From 5abbcdeb5cf32ce0de9afb096b0e2125c7d9b7ac Mon Sep 17 00:00:00 2001
From: Stuart McCulloch <stuart.mcculloch@datadoghq.com>
Date: Mon, 27 Jan 2025 22:48:05 +0000
Subject: [PATCH] Consider any custom security provider as potentially loading
 JUL

---
 .../main/java/datadog/trace/bootstrap/Agent.java  | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java
index e0e65f16324..1e60a79034b 100644
--- a/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java
+++ b/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/Agent.java
@@ -1348,8 +1348,8 @@ private static String ddGetEnv(final String sysProp) {
   }
 
   private static boolean okHttpMayIndirectlyLoadJUL() {
-    if (isIBMSASLInstalled() || isACCPInstalled()) {
-      return true; // 'IBMSASL' and 'ACCP' crypto providers can load JUL when OkHttp accesses TLS
+    if (isCustomSecurityProviderInstalled() || isIBMSASLInstalled()) {
+      return true; // custom security providers may load JUL when OkHttp accesses TLS
     }
     if (isJavaVersionAtLeast(9)) {
       return false; // JDKs since 9 have reworked JFR to use a different logging facility, not JUL
@@ -1357,14 +1357,13 @@ private static boolean okHttpMayIndirectlyLoadJUL() {
     return isJFRSupported(); // assume OkHttp will indirectly load JUL via its JFR events
   }
 
-  private static boolean isIBMSASLInstalled() {
-    return ClassLoader.getSystemResource("com/ibm/security/sasl/IBMSASL.class") != null;
+  private static boolean isCustomSecurityProviderInstalled() {
+    return ClassLoader.getSystemResource("META-INF/services/java.security.Provider") != null;
   }
 
-  private static boolean isACCPInstalled() {
-    return ClassLoader.getSystemResource(
-            "com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.class")
-        != null;
+  private static boolean isIBMSASLInstalled() {
+    // need explicit check as this is installed without using the service-loader mechanism
+    return ClassLoader.getSystemResource("com/ibm/security/sasl/IBMSASL.class") != null;
   }
 
   private static boolean isJFRSupported() {