Update TestSecurityProperties.java test and calling convention

Related: RHEL-128409

TestSecurityProperties.java

@@ -21,15 +21,32 @@ import java.security.Security;
 import java.util.Properties;
 
 public class TestSecurityProperties {
+    private static final String JAVA_HOME = System.getProperty("java.home");
     // JDK 11
-    private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
+    private static final String JDK_PROPS_FILE_JDK_11 = JAVA_HOME + "/conf/security/java.security";
     // JDK 8
-    private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
+    private static final String JDK_PROPS_FILE_JDK_8 = JAVA_HOME + "/lib/security/java.security";
+    // JDK 25
+    // Omit fips.properties files since they are not relevant to this test.
+    // Omit JAVA_HOME + "/conf/security/redhat/crypto-policies.properties" which simply includes
+    // true/crypto-policies.properties in case redhat.crypto-policies is left undefined.
+    private static final String[] JDK_PROPS_FILES_JDK_25_ENABLED = {
+            JAVA_HOME + "/conf/security/redhat/true/crypto-policies.properties",
+            "/etc/crypto-policies/back-ends/java.config"
+    };
+    private static final String[] JDK_PROPS_FILES_JDK_25_DISABLED = {
+            JAVA_HOME + "/conf/security/redhat/false/crypto-policies.properties"
+    };
 
     private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config";
 
     private static final String MSG_PREFIX = "DEBUG: ";
 
+    private static final String javaVersion = System.getProperty("java.version");
+
+    // float for java 1.8
+    private static final float JAVA_FEATURE = Float.parseFloat(System.getProperty("java.specification.version"));
+
     public static void main(String[] args) {
         if (args.length == 0) {
             System.err.println("TestSecurityProperties <true|false>");
@@ -40,18 +57,24 @@ public class TestSecurityProperties {
         boolean enabled = Boolean.valueOf(args[0]);
         System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled);
         Properties jdkProps = new Properties();
-        loadProperties(jdkProps);
+        loadProperties(jdkProps, enabled);
         if (enabled) {
             loadPolicy(jdkProps);
         }
-        for (Object key: jdkProps.keySet()) {
-            String sKey = (String)key;
+        for (Object key : jdkProps.keySet()) {
+            String sKey = (String) key;
+            if (JAVA_FEATURE >= 25 && sKey.equals("include")) {
+                // Avoid the following exception on 25: IllegalArgumentException: Key 'include' is
+                // reserved and cannot be used as a Security property name.  Hard-code the includes
+                // in JDK_PROPS_FILES_JDK_25_ENABLED and JDK_PROPS_FILES_JDK_25_DISABLED instead.
+                continue;
+            }
             System.out.println(MSG_PREFIX + "Checking " + sKey);
             String securityVal = Security.getProperty(sKey);
             String jdkSecVal = jdkProps.getProperty(sKey);
             if (!jdkSecVal.equals(securityVal)) {
                 String msg = "Expected value '" + jdkSecVal + "' for key '" +
-                             sKey + "'" + " but got value '" + securityVal + "'";
+                        sKey + "'" + " but got value '" + securityVal + "'";
                 throw new RuntimeException("Test failed! " + msg);
             } else {
                 System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected.");
@@ -60,17 +83,26 @@ public class TestSecurityProperties {
         System.out.println("TestSecurityProperties PASSED!");
     }
 
-    private static void loadProperties(Properties props) {
-        String javaVersion = System.getProperty("java.version");
+    private static void loadPropertiesFile(Properties props, String propsFile) {
+        try (FileInputStream fin = new FileInputStream(propsFile)) {
+            props.load(fin);
+        } catch (Exception e) {
+            throw new RuntimeException("Test failed!", e);
+        }
+    }
+
+    private static void loadProperties(Properties props, boolean enabled) {
         System.out.println(MSG_PREFIX + "Java version is " + javaVersion);
         String propsFile = JDK_PROPS_FILE_JDK_11;
         if (javaVersion.startsWith("1.8.0")) {
             propsFile = JDK_PROPS_FILE_JDK_8;
         }
-        try (FileInputStream fin = new FileInputStream(propsFile)) {
-            props.load(fin);
-        } catch (Exception e) {
-            throw new RuntimeException("Test failed!", e);
+        loadPropertiesFile(props, propsFile);
+        if (JAVA_FEATURE >= 25) {
+            for (String file : enabled ? JDK_PROPS_FILES_JDK_25_ENABLED : JDK_PROPS_FILES_JDK_25_DISABLED) {
+                System.out.println(MSG_PREFIX + "Loading " + file);
+                loadPropertiesFile(props, file);
+            }
         }
     }
 
@@ -83,3 +115,17 @@ public class TestSecurityProperties {
     }
 
 }
+
+/*
+ * Local Variables:
+ * compile-command: "\
+ * /usr/lib/jvm/java-25-openjdk/bin/javac TestSecurityProperties.java \
+ * && (/usr/lib/jvm/java-25-openjdk/bin/java                                TestSecurityProperties false ; [[ $? == 1 ]]) \
+ * && (/usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=true  TestSecurityProperties false ; [[ $? == 1 ]]) \
+ * && (/usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=false TestSecurityProperties true  ; [[ $? == 1 ]]) \
+ * &&  /usr/lib/jvm/java-25-openjdk/bin/java                                TestSecurityProperties true                   \
+ * &&  /usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=true  TestSecurityProperties true                   \
+ * &&  /usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=false TestSecurityProperties false"                 \
+ * fill-column: 124
+ * End:
+ */

create-redhat-properties-files.bash

@@ -30,7 +30,8 @@
 # bash -x create-redhat-properties-files.bash ${imagepath}/conf/security
 #
 # When you make changes to the file set here, also update the %files
-# section in the spec file.
+# section in the spec file, and the JDK_PROPS_FILES_JDK_25 variables
+# in TestSecurityProperties.java.
 
 [[ $# == 1 ]] || exit 1
 

java-25-openjdk.spec

@@ -356,7 +356,7 @@
 # Define nssadapter version
 %global nssadapter_version 0.1.0
 # Define whether the crypto policy is expected to be active when testing
-%global crypto_policy_active false
+%global crypto_policy_active true
 # Define JDK versions
 %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
 %global javaver         %{featurever}
@@ -2096,7 +2096,7 @@ $JAVA_HOME/bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -versi
   export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
   export SEC_DEBUG="-Djava.security.debug=properties"
   $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} %{crypto_policy_active}
-  $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
+  $JAVA_HOME/bin/java ${SEC_DEBUG} -Dredhat.crypto-policies=false ${PROG} false
 
   # Check correct vendor values have been set
   $JAVA_HOME/bin/javac -d . %{SOURCE16}
@@ -2596,6 +2596,7 @@ exit 0
 - Add libnssadapter.so
 - Add FIPS crypto-policies configuration
 - Remove obsolete security.useSystemPropertiesFile setup
+- Update TestSecurityProperties.java test and calling convention
 - Resolves: RHEL-128413
 - Resolves: RHEL-128409