Support for SunPKCS11 provider in native image

quarkusio · Apr 22, 2022 · 6d85f44 · 6d85f44
1 parent 3ac2669
commit 6d85f44
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 8 deletions.
diff --git a/...s/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java b/...s/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java
@@ -121,9 +121,10 @@ void produceJcaSecurityProviders(BuildProducer<JCAProviderBuildItem> jcaProvider
      */
     @BuildStep
     void registerJCAProvidersForReflection(BuildProducer<ReflectiveClassBuildItem> classes,
-            List<JCAProviderBuildItem> jcaProviders) throws IOException, URISyntaxException {
+            List<JCAProviderBuildItem> jcaProviders,
+            BuildProducer<NativeImageSecurityProviderBuildItem> additionalProviders) throws IOException, URISyntaxException {
         for (JCAProviderBuildItem provider : jcaProviders) {
-            List<String> providerClasses = registerProvider(provider.getProviderName());
+            List<String> providerClasses = registerProvider(provider.getProviderName(), additionalProviders);
             for (String className : providerClasses) {
                 classes.produce(new ReflectiveClassBuildItem(true, true, className));
                 log.debugf("Register JCA class: %s", className);
@@ -352,7 +353,8 @@ private <BI extends MultiBuildItem> Optional<BI> getOne(List<BI> items) {
      * @param providerName - JCA provider name
      * @return class names that make up the provider and its services
      */
-    private List<String> registerProvider(String providerName) {
+    private List<String> registerProvider(String providerName,
+            BuildProducer<NativeImageSecurityProviderBuildItem> additionalProviders) {
         List<String> providerClasses = new ArrayList<>();
         Provider provider = Security.getProvider(providerName);
         if (provider != null) {
@@ -366,6 +368,11 @@ private List<String> registerProvider(String providerName) {
                 }
             }
         }
+
+        if (SecurityProviderUtils.SUN_PROVIDERS.containsKey(providerName)) {
+            additionalProviders.produce(
+                    new NativeImageSecurityProviderBuildItem(SecurityProviderUtils.SUN_PROVIDERS.get(providerName)));
+        }
         return providerClasses;
     }
 

diff --git a/...ons/security/runtime/src/main/java/io/quarkus/security/runtime/SecurityProviderUtils.java b/...ons/security/runtime/src/main/java/io/quarkus/security/runtime/SecurityProviderUtils.java
@@ -3,6 +3,7 @@
 import java.lang.reflect.Constructor;
 import java.security.Provider;
 import java.security.Security;
+import java.util.Map;
 
 import io.quarkus.runtime.configuration.ConfigurationException;
 
@@ -18,10 +19,16 @@ public final class SecurityProviderUtils {
     public static final String BOUNCYCASTLE_JSSE_PROVIDER_CLASS_NAME = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider";
     public static final String BOUNCYCASTLE_FIPS_PROVIDER_CLASS_NAME = "org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider";
 
+    public static final Map<String, String> SUN_PROVIDERS = Map.of("SunPKCS11", "sun.security.pkcs11.SunPKCS11");
+
     private SecurityProviderUtils() {
 
     }
 
+    public static void addProvider(String provider) {
+        addProvider(loadProvider(provider));
+    }
+
     public static void addProvider(Provider provider) {
         try {
             if (Security.getProvider(provider.getName()) == null) {

diff --git a/...ion-tests/bouncycastle/src/main/java/io/quarkus/it/bouncycastle/BouncyCastleEndpoint.java b/...ion-tests/bouncycastle/src/main/java/io/quarkus/it/bouncycastle/BouncyCastleEndpoint.java
@@ -26,8 +26,8 @@ public class BouncyCastleEndpoint {
     @Path("listProviders")
     public String listProviders() {
         return Arrays.asList(Security.getProviders()).stream()
-                .filter(p -> p.getName().equals("BC"))
-                .map(p -> p.getName()).collect(Collectors.joining());
+                .filter(p -> (p.getName().equals("BC") || p.getName().equals("SunPKCS11")))
+                .map(p -> p.getName()).collect(Collectors.joining(","));
     }
 
     @GET

diff --git a/integration-tests/bouncycastle/src/main/resources/application.properties b/integration-tests/bouncycastle/src/main/resources/application.properties
@@ -1,2 +1,2 @@
-quarkus.security.security-providers=BC
+quarkus.security.security-providers=BC,SunPKCS11
 quarkus.native.additional-build-args=-H:IncludeResources=.*\\.pem
diff --git a/...ion-tests/bouncycastle/src/test/java/io/quarkus/it/bouncycastle/BouncyCastleTestCase.java b/...ion-tests/bouncycastle/src/test/java/io/quarkus/it/bouncycastle/BouncyCastleTestCase.java
@@ -17,7 +17,7 @@ public void testListProviders() {
                 .get("/jca/listProviders")
                 .then()
                 .statusCode(200)
-                .body(equalTo("BC"));
+                .body(equalTo("SunPKCS11,BC"));
     }
 
     @Test

diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
@@ -304,7 +304,6 @@
                 <module>logging-panache</module>
                 <module>locales</module>
                 <module>redis-devservices</module>
-
                 <!-- gRPC tests -->
                 <module>grpc-tls</module>
                 <module>grpc-plain-text-gzip</module>