Restore the logic of how jpackage handles cases when the "--mac-sign" option is specified without the "--mac-signing-key-user-name" or "--mac-app-image-sign-identity" option.
Make it work as it did prior to the [JDK-8333664](https://bugs.openjdk.org/browse/JDK-8333664) patch, which caused jpackage to silently ignore the "--mac-sign" option and not sign the output bundle. The restored behavior is as follows: If the "--mac-sign" option is specified, jpackage will always attempt to sign the output bundle. If none of the signing identity options ("--mac-signing-key-user-name", "--mac-app-image-sign-identity", or "--mac-installer-sign-identity") is specified, jpackage will look up for a signing identity (or signing identities in case of PKG bundling) in the keychain specified with the "--mac-signing-keychain", or in the default keychain of the current user if the "--mac-signing-keychain" option is not specified. If the keychain contains exactly one signing certificate of a specific type (a certificate for signing an app image or a certificate for signing a PKG installer), jpackage will use it for signing. Otherwise, jpackage will exit with an error. Added tests to cover the cases when the "--mac-sign" option is specified and the keychain has/doesn't have signing certificates. ------------- Commit messages: - Use jdk.test.lib.security.CertificateBuilder to create signing certificates instead of static sign-env.xml - ErrorTest: better coverage for signing without explicit signing identity on the command line - Support signing mocks. So far "/usr/bin/security" mock is supported. - test.mock: enhance CommandAction.Context; MockIllegalStateException: add null check to the ctor - MacSign: expose some API, support keychain mocks - Add negative tests; Fix bug in MacFromOptions.createMacApplicationInternal() uncovered with the negative tests - SigningAppImageTwoStepsTest: remove redundant test cases - MacHelper: Support testing of SHA1 digests with the "--mac-signing-key-user-name" option; reduce number of test cases in th tests derived from the SigningPackageTest test; SigningPackageTest: remove redundant test cases - SigningAppImageTwoStepsTest: add missing MacSign.withKeychain() call. Without the call, the test may randomly fail with cryptic "SigningAppImageTwoStepsTest/test.4fc29fd2/appimage-5/SigningAppImageTwoStepsTest.app/Contents/MacOS/testAL: errSecInternalComponent" error message if the keychain happens to be locked. "security unlock-keychain" command unlocks a keychain, but it gets automatically locked after some duration of time. To avoid interrupts, signing tests should call the "security unlock-keychain" command a keychain before running any signing operations using this keychain. - MacFromOptions: fix ServiceTest failure - ... and 1 more: https://git.openjdk.org/jdk/compare/6b576235...3744639e Changes: https://git.openjdk.org/jdk/pull/29290/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=29290&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8371438 Stats: 1429 lines in 20 files changed: 1295 ins; 35 del; 99 mod Patch: https://git.openjdk.org/jdk/pull/29290.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/29290/head:pull/29290 PR: https://git.openjdk.org/jdk/pull/29290
