8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate

[jerboaa]

Please review this test-only backport in preparation for JDK-8340321 and JDK-8349583 backports for a crypto roadmap update. The JDK 11u patch didn't apply cleanly due to:

1. JDK-8237474 not in 8u
2. Different library paths between 11u and 8u: test/lib vs lib/security
3. Some copyright differences
4. JDK-8224650 not in 8u (see jdk/test/javax/net/ssl/templates/SSLContextTemplate.java differences. Details in 8284047: Harmonize/Standardize the SSLSocket/SSLEngine/SSLSocketSSLEngine test templates #813)

Testing:

• jdk/test/javax/net/ssl, jdk/test/sun/net/www/protocol/https and jdk/test/sun/security/ssl/ tests with the following results: Test results: passed: 267; failed: 2; error: 1. I.e. the same as for 8284047: Harmonize/Standardize the SSLSocket/SSLEngine/SSLSocketSSLEngine test templates #813. Same known failures.
• GHA

---

• I confirm that I make this contribution in accordance with the OpenJDK Interim AI Policy.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• JDK-8306015 needs maintainer approval
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Integration blocker

 ⚠️ Dependency #813 must be integrated first

Issue

• JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate (Sub-task - P4)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/820/head:pull/820
$ git checkout pull/820

Update a local copy of the PR:
$ git checkout pull/820
$ git pull https://git.openjdk.org/jdk8u-dev.git pull/820/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 820

View PR using the GUI difftool:
$ git pr show -t 820

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/820.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back sgehwolf! A progress list of the required criteria for merging this PR into pr/811 will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 00: Full (29d5b229)

[jerboaa]

GHA failures are https://bugs.openjdk.org/browse/JDK-8385585 and https://bugs.openjdk.org/browse/JDK-8385584

[vieiro]

Hi @jerboaa .

I'm running these tests (jdk/test/javax/net/ssl, jdk/test/sun/net/www/protocol/https, jdk/test/sun/security/ssl) on rhel-8 / gcc 8.5.0 and I'm getting different results:

TEST RESULT: Passed. Execution successful
--------------------------------------------------
Test results: passed: 267; failed: 3; error: 11

With the following:

• Failed:
  • javax/net/ssl/SSLSession/CheckMyTrustedKeystore.java: Need better way of reflecting the reason when a chain is rejected as untrusted.
  • javax/net/ssl/compatibility/Compatibility.java: This test is used to check the interop compatibility on JSSE among different JDK releases.
  • sun/security/ssl/X509KeyManager/PreferredKey.java: X509KeyManager implementation for NewSunX509 doesn't return most preferable key
• Errors:
  • javax/net/ssl/SSLEngine/Basics.java: Add non-blocking SSL/TLS functionality, usable with any I/O abstraction
  • javax/net/ssl/SSLEngine/CheckStatus.java: SSLEngineResult needs updating [none yet]
  • javax/net/ssl/SSLEngine/ConnectionTest.java: Add non-blocking SSL/TLS functionality, usable with any I/O abstraction
  • javax/net/ssl/SSLEngine/EngineCloseOnAlert.java: javax.net.ssl.SSLEngine does not properly handle received SSL fatal alerts
  • javax/net/ssl/SSLEngine/IllegalHandshakeMessage.java: Illegal handshake message
  • javax/net/ssl/SSLEngine/TestAllSuites.java: Add non-blocking SSL/TLS functionality, usable with any I/O abstraction Iterate through all the suites using both TLS and SSLv3, and turn SSLv2Hello off and on.
  • sun/net/www/protocol/https/HttpsURLConnection/CloseKeepAliveCached.java: SSL client sessions do not close cleanly.
  • sun/security/ssl/SSLSocketImpl/ClientTimeout.java: Socket timeouts for SSLSockets causes data corruption.
  • sun/security/ssl/SSLSocketImpl/NonAutoClose.java: When a layered SSL socket is closed, it should wait for close_notify
  • sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java: Test that creating and closing SSL Sockets without bind/connect will not leave leaking socket file descriptors
  • sun/security/ssl/SSLSocketImpl/SetClientMode.java: SSLSocket.setUseClientMode() fails to throw expected IllegalArgumentException

Any ideas how I could reproduce your results? (FWIW, I'm using -exclude:jdk/test/ProblemList.txt )

[jerboaa]

Any ideas how I could reproduce your results? (FWIW, I'm using -exclude:jdk/test/ProblemList.txt )

@vieiro You are probably missing -ignore:quiet

[jerboaa]

• sun/security/ssl/SSLSocketImpl/SetClientMode.java: SSLSocket.setUseClientMode() fails to throw expected IllegalArgumentException

That one has:

$ grep -rn '@ignore' jdk/test/ | grep SetClientMode.java
jdk/test/sun/security/ssl/SSLSocketImpl/SetClientMode.java:30: * @ignore this test does not grant to work.  The handshake may have completed

[vieiro]

Any ideas how I could reproduce your results? (FWIW, I'm using -exclude:jdk/test/ProblemList.txt )

@vieiro You are probably missing -ignore:quiet

That was it!

TEST RESULT: Passed. Execution successful
--------------------------------------------------
Test results: passed: 267; failed: 2; error: 1