wolfJSSE fixes for FIPS test coverage

Author: JeremiahM37

src/java/com/wolfssl/WolfSSLCertManager.java

@@ -179,7 +179,8 @@ public synchronized int CertManagerLoadCAKeyStore(KeyStore ks)
                     cert = (X509Certificate) ks.getCertificate(name);
                 }
 
-                if (cert != null && cert.getBasicConstraints() >= 0) {
+                if (cert != null && (cert.getBasicConstraints() >= 0 ||
+                        WolfSSL.trustPeerCertEnabled())) {
                     ret = CertManagerLoadCABuffer(cert.getEncoded(),
                             cert.getEncoded().length,
                             WolfSSL.SSL_FILETYPE_ASN1);

src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java

@@ -331,8 +331,9 @@ protected WolfSSLImplementSSLSession getSession(
             return null;
         }
 
-        /* Return new session if in server mode, or if host is null */
-        if (!clientMode || host == null) {
+        /* Unknown port (-1) is a valid SSLEngine host hint.
+         * Skip cache keying. */
+        if (!clientMode || host == null || port < 0) {
             return this.getSession(ssl, clientMode, host, port);
         }
 
@@ -758,14 +759,20 @@ protected void updateTimeouts(int in, int side) {
                     diff = (now - current.creation.getTime()) / 1000;
 
                     if (diff < 0) {
-                    /* session is from the future ... */ //@TODO
+                    /* session is from the future ... */ /* TODO */
 
                     }
 
-                    if (in > 0 && diff > in) {
+                    if (in > 0 && diff >= in) {
+                        current.invalidate();
+                    }
+                    try {
+                        current.setNativeTimeout(in);
+                    } catch (IllegalStateException e) {
+                        /* Native WolfSSLSession has been freed,
+                         * invalidate this session entry */
                         current.invalidate();
                     }
-                    current.setNativeTimeout(in);
                 }
             }
         }
@@ -803,4 +810,3 @@ protected synchronized void finalize() throws Throwable {
         super.finalize();
     }
 }
-

src/java/com/wolfssl/provider/jsse/WolfSSLContext.java

@@ -488,7 +488,7 @@ protected SSLEngine engineCreateSSLEngine()
         try {
             return new WolfSSLEngine(this.ctx, this.authStore, this.params);
         } catch (WolfSSLException ex) {
-            throw new IllegalStateException("Unable to create engine");
+            throw new IllegalStateException("Unable to create engine", ex);
         }
     }
 
@@ -516,7 +516,7 @@ protected SSLEngine engineCreateSSLEngine(String host, int port)
             return new WolfSSLEngine(this.ctx, this.authStore, this.params,
                 host, port);
         } catch (WolfSSLException ex) {
-            throw new IllegalStateException("Unable to create engine");
+            throw new IllegalStateException("Unable to create engine", ex);
         }
     }