current/SOURCES/pr2888.patch

# HG changeset patch
# User andrew
# Date 1459487045 -3600
#      Fri Apr 01 06:04:05 2016 +0100
# Node ID 3334efeacd8327a14b7d2f392f4546e3c29c594b
# Parent  6b81fd2227d14226f2121f2d51b464536925686e
PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)

diff --git a/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java b/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
--- openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
@@ -174,15 +174,20 @@
                     storeFile = new File(storeFileName);
                     fis = getFileInputStream(storeFile);
                 } else {
-                    String javaHome = props.get("javaHome");
-                    storeFile = new File(javaHome + sep + "lib" + sep
-                                                    + "security" + sep +
-                                                    "jssecacerts");
+                    /* Check system cacerts DB first; /etc/pki/java/cacerts */
+                    storeFile = new File(sep + "etc" + sep + "pki" + sep
+                                         + "java" + sep + "cacerts");
                     if ((fis = getFileInputStream(storeFile)) == null) {
+                        String javaHome = props.get("javaHome");
                         storeFile = new File(javaHome + sep + "lib" + sep
-                                                    + "security" + sep +
-                                                    "cacerts");
-                        fis = getFileInputStream(storeFile);
+                                             + "security" + sep +
+                                             "jssecacerts");
+                        if ((fis = getFileInputStream(storeFile)) == null) {
+                            storeFile = new File(javaHome + sep + "lib" + sep
+                                                 + "security" + sep +
+                                                 "cacerts");
+                            fis = getFileInputStream(storeFile);
+                        }
                     }
                 }
 
diff --git a/src/share/classes/sun/security/tools/KeyStoreUtil.java b/src/share/classes/sun/security/tools/KeyStoreUtil.java
--- openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
@@ -87,9 +87,14 @@
         throws Exception
     {
         String sep = File.separator;
-        File file = new File(System.getProperty("java.home") + sep
-                             + "lib" + sep + "security" + sep
-                             + "cacerts");
+        /* Check system cacerts DB first; /etc/pki/java/cacerts */
+        File file = new File(sep + "etc" + sep + "pki" + sep
+                             + "java" + sep + "cacerts");
+        if (!file.exists()) {
+            file = new File(System.getProperty("java.home") + sep
+                            + "lib" + sep + "security" + sep
+                            + "cacerts");
+        }
         if (!file.exists()) {
             return null;
         }
1	# HG changeset patch
2	# User andrew
3	# Date 1459487045 -3600
4	# Fri Apr 01 06:04:05 2016 +0100
5	# Node ID 3334efeacd8327a14b7d2f392f4546e3c29c594b
6	# Parent 6b81fd2227d14226f2121f2d51b464536925686e
7	PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
8
9	diff --git a/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java b/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
10	--- openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
11	+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
12	@@ -174,15 +174,20 @@
13	storeFile = new File(storeFileName);
14	fis = getFileInputStream(storeFile);
15	} else {
16	- String javaHome = props.get("javaHome");
17	- storeFile = new File(javaHome + sep + "lib" + sep
18	- + "security" + sep +
19	- "jssecacerts");
20	+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
21	+ storeFile = new File(sep + "etc" + sep + "pki" + sep
22	+ + "java" + sep + "cacerts");
23	if ((fis = getFileInputStream(storeFile)) == null) {
24	+ String javaHome = props.get("javaHome");
25	storeFile = new File(javaHome + sep + "lib" + sep
26	- + "security" + sep +
27	- "cacerts");
28	- fis = getFileInputStream(storeFile);
29	+ + "security" + sep +
30	+ "jssecacerts");
31	+ if ((fis = getFileInputStream(storeFile)) == null) {
32	+ storeFile = new File(javaHome + sep + "lib" + sep
33	+ + "security" + sep +
34	+ "cacerts");
35	+ fis = getFileInputStream(storeFile);
36	+ }
37	}
38	}
39
40	diff --git a/src/share/classes/sun/security/tools/KeyStoreUtil.java b/src/share/classes/sun/security/tools/KeyStoreUtil.java
41	--- openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
42	+++ openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
43	@@ -87,9 +87,14 @@
44	throws Exception
45	{
46	String sep = File.separator;
47	- File file = new File(System.getProperty("java.home") + sep
48	- + "lib" + sep + "security" + sep
49	- + "cacerts");
50	+ /* Check system cacerts DB first; /etc/pki/java/cacerts */
51	+ File file = new File(sep + "etc" + sep + "pki" + sep
52	+ + "java" + sep + "cacerts");
53	+ if (!file.exists()) {
54	+ file = new File(System.getProperty("java.home") + sep
55	+ + "lib" + sep + "security" + sep
56	+ + "cacerts");
57	+ }
58	if (!file.exists()) {
59	return null;
60	}