/[packages]/backports/8/java-latest-openjdk/current/SOURCES/rh1818909-fips_default_keystore_type.patch
ViewVC logotype

Contents of /backports/8/java-latest-openjdk/current/SOURCES/rh1818909-fips_default_keystore_type.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1760752 - (show annotations) (download)
Sat Dec 4 23:35:46 2021 UTC (2 years, 10 months ago) by neoclust
File size: 2765 byte(s)
New version 16.0.2+7
1 diff -r 6efbd7b35a10 src/share/classes/java/security/SystemConfigurator.java
2 --- openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
3 +++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java Mon Mar 02 19:20:17 2020 -0300
4 @@ -123,6 +123,33 @@
5 }
6 props.put(fipsProviderKey, fipsProviderValue);
7 }
8 + // Add other security properties
9 + String keystoreTypeValue = (String) props.get("fips.keystore.type");
10 + if (keystoreTypeValue != null) {
11 + String nonFipsKeystoreType = props.getProperty("keystore.type");
12 + props.put("keystore.type", keystoreTypeValue);
13 + if (keystoreTypeValue.equals("PKCS11")) {
14 + // If keystore.type is PKCS11, javax.net.ssl.keyStore
15 + // must be "NONE". See JDK-8238264.
16 + System.setProperty("javax.net.ssl.keyStore", "NONE");
17 + }
18 + if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
19 + // If no trustStoreType has been set, use the
20 + // previous keystore.type under FIPS mode. In
21 + // a default configuration, the Trust Store will
22 + // be 'cacerts' (JKS type).
23 + System.setProperty("javax.net.ssl.trustStoreType",
24 + nonFipsKeystoreType);
25 + }
26 + if (sdebug != null) {
27 + sdebug.println("FIPS mode default keystore.type = " +
28 + keystoreTypeValue);
29 + sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
30 + System.getProperty("javax.net.ssl.keyStore", ""));
31 + sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
32 + System.getProperty("javax.net.ssl.trustStoreType", ""));
33 + }
34 + }
35 loadedProps = true;
36 }
37 } catch (Exception e) {
38 diff -r 6efbd7b35a10 src/share/lib/security/java.security-linux
39 --- openjdk.orig/src/java.base/share/conf/security/java.security Thu Jan 23 18:22:31 2020 -0300
40 +++ openjdk/src/java.base/share/conf/security/java.security Mon Mar 02 19:20:17 2020 -0300
41 @@ -299,6 +299,11 @@
42 keystore.type=pkcs12
43
44 #
45 +# Default keystore type used when global crypto-policies are set to FIPS.
46 +#
47 +fips.keystore.type=PKCS11
48 +
49 +#
50 # Controls compatibility mode for JKS and PKCS12 keystore types.
51 #
52 # When set to 'true', both JKS and PKCS12 keystore types support loading

  ViewVC Help
Powered by ViewVC 1.1.30