Adapting an existing test sounds good. There are several PKCS11 tests
that exercise NSS. They look in the usual places for the NSS libraries
and fail gracefully when NSS is not present.
On 27/11/2012 20:09, Andrew Hughes wrote:
----- Original Message -----
Hello Andrew,
The code changes look fine. I will open a bug for this issue.
Is there a testcase available for this new option?
Hi Vincent,
Sorry for the delayed reply. There isn't a testcase as such and
I've been meaning to find time to write one, but still haven't got
round to it. The problem where PKCS11 is initialised twice is
actually shown by the current jtreg tests if PKCS11 is configured in
java.security, so it may be possible to just adapt that test to explicitly
try loading a second library. But I guess it would have to assume
the presence of a system NSS install. It's one of those bugs that's
easy to reproduce when you know the system and JDK configuration, but
not just from a test :-)
Thanks.
On 7 Nov 2012, at 18:45, Andrew Hughes wrote:
The PKCS11 provider has an option in its configuration file,
"handleStartupErrors"
that can be used to make different types of failure non-critical
(throwing a
UnsupportedOperationException rather than a ProviderException). By
default,
all failures are critical.
This option is not available for the failure resulting from an
attempt to try to
load a provider with a different library directory to one that has
already been
loaded; such a failure is always critical.
This webrev:
http://cr.openjdk.java.net/~andrew/pkcs11-multiinit/webrev.01/
simply extends the existing option so that this failure can be made
non-critical.
Both the existing IGNORE_ALL setting and the new IGNORE_MULTI_INIT
setting will
turn the failure into one which throws
UnsupportedOperationException, resulting
in the provider not being loaded rather than an JVM crash.
This allows a default PKCS11 setup to be specified, which is then
silently dropped
if the user tries to load a conflicting setup (e.g. their own local
NSS library).
The patch is against tl at present. I'll need a bug ID to push
this if it looks ok.
Thanks,
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
