fix(shelf): Replace expired test certificates and add a regen script (#492)

brianquinlan · web-flow · commit e65d62b1bccc · 2025-11-17T15:06:14.000-08:00
diff --git a/pkgs/shelf/test/ssl_certs.dart b/pkgs/shelf/test/ssl_certs.dart
@@ -4,96 +4,57 @@
 
 import 'dart:convert';
 
-List<int> certChainBytes = utf8.encode('''
------BEGIN CERTIFICATE-----
-MIIDZDCCAkygAwIBAgIBATANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVpbnRl
-cm1lZGlhdGVhdXRob3JpdHkwHhcNMTUxMDI3MTAyNjM1WhcNMjUxMDI0MTAyNjM1
-WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCkg/Qr8RQeLTOSgCkyiEX2ztgkgscX8hKGHEHdvlkmVK3JVEIIwkvu
-/Y9LtHZUia3nPAgqEEbexzTENZjSCcC0V6I2XW/e5tIE3rO0KLZyhtZhN/2SfJ6p
-KbOh0HLr1VtkKJGp1tzUmHW/aZI32pK60ZJ/N917NLPCJpCaL8+wHo3+w3oNqln6
-oJsfgxy9SUM8Bsc9WMYKMUdqLO1QKs1A5YwqZuO7Mwj+4LY2QDixC7Ua7V9YAPo2
-1SBeLvMCHbYxSPCuxcZ/kDkgax/DF9u7aZnGhMImkwBka0OQFvpfjKtTIuoobTpe
-PAG7MQYXk4RjnjdyEX/9XAQzvNo1CDObAgMBAAGjgbQwgbEwPAYDVR0RBDUwM4IJ
-bG9jYWxob3N0ggkxMjcuMC4wLjGCAzo6MYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAA
-ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvhJo6taTggJQBukEvMo/PDk8tKTAf
-BgNVHSMEGDAWgBS98L4T5RaIToE3DkBRsoeWPil0eDAOBgNVHQ8BAf8EBAMCA6gw
-EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAHLOt0mL2S4A
-B7vN7KsfQeGlVgZUVlEjem6kqBh4fIzl4CsQuOO8oJ0FlO1z5JAIo98hZinymJx1
-phBVpyGIKakT/etMH0op5evLe9dD36VA3IM/FEv5ibk35iGnPokiJXIAcdHd1zam
-YaTHRAnZET5S03+7BgRTKoRuszhbvuFz/vKXaIAnVNOF4Gf2NUJ/Ax7ssJtRkN+5
-UVxe8TZVxzgiRv1uF6NTr+J8PDepkHCbJ6zEQNudcFKAuC56DN1vUe06gRDrNbVq
-2JHEh4pRfMpdsPCrS5YHBjVq/XHtFHgwDR6g0WTwSUJvDeM4OPQY5f61FB0JbFza
-PkLkXmoIod8=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDLjCCAhagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1yb290
-YXV0aG9yaXR5MB4XDTE1MTAyNzEwMjYzNVoXDTI1MTAyNDEwMjYzNVowIDEeMBwG
-A1UEAwwVaW50ZXJtZWRpYXRlYXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA6GndRFiXk+2q+Ig7ZOWKKGta+is8137qyXz+eVFs5sA0ajMN
-ZBAMWS0TIXw/Yks+y6fEcV/tfv91k1eUN4YXPcoxTdDF97d2hO9wxumeYOMnQeDy
-VZVDKQBZ+jFMeI+VkNpMEdmsLErpZDGob/1dC8tLEuR6RuRR8X6IDGMPOCMw1jLK
-V1bQjPtzqKadTscfjLuKxuLgspJdTrzsu6hdcl1mm8K6CjTY2HNXWxs1yYmwfuQ2
-Z4/8sOMNqFqLjN+ChD7pksTMq7IosqGiJzi2bpd5f44ek/k822Y0ATncJHk4h1Z+
-kZBnW6kgcLna1gDri9heRwSZ+M8T8nlHgIMZIQIDAQABo3sweTASBgNVHRMBAf8E
-CDAGAQH/AgEAMB0GA1UdDgQWBBS98L4T5RaIToE3DkBRsoeWPil0eDAfBgNVHSME
-GDAWgBRxD5DQHTmtpDFKDOiMf5FAi6vfbzAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l
-BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAD+4KpUeV5mUPw5IG/7w
-eOXnUpeS96XFGuS1JuFo/TbgntPWSPyo+rD4GrPIkUXyoHaMCDd2UBEjyGbBIKlB
-NZA3RJOAEp7DTkLNK4RFn/OEcLwG0J5brL7kaLRO4vwvItVIdZ2XIqzypRQTc0MG
-MmF08zycnSlaN01ryM67AsMhwdHqVa+uXQPo8R8sdFGnZ33yywTYD73FeImXilQ2
-rDnFUVqmrW1fjl0Fi4rV5XI0EQiPrzKvRtmF8ZqjGATPOsRd64cwQX6V+P5hNeIR
-9pba6td7AbNGausHfacRYMyoGJWWWkFPd+7jWOCPqW7Fk1tmBgdB8GzXa3inWIRM
-RUE=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIC+zCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1yb290
-YXV0aG9yaXR5MB4XDTE1MTAyNzEwMjYzNFoXDTI1MTAyNDEwMjYzNFowGDEWMBQG
-A1UEAwwNcm9vdGF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMl+dcraUM/E7E6zl7+7hK9oUJYXJLnfiMtP/TRFVbH4+2aEN8vXzPbzKdR3
-FfaHczXQTwnTCaYA4u4uSDvSOsFFEfxEwYORsdKmQEM8nGpVX2NVvKsMcGIhh8kh
-ZwJfkMIOcAxmGIHGdMhF8VghonJ8uGiuqktxdfpARq0g3fqIjDHsF9/LpfshUfk9
-wsRyTF0yr90U/dsfnE+u8l7GvVl8j2Zegp0sagAGtLaNv7tP17AibqEGg2yDBrBN
-9r9ihe4CqMjx+Q2kQ2S9Gz2V2ReO/n6vm2VQxsPRB/lV/9jh7cUcS0/9mggLYrDy
-cq1v7rLLQrWuxMz1E3gOhyCYJ38CAwEAAaNQME4wHQYDVR0OBBYEFHEPkNAdOa2k
-MUoM6Ix/kUCLq99vMB8GA1UdIwQYMBaAFHEPkNAdOa2kMUoM6Ix/kUCLq99vMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBABrhjnWC6b+z9Kw73C/niOwo
-9sPdufjS6tb0sCwDjt3mjvE4NdNWt+/+ZOugW6dqtvqhtqZM1q0u9pJkNwIrqgFD
-ZHcfNaf31G6Z2YE+Io7woTVw6fFobg/EFo+a/qwbvWL26McmiRL5yiSBjVjpX4a5
-kdZ+aPQUCBaLrTWwlCDqzSVIULWUQvveRWbToMFKPNID58NtEpymAx3Pgir7YjV9
-UnlU2l5vZrh1PTCqZxvC/IdRESUfW80LdHaeyizRUP+6vKxGgSz2MRuYINjbd6GO
-hGiCpWlwziW2xLV1l2qSRLko2kIafLZP18N0ThM9zKbU5ps9NgFOf//wqSGtLaE=
------END CERTIFICATE-----
-''');
-
-List<int> certKeyBytes = utf8.encode('''
+List<int> certKeyBytes = utf8.encode(r'''
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE4zAcBgoqhkiG9w0BDAEBMA4ECBMCjlg8JYZ4AgIIAASCBMFd9cBoZ5xcTock
-AVQcg/HzYJtMceKn1gtMDdC7mmXuyN0shoxhG4BpQInHkFARL+nenesXFxEm4X5e
-L603Pcgw72/ratxVpTW7hPMjiLTEBqza0GjQm7Sarbdy+Vzdp/6XFrAcPfFl1juY
-oyYzbozPsvFHz3Re44y1KmI4HAzU/qkjJUbNTTiPPVI2cDP6iYN2XXxBb1wwp8jR
-iqdZqFG7lU/wvPEbD7BVPpmJBHWNG681zb4ea5Zn4hW8UaxpiIBiaH0/IWc2SVZd
-RliAFo3NEsGxCcsnBo/n00oudGbOJxdOp7FbH5hJpeqX2WhCyJRxIeHOWmeuMAet
-03HFriiEmJ99m2nEJN1x0A3QUUM7ji6vZAb4qb1dyq7LlX4M2aaqixRnaTcQkapf
-DOxX35DEBXSKrDpyWp6Rx4wNpUyi1TKyhaVnYgD3Gn0VfC/2w86gSFlrf9PMYGM0
-PvFxTDzTyjOuPBRa728gZOGXgDOL7qvdInU/opVew7kFeRQHXxHzFCLK5dD+Vrig
-5fS3m0++f55ODkxqHXB8gbXbd3GMmsW6MrGpU7VsCNtbVPdSMW0FalovEB0M+2lj
-1VfuvL+0F5huTe+BgZAt6xgET/CIcZXdNMRPVhraqUjqWtI9Rdk4STPCpU1rDkjG
-YDl/fo4W2T6qQWFUpiC9IvVVGkVxaqfZZ4Qu+V5xPUi6vk95QiTNkN1t+m+sCCgS
-Llkea8Um0aHMy33Lj3NsfL0LMrnpniqcAks8BvcgIZwk1VRqcj7BQVCygJSYrmAR
-DBhMpjWlXuSggnyVPuduZDtnTN+8lCHLOKL3a3bDb6ySaKX49Km6GutDLfpDtEA0
-3mQvmEG4XVm7zy+AlN72qFbtSLDRi/D/uQh2q/ZrFQLOBQBQB56TvEbKouLimUDM
-ascQA3aUyhOE7e+d02NOFIFTozwc/C//CIFeA+ZEwxyfha/3Bor6Jez7PC/eHNxZ
-w7YMXzPW9NhcCcerhYGebuCJxLwzqJ+IGdukjKsGV2ytWDoB2xZiJNu096j4RKcq
-YSJoen0R7IH8N4eDujXR8m9kAl724Uqs1OoAs4VNICvzTutbsgVZ6Z+NMOcfnPw9
-jZkFhot16w8znD+OmhBR7/bzOLpaeUhk7EhNq5M6U0NNWx3WwkDlvU/jx+6/EQe3
-iLEHptH2HYBF1xscaKGbtKNtuQsfdzgWpOX0qK2YbK3yCKvL/xIm1DQmDZDKkWdW
-VNh8oGV1H96CivWlvxhAgXKz9F/83CjMw8YXRk7RJvWR4vtNvXFAvGkFIYCN9Jv9
-p+1ukaYoxSLGBik907I6gWSHqumJiCprUyAX/bVfZfNiYh4hzeA3lhwxZSax3JG4
-7QFPvyepOmF/3AAzS/Pusx6jOZnuCMCkfQi6Wpem1o3s4x+fP7kz00Xuj01ErucM
-S10ixfIh84kXBN3dTRDtDdeCyoMsBKO0W5jDBBlWL02YfdF6Opo1Q4cPh2DYgXMh
-XEszNZSK5LB0y+f3A6Kdx/hkZzHVvMONA70OyrkoZzGyWENhcB0c7ntTJyPPD2qM
-s0HRA2VwF/0ypU3OKERM1Ua5NSkTgvnnVTlV9GO90Tkn5v4fxdl8NzIuJLyGguTP
-Xc0tRM34Lg==
+MIIFJTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQyo3SRrssK8PzbuTA
+1qXVggICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEOHOKIfFvvowQBax
+0iX1HiYEggTA7izMZ647ptWrKcavuEjmU91V/IZBd5Qf+J9L44kJKbJxOZjrLIPl
+u52u4Bu/aCynFMO/R2WDxfNotHOkoQGZLfexH6snecAK9H0++jsbakEGpks3N/v+
+R606v1LTtU0z/jOYP80le/ueX/H2plr2QA9RZaidMKP8zRJBx8pnSmPfZMRn6NRI
+0QIQFJTaba7gBH45ZxxZ+0Yy+fcc3m0flhI3Wz2Gkbe8IIHyWRyQ1scEeGRR8Bed
+l/7GWQREIO8ycEd+7vRnlb5h1JhwYKknHD0EPoKu4ARe8U/6ujZhj/0jG2AgDMwY
+Ar/KkVlDsOeYpr8lbWs+/RjZefQJdU3upVvwO26MD2IYQcFa/oUnDRoX3T4eKnAk
+tph2uWJhjYXk4UwyOP4AUms5s7s3EztQei3WMpxjGquD5wZnz53A17iyPhEoSwyE
+wpSDSdRmpI9+e/qS9404zlfVVYrDcW/6I48ATYfXo2CyHkLE4Ilv1HMelO20TFuI
+Sqh1U211m0WYKZvrdBSBL1YXzjyt3/YyVsN2Md16k9UJj5JRKYJB/0ENbu/DdVjo
+se1gO2tRet5iaxrTmPvNjEgDwqDWgC6oKODK8UVBdMnMFN51edXnecQPpxFy/Cg1
+PrwNxgsQhNHLbZzQuQ2hrt4WJ4gHsbN4T/CXcJMg/MCFSKwxNLEr5jd6fqkDyQVz
+ofmDyJpRY1VL5vdzvDIf/VKAM+gW8Llw4f5uBidtvs6WYrVzjJQv+A4C4u/9fhn7
+WPvSrVMRHPRR1aysZkJD8xCZLlhWT+WVJsPo1HEz8y+2NWC9gJEhqeKlF5kzt1bC
+Sw7OXv+3mmtp3I03tqdnYqLlyKbx0+/6cKOyuOlINjOu3ljyLAeLXA5T7RGMTe+h
+1ZyKuZvvdoFGlzduEsLDyU/Pp3KkkYWTp940ViwTIwQgTaw/nvg/zyl4neGovf22
+6XQTkAVBFZdU64G4lFUrQ8b7eS80RzhN3MGkfqFPnpubS2NjZWdUlivXnR9yXYYz
+mBICZ0VbUNkjt8pf1l6L6wGhYkGzSmplrhpS5M0n3upktiJZPqg4yiEF06OnPIFd
+80EZ/OIaFybyszKNgJz3aCX1YLdby51AJFrh8rJDoKY20J8ZvUH62N97rBUzl8SS
+1NujvULSA1JXVDf3aHzB7T90z4p6UOCZ/sXiC/9iGPx79X8mMOdLEB5TzMp0X5P1
+xlHcYXfdfAsojM8nGPp816xOTouMngTKNIsahbyGShbFQ7HIWoa0z1yXbMAb0v2i
+YR45w3GHH2iJ/qU54ZB1cyXU0DBafdEhel48UfzFiUXMbisDgbZeRwX4g/dBwLZd
+K3h039yJlUMIpQzj7XGs70aMRRiXW8Xc0pw9h4lbW91TbI6CXXM2iGYZCoj5IWTp
+s4mNlHFOpjVuFVWWcDjtW5x8qR4+/4YTP6IyVUoWUm8sINx5XPGLA2aIIFY93qTR
+ZrVv0s5Nf1pqB6LJOwO1SN9kINZFbEO2zsrxlCEu81QhKrNHVKkh+nVbaIPHPg3u
+4y9lPcob24z/r4cvDnFHY7TtMXaReCZ6vTbuyl0mDrfHocsxON1LwdEOqg2pLqdB
+Jc1sSXYAzMWN8hYh/tWpQCoH76l/CzYxpw==
 -----END ENCRYPTED PRIVATE KEY-----
 ''');
+
+List<int> certChainBytes = utf8.encode(r'''
+-----BEGIN CERTIFICATE-----
+MIIDBzCCAe+gAwIBAgIUNUibD3eVBRhGMNDMTBN2+42GesEwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTI1MTExMDEyMDU0NVoYDzIxMjUx
+MDE3MTIwNTQ1WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC7OkgNqT/jT2VqpSW/kh5fapcHERf9c9yzFz3tfAAM
+5OndrQgLLuSvwdZLiBydxKxoWko3EbbxMtejYfpnkjc3qCw/Uo+c+jKERFqkLiR9
+e9EPSF7GrfRhBaTj9s1WNE5Es8caxW4/dcVwiQ5k0XyxyVADxN6BV3jTkTRd3caB
+KNcLrj7XGu1UPl8F3NjEVMREe176pVDHexWfockkDsW0lDroyBBixK1ZHDxCOQhl
+Rv3C8U0ZGfb9wsbXvd+u1+RAwOmyh/Z4zwZ3xuQVq0rzlT7BRbfRCEVXDMbT4oP/
+fWQK4VNDcM0BE1Zl4Dzwy+AMzWQK3NeWgYJD+cTx2qgxAgMBAAGjTzBNMCwGA1Ud
+EQQlMCOCCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATAdBgNVHQ4E
+FgQU2ts6jvn5ZbXbdFmFKUm/rvjnUoIwDQYJKoZIhvcNAQELBQADggEBAFXDnzDd
+4HvLzPz/qXEE5wxt3fyVCCWhzTZZ/ig+9ODWyqJwFmajXsMQdoIGwcTQx13w6dAC
+Sd6JAr/s6eamL3L1Gs7dOY3aXzVW5jo0O/589hW5I9IRc3Ghs+PIlBnBmp590z8M
+Q055Y9jYdMxXBajiY0LaEVQN4Onox0GRxW7Dvn7fTY2MXda/Pm8P0B1jm05zB2FB
+aHhO9h+OQGIdKhzwAcFW07mOBmIjQTXUx5CuEarrHfjys2Z/oPlT4AO7D/UbwYcQ
+/0eNuV2vPWB+WMrumT5YlTkHX7R6Dap/vfyEJ/ZrpAasquW+0Nmvt4SFsFJs7uO1
+xvGl/OyQCYONF5E=
+-----END CERTIFICATE-----
+''');
diff --git a/pkgs/shelf/tools/openssl.cfg b/pkgs/shelf/tools/openssl.cfg
@@ -0,0 +1,18 @@
+[req]
+distinguished_name = dn
+req_extensions = v3_req
+prompt = no
+
+[dn]
+CN = localhost
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+# DNS names
+DNS.1 = localhost
+# IPv4 addresses
+IP.1 = 127.0.0.1
+# IPv6 addresses
+IP.2 = ::1
diff --git a/pkgs/shelf/tools/regenerate_cert.sh b/pkgs/shelf/tools/regenerate_cert.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+openssl genpkey -algorithm RSA -out localhost.key \
+                -aes256 -pass pass:dartdart 2>/dev/null
+
+openssl req -new -x509 -key localhost.key -days 36500 -out localhost.crt \
+            -config tools/openssl.cfg -extensions v3_req -passin \
+            pass:dartdart 2>/dev/null
+
+KEY_CONTENT=$(cat localhost.key)
+CERT_CONTENT=$(cat localhost.crt)
+
+cat <<EOF > test/ssl_certs.dart
+// Copyright (c) 2017, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+import 'dart:convert';
+
+List<int> certKeyBytes = utf8.encode(r'''
+${KEY_CONTENT}
+''');
+
+List<int> certChainBytes = utf8.encode(r'''
+${CERT_CONTENT}
+''');
+EOF
+
+rm localhost.key localhost.crt
