From ac22b491e93a895b99bb5928f50cadc96b870938 Mon Sep 17 00:00:00 2001 From: Packit Date: Oct 27 2020 19:06:15 +0000 Subject: Apply patch pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch patch_name: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch present_in_specfile: true no_prefix: true --- diff --git a/openjdk/jdk/src/share/classes/java/security/Security.java b/openjdk/jdk/src/share/classes/java/security/Security.java index 0db09da..d974979 100644 --- a/openjdk/jdk/src/share/classes/java/security/Security.java +++ b/openjdk/jdk/src/share/classes/java/security/Security.java @@ -43,6 +43,9 @@ import sun.security.jca.*; * implementation-specific location, which is typically the properties file * {@code lib/security/java.security} in the Java installation directory. * + *

Additional default values of security properties are read from a + * system-specific location, if available.

+ * * @author Benjamin Renaud */ @@ -52,6 +55,10 @@ public final class Security { private static final Debug sdebug = Debug.getInstance("properties"); + /* System property file*/ + private static final String SYSTEM_PROPERTIES = + "/etc/crypto-policies/back-ends/java.config"; + /* The java.security properties */ private static Properties props; @@ -93,6 +100,7 @@ public final class Security { if (sdebug != null) { sdebug.println("reading security properties file: " + propFile); + sdebug.println(props.toString()); } } catch (IOException e) { if (sdebug != null) { @@ -114,6 +122,31 @@ public final class Security { } if ("true".equalsIgnoreCase(props.getProperty + ("security.useSystemPropertiesFile"))) { + + // now load the system file, if it exists, so its values + // will win if they conflict with the earlier values + try (BufferedInputStream bis = + new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { + props.load(bis); + loadedProps = true; + + if (sdebug != null) { + sdebug.println("reading system security properties file " + + SYSTEM_PROPERTIES); + sdebug.println(props.toString()); + } + } catch (IOException e) { + if (sdebug != null) { + sdebug.println + ("unable to load security properties from " + + SYSTEM_PROPERTIES); + e.printStackTrace(); + } + } + } + + if ("true".equalsIgnoreCase(props.getProperty ("security.overridePropertiesFile"))) { String extraPropFile = System.getProperty diff --git a/openjdk/jdk/src/share/lib/security/java.security-aix b/openjdk/jdk/src/share/lib/security/java.security-aix index e57fd58..4fa5e74 100644 --- a/openjdk/jdk/src/share/lib/security/java.security-aix +++ b/openjdk/jdk/src/share/lib/security/java.security-aix @@ -288,6 +288,13 @@ package.definition=sun.,\ security.overridePropertiesFile=true # +# Determines whether this properties file will be appended to +# using the system properties file stored at +# /etc/crypto-policies/back-ends/java.config +# +security.useSystemPropertiesFile=false + +# # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. # diff --git a/openjdk/jdk/src/share/lib/security/java.security-linux b/openjdk/jdk/src/share/lib/security/java.security-linux index 0e3e216..d17ed61 100644 --- a/openjdk/jdk/src/share/lib/security/java.security-linux +++ b/openjdk/jdk/src/share/lib/security/java.security-linux @@ -288,6 +288,13 @@ package.definition=sun.,\ security.overridePropertiesFile=true # +# Determines whether this properties file will be appended to +# using the system properties file stored at +# /etc/crypto-policies/back-ends/java.config +# +security.useSystemPropertiesFile=true + +# # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. # diff --git a/openjdk/jdk/src/share/lib/security/java.security-macosx b/openjdk/jdk/src/share/lib/security/java.security-macosx index 7ca95de..f18a5a0 100644 --- a/openjdk/jdk/src/share/lib/security/java.security-macosx +++ b/openjdk/jdk/src/share/lib/security/java.security-macosx @@ -291,6 +291,13 @@ package.definition=sun.,\ security.overridePropertiesFile=true # +# Determines whether this properties file will be appended to +# using the system properties file stored at +# /etc/crypto-policies/back-ends/java.config +# +security.useSystemPropertiesFile=false + +# # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. # diff --git a/openjdk/jdk/src/share/lib/security/java.security-solaris b/openjdk/jdk/src/share/lib/security/java.security-solaris index ef59867..56809f9 100644 --- a/openjdk/jdk/src/share/lib/security/java.security-solaris +++ b/openjdk/jdk/src/share/lib/security/java.security-solaris @@ -289,6 +289,13 @@ package.definition=sun.,\ security.overridePropertiesFile=true # +# Determines whether this properties file will be appended to +# using the system properties file stored at +# /etc/crypto-policies/back-ends/java.config +# +security.useSystemPropertiesFile=false + +# # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. # diff --git a/openjdk/jdk/src/share/lib/security/java.security-windows b/openjdk/jdk/src/share/lib/security/java.security-windows index 2bc5107..ab9fb6e 100644 --- a/openjdk/jdk/src/share/lib/security/java.security-windows +++ b/openjdk/jdk/src/share/lib/security/java.security-windows @@ -291,6 +291,13 @@ package.definition=sun.,\ security.overridePropertiesFile=true # +# Determines whether this properties file will be appended to +# using the system properties file stored at +# /etc/crypto-policies/back-ends/java.config +# +security.useSystemPropertiesFile=false + +# # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. #