[jbossws-issues] [JBoss JIRA] (JBWS-4108) Expired certificates in testsuite
Jan Blizňák (JIRA)
issues at jboss.org
Tue Mar 27 12:08:00 EDT 2018
[ https://issues.jboss.org/browse/JBWS-4108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13552306#comment-13552306 ]
Jan Blizňák commented on JBWS-4108:
-----------------------------------
I have tried whether we really have such long safe period by changing system time (or you can use faketime library https://github.com/wolfcw/libfaketime ) and as reported originally, these two stores will contain expired certificates soon too:
{code:java}
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/META-INF/john.jks
Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/WEB-INF/bob2.jks
Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
{code}
{code:java}
# execute maven process one year in the future
faketime --exclude-monotonic -f "+1y" mvn -V -B verify -noLogRedirect -Dnodeploy -Pelytron,wildfly1300,testsuite -Dserver.home=/tmp/wildfly/dist/target/wildfly-13.0.0.Alpha1-SNAPSHOT -fn
....
[ERROR] Tests run: 2, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 13.826 s <<< FAILURE! - in org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase
[ERROR] testJohn(org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase) Time elapsed: 0.135 s <<< ERROR!
java.lang.Exception: Error A security error was encountered when verifying the message - please check that the Bouncy Castle provider is installed.
at org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase.testJohn(MultipleClientsSignEncryptTestCase.java:126)
Caused by: javax.xml.ws.soap.SOAPFaultException: A security error was encountered when verifying the message
at org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase.testJohn(MultipleClientsSignEncryptTestCase.java:122)
Caused by: org.apache.cxf.binding.soap.SoapFault: A security error was encountered when verifying the message
at org.jboss.test.ws.jaxws.samples.wsse.policy.basic.MultipleClientsSignEncryptTestCase.testJohn(MultipleClientsSignEncryptTestCase.java:122)
{code}
We can also remove these two stores which are no longer used after https://github.com/jbossws/jbossws-cxf/commit/2b353661cc53a17f0ace5952f89a0ec5b6591d4c#diff-75d06a0eb668baacf2bdc6420a62f23f
modules/testsuite/shared-tests/src/test/resources/jaxws/samples/wssecurity/wsse.keystore
modules/testsuite/shared-tests/src/test/resources/jaxws/samples/wssecurity/wsse.truststore
> Expired certificates in testsuite
> ---------------------------------
>
> Key: JBWS-4108
> URL: https://issues.jboss.org/browse/JBWS-4108
> Project: JBoss Web Services
> Issue Type: Bug
> Components: jbossws-cxf
> Reporter: Jan Blizňák
> Assignee: Alessio Soldano
> Fix For: jbossws-cxf-5.2.1.Final
>
>
> Starting with Tuesday 20th of March 2018 we are getting test failures in few tests [https://jbossws-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/jenkins/job/CXF-CORE-AS-12.0.0/16/testReport/], rootcause of this is using pregenerated jks stores
> {code:java}
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon Mar 19 19:59:59 EDT 2018
> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602)
> at org.apache.wss4j.common.crypto.Merlin.verifyTrust(Merlin.java:758)
> ... 64 more
> {code}
> Some already expired stores:
> ./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/oasis/META-INF/alice.jks
> Valid from: Sat Mar 19 01:00:00 CET 2005 until: Tue Mar 20 00:59:59 CET 2018
> ./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/oasis/WEB-INF/bob.jks
> Valid from: Sat Mar 19 01:00:00 CET 2005 until: Tue Mar 20 00:59:59 CET 2018
> ./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/secconv/META-INF/alice.jks
> Valid from: Sat Mar 19 01:00:00 CET 2005 until: Tue Mar 20 00:59:59 CET 2018
> and soon to be invalid too:
> ./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/META-INF/john.jks
> Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
> ./modules/testsuite/cxf-tests/src/test/resources/jaxws/samples/wsse/policy/basic/sign-encrypt/WEB-INF/bob2.jks
> Valid from: Tue May 20 12:48:17 CEST 2008 until: Fri May 18 12:48:17 CEST 2018
> ... etc.
> We should probably switch to generating all the *-stores in pre test phase like done in wildfly https://github.com/wildfly/wildfly/blob/master/testsuite/integration/basic/pom.xml#L76 to be safe all the time
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jbossws-issues
mailing list