Updated tests

KostasTsiounis · KostasTsiounis · commit 7ad9a11951c5 · 2025-02-12T11:56:30.000-05:00
diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
@@ -855,7 +855,6 @@ boolean isRestrictedServiceAllowed(Service service, boolean isServiceAdded) {
                 // See if a regex for accepted uses has been specified and apply
                 // it to the call stack.
                 if (!isServiceAdded && !isNullOrBlank(cAcceptedUses)) {
-                    cAcceptedUses = cAcceptedUses.substring(1);
                     String[] optionAndValue = cAcceptedUses.split(":");
                     if (optionAndValue.length != 2) {
                         printStackTraceAndExit("Incorrect specification of accepted uses in constraint: " + constraint);
@@ -1521,7 +1520,7 @@ private void setConstraints(String providerName, String providerInfo, boolean pr
             final String typeRE = "\\w+";
             final String algoRE = "[A-Za-z0-9./_-]+";
             final String attrRE = "[A-Za-z0-9=*|.:]+";
-            final String usesRE = "[A-Za-z0-9._:/]+";
+            final String usesRE = "[A-Za-z0-9._:/$]+";
             final String consRE = "\\{(" + typeRE + "),(" + algoRE + "),(" + attrRE + ")(," + usesRE + ")?\\}";
             p = Pattern.compile(
                 "\\["
@@ -1545,7 +1544,7 @@ private void setConstraints(String providerName, String providerInfo, boolean pr
                 String inType = m.group(1);
                 String inAlgorithm = m.group(2);
                 String inAttributes = m.group(3);
-                String inAcceptedUses = m.group(4);
+                String inAcceptedUses = m.group(4).substring(1);
 
                 // Each attribute must includes 2 fields (key and value) or *.
                 if (!isAsterisk(inAttributes)) {
diff --git a/closed/test/jdk/openj9/internal/security/TestConstraintsFailure.java b/closed/test/jdk/openj9/internal/security/TestConstraintsFailure.java
@@ -0,0 +1,183 @@
+/*
+ * ===========================================================================
+ * (c) Copyright IBM Corp. 2025, 2025 All Rights Reserved
+ * ===========================================================================
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * IBM designates this particular file as subject to the "Classpath" exception
+ * as provided by IBM in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * ===========================================================================
+ */
+
+/*
+ * @test
+ * @summary Test Restricted Security Mode Constraints
+ * @library /test/lib
+ * @run junit TestConstraintsFailure
+ */
+
+import java.security.AlgorithmParameterGenerator;
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.Signature;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertStore;
+import java.security.cert.CertificateFactory;
+
+import javax.crypto.Cipher;
+//import javax.crypto.KDF;
+import javax.crypto.KeyAgreement;
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKeyFactory;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+
+public class TestConstraintsFailure {
+
+    private static void getInstances() throws NoSuchAlgorithmException {
+        try {
+            CertificateFactory.getInstance("X.509");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            CertPathValidator.getInstance("PKIX");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            MessageDigest.getInstance("SHA-256");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            KeyStore.getInstance("PKCS12");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+
+        try {
+            Signature.getInstance("SHA256withECDSA");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            KeyPairGenerator.getInstance("EC");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            KeyAgreement.getInstance("ECDH");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            KeyFactory.getInstance("EC");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+
+        try {
+            Cipher.getInstance("RSA");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            KeyGenerator.getInstance("AES");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            AlgorithmParameterGenerator.getInstance("DiffieHellman");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+
+        // Still a preview, but can be enabled in future versions.
+        /*try {
+            KDF.getInstance("HKDF-SHA256");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }*/
+
+        try {
+            SecretKeyFactory.getInstance("PBEWithMD5AndDES");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            Mac.getInstance("HmacSHA256");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+
+        try {
+            KeyManagerFactory.getInstance("SunX509");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            TrustManagerFactory.getInstance("SunX509");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+        try {
+            SSLContext.getInstance("TLSv1.3");
+            throw new RuntimeException("A NoSuchAlgorithmException should have been thrown");
+        } catch(NoSuchAlgorithmException nsae) {
+            // Do nothing. This is expected.
+        }
+    }
+
+    @Test
+    public void runWithConstraints() {
+        OutputAnalyzer outputAnalyzer = ProcessTools.executeTestJava(
+                "-Dsemeru.customprofile=RestrictedSecurity.TestConstraints.Version",
+                "-Djava.security.properties=" + System.getProperty("test.src") + "/constraints-java.security",
+                "TestConstraintsFailure"
+        );
+        outputAnalyzer.reportDiagnosticSummary();
+        outputAnalyzer.shouldHaveExitValue(0);
+    }
+
+    public static void main(String[] args) throws NoSuchAlgorithmException {
+        getInstances();
+    }
+}
diff --git a/closed/test/jdk/openj9/internal/security/TestConstraintsSuccess.java b/closed/test/jdk/openj9/internal/security/TestConstraintsSuccess.java
@@ -1,6 +1,6 @@
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2024, 2024 All Rights Reserved
+ * (c) Copyright IBM Corp. 2025, 2025 All Rights Reserved
  * ===========================================================================
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,21 +26,22 @@
  * @test
  * @summary Test Restricted Security Mode Constraints
  * @library /test/lib
- * @run junit TestConstraints
+ * @run junit TestConstraintsSuccess
  */
 
-import java.lang.module.Configuration;
 import java.security.AlgorithmParameterGenerator;
 import java.security.KeyFactory;
 import java.security.KeyPairGenerator;
 import java.security.KeyStore;
 import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.security.Signature;
 import java.security.cert.CertPathValidator;
 import java.security.cert.CertStore;
 import java.security.cert.CertificateFactory;
 
 import javax.crypto.Cipher;
+//import javax.crypto.KDF;
 import javax.crypto.KeyAgreement;
 import javax.crypto.KeyGenerator;
 import javax.crypto.Mac;
@@ -52,12 +53,10 @@
 import jdk.test.lib.process.OutputAnalyzer;
 import jdk.test.lib.process.ProcessTools;
 
-public class TestConstraints {
+public class TestConstraintsSuccess {
 
-    private static void getInstances() {
+    private static void getInstances() throws NoSuchAlgorithmException {
         CertificateFactory.getInstance("X.509");
-        //CertStore.getInstance("Collection");
-        //Configuration.getInstance("JavaLoginConfig");
         CertPathValidator.getInstance("PKIX");
         MessageDigest.getInstance("SHA-256");
         KeyStore.getInstance("PKCS12");
@@ -70,7 +69,10 @@ private static void getInstances() {
         Cipher.getInstance("RSA");
         KeyGenerator.getInstance("AES");
         AlgorithmParameterGenerator.getInstance("DiffieHellman");
-        KDF.getInstance("HKDF-SHA256");
+        
+        // Still a preview, but can be enabled in future versions.
+        // KDF.getInstance("HKDF-SHA256");
+
         SecretKeyFactory.getInstance("PBEWithMD5AndDES");
         Mac.getInstance("HmacSHA256");
 
@@ -84,13 +86,13 @@ public void runWithConstraints() {
         OutputAnalyzer outputAnalyzer = ProcessTools.executeTestJava(
                 "-Dsemeru.customprofile=RestrictedSecurity.TestConstraints.Version",
                 "-Djava.security.properties=" + System.getProperty("test.src") + "/constraints-java.security",
-                "TestProperties"
+                "TestConstraintsSuccess"
         );
         outputAnalyzer.reportDiagnosticSummary();
         outputAnalyzer.shouldHaveExitValue(0);
     }
 
-    public static void main(String[] args) {
+    public static void main(String[] args) throws NoSuchAlgorithmException {
         getInstances();
     }
 }
diff --git a/closed/test/jdk/openj9/internal/security/constraints-java.security b/closed/test/jdk/openj9/internal/security/constraints-java.security
@@ -27,36 +27,36 @@ RestrictedSecurity.TestConstraints.Version.desc.policy =
 RestrictedSecurity.TestConstraints.Version.fips.mode = test
 
 RestrictedSecurity.TestConstraints.Version.jce.provider.1 = sun.security.provider.Sun [ \
-    {CertificateFactory, X.509, *, FullClassName:TestConstraints}, \
-    {CertStore, Collection, *, FullClassName:TestConstraints}, \
-    {Configuration, JavaLoginConfig, *, FullClassName:TestConstraints}, \
-    {CertPathBuilder, PKIX, *, FullClassName:TestConstraints}, \
-    {CertPathValidator, PKIX, *, FullClassName:TestConstraints}, \
-    {SecureRandom, SHA1PRNG, *, FullClassName:TestConstraints}, \
-    {MessageDigest, SHA-256, *, FullClassName:TestConstraints}, \
-    {KeyStore, PKCS12, *, FullClassName:TestConstraints}]
+    {CertificateFactory, X.509, *, FullClassName:TestConstraintsSuccess}, \
+    {CertStore, Collection, *, FullClassName:TestConstraintsSuccess}, \
+    {Configuration, JavaLoginConfig, *, FullClassName:TestConstraintsSuccess}, \
+    {CertPathBuilder, PKIX, *, FullClassName:TestConstraintsSuccess}, \
+    {CertPathValidator, PKIX, *, FullClassName:TestConstraintsSuccess}, \
+    {SecureRandom, SHA1PRNG, *, FullClassName:TestConstraintsSuccess}, \
+    {MessageDigest, SHA-256, *, FullClassName:TestConstraintsSuccess}, \
+    {KeyStore, PKCS12, *, FullClassName:TestConstraintsSuccess}]
 RestrictedSecurity.TestConstraints.Version.jce.provider.2 = sun.security.ec.SunEC [ \
-    {AlgorithmParameters, EC, *, ModuleAndFullClassName:java.base/sun.security.ec.SunEC}, \
-    {Signature, SHA256withECDSA, *, FullClassName:TestConstraints}, \
-    {KeyPairGenerator, EC, *, FullClassName:TestConstraints}, \
-    {KeyAgreement, ECDH, *, FullClassName:TestConstraints}, \
-    {KeyFactory, EC, *, FullClassName:TestConstraints}]
+    {AlgorithmParameters, EC, *, ModuleAndFullClassName:java.base/java.security.KeyPairGenerator}, \
+    {Signature, SHA256withECDSA, *, FullClassName:TestConstraintsSuccess}, \
+    {KeyPairGenerator, EC, *, FullClassName:TestConstraintsSuccess}, \
+    {KeyAgreement, ECDH, *, FullClassName:TestConstraintsSuccess}, \
+    {KeyFactory, EC, *, FullClassName:TestConstraintsSuccess}]
 RestrictedSecurity.TestConstraints.Version.jce.provider.3 = com.sun.crypto.provider.SunJCE [ \
-    {Cipher, RSA, *, FullClassName:TestConstraints}, \
-    {KeyGenerator, AES, *, FullClassName:TestConstraints}, \
-    {AlgorithmParameterGenerator, DiffieHellman, *, FullClassName:TestConstraints}, \
-    {KDF, HKDF-SHA256, *, FullClassName:TestConstraints}, \
-    {SecretKeyFactory, PBEWithMD5AndDES, *, FullClassName:TestConstraints}, \
-    {Mac, HmacSHA256, *, FullClassName:TestConstraints}, \
+    {Cipher, RSA, *, FullClassName:TestConstraintsSuccess}, \
+    {KeyGenerator, AES, *, FullClassName:TestConstraintsSuccess}, \
+    {AlgorithmParameterGenerator, DiffieHellman, *, FullClassName:TestConstraintsSuccess}, \
+    {KDF, HKDF-SHA256, *, FullClassName:TestConstraintsSuccess}, \
+    {SecretKeyFactory, PBEWithMD5AndDES, *, FullClassName:TestConstraintsSuccess}, \
+    {Mac, HmacSHA256, *, FullClassName:TestConstraintsSuccess}, \
     {AlgorithmParameters, PBES2, *, ModuleAndFullClassName:java.base/sun.security.pkcs12.PKCS12KeyStore}, \
     {AlgorithmParameters, PBEWithHmacSHA256AndAES_256, *, ModuleAndFullClassName:java.base/sun.security.pkcs12.PKCS12KeyStore}, \
     {SecretKeyFactory, PBEWithMD5AndDES, *, ModuleAndFullClassName:java.base/sun.security.pkcs12.PKCS12KeyStore}, \
     {Cipher, PBEWithHmacSHA256AndAES_256, *, ModuleAndFullClassName:java.base/sun.security.pkcs12.PKCS12KeyStore}, \
     {Mac, HmacPBESHA256, *, ModuleAndFullClassName:java.base/sun.security.pkcs12.PKCS12KeyStore}]
 RestrictedSecurity.TestConstraints.Version.jce.provider.4 = sun.security.ssl.SunJSSE [ \
-    {KeyManagerFactory, SunX509, *, FullClassName:TestConstraints}, \
-    {TrustManagerFactory, SunX509, *, FullClassName:TestConstraints}, \
-    {SSLContext, TLSv1.3, *, FullClassName:TestConstraints}]
+    {KeyManagerFactory, SunX509, *, FullClassName:TestConstraintsSuccess}, \
+    {TrustManagerFactory, SunX509, *, FullClassName:TestConstraintsSuccess}, \
+    {SSLContext, TLSv1.3, *, FullClassName:TestConstraintsSuccess}]
 
 RestrictedSecurity.TestConstraints.Version.securerandom.provider = SUN
 RestrictedSecurity.TestConstraints.Version.securerandom.algorithm = SHA512DRBG
