From 2c2f0446f32503179886b661e339a19d7c50639a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 16 Jan 2024 19:45:48 +0700
Subject: [PATCH] Exclude CKF_EC_OID

---
 .../mozilla/jss/pkcs11/PKCS11Constants.java   |  7 ++++++
 .../jss/tests/TestPKCS11Constants.java        | 24 +++++++++++++++----
 tools/build_pkcs11_constants.py               |  3 +--
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java b/src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java
index f578a64fe..ee0ba46cc 100644
--- a/src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java
+++ b/src/main/java/org/mozilla/jss/pkcs11/PKCS11Constants.java
@@ -4955,6 +4955,13 @@ public interface PKCS11Constants {
      */
     public static final long CKF_EC_OID = 0x00800000L;
 
+    /**
+     * Content automatically generated; see NSS documentation for more information.
+     *
+     * Source file: /usr/include/nss3/pkcs11t.h
+     */
+    public static final long CKF_EC_NAMEDCURVE = 0x00800000L;
+
     /**
      * Content automatically generated; see NSS documentation for more information.
      *
diff --git a/src/test/java/org/mozilla/jss/tests/TestPKCS11Constants.java b/src/test/java/org/mozilla/jss/tests/TestPKCS11Constants.java
index e8ea5d92c..1dbf4e2a8 100644
--- a/src/test/java/org/mozilla/jss/tests/TestPKCS11Constants.java
+++ b/src/test/java/org/mozilla/jss/tests/TestPKCS11Constants.java
@@ -1,9 +1,22 @@
 package org.mozilla.jss.tests;
 
-import java.lang.reflect.*;
-import java.util.*;
+import java.lang.reflect.Field;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Set;
 
 public class TestPKCS11Constants {
+
+    public static Set<String> EXCLUDE = new HashSet<>(Arrays.asList(
+            // The following constants are defined differently in NSS and OpenJDK
+            // so they cannot be compared.
+            // https://github.com/nss-dev/nss/blob/main/lib/util/pkcs11t.h#L1308
+            // https://github.com/openjdk/jdk/blob/master/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java#L1045
+            "CKF_EC_OID",
+            "CKF_EC_NAMEDCURVE"
+    ));
+
     /**
      * This test compares the value of the PKCS11Constants that is maintained
      * by JSS against the values maintained by Sun in the equivalent methods.
@@ -13,8 +26,8 @@ public class TestPKCS11Constants {
      */
     public static void main(String[] args) throws Exception {
         // Query the two classes to get references to their definitions.
-        Class jss = Class.forName("org.mozilla.jss.pkcs11.PKCS11Constants");
-        Class sun = Class.forName("sun.security.pkcs11.wrapper.PKCS11Constants");
+        Class<?> jss = Class.forName("org.mozilla.jss.pkcs11.PKCS11Constants");
+        Class<?> sun = Class.forName("sun.security.pkcs11.wrapper.PKCS11Constants");
 
         assert(!jss.equals(sun));
 
@@ -44,6 +57,9 @@ public static void main(String[] args) throws Exception {
         Arrays.sort(keys_sorted);
 
         for (String key : keys_sorted) {
+
+            if (EXCLUDE.contains(key)) continue;
+
             // If the field is present in both, validate that the value
             // is the same across JSS and Sun implementation. Otherwise,
             // output which implementation it is present in.
diff --git a/tools/build_pkcs11_constants.py b/tools/build_pkcs11_constants.py
index e4c6b49c2..d68dc6f69 100755
--- a/tools/build_pkcs11_constants.py
+++ b/tools/build_pkcs11_constants.py
@@ -27,8 +27,7 @@
     'CK_CALLBACK_FUNCTION',
     'CK_DECLARE_FUNCTION',
     'CK_DECLARE_FUNCTION_POINTER',
-    'CK_UNAVAILABLE_INFORMATION',
-    'CKF_EC_NAMEDCURVE'  # deprecated in PKCS #11 3.0
+    'CK_UNAVAILABLE_INFORMATION'
 ]
 
 logger = logging.getLogger(__name__)