Skip to content

Commit

Permalink
check the sslcontext
Browse files Browse the repository at this point in the history
  • Loading branch information
JinhangZhang committed Jul 17, 2024
1 parent 0424dfc commit cdf26b7
Show file tree
Hide file tree
Showing 88 changed files with 1,866 additions and 1,208 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -909,9 +909,13 @@ private static final class DefaultManagersHolder {
Exception reserved = null;
TrustManager[] tmMediator = null;
try {
System.out.println("start getTrustManagers in DefaultManagersHolder.");
tmMediator = getTrustManagers();
} catch (Exception e) {
System.out.println("start getTrustManagers in DefaultManagersHolder but failed");
reserved = e;
System.out.println("Exception message is: ");
reserved.printStackTrace();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.warning(
"Failed to load default trust managers", e);
Expand All @@ -920,6 +924,7 @@ private static final class DefaultManagersHolder {

KeyManager[] kmMediator = null;
if (reserved == null) {
System.out.println("reserved is null");
try {
kmMediator = getKeyManagers();
} catch (Exception e) {
Expand All @@ -932,6 +937,7 @@ private static final class DefaultManagersHolder {
}

if (reserved != null) {
System.out.println("reserved is not null");
trustManagers = new TrustManager[0];
keyManagers = new KeyManager[0];

Expand All @@ -951,14 +957,17 @@ private static final class DefaultManagersHolder {
private static TrustManager[] getTrustManagers() throws Exception {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
System.out.println("The TrustManagerFactory provider is: " + tmf.getProvider().getName());
if ("SunJSSE".equals(tmf.getProvider().getName())) {
// The implementation will load the default KeyStore
// automatically. Cached trust materials may be used
// for performance improvement.
System.out.println("It's SunJSSE.");
tmf.init((KeyStore)null);
} else {
// Use the explicitly specified KeyStore for third party's
// TrustManagerFactory implementation.
System.out.println("It's not SunJSSE.");
KeyStore ks = TrustStoreManager.getTrustedKeyStore();
tmf.init(ks);
}
Expand Down
915 changes: 1 addition & 914 deletions test/jdk/ProblemList-FIPS140_3_OpenJcePlus.txt

Large diffs are not rendered by default.

25 changes: 22 additions & 3 deletions test/jdk/javax/net/ssl/DTLS/CipherSuite.java
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@
import javax.net.ssl.SSLEngine;
import java.security.Security;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

/**
* Test common DTLS cipher suites.
*/
Expand All @@ -61,14 +64,30 @@ public class CipherSuite extends DTLSOverDatagram {
volatile static String cipherSuite;

public static void main(String[] args) throws Exception {
if (args.length > 1 && "re-enable".equals(args[1])) {
if (args.length > 1 && "re-enable".equals(args[1])
&& !(Utils.isFIPS()
&& Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
}

cipherSuite = args[0];

CipherSuite testCase = new CipherSuite();
testCase.runTest(testCase);
try {
testCase.runTest(testCase);
} catch (javax.net.ssl.SSLHandshakeException sslhe) {
if ((Utils.isFIPS()
&& Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
&& !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
}
}
} catch (Exception e) {
e.printStackTrace();
return;
}
}

@Override
Expand All @@ -81,4 +100,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception {

return engine;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

/**
* Testing DTLS engines handshake using each of the supported cipher suites with
* replicated packets check.
Expand All @@ -59,7 +62,9 @@ public class DTLSHandshakeWithReplicatedPacketsTest extends SSLEngineTestCase {
public static void main(String[] args) {
DTLSHandshakeWithReplicatedPacketsTest test
= new DTLSHandshakeWithReplicatedPacketsTest();
setUpAndStartKDCIfNeeded();
if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
setUpAndStartKDCIfNeeded();
}
test.runTests();
}

Expand Down
7 changes: 6 additions & 1 deletion test/jdk/javax/net/ssl/DTLS/DTLSIncorrectAppDataTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@
import java.util.Random;
import jdk.test.lib.RandomFactory;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

/**
* Testing DTLS incorrect app data packages unwrapping. Incorrect application
* data packages should be ignored by DTLS SSLEngine.
Expand All @@ -63,7 +66,9 @@ public class DTLSIncorrectAppDataTest extends SSLEngineTestCase {

public static void main(String[] s) {
DTLSIncorrectAppDataTest test = new DTLSIncorrectAppDataTest();
setUpAndStartKDCIfNeeded();
if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
setUpAndStartKDCIfNeeded();
}
test.runTests();
}

Expand Down
8 changes: 5 additions & 3 deletions test/jdk/javax/net/ssl/DTLS/DTLSOverDatagram.java
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
import java.util.concurrent.atomic.AtomicBoolean;

import jdk.test.lib.hexdump.HexPrinter;
import jdk.test.lib.Utils;

/**
* An example to show the way to use SSLEngine in datagram connections.
Expand All @@ -63,10 +64,10 @@ public class DTLSOverDatagram {
private static final String KEY_STORE_FILE = "keystore";
private static final String TRUST_STORE_FILE = "truststore";

private static final String KEY_FILENAME =
private static String KEY_FILENAME =
System.getProperty("test.src", ".") + "/" + PATH_TO_STORES +
"/" + KEY_STORE_FILE;
private static final String TRUST_FILENAME =
private static String TRUST_FILENAME =
System.getProperty("test.src", ".") + "/" + PATH_TO_STORES +
"/" + TRUST_STORE_FILE;

Expand Down Expand Up @@ -505,11 +506,12 @@ boolean onReceiveTimeout(SSLEngine engine, SocketAddress socketAddr,
// get DTSL context
SSLContext getDTLSContext() throws Exception {
String passphrase = "passphrase";
String protocol = "DTLS";
return SSLContextBuilder.builder()
.trustStore(KeyStoreUtils.loadKeyStore(TRUST_FILENAME, passphrase))
.keyStore(KeyStoreUtils.loadKeyStore(KEY_FILENAME, passphrase))
.kmfPassphrase(passphrase)
.protocol("DTLS")
.protocol(protocol)
.build();
}

Expand Down
7 changes: 6 additions & 1 deletion test/jdk/javax/net/ssl/DTLS/DTLSSequenceNumberTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@
import java.util.Random;
import jdk.test.lib.RandomFactory;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

/**
* Testing DTLS records sequence number property support in application data
* exchange.
Expand All @@ -69,7 +72,9 @@ public class DTLSSequenceNumberTest extends SSLEngineTestCase {

public static void main(String[] args) {
DTLSSequenceNumberTest test = new DTLSSequenceNumberTest();
setUpAndStartKDCIfNeeded();
if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
setUpAndStartKDCIfNeeded();
}
test.runTests();
}

Expand Down
18 changes: 17 additions & 1 deletion test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
* questions.
*/

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

import javax.net.ssl.*;
Expand Down Expand Up @@ -49,7 +50,10 @@ public class DTLSWontNegotiateV10 {
private static final String DTLSV_1_2 = "DTLSv1.2";

public static void main(String[] args) throws Exception {
if (args[0].equals(DTLSV_1_0)) {

if (args[0].equals(DTLSV_1_0)
&& !(Utils.isFIPS()
&& Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
SecurityUtils.removeFromDisabledTlsAlgs(DTLSV_1_0);
}

Expand Down Expand Up @@ -77,6 +81,18 @@ public static void main(String[] args) throws Exception {
server.run();
p.destroy();
System.out.println("Success: DTLSv1.0 connection was not established.");
} catch (javax.net.ssl.SSLHandshakeException sslhe) {
if ((Utils.isFIPS()
&& Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
&& !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
}
}
} catch (Exception e) {
e.printStackTrace();
return;
}
}
}
Expand Down
27 changes: 23 additions & 4 deletions test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@
import javax.net.ssl.SSLEngine;
import java.security.Security;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

/**
* Test common DTLS weak cipher suites.
*/
Expand All @@ -52,13 +55,29 @@ public class WeakCipherSuite extends DTLSOverDatagram {
public static void main(String[] args) throws Exception {
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
Security.setProperty("jdk.certpath.disabledAlgorithms", "");
if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
Security.setProperty("jdk.certpath.disabledAlgorithms", "");
}

cipherSuite = args[0];

WeakCipherSuite testCase = new WeakCipherSuite();
testCase.runTest(testCase);
try {
testCase.runTest(testCase);
} catch (javax.net.ssl.SSLHandshakeException sslhe) {
if ((Utils.isFIPS()
&& Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
&& !SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) {
if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
return;
}
}
} catch (Exception e) {
e.printStackTrace();
return;
}
}

@Override
Expand All @@ -68,4 +87,4 @@ SSLEngine createSSLEngine(boolean isClient) throws Exception {

return engine;
}
}
}
8 changes: 8 additions & 0 deletions test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
* @bug 4387882
* @summary Need to revisit the javadocs for JSSE, especially the
* promoted classes.
* @library /test/lib
* @run main/othervm ImplicitHandshake
*
* SunJSSE does not support dynamic system properties, no way to re-use
Expand All @@ -37,6 +38,9 @@
import java.net.*;
import javax.net.ssl.*;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

public class ImplicitHandshake {

/*
Expand Down Expand Up @@ -191,6 +195,10 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;

if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
}
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
* @bug 6668231
* @summary Presence of a critical subjectAltName causes JSSE's SunX509 to
* fail trusted checks
* @library /test/lib
* @run main/othervm CriticalSubjectAltName
* @author Xuelei Fan
*/
Expand All @@ -53,6 +54,9 @@
import java.security.Security;
import java.security.cert.Certificate;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

public class CriticalSubjectAltName implements HostnameVerifier {
/*
* =============================================================
Expand Down Expand Up @@ -159,10 +163,12 @@ void doClientSide() throws Exception {

public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty("jdk.certpath.disabledAlgorithms",
"MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection"))) {
Security.setProperty("jdk.certpath.disabledAlgorithms",
"MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
}

String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
Expand All @@ -171,6 +177,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;

if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS-HttpsURLConnection"))) {
keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
}

System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
* @test
* @bug 4482187
* @summary HttpsClient tests are failing for build 71
* @library /test/lib
* @run main/othervm GetResponseCode
*
* SunJSSE does not support dynamic system properties, no way to re-use
Expand All @@ -37,6 +38,9 @@
import javax.net.ssl.*;
import java.security.cert.Certificate;

import jdk.test.lib.Utils;
import jdk.test.lib.security.SecurityUtils;

public class GetResponseCode implements HostnameVerifier {
/*
* =============================================================
Expand Down Expand Up @@ -149,6 +153,11 @@ public static void main(String[] args) throws Exception {
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;

if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
}

System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
Expand Down
Loading

0 comments on commit cdf26b7

Please sign in to comment.