diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java index cd74949cbb5..5e4f6f1e03d 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java @@ -909,9 +909,13 @@ private static final class DefaultManagersHolder { Exception reserved = null; TrustManager[] tmMediator = null; try { + System.out.println("start getTrustManagers in DefaultManagersHolder."); tmMediator = getTrustManagers(); } catch (Exception e) { + System.out.println("start getTrustManagers in DefaultManagersHolder but failed"); reserved = e; + System.out.println("Exception message is: "); + reserved.printStackTrace(); if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) { SSLLogger.warning( "Failed to load default trust managers", e); @@ -920,6 +924,7 @@ private static final class DefaultManagersHolder { KeyManager[] kmMediator = null; if (reserved == null) { + System.out.println("reserved is null"); try { kmMediator = getKeyManagers(); } catch (Exception e) { @@ -932,6 +937,7 @@ private static final class DefaultManagersHolder { } if (reserved != null) { + System.out.println("reserved is not null"); trustManagers = new TrustManager[0]; keyManagers = new KeyManager[0]; @@ -951,14 +957,17 @@ private static final class DefaultManagersHolder { private static TrustManager[] getTrustManagers() throws Exception { TrustManagerFactory tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); + System.out.println("The TrustManagerFactory provider is: " + tmf.getProvider().getName()); if ("SunJSSE".equals(tmf.getProvider().getName())) { // The implementation will load the default KeyStore // automatically. Cached trust materials may be used // for performance improvement. + System.out.println("It's SunJSSE."); tmf.init((KeyStore)null); } else { // Use the explicitly specified KeyStore for third party's // TrustManagerFactory implementation. + System.out.println("It's not SunJSSE."); KeyStore ks = TrustStoreManager.getTrustedKeyStore(); tmf.init(ks); } diff --git a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt index 716960491fa..46c9edc2653 100644 --- a/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt +++ b/test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt @@ -16,917 +16,4 @@ # # You should have received a copy of the GNU General Public License version # 2 along with this work; if not, see . -# =========================================================================== - -# -# Exclude tests list from sanity.openjdk -# -com/sun/crypto/provider/CICO/CICODESFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/CICO/CICOSkipTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/CICO/PBEFunc/CICOPBEFuncTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/Encrypt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/GCMLargeDataKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/KeyWrapper.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/ReadWriteSkip.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/SameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/SealedObjectTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AEAD/WrongAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/CICO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/CTR.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4511676.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4512524.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4512704.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4513830.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4517355.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/Test4626070.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithProviderChange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestAESCiphers/TestAESWithRemoveAddProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestCICOWithGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestCopySafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestISO10126Padding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForECB_IV.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForECB_VK.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForECB_VT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestNoPaddingModes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestNonexpanding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestSameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/AES/TestShortBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/Blowfish/BlowfishTestVector.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/CTR/CounterMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/CTS/CTSMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20KeyGeneratorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20NoReuse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20Poly1305ParamTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/OutputSizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20Poly1305ParametersUnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DESKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DESSecretKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DesAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/DoFinalReturnLen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/FlushBug.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/KeyWrapping.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/Sealtest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/TestCipherDES.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/TestCipherDESede.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/DES/TextPKCS5PaddingTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/JCE/Bugs/4686632/Empty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/TestGeneral.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/TestKeySizeCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/CheckPBEKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/DecryptWithoutParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/NegativeLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEKeyCleanupTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBES2Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBESameBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBMacBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PBMacDoFinalVsUpdate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PKCS12CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RC2ArcFour/CipherKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEPPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestOAEP_KAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/RSA/TestRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/TextLength/SameBufferOverwrite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/TextLength/TestCipherTextLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/UTIL/StrongOrUnlimited.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Cipher/UTIL/SunJCEGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHGenSharedSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyAgreement3.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyAgreementPadding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/DHKeyGenSpeed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/TestExponentSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyFactory/PBKDF2HmacSHA1FactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyFactory/TestProviderLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyGenerator/Test4628062.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/DigestCloneabilityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/EmptyByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacPBESHA1.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacSHA512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/HmacSaltLengths.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/LargeByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/MacClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/MacKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/MacSameTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/Mac/NullByteBufferTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/NSASuiteB/TestAESOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestKeyMaterial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestLeadingZeroes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestMasterSecret.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestPRF.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestPRF12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/crypto/provider/TLS/TestPremaster.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/org/apache/xml/internal/security/ShortECDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/org/apache/xml/internal/security/SignatureKeyInfo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/org/apache/xml/internal/security/TruncateHMAC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/Class/GetPackageBootLoaderChildLayer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/SecurityManager/CheckSecurityProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/reflect/records/IsRecordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/reflect/records/RecordPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/reflect/records/RecordReflectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/lang/runtime/ObjectMethodsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/math/BigInteger/ModPow65537.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/KeyAgreementTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/KeySpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyAgreement/NegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyFactory/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyFactory/GenerateRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyFactory/KeyFactoryGetKeySpecForInvalidSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyPairGenerator/Failover.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyPairGenerator/GenerateKeypair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyPairGenerator/GenerateRSAKeyPair.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyRep/Serial.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyRep/SerialDSAPubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyRep/SerialOld.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/CheckInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/EntryMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/KeyStoreBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/OneProbeOneNot.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PBETest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/ConvertP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/EntryProtectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/MetadataEmptyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/MetadataStoreLoadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/ReadP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/StoreTrustedCertAPITest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/StoreTrustedCertKeytool.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/PKCS12/WriteP12Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/ProbeKeystores.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/TestKeyStoreBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/KeyStore/TestKeyStoreEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/MessageDigest/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/MessageDigest/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/MessageDigest/TestDigestIOStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Policy/GetInstance/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Policy/SignedJar/SignedJarTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/ChangeProviders.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/DefaultProviderList.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/NewInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/SecurityProviderModularTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/SupportsParameter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Provider/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureClassLoader/DefineClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/ApiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/DefaultAlgo.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/DefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/EnoughSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/GetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/GetInstanceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/MultiThreadTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/NoSync.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/Serialize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/SerializedSeedTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SecureRandom/ThreadSafe.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/CaseInsensitiveAlgNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/ClassLoaderDeadlock/Deadlock.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/removing/RemoveProviderByIdentity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Security/signedfirst/DynStatic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/NONEwithRSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/ResetAfterException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignWithOutputBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignatureGetAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignatureGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/SignatureLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/TestCloneable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/TestInitSignWithMyOwnRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/Signature/VerifyRangeCheckOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SignedObject/Chain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SignedObject/Copy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/SignedObject/Correctness.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/selfIssued/KeyUsageMatters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/selfIssued/StatusLoopDependency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/targetConstraints/BuildEEBasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathBuilder/zeroLengthPath/ZeroLengthPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/OCSP/AIACheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/OCSP/GetAndPostTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLOneLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevel.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/indirectCRL/CircularCRLTwoLevelRevoked.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/PKIXRevocationChecker/OcspUnauthorized.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/PKIXRevocationChecker/UnitTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/PolicyNode/GetPolicyQualifiers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/X509CRL/VerifyDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/X509Certificate/GetSigAlgParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/cert/pkix/policyChanges/TestPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/misc/TestDefaultRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/security/spec/PKCS8EncodedKeySpec/Algorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/concurrent/tck/JSR166TestCase.java#others https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/SignedJarFileGetInputStream.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/SignedJarPendingBlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/TurkCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/VerifySignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarInputStream/ExtraFileInMetaInf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarInputStream/ScanSignedJar.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/CipherInputStreamExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/GetMaxAllowed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/InOutBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/TestCipherMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Cipher/Turkish.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CipherSpi/DirectBBRemaining.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/AllPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/LowercasePermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/RC2PermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/RC4AliasPermCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CryptoPermission/RSANoLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetAlgName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/JceSecurity/SunJCE_BC_LoadOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/JceSecurity/VerificationResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/KeyGenerator/CompareKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/KeyGenerator/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Mac/ByteBuffers.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/Mac/TestGetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SealedObject/NullKeySealedObject.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/PBKDF2TranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/SecKFTranslateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/SecKeyFacSunJCEPrf.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/SecretKeyFactory/TestFailOver.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/spec/DESKeySpec/CheckParity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/spec/RC2ParameterSpec/RC2AlgorithmParameters.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/kerberos/StandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/BadXPointer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/ErrorHandlerPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/FileSocketPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/GenerationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/GetInstanceTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/HereFunction.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/PSSSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/SecureValidation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/SecurityManager/XMLDSigWithSecMgr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/TransformService/NullParent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/ValidationTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/xml/crypto/dsig/keyinfo/KeyInfo/Marshal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/reflect/ReflectionFactory/ReflectionFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jgss/GssMemoryIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jgss/spnego/MSOID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jgss/spnego/NotPreferredMech.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/KrbCredSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/RFC396xTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ServiceCredsCombination.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AcceptPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AcceptorSubKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Addresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AddressesAndNameType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/AlwaysEncPaReq.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Basic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/BasicKrb5Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/BasicProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/BogusKDC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/CleanState.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/CrossRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DiffNameSameKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DiffSaltParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DupEtypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/DynamicKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ForwardableCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Forwarded.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/GSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/GSSUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/HttpNegotiateServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/HttpsCB.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/IgnoreChannelBinding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KPEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KdcPolicy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KeyPermissions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KeyTabCompat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KrbTicket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/KvnoNA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LifeTimeInSeconds.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LoginModuleOptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LoginNoPass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/LongLife.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/MSOID2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ModuleName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/MoreKvno.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NewInquireTypes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NewSalt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NoAddresses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NoInitNoKeytab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NonMutualSpnego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NoneReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/NullRenewUntil.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/OkAsDelegate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/OkAsDelegateXRealm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/OnlyDesLogin.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/PrincipalNameEquals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/RRC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReferralsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/RefreshKrb5Config.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Renew.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Renewal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReplayCacheTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReplayCacheTestProc.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/ReplayCacheTestProcWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2proxy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2proxyGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2self.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2selfAsServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2selfAsServerGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/S4U2selfGSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SPNEGO.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SaslBasic.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SaslMutual.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SaslUnbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SpnegoLifeTime.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/SpnegoReqFlags.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Test5653.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TicketSName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TwoOrThree.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TwoPrinces.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/TwoTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/Unavailable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/UnboundService.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/UseCacheAndStoreKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/W83.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/auto/principalProperty/PrincipalSystemPropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/etype/KerberosAesSha2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/etype/WeakCrypto.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ktab/BufferBoundary.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ktab/FileKeyTab.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/ktab/KeyTabIndex.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/krb5/runNameEquals.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/crypto/CipherSpi/ResetByteBuffer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-s390x -# -# Extended.openjdk Failures Exclude List for FIPS Testing -# -com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/jndi/ldap/LdapCBPropertiesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/jndi/ldap/LdapSSLHandshakeFailureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/auth/module/KeyStoreLoginModule/ReadOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/Cram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthNoUtf8.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthRealmChoices.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/AuthRealms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/CheckNegotiatedQOPs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/HasInitialResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/Integrity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/NoQuoteParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/Privacy.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/PrivacyRc4.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/digest/Unbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/ntlm/Conformance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -com/sun/security/sasl/ntlm/NTLMTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/File/createTempFile/SecurityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/AbsentStreamValuesTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/BasicRecordSer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ConstructorAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ConstructorPermissionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/CycleTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/DifferentStreamFieldsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ReadResolveTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/RecordClassTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/SerialVersionUIDTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/ThrowingConstructorTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/records/WriteReplaceTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/serialFilter/FilterWithSecurityManagerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/serialFilter/GlobalFilterTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/io/Serializable/serialFilter/SerialFilterFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/nio/channels/unixdomain/Security.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/nio/file/spi/SetDefaultProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/dgc/VMID/CheckVMID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/dgc/dgcImplInsulation/DGCImplInsulation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/registry/altSecurityManager/AltSecurityManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/registry/classPathCodebase/ClassPathCodebase.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/registry/readTest/CodebaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMIClassLoader/downloadArrayClass/DownloadArrayClass.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMIClassLoader/loadProxyClasses/LoadProxyClasses.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMIClassLoader/useCodebaseOnly/UseCodebaseOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMISocketFactory/useSocketFactory/registry/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/RMISocketFactory/useSocketFactory/unicast/UseCustomSocketFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/clientStackTrace/ClientStackTrace.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/server/useCustomRef/UseCustomRef.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -java/rmi/transport/dgcDeadLock/DGCDeadLock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/imageio/CachePremissionsTest/CachePermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ALPN/SSLEngineAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ALPN/SSLServerSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ALPN/SSLSocketAlpnTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/CipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSBufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSOverDatagram.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSSequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/DTLSWontNegotiateV10.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/InvalidCookie.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/InvalidRecords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/NoMacInitialClientHello.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/PacketLossRetransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/Reordered.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/RespondToRetransmit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/Retransmission.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLS/WeakCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10BufferOverflowUnderflowTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10DataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10EnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10HandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10HandshakeWithReplicatedPacketsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10IncorrectAppDataTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10MFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10NotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10RehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10RehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10SequenceNumberTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/DTLSv10/DTLSv10UnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/ImplicitHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/KMTMGetNothing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/SSLSessionNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/FixingJavadocs/SSLSocketInherit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/DummyCacheResponse.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/Equals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/GetResponseCode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/HttpsURLConnection/HttpsSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/AcceptLargeFragments.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ArgCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/Arrays.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/Basics.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/CheckTlsEngineResults.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ConnectionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/EngineCloseOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ExtendedKeyEngine.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/ExtendedKeySocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/FinishedPresent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/LargeBufs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/NoAuthClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLEngine/TestAllSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/CheckSessionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/JSSERenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/RenegotiateTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/ResumeTLS13withSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/SessionCacheSizeTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/SessionTimeOutTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSession/TestEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/ClientExcOnAlert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/InputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/OutputStreamClosure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/SSLSocket/Tls13PacketSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/EndingDotHostname.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLEngineExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLEngineExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketConsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerFailure.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerUnmatchedSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketInconsistentSNI.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/SSLSocketSNISensitive.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/HttpsUrlConnClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/SSLEngineWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/SSLSocketWithStapling.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/Stapling/StapleEnableProps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSClientPropertyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSEClientDefaultProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSEClientProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSENoCommonProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLS/TestJSSEServerProtocol.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/TLSTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/TLSWithEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv1/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/ExportableBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/ExportableStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/GenericBlockCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/GenericStreamCipher.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSDataExchangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -javax/net/ssl/TLSv11/TLSHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSMFLNTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSNotEnabledRC4Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSRehandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSRehandshakeWithCipherChangeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv11/TLSUnsupportedCiphersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/DisabledShortDSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/DisabledShortRSAKeys.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/ProtocolFilter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/ShortRSAKey512.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/ShortRSAKeyGCM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/SignatureAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv12/TLSEnginesClosureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv13/ClientHelloKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv13/EngineOutOfSeqCCS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/TLSv13/HRRKeyShares.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ciphersuites/DisabledAlgorithms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ciphersuites/ECCurvesconstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/compatibility/ClientHelloProcessing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/finalize/SSLSessionFinalizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/interop/ClientHelloBufferUnderflowException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/interop/ClientHelloChromeInterOp.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/CacertsExplorer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/CipherSuitesInOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/templates/SSLEngineTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/templates/SSLSocketTemplate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/rmi/ssl/SSLSocketParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/rmi/ssl/SocketFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/Destroyable/KeyDestructionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/PrivateCredentialPermission/MoreThenOnePrincipals.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/auth/login/Configuration/GetInstance.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/sasl/Sasl/ClientServerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/security/sasl/Sasl/DisabledMechanisms.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/smartcardio/TerminalFactorySpiTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/dynalink/BeanLinkerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/dynalink/TrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/dynalink/UntrustedDynamicLinkerFactoryTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/DirectoryStreamTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/InvalidZipHeaderTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/NewFileSystemTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/PropertyPermissionTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/TestPosix.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/ZFSTests.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/nio/zipfs/ZipFSPermissionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/Function.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/Properties.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/jarsigner/Spec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/logging/TestSecurityPropertyModificationLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -jdk/security/logging/TestTLSHandshakeLog.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/rmi/server/MarshalOutputStream/marshalForeignStub/MarshalForeignStub.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/rmi/transport/tcp/disableMultiplexing/DisableMultiplexing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/InvalidCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/SignatureDigestTruncate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/SignatureKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/TestEC.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ec/ed/EdCRLSign.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAKeySize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSANegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAParamSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSAReuseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdDSATest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/EdECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/TestEdDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/ed/TestEdOps.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/xec/TestXDH.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ec/xec/XECKeyFormat.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jca/PreferredProviderNegativeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/jca/PreferredProviderTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/lib/CheckBlockedCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs7/PKCS7VerifyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs7/SignerOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs8/PKCS8Test.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs/pkcs8/TestLeadingZeros.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs11/KeyStore/ClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs11/Provider/Absolute.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/Bug6415637.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/EmptyPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/KeytoolOpensslInteropTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/P12SecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/PBES2Encoding.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/PKCS12SameKeyId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/ProbeBER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/ProbeLargeKeystore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/SameDN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/StorePasswordTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/StoreSecretKeyTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/StoreTrustedCertTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/pkcs12/WrongPBES2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/SupportedDSAParamGen.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/SupportedDSAParamGenLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestAlgParameterGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestDSA.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestDSA2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/DSA/TestMaxLengthDER.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/CaseSensitiveAliases.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/TestJKSWithSecretKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/WrongPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/KeyStore/WrongStoreType.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/MessageDigest/DigestKAT.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/MessageDigest/Offsets.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/MessageDigest/TestSHAClone.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestDSAGenParameterSpecLongKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestSHAOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/Alias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/AliasExpansion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/TokenStore.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/PolicyFile/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/AbstractDrbg/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/AutoReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/CommonSeeder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/DRBGAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/SHA1PRNGReseed.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/StrongSecureRandom.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SecureRandom/StrongSeedReader.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/SeedGenerator/SeedGeneratorChoice.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/X509Factory/BadPem.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/X509Factory/BigCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPBuilderWithMD5.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/provider/certpath/OCSP/OCSPNoContentLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/BrokenRSAPrivateCrtKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/KeySizeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/PrivateKeyEqualityTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/SignatureTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/SignedObjectChain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/SpecTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestCACerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyFactory.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGenerator.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGeneratorExponent.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGeneratorInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestKeyPairGeneratorLength.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestRSAOidSupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestSigGen15.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/TestSignatures.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/WithoutNULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/InitAgain.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/PSSKeyCompatibility.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/PSSParametersTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/SerializedPSSKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/SignatureTest2.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/SignatureTestPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/TestPSSKeySupport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/rsa/pss/TestSigGenPSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ALPN/AlpnGreaseTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/ReadBlocksClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/ReadHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/ReadZeroBytes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppInputStream/RemoveMarkReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/AppOutputStream/NoExceptionOnClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CertPathRestrictions/TLSRestrictions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/DisabledCurve.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ssl/CipherSuite/LegacyConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ssl/CipherSuite/RestrictNamedGroup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/RestrictSignatureScheme.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/SSL_NULL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/CipherSuite/SupportedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/ssl/ClientHandshaker/CipherSuiteOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ClientHandshaker/LengthCheckTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ClientHandshaker/RSAExport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/DHKeyExchange/DHEKeySizing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/GenSSLConfigs/main.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/HandshakeHash/HandshakeHashCloneExhaustion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/HandshakeOutStream/NullCerts.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/InputRecord/ClientHelloRead.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/InputRecord/SSLSocketTimeoutNulls.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ProtocolVersion/HttpsProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedCipherSuites.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/CustomizedServerDefaultProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/DefaultCipherSuitePreference.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/DefaultEnabledProtocols.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/GoodProvider.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/IllegalProtocolProperty.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/MultipleChooseAlias.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/NoOldVersionContext.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/SSLContextDefault.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/SSLContextVersion.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLContextImpl/TrustTrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/CloseEngineException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/CloseStart.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/DelegatedTaskWrongException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/EmptyExtensionData.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineFailedALPN.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLEngineImpl/TLS13BeginHandshake.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLLogger/LoggingFormatConsistency.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionContextImpl/DefautlCacheSize.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionContextImpl/Timeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/HashCodeMissing.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/InvalidateSession.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksClient.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksClientStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumeChecksServerStateless.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSessionImpl/ResumptionUpdateBoundValues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/AsyncSSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ClientModeClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ClientTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/CloseSocket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/CloseSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/DisableExtensions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/IgnorableExceptionMessages.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/LargePacketAfterHandshakeTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/NewSocketMethods.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/NoImpactServerRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/RejectClientRenego.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ReuseAddr.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ReverseNameLookup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketBruceForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketBruteForceClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketClose.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketReset.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketSSLEngineCloseInbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SSLSocketShouldThrowSocketException.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ServerRenegoWithTwoVersions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/ServerTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SetSoTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/SocketExceptionForSocketIssues.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ServerHandshaker/GetPeerHost.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/ServerHandshaker/HelloExtensionsTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS13.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/SigSchemePropOrdering.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SignatureScheme/Tls13NamedGroups.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/SocketCreation/SocketCreation.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/Stapling/StatusResponseManager.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509KeyManager/CertificateAuthorities.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509KeyManager/PreferredKey.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509KeyManager/SelectOneKeyOutOfMany.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/BasicConstraints.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/BasicConstraints12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/CacertsLimit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/CertRequestOverflow.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/ComodoHacker.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/PKIXExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/SelfIssuedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/TooManyCAs.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/internal/TestRun.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/ssl/spi/ProviderInit.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/DefaultSigalg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/EntriesOrder.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/JarSigningNonAscii.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/LargeJarEntry.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/PreserveRawManifestEntryAndDigest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x -sun/security/tools/jarsigner/Test4431684.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/TimestampCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/TsacertOptionTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/jarsigner/warnings/NoTimestampTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CacertsOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CheckCertAKID.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CloneKeyAskPassword.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/CloseFile.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/DupImport.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/GenKeyPairSigner.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/GenerateAll.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/GroupName.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/HasSrcStoretypeOption.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/ImportPrompt.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/JKStoPKCS12.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/KeyToolTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/NewSize7.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/PKCS12Passwd.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/PrintSSL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/Serial64.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/StartDateTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/StorePasswords.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/UnknownAndUnparseable.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/WeakAlg.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakecacerts/TrustedCRL.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakecacerts/TrustedCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakegen/DefaultSignatureAlgorithm.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/tools/keytool/fakegen/PSS.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/util/HostnameMatcher/NullHostnameCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/validator/EndEntityExtensionCheck.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/validator/certreplace.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/validator/samedn.sh https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/AlgorithmId/NonStandardNames.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/AlgorithmId/OmitAlgIdParam.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/URICertStore/CRLReadTimeout.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/URICertStore/ExtensionsWithLDAP.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CRLImpl/OrderAndDup.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CRLImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CertImpl/ECSigParamsVerifyWithCert.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CertImpl/V3Certificate.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -sun/security/x509/X509CertImpl/Verify.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all -javax/net/ssl/ServerName/BestEffortOnLazyConnected.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le,linux-s390x,aix-all - -sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-s390x,aix-all -javax/net/ssl/SSLEngine/LargePacket.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-x64,linux-ppc64le -jdk/nio/zipfs/ZipFSTester.java https://github.com/ibmruntimes/openj9-openjdk-jdk17/issues/321 linux-ppc64le,linux-s390x,aix-all +# =========================================================================== \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java index 773fb08d317..4f76d8b0b75 100644 --- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java @@ -52,6 +52,9 @@ import javax.net.ssl.SSLEngine; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Test common DTLS cipher suites. */ @@ -61,14 +64,30 @@ public class CipherSuite extends DTLSOverDatagram { volatile static String cipherSuite; public static void main(String[] args) throws Exception { - if (args.length > 1 && "re-enable".equals(args[1])) { + if (args.length > 1 && "re-enable".equals(args[1]) + && !(Utils.isFIPS() + && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } cipherSuite = args[0]; CipherSuite testCase = new CipherSuite(); - testCase.runTest(testCase); + try { + testCase.runTest(testCase); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if ((Utils.isFIPS() + && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) + && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } } @Override @@ -81,4 +100,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception { return engine; } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java index b18238f7217..6541c9b80f7 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java @@ -48,6 +48,9 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Testing DTLS engines handshake using each of the supported cipher suites with * replicated packets check. @@ -59,7 +62,9 @@ public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase { public static void main(String[] args) { DTLSHandshakeWithReplicatedPacketsTest test = new DTLSHandshakeWithReplicatedPacketsTest(); - setUpAndStartKDCIfNeeded(); + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + setUpAndStartKDCIfNeeded(); + } test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java index 2e59cb73857..03e42908546 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java @@ -53,6 +53,9 @@ import java.util.Random; import jdk.test.lib.RandomFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Testing DTLS incorrect app data packages unwrapping. Incorrect application * data packages should be ignored by DTLS SSLEngine. @@ -63,7 +66,9 @@ public class DTLSIncorrectAppDataTest extends SSLEngineTestCase { public static void main(String[] s) { DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest(); - setUpAndStartKDCIfNeeded(); + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + setUpAndStartKDCIfNeeded(); + } test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java index 1820dbe5423..87e8152f1be 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java @@ -46,6 +46,7 @@ import java.util.concurrent.atomic.AtomicBoolean; import jdk.test.lib.hexdump.HexPrinter; +import jdk.test.lib.Utils; /** * An example to show the way to use SSLEngine in datagram connections. @@ -63,10 +64,10 @@ public class DTLSOverDatagram { private static final String KEY_STORE_FILE = "keystore"; private static final String TRUST_STORE_FILE = "truststore"; - private static final String KEY_FILENAME = + private static String KEY_FILENAME = System.getProperty("test.src", ".") + "/" + PATH_TO_STORES + "/" + KEY_STORE_FILE; - private static final String TRUST_FILENAME = + private static String TRUST_FILENAME = System.getProperty("test.src", ".") + "/" + PATH_TO_STORES + "/" + TRUST_STORE_FILE; @@ -505,11 +506,16 @@ boolean onReceiveTimeout(SSLEngine engine, SocketAddress socketAddr, // get DTSL context SSLContext getDTLSContext() throws Exception { String passphrase = "passphrase"; + String protocol = "DTLS"; + // if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + // KEY_FILENAME = Utils.revertJKSToPKCS12(KEY_FILENAME, passphrase); + // TRUST_FILENAME = Utils.revertJKSToPKCS12(TRUST_FILENAME, passphrase); + // } return SSLContextBuilder.builder() .trustStore(KeyStoreUtils.loadKeyStore(TRUST_FILENAME, passphrase)) .keyStore(KeyStoreUtils.loadKeyStore(KEY_FILENAME, passphrase)) .kmfPassphrase(passphrase) - .protocol("DTLS") + .protocol(protocol) .build(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java index 2eb792a2d37..a239513e649 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java @@ -55,6 +55,9 @@ import java.util.Random; import jdk.test.lib.RandomFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Testing DTLS records sequence number property support in application data * exchange. @@ -69,7 +72,9 @@ public class DTLSSequenceNumberTest extends SSLEngineTestCase { public static void main(String[] args) { DTLSSequenceNumberTest test = new DTLSSequenceNumberTest(); - setUpAndStartKDCIfNeeded(); + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + setUpAndStartKDCIfNeeded(); + } test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java index 2532f524371..f6d42a100e6 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java @@ -21,6 +21,7 @@ * questions. */ +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; import javax.net.ssl.*; @@ -49,7 +50,10 @@ public class DTLSWontNegotiateV10 { private static final String DTLSV_1_2 = "DTLSv1.2"; public static void main(String[] args) throws Exception { - if (args[0].equals(DTLSV_1_0)) { + + if (args[0].equals(DTLSV_1_0) + && !(Utils.isFIPS() + && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { SecurityUtils.removeFromDisabledTlsAlgs(DTLSV_1_0); } @@ -77,6 +81,18 @@ public static void main(String[] args) throws Exception { server.run(); p.destroy(); System.out.println("Success: DTLSv1.0 connection was not established."); + } catch (javax.net.ssl.SSLHandshakeException sslhe) { + if ((Utils.isFIPS() + && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) + && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; } } } diff --git a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java index d9bb38ec15a..fbac7be9a7a 100644 --- a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java @@ -68,4 +68,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception { return engine; } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java index b1ef64ef88a..18ed8883adb 100644 --- a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java +++ b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java @@ -26,6 +26,7 @@ * @bug 4387882 * @summary Need to revisit the javadocs for JSSE, especially the * promoted classes. + * @library /test/lib * @run main/othervm ImplicitHandshake * * SunJSSE does not support dynamic system properties, no way to re-use @@ -37,6 +38,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ImplicitHandshake { /* @@ -191,6 +195,10 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java index d4eca8b5776..51d074e6a44 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java @@ -31,6 +31,7 @@ * @bug 6668231 * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to * fail trusted checks + * @library /test/lib * @run main/othervm CriticalSubjectAltName * @author Xuelei Fan */ @@ -53,6 +54,9 @@ import java.security.Security; import java.security.cert.Certificate; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class CriticalSubjectAltName implements HostnameVerifier { /* * ============================================================= @@ -160,9 +164,9 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); + "MD2, RSA keySize < 1024"); Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + "SSLv3, RC4, DH keySize < 768"); String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + @@ -171,6 +175,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java index 87ffef9c0f8..6d3cdb8e6bb 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java @@ -25,6 +25,7 @@ * @test * @bug 4482187 * @summary HttpsClient tests are failing for build 71 + * @library /test/lib * @run main/othervm GetResponseCode * * SunJSSE does not support dynamic system properties, no way to re-use @@ -37,6 +38,9 @@ import javax.net.ssl.*; import java.security.cert.Certificate; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class GetResponseCode implements HostnameVerifier { /* * ============================================================= @@ -149,6 +153,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security b/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security new file mode 100644 index 00000000000..86339bbd395 --- /dev/null +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security @@ -0,0 +1,29 @@ +# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends +# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration +# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. +# +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.name = Test-TLS-HttpsURLConnection OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.default = false +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \ + {AlgorithmParameters, DiffieHellman, *}, \ + {KeyAgreement, DiffieHellman, *}, \ + {KeyPairGenerator, DiffieHellman, *}, \ + {KeyFactory, DiffieHellman, *}, \ + {MessageDigest, MD5, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.2 = sun.security.provider.Sun [+ \ + {KeyStore, JKS, *}, \ + {KeyStore, PKCS12, *}, \ + {MessageDigest, SHA-1, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ + {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ + {AlgorithmParameters, PBEWithMD5AndDES, *}, \ + {SecretKeyFactory, PBEWithMD5AndDES, *}, \ + {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ + {Mac, HmacSHA1, *},\ + {Mac, HmacPBESHA256, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}] \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java index 4781d15972b..b913f7c7e5d 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java @@ -27,7 +27,7 @@ * @summary Add scatter/gather APIs for SSLEngine * * Check to see if the args are being parsed properly. - * + * @library /test/lib */ import javax.net.ssl.*; @@ -36,6 +36,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ArgCheck { private static boolean debug = false; @@ -258,6 +261,8 @@ static private SSLEngine createSSLEngine(String keyFile, String trustFile) KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); + ks.load(null, null); + char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(keyFile), passphrase); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java index 2ba56c85b34..11c043e1965 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java @@ -41,7 +41,9 @@ import java.io.*; import java.security.*; import java.nio.*; +import java.util.*; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class Arrays { @@ -187,14 +189,20 @@ public static void main(String args[]) throws Exception { contextVersion = args[0]; // Re-enable context version if it is disabled. // If context version is SSLv3, TLSv1 needs to be re-enabled. - if (contextVersion.equals("SSLv3")) { - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); - } else if (contextVersion.equals("TLSv1") || - contextVersion.equals("TLSv1.1")) { - SecurityUtils.removeFromDisabledTlsAlgs(contextVersion); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + if (contextVersion.equals("SSLv3")) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); + } else if (contextVersion.equals("TLSv1") || + contextVersion.equals("TLSv1.1")) { + SecurityUtils.removeFromDisabledTlsAlgs(contextVersion); + } + } else { + if (!SecurityUtils.TLS_PROTOCOLS.contains(contextVersion)) { + return; + } } - Arrays test; + Arrays test = null; test = new Arrays(); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Basics.java b/test/jdk/javax/net/ssl/SSLEngine/Basics.java index 3239bfd4ce9..e75908c0302 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Basics.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Basics.java @@ -41,6 +41,7 @@ import javax.net.ssl.*; import javax.net.ssl.SSLEngineResult.*; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class Basics { @@ -57,11 +58,15 @@ public class Basics { "/" + TRUSTSTORE_FILE; public static void main(String[] args) throws Exception { - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); + } runTest("TLSv1.3", "TLS_AES_256_GCM_SHA384"); - runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384"); - runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384"); + } } private static void runTest(String protocol, String cipherSuite) throws Exception { @@ -69,6 +74,7 @@ private static void runTest(String protocol, String cipherSuite) throws Exceptio KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); + char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(KEYSTORE_PATH), passphrase); diff --git a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java index 7a7ecdffa5d..1aea6f4cdb5 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java +++ b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java @@ -25,9 +25,8 @@ * @test * @bug 4948079 * @summary Verify return values from SSLEngine wrap/unwrap (TLSv1.2) operations - * + * @library /test/lib * @run main CheckTlsEngineResults - * * @author Brad Wetmore */ @@ -40,6 +39,13 @@ import java.io.*; import java.security.*; import java.nio.*; +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; + +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class CheckTlsEngineResults { @@ -67,6 +73,8 @@ public class CheckTlsEngineResults { private ByteBuffer clientToServer; // "reliable" transport clientEngine->serverEngine private ByteBuffer serverToClient; // "reliable" transport serverEngine->clientEngine + private static Thread catchException; + /* * Majority of the test case is here, setup is done below. */ @@ -126,8 +134,16 @@ private void test() throws Exception { SSLEngineResult result1; // clientEngine's results from last operation SSLEngineResult result2; // serverEngine's results from last operation - String [] suite1 = new String [] { - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }; + String[] suite1; + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + suite1 = new String [] { + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }; + } else { + suite1 = new String [] { + // "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }; + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }; + } + String [] suite2 = new String [] { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }; @@ -154,6 +170,8 @@ private void test() throws Exception { checkResult(clientToServer, serverIn, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); + + runDelegatedTasks(serverEngine); clientToServer.compact(); @@ -189,6 +207,7 @@ private void test() throws Exception { checkResult(clientToServer, serverIn, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); + runDelegatedTasks(serverEngine); clientToServer.compact(); @@ -694,7 +713,7 @@ private void createBuffers() { log(""); } - private static void runDelegatedTasks(SSLEngine engine) { + private static void runDelegatedTasks(SSLEngine engine) throws Exception { Runnable runnable; while ((runnable = engine.getDelegatedTask()) != null) { @@ -702,6 +721,49 @@ private static void runDelegatedTasks(SSLEngine engine) { runnable.run(); } } + // private static void runDelegatedTasks(SSLEngine engine) throws Exception { + // ExecutorService executorService = Executors.newSingleThreadExecutor(); + + // // create Runnable + // Runnable myRunnable = () -> { + // System.out.println("Executing Runnable..."); + // throw new RuntimeException("Simulated exception in Runnable"); + // }; + + // RunnableCallable runnableCallable = new RunnableCallable(myRunnable); + + // Future future = executorService.submit(runnableCallable); + + // try { + // future.get(); + // } catch (Exception e) { + // System.err.println("Exception caught: " + e.getMessage()); + // e.printStackTrace(); + // } + + // executorService.shutdown(); + // } + + // static class RunnableCallable implements Callable { + // private Runnable runnable; + + // public RunnableCallable(Runnable runnable) { + // this.runnable = runnable; + // } + + // @Override + // public Void call() throws Exception { + // try { + // runnable.run(); + // } catch (Exception e) { + // System.out.println("!!!"); + // e.printStackTrace(); + // throw new RuntimeException("Exception in Runnable", e); + // } + // return null; + // } + // } + private static void log(String str) { System.out.println(str); diff --git a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java index e1ed18e9fde..0dabeceb524 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java @@ -27,7 +27,7 @@ * @summary Add non-blocking SSL/TLS functionality, usable with any * I/O abstraction * @author Brad Wetmore - * + * @library /test/lib * @run main/othervm ConnectionTest TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * @run main/othervm ConnectionTest TLSv1.3 TLS_AES_256_GCM_SHA384 */ @@ -44,6 +44,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ConnectionTest { private final SSLEngine clientEngine; @@ -93,6 +96,7 @@ public ConnectionTest(String enabledProtocol, String enabledCipherSuite) private SSLContext getSSLContext() throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); + char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(KEYSTORE_PATH), passphrase); @@ -597,7 +601,9 @@ private static void log(Object msg) { public static void main(String args[]) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } log(String.format("Running with %s and %s%n", args[0], args[1])); ConnectionTest ct = new ConnectionTest(args[0], args[1]); diff --git a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java index 7a4f71d8171..285a0d64169 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java @@ -26,6 +26,7 @@ * @bug 8133632 * @summary javax.net.ssl.SSLEngine does not properly handle received * SSL fatal alerts + * @library /test/lib * @run main EngineCloseOnAlert */ @@ -37,6 +38,9 @@ import java.security.*; import static javax.net.ssl.SSLEngineResult.HandshakeStatus.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class EngineCloseOnAlert { private static final String PATH_TO_STORES = "../etc"; @@ -53,8 +57,9 @@ public class EngineCloseOnAlert { private static KeyManagerFactory KMF; private static TrustManagerFactory TMF; - private static final String[] ONECIPHER = - { "TLS_RSA_WITH_AES_128_CBC_SHA" }; + private static final String[] ONECIPHER = (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) ? + new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } : new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA" }; + public interface TestCase { public void runTest() throws Exception; diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java index 334091d7310..b70380312e1 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java @@ -26,7 +26,7 @@ * @bug 4981697 * @summary Rework the X509KeyManager to avoid incompatibility issues * @author Brad R. Wetmore - * + * @library /test/lib * @run main/othervm -Djdk.tls.acknowledgeCloseNotify=true ExtendedKeyEngine */ @@ -36,6 +36,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ExtendedKeyEngine { private static boolean debug = false; diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java index ef4eef3a330..ac52340eae8 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java @@ -25,6 +25,7 @@ * @test * @bug 4981697 * @summary Rework the X509KeyManager to avoid incompatibility issues + * @library /test/lib * @run main/othervm ExtendedKeySocket * * SunJSSE does not support dynamic system properties, no way to re-use @@ -90,9 +91,9 @@ SSLContext getSSLContext(boolean abs) throws Exception { SSLContext ctx = SSLContext.getInstance("TLS"); KeyStore keyKS = KeyStore.getInstance("JKS"); - keyKS.load(new FileInputStream(keyFilename), passwd); - KeyStore trustKS = KeyStore.getInstance("JKS"); + + keyKS.load(new FileInputStream(keyFilename), passwd); trustKS.load(new FileInputStream(trustFilename), passwd); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); diff --git a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java index eba6a6aa3de..45d95733d34 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java +++ b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java @@ -28,6 +28,7 @@ * @test * @bug 8233619 * @summary SSLEngine has not yet caused Solaris kernel to panic + * @library /test/lib * @run main/othervm FinishedPresent */ import javax.net.ssl.*; diff --git a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java index 295ad66646c..d8f56cb9f91 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java +++ b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java @@ -24,6 +24,7 @@ /* * @test * @bug 8042449 8299870 + * @library /test/lib * @library /javax/net/ssl/templates * @summary Verify successful handshake ignores invalid record version * diff --git a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java index 5dc19f1475e..bec04e37689 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java +++ b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java @@ -30,6 +30,7 @@ * @test * @bug 8180643 * @summary Illegal handshake message + * @library /test/lib * @run main/othervm IllegalHandshakeMessage */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java index 76c181ccff4..6cfb52b073e 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java +++ b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java @@ -29,7 +29,7 @@ * * This is to test larger buffer arrays, and make sure the maximum * is being passed. - * + * @library /test/lib * @run main/othervm -Djsse.enableCBCProtection=false LargeBufs * * @author Brad R. Wetmore @@ -43,6 +43,9 @@ import java.nio.*; import java.util.Random; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class LargeBufs { private static boolean debug = true; @@ -130,6 +133,10 @@ private void runTest(String cipher) throws Exception { runDelegatedTasks(result1, ssle1); runDelegatedTasks(result2, ssle2); + // Add handshake protocol logging + logHandshakeProtocol(ssle1); + logHandshakeProtocol(ssle2); + oneToTwo.flip(); twoToOne.flip(); @@ -160,6 +167,10 @@ private void runTest(String cipher) throws Exception { runDelegatedTasks(result1, ssle1); runDelegatedTasks(result2, ssle2); + // Add handshake protocol logging + logHandshakeProtocol(ssle1); + logHandshakeProtocol(ssle2); + oneToTwo.compact(); twoToOne.compact(); @@ -183,15 +194,28 @@ private void runTest(String cipher) throws Exception { public static void main(String args[]) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } LargeBufs test; - test = new LargeBufs(); - test.runTest("SSL_RSA_WITH_RC4_128_MD5"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + test = new LargeBufs(); + test.runTest("SSL_RSA_WITH_RC4_128_MD5"); + } - test = new LargeBufs(); - test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + test = new LargeBufs(); + test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + } + + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + test = new LargeBufs(); + test.runTest("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); + test = new LargeBufs(); + test.runTest("TLS_AES_128_GCM_SHA256"); + } System.out.println("Test Passed."); } @@ -244,6 +268,7 @@ private void createBuffers() { // that the ability to concume or produce applicaton data upto // the size. 16384 is the default JSSE implementation maximum // application size that could be consumed and produced. + // appBufferMax = 16384; appBufferMax = 16384; netBufferMax = session.getPacketBufferSize(); @@ -308,5 +333,5 @@ private static void log(String str) { if (debug) { System.out.println(str); } - } + } } diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java index c04eaf92cb0..27410985532 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java +++ b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java @@ -32,6 +32,7 @@ * @bug 6388456 * @summary Need adjustable TLS max record size for interoperability * with non-compliant + * @library /test/lib * @run main/othervm LargePacket * * @author Xuelei Fan diff --git a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java index 208fb3935ae..1cbff6e4752 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java +++ b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java @@ -30,6 +30,7 @@ * @test * @bug 4495742 8190492 * @summary Demonstrate SSLEngine switch from no client auth to client auth. + * @library /test/lib * @run main/othervm NoAuthClientAuth SSLv3 * @run main/othervm NoAuthClientAuth TLSv1 * @run main/othervm NoAuthClientAuth TLSv1.1 @@ -82,6 +83,9 @@ import java.security.*; import java.nio.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + // Note that this test case depends on JSSE provider implementation details. public class NoAuthClientAuth { @@ -140,14 +144,22 @@ public class NoAuthClientAuth { * Main entry point for this test. */ public static void main(String args[]) throws Exception { - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + tlsProtocol = args[0]; + } else { + if (SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + tlsProtocol = args[0]; + } + } + if (tlsProtocol == null) { + return; + } if (debug) { System.setProperty("javax.net.debug", "all"); } - tlsProtocol = args[0]; - NoAuthClientAuth test = new NoAuthClientAuth(); test.runTest(); diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java index 3685dca64df..95d64024cd7 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java +++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java @@ -25,7 +25,7 @@ * @test * @bug 4965868 * @summary SSLEngineResult constructor needs null argument description - * + * @library /test/lib * @author Brad Wetmore */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java index 5b7d0c4e688..a1ddee74bb2 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java +++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java @@ -28,6 +28,7 @@ * * Helper class of SSL/TLS client/server communication. * + * @library /test/lib * @author Xuelei Fan */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java index 67387bd1661..8b571110ad2 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java +++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java @@ -38,6 +38,7 @@ * @author Brad Wetmore */ +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; import javax.net.ssl.*; @@ -89,7 +90,25 @@ private void createSSLEngines() { } private void test() throws Exception { - String [] suites = clientEngine.getEnabledCipherSuites(); + List tmpCipherSuites = new ArrayList<>(); + String [] suites; + if (Utils.isFIPS()) { + for (String ciphersuite : clientEngine.getEnabledCipherSuites()) { + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(ciphersuite)) { + continue; + } + if (!SecurityUtils.TLS_CIPHERSUITES.get(ciphersuite).equals(PROTOCOL)) { + continue; + } + tmpCipherSuites.add(ciphersuite); + } + if (tmpCipherSuites.size() == 0) { + return; + } + suites = tmpCipherSuites.toArray(new String[0]); + } else { + suites = clientEngine.getEnabledCipherSuites(); + } System.out.println("Enabled cipher suites for protocol " + PROTOCOL + ": " + Arrays.toString(suites)); for (String suite: suites){ @@ -224,10 +243,15 @@ public static void main(String args[]) throws Exception { if (args.length < 1) { throw new RuntimeException("Missing TLS protocol parameter."); } - - switch(args[0]) { - case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); - case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + switch(args[0]) { + case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2"); + } + } else { + if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + return; + } } TestAllSuites testAllSuites = new TestAllSuites(args[0]); diff --git a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java index 58e387bcdad..9862497e32b 100644 --- a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java @@ -30,6 +30,7 @@ * @test * @bug 7188657 * @summary There should be a way to reorder the JSSE ciphers + * @library /test/lib * @run main/othervm UseCipherSuitesOrder * TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ @@ -39,6 +40,9 @@ import javax.net.ssl.*; import java.util.Arrays; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class UseCipherSuitesOrder { /* @@ -174,6 +178,10 @@ private static void parseArguments(String[] args) throws Exception { throw new Exception("Need to enable at least two cipher suites"); } + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + cliEnabledCipherSuites = new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}; + } + // Only need to use 2 cipher suites in server side. srvEnabledCipherSuites = Arrays.copyOf( cliEnabledCipherSuites, 2); @@ -209,6 +217,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java index 98c7afb2738..71c991227a8 100644 --- a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java +++ b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java @@ -70,7 +70,7 @@ public static void main(String[] args) throws Exception { server.close(client1); client1.close(); - // Resume the client session + // Resume the client session TLSBase.Client client2 = new TLSBase.Client(); if (server.getSession(client2).getSessionContext() == null) { throw new Exception("Context was null on resumption"); diff --git a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java index c6e9753a2c1..84d277fa563 100644 --- a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java +++ b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java @@ -24,6 +24,7 @@ /* * @test * @bug 4395238 4354003 4387961 4395266 + * @library /test/lib * @summary A test of many of the new functionality to go into JSSE 1.1 * Fixed 4395238: The new certificate chains APIs should really be * returning certs, not x509 certs @@ -42,6 +43,9 @@ import javax.net.ssl.*; import java.security.cert.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class HttpsURLConnectionLocalCertificateChain implements HandshakeCompletedListener, HostnameVerifier { @@ -211,7 +215,6 @@ void doClientSide() throws Exception { myURLc = (HttpsURLConnection) myURL.openConnection(); myURLc.setHostnameVerifier(this); myURLc.connect(); - InputStream sslIS = myURLc.getInputStream(); System.out.println("Client reading..."); @@ -245,6 +248,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java index 435dd2345d6..b65c8206edd 100644 --- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java +++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java @@ -24,6 +24,7 @@ /* * @test * @bug 4280338 + * @library /test/lib * @summary "Unsupported SSL message version" SSLProtocolException * w/SSL_RSA_WITH_NULL_MD5 * @run main/othervm JSSERenegotiate @@ -40,10 +41,13 @@ import java.security.Security; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class JSSERenegotiate { - static final String suite1 = "SSL_RSA_WITH_NULL_MD5"; - static final String suite2 = "SSL_RSA_WITH_NULL_SHA"; + static String suite1; + static String suite2; static final String dataString = "This is a test"; @@ -193,7 +197,9 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the cipher suites // used in this test are not disabled - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + @@ -202,6 +208,16 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + suite1 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; + suite2 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; + } else { + suite1 = "SSL_RSA_WITH_NULL_MD5"; + suite2 = "SSL_RSA_WITH_NULL_SHA"; + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java index 9495ee2d28a..48d8e448524 100644 --- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java +++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java @@ -23,6 +23,7 @@ /* * @test + * @library /test/lib * @run main/othervm -Djavax.net.debug=ssl RenegotiateTLS13 */ @@ -40,6 +41,9 @@ import java.security.KeyStore; import java.security.SecureRandom; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class RenegotiateTLS13 { static final String dataString = "This is a test"; @@ -139,6 +143,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java index 3e70af733fb..6bef0440702 100644 --- a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java +++ b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java @@ -27,6 +27,7 @@ /* * @test * @bug 8211806 8277881 8277307 + * @library /test/lib * @summary TLS 1.3 handshake server name indication is missing on a session resume * @run main/othervm ResumeTLS13withSNI */ @@ -38,6 +39,9 @@ import java.nio.*; import java.util.List; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ResumeTLS13withSNI { /* @@ -69,10 +73,10 @@ public class ResumeTLS13withSNI { private static final String trustStoreFile = "truststore"; private static final char[] passphrase = "passphrase".toCharArray(); - private static final String keyFilename = + private static String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile; - private static final String trustFilename = + private static String trustFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; @@ -89,6 +93,11 @@ public static void main(String args[]) throws Exception { System.setProperty("javax.net.debug", "ssl:handshake"); } + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase"); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase"); + } + KeyManagerFactory kmf = makeKeyManagerFactory(keyFilename, passphrase); TrustManagerFactory tmf = makeTrustManagerFactory(trustFilename, @@ -464,7 +473,7 @@ private static KeyManagerFactory makeKeyManagerFactory(String ksPath, char[] pass) throws GeneralSecurityException, IOException { KeyManagerFactory kmf; KeyStore ks = KeyStore.getInstance("JKS"); - + try (FileInputStream fsIn = new FileInputStream(ksPath)) { ks.load(fsIn, pass); kmf = KeyManagerFactory.getInstance("SunX509"); diff --git a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java index 4e3b8e0b076..03d212b61f9 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java +++ b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java @@ -24,6 +24,7 @@ /* * @test * @bug 4473210 + * @library /test/lib * @summary SSLSessionContext should be accessible from SSLContext * @run main/othervm -Djdk.tls.server.enableSessionTicketExtension=false * SSLCtxAccessToSessCtx @@ -40,6 +41,9 @@ import java.util.concurrent.atomic.AtomicInteger; import java.security.KeyStore; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLCtxAccessToSessCtx { /* @@ -172,6 +176,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); @@ -180,6 +189,7 @@ public static void main(String[] args) throws Exception { sslctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(new FileInputStream(keyFilename), passwd.toCharArray()); kmf.init(ks, passwd.toCharArray()); sslctx.init(kmf.getKeyManagers(), null, null); diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java index bb61abb35d5..82d209cea7f 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java @@ -29,6 +29,7 @@ /* * @test * @bug 4366807 + * @library /test/lib * @summary Need new APIs to get/set session timeout and session cache size. * @run main/othervm SessionCacheSizeTests */ @@ -39,6 +40,9 @@ import java.util.*; import java.security.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Session cache size tests cover the following cases: * 1. Effect of system property javax.net.ssl.SessionCacheSize (this @@ -305,6 +309,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java index c44c12f6c59..d147ed158a6 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java @@ -27,6 +27,7 @@ /* * @test * @bug 4366807 + * @library /test/lib * @summary Need new APIs to get/set session timeout and session cache size. * @run main/othervm SessionTimeOutTests */ @@ -41,6 +42,9 @@ import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /** * Session reuse time-out tests cover the cases below: * 1. general test, i.e timeout is set to x and session invalidates when @@ -332,6 +336,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java index 4e56a9a655b..fac439e5c9d 100644 --- a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java +++ b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java @@ -34,6 +34,7 @@ * 4701722 protocol mismatch exceptions should be consistent between * SSLv3 and TLSv1 * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm TestEnabledProtocols * @author Ram Marti */ @@ -52,6 +53,9 @@ import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class TestEnabledProtocols extends SSLSocketTemplate { private final String[] serverProtocols; @@ -165,7 +169,9 @@ private void failTest(Exception e, String message) { } public static void main(String[] args) throws Exception { - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } runCase(new String[] { "TLSv1" }, new String[] { "TLSv1" }, diff --git a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java index 063befba3b7..fcf6f1aff80 100644 --- a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java @@ -55,6 +55,9 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + public class ClientExcOnAlert { // This is a PKCS#12 keystore created with the following command: // keytool -genkeypair -alias testcert -keyalg rsa -keysize 2048 @@ -124,6 +127,7 @@ public class ClientExcOnAlert { static final Condition serverReady = lock.newCondition(); public static void main(String[] args) throws Exception { + printPEM(KEYSTORE_PEM); Thread serverThread = new Thread(() -> { try { doServerSide(); @@ -134,7 +138,6 @@ public static void main(String[] args) throws Exception { } ); serverThread.start(); - try { doClientSide((args == null || args.length < 1) ? null : args[0]); throw new RuntimeException("Expected SSLException did not occur!"); @@ -150,20 +153,27 @@ static void doServerSide() throws Exception { Thread.currentThread().setName("ServerThread"); SSLContext sslc = SSLContext.getInstance("TLS"); log("doServerSide start"); + System.out.println("<1>"); KeyManagerFactory kmf = createKeyManagerFactory(KEYSTORE_PEM, KEYSTORE_PASS); + System.out.println("<2>"); sslc.init(kmf.getKeyManagers(), null, null); + System.out.println("<3>"); SSLServerSocketFactory ssf = (SSLServerSocketFactory)sslc.getServerSocketFactory(); - + System.out.println("<4>"); try (SSLServerSocket sslServerSocket = (SSLServerSocket)ssf.createServerSocket(0)) { + System.out.println("<5>"); sslServerSocket.setReuseAddress(true); // Set the server port and wake up the client thread who is waiting // for the port to be set. + System.out.println("<6>"); lock.lock(); + System.out.println("<7>"); try { serverPort = sslServerSocket.getLocalPort(); + System.out.println("<8>"); log("Server listening on port %d", serverPort); serverReady.signalAll(); log("Server ready"); @@ -173,6 +183,7 @@ static void doServerSide() throws Exception { // Go into the accept wait state until the client initiates the // TLS handshake. + System.out.println("<9>"); try (SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept(); PrintWriter pw = new PrintWriter(sslSocket.getOutputStream()); @@ -192,15 +203,23 @@ private static KeyManagerFactory createKeyManagerFactory( String ksPem, String ksAuth) throws IOException, GeneralSecurityException { KeyManagerFactory kmf = null; + System.out.println("<1-1>"); if (ksPem != null && ksAuth != null) { + System.out.println("<1-2>"); Base64.Decoder b64dec = Base64.getMimeDecoder(); + System.out.println("<1-3>"); ByteArrayInputStream bais = new ByteArrayInputStream(b64dec.decode(ksPem)); + System.out.println("<1-4>"); KeyStore ks = KeyStore.getInstance("PKCS12"); + System.out.println("<1-5>"); char[] ksPass = ksAuth.toCharArray(); + System.out.println("<1-6>"); ks.load(bais, ksPass); + System.out.println("<1-7>"); kmf = KeyManagerFactory.getInstance("PKIX"); + System.out.println("<1-8>"); kmf.init(ks, ksAuth.toCharArray()); } @@ -247,4 +266,24 @@ private static void log(String msgFmt, Object ... args) { sb.append(String.format(msgFmt, args)); System.out.println(sb.toString()); } -} + + private static void printPEM(String KEYSTORE_PEM) { + Base64.Decoder b64dec = Base64.getMimeDecoder(); + byte[] pemBytes = b64dec.decode(KEYSTORE_PEM); + + try { + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(pemBytes)); + + System.out.println("Certificate:"); + System.out.println(" Subject: " + cert.getSubjectX500Principal().getName()); + System.out.println(" Issuer: " + cert.getIssuerX500Principal().getName()); + System.out.println(" Serial Number: " + cert.getSerialNumber()); + System.out.println(" Valid from: " + cert.getNotBefore()); + System.out.println(" Valid until: " + cert.getNotAfter()); + System.out.println(" Public Key Algorithm: " + cert.getPublicKey().getAlgorithm()); + } catch (Exception e) { + e.printStackTrace(); + } + } +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java index bda0710f61e..50013f56c8b 100644 --- a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java +++ b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java @@ -30,6 +30,7 @@ * @test * @bug 8144566 * @summary Custom HostnameVerifier disables SNI extension + * @library /test/lib * @run main/othervm BestEffortOnLazyConnected */ @@ -37,6 +38,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class BestEffortOnLazyConnected { /* @@ -171,6 +175,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java index 64a62158eee..8ef17483cec 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java @@ -31,6 +31,7 @@ * @bug 7068321 8190492 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../SSLEngine ../templates + * @library /test/lib * @build SSLEngineService SSLCapabilities SSLExplorer * @run main/othervm SSLEngineExplorer SSLv2Hello,SSLv3 * @run main/othervm SSLEngineExplorer SSLv3 @@ -46,6 +47,9 @@ import java.nio.channels.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLEngineExplorer extends SSLEngineService { /* @@ -220,7 +224,19 @@ void checkCapabilities(SSLCapabilities capabilities, private static String[] supportedProtocols; // supported protocols private static void parseArguments(String[] args) { - supportedProtocols = args[0].split(","); + List supportProtocols = new ArrayList<>(); + for (String supportProtocol : args[0].split(",")) { + System.out.println("the args[0] is: " + supportProtocol); + if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) { + continue; + } + System.out.println("SupportProtocol is: " + supportProtocol); + supportProtocols.add(supportProtocol); + } + supportedProtocols = supportProtocols.toArray(new String[0]); + for (String s : supportedProtocols) { + System.out.println("SupportedProtocols is: " + s); + } } @@ -237,7 +253,9 @@ private static void parseArguments(String[] args) { public static void main(String args[]) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } if (debug) System.setProperty("javax.net.debug", "all"); @@ -245,8 +263,11 @@ public static void main(String args[]) throws Exception { /* * Get the customized arguments. */ + System.out.println("args is: " + args); parseArguments(args); - + if (supportedProtocols == null || supportedProtocols.length == 0) { + return; + } new SSLEngineExplorer(); } diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java index 38d999aa3ef..4d4da348acb 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java @@ -30,6 +30,7 @@ * @test * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server + * @library /test/lib * @run main/othervm SSLSocketConsistentSNI */ @@ -40,6 +41,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketConsistentSNI { /* @@ -218,6 +222,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java index 4992553eba9..619148fcaaa 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java @@ -31,6 +31,7 @@ * @bug 7068321 8190492 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorer SSLv2Hello,SSLv3 * @run main/othervm SSLSocketExplorer SSLv3 @@ -47,6 +48,9 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorer { /* @@ -212,7 +216,14 @@ void checkCapabilities(SSLCapabilities capabilities, private static String[] supportedProtocols; // supported protocols private static void parseArguments(String[] args) { - supportedProtocols = args[0].split(","); + List supportProtocols = new ArrayList<>(); + for (String supportProtocol : args[0].split(",")) { + if (!SecurityUtils.TLS_PROTOCOLS.contains(supportProtocol)) { + continue; + } + supportProtocols.add(supportProtocol); + } + supportedProtocols = supportProtocols.toArray(new String[0]); } @@ -230,7 +241,9 @@ private static void parseArguments(String[] args) { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + @@ -239,6 +252,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); @@ -252,6 +270,9 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); + if (supportedProtocols == null || supportedProtocols.length == 0) { + return; + } /* * Start the tests. */ diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java index 00d00001d87..154b22095ba 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerFailure SSLv2Hello,SSLv3 * @run main/othervm SSLSocketExplorerFailure SSLv3 @@ -47,6 +48,9 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerFailure { /* @@ -233,9 +237,11 @@ private static void parseArguments(String[] args) { volatile Exception clientException = null; public static void main(String[] args) throws Exception { - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - Security.setProperty("jdk.certpath.disabledAlgorithms", ""); - + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + } + String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile; diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java index 724a37e1a80..01f733efb45 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerMatchedSNI www.example.com * www\.example\.com @@ -51,6 +52,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerMatchedSNI { /* @@ -291,6 +295,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java index 8f2b7816864..56eb284c88e 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerWithCliSNI */ @@ -42,6 +43,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerWithCliSNI { /* @@ -268,6 +272,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java index f026f32e781..1584c8caa88 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java @@ -31,6 +31,7 @@ * @bug 7068321 * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server * @library ../templates + * @library /test/lib * @build SSLCapabilities SSLExplorer * @run main/othervm SSLSocketExplorerWithSrvSNI */ @@ -42,6 +43,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SSLSocketExplorerWithSrvSNI { /* @@ -251,6 +255,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java index da2f422149d..aae61892ad3 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java @@ -54,6 +54,8 @@ import java.security.interfaces.*; import java.util.Base64; +import java.io.ByteArrayInputStream; + // Note: this test case works only on TLS 1.2 and prior versions because of // the use of MD5withRSA signed certificate. public class SSLSocketSNISensitive { @@ -361,6 +363,36 @@ private static void parseArguments(String[] args) { clientRequestedHostname = args[1]; } + private static void printCert(String trustedCertStr) { + try { + // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace + String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "") + .replace("-----END CERTIFICATE-----", "") + .replaceAll("\\s", ""); + + // Decode the base64 string to get the certificate bytes + byte[] certBytes = Base64.getDecoder().decode(cleanedCert); + + // Create a CertificateFactory for X.509 certificates + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + + // Generate the X509Certificate object + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)); + + // Print the certificate details + System.out.println("Issuer: " + cert.getIssuerDN()); + System.out.println("Subject: " + cert.getSubjectDN()); + System.out.println("Serial Number: " + cert.getSerialNumber()); + System.out.println("Not Before: " + cert.getNotBefore()); + System.out.println("Not After: " + cert.getNotAfter()); + System.out.println("Signature Algorithm: " + cert.getSigAlgName()); + System.out.println("Version: " + cert.getVersion()); + + } catch (Exception e) { + e.printStackTrace(); + } + } + private static SSLContext generateSSLContext(boolean isClient) throws Exception { @@ -369,6 +401,7 @@ private static SSLContext generateSSLContext(boolean isClient) // create a key store KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(null, null); // import the trused cert @@ -435,9 +468,9 @@ private static SSLContext generateSSLContext(boolean isClient) public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); + "MD2, RSA keySize < 1024"); Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + "SSLv3, RC4, DH keySize < 768"); if (debug) System.setProperty("javax.net.debug", "all"); @@ -447,6 +480,16 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); + System.out.println("Now printing trustedCertStr=================="); + printCert(trustedCertStr); + System.out.println("Now printing targetCertStr_A=================="); + printCert(targetCertStr_A); + System.out.println("Now printing targetCertStr_B=================="); + printCert(targetCertStr_B); + System.out.println("Now printing targetCertStr_C=================="); + printCert(targetCertStr_C); + System.out.println("Now printing targetCertStr_D=================="); + printCert(targetCertStr_D); /* * Start the tests. */ diff --git a/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security b/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security new file mode 100644 index 00000000000..8ae3187b347 --- /dev/null +++ b/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security @@ -0,0 +1,29 @@ +# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends +# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration +# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. +# +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.name = Test-TLS-ServerName OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.default = false +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \ + {AlgorithmParameters, DiffieHellman, *}, \ + {KeyAgreement, DiffieHellman, *}, \ + {KeyPairGenerator, DiffieHellman, *}, \ + {KeyFactory, DiffieHellman, *}, \ + {MessageDigest, MD5, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.2 = sun.security.provider.Sun [+ \ + {KeyStore, JKS, *}, \ + {KeyStore, PKCS12, *}, \ + {MessageDigest, SHA-1, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ + {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ + {AlgorithmParameters, PBEWithMD5AndDES, *}, \ + {SecretKeyFactory, PBEWithMD5AndDES, *}, \ + {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ + {Mac, HmacSHA1, *},\ + {Mac, HmacPBESHA256, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}] \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java index 38b0d871c1c..8fffada9093 100644 --- a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java +++ b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java @@ -50,6 +50,8 @@ import java.util.Base64; import java.util.Collections; import java.util.List; +import java.util.Map; +import java.util.HashMap; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLServerSocket; @@ -187,6 +189,11 @@ public class CipherTestUtils { + "fpqmCkpTanyYW9U=\n" + "-----END PRIVATE KEY-----"; + public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); + public static final String PROFILE = System.getProperty("semeru.customprofile"); + public static final List TLS_PROTOCOLS = new ArrayList<>(); + public static final Map TLS_CIPHERSUITES = new HashMap<>(); + private final SSLSocketFactory factory; private final X509ExtendedKeyManager clientKeyManager; private final X509ExtendedKeyManager serverKeyManager; @@ -306,6 +313,24 @@ public static void addFailure(Exception e) { } private CipherTestUtils() throws Exception { + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + + TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY, SERVER_PRIVATE_KEY); @@ -474,6 +499,36 @@ public static void printInfo(SSLSocket socket) { System.out.println("-----------------------"); } + public static void printCert(String trustedCertStr) { + try { + // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace + String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "") + .replace("-----END CERTIFICATE-----", "") + .replaceAll("\\s", ""); + + // Decode the base64 string to get the certificate bytes + byte[] certBytes = Base64.getDecoder().decode(cleanedCert); + + // Create a CertificateFactory for X.509 certificates + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + + // Generate the X509Certificate object + X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)); + + // Print the certificate details + System.out.println("Issuer: " + cert.getIssuerDN()); + System.out.println("Subject: " + cert.getSubjectDN()); + System.out.println("Serial Number: " + cert.getSerialNumber()); + System.out.println("Not Before: " + cert.getNotBefore()); + System.out.println("Not After: " + cert.getNotAfter()); + System.out.println("Signature Algorithm: " + cert.getSigAlgName()); + System.out.println("Version: " + cert.getVersion()); + + } catch (Exception e) { + e.printStackTrace(); + } + } + private static KeyStore createServerKeyStore(String publicKey, String keySpecStr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, diff --git a/test/jdk/javax/net/ssl/TLS/JSSEClient.java b/test/jdk/javax/net/ssl/TLS/JSSEClient.java index 0f510856380..657e9dae18f 100644 --- a/test/jdk/javax/net/ssl/TLS/JSSEClient.java +++ b/test/jdk/javax/net/ssl/TLS/JSSEClient.java @@ -31,6 +31,8 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; +import java.util.*; + class JSSEClient extends CipherTestUtils.Client { private static final String DEFAULT = "DEFAULT"; @@ -65,7 +67,23 @@ void runTest(CipherTestUtils.TestParameters params) throws Exception { System.out.println("Connecting to server..."); try (SSLSocket socket = (SSLSocket) factory.createSocket(host, port)) { socket.setSoTimeout(CipherTestUtils.TIMEOUT); - socket.setEnabledCipherSuites(params.cipherSuite.split(",")); + List cipherSuiteList = Arrays.asList(params.cipherSuite.split(",")); + if (CipherTestUtils.ISFIPS && CipherTestUtils.PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + List tmpCS = new ArrayList<>(); + for(String cs : cipherSuiteList) { + if (!CipherTestUtils.TLS_CIPHERSUITES.containsKey(cs)) { + System.out.println(cs + " is not available in the client side."); + continue; + } + tmpCS.add(cs); + } + if (tmpCS == null || tmpCS.size() == 0) { + System.out.println("No available ciphersuites in the client side."); + return; + } + cipherSuiteList = tmpCS; + } + socket.setEnabledCipherSuites(cipherSuiteList.toArray(new String[0])); if (params.protocol != null && !params.protocol.trim().isEmpty() && !params.protocol.trim().equals(DEFAULT)) { socket.setEnabledProtocols(params.protocol.split(",")); @@ -82,6 +100,22 @@ void runTest(CipherTestUtils.TestParameters params) throws Exception { + cipherSuite + " != " + params.cipherSuite); } String protocol = session.getProtocol(); + + if (CipherTestUtils.ISFIPS && CipherTestUtils.PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + // if (!CipherTestUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + // System.out.println(cipherSuite + " is not available."); + // return; + // } + if (!CipherTestUtils.TLS_PROTOCOLS.contains(protocol)) { + System.out.println(protocol + " is not available in the client side."); + return; + } + if (!CipherTestUtils.TLS_CIPHERSUITES.get(cipherSuite).equals(protocol)) { + System.out.println(cipherSuite + " does not match " + protocol + "in the client side."); + return; + } + } + if (!DEFAULT.equals(params.protocol) && !params.protocol.contains(protocol)) { throw new RuntimeException("Negotiated protocol mismatch: " diff --git a/test/jdk/javax/net/ssl/TLS/JSSEServer.java b/test/jdk/javax/net/ssl/TLS/JSSEServer.java index 9bd4fd0bfa0..4a484f613ba 100644 --- a/test/jdk/javax/net/ssl/TLS/JSSEServer.java +++ b/test/jdk/javax/net/ssl/TLS/JSSEServer.java @@ -60,6 +60,20 @@ public void run() { try (final SSLSocket socket = (SSLSocket) serverSocket.accept()) { socket.setSoTimeout(CipherTestUtils.TIMEOUT); + if (CipherTestUtils.ISFIPS && CipherTestUtils.PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if (!CipherTestUtils.TLS_PROTOCOLS.contains(socket.getSession().getProtocol())) { + System.out.println(socket.getSession().getProtocol() + " is not supported in the server side."); + return; + } + if (!CipherTestUtils.TLS_CIPHERSUITES.containsKey(socket.getSession().getCipherSuite())) { + System.out.println(socket.getSession().getCipherSuite() + " is not supported in the server side."); + return; + } + if (!CipherTestUtils.TLS_CIPHERSUITES.get(socket.getSession().getCipherSuite()).equals(socket.getSession().getProtocol())) { + System.out.println(socket.getSession().getCipherSuite() + " does not match " + socket.getSession().getProtocol() + "in the server side." ); + return; + } + } try (InputStream in = socket.getInputStream(); OutputStream out = socket.getOutputStream()) { handleRequest(in, out); diff --git a/test/jdk/javax/net/ssl/TLS/TestJSSE.java b/test/jdk/javax/net/ssl/TLS/TestJSSE.java index 29631064011..7987dfacda1 100644 --- a/test/jdk/javax/net/ssl/TLS/TestJSSE.java +++ b/test/jdk/javax/net/ssl/TLS/TestJSSE.java @@ -21,6 +21,9 @@ * questions. */ +import java.util.List; +import java.util.ArrayList; + import java.net.InetAddress; import java.security.Provider; import java.security.Security; @@ -30,9 +33,6 @@ public class TestJSSE { private static final String LOCAL_IP = InetAddress.getLoopbackAddress().getHostAddress(); public static void main(String... args) throws Exception { - // reset the security property to make sure that the algorithms - // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); // enable debug output System.setProperty("javax.net.debug", "ssl,record"); @@ -48,6 +48,13 @@ public static void main(String... args) throws Exception { System.out.println("ClientProtocol = " + clnProtocol); System.out.println("Cipher = " + cipher); + // reset the security property to make sure that the algorithms + // and keys used in this test are not disabled. + if (!(Boolean.parseBoolean(System.getProperty("semeru.fips")) + && System.getProperty("semeru.customprofile").equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } + try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) { client(srv.getPort(), clnProtocol, cipher, args); } diff --git a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java index b26c82c8cfb..8fffd1b6ffa 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java +++ b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java @@ -47,9 +47,13 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /* * @test * @bug 8208496 + * @library /test/lib * @summary Test to verify concurrent behavior of TLS. * @run main/othervm ConcurrentClientAccessTest */ @@ -58,10 +62,13 @@ public class ConcurrentClientAccessTest { private static final int THREADS = 50; public static void main(String[] args) throws Exception { - - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - for (String tlsProtocol : new String[]{"TLSv1.3", "TLSv1.2", - "TLSv1.1", "TLSv1"}) { + String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}; + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } else { + protocols = new String[]{"TLSv1.3", "TLSv1.2"}; + } + for (String tlsProtocol : protocols) { System.out.printf("Protocol: %s%n", tlsProtocol); CountDownLatch tillServerReady = new CountDownLatch(1); Server server = new Server(tlsProtocol, tillServerReady); diff --git a/test/jdk/javax/net/ssl/TLSCommon/NetSslUtils.java b/test/jdk/javax/net/ssl/TLSCommon/NetSslUtils.java new file mode 100644 index 00000000000..bf5a429ddf5 --- /dev/null +++ b/test/jdk/javax/net/ssl/TLSCommon/NetSslUtils.java @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.Security; +import java.security.Provider; +import java.util.List; +import java.util.ArrayList; +import java.util.Map; +import java.util.HashMap; + +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.security.KeyStore; +import java.security.Key; +import java.security.cert.Certificate; +import java.util.Enumeration; + +public class NetSslUtils { + public static final List TLS_PROTOCOLS = new ArrayList<>(); + public static final Map TLS_CIPHERSUITES = new HashMap<>(); + + public static final String isFIPS = System.getProperty("semeru.fips"); + public static boolean isFIPS() { + System.out.println("semeru.fips is: " + System.getProperty("semeru.fips")); + return Boolean.parseBoolean(isFIPS); + } + + public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile"); + public static String getFipsProfile() { + System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile")); + return FIPS_PROFILE; + } + + public static String revertJKSToPKCS12(String keyFilename, String passwd) { + String p12keyFilename = keyFilename + ".p12"; + try { + KeyStore jksKeystore = KeyStore.getInstance("JKS"); + try (FileInputStream fis = new FileInputStream(keyFilename)) { + jksKeystore.load(fis, passwd.toCharArray()); + } + + KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12"); + pkcs12Keystore.load(null, null); + + Enumeration aliasesKey = jksKeystore.aliases(); + while (aliasesKey.hasMoreElements()) { + String alias = aliasesKey.nextElement(); + if (jksKeystore.isKeyEntry(alias)) { + char[] keyPassword = passwd.toCharArray(); + Key key = jksKeystore.getKey(alias, keyPassword); + Certificate[] chain = jksKeystore.getCertificateChain(alias); + pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain); + } else if (jksKeystore.isCertificateEntry(alias)) { + Certificate cert = jksKeystore.getCertificate(alias); + pkcs12Keystore.setCertificateEntry(alias, cert); + } + } + + try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) { + pkcs12Keystore.store(fos, passwd.toCharArray()); + } + System.out.println("JKS keystore converted to PKCS12 successfully."); + } catch (Exception e) { + e.printStackTrace(); + } + return p12keyFilename; + } + + static { + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + + TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + } +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java index dce28edadf2..52c514af6c4 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java +++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java @@ -180,7 +180,7 @@ public enum HandshakeMode { private static final String SERVER_NAME = "service.localhost"; private static final String SNI_PATTERN = ".*"; - private static final String[] TLS13_CIPHERS = { + private static String[] TLS13_CIPHERS = { "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256" @@ -189,6 +189,12 @@ public enum HandshakeMode { private static final String[] SUPPORTED_NON_KRB_CIPHERS; static { + if (NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + TLS13_CIPHERS = new String[] { + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256" + }; + } try { String[] allSupportedCiphers = getContext() .createSSLEngine().getSupportedCipherSuites(); @@ -796,10 +802,12 @@ public static void checkResult(SSLEngineResult r, */ public static SSLContext getContext() { try { - java.security.Security.setProperty( - "jdk.tls.disabledAlgorithms", ""); - java.security.Security.setProperty( - "jdk.certpath.disabledAlgorithms", ""); + if(!(NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + java.security.Security.setProperty( + "jdk.tls.disabledAlgorithms", ""); + java.security.Security.setProperty( + "jdk.certpath.disabledAlgorithms", ""); + } KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); char[] passphrase = PASSWD.toCharArray(); @@ -848,7 +856,8 @@ public static void setUpAndStartKDC() { * SSLEngineTestCase.TEST_MODE is "krb". */ public static void setUpAndStartKDCIfNeeded() { - if (TEST_MODE.equals("krb")) { + if (TEST_MODE.equals("krb") && + (!(NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")))) { setUpAndStartKDC(); } } @@ -1177,4 +1186,4 @@ private static void startKDC(String realm, Map principals, throw new RuntimeException("KDC: unexpected exception", e); } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java index d1322715749..e4ee8f212e8 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java @@ -31,9 +31,11 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.Security; +import java.security.Provider; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Arrays; import java.util.Base64; import java.util.concurrent.CountDownLatch; import java.util.concurrent.ExecutorService; @@ -48,9 +50,13 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /* * @test * @bug 8205111 + * @library /test/lib * @summary Test TLS with different types of supported keys. * @run main/othervm TLSTest TLSv1.3 rsa_pkcs1_sha1 TLS_AES_128_GCM_SHA256 * @run main/othervm TLSTest TLSv1.3 rsa_pkcs1_sha256 TLS_AES_128_GCM_SHA256 @@ -145,10 +151,25 @@ public class TLSTest { public static void main(String[] args) throws Exception { - final String tlsProtocol = args[0]; + String tlsProtocol = args[0]; final KeyType keyType = KeyType.valueOf(args[1]); - final String cipher = args[2]; - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + String cipher = args[2]; + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } else { + if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) { + System.out.println(tlsProtocol + " is not available."); + return; + } + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipher)) { + System.out.println(cipher + " is not available."); + return; + } + if (!SecurityUtils.TLS_CIPHERSUITES.get(cipher).equals(tlsProtocol)) { + System.out.println(cipher + " does not match " + tlsProtocol); + return; + } + } CountDownLatch serverReady = new CountDownLatch(1); Server server = new Server(tlsProtocol, keyType, cipher, serverReady); server.start(); diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java index 3fabc5bd73c..51315b8a842 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java @@ -71,6 +71,7 @@ import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509KeyManager; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class TLSWithEdDSA extends SSLSocketTemplate { @@ -81,7 +82,7 @@ public class TLSWithEdDSA extends SSLSocketTemplate { private static final String DEF_ALL_EE = "EE_ECDSA_SECP256R1:" + "EE_ECDSA_SECP384R1:EE_ECDSA_SECP521R1:EE_RSA_2048:" + "EE_EC_RSA_SECP256R1:EE_DSA_2048:EE_DSA_1024:EE_ED25519:EE_ED448"; - private static final List TEST_PROTOS = List.of( + private static List TEST_PROTOS = List.of( "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"); private static CertificateFactory certFac; @@ -556,13 +557,15 @@ protected void runClientApplication(SSLSocket socket) throws Exception { } public static void main(String[] args) throws Exception { - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLSv1"); + } certFac = CertificateFactory.getInstance("X.509"); String testFormat; System.out.println("===== Test KeyManager alias retrieval ====="); testKeyManager(DEF_ALL_EE, "EdDSA", - new String[] {"ee_ed25519", "ee_ed448"}); + new String[] {"ee_ed25519", "ee_ed448"}); testFormat = "===== Basic Ed25519 Server-side Authentication: %s =====\n"; @@ -626,6 +629,10 @@ private static void testKeyManager(String keyStoreSpec, String keyType, private static void runtest(String testNameFmt, SessionChecker cliChk, Class cliExpExc, SessionChecker servChk, Class servExpExc) { + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + TEST_PROTOS = List.of( + "TLSv1.3", "TLSv1.2"); + } TEST_PROTOS.forEach(protocol -> { clientParameters.put(ParamType.PROTOS, protocol); TLSWithEdDSA testObj = new TLSWithEdDSA(cliChk, cliExpExc, servChk, diff --git a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java index 092a6e4aee8..bee914b82f5 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java @@ -46,19 +46,26 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + /* * @test * @bug 8206355 8225438 + * @library /test/lib * @summary Test principal that was sent to the peer during handshake. * @run main/othervm TestSessionLocalPrincipal */ public class TestSessionLocalPrincipal { public static void main(String[] args) throws Exception { - - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - for (String tlsProtocol : new String[]{ - "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}) { + String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}; + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } else { + protocols = new String[]{"TLSv1.3", "TLSv1.2"}; + } + for (String tlsProtocol : protocols) { for (boolean clientAuth : new boolean[]{true, false}) { System.out.printf("Protocol %s: Client side auth enabled: %s%n", tlsProtocol, clientAuth); diff --git a/test/jdk/javax/net/ssl/TLSTest_java.security b/test/jdk/javax/net/ssl/TLSTest_java.security new file mode 100644 index 00000000000..1e552f93eaa --- /dev/null +++ b/test/jdk/javax/net/ssl/TLSTest_java.security @@ -0,0 +1,34 @@ +# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends +# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration +# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. +# +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.name = Test-TLS OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.desc.default = false +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \ + {AlgorithmParameters, DiffieHellman, *}, \ + {KeyAgreement, DiffieHellman, *}, \ + {KeyPairGenerator, DiffieHellman, *}, \ + {KeyFactory, DiffieHellman, *}, \ + {Signature, RSAPSS, *}, \ + {Signature, SHA1withRSA, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.2 = sun.security.provider.Sun [+ \ + {KeyStore, JKS, *}, \ + {KeyStore, PKCS12, *}, \ + {MessageDigest, SHA-1, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ + {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ + {AlgorithmParameters, PBEWithMD5AndDES, *}, \ + {SecretKeyFactory, PBEWithMD5AndDES, *}, \ + {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ + {Mac, HmacSHA1, *},\ + {Mac, HmacPBESHA256, *}] + +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}] +RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS.jce.provider.6 = sun.security.ec.SunEC [{KeyFactory, EdDSA, *}, \ + {KeyFactory, Ed25519, *}, \ + {KeyFactory, Ed448, *}, \ + {Signature, SHA1withECDSA, *}] \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java index 7469333e2e0..dce06ac30ff 100644 --- a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java +++ b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java @@ -32,6 +32,7 @@ * @test * @bug 4873188 * @summary Support TLS 1.1 + * @library /test/lib * @run main/othervm EmptyCertificateAuthorities * @modules java.security.jgss * java.security.jgss/sun.security.jgss.krb5 @@ -62,6 +63,9 @@ import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class EmptyCertificateAuthorities { /* @@ -250,10 +254,12 @@ private void initialize() throws CertificateException { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty("jdk.certpath.disabledAlgorithms", - "MD2, RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "MD2, RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java index 24933838e05..ca0dbe80046 100644 --- a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java +++ b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java @@ -51,6 +51,7 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; public class GenericBlockCipher { @@ -150,7 +151,7 @@ void doClientSide() throws Exception { // enable a block cipher sslSocket.setEnabledCipherSuites( - new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"}); + new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"}); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -175,7 +176,9 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // Re-enable TLSv1.1 since test depends on it. - SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java index 99a6599c129..a405847949b 100644 --- a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java +++ b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java @@ -27,6 +27,7 @@ * @test * @bug 4873188 * @summary Support TLS 1.1 + * @library /test/lib * @modules java.security.jgss * java.security.jgss/sun.security.jgss.krb5 * java.security.jgss/sun.security.krb5:+open @@ -51,6 +52,9 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class GenericStreamCipher { /* @@ -107,7 +111,7 @@ void doServerSide() throws Exception { // enable a stream cipher sslServerSocket.setEnabledCipherSuites( - new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); + new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); serverPort = sslServerSocket.getLocalPort(); @@ -152,7 +156,7 @@ void doClientSide() throws Exception { // enable a stream cipher sslSocket.setEnabledCipherSuites( - new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); + new String[] {"SSL_RSA_WITH_RC4_128_MD5"}); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -178,7 +182,9 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + } String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java index 39937f8b743..2da55279adc 100644 --- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java +++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java @@ -31,6 +31,7 @@ * @bug 8139565 * @summary Restrict certificates with DSA keys less than 1024 bits * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm DisabledShortDSAKeys PKIX TLSv1.2 * @run main/othervm DisabledShortDSAKeys SunX509 TLSv1.2 * @run main/othervm DisabledShortDSAKeys PKIX TLSv1.1 @@ -54,6 +55,8 @@ import java.security.interfaces.*; import java.util.Base64; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class DisabledShortDSAKeys extends SSLContextTemplate { @@ -175,11 +178,12 @@ protected ContextParameters getClientContextParameters() { volatile Exception clientException = null; public static void main(String[] args) throws Exception { - Security.setProperty("jdk.certpath.disabledAlgorithms", - "DSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "DSA keySize < 1024"); - + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "DSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "DSA keySize < 1024"); + } if (debug) { System.setProperty("javax.net.debug", "all"); } diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java index 3f275d8a285..ca712127e11 100644 --- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java +++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java @@ -31,6 +31,7 @@ * @bug 7109274 * @summary Consider disabling support for X.509 certificates with RSA keys * less than 1024 bits + * @library /test/lib * @library /javax/net/ssl/templates * @run main/othervm DisabledShortRSAKeys PKIX TLSv1.2 * @run main/othervm DisabledShortRSAKeys SunX509 TLSv1.2 @@ -46,6 +47,9 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class DisabledShortRSAKeys extends SSLSocketTemplate { /* @@ -63,14 +67,24 @@ public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) { @Override public SSLContext createClientSSLContext() throws Exception { - return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null, + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + return createSSLContext(new Cert[]{Cert.CA_RSA_2048}, null, + new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } else { + return createSSLContext(new Cert[]{Cert.CA_RSA_512}, null, new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } } @Override public SSLContext createServerSSLContext() throws Exception { - return createSSLContext(null, new Cert[]{Cert.EE_RSA_512}, + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + return createSSLContext(new Cert[]{Cert.EE_RSA_2048}, null, new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } else { + return createSSLContext(null, new Cert[]{Cert.EE_RSA_512}, + new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); + } } @Override @@ -109,10 +123,12 @@ protected void runClientApplication(SSLSocket socket) throws Exception { } public static void main(String[] args) throws Exception { - Security.setProperty("jdk.certpath.disabledAlgorithms", - "RSA keySize < 1024"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "RSA keySize < 1024"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.certpath.disabledAlgorithms", + "RSA keySize < 1024"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "RSA keySize < 1024"); + } if (debug) { System.setProperty("javax.net.debug", "all"); @@ -126,4 +142,4 @@ public static void main(String[] args) throws Exception { */ new DisabledShortRSAKeys(tmAlgorithm, enabledProtocol).run(); } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java index ec58bc74d0c..c68b72f5e34 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java +++ b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java @@ -27,6 +27,7 @@ /* * @test * @bug 8052406 + * @library /test/lib * @summary SSLv2Hello protocol may be filter out unexpectedly * @run main/othervm ProtocolFilter */ @@ -35,6 +36,9 @@ import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class ProtocolFilter { /* @@ -90,8 +94,13 @@ void doServerSide() throws Exception { (SSLServerSocket) sslssf.createServerSocket(serverPort); // Only enable cipher suites for TLS v1.2. - sslServerSocket.setEnabledCipherSuites( - new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"}); + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + sslServerSocket.setEnabledCipherSuites( + new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}); + } else { + sslServerSocket.setEnabledCipherSuites( + new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA256"}); + } serverPort = sslServerSocket.getLocalPort(); @@ -163,6 +172,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java index c9ff202bd2c..171d2e0cb08 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java +++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java @@ -29,6 +29,7 @@ /* * @test * @bug 7106773 + * @library /test/lib * @summary 512 bits RSA key cannot work with SHA384 and SHA512 * * SunJSSE does not support dynamic system properties, no way to re-use @@ -43,6 +44,8 @@ import javax.net.ssl.*; import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ShortRSAKey512 extends SSLContextTemplate { @@ -170,9 +173,11 @@ private static void parseArguments(String[] args) { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } if (debug) System.setProperty("javax.net.debug", "all"); @@ -185,7 +190,14 @@ public static void main(String[] args) throws Exception { /* * Start the tests. */ - new ShortRSAKey512(); + try { + new ShortRSAKey512(); + } catch (java.security.spec.InvalidKeySpecException ikse) { + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + System.out.println("Inappropriate key specification: RSA keys must be at least 1024 bits long"); + return; + } + } } Thread clientThread = null; @@ -304,4 +316,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java index df6767eadfb..0d5b8c8170e 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java +++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java @@ -33,6 +33,7 @@ * @bug 7030966 * @summary Support AEAD CipherSuites * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm ShortRSAKeyGCM PKIX TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * @run main/othervm ShortRSAKeyGCM PKIX TLS_RSA_WITH_AES_128_GCM_SHA256 * @run main/othervm ShortRSAKeyGCM PKIX TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 @@ -70,6 +71,8 @@ import java.security.spec.*; import java.security.interfaces.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ShortRSAKeyGCM extends SSLContextTemplate { @@ -196,9 +199,11 @@ protected ContextParameters getClientContextParameters() { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); - Security.setProperty("jdk.tls.disabledAlgorithms", - "SSLv3, RC4, DH keySize < 768"); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", + "SSLv3, RC4, DH keySize < 768"); + } if (debug) { System.setProperty("javax.net.debug", "all"); @@ -209,10 +214,29 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + System.out.println(cipherSuite + " is not supported."); + return; + } + } + /* * Start the tests. */ - new ShortRSAKeyGCM(); + try { + new ShortRSAKeyGCM(); + } catch (java.security.spec.InvalidKeySpecException ikse) { + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if ("Inappropriate key specification: RSA keys must be at least 1024 bits long".equals(ikse.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } + } + } catch (Exception e) { + e.printStackTrace(); + return; + } } Thread clientThread = null; @@ -337,4 +361,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java index 52191ec0882..cfacfe0383d 100644 --- a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java +++ b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java @@ -33,6 +33,7 @@ * @bug 8049321 * @summary Support SHA256WithDSA in JSSE * @library /javax/net/ssl/templates + * @library /test/lib * @run main/othervm SignatureAlgorithms PKIX "SHA-224,SHA-256" * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-224" @@ -54,6 +55,9 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class SignatureAlgorithms extends SSLContextTemplate { /* @@ -262,17 +266,27 @@ public static void main(String[] args) throws Exception { return; } - /* - * Expose the target algorithms by diabling unexpected algorithms. - */ - Security.setProperty( - "jdk.certpath.disabledAlgorithms", disabledAlgorithms); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + /* + * Expose the target algorithms by diabling unexpected algorithms. + */ + Security.setProperty( + "jdk.certpath.disabledAlgorithms", disabledAlgorithms); - /* - * Reset the security property to make sure that the algorithms - * and keys used in this test are not disabled by default. - */ - Security.setProperty( "jdk.tls.disabledAlgorithms", ""); + /* + * Reset the security property to make sure that the algorithms + * and keys used in this test are not disabled by default. + */ + Security.setProperty( "jdk.tls.disabledAlgorithms", ""); + } else { + if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + System.out.println(cipherSuite + " is not available."); + } + if (!SecurityUtils.TLS_CIPHERSUITES.get(cipherSuite).equals("TLSv1.2")) { + System.out.println(cipherSuite + " does not match TLSv1.2"); + } + cipherSuite = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; + } /* * Start the tests. @@ -402,4 +416,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java index 7bb3e2c8d2b..ce29dc38f0a 100644 --- a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +++ b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java @@ -25,6 +25,7 @@ * @test * @bug 8076221 8211883 * @summary Check if weak cipher suites are disabled + * @library /test/lib * @modules jdk.crypto.ec * @run main/othervm DisabledAlgorithms default * @run main/othervm DisabledAlgorithms empty @@ -45,6 +46,9 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class DisabledAlgorithms { private static final String pathToStores = "../etc"; @@ -118,6 +122,9 @@ public static void main(String[] args) throws Exception { checkFailure(rc4_null_anon_ciphersuites); break; case "empty": + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + return; + } // reset jdk.tls.disabledAlgorithms Security.setProperty("jdk.tls.disabledAlgorithms", ""); System.out.println("jdk.tls.disabledAlgorithms = " @@ -395,4 +402,4 @@ static SSLClient init(int port, String ciphersuite) } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java index 00c19241f58..9e07ab3598c 100644 --- a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java +++ b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java @@ -410,4 +410,4 @@ public void run() { } } } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java index c147f732ec5..5c9dfbd4b15 100644 --- a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java +++ b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java @@ -778,4 +778,4 @@ private static String dumpHexBytes(ByteBuffer data, int itemsPerLine, return sb.toString(); } -} +} \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java index 69611763e32..79d7fb56e33 100644 --- a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java +++ b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java @@ -24,6 +24,7 @@ /* * @test * @summary Test behavior related to finalize + * @library /test/lib * @run main/othervm SSLSessionFinalizeTest * @run main/othervm/policy=security.policy SSLSessionFinalizeTest */ @@ -41,6 +42,10 @@ import javax.net.ssl.SSLSessionBindingListener; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.SSLContext; + +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSessionFinalizeTest { @@ -93,6 +98,7 @@ public class SSLSessionFinalizeTest { void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); + SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); @@ -104,6 +110,9 @@ void doServerSide() throws Exception { while (serverReady) { SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); + SSLSession sslSession = sslSocket.getSession(); + System.out.println("Cipher Suite used: " + sslSession.getCipherSuite()); + // System.out.printf(" accept: %s%n", sslSocket); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); @@ -192,6 +201,11 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java index 0fc9c02f2d0..cb9f12497bd 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java @@ -25,6 +25,7 @@ * @test * @bug 4750141 4895631 8217579 8163326 * @summary Check enabled and supported ciphersuites are correct + * @library /test/lib * @run main/othervm CheckCipherSuites default * @run main/othervm CheckCipherSuites limited */ @@ -33,6 +34,9 @@ import java.security.Security; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class CheckCipherSuites { // List of enabled cipher suites when the "crypto.policy" security @@ -160,6 +164,25 @@ public class CheckCipherSuites { "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }; + // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security + // property is set. + private final static String[] ENABLED_FIPS = { + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + }; + // List of supported cipher suites when the "crypto.policy" security // property is set to "unlimited" (the default value). private final static String[] SUPPORTED_DEFAULT = { @@ -285,6 +308,25 @@ public class CheckCipherSuites { "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }; + // List of enabled cipher suites when the "-Dsemeru.fips=true -Dsemeru.customprofile" security + // property is set. + private final static String[] SUPPORTED_FIPS = { + "TLS_AES_256_GCM_SHA384", + "TLS_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + }; + private static void showSuites(String[] suites) { if ((suites == null) || (suites.length == 0)) { System.out.println(""); @@ -303,7 +345,12 @@ public static void main(String[] args) throws Exception { String[] ENABLED; String[] SUPPORTED; - if (args[0].equals("default")) { + String[] FIPS; + + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + ENABLED = ENABLED_FIPS; + SUPPORTED = SUPPORTED_FIPS; + } else if (args[0].equals("default")) { ENABLED = ENABLED_DEFAULT; SUPPORTED = SUPPORTED_DEFAULT; } else if (args[0].equals("limited")) { diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java index 2817e3400ab..39fd4bf2d16 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java @@ -20,10 +20,11 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ -import java.util.Arrays; +import java.util.*; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; /* @@ -81,13 +82,41 @@ public class SystemPropCipherSuitesOrder extends SSLSocketTemplate { private static String[] clientcipherSuites; public static void main(String[] args) { - servercipherSuites + + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS")) { + if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + System.out.println(args[0] + " is not supported in FIPS 140-3."); + return; + } + List tmpClient = new ArrayList<>(); + if (System.getProperty("jdk.tls.client.cipherSuites") != null) { + for (String clientcipherSuite : toArray(System.getProperty("jdk.tls.client.cipherSuites"))) { + if (SecurityUtils.TLS_CIPHERSUITES.containsKey(clientcipherSuite)) { + tmpClient.add(clientcipherSuite); + System.out.println("jdk.tls.client.cipherSuites: " + clientcipherSuite); + } + } + } + List tmpServer = new ArrayList<>(); + if (System.getProperty("jdk.tls.server.cipherSuites") != null) { + for (String servercipherSuite : toArray(System.getProperty("jdk.tls.server.cipherSuites"))) { + if (SecurityUtils.TLS_CIPHERSUITES.containsKey(servercipherSuite)) { + tmpServer.add(servercipherSuite); + System.out.println("jdk.tls.server.cipherSuites: " + servercipherSuite); + } + } + } + servercipherSuites = tmpServer.toArray(new String[0]); + clientcipherSuites = tmpClient.toArray(new String[0]); + } else { + servercipherSuites = toArray(System.getProperty("jdk.tls.server.cipherSuites")); - clientcipherSuites + clientcipherSuites = toArray(System.getProperty("jdk.tls.client.cipherSuites")); + } System.out.printf("SYSTEM PROPERTIES: ServerProp:%s - ClientProp:%s%n", - Arrays.deepToString(servercipherSuites), - Arrays.deepToString(clientcipherSuites)); + Arrays.deepToString(servercipherSuites), + Arrays.deepToString(clientcipherSuites)); try { new SystemPropCipherSuitesOrder(args[0]).run(); @@ -100,7 +129,9 @@ private SystemPropCipherSuitesOrder(String protocol) { this.protocol = protocol; // Re-enable protocol if disabled. if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { - SecurityUtils.removeFromDisabledTlsAlgs(protocol); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS"))) { + SecurityUtils.removeFromDisabledTlsAlgs(protocol); + } } } diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java index c2171d80889..f20c87950eb 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java @@ -24,6 +24,7 @@ import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; +import jdk.test.lib.Utils; import jdk.test.lib.security.SecurityUtils; /* @@ -59,6 +60,12 @@ public class TLSCipherSuitesOrder extends SSLSocketTemplate { public static void main(String[] args) { PROTOCOL protocol = PROTOCOL.valueOf(args[0]); + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + System.out.println(args[0] + " is not supported in FIPS 140-3."); + return; + } + } try { new TLSCipherSuitesOrder(protocol.getProtocol(), protocol.getCipherSuite(args[1]), diff --git a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java index 39e88abce8e..8c5135723cb 100644 --- a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java +++ b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java @@ -58,6 +58,8 @@ public class CipherTest { static SecureRandom secureRandom; private static PeerFactory peerFactory; + public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); + public static final String PROFILE = System.getProperty("semeru.customprofile"); static abstract class Server implements Runnable { @@ -135,8 +137,24 @@ private CipherTest(PeerFactory peerFactory) throws IOException { factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); SSLSocket socket = (SSLSocket)factory.createSocket(); String[] cipherSuites = socket.getSupportedCipherSuites(); - String[] protocols = socket.getSupportedProtocols(); - String[] clientAuths = {null, "RSA", "DSA"}; + String[] protocols = null; + String[] clientAuths = null; + if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + clientAuths = new String[]{null, "RSA"}; + List tmp = new ArrayList<>(); + for (String protocol : socket.getSupportedProtocols()) { + if (protocol.equals("TLSv1.2") || protocol.equals("TLSv1.3")) { + tmp.add(protocol); + } + } + if (tmp.size() == 0 || tmp == null) { + return; + } + protocols = tmp.toArray(new String[0]); + } else { + clientAuths = new String[]{null, "RSA", "DSA"}; + protocols = socket.getSupportedProtocols(); + } tests = new ArrayList( cipherSuites.length * protocols.length * clientAuths.length); for (int j = 0; j < protocols.length; j++) { @@ -248,6 +266,16 @@ public final void run() { try { runTest(params); System.out.println("Passed " + params); + } catch (javax.net.ssl.SSLException sslException) { + if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if ("DSA signing not supported in FIPS".equals(sslException.getMessage())) { + System.out.println("Expected exception msg: is caught."); + } else { + cipherTest.setFailed(); + System.out.println("** Failed " + params + "**"); + sslException.printStackTrace(); + } + } } catch (Exception e) { cipherTest.setFailed(); System.out.println("** Failed " + params + "**"); diff --git a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java index 09e40c033b3..fb41a704027 100644 --- a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java +++ b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java @@ -27,17 +27,22 @@ * @summary Verify that all ciphersuites work in all configurations * @author Andreas Sterbenz * @library ../../TLSCommon + * @library /test/lib * @run main/othervm/timeout=300 ClientJSSEServerJSSE */ import java.security.Security; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ClientJSSEServerJSSE { public static void main(String[] args) throws Exception { // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + } CipherTest.main(new JSSEFactory(), args); } diff --git a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java index dcf0fab42c9..2404c36fddd 100644 --- a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java +++ b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java @@ -25,11 +25,15 @@ * @test * @bug 4635454 6208022 8130181 * @summary Check pluggability of SSLContext class. + * @library /test/lib */ import java.security.*; import java.net.*; import javax.net.ssl.*; +import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; + public class CheckSSLContextExport extends Provider { private static String info = "test provider for JSSE pluggability"; @@ -107,6 +111,9 @@ public static void test(String protocol) throws Exception { public static void main(String[] argv) throws Exception { String protocols[] = { "SSL", "TLS" }; + if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + protocols = new String[] { "TLS" }; + } Provider extraProvider = new CheckSSLContextExport(protocols); Security.insertProviderAt(extraProvider, 1); try { diff --git a/test/jdk/javax/net/ssl/templates/NetSslUtils.java b/test/jdk/javax/net/ssl/templates/NetSslUtils.java new file mode 100644 index 00000000000..14b611d4e4e --- /dev/null +++ b/test/jdk/javax/net/ssl/templates/NetSslUtils.java @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + import java.security.Security; + import java.security.Provider; + import java.util.List; + import java.util.ArrayList; + import java.util.Map; + import java.util.HashMap; + + import java.io.FileInputStream; + import java.io.FileOutputStream; + import java.security.KeyStore; + import java.security.Key; + import java.security.cert.Certificate; + import java.util.Enumeration; + + public class NetSslUtils { + public static final List TLS_PROTOCOLS = new ArrayList<>(); + public static final Map TLS_CIPHERSUITES = new HashMap<>(); + + public static final String isFIPS = System.getProperty("semeru.fips"); + public static boolean isFIPS() { + System.out.println("semeru.fips is: " + System.getProperty("semeru.fips")); + return Boolean.parseBoolean(isFIPS); + } + + public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile"); + public static String getFipsProfile() { + System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile")); + return FIPS_PROFILE; + } + + public static String revertJKSToPKCS12(String keyFilename, String passwd) { + String p12keyFilename = keyFilename + ".p12"; + try { + KeyStore jksKeystore = KeyStore.getInstance("JKS"); + try (FileInputStream fis = new FileInputStream(keyFilename)) { + jksKeystore.load(fis, passwd.toCharArray()); + } + + KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12"); + pkcs12Keystore.load(null, null); + + Enumeration aliasesKey = jksKeystore.aliases(); + while (aliasesKey.hasMoreElements()) { + String alias = aliasesKey.nextElement(); + if (jksKeystore.isKeyEntry(alias)) { + char[] keyPassword = passwd.toCharArray(); + Key key = jksKeystore.getKey(alias, keyPassword); + Certificate[] chain = jksKeystore.getCertificateChain(alias); + pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain); + } else if (jksKeystore.isCertificateEntry(alias)) { + Certificate cert = jksKeystore.getCertificate(alias); + pkcs12Keystore.setCertificateEntry(alias, cert); + } + } + + try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) { + pkcs12Keystore.store(fos, passwd.toCharArray()); + } + System.out.println("JKS keystore converted to PKCS12 successfully."); + } catch (Exception e) { + e.printStackTrace(); + } + return p12keyFilename; + } + + static { + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + + TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + } + } \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java index 568575faaee..a2b36f20b6e 100644 --- a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java @@ -111,8 +111,7 @@ protected TrustManager createTrustManager(Cert[] trustedCerts, ContextParameters params) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream is; - - KeyStore ts = KeyStore.getInstance("JKS"); + KeyStore ts = KeyStore.getInstance("JKS"); ts.load(null, null); if (trustedCerts != null && trustedCerts.length != 0) { diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java index fa6cccbcdcf..2af16124e8b 100644 --- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java @@ -176,6 +176,9 @@ protected void configureServerSocket(SSLServerSocket socket) { protected void doServerSide() throws Exception { // kick start the server side service SSLContext context = createServerSSLContext(); + if (context == null) { + return; + } SSLServerSocketFactory sslssf = context.getServerSocketFactory(); InetAddress serverAddress = this.serverAddress; SSLServerSocket sslServerSocket = serverAddress == null ? @@ -266,6 +269,9 @@ protected void doClientSide() throws Exception { } SSLContext context = createClientSSLContext(); + if (context == null) { + return; + } SSLSocketFactory sslsf = context.getSocketFactory(); try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) { diff --git a/test/jdk/javax/net/ssl/templates/TLSBase.java b/test/jdk/javax/net/ssl/templates/TLSBase.java index bcddb1147c8..d8a26efff7d 100644 --- a/test/jdk/javax/net/ssl/templates/TLSBase.java +++ b/test/jdk/javax/net/ssl/templates/TLSBase.java @@ -20,7 +20,6 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ - import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; @@ -72,6 +71,12 @@ abstract public class TLSBase { String trustFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; + + if ((NetSslUtils.isFIPS() && NetSslUtils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + keyFilename = NetSslUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = NetSslUtils.revertJKSToPKCS12(trustFilename, passwd); + } + System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); System.setProperty("javax.net.ssl.trustStore", trustFilename); diff --git a/test/lib/jdk/test/lib/Utils.java b/test/lib/jdk/test/lib/Utils.java index f84ddab6d55..ef3c42d255c 100644 --- a/test/lib/jdk/test/lib/Utils.java +++ b/test/lib/jdk/test/lib/Utils.java @@ -59,6 +59,12 @@ import java.util.function.Function; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.security.KeyStore; +import java.security.Key; +import java.security.cert.Certificate; +import java.util.Enumeration; import static jdk.test.lib.Asserts.assertTrue; import jdk.test.lib.process.ProcessTools; @@ -148,6 +154,54 @@ public final class Utils { * Contains the seed value used for {@link java.util.Random} creation. */ public static final long SEED; + + public static final String isFIPS = System.getProperty("semeru.fips"); + public static boolean isFIPS() { + System.out.println("semeru.fips is: " + System.getProperty("semeru.fips")); + return Boolean.parseBoolean(isFIPS); + } + + public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile"); + public static String getFipsProfile() { + System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile")); + return FIPS_PROFILE; + } + + public static String revertJKSToPKCS12(String keyFilename, String passwd) { + String p12keyFilename = keyFilename + ".p12"; + try { + KeyStore jksKeystore = KeyStore.getInstance("JKS"); + try (FileInputStream fis = new FileInputStream(keyFilename)) { + jksKeystore.load(fis, passwd.toCharArray()); + } + + KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12"); + pkcs12Keystore.load(null, null); + + Enumeration aliasesKey = jksKeystore.aliases(); + while (aliasesKey.hasMoreElements()) { + String alias = aliasesKey.nextElement(); + if (jksKeystore.isKeyEntry(alias)) { + char[] keyPassword = passwd.toCharArray(); + Key key = jksKeystore.getKey(alias, keyPassword); + Certificate[] chain = jksKeystore.getCertificateChain(alias); + pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain); + } else if (jksKeystore.isCertificateEntry(alias)) { + Certificate cert = jksKeystore.getCertificate(alias); + pkcs12Keystore.setCertificateEntry(alias, cert); + } + } + + try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) { + pkcs12Keystore.store(fos, passwd.toCharArray()); + } + System.out.println("JKS keystore converted to PKCS12 successfully."); + } catch (Exception e) { + e.printStackTrace(); + } + return p12keyFilename; + } + static { var seed = Long.getLong(SEED_PROPERTY_NAME); if (seed != null) { diff --git a/test/lib/jdk/test/lib/security/SecurityUtils.java b/test/lib/jdk/test/lib/security/SecurityUtils.java index 319416a466c..9451bec5aab 100644 --- a/test/lib/jdk/test/lib/security/SecurityUtils.java +++ b/test/lib/jdk/test/lib/security/SecurityUtils.java @@ -30,6 +30,7 @@ import java.util.List; import java.util.stream.Collectors; import java.util.stream.Stream; +import java.util.*; /** * Common library for various security test helper functions. @@ -126,4 +127,35 @@ private static boolean anyMatch(String value, List algs) { } private SecurityUtils() {} + + public static final List TLS_PROTOCOLS = new ArrayList<>(); + public static final Map TLS_CIPHERSUITES = new HashMap<>(); + + static { + TLS_PROTOCOLS.add("TLSv1.2"); + TLS_PROTOCOLS.add("TLSv1.3"); + + TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + TLS_CIPHERSUITES.put("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2"); + } }