RFR[11] JDK-8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found
sha.jiang at oracle.com
sha.jiang at oracle.com
Mon Jul 9 07:38:23 UTC 2018
Hi Thomas,
Thanks for your testing.
I'm not sure that's a reasonable case.
From my view, PKCS11Test.java simply checks if the NSS library
directory exists.
But it looks unnecessary to check every library file.
In fact, if removing libnss3 or libsoftokn3's dependencies, like
libnssutil3, the test also fails.
However, I still re-checked my previous solution, and made a new webrev [1].
The constant badNSSVersion in PKCS11Test.java may not be fine.
The static field nss_library in PKCS11Test.java can be softokn3 or nss3
for different tests.
badNSSVersion should be checked after the target nss library is determined.
And this checking should happen before the real testing, especially
before security manager is enabled.
So, a new extension method, exactly PKCS11Test::skipTest, was
introduced, and the affected tests were modified accordingly.
[1] http://cr.openjdk.java.net/~jjiang/8206258/webrev.01/
Best regards,
John Jiang
On 2018/7/4 14:15, Thomas Stüfe wrote:
> Hi,
>
> Unfortunately this is not enough.
>
> Running tests with your patch and NSS libs disabled (I renamed
> libsoftokn3.so) yields the following errors:
>
> sun/security/pkcs11/Secmod/AddPrivateKey.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
> sun/security/pkcs11/Secmod/AddTrustedCert.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
> sun/security/pkcs11/Secmod/Crypto.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
> sun/security/pkcs11/Secmod/GetPrivateKey.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
> sun/security/pkcs11/Secmod/JksSetPrivateKey.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
> sun/security/pkcs11/Secmod/LoadKeystore.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
> sun/security/pkcs11/Secmod/TestNssDbSqlite.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
> sun/security/pkcs11/Secmod/TrustAnchors.java
> Failed. Execution
> failed: `main' threw exception: java.security.ProviderException: Could
> not initialize NSS
>
>
> Excerpt from TestNssDbSqlite.jtr:
>
> ----------messages:(3/98)----------
> command: build TestNssDbSqlite
> reason: Named class compiled on demand
> elapsed time (seconds): 0.0
> result: Passed. All files up to date
>
> #section:main
> ----------messages:(5/721)----------
> command: main TestNssDbSqlite
> reason: User specified action: run main/othervm/timeout=120 TestNssDbSqlite
> Mode: othervm [/othervm specified]
> Additional options from @modules: --add-modules
> java.base,jdk.crypto.cryptoki --add-exports
> java.base/sun.security.rsa=ALL-UNNAMED --add-exports
> java.base/sun.security.provider=ALL-UNNAMED --add-exports
> java.base/sun.security.jca=ALL-UNNAMED --add-exports
> java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports
> java.base/sun.security.x509=ALL-UNNAMED --add-exports
> java.base/com.sun.crypto.provider=ALL-UNNAMED --add-exports
> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED --add-opens
> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED
> elapsed time (seconds): 0.445
> ----------configuration:(11/604)----------
> Boot Layer
> add modules: java.base jdk.crypto.cryptoki
> add exports: java.base/com.sun.crypto.provider ALL-UNNAMED
> java.base/sun.security.jca ALL-UNNAMED
> java.base/sun.security.provider ALL-UNNAMED
> java.base/sun.security.rsa ALL-UNNAMED
> java.base/sun.security.tools.keytool ALL-UNNAMED
> java.base/sun.security.x509 ALL-UNNAMED
> jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
> add opens: jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
>
> ----------System.out:(1/64)----------
> Warning: can't find NSS librarys on this machine, skipping test
> ----------System.err:(25/1633)----------
> java.security.ProviderException: Could not initialize NSS
> at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:218)
> at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
> at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
> at PKCS11Test.getSunPKCS11(PKCS11Test.java:152)
> at TestNssDbSqlite.initializeProvider(TestNssDbSqlite.java:121)
> at TestNssDbSqlite.initialize(TestNssDbSqlite.java:112)
> at TestNssDbSqlite.main(TestNssDbSqlite.java:67)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: java.io.IOException: NSS initialization failed
> at jdk.crypto.cryptoki/sun.security.pkcs11.Secmod.initialize(Secmod.java:234)
> at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:213)
> ... 14 more
>
> Kind Regards, Thomas
>
>
> On Wed, Jul 4, 2018 at 7:36 AM, <sha.jiang at oracle.com> wrote:
>> Hi,
>> If NSS libs are unavailable, PKCS11 tests fail when checking NSS version.
>> This patch tries to fix this issue.
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8206258
>> Webrev: http://cr.openjdk.java.net/~jjiang/8206258/webrev.00/
>>
>> Best regards,
>> John Jiang
>>
More information about the security-dev
mailing list