|
 |
4ca1da |
|
|
|
4ca1da |
# HG changeset patch
|
|
|
4ca1da |
# User andrew
|
|
|
4ca1da |
# Date 1478057514 0
|
|
|
4ca1da |
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
|
|
|
4ca1da |
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
|
|
|
4ca1da |
PR3183: Support Fedora/RHEL system crypto policy
|
|
|
4ca1da |
|
|
|
4ca1da |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/classes/java/security/Security.java
|
|
|
4ca1da |
--- openjdk/jdk/src/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
|
|
|
4ca1da |
+++ openjdk/jdk/src/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
|
|
|
4ca1da |
@@ -43,6 +43,9 @@
|
|
|
4ca1da |
* implementation-specific location, which is typically the properties file
|
|
|
4ca1da |
* {@code lib/security/java.security} in the Java installation directory.
|
|
|
4ca1da |
*
|
|
|
4ca1da |
+ * Additional default values of security properties are read from a
|
|
|
4ca1da |
+ * system-specific location, if available.
|
|
|
4ca1da |
+ *
|
|
|
4ca1da |
* @author Benjamin Renaud
|
|
|
4ca1da |
*/
|
|
|
4ca1da |
|
|
|
4ca1da |
@@ -52,6 +55,10 @@
|
|
|
4ca1da |
private static final Debug sdebug =
|
|
|
4ca1da |
Debug.getInstance("properties");
|
|
|
4ca1da |
|
|
|
4ca1da |
+ /* System property file*/
|
|
|
4ca1da |
+ private static final String SYSTEM_PROPERTIES =
|
|
|
4ca1da |
+ "/etc/crypto-policies/back-ends/java.config";
|
|
|
4ca1da |
+
|
|
|
4ca1da |
/* The java.security properties */
|
|
|
4ca1da |
private static Properties props;
|
|
|
4ca1da |
|
|
|
4ca1da |
@@ -93,6 +100,7 @@
|
|
|
4ca1da |
if (sdebug != null) {
|
|
|
4ca1da |
sdebug.println("reading security properties file: " +
|
|
|
4ca1da |
propFile);
|
|
|
4ca1da |
+ sdebug.println(props.toString());
|
|
|
4ca1da |
}
|
|
|
4ca1da |
} catch (IOException e) {
|
|
|
4ca1da |
if (sdebug != null) {
|
|
|
4ca1da |
@@ -114,6 +122,31 @@
|
|
|
4ca1da |
}
|
|
|
4ca1da |
|
|
|
4ca1da |
if ("true".equalsIgnoreCase(props.getProperty
|
|
|
4ca1da |
+ ("security.useSystemPropertiesFile"))) {
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+ // now load the system file, if it exists, so its values
|
|
|
4ca1da |
+ // will win if they conflict with the earlier values
|
|
|
4ca1da |
+ try (BufferedInputStream bis =
|
|
|
4ca1da |
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
|
|
4ca1da |
+ props.load(bis);
|
|
|
4ca1da |
+ loadedProps = true;
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+ if (sdebug != null) {
|
|
|
4ca1da |
+ sdebug.println("reading system security properties file " +
|
|
|
4ca1da |
+ SYSTEM_PROPERTIES);
|
|
|
4ca1da |
+ sdebug.println(props.toString());
|
|
|
4ca1da |
+ }
|
|
|
4ca1da |
+ } catch (IOException e) {
|
|
|
4ca1da |
+ if (sdebug != null) {
|
|
|
4ca1da |
+ sdebug.println
|
|
|
4ca1da |
+ ("unable to load security properties from " +
|
|
|
4ca1da |
+ SYSTEM_PROPERTIES);
|
|
|
4ca1da |
+ e.printStackTrace();
|
|
|
4ca1da |
+ }
|
|
|
4ca1da |
+ }
|
|
|
4ca1da |
+ }
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+ if ("true".equalsIgnoreCase(props.getProperty
|
|
|
4ca1da |
("security.overridePropertiesFile"))) {
|
|
|
4ca1da |
|
|
|
4ca1da |
String extraPropFile = System.getProperty
|
|
|
4ca1da |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-aix
|
|
|
4ca1da |
--- openjdk/jdk/src/share/lib/security/java.security-aix Wed Oct 26 03:51:39 2016 +0100
|
|
|
4ca1da |
+++ openjdk/jdk/src/share/lib/security/java.security-aix Wed Nov 02 03:31:54 2016 +0000
|
|
|
4ca1da |
@@ -276,6 +276,13 @@
|
|
|
4ca1da |
security.overridePropertiesFile=true
|
|
|
4ca1da |
|
|
|
4ca1da |
#
|
|
|
4ca1da |
+# Determines whether this properties file will be appended to
|
|
|
4ca1da |
+# using the system properties file stored at
|
|
|
4ca1da |
+# /etc/crypto-policies/back-ends/java.config
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
+security.useSystemPropertiesFile=false
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
# Determines the default key and trust manager factory algorithms for
|
|
|
4ca1da |
# the javax.net.ssl package.
|
|
|
4ca1da |
#
|
|
|
4ca1da |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-linux
|
|
|
4ca1da |
--- openjdk/jdk/src/share/lib/security/java.security-linux Wed Oct 26 03:51:39 2016 +0100
|
|
|
4ca1da |
+++ openjdk/jdk/src/share/lib/security/java.security-linux Wed Nov 02 03:31:54 2016 +0000
|
|
|
4ca1da |
@@ -276,6 +276,13 @@
|
|
|
4ca1da |
security.overridePropertiesFile=true
|
|
|
4ca1da |
|
|
|
4ca1da |
#
|
|
|
4ca1da |
+# Determines whether this properties file will be appended to
|
|
|
4ca1da |
+# using the system properties file stored at
|
|
|
4ca1da |
+# /etc/crypto-policies/back-ends/java.config
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
+security.useSystemPropertiesFile=true
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
# Determines the default key and trust manager factory algorithms for
|
|
|
4ca1da |
# the javax.net.ssl package.
|
|
|
4ca1da |
#
|
|
|
4ca1da |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-macosx
|
|
|
4ca1da |
--- openjdk/jdk/src/share/lib/security/java.security-macosx Wed Oct 26 03:51:39 2016 +0100
|
|
|
4ca1da |
+++ openjdk/jdk/src/share/lib/security/java.security-macosx Wed Nov 02 03:31:54 2016 +0000
|
|
|
4ca1da |
@@ -279,6 +279,13 @@
|
|
|
4ca1da |
security.overridePropertiesFile=true
|
|
|
4ca1da |
|
|
|
4ca1da |
#
|
|
|
4ca1da |
+# Determines whether this properties file will be appended to
|
|
|
4ca1da |
+# using the system properties file stored at
|
|
|
4ca1da |
+# /etc/crypto-policies/back-ends/java.config
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
+security.useSystemPropertiesFile=false
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
# Determines the default key and trust manager factory algorithms for
|
|
|
4ca1da |
# the javax.net.ssl package.
|
|
|
4ca1da |
#
|
|
|
4ca1da |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-solaris
|
|
|
4ca1da |
--- openjdk/jdk/src/share/lib/security/java.security-solaris Wed Oct 26 03:51:39 2016 +0100
|
|
|
4ca1da |
+++ openjdk/jdk/src/share/lib/security/java.security-solaris Wed Nov 02 03:31:54 2016 +0000
|
|
|
4ca1da |
@@ -278,6 +278,13 @@
|
|
|
4ca1da |
security.overridePropertiesFile=true
|
|
|
4ca1da |
|
|
|
4ca1da |
#
|
|
|
4ca1da |
+# Determines whether this properties file will be appended to
|
|
|
4ca1da |
+# using the system properties file stored at
|
|
|
4ca1da |
+# /etc/crypto-policies/back-ends/java.config
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
+security.useSystemPropertiesFile=false
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
# Determines the default key and trust manager factory algorithms for
|
|
|
4ca1da |
# the javax.net.ssl package.
|
|
|
4ca1da |
#
|
|
|
4ca1da |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-windows
|
|
|
4ca1da |
--- openjdk/jdk/src/share/lib/security/java.security-windows Wed Oct 26 03:51:39 2016 +0100
|
|
|
4ca1da |
+++ openjdk/jdk/src/share/lib/security/java.security-windows Wed Nov 02 03:31:54 2016 +0000
|
|
|
4ca1da |
@@ -279,6 +279,13 @@
|
|
|
4ca1da |
security.overridePropertiesFile=true
|
|
|
4ca1da |
|
|
|
4ca1da |
#
|
|
|
4ca1da |
+# Determines whether this properties file will be appended to
|
|
|
4ca1da |
+# using the system properties file stored at
|
|
|
4ca1da |
+# /etc/crypto-policies/back-ends/java.config
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
+security.useSystemPropertiesFile=false
|
|
|
4ca1da |
+
|
|
|
4ca1da |
+#
|
|
|
4ca1da |
# Determines the default key and trust manager factory algorithms for
|
|
|
4ca1da |
# the javax.net.ssl package.
|
|
|
4ca1da |
#
|
|
|
4ca1da |
|