Skip to content
Permalink
Browse files
8242155: Enhance automated macos signing tests
Reviewed-by: asemenyuk, almatvee
  • Loading branch information
Andy Herrick committed Apr 10, 2020
1 parent efba976 commit 83a1d70f0fa89ff2d72fdac3f4a567e350d12122
Showing 2 changed files with 32 additions and 19 deletions.
@@ -171,6 +171,10 @@ public Result assertExitCodeIsZero() {
return assertExitCodeIs(0);
}

public int getExitCode() {
return exitCode;
}

final int exitCode;
private List<String> output;
}
@@ -26,6 +26,7 @@

import jdk.jpackage.test.TKit;
import jdk.jpackage.test.Executor;
import jdk.jpackage.test.Executor.Result;

public class SigningBase {

@@ -68,37 +69,43 @@ private static void verifyCodesignResult(List<String> result, Path target,
}
}

private static List<String> spctlResult(Path target, String type) {
List<String> result = new Executor()
private static Result spctlResult(Path target, String type) {
Result result = new Executor()
.setExecutable("/usr/sbin/spctl")
.addArguments("-vvv", "--assess", "--type", type,
target.toString())
// on Catalina, the exit code can be 3, meaning not notarized
.saveOutput()
.executeWithoutExitCodeCheck()
.getOutput();
.executeWithoutExitCodeCheck();

// allow exit code 3 for not being notarized
if (result.getExitCode() != 3) {
result.assertExitCodeIsZero();
}
return result;
}

private static void verifySpctlResult(List<String> result, Path target, String type) {
result.stream().forEachOrdered(TKit::trace);
private static void verifySpctlResult(List<String> output, Path target,
String type, int exitCode) {
output.stream().forEachOrdered(TKit::trace);
String lookupString;
/* on Catalina, spctl may return 3 and say:
* target: rejected
* source=Unnotarized DEV_NAME
* so we must skip these two checks
lookupString = target.toString() + ": accepted";
checkString(result, lookupString);
lookupString = "source=" + DEV_NAME;
checkString(result, lookupString);
*/

if (exitCode == 0) {
lookupString = target.toString() + ": accepted";
checkString(output, lookupString);
lookupString = "source=" + DEV_NAME;
checkString(output, lookupString);
} else if (exitCode == 3) {
// allow failure purely for not being notarized
lookupString = target.toString() + ": rejected";
checkString(output, lookupString);
}

if (type.equals("install")) {
lookupString = "origin=" + INSTALLER_CERT;
} else {
lookupString = "origin=" + APP_CERT;
}
checkString(result, lookupString);
checkString(output, lookupString);
}

private static List<String> pkgutilResult(Path target) {
@@ -125,8 +132,10 @@ public static void verifyCodesign(Path target, boolean signed) {
}

public static void verifySpctl(Path target, String type) {
List<String> result = spctlResult(target, type);
verifySpctlResult(result, target, type);
Result result = spctlResult(target, type);
List<String> output = result.getOutput();

verifySpctlResult(output, target, type, result.getExitCode());
}

public static void verifyPkgutil(Path target) {

0 comments on commit 83a1d70

Please sign in to comment.