8316138: Add GlobalSign 2 TLS root certificates

Reviewed-by: mullan
2025-08-28 15:24:43 +02:00 · 2024-05-15 20:18:57 +00:00 · 2024-05-15 20:18:57 +00:00 · 4083255440
commit 4083255440
parent 43b109b111
4 changed files with 94 additions and 3 deletions
--- a/src/java.base/share/data/cacerts/globalsigne46
+++ b/src/java.base/share/data/cacerts/globalsigne46
@ -0,0 +1,20 @@
 Owner: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
 Issuer: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
 Serial number: 11d2bbba336ed4bce62468c50d841d98e843
 Valid from: Wed Mar 20 00:00:00 GMT 2019 until: Tue Mar 20 00:00:00 GMT 2046
 Signature algorithm name: SHA384withECDSA
 Subject Public Key Algorithm: 384-bit EC (secp384r1) key
 Version: 3
 -----BEGIN CERTIFICATE-----
 MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx
 CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD
 ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw
 MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex
 HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA
 IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq
 R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd
 yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
 DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ
 7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8
 +RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A=
 -----END CERTIFICATE-----
--- a/src/java.base/share/data/cacerts/globalsignr46
+++ b/src/java.base/share/data/cacerts/globalsignr46
@ -0,0 +1,38 @@
 Owner: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
 Issuer: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
 Serial number: 11d2bbb9d723189e405f0a9d2dd0df2567d1
 Valid from: Wed Mar 20 00:00:00 GMT 2019 until: Tue Mar 20 00:00:00 GMT 2046
 Signature algorithm name: SHA384withRSA
 Subject Public Key Algorithm: 4096-bit RSA key
 Version: 3
 -----BEGIN CERTIFICATE-----
 MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA
 MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD
 VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy
 MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
 c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB
 AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ
 OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG
 vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud
 316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo
 0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE
 y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF
 zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE
 +cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN
 I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs
 x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa
 ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC
 4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
 HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4
 7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
 JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti
 2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk
 pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF
 FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt
 rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk
 ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5
 u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP
 4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6
 N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3
 vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6
 -----END CERTIFICATE-----
--- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java
+++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java
@ -511,6 +511,28 @@
 * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop certainlyroote1 DEFAULT
 */
 /*
 * @test id=globalsignr46
 * @bug 8316138
 * @summary Interoperability tests with GlobalSign Root R46
 * @library /test/lib
 * @build jtreg.SkippedException ValidatePathWithURL CAInterop
 * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsignr46 OCSP
 * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop globalsignr46 OCSP
 * @run main/othervm -Djava.security.debug=certpath CAInterop globalsignr46 CRL
 */
 /*
 * @test id=globalsigne46
 * @bug 8316138
 * @summary Interoperability tests with GlobalSign Root E46
 * @library /test/lib
 * @build jtreg.SkippedException ValidatePathWithURL CAInterop
 * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop globalsigne46 OCSP
 * @run main/othervm -Djava.security.debug=certpath,ocsp -Dcom.sun.security.ocsp.useget=false CAInterop globalsigne46 OCSP
 * @run main/othervm -Djava.security.debug=certpath CAInterop globalsigne46 CRL
 */
 /**
 * Collection of certificate validation tests for interoperability with external CAs
 */
@ -680,6 +702,13 @@ public class CAInterop {
                    new CATestURLs("https://valid.root-e1.certainly.com",
                            "https://revoked.root-e1.certainly.com");
            case "globalsignr46" ->
                    new CATestURLs("https://valid.r46.roots.globalsign.com",
                            "https://revoked.r46.roots.globalsign.com");
            case "globalsigne46" ->
                    new CATestURLs("https://valid.e46.roots.globalsign.com",
                            "https://revoked.e46.roots.globalsign.com");
            default -> throw new RuntimeException("No test setup found for: " + alias);
        };
    }
--- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
+++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
@ -29,7 +29,7 @@
 *      8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
 *      8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
 *      8305975 8304760 8307134 8295894 8314960 8317373 8317374 8318759 8319187
- *      8321408
+ *      8321408 8316138
 * @summary Check root CA entries in cacerts file
 */
 import java.io.ByteArrayInputStream;
@ -48,12 +48,12 @@ public class VerifyCACerts {
            + File.separator + "security" + File.separator + "cacerts";
    // The numbers of certs now.
-    private static final int COUNT = 108;
+    private static final int COUNT = 110;
    // SHA-256 of cacerts, can be generated with
    // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
    private static final String CHECKSUM
-            = "C4:A2:41:9E:B6:4D:77:26:AA:21:02:83:51:C7:88:21:66:1E:D8:88:4A:AC:84:D5:B0:15:0C:7C:C6:45:85:AF";
+            = "BD:80:65:81:68:E5:6C:51:64:ED:B9:08:53:9F:BB:2F:D9:6C:5D:D4:06:D4:16:59:39:10:8E:F8:24:81:8B:78";
    // Hex formatter to upper case with ":" delimiter
    private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
@ -278,6 +278,10 @@ public class VerifyCACerts {
                    "77:B8:2C:D8:64:4C:43:05:F7:AC:C5:CB:15:6B:45:67:50:04:03:3D:51:C6:0C:62:02:A8:E0:C3:34:67:D3:A0");
            put("certainlyroote1 [jdk]",
                    "B4:58:5F:22:E4:AC:75:6A:4E:86:12:A1:36:1C:5D:9D:03:1A:93:FD:84:FE:BB:77:8F:A3:06:8B:0F:C4:2D:C2");
            put("globalsignr46 [jdk]",
                    "4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9");
            put("globalsigne46 [jdk]",
                    "CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58");
        }
    };