From 9828ff5cd4a33eb1fb720979ef8f496fe8486046 Mon Sep 17 00:00:00 2001
From: Valery Kharseko <vharseko@3a-systems.ru>
Date: Fri, 15 May 2026 19:11:56 +0000
Subject: [PATCH] Add native access JVM flag for Bouncy Castle FIPS on newer Java releases (#645)

---
 opendj-server-legacy/resource/bin/_script-util.bat |    7 +++++++
 opendj-server-legacy/resource/bin/_script-util.sh  |   11 +++++++++++
 2 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/opendj-server-legacy/resource/bin/_script-util.bat b/opendj-server-legacy/resource/bin/_script-util.bat
index e665966..f6bacbb 100644
--- a/opendj-server-legacy/resource/bin/_script-util.bat
+++ b/opendj-server-legacy/resource/bin/_script-util.bat
@@ -173,6 +173,13 @@
 "%OPENDJ_JAVA_BIN%" --add-opens java.base/jdk.internal.loader=ALL-UNNAMED --version > NUL 2>&1
 set RESULT_CODE=%errorlevel%
 if %RESULT_CODE% == 0 set OPENDJ_JAVA_ARGS=%OPENDJ_JAVA_ARGS% --add-opens java.base/jdk.internal.loader=ALL-UNNAMED
+"%OPENDJ_JAVA_BIN%" --enable-native-access=ALL-UNNAMED --version > NUL 2>&1
+set RESULT_CODE=%errorlevel%
+if NOT %RESULT_CODE% == 0 goto skipNativeAccessArg
+echo %OPENDJ_JAVA_ARGS% | findstr /C:"--enable-native-access=ALL-UNNAMED" > NUL 2>&1
+if %errorlevel% == 0 goto skipNativeAccessArg
+set OPENDJ_JAVA_ARGS=%OPENDJ_JAVA_ARGS% --enable-native-access=ALL-UNNAMED
+:skipNativeAccessArg
 goto scriptBegin
 
 :setTempDir
diff --git a/opendj-server-legacy/resource/bin/_script-util.sh b/opendj-server-legacy/resource/bin/_script-util.sh
index 66f04f6..da3a9e6 100644
--- a/opendj-server-legacy/resource/bin/_script-util.sh
+++ b/opendj-server-legacy/resource/bin/_script-util.sh
@@ -254,6 +254,17 @@
   then
   	export OPENDJ_JAVA_ARGS="$OPENDJ_JAVA_ARGS --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED --add-opens java.base/jdk.internal.loader=ALL-UNNAMED"
   fi
+
+  "${OPENDJ_JAVA_BIN}" --enable-native-access=ALL-UNNAMED --version > /dev/null 2>&1
+  RESULT_CODE=${?}
+  if test ${RESULT_CODE} -eq 0
+  then
+    case " ${OPENDJ_JAVA_ARGS} " in
+      *" --enable-native-access=ALL-UNNAMED "*) ;;
+      *) OPENDJ_JAVA_ARGS="${OPENDJ_JAVA_ARGS} --enable-native-access=ALL-UNNAMED" ;;
+    esac
+    export OPENDJ_JAVA_ARGS
+  fi
 }
 
 # Configure the appropriate CLASSPATH for server, using Opend DJ logger.

--
Gitblit v1.10.0