add a configuration option to prevent BouncyCastle from registering at runtime so that sshj is compatible with GraalVM's native mode

[insinfo]

add a configuration option to prevent BouncyCastle from registering at runtime so that sshj is compatible with GraalVM's native mode

C:\MyJavaProjects\java_native> C:\MyJavaProjects\java_native\app\build\native\nativeBuild\Example.exe
Exception in thread "main" com.oracle.svm.core.jdk.UnsupportedFeatureError: Trying to verify a provider that was not registered at build time: BC version 1.69. All providers must be registered and verified in the Native Image builder. 
        at com.oracle.svm.core.util.VMError.unsupportedFeature(VMError.java:89)
        at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:403)
        at javax.crypto.JceSecurity.getInstance(JceSecurity.java:140)
        at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:280)
        at net.schmizz.sshj.common.SecurityUtils.registerSecurityProvider(SecurityUtils.java:94)
        at net.schmizz.sshj.common.SecurityUtils.register(SecurityUtils.java:280)
        at net.schmizz.sshj.common.SecurityUtils.isBouncyCastleRegistered(SecurityUtils.java:251)
        at net.schmizz.sshj.DefaultConfig.<init>(DefaultConfig.java:78)
        at net.schmizz.sshj.SSHClient.<init>(SSHClient.java:131)
        at demo.SshjExample.init(SshjExample.java:22)
        at demo.Example.main(Example.java:25)

C:\MyJavaProjects\java_native>

In the class net.schmizz.sshj.common.SecurityUtils, if you follow the above stacktrace and reach that registerSecurityProvider() method, you'll see that the method always tries to register the BouncyCastleProvider at runtime here, which is a no-no in native mode, hence the above UnsupportedFeatureError exception. The BouncyCastleProvider is already registered at build time (by the BouncyCastleFeature class) so there's no need to register it again at runtime; and this behaviour makes the sshj library incompatible with GraalVM's native mode.
To work around the issue, maybe you should substitute the SecurityUtils.register() method to do nothing, to prevent it from calling that troublesome registerSecurityProvider() method. Another option is to use a different ssh library, like Apache MINA, which may be more compatible with GraalVM's native mode.

oracle/graal#3197 (comment)

https://github.com/insinfo/java_native

[Hayvon]

Additional to the PR #828 you need to adjust your native-image.properties with the following arguments:

Args= --features=com.example.demo.BouncyCastleFeature \
--initialize-at-build-time=org.bouncycastle.crypto.prng.SP800SecureRandom \
--initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV \
--initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG$Default \

Also you need to add bouncycastle dependencies to you project:

implementation "org.bouncycastle:bcprov-jdk15on:1.70"
implementation "org.bouncycastle:bcpkix-jdk15on:1.70"

If you want to try it out you can find a working example here: https://github.com/Hayvon/spring-batch-graalvm-demo. Until the PR is not merged you can replace sshj with my fork.