Hi Valerie, Thanks for your answer.
Webrev.09: * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.09/ * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.09.zip In TestTLS12.java, we now capture any exception during initialization phase and skip test execution if that happens. Kind regards, Martin.- On Wed, Sep 12, 2018 at 2:20 AM, Valerie Peng <valerie.p...@oracle.com> wrote: > Hi, Martin, > I am ok with your option#1. > Note that your test fails at different places of the code, so you will > need to check and skip test execution before those exception are thrown. > > Valerie > > > On 9/11/2018 7:54 AM, Martin Balao wrote: > > Hi Valerie, > > On Fri, Aug 31, 2018 at 9:16 PM, Valerie Peng <valerie.p...@oracle.com> > wrote: > >> Hi Martin, >> >> In TestTLS12.java, you call the initSecmod() inside initialize() and when >> initSecmod() returns false, you return from initialize() and continue down >> the main(). Is this intentional? Other tests seems to be skipping execution >> when initSecmod() return false. >> > > This test skips execution too. That's because shouldRun method returns > false if sunPKCS11NSSProvider variable is null (which it is if initSecmod > returns false). > > >> >> Changes in webrev.08 resolves 2 out of the 4 failure cases for >> TestTLS12.java. However, when I submit the changes for testing, it failed >> on some OS (see below): >> >> macosx-x64: >> >> jib > STDOUT: >>> jib > nssLibDir: /scratch/mesos/jib-master/inst >>> all/jpg/tests/jdk/nsslib/nsslib-macosx_x64/3.35/nsslib-macos >>> x_x64-3.35.zip/nsslib/ >>> jib > STDERR: >>> jib > java.security.ProviderException: Could not initialize NSS >>> jib > at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(Sun >>> PKCS11.java:218) >>> jib > at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunP >>> KCS11.java:113) >>> jib > at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunP >>> KCS11.java:110) >>> jib > at java.base/java.security.AccessController.doPrivileged(Native >>> Method) >>> jib > at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure( >>> SunPKCS11.java:110) >>> jib > at PKCS11Test.getSunPKCS11(PKCS11Test.java:156) >>> jib > at TestTLS12.initialize(TestTLS12.java:416) >>> jib > at TestTLS12.main(TestTLS12.java:84) >>> jib > at >>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native >>> Method) >>> jib > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invo >>> ke(NativeMethodAccessorImpl.java:62) >>> jib > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl. >>> invoke(DelegatingMethodAccessorImpl.java:43) >>> jib > at java.base/java.lang.reflect.Method.invoke(Method.java:566) >>> jib > at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(Ma >>> inWrapper.java:127) >>> jib > at java.base/java.lang.Thread.run(Thread.java:834) >>> jib > Caused by: java.io.IOException: NSS initialization failed >>> jib > at jdk.crypto.cryptoki/sun.security.pkcs11.Secmod.initialize(Se >>> cmod.java:234) >>> jib > at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(Sun >>> PKCS11.java:213) >>> jib > ... 13 more >>> jib > >>> jib > JavaTest Message: Test threw exception: >>> java.security.ProviderException: Could not initialize NSS >>> >> > > >> windows-x64: >> >> jib > STDOUT: >>> jib > nssLibDir: C:\ADE\mesos\work_dir\jib-mast >>> er\install\jpg\tests\jdk\nsslib\nsslib-windows_x64\3.35\nssl >>> ib-windows_x64-3.35.zip\nsslib\ >>> jib > SunPKCS11 provider: SunPKCS11-NSSKeyStore version 12 >>> jib > STDERR: >>> jib > java.security.ProviderException: SunJSSE already initialized in >>> non-FIPS mode >>> jib > at java.base/sun.security.ssl.SunJSSE.ensureFIPS(SunJSSE.java:9 >>> 4) >>> jib > at java.base/sun.security.ssl.SunJSSE.<init>(SunJSSE.java:146) >>> jib > at java.base/sun.security.ssl.SunJSSE.<init>(SunJSSE.java:118) >>> jib > at java.base/com.sun.net.ssl.internal.ssl.Provider.<init>(Provi >>> der.java:47) >>> jib > at TestTLS12.initialize(TestTLS12.java:424) >>> jib > at TestTLS12.main(TestTLS12.java:84) >>> jib > at >>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native >>> Method) >>> jib > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invo >>> ke(NativeMethodAccessorImpl.java:62) >>> jib > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl. >>> invoke(DelegatingMethodAccessorImpl.java:43) >>> jib > at java.base/java.lang.reflect.Method.invoke(Method.java:566) >>> jib > at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(Ma >>> inWrapper.java:127) >>> jib > at java.base/java.lang.Thread.run(Thread.java:834) >>> jib > >>> jib > JavaTest Message: Test threw exception: >>> java.security.ProviderException: SunJSSE already initialized in >>> non-FIPS mode >>> >> >> > The 2 tests that initialize NSS in FIPS mode (TrustManagerTest and > ClientJSSEServerJSSE) only run on Solaris. My guess is that these failures > are not particular to TestTLS12 but to NSS + FIPS support on these setups. > I won't be able to reproduce the macOS failure and I'm not sure if I'll be > able to reproduce in my Windows x86_64 environment. > > I propose the following options: > > 1) Make the test skip macOS & Windows x86_64 (and any other platform that > fails to initialize the SunPKCS11 provider) > > 2) If you can provide access to a testing environment where I can > reproduce these failures, I can see what's happening > > I intentionally want to use FIPS in NSS configuration because it > represents a real use case, and is what motivated us to support TLS 1.2 in > SunPKCS11. So, even though removing FIPS would be an option, I prefer not > to take it. > > Kind regards, > Martin.- > > >