-
Notifications
You must be signed in to change notification settings - Fork 0
Using the JCE Unlimited Strength Jurisdiction Policy Files
John Gasper edited this page Jul 13, 2017
·
1 revision
Both OpenJDK Zulu and Oracle Java require extra steps to enable the Unlimited Strength Cryptography.
This set of instructions assumes that you are using the default OpenJDK Zulu package that comes with the container.
To add the OpenJDK Zulu Cryptography Extension Kit files to your image, add the following RUN command as a step in your Dockerfile:
RUN wget http://cdn.azul.com/zcek/bin/ZuluJCEPolicies.zip \
&& echo "8021a28b8cac41b44f1421fd210a0a0822fcaf88d62d2e70a35b2ff628a8675a ZuluJCEPolicies.zip" | sha256sum -c - \
&& unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/local_policy.jar -d /opt/jre-home/lib/security/ \
&& unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/US_export_policy.jar -d /opt/jre-home/lib/security/ \
&& rm ZuluJCEPolicies.zip \
&& chmod -R 640 /opt/jre-home/lib/security/ \
&& chown -R root:jetty /opt/jre-home/lib/security/
This set of instructions assumes that you are using the first method from Switching to the Oracle JVM to use the Oracle JVM for running your container.
To add the JCE Unlimited Strength Jurisdiction Policy Files to your image, add the following RUN command as a step in your Dockerfile after the RUN steps that switch to the Oracle JVM:
RUN yum -y install unzip \
&& wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip \
&& echo "f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59 jce_policy-8.zip" | sha256sum -c - \
&& unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/local_policy.jar -d /opt/jre-home/jre/lib/security/ \
&& unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/US_export_policy.jar -d /opt/jre-home/jre/lib/security/ \
&& rm jce_policy-8.zip \
&& chmod -R 640 /opt/jre-home/jre/lib/security/ \
&& chown -R root:jetty /opt/jre-home/jre/lib/security/