From ccd1b310f9310507d50957b0cddff5699ea92387 Mon Sep 17 00:00:00 2001 From: JinhangZhang Date: Tue, 14 Jan 2025 00:44:33 -0500 Subject: [PATCH] u --- test/jdk/javax/net/ssl/DTLS/CipherSuite.java | 4 +- .../net/ssl/DTLS/DTLSWontNegotiateV10.java | 4 +- .../javax/net/ssl/DTLS/WeakCipherSuite.java | 4 +- .../ssl/FixingJavadocs/ImplicitHandshake.java | 7 ++- .../CriticalSubjectAltName.java | 11 ++-- .../HttpsURLConnection/GetResponseCode.java | 7 ++- test/jdk/javax/net/ssl/SSLEngine/Arrays.java | 4 +- test/jdk/javax/net/ssl/SSLEngine/Basics.java | 4 +- .../ssl/SSLEngine/CheckTlsEngineResults.java | 3 +- .../net/ssl/SSLEngine/ConnectionTest.java | 3 +- .../net/ssl/SSLEngine/EngineCloseOnAlert.java | 3 +- .../javax/net/ssl/SSLEngine/LargeBufs.java | 3 +- .../net/ssl/SSLEngine/NoAuthClientAuth.java | 4 +- .../net/ssl/SSLEngine/TestAllSuites.java | 4 +- .../SSLParameters/UseCipherSuitesOrder.java | 11 ++-- ...tpsURLConnectionLocalCertificateChain.java | 7 ++- .../net/ssl/SSLSession/JSSERenegotiate.java | 9 +-- .../net/ssl/SSLSession/RenegotiateTLS13.java | 7 ++- .../ssl/SSLSession/SSLCtxAccessToSessCtx.java | 7 ++- .../ssl/SSLSession/SessionCacheSizeTests.java | 7 ++- .../ssl/SSLSession/SessionTimeOutTests.java | 7 ++- .../ssl/SSLSession/TestEnabledProtocols.java | 2 +- .../net/ssl/SSLSocket/ClientExcOnAlert.java | 3 +- .../ServerName/BestEffortOnLazyConnected.java | 7 ++- .../net/ssl/ServerName/SSLEngineExplorer.java | 4 +- .../ServerName/SSLSocketConsistentSNI.java | 7 ++- .../net/ssl/ServerName/SSLSocketExplorer.java | 10 ++-- .../ServerName/SSLSocketExplorerFailure.java | 3 +- .../SSLSocketExplorerMatchedSNI.java | 7 ++- .../SSLSocketExplorerWithCliSNI.java | 7 ++- .../SSLSocketExplorerWithSrvSNI.java | 7 ++- .../ssl/ServerName/SSLSocketSNISensitive.java | 5 +- .../TLSCommon/ConcurrentClientAccessTest.java | 4 +- test/jdk/javax/net/ssl/TLSCommon/TLSTest.java | 8 +-- .../javax/net/ssl/TLSCommon/TLSWithEdDSA.java | 6 +- .../TLSCommon/TestSessionLocalPrincipal.java | 4 +- .../TLSv11/EmptyCertificateAuthorities.java | 4 +- .../net/ssl/TLSv11/GenericBlockCipher.java | 4 +- .../net/ssl/TLSv11/GenericStreamCipher.java | 4 +- .../net/ssl/TLSv12/DisabledShortDSAKeys.java | 2 +- .../net/ssl/TLSv12/DisabledShortRSAKeys.java | 6 +- .../javax/net/ssl/TLSv12/ProtocolFilter.java | 8 +-- .../javax/net/ssl/TLSv12/ShortRSAKey512.java | 4 +- .../javax/net/ssl/TLSv12/ShortRSAKeyGCM.java | 6 +- .../net/ssl/TLSv12/SignatureAlgorithms.java | 4 +- .../net/ssl/TLSv13/ClientHelloKeyShares.java | 4 +- .../javax/net/ssl/TLSv13/HRRKeyShares.java | 2 +- .../ssl/ciphersuites/DisabledAlgorithms.java | 2 +- .../ssl/finalize/SSLSessionFinalizeTest.java | 7 ++- .../ciphersuites/CheckCipherSuites.java | 2 +- .../SystemPropCipherSuitesOrder.java | 6 +- .../ciphersuites/TLSCipherSuitesOrder.java | 6 +- .../sanity/interop/ClientJSSEServerJSSE.java | 2 +- .../pluggability/CheckSSLContextExport.java | 4 +- test/lib/jdk/test/lib/Utils.java | 55 +++---------------- .../jdk/test/lib/security/SecurityUtils.java | 53 ++++++++++++++++++ 56 files changed, 212 insertions(+), 177 deletions(-) diff --git a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java index 16871773640..13b445aecf7 100644 --- a/test/jdk/javax/net/ssl/DTLS/CipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/CipherSuite.java @@ -65,7 +65,7 @@ public class CipherSuite extends DTLSOverDatagram { public static void main(String[] args) throws Exception { if (args.length > 1 && "re-enable".equals(args[1]) - && !(Utils.isFIPS())) { + && !(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } @@ -75,7 +75,7 @@ public static void main(String[] args) throws Exception { try { testCase.runTest(testCase); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if(!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); diff --git a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java index 03457cb9864..1a80f315a7c 100644 --- a/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java +++ b/test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java @@ -53,7 +53,7 @@ public class DTLSWontNegotiateV10 { public static void main(String[] args) throws Exception { if (args[0].equals(DTLSV_1_0) - && !(Utils.isFIPS())) { + && !(SecurityUtils.isFIPS())) { SecurityUtils.removeFromDisabledTlsAlgs(DTLSV_1_0); } @@ -77,7 +77,7 @@ public static void main(String[] args) throws Exception { } catch (SocketTimeoutException exc) { System.out.println("The server timed-out waiting for packets from the client."); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if(!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); diff --git a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java index 0f9295cb436..cc62d4df5cd 100644 --- a/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java +++ b/test/jdk/javax/net/ssl/DTLS/WeakCipherSuite.java @@ -55,7 +55,7 @@ public class WeakCipherSuite extends DTLSOverDatagram { public static void main(String[] args) throws Exception { // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); Security.setProperty("jdk.certpath.disabledAlgorithms", ""); } @@ -66,7 +66,7 @@ public static void main(String[] args) throws Exception { try { testCase.runTest(testCase); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if(!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); diff --git a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java index 09ea450c15d..b98c174fe7d 100644 --- a/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java +++ b/test/jdk/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java @@ -39,6 +39,7 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ImplicitHandshake { @@ -194,9 +195,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); System.setProperty("javax.net.ssl.keyStorePassword", passwd); diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java index d502c5319ff..6d8d8d77d39 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java @@ -55,6 +55,7 @@ import java.security.cert.Certificate; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class CriticalSubjectAltName implements HostnameVerifier { /* @@ -162,7 +163,7 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); Security.setProperty("jdk.tls.disabledAlgorithms", @@ -176,9 +177,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); @@ -195,7 +196,7 @@ public static void main(String[] args) throws Exception { try { new CriticalSubjectAltName(); } catch (Exception e) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (e instanceof java.security.cert.CertPathValidatorException) { if ("Algorithm constraints check failed on signature algorithm: MD5withRSA".equals(e.getMessage())) { System.out.println("MD5withRSA is not a supported signature algorithm."); diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java index 310cc7303ff..43cdbe86c31 100644 --- a/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/GetResponseCode.java @@ -39,6 +39,7 @@ import java.security.cert.Certificate; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class GetResponseCode implements HostnameVerifier { /* @@ -152,9 +153,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java index 75039b2160f..314b5a30bdd 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Arrays.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Arrays.java @@ -189,7 +189,7 @@ public static void main(String args[]) throws Exception { contextVersion = args[0]; // Re-enable context version if it is disabled. // If context version is SSLv3, TLSv1 needs to be re-enabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { if (contextVersion.equals("SSLv3")) { SecurityUtils.removeFromDisabledTlsAlgs("TLSv1"); } else if (contextVersion.equals("TLSv1") || @@ -207,7 +207,7 @@ public static void main(String args[]) throws Exception { try { test.runTest(); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if(!SecurityUtils.TLS_PROTOCOLS.contains(contextVersion)) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); diff --git a/test/jdk/javax/net/ssl/SSLEngine/Basics.java b/test/jdk/javax/net/ssl/SSLEngine/Basics.java index e5fcf225d55..95e22357076 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/Basics.java +++ b/test/jdk/javax/net/ssl/SSLEngine/Basics.java @@ -58,13 +58,13 @@ public class Basics { "/" + TRUSTSTORE_FILE; public static void main(String[] args) throws Exception { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); runTest("TLSv1.1", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); } runTest("TLSv1.3", "TLS_AES_256_GCM_SHA384"); - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { runTest("TLSv1.2", "TLS_RSA_WITH_AES_256_GCM_SHA384"); } } diff --git a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java index 93447ec3b3e..e38126c2126 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java +++ b/test/jdk/javax/net/ssl/SSLEngine/CheckTlsEngineResults.java @@ -41,6 +41,7 @@ import java.nio.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class CheckTlsEngineResults { @@ -128,7 +129,7 @@ private void test() throws Exception { SSLEngineResult result1; // clientEngine's results from last operation SSLEngineResult result2; // serverEngine's results from last operation String[] suite1; - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { suite1 = new String [] { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }; } else { diff --git a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java index 066a06b3bef..ec0d1520db0 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java +++ b/test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java @@ -45,6 +45,7 @@ import java.nio.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ConnectionTest { @@ -600,7 +601,7 @@ private static void log(Object msg) { public static void main(String args[]) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } diff --git a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java index e25b3cb2473..178df409ba7 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java @@ -39,6 +39,7 @@ import static javax.net.ssl.SSLEngineResult.HandshakeStatus.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class EngineCloseOnAlert { @@ -56,7 +57,7 @@ public class EngineCloseOnAlert { private static KeyManagerFactory KMF; private static TrustManagerFactory TMF; - private static final String[] ONECIPHER = (Utils.isFIPS()) ? + private static final String[] ONECIPHER = (SecurityUtils.isFIPS()) ? new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" } : new String[] { "TLS_RSA_WITH_AES_128_CBC_SHA" }; diff --git a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java index 6afcc648261..4d0ac5e904d 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java +++ b/test/jdk/javax/net/ssl/SSLEngine/LargeBufs.java @@ -44,6 +44,7 @@ import java.util.Random; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class LargeBufs { @@ -185,7 +186,7 @@ private void runTest(String cipher) throws Exception { public static void main(String args[]) throws Exception { LargeBufs test; - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); diff --git a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java index 74860fa2120..6b7edeafb78 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java +++ b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java @@ -144,7 +144,7 @@ public class NoAuthClientAuth { * Main entry point for this test. */ public static void main(String args[]) throws Exception { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); tlsProtocol = args[0]; } else { @@ -164,7 +164,7 @@ public static void main(String args[]) throws Exception { try { test.runTest(); } catch (java.lang.IllegalArgumentException iae) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (tlsProtocol == null) { if ("Unsupported protocolnull".equals(iae.getMessage())) { System.out.println("Expected exception msg: is caught"); diff --git a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java index c4e4e3d8dcc..95832ae9d5b 100644 --- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java +++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java @@ -92,7 +92,7 @@ private void createSSLEngines() { private void test() throws Exception { List tmpCipherSuites = new ArrayList<>(); String [] suites; - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { for (String ciphersuite : clientEngine.getEnabledCipherSuites()) { if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(ciphersuite)) { continue; @@ -243,7 +243,7 @@ public static void main(String args[]) throws Exception { if (args.length < 1) { throw new RuntimeException("Missing TLS protocol parameter."); } - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { switch(args[0]) { case "TLSv1.1" -> SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); case "TLSv1.3" -> SecurityUtils.addToDisabledTlsAlgs("TLSv1.2"); diff --git a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java index baf768a2ad4..3f9b58f5560 100644 --- a/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java @@ -41,6 +41,7 @@ import java.util.Arrays; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class UseCipherSuitesOrder { @@ -177,7 +178,7 @@ private static void parseArguments(String[] args) throws Exception { throw new Exception("Need to enable at least two cipher suites"); } - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { cliEnabledCipherSuites = new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"}; } @@ -204,7 +205,7 @@ private static void parseArguments(String[] args) throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } @@ -218,9 +219,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java index 5ae7b17ad5e..7d2467c46dd 100644 --- a/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java +++ b/test/jdk/javax/net/ssl/SSLSession/HttpsURLConnectionLocalCertificateChain.java @@ -44,6 +44,7 @@ import java.security.cert.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class HttpsURLConnectionLocalCertificateChain implements HandshakeCompletedListener, @@ -247,9 +248,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java index 31225107ec0..8bee221b1b0 100644 --- a/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java +++ b/test/jdk/javax/net/ssl/SSLSession/JSSERenegotiate.java @@ -42,6 +42,7 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class JSSERenegotiate { @@ -196,7 +197,7 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the cipher suites // used in this test are not disabled - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } @@ -207,9 +208,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); suite1 = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; suite2 = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; } else { diff --git a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java index 7b5262fb1c6..3ecbfc30c22 100644 --- a/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java +++ b/test/jdk/javax/net/ssl/SSLSession/RenegotiateTLS13.java @@ -42,6 +42,7 @@ import java.security.SecureRandom; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class RenegotiateTLS13 { @@ -142,9 +143,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java index a05f925690a..40edeb939e6 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java +++ b/test/jdk/javax/net/ssl/SSLSession/SSLCtxAccessToSessCtx.java @@ -42,6 +42,7 @@ import java.security.KeyStore; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLCtxAccessToSessCtx { @@ -175,9 +176,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java index b3203d07ae0..d38be4a506b 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionCacheSizeTests.java @@ -41,6 +41,7 @@ import java.security.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; /** * Session cache size tests cover the following cases: @@ -308,9 +309,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java index e4fb9410e9f..2c62226e6f7 100644 --- a/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java +++ b/test/jdk/javax/net/ssl/SSLSession/SessionTimeOutTests.java @@ -43,6 +43,7 @@ import java.util.concurrent.TimeUnit; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; /** * Session reuse time-out tests cover the cases below: @@ -335,9 +336,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java index c4aa2c915a9..287cd8dbb66 100644 --- a/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java +++ b/test/jdk/javax/net/ssl/SSLSession/TestEnabledProtocols.java @@ -169,7 +169,7 @@ private void failTest(Exception e, String message) { } public static void main(String[] args) throws Exception { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); runCase(new String[] { "TLSv1" }, new String[] { "TLSv1" }, diff --git a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java index 7e3647f4d73..4076a4c1f5b 100644 --- a/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java +++ b/test/jdk/javax/net/ssl/SSLSocket/ClientExcOnAlert.java @@ -60,6 +60,7 @@ import java.security.cert.X509Certificate; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class ClientExcOnAlert { // This is a PKCS#12 keystore created with the following command: @@ -213,7 +214,7 @@ static void doServerSide() throws Exception { SSLContext sslc = SSLContext.getInstance("TLS"); log("doServerSide start"); KeyManagerFactory kmf; - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { kmf = createKeyManagerFactory(KEYSTORE_PEM, KEYSTORE_PASS); } else { diff --git a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java index 46dd8d629c2..c62d8bc4190 100644 --- a/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java +++ b/test/jdk/javax/net/ssl/ServerName/BestEffortOnLazyConnected.java @@ -39,6 +39,7 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class BestEffortOnLazyConnected { @@ -174,9 +175,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java index 48d7fe00cfe..de9a2eef2dd 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java @@ -253,7 +253,7 @@ private static void parseArguments(String[] args) { public static void main(String args[]) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } @@ -269,7 +269,7 @@ public static void main(String args[]) throws Exception { try { new SSLEngineExplorer(); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (supportedProtocols == null || supportedProtocols.length == 0) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java index 1f1dd15fa82..76a7a457156 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketConsistentSNI.java @@ -42,6 +42,7 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSocketConsistentSNI { @@ -221,9 +222,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java index b5fbdbddc9a..34ff1565b6d 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java @@ -241,7 +241,7 @@ private static void parseArguments(String[] args) { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } @@ -252,9 +252,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); @@ -276,7 +276,7 @@ public static void main(String[] args) throws Exception { try { new SSLSocketExplorer(); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (supportedProtocols == null || supportedProtocols.length == 0) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java index 2ea95b3d78d..ee5c49e8dd6 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerFailure.java @@ -49,6 +49,7 @@ import java.security.Security; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerFailure { @@ -236,7 +237,7 @@ private static void parseArguments(String[] args) { volatile Exception clientException = null; public static void main(String[] args) throws Exception { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); Security.setProperty("jdk.certpath.disabledAlgorithms", ""); } diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java index 5d30d861ed1..76ee5c4afdd 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerMatchedSNI.java @@ -53,6 +53,7 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerMatchedSNI { @@ -294,9 +295,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java index 9907a06cb1e..1f0740634f6 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithCliSNI.java @@ -44,6 +44,7 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerWithCliSNI { @@ -271,9 +272,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java index ca677acfe62..f1e9722111c 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketExplorerWithSrvSNI.java @@ -44,6 +44,7 @@ import javax.net.ssl.*; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSocketExplorerWithSrvSNI { @@ -254,9 +255,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java index d1a3a218686..2ee63087f1c 100644 --- a/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java +++ b/test/jdk/javax/net/ssl/ServerName/SSLSocketSNISensitive.java @@ -58,6 +58,7 @@ import java.io.ByteArrayInputStream; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; // Note: this test case works only on TLS 1.2 and prior versions because of // the use of MD5withRSA signed certificate. @@ -441,7 +442,7 @@ private static SSLContext generateSSLContext(boolean isClient) public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); Security.setProperty("jdk.tls.disabledAlgorithms", @@ -462,7 +463,7 @@ public static void main(String[] args) throws Exception { try { new SSLSocketSNISensitive(); } catch (Exception e) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { // for (int i=0; i is caught."); return; @@ -639,7 +639,7 @@ private static void testKeyManager(String keyStoreSpec, String keyType, private static void runtest(String testNameFmt, SessionChecker cliChk, Class cliExpExc, SessionChecker servChk, Class servExpExc) { - // if (!(Utils.isFIPS())) { + // if (!(SecurityUtils.isFIPS())) { // TEST_PROTOS = List.of( // "TLSv1.3", "TLSv1.2"); // } diff --git a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java index 8d41182074b..7e222be8fbf 100644 --- a/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java +++ b/test/jdk/javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java @@ -60,7 +60,7 @@ public class TestSessionLocalPrincipal { public static void main(String[] args) throws Exception { String[] protocols = new String[]{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"}; - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } for (String tlsProtocol : protocols) { @@ -81,7 +81,7 @@ public static void main(String[] args) throws Exception { throw new RuntimeException(server.serverExc); } } catch (java.lang.RuntimeException re) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (!SecurityUtils.TLS_PROTOCOLS.contains(tlsProtocol)) { if (server.serverExc != null) { if (server.serverExc instanceof javax.net.ssl.SSLHandshakeException) { diff --git a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java index 7741cde0efc..a6278e5b84b 100644 --- a/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java +++ b/test/jdk/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java @@ -254,7 +254,7 @@ private void initialize() throws CertificateException { public static void main(String[] args) throws Exception { // MD5 is used in this test case, don't disable MD5 algorithm. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); Security.setProperty("jdk.tls.disabledAlgorithms", @@ -282,7 +282,7 @@ public static void main(String[] args) throws Exception { try { new EmptyCertificateAuthorities(); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); return; diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java index 91a81be9765..ef8fa6e43f4 100644 --- a/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java +++ b/test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java @@ -176,7 +176,7 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // Re-enable TLSv1.1 since test depends on it. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); } @@ -201,7 +201,7 @@ public static void main(String[] args) throws Exception { try { new GenericBlockCipher(); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); return; diff --git a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java index 6394e80c6fc..dd5f92502b3 100644 --- a/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java +++ b/test/jdk/javax/net/ssl/TLSv11/GenericStreamCipher.java @@ -182,7 +182,7 @@ void doClientSide() throws Exception { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); } @@ -207,7 +207,7 @@ public static void main(String[] args) throws Exception { try { new GenericStreamCipher(); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { System.out.println("Expected exception msg: is caught"); return; diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java index 6de3768863b..438db55a234 100644 --- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java +++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortDSAKeys.java @@ -178,7 +178,7 @@ protected ContextParameters getClientContextParameters() { volatile Exception clientException = null; public static void main(String[] args) throws Exception { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.certpath.disabledAlgorithms", "DSA keySize < 1024"); Security.setProperty("jdk.tls.disabledAlgorithms", diff --git a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java index 36e4c61aab6..409facf6d64 100644 --- a/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java +++ b/test/jdk/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java @@ -67,7 +67,7 @@ public DisabledShortRSAKeys(String tmAlgorithm, String enabledProtocol) { @Override public SSLContext createClientSSLContext() throws Exception { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { return createSSLContext(new Cert[]{Cert.CA_RSA_2048}, null, new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); } else { @@ -78,7 +78,7 @@ public SSLContext createClientSSLContext() throws Exception { @Override public SSLContext createServerSSLContext() throws Exception { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { return createSSLContext(new Cert[]{Cert.EE_RSA_2048}, null, new ContextParameters(enabledProtocol, tmAlgorithm, "NewSunX509")); } else { @@ -123,7 +123,7 @@ protected void runClientApplication(SSLSocket socket) throws Exception { } public static void main(String[] args) throws Exception { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.certpath.disabledAlgorithms", "RSA keySize < 1024"); Security.setProperty("jdk.tls.disabledAlgorithms", diff --git a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java index 152ac7aed87..78cb78bcd13 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java +++ b/test/jdk/javax/net/ssl/TLSv12/ProtocolFilter.java @@ -94,7 +94,7 @@ void doServerSide() throws Exception { (SSLServerSocket) sslssf.createServerSocket(serverPort); // Only enable cipher suites for TLS v1.2. - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { sslServerSocket.setEnabledCipherSuites( new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}); } else { @@ -172,9 +172,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java index c53ae0dd9b2..f2b16343912 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java +++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKey512.java @@ -173,7 +173,7 @@ private static void parseArguments(String[] args) { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); Security.setProperty("jdk.tls.disabledAlgorithms", "SSLv3, RC4, DH keySize < 768"); @@ -193,7 +193,7 @@ public static void main(String[] args) throws Exception { try { new ShortRSAKey512(); } catch (java.security.spec.InvalidKeySpecException ikse) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { System.out.println("Inappropriate key specification: RSA keys must be at least 1024 bits long"); return; } diff --git a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java index d5b38ad67f1..9913bcb05e8 100644 --- a/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java +++ b/test/jdk/javax/net/ssl/TLSv12/ShortRSAKeyGCM.java @@ -199,7 +199,7 @@ protected ContextParameters getClientContextParameters() { public static void main(String[] args) throws Exception { // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); Security.setProperty("jdk.tls.disabledAlgorithms", "SSLv3, RC4, DH keySize < 768"); @@ -214,7 +214,7 @@ public static void main(String[] args) throws Exception { */ parseArguments(args); - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (!SecurityUtils.TLS_CIPHERSUITES.containsKey(cipherSuite)) { System.out.println(cipherSuite + " is not supported."); return; @@ -227,7 +227,7 @@ public static void main(String[] args) throws Exception { try { new ShortRSAKeyGCM(); } catch (java.security.spec.InvalidKeySpecException ikse) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if ("Inappropriate key specification: RSA keys must be at least 1024 bits long".equals(ikse.getMessage())) { System.out.println("Expected exception msg: is caught"); return; diff --git a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java index ac8c5d986ca..2ac30cdab67 100644 --- a/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java +++ b/test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java @@ -139,7 +139,7 @@ void doClientSide() throws Exception { } Cert[] trustedCerts; - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { trustedCerts = new Cert[]{Cert.CA_RSA_2048}; } else { trustedCerts = new Cert[]{Cert.CA_DSA_SHA1_1024}; @@ -273,7 +273,7 @@ public static void main(String[] args) throws Exception { return; } - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { /* * Expose the target algorithms by diabling unexpected algorithms. */ diff --git a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java index f4120a9d6f5..239ced21e97 100644 --- a/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java +++ b/test/jdk/javax/net/ssl/TLSv13/ClientHelloKeyShares.java @@ -76,7 +76,7 @@ public static void main(String args[]) throws Exception { List expectedKeyShares = new ArrayList<>(); Arrays.stream(args).forEach(arg -> expectedKeyShares.add(Integer.valueOf(arg))); - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { expectedKeyShares.clear(); Map supportKeyShares = new HashMap<>(); supportKeyShares.put("secp256r1", 23); @@ -110,7 +110,7 @@ public static void main(String args[]) throws Exception { } catch (java.lang.ExceptionInInitializerError eiie) { Throwable cause = eiie.getCause(); if (cause instanceof java.lang.IllegalArgumentException) { - if (Utils.isFIPS() + if (SecurityUtils.isFIPS() && ("System property jdk.tls.namedGroups(" + System.getProperty("jdk.tls.namedGroups") + ") contains no supported named groups").equals(cause.getMessage())) { System.out.println("Expected msg is caught."); return; diff --git a/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java b/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java index cf5ab2224b4..39b1471510c 100644 --- a/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java +++ b/test/jdk/javax/net/ssl/TLSv13/HRRKeyShares.java @@ -312,7 +312,7 @@ private static void hrrKeyShareTest(int hrrNamedGroup, boolean expectedPass) if (!initialCh.suppVersions.contains(TLS_PROT_VER_13)) { throw new RuntimeException( "Missing TLSv1.3 protocol in supported_versions"); - } else if (!(Utils.isFIPS()) && + } else if (!(SecurityUtils.isFIPS()) && (!initialCh.keyShares.containsKey(NG_X25519) || !initialCh.keyShares.containsKey(NG_SECP256R1))) { throw new RuntimeException( diff --git a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java index affc358f62b..70bbaa09bc7 100644 --- a/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java +++ b/test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java @@ -135,7 +135,7 @@ public static void main(String[] args) throws Exception { checkFailure(DISABLED_CIPHERSUITES); break; case "empty": - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { return; } // reset jdk.tls.disabledAlgorithms diff --git a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java index 690b85a1811..e0076f7a6b3 100644 --- a/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java +++ b/test/jdk/javax/net/ssl/finalize/SSLSessionFinalizeTest.java @@ -44,6 +44,7 @@ import javax.net.ssl.SSLSocketFactory; import jdk.test.lib.Utils; +import jdk.test.lib.security.SecurityUtils; public class SSLSessionFinalizeTest { @@ -196,9 +197,9 @@ public static void main(String[] args) throws Exception { System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile; - if (Utils.isFIPS()) { - keyFilename = Utils.revertJKSToPKCS12(keyFilename, passwd); - trustFilename = Utils.revertJKSToPKCS12(trustFilename, passwd); + if (SecurityUtils.isFIPS()) { + keyFilename = SecurityUtils.revertJKSToPKCS12(keyFilename, passwd); + trustFilename = SecurityUtils.revertJKSToPKCS12(trustFilename, passwd); } System.setProperty("javax.net.ssl.keyStore", keyFilename); diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java index 09a36ced12c..941edf13bc1 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java @@ -279,7 +279,7 @@ public static void main(String[] args) throws Exception { String[] SUPPORTED; String[] FIPS; - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { ENABLED = ENABLED_FIPS; SUPPORTED = SUPPORTED_FIPS; } else if (args[0].equals("default")) { diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java index c43279527f8..5ce8fd7feef 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java @@ -83,7 +83,7 @@ public class SystemPropCipherSuitesOrder extends SSLSocketTemplate { public static void main(String[] args) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { // System.out.println(args[0] + " is not supported in FIPS 140-3."); // return; @@ -126,7 +126,7 @@ public static void main(String[] args) { try { new SystemPropCipherSuitesOrder(args[0]).run(); } catch (javax.net.ssl.SSLHandshakeException sslhe) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0]) || (servercipherSuites == null && clientcipherSuites == null)) { if ("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".equals(sslhe.getMessage())) { @@ -144,7 +144,7 @@ private SystemPropCipherSuitesOrder(String protocol) { this.protocol = protocol; // Re-enable protocol if disabled. if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { SecurityUtils.removeFromDisabledTlsAlgs(protocol); } } diff --git a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java index 240ceb3e97d..897318f17e2 100644 --- a/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java +++ b/test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java @@ -60,7 +60,7 @@ public class TLSCipherSuitesOrder extends SSLSocketTemplate { public static void main(String[] args) { PROTOCOL protocol = PROTOCOL.valueOf(args[0]); - // if (Utils.isFIPS()) { + // if (SecurityUtils.isFIPS()) { // if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { // System.out.println(args[0] + " is not supported in FIPS 140-3."); // return; @@ -71,7 +71,7 @@ public static void main(String[] args) { protocol.getCipherSuite(args[1]), protocol.getCipherSuite(args[2])).run(); } catch (javax.net.ssl.SSLHandshakeException sslex) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (!SecurityUtils.TLS_PROTOCOLS.contains(args[0])) { System.out.println(args[0] + " is not supported in FIPS 140-3."); } @@ -95,7 +95,7 @@ public static void main(String[] args) { private TLSCipherSuitesOrder(String protocol, String[] clientcipherSuites, String[] servercipherSuites) { // Re-enable protocol if it is disabled. - if (!Utils.isFIPS()) { + if (!SecurityUtils.isFIPS()) { if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) { SecurityUtils.removeFromDisabledTlsAlgs(protocol); } diff --git a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java index 179ab260d5a..0a0ca607221 100644 --- a/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java +++ b/test/jdk/javax/net/ssl/sanity/interop/ClientJSSEServerJSSE.java @@ -39,7 +39,7 @@ public class ClientJSSEServerJSSE { public static void main(String[] args) throws Exception { // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { Security.setProperty("jdk.tls.disabledAlgorithms", ""); Security.setProperty("jdk.certpath.disabledAlgorithms", ""); } diff --git a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java index 8a4e9e6afe1..1e5fae56e1b 100644 --- a/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java +++ b/test/jdk/javax/net/ssl/sanity/pluggability/CheckSSLContextExport.java @@ -49,7 +49,7 @@ public static void test(String protocol) throws Exception { String providerName = mySSLContext.getProvider().getName(); if (!providerName.equals("TestJSSEPluggability")) { - if (!(Utils.isFIPS())) { + if (!(SecurityUtils.isFIPS())) { System.out.println(providerName + "'s SSLContext is used"); throw new Exception("...used the wrong provider: " + providerName); } else { @@ -123,7 +123,7 @@ public static void main(String[] argv) throws Exception { try { test(protocols[i]); } catch (java.lang.IllegalStateException ise) { - if (Utils.isFIPS()) { + if (SecurityUtils.isFIPS()) { if (protocols[i].equals("SSL") && "SSLContext is not initialized".equals(ise.getMessage())) { System.out.println("SSL is not supported in FIPS140-3."); continue; diff --git a/test/lib/jdk/test/lib/Utils.java b/test/lib/jdk/test/lib/Utils.java index 55a15c97e41..33230a009e9 100644 --- a/test/lib/jdk/test/lib/Utils.java +++ b/test/lib/jdk/test/lib/Utils.java @@ -80,6 +80,7 @@ import static jdk.test.lib.Asserts.assertTrue; import jdk.test.lib.process.ProcessTools; import jdk.test.lib.process.OutputAnalyzer; +import jdk.test.lib.security.SecurityUtils; /** * Common library for various test helper functions. @@ -166,53 +167,6 @@ public final class Utils { */ public static final long SEED; - public static final String isFIPS = System.getProperty("semeru.fips"); - public static boolean isFIPS() { - System.out.println("semeru.fips is: " + System.getProperty("semeru.fips")); - return Boolean.parseBoolean(isFIPS); - } - - public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile"); - public static String getFipsProfile() { - System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile")); - return FIPS_PROFILE; - } - - public static String revertJKSToPKCS12(String keyFilename, String passwd) { - String p12keyFilename = keyFilename + ".p12"; - try { - KeyStore jksKeystore = KeyStore.getInstance("JKS"); - try (FileInputStream fis = new FileInputStream(keyFilename)) { - jksKeystore.load(fis, passwd.toCharArray()); - } - - KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12"); - pkcs12Keystore.load(null, null); - - Enumeration aliasesKey = jksKeystore.aliases(); - while (aliasesKey.hasMoreElements()) { - String alias = aliasesKey.nextElement(); - if (jksKeystore.isKeyEntry(alias)) { - char[] keyPassword = passwd.toCharArray(); - Key key = jksKeystore.getKey(alias, keyPassword); - Certificate[] chain = jksKeystore.getCertificateChain(alias); - pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain); - } else if (jksKeystore.isCertificateEntry(alias)) { - Certificate cert = jksKeystore.getCertificate(alias); - pkcs12Keystore.setCertificateEntry(alias, cert); - } - } - - try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) { - pkcs12Keystore.store(fos, passwd.toCharArray()); - } - System.out.println("JKS keystore converted to PKCS12 successfully."); - } catch (Exception e) { - e.printStackTrace(); - } - return p12keyFilename; - } - static { var seed = Long.getLong(SEED_PROPERTY_NAME); if (seed != null) { @@ -224,7 +178,12 @@ public static String revertJKSToPKCS12(String keyFilename, String passwd) { if (v.build().orElse(0) > 0) { // promotable build -> use 1st 8 bytes of md5($version) try { - var md = MessageDigest.getInstance("MD5"); + var md = MessageDigest.getInstance("SHA-256"); + System.out.println("System.getProperty(semeru.fips) is: " + System.getProperty("semeru.fips")); + if (!SecurityUtils.isFIPS()) { + System.out.println("Using MD5"); + md = MessageDigest.getInstance("MD5"); + } var bytes = v.toString() .getBytes(StandardCharsets.UTF_8); bytes = md.digest(bytes); diff --git a/test/lib/jdk/test/lib/security/SecurityUtils.java b/test/lib/jdk/test/lib/security/SecurityUtils.java index 47b60eb84a4..9d4622ca38e 100644 --- a/test/lib/jdk/test/lib/security/SecurityUtils.java +++ b/test/lib/jdk/test/lib/security/SecurityUtils.java @@ -32,6 +32,12 @@ import java.util.stream.Stream; import jdk.test.lib.security.DiffieHellmanGroup; import java.util.*; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.security.KeyStore; +import java.security.Key; +import java.security.cert.Certificate; +import java.util.Enumeration; /** * Common library for various security test helper functions. @@ -191,6 +197,53 @@ private SecurityUtils() {} public static final List TLS_PROTOCOLS = new ArrayList<>(); public static final Map TLS_CIPHERSUITES = new HashMap<>(); + public static final String isFIPS = System.getProperty("semeru.fips"); + public static boolean isFIPS() { + System.out.println("semeru.fips is: " + System.getProperty("semeru.fips")); + return Boolean.parseBoolean(isFIPS); + } + + public static final String FIPS_PROFILE = System.getProperty("semeru.customprofile"); + public static String getFipsProfile() { + System.out.println("semeru.customprofile is: " + System.getProperty("semeru.customprofile")); + return FIPS_PROFILE; + } + + public static String revertJKSToPKCS12(String keyFilename, String passwd) { + String p12keyFilename = keyFilename + ".p12"; + try { + KeyStore jksKeystore = KeyStore.getInstance("JKS"); + try (FileInputStream fis = new FileInputStream(keyFilename)) { + jksKeystore.load(fis, passwd.toCharArray()); + } + + KeyStore pkcs12Keystore = KeyStore.getInstance("PKCS12"); + pkcs12Keystore.load(null, null); + + Enumeration aliasesKey = jksKeystore.aliases(); + while (aliasesKey.hasMoreElements()) { + String alias = aliasesKey.nextElement(); + if (jksKeystore.isKeyEntry(alias)) { + char[] keyPassword = passwd.toCharArray(); + Key key = jksKeystore.getKey(alias, keyPassword); + Certificate[] chain = jksKeystore.getCertificateChain(alias); + pkcs12Keystore.setKeyEntry(alias, key, passwd.toCharArray(), chain); + } else if (jksKeystore.isCertificateEntry(alias)) { + Certificate cert = jksKeystore.getCertificate(alias); + pkcs12Keystore.setCertificateEntry(alias, cert); + } + } + + try (FileOutputStream fos = new FileOutputStream(p12keyFilename)) { + pkcs12Keystore.store(fos, passwd.toCharArray()); + } + System.out.println("JKS keystore converted to PKCS12 successfully."); + } catch (Exception e) { + e.printStackTrace(); + } + return p12keyFilename; + } + static { TLS_PROTOCOLS.add("TLSv1.2"); TLS_PROTOCOLS.add("TLSv1.3");