From Fedora Project Wiki

Revision as of 11:44, 30 March 2017 by Jvanek (talk | contribs)

Description

CryptoPolicies Java


How to test

We will test java respects current policy

  1. initially you need:
    1. java
      $ sudo dnf install java-1.8.0-openjdk
    2. Check out tests/java/CipherList in:
    3. https://gitlab.com/nmav/fedora-crypto-policies
      git clone https://gitlab.com/nmav/fedora-crypto-policies
      cd fedora-crypto-policies/
      pushd ./tests/java/
      javac CipherList.java
  2. then check :
    cat /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security | grep security.useSystemPropertiesFile
    1. if it is false, then systemsettings are not honored. If it is true, then system setings are honoured
    2. f26 must have it true by default
    3. feel free to change it to false, and experiment with all test in this testcase and monitro differences
    4. if something works with useSystemPropertiesFile=false, and not with useSystemPropertiesFile=true, it should be reported
  3. then:
    update-crypto-policies --set FUTURE
    java CipherList
  4. should give you a different (more strict) set than the following:
    update-crypto-policies --set DEFAULT
    java CipherList
  5. Dont forget to play with java settings
    /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
  6. Secondly you need:
    1. icedtea-web - open implementation of javaws and java plugin for browsers
      $ sudo dnf install icedtea-web
  7. Now feel free to run all https tests in the following list:
    1. http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
    2. for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
      $ javaws some_url
    3. for plugin be sure plugin is recognized (eg close and start firefox after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
    4. for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
      $ firefox some_url
    5. Dont forget to play with java settings and global settings
      /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true
      or
      useSystemPropertiesFile=false update-crypto-policies --set FUTURE/DEFAULT/WHATEVER

Expected Results

  1. https works fine
  2. global policy is honored if enabled/is not when disabled