Fix flaky test in SecureReactorNetty4HttpServerTransportTests with reproducible seed (#19327)

cwperks · web-flow · commit 1f9eb87ed987 · 2025-09-18T10:23:27.000-05:00
Signed-off-by: Craig Perkins &lt;cwperx@amazon.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -53,6 +53,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Fix QueryPhaseResultConsumer incomplete callback loops ([#19231](https://github.com/opensearch-project/OpenSearch/pull/19231))
 - Fix the `scaled_float` precision issue ([#19188](https://github.com/opensearch-project/OpenSearch/pull/19188))
 - Fix Using an excessively large reindex slice can lead to a JVM OutOfMemoryError on coordinator.([#18964](https://github.com/opensearch-project/OpenSearch/pull/18964))
+- [Flaky Test] Fix flaky test in SecureReactorNetty4HttpServerTransportTests with reproducible seed ([#19327](https://github.com/opensearch-project/OpenSearch/pull/19327))
 
 ### Dependencies
 - Bump `com.netflix.nebula.ospackage-base` from 12.0.0 to 12.1.0 ([#19019](https://github.com/opensearch-project/OpenSearch/pull/19019))
diff --git a/test/framework/src/main/java/org/opensearch/test/KeyStoreUtils.java b/test/framework/src/main/java/org/opensearch/test/KeyStoreUtils.java
@@ -8,9 +8,11 @@
 
 package org.opensearch.test;
 
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v1CertificateBuilder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 
 import javax.security.auth.x500.X500Principal;
@@ -22,6 +24,7 @@
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 import java.util.Date;
+import java.util.Locale;
 
 public class KeyStoreUtils {
 
@@ -53,13 +56,14 @@ private static X509CertificateHolder generateCert(KeyPair pair) throws Exception
         // 10 years in milliseconds
         var validityPeriod = 10L * 365 * 24 * 60 * 60 * 1000;
 
-        var certBuilder = new JcaX509v1CertificateBuilder(
-            new X500Principal("CN=Test CA Certificate"),
+        var certBuilder = new X509v1CertificateBuilder(
+            X500Name.getInstance(new X500Principal("CN=Test CA Certificate").getEncoded()),
             BigInteger.valueOf(1),
             new Date(baseTime),
             new Date(baseTime + validityPeriod),
-            new X500Principal("CN=Test CA Certificate"),
-            pair.getPublic()
+            Locale.ROOT,
+            X500Name.getInstance(new X500Principal("CN=Test CA Certificate").getEncoded()),
+            SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())
         );
         var signer = new JcaContentSignerBuilder("SHA256withRSA").build(pair.getPrivate());
         return certBuilder.build(signer);
