nextcloud · provokateurin · Aug 25, 2025 · Aug 25, 2025
diff --git a/tests/data/certificates/Readme.md b/tests/data/certificates/Readme.md
@@ -0,0 +1,35 @@
+<!--
+ - SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ - SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+# Recreating certificates
+
+Regenerate a new certificate key together with the good (Nextcloud Security) and bad (default Org name) certificates
+
+## Good Certificate
+```
+openssl req \
+  -newkey rsa:2048 \
+  -nodes \
+  -keyout security.nextcloud.com.key \
+  -x509 \
+  -days 3650 \
+  -out goodCertificate.crt
+```
+- Country Name: `DE`
+- State or Province Name:`Berlin`
+- Organization Name:`Nextcloud Security`
+- Common Name: `security.nextcloud.com`
+
+## Bad Certificate
+```
+openssl req \
+  -key security.nextcloud.com.key \
+  -new \
+  -x509 \
+  -days 3650 \
+  -out badCertificate.crt
+```
+- Country Name: `DE`
+- State or Province Name:`Berlin`
diff --git a/tests/data/certificates/badCertificate.crt b/tests/data/certificates/badCertificate.crt
@@ -1,22 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDtTCCAp2gAwIBAgIJAJ9c5xX3Bf7cMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMTUwODI3MjAxOTEzWhcNMjUwODI0MjAxOTEzWjBF
-MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
-ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEApYxB04E1rGUCopazf8PsW+3EYrX8J1Ze4g3jRJEmzqHLB4+T4h45LwLl
-D7OLJCLdYA8sfEruInokNV1oUBGDwBWdZA1w7d4o7Wgwiz7WE0FQwkA7YpvtKK2K
-Xvv5wltdUzI+WpbfhHzlg8XIDCPA0ayWx2CDyqsHMXYNOvov1vPbIASF0nBGnRSK
-5Eu7KUKK5UkO8+G6RqBwxQkd/tB2GV68npls++QzA0nf3IIHcc+yNQqaMnb5CVxg
-z2i98VuvCPzYY/EWHkIGdSSKRqRG4sqRegb6d/qf46NfjVYLziLfsFGFH4fLVy6n
-IxkP0gdnoTGu8K8H6wm57GViGLLsPwIDAQABo4GnMIGkMB0GA1UdDgQWBBRrMYy8
-SOqiMiVdo/dfyN6yftK+jzB1BgNVHSMEbjBsgBRrMYy8SOqiMiVdo/dfyN6yftK+
-j6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV
-BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJ9c5xX3Bf7cMAwGA1UdEwQF
-MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHargAErj8TAhMfozjgqRihCSOIO5DX7
-W/7mBImP6B76ctP+PWzEaGrOPO81WR5apZP72cwnXD6WABKd1YhMSyr2NI++y5jP
-c3KF/3MpGu4ZYV39JUVpfeq5Fzu9d9C49tj384vljixsxeaCUKuZYqyPuHeGr14u
-7UytsqYORRy/rG4xm0mhk/srOzKJlRenSc9QiWH2Mxst55+cj7zXXFG54N7rI3UU
-9e4Lc2NHQLv3Xv6FunC9mB/AUuEcI6XS6CqNyzAtPAvbO6MZGwUft/S/2TAyqJB0
-VsXK3j3X8DJCwruNLGA3Q/TAYHqrElYg8N4b6w4LD91WbrRyWvkCXmM=
------END CERTIFICATE-----
+MIIDYzCCAkugAwIBAgIURRAxXDBFFR1X0WuUOj7oKFDCooMwDQYJKoZIhvcNAQEL
+BQAwQTELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTI1MDgyNTEwMDAxNVoXDTM1MDgyMzEw
+MDAxNVowQTELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEhMB8GA1UECgwY
+SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAvPH9evINYYNhBg5YaZh3OUVl4SUCUbAc+xmZmiuAxoXN10avmfa/
+rpoeHua2fbPa48BOIyDPxXoofEwfqB+Q8P4CsSjEaRegsj3Djdkoyz+edPb9vTWE
+pkSCfj/K3zS2kkY2nPw6qVRVen3siP97kNv3NviU5wbvv5RW5Qjz8W6UMuX2Th4j
+7mQ5b1YdLHMFd2H6Vs3vAfiX8hY1DUc6U4Uf4XBO372k8sUyQtsSGlHxBKwPN7Gh
+KZJqkTUCXWC4JzOkShXTe179SlxFLQtOqU2azrJqlb6/0cxGtsZLcv/CI+x+Fpca
+hAQ4Qzii7iRRBlk8aDfAtXJafqhKJo1N/wIDAQABo1MwUTAdBgNVHQ4EFgQU8LRp
+H0E1ASvIgy5FCsVdX2nyYSkwHwYDVR0jBBgwFoAU8LRpH0E1ASvIgy5FCsVdX2ny
+YSkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAZuFOU5L22cPI
+E1bMaIc6UjQn5l2QB9qhTVJuGmdo8ARLNVv3FyEHDaSCNhV1V0MEmnOwwKGKXggo
+Uxe8Ki29fOt3ftkWG2F22Fh3PsU4xIAqwQv5s+urR/9E6ylfIbqPdj6XiY/D9jID
+wnPDsNG+7ar90YFxsxisemQIVAOLzWGS2a3fglRz0hJfaoAxJdXbz///MflWzdUL
+7t9ngBsbf9M/dicltLrCcYYG+BMC+fAoZO3aRSfS/+hxBjc3hNYQ5zLzWqzLzF0y
+N+rxo/2G0fvqipowkMTgYcCIBA9DZY1YPCwgTfHGyrH3XI7yImdoHYs5Ld39Sq0J
++fXdrZSPlQ==
+-----END CERTIFICATE-----
diff --git a/tests/data/certificates/goodCertificate.crt b/tests/data/certificates/goodCertificate.crt
@@ -1,24 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIJAN0NPgU09qt9MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
-BAYTAkNIMRIwEAYDVQQIEwlTdC5HYWxsZW4xGjAYBgNVBAoTEW93bkNsb3VkIFNl
-Y3VyaXR5MR4wHAYDVQQDExVzZWN1cml0eS5vd25jbG91ZC5jb20wHhcNMTUwODI3
-MjAwMzQyWhcNMjUwODI0MjAwMzQyWjBdMQswCQYDVQQGEwJDSDESMBAGA1UECBMJ
-U3QuR2FsbGVuMRowGAYDVQQKExFvd25DbG91ZCBTZWN1cml0eTEeMBwGA1UEAxMV
-c2VjdXJpdHkub3duY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAlxdUFrwhvT+Exp78Nk0A8Zpfi9/XoLyQkKWH162HX++mxtGXrFKAl5PT
-fKRAv0VqY8hincT+6AlzQkdtiOi5OSVFJpeubtSKrShJQyDKmGLlDntanfLc69GT
-EhkznHmA8AeQMK/NApQpOSC+nmdxpu1aKk7QkSYfpmZ41HF8zKWJTyXzFPZGKw+l
-YxfzIxmUMIIZvfeWE3hq3qlJcS+KO8NcCHEpoiVvZp7PpfDTnyOQVjSkWg55c4j6
-cqNgJ93WTOTOE+3D1XF43Oo+0VQivJn7/tQmIOAg+YyL3Sjmzjb8sP0ksx17vpLO
-Z73UShJw5AGtoaS4oQkSd/+qYBwQMwIDAQABo4HCMIG/MB0GA1UdDgQWBBSG7JAe
-KoR82sQ60QhMNWdU4qY6YzCBjwYDVR0jBIGHMIGEgBSG7JAeKoR82sQ60QhMNWdU
-4qY6Y6FhpF8wXTELMAkGA1UEBhMCQ0gxEjAQBgNVBAgTCVN0LkdhbGxlbjEaMBgG
-A1UEChMRb3duQ2xvdWQgU2VjdXJpdHkxHjAcBgNVBAMTFXNlY3VyaXR5Lm93bmNs
-b3VkLmNvbYIJAN0NPgU09qt9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-ggEBAJL9LKzWSJCTG0r+pNXw6Xy2DW9xbi3YsUeelkMKMqurmiH59P90juOJQgIC
-B1Jcn/U0rzpJpolI3jJNjHzs/kI4MDkzcKGV84Pqwj+PSdMFK3OCWH/J81lUhrCj
-H3yguZ/JpAisInVeBqg6lRf0X+S8jJIp4ZP2XZJsX70XgkRsEaC9TrlxtFsm839t
-WhroMb25Njm9eAdSYrx5PFDwN8TtJlb5Ve3uZL8D0uBv+p0kWjkt1TrDk2x78F6b
-5ExmE9+APc0gcLtSVwIGX6FDXOcOA8ndkp7p4K0CDnMZfFAU0oKxvnDxehrVKQEL
-os/cq7EKmmsY/rM0uJ6L0ka4WUk=
------END CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIUGyAVECfPaXxvfEOrxo58ANU0MYEwDQYJKoZIhvcNAQEL
+BQAwbTELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVy
+bGluMRswGQYDVQQKDBJOZXh0Y2xvdWQgU2VjdXJpdHkxHzAdBgNVBAMMFnNlY3Vy
+aXR5Lm5leHRjbG91ZC5jb20wHhcNMjUwODI1MDk1MzE0WhcNMzUwODIzMDk1MzE0
+WjBtMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJs
+aW4xGzAZBgNVBAoMEk5leHRjbG91ZCBTZWN1cml0eTEfMB0GA1UEAwwWc2VjdXJp
+dHkubmV4dGNsb3VkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALzx/XryDWGDYQYOWGmYdzlFZeElAlGwHPsZmZorgMaFzddGr5n2v66aHh7mtn2z
+2uPATiMgz8V6KHxMH6gfkPD+ArEoxGkXoLI9w43ZKMs/nnT2/b01hKZEgn4/yt80
+tpJGNpz8OqlUVXp97Ij/e5Db9zb4lOcG77+UVuUI8/FulDLl9k4eI+5kOW9WHSxz
+BXdh+lbN7wH4l/IWNQ1HOlOFH+FwTt+9pPLFMkLbEhpR8QSsDzexoSmSapE1Al1g
+uCczpEoV03te/UpcRS0LTqlNms6yapW+v9HMRrbGS3L/wiPsfhaXGoQEOEM4ou4k
+UQZZPGg3wLVyWn6oSiaNTf8CAwEAAaNTMFEwHQYDVR0OBBYEFPC0aR9BNQEryIMu
+RQrFXV9p8mEpMB8GA1UdIwQYMBaAFPC0aR9BNQEryIMuRQrFXV9p8mEpMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKuoLKvlt7W63t9xDIYbYI3e
+3BeSt769lA2aBaIktSg7hVIFvX929sMMROD0sNSx81IMl7Cxm9u6C3BuKzUZDOwv
+hy7gj+CaA5e5moUmpfrFtTR4aAoacZpjDXd3H/OqMELFkx5QHhw5z2nnubrNaera
+pMQj/GOe/7+d1vjma+kNcKT6JBd5BPQqfk9+AVv5TombaLf3xc7dFR6bUQZKkZ2L
+9zCZamUai/qf66KQzdELLpUsX1O2ByCl95wVL5c0CcDObxLuVDn8AzsAnsa5EhM8
+68s38Xb/gUYDIny2F43+rEk8qQjd5OITFfd2K6ur5EcvIQrFHE7IUbKlIu9RqPs=
+-----END CERTIFICATE-----
diff --git a/tests/lib/Security/CertificateTest.php b/tests/lib/Security/CertificateTest.php
@@ -32,7 +32,7 @@ protected function setUp(): void {
 	}
 
 
-	public function testBogusData() {
+	public function testBogusData(): void {
 		$this->expectException(\Exception::class);
 		$this->expectExceptionMessage('Certificate could not get parsed.');
 
@@ -46,58 +46,58 @@ public function testOpenSslTrustedCertificateFormat(): void {
 		$this->assertSame('thawte, Inc.', $certificate->getOrganization());
 	}
 
-	public function testCertificateStartingWithFileReference() {
+	public function testCertificateStartingWithFileReference(): void {
 		$this->expectException(\Exception::class);
 		$this->expectExceptionMessage('Certificate could not get parsed.');
 
 		new Certificate('file://'.__DIR__ . '/../../data/certificates/goodCertificate.crt', 'bar');
 	}
 
-	public function testGetName() {
+	public function testGetName(): void {
 		$this->assertSame('GoodCertificate', $this->goodCertificate->getName());
 		$this->assertSame('BadCertificate', $this->invalidCertificate->getName());
 	}
 
-	public function testGetCommonName() {
-		$this->assertSame('security.owncloud.com', $this->goodCertificate->getCommonName());
+	public function testGetCommonName(): void {
+		$this->assertSame('security.nextcloud.com', $this->goodCertificate->getCommonName());
 		$this->assertSame(null, $this->invalidCertificate->getCommonName());
 	}
 
-	public function testGetOrganization() {
-		$this->assertSame('ownCloud Security', $this->goodCertificate->getOrganization());
+	public function testGetOrganization(): void {
+		$this->assertSame('Nextcloud Security', $this->goodCertificate->getOrganization());
 		$this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getOrganization());
 	}
 
-	public function testGetIssueDate() {
-		$expected = new \DateTime('2015-08-27 20:03:42 GMT');
+	public function testGetIssueDate(): void {
+		$expected = new \DateTime('2025-08-25 09:53:14 GMT');
 		$this->assertEquals($expected->getTimestamp(), $this->goodCertificate->getIssueDate()->getTimestamp());
-		$expected = new \DateTime('2015-08-27 20:19:13 GMT');
+		$expected = new \DateTime('2025-08-25 10:00:15 GMT');
 		$this->assertEquals($expected->getTimestamp(), $this->invalidCertificate->getIssueDate()->getTimestamp());
 	}
 
-	public function testGetExpireDate() {
-		$expected = new \DateTime('2025-08-24 20:03:42 GMT');
+	public function testGetExpireDate(): void {
+		$expected = new \DateTime('2035-08-23 09:53:14 GMT');
 		$this->assertEquals($expected->getTimestamp(), $this->goodCertificate->getExpireDate()->getTimestamp());
-		$expected = new \DateTime('2025-08-24 20:19:13 GMT');
+		$expected = new \DateTime('2035-08-23 10:00:15 GMT');
 		$this->assertEquals($expected->getTimestamp(), $this->invalidCertificate->getExpireDate()->getTimestamp());
 		$expected = new \DateTime('2014-08-28 09:12:43 GMT');
 		$this->assertEquals($expected->getTimestamp(), $this->expiredCertificate->getExpireDate()->getTimestamp());
 	}
 
-	public function testIsExpired() {
+	public function testIsExpired(): void {
 		$this->assertSame(false, $this->goodCertificate->isExpired());
 		$this->assertSame(false, $this->invalidCertificate->isExpired());
 		$this->assertSame(true, $this->expiredCertificate->isExpired());
 	}
 
-	public function testGetIssuerName() {
-		$this->assertSame('security.owncloud.com', $this->goodCertificate->getIssuerName());
+	public function testGetIssuerName(): void {
+		$this->assertSame('security.nextcloud.com', $this->goodCertificate->getIssuerName());
 		$this->assertSame(null, $this->invalidCertificate->getIssuerName());
 		$this->assertSame(null, $this->expiredCertificate->getIssuerName());
 	}
 
-	public function testGetIssuerOrganization() {
-		$this->assertSame('ownCloud Security', $this->goodCertificate->getIssuerOrganization());
+	public function testGetIssuerOrganization(): void {
+		$this->assertSame('Nextcloud Security', $this->goodCertificate->getIssuerOrganization());
 		$this->assertSame('Internet Widgits Pty Ltd', $this->invalidCertificate->getIssuerOrganization());
 		$this->assertSame('Internet Widgits Pty Ltd', $this->expiredCertificate->getIssuerOrganization());
 	}