8366182: Some PKCS11Tests are being skipped when they shouldn't #27095
Conversation
|
👋 Welcome back mdonovan! A progress list of the required criteria for merging this PR into |
|
❗ This change is not yet ready to be integrated. |
openjdk
bot
added
security
Webrevs
|
| String osName = System.getProperty("os.name"); | ||
| if (ver > 3.139 && ver < 3.15 && osName.equals("Linux")) { | ||
| int idx = ver.indexOf("."); | ||
| double major = Double.parseDouble(ver.substring(0, idx)); |
There was a problem hiding this comment.
IMO the split between major version and minor is a bit hard to read. Wouldn't it be easier to just get a major.minor version entirely with something like:
String[] splitParts = ver.split("//.");
Double.parseDouble(splitParts.length > 1
? splitParts[0] + "." + splitParts[1]
: splitParts[0]);This way it will always take a full double value (1.13 will not be the same as 1.1, as it's now as far as I can see) and would be a bit easier to understand
The checking for only major version could be either doubleVersion<4 && doubleVersion>=3 or even cleaner, using floor function Math.floor(doubleVersion)
And the same for the other files.
What do you think?
There was a problem hiding this comment.
I may be misunderstanding your comment but it looks like you're using a single, double value to compare versions. The original code did that but it doesn't work in all cases. The problem occurs when checking a range such as
version >= 3.11 && version < 3.12
If the version number is 3.111, then the comparison is true and tests are skipped, even though version 3.111 is "greater" than 3.12. So this code creates two doubles: major and minor to do separate comparisons of the values.
To further complicate things, NSS also has versions of the form x.y.z. The original code combined the 'y' and 'z' components to go from 3.11.9 to 3.119. My change would create major version 3.0 and minor version 11.9.
There was a problem hiding this comment.
Ah, you're right, I didn't think of this case! This approach will be easier then, I agree.
Still, ver.substring(idx+1) may cause errors in cases like this NSS 3.15.3.1 release notes. It will try to convert 15.3.1 to a double. Do you think changing to something like this would be worth it?
String verSubstring = ver.substring(idx+1);
String[] splitParts = verSubstring.split("//.");
Double minor = Double.parseDouble(splitParts.length > 1
? splitParts[0] + "." + splitParts[1]
: splitParts[0]);There was a problem hiding this comment.
That's a good point about 4-component version numbers. Frankly, I was hoping that NSS never did that. I refactored the version parsing code to create a Version record with major, minor, and patch versions. This way, individual tests don't have to do the String parsing. If we end up with a test that has to be skipped due to that 4th component, we can update the parsing accordingly. Alternately, I can add it since I'm here now... what is that fourth component called?
There was a problem hiding this comment.
Thank you for the changes!
I'm not sure if it's even needed to be honest, it would be an overkill imo. I can't find the exact naming on the nss website, but I think the common one would be major.minor.patch.hotfix
…peated string parsing
This PR updates PKCS11 tests to better handle NSS version numbers. The previous code treated the version numbers as double values and used comparison operators. The problem is that it incorrectly treats 3.111 as between 3.11 and 3.12. This update parses and compares the major and minor version numbers separately.
Progress
Issue
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27095/head:pull/27095$ git checkout pull/27095Update a local copy of the PR:
$ git checkout pull/27095$ git pull https://git.openjdk.org/jdk.git pull/27095/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 27095View PR using the GUI difftool:
$ git pr show -t 27095Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27095.diff
Using Webrev
Link to Webrev Comment