Review request: include US_export_policy.jar and local_policy.jar
Sean Mullan
sean.mullan at oracle.com
Thu May 27 12:42:30 PDT 2010
The Makefile changes look ok to me. Vinnie is starting to work on fixing this
with signed modules, so you may want to see if he has any comments before pushing.
--Sean
On 5/27/10 1:28 PM, Mandy Chung wrote:
> Webrev at:
> http://cr.openjdk.java.net/~mchung/jigsaw/export-policy-jars/
>
> The current JCE implementation checks the existence of
> US_export_policy.jar and local_policy.jar and throws exception if not
> exist. A number of security jtreg tests failed due to such failure.
>
> This fix will copy US_export_policy.jar and local_policy.jar in the
> module-image as a short term solution so as to allows more tests to run
> to verify the module-image. When signed modules are fully supported,
> US_export_policy and local_policy will be converted to signed modules to
> replace these jars in the module-image.
>
> Comparing the number of jdk_security3 failures:
> Before the fix: TEST STATS: run=363 pass=226 fail=137 excluded=26
> After the fix: TEST STATS: run=363 pass=349 fail=14 excluded=26
>
> Without these 2 policy jars, the exception looks like this:
>
> Caused by: java.lang.SecurityException: Can not initialize cryptographic
> mechanism
> at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:86)
> ... 38 more
> Caused by: java.lang.SecurityException: Cannot locate policy or
> framework files!
> at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:254)
> at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
> at javax.crypto.JceSecurity$1.run(JceSecurity.java:78)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:76)
>
> Thanks
> Mandy
More information about the jigsaw-dev
mailing list