test/jdk/lib/security/cacerts/VerifyCACerts.java
author rhalade
Wed, 13 Jun 2018 08:44:23 -0700
changeset 50541 cf88c15d9171
parent 50529 efd199ab8322
child 50890 12fbd3f35bae
permissions -rw-r--r--
8204923: Restore Symantec root verisignclass2g2ca Reviewed-by: mullan
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
48256
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     1
/*
49684
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
     2
 * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
48256
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     4
 *
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     7
 * published by the Free Software Foundation.
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     8
 *
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
     9
 * This code is distributed in the hope that it will be useful, but WITHOUT
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    12
 * version 2 for more details (a copy is included in the LICENSE file that
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    13
 * accompanied this code).
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    14
 *
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    15
 * You should have received a copy of the GNU General Public License version
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    16
 * 2 along with this work; if not, write to the Free Software Foundation,
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    18
 *
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    20
 * or visit www.oracle.com if you need additional information or have any
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    21
 * questions.
50308
9ace9865028c 8189949: Remove Baltimore Cybertrust Code Signing CA
rhalade
parents: 50274
diff changeset
    22
 *
48256
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    23
 */
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    24
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    25
/**
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    26
 * @test
50541
cf88c15d9171 8204923: Restore Symantec root verisignclass2g2ca
rhalade
parents: 50529
diff changeset
    27
 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923
48256
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    28
 * @requires java.runtime.name ~= "OpenJDK.*"
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    29
 * @summary Check root CA entries in cacerts file
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    30
 */
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    31
import java.io.File;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    32
import java.io.FileInputStream;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    33
import java.security.KeyStore;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    34
import java.security.MessageDigest;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    35
import java.security.cert.*;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    36
import java.util.*;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    37
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    38
public class VerifyCACerts {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    39
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    40
    private static final String CACERTS
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    41
            = System.getProperty("java.home") + File.separator + "lib"
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    42
            + File.separator + "security" + File.separator + "cacerts";
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    43
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    44
    // The numbers of certs now.
50541
cf88c15d9171 8204923: Restore Symantec root verisignclass2g2ca
rhalade
parents: 50529
diff changeset
    45
    private static final int COUNT = 75;
48256
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    46
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    47
    // map of cert alias to SHA-256 fingerprint
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
    48
    private static final Map<String, String> FINGERPRINT_MAP
49684
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    49
            = new HashMap<String, String>() {
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    50
        {
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    51
            put("actalisauthenticationrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    52
                    "55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    53
            put("buypassclass2ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    54
                    "9A:11:40:25:19:7C:5B:B9:5D:94:E6:3D:55:CD:43:79:08:47:B6:46:B2:3C:DF:11:AD:A4:A0:0E:FF:15:FB:48");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    55
            put("buypassclass3ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    56
                    "ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    57
            put("camerfirmachambersca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    58
                    "06:3E:4A:FA:C4:91:DF:D3:32:F3:08:9B:85:42:E9:46:17:D8:93:D7:FE:94:4E:10:A7:93:7E:E2:9D:96:93:C0");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    59
            put("camerfirmachambersignca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    60
                    "13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    61
            put("camerfirmachamberscommerceca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    62
                    "0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    63
            put("certumca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    64
                    "D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    65
            put("certumtrustednetworkca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    66
                    "5C:58:46:8D:55:F5:8E:49:7E:74:39:82:D2:B5:00:10:B6:D1:65:37:4A:CF:83:A7:D4:A3:2D:B7:68:C4:40:8E");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    67
            put("chunghwaepkirootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    68
                    "C0:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    69
            put("comodorsaca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    70
                    "52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    71
            put("comodoaaaca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    72
                    "D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    73
            put("comodoeccca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    74
                    "17:93:92:7A:06:14:54:97:89:AD:CE:2F:8F:34:F7:F0:B6:6D:0F:3A:E3:A3:B8:4D:21:EC:15:DB:BA:4F:AD:C7");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    75
            put("usertrustrsaca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    76
                    "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    77
            put("usertrusteccca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    78
                    "4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    79
            put("utnuserfirstobjectca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    80
                    "6F:FF:78:E4:00:A7:0C:11:01:1C:D8:59:77:C4:59:FB:5A:F9:6A:3D:F0:54:08:20:D0:F4:B8:60:78:75:E5:8F");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    81
            put("utnuserfirstclientauthemailca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    82
                    "43:F2:57:41:2D:44:0D:62:74:76:97:4F:87:7D:A8:F1:FC:24:44:56:5A:36:7A:E6:0E:DD:C2:7A:41:25:31:AE");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    83
            put("utnuserfirsthardwareca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    84
                    "6E:A5:47:41:D0:04:66:7E:ED:1B:48:16:63:4A:A3:A7:9E:6E:4B:96:95:0F:82:79:DA:FC:8D:9B:D8:81:21:37");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    85
            put("addtrustclass1ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    86
                    "8C:72:09:27:9A:C0:4E:27:5E:16:D0:7F:D3:B7:75:E8:01:54:B5:96:80:46:E3:1F:52:DD:25:76:63:24:E9:A7");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    87
            put("addtrustexternalca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    88
                    "68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    89
            put("addtrustqualifiedca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    90
                    "80:95:21:08:05:DB:4B:BC:35:5E:44:28:D8:FD:6E:C2:CD:E3:AB:5F:B9:7A:99:42:98:8E:B8:F4:DC:D0:60:16");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    91
            put("baltimorecybertrustca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    92
                    "16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    93
            put("digicertglobalrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    94
                    "43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    95
            put("digicertglobalrootg2 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    96
                    "CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    97
            put("digicertglobalrootg3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    98
                    "31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
    99
            put("digicerttrustedrootg4 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   100
                    "55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   101
            put("digicertassuredidrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   102
                    "3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   103
            put("digicertassuredidg2 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   104
                    "7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   105
            put("digicertassuredidg3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   106
                    "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   107
            put("digicerthighassuranceevrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   108
                    "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   109
            put("geotrustglobalca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   110
                    "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   111
            put("geotrustprimaryca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   112
                    "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   113
            put("geotrustprimarycag2 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   114
                    "5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   115
            put("geotrustprimarycag3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   116
                    "B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   117
            put("geotrustuniversalca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   118
                    "A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   119
            put("gtecybertrustglobalca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   120
                    "A5:31:25:18:8D:21:10:AA:96:4B:02:C7:B7:C6:DA:32:03:17:08:94:E5:FB:71:FF:FB:66:67:D5:E6:81:0A:36");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   121
            put("thawteprimaryrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   122
                    "8D:72:2F:81:A9:C1:13:C0:79:1D:F1:36:A2:96:6D:B2:6C:95:0A:97:1D:B4:6B:41:99:F4:EA:54:B7:8B:FB:9F");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   123
            put("thawteprimaryrootcag2 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   124
                    "A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   125
            put("thawteprimaryrootcag3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   126
                    "4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   127
            put("thawtepremiumserverca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   128
                    "3F:9F:27:D5:83:20:4B:9E:09:C8:A3:D2:06:6C:4B:57:D3:A2:47:9C:36:93:65:08:80:50:56:98:10:5D:BC:E9");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   129
            put("verisigntsaca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   130
                    "CB:6B:05:D9:E8:E5:7C:D8:82:B1:0B:4D:B7:0D:E4:BB:1D:E4:2B:A4:8A:7B:D0:31:8B:63:5B:F6:E7:78:1A:9D");
50541
cf88c15d9171 8204923: Restore Symantec root verisignclass2g2ca
rhalade
parents: 50529
diff changeset
   131
            put("verisignclass2g2ca [jdk]",
cf88c15d9171 8204923: Restore Symantec root verisignclass2g2ca
rhalade
parents: 50529
diff changeset
   132
                    "3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F:D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1");
49684
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   133
            put("verisignclass3ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   134
                    "A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09:CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   135
            put("verisignclass3g2ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   136
                    "83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E:DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   137
            put("verisignuniversalrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   138
                    "23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   139
            put("verisignclass3g3ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   140
                    "EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   141
            put("verisignclass3g4ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   142
                    "69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   143
            put("verisignclass3g5ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   144
                    "9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   145
            put("certplusclass2primaryca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   146
                    "0F:99:3C:8A:EF:97:BA:AF:56:87:14:0E:D5:9A:D1:82:1B:B4:AF:AC:F0:AA:9A:58:B5:D5:7A:33:8A:3A:FB:CB");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   147
            put("certplusclass3pprimaryca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   148
                    "CC:C8:94:89:37:1B:AD:11:1C:90:61:9B:EA:24:0A:2E:6D:AD:D9:9F:9F:6E:1D:4D:41:E5:8E:D6:DE:3D:02:85");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   149
            put("keynectisrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   150
                    "42:10:F1:99:49:9A:9A:C3:3C:8D:E0:2B:A6:DB:AA:14:40:8B:DD:8A:6E:32:46:89:C1:92:2D:06:97:15:A3:32");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   151
            put("dtrustclass3ca2 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   152
                    "49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   153
            put("dtrustclass3ca2ev [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   154
                    "EE:C5:49:6B:98:8C:E9:86:25:B9:34:09:2E:EC:29:08:BE:D0:B0:F3:16:C2:D4:73:0C:84:EA:F1:F3:D3:48:81");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   155
            put("identrustdstx3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   156
                    "06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   157
            put("identrustpublicca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   158
                    "30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   159
            put("identrustcommercial [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   160
                    "5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   161
            put("letsencryptisrgx1 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   162
                    "96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   163
            put("luxtrustglobalrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   164
                    "A1:B2:DB:EB:64:E7:06:C6:16:9E:3C:41:18:B2:3B:AA:09:01:8A:84:27:66:6D:8B:F0:E2:88:91:EC:05:19:50");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   165
            put("quovadisrootca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   166
                    "A4:5E:DE:3B:BB:F0:9C:8A:E1:5C:72:EF:C0:72:68:D6:93:A2:1C:99:6F:D5:1E:67:CA:07:94:60:FD:6D:88:73");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   167
            put("quovadisrootca1g3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   168
                    "8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   169
            put("quovadisrootca2 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   170
                    "85:A0:DD:7D:D7:20:AD:B7:FF:05:F8:3D:54:2B:20:9D:C7:FF:45:28:F7:D6:77:B1:83:89:FE:A5:E5:C4:9E:86");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   171
            put("quovadisrootca2g3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   172
                    "8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   173
            put("quovadisrootca3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   174
                    "18:F1:FC:7F:20:5D:F8:AD:DD:EB:7F:E0:07:DD:57:E3:AF:37:5A:9C:4D:8D:73:54:6B:F4:F1:FE:D1:E1:8D:35");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   175
            put("quovadisrootca3g3 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   176
                    "88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   177
            put("secomscrootca1 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   178
                    "E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   179
            put("secomscrootca2 [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   180
                    "51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   181
            put("swisssigngoldg2ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   182
                    "62:DD:0B:E9:B9:F5:0A:16:3E:A0:F8:E7:5C:05:3B:1E:CA:57:EA:55:C8:68:8F:64:7C:68:81:F2:C8:35:7B:95");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   183
            put("swisssignplatinumg2ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   184
                    "3B:22:2E:56:67:11:E9:92:30:0D:C0:B1:5A:B9:47:3D:AF:DE:F8:C8:4D:0C:EF:7D:33:17:B4:C1:82:1D:14:36");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   185
            put("swisssignsilverg2ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   186
                    "BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   187
            put("soneraclass2ca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   188
                    "79:08:B4:03:14:C1:38:10:0B:51:8D:07:35:80:7F:FB:FC:F8:51:8A:00:95:33:71:05:BA:38:6B:15:3D:D9:27");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   189
            put("securetrustca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   190
                    "F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   191
            put("xrampglobalca [jdk]",
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   192
                    "CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2");
50529
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   193
            put("godaddyrootg2ca [jdk]",
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   194
                    "45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA");
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   195
            put("godaddyclass2ca [jdk]",
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   196
                    "C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4");
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   197
            put("starfieldclass2ca [jdk]",
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   198
                    "14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58");
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   199
            put("starfieldrootg2ca [jdk]",
efd199ab8322 8196141: Add GoDaddy root certificates
rhalade
parents: 50334
diff changeset
   200
                    "2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5");
49684
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   201
        }
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   202
    };
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   203
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   204
    // Exception list to 90 days expiry policy
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   205
    private static final HashSet<String> EXPIRY_EXC_ENTRIES
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   206
            = new HashSet<String>(Arrays.asList(
50334
928a93482dd7 8191031: Remove several Symantec Root CAs
rhalade
parents: 50308
diff changeset
   207
                    "gtecybertrustglobalca [jdk]"
49684
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   208
            ));
48256
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   209
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   210
    // Ninety days in milliseconds
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   211
    private static final long NINETY_DAYS = 7776000000L;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   212
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   213
    private static boolean atLeastOneFailed = false;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   214
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   215
    private static MessageDigest md;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   216
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   217
    public static void main(String[] args) throws Exception {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   218
        System.out.println("cacerts file: " + CACERTS);
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   219
        md = MessageDigest.getInstance("SHA-256");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   220
        KeyStore ks = KeyStore.getInstance("JKS");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   221
        ks.load(new FileInputStream(CACERTS), "changeit".toCharArray());
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   222
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   223
        // check the count of certs inside
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   224
        if (ks.size() != COUNT) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   225
            atLeastOneFailed = true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   226
            System.err.println("ERROR: " + ks.size() + " entries, should be "
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   227
                    + COUNT);
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   228
        }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   229
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   230
        // check that all entries in the map are in the keystore
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   231
        for (String alias : FINGERPRINT_MAP.keySet()) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   232
            if (!ks.isCertificateEntry(alias)) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   233
                atLeastOneFailed = true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   234
                System.err.println("ERROR: " + alias + " is not in cacerts");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   235
            }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   236
        }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   237
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   238
        // pull all the trusted self-signed CA certs out of the cacerts file
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   239
        // and verify their signatures
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   240
        Enumeration<String> aliases = ks.aliases();
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   241
        while (aliases.hasMoreElements()) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   242
            String alias = aliases.nextElement();
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   243
            System.out.println("\nVerifying " + alias);
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   244
            if (!ks.isCertificateEntry(alias)) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   245
                atLeastOneFailed = true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   246
                System.err.println("ERROR: " + alias
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   247
                        + " is not a trusted cert entry");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   248
            }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   249
            X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   250
            if (!checkFingerprint(alias, cert)) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   251
                atLeastOneFailed = true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   252
                System.err.println("ERROR: " + alias + " SHA-256 fingerprint is incorrect");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   253
            }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   254
            // Make sure cert can be self-verified
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   255
            try {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   256
                cert.verify(cert.getPublicKey());
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   257
            } catch (Exception e) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   258
                atLeastOneFailed = true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   259
                System.err.println("ERROR: cert cannot be verified:"
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   260
                        + e.getMessage());
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   261
            }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   262
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   263
            // Make sure cert is not expired or not yet valid
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   264
            try {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   265
                cert.checkValidity();
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   266
            } catch (CertificateExpiredException cee) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   267
                atLeastOneFailed = true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   268
                System.err.println("ERROR: cert is expired");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   269
            } catch (CertificateNotYetValidException cne) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   270
                atLeastOneFailed = true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   271
                System.err.println("ERROR: cert is not yet valid");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   272
            }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   273
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   274
            // If cert is within 90 days of expiring, mark as failure so
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   275
            // that cert can be scheduled to be removed/renewed.
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   276
            Date notAfter = cert.getNotAfter();
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   277
            if (notAfter.getTime() - System.currentTimeMillis() < NINETY_DAYS) {
49684
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   278
                if (!EXPIRY_EXC_ENTRIES.contains(alias)) {
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   279
                    atLeastOneFailed = true;
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   280
                    System.err.println("ERROR: cert \"" + alias + "\" expiry \""
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   281
                            + notAfter.toString() + "\" will expire within 90 days");
3cf00fca0fbf 8198240: Allow cacerts test to pass when GTECyberTrust root expires
rhalade
parents: 48256
diff changeset
   282
                }
48256
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   283
            }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   284
        }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   285
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   286
        if (atLeastOneFailed) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   287
            throw new Exception("At least one cacert test failed");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   288
        }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   289
    }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   290
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   291
    private static boolean checkFingerprint(String alias, Certificate cert)
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   292
            throws Exception {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   293
        String fingerprint = FINGERPRINT_MAP.get(alias);
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   294
        if (fingerprint == null) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   295
            // no entry for alias
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   296
            return true;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   297
        }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   298
        System.out.println("Checking fingerprint of " + alias);
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   299
        byte[] digest = md.digest(cert.getEncoded());
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   300
        return fingerprint.equals(toHexString(digest));
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   301
    }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   302
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   303
    private static String toHexString(byte[] block) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   304
        StringBuilder buf = new StringBuilder();
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   305
        int len = block.length;
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   306
        for (int i = 0; i < len; i++) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   307
            buf.append(String.format("%02X", block[i]));
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   308
            if (i < len - 1) {
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   309
                buf.append(":");
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   310
            }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   311
        }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   312
        return buf.toString();
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   313
    }
472f74fb6c6b 8189131: Open-source the Oracle JDK Root Certificates
rhalade
parents:
diff changeset
   314
}