPhase.run(SharedGraphBuilderPhase.java:81)
	at jdk.internal.vm.compiler/org.graalvm.compiler.phases.Phase.run(Phase.java:49)
	at jdk.internal.vm.compiler/org.graalvm.compiler.phases.BasePhase.apply(BasePhase.java:212)
	at jdk.internal.vm.compiler/org.graalvm.compiler.phases.Phase.apply(Phase.java:42)
	at jdk.internal.vm.compiler/org.graalvm.compiler.phases.Phase.apply(Phase.java:38)
	at com.oracle.graal.pointsto.flow.AnalysisParsedGraph.parseBytecode(AnalysisParsedGraph.java:131)
	at com.oracle.svm.hosted.SVMHost.parseBytecode(SVMHost.java:709)
	at com.oracle.graal.pointsto.meta.AnalysisMethod.ensureGraphParsed(AnalysisMethod.java:605)
	at com.oracle.graal.pointsto.flow.MethodTypeFlowBuilder.parse(MethodTypeFlowBuilder.java:163)
	at com.oracle.graal.pointsto.flow.MethodTypeFlowBuilder.apply(MethodTypeFlowBuilder.java:321)
	at com.oracle.graal.pointsto.flow.MethodTypeFlow.createTypeFlow(MethodTypeFlow.java:293)
	at com.oracle.graal.pointsto.flow.MethodTypeFlow.ensureTypeFlowCreated(MethodTypeFlow.java:282)
	at com.oracle.graal.pointsto.flow.MethodTypeFlow.addContext(MethodTypeFlow.java:103)
	at com.oracle.graal.pointsto.DefaultAnalysisPolicy$DefaultVirtualInvokeTypeFlow.onObservedUpdate(DefaultAnalysisPolicy.java:222)
	at com.oracle.graal.pointsto.flow.TypeFlow.notifyObservers(TypeFlow.java:471)
	at com.oracle.graal.pointsto.flow.TypeFlow.update(TypeFlow.java:540)
	at com.oracle.graal.pointsto.BigBang$2.run(BigBang.java:539)
	at com.oracle.graal.pointsto.util.CompletionExecutor.executeCommand(CompletionExecutor.java:188)
	at com.oracle.graal.pointsto.util.CompletionExecutor.lambda$executeService$0(CompletionExecutor.java:172)
	at java.base/java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1426)
	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
	at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
	at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
	at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
	at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)

This happens on both JDK17 and JDK11. Probably is caused by camel-crypto and quarkus now use different bouncycastle version(1.69 VS 1.70)

[ffang]

Verified this is the bouncycastle version mismatch between camel/camel-quarkus/quarkus.
CAMEL-17360 addresses this on camel side. We also need to upgrade the bouncycastle version in camel-quarkus project to 1.70

[zbendhiba]

the commit has been squashed in quarkus-main : cf . 3c125ca

And I pushed this fix: #3412

I'm not sure on which branch this was happening for you ? And right now I'm still syncing quarkus-main and camel-main, working on failures since updating to latest main.

FYI, the bouncycastle.version is upgraded automatically when we do mvn cq:sync-versions -N while maintaining quarkus-main. And this is squashed with the Upgrade of Quarkus version, as it is part of the Quarkus bom version upgrade. So there is no need to push a PR for this.

[ffang]

Thanks @zbendhiba! And I ran into this conflict on quarkus-main branch(quarkus upgraded to use bouncycastle 1.70 very recently)

Actually I found more CQ components are affected by this because they still depend on BC 1.69

pulsar, and we need change like

--- a/extensions-jvm/pulsar/runtime/pom.xml
+++ b/extensions-jvm/pulsar/runtime/pom.xml
@@ -59,12 +59,20 @@
                     <groupId>com.sun.activation</groupId>
                     <artifactId>javax.activation</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcutil-jdk15on</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
             <groupId>com.sun.activation</groupId>
             <artifactId>jakarta.activation</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcutil-jdk15on</artifactId>
+        </dependency>
     </dependencies>

and tika, we need change like

diff --git a/extensions/tika/runtime/pom.xml b/extensions/tika/runtime/pom.xml
index aa3788872..749617f8d 100644
--- a/extensions/tika/runtime/pom.xml
+++ b/extensions/tika/runtime/pom.xml
@@ -73,6 +73,16 @@
         <dependency>
             <groupId>io.quarkiverse.tika</groupId>
             <artifactId>quarkus-tika</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcmail-jdk15on</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcmail-jdk15on</artifactId>
         </dependency>
     </dependencies>

Also we need to add bcmail-jdk15on and bcutil-jdk15on to the dependency management

--- a/poms/bom/pom.xml
+++ b/poms/bom/pom.xml
@@ -6145,6 +6145,16 @@
                 <artifactId>bcpg-jdk15on</artifactId>
                 <version>${bouncycastle.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcmail-jdk15on</artifactId>
+                <version>${bouncycastle.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcutil-jdk15on</artifactId>
+                <version>${bouncycastle.version}</version>
+            </dependency>

to get it work again

[jamesnetherton]

Seems there's now a new error:

Caused by: com.oracle.svm.core.jdk.UnsupportedFeatureError: Trying to verify a provider that was not registered at build time: BC version 1.7. All providers must be registered and verified in the Native Image builder. 
	at com.oracle.svm.core.util.VMError.unsupportedFeature(VMError.java:87)
	at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:367)
	at javax.crypto.Cipher.getInstance(Cipher.java:690)
	at javax.crypto.Cipher.getInstance(Cipher.java:625)
	at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createCipher(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createCipher(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createStreamCipher(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder$MyPGPDataEncryptor.<init>(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder.build(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
	at org.apache.camel.converter.crypto.PGPKeyAccessDataFormat.marshal(PGPKeyAccessDataFormat.java:239)
	at org.apache.camel.support.processor.MarshalProcessor.process(MarshalProcessor.java:64)
	... 44 more

https://github.com/apache/camel-quarkus/runs/4771122780?check_suite_focus=true

[ffang]

@jamesnetherton hmm, somehow I can't reproduce this locally on quarkus-main branch(No this error with both JDK11 and JDK17 )

[jamesnetherton]

Hmm the problem seems to pop up at random. Sometimes the native itests work fine. Other times it complains that the provider was not registered....

[jamesnetherton]

Issues seem to be resolved now.