Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8207059

Update test certificates in QuoVadisCA.java test

    XMLWordPrintable

Details

    Backports

      Description

        Received via a report to security-dev from matthias.baesken@sap.com
        ----------------------------------

        security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java

        fails in jdk.

        I currently get an exception :

        java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
        at ValidatePathWithParams.validate(ValidatePathWithParams.java:193)
        at RootCA1.runTest(QuoVadisCA.java:186)
        at QuoVadisCA.main(QuoVadisCA.java:64)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
        at java.base/java.lang.Thread.run(Thread.java:834)

        JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
        JavaTest Message: shutting down test

         … and in stdout there is a better message that seems to show the reason , a certificate is expected to be “GOOD” but it has been revoked Fri Jan 19 15:39:57 CET 2018 .

        Should the test be updated with more recent certs (seems they are hardwired in the test java source) ?

         =====================================================

        CONFIGURATION

        =====================================================

        http.proxyHost :proxy

        http.proxyPort :8080

        https.proxyHost :proxy

        https.proxyPort :8080

        https.socksProxyHost :null

        https.socksProxyPort :null

        jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

        Revocation options :[PREFER_CRLS, NO_FALLBACK]

        OCSP responder set :null

        Trusted root set: false

        Expected EE Status:GOOD

        =====================================================

        Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Fri Jan 19 15:39:57 CET 2018, authority: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, extension OIDs: [2.5.29.21]

        Expected Certificate status: GOOD

        Certificate status after validation: REVOKED

         

        Attachments

          Issue Links

            Activity

              People

                rhalade Rajan Halade
                rhalade Rajan Halade
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: