From e309095ad4085dc9593751046bffc1a9b40ce280 Mon Sep 17 00:00:00 2001
From: Ross Nicoll <ross.nicoll@r3.com>
Date: Wed, 13 Dec 2017 11:21:22 +0000
Subject: [PATCH]  Add sanity check that unlimited strength policy is installed
 (#183)

* Add sanity check that unlimited strength policy is installed
* Add HSM keys to ignore list
---
 .gitignore                                                | 3 +++
 .../main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt    | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 65727aecdf..bc47e81b2e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -110,3 +110,6 @@ TODO
 /sgx-jvm/avian/
 /sgx-jvm/linux-sgx/
 /sgx-jvm/jvm-enclave/proguard.jar
+
+# HSM keys
+*.key
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
index b9c27588fb..4b881005cc 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
@@ -18,9 +18,15 @@ import com.r3.corda.networkmanage.hsm.signer.HsmNetworkMapSigner
 import com.r3.corda.networkmanage.hsm.utils.mapCryptoServerException
 import org.bouncycastle.jce.provider.BouncyCastleProvider
 import java.security.Security
-
+import javax.crypto.Cipher
 
 fun main(args: Array<String>) {
+    // Grabbed from https://stackoverflow.com/questions/7953567/checking-if-unlimited-cryptography-is-available
+    if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
+        System.err.println("Unlimited Strength Jurisdiction Policy Files must be installed, see http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html")
+        System.exit(1)
+    }
+
     try {
         run(parseParameters(*args))
     } catch (e: ShowHelpException) {