--- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java Fri Jun 14 12:19:14 2019 -0700
+++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java Sat Jun 15 14:39:04 2019 +0800
@@ -26,11 +26,13 @@
* @test
* @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
* 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
- * 8223499
+ * 8223499 8225392
* @summary Check root CA entries in cacerts file
*/
+import java.io.ByteArrayInputStream;
import java.io.File;
-import java.io.FileInputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.Certificate;
@@ -52,6 +54,11 @@
// The numbers of certs now.
private static final int COUNT = 88;
+ // SHA-256 of cacerts, can be generated with
+ // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
+ private static final String CHECKSUM
+ = "4E:21:94:7C:1D:49:28:BB:34:B0:40:DF:AE:19:B4:41:C6:B5:8A:EE:EB:D5:DE:B4:EF:07:AF:63:18:73:A6:FE";
+
// map of cert alias to SHA-256 fingerprint
@SuppressWarnings("serial")
private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() {
@@ -255,8 +262,16 @@
public static void main(String[] args) throws Exception {
System.out.println("cacerts file: " + CACERTS);
md = MessageDigest.getInstance("SHA-256");
+
+ byte[] data = Files.readAllBytes(Path.of(CACERTS));
+ String checksum = toHexString(md.digest(data));
+ if (!checksum.equals(CHECKSUM)) {
+ atLeastOneFailed = true;
+ System.err.println("ERROR: wrong checksum\n" + checksum);
+ }
+
KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(new FileInputStream(CACERTS), "changeit".toCharArray());
+ ks.load(new ByteArrayInputStream(data), "changeit".toCharArray());
// check the count of certs inside
if (ks.size() != COUNT) {