Skip to content

Commit

Permalink
Added test for openJDK in FIPS mode. Fix issue #614
Browse files Browse the repository at this point in the history
  • Loading branch information
@pablo-herranz
Pablo Herranz Ramírez authored and pablo-herranz committed Nov 27, 2024
1 parent a5c3f80 commit befbd9d
Showing 1 changed file with 38 additions and 1 deletion.
39 changes: 38 additions & 1 deletion tests/test_fips.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@
from bci_tester.data import BASE_FIPS_CONTAINERS
from bci_tester.data import CONTAINERS_WITH_ZYPPER
from bci_tester.data import LTSS_BASE_FIPS_CONTAINERS
from bci_tester.data import OS_VERSION
from bci_tester.data import OPENJDK_17_CONTAINER
from bci_tester.data import OPENJDK_21_CONTAINER
from bci_tester.fips import FIPS_DIGESTS
from bci_tester.fips import FIPS_GCRYPT_DIGESTS
from bci_tester.fips import FIPS_GNUTLS_DIGESTS
Expand Down Expand Up @@ -350,3 +351,39 @@ def test_nss_firefox_cert(container_per_test: ContainerData) -> None:
c.check_output(
'certutil -R -k rsa -g 2048 -s "CN=Daniel Duesentrieb3,O=Example Corp,L=Mountain View,ST=California,C=DE" -d "${PWD}/nssdb" -o cert9.cer -f password.txt -z seedfile.dat',
)


@pytest.mark.parametrize(
"container,openjdk_version",
[
pytest.param(
OPENJDK_17_CONTAINER, "17", marks=OPENJDK_17_CONTAINER.marks
),
pytest.param(
OPENJDK_21_CONTAINER, "21", marks=OPENJDK_21_CONTAINER.marks
),
],
indirect=["container"],
)
def test_openjdk_cert(container, openjdk_version) -> None:
c = container.connection
# Enable FIPS mode in the openJDK container
c.check_output("export NSS_FIPS=1")
# Install required packages for the test
c.check_output(
f"zypper -n install git-core wget java-{openjdk_version}-openjdk-devel mozilla-nss-utils"
)

# Clone, compile and run the scripts to check the FIPS provider
c.check_output(
"cd ~; git clone -q https://github.com/ecki/JavaCryptoTest; cd JavaCryptoTest/src/main/java/"
)
c.check_output(
'javac net/eckenfels/test/jce/JCEProviderInfo.java; java -cp ~/JavaCryptoTest/src/main/java/ net.eckenfels.test.jce.JCEProviderInfo | grep "Listing all JCA Security Providers"'
)
c.check_output(
"wget https://gitlab.suse.de/qe-security/testing/-/raw/main/data/openjdk/Tcheck.java --no-check-certificate"
)
c.check_output(
'javac Tcheck.java; java Tcheck | grep "1. SunPKCS11-NSS-FIPS"'
)

0 comments on commit befbd9d

Please sign in to comment.