biemond / biemond-jdk7

Puppet JDK7 module optimized for Oracle
Apache License 2.0
2 stars 15 forks source link

Enhancement for JCE on 8u151 and higher versions #25

Closed josealvrod closed 6 years ago

josealvrod commented 6 years ago

When the version of java is 8u151 and up to, but not included, 8u161, the JCE policy has changed and now the libraries are included with the tarball. By default it limited and not defined.

For versions starting at 8u161, it is the same as before but by default is set as unlimited. Still not defined in the java.security file.

To allow the module to define and configure this property, the stdlib module has been added as a dependency, to use file_line to add the property to the java.security config file.

As it is limited by versions, there is a check on major and minor version and if the version is not above 8u151, there is a message stating there is no change even if the new parameter has been passed to the class call.

This new parameter is $crypto_policy and it is undef by default, with possible values being unlimited and limited

The changes to javaexec.pp are needed as the command used to move the .jar files from the cryptography_extension_file also moves the ones in the new version tarball, and as there is a legacy configuration using these cryptography_extension_file files, conditioning the use of either cryptography_extension_file or crypto_policy is ruled out.