diff --git a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt index fab7277db40..b4d8e577f83 100644 --- a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt +++ b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt @@ -17,916 +17,3 @@ # You should have received a copy of the GNU General Public License version # 2 along with this work; if not, see . # =========================================================================== - -# -# Exclude tests list from sanity.openjdk -# -com/sun/crypto/provider/CICO/CICODESFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/CICO/CICOSkipTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/CICO/PBEFunc/CICOPBEFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/Encrypt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/GCMLargeDataKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/KeyWrapper.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/ReadWriteSkip.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/SameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/SealedObjectTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/WrongAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/CICO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/CTR.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4511676.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4512524.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4512704.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4513830.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4517355.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4626070.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithProviderChange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithRemoveAddProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestCICOWithGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestCopySafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestISO10126Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForECB_IV.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForECB_VK.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForECB_VT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestNoPaddingModes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestShortBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/Blowfish/BlowfishTestVector.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/CTR/CounterMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/CTS/CTSMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KeyGeneratorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20NoReuse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20Poly1305ParamTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/OutputSizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20Poly1305ParametersUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DESKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DESSecretKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DesAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DoFinalReturnLen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/FlushBug.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/KeyWrapping.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/Sealtest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/TestCipherDES.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/TestCipherDESede.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/TextPKCS5PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/JCE/Bugs/4686632/Empty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/TestGeneral.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/TestKeySizeCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/CheckPBEKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/DecryptWithoutParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/NegativeLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBES2Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBESameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBMacBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBMacDoFinalVsUpdate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PKCS12CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RC2ArcFour/CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEPPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEP_KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/TextLength/SameBufferOverwrite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/TextLength/TestCipherTextLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/UTIL/StrongOrUnlimited.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/UTIL/SunJCEGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHGenSharedSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyAgreement3.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyGenSpeed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/TestExponentSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyFactory/PBKDF2HmacSHA1FactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyFactory/TestProviderLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyGenerator/Test4628062.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/DigestCloneabilityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/EmptyByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacPBESHA1.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacSHA512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacSaltLengths.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/LargeByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/MacClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/MacKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/MacSameTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/NullByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/NSASuiteB/TestAESOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestKeyMaterial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestLeadingZeroes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestMasterSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestPRF.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestPRF12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestPremaster.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/org/apache/xml/internal/security/ShortECDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/org/apache/xml/internal/security/SignatureKeyInfo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/org/apache/xml/internal/security/TruncateHMAC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/Class/GetPackageBootLoaderChildLayer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/SecurityManager/CheckSecurityProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/reflect/records/IsRecordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/reflect/records/RecordPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/reflect/records/RecordReflectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/runtime/ObjectMethodsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/math/BigInteger/ModPow65537.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/KeyAgreementTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/KeySpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/NegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyFactory/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyFactory/GenerateRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyPairGenerator/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyPairGenerator/GenerateKeypair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyPairGenerator/GenerateRSAKeyPair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyRep/Serial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyRep/SerialDSAPubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyRep/SerialOld.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/CheckInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/EntryMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/KeyStoreBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/OneProbeOneNot.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PBETest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/ConvertP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/EntryProtectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/MetadataEmptyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/MetadataStoreLoadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/ReadP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/StoreTrustedCertAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/StoreTrustedCertKeytool.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/WriteP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/ProbeKeystores.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/TestKeyStoreBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/TestKeyStoreEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/MessageDigest/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/MessageDigest/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/MessageDigest/TestDigestIOStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Policy/GetInstance/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Policy/SignedJar/SignedJarTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/ChangeProviders.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/DefaultProviderList.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/NewInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/SecurityProviderModularTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/SupportsParameter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureClassLoader/DefineClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/ApiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/DefaultAlgo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/DefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/EnoughSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/GetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/GetInstanceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/NoSync.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/Serialize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/SerializedSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/ThreadSafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/CaseInsensitiveAlgNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/ClassLoaderDeadlock/Deadlock.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/removing/RemoveProviderByIdentity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/signedfirst/DynStatic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/NONEwithRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/ResetAfterException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignWithOutputBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignatureGetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignatureGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignatureLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/TestInitSignWithMyOwnRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/VerifyRangeCheckOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SignedObject/Chain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SignedObject/Copy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SignedObject/Correctness.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/targetConstraints/BuildEEBasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/zeroLengthPath/ZeroLengthPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/OCSP/AIACheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/PKIXRevocationChecker/OcspUnauthorized.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/PKIXRevocationChecker/UnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/PolicyNode/GetPolicyQualifiers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/X509CRL/VerifyDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/X509Certificate/GetSigAlgParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/pkix/policyChanges/TestPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/misc/TestDefaultRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/spec/PKCS8EncodedKeySpec/Algorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/concurrent/tck/JSR166TestCase.java#others https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/SignedJarFileGetInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/SignedJarPendingBlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/TurkCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/VerifySignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarInputStream/ExtraFileInMetaInf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarInputStream/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/CipherInputStreamExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/GetMaxAllowed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/InOutBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/TestCipherMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CipherSpi/DirectBBRemaining.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/AllPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/LowercasePermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/RC2PermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/RC4AliasPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/RSANoLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetAlgName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/JceSecurity/SunJCE_BC_LoadOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/JceSecurity/VerificationResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/KeyGenerator/CompareKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/KeyGenerator/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Mac/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Mac/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SealedObject/NullKeySealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/PBKDF2TranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/SecKFTranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/SecKeyFacSunJCEPrf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/TestFailOver.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/spec/DESKeySpec/CheckParity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/spec/RC2ParameterSpec/RC2AlgorithmParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/kerberos/StandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/BadXPointer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/ErrorHandlerPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/FileSocketPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/GenerationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/GetInstanceTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/HereFunction.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/PSSSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/SecureValidation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/TransformService/NullParent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/ValidationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/keyinfo/KeyInfo/Marshal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/reflect/ReflectionFactory/ReflectionFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jgss/GssMemoryIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jgss/spnego/MSOID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jgss/spnego/NotPreferredMech.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/KrbCredSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/RFC396xTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ServiceCredsCombination.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AcceptPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AcceptorSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Addresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AddressesAndNameType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AlwaysEncPaReq.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/BasicKrb5Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/BasicProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/BogusKDC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/CleanState.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/CrossRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DiffNameSameKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DiffSaltParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DupEtypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DynamicKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ForwardableCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Forwarded.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/GSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/GSSUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/HttpNegotiateServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/HttpsCB.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/IgnoreChannelBinding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KPEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KdcPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KeyPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KeyTabCompat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KrbTicket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KvnoNA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LifeTimeInSeconds.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LoginModuleOptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LoginNoPass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LongLife.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/MSOID2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ModuleName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/MoreKvno.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NewInquireTypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NewSalt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NoAddresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NoInitNoKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NonMutualSpnego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NoneReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NullRenewUntil.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/OkAsDelegate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/OkAsDelegateXRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/OnlyDesLogin.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/PrincipalNameEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/RRC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReferralsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/RefreshKrb5Config.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Renew.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Renewal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReplayCacheTestProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReplayCacheTestProcWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2proxy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2proxyGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2self.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2selfAsServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2selfAsServerGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2selfGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SPNEGO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SaslBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SaslMutual.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SaslUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SpnegoLifeTime.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SpnegoReqFlags.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Test5653.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TicketSName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TwoOrThree.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TwoPrinces.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TwoTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Unavailable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/UnboundService.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/UseCacheAndStoreKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/W83.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/etype/KerberosAesSha2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/etype/WeakCrypto.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ktab/BufferBoundary.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ktab/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ktab/KeyTabIndex.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/runNameEquals.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CipherSpi/ResetByteBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-s390x -# -# Extended.openjdk Failures Exclude List for FIPS Testing -# -com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/jndi/ldap/LdapCBPropertiesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/jndi/ldap/LdapSSLHandshakeFailureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/auth/module/KeyStoreLoginModule/ReadOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/Cram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthNoUtf8.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthRealmChoices.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthRealms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/CheckNegotiatedQOPs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/HasInitialResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/Integrity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/NoQuoteParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/Privacy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/PrivacyRc4.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/Unbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/ntlm/Conformance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/ntlm/NTLMTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/File/createTempFile/SecurityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/AbsentStreamValuesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/BasicRecordSer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ConstructorAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ConstructorPermissionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/CycleTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/DifferentStreamFieldsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ReadResolveTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/RecordClassTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/SerialVersionUIDTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ThrowingConstructorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/WriteReplaceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/serialFilter/FilterWithSecurityManagerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/serialFilter/GlobalFilterTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/serialFilter/SerialFilterFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/nio/channels/unixdomain/Security.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/nio/file/spi/SetDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/dgc/VMID/CheckVMID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/dgc/dgcImplInsulation/DGCImplInsulation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/registry/altSecurityManager/AltSecurityManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/registry/classPathCodebase/ClassPathCodebase.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/registry/readTest/CodebaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMIClassLoader/downloadArrayClass/DownloadArrayClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMIClassLoader/loadProxyClasses/LoadProxyClasses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMIClassLoader/useCodebaseOnly/UseCodebaseOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMISocketFactory/useSocketFactory/registry/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMISocketFactory/useSocketFactory/unicast/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/clientStackTrace/ClientStackTrace.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/useCustomRef/UseCustomRef.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/transport/dgcDeadLock/DGCDeadLock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/imageio/CachePremissionsTest/CachePermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ALPN/SSLEngineAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ALPN/SSLSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/CipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSOverDatagram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSSequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSWontNegotiateV10.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/InvalidCookie.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/InvalidRecords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/NoMacInitialClientHello.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/PacketLossRetransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/Reordered.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/RespondToRetransmit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/Retransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/WeakCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10UnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/ImplicitHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/KMTMGetNothing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/SSLSessionNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/SSLSocketInherit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/DummyCacheResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/Equals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/GetResponseCode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/HttpsSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/AcceptLargeFragments.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ArgCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/Arrays.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/Basics.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/CheckTlsEngineResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ConnectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/EngineCloseOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ExtendedKeyEngine.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ExtendedKeySocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/FinishedPresent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/LargeBufs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/NoAuthClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/TestAllSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/CheckSessionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/JSSERenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/RenegotiateTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/ResumeTLS13withSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/SessionCacheSizeTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/SessionTimeOutTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/TestEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/ClientExcOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/InputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/OutputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/Tls13PacketSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/EndingDotHostname.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLEngineExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLEngineExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketConsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerFailure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketInconsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketSNISensitive.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/HttpsUrlConnClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/SSLEngineWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/SSLSocketWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/StapleEnableProps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSClientPropertyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSEClientProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSENoCommonProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSEServerProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/TLSTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/TLSWithEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/ExportableBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/ExportableStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/GenericBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/GenericStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -javax/net/ssl/TLSv11/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/DisabledShortDSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/DisabledShortRSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/ProtocolFilter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/ShortRSAKey512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/ShortRSAKeyGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/SignatureAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv13/ClientHelloKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv13/HRRKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ciphersuites/DisabledAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ciphersuites/ECCurvesconstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/compatibility/ClientHelloProcessing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/finalize/SSLSessionFinalizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/interop/ClientHelloBufferUnderflowException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/interop/ClientHelloChromeInterOp.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/CacertsExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/templates/SSLEngineTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/templates/SSLSocketTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/rmi/ssl/SSLSocketParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/rmi/ssl/SocketFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/Destroyable/KeyDestructionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/PrivateCredentialPermission/MoreThenOnePrincipals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/login/Configuration/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/sasl/Sasl/ClientServerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/sasl/Sasl/DisabledMechanisms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/smartcardio/TerminalFactorySpiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/dynalink/BeanLinkerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/dynalink/TrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/dynalink/UntrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/DirectoryStreamTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/InvalidZipHeaderTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/NewFileSystemTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/PropertyPermissionTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/TestPosix.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/ZFSTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/ZipFSPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/Function.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/Properties.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/Spec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/logging/TestSecurityPropertyModificationLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/logging/TestTLSHandshakeLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/rmi/server/MarshalOutputStream/marshalForeignStub/MarshalForeignStub.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/rmi/transport/tcp/disableMultiplexing/DisableMultiplexing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/InvalidCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/SignatureDigestTruncate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/SignatureKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/TestEC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ec/ed/EdCRLSign.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSANegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAParamSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAReuseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSATest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/TestEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/TestEdOps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/xec/TestXDH.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/xec/XECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jca/PreferredProviderNegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jca/PreferredProviderTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/lib/CheckBlockedCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs7/PKCS7VerifyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs7/SignerOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs8/PKCS8Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs8/TestLeadingZeros.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs11/KeyStore/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs11/Provider/Absolute.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/Bug6415637.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/KeytoolOpensslInteropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/P12SecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/PBES2Encoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/PKCS12SameKeyId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/ProbeBER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/ProbeLargeKeystore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/SameDN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/StorePasswordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/StoreSecretKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/StoreTrustedCertTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/WrongPBES2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/SupportedDSAParamGen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/SupportedDSAParamGenLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestAlgParameterGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestDSA2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestMaxLengthDER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/CaseSensitiveAliases.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/TestJKSWithSecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/WrongPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/WrongStoreType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/MessageDigest/DigestKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/MessageDigest/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/MessageDigest/TestSHAClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestDSAGenParameterSpecLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/Alias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/AliasExpansion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/TokenStore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/AbstractDrbg/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/AutoReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/CommonSeeder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/DRBGAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/SHA1PRNGReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/StrongSecureRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/StrongSeedReader.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SeedGenerator/SeedGeneratorChoice.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/X509Factory/BadPem.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/X509Factory/BigCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/OCSP/OCSPNoContentLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/BrokenRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/PrivateKeyEqualityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/SignatureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestCACerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGeneratorExponent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGeneratorInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGeneratorLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestRSAOidSupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestSigGen15.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestSignatures.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/WithoutNULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/InitAgain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/PSSKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/PSSParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/SerializedPSSKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/SignatureTest2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/SignatureTestPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/TestPSSKeySupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/TestSigGenPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ALPN/AlpnGreaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/ReadBlocksClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/ReadHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/ReadZeroBytes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/RemoveMarkReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppOutputStream/NoExceptionOnClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CertPathRestrictions/TLSRestrictions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/DisabledCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ssl/CipherSuite/LegacyConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ssl/CipherSuite/RestrictNamedGroup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/RestrictSignatureScheme.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/SSL_NULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/SupportedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ssl/ClientHandshaker/CipherSuiteOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ClientHandshaker/LengthCheckTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ClientHandshaker/RSAExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/DHKeyExchange/DHEKeySizing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/GenSSLConfigs/main.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/HandshakeOutStream/NullCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/InputRecord/ClientHelloRead.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/InputRecord/SSLSocketTimeoutNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ProtocolVersion/HttpsProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/DefaultCipherSuitePreference.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/GoodProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/MultipleChooseAlias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/NoOldVersionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/SSLContextDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/SSLContextVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/TrustTrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/CloseEngineException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/CloseStart.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLLogger/LoggingFormatConsistency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionContextImpl/Timeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/HashCodeMissing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/InvalidateSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksClientStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksServerStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumptionUpdateBoundValues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/AsyncSSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ClientModeClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ClientTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/CloseSocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/CloseSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/DisableExtensions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/IgnorableExceptionMessages.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/LargePacketAfterHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/NewSocketMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/RejectClientRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ReuseAddr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketSSLEngineCloseInbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketShouldThrowSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ServerRenegoWithTwoVersions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ServerTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SetSoTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ServerHandshaker/GetPeerHost.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ServerHandshaker/HelloExtensionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/SigSchemePropOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/Tls13NamedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SocketCreation/SocketCreation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/Stapling/StatusResponseManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509KeyManager/CertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509KeyManager/PreferredKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509KeyManager/SelectOneKeyOutOfMany.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/CacertsLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/CertRequestOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/ComodoHacker.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/internal/TestRun.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/spi/ProviderInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/DefaultSigalg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/EntriesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/JarSigningNonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/LargeJarEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/PreserveRawManifestEntryAndDigest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/tools/jarsigner/Test4431684.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/TimestampCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/TsacertOptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/warnings/NoTimestampTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CacertsOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CheckCertAKID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CloneKeyAskPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CloseFile.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/DupImport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/GenKeyPairSigner.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/GenerateAll.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/GroupName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/HasSrcStoretypeOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/ImportPrompt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/JKStoPKCS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/KeyToolTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/NewSize7.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/PKCS12Passwd.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/PrintSSL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/Serial64.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/StartDateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/StorePasswords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/UnknownAndUnparseable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/WeakAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakecacerts/TrustedCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakecacerts/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakegen/DefaultSignatureAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakegen/PSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/util/HostnameMatcher/NullHostnameCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/validator/EndEntityExtensionCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/validator/certreplace.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/validator/samedn.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/AlgorithmId/NonStandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/AlgorithmId/OmitAlgIdParam.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/URICertStore/CRLReadTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/URICertStore/ExtensionsWithLDAP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CRLImpl/OrderAndDup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CRLImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CertImpl/ECSigParamsVerifyWithCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CertImpl/V3Certificate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CertImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/BestEffortOnLazyConnected.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/jdi/JdwpAttachTest.java.JdwpAttachTest https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-s390x,aix-all -javax/net/ssl/SSLEngine/LargePacket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le -jdk/nio/zipfs/ZipFSTester.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-ppc64le,linux-s390x,aix-all diff --git a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java index 0b277792766..669e15a459d 100644 --- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java @@ -52,6 +52,9 @@ import javax.net.ssl.SSLEngine; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Test common DTLS cipher suites. */ @@ -61,13 +64,28 @@ public class CipherSuite extends DTLSOverDatagram { volatile static String cipherSuite; public static void main(String[] args) throws Exception { - if (args.length > 1 && "re-enable".equals(args[1])) { + if (args.length > 1 && "re-enable".equals(args[1]) + && !(Utils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } cipherSuite = args[0]; CipherSuite testCase = new CipherSuite(); + try { + testCase.runTest(testCase); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if (Utils.isFIPS() + && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } testCase.runTest(testCase); } @@ -81,4 +99,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception { return engine; } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java index b18238f7217..d3e8933a006 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java @@ -48,6 +48,9 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Testing DTLS engines handshake using each of the supported cipher suites with * replicated packets check. @@ -59,7 +62,9 @@ public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase { public static void main(String[] args) { DTLSHandshakeWithReplicatedPacketsTest test = new DTLSHandshakeWithReplicatedPacketsTest(); - setUpAndStartKDCIfNeeded(); + if (Utils.isFIPS()) { + setUpAndStartKDCIfNeeded(); + } test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java index 2e59cb73857..9165e4fe17a 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java @@ -53,6 +53,9 @@ import java.util.Random; import jdk.test.lib.RandomFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Testing DTLS incorrect app data packages unwrapping. Incorrect application * data packages should be ignored by DTLS SSLEngine. @@ -63,7 +66,9 @@ public class DTLSIncorrectAppDataTest extends SSLEngineTestCase { public static void main(String[] s) { DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest(); - setUpAndStartKDCIfNeeded(); + if (Utils.isFIPS()) { + setUpAndStartKDCIfNeeded(); + } test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java index 1820dbe5423..bc8bb88dd68 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java @@ -46,6 +46,7 @@ import java.util.concurrent.atomic.AtomicBoolean; import jdk.test.lib.hexdump.HexPrinter; +import jdk.test.lib.Utils; /** * An example to show the way to use SSLEngine in datagram connections. diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java index 2eb792a2d37..fbd13e7f957 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java @@ -55,6 +55,9 @@ import java.util.Random; import jdk.test.lib.RandomFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Testing DTLS records sequence number property support in application data * exchange. @@ -69,7 +72,9 @@ public class DTLSSequenceNumberTest extends SSLEngineTestCase { public static void main(String[] args) { DTLSSequenceNumberTest test = new DTLSSequenceNumberTest(); - setUpAndStartKDCIfNeeded(); + if (Utils.isFIPS()) { + setUpAndStartKDCIfNeeded(); + } test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java index f67a02b3052..54e7a3863f6 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java @@ -21,6 +21,7 @@ * questions. */ +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; import javax.net.ssl.*; @@ -51,7 +52,9 @@ public class DTLSWontNegotiateV10 { private static final int READ_TIMEOUT_SECS = Integer.getInteger("readtimeout", 30); public static void main(String[] args) throws Exception { - if (args[0].equals(DTLSV_1_0)) { + + if (args[0].equals(DTLSV_1_0) + && !(Utils.isFIPS())) { SecurityUtils.removeFromDisabledTlsAlgs(DTLSV_1_0); } @@ -74,6 +77,13 @@ public static void main(String[] args) throws Exception { break; } catch (SocketTimeoutException exc) { System.out.println("The server timed-out waiting for packets from the client."); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if (Utils.isFIPS() && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } } } if (tries == totalAttempts) { diff --git a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java index d9bb38ec15a..f87ee56e13f 100644 --- a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java @@ -41,6 +41,9 @@ import javax.net.ssl.SSLEngine; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Test common DTLS weak cipher suites. */ @@ -52,13 +55,28 @@ public class WeakCipherSuite extends DTLSOverDatagram { public static void main(String[] args) throws Exception { // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + } cipherSuite = args[0]; WeakCipherSuite testCase = new WeakCipherSuite(); - testCase.runTest(testCase); + try { + testCase.runTest(testCase); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if (Utils.isFIPS() + && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } } @Override @@ -68,4 +86,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception { return engine; } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java b/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java new file mode 100644 index 00000000000..666a409a068 --- /dev/null +++ b/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @summary Test flags used for FIPS 140-2 and FIPS 140-3 + * @run main/othervm + * TestFIPS false + * @run main/othervm + * -Dsemeru.fips=true + * TestFIPS true 140-2 + * @run main/othervm + * -Dsemeru.fips=true + * -Dsemeru.customprofile=OpenJCEPlusFIPS.FIPS140-3 + * TestFIPS true 140-3 + * @run main/othervm + * -Dsemeru.fips=true + * -Dsemeru.customprofile=OpenJCEPlusFIPS + * TestFIPS true 140-3 + */ \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java b/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java new file mode 100644 index 00000000000..180bb90a2ca --- /dev/null +++ b/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.Provider; +import java.security.Security; + +public class TestFIPS { + + private static final String SEMERU_FIPS = System.getProperty("semeru.fips"); + private static final String PROFILE = System.getProperty("semeru.customprofile"); + + public static void main(String[] args) throws Exception { + + for (Provider.Service service : Security.getProvider("SUN").getServices()) { + System.out.println("Service: " + service.getType() + " Algorithm: " + service.getAlgorithm() + " Class: " + service.getClassName()); + } + + if (SEMERU_FIPS == null) { + if (args[0].equals("false")) { + System.out.println("PASS"); + } else { + throw new FIPSException("FIPS mode should be opened before using."); + } + return; + } + + if (PROFILE == null) { + if (SEMERU_FIPS.equals(args[0])) { + if (args[0].equals("true")) { + if (System.getProperty("com.ibm.fips.mode").equals("140-2") && args[1].equals("140-2")) { + System.out.println("PASS"); + } else { + throw new FIPSException("If there is no custom profile specified, the FIPS 140-2 should be used as default."); + } + } else { + throw new FIPSException("FIPS mode is not opened."); + } + } else { + throw new FIPSException("FIPS mode and expected mode do not match."); + } + return; + } + + if (PROFILE.contains("OpenJCEPlusFIPS")) { + if (SEMERU_FIPS.equals(args[0])) { + if (args[0].equals("true")) { + if (System.getProperty("com.ibm.fips.mode").equals("140-3") && args[1].equals("140-3")) { + System.out.println("PASS"); + } else { + throw new FIPSException("FIPS profile and fips mode do not match."); + } + } else { + throw new FIPSException("FIPS mode is not opened."); + } + } + } else { + throw new FIPSException("FIPS profile is not supported in FIPS 140-3 mode."); + } + } + + public static class FIPSException extends Exception { + public FIPSException(String message) { + super(message); + } + } +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java index b1ef64ef88a..9bf77e7b50e 100644 --- a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java +++ b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java @@ -26,6 +26,7 @@ * @bug 4387882 * @summary Need to revisit the javadocs for JSSE, especially the * promoted classes. + * @library /test/lib * @run main/othervm ImplicitHandshake * * SunJSSE does not support dynamic system properties, no way to re-use @@ -37,6 +38,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ImplicitHandshake { /* @@ -191,6 +195,10 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java index d4eca8b5776..8c40bae320c 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java @@ -31,6 +31,7 @@ * @bug 6668231 * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to * fail trusted checks + * @library /test/lib * @run main/othervm CriticalSubjectAltName * @author Xuelei Fan */ @@ -53,6 +54,9 @@ import java.security.Security; import java.security.cert.Certificate; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class CriticalSubjectAltName implements HostnameVerifier { /* * ============================================================= @@ -159,10 +163,12 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + @@ -171,6 +177,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); @@ -182,7 +193,20 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new CriticalSubjectAltName(); + try { + new CriticalSubjectAltName(); + } catch (Exception e) { + if (Utils.isFIPS()) { + if (e instanceof java.security.cert.CertPathValidatorException) { + if ("Algorithm constraints check failed on signature algorithm: MD5withRSA".equals(e.getMessage())) { + System.out.println("MD5withRSA is not a supported signature algorithm."); + return; + } + } + } + e.printStackTrace(); + return; + } } Thread clientThread = null; diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java index 87ffef9c0f8..85f29bb6666 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java @@ -25,6 +25,7 @@ * @test * @bug 4482187 * @summary HttpsClient tests are failing for build 71 + * @library /test/lib * @run main/othervm GetResponseCode * * SunJSSE does not support dynamic system properties, no way to re-use @@ -37,6 +38,9 @@ import javax.net.ssl.*; import java.security.cert.Certificate; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class GetResponseCode implements HostnameVerifier { /* * ============================================================= @@ -149,6 +153,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security b/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security new file mode 100644 index 00000000000..86339bbd395 --- /dev/null +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security @@ -0,0 +1,29 @@ +# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends +# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration +# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. +# +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.name = Test-TLS-HttpsURLConnection OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.default = false +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \ + {AlgorithmParameters, DiffieHellman, *}, \ + {KeyAgreement, DiffieHellman, *}, \ + {KeyPairGenerator, DiffieHellman, *}, \ + {KeyFactory, DiffieHellman, *}, \ + {MessageDigest, MD5, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.2 = sun.security.provider.Sun [+ \ + {KeyStore, JKS, *}, \ + {KeyStore, PKCS12, *}, \ + {MessageDigest, SHA-1, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ + {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ + {AlgorithmParameters, PBEWithMD5AndDES, *}, \ + {SecretKeyFactory, PBEWithMD5AndDES, *}, \ + {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ + {Mac, HmacSHA1, *},\ + {Mac, HmacPBESHA256, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}] \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java index 4781d15972b..b913f7c7e5d 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java @@ -27,7 +27,7 @@ * @summary Add scatter/gather APIs for SSLEngine * * Check to see if the args are being parsed properly. - * + * @library /test/lib */ import javax.net.ssl.*; @@ -36,6 +36,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ArgCheck { private static boolean debug = false; @@ -258,6 +261,8 @@ static private SSLEngine createSSLEngine(String keyFile, String trustFile) KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); + ks.load(null, null); + char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(keyFile), passphrase); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java index 2ba56c85b34..7e9c6e30f62 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java @@ -41,7 +41,9 @@ import java.io.*; import java.security.*; import java.nio.*; +import java.util.*; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class Arrays { @@ -187,14 +189,20 @@ public static void main(String args[]) throws Exception { contextVersion = args[0]; // Re-enable context version if it is disabled. // If context version is SSLv3, TLSv1 needs to be re-enabled. - if (contextVersion.equals("SSLv3")) { - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); - } else if (contextVersion.equals("TLSv1") || - contextVersion.equals("TLSv1.1")) { - SecurityUtils.removeFromDisabledTlsAlgs(contextVersion); + if (!(Utils.isFIPS())) { + if (contextVersion.equals("SSLv3")) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); + } else if (contextVersion.equals("TLSv1") || + contextVersion.equals("TLSv1.1")) { + SecurityUtils.removeFromDisabledTlsAlgs(contextVersion); + } + } else { + if (!SecurityUtils.TLS_PROTOCOLS.contains(contextVersion)) { + return; + } } - Arrays test; + Arrays test = null; test = new Arrays(); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Basics.java b/test/jdk/javax/net/ssl/SSLEngine/Basics.java index 3239bfd4ce9..e0786c95e91 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Basics.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Basics.java @@ -41,6 +41,7 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class Basics { @@ -57,11 +58,15 @@ public class Basics { "/" + TRUSTSTORE_FILE; public static void main(String[] args) throws Exception { - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + if (!(Utils.isFIPS())) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); + } runTest("TLSv1.3", "TLS_AES_256_GCM_SHA384"); - runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384"); - runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); + if (!(Utils.isFIPS())) { + runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384"); + } } private static void runTest(String protocol, String cipherSuite) throws Exception { @@ -69,6 +74,7 @@ private static void runTest(String protocol, String cipherSuite) throws Exceptio KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); + char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(KEYSTORE_PATH), passphrase); diff --git a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java index 7a7ecdffa5d..d009a6a17cc 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java +++ b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java @@ -25,9 +25,8 @@ * @test * @bug 4948079 * @summary Verify return values from SSLEngine wrap/unwrap (TLSv1.2) operations - * + * @library /test/lib * @run main CheckTlsEngineResults - * * @author Brad Wetmore */ @@ -40,6 +39,13 @@ import java.io.*; import java.security.*; import java.nio.*; +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; + +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class CheckTlsEngineResults { @@ -67,6 +73,8 @@ public class CheckTlsEngineResults { private ByteBuffer clientToServer; // "reliable" transport clientEngine->serverEngine private ByteBuffer serverToClient; // "reliable" transport serverEngine->clientEngine + private static Thread catchException; + /* * Majority of the test case is here, setup is done below. */ @@ -126,8 +134,16 @@ private void test() throws Exception { SSLEngineResult result1; // clientEngine's results from last operation SSLEngineResult result2; // serverEngine's results from last operation - String [] suite1 = new String [] { - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }; + String[] suite1; + if (!(Utils.isFIPS())) { + suite1 = new String [] { + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }; + } else { + suite1 = new String [] { + // "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }; + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }; + } + String [] suite2 = new String [] { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }; @@ -154,6 +170,8 @@ private void test() throws Exception { checkResult(clientToServer, serverIn, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); + + runDelegatedTasks(serverEngine); clientToServer.compact(); @@ -189,6 +207,7 @@ private void test() throws Exception { checkResult(clientToServer, serverIn, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); + runDelegatedTasks(serverEngine); clientToServer.compact(); @@ -694,7 +713,7 @@ private void createBuffers() { log(""); } - private static void runDelegatedTasks(SSLEngine engine) { + private static void runDelegatedTasks(SSLEngine engine) throws Exception { Runnable runnable; while ((runnable = engine.getDelegatedTask()) != null) { @@ -702,6 +721,49 @@ private static void runDelegatedTasks(SSLEngine engine) { runnable.run(); } } + // private static void runDelegatedTasks(SSLEngine engine) throws Exception { + // ExecutorService executorService = Executors.newSingleThreadExecutor(); + + // // create Runnable + // Runnable myRunnable = () -> { + // System.out.println("Executing Runnable..."); + // throw new RuntimeException("Simulated exception in Runnable"); + // }; + + // RunnableCallable runnableCallable = new RunnableCallable(myRunnable); + + // Future future = executorService.submit(runnableCallable); + + // try { + // future.get(); + // } catch (Exception e) { + // System.err.println("Exception caught: " + e.getMessage()); + // e.printStackTrace(); + // } + + // executorService.shutdown(); + // } + + // static class RunnableCallable implements Callable { + // private Runnable runnable; + + // public RunnableCallable(Runnable runnable) { + // this.runnable = runnable; + // } + + // @Override + // public Void call() throws Exception { + // try { + // runnable.run(); + // } catch (Exception e) { + // System.out.println("!!!"); + // e.printStackTrace(); + // throw new RuntimeException("Exception in Runnable", e); + // } + // return null; + // } + // } + private static void log(String str) { System.out.println(str); diff --git a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java index e1ed18e9fde..593fdcf9dc6 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java @@ -27,7 +27,7 @@ * @summary Add non-blocking SSL/TLS functionality, usable with any * I/O abstraction * @author Brad Wetmore - * + * @library /test/lib * @run main/othervm ConnectionTest TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * @run main/othervm ConnectionTest TLSv1.3 TLS_AES_256_GCM_SHA384 */ @@ -44,6 +44,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ConnectionTest { private final SSLEngine clientEngine; @@ -93,6 +96,7 @@ public ConnectionTest(String enabledProtocol, String enabledCipherSuite) private SSLContext getSSLContext() throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); + char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(KEYSTORE_PATH), passphrase); @@ -597,7 +601,9 @@ private static void log(Object msg) { public static void main(String args[]) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } log(String.format("Running with %s and %s%n", args[0], args[1])); ConnectionTest ct = new ConnectionTest(args[0], args[1]); diff --git a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java index 7a4f71d8171..a5be775d9ee 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java @@ -26,6 +26,7 @@ * @bug 8133632 * @summary javax.net.ssl.SSLEngine does not properly handle received * SSL fatal alerts + * @library /test/lib * @run main EngineCloseOnAlert */ @@ -37,6 +38,9 @@ import java.security.*; import static javax.net.ssl.SSLEngineResult.HandshakeStatus.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class EngineCloseOnAlert { private static final String PATH_TO_STORES = "../etc"; @@ -53,8 +57,9 @@ public class EngineCloseOnAlert { private static KeyManagerFactory KMF; private static TrustManagerFactory TMF; - private static final String[] ONECIPHER = - { "TLS_RSA_WITH_AES_128_CBC_SHA" }; + private static final String[] ONECIPHER = (Utils.isFIPS()) ? + new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } : new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA" }; + public interface TestCase { public void runTest() throws Exception; diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java index 334091d7310..b70380312e1 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java @@ -26,7 +26,7 @@ * @bug 4981697 * @summary Rework the X509KeyManager to avoid incompatibility issues * @author Brad R. Wetmore - * + * @library /test/lib * @run main/othervm -Djdk.tls.acknowledgeCloseNotify=true ExtendedKeyEngine */ @@ -36,6 +36,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ExtendedKeyEngine { private static boolean debug = false; diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java index ef4eef3a330..ac52340eae8 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java @@ -25,6 +25,7 @@ * @test * @bug 4981697 * @summary Rework the X509KeyManager to avoid incompatibility issues + * @library /test/lib * @run main/othervm ExtendedKeySocket * * SunJSSE does not support dynamic system properties, no way to re-use @@ -90,9 +91,9 @@ SSLContext getSSLContext(boolean abs) throws Exception { SSLContext ctx = SSLContext.getInstance("TLS"); KeyStore keyKS = KeyStore.getInstance("JKS"); - keyKS.load(new FileInputStream(keyFilename), passwd); - KeyStore trustKS = KeyStore.getInstance("JKS"); + + keyKS.load(new FileInputStream(keyFilename), passwd); trustKS.load(new FileInputStream(trustFilename), passwd); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); diff --git a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java index eba6a6aa3de..45d95733d34 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java +++ b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java @@ -28,6 +28,7 @@ * @test * @bug 8233619 * @summary SSLEngine has not yet caused Solaris kernel to panic + * @library /test/lib * @run main/othervm FinishedPresent */ import javax.net.ssl.*; diff --git a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java index 295ad66646c..d8f56cb9f91 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java +++ b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java @@ -24,6 +24,7 @@ /* * @test * @bug 8042449 8299870 + * @library /test/lib * @library /javax/net/ssl/templates * @summary Verify successful handshake ignores invalid record version * diff --git a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java index 5dc19f1475e..bec04e37689 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java +++ b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java @@ -30,6 +30,7 @@ * @test * @bug 8180643 * @summary Illegal handshake message + * @library /test/lib * @run main/othervm IllegalHandshakeMessage */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java index 76c181ccff4..b8d776d5ba0 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java +++ b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java @@ -29,7 +29,7 @@ * * This is to test larger buffer arrays, and make sure the maximum * is being passed. - * + * @library /test/lib * @run main/othervm -Djsse.enableCBCProtection=false LargeBufs * * @author Brad R. Wetmore @@ -43,6 +43,9 @@ import java.nio.*; import java.util.Random; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class LargeBufs { private static boolean debug = true; @@ -181,17 +184,22 @@ private void runTest(String cipher) throws Exception { } public static void main(String args[]) throws Exception { - // reset the security property to make sure that the algorithms - // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - LargeBufs test; - test = new LargeBufs(); - test.runTest("SSL_RSA_WITH_RC4_128_MD5"); - - test = new LargeBufs(); - test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + if (!(Utils.isFIPS())) { + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + test = new LargeBufs(); + test.runTest("SSL_RSA_WITH_RC4_128_MD5"); + test = new LargeBufs(); + test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + } else { + test = new LargeBufs(); + test.runTest("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); + test = new LargeBufs(); + test.runTest("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); + } System.out.println("Test Passed."); } @@ -309,4 +317,4 @@ private static void log(String str) { System.out.println(str); } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java index c04eaf92cb0..27410985532 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java +++ b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java @@ -32,6 +32,7 @@ * @bug 6388456 * @summary Need adjustable TLS max record size for interoperability * with non-compliant + * @library /test/lib * @run main/othervm LargePacket * * @author Xuelei Fan diff --git a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java index 208fb3935ae..9252d5f4253 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java +++ b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java @@ -30,6 +30,7 @@ * @test * @bug 4495742 8190492 * @summary Demonstrate SSLEngine switch from no client auth to client auth. + * @library /test/lib * @run main/othervm NoAuthClientAuth SSLv3 * @run main/othervm NoAuthClientAuth TLSv1 * @run main/othervm NoAuthClientAuth TLSv1.1 @@ -82,6 +83,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + // Note that this test case depends on JSSE provider implementation details. public class NoAuthClientAuth { @@ -140,14 +144,22 @@ public class NoAuthClientAuth { * Main entry point for this test. */ public static void main(String args[]) throws Exception { - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + tlsProtocol = args[0]; + } else { + if (SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + tlsProtocol = args[0]; + } + } + if (tlsProtocol == null) { + return; + } if (debug) { System.setProperty("javax.net.debug", "all"); } - tlsProtocol = args[0]; - NoAuthClientAuth test = new NoAuthClientAuth(); test.runTest(); diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java index 3685dca64df..95d64024cd7 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java +++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java @@ -25,7 +25,7 @@ * @test * @bug 4965868 * @summary SSLEngineResult constructor needs null argument description - * + * @library /test/lib * @author Brad Wetmore */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java index 5b7d0c4e688..a1ddee74bb2 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java +++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java @@ -28,6 +28,7 @@ * * Helper class of SSL/TLS client/server communication. * + * @library /test/lib * @author Xuelei Fan */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java index 67387bd1661..cbda8e46ecf 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java +++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java @@ -38,6 +38,7 @@ * @author Brad Wetmore */ +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; import javax.net.ssl.*; @@ -89,7 +90,25 @@ private void createSSLEngines() { } private void test() throws Exception { - String [] suites = clientEngine.getEnabledCipherSuites(); + List tmpCipherSuites = new ArrayList<>(); + String [] suites; + if (Utils.isFIPS()) { + for (String ciphersuite : clientEngine.getEnabledCipherSuites()) { + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(ciphersuite)) { + continue; + } + if (!SecurityUtils.TLS_CIPHERSUITES.get(ciphersuite).equals(PROTOCOL)) { + continue; + } + tmpCipherSuites.add(ciphersuite); + } + if (tmpCipherSuites.size() == 0) { + return; + } + suites = tmpCipherSuites.toArray(new String[0]); + } else { + suites = clientEngine.getEnabledCipherSuites(); + } System.out.println("Enabled cipher suites for protocol " + PROTOCOL + ": " + Arrays.toString(suites)); for (String suite: suites){ @@ -224,10 +243,15 @@ public static void main(String args[]) throws Exception { if (args.length < 1) { throw new RuntimeException("Missing TLS protocol parameter."); } - - switch(args[0]) { - case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); - case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2"); + if (!(Utils.isFIPS())) { + switch(args[0]) { + case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2"); + } + } else { + if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + return; + } } TestAllSuites testAllSuites = new TestAllSuites(args[0]); diff --git a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java index 58e387bcdad..fb7eaa7c60f 100644 --- a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java @@ -30,6 +30,7 @@ * @test * @bug 7188657 * @summary There should be a way to reorder the JSSE ciphers + * @library /test/lib * @run main/othervm UseCipherSuitesOrder * TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ @@ -39,6 +40,9 @@ import javax.net.ssl.*; import java.util.Arrays; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class UseCipherSuitesOrder { /* @@ -174,6 +178,10 @@ private static void parseArguments(String[] args) throws Exception { throw new Exception("Need to enable at least two cipher suites"); } + if (Utils.isFIPS()) { + cliEnabledCipherSuites = new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}; + } + // Only need to use 2 cipher suites in server side. srvEnabledCipherSuites = Arrays.copyOf( cliEnabledCipherSuites, 2); @@ -197,7 +205,9 @@ private static void parseArguments(String[] args) throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } // parse the arguments parseArguments(args); @@ -209,6 +219,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java index 98c7afb2738..71c991227a8 100644 --- a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java +++ b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java @@ -70,7 +70,7 @@ public static void main(String[] args) throws Exception { server.close(client1); client1.close(); - // Resume the client session + // Resume the client session TLSBase.Client client2 = new TLSBase.Client(); if (server.getSession(client2).getSessionContext() == null) { throw new Exception("Context was null on resumption"); diff --git a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java index c6e9753a2c1..6cf0bdf6456 100644 --- a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java +++ b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java @@ -24,6 +24,7 @@ /* * @test * @bug 4395238 4354003 4387961 4395266 + * @library /test/lib * @summary A test of many of the new functionality to go into JSSE 1.1 * Fixed 4395238: The new certificate chains APIs should really be * returning certs, not x509 certs @@ -42,6 +43,9 @@ import javax.net.ssl.*; import java.security.cert.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class HttpsURLConnectionLocalCertificateChain implements HandshakeCompletedListener, HostnameVerifier { @@ -211,7 +215,6 @@ void doClientSide() throws Exception { myURLc = (HttpsURLConnection) myURL.openConnection(); myURLc.setHostnameVerifier(this); myURLc.connect(); - InputStream sslIS = myURLc.getInputStream(); System.out.println("Client reading..."); @@ -245,6 +248,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java index 435dd2345d6..ead62a7d310 100644 --- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java +++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java @@ -24,6 +24,7 @@ /* * @test * @bug 4280338 + * @library /test/lib * @summary "Unsupported SSL message version" SSLProtocolException * w/SSL_RSA_WITH_NULL_MD5 * @run main/othervm JSSERenegotiate @@ -40,10 +41,13 @@ import java.security.Security; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class JSSERenegotiate { - static final String suite1 = "SSL_RSA_WITH_NULL_MD5"; - static final String suite2 = "SSL_RSA_WITH_NULL_SHA"; + static String suite1; + static String suite2; static final String dataString = "This is a test"; @@ -193,7 +197,9 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the cipher suites // used in this test are not disabled - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + @@ -202,6 +208,16 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + suite1 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; + suite2 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; + } else { + suite1 = "SSL_RSA_WITH_NULL_MD5"; + suite2 = "SSL_RSA_WITH_NULL_SHA"; + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); @@ -209,7 +225,6 @@ public static void main(String[] args) throws Exception { if (debug) System.setProperty("javax.net.debug", "all"); - /* * Start the tests. */ diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java index 9495ee2d28a..9d5d8772919 100644 --- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java +++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java @@ -23,6 +23,7 @@ /* * @test + * @library /test/lib * @run main/othervm -Djavax.net.debug=ssl RenegotiateTLS13 */ @@ -40,6 +41,9 @@ import java.security.KeyStore; import java.security.SecureRandom; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class RenegotiateTLS13 { static final String dataString = "This is a test"; @@ -139,6 +143,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java index 3e70af733fb..2c3470b0336 100644 --- a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java +++ b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java @@ -27,6 +27,7 @@ /* * @test * @bug 8211806 8277881 8277307 + * @library /test/lib * @summary TLS 1.3 handshake server name indication is missing on a session resume * @run main/othervm ResumeTLS13withSNI */ @@ -38,6 +39,9 @@ import java.nio.*; import java.util.List; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ResumeTLS13withSNI { /* @@ -69,10 +73,10 @@ public class ResumeTLS13withSNI { private static final String trustStoreFile = "truststore"; private static final char[] passphrase = "passphrase".toCharArray(); - private static final String keyFilename = + private static String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile; - private static final String trustFilename = + private static String trustFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; @@ -464,7 +468,7 @@ private static KeyManagerFactory makeKeyManagerFactory(String ksPath, char[] pass) throws GeneralSecurityException, IOException { KeyManagerFactory kmf; KeyStore ks = KeyStore.getInstance("JKS"); - + try (FileInputStream fsIn = new FileInputStream(ksPath)) { ks.load(fsIn, pass); kmf = KeyManagerFactory.getInstance("SunX509"); diff --git a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java index 4e3b8e0b076..6715eba5237 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java +++ b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java @@ -24,6 +24,7 @@ /* * @test * @bug 4473210 + * @library /test/lib * @summary SSLSessionContext should be accessible from SSLContext * @run main/othervm -Djdk.tls.server.enableSessionTicketExtension=false * SSLCtxAccessToSessCtx @@ -40,6 +41,9 @@ import java.util.concurrent.atomic.AtomicInteger; import java.security.KeyStore; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLCtxAccessToSessCtx { /* @@ -172,6 +176,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); @@ -180,6 +189,7 @@ public static void main(String[] args) throws Exception { sslctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(new FileInputStream(keyFilename), passwd.toCharArray()); kmf.init(ks, passwd.toCharArray()); sslctx.init(kmf.getKeyManagers(), null, null); diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java index bb61abb35d5..c73dbcf44e5 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java @@ -29,6 +29,7 @@ /* * @test * @bug 4366807 + * @library /test/lib * @summary Need new APIs to get/set session timeout and session cache size. * @run main/othervm SessionCacheSizeTests */ @@ -39,6 +40,9 @@ import java.util.*; import java.security.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Session cache size tests cover the following cases: * 1. Effect of system property javax.net.ssl.SessionCacheSize (this @@ -305,6 +309,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java index c44c12f6c59..33b614f49d9 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java @@ -27,6 +27,7 @@ /* * @test * @bug 4366807 + * @library /test/lib * @summary Need new APIs to get/set session timeout and session cache size. * @run main/othervm SessionTimeOutTests */ @@ -41,6 +42,9 @@ import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Session reuse time-out tests cover the cases below: * 1. general test, i.e timeout is set to x and session invalidates when @@ -332,6 +336,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java index 4e56a9a655b..c4aa2c915a9 100644 --- a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java +++ b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java @@ -34,6 +34,7 @@ * 4701722 protocol mismatch exceptions should be consistent between * SSLv3 and TLSv1 * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm TestEnabledProtocols * @author Ram Marti */ @@ -52,6 +53,9 @@ import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class TestEnabledProtocols extends SSLSocketTemplate { private final String[] serverProtocols; @@ -165,121 +169,236 @@ private void failTest(Exception e, String message) { } public static void main(String[] args) throws Exception { - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - runCase(new String[] { "TLSv1" }, - new String[] { "TLSv1" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1" }, - new String[] { "TLSv1", "SSLv2Hello" }, - true, null); - runCase(new String[] { "TLSv1" }, - new String[] { "TLSv1", "SSLv3" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1" }, - new String[] { "SSLv3", "SSLv2Hello" }, - true, null); - runCase(new String[] { "TLSv1" }, - new String[] { "SSLv3" }, - true, null); - runCase(new String[] { "TLSv1" }, - new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - true, null); - - runCase(new String[] { "TLSv1", "SSLv2Hello" }, - new String[] { "TLSv1" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv2Hello" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv3" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv2Hello" }, - new String[] { "SSLv3", "SSLv2Hello" }, - true, null); - runCase(new String[] { "TLSv1", "SSLv2Hello" }, - new String[] { "SSLv3" }, - true, null); - runCase(new String[] { "TLSv1", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - false, "TLSv1"); - - runCase(new String[] { "TLSv1", "SSLv3" }, - new String[] { "TLSv1" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv3" }, - new String[] { "TLSv1", "SSLv2Hello" }, - true, null); - runCase(new String[] { "TLSv1", "SSLv3" }, - new String[] { "TLSv1", "SSLv3" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv3" }, - new String[] { "SSLv3", "SSLv2Hello" }, - true, null); - runCase(new String[] { "TLSv1", "SSLv3" }, - new String[] { "SSLv3" }, - false, "SSLv3"); - runCase(new String[] { "TLSv1", "SSLv3" }, - new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - true, null); - - runCase(new String[] { "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1" }, - true, null); - runCase(new String[] { "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv2Hello" }, - true, null); - runCase(new String[] { "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv3" }, - false, "SSLv3"); - runCase(new String[] { "SSLv3", "SSLv2Hello" }, - new String[] { "SSLv3", "SSLv2Hello" }, - false, "SSLv3"); - runCase(new String[] { "SSLv3", "SSLv2Hello" }, - new String[] { "SSLv3" }, - false, "SSLv3"); - runCase(new String[] { "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - false, "SSLv3"); - - runCase(new String[] { "SSLv3" }, - new String[] { "TLSv1" }, - true, null); - runCase(new String[] { "SSLv3" }, - new String[] { "TLSv1", "SSLv2Hello" }, - true, null); - runCase(new String[] { "SSLv3" }, - new String[] { "TLSv1", "SSLv3" }, - false, "SSLv3"); - runCase(new String[] { "SSLv3" }, - new String[] { "SSLv3", "SSLv2Hello" }, - true, null); - runCase(new String[] { "SSLv3" }, - new String[] { "SSLv3" }, - false, "SSLv3"); - runCase(new String[] { "SSLv3" }, - new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - true, null); - - runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv2Hello" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv3" }, - false, "TLSv1"); - runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - new String[] { "SSLv3", "SSLv2Hello" }, - false, "SSLv3"); - runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - new String[] { "SSLv3" }, - false, "SSLv3"); - runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, - false, "TLSv1"); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1", "SSLv3" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1" }, + new String[] { "SSLv3" }, + true, null); + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, null); + + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv2Hello" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "SSLv3" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + false, "TLSv1"); + + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1", "SSLv3" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "SSLv3" }, + false, "SSLv3"); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, null); + + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1" }, + true, null); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3" }, + false, "SSLv3"); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3", "SSLv2Hello" }, + false, "SSLv3"); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3" }, + false, "SSLv3"); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + false, "SSLv3"); + + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1" }, + true, null); + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1", "SSLv3" }, + false, "SSLv3"); + runCase(new String[] { "SSLv3" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "SSLv3" }, + new String[] { "SSLv3" }, + false, "SSLv3"); + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, null); + + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv2Hello" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3" }, + false, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3", "SSLv2Hello" }, + false, "SSLv3"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3" }, + false, "SSLv3"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + false, "TLSv1"); + } else { + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1", "SSLv3" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1" }, + new String[] { "SSLv3" }, + true, null); + runCase(new String[] { "TLSv1" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, null); + + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "SSLv3" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, "TLSv1"); + + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1", "SSLv3" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "SSLv3" }, + true, "SSLv3"); + runCase(new String[] { "TLSv1", "SSLv3" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, null); + + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1" }, + true, null); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3" }, + true, "SSLv3"); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, "SSLv3"); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3" }, + true, "SSLv3"); + runCase(new String[] { "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, "SSLv3"); + + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1" }, + true, null); + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, null); + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1", "SSLv3" }, + true, "SSLv3"); + runCase(new String[] { "SSLv3" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, null); + runCase(new String[] { "SSLv3" }, + new String[] { "SSLv3" }, + true, "SSLv3"); + runCase(new String[] { "SSLv3" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, null); + + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv2Hello" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3" }, + true, "TLSv1"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3", "SSLv2Hello" }, + true, "SSLv3"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "SSLv3" }, + true, "SSLv3"); + runCase(new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + new String[] { "TLSv1", "SSLv3", "SSLv2Hello" }, + true, "TLSv1"); + } } private static void runCase( diff --git a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java index 063befba3b7..88e9f08edae 100644 --- a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java @@ -55,6 +55,9 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + public class ClientExcOnAlert { // This is a PKCS#12 keystore created with the following command: // keytool -genkeypair -alias testcert -keyalg rsa -keysize 2048 @@ -66,6 +69,7 @@ public class ClientExcOnAlert { // file. private static int serverPort = -1; private static final String KEYSTORE_PASS = "password"; + // private static final String KEYSTORE_PEM_FIPS = ; private static final String KEYSTORE_PEM = "MIIJrwIBAzCCCWgGCSqGSIb3DQEHAaCCCVkEgglVMIIJUTCCBW0GCSqGSIb3DQEH\n" + "AaCCBV4EggVaMIIFVjCCBVIGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcN\n" + @@ -124,6 +128,7 @@ public class ClientExcOnAlert { static final Condition serverReady = lock.newCondition(); public static void main(String[] args) throws Exception { + printPEM(KEYSTORE_PEM); Thread serverThread = new Thread(() -> { try { doServerSide(); @@ -134,7 +139,6 @@ public static void main(String[] args) throws Exception { } ); serverThread.start(); - try { doClientSide((args == null || args.length < 1) ? null : args[0]); throw new RuntimeException("Expected SSLException did not occur!"); @@ -143,7 +147,6 @@ public static void main(String[] args) throws Exception { } finally { serverThread.join(); } - } static void doServerSide() throws Exception { @@ -151,11 +154,10 @@ static void doServerSide() throws Exception { SSLContext sslc = SSLContext.getInstance("TLS"); log("doServerSide start"); KeyManagerFactory kmf = createKeyManagerFactory(KEYSTORE_PEM, - KEYSTORE_PASS); + KEYSTORE_PASS); sslc.init(kmf.getKeyManagers(), null, null); SSLServerSocketFactory ssf = (SSLServerSocketFactory)sslc.getServerSocketFactory(); - try (SSLServerSocket sslServerSocket = (SSLServerSocket)ssf.createServerSocket(0)) { sslServerSocket.setReuseAddress(true); @@ -247,4 +249,24 @@ private static void log(String msgFmt, Object ... args) { sb.append(String.format(msgFmt, args)); System.out.println(sb.toString()); } -} + + private static void printPEM(String KEYSTORE_PEM) { + Base64.Decoder b64dec = Base64.getMimeDecoder(); + byte[] pemBytes = b64dec.decode(KEYSTORE_PEM); + + try { + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(pemBytes)); + + System.out.println("Certificate:"); + System.out.println(" Subject: " + cert.getSubjectX500Principal().getName()); + System.out.println(" Issuer: " + cert.getIssuerX500Principal().getName()); + System.out.println(" Serial Number: " + cert.getSerialNumber()); + System.out.println(" Valid from: " + cert.getNotBefore()); + System.out.println(" Valid until: " + cert.getNotAfter()); + System.out.println(" Public Key Algorithm: " + cert.getPublicKey().getAlgorithm()); + } catch (Exception e) { + e.printStackTrace(); + } + } +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java index bda0710f61e..0bca9ccbba0 100644 --- a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java +++ b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java @@ -30,6 +30,7 @@ * @test * @bug 8144566 * @summary Custom HostnameVerifier disables SNI extension + * @library /test/lib * @run main/othervm BestEffortOnLazyConnected */ @@ -37,6 +38,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class BestEffortOnLazyConnected { /* @@ -171,6 +175,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java index 64a62158eee..4a3ad7efd57 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java @@ -31,6 +31,7 @@ * @bug 7068321 8190492 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../SSLEngine ../templates + * @library /test/lib * @build SSLEngineService SSLCapabilities SSLExplorer * @run main/othervm SSLEngineExplorer SSLv2Hello,SSLv3 * @run main/othervm SSLEngineExplorer SSLv3 @@ -46,6 +47,9 @@ import java.nio.channels.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLEngineExplorer extends SSLEngineService { /* @@ -220,7 +224,19 @@ void checkCapabilities(SSLCapabilities capabilities, private static String[] supportedProtocols; // supported protocols private static void parseArguments(String[] args) { - supportedProtocols = args[0].split(","); + List supportProtocols = new ArrayList<>(); + for (String supportProtocol : args[0].split(",")) { + System.out.println("the args[0] is: " + supportProtocol); + if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) { + continue; + } + System.out.println("SupportProtocol is: " + supportProtocol); + supportProtocols.add(supportProtocol); + } + supportedProtocols = supportProtocols.toArray(new String[0]); + for (String s : supportedProtocols) { + System.out.println("SupportedProtocols is: " + s); + } } @@ -237,7 +253,9 @@ private static void parseArguments(String[] args) { public static void main(String args[]) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } if (debug) System.setProperty("javax.net.debug", "all"); @@ -245,8 +263,11 @@ public static void main(String args[]) throws Exception { /* * Get the customized arguments. */ + System.out.println("args is: " + args); parseArguments(args); - + if (supportedProtocols == null || supportedProtocols.length == 0) { + return; + } new SSLEngineExplorer(); } diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java index 38d999aa3ef..766a75b8b9a 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java @@ -30,6 +30,7 @@ * @test * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server + * @library /test/lib * @run main/othervm SSLSocketConsistentSNI */ @@ -40,6 +41,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketConsistentSNI { /* @@ -218,6 +222,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java index 4992553eba9..cd0f0fc179b 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java @@ -31,6 +31,7 @@ * @bug 7068321 8190492 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorer SSLv2Hello,SSLv3 * @run main/othervm SSLSocketExplorer SSLv3 @@ -47,6 +48,9 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorer { /* @@ -212,7 +216,14 @@ void checkCapabilities(SSLCapabilities capabilities, private static String[] supportedProtocols; // supported protocols private static void parseArguments(String[] args) { - supportedProtocols = args[0].split(","); + List supportProtocols = new ArrayList<>(); + for (String supportProtocol : args[0].split(",")) { + if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) { + continue; + } + supportProtocols.add(supportProtocol); + } + supportedProtocols = supportProtocols.toArray(new String[0]); } @@ -230,7 +241,9 @@ private static void parseArguments(String[] args) { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + @@ -239,6 +252,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); @@ -252,6 +270,9 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); + if (supportedProtocols == null || supportedProtocols.length == 0) { + return; + } /* * Start the tests. */ diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java index 00d00001d87..a1c0c4d873f 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerFailure SSLv2Hello,SSLv3 * @run main/othervm SSLSocketExplorerFailure SSLv3 @@ -47,6 +48,9 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerFailure { /* @@ -233,9 +237,11 @@ private static void parseArguments(String[] args) { volatile Exception clientException = null; public static void main(String[] args) throws Exception { - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - Security.setProperty("jdk.certpath.disabledAlgorithms", ""); - + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + } + String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile; diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java index 724a37e1a80..c05a454f902 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerMatchedSNI www.example.com * www\.example\.com @@ -51,6 +52,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerMatchedSNI { /* @@ -291,6 +295,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java index 8f2b7816864..40b39ba9267 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerWithCliSNI */ @@ -42,6 +43,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerWithCliSNI { /* @@ -268,6 +272,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java index f026f32e781..7897b9825e0 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerWithSrvSNI */ @@ -42,6 +43,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerWithSrvSNI { /* @@ -251,6 +255,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java index da2f422149d..28f75802608 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java @@ -31,6 +31,7 @@ /* * @test * @bug 7068321 + * @library /test/lib * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @run main/othervm SSLSocketSNISensitive PKIX www.example.com * @run main/othervm SSLSocketSNISensitive SunX509 www.example.com @@ -54,6 +55,10 @@ import java.security.interfaces.*; import java.util.Base64; +import java.io.ByteArrayInputStream; + +import jdk.test.lib.Utils; + // Note: this test case works only on TLS 1.2 and prior versions because of // the use of MD5withRSA signed certificate. public class SSLSocketSNISensitive { @@ -249,6 +254,8 @@ public class SSLSocketSNISensitive { */ static boolean debug = false; + static String[] signatureAlgos = new String[5]; + /* * Define the server side of the test. * @@ -361,6 +368,37 @@ private static void parseArguments(String[] args) { clientRequestedHostname = args[1]; } + private static void printCert(String trustedCertStr, int index) { + try { + // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace + String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "") + .replace("-----END CERTIFICATE-----", "") + .replaceAll("\\s", ""); + + // Decode the base64 string to get the certificate bytes + byte[] certBytes = Base64.getDecoder().decode(cleanedCert); + + // Create a CertificateFactory for X.509 certificates + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + + // Generate the X509Certificate object + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)); + + // Print the certificate details + System.out.println("Issuer: " + cert.getIssuerDN()); + System.out.println("Subject: " + cert.getSubjectDN()); + System.out.println("Serial Number: " + cert.getSerialNumber()); + System.out.println("Not Before: " + cert.getNotBefore()); + System.out.println("Not After: " + cert.getNotAfter()); + System.out.println("Signature Algorithm: " + cert.getSigAlgName()); + System.out.println("Version: " + cert.getVersion()); + + signatureAlgos[index] = cert.getSigAlgName(); + } catch (Exception e) { + e.printStackTrace(); + } + } + private static SSLContext generateSSLContext(boolean isClient) throws Exception { @@ -369,6 +407,7 @@ private static SSLContext generateSSLContext(boolean isClient) // create a key store KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(null, null); // import the trused cert @@ -434,10 +473,12 @@ private static SSLContext generateSSLContext(boolean isClient) public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } if (debug) System.setProperty("javax.net.debug", "all"); @@ -447,10 +488,35 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); + System.out.println("Now printing trustedCertStr=================="); + printCert(trustedCertStr, 0); + System.out.println("Now printing targetCertStr_A=================="); + printCert(targetCertStr_A, 1); + System.out.println("Now printing targetCertStr_B=================="); + printCert(targetCertStr_B, 2); + System.out.println("Now printing targetCertStr_C=================="); + printCert(targetCertStr_C, 3); + System.out.println("Now printing targetCertStr_D=================="); + printCert(targetCertStr_D, 4); /* * Start the tests. */ - new SSLSocketSNISensitive(); + try { + new SSLSocketSNISensitive(); + } catch (Exception e) { + if (Utils.isFIPS()) { + for (int i=0; i is caught."); + return; + } + } + } + e.printStackTrace(); + return; + } } Thread clientThread = null; diff --git a/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security b/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security new file mode 100644 index 00000000000..8ae3187b347 --- /dev/null +++ b/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security @@ -0,0 +1,29 @@ +# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends +# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration +# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. +# +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.name = Test-TLS-ServerName OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.default = false +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \ + {AlgorithmParameters, DiffieHellman, *}, \ + {KeyAgreement, DiffieHellman, *}, \ + {KeyPairGenerator, DiffieHellman, *}, \ + {KeyFactory, DiffieHellman, *}, \ + {MessageDigest, MD5, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.2 = sun.security.provider.Sun [+ \ + {KeyStore, JKS, *}, \ + {KeyStore, PKCS12, *}, \ + {MessageDigest, SHA-1, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ + {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ + {AlgorithmParameters, PBEWithMD5AndDES, *}, \ + {SecretKeyFactory, PBEWithMD5AndDES, *}, \ + {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ + {Mac, HmacSHA1, *},\ + {Mac, HmacPBESHA256, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}] \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java index 38b0d871c1c..826faf50b69 100644 --- a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java +++ b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java @@ -50,6 +50,8 @@ import java.util.Base64; import java.util.Collections; import java.util.List; +import java.util.Map; +import java.util.HashMap; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLServerSocket; @@ -72,7 +74,7 @@ public class CipherTestUtils { public static final SecureRandom secureRandom = new SecureRandom(); public static char[] PASSWORD = "passphrase".toCharArray(); private static final List TESTS = new ArrayList<>(3); - private static final List EXCEPTIONS + public static final List EXCEPTIONS = Collections.synchronizedList(new ArrayList<>(1)); private static final String CLIENT_PUBLIC_KEY @@ -187,6 +189,11 @@ public class CipherTestUtils { + "fpqmCkpTanyYW9U=\n" + "-----END PRIVATE KEY-----"; + public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); + public static final String PROFILE = System.getProperty("semeru.customprofile"); + public static final List TLS_PROTOCOLS = new ArrayList<>(); + public static final Map TLS_CIPHERSUITES = new HashMap<>(); + private final SSLSocketFactory factory; private final X509ExtendedKeyManager clientKeyManager; private final X509ExtendedKeyManager serverKeyManager; @@ -306,6 +313,9 @@ public static void addFailure(Exception e) { } private CipherTestUtils() throws Exception { + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY, SERVER_PRIVATE_KEY); @@ -474,6 +484,36 @@ public static void printInfo(SSLSocket socket) { System.out.println("-----------------------"); } + public static void printCert(String trustedCertStr) { + try { + // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace + String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "") + .replace("-----END CERTIFICATE-----", "") + .replaceAll("\\s", ""); + + // Decode the base64 string to get the certificate bytes + byte[] certBytes = Base64.getDecoder().decode(cleanedCert); + + // Create a CertificateFactory for X.509 certificates + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + + // Generate the X509Certificate object + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)); + + // Print the certificate details + System.out.println("Issuer: " + cert.getIssuerDN()); + System.out.println("Subject: " + cert.getSubjectDN()); + System.out.println("Serial Number: " + cert.getSerialNumber()); + System.out.println("Not Before: " + cert.getNotBefore()); + System.out.println("Not After: " + cert.getNotAfter()); + System.out.println("Signature Algorithm: " + cert.getSigAlgName()); + System.out.println("Version: " + cert.getVersion()); + + } catch (Exception e) { + e.printStackTrace(); + } + } + private static KeyStore createServerKeyStore(String publicKey, String keySpecStr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, diff --git a/test/jdk/javax/net/ssl/TLS/JSSEClient.java b/test/jdk/javax/net/ssl/TLS/JSSEClient.java index 0f510856380..be2ea12f8ff 100644 --- a/test/jdk/javax/net/ssl/TLS/JSSEClient.java +++ b/test/jdk/javax/net/ssl/TLS/JSSEClient.java @@ -30,6 +30,7 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; +import java.util.*; class JSSEClient extends CipherTestUtils.Client { @@ -42,6 +43,8 @@ class JSSEClient extends CipherTestUtils.Client { private final String host; private final String protocol; + private static final Map TLS_CIPHERSUITES = new HashMap<>(); + JSSEClient(CipherTestUtils cipherTest, String host, int port, String protocols, String ciphersuite) throws Exception { super(cipherTest, ciphersuite); @@ -111,4 +114,4 @@ void runTest(CipherTestUtils.TestParameters params) throws Exception { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLS/JSSEServer.java b/test/jdk/javax/net/ssl/TLS/JSSEServer.java index 9bd4fd0bfa0..faf00ae9e2c 100644 --- a/test/jdk/javax/net/ssl/TLS/JSSEServer.java +++ b/test/jdk/javax/net/ssl/TLS/JSSEServer.java @@ -88,4 +88,4 @@ public void close() throws IOException { serverSocket.close(); } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLS/TestJSSE.java b/test/jdk/javax/net/ssl/TLS/TestJSSE.java index 29631064011..69e487d14c4 100644 --- a/test/jdk/javax/net/ssl/TLS/TestJSSE.java +++ b/test/jdk/javax/net/ssl/TLS/TestJSSE.java @@ -21,6 +21,14 @@ * questions. */ +import java.lang.reflect.Field; + +import java.util.List; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Map; +import java.util.HashMap; + import java.net.InetAddress; import java.security.Provider; import java.security.Security; @@ -28,14 +36,38 @@ public class TestJSSE { private static final String LOCAL_IP = InetAddress.getLoopbackAddress().getHostAddress(); + private static boolean isFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); + private static final Map TLS_CIPHERSUITES = new HashMap<>(); + + private static String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, String clnProtocol) { + String protocolUsedInHandShake; + List srvProtocols = Arrays.asList(srvProtocol.split(",")); + List clnProtocols; + if (clnProtocol.equals("DEFAULT")) { + if (srvProtocols.contains("TLSv1.3")) { + protocolUsedInHandShake = "TLSv1.3"; + } else if (srvProtocols.contains("TLSv1.2")) { + protocolUsedInHandShake = "TLSv1.2"; + } else { + protocolUsedInHandShake = null; + } + } else { + clnProtocols = Arrays.asList(clnProtocol.split(",")); + if (srvProtocols.contains("TLSv1.3") && clnProtocols.contains("TLSv1.3")) { + protocolUsedInHandShake = "TLSv1.3"; + } else if (srvProtocols.contains("TLSv1.2") && clnProtocols.contains("TLSv1.2")) { + protocolUsedInHandShake = "TLSv1.2"; + } else { + protocolUsedInHandShake = null; + } + } + return protocolUsedInHandShake; + } public static void main(String... args) throws Exception { - // reset the security property to make sure that the algorithms - // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); // enable debug output - System.setProperty("javax.net.debug", "ssl,record"); + // System.setProperty("javax.net.debug", "ssl,record"); String srvProtocol = System.getProperty("SERVER_PROTOCOL"); String clnProtocol = System.getProperty("CLIENT_PROTOCOL"); @@ -43,13 +75,50 @@ public static void main(String... args) throws Exception { if (srvProtocol == null || clnProtocol == null || cipher == null) { throw new IllegalArgumentException("Incorrect parameters"); } + if (System.getProperty("jdk.tls.client.protocols") != null) { + clnProtocol = System.getProperty("jdk.tls.client.protocols"); + } System.out.println("ServerProtocol = " + srvProtocol); System.out.println("ClientProtocol = " + clnProtocol); System.out.println("Cipher = " + cipher); + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + String protocolUsedInHandShake = null; + if (!(isFIPS)) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } else { + TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + protocolUsedInHandShake = checkIfProtocolIsUsedInCommonFIPS(srvProtocol, clnProtocol); + } + try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) { client(srv.getPort(), clnProtocol, cipher, args); + } catch (Exception e) { + if (isFIPS) { + if (protocolUsedInHandShake == null || !TLS_CIPHERSUITES.containsKey(cipher) + || (protocolUsedInHandShake != null && !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))) { + if (CipherTestUtils.EXCEPTIONS.get(0) instanceof javax.net.ssl.SSLHandshakeException) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(CipherTestUtils.EXCEPTIONS.get(0).getMessage())) { + if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) { + System.out.println("Expected exception msg from client: is caught"); + } else { + System.out.println("Expected exception msg from client: is caught"); + } + } + } + } + } } } diff --git a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java index b26c82c8cfb..f3ffc3ddd14 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java +++ b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java @@ -47,9 +47,13 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /* * @test * @bug 8208496 + * @library /test/lib * @summary Test to verify concurrent behavior of TLS. * @run main/othervm ConcurrentClientAccessTest */ @@ -58,10 +62,13 @@ public class ConcurrentClientAccessTest { private static final int THREADS = 50; public static void main(String[] args) throws Exception { - - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - for (String tlsProtocol : new String[]{"TLSv1.3", "TLSv1.2", - "TLSv1.1", "TLSv1"}) { + String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}; + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } else { + protocols = new String[]{"TLSv1.3", "TLSv1.2"}; + } + for (String tlsProtocol : protocols) { System.out.printf("Protocol: %s%n", tlsProtocol); CountDownLatch tillServerReady = new CountDownLatch(1); Server server = new Server(tlsProtocol, tillServerReady); diff --git a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java index dce28edadf2..899ad928b87 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java +++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java @@ -180,7 +180,7 @@ public enum HandshakeMode { private static final String SERVER_NAME = "service.localhost"; private static final String SNI_PATTERN = ".*"; - private static final String[] TLS13_CIPHERS = { + private static String[] TLS13_CIPHERS = { "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256" @@ -188,7 +188,16 @@ public enum HandshakeMode { private static final String[] SUPPORTED_NON_KRB_CIPHERS; + private static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); + private static final String PROFILE = System.getProperty("semeru.customprofile"); + static { + if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + TLS13_CIPHERS = new String[] { + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256" + }; + } try { String[] allSupportedCiphers = getContext() .createSSLEngine().getSupportedCipherSuites(); @@ -796,10 +805,12 @@ public static void checkResult(SSLEngineResult r, */ public static SSLContext getContext() { try { - java.security.Security.setProperty( - "jdk.tls.disabledAlgorithms", ""); - java.security.Security.setProperty( - "jdk.certpath.disabledAlgorithms", ""); + if(!(ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + java.security.Security.setProperty( + "jdk.tls.disabledAlgorithms", ""); + java.security.Security.setProperty( + "jdk.certpath.disabledAlgorithms", ""); + } KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); char[] passphrase = PASSWD.toCharArray(); @@ -848,7 +859,8 @@ public static void setUpAndStartKDC() { * SSLEngineTestCase.TEST_MODE is "krb". */ public static void setUpAndStartKDCIfNeeded() { - if (TEST_MODE.equals("krb")) { + if (TEST_MODE.equals("krb") && + (!(ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")))) { setUpAndStartKDC(); } } @@ -1177,4 +1189,4 @@ private static void startKDC(String realm, Map principals, throw new RuntimeException("KDC: unexpected exception", e); } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java index 74b5c828f48..e2883ff98f6 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java @@ -37,9 +37,11 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.Security; +import java.security.Provider; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Arrays; import java.util.Base64; import java.util.concurrent.CountDownLatch; import java.util.concurrent.ExecutorService; @@ -54,9 +56,13 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /* * @test * @bug 8205111 + * @library /test/lib * @summary Test TLS with different types of supported keys. * @run main/othervm TLSTest TLSv1.3 rsa_pkcs1_sha1 TLS_AES_128_GCM_SHA256 * @run main/othervm @@ -156,10 +162,29 @@ public class TLSTest { public static void main(String[] args) throws Exception { - final String tlsProtocol = args[0]; + String tlsProtocol = args[0]; final KeyType keyType = KeyType.valueOf(args[1]); - final String cipher = args[2]; - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + String cipher = args[2]; + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } else { + if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) { + System.out.println(tlsProtocol + " is not available."); + return; + } + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipher)) { + System.out.println(cipher + " is not available."); + return; + } + if (!SecurityUtils.TLS_CIPHERSUITES.get(cipher).equals(tlsProtocol)) { + System.out.println(cipher + " does not match " + tlsProtocol); + return; + } + if (args[1].contains("sha1")) { + System.out.println("FIPS140-3 does not support SHA1."); + return; + } + } CountDownLatch serverReady = new CountDownLatch(1); Server server = new Server(tlsProtocol, keyType, cipher, serverReady); server.start(); diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java index 3fabc5bd73c..ced4d622f19 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java @@ -47,6 +47,7 @@ import java.security.KeyFactory; import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.PrivateKey; import java.security.PublicKey; @@ -71,6 +72,7 @@ import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509KeyManager; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class TLSWithEdDSA extends SSLSocketTemplate { @@ -81,7 +83,7 @@ public class TLSWithEdDSA extends SSLSocketTemplate { private static final String DEF_ALL_EE = "EE_ECDSA_SECP256R1:" + "EE_ECDSA_SECP384R1:EE_ECDSA_SECP521R1:EE_RSA_2048:" + "EE_EC_RSA_SECP256R1:EE_DSA_2048:EE_DSA_1024:EE_ED25519:EE_ED448"; - private static final List TEST_PROTOS = List.of( + private static List TEST_PROTOS = List.of( "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"); private static CertificateFactory certFac; @@ -342,7 +344,7 @@ private static KeyStore createTrustStore(String certEnumNames) * the private key or certificate entries. */ private static KeyStore createKeyStore(String certEnumNames, char[] pass) - throws GeneralSecurityException { + throws GeneralSecurityException, NoSuchAlgorithmException { KeyStore.Builder keyStoreBuilder = KeyStore.Builder.newInstance("PKCS12", null, new KeyStore.PasswordProtection(pass)); @@ -393,7 +395,7 @@ private static X509Certificate pem2Cert(String certPem) * @throws GeneralSecurityException if any decoding errors occur. */ private static PrivateKey pem2PrivKey(String keyPem, String keyAlg) - throws GeneralSecurityException { + throws GeneralSecurityException, NoSuchAlgorithmException { PKCS8EncodedKeySpec p8Spec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPem)); KeyFactory keyFac = KeyFactory.getInstance(keyAlg); @@ -556,13 +558,24 @@ protected void runClientApplication(SSLSocket socket) throws Exception { } public static void main(String[] args) throws Exception { - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1"); + if (!(Utils.isFIPS())) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1"); + } certFac = CertificateFactory.getInstance("X.509"); String testFormat; System.out.println("===== Test KeyManager alias retrieval ====="); - testKeyManager(DEF_ALL_EE, "EdDSA", - new String[] {"ee_ed25519", "ee_ed448"}); + try { + testKeyManager(DEF_ALL_EE, "EdDSA", + new String[] {"ee_ed25519", "ee_ed448"}); + } catch (NoSuchAlgorithmException nsae) { + if (Utils.isFIPS()) { + if ("EdDSA KeyFactory not available".equals(nsae.getMessage())){ + System.out.println("Expected exception msg: is caught."); + return; + } + } + } testFormat = "===== Basic Ed25519 Server-side Authentication: %s =====\n"; @@ -593,7 +606,7 @@ public static void main(String[] args) throws Exception { private static void testKeyManager(String keyStoreSpec, String keyType, String[] expAliases) - throws GeneralSecurityException, IOException { + throws GeneralSecurityException, NoSuchAlgorithmException, IOException { char[] passChar = PASSWD.toCharArray(); // Create the KeyManager factory and resulting KeyManager @@ -626,6 +639,10 @@ private static void testKeyManager(String keyStoreSpec, String keyType, private static void runtest(String testNameFmt, SessionChecker cliChk, Class cliExpExc, SessionChecker servChk, Class servExpExc) { + if (!(Utils.isFIPS())) { + TEST_PROTOS = List.of( + "TLSv1.3", "TLSv1.2"); + } TEST_PROTOS.forEach(protocol -> { clientParameters.put(ParamType.PROTOS, protocol); TLSWithEdDSA testObj = new TLSWithEdDSA(cliChk, cliExpExc, servChk, diff --git a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java index 092a6e4aee8..b39056454c8 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java @@ -46,19 +46,26 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /* * @test * @bug 8206355 8225438 + * @library /test/lib * @summary Test principal that was sent to the peer during handshake. * @run main/othervm TestSessionLocalPrincipal */ public class TestSessionLocalPrincipal { public static void main(String[] args) throws Exception { - - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - for (String tlsProtocol : new String[]{ - "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}) { + String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}; + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } else { + protocols = new String[]{"TLSv1.3", "TLSv1.2"}; + } + for (String tlsProtocol : protocols) { for (boolean clientAuth : new boolean[]{true, false}) { System.out.printf("Protocol %s: Client side auth enabled: %s%n", tlsProtocol, clientAuth); diff --git a/test/jdk/javax/net/ssl/TLSTest_java.security b/test/jdk/javax/net/ssl/TLSTest_java.security new file mode 100644 index 00000000000..3b7b200d5fe --- /dev/null +++ b/test/jdk/javax/net/ssl/TLSTest_java.security @@ -0,0 +1,20 @@ +# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends +# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration +# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. +# +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.name = Test-TLS OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.default = false +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.2 = sun.security.provider.Sun [+ \ + {KeyStore, JKS, *}, \ + {KeyStore, PKCS12, *}, \ + {MessageDigest, SHA-1, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ + {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ + {AlgorithmParameters, PBEWithMD5AndDES, *}, \ + {SecretKeyFactory, PBEWithMD5AndDES, *}, \ + {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ + {Mac, HmacSHA1, *},\ + {Mac, HmacPBESHA256, *}] diff --git a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java index 7469333e2e0..7741cde0efc 100644 --- a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java +++ b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java @@ -32,6 +32,7 @@ * @test * @bug 4873188 * @summary Support TLS 1.1 + * @library /test/lib * @run main/othervm EmptyCertificateAuthorities * @modules java.security.jgss * java.security.jgss/sun.security.jgss.krb5 @@ -62,6 +63,9 @@ import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class EmptyCertificateAuthorities { /* @@ -250,10 +254,12 @@ private void initialize() throws CertificateException { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + @@ -273,7 +279,19 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new EmptyCertificateAuthorities(); + try { + new EmptyCertificateAuthorities(); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if (Utils.isFIPS()) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } } Thread clientThread = null; diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java index 24933838e05..91a81be9765 100644 --- a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java +++ b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java @@ -51,6 +51,7 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class GenericBlockCipher { @@ -150,7 +151,7 @@ void doClientSide() throws Exception { // enable a block cipher sslSocket.setEnabledCipherSuites( - new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"}); + new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"}); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -175,7 +176,9 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // Re-enable TLSv1.1 since test depends on it. - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + if (!(Utils.isFIPS())) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + @@ -195,7 +198,19 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new GenericBlockCipher(); + try { + new GenericBlockCipher(); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if (Utils.isFIPS()) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } } Thread clientThread = null; diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java index 99a6599c129..6394e80c6fc 100644 --- a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java +++ b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java @@ -27,6 +27,7 @@ * @test * @bug 4873188 * @summary Support TLS 1.1 + * @library /test/lib * @modules java.security.jgss * java.security.jgss/sun.security.jgss.krb5 * java.security.jgss/sun.security.krb5:+open @@ -51,6 +52,9 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class GenericStreamCipher { /* @@ -107,7 +111,7 @@ void doServerSide() throws Exception { // enable a stream cipher sslServerSocket.setEnabledCipherSuites( - new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); + new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); serverPort = sslServerSocket.getLocalPort(); @@ -152,7 +156,7 @@ void doClientSide() throws Exception { // enable a stream cipher sslSocket.setEnabledCipherSuites( - new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); + new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -178,7 +182,9 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + @@ -198,7 +204,19 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new GenericStreamCipher(); + try { + new GenericStreamCipher(); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if (Utils.isFIPS()) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } } Thread clientThread = null; diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java index 39937f8b743..6de3768863b 100644 --- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java +++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java @@ -31,6 +31,7 @@ * @bug 8139565 * @summary Restrict certificates with DSA keys less than 1024 bits * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm DisabledShortDSAKeys PKIX TLSv1.2 * @run main/othervm DisabledShortDSAKeys SunX509 TLSv1.2 * @run main/othervm DisabledShortDSAKeys PKIX TLSv1.1 @@ -54,6 +55,8 @@ import java.security.interfaces.*; import java.util.Base64; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class DisabledShortDSAKeys extends SSLContextTemplate { @@ -175,11 +178,12 @@ protected ContextParameters getClientContextParameters() { volatile Exception clientException = null; public static void main(String[] args) throws Exception { - Security.setProperty("jdk.certpath.disabledAlgorithms", - "DSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "DSA keySize < 1024"); - + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "DSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "DSA keySize < 1024"); + } if (debug) { System.setProperty("javax.net.debug", "all"); } diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java index 3f275d8a285..36e4c61aab6 100644 --- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java +++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java @@ -31,6 +31,7 @@ * @bug 7109274 * @summary Consider disabling support for X.509 certificates with RSA keys * less than 1024 bits + * @library /test/lib * @library /javax/net/ssl/templates * @run main/othervm DisabledShortRSAKeys PKIX TLSv1.2 * @run main/othervm DisabledShortRSAKeys SunX509 TLSv1.2 @@ -46,6 +47,9 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class DisabledShortRSAKeys extends SSLSocketTemplate { /* @@ -63,14 +67,24 @@ public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) { @Override public SSLContext createClientSSLContext() throws Exception { - return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null, + if (Utils.isFIPS()) { + return createSSLContext(new Cert[]{Cert.CA_RSA_2048}, null, + new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } else { + return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null, new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } } @Override public SSLContext createServerSSLContext() throws Exception { - return createSSLContext(null, new Cert[]{Cert.EE_RSA_512}, + if (Utils.isFIPS()) { + return createSSLContext(new Cert[]{Cert.EE_RSA_2048}, null, new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } else { + return createSSLContext(null, new Cert[]{Cert.EE_RSA_512}, + new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } } @Override @@ -109,10 +123,12 @@ protected void runClientApplication(SSLSocket socket) throws Exception { } public static void main(String[] args) throws Exception { - Security.setProperty("jdk.certpath.disabledAlgorithms", - "RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "RSA keySize < 1024"); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "RSA keySize < 1024"); + } if (debug) { System.setProperty("javax.net.debug", "all"); @@ -126,4 +142,4 @@ public static void main(String[] args) throws Exception { */ new DisabledShortRSAKeys(tmAlgorithm, enabledProtocol).run(); } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java index ec58bc74d0c..152ac7aed87 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java +++ b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java @@ -27,6 +27,7 @@ /* * @test * @bug 8052406 + * @library /test/lib * @summary SSLv2Hello protocol may be filter out unexpectedly * @run main/othervm ProtocolFilter */ @@ -35,6 +36,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ProtocolFilter { /* @@ -90,8 +94,13 @@ void doServerSide() throws Exception { (SSLServerSocket) sslssf.createServerSocket(serverPort); // Only enable cipher suites for TLS v1.2. - sslServerSocket.setEnabledCipherSuites( - new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"}); + if (Utils.isFIPS()) { + sslServerSocket.setEnabledCipherSuites( + new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}); + } else { + sslServerSocket.setEnabledCipherSuites( + new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"}); + } serverPort = sslServerSocket.getLocalPort(); @@ -163,6 +172,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java index c9ff202bd2c..c53ae0dd9b2 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java +++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java @@ -29,6 +29,7 @@ /* * @test * @bug 7106773 + * @library /test/lib * @summary 512 bits RSA key cannot work with SHA384 and SHA512 * * SunJSSE does not support dynamic system properties, no way to re-use @@ -43,6 +44,8 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ShortRSAKey512 extends SSLContextTemplate { @@ -170,9 +173,11 @@ private static void parseArguments(String[] args) { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } if (debug) System.setProperty("javax.net.debug", "all"); @@ -185,7 +190,14 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new ShortRSAKey512(); + try { + new ShortRSAKey512(); + } catch (java.security.spec.InvalidKeySpecException ikse) { + if (Utils.isFIPS()) { + System.out.println("Inappropriate key specification: RSA keys must be at least 1024 bits long"); + return; + } + } } Thread clientThread = null; @@ -304,4 +316,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java index df6767eadfb..d5b38ad67f1 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java +++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java @@ -33,6 +33,7 @@ * @bug 7030966 * @summary Support AEAD CipherSuites * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm ShortRSAKeyGCM PKIX TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * @run main/othervm ShortRSAKeyGCM PKIX TLS_RSA_WITH_AES_128_GCM_SHA256 * @run main/othervm ShortRSAKeyGCM PKIX TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 @@ -70,6 +71,8 @@ import java.security.spec.*; import java.security.interfaces.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ShortRSAKeyGCM extends SSLContextTemplate { @@ -196,9 +199,11 @@ protected ContextParameters getClientContextParameters() { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } if (debug) { System.setProperty("javax.net.debug", "all"); @@ -209,10 +214,29 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); + if (Utils.isFIPS()) { + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + System.out.println(cipherSuite + " is not supported."); + return; + } + } + /* * Start the tests. */ - new ShortRSAKeyGCM(); + try { + new ShortRSAKeyGCM(); + } catch (java.security.spec.InvalidKeySpecException ikse) { + if (Utils.isFIPS()) { + if ("Inappropriate key specification: RSA keys must be at least 1024 bits long".equals(ikse.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } } Thread clientThread = null; @@ -337,4 +361,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java index 52191ec0882..ac8c5d986ca 100644 --- a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java +++ b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java @@ -33,6 +33,7 @@ * @bug 8049321 * @summary Support SHA256WithDSA in JSSE * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm SignatureAlgorithms PKIX "SHA-224,SHA-256" * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-224" @@ -54,6 +55,9 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SignatureAlgorithms extends SSLContextTemplate { /* @@ -79,11 +83,11 @@ public class SignatureAlgorithms extends SSLContextTemplate { */ volatile boolean serverReady = false; - private final Cert[] SERVER_CERTS = { - SSLContextTemplate.Cert.EE_DSA_SHA1_1024, - SSLContextTemplate.Cert.EE_DSA_SHA224_1024, - SSLContextTemplate.Cert.EE_DSA_SHA256_1024, - }; + private static Cert[] SERVER_CERTS = { + SSLContextTemplate.Cert.EE_DSA_SHA1_1024, + SSLContextTemplate.Cert.EE_DSA_SHA224_1024, + SSLContextTemplate.Cert.EE_DSA_SHA256_1024, +}; /* * Define the server side of the test. @@ -133,8 +137,14 @@ void doClientSide() throws Exception { while (!serverReady) { Thread.sleep(50); } + Cert[] trustedCerts; - SSLContext context = createSSLContext(new Cert[]{Cert.CA_DSA_SHA1_1024}, null, getClientContextParameters()); + if (Utils.isFIPS()) { + trustedCerts = new Cert[]{Cert.CA_RSA_2048}; + } else { + trustedCerts = new Cert[]{Cert.CA_DSA_SHA1_1024}; + } + SSLContext context = createSSLContext(trustedCerts, null, getClientContextParameters()); SSLSocketFactory sslsf = context.getSocketFactory(); try (SSLSocket sslSocket = @@ -143,6 +153,7 @@ void doClientSide() throws Exception { // enable TLSv1.2 only sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"}); + System.out.println("In client side, the cipherSuite is: " + cipherSuite); // enable a block cipher sslSocket.setEnabledCipherSuites(new String[] {cipherSuite}); @@ -262,17 +273,31 @@ public static void main(String[] args) throws Exception { return; } - /* - * Expose the target algorithms by diabling unexpected algorithms. - */ - Security.setProperty( - "jdk.certpath.disabledAlgorithms", disabledAlgorithms); + if (!(Utils.isFIPS())) { + /* + * Expose the target algorithms by diabling unexpected algorithms. + */ + Security.setProperty( + "jdk.certpath.disabledAlgorithms", disabledAlgorithms); - /* - * Reset the security property to make sure that the algorithms - * and keys used in this test are not disabled by default. - */ - Security.setProperty( "jdk.tls.disabledAlgorithms", ""); + /* + * Reset the security property to make sure that the algorithms + * and keys used in this test are not disabled by default. + */ + Security.setProperty( "jdk.tls.disabledAlgorithms", ""); + } else { + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + System.out.println(cipherSuite + " is not available."); + } else if (!SecurityUtils.TLS_CIPHERSUITES.get(cipherSuite).equals("TLSv1.2")) { + System.out.println(cipherSuite + " does not match TLSv1.2"); + } + SERVER_CERTS = new Cert[] { + SSLContextTemplate.Cert.EE_RSA_2048 + }; + disabledAlgorithms = "SHA-1"; + // cipherSuite = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; + cipherSuite = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; + } /* * Start the tests. @@ -402,4 +427,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java index da68b027e2d..bcc8950e9a6 100644 --- a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java +++ b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java @@ -35,6 +35,7 @@ * @test * @bug 8247630 * @summary Use two key share entries + * @library /test/lib * @run main/othervm ClientHelloKeyShares 29 23 * @run main/othervm -Djdk.tls.namedGroups=secp384r1,secp521r1,x448,ffdhe2048 ClientHelloKeyShares 24 30 * @run main/othervm -Djdk.tls.namedGroups=brainpoolP512r1tls13,x448,ffdhe2048 ClientHelloKeyShares 33 30 @@ -50,6 +51,8 @@ import java.nio.ByteBuffer; import java.util.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ClientHelloKeyShares { @@ -69,9 +72,28 @@ public static void main(String args[]) throws Exception { // values which will be the expected NamedGroup IDs in the key_share // extension. Expected named group assertions may also be affected // by setting the jdk.tls.namedGroups System property. + List expectedKeyShares = new ArrayList<>(); Arrays.stream(args).forEach(arg -> expectedKeyShares.add(Integer.valueOf(arg))); + if (Utils.isFIPS()) { + expectedKeyShares.clear(); + Map supportKeyShares = new HashMap<>(); + supportKeyShares.put("secp256r1", 23); + supportKeyShares.put("secp384r1", 24); + supportKeyShares.put("secp521r1", 25); + + if (System.getProperty("jdk.tls.namedGroups") == null) { + expectedKeyShares.add(23); + } else { + for (String nameGroup: System.getProperty("jdk.tls.namedGroups").split(",")) { + if (supportKeyShares.containsKey(nameGroup)) { + expectedKeyShares.add(supportKeyShares.get(nameGroup)); + break; + } + } + } + } SSLContext sslCtx = SSLContext.getDefault(); SSLEngine engine = sslCtx.createSSLEngine(); @@ -82,7 +104,19 @@ public static void main(String args[]) throws Exception { ByteBuffer.allocateDirect(session.getPacketBufferSize()); // Create and check the ClientHello message - SSLEngineResult clientResult = engine.wrap(clientOut, cTOs); + SSLEngineResult clientResult = null; + try { + clientResult = engine.wrap(clientOut, cTOs); + } catch (java.lang.ExceptionInInitializerError eiie) { + Throwable cause = eiie.getCause(); + if (cause instanceof java.lang.IllegalArgumentException) { + if (Utils.isFIPS() + && ("System property jdk.tls.namedGroups(" + System.getProperty("jdk.tls.namedGroups") + ") contains no supported named groups").equals(cause.getMessage())) { + System.out.println("Expected msg is caught."); + return; + } + } + } logResult("client wrap: ", clientResult); if (clientResult.getStatus() != SSLEngineResult.Status.OK) { throw new RuntimeException("Client wrap got status: " + @@ -155,6 +189,7 @@ private static void checkClientHello(ByteBuffer data, int ver_major = Byte.toUnsignedInt(data.get()); int ver_minor = Byte.toUnsignedInt(data.get()); int recLen = Short.toUnsignedInt(data.getShort()); + System.out.println("TLS record header length: " + recLen); // Simple sanity checks if (type != 22) { @@ -169,6 +204,7 @@ private static void checkClientHello(ByteBuffer data, int msgHdr = data.getInt(); int msgType = (msgHdr >> 24) & 0x000000FF; int msgLen = msgHdr & 0x00FFFFFF; + System.out.println("handshake message header length: " + msgLen); // More simple sanity checks if (msgType != 1) { @@ -181,18 +217,21 @@ private static void checkClientHello(ByteBuffer data, // Jump past the session ID (if there is one) int sessLen = Byte.toUnsignedInt(data.get()); if (sessLen != 0) { + System.out.println("session ID is not null, length is: " + sessLen); data.position(data.position() + sessLen); } // Jump past the cipher suites int csLen = Short.toUnsignedInt(data.getShort()); if (csLen != 0) { + System.out.println("cipher suites ID is not null, length is: " + csLen); data.position(data.position() + csLen); } // ...and the compression int compLen = Byte.toUnsignedInt(data.get()); if (compLen != 0) { + System.out.println("compression is not null, length is: " + compLen); data.position(data.position() + compLen); } @@ -202,22 +241,26 @@ private static void checkClientHello(ByteBuffer data, boolean foundSupVer = false; boolean foundKeyShare = false; int extsLen = Short.toUnsignedInt(data.getShort()); + System.out.println("extsLen is: " + extsLen); List supGrpList = new ArrayList<>(); List chKeyShares = new ArrayList<>(); while (data.hasRemaining()) { int extType = Short.toUnsignedInt(data.getShort()); int extLen = Short.toUnsignedInt(data.getShort()); boolean foundTLS13 = false; + System.out.println("extension type is: " + extType); switch (extType) { case HELLO_EXT_SUPP_GROUPS: + System.out.println("This extType is HELLO_EXT_SUPP_GROUPS. extension type is: " + extType); int supGrpLen = Short.toUnsignedInt(data.getShort()); for (int remain = supGrpLen; remain > 0; remain -= 2) { supGrpList.add(Short.toUnsignedInt(data.getShort())); } break; case HELLO_EXT_SUPP_VERS: + System.out.println("This extType is HELLO_EXT_SUPP_VERS. extension type is: " + extType); foundSupVer = true; - int supVerLen = Byte.toUnsignedInt(data.get()); + int supVerLen = Byte.toUnsignedInt(data.get()); // 04 for (int remain = supVerLen; remain > 0; remain -= 2) { foundTLS13 |= (Short.toUnsignedInt(data.getShort()) == TLS_PROT_VER_13); @@ -229,13 +272,18 @@ private static void checkClientHello(ByteBuffer data, } break; case HELLO_EXT_KEY_SHARE: + System.out.println("This extType is HELLO_EXT_KEY_SHARE. extension type is: " + extType); foundKeyShare = true; int ksListLen = Short.toUnsignedInt(data.getShort()); + System.out.println("ksListLen before while-loop is: " + ksListLen); while (ksListLen > 0) { - chKeyShares.add(Short.toUnsignedInt(data.getShort())); + int ks = Short.toUnsignedInt(data.getShort()); + System.out.println("keyshare is: " + ks); + chKeyShares.add(ks); int ksLen = Short.toUnsignedInt(data.getShort()); data.position(data.position() + ksLen); ksListLen -= (4 + ksLen); + System.out.println("ksListLen is: " + ksListLen); } break; default: diff --git a/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java index 313b2c5084b..cf5ab2224b4 100644 --- a/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java +++ b/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java @@ -45,6 +45,7 @@ import java.util.Map; import java.util.Objects; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class HRRKeyShares { @@ -311,8 +312,9 @@ private static void hrrKeyShareTest(int hrrNamedGroup, boolean expectedPass) if (!initialCh.suppVersions.contains(TLS_PROT_VER_13)) { throw new RuntimeException( "Missing TLSv1.3 protocol in supported_versions"); - } else if (!initialCh.keyShares.containsKey(NG_X25519) || - !initialCh.keyShares.containsKey(NG_SECP256R1)) { + } else if (!(Utils.isFIPS()) && + (!initialCh.keyShares.containsKey(NG_X25519) || + !initialCh.keyShares.containsKey(NG_SECP256R1))) { throw new RuntimeException( "Missing one or more expected KeyShares"); } diff --git a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java index 855e34b57f0..aef00a6e65a 100644 --- a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +++ b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java @@ -25,6 +25,7 @@ * @test * @bug 8076221 8211883 8279164 * @summary Check if weak cipher suites are disabled + * @library /test/lib * @modules jdk.crypto.ec * @run main/othervm DisabledAlgorithms default * @run main/othervm DisabledAlgorithms empty @@ -45,6 +46,9 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class DisabledAlgorithms { private static final String pathToStores = "../etc"; @@ -129,6 +133,9 @@ public static void main(String[] args) throws Exception { checkFailure(disabled_ciphersuites); break; case "empty": + if (Utils.isFIPS()) { + return; + } // reset jdk.tls.disabledAlgorithms Security.setProperty("jdk.tls.disabledAlgorithms", ""); System.out.println("jdk.tls.disabledAlgorithms = " @@ -406,4 +413,4 @@ static SSLClient init(int port, String ciphersuite) } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java index 00c19241f58..9e07ab3598c 100644 --- a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java +++ b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java @@ -410,4 +410,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java index c147f732ec5..5c9dfbd4b15 100644 --- a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java +++ b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java @@ -778,4 +778,4 @@ private static String dumpHexBytes(ByteBuffer data, int itemsPerLine, return sb.toString(); } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java index 69611763e32..261e287da18 100644 --- a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java +++ b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java @@ -24,6 +24,7 @@ /* * @test * @summary Test behavior related to finalize + * @library /test/lib * @run main/othervm SSLSessionFinalizeTest * @run main/othervm/policy=security.policy SSLSessionFinalizeTest */ @@ -41,6 +42,10 @@ import javax.net.ssl.SSLSessionBindingListener; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.SSLContext; + +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSessionFinalizeTest { @@ -93,6 +98,7 @@ public class SSLSessionFinalizeTest { void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); + SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); @@ -104,6 +110,9 @@ void doServerSide() throws Exception { while (serverReady) { SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); + SSLSession sslSession = sslSocket.getSession(); + System.out.println("Cipher Suite used: " + sslSession.getCipherSuite()); + // System.out.printf(" accept: %s%n", sslSocket); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -192,6 +201,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if (Utils.isFIPS()) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java index caa96cdb224..09a36ced12c 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java @@ -25,6 +25,7 @@ * @test * @bug 4750141 4895631 8217579 8163326 8279164 * @summary Check enabled and supported ciphersuites are correct + * @library /test/lib * @run main/othervm CheckCipherSuites default * @run main/othervm CheckCipherSuites limited */ @@ -33,6 +34,9 @@ import java.security.Security; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class CheckCipherSuites { // List of enabled cipher suites when the "crypto.policy" security @@ -130,6 +134,21 @@ public class CheckCipherSuites { "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }; + // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security + // property is set. + private final static String[] ENABLED_FIPS = { + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + }; + // List of supported cipher suites when the "crypto.policy" security // property is set to "unlimited" (the default value). private final static String[] SUPPORTED_DEFAULT = { @@ -225,6 +244,21 @@ public class CheckCipherSuites { "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }; + // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security + // property is set. + private final static String[] SUPPORTED_FIPS = { + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + }; + private static void showSuites(String[] suites) { if ((suites == null) || (suites.length == 0)) { System.out.println(""); @@ -243,7 +277,12 @@ public static void main(String[] args) throws Exception { String[] ENABLED; String[] SUPPORTED; - if (args[0].equals("default")) { + String[] FIPS; + + if (Utils.isFIPS()) { + ENABLED = ENABLED_FIPS; + SUPPORTED = SUPPORTED_FIPS; + } else if (args[0].equals("default")) { ENABLED = ENABLED_DEFAULT; SUPPORTED = SUPPORTED_DEFAULT; } else if (args[0].equals("limited")) { diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java index 2817e3400ab..c43279527f8 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java @@ -20,10 +20,11 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ -import java.util.Arrays; +import java.util.*; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; /* @@ -77,20 +78,63 @@ public class SystemPropCipherSuitesOrder extends SSLSocketTemplate { private final String protocol; - private static String[] servercipherSuites; - private static String[] clientcipherSuites; + private static String[] servercipherSuites = null; + private static String[] clientcipherSuites = null; public static void main(String[] args) { - servercipherSuites + + if (Utils.isFIPS()) { + // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + // System.out.println(args[0] + " is not supported in FIPS 140-3."); + // return; + // } + List tmpClient = new ArrayList<>(); + if (System.getProperty("jdk.tls.client.cipherSuites") != null) { + for (String clientcipherSuite : toArray(System.getProperty("jdk.tls.client.cipherSuites"))) { + if (SecurityUtils.TLS_CIPHERSUITES.containsKey(clientcipherSuite)) { + tmpClient.add(clientcipherSuite); + System.out.println("jdk.tls.client.cipherSuites: " + clientcipherSuite); + } + } + } + List tmpServer = new ArrayList<>(); + if (System.getProperty("jdk.tls.server.cipherSuites") != null) { + for (String servercipherSuite : toArray(System.getProperty("jdk.tls.server.cipherSuites"))) { + if (SecurityUtils.TLS_CIPHERSUITES.containsKey(servercipherSuite)) { + tmpServer.add(servercipherSuite); + System.out.println("jdk.tls.server.cipherSuites: " + servercipherSuite); + } + } + } + if (tmpClient.size() != 0) { + clientcipherSuites = tmpClient.toArray(new String[0]); + } + if (tmpServer.size() != 0) { + servercipherSuites = tmpServer.toArray(new String[0]); + } + + } else { + servercipherSuites = toArray(System.getProperty("jdk.tls.server.cipherSuites")); - clientcipherSuites + clientcipherSuites = toArray(System.getProperty("jdk.tls.client.cipherSuites")); + } System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n", Arrays.deepToString(servercipherSuites), Arrays.deepToString(clientcipherSuites)); try { new SystemPropCipherSuitesOrder(args[0]).run(); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if (Utils.isFIPS()) { + if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0]) + || (servercipherSuites == null && clientcipherSuites == null)) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught."); + return; + } + } + } } catch (Exception e) { throw new RuntimeException(e); } @@ -100,7 +144,9 @@ private SystemPropCipherSuitesOrder(String protocol) { this.protocol = protocol; // Re-enable protocol if disabled. if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { - SecurityUtils.removeFromDisabledTlsAlgs(protocol); + if (!(Utils.isFIPS())) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol); + } } } diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java index c2171d80889..87371ae3122 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java @@ -24,6 +24,7 @@ import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; /* @@ -59,6 +60,12 @@ public class TLSCipherSuitesOrder extends SSLSocketTemplate { public static void main(String[] args) { PROTOCOL protocol = PROTOCOL.valueOf(args[0]); + if (Utils.isFIPS()) { + if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + System.out.println(args[0] + " is not supported in FIPS 140-3."); + return; + } + } try { new TLSCipherSuitesOrder(protocol.getProtocol(), protocol.getCipherSuite(args[1]), diff --git a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java index 39e88abce8e..8c5135723cb 100644 --- a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java +++ b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java @@ -58,6 +58,8 @@ public class CipherTest { static SecureRandom secureRandom; private static PeerFactory peerFactory; + public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); + public static final String PROFILE = System.getProperty("semeru.customprofile"); static abstract class Server implements Runnable { @@ -135,8 +137,24 @@ private CipherTest(PeerFactory peerFactory) throws IOException { factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); SSLSocket socket = (SSLSocket)factory.createSocket(); String[] cipherSuites = socket.getSupportedCipherSuites(); - String[] protocols = socket.getSupportedProtocols(); - String[] clientAuths = {null, "RSA", "DSA"}; + String[] protocols = null; + String[] clientAuths = null; + if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + clientAuths = new String[]{null, "RSA"}; + List tmp = new ArrayList<>(); + for (String protocol : socket.getSupportedProtocols()) { + if (protocol.equals("TLSv1.2") || protocol.equals("TLSv1.3")) { + tmp.add(protocol); + } + } + if (tmp.size() == 0 || tmp == null) { + return; + } + protocols = tmp.toArray(new String[0]); + } else { + clientAuths = new String[]{null, "RSA", "DSA"}; + protocols = socket.getSupportedProtocols(); + } tests = new ArrayList( cipherSuites.length * protocols.length * clientAuths.length); for (int j = 0; j < protocols.length; j++) { @@ -248,6 +266,16 @@ public final void run() { try { runTest(params); System.out.println("Passed " + params); + } catch (javax.net.ssl.SSLException sslException) { + if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if ("DSA signing not supported in FIPS".equals(sslException.getMessage())) { + System.out.println("Expected exception msg: is caught."); + } else { + cipherTest.setFailed(); + System.out.println("** Failed " + params + "**"); + sslException.printStackTrace(); + } + } } catch (Exception e) { cipherTest.setFailed(); System.out.println("** Failed " + params + "**"); diff --git a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java index 09e40c033b3..179ab260d5a 100644 --- a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java +++ b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java @@ -27,17 +27,22 @@ * @summary Verify that all ciphersuites work in all configurations * @author Andreas Sterbenz * @library ../../TLSCommon + * @library /test/lib * @run main/othervm/timeout=300 ClientJSSEServerJSSE */ import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ClientJSSEServerJSSE { public static void main(String[] args) throws Exception { // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + if (!(Utils.isFIPS())) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + } CipherTest.main(new JSSEFactory(), args); } diff --git a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java index dcf0fab42c9..8a4e9e6afe1 100644 --- a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java +++ b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java @@ -25,11 +25,15 @@ * @test * @bug 4635454 6208022 8130181 * @summary Check pluggability of SSLContext class. + * @library /test/lib */ import java.security.*; import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class CheckSSLContextExport extends Provider { private static String info = "test provider for JSSE pluggability"; @@ -45,8 +49,12 @@ public static void test(String protocol) throws Exception { String providerName = mySSLContext.getProvider().getName(); if (!providerName.equals("TestJSSEPluggability")) { - System.out.println(providerName + "'s SSLContext is used"); - throw new Exception("...used the wrong provider: " + providerName); + if (!(Utils.isFIPS())) { + System.out.println(providerName + "'s SSLContext is used"); + throw new Exception("...used the wrong provider: " + providerName); + } else { + System.out.println("In FIPS mode, we dont support customized provider yet, " + providerName + "'s SSLContext is used"); + } } for (int i = 0; i < 2; i++) { boolean standardCiphers = true; @@ -112,7 +120,16 @@ public static void main(String[] argv) throws Exception { try { for (int i = 0; i < protocols.length; i++) { System.out.println("Testing " + protocols[i] + "'s SSLContext"); - test(protocols[i]); + try { + test(protocols[i]); + } catch (java.lang.IllegalStateException ise) { + if (Utils.isFIPS()) { + if (protocols[i].equals("SSL") && "SSLContext is not initialized".equals(ise.getMessage())) { + System.out.println("SSL is not supported in FIPS140-3."); + continue; + } + } + } } System.out.println("Test Passed"); } finally { diff --git a/test/jdk/javax/net/ssl/templates/NetSslUtils.java b/test/jdk/javax/net/ssl/templates/NetSslUtils.java new file mode 100644 index 00000000000..14b611d4e4e --- /dev/null +++ b/test/jdk/javax/net/ssl/templates/NetSslUtils.java @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + import java.security.Security; + import java.security.Provider; + import java.util.List; + import java.util.ArrayList; + import java.util.Map; + import java.util.HashMap; + + import java.io.FileInputStream; + import java.io.FileOutputStream; + import java.security.KeyStore; + import java.security.Key; + import java.security.cert.Certificate; + import java.util.Enumeration; + + public class NetSslUtils { + public static final List TLS_PROTOCOLS = new ArrayList<>(); + public static final Map TLS_CIPHERSUITES = new HashMap<>(); + + public static final String isFIPS = System.getProperty("semeru.fips"); + public static boolean isFIPS() { + System.out.println("semeru.fips is: " + System.getProperty("semeru.fips")); + return Boolean.parseBoolean(isFIPS); + } + + public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile"); + public static String getFipsProfile() { + System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile")); + return FIPS_PROFILE; + } + + public static String revertJKSToPKCS12(String keyFilename, String passwd) { + String p12keyFilename = keyFilename + ".p12"; + try { + KeyStore jksKeystore = KeyStore.getInstance("JKS"); + try (FileInputStream fis = new FileInputStream(keyFilename)) { + jksKeystore.load(fis, passwd.toCharArray()); + } + + KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12"); + pkcs12Keystore.load(null, null); + + Enumeration aliasesKey = jksKeystore.aliases(); + while (aliasesKey.hasMoreElements()) { + String alias = aliasesKey.nextElement(); + if (jksKeystore.isKeyEntry(alias)) { + char[] keyPassword = passwd.toCharArray(); + Key key = jksKeystore.getKey(alias, keyPassword); + Certificate[] chain = jksKeystore.getCertificateChain(alias); + pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain); + } else if (jksKeystore.isCertificateEntry(alias)) { + Certificate cert = jksKeystore.getCertificate(alias); + pkcs12Keystore.setCertificateEntry(alias, cert); + } + } + + try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) { + pkcs12Keystore.store(fos, passwd.toCharArray()); + } + System.out.println("JKS keystore converted to PKCS12 successfully."); + } catch (Exception e) { + e.printStackTrace(); + } + return p12keyFilename; + } + + static { + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + + TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + } + } \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java index 568575faaee..a2b36f20b6e 100644 --- a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java @@ -111,8 +111,7 @@ protected TrustManager createTrustManager(Cert[] trustedCerts, ContextParameters params) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream is; - - KeyStore ts = KeyStore.getInstance("JKS"); + KeyStore ts = KeyStore.getInstance("JKS"); ts.load(null, null); if (trustedCerts != null && trustedCerts.length != 0) { diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java index fa6cccbcdcf..2af16124e8b 100644 --- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java @@ -176,6 +176,9 @@ protected void configureServerSocket(SSLServerSocket socket) { protected void doServerSide() throws Exception { // kick start the server side service SSLContext context = createServerSSLContext(); + if (context == null) { + return; + } SSLServerSocketFactory sslssf = context.getServerSocketFactory(); InetAddress serverAddress = this.serverAddress; SSLServerSocket sslServerSocket = serverAddress == null ? @@ -266,6 +269,9 @@ protected void doClientSide() throws Exception { } SSLContext context = createClientSSLContext(); + if (context == null) { + return; + } SSLSocketFactory sslsf = context.getSocketFactory(); try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) { diff --git a/test/jdk/javax/net/ssl/templates/TLSBase.java b/test/jdk/javax/net/ssl/templates/TLSBase.java index bcddb1147c8..38557a0550c 100644 --- a/test/jdk/javax/net/ssl/templates/TLSBase.java +++ b/test/jdk/javax/net/ssl/templates/TLSBase.java @@ -20,7 +20,6 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ - import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; @@ -72,6 +71,12 @@ abstract public class TLSBase { String trustFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + + if (NetSslUtils.isFIPS()) { + keyFilename = NetSslUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = NetSslUtils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/lib/jdk/test/lib/Utils.java b/test/lib/jdk/test/lib/Utils.java index f84ddab6d55..ef3c42d255c 100644 --- a/test/lib/jdk/test/lib/Utils.java +++ b/test/lib/jdk/test/lib/Utils.java @@ -59,6 +59,12 @@ import java.util.function.Function; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.security.KeyStore; +import java.security.Key; +import java.security.cert.Certificate; +import java.util.Enumeration; import static jdk.test.lib.Asserts.assertTrue; import jdk.test.lib.process.ProcessTools; @@ -148,6 +154,54 @@ public final class Utils { * Contains the seed value used for {@link java.util.Random} creation. */ public static final long SEED; + + public static final String isFIPS = System.getProperty("semeru.fips"); + public static boolean isFIPS() { + System.out.println("semeru.fips is: " + System.getProperty("semeru.fips")); + return Boolean.parseBoolean(isFIPS); + } + + public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile"); + public static String getFipsProfile() { + System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile")); + return FIPS_PROFILE; + } + + public static String revertJKSToPKCS12(String keyFilename, String passwd) { + String p12keyFilename = keyFilename + ".p12"; + try { + KeyStore jksKeystore = KeyStore.getInstance("JKS"); + try (FileInputStream fis = new FileInputStream(keyFilename)) { + jksKeystore.load(fis, passwd.toCharArray()); + } + + KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12"); + pkcs12Keystore.load(null, null); + + Enumeration aliasesKey = jksKeystore.aliases(); + while (aliasesKey.hasMoreElements()) { + String alias = aliasesKey.nextElement(); + if (jksKeystore.isKeyEntry(alias)) { + char[] keyPassword = passwd.toCharArray(); + Key key = jksKeystore.getKey(alias, keyPassword); + Certificate[] chain = jksKeystore.getCertificateChain(alias); + pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain); + } else if (jksKeystore.isCertificateEntry(alias)) { + Certificate cert = jksKeystore.getCertificate(alias); + pkcs12Keystore.setCertificateEntry(alias, cert); + } + } + + try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) { + pkcs12Keystore.store(fos, passwd.toCharArray()); + } + System.out.println("JKS keystore converted to PKCS12 successfully."); + } catch (Exception e) { + e.printStackTrace(); + } + return p12keyFilename; + } + static { var seed = Long.getLong(SEED_PROPERTY_NAME); if (seed != null) { diff --git a/test/lib/jdk/test/lib/security/SecurityUtils.java b/test/lib/jdk/test/lib/security/SecurityUtils.java index 319416a466c..cfd96bd6362 100644 --- a/test/lib/jdk/test/lib/security/SecurityUtils.java +++ b/test/lib/jdk/test/lib/security/SecurityUtils.java @@ -30,6 +30,7 @@ import java.util.List; import java.util.stream.Collectors; import java.util.stream.Stream; +import java.util.*; /** * Common library for various security test helper functions. @@ -126,4 +127,23 @@ private static boolean anyMatch(String value, List algs) { } private SecurityUtils() {} + + public static final List TLS_PROTOCOLS = new ArrayList<>(); + public static final Map TLS_CIPHERSUITES = new HashMap<>(); + + static { + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + + TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + } }