Automatically register the Sasl provider

Aleksandar Gradinac · Aleksandar Gradinac · commit 4e55e6e94e01 · 2022-09-27T12:26:27.000+02:00
diff --git a/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/SecurityServicesFeature.java b/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/SecurityServicesFeature.java
@@ -76,8 +76,12 @@
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
+import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.Configuration;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
 import javax.security.sasl.SaslClientFactory;
+import javax.security.sasl.SaslServer;
 import javax.security.sasl.SaslServerFactory;
 import javax.smartcardio.TerminalFactory;
 import javax.xml.crypto.dsig.TransformService;
@@ -109,6 +113,7 @@
 import com.oracle.svm.hosted.FeatureImpl.DuringAnalysisAccessImpl;
 import com.oracle.svm.hosted.FeatureImpl.DuringSetupAccessImpl;
 import com.oracle.svm.hosted.c.NativeLibraries;
+import com.oracle.svm.util.ClassUtil;
 import com.oracle.svm.util.ModuleSupport;
 import com.oracle.svm.util.ReflectionUtil;
 
@@ -518,6 +523,29 @@ private static Set<Class<?>> computeKnownServices(BeforeAnalysisAccess access) {
         return allKnownServices;
     }
 
+    private void registerSpecialReachabilityHandlers(BeforeAnalysisAccess access) {
+        /*
+         * Sasl does not conform to the JCA - the service has no getInstance method. We instead use
+         * the Sasl facade class for our reachability handlers.
+         */
+        String saslRegistrationFailureMessage = "Failed to enable automatic SASL provider registration: %s";
+        String saslClassName = "javax.security.sasl.Sasl";
+        try {
+            TypeResult<Class<?>> saslClassLookup = loader.findClass(saslClassName);
+            if (saslClassLookup.isPresent()) {
+                trace(saslRegistrationFailureMessage, saslClassName);
+            }
+
+            Class<?> saslClass = saslClassLookup.getOrFail();
+            Method createSaslClient = ReflectionUtil.lookupMethod(saslClass, "createSaslClient", String[].class, String.class, String.class, String.class, Map.class, CallbackHandler.class);
+            access.registerReachabilityHandler(a -> registerServices(a, createSaslClient, SaslClient.class), createSaslClient);
+            Method createSaslServer = ReflectionUtil.lookupMethod(saslClass, "createSaslServer", String.class, String.class, String.class, Map.class, CallbackHandler.class);
+            access.registerReachabilityHandler(a -> registerServices(a, createSaslServer, SaslServer.class), createSaslServer);
+        } catch (ReflectionUtil.ReflectionUtilError e) {
+            trace(saslRegistrationFailureMessage, e);
+        }
+    }
+
     private void registerServiceReachabilityHandlers(BeforeAnalysisAccess access) {
         ctrParamClassAccessor = getConstructorParameterClassAccessor(loader);
         getSpiClassMethod = getSpiClassMethod();
@@ -550,6 +578,8 @@ private void registerServiceReachabilityHandlers(BeforeAnalysisAccess access) {
             }
         }
 
+        registerSpecialReachabilityHandlers(access);
+
         /*
          * On Oracle JDK the SecureRandom service implementations are not automatically discovered
          * by the mechanism above because SecureRandom.getInstance() is not invoked. For example
@@ -569,14 +599,21 @@ private void registerServices(DuringAnalysisAccess access, Object trigger, Class
          * but not any of its sub-packages. See java.security.Security.getSpiClass().
          */
         // Checkstyle: allow Class.getSimpleName
-        String serviceType = serviceClass.getSimpleName();
+        String serviceType = getServiceType(serviceClass);
         // Checkstyle: disallow Class.getSimpleName
         if (serviceClass.getPackage().getName().equals("java.security")) {
             registerSpiClass(getSpiClassMethod, serviceType);
         }
         registerServices(access, trigger, serviceType);
     }
 
+    private String getServiceType(Class<?> serviceClass) {
+        if (serviceClass == SaslClient.class || serviceClass == SaslServer.class) {
+            return ClassUtil.getUnqualifiedName(serviceClass) + "Factory";
+        }
+        return ClassUtil.getUnqualifiedName(serviceClass);
+    }
+
     ConcurrentHashMap<String, Boolean> processedServiceClasses = new ConcurrentHashMap<>();
 
     private void registerServices(DuringAnalysisAccess access, Object trigger, String serviceType) {
