RFR: 8361711: Add library name configurability to PKCS11Test.java [v3]

Thomas Fitzsimmons duke at openjdk.org
Wed Sep 3 14:55:47 UTC 2025


On Wed, 20 Aug 2025 02:13:17 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> test/jdk/sun/security/pkcs11/PKCS11Test.java line 490:
>> 
>>> 488:             configFilePath = configFilePath.replaceFirst(
>>> 489:                     "(\\.[^\\.]*)?$", "-" + customConfigVariant + "$1");
>>> 490:         }
>> 
>> Hmm, I find it somewhat obscure that the config variant property changes the value of the config file name. With this new config variant property, it assumes that the confg file name has a "." which is probably true most if not all times. We should document all these properties so it's clear their precedence as well as the assumptions/implications.
>> All these security can be set independently, right? It's a bit strange that you set the CUSTOM_P11_CONFIG NAME and then setting the config variant property would actually changes the config file to a different name.
>
> Perhaps check the existence of the file and error out with the config file and its path if the check fails, this way, it's crystal clear.

@valeriepeng I simplified the approach; let me know what you think.  I confirmed I can still configure Kryoptic as needed, though I have to name the `Kryoptic` configuration files `nss/p11-nss.txt` and `nss/p11-nss-sensitive.txt`, which is a little strange.  However this has the advantage of eliminating the need to change any test case arguments.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26325#discussion_r2319246269


More information about the security-dev mailing list