[RFR] [8u] 8144539: Update PKCS11 tests to run with security manager
Andrew Hughes
gnu.andrew at redhat.com
Tue Aug 25 16:48:59 UTC 2020
On 17:46 Tue 25 Aug , Andrew Hughes wrote:
> On 01:40 Tue 25 Aug , Martin Balao wrote:
> > Hi,
> >
> > On Fri, Aug 21, 2020 at 10:43 PM Andrew Hughes <gnu.andrew at redhat.com> wrote:
> > >
> > > Bug: https://bugs.openjdk.java.net/browse/JDK-8144539
> > > Webrev: https://cr.openjdk.java.net/~andrew/openjdk8/8144539/webrev.01/
> > >
> > >
> >
> > A few comments:
> >
> > * There are a few tabs in PKCS11Test.java. Can we replace them with
> > white spaces? So we make sure that the code shows properly aligned
> > across IDEs.
> >
>
> I guess they may have snuck in when I had to bring back that code, as
> mentioned in the original e-mail. Should be fixed now with the normalizer
> script and jcheck would have caught it on commit.
>
> > * I've seen several changes in a few files such as TestPRF.java,
> > TestMasterSecret.java, TestKeyMaterial.java, etc. TestKeyMaterial.java
> > was a bit easier for the naked eye. I take from your comment that you
> > didn't have any major conflict there beyond the '@modules' line,
> > right?
> >
>
> I've attached diffs of those three with -b. Most of it is whitespace
> changes caused by indenting everything for the try block.
>
> > * test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java and
> > test/sun/security/pkcs11/sslecc/JSSEServer.java changes will create a
> > conflict with the TLS 1.3 backport; affecting Steps 10, 11 and 15.
> >
>
> I've reverted these changes to avoid the conflict as before.
>
> > Otherwise, looks good to me.
> >
> > With that said, I believe that this backport (which has low-priority)
> > should wait until the TLS 1.3 backport (high-priority) is merged.
> > Particularly because we are targeting the next release, and should be
> > able to merge this week -so it's not that we are blocking SSL-related
> > tests for a long time-. Otherwise, we would need to rebase and
> > generate + review Steps 10, 11 and 15 again. Note: 15 is still under
> > review, but I was expecting to have it ready in the next couple of
> > days. That's my view. I'll let other Reviewers decide here.
> >
>
> I would prefer we get this in to avoid it being pushed to 8u282, and
> it also unblocks the other PKCS#11 fixes. Given it is pretty much ready,
> going by your review, I see no reason to delay it further.
>
> New webrev:
>
> https://cr.openjdk.java.net/~andrew/openjdk8/8144539/webrev.02/
>
> It would be easier to see what files conflict with the TLS 1.3 work if
> the work was publicly visible. I don't yet see any changes in:
>
> https://hg.openjdk.java.net/jdk8u/jdk8u-jsse-incubator/jdk/
>
> which is a little worrying for something you hope to have merged this
> weekend.
>
> > Thanks,
> > Martin.-
> >
>
> Thanks,
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> OpenJDK Package Owner
> Red Hat, Inc. (http://www.redhat.com)
>
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
Ugh, forgot to attach the files!
--
Andrew :)
Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
-------------- next part --------------
diff --git a/test/sun/security/pkcs11/tls/TestKeyMaterial.java b/test/sun/security/pkcs11/tls/TestKeyMaterial.java
--- a/test/sun/security/pkcs11/tls/TestKeyMaterial.java
+++ b/test/sun/security/pkcs11/tls/TestKeyMaterial.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,37 +27,39 @@
* @summary Known-answer-test for TlsKeyMaterial generator
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestKeyMaterial
+ * @run main/othervm TestKeyMaterial sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.security.Provider;
-
+import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
+import sun.security.internal.spec.TlsKeyMaterialSpec;
public class TestKeyMaterial extends PKCS11Test {
- private static int PREFIX_LENGTH = "km-master: ".length();
+ private static final int PREFIX_LENGTH = "km-master: ".length();
public static void main(String[] args) throws Exception {
- main(new TestKeyMaterial());
+ main(new TestKeyMaterial(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsKeyMaterial") == null) {
System.out.println("Provider does not support algorithm, skipping");
return;
}
- InputStream in = new FileInputStream(new File(BASE, "keymatdata.txt"));
- BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+ try (BufferedReader reader = Files.newBufferedReader(
+ Paths.get(BASE, "keymatdata.txt"))) {
int n = 0;
int lineNumber = 0;
@@ -154,10 +156,10 @@
if (n == 0) {
throw new Exception("no tests");
}
- in.close();
System.out.println();
System.out.println("OK: " + n + " tests");
}
+ }
private static void stripParity(byte[] b) {
for (int i = 0; i < b.length; i++) {
-------------- next part --------------
diff --git a/test/sun/security/pkcs11/tls/TestMasterSecret.java b/test/sun/security/pkcs11/tls/TestMasterSecret.java
--- a/test/sun/security/pkcs11/tls/TestMasterSecret.java
+++ b/test/sun/security/pkcs11/tls/TestMasterSecret.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,37 +27,38 @@
* @summary Known-answer-test for TlsMasterSecret generator
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestMasterSecret
+ * @run main/othervm TestMasterSecret sm TestMasterSecret.policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.security.Provider;
-
+import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.SecretKeySpec;
import sun.security.internal.interfaces.TlsMasterSecret;
+import sun.security.internal.spec.TlsMasterSecretParameterSpec;
public class TestMasterSecret extends PKCS11Test {
- private static int PREFIX_LENGTH = "m-premaster: ".length();
+ private static final int PREFIX_LENGTH = "m-premaster: ".length();
public static void main(String[] args) throws Exception {
- main(new TestMasterSecret());
+ main(new TestMasterSecret(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsMasterSecret") == null) {
System.out.println("Not supported by provider, skipping");
return;
}
- InputStream in = new FileInputStream(new File(BASE, "masterdata.txt"));
- BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+
+ try (BufferedReader reader = Files.newBufferedReader(
+ Paths.get(BASE, "masterdata.txt"))) {
int n = 0;
int lineNumber = 0;
@@ -129,9 +130,9 @@
if (n == 0) {
throw new Exception("no tests");
}
- in.close();
System.out.println();
System.out.println("OK: " + n + " tests");
}
+ }
}
-------------- next part --------------
diff --git a/test/sun/security/pkcs11/tls/TestPRF.java b/test/sun/security/pkcs11/tls/TestPRF.java
--- a/test/sun/security/pkcs11/tls/TestPRF.java
+++ b/test/sun/security/pkcs11/tls/TestPRF.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,37 +27,37 @@
* @summary Basic known-answer-test for TlsPrf
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestPRF
+ * @run main/othervm TestPRF sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.security.Provider;
-
+import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.SecretKeySpec;
+import sun.security.internal.spec.TlsPrfParameterSpec;
public class TestPRF extends PKCS11Test {
- private static int PREFIX_LENGTH = "prf-output: ".length();
+ private static final int PREFIX_LENGTH = "prf-output: ".length();
public static void main(String[] args) throws Exception {
- main(new TestPRF());
+ main(new TestPRF(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsPrf") == null) {
System.out.println("Provider does not support algorithm, skipping");
return;
}
- InputStream in = new FileInputStream(new File(BASE, "prfdata.txt"));
- BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+ try (BufferedReader reader = Files.newBufferedReader(
+ Paths.get(BASE, "prfdata.txt"))) {
int n = 0;
int lineNumber = 0;
@@ -134,9 +134,9 @@
if (n == 0) {
throw new Exception("no tests");
}
- in.close();
System.out.println();
System.out.println("OK: " + n + " tests");
}
+ }
}
More information about the jdk8u-dev
mailing list