diff --git a/doc/testing.html b/doc/testing.html
index 00bb3c678a5..25147580849 100644
--- a/doc/testing.html
+++ b/doc/testing.html
@@ -586,12 +586,15 @@ PKCS11 tests. Improper NSS version may lead to unexpected failures which
are hard to diagnose. For example,
sun/security/pkcs11/Secmod/AddTrustedCert.java may fail on Ubuntu 18.04
with the default NSS version in the system. To run these tests
-correctly, the system property test.nss.lib.paths is
-required on Ubuntu 18.04 to specify the alternative NSS lib
-directories.
+correctly, the system property
+jdk.test.lib.artifacts.<NAME> is required on Ubuntu
+18.04 to specify the alternative NSS lib directory. The
+<NAME> component should be replaced with the name
+element of the appropriate @Artifact class. (See
+test/jdk/sun/security/pkcs11/PKCS11Test.java)
For example:
$ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \
- JTREG="JAVA_OPTIONS=-Dtest.nss.lib.paths=/path/to/your/latest/NSS-libs"
+ JTREG="JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_aarch64=/path/to/NSS-libs"
For more notes about the PKCS11 tests, please refer to
test/jdk/sun/security/pkcs11/README.
Client UI Tests
diff --git a/doc/testing.md b/doc/testing.md
index c43ebc23c3f..63a869bfc1c 100644
--- a/doc/testing.md
+++ b/doc/testing.md
@@ -604,14 +604,16 @@ It is highly recommended to use the latest NSS version when running PKCS11
tests. Improper NSS version may lead to unexpected failures which are hard to
diagnose. For example, sun/security/pkcs11/Secmod/AddTrustedCert.java may fail
on Ubuntu 18.04 with the default NSS version in the system. To run these tests
-correctly, the system property `test.nss.lib.paths` is required on Ubuntu 18.04
-to specify the alternative NSS lib directories.
+correctly, the system property `jdk.test.lib.artifacts.` is required on
+Ubuntu 18.04 to specify the alternative NSS lib directory. The ``
+component should be replaced with the name element of the appropriate
+`@Artifact` class. (See `test/jdk/sun/security/pkcs11/PKCS11Test.java`)
For example:
```
$ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \
- JTREG="JAVA_OPTIONS=-Dtest.nss.lib.paths=/path/to/your/latest/NSS-libs"
+ JTREG="JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_aarch64=/path/to/NSS-libs"
```
For more notes about the PKCS11 tests, please refer to
diff --git a/test/jdk/ProblemList.txt b/test/jdk/ProblemList.txt
index a510a1e15e9..da3bbccd6d6 100644
--- a/test/jdk/ProblemList.txt
+++ b/test/jdk/ProblemList.txt
@@ -622,12 +622,6 @@ com/sun/security/sasl/gsskerb/NoSecurityLayer.java 8039280 generic-
sun/security/provider/PolicyFile/GrantAllPermToExtWhenNoPolicy.java 8039280 generic-all
sun/security/provider/PolicyParser/PrincipalExpansionError.java 8039280 generic-all
-sun/security/tools/keytool/NssTest.java 8295343 generic-all
-sun/security/pkcs11/Signature/TestRSAKeyLength.java 8295343 generic-all
-sun/security/pkcs11/rsa/TestSignatures.java 8295343 generic-all
-sun/security/pkcs11/rsa/TestKeyPairGenerator.java 8295343 generic-all
-sun/security/pkcs11/rsa/TestKeyFactory.java 8295343 generic-all
-sun/security/pkcs11/KeyStore/Basic.java 8295343 generic-all
sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8316183 linux-ppc64le
sun/security/pkcs11/Provider/MultipleLogins.sh 8319128 linux-aarch64
diff --git a/test/jdk/sun/security/pkcs11/PKCS11Test.java b/test/jdk/sun/security/pkcs11/PKCS11Test.java
index 91dfd6670fa..ccdbd2d8e49 100644
--- a/test/jdk/sun/security/pkcs11/PKCS11Test.java
+++ b/test/jdk/sun/security/pkcs11/PKCS11Test.java
@@ -46,7 +46,6 @@ import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -258,30 +257,19 @@ public abstract class PKCS11Test {
static Path getNSSLibPath(String library) throws Exception {
String osid = getOsId();
- String[] nssLibDirs = getNssLibPaths(osid);
- if (nssLibDirs == null) {
- System.out.println("Warning: unsupported OS: " + osid
+ String nssLibDir = fetchNssLib(osid);
+ if (nssLibDir == null) {
+ throw new SkippedException("Warning: unsupported OS: " + osid
+ ", please initialize NSS library location, skipping test");
- return null;
- }
- if (nssLibDirs.length == 0) {
- System.out.println("Warning: NSS not supported on this platform, skipping test");
- return null;
}
- Path nssLibPath = null;
- for (String dir : nssLibDirs) {
- Path libPath = Paths.get(dir).resolve(System.mapLibraryName(library));
- if (Files.exists(libPath)) {
- nssLibPath = libPath;
- break;
- }
+ String libraryName = System.mapLibraryName(library);
+ Path libPath = Paths.get(nssLibDir).resolve(libraryName);
+ if (!Files.exists(libPath)) {
+ throw new SkippedException("NSS library \"" + libraryName + "\" was not found in " + nssLibDir);
}
- if (nssLibPath == null) {
- System.out.println("Warning: can't find NSS library on this machine, skipping test");
- return null;
- }
- return nssLibPath;
+
+ return libPath;
}
private static String getOsId() {
@@ -605,73 +593,6 @@ public abstract class PKCS11Test {
return parameters.getParameterSpec(ECParameterSpec.class);
}
- // Location of the NSS libraries on each supported platform
- private static Map getOsMap() {
- if (osMap != null) {
- return osMap;
- }
-
- osMap = new HashMap<>();
- osMap.put("Linux-i386-32", new String[]{
- "/usr/lib/i386-linux-gnu/",
- "/usr/lib32/",
- "/usr/lib/"});
- osMap.put("Linux-amd64-64", new String[]{
- "/usr/lib/x86_64-linux-gnu/",
- "/usr/lib/x86_64-linux-gnu/nss/",
- "/usr/lib64/"});
- osMap.put("Linux-ppc64-64", new String[]{"/usr/lib64/"});
- osMap.put("Linux-ppc64le-64", new String[]{
- "/usr/lib/powerpc64le-linux-gnu/",
- "/usr/lib/powerpc64le-linux-gnu/nss/",
- "/usr/lib64/"});
- osMap.put("Linux-s390x-64", new String[]{"/usr/lib64/"});
- osMap.put("Windows-x86-32", new String[]{});
- osMap.put("Windows-amd64-64", new String[]{});
- osMap.put("MacOSX-x86_64-64", new String[]{});
- osMap.put("Linux-arm-32", new String[]{
- "/usr/lib/arm-linux-gnueabi/nss/",
- "/usr/lib/arm-linux-gnueabihf/nss/"});
- osMap.put("Linux-aarch64-64", new String[] {
- "/usr/lib/aarch64-linux-gnu/",
- "/usr/lib/aarch64-linux-gnu/nss/",
- "/usr/lib64/" });
- return osMap;
- }
-
- private static String[] getNssLibPaths(String osId) {
- String[] preferablePaths = getPreferableNssLibPaths(osId);
- if (preferablePaths.length != 0) {
- return preferablePaths;
- } else {
- return getOsMap().get(osId);
- }
- }
-
- private static String[] getPreferableNssLibPaths(String osId) {
- List nssLibPaths = new ArrayList<>();
-
- String customNssLibPaths = System.getProperty("test.nss.lib.paths");
- if (customNssLibPaths == null) {
- // If custom local NSS lib path is not provided,
- // try to download NSS libs from artifactory
- String path = fetchNssLib(osId);
- if (path != null) {
- nssLibPaths.add(path);
- }
- } else {
- String[] paths = customNssLibPaths.split(",");
- for (String path : paths) {
- if (!path.endsWith(File.separator)) {
- nssLibPaths.add(path + File.separator);
- } else {
- nssLibPaths.add(path);
- }
- }
- }
-
- return nssLibPaths.toArray(new String[0]);
- }
public static String toString(byte[] b) {
if (b == null) {
diff --git a/test/jdk/sun/security/pkcs11/README b/test/jdk/sun/security/pkcs11/README
index 31efd034501..9b4c39dd41c 100644
--- a/test/jdk/sun/security/pkcs11/README
+++ b/test/jdk/sun/security/pkcs11/README
@@ -4,14 +4,15 @@ perform as a result of bugs or features in NSS or other pkcs11 libraries.
- How to get NSS libraries?
The libraries come from the following sources.
-1. Specified by system property test.nss.lib.paths
-System property test.nss.lib.paths can specify a set of absolute paths to
-the local NSS library directories. The paths are separated by comma.
+1. Specified by system property jdk.test.lib.artifacts.
+The system property, jdk.test.lib.artifacts., can specify an absolute path
+to the local NSS library directory. The component should be replaced with
+the name element of the appropriate @Artifact class.
+(See `test/jdk/sun/security/pkcs11/PKCS11Test.java`)
2. Pre-built NSS libraries from artifactory server
-If the value of system property test.nss.lib.paths is not set, the tests will try
-to download pre-built NSS libraries from artifactory server. Currently, the
-tests only looks for libraries for Windows and MacOSX platforms on artifactory.
+If the value of system property jdk.test.lib.artifacts. is not set, the
+tests will try to download pre-built NSS libraries from artifactory server.
Please note that JIB jar MUST be present in classpath when downloading the
libraries.
diff --git a/test/jdk/sun/security/tools/keytool/NssTest.java b/test/jdk/sun/security/tools/keytool/NssTest.java
index 968e19df28d..db5d1240153 100644
--- a/test/jdk/sun/security/tools/keytool/NssTest.java
+++ b/test/jdk/sun/security/tools/keytool/NssTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -58,8 +58,9 @@ public class NssTest {
Path dbPath = srcPath.getParent().getParent()
.resolve("pkcs11").resolve("nss").resolve("db");
- Files.copy(dbPath.resolve("cert8.db"), Paths.get("cert8.db"));
- Files.copy(dbPath.resolve("key3.db"), Paths.get("key3.db"));
- Files.copy(dbPath.resolve("secmod.db"), Paths.get("secmod.db"));
+ Path destDir = Path.of( "tmpdb");
+ Files.createDirectory(destDir);
+ Files.copy(dbPath.resolve("cert9.db"), destDir.resolve("cert9.db"));
+ Files.copy(dbPath.resolve("key4.db"), destDir.resolve("key4.db"));
}
}
diff --git a/test/jdk/sun/security/tools/keytool/p11-nss.txt b/test/jdk/sun/security/tools/keytool/p11-nss.txt
index dd200a326c0..9c8ac0a43ab 100644
--- a/test/jdk/sun/security/tools/keytool/p11-nss.txt
+++ b/test/jdk/sun/security/tools/keytool/p11-nss.txt
@@ -6,7 +6,7 @@ slot = 2
library = ${nss.lib}
-nssArgs = "configdir='.' certPrefix='' keyPrefix='' secmod='secmod.db'"
+nssArgs = "configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='secmod.db'"
#forceLogin = true