Parse java.security.properties file at run time.

oracle · Jan 15, 2025 · 89ff8f9 · 89ff8f9
1 parent 74c031b
commit 89ff8f9
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 3 deletions.
diff --git a/...tratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/SecurityProvidersSupport.java b/...tratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/SecurityProvidersSupport.java
@@ -33,6 +33,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 import java.util.Set;
 
 import org.graalvm.nativeimage.ImageSingletons;
@@ -69,6 +70,8 @@ public final class SecurityProvidersSupport {
      */
     private final Map<String, Object> verifiedSecurityProviders = Collections.synchronizedMap(new HashMap<>());
 
+    private Properties savedInitialSecurityProperties;
+
     private Constructor<?> sunECConstructor;
 
     @Platforms(Platform.HOSTED_ONLY.class)
@@ -126,4 +129,12 @@ public Provider allocateSunECProvider() {
             throw VMError.shouldNotReachHere("The SunEC constructor is not present.");
         }
     }
+
+    public void setSavedInitialSecurityProperties(Properties savedSecurityProperties) {
+        this.savedInitialSecurityProperties = savedSecurityProperties;
+    }
+
+    public Properties getSavedInitialSecurityProperties() {
+        return savedInitialSecurityProperties;
+    }
 }
diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/SecuritySubstitutions.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/SecuritySubstitutions.java
@@ -42,6 +42,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Properties;
 import java.util.WeakHashMap;
 import java.util.function.BooleanSupplier;
 import java.util.function.Predicate;
@@ -220,6 +221,22 @@ final class Target_java_security_Provider_Service {
     private Object constructorCache;
 }
 
+@TargetClass(value = java.security.Security.class)
+final class Target_java_security_Security {
+    @Alias //
+    @RecomputeFieldValue(kind = RecomputeFieldValue.Kind.FromAlias) //
+    static Properties props;
+}
+
+@TargetClass(value = java.security.Security.class, innerClass = "SecPropLoader")
+final class Target_java_security_Security_SecPropLoader {
+
+    @Substitute
+    private static void loadMaster() {
+        Target_java_security_Security.props = SecurityProvidersSupport.singleton().getSavedInitialSecurityProperties();
+    }
+}
+
 class ServiceKeyProvider {
     static Object getNewServiceKey() {
         Class<?> serviceKey = ReflectionUtil.lookupClass("java.security.Provider$ServiceKey");

diff --git a/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/SecurityServicesFeature.java b/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/SecurityServicesFeature.java
@@ -64,6 +64,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.BiConsumer;
@@ -109,6 +110,7 @@
 
 import jdk.graal.compiler.options.Option;
 import jdk.graal.compiler.serviceprovider.JavaVersionUtil;
+import jdk.internal.access.SharedSecrets;
 import sun.security.provider.NativePRNG;
 import sun.security.x509.OIDMap;
 
@@ -229,13 +231,17 @@ public void duringSetup(DuringSetupAccess a) {
             SecurityProvidersSupport.singleton().setSunECConstructor(sunECConstructor);
         }
 
+        Properties securityProperties = SharedSecrets.getJavaSecurityPropertiesAccess().getInitialProperties();
+        SecurityProvidersSupport.singleton().setSavedInitialSecurityProperties(securityProperties);
+
         RuntimeClassInitializationSupport rci = ImageSingletons.lookup(RuntimeClassInitializationSupport.class);
         /*
          * Security providers will be initialized at run time because the class initialization
-         * simulation will determine that automatically. For the two classes below, however, we need
-         * to handle this explicitly because their packages are already marked for initialization at
-         * build time by JdkInitializationFeature#afterRegistration.
+         * simulation will determine that automatically. For the three classes below, however, we
+         * need to handle this explicitly because their packages are already marked for
+         * initialization at build time by JdkInitializationFeature#afterRegistration.
          */
+        rci.initializeAtRunTime("java.security.Security", SECURITY_PROVIDERS_INITIALIZATION);
         rci.initializeAtRunTime("sun.security.jca.Providers", SECURITY_PROVIDERS_INITIALIZATION);
         rci.initializeAtRunTime("sun.security.provider.certpath.ldap.JdkLDAP", SECURITY_PROVIDERS_INITIALIZATION);