u

test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java

@@ -78,6 +78,13 @@ public static void main(String[] args) throws Exception {
  break;
  } catch (SocketTimeoutException exc) {
  System.out.println("The server timed-out waiting for packets from the client.");
+ } catch (javax.net.ssl.SSLHandshakeException sslhe) {
+ if (Utils.isFIPS() && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
+ System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+ return;
+ }
+ }
  }
  }
  if (tries == totalAttempts) {
@@ -102,15 +109,7 @@ private static void runServer(String protocol) throws Exception {
  clientProcess = builder.inheritIO().start();
  server.run();
  System.out.println("Success: DTLSv1.0 connection was not established.");
- // } catch (javax.net.ssl.SSLHandshakeException sslhe) {
- // if ((Utils.isFIPS() 
- // && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))
- // && !SecurityUtils.TLS_PROTOCOLS.contains(args[0])) {
- // if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) {
- // System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
- // return;
- // }
- // }
+
  } finally {
  if (clientProcess != null) {
  clientProcess.destroy();

test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java

@@ -111,8 +111,6 @@ private void runTest(String cipher) throws Exception {
  result1 = ssle1.wrap(appOut1, oneToTwo);
  result2 = ssle2.wrap(appOut2, twoToOne);
 
- System.out.println("result1.bytesConsumed() is: " + result1.bytesConsumed());
-
  if ((result1.bytesConsumed() != 0) &&
  (result1.bytesConsumed() != appBufferMax) &&
  (result1.bytesConsumed() != OFFSET)) {
@@ -143,8 +141,6 @@ private void runTest(String cipher) throws Exception {
  result1 = ssle1.unwrap(twoToOne, appIn1);
  result2 = ssle2.unwrap(oneToTwo, appIn2);
 
- System.out.println("result1.bytesProduced() is: " + result1.bytesProduced());
-
  if ((result1.bytesProduced() != 0) &&
  (result1.bytesProduced() != appBufferMax) &&
  (result1.bytesProduced() != 2 * OFFSET)) {
@@ -188,29 +184,21 @@ private void runTest(String cipher) throws Exception {
  }
 
  public static void main(String args[]) throws Exception {
- // reset the security property to make sure that the algorithms
- // and keys used in this test are not disabled.
- if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
- }
-
  LargeBufs test;
 
- if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ if (!(Utils.isFIPS())) {
+ // reset the security property to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
  test = new LargeBufs();
  test.runTest("SSL_RSA_WITH_RC4_128_MD5");
- }
-
- if (!(Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
  test = new LargeBufs();
  test.runTest("SSL_RSA_WITH_3DES_EDE_CBC_SHA");
- }
-
- if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ } else {
  test = new LargeBufs();
  test.runTest("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
  test = new LargeBufs();
- test.runTest("TLS_AES_128_GCM_SHA256");
+ test.runTest("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
  }
 
  System.out.println("Test Passed.");
@@ -264,7 +252,6 @@ private void createBuffers() {
  // that the ability to concume or produce applicaton data upto
  // the size. 16384 is the default JSSE implementation maximum
  // application size that could be consumed and produced.
- // appBufferMax = 16384;
  appBufferMax = 16384;
  netBufferMax = session.getPacketBufferSize();
 
@@ -329,5 +316,5 @@ private static void log(String str) {
  if (debug) {
  System.out.println(str);
  }
- } 
-}
+ }
+}

test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java

@@ -225,7 +225,6 @@ public static void main(String[] args) throws Exception {
 
  if (debug)
  System.setProperty("javax.net.debug", "all");
-
  /*
  * Start the tests.
  */

test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java

@@ -63,8 +63,6 @@ public class RenegotiateTLS13 {
  // Server done flag
  static boolean done = false;
 
- static String keystoreType = System.getProperty("javax.net.ssl.keyStore");
-
  // Main server code
 
  void doServerSide() throws Exception {
@@ -148,7 +146,6 @@ public static void main(String[] args) throws Exception {
  if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
  keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd);
  trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd);
- keystoreType = "PKCS12";
  }
 
  System.setProperty("javax.net.ssl.keyStore", keyFilename);
@@ -290,7 +287,7 @@ SSLContext initContext() throws Exception {
  System.out.println("Using TLS13");
  SSLContext sc = SSLContext.getInstance("TLSv1.3");
  KeyStore ks = KeyStore.getInstance(
- new File(keystoreType),
+ new File(System.getProperty("javax.net.ssl.keyStore")),
  passwd.toCharArray());
  KeyManagerFactory kmf = KeyManagerFactory.getInstance(
  KeyManagerFactory.getDefaultAlgorithm());

test/jdk/javax/net/ssl/SSLSession/ResumeTLS13withSNI.java

@@ -93,10 +93,10 @@ public static void main(String args[]) throws Exception {
  System.setProperty("javax.net.debug", "ssl:handshake");
  }
 
- if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
- keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
- trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
- }
+ // if ((Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ //  keyFilename = Utils.revertJKSToPKCS12(keyFilename, "passphrase");
+ //  trustFilename = Utils.revertJKSToPKCS12(trustFilename, "passphrase");
+ // }
 
  KeyManagerFactory kmf = makeKeyManagerFactory(keyFilename,
  passphrase);

test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java

@@ -254,6 +254,8 @@ public class SSLSocketSNISensitive {
  */
  static boolean debug = false;
 
+ static String[] signatureAlgos = new String[5];
+
  /*
  * Define the server side of the test.
  *
@@ -366,7 +368,7 @@ private static void parseArguments(String[] args) {
  clientRequestedHostname = args[1];
  }
 
- private static void printCert(String trustedCertStr) {
+ private static void printCert(String trustedCertStr, int index) {
  try {
  // Remove the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines and any whitespace
  String cleanedCert = trustedCertStr.replace("-----BEGIN CERTIFICATE-----", "")
@@ -391,6 +393,7 @@ private static void printCert(String trustedCertStr) {
  System.out.println("Signature Algorithm: " + cert.getSigAlgName());
  System.out.println("Version: " + cert.getVersion());
 
+ signatureAlgos[index] = cert.getSigAlgName();
  } catch (Exception e) {
  e.printStackTrace();
  }
@@ -486,19 +489,34 @@ public static void main(String[] args) throws Exception {
  parseArguments(args);
 
  System.out.println("Now printing trustedCertStr==================");
- printCert(trustedCertStr);
+ printCert(trustedCertStr, 0);
  System.out.println("Now printing targetCertStr_A==================");
- printCert(targetCertStr_A);
+ printCert(targetCertStr_A, 1);
  System.out.println("Now printing targetCertStr_B==================");
- printCert(targetCertStr_B);
+ printCert(targetCertStr_B, 2);
  System.out.println("Now printing targetCertStr_C==================");
- printCert(targetCertStr_C);
+ printCert(targetCertStr_C, 3);
  System.out.println("Now printing targetCertStr_D==================");
- printCert(targetCertStr_D);
+ printCert(targetCertStr_D, 4);
  /*
  * Start the tests.
  */
- new SSLSocketSNISensitive();
+ try {
+ new SSLSocketSNISensitive();
+ } catch (Exception e) {
+ if (Utils.isFIPS() && Utils.getFipsProfile().equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
+ for (int i=0; i<signatureAlgos.length; i++) {
+ if (signatureAlgos[i].contains("MD5") 
+ && e instanceof javax.net.ssl.SSLHandshakeException
+ && "no cipher suites in common".equals(e.getMessage())) {
+ System.out.println("Expected exception msg: <no cipher suites in common> is caught.");
+ return;
+ }
+ }
+ }
+ e.printStackTrace();
+ return;
+ }
  }
 
  Thread clientThread = null;

test/jdk/javax/net/ssl/TLS/CipherTestUtils.java

@@ -74,7 +74,7 @@ public class CipherTestUtils {
  public static final SecureRandom secureRandom = new SecureRandom();
  public static char[] PASSWORD = "passphrase".toCharArray();
  private static final List<TestParameters> TESTS = new ArrayList<>(3);
- private static final List<Exception> EXCEPTIONS
+ public static final List<Exception> EXCEPTIONS
  = Collections.synchronizedList(new ArrayList<>(1));
 
  private static final String CLIENT_PUBLIC_KEY
@@ -316,21 +316,6 @@ private CipherTestUtils() throws Exception {
  TLS_PROTOCOLS.add("TLSv1.2");
  TLS_PROTOCOLS.add("TLSv1.3");
 
- TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
- TLS_CIPHERSUITES.put("TLS_AES_256_GCM_SHA384", "TLSv1.3");
- TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
-
  factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
  KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
  SERVER_PRIVATE_KEY);

test/jdk/javax/net/ssl/TLS/JSSEClient.java

@@ -30,6 +30,7 @@
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
+import java.util.*;
 
 class JSSEClient extends CipherTestUtils.Client {
 
@@ -42,6 +43,8 @@ class JSSEClient extends CipherTestUtils.Client {
  private final String host;
  private final String protocol;
 
+ private static final Map<String, String> TLS_CIPHERSUITES = new HashMap<>();
+
  JSSEClient(CipherTestUtils cipherTest, String host, int port,
  String protocols, String ciphersuite) throws Exception {
  super(cipherTest, ciphersuite);

test/jdk/javax/net/ssl/TLS/TestJSSE.java

@@ -21,6 +21,8 @@
  * questions.
  */
 
+import java.lang.reflect.Field;
+
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -35,7 +37,6 @@ public class TestJSSE {
 
  private static final String LOCAL_IP = InetAddress.getLoopbackAddress().getHostAddress();
  private static boolean isFIPS = Boolean.parseBoolean(System.getProperty("semeru.fips"));
- private static String customProfile = System.getProperty("semeru.customprofile");
  private static final Map<String, String> TLS_CIPHERSUITES = new HashMap<>();
 
  private static String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, String clnProtocol) {
@@ -66,7 +67,7 @@ private static String checkIfProtocolIsUsedInCommonFIPS(String srvProtocol, Stri
  public static void main(String... args) throws Exception {
 
  // enable debug output
- System.setProperty("javax.net.debug", "ssl,record");
+ // System.setProperty("javax.net.debug", "ssl,record");
 
  String srvProtocol = System.getProperty("SERVER_PROTOCOL");
  String clnProtocol = System.getProperty("CLIENT_PROTOCOL");
@@ -87,7 +88,7 @@ public static void main(String... args) throws Exception {
  // reset the security property to make sure that the algorithms
  // and keys used in this test are not disabled.
  String protocolUsedInHandShake = null;
- if (!(isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS"))) {
+ if (!(isFIPS)) {
  Security.setProperty("jdk.tls.disabledAlgorithms", "");
  } else {
  TLS_CIPHERSUITES.put("TLS_AES_128_GCM_SHA256", "TLSv1.3");
@@ -96,34 +97,41 @@ public static void main(String... args) throws Exception {
  TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
  TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
  TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLSv1.2");
  TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
  TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLSv1.2");
  TLS_CIPHERSUITES.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
  TLS_CIPHERSUITES.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLSv1.2");
- TLS_CIPHERSUITES.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLSv1.2");
  protocolUsedInHandShake = checkIfProtocolIsUsedInCommonFIPS(srvProtocol, clnProtocol);
  }
 
  try (CipherTestUtils.Server srv = server(srvProtocol, cipher, args)) {
  client(srv.getPort(), clnProtocol, cipher, args);
  } catch (Exception e) {
- if (isFIPS && customProfile.equals("OpenJCEPlusFIPS.FIPS140-3-Test-TLS")) {
- System.out.println("1");
- if ((protocolUsedInHandShake == null
- || !TLS_CIPHERSUITES.containsKey(cipher)
- || !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))
- && e instanceof javax.net.ssl.SSLHandshakeException
- && "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(e.getMessage())) {
- if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
- System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
- return;
- } else {
- System.out.println("Expected exception msg: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
- return;
+ if (isFIPS) {
+ if (protocolUsedInHandShake == null || !TLS_CIPHERSUITES.containsKey(cipher)
+ || (protocolUsedInHandShake != null && !TLS_CIPHERSUITES.get(cipher).equals(protocolUsedInHandShake))) {
+ for (int i=0; i<CipherTestUtils.EXCEPTIONS.size(); i++) {
+ System.out.println("CipherTestUtils.EXCEPTIONS.get(" + i + "): ");
+ CipherTestUtils.EXCEPTIONS.get(i).printStackTrace(System.out);
+ System.out.println("+++++++++++++++++++++++++++");
+ }
+ if (CipherTestUtils.EXCEPTIONS.get(0) instanceof javax.net.ssl.SSLHandshakeException) {
+ if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(CipherTestUtils.EXCEPTIONS.get(0).getMessage())) {
+ if (args.length >= 1 && args[0].equals("javax.net.ssl.SSLHandshakeException")) {
+ System.out.println("Expected exception msg from client: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+ } else {
+ System.out.println("Expected exception msg from client: <No appropriate protocol (protocol is disabled or cipher suites are inappropriate)> is caught");
+ }
+ }
+ if ((CipherTestUtils.EXCEPTIONS.get(CipherTestUtils.EXCEPTIONS.size()-1) instanceof java.net.SocketException)) {
+ System.out.println("im here-1")
+ if ("Socket closed".equals(CipherTestUtils.EXCEPTIONS.get(CipherTestUtils.EXCEPTIONS.size()-1).getMessage())) {
+ System.out.println("im here-2")
+ System.out.println("Expected exception msg from server: <Socket closed> is caught");
+ }
+ }
  }
+ System.out.println("================================");
  }
  }
  }