Alan Baugher

CLI Process:  How to check the JDK's JCE for unlimited encryption

Discussion created by Alan Baugher Employee on Sep 11, 2015

Hello,

 

As part of building dev-ops solutions for customers and CA, one of the common base 3rd party components to deploy is the Oracle JDK. 

To ensure that the Oracle JDK is ready for any encryption level, the corresponding Oracle JCE must be applied to the deployed JDK.

 

To assist with automating this process and add a validation check, I have the following to offer:

 

A CLI script  that will install both the x86 and the x84 bit version of a JDK; and copy/replace the updated JCE libraries (bit independent) into the correct library folder.

After deploying the JCE, I use a process to check that the JCE was successfully applied using a process pulled from GitHub.

Ref:   https://gist.github.com/fintler/6283751

 

 

 

 

**** ****

 

#!/bin/bash

 

###############################################################################################

##### Shell script to install three (3) packages in the follow order:                      #####

##### Java JDK 1.7 b71+ (x86 / x64) , Java JCE Unlimited Encryption Libraries             #####

###############################################################################################

##### Java JDK 1.7 b71+ (2015/05/12 b79)                                                  #####

##### http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html #####

##### Java JCE 1.7                                                                        #####

##### http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html  #####

###############################################################################################

STARTTIME=`date`

echo ""

echo $STARTTIME

 

MEDIA_HOME=/opt/CA/media/iso/jdk

INSTALL_PATH=/opt/CA/jdk

JDK_VERSION=jdk1.7.0_71

JDK_GZ_NAME_X86=jdk-7u71-linux-i586.gz

JDK_GZ_NAME_X64=jdk-7u71-linux-x64.gz

 

mkdir -p "$INSTALL_PATH"

 

echo "################################################"

echo "### Clean up prior installation of x86 JDK  ###"

cd $MEDIA_HOME

rm -rf  "$MEDIA_HOME/$JDK_VERSION"

rm -rf  "$INSTALL_PATH/$JDK_VERSION"_x86

tar -zxvf "$MEDIA_HOME/$JDK_GZ_NAME_X86"   > /dev/null 2>&1

mv "$MEDIA_HOME/$JDK_VERSION" "$INSTALL_PATH/$JDK_VERSION"_x86

 

 

echo "################################################"

echo "### Clean up prior installation of x64 JDK ###"

rm -rf  "$MEDIA_HOME/$JDK_VERSION"

rm -rf  "$INSTALL_PATH/$JDK_VERSION"_x64

tar -zxvf "$MEDIA_HOME/$JDK_GZ_NAME_X64"  > /dev/null 2>&1

mv "$MEDIA_HOME/$JDK_VERSION" "$INSTALL_PATH/$JDK_VERSION"_x64

 

 

echo "################################################"

echo "### Check status of JDK 7 x86 ###"

file "$INSTALL_PATH/$JDK_VERSION"_x86/bin/java

echo "################################################"

echo "### Check status of JDK 7 x64 ###"

file "$INSTALL_PATH/$JDK_VERSION"_x64/bin/java

 

 

echo "################################################"

echo "### Update JCE libraries for JDK 7 x86 and x64 ###"

cd $MEDIA_HOME/jce_7

cp -r -p *.jar "$INSTALL_PATH/$JDK_VERSION"_x86/jre/lib/security

cp -r -p *.jar "$INSTALL_PATH/$JDK_VERSION"_x64/jre/lib/security

 

 

echo "################################################"

echo "### JCE Test (viewable on console) ###"

echo "### Check JAVA JCE Encryption for Unlimited Strength ###"

cat << EOF > $MEDIA_HOME/CipherTest.java

import javax.crypto.Cipher;

class CipherTest {

    public static void main(String args[]) {

        try {

            int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");

            if(maxKeyLen < 256) {

                System.out.println("FAILED: Max key length too small! (" + maxKeyLen + ").");

            } else {

                System.out.println("PASSED: Max key length OK! (" + maxKeyLen + ").");

            }

        } catch(Exception e) {

            System.out.println("FAILED: No AES found!");

        }

    }

}

EOF

 

cd $MEDIA_HOME

echo "### JDK x86 Cipher Test with Unlimited JCE ###"

"$INSTALL_PATH/$JDK_VERSION"_x86/bin/javac  CipherTest.java

"$INSTALL_PATH/$JDK_VERSION"_x86/bin/java   CipherTest

echo "################################################"

echo "### JDK x64 Cipher Test with Unlimited JCE ###"

"$INSTALL_PATH/$JDK_VERSION"_x64/bin/javac  CipherTest.java

"$INSTALL_PATH/$JDK_VERSION"_x64/bin/java   CipherTest

 

chown -R nobody:nobody /opt/CA/jdk

 

echo "################################################"

echo "Done with JDK installation"

echo "Started at $STARTTIME"

echo "Done at `date`"

echo "################################################"

echo ""

 

 

 

 

 

*********** ****************

 

Cheers,

 

A.

 

 

Edit:  7/28/2016

 

Useful tools for Dev-Ops / CLI scripts.    Attaching the java examples and how to call them via CLI using JDK javac.

No need to guess max memory size, let the system tell you what is available.

 

C:\Program Files\Java\jdk1.8.0_66\bin>javac MaxMemory.java

C:\Program Files\Java\jdk1.8.0_66\bin>java MaxMemory

Total Memory: 514850816 (491.0 MiB)

Max Memory:   7615283200 (7262.5 MiB)

Free Memory:  506766080 (483.289794921875 MiB)

 

C:\Program Files\Java\jdk1.8.0_66\bin>javac CipherTest.java

C:\Program Files\Java\jdk1.8.0_66\bin>java CipherTest

FAILED: Max key length too small! (128).

 

 

 

 

Ref:  For MaxMemory.java example

Maximum Java heap size of a 32-bit JVM on a 64-bit OS - Stack Overflow

Attachments

Outcomes