RFR [13]: 8222089: [TESTBUG] sun/security/lib/cacerts/VerifyCACerts.java fails due to cert within 90-day expiry window

Xuelei Fan xuelei.fan at oracle.com
Mon Apr 8 15:42:04 UTC 2019


Looks good to me.

Xuelei

On 4/8/2019 7:24 AM, Sean Mullan wrote:
> Two DocuSign root CA certificates will expire in 90 days. This is 
> causing failures in mach5 tier 2 and tier 4.
> 
> For now, I have modified the test to exclude these certificates until we 
> can contact the CA vendor to determine if we should remove or replace 
> them, and filed a follow-on issue to track that: 
> https://bugs.openjdk.java.net/browse/JDK-8222121
> 
> bug: https://bugs.openjdk.java.net/browse/JDK-8222089
> 
> diffs:
> 
> diff -r 7b5e2bc79e68 test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
> --- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java      Mon Apr 
> 08 15:54:47 2019 +0300
> +++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java      Mon Apr 
> 08 10:15:29 2019 -0400
> @@ -1,5 +1,5 @@
>   /*
> - * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights 
> reserved.
> + * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights 
> reserved.
>    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>    *
>    * This code is free software; you can redistribute it and/or modify it
> @@ -25,7 +25,7 @@
>   /**
>    * @test
>    * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 
> 8195774 8199779
> - *      8209452 8209506 8210432 8195793
> + *      8209452 8209506 8210432 8195793 8222089
>    * @summary Check root CA entries in cacerts file
>    */
>   import java.io.File;
> @@ -237,7 +237,12 @@
> 
>       // Exception list to 90 days expiry policy
>       // No error will be reported if certificate in this list expires
> -    private static final HashSet<String> EXPIRY_EXC_ENTRIES = new 
> HashSet<>();
> +    private static final HashSet<String> EXPIRY_EXC_ENTRIES = new 
> HashSet<>() {
> +        {
> +            add("certplusclass2primaryca [jdk]");
> +            add("certplusclass3pprimaryca [jdk]");
> +        }
> +    };
> 
>       // Ninety days in milliseconds
>       private static final long NINETY_DAYS = 7776000000L;
> 
> Thanks,
> Sean



More information about the security-dev mailing list