8366182: Some PKCS11Tests are being skipped when they shouldn't

test/jdk/sun/security/pkcs11/Cipher/TestKATForGCM.java

@@ -321,14 +321,19 @@ public void main(Provider p) throws Exception {
                 System.out.println("Test Passed!");
             }
         } catch (Exception e) {
-            System.out.println("Exception occured using " + p.getName() + " version " + p.getVersionStr());
+            System.out.println("Exception occured using " + p.getName()
+                    + " version " + p.getVersionStr());
 
             if (isNSS(p)) {
-                double ver = getNSSInfo("nss");
+                Version ver = getNSSInfo("nss");
                 String osName = System.getProperty("os.name");
-                if (ver > 3.139 && ver < 3.15 && osName.equals("Linux")) {
+
+                if (osName.equals("Linux") &&
+                        ver.major() == 3 && ver.minor() < 15
+                        && (ver.minor() > 13 && ver.patch() >= 9)) {
                     // warn about buggy behaviour on Linux with nss 3.14
-                    System.out.println("Warning: old NSS " + ver + " might be problematic, consider upgrading it");
+                    System.out.println("Warning: old NSS " + ver
+                            + " might be problematic, consider upgrading it");
                 }
             }
             throw e;

test/jdk/sun/security/pkcs11/KeyStore/SecretKeysBasic.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -116,11 +116,14 @@ private static boolean checkSecretKeyEntry(String alias,
         // A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths
         // to be read incorrectly.  Checking for improper 16 byte length
         // in key string.
-        if (isNSS(provider) && expected.getAlgorithm().equals("AES") &&
-                (getNSSVersion() >= 3.12 && getNSSVersion() <= 3.122)) {
-            System.out.println("NSS 3.12 bug returns incorrect AES key "+
-                    "length breaking key storage. Aborting...");
-            return true;
+        if (isNSS(provider) && expected.getAlgorithm().equals("AES")) {
+            Version version = getNSSVersion();
+            if (version.major() == 3 && version.minor() == 12
+                    && version.patch() <= 2) {
+                System.out.println("NSS 3.12 bug returns incorrect AES key " +
+                        "length breaking key storage. Aborting...");
+                return true;
+            }
         }
 
         if (saveBeforeCheck) {
@@ -168,7 +171,7 @@ private static void dumpKey(String info, SecretKey key) {
     private static void doTest() throws Exception {
         // Make sure both NSS libraries are the same version.
         if (isNSS(provider) &&
-                (getLibsoftokn3Version() != getLibnss3Version())) {
+                (!getLibsoftokn3Version().equals(getLibnss3Version()))) {
             System.out.println("libsoftokn3 and libnss3 versions do not match.  Aborting test...");
             return;
         }

test/jdk/sun/security/pkcs11/PKCS11Test.java

@@ -83,7 +83,7 @@ public abstract class PKCS11Test {
     private static final String NSS_BUNDLE_VERSION = "3.111";
     private static final String NSSLIB = "jpg.tests.jdk.nsslib";
 
-    static double nss_version = -1;
+    static Version nss_version = null;
     static ECCState nss_ecc_status = ECCState.Basic;
 
     // The NSS library we need to search for in getNSSLibDir()
@@ -93,8 +93,8 @@ public abstract class PKCS11Test {
 
     // NSS versions of each library.  It is simpler to keep nss_version
     // for quick checking for generic testing than many if-else statements.
-    static double softoken3_version = -1;
-    static double nss3_version = -1;
+    static Version softoken3_version = null;
+    static Version nss3_version = null;
     static Provider pkcs11 = newPKCS11Provider();
     private static String PKCS11_BASE;
     private static Map<String, String[]> osMap;
@@ -258,13 +258,29 @@ private static String getOsId() {
     }
 
     static boolean isBadNSSVersion(Provider p) {
-        double nssVersion = getNSSVersion();
-        if (isNSS(p) && nssVersion >= 3.11 && nssVersion < 3.12) {
-            System.out.println("NSS 3.11 has a DER issue that recent " +
-                    "version do not, skipping");
-            return true;
+        Version nssVersion = getNSSVersion();
+        if (isNSS(p)) {
+            // bad version is just between [3.11,3.12)
+            return nssVersion.major == 3 && 11 == nssVersion.minor;
+        } else {
+            return false;
         }
-        return false;
+    }
+
+    public record Version(int major, int minor, int patch) {}
+
+    protected static Version parseVersionString(String version) {
+        String [] parts = version.split("\\.");
+        int major = Integer.parseInt(parts[0]);
+        int minor = 0;
+        int patch = 0;
+        if (parts.length >= 2) {
+            minor = Integer.parseInt(parts[1]);
+        }
+        if (parts.length >= 3) {
+            patch = Integer.parseInt(parts[2]);
+        }
+        return new Version(major, minor, patch);
     }
 
     protected static void safeReload(String lib) {
@@ -293,26 +309,26 @@ public static boolean isNSS(Provider p) {
         return p.getName().equalsIgnoreCase("SUNPKCS11-NSS");
     }
 
-    static double getNSSVersion() {
-        if (nss_version == -1)
+    static Version getNSSVersion() {
+        if (nss_version == null)
             getNSSInfo();
         return nss_version;
     }
 
     static ECCState getNSSECC() {
-        if (nss_version == -1)
+        if (nss_version == null)
             getNSSInfo();
         return nss_ecc_status;
     }
 
-    public static double getLibsoftokn3Version() {
-        if (softoken3_version == -1)
+    public static Version getLibsoftokn3Version() {
+        if (softoken3_version == null)
             return getNSSInfo("softokn3");
         return softoken3_version;
     }
 
-    public static double getLibnss3Version() {
-        if (nss3_version == -1)
+    public static Version getLibnss3Version() {
+        if (nss3_version == null)
             return getNSSInfo("nss3");
         return nss3_version;
     }
@@ -327,7 +343,7 @@ static void getNSSInfo() {
     // $Header: NSS <version>
     // Version: NSS <version>
     // Here, <version> stands for NSS version.
-    static double getNSSInfo(String library) {
+    static Version getNSSInfo(String library) {
         // look for two types of headers in NSS libraries
         String nssHeader1 = "$Header: NSS";
         String nssHeader2 = "Version: NSS";
@@ -336,15 +352,15 @@ static double getNSSInfo(String library) {
         int i = 0;
         Path libfile = null;
 
-        if (library.compareTo("softokn3") == 0 && softoken3_version > -1)
+        if (library.compareTo("softokn3") == 0 && softoken3_version != null)
             return softoken3_version;
-        if (library.compareTo("nss3") == 0 && nss3_version > -1)
+        if (library.compareTo("nss3") == 0 && nss3_version != null)
             return nss3_version;
 
         try {
             libfile = getNSSLibPath();
             if (libfile == null) {
-                return 0.0;
+                return parseVersionString("0.0");
             }
             try (InputStream is = Files.newInputStream(libfile)) {
                 byte[] data = new byte[1000];
@@ -380,7 +396,7 @@ static double getNSSInfo(String library) {
         if (!found) {
             System.out.println("lib" + library +
                     " version not found, set to 0.0: " + libfile);
-            nss_version = 0.0;
+            nss_version = parseVersionString("0.0");
             return nss_version;
         }
 
@@ -393,26 +409,7 @@ static double getNSSInfo(String library) {
             version.append(c);
         }
 
-        // If a "dot dot" release, strip the extra dots for double parsing
-        String[] dot = version.toString().split("\\.");
-        if (dot.length > 2) {
-            version = new StringBuilder(dot[0] + "." + dot[1]);
-            for (int j = 2; dot.length > j; j++) {
-                version.append(dot[j]);
-            }
-        }
-
-        // Convert to double for easier version value checking
-        try {
-            nss_version = Double.parseDouble(version.toString());
-        } catch (NumberFormatException e) {
-            System.out.println("===== Content start =====");
-            System.out.println(s);
-            System.out.println("===== Content end =====");
-            System.out.println("Failed to parse lib" + library +
-                    " version. Set to 0.0");
-            e.printStackTrace();
-        }
+        nss_version = parseVersionString(version.toString());
 
         System.out.print("library: " + library + ", version: " + version + ".  ");
 

test/jdk/sun/security/pkcs11/Secmod/AddTrustedCert.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -121,10 +121,10 @@ public static void main(String[] args) throws Exception {
     }
 
     private static boolean improperNSSVersion(Provider p) {
-        double nssVersion = getNSSVersion();
-        if (p.getName().equalsIgnoreCase("SunPKCS11-NSSKeyStore")
-                && nssVersion >= 3.28 && nssVersion < 3.35) {
-            return true;
+        Version nssVersion = getNSSVersion();
+        if (p.getName().equalsIgnoreCase("SunPKCS11-NSSKeyStore")) {
+            return nssVersion.major() == 3 &&
+                    (nssVersion.minor() >= 28 && nssVersion.minor() < 35);
         }
 
         return false;

test/jdk/sun/security/pkcs11/Signature/TestDSAKeyLength.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,13 +47,15 @@ public static void main(String[] args) throws Exception {
 
     @Override
     protected boolean skipTest(Provider provider) {
-        double version = getNSSVersion();
-        String[] versionStrs = Double.toString(version).split("\\.");
-        int major = Integer.parseInt(versionStrs[0]);
-        int minor = Integer.parseInt(versionStrs[1]);
-        if (isNSS(provider) && (version == 0.0 || (major >= 3 && minor >= 14))) {
-            System.out.println("Skip testing NSS " + version);
-            return true;
+        if (isNSS(provider)) {
+            Version version = getNSSVersion();
+            if (version == null) {
+                return true;
+            }
+            if (version.major() >= 3 && version.minor() >= 14){
+                System.out.println("Skip testing NSS " + version);
+                return true;
+            }
         }
 
         return false;

test/jdk/sun/security/pkcs11/ec/TestECDH.java

@@ -111,6 +111,7 @@ protected boolean skipTest(Provider p) {
          * PKCS11Test.main will remove this provider if needed
          */
         Providers.setAt(p, 1);
+        System.out.println("Testing provider " + p.getName());
 
         if (false) {
             KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);