From commits-return-47855-apmail-qpid-commits-archive=qpid.apache.org@qpid.apache.org Wed Feb 27 17:56:42 2019 Return-Path: X-Original-To: apmail-qpid-commits-archive@www.apache.org Delivered-To: apmail-qpid-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5A2A519CB2 for ; Wed, 27 Feb 2019 17:56:42 +0000 (UTC) Received: (qmail 63543 invoked by uid 500); 27 Feb 2019 17:56:42 -0000 Delivered-To: apmail-qpid-commits-archive@qpid.apache.org Received: (qmail 63519 invoked by uid 500); 27 Feb 2019 17:56:42 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 63510 invoked by uid 99); 27 Feb 2019 17:56:42 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Feb 2019 17:56:42 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 5EB8A82E8A; Wed, 27 Feb 2019 17:56:41 +0000 (UTC) Date: Wed, 27 Feb 2019 17:56:41 +0000 To: "commits@qpid.apache.org" Subject: [qpid-broker-j] branch 7.1.x updated: QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <155129020131.1249.16908984541312342620@gitbox.apache.org> From: orudyy@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: qpid-broker-j X-Git-Refname: refs/heads/7.1.x X-Git-Reftype: branch X-Git-Oldrev: c51f998346f91ff3acc4aadea857ba1bf888be88 X-Git-Newrev: 45e5f9013eb0ca53166cf25b00f773f44685d57f X-Git-Rev: 45e5f9013eb0ca53166cf25b00f773f44685d57f X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. orudyy pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git The following commit(s) were added to refs/heads/7.1.x by this push: new 45e5f90 QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources 45e5f90 is described below commit 45e5f9013eb0ca53166cf25b00f773f44685d57f Author: Alex Rudyy AuthorDate: Wed Feb 27 16:11:33 2019 +0000 QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources (cherry picked from commit d946bec02cf8cd5d72ab65df38c2733173dbc10b) --- broker-core/pom.xml | 3 - .../qpid/server/security/FileKeyStoreTest.java | 67 ++++++------- .../qpid/server/security/FileTrustStoreTest.java | 109 ++++++++++++++------- .../qpid/server/security/NonJavaKeyStoreTest.java | 38 ++++--- .../server/security/NonJavaTrustStoreTest.java | 14 +-- .../security/SiteSpecificTrustStoreTest.java | 6 +- .../apache/qpid/server/ssl/TrustManagerTest.java | 70 +++++++------ broker-core/src/test/resources/ssl/expired.crt | 17 ++++ broker-core/src/test/resources/ssl/java_broker.crt | 21 ++++ broker-core/src/test/resources/ssl/java_broker.req | 18 ++++ .../ssl/java_broker_expired_truststore.pkcs12 | Bin 0 -> 1002 bytes .../test/resources/ssl/java_broker_keystore.pkcs12 | Bin 0 -> 4425 bytes .../resources/ssl/java_broker_peerstore.pkcs12 | Bin 0 -> 1162 bytes .../resources/ssl/java_broker_truststore.pkcs12 | Bin 0 -> 1082 bytes .../ssl/java_client_expired_keystore.pkcs12 | Bin 0 -> 2397 bytes .../test/resources/ssl/java_client_keystore.pkcs12 | Bin 0 -> 7641 bytes .../resources/ssl/java_client_truststore.pkcs12 | Bin 0 -> 1082 bytes .../ssl/java_client_untrusted_keystore.pkcs12 | Bin 0 -> 2467 bytes .../resources/ssl/test_cert_only_keystore.pkcs12 | Bin 826 -> 1106 bytes .../src/test/resources/ssl/test_keystore.jks | Bin 5786 -> 6361 bytes .../resources/ssl/test_pk_only_keystore.pkcs12 | Bin 3129 -> 3521 bytes .../ssl/test_symmetric_key_keystore.pkcs12 | Bin 3949 -> 4637 bytes qpid-perftests-systests/pom.xml | 6 -- .../apache/qpid/test/utils/TestSSLConstants.java | 2 - systests/qpid-systests-http-management/pom.xml | 6 -- .../src/main/resources/java_broker_keystore.jks | Bin 0 -> 4425 bytes test-profiles/test_resources/ssl/CA_db/cert8.db | Bin 65536 -> 0 bytes test-profiles/test_resources/ssl/CA_db/cert9.db | Bin 0 -> 28672 bytes test-profiles/test_resources/ssl/CA_db/key3.db | Bin 16384 -> 0 bytes test-profiles/test_resources/ssl/CA_db/key4.db | Bin 0 -> 36864 bytes test-profiles/test_resources/ssl/CA_db/pkcs11.txt | 5 + test-profiles/test_resources/ssl/CA_db/rootca.crt | 24 +++-- test-profiles/test_resources/ssl/CA_db/secmod.db | Bin 16384 -> 0 bytes test-profiles/test_resources/ssl/app1.crt | 29 +++--- test-profiles/test_resources/ssl/app1.req | 29 +++--- test-profiles/test_resources/ssl/app2.crt | 29 +++--- test-profiles/test_resources/ssl/app2.req | 29 +++--- .../test_resources/ssl/generate-java-keystores.sh | 74 ++++++++++---- .../test_resources/ssl/generate-root-ca.sh | 10 +- test-profiles/test_resources/ssl/java_broker.crt | 28 +++--- test-profiles/test_resources/ssl/java_broker.req | 24 +++-- .../ssl/java_broker_expired_truststore.jks | Bin 769 -> 1002 bytes .../test_resources/ssl/java_broker_keystore.jks | Bin 3209 -> 4425 bytes .../test_resources/ssl/java_broker_peerstore.jks | Bin 802 -> 1162 bytes .../test_resources/ssl/java_broker_truststore.jks | Bin 591 -> 1082 bytes .../ssl/java_client_expired_keystore.jks | Bin 2057 -> 2397 bytes .../test_resources/ssl/java_client_keystore.jks | Bin 5786 -> 7641 bytes .../test_resources/ssl/java_client_truststore.jks | Bin 591 -> 1082 bytes .../ssl/java_client_untrusted_keystore.jks | Bin 2056 -> 2467 bytes .../test_resources/ssl/server_db/cert8.db | Bin 65536 -> 0 bytes .../test_resources/ssl/server_db/cert9.db | Bin 0 -> 28672 bytes test-profiles/test_resources/ssl/server_db/key3.db | Bin 16384 -> 0 bytes test-profiles/test_resources/ssl/server_db/key4.db | Bin 0 -> 36864 bytes .../test_resources/ssl/server_db/pkcs11.txt | 5 + .../test_resources/ssl/server_db/secmod.db | Bin 16384 -> 0 bytes .../test_resources/ssl/server_db/server.crt | 26 +++-- .../test_resources/ssl/server_db/server.req | 23 +++-- 57 files changed, 440 insertions(+), 272 deletions(-) diff --git a/broker-core/pom.xml b/broker-core/pom.xml index 3bad56f..7b0f7e8 100644 --- a/broker-core/pom.xml +++ b/broker-core/pom.xml @@ -133,9 +133,6 @@ ${basedir}/src/test/resources - - ${basedir}/../test-profiles/test_resources/ssl - diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java index 2d94b82..6eaf8f4 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java @@ -21,6 +21,7 @@ package org.apache.qpid.server.security; import static org.apache.qpid.server.security.FileTrustStoreTest.SYMMETRIC_KEY_KEYSTORE_RESOURCE; +import static org.apache.qpid.server.security.FileTrustStoreTest.createDataUrlForFile; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -48,14 +49,19 @@ import org.apache.qpid.server.model.ConfiguredObjectFactory; import org.apache.qpid.server.model.KeyStore; import org.apache.qpid.server.model.Model; import org.apache.qpid.server.util.DataUrlUtils; -import org.apache.qpid.server.util.FileUtils; import org.apache.qpid.test.utils.TestSSLConstants; import org.apache.qpid.test.utils.UnitTestBase; public class FileKeyStoreTest extends UnitTestBase { static final String EMPTY_KEYSTORE_RESOURCE = "/ssl/test_empty_keystore.jks"; - static final String KEYSTORE_CERTIFICATE_ONLY_RESOURCE = "/ssl/test_cert_only_keystore.pkcs12"; + private static final String KEYSTORE_CERTIFICATE_ONLY_RESOURCE = "/ssl/test_cert_only_keystore.pkcs12"; + private static final String BROKER_KEYSTORE = "ssl/java_broker_keystore.pkcs12"; + private static final String BROKER_KEYSTORE_PATH = "classpath:" + BROKER_KEYSTORE; + private static final String BROKER_KEYSTORE_PASSWORD = TestSSLConstants.BROKER_KEYSTORE_PASSWORD; + private static final String CLIENT_KEYSTORE_PATH = "classpath:ssl/java_client_keystore.pkcs12"; + private static final String CLIENT_KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD; + private static final String BROKER_KEYSTORE_ALIAS = TestSSLConstants.BROKER_KEYSTORE_ALIAS; private final Broker _broker = mock(Broker.class); private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance(); @@ -80,8 +86,8 @@ public class FileKeyStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -96,9 +102,9 @@ public class FileKeyStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); - attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS); + attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -113,7 +119,7 @@ public class FileKeyStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); + attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); attributes.put(FileKeyStore.PASSWORD, "wrong"); try @@ -135,8 +141,8 @@ public class FileKeyStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH); + attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown"); try @@ -157,8 +163,8 @@ public class FileKeyStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH); + attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "rootca"); try @@ -177,12 +183,12 @@ public class FileKeyStoreTest extends UnitTestBase @Test public void testCreateKeyStoreFromDataUrl_Success() throws Exception { - String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE); + String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE); Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -195,13 +201,13 @@ public class FileKeyStoreTest extends UnitTestBase @Test public void testCreateKeyStoreWithAliasFromDataUrl_Success() throws Exception { - String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE); + String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE); Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); - attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -214,7 +220,7 @@ public class FileKeyStoreTest extends UnitTestBase @Test public void testCreateKeyStoreFromDataUrl_WrongPassword() throws Exception { - String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE); + String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE); Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); @@ -241,7 +247,7 @@ public class FileKeyStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl); try @@ -260,11 +266,11 @@ public class FileKeyStoreTest extends UnitTestBase @Test public void testCreateKeyStoreFromDataUrl_UnknownAlias() throws Exception { - String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE); + String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE); Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown"); @@ -289,7 +295,7 @@ public class FileKeyStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, emptyKeystore); try @@ -311,7 +317,7 @@ public class FileKeyStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, getTestName()); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, keystoreUrl); attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12"); @@ -336,7 +342,7 @@ public class FileKeyStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, keystoreUrl); attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12"); @@ -349,8 +355,8 @@ public class FileKeyStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileKeyStore"); - attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); + attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -374,19 +380,14 @@ public class FileKeyStoreTest extends UnitTestBase assertNull("Unexpected alias value after failed change", fileKeyStore.getCertificateAlias()); Map changedAttributes = new HashMap<>(); - changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS); + changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS); fileKeyStore.setAttributes(changedAttributes); assertEquals("Unexpected alias value after change that is expected to be successful", - TestSSLConstants.BROKER_KEYSTORE_ALIAS, + BROKER_KEYSTORE_ALIAS, fileKeyStore.getCertificateAlias()); } - private static String createDataUrlForFile(String filename) - { - byte[] fileAsBytes = FileUtils.readFileAsBytes(filename); - return DataUrlUtils.getDataUrlForBytes(fileAsBytes); - } } diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java index f4243e2..c904f4c 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java @@ -34,6 +34,9 @@ import static org.junit.Assume.assumeThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.KeyStore; @@ -48,6 +51,7 @@ import java.util.Map; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; +import com.google.common.io.ByteStreams; import org.junit.Before; import org.junit.Test; @@ -62,15 +66,26 @@ import org.apache.qpid.server.model.Model; import org.apache.qpid.server.model.TrustStore; import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager; import org.apache.qpid.server.util.DataUrlUtils; -import org.apache.qpid.server.util.FileUtils; import org.apache.qpid.test.utils.TestSSLConstants; import org.apache.qpid.test.utils.UnitTestBase; public class FileTrustStoreTest extends UnitTestBase { - static final String KEYSTORE_PK_ONLY_RESOURCE = "/ssl/test_pk_only_keystore.pkcs12"; static final String SYMMETRIC_KEY_KEYSTORE_RESOURCE = "/ssl/test_symmetric_key_keystore.pkcs12"; - static final String KEYSTORE_RESOURCE = "/ssl/test_keystore.jks"; + private static final String KEYSTORE_PK_ONLY_RESOURCE = "/ssl/test_pk_only_keystore.pkcs12"; + private static final String TRUSTSTORE_PASSWORD = TestSSLConstants.TRUSTSTORE_PASSWORD; + private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD; + private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD; + private static final String KEYSTORE_RESOURCE = "/ssl/test_keystore.jks"; + private static final String TRUST_STORE_PATH = "classpath:ssl/java_client_truststore.pkcs12"; + private static final String PEER_STORE_PATH = "classpath:ssl/java_broker_peerstore.pkcs12"; + private static final String EXPIRED_TRUST_STORE_PATH = "classpath:ssl/java_broker_expired_truststore.pkcs12"; + private static final String EXPIRED_KEYSTORE_PATH = "ssl/java_client_expired_keystore.pkcs12"; + private static final String TRUST_STORE = "ssl/java_client_truststore.pkcs12"; + private static final String BROKER_TRUST_STORE_PATH = "classpath:ssl/java_broker_truststore.pkcs12"; + private static final String BROKER_TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD; + private static final String BROKER_KEYSTORE_PASSWORD = TestSSLConstants.BROKER_KEYSTORE_PASSWORD; + private final Broker _broker = mock(Broker.class); private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance(); @@ -95,8 +110,8 @@ public class FileTrustStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH); + attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); TrustStore fileTrustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -111,7 +126,7 @@ public class FileTrustStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); + attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH); attributes.put(FileTrustStore.PASSWORD, "wrong"); try @@ -133,8 +148,8 @@ public class FileTrustStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_PEERSTORE); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_PEERSTORE_PASSWORD); + attributes.put(FileTrustStore.STORE_URL, PEER_STORE_PATH); + attributes.put(FileTrustStore.PASSWORD, PEER_STORE_PASSWORD); attributes.put(FileTrustStore.PEERS_ONLY, true); TrustStore fileTrustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -157,8 +172,8 @@ public class FileTrustStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH); + attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -169,9 +184,9 @@ public class FileTrustStoreTest extends UnitTestBase assertTrue("Unexpected trust manager type", condition); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - KeyStore clientStore = getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE, - TestSSLConstants.KEYSTORE_PASSWORD, - KeyStore.getDefaultType()); + KeyStore clientStore = getInitializedKeyStore(EXPIRED_KEYSTORE_PATH, + KEYSTORE_PASSWORD, + "pkcs12"); String alias = clientStore.aliases().nextElement(); X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias); @@ -183,8 +198,8 @@ public class FileTrustStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH); + attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD); attributes.put(FileTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -196,9 +211,9 @@ public class FileTrustStoreTest extends UnitTestBase assertTrue("Unexpected trust manager type", condition); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - KeyStore clientStore = getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE, - TestSSLConstants.KEYSTORE_PASSWORD, - KeyStore.getDefaultType()); + KeyStore clientStore = getInitializedKeyStore(EXPIRED_KEYSTORE_PATH, + KEYSTORE_PASSWORD, + KeyStore.getDefaultType()); String alias = clientStore.aliases().nextElement(); X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias); @@ -225,12 +240,12 @@ public class FileTrustStoreTest extends UnitTestBase @Test public void testCreateTrustStoreFromDataUrl_Success() throws Exception { - String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE); + String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE); Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); TrustStore fileTrustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -243,7 +258,7 @@ public class FileTrustStoreTest extends UnitTestBase @Test public void testCreateTrustStoreFromDataUrl_WrongPassword() throws Exception { - String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE); + String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE); Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); @@ -270,7 +285,7 @@ public class FileTrustStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); try @@ -291,13 +306,13 @@ public class FileTrustStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, "myFileTrustStore"); - attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH); + attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); FileTrustStore fileTrustStore = (FileTrustStore) _factory.create(TrustStore.class, attributes, _broker); assertEquals("Unexpected path value before change", - TestSSLConstants.TRUSTSTORE, + TRUST_STORE_PATH, fileTrustStore.getStoreUrl()); @@ -317,17 +332,17 @@ public class FileTrustStoreTest extends UnitTestBase } assertEquals("Unexpected path value after failed change", - TestSSLConstants.TRUSTSTORE, + TRUST_STORE_PATH, fileTrustStore.getStoreUrl()); Map changedAttributes = new HashMap<>(); - changedAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_TRUSTSTORE); - changedAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD); + changedAttributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH); + changedAttributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD); fileTrustStore.setAttributes(changedAttributes); assertEquals("Unexpected path value after change that is expected to be successful", - TestSSLConstants.BROKER_TRUSTSTORE, + BROKER_TRUST_STORE_PATH, fileTrustStore.getStoreUrl()); } @@ -339,7 +354,7 @@ public class FileTrustStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileKeyStore.NAME, "myFileTrustStore"); - attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.PASSWORD, KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, emptyKeystore); try @@ -361,7 +376,7 @@ public class FileTrustStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, getTestName()); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, keystoreUrl); attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12"); @@ -386,7 +401,7 @@ public class FileTrustStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, getTestName()); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, keystoreUrl); attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12"); @@ -406,7 +421,7 @@ public class FileTrustStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, getTestName()); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileTrustStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, keystoreUrl); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -422,7 +437,7 @@ public class FileTrustStoreTest extends UnitTestBase KeyStore ks = KeyStore.getInstance(type); try(InputStream is = url.openStream()) { - ks.load(is, TestSSLConstants.BROKER_KEYSTORE_PASSWORD.toCharArray()); + ks.load(is, BROKER_KEYSTORE_PASSWORD.toCharArray()); } int result = 0; @@ -438,9 +453,29 @@ public class FileTrustStoreTest extends UnitTestBase return result; } - private static String createDataUrlForFile(String filename) + public static String createDataUrlForFile(String filename) throws IOException { - byte[] fileAsBytes = FileUtils.readFileAsBytes(filename); - return DataUrlUtils.getDataUrlForBytes(fileAsBytes); + InputStream in = null; + try + { + File f = new File(filename); + if (f.exists()) + { + in = new FileInputStream(f); + } + else + { + in = Thread.currentThread().getContextClassLoader().getResourceAsStream(filename); + } + byte[] fileAsBytes = ByteStreams.toByteArray(in); + return DataUrlUtils.getDataUrlForBytes(fileAsBytes); + } + finally + { + if (in != null) + { + in.close(); + } + } } } diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java index d5f500e..16cc2b0 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java @@ -70,6 +70,7 @@ import org.apache.qpid.test.utils.UnitTestBase; public class NonJavaKeyStoreTest extends UnitTestBase { + private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12"; private Broker _broker; private ConfiguredObjectFactory _factory; private List _testResources; @@ -88,29 +89,23 @@ public class NonJavaKeyStoreTest extends UnitTestBase @After public void tearDown() throws Exception { - try - { - } - finally + for (File resource: _testResources) { - for (File resource: _testResources) + try { - try - { - resource.delete(); - } - catch (Exception e) - { - e.printStackTrace(); - } + resource.delete(); + } + catch (Exception e) + { + e.printStackTrace(); } } } - private File[] extractResourcesFromTestKeyStore(boolean pem) throws Exception + private File[] extractResourcesFromTestKeyStore(boolean pem, final String storeResource) throws Exception { java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); - try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks")) + try(InputStream is = getClass().getResourceAsStream(storeResource)) { ks.load(is, KEYSTORE_PASSWORD.toCharArray() ); } @@ -184,7 +179,7 @@ public class NonJavaKeyStoreTest extends UnitTestBase private void runTestCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDerFormat(boolean isPEM)throws Exception { - File[] resources = extractResourcesFromTestKeyStore(isPEM); + File[] resources = extractResourcesFromTestKeyStore(isPEM, KEYSTORE); _testResources.addAll(Arrays.asList(resources)); Map attributes = new HashMap<>(); @@ -205,7 +200,7 @@ public class NonJavaKeyStoreTest extends UnitTestBase @Test public void testCreationOfTrustStoreFromValidPrivateKeyAndInvalidCertificate()throws Exception { - File[] resources = extractResourcesFromTestKeyStore(true); + File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE); _testResources.addAll(Arrays.asList(resources)); File invalidCertificate = TestFileUtils.createTempFile(this, ".invalid.cert", "content"); @@ -231,7 +226,7 @@ public class NonJavaKeyStoreTest extends UnitTestBase @Test public void testCreationOfTrustStoreFromInvalidPrivateKeyAndValidCertificate()throws Exception { - File[] resources = extractResourcesFromTestKeyStore(true); + File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE); _testResources.addAll(Arrays.asList(resources)); File invalidPrivateKey = TestFileUtils.createTempFile(this, ".invalid.pk", "content"); @@ -276,15 +271,16 @@ public class NonJavaKeyStoreTest extends UnitTestBase { when(_broker.scheduleHouseKeepingTask(anyLong(), any(TimeUnit.class), any(Runnable.class))).thenReturn(mock(ScheduledFuture.class)); - java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); - try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks")) + java.security.KeyStore ks = java.security.KeyStore.getInstance("pkcs12"); + final String storeLocation = KEYSTORE; + try(InputStream is = getClass().getResourceAsStream(storeLocation)) { ks.load(is, KEYSTORE_PASSWORD.toCharArray() ); } X509Certificate cert = (X509Certificate) ks.getCertificate("rootca"); int expiryDays = (int)((cert.getNotAfter().getTime() - System.currentTimeMillis()) / (24l * 60l * 60l * 1000l)); - File[] resources = extractResourcesFromTestKeyStore(false); + File[] resources = extractResourcesFromTestKeyStore(false, storeLocation); _testResources.addAll(Arrays.asList(resources)); Map attributes = new HashMap<>(); diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java index 3630932..1466e57 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java @@ -54,6 +54,8 @@ import org.apache.qpid.test.utils.UnitTestBase; public class NonJavaTrustStoreTest extends UnitTestBase { + private static final String EXPIRED_KEYSTORE = "ssl/java_client_expired_keystore.pkcs12"; + private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD; private final Broker _broker = mock(Broker.class); private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance(); private final Model _model = BrokerModel.getInstance(); @@ -75,7 +77,7 @@ public class NonJavaTrustStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore"); - attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.crt").toExternalForm()); + attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.crt").toExternalForm()); attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore"); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -92,7 +94,7 @@ public class NonJavaTrustStoreTest extends UnitTestBase Map attributes = new HashMap<>(); attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore"); attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true); - attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/expired.crt").toExternalForm()); + attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/expired.crt").toExternalForm()); attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore"); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -104,9 +106,9 @@ public class NonJavaTrustStoreTest extends UnitTestBase assertTrue("Unexpected trust manager type", condition); X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; - KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE, - TestSSLConstants.KEYSTORE_PASSWORD, - KeyStore.getDefaultType()); + KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE, + KEYSTORE_PASSWORD, + "PKCS12"); String alias = clientStore.aliases().nextElement(); X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias); @@ -135,7 +137,7 @@ public class NonJavaTrustStoreTest extends UnitTestBase { Map attributes = new HashMap<>(); attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore"); - attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.req").toExternalForm()); + attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.req").toExternalForm()); attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore"); try diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java index 0bea734..b2f95e6 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java @@ -65,6 +65,8 @@ public class SiteSpecificTrustStoreTest extends UnitTestBase { private static final String EXPECTED_SUBJECT = "CN=localhost,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown"; private static final String EXPECTED_ISSUER = "CN=MyRootCA,O=ACME,ST=Ontario,C=CA"; + private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12"; + private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD; private final Broker _broker = mock(Broker.class); private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance(); private final Model _model = BrokerModel.getInstance(); @@ -257,8 +259,8 @@ public class SiteSpecificTrustStoreTest extends UnitTestBase private ServerSocket createTestSSLServerSocket() throws Exception { - char[] keyPassword = TestSSLConstants.KEYSTORE_PASSWORD.toCharArray(); - try(InputStream inputStream = getClass().getResourceAsStream("/java_broker_keystore.jks")) + char[] keyPassword = KEYSTORE_PASSWORD.toCharArray(); + try(InputStream inputStream = getClass().getResourceAsStream(KEYSTORE)) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); diff --git a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java index 093cc2c..12dfb54 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java @@ -43,13 +43,23 @@ import org.apache.qpid.test.utils.UnitTestBase; public class TrustManagerTest extends UnitTestBase { - private static final String STORE_TYPE = "JKS"; + private static final String STORE_TYPE = "pkcs12"; private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm(); + private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD; + private static final String PEER_STORE = "ssl/java_broker_peerstore.pkcs12"; + private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD; + private static final String KEYSTORE = "ssl/java_client_keystore.pkcs12"; + private static final String CERT_ALIAS_APP_1 = TestSSLConstants.CERT_ALIAS_APP1; + private static final String CERT_ALIAS_APP_2 = TestSSLConstants.CERT_ALIAS_APP2; + private static final String TRUST_STORE = "ssl/java_broker_truststore.pkcs12"; + private static final String TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD; + private static final String CERT_ALIAS_UNTRUSTED_CLIENT = TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT; + private static final String UNTRUSTED_KEYSTORE = "ssl/java_client_untrusted_keystore.pkcs12"; // retrieves the client certificate's chain from store and returns it as an array private X509Certificate[] getClientChain(final String storePath, final String alias) throws Exception { - final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, TestSSLConstants.KEYSTORE_PASSWORD, STORE_TYPE); + final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, KEYSTORE_PASSWORD, STORE_TYPE); final Certificate[] chain = ks.getCertificateChain(alias); return Arrays.copyOf(chain, chain.length, X509Certificate[].class); } @@ -61,7 +71,7 @@ public class TrustManagerTest extends UnitTestBase while (aliases.hasMoreElements()) { final String alias = aliases.nextElement(); - if (!alias.equalsIgnoreCase(TestSSLConstants.CERT_ALIAS_APP1)) + if (!alias.equalsIgnoreCase(CERT_ALIAS_APP_1)) { fail("Broker's peer store contains other certificate than client's app1 public key"); } @@ -76,7 +86,7 @@ public class TrustManagerTest extends UnitTestBase public void testQpidPeersOnlyTrustManager() throws Exception { // first let's check that peer manager loaded with the PEERstore succeeds - final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE); + final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE); this.noCAinPeerStore(ps); final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM); pmf.init(ps); @@ -96,7 +106,7 @@ public class TrustManagerTest extends UnitTestBase try { // since broker's peerstore contains the client's app1 certificate, the check should succeed - peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA"); + peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA"); } catch (CertificateException e) { @@ -106,7 +116,7 @@ public class TrustManagerTest extends UnitTestBase try { // since broker's peerstore does not contain the client's app2 certificate, the check should fail - peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA"); + peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA"); fail("Untrusted client's validation against the broker's peer store manager succeeded."); } catch (CertificateException e) @@ -117,7 +127,7 @@ public class TrustManagerTest extends UnitTestBase // now let's check that peer manager loaded with the brokers TRUSTstore fails because // it does not have the clients certificate in it (though it does have a CA-cert that // would otherwise trust the client cert when using the regular trust manager). - final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE); + final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE); final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM); tmf.init(ts); final TrustManager[] delegateTrustManagers = tmf.getTrustManagers(); @@ -137,7 +147,7 @@ public class TrustManagerTest extends UnitTestBase { // since broker's truststore doesn't contain the client's app1 certificate, the check should fail // despite the fact that the truststore does have a CA that would otherwise trust the cert - peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA"); + peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA"); fail("Client's validation against the broker's peer store manager didn't fail."); } catch (CertificateException e) @@ -149,7 +159,7 @@ public class TrustManagerTest extends UnitTestBase { // since broker's truststore doesn't contain the client's app2 certificate, the check should fail // despite the fact that the truststore does have a CA that would otherwise trust the cert - peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA"); + peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA"); fail("Client's validation against the broker's peer store manager didn't fail."); } catch (CertificateException e) @@ -166,7 +176,7 @@ public class TrustManagerTest extends UnitTestBase public void testQpidMultipleTrustManagerWithRegularTrustStore() throws Exception { final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager(); - final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE); + final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE); final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM); tmf.init(ts); final TrustManager[] delegateTrustManagers = tmf.getTrustManagers(); @@ -185,8 +195,7 @@ public class TrustManagerTest extends UnitTestBase try { // verify the CA-trusted app1 cert (should succeed) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, - TestSSLConstants.CERT_ALIAS_APP1), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA"); } catch (CertificateException ex) { @@ -196,8 +205,7 @@ public class TrustManagerTest extends UnitTestBase try { // verify the CA-trusted app2 cert (should succeed) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, - TestSSLConstants.CERT_ALIAS_APP2), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA"); } catch (CertificateException ex) { @@ -207,8 +215,8 @@ public class TrustManagerTest extends UnitTestBase try { // verify the untrusted cert (should fail) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE, - TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE, + CERT_ALIAS_UNTRUSTED_CLIENT), "RSA"); fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed."); } catch (CertificateException ex) @@ -225,7 +233,7 @@ public class TrustManagerTest extends UnitTestBase public void testQpidMultipleTrustManagerWithPeerStore() throws Exception { final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager(); - final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE); + final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE); final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM); pmf.init(ps); final TrustManager[] delegatePeerManagers = pmf.getTrustManagers(); @@ -244,8 +252,8 @@ public class TrustManagerTest extends UnitTestBase try { // verify the trusted app1 cert (should succeed as the key is in the peerstore) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, - TestSSLConstants.CERT_ALIAS_APP1), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, + CERT_ALIAS_APP_1), "RSA"); } catch (CertificateException ex) { @@ -255,8 +263,8 @@ public class TrustManagerTest extends UnitTestBase try { // verify the untrusted app2 cert (should fail as the key is not in the peerstore) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, - TestSSLConstants.CERT_ALIAS_APP2), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, + CERT_ALIAS_APP_2), "RSA"); fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed."); } catch (CertificateException ex) @@ -267,8 +275,8 @@ public class TrustManagerTest extends UnitTestBase try { // verify the untrusted cert (should fail as the key is not in the peerstore) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE, - TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE, + CERT_ALIAS_UNTRUSTED_CLIENT), "RSA"); fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed."); } catch (CertificateException ex) @@ -286,7 +294,7 @@ public class TrustManagerTest extends UnitTestBase public void testQpidMultipleTrustManagerWithTrustAndPeerStores() throws Exception { final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager(); - final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE); + final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE); final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM); tmf.init(ts); final TrustManager[] delegateTrustManagers = tmf.getTrustManagers(); @@ -302,7 +310,7 @@ public class TrustManagerTest extends UnitTestBase } assertTrue("The regular trust manager for the trust store was not added", trustManagerAdded); - final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE); + final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE); final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM); pmf.init(ps); final TrustManager[] delegatePeerManagers = pmf.getTrustManagers(); @@ -321,8 +329,8 @@ public class TrustManagerTest extends UnitTestBase try { // verify the CA-trusted app1 cert (should succeed) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, - TestSSLConstants.CERT_ALIAS_APP1), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, + CERT_ALIAS_APP_1), "RSA"); } catch (CertificateException ex) { @@ -332,8 +340,8 @@ public class TrustManagerTest extends UnitTestBase try { // verify the CA-trusted app2 cert (should succeed) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, - TestSSLConstants.CERT_ALIAS_APP2), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, + CERT_ALIAS_APP_2), "RSA"); } catch (CertificateException ex) { @@ -343,8 +351,8 @@ public class TrustManagerTest extends UnitTestBase try { // verify the untrusted cert (should fail) - mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE, - TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA"); + mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE, + CERT_ALIAS_UNTRUSTED_CLIENT), "RSA"); fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed."); } catch (CertificateException ex) diff --git a/broker-core/src/test/resources/ssl/expired.crt b/broker-core/src/test/resources/ssl/expired.crt new file mode 100644 index 0000000..933330a --- /dev/null +++ b/broker-core/src/test/resources/ssl/expired.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvzCCAaegAwIBAgIEAjtn8zANBgkqhkiG9w0BAQ0FADAQMQ4wDAYDVQQDEwVV +U0VSMTAeFw0xMDAxMDEyMjQ0MjVaFw0xMDAxMDIyMjQ0MjVaMBAxDjAMBgNVBAMT +BVVTRVIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2wa5um63bXJ +j7jv3pfhDgkvwE9hfM/DLv1rmkq2Psepefb40VJng61WiTeLNWdXrAJ+ui5iHTCn +8n+iqaucaPv4mOwH3j57CCLRvFrFSp/cUx2oZ3Zx1DfaSgfIc5F8AJQvYrtCxa6m +eYCoUJ3BZqARiKc6fk/RtACB1YI9mCDYOgnntNhEwMkRTuPqholyaL1fmw51EDGH +iGCQwsxj+YMLkuK2aQAs498NcA6fzui0Ey3MJ6LmLYbOSKqZ1cBzC4YfSGH921Ic +4YDgsvQ1io1zN4AJFHj8ld5rlDCTElgUFmkm2wCLvQAQ9+5MB4fDVLFldpHHBgX2 +0097qFSAEwIDAQABoyEwHzAdBgNVHQ4EFgQUZ30jJvIgSSRkltqIKv7UgEYnlvUw +DQYJKoZIhvcNAQENBQADggEBABYZ+ZwbRnJvfjnFq9c+GV5/7FJOTlO0SVAVZrYJ +HzquTr3mFDkhOc6aDlaNGiFAJcs6Udj3MvV7J+Uuai9oJDmVCt94HZL3k09G+z1b +A3BorBKWDYm2L9CKpjUgD0VY40Tc2yNVyrzCbdjVnBkrLKiAirSrb5NJK2lnJg4Y +TB7TiAnSydfRWUyUo8/wEMgIo4o0vuB7AnBQFhCd0XRmxBNoBZ19f+R041I6CQ0L +9jc172XWHL1o111/RS7M8qLcWxi11DN62p6IKNT32DnhVV0RFnfVTQDaQ9qsPFmg +Dngy+2weYwc6hEKhnunGrv0LNoqp6lQbOZO4c4v0/ynBHf4= +-----END CERTIFICATE----- diff --git a/broker-core/src/test/resources/ssl/java_broker.crt b/broker-core/src/test/resources/ssl/java_broker.crt new file mode 100644 index 0000000..4e5c086 --- /dev/null +++ b/broker-core/src/test/resources/ssl/java_broker.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC +Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15 +Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE +BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ +MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno +In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee +UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw +Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP +Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj +lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ +wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw +CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC +AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu +WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh +7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc +8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy +NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa +FVo105jdjqfMxt8FRNuQ05vYEQ== +-----END CERTIFICATE----- diff --git a/broker-core/src/test/resources/ssl/java_broker.req b/broker-core/src/test/resources/ssl/java_broker.req new file mode 100644 index 0000000..c618dd3 --- /dev/null +++ b/broker-core/src/test/resources/ssl/java_broker.req @@ -0,0 +1,18 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93 +bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH +VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz +y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi +rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj +3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf +PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc +RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO +MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN +BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7 +UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv +hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN +jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9 +YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL +FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I= +-----END NEW CERTIFICATE REQUEST----- diff --git a/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 new file mode 100644 index 0000000..9bfe301 Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 new file mode 100644 index 0000000..b45991f Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 new file mode 100644 index 0000000..a5b307f Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 new file mode 100644 index 0000000..4184adf Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 new file mode 100644 index 0000000..cb9b876 Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 new file mode 100644 index 0000000..9422d9a Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 new file mode 100644 index 0000000..1b45a23 Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 new file mode 100644 index 0000000..8b0b023 Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 b/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 index 848eaf7..f480819 100644 Binary files a/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 and b/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/test_keystore.jks b/broker-core/src/test/resources/ssl/test_keystore.jks index 941fc7e..afa9d02 100644 Binary files a/broker-core/src/test/resources/ssl/test_keystore.jks and b/broker-core/src/test/resources/ssl/test_keystore.jks differ diff --git a/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 b/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 index 0985e75..64ca340 100644 Binary files a/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 and b/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 differ diff --git a/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 b/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 index 3c82f56..f39dcf4 100644 Binary files a/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 and b/broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 differ diff --git a/qpid-perftests-systests/pom.xml b/qpid-perftests-systests/pom.xml index b9d20f2..db4e522 100644 --- a/qpid-perftests-systests/pom.xml +++ b/qpid-perftests-systests/pom.xml @@ -69,12 +69,6 @@ src/test/resources - - ${basedir}/../test-profiles/test_resources/ssl - - *.jks - - diff --git a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java index 7b75c6f..949b450 100644 --- a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java +++ b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java @@ -21,7 +21,6 @@ package org.apache.qpid.test.utils; public interface TestSSLConstants { String KEYSTORE = "test-profiles/test_resources/ssl/java_client_keystore.jks"; - String UNTRUSTED_KEYSTORE = "test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks"; String EXPIRED_KEYSTORE = "test-profiles/test_resources/ssl/java_client_expired_keystore.jks"; String KEYSTORE_PASSWORD = "password"; String TRUSTSTORE = "test-profiles/test_resources/ssl/java_client_truststore.jks"; @@ -39,6 +38,5 @@ public interface TestSSLConstants String BROKER_PEERSTORE_PASSWORD = "password"; String BROKER_TRUSTSTORE = "test-profiles/test_resources/ssl/java_broker_truststore.jks"; - String BROKER_EXPIRED_TRUSTSTORE = "test-profiles/test_resources/ssl/java_broker_expired_truststore.jks"; String BROKER_TRUSTSTORE_PASSWORD = "password"; } diff --git a/systests/qpid-systests-http-management/pom.xml b/systests/qpid-systests-http-management/pom.xml index 8b70bee..4885bab 100644 --- a/systests/qpid-systests-http-management/pom.xml +++ b/systests/qpid-systests-http-management/pom.xml @@ -175,12 +175,6 @@ ${basedir}/src/test/resources - - ${basedir}/../../test-profiles/test_resources/ssl - - *.jks - - diff --git a/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks new file mode 100644 index 0000000..b45991f Binary files /dev/null and b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks differ diff --git a/test-profiles/test_resources/ssl/CA_db/cert8.db b/test-profiles/test_resources/ssl/CA_db/cert8.db deleted file mode 100644 index a3f6c20..0000000 Binary files a/test-profiles/test_resources/ssl/CA_db/cert8.db and /dev/null differ diff --git a/test-profiles/test_resources/ssl/CA_db/cert9.db b/test-profiles/test_resources/ssl/CA_db/cert9.db new file mode 100644 index 0000000..2bed63c Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/cert9.db differ diff --git a/test-profiles/test_resources/ssl/CA_db/key3.db b/test-profiles/test_resources/ssl/CA_db/key3.db deleted file mode 100644 index ccde375..0000000 Binary files a/test-profiles/test_resources/ssl/CA_db/key3.db and /dev/null differ diff --git a/test-profiles/test_resources/ssl/CA_db/key4.db b/test-profiles/test_resources/ssl/CA_db/key4.db new file mode 100644 index 0000000..4562b1a Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/key4.db differ diff --git a/test-profiles/test_resources/ssl/CA_db/pkcs11.txt b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt new file mode 100644 index 0000000..beb8e0f --- /dev/null +++ b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt @@ -0,0 +1,5 @@ +library= +name=NSS Internal PKCS #11 Module +parameters=configdir='CA_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/test-profiles/test_resources/ssl/CA_db/rootca.crt b/test-profiles/test_resources/ssl/CA_db/rootca.crt index eeced5a..b9356b6 100644 --- a/test-profiles/test_resources/ssl/CA_db/rootca.crt +++ b/test-profiles/test_resources/ssl/CA_db/rootca.crt @@ -1,13 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICDDCCAXWgAwIBAgIFAKI1edswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC +MIIDETCCAfmgAwIBAgIFALBcSiAwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15 -Um9vdENBMB4XDTE1MDMxOTIyMzUyOVoXDTIwMDMxOTIyMzUyOVowQTELMAkGA1UE +Um9vdENBMB4XDTE5MDIyNzE2MDM1OVoXDTI0MDIyNzE2MDM1OVowQTELMAkGA1UE BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMT -CE15Um9vdENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjbsB++rgz0Kl9 -4VLr/03Tgab+xxf1krNdxriCMf7dd2cOQbHt3ytDeLroR/TH2Jqkv6MuXRlYHByw -Oa3tqqX9pfCJDMnLiUZ97coeaZdtlLaHsVdp0KUiRPT+aUxbGW4n7r9o/5ahCoDV -gxWsU0JXlHMI8eRh/smNVWf2AgQKBwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G -CSqGSIb3DQEBBQUAA4GBAKfUcPQHf8Qs5UdLWyOSlnAB3fVjFjZHgBXdGAsZNFMY -/Grjl1lGc7KJSvm6ICMD1Dq4rHrw1i4KwaeyuCfMgZ5RpsNXNoVVtCms4vD/FbSw -Vde4OfEDiHcOy5Pd/ovnwPd6znHlYIXWZ3SEBs4MKzWW8BnwOEO+FAog0rAOE9N+ +CE15Um9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7wfxIsA +yM7HhpEfHy0rEBrhfwCTf/dO/x6DFKjYfxKuhbFcHuBWHhq60mn04Wfo0kwCSZSE +sabJvba5iHAztzHUeLBTyg9fy57tlNs0sQMqXCD3bwa1HBGgMt5A05zSmi9ZklwH +xrfB8nbSePD/V1tmwjXvWYx/G2xnRHZbs8dS000DteI2yq8O1i/NJst8KrifxgE2 +RzfNqSLxrmEzZAe5lt2eGIxr+UatR/AKXFixfKEK523Rq9CnJ7Fdgzt0WebbhUwg +4A0AIJk4h6WKTB+RwdWT9Dgzc+qSkjHco9vqToF92QfQOygPjDSjWKHwPyTskuYf +W9EohouHZWjsXQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUA +A4IBAQCYi9vsfbIRihVyVQ8R1xBD+v7HZ31Se4v3ODQ9xD4DBE4qcE4kYTmFdRoD +5WIm9O2w20Iz4icVr1iyOlund9psL3CSklPVUqGIGQXfzxfI9Dgi+NicIWDFhHra +hfeYl2Tg4lkkodTewVMdiigh7MBdWnr3j/xEIWxcvD3x5ymXPV6PU9mzn8r/tcNC +A+07I0eCqcAYHDTEQxumiTBObymnnABYr0lDa+baWrW2YuLx+I5I+rHFEnuy9vDn +rN0kZuG32V5cIAavDZWkUrxR87TsJ0gxv/cbFU+J2x4Z6X8ryI2HhLujxqXmTzSH +5Bq18bki5O4kqJFY4CA/N+035Yta -----END CERTIFICATE----- diff --git a/test-profiles/test_resources/ssl/CA_db/secmod.db b/test-profiles/test_resources/ssl/CA_db/secmod.db deleted file mode 100644 index 0c0a006..0000000 Binary files a/test-profiles/test_resources/ssl/CA_db/secmod.db and /dev/null differ diff --git a/test-profiles/test_resources/ssl/app1.crt b/test-profiles/test_resources/ssl/app1.crt index 5b32b12..edc890f 100644 --- a/test-profiles/test_resources/ssl/app1.crt +++ b/test-profiles/test_resources/ssl/app1.crt @@ -1,18 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIC4TCCAkqgAwIBAgIFAKI1xIUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC +MIIDYjCCAkqgAwIBAgIFALBcS8MwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15 -Um9vdENBMB4XDTE1MDMyMDAxMjE1MloXDTIwMDMyMDAxMjE1MlowYTELMAkGA1UE +Um9vdENBMB4XDTE5MDIyNzE2MDcxNloXDTI0MDIyNzE2MDcxNlowYTELMAkGA1UE BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGd -w6z5zPWZ83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtq -xaYO/Ovt4xGsNspcpcSNVPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmg -TuyAXPbunwu4poPaWOy0JBTSsS8LPGgofE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sL -iA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9BrjJvJGfL9UydpjiIl25uMA -PTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcDAgMBAAGj -QTA/MB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAJBgNVHRMEAjAAMBMG -A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBABr7BxsqDpHy2tOo -F39pthuSpHBh37fxtSCJKMigMFjRUCpLYosMefixVYGT8IAhJ+KSzAg48SKmD0b5 -9R4NZXP16Mbs6U9Air8CSANsfpcG4nJu+QiTIu6RAQOwt+dlYfRe/OkNpunzJBzb -eAEMdf1CrEFtQi/hniiLffjyk7ln +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNdGrF7GBnVVvkrwzu9xo7scIEUll +82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecruhfx4jcmaEXwdixuDpCnw1fZ1xfC7 +AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG2Fm6FlZAwQyhfagnA4VBxthFlhGw +D7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVBVnENmdCg4Xd3WtnPV/boWSUR6Obk +M7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2ei1eaY0GMnRquW4hyYYw8JXVO3Ji +JtchVlUo7SL2gDuGmpk+/yceitJWn2e482lgURuVRFSwSgSqEkZrjCSpAgMBAAGj +QTA/MB0GA1UdDgQWBBTDC6GBKI/QRwIZlVC8SJN6V/6OxDAJBgNVHRMEAjAAMBMG +A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQBjNo/6CYFVU21q +TWW88eG1J/I6e+vv9hjNWuxtsOuWUzoepNFAa7gY1C5jMHMe1hXl9hK4mHm/D1o2 +5i3FERDyLz5x6a0oQP6T8F+BLfg8YGfbrcCuZPInPKgw5bc2xRVJc8zaZM5EBw1+ +U80+o5Er2XU/MSfJ6vfsNjZ7aGOo/ssQwBarKGHUwQTazgwRy+kVh9aZf+Vadbnx +u3mtV6md9EMLfRzOKfTrdlHrS1CgUTKn+LmwSsBNomxXJcW0gpWIx4hoCd07vJCj +WAvAeHdzAVSiAKkJ42ikOd7g5pXUFkpcNlIyfLpJGwTZYNSCx0eXuSUt3cLA+7V/ +2wXQNMED -----END CERTIFICATE----- diff --git a/test-profiles/test_resources/ssl/app1.req b/test-profiles/test_resources/ssl/app1.req index 318715d..f1f90e0 100644 --- a/test-profiles/test_resources/ssl/app1.req +++ b/test-profiles/test_resources/ssl/app1.req @@ -1,15 +1,18 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv -MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGdw6z5zPWZ -83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtqxaYO/Ovt4xGsNspcpcSN -VPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmgTuyAXPbunwu4poPaWOy0JBTSsS8LPGgo -fE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sLiA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9Brj -JvJGfL9UydpjiIl25uMAPTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcD -AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAN -BgkqhkiG9w0BAQUFAAOCAQEAMlm/PeNAirN/c6KWkVNYBYk1RosQ0TVoRLnrKON/HHcHSlA6YCAD -LLc2S8fTEjxKoOU3G1pL3s6nD1GKETF/k9Wm9VAK2lg9daG35p5RaEFwLc3r9PVMLNYcnOSXV4tj -9S7L2FH2mxinj9vs7VYe6ZmI2vp2ts0P5/k4dX/vAQAkS8y6A+gxVzUeeDFT2+WQtmRG/mPfU9Ic -9w965Po0Dd7cQPgwS7WQoVHovSjIvNXhm6aNki9uyWoDIE4cR2QcHRC6YBlxRiEq6uW87FBgrCH+ -ooLiZS/+p8TWCRro3HvsFRrrCTE+gFK8c3ouueIzmvu4+SKB0lPJOdnhoUsOaw== +MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH +EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM +DWFwcDFAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX +NdGrF7GBnVVvkrwzu9xo7scIEUll82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecru +hfx4jcmaEXwdixuDpCnw1fZ1xfC7AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG +2Fm6FlZAwQyhfagnA4VBxthFlhGwD7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVB +VnENmdCg4Xd3WtnPV/boWSUR6ObkM7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2 +ei1eaY0GMnRquW4hyYYw8JXVO3JiJtchVlUo7SL2gDuGmpk+/yceitJWn2e482lg +URuVRFSwSgSqEkZrjCSpAgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW +BBTDC6GBKI/QRwIZlVC8SJN6V/6OxDANBgkqhkiG9w0BAQ0FAAOCAQEAVQ6eZDo+ +aW/JjTsK1duwqkpxWcGWyNApOaEETnunCFUsTYcN3zId7107gNMlKSQrQOztYFNc +OKjDOicKHSoYoh+qRxprB4CPrhdNMXrtjFUOCDA+eLvf7kHn9hcOzg8XkgDOFVOs +x61krLsN5jo2pfqdiPj13ilas7lBy4/WjEnazg/g/ckWAbYp2Rec47UnAGi5LB9h +cgO/+vZUpmCCfHCURBC1qwk9UdbXlaDZcbITszvR86PZ6ztkDO9dxbDDvCHydvcD +jaEHdvpSlC2WiWc4R/Tjq+xYQkRayPHYzHF1w3YYEbpuQOZwiuzYlQrZnOyH+oVC +/0qy57VDVqP/HA== -----END NEW CERTIFICATE REQUEST----- diff --git a/test-profiles/test_resources/ssl/app2.crt b/test-profiles/test_resources/ssl/app2.crt index a8fe410..5693e43 100644 --- a/test-profiles/test_resources/ssl/app2.crt +++ b/test-profiles/test_resources/ssl/app2.crt @@ -1,18 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIC4TCCAkqgAwIBAgIFAKI1xCswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC +MIIDZTCCAk2gAwIBAgIFALBcS6owDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15 -Um9vdENBMB4XDTE1MDMyMDAxMjEwNVoXDTIwMDMyMDAxMjEwNVowYTELMAkGA1UE +Um9vdENBMB4XDTE5MDIyNzE2MDcwM1oXDTI0MDIyNzE2MDcwM1owYTELMAkGA1UE BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2 -czDTsr93D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaG -gD3ggIl9Ws5hUgfxJCWBg7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4b -wvU6wxGK2uUoruXE/iti/+jtzxjq0PO7ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdet -XlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5JwIww6oyTDVvXc1kCw0Q -CtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkRAgMBAAGj -QTA/MB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAJBgNVHRMEAjAAMBMG -A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJnedohhbqoY7O6o -Am+hPScBCng/fl0erVjexL9W8l8g5NvIGgioUfjUDvGOnwB5LOoTnZUCRaLFhQFc -GFMIjdHpg0qt/QkEFX/0m+849RK6muHT1CNlcXtCFXwPTJ+9h+1auTP+Yp/6ii9S -U3W1dzYawy2p9IhkMZEpJaHCLnaC +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXMCZtW+a6JxuA2fN45Ta/0ilUqfme +r+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNWjscgGhtxeY9nw3u+NaxFJxuQrKLu +nnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poTeunv6MHVdujehJOCph6zDEANjT2f +gHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoziQ0OopIqFSF/FhFZDK4bJFruAJJc +0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri9J/GUlnXmN9nk6v5FybDjH6u9jcd +9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZZWy1c7hfzktCvjW5Y7R7AgMBAAGj +RDBCMB0GA1UdDgQWBBTzMIzbe9uahZhnVxRWUyelP3jc9TAMBgNVHRMBAf8EAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQAJMyC3QdIH +ZwdUYKiwAl7W89CarMjCEH960fhHAcyliGYTtRj7aMEkWpFvR16yuRHfbiE4XZ71 +ClySvZxVl9DBcpSx69PBiRELd1wpRk5YP/1mxPtS85JlRCMVG92dizL0jSvugDcp +pfTR9ifCK9skHrHMRvsmh7w4L2YX1IJXSORjzTHTOpqLM1vDERximf16C5ZPMhbJ +F3jP8+k74/o3gDTttR/89M8bg5Xi/7VW4CWcBZTWnp43y8UlncbWRRwYMnJ7UAva +7Dg0un/Nu4K/ggALmzsB3x4XBMvzIFf0orhRuFqS7BCqFg5ZavpMPHwDX7dFEjIC +BsUjFnrzaxHI -----END CERTIFICATE----- diff --git a/test-profiles/test_resources/ssl/app2.req b/test-profiles/test_resources/ssl/app2.req index cfd67b5..61235b0 100644 --- a/test-profiles/test_resources/ssl/app2.req +++ b/test-profiles/test_resources/ssl/app2.req @@ -1,15 +1,18 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv -MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2czDTsr93 -D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaGgD3ggIl9Ws5hUgfxJCWB -g7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4bwvU6wxGK2uUoruXE/iti/+jtzxjq0PO7 -ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdetXlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5 -JwIww6oyTDVvXc1kCw0QCtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkR -AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAN -BgkqhkiG9w0BAQUFAAOCAQEAIk5xvkcSXoDDsqarHHbeBsYd1WIQbbNyDB4+9GlooI/0igSy6pIm -wulHIvmXDuMZbYx+mNmVhapEyOWC0Yq4nnAbIkFDQOZ8ac3IdwiP8rf+FziaU49CPH7PvVRmI1dO -X/cgJobj3EytaCh1+xvDxJuRvQ3UL+MoL3KJxS+JAhH0QYT7ZoXBLfz4UHjVJn/fG4tsrAzdtjsG -1DHiyaarUxjFqfE8IsaqaT2r1MhFVI0EXDbskCtVDf8x4RbCbBfooerkca4JbdhNfzHXVeq3NjkQ -NhYdRwwlAWr3bWEhc3F1rHYPnN5C0tonxnz71Emt3zfzO4XYaXePQTm+3JCSEw== +MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH +EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM +DWFwcDJAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX +MCZtW+a6JxuA2fN45Ta/0ilUqfmer+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNW +jscgGhtxeY9nw3u+NaxFJxuQrKLunnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poT +eunv6MHVdujehJOCph6zDEANjT2fgHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoz +iQ0OopIqFSF/FhFZDK4bJFruAJJc0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri +9J/GUlnXmN9nk6v5FybDjH6u9jcd9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZ +ZWy1c7hfzktCvjW5Y7R7AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW +BBTzMIzbe9uahZhnVxRWUyelP3jc9TANBgkqhkiG9w0BAQ0FAAOCAQEAKstPTwyn +rn7dC+5SeP1ww6bMp77+KdQFu7aJ3Ul2xt6ICp0GkH5motvFx+dw5im8la4NH6Y7 +ZQS9eeoT6Zfi76Ve1wSVE2Gu0k9KgGXXW8ZodKml5vK89jf/3Fsy/058coOjsUDI +iZqGajqiZshpmIpCJP3PPGA1Db30RY93U3iJAEwJCAXhGEd7EXV5iP3HA8wzuwws +7osIz2oixsM/6Btf0+7FBt7AtqkknuDcw1Z/ZoUc5iIpMnGTtoajXnpNs7VgpngU +bjMhgJSEOyjZrPn1VxtP23KVWm3+aAs/3gGW058ku3NYXg9H8FLysUNackZlnxqz +dvTNaLl4FIUgiw== -----END NEW CERTIFICATE REQUEST----- diff --git a/test-profiles/test_resources/ssl/generate-java-keystores.sh b/test-profiles/test_resources/ssl/generate-java-keystores.sh index ba51b98..f6c8e82 100755 --- a/test-profiles/test_resources/ssl/generate-java-keystores.sh +++ b/test-profiles/test_resources/ssl/generate-java-keystores.sh @@ -21,53 +21,53 @@ echo "Remove existing keystore for Apache Qpid Broker-J " rm java_broker_keystore.jks echo "Re-create keystore for Apache Qpid Broker-J by importing RootCA certificate" -keytool -import -v -keystore java_broker_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt +keytool -importcert -v -keystore java_broker_keystore.jks -keysize 2048 -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt echo "Generate certificate key 'java-broker'" -keytool -genkey -alias java-broker -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" +keytool -genkey -alias java-broker -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -storetype pkcs12 echo "Export certificate signing request" -keytool -certreq -alias java-broker -sigalg SHA1withRSA -keystore java_broker_keystore.jks -storepass password -v -file java-broker.req +keytool -certreq -alias java-broker -sigalg SHA512withRSA -keystore java_broker_keystore.jks -storepass password -v -file java_broker.req -storetype pkcs12 echo "Sign certificate by entering:" echo " n for 'Is this a CA certificate [y/N]?'" echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'" echo " n for 'Is this a critical extension [y/N]?'" echo " password which was specified on creation root CA database." -certutil -C -d CA_db -c "MyRootCA" -a -i java-broker.req -o java-broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1 +certutil -C -d CA_db -c "MyRootCA" -a -i java_broker.req -o java_broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -g 4096 echo "Import signed certificate" -keytool -import -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java-broker.crt +keytool -importcert -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java_broker.crt -storetype pkcs12 -noprompt echo "List keystore entries" -keytool --list --keystore java_broker_keystore.jks -storepass password +keytool --list --keystore java_broker_keystore.jks -storepass password -storetype pkcs12 read -p "Press [Enter] key to continue..." echo "Remove existing client keystore" rm java_client_keystore.jks echo "Re-create client keystore by importing RootCA certificate" -keytool -import -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt +keytool -importcert -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt echo "Generate key for certificate 'app2'" -keytool -genkey -alias app2 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" +keytool -genkey -alias app2 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12 echo "Export certificate signing request for 'app2'" -keytool -certreq -alias app2 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req +keytool -certreq -alias app2 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req -storetype pkcs12 echo "Sign certificate 'app2' by entering:" echo " n for 'Is this a CA certificate [y/N]?'" echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'" echo " n for 'Is this a critical extension [y/N]?'" echo " password which was specified on creation root CA database." -certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA1 +certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512 echo "Import signed certificate 'app2'" -keytool -import -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt +keytool -importcert -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt echo "Generate key for certificate 'app1'" -keytool -genkey -alias app1 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" +keytool -genkey -alias app1 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12 echo "Export certificate signing request for 'app1'" -keytool -certreq -alias app1 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req +keytool -certreq -alias app1 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req echo "Sign certificate 'app1' by entering:" echo " n for 'Is this a CA certificate [y/N]?'" echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'" echo " n for 'Is this a critical extension [y/N]?'" echo " password which was specified on creation of root CA database." -certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA1 +certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512 echo "Import signed certificate 'app1'" -keytool -import -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt +keytool -importcert -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt echo "List entries in client keystore" keytool --list --keystore java_client_keystore.jks -storepass password @@ -75,23 +75,55 @@ read -p "Press [Enter] key to continue..." echo "Remove existing client truststore" rm java_client_truststore.jks echo "Re-create client truststore by importing RootCA certificate" -keytool -import -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt +keytool -importcert -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt echo "List entries in client trusttore" -keytool --list --keystore java_client_truststore.jks -storepass password +keytool --list --keystore java_client_truststore.jks -storepass password -storetype pkcs12 read -p "Press [Enter] key to continue..." echo "Remove existing broker truststore" rm java_broker_truststore.jks echo "Re-create broker truststore by importing RootCA certificate" -keytool -import -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt +keytool -importcert -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt echo "List entries in broker truststore" -keytool --list --keystore java_broker_truststore.jks -storepass password +keytool --list --keystore java_broker_truststore.jks -storepass password -storetype pkcs12 read -p "Press [Enter] key to continue..." echo "Remove existing broker peerstore" rm java_broker_peerstore.jks echo "Re-create broker peerstore by importing app1 certificate" -keytool -import -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt +keytool -importcert -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt -storetype pkcs12 -noprompt echo "List entries in broker peerstore" -keytool --list --keystore java_broker_peerstore.jks -storepass password +keytool --list --keystore java_broker_peerstore.jks -storepass password -storetype pkcs12 + +cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_keystore.jks +keytool -importcert -v -alias app1 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt +keytool -importcert -v -alias app2 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt + +cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 +keytool -delete -v -alias rootca -keystore ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 -storepass password + +cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 +keytool -delete -v -alias java-broker -keystore ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 -storepass password + +cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 +keytool -genseckey -alias testalias -keyalg AES -keysize 256 -storetype pkcs12 -keystore ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 -storepass password + +cp java_broker.req ../../../broker-core/src/test/resources/ssl/java_broker.req +cp java_broker.crt ../../../broker-core/src/test/resources/ssl/java_broker.crt + +cp expired.crt ../../../broker-core/src/test/resources/ssl/expired.crt +cp java_client_expired_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 +cp java_broker_expired_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 + +cp java_broker_peerstore.jks ../../../broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 +cp java_broker_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 +cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 +cp java_broker_keystore.jks ../../../systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks +cp java_client_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 +cp java_client_truststore.jks ../../../broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 + +rm java_client_untrusted_keystore.jks +keytool -genkey -keystore java_client_untrusted_keystore.jks -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -alias untrusted_client -storepass password -storetype pkcs12 -dname "CN=untrusted_client" +cp java_client_untrusted_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 + diff --git a/test-profiles/test_resources/ssl/generate-root-ca.sh b/test-profiles/test_resources/ssl/generate-root-ca.sh index ca14727..14d760c 100755 --- a/test-profiles/test_resources/ssl/generate-root-ca.sh +++ b/test-profiles/test_resources/ssl/generate-root-ca.sh @@ -19,7 +19,7 @@ # echo "Create a new certificate database for root CA" -rm CA_db/* +rm -fr CA_db; mkdir CA_db certutil -N -d CA_db echo "Create the self-signed Root CA certificate by entering:" @@ -27,23 +27,23 @@ echo " password which was specified on creation of root CA database." echo " y for 'Is this a CA certificate [y/N]?'" echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'" echo " n for 'Is this a critical extension [y/N]?'" -certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA1 -v 60 +certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA512 -v 60 -g 2048 echo "Extract the CA certificate from the CA’s certificate database to a file." certutil -L -d CA_db -n "MyRootCA" -a -o CA_db/rootca.crt echo "Create a certificate database for the Qpid Broker." -rm server_db/* +rm -fr server_db; mkdir server_db certutil -N -d server_db echo "Import the CA certificate into the broker’s certificate database" certutil -A -d server_db -n "MyRootCA" -t "TC,," -a -i CA_db/rootca.crt echo "Create the server certificate request" -certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA1 +certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA512 echo "Sign and issue a new server certificate by entering:" echo " n for 'Is this a CA certificate [y/N]?'" echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'" echo " n for 'Is this a critical extension [y/N]?'" echo " password which was specified on creation of root CA database." -certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1 +certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA512 -g 2048 echo "Import signed certificate to the broker’s certificate database" certutil -A -d server_db -n localhost.localdomain -a -i server_db/server.crt -t ",," diff --git a/test-profiles/test_resources/ssl/java_broker.crt b/test-profiles/test_resources/ssl/java_broker.crt index 9b88c04..4e5c086 100644 --- a/test-profiles/test_resources/ssl/java_broker.crt +++ b/test-profiles/test_resources/ssl/java_broker.crt @@ -1,15 +1,21 @@ -----BEGIN CERTIFICATE----- -MIICVzCCAcCgAwIBAgIFAJcmLgUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC +MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15 -Um9vdENBMB4XDTEyMDIxNzIzMzgxM1oXDTE1MDMxNzIzMzgxM1owejEQMA4GA1UE +Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ -MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMVbG9j -YWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1 -OsmvebKV0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4 -eLoUYBhJfVjRu7XU9XMhrLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9r -Rt2KX53t3OVxirdKS++2u3apUObJLjOwc+bf/mVbIQIDAQABoyIwIDAJBgNVHRME -AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBACIRf1BV -zsniD2qZ9eQsWPCnZ0vIuyKNBbxzXkpbEPBirQZIoY4GCgbIc38OV8SRRHInto6j -i4G8klxth6gPHs+MbjqVzwZ0mND57JSxTpPZ+au+ZjbJO+efNfNw9hBs44fZ1Int -DPNiQekOLGHimSDBQr8FHkMLSwTcxGsfcpU/ +MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno +In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee +UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw +Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP +Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj +lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ +wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw +CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC +AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu +WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh +7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc +8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy +NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa +FVo105jdjqfMxt8FRNuQ05vYEQ== -----END CERTIFICATE----- diff --git a/test-profiles/test_resources/ssl/java_broker.req b/test-profiles/test_resources/ssl/java_broker.req index 5aa50d9..c618dd3 100644 --- a/test-profiles/test_resources/ssl/java_broker.req +++ b/test-profiles/test_resources/ssl/java_broker.req @@ -1,10 +1,18 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIIBujCCASMCAQAwejEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE -BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMV -bG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1OsmvebKV -0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4eLoUYBhJfVjRu7XU9XMh -rLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9rRt2KX53t3OVxirdKS++2u3apUObJLjOw -c+bf/mVbIQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtFBfnlL3ZZEnFJRAzkbIMqRLHcWdIyfq -MocOammt7Cw//4cJPIdGoJp4ZhSfZX7k5p6FExgudYwuPF7s4ex+bTI49zW44mVdyrvAiY88bUA1 -9vcpRDANN9R0z13v6OIJGW8hpua3oKz+XON6TeksjzbPkNUNt5Ya5tJAylkha0A= +MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93 +bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH +VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz +y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi +rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj +3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf +PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc +RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO +MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN +BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7 +UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv +hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN +jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9 +YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL +FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I= -----END NEW CERTIFICATE REQUEST----- diff --git a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks index bbbd248..9bfe301 100644 Binary files a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks differ diff --git a/test-profiles/test_resources/ssl/java_broker_keystore.jks b/test-profiles/test_resources/ssl/java_broker_keystore.jks index 50bb8d0..b45991f 100644 Binary files a/test-profiles/test_resources/ssl/java_broker_keystore.jks and b/test-profiles/test_resources/ssl/java_broker_keystore.jks differ diff --git a/test-profiles/test_resources/ssl/java_broker_peerstore.jks b/test-profiles/test_resources/ssl/java_broker_peerstore.jks index 69cdd40..a5b307f 100644 Binary files a/test-profiles/test_resources/ssl/java_broker_peerstore.jks and b/test-profiles/test_resources/ssl/java_broker_peerstore.jks differ diff --git a/test-profiles/test_resources/ssl/java_broker_truststore.jks b/test-profiles/test_resources/ssl/java_broker_truststore.jks index e6d556a..4184adf 100644 Binary files a/test-profiles/test_resources/ssl/java_broker_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_truststore.jks differ diff --git a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks index eb86509..cb9b876 100644 Binary files a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks and b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks differ diff --git a/test-profiles/test_resources/ssl/java_client_keystore.jks b/test-profiles/test_resources/ssl/java_client_keystore.jks index 941fc7e..9422d9a 100644 Binary files a/test-profiles/test_resources/ssl/java_client_keystore.jks and b/test-profiles/test_resources/ssl/java_client_keystore.jks differ diff --git a/test-profiles/test_resources/ssl/java_client_truststore.jks b/test-profiles/test_resources/ssl/java_client_truststore.jks index ab79b54..1b45a23 100644 Binary files a/test-profiles/test_resources/ssl/java_client_truststore.jks and b/test-profiles/test_resources/ssl/java_client_truststore.jks differ diff --git a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks index 45a0c10..8b0b023 100644 Binary files a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks and b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks differ diff --git a/test-profiles/test_resources/ssl/server_db/cert8.db b/test-profiles/test_resources/ssl/server_db/cert8.db deleted file mode 100644 index f482e78..0000000 Binary files a/test-profiles/test_resources/ssl/server_db/cert8.db and /dev/null differ diff --git a/test-profiles/test_resources/ssl/server_db/cert9.db b/test-profiles/test_resources/ssl/server_db/cert9.db new file mode 100644 index 0000000..9a5f864 Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/cert9.db differ diff --git a/test-profiles/test_resources/ssl/server_db/key3.db b/test-profiles/test_resources/ssl/server_db/key3.db deleted file mode 100644 index f1edbaf..0000000 Binary files a/test-profiles/test_resources/ssl/server_db/key3.db and /dev/null differ diff --git a/test-profiles/test_resources/ssl/server_db/key4.db b/test-profiles/test_resources/ssl/server_db/key4.db new file mode 100644 index 0000000..f08d318 Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/key4.db differ diff --git a/test-profiles/test_resources/ssl/server_db/pkcs11.txt b/test-profiles/test_resources/ssl/server_db/pkcs11.txt new file mode 100644 index 0000000..440f523 --- /dev/null +++ b/test-profiles/test_resources/ssl/server_db/pkcs11.txt @@ -0,0 +1,5 @@ +library= +name=NSS Internal PKCS #11 Module +parameters=configdir='server_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) + diff --git a/test-profiles/test_resources/ssl/server_db/secmod.db b/test-profiles/test_resources/ssl/server_db/secmod.db deleted file mode 100644 index 87867f4..0000000 Binary files a/test-profiles/test_resources/ssl/server_db/secmod.db and /dev/null differ diff --git a/test-profiles/test_resources/ssl/server_db/server.crt b/test-profiles/test_resources/ssl/server_db/server.crt index 1a87265..fb51ff1 100644 --- a/test-profiles/test_resources/ssl/server_db/server.crt +++ b/test-profiles/test_resources/ssl/server_db/server.crt @@ -1,14 +1,20 @@ -----BEGIN CERTIFICATE----- -MIICKzCCAZSgAwIBAgIFAKI1eqswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC +MIIDMDCCAhigAwIBAgIFALBcSo0wDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15 -Um9vdENBMB4XDTE1MDMxOTIyMzYzOVoXDTIwMDMxOTIyMzYzOVowTjELMAkGA1UE +Um9vdENBMB4XDTE5MDIyNzE2MDQzNFoXDTI0MDIyNzE2MDQzNFowTjELMAkGA1UE BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxHjAcBgNVBAMT -FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC -gYEAu4kNLGCxZ3cvQRqd0L6iM1zx4boj7eGlLpgysPn0sd77N8CfBMqnmWOoYafI -H4+FPMQ3En3D0nV5qFjveNTJQtzRZZUCbF6UESeO6ghu8Rr5AnI51PIrSQPVEG1w -0AN1TYrn5AxW3G06aVMsggk7TItFb7qkXTO1LuGUcZy1z+MCAwEAAaMiMCAwCQYD -VR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAc -w82l72VLrPNtVBp+90rNHLM6ARnghYWLceC07cwgjNItejDlLOHzExThYH5vOwFs -b6c2KyUt198uccl5wx44HvzR5LCVnJ0JQqw4n0tS9jeztD42urYWP2ouPgqgxAvo -zNARo6aODfF9I7sxtPhSvhECyKvkZQH4F4xVXwwvSA== +FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8KKbK6F2DxPKPpV3FuhPxKRLVbDTp +VgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+kpFD21Z4xcaLTaHQvyiXMXgYJ/AU+ +0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjjLleuP5WwUSZJQ3oR74YQOKFZiDMU +p5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3BL1mNFV8Q0aFD/qOsZoKNHZR8vb1 +ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSPTtThuwZniSvOqsy2zkkEqG26HOnl +BlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEAAaMiMCAwCQYDVR0TBAIwADATBgNV +HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQ0FAAOCAQEASvcXQIq2cyhujhoh +DKZhenA1MqGTpWsrAo41obxVpzch/z7qrQsGUG/7qXm7XIQ8wPXKUJhQd5+ga5U0 +YV/QNu8Kz+5rxgCxv/hqHaajNfeOs8C3Oxk1IIg+9OC2bIRmR9SF84XBM2YrJuTe +BlGszTNnOXQGoR0gOMl2EH+4kh00vVnRwrsSGHEWNqNprPFgauZ14bvCeeFJhsYd +IjmrQgbGvt4463Kaw4gUstSrwQGOTGjqhEcUR6MER83HzDu0qoAHtQLNXh1NJ3M0 +BQg6Aaral1kfgWKbB88SgAAPMHBzIqG1ubYmRykEf+G6OOgBACp1CSiCskbJ59Wc +2tbblQ== -----END CERTIFICATE----- diff --git a/test-profiles/test_resources/ssl/server_db/server.req b/test-profiles/test_resources/ssl/server_db/server.req index 9eaa228..f2042ce 100644 --- a/test-profiles/test_resources/ssl/server_db/server.req +++ b/test-profiles/test_resources/ssl/server_db/server.req @@ -9,13 +9,18 @@ State: Ontario Country: CA -----BEGIN NEW CERTIFICATE REQUEST----- -MIIBjTCB9wIBADBOMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsG -A1UEChMEQUNNRTEeMBwGA1UEAxMVbG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0G -CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7iQ0sYLFndy9BGp3QvqIzXPHhuiPt4aUu -mDKw+fSx3vs3wJ8EyqeZY6hhp8gfj4U8xDcSfcPSdXmoWO941MlC3NFllQJsXpQR -J47qCG7xGvkCcjnU8itJA9UQbXDQA3VNiufkDFbcbTppUyyCCTtMi0VvuqRdM7Uu -4ZRxnLXP4wIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtuJ9b0OgbijExb/AQlbS -kw4s28SwMqyMdgt+kUJHaDV+sEtlzzdv7jS0uKtoElBI7+MiYbtGzcqvdPGc147Q -T6Lk7AMcBrjRFLxuBnAi+Bdh7O6PUUKL9CREAae1QiVOFfXkD07Az9YDLYhe+ZsJ -qLYrWDGTMRXXsKU3JWIy5M4= +MIICkzCCAXsCAQAwTjELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTAL +BgNVBAoTBEFDTUUxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8 +KKbK6F2DxPKPpV3FuhPxKRLVbDTpVgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+k +pFD21Z4xcaLTaHQvyiXMXgYJ/AU+0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjj +LleuP5WwUSZJQ3oR74YQOKFZiDMUp5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3 +BL1mNFV8Q0aFD/qOsZoKNHZR8vb1ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSP +TtThuwZniSvOqsy2zkkEqG26HOnlBlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEA +AaAAMA0GCSqGSIb3DQEBDQUAA4IBAQB65l4W5FqmHN0KIPS81qwdpncPw0XLM5Wf +dVY8Q0GZ9AWm5pTBl472AdoL/2FtQEsLnIfDDR9WFDfREqP2grO+98vbMPofNLPH +es9dOEXRAGMziqFUhFofyWIXZUBQI9nWn9kuNZRtK2JfftG+eMtT8KlibFgVdaHc +C8/HwlnmoQVtXQeqnEMYK8hN1+4hp9OzwkiwSMBpTNtB9jejnYQe4U2DnWpWD1ko +w0kAQpb36zSOkZZ0ZMaT7aTLpDmsOvj6bAj6nUxjcGFvSqVIaxyQb2y0JflM+IN7 +K0PL2I1Wi2AGA3WlBs/nY+Ol2NfcD/nsdZdtVNn6WV9DsfnyfS6L -----END NEW CERTIFICATE REQUEST----- --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org