New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build on & fully support JDK 17 #1655
Comments
We need to be able to generate self signed TLS certificates on the fly for the HTTPS interception feature. Bouncy castle did indeed seem rather hefty, hence the decision to use the internal sun package. I am not aware of any alternative to bouncy castle, but I can't claim to have looked much recently. Other alternatives... we could call out to the keytool? Not sure how easy that will be... I note that our example script uses openssl rather than the keytool to create a certificate: In the absence of an alternative way to generate them:
|
We could certainly look into spinning it off - I don't think it's needed for anything other than HTTPS traffic proxying. |
Might be useful info on generating via keytool: |
Presumably by calling out to keytool you mean via a shell? If so, I'd worry a bit about OS foibles and ability to run on a minimal JRE. |
I've just run a standalone build (built with JDK11) on JDK17 without any changes or extra CLI flags and it worked OK. |
Yes, that was what I meant. I agree, not ideal.
Interesting - perhaps the classes don't load unless you are forward/browser proxying? I can't remember without digging in. |
Sorry, should have mentioned - I enabled browser proxying and downloaded (and checked) the CA cert. All worked fine. |
Just did likewise - it starts OK, but fails to proxy to an https website. Precisely the same commands work under Java 11. Stops working in Java 13 (haven't got Java 12 installed). No errors logged to the console. java -jar wiremock-jre8-standalone-2.31.0.jar --enable-browser-proxying curl -v -x localhost:8080 https://www.example.com/
|
Ah, I didn't try that bit. Strange that it generates the cert OK but fails on the actual proxying. |
I'm fairly sure it is the certificate generation that's causing the failure, using a debugger. So tentatively it looks like we're OK unless you are browser/forward proxying HTTPS? |
I'd forgotten that we cache the CA cert. As soon as I deleted my cached copy it failed to start, so that makes sense now at least. |
But only if you enable browser proxying, at least - it starts OK otherwise. So the damage is relatively limited. And we can fix it for anyone running standalone by adding the manifest entry, which just leaves people programatically starting WireMock with browser proxying. |
As far as I can tell, yes. And adding Long term, I'm starting to like @timtebeek's suggestion that we spin cert generation off into a library. We could possibly still use Bouncycastle, but shade and Proguard it to make it small. Unless there are new crypto APIs available in Java 11+ we could use instead? |
No, just the same old |
Raised #1665 |
It didn't work in our case. Is it because we are using testng? Or we need to wait for some changes merged to wiremock first? BTW we are using version jre8-2.31.0 now. |
@EmilyStacy can you post details so we can try to reproduce the error you're seeing? |
This is the dependency in our build.gradle: This is the test case setting with dependencies: ` import javax.ws.rs.client.Client; import org.mockito.Mockito; import com.github.tomakehurst.wiremock.WireMockServer; private WireMockServer mockServer; @BeforeClass @afterclass @test mockServer.stubFor(WireMock.patch(WireMock.urlEqualTo(uri.toString())) (some specific mocking for our logic) ` this is the read-only WiremockServer class: `/
Licensed under the Apache License, Version 2.0 (the "License"); http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software import com.github.tomakehurst.wiremock.admin.model.; import java.util.List; import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig; public class WireMockServer implements Container, Stubbing, Admin { private final WireMockApp wireMockApp;
enableBrowserProxying, ProxySettings proxySettings, Notifier notifier) {
} `/ Copyright (C) 2011 Thomas Akehurst Licensed under the Apache License, Version 2.0 (the "License"); import com.github.tomakehurst.wiremock.admin.model.ListStubMappingsResult; import java.io.File; import static com.github.tomakehurst.wiremock.matching.RequestPattern.thatMatch; public class WireMock {
} ` ` I tried to add args in gradle test task and it didn't work |
actually I forgot one part: in our logic we also used the following code to get the response |
Had a brief look at building on JDK 17, branched off the work Jamie's done for Gradle 7 in #1633.
It appears the use of
sun.security.x509
crypto is problematic on JDK 17.From what I can see this was mostly contributed mid last year by @Mahoney
Hoping he can advice on what's best to future proof this bit of code.
Bouncy castle seems rather hefty; perhaps we can spin this off into a separate extension?
The text was updated successfully, but these errors were encountered: