RFR: 8352176: Automate setting up environment for mac signing tests

Alexander Matveev almatvee at openjdk.org
Thu Mar 20 02:04:19 UTC 2025 

On Mon, 17 Mar 2025 19:51:36 GMT, Alexey Semenyuk <asemenyuk at openjdk.org> wrote:

> Automate setting up an environment for mac signing tests: create keychain(s), self-signing certificates, and register them in the system.
> 
> To set up the environment, run `make test-only TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=setup` command.
> 
> The above command will create "jpackagerTest.keychain" keychain, one private RSA key, and four self-signed certificates using this key:
> | Certificate common name (CN) | Usage |
> |----------------------------------|-----|
> | Developer ID Application: jpackage.openjdk.java.net|Code sign|
> | Developer ID Installer: jpackage.openjdk.java.net|.pkg sign|
> | Developer ID Application: jpackage.openjdk.java.net (ö)|Code sign|
> | Developer ID Installer: jpackage.openjdk.java.net (ö)|.pkg sign|
> 
> Certificates will be added to the list of trusted certificates using a sequence of `security add-trusted-cert...` commands (one command per certificate). This step will require user interaction to enter the user account password as many times as the number of created certificates (four). A user will be presented with the "Trust certificate" dialog describing which certificate is about to be added to the list of trusted certificates before the dialog prompting the user password pops up:
> <img width="440" alt="trust-cert-prompt" src="https://github.com/user-attachments/assets/a67d0966-2dea-4bc6-93a6-f52dad599898" />
> 
> When the user presses the "OK" button on the "Trust certificate" dialog, the dialog prompting the user password will pop up:
> <img width="800" alt="trust-cert-prompt-2" src="https://github.com/user-attachments/assets/1d1f022d-54ac-4a7e-8d0a-9bfe65c76b49" />
> 
> Suppose the user presses the "Cancel" button on the "Trust certificate" dialog. In that case, the dialog prompting the user password will NOT pop up, and the whole sequence of adding certificates to the list of trusted certificates will abort.
> 
> If the user presses the "Cancel" button on the dialog prompting the user password, it will be dismissed, and the user will start over with the same "Trust certificate" dialog.
> 
> Every "Trust certificate" dialog has a one-minute timeout. If the dialog is automatically dismissed because of the timeout expiration, adding certificates to the list of trusted certificates will abort.
> 
> To tear down the environment, run `make test-only TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=teardown` command. This command will unlink and delete...

test/jdk/tools/jpackage/helpers/jdk/jpackage/test/MacSign.java line 336:

> 334: 
> 335:             private String validatedName() {
> 336:                 return Optional.ofNullable(name).orElse("jpackagerTest.keychain");

`jpackagerTest.keychain` -> `jpackageTest.keychain`. Without 'r'.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24087#discussion_r2004661374

More information about the core-libs-dev mailing list