[RFR] [8u] 8144539: Update PKCS11 tests to run with security manager

Tue Aug 25 16:46:29 UTC 2020

On 01:40 Tue 25 Aug     , Martin Balao wrote:
> Hi,
> 
> On Fri, Aug 21, 2020 at 10:43 PM Andrew Hughes <gnu.andrew at redhat.com> wrote:
> >
> > Bug: https://bugs.openjdk.java.net/browse/JDK-8144539
> > Webrev: https://cr.openjdk.java.net/~andrew/openjdk8/8144539/webrev.01/
> >
> >
> 
> A few comments:
> 
>  * There are a few tabs in PKCS11Test.java. Can we replace them with
> white spaces? So we make sure that the code shows properly aligned
> across IDEs.
>

I guess they may have snuck in when I had to bring back that code, as
mentioned in the original e-mail. Should be fixed now with the normalizer
script and jcheck would have caught it on commit.

>  * I've seen several changes in a few files such as TestPRF.java,
> TestMasterSecret.java, TestKeyMaterial.java, etc. TestKeyMaterial.java
> was a bit easier for the naked eye. I take from your comment that you
> didn't have any major conflict there beyond the '@modules' line,
> right?
>

I've attached diffs of those three with -b. Most of it is whitespace
changes caused by indenting everything for the try block.

>  * test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java and
> test/sun/security/pkcs11/sslecc/JSSEServer.java changes will create a
> conflict with the TLS 1.3 backport; affecting Steps 10, 11 and 15.
>

I've reverted these changes to avoid the conflict as before.

> Otherwise, looks good to me.
> 
> With that said, I believe that this backport (which has low-priority)
> should wait until the TLS 1.3 backport (high-priority) is merged.
> Particularly because we are targeting the next release, and should be
> able to merge this week -so it's not that we are blocking SSL-related
> tests for a long time-. Otherwise, we would need to rebase and
> generate + review Steps 10, 11 and 15 again. Note: 15 is still under
> review, but I was expecting to have it ready in the next couple of
> days. That's my view. I'll let other Reviewers decide here.
>

I would prefer we get this in to avoid it being pushed to 8u282, and
it also unblocks the other PKCS#11 fixes. Given it is pretty much ready,
going by your review, I see no reason to delay it further.

New webrev:

https://cr.openjdk.java.net/~andrew/openjdk8/8144539/webrev.02/

It would be easier to see what files conflict with the TLS 1.3 work if
the work was publicly visible. I don't yet see any changes in:

https://hg.openjdk.java.net/jdk8u/jdk8u-jsse-incubator/jdk/

which is a little worrying for something you hope to have merged this
weekend.

> Thanks,
> Martin.-
> 

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222