--- old/src/share/classes/sun/security/validator/EndEntityChecker.java 2019-02-27 13:46:53.000000000 -0800 +++ new/src/share/classes/sun/security/validator/EndEntityChecker.java 2019-02-27 13:46:53.000000000 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -132,25 +132,26 @@ return new EndEntityChecker(type, variant); } - void check(X509Certificate cert, Object parameter, - boolean checkUnresolvedCritExts) throws CertificateException { + void check(X509Certificate[] chain, Object parameter, + boolean checkUnresolvedCritExts) + throws CertificateException { if (variant.equals(Validator.VAR_GENERIC)) { return; // no checks } - Set exts = getCriticalExtensions(cert); + Set exts = getCriticalExtensions(chain[0]); if (variant.equals(Validator.VAR_TLS_SERVER)) { - checkTLSServer(cert, (String)parameter, exts); + checkTLSServer(chain[0], (String)parameter, exts); } else if (variant.equals(Validator.VAR_TLS_CLIENT)) { - checkTLSClient(cert, exts); + checkTLSClient(chain[0], exts); } else if (variant.equals(Validator.VAR_CODE_SIGNING)) { - checkCodeSigning(cert, exts); + checkCodeSigning(chain[0], exts); } else if (variant.equals(Validator.VAR_JCE_SIGNING)) { - checkCodeSigning(cert, exts); + checkCodeSigning(chain[0], exts); } else if (variant.equals(Validator.VAR_PLUGIN_CODE_SIGNING)) { - checkCodeSigning(cert, exts); + checkCodeSigning(chain[0], exts); } else if (variant.equals(Validator.VAR_TSA_SERVER)) { - checkTSAServer(cert, exts); + checkTSAServer(chain[0], exts); } else { throw new CertificateException("Unknown variant: " + variant); } @@ -159,6 +160,12 @@ if (checkUnresolvedCritExts) { checkRemainingExtensions(exts); } + + // check if certificate should be distrusted according to policies + // set in the jdk.security.caDistrustPolicies security property + for (CADistrustPolicy policy : CADistrustPolicy.POLICIES) { + policy.checkDistrust(variant, chain); + } } /** --- old/src/share/classes/sun/security/validator/Validator.java 2019-02-27 13:46:54.000000000 -0800 +++ new/src/share/classes/sun/security/validator/Validator.java 2019-02-27 13:46:54.000000000 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -271,7 +271,7 @@ // redundant. boolean checkUnresolvedCritExts = (type == TYPE_PKIX) ? false : true; - endEntityChecker.check(chain[0], parameter, + endEntityChecker.check(chain, parameter, checkUnresolvedCritExts); } --- old/src/share/lib/security/java.security-aix 2019-02-27 13:46:55.000000000 -0800 +++ new/src/share/lib/security/java.security-aix 2019-02-27 13:46:55.000000000 -0800 @@ -975,3 +975,33 @@ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS --- old/src/share/lib/security/java.security-linux 2019-02-27 13:46:56.000000000 -0800 +++ new/src/share/lib/security/java.security-linux 2019-02-27 13:46:56.000000000 -0800 @@ -981,3 +981,33 @@ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS --- old/src/share/lib/security/java.security-macosx 2019-02-27 13:46:58.000000000 -0800 +++ new/src/share/lib/security/java.security-macosx 2019-02-27 13:46:57.000000000 -0800 @@ -979,3 +979,33 @@ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS --- old/src/share/lib/security/java.security-solaris 2019-02-27 13:46:59.000000000 -0800 +++ new/src/share/lib/security/java.security-solaris 2019-02-27 13:46:58.000000000 -0800 @@ -978,3 +978,33 @@ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS --- old/src/share/lib/security/java.security-windows 2019-02-27 13:47:00.000000000 -0800 +++ new/src/share/lib/security/java.security-windows 2019-02-27 13:47:00.000000000 -0800 @@ -979,3 +979,33 @@ # and javax.crypto.spec.SecretKeySpec and rejects all the others. jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* + +# +# Policies for distrusting Certificate Authorities (CAs). +# +# This is a comma separated value of one or more case-sensitive strings, each +# of which represents a policy for determining if a CA should be distrusted. +# The supported values are: +# +# +# SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec +# root CA and issued after April 16, 2019 unless issued by one of the +# following subordinate CAs which have a later distrust date: +# 1. Apple IST CA 2 - G1, SHA-256 fingerprint: +# AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B +# Distrust after December 31, 2019. +# 2. Apple IST CA 8 - G1, SHA-256 fingerprint: +# A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED +# Distrust after December 31, 2019. +# Leading and trailing whitespace surrounding each value are ignored. +# Unknown values are ignored. If the property is commented out or set to the +# empty String, no policies are enforced. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be supported by other SE implementations. Also, this +# property does not override other security properties which can restrict +# certificates such as jdk.tls.disabledAlgorithms or +# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even +# if this property is not enabled. +# +jdk.security.caDistrustPolicies=SYMANTEC_TLS --- /dev/null 2019-02-27 13:47:01.000000000 -0800 +++ new/src/share/classes/sun/security/validator/CADistrustPolicy.java 2019-02-27 13:47:01.000000000 -0800 @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package sun.security.validator; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.EnumSet; + +import sun.security.util.Debug; + +/** + * Policies for distrusting a certificate authority (CA). See the + * jdk.security.caDistrustPolicies security property for more information. + */ +enum CADistrustPolicy { + /** + * Distrust TLS Server certificates anchored by a Symantec root CA and + * issued after April 16, 2019 (with exceptions for a couple of subordinate + * CAs, see the jdk.security.caDistrustPolicies definition in the + * java.security file for more details). If enabled, this policy is + * currently enforced by the PKIX and SunX509 TrustManager implementations + * of the SunJSSE provider implementation. + */ + SYMANTEC_TLS { + void checkDistrust(String variant, X509Certificate[] chain) + throws ValidatorException { + if (!variant.equals(Validator.VAR_TLS_SERVER)) { + return; + } + SymantecTLSPolicy.checkDistrust(chain); + } + }; + + /** + * Checks if the end-entity certificate is distrusted. + * + * @param variant the type of certificate being checked + * @param chain the end-entity's certificate chain. The end entity cert + * is at index 0, the trust anchor at index n-1. + * @throws ValidatorException if the end-entity certificate is distrusted + */ + abstract void checkDistrust(String variant, + X509Certificate[] chain) + throws ValidatorException; + + // The policies set in the jdk.security.caDistrustPolicies property. + static final EnumSet POLICIES = parseProperty(); + private static EnumSet parseProperty() { + String property = AccessController.doPrivileged( + new PrivilegedAction() { + @Override + public String run() { + return Security.getProperty( + "jdk.security.caDistrustPolicies"); + } + }); + EnumSet set = EnumSet.noneOf(CADistrustPolicy.class); + // if property is null or empty, the restrictions are not enforced + if (property == null || property.isEmpty()) { + return set; + } + String[] policies = property.split(","); + for (String policy : policies) { + policy = policy.trim(); + try { + CADistrustPolicy caPolicy = + Enum.valueOf(CADistrustPolicy.class, policy); + set.add(caPolicy); + } catch (IllegalArgumentException iae) { + // ignore unknown values but log it + Debug debug = Debug.getInstance("certpath"); + if (debug != null) { + debug.println("Unknown value for the " + + "jdk.security.caDistrustPolicies property: " + + policy); + } + } + } + return set; + } +} --- /dev/null 2019-02-27 13:47:02.000000000 -0800 +++ new/src/share/classes/sun/security/validator/SymantecTLSPolicy.java 2019-02-27 13:47:02.000000000 -0800 @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package sun.security.validator; + +import java.security.cert.X509Certificate; +import java.time.LocalDate; +import java.time.Month; +import java.time.ZoneOffset; +import java.util.Arrays; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import sun.security.x509.X509CertImpl; + +/** + * This class checks if Symantec issued TLS Server certificates should be + * restricted. + */ +final class SymantecTLSPolicy { + private static final LocalDate DECEMBER_31_2019 = + LocalDate.of(2019, Month.DECEMBER, 31); + // SHA-256 certificate fingerprints of subCAs with later distrust dates + private static final Map EXEMPT_SUBCAS = new HashMap(); + static { + // Subject DN: C=US, O=Apple Inc., OU=Certification Authority, + // CN=Apple IST CA 2 - G1 + // Issuer DN: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US + EXEMPT_SUBCAS.put("AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B", + DECEMBER_31_2019); + + + // Subject DN: C=US, O=Apple Inc., OU=Certification Authority, + // CN=Apple IST CA 8 - G1 + // Issuer DN: CN=GeoTrust Primary Certification Authority - G2, + // OU=(c) 2007 GeoTrust Inc. - For authorized use only, + // O=GeoTrust Inc., C=US + EXEMPT_SUBCAS.put("A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED", + DECEMBER_31_2019); + } + + // SHA-256 certificate fingerprints of distrusted roots + private static final Set FINGERPRINTS = new HashSet<>(Arrays.asList( + // cacerts alias: geotrustglobalca + // DN: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US + "FF856A2D251DCD88D36656F450126798CFABAADE40799C722DE4D2B5DB36A73A", + // cacerts alias: geotrustprimaryca + // DN: CN=GeoTrust Primary Certification Authority, + // O=GeoTrust Inc., C=US + "37D51006C512EAAB626421F1EC8C92013FC5F82AE98EE533EB4619B8DEB4D06C", + // cacerts alias: geotrustprimarycag2 + // DN: CN=GeoTrust Primary Certification Authority - G2, + // OU=(c) 2007 GeoTrust Inc. - For authorized use only, + // O=GeoTrust Inc., C=US + "5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766", + // cacerts alias: geotrustprimarycag3 + // DN: CN=GeoTrust Primary Certification Authority - G3, + // OU=(c) 2008 GeoTrust Inc. - For authorized use only, + // O=GeoTrust Inc., C=US + "B478B812250DF878635C2AA7EC7D155EAA625EE82916E2CD294361886CD1FBD4", + // cacerts alias: geotrustuniversalca + // DN: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US + "A0459B9F63B22559F5FA5D4C6DB3F9F72FF19342033578F073BF1D1B46CBB912", + // cacerts alias: thawteprimaryrootca + // DN: CN=thawte Primary Root CA, + // OU="(c) 2006 thawte, Inc. - For authorized use only", + // OU=Certification Services Division, O="thawte, Inc.", C=US + "8D722F81A9C113C0791DF136A2966DB26C950A971DB46B4199F4EA54B78BFB9F", + // cacerts alias: thawteprimaryrootcag2 + // DN: CN=thawte Primary Root CA - G2, + // OU="(c) 2007 thawte, Inc. - For authorized use only", + // O="thawte, Inc.", C=US + "A4310D50AF18A6447190372A86AFAF8B951FFB431D837F1E5688B45971ED1557", + // cacerts alias: thawteprimaryrootcag3 + // DN: CN=thawte Primary Root CA - G3, + // OU="(c) 2008 thawte, Inc. - For authorized use only", + // OU=Certification Services Division, O="thawte, Inc.", C=US + "4B03F45807AD70F21BFC2CAE71C9FDE4604C064CF5FFB686BAE5DBAAD7FDD34C", + // cacerts alias: thawtepremiumserverca + // DN: EMAILADDRESS=premium-server@thawte.com, + // CN=Thawte Premium Server CA, OU=Certification Services Division, + // O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA + "3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9", + // cacerts alias: verisignclass2g2ca + // DN: OU=VeriSign Trust Network, + // OU="(c) 1998 VeriSign, Inc. - For authorized use only", + // OU=Class 2 Public Primary Certification Authority - G2, + // O="VeriSign, Inc.", C=US + "3A43E220FE7F3EA9653D1E21742EAC2B75C20FD8980305BC502CAF8C2D9B41A1", + // cacerts alias: verisignclass3ca + // DN: OU=Class 3 Public Primary Certification Authority, + // O="VeriSign, Inc.", C=US + "A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305", + // cacerts alias: verisignclass3g2ca + // DN: OU=VeriSign Trust Network, + // OU="(c) 1998 VeriSign, Inc. - For authorized use only", + // OU=Class 3 Public Primary Certification Authority - G2, + // O="VeriSign, Inc.", C=US + "83CE3C1229688A593D485F81973C0F9195431EDA37CC5E36430E79C7A888638B", + // cacerts alias: verisignclass3g3ca + // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G3, + // OU="(c) 1999 VeriSign, Inc. - For authorized use only", + // OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US + "EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244", + // cacerts alias: verisignclass3g4ca + // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G4, + // OU="(c) 2007 VeriSign, Inc. - For authorized use only", + // OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US + "69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79", + // cacerts alias: verisignclass3g5ca + // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G5, + // OU="(c) 2006 VeriSign, Inc. - For authorized use only", + // OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US + "9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF", + // cacerts alias: verisignuniversalrootca + // DN: CN=VeriSign Universal Root Certification Authority, + // OU="(c) 2008 VeriSign, Inc. - For authorized use only", + // OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US + "2399561127A57125DE8CEFEA610DDF2FA078B5C8067F4E828290BFB860E84B3C" + )); + + // Any TLS Server certificate that is anchored by one of the Symantec + // roots above and is issued after this date will be distrusted. + private static final LocalDate APRIL_16_2019 = + LocalDate.of(2019, Month.APRIL, 16); + + /** + * This method assumes the eeCert is a TLS Server Cert and chains back to + * the anchor. + * + * @param chain the end-entity's certificate chain. The end entity cert + * is at index 0, the trust anchor at index n-1. + * @throws ValidatorException if the certificate is distrusted + */ + static void checkDistrust(X509Certificate[] chain) + throws ValidatorException { + X509Certificate anchor = chain[chain.length-1]; + if (FINGERPRINTS.contains(fingerprint(anchor))) { + Date notBefore = chain[0].getNotBefore(); + LocalDate ldNotBefore = notBefore.toInstant().atZone(ZoneOffset.UTC).toLocalDate(); + + // check if chain goes through one of the subCAs + if (chain.length > 2) { + X509Certificate subCA = chain[chain.length - 2]; + LocalDate distrustDate = EXEMPT_SUBCAS.get(fingerprint(subCA)); + if (distrustDate != null) { + // reject if certificate is issued after specified date + checkNotBefore(ldNotBefore, distrustDate, anchor); + return; // success + } + } + // reject if certificate is issued after April 16, 2019 + checkNotBefore(ldNotBefore, APRIL_16_2019, anchor); + } + } + + private static String fingerprint(X509Certificate cert) { + return (cert instanceof X509CertImpl) + ? ((X509CertImpl)cert).getFingerprint("SHA-256") + : X509CertImpl.getFingerprint("SHA-256", cert); + } + + private static void checkNotBefore(LocalDate notBeforeDate, + LocalDate distrustDate, X509Certificate anchor) + throws ValidatorException { + if (notBeforeDate.isAfter(distrustDate)) { + throw new ValidatorException + ("TLS Server certificate issued after " + distrustDate + + " and anchored by a distrusted legacy Symantec root CA: " + + anchor.getSubjectX500Principal(), + ValidatorException.T_UNTRUSTED_CERT, anchor); + } + } + private SymantecTLSPolicy() {} +} --- /dev/null 2019-02-27 13:47:03.000000000 -0800 +++ new/test/lib/security/SecurityUtils.java 2019-02-27 13:47:02.000000000 -0800 @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.File; +import java.io.FileInputStream; +import java.security.KeyStore; + +/** + * Common library for various security test helper functions. + */ +public final class SecurityUtils { + + private static String getCacerts() { + String sep = File.separator; + return System.getProperty("java.home") + sep + + "lib" + sep + "security" + sep + "cacerts"; + } + + /** + * Returns the cacerts keystore with the configured CA certificates. + */ + public static KeyStore getCacertsKeyStore() throws Exception { + File file = new File(getCacerts()); + if (!file.exists()) { + return null; + } + + KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); + try (FileInputStream fis = new FileInputStream(file)) { + ks.load(fis, null); + } + return ks; + } + + private SecurityUtils() {} +} --- /dev/null 2019-02-27 13:47:04.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/Distrust.java 2019-02-27 13:47:03.000000000 -0800 @@ -0,0 +1,273 @@ +/* + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.*; +import java.math.BigInteger; +import java.security.*; +import java.security.cert.*; +import java.time.*; +import java.util.*; +import javax.net.ssl.*; +import sun.security.validator.Validator; +import sun.security.validator.ValidatorException; + + +/** + * @test + * @bug 8207258 8216280 + * @summary Check that TLS Server certificates chaining back to distrusted + * Symantec roots are invalid + * @library /lib/security + * @run main/othervm Distrust after policyOn invalid + * @run main/othervm Distrust after policyOff valid + * @run main/othervm Distrust before policyOn valid + * @run main/othervm Distrust before policyOff valid + */ + +public class Distrust { + + private static final String TEST_SRC = System.getProperty("test.src", "."); + private static CertificateFactory cf; + + // Each of the roots have a test certificate chain stored in a file + // named "-chain.pem". + private static String[] rootsToTest = new String[] { + "geotrustglobalca", "geotrustprimarycag2", "geotrustprimarycag3", + "geotrustuniversalca", "thawteprimaryrootca", "thawteprimaryrootcag2", + "thawteprimaryrootcag3", "verisignclass3g3ca", "verisignclass3g4ca", + "verisignclass3g5ca", "verisignuniversalrootca" }; + + // Each of the subCAs with a delayed distrust date have a test certificate + // chain stored in a file named "-chain.pem". + private static String[] subCAsToTest = new String[] { + "appleistca2g1", "appleistca8g1" }; + + + // A date that is after the restrictions take affect + private static final Date APRIL_17_2019 = + Date.from(LocalDate.of(2019, 4, 17) + .atStartOfDay(ZoneOffset.UTC) + .toInstant()); + + // A date that is a second before the restrictions take affect + private static final Date BEFORE_APRIL_17_2019 = + Date.from(LocalDate.of(2019, 4, 17) + .atStartOfDay(ZoneOffset.UTC) + .minusSeconds(1) + .toInstant()); + + // A date that is after the subCA restrictions take affect + private static final Date JANUARY_1_2020 = + Date.from(LocalDate.of(2020, 1, 1) + .atStartOfDay(ZoneOffset.UTC) + .toInstant()); + + // A date that is a second before the subCA restrictions take affect + private static final Date BEFORE_JANUARY_1_2020 = + Date.from(LocalDate.of(2020, 1, 1) + .atStartOfDay(ZoneOffset.UTC) + .minusSeconds(1) + .toInstant()); + + public static void main(String[] args) throws Exception { + + cf = CertificateFactory.getInstance("X.509"); + boolean distrust = args[0].equals("true"); + + boolean before = args[0].equals("before"); + boolean policyOn = args[1].equals("policyOn"); + boolean isValid = args[2].equals("valid"); + + if (!policyOn) { + // disable policy (default is on) + Security.setProperty("jdk.security.caDistrustPolicies", ""); + } + + Date notBefore = before ? BEFORE_APRIL_17_2019 : APRIL_17_2019; + + X509TrustManager pkixTM = getTMF("PKIX", null); + X509TrustManager sunX509TM = getTMF("SunX509", null); + for (String test : rootsToTest) { + System.err.println("Testing " + test); + X509Certificate[] chain = loadCertificateChain(test); + + testTM(sunX509TM, chain, notBefore, isValid); + testTM(pkixTM, chain, notBefore, isValid); + + } + + // test chain if params are passed to TrustManager + System.err.println("Testing verisignuniversalrootca with params"); + testTM(getTMF("PKIX", getParams()), + loadCertificateChain("verisignuniversalrootca"), + notBefore, isValid); + + // test code-signing chain (should be valid as restrictions don't apply) + System.err.println("Testing verisignclass3g5ca code-signing chain"); + Validator v = Validator.getInstance(Validator.TYPE_PKIX, + Validator.VAR_CODE_SIGNING, + getParams()); + // set validation date so this will still pass when cert expires + v.setValidationDate(new Date(1544197375493l)); + v.validate(loadCertificateChain("verisignclass3g5ca-codesigning")); + + // test chains issued through subCAs + notBefore = before ? BEFORE_JANUARY_1_2020 : JANUARY_1_2020; + for (String test : subCAsToTest) { + System.err.println("Testing " + test); + X509Certificate[] chain = loadCertificateChain(test); + + testTM(sunX509TM, chain, notBefore, isValid); + testTM(pkixTM, chain, notBefore, isValid); + } + } + + private static X509TrustManager getTMF(String type, + PKIXBuilderParameters params) throws Exception { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(type); + if (params == null) { + tmf.init((KeyStore)null); + } else { + tmf.init(new CertPathTrustManagerParameters(params)); + } + TrustManager[] tms = tmf.getTrustManagers(); + for (TrustManager tm : tms) { + X509TrustManager xtm = (X509TrustManager)tm; + return xtm; + } + throw new Exception("No TrustManager for " + type); + } + + private static PKIXBuilderParameters getParams() throws Exception { + PKIXBuilderParameters pbp = + new PKIXBuilderParameters(SecurityUtils.getCacertsKeyStore(), + new X509CertSelector()); + pbp.setRevocationEnabled(false); + return pbp; + } + + private static void testTM(X509TrustManager xtm, X509Certificate[] chain, + Date notBefore, boolean valid) throws Exception { + // Check if TLS Server certificate (the first element of the chain) + // is issued after the specified notBefore date (should be rejected + // unless distrust property is false). To do this, we need to + // fake the notBefore date since none of the test certs are issued + // after then. + chain[0] = new DistrustedTLSServerCert(chain[0], notBefore); + + try { + xtm.checkServerTrusted(chain, "ECDHE_RSA"); + if (!valid) { + throw new Exception("chain should be invalid"); + } + } catch (CertificateException ce) { + if (valid) { + throw new Exception("Unexpected exception, chain " + + "should be valid", ce); + } + if (ce instanceof ValidatorException) { + ValidatorException ve = (ValidatorException)ce; + if (ve.getErrorType() != ValidatorException.T_UNTRUSTED_CERT) { + throw new Exception("Unexpected exception: " + ce); + } + } else { + throw new Exception("Unexpected exception: " + ce); + } + } + } + + private static X509Certificate[] loadCertificateChain(String name) + throws Exception { + try (InputStream in = new FileInputStream(TEST_SRC + File.separator + + name + "-chain.pem")) { + Collection certs = + (Collection)cf.generateCertificates(in); + return certs.toArray(new X509Certificate[0]); + } + } + + private static class DistrustedTLSServerCert extends X509Certificate { + private final X509Certificate cert; + private final Date notBefore; + DistrustedTLSServerCert(X509Certificate cert, Date notBefore) { + this.cert = cert; + this.notBefore = notBefore; + } + public Set getCriticalExtensionOIDs() { + return cert.getCriticalExtensionOIDs(); + } + public byte[] getExtensionValue(String oid) { + return cert.getExtensionValue(oid); + } + public Set getNonCriticalExtensionOIDs() { + return cert.getNonCriticalExtensionOIDs(); + } + public boolean hasUnsupportedCriticalExtension() { + return cert.hasUnsupportedCriticalExtension(); + } + public void checkValidity() throws CertificateExpiredException, + CertificateNotYetValidException { + // always pass + } + public void checkValidity(Date date) throws CertificateExpiredException, + CertificateNotYetValidException { + // always pass + } + public int getVersion() { return cert.getVersion(); } + public BigInteger getSerialNumber() { return cert.getSerialNumber(); } + public Principal getIssuerDN() { return cert.getIssuerDN(); } + public Principal getSubjectDN() { return cert.getSubjectDN(); } + public Date getNotBefore() { return notBefore; } + public Date getNotAfter() { return cert.getNotAfter(); } + public byte[] getTBSCertificate() throws CertificateEncodingException { + return cert.getTBSCertificate(); + } + public byte[] getSignature() { return cert.getSignature(); } + public String getSigAlgName() { return cert.getSigAlgName(); } + public String getSigAlgOID() { return cert.getSigAlgOID(); } + public byte[] getSigAlgParams() { return cert.getSigAlgParams(); } + public boolean[] getIssuerUniqueID() { + return cert.getIssuerUniqueID(); + } + public boolean[] getSubjectUniqueID() { + return cert.getSubjectUniqueID(); + } + public boolean[] getKeyUsage() { return cert.getKeyUsage(); } + public int getBasicConstraints() { return cert.getBasicConstraints(); } + public byte[] getEncoded() throws CertificateEncodingException { + return cert.getEncoded(); + } + public void verify(PublicKey key) throws CertificateException, + InvalidKeyException, NoSuchAlgorithmException, + NoSuchProviderException, SignatureException { + cert.verify(key); + } + public void verify(PublicKey key, String sigProvider) throws + CertificateException, InvalidKeyException, NoSuchAlgorithmException, + NoSuchProviderException, SignatureException { + cert.verify(key, sigProvider); + } + public PublicKey getPublicKey() { return cert.getPublicKey(); } + public String toString() { return cert.toString(); } + } +} --- /dev/null 2019-02-27 13:47:05.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/appleistca2g1-chain.pem 2019-02-27 13:47:04.000000000 -0800 @@ -0,0 +1,80 @@ +-----BEGIN CERTIFICATE----- +MIIGGzCCBQOgAwIBAgIITJltLCqcD0gwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UE +AxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5 +MDEwODIxMTcxNFoXDTIwMDgwODIxMjcwMFowgaoxSjBIBgNVBAMMQWFjdGl2ZS5n +ZW90cnVzdC1nbG9iYWwtY2EudGVzdC1wYWdlcy5jZXJ0aWZpY2F0ZW1hbmFnZXIu +YXBwbGUuY29tMSUwIwYDVQQLDBxtYW5hZ2VtZW50OmlkbXMuZ3JvdXAuODY0ODU5 +MRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYD +VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCjFUrVHTEX +0aVU6x9LiGa6oVr9blaCsMFrLicPQguc43Vs/pN+g4jzRXsTSMe9XefezBQb6tzZ +SMRXVB4kWMr4K1BVgQDkXeyoh4KrXRkdEF9ZIJPNxwTmmYUOc5M6NOYwkLelYz+t +7n1iNIGylbjwU4qwauElk2alFVqYTEPDLzwvqVDb9jMAJ8MPSDjfUlXW0XD9oXZM +hC+8LU9JBgJ3YBdzRHa4WnrudUbWjspqaNfAYpVIX0cfCJKnMsKqaSKjS4pIRtWm +L6NlCTCoIMyOh+wmbWPPX24H2D3+ump5FA35fRYbVznmosl5n1AK34S9tD4XZ7lO +WZKfaFi1liMCAwEAAaOCAoowggKGMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU +2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAC +hihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsG +AQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2Ey +ZzEwMTBMBgNVHREERTBDgkFhY3RpdmUuZ2VvdHJ1c3QtZ2xvYmFsLWNhLnRlc3Qt +cGFnZXMuY2VydGlmaWNhdGVtYW5hZ2VyLmFwcGxlLmNvbTCB/wYDVR0gBIH3MIH0 +MIHxBgoqhkiG92NkBQsEMIHiMIGkBggrBgEFBQcCAjCBlwyBlFJlbGlhbmNlIG9u +IHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5j +ZSBvZiBhbnkgYXBwbGljYWJsZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2Ug +YW5kL29yIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wOQYIKwYB +BQUHAgEWLWh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5 +L3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAs +oCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYD +VR0OBBYEFP0qkmFJhArI0MsfW0V+/wY9x4GSMA4GA1UdDwEB/wQEAwIFoDANBgkq +hkiG9w0BAQsFAAOCAQEATjT8M0bIq+mFc8k5cd4KDjCMBjYl/l3/8zKlWYGP+nl1 +KRogXcGRa3LcfpdJcqgMrx8e9Xohduvl8MBzwv671rYkppzZdsmZdLVorAdbL5GL +suhTjAS5yL3NBWNMRpeOgFsVr7YtPDEvo3CFsnzjg7THe0S6Y35oYukJtUzGUvSY +kC3ApBTdjj0vAeow+dbt+AHKnQiEnon4ToSFmtnkru08Uxe7uyHCQ2sLUg0EPYc9 +t9I8lviaHfK/mQoCzlme2O/H5Rher8dXCv8hVT1NKbsi28EpgpqcTLS+hn/Edc/q +4dPDoO1Ozs+ixRzFeMpA+JrnAyARb6qbSrAPBgtIbQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQDCCAyigAwIBAgIDAjp0MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMTQwNjE2MTU0MjAyWhcNMjIwNTIwMTU0MjAyWjBiMRwwGgYDVQQD +ExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQk6EdR0MgFrILa+vD1bTox5jN896/ +6E3p4zaAB/xFG2p8RYauVtOkCX9hDWtdflJrfbTIOcT0Zzr3g84Zb4YvfkV+Rxxn +UsqVBV3iNlGFwNRngDVvFd0+/R3S/Y80UNjsdiq+49Pa5P3I6ygClhGXF2Ec6cRZ +O0LcMtEJHdqm0UOG/16yvIzPZtsBiwKulEjzOI/96jKoCOyGl1GUJD5JSZZT6Hmh +QIHpBbuTlVH84/18EUv3ngizFUkVB/nRN6CbSzL2tcTcatH8Cu324MUpoKiLcf4N +krz+VHAYCm3H7Qz7yS0Gw4yF/MuGXNY2jhKLCX/7GRo41fCUMHoPpozzAgMBAAGj +ggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4E +FgQU2HqURHyQcJAWnt0XnAFEA4bWKikwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV +HQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29t +L2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYS +aHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEG +CCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3Bz +MA0GCSqGSIb3DQEBCwUAA4IBAQAWR3NvhaJi4ecqdruJlUIml7xKrKxwUzo/MYM9 +PByrmuKxXRx2GqA8DHJXvtOeUODImdZY1wLqzg0pVHzN9cLGkClVo28UqAtCDTqY +bQZ4nvBqox0CCqIopI3CgUY+bWfa3j/+hQ5CKhLetbf7uBunlux3n+zUU5V6/wf0 +8goUwFFSsdaOUAsamVy8C8m97e34XsFW201+I6QRoSzUGwWa5BtS9nw4mQVLunKN +QolgBGYq9P1o12v3mUEo1mwkq+YlUy7Igpnioo8jvjCDsSeL+mh/AUnoxphrEC6Y +XorXykuxx8lYmtA225aV7LaB5PLNbxt5h0wQPInkTfpU3Kqm +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:05.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/appleistca8g1-chain.pem 2019-02-27 13:47:05.000000000 -0800 @@ -0,0 +1,64 @@ +-----BEGIN CERTIFICATE----- +MIIElDCCBDqgAwIBAgIIWax3IY1ByGIwCgYIKoZIzj0EAwIwYjEcMBoGA1UEAwwT +QXBwbGUgSVNUIENBIDggLSBHMTEgMB4GA1UECwwXQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MDEw +ODIxMTAyNFoXDTIwMDgwODIxMjAwMFowga0xTTBLBgNVBAMMRGFjdGl2ZS5nZW90 +cnVzdC1nbG9iYWwtY2EtZzIudGVzdC1wYWdlcy5jZXJ0aWZpY2F0ZW1hbmFnZXIu +YXBwbGUuY29tMSUwIwYDVQQLDBxtYW5hZ2VtZW50OmlkbXMuZ3JvdXAuODY0ODU5 +MRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYD +VQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN4oxNLGzmOIfgFRxDaU +SaOYTQVZCc7a7MXlK1L4/KgN22stgSkrg47aOWviMuzb9Q9hDA/Tn19o9Zr8G5ON +pYijggKMMIICiDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMPEpFgFY9eDBrqW +jdyyjzL2u7dBMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2Nl +cnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhOGcxLmRlcjA4BggrBgEFBQcwAYYsaHR0 +cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhOGcxMDEwTwYDVR0R +BEgwRoJEYWN0aXZlLmdlb3RydXN0LWdsb2JhbC1jYS1nMi50ZXN0LXBhZ2VzLmNl +cnRpZmljYXRlbWFuYWdlci5hcHBsZS5jb20wgf4GA1UdIASB9jCB8zCB8AYKKoZI +hvdjZAULBDCB4TCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNl +cnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55 +IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBj +ZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDgGCCsGAQUFBwICMCwM +Kmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzAdBgNV +HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0 +cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYThnMS5jcmwwHQYDVR0OBBYEFCQy +hU8U00tcIz6L0MCT6EGVho0EMA4GA1UdDwEB/wQEAwIDiDAKBggqhkjOPQQDAgNI +ADBFAiAl5nGHi2u8V0aJSp4o1i3TlK7ao8WvxwBuHKfuKibSLAIhAN8PZqhESS9u +V7Dr6qzs88yn/1z6oeqPwDsntFpUFtWG +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAtugAwIBAgIQE1Iuv8HdXOEe8nZAdR/n3zAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTE2MDYwOTAwMDAwMFoXDTMxMDYwODIzNTk1OVowYjEcMBoGA1UE +AwwTQXBwbGUgSVNUIENBIDggLSBHMTEgMB4GA1UECwwXQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAELVSOaLAQE+/0LdvYCbJD6J1lmW40uNSXyY7J +1qgiNzLIcWDusPHyxWT2ukdf/OYHeDIt9sqAIMn9cPhykyGIRaOCATowggE2MBIG +A1UdEwEB/wQIMAYBAf8CAQAwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cuc3lt +Y2IuY29tL0dlb1RydXN0UENBLUcyLmNybDAOBgNVHQ8BAf8EBAMCAQYwLgYIKwYB +BQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wSQYDVR0g +BEIwQDA+BgZngQwBAgIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2VvdHJ1 +c3QuY29tL3Jlc291cmNlcy9jcHMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF +BwMCMB0GA1UdDgQWBBTDxKRYBWPXgwa6lo3cso8y9ru3QTAfBgNVHSMEGDAWgBQV +XzVXUVX7JbKtA2n8AaP6vhFV1TAKBggqhkjOPQQDAwNnADBkAjBH2jMNybjCk3Ts +OidXxJX9YDPMd5S3KDCv8vyTdJGhtoly7fQJRNv5rnVz+6YGfsMCMEp6wyheL7NK +mqavsduix2R+j1B3wRjelzJYgXzgM3nwhQKKlJWxpF7IGHuva1taxg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:06.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustglobalca-chain.pem 2019-02-27 13:47:06.000000000 -0800 @@ -0,0 +1,66 @@ +-----BEGIN CERTIFICATE----- +MIIHBjCCBe6gAwIBAgIQanINWwJAuap0V7lFjnfUwTANBgkqhkiG9w0BAQsFADBE +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU +R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTcwNTAzMDAwMDAwWhcNMjAwNTAyMjM1 +OTU5WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxFzAVBgNVBAoMDkdlb1RydXN0LCBJbmMuMRgwFgYD +VQQLDA9Sb290IDEwIC0gVkFMSUQxIjAgBgNVBAMMGXZhbGlkLXJvb3QxMC5nZW90 +cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTegUYhAh0 +P7aF6jzk8dit4Vzddo3hM+J7Eak/+N1sqVUS2HpNd7VO50FrbEWKIRusv7QNtlpY +1Cgrla8M4RAhCB0wkkHXZ1Evz6E1AEFQqNSjyuRQxeEXl+xCL+MF+yAMhDRnHh+E +eSJ3ie0T66saOyaLM9fPpr3xomAQ/IRlP1atJ/Z8XbPo25HuxwzxiWFW+RjwVIfI +gxHz4Okwc1uImDUIDlEu9Uaqqb4jHhxU1EkKMmgEncpqwCROcZMujUkogfB49Z7+ +K17r6ARIrUuxqfNPrPwe+O88WgIeDSWffPM67UlvtomZOwuTNdv9OoCX1wUCLS7m +/gZ3rqqqeJvfAgMBAAGjggOkMIIDoDAkBgNVHREEHTAbghl2YWxpZC1yb290MTAu +Z2VvdHJ1c3QuY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCsGA1UdHwQk +MCIwIKAeoByGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3JsMIGdBgNVHSAEgZUw +gZIwgY8GBmeBDAECAjCBhDA/BggrBgEFBQcCARYzaHR0cHM6Ly93d3cuZ2VvdHJ1 +c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMEEGCCsGAQUFBwICMDUM +M2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9s +ZWdhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU +0m/3lvSFP3I8MH0j2oV4m6N8WnwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB +hhNodHRwOi8vZ24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ24uc3lt +Y2IuY29tL2duLmNydDCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA3esdK3oN +T6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFbz9h5vQAABAMARjBEAiAx/C0U +5NdHxK4v2oHnstYksb1Vny8PcQkSvgpx9PsZEwIgNTOU70Zc5szG23xdbvtoH5lN +SAoVswiF5gFQS5MGu1sAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3c +EAAAAVvP2HnZAAAEAwBHMEUCIFGjB8r2H0VDwTUE/aY/Mv+M97sqAvEP1doOcHpg +0qyfAiEArw/S2F7OEcmKGUY1WRBuApfAx5d7hzrTSV/jZv95qJwAdgDuS723dc5g +uuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVvP2HoDAAAEAwBHMEUCIQCH6MFZ +tZF3Cqukt3/69fkU0Y5ePXXx8+xkOXRsIG3EGgIgSmCBWrnmPiiGA3x5QP8I8m4r +Uee0y7s4NQNwjMgHrjwAdgC8eOHfxfY8aEZJM02hD6FfCXlpIAnAgbTz9pF/Ptm4 +pQAAAVvP2HqcAAAEAwBHMEUCIA8e2kAVYYuQCtn4PqK98BuHnLm9rC40DboFLCle +SmQsAiEApbCJR05hr9VkNWmjaaUUGGZdVyUu9XX504LHVWyXZDUwDQYJKoZIhvcN +AQELBQADggEBAEtfBfZ2y5uTohvW3h00Kcuop6Nq7Y59GU3MeizPKtx48DB8qHyd +y5bLFwXzsGA1WkwpKzPbROsTGcAAXJHh03bj24AemUr/J/eQcjkfSoNBdHDpiSsk +VZkQK2fGJDiYJ/r9mxKZcgd2pyN3l2OtVtNMv2dnFGF35UkkeqO3jqImwbypAmRX +HdQV9dvW2YDRjzkebNNey6UwY9+YTSzr4da2hcaMHrj588Eqa4DDgNcY9QnE2RzN +giArA+4RlM4AZ3jC2A756I67hrlvH+lhumHLp06hGfMiQJF1aaauFVSa36HKc3C/ +ty+sLdJbemEJLAr8uNXggFD+U8TKw1S4LSw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg +U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K +hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ +U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B +89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx +j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB +I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv +vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk +DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T +AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl +aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB +AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw +QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1 +c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5 +bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq +n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9 +Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg +3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45 +SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N +QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp +zNSS +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:07.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustprimarycag2-chain.pem 2019-02-27 13:47:07.000000000 -0800 @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIIFcDCCBRegAwIBAgIQHw+Lyn4UTWqRF8/JM7DH+zAKBggqhkjOPQQDAjBHMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xHzAdBgNVBAMTFkdl +b1RydXN0IEVDQyBFViBTU0wgQ0EwHhcNMTcwNTExMDAwMDAwWhcNMTkwNTAzMjM1 +OTU5WjCB8jETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECDAhE +ZWxhd2FyZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9u +MRAwDgYDVQQFEwczNDc5NzUwMRcwFQYDVQQKDA5HZW9UcnVzdCwgSW5jLjEYMBYG +A1UECwwPUm9vdCAxMiAtIFZBTElEMSIwIAYDVQQDDBl2YWxpZC1yb290MTIuZ2Vv +dHJ1c3QuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbvbmcvKl4MkBRBNY +7EOQ7ugwPIPPCp73W++hAcbFPqiDmupl/fqfrbjL06FImeWzDY7cQOhLbv0Ha8Yq +UrL8HKOCAzcwggMzMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDCBqQYDVR0gBIGhMIGeMIGSBgkrBgEEAfAi +AQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNv +dXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3 +dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwBwYFZ4EM +AQEwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2ZlLnN5bWNiLmNvbS9mZS5jcmww +VwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZmUuc3ltY2QuY29t +MCYGCCsGAQUFBzAChhpodHRwOi8vZmUuc3ltY2IuY29tL2ZlLmNydDAkBgNVHREE +HTAbghl2YWxpZC1yb290MTIuZ2VvdHJ1c3QuY29tMB8GA1UdIwQYMBaAFABLH5GB +DgtDzgRzu5abgh1mY608MIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDd6x0r +eg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVv4eJwGAAAEAwBGMEQCIBSx +ZdTP+tDh1rstAJ7vyIPNH7HBE6mCRj9W41ccUwbGAiA7p0ljgNoO/ldknmgTiZdI +FlgEy1KgPQiHYvNS+9MHYwB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7I +DdwQAAABW/h4nDMAAAQDAEYwRAIgWf4vMQ9lrM5xKD+iEVXkC7g5CB3fmuxP7fNp +7qX7PB8CIDNe8HT3262gw3D13MGQccxfUhf7dZ9aCRgk7UEDimsJAHYA7ku9t3XO +YLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFb+Hid8wAABAMARzBFAiAxSFtr +/dpMd53ZSC4N9FomEZhoNnARnYe7cWnTAdKVHAIhALEz0JaOqgYTf0k9yYPuNW4E +Bo26yneH6KtdkMV7/gRoMAoGCCqGSM49BAMCA0cAMEQCIBPb1wYt8d6EdjLXiAZp +UfKGFdQF/oexd5GCB1TU0juDAiBWPRPVggfYfc4gLOkYSqIPvPRmEmEhyY8fqsM6 +3YJgDg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDyDCCA06gAwIBAgIQDww3Kf30lVv4ZevF7vQy/DAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTE2MDEwNzAwMDAwMFoXDTI2MDEwNjIzNTk1OVowRzELMAkGA1UE +BhMCVVMxFzAVBgNVBAoTDkdlb1RydXN0LCBJbmMuMR8wHQYDVQQDExZHZW9UcnVz +dCBFQ0MgRVYgU1NMIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF136Fo2A +bY7q0YbhVBTL4HNFaJyTdoU3y+o8YdhxQuw1SrpQT9EwLTyx8Xzf/LNPeoalIKNu +U/3LQgNct6Fk9aOCAcgwggHEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJo +dHRwOi8vZy5zeW1jZC5jb20wEgYDVR0TAQH/BAgwBgEB/wIBADCBqQYDVR0gBIGh +MIGeMAcGBWeBDAEBMIGSBgkrBgEEAfAiAQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBz +Oi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBB +BggrBgEFBQcCAjA1GjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2Vz +L3JlcG9zaXRvcnkvbGVnYWwwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cuc3lt +Y2IuY29tL0dlb1RydXN0UENBLUcyLmNybDArBgNVHREEJDAipCAwHjEcMBoGA1UE +AxMTU1lNQy1FQ0MtQ0EtcDI1Ni0zMjAdBgNVHQ4EFgQUAEsfkYEOC0POBHO7lpuC +HWZjrTwwHwYDVR0jBBgwFoAUFV81V1FV+yWyrQNp/AGj+r4RVdUwCgYIKoZIzj0E +AwMDaAAwZQIweZGj+Ar54cOBtC1I6rkfdNOtxSg77WBAvvsEv1+knWbbu8Acroz1 +Q9xqHnHLXpgRAjEAxNA5KzWxutl/kVj/7bUCYtvSWLfmb2ZTTsvof7VjjWlRnPje +wLtx+yN5EV7LPWDi +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:08.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustprimarycag3-chain.pem 2019-02-27 13:47:08.000000000 -0800 @@ -0,0 +1,67 @@ +-----BEGIN CERTIFICATE----- +MIIG6jCCBdKgAwIBAgIQZfxPPcDd0zSbl2UQK6dtRzANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEfMB0GA1UEAxMW +R2VvVHJ1c3QgU0hBMjU2IFNTTCBDQTAeFw0xNzAyMDEwMDAwMDBaFw0yMDAzMDIy +MzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD +VQQHDA1Nb3VudGFpbiBWaWV3MR0wGwYDVQQKDBRTeW1hbnRlYyBDb3Jwb3JhdGlv +bjEdMBsGA1UEAwwUc3NsdGVzdDEzLmJidGVzdC5uZXQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDV734wSAESareltMadza6jJ0SVi6bLb/Q23La5v5Z/ +rFCdPzSRrMMKj08NfAA/i1k+TF/d7NZ+rrFvCIN33kfDzSLvIQiJh7NZ/yivA9DY +eH7RAuVXfrsqhsqpgHVNSmMXxaGxOIJ4RcEx0RB3vbb3frm46lCLMH0uCavJ7Txo +gDJpAG6AP/hF524IVJcIcHxhJqZo1pQO/iwb/uNGkqwRuAeL9zKhv0tYyiHKNqyW +AXk51Nzm+TQq0flw0nw7EC9f+VNrquiO5j76JKeL+DaxpUtftTpzL5b5oM/LXwDt +62VUMujOyVuKPIj1ieQVdhETSDvf340tQI7MB4qFrHlFAgMBAAGjggOgMIIDnDAf +BgNVHREEGDAWghRzc2x0ZXN0MTMuYmJ0ZXN0Lm5ldDAJBgNVHRMEAjAAMA4GA1Ud +DwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ2ouc3ltY2IuY29t +L2dqLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZngQwBAgIwgYQwPwYIKwYBBQUHAgEW +M2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9s +ZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVz +b3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMB8GA1UdIwQYMBaAFBRnju2DT9YenUAEDARGoXA0sg9yMFcGCCsGAQUF +BwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dqLnN5bWNkLmNvbTAmBggrBgEF +BQcwAoYaaHR0cDovL2dqLnN5bWNiLmNvbS9nai5jcnQwggH2BgorBgEEAdZ5AgQC +BIIB5gSCAeIB4AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAAB +WfvjZWcAAAQDAEYwRAIgIxFLEWNCRmGQl2o+3psXrWAd88rz9G1JbxbAgHFpXmAC +IFxZpWwuj1Aq4Yx6VrBBqvA+K/GlNY2OcThPaeoj3jdfAHYApLkJkLQYWBSHuxOi +zGdwCjw1mAT5G9+443fNDsgN3BAAAAFZ++NlpAAABAMARzBFAiB+iko2tw6USdc2 +E956ZIpXy9TTUiVtpKHzKFhuR7mdwwIhAMwTisbIGh6UTdjXnPktWPFcWhfxQOPB +U41c/v7zuFV9AHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFZ +++NnWwAABAMASDBGAiEAmqY4AhQPt/tU1iR0LvrlpIjKlc0IArbxENVkVbNTYwcC +IQCPlJZQb7mmlPwjy//aJMyOtEeVFb6DzfM4uhJiSrU9WAB2ALx44d/F9jxoRkkz +TaEPoV8JeWkgCcCBtPP2kX8+2bilAAABWfvjZmgAAAQDAEcwRQIgMcV63d6G3RHm +rN34V1zDiAbKG1k/pDEErcfZ+8Y0GdwCIQCcuqmKjnpUYs8ps4/NSx78U2ssNuLA ++QDpYuH1XKHCUTANBgkqhkiG9w0BAQsFAAOCAQEAjYdQJYtrhPJTIHcsyksTWGHS +cpIt7y1bzp+t06KYn6x+ax+09sTJQzr7L2BA3h24blgMWr2yEH0mvQdVncBFt8xr +9O8jeg5dHSeJknnDlXOA23Z2NJLanX7m29/713DxZ+HJXFx0Wiz5mtuTo7Q6FpQF +SI44v0fbUTb7LV81fFpyriroZTlpiMI01NLWGldyCchC795fEYiibSvr1uidjp9i ++MKppG3t3YXb1/Wu2A21b6Z4akgl021A5cJcg8/Q3wjYMqQTtuUEezsBl2jLoey1 +pa/ag3epMe19zTq4iqS3Z4r+2jrZ4IjnKmkDKo4uKvTAfUX2Yu2+Lm3E6Vfdow== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgIQQYISfRLZxrMhOUMSVmQAuDANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTEzMDUyMzAwMDAwMFoXDTIzMDUyMjIzNTk1OVowRjELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAMTFkdlb1Ry +dXN0IFNIQTI1NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDGqQtdF6V9xs8q78Zm0UIeX4N4aJGv5qeL8B1EAQoZypzUix3hoZCjwVu011tq +i/wOSR7CYin+gBU5i4EqJ7X7EqgFIgvFLPXZmN0WLztm52KiQzKsj7WFyFIGLFzA +d/pn94PoXgWNyKuhFjKK0kDshjocI6mNtQDecr2FVf4GAWBdrbPgZXOlkhSelFZv +k+6vqTowJUqOCYTvt9LV15tJzenAXmdxIqxQkEMgXaGjFYP9/Kc5vGtlSBJg/90j +szqq9J+cN1NBokeTgTMJ5SLGyBxJoW6NzIOzms3qQ/IZ0yTLqCmuUsz0CCewhOrO +J7XhNBNzklyHhirGsGg2rcsJAgMBAAGjggFcMIIBWDA7BggrBgEFBQcBAQQvMC0w +KwYIKwYBBQUHMAGGH2h0dHA6Ly9wY2EtZzMtb2NzcC5nZW90cnVzdC5jb20wEgYD +VR0TAQH/BAgwBgEB/wIBADBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggr +BgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA7 +BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9HZW9UcnVz +dFBDQS1HMy5jcmwwDgYDVR0PAQH/BAQDAgEGMCoGA1UdEQQjMCGkHzAdMRswGQYD +VQQDExJWZXJpU2lnbk1QS0ktMi00MTYwHQYDVR0OBBYEFBRnju2DT9YenUAEDARG +oXA0sg9yMB8GA1UdIwQYMBaAFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3 +DQEBCwUAA4IBAQAQEOryENYIRuLBjz42WcgrD/5N7OP4tlYxeCXUdvII3e8/zYsc +fqp//AuoI2RRs4fWCfoi+scKUejOuPYDcOAbWrmxspMREPmXBQcpbG1XJVTo+Wab +Dvvbn+6Wb2XLH9hVzjH6zwL00H9QZv8veZulwt/Wz8gVg5aEmLJG1F8TqD6nNJwF +ONrP1mmVqSaHdgHXslEPgWlGJhyZtoNY4ztYj9y0ccC5v0KcHAOe5Eao6rnBzfZb +qTyW+3mkM3Onnni5cNxydMQyyAAbye9I0/s6m/r+eppAaRzI2ig3C9OjuX6WzCso +w1Zsb+nbUrH6mvvnr7WXpiLDxaiTsQDJB7J9 +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:09.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustuniversalca-chain.pem 2019-02-27 13:47:09.000000000 -0800 @@ -0,0 +1,71 @@ +-----BEGIN CERTIFICATE----- +MIIHATCCBemgAwIBAgIQJmVwMHBfVctB6q6UbCC4eDANBgkqhkiG9w0BAQsFADBH +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX +R2VvVHJ1c3QgRVYgU1NMIENBIC0gRzYwHhcNMTcwNTA5MDAwMDAwWhcNMTkwNTAz +MjM1OTU5WjCB8jETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgEC +DAhEZWxhd2FyZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0 +aW9uMRAwDgYDVQQFEwczNDc5NzUwMRcwFQYDVQQKDA5HZW9UcnVzdCwgSW5jLjEY +MBYGA1UECwwPUm9vdCAxNCAtIFZBTElEMSIwIAYDVQQDDBl2YWxpZC1yb290MTQu +Z2VvdHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua4C +iQ+Sk3VXblrh9xI6DqxELgjGxLOxORgayEM1/x4lKC5Dah5Ey9jeDhy6eDLJRXce +JHjR5FYFNpjRpp8w58SzmosAQk7tgRy6HGPtVUUXCVkfUDJ6LIcZE1UcwKO3CUdh +2Dn3naVCNImdqqoUTCr4H/8iIy+1l4aUDnukiAsTV6M2Len0UQpD8MY2KyVmWNJz +GLGzZKXKwU42CZwK8hR+xUH/BSEcWvfU2bFShVGIY1CCpJ5vdhi0QMaRfDzpAXVw +3gvO5bN7RvDD8tABtLUjpnm0P7HzxkVkEO+BGg0P+qpw4bflu+TE7die+pFY1Skz +1rEFOvMEVOCqoinanwIDAQABo4IDOzCCAzcwJAYDVR0RBB0wG4IZdmFsaWQtcm9v +dDE0Lmdlb3RydXN0LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDCBqQYD +VR0gBIGhMIGeMIGSBgkrBgEEAfAiAQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8v +d3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggr +BgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3Jl +cG9zaXRvcnkvbGVnYWwwBwYFZ4EMAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2ZpLnN5 +bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2ZpLnN5bWNiLmNvbS9maS5jcnQw +KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2ZpLnN5bWNiLmNvbS9maS5jcmwwHwYD +VR0jBBgwFoAUvpmWhYTv5p/5H+H8ZmdbVqX6i1MwggGABgorBgEEAdZ5AgQCBIIB +cASCAWwBagB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABW/fm +zy4AAAQDAEgwRgIhALUgY0DrJaqjpgv19bbS434UDMpUfIfZ7qyxz30M1LiQAiEA +4dXlkRJLc3i+DcFUNSjRh8dKPLZMC3DhD4bm7tDQaWwAdgCkuQmQtBhYFIe7E6LM +Z3AKPDWYBPkb37jjd80OyA3cEAAAAVvuRpVUAAAEAwBHMEUCIGUbCcQ2agQi+sWo +zudL0F2rSS4elFAgHy/nSzGb/fl0AiEA5zLqvTsn8ioQ89KycY3HocNCLAPtqDqe +t9+6pcJnVFsAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVvu +RpV3AAAEAwBIMEYCIQDrKkvy08fPVx4vbVO4wBYw7tpqkmrWTaKCIs7Tx9utYwIh +ANuH3S2ngCM7WzCebmbLFVDmaNxQki3kmZbCOp358sRvMA0GCSqGSIb3DQEBCwUA +A4IBAQAOEMVj7HwG97PurqFqoa9JI2adgj8er1hc70dIGkTt21OKLWvWp0Yafcjx +qqEByFjzkF0/yreVmbxl1zf7utUMfWslmv7ElXDvS79lZ2UWO6vptyaZM6VSJ2s+ +pmGHJaQgw3AbDmu5yLmUPlHwOttv//AOuaZvrQISzrwmMs60sHn+pS7qtSdL3lYa +PtqhCBQNJoLDstn57B/aLBUYx5rSqhK68CCxY4ZcA1i02RakZJIhGbOAOy4x5pZH +uZiiRFTxgZRGNNUDjrhmVVk7cQDu3eDRDkUKD9m7796GJ+aFDZlvzmORaNW5GYjv +0qIRajIKmohnwumn+xaJFpmDEuw+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFUjCCAzqgAwIBAgIQAQAZ9apyafiMHhwSEeyNTzANBgkqhkiG9w0BAQsFADBF +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMV +R2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTE3MDUwMTE0MTcxNloXDTI3MDQyOTE0 +MTcxNlowRzELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xIDAe +BgNVBAMTF0dlb1RydXN0IEVWIFNTTCBDQSAtIEc2MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEArvBCvG8ORCUSTiERfNmMdtEvKhvmnV8MrSLOw6t3q24c ++r/y69NGdUJArGmBv8crE5Vxd5mYlecmflrJtyuh08HDFc4Mr4yh2xcGmeKA7Uz5 +Q/Wpfropvop1cFB3r/8BwpfxortVi2jkawQ89TDo3l0RacJrjM29dq+rQwqIWvfK +dHuU58t54CsXzvJrqDnhL4v+LQ2mqZMbAfh1Mhh8MftEH5UfOSgY2uXwnu5vERYI +3cl0nakgoJOyUlb187iFd/TrSrYGquv8dYAKTKOTd44YNwxb43iKk/esqxOTiqW8 +rAFv6/E6aOmHwqyP9l7LMtLzVE27ra1wESMR70JttwIDAQABo4IBOjCCATYwHwYD +VR0jBBgwFoAU2rsuqrAMuIgmUXRcbQPTwNiPetYwHQYDVR0OBBYEFL6ZloWE7+af ++R/h/GZnW1al+otTMA4GA1UdDwEB/wQEAwIBBjAuBggrBgEFBQcBAQQiMCAwHgYI +KwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEA +MB8GA1UdIAQYMBYwBwYFZ4EMAQEwCwYJKwYBBAHwIgEGMDUGA1UdHwQuMCwwKqAo +oCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0dW5pY2ExLmNybDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMT +EVN5bWFudGVjUEtJLTItNzU3MA0GCSqGSIb3DQEBCwUAA4ICAQA8iM9XJ01hEzSM +iATIdK/z+F1Vtm9hHjp0FzkOvVYkp7v6LIkazg299fyAy2+A/tpSzKyMIzy5B2R/ +sjbWykIK+3vtOlgUNilP7EoudiCjR/692THUtJ/QjPNzFYhO9apU2Wpc33ZYMH0Q +YKUPmAd7eBmsdVKHNLENcMjjCjnkjXnYtxq/jv2R4QhD83tbFnvBoKjxi2vAfDXG +xN8aItVg/FSdScZCMhe0w/HLzcN6N3NCGDBn2PjF0o3QLJa9yVSrvJ9Nh3my6rUb +gMhlfFEQXTmLxucqL5/n5lXyUWd0kTxFv++TalTeqYf3G/oeu5kcpfjUJREp/9ed +gQqhDEGIuJFrMm4qi+sNDrq0OkLBHCqefFArTz2ApiI9zd9pcKfjS3f/EB87AVmW +3m1lfqPeS+w+vBg7VCGNY9gGNUe+w4juTEBiwIjnp7I+aBVnIwxV9PdJoj1ZaLCx +U8AEN6tXD8IcCquLxs3fBsF85svvUfK8qh3ufKB3I3RHGq5Asmtvc5URcyeuA+d2 +zPQ1qAXH5m3DLkb0KdAvJ5E6mQ2S2aqwJPXtpqx2J40C1Qx+uUsHG2vDoT3ZTazt +LPBIIqF2YJr1hr760yXM3Jf14eyc+RXPrjA1mc/CKNbv6SvU5MvlYj+Vvx70y+k8 +U5ev+YdiYoYu0wQtDJQCJjM+eavqxQ== +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:10.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootca-chain.pem 2019-02-27 13:47:10.000000000 -0800 @@ -0,0 +1,66 @@ +-----BEGIN CERTIFICATE----- +MIIG/TCCBeWgAwIBAgIQfVQyuY0yb1Q+TZDQHtRC8TANBgkqhkiG9w0BAQsFADBH +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX +R2VvVHJ1c3QgRVYgU1NMIENBIC0gRzQwHhcNMTcwNTAzMDAwMDAwWhcNMTkwNTAz +MjM1OTU5WjCB8jETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgEC +DAhEZWxhd2FyZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU +BgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0 +aW9uMRAwDgYDVQQFEwczNDc5NzUwMRcwFQYDVQQKDA5HZW9UcnVzdCwgSW5jLjEY +MBYGA1UECwwPUm9vdCAxMSAtIFZBTElEMSIwIAYDVQQDDBl2YWxpZC1yb290MTEu +Z2VvdHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5Wn +8CUYyHQnisa3ihcezpRBrKNF9OGb9ye9G4mUFRAHoFlNdwVP3qxBtEo7N6ylZ7G0 +tMcLwqy+cdMZlyCw0qPQrJQXqp5AEL034IMeckSvR9I2RyR7DUW3kVtKRsDiAUo9 +4r8h/5ZT96OW/jtdE2WPr0Wt5r0DyG8xzUbUdh5tYFwlxMJLeHgomqsG1WXBEDvS +cTJk9JMZpH5d1FYux+T0BkJsYyj0NRcDnQuc6P4QIkpim3wsOBKMa7beEiCanmcK +dSBrBfl2iep67VfOEYfjYTDOwqwaknSfb2H33e0lpunI76Rwv1uZkr/4ciDyaNZS +IsLh1i57eKvWqn+G9wIDAQABo4IDNzCCAzMwJAYDVR0RBB0wG4IZdmFsaWQtcm9v +dDExLmdlb3RydXN0LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDArBgNV +HR8EJDAiMCCgHqAchhpodHRwOi8vZ20uc3ltY2IuY29tL2dtLmNybDCBqQYDVR0g +BIGhMIGeMIGSBgkrBgEEAfAiAQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3 +Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEF +BQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9z +aXRvcnkvbGVnYWwwBwYFZ4EMAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF +BwMCMB8GA1UdIwQYMBaAFN7PXFC3rgIfFReqFugNtSidalrzMFcGCCsGAQUFBwEB +BEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dtLnN5bWNkLmNvbTAmBggrBgEFBQcw +AoYaaHR0cDovL2dtLnN5bWNiLmNvbS9nbS5jcnQwggF8BgorBgEEAdZ5AgQCBIIB +bASCAWgBZgB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABW8/Y +RIwAAAQDAEYwRAIgWDLmmEUz8FyqMxfyweXN18EAYitvP3XPnU3XkJzRSrQCIB5y +KErRbSiDkj43iFWQVodPA70HtcgdIzk4X3KA7thOAHYApLkJkLQYWBSHuxOizGdw +Cjw1mAT5G9+443fNDsgN3BAAAAFbz9hEtwAABAMARzBFAiAjTCcAEJDj9M/xY7a/ +pysTrl0MrE6rMzpotNZ5kik1PgIhAMTAYXIUeA7LqKhYlvOvW/cH+uB+8329J8cy +xMF8dmEJAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFbz9hE +3gAABAMARjBEAiA7UGcNzFIEVvXeJRuWPfhA8t0JOjl//7ZuLYgdnt6/jAIgIHyH +QHLo2q5o99msj2s8o1BaTmxxnSF4TZPm8iZGLywwDQYJKoZIhvcNAQELBQADggEB +AGBUtaCjWXpAPSc7ypv6f+IJGYfGHR7NLBLLjTytKHcIx5Hb0YT14TFWnXacaSHk +XL/vY3v3CrdGqn6UZb4UEdyB54juG6J7DLQF/l8oeG0GzPQLlSOt0ZU4Cq9DayO0 +OFS6jD7K7FqalSiBzvFnDFmWqLXZQaO/dFPHvZVIdhfO6Vl/3yH+nkphrc8AiHqV +0LkFaoki3RUJMqPvb1pyZ41MzMVsS/LMPoxS0JUl+YKAhL5H1JS1OPMY1B++k2hs +BoScopXAC1xsOkpQWg+U2+mMnAebcCeFWtKrjVUIA+lzaAr6jbBOK9dLSschRXBe +R9xGJ3I9J4t0pKD5lFr9+fQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEbjCCA1agAwIBAgIQboqQ68/wRIpyDQgF0IKlRDANBgkqhkiG9w0BAQsFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMzEw +MzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMEcxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdHZW9UcnVzdCBFViBTU0wgQ0EgLSBH +NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANm0BfI4Zw8J53z1Yyrl +uV6oEa51cdlMhGetiV38KD0qsKXV1OYwCoTU5BjLhTfFRnHrHHtp22VpjDAFPgfh +bzzBC2HmOET8vIwvTnVX9ZaZfD6HHw+QS3DDPzlFOzpry7t7QFTRi0uhctIE6eBy +GpMRei/xq52cmFiuLOp3Xy8uh6+4a+Pi4j/WPeCWRN8RVWNSL/QmeMQPIE0KwGhw +FYY47rd2iKsYj081HtSMydt+PUTUNozBN7VZW4f56fHUxSi9HdzMlnLReqGnILW4 +r/hupWB7K40f7vQr1mnNr8qAWCnoTAAgikkKbo6MqNEAEoS2xeKVosA7pGvwgtCW +XSUCAwEAAaOCAUMwggE/MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD +AgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL2cyLnN5bWNi +LmNvbTBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93 +d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL2cxLnN5bWNiLmNvbS9HZW9UcnVzdFBDQS5jcmwwKQYDVR0RBCIwIKQe +MBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM4MB0GA1UdDgQWBBTez1xQt64C +HxUXqhboDbUonWpa8zAfBgNVHSMEGDAWgBQs1VBBlxWL8I82YVtK+2vZmckzkjAN +BgkqhkiG9w0BAQsFAAOCAQEAtI69B7mahew7Z70HYGHmhNHU7+sbuguCS5VktmZT +I723hN3ke40J2s+y9fHDv4eEvk6mqMLnEjkoNOCkVkRADJ+IoxXT6NNe4xwEYPtp +Nk9qfgwqKMHzqlgObM4dB8NKwJyNw3SxroLwGuH5Tim9Rt63Hfl929kPhMuSRcwc +sxj2oM9xbwwum9Its5mTg0SsFaqbLmfsT4hpBVZ7i7JDqTpsHBMzJRv9qMhXAvsc +4NG9O1ZEZcNj9Rvv7DDZ424uE+k5CCoMcvOazPYnKYTT70zHhBFlH8bjgQPbh8x4 +97Wdlj5qf7wRhXp15kF9Dc/55YVpJY/HjQct+GkPy0FTAA== +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:11.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootcag2-chain.pem 2019-02-27 13:47:11.000000000 -0800 @@ -0,0 +1,51 @@ +-----BEGIN CERTIFICATE----- +MIIFNjCCBN2gAwIBAgIQWCw1fnWLWedosJcJlxQbhDAKBggqhkjOPQQDAjBDMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0aGF3 +dGUgRUNDIEVWIFNTTCBDQTAeFw0xNzA1MTEwMDAwMDBaFw0xOTA1MDgyMzU5NTla +MIHsMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQIMCERlbGF3 +YXJlMRUwEwYDVQQKDAxUaGF3dGUsIEluYy4xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR0wGwYDVQQPExRQ +cml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UEBRMHMzg5ODI2MTEXMBUGA1UECwwO +Um9vdCA4IC0gVkFMSUQxHzAdBgNVBAMMFnZhbGlkLXJvb3Q4LnRoYXd0ZS5jb20w +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATVxsOfZ4/2K7l7FYl6ejjp5aNuX1J9 +gqfb8WdGQdmKW8TVlhzM9p3BQ61hcISHVW01ZzR2PgYQ5aALzTaZ/Vt9o4IDBzCC +AwMwCQYDVR0TBAIwADB8BgNVHSAEdTBzMGgGC2CGSAGG+EUBBzABMFkwJgYIKwYB +BQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMM +IWh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAHBgVngQwBATArBgNV +HR8EJDAiMCCgHqAchhpodHRwOi8vdHEuc3ltY2IuY29tL3RxLmNybDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMFcGCCsGAQUF +BwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3RxLnN5bWNkLmNvbTAmBggrBgEF +BQcwAoYaaHR0cDovL3RxLnN5bWNiLmNvbS90cS5jcnQwIQYDVR0RBBowGIIWdmFs +aWQtcm9vdDgudGhhd3RlLmNvbTAfBgNVHSMEGDAWgBRbM681oBoZN0INV+a8vWtj +IMKWATCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA3esdK3oNT6Ygi4GtgWhw +fi6OnQHVXIiNPRHEzbbsvswAAAFb+KihvQAABAMARzBFAiBghdkYlqbxNHmxETaN +TKTcLlmD8amIlOWP7KnL9/WrBAIhANAssLlY1gvBLJ61ULFbdrVTMi1dqMXPBec8 +LfKdwER4AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFb+Kih +ywAABAMARzBFAiAW4sOV17H0V1n4pwnfeeKflHLmr1t4pB9KBCYGh0NaEgIhAMUI +rLg1SuTCV2pXxRvWkzIAiifaJcPbxPhEp4DGz2d5AHUA7ku9t3XOYLrhQmkfq+Ge +ZqMPfl+wctiDAMR7iXqo/csAAAFb+Kih/AAABAMARjBEAiA1u/TczjmZ5EDB4Jue +TYEUyFHFDj3ytCItXk6vzcVPYgIgT6Yc1ugrgocOLqpDsRoQ7Jll/5PIi7QFg5N8 +//OhX+kwCgYIKoZIzj0EAwIDRwAwRAIgCK09KwyaiPsZZMtkjCec9zeVx7YRk8oh +PvV2UnQf6sQCIAfYgjH7ZQeIKCMi4ctdTja1ng/lU8ibnkpU5NDZGaTN +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDgDCCAwagAwIBAgIQH/L8vGMmqr0oZpOZH0PsITAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0xNjAxMDcwMDAw +MDBaFw0yNjAxMDYyMzU5NTlaMEMxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3 +dGUsIEluYy4xHTAbBgNVBAMTFHRoYXd0ZSBFQ0MgRVYgU1NMIENBMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEmcXM1zsNS0E2+7pcpYHdwqumr+KIIt3jEJA6jBBm +1SoBGgZESt6OKROJBt2sZJhUl4oU0q5kINTS/bG+eYTTlqOCAZgwggGUMA4GA1Ud +DwEB/wQEAwIBBjAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly90 +LnN5bWNkLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHwGA1UdIAR1MHMwBwYFZ4EM +AQEwaAYLYIZIAYb4RQEHMAEwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhh +d3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIxohaHR0cHM6Ly93d3cudGhhd3RlLmNv +bS9yZXBvc2l0b3J5MDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly90LnN5bWNiLmNv +bS9UaGF3dGVQQ0EtRzIuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjArBgNVHREEJDAipCAwHjEcMBoGA1UEAxMTU1lNQy1FQ0MtQ0EtcDI1Ni0zMTAd +BgNVHQ4EFgQUWzOvNaAaGTdCDVfmvL1rYyDClgEwHwYDVR0jBBgwFoAUmtgAMADn +a3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaAAwZQIwMMf+C0NMBVt58Of4YvVO +mVS0OYfzEiB4AOz8QF9pmEyaCAelGeOmq2pOLDEsQbKzAjEA2WTDVMhnnJI3NSnD +itmCtBQnW6NEAohvLUsB4iVehDAJK3mNY8FbYafl4LjFzA4V +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:12.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootcag3-chain.pem 2019-02-27 13:47:12.000000000 -0800 @@ -0,0 +1,67 @@ +-----BEGIN CERTIFICATE----- +MIIG2TCCBcGgAwIBAgIQdS+C2M35zv3l1EWcCL2MfTANBgkqhkiG9w0BAQsFADBX +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMTEwLwYDVQQDEyh0 +aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTSEEyNTYgU1NMIENBMB4XDTE3MDUw +ODAwMDAwMFoXDTE5MDUwODIzNTk1OVowgewxEzARBgsrBgEEAYI3PAIBAxMCVVMx +GTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxFTATBgNVBAoMDFRoYXd0ZSwgSW5j +LjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v +dW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD +VQQFEwczODk4MjYxMRcwFQYDVQQLDA5Sb290IDkgLSBWQUxJRDEfMB0GA1UEAwwW +dmFsaWQtcm9vdDkudGhhd3RlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMGMwXWgvpsjK9b7JwFIs8Ch6EORhDfWRMk16KGdnO0jeIh1D4NRi1GL +g0WcHiW06dFOF9UaT/Lg66mJLjHguftTHSoi9/cuMHcy0gbbWR+j+6RMxr7RwI6S +eC8VesPWxM+5xW6bI+QBWq678ZK8JYr/cALXX+8ekDhY8vswIdzkUp7qHekkoja6 +4ki2JyJO4Q/uf/gWfohsGc88fEiMAQi3qhyZlHm7QzjeUoB0WgPC+CVB+vxSmZip +6rkfjgPeKPlM1tqIAPjQWnQbdi2AvYCOUT0ZvVPPmsbINp7IMdAZmv9yF5qoW36A +oFtBL3wLNe7w+lm5ZnZ15DHB2b2gDAECAwEAAaOCAwkwggMFMCEGA1UdEQQaMBiC +FnZhbGlkLXJvb3Q5LnRoYXd0ZS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC +BaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3RmLnN5bWNiLmNvbS90Zi5jcmww +fAYDVR0gBHUwczBoBgtghkgBhvhFAQcwATBZMCYGCCsGAQUFBwIBFhpodHRwczov +L3d3dy50aGF3dGUuY29tL2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50 +aGF3dGUuY29tL3JlcG9zaXRvcnkwBwYFZ4EMAQEwHQYDVR0lBBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFDskyDGgt1rQarjSygd0zB4k1MTcMFcG +CCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3RmLnN5bWNkLmNvbTAm +BggrBgEFBQcwAoYaaHR0cDovL3RmLnN5bWNiLmNvbS90Zi5jcnQwggF/BgorBgEE +AdZ5AgQCBIIBbwSCAWsBaQB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM22 +7L7MAAABW+pl8UMAAAQDAEcwRQIhAMdGpN45mO8sPe9cyqC2vxeA7kwbpPL4Ie1Z +qP8A8YSmAiB+O2TOyUyg9TE31kCYyimqMS5tycpG8qTusAi6VClvAAB2AKS5CZC0 +GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABW+pl8i4AAAQDAEcwRQIhALoI +UwV2CIRu4MVgjNYTnVdKI6ZeklPdb9IQzEYBLI5OAiAgR+WX0RgWiOmn0Khon7ck +QEQ0H+j9VSFAuTqxFNWzXwB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6 +qP3LAAABW+pl8ZMAAAQDAEgwRgIhAO/SefmFUyrtfsa1WjfN3WRG2pVSRCqaSxc7 +8pbqk7ynAiEA12r243Cr4IWKQdp6IoTqeULQZfZEGGnIUQxVG9yRzdcwDQYJKoZI +hvcNAQELBQADggEBALcczMzw4qLLwR1hbM2qnzs+Ng4ByHPaDcwIZzGlxLCTOjZc +AaVc8TA/MRUQBFxWto2fLmVIoFNS9EceKOx9VWcNK+9gYKkLl0K4amLTWWW+uShT +DooJSdkP2fX2QB1jNsD1jH+44aG6Ll94HEgz88ziVeUH5T0yM3Fou1axDVI1ADKE +Z0UsdhlTIDKcTndv3Wk6HZz2wxtvt3Z3Eenr/6TQuipGCBpfRccVRVhrpIsylVtp +9UkD0UpX0VRgyrQOIXmtbL0WmPodfxB8crczcd6C0Yy2A77torg72fAyUtKmaBBZ +ajj05MMBn8QmmnAZ0pXxvFTnD8MhOZ0nBccJnQM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0DCCA7igAwIBAgIQCkieiFN+iqZFTW4sSyrrIDANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0xMzA0MDkwMDAwMDBa +Fw0yMzA0MDgyMzU5NTlaMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUs +IEluYy4xMTAvBgNVBAMTKHRoYXd0ZSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNIQTI1 +NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyxLx06CX2 +AGIo40zouN8Tn4sHN+9iSvFXCfaC6HXwCqknz5M77DaJpW4d1lTzuASXcrRpJczR +Qg5b1Rx/omBusVIa25MvuwsNZFMWyxwJJJUpIrSKGACJ/vcfcsjoXC8aG6IYuO8Y +XMu12zpO2w+u38R54x6qXKOk5axhmzeFj0h1G7nVaJbpJ3lwVyMau2yTkMdF1xfS +Nyp2s82CqU/AA3vhPXp+W7iF8vUV+3CpvfVQZRad47ZrYW6hep7oDRz3Ko5pfkMw +jnjO7mUeO5uHHkkc+DJGXShGeSpOJ10XWKg3/qgTqWkV3zYiiXW6ygFALu2d1wyq +Mc4nrlfV0lH7AgMBAAGjggE+MIIBOjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud +DwEB/wQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9v +Y3NwLnRoYXd0ZS5jb20wOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEW +Gmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMDcGA1UdHwQwMC4wLKAqoCiGJmh0 +dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0EtRzMuY3JsMCoGA1UdEQQjMCGk +HzAdMRswGQYDVQQDExJWZXJpU2lnbk1QS0ktMi0zNzQwHQYDVR0OBBYEFDskyDGg +t1rQarjSygd0zB4k1MTcMB8GA1UdIwQYMBaAFK1sqpRgnO3k//o+CnQrYwP3tlm/ +MA0GCSqGSIb3DQEBCwUAA4IBAQBomCaq1DPJunVw1J9JrdbBVNzuqlYfeKfwoaTu +C/kSr9+muO7DyzUTalkq+MnpTC+8sbwrwgIw4cO+wvCBjJl3iVgAo8x/owJMU7Ju +Nk/+34d2sz/sWmJQtgBFWPKHrHfm0CBQY8XksnAVGJAFe3uvK0a+a04fU/yEJ66D +0o1HU6cOH2O1utsW2GoJJVV9jz1KwYP5s7mnBFrI8xEEkVMw2VKHyzkAnOxTwwIJ +fqc2jnIhLyO7TMZHpaHuZ8QvXDpHOGHiwx43kp7IL2v679LDzSmNmPhSF+21Uzzf +r8kbYq3fAu5dNPZBS8vDVa+xy9qcc9UCqC2nrPzh5QfQUeg1 +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:13.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g3ca-chain.pem 2019-02-27 13:47:13.000000000 -0800 @@ -0,0 +1,71 @@ +-----BEGIN CERTIFICATE----- +MIIHIDCCBgigAwIBAgIQS0wGL8U0T0yVa8wAE4DBqjANBgkqhkiG9w0BAQsFADB+ +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj +IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDUwMTAwMDAwMFoX +DTIwMDQzMDIzNTk1OVowgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y +bmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR0wGwYDVQQKDBRTeW1hbnRlYyBD +b3Jwb3JhdGlvbjEXMBUGA1UECwwOUm9vdCA0IC0gVkFMSUQxLTArBgNVBAMMJHZh +bGlkLXJvb3Q0LndlYnNlY3VyaXR5LnN5bWFudGVjLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALll3Mb7Fu0CAWPMWpSbr6RHdAl10hwmMaDr8ENk +hAv3offJxsUmgS+vqCC+xQNiS5ClDeOLyf5QeltArLuaYNjUaXEy00EEuXFQO5kj +HjTdsWeEkOxzmt2thAJx8eMbskvvtqnHHali2LFIOuMXuyS9mpkk7cG1yk85LvgZ +Ov1xrpBCuB+ppir0MhhXRLmcZ9QMgVUzfjrmQoQWHE0Qu69Mci6mk7fuBboqaPe0 +v0s2KsA1tLSknn39HrXE3d5D1AOoLJP1RiHU+RFQIOJ0oiXPZSH0bdiWhO0xcyuo +vXY+0vaQPO1Uwrj/VdpL7bs65dgdFqXpTdqvMURu5WoDumUCAwEAAaOCA3QwggNw +MC8GA1UdEQQoMCaCJHZhbGlkLXJvb3Q0LndlYnNlY3VyaXR5LnN5bWFudGVjLmNv +bTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYX +aHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9k +LnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8w +KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYI +KwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYG +CCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAfcGCisGAQQB +1nkCBAIEggHnBIIB4wHhAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbs +vswAAAFbxYEdRwAABAMARzBFAiEAurXvGE124ya7O5ZjYZckdJ7OU64A4fEAszhI +UG3OqMACIGbAqoQLGMr9sMYBqS3cPxtD6EIK8BXzBaYHOe3pGhcXAHYApLkJkLQY +WBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFbxYEdagAABAMARzBFAiBY4mXZ +w8zBWrVURFxwmQGf046/oaidgJQ3Wf9+AlJ+7AIhANWkGBd6nlwE8V/dzQvkjnTz +2edJKGy2NqgyxinZMAbWAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo +/csAAAFbxYEfSwAABAMASDBGAiEAltQbZJ9+Gt1M+YV4YBJVR63aPhk1dFIyKdQL +yjYdBh0CIQDUGxHmR2KVW8N6wHnAGFlUhcwlBJFoiTqaSRP/1Yk0wAB2ALx44d/F +9jxoRkkzTaEPoV8JeWkgCcCBtPP2kX8+2bilAAABW8WBHkcAAAQDAEcwRQIgFqqM +DTAo3RKfwU9gwkD53Zr1HXPJuoI/MhwHQgc8nvkCIQDbwhd3gOdRJhtMyGqxGqr7 +sbD43D/fkyH3BNWOhff04TANBgkqhkiG9w0BAQsFAAOCAQEAQkWtNshWRmFY1t1Y +pH3Ztxd891f4VYLtBzrpapejHIe5ijlZES2d+x4+aCilVUo6sDs0RUgy5Jk9eU5I +6vOh+NkZ1THFqod+w5FKPgDaDuHHryvRaiGdcpn9x5R7zkpgKQ1WqgvcbzAmZkAr +YxpvXfTLhcgbQhPedxbS5YyU1y1QCi8MUrxTwejcFDhAQXGOW3cTMpGsXtRvQVE0 +iI93jCPb3Djpqus9SS7ggzkfJe3bQpl72bv2agn5peBJa0sC1PqRXIT/cWUQe9ez +rKSDoqdPNjTmIcJjql50T+WceNF5nxNPCq+jhMOcmKXJUF3H6yYc8pjLuDDBAFFz +uxAuxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCA/2gAwIBAgIQKC4nkXkzkuQo8iGnTsk3rjANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzMwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs +YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb +A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW +9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu +s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T +L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK +Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBQDCCATwwHQYDVR0O +BBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMBIGA1UdEwEB/wQIMAYBAf8CAQAwawYD +VR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu +c3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0 +aC5jb20vcnBhMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9zLnN5bWNiLmNvbS9w +Y2EzLWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNV +BAMTEVN5bWFudGVjUEtJLTEtNTM0MC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcw +AYYSaHR0cDovL3Muc3ltY2QuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBbF1K+1lZ7 +9Pc0CUuWysf2IdBpgO/nmhnoJOJ/2S9h3RPrWmXk4WqQy04q6YoW51KN9kMbRwUN +gKOomv4p07wdKNWlStRxPA91xQtzPwBIZXkNq2oeJQzAAt5mrL1LBmuaV4oqgX5n +m7pSYHPEFfe7wVDJCKW6V0o6GxBzHOF7tpQDS65RsIJAOloknO4NWF2uuil6yjOe +soHCL47BJ89A8AShP/U3wsr8rFNtqVNpT+F2ZAwlgak3A/I5czTSwXx4GByoaxbn +5+CdKa/Y5Gk5eZVpuXtcXQGc1PfzSEUTZJXXCm5y2kMiJG8+WnDcwJLgLeVX+OQr +J+71/xuzAYN6 +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:14.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g4ca-chain.pem 2019-02-27 13:47:14.000000000 -0800 @@ -0,0 +1,56 @@ +-----BEGIN CERTIFICATE----- +MIIFxDCCBWmgAwIBAgIQZMjAlhAdRd/Im/aYbmgO8DAKBggqhkjOPQQDAjCBizEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBD +bGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTcw +NTAxMDAwMDAwWhcNMTkwNTAxMjM1OTU5WjCCAS0xEzARBgsrBgEEAYI3PAIBAxMC +VVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUg +T3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMQswCQYDVQQGEwJVUzEOMAwG +A1UEEQwFOTQwNDMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50 +YWluIFZpZXcxGTAXBgNVBAkMEDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNVBAoMFFN5 +bWFudGVjIENvcnBvcmF0aW9uMRcwFQYDVQQLDA5Sb290IDMgLSBWQUxJRDEtMCsG +A1UEAwwkdmFsaWQtcm9vdDMud2Vic2VjdXJpdHkuc3ltYW50ZWMuY29tMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAERAIBieoafYh/yFaVSP+vyzoxzZ/zKy4tx7o0 +R1gugD5SArEcRar0oodVQ99eJkT63Xn910gGKx4cP+CM+jZfJqOCAwgwggMEMC8G +A1UdEQQoMCaCJHZhbGlkLXJvb3QzLndlYnNlY3VyaXR5LnN5bWFudGVjLmNvbTAJ +BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwbwYDVR0gBGgwZjBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIB +FhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczov +L2Quc3ltY2IuY29tL3JwYTAHBgVngQwBATAfBgNVHSMEGDAWgBRIE2UXlOyeFioq +dFzoUy20+4PrjjArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29t +L3NuLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zbi5z +eW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zbi5zeW1jYi5jb20vc24uY3J0 +MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgDd6x0reg1PpiCLga2BaHB+Lo6d +AdVciI09EcTNtuy+zAAAAVvFgWTjAAAEAwBHMEUCIF7mhfWFvkMauS0jlQz7t/fO +nDXX+VeHwI7YIHU3Wvg5AiEA97a9fZzAjALA1VTaXOv/WSDyEzA/X9YPesI4Aq+4 +da8AdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVvFgWUIAAAE +AwBGMEQCIAM5H16X3/vPGds9N8b7Q3+H8cFe7woTT9ddKPfUyLZJAiAF8FivrVBd +wJ5rjxxJOwPSrlkRV2vhbKfSbJH0lDq1XQB2AO5Lvbd1zmC64UJpH6vhnmajD35f +sHLYgwDEe4l6qP3LAAABW8WBZRoAAAQDAEcwRQIgRpro/bdvZbK5eW5FTbTqGUTi +W5RSpjcFW2Gd27Ql6bACIQCgow7825ZtJ31KRYJ2fiTlqvc6jyZ+u67hFT4qs/1Q +oDAKBggqhkjOPQQDAgNJADBGAiEAl565i7SXROFdn7y+hM0AgChi/75FGmaokJaj +h9jhmiMCIQCqIZZ4SuOgBbkt7bMOSI1sOtFqhlsGVXwZKjzSaIFSYA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID4zCCA2qgAwIBAgIQTZVdIK+FxJ9pJfurfGZfiTAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMTIxMjIwMDAwMDAwWhcNMjIxMjE5MjM1OTU5WjCBizELMAkG +A1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQL +ExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFz +cyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAATdBD2y8pCTl8bpu7yR21Hwo4bt+8bThZMyBUngBINh +llH/VyGuC9oO5wShf9sqHL3KmDXFcXNAzehqq1SEQybio4IBbTCCAWkwEgYDVR0T +AQH/BAgwBgEB/wIBADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLndzLnN5 +bWFudGVjLmNvbS9wY2EzLWc0LmNybDAOBgNVHQ8BAf8EBAMCAQYwNwYIKwYBBQUH +AQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC53cy5zeW1hbnRlYy5jb20w +ZQYDVR0gBF4wXDBaBgRVHSAAMFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3lt +YXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5j +b20vcnBhMCoGA1UdEQQjMCGkHzAdMRswGQYDVQQDExJTWU1DLUVDQy1DQS1wMjU2 +LTMwHQYDVR0OBBYEFEgTZReU7J4WKip0XOhTLbT7g+uOMB8GA1UdIwQYMBaAFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2cAMGQCMFyb7oOjdk2MLQVM +gjS6s77Oj+jDNIH7QHfoNGxbFys7rdWno9LzZsJPsrDIdpiPvwIwT8IvzpLFqb3O +fU7UGztmJOpOzYKvVEqI7+O/OpNjVCF9EjDSMs2ryYGwpxFDe0Vm +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:15.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g5ca-chain.pem 2019-02-27 13:47:14.000000000 -0800 @@ -0,0 +1,71 @@ +-----BEGIN CERTIFICATE----- +MIIHOTCCBiGgAwIBAgIQCBmps2cB8a6CGTXUyg9ZzjANBgkqhkiG9w0BAQsFADB3 +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj +IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI4MDAwMDAwWhcNMTkwNDI4 +MjM1OTU5WjCCAS0xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB +AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD +VQQFEwcyMTU4MTEzMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFOTQwNDMxEzARBgNV +BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGTAXBgNVBAkM +EDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNVBAoMFFN5bWFudGVjIENvcnBvcmF0aW9u +MRcwFQYDVQQLDA5Sb290IDEgLSBWQUxJRDEtMCsGA1UEAwwkdmFsaWQtcm9vdDEu +d2Vic2VjdXJpdHkuc3ltYW50ZWMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEApbJSThUcOfpFWl6PyOeFqED399DWeBcBoAMdXkPfatQ+uJPeRryZ +4UfC1iuQWQM6agDrMhDmnc+IiBiltbF0PVEHkQXxfR6x6TFF1doWDxVfOgl2y9Pz +ilRgdBdGmnQsWbYqaKlCBS3aZ2jCZMUAKmQce8WNLEf8qDjQcHRT1vI2k5AW3+L0 +FccXRSFXx2wZUAh9qxa2gKxEjnUF+qy42WEgh/mXD4smbhtEf+pCUXPYuODlxOaA +ZCy9SeBrKb5Nl3C9UzBhchONPQLUgzlk8d0M17pFLYKLfa8MvBcKRVyTk7/XXdTj +OmW5OO7f4epmXNlN5fHnGZlA5FE/4candwIDAQABo4IDBzCCAwMwLwYDVR0RBCgw +JoIkdmFsaWQtcm9vdDEud2Vic2VjdXJpdHkuc3ltYW50ZWMuY29tMAkGA1UdEwQC +MAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjBvBgNVHSAEaDBmMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUHAgEWF2h0dHBz +Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1j +Yi5jb20vcnBhMAcGBWeBDAEBMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8gB1fV +kedqMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3Js +MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNkLmNv +bTAmBggrBgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwggF8Bgor +BgEEAdZ5AgQCBIIBbASCAWgBZgB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0R +xM227L7MAAABW7a3ZxAAAAQDAEcwRQIgeoFObGH+PGc5LRj+f1yzoG3TGHrPQA/z +nRsNG1MXNXACIQCVd5wZWbP1+hp4kaE1sYgUnSiRFN3kfMf5uUQysYvkSwB1AKS5 +CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABW7a3Z1AAAAQDAEYwRAIg +MRBDGE2dq1xzPDJ9tKzDTwKP5rC4DrjHZbmtYiZZh3sCIDCMlTV8bpEeeq2evzna +Xq/930hOaclzf4pXEwUHmW/HAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7 +iXqo/csAAAFbtrdpDwAABAMARjBEAiBQpNfvWoFAkIraeupW8zM804c8XvlLIbX4 +6kCYS04HbQIgOmEunrjYREwtG5Rdk1Vd01Fp7lR42AgJ/LQFn7DmXigwDQYJKoZI +hvcNAQELBQADggEBAKlkTQil8u0sfwLdpfFmtUvFexhx4C8gTsZwZeN/40n+S4xR +b6U3rEHIKlFAelipc5EzeYIsJKHGP5qHSs7m7jPKBrf0KsoryvZrSfhMfXDHvrJF +RpF0Rs1VODoK2l/1CosUZ9rTqEjQcv7kUvFvgZpNIoV++k/Y2TsoBsLliRdXKpL8 +SQADr18BlEt1Y8A7E77lJFMmgD4bFN1jJWkEJoAGkrYqsF6i8fAHiESjSLy85Bcs +DGXgP4z8Nifje78wGVygI/4NYgYiFClsk8epBHXOveEV5HRO42XzPG0Zn0BMWCSI +0P08Lq3dwSQSQarkID6iRuhgt4GZvm3zh6MdfrA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs +YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9 +FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM +BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL +pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu +IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c +zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj +MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw +BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov +L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z +eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi +LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx +GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk +Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq +hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F +nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE +qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P +eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw +LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j +2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q== +-----END CERTIFICATE----- --- /dev/null 2019-02-27 13:47:16.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g5ca-codesigning-chain.pem 2019-02-27 13:47:15.000000000 -0800 @@ -0,0 +1,170 @@ +Signer #1: + +Signature: + +Certificate owner: CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US + +-----BEGIN CERTIFICATE----- +MIIE4DCCA8igAwIBAgIQMJBKmqOhTgIuAsUw5l33hTANBgkqhkiG9w0BAQsFADB/ +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxMDAuBgNVBAMTJ1N5bWFudGVj +IENsYXNzIDMgU0hBMjU2IENvZGUgU2lnbmluZyBDQTAeFw0xNzEyMjEwMDAwMDBa +Fw0yMDAyMDEyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZv +cm5pYTEVMBMGA1UEBwwMUmVkd29vZCBDaXR5MR0wGwYDVQQKDBRPcmFjbGUgQW1l +cmljYSwgSW5jLjEdMBsGA1UECwwUU29mdHdhcmUgRW5naW5lZXJpbmcxHTAbBgNV +BAMMFE9yYWNsZSBBbWVyaWNhLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxrxa5UAMwofgt7m++glHqMSYP3nlTDxRnWu14FtVtQiaacn20u3w +T5d+5mkoezHXNU3g1sgwkr/Ovf4YVSwz9wtqZWTbK3/r6Ctb9eRxb2th64N4AuDI +R9C/LU2J7ruXsu7FpEhXMIdNLxR4ihfkBA5ndpNqmXmIG9HvFQkd8APsSFRpMQh7 +Com1YlbkySgMyjBwYfAw74bqNrClBmLNAVfq7JSqjJ8EJtlq6lEJWHXEYysZfRIf +StxZ0XtKD3wtADeowBHs1DRnXrkgD/q3kWX5LF75nfHtRWEtHxWKk7/R452pweIv +ZZYXsvSrRA3vC+jbbhtZiRYRk2QCXsUxrQIDAQABo4IBPjCCATowCQYDVR0TBAIw +ADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwYQYDVR0gBFow +WDBWBgZngQwBBAEwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9j +cHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0j +BBgwFoAUljtT8Hkzl699g+8uK8zKt4YecmYwKwYDVR0fBCQwIjAgoB6gHIYaaHR0 +cDovL3N2LnN5bWNiLmNvbS9zdi5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUF +BzABhhNodHRwOi8vc3Yuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Yu +c3ltY2IuY29tL3N2LmNydDANBgkqhkiG9w0BAQsFAAOCAQEAQcZqmjMAuBgnaQZ5 +JsP3+Rzaa5FrukVVk2brqrJFnqt/79khvfCf95pBafHHCqdndB0T4xuzBL4fk2ZW +Z48ACgq3U6oNP9Ci4pcDuTqU/vZHwh7ICkSWLhGzpErfwby7zZV9ZeIK0AB5vJCK +qgL4DetXgqGOm29gAjTKcXa67jP9lX6tAdh9TcQDbBbGny3NHGAiCderJxTOYhid +9+4v+p+lt2OPxlxmZMPnT/9U2Yp3OzH//OYgQysnwy/UkSVCa2DuMPbL4LTxwV65 +nwEU3jT0Iq7io+oEcjW5FTZDgVC2A7lDVVrNlbAW/f5QoKcmyw8hDLo7TH6tDv8n +hhKFDg== +-----END CERTIFICATE----- + +Certificate owner: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US + +-----BEGIN CERTIFICATE----- +MIIFWTCCBEGgAwIBAgIQPXjX+XZJYLJhffTwHsqGKjANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTMxMjEwMDAwMDAwWhcNMjMxMjA5MjM1OTU5WjB/MQsw +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxMDAuBgNVBAMTJ1N5bWFudGVjIENs +YXNzIDMgU0hBMjU2IENvZGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJeDHgAWryyx0gjE12iTUWAecfbiR7TbWE0jYmq0v1obUfej +DRh3aLvYNqsvIVDanvPnXydOC8KXyAlwk6naXA1OpA2RoLTsFM6RclQuzqPbROlS +Gz9BPMpK5KrA6DmrU8wh0MzPf5vmwsxYaoIV7j02zxzFlwckjvF7vjEtPW7ctZlC +n0thlV8ccO4XfduL5WGJeMdoG68ReBqYrsRVR1PZszLWoQ5GQMWXkorRU6eZW4U1 +V9Pqk2JhIArHMHckEU1ig7a6e2iCMe5lyt/51Y2yNdyMK29qclxghJzyDJRewFZS +AEjM0/ilfd4v1xPkOKiE1Ua4E4bCG53qWjjdm9sCAwEAAaOCAYMwggF/MC8GCCsG +AQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTASBgNV +HRMBAf8ECDAGAQH/AgEAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEHFwMwUjAmBggr +BgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIw +HBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYf +aHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRow +GAYDVQQDExFTeW1hbnRlY1BLSS0xLTU2NzAdBgNVHQ4EFgQUljtT8Hkzl699g+8u +K8zKt4YecmYwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZI +hvcNAQELBQADggEBABOFGh5pqTf3oL2kr34dYVP+nYxeDKZ1HngXI9397BoDVTn7 +cZXHZVqnjjDSRFph23Bv2iEFwi5zuknx0ZP+XcnNXgPgiZ4/dB7X9ziLqdbPuzUv +M1ioklbRyE07guZ5hBb8KLCxR/Mdoj7uh9mmf6RWpT+thC4p3ny8qKqjPQQB6rqT +og5QIikXTIfkOhFf1qQliZsFay+0yQFMJ3sLrBkFIqBgFT/ayftNTI/7cmd3/SeU +x7o1DohJ/o39KK9KEr0Ns5cF3kQMFfo2KwPcwVAB8aERXRTl4r0nS1S+K4ReD6bD +dAUK75fDiSKxH3fzvc1D1PFMqT+1i4SvZPLQFCE= +-----END CERTIFICATE----- + +Certificate owner: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US + +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- + +Timestamp: + +Certificate owner: CN=Symantec SHA256 TimeStamping Signer - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US + +-----BEGIN CERTIFICATE----- +MIIFSzCCBDOgAwIBAgIQVFjyqtdB1kS8hKl7oJZS5jANBgkqhkiG9w0BAQsFADB3 +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj +IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMTcwMTAyMDAwMDAwWhcNMjgwNDAx +MjM1OTU5WjCBgDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBv +cmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQD +EyhTeW1hbnRlYyBTSEEyNTYgVGltZVN0YW1waW5nIFNpZ25lciAtIEcyMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfP82AQJA4b511ymk8BCfOp8Y89d +AOKO88CQ348p9RjqlLeS5dewoHOB6OkKm0p8Af+dj6Q5pw7qRfQiDDpw7TlFi+TF +G1zwRWhGJAVjdpsc/J5sKrFW5Yp/UnGu8jXVRiMGHM9ILR20zbjZdiOOHP8+v7sG +XGkHpmUO+F6ufS7tTa4178nXAEL9KJUOn11yQgm8w9pE0u3MR4Tk/MotrFi+rveu +2UQNCLfCd9YaQ3DRbgPeUpLEEAhx2boiVfIfvO2bnTviXh1Mg/+XD3sL51WDTtIN +677X7K5uR7mf36XWUbwEVe3/J3BMye0qSxPhsblMD8kB7lVlX2kCeGbLPwIDAQAB +o4IBxzCCAcMwDAYDVR0TAQH/BAIwADBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcD +MEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUF +BwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMEAGA1UdHwQ5MDcwNaAzoDGG +L2h0dHA6Ly90cy1jcmwud3Muc3ltYW50ZWMuY29tL3NoYTI1Ni10c3MtY2EuY3Js +MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDB3BggrBgEF +BQcBAQRrMGkwKgYIKwYBBQUHMAGGHmh0dHA6Ly90cy1vY3NwLndzLnN5bWFudGVj +LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL3RzLWFpYS53cy5zeW1hbnRlYy5jb20v +c2hhMjU2LXRzcy1jYS5jZXIwKAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEFRpbWVT +dGFtcC0yMDQ4LTUwHQYDVR0OBBYEFAm1wf6WcpcpQ5rJ4AK6rvj9L7r2MB8GA1Ud +IwQYMBaAFK9j1sqjToVy4Ke8QfMpojh/gHViMA0GCSqGSIb3DQEBCwUAA4IBAQAX +swqI6VxaXiBrOwoVsmzFqYoyh9Ox9BxTroW+P5v/17y3lIW0x1J+lOi97WGy1KeZ +5MPJk8E1PQvoaApdVpi9sSI70UR617/wbVEyitUj3zgBN/biUyt6KxGPt01sejMD +G3xrCZQXu+TbWNQhE2Xn7NElyix1mpx//Mm7KmirxH20z6PJbKfZxACciQp3kfRN +ovsxO4Zu9uYfUAOGm7/LQqvmdptyWhEBisbvpW+V592uuuYiZfAYWRsRyc2At9iX +Rx9CCPiscR+wRlOz1LLVo6tQdUgSF4Ktz+BBTzJ+zZUcv5GKCD2kp2cClt8kTKXQ +QcCCYKOKFzJL07zPpLSM +-----END CERTIFICATE----- + +Certificate owner: CN=Symantec SHA256 TimeStamping CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US + +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIQewWx1EloUUT3yYnSnBmdEjANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0xNjAxMTIwMDAwMDBaFw0zMTAxMTEyMzU5NTlaMHcxCzAJBgNVBAYTAlVTMR0w +GwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMg +VHJ1c3QgTmV0d29yazEoMCYGA1UEAxMfU3ltYW50ZWMgU0hBMjU2IFRpbWVTdGFt +cGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtZnVlVT52M +cl0agaLrVfOwAa08cawyjwVrhponADKXak3JZBRLKbvC2Sm5Luxjs+HPPwtWkPhi +G37rpgfi3n9ebUA41JEG50F8eRzLy60bv9iVkfPw7mz4rZY5Ln/BJ7h4OcWEpe3t +r4eOzo3HberSmLU6Hx45ncP0mqj0hOHE0XxxxgYptD/kgw0mw3sIPk35CrczSf/K +O9T1sptL4YiZGvXA6TMU1t/HgNuR7v68kldyd/TNqMz+CfWTN76ViGrF3PSxS9TO +6AmRX7WEeTWKeKwZMo8jwTJBG1kOqT6xzPnWK++32OTVHW0ROpL2k8mc40juu1MO +1DaXhnjFoTcCAwEAAaOCAXcwggFzMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E +CDAGAQH/AgEAMGYGA1UdIARfMF0wWwYLYIZIAYb4RQEHFwMwTDAjBggrBgEFBQcC +ARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6 +Ly9kLnN5bWNiLmNvbS9ycGEwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJo +dHRwOi8vcy5zeW1jZC5jb20wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3Muc3lt +Y2IuY29tL3VuaXZlcnNhbC1yb290LmNybDATBgNVHSUEDDAKBggrBgEFBQcDCDAo +BgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVGltZVN0YW1wLTIwNDgtMzAdBgNVHQ4E +FgQUr2PWyqNOhXLgp7xB8ymiOH+AdWIwHwYDVR0jBBgwFoAUtnf6aUhHn1MS1cLq +BzJ2B9GXBxkwDQYJKoZIhvcNAQELBQADggEBAHXqsC3VNBlcMkX+DuHUT6Z4wW/X +6t3cT/OhyIGI96ePFeZAKa3mXfSi2VZkhHEwKt0eYRdmIFYGmBmNXXHy+Je8Cf0c +kUfJ4uiNA/vMkC/WCmxOM+zWtJPITJBjSDlAIcTd1m6JmDy1mJfoqQa3CcmPU1dB +kC/hHk1O3MoQeGxCbvC2xfhhXFL1TvZrjfdKer7zzf0D19n2A6gP41P3CnXsxnUu +qmaFBJm3+AZX4cYO9uiv2uybGB+queM6AL/OipTLAduexzi7D1Kr0eOUA2AKTaD+ +J20UMvw/l0Dhv5mJ2+Q5FL3a5NPD6itas5VYVQR9x5rsIwONhSrS/66pYYE= +-----END CERTIFICATE----- + --- /dev/null 2019-02-27 13:47:17.000000000 -0800 +++ new/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignuniversalrootca-chain.pem 2019-02-27 13:47:16.000000000 -0800 @@ -0,0 +1,73 @@ +-----BEGIN CERTIFICATE----- +MIIHTzCCBjegAwIBAgIQPYH1xfKSpwYMrTEqOxG4OzANBgkqhkiG9w0BAQsFADCB +ijELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTswOQYDVQQDEzJTeW1hbnRl +YyBDbGFzcyAzIEV4dGVuZGVkIFZhbGlkYXRpb24gU0hBMjU2IFNTTCBDQTAeFw0x +NzA1MDEwMDAwMDBaFw0xOTA1MDEyMzU5NTlaMIIBLTETMBEGCysGAQQBgjc8AgED +EwJVUzEZMBcGCysGAQQBgjc8AgECDAhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0 +ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzIxNTgxMTMxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQRDAU5NDA0MzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91 +bnRhaW4gVmlldzEZMBcGA1UECQwQMzUwIEVsbGlzIFN0cmVldDEdMBsGA1UECgwU +U3ltYW50ZWMgQ29ycG9yYXRpb24xFzAVBgNVBAsMDlJvb3QgMiAtIFZBTElEMS0w +KwYDVQQDDCR2YWxpZC1yb290Mi53ZWJzZWN1cml0eS5zeW1hbnRlYy5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjQDZuIKKgrjmO0+0ty8WIlFZk +HcvIGX/kIAxByd/XA19h0Zk6kjFLgZaRtsUdRotG40DST72Ki8Vmy7nX3w/cqpFg +0x0nl7ZORE/L1EjEOUApqEpaA5GtcMaznu/SVVp2mZgoOWhn4EAvocT6GKQWaKi1 +/tCh6UiieHRz6L29CrN6/JWT6OXv6TGePkGcVKSjJrZoNMiNzoTFyCdvVpYutZiv +YsMzcRJ+KxTepwFM1imssBGc5WM2Wit+Z3kWJhYe0IdOIdqmuR6WxwLGb7nrY44R +dPy+h0n71GJvjbEzI+Qb/ehc8HjOGba0sh/+x/p14t7PplDZyicxzaC/tpTnAgMB +AAGjggMJMIIDBTAvBgNVHREEKDAmgiR2YWxpZC1yb290Mi53ZWJzZWN1cml0eS5z +eW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMG8GA1UdIARoMGYwWwYLYIZIAYb4RQEHFwYw +TDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUH +AgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwBwYFZ4EMAQEwHwYDVR0jBBgw +FoAUsm3j5BQPjDxzQqZamRrTFHW2htswKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDov +L3NoLnN5bWNiLmNvbS9zaC5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB +hhNodHRwOi8vc2guc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2guc3lt +Y2IuY29tL3NoLmNydDCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA3esdK3oN +T6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFbxYHx8wAABAMARzBFAiEAoZAV +7qASZQXq7visy9vw4552zDWP/+K/8FmgvPpFHuACICl4k+7Omje9NoIRTwnPs4fm +fqW4rDXzK+HKIGNfEmQ4AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN +3BAAAAFbxYHyLgAABAMARzBFAiAuvBGEqgabzmMmG2Tzv1KjGR0nTtEz1R1XluNc +w8NrnAIhAOBL9OgiJfN4SRq6Gmfesx8BJGFr7pDfpDKECGOT1uqZAHYA7ku9t3XO +YLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFbxYHz8gAABAMARzBFAiEA2/T1 +kmfJQ/F0SrRDPozVMhaQW/ydrynOQovjsNJM3M0CIEN0T1ac8FsiatIVoxv690J3 +sIfanWlSX7UvPVShVGg2MA0GCSqGSIb3DQEBCwUAA4IBAQB4unTd5lxCGKsEyViE +m1AZpxTwISBdxuixpXoskuHwCw5LApp8WbaO0W4h4ZLfL+P2cAKx7awvfsaLKQ0i +tnmhyCZitwI9cfmRs8wwU3WgVH/CiIWv96R9mqA8AQ0pMRUp240idzd/VkLYc2RL +CFECQOdsgflyp95PqWyFD1aGdMmwCW5nFUYkbA18cJER5VG9nquBNROzM14z73Wa +PelMX56on9fk+KgryPQIMJFQxqwWbiszby6UaWLQ3ZDKiNwdJsmZWvQ/Gw05NTtp +J1gOExSwrDQM0X5gxMaSxTDU7zEWQz2kjYWjdtdtiq8AtRjQ8DlqXseTpHOUB8iW +5vWY +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFSTCCBDGgAwIBAgIQCbdJ/X8LSRbKBVZWz/bZgjANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0xMzA0MDkwMDAwMDBaFw0yMzA0MDgyMzU5NTlaMIGKMQswCQYDVQQGEwJVUzEd +MBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVj +IFRydXN0IE5ldHdvcmsxOzA5BgNVBAMTMlN5bWFudGVjIENsYXNzIDMgRXh0ZW5k +ZWQgVmFsaWRhdGlvbiBTSEEyNTYgU1NMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAwUo5gP1SVSC5FK9OwhPfSgNKsGXFaGaKJJxyi63peok7gyXs +LFcSKSb3qHD0Y+AGVTyD8cPxY0sypzk9D/exa/G+Xxua5KoXZUbBpue3YXWKmCYZ +HqcPo8eypoUnOQR0G8YHFiqSqOjpm8RaIIoby0YJUeSi5CGDM9UnyXvbqOF2hljp +4b0TV2vgGq9xA7MV8EQB5WFk9fIRmVLs7ej1PRNrISfCxgPA8g/VWH/17yql/yjq +jeWOdt8sZmSbNb9j/Z9KSJ8whT7VsvH+yESoWC6gnWC9Cs7BJQgcTfK0w+tcOLfY +1JslzuMzFs/JL8wocPpjdNXExxEVpZnyKSLABQIDAQABo4IBdDCCAXAwNwYIKwYB +BQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC53cy5zeW1hbnRlYy5j +b20wEgYDVR0TAQH/BAgwBgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggr +BgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIw +HBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwPgYDVR0fBDcwNTAzoDGgL4Yt +aHR0cDovL2NybC53cy5zeW1hbnRlYy5jb20vdW5pdmVyc2FsLXJvb3QuY3JsMA4G +A1UdDwEB/wQEAwIBBjAqBgNVHREEIzAhpB8wHTEbMBkGA1UEAxMSVmVyaVNpZ25N +UEtJLTItMzcyMB0GA1UdDgQWBBSybePkFA+MPHNCplqZGtMUdbaG2zAfBgNVHSME +GDAWgBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEAdJ3d +mGjc+GgcDYkNvwlH3cWvtjX7EqazxfQGSbmJcnB0fKn1cxQh6wAW9VOsKBq0salx +V6wBS/SYJMULRSKRRtL+1rYIRPMbgwUcFMBo34qHylbm72/zlBO0W4VPrVe68Ow7 +gOeiAV+7ZYUARJc0uNiuIW+Xva9zHMVw3Mb3x2sgh6oEYmnI9sPzpHSPG1VPKrsH +NUZlCdqof2NXVfDrn0kVlVeqf8tER1EAWVaDHUCRLdgd0l9x7ibBbkUNxU0SP7+R +5TYnB2qysmYrhf8nQaKSs8pOAY371fbh5FTWa8ySae7kOY6dNM4Us/CAauNW7mW0 +zB9UpGiJBN2YLL3Pow== +-----END CERTIFICATE-----