8198240: Allow cacerts test to pass when GTECyberTrust root expires
Implemented expiry policy exception list Reviewed-by: mullan
This commit is contained in:
parent
19581edca2
commit
fbf1478b8f
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -23,7 +23,7 @@
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @bug 8189131
|
||||
* @bug 8189131 8198240
|
||||
* @requires java.runtime.name ~= "OpenJDK.*"
|
||||
* @summary Check root CA entries in cacerts file
|
||||
*/
|
||||
@ -40,14 +40,13 @@ public class VerifyCACerts {
|
||||
= System.getProperty("java.home") + File.separator + "lib"
|
||||
+ File.separator + "security" + File.separator + "cacerts";
|
||||
|
||||
private static final String BASE = System.getProperty("test.src", "./");
|
||||
|
||||
// The numbers of certs now.
|
||||
private static final int COUNT = 80;
|
||||
|
||||
// map of cert alias to SHA-256 fingerprint
|
||||
private static final Map<String, String> FINGERPRINT_MAP
|
||||
= new HashMap<String, String>() {{
|
||||
= new HashMap<String, String>() {
|
||||
{
|
||||
put("actalisauthenticationrootca [jdk]",
|
||||
"55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66");
|
||||
put("buypassclass2ca [jdk]",
|
||||
@ -208,7 +207,14 @@ public class VerifyCACerts {
|
||||
"F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73");
|
||||
put("xrampglobalca [jdk]",
|
||||
"CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2");
|
||||
}};
|
||||
}
|
||||
};
|
||||
|
||||
// Exception list to 90 days expiry policy
|
||||
private static final HashSet<String> EXPIRY_EXC_ENTRIES
|
||||
= new HashSet<String>(Arrays.asList(
|
||||
"gtecybertrustglobalca [jdk]"
|
||||
));
|
||||
|
||||
// Ninety days in milliseconds
|
||||
private static final long NINETY_DAYS = 7776000000L;
|
||||
@ -278,8 +284,11 @@ public class VerifyCACerts {
|
||||
// that cert can be scheduled to be removed/renewed.
|
||||
Date notAfter = cert.getNotAfter();
|
||||
if (notAfter.getTime() - System.currentTimeMillis() < NINETY_DAYS) {
|
||||
if (!EXPIRY_EXC_ENTRIES.contains(alias)) {
|
||||
atLeastOneFailed = true;
|
||||
System.err.println("WARNING: cert will expire within 90 days");
|
||||
System.err.println("ERROR: cert \"" + alias + "\" expiry \""
|
||||
+ notAfter.toString() + "\" will expire within 90 days");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user