diff --git a/jdk/test/Makefile b/jdk/test/Makefile index cf1f4d9030e..8ec0938b6cd 100644 --- a/jdk/test/Makefile +++ b/jdk/test/Makefile @@ -544,7 +544,7 @@ JDK_ALL_TARGETS += jdk_security3 jdk_security3: $(call TestDirs, com/sun/security lib/security \ javax/security sun/security) $(call SharedLibraryPermissions,sun/security) - $(call RunOthervmBatch) + $(call RunSamevmBatch) # All security tests jdk_security: jdk_security1 jdk_security2 jdk_security3 diff --git a/jdk/test/ProblemList.txt b/jdk/test/ProblemList.txt index 2b9eaa9dc4a..419940bf0de 100644 --- a/jdk/test/ProblemList.txt +++ b/jdk/test/ProblemList.txt @@ -450,73 +450,20 @@ java/rmi/server/UnicastRemoteObject/unexportObject/UnexportLeak.java generic-all # jdk_security -# Filed 6986868 -sun/security/tools/jarsigner/crl.sh generic-all - -# Filed 6951285, not sure how often this fails, last was Linux 64bit Fedora 9 -sun/security/krb5/auto/MaxRetries.java generic-all - -# Filed 6950930, fails on windows 32bit c1 and windows 64bit -sun/security/krb5/auto/IgnoreChannelBinding.java windows-all - -# Filed 6950931, failing on all windows systems -sun/security/tools/jarsigner/crl.sh windows-all - -# Filed 6950929, only seemed to fail on solaris sparcv9 (-d64) -# Failed on Linux -server 32bit too, making generic -sun/security/krb5/auto/BadKdc4.java generic-all - # Failing on Solaris i586, 3/9/2010, not a -samevm issue (jdk_security3) sun/security/pkcs11/Secmod/AddPrivateKey.java solaris-i586 sun/security/pkcs11/ec/ReadCertificates.java solaris-i586 sun/security/pkcs11/ec/ReadPKCS12.java solaris-i586 sun/security/pkcs11/ec/TestCurves.java solaris-i586 sun/security/pkcs11/ec/TestECDSA.java solaris-i586 -sun/security/pkcs11/ec/TestECGenSpec.java solaris-i586 -sun/security/pkcs11/ec/TestKeyFactory.java solaris-i586 +#sun/security/pkcs11/ec/TestECGenSpec.java solaris-i586 +#sun/security/pkcs11/ec/TestKeyFactory.java solaris-i586 +sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java solaris-i586 -# Failing on Solaris X64 (-d64 -server) with: -# GSSException: Failure unspecified at GSS-API level -# (Mechanism level: Specified version of key is not available (44)) -sun/security/krb5/auto/BasicKrb5Test.java generic-all +# Directly references PKCS11 class +sun/security/pkcs11/Provider/Absolute.java windows-x64 -# Solaris X86 failures, readjar.jks: No such file or directory -sun/security/tools/keytool/readjar.sh generic-all - -# Fails with -ea -esa, but only on Solaris sparc? Suspect it is timing out -sun/security/tools/keytool/standard.sh generic-all - -# Fails on Solaris 10 X64, address already in use -sun/security/krb5/auto/HttpNegotiateServer.java generic-all - -# Fails on almost all platforms -# java.lang.UnsupportedClassVersionError: SerialTest : -# Unsupported major.minor version 51.0 -# at java.lang.ClassLoader.defineClass1(Native Method) -sun/security/util/Oid/S11N.sh generic-all - -# Fails on Fedora 9 32bit -# GSSException: Failure unspecified at GSS-API level (Mechanism level: -# Invalid argument (400) - Cannot find key of appropriate type to decrypt -# AP REP - DES CBC mode with MD5) -# at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:778) -sun/security/krb5/auto/NonMutualSpnego.java generic-all - -# Fails on Solaris 10 sparc, GSSException: Failure unspecified at GSS-API level -# Also fails on Windows 2000 similar way -sun/security/krb5/auto/ok-as-delegate.sh generic-all - -# Fails on Windows 2000, GSSException: Failure unspecified at GSS-API level -# (Mechanism level: Request is a replay (34)) -sun/security/krb5/auto/ok-as-delegate-xrealm.sh generic-all - -# Fails on Windows 2000, ExceptionInInitializerError -sun/security/mscapi/AccessKeyStore.sh generic-all - -# Fails on Solaris 10, KrbException: Additional pre-authentication required (25) -sun/security/krb5/auto/basic.sh generic-all - -# Fails on Fedora 9 64bit, PKCS11Exception: CKR_DEVICE_ERROR +# Fails on Fedora 9/Ubuntu 10.04 64bit, PKCS11Exception: CKR_DEVICE_ERROR sun/security/pkcs11/KeyAgreement/TestDH.java generic-all # Run too slow on Solaris 10 sparc @@ -525,18 +472,10 @@ sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientTimeout.java s sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ServerTimeout.java solaris-sparc sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java solaris-sparc sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NotifyHandshakeTest.sh solaris-sparc -sun/security/tools/keytool/AltProviderPath.sh solaris-sparc # Solaris 10 sparc, passed/failed confusion? java.security.ProviderException: update() failed sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java generic-all -# Seem really slow on Solaris sparc, being excluded just for timing reasons -sun/security/tools/jarsigner/AlgOptions.sh solaris-sparc -sun/security/tools/jarsigner/nameclash.sh solaris-sparc -sun/security/krb5/auto/basic.sh solaris-sparc -sun/security/provider/PolicyFile/getinstance/getinstance.sh solaris-sparc -sun/security/tools/jarsigner/samename.sh solaris-sparc - # Othervm, sparc, NoRouteToHostException: Cannot assign requested address sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all @@ -544,49 +483,13 @@ sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all # Solaris sparc and sparcv9 -server, timeout sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java generic-all -# Failed on solaris 10 sparc, othervm mode, "js.jks: No such file or directory" -# Also, cannot verify signature on solaris i586 -server -sun/security/tools/jarsigner/concise_jarsigner.sh generic-all - # Various failures on Linux Fedora 9 X64, othervm mode -lib/security/cacerts/VerifyCACerts.java generic-all sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/TestAllSuites.java generic-all sun/security/ssl/sanity/ciphersuites/CheckCipherSuites.java generic-all -sun/security/tools/jarsigner/oldsig.sh generic-all # Various failures on Linux Fedora 9 X64, othervm mode sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java generic-all -# Solaris sparcv9: Failed to parse input emptysubject.jks: No such file or directory -sun/security/tools/keytool/emptysubject.sh generic-all - -# Fails on OpenSolaris, missing classes, slow on Solaris sparc -sun/security/ec/TestEC.java generic-all - -# Problems with windows x64 -sun/security/mscapi/IsSunMSCAPIAvailable.sh windows-x64 -sun/security/mscapi/RSAEncryptDecrypt.sh windows-x64 - -# Exception in test solaris-sparc -client -server, no windows -sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java solaris-all - -# Solaris sparc client, fails to compile? -sun/security/pkcs11/KeyStore/SecretKeysBasic.sh solaris-all - -# Fails on OpenSolaris java.net.BindException: Address already in use -sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java generic-all - -# Timeout on solaris-sparcv9 or ArrayIndexOutOfBoundsException? -sun/security/rsa/TestKeyPairGeneratorLength.java solaris-all -sun/security/rsa/TestSignatures.java solaris-all - -# Do not seem to run on windows machines? dll missing? -sun/security/tools/jarsigner/emptymanifest.sh windows-all - -# Files does not exist or no encoding? solaris-sparcv9 -sun/security/tools/keytool/importreadall.sh solaris-all -sun/security/tools/keytool/selfissued.sh solaris-all - ############################################################################ # jdk_swing (not using samevm) diff --git a/jdk/test/com/sun/security/auth/login/ConfigFile/IllegalURL.java b/jdk/test/com/sun/security/auth/login/ConfigFile/IllegalURL.java index f0915483133..5e7fb6e1b45 100644 --- a/jdk/test/com/sun/security/auth/login/ConfigFile/IllegalURL.java +++ b/jdk/test/com/sun/security/auth/login/ConfigFile/IllegalURL.java @@ -43,8 +43,9 @@ public class IllegalURL { static void use(String f) throws Exception { System.out.println("Testing " + f + "..."); System.setProperty("java.security.auth.login.config", f); - try { - new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar)); + try (FileInputStream fis = + new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar))) { + // do nothing } catch (Exception e) { System.out.println("Even old implementation does not support it. Ignored."); return; diff --git a/jdk/test/java/security/testlibrary/Providers.java b/jdk/test/java/security/testlibrary/Providers.java new file mode 100644 index 00000000000..b3e9f3e96b6 --- /dev/null +++ b/jdk/test/java/security/testlibrary/Providers.java @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.Provider; +import java.security.Security; + +public class Providers { + public static void setAt(Provider p, int pos) throws Exception { + if (Security.getProvider(p.getName()) != null) { + Security.removeProvider(p.getName()); + } + if (Security.insertProviderAt(p, pos) == -1) { + throw new Exception("cannot setAt"); + } + } +} diff --git a/jdk/test/javax/security/auth/login/LoginContext/ResetConfigModule.java b/jdk/test/javax/security/auth/login/LoginContext/ResetConfigModule.java index cb1af296e99..b0f372f48ca 100644 --- a/jdk/test/javax/security/auth/login/LoginContext/ResetConfigModule.java +++ b/jdk/test/javax/security/auth/login/LoginContext/ResetConfigModule.java @@ -25,7 +25,6 @@ * @test * @bug 4633622 * @summary bug in LoginContext when Configuration is subclassed - * * @build ResetConfigModule ResetModule * @run main ResetConfigModule */ @@ -40,32 +39,42 @@ public class ResetConfigModule { public static void main(String[] args) throws Exception { - Configuration.setConfiguration(new MyConfig()); + Configuration previousConf = Configuration.getConfiguration(); + ClassLoader previousCL = Thread.currentThread().getContextClassLoader(); - LoginContext lc = new LoginContext("test"); try { - lc.login(); - throw new SecurityException("test 1 failed"); - } catch (LoginException le) { - if (le.getCause() != null && - le.getCause() instanceof SecurityException) { - System.out.println("good so far"); - } else { - throw le; - } - } + Thread.currentThread().setContextClassLoader( + ResetConfigModule.class.getClassLoader()); + Configuration.setConfiguration(new MyConfig()); - LoginContext lc2 = new LoginContext("test2"); - try { - lc2.login(); - throw new SecurityException("test 2 failed"); - } catch (LoginException le) { - if (le.getCause() != null && - le.getCause() instanceof SecurityException) { - System.out.println("test succeeded"); - } else { - throw le; + LoginContext lc = new LoginContext("test"); + try { + lc.login(); + throw new SecurityException("test 1 failed"); + } catch (LoginException le) { + if (le.getCause() != null && + le.getCause() instanceof SecurityException) { + System.out.println("good so far"); + } else { + throw le; + } } + + LoginContext lc2 = new LoginContext("test2"); + try { + lc2.login(); + throw new SecurityException("test 2 failed"); + } catch (LoginException le) { + if (le.getCause() != null && + le.getCause() instanceof SecurityException) { + System.out.println("test succeeded"); + } else { + throw le; + } + } + } finally { + Configuration.setConfiguration(previousConf); + Thread.currentThread().setContextClassLoader(previousCL); } } } diff --git a/jdk/test/sun/security/ec/TestEC.java b/jdk/test/sun/security/ec/TestEC.java index 3c4a8950627..c23980d14ff 100644 --- a/jdk/test/sun/security/ec/TestEC.java +++ b/jdk/test/sun/security/ec/TestEC.java @@ -28,11 +28,13 @@ * @library ../pkcs11 * @library ../pkcs11/ec * @library ../pkcs11/sslecc + * @library ../../../java/security/testlibrary * @compile -XDignore.symbol.file TestEC.java * @run main TestEC */ import java.security.Provider; +import java.security.Security; /* * Leverage the collection of EC tests used by PKCS11 @@ -51,6 +53,15 @@ import java.security.Provider; public class TestEC { public static void main(String[] args) throws Exception { + ProvidersSnapshot snapshot = ProvidersSnapshot.create(); + try { + main0(args); + } finally { + snapshot.restore(); + } + } + + public static void main0(String[] args) throws Exception { Provider p = new sun.security.ec.SunEC(); System.out.println("Running tests with " + p.getName() + " provider...\n"); @@ -67,6 +78,11 @@ public class TestEC { new TestECGenSpec().main(p); new ReadPKCS12().main(p); new ReadCertificates().main(p); + + // ClientJSSEServerJSSE fails on Solaris 11 when both SunEC and + // SunPKCS11-Solaris providers are enabled. + // Workaround: + // Security.removeProvider("SunPKCS11-Solaris"); new ClientJSSEServerJSSE().main(p); long stop = System.currentTimeMillis(); diff --git a/jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java b/jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java index 998f50d339f..2dcedc482f9 100644 --- a/jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java +++ b/jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java @@ -36,7 +36,7 @@ public class NoSpnegoAsDefMech { public static void main(String[] argv) throws Exception { System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString()); try { - GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2")); + GSSManager.getInstance().createName("service@localhost", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2")); } catch (GSSException e) { // This is OK, for example, krb5.conf is missing or other problems } diff --git a/jdk/test/sun/security/pkcs11/PKCS11Test.java b/jdk/test/sun/security/pkcs11/PKCS11Test.java index 820435c15f1..fc0eae01272 100644 --- a/jdk/test/sun/security/pkcs11/PKCS11Test.java +++ b/jdk/test/sun/security/pkcs11/PKCS11Test.java @@ -72,10 +72,33 @@ public abstract class PKCS11Test { } public static void main(PKCS11Test test) throws Exception { - System.out.println("Beginning test run " + test.getClass().getName() + "..."); - testDefault(test); - testNSS(test); - testDeimos(test); + Provider[] oldProviders = Security.getProviders(); + try { + System.out.println("Beginning test run " + test.getClass().getName() + "..."); + testDefault(test); + testNSS(test); + testDeimos(test); + } finally { + Provider[] newProviders = Security.getProviders(); + // Do not restore providers if nothing changed. This is especailly + // useful for ./Provider/Login.sh, where a SecurityManager exists. + if (oldProviders.length == newProviders.length) { + boolean found = false; + for (int i = 0; i 0) && args[0].equals("sh")) { + relPath = pathToStoresSH; + } else { + relPath = pathToStores; + } + PATH = new File(System.getProperty("test.src", "."), relPath); + CipherTest.peerFactory = peerFactory; + System.out.print( + "Initializing test '" + peerFactory.getName() + "'..."); +// secureRandom = new SecureRandom(); +// secureRandom.nextInt(); +// trustStore = readKeyStore(trustStoreFile); + CipherTest.keyStore = keyStore; +// keyStore = readKeyStore(keyStoreFile); + KeyManagerFactory keyFactory = + KeyManagerFactory.getInstance( + KeyManagerFactory.getDefaultAlgorithm()); + keyFactory.init(keyStore, "test12".toCharArray()); + keyManager = (X509ExtendedKeyManager)keyFactory.getKeyManagers()[0]; - long time = System.currentTimeMillis(); - String relPath; - if ((args != null) && (args.length > 0) && args[0].equals("sh")) { - relPath = pathToStoresSH; - } else { - relPath = pathToStores; + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(keyStore); + trustManager = (X509TrustManager)tmf.getTrustManagers()[0]; + +// trustManager = new AlwaysTrustManager(); + SSLContext context = SSLContext.getInstance("TLS"); + context.init(new KeyManager[] {keyManager}, + new TrustManager[] {trustManager}, null); + SSLContext.setDefault(context); + + CipherTest cipherTest = new CipherTest(peerFactory); + Thread serverThread = new Thread(peerFactory.newServer(cipherTest), + "Server"); + serverThread.setDaemon(true); + serverThread.start(); + System.out.println("Done"); + cipherTest.run(); + time = System.currentTimeMillis() - time; + System.out.println("Done. (" + time + " ms)"); + } finally { + SSLContext.setDefault(reservedSSLContext); } - PATH = new File(System.getProperty("test.src", "."), relPath); - CipherTest.peerFactory = peerFactory; - System.out.print( - "Initializing test '" + peerFactory.getName() + "'..."); -// secureRandom = new SecureRandom(); -// secureRandom.nextInt(); -// trustStore = readKeyStore(trustStoreFile); - CipherTest.keyStore = keyStore; -// keyStore = readKeyStore(keyStoreFile); - KeyManagerFactory keyFactory = - KeyManagerFactory.getInstance( - KeyManagerFactory.getDefaultAlgorithm()); - keyFactory.init(keyStore, "test12".toCharArray()); - keyManager = (X509ExtendedKeyManager)keyFactory.getKeyManagers()[0]; - - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(keyStore); - trustManager = (X509TrustManager)tmf.getTrustManagers()[0]; - -// trustManager = new AlwaysTrustManager(); - SSLContext context = SSLContext.getInstance("TLS"); - context.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null); - SSLContext.setDefault(context); - - CipherTest cipherTest = new CipherTest(peerFactory); - Thread serverThread = new Thread(peerFactory.newServer(cipherTest), - "Server"); - serverThread.setDaemon(true); - serverThread.start(); - System.out.println("Done"); - cipherTest.run(); - time = System.currentTimeMillis() - time; - System.out.println("Done. (" + time + " ms)"); } static abstract class PeerFactory { diff --git a/jdk/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java b/jdk/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java index e32febeecbe..4cf931d969e 100644 --- a/jdk/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java +++ b/jdk/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java @@ -26,6 +26,7 @@ * @bug 6313675 6323647 * @summary Verify that all ciphersuites work in FIPS mode * @library .. + * @run main/othervm ClientJSSEServerJSSE * @ignore JSSE supported cipher suites are changed with CR 6916074, * need to update this test case in JDK 7 soon * @author Andreas Sterbenz diff --git a/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java index b476afc56db..81fba236ce2 100644 --- a/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java +++ b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java @@ -27,6 +27,7 @@ * @summary Verify that the SunJSSE trustmanager works correctly in FIPS mode * @author Andreas Sterbenz * @library .. + * @run main/othervm TrustManagerTest */ import java.io.*; diff --git a/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java index 02ec40cbbd7..188b94cd6aa 100644 --- a/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java +++ b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java @@ -48,32 +48,35 @@ public class TestCACerts extends PKCS11Test { public void main(Provider p) throws Exception { long start = System.currentTimeMillis(); Security.addProvider(p); - String PROVIDER = p.getName(); - String javaHome = System.getProperty("java.home"); - String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts"; - InputStream in = new FileInputStream(caCerts); - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(in, null); - in.close(); - for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { - String alias = (String)e.nextElement(); - if (ks.isCertificateEntry(alias)) { - System.out.println("* Testing " + alias + "..."); - X509Certificate cert = (X509Certificate)ks.getCertificate(alias); - PublicKey key = cert.getPublicKey(); - String alg = key.getAlgorithm(); - if (alg.equals("RSA")) { - System.out.println("Signature algorithm: " + cert.getSigAlgName()); - cert.verify(key, PROVIDER); + try { + String PROVIDER = p.getName(); + String javaHome = System.getProperty("java.home"); + String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts"; + InputStream in = new FileInputStream(caCerts); + KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); + ks.load(in, null); + in.close(); + for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { + String alias = (String)e.nextElement(); + if (ks.isCertificateEntry(alias)) { + System.out.println("* Testing " + alias + "..."); + X509Certificate cert = (X509Certificate)ks.getCertificate(alias); + PublicKey key = cert.getPublicKey(); + String alg = key.getAlgorithm(); + if (alg.equals("RSA")) { + System.out.println("Signature algorithm: " + cert.getSigAlgName()); + cert.verify(key, PROVIDER); + } else { + System.out.println("Skipping cert with key: " + alg); + } } else { - System.out.println("Skipping cert with key: " + alg); + System.out.println("Skipping alias " + alias); } - } else { - System.out.println("Skipping alias " + alias); } + long stop = System.currentTimeMillis(); + System.out.println("All tests passed (" + (stop - start) + " ms)."); + } finally { + Security.removeProvider(p.getName()); } - long stop = System.currentTimeMillis(); - System.out.println("All tests passed (" + (stop - start) + " ms)."); } - } diff --git a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java index 0f2c360fbb2..c940d562dfa 100644 --- a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java +++ b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java @@ -27,6 +27,7 @@ * @summary Verify that all ciphersuites work (incl. ECC using NSS crypto) * @author Andreas Sterbenz * @library .. + * @library ../../../../java/security/testlibrary */ import java.security.*; @@ -45,7 +46,7 @@ public class ClientJSSEServerJSSE extends PKCS11Test { System.out.println("Provider does not support EC, skipping"); return; } - Security.insertProviderAt(p, 1); + Providers.setAt(p, 1); CipherTest.main(new JSSEFactory(), cmdArgs); Security.removeProvider(p.getName()); } diff --git a/jdk/test/sun/security/pkcs12/PKCS12SameKeyId.java b/jdk/test/sun/security/pkcs12/PKCS12SameKeyId.java index a7d5f51f743..0d06d730f58 100644 --- a/jdk/test/sun/security/pkcs12/PKCS12SameKeyId.java +++ b/jdk/test/sun/security/pkcs12/PKCS12SameKeyId.java @@ -86,7 +86,9 @@ public class PKCS12SameKeyId { // Reads from JKS keystore and pre-calculate KeyStore ks = KeyStore.getInstance("jks"); - ks.load(new FileInputStream(JKSFILE), PASSWORD); + try (FileInputStream fis = new FileInputStream(JKSFILE)) { + ks.load(fis, PASSWORD); + } for (int i=0; i(); - cookies.put("Cookie", - "$Version=\"1\"; Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\""); - cookies.put("Set-Cookie2", - "$Version=\"1\"; Part_Number=\"Riding_Rocket_0023\"; " + - "$Path=\"/acme/ammo\"; Part_Number=\"Rocket_Launcher_0001\"; "+ - "$Path=\"/acme\""); - CookieHandler.setDefault(new MyCookieHandler()); - new CookieHandlerTest(); + /* + * Start the tests. + */ + cookies = new HashMap(); + cookies.put("Cookie", + "$Version=\"1\"; Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\""); + cookies.put("Set-Cookie2", + "$Version=\"1\"; Part_Number=\"Riding_Rocket_0023\"; " + + "$Path=\"/acme/ammo\"; Part_Number=\"Rocket_Launcher_0001\"; "+ + "$Path=\"/acme\""); + CookieHandler.setDefault(new MyCookieHandler()); + new CookieHandlerTest(); + } finally { + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); + CookieHandler.setDefault(reservedCookieHandler); + } } Thread clientThread = null; diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java index 68104f3a7b9..68647c5719a 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java @@ -22,8 +22,12 @@ */ /* @test - * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 + * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 + * @run main/othervm DNSIdentities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -691,34 +695,39 @@ public class DNSIdentities { * to avoid infinite hangs. */ void doClientSide() throws Exception { - SSLContext context = getSSLContext(trusedCertStr, clientCertStr, - clientModulus, clientPrivateExponent, passphrase); - - SSLContext.setDefault(context); - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - HttpsURLConnection http = null; - - /* establish http connection to server */ - URL url = new URL("https://localhost:" + serverPort+"/"); - System.out.println("url is "+url.toString()); - + SSLContext reservedSSLContext = SSLContext.getDefault(); try { - http = (HttpsURLConnection)url.openConnection(); + SSLContext context = getSSLContext(trusedCertStr, clientCertStr, + clientModulus, clientPrivateExponent, passphrase); - int respCode = http.getResponseCode(); - System.out.println("respCode = "+respCode); - } finally { - if (http != null) { - http.disconnect(); + SSLContext.setDefault(context); + + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); } - closeReady = true; + + HttpsURLConnection http = null; + + /* establish http connection to server */ + URL url = new URL("https://localhost:" + serverPort+"/"); + System.out.println("url is "+url.toString()); + + try { + http = (HttpsURLConnection)url.openConnection(); + + int respCode = http.getResponseCode(); + System.out.println("respCode = "+respCode); + } finally { + if (http != null) { + http.disconnect(); + } + closeReady = true; + } + } finally { + SSLContext.setDefault(reservedSSLContext); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java index 39e7c1323eb..051e1bef83b 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java @@ -24,7 +24,12 @@ /** * @test * @bug 6771432 - * @summary createSocket() - smpatch fails using 1.6.0_10 because of "Unconnected sockets not implemented" + * @summary createSocket() - smpatch fails using 1.6.0_10 because of + * "Unconnected sockets not implemented" + * @run main/othervm HttpsCreateSockTest + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import javax.net.SocketFactory; diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsPost.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsPost.java index a7ac9954a36..8d265f11c3a 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsPost.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsPost.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,10 @@ * @bug 4423074 * @summary Need to rebase all the duplicated classes from Merlin. * This test will check out http POST + * @run main/othervm HttpsPost + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import java.io.*; @@ -140,34 +144,38 @@ public class HttpsPost { * to avoid infinite hangs. */ void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - // Send HTTP POST request to server - URL url = new URL("https://localhost:"+serverPort); - - HttpsURLConnection.setDefaultHostnameVerifier( - new NameVerifier()); - HttpsURLConnection http = (HttpsURLConnection)url.openConnection(); - http.setDoOutput(true); - - http.setRequestMethod("POST"); - PrintStream ps = new PrintStream(http.getOutputStream()); + HostnameVerifier reservedHV = + HttpsURLConnection.getDefaultHostnameVerifier(); try { - ps.println(postMsg); - ps.flush(); - if (http.getResponseCode() != 200) { - throw new RuntimeException("test Failed"); + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); + } + + // Send HTTP POST request to server + URL url = new URL("https://localhost:"+serverPort); + + HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); + HttpsURLConnection http = (HttpsURLConnection)url.openConnection(); + http.setDoOutput(true); + + http.setRequestMethod("POST"); + PrintStream ps = new PrintStream(http.getOutputStream()); + try { + ps.println(postMsg); + ps.flush(); + if (http.getResponseCode() != 200) { + throw new RuntimeException("test Failed"); + } + } finally { + ps.close(); + http.disconnect(); + closeReady = true; } } finally { - ps.close(); - http.disconnect(); - closeReady = true; + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java index cc518c28064..dc50bc9f2ba 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java @@ -25,6 +25,9 @@ * @test * @bug 6670868 * @summary StackOverFlow with bad authenticated Proxy tunnels + * @run main/othervm HttpsProxyStackOverflow + * + * No way to reserve default Authenticator, need to run in othervm mode. */ import java.io.IOException; diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java index 41ad61fcaae..a32e77523fc 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java @@ -26,6 +26,9 @@ * @bug 6614957 * @summary HttpsURLConnection not using the set SSLSocketFactory for creating all its Sockets * @run main/othervm HttpsSocketFacTest + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import javax.net.SocketFactory; diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java index eac73836572..88a261f81ee 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,8 +22,12 @@ */ /* @test - * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 + * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 + * @run main/othervm IPAddressDNSIdentities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -691,43 +695,48 @@ public class IPAddressDNSIdentities { * to avoid infinite hangs. */ void doClientSide() throws Exception { - SSLContext context = getSSLContext(trusedCertStr, clientCertStr, - clientModulus, clientPrivateExponent, passphrase); - - SSLContext.setDefault(context); - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - HttpsURLConnection http = null; - - /* establish http connection to server */ - URL url = new URL("https://127.0.0.1:" + serverPort+"/"); - System.out.println("url is "+url.toString()); - + SSLContext reservedSSLContext = SSLContext.getDefault(); try { - http = (HttpsURLConnection)url.openConnection(); + SSLContext context = getSSLContext(trusedCertStr, clientCertStr, + clientModulus, clientPrivateExponent, passphrase); - int respCode = http.getResponseCode(); - System.out.println("respCode = " + respCode); + SSLContext.setDefault(context); - throw new Exception("Unexpectly found subject alternative name " + - "matching IP address"); - } catch (SSLHandshakeException sslhe) { - // no subject alternative names matching IP address 127.0.0.1 found - // that's the expected exception, ignore it. - } catch (IOException ioe) { - // HttpsClient may throw IOE during checking URL spoofing, - // that's the expected exception, ignore it. - } finally { - if (http != null) { - http.disconnect(); + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); } - closeReady = true; + + HttpsURLConnection http = null; + + /* establish http connection to server */ + URL url = new URL("https://127.0.0.1:" + serverPort+"/"); + System.out.println("url is "+url.toString()); + + try { + http = (HttpsURLConnection)url.openConnection(); + + int respCode = http.getResponseCode(); + System.out.println("respCode = " + respCode); + + throw new Exception("Unexpectly found " + + "subject alternative name matching IP address"); + } catch (SSLHandshakeException sslhe) { + // no subject alternative names matching IP address 127.0.0.1 + // found that's the expected exception, ignore it. + } catch (IOException ioe) { + // HttpsClient may throw IOE during checking URL spoofing, + // that's the expected exception, ignore it. + } finally { + if (http != null) { + http.disconnect(); + } + closeReady = true; + } + } finally { + SSLContext.setDefault(reservedSSLContext); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java index 16952337204..2fc92a254c9 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,10 @@ /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 + * @run main/othervm IPAddressIPIdentities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -692,34 +696,39 @@ public class IPAddressIPIdentities { * to avoid infinite hangs. */ void doClientSide() throws Exception { - SSLContext context = getSSLContext(trusedCertStr, clientCertStr, - clientModulus, clientPrivateExponent, passphrase); - - SSLContext.setDefault(context); - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - HttpsURLConnection http = null; - - /* establish http connection to server */ - URL url = new URL("https://127.0.0.1:" + serverPort+"/"); - System.out.println("url is "+url.toString()); - + SSLContext reservedSSLContext = SSLContext.getDefault(); try { - http = (HttpsURLConnection)url.openConnection(); + SSLContext context = getSSLContext(trusedCertStr, clientCertStr, + clientModulus, clientPrivateExponent, passphrase); - int respCode = http.getResponseCode(); - System.out.println("respCode = "+respCode); - } finally { - if (http != null) { - http.disconnect(); + SSLContext.setDefault(context); + + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); } - closeReady = true; + + HttpsURLConnection http = null; + + /* establish http connection to server */ + URL url = new URL("https://127.0.0.1:" + serverPort+"/"); + System.out.println("url is "+url.toString()); + + try { + http = (HttpsURLConnection)url.openConnection(); + + int respCode = http.getResponseCode(); + System.out.println("respCode = "+respCode); + } finally { + if (http != null) { + http.disconnect(); + } + closeReady = true; + } + } finally { + SSLContext.setDefault(reservedSSLContext); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java index 632fa15c2f8..1d93e9c6ed6 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,10 @@ /* @test * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 + * @run main/othervm IPIdentities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -692,34 +696,38 @@ public class IPIdentities { * to avoid infinite hangs. */ void doClientSide() throws Exception { - SSLContext context = getSSLContext(trusedCertStr, clientCertStr, - clientModulus, clientPrivateExponent, passphrase); - - SSLContext.setDefault(context); - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - HttpsURLConnection http = null; - - /* establish http connection to server */ - URL url = new URL("https://localhost:" + serverPort+"/"); - System.out.println("url is "+url.toString()); - + SSLContext reservedSSLContext = SSLContext.getDefault(); try { - http = (HttpsURLConnection)url.openConnection(); + SSLContext context = getSSLContext(trusedCertStr, clientCertStr, + clientModulus, clientPrivateExponent, passphrase); + SSLContext.setDefault(context); - int respCode = http.getResponseCode(); - System.out.println("respCode = "+respCode); - } finally { - if (http != null) { - http.disconnect(); + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); } - closeReady = true; + + HttpsURLConnection http = null; + + /* establish http connection to server */ + URL url = new URL("https://localhost:" + serverPort+"/"); + System.out.println("url is "+url.toString()); + + try { + http = (HttpsURLConnection)url.openConnection(); + + int respCode = http.getResponseCode(); + System.out.println("respCode = "+respCode); + } finally { + if (http != null) { + http.disconnect(); + } + closeReady = true; + } + } finally { + SSLContext.setDefault(reservedSSLContext); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java index 49928051653..e7396d5f339 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,8 +22,12 @@ */ /* @test - * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 * @bug 6766775 + * @summary X509 certificate hostname checking is broken in JDK1.6.0_10 + * @run main/othervm Identities + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Xuelei Fan */ @@ -691,34 +695,39 @@ public class Identities { * to avoid infinite hangs. */ void doClientSide() throws Exception { - SSLContext context = getSSLContext(trusedCertStr, clientCertStr, - clientModulus, clientPrivateExponent, passphrase); - - SSLContext.setDefault(context); - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - HttpsURLConnection http = null; - - /* establish http connection to server */ - URL url = new URL("https://localhost:" + serverPort+"/"); - System.out.println("url is "+url.toString()); - + SSLContext reservedSSLContext = SSLContext.getDefault(); try { - http = (HttpsURLConnection)url.openConnection(); + SSLContext context = getSSLContext(trusedCertStr, clientCertStr, + clientModulus, clientPrivateExponent, passphrase); - int respCode = http.getResponseCode(); - System.out.println("respCode = "+respCode); - } finally { - if (http != null) { - http.disconnect(); + SSLContext.setDefault(context); + + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); } - closeReady = true; + + HttpsURLConnection http = null; + + /* establish http connection to server */ + URL url = new URL("https://localhost:" + serverPort+"/"); + System.out.println("url is "+url.toString()); + + try { + http = (HttpsURLConnection)url.openConnection(); + + int respCode = http.getResponseCode(); + System.out.println("respCode = "+respCode); + } finally { + if (http != null) { + http.disconnect(); + } + closeReady = true; + } + } finally { + SSLContext.setDefault(reservedSSLContext); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java index 35031ca513a..a521db2911d 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -147,44 +147,50 @@ public class PostThruProxy { static String postMsg = "Testing HTTP post on a https server"; static void doClientSide(String hostname) throws Exception { - /* - * setup up a proxy - */ - setupProxy(); - - /* - * we want to avoid URLspoofCheck failures in cases where the cert - * DN name does not match the hostname in the URL. - */ - HttpsURLConnection.setDefaultHostnameVerifier( - new NameVerifier()); - URL url = new URL("https://" + hostname+ ":" + serverPort); - - HttpsURLConnection https = (HttpsURLConnection)url.openConnection(); - https.setDoOutput(true); - https.setRequestMethod("POST"); - PrintStream ps = null; + HostnameVerifier reservedHV = + HttpsURLConnection.getDefaultHostnameVerifier(); try { - ps = new PrintStream(https.getOutputStream()); - ps.println(postMsg); - ps.flush(); - if (https.getResponseCode() != 200) { - throw new RuntimeException("test Failed"); - } - ps.close(); + /* + * setup up a proxy + */ + setupProxy(); - // clear the pipe - BufferedReader in = new BufferedReader( - new InputStreamReader( - https.getInputStream())); - String inputLine; - while ((inputLine = in.readLine()) != null) - System.out.println("Client received: " + inputLine); - in.close(); - } catch (SSLException e) { - if (ps != null) - ps.close(); - throw e; + /* + * we want to avoid URLspoofCheck failures in cases where the cert + * DN name does not match the hostname in the URL. + */ + HttpsURLConnection.setDefaultHostnameVerifier( + new NameVerifier()); + URL url = new URL("https://" + hostname+ ":" + serverPort); + + HttpsURLConnection https = (HttpsURLConnection)url.openConnection(); + https.setDoOutput(true); + https.setRequestMethod("POST"); + PrintStream ps = null; + try { + ps = new PrintStream(https.getOutputStream()); + ps.println(postMsg); + ps.flush(); + if (https.getResponseCode() != 200) { + throw new RuntimeException("test Failed"); + } + ps.close(); + + // clear the pipe + BufferedReader in = new BufferedReader( + new InputStreamReader( + https.getInputStream())); + String inputLine; + while ((inputLine = in.readLine()) != null) + System.out.println("Client received: " + inputLine); + in.close(); + } catch (SSLException e) { + if (ps != null) + ps.close(); + throw e; + } + } finally { + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java index 413ca42dd52..cfaaeb456fe 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,7 +24,13 @@ /* * @test * @bug 4811482 4700777 4905410 - * @summary sun.net.client.defaultConnectTimeout should work with HttpsURLConnection; HTTP client: Connect and read timeouts; Https needs to support new tiger features that went into http + * @summary sun.net.client.defaultConnectTimeout should work with + * HttpsURLConnection; HTTP client: Connect and read timeouts; + * Https needs to support new tiger features that went into http + * @run main/othervm ReadTimeout + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import java.io.*; @@ -143,44 +149,48 @@ public class ReadTimeout { * to avoid infinite hangs. */ void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - HttpsURLConnection http = null; + HostnameVerifier reservedHV = + HttpsURLConnection.getDefaultHostnameVerifier(); try { - URL url = new URL("https://localhost:"+serverPort); + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); + } + HttpsURLConnection http = null; + try { + URL url = new URL("https://localhost:"+serverPort); - // set read timeout through system property - System.setProperty("sun.net.client.defaultReadTimeout", "2000"); - HttpsURLConnection.setDefaultHostnameVerifier( - new NameVerifier()); - http = (HttpsURLConnection)url.openConnection(); + // set read timeout through system property + System.setProperty("sun.net.client.defaultReadTimeout", "2000"); + HttpsURLConnection.setDefaultHostnameVerifier( + new NameVerifier()); + http = (HttpsURLConnection)url.openConnection(); - InputStream is = http.getInputStream (); - } catch (SocketTimeoutException stex) { - done(); - http.disconnect(); + InputStream is = http.getInputStream (); + } catch (SocketTimeoutException stex) { + done(); + http.disconnect(); + } + + try { + URL url = new URL("https://localhost:"+serverPort); + + HttpsURLConnection.setDefaultHostnameVerifier( + new NameVerifier()); + http = (HttpsURLConnection)url.openConnection(); + // set read timeout through API + http.setReadTimeout(2000); + + InputStream is = http.getInputStream (); + } catch (SocketTimeoutException stex) { + done(); + http.disconnect(); + } + } finally { + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); } - - try { - URL url = new URL("https://localhost:"+serverPort); - - HttpsURLConnection.setDefaultHostnameVerifier( - new NameVerifier()); - http = (HttpsURLConnection)url.openConnection(); - // set read timeout through API - http.setReadTimeout(2000); - - InputStream is = http.getInputStream (); - } catch (SocketTimeoutException stex) { - done(); - http.disconnect(); - } - } static class NameVerifier implements HostnameVerifier { diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Redirect.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Redirect.java index f2764ab2c8b..276f96c6d25 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Redirect.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Redirect.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,10 @@ * @bug 4423074 * @summary Need to rebase all the duplicated classes from Merlin. * This test will check out http POST + * @run main/othervm Redirect + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import java.io.*; @@ -139,28 +143,33 @@ public class Redirect { * to avoid infinite hangs. */ void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - // Send HTTP POST request to server - URL url = new URL("https://localhost:"+serverPort); - - HttpsURLConnection.setDefaultHostnameVerifier( - new NameVerifier()); - HttpsURLConnection http = (HttpsURLConnection)url.openConnection(); + HostnameVerifier reservedHV = + HttpsURLConnection.getDefaultHostnameVerifier(); try { - System.out.println("response header: "+http.getHeaderField(0)); - if (http.getResponseCode() != 200) { - throw new RuntimeException("test Failed"); + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); + } + + // Send HTTP POST request to server + URL url = new URL("https://localhost:"+serverPort); + + HttpsURLConnection.setDefaultHostnameVerifier( + new NameVerifier()); + HttpsURLConnection http = (HttpsURLConnection)url.openConnection(); + try { + System.out.println("response header: "+http.getHeaderField(0)); + if (http.getResponseCode() != 200) { + throw new RuntimeException("test Failed"); + } + } finally { + http.disconnect(); + closeReady = true; } } finally { - http.disconnect(); - closeReady = true; + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/RetryHttps.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/RetryHttps.java index af7b9087f0e..c665af0fda7 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/RetryHttps.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/RetryHttps.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,8 +22,12 @@ */ /* @test - * @summary Https can not retry request * @bug 4799427 + * @summary Https can not retry request + * @run main/othervm RetryHttps + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Yingxian Wang */ @@ -129,36 +133,41 @@ public class RetryHttps { * to avoid infinite hangs. */ void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } + HostnameVerifier reservedHV = + HttpsURLConnection.getDefaultHostnameVerifier(); try { - HttpsURLConnection http = null; - /* establish http connection to server */ - URL url = new URL("https://localhost:" + serverPort+"/file1"); - System.out.println("url is "+url.toString()); - HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); - http = (HttpsURLConnection)url.openConnection(); - int respCode = http.getResponseCode(); - int cl = http.getContentLength(); - InputStream is = http.getInputStream (); - int count = 0; - while (is.read() != -1 && count++ < cl); - System.out.println("respCode1 = "+respCode); - Thread.sleep(2000); - url = new URL("https://localhost:" + serverPort+"/file2"); - http = (HttpsURLConnection)url.openConnection(); - respCode = http.getResponseCode(); - System.out.println("respCode2 = "+respCode); - - } catch (IOException ioex) { - if (sslServerSocket != null) - sslServerSocket.close(); - throw ioex; + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); + } + try { + HttpsURLConnection http = null; + /* establish http connection to server */ + URL url = new URL("https://localhost:" + serverPort+"/file1"); + System.out.println("url is "+url.toString()); + HttpsURLConnection.setDefaultHostnameVerifier( + new NameVerifier()); + http = (HttpsURLConnection)url.openConnection(); + int respCode = http.getResponseCode(); + int cl = http.getContentLength(); + InputStream is = http.getInputStream (); + int count = 0; + while (is.read() != -1 && count++ < cl); + System.out.println("respCode1 = "+respCode); + Thread.sleep(2000); + url = new URL("https://localhost:" + serverPort+"/file2"); + http = (HttpsURLConnection)url.openConnection(); + respCode = http.getResponseCode(); + System.out.println("respCode2 = "+respCode); + } catch (IOException ioex) { + if (sslServerSocket != null) + sslServerSocket.close(); + throw ioex; + } + } finally { + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); } } diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java index 1a2fc3eb367..4149bd4be12 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,10 @@ * @test * @bug 4474255 * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection + * @run main/othervm ComHTTPSConnection + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Brad Wetmore */ @@ -198,44 +202,50 @@ public class ComHTTPSConnection { Thread.sleep(50); } - System.setProperty("java.protocol.handler.pkgs", - "com.sun.net.ssl.internal.www.protocol"); - HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); - - URL url = new URL("https://" + "localhost:" + serverPort + - "/etc/hosts"); - URLConnection urlc = url.openConnection(); - - if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) { - throw new Exception( - "URLConnection ! instanceof " + - "com.sun.net.ssl.HttpsURLConnection"); - } - - BufferedReader in = null; + HostnameVerifier reservedHV = + HttpsURLConnection.getDefaultHostnameVerifier(); try { - in = new BufferedReader(new InputStreamReader( - urlc.getInputStream())); - String inputLine; - System.out.print("Client reading... "); - while ((inputLine = in.readLine()) != null) - System.out.println(inputLine); + System.setProperty("java.protocol.handler.pkgs", + "com.sun.net.ssl.internal.www.protocol"); + HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); - System.out.println("Cipher Suite: " + - ((HttpsURLConnection)urlc).getCipherSuite()); - X509Certificate[] certs = - ((HttpsURLConnection)urlc).getServerCertificateChain(); - for (int i = 0; i < certs.length; i++) { - System.out.println(certs[0]); + URL url = new URL("https://" + "localhost:" + serverPort + + "/etc/hosts"); + URLConnection urlc = url.openConnection(); + + if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) { + throw new Exception( + "URLConnection ! instanceof " + + "com.sun.net.ssl.HttpsURLConnection"); } - in.close(); - } catch (SSLException e) { - if (in != null) + BufferedReader in = null; + try { + in = new BufferedReader(new InputStreamReader( + urlc.getInputStream())); + String inputLine; + System.out.print("Client reading... "); + while ((inputLine = in.readLine()) != null) + System.out.println(inputLine); + + System.out.println("Cipher Suite: " + + ((HttpsURLConnection)urlc).getCipherSuite()); + X509Certificate[] certs = + ((HttpsURLConnection)urlc).getServerCertificateChain(); + for (int i = 0; i < certs.length; i++) { + System.out.println(certs[0]); + } + in.close(); - throw e; + } catch (SSLException e) { + if (in != null) + in.close(); + throw e; + } + System.out.println("Client reports: SUCCESS"); + } finally { + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); } - System.out.println("Client reports: SUCCESS"); } static class NameVerifier implements HostnameVerifier { diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java index 2122bd2d614..f0d7baca05d 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java @@ -28,6 +28,10 @@ * @bug 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required + * @run main/othervm ComHostnameVerifier + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import java.io.*; diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHTTPSConnection.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHTTPSConnection.java index a5479436de7..06b0162b570 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHTTPSConnection.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHTTPSConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,10 @@ * @test * @bug 4474255 * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection + * @run main/othervm JavaxHTTPSConnection + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Brad Wetmore */ @@ -189,47 +193,53 @@ public class JavaxHTTPSConnection { * to avoid infinite hangs. */ void doClientSide() throws Exception { - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); - URL url = new URL("https://" + "localhost:" + serverPort + - "/etc/hosts"); - URLConnection urlc = url.openConnection(); - - if (!(urlc instanceof javax.net.ssl.HttpsURLConnection)) { - throw new Exception( - "URLConnection ! instanceof javax.net.ssl.HttpsURLConnection"); - } - - BufferedReader in = null; + HostnameVerifier reservedHV = + HttpsURLConnection.getDefaultHostnameVerifier(); try { - in = new BufferedReader(new InputStreamReader( - urlc.getInputStream())); - String inputLine; - System.out.print("Client reading... "); - while ((inputLine = in.readLine()) != null) - System.out.println(inputLine); - - System.out.println("Cipher Suite: " + - ((HttpsURLConnection)urlc).getCipherSuite()); - Certificate[] certs = - ((HttpsURLConnection)urlc).getServerCertificates(); - for (int i = 0; i < certs.length; i++) { - System.out.println(certs[0]); + /* + * Wait for server to get started. + */ + while (!serverReady) { + Thread.sleep(50); } - in.close(); - } catch (SSLException e) { - if (in != null) + HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); + URL url = new URL("https://" + "localhost:" + serverPort + + "/etc/hosts"); + URLConnection urlc = url.openConnection(); + + if (!(urlc instanceof javax.net.ssl.HttpsURLConnection)) { + throw new Exception("URLConnection ! instanceof " + + "javax.net.ssl.HttpsURLConnection"); + } + + BufferedReader in = null; + try { + in = new BufferedReader(new InputStreamReader( + urlc.getInputStream())); + String inputLine; + System.out.print("Client reading... "); + while ((inputLine = in.readLine()) != null) + System.out.println(inputLine); + + System.out.println("Cipher Suite: " + + ((HttpsURLConnection)urlc).getCipherSuite()); + Certificate[] certs = + ((HttpsURLConnection)urlc).getServerCertificates(); + for (int i = 0; i < certs.length; i++) { + System.out.println(certs[0]); + } + in.close(); - throw e; + } catch (SSLException e) { + if (in != null) + in.close(); + throw e; + } + System.out.println("Client reports: SUCCESS"); + } finally { + HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); } - System.out.println("Client reports: SUCCESS"); } static class NameVerifier implements HostnameVerifier { diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java index 343bfbe2119..ac9b80437b7 100644 --- a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java @@ -28,6 +28,10 @@ * @bug 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required + * @run main/othervm JavaxHostnameVerifier + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ import java.io.*; diff --git a/jdk/test/sun/security/ssl/templates/SSLEngineTemplate.java b/jdk/test/sun/security/ssl/templates/SSLEngineTemplate.java index 57ced152d8f..e5056c9d472 100644 --- a/jdk/test/sun/security/ssl/templates/SSLEngineTemplate.java +++ b/jdk/test/sun/security/ssl/templates/SSLEngineTemplate.java @@ -25,7 +25,10 @@ * @test * @bug 1234567 * @summary SSLEngine has not yet caused Solaris kernel to panic + * @run main/othervm SSLEngineTemplate * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. */ /** diff --git a/jdk/test/sun/security/ssl/templates/SSLSocketTemplate.java b/jdk/test/sun/security/ssl/templates/SSLSocketTemplate.java index 743c9914324..244b80444db 100644 --- a/jdk/test/sun/security/ssl/templates/SSLSocketTemplate.java +++ b/jdk/test/sun/security/ssl/templates/SSLSocketTemplate.java @@ -25,6 +25,10 @@ * @test * @bug 1234567 * @summary Use this template to help speed your client/server tests. + * @run main/othervm SSLSocketTemplate + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. * @author Brad Wetmore */ diff --git a/jdk/test/sun/security/tools/keytool/StartDateTest.java b/jdk/test/sun/security/tools/keytool/StartDateTest.java index d68561ee293..bb64480b1f0 100644 --- a/jdk/test/sun/security/tools/keytool/StartDateTest.java +++ b/jdk/test/sun/security/tools/keytool/StartDateTest.java @@ -132,7 +132,9 @@ public class StartDateTest { static Date getIssueDate() throws Exception { KeyStore ks = KeyStore.getInstance("jks"); - ks.load(new FileInputStream("jks"), "changeit".toCharArray()); + try (FileInputStream fis = new FileInputStream("jks")) { + ks.load(fis, "changeit".toCharArray()); + } X509Certificate cert = (X509Certificate)ks.getCertificate("me"); return cert.getNotBefore(); } diff --git a/jdk/test/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java b/jdk/test/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java index 747d090bed0..b1ce9b795c7 100644 --- a/jdk/test/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java +++ b/jdk/test/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java @@ -24,9 +24,12 @@ /* * @test * @bug 4162868 + * @run main/othervm ExtensibleAlgorithmId * @summary Algorithm Name-to-OID mapping needs to be made extensible. */ +// Run in othervm, coz AlgorithmId.oidTable is only initialized once + import java.security.*; import sun.security.x509.AlgorithmId;