7055363: jdk_security3 test target cleanup

Reviewed-by: alanb, xuelei

test/Makefile

@@ -544,7 +544,7 @@ JDK_ALL_TARGETS += jdk_security3
 jdk_security3: $(call TestDirs, com/sun/security lib/security \
                javax/security sun/security)
 	$(call SharedLibraryPermissions,sun/security)
-	$(call RunOthervmBatch)
+	$(call RunSamevmBatch)
 
 # All security tests
 jdk_security: jdk_security1 jdk_security2 jdk_security3

test/ProblemList.txt

@@ -450,73 +450,20 @@ java/rmi/server/UnicastRemoteObject/unexportObject/UnexportLeak.java generic-all
 
 # jdk_security
 
-# Filed 6986868
-sun/security/tools/jarsigner/crl.sh				generic-all
-
-# Filed 6951285, not sure how often this fails, last was Linux 64bit Fedora 9
-sun/security/krb5/auto/MaxRetries.java				generic-all
-
-# Filed 6950930, fails on windows 32bit c1 and windows 64bit
-sun/security/krb5/auto/IgnoreChannelBinding.java		windows-all
-
-# Filed 6950931, failing on all windows systems
-sun/security/tools/jarsigner/crl.sh				windows-all
-
-# Filed 6950929, only seemed to fail on solaris sparcv9 (-d64)
-#   Failed on Linux -server 32bit too, making generic
-sun/security/krb5/auto/BadKdc4.java				generic-all
-
 # Failing on Solaris i586, 3/9/2010, not a -samevm issue (jdk_security3)
 sun/security/pkcs11/Secmod/AddPrivateKey.java			solaris-i586
 sun/security/pkcs11/ec/ReadCertificates.java			solaris-i586
 sun/security/pkcs11/ec/ReadPKCS12.java				solaris-i586
 sun/security/pkcs11/ec/TestCurves.java				solaris-i586
 sun/security/pkcs11/ec/TestECDSA.java				solaris-i586
-sun/security/pkcs11/ec/TestECGenSpec.java			solaris-i586
-sun/security/pkcs11/ec/TestKeyFactory.java			solaris-i586
-
-# Failing on Solaris X64 (-d64 -server) with:
-#  GSSException: Failure unspecified at GSS-API level
-#    (Mechanism level: Specified version of key is not available (44))
-sun/security/krb5/auto/BasicKrb5Test.java			generic-all
-
-# Solaris X86 failures, readjar.jks: No such file or directory
-sun/security/tools/keytool/readjar.sh				generic-all
-
-# Fails with -ea -esa, but only on Solaris sparc? Suspect it is timing out
-sun/security/tools/keytool/standard.sh				generic-all
-
-# Fails on Solaris 10 X64, address already in use
-sun/security/krb5/auto/HttpNegotiateServer.java			generic-all
-
-# Fails on almost all platforms
-#   java.lang.UnsupportedClassVersionError: SerialTest :
-#      Unsupported major.minor version 51.0
-#    at java.lang.ClassLoader.defineClass1(Native Method)
-sun/security/util/Oid/S11N.sh					generic-all
-
-# Fails on Fedora 9 32bit
-#  GSSException: Failure unspecified at GSS-API level (Mechanism level:
-#    Invalid argument (400) - Cannot find key of appropriate type to decrypt
-#    AP REP - DES CBC mode with MD5)
-#  at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:778)
-sun/security/krb5/auto/NonMutualSpnego.java			generic-all
-
-# Fails on Solaris 10 sparc, GSSException: Failure unspecified at GSS-API level
-#   Also fails on Windows 2000 similar way
-sun/security/krb5/auto/ok-as-delegate.sh			generic-all
-
-# Fails on Windows 2000, GSSException: Failure unspecified at GSS-API level
-#    (Mechanism level: Request is a replay (34))
-sun/security/krb5/auto/ok-as-delegate-xrealm.sh			generic-all
+#sun/security/pkcs11/ec/TestECGenSpec.java			solaris-i586
+#sun/security/pkcs11/ec/TestKeyFactory.java			solaris-i586
+sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java		solaris-i586
 
-# Fails on Windows 2000, ExceptionInInitializerError
-sun/security/mscapi/AccessKeyStore.sh				generic-all
+# Directly references PKCS11 class
+sun/security/pkcs11/Provider/Absolute.java                      windows-x64
 
-# Fails on Solaris 10, KrbException: Additional pre-authentication required (25)
-sun/security/krb5/auto/basic.sh					generic-all
-
-# Fails on Fedora 9 64bit, PKCS11Exception: CKR_DEVICE_ERROR
+# Fails on Fedora 9/Ubuntu 10.04 64bit, PKCS11Exception: CKR_DEVICE_ERROR
 sun/security/pkcs11/KeyAgreement/TestDH.java			generic-all
 
 # Run too slow on Solaris 10 sparc
@@ -525,18 +472,10 @@ sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientTimeout.java s
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ServerTimeout.java solaris-sparc
 sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java solaris-sparc
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NotifyHandshakeTest.sh solaris-sparc
-sun/security/tools/keytool/AltProviderPath.sh 			solaris-sparc
 
 # Solaris 10 sparc, passed/failed confusion? java.security.ProviderException: update() failed
 sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java generic-all
 
-# Seem really slow on Solaris sparc, being excluded just for timing reasons
-sun/security/tools/jarsigner/AlgOptions.sh			solaris-sparc
-sun/security/tools/jarsigner/nameclash.sh			solaris-sparc
-sun/security/krb5/auto/basic.sh					solaris-sparc
-sun/security/provider/PolicyFile/getinstance/getinstance.sh	solaris-sparc
-sun/security/tools/jarsigner/samename.sh			solaris-sparc
-
 # Othervm, sparc, NoRouteToHostException: Cannot assign requested address
 sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all
 
@@ -544,49 +483,13 @@ sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java generic-all
 #    Solaris sparc and sparcv9 -server, timeout
 sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java	generic-all
 
-# Failed on solaris 10 sparc, othervm mode,  "js.jks: No such file or directory"
-#  Also, cannot verify signature on solaris i586 -server
-sun/security/tools/jarsigner/concise_jarsigner.sh		generic-all
-
 # Various failures on Linux Fedora 9 X64, othervm mode
-lib/security/cacerts/VerifyCACerts.java				generic-all
 sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/TestAllSuites.java generic-all
 sun/security/ssl/sanity/ciphersuites/CheckCipherSuites.java	generic-all
-sun/security/tools/jarsigner/oldsig.sh				generic-all
 
 # Various failures on Linux Fedora 9 X64, othervm mode
 sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java	generic-all
 
-# Solaris sparcv9: Failed to parse input emptysubject.jks: No such file or directory
-sun/security/tools/keytool/emptysubject.sh			generic-all
-
-# Fails on OpenSolaris, missing classes, slow on Solaris sparc
-sun/security/ec/TestEC.java					generic-all
-
-# Problems with windows x64
-sun/security/mscapi/IsSunMSCAPIAvailable.sh		 	windows-x64
-sun/security/mscapi/RSAEncryptDecrypt.sh		 	windows-x64
-
-# Exception in test solaris-sparc -client -server, no windows
-sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java	        solaris-all
-
-# Solaris sparc client, fails to compile?
-sun/security/pkcs11/KeyStore/SecretKeysBasic.sh 	 	solaris-all
-
-# Fails on OpenSolaris java.net.BindException: Address already in use
-sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java		generic-all
-
-# Timeout on solaris-sparcv9 or ArrayIndexOutOfBoundsException?
-sun/security/rsa/TestKeyPairGeneratorLength.java	 	solaris-all
-sun/security/rsa/TestSignatures.java			 	solaris-all
-
-# Do not seem to run on windows machines? dll missing?
-sun/security/tools/jarsigner/emptymanifest.sh		 	windows-all
-
-# Files does not exist or no encoding? solaris-sparcv9
-sun/security/tools/keytool/importreadall.sh		 	solaris-all
-sun/security/tools/keytool/selfissued.sh		 	solaris-all
-
 ############################################################################
 
 # jdk_swing (not using samevm)

test/com/sun/security/auth/login/ConfigFile/IllegalURL.java

@@ -43,8 +43,9 @@ public class IllegalURL {
     static void use(String f) throws Exception {
         System.out.println("Testing " + f  + "...");
         System.setProperty("java.security.auth.login.config", f);
-        try {
-            new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar));
+        try (FileInputStream fis =
+                new FileInputStream(new URL(f).getFile().replace('/', File.separatorChar))) {
+            // do nothing
         } catch (Exception e) {
             System.out.println("Even old implementation does not support it. Ignored.");
             return;

test/java/security/testlibrary/Providers.java

+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Provider;
+import java.security.Security;
+
+public class Providers {
+    public static void setAt(Provider p, int pos) throws Exception {
+        if (Security.getProvider(p.getName()) != null) {
+            Security.removeProvider(p.getName());
+        }
+        if (Security.insertProviderAt(p, pos) == -1) {
+            throw new Exception("cannot setAt");
+        }
+    }
+}

test/javax/security/auth/login/LoginContext/ResetConfigModule.java

@@ -25,7 +25,6 @@
  * @test
  * @bug 4633622
  * @summary  bug in LoginContext when Configuration is subclassed
- *
  * @build ResetConfigModule ResetModule
  * @run main ResetConfigModule
  */
@@ -40,6 +39,12 @@ public class ResetConfigModule {
 
     public static void main(String[] args) throws Exception {
 
+        Configuration previousConf = Configuration.getConfiguration();
+        ClassLoader previousCL = Thread.currentThread().getContextClassLoader();
+
+        try {
+            Thread.currentThread().setContextClassLoader(
+                    ResetConfigModule.class.getClassLoader());
             Configuration.setConfiguration(new MyConfig());
 
             LoginContext lc = new LoginContext("test");
@@ -67,6 +72,10 @@ public class ResetConfigModule {
                     throw le;
                 }
             }
+        } finally {
+            Configuration.setConfiguration(previousConf);
+            Thread.currentThread().setContextClassLoader(previousCL);
+        }
     }
 }
 

test/sun/security/ec/TestEC.java

@@ -28,11 +28,13 @@
  * @library ../pkcs11
  * @library ../pkcs11/ec
  * @library ../pkcs11/sslecc
+ * @library ../../../java/security/testlibrary
  * @compile -XDignore.symbol.file TestEC.java
  * @run main TestEC
  */
 
 import java.security.Provider;
+import java.security.Security;
 
 /*
  * Leverage the collection of EC tests used by PKCS11
@@ -51,6 +53,15 @@ import java.security.Provider;
 public class TestEC {
 
     public static void main(String[] args) throws Exception {
+        ProvidersSnapshot snapshot = ProvidersSnapshot.create();
+        try {
+            main0(args);
+        } finally {
+            snapshot.restore();
+        }
+    }
+
+    public static void main0(String[] args) throws Exception {
         Provider p = new sun.security.ec.SunEC();
         System.out.println("Running tests with " + p.getName() +
             " provider...\n");
@@ -67,6 +78,11 @@ public class TestEC {
         new TestECGenSpec().main(p);
         new ReadPKCS12().main(p);
         new ReadCertificates().main(p);
+
+        // ClientJSSEServerJSSE fails on Solaris 11 when both SunEC and
+        // SunPKCS11-Solaris providers are enabled.
+        // Workaround:
+        // Security.removeProvider("SunPKCS11-Solaris");
         new ClientJSSEServerJSSE().main(p);
 
         long stop = System.currentTimeMillis();

test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java

@@ -36,7 +36,7 @@ public class NoSpnegoAsDefMech {
     public static void main(String[] argv) throws Exception {
         System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString());
         try {
-            GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
+            GSSManager.getInstance().createName("service@localhost", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
         } catch (GSSException e) {
             // This is OK, for example, krb5.conf is missing or other problems
         }

test/sun/security/pkcs11/PKCS11Test.java

@@ -72,10 +72,33 @@ public abstract class PKCS11Test {
     }
 
     public static void main(PKCS11Test test) throws Exception {
+        Provider[] oldProviders = Security.getProviders();
+        try {
             System.out.println("Beginning test run " + test.getClass().getName() + "...");
             testDefault(test);
             testNSS(test);
             testDeimos(test);
+        } finally {
+            Provider[] newProviders = Security.getProviders();
+            // Do not restore providers if nothing changed. This is especailly
+            // useful for ./Provider/Login.sh, where a SecurityManager exists.
+            if (oldProviders.length == newProviders.length) {
+                boolean found = false;
+                for (int i = 0; i<oldProviders.length; i++) {
+                    if (oldProviders[i] != newProviders[i]) {
+                        found = true;
+                        break;
+                    }
+                }
+                if (!found) return;
+            }
+            for (Provider p: newProviders) {
+                Security.removeProvider(p.getName());
+            }
+            for (Provider p: oldProviders) {
+                Security.addProvider(p);
+            }
+        }
     }
 
     public static void testDeimos(PKCS11Test test) throws Exception {
@@ -153,21 +176,21 @@ public abstract class PKCS11Test {
         return libdir;
     }
 
-    static boolean loadNSPR(String libdir) throws Exception {
-        // load NSS softoken dependencies in advance to avoid resolver issues
+    protected static void safeReload(String lib) throws Exception {
         try {
-            System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "nspr4"));
+            System.load(lib);
         } catch (UnsatisfiedLinkError e) {
-            // GLIBC problem on older linux-amd64 machines
-            if (libdir.contains("linux-amd64")) {
-                System.out.println(e);
-                System.out.println("NSS does not work on this platform, skipping.");
-                return false;
+            if (e.getMessage().contains("already loaded")) {
+                return;
+            }
         }
-            throw e;
     }
-        System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "plc4"));
-        System.load(libdir + System.mapLibraryName(NSPR_PREFIX + "plds4"));
+
+    static boolean loadNSPR(String libdir) throws Exception {
+        // load NSS softoken dependencies in advance to avoid resolver issues
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "nspr4"));
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "plc4"));
+        safeReload(libdir + System.mapLibraryName(NSPR_PREFIX + "plds4"));
         return true;
     }
 

test/sun/security/pkcs11/Secmod/AddPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary Test that the PKCS#11 KeyStore handles RSA, DSA, and EC keys
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm AddPrivateKey
  */
 
 import java.io.*;

test/sun/security/pkcs11/Secmod/AddTrustedCert.java

@@ -27,6 +27,7 @@
  * @summary make sure we can add a trusted cert to the NSS KeyStore module
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm AddTrustedCert
  */
 
 import java.io.*;

test/sun/security/pkcs11/Secmod/Crypto.java

@@ -27,6 +27,7 @@
  * @summary verify that NSS no-db mode works correctly
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm Crypto
  */
 
 import java.util.*;

test/sun/security/pkcs11/Secmod/GetPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary make sure we can access the NSS softtoken KeyStore and use a private key
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm GetPrivateKey
  */
 
 import java.util.*;

test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java

@@ -27,6 +27,7 @@
  * @summary store a NSS PKCS11 PrivateKeyEntry to JKS KeyStore throws confusing NPE
  * @author Wang Weijun
  * @library ..
+ * @run main/othervm JksSetPrivateKey
  */
 
 import java.util.*;

test/sun/security/pkcs11/Secmod/TrustAnchors.java

@@ -27,6 +27,7 @@
  * @summary make sure we can access the NSS trust anchor module
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TrustAnchors
  */
 
 import java.util.*;

test/sun/security/pkcs11/SecmodTest.java

@@ -44,8 +44,8 @@ public class SecmodTest extends PKCS11Test {
         if (loadNSPR(LIBPATH) == false) {
             return false;
         }
-        System.load(LIBPATH + System.mapLibraryName("softokn3"));
-        System.load(LIBPATH + System.mapLibraryName("nssckbi"));
+        safeReload(LIBPATH + System.mapLibraryName("softokn3"));
+        safeReload(LIBPATH + System.mapLibraryName("nssckbi"));
 
         DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
         System.setProperty("pkcs11test.nss.db", DBDIR);

test/sun/security/pkcs11/ec/ReadCertificates.java

@@ -28,6 +28,7 @@
  *   and verify their signatures
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -62,7 +63,7 @@ public class ReadCertificates extends PKCS11Test {
             System.out.println("Provider does not support ECDSA, skipping...");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         random = new SecureRandom();
         factory = CertificateFactory.getInstance("X.509");

test/sun/security/pkcs11/ec/ReadPKCS12.java

@@ -27,6 +27,7 @@
  * @summary Verify that we can parse ECPrivateKeys from PKCS#12 and use them
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -52,7 +53,7 @@ public class ReadPKCS12 extends PKCS11Test {
             System.out.println("Provider does not support ECDSA, skipping...");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         CertificateFactory factory = CertificateFactory.getInstance("X.509");
         try {

test/sun/security/pkcs11/ec/TestECDH.java

@@ -27,6 +27,7 @@
  * @summary Basic known answer test for ECDH
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -59,7 +60,7 @@ public class TestECDH extends PKCS11Test {
             System.out.println("Provider does not support ECDH, skipping");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
 
         if (false) {
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);

test/sun/security/pkcs11/ec/TestECDSA.java

@@ -27,6 +27,7 @@
  * @summary basic test of SHA1withECDSA and NONEwithECDSA signing/verifying
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.io.*;
@@ -115,7 +116,7 @@ public class TestECDSA extends PKCS11Test {
             System.out.println("ECDSA not supported, skipping");
             return;
         }
-        Security.insertProviderAt(provider, 1);
+        Providers.setAt(provider, 1);
 
         if (false) {
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", provider);

test/sun/security/pkcs11/fips/CipherTest.java

@@ -394,7 +394,8 @@ public class CipherTest {
 
     public static void main(PeerFactory peerFactory, KeyStore keyStore,
             String[] args) throws Exception {
-
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
             long time = System.currentTimeMillis();
             String relPath;
             if ((args != null) && (args.length > 0) && args[0].equals("sh")) {
@@ -423,7 +424,8 @@ public class CipherTest {
 
 //          trustManager = new AlwaysTrustManager();
             SSLContext context = SSLContext.getInstance("TLS");
-        context.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null);
+            context.init(new KeyManager[] {keyManager},
+                    new TrustManager[] {trustManager}, null);
             SSLContext.setDefault(context);
 
             CipherTest cipherTest = new CipherTest(peerFactory);
@@ -435,6 +437,9 @@ public class CipherTest {
             cipherTest.run();
             time = System.currentTimeMillis() - time;
             System.out.println("Done. (" + time + " ms)");
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
+        }
     }
 
     static abstract class PeerFactory {

test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java

@@ -26,6 +26,7 @@
  * @bug 6313675 6323647
  * @summary Verify that all ciphersuites work in FIPS mode
  * @library ..
+ * @run main/othervm ClientJSSEServerJSSE
  * @ignore JSSE supported cipher suites are changed with CR 6916074,
  *     need to update this test case in JDK 7 soon
  * @author Andreas Sterbenz

test/sun/security/pkcs11/fips/TrustManagerTest.java

@@ -27,6 +27,7 @@
  * @summary Verify that the SunJSSE trustmanager works correctly in FIPS mode
  * @author Andreas Sterbenz
  * @library ..
+ * @run main/othervm TrustManagerTest
  */
 
 import java.io.*;

test/sun/security/pkcs11/rsa/TestCACerts.java

@@ -48,6 +48,7 @@ public class TestCACerts extends PKCS11Test {
     public void main(Provider p) throws Exception {
         long start = System.currentTimeMillis();
         Security.addProvider(p);
+        try {
             String PROVIDER = p.getName();
             String javaHome = System.getProperty("java.home");
             String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts";
@@ -74,6 +75,8 @@ public class TestCACerts extends PKCS11Test {
             }
             long stop = System.currentTimeMillis();
             System.out.println("All tests passed (" + (stop - start) + " ms).");
+        } finally {
+            Security.removeProvider(p.getName());
+        }
     }
-
 }

test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java

@@ -27,6 +27,7 @@
  * @summary Verify that all ciphersuites work (incl. ECC using NSS crypto)
  * @author Andreas Sterbenz
  * @library ..
+ * @library ../../../../java/security/testlibrary
  */
 
 import java.security.*;
@@ -45,7 +46,7 @@ public class ClientJSSEServerJSSE extends PKCS11Test {
             System.out.println("Provider does not support EC, skipping");
             return;
         }
-        Security.insertProviderAt(p, 1);
+        Providers.setAt(p, 1);
         CipherTest.main(new JSSEFactory(), cmdArgs);
         Security.removeProvider(p.getName());
     }

test/sun/security/pkcs12/PKCS12SameKeyId.java

@@ -86,7 +86,9 @@ public class PKCS12SameKeyId {
 
         // Reads from JKS keystore and pre-calculate
         KeyStore ks = KeyStore.getInstance("jks");
-        ks.load(new FileInputStream(JKSFILE), PASSWORD);
+        try (FileInputStream fis = new FileInputStream(JKSFILE)) {
+            ks.load(fis, PASSWORD);
+        }
         for (int i=0; i<SIZE; i++) {
             aliases[i] = "p" + i;
             byte[] enckey = cipher.doFinal(
@@ -103,11 +105,15 @@ public class PKCS12SameKeyId {
         for (int i=0; i<SIZE; i++) {
             p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
         }
-        p12.store(new FileOutputStream(P12FILE), PASSWORD);
+        try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
+            p12.store(fos, PASSWORD);
+        }
 
         // Check private keys still match certs
         p12 = KeyStore.getInstance("pkcs12");
-        p12.load(new FileInputStream(P12FILE), PASSWORD);
+        try (FileInputStream fis = new FileInputStream(P12FILE)) {
+            p12.load(fis, PASSWORD);
+        }
         for (int i=0; i<SIZE; i++) {
             String a = "p" + i;
             X509Certificate x = (X509Certificate)p12.getCertificate(a);

test/sun/security/provider/PolicyFile/Comparator.java

@@ -24,6 +24,7 @@
 /*
  * @test
  * @bug 5037004
+ * @run main/othervm Comparator
  * @summary Frivolous ClassCastExceptions thrown by SubjectCodeSource.implies
  *
  * Note:  if you want to see the java.security.debug output,

test/sun/security/ssl/com/sun/net/ssl/SSLSecurity/ProviderTest.java

@@ -40,8 +40,9 @@ public class ProviderTest {
         TrustManagerFactory tmf;
         KeyManagerFactory kmf;
 
-        Security.addProvider(new MyProvider());
-
+        Provider extraProvider = new MyProvider();
+        Security.addProvider(extraProvider);
+        try {
             System.out.println("getting a javax SSLContext");
             sslc = SSLContext.getInstance("javax");
             sslc.init(null, null, null);
@@ -62,6 +63,9 @@ public class ProviderTest {
             System.out.println("\ngetting a com KeyManagerFactory");
             kmf = KeyManagerFactory.getInstance("com");
             kmf.init((KeyStore) null, null);
+        } finally {
+            Security.removeProvider(extraProvider.getName());
+        }
     }
 }
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/ReadBlocksClose.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4814140
  * @summary AppInputStream: read can block a close
+ * @run main/othervm ReadBlocksClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/ReadHandshake.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4514971
  * @summary Verify applications do not read handshake data after failure
+ * @run main/othervm ReadHandshake
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/ReadZeroBytes.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6697270
  * @summary Inputstream dosent behave correct
+ * @run main/othervm ReadZeroBytes
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppInputStream/RemoveMarkReset.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4413664
  * @summary remove mark/reset functionality from AppInputStream
+ * @run main/othervm RemoveMarkReset
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/AppOutputStream/NoExceptionOnClose.java

@@ -25,6 +25,10 @@
  * @test 1.3 01/03/08
  * @bug 4378397
  * @summary  JSSE socket output stream doesn't throw after socket is closed
+ * @run main/othervm NoExceptionOnClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Jaya Hangal
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java

@@ -26,6 +26,10 @@
  * @bug 4330535
  * @summary  Client should follow suite order in
  *           SSLSocket.setEnabledCipherSuites()
+ * @run main/othervm CipherSuiteOrder
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Jaya Hangal
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/RSAExport.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6690018
  * @summary RSAClientKeyExchange NullPointerException
+ * @run main/othervm RSAExport
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 /*

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/GenSSLConfigs/main.java

 /*
  * @test
  * @build TestThread Traffic Handler ServerHandler ServerThread ClientThread
- * @run main/timeout=140 main
+ * @run main/othervm/timeout=140 main
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @summary Make sure that different configurations of SSL sockets work
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/HandshakeOutStream/NullCerts.java

@@ -24,7 +24,12 @@
 /*
  * @test
  * @bug 4453053
- * @summary If a server shuts down correctly during handshaking, the client doesn't see it.
+ * @summary If a server shuts down correctly during handshaking, the client
+ *     doesn't see it.
+ * @run main/othervm NullCerts
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/InputRecord/ClientHelloRead.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 4432868
  * @summary A client-hello message may not always be read correctly
+ * @run main/othervm ClientHelloRead
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -154,6 +158,9 @@ public class ClientHelloRead {
          * we want to avoid URLspoofCheck failures in cases where the cert
          * DN name does not match the hostname in the URL.
          */
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             HttpsURLConnection.setDefaultHostnameVerifier(
                                           new NameVerifier());
             URL url = new URL("https://" + "localhost:" + serverPort
@@ -172,6 +179,9 @@ public class ClientHelloRead {
                     in.close();
                 throw e;
             }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/InputRecord/SSLSocketTimeoutNulls.java

@@ -27,7 +27,10 @@
  * @summary Setting timeouts on SSLSockets immediately return null
  *      after timeout occurs.  This bug was fixed as part of 4393337,
  *      but this is another bug we want to check regressions against.
- * @run main/timeout=140 SSLSocketTimeoutNulls
+ * @run main/othervm/timeout=140 SSLSocketTimeoutNulls
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ProtocolVersion/HttpsProtocols.java

 /*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -147,12 +147,18 @@ public class HttpsProtocols implements HostnameVerifier {
             Thread.sleep(50);
         }
 
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             HttpsURLConnection.setDefaultHostnameVerifier(this);
 
             URL url = new URL("https://localhost:" + serverPort + "/");
             HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
 
             System.out.println("response is " + urlc.getResponseCode());
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     public boolean verify(String hostname, SSLSession session) {

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/BadKSProvider.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4919147
  * @summary Support for token-based KeyStores
+ * @run main/othervm BadKSProvider
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/BadTSProvider.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4919147
  * @summary Support for token-based KeyStores
+ * @run main/othervm BadTSProvider
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLContextImpl/GoodProvider.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4919147
  * @summary Support for token-based KeyStores
+ * @run main/othervm GoodProvider
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/RehandshakeFinished.java

@@ -26,6 +26,10 @@
  * @bug 6207322
  * @summary SSLEngine is returning a premature FINISHED message when doing
  * an abbreviated handshake.
+ * @run main/othervm RehandshakeFinished
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * This test may need some updating if the messages change order.
  * Currently I'm expecting that there is a simple renegotiation, with

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineDeadlock.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6492872
  * @summary Deadlock in SSLEngine
+ * @run main/othervm SSLEngineDeadlock
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Brad R. Wetmore
  */

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSessionImpl/HashCodeMissing.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4910892
  * @summary 4518403 was not properly fixed.   hashcode should be hashCode.
+ * @run main/othervm HashCodeMissing
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/AsyncSSLSocketClose.java

@@ -26,6 +26,10 @@
  * @bug 6447412
  * @summary Issue with socket.close() for ssl sockets when poweroff on
  *          other system
+ * @run main/othervm AsyncSSLSocketClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import javax.net.ssl.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientModeClientAuth.java

@@ -24,8 +24,11 @@
 /*
  * @test
  * @bug 4390659
- * @run main/othervm -Djavax.net.debug=all ClientModeClientAuth
  * @summary setNeedClientAuth() isn't working after a handshaker is established
+ * @run main/othervm ClientModeClientAuth
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ClientTimeout.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4836493
  * @summary Socket timeouts for SSLSockets causes data corruption.
+ * @run main/othervm ClientTimeout
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/CloseSocketException.java

@@ -26,6 +26,10 @@
  * @bug 4969799
  * @summary javax.net.ssl.SSLSocket.SSLSocket(InetAddress,int) shouldn't
  *              throw exception
+ * @run main/othervm CloseSocketException
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * This is making sure that starting a new handshake throws the right
  * exception.  There is a similar test for SSLEngine.

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4403428
  * @summary Invalidating JSSE session on server causes SSLProtocolException
+ * @run main/othervm InvalidateServerSessionRenegotiate
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NewSocketMethods.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4429176
  * @summary need to sync up SSL sockets with merlin java.net changes
+ * @run main/othervm NewSocketMethods
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NonAutoClose.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4404399
  * @summary When a layered SSL socket is closed, it should wait for close_notify
+ * @run main/othervm NonAutoClose
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ReuseAddr.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4482446
  * @summary java.net.SocketTimeoutException on 98, NT, 2000 for JSSE
+ * @run main/othervm ReuseAddr
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ReverseNameLookup.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4748292
  * @summary Prevent/Disable reverse name lookups with JSSE SSL sockets
+ * @run main/othervm ReverseNameLookup
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions.java

@@ -26,6 +26,10 @@
  * @bug 4361124 4325806
  * @summary SSLServerSocket isn't throwing exceptions when negotiations are
  *      failing & java.net.SocketException: occures in Auth and clientmode
+ * @run main/othervm SSLSocketImplThrowsWrongExceptions
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/ServerTimeout.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4836493
  * @summary Socket timeouts for SSLSockets causes data corruption.
+ * @run main/othervm ServerTimeout
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/SetClientMode.java

@@ -26,6 +26,10 @@
  * @bug 6223624
  * @summary SSLSocket.setUseClientMode() fails to throw expected
  *        IllegalArgumentException
+ * @run main/othervm SetClientMode
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 /*

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/UnconnectedSocketWrongExceptions.java

@@ -25,6 +25,11 @@
  * @test
  * @bug 4480441
  * @summary startHandshake giving wrong message when unconnected.
+ * @run main/othervm UnconnectedSocketWrongExceptions
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java

@@ -25,7 +25,10 @@
  * @test
  * @bug 4392475
  * @summary Calling setWantClientAuth(true) disables anonymous suites
- * @run main/timeout=180 AnonCipherWithWantClientAuth
+ * @run main/othervm/timeout=180 AnonCipherWithWantClientAuth
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java

@@ -22,10 +22,13 @@
  */
 
 /**
- *@test
- *@bug 4302026
- *@run main GetPeerHost
- *@summary make sure the server side doesn't do DNS lookup.
+ * @test
+ * @bug 4302026
+ * @run main/othervm GetPeerHost
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ * @summary make sure the server side doesn't do DNS lookup.
  */
 import javax.net.*;
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SocketCreation/SocketCreation.java

@@ -27,7 +27,10 @@
  * @summary This test tries all the different ways in which an SSL
  * connection can be established to exercise different SSLSocketImpl
  * constructors.
- * @run main/timeout=300 SocketCreation
+ * @run main/othervm/timeout=300 SocketCreation
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ClientServer.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4717766
  * @summary 1.0.3 JsseX509TrustManager erroneously calls isClientTrusted()
+ * @run main/othervm ClientServer
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @ignore JSSE supports algorithm constraints with CR 6916074,
  *     need to update this test case in JDK 7 soon
  * @author Brad Wetmore

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/PKIXExtendedTM.java

@@ -26,6 +26,10 @@
  * @test
  * @bug 6916074
  * @summary Add support for TLS 1.2
+ * @run main/othervm PKIXExtendedTM
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.net.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SelfIssuedCert.java

@@ -27,6 +27,9 @@
  * @summary support self-issued certificate
  * @run main/othervm SelfIssuedCert PKIX
  * @run main/othervm SelfIssuedCert SunX509
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/SunX509ExtendedTM.java

@@ -24,8 +24,11 @@
 /*
  * @test
  * @bug 6916074
- * @run main/othervm -Djavax.net.debug=all SunX509ExtendedTM
  * @summary Add support for TLS 1.2
+ * @run main/othervm SunX509ExtendedTM
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.net.*;

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/X509ExtendedTMEnabled.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 6916074
  * @summary Add support for TLS 1.2
+ * @run main/othervm X509ExtendedTMEnabled
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * Ensure that the SunJSSE provider enables the X509ExtendedTrustManager.
  */

test/sun/security/ssl/com/sun/net/ssl/internal/ssl/spi/ProviderInit.java

@@ -26,6 +26,10 @@
  * @bug 4522550
  * @summary SSLContext TrustMananagerFactory and KeyManagerFactory
  *              should throw if not init
+ * @run main/othervm ProviderInit
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Jaya Hangal
  */
 

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ProxyAuthTest.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4323990 4413069
  * @summary HttpsURLConnection doesn't send Proxy-Authorization on CONNECT
  *     Incorrect checking of proxy server response
+ * @run main/othervm ProxyAuthTest
+ *
+ *     No way to reserve and restore java.lang.Authenticator, need to run this
+ *     test in othervm mode.
  */
 
 import java.io.*;
@@ -77,8 +81,7 @@ public class ProxyAuthTest {
     /*
      * Main method to create the server and the client
      */
-    public static void main(String args[]) throws Exception
-    {
+    public static void main(String args[]) throws Exception {
         String keyFilename =
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + keyStoreFile;
@@ -110,8 +113,7 @@ public class ProxyAuthTest {
         try {
             doClientSide();
         } catch (Exception e) {
-            System.out.println("Client side failed: " +
-                                e.getMessage());
+            System.out.println("Client side failed: " + e.getMessage());
             throw e;
         }
     }

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsClient/ServerIdentityTest.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,11 @@
  * @bug 4328195
  * @summary Need to include the alternate subject DN for certs,
  *          https should check for this
+ * @run main/othervm ServerIdentityTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Yingxian Wang
  */
 
@@ -136,6 +141,9 @@ public class ServerIdentityTest {
     volatile Exception clientException = null;
 
     public static void main(String[] args) throws Exception {
+        SSLSocketFactory reservedSFactory =
+                HttpsURLConnection.getDefaultSSLSocketFactory();
+        try {
             for (int i = 0; i < keyStoreFiles.length; i++) {
                 String keyFilename =
                     System.getProperty("test.src", ".") + "/" + pathToStores +
@@ -170,6 +178,9 @@ public class ServerIdentityTest {
                 System.out.println("Testing " + keyFilename);
                 new ServerIdentityTest(context, keyStoreFiles[i]);
             }
+        } finally {
+            HttpsURLConnection.setDefaultSSLSocketFactory(reservedSFactory);
+        }
     }
 
     Thread clientThread = null;

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/CriticalSubjectAltName.java

@@ -26,6 +26,11 @@
  * @bug 6668231
  * @summary Presence of a critical subjectAltName causes JSSE's SunX509 to
  *          fail trusted checks
+ * @run main/othervm CriticalSubjectAltName
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Xuelei Fan
  *
  * This test depends on binary keystore, crisubn.jks and trusted.jks. Because

test/sun/security/ssl/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnection/GetResponseCode.java

@@ -25,6 +25,11 @@
  * @test
  * @bug 4482187
  * @summary HttpsClient tests are failing for build 71
+ * @run main/othervm GetResponseCode
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ *
  * @author Yingxian Wang
  */
 import java.io.*;

test/sun/security/ssl/javax/net/ssl/Fix5070632.java

 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 5070632
  * @summary Default SSLSockeFactory override createSocket() now
+ * @run main/othervm Fix5070632
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Weijun Wang
  */
 
@@ -35,8 +39,13 @@ import java.security.*;
 
 public class Fix5070632 {
     public static void main(String[] args) throws Exception {
+        // reserve the security properties
+        String reservedSFacProvider =
+            Security.getProperty("ssl.SocketFactory.provider");
+
         // use a non-existing provider so that the DefaultSSLSocketFactory
         // will be used, and then test against it.
+
         Security.setProperty("ssl.SocketFactory.provider", "foo.NonExistant");
         SSLSocketFactory fac = (SSLSocketFactory)SSLSocketFactory.getDefault();
         try {
@@ -46,8 +55,16 @@ public class Fix5070632 {
             System.out.println("Throw SocketException");
             se.printStackTrace();
             return;
+        } finally {
+            // restore the security properties
+            if (reservedSFacProvider == null) {
+                reservedSFacProvider = "";
             }
-        throw new Exception("should throw SocketException");
+            Security.setProperty("ssl.SocketFactory.provider",
+                                                reservedSFacProvider);
+        }
+
         // if not caught, or other exception caught, then it's error
+        throw new Exception("should throw SocketException");
     }
 }

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/ComURLNulls.java

 /*
- * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,10 @@
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes, and HttpsURLConnection.getCipherSuite throws
  *      NullPointerException
+ * @run main/othervm ComURLNulls
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -34,6 +38,7 @@ import java.net.*;
 import java.io.*;
 import javax.net.ssl.*;
 import com.sun.net.ssl.HttpsURLConnection;
+import com.sun.net.ssl.HostnameVerifier;
 
 /*
  * Tests that the com null argument changes made it in ok.
@@ -42,7 +47,9 @@ import com.sun.net.ssl.HttpsURLConnection;
 public class ComURLNulls {
 
     public static void main(String[] args) throws Exception {
-
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             System.setProperty("java.protocol.handler.pkgs",
                                     "com.sun.net.ssl.internal.www.protocol");
             /**
@@ -96,5 +103,8 @@ public class ComURLNulls {
                 System.out.println(e.getMessage());
             }
             System.out.println("TESTS PASSED");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 }

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/ImplicitHandshake.java

@@ -26,6 +26,10 @@
  * @bug 4387882
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes.
+ * @run main/othervm ImplicitHandshake
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/JavaxURLNulls.java

 /*
- * Copyright (c) 2001, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,9 @@ public class JavaxURLNulls {
 
     public static void main(String[] args) throws Exception {
 
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             /**
              * This test does not establish any connection to the specified
              * URL, hence a dummy URL is used.
@@ -100,5 +103,8 @@ public class JavaxURLNulls {
                 System.out.println(e.getMessage());
             }
             System.out.println("TESTS PASSED");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 }

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/SSLSessionNulls.java

@@ -26,6 +26,10 @@
  * @bug 4387882
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes.
+ * @run main/othervm SSLSessionNulls
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/FixingJavadocs/SSLSocketInherit.java

@@ -27,6 +27,10 @@
  * @summary Need to revisit the javadocs for JSSE, especially the
  *      promoted classes.  This test checks to see if the settings
  *      on the server sockets get propagated to the sockets.
+ * @run main/othervm SSLSocketInherit
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/NewAPIs/CheckMyTrustedKeystore.java

@@ -26,6 +26,10 @@
  * @bug 4329114
  * @summary Need better way of reflecting the reason when a chain is
  *      rejected as untrusted.
+ * @run main/othervm CheckMyTrustedKeystore
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @ignore JSSE supports algorithm constraints with CR 6916074,
  *     need to update this test case in JDK 7 soon
  * This is a serious hack job!

test/sun/security/ssl/javax/net/ssl/NewAPIs/HttpsURLConnectionLocalCertificateChain.java

@@ -30,6 +30,10 @@
  *      Fixed 4354003: Need API to get client certificate chain
  *      Fixed 4387961: HostnameVerifier needs to pass various hostnames
  *      Fixed 4395266: HttpsURLConnection should be made protected
+ * @run main/othervm HttpsURLConnectionLocalCertificateChain
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java

@@ -26,6 +26,10 @@
  * @bug 4280338
  * @summary "Unsupported SSL message version" SSLProtocolException
  *      w/SSL_RSA_WITH_NULL_MD5
+ * @run main/othervm JSSERenegotiate
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Ram Marti
  * @author Brad Wetmore

test/sun/security/ssl/javax/net/ssl/NewAPIs/KeyManagerTrustManager.java

 /*
- * Copyright (c) 2001, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -35,6 +35,10 @@
  * 4396290: Need a way to pass algorithm specific parameters to TM's and KM's
  * 4395286: The property for setting the default
  *      KeyManagerFactory/TrustManagerFactory algorithms needs real name
+ * @run main/othervm KeyManagerTrustManager
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -77,8 +81,16 @@ public class KeyManagerTrustManager implements X509KeyManager {
         String kmfAlg = null;
         String tmfAlg = null;
 
+        // reserve the security properties
+        String reservedKMFacAlg =
+            Security.getProperty("ssl.KeyManagerFactory.algorithm");
+        String reservedTMFacAlg =
+            Security.getProperty("ssl.TrustManagerFactory.algorithm");
+
+        try {
             Security.setProperty("ssl.KeyManagerFactory.algorithm", "hello");
-        Security.setProperty("ssl.TrustManagerFactory.algorithm", "goodbye");
+            Security.setProperty("ssl.TrustManagerFactory.algorithm",
+                                                                "goodbye");
 
             kmfAlg = KeyManagerFactory.getDefaultAlgorithm();
             tmfAlg = TrustManagerFactory.getDefaultAlgorithm();
@@ -87,7 +99,22 @@ public class KeyManagerTrustManager implements X509KeyManager {
                 throw new Exception("ssl.KeyManagerFactory.algorithm not set");
             }
             if (!tmfAlg.equals("goodbye")) {
-            throw new Exception("ssl.TrustManagerFactory.algorithm not set");
+                throw new Exception(
+                        "ssl.TrustManagerFactory.algorithm not set");
+            }
+        } finally {
+            // restore the security properties
+            if (reservedKMFacAlg == null) {
+                reservedKMFacAlg = "";
+            }
+
+            if (reservedTMFacAlg == null) {
+                reservedTMFacAlg = "";
+            }
+            Security.setProperty("ssl.KeyManagerFactory.algorithm",
+                                                            reservedKMFacAlg);
+            Security.setProperty("ssl.TrustManagerFactory.algorithm",
+                                                            reservedTMFacAlg);
         }
     }
 }

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLCtxAccessToSessCtx.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4473210
  * @summary SSLSessionContext should be accessible from SSLContext
+ * @run main/othervm SSLCtxAccessToSessCtx
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/AcceptLargeFragments.java

@@ -26,6 +26,10 @@
  * @bug 6388456
  * @summary Need adjustable TLS max record size for interoperability
  *      with non-compliant stacks
+ * @run main/othervm AcceptLargeFragments
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * Check the system property "jsse.SSLEngine.acceptLargeFragments"
  *

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ExtendedKeySocket.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4981697
  * @summary Rework the X509KeyManager to avoid incompatibility issues
+ * @run main/othervm ExtendedKeySocket
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad R. Wetmore
  */
 

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargePacket.java

@@ -27,6 +27,10 @@
  * @bug 6388456
  * @summary Need adjustable TLS max record size for interoperability
  *      with non-compliant
+ * @run main/othervm LargePacket
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 4495742
  * @summary Demonstrate SSLEngine switch from no client auth to client auth.
+ * @run main/othervm NoAuthClientAuth
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Brad R. Wetmore
  */

test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java

@@ -25,6 +25,10 @@
  * @test
  * @bug   4366807
  * @summary Need new APIs to get/set session timeout and session cache size.
+ * @run main/othervm SessionCacheSizeTests
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/javax/net/ssl/NewAPIs/SessionTimeOutTests.java

@@ -25,6 +25,10 @@
  * @test
  * @bug   4366807
  * @summary Need new APIs to get/set session timeout and session cache size.
+ * @run main/othervm SessionTimeOutTests
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/javax/net/ssl/NewAPIs/testEnabledProtocols.java

@@ -30,6 +30,10 @@
  *                  session
  *          4701722 protocol mismatch exceptions should be consistent between
  *                  SSLv3 and TLSv1
+ * @run main/othervm testEnabledProtocols
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Ram Marti
  */
 

test/sun/security/ssl/javax/net/ssl/SSLServerSocket/DefaultSSLServSocketFac.java

 /*
- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 6449579
  * @summary DefaultSSLServerSocketFactory does not override createServerSocket()
+ * @run main/othervm DefaultSSLServSocketFac
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 import java.security.Security;
 import javax.net.ServerSocketFactory;
@@ -33,6 +37,10 @@ import javax.net.ssl.SSLServerSocketFactory;
 
 public class DefaultSSLServSocketFac {
     public static void main(String[] args) throws Exception {
+        // reserve the security properties
+        String reservedSSFacProvider =
+            Security.getProperty("ssl.ServerSocketFactory.provider");
+
         try {
             Security.setProperty("ssl.ServerSocketFactory.provider", "oops");
             ServerSocketFactory ssocketFactory =
@@ -44,6 +52,13 @@ public class DefaultSSLServSocketFac {
                 throw e;
             }
             // get the expected exception
+        } finally {
+            // restore the security properties
+            if (reservedSSFacProvider == null) {
+                reservedSSFacProvider = "";
+            }
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                                                    reservedSSFacProvider);
         }
     }
 }

test/sun/security/ssl/javax/net/ssl/TLSv11/EmptyCertificateAuthorities.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all EmptyCertificateAuthorities
+ * @run main/othervm EmptyCertificateAuthorities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/ExportableBlockCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all ExportableBlockCipher
+ * @run main/othervm ExportableBlockCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/ExportableStreamCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all ExportableStreamCipher
+ * @run main/othervm ExportableStreamCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/GenericBlockCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all GenericBlockCipher
+ * @run main/othervm GenericBlockCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java

@@ -27,7 +27,10 @@
  * @test
  * @bug 4873188
  * @summary Support TLS 1.1
- * @run main/othervm -Djavax.net.debug=all GenericStreamCipher
+ * @run main/othervm GenericStreamCipher
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @author Xuelei Fan
  */

test/sun/security/ssl/sanity/pluggability/CheckSSLContextExport.java

@@ -64,8 +64,8 @@ public class CheckSSLContextExport extends Provider {
             default:
                 throw new Exception("Internal Test Error!");
             }
-            System.out.println("Testing with " + (standardCiphers ? "standard" : "custom") +
-                               " cipher suites");
+            System.out.println("Testing with " +
+                (standardCiphers ? "standard" : "custom") + " cipher suites");
             for (int j = 0; j < 4; j++) {
                 String clsName = null;
                 try {
@@ -107,11 +107,16 @@ public class CheckSSLContextExport extends Provider {
 
     public static void main(String[] argv) throws Exception {
         String protocols[] = { "SSL", "TLS" };
-        Security.insertProviderAt(new CheckSSLContextExport(protocols), 1);
+        Provider extraProvider = new CheckSSLContextExport(protocols);
+        Security.insertProviderAt(extraProvider, 1);
+        try {
             for (int i = 0; i < protocols.length; i++) {
                 System.out.println("Testing " + protocols[i] + "'s SSLContext");
                 test(protocols[i]);
             }
             System.out.println("Test Passed");
+        } finally {
+            Security.removeProvider(extraProvider.getName());
+        }
     }
 }

test/sun/security/ssl/sanity/pluggability/CheckSockFacExport1.java

 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4635454 6208022
  * @summary Check pluggability of SSLSocketFactory and
  * SSLServerSocketFactory classes.
+ * @run main/othervm CheckSockFacExport1
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.util.*;
@@ -37,6 +41,13 @@ import javax.net.ssl.*;
 public class CheckSockFacExport1 {
 
     public static void main(String argv[]) throws Exception {
+        // reserve the security properties
+        String reservedSFacAlg =
+            Security.getProperty("ssl.SocketFactory.provider");
+        String reservedSSFacAlg =
+            Security.getProperty("ssl.ServerSocketFactory.provider");
+
+        try {
             Security.setProperty("ssl.SocketFactory.provider",
                                  "MySSLSocketFacImpl");
             MySSLSocketFacImpl.useCustomCipherSuites();
@@ -68,5 +79,19 @@ public class CheckSockFacExport1 {
                 }
             }
             System.out.println("Test Passed");
+        } finally {
+            // restore the security properties
+            if (reservedSFacAlg == null) {
+                reservedSFacAlg = "";
+            }
+
+            if (reservedSSFacAlg == null) {
+                reservedSSFacAlg = "";
+            }
+            Security.setProperty("ssl.SocketFactory.provider",
+                                                            reservedSFacAlg);
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                                                            reservedSSFacAlg);
+        }
     }
 }

test/sun/security/ssl/sanity/pluggability/CheckSockFacExport2.java

 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4635454
  * @summary Check pluggability of SSLSocketFactory and
  *     SSLServerSocketFactory classes.
+ * @run main/othervm CheckSockFacExport2
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 import java.security.*;
 import java.net.*;
@@ -34,6 +38,13 @@ import javax.net.ssl.*;
 public class CheckSockFacExport2 {
 
     public static void main(String argv[]) throws Exception {
+        // reserve the security properties
+        String reservedSFacAlg =
+            Security.getProperty("ssl.SocketFactory.provider");
+        String reservedSSFacAlg =
+            Security.getProperty("ssl.ServerSocketFactory.provider");
+
+        try {
             Security.setProperty("ssl.SocketFactory.provider",
                 "MySSLSocketFacImpl");
             MySSLSocketFacImpl.useStandardCipherSuites();
@@ -67,5 +78,19 @@ public class CheckSockFacExport2 {
                 }
             }
             System.out.println("Test Passed");
+        } finally {
+            // restore the security properties
+            if (reservedSFacAlg == null) {
+                reservedSFacAlg = "";
+            }
+
+            if (reservedSSFacAlg == null) {
+                reservedSSFacAlg = "";
+            }
+            Security.setProperty("ssl.SocketFactory.provider",
+                                                            reservedSFacAlg);
+            Security.setProperty("ssl.ServerSocketFactory.provider",
+                                                            reservedSSFacAlg);
+        }
     }
 }

test/sun/security/ssl/sun/net/www/http/ChunkedOutputStream/Test.java

 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,9 @@
  * @bug 5026745
  * @library ../../httpstest/
  * @run main/othervm Test
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @summary Cannot flush output stream when writing to an HttpUrlConnection
  */
 
@@ -283,6 +286,9 @@ public class Test implements HttpCallback {
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + trustStoreFile;
 
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             System.setProperty("javax.net.ssl.keyStore", keyFilename);
             System.setProperty("javax.net.ssl.keyStorePassword", passwd);
             System.setProperty("javax.net.ssl.trustStore", trustFilename);
@@ -308,6 +314,9 @@ public class Test implements HttpCallback {
                 throw e;
             }
             server.terminate();
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java

 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,9 +26,12 @@
  * @bug 6216082
  * @library ../../../httpstest/
  * @build HttpCallback HttpServer ClosedChannelList HttpTransaction TunnelProxy
- * @run main/othervm B6216082
  * @summary  Redirect problem with HttpsURLConnection using a proxy
-*/
+ * @run main/othervm B6216082
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
+ */
 
 import java.io.*;
 import java.net.*;
@@ -46,6 +49,9 @@ public class B6216082 {
     static InetAddress firstNonLoAddress = null;
 
     public static void main(String[] args) throws Exception {
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             // XXX workaround for CNFE
             Class.forName("java.nio.channels.ClosedByInterruptException");
             setupEnv();
@@ -54,13 +60,17 @@ public class B6216082 {
 
             // https.proxyPort can only be set after the TunnelProxy has been
             // created as it will use an ephemeral port.
-        System.setProperty( "https.proxyPort", (new Integer(proxy.getLocalPort())).toString() );
+            System.setProperty("https.proxyPort",
+                        (new Integer(proxy.getLocalPort())).toString() );
 
             makeHttpCall();
 
             if (httpTrans.hasBadRequest) {
                 throw new RuntimeException("Test failed : bad http request");
             }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     /*

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CloseKeepAliveCached.java

 /*
- * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,10 @@
  * @bug 6618387
  * @summary SSL client sessions do not close cleanly. A TCP reset occurs
  *      instead of a close_notify alert.
- * @run main/othervm -Djavax.net.debug=ssl CloseKeepAliveCached
+ * @run main/othervm CloseKeepAliveCached
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  *
  * @ignore
  *    After run the test manually, at the end of the debug output,
@@ -140,13 +143,15 @@ public class CloseKeepAliveCached {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
         /*
          * Wait for server to get started.
          */
         while (!serverReady) {
             Thread.sleep(50);
         }
+
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
         try {
             HttpsURLConnection http = null;
 
@@ -180,6 +185,8 @@ public class CloseKeepAliveCached {
             if (sslServerSocket != null)
                 sslServerSocket.close();
             throw ioex;
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
         }
     }
 

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHandlerTest.java

@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary Unit test for java.net.CookieHandler
  * @bug 4696506 4942650
+ * @summary Unit test for java.net.CookieHandler
+ * @run main/othervm CookieHandlerTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Yingxian Wang
  */
 
@@ -182,6 +186,10 @@ public class CookieHandlerTest {
             System.getProperty("test.src", "./") + "/" + pathToStores +
                 "/" + trustStoreFile;
 
+        CookieHandler reservedCookieHandler = CookieHandler.getDefault();
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             System.setProperty("javax.net.ssl.keyStore", keyFilename);
             System.setProperty("javax.net.ssl.keyStorePassword", passwd);
             System.setProperty("javax.net.ssl.trustStore", trustFilename);
@@ -202,6 +210,10 @@ public class CookieHandlerTest {
               "$Path=\"/acme\"");
             CookieHandler.setDefault(new MyCookieHandler());
             new CookieHandlerTest();
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+            CookieHandler.setDefault(reservedCookieHandler);
+        }
     }
 
     Thread clientThread = null;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java

@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
+ * @run main/othervm DNSIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -691,6 +695,8 @@ public class DNSIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
             SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
                 clientModulus, clientPrivateExponent, passphrase);
 
@@ -720,6 +726,9 @@ public class DNSIdentities {
                 }
                 closeReady = true;
             }
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
+        }
     }
 
     /*

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsCreateSockTest.java

@@ -24,7 +24,12 @@
 /**
  * @test
  * @bug 6771432
- * @summary createSocket() - smpatch fails using 1.6.0_10 because of "Unconnected sockets not implemented"
+ * @summary createSocket() - smpatch fails using 1.6.0_10 because of
+ *     "Unconnected sockets not implemented"
+ * @run main/othervm HttpsCreateSockTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import javax.net.SocketFactory;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsPost.java

 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4423074
  * @summary Need to rebase all the duplicated classes from Merlin.
  *          This test will check out http POST
+ * @run main/othervm HttpsPost
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -140,7 +144,9 @@ public class HttpsPost {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             /*
              * Wait for server to get started.
              */
@@ -151,8 +157,7 @@ public class HttpsPost {
             // Send HTTP POST request to server
             URL url = new URL("https://localhost:"+serverPort);
 
-        HttpsURLConnection.setDefaultHostnameVerifier(
-                                      new NameVerifier());
+            HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
             HttpsURLConnection http = (HttpsURLConnection)url.openConnection();
             http.setDoOutput(true);
 
@@ -169,6 +174,9 @@ public class HttpsPost {
                 http.disconnect();
                 closeReady = true;
             }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsProxyStackOverflow.java

@@ -25,6 +25,9 @@
  * @test
  * @bug 6670868
  * @summary StackOverFlow with bad authenticated Proxy tunnels
+ * @run main/othervm HttpsProxyStackOverflow
+ *
+ * No way to reserve default Authenticator, need to run in othervm mode.
  */
 
 import java.io.IOException;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/HttpsSocketFacTest.java

@@ -26,6 +26,9 @@
  * @bug 6614957
  * @summary HttpsURLConnection not using the set SSLSocketFactory for creating all its Sockets
  * @run main/othervm HttpsSocketFacTest
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import javax.net.SocketFactory;

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressDNSIdentities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
+ * @run main/othervm IPAddressDNSIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -691,6 +695,8 @@ public class IPAddressDNSIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
             SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
                 clientModulus, clientPrivateExponent, passphrase);
 
@@ -715,11 +721,11 @@ public class IPAddressDNSIdentities {
                 int respCode = http.getResponseCode();
                 System.out.println("respCode = " + respCode);
 
-            throw new Exception("Unexpectly found subject alternative name " +
-                                "matching IP address");
+                throw new Exception("Unexpectly found " +
+                        "subject alternative name matching IP address");
             } catch (SSLHandshakeException sslhe) {
-            // no subject alternative names matching IP address 127.0.0.1 found
-            // that's the expected exception, ignore it.
+                // no subject alternative names matching IP address 127.0.0.1
+                // found that's the expected exception, ignore it.
             } catch (IOException ioe) {
                 // HttpsClient may throw IOE during checking URL spoofing,
                 // that's the expected exception, ignore it.
@@ -729,6 +735,9 @@ public class IPAddressDNSIdentities {
                 }
                 closeReady = true;
             }
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
+        }
     }
 
     /*

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,10 @@
 /* @test
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @run main/othervm IPAddressIPIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -692,6 +696,8 @@ public class IPAddressIPIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
             SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
                 clientModulus, clientPrivateExponent, passphrase);
 
@@ -721,6 +727,9 @@ public class IPAddressIPIdentities {
                 }
                 closeReady = true;
             }
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
+        }
     }
 
     /*

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,10 @@
 /* @test
  * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @run main/othervm IPIdentities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -692,9 +696,10 @@ public class IPIdentities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
             SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
                 clientModulus, clientPrivateExponent, passphrase);
-
             SSLContext.setDefault(context);
 
             /*
@@ -721,6 +726,9 @@ public class IPIdentities {
                 }
                 closeReady = true;
             }
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
+        }
     }
 
     /*

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Identities.java

 /*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
  * @bug 6766775
+ * @summary X509 certificate hostname checking is broken in JDK1.6.0_10
+ * @run main/othervm Identities
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Xuelei Fan
  */
 
@@ -691,6 +695,8 @@ public class Identities {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        SSLContext reservedSSLContext = SSLContext.getDefault();
+        try {
             SSLContext context = getSSLContext(trusedCertStr, clientCertStr,
                 clientModulus, clientPrivateExponent, passphrase);
 
@@ -720,6 +726,9 @@ public class Identities {
                 }
                 closeReady = true;
             }
+        } finally {
+            SSLContext.setDefault(reservedSSLContext);
+        }
     }
 
     /*

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.java

 /*
- * Copyright (c) 2001, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -147,6 +147,9 @@ public class PostThruProxy {
     static String postMsg = "Testing HTTP post on a https server";
 
     static void doClientSide(String hostname) throws Exception {
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             /*
              * setup up a proxy
              */
@@ -186,6 +189,9 @@ public class PostThruProxy {
                     ps.close();
                 throw e;
             }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/ReadTimeout.java

 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,13 @@
 /*
  * @test
  * @bug 4811482 4700777 4905410
- * @summary sun.net.client.defaultConnectTimeout should work with HttpsURLConnection; HTTP client: Connect and read timeouts; Https needs to support new tiger features that went into http
+ * @summary sun.net.client.defaultConnectTimeout should work with
+ *     HttpsURLConnection; HTTP client: Connect and read timeouts;
+ *     Https needs to support new tiger features that went into http
+ * @run main/othervm ReadTimeout
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -143,7 +149,9 @@ public class ReadTimeout {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             /*
              * Wait for server to get started.
              */
@@ -180,7 +188,9 @@ public class ReadTimeout {
                 done();
                 http.disconnect();
             }
-
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/Redirect.java

 /*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,10 @@
  * @bug 4423074
  * @summary Need to rebase all the duplicated classes from Merlin.
  *          This test will check out http POST
+ * @run main/othervm Redirect
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;
@@ -139,7 +143,9 @@ public class Redirect {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             /*
              * Wait for server to get started.
              */
@@ -162,6 +168,9 @@ public class Redirect {
                 http.disconnect();
                 closeReady = true;
             }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/RetryHttps.java

 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,8 +22,12 @@
  */
 
 /* @test
- * @summary Https can not retry request
  * @bug 4799427
+ * @summary Https can not retry request
+ * @run main/othervm RetryHttps
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Yingxian Wang
  */
 
@@ -129,7 +133,9 @@ public class RetryHttps {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
-
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             /*
              * Wait for server to get started.
              */
@@ -141,7 +147,8 @@ public class RetryHttps {
                 /* establish http connection to server */
                 URL url = new URL("https://localhost:" + serverPort+"/file1");
                 System.out.println("url is "+url.toString());
-        HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
+                HttpsURLConnection.setDefaultHostnameVerifier(
+                                                        new NameVerifier());
                 http = (HttpsURLConnection)url.openConnection();
                 int respCode = http.getResponseCode();
                 int cl = http.getContentLength();
@@ -154,12 +161,14 @@ public class RetryHttps {
                 http = (HttpsURLConnection)url.openConnection();
                 respCode = http.getResponseCode();
                 System.out.println("respCode2 = "+respCode);
-
             } catch (IOException ioex) {
                 if (sslServerSocket != null)
                     sslServerSocket.close();
                 throw ioex;
             }
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java

 /*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 4474255
  * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection
+ * @run main/othervm ComHTTPSConnection
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -198,6 +202,9 @@ public class ComHTTPSConnection {
             Thread.sleep(50);
         }
 
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             System.setProperty("java.protocol.handler.pkgs",
                 "com.sun.net.ssl.internal.www.protocol");
             HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
@@ -236,6 +243,9 @@ public class ComHTTPSConnection {
                 throw e;
             }
             System.out.println("Client reports:  SUCCESS");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java

@@ -28,6 +28,10 @@
  * @bug 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
+ * @run main/othervm ComHostnameVerifier
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHTTPSConnection.java

 /*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,10 @@
  * @test
  * @bug 4474255
  * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection
+ * @run main/othervm JavaxHTTPSConnection
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 
@@ -189,6 +193,9 @@ public class JavaxHTTPSConnection {
      * to avoid infinite hangs.
      */
     void doClientSide() throws Exception {
+        HostnameVerifier reservedHV =
+            HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
             /*
              * Wait for server to get started.
              */
@@ -202,8 +209,8 @@ public class JavaxHTTPSConnection {
             URLConnection urlc = url.openConnection();
 
             if (!(urlc instanceof javax.net.ssl.HttpsURLConnection)) {
-            throw new Exception(
-                "URLConnection ! instanceof javax.net.ssl.HttpsURLConnection");
+                throw new Exception("URLConnection ! instanceof " +
+                                    "javax.net.ssl.HttpsURLConnection");
             }
 
             BufferedReader in = null;
@@ -230,6 +237,9 @@ public class JavaxHTTPSConnection {
                 throw e;
             }
             System.out.println("Client reports:  SUCCESS");
+        } finally {
+            HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
+        }
     }
 
     static class NameVerifier implements HostnameVerifier {

test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java

@@ -28,6 +28,10 @@
  * @bug 4484246
  * @summary When an application enables anonymous SSL cipher suite,
  *        Hostname verification is not required
+ * @run main/othervm JavaxHostnameVerifier
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 import java.io.*;

test/sun/security/ssl/templates/SSLEngineTemplate.java

@@ -25,7 +25,10 @@
  * @test
  * @bug 1234567
  * @summary SSLEngine has not yet caused Solaris kernel to panic
+ * @run main/othervm SSLEngineTemplate
  *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  */
 
 /**

test/sun/security/ssl/templates/SSLSocketTemplate.java

@@ -25,6 +25,10 @@
  * @test
  * @bug 1234567
  * @summary Use this template to help speed your client/server tests.
+ * @run main/othervm SSLSocketTemplate
+ *
+ *     SunJSSE does not support dynamic system properties, no way to re-use
+ *     system properties in samevm/agentvm mode.
  * @author Brad Wetmore
  */
 

test/sun/security/tools/keytool/StartDateTest.java

@@ -132,7 +132,9 @@ public class StartDateTest {
 
     static Date getIssueDate() throws Exception {
         KeyStore ks = KeyStore.getInstance("jks");
-        ks.load(new FileInputStream("jks"), "changeit".toCharArray());
+        try (FileInputStream fis = new FileInputStream("jks")) {
+            ks.load(fis, "changeit".toCharArray());
+        }
         X509Certificate cert = (X509Certificate)ks.getCertificate("me");
         return cert.getNotBefore();
     }

test/sun/security/x509/AlgorithmId/ExtensibleAlgorithmId.java

@@ -24,9 +24,12 @@
 /*
  * @test
  * @bug 4162868
+ * @run main/othervm ExtensibleAlgorithmId
  * @summary Algorithm Name-to-OID mapping needs to be made extensible.
  */
 
+// Run in othervm, coz AlgorithmId.oidTable is only initialized once
+
 import java.security.*;
 import sun.security.x509.AlgorithmId;