SSLEngineTestCase

JinhangZhang · May 14, 2024 · 5b9b605 · 5b9b605
1 parent 624c4fe
commit 5b9b605
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 20 deletions.
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
@@ -201,6 +201,7 @@ RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.jce.provider.2 = SUN [{CertificateF
     {CertStore, Collection, ImplementedIn=Software}, \
     {CertStore, com.sun.security.IndexedCollection, ImplementedIn=Software}, \
     {Configuration, JavaLoginConfig, *}, \
+    {KeyStore, PKCS12, *}, \
     {Policy, JavaPolicy, *}]
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.jce.provider.3 = SunJSSE
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.jce.provider.4 = SunJCE [{AlgorithmParameters, PBES2, *}, \

diff --git a/test/jdk/javax/net/ssl/TLSCommon/BaseUtils.java b/test/jdk/javax/net/ssl/TLSCommon/BaseUtils.java
@@ -39,4 +39,32 @@ public static boolean isFIPS() {
         }
         return isFIPS;
     }
+
+    public static final List<String> TLS_PROTOCOLS = new ArrayList<>();
+    TLS_PROTOCOLS.add("TLSv1.2");
+    TLS_PROTOCOLS.add("TLSv1.3");
+
+    public static final List<String> TLS_CIPHERSUITES = new ArrayList<>();
+    TLS_CIPHERSUITES.add("TLS_AES_128_GCM_SHA256");
+    TLS_CIPHERSUITES.add("TLS_AES_256_GCM_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
+    TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
+    TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
+    TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
+    TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256");
+    TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
+    TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256");
+    TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256");
+    TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384");
+    TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256");
+    TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256");
 }
diff --git a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java
@@ -795,13 +795,20 @@ public static void checkResult(SSLEngineResult r,
      *           TESTED_SECURITY_PROTOCOL.
      */
     public static SSLContext getContext() {
+        KeyStore ks;
+        KeyStore ts;
         try {
-            java.security.Security.setProperty(
-                    "jdk.tls.disabledAlgorithms", "");
-            java.security.Security.setProperty(
-                    "jdk.certpath.disabledAlgorithms", "");
-            KeyStore ks = KeyStore.getInstance("JKS");
-            KeyStore ts = KeyStore.getInstance("JKS");
+            if (!BaseUtils.isFIPS()) {
+                java.security.Security.setProperty(
+                        "jdk.tls.disabledAlgorithms", "");
+                java.security.Security.setProperty(
+                        "jdk.certpath.disabledAlgorithms", "");
+                ks = KeyStore.getInstance("JKS");
+                ts = KeyStore.getInstance("JKS");
+            } else {
+                ks = KeyStore.getInstance("PKCS12");
+                ts = KeyStore.getInstance("PKCS12");
+            }
             char[] passphrase = PASSWD.toCharArray();
             try (FileInputStream keyFileStream =
                     new FileInputStream(KEY_FILE_NAME)) {

diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java
@@ -159,20 +159,7 @@ public static void main(String[] args) throws Exception {
         if (args[1].contains("sha1")) {
             return;
         }
-        if (tlsProtocol.equals("TLSv1.2") && (cipher.equals("TLS_RSA_WITH_AES_128_CBC_SHA") ||
-            cipher.equals("TLS_RSA_WITH_AES_128_CBC_SHA256") ||
-            cipher.equals("TLS_RSA_WITH_AES_128_GCM_SHA256") ||
-            cipher.equals("TLS_RSA_WITH_AES_256_CBC_SHA") ||
-            cipher.equals("TLS_RSA_WITH_AES_256_CBC_SHA256") ||
-            cipher.equals("TLS_RSA_WITH_AES_256_GCM_SHA384") ||
-            cipher.equals("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") ||
-            cipher.equals("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256") ||
-            cipher.equals("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256") ||
-            cipher.equals("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") ||
-            cipher.equals("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256") ||
-            cipher.equals("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384") ||
-            cipher.equals("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA")
-        )) {
+        if (BaseUtils.TLS_PROTOCOLS.contains(tlsProtocol) && !BaseUtils.TLS_PROTOCOLS.contains(cipher)) {
             return;
         }
         CountDownLatch serverReady = new CountDownLatch(1);