Certify SSL.com 2022 roots

src/java.base/share/data/cacerts/sslcsrootecc2022

@@ -0,0 +1,22 @@
+Owner: CN=SSL.com Code Signing ECC Root CA 2022, O=SSL Corporation, C=US
+Issuer: CN=SSL.com Code Signing ECC Root CA 2022, O=SSL Corporation, C=US
+Serial number: 6e8ee45b104cc90c7eb4d8888fe5ec64
+Valid from: Thu Aug 25 16:31:35 GMT 2022 until: Sun Aug 19 16:31:34 GMT 2046
+Signature algorithm name: SHA384withECDSA
+Subject Public Key Algorithm: 384-bit EC (secp384r1) key
+Version: 3
+-----BEGIN CERTIFICATE-----
+MIICSzCCAdKgAwIBAgIQbo7kWxBMyQx+tNiIj+XsZDAKBggqhkjOPQQDAzBXMQsw
+CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMS4wLAYDVQQDDCVT
+U0wuY29tIENvZGUgU2lnbmluZyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2
+MzEzNVoXDTQ2MDgxOTE2MzEzNFowVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NT
+TCBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU1NMLmNvbSBDb2RlIFNpZ25pbmcgRUND
+IFJvb3QgQ0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABHbIrNTWlZJ8FzLl
+y2tB+Sm7seuidrU22GxLjeU+SlcmJsefO19GZidRwCxjHHTdrDnTbz0OlL6+KzCS
+zqJCVg1Q1KQscfQnYduggT/VTVYWtcwcN8szNBFoxzx7DemUzaNjMGEwDwYDVR0T
+AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRYXhbDLbPm6qNJs6W+1t6ueZVrjTAdBgNV
+HQ4EFgQUWF4Wwy2z5uqjSbOlvtbernmVa40wDgYDVR0PAQH/BAQDAgGGMAoGCCqG
+SM49BAMDA2cAMGQCMFOMczFOgFy3njsPCFgTvtlA9vG/ffeZoOvMgAANqnA27TYj
+e0G4FBVWdtOW4xWFZAIwJOT2+L0Tbjq3P9y/zXjfJoBXEq9oZ0//8iuxoqGZtMOT
+G456y3y/FI7r6rj+4QNf
+-----END CERTIFICATE-----

src/java.base/share/data/cacerts/sslcsrootrsa2022

@@ -0,0 +1,39 @@
+Owner: CN=SSL.com Code Signing RSA Root CA 2022, O=SSL Corporation, C=US
+Issuer: CN=SSL.com Code Signing RSA Root CA 2022, O=SSL Corporation, C=US
+Serial number: 1097c49c8c254328bba6e8b99bab4fa1
+Valid from: Thu Aug 25 16:32:08 GMT 2022 until: Sun Aug 19 16:32:07 GMT 2046
+Signature algorithm name: SHA256withRSA
+Subject Public Key Algorithm: 4096-bit RSA key
+Version: 3
+-----BEGIN CERTIFICATE-----
+MIIFmzCCA4OgAwIBAgIQEJfEnIwlQyi7pui5m6tPoTANBgkqhkiG9w0BAQsFADBX
+MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMS4wLAYDVQQD
+DCVTU0wuY29tIENvZGUgU2lnbmluZyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgy
+NTE2MzIwOFoXDTQ2MDgxOTE2MzIwN1owVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM
+D1NTTCBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU1NMLmNvbSBDb2RlIFNpZ25pbmcg
+UlNBIFJvb3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AIx1IMiM3E6RUQa1W+9Fu9n+YOtKk4fs/5ePYJOecWFA6u9Ly5JY2GsW3N4tiPLz
+0wSWwCVnIeUd259SgfYAK2aQ8aweqE9hJN12LwPHNcg2rIFTYCLAUZKZ7+gmLplU
+zQmPX1w88KvnO7OnqwbGMZe+TO30BoExgktQELWgEXncWMvA5R6zwW9IXK2XCrMe
+rC5X2L2+OFBE4zP918G1v6JO+3i0OziYKOlWLVSAi2t+HeOVhqeeF1RGW17/n+Zr
+NYpRpaZ7XAoiDcLXgy/aPD3yih79Hj6h2BxPbghSbk+sH8n+n5lNu1JUsZKDW0AT
+7xS1M5E8gqSr9apIaum4+4BABvzlHn4/vAqrJuLFqwcE1014tevaa1NbU4qm8tde
+USJNH8yqi7rADoLZFLrZ8i33JbjLqUPSTEQeFnXMteRwHymBVTSyPv7/0XgaQJIn
+KmgltdKe77z4FEtvUiMWaxCJ1N+63MwYWXGp5svYkHG9IPSkaiZJlZ1GGEUWiR8V
+XahDsGCXntc22jqyb0tyTpl21zA396adu9tdpu58GOxC+RXoDrjbbEJrEF1EDNbU
+zoKM7yswi3HhCPJBkWPj/uDAqKWNmQBBYs5CRqGdyuWanFHbYHpEVQ4qKnCkmf8q
+fmC0HZZXujv827/GMYCqOgAZL4gfSaTrd0D3TIPugpEvAgMBAAGjYzBhMA8GA1Ud
+EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUx/bIC2LtFAyjF7aquR7R4INWoV0wHQYD
+VR0OBBYEFMf2yAti7RQMoxe2qrke0eCDVqFdMA4GA1UdDwEB/wQEAwIBhjANBgkq
+hkiG9w0BAQsFAAOCAgEAYlDeMj/rNjV4jYl3SA8Po10HqLr2Uj82Us61wHlM610r
++BKsQ9vne4wpKp9rOtN89RV3lzv9If3zyFzJPgWUr3ur6I3irw3AoBvfrwu6qrRF
+VYHIYZlhuLCa6FnMCRPZp1YHhu7toOyNAWWamcwjosCRHV0G3Q2n+jzExFkixps6
+wB1pPSy2sR6Kvj2CD2sxcmBXkAtUit5VCh51SQBstkoz70bY1svE8XxsCZbpqeEY
+/a//tM9nb38HpUiNBRCWOZB5Wpa34+Y3ODKxxjEBJHQCxMsLz7p2vlyKIMPpdGfr
+bRKcOT3gitUrSyTjeYxInJGr14IhOL/Es8EH7pA9rfqivilbUjGqbLMcdfPmoNiM
+A5aIuvjKUTNhCx3Va5wTGS4Wz88Nh0uXxAfZC6uYkeq6B4OYkkAKIM24a5r3gP47
+yeL5Q8go502XF8B38zDqJoQb1VO8MIVfae48tAnosZukOIK668BqjG0rKDB45DKr
+txvhUiQAkedLGtuhiAxu6l0cR5mNcU293t5AmQSzQOHDi6rEkhiXe/zMg4A82iny
+f87EaQCbYX1tltYVgoz1gyoc91N2ciXwKYDEMmRTD09U9FcN1gvc/nKItF9L2R4/
+A4YvORA2pzHFJgeVi0hx8assBurSHE6VjecX6q2xRkXTNv3LxGFvCSJEMiena2g=
+-----END CERTIFICATE-----

src/java.base/share/data/cacerts/ssltlsrootecc2022

@@ -0,0 +1,21 @@
+Owner: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
+Issuer: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
+Serial number: 1403f5abfb378b17405be243b2a5d1c4
+Valid from: Thu Aug 25 16:33:48 GMT 2022 until: Sun Aug 19 16:33:47 GMT 2046
+Signature algorithm name: SHA384withECDSA
+Subject Public Key Algorithm: 384-bit EC (secp384r1) key
+Version: 3
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw
+CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT
+U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2
+MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh
+dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm
+acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN
+SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
+GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW
+uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp
+15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN
+b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g==
+-----END CERTIFICATE-----

src/java.base/share/data/cacerts/ssltlsrootrsa2022

@@ -0,0 +1,39 @@
+Owner: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
+Issuer: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
+Serial number: 6fbedaad73bd0840e28b4dbed4f75b91
+Valid from: Thu Aug 25 16:34:22 GMT 2022 until: Sun Aug 19 16:34:21 GMT 2046
+Signature algorithm name: SHA256withRSA
+Subject Public Key Algorithm: 4096-bit RSA key
+Version: 3
+-----BEGIN CERTIFICATE-----
+MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO
+MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD
+DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX
+DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw
+b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP
+L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY
+t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins
+S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3
+PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO
+L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3
+R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w
+dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS
++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS
+d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG
+AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f
+gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j
+BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z
+NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt
+hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM
+QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf
+R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ
+DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW
+P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy
+lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq
+bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w
+AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q
+r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji
+Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU
+98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=
+-----END CERTIFICATE-----

test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java

@@ -535,6 +535,28 @@
  * @run main/othervm/manual -Djava.security.debug=certpath CAInterop globalsigne46 CRL
  */
 
+/*
+ * @test id=ssltlsrootecc2022
+ * @bug 8329202
+ * @summary Interoperability tests with SSL TLS 2022 root CAs
+ * @library /test/lib
+ * @build jtreg.SkippedException ValidatePathWithURL CAInterop
+ * @run main/othervm/manual -Djava.security.debug=certpath,ocsp CAInterop ssltlsrootecc2022 DEFAULT
+ * @run main/othervm/manual -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop ssltlsrootecc2022 DEFAULT
+ * @run main/othervm/manual -Djava.security.debug=certpath CAInterop ssltlsrootecc2022 CRL
+ */
+
+/*
+ * @test id=ssltlsrootrsa2022
+ * @bug 8329202
+ * @summary Interoperability tests with SSL TLS 2022 root CAs
+ * @library /test/lib
+ * @build jtreg.SkippedException ValidatePathWithURL CAInterop
+ * @run main/othervm/manual -Djava.security.debug=certpath,ocsp CAInterop ssltlsrootrsa2022 DEFAULT
+ * @run main/othervm/manual -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop ssltlsrootrsa2022 DEFAULT
+ * @run main/othervm/manual -Djava.security.debug=certpath CAInterop ssltlsrootrsa2022 CRL
+ */
+
 /**
  * Collection of certificate validation tests for interoperability with external CAs.
  * These tests are marked as manual as they depend on external infrastructure and may fail
@@ -713,6 +735,13 @@ private CATestURLs getTestURLs(String alias) {
                     new CATestURLs("https://valid.e46.roots.globalsign.com",
                             "https://revoked.e46.roots.globalsign.com");
 
+            case "ssltlsrootecc2022" ->
+                    new CATestURLs("https://test-root-2022-ecc.ssl.com",
+                            "https://revoked-root-2022-ecc.ssl.com");
+            case "ssltlsrootrsa2022" ->
+                    new CATestURLs("https://test-root-2022-rsa.ssl.com",
+                            "https://revoked-root-2022-rsa.ssl.com");
+
             default -> throw new RuntimeException("No test setup found for: " + alias);
         };
     }

test/jdk/sun/security/lib/cacerts/VerifyCACerts.java

@@ -19,17 +19,16 @@
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
- *
  */
 
-/**
+/*
  * @test
  * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779
  *      8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
  *      8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
  *      8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
  *      8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759 8319187
- *      8321408 8316138
+ *      8321408 8316138 8329202
  * @summary Check root CA entries in cacerts file
  */
 import java.io.ByteArrayInputStream;
@@ -48,12 +47,12 @@ public class VerifyCACerts {
             + File.separator + "security" + File.separator + "cacerts";
 
     // The numbers of certs now.
-    private static final int COUNT = 110;
+    private static final int COUNT = 114;
 
     // SHA-256 of cacerts, can be generated with
     // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
     private static final String CHECKSUM
-            = "BD:80:65:81:68:E5:6C:51:64:ED:B9:08:53:9F:BB:2F:D9:6C:5D:D4:06:D4:16:59:39:10:8E:F8:24:81:8B:78";
+            = "D6:C5:15:01:66:87:4F:8E:18:E8:23:98:60:35:4C:48:20:87:A5:83:7F:B6:BE:AB:4D:4F:75:EF:B5:09:9D:23";
 
     // Hex formatter to upper case with ":" delimiter
     private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
@@ -282,6 +281,14 @@ public class VerifyCACerts {
                     "4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9");
             put("globalsigne46 [jdk]",
                     "CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58");
+            put("sslcsrootecc2022 [jdk]",
+                    "E1:7D:B3:96:AF:C1:36:FF:1D:6D:CD:A4:BB:44:3D:A2:D8:17:13:18:55:BE:1C:4B:6F:EC:EA:22:10:36:72:2A");
+            put("sslcsrootrsa2022 [jdk]",
+                    "25:3E:3C:A3:6E:37:E8:67:EE:68:86:7B:99:7B:9E:C7:24:DC:C3:16:10:63:AB:03:93:B5:4F:2B:B7:B6:C3:15");
+            put("ssltlsrootecc2022 [jdk]",
+                    "C3:2F:FD:9F:46:F9:36:D1:6C:36:73:99:09:59:43:4B:9A:D6:0A:AF:BB:9E:7C:F3:36:54:F1:44:CC:1B:A1:43");
+            put("ssltlsrootrsa2022 [jdk]",
+                    "8F:AF:7D:2E:2C:B4:70:9B:B8:E0:B3:36:66:BF:75:A5:DD:45:B5:DE:48:0F:8E:A8:D4:BF:E6:BE:BC:17:F2:ED");
         }
     };