1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8209452: VerifyCACerts.java failed with "At least one cacert test failed"

Browse Source 
Allow test to pass even if cert in EXPIRY_EXC_ENTRIES expires

Reviewed-by: mullan
This commit is contained in:
Rajan Halade 2018-08-14 10:08:21 -07:00
parent c283eb190e
commit bfb0a2ea3f
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
test/jdk/lib/security/cacerts/VerifyCACerts.java
View File

@ -24,7 +24,7 @@
/** /**
* @test * @test
* @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 8209452
* @summary Check root CA entries in cacerts file * @summary Check root CA entries in cacerts file
*/ */
import java.io.File; import java.io.File;
@ -231,6 +231,7 @@ public class VerifyCACerts {
}; };
// Exception list to 90 days expiry policy // Exception list to 90 days expiry policy
// No error will be reported if certificate in this list expires
private static final HashSet<String> EXPIRY_EXC_ENTRIES private static final HashSet<String> EXPIRY_EXC_ENTRIES
= new HashSet<String>(Arrays.asList( = new HashSet<String>(Arrays.asList(
"gtecybertrustglobalca [jdk]" "gtecybertrustglobalca [jdk]"
@ -293,8 +294,10 @@ public class VerifyCACerts {
try { try {
cert.checkValidity(); cert.checkValidity();
} catch (CertificateExpiredException cee) { } catch (CertificateExpiredException cee) {
if (!EXPIRY_EXC_ENTRIES.contains(alias)) {
atLeastOneFailed = true; atLeastOneFailed = true;
System.err.println("ERROR: cert is expired"); System.err.println("ERROR: cert is expired");
}
} catch (CertificateNotYetValidException cne) { } catch (CertificateNotYetValidException cne) {
atLeastOneFailed = true; atLeastOneFailed = true;
System.err.println("ERROR: cert is not yet valid"); System.err.println("ERROR: cert is not yet valid");