From 5dd38697591e7113aa76c9192748862441c841f3 Mon Sep 17 00:00:00 2001
From: Matthew Donovan <matthew.p.donovan@oracle.com>
Date: Fri, 3 Oct 2025 07:38:20 -0400
Subject: [PATCH 1/2] 8362894: PKCS12 KeyStore PBMAC1 interoperability testing

---
 .../pkcs12/KeytoolOpensslInteropTest.java     |  7 ++++++
 test/jdk/sun/security/pkcs12/params/README    |  2 ++
 test/jdk/sun/security/pkcs12/params/os6       | 23 +++++++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 test/jdk/sun/security/pkcs12/params/os6

diff --git a/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java b/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java
index 4974ba066490f..a6ab01e98c315 100644
--- a/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java
+++ b/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java
@@ -138,6 +138,11 @@ private static void generateInitialKeystores(String opensslPath)
                 "pass:changeit", "-certpbe", "AES-256-CBC", "-keypbe",
                 "AES-256-CBC", "-macalg", "SHA512")
                 .shouldHaveExitValue(0);
+
+        ProcessTools.executeCommand(opensslPath, "pkcs12", "-export", "-in",
+                        "kandc", "-out", "os6", "-name", "a", "-passout",
+                        "pass:changeit", "-pbmac1_pbkdf2", "-macalg", "sha256")
+                .shouldHaveExitValue(0);
     }
 
     private static void testWithJavaCommands() throws Throwable {
@@ -168,6 +173,8 @@ private static void testWithJavaCommands() throws Throwable {
         // no storepass no cert
         check("os5", "a", null, "changeit", true, false, true);
 
+        check("os6", "a", "changeit", "changeit", true, true, true);
+
         // keytool
 
         // Current default pkcs12 setting
diff --git a/test/jdk/sun/security/pkcs12/params/README b/test/jdk/sun/security/pkcs12/params/README
index eca9e1b8d8aa0..dbd1f857d632b 100644
--- a/test/jdk/sun/security/pkcs12/params/README
+++ b/test/jdk/sun/security/pkcs12/params/README
@@ -14,6 +14,8 @@ openssl pkcs12 -export -in kandc -out os4 -name a -passout pass:changeit \
         -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC4-128 -macalg SHA224
 openssl pkcs12 -export -in kandc -out os5 -name a -passout pass:changeit \
         -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA512
+openssl pkcs12 -export -in kandc -out os6 -name a -passout pass:changeit \
+        -pbmac1_pbkdf2  -macalg sha256
 for a in *; do
     openssl base64 -in $a -out ../$a
 done
diff --git a/test/jdk/sun/security/pkcs12/params/os6 b/test/jdk/sun/security/pkcs12/params/os6
new file mode 100644
index 0000000000000..69602978d3b7f
--- /dev/null
+++ b/test/jdk/sun/security/pkcs12/params/os6
@@ -0,0 +1,23 @@
+MIIEOgIBAzCCA7QGCSqGSIb3DQEHAaCCA6UEggOhMIIDnTCCAmoGCSqGSIb3DQEH
+BqCCAlswggJXAgEAMIICUAYJKoZIhvcNAQcBMF8GCSqGSIb3DQEFDTBSMDEGCSqG
+SIb3DQEFDDAkBBBEpg+dmjxfnLMTmaHD/RjPAgIIADAMBggqhkiG9w0CCQUAMB0G
+CWCGSAFlAwQBKgQQT731bM49PtePx/S4Xf6UZICCAeBeDpWGfpMn8d+wcAoHjUyg
++ceG2y75ac4UVsnVSpYCZaPHcOvUDbTAk5ylMGseLvl3x7xHmovIlShW1IBUWpTe
+LhWNpa2f5yZ7t/BXB/oJFT7ol17WznHgmmCi6XbdiGq1YSV3X7SQEBw8WBWeOjGb
+IURTAZCLMbGLXkSdg+2DRgP+PpM/Y29vFK2vo72s8bfYS9bGitEreyafP/jv8GxN
+6SZx9+FSpTQ92Yj8qyFxvkR4fDyBnYe50KLf/bZmGMBq/d19lxNoheLGfuZ2ZM7W
+Mw+wePBJsyntJfcce8iWjt6M8epVmx8SwarNkLU3UiX5XPDGJnnI/0QXEvJ2skQW
+y9kCTP4DRYd2kg0tRvpsrK2DraP6xxBCviixoil1rbiQHmOhj6RKx1grGw94nvZq
+JM7rZbKN3DvjSwjRn8S2QvycqGYhrQhwoQGqajmCuuBrkM6FCQUKjoWja1XCeQ3Q
+8aRnQxwypB46Jrvvn4t3GghF3ZJ0X9LuimXQo9GAXf+X7eNOPpjFrIWlgICTgRN+
+v9elrcUOUKb9C24/Zws/B3nq8fvB9WY0Q9qaVZz9KUKfPjK1QwEr++5xJ5sBZgJz
+kZNV0n4dxe4oCN+pE9ztpEswf4sWER92G+YDZB0IEV4wggErBgkqhkiG9w0BBwGg
+ggEcBIIBGDCCARQwggEQBgsqhkiG9w0BDAoBAqCBxjCBwzBfBgkqhkiG9w0BBQ0w
+UjAxBgkqhkiG9w0BBQwwJAQQvMlpTtrcoqg0XEC3z6KFEgICCAAwDAYIKoZIhvcN
+AgkFADAdBglghkgBZQMEASoEEO7wolHeKZyoyII6h3l+iQ4EYEyg6yJWNUWo8ug2
+QNsXVUWmUb9nfu0+nIuhnpBwRewveSv+XMZ+C8szRQsefeMdfjzy91M/ZSHkR73K
+HcKdUTVI5zNdBd61g9VNL6CvQCPZIj7AW5bsJ2cZg/GjpsepcDE4MBEGCSqGSIb3
+DQEJFDEEHgIAYTAjBgkqhkiG9w0BCRUxFgQUxCJpJWSVzAG4ZpwKuIUAgKBtWAkw
+fTBtMEkGCSqGSIb3DQEFDjA8MCwGCSqGSIb3DQEFDDAfBAgMIRBR5kB3lgICCAAC
+ASAwDAYIKoZIhvcNAgkFADAMBggqhkiG9w0CCQUABCDM5Ec9Anci3+OswMqEX22f
+uAUrp9IqJSBF3ZY2g86utgQIDCEQUeZAd5YCAggA

From dadded17f906830588e1717062c2f016d96250a4 Mon Sep 17 00:00:00 2001
From: Matthew Donovan <matthew.p.donovan@oracle.com>
Date: Wed, 19 Nov 2025 14:04:32 -0500
Subject: [PATCH 2/2] added bug id

---
 test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java b/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java
index a6ab01e98c315..eee55998f0bc6 100644
--- a/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java
+++ b/test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java
@@ -23,7 +23,7 @@
 
 /*
  * @test id=GenerateOpensslPKCS12
- * @bug 8076190 8242151 8153005 8266182
+ * @bug 8076190 8242151 8153005 8266182 8362894
  * @summary This is java keytool <-> openssl interop test. This test generates
  *          some openssl keystores on the fly, java operates on it and
  *          vice versa.