Latest revision as of 12:20, 30 March 2017

Description

CryptoPolicies Java: https://bugzilla.redhat.com/show_bug.cgi?id=1249083

How to test

We will test java respects current policy

initially you need:

java (even with devel, to compile testcase. )
```
$ sudo dnf install java-1.8.0-openjdk-devel
```
if you run only icedtea-web tests, feel free to isntal only jre:
```
$ sudo dnf install java-1.8.0-openjdk
```

https://gitlab.com/nmav/fedora-crypto-policies

git clone https://gitlab.com/nmav/fedora-crypto-policies
cd fedora-crypto-policies/
pushd ./tests/java/
javac CipherList.java

then check :
```
cat /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security  | grep security.useSystemPropertiesFile
```
1. if it is false, then systemsettings are not honored. If it is true, then system setings are honoured
2. f26 must have it true by default
3. feel free to change it to false, and experiment with all test in this testcase and monitro differences
4. if something works with useSystemPropertiesFile=false, and not with useSystemPropertiesFile=true, it should be reported

then:

sudo update-crypto-policies --set FUTURE
java CipherList

should give you a different (more strict) set than the following:
```
sudo update-crypto-policies --set DEFAULT
java CipherList
```

Dont forget to play with java settings

/usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false

Secondly you need:
1. icedtea-web - open implementation of javaws and java plugin for browsers
```
$ sudo dnf install icedtea-web
```
2. and some stabile test browser
```
$ sudo dnf install midori firefox epiphany
```
Now feel free to run all https tests in the following list:
note, dont get scared, there is jsut about 10 https tests, and eluminate seems to be correctly broken
1. http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
2. of course feel free to test any jaavws application/applet favourite of yours
3. for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
```
$ javaws some_url
```
4. for plugin be sure plugin is recognized (eg close and start firefox/midori/epiphany after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
5. for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
6. WARNING firefox may have ISSUES in f26 wayland (default) install midori and test with it
```
$ firefox some_url
$ midori some_url
```
7. Dont forget to play with java settings and global settings
```
/usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
and
update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
```

Expected Results

https works fine
global policy is honored if enabled/is not when disabled

@@ Line 1: / Line 1: @@
 {{QA/Test_Case
-|description=CryptoPolicies Java
+|description=CryptoPolicies Java: https://bugzilla.redhat.com/show_bug.cgi?id=1249083
 |actions=
 We will test java respects current policy
 # initially you need:
-## java
+## java (even with devel, to compile testcase. )
+##:<pre>
+##:: $ sudo dnf install java-1.8.0-openjdk-devel
+##:</pre>
+## if you run only icedtea-web  tests, feel free to isntal only jre:
 ##:<pre>
 ##:: $ sudo dnf install java-1.8.0-openjdk
 ##:</pre>
-## Check out tests/java/CipherList in:
 ## https://gitlab.com/nmav/fedora-crypto-policies
 ##:<pre>
@@ Line 26: / Line 29: @@
 # then:
 #:<pre>
-#::  update-crypto-policies --set FUTURE
+#::  sudo update-crypto-policies --set FUTURE
 #::  java CipherList
 #:</pre>
 # should give you a different (more strict) set than the following:
 #:<pre>
-#:: update-crypto-policies --set DEFAULT
+#:: sudo update-crypto-policies --set DEFAULT
 #:: java CipherList
 #:</pre>
@@ Line 42: / Line 45: @@
 ##:<pre>
 ##:: $ sudo dnf install icedtea-web
+##:</pre>
+## and some stabile test browser
+##:<pre>
+##:: $ sudo dnf install midori firefox epiphany
 ##:</pre>
 # Now feel free to run all https tests in the following list:
+# note, dont get scared, there is jsut about 10 https tests, and eluminate seems to be correctly broken
 ## http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
+## of course feel free to test any jaavws application/applet favourite of yours
 ## for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
 ##:<pre>
 ##:: $ javaws some_url
 ##:</pre>
-## for plugin be sure plugin is recognized  (eg close and start firefox after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
+## for plugin be sure plugin is recognized  (eg close and start firefox/midori/epiphany after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
 ## for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
+## WARNING firefox may have ISSUES in f26 wayland (default) install midori and test with it
 ##:<pre>
 ##:: $ firefox some_url
+##:: $ midori some_url
 ##:</pre>
 ## Dont forget to play with java settings and global settings
 ##:<pre>
 ##:: /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
-update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
+##::    and
+##:: update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
 ##:</pre>
 |results=

Search

QA:Testcase CryptoPolicies Java: Difference between revisions

Latest revision as of 12:20, 30 March 2017

Description

How to test

Expected Results