Test update looks fine and regression test run is clear. I have no more
comments.
Thanks,
Valerie
On 9/12/2018 4:22 AM, Martin Balao wrote:
Hi Valerie,
Thanks for your answer.
Webrev.09:
*
http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.09/
<http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.09/>
*
http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.09.zip
<http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.09.zip>
In TestTLS12.java, we now capture any exception during initialization
phase and skip test execution if that happens.
Kind regards,
Martin.-
On Wed, Sep 12, 2018 at 2:20 AM, Valerie Peng <valerie.p...@oracle.com
<mailto:valerie.p...@oracle.com>> wrote:
Hi, Martin,
I am ok with your option#1.
Note that your test fails at different places of the code, so you
will need to check and skip test execution before those exception
are thrown.
Valerie
On 9/11/2018 7:54 AM, Martin Balao wrote:
Hi Valerie,
On Fri, Aug 31, 2018 at 9:16 PM, Valerie Peng
<valerie.p...@oracle.com <mailto:valerie.p...@oracle.com>> wrote:
Hi Martin,
In TestTLS12.java, you call the initSecmod() inside
initialize() and when initSecmod() returns false, you return
from initialize() and continue down the main(). Is this
intentional? Other tests seems to be skipping execution when
initSecmod() return false.
This test skips execution too. That's because shouldRun method
returns false if sunPKCS11NSSProvider variable is null (which it
is if initSecmod returns false).
Changes in webrev.08 resolves 2 out of the 4 failure cases
for TestTLS12.java. However, when I submit the changes for
testing, it failed on some OS (see below):
macosx-x64:
jib > STDOUT:
jib > nssLibDir:
/scratch/mesos/jib-master/install/jpg/tests/jdk/nsslib/nsslib-macosx_x64/3.35/nsslib-macosx_x64-3.35.zip/nsslib/
jib > STDERR:
jib > java.security.ProviderException: Could not
initialize NSS
jib > at
jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:218)
jib > at
jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
jib > at
jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
jib > at
java.base/java.security.AccessController.doPrivileged(Native
Method)
jib > at
jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
jib > at PKCS11Test.getSunPKCS11(PKCS11Test.java:156)
jib > at TestTLS12.initialize(TestTLS12.java:416)
jib > at TestTLS12.main(TestTLS12.java:84)
jib > at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
jib > at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
jib > at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
jib > at java.base/java.lang.reflect.Me
<http://java.lang.reflect.Me>thod.invoke(Method.java:566)
jib > at
com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
jib > at java.base/java.lang.Thread.run(Thread.java:834)
jib > Caused by: java.io.IOException: NSS initialization
failed
jib > at
jdk.crypto.cryptoki/sun.security.pkcs11.Secmod.initialize(Secmod.java:234)
jib > at
jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:213)
jib > ... 13 more
jib >
jib > JavaTest Message: Test threw exception:
java.security.ProviderException: Could not initialize NSS
windows-x64:
jib > STDOUT:
jib > nssLibDir:
C:\ADE\mesos\work_dir\jib-master\install\jpg\tests\jdk\nsslib\nsslib-windows_x64\3.35\nsslib-windows_x64-3.35.zip\nsslib\
jib > SunPKCS11 provider: SunPKCS11-NSSKeyStore version 12
jib > STDERR:
jib > java.security.ProviderException: SunJSSE already
initialized in non-FIPS mode
jib > at
java.base/sun.security.ssl.SunJSSE.ensureFIPS(SunJSSE.java:94)
jib > at
java.base/sun.security.ssl.SunJSSE.<init>(SunJSSE.java:146)
jib > at
java.base/sun.security.ssl.SunJSSE.<init>(SunJSSE.java:118)
jib > at
java.base/com.sun.net.ssl.internal.ssl.Provider.<init>(Provider.java:47)
jib > at TestTLS12.initialize(TestTLS12.java:424)
jib > at TestTLS12.main(TestTLS12.java:84)
jib > at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
jib > at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
jib > at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
jib > at java.base/java.lang.reflect.Me
<http://java.lang.reflect.Me>thod.invoke(Method.java:566)
jib > at
com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
jib > at java.base/java.lang.Thread.run(Thread.java:834)
jib >
jib > JavaTest Message: Test threw exception:
java.security.ProviderException: SunJSSE already
initialized in non-FIPS mode
The 2 tests that initialize NSS in FIPS mode (TrustManagerTest
and ClientJSSEServerJSSE) only run on Solaris. My guess is that
these failures are not particular to TestTLS12 but to NSS + FIPS
support on these setups. I won't be able to reproduce the macOS
failure and I'm not sure if I'll be able to reproduce in my
Windows x86_64 environment.
I propose the following options:
1) Make the test skip macOS & Windows x86_64 (and any other
platform that fails to initialize the SunPKCS11 provider)
2) If you can provide access to a testing environment where I
can reproduce these failures, I can see what's happening
I intentionally want to use FIPS in NSS configuration because it
represents a real use case, and is what motivated us to support
TLS 1.2 in SunPKCS11. So, even though removing FIPS would be an
option, I prefer not to take it.
Kind regards,
Martin.-
