Example 1 with OIDMap
use of sun.security.x509.OIDMap in project graal by oracle.
the class SecurityServicesFeature method duringSetup.
@Override
public void duringSetup(DuringSetupAccess a) {
DuringSetupAccessImpl access = (DuringSetupAccessImpl) a;
addManuallyConfiguredUsedProviders(a);
verificationResultsField = access.findField("javax.crypto.JceSecurity", "verificationResults");
providerListField = access.findField("sun.security.jca.Providers", "providerList");
if (JavaVersionUtil.JAVA_SPEC >= 17) {
oidTableField = access.findField("sun.security.util.ObjectIdentifier", "oidTable");
}
oidMapField = access.findField(OIDMap.class, "oidMap");
if (JavaVersionUtil.JAVA_SPEC >= 17) {
classCacheField = access.findField(Service.class, "classCache");
constructorCacheField = access.findField(Service.class, "constructorCache");
} else {
classRefField = access.findField(Service.class, "classRef");
}
RuntimeClassInitializationSupport rci = ImageSingletons.lookup(RuntimeClassInitializationSupport.class);
/*
* The SecureRandom implementations open the /dev/random and /dev/urandom files which are
* used as sources for entropy. These files are opened in the static initializers. That's
* why we rerun the static initializers at runtime. We cannot completely delay the static
* initializers execution to runtime because the SecureRandom classes are needed by the
* native image generator too, e.g., by Files.createTempDirectory().
*/
rci.rerunInitialization(NativePRNG.class, "for substitutions");
rci.rerunInitialization(NativePRNG.Blocking.class, "for substitutions");
rci.rerunInitialization(NativePRNG.NonBlocking.class, "for substitutions");
rci.rerunInitialization(clazz(access, "sun.security.provider.SeedGenerator"), "for substitutions");
rci.rerunInitialization(clazz(access, "sun.security.provider.SecureRandom$SeederHolder"), "for substitutions");
/*
* sun.security.provider.AbstractDrbg$SeederHolder has a static final EntropySource seeder
* field that needs to be re-initialized at run time because it captures the result of
* SeedGenerator.getSystemEntropy().
*/
rci.rerunInitialization(clazz(access, "sun.security.provider.AbstractDrbg$SeederHolder"), "for substitutions");
if (isWindows()) {
/* PRNG.<clinit> creates a Cleaner (see JDK-8210476), which starts its thread. */
rci.rerunInitialization(clazz(access, "sun.security.mscapi.PRNG"), "for substitutions");
}
rci.rerunInitialization(clazz(access, "sun.security.provider.FileInputStreamPool"), "for substitutions");
/* java.util.UUID$Holder has a static final SecureRandom field. */
rci.rerunInitialization(clazz(access, "java.util.UUID$Holder"), "for substitutions");
/*
* The classes below have a static final SecureRandom field. Note that if the classes are
* not found as reachable by the analysis registering them for class initialization rerun
* doesn't have any effect.
*/
rci.rerunInitialization(clazz(access, "sun.security.jca.JCAUtil$CachedSecureRandomHolder"), "for substitutions");
rci.rerunInitialization(clazz(access, "com.sun.crypto.provider.SunJCE$SecureRandomHolder"), "for substitutions");
rci.rerunInitialization(clazz(access, "sun.security.krb5.Confounder"), "for substitutions");
if (JavaVersionUtil.JAVA_SPEC >= 17) {
rci.rerunInitialization(clazz(access, "sun.security.jca.JCAUtil"), "JCAUtil.def holds a SecureRandom.");
}
/*
* When SSLContextImpl$DefaultManagersHolder sets-up the TrustManager in its initializer it
* gets the value of the -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
* properties from the build machine. Re-runing its initialization at run time is required
* to use the run time provided values.
*/
rci.rerunInitialization(clazz(access, "sun.security.ssl.SSLContextImpl$DefaultManagersHolder"), "for reading properties at run time");
/*
* SSL debug logging enabled by javax.net.debug system property is setup during the class
* initialization of either sun.security.ssl.Debug or sun.security.ssl.SSLLogger. (In JDK 8
* this was implemented in sun.security.ssl.Debug, the logic was moved to
* sun.security.ssl.SSLLogger in JDK11 but not yet backported to all JDKs. See JDK-8196584
* for details.) We cannot prevent these classes from being initialized at image build time,
* so we have to reinitialize them at run time to honour the run time passed value for the
* javax.net.debug system property.
*/
optionalClazz(access, "sun.security.ssl.Debug").ifPresent(c -> rci.rerunInitialization(c, "for reading properties at run time"));
optionalClazz(access, "sun.security.ssl.SSLLogger").ifPresent(c -> rci.rerunInitialization(c, "for reading properties at run time"));
}
Also used :
OIDMap(sun.security.x509.OIDMap)
DuringSetupAccessImpl(com.oracle.svm.hosted.FeatureImpl.DuringSetupAccessImpl)
NativePRNG(sun.security.provider.NativePRNG)
TransformService(javax.xml.crypto.dsig.TransformService)
Service(java.security.Provider.Service)
RuntimeClassInitializationSupport(org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport)
Aggregations
DuringSetupAccessImpl (com.oracle.svm.hosted.FeatureImpl.DuringSetupAccessImpl)1
Service (java.security.Provider.Service)1
TransformService (javax.xml.crypto.dsig.TransformService)1
RuntimeClassInitializationSupport (org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport)1
NativePRNG (sun.security.provider.NativePRNG)1
OIDMap (sun.security.x509.OIDMap)1
