Supporting org.apache.xml.security in graalVM
When working today at out european trusted lists feature $DAY_JOB we had an issue which was coming from org.apache.xml.security when trying to run our testsuite natively compiled with graalVM.
java.util.MissingResourceException: Can't find bundle for base name org/apache/xml/security/resource/xmlsecurity locale en_US
-H:IncludeResourceBundles=org.apache.xml.security.resource.xmlsecurity
org.apache.xml.security.signature.XMLSignatureException: The requested algorithm http://www.w3.org/2000/09/xmldsig#dsa-sha1 does not exist. Original Message was: org.apache.xml.security.algorithms.implementations.SignatureDSA Original Exception was java.lang.InstantiationException: org.apache.xml.security.algorithms.implementations.SignatureDSA
This indicates that the required resource bundles are not available in the generated binary. The reason being that it was trimmed by graalVM as it didn't seem to be used.To fix this we need to add the following to our build arguments when building the native test executable.When we add this and try compiling + running the tests once again, we now encounter the following issue:So now the resourcbunldes are loaded, but it can't find any of the hashing algoritms we need, probably also being trimmed out of the native binary because they get instaniated with the usage of reflection. So
GraalVM
has an option to define we require in a configuration called reflect-config.json you can pass it as following:
-H:ReflectionConfigurationFiles=${basedir}/path/to/reflect-config.json
[ { "name": "org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1", "allDeclaredConstructors": true } ]
And in that file we need to add the required type we need to make sure GraalVM add's to the native binarySomething like this:When we run again we get a different error related to ECDSASHA256 so that means we have to add that type as well, and you guys reading this are probably pretty smart so will already now that we need to add all those implementations to the configuration file. And we also need some additional types unrelated to hashing algortimsSee full config below to copy paste into your application