Exclude list of sanity.openjdk and extended.openjdk for jdk8

[WilburZjh]

Signed-off-by: Jinhang Zhang Jinhang.Zhang@ibm.com

[pshipton]

@alon-sh for review

[WilburZjh]

@alon-sh please help to review

[alon-sh]

@WilburZjh please explain why is this happening:

java.security.ProviderException: Could not derive key

at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:145)

at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)

sun/security/pkcs11/ec/TestCurves.java #611 linux-x64

java.security.spec.InvalidKeySpecException: Could not create EC private key

sun/security/pkcs11/ec/TestECDH2.java #611 linux-x64
sun/security/pkcs11/ec/TestECDSA2.java #611 linux-x64

[alon-sh]

also this:

Existing Jars sign related

java/util/jar/JarFile/ScanSignedJar.java #611 linux-x64
java/util/jar/JarFile/TurkCert.java #611 linux-x64
java/util/jar/JarInputStream/ScanSignedJar.java #611 linux-x64
java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java #611 linux-x64

[sshuklao]

I am getting same CKR_KEY_TYPE_INCONSISTENT error when running Apache Spark 3.3.0 on IBM-Semeru-Runtime 11.0.16.1 on FIPS enabled cluster.

Caused by: java.security.InvalidKeyException: init() failed
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208)
	at java.base/javax.crypto.Mac.chooseProvider(Mac.java:366)
	at java.base/javax.crypto.Mac.init(Mac.java:435)
	at com.ibm.stocator.thirdparty.cos.auth.AbstractAWSSigner.sign(AbstractAWSSigner.java:127)
	... 34 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT
	at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206)
	... 37 more
	```

[WilburZjh]

@WilburZjh please explain why is this happening:

java.security.ProviderException: Could not derive key

at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:145)

at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)

sun/security/pkcs11/ec/TestCurves.java #611 linux-x64

This test is failed by a Key Length Error: EC key must be at least 256 bits, this test provides unsupported key sizes such as 112, 113, 128, 131, 160, 163, 191, 192, 193, 224, 233.

[WilburZjh]

java.security.spec.InvalidKeySpecException: Could not create EC private key

sun/security/pkcs11/ec/TestECDH2.java #611 linux-x64 sun/security/pkcs11/ec/TestECDSA2.java #611 linux-x64

FIPS can generate EC asymmetric keys, but it can't import them except secret keys. That's the reason why it is failed

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
	at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
	at sun.security.pkcs11.wrapper.PKCS11$InnerPKCS11.C_CreateObject(PKCS11.java:183)
	at sun.security.pkcs11.P11ECKeyFactory.generatePrivate(P11ECKeyFactory.java:277)
	at sun.security.pkcs11.P11ECKeyFactory.engineGeneratePrivate(P11ECKeyFactory.java:213)

[WilburZjh]

also this:

Existing Jars sign related

java/util/jar/JarFile/ScanSignedJar.java #611 linux-x64 java/util/jar/JarFile/TurkCert.java #611 linux-x64 java/util/jar/JarInputStream/ScanSignedJar.java #611 linux-x64 java/util/jar/JarInputStream/TestIndexedJarWithBadSignature.java #611 linux-x64

These tests get the existing signed jar from /test/jdk/java/util/jar/JarFile/ folder, and then invoke the JarEntry.getCertificates() method. But the return is null. The key used to sign these jar files are Sun DSA public key which is not a pkcs11key. So once we disable the signature engine in Sun and SunEC provider, these tests will fail.

[alon-sh]

@WilburZjh @pshipton it looks good, please merge so we can proceed with testing.