> This patch adds configurability to `PKCS11Test.java`. > > Specifically, it adds two new system properties: > > - `CUSTOM_P11_LIBRARY_NAME`: Allow overriding the value assigned to the > `nss_library` field. Prior to this patch, `nss_library` was set to either > `"softokn3"` or `"nss3"`. > > - `CUSTOM_P11_CONFIG_VARIANT`: Abstract the configuration file type to load. > Prior to this patch, test cases that wanted to run `NSS` in sensitive mode > would hard-code `p11-nss-sensitive.txt` on their command lines. > > The patch updates the three `p11-nss-sensitive.txt`-using test cases to use > the new `CUSTOM_P11_CONFIG_VARIANT` property: > > > test/jdk/java/security/KeyAgreement/Generic.java > test/jdk/sun/security/pkcs11/Mac/TestLargeSecretKeys.java > test/jdk/sun/security/pkcs11/rsa/TestP11KeyFactoryGetRSAKeySpec.java > > > I have been using this change to run `PKCS11Test.java` against the > [Kryoptic](https://github.com/latchset/kryoptic) PKCS11 soft token, using > this invocation: > > > make test \ > > JTREG="JAVA_OPTIONS=-DCUSTOM_P11_CONFIG=/tmp/kryoptic-configuration/p11-kryoptic.txt > \ > -DCUSTOM_P11_LIBRARY_NAME=kryoptic_pkcs11 \ > > -Djdk.test.lib.artifacts.nsslib-linux_x64=/tmp/kryoptic-configuration \ > -DCUSTOM_DB_DIR=/tmp/kryoptic-configuration" > > > `/tmp/kryoptic-configuration` contains (among other files): > > > libkryoptic_pkcs11.so > p11-kryoptic.txt > p11-kryoptic-sensitive.txt > > > With `CUSTOM_P11_LIBRARY_NAME` set, `PKCS11Test.java` can find > `libkryoptic_pkcs11.so`. > > And setting `CUSTOM_P11_CONFIG` causes the sensitive tests to use > `p11-kryoptic-sensitive.txt` via the new `CUSTOM_P11_CONFIG_VARIANT` property. > > On my `Fedora 42` `x86-64` machine, I tested for regressions with: > > $ time make test JOBS=4 > JTREG="JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_x64=/usr/lib64" > TEST="test/jdk/sun/security/pkcs11" > > and: > > $ time make test JOBS=4 TEST="test/jdk/sun/security/pkcs11"
Thomas Fitzsimmons has updated the pull request incrementally with four additional commits since the last revision: - PKCS11Test.getNssConfig: Throw an exception if configuration file does not exist - PKCS11Test.getNssConfig: Expand comment about regular expression - PKCS11Test.getNssConfig: Document CUSTOM_P11_CONFIG properties - Initialize nss_library based on CUSTOM_P11_LIBRARY_NAME ------------- Changes: - all: https://git.openjdk.org/jdk/pull/26325/files - new: https://git.openjdk.org/jdk/pull/26325/files/780a630a..621a35f3 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=26325&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=26325&range=00-01 Stats: 60 lines in 1 file changed: 57 ins; 1 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/26325.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/26325/head:pull/26325 PR: https://git.openjdk.org/jdk/pull/26325
