From 81d196e9350a90b908de90b7281680eeff6322d6 Mon Sep 17 00:00:00 2001
From: Tao Liu <tao.liu@ibm.com>
Date: Wed, 22 Jan 2025 18:01:08 -0500
Subject: [PATCH] Add a check to detect the OpenJCEPlus module

Add a check to detect the OpenJCEPlus module. If the module
is missing but the restricted security profile requires it,
print an error message and exit.

Signed-off-by: Tao Liu <tao.liu@ibm.com>
---
 .../internal/security/RestrictedSecurity.java   | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
index 9e8d2f23a96..6beb22a7db8 100644
--- a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
+++ b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
@@ -1,6 +1,6 @@
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2022, 2024 All Rights Reserved
+ * (c) Copyright IBM Corp. 2022, 2025 All Rights Reserved
  * ===========================================================================
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Properties;
 import java.util.Set;
 import java.util.regex.Matcher;
@@ -67,6 +68,7 @@ public final class RestrictedSecurity {
 
     private static final boolean isNSSSupported;
     private static final boolean isOpenJCEPlusSupported;
+    private static boolean isOpenJCEPlusModuleExist;
 
     private static final boolean userSetProfile;
     private static final boolean shouldEnableSecurity;
@@ -137,6 +139,14 @@ public String[] run() {
         }
         isOpenJCEPlusSupported = isOsSupported && isArchSupported;
 
+        // Check whether the OpenJCEPlus module exists.
+        isOpenJCEPlusModuleExist = false;
+        ModuleLayer layer = ModuleLayer.boot();
+        Optional<Module> module = layer.findModule("openjceplus");
+        if (module.isPresent()) {
+            isOpenJCEPlusModuleExist = true;
+        }
+
         // Check the default solution to see if FIPS is supported.
         isFIPSSupported = isNSSSupported;
 
@@ -387,6 +397,11 @@ private static void checkIfKnownProfileSupported() {
                     + " on this platform.");
         }
 
+        if (profileID.contains("OpenJCEPlus") && !isOpenJCEPlusModuleExist) {
+            printStackTraceAndExit("FIPS 140-3 profile specified. Required OpenJCEPlus"
+                    + " module not found.");
+        }
+
         if (debug != null) {
             debug.println("RestrictedSecurity profile " + profileID
                     + " is supported on this platform.");