#-----testresult----- description=file\:/Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java\#certignarootca elapsed=1841 0\:00\:01.841 end=Tue May 07 15\:39\:18 PDT 2024 environment=regtest execStatus=Failed. Execution failed\: `main' threw exception\: java.lang.RuntimeException\: Unhandled exception harnessLoaderMode=Classpath Loader harnessVariety=Full Bundle hostname=localhost javatestOS=Mac OS X 13.4.1 (aarch64) javatestVersion=6.0-ea+b24-2023-08-21-${BUILT_FROM_COMMIT} jtregVersion=jtreg 7.3.1 dev 0 script=com.sun.javatest.regtest.exec.RegressionScript sections=script_messages build compile build main start=Tue May 07 15\:39\:16 PDT 2024 test=security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java\#certignarootca testJDK=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/images/jdk testJDK_OS=[name\:Mac OS X,arch\:aarch64,version\:13.4.1,family\:mac,simple_arch\:aarch64,simple_version\:13.4,processors\:8,maxMemory\:8589934592,maxSwap\:3221225472] testJDK_os.arch=aarch64 testJDK_os.name=Mac OS X testJDK_os.version=13.4.1 totalTime=1841 user.name=serb work=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/security/infra/java/security/cert/CertPathValidator/certification #section:script_messages ----------messages:(7/589)---------- JDK under test: /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/images/jdk openjdk version "23-internal" 2024-09-17 OpenJDK Runtime Environment (build 23-internal-adhoc.serb.jdk) OpenJDK 64-Bit Server VM (build 23-internal-adhoc.serb.jdk, mixed mode, sharing) Library /test/lib; kind: packages source directory: /Users/serb/moe/ws/openjdk/jdk/test/lib class directory: /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/test/lib #section:build ----------messages:(7/328)---------- command: build jtreg.SkippedException ValidatePathWithURL CAInterop reason: User specified action: run build jtreg.SkippedException ValidatePathWithURL CAInterop started: Tue May 07 15:39:16 PDT 2024 Test directory: compile: ValidatePathWithURL, CAInterop finished: Tue May 07 15:39:16 PDT 2024 elapsed time (seconds): 0.047 result: Passed. Build successful #section:compile ----------messages:(7/452)---------- command: compile /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java reason: .class file out of date or does not exist started: Tue May 07 15:39:16 PDT 2024 Mode: agentvm Agent id: 4 finished: Tue May 07 15:39:16 PDT 2024 elapsed time (seconds): 0.047 ----------configuration:(12/1205)---------- Boot Layer (javac runtime environment) class path: /Users/serb/moe/soft/jtreg/lib/javatest.jar /Users/serb/moe/soft/jtreg/lib/jtreg.jar patch: java.base /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/patches/java.base javac compilation environment source path: /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification /Users/serb/moe/ws/openjdk/jdk/test/lib class path: /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/security/infra/java/security/cert/CertPathValidator/certification/CAInterop_certignarootca.d /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/test/lib ----------rerun:(32/5312)*---------- cd /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/scratch/1 && \\ HOME=/Users/serb \\ LANG=en_US.UTF-8 \\ LC_ALL=C \\ PATH=/bin:/usr/bin:/usr/sbin \\ TEST_IMAGE_DIR=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/images/test \\ /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/images/jdk/bin/javac \\ -J-Xmx768m \\ -J-XX:MaxRAMPercentage=6.25 \\ -J-Dtest.boot.jdk=/Users/serb/moe/soft/jdk/jdk-22 \\ -J-Djava.io.tmpdir=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/tmp \\ -J-ea \\ -J-esa \\ -J-Dtest.vm.opts='-Xmx768m -XX:MaxRAMPercentage=6.25 -Dtest.boot.jdk=/Users/serb/moe/soft/jdk/jdk-22 -Djava.io.tmpdir=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/tmp -ea -esa' \\ -J-Dtest.tool.vm.opts='-J-Xmx768m -J-XX:MaxRAMPercentage=6.25 -J-Dtest.boot.jdk=/Users/serb/moe/soft/jdk/jdk-22 -J-Djava.io.tmpdir=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/tmp -J-ea -J-esa' \\ -J-Dtest.compiler.opts= \\ -J-Dtest.java.opts= \\ -J-Dtest.jdk=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/images/jdk \\ -J-Dcompile.jdk=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/images/jdk \\ -J-Dtest.timeout.factor=4.0 \\ -J-Dtest.nativepath=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/images/test/jdk/jtreg/native \\ -J-Dtest.root=/Users/serb/moe/ws/openjdk/jdk/test/jdk \\ -J-Dtest.name=security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certignarootca \\ -J-Dtest.file=/Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java \\ -J-Dtest.src=/Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.src.path=/Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification:/Users/serb/moe/ws/openjdk/jdk/test/lib \\ -J-Dtest.classes=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/security/infra/java/security/cert/CertPathValidator/certification/CAInterop_certignarootca.d \\ -J-Dtest.class.path=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/security/infra/java/security/cert/CertPathValidator/certification/CAInterop_certignarootca.d:/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/test/lib \\ -J-Dtest.class.path.prefix=/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/security/infra/java/security/cert/CertPathValidator/certification/CAInterop_certignarootca.d:/Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification:/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/test/lib \\ -d /Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/security/infra/java/security/cert/CertPathValidator/certification/CAInterop_certignarootca.d \\ -sourcepath /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification:/Users/serb/moe/ws/openjdk/jdk/test/lib \\ -classpath /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification:/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/security/infra/java/security/cert/CertPathValidator/certification/CAInterop_certignarootca.d:/Users/serb/moe/ws/openjdk/jdk/build/macosx-aarch64-server-release/test-support/jtreg_test_jdk_security_infra_java_security_cert_CertPathValidator_certification_CAInterop_java/classes/2/test/lib /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java ----------direct:(2/226)---------- Note: /Users/serb/moe/ws/openjdk/jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithURL.java uses or overrides a deprecated API. Note: Recompile with -Xlint:deprecation for details. result: Passed. Compilation successful #section:build ----------messages:(5/169)---------- command: build CAInterop reason: Named class compiled on demand started: Tue May 07 15:39:16 PDT 2024 finished: Tue May 07 15:39:16 PDT 2024 elapsed time (seconds): 0.0 result: Passed. All files up to date #section:main ----------messages:(6/337)---------- command: main -Djava.security.debug=certpath,ocsp CAInterop certignarootca OCSP reason: User specified action: run main/othervm -Djava.security.debug=certpath,ocsp CAInterop certignarootca OCSP started: Tue May 07 15:39:16 PDT 2024 Mode: othervm [/othervm specified] finished: Tue May 07 15:39:18 PDT 2024 elapsed time (seconds): 1.793 ----------configuration:(0/0)---------- ----------System.out:(16/770)---------- ===================================================== CONFIGURATION ===================================================== http.proxyHost :null http.proxyPort :null https.proxyHost :null https.proxyPort :null https.socksProxyHost :null https.socksProxyPort :null jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01 com.sun.security.enableCRLDP :false ocsp.enable :true ===================================================== ===== Validate https://valid.servicesca.dhimyotis.com===== SSLHandshakeException: (certificate_unknown) PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder ----------System.err:(495/26215)*---------- certpath: Constraints: 3DES_EDE_CBC certpath: Constraints: anon certpath: Constraints: DES certpath: Constraints: DH keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: DTLSv1.0 certpath: Constraints: EC keySize < 224 certpath: Constraints set to keySize: keySize < 224 certpath: Constraints: ECDH certpath: Constraints: MD5withRSA certpath: Constraints: NULL certpath: Constraints: RC4 certpath: Constraints: SSLv3 certpath: Constraints: TLSv1 certpath: Constraints: TLSv1.1 certpath: Constraints: DSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: EC keySize < 224 certpath: Constraints set to keySize: keySize < 224 certpath: Constraints: MD2 certpath: Constraints: MD5 certpath: Constraints: RSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: SHA1 jdkCA & usage TLSServer certpath: Constraints set to jdkCA. certpath: Constraints usage length is 1 certpath: Constraints: SHA1 usage SignedJAR & denyAfter 2019-01-01 certpath: Constraints usage length is 1 certpath: Constraints set to denyAfter certpath: DenyAfterConstraint read in as: year 2019, month = 1, day = 1 certpath: DenyAfterConstraint date set to: 2019-01-01 certpath: PKIXCertPathValidator.engineValidate()... certpath: X509CertSelector.match(Serial number: 00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(Serial number: 00:fe:dc:e3:01:0f:c9:48:ff Issuer: CN=Certigna, O=Dhimyotis, C=FR Subject: CN=Certigna, O=Dhimyotis, C=FR) certpath: X509CertSelector.match returning: true certpath: YES - try this trustedCert certpath: anchor.getTrustedCert().getSubjectX500Principal() = CN=Certigna, O=Dhimyotis, C=FR certpath: Constraints: DSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: EC keySize < 224 certpath: Constraints set to keySize: keySize < 224 certpath: Constraints: MD2 certpath: Constraints: MD5 certpath: Constraints: RSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: SHA1 jdkCA & usage TLSServer certpath: Constraints set to jdkCA. certpath: Constraints usage length is 1 certpath: Constraints: SHA1 usage SignedJAR & denyAfter 2019-01-01 certpath: Constraints usage length is 1 certpath: Constraints set to denyAfter certpath: DenyAfterConstraint read in as: year 2019, month = 1, day = 1 certpath: DenyAfterConstraint date set to: 2019-01-01 certpath: -------------------------------------------------------------- certpath: Executing PKIX certification path validation algorithm. certpath: Checking cert1 - Subject: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR certpath: Set of critical extensions: {2.5.29.15, 2.5.29.19} certpath: -Using checker1 ... [sun.security.provider.certpath.UntrustedChecker] certpath: -checker1 validation succeeded certpath: -Using checker2 ... [sun.security.provider.certpath.AlgorithmChecker] certpath: Constraints.permits(): RSA, [ Variant: tls server Anchor: [ Trusted CA cert: [ [ Version: V3 Subject: CN=Certigna, O=Dhimyotis, C=FR Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits params: null modulus: 25299411048044776969593681679818576096359975206066984687790076369437426882235553046073850440124782149425193624707953490148324110482130337930538054398767474634364037347936334767200066645577133378744557613981618443362847941055847124823749589378214875989151343582421017317358429738277089863789293031941294164661707025805980118194465206511770258394031130715120126687635265971490981544347895982127997494906298643806115433957271132050068964924493661523546162028063498844463898035937758043065356159115686490478162465261975519951470818732328078138388203080225383622696480204011516000403482059110976451876146773138103757965023 public exponent: 65537 Validity: [From: Fri Jun 29 08:13:05 PDT 2007, To: Tue Jun 29 08:13:05 PDT 2027] Issuer: CN=Certigna, O=Dhimyotis, C=FR SerialNumber: 00:fe:dc:e3:01:0f:c9:48:ff Certificate Extensions: 5 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 1A ED FE 41 39 90 B4 24 59 BE 01 F2 52 D5 45 F6 ...A9..$Y...R.E. 0010: 5A 39 DC 11 Z9.. ] [CN=Certigna, O=Dhimyotis, C=FR] SerialNumber: 00:fe:dc:e3:01:0f:c9:48:ff ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen: no limit ] [3]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [4]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL CA S/MIME CA Object Signing CA] [5]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 1A ED FE 41 39 90 B4 24 59 BE 01 F2 52 D5 45 F6 ...A9..$Y...R.E. 0010: 5A 39 DC 11 Z9.. ] ] ] Algorithm: [SHA1withRSA] Signature: 0000: 85 03 1E 92 71 F6 42 AF E1 A3 61 9E EB F3 C0 0F ....q.B...a..... 0010: F2 A5 D4 DA 95 E6 D6 BE 68 36 3D 7E 6E 1F 4C 8A ........h6=.n.L. 0020: EF D1 0F 21 6D 5E A5 52 63 CE 12 F8 EF 2A DA 6F ...!m^.Rc....*.o 0030: EB 37 FE 13 02 C7 CB 3B 3E 22 6B DA 61 2E 7F D4 .7.....;>"k.a... 0040: 72 3D DD 30 E1 1E 4C 40 19 8C 0F D7 9C D1 83 30 r=.0..L@.......0 0050: 7B 98 59 DC 7D C6 B9 0C 29 4C A1 33 A2 EB 67 3A ..Y.....)L.3..g: 0060: 65 84 D3 96 E2 ED 76 45 70 8F B5 2B DE F9 23 D6 e.....vEp..+..#. 0070: 49 6E 3C 14 B5 C6 9F 35 1E 50 D0 C1 8F 6A 70 44 In<....5.P...jpD 0080: 02 62 CB AE 1D 68 41 A7 AA 57 E8 53 AA 07 D2 06 .b...hA..W.S.... 0090: F6 D5 14 06 0B 91 03 75 2C 6C 72 B5 61 95 9A 0D .......u,lr.a... 00A0: 8B B9 0D E7 F5 DF 54 CD DE E6 D8 D6 09 08 97 63 ......T........c 00B0: E5 C1 2E B0 B7 44 26 C0 26 C0 AF 55 30 9E 3B D5 .....D&.&..U0.;. 00C0: 36 2A 19 04 F4 5C 1E FF CF 2C B7 FF D0 FD 87 40 6*...\\...,.....@ 00D0: 11 D5 11 23 BB 48 C0 21 A9 A4 28 2D FD 15 F8 B0 ...#.H.!..(-.... 00E0: 4E 2B F4 30 5B 21 FC 11 91 34 BE 41 EF 7B 9D 97 N+.0[!...4.A.... 00F0: 75 FF 97 95 C0 96 58 2F EA BB 46 D7 BB E4 D9 2E u.....X/..F..... ] Key: RSA Date: Tue May 07 15:39:18 PDT 2024 ] certpath: Constraints.permits(): SHA256withRSA, [ Variant: tls server Anchor: [ Trusted CA cert: [ [ Version: V3 Subject: CN=Certigna, O=Dhimyotis, C=FR Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits params: null modulus: 25299411048044776969593681679818576096359975206066984687790076369437426882235553046073850440124782149425193624707953490148324110482130337930538054398767474634364037347936334767200066645577133378744557613981618443362847941055847124823749589378214875989151343582421017317358429738277089863789293031941294164661707025805980118194465206511770258394031130715120126687635265971490981544347895982127997494906298643806115433957271132050068964924493661523546162028063498844463898035937758043065356159115686490478162465261975519951470818732328078138388203080225383622696480204011516000403482059110976451876146773138103757965023 public exponent: 65537 Validity: [From: Fri Jun 29 08:13:05 PDT 2007, To: Tue Jun 29 08:13:05 PDT 2027] Issuer: CN=Certigna, O=Dhimyotis, C=FR SerialNumber: 00:fe:dc:e3:01:0f:c9:48:ff Certificate Extensions: 5 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 1A ED FE 41 39 90 B4 24 59 BE 01 F2 52 D5 45 F6 ...A9..$Y...R.E. 0010: 5A 39 DC 11 Z9.. ] [CN=Certigna, O=Dhimyotis, C=FR] SerialNumber: 00:fe:dc:e3:01:0f:c9:48:ff ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen: no limit ] [3]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [4]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL CA S/MIME CA Object Signing CA] [5]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 1A ED FE 41 39 90 B4 24 59 BE 01 F2 52 D5 45 F6 ...A9..$Y...R.E. 0010: 5A 39 DC 11 Z9.. ] ] ] Algorithm: [SHA1withRSA] Signature: 0000: 85 03 1E 92 71 F6 42 AF E1 A3 61 9E EB F3 C0 0F ....q.B...a..... 0010: F2 A5 D4 DA 95 E6 D6 BE 68 36 3D 7E 6E 1F 4C 8A ........h6=.n.L. 0020: EF D1 0F 21 6D 5E A5 52 63 CE 12 F8 EF 2A DA 6F ...!m^.Rc....*.o 0030: EB 37 FE 13 02 C7 CB 3B 3E 22 6B DA 61 2E 7F D4 .7.....;>"k.a... 0040: 72 3D DD 30 E1 1E 4C 40 19 8C 0F D7 9C D1 83 30 r=.0..L@.......0 0050: 7B 98 59 DC 7D C6 B9 0C 29 4C A1 33 A2 EB 67 3A ..Y.....)L.3..g: 0060: 65 84 D3 96 E2 ED 76 45 70 8F B5 2B DE F9 23 D6 e.....vEp..+..#. 0070: 49 6E 3C 14 B5 C6 9F 35 1E 50 D0 C1 8F 6A 70 44 In<....5.P...jpD 0080: 02 62 CB AE 1D 68 41 A7 AA 57 E8 53 AA 07 D2 06 .b...hA..W.S.... 0090: F6 D5 14 06 0B 91 03 75 2C 6C 72 B5 61 95 9A 0D .......u,lr.a... 00A0: 8B B9 0D E7 F5 DF 54 CD DE E6 D8 D6 09 08 97 63 ......T........c 00B0: E5 C1 2E B0 B7 44 26 C0 26 C0 AF 55 30 9E 3B D5 .....D&.&..U0.;. 00C0: 36 2A 19 04 F4 5C 1E FF CF 2C B7 FF D0 FD 87 40 6*...\\...,.....@ 00D0: 11 D5 11 23 BB 48 C0 21 A9 A4 28 2D FD 15 F8 B0 ...#.H.!..(-.... 00E0: 4E 2B F4 30 5B 21 FC 11 91 34 BE 41 EF 7B 9D 97 N+.0[!...4.A.... 00F0: 75 FF 97 95 C0 96 58 2F EA BB 46 D7 BB E4 D9 2E u.....X/..F..... ] Cert Issuer: CN=Certigna, O=Dhimyotis, C=FR Cert Subject: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR Key: RSA Date: Tue May 07 15:39:18 PDT 2024 ] certpath: -checker2 validation succeeded certpath: -Using checker3 ... [sun.security.provider.certpath.KeyChecker] certpath: KeyChecker.verifyCAKeyUsage() ---checking CA key usage... certpath: KeyChecker.verifyCAKeyUsage() CA key usage verified. certpath: -checker3 validation succeeded certpath: -Using checker4 ... [sun.security.provider.certpath.ConstraintsChecker] certpath: ---checking basic constraints... certpath: i = 1, maxPathLength = 2 certpath: after processing, maxPathLength = 0 certpath: basic constraints verified. certpath: ---checking name constraints... certpath: prevNC = null, newNC = null certpath: mergedNC = null certpath: name constraints verified. certpath: -checker4 validation succeeded certpath: -Using checker5 ... [sun.security.provider.certpath.PolicyChecker] certpath: PolicyChecker.checkPolicy() ---checking certificate policies... certpath: PolicyChecker.checkPolicy() certIndex = 1 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = anyPolicy ROOT certpath: PolicyChecker.processPolicies() policiesCritical = false certpath: PolicyChecker.processPolicies() rejectPolicyQualifiers = true certpath: PolicyChecker.processPolicies() processing policy: 1.2.250.1.177.1.0.1.2 certpath: PolicyChecker.processParents(): matchAny = false certpath: PolicyChecker.processParents(): matchAny = true certpath: PolicyChecker.processParents() found parent: anyPolicy ROOT certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = anyPolicy ROOT 1.2.250.1.177.1.0.1.2 CRIT: false EP: 1.2.250.1.177.1.0.1.2 (1) certpath: PolicyChecker.checkPolicy() certificate policies verified certpath: -checker5 validation succeeded certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker] certpath: ---checking validity:Tue May 07 15:39:18 PDT 2024... certpath: validity verified. certpath: ---checking subject/issuer name chaining... certpath: subject/issuer name chaining verified. certpath: ---checking signature... certpath: signature verified. certpath: BasicChecker.updateState issuer: CN=Certigna, O=Dhimyotis, C=FR; subject: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR; serial#: 6f:82:fa:28:ac:d6:f7:84:bb:5b:12:0b:a8:73:67:ad certpath: -checker6 validation succeeded certpath: -Using checker7 ... [sun.security.provider.certpath.RevocationChecker] certpath: RevocationChecker.check: checking cert SN: 6f:82:fa:28:ac:d6:f7:84:bb:5b:12:0b:a8:73:67:ad Subject: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR Issuer: CN=Certigna, O=Dhimyotis, C=FR certpath: com.sun.security.ocsp.timeout set to 15000 milliseconds certpath: com.sun.security.ocsp.readtimeout set to 15000 milliseconds certpath: com.sun.security.ocsp.useget set to true certpath: RevocationChecker.check() Certificate does not specify OCSP responder certpath: RevocationChecker.check() preparing to failover certpath: RevocationChecker.checkCRLs() ---checking revocation status ... certpath: RevocationChecker.checkCRLs() possible crls.size() = 0 certpath: RevocationChecker.checkCRLs() approved crls.size() = 0 certpath: RevocationChecker.verifyWithSeparateSigningKey() ---checking revocation status... certpath: RevocationChecker.buildToNewKey() starting work certpath: RevocationChecker.buildToNewKey() about to try build ... certpath: SunCertPathBuilder.engineBuild([ [ Trust Anchors: [[ Trusted CA cert: [ [ Version: V3 Subject: CN=Certigna, O=Dhimyotis, C=FR Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits params: null modulus: 25299411048044776969593681679818576096359975206066984687790076369437426882235553046073850440124782149425193624707953490148324110482130337930538054398767474634364037347936334767200066645577133378744557613981618443362847941055847124823749589378214875989151343582421017317358429738277089863789293031941294164661707025805980118194465206511770258394031130715120126687635265971490981544347895982127997494906298643806115433957271132050068964924493661523546162028063498844463898035937758043065356159115686490478162465261975519951470818732328078138388203080225383622696480204011516000403482059110976451876146773138103757965023 public exponent: 65537 Validity: [From: Fri Jun 29 08:13:05 PDT 2007, To: Tue Jun 29 08:13:05 PDT 2027] Issuer: CN=Certigna, O=Dhimyotis, C=FR SerialNumber: 00:fe:dc:e3:01:0f:c9:48:ff Certificate Extensions: 5 [1]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 1A ED FE 41 39 90 B4 24 59 BE 01 F2 52 D5 45 F6 ...A9..$Y...R.E. 0010: 5A 39 DC 11 Z9.. ] [CN=Certigna, O=Dhimyotis, C=FR] SerialNumber: 00:fe:dc:e3:01:0f:c9:48:ff ] [2]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen: no limit ] [3]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [4]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL CA S/MIME CA Object Signing CA] [5]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 1A ED FE 41 39 90 B4 24 59 BE 01 F2 52 D5 45 F6 ...A9..$Y...R.E. 0010: 5A 39 DC 11 Z9.. ] ] ] Algorithm: [SHA1withRSA] Signature: 0000: 85 03 1E 92 71 F6 42 AF E1 A3 61 9E EB F3 C0 0F ....q.B...a..... 0010: F2 A5 D4 DA 95 E6 D6 BE 68 36 3D 7E 6E 1F 4C 8A ........h6=.n.L. 0020: EF D1 0F 21 6D 5E A5 52 63 CE 12 F8 EF 2A DA 6F ...!m^.Rc....*.o 0030: EB 37 FE 13 02 C7 CB 3B 3E 22 6B DA 61 2E 7F D4 .7.....;>"k.a... 0040: 72 3D DD 30 E1 1E 4C 40 19 8C 0F D7 9C D1 83 30 r=.0..L@.......0 0050: 7B 98 59 DC 7D C6 B9 0C 29 4C A1 33 A2 EB 67 3A ..Y.....)L.3..g: 0060: 65 84 D3 96 E2 ED 76 45 70 8F B5 2B DE F9 23 D6 e.....vEp..+..#. 0070: 49 6E 3C 14 B5 C6 9F 35 1E 50 D0 C1 8F 6A 70 44 In<....5.P...jpD 0080: 02 62 CB AE 1D 68 41 A7 AA 57 E8 53 AA 07 D2 06 .b...hA..W.S.... 0090: F6 D5 14 06 0B 91 03 75 2C 6C 72 B5 61 95 9A 0D .......u,lr.a... 00A0: 8B B9 0D E7 F5 DF 54 CD DE E6 D8 D6 09 08 97 63 ......T........c 00B0: E5 C1 2E B0 B7 44 26 C0 26 C0 AF 55 30 9E 3B D5 .....D&.&..U0.;. 00C0: 36 2A 19 04 F4 5C 1E FF CF 2C B7 FF D0 FD 87 40 6*...\\...,.....@ 00D0: 11 D5 11 23 BB 48 C0 21 A9 A4 28 2D FD 15 F8 B0 ...#.H.!..(-.... 00E0: 4E 2B F4 30 5B 21 FC 11 91 34 BE 41 EF 7B 9D 97 N+.0[!...4.A.... 00F0: 75 FF 97 95 C0 96 58 2F EA BB 46 D7 BB E4 D9 2E u.....X/..F..... ] ] Initial Policy OIDs: any Validity Date: Tue May 07 15:39:18 PDT 2024 Signature Provider: null Default Revocation Enabled: false Explicit Policy Required: false Policy Mapping Inhibited: false Any Policy Inhibited: false Policy Qualifiers Rejected: true Target Cert Constraints: RejectKeySelector: [ X509CertSelector: [ Subject: CN=Certigna,O=Dhimyotis,C=FR matchAllSubjectAltNames flag: true Key Usage: KeyUsage [ Crl_Sign ] ][Sun RSA public key, 2048 bits params: null modulus: 25299411048044776969593681679818576096359975206066984687790076369437426882235553046073850440124782149425193624707953490148324110482130337930538054398767474634364037347936334767200066645577133378744557613981618443362847941055847124823749589378214875989151343582421017317358429738277089863789293031941294164661707025805980118194465206511770258394031130715120126687635265971490981544347895982127997494906298643806115433957271132050068964924493661523546162028063498844463898035937758043065356159115686490478162465261975519951470818732328078138388203080225383622696480204011516000403482059110976451876146773138103757965023 public exponent: 65537]] Certification Path Checkers: [[sun.security.provider.certpath.AlgorithmChecker@5fc547fb]] CertStores: [[java.security.cert.CertStore@4e29c44c]] ] Maximum Path Length: 5 ] ) certpath: SunCertPathBuilder.buildForward()... certpath: SunCertPathBuilder.depthFirstSearchForward(CN=Certigna, O=Dhimyotis, C=FR, State [ issuerDN of last cert: null traversedCACerts: 0 init: true selfIssued: false ] ) certpath: ForwardBuilder.getMatchingCerts()... certpath: ForwardBuilder.getMatchingEECerts()... certpath: X509CertSelector.match(Serial number: 6f:82:fa:28:ac:d6:f7:84:bb:5b:12:0b:a8:73:67:ad Issuer: CN=Certigna, O=Dhimyotis, C=FR Subject: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(Serial number: 1b:19:cc:0a:8b:05:e0:83:07:ea:dd:1d:9f:4c:2d:3f Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR Subject: SERIALNUMBER=S304011558, CN=valid.servicesca.dhimyotis.com, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR) certpath: X509CertSelector.match: subject DNs don't match certpath: ForwardBuilder.getMatchingCACerts()... certpath: ForwardBuilder.getMatchingCACerts(): the target is a CA certpath: X509CertSelector.match(Serial number: 00:fe:dc:e3:01:0f:c9:48:ff Issuer: CN=Certigna, O=Dhimyotis, C=FR Subject: CN=Certigna, O=Dhimyotis, C=FR) certpath: X509CertSelector.match returning: true certpath: RejectKeySelector.match: bad key certpath: X509CertSelector.match(Serial number: 6f:82:fa:28:ac:d6:f7:84:bb:5b:12:0b:a8:73:67:ad Issuer: CN=Certigna, O=Dhimyotis, C=FR Subject: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(Serial number: 1b:19:cc:0a:8b:05:e0:83:07:ea:dd:1d:9f:4c:2d:3f Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036, OU=0002 48146308100036, O=DHIMYOTIS, C=FR Subject: SERIALNUMBER=S304011558, CN=valid.servicesca.dhimyotis.com, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR) certpath: X509CertSelector.match: subject DNs don't match certpath: ForwardBuilder.getMatchingCACerts: found 0 CA certs certpath: SunCertPathBuilder.depthFirstSearchForward(): certs.size=0 certpath: RevocationChecker.check() failover failed certpath: RevocationChecker.check() Could not determine revocation status java.lang.RuntimeException: Unhandled exception at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:176) at ValidatePathWithURL.validateDomain(ValidatePathWithURL.java:128) at CAInterop.validate(CAInterop.java:755) at CAInterop.main(CAInterop.java:697) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138) at java.base/java.lang.Thread.run(Thread.java:1575) Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1326) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1203) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1146) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1507) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1422) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141) at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:142) ... 7 more Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:318) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:267) at java.base/sun.security.validator.Validator.validate(Validator.java:256) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1310) ... 22 more Caused by: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:224) at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:144) at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83) at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309) at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:313) ... 27 more Caused by: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder at java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:741) at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:369) at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:343) at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) ... 32 more Suppressed: java.security.cert.CertPathValidatorException: Could not determine revocation status at java.base/sun.security.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1146) at java.base/sun.security.provider.certpath.RevocationChecker.verifyWithSeparateSigningKey(RevocationChecker.java:965) at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:607) at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:470) at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:399) ... 34 more