/hg/icedtea-web: handling of multiple testing certificates in bulk
    jvanek at icedtea.classpath.org 
    jvanek at icedtea.classpath.org
       
    Wed May 30 03:31:11 PDT 2012
    
    
  
changeset 017d474ea1e5 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=017d474ea1e5
author: Jiri Vanek <jvanek at redhat.com>
date: Wed May 30 12:31:19 2012 +0200
	handling of multiple testing certificates in bulk
diffstat:
 ChangeLog               |  26 ++++++++++++++
 Makefile.am             |  87 +++++++++++++++++++++++++++++++++---------------
 tests/jnlp_tests/README |   5 ++
 3 files changed, 90 insertions(+), 28 deletions(-)
diffs (215 lines):
diff -r f4f02e8c080d -r 017d474ea1e5 ChangeLog
--- a/ChangeLog	Tue May 29 17:38:27 2012 +0200
+++ b/ChangeLog	Wed May 30 12:31:19 2012 +0200
@@ -1,3 +1,29 @@
+2012-05-30  Jiri Vanek  <jvanek at redhat.com>
+
+	Enabled multiple certificates and extracted variables
+	* Makefile.am: EXPORTED_TEST_CERT by EXPORTED_TEST_CERT_PREFIX and 
+	EXPORTED_TEST_CERT_SUFIX for further composition
+	SIGNED_REPRODUCERS new variable for  iterating through signed reproducers
+	SIMPLE_REPRODUCERS new variable for  iterating through simple reproducers
+	ALL_REPRODUCER new variable for  iterating through all reproducers
+	(junit-jnlp-dist-signed.txt) replaced by
+	(stamps/junit-jnlp-dist-signed.stamp) which generates 
+	junit-jnlp-dist-signedX.txt for each directory with signed reproducers
+	(stamps/netx-dist-tests-prepare-reproducers.stamp)
+	(stamps/change-dots-to-paths.stamp) 
+	(stamps/netx-dist-tests-compile-testcases.stamp)
+	(run-netx-dist-codecoverage): extracted variables
+	(clean-netx-dist-tests): iterates through all the list and removes them
+	(stamps/netx-dist-tests-sign-some-reproducers.stamp): now iterate through
+	SIGNED_REPRODUCERS and creates special certificate for each member. Each
+	jar from this directory is then signed by corresponding certificate
+	(netx-dist-tests-remove-cert-from-public): iterates through all certificates
+	(stamps/netx-dist-tests-import-cert-to-public): exports each certificate
+	created during tests preparations
+	($(EXPORTED_TEST_CERT)) replaced by stamps/exported-test-certs.stamp which
+	create for each of SIGNED_REPRODUCERS individual certificate
+	(tests/jnlp_tests/README): mentioned possibility of multiple certificate
+
 2012-05-29  Jiri Vanek  <jvanek at redhat.com>
 
 	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (getPermissions):
diff -r f4f02e8c080d -r 017d474ea1e5 Makefile.am
--- a/Makefile.am	Tue May 29 17:38:27 2012 +0200
+++ b/Makefile.am	Wed May 30 12:31:19 2012 +0200
@@ -24,7 +24,8 @@
 JNLP_TESTS_DIR=$(TESTS_DIR)/jnlp_tests
 PRIVATE_KEYSTORE_NAME=teststore.ks
 PRIVATE_KEYSTORE_PASS=123456789
-EXPORTED_TEST_CERT=icedteatests.crt
+EXPORTED_TEST_CERT_PREFIX=icedteatests
+EXPORTED_TEST_CERT_SUFIX=crt
 TEST_CERT_ALIAS=icedteaweb
 PUBLIC_KEYSTORE=${HOME}/.icedtea/security/trusted.certs
 PUBLIC_KEYSTORE_PASS=changeit
@@ -35,6 +36,10 @@
 REPRODUCERS_CLASS_WHITELIST = $(abs_top_srcdir)/netx-dist-tests-whitelist
 EMMA_JAVA_ARGS=-Xmx2G
 META_MANIFEST = META-INF/MANIFEST.MF
+SIGNED_REPRODUCERS=signed
+SIMPLE_REPRODUCERS=simple
+ALL_REPRODUCERS=$(SIMPLE_REPRODUCERS) $(SIGNED_REPRODUCERS)
+
 
 # linking variables
 PLUGIN_LINK_NAME=libjavaplugin.so
@@ -487,7 +492,7 @@
 	  @junit-runner-source-files.txt && \
 	$(BOOT_DIR)/bin/jar cf $@  -C $(JUNIT_RUNNER_DIR) .
 
-stamps/junit-jnlp-dist-dirs: junit-jnlp-dist-simple.txt junit-jnlp-dist-signed.txt
+stamps/junit-jnlp-dist-dirs: junit-jnlp-dist-simple.txt stamps/junit-jnlp-dist-signed.stamp
 	mkdir -p $(JNLP_TESTS_SERVER_DEPLOYDIR)
 	mkdir -p $(JNLP_TESTS_DIR)
 	touch $@
@@ -496,12 +501,18 @@
 	cd $(JNLP_TESTS_SRCDIR)/simple/ ; \
 	find .  -maxdepth 1 -mindepth 1 | sed "s/.\/*//" > $(abs_top_builddir)/$@
 
-junit-jnlp-dist-signed.txt: 
-	cd $(JNLP_TESTS_SRCDIR)/signed/ ; \
-	find .  -maxdepth 1 -mindepth 1 | sed "s/.\/*//" > $(abs_top_builddir)/$@
+stamps/junit-jnlp-dist-signed.stamp: 
+	types=($(SIGNED_REPRODUCERS)) ; \
+	for which in "$${types[@]}" ; do \
+	  pushd $(JNLP_TESTS_SRCDIR)/$$which/ ; \
+	  find .  -maxdepth 1 -mindepth 1 | sed "s/.\/*//" > $(abs_top_builddir)/junit-jnlp-dist-$$which.txt ; \
+	  popd ; \
+	done ; \
+	mkdir -p stamps && \
+	touch $@
 
 stamps/netx-dist-tests-prepare-reproducers.stamp: stamps/junit-jnlp-dist-dirs
-	types=(simple signed); \
+	types=($(ALL_REPRODUCERS)); \
 	for which in "$${types[@]}" ; do \
 	  . $(abs_top_srcdir)/NEW_LINE_IFS ; \
 	  simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
@@ -535,19 +546,23 @@
 
 stamps/netx-dist-tests-sign-some-reproducers.stamp: stamps/netx-dist-tests-prepare-reproducers.stamp
 	keystore=$(abs_top_builddir)/$(PRIVATE_KEYSTORE_NAME); \
-	$(BOOT_DIR)/bin/keytool -genkey -alias $(TEST_CERT_ALIAS) -keystore $$keystore -keypass $(PRIVATE_KEYSTORE_PASS) -storepass $(PRIVATE_KEYSTORE_PASS) -dname "cn=$(TEST_CERT_ALIAS), ou=$(TEST_CERT_ALIAS), o=$(TEST_CERT_ALIAS), c=$(TEST_CERT_ALIAS)" ; \
-	  . $(abs_top_srcdir)/NEW_LINE_IFS ; \
-	signedReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-signed.txt `); \
-	  IFS="$$IFS_BACKUP" ; \
-	for dir in "$${signedReproducers[@]}" ; do \
-	 $(BOOT_DIR)/bin/jarsigner -keystore $$keystore -storepass $(PRIVATE_KEYSTORE_PASS) -keypass $(PRIVATE_KEYSTORE_PASS)  "$(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar"  $(TEST_CERT_ALIAS) ; \
- 	done ; \
- 	mkdir -p stamps && \
- 	touch $@
+	types=($(SIGNED_REPRODUCERS)) ; \
+	for which in "$${types[@]}" ; do \
+	  tcaw=$(TEST_CERT_ALIAS)_$$which ; \
+	  $(BOOT_DIR)/bin/keytool -genkey -alias $$tcaw -keystore $$keystore -keypass $(PRIVATE_KEYSTORE_PASS) -storepass $(PRIVATE_KEYSTORE_PASS) -dname "cn=$$tcaw, ou=$$tcaw, o=$$tcaw, c=$$tcaw" ; \
+	    . $(abs_top_srcdir)/NEW_LINE_IFS ; \
+	  signedReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
+	    IFS="$$IFS_BACKUP" ; \
+	  for dir in "$${signedReproducers[@]}" ; do \
+	   $(BOOT_DIR)/bin/jarsigner -keystore $$keystore -storepass $(PRIVATE_KEYSTORE_PASS) -keypass $(PRIVATE_KEYSTORE_PASS)  "$(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar"  $$tcaw ; \
+	  done ; \
+	done ; \
+	mkdir -p stamps && \
+	touch $@
 
 stamps/change-dots-to-paths.stamp: stamps/netx-dist-tests-sign-some-reproducers.stamp
 	pushd  $(JNLP_TESTS_SERVER_DEPLOYDIR); \
-	types=(simple signed); \
+	types=($(ALL_REPRODUCERS)); \
 	for which in "$${types[@]}" ; do \
 	  . $(abs_top_srcdir)/NEW_LINE_IFS ; \
 	  simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
@@ -578,16 +593,27 @@
 	touch $@
 
 #this always tries to remove  previous testcert
-$(EXPORTED_TEST_CERT): stamps/change-dots-to-paths.stamp netx-dist-tests-remove-cert-from-public
-	keytool -export -alias $(TEST_CERT_ALIAS) -file $(EXPORTED_TEST_CERT) -storepass $(PRIVATE_KEYSTORE_PASS) -keystore $(PRIVATE_KEYSTORE_NAME) 
+stamps/exported-test-certs.stamp: stamps/change-dots-to-paths.stamp netx-dist-tests-remove-cert-from-public
+	types=($(SIGNED_REPRODUCERS)) ; \
+	for which in "$${types[@]}" ; do \
+	  keytool -export -alias $(TEST_CERT_ALIAS)_$$which -file $(EXPORTED_TEST_CERT_PREFIX)_$$which.$(EXPORTED_TEST_CERT_SUFIX) -storepass $(PRIVATE_KEYSTORE_PASS) -keystore $(PRIVATE_KEYSTORE_NAME) ; \
+	done ;
+	mkdir -p stamps && \
+	touch $@
 
-stamps/netx-dist-tests-import-cert-to-public: $(EXPORTED_TEST_CERT)
-	yes | $(BOOT_DIR)/bin/keytool -import -alias $(TEST_CERT_ALIAS) -keystore $(PUBLIC_KEYSTORE) -storepass $(PUBLIC_KEYSTORE_PASS) -file $(EXPORTED_TEST_CERT); \
- 	mkdir -p stamps && \
- 	touch $@
+stamps/netx-dist-tests-import-cert-to-public: stamps/exported-test-certs.stamp
+	types=($(SIGNED_REPRODUCERS)) ; \
+	for which in "$${types[@]}" ; do \
+	  yes | $(BOOT_DIR)/bin/keytool -import -alias $(TEST_CERT_ALIAS)_$$which -keystore $(PUBLIC_KEYSTORE) -storepass $(PUBLIC_KEYSTORE_PASS) -file $(EXPORTED_TEST_CERT_PREFIX)_$$which.$(EXPORTED_TEST_CERT_SUFIX) ;\
+	done ;
+	mkdir -p stamps && \
+	touch $@
 
 netx-dist-tests-remove-cert-from-public:
-	-$(BOOT_DIR)/bin/keytool -delete -alias $(TEST_CERT_ALIAS) -keystore $(PUBLIC_KEYSTORE) -storepass $(PUBLIC_KEYSTORE_PASS)
+	-types=($(SIGNED_REPRODUCERS)) ; \
+	for which in "$${types[@]}" ; do \
+	  $(BOOT_DIR)/bin/keytool -delete -alias $(TEST_CERT_ALIAS)_$$which -keystore $(PUBLIC_KEYSTORE) -storepass $(PUBLIC_KEYSTORE_PASS) ; \
+	done ;
 	-rm -rf stamps/netx-dist-tests-import-cert-to-public
 
 netx-dist-tests-source-files.txt:
@@ -605,7 +631,7 @@
 
 stamps/netx-dist-tests-compile-testcases.stamp: stamps/netx.stamp stamps/junit-jnlp-dist-dirs \
  netx-dist-tests-source-files.txt stamps/netx-dist-tests-compile.stamp
-	types=(simple signed); \
+	types=($(ALL_REPRODUCERS)); \
 	for which in "$${types[@]}" ; do \
 	  . $(abs_top_srcdir)/NEW_LINE_IFS ; \
 	  simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
@@ -876,7 +902,7 @@
 	chmod 777 $(DESTDIR)$(bindir)/$(javaws) ; \
 	testcases_srcs=( ) ; \
 	k=0 ; \
-	types=(simple signed); \
+	types=($(ALL_REPRODUCERS)); \
 	for which in "$${types[@]}" ; do \
 	  . $(abs_top_srcdir)/NEW_LINE_IFS ; \
 	  simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
@@ -940,7 +966,7 @@
 if WITH_EMMA
 	cd $(TESTS_DIR) ; \
 	k=0 ; \
-	types=(simple signed); \
+	types=($(ALL_REPRODUCERS)); \
 	for which in "$${types[@]}" ; do \
 	  . $(abs_top_srcdir)/NEW_LINE_IFS ; \
 	  simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
@@ -1004,10 +1030,15 @@
 	rm -f stamps/netx-dist-tests-sign-some-reproducers.stamp
 	rm -f stamps/change-dots-to-paths.stamp
 	rm -f junit-jnlp-dist-simple.txt
-	rm -f junit-jnlp-dist-signed.txt
+	types=($(SIGNED_REPRODUCERS)) ; \
+	for which in "$${types[@]}" ; do \
+	  rm -f junit-jnlp-dist-$$which.txt ; \
+	  rm -f $(EXPORTED_TEST_CERT_PREFIX)_$$which.$(EXPORTED_TEST_CERT_SUFIX) ; \
+	done ;
+	rm -f stamps/exported-test-certs.stamp
+	rm -f stamps/junit-jnlp-dist-signed.stamp
 	rm -f $(REPRODUCERS_CLASS_NAMES)
 	rm -f $(abs_top_builddir)/$(PRIVATE_KEYSTORE_NAME)
-	rm -f $(EXPORTED_TEST_CERT)
 	rm -f stamps/run-netx-dist-tests.stamp
 
 clean-unit-test-code-coverage:
diff -r f4f02e8c080d -r 017d474ea1e5 tests/jnlp_tests/README
--- a/tests/jnlp_tests/README	Tue May 29 17:38:27 2012 +0200
+++ b/tests/jnlp_tests/README	Wed May 30 12:31:19 2012 +0200
@@ -8,3 +8,8 @@
  parts inside simple directory, so some parts of them are processed automatically.
  There are three reproducers â simpletest1, simpletest2 and deadlocktest, which tests 
  testâs suite itself and serve as examples of behaviour.
+
+Directory "signed" is listed in Makefile.am. You can specify as much to-be-signed
+directories as you want. And jars in each of those signed directories will be 
+signed  by their's own unique key (number of signed directories == number of certificates).
+Do not forget to add each this directory into list n Makefile.am
    
    
More information about the distro-pkg-dev
mailing list