test/lib/security/CheckBlacklistedCerts.java

rev 13446 : 8207258: Distrust TLS server certificates anchored by Symantec Root CAs

@@ -39,15 +39,11 @@
 
         String home = System.getProperty("java.home");
         boolean failed = false;
 
         // Root CAs should always be trusted
-        File file = new File(home, "lib/security/cacerts");
-        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-        try (FileInputStream fis = new FileInputStream(file)) {
-            ks.load(new FileInputStream(file), null);
-        }
+        final KeyStore ks = SecurityUtils.getCacertsKeyStore();
         System.out.println("Check for cacerts: " + ks.size());
         for (String alias: Collections.list(ks.aliases())) {
             X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
             if (UntrustedCertificates.isUntrusted(cert)) {
                 System.out.print(alias + " is untrusted");

@@ -93,11 +89,11 @@
                 }
             }
         }
 
         // Check the blacklisted.certs file itself
-        file = new File(home, "lib/security/blacklisted.certs");
+        File file = new File(home, "lib/security/blacklisted.certs");
         System.out.print("Check for " + file + ": ");
         try (BufferedReader reader = new BufferedReader(
                 new InputStreamReader(new FileInputStream(file)))) {
             int acount = 0;
             int ccount = 0;