Supporting org.apache.xml.security in graalVM

Supporting org.apache.xml.security in graalVM

When working today at out european trusted lists feature $DAY_JOB we had an issue which was coming from org.apache.xml.security when trying to run our testsuite natively compiled with graalVM.

java.util.MissingResourceException: Can't find bundle for base name org/apache/xml/security/resource/xmlsecurity locale en_US

-H:IncludeResourceBundles=org.apache.xml.security.resource.xmlsecurity

org.apache.xml.security.signature.XMLSignatureException: The requested algorithm http://www.w3.org/2000/09/xmldsig#dsa-sha1 does not exist. Original Message was: org.apache.xml.security.algorithms.implementations.SignatureDSA Original Exception was java.lang.InstantiationException: org.apache.xml.security.algorithms.implementations.SignatureDSA

This indicates that the required resource bundles are not available in the generated binary. The reason being that it was trimmed by graalVM as it didn't seem to be used.To fix this we need to add the following to our build arguments when building the native test executable.When we add this and try compiling + running the tests once again, we now encounter the following issue:So now the resourcbunldes are loaded, but it can't find any of the hashing algoritms we need, probably also being trimmed out of the native binary because they get instaniated with the usage of reflection. So

GraalVM

has an option to define we require in a configuration called reflect-config.json you can pass it as following:

-H:ReflectionConfigurationFiles=${basedir}/path/to/reflect-config.json

[ { "name": "org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1", "allDeclaredConstructors": true } ]

... continue reading