Skip to content

FIPS Test Updates #33612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
abutch3r wants to merge 4 commits into
base: integration
Choose a base branch
from
+61 −16
Open

FIPS Test Updates #33612

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
745800b
Remove beta flag from tests
abutch3r Dec 2, 2025
488cb4b
Skip NoSuchAlgorithmExceptionTest for IBM Java 8
abutch3r Dec 8, 2025
21524b9
only run minified command if the extract directory is present
abutch3r Dec 10, 2025
cee4078
remove client appSecurityClient-1.0 from client.xml
abutch3r Dec 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ...ty.security.fips.internal_fat/fat/src/io/openliberty/security/fips/fat/FIPSTestUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ public class FIPSTestUtils {
public static final String ENABLE_FIPS140_3_ENV_VAR = "ENABLE_FIPS140_3";
public static final String SEMERU_FIPS_PROVIDER = "OpenJCEPlusFIPS";
public static final String IBM_FIPS_PROVIDER = "IBMJCEPlusFIPS";
public static final String LIBERTY_BASE_FIPS_PROFILE_FILENAME = "FIPS140-3-Liberty.properties";
public static final String LIBERTY_APPLICATION_FIPS_PROFILE_FILENAME = "FIPS140-3-Liberty-Application.properties";
public static final String STANDALONE_FIPS_PROFILE_FILENAME = "semeruFips140_3CustomProfile.properties";

Expand Down
2 changes: 0 additions & 2 deletions ...at/fat/src/io/openliberty/security/fips/fat/tests/fips1403/client/FIPS1403ClientTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,6 @@ public static void setup() throws Exception {
}
if (ji.majorVersion() > 8) {
expectedProvider = "OpenJCEPlusFIPS";
// temporarily enable Beta for Semeru
// client.addEnvVar("JVM_ARGS","-Dcom.ibm.ws.beta.edition=true");
} else {
expectedProvider = "IBMJCEPlusFIPS";
}
Expand Down
13 changes: 2 additions & 11 deletions ...berty/security/fips/fat/tests/fips1403/security/utility/FIPS1403SecurityUtilityTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.websphere.simplicity.ShrinkHelper;
import componenttest.annotation.AllowedFFDC;
import componenttest.annotation.MinimumJavaLevel;
import componenttest.annotation.Server;
import componenttest.annotation.SkipIfSysProp;
import componenttest.custom.junit.runner.FATRunner;
Expand Down Expand Up @@ -50,13 +51,6 @@
import static org.junit.Assume.assumeThat;


/**
* Due to nature of these tests, If you are having to provide a default.env file ahead of these tests being run
* e.g. supply JAVA_HOME, include the beta_flag for the server
* You must include `# enable_variable_expansion' for the tests to work correctly
*
* The commands have the beta flag currently added for them. but for other scenarios the beta flag might be required
*/
@RunWith(FATRunner.class)
@Mode(Mode.TestMode.LITE)
@SkipIfSysProp({SkipIfSysProp.OS_ZOS, SkipIfSysProp.OS_IBMI, SkipIfSysProp.OS_ISERIES})
Expand Down Expand Up @@ -104,15 +98,12 @@ public static void setup() throws Exception {
}
if (ji.majorVersion() > 8) {
expectedProvider = SEMERU_FIPS_PROVIDER;
// temporarily enable Beta for Semeru
server.addEnvVar("JVM_ARGS","-Dcom.ibm.ws.beta.edition=true");
} else {
expectedProvider = IBM_FIPS_PROVIDER;
}

installRoot = server.getInstallRoot();
env = new Properties();
env.put("JVM_ARGS","-Dcom.ibm.ws.beta.edition=true");
machine = server.getMachine();
// Save configuration at this point, so each test can restore to this point so that we don't pollute each test
server.saveServerConfiguration();
Expand Down Expand Up @@ -298,8 +289,8 @@ public void fips140_3CreateLTPAKeysTest() throws Exception {

@Test
@AllowedFFDC({ "java.lang.RuntimeException" })
@MinimumJavaLevel(javaLevel = 11)
public void fips140_3NoSuchAlgorithmExceptionTest() throws Exception {

// Enable FIPS at server level without referencing the custom profile
ProgramOutput po = runSecurityUtilityCommand(new String[] {SEC_CONF_FIPS_COMMAND, OPT_SERVER + "=" + SERVER_NAME});
assertEquals("securityUtility configureFIPS did not result in expected return code.",0, po.getReturnCode());
Expand Down
60 changes: 58 additions & 2 deletions ...at/fat/src/io/openliberty/security/fips/fat/tests/fips1403/server/FIPS1403ServerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@

package io.openliberty.security.fips.fat.tests.fips1403.server;

import com.ibm.websphere.simplicity.Machine;
import com.ibm.websphere.simplicity.OperatingSystem;
import com.ibm.websphere.simplicity.ProgramOutput;
import com.ibm.websphere.simplicity.log.Log;
import componenttest.annotation.Server;
import componenttest.annotation.SkipIfSysProp;
Expand All @@ -29,11 +31,16 @@
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;

import static io.openliberty.security.fips.fat.FIPSTestUtils.*;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assume.assumeThat;

@RunWith(FATRunner.class)
Expand All @@ -60,8 +67,6 @@ public static void setup() throws Exception {
}
if (ji.majorVersion() > 8) {
expectedProvider = "OpenJCEPlusFIPS";
// temporarily enable Beta for Semeru
server.addEnvVar("JVM_ARGS","-Dcom.ibm.ws.beta.edition=true");
} else {
expectedProvider = "IBMJCEPlusFIPS";
}
Expand Down Expand Up @@ -166,6 +171,57 @@ public void serverFIPS140_3DirectorySpaceSlashTest() throws Exception {
checkServerLogForFipsEnablementMessage(server, expectedProvider);
}

@Test
public void fips140_3PacakageTest() throws Exception {
Machine machine = server.getMachine();
String[] parameters = new String[]{"package", server.getServerName()};
ProgramOutput po = machine.execute(server.getInstallRoot()+"/bin/server", parameters);
Log.info(FIPS1403ServerTest.class, "fips140_3PacakageTest", "Executed securityUtility configureFIPS command: "+ po.getCommand());
Log.info(FIPS1403ServerTest.class, "fips140_3PacakageTest", "Result: "+ po.getStdout());
Log.info(FIPS1403ServerTest.class, "fips140_3PacakageTest", "Error: "+ po.getStderr());
assertEquals("Package command failed with a non-zero return code", 0, po.getReturnCode());
String zipName = server.getServerName()+".zip";
Path zipPath = Paths.get(server.getServerRoot()+"/"+zipName);
boolean foundFipsSecurityFile = false;
try (ZipFile zipFile = new ZipFile(zipPath.toFile())) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
while (entries.hasMoreElements() && !foundFipsSecurityFile) {
ZipEntry entry = entries.nextElement();
String name = entry.getName();
if(name.endsWith(LIBERTY_BASE_FIPS_PROFILE_FILENAME)){
foundFipsSecurityFile = true;
}
}
}
assertTrue("Did not locate the base Liberty Profile in the zip file", foundFipsSecurityFile);
}

@Test
public void fips140_3MinifiedPackageTest() throws Exception{
assumeThat(Files.exists(Paths.get(server.getInstallRoot() + "/lib/extract")), is(true));
Machine machine = server.getMachine();
String[] parameters = new String[]{"package", server.getServerName(), "--include=minify"};
ProgramOutput po = machine.execute(server.getInstallRoot()+"/bin/server", parameters);
Log.info(FIPS1403ServerTest.class, "serverEnvFipsTest", "Executed securityUtility configureFIPS command: "+ po.getCommand());
Log.info(FIPS1403ServerTest.class, "serverEnvFipsTest", "Result: "+ po.getStdout());
Log.info(FIPS1403ServerTest.class, "serverEnvFipsTest", "Error: "+ po.getStderr());
assertEquals("Package command failed with a non-zero return code", 0, po.getReturnCode());
String zipName = server.getServerName()+".zip";
Path zipPath = Paths.get(server.getServerRoot()+"/"+zipName);
boolean foundFipsSecurityFile = false;
try (ZipFile zipFile = new ZipFile(zipPath.toFile())) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
while (entries.hasMoreElements() && !foundFipsSecurityFile) {
ZipEntry entry = entries.nextElement();
String name = entry.getName();
if(name.endsWith(LIBERTY_BASE_FIPS_PROFILE_FILENAME)){
foundFipsSecurityFile = true;
}
}
}
assertTrue("Did not locate the base Liberty Profile in the zip file", foundFipsSecurityFile);
}


@After
public void teardown() throws Exception {
Expand Down
1 change: 0 additions & 1 deletion dev/io.openliberty.security.fips.internal_fat/publish/clients/FIPSClient/client.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
<client>
<featureManager>
<feature>javaeeClient-8.0</feature>
<feature>appSecurityClient-1.0</feature>
</featureManager>

<application location="HelloAppClient.ear"/>
Expand Down