RFR: 8354990: Improve negative tests coverage for jpackage signing
Alexey Semenyuk
asemenyuk at openjdk.org
Fri Apr 18 21:36:28 UTC 2025
Add tests for the following test cases:
- Expired certificate specified for signing;
- Multiple certificates with the same name in one keychain.
Adding the new tests revealed an issue with MacCertificate - [JDK-8354989](https://bugs.openjdk.org/browse/JDK-8354989). This issue is also addressed in this PR.
Additionally:
- Moved code to verify signatures in MacSignVerify class and reworked SigningBase verify functions to use MacSignVerify API.
-------------
Commit messages:
- Trailing whitespace clean up
- Make SigningBase use MacSignVerify for signatures verification
- Add MacSignTest.testSelectSigningIdentity() to cover cases when full signing identity name is specified.
- - Add expired certificates to SigningBase. Add standard certificate prefixes to MacSign.
- Support expired certificates. Support multiple SHA in MacSign.CertificateHash
- Add MacVerifySign
- MacCertificate: bugfix
Changes: https://git.openjdk.org/jdk/pull/24762/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=24762&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8354990
Stats: 955 lines in 7 files changed: 717 ins; 134 del; 104 mod
Patch: https://git.openjdk.org/jdk/pull/24762.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/24762/head:pull/24762
PR: https://git.openjdk.org/jdk/pull/24762
More information about the core-libs-dev
mailing list