# HG changeset patch # User jjiang # Date 1569024360 -28800 # Node ID e6231dbaa862847fb0fd05e548354b7f9300526d # Parent 3aef3bccfae388e33cbf6f01a373e662a7887dc7 8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID Reviewed-by: xuelei diff -r 3aef3bccfae3 -r e6231dbaa862 test/jdk/ProblemList.txt --- a/test/jdk/ProblemList.txt Fri Sep 20 22:11:45 2019 +0000 +++ b/test/jdk/ProblemList.txt Sat Sep 21 08:06:00 2019 +0800 @@ -652,8 +652,6 @@ # jdk_security sun/security/pkcs11/ec/TestKeyFactory.java 8026976 generic-all -sun/security/pkcs11/Secmod/AddTrustedCert.java 8180837 generic-all -sun/security/pkcs11/tls/TestKeyMaterial.java 8180837 generic-all sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8161536 generic-all sun/security/tools/keytool/ListKeychainStore.sh 8156889 macosx-all diff -r 3aef3bccfae3 -r e6231dbaa862 test/jdk/sun/security/pkcs11/PKCS11Test.java --- a/test/jdk/sun/security/pkcs11/PKCS11Test.java Fri Sep 20 22:11:45 2019 +0000 +++ b/test/jdk/sun/security/pkcs11/PKCS11Test.java Sat Sep 21 08:06:00 2019 +0800 @@ -39,6 +39,7 @@ import java.security.InvalidAlgorithmParameterException; import java.security.KeyPairGenerator; import java.security.NoSuchProviderException; +import java.security.Policy; import java.security.Provider; import java.security.ProviderException; import java.security.Security; @@ -879,6 +880,9 @@ case "MacOSX-x86_64-64": return fetchNssLib(MACOSX_X64.class); + case "Linux-amd64-64": + return fetchNssLib(LINUX_X64.class); + default: return null; } @@ -900,6 +904,7 @@ + "\nPlease make sure the artifact is available."); } } + Policy.setPolicy(null); // Clear the policy created by JIB if any return path; } @@ -923,4 +928,11 @@ revision = "3.46", extension = "zip") private static class MACOSX_X64 { } + + @Artifact( + organization = "jpg.tests.jdk.nsslib", + name = "nsslib-linux_x64", + revision = "3.46", + extension = "zip") + private static class LINUX_X64 { } } diff -r 3aef3bccfae3 -r e6231dbaa862 test/jdk/sun/security/pkcs11/Secmod/AddTrustedCert.java --- a/test/jdk/sun/security/pkcs11/Secmod/AddTrustedCert.java Fri Sep 20 22:11:45 2019 +0000 +++ b/test/jdk/sun/security/pkcs11/Secmod/AddTrustedCert.java Sat Sep 21 08:06:00 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -67,6 +67,13 @@ String configName = BASE + SEP + "nss.cfg"; Provider p = getSunPKCS11(configName); + if (improperNSSVersion(p)) { + System.out.println( + "Skip test due to improper NSS version in [3.28, 3.35). " + + "See JDK-8180837 for more detatils."); + return; + } + System.out.println(p); Security.addProvider(p); @@ -125,4 +132,13 @@ System.out.println("OK"); } + private static boolean improperNSSVersion(Provider p) { + double nssVersion = getNSSVersion(); + if (p.getName().equalsIgnoreCase("SunPKCS11-NSSKeyStore") + && nssVersion >= 3.28 && nssVersion < 3.35) { + return true; + } + + return false; + } } diff -r 3aef3bccfae3 -r e6231dbaa862 test/jdk/sun/security/pkcs11/tls/TestKeyMaterial.java --- a/test/jdk/sun/security/pkcs11/tls/TestKeyMaterial.java Fri Sep 20 22:11:45 2019 +0000 +++ b/test/jdk/sun/security/pkcs11/tls/TestKeyMaterial.java Sat Sep 21 08:06:00 2019 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,13 +36,16 @@ import java.io.BufferedReader; import java.nio.file.Files; import java.nio.file.Paths; +import java.security.InvalidAlgorithmParameterException; import java.security.Provider; -import java.security.InvalidAlgorithmParameterException; +import java.security.ProviderException; import java.util.Arrays; + import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; + import sun.security.internal.spec.TlsKeyMaterialParameterSpec; import sun.security.internal.spec.TlsKeyMaterialSpec; @@ -51,6 +54,7 @@ private static final int PREFIX_LENGTH = "km-master: ".length(); public static void main(String[] args) throws Exception { + System.out.println("NSS Version: " + getNSSVersion()); main(new TestKeyMaterial(), args); } @@ -154,10 +158,26 @@ match(lineNumber, serverMacBytes, result.getServerMacKey(), ""); } catch (InvalidAlgorithmParameterException iape) { // SSLv3 support is removed in S12 - if (major == 3 && minor == 0) { - System.out.println("Skip testing SSLv3"); - continue; + if (provider.getName().indexOf("Solaris") != -1) { + if (major == 3 && minor == 0) { + System.out.println("Skip testing SSLv3 on Solaris"); + continue; + } } + throw iape; + } catch (ProviderException pe) { + if (provider.getName().indexOf("NSS") != -1) { + Throwable t = pe.getCause(); + if (expandedKeyLength != 0 + && t.getMessage().indexOf( + "CKR_MECHANISM_PARAM_INVALID") != -1) { + // NSS removed support for export-grade cipher suites in 3.28, + // see https://bugzilla.mozilla.org/show_bug.cgi?id=1252849 + System.out.println("Ignore known NSS failure on CKR_MECHANISM_PARAM_INVALID"); + continue; + } + } + throw pe; } } else { throw new Exception("Unknown line: " + line);