RFR[11] JDK-8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found

Valerie Peng valerie.peng at oracle.com
Mon Jul 23 22:18:58 UTC 2018


Hi John,

Changes look fine.

I just have one nit, perhaps add more information reporting when 
skipping tests, e.g.

PKCS11Test: line 163, TestNssDbSqlite.java: line 68.

Thanks,
Valerie

On 7/9/2018 12:38 AM, sha.jiang at oracle.com wrote:
> Hi Thomas,
> Thanks for your testing.
>
> I'm not sure that's a reasonable case.
> From my view, PKCS11Test.java simply checks if the NSS library 
> directory exists.
> But it looks unnecessary to check every library file.
> In fact, if removing libnss3 or libsoftokn3's dependencies, like 
> libnssutil3, the test also fails.
>
> However, I still re-checked my previous solution, and made a new 
> webrev [1].
> The constant badNSSVersion in PKCS11Test.java may not be fine.
> The static field nss_library in PKCS11Test.java can be softokn3 or 
> nss3 for different tests.
> badNSSVersion should be checked after the target nss library is 
> determined.
> And this checking should happen before the real testing, especially 
> before security manager is enabled.
> So, a new extension method, exactly PKCS11Test::skipTest, was 
> introduced, and the affected tests were modified accordingly.
>
> [1] http://cr.openjdk.java.net/~jjiang/8206258/webrev.01/
>
> Best regards,
> John Jiang
>
> On 2018/7/4 14:15, Thomas Stüfe wrote:
>> Hi,
>>
>> Unfortunately this is not enough.
>>
>> Running tests with your patch and NSS libs disabled (I renamed
>> libsoftokn3.so) yields the following errors:
>>
>> sun/security/pkcs11/Secmod/AddPrivateKey.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>> sun/security/pkcs11/Secmod/AddTrustedCert.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>> sun/security/pkcs11/Secmod/Crypto.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>> sun/security/pkcs11/Secmod/GetPrivateKey.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>> sun/security/pkcs11/Secmod/JksSetPrivateKey.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>> sun/security/pkcs11/Secmod/LoadKeystore.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>> sun/security/pkcs11/Secmod/TestNssDbSqlite.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>> sun/security/pkcs11/Secmod/TrustAnchors.java
>>                                                   Failed. Execution
>> failed: `main' threw exception: java.security.ProviderException: Could
>> not initialize NSS
>>
>>
>> Excerpt from TestNssDbSqlite.jtr:
>>
>> ----------messages:(3/98)----------
>> command: build TestNssDbSqlite
>> reason: Named class compiled on demand
>> elapsed time (seconds): 0.0
>> result: Passed. All files up to date
>>
>> #section:main
>> ----------messages:(5/721)----------
>> command: main TestNssDbSqlite
>> reason: User specified action: run main/othervm/timeout=120 
>> TestNssDbSqlite
>> Mode: othervm [/othervm specified]
>> Additional options from @modules: --add-modules
>> java.base,jdk.crypto.cryptoki --add-exports
>> java.base/sun.security.rsa=ALL-UNNAMED --add-exports
>> java.base/sun.security.provider=ALL-UNNAMED --add-exports
>> java.base/sun.security.jca=ALL-UNNAMED --add-exports
>> java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports
>> java.base/sun.security.x509=ALL-UNNAMED --add-exports
>> java.base/com.sun.crypto.provider=ALL-UNNAMED --add-exports
>> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED --add-opens
>> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED
>> elapsed time (seconds): 0.445
>> ----------configuration:(11/604)----------
>> Boot Layer
>>    add modules: java.base jdk.crypto.cryptoki
>>    add exports: java.base/com.sun.crypto.provider ALL-UNNAMED
>>                 java.base/sun.security.jca ALL-UNNAMED
>>                 java.base/sun.security.provider ALL-UNNAMED
>>                 java.base/sun.security.rsa ALL-UNNAMED
>>                 java.base/sun.security.tools.keytool ALL-UNNAMED
>>                 java.base/sun.security.x509 ALL-UNNAMED
>>                 jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
>>    add opens:   jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
>>
>> ----------System.out:(1/64)----------
>> Warning: can't find NSS librarys on this machine, skipping test
>> ----------System.err:(25/1633)----------
>> java.security.ProviderException: Could not initialize NSS
>> at 
>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:218)
>> at 
>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
>> at 
>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
>> at java.base/java.security.AccessController.doPrivileged(Native Method)
>> at 
>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
>> at PKCS11Test.getSunPKCS11(PKCS11Test.java:152)
>> at TestNssDbSqlite.initializeProvider(TestNssDbSqlite.java:121)
>> at TestNssDbSqlite.initialize(TestNssDbSqlite.java:112)
>> at TestNssDbSqlite.main(TestNssDbSqlite.java:67)
>> at 
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> at 
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at 
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at 
>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
>> at java.base/java.lang.Thread.run(Thread.java:834)
>> Caused by: java.io.IOException: NSS initialization failed
>> at 
>> jdk.crypto.cryptoki/sun.security.pkcs11.Secmod.initialize(Secmod.java:234)
>> at 
>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:213)
>> ... 14 more
>>
>> Kind Regards, Thomas
>>
>>
>> On Wed, Jul 4, 2018 at 7:36 AM,  <sha.jiang at oracle.com> wrote:
>>> Hi,
>>> If NSS libs are unavailable, PKCS11 tests fail when checking NSS 
>>> version.
>>> This patch tries to fix this issue.
>>>
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8206258
>>> Webrev: http://cr.openjdk.java.net/~jjiang/8206258/webrev.00/
>>>
>>> Best regards,
>>> John Jiang
>>>
>



More information about the security-dev mailing list