8242155: Enhance automated macos signing tests

Reviewed-by: asemenyuk, almatvee
openjdk · Apr 10, 2020 · 83a1d70f0fa89ff2d72fdac3f4a567e350d12122 · 83a1d70
1 parent efba976
commit 83a1d70f0fa89ff2d72fdac3f4a567e350d12122
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 19 deletions.
diff --git a/test/jdk/tools/jpackage/helpers/jdk/jpackage/test/Executor.java b/test/jdk/tools/jpackage/helpers/jdk/jpackage/test/Executor.java
@@ -171,6 +171,10 @@ public Result assertExitCodeIsZero() {
             return assertExitCodeIs(0);
         }
 
+        public int getExitCode() {
+            return exitCode;
+        }
+
         final int exitCode;
         private List<String> output;
     }

diff --git a/test/jdk/tools/jpackage/macosx/base/SigningBase.java b/test/jdk/tools/jpackage/macosx/base/SigningBase.java
@@ -26,6 +26,7 @@
 
 import jdk.jpackage.test.TKit;
 import jdk.jpackage.test.Executor;
+import jdk.jpackage.test.Executor.Result;
 
 public class SigningBase {
 
@@ -68,37 +69,43 @@ private static void verifyCodesignResult(List<String> result, Path target,
         }
     }
 
-    private static List<String> spctlResult(Path target, String type) {
-        List<String> result = new Executor()
+    private static Result spctlResult(Path target, String type) {
+        Result result = new Executor()
                 .setExecutable("/usr/sbin/spctl")
                 .addArguments("-vvv", "--assess", "--type", type,
                         target.toString())
-                // on Catalina, the exit code can be 3, meaning not notarized
                 .saveOutput()
-                .executeWithoutExitCodeCheck()
-                .getOutput();
+                .executeWithoutExitCodeCheck();
 
+        // allow exit code 3 for not being notarized
+        if (result.getExitCode() != 3) {
+            result.assertExitCodeIsZero();
+        }
         return result;
     }
 
-    private static void verifySpctlResult(List<String> result, Path target, String type) {
-        result.stream().forEachOrdered(TKit::trace);
+    private static void verifySpctlResult(List<String> output, Path target,
+            String type, int exitCode) {
+        output.stream().forEachOrdered(TKit::trace);
         String lookupString;
-/* on Catalina, spctl may return 3 and say:
- *   target: rejected
- *   source=Unnotarized DEV_NAME
- * so we must skip these two checks
-        lookupString = target.toString() + ": accepted";
-        checkString(result, lookupString);
-        lookupString = "source=" + DEV_NAME;
-        checkString(result, lookupString);
- */
+
+        if (exitCode == 0) {
+            lookupString = target.toString() + ": accepted";
+            checkString(output, lookupString);
+            lookupString = "source=" + DEV_NAME;
+            checkString(output, lookupString);
+        } else if (exitCode == 3) {
+            // allow failure purely for not being notarized
+            lookupString = target.toString() + ": rejected";
+            checkString(output, lookupString);
+        }
+
         if (type.equals("install")) {
             lookupString = "origin=" + INSTALLER_CERT;
         } else {
             lookupString = "origin=" + APP_CERT;
         }
-        checkString(result, lookupString);
+        checkString(output, lookupString);
     }
 
     private static List<String> pkgutilResult(Path target) {
@@ -125,8 +132,10 @@ public static void verifyCodesign(Path target, boolean signed) {
     }
 
     public static void verifySpctl(Path target, String type) {
-        List<String> result = spctlResult(target, type);
-        verifySpctlResult(result, target, type);
+        Result result = spctlResult(target, type);
+        List<String> output = result.getOutput();
+
+        verifySpctlResult(output, target, type, result.getExitCode());
     }
 
     public static void verifyPkgutil(Path target) {