Add a test verifying system crypto policies can be disabled

This commit is contained in:
Severin Gehwolf 2019-02-12 16:58:38 +01:00
parent 6e4a1235d2
commit 06051b6c4d
2 changed files with 54 additions and 1 deletions

View File

@ -0,0 +1,43 @@
import java.io.File;
import java.io.FileInputStream;
import java.security.Security;
import java.util.Properties;
public class TestSecurityProperties {
// JDK 11
private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
// JDK 8
private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
public static void main(String[] args) {
Properties jdkProps = new Properties();
loadProperties(jdkProps);
for (Object key: jdkProps.keySet()) {
String sKey = (String)key;
String securityVal = Security.getProperty(sKey);
String jdkSecVal = jdkProps.getProperty(sKey);
if (!securityVal.equals(jdkSecVal)) {
String msg = "Expected value '" + jdkSecVal + "' for key '" +
sKey + "'" + " but got value '" + securityVal + "'";
throw new RuntimeException("Test failed! " + msg);
} else {
System.out.println("DEBUG: " + sKey + " = " + jdkSecVal + " as expected.");
}
}
System.out.println("TestSecurityProperties PASSED!");
}
private static void loadProperties(Properties props) {
String javaVersion = System.getProperty("java.version");
System.out.println("Debug: Java version is " + javaVersion);
String propsFile = JDK_PROPS_FILE_JDK_11;
if (javaVersion.startsWith("1.8.0")) {
propsFile = JDK_PROPS_FILE_JDK_8;
}
try (FileInputStream fin = new FileInputStream(new File(propsFile))) {
props.load(fin);
} catch (Exception e) {
throw new RuntimeException("Test failed!", e);
}
}
}

View File

@ -957,7 +957,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin} Name: java-%{javaver}-%{origin}
Version: %{newjavaver}.%{buildver} Version: %{newjavaver}.%{buildver}
Release: 3%{?dist} Release: 4%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages # and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a # also included the epoch in their virtual provides. This created a
@ -1009,6 +1009,9 @@ Source13: TestCryptoLevel.java
# Ensure ECDSA is working # Ensure ECDSA is working
Source14: TestECDSA.java Source14: TestECDSA.java
# Verify system crypto (policy) can be disabled via a property
Source15: TestSecurityProperties.java
############################################ ############################################
# #
# RPM/distribution specific patches # RPM/distribution specific patches
@ -1504,6 +1507,10 @@ $JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLev
$JAVA_HOME/bin/javac -d . %{SOURCE14} $JAVA_HOME/bin/javac -d . %{SOURCE14}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check system crypto (policy) can be disabled
$JAVA_HOME/bin/javac -d . %{SOURCE15}
$JAVA_HOME/bin/java -Djava.security.disableSystemPropertiesFile=true $(echo $(basename %{SOURCE15})|sed "s|\.java||")
# Check debug symbols are present and can identify code # Check debug symbols are present and can identify code
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
do do
@ -1877,6 +1884,9 @@ require "copy_jdk_configs.lua"
%changelog %changelog
* Tue Feb 14 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.2.7-4
- Add a test verifying system crypto policies can be disabled
* Tue Feb 12 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.2.7-3 * Tue Feb 12 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.2.7-3
- Don't build the test images needlessly. - Don't build the test images needlessly.