RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

[Martin Balao]

On Tue, 6 Jun 2023 00:24:21 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4)
>>   
>>   Co-authored-by: Francisco Ferrari <fferrari at redhat.com>
>>   Co-authored-by: Martin Balao <mbalao at redhat.com>
>
> test/jdk/sun/security/pkcs11/KeyStore/ImportKeyToP12.java line 83:
> 
>> 81:             // Make sure that SunPKCS11 implements the Cipher algorithm
>> 82:             Cipher.getInstance(pbeCipherAlg, sunPKCS11);
>> 83:             testWith(sunPKCS11, pbeCipherAlg, pbeMacAlgs[0]);
> 
> Looks like an error handling is missing, i.e. catch and ignore/skip the corresponding testing if the algorithm is not supported by the sunPKCS11 provider under test. Same goes for the Mac loop below also.

I'm not sure of this change because the test is NSS-based —in fact, we initialize the NSS software token with a specific configuration— and the PBE algorithms used in the test should be available. Have you found a platform/NSS version in which this is not true? I'm concerned about making the test (silently) pass when there is something that we should notice, such as the removal of something in a newer version that would affect our testing coverage or the change in one of the native mechanisms for a given algorithm.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1218841067