Mercurial > hg > openjdk > jdk6 > jdk
changeset 1735:364a8df129df jdk6-b45
8157561: Ship the unlimited policy files in JDK Updates
Reviewed-by: wetmore, erikj
author | coffeys |
---|---|
date | Wed, 09 Nov 2016 21:09:10 +0000 |
parents | 22eb21adb15a |
children | e0220f50a3b4 |
files | make/java/security/Makefile make/javax/crypto/Makefile make/tools/Makefile make/tools/customizesecurityfile/Makefile make/tools/src/build/tools/customizesecurityfile/CryptoLevel.java src/share/classes/javax/crypto/JceSecurity.java src/share/lib/security/java.security-linux src/share/lib/security/java.security-solaris src/share/lib/security/java.security-windows test/javax/crypto/CryptoPermission/TestUnlimited.java |
diffstat | 10 files changed, 518 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/make/java/security/Makefile Fri Nov 18 12:25:10 2016 +0300 +++ b/make/java/security/Makefile Wed Nov 09 21:09:10 2016 +0000 @@ -30,6 +30,9 @@ JAVAC_LINT_OPTIONS = -Xlint:all,-deprecation include $(BUILDDIR)/common/Defs.gmk +CRYPTOLEVEL_JARFILE = $(BUILDTOOLJARDIR)/customizesecurityfile.jar +TOOL_CRYPTOLEVEL = $(BOOT_JAVA_CMD) -jar $(CRYPTOLEVEL_JARFILE) + # # Rules # @@ -57,7 +60,6 @@ endif endif # PLATFORM - PROPS_BUILD = $(LIBDIR)/security/java.security SUNPKCS11_SRC = $(TOPDIR)/src/share/lib/security/sunpkcs11-solaris.cfg @@ -89,7 +91,13 @@ cacerts: classes $(CACERTS_BUILD) $(PROPS_BUILD): $(PROPS_SRC) - $(install-file) + $(MKDIR) -p $(@D) + $(CP) $^ $@.tmp + if [ "x$(UNLIMITED_CRYPTO)" = "xtrue" ] ; then \ + $(TOOL_CRYPTOLEVEL) $@.tmp $@.tmp2 unlimited; \ + $(MV) $@.tmp2 $@.tmp; \ + fi + $(MV) $@.tmp $@ $(SUNPKCS11_BUILD): $(SUNPKCS11_SRC) $(install-file)
--- a/make/javax/crypto/Makefile Fri Nov 18 12:25:10 2016 +0300 +++ b/make/javax/crypto/Makefile Wed Nov 09 21:09:10 2016 +0000 @@ -157,12 +157,7 @@ # ifdef OPENJDK -ifdef UNLIMITED_CRYPTO -POLICY = install-unlimited -else -POLICY = install-limited -endif -all: build-jar install-jar build-policy $(POLICY) +all: build-jar install-jar build-policy install-unlimited install-limited else # OPENJDK ifeq ($(strip $(FILES_java)),) all: @@ -258,6 +253,8 @@ # POLICY_DESTDIR = $(LIBDIR)/security +LIMITED_JARS_DESTDIR = $(POLICY_DESTDIR)/policy/limited +UNLIMITED_JARS_DESTDIR = $(POLICY_DESTDIR)/policy/unlimited UNSIGNED_POLICY_BUILDDIR = $(UNSIGNED_DIR)/policy build-policy: unlimited limited @@ -434,11 +431,11 @@ install-limited: \ $(INSTALL_POLICYDIR)/limited/US_export_policy.jar \ $(INSTALL_POLICYDIR)/limited/local_policy.jar - $(MKDIR) -p $(POLICY_DESTDIR) + $(MKDIR) -p $(LIMITED_JARS_DESTDIR) $(RM) \ - $(POLICY_DESTDIR)/US_export_policy.jar \ - $(POLICY_DESTDIR)/local_policy.jar - $(CP) $^ $(POLICY_DESTDIR) + $(LIMITED_JARS_DESTDIR)/US_export_policy.jar \ + $(LIMITED_JARS_DESTDIR)/local_policy.jar + $(CP) $^ $(LIMITED_JARS_DESTDIR) ifndef OPENJDK $(release-warning) endif @@ -446,11 +443,11 @@ install-unlimited: \ $(INSTALL_POLICYDIR)/unlimited/US_export_policy.jar \ $(INSTALL_POLICYDIR)/unlimited/local_policy.jar - $(MKDIR) -p $(POLICY_DESTDIR) + $(MKDIR) -p $(UNLIMITED_JARS_DESTDIR) $(RM) \ - $(POLICY_DESTDIR)/US_export_policy.jar \ - $(POLICY_DESTDIR)/local_policy.jar - $(CP) $^ $(POLICY_DESTDIR) + $(UNLIMITED_JARS_DESTDIR)/US_export_policy.jar \ + $(UNLIMITED_JARS_DESTDIR)/local_policy.jar + $(CP) $^ $(UNLIMITED_JARS_DESTDIR) ifndef OPENJDK $(release-warning) endif
--- a/make/tools/Makefile Fri Nov 18 12:25:10 2016 +0300 +++ b/make/tools/Makefile Wed Nov 09 21:09:10 2016 +0000 @@ -49,7 +49,8 @@ jdwpgen \ makeclasslist \ spp \ - strip_properties + strip_properties \ + customizesecurityfile ifndef DISABLE_NIMBUS SUBDIRS += generate_nimbus
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/make/tools/customizesecurityfile/Makefile Wed Nov 09 21:09:10 2016 +0000 @@ -0,0 +1,43 @@ +# +# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Oracle designates this +# particular file as subject to the "Classpath" exception as provided +# by Oracle in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# +# Makefile for building the customizesecurityfile tool +# + +BUILDDIR = ../.. +PACKAGE = build.tools.customizesecurityfile +PRODUCT = tools +PROGRAM = customizesecurityfile +include $(BUILDDIR)/common/Defs.gmk + +BUILDTOOL_SOURCE_ROOT = $(BUILDDIR)/tools/src +BUILDTOOL_MAIN = $(PKGDIR)/CryptoLevel.java + +# +# Build tool jar rules. +# +include $(BUILDDIR)/common/BuildToolJar.gmk +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/make/tools/src/build/tools/customizesecurityfile/CryptoLevel.java Wed Nov 09 21:09:10 2016 +0000 @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package build.tools.customizesecurityfile; + +import java.io.*; + +/** + * Alters the crypto.policy security property + * if --enable-unlimited-crypto is enabled. + */ +public class CryptoLevel { + + private static final String PROP_NAME = "crypto.policy"; + + public static void main(String[] args) throws Exception { + boolean fileModified = false; + + if (args.length < 3) { + System.err.println("Usage: java CryptoLevel" + + "[input java.security file name] " + + "[output java.security file name] " + + "[unlimited|limited]"); + System.exit(1); + } + if (!args[2].equals("unlimited") && !args[2].equals("limited")) { + System.err.println("CryptoLevel error: Unexpected " + + "input: " + args[2]); + System.exit(1); + } + + BufferedReader br = null; + BufferedWriter bw = null; + try { + br = new BufferedReader(new FileReader(args[0])); + bw = new BufferedWriter(new FileWriter(args[1])); + + // parse the file line-by-line, looking for crypto.policy + String line = br.readLine(); + while (line != null) { + if (line.startsWith('#' + PROP_NAME) || + line.startsWith(PROP_NAME)) { + writeLine(bw, PROP_NAME + "=" + args[2]); + fileModified = true; + } else { + writeLine(bw, line); + } + line = br.readLine(); + } + if (!fileModified) { + //no previous setting seen. Insert at end + writeLine(bw, PROP_NAME + "=" + args[2]); + } + bw.flush(); + } finally { + if (br != null) { + br.close(); + } + if (bw != null) { + bw.close(); + } + } + } + + private static void writeLine(BufferedWriter bw, String line) + throws IOException + { + bw.write(line); + bw.newLine(); + } +}
--- a/src/share/classes/javax/crypto/JceSecurity.java Fri Nov 18 12:25:10 2016 +0300 +++ b/src/share/classes/javax/crypto/JceSecurity.java Wed Nov 09 21:09:10 2016 +0000 @@ -35,6 +35,7 @@ import sun.security.jca.*; import sun.security.jca.GetInstance.Instance; +import sun.security.util.Debug; /** * This class instantiates implementations of JCE engine classes from @@ -45,7 +46,7 @@ * @since 1.4 */ -final class JceSecurity { +final class JceSecurity { static final SecureRandom RANDOM = new SecureRandom(); @@ -67,6 +68,9 @@ // Set the default value. May be changed in the static initializer. private static boolean isRestricted = true; + private static final Debug debug = + Debug.getInstance("jca", "Cipher"); + /* * Don't let anyone instantiate this. */ @@ -205,7 +209,7 @@ static { try { - NULL_URL = new URL("http://null.sun.com/"); + NULL_URL = new URL("http://null.oracle.com/"); } catch (Exception e) { throw new RuntimeException(e); } @@ -240,14 +244,70 @@ } } + /* + * This is called from within an doPrivileged block. + * + * Following logic is used to decide what policy files are selected. + * + * If the new Security property (crypto.policy) is set in the + * java.security file, or has been set dynamically using the + * Security.setProperty() call before the JCE framework has + * been initialized, that setting will be used. + * Remember - this property is not defined by default. A conscious + * user edit or an application call is required. + * + * Otherwise, if user has policy jar files installed in the legacy + * jre/lib/security/ directory, the JDK will honor whatever + * setting is set by those policy files. (legacy/current behavior) + * + * If none of the above 2 conditions are met, the JDK will default + * to using the limited crypto policy files found in the + * jre/lib/security/policy/limited/ directory + */ private static void setupJurisdictionPolicies() throws Exception { - String javaHomeDir = System.getProperty("java.home"); - String sep = File.separator; - String pathToPolicyJar = javaHomeDir + sep + "lib" + sep + - "security" + sep; + // Sanity check the crypto.policy Security property. Single + // directory entry, no pseudo-directories (".", "..", leading/trailing + // path separators). normalize()/getParent() will help later. + String javaHomeProperty = System.getProperty("java.home"); + String cryptoPolicyProperty = Security.getProperty("crypto.policy"); + final String fs = File.separator; + String cpPath = cryptoPolicyProperty; + + if ((cpPath != null) && ((cpPath.contains(fs)) || + ".".equals(cpPath) || "..".equals(cpPath))) { + throw new SecurityException( + "Invalid policy directory name format: " + + cryptoPolicyProperty); + } - File exportJar = new File(pathToPolicyJar, "US_export_policy.jar"); - File importJar = new File(pathToPolicyJar, "local_policy.jar"); + if (cpPath == null) { + // Security property is not set, use default path + cpPath = javaHomeProperty + fs + "lib" + fs + "security"; + } else { + // populate with java.home + cpPath = javaHomeProperty + fs + "lib" + fs + "security" + fs + + "policy" + fs + cryptoPolicyProperty; + } + + if (debug != null) { + debug.println("crypto policy directory: " + cpPath); + } + + File exportJar = new File(cpPath,"US_export_policy.jar"); + File importJar = new File(cpPath,"local_policy.jar"); + + if (cryptoPolicyProperty == null && (!exportJar.exists() || + !importJar.exists())) { + // Compatibility set up. If crypto.policy is not defined. + // check to see if legacy jars exist in lib directory. If + // they don't exist, we default to limited policy mode. + cpPath = javaHomeProperty + fs + "lib" + fs + "security" + fs + + "policy" + fs + "limited"; + // point to the new jar files in limited directory + exportJar = new File(cpPath,"US_export_policy.jar"); + importJar = new File(cpPath,"local_policy.jar"); + } + URL jceCipherURL = ClassLoader.getSystemResource ("javax/crypto/Cipher.class");
--- a/src/share/lib/security/java.security-linux Fri Nov 18 12:25:10 2016 +0300 +++ b/src/share/lib/security/java.security-linux Wed Nov 09 21:09:10 2016 +0000 @@ -677,6 +677,71 @@ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} +# Cryptographic Jurisdiction Policy defaults +# +# Due to the import control restrictions of some countries, the default +# JCE policy files allow for strong but "limited" cryptographic key +# lengths to be used. If your country's cryptographic regulations allow, +# the "unlimited" strength policy files can be used instead, which contain +# no restrictions on cryptographic strengths. +# +# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY +# TO DETERMINE THE EXACT REQUIREMENTS. +# +# <java-home> (below) refers to the directory where the JRE was +# installed. It is determined based on whether you are running JCE +# on a JRE or a JRE contained within the Java Development Kit, or +# JDK(TM). The JDK contains the JRE, but at a different level in the +# file hierarchy. For example, if the JDK is installed in +# /home/user1/jdk1.7.0 on Unix or in C:\jdk1.7.0 on Windows, then +# <java-home> is: +# +# /home/user1/jdk1.7.0/jre [Unix] +# C:\jdk1.7.0\jre [Windows] +# +# If on the other hand the JRE is installed in /home/user1/jre1.7.0 +# on Unix or in C:\jre1.7.0 on Windows, and the JDK is not +# installed, then <java-home> is: +# +# /home/user1/jre1.7.0 [Unix] +# C:\jre1.7.0 [Windows] +# +# On Windows, for each JDK installation, there may be additional +# JREs installed under the "Program Files" directory. Please make +# sure that you install the unlimited strength policy JAR files +# for all JREs that you plan to use. +# +# The policy files are jar files organized into subdirectories of +# <java-home>/lib/security/policy. Each directory contains a complete +# set of policy files. +# +# The "crypto.policy" Security property controls the directory selection, +# and thus the effective cryptographic policy. +# +# The default set of directories is: +# +# limited | unlimited +# +# however other directories can be created and configured. +# +# To support older JDK Update releases, the crypto.policy property +# is not defined by default. When the property is not defined, an +# update release binary aware of the new property will use the following +# logic to decide what crypto policy files get used : +# +# * If the US_export_policy.jar and local_policy.jar files are located +# in the (legacy) <java-home>/lib/security directory, then the rules +# embedded in those jar files will be used. This helps preserve compatibility +# for users upgrading from an older installation. +# +# * If crypto.policy is not defined and no such jar files are present in +# the legacy locations, then the JDK will use the limited settings +# (equivalent to crypto.policy=limited) +# +# Please see the JCA documentation for additional information on these +# files and formats. +#crypto.policy=unlimited + # # The policy for the XML Signature secure validation mode. The mode is # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
--- a/src/share/lib/security/java.security-solaris Fri Nov 18 12:25:10 2016 +0300 +++ b/src/share/lib/security/java.security-solaris Wed Nov 09 21:09:10 2016 +0000 @@ -637,6 +637,71 @@ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} +# Cryptographic Jurisdiction Policy defaults +# +# Due to the import control restrictions of some countries, the default +# JCE policy files allow for strong but "limited" cryptographic key +# lengths to be used. If your country's cryptographic regulations allow, +# the "unlimited" strength policy files can be used instead, which contain +# no restrictions on cryptographic strengths. +# +# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY +# TO DETERMINE THE EXACT REQUIREMENTS. +# +# <java-home> (below) refers to the directory where the JRE was +# installed. It is determined based on whether you are running JCE +# on a JRE or a JRE contained within the Java Development Kit, or +# JDK(TM). The JDK contains the JRE, but at a different level in the +# file hierarchy. For example, if the JDK is installed in +# /home/user1/jdk1.7.0 on Unix or in C:\jdk1.7.0 on Windows, then +# <java-home> is: +# +# /home/user1/jdk1.7.0/jre [Unix] +# C:\jdk1.7.0\jre [Windows] +# +# If on the other hand the JRE is installed in /home/user1/jre1.7.0 +# on Unix or in C:\jre1.7.0 on Windows, and the JDK is not +# installed, then <java-home> is: +# +# /home/user1/jre1.7.0 [Unix] +# C:\jre1.7.0 [Windows] +# +# On Windows, for each JDK installation, there may be additional +# JREs installed under the "Program Files" directory. Please make +# sure that you install the unlimited strength policy JAR files +# for all JREs that you plan to use. +# +# The policy files are jar files organized into subdirectories of +# <java-home>/lib/security/policy. Each directory contains a complete +# set of policy files. +# +# The "crypto.policy" Security property controls the directory selection, +# and thus the effective cryptographic policy. +# +# The default set of directories is: +# +# limited | unlimited +# +# however other directories can be created and configured. +# +# To support older JDK Update releases, the crypto.policy property +# is not defined by default. When the property is not defined, an +# update release binary aware of the new property will use the following +# logic to decide what crypto policy files get used : +# +# * If the US_export_policy.jar and local_policy.jar files are located +# in the (legacy) <java-home>/lib/security directory, then the rules +# embedded in those jar files will be used. This helps preserve compatibility +# for users upgrading from an older installation. +# +# * If crypto.policy is not defined and no such jar files are present in +# the legacy locations, then the JDK will use the limited settings +# (equivalent to crypto.policy=limited) +# +# Please see the JCA documentation for additional information on these +# files and formats. +#crypto.policy=unlimited + # # The policy for the XML Signature secure validation mode. The mode is # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
--- a/src/share/lib/security/java.security-windows Fri Nov 18 12:25:10 2016 +0300 +++ b/src/share/lib/security/java.security-windows Wed Nov 09 21:09:10 2016 +0000 @@ -654,6 +654,71 @@ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} +# Cryptographic Jurisdiction Policy defaults +# +# Due to the import control restrictions of some countries, the default +# JCE policy files allow for strong but "limited" cryptographic key +# lengths to be used. If your country's cryptographic regulations allow, +# the "unlimited" strength policy files can be used instead, which contain +# no restrictions on cryptographic strengths. +# +# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY +# TO DETERMINE THE EXACT REQUIREMENTS. +# +# <java-home> (below) refers to the directory where the JRE was +# installed. It is determined based on whether you are running JCE +# on a JRE or a JRE contained within the Java Development Kit, or +# JDK(TM). The JDK contains the JRE, but at a different level in the +# file hierarchy. For example, if the JDK is installed in +# /home/user1/jdk1.7.0 on Unix or in C:\jdk1.7.0 on Windows, then +# <java-home> is: +# +# /home/user1/jdk1.7.0/jre [Unix] +# C:\jdk1.7.0\jre [Windows] +# +# If on the other hand the JRE is installed in /home/user1/jre1.7.0 +# on Unix or in C:\jre1.7.0 on Windows, and the JDK is not +# installed, then <java-home> is: +# +# /home/user1/jre1.7.0 [Unix] +# C:\jre1.7.0 [Windows] +# +# On Windows, for each JDK installation, there may be additional +# JREs installed under the "Program Files" directory. Please make +# sure that you install the unlimited strength policy JAR files +# for all JREs that you plan to use. +# +# The policy files are jar files organized into subdirectories of +# <java-home>/lib/security/policy. Each directory contains a complete +# set of policy files. +# +# The "crypto.policy" Security property controls the directory selection, +# and thus the effective cryptographic policy. +# +# The default set of directories is: +# +# limited | unlimited +# +# however other directories can be created and configured. +# +# To support older JDK Update releases, the crypto.policy property +# is not defined by default. When the property is not defined, an +# update release binary aware of the new property will use the following +# logic to decide what crypto policy files get used : +# +# * If the US_export_policy.jar and local_policy.jar files are located +# in the (legacy) <java-home>/lib/security directory, then the rules +# embedded in those jar files will be used. This helps preserve compatibility +# for users upgrading from an older installation. +# +# * If crypto.policy is not defined and no such jar files are present in +# the legacy locations, then the JDK will use the limited settings +# (equivalent to crypto.policy=limited) +# +# Please see the JCA documentation for additional information on these +# files and formats. +#crypto.policy=unlimited + # # The policy for the XML Signature secure validation mode. The mode is # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/crypto/CryptoPermission/TestUnlimited.java Wed Nov 09 21:09:10 2016 +0000 @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8157561 + * @summary Ship the unlimited policy files in JDK Updates + * @run main/othervm TestUnlimited "" exception + * @run main/othervm TestUnlimited limited fail + * @run main/othervm TestUnlimited unlimited pass + * @run main/othervm TestUnlimited unlimited/ pass + * @run main/othervm TestUnlimited NosuchDir exception + * @run main/othervm TestUnlimited . exception + * @run main/othervm TestUnlimited /tmp/unlimited exception + * @run main/othervm TestUnlimited ../policy/unlimited exception + * @run main/othervm TestUnlimited ./unlimited exception + * @run main/othervm TestUnlimited /unlimited exception + */ +import javax.crypto.*; +import java.security.Security; + +public class TestUnlimited { + + public static void main(String[] args) throws Exception { + /* + * Override the Security property to allow for unlimited policy. + * Would need appropriate permissions if Security Manager were + * active. + */ + if (args.length != 2) { + throw new Exception("Two args required"); + } + + boolean expected = args[1].equals("pass"); + boolean exception = args[1].equals("exception"); + boolean result = false; + + System.out.println("Testing: " + args[0]); + + if (args[0].equals("\"\"")) { + Security.setProperty("crypto.policy", ""); + } else { + Security.setProperty("crypto.policy", args[0]); + } + + /* + * Use the AES as the test Cipher + * If there is an error initializing, we will never get past here. + */ + try { + int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES"); + System.out.println("max AES key len:" + maxKeyLen); + if (maxKeyLen > 128) { + System.out.println("Unlimited policy is active"); + result = true; + } else { + System.out.println("Unlimited policy is NOT active"); + result = false; + } + } catch (Throwable e) { + if (!exception) { + throw new Exception(); + } + } + + System.out.println( + "Expected:\t" + expected + "\nResult:\t\t" + result); + if (expected != result) { + throw new Exception(); + } + + System.out.println("DONE!"); + } +}