https://linen.dev logo
#help
Title
# help
l

Leonardo

10/13/2023, 2:05 PM
Hi all, I am getting this error when enabling the forward proxy on mac via java standalone on mac OS. The certificate looks installed and trusted on the keychain access, what might be the issue?
Copy code
Dynamic certificate generation is not supported because certificates cannot be generated; perhaps the sun internal classes are not available?
t

Tom

10/13/2023, 2:29 PM
Hi Leonardo, you need 2 things to make this work: 1. Java 17+ 2.
--add-exports=java.base/sun.security.x509=ALL-UNNAMED
on JVM startup
l

Leonardo

10/13/2023, 2:41 PM
thanks Tom, sorry you mean like this?
Copy code
java --add-exports=java.base/sun.security.x509=ALL-UNNAMED -jar wiremock-standalone-3.2.0.jar --enable-browser-proxying --port 9999 --trust-all-proxy-targets
I am getting the same error.. and I am running java 20.0.1
t

Tom

10/13/2023, 6:07 PM
I would have expected that to work, although I’ve not tried it on Java 20
l

Leonardo

10/16/2023, 7:21 AM
java 17 seems to work fine actually
t

Tom

10/16/2023, 8:54 AM
OK, I guess there are different parameters that need to be set on Java 20. @Rob Elliot I don’t suppose you happen to know what this should be?
r

Rob Elliot

10/16/2023, 9:13 AM
Just looked into it -
java.lang.NoSuchMethodError: 'void sun.security.x509.CertificateExtensions.set(java.lang.String, java.lang.Object)
Don't know if we can work round it, but it might be an indicator that we should abandon using the
sun.security.x509
package...
t

Tom

10/16/2023, 9:15 AM
Hmmm…yeah, it’s looking like that might be necessary.
r

Rob Elliot

10/16/2023, 9:15 AM
Looks like it has been replaced by
public void setExtension(String name, Extension ext)
t

Tom

10/16/2023, 9:16 AM
Can we do something horrible with reflection in the interim?
Long term, I still quite like the idea of creating a separate certificate authority library with BouncyCastle, ProGuarding it down to a sensible size and then using that. But that sounds like quite a bit of work.
r

Rob Elliot

10/16/2023, 9:18 AM
If we could persuade it to compile, this monstrosity would work:
Copy code
SubjectAlternativeNameExtension subjectAlternativeNameExtension = new SubjectAlternativeNameExtension(names);
try {
  extensions.set(SubjectAlternativeNameExtension.NAME, subjectAlternativeNameExtension);
} catch (NoSuchMethodError ignored) {
  extensions.setExtension(SubjectAlternativeNameExtension.NAME, subjectAlternativeNameExtension);
}
Would probably need reflection though
t

Tom

10/16/2023, 9:18 AM
I was thinking that - not sure there’d be any way to get it to compile.
r

Rob Elliot

10/16/2023, 9:30 AM
Ugh, there are more removed methods
t

Tom

10/16/2023, 9:30 AM
😬
r

Rob Elliot

10/16/2023, 9:33 AM
X509CertInfo.set(String name, Object val)
has become a whole bunch of named methods -
setVersion
,
setSubject
etc