changeset 51453:59614cd6d8dc

8209452: VerifyCACerts.java failed with "At least one cacert test failed" Summary: Allow test to pass even if cert in EXPIRY_EXC_ENTRIES expires Reviewed-by: mullan
author rhalade
date Tue, 14 Aug 2018 09:38:29 -0700
parents 7bd2a286e637
children 06417e487a28
files test/jdk/lib/security/cacerts/VerifyCACerts.java
diffstat 1 files changed, 6 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/test/jdk/lib/security/cacerts/VerifyCACerts.java	Tue Aug 14 11:55:21 2018 +0530
+++ b/test/jdk/lib/security/cacerts/VerifyCACerts.java	Tue Aug 14 09:38:29 2018 -0700
@@ -24,7 +24,7 @@
 
 /**
  * @test
- * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
+ * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 8209452
  * @summary Check root CA entries in cacerts file
  */
 import java.io.File;
@@ -231,6 +231,7 @@
     };
 
     // Exception list to 90 days expiry policy
+    // No error will be reported if certificate in this list expires
     private static final HashSet<String> EXPIRY_EXC_ENTRIES
             = new HashSet<String>(Arrays.asList(
                     "gtecybertrustglobalca [jdk]"
@@ -293,8 +294,10 @@
             try {
                 cert.checkValidity();
             } catch (CertificateExpiredException cee) {
-                atLeastOneFailed = true;
-                System.err.println("ERROR: cert is expired");
+                if (!EXPIRY_EXC_ENTRIES.contains(alias)) {
+                    atLeastOneFailed = true;
+                    System.err.println("ERROR: cert is expired");
+                }
             } catch (CertificateNotYetValidException cne) {
                 atLeastOneFailed = true;
                 System.err.println("ERROR: cert is not yet valid");