From eaf73cd8662e950f19a6eab9cdc072a59459400b Mon Sep 17 00:00:00 2001
From: Jinhang-Zhang <Jinhang.Zhang@ibm.com>
Date: Tue, 23 Aug 2022 00:35:08 -0400
Subject: [PATCH] Enable trustStore properties for FIPS

Signed-off-by: Jinhang Zhang <Jinhang.Zhang@ibm.com>
---
 .../classes/openj9/internal/security/FIPSConfigurator.java   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/closed/adds/jdk/src/share/classes/openj9/internal/security/FIPSConfigurator.java b/closed/adds/jdk/src/share/classes/openj9/internal/security/FIPSConfigurator.java
index f3b15b78440..3d9a4b4e446 100644
--- a/closed/adds/jdk/src/share/classes/openj9/internal/security/FIPSConfigurator.java
+++ b/closed/adds/jdk/src/share/classes/openj9/internal/security/FIPSConfigurator.java
@@ -116,6 +116,11 @@ public static boolean configureFIPS(Properties props) {
                 props.put("keystore.type", "PKCS11");
                 System.setProperty("javax.net.ssl.keyStore", "NONE");
 
+                // Add trust store information.
+                System.setProperty("truststore.type", "PKCS11");
+                System.setProperty("javax.net.ssl.trustStore", "NONE");
+                System.setProperty("javax.net.ssl.trustStoreProvider", "SunPKCS11-NSS-FIPS");
+
                 // Add FIPS disabled algorithms.
                 String disabledAlgorithms = props.get("jdk.tls.disabledAlgorithms")
                         + ", X25519, X448"