Open adamjk-dev opened 9 years ago
So, the file is a .zip file as well, so it requires the 'unzip' command if I am not mistaken. I also changed the creates => attribute to look for the README.txt since all the JCE policy ZIP files I found (6,7,8) had a README.txt file in them, and it wasn't in the base JDKs I installed from Oracle (for 1.7 and 1.8).
I ended up using this for a quick solution... but need to do more testing...
# extract the crypto extention if provided
if ( $cryptographyExtensionFile != undef ) {
# Handle correct unzip command based on file type (for crypto extension)
case $cryptographyExtensionFile {
/.tar$/: {
$command = 'tar xf'
}
/(.tgz|.tar.gz)$/: {
$command = 'tar xzf'
}
/.tar.bz2$/: {
$command = 'tar xjf'
}
/.zip$/: {
$command = 'unzip -jo'
}
/(.war|.jar)$/: {
$command = 'jar xf'
}
default: {
fail("unsupported file format in crypto extension file: ${cryptographyExtensionFile}.")
}
}
exec { "extract jce ${fullVersion}":
cwd => "${javaHomes}/${fullVersion}/jre/lib/security",
command => "${command} ${path}/${cryptographyExtensionFile}",
creates => "${javaHomes}/${fullVersion}/jre/lib/security/README.txt",
require => [File[$javaHomes],Exec["extract java ${fullVersion}"]],
before => Exec["chown -R ${owner}:${group} ${javaHomes}/${fullVersion}"],
logoutput => true,
user => $exec_user,
group => $group,
}
}
thanks
So it depends on where you download it from but it looks like the file is already there, maybe this was different with JSE 6
Unlimited Strength Java Cryptography Extension Due to import control restrictions for some countries, the Java Cryptography Extension (JCE) policy files shipped with the JDK and the JRE allow strong but limited cryptography to be used. These files are located at
Yeah, so we wrote a quick test App that we deploy with Tomcat/WebLogic etc. and it outputs the Max Key Length something like in these examples:
https://jsosic.wordpress.com/2014/02/01/check-if-jce-is-installed/ https://gist.github.com/evaryont/6786915
Basically, if the JCE is not installed, the Max Key Length will be 128. If it is installed, you will see 2147483647.
Our little Java Test App has:
try {
int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
resp.getOutputStream().write("<br>".getBytes());
resp.getOutputStream().write(("Max AES Key Size: " + maxKeyLen + "").getBytes());
} catch (Exception e) { e.printStackTrace(); }
I ended up updating my code since I can enforce that the JCE file is just a .zip:
# extract the crypto extension if provided
if ( $cryptographyExtensionFile != undef ) {
exec { "extract jce ${fullVersion}":
cwd => "${javaHomes}/${fullVersion}/jre/lib/security",
command => "unzip -jo ${path}/${cryptographyExtensionFile}",
creates => "${javaHomes}/${fullVersion}/jre/lib/security/README.txt",
require => [File[$javaHomes],Exec["extract java ${fullVersion}"]],
before => Exec["chown -R ${owner}:${group} ${javaHomes}/${fullVersion}"],
logoutput => true,
user => $exec_user,
group => $group,
}
}
Since the master branch code still assumes the JCE file may be extracted via tar, I've submitted a patch that modifies the documentation to match the code.
Ok let's change the code of https://github.com/biemond/biemond-jdk7/blob/master/manifests/config/javaexec.pp#L58
when it is a zip we should use zip and not use tar in the exec. Asking for converting to tgz is crazy, (probably had a blackout or drink too much ), it would expect some error in the exec
@rvincentatprokarmadotcom can you update your pull request and fix this in javaexec.pp
thanks all.
Updated #14
So, it seems like if a JDK version already has a US_export_policy.jar, then the JCE will not be updated.
The problem is in this line: https://github.com/biemond/biemond-jdk7/blob/master/manifests/config/javaexec.pp#L57
We installed some flavors of Oracle JDK, and they already come with this file, so the untar never occurs.