Hello,
As part of building dev-ops solutions for customers and CA, one of the common base 3rd party components to deploy is the Oracle JDK.
To ensure that the Oracle JDK is ready for any encryption level, the corresponding Oracle JCE must be applied to the deployed JDK.
To assist with automating this process and add a validation check, I have the following to offer:
A CLI script that will install both the x86 and the x84 bit version of a JDK; and copy/replace the updated JCE libraries (bit independent) into the correct library folder.
After deploying the JCE, I use a process to check that the JCE was successfully applied using a process pulled from GitHub.
Ref: https://gist.github.com/fintler/6283751
**** ****
#!/bin/bash
###############################################################################################
##### Shell script to install three (3) packages in the follow order: #####
##### Java JDK 1.7 b71+ (x86 / x64) , Java JCE Unlimited Encryption Libraries #####
###############################################################################################
##### Java JDK 1.7 b71+ (2015/05/12 b79) #####
##### http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html #####
##### Java JCE 1.7 #####
##### http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html #####
###############################################################################################
STARTTIME=`date`
echo ""
echo $STARTTIME
MEDIA_HOME=/opt/CA/media/iso/jdk
INSTALL_PATH=/opt/CA/jdk
JDK_VERSION=jdk1.7.0_71
JDK_GZ_NAME_X86=jdk-7u71-linux-i586.gz
JDK_GZ_NAME_X64=jdk-7u71-linux-x64.gz
mkdir -p "$INSTALL_PATH"
echo "################################################"
echo "### Clean up prior installation of x86 JDK ###"
cd $MEDIA_HOME
rm -rf "$MEDIA_HOME/$JDK_VERSION"
rm -rf "$INSTALL_PATH/$JDK_VERSION"_x86
tar -zxvf "$MEDIA_HOME/$JDK_GZ_NAME_X86" > /dev/null 2>&1
mv "$MEDIA_HOME/$JDK_VERSION" "$INSTALL_PATH/$JDK_VERSION"_x86
echo "################################################"
echo "### Clean up prior installation of x64 JDK ###"
rm -rf "$MEDIA_HOME/$JDK_VERSION"
rm -rf "$INSTALL_PATH/$JDK_VERSION"_x64
tar -zxvf "$MEDIA_HOME/$JDK_GZ_NAME_X64" > /dev/null 2>&1
mv "$MEDIA_HOME/$JDK_VERSION" "$INSTALL_PATH/$JDK_VERSION"_x64
echo "################################################"
echo "### Check status of JDK 7 x86 ###"
file "$INSTALL_PATH/$JDK_VERSION"_x86/bin/java
echo "################################################"
echo "### Check status of JDK 7 x64 ###"
file "$INSTALL_PATH/$JDK_VERSION"_x64/bin/java
echo "################################################"
echo "### Update JCE libraries for JDK 7 x86 and x64 ###"
cd $MEDIA_HOME/jce_7
cp -r -p *.jar "$INSTALL_PATH/$JDK_VERSION"_x86/jre/lib/security
cp -r -p *.jar "$INSTALL_PATH/$JDK_VERSION"_x64/jre/lib/security
echo "################################################"
echo "### JCE Test (viewable on console) ###"
echo "### Check JAVA JCE Encryption for Unlimited Strength ###"
cat << EOF > $MEDIA_HOME/CipherTest.java
import javax.crypto.Cipher;
class CipherTest {
public static void main(String args[]) {
try {
int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
if(maxKeyLen < 256) {
System.out.println("FAILED: Max key length too small! (" + maxKeyLen + ").");
} else {
System.out.println("PASSED: Max key length OK! (" + maxKeyLen + ").");
}
} catch(Exception e) {
System.out.println("FAILED: No AES found!");
}
}
}
EOF
cd $MEDIA_HOME
echo "### JDK x86 Cipher Test with Unlimited JCE ###"
"$INSTALL_PATH/$JDK_VERSION"_x86/bin/javac CipherTest.java
"$INSTALL_PATH/$JDK_VERSION"_x86/bin/java CipherTest
echo "################################################"
echo "### JDK x64 Cipher Test with Unlimited JCE ###"
"$INSTALL_PATH/$JDK_VERSION"_x64/bin/javac CipherTest.java
"$INSTALL_PATH/$JDK_VERSION"_x64/bin/java CipherTest
chown -R nobody:nobody /opt/CA/jdk
echo "################################################"
echo "Done with JDK installation"
echo "Started at $STARTTIME"
echo "Done at `date`"
echo "################################################"
echo ""
*********** ****************
Cheers,
A.
Edit: 7/28/2016
Useful tools for Dev-Ops / CLI scripts. Attaching the java examples and how to call them via CLI using JDK javac.
No need to guess max memory size, let the system tell you what is available.
C:\Program Files\Java\jdk1.8.0_66\bin>javac MaxMemory.java
C:\Program Files\Java\jdk1.8.0_66\bin>java MaxMemory
Total Memory: 514850816 (491.0 MiB)
Max Memory: 7615283200 (7262.5 MiB)
Free Memory: 506766080 (483.289794921875 MiB)
C:\Program Files\Java\jdk1.8.0_66\bin>javac CipherTest.java
C:\Program Files\Java\jdk1.8.0_66\bin>java CipherTest
FAILED: Max key length too small! (128).
Ref: For MaxMemory.java example
Maximum Java heap size of a 32-bit JVM on a 64-bit OS - Stack Overflow