Re: RFR: 8361711: Add library name configurability to PKCS11Test.java

Tue, 19 Aug 2025 15:34:26 -0700 

On Tue, 15 Jul 2025 16:43:16 GMT, Thomas Fitzsimmons <d...@openjdk.org> wrote:

> This patch adds configurability to `PKCS11Test.java`.
> 
> Specifically, it adds two new system properties:
> 
> - `CUSTOM_P11_LIBRARY_NAME`: Allow overriding the value assigned to the 
> `nss_library` field.  Prior to this patch, `nss_library` was set to either 
> `"softokn3"` or `"nss3"`.
> 
> - `CUSTOM_P11_CONFIG_VARIANT`: Abstract the configuration file type to load.  
> Prior to this patch, test cases that wanted to run `NSS` in sensitive mode 
> would hard-code `p11-nss-sensitive.txt` on their command lines.
> 
> The patch updates the three `p11-nss-sensitive.txt`-using test cases to use 
> the new `CUSTOM_P11_CONFIG_VARIANT` property:
> 
> 
> test/jdk/java/security/KeyAgreement/Generic.java
> test/jdk/sun/security/pkcs11/Mac/TestLargeSecretKeys.java
> test/jdk/sun/security/pkcs11/rsa/TestP11KeyFactoryGetRSAKeySpec.java
> 
> 
> I have been using this change to run `PKCS11Test.java` against the 
> [Kryoptic](https://github.com/latchset/kryoptic) PKCS11 soft token, using 
> this invocation:
> 
> 
> make test \
>     
> JTREG="JAVA_OPTIONS=-DCUSTOM_P11_CONFIG=/tmp/kryoptic-configuration/p11-kryoptic.txt
>  \
>                         -DCUSTOM_P11_LIBRARY_NAME=kryoptic_pkcs11 \
>                         
> -Djdk.test.lib.artifacts.nsslib-linux_x64=/tmp/kryoptic-configuration \
>                         -DCUSTOM_DB_DIR=/tmp/kryoptic-configuration"
> 
> 
> `/tmp/kryoptic-configuration` contains (among other files):
> 
> 
> libkryoptic_pkcs11.so
> p11-kryoptic.txt
> p11-kryoptic-sensitive.txt
> 
> 
> With `CUSTOM_P11_LIBRARY_NAME` set, `PKCS11Test.java` can find 
> `libkryoptic_pkcs11.so`.
> 
> And setting `CUSTOM_P11_CONFIG` causes the sensitive tests to use 
> `p11-kryoptic-sensitive.txt` via the new `CUSTOM_P11_CONFIG_VARIANT` property.
> 
> On my `Fedora 42` `x86-64` machine, I tested for regressions with:
> 
> $ time make test JOBS=4 
> JTREG="JAVA_OPTIONS=-Djdk.test.lib.artifacts.nsslib-linux_x64=/usr/lib64" 
> TEST="test/jdk/sun/security/pkcs11"
> 
> and:
> 
> $ time make test JOBS=4 TEST="test/jdk/sun/security/pkcs11"

test/jdk/sun/security/pkcs11/PKCS11Test.java line 458:

> 456: 
> 457:     public static String getNssConfig() throws Exception {
> 458:         nss_library = System.getProperty("CUSTOM_P11_LIBRARY_NAME", 
> nss_library);

Have you considered setting `nss_library` with the system property on line 92 
instead of here? E.g. 

> static String nss_library = System.getProperty("CUSTOM_P11_LIBRARY_NAME", 
> "softokn3");

Setting it there is more visible and it's clear what the property is for.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26325#discussion_r2286488516

Reply via email to