PR 438 follow ups (#440)

Follow-ups from PR #438:

1. Tighten self test timeout and sleeps (discussed offline)
2. Tighten and consolidate some test logic (see [here][1])

[1]:
#438 (comment)

Author: WillChilds-Klein

src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java

@@ -663,11 +663,11 @@ public boolean isFipsStatusOk() {
     }
     if (getSelfTestStatus() == SelfTestStatus.NOT_RUN) {
       // If FIPS self tests haven't completed, give them a 5s timeout to complete.
-      final long timeout = 5 * 1000;
+      final long timeout = 3 * 1000;
       final long deadline = System.currentTimeMillis() + timeout;
       while (getSelfTestStatus() == SelfTestStatus.NOT_RUN) {
         try {
-          Thread.sleep(10);
+          Thread.sleep(1);
         } catch (Exception e) {
           throw new RuntimeCryptoException(e);
         }

tst/com/amazon/corretto/crypto/provider/test/EvpKeyFactoryTest.java

@@ -86,17 +86,10 @@ public static void setupParameters() throws Exception {
     }
 
     for (String algorithm : ALGORITHMS) {
-      KeyPairGenerator kpg;
-      if (algorithm.startsWith("ML-DSA")
-          || (algorithm.startsWith("Ed") && TestUtil.getJavaVersion() < 15)) {
-        // JCE doesn't support ML-DSA until JDK24, and BouncyCastle currently
-        // serializes ML-DSA private keys via seeds.
-        // TODO: switch to BouncyCastle once BC supports CHOICE-encoded private keys
-        // Similarly, JDK doesn't support EdDSA/Ed25519 until JDK15
-        kpg = KeyPairGenerator.getInstance(algorithm, NATIVE_PROVIDER);
-      } else {
-        kpg = KeyPairGenerator.getInstance(algorithm);
-      }
+      KeyPairGenerator kpg =
+          getAlternateProvider(algorithm) == null
+              ? KeyPairGenerator.getInstance(algorithm)
+              : KeyPairGenerator.getInstance(algorithm, getAlternateProvider(algorithm));
       List<Arguments> keys = new ArrayList<>();
       if (algorithm.equals("EC")) {
         // Different curves can excercise different areas of ASN.1/DER and so should all be tested.
@@ -236,17 +229,10 @@ public void testX509Encoding(final KeyPair keyPair, final String testName) throw
     final String algorithm = pubKey.getAlgorithm();
 
     final KeyFactory nativeFactory = KeyFactory.getInstance(algorithm, NATIVE_PROVIDER);
-    final KeyFactory jceFactory;
-    if (algorithm.startsWith("ML-DSA")
-        || (algorithm.startsWith("Ed") && TestUtil.getJavaVersion() < 15)) {
-      // JCE doesn't support ML-DSA until JDK24, and BouncyCastle currently
-      // serializes ML-DSA private keys via seeds.
-      // TODO: switch to BouncyCastle once BC supports CHOICE-encoded private keys
-      // Similarly, JDK doesn't support EdDSA/Ed25519 until JDK15
-      jceFactory = KeyFactory.getInstance(algorithm, NATIVE_PROVIDER);
-    } else {
-      jceFactory = KeyFactory.getInstance(algorithm);
-    }
+    final KeyFactory jceFactory =
+        getAlternateProvider(algorithm) == null
+            ? KeyFactory.getInstance(algorithm)
+            : KeyFactory.getInstance(algorithm, getAlternateProvider(algorithm));
 
     final X509EncodedKeySpec nativeSpec =
         nativeFactory.getKeySpec(pubKey, X509EncodedKeySpec.class);
@@ -315,17 +301,10 @@ public void testPKCS8Encoding(final KeyPair keyPair, final String testName) thro
     final String algorithm = privKey.getAlgorithm();
 
     final KeyFactory nativeFactory = KeyFactory.getInstance(algorithm, NATIVE_PROVIDER);
-    final KeyFactory jceFactory;
-    if (algorithm.startsWith("ML-DSA")
-        || (algorithm.startsWith("Ed") && TestUtil.getJavaVersion() < 15)) {
-      // JCE doesn't support ML-DSA until JDK24, and BouncyCastle currently
-      // serializes ML-DSA private keys via seeds.
-      // TODO: switch to BouncyCastle once BC supports CHOICE-encoded private keys
-      // Similarly, JDK doesn't support EdDSA/Ed25519 until JDK15
-      jceFactory = KeyFactory.getInstance(algorithm, NATIVE_PROVIDER);
-    } else {
-      jceFactory = KeyFactory.getInstance(algorithm);
-    }
+    final KeyFactory jceFactory =
+        getAlternateProvider(algorithm) == null
+            ? KeyFactory.getInstance(algorithm)
+            : KeyFactory.getInstance(algorithm, getAlternateProvider(algorithm));
 
     final PKCS8EncodedKeySpec nativeSpec =
         nativeFactory.getKeySpec(privKey, PKCS8EncodedKeySpec.class);
@@ -740,6 +719,25 @@ private static class Samples<T> {
     }
   }
 
+  // This method is used to determine whether tests should use an alternate provider for a given
+  // algorithm. In cases where JCE doesn't support the requested algorithm, the alternate provider
+  // will be returned. In cases where JCE does support the requested algorithm, null will be
+  // returned.
+  private static Provider getAlternateProvider(String algorithm) {
+    // JCE doesn't support ML-DSA until JDK24, and BouncyCastle currently serializes ML-DSA private
+    // keys via seeds.
+    // TODO: switch to BouncyCastle once BC supports CHOICE-encoded private keys
+    if ((algorithm.startsWith("ML-DSA") && TestUtil.getJavaVersion() < 24)
+        // Similarly, JDK doesn't support EdDSA/Ed25519 until JDK15
+        || ((algorithm.equals("Ed25519")
+                || algorithm.equals("Ed25519ph")
+                || algorithm.equals("EdDSA"))
+            && TestUtil.getJavaVersion() < 15)) {
+      return NATIVE_PROVIDER;
+    }
+    return null;
+  }
+
   public static class NullDataKey implements Key {
     private static final long serialVersionUID = 1;
     private final Key delegate;