RFR[11] JDK-8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found
Valerie Peng
valerie.peng at oracle.com
Wed Jul 25 22:39:29 UTC 2018
Updated webrev looks fine.
Thanks,
Valerie
On 7/23/2018 11:10 PM, sha.jiang at oracle.com wrote:
> Hi Valerie,
> Thanks for your review!
> Please take a look at this new webrev:
> http://cr.openjdk.java.net/~jjiang/8206258/webrev.02
>
> On 2018/7/24 06:18, Valerie Peng wrote:
>> Hi John,
>>
>> Changes look fine.
>>
>> I just have one nit, perhaps add more information reporting when
>> skipping tests, e.g.
>>
>> PKCS11Test: line 163
> Different tests may have different reasons for skipping testing.
> So, it would be better to output the info in PKCS11Test's child classes.
> In fact, the tests overriding the method PKCS11Test::skipTest already
> report the reasons respectively.
>
>> TestNssDbSqlite.java: line 68.
> Add the below line
> 120 System.out.println("Cannot init security module
> database, skipping");
>
> Best regards,
> John Jiang
>>
>> Thanks,
>> Valerie
>>
>> On 7/9/2018 12:38 AM, sha.jiang at oracle.com wrote:
>>> Hi Thomas,
>>> Thanks for your testing.
>>>
>>> I'm not sure that's a reasonable case.
>>> From my view, PKCS11Test.java simply checks if the NSS library
>>> directory exists.
>>> But it looks unnecessary to check every library file.
>>> In fact, if removing libnss3 or libsoftokn3's dependencies, like
>>> libnssutil3, the test also fails.
>>>
>>> However, I still re-checked my previous solution, and made a new
>>> webrev [1].
>>> The constant badNSSVersion in PKCS11Test.java may not be fine.
>>> The static field nss_library in PKCS11Test.java can be softokn3 or
>>> nss3 for different tests.
>>> badNSSVersion should be checked after the target nss library is
>>> determined.
>>> And this checking should happen before the real testing, especially
>>> before security manager is enabled.
>>> So, a new extension method, exactly PKCS11Test::skipTest, was
>>> introduced, and the affected tests were modified accordingly.
>>>
>>> [1] http://cr.openjdk.java.net/~jjiang/8206258/webrev.01/
>>>
>>> Best regards,
>>> John Jiang
>>>
>>> On 2018/7/4 14:15, Thomas Stüfe wrote:
>>>> Hi,
>>>>
>>>> Unfortunately this is not enough.
>>>>
>>>> Running tests with your patch and NSS libs disabled (I renamed
>>>> libsoftokn3.so) yields the following errors:
>>>>
>>>> sun/security/pkcs11/Secmod/AddPrivateKey.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>> sun/security/pkcs11/Secmod/AddTrustedCert.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>> sun/security/pkcs11/Secmod/Crypto.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>> sun/security/pkcs11/Secmod/GetPrivateKey.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>> sun/security/pkcs11/Secmod/JksSetPrivateKey.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>> sun/security/pkcs11/Secmod/LoadKeystore.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>> sun/security/pkcs11/Secmod/TestNssDbSqlite.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>> sun/security/pkcs11/Secmod/TrustAnchors.java
>>>> Failed. Execution
>>>> failed: `main' threw exception: java.security.ProviderException: Could
>>>> not initialize NSS
>>>>
>>>>
>>>> Excerpt from TestNssDbSqlite.jtr:
>>>>
>>>> ----------messages:(3/98)----------
>>>> command: build TestNssDbSqlite
>>>> reason: Named class compiled on demand
>>>> elapsed time (seconds): 0.0
>>>> result: Passed. All files up to date
>>>>
>>>> #section:main
>>>> ----------messages:(5/721)----------
>>>> command: main TestNssDbSqlite
>>>> reason: User specified action: run main/othervm/timeout=120
>>>> TestNssDbSqlite
>>>> Mode: othervm [/othervm specified]
>>>> Additional options from @modules: --add-modules
>>>> java.base,jdk.crypto.cryptoki --add-exports
>>>> java.base/sun.security.rsa=ALL-UNNAMED --add-exports
>>>> java.base/sun.security.provider=ALL-UNNAMED --add-exports
>>>> java.base/sun.security.jca=ALL-UNNAMED --add-exports
>>>> java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports
>>>> java.base/sun.security.x509=ALL-UNNAMED --add-exports
>>>> java.base/com.sun.crypto.provider=ALL-UNNAMED --add-exports
>>>> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED --add-opens
>>>> jdk.crypto.cryptoki/sun.security.pkcs11=ALL-UNNAMED
>>>> elapsed time (seconds): 0.445
>>>> ----------configuration:(11/604)----------
>>>> Boot Layer
>>>> add modules: java.base jdk.crypto.cryptoki
>>>> add exports: java.base/com.sun.crypto.provider ALL-UNNAMED
>>>> java.base/sun.security.jca ALL-UNNAMED
>>>> java.base/sun.security.provider ALL-UNNAMED
>>>> java.base/sun.security.rsa ALL-UNNAMED
>>>> java.base/sun.security.tools.keytool ALL-UNNAMED
>>>> java.base/sun.security.x509 ALL-UNNAMED
>>>> jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
>>>> add opens: jdk.crypto.cryptoki/sun.security.pkcs11 ALL-UNNAMED
>>>>
>>>> ----------System.out:(1/64)----------
>>>> Warning: can't find NSS librarys on this machine, skipping test
>>>> ----------System.err:(25/1633)----------
>>>> java.security.ProviderException: Could not initialize NSS
>>>> at
>>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:218)
>>>> at
>>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
>>>> at
>>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
>>>> at java.base/java.security.AccessController.doPrivileged(Native
>>>> Method)
>>>> at
>>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
>>>> at PKCS11Test.getSunPKCS11(PKCS11Test.java:152)
>>>> at TestNssDbSqlite.initializeProvider(TestNssDbSqlite.java:121)
>>>> at TestNssDbSqlite.initialize(TestNssDbSqlite.java:112)
>>>> at TestNssDbSqlite.main(TestNssDbSqlite.java:67)
>>>> at
>>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>> at
>>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>> at
>>>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>>> at
>>>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
>>>> at java.base/java.lang.Thread.run(Thread.java:834)
>>>> Caused by: java.io.IOException: NSS initialization failed
>>>> at
>>>> jdk.crypto.cryptoki/sun.security.pkcs11.Secmod.initialize(Secmod.java:234)
>>>> at
>>>> jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:213)
>>>> ... 14 more
>>>>
>>>> Kind Regards, Thomas
>>>>
>>>>
>>>> On Wed, Jul 4, 2018 at 7:36 AM, <sha.jiang at oracle.com> wrote:
>>>>> Hi,
>>>>> If NSS libs are unavailable, PKCS11 tests fail when checking NSS
>>>>> version.
>>>>> This patch tries to fix this issue.
>>>>>
>>>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8206258
>>>>> Webrev: http://cr.openjdk.java.net/~jjiang/8206258/webrev.00/
>>>>>
>>>>> Best regards,
>>>>> John Jiang
>>>>>
>>>
>>
>>
>
More information about the security-dev
mailing list