8350498: Remove two Camerfirma root CA certificates

[vieiro]

Backport of JDK-8350498 from 11 that removes two non root CA certificates no longer active.

The PR is on top of #650 (for JDK-8303770) to avoid conflicts, since CHECKSUM in VerifyCACerts.java is modified by both issues.

Not clean, as file locations have changed between 8 and 11.

Test VerifyCACerts.java passes:

Passed: security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java
Passed: sun/security/lib/cacerts/VerifyCACerts.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/EmSignRootG2CA.java

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8350498 needs maintainer approval

Issue

• JDK-8350498: Remove two Camerfirma root CA certificates (Enhancement - P4 - Requested)

Reviewers

• Severin Gehwolf (@jerboaa - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/651/head:pull/651
$ git checkout pull/651

Update a local copy of the PR:
$ git checkout pull/651
$ git pull https://git.openjdk.org/jdk8u-dev.git pull/651/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 651

View PR using the GUI difftool:
$ git pr show -t 651

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/651.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back vieiro! A progress list of the required criteria for merging this PR into pr/650 will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 01: Full - Incremental (fcc29529)
• 00: Full (35aec741)

[jerboaa]

The roots => root change is fine. The test library change not. 8u has lib/security not /test/lib.

[vieiro]

Yep, uploaded the changes in the recent commit. Sorry by that.

[jerboaa]

This file is missing the bug line update that the JDK 11u patch has here:
openjdk/jdk11u-dev@8894d6a#diff-ecedb2ba9c75491cd95fc614c6580b565d2d61a10a253f6a2fcd0fd774b535c3R31

[vieiro]

Thanks for noticing! Uploaded in the recent commit.

[vieiro]

Uploaded missing changes and retested. Tests pass.

[vieiro]

/approval request Please approve this backport that removes two no-longer active CA certificates. Tests pass. Low risk.

[openjdk]

@vieiro
8350498: The approval request has been created successfully.

[jerboaa]

@vieiro Please move this PR to https://github.com/openjdk/jdk8u (close this one and open a new one there; sorry for the inconvenience) since jdk8u-dev is closed for now and we'd like this to go into the July release.

[openjdk-notifier]

The parent pull request that this pull request depends on has been closed without being integrated and the target branch of this pull request has been updated as the previous branch was deleted. This means that changes from the parent pull request will start to show up in this pull request. If closing the parent pull request was done in error, it will need to be re-opened and this pull request will need to manually be retargeted again.

[vieiro]

@jerboaa No worries. Closing this one in favor of openjdk/jdk8u#73 in 8u. Thanks!