From 96285834b9bb658510243bc0829d369acae484a5 Mon Sep 17 00:00:00 2001
From: JinhangZhang <Jinhang.Zhang@ibm.com>
Date: Mon, 29 Jul 2024 01:08:04 -0400
Subject: [PATCH] u

---
 .../net/ssl/SSLSession/JSSERenegotiate.java   |  4 +++
 .../net/ssl/SSLSession/RenegotiateTLS13.java  |  5 +--
 .../ssl/SSLSession/ResumeTLS13withSNI.java    |  8 ++---
 .../ssl/ServerName/SSLSocketSNISensitive.java | 32 +++++++++++++++----
 test/jdk/javax/net/ssl/TLS/TestJSSE.java      |  2 +-
 .../SystemPropCipherSuitesOrder.java          | 15 ++++++---
 6 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
index b65c8206edd..0a92c3c475c 100644
--- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
+++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java
@@ -40,6 +40,7 @@
 import java.net.*;
 import java.security.Security;
 import javax.net.ssl.*;
+import java.security.KeyStore;
 
 import jdk.test.lib.Utils;
 import jdk.test.lib.security.SecurityUtils;
@@ -226,10 +227,13 @@ public static void main(String[] args) throws Exception {
         if (debug)
             System.setProperty("javax.net.debug", "all");
 
+        String keyStoreType = KeyStore.getDefaultType();
+        System.out.println("Default KeyStore type: " + keyStoreType);
         /*
          * Start the tests.
          */
         new JSSERenegotiate();
+        System.out.println(1/0);
     }
 
     Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
index aeaea5afb2d..48d8e448524 100644
--- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
+++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java
@@ -63,8 +63,6 @@ public class RenegotiateTLS13 {
     // Server done flag
     static boolean done = false;
 
-    static String keystoreType = System.getProperty("javax.net.ssl.keyStore");
-
     // Main server code
 
     void doServerSide() throws Exception {
@@ -148,7 +146,6 @@ public static void main(String[] args) throws Exception {
         if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
             keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
             trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
-            keystoreType = "PKCS12";
         }
 
         System.setProperty("javax.net.ssl.keyStore", keyFilename);
@@ -290,7 +287,7 @@ SSLContext initContext() throws Exception {
         System.out.println("Using TLS13");
         SSLContext sc = SSLContext.getInstance("TLSv1.3");
         KeyStore ks = KeyStore.getInstance(
-                new File(keystoreType),
+                new File(System.getProperty("javax.net.ssl.keyStore")),
                 passwd.toCharArray());
         KeyManagerFactory kmf = KeyManagerFactory.getInstance(
                 KeyManagerFactory.getDefaultAlgorithm());
diff --git a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
index 6bef0440702..8def6c86a17 100644
--- a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
+++ b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java
@@ -93,10 +93,10 @@ public static void main(String args[]) throws Exception {
             System.setProperty("javax.net.debug", "ssl:handshake");
         }
 
-        if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
-            keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
-            trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
-        }
+        // if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+        //     keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
+        //     trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
+        // }
 
         KeyManagerFactory kmf = makeKeyManagerFactory(keyFilename,
                 passphrase);
diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
index 7c0c44de57e..53f78719f9d 100644
--- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
+++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java
@@ -254,6 +254,8 @@ public class SSLSocketSNISensitive {
      */
     static boolean debug = false;
 
+    static String[] signatureAlgos = new String[5];
+
     /*
      * Define the server side of the test.
      *
@@ -366,7 +368,7 @@ private static void parseArguments(String[] args) {
         clientRequestedHostname = args[1];
     }
 
-    private static void printCert(String trustedCertStr) {
+    private static void printCert(String trustedCertStr, int index) {
         try {
             // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace
             String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "")
@@ -391,6 +393,7 @@ private static void printCert(String trustedCertStr) {
             System.out.println("Signature Algorithm: " + cert.getSigAlgName());
             System.out.println("Version: " + cert.getVersion());
 
+            signatureAlgos[index] = cert.getSigAlgName();
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -486,19 +489,34 @@ public static void main(String[] args) throws Exception {
         parseArguments(args);
 
         System.out.println("Now printing trustedCertStr==================");
-        printCert(trustedCertStr);
+        printCert(trustedCertStr, 0);
         System.out.println("Now printing targetCertStr_A==================");
-        printCert(targetCertStr_A);
+        printCert(targetCertStr_A, 1);
         System.out.println("Now printing targetCertStr_B==================");
-        printCert(targetCertStr_B);
+        printCert(targetCertStr_B, 2);
         System.out.println("Now printing targetCertStr_C==================");
-        printCert(targetCertStr_C);
+        printCert(targetCertStr_C, 3);
         System.out.println("Now printing targetCertStr_D==================");
-        printCert(targetCertStr_D);
+        printCert(targetCertStr_D, 4);
         /*
          * Start the tests.
          */
-        new SSLSocketSNISensitive();
+        try {
+            new SSLSocketSNISensitive();
+        } catch (Exception e) {
+            if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+                for (int i=0; i<signatureAlgos.length; i++) {
+                    if (signatureAlgos[i].contains("MD5") 
+                     && e instanceof javax.net.ssl.SSLHandshakeException
+                     && "no cipher suites in common".equals(e.getMessage())) {
+                        System.out.println("Expected exception msg: <no cipher suites in common> is caught.");
+                        return;
+                    }
+                }
+            }
+            e.printStackTrace();
+            return;
+        }
     }
 
     Thread clientThread = null;
diff --git a/test/jdk/javax/net/ssl/TLS/TestJSSE.java b/test/jdk/javax/net/ssl/TLS/TestJSSE.java
index 4af7557e206..f71fc7146da 100644
--- a/test/jdk/javax/net/ssl/TLS/TestJSSE.java
+++ b/test/jdk/javax/net/ssl/TLS/TestJSSE.java
@@ -111,7 +111,7 @@ public static void main(String... args) throws Exception {
             client(srv.getPort(), clnProtocol, cipher, args);
         } catch (Exception e) {
             if (isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
-                System.out.println("1");
+                System.out.println("111111111111111");
                 if ((protocolUsedInHandShake == null
                  || !TLS_CIPHERSUITES.containsKey(cipher)
                  || !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))
diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
index 24648673938..0642ccc943e 100644
--- a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
+++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java
@@ -78,8 +78,8 @@
 public class SystemPropCipherSuitesOrder extends SSLSocketTemplate {
 
     private final String protocol;
-    private static String[] servercipherSuites;
-    private static String[] clientcipherSuites;
+    private static String[] servercipherSuites = null;
+    private static String[] clientcipherSuites = null;
 
     public static void main(String[] args) {
 
@@ -106,8 +106,13 @@ public static void main(String[] args) {
                     }
                 }
             }
-            servercipherSuites = tmpServer.toArray(new String[0]);
-            clientcipherSuites = tmpClient.toArray(new String[0]);
+            if (tmpClient.size() != 0) {
+                clientcipherSuites = tmpClient.toArray(new String[0]);
+            }
+            if (tmpServer.size() != 0) {
+                servercipherSuites = tmpServer.toArray(new String[0]);
+            }
+            
         } else {
             servercipherSuites
                 = toArray(System.getProperty("jdk.tls.server.cipherSuites"));
@@ -129,7 +134,7 @@ private SystemPropCipherSuitesOrder(String protocol) {
         this.protocol = protocol;
         // Re-enable protocol if disabled.
         if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
-            if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS"))) {
+            if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
                 SecurityUtils.removeFromDisabledTlsAlgs(protocol);
             }
         }