RFR: 8375242: Improve jpackage signing coverage
Alexey Semenyuk
asemenyuk at openjdk.org
Thu Jan 15 03:39:01 UTC 2026
Refactor signing tests covering gaps listed in the [CR description](https://bugs.openjdk.org/browse/JDK-8375242).
Old test signatures:
SigningAppImageTest.test(true, true, ASCII_INDEX)
SigningAppImageTest.test(true, true, UNICODE_INDEX)
SigningAppImageTest.test(true, false, UNICODE_INDEX)
SigningAppImageTest.test(false, true, INVALID_INDEX)
SigningAppImageTwoStepsTest.test(true, true)
SigningAppImageTwoStepsTest.test(true, false)
SigningAppImageTwoStepsTest.test(false, true)
SigningPackageTest.test(true, true, true, ASCII_INDEX)
SigningPackageTest.test(true, true, true, UNICODE_INDEX)
SigningPackageTest.test(false, true, true, UNICODE_INDEX)
SigningPackageTest.test(false, true, false, UNICODE_INDEX)
SigningPackageTest.test(false, false, true, UNICODE_INDEX)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]}; {MAC_DMG={--mac-signing-key-user-name: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]}, MAC_PKG={--mac-signing-key-user-name: CertificateRequest[name=Developer ID Installer: jpackage.openjdk.java.net, ...]}})
SigningPackageTwoStepTest.test({MAC_DMG={--mac-signing-key-user-name: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]}, MAC_PKG={--mac-signing-key-user-name: CertificateRequest[name=Developer ID Installer: jpackage.openjdk.java.net, ...]}})
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]})
SigningPackageTwoStepTest.test(app-image={--mac-app-image-sign-identity: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]}; {MAC_DMG={--mac-app-image-sign-identity: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]}, MAC_PKG={--mac-installer-sign-identity: CertificateRequest[name=Developer ID Installer: jpackage.openjdk.java.net, ...]}})
SigningPackageTwoStepTest.test({MAC_DMG={--mac-app-image-sign-identity: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]}, MAC_PKG={--mac-installer-sign-identity: CertificateRequest[name=Developer ID Installer: jpackage.openjdk.java.net, ...]}})
SigningPackageTwoStepTest.test(app-image={--mac-app-image-sign-identity: CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, ...]})
SigningRuntimeImagePackageTest.test(true, INVALID_INDEX, INVALID_INDEX)
SigningRuntimeImagePackageTest.test(true, INVALID_INDEX, ASCII_INDEX)
SigningRuntimeImagePackageTest.test(true, UNICODE_INDEX, INVALID_INDEX)
SigningRuntimeImagePackageTest.test(true, UNICODE_INDEX, ASCII_INDEX)
SigningRuntimeImagePackageTest.test(false, INVALID_INDEX, INVALID_INDEX)
SigningRuntimeImagePackageTest.test(false, INVALID_INDEX, ASCII_INDEX)
New test signatures:
SigningAppImageTest.test({--mac-signing-key-user-name: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-signing-key-user-name/full: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-app-image-sign-identity: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-signing-key-user-name: CODESIGN_UNICODE}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-signing-key-user-name/full: CODESIGN_UNICODE}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-app-image-sign-identity: CODESIGN_UNICODE}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image=unsigned; {--mac-signing-key-user-name: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image=unsigned; {--mac-signing-key-user-name/full: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image=unsigned; {--mac-app-image-sign-identity: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image={--mac-app-image-sign-identity: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image={--mac-app-image-sign-identity: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name/full: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image={--mac-app-image-sign-identity: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-app-image-sign-identity: CODESIGN}@jpackagerTest.keychain)
SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN_UNICODE}, MAC_DMG)
SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN_UNICODE}, {--mac-signing-key-user-name: PKG_UNICODE}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-signing-key-user-name/full: CODESIGN_UNICODE}, MAC_DMG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN_UNICODE}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-installer-sign-identity: PKG_UNICODE}, MAC_PKG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN_UNICODE}, {--mac-installer-sign-identity: PKG_UNICODE}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.testBundleSignedAppImage
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; {--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image=unsigned; {--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; {--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image=unsigned; {--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; {--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; {--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.testBundleSignedRuntime()
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; {--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; {--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; {--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; {--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; {--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; {--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; {--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; {--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; {--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; {--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; {--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; {--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, {--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; {--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, {--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; {--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, {--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; {--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, {--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; {--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, {--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; {--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, {--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; {--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
MacSignTest.java and EntitlementsTest.java tests refactored without functional changes.
Additionally:
- Move "SigningBase.java" to the correct location in the test source tree.
Blocked by https://github.com/openjdk/jdk/pull/29241 PR.
-------------
Commit messages:
- SigningPackageTest: fix the test selector
- SigningRuntimeImagePackageTest: remove redundant test cases and improve performance
- Make JPackageCommand.createInputRuntimeImage() and MacHelper.createRuntimeBundle() configurable
- Undo 8371438
- Update copyright year
- Add MacHelper.NamedCertificateRequestSupplier; Use MacHelper.SignKeyOption.Type.SIGN_KEY_USER_FULL_NAME; add SignKeyOption.Name enum; streamline MacSignTest and MacHelper.SignKeyOption
- Document MacHelper.SignKeyOption.Type; rename MacHelper.SignKeyOption.Type.SIGN_KEY_USER_NAME into MacHelper.SignKeyOption.Type.SIGN_KEY_USER_SHORT_NAME
- SigningPackageTest: simplify
- Add MacHelper.ResolvableCertificateRequest class; add SignKeyOption.asCmdlineArgs()
- Refactor signing tests to support --mac-sign without signing key option and improve test coverage; Move SigningBase.java to the correct location in the source tree.
- ... and 3 more: https://git.openjdk.org/jdk/compare/20bd178b...f55906bc
Changes: https://git.openjdk.org/jdk/pull/29205/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=29205&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8375242
Stats: 1943 lines in 13 files changed: 974 ins; 550 del; 419 mod
Patch: https://git.openjdk.org/jdk/pull/29205.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/29205/head:pull/29205
PR: https://git.openjdk.org/jdk/pull/29205
More information about the core-libs-dev
mailing list