RFR: 8375242: Improve jpackage signing coverage

Alexey Semenyuk Wed, 14 Jan 2026 23:23:48 -0800

Refactor signing tests covering gaps listed in the [CR 
description](https://bugs.openjdk.org/browse/JDK-8375242).


Old test signatures:

SigningAppImageTest.test(true, true, ASCII_INDEX)
SigningAppImageTest.test(true, true, UNICODE_INDEX)
SigningAppImageTest.test(true, false, UNICODE_INDEX)
SigningAppImageTest.test(false, true, INVALID_INDEX)

SigningAppImageTwoStepsTest.test(true, true)
SigningAppImageTwoStepsTest.test(true, false)
SigningAppImageTwoStepsTest.test(false, true)

SigningPackageTest.test(true, true, true, ASCII_INDEX)
SigningPackageTest.test(true, true, true, UNICODE_INDEX)
SigningPackageTest.test(false, true, true, UNICODE_INDEX)
SigningPackageTest.test(false, true, false, UNICODE_INDEX)
SigningPackageTest.test(false, false, true, UNICODE_INDEX)

SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, 
...]}; {MAC_DMG={--mac-signing-key-user-name: CertificateRequest[name=Developer 
ID Application: jpackage.openjdk.java.net, ...]}, 
MAC_PKG={--mac-signing-key-user-name: CertificateRequest[name=Developer ID 
Installer: jpackage.openjdk.java.net, ...]}})
SigningPackageTwoStepTest.test({MAC_DMG={--mac-signing-key-user-name: 
CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, 
...]}, MAC_PKG={--mac-signing-key-user-name: CertificateRequest[name=Developer 
ID Installer: jpackage.openjdk.java.net, ...]}})
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, 
...]})
SigningPackageTwoStepTest.test(app-image={--mac-app-image-sign-identity: 
CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, 
...]}; {MAC_DMG={--mac-app-image-sign-identity: 
CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, 
...]}, MAC_PKG={--mac-installer-sign-identity: 
CertificateRequest[name=Developer ID Installer: jpackage.openjdk.java.net, 
...]}})
SigningPackageTwoStepTest.test({MAC_DMG={--mac-app-image-sign-identity: 
CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, 
...]}, MAC_PKG={--mac-installer-sign-identity: 
CertificateRequest[name=Developer ID Installer: jpackage.openjdk.java.net, 
...]}})
SigningPackageTwoStepTest.test(app-image={--mac-app-image-sign-identity: 
CertificateRequest[name=Developer ID Application: jpackage.openjdk.java.net, 
...]})

SigningRuntimeImagePackageTest.test(true, INVALID_INDEX, INVALID_INDEX)
SigningRuntimeImagePackageTest.test(true, INVALID_INDEX, ASCII_INDEX)
SigningRuntimeImagePackageTest.test(true, UNICODE_INDEX, INVALID_INDEX)
SigningRuntimeImagePackageTest.test(true, UNICODE_INDEX, ASCII_INDEX)
SigningRuntimeImagePackageTest.test(false, INVALID_INDEX, INVALID_INDEX)
SigningRuntimeImagePackageTest.test(false, INVALID_INDEX, ASCII_INDEX)


New test signatures:

SigningAppImageTest.test({--mac-signing-key-user-name: 
CODESIGN}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-signing-key-user-name/full: 
CODESIGN}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-app-image-sign-identity: 
CODESIGN}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-signing-key-user-name: 
CODESIGN_UNICODE}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-signing-key-user-name/full: 
CODESIGN_UNICODE}@jpackagerTest.keychain)
SigningAppImageTest.test({--mac-app-image-sign-identity: 
CODESIGN_UNICODE}@jpackagerTest.keychain)

SigningAppImageTwoStepsTest.test(app-image=unsigned; 
{--mac-signing-key-user-name: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image=unsigned; 
{--mac-signing-key-user-name/full: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image=unsigned; 
{--mac-app-image-sign-identity: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image={--mac-app-image-sign-identity: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name: 
CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image={--mac-app-image-sign-identity: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; 
{--mac-signing-key-user-name/full: CODESIGN}@jpackagerTest.keychain)
SigningAppImageTwoStepsTest.test(app-image={--mac-app-image-sign-identity: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-app-image-sign-identity: 
CODESIGN}@jpackagerTest.keychain)

SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN}, 
{--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN}, 
MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN}, 
{--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN_UNICODE}, 
MAC_DMG)
SigningPackageTest.test({--mac-signing-key-user-name: CODESIGN_UNICODE}, 
{--mac-signing-key-user-name: PKG_UNICODE}, MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-signing-key-user-name/full: CODESIGN_UNICODE}, 
MAC_DMG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN_UNICODE}, 
MAC_DMG+MAC_PKG)
SigningPackageTest.test({--mac-installer-sign-identity: PKG_UNICODE}, MAC_PKG)
SigningPackageTest.test({--mac-app-image-sign-identity: CODESIGN_UNICODE}, 
{--mac-installer-sign-identity: PKG_UNICODE}, MAC_DMG+MAC_PKG)

SigningPackageTwoStepTest.testBundleSignedAppImage
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name: 
CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-signing-key-user-name: 
CODESIGN}, {--mac-signing-key-user-name: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; 
{--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-app-image-sign-identity: 
CODESIGN}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-installer-sign-identity: 
PKG}, MAC_PKG)
SigningPackageTwoStepTest.test(app-image={--mac-signing-key-user-name: 
CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain; {--mac-app-image-sign-identity: 
CODESIGN}, {--mac-installer-sign-identity: PKG}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; 
{--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image=unsigned; 
{--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, 
MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; 
{--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningPackageTwoStepTest.test(app-image=unsigned; 
{--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; 
{--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningPackageTwoStepTest.test(app-image=unsigned; 
{--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: 
PKG}, MAC_DMG+MAC_PKG)

SigningRuntimeImagePackageTest.testBundleSignedRuntime()
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; 
{--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; 
{--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, 
MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; 
{--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; 
{--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; 
{--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={IMAGE}; 
{--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: 
PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; 
{--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; 
{--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, 
MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; 
{--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; 
{--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; 
{--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE}; 
{--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: 
PKG}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, 
{--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; 
{--mac-signing-key-user-name: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, 
{--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; 
{--mac-signing-key-user-name: CODESIGN}, {--mac-signing-key-user-name: PKG}, 
MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, 
{--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; 
{--mac-signing-key-user-name/full: CODESIGN}, MAC_DMG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, 
{--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; 
{--mac-app-image-sign-identity: CODESIGN}, MAC_DMG+MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, 
{--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; 
{--mac-installer-sign-identity: PKG}, MAC_PKG)
SigningRuntimeImagePackageTest.test(runtime={BUNDLE, 
{--mac-signing-key-user-name: CODESIGN_ACME_TECH_LTD}@jpackagerTest.keychain}; 
{--mac-app-image-sign-identity: CODESIGN}, {--mac-installer-sign-identity: 
PKG}, MAC_DMG+MAC_PKG)


MacSignTest.java and EntitlementsTest.java tests refactored without functional 
changes.

Additionally:
 - Move "SigningBase.java" to the correct location in the test source tree.

Blocked by https://github.com/openjdk/jdk/pull/29241 PR.

-------------

Commit messages:
 - SigningPackageTest: fix the test selector
 - SigningRuntimeImagePackageTest: remove redundant test cases and improve 
performance
 - Make JPackageCommand.createInputRuntimeImage() and 
MacHelper.createRuntimeBundle() configurable
 - Undo 8371438
 - Update copyright year
 - Add MacHelper.NamedCertificateRequestSupplier; Use 
MacHelper.SignKeyOption.Type.SIGN_KEY_USER_FULL_NAME; add SignKeyOption.Name 
enum; streamline MacSignTest and MacHelper.SignKeyOption
 - Document MacHelper.SignKeyOption.Type; rename 
MacHelper.SignKeyOption.Type.SIGN_KEY_USER_NAME into 
MacHelper.SignKeyOption.Type.SIGN_KEY_USER_SHORT_NAME
 - SigningPackageTest: simplify
 - Add MacHelper.ResolvableCertificateRequest class; add 
SignKeyOption.asCmdlineArgs()
 - Refactor signing tests to support --mac-sign without signing key option and 
improve test coverage; Move SigningBase.java to the correct location in the 
source tree.
 - ... and 3 more: https://git.openjdk.org/jdk/compare/20bd178b...f55906bc

Changes: https://git.openjdk.org/jdk/pull/29205/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=29205&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8375242
  Stats: 1943 lines in 13 files changed: 974 ins; 550 del; 419 mod
  Patch: https://git.openjdk.org/jdk/pull/29205.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/29205/head:pull/29205

PR: https://git.openjdk.org/jdk/pull/29205

RFR: 8375242: Improve jpackage signing coverage

Reply via email to