Using the JCE Unlimited Strength Jurisdiction Policy Files - Unicon/shibboleth-idp-dockerized GitHub Wiki

Both OpenJDK Zulu and Oracle Java require extra steps to enable the Unlimited Strength Cryptography.

OpenJDK Zulu Cryptography Extension Kit (CEK)

This set of instructions assumes that you are using the default OpenJDK Zulu package that comes with the container.

To add the OpenJDK Zulu Cryptography Extension Kit files to your image, add the following RUN command as a step in your Dockerfile:

RUN yum -y install unzip \
    && wget http://cdn.azul.com/zcek/bin/ZuluJCEPolicies.zip \
    && echo "8021a28b8cac41b44f1421fd210a0a0822fcaf88d62d2e70a35b2ff628a8675a  ZuluJCEPolicies.zip" | sha256sum -c - \
    && unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/local_policy.jar -d /opt/jre-home/lib/security/ \
    && unzip -oj ZuluJCEPolicies.zip ZuluJCEPolicies/US_export_policy.jar -d /opt/jre-home/lib/security/ \
    && rm ZuluJCEPolicies.zip \
    && chmod -R 640 /opt/jre-home/lib/security/ \
    && chown -R root:jetty /opt/jre-home/lib/security/   

Oracle Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files

This set of instructions assumes that you are using the first method from Switching to the Oracle JVM to use the Oracle JVM for running your container.

To add the JCE Unlimited Strength Jurisdiction Policy Files to your image, add the following RUN command as a step in your Dockerfile after the RUN steps that switch to the Oracle JVM:

RUN yum -y install unzip \
    && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
    http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip \
    && echo "f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59  jce_policy-8.zip" | sha256sum -c - \
    && unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/local_policy.jar -d /opt/jre-home/jre/lib/security/ \
    && unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/US_export_policy.jar -d /opt/jre-home/jre/lib/security/ \
    && rm jce_policy-8.zip \
    && chmod -R 640 /opt/jre-home/jre/lib/security/ \
    && chown -R root:jetty /opt/jre-home/jre/lib/security/