-
Enhancement
-
Resolution: Fixed
-
P4
-
None
I have been testing OpenJDK with the Kryoptic PKCS11 soft token (https://github.com/latchset/kryoptic) by running the jtreg PKCS11 tests (test/jdk/sun/security/pkcs11) against it, for evaluation purposes.
I am mostly able to use PKCS11Test.java as-is, but I found a need to pass in a different library name, and different default and sensitive configuration files.
My test directory, /tmp/kryoptic-configuration/, has:
/tmp/kryoptic-configuration/
├── libkryoptic_pkcs11.so
└── nss
├── db
│ ├── cert9.db
│ ├── key4.db
│ └── kryoptic.conf
├── p11-nss-sensitive.txt
└── p11-nss.txt
In my locally-patched JDK tree I am passing to jtreg:
-javaoption:-DCUSTOM_P11_LIBRARY_NAME=kryoptic_pkcs11
-javaoption:-Djdk.test.lib.artifacts.nsslib-linux_x64=/tmp/kryoptic-configuration
-javaoption:-DCUSTOM_P11_CONFIG_BASE_DIR=/tmp/kryoptic-configuration
To support this use case upstream, I would like PKCS11Test.java to read two new system properties:
CUSTOM_P11_LIBRARY_NAME, to allow overriding nss_library from the command line; this is the library name that PKCS11Test.java searches for under the directory specified by jdk.test.lib.artifacts.nsslib-linux_x64
and:
CUSTOM_P11_BASE_DIR, to allow specifying a custom provider configuration file hierarchy, including nss/p11-nss.txt and nss/p11-nss-sensitive.txt.
I am mostly able to use PKCS11Test.java as-is, but I found a need to pass in a different library name, and different default and sensitive configuration files.
My test directory, /tmp/kryoptic-configuration/, has:
/tmp/kryoptic-configuration/
├── libkryoptic_pkcs11.so
└── nss
├── db
│ ├── cert9.db
│ ├── key4.db
│ └── kryoptic.conf
├── p11-nss-sensitive.txt
└── p11-nss.txt
In my locally-patched JDK tree I am passing to jtreg:
-javaoption:-DCUSTOM_P11_LIBRARY_NAME=kryoptic_pkcs11
-javaoption:-Djdk.test.lib.artifacts.nsslib-linux_x64=/tmp/kryoptic-configuration
-javaoption:-DCUSTOM_P11_CONFIG_BASE_DIR=/tmp/kryoptic-configuration
To support this use case upstream, I would like PKCS11Test.java to read two new system properties:
CUSTOM_P11_LIBRARY_NAME, to allow overriding nss_library from the command line; this is the library name that PKCS11Test.java searches for under the directory specified by jdk.test.lib.artifacts.nsslib-linux_x64
and:
CUSTOM_P11_BASE_DIR, to allow specifying a custom provider configuration file hierarchy, including nss/p11-nss.txt and nss/p11-nss-sensitive.txt.
- links to
-
Commit(master) openjdk/jdk/1cb1267c
-
Review(master) openjdk/jdk/26325