Skip to content

Commit 0ea5804

Browse files
rhaladerhalade
committedNov 14, 2023
8318759: Add four DigiCert root certificates
Reviewed-by: mullan
1 parent 6a75c24 commit 0ea5804

File tree

7 files changed

+459
-3
lines changed

7 files changed

+459
-3
lines changed
 

‎src/java.base/share/data/cacerts/digicertcseccrootg5

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
Owner: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
2+
Issuer: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
3+
Serial number: 3698fe712d519f3ced0fdb7b1643011
4+
Valid from: Fri Jan 15 00:00:00 GMT 2021 until: Sun Jan 14 23:59:59 GMT 2046
5+
Signature algorithm name: SHA384withECDSA
6+
Subject Public Key Algorithm: 384-bit EC (secp384r1) key
7+
Version: 3
8+
-----BEGIN CERTIFICATE-----
9+
MIICFjCCAZ2gAwIBAgIQA2mP5xLVGfPO0P23sWQwETAKBggqhkjOPQQDAzBNMQsw
10+
CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERp
11+
Z2lDZXJ0IENTIEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYw
12+
MTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIElu
13+
Yy4xJTAjBgNVBAMTHERpZ2lDZXJ0IENTIEVDQyBQMzg0IFJvb3QgRzUwdjAQBgcq
14+
hkjOPQIBBgUrgQQAIgNiAAR/FK2Ftpf9AiE1TWDoOJOTmz0FEG2v0/7v+rv7c5nz
15+
7DISjcdouIveiaKIVHeNuyF+M5VWlgno1YyhBLibbhkAYuhCKKZYN4QZVSZ7Mzdn
16+
8ppyraGurgBCPBx+uHqeIZyjQjBAMB0GA1UdDgQWBBTwjJhxOThlwjobphdmHcjt
17+
Zd6SNjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD
18+
AwNnADBkAjAjb+EAGSZQ5EYgZYs3p8/rBuHMMskqoewyDXOiHgIcNWEqTmmrOXft
19+
l4jAfWvqid0CMEPx0VijdT6Gm7ZVEYsX9z3+CmnFf07GdRtalMvqERHGCCKI3tB6
20+
oqV56OMhp80Tsw==
21+
-----END CERTIFICATE-----

‎src/java.base/share/data/cacerts/digicertcsrsarootg5

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
Owner: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
2+
Issuer: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
3+
Serial number: 6cee131be6d55c807f7c0c7fb44e620
4+
Valid from: Fri Jan 15 00:00:00 GMT 2021 until: Sun Jan 14 23:59:59 GMT 2046
5+
Signature algorithm name: SHA384withRSA
6+
Subject Public Key Algorithm: 4096-bit RSA key
7+
Version: 3
8+
-----BEGIN CERTIFICATE-----
9+
MIIFZDCCA0ygAwIBAgIQBs7hMb5tVcgH98DH+0TmIDANBgkqhkiG9w0BAQwFADBM
10+
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJDAiBgNVBAMT
11+
G0RpZ2lDZXJ0IENTIFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBaFw00
12+
NjAxMTQyMzU5NTlaMEwxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwg
13+
SW5jLjEkMCIGA1UEAxMbRGlnaUNlcnQgQ1MgUlNBNDA5NiBSb290IEc1MIICIjAN
14+
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtjNzgNhiA3AULBEcOV58rnyDhh3+
15+
Ji9MJK2L6oNfqbw9W/wLmEwCRzDs4v7s6DRbZl6/O9cspiX/jFmz3+rafCnZRlBy
16+
CB1u0RsK3R/NmYn6Dw9zxOGcHXUyzW+X2ipqlbJsyQnQ6gt7fRcGSZnv1t7gyFPU
17+
rsZ38Ya7Ixy4wN9Z94590e+C5iaLWji1/3XVstlPCfM3iFDaEaSKFBTRUwQAffNq
18+
RBj+UHAyBxyomg46HcUKH24LJmm3PKJXcCyG+kxulalYQ7msEtb/P+3XQxdrTM6e
19+
xJCr//oQUJqjkFfW54wQrp8WGs81HX/Xdu2KnDWnKLinXSH8MDfd3ggZTxXG56ba
20+
kEeO95RTTI5TAr79meXqhtCvAwLTm6qT8asojiAB/0z7zLcpQPWHpBITBR9DbtdR
21+
UJ84tCDtFwkSj8y5Ga+fzb5pEdOvVRBtF4Z5llLGsgCd5a84sDX0iGuPDgQ9fO6v
22+
zdNqEErGzYbKIj2hSlz7Dv+I31xip8C5HtmsbH44N/53kyXChYpPtTcGWgaBFPHO
23+
lJ2ZkeoyWs5nPW4EZq0MTy2jLvee9Xid9wr9fo/jQopVlrzxnzct/J5flf6MGBv8
24+
jv1LkK/XA2gSY6zik6eiywTlT2TOA/rGFJ/Zi+jM1GKMa+QALBmfGgbGMYFU+1Mk
25+
mq9Vmbqdda64wt0CAwEAAaNCMEAwHQYDVR0OBBYEFGgBk7HSSkBCaZRGLBxaiKkl
26+
tEdPMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
27+
DAUAA4ICAQCS/O64AnkXAlF9IcVJZ6ek8agkOOsMaOpaQmuc9HPBaUotszcFUEKY
28+
kp4GeSwuBpn2798roM2zkgGDtaDLJ7U8IxqYSaLsLZmlWUOs0rGT1lfXHLyT1sZA
29+
4bNvGVW3E9flQzOktavL2sExZA101iztw41u67uvGUdhYS3A9AW5b3jcOvdCQGVT
30+
kb2ZDZOSVKapN1krm8uZxrw99wSE8JQzHQ+CWjnLLkXDKBmjspuYyPwxa2CP9umG
31+
KLzgPH10XRaJW2kkxxCLxEu7Nk/UWT/DsKSRmfgu0UoBnfWIEu+/WhFqWU9Za1pn
32+
84+0Ew/A2C89KHKqGX8RfWpbn5XnX7eUT/E+oVr/Lcyd3yd3jzJzHGcKdvP6XLG/
33+
vB29DCibsscXZwszD8O9Ntz7ukILq+2Ew2LWhBapsQdrqW7uxs/msEQpwvCzYYAq
34+
i2/SFFwlh1Rk86RMwaH4p2vq/uo6/HnbDo/cxvPJ1Gze6YOhjh0i7Mk6sgB73Dun
35+
Qhp/3IupET2Op8Agb10JXUNE5o9mzKlbB/Hvm3oOs1ThlP0OLMaT11X9cZg1uAlK
36+
/8YpKCz2Ui3bFBiSJ+IWfozK1GG+goeR65g3P79fXXc/NKwbOEOraHKZMh46Ghml
37+
ozhMI9ej58zVKpIXkAtaS70WvfuGauKJmezkoFUYyaMIHxPgMghy0A==
38+
-----END CERTIFICATE-----

‎src/java.base/share/data/cacerts/digicerttlseccrootg5

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
Owner: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
2+
Issuer: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
3+
Serial number: 9e09365acf7d9c8b93e1c0b042a2ef3
4+
Valid from: Fri Jan 15 00:00:00 GMT 2021 until: Sun Jan 14 23:59:59 GMT 2046
5+
Signature algorithm name: SHA384withECDSA
6+
Subject Public Key Algorithm: 384-bit EC (secp384r1) key
7+
Version: 3
8+
-----BEGIN CERTIFICATE-----
9+
MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw
10+
CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp
11+
Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2
12+
MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ
13+
bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG
14+
ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS
15+
7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp
16+
0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS
17+
B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49
18+
BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ
19+
LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4
20+
DXZDjC5Ty3zfDBeWUA==
21+
-----END CERTIFICATE-----

‎src/java.base/share/data/cacerts/digicerttlsrsarootg5

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
Owner: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
2+
Issuer: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
3+
Serial number: 8f9b478a8fa7eda6a333789de7ccf8a
4+
Valid from: Fri Jan 15 00:00:00 GMT 2021 until: Sun Jan 14 23:59:59 GMT 2046
5+
Signature algorithm name: SHA384withRSA
6+
Subject Public Key Algorithm: 4096-bit RSA key
7+
Version: 3
8+
-----BEGIN CERTIFICATE-----
9+
MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN
10+
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT
11+
HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN
12+
NDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs
13+
IEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi
14+
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+
15+
ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0
16+
2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp
17+
wgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM
18+
pG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD
19+
nU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po
20+
sMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx
21+
Zre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd
22+
Lvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX
23+
KyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe
24+
XoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL
25+
tgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv
26+
TiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
27+
AQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw
28+
GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H
29+
PNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF
30+
O4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ
31+
REtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik
32+
AdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv
33+
/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+
34+
p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw
35+
MUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF
36+
qUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK
37+
ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+
38+
-----END CERTIFICATE-----

‎test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java

+27
Original file line numberDiff line numberDiff line change
@@ -301,6 +301,26 @@
301301
* @run main/othervm -Djava.security.debug=certpath CAInterop quovadisrootca3g3 CRL
302302
*/
303303

304+
/*
305+
* @test id=digicerttlseccrootg5
306+
* @bug 8318759
307+
* @summary Interoperability tests with DigiCert TLS ECC P384 Root G5
308+
* @library /test/lib
309+
* @build jtreg.SkippedException ValidatePathWithURL CAInterop
310+
* @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop digicerttlseccrootg5 OCSP
311+
* @run main/othervm -Djava.security.debug=certpath CAInterop digicerttlseccrootg5 CRL
312+
*/
313+
314+
/*
315+
* @test id=digicerttlsrsarootg5
316+
* @bug 8318759
317+
* @summary Interoperability tests with DigiCert TLS RSA4096 Root G5
318+
* @library /test/lib
319+
* @build jtreg.SkippedException ValidatePathWithURL CAInterop
320+
* @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop digicerttlsrsarootg5 OCSP
321+
* @run main/othervm -Djava.security.debug=certpath CAInterop digicerttlsrsarootg5 CRL
322+
*/
323+
304324
/*
305325
* @test id=sslrootrsaca
306326
* @bug 8243320
@@ -509,6 +529,7 @@ private CATestURLs getTestURLs(String alias) {
509529
new CATestURLs("https://actrsaroot2017.pki.microsoft.com",
510530
"https://rvkrsaroot2017.pki.microsoft.com");
511531

532+
// Test URLs are listed at https://www.digicert.com/kb/digicert-root-certificates.htm
512533
case "quovadisrootca1g3" ->
513534
new CATestURLs("https://quovadis-root-ca-1-g3.chain-demos.digicert.com",
514535
"https://quovadis-root-ca-1-g3-revoked.chain-demos.digicert.com");
@@ -518,6 +539,12 @@ private CATestURLs getTestURLs(String alias) {
518539
case "quovadisrootca3g3" ->
519540
new CATestURLs("https://quovadis-root-ca-3-g3.chain-demos.digicert.com",
520541
"https://quovadis-root-ca-3-g3-revoked.chain-demos.digicert.com");
542+
case "digicerttlseccrootg5" ->
543+
new CATestURLs("https://digicert-tls-ecc-p384-root-g5.chain-demos.digicert.com",
544+
"https://digicert-tls-ecc-p384-root-g5-revoked.chain-demos.digicert.com");
545+
case "digicerttlsrsarootg5" ->
546+
new CATestURLs("https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com",
547+
"https://digicert-tls-rsa4096-root-g5-revoked.chain-demos.digicert.com");
521548

522549
case "sslrootrsaca" ->
523550
new CATestURLs("https://test-dv-rsa.ssl.com",

‎test/jdk/security/infra/java/security/cert/CertPathValidator/certification/DigicertCSRootG5.java

+303
Large diffs are not rendered by default.

‎test/jdk/sun/security/lib/cacerts/VerifyCACerts.java

+11-3
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
* 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
2929
* 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
3030
* 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
31-
* 8305975 8304760 8307134 8295894 8314960 8317373 8317374
31+
* 8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759
3232
* @summary Check root CA entries in cacerts file
3333
*/
3434
import java.io.ByteArrayInputStream;
@@ -47,12 +47,12 @@ public class VerifyCACerts {
4747
+ File.separator + "security" + File.separator + "cacerts";
4848

4949
// The numbers of certs now.
50-
private static final int COUNT = 99;
50+
private static final int COUNT = 103;
5151

5252
// SHA-256 of cacerts, can be generated with
5353
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
5454
private static final String CHECKSUM
55-
= "86:0A:D5:92:16:A1:11:20:4B:86:18:D5:7C:83:F3:F4:62:50:24:F9:D0:7F:58:59:34:C4:7F:81:0B:15:A7:CE";
55+
= "25:CA:3F:68:80:2E:73:63:8E:84:EF:2C:F3:14:5B:76:DC:D3:03:76:8C:13:8E:76:01:8D:D5:D4:C9:5C:53:0E";
5656

5757
// Hex formatter to upper case with ":" delimiter
5858
private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
@@ -163,6 +163,14 @@ public class VerifyCACerts {
163163
"18:F1:FC:7F:20:5D:F8:AD:DD:EB:7F:E0:07:DD:57:E3:AF:37:5A:9C:4D:8D:73:54:6B:F4:F1:FE:D1:E1:8D:35");
164164
put("quovadisrootca3g3 [jdk]",
165165
"88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46");
166+
put("digicertcseccrootg5 [jdk]",
167+
"26:C5:6A:D2:20:8D:1E:9B:15:2F:66:85:3B:F4:79:7C:BE:B7:55:2C:1F:3F:47:72:51:E8:CB:1A:E7:E7:97:BF");
168+
put("digicertcsrsarootg5 [jdk]",
169+
"73:53:B6:D6:C2:D6:DA:42:47:77:3F:3F:07:D0:75:DE:CB:51:34:21:2B:EA:D0:92:8E:F1:F4:61:15:26:09:41");
170+
put("digicerttlseccrootg5 [jdk]",
171+
"01:8E:13:F0:77:25:32:CF:80:9B:D1:B1:72:81:86:72:83:FC:48:C6:E1:3B:E9:C6:98:12:85:4A:49:0C:1B:05");
172+
put("digicerttlsrsarootg5 [jdk]",
173+
"37:1A:00:DC:05:33:B3:72:1A:7E:EB:40:E8:41:9E:70:79:9D:2B:0A:0F:2C:1D:80:69:31:65:F7:CE:C4:AD:75");
166174
put("secomscrootca2 [jdk]",
167175
"51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6");
168176
put("swisssigngoldg2ca [jdk]",

0 commit comments

Comments
 (0)
Please sign in to comment.