diff --git a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java index 669e15a459d..16871773640 100644 --- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java @@ -75,18 +75,29 @@ public static void main(String[] args) throws Exception { try { testCase.runTest(testCase); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS() - && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { - if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { - System.out.println("Expected exception msg: is caught"); + if (Utils.isFIPS()) { + if(!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } else { + System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught"); + return; + } + } else { + System.out.println("Unexpected exception is caught"); + sslhe.printStackTrace(); return; } + } else { + System.out.println("Unexpected exception is caught in Non-FIPS mode"); + sslhe.printStackTrace(); + return; } } catch (Exception e) { e.printStackTrace(); return; } - testCase.runTest(testCase); } @Override @@ -99,4 +110,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception { return engine; } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java index d3e8933a006..b18238f7217 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSHandshakeWithReplicatedPacketsTest.java @@ -48,9 +48,6 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; -import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; - /** * Testing DTLS engines handshake using each of the supported cipher suites with * replicated packets check. @@ -62,9 +59,7 @@ public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase { public static void main(String[] args) { DTLSHandshakeWithReplicatedPacketsTest test = new DTLSHandshakeWithReplicatedPacketsTest(); - if (Utils.isFIPS()) { - setUpAndStartKDCIfNeeded(); - } + setUpAndStartKDCIfNeeded(); test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java index 9165e4fe17a..2e59cb73857 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java @@ -53,9 +53,6 @@ import java.util.Random; import jdk.test.lib.RandomFactory; -import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; - /** * Testing DTLS incorrect app data packages unwrapping. Incorrect application * data packages should be ignored by DTLS SSLEngine. @@ -66,9 +63,7 @@ public class DTLSIncorrectAppDataTest extends SSLEngineTestCase { public static void main(String[] s) { DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest(); - if (Utils.isFIPS()) { - setUpAndStartKDCIfNeeded(); - } + setUpAndStartKDCIfNeeded(); test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java index bc8bb88dd68..1820dbe5423 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java @@ -46,7 +46,6 @@ import java.util.concurrent.atomic.AtomicBoolean; import jdk.test.lib.hexdump.HexPrinter; -import jdk.test.lib.Utils; /** * An example to show the way to use SSLEngine in datagram connections. diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java index fbd13e7f957..2eb792a2d37 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java @@ -55,9 +55,6 @@ import java.util.Random; import jdk.test.lib.RandomFactory; -import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; - /** * Testing DTLS records sequence number property support in application data * exchange. @@ -72,9 +69,7 @@ public class DTLSSequenceNumberTest extends SSLEngineTestCase { public static void main(String[] args) { DTLSSequenceNumberTest test = new DTLSSequenceNumberTest(); - if (Utils.isFIPS()) { - setUpAndStartKDCIfNeeded(); - } + setUpAndStartKDCIfNeeded(); test.runTests(); } diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java index 54e7a3863f6..fac0d50a7e1 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java @@ -78,11 +78,24 @@ public static void main(String[] args) throws Exception { } catch (SocketTimeoutException exc) { System.out.println("The server timed-out waiting for packets from the client."); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS() && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { - if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { - System.out.println("Expected exception msg: is caught"); + if (Utils.isFIPS()) { + if(!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } else { + System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught"); + return; + } + } else { + System.out.println("Unexpected exception is caught"); + sslhe.printStackTrace(); return; } + } else { + System.out.println("Unexpected exception is caught in Non-FIPS mode"); + sslhe.printStackTrace(); + return; } } } diff --git a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java index f87ee56e13f..0f9295cb436 100644 --- a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java @@ -66,12 +66,24 @@ public static void main(String[] args) throws Exception { try { testCase.runTest(testCase); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS() - && !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { - if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { - System.out.println("Expected exception msg: is caught"); + if (Utils.isFIPS()) { + if(!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { + if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { + System.out.println("Expected exception msg: is caught"); + return; + } else { + System.out.println("Unexpected exception msg: <" + sslhe.getMessage() + "> is caught"); + return; + } + } else { + System.out.println("Unexpected exception is caught"); + sslhe.printStackTrace(); return; } + } else { + System.out.println("Unexpected exception is caught in Non-FIPS mode"); + sslhe.printStackTrace(); + return; } } catch (Exception e) { e.printStackTrace(); @@ -86,4 +98,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception { return engine; } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java b/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java index 666a409a068..3be3b2b7dba 100644 --- a/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java +++ b/test/jdk/javax/net/ssl/FIPSFlag/FIPSFlagTests.java @@ -37,4 +37,4 @@ * -Dsemeru.fips=true * -Dsemeru.customprofile=OpenJCEPlusFIPS * TestFIPS true 140-3 - */ \ No newline at end of file + */ diff --git a/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java b/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java index 180bb90a2ca..0a3204ea7a2 100644 --- a/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java +++ b/test/jdk/javax/net/ssl/FIPSFlag/TestFIPS.java @@ -83,4 +83,4 @@ public FIPSException(String message) { super(message); } } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java index 9bf77e7b50e..09ea450c15d 100644 --- a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java +++ b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java @@ -39,7 +39,6 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class ImplicitHandshake { diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java index 8c40bae320c..d502c5319ff 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java @@ -55,7 +55,6 @@ import java.security.cert.Certificate; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class CriticalSubjectAltName implements HostnameVerifier { /* @@ -201,11 +200,20 @@ public static void main(String[] args) throws Exception { if ("Algorithm constraints check failed on signature algorithm: MD5withRSA".equals(e.getMessage())) { System.out.println("MD5withRSA is not a supported signature algorithm."); return; + } else { + System.out.println("Unexpected exception msg: <" + e.getMessage() + "> is caught"); + return; } + } else { + System.out.println("Unexpected exception is caught"); + e.printStackTrace(); + return; } + } else { + System.out.println("Unexpected exception is caught in Non-FIPS mode"); + e.printStackTrace(); + return; } - e.printStackTrace(); - return; } } diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java index 85f29bb6666..310cc7303ff 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java @@ -39,7 +39,6 @@ import java.security.cert.Certificate; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class GetResponseCode implements HostnameVerifier { /* diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security b/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security deleted file mode 100644 index 86339bbd395..00000000000 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/TLSTest_HttpsURLConnection_java.security +++ /dev/null @@ -1,29 +0,0 @@ -# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends -# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration -# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. -# -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.name = Test-TLS-HttpsURLConnection OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.desc.default = false -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \ - {AlgorithmParameters, DiffieHellman, *}, \ - {KeyAgreement, DiffieHellman, *}, \ - {KeyPairGenerator, DiffieHellman, *}, \ - {KeyFactory, DiffieHellman, *}, \ - {MessageDigest, MD5, *}] - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.2 = sun.security.provider.Sun [+ \ - {KeyStore, JKS, *}, \ - {KeyStore, PKCS12, *}, \ - {MessageDigest, SHA-1, *}] - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ - {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ - {AlgorithmParameters, PBEWithMD5AndDES, *}, \ - {SecretKeyFactory, PBEWithMD5AndDES, *}, \ - {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ - {Mac, HmacSHA1, *},\ - {Mac, HmacPBESHA256, *}] - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}] \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java index b913f7c7e5d..b715ce09a5e 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ArgCheck.java @@ -36,9 +36,6 @@ import java.security.*; import java.nio.*; -import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; - public class ArgCheck { private static boolean debug = false; @@ -261,8 +258,6 @@ static private SSLEngine createSSLEngine(String keyFile, String trustFile) KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); - ks.load(null, null); - char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(keyFile), passphrase); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java index 7e9c6e30f62..6ba4d73747b 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java @@ -196,13 +196,14 @@ public static void main(String args[]) throws Exception { contextVersion.equals("TLSv1.1")) { SecurityUtils.removeFromDisabledTlsAlgs(contextVersion); } - } else { - if (!SecurityUtils.TLS_PROTOCOLS.contains(contextVersion)) { - return; - } - } - - Arrays test = null; + } + // else { + // if (!SecurityUtils.TLS_PROTOCOLS.contains(contextVersion)) { + // return; + // } + // } + + Arrays test; test = new Arrays(); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Basics.java b/test/jdk/javax/net/ssl/SSLEngine/Basics.java index e0786c95e91..e5fcf225d55 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Basics.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Basics.java @@ -74,7 +74,6 @@ private static void runTest(String protocol, String cipherSuite) throws Exceptio KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); - char[] passphrase = "passphrase".toCharArray(); ks.load(new FileInputStream(KEYSTORE_PATH), passphrase); diff --git a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java index d009a6a17cc..93447ec3b3e 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java +++ b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java @@ -39,13 +39,8 @@ import java.io.*; import java.security.*; import java.nio.*; -import java.util.concurrent.Callable; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class CheckTlsEngineResults { @@ -73,8 +68,6 @@ public class CheckTlsEngineResults { private ByteBuffer clientToServer; // "reliable" transport clientEngine->serverEngine private ByteBuffer serverToClient; // "reliable" transport serverEngine->clientEngine - private static Thread catchException; - /* * Majority of the test case is here, setup is done below. */ @@ -140,7 +133,6 @@ private void test() throws Exception { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }; } else { suite1 = new String [] { - // "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }; "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }; } @@ -169,9 +161,7 @@ private void test() throws Exception { result2 = serverEngine.unwrap(clientToServer, serverIn); checkResult(clientToServer, serverIn, result2, - Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); - - + Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); runDelegatedTasks(serverEngine); clientToServer.compact(); @@ -207,7 +197,6 @@ private void test() throws Exception { checkResult(clientToServer, serverIn, result2, Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); - runDelegatedTasks(serverEngine); clientToServer.compact(); @@ -713,7 +702,7 @@ private void createBuffers() { log(""); } - private static void runDelegatedTasks(SSLEngine engine) throws Exception { + private static void runDelegatedTasks(SSLEngine engine) { Runnable runnable; while ((runnable = engine.getDelegatedTask()) != null) { @@ -721,49 +710,6 @@ private static void runDelegatedTasks(SSLEngine engine) throws Exception { runnable.run(); } } - // private static void runDelegatedTasks(SSLEngine engine) throws Exception { - // ExecutorService executorService = Executors.newSingleThreadExecutor(); - - // // create Runnable - // Runnable myRunnable = () -> { - // System.out.println("Executing Runnable..."); - // throw new RuntimeException("Simulated exception in Runnable"); - // }; - - // RunnableCallable runnableCallable = new RunnableCallable(myRunnable); - - // Future future = executorService.submit(runnableCallable); - - // try { - // future.get(); - // } catch (Exception e) { - // System.err.println("Exception caught: " + e.getMessage()); - // e.printStackTrace(); - // } - - // executorService.shutdown(); - // } - - // static class RunnableCallable implements Callable { - // private Runnable runnable; - - // public RunnableCallable(Runnable runnable) { - // this.runnable = runnable; - // } - - // @Override - // public Void call() throws Exception { - // try { - // runnable.run(); - // } catch (Exception e) { - // System.out.println("!!!"); - // e.printStackTrace(); - // throw new RuntimeException("Exception in Runnable", e); - // } - // return null; - // } - // } - private static void log(String str) { System.out.println(str); diff --git a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java index 593fdcf9dc6..066a06b3bef 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java @@ -45,7 +45,6 @@ import java.nio.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class ConnectionTest { diff --git a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java index a5be775d9ee..e25b3cb2473 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java @@ -39,7 +39,6 @@ import static javax.net.ssl.SSLEngineResult.HandshakeStatus.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class EngineCloseOnAlert { diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java index b70380312e1..89602cbdc6d 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeyEngine.java @@ -26,7 +26,6 @@ * @bug 4981697 * @summary Rework the X509KeyManager to avoid incompatibility issues * @author Brad R. Wetmore - * @library /test/lib * @run main/othervm -Djdk.tls.acknowledgeCloseNotify=true ExtendedKeyEngine */ @@ -36,9 +35,6 @@ import java.security.*; import java.nio.*; -import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; - public class ExtendedKeyEngine { private static boolean debug = false; diff --git a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java index ac52340eae8..ef4eef3a330 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ExtendedKeySocket.java @@ -25,7 +25,6 @@ * @test * @bug 4981697 * @summary Rework the X509KeyManager to avoid incompatibility issues - * @library /test/lib * @run main/othervm ExtendedKeySocket * * SunJSSE does not support dynamic system properties, no way to re-use @@ -91,9 +90,9 @@ SSLContext getSSLContext(boolean abs) throws Exception { SSLContext ctx = SSLContext.getInstance("TLS"); KeyStore keyKS = KeyStore.getInstance("JKS"); - KeyStore trustKS = KeyStore.getInstance("JKS"); - keyKS.load(new FileInputStream(keyFilename), passwd); + + KeyStore trustKS = KeyStore.getInstance("JKS"); trustKS.load(new FileInputStream(trustFilename), passwd); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); diff --git a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java index 45d95733d34..eba6a6aa3de 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java +++ b/test/jdk/javax/net/ssl/SSLEngine/FinishedPresent.java @@ -28,7 +28,6 @@ * @test * @bug 8233619 * @summary SSLEngine has not yet caused Solaris kernel to panic - * @library /test/lib * @run main/othervm FinishedPresent */ import javax.net.ssl.*; diff --git a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java index d8f56cb9f91..295ad66646c 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java +++ b/test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java @@ -24,7 +24,6 @@ /* * @test * @bug 8042449 8299870 - * @library /test/lib * @library /javax/net/ssl/templates * @summary Verify successful handshake ignores invalid record version * diff --git a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java index bec04e37689..5dc19f1475e 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java +++ b/test/jdk/javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java @@ -30,7 +30,6 @@ * @test * @bug 8180643 * @summary Illegal handshake message - * @library /test/lib * @run main/othervm IllegalHandshakeMessage */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java index b8d776d5ba0..6afcc648261 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java +++ b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java @@ -44,7 +44,6 @@ import java.util.Random; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class LargeBufs { @@ -317,4 +316,4 @@ private static void log(String str) { System.out.println(str); } } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java index 27410985532..c04eaf92cb0 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java +++ b/test/jdk/javax/net/ssl/SSLEngine/LargePacket.java @@ -32,7 +32,6 @@ * @bug 6388456 * @summary Need adjustable TLS max record size for interoperability * with non-compliant - * @library /test/lib * @run main/othervm LargePacket * * @author Xuelei Fan diff --git a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java index 9252d5f4253..1ea7da92d28 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java +++ b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java @@ -152,9 +152,9 @@ public static void main(String args[]) throws Exception { tlsProtocol = args[0]; } } - if (tlsProtocol == null) { - return; - } + // if (tlsProtocol == null) { + // return; + // } if (debug) { System.setProperty("javax.net.debug", "all"); diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java index 95d64024cd7..079b6d535ed 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java +++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineResultArgs.java @@ -25,7 +25,6 @@ * @test * @bug 4965868 * @summary SSLEngineResult constructor needs null argument description - * @library /test/lib * @author Brad Wetmore */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java index a1ddee74bb2..5b7d0c4e688 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java +++ b/test/jdk/javax/net/ssl/SSLEngine/SSLEngineService.java @@ -28,7 +28,6 @@ * * Helper class of SSL/TLS client/server communication. * - * @library /test/lib * @author Xuelei Fan */ diff --git a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java index cbda8e46ecf..c4e4e3d8dcc 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java +++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java @@ -248,11 +248,12 @@ public static void main(String args[]) throws Exception { case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2"); } - } else { - if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { - return; - } - } + } + // else { + // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + // return; + // } + // } TestAllSuites testAllSuites = new TestAllSuites(args[0]); testAllSuites.createSSLEngines(); diff --git a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java index fb7eaa7c60f..baf768a2ad4 100644 --- a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java @@ -41,7 +41,6 @@ import java.util.Arrays; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class UseCipherSuitesOrder { diff --git a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java index 71c991227a8..98c7afb2738 100644 --- a/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java +++ b/test/jdk/javax/net/ssl/SSLSession/CheckSessionContext.java @@ -70,7 +70,7 @@ public static void main(String[] args) throws Exception { server.close(client1); client1.close(); - // Resume the client session + // Resume the client session TLSBase.Client client2 = new TLSBase.Client(); if (server.getSession(client2).getSessionContext() == null) { throw new Exception("Context was null on resumption"); diff --git a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java index 6cf0bdf6456..5ae7b17ad5e 100644 --- a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java +++ b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java @@ -44,7 +44,6 @@ import java.security.cert.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class HttpsURLConnectionLocalCertificateChain implements HandshakeCompletedListener, diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java index ead62a7d310..31225107ec0 100644 --- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java +++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java @@ -42,7 +42,6 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class JSSERenegotiate { @@ -225,6 +224,7 @@ public static void main(String[] args) throws Exception { if (debug) System.setProperty("javax.net.debug", "all"); + /* * Start the tests. */ diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java index 9d5d8772919..7b5262fb1c6 100644 --- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java +++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java @@ -42,7 +42,6 @@ import java.security.SecureRandom; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class RenegotiateTLS13 { diff --git a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java index 2c3470b0336..3e70af733fb 100644 --- a/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java +++ b/test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java @@ -27,7 +27,6 @@ /* * @test * @bug 8211806 8277881 8277307 - * @library /test/lib * @summary TLS 1.3 handshake server name indication is missing on a session resume * @run main/othervm ResumeTLS13withSNI */ @@ -39,9 +38,6 @@ import java.nio.*; import java.util.List; -import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; - public class ResumeTLS13withSNI { /* @@ -73,10 +69,10 @@ public class ResumeTLS13withSNI { private static final String trustStoreFile = "truststore"; private static final char[] passphrase = "passphrase".toCharArray(); - private static String keyFilename = + private static final String keyFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + keyStoreFile; - private static String trustFilename = + private static final String trustFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; @@ -468,7 +464,7 @@ private static KeyManagerFactory makeKeyManagerFactory(String ksPath, char[] pass) throws GeneralSecurityException, IOException { KeyManagerFactory kmf; KeyStore ks = KeyStore.getInstance("JKS"); - + try (FileInputStream fsIn = new FileInputStream(ksPath)) { ks.load(fsIn, pass); kmf = KeyManagerFactory.getInstance("SunX509"); diff --git a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java index 6715eba5237..a05f925690a 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java +++ b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java @@ -42,7 +42,6 @@ import java.security.KeyStore; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class SSLCtxAccessToSessCtx { @@ -189,7 +188,6 @@ public static void main(String[] args) throws Exception { sslctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(keyFilename), passwd.toCharArray()); kmf.init(ks, passwd.toCharArray()); sslctx.init(kmf.getKeyManagers(), null, null); diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java index c73dbcf44e5..b3203d07ae0 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java @@ -41,7 +41,6 @@ import java.security.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; /** * Session cache size tests cover the following cases: diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java index 33b614f49d9..e4fb9410e9f 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java @@ -43,7 +43,6 @@ import java.util.concurrent.TimeUnit; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; /** * Session reuse time-out tests cover the cases below: diff --git a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java index 0bca9ccbba0..46dd8d629c2 100644 --- a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java +++ b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java @@ -39,7 +39,6 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class BestEffortOnLazyConnected { diff --git a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java index 4a3ad7efd57..a8067c9e83a 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java @@ -265,9 +265,9 @@ public static void main(String args[]) throws Exception { */ System.out.println("args is: " + args); parseArguments(args); - if (supportedProtocols == null || supportedProtocols.length == 0) { - return; - } + // if (supportedProtocols == null || supportedProtocols.length == 0) { + // return; + // } new SSLEngineExplorer(); } diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java index 766a75b8b9a..1f1dd15fa82 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java @@ -42,7 +42,6 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class SSLSocketConsistentSNI { diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java index cd0f0fc179b..d0880e2b44f 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java @@ -270,9 +270,9 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); - if (supportedProtocols == null || supportedProtocols.length == 0) { - return; - } + // if (supportedProtocols == null || supportedProtocols.length == 0) { + // return; + // } /* * Start the tests. */ diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java index a1c0c4d873f..2ea95b3d78d 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java @@ -49,7 +49,6 @@ import java.security.Security; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerFailure { diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java index c05a454f902..5d30d861ed1 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java @@ -53,7 +53,6 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerMatchedSNI { diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java index 40b39ba9267..9907a06cb1e 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java @@ -44,7 +44,6 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerWithCliSNI { diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java index 7897b9825e0..ca677acfe62 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java @@ -44,7 +44,6 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerWithSrvSNI { diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java index 28f75802608..d1a3a218686 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java @@ -368,37 +368,6 @@ private static void parseArguments(String[] args) { clientRequestedHostname = args[1]; } - private static void printCert(String trustedCertStr, int index) { - try { - // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace - String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "") - .replace("-----END CERTIFICATE-----", "") - .replaceAll("\\s", ""); - - // Decode the base64 string to get the certificate bytes - byte[] certBytes = Base64.getDecoder().decode(cleanedCert); - - // Create a CertificateFactory for X.509 certificates - CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); - - // Generate the X509Certificate object - X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)); - - // Print the certificate details - System.out.println("Issuer: " + cert.getIssuerDN()); - System.out.println("Subject: " + cert.getSubjectDN()); - System.out.println("Serial Number: " + cert.getSerialNumber()); - System.out.println("Not Before: " + cert.getNotBefore()); - System.out.println("Not After: " + cert.getNotAfter()); - System.out.println("Signature Algorithm: " + cert.getSigAlgName()); - System.out.println("Version: " + cert.getVersion()); - - signatureAlgos[index] = cert.getSigAlgName(); - } catch (Exception e) { - e.printStackTrace(); - } - } - private static SSLContext generateSSLContext(boolean isClient) throws Exception { @@ -407,7 +376,6 @@ private static SSLContext generateSSLContext(boolean isClient) // create a key store KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, null); // import the trused cert @@ -488,16 +456,6 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); - System.out.println("Now printing trustedCertStr=================="); - printCert(trustedCertStr, 0); - System.out.println("Now printing targetCertStr_A=================="); - printCert(targetCertStr_A, 1); - System.out.println("Now printing targetCertStr_B=================="); - printCert(targetCertStr_B, 2); - System.out.println("Now printing targetCertStr_C=================="); - printCert(targetCertStr_C, 3); - System.out.println("Now printing targetCertStr_D=================="); - printCert(targetCertStr_D, 4); /* * Start the tests. */ @@ -505,17 +463,31 @@ public static void main(String[] args) throws Exception { new SSLSocketSNISensitive(); } catch (Exception e) { if (Utils.isFIPS()) { - for (int i=0; i is caught."); + // return; + // } + // } + if (e instanceof javax.net.ssl.SSLHandshakeException) { + if ("no cipher suites in common".equals(e.getMessage())) { System.out.println("Expected exception msg: is caught."); return; + } else { + System.out.println("Unexpected exception msg: <" + e.getMessage() + "> is caught."); + return; } + } else { + System.out.println("Unexpected exception msg is caught."); + return; } + } else { + System.out.println("failure is not in FIPS mode."); + e.printStackTrace(); + return; } - e.printStackTrace(); - return; } } diff --git a/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security b/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security deleted file mode 100644 index 8ae3187b347..00000000000 --- a/test/jdk/javax/net/ssl/ServerName/TLSTest_ServerName_java.security +++ /dev/null @@ -1,29 +0,0 @@ -# Test-TLS Restricted Security mode profile for FIPS 140-3. This profile is a test profile that extends -# OpenJCEPlusFIPS.FIPS140-3. This profile also includes non-cryptographic algorithms and common configuration -# options such as, PKCS12, JKS from SUN and PBE related services from SunJCE. -# -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.name = Test-TLS-ServerName OpenJCEPlusFIPS Cryptographic Module FIPS 140-3 -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.desc.default = false -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.extends = RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3 - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS [+ \ - {AlgorithmParameters, DiffieHellman, *}, \ - {KeyAgreement, DiffieHellman, *}, \ - {KeyPairGenerator, DiffieHellman, *}, \ - {KeyFactory, DiffieHellman, *}, \ - {MessageDigest, MD5, *}] - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.2 = sun.security.provider.Sun [+ \ - {KeyStore, JKS, *}, \ - {KeyStore, PKCS12, *}, \ - {MessageDigest, SHA-1, *}] - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.4 = com.sun.crypto.provider.SunJCE [{AlgorithmParameters, PBES2, *}, \ - {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *}, \ - {AlgorithmParameters, PBEWithMD5AndDES, *}, \ - {SecretKeyFactory, PBEWithMD5AndDES, *}, \ - {Cipher, PBEWithHmacSHA256AndAES_256, *}, \ - {Mac, HmacSHA1, *},\ - {Mac, HmacPBESHA256, *}] - -RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3-Test-TLS-ServerName.jce.provider.5 = sun.security.rsa.SunRsaSign [{Signature, MD5withRSA, *}] \ No newline at end of file diff --git a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java index 826faf50b69..139a8d66f52 100644 --- a/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java +++ b/test/jdk/javax/net/ssl/TLS/CipherTestUtils.java @@ -50,8 +50,6 @@ import java.util.Base64; import java.util.Collections; import java.util.List; -import java.util.Map; -import java.util.HashMap; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLServerSocket; @@ -189,11 +187,6 @@ public class CipherTestUtils { + "fpqmCkpTanyYW9U=\n" + "-----END PRIVATE KEY-----"; - public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); - public static final String PROFILE = System.getProperty("semeru.customprofile"); - public static final List TLS_PROTOCOLS = new ArrayList<>(); - public static final Map TLS_CIPHERSUITES = new HashMap<>(); - private final SSLSocketFactory factory; private final X509ExtendedKeyManager clientKeyManager; private final X509ExtendedKeyManager serverKeyManager; @@ -313,9 +306,6 @@ public static void addFailure(Exception e) { } private CipherTestUtils() throws Exception { - TLS_PROTOCOLS.add("TLSv1.2"); - TLS_PROTOCOLS.add("TLSv1.3"); - factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY, SERVER_PRIVATE_KEY); @@ -484,36 +474,6 @@ public static void printInfo(SSLSocket socket) { System.out.println("-----------------------"); } - public static void printCert(String trustedCertStr) { - try { - // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace - String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "") - .replace("-----END CERTIFICATE-----", "") - .replaceAll("\\s", ""); - - // Decode the base64 string to get the certificate bytes - byte[] certBytes = Base64.getDecoder().decode(cleanedCert); - - // Create a CertificateFactory for X.509 certificates - CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); - - // Generate the X509Certificate object - X509Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(certBytes)); - - // Print the certificate details - System.out.println("Issuer: " + cert.getIssuerDN()); - System.out.println("Subject: " + cert.getSubjectDN()); - System.out.println("Serial Number: " + cert.getSerialNumber()); - System.out.println("Not Before: " + cert.getNotBefore()); - System.out.println("Not After: " + cert.getNotAfter()); - System.out.println("Signature Algorithm: " + cert.getSigAlgName()); - System.out.println("Version: " + cert.getVersion()); - - } catch (Exception e) { - e.printStackTrace(); - } - } - private static KeyStore createServerKeyStore(String publicKey, String keySpecStr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, diff --git a/test/jdk/javax/net/ssl/TLS/JSSEClient.java b/test/jdk/javax/net/ssl/TLS/JSSEClient.java index be2ea12f8ff..0f510856380 100644 --- a/test/jdk/javax/net/ssl/TLS/JSSEClient.java +++ b/test/jdk/javax/net/ssl/TLS/JSSEClient.java @@ -30,7 +30,6 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; -import java.util.*; class JSSEClient extends CipherTestUtils.Client { @@ -43,8 +42,6 @@ class JSSEClient extends CipherTestUtils.Client { private final String host; private final String protocol; - private static final Map TLS_CIPHERSUITES = new HashMap<>(); - JSSEClient(CipherTestUtils cipherTest, String host, int port, String protocols, String ciphersuite) throws Exception { super(cipherTest, ciphersuite); @@ -114,4 +111,4 @@ void runTest(CipherTestUtils.TestParameters params) throws Exception { } } } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/TLS/JSSEServer.java b/test/jdk/javax/net/ssl/TLS/JSSEServer.java index faf00ae9e2c..9bd4fd0bfa0 100644 --- a/test/jdk/javax/net/ssl/TLS/JSSEServer.java +++ b/test/jdk/javax/net/ssl/TLS/JSSEServer.java @@ -88,4 +88,4 @@ public void close() throws IOException { serverSocket.close(); } } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java index f3ffc3ddd14..e03a47f77f8 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java +++ b/test/jdk/javax/net/ssl/TLSCommon/ConcurrentClientAccessTest.java @@ -48,7 +48,6 @@ import javax.net.ssl.TrustManagerFactory; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; /* * @test @@ -65,9 +64,10 @@ public static void main(String[] args) throws Exception { String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}; if (!(Utils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); - } else { - protocols = new String[]{"TLSv1.3", "TLSv1.2"}; - } + } + // else { + // protocols = new String[]{"TLSv1.3", "TLSv1.2"}; + // } for (String tlsProtocol : protocols) { System.out.printf("Protocol: %s%n", tlsProtocol); CountDownLatch tillServerReady = new CountDownLatch(1); diff --git a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java index 899ad928b87..51eb6b729d3 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java +++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java @@ -189,10 +189,9 @@ public enum HandshakeMode { private static final String[] SUPPORTED_NON_KRB_CIPHERS; private static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); - private static final String PROFILE = System.getProperty("semeru.customprofile"); static { - if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if (ISFIPS) { TLS13_CIPHERS = new String[] { "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256" @@ -805,7 +804,7 @@ public static void checkResult(SSLEngineResult r, */ public static SSLContext getContext() { try { - if(!(ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) { + if (!(ISFIPS)) { java.security.Security.setProperty( "jdk.tls.disabledAlgorithms", ""); java.security.Security.setProperty( @@ -859,8 +858,7 @@ public static void setUpAndStartKDC() { * SSLEngineTestCase.TEST_MODE is "krb". */ public static void setUpAndStartKDCIfNeeded() { - if (TEST_MODE.equals("krb") && - (!(ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")))) { + if (TEST_MODE.equals("krb") && !ISFIPS) { setUpAndStartKDC(); } } @@ -1189,4 +1187,4 @@ private static void startKDC(String realm, Map principals, throw new RuntimeException("KDC: unexpected exception", e); } } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java index e2883ff98f6..3f25278327d 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TLSTest.java @@ -37,11 +37,9 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.Security; -import java.security.Provider; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.spec.PKCS8EncodedKeySpec; -import java.util.Arrays; import java.util.Base64; import java.util.concurrent.CountDownLatch; import java.util.concurrent.ExecutorService; @@ -57,7 +55,6 @@ import javax.net.ssl.TrustManagerFactory; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; /* * @test @@ -162,29 +159,30 @@ public class TLSTest { public static void main(String[] args) throws Exception { - String tlsProtocol = args[0]; + final String tlsProtocol = args[0]; final KeyType keyType = KeyType.valueOf(args[1]); - String cipher = args[2]; + final String cipher = args[2]; if (!(Utils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); - } else { - if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) { - System.out.println(tlsProtocol + " is not available."); - return; - } - if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipher)) { - System.out.println(cipher + " is not available."); - return; - } - if (!SecurityUtils.TLS_CIPHERSUITES.get(cipher).equals(tlsProtocol)) { - System.out.println(cipher + " does not match " + tlsProtocol); - return; - } - if (args[1].contains("sha1")) { - System.out.println("FIPS140-3 does not support SHA1."); - return; - } - } + } + // else { + // if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) { + // System.out.println(tlsProtocol + " is not available."); + // return; + // } + // if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipher)) { + // System.out.println(cipher + " is not available."); + // return; + // } + // if (!SecurityUtils.TLS_CIPHERSUITES.get(cipher).equals(tlsProtocol)) { + // System.out.println(cipher + " does not match " + tlsProtocol); + // return; + // } + // if (args[1].contains("sha1")) { + // System.out.println("FIPS140-3 does not support SHA1."); + // return; + // } + // } CountDownLatch serverReady = new CountDownLatch(1); Server server = new Server(tlsProtocol, keyType, cipher, serverReady); server.start(); diff --git a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java index ced4d622f19..ed6f3ce283a 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java @@ -639,10 +639,10 @@ private static void testKeyManager(String keyStoreSpec, String keyType, private static void runtest(String testNameFmt, SessionChecker cliChk, Class cliExpExc, SessionChecker servChk, Class servExpExc) { - if (!(Utils.isFIPS())) { - TEST_PROTOS = List.of( - "TLSv1.3", "TLSv1.2"); - } + // if (!(Utils.isFIPS())) { + // TEST_PROTOS = List.of( + // "TLSv1.3", "TLSv1.2"); + // } TEST_PROTOS.forEach(protocol -> { clientParameters.put(ParamType.PROTOS, protocol); TLSWithEdDSA testObj = new TLSWithEdDSA(cliChk, cliExpExc, servChk, diff --git a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java index b39056454c8..eae5a88c199 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java @@ -47,7 +47,6 @@ import javax.net.ssl.TrustManagerFactory; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; /* * @test @@ -62,9 +61,10 @@ public static void main(String[] args) throws Exception { String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}; if (!(Utils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); - } else { - protocols = new String[]{"TLSv1.3", "TLSv1.2"}; - } + } + // else { + // protocols = new String[]{"TLSv1.3", "TLSv1.2"}; + // } for (String tlsProtocol : protocols) { for (boolean clientAuth : new boolean[]{true, false}) { System.out.printf("Protocol %s: Client side auth enabled: %s%n", diff --git a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java index bcc8950e9a6..f4120a9d6f5 100644 --- a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java +++ b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java @@ -189,7 +189,6 @@ private static void checkClientHello(ByteBuffer data, int ver_major = Byte.toUnsignedInt(data.get()); int ver_minor = Byte.toUnsignedInt(data.get()); int recLen = Short.toUnsignedInt(data.getShort()); - System.out.println("TLS record header length: " + recLen); // Simple sanity checks if (type != 22) { @@ -204,7 +203,6 @@ private static void checkClientHello(ByteBuffer data, int msgHdr = data.getInt(); int msgType = (msgHdr >> 24) & 0x000000FF; int msgLen = msgHdr & 0x00FFFFFF; - System.out.println("handshake message header length: " + msgLen); // More simple sanity checks if (msgType != 1) { @@ -217,21 +215,18 @@ private static void checkClientHello(ByteBuffer data, // Jump past the session ID (if there is one) int sessLen = Byte.toUnsignedInt(data.get()); if (sessLen != 0) { - System.out.println("session ID is not null, length is: " + sessLen); data.position(data.position() + sessLen); } // Jump past the cipher suites int csLen = Short.toUnsignedInt(data.getShort()); if (csLen != 0) { - System.out.println("cipher suites ID is not null, length is: " + csLen); data.position(data.position() + csLen); } // ...and the compression int compLen = Byte.toUnsignedInt(data.get()); if (compLen != 0) { - System.out.println("compression is not null, length is: " + compLen); data.position(data.position() + compLen); } @@ -241,24 +236,20 @@ private static void checkClientHello(ByteBuffer data, boolean foundSupVer = false; boolean foundKeyShare = false; int extsLen = Short.toUnsignedInt(data.getShort()); - System.out.println("extsLen is: " + extsLen); List supGrpList = new ArrayList<>(); List chKeyShares = new ArrayList<>(); while (data.hasRemaining()) { int extType = Short.toUnsignedInt(data.getShort()); int extLen = Short.toUnsignedInt(data.getShort()); boolean foundTLS13 = false; - System.out.println("extension type is: " + extType); switch (extType) { case HELLO_EXT_SUPP_GROUPS: - System.out.println("This extType is HELLO_EXT_SUPP_GROUPS. extension type is: " + extType); int supGrpLen = Short.toUnsignedInt(data.getShort()); for (int remain = supGrpLen; remain > 0; remain -= 2) { supGrpList.add(Short.toUnsignedInt(data.getShort())); } break; case HELLO_EXT_SUPP_VERS: - System.out.println("This extType is HELLO_EXT_SUPP_VERS. extension type is: " + extType); foundSupVer = true; int supVerLen = Byte.toUnsignedInt(data.get()); // 04 for (int remain = supVerLen; remain > 0; remain -= 2) { @@ -272,18 +263,14 @@ private static void checkClientHello(ByteBuffer data, } break; case HELLO_EXT_KEY_SHARE: - System.out.println("This extType is HELLO_EXT_KEY_SHARE. extension type is: " + extType); foundKeyShare = true; int ksListLen = Short.toUnsignedInt(data.getShort()); - System.out.println("ksListLen before while-loop is: " + ksListLen); while (ksListLen > 0) { int ks = Short.toUnsignedInt(data.getShort()); - System.out.println("keyshare is: " + ks); chKeyShares.add(ks); int ksLen = Short.toUnsignedInt(data.getShort()); data.position(data.position() + ksLen); ksListLen -= (4 + ksLen); - System.out.println("ksListLen is: " + ksListLen); } break; default: diff --git a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java index aef00a6e65a..512eeebf6eb 100644 --- a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +++ b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java @@ -413,4 +413,4 @@ static SSLClient init(int port, String ciphersuite) } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java index 9e07ab3598c..00c19241f58 100644 --- a/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java +++ b/test/jdk/javax/net/ssl/ciphersuites/ECCurvesconstraints.java @@ -410,4 +410,4 @@ public void run() { } } } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java index 5c9dfbd4b15..c147f732ec5 100644 --- a/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java +++ b/test/jdk/javax/net/ssl/compatibility/ClientHelloProcessing.java @@ -778,4 +778,4 @@ private static String dumpHexBytes(ByteBuffer data, int itemsPerLine, return sb.toString(); } -} \ No newline at end of file +} diff --git a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java index 261e287da18..690b85a1811 100644 --- a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java +++ b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java @@ -42,10 +42,8 @@ import javax.net.ssl.SSLSessionBindingListener; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.SSLContext; import jdk.test.lib.Utils; -import jdk.test.lib.security.SecurityUtils; public class SSLSessionFinalizeTest { @@ -98,7 +96,6 @@ public class SSLSessionFinalizeTest { void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); - SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); @@ -110,8 +107,6 @@ void doServerSide() throws Exception { while (serverReady) { SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - SSLSession sslSession = sslSocket.getSession(); - System.out.println("Cipher Suite used: " + sslSession.getCipherSuite()); // System.out.printf(" accept: %s%n", sslSocket); InputStream sslIS = sslSocket.getInputStream(); diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java index 87371ae3122..cc9449c02f8 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java @@ -60,12 +60,12 @@ public class TLSCipherSuitesOrder extends SSLSocketTemplate { public static void main(String[] args) { PROTOCOL protocol = PROTOCOL.valueOf(args[0]); - if (Utils.isFIPS()) { - if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { - System.out.println(args[0] + " is not supported in FIPS 140-3."); - return; - } - } + // if (Utils.isFIPS()) { + // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { + // System.out.println(args[0] + " is not supported in FIPS 140-3."); + // return; + // } + // } try { new TLSCipherSuitesOrder(protocol.getProtocol(), protocol.getCipherSuite(args[1]), diff --git a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java index 8c5135723cb..d9a4536f4ab 100644 --- a/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java +++ b/test/jdk/javax/net/ssl/sanity/interop/CipherTest.java @@ -59,7 +59,6 @@ public class CipherTest { private static PeerFactory peerFactory; public static final boolean ISFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips")); - public static final String PROFILE = System.getProperty("semeru.customprofile"); static abstract class Server implements Runnable { @@ -139,7 +138,7 @@ private CipherTest(PeerFactory peerFactory) throws IOException { String[] cipherSuites = socket.getSupportedCipherSuites(); String[] protocols = null; String[] clientAuths = null; - if (ISFIPS && PROFILE.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) { + if (ISFIPS) { clientAuths = new String[]{null, "RSA"}; List tmp = new ArrayList<>(); for (String protocol : socket.getSupportedProtocols()) { diff --git a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java index a2b36f20b6e..88f8c8cc27f 100644 --- a/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLContextTemplate.java @@ -111,6 +111,7 @@ protected TrustManager createTrustManager(Cert[] trustedCerts, ContextParameters params) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream is; + KeyStore ts = KeyStore.getInstance("JKS"); ts.load(null, null); diff --git a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java index 2af16124e8b..ed2bef460b2 100644 --- a/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java +++ b/test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java @@ -176,9 +176,9 @@ protected void configureServerSocket(SSLServerSocket socket) { protected void doServerSide() throws Exception { // kick start the server side service SSLContext context = createServerSSLContext(); - if (context == null) { - return; - } + // if (context == null) { + // return; + // } SSLServerSocketFactory sslssf = context.getServerSocketFactory(); InetAddress serverAddress = this.serverAddress; SSLServerSocket sslServerSocket = serverAddress == null ? @@ -269,9 +269,9 @@ protected void doClientSide() throws Exception { } SSLContext context = createClientSSLContext(); - if (context == null) { - return; - } + // if (context == null) { + // return; + // } SSLSocketFactory sslsf = context.getSocketFactory(); try (SSLSocket sslSocket = (SSLSocket)sslsf.createSocket()) {