From d647f733c72671db7c4af046ad832208027b3720 Mon Sep 17 00:00:00 2001
From: Andrew Hughes <gnu.andrew@redhat.com>
Date: Thu, 2 Oct 2025 23:24:15 +0100
Subject: [PATCH] Introduce crypto_policy_active to designate whether we should
 expect policy adherence in testing

Related: RHEL-100678
---
 TestSecurityProperties.java | 2 +-
 java-25-openjdk.spec        | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/TestSecurityProperties.java b/TestSecurityProperties.java
index 9fbaa45..2507ceb 100644
--- a/TestSecurityProperties.java
+++ b/TestSecurityProperties.java
@@ -46,7 +46,7 @@ public class TestSecurityProperties {
         }
         for (Object key: jdkProps.keySet()) {
             String sKey = (String)key;
-	    System.out.println(MSG_PREFIX + "Checking " + sKey);
+            System.out.println(MSG_PREFIX + "Checking " + sKey);
             String securityVal = Security.getProperty(sKey);
             String jdkSecVal = jdkProps.getProperty(sKey);
             if (!jdkSecVal.equals(securityVal)) {
diff --git a/java-25-openjdk.spec b/java-25-openjdk.spec
index 1cc7cb4..ac14a38 100644
--- a/java-25-openjdk.spec
+++ b/java-25-openjdk.spec
@@ -348,8 +348,10 @@
 
 # Define IcedTea version used for SystemTap tapsets and desktop file
 %global icedteaver      6.0.0pre00-c848b93a8598
-# Define current Git revision for the FIPS support patches
+# Define current Git revision for the crypto policy & FIPS support patches
 %global fipsver 9203d50836c
+# Define whether the crypto policy is expected to be active when testing
+%global crypto_policy_active true
 # Define JDK versions
 %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
 # Force 25 until we are actually ready to build that JDK version
@@ -1974,7 +1976,7 @@ $JAVA_HOME/bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -versi
   $JAVA_HOME/bin/javac -d . %{SOURCE15}
   export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
   export SEC_DEBUG="-Djava.security.debug=properties"
-  $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
+  $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} %{crypto_policy_active}
   $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
 
   # Check correct vendor values have been set
@@ -2481,6 +2483,7 @@ exit 0
 - Remove references to libsystemconf.so and nss.fips.cfg from the 21u FIPS patch
 - Include static libraries in the vm_variant subdirectory after JDK-8307858 (libjvm.a)
 - Flip equals test in TestSecurityProperties.java to handle null values from Security.getProperty
+- Introduce crypto_policy_active to designate whether we should expect policy adherence in testing
 - Related: RHEL-100678
 
 * Mon Aug 25 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.8.0.9-1