RFR 8075618: Create tests to check jarsigner work with multi-version jar

Wang Weijun weijun.wang at oracle.com
Sun Dec 18 23:55:36 UTC 2016 

> On Dec 19, 2016, at 5:38 AM, Amanda Jiang <amanda.jiang at oracle.com> wrote:
> 
> Hi Paul, Artem and Max,
> 
> Thanks for your comments.  Please check the new webrev at: http://cr.openjdk.java.net/~amjiang/8075618/webrev.03/  (It looks like "cr.openjdk.java.net" is down, I also attach the webrev with this email).
> 
> In the new webrev, I fixed some syntax issue mentioned by Paul and also simplied the test codes with Artem and Max's suggestions.  Unfortunately I cannot fully apply some functions from http://hg.openjdk.java.net/jdk9/dev/jdk/file/d4d7f1f0d688/test/lib/security/SecurityTools.java . Those functions returns deprecated "OutputAnalyzer " class in http://hg.openjdk.java.net/jdk9/dev/jdk/file/ab164f8b8569/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java ,  which conflicts with the "OubputAnalyzer" class I imported for my test ( http://hg.openjdk.java.net/jdk9/dev/file/5e79c9bac1b5/test/lib/jdk/test/lib/process/OutputAnalyzer.java)

This is a pity. We should move it to the root repo before more people start using it.

> 
> Max,
> 
> I also add one test case for permission granted to signed multi-release jar files,

Maybe it's better to move the checkPermission() calls into v9/version/Version.java? This would demonstrate that the versioned class itself is granted permissions.

In order to make sure it's not another version of Version.java that is running, I think you can call assertContains("I am running on version 10").

And if you don't intend to reuse Main.java, I think it's not worth passing into arguments.

Thanks
Max

> other functional tests are covered by http://hg.openjdk.java.net/jdk9/dev/jdk/file/ab164f8b8569/test/java/util/jar/JarFile/mrjar/MultiReleaseJarSecurity.java
> 
> Thanks
> Amanda
> On 12/12/16 6:31 PM, Wang Weijun wrote:
>> Hi Amanda
>> 
>> Can you also test the new JarSigner API?
>> 
>>    http://hg.openjdk.java.net/jdk9/dev/jdk/rev/ce33c780cfbd
>> 
>> line 2.72 has an example on it.
>> 
>>> On Dec 13, 2016, at 9:22 AM, Artem Smotrakov <artem.smotrakov at oracle.com> wrote:
>>> 
>>> You can use http://hg.openjdk.java.net/jdk9/dev/jdk/file/d4d7f1f0d688/test/lib/security/SecurityTools.java which would simplify the code. This lib was added to be used in such tests.
>> Correct. I also wonder if there are existing methods on javac compilation.
>> 
>> Do we have existing tests on checking if a signed multi-version jar works as expected? Say, permission granted, getCertificates() returning non-null, etc?
>> 
>> Thanks
>> Max
>> 
> 
> <webrev.zip>

More information about the security-dev mailing list