Add a test verifying system crypto policies can be disabled
This commit is contained in:
parent
df67399225
commit
d15d026ae5
43
TestSecurityProperties.java
Normal file
43
TestSecurityProperties.java
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
import java.io.File;
|
||||||
|
import java.io.FileInputStream;
|
||||||
|
import java.security.Security;
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
public class TestSecurityProperties {
|
||||||
|
// JDK 11
|
||||||
|
private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
|
||||||
|
// JDK 8
|
||||||
|
private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
Properties jdkProps = new Properties();
|
||||||
|
loadProperties(jdkProps);
|
||||||
|
for (Object key: jdkProps.keySet()) {
|
||||||
|
String sKey = (String)key;
|
||||||
|
String securityVal = Security.getProperty(sKey);
|
||||||
|
String jdkSecVal = jdkProps.getProperty(sKey);
|
||||||
|
if (!securityVal.equals(jdkSecVal)) {
|
||||||
|
String msg = "Expected value '" + jdkSecVal + "' for key '" +
|
||||||
|
sKey + "'" + " but got value '" + securityVal + "'";
|
||||||
|
throw new RuntimeException("Test failed! " + msg);
|
||||||
|
} else {
|
||||||
|
System.out.println("DEBUG: " + sKey + " = " + jdkSecVal + " as expected.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
System.out.println("TestSecurityProperties PASSED!");
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void loadProperties(Properties props) {
|
||||||
|
String javaVersion = System.getProperty("java.version");
|
||||||
|
System.out.println("Debug: Java version is " + javaVersion);
|
||||||
|
String propsFile = JDK_PROPS_FILE_JDK_11;
|
||||||
|
if (javaVersion.startsWith("1.8.0")) {
|
||||||
|
propsFile = JDK_PROPS_FILE_JDK_8;
|
||||||
|
}
|
||||||
|
try (FileInputStream fin = new FileInputStream(new File(propsFile))) {
|
||||||
|
props.load(fin);
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new RuntimeException("Test failed!", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -991,7 +991,7 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas
|
|||||||
|
|
||||||
Name: java-%{javaver}-%{origin}
|
Name: java-%{javaver}-%{origin}
|
||||||
Version: %{javaver}.%{updatever}.%{buildver}
|
Version: %{javaver}.%{updatever}.%{buildver}
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
||||||
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
||||||
# also included the epoch in their virtual provides. This created a
|
# also included the epoch in their virtual provides. This created a
|
||||||
@ -1052,6 +1052,9 @@ Source13: TestCryptoLevel.java
|
|||||||
# Ensure ECDSA is working
|
# Ensure ECDSA is working
|
||||||
Source14: TestECDSA.java
|
Source14: TestECDSA.java
|
||||||
|
|
||||||
|
# Verify system crypto (policy) can be disabled via a property
|
||||||
|
Source15: TestSecurityProperties.java
|
||||||
|
|
||||||
Source20: repackReproduciblePolycies.sh
|
Source20: repackReproduciblePolycies.sh
|
||||||
|
|
||||||
# New versions of config files with aarch64 support. This is not upstream yet.
|
# New versions of config files with aarch64 support. This is not upstream yet.
|
||||||
@ -1857,6 +1860,10 @@ $JAVA_HOME/bin/java TestCryptoLevel
|
|||||||
$JAVA_HOME/bin/javac -d . %{SOURCE14}
|
$JAVA_HOME/bin/javac -d . %{SOURCE14}
|
||||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
|
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
|
||||||
|
|
||||||
|
# Verify system crypto (policy) can be disabled
|
||||||
|
$JAVA_HOME/bin/javac -d . %{SOURCE15}
|
||||||
|
$JAVA_HOME/bin/java -Djava.security.disableSystemPropertiesFile=true $(echo $(basename %{SOURCE15})|sed "s|\.java||")
|
||||||
|
|
||||||
# Check debug symbols are present and can identify code
|
# Check debug symbols are present and can identify code
|
||||||
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
|
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
|
||||||
do
|
do
|
||||||
@ -2321,6 +2328,9 @@ require "copy_jdk_configs.lua"
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 19 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:1.8.0.201.b09-5
|
||||||
|
- Add a test verifying system crypto policies can be disabled
|
||||||
|
|
||||||
* Tue Feb 19 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.201.b09-4
|
* Tue Feb 19 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.201.b09-4
|
||||||
- Add PR3655 to allow the system crypto policy to be turned off.
|
- Add PR3655 to allow the system crypto policy to be turned off.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user