From 606341e390b72896d3be82f686d296af9cb8132e Mon Sep 17 00:00:00 2001 From: Hai-May Chao Date: Thu, 6 Nov 2025 21:34:47 -0800 Subject: [PATCH 1/2] 8371383: Test sun/security/tools/jarsigner/DefaultOptions.java failed due to CertificateNotYetValidException --- test/jdk/sun/security/tools/jarsigner/DefaultOptions.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java b/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java index 72756de6f8bdc..67764ee70bb96 100644 --- a/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java +++ b/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8049834 + * @bug 8049834 8371383 * @summary Two security tools tests do not run with only JRE * @library /test/lib */ @@ -74,6 +74,10 @@ public static void main(String[] args) throws Throwable { JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("ks"), Path.of("js.conf")); + // Add delay to help the signing certificate’s NotBefore time has + // passed and avoid CertificateNotYetValidException. + Thread.sleep(5000); + jarsigner("-conf js.conf a.jar a").shouldHaveExitValue(0); jarsigner("-conf js.conf -verify a.jar").shouldHaveExitValue(0) .shouldContain("and 1 more"); From 55c83609a274862001650895561347a8f4e8166b Mon Sep 17 00:00:00 2001 From: Hai-May Chao Date: Fri, 7 Nov 2025 07:06:45 -0800 Subject: [PATCH 2/2] Update with Mikhail's comments --- .../sun/security/tools/jarsigner/DefaultOptions.java | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java b/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java index 67764ee70bb96..fe8adfb896244 100644 --- a/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java +++ b/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java @@ -23,7 +23,7 @@ /* * @test - * @bug 8049834 8371383 + * @bug 8049834 * @summary Two security tools tests do not run with only JRE * @library /test/lib */ @@ -62,7 +62,10 @@ public static void main(String[] args) throws Throwable { keytool("-genkeypair -dname CN=CA -alias ca -keyalg rsa -ext bc:c") .shouldHaveExitValue(0); keytool("-alias a -certreq -file a.req"); - keytool("-alias ca -gencert -infile a.req -outfile a.cert"); + + // The start date is set to -1M to prevent the certificate not yet + // valid during fast enough execution. + keytool("-alias ca -gencert -infile a.req -outfile a.cert -startdate -1M"); keytool("-alias a -import -file a.cert").shouldHaveExitValue(0); Files.write(Path.of("js.conf"), List.of( @@ -74,10 +77,6 @@ public static void main(String[] args) throws Throwable { JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("ks"), Path.of("js.conf")); - // Add delay to help the signing certificate’s NotBefore time has - // passed and avoid CertificateNotYetValidException. - Thread.sleep(5000); - jarsigner("-conf js.conf a.jar a").shouldHaveExitValue(0); jarsigner("-conf js.conf -verify a.jar").shouldHaveExitValue(0) .shouldContain("and 1 more");