7055363: jdk_security3 test target cleanup

Reviewed-by: alanb, xuelei

test/Makefile

@@ -544,7 +544,7 @@ JDK_ALL_TARGETS += jdk_security3
 jdk_security3: $(call TestDirs, com/sun/security lib/security \
                javax/security sun/security)
 	$(call SharedLibraryPermissions,sun/security)
-	$(call RunOthervmBatch)
+	$(call RunSamevmBatch)
 
 # All security tests
 jdk_security: jdk_security1 jdk_security2 jdk_security3

test/ProblemList.txt

@@ -450,73 +450,20 @@ java/rmi/server/UnicastRemoteObject/unexportObject/UnexportLeak.java generic-all
 
 # jdk_security
 
-# Filed 6986868
-sun/security/tools/jarsigner/crl.sh				generic-all
-
-# Filed 6951285, not sure how often this fails, last was Linux 64bit Fedora 9
-sun/security/krb5/auto/MaxRetries.java				generic-all
-
-# Filed 6950930, fails on windows 32bit c1 and windows 64bit
-sun/security/krb5/auto/IgnoreChannelBinding.java		windows-all
-
-# Filed 6950931, failing on all windows systems
-sun/security/tools/jarsigner/crl.sh				windows-all
-
-# Filed 6950929, only seemed to fail on solaris sparcv9 (-d64)
-#   Failed on Linux -server 32bit too, making generic
-sun/security/krb5/auto/BadKdc4.java				generic-all
-
 # Failing on Solaris i586, 3/9/2010, not a -samevm issue (jdk_security3)
 sun/security/pkcs11/Secmod/AddPrivateKey.java			solaris-i586
 sun/security/pkcs11/ec/ReadCertificates.java			solaris-i586
 sun/security/pkcs11/ec/ReadPKCS12.java				solaris-i586
 sun/security/pkcs11/ec/TestCurves.java				solaris-i586
 sun/security/pkcs11/ec/TestECDSA.java				solaris-i586
-sun/security/pkcs11/ec/TestECGenSpec.java			solaris-i586
-sun/security/pkcs11/ec/TestKeyFactory.java			solaris-i586
-
-# Failing on Solaris X64 (-d64 -server) with:
-#  GSSException: Failure unspecified at GSS-API level
-#    (Mechanism level: Specified version of key is not available (44))
-sun/security/krb5/auto/BasicKrb5Test.java			generic-all
-
-# Solaris X86 failures, readjar.jks: No such file or directory
-sun/security/tools/keytool/readjar.sh				generic-all
-
-# Fails with -ea -esa, but only on Solaris sparc? Suspect it is timing out
-sun/security/tools/keytool/standard.sh				generic-all
-
-# Fails on Solaris 10 X64, address already in use
-sun/security/krb5/auto/HttpNegotiateServer.java			generic-all
-
-# Fails on almost all platforms
-#   java.lang.UnsupportedClassVersionError: SerialTest :
-#      Unsupported major.minor version 51.0
-#    at java.lang.ClassLoader.defineClass1(Native Method)
-sun/security/util/Oid/S11N.sh					generic-all
-
-# Fails on Fedora 9 32bit
-#  GSSException: Failure unspecified at GSS-API level (Mechanism level:
-#    Invalid argument (400) - Cannot find key of appropriate type to decrypt
-#    AP REP - DES CBC mode with MD5)
-#  at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:778)
-sun/security/krb5/auto/NonMutualSpnego.java			generic-all
-
-# Fails on Solaris 10 sparc, GSSException: Failure unspecified at GSS-API level
-#   Also fails on Windows 2000 similar way
-sun/security/krb5/auto/ok-as-delegate.sh			generic-all
-
-# Fails on Windows 2000, GSSException: Failure unspecified at GSS-API level
-#    (Mechanism level: Request is a replay (34))
-sun/security/krb5/auto/ok-as-delegate-xrealm.sh			generic-all
+#sun/security/pkcs11/ec/TestECGenSpec.java			solaris-i586
+#sun/security/pkcs11/ec/TestKeyFactory.java			solaris-i586
+sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java		solaris-i586
 
-# Fails on Windows 2000, ExceptionInInitializerError
-sun/security/mscapi/AccessKeyStore.sh				generic-all
+# Directly references PKCS11 class
+sun/security/pkcs11/Provider/Absolute.java                      windows-x64
 
-# Fails on Solaris 10, KrbException: Additional pre-authentication required (25)
-sun/security/krb5/auto/basic.sh					generic-all
-
-# Fails on Fedora 9 64bit, PKCS11Exception: CKR_DEVICE_ERROR
+# Fails on Fedora 9/Ubuntu 10.04 64bit, PKCS11Exception: CKR_DEVICE_ERROR
 sun/security/pkcs11/KeyAgreement/TestDH.java			generic-all
 
 # Run too slow on Solaris 10 sparc
@@ -525,18 +472,10 @@ sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientTimeout.java s
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ServerTimeout.java solaris-sparc
 sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java solaris-sparc
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NotifyHandshakeTest.sh solaris-sparc
-sun/security/tools/keytool/AltProviderPath.sh 			solaris-sparc
 
 # Solaris 10 sparc, passed/failed confusion? java.security.ProviderException: update() failed
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java generic-all
 
-# Seem really slow on Solaris sparc, being excluded just for timing reasons
-sun/security/tools/jarsigner/AlgOptions.sh			solaris-sparc
-sun/security/tools/jarsigner/nameclash.sh			solaris-sparc
-sun/security/krb5/auto/basic.sh					solaris-sparc
-sun/security/provider/PolicyFile/getinstance/getinstance.sh	solaris-sparc
-sun/security/tools/jarsigner/samename.sh			solaris-sparc
-
 # Othervm, sparc, NoRouteToHostException: Cannot assign requested address
 sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all
 
@@ -544,49 +483,13 @@ sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all
 #    Solaris sparc and sparcv9 -server, timeout
 sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java	generic-all
 
-# Failed on solaris 10 sparc, othervm mode,  "js.jks: No such file or directory"
-#  Also, cannot verify signature on solaris i586 -server
-sun/security/tools/jarsigner/concise_jarsigner.sh		generic-all
-
 # Various failures on Linux Fedora 9 X64, othervm mode
-lib/security/cacerts/VerifyCACerts.java				generic-all
 sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/TestAllSuites.java generic-all
 sun/security/ssl/sanity/ciphersuites/CheckCipherSuites.java	generic-all
-sun/security/tools/jarsigner/oldsig.sh				generic-all
 
 # Various failures on Linux Fedora 9 X64, othervm mode
 sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java	generic-all
 
-# Solaris sparcv9: Failed to parse input emptysubject.jks: No such file or directory
-sun/security/tools/keytool/emptysubject.sh			generic-all
-
-# Fails on OpenSolaris, missing classes, slow on Solaris sparc
-sun/security/ec/TestEC.java					generic-all
-
-# Problems with windows x64
-sun/security/mscapi/IsSunMSCAPIAvailable.sh		 	windows-x64
-sun/security/mscapi/RSAEncryptDecrypt.sh		 	windows-x64
-
-# Exception in test solaris-sparc -client -server, no windows
-sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java	        solaris-all
-
-# Solaris sparc client, fails to compile?
-sun/security/pkcs11/KeyStore/SecretKeysBasic.sh 	 	solaris-all
-
-# Fails on OpenSolaris java.net.BindException: Address already in use
-sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java		generic-all
-
-# Timeout on solaris-sparcv9 or ArrayIndexOutOfBoundsException?
-sun/security/rsa/TestKeyPairGeneratorLength.java	 	solaris-all
-sun/security/rsa/TestSignatures.java			 	solaris-all
-
-# Do not seem to run on windows machines? dll missing?
-sun/security/tools/jarsigner/emptymanifest.sh		 	windows-all
-
-# Files does not exist or no encoding? solaris-sparcv9
-sun/security/tools/keytool/importreadall.sh		 	solaris-all
-sun/security/tools/keytool/selfissued.sh		 	solaris-all
-
 ############################################################################
 
 # jdk_swing (not using samevm)

test/com/sun/security/auth/login/ConfigFile/IllegalURL.java

@@ -43,8 +43,9 @@ public class IllegalURL {
     static void use(String f) throws Exception {
         System.out.println("Testing " + f  + "...");
         System.setProperty("java.security.auth.login.config", f);
-        try {
-            new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar));
+        try (FileInputStream fis =
+                new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar))) {
+            // do nothing
         } catch (Exception e) {
             System.out.println("Even old implementation does not support it. Ignored.");
             return;

test/java/security/testlibrary/Providers.java

+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Provider;
+import java.security.Security;
+
+public class Providers {
+    public static void setAt(Provider p, int pos) throws Exception {
+        if (Security.getProvider(p.getName()) != null) {
+            Security.removeProvider(p.getName());
+        }
+        if (Security.insertProviderAt(p, pos) == -1) {
+            throw new Exception("cannot setAt");
+        }
+    }
+}

test/javax/security/auth/login/LoginContext/ResetConfigModule.java

@@ -25,7 +25,6 @@
  * @test
  * @bug 4633622
  * @summary  bug in LoginContext when Configuration is subclassed
- *
  * @build ResetConfigModule ResetModule
  * @run main ResetConfigModule
  */
@@ -40,32 +39,42 @@ public class ResetConfigModule {
 
     public static void main(String[] args) throws Exception {
 
-        Configuration.setConfiguration(new MyConfig());
+        Configuration previousConf = Configuration.getConfiguration();
+        ClassLoader previousCL = Thread.currentThread().getContextClassLoader();
 
-        LoginContext lc = new LoginContext("test");
         try {
-            lc.login();
-            throw new SecurityException("test 1 failed");
-        } catch (LoginException le) {
-            if (le.getCause() != null &&
-                le.getCause() instanceof SecurityException) {
-                System.out.println("good so far");
-            } else {
-                throw le;
+            Thread.currentThread().setContextClassLoader(
+                    ResetConfigModule.class.getClassLoader());
+            Configuration.setConfiguration(new MyConfig());
+
+            LoginContext lc = new LoginContext("test");
+            try {
+                lc.login();
+                throw new SecurityException("test 1 failed");
+            } catch (LoginException le) {
+                if (le.getCause() != null &&
+                    le.getCause() instanceof SecurityException) {
+                    System.out.println("good so far");
+                } else {
+                    throw le;
+                }
             }
-        }
 
-        LoginContext lc2 = new LoginContext("test2");
-        try {
-            lc2.login();
-            throw new SecurityException("test 2 failed");
-        } catch (LoginException le) {
-            if (le.getCause() != null &&
-                le.getCause()  instanceof SecurityException) {
-                System.out.println("test succeeded");
-            } else {
-                throw le;
+            LoginContext lc2 = new LoginContext("test2");
+            try {
+                lc2.login();
+                throw new SecurityException("test 2 failed");
+            } catch (LoginException le) {
+                if (le.getCause() != null &&
+                    le.getCause()  instanceof SecurityException) {
+                    System.out.println("test succeeded");
+                } else {
+                    throw le;
+                }
             }
+        } finally {
+            Configuration.setConfiguration(previousConf);
+            Thread.currentThread().setContextClassLoader(previousCL);
         }
     }
 }

test/sun/security/ec/TestEC.java

@@ -28,11 +28,13 @@
  * @library ../pkcs11
  * @library ../pkcs11/ec
  * @library ../pkcs11/sslecc
+ * @library ../../../java/security/testlibrary
  * @compile -XDignore.symbol.file TestEC.java
  * @run main TestEC
  */
 
 import java.security.Provider;
+import java.security.Security;
 
 /*
  * Leverage the collection of EC tests used by PKCS11
@@ -51,6 +53,15 @@ import java.security.Provider;
 public class TestEC {
 
     public static void main(String[] args) throws Exception {
+        ProvidersSnapshot snapshot = ProvidersSnapshot.create();
+        try {
+            main0(args);
+        } finally {
+            snapshot.restore();
+        }
+    }
+
+    public static void main0(String[] args) throws Exception {
         Provider p = new sun.security.ec.SunEC();
         System.out.println("Running tests with " + p.getName() +
             " provider...\n");
@@ -67,6 +78,11 @@ public class TestEC {
         new TestECGenSpec().main(p);
         new ReadPKCS12().main(p);
         new ReadCertificates().main(p);
+
+        // ClientJSSEServerJSSE fails on Solaris 11 when both SunEC and
+        // SunPKCS11-Solaris providers are enabled.
+        // Workaround:
+        // Security.removeProvider("SunPKCS11-Solaris");
         new ClientJSSEServerJSSE().main(p);
 
         long stop = System.currentTimeMillis();

test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java

@@ -36,7 +36,7 @@ public class NoSpnegoAsDefMech {
     public static void main(String[] argv) throws Exception {
         System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString());
         try {
-            GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
+            GSSManager.getInstance().createName("service@localhost", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
         } catch (GSSException e) {
             // This is OK, for example, krb5.conf is missing or other problems
         }

test/sun/security/pkcs11/PKCS11Test.java

@@ -72,10 +72,33 @@ public abstract class PKCS11Test {
     }
 
     public static void main(PKCS11Test test) throws Exception {
-        System.out.println("Beginning test run " + test.getClass().getName() + "...");
-        testDefault(test);
-        testNSS(test);
-        testDeimos(test);
+        Provider[] oldProviders = Security.getProviders();
+        try {
+            System.out.println("Beginning test run " + test.getClass().getName() + "...");
+            testDefault(test);
+            testNSS(test);
+            testDeimos(test);
+        } finally {
+            Provider[] newProviders = Security.getProviders();
+            // Do not restore providers if nothing changed. This is especailly
+            // useful for ./Provider/Login.sh, where a SecurityManager exists.
+            if (oldProviders.length == newProviders.length) {
+                boolean found = false;
+                for (int i = 0; i<oldProviders.length; i++) {
+                    if (oldProviders[i] != newProviders[i]) {
+                        found = true;
+                        break;
+                    }
+                }
+                if (!found) return;
+            }
+            for (Provider p: newProviders) {
+                Security.removeProvider(p.getName());
+            }
+            for (Provider p: oldProviders) {
+                Security.addProvider(p);
+            }
+        }
     }
 
     public static void testDeimos(PKCS11Test test) throws Exception {
@@ -153,21 +176,21 @@ public abstract class PKCS11Test {
         return libdir;
     }
 
-    static boolean loadNSPR(String libdir) throws Exception {
-        // load NSS softoken dependencies in advance to avoid resolver issues
+    protected static void safeReload(String lib) throws Exception {
         try {
-            System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "nspr4"));
+            System.load(lib);
         } catch (UnsatisfiedLinkError e) {
-            // GLIBC problem on older linux-amd64 machines
-            if (libdir.contains("linux-amd64")) {
-                System.out.println(e);
-                System.out.println("NSS does not work on this platform, skipping.");
-                return false;
+            if (e.getMessage().contains("already loaded")) {
+                return;
             }
-            throw e;
         }
-        System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "plc4"));
-        System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "plds4"));
+    }
+
+    static boolean loadNSPR(String libdir) throws Exception {
+        // load NSS softoken dependencies in advance to avoid resolver issues
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "nspr4"));
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "plc4"));
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "plds4"));
         return true;
     }
 

test/sun/security/pkcs11/Secmod/AddPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary Test that the PKCS#11 KeyStore handles RSA, DSA, and EC keys
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm AddPrivateKey
  */
 
 import java.io.*;

test/sun/security/pkcs11/Secmod/AddTrustedCert.java

@@ -27,6 +27,7 @@
  * @summary make sure we can add a trusted cert to the NSS KeyStore module
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm AddTrustedCert
  */
 
 import java.io.*;

test/sun/security/pkcs11/Secmod/Crypto.java

@@ -27,6 +27,7 @@
  * @summary verify that NSS no-db mode works correctly
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm Crypto
  */
 
 import java.util.*;

test/sun/security/pkcs11/Secmod/GetPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary make sure we can access the NSS softtoken KeyStore and use a private key
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm GetPrivateKey
  */
 
 import java.util.*;

test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary store a NSS PKCS11 PrivateKeyEntry to JKS KeyStore throws confusing NPE
  * @author Wang Weijun
  * @library ..
+ * @run main/othervm JksSetPrivateKey
  */
 
 import java.util.*;

test/sun/security/pkcs11/Secmod/TrustAnchors.java

@@ -27,6 +27,7 @@
  * @summary make sure we can access the NSS trust anchor module
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TrustAnchors
  */
 
 import java.util.*;

test/sun/security/pkcs11/SecmodTest.java

@@ -44,8 +44,8 @@ public class SecmodTest extends PKCS11Test {
         if (loadNSPR(LIBPATH) == false) {
             return false;
         }
-        System.load(LIBPATH + System.mapLibraryName("softokn3"));
-        System.load(LIBPATH + System.mapLibraryName("nssckbi"));
+        safeReload(LIBPATH + System.mapLibraryName("softokn3"));
+        safeReload(LIBPATH + System.mapLibraryName("nssckbi"));
 
         DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
         System.setProperty("pkcs11test.nss.db", DBDIR);

test/sun/security/pkcs11/ec/ReadCertificates.java

@@ -28,6 +28,7 @@
  *   and verify their signatures
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -62,7 +63,7 @@ public class ReadCertificates extends PKCS11Test {
             System.out.println("Provider does not support ECDSA, skipping...");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         random = new SecureRandom();
         factory = CertificateFactory.getInstance("X.509");

test/sun/security/pkcs11/ec/ReadPKCS12.java

@@ -27,6 +27,7 @@
  * @summary Verify that we can parse ECPrivateKeys from PKCS#12 and use them
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -52,7 +53,7 @@ public class ReadPKCS12 extends PKCS11Test {
             System.out.println("Provider does not support ECDSA, skipping...");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         CertificateFactory factory = CertificateFactory.getInstance("X.509");
         try {

test/sun/security/pkcs11/ec/TestECDH.java

@@ -27,6 +27,7 @@
  * @summary Basic known answer test for ECDH
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -59,7 +60,7 @@ public class TestECDH extends PKCS11Test {
             System.out.println("Provider does not support ECDH, skipping");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         if (false) {
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);

test/sun/security/pkcs11/ec/TestECDSA.java

@@ -27,6 +27,7 @@
  * @summary basic test of SHA1withECDSA and NONEwithECDSA signing/verifying
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -115,7 +116,7 @@ public class TestECDSA extends PKCS11Test {
             System.out.println("ECDSA not supported, skipping");
             return;
         }
-        Security.insertProviderAt(provider, 1);
+        Providers.setAt(provider, 1);
 
         if (false) {
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", provider);

test/sun/security/pkcs11/fips/CipherTest.java

@@ -394,47 +394,52 @@ public class CipherTest {
 
     public static void main(PeerFactory peerFactory, KeyStore keyStore,
             String[] args) throws Exception {
-
-        long time = System.currentTimeMillis();
-        String relPath;
-        if ((args != null) && (args.length > 0) && args[0].equals("sh")) {
-            relPath = pathToStoresSH;
-        } else {
-            relPath = pathToStores;
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
+            long time = System.currentTimeMillis();
+            String relPath;
+            if ((args != null) && (args.length > 0) && args[0].equals("sh")) {
+                relPath = pathToStoresSH;
+            } else {
+                relPath = pathToStores;
+            }
+            PATH = new File(System.getProperty("test.src", "."), relPath);
+            CipherTest.peerFactory = peerFactory;
+            System.out.print(
+                "Initializing test '" + peerFactory.getName() + "'...");
+//          secureRandom = new SecureRandom();
+//          secureRandom.nextInt();
+//          trustStore = readKeyStore(trustStoreFile);
+            CipherTest.keyStore = keyStore;
+//          keyStore = readKeyStore(keyStoreFile);
+            KeyManagerFactory keyFactory =
+                KeyManagerFactory.getInstance(
+                    KeyManagerFactory.getDefaultAlgorithm());
+            keyFactory.init(keyStore, "test12".toCharArray());
+            keyManager = (X509ExtendedKeyManager)keyFactory.getKeyManagers()[0];
+
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(keyStore);
+            trustManager = (X509TrustManager)tmf.getTrustManagers()[0];
+
+//          trustManager = new AlwaysTrustManager();
+            SSLContext context = SSLContext.getInstance("TLS");
+            context.init(new KeyManager[] {keyManager},
+                    new TrustManager[] {trustManager}, null);
+            SSLContext.setDefault(context);
+
+            CipherTest cipherTest = new CipherTest(peerFactory);
+            Thread serverThread = new Thread(peerFactory.newServer(cipherTest),
+                "Server");
+            serverThread.setDaemon(true);
+            serverThread.start();
+            System.out.println("Done");
+            cipherTest.run();
+            time = System.currentTimeMillis() - time;
+            System.out.println("Done. (" + time + " ms)");
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
         }
-        PATH = new File(System.getProperty("test.src", "."), relPath);
-        CipherTest.peerFactory = peerFactory;
-        System.out.print(
-            "Initializing test '" + peerFactory.getName() + "'...");
-//      secureRandom = new SecureRandom();
-//      secureRandom.nextInt();
-//      trustStore = readKeyStore(trustStoreFile);
-        CipherTest.keyStore = keyStore;
-//      keyStore = readKeyStore(keyStoreFile);
-        KeyManagerFactory keyFactory =
-            KeyManagerFactory.getInstance(
-                KeyManagerFactory.getDefaultAlgorithm());
-        keyFactory.init(keyStore, "test12".toCharArray());
-        keyManager = (X509ExtendedKeyManager)keyFactory.getKeyManagers()[0];
-
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-        tmf.init(keyStore);
-        trustManager = (X509TrustManager)tmf.getTrustManagers()[0];
-
-//      trustManager = new AlwaysTrustManager();
-        SSLContext context = SSLContext.getInstance("TLS");
-        context.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null);
-        SSLContext.setDefault(context);
-
-        CipherTest cipherTest = new CipherTest(peerFactory);
-        Thread serverThread = new Thread(peerFactory.newServer(cipherTest),
-            "Server");
-        serverThread.setDaemon(true);
-        serverThread.start();
-        System.out.println("Done");
-        cipherTest.run();
-        time = System.currentTimeMillis() - time;
-        System.out.println("Done. (" + time + " ms)");
     }
 
     static abstract class PeerFactory {

test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java

@@ -26,6 +26,7 @@
  * @bug 6313675 6323647
  * @summary Verify that all ciphersuites work in FIPS mode
  * @library ..
+ * @run main/othervm ClientJSSEServerJSSE
  * @ignore JSSE supported cipher suites are changed with CR 6916074,
  *     need to update this test case in JDK 7 soon
  * @author Andreas Sterbenz

test/sun/security/pkcs11/fips/TrustManagerTest.java

@@ -27,6 +27,7 @@
  * @summary Verify that the SunJSSE trustmanager works correctly in FIPS mode
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TrustManagerTest
  */
 
 import java.io.*;

test/sun/security/pkcs11/rsa/TestCACerts.java

@@ -48,32 +48,35 @@ public class TestCACerts extends PKCS11Test {
     public void main(Provider p) throws Exception {
         long start = System.currentTimeMillis();
         Security.addProvider(p);
-        String PROVIDER = p.getName();
-        String javaHome = System.getProperty("java.home");
-        String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts";
-        InputStream in = new FileInputStream(caCerts);
-        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-        ks.load(in, null);
-        in.close();
-        for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
-            String alias = (String)e.nextElement();
-            if (ks.isCertificateEntry(alias)) {
-                System.out.println("* Testing " + alias + "...");
-                X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
-                PublicKey key = cert.getPublicKey();
-                String alg = key.getAlgorithm();
-                if (alg.equals("RSA")) {
-                    System.out.println("Signature algorithm: " + cert.getSigAlgName());
-                    cert.verify(key, PROVIDER);
+        try {
+            String PROVIDER = p.getName();
+            String javaHome = System.getProperty("java.home");
+            String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts";
+            InputStream in = new FileInputStream(caCerts);
+            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+            ks.load(in, null);
+            in.close();
+            for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
+                String alias = (String)e.nextElement();
+                if (ks.isCertificateEntry(alias)) {
+                    System.out.println("* Testing " + alias + "...");
+                    X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
+                    PublicKey key = cert.getPublicKey();
+                    String alg = key.getAlgorithm();
+                    if (alg.equals("RSA")) {
+                        System.out.println("Signature algorithm: " + cert.getSigAlgName());
+                        cert.verify(key, PROVIDER);
+                    } else {
+                        System.out.println("Skipping cert with key: " + alg);
+                    }
                 } else {
-                    System.out.println("Skipping cert with key: " + alg);
+                    System.out.println("Skipping alias " + alias);
                 }
-            } else {
-                System.out.println("Skipping alias " + alias);
             }
+            long stop = System.currentTimeMillis();
+            System.out.println("All tests passed (" + (stop - start) + " ms).");
+        } finally {
+            Security.removeProvider(p.getName());
         }
-        long stop = System.currentTimeMillis();
-        System.out.println("All tests passed (" + (stop - start) + " ms).");
     }
-
 }

test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java

@@ -27,6 +27,7 @@
  * @summary Verify that all ciphersuites work (incl. ECC using NSS crypto)
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.security.*;
@@ -45,7 +46,7 @@ public class ClientJSSEServerJSSE extends PKCS11Test {
             System.out.println("Provider does not support EC, skipping");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
         CipherTest.main(new JSSEFactory(), cmdArgs);
         Security.removeProvider(p.getName());
     }

test/sun/security/pkcs12/PKCS12SameKeyId.java

@@ -86,7 +86,9 @@ public class PKCS12SameKeyId {
 
         // Reads from JKS keystore and pre-calculate
         KeyStore ks = KeyStore.getInstance("jks");
-        ks.load(new FileInputStream(JKSFILE), PASSWORD);
+        try (FileInputStream fis = new FileInputStream(JKSFILE)) {
+            ks.load(fis, PASSWORD);
+        }
         for (int i=0; i<SIZE; i++) {
             aliases[i] = "p" + i;
             byte[] enckey = cipher.doFinal(
@@ -103,11 +105,15 @@ public class PKCS12SameKeyId {
         for (int i=0; i<SIZE; i++) {
             p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
         }
-        p12.store(new FileOutputStream(P12FILE), PASSWORD);
+        try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
+            p12.store(fos, PASSWORD);
+        }
 
         // Check private keys still match certs
         p12 = KeyStore.getInstance("pkcs12");
-        p12.load(new FileInputStream(P12FILE), PASSWORD);
+        try (FileInputStream fis = new FileInputStream(P12FILE)) {
+            p12.load(fis, PASSWORD);
+        }
         for (int i=0; i<SIZE; i++) {
             String a = "p" + i;
             X509Certificate x = (X509Certificate)p12.getCertificate(a);

test/sun/security/provider/PolicyFile/Comparator.java

@@ -24,6 +24,7 @@
 /*
  * @test
  * @bug 5037004
+ * @run main/othervm Comparator
  * @summary Frivolous ClassCastExceptions thrown by SubjectCodeSource.implies
  *
  * Note:  if you want to see the java.security.debug output,

test/sun/security/ssl/com/sun/net/ssl/SSLSecurity/ProviderTest.java

@@ -40,28 +40,32 @@ public class ProviderTest {
         TrustManagerFactory tmf;
         KeyManagerFactory kmf;
 
-        Security.addProvider(new MyProvider());
-
-        System.out.println("getting a javax SSLContext");
-        sslc = SSLContext.getInstance("javax");
-        sslc.init(null, null, null);
-        System.out.println("\ngetting a com SSLContext");
-        sslc = SSLContext.getInstance("com");
-        sslc.init(null, null, null);
-
-        System.out.println("\ngetting a javax TrustManagerFactory");
-        tmf = TrustManagerFactory.getInstance("javax");
-        tmf.init((KeyStore) null);
-        System.out.println("\ngetting a com TrustManagerFactory");
-        tmf = TrustManagerFactory.getInstance("com");
-        tmf.init((KeyStore) null);
-
-        System.out.println("\ngetting a javax KeyManagerFactory");
-        kmf = KeyManagerFactory.getInstance("javax");
-        kmf.init((KeyStore) null, null);
-        System.out.println("\ngetting a com KeyManagerFactory");
-        kmf = KeyManagerFactory.getInstance("com");
-        kmf.init((KeyStore) null, null);
+        Provider extraProvider = new MyProvider();
+        Security.addProvider(extraProvider);
+        try {
+            System.out.println("getting a javax SSLContext");
+            sslc = SSLContext.getInstance("javax");
+            sslc.init(null, null, null);
+            System.out.println("\ngetting a com SSLContext");
+            sslc = SSLContext.getInstance("com");
+            sslc.init(null, null, null);
+
+            System.out.println("\ngetting a javax TrustManagerFactory");
+            tmf = TrustManagerFactory.getInstance("javax");
+            tmf.init((KeyStore) null);
+            System.out.println("\ngetting a com TrustManagerFactory");
+            tmf = TrustManagerFactory.getInstance("com");
+            tmf.init((KeyStore) null);
+
+            System.out.println("\ngetting a javax KeyManagerFactory");
+            kmf = KeyManagerFactory.getInstance("javax");
+            kmf.init((KeyStore) null, null);
+            System.out.println("\ngetting a com KeyManagerFactory");
+            kmf = KeyManagerFactory.getInstance("com");
+            kmf.init((KeyStore) null, null);
+        } finally {
+            Security.removeProvider(extraProvider.getName());
+        }
     }
 }
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/ReadBlocksClose.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4814140
  * @summary AppInputStream: read can block a close
+ * @run main/othervm ReadBlocksClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/ReadHandshake.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4514971
  * @summary Verify applications do not read handshake data after failure
+ * @run main/othervm ReadHandshake
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/ReadZeroBytes.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6697270
  * @summary Inputstream dosent behave correct
+ * @run main/othervm ReadZeroBytes
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/RemoveMarkReset.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4413664
  * @summary remove mark/reset functionality from AppInputStream
+ * @run main/othervm RemoveMarkReset
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppOutputStream/NoExceptionOnClose.java

@@ -25,6 +25,10 @@
  * @test 1.3 01/03/08
  * @bug 4378397
  * @summary  JSSE socket output stream doesn't throw after socket is closed
+ * @run main/othervm NoExceptionOnClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Jaya Hangal
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java

@@ -26,6 +26,10 @@
  * @bug 4330535
  * @summary  Client should follow suite order in
  *           SSLSocket.setEnabledCipherSuites()
+ * @run main/othervm CipherSuiteOrder
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Jaya Hangal
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/RSAExport.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6690018
  * @summary RSAClientKeyExchange NullPointerException
+ * @run main/othervm RSAExport
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 /*

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/GenSSLConfigs/main.java

 /*
  * @test
  * @build TestThread Traffic Handler ServerHandler ServerThread ClientThread
- * @run main/timeout=140 main
+ * @run main/othervm/timeout=140 main
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @summary Make sure that different configurations of SSL sockets work
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/HandshakeOutStream/NullCerts.java

@@ -24,7 +24,12 @@
 /*
  * @test
  * @bug 4453053
- * @summary If a server shuts down correctly during handshaking, the client doesn't see it.
+ * @summary If a server shuts down correctly during handshaking, the client
+ *     doesn't see it.
+ * @run main/othervm NullCerts
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/InputRecord/ClientHelloRead.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 4432868
  * @summary A client-hello message may not always be read correctly
+ * @run main/othervm ClientHelloRead
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -154,23 +158,29 @@ public class ClientHelloRead {
          * we want to avoid URLspoofCheck failures in cases where the cert
          * DN name does not match the hostname in the URL.
          */
-        HttpsURLConnection.setDefaultHostnameVerifier(
-                                      new NameVerifier());
-        URL url = new URL("https://" + "localhost:" + serverPort
-                                + "/index.html");
-        BufferedReader in = null;
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
-            in = new BufferedReader(new InputStreamReader(
-                               url.openStream()));
-            String inputLine;
-            System.out.print("Client recieved from the server: ");
-            while ((inputLine = in.readLine()) != null)
-                System.out.println(inputLine);
-            in.close();
-        } catch (SSLException e) {
-            if (in != null)
+            HttpsURLConnection.setDefaultHostnameVerifier(
+                                          new NameVerifier());
+            URL url = new URL("https://" + "localhost:" + serverPort
+                                    + "/index.html");
+            BufferedReader in = null;
+            try {
+                in = new BufferedReader(new InputStreamReader(
+                                   url.openStream()));
+                String inputLine;
+                System.out.print("Client recieved from the server: ");
+                while ((inputLine = in.readLine()) != null)
+                    System.out.println(inputLine);
                 in.close();
-            throw e;
+            } catch (SSLException e) {
+                if (in != null)
+                    in.close();
+                throw e;
+            }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/InputRecord/SSLSocketTimeoutNulls.java

@@ -27,7 +27,10 @@
  * @summary Setting timeouts on SSLSockets immediately return null
  *      after timeout occurs.  This bug was fixed as part of 4393337,
  *      but this is another bug we want to check regressions against.
- * @run main/timeout=140 SSLSocketTimeoutNulls
+ * @run main/othervm/timeout=140 SSLSocketTimeoutNulls
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java

 /*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -147,12 +147,18 @@ public class HttpsProtocols implements HostnameVerifier {
             Thread.sleep(50);
         }
 
-        HttpsURLConnection.setDefaultHostnameVerifier(this);
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            HttpsURLConnection.setDefaultHostnameVerifier(this);
 
-        URL url = new URL("https://localhost:" + serverPort + "/");
-        HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
+            URL url = new URL("https://localhost:" + serverPort + "/");
+            HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
 
-        System.out.println("response is " + urlc.getResponseCode());
+            System.out.println("response is " + urlc.getResponseCode());
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     public boolean verify(String hostname, SSLSession session) {

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/BadKSProvider.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4919147
  * @summary Support for token-based KeyStores
+ * @run main/othervm BadKSProvider
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/BadTSProvider.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4919147
  * @summary Support for token-based KeyStores
+ * @run main/othervm BadTSProvider
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/GoodProvider.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4919147
  * @summary Support for token-based KeyStores
+ * @run main/othervm GoodProvider
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/RehandshakeFinished.java

@@ -26,6 +26,10 @@
  * @bug 6207322
  * @summary SSLEngine is returning a premature FINISHED message when doing
  * an abbreviated handshake.
+ * @run main/othervm RehandshakeFinished
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * This test may need some updating if the messages change order.
  * Currently I'm expecting that there is a simple renegotiation, with

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineDeadlock.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6492872
  * @summary Deadlock in SSLEngine
+ * @run main/othervm SSLEngineDeadlock
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Brad R. Wetmore
  */

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSessionImpl/HashCodeMissing.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4910892
  * @summary 4518403 was not properly fixed.   hashcode should be hashCode.
+ * @run main/othervm HashCodeMissing
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java

@@ -26,6 +26,10 @@
  * @bug 6447412
  * @summary Issue with socket.close() for ssl sockets when poweroff on
  *          other system
+ * @run main/othervm AsyncSSLSocketClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import javax.net.ssl.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientModeClientAuth.java

@@ -24,8 +24,11 @@
 /*
  * @test
  * @bug 4390659
- * @run main/othervm -Djavax.net.debug=all ClientModeClientAuth
  * @summary setNeedClientAuth() isn't working after a handshaker is established
+ * @run main/othervm ClientModeClientAuth
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientTimeout.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4836493
  * @summary Socket timeouts for SSLSockets causes data corruption.
+ * @run main/othervm ClientTimeout
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/CloseSocketException.java

@@ -26,6 +26,10 @@
  * @bug 4969799
  * @summary javax.net.ssl.SSLSocket.SSLSocket(InetAddress,int) shouldn't
  *              throw exception
+ * @run main/othervm CloseSocketException
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * This is making sure that starting a new handshake throws the right
  * exception.  There is a similar test for SSLEngine.

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4403428
  * @summary Invalidating JSSE session on server causes SSLProtocolException
+ * @run main/othervm InvalidateServerSessionRenegotiate
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NewSocketMethods.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4429176
  * @summary need to sync up SSL sockets with merlin java.net changes
+ * @run main/othervm NewSocketMethods
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NonAutoClose.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4404399
  * @summary When a layered SSL socket is closed, it should wait for close_notify
+ * @run main/othervm NonAutoClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ReuseAddr.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4482446
  * @summary java.net.SocketTimeoutException on 98, NT, 2000 for JSSE
+ * @run main/othervm ReuseAddr
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ReverseNameLookup.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4748292
  * @summary Prevent/Disable reverse name lookups with JSSE SSL sockets
+ * @run main/othervm ReverseNameLookup
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions.java

@@ -26,6 +26,10 @@
  * @bug 4361124 4325806
  * @summary SSLServerSocket isn't throwing exceptions when negotiations are
  *      failing & java.net.SocketException: occures in Auth and clientmode
+ * @run main/othervm SSLSocketImplThrowsWrongExceptions
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ServerTimeout.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4836493
  * @summary Socket timeouts for SSLSockets causes data corruption.
+ * @run main/othervm ServerTimeout
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/SetClientMode.java

@@ -26,6 +26,10 @@
  * @bug 6223624
  * @summary SSLSocket.setUseClientMode() fails to throw expected
  *        IllegalArgumentException
+ * @run main/othervm SetClientMode
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 /*

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java

@@ -25,6 +25,11 @@
  * @test
  * @bug 4480441
  * @summary startHandshake giving wrong message when unconnected.
+ * @run main/othervm UnconnectedSocketWrongExceptions
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java

@@ -25,7 +25,10 @@
  * @test
  * @bug 4392475
  * @summary Calling setWantClientAuth(true) disables anonymous suites
- * @run main/timeout=180 AnonCipherWithWantClientAuth
+ * @run main/othervm/timeout=180 AnonCipherWithWantClientAuth
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java

@@ -22,10 +22,13 @@
  */
 
 /**
- *@test
- *@bug 4302026
- *@run main GetPeerHost
- *@summary make sure the server side doesn't do DNS lookup.
+ * @test
+ * @bug 4302026
+ * @run main/othervm GetPeerHost
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ * @summary make sure the server side doesn't do DNS lookup.
  */
 import javax.net.*;
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SocketCreation/SocketCreation.java

@@ -27,7 +27,10 @@
  * @summary This test tries all the different ways in which an SSL
  * connection can be established to exercise different SSLSocketImpl
  * constructors.
- * @run main/timeout=300 SocketCreation
+ * @run main/othervm/timeout=300 SocketCreation
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ClientServer.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4717766
  * @summary 1.0.3 JsseX509TrustManager erroneously calls isClientTrusted()
+ * @run main/othervm ClientServer
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @ignore JSSE supports algorithm constraints with CR 6916074,
  *     need to update this test case in JDK 7 soon
  * @author Brad Wetmore

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java

@@ -26,6 +26,10 @@
  * @test
  * @bug 6916074
  * @summary Add support for TLS 1.2
+ * @run main/othervm PKIXExtendedTM
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.net.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java

@@ -27,6 +27,9 @@
  * @summary support self-issued certificate
  * @run main/othervm SelfIssuedCert PKIX
  * @run main/othervm SelfIssuedCert SunX509
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java

@@ -24,8 +24,11 @@
 /*
  * @test
  * @bug 6916074
- * @run main/othervm -Djavax.net.debug=all SunX509ExtendedTM
  * @summary Add support for TLS 1.2
+ * @run main/othervm SunX509ExtendedTM
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.net.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6916074
  * @summary Add support for TLS 1.2
+ * @run main/othervm X509ExtendedTMEnabled
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * Ensure that the SunJSSE provider enables the X509ExtendedTrustManager.
  */

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/spi/ProviderInit.java

@@ -26,6 +26,10 @@
  * @bug 4522550
  * @summary SSLContext TrustMananagerFactory and KeyManagerFactory
  *              should throw if not init
+ * @run main/othervm ProviderInit
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Jaya Hangal
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,11 @@
  * @test
  * @bug 4323990 4413069
  * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT
- * Incorrect checking of proxy server response
+ *     Incorrect checking of proxy server response
+ * @run main/othervm ProxyAuthTest
+ *
+ *     No way to reserve and restore java.lang.Authenticator, need to run this
+ *     test in othervm mode.
  */
 
 import java.io.*;
@@ -77,8 +81,7 @@ public class ProxyAuthTest {
     /*
      * Main method to create the server and the client
      */
-    public static void main(String args[]) throws Exception
-    {
+    public static void main(String args[]) throws Exception {
         String keyFilename =
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + keyStoreFile;
@@ -110,10 +113,9 @@ public class ProxyAuthTest {
         try {
             doClientSide();
         } catch (Exception e) {
-            System.out.println("Client side failed: " +
-                                e.getMessage());
+            System.out.println("Client side failed: " + e.getMessage());
             throw e;
-          }
+        }
     }
 
     private static ServerSocketFactory getServerSocketFactory

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ServerIdentityTest.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,11 @@
  * @bug 4328195
  * @summary Need to include the alternate subject DN for certs,
  *          https should check for this
+ * @run main/othervm ServerIdentityTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Yingxian Wang
  */
 
@@ -136,39 +141,45 @@ public class ServerIdentityTest {
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
-        for (int i = 0; i < keyStoreFiles.length; i++) {
-            String keyFilename =
-                System.getProperty("test.src", ".") + "/" + pathToStores +
-                "/" + keyStoreFiles[i];
-            String trustFilename =
-                System.getProperty("test.src", ".") + "/" + pathToStores +
-                "/" + trustStoreFiles[i];
+        SSLSocketFactory reservedSFactory =
+                HttpsURLConnection.getDefaultSSLSocketFactory();
+        try {
+            for (int i = 0; i < keyStoreFiles.length; i++) {
+                String keyFilename =
+                    System.getProperty("test.src", ".") + "/" + pathToStores +
+                    "/" + keyStoreFiles[i];
+                String trustFilename =
+                    System.getProperty("test.src", ".") + "/" + pathToStores +
+                    "/" + trustStoreFiles[i];
 
-            System.setProperty("javax.net.ssl.keyStore", keyFilename);
-            System.setProperty("javax.net.ssl.keyStorePassword", passwd);
-            System.setProperty("javax.net.ssl.trustStore", trustFilename);
-            System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+                System.setProperty("javax.net.ssl.keyStore", keyFilename);
+                System.setProperty("javax.net.ssl.keyStorePassword", passwd);
+                System.setProperty("javax.net.ssl.trustStore", trustFilename);
+                System.setProperty("javax.net.ssl.trustStorePassword", passwd);
 
-            if (debug)
-                System.setProperty("javax.net.debug", "all");
-            SSLContext context = SSLContext.getInstance("SSL");
+                if (debug)
+                    System.setProperty("javax.net.debug", "all");
+                SSLContext context = SSLContext.getInstance("SSL");
 
-            KeyManager[] kms = new KeyManager[1];
-            KeyStore ks = KeyStore.getInstance("JKS");
-            FileInputStream fis = new FileInputStream(keyFilename);
-            ks.load(fis, passwd.toCharArray());
-            fis.close();
-            KeyManager km = new MyKeyManager(ks, passwd.toCharArray());
-            kms[0] = km;
-            context.init(kms, null, null);
-            HttpsURLConnection.setDefaultSSLSocketFactory(
-                 context.getSocketFactory());
+                KeyManager[] kms = new KeyManager[1];
+                KeyStore ks = KeyStore.getInstance("JKS");
+                FileInputStream fis = new FileInputStream(keyFilename);
+                ks.load(fis, passwd.toCharArray());
+                fis.close();
+                KeyManager km = new MyKeyManager(ks, passwd.toCharArray());
+                kms[0] = km;
+                context.init(kms, null, null);
+                HttpsURLConnection.setDefaultSSLSocketFactory(
+                     context.getSocketFactory());
 
-            /*
-             * Start the tests.
-             */
-            System.out.println("Testing " + keyFilename);
-            new ServerIdentityTest(context, keyStoreFiles[i]);
+                /*
+                 * Start the tests.
+                 */
+                System.out.println("Testing " + keyFilename);
+                new ServerIdentityTest(context, keyStoreFiles[i]);
+            }
+        } finally {
+            HttpsURLConnection.setDefaultSSLSocketFactory(reservedSFactory);
         }
     }
 

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java

@@ -26,6 +26,11 @@
  * @bug 6668231
  * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to
  *          fail trusted checks
+ * @run main/othervm CriticalSubjectAltName
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Xuelei Fan
  *
  * This test depends on binary keystore, crisubn.jks and trusted.jks. Because

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/GetResponseCode.java

@@ -25,6 +25,11 @@
  * @test
  * @bug 4482187
  * @summary HttpsClient tests are failing for build 71
+ * @run main/othervm GetResponseCode
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Yingxian Wang
  */
 import java.io.*;

test/sun/security/ssl/javax/net/ssl/Fix5070632.java

 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 5070632
  * @summary Default SSLSockeFactory override createSocket() now
+ * @run main/othervm Fix5070632
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Weijun Wang
  */
 
@@ -35,8 +39,13 @@ import java.security.*;
 
 public class Fix5070632 {
     public static void main(String[] args) throws Exception {
+        // reserve the security properties
+        String reservedSFacProvider =
+            Security.getProperty("ssl.SocketFactory.provider");
+
         // use a non-existing provider so that the DefaultSSLSocketFactory
         // will be used, and then test against it.
+
         Security.setProperty("ssl.SocketFactory.provider", "foo.NonExistant");
         SSLSocketFactory fac = (SSLSocketFactory)SSLSocketFactory.getDefault();
         try {
@@ -46,8 +55,16 @@ public class Fix5070632 {
             System.out.println("Throw SocketException");
             se.printStackTrace();
             return;
+        } finally {
+            // restore the security properties
+            if (reservedSFacProvider == null) {
+                reservedSFacProvider = "";
+            }
+            Security.setProperty("ssl.SocketFactory.provider",
+                                                reservedSFacProvider);
         }
-        throw new Exception("should throw SocketException");
+
         // if not caught, or other exception caught, then it's error
+        throw new Exception("should throw SocketException");
     }
 }

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/ComURLNulls.java

 /*
- * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,10 @@
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes, and HttpsURLConnection.getCipherSuite throws
  *      NullPointerException
+ * @run main/othervm ComURLNulls
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -34,6 +38,7 @@ import java.net.*;
 import java.io.*;
 import javax.net.ssl.*;
 import com.sun.net.ssl.HttpsURLConnection;
+import com.sun.net.ssl.HostnameVerifier;
 
 /*
  * Tests that the com null argument changes made it in ok.
@@ -42,59 +47,64 @@ import com.sun.net.ssl.HttpsURLConnection;
 public class ComURLNulls {
 
     public static void main(String[] args) throws Exception {
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            System.setProperty("java.protocol.handler.pkgs",
+                                    "com.sun.net.ssl.internal.www.protocol");
+            /**
+             * This test does not establish any connection to the specified
+             * URL, hence a dummy URL is used.
+             */
+            URL foobar = new URL("https://example.com/");
 
-        System.setProperty("java.protocol.handler.pkgs",
-                                "com.sun.net.ssl.internal.www.protocol");
-        /**
-         * This test does not establish any connection to the specified
-         * URL, hence a dummy URL is used.
-         */
-        URL foobar = new URL("https://example.com/");
+            HttpsURLConnection urlc =
+                (HttpsURLConnection) foobar.openConnection();
 
-        HttpsURLConnection urlc =
-            (HttpsURLConnection) foobar.openConnection();
+            try {
+                urlc.getCipherSuite();
+            } catch (IllegalStateException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.getCipherSuite();
-        } catch (IllegalStateException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
-
-        try {
-            urlc.getServerCertificateChain();
-        } catch (IllegalStateException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.getServerCertificateChain();
+            } catch (IllegalStateException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setDefaultHostnameVerifier(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.setDefaultHostnameVerifier(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setHostnameVerifier(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.setHostnameVerifier(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setDefaultSSLSocketFactory(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.setDefaultSSLSocketFactory(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setSSLSocketFactory(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception");
-            System.out.println(e.getMessage());
+            try {
+                urlc.setSSLSocketFactory(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception");
+                System.out.println(e.getMessage());
+            }
+            System.out.println("TESTS PASSED");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
-        System.out.println("TESTS PASSED");
     }
 }

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java

@@ -26,6 +26,10 @@
  * @bug 4387882
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes.
+ * @run main/othervm ImplicitHandshake
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/JavaxURLNulls.java

 /*
- * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,63 +42,69 @@ public class JavaxURLNulls {
 
     public static void main(String[] args) throws Exception {
 
-        /**
-         * This test does not establish any connection to the specified
-         * URL, hence a dummy URL is used.
-         */
-        URL foobar = new URL("https://example.com/");
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            /**
+             * This test does not establish any connection to the specified
+             * URL, hence a dummy URL is used.
+             */
+            URL foobar = new URL("https://example.com/");
 
-        HttpsURLConnection urlc =
-            (HttpsURLConnection) foobar.openConnection();
+            HttpsURLConnection urlc =
+                (HttpsURLConnection) foobar.openConnection();
 
-        try {
-            urlc.getCipherSuite();
-        } catch (IllegalStateException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.getCipherSuite();
+            } catch (IllegalStateException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.getLocalCertificates();
-        } catch (IllegalStateException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.getLocalCertificates();
+            } catch (IllegalStateException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.getServerCertificates();
-        } catch (IllegalStateException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.getServerCertificates();
+            } catch (IllegalStateException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setDefaultHostnameVerifier(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.setDefaultHostnameVerifier(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setHostnameVerifier(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.setHostnameVerifier(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setDefaultSSLSocketFactory(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
-        }
+            try {
+                urlc.setDefaultSSLSocketFactory(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
 
-        try {
-            urlc.setSSLSocketFactory(null);
-        } catch (IllegalArgumentException e) {
-            System.out.print("Caught proper exception: ");
-            System.out.println(e.getMessage());
+            try {
+                urlc.setSSLSocketFactory(null);
+            } catch (IllegalArgumentException e) {
+                System.out.print("Caught proper exception: ");
+                System.out.println(e.getMessage());
+            }
+            System.out.println("TESTS PASSED");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
-        System.out.println("TESTS PASSED");
     }
 }

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/SSLSessionNulls.java

@@ -26,6 +26,10 @@
  * @bug 4387882
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes.
+ * @run main/othervm SSLSessionNulls
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/SSLSocketInherit.java

@@ -27,6 +27,10 @@
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes.  This test checks to see if the settings
  *      on the server sockets get propagated to the sockets.
+ * @run main/othervm SSLSocketInherit
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/NewAPIs/CheckMyTrustedKeystore.java

@@ -26,6 +26,10 @@
  * @bug 4329114
  * @summary Need better way of reflecting the reason when a chain is
  *      rejected as untrusted.
+ * @run main/othervm CheckMyTrustedKeystore
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @ignore JSSE supports algorithm constraints with CR 6916074,
  *     need to update this test case in JDK 7 soon
  * This is a serious hack job!

test/sun/security/ssl/javax/net/ssl/NewAPIs/HttpsURLConnectionLocalCertificateChain.java

@@ -30,6 +30,10 @@
  *      Fixed 4354003: Need API to get client certificate chain
  *      Fixed 4387961: HostnameVerifier needs to pass various hostnames
  *      Fixed 4395266: HttpsURLConnection should be made protected
+ * @run main/othervm HttpsURLConnectionLocalCertificateChain
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java

@@ -26,6 +26,10 @@
  * @bug 4280338
  * @summary "Unsupported SSL message version" SSLProtocolException
  *      w/SSL_RSA_WITH_NULL_MD5
+ * @run main/othervm JSSERenegotiate
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Ram Marti
  * @author Brad Wetmore

test/sun/security/ssl/javax/net/ssl/NewAPIs/KeyManagerTrustManager.java

 /*
- * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,10 @@
  * 4396290: Need a way to pass algorithm specific parameters to TM's and KM's
  * 4395286: The property for setting the default
  *      KeyManagerFactory/TrustManagerFactory algorithms needs real name
+ * @run main/othervm KeyManagerTrustManager
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -77,17 +81,40 @@ public class KeyManagerTrustManager implements X509KeyManager {
         String kmfAlg = null;
         String tmfAlg = null;
 
-        Security.setProperty("ssl.KeyManagerFactory.algorithm", "hello");
-        Security.setProperty("ssl.TrustManagerFactory.algorithm", "goodbye");
+        // reserve the security properties
+        String reservedKMFacAlg =
+            Security.getProperty("ssl.KeyManagerFactory.algorithm");
+        String reservedTMFacAlg =
+            Security.getProperty("ssl.TrustManagerFactory.algorithm");
 
-        kmfAlg = KeyManagerFactory.getDefaultAlgorithm();
-        tmfAlg = TrustManagerFactory.getDefaultAlgorithm();
+        try {
+            Security.setProperty("ssl.KeyManagerFactory.algorithm", "hello");
+            Security.setProperty("ssl.TrustManagerFactory.algorithm",
+                                                                "goodbye");
 
-        if (!kmfAlg.equals("hello")) {
-            throw new Exception("ssl.KeyManagerFactory.algorithm not set");
-        }
-        if (!tmfAlg.equals("goodbye")) {
-            throw new Exception("ssl.TrustManagerFactory.algorithm not set");
+            kmfAlg = KeyManagerFactory.getDefaultAlgorithm();
+            tmfAlg = TrustManagerFactory.getDefaultAlgorithm();
+
+            if (!kmfAlg.equals("hello")) {
+                throw new Exception("ssl.KeyManagerFactory.algorithm not set");
+            }
+            if (!tmfAlg.equals("goodbye")) {
+                throw new Exception(
+                        "ssl.TrustManagerFactory.algorithm not set");
+            }
+        } finally {
+            // restore the security properties
+            if (reservedKMFacAlg == null) {
+                reservedKMFacAlg = "";
+            }
+
+            if (reservedTMFacAlg == null) {
+                reservedTMFacAlg = "";
+            }
+            Security.setProperty("ssl.KeyManagerFactory.algorithm",
+                                                            reservedKMFacAlg);
+            Security.setProperty("ssl.TrustManagerFactory.algorithm",
+                                                            reservedTMFacAlg);
         }
     }
 }

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLCtxAccessToSessCtx.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4473210
  * @summary SSLSessionContext should be accessible from SSLContext
+ * @run main/othervm SSLCtxAccessToSessCtx
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/AcceptLargeFragments.java

@@ -26,6 +26,10 @@
  * @bug 6388456
  * @summary Need adjustable TLS max record size for interoperability
  *      with non-compliant stacks
+ * @run main/othervm AcceptLargeFragments
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * Check the system property "jsse.SSLEngine.acceptLargeFragments"
  *

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ExtendedKeySocket.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4981697
  * @summary Rework the X509KeyManager to avoid incompatibility issues
+ * @run main/othervm ExtendedKeySocket
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad R. Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargePacket.java

@@ -27,6 +27,10 @@
  * @bug 6388456
  * @summary Need adjustable TLS max record size for interoperability
  *      with non-compliant
+ * @run main/othervm LargePacket
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4495742
  * @summary Demonstrate SSLEngine switch from no client auth to client auth.
+ * @run main/othervm NoAuthClientAuth
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Brad R. Wetmore
  */

test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java

@@ -25,6 +25,10 @@
  * @test
  * @bug   4366807
  * @summary Need new APIs to get/set session timeout and session cache size.
+ * @run main/othervm SessionCacheSizeTests
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java

@@ -25,6 +25,10 @@
  * @test
  * @bug   4366807
  * @summary Need new APIs to get/set session timeout and session cache size.
+ * @run main/othervm SessionTimeOutTests
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -207,7 +211,7 @@ public class SessionTimeOutTests {
                 timeout = sessCtx.getSessionTimeout();
                 System.out.println("timeout is changed to: " + timeout);
                 System.out.println();
-            }
+           }
         }
 
         // check the ids returned by the enumerator

test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java

@@ -30,6 +30,10 @@
  *                  session
  *          4701722 protocol mismatch exceptions should be consistent between
  *                  SSLv3 and TLSv1
+ * @run main/othervm testEnabledProtocols
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Ram Marti
  */
 

test/sun/security/ssl/javax/net/ssl/SSLServerSocket/DefaultSSLServSocketFac.java

 /*
- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 6449579
  * @summary DefaultSSLServerSocketFactory does not override createServerSocket()
+ * @run main/othervm DefaultSSLServSocketFac
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 import java.security.Security;
 import javax.net.ServerSocketFactory;
@@ -33,6 +37,10 @@ import javax.net.ssl.SSLServerSocketFactory;
 
 public class DefaultSSLServSocketFac {
     public static void main(String[] args) throws Exception {
+        // reserve the security properties
+        String reservedSSFacProvider =
+            Security.getProperty("ssl.ServerSocketFactory.provider");
+
         try {
             Security.setProperty("ssl.ServerSocketFactory.provider", "oops");
             ServerSocketFactory ssocketFactory =
@@ -44,6 +52,13 @@ public class DefaultSSLServSocketFac {
                 throw e;
             }
             // get the expected exception
+        } finally {
+            // restore the security properties
+            if (reservedSSFacProvider == null) {
+                reservedSSFacProvider = "";
+            }
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                                                    reservedSSFacProvider);
         }
     }
 }

test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all EmptyCertificateAuthorities
+ * @run main/othervm EmptyCertificateAuthorities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/ExportableBlockCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all ExportableBlockCipher
+ * @run main/othervm ExportableBlockCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/ExportableStreamCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all ExportableStreamCipher
+ * @run main/othervm ExportableStreamCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/GenericBlockCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all GenericBlockCipher
+ * @run main/othervm GenericBlockCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all GenericStreamCipher
+ * @run main/othervm GenericStreamCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/sanity/pluggability/CheckSSLContextExport.java

@@ -64,8 +64,8 @@ public class CheckSSLContextExport extends Provider {
             default:
                 throw new Exception("Internal Test Error!");
             }
-            System.out.println("Testing with " + (standardCiphers ? "standard" : "custom") +
-                               " cipher suites");
+            System.out.println("Testing with " +
+                (standardCiphers ? "standard" : "custom") + " cipher suites");
             for (int j = 0; j < 4; j++) {
                 String clsName = null;
                 try {
@@ -107,11 +107,16 @@ public class CheckSSLContextExport extends Provider {
 
     public static void main(String[] argv) throws Exception {
         String protocols[] = { "SSL", "TLS" };
-        Security.insertProviderAt(new CheckSSLContextExport(protocols), 1);
-        for (int i = 0; i < protocols.length; i++) {
-            System.out.println("Testing " + protocols[i] + "'s SSLContext");
-            test(protocols[i]);
+        Provider extraProvider = new CheckSSLContextExport(protocols);
+        Security.insertProviderAt(extraProvider, 1);
+        try {
+            for (int i = 0; i < protocols.length; i++) {
+                System.out.println("Testing " + protocols[i] + "'s SSLContext");
+                test(protocols[i]);
+            }
+            System.out.println("Test Passed");
+        } finally {
+            Security.removeProvider(extraProvider.getName());
         }
-        System.out.println("Test Passed");
     }
 }

test/sun/security/ssl/sanity/pluggability/CheckSockFacExport1.java

 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4635454 6208022
  * @summary Check pluggability of SSLSocketFactory and
  * SSLServerSocketFactory classes.
+ * @run main/othervm CheckSockFacExport1
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.util.*;
@@ -37,36 +41,57 @@ import javax.net.ssl.*;
 public class CheckSockFacExport1 {
 
     public static void main(String argv[]) throws Exception {
-        Security.setProperty("ssl.SocketFactory.provider",
-                             "MySSLSocketFacImpl");
-        MySSLSocketFacImpl.useCustomCipherSuites();
-        Security.setProperty("ssl.ServerSocketFactory.provider",
-            "MySSLServerSocketFacImpl");
-        MySSLServerSocketFacImpl.useCustomCipherSuites();
+        // reserve the security properties
+        String reservedSFacAlg =
+            Security.getProperty("ssl.SocketFactory.provider");
+        String reservedSSFacAlg =
+            Security.getProperty("ssl.ServerSocketFactory.provider");
+
+        try {
+            Security.setProperty("ssl.SocketFactory.provider",
+                                 "MySSLSocketFacImpl");
+            MySSLSocketFacImpl.useCustomCipherSuites();
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                "MySSLServerSocketFacImpl");
+            MySSLServerSocketFacImpl.useCustomCipherSuites();
 
-        String[] supportedCS = null;
-        for (int i = 0; i < 2; i++) {
-            switch (i) {
-            case 0:
-                System.out.println("Testing SSLSocketFactory:");
-                SSLSocketFactory sf = (SSLSocketFactory)
-                    SSLSocketFactory.getDefault();
-                supportedCS = sf.getSupportedCipherSuites();
-                break;
-            case 1:
-                System.out.println("Testing SSLServerSocketFactory:");
-                SSLServerSocketFactory ssf = (SSLServerSocketFactory)
-                    SSLServerSocketFactory.getDefault();
-                supportedCS = ssf.getSupportedCipherSuites();
-                break;
-            default:
-                throw new Exception("Internal Test Error");
+            String[] supportedCS = null;
+            for (int i = 0; i < 2; i++) {
+                switch (i) {
+                case 0:
+                    System.out.println("Testing SSLSocketFactory:");
+                    SSLSocketFactory sf = (SSLSocketFactory)
+                        SSLSocketFactory.getDefault();
+                    supportedCS = sf.getSupportedCipherSuites();
+                    break;
+                case 1:
+                    System.out.println("Testing SSLServerSocketFactory:");
+                    SSLServerSocketFactory ssf = (SSLServerSocketFactory)
+                        SSLServerSocketFactory.getDefault();
+                    supportedCS = ssf.getSupportedCipherSuites();
+                    break;
+                default:
+                    throw new Exception("Internal Test Error");
+                }
+                System.out.println(Arrays.asList(supportedCS));
+                if (supportedCS.length == 0) {
+                    throw new Exception("supported ciphersuites are empty");
+                }
             }
-            System.out.println(Arrays.asList(supportedCS));
-            if (supportedCS.length == 0) {
-                throw new Exception("supported ciphersuites are empty");
+            System.out.println("Test Passed");
+        } finally {
+            // restore the security properties
+            if (reservedSFacAlg == null) {
+                reservedSFacAlg = "";
+            }
+
+            if (reservedSSFacAlg == null) {
+                reservedSSFacAlg = "";
             }
+            Security.setProperty("ssl.SocketFactory.provider",
+                                                            reservedSFacAlg);
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                                                            reservedSSFacAlg);
         }
-        System.out.println("Test Passed");
     }
 }

test/sun/security/ssl/sanity/pluggability/CheckSockFacExport2.java

 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,11 @@
  * @test
  * @bug 4635454
  * @summary Check pluggability of SSLSocketFactory and
- * SSLServerSocketFactory classes.
+ *     SSLServerSocketFactory classes.
+ * @run main/othervm CheckSockFacExport2
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 import java.security.*;
 import java.net.*;
@@ -34,38 +38,59 @@ import javax.net.ssl.*;
 public class CheckSockFacExport2 {
 
     public static void main(String argv[]) throws Exception {
-        Security.setProperty("ssl.SocketFactory.provider",
-            "MySSLSocketFacImpl");
-        MySSLSocketFacImpl.useStandardCipherSuites();
-        Security.setProperty("ssl.ServerSocketFactory.provider",
-            "MySSLServerSocketFacImpl");
-        MySSLServerSocketFacImpl.useStandardCipherSuites();
+        // reserve the security properties
+        String reservedSFacAlg =
+            Security.getProperty("ssl.SocketFactory.provider");
+        String reservedSSFacAlg =
+            Security.getProperty("ssl.ServerSocketFactory.provider");
+
+        try {
+            Security.setProperty("ssl.SocketFactory.provider",
+                "MySSLSocketFacImpl");
+            MySSLSocketFacImpl.useStandardCipherSuites();
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                "MySSLServerSocketFacImpl");
+            MySSLServerSocketFacImpl.useStandardCipherSuites();
 
-        boolean result = false;
-        for (int i = 0; i < 2; i++) {
-            switch (i) {
-            case 0:
-                System.out.println("Testing SSLSocketFactory:");
-                SSLSocketFactory sf = (SSLSocketFactory)
-                    SSLSocketFactory.getDefault();
-                result = (sf instanceof MySSLSocketFacImpl);
-                break;
+            boolean result = false;
+            for (int i = 0; i < 2; i++) {
+                switch (i) {
+                case 0:
+                    System.out.println("Testing SSLSocketFactory:");
+                    SSLSocketFactory sf = (SSLSocketFactory)
+                        SSLSocketFactory.getDefault();
+                    result = (sf instanceof MySSLSocketFacImpl);
+                    break;
 
-            case 1:
-                System.out.println("Testing SSLServerSocketFactory:");
-                SSLServerSocketFactory ssf = (SSLServerSocketFactory)
-                    SSLServerSocketFactory.getDefault();
-                result = (ssf instanceof MySSLServerSocketFacImpl);
-                break;
-            default:
-                throw new Exception("Internal Test Error");
+                case 1:
+                    System.out.println("Testing SSLServerSocketFactory:");
+                    SSLServerSocketFactory ssf = (SSLServerSocketFactory)
+                        SSLServerSocketFactory.getDefault();
+                    result = (ssf instanceof MySSLServerSocketFacImpl);
+                    break;
+                default:
+                    throw new Exception("Internal Test Error");
+                }
+                if (result) {
+                    System.out.println("...accepted valid SFs");
+                } else {
+                    throw new Exception("...wrong SF is used");
+                }
             }
-            if (result) {
-                System.out.println("...accepted valid SFs");
-            } else {
-                throw new Exception("...wrong SF is used");
+            System.out.println("Test Passed");
+        } finally {
+            // restore the security properties
+            if (reservedSFacAlg == null) {
+                reservedSFacAlg = "";
+            }
+
+            if (reservedSSFacAlg == null) {
+                reservedSSFacAlg = "";
             }
+            Security.setProperty("ssl.SocketFactory.provider",
+                                                            reservedSFacAlg);
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                                                            reservedSSFacAlg);
         }
-        System.out.println("Test Passed");
     }
 }

test/sun/security/ssl/sun/net/www/http/ChunkedOutputStream/Test.java

 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,9 @@
  * @bug 5026745
  * @library ../../httpstest/
  * @run main/othervm Test
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @summary Cannot flush output stream when writing to an HttpUrlConnection
  */
 
@@ -283,31 +286,37 @@ public class Test implements HttpCallback {
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + trustStoreFile;
 
-        System.setProperty("javax.net.ssl.keyStore", keyFilename);
-        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
-        System.setProperty("javax.net.ssl.trustStore", trustFilename);
-        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
-        HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
-
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
-            server = new HttpServer (new Test(), 1, 10, 0);
-            System.out.println ("Server started: listening on port: " + server.getLocalPort());
-            // the test server doesn't support keep-alive yet
-            // test1("http://localhost:"+server.getLocalPort()+"/d0");
-            test1("https://localhost:"+server.getLocalPort()+"/d01");
-            test3("https://localhost:"+server.getLocalPort()+"/d3");
-            test4("https://localhost:"+server.getLocalPort()+"/d4");
-            test5("https://localhost:"+server.getLocalPort()+"/d5");
-            test6("https://localhost:"+server.getLocalPort()+"/d6");
-            test7("https://localhost:"+server.getLocalPort()+"/d7");
-            test8("https://localhost:"+server.getLocalPort()+"/d8");
-        } catch (Exception e) {
-            if (server != null) {
-                server.terminate();
+            System.setProperty("javax.net.ssl.keyStore", keyFilename);
+            System.setProperty("javax.net.ssl.keyStorePassword", passwd);
+            System.setProperty("javax.net.ssl.trustStore", trustFilename);
+            System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+            HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
+
+            try {
+                server = new HttpServer (new Test(), 1, 10, 0);
+                System.out.println ("Server started: listening on port: " + server.getLocalPort());
+                // the test server doesn't support keep-alive yet
+                // test1("http://localhost:"+server.getLocalPort()+"/d0");
+                test1("https://localhost:"+server.getLocalPort()+"/d01");
+                test3("https://localhost:"+server.getLocalPort()+"/d3");
+                test4("https://localhost:"+server.getLocalPort()+"/d4");
+                test5("https://localhost:"+server.getLocalPort()+"/d5");
+                test6("https://localhost:"+server.getLocalPort()+"/d6");
+                test7("https://localhost:"+server.getLocalPort()+"/d7");
+                test8("https://localhost:"+server.getLocalPort()+"/d8");
+            } catch (Exception e) {
+                if (server != null) {
+                    server.terminate();
+                }
+                throw e;
             }
-            throw e;
+            server.terminate();
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
-        server.terminate();
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java

 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,9 +26,12 @@
  * @bug 6216082
  * @library ../../../httpstest/
  * @build HttpCallback HttpServer ClosedChannelList HttpTransaction TunnelProxy
- * @run main/othervm B6216082
  * @summary  Redirect problem with HttpsURLConnection using a proxy
-*/
+ * @run main/othervm B6216082
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ */
 
 import java.io.*;
 import java.net.*;
@@ -46,20 +49,27 @@ public class B6216082 {
     static InetAddress firstNonLoAddress = null;
 
     public static void main(String[] args) throws Exception {
-        // XXX workaround for CNFE
-        Class.forName("java.nio.channels.ClosedByInterruptException");
-        setupEnv();
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            // XXX workaround for CNFE
+            Class.forName("java.nio.channels.ClosedByInterruptException");
+            setupEnv();
 
-        startHttpServer();
+            startHttpServer();
 
-        // https.proxyPort can only be set after the TunnelProxy has been
-        // created as it will use an ephemeral port.
-        System.setProperty( "https.proxyPort", (new Integer(proxy.getLocalPort())).toString() );
+            // https.proxyPort can only be set after the TunnelProxy has been
+            // created as it will use an ephemeral port.
+            System.setProperty("https.proxyPort",
+                        (new Integer(proxy.getLocalPort())).toString() );
 
-        makeHttpCall();
+            makeHttpCall();
 
-        if (httpTrans.hasBadRequest) {
-            throw new RuntimeException("Test failed : bad http request");
+            if (httpTrans.hasBadRequest) {
+                throw new RuntimeException("Test failed : bad http request");
+            }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CloseKeepAliveCached.java

 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,10 @@
  * @bug 6618387
  * @summary SSL client sessions do not close cleanly. A TCP reset occurs
  *      instead of a close_notify alert.
- * @run main/othervm -Djavax.net.debug=ssl CloseKeepAliveCached
+ * @run main/othervm CloseKeepAliveCached
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @ignore
  *    After run the test manually, at the end of the debug output,
@@ -140,13 +143,15 @@ public class CloseKeepAliveCached {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
         /*
          * Wait for server to get started.
          */
         while (!serverReady) {
             Thread.sleep(50);
         }
+
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
             HttpsURLConnection http = null;
 
@@ -180,6 +185,8 @@ public class CloseKeepAliveCached {
             if (sslServerSocket != null)
                 sslServerSocket.close();
             throw ioex;
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHandlerTest.java

@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary Unit test for java.net.CookieHandler
  * @bug 4696506 4942650
+ * @summary Unit test for java.net.CookieHandler
+ * @run main/othervm CookieHandlerTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Yingxian Wang
  */
 
@@ -182,26 +186,34 @@ public class CookieHandlerTest {
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + trustStoreFile;
 
-        System.setProperty("javax.net.ssl.keyStore", keyFilename);
-        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
-        System.setProperty("javax.net.ssl.trustStore", trustFilename);
-        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
-
-        if (debug)
-            System.setProperty("javax.net.debug", "all");
-
-        /*
-         * Start the tests.
-         */
-        cookies = new HashMap<String, String>();
-        cookies.put("Cookie",
-              "$Version=\"1\"; Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\"");
-        cookies.put("Set-Cookie2",
-          "$Version=\"1\"; Part_Number=\"Riding_Rocket_0023\"; " +
-          "$Path=\"/acme/ammo\"; Part_Number=\"Rocket_Launcher_0001\"; "+
-          "$Path=\"/acme\"");
-        CookieHandler.setDefault(new MyCookieHandler());
-        new CookieHandlerTest();
+        CookieHandler reservedCookieHandler = CookieHandler.getDefault();
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            System.setProperty("javax.net.ssl.keyStore", keyFilename);
+            System.setProperty("javax.net.ssl.keyStorePassword", passwd);
+            System.setProperty("javax.net.ssl.trustStore", trustFilename);
+            System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+
+            if (debug)
+                System.setProperty("javax.net.debug", "all");
+
+            /*
+             * Start the tests.
+             */
+            cookies = new HashMap<String, String>();
+            cookies.put("Cookie",
+                "$Version=\"1\"; Customer=\"WILE_E_COYOTE\"; $Path=\"/acme\"");
+            cookies.put("Set-Cookie2",
+              "$Version=\"1\"; Part_Number=\"Riding_Rocket_0023\"; " +
+              "$Path=\"/acme/ammo\"; Part_Number=\"Rocket_Launcher_0001\"; "+
+              "$Path=\"/acme\"");
+            CookieHandler.setDefault(new MyCookieHandler());
+            new CookieHandlerTest();
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+            CookieHandler.setDefault(reservedCookieHandler);
+        }
     }
 
     Thread clientThread = null;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java

@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
+ * @run main/othervm DNSIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -691,34 +695,39 @@ public class DNSIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-        SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
-            clientModulus, clientPrivateExponent, passphrase);
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
+            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
+                clientModulus, clientPrivateExponent, passphrase);
 
-        SSLContext.setDefault(context);
+            SSLContext.setDefault(context);
 
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        HttpsURLConnection http = null;
+            HttpsURLConnection http = null;
 
-        /* establish http connection to server */
-        URL url = new URL("https://localhost:" + serverPort+"/");
-        System.out.println("url is "+url.toString());
+            /* establish http connection to server */
+            URL url = new URL("https://localhost:" + serverPort+"/");
+            System.out.println("url is "+url.toString());
 
-        try {
-            http = (HttpsURLConnection)url.openConnection();
+            try {
+                http = (HttpsURLConnection)url.openConnection();
 
-            int respCode = http.getResponseCode();
-            System.out.println("respCode = "+respCode);
-        } finally {
-            if (http != null) {
-                http.disconnect();
+                int respCode = http.getResponseCode();
+                System.out.println("respCode = "+respCode);
+            } finally {
+                if (http != null) {
+                    http.disconnect();
+                }
+                closeReady = true;
             }
-            closeReady = true;
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java

@@ -24,7 +24,12 @@
 /**
  * @test
  * @bug 6771432
- * @summary createSocket() - smpatch fails using 1.6.0_10 because of "Unconnected sockets not implemented"
+ * @summary createSocket() - smpatch fails using 1.6.0_10 because of
+ *     "Unconnected sockets not implemented"
+ * @run main/othervm HttpsCreateSockTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import javax.net.SocketFactory;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsPost.java

 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4423074
  * @summary Need to rebase all the duplicated classes from Merlin.
  *          This test will check out http POST
+ * @run main/othervm HttpsPost
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -140,34 +144,38 @@ public class HttpsPost {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
-
-        // Send HTTP POST request to server
-        URL url = new URL("https://localhost:"+serverPort);
+            // Send HTTP POST request to server
+            URL url = new URL("https://localhost:"+serverPort);
 
-        HttpsURLConnection.setDefaultHostnameVerifier(
-                                      new NameVerifier());
-        HttpsURLConnection http = (HttpsURLConnection)url.openConnection();
-        http.setDoOutput(true);
+            HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
+            HttpsURLConnection http = (HttpsURLConnection)url.openConnection();
+            http.setDoOutput(true);
 
-        http.setRequestMethod("POST");
-        PrintStream ps = new PrintStream(http.getOutputStream());
-        try {
-            ps.println(postMsg);
-            ps.flush();
-            if (http.getResponseCode() != 200) {
-                throw new RuntimeException("test Failed");
+            http.setRequestMethod("POST");
+            PrintStream ps = new PrintStream(http.getOutputStream());
+            try {
+                ps.println(postMsg);
+                ps.flush();
+                if (http.getResponseCode() != 200) {
+                    throw new RuntimeException("test Failed");
+                }
+            } finally {
+                ps.close();
+                http.disconnect();
+                closeReady = true;
             }
         } finally {
-            ps.close();
-            http.disconnect();
-            closeReady = true;
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java

@@ -25,6 +25,9 @@
  * @test
  * @bug 6670868
  * @summary StackOverFlow with bad authenticated Proxy tunnels
+ * @run main/othervm HttpsProxyStackOverflow
+ *
+ * No way to reserve default Authenticator, need to run in othervm mode.
  */
 
 import java.io.IOException;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java

@@ -26,6 +26,9 @@
  * @bug 6614957
  * @summary HttpsURLConnection not using the set SSLSocketFactory for creating all its Sockets
  * @run main/othervm HttpsSocketFacTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import javax.net.SocketFactory;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
+ * @run main/othervm IPAddressDNSIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -691,43 +695,48 @@ public class IPAddressDNSIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-        SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
-            clientModulus, clientPrivateExponent, passphrase);
-
-        SSLContext.setDefault(context);
-
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
+            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
+                clientModulus, clientPrivateExponent, passphrase);
 
-        HttpsURLConnection http = null;
+            SSLContext.setDefault(context);
 
-        /* establish http connection to server */
-        URL url = new URL("https://127.0.0.1:" + serverPort+"/");
-        System.out.println("url is "+url.toString());
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        try {
-            http = (HttpsURLConnection)url.openConnection();
-
-            int respCode = http.getResponseCode();
-            System.out.println("respCode = " + respCode);
-
-            throw new Exception("Unexpectly found subject alternative name " +
-                                "matching IP address");
-        } catch (SSLHandshakeException sslhe) {
-            // no subject alternative names matching IP address 127.0.0.1 found
-            // that's the expected exception, ignore it.
-        } catch (IOException ioe) {
-            // HttpsClient may throw IOE during checking URL spoofing,
-            // that's the expected exception, ignore it.
-        } finally {
-            if (http != null) {
-                http.disconnect();
+            HttpsURLConnection http = null;
+
+            /* establish http connection to server */
+            URL url = new URL("https://127.0.0.1:" + serverPort+"/");
+            System.out.println("url is "+url.toString());
+
+            try {
+                http = (HttpsURLConnection)url.openConnection();
+
+                int respCode = http.getResponseCode();
+                System.out.println("respCode = " + respCode);
+
+                throw new Exception("Unexpectly found " +
+                        "subject alternative name matching IP address");
+            } catch (SSLHandshakeException sslhe) {
+                // no subject alternative names matching IP address 127.0.0.1
+                // found that's the expected exception, ignore it.
+            } catch (IOException ioe) {
+                // HttpsClient may throw IOE during checking URL spoofing,
+                // that's the expected exception, ignore it.
+            } finally {
+                if (http != null) {
+                    http.disconnect();
+                }
+                closeReady = true;
             }
-            closeReady = true;
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,10 @@
 /* @test
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @run main/othervm IPAddressIPIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -692,34 +696,39 @@ public class IPAddressIPIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-        SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
-            clientModulus, clientPrivateExponent, passphrase);
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
+            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
+                clientModulus, clientPrivateExponent, passphrase);
 
-        SSLContext.setDefault(context);
+            SSLContext.setDefault(context);
 
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        HttpsURLConnection http = null;
+            HttpsURLConnection http = null;
 
-        /* establish http connection to server */
-        URL url = new URL("https://127.0.0.1:" + serverPort+"/");
-        System.out.println("url is "+url.toString());
+            /* establish http connection to server */
+            URL url = new URL("https://127.0.0.1:" + serverPort+"/");
+            System.out.println("url is "+url.toString());
 
-        try {
-            http = (HttpsURLConnection)url.openConnection();
+            try {
+                http = (HttpsURLConnection)url.openConnection();
 
-            int respCode = http.getResponseCode();
-            System.out.println("respCode = "+respCode);
-        } finally {
-            if (http != null) {
-                http.disconnect();
+                int respCode = http.getResponseCode();
+                System.out.println("respCode = "+respCode);
+            } finally {
+                if (http != null) {
+                    http.disconnect();
+                }
+                closeReady = true;
             }
-            closeReady = true;
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,10 @@
 /* @test
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @run main/othervm IPIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -692,34 +696,38 @@ public class IPIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-        SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
-            clientModulus, clientPrivateExponent, passphrase);
-
-        SSLContext.setDefault(context);
-
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
+            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
+                clientModulus, clientPrivateExponent, passphrase);
+            SSLContext.setDefault(context);
+
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        HttpsURLConnection http = null;
+            HttpsURLConnection http = null;
 
-        /* establish http connection to server */
-        URL url = new URL("https://localhost:" + serverPort+"/");
-        System.out.println("url is "+url.toString());
+            /* establish http connection to server */
+            URL url = new URL("https://localhost:" + serverPort+"/");
+            System.out.println("url is "+url.toString());
 
-        try {
-            http = (HttpsURLConnection)url.openConnection();
+            try {
+                http = (HttpsURLConnection)url.openConnection();
 
-            int respCode = http.getResponseCode();
-            System.out.println("respCode = "+respCode);
-        } finally {
-            if (http != null) {
-                http.disconnect();
+                int respCode = http.getResponseCode();
+                System.out.println("respCode = "+respCode);
+            } finally {
+                if (http != null) {
+                    http.disconnect();
+                }
+                closeReady = true;
             }
-            closeReady = true;
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
+ * @run main/othervm Identities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -691,34 +695,39 @@ public class Identities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-        SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
-            clientModulus, clientPrivateExponent, passphrase);
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
+            SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
+                clientModulus, clientPrivateExponent, passphrase);
 
-        SSLContext.setDefault(context);
+            SSLContext.setDefault(context);
 
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        HttpsURLConnection http = null;
+            HttpsURLConnection http = null;
 
-        /* establish http connection to server */
-        URL url = new URL("https://localhost:" + serverPort+"/");
-        System.out.println("url is "+url.toString());
+            /* establish http connection to server */
+            URL url = new URL("https://localhost:" + serverPort+"/");
+            System.out.println("url is "+url.toString());
 
-        try {
-            http = (HttpsURLConnection)url.openConnection();
+            try {
+                http = (HttpsURLConnection)url.openConnection();
 
-            int respCode = http.getResponseCode();
-            System.out.println("respCode = "+respCode);
-        } finally {
-            if (http != null) {
-                http.disconnect();
+                int respCode = http.getResponseCode();
+                System.out.println("respCode = "+respCode);
+            } finally {
+                if (http != null) {
+                    http.disconnect();
+                }
+                closeReady = true;
             }
-            closeReady = true;
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -147,44 +147,50 @@ public class PostThruProxy {
     static String postMsg = "Testing HTTP post on a https server";
 
     static void doClientSide(String hostname) throws Exception {
-        /*
-         * setup up a proxy
-         */
-        setupProxy();
-
-        /*
-         * we want to avoid URLspoofCheck failures in cases where the cert
-         * DN name does not match the hostname in the URL.
-         */
-        HttpsURLConnection.setDefaultHostnameVerifier(
-                                      new NameVerifier());
-        URL url = new URL("https://" + hostname+ ":" + serverPort);
-
-        HttpsURLConnection https = (HttpsURLConnection)url.openConnection();
-        https.setDoOutput(true);
-        https.setRequestMethod("POST");
-        PrintStream ps = null;
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
-           ps = new PrintStream(https.getOutputStream());
-           ps.println(postMsg);
-           ps.flush();
-           if (https.getResponseCode() != 200) {
-                throw new RuntimeException("test Failed");
-           }
-           ps.close();
-
-           // clear the pipe
-           BufferedReader in = new BufferedReader(
-                                new InputStreamReader(
-                                https.getInputStream()));
-           String inputLine;
-           while ((inputLine = in.readLine()) != null)
-                System.out.println("Client received: " + inputLine);
-           in.close();
-        } catch (SSLException e) {
-            if (ps != null)
-                ps.close();
-            throw e;
+            /*
+             * setup up a proxy
+             */
+            setupProxy();
+
+            /*
+             * we want to avoid URLspoofCheck failures in cases where the cert
+             * DN name does not match the hostname in the URL.
+             */
+            HttpsURLConnection.setDefaultHostnameVerifier(
+                                          new NameVerifier());
+            URL url = new URL("https://" + hostname+ ":" + serverPort);
+
+            HttpsURLConnection https = (HttpsURLConnection)url.openConnection();
+            https.setDoOutput(true);
+            https.setRequestMethod("POST");
+            PrintStream ps = null;
+            try {
+               ps = new PrintStream(https.getOutputStream());
+               ps.println(postMsg);
+               ps.flush();
+               if (https.getResponseCode() != 200) {
+                    throw new RuntimeException("test Failed");
+               }
+               ps.close();
+
+               // clear the pipe
+               BufferedReader in = new BufferedReader(
+                                    new InputStreamReader(
+                                    https.getInputStream()));
+               String inputLine;
+               while ((inputLine = in.readLine()) != null)
+                    System.out.println("Client received: " + inputLine);
+               in.close();
+            } catch (SSLException e) {
+                if (ps != null)
+                    ps.close();
+                throw e;
+            }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java

 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,13 @@
 /*
  * @test
  * @bug 4811482 4700777 4905410
- * @summary sun.net.client.defaultConnectTimeout should work with HttpsURLConnection; HTTP client: Connect and read timeouts; Https needs to support new tiger features that went into http
+ * @summary sun.net.client.defaultConnectTimeout should work with
+ *     HttpsURLConnection; HTTP client: Connect and read timeouts;
+ *     Https needs to support new tiger features that went into http
+ * @run main/othervm ReadTimeout
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -143,44 +149,48 @@ public class ReadTimeout {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
-        HttpsURLConnection http = null;
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
-            URL url = new URL("https://localhost:"+serverPort);
-
-            // set read timeout through system property
-            System.setProperty("sun.net.client.defaultReadTimeout", "2000");
-            HttpsURLConnection.setDefaultHostnameVerifier(
-                                      new NameVerifier());
-            http = (HttpsURLConnection)url.openConnection();
-
-            InputStream is = http.getInputStream ();
-        } catch (SocketTimeoutException stex) {
-            done();
-            http.disconnect();
-        }
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
+            HttpsURLConnection http = null;
+            try {
+                URL url = new URL("https://localhost:"+serverPort);
+
+                // set read timeout through system property
+                System.setProperty("sun.net.client.defaultReadTimeout", "2000");
+                HttpsURLConnection.setDefaultHostnameVerifier(
+                                          new NameVerifier());
+                http = (HttpsURLConnection)url.openConnection();
+
+                InputStream is = http.getInputStream ();
+            } catch (SocketTimeoutException stex) {
+                done();
+                http.disconnect();
+            }
 
-        try {
-            URL url = new URL("https://localhost:"+serverPort);
-
-            HttpsURLConnection.setDefaultHostnameVerifier(
-                                      new NameVerifier());
-            http = (HttpsURLConnection)url.openConnection();
-            // set read timeout through API
-            http.setReadTimeout(2000);
-
-            InputStream is = http.getInputStream ();
-        } catch (SocketTimeoutException stex) {
-            done();
-            http.disconnect();
-        }
+            try {
+                URL url = new URL("https://localhost:"+serverPort);
+
+                HttpsURLConnection.setDefaultHostnameVerifier(
+                                          new NameVerifier());
+                http = (HttpsURLConnection)url.openConnection();
+                // set read timeout through API
+                http.setReadTimeout(2000);
 
+                InputStream is = http.getInputStream ();
+            } catch (SocketTimeoutException stex) {
+                done();
+                http.disconnect();
+            }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Redirect.java

 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4423074
  * @summary Need to rebase all the duplicated classes from Merlin.
  *          This test will check out http POST
+ * @run main/othervm Redirect
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -139,28 +143,33 @@ public class Redirect {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
-
-        // Send HTTP POST request to server
-        URL url = new URL("https://localhost:"+serverPort);
+            // Send HTTP POST request to server
+            URL url = new URL("https://localhost:"+serverPort);
 
-        HttpsURLConnection.setDefaultHostnameVerifier(
-                                      new NameVerifier());
-        HttpsURLConnection http = (HttpsURLConnection)url.openConnection();
-        try {
-            System.out.println("response header: "+http.getHeaderField(0));
-            if (http.getResponseCode() != 200) {
-                throw new RuntimeException("test Failed");
+            HttpsURLConnection.setDefaultHostnameVerifier(
+                                          new NameVerifier());
+            HttpsURLConnection http = (HttpsURLConnection)url.openConnection();
+            try {
+                System.out.println("response header: "+http.getHeaderField(0));
+                if (http.getResponseCode() != 200) {
+                    throw new RuntimeException("test Failed");
+                }
+            } finally {
+                http.disconnect();
+                closeReady = true;
             }
         } finally {
-            http.disconnect();
-            closeReady = true;
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/RetryHttps.java

 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary Https can not retry request
  * @bug 4799427
+ * @summary Https can not retry request
+ * @run main/othervm RetryHttps
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Yingxian Wang
  */
 
@@ -129,36 +133,41 @@ public class RetryHttps {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
-        HttpsURLConnection http = null;
-        /* establish http connection to server */
-        URL url = new URL("https://localhost:" + serverPort+"/file1");
-        System.out.println("url is "+url.toString());
-        HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
-        http = (HttpsURLConnection)url.openConnection();
-        int respCode = http.getResponseCode();
-        int cl = http.getContentLength();
-        InputStream is = http.getInputStream ();
-        int count = 0;
-        while (is.read() != -1 && count++ < cl);
-        System.out.println("respCode1 = "+respCode);
-        Thread.sleep(2000);
-        url = new URL("https://localhost:" + serverPort+"/file2");
-        http = (HttpsURLConnection)url.openConnection();
-        respCode = http.getResponseCode();
-        System.out.println("respCode2 = "+respCode);
-
-        } catch (IOException ioex) {
-            if (sslServerSocket != null)
-                sslServerSocket.close();
-            throw ioex;
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
+            try {
+                HttpsURLConnection http = null;
+                /* establish http connection to server */
+                URL url = new URL("https://localhost:" + serverPort+"/file1");
+                System.out.println("url is "+url.toString());
+                HttpsURLConnection.setDefaultHostnameVerifier(
+                                                        new NameVerifier());
+                http = (HttpsURLConnection)url.openConnection();
+                int respCode = http.getResponseCode();
+                int cl = http.getContentLength();
+                InputStream is = http.getInputStream ();
+                int count = 0;
+                while (is.read() != -1 && count++ < cl);
+                System.out.println("respCode1 = "+respCode);
+                Thread.sleep(2000);
+                url = new URL("https://localhost:" + serverPort+"/file2");
+                http = (HttpsURLConnection)url.openConnection();
+                respCode = http.getResponseCode();
+                System.out.println("respCode2 = "+respCode);
+            } catch (IOException ioex) {
+                if (sslServerSocket != null)
+                    sslServerSocket.close();
+                throw ioex;
+            }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java

 /*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 4474255
  * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection
+ * @run main/othervm ComHTTPSConnection
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -198,44 +202,50 @@ public class ComHTTPSConnection {
             Thread.sleep(50);
         }
 
-        System.setProperty("java.protocol.handler.pkgs",
-            "com.sun.net.ssl.internal.www.protocol");
-        HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
-
-        URL url = new URL("https://" + "localhost:" + serverPort +
-                                "/etc/hosts");
-        URLConnection urlc = url.openConnection();
-
-        if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) {
-            throw new Exception(
-                "URLConnection ! instanceof " +
-                "com.sun.net.ssl.HttpsURLConnection");
-        }
-
-        BufferedReader in = null;
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
-            in = new BufferedReader(new InputStreamReader(
-                               urlc.getInputStream()));
-            String inputLine;
-            System.out.print("Client reading... ");
-            while ((inputLine = in.readLine()) != null)
-                System.out.println(inputLine);
-
-            System.out.println("Cipher Suite: " +
-                ((HttpsURLConnection)urlc).getCipherSuite());
-            X509Certificate[] certs =
-                ((HttpsURLConnection)urlc).getServerCertificateChain();
-            for (int i = 0; i < certs.length; i++) {
-                System.out.println(certs[0]);
+            System.setProperty("java.protocol.handler.pkgs",
+                "com.sun.net.ssl.internal.www.protocol");
+            HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
+
+            URL url = new URL("https://" + "localhost:" + serverPort +
+                                    "/etc/hosts");
+            URLConnection urlc = url.openConnection();
+
+            if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) {
+                throw new Exception(
+                    "URLConnection ! instanceof " +
+                    "com.sun.net.ssl.HttpsURLConnection");
             }
 
-            in.close();
-        } catch (SSLException e) {
-            if (in != null)
+            BufferedReader in = null;
+            try {
+                in = new BufferedReader(new InputStreamReader(
+                                   urlc.getInputStream()));
+                String inputLine;
+                System.out.print("Client reading... ");
+                while ((inputLine = in.readLine()) != null)
+                    System.out.println(inputLine);
+
+                System.out.println("Cipher Suite: " +
+                    ((HttpsURLConnection)urlc).getCipherSuite());
+                X509Certificate[] certs =
+                    ((HttpsURLConnection)urlc).getServerCertificateChain();
+                for (int i = 0; i < certs.length; i++) {
+                    System.out.println(certs[0]);
+                }
+
                 in.close();
-            throw e;
+            } catch (SSLException e) {
+                if (in != null)
+                    in.close();
+                throw e;
+            }
+            System.out.println("Client reports:  SUCCESS");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
-        System.out.println("Client reports:  SUCCESS");
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java

@@ -28,6 +28,10 @@
  * @bug 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
+ * @run main/othervm ComHostnameVerifier
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHTTPSConnection.java

 /*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 4474255
  * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection
+ * @run main/othervm JavaxHTTPSConnection
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -189,47 +193,53 @@ public class JavaxHTTPSConnection {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-        /*
-         * Wait for server to get started.
-         */
-        while (!serverReady) {
-            Thread.sleep(50);
-        }
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            /*
+             * Wait for server to get started.
+             */
+            while (!serverReady) {
+                Thread.sleep(50);
+            }
 
-        HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
-        URL url = new URL("https://" + "localhost:" + serverPort +
-                                "/etc/hosts");
-        URLConnection urlc = url.openConnection();
+            HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
+            URL url = new URL("https://" + "localhost:" + serverPort +
+                                    "/etc/hosts");
+            URLConnection urlc = url.openConnection();
 
-        if (!(urlc instanceof javax.net.ssl.HttpsURLConnection)) {
-            throw new Exception(
-                "URLConnection ! instanceof javax.net.ssl.HttpsURLConnection");
-        }
-
-        BufferedReader in = null;
-        try {
-            in = new BufferedReader(new InputStreamReader(
-                               urlc.getInputStream()));
-            String inputLine;
-            System.out.print("Client reading... ");
-            while ((inputLine = in.readLine()) != null)
-                System.out.println(inputLine);
-
-            System.out.println("Cipher Suite: " +
-                ((HttpsURLConnection)urlc).getCipherSuite());
-            Certificate[] certs =
-                ((HttpsURLConnection)urlc).getServerCertificates();
-            for (int i = 0; i < certs.length; i++) {
-                System.out.println(certs[0]);
+            if (!(urlc instanceof javax.net.ssl.HttpsURLConnection)) {
+                throw new Exception("URLConnection ! instanceof " +
+                                    "javax.net.ssl.HttpsURLConnection");
             }
 
-            in.close();
-        } catch (SSLException e) {
-            if (in != null)
+            BufferedReader in = null;
+            try {
+                in = new BufferedReader(new InputStreamReader(
+                                   urlc.getInputStream()));
+                String inputLine;
+                System.out.print("Client reading... ");
+                while ((inputLine = in.readLine()) != null)
+                    System.out.println(inputLine);
+
+                System.out.println("Cipher Suite: " +
+                    ((HttpsURLConnection)urlc).getCipherSuite());
+                Certificate[] certs =
+                    ((HttpsURLConnection)urlc).getServerCertificates();
+                for (int i = 0; i < certs.length; i++) {
+                    System.out.println(certs[0]);
+                }
+
                 in.close();
-            throw e;
+            } catch (SSLException e) {
+                if (in != null)
+                    in.close();
+                throw e;
+            }
+            System.out.println("Client reports:  SUCCESS");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
-        System.out.println("Client reports:  SUCCESS");
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java

@@ -28,6 +28,10 @@
  * @bug 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
+ * @run main/othervm JavaxHostnameVerifier
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/templates/SSLEngineTemplate.java

@@ -25,7 +25,10 @@
  * @test
  * @bug 1234567
  * @summary SSLEngine has not yet caused Solaris kernel to panic
+ * @run main/othervm SSLEngineTemplate
  *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 /**

test/sun/security/ssl/templates/SSLSocketTemplate.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 1234567
  * @summary Use this template to help speed your client/server tests.
+ * @run main/othervm SSLSocketTemplate
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/tools/keytool/StartDateTest.java

@@ -132,7 +132,9 @@ public class StartDateTest {
 
     static Date getIssueDate() throws Exception {
         KeyStore ks = KeyStore.getInstance("jks");
-        ks.load(new FileInputStream("jks"), "changeit".toCharArray());
+        try (FileInputStream fis = new FileInputStream("jks")) {
+            ks.load(fis, "changeit".toCharArray());
+        }
         X509Certificate cert = (X509Certificate)ks.getCertificate("me");
         return cert.getNotBefore();
     }

test/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java

@@ -24,9 +24,12 @@
 /*
  * @test
  * @bug 4162868
+ * @run main/othervm ExtensibleAlgorithmId
  * @summary Algorithm Name-to-OID mapping needs to be made extensible.
  */
 
+// Run in othervm, coz AlgorithmId.oidTable is only initialized once
+
 import java.security.*;
 import sun.security.x509.AlgorithmId;