24 |
24 |
25 /** |
25 /** |
26 * @test |
26 * @test |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 |
27 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 |
28 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 |
28 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 |
29 * 8223499 8225392 8232019 8234245 |
29 * 8223499 8225392 8232019 8234245 8233223 |
30 * @summary Check root CA entries in cacerts file |
30 * @summary Check root CA entries in cacerts file |
31 */ |
31 */ |
32 import java.io.ByteArrayInputStream; |
32 import java.io.ByteArrayInputStream; |
33 import java.io.File; |
33 import java.io.File; |
34 import java.nio.file.Files; |
34 import java.nio.file.Files; |
50 private static final String CACERTS |
50 private static final String CACERTS |
51 = System.getProperty("java.home") + File.separator + "lib" |
51 = System.getProperty("java.home") + File.separator + "lib" |
52 + File.separator + "security" + File.separator + "cacerts"; |
52 + File.separator + "security" + File.separator + "cacerts"; |
53 |
53 |
54 // The numbers of certs now. |
54 // The numbers of certs now. |
55 private static final int COUNT = 89; |
55 private static final int COUNT = 93; |
56 |
56 |
57 // SHA-256 of cacerts, can be generated with |
57 // SHA-256 of cacerts, can be generated with |
58 // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 |
58 // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 |
59 private static final String CHECKSUM |
59 private static final String CHECKSUM |
60 = "DE:71:94:6D:6C:5B:2A:AE:5C:AC:D1:3E:07:23:B6:43:CB:F7:32:69:32:04:36:9C:B4:11:78:6A:49:9D:C5:AB"; |
60 = "22:AA:EB:89:4E:A4:EA:25:CA:3E:DA:0F:F1:2B:FA:05:4B:68:C5:E1:3A:F9:03:40:BF:EF:F5:13:7C:CE:BC:60"; |
61 |
61 |
62 // map of cert alias to SHA-256 fingerprint |
62 // map of cert alias to SHA-256 fingerprint |
63 @SuppressWarnings("serial") |
63 @SuppressWarnings("serial") |
64 private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() { |
64 private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() { |
65 { |
65 { |
239 "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89"); |
239 "DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89"); |
240 put("globalsignrootcar6 [jdk]", |
240 put("globalsignrootcar6 [jdk]", |
241 "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"); |
241 "2C:AB:EA:FE:37:D0:6C:A2:2A:BA:73:91:C0:03:3D:25:98:29:52:C4:53:64:73:49:76:3A:3A:B5:AD:6C:CF:69"); |
242 put("luxtrustglobalroot2ca [jdk]", |
242 put("luxtrustglobalroot2ca [jdk]", |
243 "54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5"); |
243 "54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5"); |
|
244 put("amazonrootca1 [jdk]", |
|
245 "8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E"); |
|
246 put("amazonrootca2 [jdk]", |
|
247 "1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4"); |
|
248 put("amazonrootca3 [jdk]", |
|
249 "18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4"); |
|
250 put("amazonrootca4 [jdk]", |
|
251 "E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92"); |
244 } |
252 } |
245 }; |
253 }; |
246 |
254 |
247 // Exception list to 90 days expiry policy |
255 // Exception list to 90 days expiry policy |
248 // No error will be reported if certificate in this list expires |
256 // No error will be reported if certificate in this list expires |