7055363: jdk_security3 test target cleanup

Reviewed-by: alanb, xuelei

jdk/test/Makefile

@@ -544,7 +544,7 @@ JDK_ALL_TARGETS += jdk_security3
 jdk_security3: $(call TestDirs, com/sun/security lib/security \
                javax/security sun/security)
 	$(call SharedLibraryPermissions,sun/security)
-	$(call RunOthervmBatch)
+	$(call RunSamevmBatch)
 
 # All security tests
 jdk_security: jdk_security1 jdk_security2 jdk_security3

jdk/test/ProblemList.txt

@@ -450,73 +450,20 @@ java/rmi/server/UnicastRemoteObject/unexportObject/UnexportLeak.java generic-all
 
 # jdk_security
 
-# Filed 6986868
-sun/security/tools/jarsigner/crl.sh				generic-all
-
-# Filed 6951285, not sure how often this fails, last was Linux 64bit Fedora 9
-sun/security/krb5/auto/MaxRetries.java				generic-all
-
-# Filed 6950930, fails on windows 32bit c1 and windows 64bit
-sun/security/krb5/auto/IgnoreChannelBinding.java		windows-all
-
-# Filed 6950931, failing on all windows systems
-sun/security/tools/jarsigner/crl.sh				windows-all
-
-# Filed 6950929, only seemed to fail on solaris sparcv9 (-d64)
-#   Failed on Linux -server 32bit too, making generic
-sun/security/krb5/auto/BadKdc4.java				generic-all
-
 # Failing on Solaris i586, 3/9/2010, not a -samevm issue (jdk_security3)
 sun/security/pkcs11/Secmod/AddPrivateKey.java			solaris-i586
 sun/security/pkcs11/ec/ReadCertificates.java			solaris-i586
 sun/security/pkcs11/ec/ReadPKCS12.java				solaris-i586
 sun/security/pkcs11/ec/TestCurves.java				solaris-i586
 sun/security/pkcs11/ec/TestECDSA.java				solaris-i586
-sun/security/pkcs11/ec/TestECGenSpec.java			solaris-i586
-sun/security/pkcs11/ec/TestKeyFactory.java			solaris-i586
-
-# Failing on Solaris X64 (-d64 -server) with:
-#  GSSException: Failure unspecified at GSS-API level
-#    (Mechanism level: Specified version of key is not available (44))
-sun/security/krb5/auto/BasicKrb5Test.java			generic-all
-
-# Solaris X86 failures, readjar.jks: No such file or directory
-sun/security/tools/keytool/readjar.sh				generic-all
-
-# Fails with -ea -esa, but only on Solaris sparc? Suspect it is timing out
-sun/security/tools/keytool/standard.sh				generic-all
-
-# Fails on Solaris 10 X64, address already in use
-sun/security/krb5/auto/HttpNegotiateServer.java			generic-all
-
-# Fails on almost all platforms
-#   java.lang.UnsupportedClassVersionError: SerialTest :
-#      Unsupported major.minor version 51.0
-#    at java.lang.ClassLoader.defineClass1(Native Method)
-sun/security/util/Oid/S11N.sh					generic-all
-
-# Fails on Fedora 9 32bit
-#  GSSException: Failure unspecified at GSS-API level (Mechanism level:
-#    Invalid argument (400) - Cannot find key of appropriate type to decrypt
-#    AP REP - DES CBC mode with MD5)
-#  at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:778)
-sun/security/krb5/auto/NonMutualSpnego.java			generic-all
-
-# Fails on Solaris 10 sparc, GSSException: Failure unspecified at GSS-API level
-#   Also fails on Windows 2000 similar way
-sun/security/krb5/auto/ok-as-delegate.sh			generic-all
-
-# Fails on Windows 2000, GSSException: Failure unspecified at GSS-API level
-#    (Mechanism level: Request is a replay (34))
-sun/security/krb5/auto/ok-as-delegate-xrealm.sh			generic-all
+#sun/security/pkcs11/ec/TestECGenSpec.java			solaris-i586
+#sun/security/pkcs11/ec/TestKeyFactory.java			solaris-i586
+sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java		solaris-i586
 
-# Fails on Windows 2000, ExceptionInInitializerError
-sun/security/mscapi/AccessKeyStore.sh				generic-all
+# Directly references PKCS11 class
+sun/security/pkcs11/Provider/Absolute.java                      windows-x64
 
-# Fails on Solaris 10, KrbException: Additional pre-authentication required (25)
-sun/security/krb5/auto/basic.sh					generic-all
-
-# Fails on Fedora 9 64bit, PKCS11Exception: CKR_DEVICE_ERROR
+# Fails on Fedora 9/Ubuntu 10.04 64bit, PKCS11Exception: CKR_DEVICE_ERROR
 sun/security/pkcs11/KeyAgreement/TestDH.java			generic-all
 
 # Run too slow on Solaris 10 sparc
@@ -525,18 +472,10 @@ sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientTimeout.java s
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ServerTimeout.java solaris-sparc
 sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java solaris-sparc
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NotifyHandshakeTest.sh solaris-sparc
-sun/security/tools/keytool/AltProviderPath.sh 			solaris-sparc
 
 # Solaris 10 sparc, passed/failed confusion? java.security.ProviderException: update() failed
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java generic-all
 
-# Seem really slow on Solaris sparc, being excluded just for timing reasons
-sun/security/tools/jarsigner/AlgOptions.sh			solaris-sparc
-sun/security/tools/jarsigner/nameclash.sh			solaris-sparc
-sun/security/krb5/auto/basic.sh					solaris-sparc
-sun/security/provider/PolicyFile/getinstance/getinstance.sh	solaris-sparc
-sun/security/tools/jarsigner/samename.sh			solaris-sparc
-
 # Othervm, sparc, NoRouteToHostException: Cannot assign requested address
 sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all
 
@@ -544,49 +483,13 @@ sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all
 #    Solaris sparc and sparcv9 -server, timeout
 sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java	generic-all
 
-# Failed on solaris 10 sparc, othervm mode,  "js.jks: No such file or directory"
-#  Also, cannot verify signature on solaris i586 -server
-sun/security/tools/jarsigner/concise_jarsigner.sh		generic-all
-
 # Various failures on Linux Fedora 9 X64, othervm mode
-lib/security/cacerts/VerifyCACerts.java				generic-all
 sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/TestAllSuites.java generic-all
 sun/security/ssl/sanity/ciphersuites/CheckCipherSuites.java	generic-all
-sun/security/tools/jarsigner/oldsig.sh				generic-all
 
 # Various failures on Linux Fedora 9 X64, othervm mode
 sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java	generic-all
 
-# Solaris sparcv9: Failed to parse input emptysubject.jks: No such file or directory
-sun/security/tools/keytool/emptysubject.sh			generic-all
-
-# Fails on OpenSolaris, missing classes, slow on Solaris sparc
-sun/security/ec/TestEC.java					generic-all
-
-# Problems with windows x64
-sun/security/mscapi/IsSunMSCAPIAvailable.sh		 	windows-x64
-sun/security/mscapi/RSAEncryptDecrypt.sh		 	windows-x64
-
-# Exception in test solaris-sparc -client -server, no windows
-sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java	        solaris-all
-
-# Solaris sparc client, fails to compile?
-sun/security/pkcs11/KeyStore/SecretKeysBasic.sh 	 	solaris-all
-
-# Fails on OpenSolaris java.net.BindException: Address already in use
-sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java		generic-all
-
-# Timeout on solaris-sparcv9 or ArrayIndexOutOfBoundsException?
-sun/security/rsa/TestKeyPairGeneratorLength.java	 	solaris-all
-sun/security/rsa/TestSignatures.java			 	solaris-all
-
-# Do not seem to run on windows machines? dll missing?
-sun/security/tools/jarsigner/emptymanifest.sh		 	windows-all
-
-# Files does not exist or no encoding? solaris-sparcv9
-sun/security/tools/keytool/importreadall.sh		 	solaris-all
-sun/security/tools/keytool/selfissued.sh		 	solaris-all
-
 ############################################################################
 
 # jdk_swing (not using samevm)

jdk/test/com/sun/security/auth/login/ConfigFile/IllegalURL.java

@@ -43,8 +43,9 @@ public class IllegalURL {
     static void use(String f) throws Exception {
         System.out.println("Testing " + f  + "...");
         System.setProperty("java.security.auth.login.config", f);
-        try {
-            new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar));
+        try (FileInputStream fis =
+                new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar))) {
+            // do nothing
         } catch (Exception e) {
             System.out.println("Even old implementation does not support it. Ignored.");
             return;

jdk/test/java/security/testlibrary/Providers.java

+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Provider;
+import java.security.Security;
+
+public class Providers {
+    public static void setAt(Provider p, int pos) throws Exception {
+        if (Security.getProvider(p.getName()) != null) {
+            Security.removeProvider(p.getName());
+        }
+        if (Security.insertProviderAt(p, pos) == -1) {
+            throw new Exception("cannot setAt");
+        }
+    }
+}

jdk/test/javax/security/auth/login/LoginContext/ResetConfigModule.java

@@ -25,7 +25,6 @@
  * @test
  * @bug 4633622
  * @summary  bug in LoginContext when Configuration is subclassed
- *
  * @build ResetConfigModule ResetModule
  * @run main ResetConfigModule
  */
@@ -40,6 +39,12 @@ public class ResetConfigModule {
 
     public static void main(String[] args) throws Exception {
 
+        Configuration previousConf = Configuration.getConfiguration();
+        ClassLoader previousCL = Thread.currentThread().getContextClassLoader();
+
+        try {
+            Thread.currentThread().setContextClassLoader(
+                    ResetConfigModule.class.getClassLoader());
             Configuration.setConfiguration(new MyConfig());
 
             LoginContext lc = new LoginContext("test");
@@ -67,6 +72,10 @@ public class ResetConfigModule {
                     throw le;
                 }
             }
+        } finally {
+            Configuration.setConfiguration(previousConf);
+            Thread.currentThread().setContextClassLoader(previousCL);
+        }
     }
 }
 

jdk/test/sun/security/ec/TestEC.java

@@ -28,11 +28,13 @@
  * @library ../pkcs11
  * @library ../pkcs11/ec
  * @library ../pkcs11/sslecc
+ * @library ../../../java/security/testlibrary
  * @compile -XDignore.symbol.file TestEC.java
  * @run main TestEC
  */
 
 import java.security.Provider;
+import java.security.Security;
 
 /*
  * Leverage the collection of EC tests used by PKCS11
@@ -51,6 +53,15 @@ import java.security.Provider;
 public class TestEC {
 
     public static void main(String[] args) throws Exception {
+        ProvidersSnapshot snapshot = ProvidersSnapshot.create();
+        try {
+            main0(args);
+        } finally {
+            snapshot.restore();
+        }
+    }
+
+    public static void main0(String[] args) throws Exception {
         Provider p = new sun.security.ec.SunEC();
         System.out.println("Running tests with " + p.getName() +
             " provider...\n");
@@ -67,6 +78,11 @@ public class TestEC {
         new TestECGenSpec().main(p);
         new ReadPKCS12().main(p);
         new ReadCertificates().main(p);
+
+        // ClientJSSEServerJSSE fails on Solaris 11 when both SunEC and
+        // SunPKCS11-Solaris providers are enabled.
+        // Workaround:
+        // Security.removeProvider("SunPKCS11-Solaris");
         new ClientJSSEServerJSSE().main(p);
 
         long stop = System.currentTimeMillis();

jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java

@@ -36,7 +36,7 @@ public class NoSpnegoAsDefMech {
     public static void main(String[] argv) throws Exception {
         System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString());
         try {
-            GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
+            GSSManager.getInstance().createName("service@localhost", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
         } catch (GSSException e) {
             // This is OK, for example, krb5.conf is missing or other problems
         }

jdk/test/sun/security/pkcs11/PKCS11Test.java

@@ -72,10 +72,33 @@ public abstract class PKCS11Test {
     }
 
     public static void main(PKCS11Test test) throws Exception {
+        Provider[] oldProviders = Security.getProviders();
+        try {
             System.out.println("Beginning test run " + test.getClass().getName() + "...");
             testDefault(test);
             testNSS(test);
             testDeimos(test);
+        } finally {
+            Provider[] newProviders = Security.getProviders();
+            // Do not restore providers if nothing changed. This is especailly
+            // useful for ./Provider/Login.sh, where a SecurityManager exists.
+            if (oldProviders.length == newProviders.length) {
+                boolean found = false;
+                for (int i = 0; i<oldProviders.length; i++) {
+                    if (oldProviders[i] != newProviders[i]) {
+                        found = true;
+                        break;
+                    }
+                }
+                if (!found) return;
+            }
+            for (Provider p: newProviders) {
+                Security.removeProvider(p.getName());
+            }
+            for (Provider p: oldProviders) {
+                Security.addProvider(p);
+            }
+        }
     }
 
     public static void testDeimos(PKCS11Test test) throws Exception {
@@ -153,21 +176,21 @@ public abstract class PKCS11Test {
         return libdir;
     }
 
-    static boolean loadNSPR(String libdir) throws Exception {
-        // load NSS softoken dependencies in advance to avoid resolver issues
+    protected static void safeReload(String lib) throws Exception {
         try {
-            System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "nspr4"));
+            System.load(lib);
         } catch (UnsatisfiedLinkError e) {
-            // GLIBC problem on older linux-amd64 machines
-            if (libdir.contains("linux-amd64")) {
-                System.out.println(e);
-                System.out.println("NSS does not work on this platform, skipping.");
-                return false;
+            if (e.getMessage().contains("already loaded")) {
+                return;
+            }
         }
-            throw e;
     }
-        System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "plc4"));
-        System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "plds4"));
+
+    static boolean loadNSPR(String libdir) throws Exception {
+        // load NSS softoken dependencies in advance to avoid resolver issues
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "nspr4"));
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "plc4"));
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "plds4"));
         return true;
     }
 

jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary Test that the PKCS#11 KeyStore handles RSA, DSA, and EC keys
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm AddPrivateKey
  */
 
 import java.io.*;

jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java

@@ -27,6 +27,7 @@
  * @summary make sure we can add a trusted cert to the NSS KeyStore module
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm AddTrustedCert
  */
 
 import java.io.*;

jdk/test/sun/security/pkcs11/Secmod/Crypto.java

@@ -27,6 +27,7 @@
  * @summary verify that NSS no-db mode works correctly
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm Crypto
  */
 
 import java.util.*;

jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary make sure we can access the NSS softtoken KeyStore and use a private key
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm GetPrivateKey
  */
 
 import java.util.*;

jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary store a NSS PKCS11 PrivateKeyEntry to JKS KeyStore throws confusing NPE
  * @author Wang Weijun
  * @library ..
+ * @run main/othervm JksSetPrivateKey
  */
 
 import java.util.*;

jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java

@@ -27,6 +27,7 @@
  * @summary make sure we can access the NSS trust anchor module
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TrustAnchors
  */
 
 import java.util.*;

jdk/test/sun/security/pkcs11/SecmodTest.java

@@ -44,8 +44,8 @@ public class SecmodTest extends PKCS11Test {
         if (loadNSPR(LIBPATH) == false) {
             return false;
         }
-        System.load(LIBPATH + System.mapLibraryName("softokn3"));
-        System.load(LIBPATH + System.mapLibraryName("nssckbi"));
+        safeReload(LIBPATH + System.mapLibraryName("softokn3"));
+        safeReload(LIBPATH + System.mapLibraryName("nssckbi"));
 
         DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
         System.setProperty("pkcs11test.nss.db", DBDIR);

jdk/test/sun/security/pkcs11/ec/ReadCertificates.java

@@ -28,6 +28,7 @@
  *   and verify their signatures
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -62,7 +63,7 @@ public class ReadCertificates extends PKCS11Test {
             System.out.println("Provider does not support ECDSA, skipping...");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         random = new SecureRandom();
         factory = CertificateFactory.getInstance("X.509");

jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java

@@ -27,6 +27,7 @@
  * @summary Verify that we can parse ECPrivateKeys from PKCS#12 and use them
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -52,7 +53,7 @@ public class ReadPKCS12 extends PKCS11Test {
             System.out.println("Provider does not support ECDSA, skipping...");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         CertificateFactory factory = CertificateFactory.getInstance("X.509");
         try {

jdk/test/sun/security/pkcs11/ec/TestECDH.java

@@ -27,6 +27,7 @@
  * @summary Basic known answer test for ECDH
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -59,7 +60,7 @@ public class TestECDH extends PKCS11Test {
             System.out.println("Provider does not support ECDH, skipping");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         if (false) {
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);

jdk/test/sun/security/pkcs11/ec/TestECDSA.java

@@ -27,6 +27,7 @@
  * @summary basic test of SHA1withECDSA and NONEwithECDSA signing/verifying
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -115,7 +116,7 @@ public class TestECDSA extends PKCS11Test {
             System.out.println("ECDSA not supported, skipping");
             return;
         }
-        Security.insertProviderAt(provider, 1);
+        Providers.setAt(provider, 1);
 
         if (false) {
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", provider);

jdk/test/sun/security/pkcs11/fips/CipherTest.java

@@ -394,7 +394,8 @@ public class CipherTest {
 
     public static void main(PeerFactory peerFactory, KeyStore keyStore,
             String[] args) throws Exception {
-
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
             long time = System.currentTimeMillis();
             String relPath;
             if ((args != null) && (args.length > 0) && args[0].equals("sh")) {
@@ -423,7 +424,8 @@ public class CipherTest {
 
 //          trustManager = new AlwaysTrustManager();
             SSLContext context = SSLContext.getInstance("TLS");
-        context.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null);
+            context.init(new KeyManager[] {keyManager},
+                    new TrustManager[] {trustManager}, null);
             SSLContext.setDefault(context);
 
             CipherTest cipherTest = new CipherTest(peerFactory);
@@ -435,6 +437,9 @@ public class CipherTest {
             cipherTest.run();
             time = System.currentTimeMillis() - time;
             System.out.println("Done. (" + time + " ms)");
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
+        }
     }
 
     static abstract class PeerFactory {