Skip to content

Commit c6f50c2

Browse files
committed
Adapt BouncyCastleFeature to still work on older JDKs
1 parent 6f79076 commit c6f50c2

File tree

1 file changed

+27
-10
lines changed

1 file changed

+27
-10
lines changed

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/BouncyCastleFeature.java

Lines changed: 27 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -60,18 +60,8 @@ public void afterRegistration(AfterRegistrationAccess access) {
6060
support.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV", "RNG");
6161
Security.addProvider(CertUtils.BOUNCYCASTLE_PROVIDER);
6262

63-
// This is needed since jdk-25+23, see https://github.com/openjdk/jdk/pull/24393
64-
Security.addProvider(Security.getProvider("SunJCE"));
65-
6663
// Register runtime reflection here, not in a config, so it can be easily disabled
6764
String[] reflectiveClasses = new String[]{
68-
// SSLBasicKeyDerivation looks up the classes below reflectively since
69-
// jdk-25+23
70-
// See https://github.com/openjdk/jdk/pull/24393
71-
"com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA256",
72-
"com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA384",
73-
"com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA512",
74-
"sun.security.pkcs11.P11HKDF",
7565
// BouncyCastle looks up the classes below
7666
"org.bouncycastle.jcajce.provider.asymmetric.COMPOSITE$Mappings",
7767
"org.bouncycastle.jcajce.provider.asymmetric.DH$Mappings",
@@ -177,6 +167,33 @@ public void afterRegistration(AfterRegistrationAccess access) {
177167
throw new RuntimeException("Could not register " + name + " for reflective access!", e);
178168
}
179169
}
170+
171+
// SSLBasicKeyDerivation looks up the classes below reflectively since jdk-25+23
172+
// See https://github.com/openjdk/jdk/pull/24393
173+
reflectiveClasses = new String[]{
174+
"com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA256",
175+
"com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA384",
176+
"com.sun.crypto.provider.HKDFKeyDerivation$HKDFSHA512",
177+
"sun.security.pkcs11.P11HKDF",
178+
};
179+
for (String name : reflectiveClasses) {
180+
try {
181+
Class.forName(name);
182+
} catch (SecurityException | ClassNotFoundException e) {
183+
return;
184+
}
185+
}
186+
// For backwards compatibility with older JDKs, we only do this if we found
187+
// all those classes
188+
Security.addProvider(Security.getProvider("SunJCE"));
189+
for (String name : reflectiveClasses) {
190+
try {
191+
RuntimeReflection.register(Class.forName(name));
192+
RuntimeReflection.register(Class.forName(name).getConstructors());
193+
} catch (SecurityException | ClassNotFoundException e) {
194+
throw new RuntimeException("Could not register " + name + " for reflective access!", e);
195+
}
196+
}
180197
}
181198
}
182199
}

0 commit comments

Comments
 (0)