Update the JTREG tests to run them with the openjdk-fips launcher
The tests are rewritten to be invoked by JTREG but internally
run using the openjdk-fips launcher using java.lang's ProcessBuilder.
The tests have been made independent of any particular FIPS
provider - all direct references to BouncyCastle have been
removed.
1. Remove the -compilejdk setting
2. Use openjdk-11 as the -testjdk
3. Use env var FIPS_JDK11_HOME to point to the openjdk-fips
installation, so that the installed launcher is used to run tests.
4. Use env var FIPS_PROVIDER to pass the name of the FIPS provider
to the JTREG tests
BouncyCastle does not support the JKS keystore format be default.
Support for JKS may be turned on using the property:
org.bouncycastle.jca.enable_jks=true
Fix dangling links in the openjdk-fips installation
The java.security, java.policy and provider.options files under
/etc/java-11-openjdk-fips/security must be symbolic links to
the same files under the installation directory /usr/lib/jvm...
and not the other way round.
Issue #1: There is an issue with the order of arguments passed
by the launcher to the exec'd java. First, the arguments passed
to the launcher - the main Java application class and its program
arguments - are copied over. Later, the launcher adds more system
properties to the 'back()' of the same std::vector. As a result they are ignored.
These need to be added to the std::vector's `begin()` instead of `back()`.
Issue #2: An issue related to the fix of issue #1 is the
"-add-exports java.base/sun.security.internal.spec=ALL-UNNAMED"
argument which is split into two at the whitespace. With the fix
to #1, this would cause these to be added in the wrong order.
Instead, we could add:
"-add-exports=java.base/sun.security.internal.spec=ALL-UNNAMED"
Issue #3: The SHOW_ARGS and CLASSPATH checks in the LauncherEnvironment
constructor should be independent of each other. Replace the if-else
by if-if
