Export sun.security.internal.spec module for bouncycastle in Java 17

Closes: quarkusio#21374
zakkak · Dec 1, 2021 · a54c215 · a54c215
1 parent 196d12f
commit a54c215
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 1 deletion.
diff --git a/...oyment/src/main/java/io/quarkus/deployment/builditem/nativeimage/JPMSExportBuildItem.java b/...oyment/src/main/java/io/quarkus/deployment/builditem/nativeimage/JPMSExportBuildItem.java
@@ -0,0 +1,25 @@
+package io.quarkus.deployment.builditem.nativeimage;
+
+import io.quarkus.builder.item.MultiBuildItem;
+
+/**
+ * A build item that indicates that a Java package should be exported using
+ * '-J--add-exports' option to become visible to native-image
+ */
+public final class JPMSExportBuildItem extends MultiBuildItem {
+    private final String moduleName;
+    private final String packageName;
+
+    public JPMSExportBuildItem(String moduleName, String packageName) {
+        this.moduleName = moduleName;
+        this.packageName = packageName;
+    }
+
+    public String getPackage() {
+        return packageName;
+    }
+
+    public String getModule() {
+        return moduleName;
+    }
+}
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildStep.java b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildStep.java
@@ -25,6 +25,7 @@
 import io.quarkus.bootstrap.util.IoUtils;
 import io.quarkus.deployment.annotations.BuildStep;
 import io.quarkus.deployment.builditem.nativeimage.ExcludeConfigBuildItem;
+import io.quarkus.deployment.builditem.nativeimage.JPMSExportBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageAllowIncompleteClasspathAggregateBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageSecurityProviderBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageSystemPropertyBuildItem;
@@ -86,7 +87,8 @@ ArtifactResultBuildItem nativeSourcesResult(NativeConfig nativeConfig,
             PackageConfig packageConfig,
             List<NativeImageSystemPropertyBuildItem> nativeImageProperties,
             List<ExcludeConfigBuildItem> excludeConfigs,
-            NativeImageAllowIncompleteClasspathAggregateBuildItem incompleteClassPathAllowed) {
+            NativeImageAllowIncompleteClasspathAggregateBuildItem incompleteClassPathAllowed,
+            List<JPMSExportBuildItem> jpmsExportBuildItems) {
 
         Path outputDir;
         try {
@@ -107,6 +109,7 @@ ArtifactResultBuildItem nativeSourcesResult(NativeConfig nativeConfig,
                 .setNativeImageProperties(nativeImageProperties)
                 .setBrokenClasspath(incompleteClassPathAllowed.isAllow())
                 .setExcludeConfigs(excludeConfigs)
+                .setJPMSExportBuildItems(jpmsExportBuildItems)
                 .setOutputDir(outputDir)
                 .setRunnerJarName(runnerJar.getFileName().toString())
                 // the path to native-image is not known now, it is only known at the time the native-sources will be consumed
@@ -139,6 +142,7 @@ public NativeImageBuildItem build(NativeConfig nativeConfig, NativeImageSourceJa
             List<ExcludeConfigBuildItem> excludeConfigs,
             NativeImageAllowIncompleteClasspathAggregateBuildItem incompleteClassPathAllowed,
             List<NativeImageSecurityProviderBuildItem> nativeImageSecurityProviders,
+            List<JPMSExportBuildItem> jpmsExportBuildItems,
             Optional<ProcessInheritIODisabled> processInheritIODisabled) {
         if (nativeConfig.debug.enabled) {
             copyJarSourcesToLib(outputTargetBuildItem, curateOutcomeBuildItem);
@@ -199,6 +203,7 @@ public NativeImageBuildItem build(NativeConfig nativeConfig, NativeImageSourceJa
                     .setExcludeConfigs(excludeConfigs)
                     .setBrokenClasspath(incompleteClassPathAllowed.isAllow())
                     .setNativeImageSecurityProviders(nativeImageSecurityProviders)
+                    .setJPMSExportBuildItems(jpmsExportBuildItems)
                     .setOutputDir(outputDir)
                     .setRunnerJarName(runnerJarName)
                     .setNativeImageName(nativeImageName)
@@ -473,6 +478,7 @@ static class Builder {
             private List<NativeImageSystemPropertyBuildItem> nativeImageProperties;
             private List<ExcludeConfigBuildItem> excludeConfigs;
             private List<NativeImageSecurityProviderBuildItem> nativeImageSecurityProviders;
+            private List<JPMSExportBuildItem> jpmsExports;
             private Path outputDir;
             private String runnerJarName;
             private String noPIE = "";
@@ -511,6 +517,11 @@ public Builder setNativeImageSecurityProviders(
                 return this;
             }
 
+            public Builder setJPMSExportBuildItems(List<JPMSExportBuildItem> JPMSExportBuildItems) {
+                this.jpmsExports = JPMSExportBuildItems;
+                return this;
+            }
+
             public Builder setOutputDir(Path outputDir) {
                 this.outputDir = outputDir;
                 return this;
@@ -723,6 +734,13 @@ public NativeImageInvokerInfo build() {
                     nativeImageArgs.add("-H:AdditionalSecurityProviders=" + additionalSecurityProviders);
                 }
 
+                if (jpmsExports != null) {
+                    for (JPMSExportBuildItem jpmsExport : jpmsExports) {
+                        nativeImageArgs.add(
+                                "-J--add-exports=" + jpmsExport.getModule() + "/" + jpmsExport.getPackage() + "=ALL-UNNAMED");
+                    }
+                }
+
                 for (ExcludeConfigBuildItem excludeConfig : excludeConfigs) {
                     nativeImageArgs.add("--exclude-config");
                     nativeImageArgs.add(excludeConfig.getJarFile());

diff --git a/...s/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java b/...s/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java
@@ -42,6 +42,7 @@
 import io.quarkus.deployment.annotations.Record;
 import io.quarkus.deployment.builditem.ApplicationClassPredicateBuildItem;
 import io.quarkus.deployment.builditem.FeatureBuildItem;
+import io.quarkus.deployment.builditem.nativeimage.JPMSExportBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageSecurityProviderBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.RuntimeReinitializedClassBuildItem;
@@ -242,6 +243,22 @@ void addBouncyCastleProvidersToNativeImage(BuildProducer<NativeImageSecurityProv
         }
     }
 
+    // Work around https://github.com/quarkusio/quarkus/issues/21374
+    @BuildStep
+    void addBouncyCastleExportsToNativeImage(BuildProducer<JPMSExportBuildItem> jpmsExports,
+            List<BouncyCastleProviderBuildItem> bouncyCastleProviders,
+            List<BouncyCastleJsseProviderBuildItem> bouncyCastleJsseProviders) {
+        Optional<BouncyCastleJsseProviderBuildItem> bouncyCastleJsseProvider = getOne(bouncyCastleJsseProviders);
+        if (bouncyCastleJsseProvider.isPresent() && bouncyCastleJsseProvider.get().isInFipsMode()) {
+            jpmsExports.produce(new JPMSExportBuildItem("java.base", "sun.security.internal.spec"));
+        } else {
+            Optional<BouncyCastleProviderBuildItem> bouncyCastleProvider = getOne(bouncyCastleProviders);
+            if (bouncyCastleProvider.isPresent() && bouncyCastleProvider.get().isInFipsMode()) {
+                jpmsExports.produce(new JPMSExportBuildItem("java.base", "sun.security.internal.spec"));
+            }
+        }
+    }
+
     private <BI extends MultiBuildItem> Optional<BI> getOne(List<BI> items) {
         if (items.size() > 1) {
             throw new IllegalStateException("Only a single Bouncy Castle registration can be provided.");