RFR: 8163498: Many long-running security libs tests
Fernando Guallini
fguallini at openjdk.java.net
Wed Feb 3 18:26:41 UTC 2021
On Wed, 3 Feb 2021 15:06:37 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> The following tests have been split based on lower/higher key sizes in order to reduce individual execution time and run in parallel with jtreg
>> sun/security/provider/DSA/SupportedDSAParamGen.java
>> sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java
>> com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java
>>
>> sun/security/rsa/SignatureTest.java is now using a fake generator since its objective is to test signature not key generation itself. In addition, it was generating and verifying the same key twice, with same modulus and exponent. That redundancy is removed. This speeds up the execution from ~54s to ~25s on average
>
> test/jdk/sun/security/rsa/SignatureTest.java line 137:
>
>> 135: return new Key[]{
>> 136: kf.generatePublic(kf.getKeySpec(key, RSAPublicKeySpec.class)),
>> 137: kf.generatePublic(new X509EncodedKeySpec(key.getEncoded()))
>
> Here, the test ensures keys created from a `RSAPublicKeySpec` are the same no matter if the `RSAPublicKeySpec` is retrieved from `KeyFactory::getKeySpec` or manually created. If you can prove the two `RSAPublicKeySpec` objects are effectively the same (or it has already been proven in other tests) then there's no need to generate the key again.
>
> On the other hand, we can actually add more keys into the array. The 1st is `key` itself, and the 2nd is one generated from `kf.getKeySpec(key, X509EncodedKeySpec.class)`.
That is right, PSSKeyCompatibility already explicitly proves they both are equal and there are other tests that generates both manually and using KeyFactory. In addition, this test focuses on signature verification rather than key creation.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2381
More information about the security-dev
mailing list