Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8361711

Add library name configurability to PKCS11Test.java

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Fixed
    • Icon: P4 P4
    • 26
    • None
    • security-libs

      I have been testing OpenJDK with the Kryoptic PKCS11 soft token (https://github.com/latchset/kryoptic) by running the jtreg PKCS11 tests (test/jdk/sun/security/pkcs11) against it, for evaluation purposes.

      I am mostly able to use PKCS11Test.java as-is, but I found a need to pass in a different library name, and different default and sensitive configuration files.

      My test directory, /tmp/kryoptic-configuration/, has:

      /tmp/kryoptic-configuration/
      ├── libkryoptic_pkcs11.so
      └── nss
          ├── db
          │   ├── cert9.db
          │   ├── key4.db
          │   └── kryoptic.conf
          ├── p11-nss-sensitive.txt
          └── p11-nss.txt

      In my locally-patched JDK tree I am passing to jtreg:

      -javaoption:-DCUSTOM_P11_LIBRARY_NAME=kryoptic_pkcs11
      -javaoption:-Djdk.test.lib.artifacts.nsslib-linux_x64=/tmp/kryoptic-configuration
      -javaoption:-DCUSTOM_P11_CONFIG_BASE_DIR=/tmp/kryoptic-configuration

      To support this use case upstream, I would like PKCS11Test.java to read two new system properties:

      CUSTOM_P11_LIBRARY_NAME, to allow overriding nss_library from the command line; this is the library name that PKCS11Test.java searches for under the directory specified by jdk.test.lib.artifacts.nsslib-linux_x64

      and:

      CUSTOM_P11_BASE_DIR, to allow specifying a custom provider configuration file hierarchy, including nss/p11-nss.txt and nss/p11-nss-sensitive.txt.

            fitzsim Thomas Fitzsimmons
            fitzsim Thomas Fitzsimmons
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: