From Fedora Project Wiki
Description
CryptoPolicies Java
How to test
We will test java respects current policy
- initially you need:
- java
- $ sudo dnf install java-1.8.0-openjdk
- Check out tests/java/CipherList in:
- https://gitlab.com/nmav/fedora-crypto-policies
- git clone https://gitlab.com/nmav/fedora-crypto-policies
- cd fedora-crypto-policies/
- pushd ./tests/java/
- javac CipherList.java
- java
- then check :
- cat /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security | grep security.useSystemPropertiesFile
- if it is false, then systemsettings are not honored. If it is true, then system setings are honoured
- f26 must have it true by default
- feel free to change it to false, and experiment with all test in this testcase and monitro differences
- if something works with useSystemPropertiesFile=false, and not with useSystemPropertiesFile=true, it should be reported
- then:
- update-crypto-policies --set FUTURE
- java CipherList
- should give you a different (more strict) set than the following:
- update-crypto-policies --set DEFAULT
- java CipherList
- Dont forget to play with java settings
- /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
- Secondly you need:
- icedtea-web - open implementation of javaws and java plugin for browsers
- $ sudo dnf install icedtea-web
- icedtea-web - open implementation of javaws and java plugin for browsers
- Now feel free to run all https tests in the following list:
- http://icedtea.classpath.org/wiki/IcedTea-Web-Tests
- for javaws follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_webstart_.28javaws.29_test_applications
- $ javaws some_url
- for plugin be sure plugin is recognized (eg close and start firefox after install). See it in about:plugins and be aware, that it requres click-and-play (yes, it is legacy technology)
- for plugin follow: http://icedtea.classpath.org/wiki/IcedTea-Web-Tests#IcedTea-Web_plugin_test_sites:
- $ firefox some_url
- Dont forget to play with java settings and global settings
- /usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security useSystemPropertiesFile=true or useSystemPropertiesFile=false
update-crypto-policies --set FUTURE/DEFAULT/WHATEVER
Expected Results
- https works fine
- global policy is honored if enabled/is not when disabled