diff --git a/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java b/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java index 982aa7eb5e2..ae07d38a5fd 100644 --- a/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java +++ b/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java @@ -29,8 +29,14 @@ * Tests generation of app image with --mac-sign and related arguments. Test will * generate app image and verify signature of main launcher and app bundle itself. * This test requires that machine is configured with test certificate for - * "Developer ID Application: jpackage.openjdk.java.net" in jpackagerTest keychain with - * always allowed access to this keychain for user which runs test. + * "Developer ID Application: jpackage.openjdk.java.net" or alternately + * "Developer ID Application: " + name specified by system property: + * "jpackage.mac.signing.key.user.name" + * in the jpackagerTest keychain (or alternately the keychain specified with + * the system property "jpackage.mac.signing.keychain". + * If this certificate is self-signed, it must have be set to + * always allowe access to this keychain" for user which runs test. + * (If cert is real (not self signed), the do not set trust to allow.) */ /* @@ -56,7 +62,7 @@ public static void main(String[] args) throws Exception { JPackageCommand cmd = JPackageCommand.helloAppImage(); cmd.addArguments("--mac-sign", "--mac-signing-key-user-name", SigningBase.DEV_NAME, "--mac-signing-keychain", - "jpackagerTest.keychain"); + SigningBase.KEYCHAIN); cmd.executeAndAssertHelloAppImageCreated(); Path launcherPath = cmd.appLauncherPath(); diff --git a/test/jdk/tools/jpackage/macosx/SigningPackageTest.java b/test/jdk/tools/jpackage/macosx/SigningPackageTest.java index 69dea15c3f2..79b52f3ef2a 100644 --- a/test/jdk/tools/jpackage/macosx/SigningPackageTest.java +++ b/test/jdk/tools/jpackage/macosx/SigningPackageTest.java @@ -26,11 +26,18 @@ import jdk.jpackage.test.*; /** - * Tests generation of dmg and pkg with --mac-sign and related arguments. Test will - * generate pkg and verifies its signature. It verifies that dmg is not signed, but app - * image inside dmg is signed. This test requires that machine is configured with test - * certificate for "Developer ID Installer: jpackage.openjdk.java.net" in jpackagerTest - * keychain with always allowed access to this keychain for user which runs test. + * Tests generation of dmg and pkg with --mac-sign and related arguments. + * Test will generate pkg and verifies its signature. It verifies that dmg + * is not signed, but app image inside dmg is signed. This test requires that + * the machine is configured with test certificate for + * "Developer ID Installer: jpackage.openjdk.java.net" in + * jpackagerTest keychain with + * always allowed access to this keychain for user which runs test. + * note: + * "jpackage.openjdk.java.net" can be over-ridden by systerm property + * "jpackage.mac.signing.key.user.name", and + * "jpackagerTest" can be over-ridden by system property + * "jpackage.mac.signing.keychain" */ /* @@ -80,7 +87,7 @@ public static void main(String[] args) throws Exception { .addInitializer(cmd -> { cmd.addArguments("--mac-sign", "--mac-signing-key-user-name", SigningBase.DEV_NAME, - "--mac-signing-keychain", "jpackagerTest.keychain"); + "--mac-signing-keychain", SigningBase.KEYCHAIN); }) .forTypes(PackageType.MAC_PKG) .addBundleVerifier(SigningPackageTest::verifyPKG) diff --git a/test/jdk/tools/jpackage/macosx/base/SigningBase.java b/test/jdk/tools/jpackage/macosx/base/SigningBase.java index 5c92b0d8ed6..68a4c01ae11 100644 --- a/test/jdk/tools/jpackage/macosx/base/SigningBase.java +++ b/test/jdk/tools/jpackage/macosx/base/SigningBase.java @@ -30,16 +30,22 @@ public class SigningBase { - public static String DEV_NAME = "jpackage.openjdk.java.net"; - public static String APP_CERT - = "Developer ID Application: " + DEV_NAME; - public static String INSTALLER_CERT - = "Developer ID Installer: " + DEV_NAME; - public static String KEYCHAIN = "jpackagerTest.keychain"; + public static String DEV_NAME; + public static String APP_CERT; + public static String INSTALLER_CERT; + public static String KEYCHAIN; + static { + String value = System.getProperty("jpackage.mac.signing.key.user.name"); + DEV_NAME = (value == null) ? "jpackage.openjdk.java.net" : value; + APP_CERT = "Developer ID Application: " + DEV_NAME; + INSTALLER_CERT = "Developer ID Installer: " + DEV_NAME; + value = System.getProperty("jpackage.mac.signing.keychain"); + KEYCHAIN = (value == null) ? "jpackagerTest.keychain" : value; + } private static void checkString(List result, String lookupString) { TKit.assertTextStream(lookupString).predicate( - (line, what) -> line.trim().equals(what)).apply(result.stream()); + (line, what) -> line.trim().contains(what)).apply(result.stream()); } private static List codesignResult(Path target, boolean signed) { @@ -92,8 +98,6 @@ private static void verifySpctlResult(List output, Path target, if (exitCode == 0) { lookupString = target.toString() + ": accepted"; checkString(output, lookupString); - lookupString = "source=" + DEV_NAME; - checkString(output, lookupString); } else if (exitCode == 3) { // allow failure purely for not being notarized lookupString = target.toString() + ": rejected"; @@ -120,7 +124,7 @@ private static List pkgutilResult(Path target) { private static void verifyPkgutilResult(List result) { result.stream().forEachOrdered(TKit::trace); - String lookupString = "Status: signed by a certificate trusted for current user"; + String lookupString = "Status: signed by"; checkString(result, lookupString); lookupString = "1. " + INSTALLER_CERT; checkString(result, lookupString);