Integrated: 8352176: Automate setting up environment for mac signing tests

Alexey Semenyuk asemenyuk at openjdk.org
Mon Mar 24 22:49:19 UTC 2025 

On Mon, 17 Mar 2025 19:51:36 GMT, Alexey Semenyuk <asemenyuk at openjdk.org> wrote:

> Automate setting up an environment for mac signing tests: create keychain(s), self-signing certificates, and register them in the system.
> 
> To set up the environment, run `make test-only TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java JTREG=JAVA_OPTIONS=-Djpackage.test.MacSignTests=setup` command.
> 
> The above command will create "jpackagerTest.keychain" keychain, one private RSA key, and four self-signed certificates using this key:
> | Certificate common name (CN) | Usage |
> |----------------------------------|-----|
> | Developer ID Application: jpackage.openjdk.java.net|Code sign|
> | Developer ID Installer: jpackage.openjdk.java.net|.pkg sign|
> | Developer ID Application: jpackage.openjdk.java.net (ö)|Code sign|
> | Developer ID Installer: jpackage.openjdk.java.net (ö)|.pkg sign|
> 
> Certificates will be added to the list of trusted certificates using a sequence of `security add-trusted-cert...` commands (one command per certificate). This step will require user interaction to enter the user account password as many times as the number of created certificates (four). A user will be presented with the "Trust certificate" dialog describing which certificate is about to be added to the list of trusted certificates before the dialog prompting the user password pops up:
> <img width="440" alt="trust-cert-prompt" src="https://github.com/user-attachments/assets/a67d0966-2dea-4bc6-93a6-f52dad599898" />
> 
> When the user presses the "OK" button on the "Trust certificate" dialog, the dialog prompting the user password will pop up:
> <img width="800" alt="trust-cert-prompt-2" src="https://github.com/user-attachments/assets/1d1f022d-54ac-4a7e-8d0a-9bfe65c76b49" />
> 
> Suppose the user presses the "Cancel" button on the "Trust certificate" dialog. In that case, the dialog prompting the user password will NOT pop up, and the whole sequence of adding certificates to the list of trusted certificates will abort.
> 
> If the user presses the "Cancel" button on the dialog prompting the user password, it will be dismissed, and the user will start over with the same "Trust certificate" dialog.
> 
> Every "Trust certificate" dialog has a one-minute timeout. If the dialog is automatically dismissed because of the timeout expiration, adding certificates to the list of trusted certificates will abort.
> 
> To tear down the environment, run `make test-only TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java JTREG=JAVA_OPTIONS=-Djpackage.test.MacSignTests=teardown` command. This command will unlink ...

This pull request has now been integrated.

Changeset: 2c60fc51
Author:    Alexey Semenyuk <asemenyuk at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/2c60fc5189b9ecec8460c130a0c939195dfa5ffb
Stats:     1266 lines in 6 files changed: 1252 ins; 3 del; 11 mod

8352176: Automate setting up environment for mac signing tests

Reviewed-by: almatvee

-------------

PR: https://git.openjdk.org/jdk/pull/24087

More information about the core-libs-dev mailing list