Automate setting up an environment for mac signing tests: create keychain(s), 
self-signing certificates, and register them in the system.

To set up the environment, run `make test-only 
TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java 
JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=setup` command.

The above command will create "jpackagerTest.keychain" keychain, one private 
RSA key, and four self-signed certificates using this key:
| Certificate common name (CN) | Usage |
|----------------------------------|-----|
| Developer ID Application: jpackage.openjdk.java.net|Code sign|
| Developer ID Installer: jpackage.openjdk.java.net|.pkg sign|
| Developer ID Application: jpackage.openjdk.java.net (ö)|Code sign|
| Developer ID Installer: jpackage.openjdk.java.net (ö)|.pkg sign|

Certificates will be added to the list of trusted certificates using a sequence 
of `security add-trusted-cert...` commands (one command per certificate). This 
step will require user interaction to enter the user account password as many 
times as the number of created certificates (four). A user will be presented 
with the "Trust certificate" dialog describing which certificate is about to be 
added to the list of trusted certificates before the dialog prompting the user 
password pops up:
<img width="440" alt="trust-cert-prompt" 
src="https://github.com/user-attachments/assets/a67d0966-2dea-4bc6-93a6-f52dad599898";
 />

When the user presses the "OK" button on the "Trust certificate" dialog, the 
dialog prompting the user password will pop up:
<img width="800" alt="trust-cert-prompt-2" 
src="https://github.com/user-attachments/assets/1d1f022d-54ac-4a7e-8d0a-9bfe65c76b49";
 />

Suppose the user presses the "Cancel" button on the "Trust certificate" dialog. 
In that case, the dialog prompting the user password will NOT pop up, and the 
whole sequence of adding certificates to the list of trusted certificates will 
abort.

If the user presses the "Cancel" button on the dialog prompting the user 
password, it will be dismissed, and the user will start over with the same 
"Trust certificate" dialog.

Every "Trust certificate" dialog has a one-minute timeout. If the dialog is 
automatically dismissed because of the timeout expiration, adding certificates 
to the list of trusted certificates will abort.

To tear down the environment, run `make test-only 
TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java 
JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=teardown` command. This command will 
unlink and delete "jpackagerTest.keychain" keychain. It will not call `security 
remove-trusted-cert...`.

Setting up the environment multiple times without explicitly tearing it down is 
safe.

This automation doesn't configure the system to install .pkg bundles produced 
by jpackage tests. It only allows running signed app launchers and installing 
signed .dmg bundles.

-------------

Commit messages:
 - Remove MacSignTest.java
 - Applied bin/blessed-modifier-order.sh
 - Can use jtreg to set up and tear down signing environment for jpackage 
signing tests.
 - Remove trailing whitespace
 - Minor
 - Better UI for adding trusted certificates
 - Automate signing env setup for the existing mac sign tests
 - Encapsulated signing environment setup/teardown in MacSign.
 - Finalized sign setup code. MacSignTest.testAppImage() pass.
 - Minor and documented experience of setting up sign test environment on macOS 
Sequoia
 - ... and 1 more: https://git.openjdk.org/jdk/compare/8e530633...f4d55824

Changes: https://git.openjdk.org/jdk/pull/24087/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=24087&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8352176
  Stats: 904 lines in 4 files changed: 900 ins; 2 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/24087.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/24087/head:pull/24087

PR: https://git.openjdk.org/jdk/pull/24087

Reply via email to