current/SOURCES/PR3183.patch


# HG changeset patch
# User andrew
# Date 1478057514 0
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
# Parent  3d53f19b48384e5252f4ec8891f7a3a82d77af2a
PR3183: Support Fedora/RHEL system crypto policy

diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/classes/java/security/Security.java
--- openjdk/jdk/src/share/classes/java/security/Security.java   Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/classes/java/security/Security.java   Wed Nov 02 03:31:54 2016 +0000
@@ -43,6 +43,9 @@
  * implementation-specific location, which is typically the properties file
  * {@code lib/security/java.security} in the Java installation directory.
  *
+ * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p>
+ *
  * @author Benjamin Renaud
  */
 
@@ -52,6 +55,10 @@
     private static final Debug sdebug =
                         Debug.getInstance("properties");
 
+    /* System property file*/
+    private static final String SYSTEM_PROPERTIES =
+        "/etc/crypto-policies/back-ends/java.config";
+
     /* The java.security properties */
     private static Properties props;
 
@@ -93,6 +100,7 @@
                 if (sdebug != null) {
                     sdebug.println("reading security properties file: " +
                                 propFile);
+                    sdebug.println(props.toString());
                 }
             } catch (IOException e) {
                 if (sdebug != null) {
@@ -114,6 +122,31 @@
         }
 
         if ("true".equalsIgnoreCase(props.getProperty
+                ("security.useSystemPropertiesFile"))) {
+
+            // now load the system file, if it exists, so its values
+            // will win if they conflict with the earlier values
+            try (BufferedInputStream bis =
+                 new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+                props.load(bis);
+                loadedProps = true;
+
+                if (sdebug != null) {
+                    sdebug.println("reading system security properties file " +
+                                   SYSTEM_PROPERTIES);
+                    sdebug.println(props.toString());
+                }
+            } catch (IOException e) {
+                if (sdebug != null) {
+                    sdebug.println
+                        ("unable to load security properties from " +
+                         SYSTEM_PROPERTIES);
+                    e.printStackTrace();
+                }
+            }
+        }
+
+        if ("true".equalsIgnoreCase(props.getProperty
                 ("security.overridePropertiesFile"))) {
 
             String extraPropFile = System.getProperty
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-aix
--- openjdk/jdk/src/share/lib/security/java.security-aix        Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-aix        Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
 security.overridePropertiesFile=true
 
 #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
 # Determines the default key and trust manager factory algorithms for
 # the javax.net.ssl package.
 #
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-linux
--- openjdk/jdk/src/share/lib/security/java.security-linux      Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-linux      Wed Nov 02 03:31:54 2016 +0000
@@ -276,6 +276,13 @@
 security.overridePropertiesFile=true
 
 #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
 # Determines the default key and trust manager factory algorithms for
 # the javax.net.ssl package.
 #
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-macosx
--- openjdk/jdk/src/share/lib/security/java.security-macosx     Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-macosx     Wed Nov 02 03:31:54 2016 +0000
@@ -279,6 +279,13 @@
 security.overridePropertiesFile=true
 
 #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
 # Determines the default key and trust manager factory algorithms for
 # the javax.net.ssl package.
 #
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-solaris
--- openjdk/jdk/src/share/lib/security/java.security-solaris    Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-solaris    Wed Nov 02 03:31:54 2016 +0000
@@ -278,6 +278,13 @@
 security.overridePropertiesFile=true
 
 #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
 # Determines the default key and trust manager factory algorithms for
 # the javax.net.ssl package.
 #
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-windows
--- openjdk/jdk/src/share/lib/security/java.security-windows    Wed Oct 26 03:51:39 2016 +0100
+++ openjdk/jdk/src/share/lib/security/java.security-windows    Wed Nov 02 03:31:54 2016 +0000
@@ -279,6 +279,13 @@
 security.overridePropertiesFile=true
 
 #
+# Determines whether this properties file will be appended to
+# using the system properties file stored at
+# /etc/crypto-policies/back-ends/java.config
+#
+security.useSystemPropertiesFile=false
+
+#
 # Determines the default key and trust manager factory algorithms for
 # the javax.net.ssl package.
 #

1
2	# HG changeset patch
3	# User andrew
4	# Date 1478057514 0
5	# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
6	# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
7	PR3183: Support Fedora/RHEL system crypto policy
8
9	diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/classes/java/security/Security.java
10	--- openjdk/jdk/src/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
11	+++ openjdk/jdk/src/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
12	@@ -43,6 +43,9 @@
13	* implementation-specific location, which is typically the properties file
14	* {@code lib/security/java.security} in the Java installation directory.
15	*
16	+ * <p>Additional default values of security properties are read from a
17	+ * system-specific location, if available.</p>
18	+ *
19	* @author Benjamin Renaud
20	*/
21
22	@@ -52,6 +55,10 @@
23	private static final Debug sdebug =
24	Debug.getInstance("properties");
25
26	+ /* System property file*/
27	+ private static final String SYSTEM_PROPERTIES =
28	+ "/etc/crypto-policies/back-ends/java.config";
29	+
30	/* The java.security properties */
31	private static Properties props;
32
33	@@ -93,6 +100,7 @@
34	if (sdebug != null) {
35	sdebug.println("reading security properties file: " +
36	propFile);
37	+ sdebug.println(props.toString());
38	}
39	} catch (IOException e) {
40	if (sdebug != null) {
41	@@ -114,6 +122,31 @@
42	}
43
44	if ("true".equalsIgnoreCase(props.getProperty
45	+ ("security.useSystemPropertiesFile"))) {
46	+
47	+ // now load the system file, if it exists, so its values
48	+ // will win if they conflict with the earlier values
49	+ try (BufferedInputStream bis =
50	+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
51	+ props.load(bis);
52	+ loadedProps = true;
53	+
54	+ if (sdebug != null) {
55	+ sdebug.println("reading system security properties file " +
56	+ SYSTEM_PROPERTIES);
57	+ sdebug.println(props.toString());
58	+ }
59	+ } catch (IOException e) {
60	+ if (sdebug != null) {
61	+ sdebug.println
62	+ ("unable to load security properties from " +
63	+ SYSTEM_PROPERTIES);
64	+ e.printStackTrace();
65	+ }
66	+ }
67	+ }
68	+
69	+ if ("true".equalsIgnoreCase(props.getProperty
70	("security.overridePropertiesFile"))) {
71
72	String extraPropFile = System.getProperty
73	diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-aix
74	--- openjdk/jdk/src/share/lib/security/java.security-aix Wed Oct 26 03:51:39 2016 +0100
75	+++ openjdk/jdk/src/share/lib/security/java.security-aix Wed Nov 02 03:31:54 2016 +0000
76	@@ -276,6 +276,13 @@
77	security.overridePropertiesFile=true
78
79	#
80	+# Determines whether this properties file will be appended to
81	+# using the system properties file stored at
82	+# /etc/crypto-policies/back-ends/java.config
83	+#
84	+security.useSystemPropertiesFile=false
85	+
86	+#
87	# Determines the default key and trust manager factory algorithms for
88	# the javax.net.ssl package.
89	#
90	diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-linux
91	--- openjdk/jdk/src/share/lib/security/java.security-linux Wed Oct 26 03:51:39 2016 +0100
92	+++ openjdk/jdk/src/share/lib/security/java.security-linux Wed Nov 02 03:31:54 2016 +0000
93	@@ -276,6 +276,13 @@
94	security.overridePropertiesFile=true
95
96	#
97	+# Determines whether this properties file will be appended to
98	+# using the system properties file stored at
99	+# /etc/crypto-policies/back-ends/java.config
100	+#
101	+security.useSystemPropertiesFile=false
102	+
103	+#
104	# Determines the default key and trust manager factory algorithms for
105	# the javax.net.ssl package.
106	#
107	diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-macosx
108	--- openjdk/jdk/src/share/lib/security/java.security-macosx Wed Oct 26 03:51:39 2016 +0100
109	+++ openjdk/jdk/src/share/lib/security/java.security-macosx Wed Nov 02 03:31:54 2016 +0000
110	@@ -279,6 +279,13 @@
111	security.overridePropertiesFile=true
112
113	#
114	+# Determines whether this properties file will be appended to
115	+# using the system properties file stored at
116	+# /etc/crypto-policies/back-ends/java.config
117	+#
118	+security.useSystemPropertiesFile=false
119	+
120	+#
121	# Determines the default key and trust manager factory algorithms for
122	# the javax.net.ssl package.
123	#
124	diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-solaris
125	--- openjdk/jdk/src/share/lib/security/java.security-solaris Wed Oct 26 03:51:39 2016 +0100
126	+++ openjdk/jdk/src/share/lib/security/java.security-solaris Wed Nov 02 03:31:54 2016 +0000
127	@@ -278,6 +278,13 @@
128	security.overridePropertiesFile=true
129
130	#
131	+# Determines whether this properties file will be appended to
132	+# using the system properties file stored at
133	+# /etc/crypto-policies/back-ends/java.config
134	+#
135	+security.useSystemPropertiesFile=false
136	+
137	+#
138	# Determines the default key and trust manager factory algorithms for
139	# the javax.net.ssl package.
140	#
141	diff -r 3d53f19b4838 -r 1c4d5cb2096a src/share/lib/security/java.security-windows
142	--- openjdk/jdk/src/share/lib/security/java.security-windows Wed Oct 26 03:51:39 2016 +0100
143	+++ openjdk/jdk/src/share/lib/security/java.security-windows Wed Nov 02 03:31:54 2016 +0000
144	@@ -279,6 +279,13 @@
145	security.overridePropertiesFile=true
146
147	#
148	+# Determines whether this properties file will be appended to
149	+# using the system properties file stored at
150	+# /etc/crypto-policies/back-ends/java.config
151	+#
152	+security.useSystemPropertiesFile=false
153	+
154	+#
155	# Determines the default key and trust manager factory algorithms for
156	# the javax.net.ssl package.
157	#
158