river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: Jtreg test suite certificates
Date Mon, 06 Feb 2012 23:04:19 GMT
You're welcome, thanks for cudos.

Cheers,

Peter.

Tom Hobbs wrote:
> Well done, Peter.  You're a serious work horse on River and we're
> grateful for what you're getting done.
>
> Cheers.
>
> On Mon, Feb 6, 2012 at 7:23 AM, Peter Firmstone <jini@zeus.net.au> wrote:
>   
>> Peter Firmstone wrote:
>>     
>>> Good news,
>>>
>>> It's fixed!  Turns out cloning the existing valid certs was a bad idea,
>>> the keystore got confused and returned the wrong cert, that's all the
>>> problem was.  Generating keys and certs is now an automated script too, it
>>> works (at least on Solaris).
>>>
>>> Perhaps in February 2022, when the certs need to be regenerated again, I
>>> can be as helpful for the next guy as you were for me ;)
>>>
>>> N.B. Running the jtreg tests helped me fix a couple of concurrency bugs
>>> and some corner cases in my new policy provider,
>>>       
>> Just to clarify the concurrency bugs weren't in the policy provider, only
>> the corner cases, which dealt with policy delegation and something else I
>> can't remember right now.
>>
>>
>>     
>>> so these tests are still of high value.  Oh and the jtreg scripts are now
>>> Java 6 compatible.
>>>
>>> Now all I have to do is go run all the jtreg and qa tests again and see if
>>> I've broken anything!
>>>
>>> Cheers & thanks,
>>>
>>> Peter.
>>>
>>> bash-3.00$ ant jtreg
>>> Buildfile: build.xml
>>>
>>> jtreg:
>>>   [mkdir] Created dir:
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/JTlib-tmp
>>>    [move] Moving 6 files to
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/JTlib-tmp
>>>    [move] Moving 1 file to
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/JTlib-tmp
>>>   [jtreg] Test results: passed: 1
>>>   [jtreg] Report written to
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/JTreport/html/report.html
>>>   [jtreg] Results written to
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/JTwork
>>>    [move] Moving 6 files to
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/lib
>>>    [move] Moving 1 file to
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/lib-ext
>>>  [delete] Deleting directory
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/JTlib-tmp
>>>  [delete] Deleting:
>>> /opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/test.props
>>>
>>> BUILD SUCCESSFUL
>>> Total time: 1 minute 25 seconds
>>>
>>> bash-3.00$ keystore.sh
>>> + rm ./keystore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias clientDSA -dname CN=clientDSA -keyalg DSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias clientRSA1 -dname CN=clientRSA1, C=US -keyalg
>>> RSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias clientRSA2 -dname CN=clientRSA2 -keyalg RSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias serverDSA -dname CN=serverDSA, C=US -keyalg
>>> DSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias serverRSA -dname CN=serverRSA -keyalg RSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias noPerm -dname CN=noPerm -keyalg DSA
>>> + rm ./truststore
>>> + cp ./keystore ./truststore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias notTrusted -dname CN=notTrusted -keyalg RSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias clientDSA2 -dname CN=clientDSA2 -keyalg DSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -certreq -alias clientDSA2 -file clientDSA2.request
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 1 -genkey -alias clientDSA2expired -dname CN=clientDSA2 -keyalg
>>> DSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 1 -certreq -alias clientDSA2expired -file
>>> clientDSA2expired.request
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -genkey -alias serverRSA2 -dname CN=serverRSA2 -keyalg RSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -certreq -alias serverRSA2 -file serverRSA2.request
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 1 -genkey -alias serverRSA2expired -dname CN=serverRSA2 -keyalg
>>> RSA
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 1 -certreq -alias serverRSA2expired -file
>>> serverRSA2expired.request
>>> + set +x
>>> Sign clientDSA2.req, serverRSA2.req, clientDSA2expired.req and
>>> serverRSA2expired.req, then import them:
>>> expired certificates need one day to expire before testing.
>>> + ../../../../../certs/run-ca.sh -CA ./ca.properties
>>> + ../../../../../certs/run-ca.sh -CA ./ca1.properties
>>> + ../../../../../certs/run-ca.sh -CR ./ca.properties
>>> + ../../../../../certs/run-ca.sh -CR ./ca1.properties
>>> + ../../../../../certs/run-ca.sh -CR ./serverRSA2expired.properties
>>> + ../../../../../certs/run-ca.sh -CR ./clientDSA2expired.properties
>>> + keytool -keystore ./truststore -storepass keypass -keypass keypass
>>> -validity 3650 -import -noprompt -alias ca -file ca.cert
>>> Certificate was added to keystore
>>> + keytool -keystore ./truststore -storepass keypass -keypass keypass
>>> -validity 3650 -import -noprompt -alias ca1 -file ca1.cert
>>> Certificate was added to keystore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -import -noprompt -alias ca -file ca.cert
>>> Certificate was added to keystore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -import -noprompt -alias ca1 -file ca1.cert
>>> Certificate was added to keystore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -import -noprompt -alias clientDSA2 -file clientDSA2.chain
>>> Certificate reply was installed in keystore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 1 -import -noprompt -alias clientDSA2expired -file
>>> clientDSA2expired.chain
>>> Certificate reply was installed in keystore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 3650 -import -noprompt -alias serverRSA2 -file serverRSA2.chain
>>> Certificate reply was installed in keystore
>>> + keytool -keystore ./keystore -storepass keypass -keypass keypass
>>> -validity 1 -import -noprompt -alias serverRSA2expired -file
>>> serverRSA2expired.chain
>>> Certificate reply was installed in keystore
>>> bash-3.00$
>>>
>>> Tim Blackman wrote:
>>>       
>>>> On Feb 5, 2012, at 12:44 AM, Peter Firmstone wrote:
>>>>
>>>>
>>>>         
>>>>> Well, here's the bad news; the certificate has expired, but the tests
>>>>> still fail.  This is the first time these tests have been run under jdk
1.6,
>>>>> to my knowledge at least.
>>>>>
>>>>> The test expects jeri to throw a ConnectIOException, but it doesn't.
>>>>>
>>>>> The good news is, when the server certificate has expired, an
>>>>> IOException is thrown as expected.  I have to comment out:  "throw new
>>>>> FailedException(" in TestRMI for the expired client test, or FailedException
>>>>> will be thrown before the expired server certificate is is tested.
>>>>>
>>>>> This could indicate the ServerAuthManager could have a problem, since
>>>>> the ClientAuthManager is behaving correctly?
>>>>>
>>>>>           
>>>       
>
>   


Mime
View raw message