From dce71c3ace385eeb714bc94c651e171714d62c4b Mon Sep 17 00:00:00 2001 From: Charles Oliver Nutter Date: Fri, 28 Feb 2020 17:07:59 -0600 Subject: [PATCH] Try direct path for MessageDigest before invasive path This logic is responsible for the remaining known "illegal access" warning on Java 9+. I am not sure why we do not trust the default provide to give us most algorithms, since it should be identical to the one provied by Bouncy Castle. This change reverses the logic and only uses the invasive provider-specific form when the direct lookup fails. Relates to jruby/jruby#6098. --- src/main/java/org/jruby/ext/openssl/SecurityHelper.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java index 1bf14bfc..05c33b32 100644 --- a/src/main/java/org/jruby/ext/openssl/SecurityHelper.java +++ b/src/main/java/org/jruby/ext/openssl/SecurityHelper.java @@ -355,11 +355,14 @@ static KeyStore getKeyStore(final String type, final Provider provider) */ public static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException { try { + return MessageDigest.getInstance(algorithm); + } catch (NoSuchAlgorithmException nsae) { + // try reflective logic final Provider provider = getSecurityProviderIfAccessible(); if ( provider != null ) return getMessageDigest(algorithm, provider); + + throw nsae; // give up } - catch (NoSuchAlgorithmException e) { } - return MessageDigest.getInstance(algorithm); } @SuppressWarnings("unchecked")