From dcacb0ff036c8b7e02c0f0023999d243958e2503 Mon Sep 17 00:00:00 2001 From: Sam Byng Date: Fri, 28 Apr 2023 17:44:24 +0100 Subject: [PATCH] Fix #203: Update truststores/keystores for pekko-remote (#298) * Issue 203: Regenerate the keystore/truststore for remote tests I've followed the guide at https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm to update the makefile's domain.csr recipe. I then ran 'make' and deleted any files that were not there previously (i.e. the private key) * Update akka-remote to pekko-remote to reflect new test cert --- remote/src/test/resources/Makefile | 2 +- remote/src/test/resources/domain.crt | 36 +++++++++--------- remote/src/test/resources/keystore | Bin 2421 -> 2429 bytes remote/src/test/resources/truststore | Bin 1114 -> 1206 bytes .../artery/tcp/ssl/X509ReadersSpec.scala | 2 +- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/remote/src/test/resources/Makefile b/remote/src/test/resources/Makefile index 86edcc4eaf..bec01c0ad2 100644 --- a/remote/src/test/resources/Makefile +++ b/remote/src/test/resources/Makefile @@ -17,7 +17,7 @@ domain.cnf: echo "subjectAltName=DNS:localhost" >> domain.cnf domain.csr: domain.cnf - openssl req -new -newkey rsa:2048 -keyout domain.key -subj "/C=ZA/ST=web/O=Lightbend/CN=akka-remote" -reqexts SAN -config domain.cnf -out domain.csr -passout pass:changeme + openssl req -new -newkey rsa:2048 -keyout domain.key -subj "/C=US/ST=Delaware/O=Apache/CN=pekko-remote" -reqexts SAN -config domain.cnf -out domain.csr -passout pass:changeme .PHONY: clean clean: diff --git a/remote/src/test/resources/domain.crt b/remote/src/test/resources/domain.crt index facd3f74a6..f19193d286 100644 --- a/remote/src/test/resources/domain.crt +++ b/remote/src/test/resources/domain.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgIULYjj2NGVQ1r1MzK9j03lmw/s9AAwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCWkExDDAKBgNVBAgMA3dlYjESMBAGA1UECgwJTGlnaHRi -ZW5kMRQwEgYDVQQDDAtha2thLXJlbW90ZTAeFw0yMDA2MDIxMTA1MDVaFw0yMDA3 -MDIxMTA1MDVaMEUxCzAJBgNVBAYTAlpBMQwwCgYDVQQIDAN3ZWIxEjAQBgNVBAoM -CUxpZ2h0YmVuZDEUMBIGA1UEAwwLYWtrYS1yZW1vdGUwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQC8bahFbJFC31YWoyJGdOasMnZHE+D3jjnTmGS+E6Ev -YxQ1zR+ja2CpDv1M5VjOS4qzVXBXm/2OM35Er6sE+cAdtO8qXq39hzhNoS5nvHIo -hl881MHIbndohtMZm2NsKM2yHnqnFI4jMnlEK9d8gmn25PsqUwOC9g9h4HOp+qys -mqDzMmyZSS3qotyximOPBIQcRan6xh9i3Zhi3VRIxMl9WNR1gU5sbOeO4G7xsKyY -FjfEeVjyDOG1pYHpnBVtqTDJoNzs5jZIslzpZU/iCW1fF2r5VwCuwMj/fgSxz7Qv -LXqw70QDKeDkebgaTmhqAtYbAT20JXwMCuiE+8Lo4hGbAgMBAAGjGDAWMBQGA1Ud -EQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAm97sH2qjazMJV66X -wJfxk72qHpZIXyzGIAcORcF8lxDOKaqO8q85cZa9uNhq+CtSOEN41KupBKVk4dfa -ZZ7IWFqptXKsztQ6Ff+ruEX3ZeW3ZsZp72+PuauC6ClNmxZG4/bUA0uKKd8s5yPK -jqJ3KR6ZuYykBvT2dQrHdI4LQPC4Sh+AZtfizTh21dYz4F1HPe/aBoDx0eAO6oyF -S0V6Mm8d/ydCg5wS+s0NmNniia3sww2fud+PyR3AaaubSBKhThQg6pQhFiaxjKSz -IMCg9Yicy8vem5w+HqOJqoyiPDSdxtInyeNKskxcB7ayOpcWj/TX/W379FWABxeo -rt8eZw== +MIIDNjCCAh6gAwIBAgIULYe4EBXmMjvX8QpoUDdKsL7L64wwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCERlbGF3YXJlMQ8wDQYDVQQKDAZB +cGFjaGUxFTATBgNVBAMMDHBla2tvLXJlbW90ZTAeFw0yMzA0MjUyMDMxMTBaFw0y +MzA1MjUyMDMxMTBaMEgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhEZWxhd2FyZTEP +MA0GA1UECgwGQXBhY2hlMRUwEwYDVQQDDAxwZWtrby1yZW1vdGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Ljhl1x9yitKPRLK7x2p54U+MMpaWqnH8 +IoK1vq4PJ3Tj5V2sXzNBtAcwBjdiQCJAPh77WHWtPpDTsYFXh5RSe0lEc1P3j9Zb +Hp7DwWzmorwdHpdVVB3eaFktlkjCi/townSxlgeudeGzKIUfI4Jfbs/K9a6cihSQ +fWxi5H4h+FZRQzoc/8nfQtcQsff89OaQZRBssCrU+fFqX6vEjdTXftXF/wcACYev +29BoK/IVz0ULS+yJQOiemt7yq5Zu22PDEpzb8gEnrA7gFZ0HwmQmYcMv7Uqfii9Y +Y7VAK/Lzu9jM5lJsR0tw9W7x0uQzx9SC3iIS75NrDMPPVBGkjvUPAgMBAAGjGDAW +MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAbGZD87Ir +/CrE4hMGZkO0rcdsrBNGeQqKSCNypuTab4bVnCiJP8TxJWlKg5YEkrmv9kKWDKvw +PE8mH72SM6s/HdMbW2DTXidP3EqRpnehWnDD7jeVj9M/pv/fER1rYZ2yYsjVd2Zw +jev8kJDQTjrgjUzJAd1XjitXxTwLzajIf9poXlAEZ3Q0yilcsm1pcZwUPxEgxKFW +Qa2vP0PM5XSSBhn6uFgPrm2e2vheo1oEwFWe2wYL32c5mFpcqPTTNzdWqb8erLKR +BtHX36+OiOt4KQhgimGecVTVFLoJzIDP4upgb6lqTNfgdJ9+XOOKzhBjnEjGwcwk +96dbiUglmS/e3A== -----END CERTIFICATE----- diff --git a/remote/src/test/resources/keystore b/remote/src/test/resources/keystore index 14a0e51f7f159fcf237d284e2886745a7e0be84a..7685885383cb9747259848fef71399f19b523601 100644 GIT binary patch delta 2361 zcmew=^jFBipoz1RiILf$iPN5qQ>)FR?K>|cJL7^TP6L)EP91|LP7Q-5=KBaKwgpYh z7Yv%1&oD7E7&I{-o#-H2|Jv%)U7H*C5}24c7#fsuI=ual9`&nCIJy-hto+Eb$5ujEzVU+TkrFvNl3kE+Y5hG{of{b4no zZBVK`RmnZ%5J|XG(iYt4jR5$a^^6N?GzF$9jM#f${qGMO#M3ee}gnO4C zPPY6m;deMgBaKPxj$uUC`DXjS3fnceg}yi*uJB6c$sN}@|CcJ5bczJ-$a45CwXeoc zD>Pc2FL3i5#}AJ+EdD>=d;Hkd|7?@WI+i90lpKiKqVb#K+IMYN`*%h@cD}t9f4+;p z+W*$^j_`it-@Zqk&DZf;#k|_QV9_I+_|I$meQ%?{ruGtET*>UB_)i(~@`8M=H8yas516efh}U zd6%!&ONF(h@kHM1R=>;oJGD=H$BP9P-fArhpB|n1!m#hADyz`b;P>CBY30|SW>%^` z{;*-1mcow|<^P8=mR&M>&O3X>(vUEzw{YoCO)U!D5YG-`#&!?TC}3Cubdyr#F7VWv^@B&|}$+Yc|~GMJZ^D;xUp zODLy$WvpBM^)~A>={>LK8gqX)s#)>RU}1K);=;w8-!=17C$+7-HzD1jemSpB%Ub=# zUiKWDBOYzBm1$Wx;qjkYA{FNXKhJpnes{gvY~~3eyX9W(SaU(zVXqwDq?1g{CK89- zV*ADSi8xzcy_R=&MOF8|-K`C_Uro+6vjvuyWg8xympDiNn`^b-T6N>{K<uO)<;A+eRq(R2T6&F5bptlz)y^ezY4 zRFheq8)mts>&fmYFLiY?k6XYMGWjpFTm8lzPmjy1-L3`YS(YZ26CZvWsm^Fgxyhs* zu*1RNv>mk#O26gBPo#NrmTvH~d?)2+%=wSM+=*$;%VNgp*No}gquE=! za<1%a@ug$C9A0vIp;$!Ro zH}#SmYnE$P*cm=4U9q^*eVx?8woRy91mA4JOVGx%83AZAa&e3+nCvIO3b{+h40o z(qVXfwYj1A{J+h+ZcP$iA=(^rr^L@|SBbrx{>+00^#UiRSVg6o8$96N1)YX_+=29}P7+16)!PFwbRhWguk9^zk-`q(8>{u={>`Xld$ zp}jwjr|_PbU;4GkalY-cQhU+eyYD&JIg5Lj3)sCpz4`8jkUSM-w{6z~J_iN(zB7D1 z@g=iq{z=u1UyJKA?|+%z*|awf5f!jeQRk-*YQkF3!`h zs9XN+enL?d$Bi8;-#XnXlPYE|Kl$XN)`RuGxHo1*%QYN%k$5fai=p!2E`istZ57r$^;-!0mi{i;FQP9DeU3W$ODL$@_Cf2RNnN ztk0Cs|N5XHC1ZY`-_+2r9apE$*Y@f+JU4OawLh!oY|Qb0a`je9Pk*CF{fuMz9hYu@ zUaTeDqLlVJ`#|faAeGThh0@+og}y2d=hP4bt1i>osB7WbZD{rKZfjb0kvZymUo-lyzFpP6ZRwvl@th=Q`+xd2*#L{Y><<>U!srTUy6Vp5736?H*UDa!CHuXQ36Z z#N_v`;uVZJd7ji_Pw55({;IsDQo7hmieXkX8!W{s23a`;Lw>KZFc!= z3;V~i_6u6Y*VZOIWMbH}x*>edaaR$+N%1QdTPn`&7BKk4o?gGX{QSy$p9GGs_q_L= z@kzz4i?6^i{~gpoz1PiILf$iPM~oQ>)FR?K>|cJL7^TP7RhOP8EYDP6dM|=IaP4wgpYh zCk&dHk1#PZ7&I~Oo#-H2fBD~^#3}7tvY41S7#fzxE4SR2kYaRm%I^J7?chH@9z>u$A6Wy7-FK#qd*mIHQiilA+v}8yOf8YttmTcFvJFod&+0@dh z(7%pjGJn{)n1loBr;-C@FS%Z268P_UUs%@uoXp-B`zf;~eC+Y}PVYP}oJ)d5e(g zL!QsKJPed3uUFY`f9{51@VDF*>*iba&)@YSZ|AeEkCY})zQ1~J$gQi7>TM3F-!IRs z^q;R15Ln;;!17b+!piqutZRL8yLXv?d-5tLAcbjjWPwv+H}lQaQ|=s!xV9v9<*nMr zA7;nwE_WKl)lX_?xt3l3=HKe0-VemvKHQkU*6(R)(7&kWcrOQ*xcuz1R;Efuy0t&l zKCms#-aX-@f!TYX`dxl2Z=O=huU-BtNt)rSmlBK9WY3jKYpVXFUT^B@@%wWlI{eka z8i^X~_KkK^!b#xq$ zZ&++QcYDGM4XF~7e?=1CCH61B9s70v*2tIpOk~QZei3@QdPc-HraBQ(?@elQ2eUZZ znTqExdVQ;P!N&QTANBGY{M^38ygRje+Ad2Y6&K^X3vAM6Or2g|#klv8^^F51r~c3D zUlDF>rsCxr{P{;|imdz18)kcaWS&(Gre_55jROZ~a4 z5rxUmP6b{466kDo@+rq;Ru;E<%V;IX>fi~-KzWs=iRFaJN4@I;fws2W8y1H|vEKOQ zV(WO8`_*Q7CZGNKhj#tEdA4Omne+CERquaBoPX=Tu#ZzQ>2UmJrPT+1OCNfc(CoC> z$Eoz#Z68>v$j6tjp9nrl+pCGbM5U zthughlWH{5ADQfrYB*Fh^V%}cs0BVbvor2*o@MI&vmrVq(utZUo%JtISmAKJcB7HOd{dE$t9P?x zPf!$`9csq>Pb6E(LdyTl%;beiinII*{{JZHoW5vwxa1D=wa1xyRTTKv)SrvllffMN zng7E&Y0-)GSEBaEafHO*d71j!t02--W$S^6%mdvqZ0V_duiqUB#(46~4ayJM@oW9%&P5WPxdky#XFahk)DLQRSZe@GF?*mJ?db#>3#?zNw1 z2v((L@8#9e7T7j%f%Osdx5D=pMYqP>FztDz_Wz!>eL0U*H>+k*C*L}evo_Z0`U!iF zL^_jk$r z!o%g0zQlGZPxIY1XVTlpyZ;2#vTVB35c8ss;rXg&!S&adiLzI(N|4uiz_~B_XmC@B zqVIlgf#m_)7f8!}IwGYKX6zo))xXq?>-NUHqG@H2O#I84YbIrHRaj4NNkXe*i zmHgA@_muQ6D>wM_n9H|TEL=6A#_Y!5sh1K~w|5=M|L-&9P^gLYlI}l7i+62aEI7R^ zX)hnkw)$9|M>ClFnU_d&{(KPbt0$Higq| zosSnDpJ`wt{A2U$HG0KYI}8jB6b(4pShe|>nWR`5SVW$;?326C7I&s+d*rr?&q1~Y V87Eh;a9I5N@^X(ScQB~D1OTHWbrApn diff --git a/remote/src/test/resources/truststore b/remote/src/test/resources/truststore index 7f6041469c5a3ca7b83c29216907c392cd49b716..8e0af847878b84be00d65bc9a1e8b2f1a3a9732b 100644 GIT binary patch literal 1206 zcmXqLV%fyR$ZXKW62r!+)#lOmotKfFaX}M{FG~}Pr$G~ot3eZsBSMO8K@*FSK@*D} z6C;B`6N@@RhS4Am&SB*>h%~T3aCr>0Swv<#Ez{q>V4>%XMfTo%pFVzW`*>awbkz1_N0(&V)7(##Ck&MlBYB=z0#riQ9dcZMhBDs&qpf8=9CmSj<#7 z;C1X0;tI34bg+SH(a{&gY6qxI|0u53d|O@6J#4*980wmgoCqn(ov8{+qR2 zC+$*`N{9Xuo%H?RT|v#LO*t$#j>R9$O5J35?BO=k%DpbRceqQ;*;|V)B%Q2MnJ@Wo z>G~#vU0EML)f<^j->&#VL{Ihhv0Wbmg=4ulNgbGFdU4k>7JoU@2VX73YIK`?s|?m# zo|$rRR|e;?{KLWZr4`9O9ZVcAbDx}KteKMFweR!ykHSG$9ymD){M?o9QB`TXEJar1 z(-+<6CNoUi4+pDjGS14*%$Wc6P4Kq*h>+8fxs5w^+_iUdo10o${dVT>xrSeQt*Z?F zFsUo|{SBB^SIc7?-ZooYK=r?#{^pK%!DaI+MJ!|X9a(nQzeHqm32$)q*}V*Z4!B5O znw#>jW}OwQ_y!A0**iJLf}V@F&a+#==i#!J?_;Pl~+TFFHw(Ta0 zv*+$ypR$o_aYE59!*9oL*Y@g{m@Tw;{Kf8K#LqbUt0QWrRCyCj|u6!Hv69c zKYdb}2LHj=$1mPDW_iF;n*UTqX4(3;w-nNugRj~jx)muPsH4oz5ZPzy|3l}y+4N=! zofG!qttXD^+j6ICX!jZ1V-WiAR*_|myb_zIbQ|+Oqh{l(SG^)y-oKx%yc_6rOrW%- zzpC-^tc?aSm;PSd=&i5)_0OxIEe&THayj=4eQJ@L^~Qyzdd)-ax*`Rk-K<#>PopB_ z_jwuk8W_o0^G&tn&YM=0DqU{4l7<003fp9+vo$S@jcvT;F8;9+DlkY*7P5B2aaXR*^fI6d;w0hNruf?uzlV`64F9MI6j zyx=Ocp7RGc_46B#-!b+U;CgjTOzPx|9k;(KiER&zmfu~rbDMq2sTuc<=S$gXu9Dk$ zW157`l*i&HF6*d$`Mt*C@8_?()h1;8eRFR914G^XO(uB?IU2mH-B}9f%y0BEE^(XI z#<4(JrF45xaq#g2Td&`$={oMkVJO!0v%2ob#$DTU5|X#A&+nf9_;cUOu=Ud}>S-iK zteW>dxS6fZWsTp%Ab9R>&C^{={{@BI;9PZPqfMlKk>V0CM=Vc!WXRaw&vD#XNgS@ zpNsC<5USM{YoV%aqoDaEH1W>XISo(Ggig3O!(48^^xW3ZPiG16`D#A9+@~Y@S}Q50 z<&GYY@1M+tYLchhT@Cqu z%g^zy?G(9f`fT1bx6EyyD6mB^;sKuo*c{+jnx8Tx4 zi!!ErH@(-WJ?X$N*mbBYQLi8*+D&NB+UR-A*&Eb5nSP1vopSBd(>ozT7i{^z_~so? zD&z}a#JyzpGByR5tDBpCMRGX4ub)=7>e+(nCl)=jGH@-}{@}uvB9`9Yvlw)%lz0Ox z4+~xF>{)juuBz7WM(=V(?)Jh879X8m>zETR{QN3@bmxjj{t9n5UFQA#(`+WYUc7bm zZsBp~MVmKqP3En0iJKWWxmxkpRc&4Gdf9i=Yh%uN-q_yl;u~aKacM=zp>?fkGN(;D z?cYV(%xpBd7#qDwbH@5RAzm(}duE^87b5a?it!iWWA?wUzUf|{_?|=Asrawqd&^aC z(qhk^w%vU_Vovb_nF!wL=h+u$WTj1>AO6%Nc=4iQo7+!L2!A&SSi|X(x?^eUJVB4d z)GN1-)|42lSTQrHCq6!1yoASG`Nq6gFT7noF|54JYCI{e?SSEpWp_kxTztp3WP@eN zg|I83DvsA)|JQtRTJZ2m?amo4UVOZ4EsZ&Bou|BcHy(-Jt51rN>TGMz2Pu#jE$(}N>hSVW#3;asr1@(dfh#!bg76L`5q N1-0y$m>Js^005921uFmm diff --git a/remote/src/test/scala/org/apache/pekko/remote/artery/tcp/ssl/X509ReadersSpec.scala b/remote/src/test/scala/org/apache/pekko/remote/artery/tcp/ssl/X509ReadersSpec.scala index a8c67ad61e..ec0d1fd211 100644 --- a/remote/src/test/scala/org/apache/pekko/remote/artery/tcp/ssl/X509ReadersSpec.scala +++ b/remote/src/test/scala/org/apache/pekko/remote/artery/tcp/ssl/X509ReadersSpec.scala @@ -29,7 +29,7 @@ class X509ReadersSpec extends AnyWordSpec with Matchers { "read both the CN and the subject alternative names" in { val serverCert = loadCert("/domain.crt") - X509Readers.getAllSubjectNames(serverCert) mustBe (Set("akka-remote", "localhost")) + X509Readers.getAllSubjectNames(serverCert) mustBe (Set("pekko-remote", "localhost")) } "read a certificate that has no SAN extension" in {