equal
deleted
inserted
replaced
22 * |
22 * |
23 */ |
23 */ |
24 |
24 |
25 /** |
25 /** |
26 * @test |
26 * @test |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 8209452 |
28 * @summary Check root CA entries in cacerts file |
28 * @summary Check root CA entries in cacerts file |
29 */ |
29 */ |
30 import java.io.File; |
30 import java.io.File; |
31 import java.io.FileInputStream; |
31 import java.io.FileInputStream; |
32 import java.security.KeyStore; |
32 import java.security.KeyStore; |
229 "17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24"); |
229 "17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24"); |
230 } |
230 } |
231 }; |
231 }; |
232 |
232 |
233 // Exception list to 90 days expiry policy |
233 // Exception list to 90 days expiry policy |
|
234 // No error will be reported if certificate in this list expires |
234 private static final HashSet<String> EXPIRY_EXC_ENTRIES |
235 private static final HashSet<String> EXPIRY_EXC_ENTRIES |
235 = new HashSet<String>(Arrays.asList( |
236 = new HashSet<String>(Arrays.asList( |
236 "gtecybertrustglobalca [jdk]" |
237 "gtecybertrustglobalca [jdk]" |
237 )); |
238 )); |
238 |
239 |
291 |
292 |
292 // Make sure cert is not expired or not yet valid |
293 // Make sure cert is not expired or not yet valid |
293 try { |
294 try { |
294 cert.checkValidity(); |
295 cert.checkValidity(); |
295 } catch (CertificateExpiredException cee) { |
296 } catch (CertificateExpiredException cee) { |
296 atLeastOneFailed = true; |
297 if (!EXPIRY_EXC_ENTRIES.contains(alias)) { |
297 System.err.println("ERROR: cert is expired"); |
298 atLeastOneFailed = true; |
|
299 System.err.println("ERROR: cert is expired"); |
|
300 } |
298 } catch (CertificateNotYetValidException cne) { |
301 } catch (CertificateNotYetValidException cne) { |
299 atLeastOneFailed = true; |
302 atLeastOneFailed = true; |
300 System.err.println("ERROR: cert is not yet valid"); |
303 System.err.println("ERROR: cert is not yet valid"); |
301 } |
304 } |
302 |
305 |