From Fedora Project Wiki

(written testcae for java)
 
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{QA/Test_Case
{{QA/Test_Case
|description=CryptoPolicies Java
|description=CryptoPolicies Java: https://bugzilla.redhat.com/show_bug.cgi?id=1249083
|actions=
|actions=
We will test java respects current policy
We will test java respects current policy
# initially you need:
# initially you need:
## java
## java (even with devel, to compile testcase. )
##:<pre>
##:: $ sudo dnf install java-1.8.0-openjdk-devel
##:</pre>
## if you run only icedtea-web  tests, feel free to isntal only jre:
##:<pre>
##:<pre>
##:: $ sudo dnf install java-1.8.0-openjdk
##:: $ sudo dnf install java-1.8.0-openjdk
##:</pre>
##:</pre>
## Check out tests/java/CipherList in:
## https://gitlab.com/nmav/fedora-crypto-policies
## https://gitlab.com/nmav/fedora-crypto-policies
##:<pre>
##:<pre>
Line 26: Line 29:
# then:
# then:
#:<pre>
#:<pre>
#::  update-crypto-policies --set FUTURE
#::  sudo update-crypto-policies --set FUTURE
#::  java CipherList
#::  java CipherList
#:</pre>
#:</pre>
# should give you a different (more strict) set than the following:
# should give you a different (more strict) set than the following:
#:<pre>
#:<pre>
#:: update-crypto-policies --set DEFAULT
#:: sudo update-crypto-policies --set DEFAULT
#:: java CipherList
#:: java CipherList
#:</pre>
#:</pre>
Line 42: Line 45:
##:<pre>
##:<pre>
##:: $ sudo dnf install icedtea-web
##:: $ sudo dnf install icedtea-web
##:</pre>
## and some stabile test browser
##:<pre>
##:: $ sudo dnf install midori firefox epiphany
##:</pre>
##:</pre>
# Now feel free to run all https tests in the following list:
# Now feel free to run all https tests in the following list:
# note, dont get scared, there is jsut about 10 https tests, and eluminate seems to be correctly broken
## http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
## http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
## of course feel free to test any jaavws application/applet favourite of yours
## for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
## for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
##:<pre>
##:<pre>
##:: $ javaws some_url
##:: $ javaws some_url
##:</pre>
##:</pre>
## for plugin be sure plugin is recognized  (eg close and start firefox after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
## for plugin be sure plugin is recognized  (eg close and start firefox/midori/epiphany after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
## for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
## for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
## WARNING firefox may have ISSUES in f26 wayland (default) install midori and test with it
##:<pre>
##:<pre>
##:: $ firefox some_url
##:: $ firefox some_url
##:: $ midori some_url
##:</pre>
##:</pre>
## Dont forget to play with java settings and global settings
## Dont forget to play with java settings and global settings
##:<pre>
##:<pre>
##:: /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
##:: /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
##::    and
##:: update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
##:</pre>
##:</pre>
|results=
|results=

Latest revision as of 12:20, 30 March 2017

Description

CryptoPolicies Java: https://bugzilla.redhat.com/show_bug.cgi?id=1249083


How to test

We will test java respects current policy

  1. initially you need:
    1. java (even with devel, to compile testcase. )
      $ sudo dnf install java-1.8.0-openjdk-devel
    2. if you run only icedtea-web tests, feel free to isntal only jre:
      $ sudo dnf install java-1.8.0-openjdk
    3. https://gitlab.com/nmav/fedora-crypto-policies
      git clone https://gitlab.com/nmav/fedora-crypto-policies
      cd fedora-crypto-policies/
      pushd ./tests/java/
      javac CipherList.java
  2. then check :
    cat /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security | grep security.useSystemPropertiesFile
    1. if it is false, then systemsettings are not honored. If it is true, then system setings are honoured
    2. f26 must have it true by default
    3. feel free to change it to false, and experiment with all test in this testcase and monitro differences
    4. if something works with useSystemPropertiesFile=false, and not with useSystemPropertiesFile=true, it should be reported
  3. then:
    sudo update-crypto-policies --set FUTURE
    java CipherList
  4. should give you a different (more strict) set than the following:
    sudo update-crypto-policies --set DEFAULT
    java CipherList
  5. Dont forget to play with java settings
    /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
  6. Secondly you need:
    1. icedtea-web - open implementation of javaws and java plugin for browsers
      $ sudo dnf install icedtea-web
    2. and some stabile test browser
      $ sudo dnf install midori firefox epiphany
  7. Now feel free to run all https tests in the following list:
  8. note, dont get scared, there is jsut about 10 https tests, and eluminate seems to be correctly broken
    1. http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
    2. of course feel free to test any jaavws application/applet favourite of yours
    3. for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
      $ javaws some_url
    4. for plugin be sure plugin is recognized (eg close and start firefox/midori/epiphany after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
    5. for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
    6. WARNING firefox may have ISSUES in f26 wayland (default) install midori and test with it
      $ firefox some_url
      $ midori some_url
    7. Dont forget to play with java settings and global settings
      /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
      and
      update-crypto-policies --set FUTURE/DEFAULT/WHATEVER

Expected Results

  1. https works fine
  2. global policy is honored if enabled/is not when disabled