diff --git a/src/java.base/share/data/cacerts/sslcsrootecc2022 b/src/java.base/share/data/cacerts/sslcsrootecc2022 new file mode 100644 index 0000000000000..9413139ef0f56 --- /dev/null +++ b/src/java.base/share/data/cacerts/sslcsrootecc2022 @@ -0,0 +1,22 @@ +Owner: CN=SSL.com Code Signing ECC Root CA 2022, O=SSL Corporation, C=US +Issuer: CN=SSL.com Code Signing ECC Root CA 2022, O=SSL Corporation, C=US +Serial number: 6e8ee45b104cc90c7eb4d8888fe5ec64 +Valid from: Thu Aug 25 16:31:35 GMT 2022 until: Sun Aug 19 16:31:34 GMT 2046 +Signature algorithm name: SHA384withECDSA +Subject Public Key Algorithm: 384-bit EC (secp384r1) key +Version: 3 +-----BEGIN CERTIFICATE----- +MIICSzCCAdKgAwIBAgIQbo7kWxBMyQx+tNiIj+XsZDAKBggqhkjOPQQDAzBXMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMS4wLAYDVQQDDCVT +U0wuY29tIENvZGUgU2lnbmluZyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2 +MzEzNVoXDTQ2MDgxOTE2MzEzNFowVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NT +TCBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU1NMLmNvbSBDb2RlIFNpZ25pbmcgRUND +IFJvb3QgQ0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABHbIrNTWlZJ8FzLl +y2tB+Sm7seuidrU22GxLjeU+SlcmJsefO19GZidRwCxjHHTdrDnTbz0OlL6+KzCS +zqJCVg1Q1KQscfQnYduggT/VTVYWtcwcN8szNBFoxzx7DemUzaNjMGEwDwYDVR0T +AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRYXhbDLbPm6qNJs6W+1t6ueZVrjTAdBgNV +HQ4EFgQUWF4Wwy2z5uqjSbOlvtbernmVa40wDgYDVR0PAQH/BAQDAgGGMAoGCCqG +SM49BAMDA2cAMGQCMFOMczFOgFy3njsPCFgTvtlA9vG/ffeZoOvMgAANqnA27TYj +e0G4FBVWdtOW4xWFZAIwJOT2+L0Tbjq3P9y/zXjfJoBXEq9oZ0//8iuxoqGZtMOT +G456y3y/FI7r6rj+4QNf +-----END CERTIFICATE----- diff --git a/src/java.base/share/data/cacerts/sslcsrootrsa2022 b/src/java.base/share/data/cacerts/sslcsrootrsa2022 new file mode 100644 index 0000000000000..d6e94e96d0447 --- /dev/null +++ b/src/java.base/share/data/cacerts/sslcsrootrsa2022 @@ -0,0 +1,39 @@ +Owner: CN=SSL.com Code Signing RSA Root CA 2022, O=SSL Corporation, C=US +Issuer: CN=SSL.com Code Signing RSA Root CA 2022, O=SSL Corporation, C=US +Serial number: 1097c49c8c254328bba6e8b99bab4fa1 +Valid from: Thu Aug 25 16:32:08 GMT 2022 until: Sun Aug 19 16:32:07 GMT 2046 +Signature algorithm name: SHA256withRSA +Subject Public Key Algorithm: 4096-bit RSA key +Version: 3 +-----BEGIN CERTIFICATE----- +MIIFmzCCA4OgAwIBAgIQEJfEnIwlQyi7pui5m6tPoTANBgkqhkiG9w0BAQsFADBX +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMS4wLAYDVQQD +DCVTU0wuY29tIENvZGUgU2lnbmluZyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgy +NTE2MzIwOFoXDTQ2MDgxOTE2MzIwN1owVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM +D1NTTCBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU1NMLmNvbSBDb2RlIFNpZ25pbmcg +UlNBIFJvb3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AIx1IMiM3E6RUQa1W+9Fu9n+YOtKk4fs/5ePYJOecWFA6u9Ly5JY2GsW3N4tiPLz +0wSWwCVnIeUd259SgfYAK2aQ8aweqE9hJN12LwPHNcg2rIFTYCLAUZKZ7+gmLplU +zQmPX1w88KvnO7OnqwbGMZe+TO30BoExgktQELWgEXncWMvA5R6zwW9IXK2XCrMe +rC5X2L2+OFBE4zP918G1v6JO+3i0OziYKOlWLVSAi2t+HeOVhqeeF1RGW17/n+Zr +NYpRpaZ7XAoiDcLXgy/aPD3yih79Hj6h2BxPbghSbk+sH8n+n5lNu1JUsZKDW0AT +7xS1M5E8gqSr9apIaum4+4BABvzlHn4/vAqrJuLFqwcE1014tevaa1NbU4qm8tde +USJNH8yqi7rADoLZFLrZ8i33JbjLqUPSTEQeFnXMteRwHymBVTSyPv7/0XgaQJIn +KmgltdKe77z4FEtvUiMWaxCJ1N+63MwYWXGp5svYkHG9IPSkaiZJlZ1GGEUWiR8V +XahDsGCXntc22jqyb0tyTpl21zA396adu9tdpu58GOxC+RXoDrjbbEJrEF1EDNbU +zoKM7yswi3HhCPJBkWPj/uDAqKWNmQBBYs5CRqGdyuWanFHbYHpEVQ4qKnCkmf8q +fmC0HZZXujv827/GMYCqOgAZL4gfSaTrd0D3TIPugpEvAgMBAAGjYzBhMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUx/bIC2LtFAyjF7aquR7R4INWoV0wHQYD +VR0OBBYEFMf2yAti7RQMoxe2qrke0eCDVqFdMA4GA1UdDwEB/wQEAwIBhjANBgkq +hkiG9w0BAQsFAAOCAgEAYlDeMj/rNjV4jYl3SA8Po10HqLr2Uj82Us61wHlM610r ++BKsQ9vne4wpKp9rOtN89RV3lzv9If3zyFzJPgWUr3ur6I3irw3AoBvfrwu6qrRF +VYHIYZlhuLCa6FnMCRPZp1YHhu7toOyNAWWamcwjosCRHV0G3Q2n+jzExFkixps6 +wB1pPSy2sR6Kvj2CD2sxcmBXkAtUit5VCh51SQBstkoz70bY1svE8XxsCZbpqeEY +/a//tM9nb38HpUiNBRCWOZB5Wpa34+Y3ODKxxjEBJHQCxMsLz7p2vlyKIMPpdGfr +bRKcOT3gitUrSyTjeYxInJGr14IhOL/Es8EH7pA9rfqivilbUjGqbLMcdfPmoNiM +A5aIuvjKUTNhCx3Va5wTGS4Wz88Nh0uXxAfZC6uYkeq6B4OYkkAKIM24a5r3gP47 +yeL5Q8go502XF8B38zDqJoQb1VO8MIVfae48tAnosZukOIK668BqjG0rKDB45DKr +txvhUiQAkedLGtuhiAxu6l0cR5mNcU293t5AmQSzQOHDi6rEkhiXe/zMg4A82iny +f87EaQCbYX1tltYVgoz1gyoc91N2ciXwKYDEMmRTD09U9FcN1gvc/nKItF9L2R4/ +A4YvORA2pzHFJgeVi0hx8assBurSHE6VjecX6q2xRkXTNv3LxGFvCSJEMiena2g= +-----END CERTIFICATE----- diff --git a/src/java.base/share/data/cacerts/ssltlsrootecc2022 b/src/java.base/share/data/cacerts/ssltlsrootecc2022 new file mode 100644 index 0000000000000..cb7bf4a7e90d7 --- /dev/null +++ b/src/java.base/share/data/cacerts/ssltlsrootecc2022 @@ -0,0 +1,21 @@ +Owner: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US +Issuer: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US +Serial number: 1403f5abfb378b17405be243b2a5d1c4 +Valid from: Thu Aug 25 16:33:48 GMT 2022 until: Sun Aug 19 16:33:47 GMT 2046 +Signature algorithm name: SHA384withECDSA +Subject Public Key Algorithm: 384-bit EC (secp384r1) key +Version: 3 +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT +U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 +MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh +dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm +acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN +SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW +uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp +15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN +b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== +-----END CERTIFICATE----- diff --git a/src/java.base/share/data/cacerts/ssltlsrootrsa2022 b/src/java.base/share/data/cacerts/ssltlsrootrsa2022 new file mode 100644 index 0000000000000..9ff1690f7c475 --- /dev/null +++ b/src/java.base/share/data/cacerts/ssltlsrootrsa2022 @@ -0,0 +1,39 @@ +Owner: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US +Issuer: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US +Serial number: 6fbedaad73bd0840e28b4dbed4f75b91 +Valid from: Thu Aug 25 16:34:22 GMT 2022 until: Sun Aug 19 16:34:21 GMT 2046 +Signature algorithm name: SHA256withRSA +Subject Public Key Algorithm: 4096-bit RSA key +Version: 3 +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD +DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX +DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP +L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY +t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins +S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 +PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO +L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 +R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w +dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS ++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS +d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG +AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f +gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z +NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM +QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf +R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ +DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW +P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy +lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq +bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w +AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q +r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji +Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU +98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- diff --git a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java index ab04391b1f385..fa66c3d9b935d 100644 --- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java +++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java @@ -535,6 +535,28 @@ * @run main/othervm/manual -Djava.security.debug=certpath CAInterop globalsigne46 CRL */ +/* + * @test id=ssltlsrootecc2022 + * @bug 8329202 + * @summary Interoperability tests with SSL TLS 2022 root CAs + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm/manual -Djava.security.debug=certpath,ocsp CAInterop ssltlsrootecc2022 DEFAULT + * @run main/othervm/manual -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop ssltlsrootecc2022 DEFAULT + * @run main/othervm/manual -Djava.security.debug=certpath CAInterop ssltlsrootecc2022 CRL + */ + +/* + * @test id=ssltlsrootrsa2022 + * @bug 8329202 + * @summary Interoperability tests with SSL TLS 2022 root CAs + * @library /test/lib + * @build jtreg.SkippedException ValidatePathWithURL CAInterop + * @run main/othervm/manual -Djava.security.debug=certpath,ocsp CAInterop ssltlsrootrsa2022 DEFAULT + * @run main/othervm/manual -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop ssltlsrootrsa2022 DEFAULT + * @run main/othervm/manual -Djava.security.debug=certpath CAInterop ssltlsrootrsa2022 CRL + */ + /** * Collection of certificate validation tests for interoperability with external CAs. * These tests are marked as manual as they depend on external infrastructure and may fail @@ -713,6 +735,13 @@ private CATestURLs getTestURLs(String alias) { new CATestURLs("https://valid.e46.roots.globalsign.com", "https://revoked.e46.roots.globalsign.com"); + case "ssltlsrootecc2022" -> + new CATestURLs("https://test-root-2022-ecc.ssl.com", + "https://revoked-root-2022-ecc.ssl.com"); + case "ssltlsrootrsa2022" -> + new CATestURLs("https://test-root-2022-rsa.ssl.com", + "https://revoked-root-2022-rsa.ssl.com"); + default -> throw new RuntimeException("No test setup found for: " + alias); }; } diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java index 83427f1a33aba..86e2e18913418 100644 --- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java +++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java @@ -19,17 +19,16 @@ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. - * */ -/** +/* * @test * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 * 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654 * 8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759 8319187 - * 8321408 8316138 + * 8321408 8316138 8329202 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -48,12 +47,12 @@ public class VerifyCACerts { + File.separator + "security" + File.separator + "cacerts"; // The numbers of certs now. - private static final int COUNT = 110; + private static final int COUNT = 114; // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM - = "BD:80:65:81:68:E5:6C:51:64:ED:B9:08:53:9F:BB:2F:D9:6C:5D:D4:06:D4:16:59:39:10:8E:F8:24:81:8B:78"; + = "D6:C5:15:01:66:87:4F:8E:18:E8:23:98:60:35:4C:48:20:87:A5:83:7F:B6:BE:AB:4D:4F:75:EF:B5:09:9D:23"; // Hex formatter to upper case with ":" delimiter private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase(); @@ -282,6 +281,14 @@ public class VerifyCACerts { "4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9"); put("globalsigne46 [jdk]", "CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58"); + put("sslcsrootecc2022 [jdk]", + "E1:7D:B3:96:AF:C1:36:FF:1D:6D:CD:A4:BB:44:3D:A2:D8:17:13:18:55:BE:1C:4B:6F:EC:EA:22:10:36:72:2A"); + put("sslcsrootrsa2022 [jdk]", + "25:3E:3C:A3:6E:37:E8:67:EE:68:86:7B:99:7B:9E:C7:24:DC:C3:16:10:63:AB:03:93:B5:4F:2B:B7:B6:C3:15"); + put("ssltlsrootecc2022 [jdk]", + "C3:2F:FD:9F:46:F9:36:D1:6C:36:73:99:09:59:43:4B:9A:D6:0A:AF:BB:9E:7C:F3:36:54:F1:44:CC:1B:A1:43"); + put("ssltlsrootrsa2022 [jdk]", + "8F:AF:7D:2E:2C:B4:70:9B:B8:E0:B3:36:66:BF:75:A5:DD:45:B5:DE:48:0F:8E:A8:D4:BF:E6:BE:BC:17:F2:ED"); } };