RFR: 8163498: Many long-running security libs tests
Weijun Wang
weijun at openjdk.java.net
Wed Feb 3 19:52:42 UTC 2021
On Wed, 3 Feb 2021 18:24:05 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:
>> test/jdk/sun/security/rsa/SignatureTest.java line 137:
>>
>>> 135: return new Key[]{
>>> 136: kf.generatePublic(kf.getKeySpec(key, RSAPublicKeySpec.class)),
>>> 137: kf.generatePublic(new X509EncodedKeySpec(key.getEncoded()))
>>
>> Here, the test ensures keys created from a `RSAPublicKeySpec` are the same no matter if the `RSAPublicKeySpec` is retrieved from `KeyFactory::getKeySpec` or manually created. If you can prove the two `RSAPublicKeySpec` objects are effectively the same (or it has already been proven in other tests) then there's no need to generate the key again.
>>
>> On the other hand, we can actually add more keys into the array. The 1st is `key` itself, and the 2nd is one generated from `kf.getKeySpec(key, X509EncodedKeySpec.class)`.
>
> That is right, PSSKeyCompatibility already explicitly proves they both are equal and there are other tests that generates both manually and using KeyFactory. In addition, this test focuses on signature verification rather than key creation.
Not only does a key have encoded form and an algorithm, it might contain other internal info that could affect its usage (here, it's signing and verifying). That's why there are multiple keys there.
A Spec type is different, it only has public data and is easy to prove equality.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2381
More information about the security-dev
mailing list