Add a check to detect the OpenJCEPlus module

Add a check to detect the OpenJCEPlus module. If the module is missing but the restricted security profile requires it, print an error message and exit. Signed-off-by: Tao Liu <[email protected]>
ibmruntimes · Jan 22, 2025 · 81d196e · 81d196e
1 parent 485e097
commit 81d196e
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
@@ -1,6 +1,6 @@
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
+ * (c) Copyright IBM Corp. 2022, 2025 All Rights Reserved
  * ===========================================================================
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Properties;
 import java.util.Set;
 import java.util.regex.Matcher;
@@ -67,6 +68,7 @@ public final class RestrictedSecurity {
 
     private static final boolean isNSSSupported;
     private static final boolean isOpenJCEPlusSupported;
+    private static boolean isOpenJCEPlusModuleExist;
 
     private static final boolean userSetProfile;
     private static final boolean shouldEnableSecurity;
@@ -137,6 +139,14 @@ public String[] run() {
         }
         isOpenJCEPlusSupported = isOsSupported && isArchSupported;
 
+        // Check whether the OpenJCEPlus module exists.
+        isOpenJCEPlusModuleExist = false;
+        ModuleLayer layer = ModuleLayer.boot();
+        Optional<Module> module = layer.findModule("openjceplus");
+        if (module.isPresent()) {
+            isOpenJCEPlusModuleExist = true;
+        }
+
         // Check the default solution to see if FIPS is supported.
         isFIPSSupported = isNSSSupported;
 
@@ -387,6 +397,11 @@ private static void checkIfKnownProfileSupported() {
                     + " on this platform.");
         }
 
+        if (profileID.contains("OpenJCEPlus") && !isOpenJCEPlusModuleExist) {
+            printStackTraceAndExit("FIPS 140-3 profile specified. Required OpenJCEPlus"
+                    + " module not found.");
+        }
+
         if (debug != null) {
             debug.println("RestrictedSecurity profile " + profileID
                     + " is supported on this platform.");