On Tue, 24 Sep 2024 15:57:28 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> During the code review of >> [JDK-8337664](https://bugs.openjdk.org/browse/JDK-8337664), several >> non-critical comments were raised but not addressed due to time constraints. >> This PR includes the following changes: >> >> 1. Symantec and Entrust tests now reuse common code. The Distrust.java class >> contains this reusable code, making it easier to add new tests for >> distrusted roots in the future. >> 2. In several instances where an Exception is thrown, it has been replaced >> with RuntimeException. >> 3. Many Symantec test certs have already expired. To properly test the >> distrusted scenario, this change wraps the intermediate and root CA certs in >> NonExpiringTLSServerCert, which does not validate expiration. >> 4. Package structure changed: >> <img width="225" alt="image" >> src="https://github.com/user-attachments/assets/a8c8407e-edd3-47dd-84c0-19feb9da3c0f";> > > test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/Entrust.java line 34: > >> 32: * @summary Check that TLS Server certificates chaining back to >> distrusted >> 33: * Entrust roots are invalid >> 34: * @library /test/lib > > Do you need /test/lib anymore? Yes, it won't compile otherwise because the helper class **Distrusts** still needs to import _jdk.test.lib.security.SecurityUtils_. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20944#discussion_r1773665306
