8209452: VerifyCACerts.java failed with "At least one cacert test failed"
Summary: Allow test to pass even if cert in EXPIRY_EXC_ENTRIES expires
Reviewed-by: mullan
--- a/test/jdk/lib/security/cacerts/VerifyCACerts.java Tue Aug 14 11:55:21 2018 +0530
+++ b/test/jdk/lib/security/cacerts/VerifyCACerts.java Tue Aug 14 09:38:29 2018 -0700
@@ -24,7 +24,7 @@
/**
* @test
- * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
+ * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 8209452
* @summary Check root CA entries in cacerts file
*/
import java.io.File;
@@ -231,6 +231,7 @@
};
// Exception list to 90 days expiry policy
+ // No error will be reported if certificate in this list expires
private static final HashSet<String> EXPIRY_EXC_ENTRIES
= new HashSet<String>(Arrays.asList(
"gtecybertrustglobalca [jdk]"
@@ -293,8 +294,10 @@
try {
cert.checkValidity();
} catch (CertificateExpiredException cee) {
- atLeastOneFailed = true;
- System.err.println("ERROR: cert is expired");
+ if (!EXPIRY_EXC_ENTRIES.contains(alias)) {
+ atLeastOneFailed = true;
+ System.err.println("ERROR: cert is expired");
+ }
} catch (CertificateNotYetValidException cne) {
atLeastOneFailed = true;
System.err.println("ERROR: cert is not yet valid");