Blame SOURCES/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch

4ca1da
4ca1da
# HG changeset patch
4ca1da
# User andrew
4ca1da
# Date 1478057514 0
4ca1da
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
4ca1da
# Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
4ca1da
PR3183: Support Fedora/RHEL system crypto policy
4ca1da
4ca1da
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/classes/java/security/Security.java
4ca1da
--- openjdk/jdk/src/share/classes/java/security/Security.java	Wed Oct 26 03:51:39 2016 +0100
4ca1da
+++ openjdk/jdk/src/share/classes/java/security/Security.java	Wed Nov 02 03:31:54 2016 +0000
4ca1da
@@ -43,6 +43,9 @@
4ca1da
  * implementation-specific location, which is typically the properties file
4ca1da
  * {@code lib/security/java.security} in the Java installation directory.
4ca1da
  *
4ca1da
+ * 

Additional default values of security properties are read from a

4ca1da
+ * system-specific location, if available.

4ca1da
+ *
4ca1da
  * @author Benjamin Renaud
4ca1da
  */
4ca1da
 
4ca1da
@@ -52,6 +55,10 @@
4ca1da
     private static final Debug sdebug =
4ca1da
                         Debug.getInstance("properties");
4ca1da
 
4ca1da
+    /* System property file*/
4ca1da
+    private static final String SYSTEM_PROPERTIES =
4ca1da
+        "/etc/crypto-policies/back-ends/java.config";
4ca1da
+
4ca1da
     /* The java.security properties */
4ca1da
     private static Properties props;
4ca1da
 
4ca1da
@@ -93,6 +100,7 @@
4ca1da
                 if (sdebug != null) {
4ca1da
                     sdebug.println("reading security properties file: " +
4ca1da
                                 propFile);
4ca1da
+                    sdebug.println(props.toString());
4ca1da
                 }
4ca1da
             } catch (IOException e) {
4ca1da
                 if (sdebug != null) {
4ca1da
@@ -114,6 +122,31 @@
4ca1da
         }
4ca1da
 
4ca1da
         if ("true".equalsIgnoreCase(props.getProperty
4ca1da
+                ("security.useSystemPropertiesFile"))) {
4ca1da
+
4ca1da
+            // now load the system file, if it exists, so its values
4ca1da
+            // will win if they conflict with the earlier values
4ca1da
+            try (BufferedInputStream bis =
4ca1da
+                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
4ca1da
+                props.load(bis);
4ca1da
+                loadedProps = true;
4ca1da
+
4ca1da
+                if (sdebug != null) {
4ca1da
+                    sdebug.println("reading system security properties file " +
4ca1da
+                                   SYSTEM_PROPERTIES);
4ca1da
+                    sdebug.println(props.toString());
4ca1da
+                }
4ca1da
+            } catch (IOException e) {
4ca1da
+                if (sdebug != null) {
4ca1da
+                    sdebug.println
4ca1da
+                        ("unable to load security properties from " +
4ca1da
+                         SYSTEM_PROPERTIES);
4ca1da
+                    e.printStackTrace();
4ca1da
+                }
4ca1da
+            }
4ca1da
+        }
4ca1da
+
4ca1da
+        if ("true".equalsIgnoreCase(props.getProperty
4ca1da
                 ("security.overridePropertiesFile"))) {
4ca1da
 
4ca1da
             String extraPropFile = System.getProperty
4ca1da
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-aix
4ca1da
--- openjdk/jdk/src/share/lib/security/java.security-aix	Wed Oct 26 03:51:39 2016 +0100
4ca1da
+++ openjdk/jdk/src/share/lib/security/java.security-aix	Wed Nov 02 03:31:54 2016 +0000
4ca1da
@@ -276,6 +276,13 @@
4ca1da
 security.overridePropertiesFile=true
4ca1da
 
4ca1da
 #
4ca1da
+# Determines whether this properties file will be appended to
4ca1da
+# using the system properties file stored at
4ca1da
+# /etc/crypto-policies/back-ends/java.config
4ca1da
+#
4ca1da
+security.useSystemPropertiesFile=false
4ca1da
+
4ca1da
+#
4ca1da
 # Determines the default key and trust manager factory algorithms for
4ca1da
 # the javax.net.ssl package.
4ca1da
 #
4ca1da
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-linux
4ca1da
--- openjdk/jdk/src/share/lib/security/java.security-linux	Wed Oct 26 03:51:39 2016 +0100
4ca1da
+++ openjdk/jdk/src/share/lib/security/java.security-linux	Wed Nov 02 03:31:54 2016 +0000
4ca1da
@@ -276,6 +276,13 @@
4ca1da
 security.overridePropertiesFile=true
4ca1da
 
4ca1da
 #
4ca1da
+# Determines whether this properties file will be appended to
4ca1da
+# using the system properties file stored at
4ca1da
+# /etc/crypto-policies/back-ends/java.config
4ca1da
+#
4ca1da
+security.useSystemPropertiesFile=true
4ca1da
+
4ca1da
+#
4ca1da
 # Determines the default key and trust manager factory algorithms for
4ca1da
 # the javax.net.ssl package.
4ca1da
 #
4ca1da
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-macosx
4ca1da
--- openjdk/jdk/src/share/lib/security/java.security-macosx	Wed Oct 26 03:51:39 2016 +0100
4ca1da
+++ openjdk/jdk/src/share/lib/security/java.security-macosx	Wed Nov 02 03:31:54 2016 +0000
4ca1da
@@ -279,6 +279,13 @@
4ca1da
 security.overridePropertiesFile=true
4ca1da
 
4ca1da
 #
4ca1da
+# Determines whether this properties file will be appended to
4ca1da
+# using the system properties file stored at
4ca1da
+# /etc/crypto-policies/back-ends/java.config
4ca1da
+#
4ca1da
+security.useSystemPropertiesFile=false
4ca1da
+
4ca1da
+#
4ca1da
 # Determines the default key and trust manager factory algorithms for
4ca1da
 # the javax.net.ssl package.
4ca1da
 #
4ca1da
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-solaris
4ca1da
--- openjdk/jdk/src/share/lib/security/java.security-solaris	Wed Oct 26 03:51:39 2016 +0100
4ca1da
+++ openjdk/jdk/src/share/lib/security/java.security-solaris	Wed Nov 02 03:31:54 2016 +0000
4ca1da
@@ -278,6 +278,13 @@
4ca1da
 security.overridePropertiesFile=true
4ca1da
 
4ca1da
 #
4ca1da
+# Determines whether this properties file will be appended to
4ca1da
+# using the system properties file stored at
4ca1da
+# /etc/crypto-policies/back-ends/java.config
4ca1da
+#
4ca1da
+security.useSystemPropertiesFile=false
4ca1da
+
4ca1da
+#
4ca1da
 # Determines the default key and trust manager factory algorithms for
4ca1da
 # the javax.net.ssl package.
4ca1da
 #
4ca1da
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-windows
4ca1da
--- openjdk/jdk/src/share/lib/security/java.security-windows	Wed Oct 26 03:51:39 2016 +0100
4ca1da
+++ openjdk/jdk/src/share/lib/security/java.security-windows	Wed Nov 02 03:31:54 2016 +0000
4ca1da
@@ -279,6 +279,13 @@
4ca1da
 security.overridePropertiesFile=true
4ca1da
 
4ca1da
 #
4ca1da
+# Determines whether this properties file will be appended to
4ca1da
+# using the system properties file stored at
4ca1da
+# /etc/crypto-policies/back-ends/java.config
4ca1da
+#
4ca1da
+security.useSystemPropertiesFile=false
4ca1da
+
4ca1da
+#
4ca1da
 # Determines the default key and trust manager factory algorithms for
4ca1da
 # the javax.net.ssl package.
4ca1da
 #
4ca1da