8295343: sun/security/pkcs11 tests fail on Linux RHEL 8.6 and newer

Reviewed-by: erikj, ihse, valeriep
This commit is contained in:
Matthew Donovan 2023-11-22 13:00:56 +00:00
parent 5e818318ea
commit 6ce0ebb858
7 changed files with 34 additions and 112 deletions

View File

@ -586,12 +586,15 @@ PKCS11 tests. Improper NSS version may lead to unexpected failures which
are hard to diagnose. For example, are hard to diagnose. For example,
sun/security/pkcs11/Secmod/AddTrustedCert.java may fail on Ubuntu 18.04 sun/security/pkcs11/Secmod/AddTrustedCert.java may fail on Ubuntu 18.04
with the default NSS version in the system. To run these tests with the default NSS version in the system. To run these tests
correctly, the system property <code>test.nss.lib.paths</code> is correctly, the system property
required on Ubuntu 18.04 to specify the alternative NSS lib <code>jdk.test.lib.artifacts.&lt;NAME&gt;</code> is required on Ubuntu
directories.</p> 18.04 to specify the alternative NSS lib directory. The
<code>&lt;NAME&gt;</code> component should be replaced with the name
element of the appropriate <code>@Artifact</code> class. (See
<code>test/jdk/sun/security/pkcs11/PKCS11Test.java</code>)</p>
<p>For example:</p> <p>For example:</p>
<pre><code>$ make test TEST=&quot;jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java&quot; \ <pre><code>$ make test TEST=&quot;jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java&quot; \
JTREG=&quot;JAVA_OPTIONS=-Dtest.nss.lib.paths=/path/to/your/latest/NSS-libs&quot;</code></pre> JTREG=&quot;JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_aarch64=/path/to/NSS-libs&quot;</code></pre>
<p>For more notes about the PKCS11 tests, please refer to <p>For more notes about the PKCS11 tests, please refer to
test/jdk/sun/security/pkcs11/README.</p> test/jdk/sun/security/pkcs11/README.</p>
<h3 id="client-ui-tests">Client UI Tests</h3> <h3 id="client-ui-tests">Client UI Tests</h3>

View File

@ -604,14 +604,16 @@ It is highly recommended to use the latest NSS version when running PKCS11
tests. Improper NSS version may lead to unexpected failures which are hard to tests. Improper NSS version may lead to unexpected failures which are hard to
diagnose. For example, sun/security/pkcs11/Secmod/AddTrustedCert.java may fail diagnose. For example, sun/security/pkcs11/Secmod/AddTrustedCert.java may fail
on Ubuntu 18.04 with the default NSS version in the system. To run these tests on Ubuntu 18.04 with the default NSS version in the system. To run these tests
correctly, the system property `test.nss.lib.paths` is required on Ubuntu 18.04 correctly, the system property `jdk.test.lib.artifacts.<NAME>` is required on
to specify the alternative NSS lib directories. Ubuntu 18.04 to specify the alternative NSS lib directory. The `<NAME>`
component should be replaced with the name element of the appropriate
`@Artifact` class. (See `test/jdk/sun/security/pkcs11/PKCS11Test.java`)
For example: For example:
``` ```
$ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \ $ make test TEST="jtreg:sun/security/pkcs11/Secmod/AddTrustedCert.java" \
JTREG="JAVA_OPTIONS=-Dtest.nss.lib.paths=/path/to/your/latest/NSS-libs" JTREG="JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_aarch64=/path/to/NSS-libs"
``` ```
For more notes about the PKCS11 tests, please refer to For more notes about the PKCS11 tests, please refer to

View File

@ -622,12 +622,6 @@ com/sun/security/sasl/gsskerb/NoSecurityLayer.java 8039280 generic-
sun/security/provider/PolicyFile/GrantAllPermToExtWhenNoPolicy.java 8039280 generic-all sun/security/provider/PolicyFile/GrantAllPermToExtWhenNoPolicy.java 8039280 generic-all
sun/security/provider/PolicyParser/PrincipalExpansionError.java 8039280 generic-all sun/security/provider/PolicyParser/PrincipalExpansionError.java 8039280 generic-all
sun/security/tools/keytool/NssTest.java 8295343 generic-all
sun/security/pkcs11/Signature/TestRSAKeyLength.java 8295343 generic-all
sun/security/pkcs11/rsa/TestSignatures.java 8295343 generic-all
sun/security/pkcs11/rsa/TestKeyPairGenerator.java 8295343 generic-all
sun/security/pkcs11/rsa/TestKeyFactory.java 8295343 generic-all
sun/security/pkcs11/KeyStore/Basic.java 8295343 generic-all
sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8316183 linux-ppc64le sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8316183 linux-ppc64le
sun/security/pkcs11/Provider/MultipleLogins.sh 8319128 linux-aarch64 sun/security/pkcs11/Provider/MultipleLogins.sh 8319128 linux-aarch64

View File

@ -46,7 +46,6 @@ import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec; import java.security.spec.ECParameterSpec;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -258,30 +257,19 @@ public abstract class PKCS11Test {
static Path getNSSLibPath(String library) throws Exception { static Path getNSSLibPath(String library) throws Exception {
String osid = getOsId(); String osid = getOsId();
String[] nssLibDirs = getNssLibPaths(osid); String nssLibDir = fetchNssLib(osid);
if (nssLibDirs == null) { if (nssLibDir == null) {
System.out.println("Warning: unsupported OS: " + osid throw new SkippedException("Warning: unsupported OS: " + osid
+ ", please initialize NSS library location, skipping test"); + ", please initialize NSS library location, skipping test");
return null;
}
if (nssLibDirs.length == 0) {
System.out.println("Warning: NSS not supported on this platform, skipping test");
return null;
} }
Path nssLibPath = null; String libraryName = System.mapLibraryName(library);
for (String dir : nssLibDirs) { Path libPath = Paths.get(nssLibDir).resolve(libraryName);
Path libPath = Paths.get(dir).resolve(System.mapLibraryName(library)); if (!Files.exists(libPath)) {
if (Files.exists(libPath)) { throw new SkippedException("NSS library \"" + libraryName + "\" was not found in " + nssLibDir);
nssLibPath = libPath;
break;
} }
}
if (nssLibPath == null) { return libPath;
System.out.println("Warning: can't find NSS library on this machine, skipping test");
return null;
}
return nssLibPath;
} }
private static String getOsId() { private static String getOsId() {
@ -605,73 +593,6 @@ public abstract class PKCS11Test {
return parameters.getParameterSpec(ECParameterSpec.class); return parameters.getParameterSpec(ECParameterSpec.class);
} }
// Location of the NSS libraries on each supported platform
private static Map<String, String[]> getOsMap() {
if (osMap != null) {
return osMap;
}
osMap = new HashMap<>();
osMap.put("Linux-i386-32", new String[]{
"/usr/lib/i386-linux-gnu/",
"/usr/lib32/",
"/usr/lib/"});
osMap.put("Linux-amd64-64", new String[]{
"/usr/lib/x86_64-linux-gnu/",
"/usr/lib/x86_64-linux-gnu/nss/",
"/usr/lib64/"});
osMap.put("Linux-ppc64-64", new String[]{"/usr/lib64/"});
osMap.put("Linux-ppc64le-64", new String[]{
"/usr/lib/powerpc64le-linux-gnu/",
"/usr/lib/powerpc64le-linux-gnu/nss/",
"/usr/lib64/"});
osMap.put("Linux-s390x-64", new String[]{"/usr/lib64/"});
osMap.put("Windows-x86-32", new String[]{});
osMap.put("Windows-amd64-64", new String[]{});
osMap.put("MacOSX-x86_64-64", new String[]{});
osMap.put("Linux-arm-32", new String[]{
"/usr/lib/arm-linux-gnueabi/nss/",
"/usr/lib/arm-linux-gnueabihf/nss/"});
osMap.put("Linux-aarch64-64", new String[] {
"/usr/lib/aarch64-linux-gnu/",
"/usr/lib/aarch64-linux-gnu/nss/",
"/usr/lib64/" });
return osMap;
}
private static String[] getNssLibPaths(String osId) {
String[] preferablePaths = getPreferableNssLibPaths(osId);
if (preferablePaths.length != 0) {
return preferablePaths;
} else {
return getOsMap().get(osId);
}
}
private static String[] getPreferableNssLibPaths(String osId) {
List<String> nssLibPaths = new ArrayList<>();
String customNssLibPaths = System.getProperty("test.nss.lib.paths");
if (customNssLibPaths == null) {
// If custom local NSS lib path is not provided,
// try to download NSS libs from artifactory
String path = fetchNssLib(osId);
if (path != null) {
nssLibPaths.add(path);
}
} else {
String[] paths = customNssLibPaths.split(",");
for (String path : paths) {
if (!path.endsWith(File.separator)) {
nssLibPaths.add(path + File.separator);
} else {
nssLibPaths.add(path);
}
}
}
return nssLibPaths.toArray(new String[0]);
}
public static String toString(byte[] b) { public static String toString(byte[] b) {
if (b == null) { if (b == null) {

View File

@ -4,14 +4,15 @@ perform as a result of bugs or features in NSS or other pkcs11 libraries.
- How to get NSS libraries? - How to get NSS libraries?
The libraries come from the following sources. The libraries come from the following sources.
1. Specified by system property test.nss.lib.paths 1. Specified by system property jdk.test.lib.artifacts.<NAME>
System property test.nss.lib.paths can specify a set of absolute paths to The system property, jdk.test.lib.artifacts.<NAME>, can specify an absolute path
the local NSS library directories. The paths are separated by comma. to the local NSS library directory. The <NAME> component should be replaced with
the name element of the appropriate @Artifact class.
(See `test/jdk/sun/security/pkcs11/PKCS11Test.java`)
2. Pre-built NSS libraries from artifactory server 2. Pre-built NSS libraries from artifactory server
If the value of system property test.nss.lib.paths is not set, the tests will try If the value of system property jdk.test.lib.artifacts.<NAME> is not set, the
to download pre-built NSS libraries from artifactory server. Currently, the tests will try to download pre-built NSS libraries from artifactory server.
tests only looks for libraries for Windows and MacOSX platforms on artifactory.
Please note that JIB jar MUST be present in classpath when downloading the Please note that JIB jar MUST be present in classpath when downloading the
libraries. libraries.

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -58,8 +58,9 @@ public class NssTest {
Path dbPath = srcPath.getParent().getParent() Path dbPath = srcPath.getParent().getParent()
.resolve("pkcs11").resolve("nss").resolve("db"); .resolve("pkcs11").resolve("nss").resolve("db");
Files.copy(dbPath.resolve("cert8.db"), Paths.get("cert8.db")); Path destDir = Path.of( "tmpdb");
Files.copy(dbPath.resolve("key3.db"), Paths.get("key3.db")); Files.createDirectory(destDir);
Files.copy(dbPath.resolve("secmod.db"), Paths.get("secmod.db")); Files.copy(dbPath.resolve("cert9.db"), destDir.resolve("cert9.db"));
Files.copy(dbPath.resolve("key4.db"), destDir.resolve("key4.db"));
} }
} }

View File

@ -6,7 +6,7 @@ slot = 2
library = ${nss.lib} library = ${nss.lib}
nssArgs = "configdir='.' certPrefix='' keyPrefix='' secmod='secmod.db'" nssArgs = "configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='secmod.db'"
#forceLogin = true #forceLogin = true