Skip to content

Commit 8c87a67

Browse files
rhaladerhalade
committedFeb 9, 2023
8245654: Add Certigna Root CA
Reviewed-by: mullan
·
jdk-25+14jdk-21-ga
1 parent 97d0c87 commit 8c87a67

File tree

3 files changed

+262
-4
lines changed

3 files changed

+262
-4
lines changed
 

‎src/java.base/share/data/cacerts/certignaca

+29
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
Owner: CN=Certigna, O=Dhimyotis, C=FR
2+
Issuer: CN=Certigna, O=Dhimyotis, C=FR
3+
Serial number: fedce3010fc948ff
4+
Valid from: Fri Jun 29 15:13:05 GMT 2007 until: Tue Jun 29 15:13:05 GMT 2027
5+
Signature algorithm name: SHA1withRSA
6+
Subject Public Key Algorithm: 2048-bit RSA key
7+
Version: 3
8+
-----BEGIN CERTIFICATE-----
9+
MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV
10+
BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X
11+
DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ
12+
BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3
13+
DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4
14+
QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny
15+
gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw
16+
zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q
17+
130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2
18+
JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw
19+
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw
20+
ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT
21+
AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj
22+
AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG
23+
9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h
24+
bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc
25+
fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu
26+
HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w
27+
t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
28+
WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
29+
-----END CERTIFICATE-----

‎test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java

+227
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,227 @@
1+
/*
2+
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
3+
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4+
*
5+
* This code is free software; you can redistribute it and/or modify it
6+
* under the terms of the GNU General Public License version 2 only, as
7+
* published by the Free Software Foundation.
8+
*
9+
* This code is distributed in the hope that it will be useful, but WITHOUT
10+
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11+
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12+
* version 2 for more details (a copy is included in the LICENSE file that
13+
* accompanied this code).
14+
*
15+
* You should have received a copy of the GNU General Public License version
16+
* 2 along with this work; if not, write to the Free Software Foundation,
17+
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18+
*
19+
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20+
* or visit www.oracle.com if you need additional information or have any
21+
* questions.
22+
*/
23+
24+
/*
25+
* @test
26+
* @bug 8245654
27+
* @summary Interoperability tests with Certigna Root CA from Dhimyotis
28+
* @build ValidatePathWithParams
29+
* @run main/othervm -Djava.security.debug=certpath CertignaCA OCSP
30+
* @run main/othervm -Djava.security.debug=certpath CertignaCA CRL
31+
*/
32+
33+
/*
34+
* Obtain TLS test artifacts for Certigna Root CA from:
35+
*
36+
* Valid TLS Certificates:
37+
* https://valid.servicesca.dhimyotis.com/
38+
*
39+
* Revoked TLS Certificates:
40+
* https://revoked.servicesca.dhimyotis.com/
41+
*/
42+
public class CertignaCA {
43+
44+
// Owner: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
45+
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
46+
// Issuer: CN=Certigna, O=Dhimyotis, C=FR
47+
// Serial number: 6f82fa28acd6f784bb5b120ba87367ad
48+
// Valid from: Wed Nov 25 03:33:52 PST 2015 until: Sat Nov 22 03:33:52 PST 2025
49+
private static final String INT = "-----BEGIN CERTIFICATE-----\n" +
50+
"MIIGFjCCBP6gAwIBAgIQb4L6KKzW94S7WxILqHNnrTANBgkqhkiG9w0BAQsFADA0\n" +
51+
"MQswCQYDVQQGEwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0\n" +
52+
"aWduYTAeFw0xNTExMjUxMTMzNTJaFw0yNTExMjIxMTMzNTJaMH0xCzAJBgNVBAYT\n" +
53+
"AkZSMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgx\n" +
54+
"MDAwMzYxHTAbBgNVBGEMFE5UUkZSLTQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQQDDBRD\n" +
55+
"ZXJ0aWduYSBTZXJ2aWNlcyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\n" +
56+
"ggIBALPM+7LpWBz9wFcPaTc3xnB+5g0XrnptB0EPPfrR04vO52Ykm4ky1d4ZLd10\n" +
57+
"tbM1fa1RqNSOVWWg93O4pL7zCFKlz6JV74ZZVhHpEAwzBwv2oPnxvVbxtSN67xsS\n" +
58+
"Y66ahUYxjzs8+3FhmsiRxqwnTYvK2u70uglUvRisOKyTL/M6JnrC4y8tlmoz7OSa\n" +
59+
"5BmBMVplJFQtvmON6N9aHLvYMz+EyJPCbXL6pELxeHjFT5QmIaRamsr2DOTaCjtB\n" +
60+
"ZKI1Wnh3X7lnbjM8MESJiV2t7E9tIQNG0Z/HI3tO4aaUMum3KysY5sC8v3vi7rry\n" +
61+
"GidgzHQhrtP0ZXWW5UH/k7umLS/P/XXWnCFpc2Lxa1uDGfc2im7xibRoPP+JNZsz\n" +
62+
"N76euFlls6jyEXAiwnVr14tVVTewLK0OWs5SJHpEKp8PGMZRDj59EmMvokWwzL6Q\n" +
63+
"zNZ6vVAp00oOm05sbspNY9+MFqGKKUsKvhFGEa4XmRNxDe6KswLcjPZB+NKHZ0QW\n" +
64+
"Fd4ip5C5XmEK/8qIPjwVr9dah9+oiHGGO8Wx7gJAMF5DTmkvW7GhqCKj1LmHnabj\n" +
65+
"zc8av6kxWVQZi/C7HCm9i/W4wio+JA2EAFLqNL3GPNbK9kau4yPhQt/c7zxzo0OH\n" +
66+
"nlsV4THCG7oOCd3cfCiyfQcb3FBt6OSpaKRZxjCLBwP00r0fAgMBAAGjggHZMIIB\n" +
67+
"1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU\n" +
68+
"rOyGj0s3HLh/FxsZ0K7oTuM0XBIwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF\n" +
69+
"9lo53BGhOKQ2MDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAP\n" +
70+
"BgNVBAMMCENlcnRpZ25hggkA/tzjAQ/JSP8wSQYDVR0gBEIwQDA+BgoqgXoBgTEB\n" +
71+
"AAECMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmNlcnRpZ25hLmZyL2F1dG9y\n" +
72+
"aXRlcy8wfAYIKwYBBQUHAQEEcDBuMDQGCCsGAQUFBzAChihodHRwOi8vYXV0b3Jp\n" +
73+
"dGUuY2VydGlnbmEuZnIvY2VydGlnbmEuZGVyMDYGCCsGAQUFBzAChipodHRwOi8v\n" +
74+
"YXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5kZXIwYQYDVR0fBFowWDAp\n" +
75+
"oCegJYYjaHR0cDovL2NybC5jZXJ0aWduYS5mci9jZXJ0aWduYS5jcmwwK6ApoCeG\n" +
76+
"JWh0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9jZXJ0aWduYS5jcmwwDQYJKoZIhvcN\n" +
77+
"AQELBQADggEBAGLft7gIuGPZVfg0cTM+HT2xAZFPDb/2+siH06x+dH044zMKbBIN\n" +
78+
"bRzhKipwB1A3MW8FQjveE9tyrfyuqZE/X+o2SlGcdNV44ybYkxo4f6kcLEavV/IW\n" +
79+
"+oFEnojZlhpksYcxrvQoEyqkAwshe8IS2KtZHKVACrt+XSs0lwvy7ALGmHaF7A4b\n" +
80+
"y6cZWItA7Lhj8XWp+8tBJDj7HocRbWtxzEODdBuyMgJzFrNjc+97J0vH/K0+3yjm\n" +
81+
"kczpKshMA0tM+MF9XDMN/MuwrPmUWGO/fHiqHgUp8yqeWtl1n44ZxkkK1t9GRwhn\n" +
82+
"DWLv73/xhTmdhWYQ/reo0GbgBoLiltKmIJQ=\n" +
83+
"-----END CERTIFICATE-----";
84+
85+
// Owner: SERIALNUMBER=S230100953, CN=valid.servicesca.dhimyotis.com,
86+
// OU=0002 48146308100036, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR
87+
// Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
88+
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
89+
// Serial number: 2959798fe2e0e7b43810169ae938bc5f
90+
// Valid from: Sun Mar 13 16:00:00 PDT 2022 until: Mon Mar 13 15:59:59 PDT 2023
91+
private static final String VALID = "-----BEGIN CERTIFICATE-----\n" +
92+
"MIIIkzCCBnugAwIBAgIQKVl5j+Lg57Q4EBaa6Ti8XzANBgkqhkiG9w0BAQsFADB9\n" +
93+
"MQswCQYDVQQGEwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAy\n" +
94+
"IDQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEd\n" +
95+
"MBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMgQ0EwHhcNMjIwMzEzMjMwMDAwWhcN\n" +
96+
"MjMwMzEzMjI1OTU5WjCBmTELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" +
97+
"VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgx\n" +
98+
"NDYzMDgxMDAwMzYxJzAlBgNVBAMMHnZhbGlkLnNlcnZpY2VzY2EuZGhpbXlvdGlz\n" +
99+
"LmNvbTETMBEGA1UEBRMKUzIzMDEwMDk1MzCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" +
100+
"ADCCAQoCggEBALpeGHbzRGnv1C0PdJS0nT+Cx98Pw8ctaw51m9Vlk2j8AFGZRu8r\n" +
101+
"lX3noQYX0AIfcbk6KqPAreIvJQV0UgM5jxt3mIQF7iU+55MG4mWmSJgKDDq4b3ck\n" +
102+
"WdBy0KpSBqLmB9sHyTNk9NilNu7VwG03HGIltWA2uQFJGC8CkxwAFpMCQ9RVYw2Z\n" +
103+
"NkL/SsiPgrRLiCJZjesk1oAcLnLp7hbelfUB2Z71VmuDDlom7CsLvdN8eIG+Lj+V\n" +
104+
"wkGmH6AbVGvbFniFDLCNDSJWCQ9AHeO+i0CM/wd2gBRSgm993p2YMxu5mVZjz/rp\n" +
105+
"ELaCYjulvNZKvPIFoNe8qsxlXRWeqWaHuPsCAwEAAaOCA/AwggPsMIHkBggrBgEF\n" +
106+
"BQcBAQSB1zCB1DA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rp\n" +
107+
"cy5jb20vc2VydmljZXNjYS5kZXIwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0\n" +
108+
"ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjAwBggrBgEFBQcwAYYkaHR0cDov\n" +
109+
"L3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29tMC4GCCsGAQUFBzABhiJodHRw\n" +
110+
"Oi8vc2VydmljZXNjYS5vY3NwLmNlcnRpZ25hLmZyMB8GA1UdIwQYMBaAFKzsho9L\n" +
111+
"Nxy4fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYDVR0gBFowWDAIBgZngQwBAgIw\n" +
112+
"TAYLKoF6AYExAgUBAQEwPTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuY2VydGln\n" +
113+
"bmEuY29tL2F1dG9yaXRlLWNlcnRpZmljYXRpb24wZQYDVR0fBF4wXDAroCmgJ4Yl\n" +
114+
"aHR0cDovL2NybC5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmNybDAtoCugKYYnaHR0\n" +
115+
"cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZpY2VzY2EuY3JsMBMGA1UdJQQMMAoG\n" +
116+
"CCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDBIBgNVHREEQTA/gh12YWxpZC5zZXJ2\n" +
117+
"aWNlc2NhLmNlcnRpZ25hLmNvbYIedmFsaWQuc2VydmljZXNjYS5kaGlteW90aXMu\n" +
118+
"Y29tMB0GA1UdDgQWBBSGQwwMIdxiI7P+CFU/Z968XZaSGzCCAX0GCisGAQQB1nkC\n" +
119+
"BAIEggFtBIIBaQFnAHUArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooA\n" +
120+
"AAF/h9eOGgAABAMARjBEAiBaneK2CTn9lH28CUnL2C2/WklUYkvygMiDrtCIUXfw\n" +
121+
"gQIgJrGxwgGlsYzUdZyZY/oNWSLByO8/Jb5LXbNibdk5SnAAdwDoPtDaPvUGNTLn\n" +
122+
"Vyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAX+H14/NAAAEAwBIMEYCIQCVtuV9p/Ug\n" +
123+
"IhwVoMUjPp1KzGte/FmDaKPx432VjOpD+AIhANKWkDEuVnMzPH8sdJCL+eXoB0Q7\n" +
124+
"0mpe5dHEiFJS8lTBAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoA\n" +
125+
"AAF/h9eTcQAABAMARjBEAiAjdYhnzPe9lJksk94ngl7PLDRi71tSRN7SslibEyv+\n" +
126+
"XAIgLQ5NKQAaJnF8oA7WnHB8gyJ/8kqZi52d1WFgARDLR30wDQYJKoZIhvcNAQEL\n" +
127+
"BQADggIBAJhLhW5Gh9yOPKsrMhABd7U5juc5ev97c6s7Az70Yr5/EtH6TlgC6a1N\n" +
128+
"i0yzFOeXzAR8Svsq6HzqP9kMJkEFIrdWH8JZdEv871EjYetEzLLnO0m+dNEROJAh\n" +
129+
"fcJ2w2LufPNaQ327tGY/DxDH9jdtgquReO01bPlJ0Yc5J3maz4XapeUm/kQ8dRzS\n" +
130+
"0UBOxfUlEMpDatZzg7wugy7g9vOndW/VbtbN5Iioq2bjuykPJZfZUx4cCAmLUS7w\n" +
131+
"bqPThQ54PnybiPXaF8cH1Gq0Rs/lGB1erzRXRXHgMy61mFY944r13oATnSdTy8Gm\n" +
132+
"QoMsVp9w7WBRo8O4PR606Ke8Ufm9Kg2GJ1sHClf70FNFO/OSFlr3BLDG0vEMdgVW\n" +
133+
"9QLu6UQXa9PhWMoo030k5fmUySzIUljXnstj3rgcD2HE1UrobTqyRHbbQ8JVWaF0\n" +
134+
"PrPR4WDFI9dY0jixVQucKlX6FCqsyNrJF8GWDlZH+Cd8bk+MA9fKUuX/vmoOc2d+\n" +
135+
"bvOCliME7YjAJkyclk6yiFIMnqyh+TD0d8WbjE94YC/293Xqb6WGkRhhsCX9RUrk\n" +
136+
"I6QbS2uicCFGjRsPmjvMkDDxS00MShRl2K/KpsAx68Cv/Gcw3bv31obwNXTB2IBg\n" +
137+
"gI0MfBHnjIp1nmNvCNmVIP52YrGQyC2JE7+GZUWTuwUVeDgBhiEZ\n" +
138+
"-----END CERTIFICATE-----";
139+
140+
// Owner: SERIALNUMBER=S230120951, CN=revoked.servicesca.dhimyotis.com,
141+
// OU=0002 48146308100036, O=DHIMYOTIS, L=VILLENEUVE D'ASCQ, C=FR
142+
// Issuer: CN=Certigna Services CA, OID.2.5.4.97=NTRFR-48146308100036,
143+
// OU=0002 48146308100036, O=DHIMYOTIS, C=FR
144+
// Serial number: f88f2566b3dbf73763622db9b2bf9cc
145+
// Valid from: Sun Mar 13 16:00:00 PDT 2022 until: Mon Mar 13 15:59:59 PDT 2023
146+
private static final String REVOKED = "-----BEGIN CERTIFICATE-----\n" +
147+
"MIIImTCCBoGgAwIBAgIQD4jyVms9v3N2NiLbmyv5zDANBgkqhkiG9w0BAQsFADB9\n" +
148+
"MQswCQYDVQQGEwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAy\n" +
149+
"IDQ4MTQ2MzA4MTAwMDM2MR0wGwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEd\n" +
150+
"MBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMgQ0EwHhcNMjIwMzEzMjMwMDAwWhcN\n" +
151+
"MjMwMzEzMjI1OTU5WjCBmzELMAkGA1UEBhMCRlIxGjAYBgNVBAcMEVZJTExFTkVV\n" +
152+
"VkUgRCdBU0NRMRIwEAYDVQQKDAlESElNWU9USVMxHDAaBgNVBAsMEzAwMDIgNDgx\n" +
153+
"NDYzMDgxMDAwMzYxKTAnBgNVBAMMIHJldm9rZWQuc2VydmljZXNjYS5kaGlteW90\n" +
154+
"aXMuY29tMRMwEQYDVQQFEwpTMjMwMTIwOTUxMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
155+
"AQ8AMIIBCgKCAQEAouvIzemKChCjYICW+TzRigLkqaTdMLnaPlGaXyCCoEUS6nkK\n" +
156+
"QnrwTgebf1X9/mwSAuvTo3Ck7CVgE8AMqsPTluSjezCJuED/F3HYy2YsbIhnVK/i\n" +
157+
"uSzKsDGVY3RlVNm2MA2viVTNBbOFhk4kefYqpDCmp3EGvIDOCb7Y5PTuKKQ79s97\n" +
158+
"uDm+0WoBnOdwSuZMUg+hvINBgu2JQFwiWP0g/SxoK6Ci9SVokM3zR4KgECkMVArf\n" +
159+
"cH0dN+5SYvByaGegQJy7TdKqDsf1lIHM19tUXcxOBNRgV3Rf7WMNIlERtLXjRfke\n" +
160+
"IWXf8QtXRVIH/i/PoVTDo2qvQOMnZFY/Eb5dFQIDAQABo4ID9DCCA/AwgeQGCCsG\n" +
161+
"AQUFBwEBBIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlv\n" +
162+
"dGlzLmNvbS9zZXJ2aWNlc2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9y\n" +
163+
"aXRlLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuZGVyMDAGCCsGAQUFBzABhiRodHRw\n" +
164+
"Oi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20wLgYIKwYBBQUHMAGGImh0\n" +
165+
"dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgwFoAUrOyG\n" +
166+
"j0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAEC\n" +
167+
"AjBMBgsqgXoBgTECBQEBATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0\n" +
168+
"aWduYS5jb20vYXV0b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAn\n" +
169+
"hiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuY3JsMC2gK6Aphido\n" +
170+
"dHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5jcmwwEwYDVR0lBAww\n" +
171+
"CgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMEwGA1UdEQRFMEOCH3Jldm9rZWQu\n" +
172+
"c2VydmljZXNjYS5jZXJ0aWduYS5jb22CIHJldm9rZWQuc2VydmljZXNjYS5kaGlt\n" +
173+
"eW90aXMuY29tMB0GA1UdDgQWBBTGIed1eHBS8Z1H3PdMkItpjyjq2TCCAX0GCisG\n" +
174+
"AQQB1nkCBAIEggFtBIIBaQFnAHcArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWG\n" +
175+
"NOvcgooAAAF/h9g4MAAABAMASDBGAiEAp/1fQB730JrX9YGD3d1Uq7rTAL95tMKe\n" +
176+
"G6kgUP1GEWoCIQCzi6feA3cImTH6tVZALNEmve/n8SVFAvD2AvX8ioCD9QB1AOg+\n" +
177+
"0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf4fYNHcAAAQDAEYwRAIg\n" +
178+
"Dnd8oOV7/MuaiyR23qbdRVf1kBSsDxnLp1/vRdD0JTYCIAw7LuZalEVa/0KpuNHs\n" +
179+
"NIdUJgV4Vioa2xkb9fdPIhtkAHUAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PAD\n" +
180+
"Dnk2pZoAAAF/h9g7nwAABAMARjBEAiA80M1W3V3iKjm6Dwn+hKkmvGiuXZoM6o3f\n" +
181+
"QJsZ2ZOx0QIgUiS3I83WzoCdD4qO9rlmDQhRD69CeVzCgLtkaTPz3JYwDQYJKoZI\n" +
182+
"hvcNAQELBQADggIBADKub0gNyasTvURoYukQCllqDC+SvWA4TURBcmQMNjdVkreJ\n" +
183+
"B3O91HZhTyhrCBJxybeIG89zuRI6rjTpHCQGFqtP7968NA3eUlxGGnAPpw6VbN47\n" +
184+
"Ake+CRI9XnhxcKmTGm987DjtIBH42BedS59P1T56grZP5ysOog9Hz4eYo2ytbZqt\n" +
185+
"P/DHggivymaaiIaBsqup8C7/XN3vVAa/yo1FeLJ48i1d0M9hjGBUFMajd8Y5+pE7\n" +
186+
"p6Nb5mT1LXbetORYXMyG3MiJQPBAr1dLnRGnOZxc1Kxa1QwoAFQAFIXFpqfBwfHi\n" +
187+
"NaSDdFS/wLbpe7UvtC8FWLq9sgITDEkPqDPCsbu8Vc7OxaMhBJ7HQGaAYMReGADG\n" +
188+
"Elx9ffAc+dFR62zFnqMLouaEznZ7FVNmU3cYbrFVBvnGmoDRe0AKUoYv5DCiawUg\n" +
189+
"qeQS69DgG7DOE5VIDaWX2Cevy81mz7O8EVQsyS15J/MUxzWfQpRaHUqkge6G9FSH\n" +
190+
"hF/Nm48oWgpWop5aIF2O6bA/Bt1VvAWdypUPUr4gtpYIQoOQBzTFgBVWUeOTOImE\n" +
191+
"avvpzSwGQfZkB7t5PcAQ+zYGxWq7fr30/qY3geePcXJCGWS6PXyj8lNn4CaJ2sMF\n" +
192+
"GKxNJGD49/5uoxi3b3TzGUn/3eG2qP2RZoXZ6ZPLAo+moIy3XLwMoZm3Im8r\n" +
193+
"-----END CERTIFICATE-----";
194+
195+
public static void main(String[] args) throws Exception {
196+
197+
ValidatePathWithParams pathValidator;
198+
String[] validChainToValidate;
199+
String[] revChainToValidate;
200+
201+
if (args.length >= 1 && "CRL".equalsIgnoreCase(args[0])) {
202+
pathValidator = new ValidatePathWithParams(null);
203+
pathValidator.enableCRLCheck();
204+
205+
validChainToValidate = new String[]{VALID, INT};
206+
revChainToValidate = new String[]{REVOKED, INT};
207+
} else {
208+
// OCSP check by default
209+
// int certificate doesn't specify OCSP responder
210+
pathValidator = new ValidatePathWithParams(new String[]{INT});
211+
pathValidator.enableOCSPCheck();
212+
213+
validChainToValidate = new String[]{VALID};
214+
revChainToValidate = new String[]{REVOKED};
215+
}
216+
217+
// Validate valid
218+
pathValidator.validate(validChainToValidate,
219+
ValidatePathWithParams.Status.GOOD, null, System.out);
220+
221+
// Validate Revoked
222+
pathValidator.validate(revChainToValidate,
223+
ValidatePathWithParams.Status.REVOKED,
224+
"Mon Mar 14 03:00:16 PDT 2022", System.out);
225+
}
226+
}
227+

‎test/jdk/sun/security/lib/cacerts/VerifyCACerts.java

+6-4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@
2727
* @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
2828
* 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
2929
* 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
30-
* 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083
30+
* 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
3131
* @summary Check root CA entries in cacerts file
3232
*/
3333
import java.io.ByteArrayInputStream;
@@ -54,12 +54,12 @@ public class VerifyCACerts {
5454
+ File.separator + "security" + File.separator + "cacerts";
5555

5656
// The numbers of certs now.
57-
private static final int COUNT = 89;
57+
private static final int COUNT = 90;
5858

5959
// SHA-256 of cacerts, can be generated with
6060
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
6161
private static final String CHECKSUM
62-
= "0D:9C:40:8F:CE:B1:C7:27:89:54:FD:80:DA:B6:91:F4:C9:94:15:C4:8D:25:62:34:D4:70:32:60:1A:6F:13:27";
62+
= "A3:57:D9:69:62:ED:00:ED:72:83:1E:15:46:02:93:F3:12:0F:49:83:E3:E6:D0:9F:96:34:05:9C:43:EB:D6:05";
6363

6464
// Hex formatter to upper case with ":" delimiter
6565
private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
@@ -246,6 +246,8 @@ public class VerifyCACerts {
246246
"A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36");
247247
put("haricaeccrootca2015 [jdk]",
248248
"44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33");
249+
put("certignaca [jdk]",
250+
"E3:B6:A2:DB:2E:D7:CE:48:84:2F:7A:C5:32:41:C7:B7:1D:54:14:4B:FB:40:C1:1F:3F:1D:0B:42:F5:EE:A1:2D");
249251
}
250252
};
251253

3 commit comments

Comments
 (3)

openjdk-notifier[bot] commented on Feb 9, 2023

@openjdk-notifier[bot]
openjdk-notifier[bot]
on Feb 9, 2023

Review

Issues

rhalade commented on Feb 9, 2023

@rhalade
rhalade
on Feb 9, 2023
MemberAuthor

/backport jdk20u

openjdk[bot] commented on Feb 9, 2023

@openjdk[bot]
openjdk[bot]
on Feb 9, 2023

@rhalade the backport was successfully created on the branch rhalade-backport-8c87a674 in my personal fork of openjdk/jdk20u. To create a pull request with this backport targeting openjdk/jdk20u:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 8c87a674 from the openjdk/jdk repository.

The commit being backported was authored by Rajan Halade on 9 Feb 2023 and was reviewed by Sean Mullan.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk20u:

$ git fetch https://github.com/openjdk-bots/jdk20u rhalade-backport-8c87a674:rhalade-backport-8c87a674
$ git checkout rhalade-backport-8c87a674
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk20u rhalade-backport-8c87a674
Please sign in to comment.