Support SecureRandom strong algorithms in FIPS mode

[Mohit-Rajbhar100698]

This change overrides the default securerandom.strongAlgorithms configuration used by SecureRandom.getInstanceStrong() when it runs in FIPS mode.

Signed-off-by: Mohit Rajbhar mohit.rajbhar@ibm.com

[keithc-ca]

Tests should be added to verify correct behavior of the new property, including that it can be appended in an profile extension.

[Mohit-Rajbhar100698]

Tests should be added to verify correct behavior of the new property, including that it can be appended in an profile extension.

I would also like to point out that tests for this feature already exist in JavaNext and in Java 26.

“test/jdk/java/security/SecureRandom/TestStrong.java”

However, these tests are not present in JDK 25 and earlier versions. 
Therefore, while backporting this change, we will also need to add the corresponding tests to JDK 25 and earlier versions.

[keithc-ca]

Please also fix the commit message. Lines in the body should be no more than 72 characters long; see https://github.com/eclipse-openj9/openj9/blob/master/CONTRIBUTING.md#commit-guidelines.

[keithc-ca]

Please explain how that existing test validates the new behavior added here. Yes, it tests that a strong SecureRandom is available, but it doesn't, that I can see, verify that the correct implementation is chosen based on the selected security profile.

[Mohit-Rajbhar100698]

Please explain how that existing test validates the new behavior added here. Yes, it tests that a strong SecureRandom is available, but it doesn't, that I can see, verify that the correct implementation is chosen based on the selected security profile.

In the test test/jdk/java/security/SecureRandom/TestStrong.java, the line
final SecureRandom random = SecureRandom.getInstanceStrong();
retrieves a strong SecureRandom implementation based on the active Java restricted security profile.

Before this change, when the it runs in FIPS mode with the profile OpenJCEPlusFIPS.FIPS140-3, the above call fails.
SecureRandom.getInstanceStrong() attempts to obtain a strong algorithm that is FIPS-compliant, but none is available in the default configuration, so the call throws an exception.

When FIPS mode is enabled and a profile such as OpenJCEPlusFIPS.FIPS140-3 is active, the Java security configuration should follow the settings defined by that profile.

In this scenario, SecureRandom.getInstanceStrong() should return a FIPS-compliant strong SecureRandom implementation provided by the FIPS provider, rather than using the default JDK configuration.

After this change, when the JVM runs in FIPS mode with the profiles:

• OpenJCEPlusFIPS.FIPS140-3
• OpenJCEPlusFIPS.FIPS140-3-Strongly-Enforced
• OpenJCEPlusFIPS.FIPS140-3-Weakly-Enforced

the default JDK's securerandom.strongAlgorithms configuration is overridden, and a FIPS-compliant strong SecureRandom algorithm is configured.
As a result, SecureRandom.getInstanceStrong() now successfully returns a FIPS-compliant implementation, and the existing TestStrong.java test passes when running in FIPS mode

After change ,result of above call is

[keithc-ca]

Validating the behavior once manually is not what I was asking for. I think we need a new automated test that checks for proper operation. I suggest that new test belongs in closed/test/jdk/openj9/internal/security with other related tests.