From be4ebf811124e775e2f4bc49713782aaf4d96717 Mon Sep 17 00:00:00 2001 From: Georgios Andrianakis Date: Wed, 10 Jun 2020 15:58:54 +0300 Subject: [PATCH] Bring generated main in line with how GraalVM handles javax.net.ssl.trustStore --- .../SslTrustStoreSystemPropertyBuildItem.java | 16 ---------- .../deployment/steps/MainClassBuildStep.java | 32 +++++++++---------- .../steps/NativeImageConfigBuildStep.java | 22 +------------ 3 files changed, 17 insertions(+), 53 deletions(-) delete mode 100644 core/deployment/src/main/java/io/quarkus/deployment/builditem/SslTrustStoreSystemPropertyBuildItem.java diff --git a/core/deployment/src/main/java/io/quarkus/deployment/builditem/SslTrustStoreSystemPropertyBuildItem.java b/core/deployment/src/main/java/io/quarkus/deployment/builditem/SslTrustStoreSystemPropertyBuildItem.java deleted file mode 100644 index 532e570a8c849..0000000000000 --- a/core/deployment/src/main/java/io/quarkus/deployment/builditem/SslTrustStoreSystemPropertyBuildItem.java +++ /dev/null @@ -1,16 +0,0 @@ -package io.quarkus.deployment.builditem; - -import io.quarkus.builder.item.SimpleBuildItem; - -public final class SslTrustStoreSystemPropertyBuildItem extends SimpleBuildItem { - - private final String path; - - public SslTrustStoreSystemPropertyBuildItem(String path) { - this.path = path; - } - - public String getPath() { - return path; - } -} diff --git a/core/deployment/src/main/java/io/quarkus/deployment/steps/MainClassBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/steps/MainClassBuildStep.java index c35928cf1af9b..d66eb68ebdd5d 100644 --- a/core/deployment/src/main/java/io/quarkus/deployment/steps/MainClassBuildStep.java +++ b/core/deployment/src/main/java/io/quarkus/deployment/steps/MainClassBuildStep.java @@ -43,7 +43,6 @@ import io.quarkus.deployment.builditem.MainClassBuildItem; import io.quarkus.deployment.builditem.ObjectSubstitutionBuildItem; import io.quarkus.deployment.builditem.QuarkusApplicationClassBuildItem; -import io.quarkus.deployment.builditem.SslTrustStoreSystemPropertyBuildItem; import io.quarkus.deployment.builditem.StaticBytecodeRecorderBuildItem; import io.quarkus.deployment.builditem.SystemPropertyBuildItem; import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem; @@ -87,7 +86,6 @@ void build(List staticInitTasks, List mainMethod, List properties, List javaLibraryPathAdditionalPaths, - Optional sslTrustStoreSystemProperty, List features, BuildProducer appClassNameProducer, List loaders, @@ -184,20 +182,22 @@ void build(List staticInitTasks, mv.invokeVirtualMethod(ofMethod(StringBuilder.class, "toString", String.class), javaLibraryPath)); } - if (sslTrustStoreSystemProperty.isPresent()) { - ResultHandle alreadySetTrustStore = mv.invokeStaticMethod( - ofMethod(System.class, "getProperty", String.class, String.class), - mv.load(JAVAX_NET_SSL_TRUST_STORE)); - - BytecodeCreator inGraalVMCode = mv - .ifNonZero(mv.invokeStaticMethod(ofMethod(ImageInfo.class, "inImageRuntimeCode", boolean.class))) - .trueBranch(); - - inGraalVMCode.ifNull(alreadySetTrustStore).trueBranch().invokeStaticMethod( - ofMethod(System.class, "setProperty", String.class, String.class, String.class), - inGraalVMCode.load(JAVAX_NET_SSL_TRUST_STORE), - inGraalVMCode.load(sslTrustStoreSystemProperty.get().getPath())); - } + // GraalVM bakes the backing classes of the TrustStore into the the native binary, + // so we need to warn users trying to set the property + ResultHandle trustStoreSystemProp = mv.invokeStaticMethod( + ofMethod(System.class, "getProperty", String.class, String.class), + mv.load(JAVAX_NET_SSL_TRUST_STORE)); + + BytecodeCreator inGraalVMCode = mv + .ifNonZero(mv.invokeStaticMethod(ofMethod(ImageInfo.class, "inImageRuntimeCode", boolean.class))) + .trueBranch(); + + BytecodeCreator inGraalVMCodeAndTrustStoreSet = inGraalVMCode.ifNull(trustStoreSystemProp).falseBranch(); + inGraalVMCodeAndTrustStoreSet.invokeVirtualMethod( + ofMethod(Logger.class, "warn", void.class, Object.class), + inGraalVMCodeAndTrustStoreSet.readStaticField(logField.getFieldDescriptor()), + inGraalVMCodeAndTrustStoreSet.load("Setting the '" + JAVAX_NET_SSL_TRUST_STORE + + "' system property will not have any effect at runtime. Make sure to set this property at build time (for example by setting 'quarkus.native.additional-build-args=-J-Djavax.net.ssl.trustStore=/some/path').")); mv.invokeStaticMethod(ofMethod(Timing.class, "mainStarted", void.class)); startupContext = mv.readStaticField(scField.getFieldDescriptor()); diff --git a/core/deployment/src/main/java/io/quarkus/deployment/steps/NativeImageConfigBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/steps/NativeImageConfigBuildStep.java index 7fac0136c6b85..74bd913c1eb8c 100644 --- a/core/deployment/src/main/java/io/quarkus/deployment/steps/NativeImageConfigBuildStep.java +++ b/core/deployment/src/main/java/io/quarkus/deployment/steps/NativeImageConfigBuildStep.java @@ -1,8 +1,5 @@ package io.quarkus.deployment.steps; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -20,7 +17,6 @@ import io.quarkus.deployment.builditem.NativeImageEnableAllCharsetsBuildItem; import io.quarkus.deployment.builditem.NativeImageEnableAllTimeZonesBuildItem; import io.quarkus.deployment.builditem.SslNativeConfigBuildItem; -import io.quarkus.deployment.builditem.SslTrustStoreSystemPropertyBuildItem; import io.quarkus.deployment.builditem.SystemPropertyBuildItem; import io.quarkus.deployment.builditem.nativeimage.NativeImageConfigBuildItem; import io.quarkus.deployment.builditem.nativeimage.NativeImageProxyDefinitionBuildItem; @@ -51,8 +47,7 @@ void build(SslContextConfigurationRecorder sslContextConfigurationRecorder, BuildProducer runtimeReinit, BuildProducer nativeImage, BuildProducer systemProperty, - BuildProducer javaLibraryPathAdditionalPath, - BuildProducer sslTrustStoreSystemProperty) { + BuildProducer javaLibraryPathAdditionalPath) { for (NativeImageConfigBuildItem nativeImageConfigBuildItem : nativeImageConfigBuildItems) { for (String i : nativeImageConfigBuildItem.getRuntimeInitializedClasses()) { runtimeInit.produce(new RuntimeInitializedClassBuildItem(i)); @@ -76,21 +71,6 @@ void build(SslContextConfigurationRecorder sslContextConfigurationRecorder, sslContextConfigurationRecorder.setSslNativeEnabled(!sslNativeConfig.isExplicitlyDisabled()); Boolean sslNativeEnabled = isSslNativeEnabled(sslNativeConfig, extensionSslNativeSupport); - if (sslNativeEnabled) { - // This makes the native image dependent on the local path used to build it. - // This is useful for testing but the user will have to override it. - String graalVmHome = System.getenv("GRAALVM_HOME"); - if (graalVmHome != null) { - // JDK 8 path - Path graalVmCacertsPath = Paths.get(graalVmHome, "jre", "lib", "security", "cacerts"); - if (!Files.exists(graalVmCacertsPath)) { - // Path starting with GraalVM JDK 11 - graalVmCacertsPath = Paths.get(graalVmHome, "lib", "security", "cacerts"); - } - - sslTrustStoreSystemProperty.produce(new SslTrustStoreSystemPropertyBuildItem(graalVmCacertsPath.toString())); - } - } nativeImage.produce(new NativeImageSystemPropertyBuildItem("quarkus.ssl.native", sslNativeEnabled.toString())); if (!enableAllSecurityServicesBuildItems.isEmpty()) {