diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java index b65c8206edd..4ce0281b82c 100644 --- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java +++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java @@ -225,7 +225,6 @@ public static void main(String[] args) throws Exception { if (debug) System.setProperty("javax.net.debug", "all"); - /* * Start the tests. */ diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java index aeaea5afb2d..48d8e448524 100644 --- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java +++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java @@ -63,8 +63,6 @@ public class RenegotiateTLS13 { // Server done flag static boolean done = false; - static String keystoreType = System.getProperty("javax.net.ssl.keyStore"); - // Main server code void doServerSide() throws Exception { @@ -148,7 +146,6 @@ public static void main(String[] args) throws Exception { if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); - keystoreType = "PKCS12"; } System.setProperty("javax.net.ssl.keyStore", keyFilename); @@ -290,7 +287,7 @@ SSLContext initContext() throws Exception { System.out.println("Using TLS13"); SSLContext sc = SSLContext.getInstance("TLSv1.3"); KeyStore ks = KeyStore.getInstance( - new File(keystoreType), + new File(System.getProperty("javax.net.ssl.keyStore")), passwd.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); diff --git a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java index 6bef0440702..8def6c86a17 100644 --- a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java +++ b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java @@ -93,10 +93,10 @@ public static void main(String args[]) throws Exception { System.setProperty("javax.net.debug", "ssl:handshake"); } - if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase"); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase"); - } + // if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + // keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase"); + // trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase"); + // } KeyManagerFactory kmf = makeKeyManagerFactory(keyFilename, passphrase); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java index 7c0c44de57e..53f78719f9d 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java @@ -254,6 +254,8 @@ public class SSLSocketSNISensitive { */ static boolean debug = false; + static String[] signatureAlgos = new String[5]; + /* * Define the server side of the test. * @@ -366,7 +368,7 @@ private static void parseArguments(String[] args) { clientRequestedHostname = args[1]; } - private static void printCert(String trustedCertStr) { + private static void printCert(String trustedCertStr, int index) { try { // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "") @@ -391,6 +393,7 @@ private static void printCert(String trustedCertStr) { System.out.println("Signature Algorithm: " + cert.getSigAlgName()); System.out.println("Version: " + cert.getVersion()); + signatureAlgos[index] = cert.getSigAlgName(); } catch (Exception e) { e.printStackTrace(); } @@ -486,19 +489,34 @@ public static void main(String[] args) throws Exception { parseArguments(args); System.out.println("Now printing trustedCertStr=================="); - printCert(trustedCertStr); + printCert(trustedCertStr, 0); System.out.println("Now printing targetCertStr_A=================="); - printCert(targetCertStr_A); + printCert(targetCertStr_A, 1); System.out.println("Now printing targetCertStr_B=================="); - printCert(targetCertStr_B); + printCert(targetCertStr_B, 2); System.out.println("Now printing targetCertStr_C=================="); - printCert(targetCertStr_C); + printCert(targetCertStr_C, 3); System.out.println("Now printing targetCertStr_D=================="); - printCert(targetCertStr_D); + printCert(targetCertStr_D, 4); /* * Start the tests. */ - new SSLSocketSNISensitive(); + try { + new SSLSocketSNISensitive(); + } catch (Exception e) { + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + for (int i=0; i is caught."); + return; + } + } + } + e.printStackTrace(); + return; + } } Thread clientThread = null; diff --git a/test/jdk/javax/net/ssl/TLS/TestJSSE.java b/test/jdk/javax/net/ssl/TLS/TestJSSE.java index 4af7557e206..f71fc7146da 100644 --- a/test/jdk/javax/net/ssl/TLS/TestJSSE.java +++ b/test/jdk/javax/net/ssl/TLS/TestJSSE.java @@ -111,7 +111,7 @@ public static void main(String... args) throws Exception { client(srv.getPort(), clnProtocol, cipher, args); } catch (Exception e) { if (isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { - System.out.println("1"); + System.out.println("111111111111111"); if ((protocolUsedInHandShake == null || !TLS_CIPHERSUITES.containsKey(cipher) || !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake)) diff --git a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java index 118b6320ca6..5853f5f380a 100644 --- a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java +++ b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java @@ -177,6 +177,7 @@ private static void checkClientHello(ByteBuffer data, int ver_major = Byte.toUnsignedInt(data.get()); int ver_minor = Byte.toUnsignedInt(data.get()); int recLen = Short.toUnsignedInt(data.getShort()); + System.out.println("TLS record header length: " + recLen); // Simple sanity checks if (type != 22) { @@ -191,6 +192,7 @@ private static void checkClientHello(ByteBuffer data, int msgHdr = data.getInt(); int msgType = (msgHdr >> 24) & 0x000000FF; int msgLen = msgHdr & 0x00FFFFFF; + System.out.println("handshake message header length: " + msgLen); // More simple sanity checks if (msgType != 1) { @@ -203,18 +205,21 @@ private static void checkClientHello(ByteBuffer data, // Jump past the session ID (if there is one) int sessLen = Byte.toUnsignedInt(data.get()); if (sessLen != 0) { + System.out.println("session ID is not null, length is: " + sessLen); data.position(data.position() + sessLen); } // Jump past the cipher suites int csLen = Short.toUnsignedInt(data.getShort()); if (csLen != 0) { + System.out.println("cipher suites ID is not null, length is: " + csLen); data.position(data.position() + csLen); } // ...and the compression int compLen = Byte.toUnsignedInt(data.get()); if (compLen != 0) { + System.out.println("compression is not null, length is: " + compLen); data.position(data.position() + compLen); } @@ -224,6 +229,7 @@ private static void checkClientHello(ByteBuffer data, boolean foundSupVer = false; boolean foundKeyShare = false; int extsLen = Short.toUnsignedInt(data.getShort()); + System.out.println("extsLen is: " + extsLen); List supGrpList = new ArrayList<>(); List chKeyShares = new ArrayList<>(); while (data.hasRemaining()) { diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java index 24648673938..0642ccc943e 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java @@ -78,8 +78,8 @@ public class SystemPropCipherSuitesOrder extends SSLSocketTemplate { private final String protocol; - private static String[] servercipherSuites; - private static String[] clientcipherSuites; + private static String[] servercipherSuites = null; + private static String[] clientcipherSuites = null; public static void main(String[] args) { @@ -106,8 +106,13 @@ public static void main(String[] args) { } } } - servercipherSuites = tmpServer.toArray(new String[0]); - clientcipherSuites = tmpClient.toArray(new String[0]); + if (tmpClient.size() != 0) { + clientcipherSuites = tmpClient.toArray(new String[0]); + } + if (tmpServer.size() != 0) { + servercipherSuites = tmpServer.toArray(new String[0]); + } + } else { servercipherSuites = toArray(System.getProperty("jdk.tls.server.cipherSuites")); @@ -129,7 +134,7 @@ private SystemPropCipherSuitesOrder(String protocol) { this.protocol = protocol; // Re-enable protocol if disabled. if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { - if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS"))) { + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { SecurityUtils.removeFromDisabledTlsAlgs(protocol); } }