8247418: Only validate the certificates trust if using the default key user name
Reviewed-by: asemenyuk, almatvee
This commit is contained in:
parent
19c5bfe42f
commit
4bc69f4255
@ -84,16 +84,21 @@ public class SigningCheck {
|
||||
}
|
||||
|
||||
private static void validateCertificateTrust(String name) {
|
||||
List<String> result = new Executor()
|
||||
.setExecutable("security")
|
||||
.addArguments("dump-trust-settings")
|
||||
.executeWithoutExitCodeCheckAndGetOutput();
|
||||
result.stream().forEachOrdered(TKit::trace);
|
||||
TKit.assertTextStream(name)
|
||||
.predicate((line, what) -> line.trim().endsWith(what))
|
||||
.orElseThrow(() -> TKit.throwSkippedException(
|
||||
"Certifcate not trusted by current user: " + name))
|
||||
.apply(result.stream());
|
||||
// Certificates using the default user name must be trusted by user.
|
||||
// User supplied certs whose trust is set to "Use System Defaults"
|
||||
// will not be listed as trusted by dump-trust-settings
|
||||
if (SigningBase.DEV_NAME.equals("jpackage.openjdk.java.net")) {
|
||||
List<String> result = new Executor()
|
||||
.setExecutable("security")
|
||||
.addArguments("dump-trust-settings")
|
||||
.executeWithoutExitCodeCheckAndGetOutput();
|
||||
result.stream().forEachOrdered(TKit::trace);
|
||||
TKit.assertTextStream(name)
|
||||
.predicate((line, what) -> line.trim().endsWith(what))
|
||||
.orElseThrow(() -> TKit.throwSkippedException(
|
||||
"Certifcate not trusted by current user: " + name))
|
||||
.apply(result.stream());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user