24 |
24 |
25 /** |
25 /** |
26 * @test |
26 * @test |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 |
28 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 |
28 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 |
|
29 * 8223499 |
29 * @summary Check root CA entries in cacerts file |
30 * @summary Check root CA entries in cacerts file |
30 */ |
31 */ |
31 import java.io.File; |
32 import java.io.File; |
32 import java.io.FileInputStream; |
33 import java.io.FileInputStream; |
33 import java.security.KeyStore; |
34 import java.security.KeyStore; |
47 private static final String CACERTS |
48 private static final String CACERTS |
48 = System.getProperty("java.home") + File.separator + "lib" |
49 = System.getProperty("java.home") + File.separator + "lib" |
49 + File.separator + "security" + File.separator + "cacerts"; |
50 + File.separator + "security" + File.separator + "cacerts"; |
50 |
51 |
51 // The numbers of certs now. |
52 // The numbers of certs now. |
52 private static final int COUNT = 90; |
53 private static final int COUNT = 88; |
53 |
54 |
54 // map of cert alias to SHA-256 fingerprint |
55 // map of cert alias to SHA-256 fingerprint |
55 @SuppressWarnings("serial") |
56 @SuppressWarnings("serial") |
56 private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() { |
57 private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() { |
57 { |
58 { |
141 "EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44"); |
142 "EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44"); |
142 put("verisignclass3g4ca [jdk]", |
143 put("verisignclass3g4ca [jdk]", |
143 "69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79"); |
144 "69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79"); |
144 put("verisignclass3g5ca [jdk]", |
145 put("verisignclass3g5ca [jdk]", |
145 "9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF"); |
146 "9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF"); |
146 put("certplusclass2primaryca [jdk]", |
|
147 "0F:99:3C:8A:EF:97:BA:AF:56:87:14:0E:D5:9A:D1:82:1B:B4:AF:AC:F0:AA:9A:58:B5:D5:7A:33:8A:3A:FB:CB"); |
|
148 put("certplusclass3pprimaryca [jdk]", |
|
149 "CC:C8:94:89:37:1B:AD:11:1C:90:61:9B:EA:24:0A:2E:6D:AD:D9:9F:9F:6E:1D:4D:41:E5:8E:D6:DE:3D:02:85"); |
|
150 put("keynectisrootca [jdk]", |
147 put("keynectisrootca [jdk]", |
151 "42:10:F1:99:49:9A:9A:C3:3C:8D:E0:2B:A6:DB:AA:14:40:8B:DD:8A:6E:32:46:89:C1:92:2D:06:97:15:A3:32"); |
148 "42:10:F1:99:49:9A:9A:C3:3C:8D:E0:2B:A6:DB:AA:14:40:8B:DD:8A:6E:32:46:89:C1:92:2D:06:97:15:A3:32"); |
152 put("dtrustclass3ca2 [jdk]", |
149 put("dtrustclass3ca2 [jdk]", |
153 "49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1"); |
150 "49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1"); |
154 put("dtrustclass3ca2ev [jdk]", |
151 put("dtrustclass3ca2ev [jdk]", |
241 // Exception list to 90 days expiry policy |
238 // Exception list to 90 days expiry policy |
242 // No error will be reported if certificate in this list expires |
239 // No error will be reported if certificate in this list expires |
243 @SuppressWarnings("serial") |
240 @SuppressWarnings("serial") |
244 private static final HashSet<String> EXPIRY_EXC_ENTRIES = new HashSet<>() { |
241 private static final HashSet<String> EXPIRY_EXC_ENTRIES = new HashSet<>() { |
245 { |
242 { |
246 // Valid until: Sat Jul 06 19:59:59 EDT 2019 |
|
247 add("certplusclass2primaryca [jdk]"); |
|
248 // Valid until: Sat Jul 06 19:59:59 EDT 2019 |
|
249 add("certplusclass3pprimaryca [jdk]"); |
|
250 // Valid until: Tue Jul 09 14:40:36 EDT 2019 |
243 // Valid until: Tue Jul 09 14:40:36 EDT 2019 |
251 add("utnuserfirstobjectca [jdk]"); |
244 add("utnuserfirstobjectca [jdk]"); |
252 } |
245 } |
253 }; |
246 }; |
254 |
247 |