----------System.out:(19/942)---------- ===================================================== CONFIGURATION ===================================================== http.proxyHost :null http.proxyPort :null https.proxyHost :null https.proxyPort :null https.socksProxyHost :null https.socksProxyPort :null jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 Revocation options :[NO_FALLBACK] OCSP responder set :null Trusted root set: false Expected EE Status:GOOD ===================================================== Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Wed Oct 02 15:06:24 CEST 2019, authority: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, extension OIDs: [] Expected Certificate status: GOOD Certificate status after validation: REVOKED ----------System.err:(226/15601)---------- certpath: PKIXCertPathValidator.engineValidate()... certpath: X509CertSelector.match(SN: 9b7e0649a33e62b9d5ee90487129ef57 Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 3c9131cb1ff6d01b0e9ab8d044bf12be Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 10020 Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 7dd9fe07cfa81eb7107967fba78934c6 Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 36122296c5e338a520a1d25f4cd70954 Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: b92f60cc889fa17a4609b85b706c8aaf Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 4caaf9cadb636fe01ff74ed85b03869d Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB) certpath: X509CertSelector.match returning: true certpath: YES - try this trustedCert certpath: anchor.getTrustedCert().getSubjectX500Principal() = CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB certpath: Constraints: MD2 certpath: Constraints: MD5 certpath: Constraints: SHA1 jdkCA & usage TLSServer certpath: Constraints set to jdkCA. certpath: Constraints usage length is 1 certpath: Constraints: RSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: DSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: EC keySize < 224 certpath: Constraints set to keySize: keySize < 224 certpath: AlgorithmChecker.contains: SHA384withRSA certpath: AnchorCertificate.contains: matched CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB certpath: trustedMatch = true certpath: -------------------------------------------------------------- certpath: Executing PKIX certification path validation algorithm. certpath: Checking cert1 - Subject: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB certpath: Set of critical extensions: {2.5.29.15, 2.5.29.19} certpath: -Using checker1 ... [sun.security.provider.certpath.UntrustedChecker] certpath: -checker1 validation succeeded certpath: -Using checker2 ... [sun.security.provider.certpath.AlgorithmChecker] certpath: Constraints.permits(): SHA384withRSA Variant: generic certpath: KeySizeConstraints.permits(): RSA certpath: -checker2 validation succeeded certpath: -Using checker3 ... [sun.security.provider.certpath.KeyChecker] certpath: KeyChecker.verifyCAKeyUsage() ---checking CA key usage... certpath: KeyChecker.verifyCAKeyUsage() CA key usage verified. certpath: -checker3 validation succeeded certpath: -Using checker4 ... [sun.security.provider.certpath.ConstraintsChecker] certpath: ---checking basic constraints... certpath: i = 1, maxPathLength = 2 certpath: after processing, maxPathLength = 0 certpath: basic constraints verified. certpath: ---checking name constraints... certpath: prevNC = null, newNC = null certpath: mergedNC = null certpath: name constraints verified. certpath: -checker4 validation succeeded certpath: -Using checker5 ... [sun.security.provider.certpath.PolicyChecker] certpath: PolicyChecker.checkPolicy() ---checking certificate policies... certpath: PolicyChecker.checkPolicy() certIndex = 1 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = anyPolicy ROOT certpath: PolicyChecker.processPolicies() policiesCritical = false certpath: PolicyChecker.processPolicies() rejectPolicyQualifiers = true certpath: PolicyChecker.processPolicies() processing policy: 2.5.29.32.0 certpath: PolicyChecker.processParents(): matchAny = true certpath: PolicyChecker.processParents() found parent: anyPolicy ROOT certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = anyPolicy ROOT anyPolicy CRIT: false EP: anyPolicy (1) certpath: PolicyChecker.checkPolicy() certificate policies verified certpath: -checker5 validation succeeded certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker] certpath: ---checking validity:Fri Oct 04 03:33:31 CEST 2019... certpath: validity verified. certpath: ---checking subject/issuer name chaining... certpath: subject/issuer name chaining verified. certpath: ---checking signature... certpath: signature verified. certpath: BasicChecker.updateState issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB; subject: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB; serial#: 8843850678629180984542216369971314136 certpath: -checker6 validation succeeded certpath: -Using checker7 ... [sun.security.provider.certpath.RevocationChecker] certpath: RevocationChecker.check: checking cert SN: 06a74380 d4ebfed4 35b5a3f7 e16abdd8 Subject: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB certpath: connecting to OCSP service at: http://ocsp.comodoca.com certpath: OCSP response status: SUCCESSFUL certpath: OCSP response type: basic certpath: Responder ID: byKey: BBAF7E023DFAA6F13C848EADEE3898ECD93232D4 certpath: OCSP response produced at: Tue Oct 01 15:15:20 CEST 2019 certpath: OCSP number of SingleResponses: 1 certpath: thisUpdate: Tue Oct 01 15:15:20 CEST 2019 certpath: nextUpdate: Tue Oct 08 15:15:20 CEST 2019 certpath: Status of certificate (with serial number 8843850678629180984542216369971314136) is: GOOD certpath: OCSP response is signed by the target's Issuing CA certpath: Constraints.permits(): SHA384withRSA Variant: generic certpath: Verified signature of OCSP Response certpath: OCSP response validity interval is from Tue Oct 01 15:15:20 CEST 2019 until Tue Oct 08 15:15:20 CEST 2019 certpath: Checking validity of OCSP response on: Fri Oct 04 03:33:31 CEST 2019 certpath: -checker7 validation succeeded certpath: cert1 validation succeeded. certpath: Checking cert2 - Subject: CN=comodorsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, O=Sectigo Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 certpath: Set of critical extensions: {2.5.29.15, 2.5.29.19} certpath: -Using checker1 ... [sun.security.provider.certpath.UntrustedChecker] certpath: -checker1 validation succeeded certpath: -Using checker2 ... [sun.security.provider.certpath.AlgorithmChecker] certpath: Constraints.permits(): SHA256withRSA Variant: generic certpath: KeySizeConstraints.permits(): RSA certpath: -checker2 validation succeeded certpath: -Using checker3 ... [sun.security.provider.certpath.KeyChecker] certpath: -checker3 validation succeeded certpath: -Using checker4 ... [sun.security.provider.certpath.ConstraintsChecker] certpath: ---checking basic constraints... certpath: i = 2, maxPathLength = 0 certpath: after processing, maxPathLength = 0 certpath: basic constraints verified. certpath: ---checking name constraints... certpath: prevNC = null, newNC = null certpath: mergedNC = null certpath: name constraints verified. certpath: -checker4 validation succeeded certpath: -Using checker5 ... [sun.security.provider.certpath.PolicyChecker] certpath: PolicyChecker.checkPolicy() ---checking certificate policies... certpath: PolicyChecker.checkPolicy() certIndex = 2 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = anyPolicy ROOT anyPolicy CRIT: false EP: anyPolicy (1) certpath: PolicyChecker.processPolicies() policiesCritical = false certpath: PolicyChecker.processPolicies() rejectPolicyQualifiers = true certpath: PolicyChecker.processPolicies() processing policy: 1.3.6.1.4.1.6449.1.2.1.5.1 certpath: PolicyChecker.processParents(): matchAny = false certpath: PolicyChecker.processParents(): matchAny = true certpath: PolicyChecker.processParents() found parent: anyPolicy CRIT: false EP: anyPolicy (1) certpath: PolicyChecker.processPolicies() processing policy: 2.23.140.1.1 certpath: PolicyChecker.processParents(): matchAny = false certpath: PolicyChecker.processParents(): matchAny = true certpath: PolicyChecker.processParents() found parent: anyPolicy CRIT: false EP: anyPolicy (1) certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = anyPolicy ROOT anyPolicy CRIT: false EP: anyPolicy (1) 2.23.140.1.1 CRIT: false EP: 2.23.140.1.1 (2) 1.3.6.1.4.1.6449.1.2.1.5.1 CRIT: false EP: 1.3.6.1.4.1.6449.1.2.1.5.1 (2) certpath: PolicyChecker.checkPolicy() certificate policies verified certpath: -checker5 validation succeeded certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker] certpath: ---checking validity:Fri Oct 04 03:33:31 CEST 2019... certpath: validity verified. certpath: ---checking subject/issuer name chaining... certpath: subject/issuer name chaining verified. certpath: ---checking signature... certpath: signature verified. certpath: BasicChecker.updateState issuer: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB; subject: CN=comodorsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, O=Sectigo Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690; serial#: 281625751785790489077558049303575336468 certpath: -checker6 validation succeeded certpath: -Using checker7 ... [sun.security.provider.certpath.RevocationChecker] certpath: RevocationChecker.check: checking cert SN: d3df2597 cbed1ab6 e02ee820 21771614 Subject: CN=comodorsacertificationauthority-ev.comodoca.com, OU=COMODO EV SGC SSL, O=Sectigo Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, ST=Greater Manchester, OID.2.5.4.17=M5 3EQ, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=04058690 Issuer: CN=COMODO RSA Extended Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB certpath: connecting to OCSP service at: http://ocsp.comodoca.com certpath: OCSP response status: SUCCESSFUL certpath: OCSP response type: basic certpath: Responder ID: byKey: 39DAFFCA28148AA8741308B9E40EA9D2FA7E9D69 certpath: OCSP response produced at: Wed Oct 02 15:06:25 CEST 2019 certpath: OCSP number of SingleResponses: 1 certpath: Revocation time: Wed Oct 02 15:06:24 CEST 2019 certpath: Revocation reason: UNSPECIFIED certpath: thisUpdate: Wed Oct 02 15:06:25 CEST 2019 certpath: nextUpdate: Wed Oct 09 15:06:25 CEST 2019 certpath: Status of certificate (with serial number 281625751785790489077558049303575336468) is: REVOKED certpath: OCSP response is signed by the target's Issuing CA certpath: Constraints.permits(): SHA256withRSA Variant: generic certpath: Verified signature of OCSP Response certpath: OCSP response validity interval is from Wed Oct 02 15:06:25 CEST 2019 until Wed Oct 09 15:06:25 CEST 2019 certpath: Checking validity of OCSP response on: Fri Oct 04 03:33:31 CEST 2019 certpath: X509CertSelector.match(SN: 67c8e1e8e3be1cbdfc913b8ea6238749 Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA) certpath: X509CertSelector.match: subject DNs don't match java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate at ValidatePathWithParams.validate(ValidatePathWithParams.java:193) at ComodoRSA.runTest(ComodoCA.java:223) at ComodoCA.main(ComodoCA.java:62) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:564) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) at java.base/java.lang.Thread.run(Thread.java:830) JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate JavaTest Message: shutting down test STATUS:Failed.`main' threw exception: java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate