Allow jdk.crypto.mscapi module to be unavailable on Windows

Author: olpaw

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/SecurityServicesFeature.java

@@ -154,6 +154,8 @@ public static class Options {
     /** The list of known service classes defined by the JCA. */
     private static final List<Class<?>> knownServices;
 
+    private static final boolean isMscapiModulePresent;
+
     static {
         List<Class<?>> classList = new ArrayList<>(List.of(
                         AlgorithmParameterGenerator.class, AlgorithmParameters.class,
@@ -175,6 +177,9 @@ public static class Options {
         if (ModuleLayer.boot().findModule("java.smartcardio").isPresent()) {
             classList.add(ReflectionUtil.lookupClass(false, "javax.smartcardio.TerminalFactory"));
         }
+
+        isMscapiModulePresent = ModuleLayer.boot().findModule("jdk.crypto.mscapi").isPresent();
+
         knownServices = Collections.unmodifiableList(classList);
     }
 
@@ -254,7 +259,7 @@ public void duringSetup(DuringSetupAccess a) {
          * SeedGenerator.getSystemEntropy().
          */
         rci.rerunInitialization(clazz(access, "sun.security.provider.AbstractDrbg$SeederHolder"), "for substitutions");
-        if (isWindows()) {
+        if (isMscapiModulePresent) {
             /* PRNG.<clinit> creates a Cleaner (see JDK-8210476), which starts its thread. */
             rci.rerunInitialization(clazz(access, "sun.security.mscapi.PRNG"), "for substitutions");
         }
@@ -338,7 +343,7 @@ public void beforeAnalysis(BeforeAnalysisAccess a) {
             });
         }
 
-        if (isWindows()) {
+        if (isMscapiModulePresent) {
             access.registerReachabilityHandler(SecurityServicesFeature::registerSunMSCAPIConfig, clazz(access, "sun.security.mscapi.SunMSCAPI"));
             /* Resolve calls to sun_security_mscapi* as builtIn. */
             PlatformNativeLibrarySupport.singleton().addBuiltinPkgNativePrefix("sun_security_mscapi");
@@ -419,20 +424,23 @@ private static void registerSunMSCAPIConfig(BeforeAnalysisAccess a) {
                         "java.security.KeyException", "java.security.KeyStoreException", "java.security.ProviderException",
                         "java.security.SignatureException", "java.lang.OutOfMemoryError");
 
-        /*
-         * JDK-6782021 changed the `loadKeysOrCertificateChains` method signature, so we try the new
-         * signature first and fall back to the old one in case we're on a JDK without the change.
-         */
-        a.registerReachabilityHandler(SecurityServicesFeature::registerLoadKeysOrCertificateChains,
-                        optionalMethod(a, "sun.security.mscapi.CKeyStore", "loadKeysOrCertificateChains", String.class, int.class)
-                                        .orElseGet(() -> method(a, "sun.security.mscapi.CKeyStore", "loadKeysOrCertificateChains", String.class)));
-        a.registerReachabilityHandler(SecurityServicesFeature::registerGenerateCKeyPair,
-                        method(a, "sun.security.mscapi.CKeyPairGenerator$RSA", "generateCKeyPair", String.class, int.class, String.class));
-        a.registerReachabilityHandler(SecurityServicesFeature::registerCPrivateKeyOf,
-                        method(a, "sun.security.mscapi.CKeyStore", "storePrivateKey", String.class, byte[].class, String.class, int.class));
-        a.registerReachabilityHandler(SecurityServicesFeature::registerCPublicKeyOf,
-                        method(a, "sun.security.mscapi.CSignature", "importECPublicKey", String.class, byte[].class, int.class),
-                        method(a, "sun.security.mscapi.CSignature", "importPublicKey", String.class, byte[].class, int.class));
+        if (isMscapiModulePresent) {
+            /*
+             * JDK-6782021 changed the `loadKeysOrCertificateChains` method signature, so we try the
+             * new signature first and fall back to the old one in case we're on a JDK without the
+             * change.
+             */
+            a.registerReachabilityHandler(SecurityServicesFeature::registerLoadKeysOrCertificateChains,
+                            optionalMethod(a, "sun.security.mscapi.CKeyStore", "loadKeysOrCertificateChains", String.class, int.class)
+                                            .orElseGet(() -> method(a, "sun.security.mscapi.CKeyStore", "loadKeysOrCertificateChains", String.class)));
+            a.registerReachabilityHandler(SecurityServicesFeature::registerGenerateCKeyPair,
+                            method(a, "sun.security.mscapi.CKeyPairGenerator$RSA", "generateCKeyPair", String.class, int.class, String.class));
+            a.registerReachabilityHandler(SecurityServicesFeature::registerCPrivateKeyOf,
+                            method(a, "sun.security.mscapi.CKeyStore", "storePrivateKey", String.class, byte[].class, String.class, int.class));
+            a.registerReachabilityHandler(SecurityServicesFeature::registerCPublicKeyOf,
+                            method(a, "sun.security.mscapi.CSignature", "importECPublicKey", String.class, byte[].class, int.class),
+                            method(a, "sun.security.mscapi.CSignature", "importPublicKey", String.class, byte[].class, int.class));
+        }
     }
 
     private static void registerLoadKeysOrCertificateChains(DuringAnalysisAccess a) {

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/jdk/JNIRegistrationSupport.java

@@ -102,7 +102,8 @@ public void beforeAnalysis(BeforeAnalysisAccess access) {
     @Override
     public void afterAnalysis(AfterAnalysisAccess access) {
         if (isWindows()) {
-            isSunMSCAPIProviderReachable = access.isReachable(clazz(access, "sun.security.mscapi.SunMSCAPI"));
+            var optSunMSCAPIClass = optionalClazz(access, "sun.security.mscapi.SunMSCAPI");
+            isSunMSCAPIProviderReachable = optSunMSCAPIClass.isPresent() && access.isReachable(optSunMSCAPIClass.get());
         }
     }