8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID
Reviewed-by: xuelei
--- a/test/jdk/ProblemList.txt Fri Sep 20 22:11:45 2019 +0000
+++ b/test/jdk/ProblemList.txt Sat Sep 21 08:06:00 2019 +0800
@@ -652,8 +652,6 @@
# jdk_security
sun/security/pkcs11/ec/TestKeyFactory.java 8026976 generic-all
-sun/security/pkcs11/Secmod/AddTrustedCert.java 8180837 generic-all
-sun/security/pkcs11/tls/TestKeyMaterial.java 8180837 generic-all
sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8161536 generic-all
sun/security/tools/keytool/ListKeychainStore.sh 8156889 macosx-all
--- a/test/jdk/sun/security/pkcs11/PKCS11Test.java Fri Sep 20 22:11:45 2019 +0000
+++ b/test/jdk/sun/security/pkcs11/PKCS11Test.java Sat Sep 21 08:06:00 2019 +0800
@@ -39,6 +39,7 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchProviderException;
+import java.security.Policy;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
@@ -879,6 +880,9 @@
case "MacOSX-x86_64-64":
return fetchNssLib(MACOSX_X64.class);
+ case "Linux-amd64-64":
+ return fetchNssLib(LINUX_X64.class);
+
default:
return null;
}
@@ -900,6 +904,7 @@
+ "\nPlease make sure the artifact is available.");
}
}
+ Policy.setPolicy(null); // Clear the policy created by JIB if any
return path;
}
@@ -923,4 +928,11 @@
revision = "3.46",
extension = "zip")
private static class MACOSX_X64 { }
+
+ @Artifact(
+ organization = "jpg.tests.jdk.nsslib",
+ name = "nsslib-linux_x64",
+ revision = "3.46",
+ extension = "zip")
+ private static class LINUX_X64 { }
}
--- a/test/jdk/sun/security/pkcs11/Secmod/AddTrustedCert.java Fri Sep 20 22:11:45 2019 +0000
+++ b/test/jdk/sun/security/pkcs11/Secmod/AddTrustedCert.java Sat Sep 21 08:06:00 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -67,6 +67,13 @@
String configName = BASE + SEP + "nss.cfg";
Provider p = getSunPKCS11(configName);
+ if (improperNSSVersion(p)) {
+ System.out.println(
+ "Skip test due to improper NSS version in [3.28, 3.35). "
+ + "See JDK-8180837 for more detatils.");
+ return;
+ }
+
System.out.println(p);
Security.addProvider(p);
@@ -125,4 +132,13 @@
System.out.println("OK");
}
+ private static boolean improperNSSVersion(Provider p) {
+ double nssVersion = getNSSVersion();
+ if (p.getName().equalsIgnoreCase("SunPKCS11-NSSKeyStore")
+ && nssVersion >= 3.28 && nssVersion < 3.35) {
+ return true;
+ }
+
+ return false;
+ }
}
--- a/test/jdk/sun/security/pkcs11/tls/TestKeyMaterial.java Fri Sep 20 22:11:45 2019 +0000
+++ b/test/jdk/sun/security/pkcs11/tls/TestKeyMaterial.java Sat Sep 21 08:06:00 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,13 +36,16 @@
import java.io.BufferedReader;
import java.nio.file.Files;
import java.nio.file.Paths;
+import java.security.InvalidAlgorithmParameterException;
import java.security.Provider;
-import java.security.InvalidAlgorithmParameterException;
+import java.security.ProviderException;
import java.util.Arrays;
+
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
+
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;
@@ -51,6 +54,7 @@
private static final int PREFIX_LENGTH = "km-master: ".length();
public static void main(String[] args) throws Exception {
+ System.out.println("NSS Version: " + getNSSVersion());
main(new TestKeyMaterial(), args);
}
@@ -154,10 +158,26 @@
match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
} catch (InvalidAlgorithmParameterException iape) {
// SSLv3 support is removed in S12
- if (major == 3 && minor == 0) {
- System.out.println("Skip testing SSLv3");
- continue;
+ if (provider.getName().indexOf("Solaris") != -1) {
+ if (major == 3 && minor == 0) {
+ System.out.println("Skip testing SSLv3 on Solaris");
+ continue;
+ }
}
+ throw iape;
+ } catch (ProviderException pe) {
+ if (provider.getName().indexOf("NSS") != -1) {
+ Throwable t = pe.getCause();
+ if (expandedKeyLength != 0
+ && t.getMessage().indexOf(
+ "CKR_MECHANISM_PARAM_INVALID") != -1) {
+ // NSS removed support for export-grade cipher suites in 3.28,
+ // see https://bugzilla.mozilla.org/show_bug.cgi?id=1252849
+ System.out.println("Ignore known NSS failure on CKR_MECHANISM_PARAM_INVALID");
+ continue;
+ }
+ }
+ throw pe;
}
} else {
throw new Exception("Unknown line: " + line);