🎄 Happy Holidays! 🥳

Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.

Happy Holidays!

Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.

Quarkus native and solace client issue

Hello,
I'm developing an application with Quarkus and Solace. Quarkus allows you to compile java to a native application.
Compilation is fine, but at runtime I have this issue:

2020-11-13 12:49:18,462 ERROR [io.qua.run.Application] (main) Failed to start application (with profile dev): java.io.FileNotFoundException: null/lib/security/cacerts (No such file or directory)
    at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VA_LIST:Ljava_io_FileNotFoundException_2_0002e_0003cinit_0003e_00028Ljava_lang_String_2Ljava_lang_String_2_00029V(JNIJavaCallWrappers.java:0)
    at java.io.FileInputStream.open0(FileInputStream.java)
    at java.io.FileInputStream.open(FileInputStream.java:219)
    at java.io.FileInputStream.<init>(FileInputStream.java:157)
    at java.io.FileInputStream.<init>(FileInputStream.java:112)
    at com.solacesystems.jcsmp.secure.SecureProperties.createKeyStore(SecureProperties.java:745)
    at com.solacesystems.jcsmp.secure.SecureProperties.loadTrustStore(SecureProperties.java:372)
    at com.solacesystems.jcsmp.JCSMPFactory.validate(JCSMPFactory.java:432)
    at com.solacesystems.jcsmp.JCSMPFactory.createSession(JCSMPFactory.java:163)
    at com.solacesystems.jcsmp.JCSMPFactory.createSession(JCSMPFactory.java:119)

It seems that solace client is using System.getProperty("java.home") to then get the cacerts, but this value is empty and it fails. In native mode there is no JVM and thus no java home. Why is the solace client not using -Djavax.net.ssl.trustStore ? This way we could specify the truststore path manually.
Thanks in advance for your help.

Comments

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 963 admin

    Hi @gaetancollaud,
    Interesting! Can you try setting the SSL_TRUST_STORE JCSMPProperty to see if that works for you?

    Also awesome that you're using Quarkus! I've been wanting to test that out. Any chance your code is open source?

    -Marc

  • gaetancollaud
    gaetancollaud Member Posts: 6

    Hi @marc ,

    Thanks for your answer. Indeed setting SSL_TRUST_STORE solved the issue. Sorry that I didn't find it myself...

    I don't think it will be open source soon (but maybe later next year). But let me say that it works really well. I didn't had any issue with the client library except this SSL problem.

    I wouldn't mind having an official Quarkus Solace extension. ;) I could bring Solace some visibility in the quarkus community. https://quarkus.io/guides/writing-extensions

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 963 admin

    Hi @gaetancollaud,
    Glad it worked for you and glad the client library is working without further issues! I'm actually being told that -Djavax.net.ssl.trustStore should also have worked so I'll have to test that out when I get a chance.

    Also, I love the idea of having a Quarkus Solace extension! Let's chat :)
    -Marc

  • gaetancollaud
    gaetancollaud Member Posts: 6

    Hi @marc

    I tried with -Djavax.net.ssl.trustStore without any success. My current solution is:

        final String trustStore = System.getProperty("javax.net.ssl.trustStore");
        if (trustStore != null) {
          properties.setProperty(JCSMPProperties.SSL_TRUST_STORE, trustStore);
        }
    

    Which works fine for me.

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 963 admin

    Fyi @gaetancollaud, this was indeed a bug in the API and with JCSMP v10.10 (released yesterday) you should now be able to use -Djavax.net.ssl.trustStore if you'd like.

  • gaetancollaud
    gaetancollaud Member Posts: 6

    Thanks for the update. I will upgrade and remove my workaround.