check the sslcontext

test/jdk/javax/net/ssl/DTLS/CipherSuite.java

@@ -52,6 +52,9 @@
 import javax.net.ssl.SSLEngine;
 import java.security.Security;
 
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
 /**
  * Test common DTLS cipher suites.
  */
@@ -61,14 +64,30 @@ public class CipherSuite extends DTLSOverDatagram {
     volatile static String cipherSuite;
 
     public static void main(String[] args) throws Exception {
-        if (args.length > 1 && "re-enable".equals(args[1])) {
+        if (args.length > 1 && "re-enable".equals(args[1]) 
+        && !(Utils.isFIPS() 
+        && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
             Security.setProperty("jdk.tls.disabledAlgorithms", "");
         }
 
         cipherSuite = args[0];
 
         CipherSuite testCase = new CipherSuite();
-        testCase.runTest(testCase);
+        try {
+            testCase.runTest(testCase);
+        } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+            if ((Utils.isFIPS() 
+            && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
+            && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+                if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+                    System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+                    return;
+                }
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+            return;
+        }
     }
 
     @Override
@@ -81,4 +100,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception {
 
         return engine;
     }
-}
+}

test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java

@@ -48,6 +48,9 @@
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
 
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
 /**
  * Testing DTLS engines handshake using each of the supported cipher suites with
  * replicated packets check.
@@ -59,7 +62,9 @@ public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase {
     public static void main(String[] args) {
         DTLSHandshakeWithReplicatedPacketsTest test
                 = new DTLSHandshakeWithReplicatedPacketsTest();
-        setUpAndStartKDCIfNeeded();
+        if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+            setUpAndStartKDCIfNeeded();
+        }
         test.runTests();
     }
 

test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java

@@ -53,6 +53,9 @@
 import java.util.Random;
 import jdk.test.lib.RandomFactory;
 
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
 /**
  * Testing DTLS incorrect app data packages unwrapping. Incorrect application
  * data packages should be ignored by DTLS SSLEngine.
@@ -63,7 +66,9 @@ public class DTLSIncorrectAppDataTest extends SSLEngineTestCase {
 
     public static void main(String[] s) {
         DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest();
-        setUpAndStartKDCIfNeeded();
+        if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+                setUpAndStartKDCIfNeeded();
+        }
         test.runTests();
     }
 

test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java

@@ -46,6 +46,7 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import jdk.test.lib.hexdump.HexPrinter;
+import jdk.test.lib.Utils;
 
 /**
  * An example to show the way to use SSLEngine in datagram connections.
@@ -63,10 +64,10 @@ public class DTLSOverDatagram {
     private static final String KEY_STORE_FILE = "keystore";
     private static final String TRUST_STORE_FILE = "truststore";
 
-    private static final String KEY_FILENAME =
+    private static String KEY_FILENAME =
             System.getProperty("test.src", ".") + "/" + PATH_TO_STORES +
                 "/" + KEY_STORE_FILE;
-    private static final String TRUST_FILENAME =
+    private static String TRUST_FILENAME =
             System.getProperty("test.src", ".") + "/" + PATH_TO_STORES +
                 "/" + TRUST_STORE_FILE;
 
@@ -505,11 +506,12 @@ boolean onReceiveTimeout(SSLEngine engine, SocketAddress socketAddr,
     // get DTSL context
     SSLContext getDTLSContext() throws Exception {
         String passphrase = "passphrase";
+        String protocol = "DTLS";
         return SSLContextBuilder.builder()
                 .trustStore(KeyStoreUtils.loadKeyStore(TRUST_FILENAME, passphrase))
                 .keyStore(KeyStoreUtils.loadKeyStore(KEY_FILENAME, passphrase))
                 .kmfPassphrase(passphrase)
-                .protocol("DTLS")
+                .protocol(protocol)
                 .build();
     }
 

test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java

@@ -55,6 +55,9 @@
 import java.util.Random;
 import jdk.test.lib.RandomFactory;
 
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
 /**
  * Testing DTLS records sequence number property support in application data
  * exchange.
@@ -69,7 +72,9 @@ public class DTLSSequenceNumberTest extends SSLEngineTestCase {
 
     public static void main(String[] args) {
         DTLSSequenceNumberTest test = new DTLSSequenceNumberTest();
-        setUpAndStartKDCIfNeeded();
+        if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+            setUpAndStartKDCIfNeeded();
+        }
         test.runTests();
     }
 

test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java

@@ -21,6 +21,7 @@
  * questions.
  */
 
+import jdk.test.lib.Utils;
 import jdk.test.lib.security.SecurityUtils;
 
 import javax.net.ssl.*;
@@ -49,7 +50,10 @@ public class DTLSWontNegotiateV10 {
     private static final String DTLSV_1_2 = "DTLSv1.2";
 
     public static void main(String[] args) throws Exception {
-        if (args[0].equals(DTLSV_1_0)) {
+
+        if (args[0].equals(DTLSV_1_0) 
+        && !(Utils.isFIPS() 
+        && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
             SecurityUtils.removeFromDisabledTlsAlgs(DTLSV_1_0);
         }
 
@@ -77,6 +81,18 @@ public static void main(String[] args) throws Exception {
                 server.run();
                 p.destroy();
                 System.out.println("Success: DTLSv1.0 connection was not established.");
+            } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+                if ((Utils.isFIPS() 
+                && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
+                && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+                    if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+                        System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+                        return;
+                    }
+                }
+            } catch (Exception e) {
+                e.printStackTrace();
+                return;
             }
         }
     }

test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java

@@ -41,6 +41,9 @@
 import javax.net.ssl.SSLEngine;
 import java.security.Security;
 
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
 /**
  * Test common DTLS weak cipher suites.
  */
@@ -52,13 +55,29 @@ public class WeakCipherSuite extends DTLSOverDatagram {
     public static void main(String[] args) throws Exception {
         // reset security properties to make sure that the algorithms
         // and keys used in this test are not disabled.
-        Security.setProperty("jdk.tls.disabledAlgorithms", "");
-        Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+        if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+            Security.setProperty("jdk.tls.disabledAlgorithms", "");
+            Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+        }
 
         cipherSuite = args[0];
 
         WeakCipherSuite testCase = new WeakCipherSuite();
-        testCase.runTest(testCase);
+        try {
+            testCase.runTest(testCase);
+        } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+            if ((Utils.isFIPS() 
+            && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
+            && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
+                if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+                    System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+                    return;
+                }
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+            return;
+        }
     }
 
     @Override
@@ -68,4 +87,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception {
 
         return engine;
     }
-}
+}

test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @summary Test flags used for FIPS 140-2 and FIPS 140-3
+ * @run main/othervm
+ *          -Dsemeru.fips=true
+ *          TestFIPS true 140-2
+ * @run main/othervm
+ *          -Dsemeru.fips=true
+ *          -Dsemeru.comstomprofile=OpenJCEPlusFIPS.FIPS140-3
+ *          TestFIPS true 140-3
+ * @run main/othervm
+ *          -Dsemeru.fips=true
+ *          -Dsemeru.comstomprofile=OpenJCEPlusFIPS
+ *          TestFIPS true 140-3
+ * @run main/othervm
+ *          TestFIPS false
+ */

test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+public class TestFIPS {
+
+    private static final String FIPSFlag = System.getProperty("semeru.fips");
+    private static final String PROFILE = System.getProperty("semeru.customprofile");
+
+    public static void main(String[] args) throws Exception {
+        if (FIPSFlag == null) {
+            if (args.length == 1 && args[0].equals("false")) {
+                System.out.println("PASS");
+            } else {
+                throw new FIPSException("FIPS is not enabled");
+            }
+            return;
+        }
+
+        if (FIPSFlag.equals(args[0])) {
+            System.out.println("com.ibm.fips.mode is: " + System.getProperty("com.ibm.fips.mode"));
+            if (PROFILE.equals(args[1])) {
+                System.out.println("PASS");
+            } else {
+                throw new FIPSException("FIPS profile does not match");
+            }
+        }
+    }
+
+    public static class FIPSException extends Exception {
+        public FIPSException(String message) {
+            super(message);
+        }
+    }
+}

test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java

@@ -26,6 +26,7 @@
  * @bug 4387882
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes.
+ * @library /test/lib
  * @run main/othervm ImplicitHandshake
  *
  *     SunJSSE does not support dynamic system properties, no way to re-use
@@ -37,6 +38,9 @@
 import java.net.*;
 import javax.net.ssl.*;
 
+import jdk.test.lib.Utils;
+import jdk.test.lib.security.SecurityUtils;
+
 public class ImplicitHandshake {
 
     /*
@@ -191,6 +195,10 @@ public static void main(String[] args) throws Exception {
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + trustStoreFile;
 
+        if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+            keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
+            trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
+        }
         System.setProperty("javax.net.ssl.keyStore", keyFilename);
         System.setProperty("javax.net.ssl.keyStorePassword", passwd);
         System.setProperty("javax.net.ssl.trustStore", trustFilename);