8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically

[judovana]

This is intial backport of openjdk/jdk11u-dev#3222
Comapred to it:

• it do not edit CheckAllCRLs.java as it do not exists
• CertificateBuilder.java copyright header different
• addding, not modyfing library in IPIdentities.java ,
• adding import jdk.test.lib.net.URIBuilder; also in IPIdentities
• not creating sun/net/www/protocol/https/HttpsURLConnection/TEST.properties with modules declarations)
• not editing test/jdk/sun/security/ssl/Stapling/StatusResponseManager.java (not existing)
• minor context change in lib/Utils.java

It is still not perfect:

$ sh configure  --with-devkit=x86_64-linux-gnu-to-x86_64-linux-gnu/  --with-extra-cflags="-Wno-error -std=gnu90" --with-freetype=bundled --with-jtreg=/home/jvanek/git-redhat/reproducers-security/jtreg
&& make
&& make  test TEST="jdk_security"

Summary: jdk_security
FAILED: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
FAILED: sun/security/pkcs11/Provider/Login.sh
FAILED: sun/security/pkcs11/Signature/TestDSAKeyLength.java
FAILED: sun/security/ssl/Stapling/StatusResponseManager.sh
FAILED: sun/security/ssl/X509KeyManager/PreferredKey.java
FAILED: sun/security/tools/keytool/autotest.sh
TEST STATS: name=jdk_security  run=1128  pass=1122  fail=6

However:

$ git show | grep -e ^+++ 
+++ b/jdk/test/java/security/testlibrary/CertificateBuilder.java
+++ b/jdk/test/javax/net/ssl/Stapling/HttpsUrlConnClient.java
+++ b/jdk/test/javax/net/ssl/Stapling/SSLEngineWithStapling.java
+++ b/jdk/test/javax/net/ssl/Stapling/SSLSocketWithStapling.java
+++ b/jdk/test/javax/net/ssl/Stapling/StapleEnableProps.java
+++ b/jdk/test/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java

=>

...
Passed: javax/net/ssl/Stapling/HttpsUrlConnClient.java
...
Passed: javax/net/ssl/Stapling/SSLEngineWithStapling.java
...
Passed: javax/net/ssl/Stapling/SSLSocketWithStapling.java
...
Passed: javax/net/ssl/Stapling/StapleEnableProps.java

And

make  test TEST="jdk_net"
...
FAILED: sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
TEST STATS: name=jdk_net  run=460  pass=459  fail=1

WIP

---

• I confirm that I make this contribution in accordance with the OpenJDK Interim AI Policy.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8325766 needs maintainer approval

Issue

• JDK-8325766: Extend CertificateBuilder to create trust and end entity certificates programmatically (Enhancement - P4)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/829/head:pull/829
$ git checkout pull/829

Update a local copy of the PR:
$ git checkout pull/829
$ git pull https://git.openjdk.org/jdk8u-dev.git pull/829/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 829

View PR using the GUI difftool:
$ git pr show -t 829

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/829.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back jvanek! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 01: Full - Incremental (d426a066)
• 00: Full (97cfd43c)

[judovana]

Those fails also on master. Thoughts?

git branch
  8325766
  freetype2.14.3
* master

Summary: jdk_security
FAILED: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
FAILED: sun/security/pkcs11/Provider/Login.sh
FAILED: sun/security/pkcs11/Signature/TestDSAKeyLength.java
FAILED: sun/security/ssl/X509KeyManager/PreferredKey.java
FAILED: sun/security/tools/keytool/autotest.sh
TEST STATS: name=jdk_security  run=1128  pass=1123  fail=5

[gnu-andrew]

Those fails also on master. Thoughts?

git branch
  8325766
  freetype2.14.3
* master

Summary: jdk_security
FAILED: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
FAILED: sun/security/pkcs11/Provider/Login.sh
FAILED: sun/security/pkcs11/Signature/TestDSAKeyLength.java
FAILED: sun/security/ssl/X509KeyManager/PreferredKey.java
FAILED: sun/security/tools/keytool/autotest.sh
TEST STATS: name=jdk_security  run=1128  pass=1123  fail=5

Can you clarify which master?

I would just stick to the affected tests as I did. I'll look at this more closely once the 11u PR is in, but if this and the follow-on fix the failing tests in 8u, we probably want this to go to openjdk/jdk8u during rampdown as we are doing with 11u.

[judovana]

Those fails also on master. Thoughts?

git branch
  8325766
  freetype2.14.3
* master

Summary: jdk_security
FAILED: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
FAILED: sun/security/pkcs11/Provider/Login.sh
FAILED: sun/security/pkcs11/Signature/TestDSAKeyLength.java
FAILED: sun/security/ssl/X509KeyManager/PreferredKey.java
FAILED: sun/security/tools/keytool/autotest.sh
TEST STATS: name=jdk_security  run=1128  pass=1123  fail=5

Can you clarify which master?

I would just stick to the affected tests as I did. I'll look at this more closely once the 11u PR is in, but if this and the follow-on fix the failing tests in 8u, we probably want this to go to openjdk/jdk8u during rampdown as we are doing with 11u.

It definitely fixes the depending tests: #832 (comment)