From 440484baf2d6e1fc74894a3361472fa073da2e3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sun, 29 Jun 2025 10:58:51 -1000 Subject: [PATCH] Regenerate sample certificates to fix CI Some certificates used by CI have expired and cause CI failure. Follow instructions from the `SETUP.txt` file to re-generate them, and update these instructions to make this easier the next time. --- src/test/ruby/x509/SETUP.txt | 17 ++- src/test/ruby/x509/demoCA/index.txt | 1 + src/test/ruby/x509/demoCA/index.txt.attr | 2 +- src/test/ruby/x509/demoCA/index.txt.attr.old | 2 +- src/test/ruby/x509/demoCA/index.txt.old | 1 + ...E0E82756779BDA39DFF3AEE16916DE984FFD26.pem | 79 +++++++++++++ src/test/ruby/x509/demoCA/serial | 2 +- src/test/ruby/x509/demoCA/serial.old | 2 +- src/test/ruby/x509/javastore.ts | Bin 978 -> 978 bytes src/test/ruby/x509/newcert.pem | 104 +++++++++--------- src/test/ruby/x509/newkey.pem | 56 +++++----- src/test/ruby/x509/newreq.pem | 28 ++--- 12 files changed, 192 insertions(+), 102 deletions(-) create mode 100644 src/test/ruby/x509/demoCA/newcerts/7FE0E82756779BDA39DFF3AEE16916DE984FFD26.pem diff --git a/src/test/ruby/x509/SETUP.txt b/src/test/ruby/x509/SETUP.txt index 5f7b2c7b..f3fe7522 100644 --- a/src/test/ruby/x509/SETUP.txt +++ b/src/test/ruby/x509/SETUP.txt @@ -1,15 +1,24 @@ -$ /usr/lib/ssl/misc/CA.sh -newca +$ /usr/lib/ssl/misc/CA.sh -newca # Only does something if demoCA does not exist -$ /usr/lib/ssl/misc/CA.sh -newreq +$ /usr/lib/ssl/misc/CA.sh -newreq # Use any password for the private key, leave the password empty for the CSR +Country Name (2 letter code) [AU]:AU +State or Province Name (full name) [Some-State]:None +Locality Name (eg, city) []:. +Organization Name (eg, company) [Internet Widgits Pty Ltd]:JRuby Dev Team +Organizational Unit Name (eg, section) []:JOSSL +Common Name (e.g. server FQDN or YOUR name) []:jruby.org +Email Address []:. -$ /usr/lib/ssl/misc/CA.sh -sign +$ /usr/lib/ssl/misc/CA.sh -sign # CA key password in demoCA/private/cakey.pem.passwd Signed certificate is in newcert.pem +$ rm -f javastore.ts + $ keytool -importcert --file demoCA/cacert.pem -alias demoCA -keystore javastore.ts -storetype jks -storepass keystore Trust this certificate? [no]: y Certificate was added to keystore -$ keytool -list -keystore javastore.ts +$ keytool -list -keystore javastore.ts -storepass keystore Enter keystore password: Keystore type: JKS Keystore provider: SUN diff --git a/src/test/ruby/x509/demoCA/index.txt b/src/test/ruby/x509/demoCA/index.txt index ee9978dd..1099bbb5 100644 --- a/src/test/ruby/x509/demoCA/index.txt +++ b/src/test/ruby/x509/demoCA/index.txt @@ -1,2 +1,3 @@ V 270420110921Z 7FE0E82756779BDA39DFF3AEE16916DE984FFD24 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=demo.ca V 250420111357Z 7FE0E82756779BDA39DFF3AEE16916DE984FFD25 unknown /C=AU/ST=None/O=JRuby Dev Team/OU=JOSSL/CN=jruby.org +V 260629205611Z 7FE0E82756779BDA39DFF3AEE16916DE984FFD26 unknown /C=AU/ST=None/O=JRuby Dev Team/OU=JOSSL/CN=jruby.org diff --git a/src/test/ruby/x509/demoCA/index.txt.attr b/src/test/ruby/x509/demoCA/index.txt.attr index 8f7e63a3..3a7e39e6 100644 --- a/src/test/ruby/x509/demoCA/index.txt.attr +++ b/src/test/ruby/x509/demoCA/index.txt.attr @@ -1 +1 @@ -unique_subject = yes +unique_subject = no diff --git a/src/test/ruby/x509/demoCA/index.txt.attr.old b/src/test/ruby/x509/demoCA/index.txt.attr.old index 8f7e63a3..3a7e39e6 100644 --- a/src/test/ruby/x509/demoCA/index.txt.attr.old +++ b/src/test/ruby/x509/demoCA/index.txt.attr.old @@ -1 +1 @@ -unique_subject = yes +unique_subject = no diff --git a/src/test/ruby/x509/demoCA/index.txt.old b/src/test/ruby/x509/demoCA/index.txt.old index 2c79c486..ee9978dd 100644 --- a/src/test/ruby/x509/demoCA/index.txt.old +++ b/src/test/ruby/x509/demoCA/index.txt.old @@ -1 +1,2 @@ V 270420110921Z 7FE0E82756779BDA39DFF3AEE16916DE984FFD24 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=demo.ca +V 250420111357Z 7FE0E82756779BDA39DFF3AEE16916DE984FFD25 unknown /C=AU/ST=None/O=JRuby Dev Team/OU=JOSSL/CN=jruby.org diff --git a/src/test/ruby/x509/demoCA/newcerts/7FE0E82756779BDA39DFF3AEE16916DE984FFD26.pem b/src/test/ruby/x509/demoCA/newcerts/7FE0E82756779BDA39DFF3AEE16916DE984FFD26.pem new file mode 100644 index 00000000..42460fda --- /dev/null +++ b/src/test/ruby/x509/demoCA/newcerts/7FE0E82756779BDA39DFF3AEE16916DE984FFD26.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 7f:e0:e8:27:56:77:9b:da:39:df:f3:ae:e1:69:16:de:98:4f:fd:26 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=demo.ca + Validity + Not Before: Jun 29 20:56:11 2025 GMT + Not After : Jun 29 20:56:11 2026 GMT + Subject: C=AU, ST=None, O=JRuby Dev Team, OU=JOSSL, CN=jruby.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cb:e0:da:d2:8b:cb:a3:4c:e4:c9:00:23:ab:cd: + cd:e3:e0:d7:60:66:25:9a:83:6b:d6:22:4f:83:32: + 5f:59:1f:62:37:d3:78:a7:84:17:a1:1e:5e:76:df: + 7e:a9:a8:23:8e:d3:fb:2d:f5:4a:9d:5e:4b:ad:08: + 1a:95:02:e1:a1:b5:44:94:21:0a:54:1c:a1:12:17: + f6:3a:11:de:ac:c8:3e:7e:88:d4:b6:cb:f1:8c:8a: + 07:db:52:8b:2e:a8:a4:df:18:ce:f5:d9:db:c5:1f: + 55:e5:a3:96:0c:c3:82:2f:a3:df:45:f1:e7:27:f7: + 02:67:c9:66:32:30:de:98:0a:bf:6b:8a:d0:e5:86: + 7a:57:52:7f:97:a1:be:59:54:92:10:e5:1b:c3:ca: + ae:d0:7e:cf:e7:93:92:40:af:63:d5:35:e5:e2:5a: + fa:8f:4a:33:c0:08:08:cb:e2:f9:88:58:b5:1f:50: + c2:75:fe:bc:65:10:69:8f:ee:07:dd:9a:d5:27:5a: + 1e:ed:aa:7a:b4:5a:22:0e:dd:9a:84:6d:9f:e3:40: + fd:60:c5:4d:10:a1:78:46:3c:84:04:ad:83:e1:d4: + d0:b8:fe:be:4c:ab:de:44:91:8f:da:35:f3:76:e8: + b8:fb:8a:64:4d:85:32:ce:e2:37:14:00:04:d3:66: + 0c:33 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + E2:1B:CB:68:88:88:73:C1:5C:76:8D:00:43:86:60:F4:C5:AF:EB:BA + X509v3 Authority Key Identifier: + 8F:B4:94:C8:7F:CB:EF:00:89:B2:F6:C1:BE:44:4B:1C:12:54:3B:28 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 04:02:1e:7a:25:33:4a:44:81:98:88:ec:50:42:8d:74:29:44: + 57:c9:b8:3b:85:c2:b9:0b:13:53:51:53:3f:c7:a6:b9:ed:81: + 56:e2:39:08:0c:8a:d1:9a:63:ba:8f:c5:b6:8f:96:20:9e:4c: + 98:b2:16:f2:37:55:33:4a:bc:f3:d3:36:40:bc:56:32:96:95: + de:1e:9c:ed:5e:e9:59:be:e7:27:34:73:2c:36:bd:a9:cd:3e: + 85:b2:ac:8a:e1:02:6b:0c:4b:92:94:4f:fc:8c:15:84:cd:59: + 2b:6a:9e:e0:dc:04:e8:7a:81:0c:d8:8b:72:6a:28:cc:78:9c: + bc:36:68:58:2d:42:af:7a:fd:63:d8:3b:6b:48:3e:05:07:ec: + 58:9f:08:89:2b:75:9e:4e:43:9b:11:ec:5e:50:9d:65:10:bd: + 0b:8a:f5:5f:f8:5f:10:a0:c7:8f:f6:b5:58:fb:19:46:68:a7: + 1d:6b:00:8f:99:d9:a1:b2:f2:ba:37:47:7f:08:9b:f1:00:e9: + a1:a3:cb:02:e0:94:56:80:38:b7:a1:4c:e4:29:3f:ec:ac:6a: + db:98:de:2f:80:63:51:53:5c:4f:a5:d2:fa:b6:d5:9b:35:12: + bf:88:66:b1:2d:c2:be:c3:f7:4f:97:d3:f2:1b:76:ef:13:52: + 47:bb:7b:3b +-----BEGIN CERTIFICATE----- +MIIDizCCAnOgAwIBAgIUf+DoJ1Z3m9o53/Ou4WkW3phP/SYwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEQMA4GA1UEAwwHZGVtby5jYTAeFw0y +NTA2MjkyMDU2MTFaFw0yNjA2MjkyMDU2MTFaMFkxCzAJBgNVBAYTAkFVMQ0wCwYD +VQQIDAROb25lMRcwFQYDVQQKDA5KUnVieSBEZXYgVGVhbTEOMAwGA1UECwwFSk9T +U0wxEjAQBgNVBAMMCWpydWJ5Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMvg2tKLy6NM5MkAI6vNzePg12BmJZqDa9YiT4MyX1kfYjfTeKeEF6Ee +XnbffqmoI47T+y31Sp1eS60IGpUC4aG1RJQhClQcoRIX9joR3qzIPn6I1LbL8YyK +B9tSiy6opN8YzvXZ28UfVeWjlgzDgi+j30Xx5yf3AmfJZjIw3pgKv2uK0OWGeldS +f5ehvllUkhDlG8PKrtB+z+eTkkCvY9U15eJa+o9KM8AICMvi+YhYtR9QwnX+vGUQ +aY/uB92a1SdaHu2qerRaIg7dmoRtn+NA/WDFTRCheEY8hAStg+HU0Lj+vkyr3kSR +j9o183bouPuKZE2FMs7iNxQABNNmDDMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNV +HQ4EFgQU4hvLaIiIc8Fcdo0AQ4Zg9MWv67owHwYDVR0jBBgwFoAUj7SUyH/L7wCJ +svbBvkRLHBJUOygwDQYJKoZIhvcNAQELBQADggEBAAQCHnolM0pEgZiI7FBCjXQp +RFfJuDuFwrkLE1NRUz/HprntgVbiOQgMitGaY7qPxbaPliCeTJiyFvI3VTNKvPPT +NkC8VjKWld4enO1e6Vm+5yc0cyw2vanNPoWyrIrhAmsMS5KUT/yMFYTNWStqnuDc +BOh6gQzYi3JqKMx4nLw2aFgtQq96/WPYO2tIPgUH7FifCIkrdZ5OQ5sR7F5QnWUQ +vQuK9V/4XxCgx4/2tVj7GUZopx1rAI+Z2aGy8ro3R38Im/EA6aGjywLglFaAOLeh +TOQpP+ysatuY3i+AY1FTXE+l0vq21Zs1Er+IZrEtwr7D90+X0/Ibdu8TUke7ezs= +-----END CERTIFICATE----- diff --git a/src/test/ruby/x509/demoCA/serial b/src/test/ruby/x509/demoCA/serial index 0b14c109..e06d064f 100644 --- a/src/test/ruby/x509/demoCA/serial +++ b/src/test/ruby/x509/demoCA/serial @@ -1 +1 @@ -7FE0E82756779BDA39DFF3AEE16916DE984FFD26 +7FE0E82756779BDA39DFF3AEE16916DE984FFD27 diff --git a/src/test/ruby/x509/demoCA/serial.old b/src/test/ruby/x509/demoCA/serial.old index f82eb9f3..0b14c109 100644 --- a/src/test/ruby/x509/demoCA/serial.old +++ b/src/test/ruby/x509/demoCA/serial.old @@ -1 +1 @@ -7FE0E82756779BDA39DFF3AEE16916DE984FFD25 +7FE0E82756779BDA39DFF3AEE16916DE984FFD26 diff --git a/src/test/ruby/x509/javastore.ts b/src/test/ruby/x509/javastore.ts index dfd844f7b1903313f2a9118cdfd9b07ebe3945d7..a3fa281511eeeefcec970eede82eb933be79e3ef 100644 GIT binary patch delta 37 vcmV+=0NVf32hs