From fb9f729426c87c9ebc400c3207129f276947f16e Mon Sep 17 00:00:00 2001
From: Jason Tedor <jason@tedor.me>
Date: Sun, 28 Apr 2019 23:03:34 -0400
Subject: [PATCH] Suppress illegal access in plugin install (#41620)

We use Bouncy Castle to verify signatures when installing official
plugins. This leads to illegal access warnings because Bouncy Castle
accesses the Sun security provider constructor. This commit adds an
add-opens flag to suppress this illegal access.
---
 distribution/src/bin/elasticsearch-plugin     | 3 ++-
 distribution/src/bin/elasticsearch-plugin.bat | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/distribution/src/bin/elasticsearch-plugin b/distribution/src/bin/elasticsearch-plugin
index 1c11cfb35f2..df8626e7c53 100755
--- a/distribution/src/bin/elasticsearch-plugin
+++ b/distribution/src/bin/elasticsearch-plugin
@@ -1,6 +1,7 @@
 #!/bin/bash
 
-ES_MAIN_CLASS=org.elasticsearch.plugins.PluginCli \
+ES_JAVA_OPTS="--add-opens java.base/sun.security.provider=ALL-UNNAMED $ES_JAVA_OPTS" \
+  ES_MAIN_CLASS=org.elasticsearch.plugins.PluginCli \
   ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/plugin-cli \
   "`dirname "$0"`"/elasticsearch-cli \
   "$@"
diff --git a/distribution/src/bin/elasticsearch-plugin.bat b/distribution/src/bin/elasticsearch-plugin.bat
index e447c7e847c..964fef0e29b 100644
--- a/distribution/src/bin/elasticsearch-plugin.bat
+++ b/distribution/src/bin/elasticsearch-plugin.bat
@@ -3,6 +3,7 @@
 setlocal enabledelayedexpansion
 setlocal enableextensions
 
+set ES_JAVA_OPTS="--add-opens java.base/sun.security.provider=ALL-UNNAMED %ES_JAVA_OPTS%"
 set ES_MAIN_CLASS=org.elasticsearch.plugins.PluginCli
 set ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/plugin-cli
 call "%~dp0elasticsearch-cli.bat" ^