RFR[11] JDK-8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found

sha.jiang at oracle.com sha.jiang at oracle.com
Tue Jul 17 01:46:56 UTC 2018 

Ping...

John

On 2018/7/13 09:15, sha.jiang at oracle.com wrote:
> Could the new patch be reviewed?
> http://cr.openjdk.java.net/~jjiang/8206258/webrev.01/
>
> Thanks!
> John
>
> On 2018/7/9 15:38, sha.jiang at oracle.com wrote:
>> Hi Thomas,
>> Thanks for your testing.
>>
>> I'm not sure that's a reasonable case.
>> From my view, PKCS11Test.java simply checks if the NSS library 
>> directory exists.
>> But it looks unnecessary to check every library file.
>> In fact, if removing libnss3 or libsoftokn3's dependencies, like 
>> libnssutil3, the test also fails.
>>
>> However, I still re-checked my previous solution, and made a new 
>> webrev [1].
>> The constant badNSSVersion in PKCS11Test.java may not be fine.
>> The static field nss_library in PKCS11Test.java can be softokn3 or 
>> nss3 for different tests.
>> badNSSVersion should be checked after the target nss library is 
>> determined.
>> And this checking should happen before the real testing, especially 
>> before security manager is enabled.
>> So, a new extension method, exactly PKCS11Test::skipTest, was 
>> introduced, and the affected tests were modified accordingly.
>>
>> [1] http://cr.openjdk.java.net/~jjiang/8206258/webrev.01/
>>
>> Best regards,
>> John Jiang
>>
>> On 2018/7/4 14:15, Thomas Stüfe wrote:
>>> Hi,
>>>
>>> Unfortunately this is not enough.
>>>
>>> Running tests with your patch and NSS libs disabled (I renamed
>>> libsoftokn3.so) yields the following errors:
>>>
>>> sun/security/pkcs11/Secmod/AddPrivateKey.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>> sun/security/pkcs11/Secmod/AddTrustedCert.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>> sun/security/pkcs11/Secmod/Crypto.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>> sun/security/pkcs11/Secmod/GetPrivateKey.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>> sun/security/pkcs11/Secmod/JksSetPrivateKey.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>> sun/security/pkcs11/Secmod/LoadKeystore.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>> sun/security/pkcs11/Secmod/TestNssDbSqlite.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>> sun/security/pkcs11/Secmod/TrustAnchors.java
>>>                                                   Failed. Execution
>>> failed: `main' threw exception: java.security.ProviderException: Could
>>> not initialize NSS
>>>
>>>
>>> Excerpt from TestNssDbSqlite.jtr:
>>>
>>> ----------messages:(3/98)----------
>>> command: build TestNssDbSqlite
>>> reason: Named class compiled on demand
>>> elapsed time (seconds): 0.0
>>> result: Passed. All files up to date
>>>
>>> #section:main
>>> ----------messages:(5/721)----------
>>> command: main TestNssDbSqlite
>>> reason: User specified action: run main/othervm/timeout=120 
>>> TestNssDbSqlite
>>> Mode: othervm [/othervm specified]
>>> Additional options from @modules: --add-modules
>>> java.base,jdk.crypto.cryptoki --add-exports
>>> java.base/sun.security.rsa=ALL-UNNAMED --add-exports
>>> java.base/sun.security.provider=ALL-UNNAMED --add-exports
>>> java.base/sun.security.jca=ALL-UNNAMED --add-exports
>>> java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports
>>> java.base/sun.security.x509=ALL-UNNAMED --add-exports
>>> java.base/com.sun.crypto.provider=ALL-UNNAMED --add-exports
>>> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED --add-opens
>>> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED
>>> elapsed time (seconds): 0.445
>>> ----------configuration:(11/604)----------
>>> Boot Layer
>>>    add modules: java.base jdk.crypto.cryptoki
>>>    add exports: java.base/com.sun.crypto.provider ALL-UNNAMED
>>>                 java.base/sun.security.jca ALL-UNNAMED
>>>                 java.base/sun.security.provider ALL-UNNAMED
>>>                 java.base/sun.security.rsa ALL-UNNAMED
>>>                 java.base/sun.security.tools.keytool ALL-UNNAMED
>>>                 java.base/sun.security.x509 ALL-UNNAMED
>>>                 jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
>>>    add opens:   jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
>>>
>>> ----------System.out:(1/64)----------
>>> Warning: can't find NSS librarys on this machine, skipping test
>>> ----------System.err:(25/1633)----------
>>> java.security.ProviderException: Could not initialize NSS
>>> at 
>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:218)
>>> at 
>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
>>> at 
>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
>>> at java.base/java.security.AccessController.doPrivileged(Native Method)
>>> at 
>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
>>> at PKCS11Test.getSunPKCS11(PKCS11Test.java:152)
>>> at TestNssDbSqlite.initializeProvider(TestNssDbSqlite.java:121)
>>> at TestNssDbSqlite.initialize(TestNssDbSqlite.java:112)
>>> at TestNssDbSqlite.main(TestNssDbSqlite.java:67)
>>> at 
>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> Method)
>>> at 
>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> at 
>>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>> at 
>>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
>>> at java.base/java.lang.Thread.run(Thread.java:834)
>>> Caused by: java.io.IOException: NSS initialization failed
>>> at 
>>> jdk.crypto.cryptoki/sun.security.pkcs11.Secmod.initialize(Secmod.java:234)
>>> at 
>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:213)
>>> ... 14 more
>>>
>>> Kind Regards, Thomas
>>>
>>>
>>> On Wed, Jul 4, 2018 at 7:36 AM,  <sha.jiang at oracle.com> wrote:
>>>> Hi,
>>>> If NSS libs are unavailable, PKCS11 tests fail when checking NSS 
>>>> version.
>>>> This patch tries to fix this issue.
>>>>
>>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8206258
>>>> Webrev: http://cr.openjdk.java.net/~jjiang/8206258/webrev.00/
>>>>
>>>> Best regards,
>>>> John Jiang
>>>>
>>
>>
>

More information about the security-dev mailing list