8316138: Add GlobalSign 2 TLS root certificates

Reviewed-by: mullan
This commit is contained in:
Rajan Halade 2024-05-15 20:18:57 +00:00
parent 43b109b111
commit 4083255440
4 changed files with 94 additions and 3 deletions
src/java.base/share/data/cacerts
test/jdk
security/infra/java/security/cert/CertPathValidator/certification
sun/security/lib/cacerts

@ -0,0 +1,20 @@
Owner: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
Serial number: 11d2bbba336ed4bce62468c50d841d98e843
Valid from: Wed Mar 20 00:00:00 GMT 2019 until: Tue Mar 20 00:00:00 GMT 2046
Signature algorithm name: SHA384withECDSA
Subject Public Key Algorithm: 384-bit EC (secp384r1) key
Version: 3
-----BEGIN CERTIFICATE-----
MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx
CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD
ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw
MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex
HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA
IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq
R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd
yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ
7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8
+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A=
-----END CERTIFICATE-----

@ -0,0 +1,38 @@
Owner: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
Serial number: 11d2bbb9d723189e405f0a9d2dd0df2567d1
Valid from: Wed Mar 20 00:00:00 GMT 2019 until: Tue Mar 20 00:00:00 GMT 2046
Signature algorithm name: SHA384withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
-----BEGIN CERTIFICATE-----
MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA
MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD
VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy
MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ
OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG
vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud
316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo
0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE
y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF
zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE
+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN
I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs
x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa
ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC
4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4
7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti
2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk
pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF
FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt
rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk
ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5
u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP
4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6
N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3
vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6
-----END CERTIFICATE-----

@ -511,6 +511,28 @@
* @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop certainlyroote1 DEFAULT
*/
/*
* @test id=globalsignr46
* @bug 8316138
* @summary Interoperability tests with GlobalSign Root R46
* @library /test/lib
* @build jtreg.SkippedException ValidatePathWithURL CAInterop
* @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsignr46 OCSP
* @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop globalsignr46 OCSP
* @run main/othervm -Djava.security.debug=certpath CAInterop globalsignr46 CRL
*/
/*
* @test id=globalsigne46
* @bug 8316138
* @summary Interoperability tests with GlobalSign Root E46
* @library /test/lib
* @build jtreg.SkippedException ValidatePathWithURL CAInterop
* @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsigne46 OCSP
* @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop globalsigne46 OCSP
* @run main/othervm -Djava.security.debug=certpath CAInterop globalsigne46 CRL
*/
/**
* Collection of certificate validation tests for interoperability with external CAs
*/
@ -680,6 +702,13 @@ public class CAInterop {
new CATestURLs("https://valid.root-e1.certainly.com",
"https://revoked.root-e1.certainly.com");
case "globalsignr46" ->
new CATestURLs("https://valid.r46.roots.globalsign.com",
"https://revoked.r46.roots.globalsign.com");
case "globalsigne46" ->
new CATestURLs("https://valid.e46.roots.globalsign.com",
"https://revoked.e46.roots.globalsign.com");
default -> throw new RuntimeException("No test setup found for: " + alias);
};
}

@ -29,7 +29,7 @@
* 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
* 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
* 8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759 8319187
* 8321408
* 8321408 8316138
* @summary Check root CA entries in cacerts file
*/
import java.io.ByteArrayInputStream;
@ -48,12 +48,12 @@ public class VerifyCACerts {
+ File.separator + "security" + File.separator + "cacerts";
// The numbers of certs now.
private static final int COUNT = 108;
private static final int COUNT = 110;
// SHA-256 of cacerts, can be generated with
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
private static final String CHECKSUM
= "C4:A2:41:9E:B6:4D:77:26:AA:21:02:83:51:C7:88:21:66:1E:D8:88:4A:AC:84:D5:B0:15:0C:7C:C6:45:85:AF";
= "BD:80:65:81:68:E5:6C:51:64:ED:B9:08:53:9F:BB:2F:D9:6C:5D:D4:06:D4:16:59:39:10:8E:F8:24:81:8B:78";
// Hex formatter to upper case with ":" delimiter
private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
@ -278,6 +278,10 @@ public class VerifyCACerts {
"77:B8:2C:D8:64:4C:43:05:F7:AC:C5:CB:15:6B:45:67:50:04:03:3D:51:C6:0C:62:02:A8:E0:C3:34:67:D3:A0");
put("certainlyroote1 [jdk]",
"B4:58:5F:22:E4:AC:75:6A:4E:86:12:A1:36:1C:5D:9D:03:1A:93:FD:84:FE:BB:77:8F:A3:06:8B:0F:C4:2D:C2");
put("globalsignr46 [jdk]",
"4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9");
put("globalsigne46 [jdk]",
"CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58");
}
};