On Mon, 6 Jan 2025 20:43:22 GMT, Tim Jacomb <d...@openjdk.org> wrote:
> Is it possible to add jtreg test for this scenario? I've done some research. I _think_ it would only be possible with manual intervention to run it. The certificates could be generated with a script, similar to the existing https://github.com/openjdk/jdk/blob/master/test/jdk/sun/security/x509/DNSName/certs/generate-certs.sh and then checked in. The certificates could be added to the truststore using `/usr/bin/security add-trusted-cert`, like in https://github.com/JetBrains/jvm-native-trusted-roots/blob/trunk/src/test/java/org/jetbrains/nativecerts/mac/SecurityFrameworkUtilTest.java#L114-L120 but marking the root certificate as trusted would need the user to confirm an OS prompt, https://github.com/JetBrains/jvm-native-trusted-roots#testing, i.e. I need to approve via Touch ID when I make changes to a certs trust level. Does that add value to add a test so someone could run it manually? ------------- PR Comment: https://git.openjdk.org/jdk/pull/22911#issuecomment-2573993417
