u

test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java

@@ -225,7 +225,6 @@ public static void main(String[] args) throws Exception {
 
  if (debug)
  System.setProperty("javax.net.debug", "all");
-
  /*
  * Start the tests.
  */

test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java

@@ -63,8 +63,6 @@ public class RenegotiateTLS13 {
  // Server done flag
  static boolean done = false;
 
- static String keystoreType = System.getProperty("javax.net.ssl.keyStore");
-
  // Main server code
 
  void doServerSide() throws Exception {
@@ -148,7 +146,6 @@ public static void main(String[] args) throws Exception {
  if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
  keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
  trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
- keystoreType = "PKCS12";
  }
 
  System.setProperty("javax.net.ssl.keyStore", keyFilename);
@@ -290,7 +287,7 @@ SSLContext initContext() throws Exception {
  System.out.println("Using TLS13");
  SSLContext sc = SSLContext.getInstance("TLSv1.3");
  KeyStore ks = KeyStore.getInstance(
- new File(keystoreType),
+ new File(System.getProperty("javax.net.ssl.keyStore")),
  passwd.toCharArray());
  KeyManagerFactory kmf = KeyManagerFactory.getInstance(
  KeyManagerFactory.getDefaultAlgorithm());

test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java

@@ -93,10 +93,10 @@ public static void main(String args[]) throws Exception {
  System.setProperty("javax.net.debug", "ssl:handshake");
  }
 
- if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
- keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
- trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
- }
+ // if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ //  keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
+ //  trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
+ // }
 
  KeyManagerFactory kmf = makeKeyManagerFactory(keyFilename,
  passphrase);

test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java

@@ -254,6 +254,8 @@ public class SSLSocketSNISensitive {
  */
  static boolean debug = false;
 
+ static String[] signatureAlgos = new String[5];
+
  /*
  * Define the server side of the test.
  *
@@ -366,7 +368,7 @@ private static void parseArguments(String[] args) {
  clientRequestedHostname = args[1];
  }
 
- private static void printCert(String trustedCertStr) {
+ private static void printCert(String trustedCertStr, int index) {
  try {
  // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace
  String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "")
@@ -391,6 +393,7 @@ private static void printCert(String trustedCertStr) {
  System.out.println("Signature Algorithm: " + cert.getSigAlgName());
  System.out.println("Version: " + cert.getVersion());
 
+ signatureAlgos[index] = cert.getSigAlgName();
  } catch (Exception e) {
  e.printStackTrace();
  }
@@ -486,19 +489,34 @@ public static void main(String[] args) throws Exception {
  parseArguments(args);
 
  System.out.println("Now printing trustedCertStr==================");
- printCert(trustedCertStr);
+ printCert(trustedCertStr, 0);
  System.out.println("Now printing targetCertStr_A==================");
- printCert(targetCertStr_A);
+ printCert(targetCertStr_A, 1);
  System.out.println("Now printing targetCertStr_B==================");
- printCert(targetCertStr_B);
+ printCert(targetCertStr_B, 2);
  System.out.println("Now printing targetCertStr_C==================");
- printCert(targetCertStr_C);
+ printCert(targetCertStr_C, 3);
  System.out.println("Now printing targetCertStr_D==================");
- printCert(targetCertStr_D);
+ printCert(targetCertStr_D, 4);
  /*
  * Start the tests.
  */
- new SSLSocketSNISensitive();
+ try {
+ new SSLSocketSNISensitive();
+ } catch (Exception e) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ for (int i=0; i<signatureAlgos.length; i++) {
+ if (signatureAlgos[i].contains("MD5") 
+ && e instanceof javax.net.ssl.SSLHandshakeException
+ && "no cipher suites in common".equals(e.getMessage())) {
+ System.out.println("Expected exception msg: <no cipher suites in common> is caught.");
+ return;
+ }
+ }
+ }
+ e.printStackTrace();
+ return;
+ }
  }
 
  Thread clientThread = null;

test/jdk/javax/net/ssl/TLS/TestJSSE.java

@@ -35,7 +35,6 @@ public class TestJSSE {
 
  private static final String LOCAL_IP = InetAddress.getLoopbackAddress().getHostAddress();
  private static boolean isFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
- private static String customProfile = System.getProperty("semeru.customprofile");
  private static final Map<String, String> TLS_CIPHERSUITES = new HashMap<>();
 
  private static String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, String clnProtocol) {
@@ -87,7 +86,7 @@ public static void main(String... args) throws Exception {
  // reset the security property to make sure that the algorithms
  // and keys used in this test are not disabled.
  String protocolUsedInHandShake = null;
- if (!(isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ if (!(isFIPS)) {
  Security.setProperty("jdk.tls.disabledAlgorithms", "");
  } else {
  TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
@@ -110,19 +109,23 @@ public static void main(String... args) throws Exception {
  try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) {
  client(srv.getPort(), clnProtocol, cipher, args);
  } catch (Exception e) {
- if (isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
- System.out.println("1");
- if ((protocolUsedInHandShake == null
+ if (isFIPS) {
+ if (protocolUsedInHandShake == null
  || !TLS_CIPHERSUITES.containsKey(cipher)
- || !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))
- && e instanceof javax.net.ssl.SSLHandshakeException
- && "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(e.getMessage())) {
- if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
- System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
- return;
- } else {
- System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
- return;
+ || !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake)) {
+ System.out.println("11111111111");
+ if (e instanceof javax.net.ssl.SSLHandshakeException) {
+ System.out.println("2222222222");
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(e.getMessage())) {
+ System.out.println("3333333333");
+ if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
+ System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+ return;
+ } else {
+ System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+ return;
+ }
+ }
  }
  }
  }

test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java

@@ -30,13 +30,13 @@
  * @bug 8247630
  * @summary Use two key share entries
  * @library /test/lib
- * @run main/othervm ClientHelloKeyShares 29 23
- * @run main/othervm -Djdk.tls.namedGroups=secp384r1,secp521r1,x448,ffdhe2048 ClientHelloKeyShares 24 30
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,sect163r1,x25519 ClientHelloKeyShares 29
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,sect163r1,secp256r1 ClientHelloKeyShares 23
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,sect163r1,ffdhe2048,ffdhe3072,ffdhe4096 ClientHelloKeyShares 256
- * @run main/othervm -Djdk.tls.namedGroups=sect163k1,ffdhe2048,x25519,secp256r1 ClientHelloKeyShares 256 29
- * @run main/othervm -Djdk.tls.namedGroups=secp256r1,secp384r1,ffdhe2048,x25519 ClientHelloKeyShares 23 256
+ * @run main/othervm -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3-Test-TLS ClientHelloKeyShares 29 23
+ * @run main/othervm -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3-Test-TLS -Djdk.tls.namedGroups=secp384r1,secp521r1,x448,ffdhe2048 ClientHelloKeyShares 24
+ * @run main/othervm -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3-Test-TLS -Djdk.tls.namedGroups=sect163k1,sect163r1,x25519 ClientHelloKeyShares error
+ * @run main/othervm -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3-Test-TLS -Djdk.tls.namedGroups=sect163k1,sect163r1,secp256r1 ClientHelloKeyShares 23
+ * @run main/othervm -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3-Test-TLS -Djdk.tls.namedGroups=sect163k1,sect163r1,ffdhe2048,ffdhe3072,ffdhe4096 ClientHelloKeyShares error
+ * @run main/othervm -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3-Test-TLS -Djdk.tls.namedGroups=sect163k1,ffdhe2048,x25519,secp256r1 ClientHelloKeyShares 23
+ * @run main/othervm -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3-Test-TLS -Djdk.tls.namedGroups=secp256r1,secp384r1,ffdhe2048,x25519 ClientHelloKeyShares 23
  */
 
 import javax.net.ssl.*;
@@ -70,30 +70,30 @@ public static void main(String args[]) throws Exception {
  Arrays.stream(args).forEach(arg ->
  expectedKeyShares.add(Integer.valueOf(arg)));
 
- if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
- String namedGroups = System.getProperty("jdk.tls.namedGroups");
- expectedKeyShares.clear();
- if (namedGroups == null) {
- expectedKeyShares.add(23);
- expectedKeyShares.add(256);
- } else if (namedGroups.equals("secp384r1,secp521r1,x448,ffdhe2048")){
- expectedKeyShares.add(24);
- expectedKeyShares.add(256);
- } else if (namedGroups.equals("sect163k1,sect163r1,x25519")){
- System.out.println("System property jdk.tls.namedGroups(sect163k1,sect163r1,x25519) contains no supported named groups");
- return;
- } else if (namedGroups.equals("sect163k1,sect163r1,secp256r1")){
- expectedKeyShares.add(23);
- } else if (namedGroups.equals("sect163k1,sect163r1,ffdhe2048,ffdhe3072,ffdhe4096")){
- expectedKeyShares.add(256);
- } else if (namedGroups.equals("sect163k1,ffdhe2048,x25519,secp256r1")){
- expectedKeyShares.add(256);
- expectedKeyShares.add(23);
- } else if (namedGroups.equals("secp256r1,secp384r1,ffdhe2048,x25519")){
- expectedKeyShares.add(23);
- expectedKeyShares.add(256);
- }
- }
+ // if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ //  String namedGroups = System.getProperty("jdk.tls.namedGroups");
+ //  expectedKeyShares.clear();
+ //  if (namedGroups == null) {
+ //  expectedKeyShares.add(23);
+ //  expectedKeyShares.add(256);
+ //  } else if (namedGroups.equals("secp384r1,secp521r1,x448,ffdhe2048")){
+ //  expectedKeyShares.add(24);
+ //  // expectedKeyShares.add(256);
+ //  } else if (namedGroups.equals("sect163k1,sect163r1,x25519")){
+ //  System.out.println("System property jdk.tls.namedGroups(sect163k1,sect163r1,x25519) contains no supported named groups");
+ //  return;
+ //  } else if (namedGroups.equals("sect163k1,sect163r1,secp256r1")){
+ //  expectedKeyShares.add(23);
+ //  } else if (namedGroups.equals("sect163k1,sect163r1,ffdhe2048,ffdhe3072,ffdhe4096")){
+ //  expectedKeyShares.add(256);
+ //  } else if (namedGroups.equals("sect163k1,ffdhe2048,x25519,secp256r1")){
+ //  expectedKeyShares.add(256);
+ //  expectedKeyShares.add(23);
+ //  } else if (namedGroups.equals("secp256r1,secp384r1,ffdhe2048,x25519")){
+ //  expectedKeyShares.add(23);
+ //  // expectedKeyShares.add(256);
+ //  }
+ // }
 
  SSLContext sslCtx = SSLContext.getDefault();
  SSLEngine engine = sslCtx.createSSLEngine();
@@ -177,6 +177,7 @@ private static void checkClientHello(ByteBuffer data,
  int ver_major = Byte.toUnsignedInt(data.get());
  int ver_minor = Byte.toUnsignedInt(data.get());
  int recLen = Short.toUnsignedInt(data.getShort());
+ System.out.println("TLS record header length: " + recLen);
 
  // Simple sanity checks
  if (type != 22) {
@@ -191,6 +192,7 @@ private static void checkClientHello(ByteBuffer data,
  int msgHdr = data.getInt();
  int msgType = (msgHdr >> 24) & 0x000000FF;
  int msgLen = msgHdr & 0x00FFFFFF;
+ System.out.println("handshake message header length: " + msgLen);
 
  // More simple sanity checks
  if (msgType != 1) {
@@ -203,18 +205,21 @@ private static void checkClientHello(ByteBuffer data,
  // Jump past the session ID (if there is one)
  int sessLen = Byte.toUnsignedInt(data.get());
  if (sessLen != 0) {
+ System.out.println("session ID is not null, length is: " + sessLen);
  data.position(data.position() + sessLen);
  }
 
  // Jump past the cipher suites
  int csLen = Short.toUnsignedInt(data.getShort());
  if (csLen != 0) {
+ System.out.println("cipher suites ID is not null, length is: " + csLen);
  data.position(data.position() + csLen);
  }
 
  // ...and the compression
  int compLen = Byte.toUnsignedInt(data.get());
  if (compLen != 0) {
+ System.out.println("compression is not null, length is: " + compLen);
  data.position(data.position() + compLen);
  }
 
@@ -224,20 +229,24 @@ private static void checkClientHello(ByteBuffer data,
  boolean foundSupVer = false;
  boolean foundKeyShare = false;
  int extsLen = Short.toUnsignedInt(data.getShort());
+ System.out.println("extsLen is: " + extsLen); // 00 DB
  List<Integer> supGrpList = new ArrayList<>();
  List<Integer> chKeyShares = new ArrayList<>();
  while (data.hasRemaining()) {
  int extType = Short.toUnsignedInt(data.getShort());
  int extLen = Short.toUnsignedInt(data.getShort());
  boolean foundTLS13 = false;
+ System.out.println("extension type is: " + extType);
  switch (extType) {
  case HELLO_EXT_SUPP_GROUPS:
+ System.out.println("This extType is HELLO_EXT_SUPP_GROUPS. extension type is: " + extType);
  int supGrpLen = Short.toUnsignedInt(data.getShort());
  for (int remain = supGrpLen; remain > 0; remain -= 2) {
  supGrpList.add(Short.toUnsignedInt(data.getShort()));
  }
  break;
  case HELLO_EXT_SUPP_VERS:
+ System.out.println("This extType is HELLO_EXT_SUPP_VERS. extension type is: " + extType);
  foundSupVer = true;
  int supVerLen = Byte.toUnsignedInt(data.get());
  for (int remain = supVerLen; remain > 0; remain -= 2) {
@@ -251,6 +260,7 @@ private static void checkClientHello(ByteBuffer data,
  }
  break;
  case HELLO_EXT_KEY_SHARE:
+ System.out.println("This extType is HELLO_EXT_KEY_SHARE. extension type is: " + extType);
  foundKeyShare = true;
  int ksListLen = Short.toUnsignedInt(data.getShort());
  System.out.println("ksListLen before while-loop is: " + ksListLen);

test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java

@@ -78,8 +78,8 @@
 public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {
 
  private final String protocol;
- private static String[] servercipherSuites;
- private static String[] clientcipherSuites;
+ private static String[] servercipherSuites = null;
+ private static String[] clientcipherSuites = null;
 
  public static void main(String[] args) {
 
@@ -106,8 +106,13 @@ public static void main(String[] args) {
  }
  }
  }
- servercipherSuites = tmpServer.toArray(new String[0]);
- clientcipherSuites = tmpClient.toArray(new String[0]);
+ if (tmpClient.size() != 0) {
+ clientcipherSuites = tmpClient.toArray(new String[0]);
+ }
+ if (tmpServer.size() != 0) {
+ servercipherSuites = tmpServer.toArray(new String[0]);
+ }
+
  } else {
  servercipherSuites
  = toArray(System.getProperty("jdk.tls.server.cipherSuites"));
@@ -129,7 +134,7 @@ private SystemPropCipherSuitesOrder(String protocol) {
  this.protocol = protocol;
  // Re-enable protocol if disabled.
  if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
- if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS"))) {
+ if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
  SecurityUtils.removeFromDisabledTlsAlgs(protocol);
  }
  }