From 8a33bfa4a1fdc096a9c5b074ab841f8e7e58b2b8 Mon Sep 17 00:00:00 2001 From: Thomas Fitzsimmons Date: Mon, 24 Nov 2025 21:39:12 +0000 Subject: [PATCH] Update TestSecurityProperties.java test and calling convention Related: RHEL-128409 --- TestSecurityProperties.java | 70 ++++++++++++++++++++++++----- create-redhat-properties-files.bash | 3 +- java-25-openjdk.spec | 5 ++- 3 files changed, 63 insertions(+), 15 deletions(-) diff --git a/TestSecurityProperties.java b/TestSecurityProperties.java index 2507ceb..a6e586e 100644 --- a/TestSecurityProperties.java +++ b/TestSecurityProperties.java @@ -21,15 +21,32 @@ import java.security.Security; import java.util.Properties; public class TestSecurityProperties { + private static final String JAVA_HOME = System.getProperty("java.home"); // JDK 11 - private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security"; + private static final String JDK_PROPS_FILE_JDK_11 = JAVA_HOME + "/conf/security/java.security"; // JDK 8 - private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security"; + private static final String JDK_PROPS_FILE_JDK_8 = JAVA_HOME + "/lib/security/java.security"; + // JDK 25 + // Omit fips.properties files since they are not relevant to this test. + // Omit JAVA_HOME + "/conf/security/redhat/crypto-policies.properties" which simply includes + // true/crypto-policies.properties in case redhat.crypto-policies is left undefined. + private static final String[] JDK_PROPS_FILES_JDK_25_ENABLED = { + JAVA_HOME + "/conf/security/redhat/true/crypto-policies.properties", + "/etc/crypto-policies/back-ends/java.config" + }; + private static final String[] JDK_PROPS_FILES_JDK_25_DISABLED = { + JAVA_HOME + "/conf/security/redhat/false/crypto-policies.properties" + }; private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config"; private static final String MSG_PREFIX = "DEBUG: "; + private static final String javaVersion = System.getProperty("java.version"); + + // float for java 1.8 + private static final float JAVA_FEATURE = Float.parseFloat(System.getProperty("java.specification.version")); + public static void main(String[] args) { if (args.length == 0) { System.err.println("TestSecurityProperties "); @@ -40,18 +57,24 @@ public class TestSecurityProperties { boolean enabled = Boolean.valueOf(args[0]); System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled); Properties jdkProps = new Properties(); - loadProperties(jdkProps); + loadProperties(jdkProps, enabled); if (enabled) { loadPolicy(jdkProps); } - for (Object key: jdkProps.keySet()) { - String sKey = (String)key; + for (Object key : jdkProps.keySet()) { + String sKey = (String) key; + if (JAVA_FEATURE >= 25 && sKey.equals("include")) { + // Avoid the following exception on 25: IllegalArgumentException: Key 'include' is + // reserved and cannot be used as a Security property name. Hard-code the includes + // in JDK_PROPS_FILES_JDK_25_ENABLED and JDK_PROPS_FILES_JDK_25_DISABLED instead. + continue; + } System.out.println(MSG_PREFIX + "Checking " + sKey); String securityVal = Security.getProperty(sKey); String jdkSecVal = jdkProps.getProperty(sKey); if (!jdkSecVal.equals(securityVal)) { String msg = "Expected value '" + jdkSecVal + "' for key '" + - sKey + "'" + " but got value '" + securityVal + "'"; + sKey + "'" + " but got value '" + securityVal + "'"; throw new RuntimeException("Test failed! " + msg); } else { System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected."); @@ -60,17 +83,26 @@ public class TestSecurityProperties { System.out.println("TestSecurityProperties PASSED!"); } - private static void loadProperties(Properties props) { - String javaVersion = System.getProperty("java.version"); + private static void loadPropertiesFile(Properties props, String propsFile) { + try (FileInputStream fin = new FileInputStream(propsFile)) { + props.load(fin); + } catch (Exception e) { + throw new RuntimeException("Test failed!", e); + } + } + + private static void loadProperties(Properties props, boolean enabled) { System.out.println(MSG_PREFIX + "Java version is " + javaVersion); String propsFile = JDK_PROPS_FILE_JDK_11; if (javaVersion.startsWith("1.8.0")) { propsFile = JDK_PROPS_FILE_JDK_8; } - try (FileInputStream fin = new FileInputStream(propsFile)) { - props.load(fin); - } catch (Exception e) { - throw new RuntimeException("Test failed!", e); + loadPropertiesFile(props, propsFile); + if (JAVA_FEATURE >= 25) { + for (String file : enabled ? JDK_PROPS_FILES_JDK_25_ENABLED : JDK_PROPS_FILES_JDK_25_DISABLED) { + System.out.println(MSG_PREFIX + "Loading " + file); + loadPropertiesFile(props, file); + } } } @@ -83,3 +115,17 @@ public class TestSecurityProperties { } } + +/* + * Local Variables: + * compile-command: "\ + * /usr/lib/jvm/java-25-openjdk/bin/javac TestSecurityProperties.java \ + * && (/usr/lib/jvm/java-25-openjdk/bin/java TestSecurityProperties false ; [[ $? == 1 ]]) \ + * && (/usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=true TestSecurityProperties false ; [[ $? == 1 ]]) \ + * && (/usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=false TestSecurityProperties true ; [[ $? == 1 ]]) \ + * && /usr/lib/jvm/java-25-openjdk/bin/java TestSecurityProperties true \ + * && /usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=true TestSecurityProperties true \ + * && /usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=false TestSecurityProperties false" \ + * fill-column: 124 + * End: + */ diff --git a/create-redhat-properties-files.bash b/create-redhat-properties-files.bash index 04d7f31..39c7ffc 100644 --- a/create-redhat-properties-files.bash +++ b/create-redhat-properties-files.bash @@ -30,7 +30,8 @@ # bash -x create-redhat-properties-files.bash ${imagepath}/conf/security # # When you make changes to the file set here, also update the %files -# section in the spec file. +# section in the spec file, and the JDK_PROPS_FILES_JDK_25 variables +# in TestSecurityProperties.java. [[ $# == 1 ]] || exit 1 diff --git a/java-25-openjdk.spec b/java-25-openjdk.spec index 4b9f0f6..73cbf7e 100644 --- a/java-25-openjdk.spec +++ b/java-25-openjdk.spec @@ -356,7 +356,7 @@ # Define nssadapter version %global nssadapter_version 0.1.0 # Define whether the crypto policy is expected to be active when testing -%global crypto_policy_active false +%global crypto_policy_active true # Define JDK versions %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} %global javaver %{featurever} @@ -2096,7 +2096,7 @@ $JAVA_HOME/bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -versi export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") export SEC_DEBUG="-Djava.security.debug=properties" $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} %{crypto_policy_active} - $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false + $JAVA_HOME/bin/java ${SEC_DEBUG} -Dredhat.crypto-policies=false ${PROG} false # Check correct vendor values have been set $JAVA_HOME/bin/javac -d . %{SOURCE16} @@ -2596,6 +2596,7 @@ exit 0 - Add libnssadapter.so - Add FIPS crypto-policies configuration - Remove obsolete security.useSystemPropertiesFile setup +- Update TestSecurityProperties.java test and calling convention - Resolves: RHEL-128413 - Resolves: RHEL-128409