java.security-solaris revision 0
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# This is the "master security properties file".
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# In this file, various security properties are set for use by
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# java.security classes. This is where users can statically register
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Cryptography Package Providers ("providers" for short). The term
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# "provider" refers to a package or set of packages that supply a
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# concrete implementation of a subset of the cryptography aspects of
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# the Java Security API. A provider may, for example, implement one or
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# more digital signature algorithms or message digest algorithms.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Each provider must implement a subclass of the Provider class.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# To register a provider in this master security properties file,
1b5cb8422c825dbdc6d7669e74f285cede6ab71cJames Phillpotts# specify the Provider subclass name and priority in the format
1b5cb8422c825dbdc6d7669e74f285cede6ab71cJames Phillpotts# This declares a provider, and specifies its preference
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# order n. The preference order is the order in which providers are
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# searched for requested algorithms (when no specific provider is
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# requested). The order is 1-based; 1 is the most preferred, followed
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# by 2, and so on.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# <className> must specify the subclass of the Provider class whose
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# constructor sets the values of various properties that are required
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# for the Java Security API to look up the algorithms or other
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# facilities implemented by the provider.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# There must be at least one provider specification in java.security.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# There is a default provider that comes standard with the JDK. It
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# is called the "SUN" provider, and its Provider subclass
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# named Sun appears in the sun.security.provider package. Thus, the
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# "SUN" provider is registered via the following:
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# security.provider.1=sun.security.provider.Sun
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# (The number 1 is used for the default provider.)
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Note: Providers can be dynamically registered instead by calls to
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# either the addProvider or insertProviderAt method in the Security
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# List of providers and their preference orders (see above):
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.2=sun.security.provider.Sun
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.3=sun.security.rsa.SunRsaSign
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.4=com.sun.net.ssl.internal.ssl.Provider
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.5=com.sun.crypto.provider.SunJCE
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.6=sun.security.jgss.SunProvider
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.7=com.sun.security.sasl.Provider
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsecurity.provider.9=sun.security.smartcardio.SunPCSC
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Select the source of seed data for SecureRandom. By default an
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# attempt is made to use the entropy gathering device specified by
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# the securerandom.source property. If an exception occurs when
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# accessing the URL then the traditional system/thread activity
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# algorithm is used.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# On Solaris and Linux systems, if file:/dev/urandom is specified and it
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# exists, a special SecureRandom implementation is activated by default.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# This "NativePRNG" reads random bytes directly from /dev/urandom.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# On Windows systems, the URLs file:/dev/random and file:/dev/urandom
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# enables use of the Microsoft CryptoAPI seed functionality.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# The entropy gathering device is described as a URL and can also
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# be specified with the system property "java.security.egd". For example,
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Specifying this system property will override the securerandom.source
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Class to instantiate as the javax.security.auth.login.Configuration
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottlogin.configuration.provider=com.sun.security.auth.login.ConfigFile
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Default login configuration file
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott#login.config.url.1=file:${user.home}/.java.login.config
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Class to instantiate as the system Policy. This is the name of the class
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# that will be used as the Policy object.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottpolicy.provider=sun.security.provider.PolicyFile
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# The default is to have a single system-wide policy file,
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# and a policy file in the user's home directory.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottpolicy.url.1=file:${java.home}/lib/security/java.policy
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# whether or not we expand properties in the policy file
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# if this is set to false, properties (${...}) will not be expanded in policy
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# whether or not we allow an extra policy to be passed on the command line
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# with -Djava.security.policy=somefile. Comment out this line to disable
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# this feature.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# whether or not we look into the IdentityScope for trusted Identities
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# when encountering a 1.1 signed JAR file. If the identity is found
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# and is trusted, we grant it AllPermission.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Default keystore type.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# Class to instantiate as the system scope:
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshottsystem.scope=sun.security.provider.IdentityDatabase
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# List of comma-separated packages that start with or equal this string
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# will cause a security exception to be thrown when
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# passed to checkPackageAccess unless the
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# corresponding RuntimePermission ("accessClassInPackage."+package) has
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# been granted.
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# List of comma-separated packages that start with or equal this string
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# will cause a security exception to be thrown when
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# passed to checkPackageDefinition unless the
537857b204a4425e0ea257b0413a02c5c7c5e266Robert Wapshott# corresponding RuntimePermission ("defineClassInPackage."+package) has
# or overridden on the command line via -Djava.security.properties
# the javax.net.ssl package.
ssl.KeyManagerFactory.algorithm=SunX509
# ocsp.enable=true
# then both the "ocsp.responderCertIssuerName" and
# "ocsp.responderCertSerialNumber" properties must be used instead. When this
# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
# property is set then the "ocsp.responderCertSerialNumber" property must also
# be set. When the "ocsp.responderCertSubjectName" property is set then this
# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
# validation. When this property is set then the "ocsp.responderCertIssuerName"
# property must also be set. When the "ocsp.responderCertSubjectName" property
# ocsp.responderCertSerialNumber=2A:FF:00