terrapkg · Owen-sz · May 6, 2026
diff --git a/anda/langs/java/21/java-21-openjdk-portable/.gitignore b/anda/langs/java/21/java-21-openjdk-portable/.gitignore
@@ -0,0 +1,53 @@
+/jdk-jdk12-jdk-12+33.tar.xz
+/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
+/jdk-updates-jdk12u-jdk-12.0.1+12.tar.xz
+/jdk-jdk13-jdk-13+27.tar.xz
+/jdk-jdk13-jdk-13+28.tar.xz
+/jdk-jdk13-jdk-13+33.tar.xz
+/jdk-updates-jdk13u-jdk-13.0.1+9.tar.xz
+/jdk-updates-jdk13u-jdk-13.0.2+8.tar.xz
+/jdk-jdk14-jdk-14+36.tar.xz
+/jdk-updates-jdk14u-jdk-14.0.1+7.tar.xz
+/jdk-updates-jdk14u-jdk-14.0.2+12.tar.xz
+/jdk-jdk15-jdk-15+36.tar.xz
+/jdk-updates-jdk15u-jdk-15.0.1+9.tar.xz
+/tapsets-icedtea-3.15.0.tar.xz
+/jdk-updates-jdk15u-jdk-15.0.2+7.tar.xz
+/openjdk-jdk16-jdk-16+36.tar.xz
+/openjdk-jdk16u-jdk-16.0.1+9.tar.xz
+/openjdk-jdk17-jdk-17+26.tar.xz
+/openjdk-jdk17-jdk-17+33.tar.xz
+/openjdk-jdk17-jdk-17+35.tar.xz
+/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
+/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
+/openjdk-jdk-jdk-18+27.tar.xz
+/openjdk-jdk18-jdk-18+27.tar.xz
+/openjdk-jdk18-jdk-18+37.tar.xz
+/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
+/openjdk-jdk18u-jdk-18.0.1+10.tar.xz
+/openjdk-jdk18u-jdk-18.0.1.1+2.tar.xz
+/openjdk-jdk18u-jdk-18.0.2+9.tar.xz
+/openjdk-jdk19u-jdk-19+36.tar.xz
+/openjdk-jdk19u-jdk-19.0.1+10.tar.xz
+/openjdk-jdk19u-jdk-19.0.2+7.tar.xz
+/openjdk-jdk20u-jdk-20+36.tar.xz
+/openjdk-jdk20u-jdk-20.0.1+9.tar.xz
+/openjdk-jdk20u-jdk-20.0.2+9.tar.xz
+/openjdk-jdk21u-jdk-21+34.tar.xz
+/openjdk-jdk21u-jdk-21+35.tar.xz
+/openjdk-21+35.tar.xz
+/openjdk-21.0.1+12.tar.xz
+/openjdk-21.0.2+11.tar.xz
+/openjdk-21.0.2+12.tar.xz
+/openjdk-21.0.2+13.tar.xz
+/openjdk-jdk-21.0.3+9.tar.xz
+/openjdk-21.0.3+9.tar.xz
+/openjdk-21.0.4+7.tar.xz
+/openjdk-21.0.5+11.tar.xz
+/openjdk-21.0.6+7.tar.xz
+/openjdk-21.0.7+6.tar.xz
+/openjdk-21.0.8+9.tar.xz
+/openjdk-21.0.9+10.tar.xz
+/openjdk-21.0.10+7.tar.xz
+/openjdk-21.0.11+10.tar.xz
diff --git a/anda/langs/java/21/java-21-openjdk-portable/CheckVendor.java b/anda/langs/java/21/java-21-openjdk-portable/CheckVendor.java
@@ -0,0 +1,65 @@
+/* CheckVendor -- Check the vendor properties match specified values.
+   Copyright (C) 2020 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @test
+ */
+public class CheckVendor {
+
+    public static void main(String[] args) {
+        if (args.length < 4) {
+            System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL> <VENDOR-VERSION-STRING>");
+	    System.exit(1);
+	}
+
+	String vendor = System.getProperty("java.vendor");
+	String expectedVendor = args[0];
+	String vendorURL = System.getProperty("java.vendor.url");
+	String expectedVendorURL = args[1];
+	String vendorBugURL = System.getProperty("java.vendor.url.bug");
+	String expectedVendorBugURL = args[2];
+        String vendorVersionString = System.getProperty("java.vendor.version");
+        String expectedVendorVersionString = args[3];
+
+	if (!expectedVendor.equals(vendor)) {
+	    System.err.printf("Invalid vendor %s, expected %s\n",
+			      vendor, expectedVendor);
+	    System.exit(2);
+	}
+
+	if (!expectedVendorURL.equals(vendorURL)) {
+	    System.err.printf("Invalid vendor URL %s, expected %s\n",
+			      vendorURL, expectedVendorURL);
+	    System.exit(3);
+	}
+
+	if (!expectedVendorBugURL.equals(vendorBugURL)) {
+            System.err.printf("Invalid vendor bug URL %s, expected %s\n",
+			      vendorBugURL, expectedVendorBugURL);
+	    System.exit(4);
+	}
+
+        if (!expectedVendorVersionString.equals(vendorVersionString)) {
+            System.err.printf("Invalid vendor version string %s, expected %s\n",
+                              vendorVersionString, expectedVendorVersionString);
+	    System.exit(5);
+        }
+
+        System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
+                          vendor, vendorURL, vendorBugURL, vendorVersionString);
+    }
+}
diff --git a/anda/langs/java/21/java-21-openjdk-portable/NEWS b/anda/langs/java/21/java-21-openjdk-portable/NEWS
diff --git a/anda/langs/java/21/java-21-openjdk-portable/TestCryptoLevel.java b/anda/langs/java/21/java-21-openjdk-portable/TestCryptoLevel.java
@@ -0,0 +1,72 @@
+/* TestCryptoLevel -- Ensure unlimited crypto policy is in use.
+   Copyright (C) 2012 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+public class TestCryptoLevel
+{
+  public static void main(String[] args)
+    throws NoSuchFieldException, ClassNotFoundException,
+           IllegalAccessException, InvocationTargetException
+  {
+    Class<?> cls = null;
+    Method def = null, exempt = null;
+
+    try
+      {
+        cls = Class.forName("javax.crypto.JceSecurity");
+      }
+    catch (ClassNotFoundException ex)
+      {
+        System.err.println("Running a non-Sun JDK.");
+        System.exit(0);
+      }
+    try
+      {
+        def = cls.getDeclaredMethod("getDefaultPolicy");
+        exempt = cls.getDeclaredMethod("getExemptPolicy");
+      }
+    catch (NoSuchMethodException ex)
+      {
+        System.err.println("Running IcedTea with the original crypto patch.");
+        System.exit(0);
+      }
+    def.setAccessible(true);
+    exempt.setAccessible(true);
+    PermissionCollection defPerms = (PermissionCollection) def.invoke(null);
+    PermissionCollection exemptPerms = (PermissionCollection) exempt.invoke(null);
+    Class<?> apCls = Class.forName("javax.crypto.CryptoAllPermission");
+    Field apField = apCls.getDeclaredField("INSTANCE");
+    apField.setAccessible(true);
+    Permission allPerms = (Permission) apField.get(null);
+    if (defPerms.implies(allPerms) && (exemptPerms == null || exemptPerms.implies(allPerms)))
+      {
+        System.err.println("Running with the unlimited policy.");
+        System.exit(0);
+      }
+    else
+      {
+        System.err.println("WARNING: Running with a restricted crypto policy.");
+        System.exit(-1);
+      }
+  }
+}
diff --git a/anda/langs/java/21/java-21-openjdk-portable/TestECDSA.java b/anda/langs/java/21/java-21-openjdk-portable/TestECDSA.java
@@ -0,0 +1,49 @@
+/* TestECDSA -- Ensure ECDSA signatures are working.
+   Copyright (C) 2016 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+
+/**
+ * @test
+ */
+public class TestECDSA {
+
+    public static void main(String[] args) throws Exception {
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+        KeyPair key = keyGen.generateKeyPair();
+
+        byte[] data = "This is a string to sign".getBytes("UTF-8");
+
+        Signature dsa = Signature.getInstance("NONEwithECDSA");
+        dsa.initSign(key.getPrivate());
+        dsa.update(data);
+        byte[] sig = dsa.sign();
+        System.out.println("Signature: " + new BigInteger(1, sig).toString(16));
+
+        Signature dsaCheck = Signature.getInstance("NONEwithECDSA");
+        dsaCheck.initVerify(key.getPublic());
+        dsaCheck.update(data);
+        boolean success = dsaCheck.verify(sig);
+        if (!success) {
+            throw new RuntimeException("Test failed. Signature verification error");
+        }
+        System.out.println("Test passed.");
+    }
+}
diff --git a/anda/langs/java/21/java-21-openjdk-portable/TestSecurityProperties.java b/anda/langs/java/21/java-21-openjdk-portable/TestSecurityProperties.java
@@ -0,0 +1,84 @@
+/* TestSecurityProperties -- Ensure system security properties can be used to
+                             enable the crypto policies.
+   Copyright (C) 2022 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.Security;
+import java.util.Properties;
+
+public class TestSecurityProperties {
+    // JDK 11
+    private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
+    // JDK 8
+    private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
+
+    private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config";
+
+    private static final String MSG_PREFIX = "DEBUG: ";
+
+    public static void main(String[] args) {
+        if (args.length == 0) {
+            System.err.println("TestSecurityProperties <true|false>");
+            System.err.println("Invoke with 'true' if system security properties should be enabled.");
+            System.err.println("Invoke with 'false' if system security properties should be disabled.");
+            System.exit(1);
+        }
+        boolean enabled = Boolean.valueOf(args[0]);
+        System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled);
+        Properties jdkProps = new Properties();
+        loadProperties(jdkProps);
+        if (enabled) {
+            loadPolicy(jdkProps);
+        }
+        for (Object key: jdkProps.keySet()) {
+            String sKey = (String)key;
+            String securityVal = Security.getProperty(sKey);
+            String jdkSecVal = jdkProps.getProperty(sKey);
+            if (!securityVal.equals(jdkSecVal)) {
+                String msg = "Expected value '" + jdkSecVal + "' for key '" +
+                             sKey + "'" + " but got value '" + securityVal + "'";
+                throw new RuntimeException("Test failed! " + msg);
+            } else {
+                System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected.");
+            }
+        }
+        System.out.println("TestSecurityProperties PASSED!");
+    }
+
+    private static void loadProperties(Properties props) {
+        String javaVersion = System.getProperty("java.version");
+        System.out.println(MSG_PREFIX + "Java version is " + javaVersion);
+        String propsFile = JDK_PROPS_FILE_JDK_11;
+        if (javaVersion.startsWith("1.8.0")) {
+            propsFile = JDK_PROPS_FILE_JDK_8;
+        }
+        try (FileInputStream fin = new FileInputStream(propsFile)) {
+            props.load(fin);
+        } catch (Exception e) {
+            throw new RuntimeException("Test failed!", e);
+        }
+    }
+
+    private static void loadPolicy(Properties props) {
+        try (FileInputStream fin = new FileInputStream(POLICY_FILE)) {
+            props.load(fin);
+        } catch (Exception e) {
+            throw new RuntimeException("Test failed!", e);
+        }
+    }
+
+}