Skip to content

Commit 4d1c3a6

Browse files
jerboaajerboaa
committedDec 11, 2023
8317374: Add Let's Encrypt ISRG Root X2
Reviewed-by: phh, andrew Backport-of: e6f46a43268808d0cbbb3bb93c73aa8e4cbfad83
·
jdk8u462-b00jdk8u412-b01
1 parent fc8c400 commit 4d1c3a6

File tree

3 files changed

+39
-4
lines changed

3 files changed

+39
-4
lines changed
 

‎jdk/make/data/cacerts/letsencryptisrgx2

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
Owner: CN=ISRG Root X2, O=Internet Security Research Group, C=US
2+
Issuer: CN=ISRG Root X2, O=Internet Security Research Group, C=US
3+
Serial number: 41d29dd172eaeea780c12c6ce92f8752
4+
Valid from: Fri Sep 04 00:00:00 GMT 2020 until: Mon Sep 17 16:00:00 GMT 2040
5+
Signature algorithm name: SHA384withECDSA
6+
Subject Public Key Algorithm: 384-bit EC (secp384r1) key
7+
Version: 3
8+
-----BEGIN CERTIFICATE-----
9+
MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
10+
CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
11+
R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
12+
MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
13+
ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
14+
EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
15+
+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
16+
ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
17+
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
18+
zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
19+
tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
20+
/q4AaOeMSQ+2b1tbFfLn
21+
-----END CERTIFICATE-----

‎jdk/test/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java

+13-1
Original file line numberDiff line numberDiff line change
@@ -136,12 +136,21 @@
136136
/*
137137
* @test id=letsencryptisrgx1
138138
* @bug 8189131
139-
* @summary Interoperability tests with Let's Encrypt CA
139+
* @summary Interoperability tests with Let's Encrypt ISRG Root X1 CA
140140
* @library /test/lib
141141
* @build jtreg.SkippedException ValidatePathWithURL CAInterop
142142
* @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop letsencryptisrgx1 DEFAULT
143143
*/
144144

145+
/*
146+
* @test id=letsencryptisrgx2
147+
* @bug 8317374
148+
* @summary Interoperability tests with Let's Encrypt ISRG Root X2 CA
149+
* @library /test/lib
150+
* @build jtreg.SkippedException ValidatePathWithURL CAInterop
151+
* @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop letsencryptisrgx2 DEFAULT
152+
*/
153+
145154
/*
146155
* @test id=globalsignrootcar6
147156
* @bug 8216577
@@ -415,6 +424,9 @@ private CATestURLs getTestURLs(String alias) {
415424
case "letsencryptisrgx1":
416425
return new CATestURLs("https://valid-isrgrootx1.letsencrypt.org",
417426
"https://revoked-isrgrootx1.letsencrypt.org");
427+
case "letsencryptisrgx2":
428+
return new CATestURLs("https://valid-isrgrootx2.letsencrypt.org",
429+
"https://revoked-isrgrootx2.letsencrypt.org");
418430

419431
case "globalsignrootcar6":
420432
return new CATestURLs("https://valid.r6.roots.globalsign.com",

‎jdk/test/sun/security/lib/cacerts/VerifyCACerts.java

+5-3
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
* 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
2929
* 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
3030
* 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
31-
* 8305975 8304760 8307134 8295894 8314960 8317373
31+
* 8305975 8304760 8307134 8295894 8314960 8317373 8317374
3232
* @summary Check root CA entries in cacerts file
3333
*/
3434
import java.io.ByteArrayInputStream;
@@ -54,12 +54,12 @@ public class VerifyCACerts {
5454
+ File.separator + "security" + File.separator + "cacerts";
5555

5656
// The numbers of certs now.
57-
private static final int COUNT = 98;
57+
private static final int COUNT = 99;
5858

5959
// SHA-256 of cacerts, can be generated with
6060
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
6161
private static final String CHECKSUM
62-
= "63:A7:1F:4F:8E:4B:A1:04:DE:BB:EC:2E:31:35:5B:5A:19:D4:B1:C0:59:62:B1:13:65:C3:AE:C7:DB:78:9A:1E";
62+
= "DA:61:45:1C:93:F3:6A:30:24:68:C6:72:BC:C5:E6:E4:E3:BA:6A:AE:36:29:7B:45:53:B7:10:53:52:7D:7E:A5";
6363
// map of cert alias to SHA-256 fingerprint
6464
@SuppressWarnings("serial")
6565
private static final Map<String, String> FINGERPRINT_MAP
@@ -151,6 +151,8 @@ public class VerifyCACerts {
151151
"5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE");
152152
put("letsencryptisrgx1 [jdk]",
153153
"96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6");
154+
put("letsencryptisrgx2 [jdk]",
155+
"69:72:9B:8E:15:A8:6E:FC:17:7A:57:AF:B7:17:1D:FC:64:AD:D2:8C:2F:CA:8C:F1:50:7E:34:45:3C:CB:14:70");
154156
put("luxtrustglobalrootca [jdk]",
155157
"A1:B2:DB:EB:64:E7:06:C6:16:9E:3C:41:18:B2:3B:AA:09:01:8A:84:27:66:6D:8B:F0:E2:88:91:EC:05:19:50");
156158
put("quovadisrootca [jdk]",

0 commit comments

Comments
 (0)
Please sign in to comment.