@@ -60,18 +60,8 @@ public void afterRegistration(AfterRegistrationAccess access) {
60
60
support .initializeAtRunTime ("org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV" , "RNG" );
61
61
Security .addProvider (CertUtils .BOUNCYCASTLE_PROVIDER );
62
62
63
- // This is needed since jdk-25+23, see https://github.com/openjdk/jdk/pull/24393
64
- Security .addProvider (Security .getProvider ("SunJCE" ));
65
-
66
63
// Register runtime reflection here, not in a config, so it can be easily disabled
67
64
String [] reflectiveClasses = new String []{
68
- // SSLBasicKeyDerivation looks up the classes below reflectively since
69
- // jdk-25+23
70
- // See https://github.com/openjdk/jdk/pull/24393
71
- "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA256" ,
72
- "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA384" ,
73
- "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA512" ,
74
- "sun.security.pkcs11.P11HKDF" ,
75
65
// BouncyCastle looks up the classes below
76
66
"org.bouncycastle.jcajce.provider.asymmetric.COMPOSITE$Mappings" ,
77
67
"org.bouncycastle.jcajce.provider.asymmetric.DH$Mappings" ,
@@ -177,6 +167,33 @@ public void afterRegistration(AfterRegistrationAccess access) {
177
167
throw new RuntimeException ("Could not register " + name + " for reflective access!" , e );
178
168
}
179
169
}
170
+
171
+ // SSLBasicKeyDerivation looks up the classes below reflectively since jdk-25+23
172
+ // See https://github.com/openjdk/jdk/pull/24393
173
+ reflectiveClasses = new String []{
174
+ "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA256" ,
175
+ "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA384" ,
176
+ "com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA512" ,
177
+ "sun.security.pkcs11.P11HKDF" ,
178
+ };
179
+ for (String name : reflectiveClasses ) {
180
+ try {
181
+ Class .forName (name );
182
+ } catch (SecurityException | ClassNotFoundException e ) {
183
+ return ;
184
+ }
185
+ }
186
+ // For backwards compatibility with older JDKs, we only do this if we found
187
+ // all those classes
188
+ Security .addProvider (Security .getProvider ("SunJCE" ));
189
+ for (String name : reflectiveClasses ) {
190
+ try {
191
+ RuntimeReflection .register (Class .forName (name ));
192
+ RuntimeReflection .register (Class .forName (name ).getConstructors ());
193
+ } catch (SecurityException | ClassNotFoundException e ) {
194
+ throw new RuntimeException ("Could not register " + name + " for reflective access!" , e );
195
+ }
196
+ }
180
197
}
181
198
}
182
199
}
0 commit comments