Update expired certificates for HTTPS/TLS benchmarks

[rzikm]

This PR updates the PFX certificate files which have expired. The reason is that dotnet/runtime#66334 has made processing of expired certificates more expensive.

Before:

|                     Method | protocol |      Mean |     Error |    StdDev |    Median |       Min |       Max | Allocated |
|--------------------------- |--------- |----------:|----------:|----------:|----------:|----------:|----------:|----------:|
|  HandshakeRSA4096CertAsync |    Tls12 | 11.578 ms | 0.1056 ms | 0.0936 ms | 11.575 ms | 11.402 ms | 11.748 ms |  10.63 KB |
|  HandshakeRSA4096CertAsync |    Tls13 | 10.078 ms | 0.1079 ms | 0.0901 ms | 10.069 ms |  9.965 ms | 10.267 ms |  10.56 KB |
|      HandshakeContosoAsync |    Tls12 |  5.599 ms | 0.0465 ms | 0.0412 ms |  5.589 ms |  5.546 ms |  5.667 ms |  10.67 KB |
| HandshakeECDSA256CertAsync |    Tls12 |  5.338 ms | 0.0981 ms | 0.0918 ms |  5.302 ms |  5.230 ms |  5.464 ms |   9.29 KB |
|  HandshakeRSA2048CertAsync |    Tls12 |  5.769 ms | 0.0732 ms | 0.0649 ms |  5.768 ms |  5.672 ms |  5.886 ms |  10.82 KB |
|      HandshakeContosoAsync |    Tls13 |  4.756 ms | 0.0824 ms | 0.0688 ms |  4.746 ms |  4.672 ms |  4.919 ms |  10.59 KB |
| HandshakeECDSA256CertAsync |    Tls13 |  3.762 ms | 0.0932 ms | 0.1073 ms |  3.770 ms |  3.625 ms |  3.987 ms |   9.21 KB |
|  HandshakeRSA2048CertAsync |    Tls13 |  4.343 ms | 0.0863 ms | 0.0720 ms |  4.336 ms |  4.244 ms |  4.470 ms |   9.78 KB |

After

|                     Method | protocol |     Mean |     Error |    StdDev |   Median |      Min |      Max | Allocated |
|--------------------------- |--------- |---------:|----------:|----------:|---------:|---------:|---------:|----------:|
|  HandshakeRSA4096CertAsync |    Tls12 | 5.917 ms | 0.0708 ms | 0.0591 ms | 5.927 ms | 5.758 ms | 5.995 ms |   9.28 KB |
|  HandshakeRSA4096CertAsync |    Tls13 | 4.919 ms | 0.0672 ms | 0.0562 ms | 4.912 ms | 4.835 ms | 5.050 ms |    9.2 KB |
|      HandshakeContosoAsync |    Tls12 | 6.225 ms | 0.2475 ms | 0.2851 ms | 6.169 ms | 5.761 ms | 6.700 ms |  10.67 KB |
| HandshakeECDSA256CertAsync |    Tls12 | 3.643 ms | 0.1784 ms | 0.2054 ms | 3.745 ms | 3.284 ms | 3.853 ms |   7.95 KB |
|  HandshakeRSA2048CertAsync |    Tls12 | 3.110 ms | 0.0439 ms | 0.0389 ms | 3.123 ms | 3.042 ms | 3.161 ms |   8.51 KB |
|      HandshakeContosoAsync |    Tls13 | 5.004 ms | 0.0678 ms | 0.0634 ms | 4.997 ms | 4.893 ms | 5.127 ms |  10.59 KB |
| HandshakeECDSA256CertAsync |    Tls13 | 2.397 ms | 0.0525 ms | 0.0562 ms | 2.406 ms | 2.302 ms | 2.484 ms |   7.87 KB |
|  HandshakeRSA2048CertAsync |    Tls13 | 1.991 ms | 0.0171 ms | 0.0160 ms | 1.991 ms | 1.966 ms | 2.019 ms |   8.44 KB |

Script used to refresh the certificates:

function RefreshCertificate($PfxPath) {
    $days = 10 * 365
    $password = 'testcertificate'
    $passin = @("-passin", "pass:$password")
    $passout = @("-passout", "pass:$password")

    # Extract key and crt to separate files
    $CertPath = "$PfxPath.crt"
    $KeyPath = "$PfxPath.key"
    openssl pkcs12 -in $PfxPath @passin @passout -nokeys -out $CertPath -legacy
    openssl pkcs12 -in $PfxPath @passin @passout -nocerts -out $KeyPath -legacy

    # Generate certificate signing request from the existing cert, be sure to copy extensions
    $CsrPath = "$PfxPath.csr"
    openssl x509 -x509toreq -in $CertPath -key $KeyPath @passin -copy_extensions copyall -out $CsrPath

    # Sign the CSR and create the new cert
    $NewCertPath = "$PfxPath.new.crt"
    openssl req -x509 -in $CsrPath -key $KeyPath @passin -days $days -copy_extensions copyall -out $NewCertPath

    # Package back to a PFX file
    openssl pkcs12 -export -in $NewCertPath -inkey $KeyPath @passin @passout -out $PfxPath

    # Cleanup temp files
    Remove-Item -Force $KeyPath, $CsrPath, $NewCertPath, $CertPath
}

RefreshCertificate $PSScriptRoot/ec256.pfx
RefreshCertificate $PSScriptRoot/ec512.pfx
RefreshCertificate $PSScriptRoot/rsa2048.pfx
RefreshCertificate $PSScriptRoot/rsa4096.pfx

[danmoseley]

It doesn't matter here as you're not adding new certs, but note that any new test certs have to be added to https://github.com/dotnet/performance/blob/5dc6276cb84865cb9cd5e24f6c8f862289fa2f98/.config/CredScanSuppressions.json

[wfurt]

LGTM. Thanks @rzikm

[karelz]

@adamsitnik what's the PR review process in this repo? @wfurt does not have the "green check", which is surprising a bit ...

[adamsitnik]

LGTM, thank you @rzikm

@EgorBo @AndyAyersMS @tannergooding @kunalspathak @dakersnar @DrewScoggins this PR is going to cause a spike in the Reporting System which is going to look like a perf improvement, but it's more of a bug fix

[adamsitnik]

what's the PR review process in this repo? @wfurt does not have the "green check", which is surprising a bit

@karelz only people at level 70+ have the write permissions here.

but jokes aside, the number of people who have the write permissions is limited as we try to make sure that all new benchmarks follow these guidelines. @danmoseley has recently granted the write access to more people, Dan I believe that we should include @wfurt as he has written a lot of good benchmarks in the past.

[danmoseley]

I believe I gave everyone write access that already has write access to dotnet/runtime. We should just use code reviews here like there.

[karelz]

@danmoseley it does not seem to be that way, or @wfurt is not in the right group perhaps?

[danmoseley]

Hmm. @terrajobst will know how to fix it.

[terrajobst]

You only gave write permissions to dotnet-coreclr. I've also added dotnet-corefx, which includes @wfurt too.