11:08 a.m.
[
https://issues.jboss.org/browse/JBWS-4108?page=com.atlassian.jira.plugin....
]
Jan Blizňák commented on JBWS-4108:
-----------------------------------
I have tried whether we really have such long safe period by changing system time (or you
can use faketime library https://github.com/wolfcw/libfaketime ) and as reported
originally, these two stores will contain expired certificates soon too:
{code:java}
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/META-INF/john.jks
Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/WEB-INF/bob2.jks
Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
{code}
{code:java}
# execute maven process one year in the future
faketime --exclude-monotonic -f "+1y" mvn -V -B verify -noLogRedirect -Dnodeploy
-Pelytron,wildfly1300,testsuite
-Dserver.home=/tmp/wildfly/dist/target/wildfly-13.0.0.Alpha1-SNAPSHOT -fn
....
[ERROR] Tests run: 2, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 13.826 s
<<< FAILURE! - in
org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase
[ERROR]
testJohn(org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase)
Time elapsed: 0.135 s <<< ERROR!
java.lang.Exception: Error A security error was encountered when verifying the message -
please check that the Bouncy Castle provider is installed.
at
org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase.testJohn(MultipleClientsSignEncryptTestCase.java:126)
Caused by: javax.xml.ws.soap.SOAPFaultException: A security error was encountered when
verifying the message
at
org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase.testJohn(MultipleClientsSignEncryptTestCase.java:122)
Caused by: org.apache.cxf.binding.soap.SoapFault: A security error was encountered when
verifying the message
at
org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase.testJohn(MultipleClientsSignEncryptTestCase.java:122)
{code}
We can also remove these two stores which are no longer used after
https://github.com/jbossws/jbossws-cxf/commit/2b353661cc53a17f0ace5952f89...
modules/testsuite/shared-tests/src/test/resources/jaxws/samples/wssecurity/wsse.keystore
modules/testsuite/shared-tests/src/test/resources/jaxws/samples/wssecurity/wsse.truststore
Expired certificates in testsuite
---------------------------------
Key: JBWS-4108
URL: https://issues.jboss.org/browse/JBWS-4108
Project: JBoss Web Services
Issue Type: Bug
Components: jbossws-cxf
Reporter: Jan Blizňák
Assignee: Alessio Soldano
Fix For: jbossws-cxf-5.2.1.Final
Starting with Tuesday 20th of March 2018 we are getting test failures in few tests
[https://jbossws-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/jenkins/job/CXF-C...],
rootcause of this is using pregenerated jks stores
{code:java}
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon Mar 19 19:59:59
EDT 2018
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602)
at org.apache.wss4j.common.crypto.Merlin.verifyTrust(Merlin.java:758)
... 64 more
{code}
Some already expired stores:
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/oasis/META-INF/alice.jks
Valid from: Sat Mar 19 01:00:00 CET 2005 until: Tue Mar 20 00:59:59 CET 2018
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/oasis/WEB-INF/bob.jks
Valid from: Sat Mar 19 01:00:00 CET 2005 until: Tue Mar 20 00:59:59 CET 2018
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/secconv/META-INF/alice.jks
Valid from: Sat Mar 19 01:00:00 CET 2005 until: Tue Mar 20 00:59:59 CET 2018
and soon to be invalid too:
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/META-INF/john.jks
Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/WEB-INF/bob2.jks
Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
... etc.
We should probably switch to generating all the *-stores in pre test phase like done in
wildfly
https://github.com/wildfly/wildfly/blob/master/testsuite/integration/basi... to
be safe all the time
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
2438
days inactive
2438
days old
jbossws-issues@lists.jboss.org
0 comments
1 participants
participants (1)
-
Jan Blizňák (JIRA)