Fix SignedExchangeRequestHandlerRealCertVerifierBrowserTest.Basic
This test has been disabled due to expiration of the test certificate.
It runs against the real (not mocked) cert verifier, which doesn't have
a mechanism to inject a timestamp for verification.
This fixes the test by regenerating the test certificate, which is now
valid until 2024-03-18.
We will track this in crbug.com/1279652, so that next time we can take
action before it expires.
(cherry picked from commit d43e4a541a1e1c7aa22652465cf8415e80b6de2f)
Bug: 1279496,1279652
Change-Id: I53a75122876dee44ce33495aa060aa87dc1eeb56
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3337158
Reviewed-by: Hayato Ito <hayato@chromium.org>
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#951369}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3338530
Commit-Queue: Ben Mason <benmason@chromium.org>
Reviewed-by: Krishna Govind <govind@chromium.org>
Commit-Queue: Krishna Govind <govind@chromium.org>
Owners-Override: Krishna Govind <govind@chromium.org>
Cr-Commit-Position: refs/branch-heads/4664@{#1310}
Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}
diff --git a/content/browser/web_package/signed_exchange_request_handler_browsertest.cc b/content/browser/web_package/signed_exchange_request_handler_browsertest.cc
index a4f3984f..6e13615 100644
--- a/content/browser/web_package/signed_exchange_request_handler_browsertest.cc
+++ b/content/browser/web_package/signed_exchange_request_handler_browsertest.cc
@@ -820,7 +820,7 @@
// If this fails with ERR_CERT_DATE_INVALID, try to regenerate test data
// by running generate-test-certs.sh and generate-test-sxgs.sh in
-// src/content/test/data/sxg.
+// src/content/test/data/sxg. See https://crbug.com/1279652.
IN_PROC_BROWSER_TEST_F(SignedExchangeRequestHandlerRealCertVerifierBrowserTest,
Basic) {
InstallUrlInterceptor(
diff --git a/content/test/data/sxg/generate-test-certs.sh b/content/test/data/sxg/generate-test-certs.sh
index 1570b929..37150f2 100755
--- a/content/test/data/sxg/generate-test-certs.sh
+++ b/content/test/data/sxg/generate-test-certs.sh
@@ -82,7 +82,7 @@
openssl ecparam -out secp384r1.key -name secp384r1 -genkey
openssl req -new -sha256 -key secp384r1.key -out secp384r1-sha256.csr \
- --subj '/CN=test.example.org/O=Test/C=US'
+ -subj '/CN=test.example.org/O=Test/C=US'
# Generate a certificate with the secp384r1-sha256 key.
openssl ca -batch \
diff --git a/content/test/data/sxg/prime256v1-sha256-long-validity.public.pem b/content/test/data/sxg/prime256v1-sha256-long-validity.public.pem
index 6d2e830..c0aea11e 100644
--- a/content/test/data/sxg/prime256v1-sha256-long-validity.public.pem
+++ b/content/test/data/sxg/prime256v1-sha256-long-validity.public.pem
@@ -1,17 +1,17 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 4 (0x4)
- Signature Algorithm: sha256WithRSAEncryption
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Mountain View, O=Test CA, CN=Test Root CA
Validity
- Not Before: Sep 10 17:30:38 2019 GMT
- Not After : Dec 13 17:30:38 2021 GMT
+ Not Before: Dec 14 01:43:48 2021 GMT
+ Not After : Mar 18 01:43:48 2024 GMT
Subject: CN=test.example.org, O=Test, C=US
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
- pub:
+ pub:
04:56:24:49:7a:0a:a9:df:1a:0a:07:e3:ad:2a:23:
6d:e9:33:25:68:5a:96:33:03:95:13:26:d9:44:ff:
a8:59:16:6d:b6:7d:50:74:6e:d9:f7:9d:48:b2:61:
@@ -36,36 +36,36 @@
X509v3 Subject Alternative Name:
DNS:test.example.org
Signature Algorithm: sha256WithRSAEncryption
- aa:c6:30:cf:6a:28:59:5a:ab:ab:f4:ad:e4:31:5c:e4:e0:95:
- 9e:43:92:84:73:bb:18:f7:f9:f6:ef:ec:d2:68:01:7b:d2:87:
- 0d:30:7d:13:8b:fa:42:6b:1e:ec:b7:df:a1:9a:b6:ad:23:8d:
- 34:74:a6:a4:e3:0c:5f:eb:7a:12:c6:e7:fd:81:5f:40:29:1a:
- 5b:00:9c:35:b5:5a:47:29:1f:7a:4b:a9:95:3c:01:b0:cc:0e:
- 9d:c5:74:b5:e3:17:d5:ac:4b:86:ab:37:ba:0c:ff:6e:87:d9:
- 8c:eb:45:83:01:63:04:08:eb:9b:cb:23:8f:ce:12:79:71:e4:
- 64:8c:63:14:17:2d:30:e1:fa:1b:63:89:33:f6:35:96:09:8a:
- 5b:21:c3:c8:40:d8:be:95:a7:13:29:fb:da:96:83:e3:0f:b2:
- ee:8b:39:05:2d:0b:34:31:e0:e7:e2:b2:e7:76:c8:79:a1:0d:
- 68:72:82:20:ab:ea:6a:5e:2b:9d:a9:0e:52:be:1e:6f:ba:e0:
- dd:3b:24:d2:d8:9a:8f:f8:71:81:14:ab:e4:71:8a:20:f9:f0:
- 66:ad:dd:da:a9:bf:83:ad:49:3c:13:84:05:d1:b8:1b:23:5e:
- e4:e1:1b:65:9e:da:49:1b:1d:0e:b2:ba:03:25:ca:21:6b:32:
- a5:7e:49:85
+ b8:3e:97:bc:c4:0a:2c:78:29:9e:96:47:2f:18:04:25:00:61:
+ 4d:b5:28:ea:19:0b:a8:c6:17:ef:fb:81:7d:8e:08:c5:74:16:
+ f0:53:5b:30:ad:29:78:ea:5a:c4:5b:34:c5:f9:3b:92:83:18:
+ 84:7f:62:4c:88:ff:46:23:39:82:ec:a2:ad:c8:b8:8b:a1:9a:
+ b5:0d:23:82:72:78:26:25:59:20:a8:9a:9d:8d:2d:5f:c8:38:
+ 46:87:eb:a2:1c:a9:07:d1:8a:72:73:5d:34:87:31:07:21:20:
+ a1:80:27:ba:f3:29:97:35:89:ca:65:fb:d3:ce:9a:6c:42:30:
+ 9f:3d:37:72:f7:d5:f8:18:1f:5a:69:eb:fa:14:75:75:1a:45:
+ b8:d6:94:be:5b:b1:4a:8e:a8:b4:e3:00:fb:ab:94:70:e5:7b:
+ ec:ed:74:50:98:3d:be:6f:32:f1:c0:f0:ef:c8:e2:61:c7:c6:
+ 7e:85:93:fd:f7:b4:e0:69:de:4c:43:7c:31:5a:6d:06:e1:d4:
+ 70:fc:03:62:73:5d:db:f1:d3:b2:20:d7:13:20:de:93:0c:21:
+ d8:0b:00:eb:ae:48:45:a6:77:c3:74:9b:96:55:df:18:1a:40:
+ 0c:26:85:26:58:a6:44:75:58:ed:4b:5d:98:5b:ec:21:98:92:
+ 99:2f:d2:16
-----BEGIN CERTIFICATE-----
-MIIC6jCCAdKgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzET
+MIIC6jCCAdKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzET
MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G
-A1UECgwHVGVzdCBDQTEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTE5MDkxMDE3
-MzAzOFoXDTIxMTIxMzE3MzAzOFowNzEZMBcGA1UEAwwQdGVzdC5leGFtcGxlLm9y
+A1UECgwHVGVzdCBDQTEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTIxMTIxNDAx
+NDM0OFoXDTI0MDMxODAxNDM0OFowNzEZMBcGA1UEAwwQdGVzdC5leGFtcGxlLm9y
ZzENMAsGA1UECgwEVGVzdDELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAARWJEl6CqnfGgoH460qI23pMyVoWpYzA5UTJtlE/6hZFm22fVB0btn3
nUiyYbr4ah7+xhuDCX+EmlZPaKg+KNEQo4GfMIGcMAkGA1UdEwQCMAAwEAYKKwYB
BAHWeQIBFgQCBQAwCwYDVR0PBAQDAgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G
A1UdDgQWBBSBALr9UIk69Md+cjUKU0tkXwICfTAfBgNVHSMEGDAWgBSbJguKmKm7
HbkfHOMaQDPtjheIqzAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUub3JnMA0GCSqG
-SIb3DQEBCwUAA4IBAQCqxjDPaihZWqur9K3kMVzk4JWeQ5KEc7sY9/n27+zSaAF7
-0ocNMH0Ti/pCax7st9+hmratI400dKak4wxf63oSxuf9gV9AKRpbAJw1tVpHKR96
-S6mVPAGwzA6dxXS14xfVrEuGqze6DP9uh9mM60WDAWMECOubyyOPzhJ5ceRkjGMU
-Fy0w4fobY4kz9jWWCYpbIcPIQNi+lacTKfvaloPjD7LuizkFLQs0MeDn4rLndsh5
-oQ1ocoIgq+pqXiudqQ5Svh5vuuDdOyTS2JqP+HGBFKvkcYog+fBmrd3aqb+DrUk8
-E4QF0bgbI17k4RtlntpJGx0OsroDJcohazKlfkmF
+SIb3DQEBCwUAA4IBAQC4Ppe8xAoseCmelkcvGAQlAGFNtSjqGQuoxhfv+4F9jgjF
+dBbwU1swrSl46lrEWzTF+TuSgxiEf2JMiP9GIzmC7KKtyLiLoZq1DSOCcngmJVkg
+qJqdjS1fyDhGh+uiHKkH0Ypyc100hzEHISChgCe68ymXNYnKZfvTzppsQjCfPTdy
+99X4GB9aaev6FHV1GkW41pS+W7FKjqi04wD7q5Rw5Xvs7XRQmD2+bzLxwPDvyOJh
+x8Z+hZP997Tgad5MQ3wxWm0G4dRw/ANic13b8dOyINcTIN6TDCHYCwDrrkhFpnfD
+dJuWVd8YGkAMJoUmWKZEdVjtS12YW+whmJKZL9IW
-----END CERTIFICATE-----
diff --git a/content/test/data/sxg/test.example.org-long-validity.public.pem.cbor b/content/test/data/sxg/test.example.org-long-validity.public.pem.cbor
index 4bbc2743..2e47392 100644
--- a/content/test/data/sxg/test.example.org-long-validity.public.pem.cbor
+++ b/content/test/data/sxg/test.example.org-long-validity.public.pem.cbor
Binary files differ
diff --git a/content/test/data/sxg/test.example.org_long_cert_validity.sxg b/content/test/data/sxg/test.example.org_long_cert_validity.sxg
index 257f402d..7c94f61e 100644
--- a/content/test/data/sxg/test.example.org_long_cert_validity.sxg
+++ b/content/test/data/sxg/test.example.org_long_cert_validity.sxg
Binary files differ