Hi all I am getting this error when enabling the forward pro WireMock #help

Hi all, I am getting this error when enabling the ...

Leonardo

10/13/2023, 2:05 PM

Hi all, I am getting this error when enabling the forward proxy on mac via java standalone on mac OS. The certificate looks installed and trusted on the keychain access, what might be the issue?

Copy code

Dynamic certificate generation is not supported because certificates cannot be generated; perhaps the sun internal classes are not available?

Tom

10/13/2023, 2:29 PM

Hi Leonardo, you need 2 things to make this work: 1. Java 17+ 2.

--add-exports=java.base/sun.security.x509=ALL-UNNAMED

on JVM startup

Leonardo

10/13/2023, 2:41 PM

thanks Tom, sorry you mean like this?

Copy code

java --add-exports=java.base/sun.security.x509=ALL-UNNAMED -jar wiremock-standalone-3.2.0.jar --enable-browser-proxying --port 9999 --trust-all-proxy-targets

I am getting the same error.. and I am running java 20.0.1

Tom

10/13/2023, 6:07 PM

I would have expected that to work, although I’ve not tried it on Java 20

Leonardo

10/16/2023, 7:21 AM

java 17 seems to work fine actually

Tom

10/16/2023, 8:54 AM

OK, I guess there are different parameters that need to be set on Java 20. @Rob Elliot I don’t suppose you happen to know what this should be?

Rob Elliot

10/16/2023, 9:13 AM

Just looked into it -

java.lang.NoSuchMethodError: 'void sun.security.x509.CertificateExtensions.set(java.lang.String, java.lang.Object)

Don't know if we can work round it, but it might be an indicator that we should abandon using the

sun.security.x509

package...

Tom

10/16/2023, 9:15 AM

Hmmm…yeah, it’s looking like that might be necessary.

Rob Elliot

10/16/2023, 9:15 AM

Looks like it has been replaced by

public void setExtension(String name, Extension ext)

Tom

10/16/2023, 9:16 AM

Can we do something horrible with reflection in the interim?

Tom

10/16/2023, 9:17 AM

Long term, I still quite like the idea of creating a separate certificate authority library with BouncyCastle, ProGuarding it down to a sensible size and then using that. But that sounds like quite a bit of work.

Rob Elliot

10/16/2023, 9:18 AM

If we could persuade it to compile, this monstrosity would work:

Copy code

SubjectAlternativeNameExtension subjectAlternativeNameExtension = new SubjectAlternativeNameExtension(names);
try {
  extensions.set(SubjectAlternativeNameExtension.NAME, subjectAlternativeNameExtension);
} catch (NoSuchMethodError ignored) {
  extensions.setExtension(SubjectAlternativeNameExtension.NAME, subjectAlternativeNameExtension);
}

Rob Elliot

10/16/2023, 9:18 AM

Would probably need reflection though

Tom

10/16/2023, 9:18 AM

I was thinking that - not sure there’d be any way to get it to compile.

Rob Elliot

10/16/2023, 9:30 AM

Ugh, there are more removed methods

Tom

10/16/2023, 9:30 AM

😬

Rob Elliot

10/16/2023, 9:33 AM

X509CertInfo.set(String name, Object val)

has become a whole bunch of named methods -

setVersion

setSubject

etc

3 Views

Open in Slack

Previous Next