infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-22 08:21:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
jdk/test/jdk/tools/jpackage/macosx/SigningAppImageTwoStepsTest.java
Alexander Matveev 7a0c8b14aa 8286850: [macos] Add support for signing user provided app image 
Reviewed-by: asemenyuk
2022-06-03 20:27:58 +00:00

121 lines
4.7 KiB
Java
Raw Blame History

/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.nio.file.Path;
import jdk.jpackage.test.JPackageCommand;
import jdk.jpackage.test.TKit;
import jdk.jpackage.test.PackageType;
import jdk.jpackage.test.Annotations.Test;
import jdk.jpackage.test.Annotations.Parameter;
import jdk.jpackage.test.AdditionalLauncher;
/**
* Tests generation of app image and then signs generated app image with --mac-sign
* and related arguments. Test will generate app image and verify signature of main
* launcher and app bundle itself. This test requires that machine is configured with
* test certificate for "Developer ID Application: jpackage.openjdk.java.net" or
* alternately "Developer ID Application: " + name specified by system property:
* "jpackage.mac.signing.key.user.name" in the jpackagerTest keychain
* (or alternately the keychain specified with the system property
* "jpackage.mac.signing.keychain". If this certificate is self-signed, it must
* have be set to always allowed access to this keychain" for user which runs test.
* (If cert is real (not self signed), the do not set trust to allow.)
*/
/*
* @test
* @summary jpackage with --type app-image --app-image "appImage" --mac-sign
* @library ../helpers
* @library /test/lib
* @library base
* @build SigningBase
* @build SigningCheck
* @build jtreg.SkippedException
* @build jdk.jpackage.test.*
* @build SigningAppImageTwoStepsTest
* @modules jdk.jpackage/jdk.jpackage.internal
* @requires (os.family == "mac")
* @run main/othervm/timeout=360 -Xmx512m jdk.jpackage.test.Main
* --jpt-run=SigningAppImageTwoStepsTest
*/
public class SigningAppImageTwoStepsTest {
@Test
@Parameter("true")
@Parameter("false")
public void test(boolean signAppImage) throws Exception {
SigningCheck.checkCertificates();
Path appimageOutput = TKit.createTempDirectory("appimage");
// Generate app image. Signed or unsigned based on test
// parameter. We should able to sign predfined app images
// which are signed or unsigned.
JPackageCommand appImageCmd = JPackageCommand.helloAppImage()
.setArgumentValue("--dest", appimageOutput);
if (signAppImage) {
appImageCmd.addArguments("--mac-sign", "--mac-signing-key-user-name",
SigningBase.DEV_NAME, "--mac-signing-keychain",
SigningBase.KEYCHAIN);
}
// Add addtional launcher
AdditionalLauncher testAL = new AdditionalLauncher("testAL");
testAL.applyTo(appImageCmd);
// Generate app image
appImageCmd.executeAndAssertHelloAppImageCreated();
// Double check if it is signed or unsigned based on signAppImage
verifySignature(appImageCmd, signAppImage);
// Sign app image
JPackageCommand cmd = new JPackageCommand();
cmd.setPackageType(PackageType.IMAGE)
.addArguments("--app-image", appImageCmd.outputBundle().toAbsolutePath())
.addArguments("--mac-sign")
.addArguments("--mac-signing-key-user-name", SigningBase.DEV_NAME)
.addArguments("--mac-signing-keychain", SigningBase.KEYCHAIN);
cmd.execute();
// Should be signed app image
verifySignature(appImageCmd, true);
}
private void verifySignature(JPackageCommand appImageCmd, boolean isSigned) throws Exception {
Path launcherPath = appImageCmd.appLauncherPath();
SigningBase.verifyCodesign(launcherPath, isSigned);
Path testALPath = launcherPath.getParent().resolve("testAL");
SigningBase.verifyCodesign(testALPath, isSigned);
Path appImage = appImageCmd.outputBundle();
SigningBase.verifyCodesign(appImage, isSigned);
if (isSigned) {
SigningBase.verifySpctl(appImage, "exec");
}
}
}
Reference in New Issue View Git Blame Copy Permalink