Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update SunJSSE fully qualified name for test cases #854

Merged
merged 1 commit into from
Dec 17, 2024
+19 −19
Merged

Update SunJSSE fully qualified name for test cases #854

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions closed/test/jdk/openj9/internal/security/property-java.security
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ RestrictedSecurity.TestBase.Version.jce.certpath.disabledAlgorithms =
RestrictedSecurity.TestBase.Version.jce.legacyAlgorithms =
RestrictedSecurity.TestBase.Version.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.TestBase.Version.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.TestBase.Version.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.TestBase.Version.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't a change to RestrictedSecurity.TestBase.Version.desc.hash required because of this update?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the TestProperties.java file, all profiles except for Test-Profile-SameStartWithoutVersion are designed to test error messages. In these profiles, the error message is returned before the hash value is checked, so the hash value is not used.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be helpful to have comments to that effect directly in the property files and perhaps specify hashes of all zeros if they are not meaningful.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or they could say something like this:

RestrictedSecurity.Test-Profile.Base.desc.hash = SHA256:not-checked

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we don’t use these hash values, I think it’s fine to just leave them as they are. However, if we do want to make them more readable, like changing them to "SHA256:not-checked", I can update this by creating another PR. For two reasons:

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deferring to a separate pull request is fine, but please create an issue to track that work and the suggestions in ibmruntimes/openj9-openjdk-jdk8#784.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue created: https://github.ibm.com/runtimes/jit-crypto/issues/615

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please create an issue in a public repository, perhaps at https://github.com/eclipse-openj9/openj9/issues.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue eclipse-openj9/openj9#20815 created.


RestrictedSecurity.TestBase.Version.javax.net.ssl.keyStore = NONE
RestrictedSecurity.TestBase.Version.securerandom.provider = OpenJCEPlusFIPS
Expand All @@ -50,7 +50,7 @@ RestrictedSecurity.TestBase.Version-Extended.tls.disabledAlgorithms =
RestrictedSecurity.TestBase.Version-Extended.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.TestBase.Version-Extended.jce.provider.2 = sun.security.rsa.SunRsaSign
RestrictedSecurity.TestBase.Version-Extended.jce.provider.3 = sun.security.ec.SunEC
RestrictedSecurity.TestBase.Version-Extended.jce.provider.4 = sun.security.ssl.SunJSSE
RestrictedSecurity.TestBase.Version-Extended.jce.provider.4 = com.sun.net.ssl.internal.ssl.Provider
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, shouldn't RestrictedSecurity.Test-Profile.Base.desc.hash also need to change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above, in the TestProperties.java file, all profiles except for Test-Profile-SameStartWithoutVersion are designed to test error messages. In these profiles, the error message is returned before the hash value is checked, so the hash value is not used.

RestrictedSecurity.TestBase.Version-Extended.jce.provider.5 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.TestBase.Version-Extended.jce.provider.6 = sun.security.jgss.SunProvider
RestrictedSecurity.TestBase.Version-Extended.jce.provider.7 = com.sun.security.sasl.Provider
Expand All @@ -76,7 +76,7 @@ RestrictedSecurity.Test-Profile.Base.tls.disabledAlgorithmsWrongTypo =

RestrictedSecurity.Test-Profile.Base.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile.Base.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile.Base.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.Base.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider

RestrictedSecurity.Test-Profile.Base.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile.Base.securerandom.algorithm = SHA512DRBG
Expand All @@ -94,7 +94,7 @@ RestrictedSecurity.Test-Profile.Extended_1.jce.provider.1 = sun.security.provide
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile.Extended_1.jce.providerWrongTypo = sun.security.rsa.SunRsaSign
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.4 = sun.security.ec.SunEC
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.5 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.5 = com.sun.net.ssl.internal.ssl.Provider

#
# Test-Profile.Extended_2
Expand Down Expand Up @@ -127,7 +127,7 @@ RestrictedSecurity.Test-Profile-MultiDefault.Base.fips.mode = 140-3

RestrictedSecurity.Test-Profile-MultiDefault.Base.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile-MultiDefault.Base.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile-MultiDefault.Base.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile-MultiDefault.Base.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider

RestrictedSecurity.Test-Profile-MultiDefault.Base.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-MultiDefault.Base.securerandom.algorithm = SHA512DRBG
Expand Down Expand Up @@ -253,7 +253,7 @@ RestrictedSecurity.Test-Profile-SetProperty.Base.tls.ephemeralDHKeySize =
RestrictedSecurity.Test-Profile-SetProperty.Base.jce.certpath.disabledAlgorithms =
RestrictedSecurity.Test-Profile-SetProperty.Base.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile-SetProperty.Base.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile-SetProperty.Base.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile-SetProperty.Base.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider

RestrictedSecurity.Test-Profile-SetProperty.Base.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-SetProperty.Base.securerandom.algorithm = SHA512DRBG
Expand Down Expand Up @@ -533,15 +533,15 @@ RestrictedSecurity.Test-Profile-ConstraintChanged_3.Base.securerandom.algorithm
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.name = Test-Profile-SameStartWithoutVersion
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.default = true
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.fips = true
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.hash = SHA256:2c893d75043da09c3dba8d8b24cb71dc1c7ceac5fb8bf362a35847418a933a06
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.hash = SHA256:92693ffabd97694f750d645934cb6d0d3f13e4cade30070fd2479b7b9bcb7f42
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.number = Certificate #XXX
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.sunsetDate = 2026-09-21
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.fips.mode = 140-3

RestrictedSecurity.Test-Profile-SameStartWithoutVersion.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider

RestrictedSecurity.Test-Profile-SameStartWithoutVersion.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.securerandom.algorithm = SHA512DRBG
Expand All @@ -557,7 +557,7 @@ RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.fips.mode = 140-3

RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider

RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.securerandom.algorithm = SHA512DRBG
20 changes: 10 additions & 10 deletions closed/test/jdk/openj9/internal/security/provider-java.security
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
RestrictedSecurity.TestBase.Version.desc.name = Test Base Profile
RestrictedSecurity.TestBase.Version.desc.default = false
RestrictedSecurity.TestBase.Version.desc.fips = true
RestrictedSecurity.TestBase.Version.desc.hash = SHA256:0ca32676ac2ae92d0469cbf293f3a69416c5d0312c80473319452f4d6995d234
RestrictedSecurity.TestBase.Version.desc.hash = SHA256:24859dcd916c3d301c0a8d0a58f96f7c3a493cadad48ff1c91a5151f2cdd2d49
RestrictedSecurity.TestBase.Version.desc.number = Certificate #XXX
RestrictedSecurity.TestBase.Version.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/
RestrictedSecurity.TestBase.Version.desc.sunsetDate = 2026-09-21
Expand All @@ -36,7 +36,7 @@ RestrictedSecurity.TestBase.Version.jce.certpath.disabledAlgorithms =
RestrictedSecurity.TestBase.Version.jce.legacyAlgorithms =
RestrictedSecurity.TestBase.Version.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.TestBase.Version.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.TestBase.Version.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.TestBase.Version.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider

RestrictedSecurity.TestBase.Version.javax.net.ssl.keyStore = NONE
RestrictedSecurity.TestBase.Version.securerandom.provider = OpenJCEPlusFIPS
Expand All @@ -50,7 +50,7 @@ RestrictedSecurity.TestBase.Version-Extended.tls.disabledAlgorithms =
RestrictedSecurity.TestBase.Version-Extended.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.TestBase.Version-Extended.jce.provider.2 = sun.security.rsa.SunRsaSign
RestrictedSecurity.TestBase.Version-Extended.jce.provider.3 = sun.security.ec.SunEC
RestrictedSecurity.TestBase.Version-Extended.jce.provider.4 = sun.security.ssl.SunJSSE
RestrictedSecurity.TestBase.Version-Extended.jce.provider.4 = com.sun.net.ssl.internal.ssl.Provider
RestrictedSecurity.TestBase.Version-Extended.jce.provider.5 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.TestBase.Version-Extended.jce.provider.6 = sun.security.jgss.SunProvider
RestrictedSecurity.TestBase.Version-Extended.jce.provider.7 = com.sun.security.sasl.Provider
Expand Down Expand Up @@ -82,7 +82,7 @@ RestrictedSecurity.Test-Profile.Updated_2.extends = RestrictedSecurity.TestBase.
RestrictedSecurity.Test-Profile.Updated_2.tls.disabledAlgorithms =

RestrictedSecurity.Test-Profile.Updated_2.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile.Updated_2.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.Updated_2.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider

#
# Test-Profile.Updated_3
Expand All @@ -97,7 +97,7 @@ RestrictedSecurity.Test-Profile.Updated_3.jce.provider.1 = sun.security.provider
RestrictedSecurity.Test-Profile.Updated_3.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile.Updated_3.jce.provider.3 =
RestrictedSecurity.Test-Profile.Updated_3.jce.provider.4 = sun.security.ec.SunEC
RestrictedSecurity.Test-Profile.Updated_3.jce.provider.5 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.Updated_3.jce.provider.5 = com.sun.net.ssl.internal.ssl.Provider

#
# Test-Profile.Updated_4
Expand All @@ -111,7 +111,7 @@ RestrictedSecurity.Test-Profile.Updated_4.tls.disabledAlgorithms =
RestrictedSecurity.Test-Profile.Updated_4.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile.Updated_4.jce.provider.2 =
RestrictedSecurity.Test-Profile.Updated_4.jce.provider.3 = sun.security.ec.SunEC
RestrictedSecurity.Test-Profile.Updated_4.jce.provider.4 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.Updated_4.jce.provider.4 = com.sun.net.ssl.internal.ssl.Provider

#
# Test-Profile.Base
Expand All @@ -124,7 +124,7 @@ RestrictedSecurity.Test-Profile.Base.tls.disabledAlgorithms =

RestrictedSecurity.Test-Profile.Base.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile.Base.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile.Base.jce.provider.4 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.Base.jce.provider.4 = com.sun.net.ssl.internal.ssl.Provider

#
# Test-Profile.Extended_1
Expand All @@ -138,7 +138,7 @@ RestrictedSecurity.Test-Profile.Extended_1.tls.disabledAlgorithms =
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.3 = sun.security.rsa.SunRsaSign
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.5 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.Extended_1.jce.provider.5 = com.sun.net.ssl.internal.ssl.Provider

#
# Test-Profile.Extended_2
Expand All @@ -163,7 +163,7 @@ RestrictedSecurity.Test-Profile.BaseOneProviderEmpty.tls.disabledAlgorithms =
RestrictedSecurity.Test-Profile.BaseOneProviderEmpty.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile.BaseOneProviderEmpty.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile.BaseOneProviderEmpty.jce.provider.3 =
RestrictedSecurity.Test-Profile.BaseOneProviderEmpty.jce.provider.4 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.BaseOneProviderEmpty.jce.provider.4 = com.sun.net.ssl.internal.ssl.Provider

#
# Test-Profile.ExtendedOneProviderEmpty
Expand All @@ -176,7 +176,7 @@ RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.tls.disabledAlgorithms

RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.jce.provider.3 = sun.security.ssl.SunJSSE
RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.jce.provider.3 = com.sun.net.ssl.internal.ssl.Provider
RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.jce.provider.4 = sun.security.ec.SunEC
RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.jce.provider.5 =
RestrictedSecurity.Test-Profile.ExtendedOneProviderEmpty.jce.provider.6 = sun.security.pkcs11.SunPKCS11
Expand Down