8295343: sun/security/pkcs11 tests fail on Linux RHEL 8.6 and newer
Reviewed-by: erikj, ihse, valeriep
This commit is contained in:
parent
5e818318ea
commit
6ce0ebb858
@ -586,12 +586,15 @@ PKCS11 tests. Improper NSS version may lead to unexpected failures which
|
|||||||
are hard to diagnose. For example,
|
are hard to diagnose. For example,
|
||||||
sun/security/pkcs11/Secmod/AddTrustedCert.java may fail on Ubuntu 18.04
|
sun/security/pkcs11/Secmod/AddTrustedCert.java may fail on Ubuntu 18.04
|
||||||
with the default NSS version in the system. To run these tests
|
with the default NSS version in the system. To run these tests
|
||||||
correctly, the system property <code>test.nss.lib.paths</code> is
|
correctly, the system property
|
||||||
required on Ubuntu 18.04 to specify the alternative NSS lib
|
<code>jdk.test.lib.artifacts.<NAME></code> is required on Ubuntu
|
||||||
directories.</p>
|
18.04 to specify the alternative NSS lib directory. The
|
||||||
|
<code><NAME></code> component should be replaced with the name
|
||||||
|
element of the appropriate <code>@Artifact</code> class. (See
|
||||||
|
<code>test/jdk/sun/security/pkcs11/PKCS11Test.java</code>)</p>
|
||||||
<p>For example:</p>
|
<p>For example:</p>
|
||||||
<pre><code>$ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \
|
<pre><code>$ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \
|
||||||
JTREG="JAVA_OPTIONS=-Dtest.nss.lib.paths=/path/to/your/latest/NSS-libs"</code></pre>
|
JTREG="JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_aarch64=/path/to/NSS-libs"</code></pre>
|
||||||
<p>For more notes about the PKCS11 tests, please refer to
|
<p>For more notes about the PKCS11 tests, please refer to
|
||||||
test/jdk/sun/security/pkcs11/README.</p>
|
test/jdk/sun/security/pkcs11/README.</p>
|
||||||
<h3 id="client-ui-tests">Client UI Tests</h3>
|
<h3 id="client-ui-tests">Client UI Tests</h3>
|
||||||
|
@ -604,14 +604,16 @@ It is highly recommended to use the latest NSS version when running PKCS11
|
|||||||
tests. Improper NSS version may lead to unexpected failures which are hard to
|
tests. Improper NSS version may lead to unexpected failures which are hard to
|
||||||
diagnose. For example, sun/security/pkcs11/Secmod/AddTrustedCert.java may fail
|
diagnose. For example, sun/security/pkcs11/Secmod/AddTrustedCert.java may fail
|
||||||
on Ubuntu 18.04 with the default NSS version in the system. To run these tests
|
on Ubuntu 18.04 with the default NSS version in the system. To run these tests
|
||||||
correctly, the system property `test.nss.lib.paths` is required on Ubuntu 18.04
|
correctly, the system property `jdk.test.lib.artifacts.<NAME>` is required on
|
||||||
to specify the alternative NSS lib directories.
|
Ubuntu 18.04 to specify the alternative NSS lib directory. The `<NAME>`
|
||||||
|
component should be replaced with the name element of the appropriate
|
||||||
|
`@Artifact` class. (See `test/jdk/sun/security/pkcs11/PKCS11Test.java`)
|
||||||
|
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \
|
$ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \
|
||||||
JTREG="JAVA_OPTIONS=-Dtest.nss.lib.paths=/path/to/your/latest/NSS-libs"
|
JTREG="JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_aarch64=/path/to/NSS-libs"
|
||||||
```
|
```
|
||||||
|
|
||||||
For more notes about the PKCS11 tests, please refer to
|
For more notes about the PKCS11 tests, please refer to
|
||||||
|
@ -622,12 +622,6 @@ com/sun/security/sasl/gsskerb/NoSecurityLayer.java 8039280 generic-
|
|||||||
sun/security/provider/PolicyFile/GrantAllPermToExtWhenNoPolicy.java 8039280 generic-all
|
sun/security/provider/PolicyFile/GrantAllPermToExtWhenNoPolicy.java 8039280 generic-all
|
||||||
sun/security/provider/PolicyParser/PrincipalExpansionError.java 8039280 generic-all
|
sun/security/provider/PolicyParser/PrincipalExpansionError.java 8039280 generic-all
|
||||||
|
|
||||||
sun/security/tools/keytool/NssTest.java 8295343 generic-all
|
|
||||||
sun/security/pkcs11/Signature/TestRSAKeyLength.java 8295343 generic-all
|
|
||||||
sun/security/pkcs11/rsa/TestSignatures.java 8295343 generic-all
|
|
||||||
sun/security/pkcs11/rsa/TestKeyPairGenerator.java 8295343 generic-all
|
|
||||||
sun/security/pkcs11/rsa/TestKeyFactory.java 8295343 generic-all
|
|
||||||
sun/security/pkcs11/KeyStore/Basic.java 8295343 generic-all
|
|
||||||
sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8316183 linux-ppc64le
|
sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8316183 linux-ppc64le
|
||||||
sun/security/pkcs11/Provider/MultipleLogins.sh 8319128 linux-aarch64
|
sun/security/pkcs11/Provider/MultipleLogins.sh 8319128 linux-aarch64
|
||||||
|
|
||||||
|
@ -46,7 +46,6 @@ import java.security.spec.ECGenParameterSpec;
|
|||||||
import java.security.spec.ECParameterSpec;
|
import java.security.spec.ECParameterSpec;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@ -258,30 +257,19 @@ public abstract class PKCS11Test {
|
|||||||
|
|
||||||
static Path getNSSLibPath(String library) throws Exception {
|
static Path getNSSLibPath(String library) throws Exception {
|
||||||
String osid = getOsId();
|
String osid = getOsId();
|
||||||
String[] nssLibDirs = getNssLibPaths(osid);
|
String nssLibDir = fetchNssLib(osid);
|
||||||
if (nssLibDirs == null) {
|
if (nssLibDir == null) {
|
||||||
System.out.println("Warning: unsupported OS: " + osid
|
throw new SkippedException("Warning: unsupported OS: " + osid
|
||||||
+ ", please initialize NSS library location, skipping test");
|
+ ", please initialize NSS library location, skipping test");
|
||||||
return null;
|
|
||||||
}
|
|
||||||
if (nssLibDirs.length == 0) {
|
|
||||||
System.out.println("Warning: NSS not supported on this platform, skipping test");
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Path nssLibPath = null;
|
String libraryName = System.mapLibraryName(library);
|
||||||
for (String dir : nssLibDirs) {
|
Path libPath = Paths.get(nssLibDir).resolve(libraryName);
|
||||||
Path libPath = Paths.get(dir).resolve(System.mapLibraryName(library));
|
if (!Files.exists(libPath)) {
|
||||||
if (Files.exists(libPath)) {
|
throw new SkippedException("NSS library \"" + libraryName + "\" was not found in " + nssLibDir);
|
||||||
nssLibPath = libPath;
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if (nssLibPath == null) {
|
return libPath;
|
||||||
System.out.println("Warning: can't find NSS library on this machine, skipping test");
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return nssLibPath;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String getOsId() {
|
private static String getOsId() {
|
||||||
@ -605,73 +593,6 @@ public abstract class PKCS11Test {
|
|||||||
return parameters.getParameterSpec(ECParameterSpec.class);
|
return parameters.getParameterSpec(ECParameterSpec.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Location of the NSS libraries on each supported platform
|
|
||||||
private static Map<String, String[]> getOsMap() {
|
|
||||||
if (osMap != null) {
|
|
||||||
return osMap;
|
|
||||||
}
|
|
||||||
|
|
||||||
osMap = new HashMap<>();
|
|
||||||
osMap.put("Linux-i386-32", new String[]{
|
|
||||||
"/usr/lib/i386-linux-gnu/",
|
|
||||||
"/usr/lib32/",
|
|
||||||
"/usr/lib/"});
|
|
||||||
osMap.put("Linux-amd64-64", new String[]{
|
|
||||||
"/usr/lib/x86_64-linux-gnu/",
|
|
||||||
"/usr/lib/x86_64-linux-gnu/nss/",
|
|
||||||
"/usr/lib64/"});
|
|
||||||
osMap.put("Linux-ppc64-64", new String[]{"/usr/lib64/"});
|
|
||||||
osMap.put("Linux-ppc64le-64", new String[]{
|
|
||||||
"/usr/lib/powerpc64le-linux-gnu/",
|
|
||||||
"/usr/lib/powerpc64le-linux-gnu/nss/",
|
|
||||||
"/usr/lib64/"});
|
|
||||||
osMap.put("Linux-s390x-64", new String[]{"/usr/lib64/"});
|
|
||||||
osMap.put("Windows-x86-32", new String[]{});
|
|
||||||
osMap.put("Windows-amd64-64", new String[]{});
|
|
||||||
osMap.put("MacOSX-x86_64-64", new String[]{});
|
|
||||||
osMap.put("Linux-arm-32", new String[]{
|
|
||||||
"/usr/lib/arm-linux-gnueabi/nss/",
|
|
||||||
"/usr/lib/arm-linux-gnueabihf/nss/"});
|
|
||||||
osMap.put("Linux-aarch64-64", new String[] {
|
|
||||||
"/usr/lib/aarch64-linux-gnu/",
|
|
||||||
"/usr/lib/aarch64-linux-gnu/nss/",
|
|
||||||
"/usr/lib64/" });
|
|
||||||
return osMap;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static String[] getNssLibPaths(String osId) {
|
|
||||||
String[] preferablePaths = getPreferableNssLibPaths(osId);
|
|
||||||
if (preferablePaths.length != 0) {
|
|
||||||
return preferablePaths;
|
|
||||||
} else {
|
|
||||||
return getOsMap().get(osId);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static String[] getPreferableNssLibPaths(String osId) {
|
|
||||||
List<String> nssLibPaths = new ArrayList<>();
|
|
||||||
|
|
||||||
String customNssLibPaths = System.getProperty("test.nss.lib.paths");
|
|
||||||
if (customNssLibPaths == null) {
|
|
||||||
// If custom local NSS lib path is not provided,
|
|
||||||
// try to download NSS libs from artifactory
|
|
||||||
String path = fetchNssLib(osId);
|
|
||||||
if (path != null) {
|
|
||||||
nssLibPaths.add(path);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
String[] paths = customNssLibPaths.split(",");
|
|
||||||
for (String path : paths) {
|
|
||||||
if (!path.endsWith(File.separator)) {
|
|
||||||
nssLibPaths.add(path + File.separator);
|
|
||||||
} else {
|
|
||||||
nssLibPaths.add(path);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return nssLibPaths.toArray(new String[0]);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static String toString(byte[] b) {
|
public static String toString(byte[] b) {
|
||||||
if (b == null) {
|
if (b == null) {
|
||||||
|
@ -4,14 +4,15 @@ perform as a result of bugs or features in NSS or other pkcs11 libraries.
|
|||||||
- How to get NSS libraries?
|
- How to get NSS libraries?
|
||||||
The libraries come from the following sources.
|
The libraries come from the following sources.
|
||||||
|
|
||||||
1. Specified by system property test.nss.lib.paths
|
1. Specified by system property jdk.test.lib.artifacts.<NAME>
|
||||||
System property test.nss.lib.paths can specify a set of absolute paths to
|
The system property, jdk.test.lib.artifacts.<NAME>, can specify an absolute path
|
||||||
the local NSS library directories. The paths are separated by comma.
|
to the local NSS library directory. The <NAME> component should be replaced with
|
||||||
|
the name element of the appropriate @Artifact class.
|
||||||
|
(See `test/jdk/sun/security/pkcs11/PKCS11Test.java`)
|
||||||
|
|
||||||
2. Pre-built NSS libraries from artifactory server
|
2. Pre-built NSS libraries from artifactory server
|
||||||
If the value of system property test.nss.lib.paths is not set, the tests will try
|
If the value of system property jdk.test.lib.artifacts.<NAME> is not set, the
|
||||||
to download pre-built NSS libraries from artifactory server. Currently, the
|
tests will try to download pre-built NSS libraries from artifactory server.
|
||||||
tests only looks for libraries for Windows and MacOSX platforms on artifactory.
|
|
||||||
Please note that JIB jar MUST be present in classpath when downloading the
|
Please note that JIB jar MUST be present in classpath when downloading the
|
||||||
libraries.
|
libraries.
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -58,8 +58,9 @@ public class NssTest {
|
|||||||
|
|
||||||
Path dbPath = srcPath.getParent().getParent()
|
Path dbPath = srcPath.getParent().getParent()
|
||||||
.resolve("pkcs11").resolve("nss").resolve("db");
|
.resolve("pkcs11").resolve("nss").resolve("db");
|
||||||
Files.copy(dbPath.resolve("cert8.db"), Paths.get("cert8.db"));
|
Path destDir = Path.of( "tmpdb");
|
||||||
Files.copy(dbPath.resolve("key3.db"), Paths.get("key3.db"));
|
Files.createDirectory(destDir);
|
||||||
Files.copy(dbPath.resolve("secmod.db"), Paths.get("secmod.db"));
|
Files.copy(dbPath.resolve("cert9.db"), destDir.resolve("cert9.db"));
|
||||||
|
Files.copy(dbPath.resolve("key4.db"), destDir.resolve("key4.db"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -6,7 +6,7 @@ slot = 2
|
|||||||
|
|
||||||
library = ${nss.lib}
|
library = ${nss.lib}
|
||||||
|
|
||||||
nssArgs = "configdir='.' certPrefix='' keyPrefix='' secmod='secmod.db'"
|
nssArgs = "configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='secmod.db'"
|
||||||
|
|
||||||
#forceLogin = true
|
#forceLogin = true
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user