< prev index next >
test/lib/security/CheckBlacklistedCerts.java
Print this page
rev 13446 : 8207258: Distrust TLS server certificates anchored by Symantec Root CAs
*** 39,53 ****
String home = System.getProperty("java.home");
boolean failed = false;
// Root CAs should always be trusted
! File file = new File(home, "lib/security/cacerts");
! KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
! try (FileInputStream fis = new FileInputStream(file)) {
! ks.load(new FileInputStream(file), null);
! }
System.out.println("Check for cacerts: " + ks.size());
for (String alias: Collections.list(ks.aliases())) {
X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
if (UntrustedCertificates.isUntrusted(cert)) {
System.out.print(alias + " is untrusted");
--- 39,49 ----
String home = System.getProperty("java.home");
boolean failed = false;
// Root CAs should always be trusted
! final KeyStore ks = SecurityUtils.getCacertsKeyStore();
System.out.println("Check for cacerts: " + ks.size());
for (String alias: Collections.list(ks.aliases())) {
X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
if (UntrustedCertificates.isUntrusted(cert)) {
System.out.print(alias + " is untrusted");
*** 93,103 ****
}
}
}
// Check the blacklisted.certs file itself
! file = new File(home, "lib/security/blacklisted.certs");
System.out.print("Check for " + file + ": ");
try (BufferedReader reader = new BufferedReader(
new InputStreamReader(new FileInputStream(file)))) {
int acount = 0;
int ccount = 0;
--- 89,99 ----
}
}
}
// Check the blacklisted.certs file itself
! File file = new File(home, "lib/security/blacklisted.certs");
System.out.print("Check for " + file + ": ");
try (BufferedReader reader = new BufferedReader(
new InputStreamReader(new FileInputStream(file)))) {
int acount = 0;
int ccount = 0;
< prev index next >