Skip to content

Commit 47366a5

Browse files
taoliulttaoliult
committed
Add a check to detect the OpenJCEPlus module
Add a check to detect the OpenJCEPlus module. If the module is missing but the restricted security profile requires it, print an error message and exit. Signed-off-by: Tao Liu <[email protected]>
1 parent 485e097 commit 47366a5

File tree

1 file changed

+13
-1
lines changed

1 file changed

+13
-1
lines changed

closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* ===========================================================================
3-
* (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
3+
* (c) Copyright IBM Corp. 2022, 2025 All Rights Reserved
44
* ===========================================================================
55
*
66
* This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
4242
import java.util.List;
4343
import java.util.Map;
4444
import java.util.Objects;
45+
import java.util.Optional;
4546
import java.util.Properties;
4647
import java.util.Set;
4748
import java.util.regex.Matcher;
@@ -67,6 +68,7 @@ public final class RestrictedSecurity {
6768

6869
private static final boolean isNSSSupported;
6970
private static final boolean isOpenJCEPlusSupported;
71+
private static final boolean isOpenJCEPlusModuleExist;
7072

7173
private static final boolean userSetProfile;
7274
private static final boolean shouldEnableSecurity;
@@ -137,6 +139,11 @@ public String[] run() {
137139
}
138140
isOpenJCEPlusSupported = isOsSupported && isArchSupported;
139141

142+
// Check whether the OpenJCEPlus module exists.
143+
ModuleLayer layer = ModuleLayer.boot();
144+
Optional<Module> module = layer.findModule("openjceplus");
145+
isOpenJCEPlusModuleExist = module.isPresent();
146+
140147
// Check the default solution to see if FIPS is supported.
141148
isFIPSSupported = isNSSSupported;
142149

@@ -387,6 +394,11 @@ private static void checkIfKnownProfileSupported() {
387394
+ " on this platform.");
388395
}
389396

397+
if (!isOpenJCEPlusModuleExist && profileID.contains("OpenJCEPlus")) {
398+
printStackTraceAndExit("FIPS 140-3 profile specified. Required OpenJCEPlus"
399+
+ " module not found.");
400+
}
401+
390402
if (debug != null) {
391403
debug.println("RestrictedSecurity profile " + profileID
392404
+ " is supported on this platform.");

0 commit comments

Comments
 (0)