1 /* 2 * Copyright (c) 2018 Google Inc. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.security.KeyStore; 25 import java.security.cert.X509Certificate; 26 import java.util.Arrays; 27 import javax.net.ssl.TrustManager; 28 import javax.net.ssl.TrustManagerFactory; 29 import javax.net.ssl.X509TrustManager; 30 31 /* 32 * @test 33 * @bug 8194960 34 * @summary Sanity check trust manager defaults/cacerts. 35 */ 36 37 /** 38 * Explores the set of root certificates. 39 * Also useful as a standalone program. 40 * 41 * Prior to JEP 319, stock openjdk fails this because no root 42 * certificates were checked into the repo. 43 */ 44 public class CacertsExplorer { 45 public static void main(String[] args) throws Throwable { 46 String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 47 if (!defaultAlgorithm.equals("PKIX")) 48 throw new AssertionError( 49 "Expected default algorithm PKIX, got " + defaultAlgorithm); 50 51 TrustManagerFactory trustManagerFactory = 52 TrustManagerFactory.getInstance(defaultAlgorithm); 53 trustManagerFactory.init((KeyStore) null); 54 TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); 55 if (trustManagers.length != 1) 56 throw new AssertionError( 57 "Expected exactly one TrustManager, got " 58 + Arrays.toString(trustManagers)); 59 X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; 60 61 X509Certificate[] acceptedIssuers = trustManager.getAcceptedIssuers(); 62 if (acceptedIssuers.length == 0) 63 throw new AssertionError( 64 "no accepted issuers - cacerts file configuration problem?"); 65 Arrays.stream(acceptedIssuers) 66 .map(X509Certificate::getIssuerX500Principal) 67 .forEach(System.out::println); 68 } 69 }