RFR: 8371383: Test sun/security/tools/jarsigner/DefaultOptions.java failed due to CertificateNotYetValidException
Mikhail Yankelevich
myankelevich at openjdk.org
Fri Nov 7 12:36:02 UTC 2025
On Fri, 7 Nov 2025 05:55:34 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> The `DefaultOptions.java` test may fail as the current system time is before the signing certificate NotBefore time, when jarsigner tool validates it in `CertificateValidity.valid()`. Please review the fix in this test to avoid such intermittent timing problem. Thanks.
Changes requested by myankelevich (Committer).
test/jdk/sun/security/tools/jarsigner/DefaultOptions.java line 26:
> 24: /*
> 25: * @test
> 26: * @bug 8049834 8371383
Minor: This is a test issue, could you please remove the bug id from here, as it only tracks product ones?
test/jdk/sun/security/tools/jarsigner/DefaultOptions.java line 79:
> 77: // Add delay to help the signing certificate’s NotBefore time has
> 78: // passed and avoid CertificateNotYetValidException.
> 79: Thread.sleep(5000);
I wonder if it wouldn't be cleaner to add ` -startdate -1M ` to the cert gen instead of sleeping in the test. similar to [this pr](https://github.com/openjdk/jdk/pull/23001).
What do you think?
-------------
PR Review: https://git.openjdk.org/jdk/pull/28186#pullrequestreview-3433610698
PR Review Comment: https://git.openjdk.org/jdk/pull/28186#discussion_r2503270363
PR Review Comment: https://git.openjdk.org/jdk/pull/28186#discussion_r2503293197
More information about the security-dev
mailing list