replace the used certificate with new keys with a stronger encryption

Author: tkohegyi

README.md

@@ -89,3 +89,5 @@ This allows the client to trust all the SSL traffic coming from the proxy, which
 **IT IS CRITICAL THAT YOU DO NOT INSTALL THIS CERTIFICATE AUTHORITY ON A CLIENT/BROWSER THAT IS USED FOR ANYTHING OTHER THAN TESTING.**
 
 It is recommended to use `-Djdk.tls.namedGroups="secp256r1, secp384r1, ffdhe2048, ffdhe3072"` java arguments to address some issues still existing in some JDK implementations.
+
+Please note that in V2.5.x the certificate used by this proxy is upgraded.

build.gradle

@@ -32,12 +32,12 @@ group = "website.magyar"
 archivesBaseName = "mitm-java-proxy"
 ext.componentDescription = "MITM Java Proxy"
 
-ext.wilmaVersion=2.1
+ext.wilmaVersion=2.5
 ext.myBuildNumber='SNAPSHOT'
 if ( hasProperty('buildNumber') ) {
     myBuildNumber = "${project.ext.buildNumber}"
 }
-version = "$wilmaVersion" + ".25." + "${project.ext.myBuildNumber}"
+version = "$wilmaVersion" + ".26." + "${project.ext.myBuildNumber}"
 mainClassName = "website.magyar.mitm.standalone.StandaloneProxy"
 
 def isSnapshot = project.version.contains('SNAPSHOT')
@@ -141,16 +141,16 @@ dependencies {
     implementation group: 'commons-io', name: 'commons-io', version: '2.11.0'
     implementation group: 'org.brotli', name: 'dec', version: '0.1.2'
     implementation group: 'org.apache.ant', name: 'ant', version:'1.10.12'
-    implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version:'1.71' //this includes bcprov-jdk18on too
+    implementation group: 'org.bouncycastle', name: 'bcpkix-jdk18on', version:'1.71.1' //this includes bcprov-jdk18on too
     implementation group: 'org.eclipse.jetty', name: 'jetty-io', version: '9.4.48.v20220622'
     implementation group: 'javax.servlet', name: 'servlet-api', version: '2.5'
     implementation group: 'dnsjava', name: 'dnsjava', version: '3.5.0'
     testImplementation group: 'junit', name: 'junit', version:'4.13.2'
     testImplementation group: 'com.google.guava', name: 'guava', version: '31.1-jre'
     testImplementation group: 'org.mockito', name: 'mockito-all', version:'1.10.19'
-    testImplementation group: 'io.netty', name: 'netty-all', version: '4.1.78.Final'
+    testImplementation group: 'io.netty', name: 'netty-all', version: '4.1.80.Final'
     testImplementation group: 'org.eclipse.jetty', name: 'jetty-server', version: '9.4.48.v20220622'
-    testImplementation group: 'org.springframework', name: 'spring-core', version: '5.3.21'
+    testImplementation group: 'org.springframework', name: 'spring-core', version: '5.3.22'
     testImplementation group: 'com.nixxcode.jvmbrotli', name: 'jvmbrotli', version: '0.2.0'
     testImplementation group: 'com.nixxcode.jvmbrotli', name: 'jvmbrotli-win32-x86-amd64', version: '0.2.0'
     testImplementation group: 'com.nixxcode.jvmbrotli', name: 'jvmbrotli-linux-x86-amd64', version: '0.2.0'

config/backup/blank_crl.dec

@@ -46,7 +46,7 @@ public class CertificateCreator {
     /**
      * The default sign algorithm for this package is SHA1 with RSA.
      */
-    public static final String SIGN_ALGO = "SHA1withRSA";
+    public static final String SIGN_ALGO = "SHA256withRSA";  //was SHA1withRSA --hmm maybe SHA256WithRSAEncryption  ???
     /**
      * X.509 OID for Subject Key Identifier Extension - Replaced when duplicating a cert.
      */