|
|
c0ba06 |
|
|
|
c0ba06 |
# HG changeset patch
|
|
|
c0ba06 |
# User andrew
|
|
|
c0ba06 |
# Date 1478057514 0
|
|
|
c0ba06 |
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
|
|
|
c0ba06 |
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
|
|
|
c0ba06 |
PR3183: Support Fedora/RHEL system crypto policy
|
|
|
c0ba06 |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
|
|
|
c0ba06 |
--- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
|
|
|
c0ba06 |
+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
|
|
|
c0ba06 |
@@ -43,6 +43,9 @@
|
|
|
c0ba06 |
* implementation-specific location, which is typically the properties file
|
|
|
c0ba06 |
* {@code conf/security/java.security} in the Java installation directory.
|
|
|
c0ba06 |
*
|
|
|
c0ba06 |
+ * Additional default values of security properties are read from a
|
|
|
c0ba06 |
+ * system-specific location, if available.
|
|
|
c0ba06 |
+ *
|
|
|
c0ba06 |
* @author Benjamin Renaud
|
|
|
c0ba06 |
* @since 1.1
|
|
|
c0ba06 |
*/
|
|
|
c0ba06 |
@@ -52,6 +55,10 @@
|
|
|
c0ba06 |
private static final Debug sdebug =
|
|
|
c0ba06 |
Debug.getInstance("properties");
|
|
|
c0ba06 |
|
|
|
c0ba06 |
+ /* System property file*/
|
|
|
c0ba06 |
+ private static final String SYSTEM_PROPERTIES =
|
|
|
c0ba06 |
+ "/etc/crypto-policies/back-ends/java.config";
|
|
|
c0ba06 |
+
|
|
|
c0ba06 |
/* The java.security properties */
|
|
|
c0ba06 |
private static Properties props;
|
|
|
c0ba06 |
|
|
|
c0ba06 |
@@ -93,6 +100,7 @@
|
|
|
c0ba06 |
if (sdebug != null) {
|
|
|
c0ba06 |
sdebug.println("reading security properties file: " +
|
|
|
c0ba06 |
propFile);
|
|
|
c0ba06 |
+ sdebug.println(props.toString());
|
|
|
c0ba06 |
}
|
|
|
c0ba06 |
} catch (IOException e) {
|
|
|
c0ba06 |
if (sdebug != null) {
|
|
|
c0ba06 |
@@ -114,6 +122,31 @@
|
|
|
c0ba06 |
}
|
|
|
c0ba06 |
|
|
|
c0ba06 |
if ("true".equalsIgnoreCase(props.getProperty
|
|
|
c0ba06 |
+ ("security.useSystemPropertiesFile"))) {
|
|
|
c0ba06 |
+
|
|
|
c0ba06 |
+ // now load the system file, if it exists, so its values
|
|
|
c0ba06 |
+ // will win if they conflict with the earlier values
|
|
|
c0ba06 |
+ try (BufferedInputStream bis =
|
|
|
c0ba06 |
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
|
|
c0ba06 |
+ props.load(bis);
|
|
|
c0ba06 |
+ loadedProps = true;
|
|
|
c0ba06 |
+
|
|
|
c0ba06 |
+ if (sdebug != null) {
|
|
|
c0ba06 |
+ sdebug.println("reading system security properties file " +
|
|
|
c0ba06 |
+ SYSTEM_PROPERTIES);
|
|
|
c0ba06 |
+ sdebug.println(props.toString());
|
|
|
c0ba06 |
+ }
|
|
|
c0ba06 |
+ } catch (IOException e) {
|
|
|
c0ba06 |
+ if (sdebug != null) {
|
|
|
c0ba06 |
+ sdebug.println
|
|
|
c0ba06 |
+ ("unable to load security properties from " +
|
|
|
c0ba06 |
+ SYSTEM_PROPERTIES);
|
|
|
c0ba06 |
+ e.printStackTrace();
|
|
|
c0ba06 |
+ }
|
|
|
c0ba06 |
+ }
|
|
|
c0ba06 |
+ }
|
|
|
c0ba06 |
+
|
|
|
c0ba06 |
+ if ("true".equalsIgnoreCase(props.getProperty
|
|
|
c0ba06 |
("security.overridePropertiesFile"))) {
|
|
|
c0ba06 |
|
|
|
c0ba06 |
String extraPropFile = System.getProperty
|
|
|
c0ba06 |
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security
|
|
|
c0ba06 |
--- a/src/java.base/share/conf/security/java.security Wed Oct 26 03:51:39 2016 +0100
|
|
|
c0ba06 |
+++ b/src/java.base/share/conf/security/java.security Wed Nov 02 03:31:54 2016 +0000
|
|
|
c0ba06 |
@@ -276,6 +276,13 @@
|
|
|
c0ba06 |
security.overridePropertiesFile=true
|
|
|
c0ba06 |
|
|
|
c0ba06 |
#
|
|
|
c0ba06 |
+# Determines whether this properties file will be appended to
|
|
|
c0ba06 |
+# using the system properties file stored at
|
|
|
c0ba06 |
+# /etc/crypto-policies/back-ends/java.config
|
|
|
c0ba06 |
+#
|
|
|
c0ba06 |
+security.useSystemPropertiesFile=true
|
|
|
c0ba06 |
+
|
|
|
c0ba06 |
+#
|
|
|
c0ba06 |
# Determines the default key and trust manager factory algorithms for
|
|
|
c0ba06 |
# the javax.net.ssl package.
|
|
|
c0ba06 |
#
|