This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.6.x-fixes by this push:
new d5f9b20ff0 Fix all ValidatorCRLTest test cases
d5f9b20ff0 is described below
commit d5f9b20ff09d381e2704db89afe0fd62d6ed6012
Author: Andriy Redko <[email protected]>
AuthorDate: Tue Sep 16 20:53:55 2025 -0400
Fix all ValidatorCRLTest test cases
---
.../resources/data/xkms/certificates/README.md | 55 +++++++++++++++++++++
.../data/xkms/certificates/crls/wss40CACRL.cer | Bin 1457 -> 707 bytes
.../resources/data/xkms/certificates/wss40.cer | Bin 1353 -> 1353 bytes
3 files changed, 55 insertions(+)
diff --git
a/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/README.md
b/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/README.md
new file mode 100644
index 0000000000..f31897d4ad
--- /dev/null
+++
b/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/README.md
@@ -0,0 +1,55 @@
+## Regenerate CA w/o CRL:
+ - Generate new key and CA: `openssl req -new -x509 -days 3650 -key
trusted_cas/ca.key -out trusted_cas/ca.crt`
+ - Convert to DER: `openssl crl -inform PEM -in trusted_cas/ca.crt -outform
DER -out trusted_cas/wss40CA.cer`
+ - Create `ca.conf`:
+ ```
+ [ ca ]
+ default_ca = myca
+
+ [ crl_ext ]
+ # issuerAltName=issuer:copy
+ authorityKeyIdentifier=keyid:always,issuer:always
+
+ [ myca ]
+ dir = ./
+ new_certs_dir = $dir
+ unique_subject = no
+ certificate = $dir/trusted_cas/wss40CA.cer
+ database = $dir/certindex
+ private_key = $dir/trusted_cas/ca.key
+ serial = $dir/certserial
+ default_days = 3650
+ default_md = sha1
+ policy = myca_policy
+ crlnumber = $dir/crlnumber
+ default_crl_days = 3650
+ x509_extensions = myca_extensions
+ default_bits = 1024
+
+ [ myca_policy ]
+ commonName = supplied
+ stateOrProvinceName = supplied
+ countryName = optional
+ emailAddress = optional
+ organizationName = supplied
+ organizationalUnitName = optional
+ localityName = supplied
+
+ [ myca_extensions ]
+ basicConstraints = CA:false
+ subjectKeyIdentifier = hash
+ authorityKeyIdentifier = keyid:always,issuer:always
+ nsComment = OpenSSL Generated Certificate
+ ```
+ - Run these commands:
+ ```
+ touch certindex
+ echo 01 > certserial
+ echo 01 > crlnumber
+ ```
+ - Create CSR: `openssl req -new -key cert.key -out cert.csr`
+ - Create certificate: `openssl ca -batch -config ca.conf -notext -in cert.csr
-out cert.crt`
+ - Convert to DER: `openssl x509 -inform PEM -in cert.crt -outform DER -out
wss40.cer`
+ - Generate CRL `openssl ca -config ca.conf -gencrl -keyfile
trusted_cas/ca.key -cert trusted_cas/wss40CA.cer -out rt.crl.pem`
+ - Convert to DER: `openssl crl -inform PEM -in rt.crl.pem -outform DER -out
crls/wss40CACRL.cer`
+
\ No newline at end of file
diff --git
a/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/crls/wss40CACRL.cer
b/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/crls/wss40CACRL.cer
index 3b37f9502e..780b98c582 100644
Binary files
a/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/crls/wss40CACRL.cer
and
b/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/crls/wss40CACRL.cer
differ
diff --git
a/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/wss40.cer
b/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/wss40.cer
index 7fd5010cac..182f73f739 100644
Binary files
a/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/wss40.cer
and
b/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/wss40.cer
differ
