24 |
24 |
25 /** |
25 /** |
26 * @test |
26 * @test |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 |
28 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 |
28 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 |
29 * 8223499 8225392 |
29 * 8223499 8225392 8232019 |
30 * @summary Check root CA entries in cacerts file |
30 * @summary Check root CA entries in cacerts file |
31 */ |
31 */ |
32 import java.io.ByteArrayInputStream; |
32 import java.io.ByteArrayInputStream; |
33 import java.io.File; |
33 import java.io.File; |
34 import java.nio.file.Files; |
34 import java.nio.file.Files; |
50 private static final String CACERTS |
50 private static final String CACERTS |
51 = System.getProperty("java.home") + File.separator + "lib" |
51 = System.getProperty("java.home") + File.separator + "lib" |
52 + File.separator + "security" + File.separator + "cacerts"; |
52 + File.separator + "security" + File.separator + "cacerts"; |
53 |
53 |
54 // The numbers of certs now. |
54 // The numbers of certs now. |
55 private static final int COUNT = 88; |
55 private static final int COUNT = 89; |
56 |
56 |
57 // SHA-256 of cacerts, can be generated with |
57 // SHA-256 of cacerts, can be generated with |
58 // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 |
58 // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 |
59 private static final String CHECKSUM |
59 private static final String CHECKSUM |
60 = "4E:21:94:7C:1D:49:28:BB:34:B0:40:DF:AE:19:B4:41:C6:B5:8A:EE:EB:D5:DE:B4:EF:07:AF:63:18:73:A6:FE"; |
60 = "C7:BE:67:B5:2E:35:17:5E:95:3E:61:68:F8:CF:D0:FB:7F:21:63:91:1E:C2:4D:A2:FE:1B:D4:D4:FA:86:52:7E"; |
61 |
61 |
62 // map of cert alias to SHA-256 fingerprint |
62 // map of cert alias to SHA-256 fingerprint |
63 @SuppressWarnings("serial") |
63 @SuppressWarnings("serial") |
64 private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() { |
64 private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() { |
65 { |
65 { |
237 "CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E"); |
237 "CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E"); |
238 put("teliasonerarootcav1 [jdk]", |
238 put("teliasonerarootcav1 [jdk]", |
239 "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89"); |
239 "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89"); |
240 put("globalsignrootcar6 [jdk]", |
240 put("globalsignrootcar6 [jdk]", |
241 "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"); |
241 "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"); |
|
242 put("luxtrustglobalroot2ca [jdk]", |
|
243 "54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5"); |
242 } |
244 } |
243 }; |
245 }; |
244 |
246 |
245 // Exception list to 90 days expiry policy |
247 // Exception list to 90 days expiry policy |
246 // No error will be reported if certificate in this list expires |
248 // No error will be reported if certificate in this list expires |
266 byte[] data = Files.readAllBytes(Path.of(CACERTS)); |
268 byte[] data = Files.readAllBytes(Path.of(CACERTS)); |
267 String checksum = toHexString(md.digest(data)); |
269 String checksum = toHexString(md.digest(data)); |
268 if (!checksum.equals(CHECKSUM)) { |
270 if (!checksum.equals(CHECKSUM)) { |
269 atLeastOneFailed = true; |
271 atLeastOneFailed = true; |
270 System.err.println("ERROR: wrong checksum\n" + checksum); |
272 System.err.println("ERROR: wrong checksum\n" + checksum); |
|
273 System.err.println("Expected checksum\n" + CHECKSUM); |
271 } |
274 } |
272 |
275 |
273 KeyStore ks = KeyStore.getInstance("JKS"); |
276 KeyStore ks = KeyStore.getInstance("JKS"); |
274 ks.load(new ByteArrayInputStream(data), "changeit".toCharArray()); |
277 ks.load(new ByteArrayInputStream(data), "changeit".toCharArray()); |
275 |
278 |