Bring generated main in line with how GraalVM handles javax.net.ssl.t…

…rustStore
quarkusio · Jun 10, 2020 · be4ebf8 · be4ebf8
1 parent 2b4c90c
commit be4ebf8
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 53 deletions.
diff --git a/...t/src/main/java/io/quarkus/deployment/builditem/SslTrustStoreSystemPropertyBuildItem.java b/...t/src/main/java/io/quarkus/deployment/builditem/SslTrustStoreSystemPropertyBuildItem.java
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/steps/MainClassBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/steps/MainClassBuildStep.java
@@ -43,7 +43,6 @@
 import io.quarkus.deployment.builditem.MainClassBuildItem;
 import io.quarkus.deployment.builditem.ObjectSubstitutionBuildItem;
 import io.quarkus.deployment.builditem.QuarkusApplicationClassBuildItem;
-import io.quarkus.deployment.builditem.SslTrustStoreSystemPropertyBuildItem;
 import io.quarkus.deployment.builditem.StaticBytecodeRecorderBuildItem;
 import io.quarkus.deployment.builditem.SystemPropertyBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
@@ -87,7 +86,6 @@ void build(List<StaticBytecodeRecorderBuildItem> staticInitTasks,
             List<MainBytecodeRecorderBuildItem> mainMethod,
             List<SystemPropertyBuildItem> properties,
             List<JavaLibraryPathAdditionalPathBuildItem> javaLibraryPathAdditionalPaths,
-            Optional<SslTrustStoreSystemPropertyBuildItem> sslTrustStoreSystemProperty,
             List<FeatureBuildItem> features,
             BuildProducer<ApplicationClassNameBuildItem> appClassNameProducer,
             List<BytecodeRecorderObjectLoaderBuildItem> loaders,
@@ -184,20 +182,22 @@ void build(List<StaticBytecodeRecorderBuildItem> staticInitTasks,
                     mv.invokeVirtualMethod(ofMethod(StringBuilder.class, "toString", String.class), javaLibraryPath));
         }
 
-        if (sslTrustStoreSystemProperty.isPresent()) {
-            ResultHandle alreadySetTrustStore = mv.invokeStaticMethod(
-                    ofMethod(System.class, "getProperty", String.class, String.class),
-                    mv.load(JAVAX_NET_SSL_TRUST_STORE));
-
-            BytecodeCreator inGraalVMCode = mv
-                    .ifNonZero(mv.invokeStaticMethod(ofMethod(ImageInfo.class, "inImageRuntimeCode", boolean.class)))
-                    .trueBranch();
-
-            inGraalVMCode.ifNull(alreadySetTrustStore).trueBranch().invokeStaticMethod(
-                    ofMethod(System.class, "setProperty", String.class, String.class, String.class),
-                    inGraalVMCode.load(JAVAX_NET_SSL_TRUST_STORE),
-                    inGraalVMCode.load(sslTrustStoreSystemProperty.get().getPath()));
-        }
+        // GraalVM bakes the backing classes of the TrustStore into the the native binary,
+        // so we need to warn users trying to set the property
+        ResultHandle trustStoreSystemProp = mv.invokeStaticMethod(
+                ofMethod(System.class, "getProperty", String.class, String.class),
+                mv.load(JAVAX_NET_SSL_TRUST_STORE));
+
+        BytecodeCreator inGraalVMCode = mv
+                .ifNonZero(mv.invokeStaticMethod(ofMethod(ImageInfo.class, "inImageRuntimeCode", boolean.class)))
+                .trueBranch();
+
+        BytecodeCreator inGraalVMCodeAndTrustStoreSet = inGraalVMCode.ifNull(trustStoreSystemProp).falseBranch();
+        inGraalVMCodeAndTrustStoreSet.invokeVirtualMethod(
+                ofMethod(Logger.class, "warn", void.class, Object.class),
+                inGraalVMCodeAndTrustStoreSet.readStaticField(logField.getFieldDescriptor()),
+                inGraalVMCodeAndTrustStoreSet.load("Setting the '" + JAVAX_NET_SSL_TRUST_STORE
+                        + "' system property will not have any effect at runtime. Make sure to set this property at build time (for example by setting 'quarkus.native.additional-build-args=-J-Djavax.net.ssl.trustStore=/some/path')."));
 
         mv.invokeStaticMethod(ofMethod(Timing.class, "mainStarted", void.class));
         startupContext = mv.readStaticField(scField.getFieldDescriptor());

diff --git a/core/deployment/src/main/java/io/quarkus/deployment/steps/NativeImageConfigBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/steps/NativeImageConfigBuildStep.java
@@ -1,8 +1,5 @@
 package io.quarkus.deployment.steps;
 
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
@@ -20,7 +17,6 @@
 import io.quarkus.deployment.builditem.NativeImageEnableAllCharsetsBuildItem;
 import io.quarkus.deployment.builditem.NativeImageEnableAllTimeZonesBuildItem;
 import io.quarkus.deployment.builditem.SslNativeConfigBuildItem;
-import io.quarkus.deployment.builditem.SslTrustStoreSystemPropertyBuildItem;
 import io.quarkus.deployment.builditem.SystemPropertyBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageConfigBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageProxyDefinitionBuildItem;
@@ -51,8 +47,7 @@ void build(SslContextConfigurationRecorder sslContextConfigurationRecorder,
             BuildProducer<RuntimeReinitializedClassBuildItem> runtimeReinit,
             BuildProducer<NativeImageSystemPropertyBuildItem> nativeImage,
             BuildProducer<SystemPropertyBuildItem> systemProperty,
-            BuildProducer<JavaLibraryPathAdditionalPathBuildItem> javaLibraryPathAdditionalPath,
-            BuildProducer<SslTrustStoreSystemPropertyBuildItem> sslTrustStoreSystemProperty) {
+            BuildProducer<JavaLibraryPathAdditionalPathBuildItem> javaLibraryPathAdditionalPath) {
         for (NativeImageConfigBuildItem nativeImageConfigBuildItem : nativeImageConfigBuildItems) {
             for (String i : nativeImageConfigBuildItem.getRuntimeInitializedClasses()) {
                 runtimeInit.produce(new RuntimeInitializedClassBuildItem(i));
@@ -76,21 +71,6 @@ void build(SslContextConfigurationRecorder sslContextConfigurationRecorder,
         sslContextConfigurationRecorder.setSslNativeEnabled(!sslNativeConfig.isExplicitlyDisabled());
 
         Boolean sslNativeEnabled = isSslNativeEnabled(sslNativeConfig, extensionSslNativeSupport);
-        if (sslNativeEnabled) {
-            // This makes the native image dependent on the local path used to build it.
-            // This is useful for testing but the user will have to override it.
-            String graalVmHome = System.getenv("GRAALVM_HOME");
-            if (graalVmHome != null) {
-                // JDK 8 path
-                Path graalVmCacertsPath = Paths.get(graalVmHome, "jre", "lib", "security", "cacerts");
-                if (!Files.exists(graalVmCacertsPath)) {
-                    // Path starting with GraalVM JDK 11
-                    graalVmCacertsPath = Paths.get(graalVmHome, "lib", "security", "cacerts");
-                }
-
-                sslTrustStoreSystemProperty.produce(new SslTrustStoreSystemPropertyBuildItem(graalVmCacertsPath.toString()));
-            }
-        }
         nativeImage.produce(new NativeImageSystemPropertyBuildItem("quarkus.ssl.native", sslNativeEnabled.toString()));
 
         if (!enableAllSecurityServicesBuildItems.isEmpty()) {