Expired crls-demo/prod-cert.pem certificates

[yenn]

Expired certs are causing MerlinWithCRLDistributionPointsExtensionTest unit tests to fail.

see: openssl x509 -in src/test/resources/keys/crls-demo-cert.pem -text -noout -enddate

out: notAfter=Jun 8 05:54:52 2017 GMT

There are also integration test failures.

[todvora]

Hi @yenn, Thank you for noticing this. There are actually two issues:

• The cert expired, as you say
• Playground switched from qica.der to the same set of CA certificates as in production.

I fixed most of the issues on this branch: https://github.com/todvora/eet-client/tree/fix-certificate-issues

The only missing part is to update a production certificate used to sign responses. One has to extract it from a real communication fragment against real endpoint (wsse:BinarySecurityToken value).

Unfortunately, I don't have access to any valid production communication so I could do it myself. Maybe you can do it? I am only interested in the certificate value and not the rest of the communication, so there is no value which is secret.

Otherwise, you can always @Ignore the MerlinWithCRLDistributionPointsExtensionTest.verifyTrustProduction test.

Thanks, Tomas

[yenn]

Hi Tomas, Thanks for swift reply. I have ignored it for now, but figured that I would give you heads up as you would for sure find out at certain point. I'll extract the public cert from the communication and submit a pull request.

Best, Jan

[todvora]

Perfect, thank you! Meanwhile, I merge the branch back to master, to not confuse other users.