jdk_security1_1 FAILED SecurityException: FIPS mode: User-specified 'jdk.certpath.disabledAlgorithms' cannot override profile definition.

[JasonFengJ9]

Failure link

From internal Test_openjdk17_j9_sanity.openjdk_x86-64_windows_fips140_3_openjceplusfips_testList_2 (win19x86-svl-rt4-1)

openjdk version "17.0.13" 2024-10-15
IBM Semeru Runtime Open Edition 17.0.13.0-m1 (build 17.0.13+10)
Eclipse OpenJ9 VM 17.0.13.0-m1 (build v0.48.0-release-8899b66789, JRE 17 Windows Server 2019 amd64-64-Bit Compressed References 20241015_811 (JIT enabled, AOT enabled)
OpenJ9   - 8899b66789
OMR      - f8f0d789a
JCL      - 8e2f05376ed based on jdk-17.0.13+10)

Rerun in Grinder - Change TARGET to run only the failed test targets

Optional info

Failure output (captured from console output)

[2024-10-07T17:31:04.962Z] variation: Mode650
[2024-10-07T17:31:06.189Z] JVM_OPTIONS:  -XX:-UseCompressedOops -Xverbosegclog  -Dsemeru.fips=true -Dsemeru.customprofile=OpenJCEPlusFIPS

[2024-10-07T17:37:04.971Z] TEST: java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java

[2024-10-07T17:37:04.976Z] STDERR:
[2024-10-07T17:37:04.976Z] java.lang.SecurityException: FIPS mode: User-specified 'jdk.certpath.disabledAlgorithms' cannot override profile definition.
[2024-10-07T17:37:04.976Z] 	at java.base/openj9.internal.security.RestrictedSecurity.checkSetSecurityProperty(RestrictedSecurity.java:441)
[2024-10-07T17:37:04.976Z] 	at java.base/java.security.Security.setProperty(Security.java:793)
[2024-10-07T17:37:04.976Z] 	at DisableRevocation.main(DisableRevocation.java:245)
[2024-10-07T17:37:04.976Z] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[2024-10-07T17:37:04.976Z] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
[2024-10-07T17:37:04.976Z] 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2024-10-07T17:37:04.976Z] 	at java.base/java.lang.reflect.Method.invoke(Method.java:575)
[2024-10-07T17:37:04.976Z] 	at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
[2024-10-07T17:37:04.976Z] 	at java.base/java.lang.Thread.run(Thread.java:857)

[2024-10-08T13:28:15.163Z] jdk_security1_1_FAILED

[github-actions]

Issue Number: 20320
Status: Open
Recommended Components: comp:jclextensions, comp:test, comp:vm
Recommended Assignees: jasonfengj9, pshipton, babsingh

[pshipton]

@jasonkatonica pls take a look. This is from 0.48 M1 testing.

[jasonkatonica]

This test is expected to fail when executed in FIPS mode since a user should not be able to set the jdk.certpath.disabledAlgorithms as this is blocked when in restricted security mode.

This test is on the excludes list however we are awaiting the merger of ibmruntimes/openj9-openjdk-jdk17#376 such that this gets ignored on Windows.

[pshipton]

The exclude list is merged now, and also included in the v0.48.0-release branch.

[github-actions]

Issue Number: 20320
Status: Closed
Actual Components: test failure, comp:crypto
Actual Assignees: No one :(
PR Assignees: No one :(