openjdk
diff --git a/‎test/jdk/java/security/KeyStore/PKCS12/WriteP12Test.java‎
Lines changed: 11 additions & 18 deletions b/‎test/jdk/java/security/KeyStore/PKCS12/WriteP12Test.java‎
Lines changed: 11 additions & 18 deletions
diff --git a/‎test/jdk/java/security/KeyStore/TestKeyStoreBasic.java‎
Lines changed: 33 additions & 50 deletions b/‎test/jdk/java/security/KeyStore/TestKeyStoreBasic.java‎
Lines changed: 33 additions & 50 deletions
diff --git a/‎test/jdk/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java‎
Lines changed: 24 additions & 42 deletions b/‎test/jdk/java/security/cert/CertPathBuilder/selfIssued/DisableRevocation.java‎
Lines changed: 24 additions & 42 deletions
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,12 +30,7 @@
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.UnrecoverableKeyException;
+import java.security.*;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -50,6 +45,7 @@
  * @summary Write different types p12 key store to Check the write related
  *  APIs.
  * @run main WriteP12Test
+ * @enablePreview
  */
 
 public class WriteP12Test {
@@ -128,19 +124,16 @@ public class WriteP12Test {
     private final Certificate testLeadCert;
     private final Certificate caCert;
 
-    WriteP12Test() throws CertificateException {
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        caCert = cf.generateCertificate(new ByteArrayInputStream(CA_CERT_STR
-                .getBytes()));
-        testLeadCert = cf.generateCertificate(new ByteArrayInputStream(
-                LEAD_CERT.getBytes()));
-        testerCert = cf.generateCertificate(new ByteArrayInputStream(END_CERT
-                .getBytes()));
+    WriteP12Test() {
+        PEMDecoder pemDecoder = PEMDecoder.of();
+        caCert = pemDecoder.decode(CA_CERT_STR, X509Certificate.class);
+        testLeadCert = pemDecoder.decode(LEAD_CERT, X509Certificate.class);
+        testerCert = pemDecoder.decode(END_CERT, X509Certificate.class);
     }
 
-    public static void main(String[] args) throws CertificateException,
-            UnrecoverableKeyException, KeyStoreException,
-            NoSuchProviderException, NoSuchAlgorithmException, IOException {
+    public static void main(String[] args) throws UnrecoverableKeyException,
+            KeyStoreException, NoSuchProviderException,
+            NoSuchAlgorithmException, IOException {
         WriteP12Test jstest = new WriteP12Test();
         out.println("test WriteP12CertChain");
         /*
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,54 +21,48 @@
  * questions.
  */
 
-import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyFactory;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
+import java.security.*;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Base64;
+import java.security.cert.X509Certificate;
 
 /*
  * @test
  * @bug 8048621 8133090 8167371 8236671
+ * @enablePreview
  * @summary Test basic operations with keystores (jks, jceks, pkcs12)
  * @author Yu-Ching Valerie PENG
  */
 public class TestKeyStoreBasic {
 
-    private static final String PRIVATE_KEY_PKCS8_BASE64 = ""
-        + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpyz97liuWPDYcLH9TX8BiT78o"
-        + "lCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgKmLhuczF3M9VIcWr+"
-        + "JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz7leikne7KmclHvTfvFd0WDI7Gb9v"
-        + "o4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXRv5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfF"
-        + "e1DDsMg/KpKGiILYZ+g2qtVMZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e"
-        + "+sO6H24w2F19AgMBAAECggEBAId/12187dO6wUPCjumuJA1QrrBnbKdKONyai36uoc1Od4s5QFj7"
-        + "+hEIeS7rbGNYQuBvnkgusAbzkW0FIpxpHce3EJez/emux6pEOKoP77BwMt9gy+txyu0+BHi91FQg"
-        + "AGvrnQDO5EYVY4Cz/WjOsJzKu8zVLg+DS0Toa2qRFwmUe9mVAXPNOCZ3Oae/Q6tCDsaINNw0fmjj"
-        + "jn6uohPbS+n6xENG3FkQXB36getXy310xTGED2J27cmAQH6gLR6Kl2iROzNPbbpBqbuemI9kbcld"
-        + "EwBS1jRfZWeaPstYA1niVrE9UgUBzemnoh4TDkG076sYthHMr5QFGjPswnwtJ4ECgYEA0sURQ5+v"
-        + "baH4tdaemI3qpnknXTlzSpuZZmAoyvY0Id0mlduwKwmZ3Y5989wHfnnhFfyNO4IkTKjI2Wp97qP5"
-        + "4eqUNpA7FtNU7KUzMcFDTtwtNZuRYMrKlqo2lLbA+gVrAYpYZFL4b7tcwtX4DnYorDsmude6W8sG"
-        + "4Mx2VdFJC9UCgYEAzjsdXCYH5doWUHb0dvn9ID7IikffEMRM720MRjrnnnVbpzx6ACntkPDNZg7p"
-        + "TRE/mx7iBz81ZaUWE+V0wd0JvCHEdpAz3mksyvDFhU4Bgs6xzf2pSul5muhsx3hHcvvPezz5Bnxs"
-        + "faJlzkxfwotyGmvWN15GA/pyfsZjsbbTpwkCgYAO6NnbysQCIV8SnegCKqfatt9N/O5m7LLhRxQb"
-        + "p2bwrlA4cZ34rWkw/w9x3LK7A6wkfgUPnJkswxPSLXJTG05l6M4rPfCwIKr1Qopojp9QSMr569NQ"
-        + "4YeLOOc7heIIzbFQHpU6I5Rncv2Q2sn9W+ZsqJKIuvX34FjQNiZ406EzMQKBgHSxOGS61D84DuZK"
-        + "2Ps1awhC3kB4eHzJRms3vflDPWoJJ+pSKwpKrzUTPHXiPBqyhtYkPGszVeiE6CAr9sv3YZnFVaBs"
-        + "6hyQUJsob+uE/w/gGvXe8VsFDx0bJOodYfhrCbTHBHWqE81nBcocpxayxsayfAzqWB3KKd0YLrMR"
-        + "K2PZAoGAcZa8915R2m0KZ6HVJUt/JDR85jCbN71kcVDFY2XSFkOJvOdFoHNfRckfLzjq9Y2MSSTV"
-        + "+QDWbDo2doUQCejJUTaN8nP79tfyir24X5uVPvQaeVoGTKYb+LfUqK0F60lStmjuddIGSZH55y3v"
-        + "+9XjmxbVERtd1lqgQg3VlmKlEXY=";
+    private static final String PRIVATE_KEY_PKCS8_BASE64 = """
+        -----BEGIN PRIVATE KEY-----
+        MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpyz97liuWPDYcLH9TX8BiT78o
+        lCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgKmLhuczF3M9VIcWr+
+        JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz7leikne7KmclHvTfvFd0WDI7Gb9v
+        o4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXRv5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfF
+        e1DDsMg/KpKGiILYZ+g2qtVMZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e
+        +sO6H24w2F19AgMBAAECggEBAId/12187dO6wUPCjumuJA1QrrBnbKdKONyai36uoc1Od4s5QFj7
+        +hEIeS7rbGNYQuBvnkgusAbzkW0FIpxpHce3EJez/emux6pEOKoP77BwMt9gy+txyu0+BHi91FQg
+        AGvrnQDO5EYVY4Cz/WjOsJzKu8zVLg+DS0Toa2qRFwmUe9mVAXPNOCZ3Oae/Q6tCDsaINNw0fmjj
+        jn6uohPbS+n6xENG3FkQXB36getXy310xTGED2J27cmAQH6gLR6Kl2iROzNPbbpBqbuemI9kbcld
+        EwBS1jRfZWeaPstYA1niVrE9UgUBzemnoh4TDkG076sYthHMr5QFGjPswnwtJ4ECgYEA0sURQ5+v
+        baH4tdaemI3qpnknXTlzSpuZZmAoyvY0Id0mlduwKwmZ3Y5989wHfnnhFfyNO4IkTKjI2Wp97qP5
+        4eqUNpA7FtNU7KUzMcFDTtwtNZuRYMrKlqo2lLbA+gVrAYpYZFL4b7tcwtX4DnYorDsmude6W8sG
+        4Mx2VdFJC9UCgYEAzjsdXCYH5doWUHb0dvn9ID7IikffEMRM720MRjrnnnVbpzx6ACntkPDNZg7p
+        TRE/mx7iBz81ZaUWE+V0wd0JvCHEdpAz3mksyvDFhU4Bgs6xzf2pSul5muhsx3hHcvvPezz5Bnxs
+        faJlzkxfwotyGmvWN15GA/pyfsZjsbbTpwkCgYAO6NnbysQCIV8SnegCKqfatt9N/O5m7LLhRxQb
+        p2bwrlC4cZ34rWkw/w9x3LK7A6wkfgUPnJkswxPSLXJTG05l6M4rPfCwIKr1Qopojp9QSMr569NQ
+        4YeLOOc7heIIzbFQHpU6I5Rncv2Q2sn9W+ZsqJKIuvX34FjQNiZ406EzMQKBgHSxOGS61D84DuZK
+        2Ps1awhC3kB4eHzJRms3vflDPWoJJ+pSKwpKrzUTPHXiPBqyhtYkPGszVeiE6CAr9sv3YZnFVaBs
+        6hyQUJsob+uE/w/gGvXe8VsFDx0bJOodYfhrCbTHBHWqE81nBcocpxayxsayfAzqWB3KKd0YLrMR
+        K2PZAoGAcZa8915R2m0KZ6HVJUt/JDR85jCbN71kcVDFY2XSFkOJvOdFoHNfRckfLzjq9Y2MSSTV
+        +QDWbDo2doUQCejJUTaN8nP79tfyir24X5uVPvQaeVoGTKYb+LfUqK0F60lStmjuddIGSZH55y3v
+        +9XjmxbVERtd1lqgQg3VlmKlEXY=
+        -----END PRIVATE KEY-----
+        """;
 
     /*
      * Certificate:
@@ -132,20 +126,9 @@ public void run() throws Exception {
 
     public void runTest(String provider) throws Exception {
 
-        // load private key
-        // all keystore types should support private keys
-        KeySpec spec = new PKCS8EncodedKeySpec(
-                Base64.getMimeDecoder().decode(PRIVATE_KEY_PKCS8_BASE64));
-        PrivateKey privateKey = KeyFactory.getInstance("RSA")
-                .generatePrivate(spec);
-
-        // load x509 certificate
-        Certificate cert;
-        try (InputStream is = new BufferedInputStream(
-                new ByteArrayInputStream(CERTIFICATE.getBytes()))) {
-            cert = CertificateFactory.getInstance("X.509")
-                    .generateCertificate(is);
-        }
+        PEMDecoder pemDecoder = PEMDecoder.of();
+        PrivateKey privateKey = pemDecoder.decode(PRIVATE_KEY_PKCS8_BASE64, PrivateKey.class);
+        Certificate cert = pemDecoder.decode(CERTIFICATE, X509Certificate.class);
 
         int numEntries = 5;
         String type = null;
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,11 +36,14 @@
  * @run main/othervm DisableRevocation subca
  * @run main/othervm DisableRevocation subci
  * @run main/othervm DisableRevocation alice
+ * @enablePreview
  * @author Xuelei Fan
  */
 
 import java.io.*;
 import java.net.SocketException;
+import java.security.DEREncodable;
+import java.security.PEMDecoder;
 import java.util.*;
 import java.security.Security;
 import java.security.cert.*;
@@ -143,49 +146,29 @@ public final class DisableRevocation {
         "G93Dcf0U1JRO77juc61Br5paAy8Bok18Y/MeG7uKgB2MAEJYKhGKbCrfMw==\n" +
         "-----END CERTIFICATE-----";
 
+    private static final PEMDecoder PEM_DECODER = PEMDecoder.of();
+
     private static Set<TrustAnchor> generateTrustAnchors()
             throws CertificateException {
         // generate certificate from cert string
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
-        ByteArrayInputStream is =
-                    new ByteArrayInputStream(selfSignedCertStr.getBytes());
-        Certificate selfSignedCert = cf.generateCertificate(is);
+        X509Certificate selfSignedCert = PEM_DECODER.decode(selfSignedCertStr, X509Certificate.class);
 
         // generate a trust anchor
         TrustAnchor anchor =
-            new TrustAnchor((X509Certificate)selfSignedCert, null);
+            new TrustAnchor(selfSignedCert, null);
 
         return Collections.singleton(anchor);
     }
 
     private static CertStore generateCertificateStore() throws Exception {
-        Collection entries = new HashSet();
+        Collection<DEREncodable> entries = new HashSet<>();
 
         // generate certificate from certificate string
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
-        ByteArrayInputStream is;
-
-        is = new ByteArrayInputStream(targetCertStr.getBytes());
-        Certificate cert = cf.generateCertificate(is);
-        entries.add(cert);
-
-        is = new ByteArrayInputStream(subCaCertStr.getBytes());
-        cert = cf.generateCertificate(is);
-        entries.add(cert);
-
-        is = new ByteArrayInputStream(selfSignedCertStr.getBytes());
-        cert = cf.generateCertificate(is);
-        entries.add(cert);
-
-        is = new ByteArrayInputStream(topCrlIssuerCertStr.getBytes());
-        cert = cf.generateCertificate(is);
-        entries.add(cert);
-
-        is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
-        cert = cf.generateCertificate(is);
-        entries.add(cert);
+        entries.add(PEM_DECODER.decode(targetCertStr, X509Certificate.class));
+        entries.add(PEM_DECODER.decode(subCaCertStr, X509Certificate.class));
+        entries.add(PEM_DECODER.decode(selfSignedCertStr, X509Certificate.class));
+        entries.add(PEM_DECODER.decode(topCrlIssuerCertStr, X509Certificate.class));
+        entries.add(PEM_DECODER.decode(subCrlIssuerCertStr, X509Certificate.class));
 
         return CertStore.getInstance("Collection",
                             new CollectionCertStoreParameters(entries));
@@ -198,15 +181,16 @@ private static X509CertSelector generateSelector(String name)
         // generate certificate from certificate string
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
         ByteArrayInputStream is = null;
+        String cert;
         if (name.equals("subca")) {
-            is = new ByteArrayInputStream(subCaCertStr.getBytes());
+            cert = subCaCertStr;
         } else if (name.equals("subci")) {
-            is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
+            cert = subCrlIssuerCertStr;
         } else {
-            is = new ByteArrayInputStream(targetCertStr.getBytes());
+            cert = targetCertStr;
         }
 
-        X509Certificate target = (X509Certificate)cf.generateCertificate(is);
+        X509Certificate target = PEM_DECODER.decode(cert, X509Certificate.class);
         byte[] extVal = target.getExtensionValue("2.5.29.14");
         if (extVal != null) {
             DerInputStream in = new DerInputStream(extVal);
@@ -222,19 +206,17 @@ private static X509CertSelector generateSelector(String name)
 
     private static boolean match(String name, Certificate cert)
                 throws Exception {
-        X509CertSelector selector = new X509CertSelector();
 
         // generate certificate from certificate string
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        ByteArrayInputStream is = null;
+        String newCert;
         if (name.equals("subca")) {
-            is = new ByteArrayInputStream(subCaCertStr.getBytes());
+            newCert = subCaCertStr;
         } else if (name.equals("subci")) {
-            is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
+            newCert = subCrlIssuerCertStr;
         } else {
-            is = new ByteArrayInputStream(targetCertStr.getBytes());
+            newCert = targetCertStr;
         }
-        X509Certificate target = (X509Certificate)cf.generateCertificate(is);
+        X509Certificate target = PEM_DECODER.decode(newCert, X509Certificate.class);
 
         return target.equals(cert);
     }