I’ve got a Clojure program that I am trying to compile into a native image using GraalVM. The program is just a main function:

(defn -main [& args]
  (println (Signature/getInstance "EDDSA" (Security/getProvider "BC"))))

I compile it into a native image and I get this when I run it:

Exception in thread "main" java.lang.IllegalArgumentException: missing provider
    at [email protected]/sun.security.jca.GetInstance.getService(GetInstance.java:96)
    at [email protected]/sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
    at [email protected]/java.security.Signature.getInstance(Signature.java:450)
    at company.cli.release$_main.invokeStatic(release.clj:8)
    at company.cli.release$_main.doInvoke(release.clj:7)
    at clojure.lang.RestFn.applyTo(RestFn.java:137)
    at company.cli.release.main(Unknown Source)

If compiled it with -H:+TraceSecurityService switch and bouncy castle doesn’t appear anywhere. I don’t understand why it’s not picked up. In the report I can see:

Service factory method java.security.Signature.getInstance(java.lang.String, java.security.Provider) is reachable.
    Analysis parsing context: 
        at java.security.Signature.getInstance(Signature.java:441)
        at company.cli.release$_main.invokeStatic(release.clj:8)
        at company.cli.release$_main.doInvoke(release.clj:7)
        at clojure.lang.RestFn.applyTo(RestFn.java:137)
        at company.cli.release.main(Unknown Source)
        at com.oracle.svm.core.JavaMainWrapper.runCore0(JavaMainWrapper.java:180)
        at com.oracle.svm.core.JavaMainWrapper.runCore(JavaMainWrapper.java:137)
    Reachability of Signature service type API triggers registration of following services:

So the reachability detects this code. But the Signature services registered don’t include any BouncyCastle algorithms.

Also if I change the code to:

(defn -main [& args]
  (println (Signature/getInstance "EDDSA" (BouncyCastleProvider.))))

the report is the same when running I get a different exception with same stacktrace:

Exception in thread "main" java.security.NoSuchAlgorithmException: no such algorithm: EDDSA for provider BC

This code works if run normally via java command.

I have also tried:

(defn -main [& args]
  (Security/addProvider (BouncyCastleProvider.))
  (println (Signature/getInstance "EDDSA" (BouncyCastleProvider.))))

and

(defn -main [& args]
  (Security/addProvider (BouncyCastleProvider.))
  (println (Signature/getInstance "EDDSA" (Security/getProvider "BC"))))

With same result. I tried adding option -H:AdditionalSecurityProviders=org.bouncycastle.jce.provider.BouncyCastleProvider.

and I get one of the two errors above and the security services automatic registration report still lacks any mention of BouncyCastle

Why doesn’t it add BC to providers?