security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails in jdk

Baesken, Matthias matthias.baesken at sap.com
Wed Jul 11 14:43:05 UTC 2018


Hello,  currently  the  security related test

security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java

fails in jdk.


I currently get an  exception :

java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
at ValidatePathWithParams.validate(ValidatePathWithParams.java:193)
at RootCA1.runTest(QuoVadisCA.java:186)
at QuoVadisCA.main(QuoVadisCA.java:64)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:834)

JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
JavaTest Message: shutting down test


... and in stdout  there is  a better message that seems to show the reason ,   a certificate is expected to  be "GOOD"   but it  has been  revoked  Fri Jan 19 15:39:57 CET 2018   .
Should  the  test   be updated  with  more   recent  certs   (seems they are hardwired in the test java source) ?


=====================================================
CONFIGURATION
=====================================================
http.proxyHost :proxy
http.proxyPort :8080
https.proxyHost :proxy
https.proxyPort :8080
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Revocation options :[PREFER_CRLS, NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Fri Jan 19 15:39:57 CET 2018, authority: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, extension OIDs: [2.5.29.21]
Expected Certificate status: GOOD
Certificate status after validation: REVOKED




Best regards, Matthias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180711/892d16a5/attachment.htm>


More information about the security-dev mailing list