Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warning: Problem with Java 9, 10 #161

Closed
lberoiza opened this issue May 3, 2018 · 15 comments
Closed

Warning: Problem with Java 9, 10 #161

lberoiza opened this issue May 3, 2018 · 15 comments

Comments

@lberoiza
Copy link

lberoiza commented May 3, 2018

There are warnings by using Java9 or Java10

WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/home/amos/Amos/Project_Russia/common/smile/rvm/rubies/jruby-9.1.17.0/lib/ruby/stdlib/jopenssl.jar) to constructor java.security.cert.CertificateFactory(java.security.cert.CertificateFactorySpi,java.security.Provider,java.lang.String)
at org.jruby.ext.openssl.SecurityHelper.newInstance(SecurityHelper.java:794)
at org.jruby.ext.openssl.SecurityHelper.getCertificateFactory(SecurityHelper.java:249)
at org.jruby.ext.openssl.SecurityHelper.(SecurityHelper.java:152)
at org.jruby.ext.openssl.OpenSSL.createOpenSSL(OpenSSL.java:57)
at org.jruby.ext.openssl.OpenSSL.load(OpenSSL.java:49)
at org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:453)
at org.jruby.javasupport.JavaMethod.invokeStaticDirect(JavaMethod.java:365)
at org.jruby.java.invokers.StaticMethodInvoker.call(StaticMethodInvoker.java:47)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:318)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:155)
at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:315)
at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:107)
at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:94)
at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:34)
at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
at org.jruby.Ruby.runInterpreter(Ruby.java:842)
at org.jruby.Ruby.loadFile(Ruby.java:2903)
at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:243)
at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:891)
at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:531)
at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
at org.jruby.RubyKernel.requireCommon(RubyKernel.java:963)
at org.jruby.RubyKernel.require19(RubyKernel.java:956)
at org.jruby.RubyKernel$INVOKER$s$1$0$require19.call(RubyKernel$INVOKER$s$1$0$require19.gen)
at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:398)
at org.jruby.internal.runtime.methods.AliasMethod.call(AliasMethod.java:61)
at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:318)
at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:155)
at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:315)
at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
@lberoiza lberoiza mentioned this issue May 3, 2018
Closed
@deivid-rodriguez
Copy link
Contributor

Not sure if this is the same issue, but I'm getting this warnings when running rubocop tests under jruby. It does not affect the sucessful outcome of the specs, but since the warnings tell me to report them, I'm doing it!

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/home/deivid/.rbenv/versions/jruby-9.2.0.0/lib/ruby/stdlib/jopenssl.jar) to constructor java.security.cert.CertificateFactory(java.security.cert.CertificateFactorySpi,java.security.Provider,java.lang.String)
WARNING: Please consider reporting this to the maintainers of org.jruby.ext.openssl.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

$ java --version
openjdk 10.0.2 2018-07-17
OpenJDK Runtime Environment (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.3)
OpenJDK 64-Bit Server VM (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.3, mixed mode)

@deivid-rodriguez
Copy link
Contributor

Same thing when installing bundler on a clean install of jruby-9.2.4.0

$ gem install bundler
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/home/deivid/.rbenv/versions/jruby-9.2.4.0/lib/ruby/stdlib/jopenssl.jar) to constructor java.security.cert.CertificateFactory(java.security.cert.CertificateFactorySpi,java.security.Provider,java.lang.String)
WARNING: Please consider reporting this to the maintainers of org.jruby.ext.openssl.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Fetching: bundler-1.17.1.gem (100%)
Successfully installed bundler-1.17.1
1 gem installed

@topofocus
Copy link

same here after a fresh install of jruby

jruby -v
jruby 9.2.6.0 (2.5.3) 2019-02-11 15ba00b Java HotSpot(TM) 64-Bit Server VM 11.0.2+9-LTS on 11.0.2+9-LTS +jit [linux-x86_64]

delta:~/workspace/orientdb-jruby$ bundle exec guard init rspec
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.util.SecurityHelper to field java.lang.reflect.Field.modifiers
WARNING: Please consider reporting this to the maintainers of org.jruby.util.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.util.SecurityHelper to field java.lang.reflect.Field.modifiers

@kedare
Copy link

kedare commented May 6, 2019

Same issue with Java 11

@headius
Copy link
Member

headius commented Jul 2, 2019

Bump...need to address this.

@headius
Copy link
Member

headius commented Feb 18, 2020

Updated partial traces from running bundler and rails on Java 13:

WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/Users/headius/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.61/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
	at org.bouncycastle.jcajce.provider.drbg.DRBG.findSource(Unknown Source)
	at org.bouncycastle.jcajce.provider.drbg.DRBG.<clinit>(Unknown Source)
	at org.bouncycastle.jcajce.provider.drbg.DRBG$Mappings.configure(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
	at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:166)
	at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:404)
	at java.base/java.lang.Class.newInstance(Class.java:591)
	at org.jruby.ext.openssl.SecurityHelper.newBouncyCastleProvider(SecurityHelper.java:215)
	at org.jruby.ext.openssl.SecurityHelper.setBouncyCastleProvider(SecurityHelper.java:208)
	at org.jruby.ext.openssl.SecurityHelper.getSecurityProvider(SecurityHelper.java:141)
	at org.jruby.ext.openssl.SecurityHelper.<clinit>(SecurityHelper.java:177)
	at org.jruby.ext.openssl.OpenSSL.createOpenSSL(OpenSSL.java:56)
	at org.jruby.ext.openssl.OpenSSL.load(OpenSSL.java:48)

WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/Users/headius/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.61/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.SecureRandom()
	at org.bouncycastle.jcajce.provider.drbg.DRBG.findSource(Unknown Source)
	at org.bouncycastle.jcajce.provider.drbg.DRBG.<clinit>(Unknown Source)
	at org.bouncycastle.jcajce.provider.drbg.DRBG$Mappings.configure(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source)
	at org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
	at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
	at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:166)
	at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:404)
	at java.base/java.lang.Class.newInstance(Class.java:591)
	at org.jruby.ext.openssl.SecurityHelper.newBouncyCastleProvider(SecurityHelper.java:215)
	at org.jruby.ext.openssl.SecurityHelper.setBouncyCastleProvider(SecurityHelper.java:208)
	at org.jruby.ext.openssl.SecurityHelper.getSecurityProvider(SecurityHelper.java:141)
	at org.jruby.ext.openssl.SecurityHelper.<clinit>(SecurityHelper.java:177)
	at org.jruby.ext.openssl.OpenSSL.createOpenSSL(OpenSSL.java:56)
	at org.jruby.ext.openssl.OpenSSL.load(OpenSSL.java:48)

WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/Users/headius/projects/jruby/lib/ruby/stdlib/jopenssl.jar) to constructor java.security.cert.CertificateFactory(java.security.cert.CertificateFactorySpi,java.security.Provider,java.lang.String)
	at org.jruby.ext.openssl.SecurityHelper.newInstance(SecurityHelper.java:824)
	at org.jruby.ext.openssl.SecurityHelper.getCertificateFactory(SecurityHelper.java:269)
	at org.jruby.ext.openssl.SecurityHelper.<clinit>(SecurityHelper.java:182)
	at org.jruby.ext.openssl.OpenSSL.createOpenSSL(OpenSSL.java:56)
	at org.jruby.ext.openssl.OpenSSL.load(OpenSSL.java:48)

The following JAVA_OPTS can eliminate all three, but we'll need to get a module set up for the jruby-openssl extension to do this properly:

JAVA_OPTS=--add-opens java.base/java.security=ALL-UNNAMED --add-opens java.base/java.security.cert=ALL-UNNAMED --add-opens java.base/sun.security.provider=ALL-UNNAMED

@headius
Copy link
Member

headius commented Feb 18, 2020
edited
Loading

The invasive access from within SecurityHelper might be patched by just using normal SPI mechanism to create the BC certificate factory. That factory is located at org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.class

Here's an untested patch:

diff --git a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
index 0bc3f8e..236cbba 100644
--- a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
+++ b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
@@ -266,10 +267,14 @@ public abstract class SecurityHelper {
         throws CertificateException {
         final CertificateFactorySpi spi = (CertificateFactorySpi) getImplEngine("CertificateFactory", type);
         if ( spi == null ) throw new CertificateException(type + " not found");
-        return newInstance(CertificateFactory.class,
-                new Class[]{ CertificateFactorySpi.class, Provider.class, String.class },
-                new Object[]{ spi, provider, type }
-        );
+        return CertificateFactory.getInstance(type, provider);
     }
 
     /**

headius added a commit that referenced this issue Feb 18, 2020
@headius
Use CertificateFactory.getInstance rather than reflection
3fcb433 
Perhaps this method was not accessible before, but it is now and
this change eliminates one of the module warnings we have been
seeing in #161.
@headius
Copy link
Member

headius commented Feb 18, 2020

Modified my patch above to reflect what actually worked. @kares is testing and releasing now.

The other warnings will have to wait until JRuby 9.3 properly handles modules in jars rather than loading them directly into classpath.

@headius
Copy link
Member

headius commented Feb 18, 2020

0.10.4 has been released (thanks @kares) with the SecurityHelper warning fixed.

@donv
Copy link
Member

donv commented Mar 30, 2020

Did this change actually make it into JRuby? JRuby 9.2.11.1 still gives the warning:

Illegal reflective access by org.jruby.ext.openssl.SecurityHelper

@deivid-rodriguez
Copy link
Contributor

I think it might be the issue fixed by the last commit in the master branch of this repo?

@headius
Copy link
Member

headius commented Mar 31, 2020

I think it might be the issue fixed by the last commit in the master branch of this repo?

Most likely. I'm not aware of other warnings coming from jruby-openssl (master) at this time, but I think we need a release of the gem to pick up the latest fix.

@headius headius closed this as completed Mar 31, 2020
@donv
Copy link
Member

donv commented Jul 31, 2020

This is still happening with JRuby 9.2.12.0 + jruby-openssl 0.10.4

@donv
Copy link
Member

donv commented Sep 23, 2020

This is still happening with JRuby 9.2.13.0 + jruby-openssl 0.10.4

@deivid-rodriguez
Copy link
Contributor

As pointed out by @headius three comments ago, this probably just needs a jruby-openssl release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@headius @donv @topofocus @kedare @deivid-rodriguez @lberoiza