8318759: Add four DigiCert root certificates

[jerboaa]

Backport for adding 4 new digicert root certificates. Patch applies clean modulo path shuffeling.

Testing:

• GHA
• jdk/test/security/infra/java/security/cert/CertPathValidator and jdk/test/sun/security/lib/cacerts jtreg tests. Including new ones. All 43 tests pass.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• JDK-8318759 needs maintainer approval
• Commit message must refer to an issue

Issue

• JDK-8318759: Add four DigiCert root certificates (Enhancement - P2 - Approved)

Reviewers

• Paul Hohensee (@phohensee - Reviewer) ⚠️ Review applies to dc542fe5
• Andrew John Hughes (@gnu-andrew - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/399/head:pull/399
$ git checkout pull/399

Update a local copy of the PR:
$ git checkout pull/399
$ git pull https://git.openjdk.org/jdk8u-dev.git pull/399/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 399

View PR using the GUI difftool:
$ git pr show -t 399

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/399.diff

Webrev

Link to Webrev Comment

[jerboaa]

Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#actalisauthenticationrootca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca2
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass2ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass3ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certignarootca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodoeccca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodorsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlseccrootg5
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlsrsarootg5
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcaec1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcag4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsigneccrootcar4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsignrootcar6
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#godaddyrootg2ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar2
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootecccar3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootecccar4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#letsencryptisrgx1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#letsencryptisrgx2
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftecc2017
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftrsa2017
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca2g3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca3g3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrooteccca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootevrsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootrsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#starfieldrootg2ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliarootcav2
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#twcaglobalrootca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrusteccca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrustrsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/DigicertCSRootG5.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java
Passed: sun/security/lib/cacerts/VerifyCACerts.java
Test results: passed: 43

[bridgekeeper]

👋 Welcome back sgehwolf! A progress list of the required criteria for merging this PR into pr/398 will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 03: Full (3b40fb6c)
• 02: Full (a1b73646)
• 01: Full - Incremental (dc542fe5)
• 00: Full (dc542fe5)

[phohensee]

linux-x86 test failure appears unrelated.

[openjdk]

@jerboaa this pull request can not be integrated into pr/398 due to one or more merge conflicts. To resolve these merge conflicts and update this pull request you can run the following commands in the local repository for your personal fork:

git checkout jdk-8318759-add-four-digicert-certs
git fetch https://git.openjdk.org/jdk8u-dev.git pr/398
git merge FETCH_HEAD
# resolve conflicts and follow the instructions given by git merge
git commit -m "Merge pr/398"
git push

[openjdk]

@jerboaa Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

[openjdk-notifier]

The parent pull request that this pull request depends on has now been integrated and the target branch of this pull request has been updated. This means that changes from the dependent pull request can start to show up as belonging to this pull request, which may be confusing for reviewers. To remedy this situation, simply merge the latest changes from the new target branch into this pull request by running commands similar to these in the local repository for your personal fork:

git checkout jdk-8318759-add-four-digicert-certs
git fetch https://git.openjdk.org/jdk8u-dev.git master
git merge FETCH_HEAD
# if there are conflicts, follow the instructions given by git merge
git commit -m "Merge master"
git push

[openjdk]

⚠️ @jerboaa This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

[openjdk]

@jerboaa Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

[gnu-andrew]

Patch looks clean (sans paths). New tests pass.

[gnu-andrew]

/approve yes

[openjdk]

@gnu-andrew
8318759: The approval request has been approved.

[openjdk]

@jerboaa This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8318759: Add four DigiCert root certificates

Reviewed-by: phh, andrew

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been no new commits pushed to the master branch. If another commit should be pushed before you perform the /integrate command, your PR will be automatically rebased. If you prefer to avoid any potential automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[jerboaa]

/integrate

[openjdk]

Going to push as commit 7098ac7.

[openjdk]

@jerboaa Pushed as commit 7098ac7.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.