From 5b9b60522f620117871405928c699192606c7e4c Mon Sep 17 00:00:00 2001 From: JinhangZhang Date: Wed, 1 May 2024 13:06:02 -0400 Subject: [PATCH] SSLEngineTestCase --- .../share/conf/security/java.security | 1 + .../javax/net/ssl/TLSCommon/BaseUtils.java | 28 +++++++++++++++++++ .../net/ssl/TLSCommon/SSLEngineTestCase.java | 19 +++++++++---- test/jdk/javax/net/ssl/TLSCommon/TLSTest.java | 15 +--------- 4 files changed, 43 insertions(+), 20 deletions(-) diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security index 7f59647feff..523001e8b96 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -201,6 +201,7 @@ RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.jce.provider.2 = SUN [{CertificateF {CertStore, Collection, ImplementedIn=Software}, \ {CertStore, com.sun.security.IndexedCollection, ImplementedIn=Software}, \ {Configuration, JavaLoginConfig, *}, \ + {KeyStore, PKCS12, *}, \ {Policy, JavaPolicy, *}] RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.jce.provider.3 = SunJSSE RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.jce.provider.4 = SunJCE [{AlgorithmParameters, PBES2, *}, \ diff --git a/test/jdk/javax/net/ssl/TLSCommon/BaseUtils.java b/test/jdk/javax/net/ssl/TLSCommon/BaseUtils.java index f06cd4fa083..83f90120499 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/BaseUtils.java +++ b/test/jdk/javax/net/ssl/TLSCommon/BaseUtils.java @@ -39,4 +39,32 @@ public static boolean isFIPS() { } return isFIPS; } + + public static final List TLS_PROTOCOLS = new ArrayList<>(); + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + + public static final List TLS_CIPHERSUITES = new ArrayList<>(); + TLS_CIPHERSUITES.add("TLS_AES_128_GCM_SHA256"); + TLS_CIPHERSUITES.add("TLS_AES_256_GCM_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); + TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); + TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"); + TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"); + TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); + TLS_CIPHERSUITES.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); + TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"); + TLS_CIPHERSUITES.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"); + TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); + TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); + TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); + TLS_CIPHERSUITES.add("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); + TLS_CIPHERSUITES.add("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); } \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java index dce28edadf2..29a008a0b78 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java +++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java @@ -795,13 +795,20 @@ public static void checkResult(SSLEngineResult r, * TESTED_SECURITY_PROTOCOL. */ public static SSLContext getContext() { + KeyStore ks; + KeyStore ts; try { - java.security.Security.setProperty( - "jdk.tls.disabledAlgorithms", ""); - java.security.Security.setProperty( - "jdk.certpath.disabledAlgorithms", ""); - KeyStore ks = KeyStore.getInstance("JKS"); - KeyStore ts = KeyStore.getInstance("JKS"); + if (!BaseUtils.isFIPS()) { + java.security.Security.setProperty( + "jdk.tls.disabledAlgorithms", ""); + java.security.Security.setProperty( + "jdk.certpath.disabledAlgorithms", ""); + ks = KeyStore.getInstance("JKS"); + ts = KeyStore.getInstance("JKS"); + } else { + ks = KeyStore.getInstance("PKCS12"); + ts = KeyStore.getInstance("PKCS12"); + } char[] passphrase = PASSWD.toCharArray(); try (FileInputStream keyFileStream = new FileInputStream(KEY_FILE_NAME)) { diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java index b0d99e7506a..6a992d3a697 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java @@ -159,20 +159,7 @@ public static void main(String[] args) throws Exception { if (args[1].contains("sha1")) { return; } - if (tlsProtocol.equals("TLSv1.2") && (cipher.equals("TLS_RSA_WITH_AES_128_CBC_SHA") || - cipher.equals("TLS_RSA_WITH_AES_128_CBC_SHA256") || - cipher.equals("TLS_RSA_WITH_AES_128_GCM_SHA256") || - cipher.equals("TLS_RSA_WITH_AES_256_CBC_SHA") || - cipher.equals("TLS_RSA_WITH_AES_256_CBC_SHA256") || - cipher.equals("TLS_RSA_WITH_AES_256_GCM_SHA384") || - cipher.equals("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") || - cipher.equals("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256") || - cipher.equals("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256") || - cipher.equals("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") || - cipher.equals("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256") || - cipher.equals("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384") || - cipher.equals("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA") - )) { + if (BaseUtils.TLS_PROTOCOLS.contains(tlsProtocol) && !BaseUtils.TLS_PROTOCOLS.contains(cipher)) { return; } CountDownLatch serverReady = new CountDownLatch(1);