This is an automated email from the ASF dual-hosted git repository. reta pushed a commit to branch 3.6.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 0dcfe16bab7780d679c92e944dbbe20a50fbbf0c Author: Andriy Redko <[email protected]> AuthorDate: Tue Sep 9 07:05:42 2025 -0400 Fix expired certificates (#2588) (cherry picked from commit e64124186a1db2d1d65b5d6da59b1afe36b7fc8e) (cherry picked from commit ae9b6cdfe5785e3dd502e3fdaac351b08bacbc4f) --- .../org/apache/cxf/transport/https/SSLUtils.java | 2 - .../src/test/resources/keymanagers.jks | Bin 5385 -> 7121 bytes .../transports/src/test/resources/keymanagers.jks | Bin 5385 -> 7121 bytes testutils/src/test/resources/keys/Bethal.jks | Bin 2202 -> 3935 bytes testutils/src/test/resources/keys/Bethal.p12 | Bin 2540 -> 4339 bytes testutils/src/test/resources/keys/Morpit.jks | Bin 2221 -> 3957 bytes testutils/src/test/resources/keys/Morpit.p12 | Bin 2564 -> 4355 bytes testutils/src/test/resources/keys/MultipleKeys.jks | Bin 4391 -> 7860 bytes testutils/src/test/resources/keys/README.md | 11 +++ testutils/src/test/resources/keys/Truststore.jks | Bin 4447 -> 5603 bytes testutils/src/test/resources/keys/Truststore.pem | 92 ++++++++++++++------- 11 files changed, 72 insertions(+), 33 deletions(-) diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java index ba34a645c7..d46365e288 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java @@ -225,14 +225,12 @@ public final class SSLUtils { @Override public void checkServerTrusted(X509Certificate[] chain, String s) throws CertificateException { - System.out.println("cst1: " + s); delegate.checkServerTrusted(chain, s); } @Override public void checkServerTrusted(X509Certificate[] chain, String s, Socket socket) throws CertificateException { - System.out.println("cst2: " + s); if (extendedDelegate != null) { extendedDelegate.checkServerTrusted(chain, s, socket); } else { diff --git a/systests/transport-hc5/src/test/resources/keymanagers.jks b/systests/transport-hc5/src/test/resources/keymanagers.jks index cdfbebae43..b259da723a 100644 Binary files a/systests/transport-hc5/src/test/resources/keymanagers.jks and b/systests/transport-hc5/src/test/resources/keymanagers.jks differ diff --git a/systests/transports/src/test/resources/keymanagers.jks b/systests/transports/src/test/resources/keymanagers.jks index cdfbebae43..60c35e992c 100644 Binary files a/systests/transports/src/test/resources/keymanagers.jks and b/systests/transports/src/test/resources/keymanagers.jks differ diff --git a/testutils/src/test/resources/keys/Bethal.jks b/testutils/src/test/resources/keys/Bethal.jks index 8da2ad06ee..7a5ef1d79d 100644 Binary files a/testutils/src/test/resources/keys/Bethal.jks and b/testutils/src/test/resources/keys/Bethal.jks differ diff --git a/testutils/src/test/resources/keys/Bethal.p12 b/testutils/src/test/resources/keys/Bethal.p12 index 5b627c563d..bfecf3d2c9 100644 Binary files a/testutils/src/test/resources/keys/Bethal.p12 and b/testutils/src/test/resources/keys/Bethal.p12 differ diff --git a/testutils/src/test/resources/keys/Morpit.jks b/testutils/src/test/resources/keys/Morpit.jks index b179baf29f..eeac78e682 100644 Binary files a/testutils/src/test/resources/keys/Morpit.jks and b/testutils/src/test/resources/keys/Morpit.jks differ diff --git a/testutils/src/test/resources/keys/Morpit.p12 b/testutils/src/test/resources/keys/Morpit.p12 index b18c8ed153..063f49ecd1 100644 Binary files a/testutils/src/test/resources/keys/Morpit.p12 and b/testutils/src/test/resources/keys/Morpit.p12 differ diff --git a/testutils/src/test/resources/keys/MultipleKeys.jks b/testutils/src/test/resources/keys/MultipleKeys.jks index 9e6c4770da..6517b78911 100644 Binary files a/testutils/src/test/resources/keys/MultipleKeys.jks and b/testutils/src/test/resources/keys/MultipleKeys.jks differ diff --git a/testutils/src/test/resources/keys/README.md b/testutils/src/test/resources/keys/README.md new file mode 100644 index 0000000000..833fb49f04 --- /dev/null +++ b/testutils/src/test/resources/keys/README.md @@ -0,0 +1,11 @@ +How to create / update certs and truststores +### + +1. `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes` +2. `openssl pkcs12 -export -out keyStore.p12 -inkey key.pem -in cert.pem` +3. `cat cert.pem key.pem > combined.pem` +4. `keytool -import -trustcacerts -alias <alias> -file combined.pem -keystore <truststore>.jks` + Optinally, delete existing alias: `keytool -delete -alias <alias> -keystore <truststore>.jks` +5. `keytool -importkeystore -srckeystore keyStore.p12 -srcstoretype pkcs12 -destalias <alias> -srcalias 1 -destkeystore <keystore.jks>` + + diff --git a/testutils/src/test/resources/keys/Truststore.jks b/testutils/src/test/resources/keys/Truststore.jks index 0abd848d28..a6612907be 100644 Binary files a/testutils/src/test/resources/keys/Truststore.jks and b/testutils/src/test/resources/keys/Truststore.jks differ diff --git a/testutils/src/test/resources/keys/Truststore.pem b/testutils/src/test/resources/keys/Truststore.pem index c04eaf8803..b5f8d43f5a 100644 --- a/testutils/src/test/resources/keys/Truststore.pem +++ b/testutils/src/test/resources/keys/Truststore.pem @@ -16,39 +16,69 @@ fVL8UJ0mSqUVMyH7oklyN0e3btKgAjY24ycNt+WTXaX0e1K7phsX0vNc9WMp1ZQN9NjozWXW0mte GMFO9ovDEyegHf0ZnWJthq4egYTMLmkzReE2neQDzuN8zYoZLTngbA3ynP+Ghgc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDTTCCAjWgAwIBAgIEOEaECjANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzERMA8GA1UE -BxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDzANBgNVBAsTBkJldGhhbDEPMA0GA1UE -AxMGQmV0aGFsMB4XDTE1MDkwOTE1NTIwN1oXDTI1MDkwNjE1NTIwN1owVzELMAkGA1UEBhMCVVMx -ETAPBgNVBAcTCFN5cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZCZXRoYWwx -DzANBgNVBAMTBkJldGhhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxgwx2lxVDL -teM15IOsdgBGff42ozTaLVjr30qHsREbnZrk+1G8KscUtVYUwtCDCEErz64tu/TY2jskUi54q1j2 -tOXCz0awxDRKbE4ddyvnqSqItYC9nB+T/LLFJ65bqyleRbO+Zsqj4Gi+8lGmzgk0kCLoCJ9LTrpt -VzsHHuBsvEkcBHEX8in5umzbTy6y1jq3zsUdclgA/EV4eyvFd5+8J8XiB6Ac4q7qYJdUaOrDKk5X -Ns05WuzW3hP/qXDpmyxgS1GQLBMj8yuopVR7/FuGCeDBSJe60cyWtDTxosjTLwjTEYIEB/ySIcgK -0TU+QxU8XEwwutjMzecKd9PQdpMCAwEAAaMhMB8wHQYDVR0OBBYEFDWt03QU4rqQa91UjYCNkfx0 -tp3HMA0GCSqGSIb3DQEBCwUAA4IBAQCwObHeIssS3e1INNs67T2g0v17Z1+HDEx65dfwph6Wxbex -hb9yNKEXFUIUk+Z6ZzTmv1fc4DBZ2z0Nbk8rrS2BD6kojWVRwZVnv6pfPDjU82mFL7kHztiNPq8u -23+lTrhO9HjuQZtVnTW3+Uw9RW5mBu+8QVgze0Q1DjL5PqX3YHq16LCYp6vVjdm0o7fKDQke2Z01 -a4hYtUF17m/Sw6319ocSI2fRA2ppQ7Ts8J3GSkAyygSR52mqaC7jDgD2Oh1eRhRaTgiyxLNLnAHu -Koxbcr3sGFP2ZYwtP9DlhxwZzzpPcNWwFMqcQ79WPKmRvBMNOQDBdW77P3cxG3DF5KkO +MIIFjzCCA3egAwIBAgIUKbneRbIyRYvQrnChbWg3lSAPwL4wDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcMCFN5cmFjdXNlMRMwEQYDVQQKDApB +cGFjaGVUZXN0MQ8wDQYDVQQLDAZCZXRoYWwxDzANBgNVBAMMBkJldGhhbDAeFw0y +NTA5MDkwMjA3NThaFw0zNTA5MDcwMjA3NThaMFcxCzAJBgNVBAYTAlVTMREwDwYD +VQQHDAhTeXJhY3VzZTETMBEGA1UECgwKQXBhY2hlVGVzdDEPMA0GA1UECwwGQmV0 +aGFsMQ8wDQYDVQQDDAZCZXRoYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQC/1tNxUIBqaZgnwAX3ThWu47ukzLhFZpEWkaROc1faFESk1hM1rAtHy5ws +Kzlu4eJHHJ4cYGC7Fkfp42KuuUYUhkLLmHfW6DSs6bw26YoBSwJlJFd1BF1URIc/ +slKvw9ZpV1EzqF+IawUC4dyoNmsH/G7mpZPCjDoJE1t8TMonCXD7elsZGz2e0Gan +ygvPSkjPMb4wsBDddoocN3zuXPk9LL+q85jUgVEkyrg0gM7zylgXNIY0zMIjOSJ7 +6o2wjrH+zPoR4S/djkCgGHhe27wNYo110fzZkk5+ZiW5XwfBWuBFw5PSs4aaIhMR +/149wwYKLcCruh4xnWFTODCjJ52RMGMN8gyEL8gaQjrU2BGufiqHGMm3nGF3VWYh +A1sn1MgEjjVlKE/64x6Yj5Cy922wIpuOGDTlH2EM46++6+v4298vHr9gfL5gfygv +ES8c8fCA+6oo/UB+y8J88jQvFzJ1bUC6ij8RD5lkLOj/uRGucjz6HN0/CxATIGY0 +rEAggPb3hQH+sPdZnfyz/kt59kZwXnshHfFiTK6U3ArYt6+zTQTLyVR3xlsIYw3U +efB3o+2+W1BjQq1BvzaEcD7+6E2pxnBZB2bLE43RHMXSRpy2WFRxYaxn8igmqeYt +aPzjtrVV1CzM28zZTk+7FAkoTNruewZoEbsNAFcbVfIwbFY+lwIDAQABo1MwUTAd +BgNVHQ4EFgQUUBN6dcoX4A926m3bm9OA+INQjBAwHwYDVR0jBBgwFoAUUBN6dcoX +4A926m3bm9OA+INQjBAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AgEAY8vSiasn00YkB7jjENoxMX+RJocEY51d+nSxbhu5Eww9QpoyJ2e62222fPfH +/BenYuLnqB6jDa906eO/2qpS+JLKdBTZcvHJpjfoTFOVZMQmrAoPUeeE2zr2xmEW +wF+cO/VCcO1McMisrJeiCwZwG5mwI6l6AdeJm/PJpw/LUAtsMCAmb9LxLh0NEoAm +pQk/FDZUJsYPDM1K3ColjhiBo/dFloyy33PycCJR3sP/yxtPe6XgqQqTu7U2Aivx +G2uqsFlAUtuPWFM9ztOfu9l5xR2pK9x24io6LegyLLi0T3+UWZpmeOK84x3nuMjs +3Qfk0EmIP/aUkpHirZRqiPkFtT2CtpNdbepgrW6JIARex5UZsxI+0NIBrwrmxbG4 +D6GciRZBhxa1T7VyGMn6L1QVEFu53XTdo5ISSbCf2PTLwOnCgujkRdZP/GFgvc06 +l+37pMPAWcJ/01r9zhRZj0a+6HbFckuIQTo9YlEcDZgtcPPkHjK7t9GlVK3TUTrc +NeOrNZ/pYAejMQhxSSNiODP4Y0IVcEWWEVRLSP9QK9DKLBos/Nsgn5cpNJVyA9v9 +w6i6E7DHqByi+VAzcMjmUXzHU0JsLqjcybXRs7Gc5E3T/FTAWJjh5D4zfrO/uKQ+ +UHLq1e00o98O80jOYN13wBVZTpOVhHBfU1rRBl/8SwurrgE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDYTCCAkmgAwIBAgIEDV+5sjANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzERMA8GA1UE -BxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDzANBgNVBAsTBk1vcnBpdDEZMBcGA1UE -AxMQd2hhdGV2ZXJob3N0LmNvbTAeFw0xNTA5MDkxNTUzMTRaFw0yNTA5MDYxNTUzMTRaMGExCzAJ -BgNVBAYTAlVTMREwDwYDVQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UE -CxMGTW9ycGl0MRkwFwYDVQQDExB3aGF0ZXZlcmhvc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAjKod4Ne5+B5rPhvl7Dt7//O1fRZYw5GACCgTG6F2Cy8ozF7lfQo7jy3KTjrC -xOkty6IUxcll5EKZQBfsqfKq2beEWI+tG//ZEfc1paK+4HGrqARtFXYm/azzEC8E66cVKRIej8DM -yXPHvNsSSN/T7c5QCMBAd5p+uQFCGkHcX6ywiCu5hOBDhxBTr3680lRIOjBoICd3ytlT8pnHqjm7 -VexiG5sPg32f90Tf1UCJQL41Jn1miow4xLjDw0L9pCcoLtoh1jjOwErwISeTXtfp0zMAZ1T0Cwmu -DQCL2Ek0ysmoDSQlpwL/zi/9XzeZCUY9a4KK2DV6q1WNnGJq6pMu0QIDAQABoyEwHzAdBgNVHQ4E -FgQULNllc99it0vTugh22XKUn7H3zUkwDQYJKoZIhvcNAQELBQADggEBAFnOo+ghsy59M25gjVBG -82siBQkhgl0eSzp/wVqa41F/KCY5hY8moKZARelNgOFQQxRpK6gBhj53TjF7B0w834r3S30F37qA -d+T7yfH9drN5I4mNeTHpxPKeI1KJneZUqKt1PR1iZScwPzHHIfUWRiZ8ilJwNNy2MoZONKh7lhf4 -ILfYclRmMu7UJfb2gFjvTnzUwS5YJ8U0H5EYy7oHZS+7q3GXuL953tFypr1m0kvDYW4kYwyhHRZE -XcDvDWvmO83BIk1AOQhzQ4ak4JLBpVQJnrPBhGUZOUAmIuRoV9If5WfvjVymH13VuAKoPJR3902u -Gul/3Uq+ifNDF8btPpw= +MIIFozCCA4ugAwIBAgIUSY0VO1ElcQxmIX1AF1OEHuKjNCcwDQYJKoZIhvcNAQEL +BQAwYTELMAkGA1UEBhMCVVMxETAPBgNVBAcMCFN5cmFjdXNlMRMwEQYDVQQKDApB +cGFjaGVUZXN0MQ8wDQYDVQQLDAZNb3JwaXQxGTAXBgNVBAMMEHdoYXRldmVyaG9z +dC5jb20wHhcNMjUwOTA5MDIyMTQ5WhcNMzUwOTA3MDIyMTQ5WjBhMQswCQYDVQQG +EwJVUzERMA8GA1UEBwwIU3lyYWN1c2UxEzARBgNVBAoMCkFwYWNoZVRlc3QxDzAN +BgNVBAsMBk1vcnBpdDEZMBcGA1UEAwwQd2hhdGV2ZXJob3N0LmNvbTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBANHjxYJUUZAQCm9kFph8q1JdPKSvta6q +BM8GmAoxd6fes5A1TmZKpiMdGcEBNksBpgp+MqvBFUQlMAyqXnDnsMW7ibw4N7f6 +s1gFI8zrUA0UwELUwDZGF4BSuJNlDInTm+ztqulaHCsyzmKusOgH9qnrllttsA7T +eO7XDhiZxnC+KQC2nokcMqkZbqvKxdCObi6D4BrdJhi1MNc76d8/KzbrtazWRS9o +wy0//zI9bjYFAVnfiwgOgsCFdj9qeTxSL655TtTyLYJh+lKHv+zOXRfnwIOuaehY +0w0oVmBxAzxG+wYmfNpwmAqqMgEjc3UhtJLaSrXfRVtsaKwmd3s3wfmew0USBQLK +hhuPSNoKaEAhVioIW7t0WIsYFDiyGTmJ8JlCLJQMySwHV+0HehtwOVZRnmiv930g +Gq4FRyU5xs1nIJ7vnTofhuqyWe+KNgt7A1H4Thnjtl2j8uDhEtYa/X0Ao86RPv8C +/HjBwuFl5nCqUMmAXzDD3LG+j9nW84BA7GiVdTz0k2KzsKTQC8wEJV/8Xgw2rrT2 +qXYjla8gCJt+HPwalTDFOEBfWlZcfqkZDxX/r/PZNlo8U7A8/LVv++KgHXyNaji1 +daVHvMCLzj7fXk46T+LqFr6hPB4HC2K1mgN4FuxhAElV9lVYr3OFcJQv2cU8+W1R +8jVBlOrefn+ZAgMBAAGjUzBRMB0GA1UdDgQWBBTFAekp2wYlQC5tj9i7HUn4D43N +qTAfBgNVHSMEGDAWgBTFAekp2wYlQC5tj9i7HUn4D43NqTAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCWbMGcm9y/cZQS6aBHSAkVIglELkRMXYUn +6v8RWyOe96yHKNRt0OK8bhmiP9XasYTQSFL+cYP0gh3XougeHFwnCYzdJVNzLuLF +Mg4HQf2G2g6ppmHomjC4TnkzQ6eOjuai3kUCn27sdQDn9e2bCOCgTmEj2imJ65Ww +jUExqCOGq7zEFfGjsoxfM8ERJnO56HLQLpib7jPLs0LCx3nbxoXEYE/9KvfRo+qU +qPMM29GnhJi8iaZfNrOL+0DZiAbqw5nG3SpOCr2ng5+UYhbG2L3xNWg56rxzhzCN +ApYftX6zBY9gp8AAdylYzyxxZfol7Jv/uNi98/cnW+EMw3woZEGmDRuCEp3nDSPG +r4JT9FJU2wssPm9anrb8+jT0pfz9Qy5uodoBmONq7YNvGAAQrpxOwtE/EEQoLbMZ +f40xCy/jjVKPE80vkUpgpm/r8KbVkc6tTh4EdJYUkepHtsf8ycoFJycB+U3TSQlI +tTl6LQNB7PCDTAEIPoMnZtisMzw21HjMAH8P1i8rnVrn+MDcrqyFqLIs86kv+yMA +ozYbODgBsei3RGribs+5VBGWh41SGiB9oYInZcOW2qbrX6PmyXnnyD5MSjIdCSR8 +634kRsT9lgTQLraaErfTLe+Xktkpza/+Iw6sSnDFbG38am/ij3Zh/4h4BW7vRooI +xSYHenJYdw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDTTCCAjWgAwIBAgIEOHEczzANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzERMA8GA1UE
