Skip to content

Commit

Permalink
Add a check to detect the OpenJCEPlus module
Browse files Browse the repository at this point in the history 
Add a check to detect the OpenJCEPlus module. If the module
is missing but the restricted security profile requires it,
print an error message and exit.

Signed-off-by: Tao Liu <[email protected]>
  • Loading branch information
@taoliult
taoliult committed Jan 23, 2025
1 parent 485e097 commit 47366a5
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* ===========================================================================
* (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
* (c) Copyright IBM Corp. 2022, 2025 All Rights Reserved
* ===========================================================================
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -42,6 +42,7 @@
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Matcher;
Expand All @@ -67,6 +68,7 @@ public final class RestrictedSecurity {

private static final boolean isNSSSupported;
private static final boolean isOpenJCEPlusSupported;
private static final boolean isOpenJCEPlusModuleExist;

private static final boolean userSetProfile;
private static final boolean shouldEnableSecurity;
Expand Down Expand Up @@ -137,6 +139,11 @@ public String[] run() {
}
isOpenJCEPlusSupported = isOsSupported && isArchSupported;

// Check whether the OpenJCEPlus module exists.
ModuleLayer layer = ModuleLayer.boot();
Optional<Module> module = layer.findModule("openjceplus");
isOpenJCEPlusModuleExist = module.isPresent();

// Check the default solution to see if FIPS is supported.
isFIPSSupported = isNSSSupported;

Expand Down Expand Up @@ -387,6 +394,11 @@ private static void checkIfKnownProfileSupported() {
+ " on this platform.");
}

if (!isOpenJCEPlusModuleExist && profileID.contains("OpenJCEPlus")) {
printStackTraceAndExit("FIPS 140-3 profile specified. Required OpenJCEPlus"
+ " module not found.");
}

if (debug != null) {
debug.println("RestrictedSecurity profile " + profileID
+ " is supported on this platform.");
Expand Down

0 comments on commit 47366a5

Please sign in to comment.