8246706: [macos] Allow SigningPackageTest to be built with real certificates

Andy Herrick · Andy Herrick · commit b37d806d8246 · 2020-06-08T20:24:29.000-04:00
Reviewed-by: asemenyuk, almatvee
diff --git a/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java b/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java
@@ -29,8 +29,14 @@
  * Tests generation of app image with --mac-sign and related arguments. Test will
  * generate app image and verify signature of main launcher and app bundle itself.
  * This test requires that machine is configured with test certificate for
- * "Developer ID Application: jpackage.openjdk.java.net" in jpackagerTest keychain with
- * always allowed access to this keychain for user which runs test.
+ * "Developer ID Application: jpackage.openjdk.java.net" or alternately
+ * "Developer ID Application: " + name specified by system property:
+ * "jpackage.mac.signing.key.user.name"
+ * in the jpackagerTest keychain (or alternately the keychain specified with
+ * the system property "jpackage.mac.signing.keychain".
+ * If this certificate is self-signed, it must have be set to
+ * always allowe access to this keychain" for user which runs test.
+ * (If cert is real (not self signed), the do not set trust to allow.)
  */
 
 /*
@@ -56,7 +62,7 @@ public static void main(String[] args) throws Exception {
             JPackageCommand cmd = JPackageCommand.helloAppImage();
             cmd.addArguments("--mac-sign", "--mac-signing-key-user-name",
                     SigningBase.DEV_NAME, "--mac-signing-keychain",
-                    "jpackagerTest.keychain");
+                    SigningBase.KEYCHAIN);
             cmd.executeAndAssertHelloAppImageCreated();
 
             Path launcherPath = cmd.appLauncherPath();
diff --git a/test/jdk/tools/jpackage/macosx/SigningPackageTest.java b/test/jdk/tools/jpackage/macosx/SigningPackageTest.java
@@ -26,11 +26,18 @@
 import jdk.jpackage.test.*;
 
 /**
- * Tests generation of dmg and pkg with --mac-sign and related arguments. Test will
- * generate pkg and verifies its signature. It verifies that dmg is not signed, but app
- * image inside dmg is signed. This test requires that machine is configured with test
- * certificate for "Developer ID Installer: jpackage.openjdk.java.net" in jpackagerTest
- * keychain with always allowed access to this keychain for user which runs test.
+ * Tests generation of dmg and pkg with --mac-sign and related arguments.
+ * Test will generate pkg and verifies its signature. It verifies that dmg
+ * is not signed, but app image inside dmg is signed. This test requires that
+ * the machine is configured with test certificate for
+ * "Developer ID Installer: jpackage.openjdk.java.net" in
+ * jpackagerTest keychain with
+ * always allowed access to this keychain for user which runs test.
+ * note:
+ * "jpackage.openjdk.java.net" can be over-ridden by systerm property
+ * "jpackage.mac.signing.key.user.name", and
+ * "jpackagerTest" can be over-ridden by system property
+ * "jpackage.mac.signing.keychain"
  */
 
 /*
@@ -80,7 +87,7 @@ public static void main(String[] args) throws Exception {
                     .addInitializer(cmd -> {
                         cmd.addArguments("--mac-sign",
                                 "--mac-signing-key-user-name", SigningBase.DEV_NAME,
-                                "--mac-signing-keychain", "jpackagerTest.keychain");
+                                "--mac-signing-keychain", SigningBase.KEYCHAIN);
                     })
                     .forTypes(PackageType.MAC_PKG)
                     .addBundleVerifier(SigningPackageTest::verifyPKG)
diff --git a/test/jdk/tools/jpackage/macosx/base/SigningBase.java b/test/jdk/tools/jpackage/macosx/base/SigningBase.java
@@ -30,16 +30,22 @@
 
 public class SigningBase {
 
-    public static String DEV_NAME = "jpackage.openjdk.java.net";
-    public static String APP_CERT
-            = "Developer ID Application: " + DEV_NAME;
-    public static String INSTALLER_CERT
-            = "Developer ID Installer: " + DEV_NAME;
-    public static String KEYCHAIN = "jpackagerTest.keychain";
+    public static String DEV_NAME;
+    public static String APP_CERT;
+    public static String INSTALLER_CERT;
+    public static String KEYCHAIN;
+    static {
+        String value = System.getProperty("jpackage.mac.signing.key.user.name");
+        DEV_NAME = (value == null) ?  "jpackage.openjdk.java.net" : value;
+        APP_CERT = "Developer ID Application: " + DEV_NAME;
+        INSTALLER_CERT = "Developer ID Installer: " + DEV_NAME;
+        value = System.getProperty("jpackage.mac.signing.keychain");
+        KEYCHAIN = (value == null) ? "jpackagerTest.keychain" : value;
+    }
 
     private static void checkString(List<String> result, String lookupString) {
         TKit.assertTextStream(lookupString).predicate(
-                (line, what) -> line.trim().equals(what)).apply(result.stream());
+                (line, what) -> line.trim().contains(what)).apply(result.stream());
     }
 
     private static List<String> codesignResult(Path target, boolean signed) {
@@ -92,8 +98,6 @@ private static void verifySpctlResult(List<String> output, Path target,
         if (exitCode == 0) {
             lookupString = target.toString() + ": accepted";
             checkString(output, lookupString);
-            lookupString = "source=" + DEV_NAME;
-            checkString(output, lookupString);
         } else if (exitCode == 3) {
             // allow failure purely for not being notarized
             lookupString = target.toString() + ": rejected";
@@ -120,7 +124,7 @@ private static List<String> pkgutilResult(Path target) {
 
     private static void verifyPkgutilResult(List<String> result) {
         result.stream().forEachOrdered(TKit::trace);
-        String lookupString = "Status: signed by a certificate trusted for current user";
+        String lookupString = "Status: signed by";
         checkString(result, lookupString);
         lookupString = "1. " + INSTALLER_CERT;
         checkString(result, lookupString);
