Skip to content

Commit

Permalink
8317373: Add Telia Root CA v2
Browse files Browse the repository at this point in the history
Reviewed-by: mullan
  • Loading branch information
rhalade committed Oct 20, 2023
1 parent 66d90d5 commit d3ebb4a
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 3 deletions.
39 changes: 39 additions & 0 deletions src/java.base/share/data/cacerts/teliarootcav2
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
Owner: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI
Issuer: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI
Serial number: 1675f27d6fe7ae3e4acbe095b059e
Valid from: Thu Nov 29 11:55:54 GMT 2018 until: Sun Nov 29 11:55:54 GMT 2043
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
-----BEGIN CERTIFICATE-----
MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE
AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1
NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZ
MBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ76zBq
AMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9
vVYiQJ3q9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9
lRdU2HhE8Qx3FZLgmEKnpNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTOD
n3WhUidhOPFZPY5Q4L15POdslv5e2QJltI5c0BE0312/UqeBAMN/mUWZFdUXyApT
7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW5olWK8jjfN7j/4nlNW4o
6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNrRBH0pUPC
TEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6
WT0EBXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63R
DolUK5X6wK0dmBR4M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZI
pEYslOqodmJHixBTB0hXbOKSTbauBcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGj
YzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7Wxy+G2CQ5MB0GA1UdDgQWBBRy
rOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
AwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ
8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi
0f6X+J8wfBj5tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMM
A8iZGok1GTzTyVR8qPAs5m4HeW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBS
SRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+Cy748fdHif64W1lZYudogsYMVoe+K
TTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygCQMez2P2ccGrGKMOF
6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15h2Er
3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMt
Ty3EHD70sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pT
VmBds9hCG1xLEooc6+t9xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAW
ysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQraVplI/owd8k+BsHMYeB2F326CjYSlKA
rBPuUBQemMc=
-----END CERTIFICATE-----
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,16 @@
* @run main/othervm -Djava.security.debug=certpath CAInterop affirmtrustpremiumeccca CRL
*/

/*
* @test id=teliarootcav2
* @bug 8317373
* @summary Interoperability tests with Telia Root CA V2
* @library /test/lib
* @build jtreg.SkippedException ValidatePathWithURL CAInterop
* @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop teliarootcav2 OCSP
* @run main/othervm -Djava.security.debug=certpath CAInterop teliarootcav2 CRL
*/

/**
* Collection of certificate validation tests for interoperability with external CAs
*/
Expand Down Expand Up @@ -533,6 +543,10 @@ private CATestURLs getTestURLs(String alias) {
new CATestURLs("https://validpremiumecc.affirmtrust.com",
"https://revokedpremiumecc.affirmtrust.com");

case "teliarootcav2" ->
new CATestURLs("https://juolukka.cover.telia.fi:10600",
"https://juolukka.cover.telia.fi:10601");

default -> throw new RuntimeException("No test setup found for: " + alias);
};
}
Expand Down
8 changes: 5 additions & 3 deletions test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
* 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136
* 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320
* 8243559 8225072 8258630 8259312 8256421 8225081 8225082 8225083 8245654
* 8305975 8304760 8307134 8295894 8314960
* 8305975 8304760 8307134 8295894 8314960 8317373
* @summary Check root CA entries in cacerts file
*/
import java.io.ByteArrayInputStream;
Expand All @@ -47,12 +47,12 @@ public class VerifyCACerts {
+ File.separator + "security" + File.separator + "cacerts";

// The numbers of certs now.
private static final int COUNT = 97;
private static final int COUNT = 98;

// SHA-256 of cacerts, can be generated with
// shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
private static final String CHECKSUM
= "35:5B:BF:02:F8:3E:34:0D:72:01:6C:EB:10:90:CA:A1:DD:B5:01:EF:D8:0C:5B:26:F5:EF:C5:C5:4B:9D:61:3E";
= "B3:2E:91:45:13:9B:CE:AC:65:58:DC:E2:8D:CB:35:3F:44:F5:59:AC:64:35:C0:DE:9F:2D:97:3B:4E:C0:E4:3E";

// Hex formatter to upper case with ":" delimiter
private static final HexFormat HEX = HexFormat.ofDelimiter(":").withUpperCase();
Expand Down Expand Up @@ -255,6 +255,8 @@ public class VerifyCACerts {
"34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D");
put("certignarootca [jdk]",
"D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68");
put("teliarootcav2 [jdk]",
"24:2B:69:74:2F:CB:1E:5B:2A:BF:98:89:8B:94:57:21:87:54:4E:5B:4D:99:11:78:65:73:62:1F:6A:74:B8:2C");
}
};

Expand Down

3 comments on commit d3ebb4a

@rhalade
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk21u

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@openjdk
Copy link

@openjdk openjdk bot commented on d3ebb4a Oct 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rhalade the backport was successfully created on the branch rhalade-backport-d3ebb4a1 in my personal fork of openjdk/jdk21u. To create a pull request with this backport targeting openjdk/jdk21u:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit d3ebb4a1 from the openjdk/jdk repository.

The commit being backported was authored by Rajan Halade on 20 Oct 2023 and was reviewed by Sean Mullan.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk21u:

$ git fetch https://github.com/openjdk-bots/jdk21u.git rhalade-backport-d3ebb4a1:rhalade-backport-d3ebb4a1
$ git checkout rhalade-backport-d3ebb4a1
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk21u.git rhalade-backport-d3ebb4a1

Please sign in to comment.