(PUP-11716) Account for different jruby and mri openssl implementations

In mri openssl, calling `sign(wrong_key, digest)` will update the public
key contained in the certificate and generate a new signature using the
private wrong_key. In jruby, it is assumed that the public key has
already been set.

Author: tvpartytonight

spec/unit/ssl/ssl_provider_spec.rb

@@ -299,6 +299,7 @@
     end
 
     it 'raises if client cert signature is invalid' do
+      client_cert.public_key = wrong_key.public_key
       client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
       expect {
         subject.create_context(**config.merge(client_cert: client_cert))
@@ -339,6 +340,7 @@
 
     it 'raises if intermediate CA signature is invalid' do
       int = global_cacerts.last
+      int.public_key = wrong_key.public_key if Puppet::Util::Platform.jruby?
       int.sign(wrong_key, OpenSSL::Digest::SHA256.new)
 
       expect {