maybe chmod 0644 'java-11-openjdk/psfontj2d.properties'
maybe chmod 0755 'java-11-openjdk/security'
maybe chmod 0644 'java-11-openjdk/security/blacklisted.certs'
+maybe chmod 0644 'java-11-openjdk/security/blocked.certs'
maybe chmod 0644 'java-11-openjdk/security/default.policy'
maybe chmod 0644 'java-11-openjdk/security/java.policy'
maybe chmod 0644 'java-11-openjdk/security/java.security'
maybe chmod 0644 'letsencrypt/csr/3313_csr-certbot.pem'
maybe chmod 0644 'letsencrypt/csr/3314_csr-certbot.pem'
maybe chmod 0644 'letsencrypt/csr/3315_csr-certbot.pem'
+maybe chmod 0644 'letsencrypt/csr/3316_csr-certbot.pem'
maybe chmod 0700 'letsencrypt/keys'
maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3314_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3315_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3316_key-certbot.pem'
+maybe chmod 0600 'letsencrypt/keys/3317_key-certbot.pem'
maybe chmod 0755 'letsencrypt/live'
maybe chmod 0755 'letsencrypt/live/ccu.hoellein.online'
maybe chmod 0644 'letsencrypt/live/ccu.hoellein.online/README'
#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=Basic
+#
+# Allow restricted HTTP request headers
+#
+# By default, the following request headers are not allowed to be set by user code
+# in HttpRequests: "connection", "content-length", "expect", "host" and "upgrade".
+# The 'jdk.httpclient.allowRestrictedHeaders' property allows one or more of these
+# headers to be specified as a comma separated list to override the default restriction.
+# The names are case-insensitive and white-space is ignored (removed before processing
+# the list). Note, this capability is mostly intended for testing and isn't expected
+# to be used in real deployments. Protocol errors or other undefined behavior is likely
+# to occur when using them. The property is not set by default.
+# Note also, that there may be other headers that are restricted from being set
+# depending on the context. This includes the "Authorization" header when the
+# relevant HttpClient has an authenticator set. These restrictions cannot be
+# overridden by this property.
+#
+# jdk.httpclient.allowRestrictedHeaders=host
+#
#
# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
# can be used for the NTLM scheme, where the security credentials based on the
--- /dev/null
+Algorithm=SHA-256
+03DB9E5E79FE6117177F81C11595AF598CB176AF766290DBCEB2C318B32E39A2
+08C396C006A21055D00826A5781A5CCFCE2C8D053AB3C197637A4A7A5BB9A650
+14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD
+1C5E6985ACC09221DBD1A4B7BBC6D3A8C3F8540D19F20763A9537FDD42B4FFE7
+1F6BF8A3F2399AF7FD04516C2719C566CBAD51F412738F66D0457E1E6BDE6F2D
+2A464E4113141352C7962FBD1706ED4B88533EF24D7BBA6CCC5D797FD202F1C4
+31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133
+3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66
+3E11CF90719F6FB44D94EAC9A156B89BEBE7B8598F28EC58913F2BFCAF91D0C0
+423279423B9FC8CB06F1BB7C3B247522B948D5F18939F378ECC901126DE40BFB
+450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2
+4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE
+4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176
+535D04DFCE027C70BD5F8A9E0AD4F218E9AFDCF5BBCF9B6DE0D81E148E2E3172
+568FAF38D9F155F624838E2181B1CEB4D8459305EE652B0F810C97C3611BFE19
+585CFE6B7436CBD4E732763A2137D7F49599BA9B1790E688FCEC799C58EB84A6
+5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B
+71CB00749B9130FB2707A2664BFF958D0FCC8E161D9674C7450BA0FC2BEAF9D3
+76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645
+8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF
+9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC
+9FADCE80D62A959F9930D748488C1E22E821F4E1E4A43584B848C2FC11E04D77
+A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083
+A90132CEA1D4F7185E4F688EFFD16F6AC14DFD78356A807599A5DABBEEF3333E
+B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD
+C0D1F42B9F4BF7ACC045B7BB5D4805E10737F67B6310CE505248D543D0D5FE07
+D0156949F1381943442C6974E9B5B49EF441BB799EF20477B90A89C3F33620CE
+D151962D954970501C60079258EBCFA38502E0A9F03CD640322B08C0A3117FE5
+D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F
+D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967
+D6CEAE5D9E047FAF7D797858D229AC991AD44316D1E2A37A21926D763153593A
+DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E951B49BE
+E0E740E4B0F8B3548181FF75B5372FAF4C70B99EC995D694ED0FB91B03FF8D21
+EC30C9C3065A06BB07DC5B1C6B497F370C1CA65C0F30C08E042BA6BCECC78F2C
+F5B6F88F75D391A4B1EB336F9E201239FB6B1377DB8CFA7B84736216E5AFFFD7
+FBB12938ABD86C125796EDF4162D291028890A7D6C0C1CCA75FD4B95EBFA7A1A
+FC02FD48DB92D4DCE6F11679D38354CF750CFC7F584A520EB90BDE80E241F2BD
+FDEDB5BDFCB67411513A61AEE5CB5B5D7C52AF06028EFC996CC1B05B1D6CEA2B
grant codeBase "jrt:/jdk.crypto.cryptoki" {
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.crypto.provider";
+ permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*";
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
# Policy for failed Kerberos KDC lookups:
#
# When a KDC is unavailable (network error, service failure, etc), it is
-# put inside a blacklist and accessed less often for future requests. The
+# put inside a secondary list and accessed less often for future requests. The
# value (case-insensitive) for this policy can be:
#
# tryLast
-# KDCs in the blacklist are always tried after those not on the list.
+# KDCs in the secondary list are always tried after those not on the list.
#
# tryLess[:max_retries,timeout]
-# KDCs in the blacklist are still tried by their order in the configuration,
-# but with smaller max_retries and timeout values. max_retries and timeout
-# are optional numerical parameters (default 1 and 5000, which means once
-# and 5 seconds). Please notes that if any of the values defined here is
-# more than what is defined in krb5.conf, it will be ignored.
-#
-# Whenever a KDC is detected as available, it is removed from the blacklist.
-# The blacklist is reset when krb5.conf is reloaded. You can add
+# KDCs in the secondary list are still tried by their order in the
+# configuration, but with smaller max_retries and timeout values.
+# max_retries and timeout are optional numerical parameters (default 1 and
+# 5000, which means once and 5 seconds). Please note that if any of the
+# values defined here are more than what is defined in krb5.conf, it will be
+# ignored.
+#
+# Whenever a KDC is detected as available, it is removed from the secondary
+# list. The secondary list is reset when krb5.conf is reloaded. You can add
# refreshKrb5Config=true to a JAAS configuration file so that krb5.conf is
# reloaded whenever a JAAS authentication is attempted.
#
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL82
+C9rmqYWKk5astF4XNVzfUlaUquqnMH5iKh5tUFtJe8Uw2YIXDFdmWb4b+XanBu1L
+S1PkWYWQfqfTrpUJKF30Usi+rEDLQ8KyDE1fz0lcz+5cf09X106NNCjUE3LtP+eo
+KJPuaia4yd/6zDbNIRzJdxaNk2jLJ5e9Xu8Gm3rex0VZwBAhfrTmLabotfXI/5oX
+2u+9q8n9HfNwRa6w2iglzzaN4LdJ+z0Z/RK5BoOacoCPKeNPITX8zTN3MVW4KsjO
+kqzU6EbgcMV5e324sT++N9ywf5/a/PpXiMp6vVIV9KXHDr32nZZvf3Zbgoc8zSv7
+cP6YssAvMvmnmb+d6rkCAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw
+FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQA0ry0or/t3
+kLDAD8JKKaHSC8sE7HCXb/W2DKzme7eW803h+GF3hMudHihO0Ks+61v2PeJ7ewnI
+sGgsO4gCnZKE78C3Ee/XYQBrxxOmII38TLSPZVXNQWFixVoYmeuPfdzGX2ZVMnRV
+KZL5QD6iFEc7yjTMS+KR4N79kApHQEmqvYbuWJlqjy+KwDVBWhkJDFt9vTYSMfFz
+OfIkEPbaBHp3TeVctGZWra21SGjUAMLE9SPXA4YbY3rHZAsnWJ5RUZ+i+TkDnWsl
+UhXkSZ+2BUvzoYcAN/dkp09jeuJzbYnVkFrOkW25muPFUippmOJK3PD2xPHfuw4n
+2/PupwCQ02wO
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/Ngva5qmFipOW
+rLReFzVc31JWlKrqpzB+YioebVBbSXvFMNmCFwxXZlm+G/l2pwbtS0tT5FmFkH6n
+066VCShd9FLIvqxAy0PCsgxNX89JXM/uXH9PV9dOjTQo1BNy7T/nqCiT7momuMnf
++sw2zSEcyXcWjZNoyyeXvV7vBpt63sdFWcAQIX605i2m6LX1yP+aF9rvvavJ/R3z
+cEWusNooJc82jeC3Sfs9Gf0SuQaDmnKAjynjTyE1/M0zdzFVuCrIzpKs1OhG4HDF
+eXt9uLE/vjfcsH+f2vz6V4jKer1SFfSlxw699p2Wb392W4KHPM0r+3D+mLLALzL5
+p5m/neq5AgMBAAECggEBAJlJv6lGf6KCHJ2PaK2Bl5MTqVOlrXueer7m/XMVGXWF
+bIcCCW1EAu3SLKG+lXfsoR383a+sgaQU2aS7i9sI02a25uLuEPOEwJbF3BzvcSMU
+F9G0L4+xEPd1NdqBYfIhhri1U4p8eHcAbz5zNeG9Aw2r6R+YchNxwhTgiMnAl0ah
+C7kkLYnfQWdG5lmlcDR+tuXX+c3PXB+eu/9gNw3e7ScBSgpT6ygnBTX4s4MB49wp
+5kn3/j6KIwpnNs2F4kiyx9u2J+nRNLx5yK9R6d0/JKOhNtGAiEhBt5Y9WZwbEbzJ
+ZMLPi1NnPHairV17yCgpvRj25cAh1mWHD5CdbELU870CgYEA9Nsfq+OfEVqAIOOM
+vdPnhbBOQ2QfG65plpWaUA2aHYb+SSooyVxHD9H4DbjinPpSdhvXZmQIhATzA0R+
+G9Z0X/yKB3UjmpzAZbgdGI52y0P1Sg+QWFB0vdndHmgcc6Bw5xWpLGbBxmTebH48
+CAh5SfnU30ak8PQwO+WckTw07L8CgYEAx+nkwbwOcarpWRRcpbQRamBzJj/ZoOiP
+qC2K7fbbHG8wW30GScMMt3FcMaYHKbhNfB5nvsmk3v90JrGjeo0pO+SMNh+DqgfS
+edbeNdkRVEK68AUJYVVw/wnEdvpFs56T5hvXUaPiIR2zVogRVw1nY/CXGkWwAZd2
+aTDL063FbocCgYEA5JHw3MqdYNu0o/8HEOVRSREt3ecGyxZjZri81mH8LfgoRDBg
+5qeHhpMhFd4zXQqoE60lxGU5NdRQ7gnwFxh4hmn+h7unwtr1F39pWdUTu+fygHJK
+8sYYVGmd6paRiLaK7ozf4Z0C4qqin3CvpWgToSTgvJT7wBqTNDbBkyo61Y0CgYAW
+U2mntS/Lw/GRcDO0kbqMLb9OWz0buj0o5AUq9DGeKFC3Nuw32p+V8QQBy2/rWdjV
+brPZW72c5dx74cTHD/K17J04Aib7GyqHTta8HsTPqzAjU/yrMRaQdO/K9cJJAAG2
+Zg+S34GGf0Gi/UkqdqXARIMrfPLeCqM/tiJdPn/ZCwKBgQDm+i1r86gjtIsbkIYK
+Evyz0QY++x0ist7hMRStlsla5qOD5Zs9xKd48loXDiqBTvwSC5WYUOznDHBSkuJV
+Etz+vNTJNDRKtECqD+C6oaVK2nIeauaa9S2fBkvEuNve1u1AxbsFD3JjQLvzSr54
+RBof0S2FOdypGwtgBTDIvRNCcw==
+-----END PRIVATE KEY-----
projects / homeserver / commitdiff