8367994: test/jdk/sun/security/pkcs11/Signature/ tests pass when they should skip

myankelev · myankelev · commit ef7532e7e625 · 2025-12-04T18:41:12.000Z
Reviewed-by: rhalade
diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -20,8 +20,15 @@
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */
-import java.security.*;
-import java.security.spec.*;
+import jtreg.SkippedException;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Signature;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
 
 /**
  * @test
@@ -46,9 +53,7 @@ private void test(String sigAlg, Provider p) throws Exception {
         try {
             s1 = Signature.getInstance(sigAlg, p);
         } catch (NoSuchAlgorithmException e) {
-            System.out.println("Skip testing " + sigAlg +
-                " due to no support");
-            return;
+            throw new SkippedException("No support " + sigAlg);
         }
 
         byte[] msg = "hello".getBytes();
diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -20,9 +20,18 @@
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+import java.util.ArrayList;
+import java.util.List;
 
 import jtreg.SkippedException;
 
@@ -43,7 +52,7 @@ public static void main(String[] args) throws Exception {
         main(new KeyAndParamCheckForPSS(), args);
     }
 
-    private static boolean skipTest = true;
+    private static final List<String> skippedAlgs = new ArrayList<>();
 
     @Override
     public void main(Provider p) throws Exception {
@@ -73,8 +82,8 @@ public void main(Provider p) throws Exception {
         runTest(p, 1040, "SHA3-512", "SHA3-384");
         runTest(p, 1040, "SHA3-512", "SHA3-512");
 
-        if (skipTest) {
-            throw new SkippedException("Test Skipped");
+        if (!skippedAlgs.isEmpty()) {
+            throw new SkippedException("Tests Skipped: " + skippedAlgs);
         }
     }
 
@@ -84,7 +93,17 @@ private static void runTest(Provider p, int keySize, String hashAlg,
         System.out.println("Testing " + hashAlg + " and MGF1" + mgfHashAlg);
         PSSUtil.AlgoSupport s = PSSUtil.isHashSupported(p, hashAlg, mgfHashAlg);
         if (s == PSSUtil.AlgoSupport.NO) {
-            System.out.println("=> Skip; no support");
+            System.out.printf("=> Skip; no support keysize: %d, hash alg: %s, mgf Hash Alg: %s%n",
+                    keySize,
+                    hashAlg,
+                    mgfHashAlg);
+            skippedAlgs.add(
+                    String.format(
+                            "[keysize: %s, hash alg: %s, mgf Hash Alg: %s]",
+                            keySize,
+                            hashAlg,
+                            mgfHashAlg)
+            );
             return;
         }
 
@@ -108,7 +127,6 @@ private static void runTest(Provider p, int keySize, String hashAlg,
             sig.setParameter(paramsGood);
             sig.initSign(priv);
             // algorithm support confirmed
-            skipTest = false;
         } catch (Exception ex) {
             if (s == PSSUtil.AlgoSupport.MAYBE) {
                 // confirmed to be unsupported; skip the rest of the test
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,9 +21,15 @@
  * questions.
  */
 
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
+import jtreg.SkippedException;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Signature;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
 
 /*
  * @test
@@ -53,9 +59,7 @@ public void main(Provider p) throws Exception {
         try {
             sigPkcs11 = Signature.getInstance("RSASSA-PSS", p);
         } catch (NoSuchAlgorithmException e) {
-            System.out.println("Skip testing RSASSA-PSS" +
-                " due to no support");
-            return;
+            throw new SkippedException("No support for RSASSA-PSS");
         }
 
         Signature sigSunRsaSign =
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,9 +21,16 @@
  * questions.
  */
 
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
+import jtreg.SkippedException;
+
+import java.security.AlgorithmParameters;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.Signature;
+import java.security.spec.PSSParameterSpec;
 
 /*
  * @test
@@ -67,9 +74,7 @@ public void main(Provider p) throws Exception {
             try {
                 sigPkcs11 = Signature.getInstance(digest + "withRSASSA-PSS", p);
             } catch (NoSuchAlgorithmException e) {
-                System.out.println("Skip testing " + digest + "withRSASSA-PSS" +
-                    " due to no support");
-                continue;
+                throw new SkippedException("No support for " + digest + "withRSASSA-PSS");
             }
 
             runTest(sigPkcs11, sigSunRsaSign, kp);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -20,29 +20,55 @@
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
-import java.util.stream.IntStream;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+import java.util.ArrayList;
+import java.util.List;
+
 import jtreg.SkippedException;
 
 /**
- * @test
+ * @test id=sha
  * @bug 8080462 8226651 8242332
  * @summary Generate a RSASSA-PSS signature and verify it using PKCS11 provider
  * @library /test/lib ..
  * @modules jdk.crypto.cryptoki
  * @run main SignatureTestPSS
  */
+
+/**
+ * @test id=sha3
+ * @bug 8080462 8226651 8242332
+ * @summary Generate a RSASSA-PSS signature and verify it using PKCS11 provider
+ * @library /test/lib ..
+ * @modules jdk.crypto.cryptoki
+ * @run main SignatureTestPSS sha3
+ */
 public class SignatureTestPSS extends PKCS11Test {
 
     private static final String SIGALG = "RSASSA-PSS";
 
     private static final int[] KEYSIZES = { 2048, 3072 };
-    private static final String[] DIGESTS = {
+
+    private static String[] DIGESTS = null;
+
+    private static final String[] SHA_DIGESTS = {
             "SHA-224", "SHA-256", "SHA-384" , "SHA-512",
-            "SHA3-224", "SHA3-256", "SHA3-384" , "SHA3-512",
     };
+    private static final String[] SHA3_DIGESTS = {
+            "SHA3-224", "SHA3-256", "SHA3-384" , "SHA3-512"
+    };
+
     private static final byte[] DATA = generateData(100);
 
     /**
@@ -55,9 +81,12 @@ public class SignatureTestPSS extends PKCS11Test {
      */
     private static final int UPDATE_TIMES_HUNDRED = 100;
 
-    private static boolean skipTest = true;
+    private static final List<String> skippedAlgs = new ArrayList<>();
 
     public static void main(String[] args) throws Exception {
+        DIGESTS = (args.length > 0 && "sha3".equals(args[0])) ?
+                SHA3_DIGESTS : SHA_DIGESTS;
+
         main(new SignatureTestPSS(), args);
     }
 
@@ -80,24 +109,24 @@ public void main(Provider p) throws Exception {
                             PSSUtil.isHashSupported(p, hash, mgfHash);
                     if (s == PSSUtil.AlgoSupport.NO) {
                         System.out.println("    => Skip; no support");
+                        skippedAlgs.add("[Hash  = " + hash +
+                                        ", MGF1 Hash = " + mgfHash + "]");
                         continue;
                     }
                     checkSignature(p, DATA, pubKey, privKey, hash, mgfHash, s);
                 }
             };
         }
 
-        // start testing below
-        if (skipTest) {
-            throw new SkippedException("Test Skipped");
+        if (!skippedAlgs.isEmpty()) {
+            throw new SkippedException("Test Skipped :" + skippedAlgs);
         }
     }
 
     private static void checkSignature(Provider p, byte[] data, PublicKey pub,
             PrivateKey priv, String hash, String mgfHash, PSSUtil.AlgoSupport s)
             throws NoSuchAlgorithmException, InvalidKeyException,
-            SignatureException, NoSuchProviderException,
-            InvalidAlgorithmParameterException {
+            SignatureException {
 
         // only test RSASSA-PSS signature against the supplied hash/mgfHash
         // if they are supported; otherwise PKCS11 library will throw
@@ -112,14 +141,27 @@ private static void checkSignature(Provider p, byte[] data, PublicKey pub,
         } catch (InvalidAlgorithmParameterException iape) {
             if (s == PSSUtil.AlgoSupport.MAYBE) {
                 // confirmed to be unsupported; skip the rest of the test
-                System.out.println("    => Skip; no PSS support");
+                System.out.printf("    => Skip; no PSS support public key: %s, private key: %s, " +
+                                  "hash: %s, mgf hash: %s, Algo Support: %s%n",
+                        pub,
+                        priv,
+                        hash,
+                        mgfHash,
+                        s);
+                skippedAlgs.add(String.format(
+                        "[public key: %s, private key: %s, " +
+                        "hash: %s, mgf hash: %s, Algo Support: %s]",
+                        pub,
+                        priv,
+                        hash,
+                        mgfHash,
+                        s)
+                );
                 return;
             } else {
                 throw new RuntimeException("Unexpected Exception", iape);
             }
         }
-        // start testing below
-        skipTest = false;
 
         for (int i = 0; i < UPDATE_TIMES_HUNDRED; i++) {
             sig.update(data);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA.java
