8246706: [macos] Allow SigningPackageTest to be built with real certificates

Reviewed-by: asemenyuk, almatvee

test/jdk/tools/jpackage/macosx/SigningAppImageTest.java

@@ -29,8 +29,14 @@ import jdk.jpackage.test.TKit;
  * Tests generation of app image with --mac-sign and related arguments. Test will
  * generate app image and verify signature of main launcher and app bundle itself.
  * This test requires that machine is configured with test certificate for
- * "Developer ID Application: jpackage.openjdk.java.net" in jpackagerTest keychain with
+ * "Developer ID Application: jpackage.openjdk.java.net" or alternately
- * always allowed access to this keychain for user which runs test.
+ * "Developer ID Application: " + name specified by system property:
+ * "jpackage.mac.signing.key.user.name"
+ * in the jpackagerTest keychain (or alternately the keychain specified with
+ * the system property "jpackage.mac.signing.keychain".
+ * If this certificate is self-signed, it must have be set to
+ * always allowe access to this keychain" for user which runs test.
+ * (If cert is real (not self signed), the do not set trust to allow.)
  */
 
 /*
@@ -56,7 +62,7 @@ public class SigningAppImageTest {
             JPackageCommand cmd = JPackageCommand.helloAppImage();
             cmd.addArguments("--mac-sign", "--mac-signing-key-user-name",
                     SigningBase.DEV_NAME, "--mac-signing-keychain",
-                    "jpackagerTest.keychain");
+                    SigningBase.KEYCHAIN);
             cmd.executeAndAssertHelloAppImageCreated();
 
             Path launcherPath = cmd.appLauncherPath();

test/jdk/tools/jpackage/macosx/SigningPackageTest.java

@@ -26,11 +26,18 @@ import java.nio.file.Paths;
 import jdk.jpackage.test.*;
 
 /**
- * Tests generation of dmg and pkg with --mac-sign and related arguments. Test will
+ * Tests generation of dmg and pkg with --mac-sign and related arguments.
- * generate pkg and verifies its signature. It verifies that dmg is not signed, but app
+ * Test will generate pkg and verifies its signature. It verifies that dmg
- * image inside dmg is signed. This test requires that machine is configured with test
+ * is not signed, but app image inside dmg is signed. This test requires that
- * certificate for "Developer ID Installer: jpackage.openjdk.java.net" in jpackagerTest
+ * the machine is configured with test certificate for
- * keychain with always allowed access to this keychain for user which runs test.
+ * "Developer ID Installer: jpackage.openjdk.java.net" in
+ * jpackagerTest keychain with
+ * always allowed access to this keychain for user which runs test.
+ * note:
+ * "jpackage.openjdk.java.net" can be over-ridden by systerm property
+ * "jpackage.mac.signing.key.user.name", and
+ * "jpackagerTest" can be over-ridden by system property
+ * "jpackage.mac.signing.keychain"
  */
 
 /*
@@ -80,7 +87,7 @@ public class SigningPackageTest {
                     .addInitializer(cmd -> {
                         cmd.addArguments("--mac-sign",
                                 "--mac-signing-key-user-name", SigningBase.DEV_NAME,
-                                "--mac-signing-keychain", "jpackagerTest.keychain");
+                                "--mac-signing-keychain", SigningBase.KEYCHAIN);
                     })
                     .forTypes(PackageType.MAC_PKG)
                     .addBundleVerifier(SigningPackageTest::verifyPKG)

test/jdk/tools/jpackage/macosx/base/SigningBase.java

@@ -30,16 +30,22 @@ import jdk.jpackage.test.Executor.Result;
 
 public class SigningBase {
 
-    public static String DEV_NAME = "jpackage.openjdk.java.net";
+    public static String DEV_NAME;
-    public static String APP_CERT
+    public static String APP_CERT;
-            = "Developer ID Application: " + DEV_NAME;
+    public static String INSTALLER_CERT;
-    public static String INSTALLER_CERT
+    public static String KEYCHAIN;
-            = "Developer ID Installer: " + DEV_NAME;
+    static {
-    public static String KEYCHAIN = "jpackagerTest.keychain";
+        String value = System.getProperty("jpackage.mac.signing.key.user.name");
+        DEV_NAME = (value == null) ?  "jpackage.openjdk.java.net" : value;
+        APP_CERT = "Developer ID Application: " + DEV_NAME;
+        INSTALLER_CERT = "Developer ID Installer: " + DEV_NAME;
+        value = System.getProperty("jpackage.mac.signing.keychain");
+        KEYCHAIN = (value == null) ? "jpackagerTest.keychain" : value;
+    }
 
     private static void checkString(List<String> result, String lookupString) {
         TKit.assertTextStream(lookupString).predicate(
-                (line, what) -> line.trim().equals(what)).apply(result.stream());
+                (line, what) -> line.trim().contains(what)).apply(result.stream());
     }
 
     private static List<String> codesignResult(Path target, boolean signed) {
@@ -92,8 +98,6 @@ public class SigningBase {
         if (exitCode == 0) {
             lookupString = target.toString() + ": accepted";
             checkString(output, lookupString);
-            lookupString = "source=" + DEV_NAME;
-            checkString(output, lookupString);
         } else if (exitCode == 3) {
             // allow failure purely for not being notarized
             lookupString = target.toString() + ": rejected";
@@ -120,7 +124,7 @@ public class SigningBase {
 
     private static void verifyPkgutilResult(List<String> result) {
         result.stream().forEachOrdered(TKit::trace);
-        String lookupString = "Status: signed by a certificate trusted for current user";
+        String lookupString = "Status: signed by";
         checkString(result, lookupString);
         lookupString = "1. " + INSTALLER_CERT;
         checkString(result, lookupString);