8209452: VerifyCACerts.java failed with "At least one cacert test failed"
authorrhalade
Tue, 14 Aug 2018 10:08:21 -0700
changeset 51400 937fd6b81aaf
parent 51399 3b1ec9d9da43
child 51401 58113ce90caf
8209452: VerifyCACerts.java failed with "At least one cacert test failed" Summary: Allow test to pass even if cert in EXPIRY_EXC_ENTRIES expires Reviewed-by: mullan
test/jdk/lib/security/cacerts/VerifyCACerts.java
--- a/test/jdk/lib/security/cacerts/VerifyCACerts.java	Mon Aug 13 21:57:17 2018 -0700
+++ b/test/jdk/lib/security/cacerts/VerifyCACerts.java	Tue Aug 14 10:08:21 2018 -0700
@@ -24,7 +24,7 @@
 
 /**
  * @test
- * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
+ * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 8209452
  * @summary Check root CA entries in cacerts file
  */
 import java.io.File;
@@ -231,6 +231,7 @@
     };
 
     // Exception list to 90 days expiry policy
+    // No error will be reported if certificate in this list expires
     private static final HashSet<String> EXPIRY_EXC_ENTRIES
             = new HashSet<String>(Arrays.asList(
                     "gtecybertrustglobalca [jdk]"
@@ -293,8 +294,10 @@
             try {
                 cert.checkValidity();
             } catch (CertificateExpiredException cee) {
-                atLeastOneFailed = true;
-                System.err.println("ERROR: cert is expired");
+                if (!EXPIRY_EXC_ENTRIES.contains(alias)) {
+                    atLeastOneFailed = true;
+                    System.err.println("ERROR: cert is expired");
+                }
             } catch (CertificateNotYetValidException cne) {
                 atLeastOneFailed = true;
                 System.err.println("ERROR: cert is not yet valid");