From eb5b7a13d3f95df6c36f4fb770705490ed6276e4 Mon Sep 17 00:00:00 2001
From: Jim Van Fleet <jim.van.fleet@levvel.io>
Date: Mon, 6 Mar 2017 14:59:36 -0500
Subject: [PATCH] JCE can come in

---
 .gitignore |  1 +
 Dockerfile | 12 +++++++++---
 README.md  |  7 ++++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index e7a9c13..b0cd0f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.rpm
+*.zip
diff --git a/Dockerfile b/Dockerfile
index 3e8ffeb..45986c4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,6 +15,7 @@ ARG tierversion=17020
 ARG tierbuild=$tierbuild
 
 ARG oracle_jdk_rpm=jdk-8u121-linux-x64.rpm
+ARG oracle_jce_zip=jce_policy-8.zip
 
 ENV VERSION=$version
 ENV TIERVERSION=$tierversion
@@ -36,18 +37,22 @@ RUN yum -y install \
     openssl-devel \
     wget \
     && yum -y clean all
+
+ENV JAVA_HOME /usr/java/latest
     
-COPY $oracle_jdk_rpm /tmp
+COPY $oracle_jdk_rpm $oracle_jce_zip /tmp/
 
 RUN echo $oracle_jdk_rpm && yum -y install /tmp/$oracle_jdk_rpm && \
     rm -f /tmp/$oracle_jdk_rpm && \
     alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
     alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
-    alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000
+    alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000 && \
+    unzip -oj /tmp/$oracle_jce_zip UnlimitedJCEPolicyJDK8/local_policy.jar -d $JAVA_HOME/jre/lib/security/ && \
+    unzip -oj /tmp/$oracle_jce_zip UnlimitedJCEPolicyJDK8/US_export_policy.jar -d $JAVA_HOME/jre/lib/security/ && \
+    rm -f /tmp/$oracle_jce_zip && chmod -R 640 $JAVA_HOME/jre/lib/security/
 
 ENV SHIB_RELDIR=http://shibboleth.net/downloads/identity-provider/$VERSION
 ENV SHIB_PREFIX=shibboleth-identity-provider-$VERSION
-ENV JAVA_HOME /usr/java/latest
 
 RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \
       wget -q https://shibboleth.net/downloads/PGP_KEYS \
@@ -66,6 +71,7 @@ RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \
 # Cleanup
            rm -rf /tmp/shibboleth
            
+           
 ENV CATALINA_HOME /usr/local/tomcat
 ENV PATH $CATALINA_HOME/bin:$PATH
 RUN mkdir -p "$CATALINA_HOME"
diff --git a/README.md b/README.md
index 16a20ac..b3ccf75 100644
--- a/README.md
+++ b/README.md
@@ -11,9 +11,14 @@ You should visit a page similar to [this one](http://www.oracle.com/technetwork/
 
 Select *the Linux x64 RPM* and agree to the Oracle Binary Code License Agreement.  You'll ultimately need to mount this RPM in your invocation.
 
+### Acquiring JCE
+
+You should visit a page similar to [this one](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) at Oracle to download the Oracle Java Crypography Extension policy files.
+
 
 ## Building
 
 ```
-docker build --build-arg ORACLE_JDK_RPM=jdk-8u121-linux-x64.rpm .
+docker build  --build-arg oracle_jdk_rpm=jdk-8u121-linux-x64.rpm \
+  --build-arg oracle_jce_zip=jce_policy-8.zip .
 ```
\ No newline at end of file