java-21-openjdk/multiple-pkcs11-library-init.patch

--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java
@@ -52,6 +52,7 @@ final class Config {
     static final int ERR_HALT       = 1;
     static final int ERR_IGNORE_ALL = 2;
     static final int ERR_IGNORE_LIB = 3;
+    static final int ERR_IGNORE_MULTI_INIT = 4;
 
     // same as allowSingleThreadedModules but controlled via a system property
     // and applied to all providers. if set to false, no SunPKCS11 instances
@@ -1037,6 +1038,7 @@ final class Config {
         handleStartupErrors = switch (val) {
             case "ignoreAll" -> ERR_IGNORE_ALL;
             case "ignoreMissingLibrary" -> ERR_IGNORE_LIB;
+            case "ignoreMultipleInitialisation" -> ERR_IGNORE_MULTI_INIT;
             case "halt" -> ERR_HALT;
             default -> throw excToken("Invalid value for handleStartupErrors:");
         };
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -184,26 +184,37 @@ public final class SunPKCS11 extends AuthProvider {
                 String nssLibraryDirectory = config.getNssLibraryDirectory();
                 String nssSecmodDirectory = config.getNssSecmodDirectory();
                 boolean nssOptimizeSpace = config.getNssOptimizeSpace();
+                int errorHandling = config.getHandleStartupErrors();
 
                 if (secmod.isInitialized()) {
                     if (nssSecmodDirectory != null) {
                         String s = secmod.getConfigDir();
                         if ((s != null) &&
                                 (!s.equals(nssSecmodDirectory))) {
-                            throw new ProviderException("Secmod directory "
-                                + nssSecmodDirectory
-                                + " invalid, NSS already initialized with "
-                                + s);
+                            String msg = "Secmod directory " + nssSecmodDirectory
+                                + " invalid, NSS already initialized with " + s;
+                            if (errorHandling == Config.ERR_IGNORE_MULTI_INIT ||
+                                errorHandling == Config.ERR_IGNORE_ALL) {
+                                throw new UnsupportedOperationException(msg);
+                            } else {
+                                throw new ProviderException(msg);
+                            }
                         }
                     }
                     if (nssLibraryDirectory != null) {
                         String s = secmod.getLibDir();
                         if ((s != null) &&
                                 (!s.equals(nssLibraryDirectory))) {
-                            throw new ProviderException("NSS library directory "
+                            String msg = "NSS library directory "
                                 + nssLibraryDirectory
                                 + " invalid, NSS already initialized with "
-                                + s);
+                                + s;
+                            if (errorHandling == Config.ERR_IGNORE_MULTI_INIT ||
+                                errorHandling == Config.ERR_IGNORE_ALL) {
+                                throw new UnsupportedOperationException(msg);
+                            } else {
+                                throw new ProviderException(msg);
+                            }
                         }
                     }
                 } else {