From a741ae9994e15b1ea9e798c157535d47924e622f Mon Sep 17 00:00:00 2001 From: Domenico Francesco Bruscino Date: Tue, 3 Aug 2021 20:11:20 +0200 Subject: [PATCH] ARTEMIS-3367 Set verifyHost true for connectors by default --- .../remoting/impl/netty/NettyConnector.java | 4 +- .../impl/netty/TransportConstants.java | 4 +- .../remoting/impl/netty/NettyAcceptor.java | 4 +- examples/features/standard/jmx-ssl/readme.md | 54 +++++- .../jms/example/JMXOverSSLExample.java | 8 +- .../activemq/server0/client-ca-truststore.jks | Bin 0 -> 950 bytes .../activemq/server0/client-keystore.jks | Bin 0 -> 4144 bytes .../activemq/server0/client-side-keystore.jks | Bin 1303 -> 0 bytes .../server0/client-side-truststore.jks | Bin 963 -> 0 bytes .../resources/activemq/server0/management.xml | 8 +- .../activemq/server0/server-ca-truststore.jks | Bin 0 -> 950 bytes .../activemq/server0/server-keystore.jks | Bin 0 -> 4122 bytes .../activemq/server0/server-side-keystore.jks | Bin 2253 -> 0 bytes .../server0/server-side-truststore.jks | Bin 1732 -> 0 bytes .../standard/ssl-enabled-crl-mqtt/readme.md | 150 +++++++++-------- .../jms/example/MqttCrlEnabledExample.java | 4 +- .../resources/activemq/server0/broker.xml | 2 +- .../activemq/server0/client-ca-truststore.jks | Bin 0 -> 950 bytes .../resources/activemq/server0/keystore1.jks | Bin 2371 -> 0 bytes .../activemq/server0/other-client-crl.pem | 12 ++ .../resources/activemq/server0/root.crl.pem | 12 -- .../activemq/server0/server-keystore.jks | Bin 0 -> 4122 bytes .../resources/activemq/server0/truststore.jks | Bin 975 -> 0 bytes .../src/main/resources/client-keystore.jks | Bin 0 -> 4144 bytes .../src/main/resources/client_not_revoked.jks | Bin 2380 -> 0 bytes .../src/main/resources/client_revoked.jks | Bin 2377 -> 0 bytes .../main/resources/other-client-keystore.jks | Bin 0 -> 4156 bytes .../main/resources/server-ca-truststore.jks | Bin 0 -> 950 bytes .../src/main/resources/truststore.jks | Bin 975 -> 0 bytes .../ssl-enabled-dual-authentication/readme.md | 62 +++++-- .../resources/activemq/server0/broker.xml | 2 +- .../activemq/server0/client-ca-truststore.jks | Bin 0 -> 950 bytes .../activemq/server0/client-side-keystore.jks | Bin 1303 -> 0 bytes .../server0/client-side-truststore.jks | Bin 963 -> 0 bytes .../activemq/server0/server-keystore.jks | Bin 0 -> 4122 bytes .../activemq/server0/server-side-keystore.jks | Bin 2253 -> 0 bytes .../server0/server-side-truststore.jks | Bin 1732 -> 0 bytes .../src/main/resources/client-keystore.jks | Bin 0 -> 4144 bytes .../src/main/resources/jndi.properties | 2 +- .../main/resources/server-ca-truststore.jks | Bin 0 -> 950 bytes .../features/standard/ssl-enabled/pom.xml | 2 +- .../features/standard/ssl-enabled/readme.md | 33 +++- .../server0/activemq.example.keystore | Bin 2251 -> 0 bytes .../server0/activemq.example.truststore | Bin 963 -> 0 bytes .../resources/activemq/server0/broker.xml | 2 +- .../activemq/server0/server-ca-truststore.jks | Bin 0 -> 950 bytes .../activemq/server0/server-keystore.jks | Bin 0 -> 4122 bytes .../src/main/resources/jndi.properties | 2 +- .../StompDualAuthenticationExample.java | 8 +- tests/integration-tests/pom.xml | 3 + .../AmqpFailoverEndpointDiscoveryTest.java | 25 +-- .../amqp/JMSSaslExternalLDAPTest.java | 19 ++- .../integration/amqp/JMSSaslExternalTest.java | 27 +-- .../amqp/connect/AMQPConnectSaslTest.java | 23 ++- .../SSLSecurityNotificationTest.java | 37 +++-- .../mqtt/imported/MQTTSecurityCRLTest.java | 97 ++--------- .../integration/security/SecurityTest.java | 105 ++++++------ .../ssl/CoreClientOverOneWaySSLTest.java | 75 ++------- .../ssl/CoreClientOverTwoWaySSLTest.java | 95 ++--------- .../ssl/DualAuthenticationTest.java | 12 +- .../tests/integration/ssl/SSLTestBase.java | 13 +- .../NettyConnectorWithHTTPUpgradeTest.java | 8 +- .../src/test/resources/AMQauth.ldif | 2 +- .../test/resources/cert-regexps.properties | 2 +- .../src/test/resources/cert-users.properties | 2 +- .../src/test/resources/client_not_revoked.jks | Bin 2380 -> 0 bytes .../src/test/resources/client_revoked.jks | Bin 2377 -> 0 bytes .../src/test/resources/keystore1.jks | Bin 2371 -> 0 bytes .../src/test/resources/truststore.jks | Bin 975 -> 0 bytes tests/security-resources/build.sh | 156 ++++++++++++++++++ .../security-resources/client-ca-keystore.p12 | Bin 0 -> 2589 bytes .../client-ca-truststore.jceks | Bin 0 -> 950 bytes .../client-ca-truststore.jks | Bin 0 -> 950 bytes .../client-ca-truststore.p12 | Bin 0 -> 1186 bytes tests/security-resources/client-ca.pem | 32 ++++ .../security-resources/client-keystore.jceks | Bin 0 -> 4124 bytes tests/security-resources/client-keystore.jks | Bin 0 -> 4144 bytes tests/security-resources/client-keystore.p12 | Bin 0 -> 4759 bytes tests/security-resources/openssl.conf | 26 +++ tests/security-resources/other-client-crl.pem | 12 ++ .../other-client-keystore.jceks | Bin 0 -> 4136 bytes .../other-client-keystore.jks | Bin 0 -> 4156 bytes .../other-client-keystore.p12 | Bin 0 -> 4787 bytes tests/security-resources/other-server-crl.pem | 12 ++ .../other-server-keystore.jceks | Bin 0 -> 4136 bytes .../other-server-keystore.jks | Bin 0 -> 4155 bytes .../other-server-keystore.p12 | Bin 0 -> 4787 bytes .../other-server-truststore.jceks | Bin 0 -> 1053 bytes .../other-server-truststore.jks | Bin 0 -> 1053 bytes .../other-server-truststore.p12 | Bin 0 -> 1290 bytes .../security-resources/server-ca-keystore.p12 | Bin 0 -> 2589 bytes .../server-ca-truststore.jceks | Bin 0 -> 950 bytes .../server-ca-truststore.jks | Bin 0 -> 950 bytes .../server-ca-truststore.p12 | Bin 0 -> 1186 bytes tests/security-resources/server-ca.pem | 32 ++++ .../security-resources/server-keystore.jceks | Bin 0 -> 4103 bytes tests/security-resources/server-keystore.jks | Bin 0 -> 4122 bytes tests/security-resources/server-keystore.p12 | Bin 0 -> 4735 bytes .../unknown-client-keystore.jceks | Bin 0 -> 4112 bytes .../unknown-client-keystore.jks | Bin 0 -> 4132 bytes .../unknown-client-keystore.p12 | Bin 0 -> 4767 bytes .../unknown-server-keystore.jceks | Bin 0 -> 4112 bytes .../unknown-server-keystore.jks | Bin 0 -> 4131 bytes .../unknown-server-keystore.p12 | Bin 0 -> 4767 bytes tests/smoke-tests/pom.xml | 5 + .../audit-logging-amqp-mutual-ssl/broker.xml | 2 +- .../client-side-keystore.jks | Bin 2252 -> 0 bytes .../client-side-truststore.jks | Bin 963 -> 0 bytes .../server-side-keystore.jks | Bin 2254 -> 0 bytes .../server-side-truststore.jks | Bin 963 -> 0 bytes .../logging/AuditLoggerAMQPMutualSSLTest.java | 17 +- tests/unit-tests/pom.xml | 5 + .../impl/netty/NettyConnectorTest.java | 67 ++++---- .../remoting/impl/ssl/SSLSupportTest.java | 11 +- .../resources/bad-client-side-keystore.jks | Bin 2226 -> 0 bytes .../unit-tests/src/test/resources/beans1.xml | 20 --- .../test/resources/client-side-keystore.jceks | Bin 2233 -> 0 bytes .../test/resources/client-side-keystore.jks | Bin 2253 -> 0 bytes .../test/resources/client-side-keystore.p12 | Bin 2589 -> 0 bytes .../resources/client-side-truststore.jceks | Bin 963 -> 0 bytes .../test/resources/client-side-truststore.jks | Bin 963 -> 0 bytes .../test/resources/client-side-truststore.p12 | Bin 1194 -> 0 bytes .../openssl-client-side-keystore.jceks | Bin 684 -> 0 bytes .../openssl-client-side-keystore.jks | Bin 706 -> 0 bytes .../openssl-client-side-keystore.p12 | Bin 1034 -> 0 bytes .../openssl-client-side-truststore.jceks | Bin 571 -> 0 bytes .../openssl-client-side-truststore.jks | Bin 572 -> 0 bytes .../openssl-client-side-truststore.p12 | Bin 802 -> 0 bytes .../openssl-server-side-keystore.jceks | Bin 685 -> 0 bytes .../openssl-server-side-keystore.jks | Bin 707 -> 0 bytes .../openssl-server-side-keystore.p12 | Bin 1034 -> 0 bytes .../openssl-server-side-truststore.jceks | Bin 570 -> 0 bytes .../openssl-server-side-truststore.jks | Bin 571 -> 0 bytes .../openssl-server-side-truststore.p12 | Bin 802 -> 0 bytes .../other-client-side-truststore.jceks | Bin 975 -> 0 bytes .../other-client-side-truststore.jks | Bin 975 -> 0 bytes .../other-client-side-truststore.p12 | Bin 1202 -> 0 bytes .../other-server-side-keystore.jceks | Bin 2245 -> 0 bytes .../resources/other-server-side-keystore.jks | Bin 2265 -> 0 bytes .../resources/other-server-side-keystore.p12 | Bin 2605 -> 0 bytes .../test/resources/server-side-keystore.jceks | Bin 2233 -> 0 bytes .../test/resources/server-side-keystore.jks | Bin 2254 -> 0 bytes .../test/resources/server-side-keystore.p12 | Bin 2589 -> 0 bytes .../resources/server-side-truststore.jceks | Bin 963 -> 0 bytes .../test/resources/server-side-truststore.jks | Bin 1866 -> 0 bytes .../test/resources/server-side-truststore.p12 | Bin 1194 -> 0 bytes .../verified-client-side-keystore.jceks | Bin 2222 -> 0 bytes .../verified-client-side-keystore.jks | Bin 2270 -> 0 bytes .../verified-client-side-keystore.p12 | Bin 2581 -> 0 bytes .../verified-client-side-truststore.jceks | Bin 935 -> 0 bytes .../verified-client-side-truststore.jks | Bin 935 -> 0 bytes .../verified-client-side-truststore.p12 | Bin 1162 -> 0 bytes ...erified-openssl-client-side-keystore.jceks | Bin 673 -> 0 bytes .../verified-openssl-client-side-keystore.jks | Bin 695 -> 0 bytes .../verified-openssl-client-side-keystore.p12 | Bin 1026 -> 0 bytes ...ified-openssl-server-side-truststore.jceks | Bin 559 -> 0 bytes ...erified-openssl-server-side-truststore.jks | Bin 560 -> 0 bytes ...erified-openssl-server-side-truststore.p12 | Bin 794 -> 0 bytes .../verified-server-side-keystore.jceks | Bin 2205 -> 0 bytes .../verified-server-side-keystore.jks | Bin 2227 -> 0 bytes .../verified-server-side-keystore.p12 | Bin 2565 -> 0 bytes .../verified-server-side-truststore.jceks | Bin 952 -> 0 bytes .../verified-server-side-truststore.jks | Bin 980 -> 0 bytes .../verified-server-side-truststore.p12 | Bin 1186 -> 0 bytes 164 files changed, 765 insertions(+), 552 deletions(-) create mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-ca-truststore.jks create mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-keystore.jks delete mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-side-keystore.jks delete mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-side-truststore.jks create mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-ca-truststore.jks create mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-keystore.jks delete mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-side-keystore.jks delete mode 100644 examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-side-truststore.jks create mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/client-ca-truststore.jks delete mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/keystore1.jks create mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/other-client-crl.pem delete mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/root.crl.pem create mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/server-keystore.jks delete mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/truststore.jks create mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client-keystore.jks delete mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client_not_revoked.jks delete mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client_revoked.jks create mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/other-client-keystore.jks create mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/server-ca-truststore.jks delete mode 100644 examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/truststore.jks create mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/client-ca-truststore.jks delete mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/client-side-keystore.jks delete mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/client-side-truststore.jks create mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/server-keystore.jks delete mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks delete mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks create mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/client-keystore.jks create mode 100644 examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/server-ca-truststore.jks delete mode 100644 examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/activemq.example.keystore delete mode 100644 examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/activemq.example.truststore create mode 100644 examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/server-ca-truststore.jks create mode 100644 examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/server-keystore.jks delete mode 100644 tests/integration-tests/src/test/resources/client_not_revoked.jks delete mode 100644 tests/integration-tests/src/test/resources/client_revoked.jks delete mode 100644 tests/integration-tests/src/test/resources/keystore1.jks delete mode 100644 tests/integration-tests/src/test/resources/truststore.jks create mode 100755 tests/security-resources/build.sh create mode 100644 tests/security-resources/client-ca-keystore.p12 create mode 100644 tests/security-resources/client-ca-truststore.jceks create mode 100644 tests/security-resources/client-ca-truststore.jks create mode 100644 tests/security-resources/client-ca-truststore.p12 create mode 100644 tests/security-resources/client-ca.pem create mode 100644 tests/security-resources/client-keystore.jceks create mode 100644 tests/security-resources/client-keystore.jks create mode 100644 tests/security-resources/client-keystore.p12 create mode 100644 tests/security-resources/openssl.conf create mode 100644 tests/security-resources/other-client-crl.pem create mode 100644 tests/security-resources/other-client-keystore.jceks create mode 100644 tests/security-resources/other-client-keystore.jks create mode 100644 tests/security-resources/other-client-keystore.p12 create mode 100644 tests/security-resources/other-server-crl.pem create mode 100644 tests/security-resources/other-server-keystore.jceks create mode 100644 tests/security-resources/other-server-keystore.jks create mode 100644 tests/security-resources/other-server-keystore.p12 create mode 100644 tests/security-resources/other-server-truststore.jceks create mode 100644 tests/security-resources/other-server-truststore.jks create mode 100644 tests/security-resources/other-server-truststore.p12 create mode 100644 tests/security-resources/server-ca-keystore.p12 create mode 100644 tests/security-resources/server-ca-truststore.jceks create mode 100644 tests/security-resources/server-ca-truststore.jks create mode 100644 tests/security-resources/server-ca-truststore.p12 create mode 100644 tests/security-resources/server-ca.pem create mode 100644 tests/security-resources/server-keystore.jceks create mode 100644 tests/security-resources/server-keystore.jks create mode 100644 tests/security-resources/server-keystore.p12 create mode 100644 tests/security-resources/unknown-client-keystore.jceks create mode 100644 tests/security-resources/unknown-client-keystore.jks create mode 100644 tests/security-resources/unknown-client-keystore.p12 create mode 100644 tests/security-resources/unknown-server-keystore.jceks create mode 100644 tests/security-resources/unknown-server-keystore.jks create mode 100644 tests/security-resources/unknown-server-keystore.p12 delete mode 100644 tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/client-side-keystore.jks delete mode 100644 tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/client-side-truststore.jks delete mode 100644 tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/server-side-keystore.jks delete mode 100644 tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/server-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/bad-client-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/beans1.xml delete mode 100644 tests/unit-tests/src/test/resources/client-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/client-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/client-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/client-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/client-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/client-side-truststore.p12 delete mode 100644 tests/unit-tests/src/test/resources/openssl-client-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/openssl-client-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/openssl-client-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/openssl-client-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/openssl-client-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/openssl-client-side-truststore.p12 delete mode 100644 tests/unit-tests/src/test/resources/openssl-server-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/openssl-server-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/openssl-server-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/openssl-server-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/openssl-server-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/openssl-server-side-truststore.p12 delete mode 100644 tests/unit-tests/src/test/resources/other-client-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/other-client-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/other-client-side-truststore.p12 delete mode 100644 tests/unit-tests/src/test/resources/other-server-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/other-server-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/other-server-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/server-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/server-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/server-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/server-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/server-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/server-side-truststore.p12 delete mode 100644 tests/unit-tests/src/test/resources/verified-client-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/verified-client-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/verified-client-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/verified-client-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 delete mode 100644 tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.p12 delete mode 100644 tests/unit-tests/src/test/resources/verified-server-side-keystore.jceks delete mode 100644 tests/unit-tests/src/test/resources/verified-server-side-keystore.jks delete mode 100644 tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 delete mode 100644 tests/unit-tests/src/test/resources/verified-server-side-truststore.jceks delete mode 100644 tests/unit-tests/src/test/resources/verified-server-side-truststore.jks delete mode 100644 tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java index 08001c66c2..dde607f991 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java @@ -423,7 +423,7 @@ public class NettyConnector extends AbstractConnector { enabledProtocols = ConfigurationHelper.getStringProperty(TransportConstants.ENABLED_PROTOCOLS_PROP_NAME, TransportConstants.DEFAULT_ENABLED_PROTOCOLS, configuration); - verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_VERIFY_HOST, configuration); + verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_CONNECTOR_VERIFY_HOST, configuration); trustAll = ConfigurationHelper.getBooleanProperty(TransportConstants.TRUST_ALL_PROP_NAME, TransportConstants.DEFAULT_TRUST_ALL, configuration); @@ -450,7 +450,7 @@ public class NettyConnector extends AbstractConnector { crlPath = TransportConstants.DEFAULT_CRL_PATH; enabledCipherSuites = TransportConstants.DEFAULT_ENABLED_CIPHER_SUITES; enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS; - verifyHost = TransportConstants.DEFAULT_VERIFY_HOST; + verifyHost = TransportConstants.DEFAULT_CONNECTOR_VERIFY_HOST; trustAll = TransportConstants.DEFAULT_TRUST_ALL; sniHost = TransportConstants.DEFAULT_SNIHOST_CONFIG; useDefaultSslContext = TransportConstants.DEFAULT_USE_DEFAULT_SSL_CONTEXT; diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java index 82ae94482f..37100875f3 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java @@ -246,7 +246,9 @@ public class TransportConstants { public static final boolean DEFAULT_WANT_CLIENT_AUTH = false; - public static final boolean DEFAULT_VERIFY_HOST = false; + public static final boolean DEFAULT_ACCEPTOR_VERIFY_HOST = false; + + public static final boolean DEFAULT_CONNECTOR_VERIFY_HOST = true; public static final String DEFAULT_SSL_PROVIDER = "JDK"; diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java index 8593399412..72c732f620 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java @@ -321,7 +321,7 @@ public class NettyAcceptor extends AbstractAcceptor { wantClientAuth = ConfigurationHelper.getBooleanProperty(TransportConstants.WANT_CLIENT_AUTH_PROP_NAME, TransportConstants.DEFAULT_WANT_CLIENT_AUTH, configuration); - verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_VERIFY_HOST, configuration); + verifyHost = ConfigurationHelper.getBooleanProperty(TransportConstants.VERIFY_HOST_PROP_NAME, TransportConstants.DEFAULT_ACCEPTOR_VERIFY_HOST, configuration); sslProvider = ConfigurationHelper.getStringProperty(TransportConstants.SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER, configuration); @@ -356,7 +356,7 @@ public class NettyAcceptor extends AbstractAcceptor { enabledProtocols = TransportConstants.DEFAULT_ENABLED_PROTOCOLS; needClientAuth = TransportConstants.DEFAULT_NEED_CLIENT_AUTH; wantClientAuth = TransportConstants.DEFAULT_WANT_CLIENT_AUTH; - verifyHost = TransportConstants.DEFAULT_VERIFY_HOST; + verifyHost = TransportConstants.DEFAULT_ACCEPTOR_VERIFY_HOST; sslProvider = TransportConstants.DEFAULT_SSL_PROVIDER; sniHost = TransportConstants.DEFAULT_SNIHOST_CONFIG; trustManagerFactoryPlugin = TransportConstants.DEFAULT_TRUST_MANAGER_FACTORY_PLUGIN; diff --git a/examples/features/standard/jmx-ssl/readme.md b/examples/features/standard/jmx-ssl/readme.md index 454dfb6930..b5154bd528 100644 --- a/examples/features/standard/jmx-ssl/readme.md +++ b/examples/features/standard/jmx-ssl/readme.md @@ -16,12 +16,54 @@ With these properties, ActiveMQ Artemis broker will be manageable remotely using The various keystore files are generated using the following commands: -* `keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA` -* `keytool -export -keystore server-side-keystore.jks -file server-side-cert.cer -storepass secureexample` -* `keytool -import -keystore client-side-truststore.jks -file server-side-cert.cer -storepass secureexample -keypass secureexample -noprompt` -* `keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA` -* `keytool -export -keystore client-side-keystore.jks -file client-side-cert.cer -storepass secureexample` -* `keytool -import -keystore server-side-truststore.jks -file client-side-cert.cer -storepass secureexample -keypass secureexample -noprompt` +```shell +#!/bin/bash +set -e + +KEY_PASS=securepass +STORE_PASS=securepass +CA_VALIDITY=365000 +VALIDITY=36500 + +# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust: +# ----------------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt + +# Create trust store with the server CA cert: +# ------------------------------------------- +keytool -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt + +# Create a key pair for the server, and sign it with the CA: +# ---------------------------------------------------------- +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -alias server -certreq -file server.csr +keytool -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt + +# Create a key and self-signed certificate for the CA, to sign client certificate requests and use for trust: +# ----------------------------------------------------------------------------------------------------------- +keytool -keystore client-ca-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias client-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -keystore client-ca-keystore.jks -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca.crt + +# Create trust store with the client CA cert: +# ------------------------------------------- +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias client-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca.crt + +# Create a key pair for the client, and sign it with the CA: +# ---------------------------------------------------------- +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore client-keystore.jks -storepass $STORE_PASS -alias client -certreq -file client.csr +keytool -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client -file client.crt +``` ## More information diff --git a/examples/features/standard/jmx-ssl/src/main/java/org/apache/activemq/artemis/jms/example/JMXOverSSLExample.java b/examples/features/standard/jmx-ssl/src/main/java/org/apache/activemq/artemis/jms/example/JMXOverSSLExample.java index 8681a19dc1..6e0adff760 100644 --- a/examples/features/standard/jmx-ssl/src/main/java/org/apache/activemq/artemis/jms/example/JMXOverSSLExample.java +++ b/examples/features/standard/jmx-ssl/src/main/java/org/apache/activemq/artemis/jms/example/JMXOverSSLExample.java @@ -83,10 +83,10 @@ public class JMXOverSSLExample { String[] creds = {"guest", "guest"}; env.put(JMXConnector.CREDENTIALS, creds); - System.setProperty("javax.net.ssl.trustStore", args[0] + "client-side-truststore.jks"); - System.setProperty("javax.net.ssl.trustStorePassword", "secureexample"); - System.setProperty("javax.net.ssl.keyStore", args[0] + "client-side-keystore.jks"); - System.setProperty("javax.net.ssl.keyStorePassword", "secureexample"); + System.setProperty("javax.net.ssl.trustStore", args[0] + "server-ca-truststore.jks"); + System.setProperty("javax.net.ssl.trustStorePassword", "securepass"); + System.setProperty("javax.net.ssl.keyStore", args[0] + "client-keystore.jks"); + System.setProperty("javax.net.ssl.keyStorePassword", "securepass"); JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(JMXOverSSLExample.JMX_URL), env); diff --git a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-ca-truststore.jks b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-ca-truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..e2dfeff87dba7532471486ccbbd18c4660fb7b72 GIT binary patch literal 950 zcmezO_TO6u1_mY|W(3om$vK&+c_q5Zi9nHR9vPD)2G$5YQv*u|2IdljCguWzCZ>o5 z%uI|-Oe|&h+u00w**LY@JlekVGBR?rG8n`g3L5aUF^95n33E6mmt>Zu`UV;b81R9F zxP{pri%L>+Gm8x^49q|x%)*yc0NkCVQ;>k(2uGo`SbhLf2!ImGyXn*J&|>P z^xlmeC$5Pef1z>xU2v0|O?EfWpBGo&G$~)TF0uJGb7518vbB@rw$7X*YWd*~hrRdY zOU-QGc{4tsr1a#C1D9W0C74(QG&dgf-p_gPt`dXFb&Y8betgV(=fs*{{Bve@-7Ky4 zCHI<2mRMYhxc;NJDSL77%yS2fmI~xKo>ec|`Owr=i?unqE#&u#_mx4nwDdR&^F{qj zP8c@iURvtX_>_s6k%4isk%0j?CCCahGX7^_HDCr(2C~3dm*ry-V-ZQKkJnl9Htdzfz(DzhK?Vfe1HT2_&>;t*#VL=RwMJ|Qe_4#>luimmZaoX|~ zMR(^;V#$y>_wU{0^VQB19XyPx9oIg4wk|6E|L!>vpJDSbs*vBz(~~FQHuuwx#-p`AcB-@hw(v4Sma!#K^o(`v#+K~+E+Y{!MhpoJM)qZF+1G5PP%7D%5-K8z zG$}7C+hi?DIHNk}>V2 zaLJ$X_M`JJel^-`wZJ^6hEE%l;)L9%=9-$hSGzRRH|gUQ!>hoS!m2K~epaNFX+ANJ zz$F{Ps5(MnQ=t%Ds<;(Q16rxKtv`LW(>-vAQIu%&(z)LB__v^WDP2IUET#4tb&Sk6f!BiwP7;&~p}GFy~!sI=2wH6e2B^0P(79Lwai zH2T6cT{$S0Wb>G;BwsG)mC6h(MObEO#}Id$A{Z2Eb^&Y^9` zqcMp^WE+tDb^i2L1Zy1MxS3NaE;?kI=smnGG;B;&2p zb6@jy^ik?erMBDCw?bMhWLCKCU8o)&u8ZiwUF`iNdYNfn8#Fuxb0+#jS|hPf5k@(o zd2N|^Kn!pU)Q#vCjBGZ~=OEUN->lWmX!76I*m=fO}=RX&;aca`H zwrz_wUA3_x>(tywrRUIeY}+;I#qCg@7EeWTa{l(lmw2?zJZ_*~D+Mo!nkY?Kl=V{JO{IQlMRAaX>eP{DrziHgYubvYisZW*S^R-Ci$lM%N3Wffwaq5~E{rIu4?w`Mb#`9pH3ep+;Pw=!jL4Gpptna2It#7Tnw%B1 zB4oshy9{@oCSN`x6xZE=Oi?1N@bDpuED4?-JPG$+wI>spF30)#H!l&`6*dW7748oe z7E1aV70xO;A%ic-{CMv0W!wOPRF-_3A>4n?J(9@Z!=m z^Uk$|EA_#?(W_p@<}#I!!>6{qiN2%C`?~R1h8vjp+boam@flrBE1z%AOq$9^S;&5M zl2O-rsDjdzZwXz$L{YmVGZfKXarTYe74`=aN>IfBSWiRGpz~-=*|=EBS->2`)W!jF zoP!^m8))vqW)u%(sp**=NV9C1?p(`^!OvpMC+&K(F)>v+*S}{tY>u%;z`$l9vZ%vPX>P{`usq}~t!83$FwAhQV4VMpE$?o_ z_wGn%CoK;sfk4nOmqztOrVO=3pSWBdv3IIjQ{8c^6%ponAtTqN{!N=W;A9~RPf_a}IH zc)7U}yzst4m_ULj-rtLG0TAM5kwF1yKo%tn$O0$_9yS>iO;AJuKLy|%Y9GL~w>umG z#n9gVbHwn65&e(R{}ikcfcz0G_kRc$Ab~}GO$5y+pd>IGh^8|^NMJCC3eo>&iEJ&& zdBGdMBy6Cn2uWpTeq+y&dYE-{BC*RgRM>8Do+vn=afIvP;K5-0_^yuro2RyS`pzA2 zIpetb%r;J9WUNyJxT!;ma1_jqHcLuY8bZC)OV*eTG2dxz4)c2zq(HocWea(SyYX;v zPPw)}6FMNt*H@Bwys!K6qC@gxeNNpw6WyQ$D@9FqO4Z2LO_!$5))Wuvuh_6hJ?J%Q zXG=7XAL)#agH)oLC!+Pi*>wl^*NB21S34^zV?F3}|6x_~UF%+zn#Xa$6$2&W%S>{~ zWbrb5=m4>dXTu1Y2TALyFc-d{+#ARAqQj4;FgFDU8 z5P)}2WQQRDb`qlx-p$p=6CXf`g@x0M8xYu=V})_SI8Bt#+Z}*kDofeu=fa{Psp%?K zQ@>V-_Nme;1O^#6PcP*|Y+pZ($X>TZYB)q|;rat(n z9)atDmq~DJKY9P#X6WQIE8Pir+Ei4xB%co(CsJ!%&gc{=JwcZvmqkmqV{pJXx-K(3 zY+d;Bnuf(0%77OugQmLk{%0@I=X;NoN|dm!@rREH>36k%I5NSTLH?99+EQwn9hn$5 zszRQXW4oWIG(C8onJF(o8*?iUQDxVm)0B}kG-i%Ge@!g*)`(|nq2fb_4-q)zkU`@K zqge5~dEW}XUag0VN6n$jCnP?+vl3(3WJ_6}s{rbfo$d#>*Fc__FJJ5}uvTZX5cG(v z=0NaJNPL+Mpnt(lpuz1&gWK*W+(B<+;eX25UkkU4Jemf#EFc4*WB@rD+wVbEWHWY`ewK zH@d%f_VCz8OOl?dcjCTpvm=Wn(HANN)z7)5q|>4*T9}4-pYB6=Tg?ZCt$5zt*rst8 zGeY2_mz~cSl(BMXv#7`}!w$x-2@%l2vBO!KCalo50%yf%-}-64pOUfVZ%Bl4^swF7 zW-`gU%rf_Br%c6fzL)`VLeuZ^x{`EJZZTF{SC=kWypoh=Jcr+JO6WsH;D#%7BH#T$ zSq1>Uw|M~s7`zLk1E93qFZlgivj6B5-|;I-50|LUO4;J;ewSxwVtxYi?7q<58R#hy z%a||Dp8S*KW{hct{@^WyN3=UKlD*{Ay8iSF9}ZKkiBiM!wonpZ*pu$M-0DP`E2qyU z#-^B8O&CL$+*8+EN>i`Y8INCQZLf=H2a_^eFFv9yrsBHcQYS~AB7B#5k*IrpzDMzu z4XbkoSJ}98@!Nt$_k@m}5Oz<@8;-VK>GSTyiQ8C!$~cE@)Kg6KnXlhzbIq!{>OWDK z4)f%Hy7Mt(FjPBDQ(q<&Q}h0Pt%J*MOM%_0lexrAjcgTawC&;fiYM|zDdJr78luah zZjEM~_{t8``24gdQ)IzRVKATMRIuRf@BYg8s(V$rPj0=h@;qm%E0E)}IhyVZp literal 0 HcmV?d00001 diff --git a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-side-keystore.jks b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/client-side-keystore.jks deleted file mode 100644 index cb65a44ddc868383e07e700b941d9ac0709daf58..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1303 zcmezO_TO6u1_mY|W&~r_+{*0KN+2&_z1sy2Al+}!#Mo`X$Ht}2#>m2`#U#kc$jZRd z#903PyT#h@IPs9J5x3RWJvkMao!|^cgJXbP~&rKw3WXmtk#sink!k~r2bsZtnRxq zlbF1@GPb>#=puS4LgYpNeOINWEf3}{X3x7k*|KgH_o=I|w?4db!fN`RJMwi5k39}L zX6)6Hd?{eN?WvX9|D@@Pzl$_joEDm1opopd`@0I0UlUoZmoWX`CPm<%dVT& z+ld{q+Uii6bVKsq9n({h74y8Z&i*{ZR5#Cz&3*q&f5zM?=f$IE)M%=S?OLT7;`aFU z6yJFtr+>dE)9h??n296K=J@#)UUpIYk4348gtzZud3pYF)ayA9i{z40({1P1?$g#6 z?PT|!ysAIUXz(iwzYFw_C*ONBIp z?t9JAd-LS^H^J>eHt$^+4$Ij$YztJ&bd7aT3j7^u+Z*v~|Ix3z48EP79h!5!(Yis_ zB>z)d!uIT$0ZW(6pZ|iTT0rTL|L&F7|7|}e{lhx^`LPwtMEO~MH-Ec)RPHd7X^3!? z*hHgmrJvVnCtlZj|4E5ia_&VB#^X$)4AT<=`bCww&up5svuV-m7VZxbGG9SX`~Gl2 z>$Tao_fGFw9b>j5d}rm9^}Byry=wXy?!#@%-jp5~8Q!<+N~Hg@LUw`1hAp0Ag~~5{ zG{l6rpXW5{IkD`ajaXH8NKLQCgT?FQv^Os+otU?{p8J=gY0}5vNmYz0)@PP{+_xfd zLg$L+`wyd@&S#s{ofg+n9jcnb=wtowyr&j(V+#XQV?)s~+5CQI;iS;)p4oc!kN0cY zZd<*dUtrpOX#?iMImV0LU7d1rPO%8oXYWFo~$HDUtbi!Q0ufZ=QC6{toV=3z~tVvYLw}L)s#B!Eh7c# zY5d83%;ReHzWNmYgG(Q-_2x;B`F1)!YoAw5deG^=9+R$pk}-IEbyj50l8^mmk0z-| zD=mNLc6sIe&-e8A7AH!i>=3^>scCCC6u7`XRfp#D8o1>mL(b*B)7=UgyqI zo8rq+{Na+y`<!U37@*3Fs9 zGQNLnCNfP?5v(%w&f3)%cfhm!2g9nY<`3da=X*<91oa2E#J^o+DHgKmqI&$59hPRWD^Yd*2tX{NuH7scp1N&#bvysY@a)^KR2A3*wEcosC90U z087$R_J)UT;+?4)ziZ__b*w!YRq^$uZ;~I^6x}TA<4kD}v@Rc7qSqNjK7Gz4qPA + key-store-path="${data.dir}/../etc/server-keystore.jks" + key-store-password="ENC(1f0e6cd7ced61232730f9e82cc91c1e1)" + trust-store-path="${data.dir}/../etc/client-ca-truststore.jks" + trust-store-password="ENC(1f0e6cd7ced61232730f9e82cc91c1e1)"/> diff --git a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-ca-truststore.jks b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-ca-truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..3fe0f29ad27fec3158355a5c1d253d6934165d13 GIT binary patch literal 950 zcmezO_TO6u1_mY|W(3om#i>PQsYSZUi9nHR9_jzZ46G4)rUsS_49q14P0R%bO-vCB zn3))vm{{T@S!NmVvTFyI3T zaSO9M7L}ytW)>S-7?^=Xn1%IWiWHzy3c+9pC^)AUm1L%6CMT9;=I1FmmX>7X7iE@I z8YqbK8W|c`7#JHG8yK0GL`m=iX#+ze0~4qK?VZrXsD$ioMpg#qCPsb+gC<5UrY1&4 zhTZ}V`OWgRHpW#y5A9xdH}aMKF4f@B?K8gdAAMu-%FNwl=7Bf>ENZ)`mZLc~-L8u7J66wnE0|wLwMCf45!qs$n~H zRGafrl!^*(+2-7PM_iUJv5C_8=pOl~U{CLzx{2EwMQ?7jGs&)Ny}sn1V%V0>UHT>B zxsTP^B+L0+?`m2enVj=#Hn&r=;B(oco+BU1cirJ)i_)7?le5>!V)N?)`RklXA2TK^ zgeu5z{w>?86m`B#(P)3vlDFPV@2-2WRyMWAZFXLL=!=qF8u?rTpN>3PY5V50SMa2x zlbK)J=wC=a?a0K;$iTSR$iM)c5@dxL8UM4e8ZZMX16g3K%kr^^v52gBn`7&s=JxC< z=j2O2-gMlZy|S}zdRQ0pph^4LVS$3#Jf6?E3`KDuXYn^*z z-A~IsyS7%%z1_{1MP%^~>rLe!m+!D^4p?wt+h%Sl1-;`(ZkF}?O052sGj)o6X3U&( zk5xbIe^QgY-aAocW7x@c-gmZmO_e*&KBM`-={MCc=cirUwj=6rcbR(k?wpQ!hvu)? zx^w-mXrr*ehM4mfzsfx`%GE`;3w$`qd0ryN&vcr^JMA^r@dgs@@(s&d?F4h`!=FsL F1psjpaqa*B literal 0 HcmV?d00001 diff --git a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-keystore.jks b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..5a7e2c00bf86ef56329c990972055e1509ea0108 GIT binary patch literal 4122 zcmeH~c{r5q9>-@RGqO&0!;rPaGsZGy3uWK4^jb3_GBL&&M3%8lAwr9?q^yOStl6`a z2%%_`Eo3Lj&e3wt^}g?Q&UMZ|=l$#b%KkQ(!7BbY_Ig>?1bC1tXik92=35im$khbgSrfY+5#+fCSJC= zC4171Lk%URYqCjP8u<>=eCe~O3mN0Z`t#;5>Q$Ic90a*dj5!lzE`8xz&MGQaNxO=P zM84mYg*v(B-fc)_dhe7J!r4_4krY;AD)9C~t6GBnXNPe=5C;a|)~?~UR^9NaaIH1C z6xHVFu(sk+WarjFdFXHP)J6UN2yboQ{JfQbT1H%+&O0b2+oNUywB{eNs|^Ix?rcvexc6PajYlq%=j< zEb0_N_uG!od8-&+ijI83VUCT?(-=Q4_;#Q%|H?OpVBgAGl9u zzDza7*byxc^&&g*A@h*^1twyn&*$3cFdxKbhUV$ZZYwMsBhM5Kge3zkhWQ1bWM^df zrzQ>aNVguDuEK4|G_Tc1EhQMi$2WT)hR3!$TQ=CFyfx-{{Y+wH^#DQqZ26#K07EOa zElwy|BoJrarakcBu_LrBSE7k?ooH%eQHyhXEbXuJcH8Do1dT$Y7+DA{%D**cv zAK`!7HbEpM(mMHD8-3mkkhFVmqfwj*9u<(MN}Ll5{V#9&rr^!egw71e&DI21q>Kav z5nm6yd_|ov@U>)EO8it1_#nV|V5ay`;0>ptQ9}>&J3C+SlPqP_=`uC%T3S2km5A_8 zCP}t|uK!dg?UAzc)ZkL#e4gK!IQANTr&Y$mNY6HZ@;SIE9K$s!ehw`T18bRF_fh%U zNf$^z$I9)V>Hy6Tu)82I7<9Dv3}g3%&=AaK{c%E&OtCMiCeFC&?EQsaRo@Zrgb2ekQ5D_TqVu=6(@uTJ?qnhja6 z7<@J>$JtJ63Rv*w0#Ue?qeMSj2h&Z@8ESGx`e%q0d!jXUp9DaT;5*qWL}XVL$`Cty zeG_o-h{}fd1TI8^$+p+)R3=xX0>XMBQ?+ghPsnAmc*}G@zpx(FptSQoey-SM{&w=$ zkHgpaCo%>GBkMFa?fj-F2c;GczR(^U4SpV~Tx#zquWWrdtE?K^ms%@iUL$5D%I%Sg ztmw~zZhMY+!ZqTw>D3%><~#K|E2ukWysMawA<^hUn}W)~(V3(jwdxQDZWG+Gm5nR| z{XGB4!j}|e{9%+*Lu;BQga=$&%4lJYQxoFi6ovro0V1)8xqgKc+!@PClYLG+jwU{J zGH0b9XOzPZo_7;oJ~gzheTTP!^_nvA`a@O1lT*WwS=oe+SKM=Vu(>jHD_z|6gV;>7 z4L@6-u4$A0R0z9$MLv~TBI9c@}NFDa5b?fE}ciW{TBbl)p4`f=Z&N z^gI1%jtnPd6@kMb5VRJcLLUQENY-sA1Pp<|q;m)L0TxF1foQ$x6&5g1)MD}n>=P$P{shi1i%Ng7eIXf zIwKOQx%>BD5z`-{JwK!WDOofi^fOtW|Bx&|1&jW^5W6-3rGnW&yE+0w1%pA2x;rY{ zkoYV+Hzw&wdq4b9=0o?Rj4}5ni9;j)F^{kp@8AvDTRC+F=EefFMNy?q`@B}OjGXko z1tH6t-aC%+-h4uo(yz^l-V`-l$Yd43K0Jz$&hp;BS21}p{AlC7r#>Hyxhebaz99)T zdGOiPz9`!24UjTIlF`|v(Z^+!IuC&}ie9X4dIAq5e1>y+U9^2gLf=_bLL(z=CtT($ zCpJIHua3r6Q0^3L5d2uNWs^#-S3=PaWnh(_wxo*1bRIrgrM@$kwepMxhm^<6nLn$F zt$fkxYLUVZ@AP-;?{qApW|&#%1{;ZW7r{MhdFAE?5(p3FFmg@{%dyjC5GWV~zUu*; z0fcueiP{h21-QfZ70wdWj!Ni^kHM3BR%d7fw+eiG0QmO>NEieF0sP-zIbcYDg9;~j zyEqfvy?x0su+UwL22kJUSYh0-eM|2gC^yG8tn`M4&N$L?A9iZS;eWpwyQgw@Gr*uQ zx!~8FTm7OD0)390`(vCEj>#LqR6M8a3y30A%*P_o-W--8;)>6;M6>+oD#mBGvaM{F zw=AoHb&d7jH1bQKkp1TeBX5IK?7nKvDZrq3Y~Z(?iNXgbnI!ScBA(yB6Cf` zqyep|M5Lf%DmE?Nu(55=+Q4Cf8cQqFn41He8F%001O~ehSB2_AU3*0QZxlkOER%9I z(+wg_6?vwyftxy{TSm1t9gHp|?03Z{ND9@kol(9|Cg-W$Ns_M%w05%Ta3vG2?s&}x zTCD^|KQsI&LpnApZ!|jlVwz#L{8D)|<>IURG+bi7R~zqzz3XEGt}EZdm9og7e{oFS z<(Rn3@yTBtJMzJ9{;6VrHOC6O9PjcBVB`UX9~>*#{{K_>Z`8&UrG!g_FQ{VAuQgWZ z4*WJHS0#SJs^Z2sww4*(l#;GOYQv1_1qKycvu}EwQQPmX7$i(xR7Zwd!P5-=1xvP> z4BKrr!YsQl*bGf}@CB(8p@Fy1?n^}$q=}8_Zi8UP#+HNd5nC}a7D~yvkIlz&vQ=$m z7Il9cA=boy2)R-o&h?hAuHYFG)t|jBVqJQ%N{-BPZd8(y&!6@9fb`+!WWv-fW~~U0 z2^1-=dBMNx1A@_3HYJ!)tA#6>CJOh%@r&-sXe+cJe2Y>hYTHE-k*~MSo;A!FC>|<8 zxyI?-@(Q*3OsQeTKr1R2k(+D)yWv*o>5HrMa*d+kIs&^%D!}D@4Xr z(!6Y{^s*99nI#?&m-C$Ab}Nd@ZH$z=v*j&JeJWI>9q*vqE;Qa(B%vFlV+`AOw^HSi z|6*RHdW6~ShVl|-ezfef=C_mtW8VAggsUkU9`V8Psr;MDzl_SMFh(tlISs=%4!o(G<*ilM I)(|iL0pakxbN~PV literal 0 HcmV?d00001 diff --git a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-side-keystore.jks b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-side-keystore.jks deleted file mode 100644 index 6089c6ee13e7e163561a17ba11bd45cdd755cf8b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2253 zcmc(g`8yP98^>qH7<=}8XfS0d%rHhsQI=tB#TX zMG0f)HfzKH?CB_ZS2S2C9LCfj~|Gm<*opF;lu|jT=7V;`C@?5&_}u zYK=(7(luT3FOLbZsgr`m>P>~kHCuBJ5j#hWA1-h*!x>Z9lT29*-_x*b?~at=i?fp) zdi=L{piIMX_dfb8fx%UP!)to-c^7jIL(|`m$|~fuH}w{+JG$1#^uQ_sl)KwF;tK=F z67}Pu!dlne)Lxwr?S&;J^6(;086MfH;*yxgO%EKGc(oG=KN@a0hY3<=2#q#;%|+jM zT$>2t!8?LJ#sw;^tr4&2owN49PNbNVikLBXroaMZ?`|LuhOmRq`h%$4yB~gR&HyM|J5@jD9Iqz+ib3WJy?uoe}p!z zK}pUT$oO{YTeKz1JT6HkfiMM?sW6HZuw`Kv>!XfS%hb5QV{&?ekEB${cR|{Wimhjo zP5JcGUVB{&@5>oyGBQ+(IR_0eXA{bXHFHK<@0Ac=J70@P7=5AorY3jV8J@lJvsT@$ zY})?9(JV}nJGr~Go3`I-+M8^3|G-_qmJ>naK+kP_#Ig#!*9Six%p=5xpq-qWyhnl=x>C3 zJ*W_D%dmN*xyF@dU)|;?{ZCzUC70li)Kl`Ww0z7TE2KN105;7;)?AH7R4+%v6b&Qc zwb#~4pWQd5z>n4kaQc48hLX~J_a8(mjV&EotXhz`p6y>_L=0W*o8_w>ptWN8m`qBc z*snd~<^I-?cnbGbK?8KSgSq%tO4kArkHjagTPx)F%t$ zjF$F7gxd@R866u~IZHSPW3XjkuX=1Zs=zGkt;$=VYZ4p#W8{LFXgc~#ON?Qo2+Q-! zd<{o#6mBGyY^2^+_Aan_sOVngRsRgQsOwXSJm64T|MSB|Iw%c83?Fs*9PbH>QhUzRCYt{`vB24%T$dmVlOl}HEjiNqS!fMQh#2R9@PAd%_ zlYvg1r%5)6L3YbwA@_7kzf{ZznwTZ0x>I=tv@OJ)eaFwR&IS)JZbVs#NY@TYbl0bR zw9Sh~Rao7QHq4dNTwO&c(qV8dPfztDo_-}3VKp~hmjJoBZxuEFSd2~@ItV=gfFl7x z=7>d*L4L&?ARq_?hE=;>LkK{4)Dkg?+X6r!A1442jO0h~LO5_>h$x4#^|`-@`ya&h z2MHqte|PeVavNU`@eB1junQgR+XIPDl*^bH;uYjaLc$R8zbhP~l7E?Ce_p}ty@;V+ zM1;Jg08$5u(9%O7wRCiJT@Da^aMb-1|BWY+fr@_*=HTDpAOi&f2r`ftLx0(zCF<)ThrF8y$4GD=myAP(LFALf4@uOiS za@rW3qYt{G&mM@(93uo{yl1SXVn#Y`qjrg*9B zMar)wGhVs;wmD}_u;I;7_c!PSd4EkbvL$~fNmO&WTPNwaM>=#Dt>WbTIpSe?KR{ik+zDz#s)blTpsbi@+jOW IlooIIKQG79H~;_u diff --git a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-side-truststore.jks b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/server-side-truststore.jks deleted file mode 100644 index 0b7e224163358aef1f20d04f5c6720f98b97679a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1732 zcmezO_TO6u1_mZLW=={>VPIek*!;DvkAXEp&(y$@fq_}Wpov+p`ni!fH z8AJiOW(I~v=1?x3T+zh1-Jpq42j+c7AV;35v610#eQ={}sgP#SeXlusZ=O8=Cb&Jw z=DiEUVLAJTZGmc;uCWeEfxjbddn11BKl*i-!MD@1LvyY-S~tj=+HZ6MH!u=sa<}1i)-ybe$y*AtS-swH7W6XAh z@2s4%e)lh{S4}^|eYkDeo6-X#!~1q!iS&O~$S%;>u*FlXQ2B+AhM4g7^PEOKCzd_5 z5v%GBsp-{tuy~!E_U2`!6Z00=bN^B_P5Ssdsftm>`plA#`&I-_=v>i!|6$bA`D~NA z)8ZPcLse54eXReT_tau;Y++z(Y%r=kbN_I)aQjBz7apnmULCHGthwoYIiq;Vm%RmV z?@n47b>?ra)6b>tSrY0=%WwEk-FIip&c&-Y+G@ zt&Qi`{8=yFqpKpTwk+J%ihWU}<mkT;M8rYl)K7BLo)MB_7#Mv^mDt4;Yl_xFC?=tt8y4N;Ocvp$1?4wHy=*^=l6 zw!k~;c?Q#?BJOs1TP)kkB*NsMsjZi_Qb6d)+Gd^R=1KCew@n1+Bi7u??9@t7E?Vy{ z@eh%UoPfE=4w#GnKy#6z#DORj>kJBE`G#7#NWnl3l8eM)Sxo_&!O*jm1u#RIo0!6~ zlo^ye5KbD+U*zVmqGPi8{m#Nkq1ipN_39t**RtKVdOyFwwENNq%!PA|7rnbW<>Z`V z5!OF#8z<$xSh<$n_rn~n4xMAQd-wMFMyjs4dd87s#twc1g?$D>+tw=_V_Ov;pnB)) zo5XCZu0#%(eRM%HFxSayE|v^wi`12K k_4O@1aE-GsYR(x({$u$93H;)JLJaM8Rtcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true;sslEnabled=true;keyStorePath=${data.dir}/../etc/keystore1.jks;keyStorePassword=changeit;trustStorePath=${data.dir}/../etc/truststore.jks;keyStorePassword=changeit;crlPath=${data.dir}/../etc/root.crl.pem;needClientAuth=true` +tcp://0.0.0.0:1883?protocols=MQTT;sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;trustStorePath=client-ca-truststore.jks;keyStorePassword=securepass;crlPath=other-client-crl.pem;needClientAuth=true ``` -In the server-side URL, the `keystore1.jks` is the key store file holding the server's key certificate. The `truststore.jks` is the file holding the certificates which the server trusts. The `root.crl.pem` is the file holding the revoked certificates. Notice also the `sslEnabled` and `needClientAuth` parameters which enable SSL and require clients to present their own certificate respectively. +In the server-side URL, the `server-keystore.jks` is the key store file holding the server's key certificate. The `client-ca-truststore.jks` is the file holding the certificates which the server trusts. The `other-client-crl.pem` is the file holding the revoked certificates. Notice also the `sslEnabled` and `needClientAuth` parameters which enable SSL and require clients to present their own certificate respectively. -The various keystore files are generated using the following commands. Keep in mind that each common name should be different and the passwords should be `changeit`. +The various keystore files are generated using the following commands. Keep in mind that each common name should be different and the passwords should be `securepass`. + +```shell +#!/bin/bash +set -e + +KEY_PASS=securepass +STORE_PASS=securepass +CA_VALIDITY=365000 +VALIDITY=36500 + +# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust: +# ----------------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt + +# Create trust store with the server CA cert: +# ------------------------------------------- +keytool -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt + +# Create a key pair for the server, and sign it with the CA: +# ---------------------------------------------------------- +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -alias server -certreq -file server.csr +keytool -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt + +# Create a key and self-signed certificate for the CA, to sign client certificate requests and use for trust: +# ----------------------------------------------------------------------------------------------------------- +keytool -keystore client-ca-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias client-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -keystore client-ca-keystore.jks -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca.crt + +# Create trust store with the client CA cert: +# ------------------------------------------- +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias client-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca.crt + +# Create a key pair for the client, and sign it with the CA: +# ---------------------------------------------------------- +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore client-keystore.jks -storepass $STORE_PASS -alias client -certreq -file client.csr +keytool -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client -file client.crt + +# Create a key pair for the other client, and sign it with the CA: +# ---------------------------------------------------------------- +keytool -keystore other-client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias other-client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore other-client-keystore.jks -storepass $STORE_PASS -alias other-client -certreq -file other-client.csr +keytool -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile other-client.csr -outfile other-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore other-client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -keystore other-client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-client -file other-client.crt ``` -openssl genrsa -out ca.key 2048 -openssl req -new -x509 -days 1826 -key ca.key -out ca.crt -touch certindex -echo 01 > certserial -echo 01 > crlnumber -``` - ## Create the ca.conf file: ``` [ ca ] -default_ca = myca +default_ca = CA_default -[ crl_ext ] -# issuerAltName=issuer:copy #this would copy the issuer name to altname -authorityKeyIdentifier=keyid:always - -[ myca ] -dir = ./ -new_certs_dir = $dir -unique_subject = no -certificate = $dir/ca.crt -database = $dir/certindex -private_key = $dir/ca.key -serial = $dir/certserial -default_days = 730 -default_md = sha1 -policy = myca_policy -x509_extensions = myca_extensions -crlnumber = $dir/crlnumber -default_crl_days = 730 - -[ myca_policy ] -commonName = supplied -stateOrProvinceName = supplied -countryName = optional -emailAddress = optional -organizationName = supplied -organizationalUnitName = optional - -[ myca_extensions ] -basicConstraints = CA:false -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always -keyUsage = digitalSignature,keyEncipherment -extendedKeyUsage = serverAuth, clientAuth -crlDistributionPoints = URI:http://example.com/root.crl -subjectAltName = @alt_names - -[alt_names] -DNS.1 = example.com -DNS.2 = *.example.com` +[ CA_default ] +dir = ./ +database = $dir/openssl-database +crlnumber = $dir/openssl-crlnumber +default_md = default ``` ## Continue with the following commands: -``` -openssl genrsa -out keystore1.key 2048 -openssl req -new -key keystore1.key -out keystore1.csr -openssl ca -batch -config ca.conf -notext -in keystore1.csr -out keystore1.crt -openssl genrsa -out client_revoked.key 2048 -openssl req -new -key client_revoked.key -out client_revoked.csr -openssl ca -batch -config ca.conf -notext -in client_revoked.csr -out client_revoked.crt -openssl genrsa -out client_not_revoked.key 2048 -openssl req -new -key client_not_revoked.key -out client_not_revoked.csr -openssl ca -batch -config ca.conf -notext -in client_not_revoked.csr -out client_not_revoked.crt -openssl ca -config ca.conf -gencrl -keyfile ca.key -cert ca.crt -out root.crl.pem -openssl ca -config ca.conf -revoke client_revoked.crt -keyfile ca.key -cert ca.crt -openssl ca -config ca.conf -gencrl -keyfile ca.key -cert ca.crt -out root.crl.pem +```shell +# Export the key of the server CA: +# ---------------------------------------------------------------------------------------------------- +openssl pkcs12 -in client-ca-keystore.p12 -nodes -nocerts -out client-ca.pem -password pass:$STORE_PASS -openssl pkcs12 -export -name client_revoked -in client_revoked.crt -inkey client_revoked.key -out client_revoked.p12 -keytool -importkeystore -destkeystore client_revoked.jks -srckeystore client_revoked.p12 -srcstoretype pkcs12 -alias client_revoked - -openssl pkcs12 -export -name client_not_revoked -in client_not_revoked.crt -inkey client_not_revoked.key -out client_not_revoked.p12 -keytool -importkeystore -destkeystore client_not_revoked.jks -srckeystore client_not_revoked.p12 -srcstoretype pkcs12 -alias client_not_revoked - -openssl pkcs12 -export -name keystore1 -in keystore1.crt -inkey keystore1.key -out keystore1.p12 -keytool -importkeystore -destkeystore keystore1.jks -srckeystore keystore1.p12 -srcstoretype pkcs12 -alias keystore1 - -keytool -import -trustcacerts -alias trust_key -file ca.crt -keystore truststore.jks +# Create crl with the other client cert: +# ------------------------------------------------------- +> openssl-database +echo 00 > openssl-crlnumber +openssl ca -config openssl.conf -revoke other-client.crt -keyfile client-ca.pem -cert client-ca.crt +openssl ca -config openssl.conf -gencrl -keyfile client-ca.pem -cert client-ca.crt -out other-client-crl.pem -crldays $VALIDITY ``` \ No newline at end of file diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java index 46e0ad1505..43982be8cd 100644 --- a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java +++ b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/java/org/apache/activemq/artemis/jms/example/MqttCrlEnabledExample.java @@ -31,14 +31,14 @@ public class MqttCrlEnabledExample { public static void main(final String[] args) throws Exception { boolean exception = false; try { - callBroker("truststore.jks", "changeit", "client_revoked.jks", "changeit"); + callBroker("server-ca-truststore.jks", "securepass", "other-client-keystore.jks", "securepass"); } catch (SSLException e) { exception = true; } if (!exception) { throw new RuntimeException("The connection should be revoked"); } - callBroker("truststore.jks", "changeit", "client_not_revoked.jks", "changeit"); + callBroker("server-ca-truststore.jks", "securepass", "client-keystore.jks", "securepass"); } private static void callBroker(String truststorePath, String truststorePass, String keystorePath, String keystorePass) throws Exception { diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/broker.xml b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/broker.xml index 9877bd57fa..fa630dc707 100644 --- a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/broker.xml +++ b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/broker.xml @@ -22,7 +22,7 @@ under the License. tcp://localhost:61616 - tcp://0.0.0.0:1883?protocols=MQTT;sslEnabled=true;keyStorePath=keystore1.jks;keyStorePassword=changeit;trustStorePath=truststore.jks;keyStorePassword=changeit;crlPath=root.crl.pem;needClientAuth=true + tcp://0.0.0.0:1883?protocols=MQTT;sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;trustStorePath=client-ca-truststore.jks;keyStorePassword=securepass;crlPath=other-client-crl.pem;needClientAuth=true diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/client-ca-truststore.jks b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/client-ca-truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..e2dfeff87dba7532471486ccbbd18c4660fb7b72 GIT binary patch literal 950 zcmezO_TO6u1_mY|W(3om$vK&+c_q5Zi9nHR9vPD)2G$5YQv*u|2IdljCguWzCZ>o5 z%uI|-Oe|&h+u00w**LY@JlekVGBR?rG8n`g3L5aUF^95n33E6mmt>Zu`UV;b81R9F zxP{pri%L>+Gm8x^49q|x%)*yc0NkCVQ;>k(2uGo`SbhLf2!ImGyXn*J&|>P z^xlmeC$5Pef1z>xU2v0|O?EfWpBGo&G$~)TF0uJGb7518vbB@rw$7X*YWd*~hrRdY zOU-QGc{4tsr1a#C1D9W0C74(QG&dgf-p_gPt`dXFb&Y8betgV(=fs*{{Bve@-7Ky4 zCHI<2mRMYhxc;NJDSL77%yS2fmI~xKo>ec|`Owr=i?unqE#&u#_mx4nwDdR&^F{qj zP8c@iURvtX_>_s6k%4isk%0j?CCCahGX7^_HDCr(2C~3dm*ry-V-ZQKkJnl9Htdzfz(DzhK?Vfe1HT2_&>;t*#VL=RwMJ|Qe_4#>luimmZaoX|~ zMR(^;V#$y>_wU{0^VQB19XyPx9oIg4wk|6E|L!>vpJDSbs*vBz(~~FQHuuwx#-p`AcBv$fQ z{aB-_Z5xXiRj%FtFv5VvWivTu*h zOs<%YuHTy>^FZpS6*UVH`=f$p3y&)Fjuq>NX_Yo4IuVuNcK6fEk1QN4Y%Phbe}AC> zRlK#@{ZvcuF9nAhvd#53q6;6*->4mGZ#z5SF)}9Z`!L2ux_5Z|#b)!$V}$eXw;(yF zhE}PR)8@_8#cGp*h$vt=kik7a9tU3=xzMn5t%=+-wl0& z1waW%>~pL7iXsTTGBLFkEJ(fI7%d_M7GWx%?Mq3);P+~6Q@rxBTYVB7d&F*~8T3VLtYN2m0ajbx5#{-B=I z;dwtR4MMPN&)@Z$qy1Nq~U-Pb*Ns!HmqAI^LA}gS`iwmbyJ=nFWuKA(kwD8 zbcHv)*SEGFtNmK#qISl&;J)sy`{3HII%RWFTZR_O3y)_UC%MOlyxH4EHsz!O&Ioiz_{@F z+#h7KO2r>a6+thHt?xBes*JEtWsXRUeX|?NJxrI55-qhrpa+8j1S~ZnMX#gcWsHKn|ZBz zw^w>1u5p5bgC-@U<@RAr$-<{(1xdxG7ZO|)>n%K>@z ziX;B9}!DteqPcw@;^183p5chi0Pt?yOUmJ05*@`%$Z}-)2XiHGl9yfQ#7W zbV&<7%zHud=F%Xd$AeQFw>Gpv(o15pw^_;tv+OD86!REHm=9CF#<)^u`; zGrk)adMh>moxkizCBS=7wQsu;LNb#K2;aH&rd-k|C4%puSdPi+cA#wFi{8h!kFIIV z{PaeIjjB3$6as;N1zGSlkOdpdhQpvR7!(TfA-R>q4Z}D1cAXIc0WFBUAU6_j2_S`F zx|T#C5VHrk&^+dz?lcv1rX!O^lmT&jBoA7g;=!abJZMb3wF~vC3)2U0$_&68GpR&A zkasTyjs~vK7)(%FjE@9@L{O8cp-v{NUEGDFU8wPI2wD>PLG(Wbh`j>R|8D$Wqy7IW zKo(T?*Zp>_AI^dbKz4Z^7z+x8^fmAewVhkA%ACA|d~5Ot7%Jc`QdTSP zW6L|U9Pz$5 zZ8mW6%WRfQb+pit$dZcE*fEjK)~t~Sg#jfrOpL@}_er_q($eTvq`Y$u_r&?G(hKT5 zEd^o2(v_GpuKsEp!?%?i75Jb=YlL8qL$z2kN@HF4meA0(zoL>K_e^Q;Oy3^R>q`YD zm%N)TkBz7J=XhOiWpicGU~nh|nj6{!hIalG9V-ODKnRH4RRYTohyublB}s`(cWPrL za*RiLz&=*#g1pI3@v(A%I4Bw-%n-!N9|Ny>Ng6C-@RGqO&0!;rPaGsZGy3uWK4^jb3_GBL&&M3%8lAwr9?q^yOStl6`a z2%%_`Eo3Lj&e3wt^}g?Q&UMZ|=l$#b%KkQ(!7BbY_Ig>?1bC1tXik92=35im$khbgSrfY+5#+fCSJC= zC4171Lk%URYqCjP8u<>=eCe~O3mN0Z`t#;5>Q$Ic90a*dj5!lzE`8xz&MGQaNxO=P zM84mYg*v(B-fc)_dhe7J!r4_4krY;AD)9C~t6GBnXNPe=5C;a|)~?~UR^9NaaIH1C z6xHVFu(sk+WarjFdFXHP)J6UN2yboQ{JfQbT1H%+&O0b2+oNUywB{eNs|^Ix?rcvexc6PajYlq%=j< zEb0_N_uG!od8-&+ijI83VUCT?(-=Q4_;#Q%|H?OpVBgAGl9u zzDza7*byxc^&&g*A@h*^1twyn&*$3cFdxKbhUV$ZZYwMsBhM5Kge3zkhWQ1bWM^df zrzQ>aNVguDuEK4|G_Tc1EhQMi$2WT)hR3!$TQ=CFyfx-{{Y+wH^#DQqZ26#K07EOa zElwy|BoJrarakcBu_LrBSE7k?ooH%eQHyhXEbXuJcH8Do1dT$Y7+DA{%D**cv zAK`!7HbEpM(mMHD8-3mkkhFVmqfwj*9u<(MN}Ll5{V#9&rr^!egw71e&DI21q>Kav z5nm6yd_|ov@U>)EO8it1_#nV|V5ay`;0>ptQ9}>&J3C+SlPqP_=`uC%T3S2km5A_8 zCP}t|uK!dg?UAzc)ZkL#e4gK!IQANTr&Y$mNY6HZ@;SIE9K$s!ehw`T18bRF_fh%U zNf$^z$I9)V>Hy6Tu)82I7<9Dv3}g3%&=AaK{c%E&OtCMiCeFC&?EQsaRo@Zrgb2ekQ5D_TqVu=6(@uTJ?qnhja6 z7<@J>$JtJ63Rv*w0#Ue?qeMSj2h&Z@8ESGx`e%q0d!jXUp9DaT;5*qWL}XVL$`Cty zeG_o-h{}fd1TI8^$+p+)R3=xX0>XMBQ?+ghPsnAmc*}G@zpx(FptSQoey-SM{&w=$ zkHgpaCo%>GBkMFa?fj-F2c;GczR(^U4SpV~Tx#zquWWrdtE?K^ms%@iUL$5D%I%Sg ztmw~zZhMY+!ZqTw>D3%><~#K|E2ukWysMawA<^hUn}W)~(V3(jwdxQDZWG+Gm5nR| z{XGB4!j}|e{9%+*Lu;BQga=$&%4lJYQxoFi6ovro0V1)8xqgKc+!@PClYLG+jwU{J zGH0b9XOzPZo_7;oJ~gzheTTP!^_nvA`a@O1lT*WwS=oe+SKM=Vu(>jHD_z|6gV;>7 z4L@6-u4$A0R0z9$MLv~TBI9c@}NFDa5b?fE}ciW{TBbl)p4`f=Z&N z^gI1%jtnPd6@kMb5VRJcLLUQENY-sA1Pp<|q;m)L0TxF1foQ$x6&5g1)MD}n>=P$P{shi1i%Ng7eIXf zIwKOQx%>BD5z`-{JwK!WDOofi^fOtW|Bx&|1&jW^5W6-3rGnW&yE+0w1%pA2x;rY{ zkoYV+Hzw&wdq4b9=0o?Rj4}5ni9;j)F^{kp@8AvDTRC+F=EefFMNy?q`@B}OjGXko z1tH6t-aC%+-h4uo(yz^l-V`-l$Yd43K0Jz$&hp;BS21}p{AlC7r#>Hyxhebaz99)T zdGOiPz9`!24UjTIlF`|v(Z^+!IuC&}ie9X4dIAq5e1>y+U9^2gLf=_bLL(z=CtT($ zCpJIHua3r6Q0^3L5d2uNWs^#-S3=PaWnh(_wxo*1bRIrgrM@$kwepMxhm^<6nLn$F zt$fkxYLUVZ@AP-;?{qApW|&#%1{;ZW7r{MhdFAE?5(p3FFmg@{%dyjC5GWV~zUu*; z0fcueiP{h21-QfZ70wdWj!Ni^kHM3BR%d7fw+eiG0QmO>NEieF0sP-zIbcYDg9;~j zyEqfvy?x0su+UwL22kJUSYh0-eM|2gC^yG8tn`M4&N$L?A9iZS;eWpwyQgw@Gr*uQ zx!~8FTm7OD0)390`(vCEj>#LqR6M8a3y30A%*P_o-W--8;)>6;M6>+oD#mBGvaM{F zw=AoHb&d7jH1bQKkp1TeBX5IK?7nKvDZrq3Y~Z(?iNXgbnI!ScBA(yB6Cf` zqyep|M5Lf%DmE?Nu(55=+Q4Cf8cQqFn41He8F%001O~ehSB2_AU3*0QZxlkOER%9I z(+wg_6?vwyftxy{TSm1t9gHp|?03Z{ND9@kol(9|Cg-W$Ns_M%w05%Ta3vG2?s&}x zTCD^|KQsI&LpnApZ!|jlVwz#L{8D)|<>IURG+bi7R~zqzz3XEGt}EZdm9og7e{oFS z<(Rn3@yTBtJMzJ9{;6VrHOC6O9PjcBVB`UX9~>*#{{K_>Z`8&UrG!g_FQ{VAuQgWZ z4*WJHS0#SJs^Z2sww4*(l#;GOYQv1_1qKycvu}EwQQPmX7$i(xR7Zwd!P5-=1xvP> z4BKrr!YsQl*bGf}@CB(8p@Fy1?n^}$q=}8_Zi8UP#+HNd5nC}a7D~yvkIlz&vQ=$m z7Il9cA=boy2)R-o&h?hAuHYFG)t|jBVqJQ%N{-BPZd8(y&!6@9fb`+!WWv-fW~~U0 z2^1-=dBMNx1A@_3HYJ!)tA#6>CJOh%@r&-sXe+cJe2Y>hYTHE-k*~MSo;A!FC>|<8 zxyI?-@(Q*3OsQeTKr1R2k(+D)yWv*o>5HrMa*d+kIs&^%D!}D@4Xr z(!6Y{^s*99nI#?&m-C$Ab}Nd@ZH$z=v*j&JeJWI>9q*vqE;Qa(B%vFlV+`AOw^HSi z|6*RHdW6~ShVl|-ezfef=C_mtW8VAggsUkU9`V8Psr;MDzl_SMFh(tlISs=%4!o(G<*ilM I)(|iL0pakxbN~PV literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/truststore.jks b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/activemq/server0/truststore.jks deleted file mode 100644 index 8410bc3723198583ab1aed691656143c3641d581..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 975 zcmezO_TO6u1_mY|W(3omB}JvhCGpv*l|YgFhL7_~8CWCqObsj<7?^tvnwUEcnwSa~ zFf%bSF^Nd(&Q_e>?k1;LfA_7fRL(0QAGQSsylk9WZ60mkc^MhGSs4sM47m+B*_cCF z*o2uJLk)!u1VJ1Q9*ZxxJU#iwa=#JR9j3T@)5G7Sz5XTOQ}6icNVM=fJq>-PGfiCQX2l06 z-4Qf76Z>tq(l(BzQa2w2PceKw!En(8>zn`FejL@^tJWV&982no?f&>@ZZC$M(Gu@OJtd< z)@a7qCCvVH;)#073&Hi1rp{}y^4hO+ZP#Ymmv54{oPM;}kt=D^*?W#G3twzotLi(+ zJL%;0MSL6IpW7vMv-je!tE@c24h5|-I!Bq985tNC2O9($$O0ovmXAe@MWjf);{A@f zmjvz^Z(%8G)%~(P?57Jjx@DDFBn-qFuq)sP=@({X{LjK_zzn32gB_TvfWgklFvwTmOT0b5Z?2MH`&T?= zrMmi5cKfx8?=MJS@wxD0?TXb!UKg@bb=be_{P+ECoYrUfTheQ@bw~Br<@~z3wevq0 zpIG3)u!)cJtWy8oOTUKeZE&nxa+TWZ`GQ{o=gGx=Wc>fK*fT7J5H hQLg^)R_BGxoA!jW$z4Bm**Pxg==2}z_e>vY0|293ciI2| diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client-keystore.jks b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..b968a0c54d0fbf2e00a302b63b848766046a46a2 GIT binary patch literal 4144 zcmeH~c{r5q9>-@hw(v4Sma!#K^o(`v#+K~+E+Y{!MhpoJM)qZF+1G5PP%7D%5-K8z zG$}7C+hi?DIHNk}>V2 zaLJ$X_M`JJel^-`wZJ^6hEE%l;)L9%=9-$hSGzRRH|gUQ!>hoS!m2K~epaNFX+ANJ zz$F{Ps5(MnQ=t%Ds<;(Q16rxKtv`LW(>-vAQIu%&(z)LB__v^WDP2IUET#4tb&Sk6f!BiwP7;&~p}GFy~!sI=2wH6e2B^0P(79Lwai zH2T6cT{$S0Wb>G;BwsG)mC6h(MObEO#}Id$A{Z2Eb^&Y^9` zqcMp^WE+tDb^i2L1Zy1MxS3NaE;?kI=smnGG;B;&2p zb6@jy^ik?erMBDCw?bMhWLCKCU8o)&u8ZiwUF`iNdYNfn8#Fuxb0+#jS|hPf5k@(o zd2N|^Kn!pU)Q#vCjBGZ~=OEUN->lWmX!76I*m=fO}=RX&;aca`H zwrz_wUA3_x>(tywrRUIeY}+;I#qCg@7EeWTa{l(lmw2?zJZ_*~D+Mo!nkY?Kl=V{JO{IQlMRAaX>eP{DrziHgYubvYisZW*S^R-Ci$lM%N3Wffwaq5~E{rIu4?w`Mb#`9pH3ep+;Pw=!jL4Gpptna2It#7Tnw%B1 zB4oshy9{@oCSN`x6xZE=Oi?1N@bDpuED4?-JPG$+wI>spF30)#H!l&`6*dW7748oe z7E1aV70xO;A%ic-{CMv0W!wOPRF-_3A>4n?J(9@Z!=m z^Uk$|EA_#?(W_p@<}#I!!>6{qiN2%C`?~R1h8vjp+boam@flrBE1z%AOq$9^S;&5M zl2O-rsDjdzZwXz$L{YmVGZfKXarTYe74`=aN>IfBSWiRGpz~-=*|=EBS->2`)W!jF zoP!^m8))vqW)u%(sp**=NV9C1?p(`^!OvpMC+&K(F)>v+*S}{tY>u%;z`$l9vZ%vPX>P{`usq}~t!83$FwAhQV4VMpE$?o_ z_wGn%CoK;sfk4nOmqztOrVO=3pSWBdv3IIjQ{8c^6%ponAtTqN{!N=W;A9~RPf_a}IH zc)7U}yzst4m_ULj-rtLG0TAM5kwF1yKo%tn$O0$_9yS>iO;AJuKLy|%Y9GL~w>umG z#n9gVbHwn65&e(R{}ikcfcz0G_kRc$Ab~}GO$5y+pd>IGh^8|^NMJCC3eo>&iEJ&& zdBGdMBy6Cn2uWpTeq+y&dYE-{BC*RgRM>8Do+vn=afIvP;K5-0_^yuro2RyS`pzA2 zIpetb%r;J9WUNyJxT!;ma1_jqHcLuY8bZC)OV*eTG2dxz4)c2zq(HocWea(SyYX;v zPPw)}6FMNt*H@Bwys!K6qC@gxeNNpw6WyQ$D@9FqO4Z2LO_!$5))Wuvuh_6hJ?J%Q zXG=7XAL)#agH)oLC!+Pi*>wl^*NB21S34^zV?F3}|6x_~UF%+zn#Xa$6$2&W%S>{~ zWbrb5=m4>dXTu1Y2TALyFc-d{+#ARAqQj4;FgFDU8 z5P)}2WQQRDb`qlx-p$p=6CXf`g@x0M8xYu=V})_SI8Bt#+Z}*kDofeu=fa{Psp%?K zQ@>V-_Nme;1O^#6PcP*|Y+pZ($X>TZYB)q|;rat(n z9)atDmq~DJKY9P#X6WQIE8Pir+Ei4xB%co(CsJ!%&gc{=JwcZvmqkmqV{pJXx-K(3 zY+d;Bnuf(0%77OugQmLk{%0@I=X;NoN|dm!@rREH>36k%I5NSTLH?99+EQwn9hn$5 zszRQXW4oWIG(C8onJF(o8*?iUQDxVm)0B}kG-i%Ge@!g*)`(|nq2fb_4-q)zkU`@K zqge5~dEW}XUag0VN6n$jCnP?+vl3(3WJ_6}s{rbfo$d#>*Fc__FJJ5}uvTZX5cG(v z=0NaJNPL+Mpnt(lpuz1&gWK*W+(B<+;eX25UkkU4Jemf#EFc4*WB@rD+wVbEWHWY`ewK zH@d%f_VCz8OOl?dcjCTpvm=Wn(HANN)z7)5q|>4*T9}4-pYB6=Tg?ZCt$5zt*rst8 zGeY2_mz~cSl(BMXv#7`}!w$x-2@%l2vBO!KCalo50%yf%-}-64pOUfVZ%Bl4^swF7 zW-`gU%rf_Br%c6fzL)`VLeuZ^x{`EJZZTF{SC=kWypoh=Jcr+JO6WsH;D#%7BH#T$ zSq1>Uw|M~s7`zLk1E93qFZlgivj6B5-|;I-50|LUO4;J;ewSxwVtxYi?7q<58R#hy z%a||Dp8S*KW{hct{@^WyN3=UKlD*{Ay8iSF9}ZKkiBiM!wonpZ*pu$M-0DP`E2qyU z#-^B8O&CL$+*8+EN>i`Y8INCQZLf=H2a_^eFFv9yrsBHcQYS~AB7B#5k*IrpzDMzu z4XbkoSJ}98@!Nt$_k@m}5Oz<@8;-VK>GSTyiQ8C!$~cE@)Kg6KnXlhzbIq!{>OWDK z4)f%Hy7Mt(FjPBDQ(q<&Q}h0Pt%J*MOM%_0lexrAjcgTawC&;fiYM|zDdJr78luah zZjEM~_{t8``24gdQ)IzRVKATMRIuRf@BYg8s(V$rPj0=h@;qm%E0E)}IhyVZp literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client_not_revoked.jks b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client_not_revoked.jks deleted file mode 100644 index b03e57a4f0856bea20e67ce2b8dd23637f0a198d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2380 zcmah~XHb*d7R{G@p(O}NRT4rGr1J$ZG?6MQ#Gpu(P$YyRB@#nbijfWiS5UeHLy;>e zQUojrC`Cn7st81liXd>YZ~>_gy>H(5X5P&Ev1iWOXYI51nRRBJjk%3E7z_sA3gB04 zrv&;_gBc#dG=>MA8b%ACdT(vf;=YPZ!C*)LVuI_?HXZ>r9smSX;UWNlgn>+O+AfD! zm;ZRmz?dkl_h88T-Po-Ib%x~RB<|Q^=m|- z=*gAtP@Ck9la&NCv1F>opg_0)P#!!wOU`IZLEY?J%=zN3-kqbX6s&==j(@V)?Y=t- zr9~CZtw7A)`;e?W^I7Y@4x8o1lB3jP(ktx6My}y~^jC#442Aj4%^ukMwV-AaRt}4= z;lwnQOZK!(RC`YN9xS-iQr;gFPrFcO%4-IS-+b&kKpIjiy>t!T?eNl=rpbvZ5b(8q zHr70a5e`%-X^hNUDc^5{6)9B8%GAyYY`22j25` zFz0AShM&duNe$j;ZTrAW=n2di>&#@fd12p5(@Xvsg}GDllyjZf5Ob%9+|1hz@is+4 zhR;=PLN0#)^eQaIt?VSHa5R{pX2hqv=4NGeh9cb_lXYn^Zu^cR)_$bccW(#Lckkt0 z5|e~XAF_QEcmDCX#lYAk#!^JDM>^@iXQgNX{DyqyS&0Ecz-Ga;)aE5-erxzn({bn^ z_T!YhO>R*ahTePajO&4ziM`7H+b9*A@89!fZ0x;TRe2`@PrNff^I;vc*TZ?AWDY~2 za|dd1M4;Jun351$u@WUAQZsUqTY4!s*s^*LSYJk^0DOJIy5GKA`4{0tq9gxyNHNzv zg1?JYGf_LGA3y&_wmvQ~wR}X3$sc#91#G*MTzx#9_bOL@a$s6t=c4y(r1k4nW&fk< zUhUS`vx`Q)alSp}h<{7!-6j-mde3pGpFSdaB$6^^f7bHtM5^3FSAAp~htyq8HoDze zFgYC|P+oTzXFO6n`}`npF#W5czIfSFiI>ipam;ve^<+nt*Kp4WCLl1&3x%P%)?Br9 z-&JV@YkK12GB(+i=2n3t(G@a$@5<0VIR~$Gh238a4~hSTSxpek&K&Zc6V0l0sg7@? zI!BKhI1q~ZV_{E@8f?2YDwS)rC5L~m6~A540*tDdtjk$Fbvxv(%Rba=d!-``^6QEctPOtEcNkiDt7 z9U?!{tHB`ZT+ync5$y8RAiXNEr>r&Myf^Fm%Z{mqYwNwF58VV}yFqc(i5?7h!q3I{ ztl~>oq*}yjjh#zZ1byO4L}^WNIc!yuL$dr-sAuNVOiJQ`ocI z{-S2dv>`B-*Hw^q0BoGQaiR-gl}=+un5yQ=Nd#K`DAAxwC_U|1c;F9~((7fTr{OEv zaJsv^GfB4DwN>d1ZqvUT0zTm_r!xeUDFNXm8x`0(Cn z)07C17b7tq(Hc0tw`xb%tRmjI%9XGI8DGAuJt8dmW1HrLk4yH4qPki;Hle&>RmCT| zNHVTRsmT@t*F`&(u245S*!#S~7yU-fj6O)bb~Ij{-c1##X){rl9{-v~3|msX;#Ng~ zxtxE3Wp=QtEfqWY#O)TcQLiPT6!OIjuku#MqMH6xTB~^xfVK!(5gT?=9(3NSn1}_42_I)6-~b#BARs{=e$~W-iA#c8&WMCT_IMP; z&x3FPc|_r64tP;Wr86KINkMH0!b5s^!X8~6{P8WQy#)#XhL8h(8-)I+0Qs{( z_kTD3uhIVh6c7`T|NVYj){kHULa?p80GtT`uv!>;tdPt1YOJoEUAIKdA3y1cBU=<6 z(uZO&vmwP#Ii)x3F3r>@?CLKj$F*qpajk77Q=0VN57&|q@%I+Va_R%2l_>bRTS{QJffArt z)E#j~HrD~ zDv+v4p#^EtX*7l=g&qhg{$z`QG7yG|`i;O8RMq?q{;v7fo8HnKfVp#<4krvCD0}CN zW5(*S7btp66R~)}s6NcLk63j>$-FSeueF`X22s-zDsH|?<6Xqx5H3YIVa}R z@losHn?&@tA8VZD+=1!cf1H2y02?=cC|3u)-Eg9lw6D4*=MkTI@2(*i-$`=W=`5*U z+vCG`Ibg??z3ZnxzEn}X9v#3QmMpByeQ~*RA(R;8xK=~7ZGO0a%2c`Jc>dM5<%9PL z^ZOn??m9AB*pd2W%=8(nF)dkOF2ZwYgn#vZW?Rd>G53qZV%MM;S(W^Tn;| z1Us#}e^bjP4a-e1OeRPhnM`}rs4~+N&f;>-~IIf diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client_revoked.jks b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/client_revoked.jks deleted file mode 100644 index 5e9987c7eca21f3ebd2d9d1dfa20794fb57a789c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2377 zcmah~2{hF08voB?Y{OtQTv=wwF8@_BI`tm zvPC{cDO(}enn`1cFkSlYxu<*1J?EbDKIgo@-+7+*dEWDT&+la~v6lbb~cM{CKwTS zgHY>~%2(-N{M_*-uKY|OHr6`Ip+5_)K%Z;fwiZ`DSZ`s-syF49GlNMlZl9)c7QN*X z4^?7QN^iE8>QP6EsD>)jsoYxvI!K;xVC`H5<6wi!U#zqPA9=4m=&g<@VNF+VezP|% zQZUatUaz>Y`Cv#x1MSv3TSM>bzE|QrS%0iLp&h3YRefe=KFu^G0Z`0zJiw4Zu`>cJ z^Qx3ibY{1)07t*4ooDE|7j47DPAZt)&y5DFxX-z2lWw@VHmKY6tm7q7qlFpY+)%Ee zqc{);#OY{`^xgw_syvqnF{Ogrkl)q1#1pG7`>>9PB>tQPLUryA3wEj9e% zI3!GAGQ(k`;>SercSGO&y6ZhJ^)C1nqBHzi8nz64u!D0==}&43Ccr&=fHacXr?YZ{ z-ElrUGOzwZk|f&bK(o3e4PsV ziWzB|Sxi-wjS{^QiP!WzlwQExNxBsRkXko{3@YWc3~cYoxy~K-7YZ0Uj4}zlL+L4c zgT6^u3I=HrLZuHElBUdlWO{n=ieyy(biO=vx7u>l#mJR%W%rM0W@i$Z7MS7;}8Q(mB+zk4YGhlg!T6j@Wztv+GL& zY3>aw3%!bJ6_-L@<*_VV%-0-BA?cRS09fSWnbj?_XM^+Y978Twv*FJ@QI1IjtbW}T zD@`E3xs`C`a#R{ppPxK4zo?DBVwGI%C7pc4)V&KD4EY{hk)M5u&XBQ<>sOUzu8lpq z5We!MAbHX3s;hdm4G^?(PCi|1(EicjXtcKf;*r@e?kA2p{voOy9a}h*Rlf1oYHn*4 z%HAh$e8Am3w#es2^QYk_t723u76%c;{WHu?uzn4MBT#eh~S00moi}=KpT|U!(p1 zDL^Vj`uF?odOwT`K>@ow50nal055_bZ)R*{bEl9GU~hf$7v5^af>ONR*>d@Rjw6Mg zmEZf(+Kuh6Z=dj7?p*?K3*}Naah22SVJo5|i|hOQ6wbZ>RN_LBPs5Kqj`@jQ@pbHd z304grVk~DIb#Uu$G=BlJjw(ot&@U##^3faUknU$15~FXbKR?$JZ=C(mW0-L&d4{>U zanxMdQHh#Asu`xMCGKv|Zj0-hXLT?vef;}wN5(phj>zCm`fG@eCi_LdU{K9tntp<> zy&cAKI8!RYlvmrNTX@%ho^0kW*_X-VLL+1)YRiZjA;{?7OWiy4ix*qbjS?4=;!hbc z%_{DGn?SZ(sjjm7-X)vTM4&JT04a{{2cuv85?ulfhk^hov8#jxKO6%Wc4&|z1h2aK zDjb9Y#|>?4YTV+ge~B+40~ZA`QNm=AOJASl4G4VHtc8ch9b9ENY##e1y#xvlhe0_C z{yt0=jsb-cT)V$82L~q%@}C_PRN3n#1(yY7KwN=Tfkga%KMLi7o|+o*l1IP=f1;{a zP=FdaD2Sr!MfL|}_p$}ylAt)1_qPNppOWft@ORC3-}J8L5Wv0sRRq6mh>RhZ{=+RS z!=>@GoP+>^zq$lPdD=_p%VVNrKW~S zj#(CWiPYq4F=hqbJUwZ-IME61B8|YOq|3{=+;JA~DFd3;Gb|;Qja-ClkFzItl6*KP z{Mu&2And=qzI3O0=av^3y1hWv=@f>}($v($YUi%_TNgKHOGu5(vkef;S_utkfMnq77ZWndAZnEj z3}%6W07n!Tz_AN*3d)RtV_XQhi`e7lC{BQVC&hwb#P|@f=W)I$4Pf6+27*xj`y|ny zpG5V3TY#t@)`x&|#kn{WaCk3Kj32=b?}H-*0;0RwR8W8hpo&rjRL~l>dpPJLfKma} zekT6>B@n^lzit~013`#j4iG>DGcypuU{FbbNj47?;|=?h%B8;glD zIZha6PqvBjBgf9EpL_mT?Bd*rH}6fENZnYdd4~Iw@iKzVL@-2au$ra*RMbkFtzu{; zUWt3{(ggk%NoHM2TLQe%*5eGTwyV4kZ|LTIJuTbw*@AfFphqn0=5*&LqD0pL!oiia zT;f@Y1G*Smv}e6E-b&|%@pHUD+SR9hj%EbE#@?EDv-_RYG|a-oYK^OzYTt{4Bzt62 zbWGSGm6@m2J2sm$Leh~}Zx0a(w>92c_pHSeJ@PHmT5D7&oL-m~8N$<1v_29R?h7 z3CJ07i>UR}Zh|AEXBbn8LEC+VYa~`Uj4S8NlEHYFC%38Y`&?sxD+qCKa8rG08Z}lW z@2q?5)dcgx_s1b$u!&0*xruqD$NP%et4c$wz{Km%FE;oN!*7XXmy0SJieY2Z-$tHVXz-{xFJpNEl+W|lQY*p4fTj3RrE^MQ zk-J}ITaaFoj)6)LretdBo~`5eicIT8dvm!m?VAVYBCTX+C{5`01R1^= zZHajamnUXC_=0NF=!~SMF_Or2G4NjGSb)ewx-!8aRy@HC>!bKXn?Hs54FrNQ07U3E zU0lrayTDK|l7S0MFGeU4I>S606I#b;9XoKXj7Hu*P^gCHP4X*UWfET{$eMx7+uXUz z3k29zKfKf$^!CU9T^RUGt_fQ z6Ip@C13h7#+pii^X|tk774s2CHkk#SZhFn#bN!s(br}J%;#tO%+4vWur z4Qaj}6Jn8V|-7uCTy`9nQ z<%o}k=9Tf2wpcRA`>5Cl?8Pqe1rV&-tCv^yB_5BCM8yZpeTF=7WfHe?_uf7`GO7MS+LWzqm!7T7f>@V(nM`l zTuPQ|{ao*ga#<|;m{X{b=hTMvH!x@{G1H{yFI8Lq^9P*yF z;+9i4k#`*r>ahFjd=H=G^qBTEPT2HPHWVS(9}=h}xwl2qwqYtks>J4^`jL}c;Trn( z_nulilSemB@Nm{PuikcA=e=C=#5QbC6Mv;wD!CHd-Bgs~BUSc?7+SwnQ8p_S7ieSVoG8`sgDLp z9qrQJ9x+&#OO%Cw7`T(apRDhw@1Z|0+(ZgSo+BBKyuh_A7t-|kIQEv9l!8E(7bKV->RG#eyeJ zISS_cvX^7I1YaKwe)hIHT(YVk1^`ctVVOva;T&AgFF6wSU_ah8co2q&@ni@Uc zf6#@hvwd=S+q7>P-PY6I03ixLB*QsLclTZ!rnWef#V`u(q4ul+0`F!@65; z8r_k$Iu^)%6wl-vhqe)74=DhwK=xA3^8Dj#{Nw(lD_tICqucj*QJJXZF3x0^3^Ep? znOo|)rDfvu<+(&V&YFN%p4#&hW(e-#k12N=!ysa6g@S@%kfD@OQ}#2K z$ngeBsanthg@S$(tu3kMOozG(_u7zp>dBUg?6c2k);Twt&ATe%*0xM!=e|t7)w0}T&Z^El8#u4!#WL*`M+*hF4Yzr{GbyKq32HJpb3PX9g9>E(As>7^q|Cmm6q|3s9K zLqm7|&{h6?KKK<;Q~@*{QB+WLW>H50bVS)n0RAXefO!Xib|D}bIw1Xw;Qtgc{)ql3 zo{|P6fAEyhzwnglPV4wdRdhu8&*)P5rDn9y=2bXF2L>rrKgH{ho*-{u^EFFz@RgDy zR0fSiJics%K7V3Smy%<{>aB?xt$7oQ{0)h*nYGzaKu@;>R|Bu?PAn6<@5s<-lFz+%-2Q7oS}EpydlzG z7qYLXv<@s_Na5a1TOmz->uzG2KhPxv2nIxUNJRp=2jC0+_pHLSGXVi*06+j@=T!>2 zbBl0#Cx*coAq;@PPLd0X0Jw-uo_H5$PdB_T;VSeBy?y_JLGcE1O-c8@vyV$f92hz& zRyup*I`$6*`x^#@Ozuw9@9<8%W;#>ht+9_=K6_*V{Xw!HYKGV>)MHq2oK7#^(=5-V z-Tu^QBI`AAotmof$h_I?I2kXM94hGREPTDQpR-lx zsE)T`MN8JYbHuoR#7BaI!Usf39*WOnuqBw^Ql^`-uAJ8)9_pIxTq;tdDSGMqInQPJ z`r7oG%N4c7Q)H44=6p?mO-Zj=CD+T| z5XL3b+;ivAa;?zT^%EaG53PP$mdx)IL&ob7mqp>yMd+n^zi+jA(+&avU+XjbQ16>O z9q)hw0folWe@Of<7xKdh{WmH9PQsYSZUi9nHR9_jzZ46G4)rUsS_49q14P0R%bO-vCB zn3))vm{{T@S!NmVvTFyI3T zaSO9M7L}ytW)>S-7?^=Xn1%IWiWHzy3c+9pC^)AUm1L%6CMT9;=I1FmmX>7X7iE@I z8YqbK8W|c`7#JHG8yK0GL`m=iX#+ze0~4qK?VZrXsD$ioMpg#qCPsb+gC<5UrY1&4 zhTZ}V`OWgRHpW#y5A9xdH}aMKF4f@B?K8gdAAMu-%FNwl=7Bf>ENZ)`mZLc~-L8u7J66wnE0|wLwMCf45!qs$n~H zRGafrl!^*(+2-7PM_iUJv5C_8=pOl~U{CLzx{2EwMQ?7jGs&)Ny}sn1V%V0>UHT>B zxsTP^B+L0+?`m2enVj=#Hn&r=;B(oco+BU1cirJ)i_)7?le5>!V)N?)`RklXA2TK^ zgeu5z{w>?86m`B#(P)3vlDFPV@2-2WRyMWAZFXLL=!=qF8u?rTpN>3PY5V50SMa2x zlbK)J=wC=a?a0K;$iTSR$iM)c5@dxL8UM4e8ZZMX16g3K%kr^^v52gBn`7&s=JxC< z=j2O2-gMlZy|S}zdRQ0pph^4LVS$3#Jf6?E3`KDuXYn^*z z-A~IsyS7%%z1_{1MP%^~>rLe!m+!D^4p?wt+h%Sl1-;`(ZkF}?O052sGj)o6X3U&( zk5xbIe^QgY-aAocW7x@c-gmZmO_e*&KBM`-={MCc=cirUwj=6rcbR(k?wpQ!hvu)? zx^w-mXrr*ehM4mfzsfx`%GE`;3w$`qd0ryN&vcr^JMA^r@dgs@@(s&d?F4h`!=FsL F1psjpaqa*B literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/truststore.jks b/examples/features/standard/ssl-enabled-crl-mqtt/src/main/resources/truststore.jks deleted file mode 100644 index 8410bc3723198583ab1aed691656143c3641d581..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 975 zcmezO_TO6u1_mY|W(3omB}JvhCGpv*l|YgFhL7_~8CWCqObsj<7?^tvnwUEcnwSa~ zFf%bSF^Nd(&Q_e>?k1;LfA_7fRL(0QAGQSsylk9WZ60mkc^MhGSs4sM47m+B*_cCF z*o2uJLk)!u1VJ1Q9*ZxxJU#iwa=#JR9j3T@)5G7Sz5XTOQ}6icNVM=fJq>-PGfiCQX2l06 z-4Qf76Z>tq(l(BzQa2w2PceKw!En(8>zn`FejL@^tJWV&982no?f&>@ZZC$M(Gu@OJtd< z)@a7qCCvVH;)#073&Hi1rp{}y^4hO+ZP#Ymmv54{oPM;}kt=D^*?W#G3twzotLi(+ zJL%;0MSL6IpW7vMv-je!tE@c24h5|-I!Bq985tNC2O9($$O0ovmXAe@MWjf);{A@f zmjvz^Z(%8G)%~(P?57Jjx@DDFBn-qFuq)sP=@({X{LjK_zzn32gB_TvfWgklFvwTmOT0b5Z?2MH`&T?= zrMmi5cKfx8?=MJS@wxD0?TXb!UKg@bb=be_{P+ECoYrUfTheQ@bw~Br<@~z3wevq0 zpIG3)u!)cJtWy8oOTUKeZE&nxa+TWZ`GQ{o=gGx=Wc>fK*fT7J5H hQLg^)R_BGxoA!jW$z4Bm**Pxg==2}z_e>vY0|293ciI2| diff --git a/examples/features/standard/ssl-enabled-dual-authentication/readme.md b/examples/features/standard/ssl-enabled-dual-authentication/readme.md index 1fbe0dabfc..10584e63c7 100644 --- a/examples/features/standard/ssl-enabled-dual-authentication/readme.md +++ b/examples/features/standard/ssl-enabled-dual-authentication/readme.md @@ -6,21 +6,63 @@ This example shows you how to configure 2-way SSL along with 2 different authent To configure 2-way SSL you need to configure the acceptor as follows: - tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=server-side-keystore.jks;keyStorePassword=secureexample;trustStorePath=server-side-truststore.jks;trustStorePassword=secureexample + tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;trustStorePath=client-ca-truststore.jks;trustStorePassword=securepass -In the server-side URL, the `server-side-keystore.jks` is the key store file holding the server's certificate. The `server-side-truststore.jks` is the file holding the certificates which the broker trusts. Notice also the `sslEnabled` and `needClientAuth` parameters which enable SSL and require clients to present their own certificate respectively. +In the server-side URL, the `server-keystore.jks` is the key store file holding the server's certificate. The `client-ca-truststore.jks` is the file holding the certificates which the broker trusts. Notice also the `sslEnabled` and `needClientAuth` parameters which enable SSL and require clients to present their own certificate respectively. Here's the URL the client uses to connect over SSL: - tcp://localhost:5500?sslEnabled=true&trustStorePath=activemq/server0/client-side-truststore.jks&trustStorePassword=secureexample&keyStorePath=activemq/server0/client-side-keystore.jks&keyStorePassword=secureexample + tcp://localhost:5500?sslEnabled=true&trustStorePath=server-ca-truststore.jks&trustStorePassword=securepass&keyStorePath=client-keystore.jks&keyStorePassword=securepass -In the client-side URL, the `client-side-keystore.jks` is the key store file holding the client's certificate. The `client-side-truststore.jks` is the file holding the certificates which the client trusts. The `sslEnabled` parameter is present here as well just as it is on the server. +In the client-side URL, the `client-keystore.jks` is the key store file holding the client's certificate. The `server-ca-truststore.jks` is the file holding the certificates which the client trusts. The `sslEnabled` parameter is present here as well just as it is on the server. The various keystore files are generated using the following commands: -* `keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA` -* `keytool -export -keystore server-side-keystore.jks -file server-side-cert.cer -storepass secureexample` -* `keytool -import -keystore client-side-truststore.jks -file server-side-cert.cer -storepass secureexample -keypass secureexample -noprompt` -* `keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA` -* `keytool -export -keystore client-side-keystore.jks -file client-side-cert.cer -storepass secureexample` -* `keytool -import -keystore server-side-truststore.jks -file client-side-cert.cer -storepass secureexample -keypass secureexample -noprompt` +```shell +#!/bin/bash +set -e + +KEY_PASS=securepass +STORE_PASS=securepass +CA_VALIDITY=365000 +VALIDITY=36500 + +# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust: +# ----------------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt + +# Create trust store with the server CA cert: +# ------------------------------------------- +keytool -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt + +# Create a key pair for the server, and sign it with the CA: +# ---------------------------------------------------------- +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -alias server -certreq -file server.csr +keytool -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt + +# Create a key and self-signed certificate for the CA, to sign client certificate requests and use for trust: +# ----------------------------------------------------------------------------------------------------------- +keytool -keystore client-ca-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias client-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -keystore client-ca-keystore.jks -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca.crt + +# Create trust store with the client CA cert: +# ------------------------------------------- +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias client-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca.crt + +# Create a key pair for the client, and sign it with the CA: +# ---------------------------------------------------------- +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore client-keystore.jks -storepass $STORE_PASS -alias client -certreq -file client.csr +keytool -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -keystore client-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client -file client.crt +``` diff --git a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/broker.xml b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/broker.xml index 1bba774894..4de5a06678 100644 --- a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/broker.xml +++ b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/broker.xml @@ -31,7 +31,7 @@ under the License. tcp://localhost:61616 - tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=server-side-keystore.jks;keyStorePassword=secureexample;trustStorePath=server-side-truststore.jks;trustStorePassword=secureexample + tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;trustStorePath=client-ca-truststore.jks;trustStorePassword=securepass diff --git a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/client-ca-truststore.jks b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/client-ca-truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..e2dfeff87dba7532471486ccbbd18c4660fb7b72 GIT binary patch literal 950 zcmezO_TO6u1_mY|W(3om$vK&+c_q5Zi9nHR9vPD)2G$5YQv*u|2IdljCguWzCZ>o5 z%uI|-Oe|&h+u00w**LY@JlekVGBR?rG8n`g3L5aUF^95n33E6mmt>Zu`UV;b81R9F zxP{pri%L>+Gm8x^49q|x%)*yc0NkCVQ;>k(2uGo`SbhLf2!ImGyXn*J&|>P z^xlmeC$5Pef1z>xU2v0|O?EfWpBGo&G$~)TF0uJGb7518vbB@rw$7X*YWd*~hrRdY zOU-QGc{4tsr1a#C1D9W0C74(QG&dgf-p_gPt`dXFb&Y8betgV(=fs*{{Bve@-7Ky4 zCHI<2mRMYhxc;NJDSL77%yS2fmI~xKo>ec|`Owr=i?unqE#&u#_mx4nwDdR&^F{qj zP8c@iURvtX_>_s6k%4isk%0j?CCCahGX7^_HDCr(2C~3dm*ry-V-ZQKkJnl9Htdzfz(DzhK?Vfe1HT2_&>;t*#VL=RwMJ|Qe_4#>luimmZaoX|~ zMR(^;V#$y>_wU{0^VQB19XyPx9oIg4wk|6E|L!>vpJDSbs*vBz(~~FQHuuwx#-p`AcBm2`#U#kc$jZRd z#903PyT#h@IPs9J5x3RWJvkMao!|^cgJXbP~&rKw3WXmtk#sink!k~r2bsZtnRxq zlbF1@GPb>#=puS4LgYpNeOINWEf3}{X3x7k*|KgH_o=I|w?4db!fN`RJMwi5k39}L zX6)6Hd?{eN?WvX9|D@@Pzl$_joEDm1opopd`@0I0UlUoZmoWX`CPm<%dVT& z+ld{q+Uii6bVKsq9n({h74y8Z&i*{ZR5#Cz&3*q&f5zM?=f$IE)M%=S?OLT7;`aFU z6yJFtr+>dE)9h??n296K=J@#)UUpIYk4348gtzZud3pYF)ayA9i{z40({1P1?$g#6 z?PT|!ysAIUXz(iwzYFw_C*ONBIp z?t9JAd-LS^H^J>eHt$^+4$Ij$YztJ&bd7aT3j7^u+Z*v~|Ix3z48EP79h!5!(Yis_ zB>z)d!uIT$0ZW(6pZ|iTT0rTL|L&F7|7|}e{lhx^`LPwtMEO~MH-Ec)RPHd7X^3!? z*hHgmrJvVnCtlZj|4E5ia_&VB#^X$)4AT<=`bCww&up5svuV-m7VZxbGG9SX`~Gl2 z>$Tao_fGFw9b>j5d}rm9^}Byry=wXy?!#@%-jp5~8Q!<+N~Hg@LUw`1hAp0Ag~~5{ zG{l6rpXW5{IkD`ajaXH8NKLQCgT?FQv^Os+otU?{p8J=gY0}5vNmYz0)@PP{+_xfd zLg$L+`wyd@&S#s{ofg+n9jcnb=wtowyr&j(V+#XQV?)s~+5CQI;iS;)p4oc!kN0cY zZd<*dUtrpOX#?iMImV0LU7d1rPO%8oXYWFo~$HDUtbi!Q0ufZ=QC6{toV=3z~tVvYLw}L)s#B!Eh7c# zY5d83%;ReHzWNmYgG(Q-_2x;B`F1)!YoAw5deG^=9+R$pk}-IEbyj50l8^mmk0z-| zD=mNLc6sIe&-e8A7AH!i>=3^>scCCC6u7`XRfp#D8o1>mL(b*B)7=UgyqI zo8rq+{Na+y`<!U37@*3Fs9 zGQNLnCNfP?5v(%w&f3)%cfhm!2g9nY<`3da=X*<91oa2E#J^o+DHgKmqI&$59hPRWD^Yd*2tX{NuH7scp1N&#bvysY@a)^KR2A3*wEcosC90U z087$R_J)UT;+?4)ziZ__b*w!YRq^$uZ;~I^6x}TA<4kD}v@Rc7qSqNjK7Gz4qPA-@RGqO&0!;rPaGsZGy3uWK4^jb3_GBL&&M3%8lAwr9?q^yOStl6`a z2%%_`Eo3Lj&e3wt^}g?Q&UMZ|=l$#b%KkQ(!7BbY_Ig>?1bC1tXik92=35im$khbgSrfY+5#+fCSJC= zC4171Lk%URYqCjP8u<>=eCe~O3mN0Z`t#;5>Q$Ic90a*dj5!lzE`8xz&MGQaNxO=P zM84mYg*v(B-fc)_dhe7J!r4_4krY;AD)9C~t6GBnXNPe=5C;a|)~?~UR^9NaaIH1C z6xHVFu(sk+WarjFdFXHP)J6UN2yboQ{JfQbT1H%+&O0b2+oNUywB{eNs|^Ix?rcvexc6PajYlq%=j< zEb0_N_uG!od8-&+ijI83VUCT?(-=Q4_;#Q%|H?OpVBgAGl9u zzDza7*byxc^&&g*A@h*^1twyn&*$3cFdxKbhUV$ZZYwMsBhM5Kge3zkhWQ1bWM^df zrzQ>aNVguDuEK4|G_Tc1EhQMi$2WT)hR3!$TQ=CFyfx-{{Y+wH^#DQqZ26#K07EOa zElwy|BoJrarakcBu_LrBSE7k?ooH%eQHyhXEbXuJcH8Do1dT$Y7+DA{%D**cv zAK`!7HbEpM(mMHD8-3mkkhFVmqfwj*9u<(MN}Ll5{V#9&rr^!egw71e&DI21q>Kav z5nm6yd_|ov@U>)EO8it1_#nV|V5ay`;0>ptQ9}>&J3C+SlPqP_=`uC%T3S2km5A_8 zCP}t|uK!dg?UAzc)ZkL#e4gK!IQANTr&Y$mNY6HZ@;SIE9K$s!ehw`T18bRF_fh%U zNf$^z$I9)V>Hy6Tu)82I7<9Dv3}g3%&=AaK{c%E&OtCMiCeFC&?EQsaRo@Zrgb2ekQ5D_TqVu=6(@uTJ?qnhja6 z7<@J>$JtJ63Rv*w0#Ue?qeMSj2h&Z@8ESGx`e%q0d!jXUp9DaT;5*qWL}XVL$`Cty zeG_o-h{}fd1TI8^$+p+)R3=xX0>XMBQ?+ghPsnAmc*}G@zpx(FptSQoey-SM{&w=$ zkHgpaCo%>GBkMFa?fj-F2c;GczR(^U4SpV~Tx#zquWWrdtE?K^ms%@iUL$5D%I%Sg ztmw~zZhMY+!ZqTw>D3%><~#K|E2ukWysMawA<^hUn}W)~(V3(jwdxQDZWG+Gm5nR| z{XGB4!j}|e{9%+*Lu;BQga=$&%4lJYQxoFi6ovro0V1)8xqgKc+!@PClYLG+jwU{J zGH0b9XOzPZo_7;oJ~gzheTTP!^_nvA`a@O1lT*WwS=oe+SKM=Vu(>jHD_z|6gV;>7 z4L@6-u4$A0R0z9$MLv~TBI9c@}NFDa5b?fE}ciW{TBbl)p4`f=Z&N z^gI1%jtnPd6@kMb5VRJcLLUQENY-sA1Pp<|q;m)L0TxF1foQ$x6&5g1)MD}n>=P$P{shi1i%Ng7eIXf zIwKOQx%>BD5z`-{JwK!WDOofi^fOtW|Bx&|1&jW^5W6-3rGnW&yE+0w1%pA2x;rY{ zkoYV+Hzw&wdq4b9=0o?Rj4}5ni9;j)F^{kp@8AvDTRC+F=EefFMNy?q`@B}OjGXko z1tH6t-aC%+-h4uo(yz^l-V`-l$Yd43K0Jz$&hp;BS21}p{AlC7r#>Hyxhebaz99)T zdGOiPz9`!24UjTIlF`|v(Z^+!IuC&}ie9X4dIAq5e1>y+U9^2gLf=_bLL(z=CtT($ zCpJIHua3r6Q0^3L5d2uNWs^#-S3=PaWnh(_wxo*1bRIrgrM@$kwepMxhm^<6nLn$F zt$fkxYLUVZ@AP-;?{qApW|&#%1{;ZW7r{MhdFAE?5(p3FFmg@{%dyjC5GWV~zUu*; z0fcueiP{h21-QfZ70wdWj!Ni^kHM3BR%d7fw+eiG0QmO>NEieF0sP-zIbcYDg9;~j zyEqfvy?x0su+UwL22kJUSYh0-eM|2gC^yG8tn`M4&N$L?A9iZS;eWpwyQgw@Gr*uQ zx!~8FTm7OD0)390`(vCEj>#LqR6M8a3y30A%*P_o-W--8;)>6;M6>+oD#mBGvaM{F zw=AoHb&d7jH1bQKkp1TeBX5IK?7nKvDZrq3Y~Z(?iNXgbnI!ScBA(yB6Cf` zqyep|M5Lf%DmE?Nu(55=+Q4Cf8cQqFn41He8F%001O~ehSB2_AU3*0QZxlkOER%9I z(+wg_6?vwyftxy{TSm1t9gHp|?03Z{ND9@kol(9|Cg-W$Ns_M%w05%Ta3vG2?s&}x zTCD^|KQsI&LpnApZ!|jlVwz#L{8D)|<>IURG+bi7R~zqzz3XEGt}EZdm9og7e{oFS z<(Rn3@yTBtJMzJ9{;6VrHOC6O9PjcBVB`UX9~>*#{{K_>Z`8&UrG!g_FQ{VAuQgWZ z4*WJHS0#SJs^Z2sww4*(l#;GOYQv1_1qKycvu}EwQQPmX7$i(xR7Zwd!P5-=1xvP> z4BKrr!YsQl*bGf}@CB(8p@Fy1?n^}$q=}8_Zi8UP#+HNd5nC}a7D~yvkIlz&vQ=$m z7Il9cA=boy2)R-o&h?hAuHYFG)t|jBVqJQ%N{-BPZd8(y&!6@9fb`+!WWv-fW~~U0 z2^1-=dBMNx1A@_3HYJ!)tA#6>CJOh%@r&-sXe+cJe2Y>hYTHE-k*~MSo;A!FC>|<8 zxyI?-@(Q*3OsQeTKr1R2k(+D)yWv*o>5HrMa*d+kIs&^%D!}D@4Xr z(!6Y{^s*99nI#?&m-C$Ab}Nd@ZH$z=v*j&JeJWI>9q*vqE;Qa(B%vFlV+`AOw^HSi z|6*RHdW6~ShVl|-ezfef=C_mtW8VAggsUkU9`V8Psr;MDzl_SMFh(tlISs=%4!o(G<*ilM I)(|iL0pakxbN~PV literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/server-side-keystore.jks deleted file mode 100644 index 6089c6ee13e7e163561a17ba11bd45cdd755cf8b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2253 zcmc(g`8yP98^>qH7<=}8XfS0d%rHhsQI=tB#TX zMG0f)HfzKH?CB_ZS2S2C9LCfj~|Gm<*opF;lu|jT=7V;`C@?5&_}u zYK=(7(luT3FOLbZsgr`m>P>~kHCuBJ5j#hWA1-h*!x>Z9lT29*-_x*b?~at=i?fp) zdi=L{piIMX_dfb8fx%UP!)to-c^7jIL(|`m$|~fuH}w{+JG$1#^uQ_sl)KwF;tK=F z67}Pu!dlne)Lxwr?S&;J^6(;086MfH;*yxgO%EKGc(oG=KN@a0hY3<=2#q#;%|+jM zT$>2t!8?LJ#sw;^tr4&2owN49PNbNVikLBXroaMZ?`|LuhOmRq`h%$4yB~gR&HyM|J5@jD9Iqz+ib3WJy?uoe}p!z zK}pUT$oO{YTeKz1JT6HkfiMM?sW6HZuw`Kv>!XfS%hb5QV{&?ekEB${cR|{Wimhjo zP5JcGUVB{&@5>oyGBQ+(IR_0eXA{bXHFHK<@0Ac=J70@P7=5AorY3jV8J@lJvsT@$ zY})?9(JV}nJGr~Go3`I-+M8^3|G-_qmJ>naK+kP_#Ig#!*9Six%p=5xpq-qWyhnl=x>C3 zJ*W_D%dmN*xyF@dU)|;?{ZCzUC70li)Kl`Ww0z7TE2KN105;7;)?AH7R4+%v6b&Qc zwb#~4pWQd5z>n4kaQc48hLX~J_a8(mjV&EotXhz`p6y>_L=0W*o8_w>ptWN8m`qBc z*snd~<^I-?cnbGbK?8KSgSq%tO4kArkHjagTPx)F%t$ zjF$F7gxd@R866u~IZHSPW3XjkuX=1Zs=zGkt;$=VYZ4p#W8{LFXgc~#ON?Qo2+Q-! zd<{o#6mBGyY^2^+_Aan_sOVngRsRgQsOwXSJm64T|MSB|Iw%c83?Fs*9PbH>QhUzRCYt{`vB24%T$dmVlOl}HEjiNqS!fMQh#2R9@PAd%_ zlYvg1r%5)6L3YbwA@_7kzf{ZznwTZ0x>I=tv@OJ)eaFwR&IS)JZbVs#NY@TYbl0bR zw9Sh~Rao7QHq4dNTwO&c(qV8dPfztDo_-}3VKp~hmjJoBZxuEFSd2~@ItV=gfFl7x z=7>d*L4L&?ARq_?hE=;>LkK{4)Dkg?+X6r!A1442jO0h~LO5_>h$x4#^|`-@`ya&h z2MHqte|PeVavNU`@eB1junQgR+XIPDl*^bH;uYjaLc$R8zbhP~l7E?Ce_p}ty@;V+ zM1;Jg08$5u(9%O7wRCiJT@Da^aMb-1|BWY+fr@_*=HTDpAOi&f2r`ftLx0(zCF<)ThrF8y$4GD=myAP(LFALf4@uOiS za@rW3qYt{G&mM@(93uo{yl1SXVn#Y`qjrg*9B zMar)wGhVs;wmD}_u;I;7_c!PSd4EkbvL$~fNmO&WTPNwaM>=#Dt>WbTIpSe?KR{ik+zDz#s)blTpsbi@+jOW IlooIIKQG79H~;_u diff --git a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/activemq/server0/server-side-truststore.jks deleted file mode 100644 index 0b7e224163358aef1f20d04f5c6720f98b97679a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1732 zcmezO_TO6u1_mZLW=={>VPIek*!;DvkAXEp&(y$@fq_}Wpov+p`ni!fH z8AJiOW(I~v=1?x3T+zh1-Jpq42j+c7AV;35v610#eQ={}sgP#SeXlusZ=O8=Cb&Jw z=DiEUVLAJTZGmc;uCWeEfxjbddn11BKl*i-!MD@1LvyY-S~tj=+HZ6MH!u=sa<}1i)-ybe$y*AtS-swH7W6XAh z@2s4%e)lh{S4}^|eYkDeo6-X#!~1q!iS&O~$S%;>u*FlXQ2B+AhM4g7^PEOKCzd_5 z5v%GBsp-{tuy~!E_U2`!6Z00=bN^B_P5Ssdsftm>`plA#`&I-_=v>i!|6$bA`D~NA z)8ZPcLse54eXReT_tau;Y++z(Y%r=kbN_I)aQjBz7apnmULCHGthwoYIiq;Vm%RmV z?@n47b>?ra)6b>tSrY0=%WwEk-FIip&c&-Y+G@ zt&Qi`{8=yFqpKpTwk+J%ihWU}<mkT;M8rYl)K7BLo)MB_7#Mv^mDt4;Yl_xFC?=tt8y4N;Ocvp$1?4wHy=*^=l6 zw!k~;c?Q#?BJOs1TP)kkB*NsMsjZi_Qb6d)+Gd^R=1KCew@n1+Bi7u??9@t7E?Vy{ z@eh%UoPfE=4w#GnKy#6z#DORj>kJBE`G#7#NWnl3l8eM)Sxo_&!O*jm1u#RIo0!6~ zlo^ye5KbD+U*zVmqGPi8{m#Nkq1ipN_39t**RtKVdOyFwwENNq%!PA|7rnbW<>Z`V z5!OF#8z<$xSh<$n_rn~n4xMAQd-wMFMyjs4dd87s#twc1g?$D>+tw=_V_Ov;pnB)) zo5XCZu0#%(eRM%HFxSayE|v^wi`12K k_4O@1aE-GsYR(x({$u$93H;)JLJaM8R-@hw(v4Sma!#K^o(`v#+K~+E+Y{!MhpoJM)qZF+1G5PP%7D%5-K8z zG$}7C+hi?DIHNk}>V2 zaLJ$X_M`JJel^-`wZJ^6hEE%l;)L9%=9-$hSGzRRH|gUQ!>hoS!m2K~epaNFX+ANJ zz$F{Ps5(MnQ=t%Ds<;(Q16rxKtv`LW(>-vAQIu%&(z)LB__v^WDP2IUET#4tb&Sk6f!BiwP7;&~p}GFy~!sI=2wH6e2B^0P(79Lwai zH2T6cT{$S0Wb>G;BwsG)mC6h(MObEO#}Id$A{Z2Eb^&Y^9` zqcMp^WE+tDb^i2L1Zy1MxS3NaE;?kI=smnGG;B;&2p zb6@jy^ik?erMBDCw?bMhWLCKCU8o)&u8ZiwUF`iNdYNfn8#Fuxb0+#jS|hPf5k@(o zd2N|^Kn!pU)Q#vCjBGZ~=OEUN->lWmX!76I*m=fO}=RX&;aca`H zwrz_wUA3_x>(tywrRUIeY}+;I#qCg@7EeWTa{l(lmw2?zJZ_*~D+Mo!nkY?Kl=V{JO{IQlMRAaX>eP{DrziHgYubvYisZW*S^R-Ci$lM%N3Wffwaq5~E{rIu4?w`Mb#`9pH3ep+;Pw=!jL4Gpptna2It#7Tnw%B1 zB4oshy9{@oCSN`x6xZE=Oi?1N@bDpuED4?-JPG$+wI>spF30)#H!l&`6*dW7748oe z7E1aV70xO;A%ic-{CMv0W!wOPRF-_3A>4n?J(9@Z!=m z^Uk$|EA_#?(W_p@<}#I!!>6{qiN2%C`?~R1h8vjp+boam@flrBE1z%AOq$9^S;&5M zl2O-rsDjdzZwXz$L{YmVGZfKXarTYe74`=aN>IfBSWiRGpz~-=*|=EBS->2`)W!jF zoP!^m8))vqW)u%(sp**=NV9C1?p(`^!OvpMC+&K(F)>v+*S}{tY>u%;z`$l9vZ%vPX>P{`usq}~t!83$FwAhQV4VMpE$?o_ z_wGn%CoK;sfk4nOmqztOrVO=3pSWBdv3IIjQ{8c^6%ponAtTqN{!N=W;A9~RPf_a}IH zc)7U}yzst4m_ULj-rtLG0TAM5kwF1yKo%tn$O0$_9yS>iO;AJuKLy|%Y9GL~w>umG z#n9gVbHwn65&e(R{}ikcfcz0G_kRc$Ab~}GO$5y+pd>IGh^8|^NMJCC3eo>&iEJ&& zdBGdMBy6Cn2uWpTeq+y&dYE-{BC*RgRM>8Do+vn=afIvP;K5-0_^yuro2RyS`pzA2 zIpetb%r;J9WUNyJxT!;ma1_jqHcLuY8bZC)OV*eTG2dxz4)c2zq(HocWea(SyYX;v zPPw)}6FMNt*H@Bwys!K6qC@gxeNNpw6WyQ$D@9FqO4Z2LO_!$5))Wuvuh_6hJ?J%Q zXG=7XAL)#agH)oLC!+Pi*>wl^*NB21S34^zV?F3}|6x_~UF%+zn#Xa$6$2&W%S>{~ zWbrb5=m4>dXTu1Y2TALyFc-d{+#ARAqQj4;FgFDU8 z5P)}2WQQRDb`qlx-p$p=6CXf`g@x0M8xYu=V})_SI8Bt#+Z}*kDofeu=fa{Psp%?K zQ@>V-_Nme;1O^#6PcP*|Y+pZ($X>TZYB)q|;rat(n z9)atDmq~DJKY9P#X6WQIE8Pir+Ei4xB%co(CsJ!%&gc{=JwcZvmqkmqV{pJXx-K(3 zY+d;Bnuf(0%77OugQmLk{%0@I=X;NoN|dm!@rREH>36k%I5NSTLH?99+EQwn9hn$5 zszRQXW4oWIG(C8onJF(o8*?iUQDxVm)0B}kG-i%Ge@!g*)`(|nq2fb_4-q)zkU`@K zqge5~dEW}XUag0VN6n$jCnP?+vl3(3WJ_6}s{rbfo$d#>*Fc__FJJ5}uvTZX5cG(v z=0NaJNPL+Mpnt(lpuz1&gWK*W+(B<+;eX25UkkU4Jemf#EFc4*WB@rD+wVbEWHWY`ewK zH@d%f_VCz8OOl?dcjCTpvm=Wn(HANN)z7)5q|>4*T9}4-pYB6=Tg?ZCt$5zt*rst8 zGeY2_mz~cSl(BMXv#7`}!w$x-2@%l2vBO!KCalo50%yf%-}-64pOUfVZ%Bl4^swF7 zW-`gU%rf_Br%c6fzL)`VLeuZ^x{`EJZZTF{SC=kWypoh=Jcr+JO6WsH;D#%7BH#T$ zSq1>Uw|M~s7`zLk1E93qFZlgivj6B5-|;I-50|LUO4;J;ewSxwVtxYi?7q<58R#hy z%a||Dp8S*KW{hct{@^WyN3=UKlD*{Ay8iSF9}ZKkiBiM!wonpZ*pu$M-0DP`E2qyU z#-^B8O&CL$+*8+EN>i`Y8INCQZLf=H2a_^eFFv9yrsBHcQYS~AB7B#5k*IrpzDMzu z4XbkoSJ}98@!Nt$_k@m}5Oz<@8;-VK>GSTyiQ8C!$~cE@)Kg6KnXlhzbIq!{>OWDK z4)f%Hy7Mt(FjPBDQ(q<&Q}h0Pt%J*MOM%_0lexrAjcgTawC&;fiYM|zDdJr78luah zZjEM~_{t8``24gdQ)IzRVKATMRIuRf@BYg8s(V$rPj0=h@;qm%E0E)}IhyVZp literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/jndi.properties b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/jndi.properties index 12fbef627e..aa50486921 100644 --- a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/jndi.properties +++ b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/jndi.properties @@ -16,6 +16,6 @@ # under the License. java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory -connectionFactory.SslConnectionFactory=tcp://localhost:5500?sslEnabled=true&trustStorePath=activemq/server0/client-side-truststore.jks&trustStorePassword=secureexample&keyStorePath=activemq/server0/client-side-keystore.jks&keyStorePassword=secureexample +connectionFactory.SslConnectionFactory=tcp://localhost:5500?sslEnabled=true&trustStorePath=server-ca-truststore.jks&trustStorePassword=securepass&keyStorePath=client-keystore.jks&keyStorePassword=securepass connectionFactory.ConnectionFactory=tcp://localhost:61616 queue.queue/exampleQueue=exampleQueue diff --git a/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/server-ca-truststore.jks b/examples/features/standard/ssl-enabled-dual-authentication/src/main/resources/server-ca-truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..3fe0f29ad27fec3158355a5c1d253d6934165d13 GIT binary patch literal 950 zcmezO_TO6u1_mY|W(3om#i>PQsYSZUi9nHR9_jzZ46G4)rUsS_49q14P0R%bO-vCB zn3))vm{{T@S!NmVvTFyI3T zaSO9M7L}ytW)>S-7?^=Xn1%IWiWHzy3c+9pC^)AUm1L%6CMT9;=I1FmmX>7X7iE@I z8YqbK8W|c`7#JHG8yK0GL`m=iX#+ze0~4qK?VZrXsD$ioMpg#qCPsb+gC<5UrY1&4 zhTZ}V`OWgRHpW#y5A9xdH}aMKF4f@B?K8gdAAMu-%FNwl=7Bf>ENZ)`mZLc~-L8u7J66wnE0|wLwMCf45!qs$n~H zRGafrl!^*(+2-7PM_iUJv5C_8=pOl~U{CLzx{2EwMQ?7jGs&)Ny}sn1V%V0>UHT>B zxsTP^B+L0+?`m2enVj=#Hn&r=;B(oco+BU1cirJ)i_)7?le5>!V)N?)`RklXA2TK^ zgeu5z{w>?86m`B#(P)3vlDFPV@2-2WRyMWAZFXLL=!=qF8u?rTpN>3PY5V50SMa2x zlbK)J=wC=a?a0K;$iTSR$iM)c5@dxL8UM4e8ZZMX16g3K%kr^^v52gBn`7&s=JxC< z=j2O2-gMlZy|S}zdRQ0pph^4LVS$3#Jf6?E3`KDuXYn^*z z-A~IsyS7%%z1_{1MP%^~>rLe!m+!D^4p?wt+h%Sl1-;`(ZkF}?O052sGj)o6X3U&( zk5xbIe^QgY-aAocW7x@c-gmZmO_e*&KBM`-={MCc=cirUwj=6rcbR(k?wpQ!hvu)? zx^w-mXrr*ehM4mfzsfx`%GE`;3w$`qd0ryN&vcr^JMA^r@dgs@@(s&d?F4h`!=FsL F1psjpaqa*B literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled/pom.xml b/examples/features/standard/ssl-enabled/pom.xml index 718ca7ee4a..8eb6dcf398 100644 --- a/examples/features/standard/ssl-enabled/pom.xml +++ b/examples/features/standard/ssl-enabled/pom.xml @@ -66,7 +66,7 @@ under the License. ${noServer} true - tcp://localhost:5500?sslEnabled=true&trustStorePath=activemq/server0/activemq.example.truststore&trustStorePassword=activemqexample + tcp://localhost:5500?sslEnabled=true&trustStorePath=activemq/server0/server-ca-truststore.jks&trustStorePassword=securepass run diff --git a/examples/features/standard/ssl-enabled/readme.md b/examples/features/standard/ssl-enabled/readme.md index 6038f6da90..5c3a12d988 100644 --- a/examples/features/standard/ssl-enabled/readme.md +++ b/examples/features/standard/ssl-enabled/readme.md @@ -6,10 +6,35 @@ This example shows you how to configure SSL with ActiveMQ Artemis to send and re Using SSL can make your messaging applications interact with ActiveMQ Artemis securely. An application can be secured transparently without extra coding effort. To secure your messaging application with SSL, you need to configure connector and acceptor as follows: - tcp://localhost:5500?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample + tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass In the configuration, the `activemq.example.keystore` is the key store file holding the server's certificate. The `activemq.example.truststore` is the file holding the certificates which the client trusts (i.e. the server's certificate exported from activemq.example.keystore). They are generated via the following commands: -* `keytool -genkey -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA` -* `keytool -export -keystore activemq.example.keystore -file server-side-cert.cer -storepass activemqexample` -* `keytool -import -keystore activemq.example.truststore -file server-side-cert.cer -storepass activemqexample -keypass activemqexample -noprompt` \ No newline at end of file +```shell +#!/bin/bash +set -e + +KEY_PASS=securepass +STORE_PASS=securepass +CA_VALIDITY=365000 +VALIDITY=36500 + +# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust: +# ----------------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt + +# Create trust store with the server CA cert: +# ------------------------------------------- +keytool -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt + +# Create a key pair for the server, and sign it with the CA: +# ---------------------------------------------------------- +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -alias server -certreq -file server.csr +keytool -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext san=dns:localhost,ip:127.0.0.1 + +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -keystore server-keystore.jks -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt +``` diff --git a/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/activemq.example.keystore b/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/activemq.example.keystore deleted file mode 100644 index 4ed24133c4acd412e9e2db114409e72706ed0271..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2251 zcmc(g=|2>D8^&j|o6uOYFIgI-84OdFj3vgF#x^qcv9DQ%49YNciVBIMB5R>x$d-=m zYdCU9lw#D#5+`FR%QNRW&v`!Q`3s&G_lxg+UoY;@_4|FU`(X886#xK$*aiG|afDtD z_Pxv|Psb7?6ac^hKu{oih$Ec5YMej_P!%Ku1abf%6bQ4tVdy}*GZOzTZLp-eOO>Oi zL*$+3!p~8-wOl=M*#j>0?ata)`teBRi=s9hK=anXZcTEC}YLV5$2J z=6C*vtmlZ8?3Hu7pYp#)!9J$=gp51{l5IaqTb{f_4o8XqNTNYE-ixKGF+Of!F(x0~ zl76%fc8@sm*4p|kd(VNF64-cs*})QK@|=;U|Q@?xFF@Y4~zst&bi=JyL7Ut{i_(x@pk zj^|t{CA}N9h3b*R;p(@pKN9sDA-G6KW--*}K27)2x3Z=nXAWOs?2>Obh&~>H%Y=e# z^(E``%b&>sY8=$ciL*UBXBcUl^M=nrcUn-b;qtLyeall<;?DZYe>3w5H;U0 ze&bWpR-w^AQ9SNg36pO!sf2d7SmVsk=6$aegULa(+m9RXSUwLT%9}Tp0jt(-@w(!l zSMMz>+R?iTiW=TJlHG66QOYTw|7Qda>Y{v9?olBFj`D51ehjXmv zX#p`(g*^O}zL$Gc(t77ifhX~~|HCiyVPOtSB|GHR%~ctB3Mpo#BWky?L(8K|d*<9Kqp*b;j1j-ZvLZ#lI|fe_(WO`= z_gV-F9YyMb3*wBetmc`9Piu(KHTTX#VMajfrBf`Pmqv$=f5Yl(m8t(yHT=Zt=i9aR(D+GrJ? zsct8TExpYMjjUWKwW8i&Rk)jEviuU2Ju{?!8p+TXa3@`vQ#|3>va)vjss?fIJfgCu zaCvK|g!DWgdMpl*TD~-_y_FDPifiv)Kh~um8Z*FkXk6FRB5l{{$m2`jo~LCN*+fWq z8M<69p%NAyVrpA+n$V<(B&7oCjg|>!3wl~ww(zFL^4)tu@a8g}X$SF7NLby- z%fyd)Z@{Zf)1szCxbqX2{QH{3Lne2bhOuP2-?0db#2xFw539E`O0L}>T19_{TG6|+ zGJePN4^)D`uH3+hixxP&D38l1qKKX|c%?Wcmt(I31JFr79AH)xKnv9T&{rGx?ec^j39krY0X<>u5@bldcP3l#?x>WAz-d;Q_y*4I}!r3@-bd(@>&wgkq}c>EKwg)5*w{DV!(P;ZLfU$KbSKp{>80AMPD z0!~IyK!HVI5D)}{NU}2x0p;XTO|wYbh5~_n?7+N)R-xmqEsM(34ua0O)jn8D_i{@Jd0ceUe_r~!Nm4Y|;cTh0BgQO*X-%lilo&eV zDgN1t(PHn*`=#XyG2~in^Qf&JOl86qM?ZR%WA((St+15gB}PEPEVb@<pl>AwQgBZv8l^_V`XuG1VERABN{%2%dnJmV;T zg#0z&!%Nn5llbuayfh-xwY51}9b1Sr-9JxeJ~iR@BHZ29ZTyy<1p)&Bz!G_cEJB+7 zxY9=;q7Y%!xr%i~2?e^gSxC^m0z=rQ?d!3Bn#lfLY!iV1Cy=#ga3D>-To4Z$8tyq( zWZkD`*nn0^GJQ>H9=C{m!6;?yVWWRLo9oy8D@a_g#p?#$ECIwjw8Z3$^kv1YM E0oUEtu>b%7 diff --git a/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/activemq.example.truststore b/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/activemq.example.truststore deleted file mode 100644 index 45ab086071dbf158cefa27f2ab8dd72ea9ed7691..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 963 zcmezO_TO6u1_mY|W(3o$xs}@XR z!!fxevn&;;T)==2B*ZPu?pRcknwwc{s9+!m5@8k=hbdBkN+|@V7L}zI8OVwA8k!p# z8JZZH8krj#L;<-L2F7siKsc$1Q3*L<7+D#Zn;7{S44N3Zn3@Ioosup?9rKY zZfaL@m_OHRpv-%!*#A z(|ie%&%B@P3{K^GzOz0hr(@TS^M2OC>Q|zJHVHMbzSTJICn954_#~s|PU}YHZI^x| zRqa-qbfUHKjIi97S=u}8Jm(18o0NTVRtSB!dbV`>8)56}yj1a{E-Tk;G&+4s=>_Ks z#TCtZ>sXh~H{6$TZ|~Qe+a=H3o!*vW7`>*PN`Gv+abx_?^9g9EiZw1q?(+hA<|d zgzU`qipvBdm`|kjbkFa}v9(7p@A-IYONH5!oK=(e=(B2@#-GK9|8hDIhvpc;OMj?6UdO*2RA{?~s!_ChTU(H-Uy?HTu-KR%zKs(CBs{_06FWqTH?8fX7of790U;Md*q-zFK$sI(^q|En-D&n!Ir g^-~0I5j*drmUhF9{H>OfilSc@H^1gpFRLg903`@t1ONa4 diff --git a/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/broker.xml b/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/broker.xml index 04bcec5976..1a346304ad 100644 --- a/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/broker.xml +++ b/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/broker.xml @@ -31,7 +31,7 @@ under the License. - tcp://localhost:5500?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample + tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass diff --git a/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/server-ca-truststore.jks b/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/server-ca-truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..3fe0f29ad27fec3158355a5c1d253d6934165d13 GIT binary patch literal 950 zcmezO_TO6u1_mY|W(3om#i>PQsYSZUi9nHR9_jzZ46G4)rUsS_49q14P0R%bO-vCB zn3))vm{{T@S!NmVvTFyI3T zaSO9M7L}ytW)>S-7?^=Xn1%IWiWHzy3c+9pC^)AUm1L%6CMT9;=I1FmmX>7X7iE@I z8YqbK8W|c`7#JHG8yK0GL`m=iX#+ze0~4qK?VZrXsD$ioMpg#qCPsb+gC<5UrY1&4 zhTZ}V`OWgRHpW#y5A9xdH}aMKF4f@B?K8gdAAMu-%FNwl=7Bf>ENZ)`mZLc~-L8u7J66wnE0|wLwMCf45!qs$n~H zRGafrl!^*(+2-7PM_iUJv5C_8=pOl~U{CLzx{2EwMQ?7jGs&)Ny}sn1V%V0>UHT>B zxsTP^B+L0+?`m2enVj=#Hn&r=;B(oco+BU1cirJ)i_)7?le5>!V)N?)`RklXA2TK^ zgeu5z{w>?86m`B#(P)3vlDFPV@2-2WRyMWAZFXLL=!=qF8u?rTpN>3PY5V50SMa2x zlbK)J=wC=a?a0K;$iTSR$iM)c5@dxL8UM4e8ZZMX16g3K%kr^^v52gBn`7&s=JxC< z=j2O2-gMlZy|S}zdRQ0pph^4LVS$3#Jf6?E3`KDuXYn^*z z-A~IsyS7%%z1_{1MP%^~>rLe!m+!D^4p?wt+h%Sl1-;`(ZkF}?O052sGj)o6X3U&( zk5xbIe^QgY-aAocW7x@c-gmZmO_e*&KBM`-={MCc=cirUwj=6rcbR(k?wpQ!hvu)? zx^w-mXrr*ehM4mfzsfx`%GE`;3w$`qd0ryN&vcr^JMA^r@dgs@@(s&d?F4h`!=FsL F1psjpaqa*B literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/server-keystore.jks b/examples/features/standard/ssl-enabled/src/main/resources/activemq/server0/server-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..5a7e2c00bf86ef56329c990972055e1509ea0108 GIT binary patch literal 4122 zcmeH~c{r5q9>-@RGqO&0!;rPaGsZGy3uWK4^jb3_GBL&&M3%8lAwr9?q^yOStl6`a z2%%_`Eo3Lj&e3wt^}g?Q&UMZ|=l$#b%KkQ(!7BbY_Ig>?1bC1tXik92=35im$khbgSrfY+5#+fCSJC= zC4171Lk%URYqCjP8u<>=eCe~O3mN0Z`t#;5>Q$Ic90a*dj5!lzE`8xz&MGQaNxO=P zM84mYg*v(B-fc)_dhe7J!r4_4krY;AD)9C~t6GBnXNPe=5C;a|)~?~UR^9NaaIH1C z6xHVFu(sk+WarjFdFXHP)J6UN2yboQ{JfQbT1H%+&O0b2+oNUywB{eNs|^Ix?rcvexc6PajYlq%=j< zEb0_N_uG!od8-&+ijI83VUCT?(-=Q4_;#Q%|H?OpVBgAGl9u zzDza7*byxc^&&g*A@h*^1twyn&*$3cFdxKbhUV$ZZYwMsBhM5Kge3zkhWQ1bWM^df zrzQ>aNVguDuEK4|G_Tc1EhQMi$2WT)hR3!$TQ=CFyfx-{{Y+wH^#DQqZ26#K07EOa zElwy|BoJrarakcBu_LrBSE7k?ooH%eQHyhXEbXuJcH8Do1dT$Y7+DA{%D**cv zAK`!7HbEpM(mMHD8-3mkkhFVmqfwj*9u<(MN}Ll5{V#9&rr^!egw71e&DI21q>Kav z5nm6yd_|ov@U>)EO8it1_#nV|V5ay`;0>ptQ9}>&J3C+SlPqP_=`uC%T3S2km5A_8 zCP}t|uK!dg?UAzc)ZkL#e4gK!IQANTr&Y$mNY6HZ@;SIE9K$s!ehw`T18bRF_fh%U zNf$^z$I9)V>Hy6Tu)82I7<9Dv3}g3%&=AaK{c%E&OtCMiCeFC&?EQsaRo@Zrgb2ekQ5D_TqVu=6(@uTJ?qnhja6 z7<@J>$JtJ63Rv*w0#Ue?qeMSj2h&Z@8ESGx`e%q0d!jXUp9DaT;5*qWL}XVL$`Cty zeG_o-h{}fd1TI8^$+p+)R3=xX0>XMBQ?+ghPsnAmc*}G@zpx(FptSQoey-SM{&w=$ zkHgpaCo%>GBkMFa?fj-F2c;GczR(^U4SpV~Tx#zquWWrdtE?K^ms%@iUL$5D%I%Sg ztmw~zZhMY+!ZqTw>D3%><~#K|E2ukWysMawA<^hUn}W)~(V3(jwdxQDZWG+Gm5nR| z{XGB4!j}|e{9%+*Lu;BQga=$&%4lJYQxoFi6ovro0V1)8xqgKc+!@PClYLG+jwU{J zGH0b9XOzPZo_7;oJ~gzheTTP!^_nvA`a@O1lT*WwS=oe+SKM=Vu(>jHD_z|6gV;>7 z4L@6-u4$A0R0z9$MLv~TBI9c@}NFDa5b?fE}ciW{TBbl)p4`f=Z&N z^gI1%jtnPd6@kMb5VRJcLLUQENY-sA1Pp<|q;m)L0TxF1foQ$x6&5g1)MD}n>=P$P{shi1i%Ng7eIXf zIwKOQx%>BD5z`-{JwK!WDOofi^fOtW|Bx&|1&jW^5W6-3rGnW&yE+0w1%pA2x;rY{ zkoYV+Hzw&wdq4b9=0o?Rj4}5ni9;j)F^{kp@8AvDTRC+F=EefFMNy?q`@B}OjGXko z1tH6t-aC%+-h4uo(yz^l-V`-l$Yd43K0Jz$&hp;BS21}p{AlC7r#>Hyxhebaz99)T zdGOiPz9`!24UjTIlF`|v(Z^+!IuC&}ie9X4dIAq5e1>y+U9^2gLf=_bLL(z=CtT($ zCpJIHua3r6Q0^3L5d2uNWs^#-S3=PaWnh(_wxo*1bRIrgrM@$kwepMxhm^<6nLn$F zt$fkxYLUVZ@AP-;?{qApW|&#%1{;ZW7r{MhdFAE?5(p3FFmg@{%dyjC5GWV~zUu*; z0fcueiP{h21-QfZ70wdWj!Ni^kHM3BR%d7fw+eiG0QmO>NEieF0sP-zIbcYDg9;~j zyEqfvy?x0su+UwL22kJUSYh0-eM|2gC^yG8tn`M4&N$L?A9iZS;eWpwyQgw@Gr*uQ zx!~8FTm7OD0)390`(vCEj>#LqR6M8a3y30A%*P_o-W--8;)>6;M6>+oD#mBGvaM{F zw=AoHb&d7jH1bQKkp1TeBX5IK?7nKvDZrq3Y~Z(?iNXgbnI!ScBA(yB6Cf` zqyep|M5Lf%DmE?Nu(55=+Q4Cf8cQqFn41He8F%001O~ehSB2_AU3*0QZxlkOER%9I z(+wg_6?vwyftxy{TSm1t9gHp|?03Z{ND9@kol(9|Cg-W$Ns_M%w05%Ta3vG2?s&}x zTCD^|KQsI&LpnApZ!|jlVwz#L{8D)|<>IURG+bi7R~zqzz3XEGt}EZdm9og7e{oFS z<(Rn3@yTBtJMzJ9{;6VrHOC6O9PjcBVB`UX9~>*#{{K_>Z`8&UrG!g_FQ{VAuQgWZ z4*WJHS0#SJs^Z2sww4*(l#;GOYQv1_1qKycvu}EwQQPmX7$i(xR7Zwd!P5-=1xvP> z4BKrr!YsQl*bGf}@CB(8p@Fy1?n^}$q=}8_Zi8UP#+HNd5nC}a7D~yvkIlz&vQ=$m z7Il9cA=boy2)R-o&h?hAuHYFG)t|jBVqJQ%N{-BPZd8(y&!6@9fb`+!WWv-fW~~U0 z2^1-=dBMNx1A@_3HYJ!)tA#6>CJOh%@r&-sXe+cJe2Y>hYTHE-k*~MSo;A!FC>|<8 zxyI?-@(Q*3OsQeTKr1R2k(+D)yWv*o>5HrMa*d+kIs&^%D!}D@4Xr z(!6Y{^s*99nI#?&m-C$Ab}Nd@ZH$z=v*j&JeJWI>9q*vqE;Qa(B%vFlV+`AOw^HSi z|6*RHdW6~ShVl|-ezfef=C_mtW8VAggsUkU9`V8Psr;MDzl_SMFh(tlISs=%4!o(G<*ilM I)(|iL0pakxbN~PV literal 0 HcmV?d00001 diff --git a/examples/features/standard/ssl-enabled/src/main/resources/jndi.properties b/examples/features/standard/ssl-enabled/src/main/resources/jndi.properties index 7929c7c4fa..1b2906f559 100644 --- a/examples/features/standard/ssl-enabled/src/main/resources/jndi.properties +++ b/examples/features/standard/ssl-enabled/src/main/resources/jndi.properties @@ -16,5 +16,5 @@ # under the License. java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory -connectionFactory.ConnectionFactory=tcp://localhost:5500?sslEnabled=true&trustStorePath=activemq/server0/activemq.example.truststore&trustStorePassword=activemqexample +connectionFactory.ConnectionFactory=tcp://localhost:5500?sslEnabled=true&trustStorePath=activemq/server0/server-ca-truststore.jks&trustStorePassword=securepass queue.queue/exampleQueue=exampleQueue diff --git a/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java b/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java index 688c03ab3f..8346494241 100644 --- a/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java +++ b/examples/protocols/stomp/stomp-dual-authentication/src/main/java/org/apache/activemq/artemis/jms/example/StompDualAuthenticationExample.java @@ -45,10 +45,10 @@ public class StompDualAuthenticationExample { try { // set up SSL keystores for Stomp connection - System.setProperty("javax.net.ssl.trustStore", args[0] + "client-side-truststore.jks"); - System.setProperty("javax.net.ssl.trustStorePassword", "secureexample"); - System.setProperty("javax.net.ssl.keyStore", args[0] + "client-side-keystore.jks"); - System.setProperty("javax.net.ssl.keyStorePassword", "secureexample"); + System.setProperty("javax.net.ssl.trustStore", args[0] + "server-ca-truststore.jks"); + System.setProperty("javax.net.ssl.trustStorePassword", "securepass"); + System.setProperty("javax.net.ssl.keyStore", args[0] + "client-keystore.jks"); + System.setProperty("javax.net.ssl.keyStorePassword", "securepass"); // Step 1. Create an SSL socket to connect to the broker SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); diff --git a/tests/integration-tests/pom.xml b/tests/integration-tests/pom.xml index d7e71e598e..7517eee99e 100644 --- a/tests/integration-tests/pom.xml +++ b/tests/integration-tests/pom.xml @@ -474,6 +474,9 @@ **/rest/*.xml + + ../security-resources + diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/AmqpFailoverEndpointDiscoveryTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/AmqpFailoverEndpointDiscoveryTest.java index 5ded6f29fe..c135dc5089 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/AmqpFailoverEndpointDiscoveryTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/AmqpFailoverEndpointDiscoveryTest.java @@ -36,6 +36,9 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ @RunWith(Parameterized.class) public class AmqpFailoverEndpointDiscoveryTest extends FailoverTestBase { @@ -90,9 +93,9 @@ public class AmqpFailoverEndpointDiscoveryTest extends FailoverTestBase { if (protocol == 0) { return new JmsConnectionFactory("failover:(amqp://localhost:61616)"); } else { - String keystore = this.getClass().getClassLoader().getResource("client-side-keystore.jks").getFile(); - String truststore = this.getClass().getClassLoader().getResource("client-side-truststore.jks").getFile(); - return new JmsConnectionFactory("failover:(amqps://localhost:61616?transport.keyStoreLocation=" + keystore + "&transport.keyStorePassword=secureexample&transport.trustStoreLocation=" + truststore + "&transport.trustStorePassword=secureexample&transport.verifyHost=false)"); + String keystore = this.getClass().getClassLoader().getResource("client-keystore.jks").getFile(); + String truststore = this.getClass().getClassLoader().getResource("server-ca-truststore.jks").getFile(); + return new JmsConnectionFactory("failover:(amqps://localhost:61616?transport.keyStoreLocation=" + keystore + "&transport.keyStorePassword=securepass&transport.trustStoreLocation=" + truststore + "&transport.trustStorePassword=securepass&transport.verifyHost=false)"); } } @@ -101,10 +104,10 @@ public class AmqpFailoverEndpointDiscoveryTest extends FailoverTestBase { if (protocol == 1) { server1Params.put(TransportConstants.SSL_ENABLED_PROP_NAME, "true"); - server1Params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - server1Params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - server1Params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - server1Params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + server1Params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + server1Params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + server1Params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + server1Params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); } if (live) { @@ -120,10 +123,10 @@ public class AmqpFailoverEndpointDiscoveryTest extends FailoverTestBase { Map server1Params = new HashMap<>(); if (protocol == 1) { server1Params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - server1Params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - server1Params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - server1Params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks"); - server1Params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + server1Params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + server1Params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + server1Params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + server1Params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); } if (live) { return new TransportConfiguration(NETTY_CONNECTOR_FACTORY, server1Params); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalLDAPTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalLDAPTest.java index 6320b4fc82..7e109732aa 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalLDAPTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalLDAPTest.java @@ -58,6 +58,9 @@ import org.junit.runner.RunWith; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertEquals; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ @RunWith(FrameworkRunner.class) @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port = 1024)}) @ApplyLdifFiles("AMQauth.ldif") @@ -117,10 +120,10 @@ public class JMSSaslExternalLDAPTest extends AbstractLdapTestUnit { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "keystore1.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "changeit"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "changeit"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); Map extraParams = new HashMap<>(); @@ -146,14 +149,14 @@ public class JMSSaslExternalLDAPTest extends AbstractLdapTestUnit { @Test(timeout = 600000) public void testRoundTrip() throws Exception { - final String keystore = this.getClass().getClassLoader().getResource("client_not_revoked.jks").getFile(); - final String truststore = this.getClass().getClassLoader().getResource("truststore.jks").getFile(); + final String keystore = this.getClass().getClassLoader().getResource("client-keystore.jks").getFile(); + final String truststore = this.getClass().getClassLoader().getResource("server-ca-truststore.jks").getFile(); String connOptions = "?amqp.saslMechanisms=EXTERNAL" + "&" + "transport.trustStoreLocation=" + truststore + "&" + - "transport.trustStorePassword=changeit" + "&" + + "transport.trustStorePassword=securepass" + "&" + "transport.keyStoreLocation=" + keystore + "&" + - "transport.keyStorePassword=changeit" + "&" + + "transport.keyStorePassword=securepass" + "&" + "transport.verifyHost=false"; JmsConnectionFactory factory = new JmsConnectionFactory(new URI("amqps://localhost:" + 61616 + connOptions)); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalTest.java index b9da886d85..078d39f8af 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/JMSSaslExternalTest.java @@ -60,6 +60,9 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ public class JMSSaslExternalTest extends ActiveMQTestBase { static { @@ -98,10 +101,10 @@ public class JMSSaslExternalTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "keystore1.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "changeit"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "changeit"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); Map extraParams = new HashMap<>(); @@ -127,14 +130,14 @@ public class JMSSaslExternalTest extends ActiveMQTestBase { @Test(timeout = 600000) public void testConnection() throws Exception { - final String keystore = this.getClass().getClassLoader().getResource("client_not_revoked.jks").getFile(); - final String truststore = this.getClass().getClassLoader().getResource("truststore.jks").getFile(); + final String keystore = this.getClass().getClassLoader().getResource("other-client-keystore.jks").getFile(); + final String truststore = this.getClass().getClassLoader().getResource("server-ca-truststore.jks").getFile(); String connOptions = "?amqp.saslMechanisms=EXTERNAL" + "&" + "transport.trustStoreLocation=" + truststore + "&" + - "transport.trustStorePassword=changeit" + "&" + + "transport.trustStorePassword=securepass" + "&" + "transport.keyStoreLocation=" + keystore + "&" + - "transport.keyStorePassword=changeit" + "&" + + "transport.keyStorePassword=securepass" + "&" + "transport.verifyHost=false"; JmsConnectionFactory factory = new JmsConnectionFactory(new URI("amqps://localhost:" + 61616 + connOptions)); @@ -164,10 +167,10 @@ public class JMSSaslExternalTest extends ActiveMQTestBase { final Map config = new LinkedHashMap<>(); config.put(TransportConstants.HOST_PROP_NAME, "localhost"); config.put(TransportConstants.PORT_PROP_NAME, String.valueOf(61616)); - config.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client_not_revoked.jks"); - config.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "changeit"); - config.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "truststore.jks"); - config.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "changeit"); + config.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + config.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + config.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + config.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); config.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); config.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/connect/AMQPConnectSaslTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/connect/AMQPConnectSaslTest.java index 0a37e89c19..7140d75bfe 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/connect/AMQPConnectSaslTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/connect/AMQPConnectSaslTest.java @@ -52,16 +52,21 @@ import io.vertx.proton.ProtonConnection; import io.vertx.proton.ProtonServerOptions; import io.vertx.proton.sasl.ProtonSaslAuthenticator; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ public class AMQPConnectSaslTest extends AmqpClientTestSupport { private static final int BROKER_PORT_NUM = AMQP_PORT + 1; - private static final String SERVER_KEYSTORE_NAME = "keystore1.jks"; - private static final String SERVER_KEYSTORE_PASSWORD = "changeit"; - private static final String CLIENT_KEYSTORE_NAME = "client_not_revoked.jks"; - private static final String CLIENT_KEYSTORE_PASSWORD = "changeit"; - private static final String TRUSTSTORE_NAME = "truststore.jks"; - private static final String TRUSTSTORE_PASSWORD = "changeit"; + private static final String SERVER_KEYSTORE_NAME = "server-keystore.jks"; + private static final String SERVER_KEYSTORE_PASSWORD = "securepass"; + private static final String CLIENT_KEYSTORE_NAME = "client-keystore.jks"; + private static final String CLIENT_KEYSTORE_PASSWORD = "securepass"; + private static final String SERVER_TRUSTSTORE_NAME = "server-ca-truststore.jks"; + private static final String SERVER_TRUSTSTORE_PASSWORD = "securepass"; + private static final String CLIENT_TRUSTSTORE_NAME = "client-ca-truststore.jks"; + private static final String CLIENT_TRUSTSTORE_PASSWORD = "securepass"; private static final String USER = "MY_USER"; private static final String PASSWD = "PASSWD_VALUE"; @@ -220,8 +225,8 @@ public class AMQPConnectSaslTest extends AmqpClientTestSupport { serverOptions.setKeyStoreOptions(jksKeyStoreOptions); if (requireClientCert) { - final String trustStorePath = this.getClass().getClassLoader().getResource(TRUSTSTORE_NAME).getFile(); - JksOptions jksTrustStoreOptions = new JksOptions().setPath(trustStorePath).setPassword(TRUSTSTORE_PASSWORD); + final String trustStorePath = this.getClass().getClassLoader().getResource(CLIENT_TRUSTSTORE_NAME).getFile(); + JksOptions jksTrustStoreOptions = new JksOptions().setPath(trustStorePath).setPassword(CLIENT_TRUSTSTORE_PASSWORD); serverOptions.setTrustStoreOptions(jksTrustStoreOptions); serverOptions.setClientAuth(ClientAuth.REQUIRED); @@ -236,7 +241,7 @@ public class AMQPConnectSaslTest extends AmqpClientTestSupport { }); String amqpServerConnectionURI = "tcp://localhost:" + mockServer.actualPort() + - "?sslEnabled=true;trustStorePath=" + TRUSTSTORE_NAME + ";trustStorePassword=" + TRUSTSTORE_PASSWORD; + "?sslEnabled=true;trustStorePath=" + SERVER_TRUSTSTORE_NAME + ";trustStorePassword=" + SERVER_TRUSTSTORE_PASSWORD; if (requireClientCert) { amqpServerConnectionURI += ";keyStorePath=" + CLIENT_KEYSTORE_NAME + ";keyStorePassword=" + CLIENT_KEYSTORE_PASSWORD; diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java index e4d1a6e8ff..71476f5943 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java @@ -51,6 +51,9 @@ import org.junit.Test; import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.CONSUMER_CREATED; import static org.apache.activemq.artemis.api.core.management.CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ public class SSLSecurityNotificationTest extends ActiveMQTestBase { static { @@ -78,10 +81,10 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase { TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "bad-client-side-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "unknown-client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); @@ -96,7 +99,7 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase { ClientMessage[] notifications = SSLSecurityNotificationTest.consumeMessages(1, notifConsumer); Assert.assertEquals(SECURITY_AUTHENTICATION_VIOLATION.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString()); Assert.assertEquals(null, notifications[0].getObjectProperty(ManagementHelper.HDR_USER)); - Assert.assertEquals("CN=Bad Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); + Assert.assertEquals("CN=ActiveMQ Artemis Unknown Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); Assert.assertTrue(notifications[0].getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("/127.0.0.1")); Assert.assertTrue(notifications[0].getTimestamp() >= start); Assert.assertTrue((long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); @@ -116,10 +119,10 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase { TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); @@ -154,10 +157,10 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); @@ -173,10 +176,10 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase { TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java index 3db9734cf2..080fdda9d4 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java @@ -37,87 +37,10 @@ import org.fusesource.mqtt.client.QoS; import org.fusesource.mqtt.client.Topic; import org.junit.Test; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ public class MQTTSecurityCRLTest extends ActiveMQTestBase { - /** - * These artifacts are required for testing mqtt with CRL - *

- * openssl genrsa -out ca.key 2048 - * openssl req -new -x509 -days 1826 -key ca.key -out ca.crt - * touch certindex - * echo 01 > certserial - * echo 01 > crlnumber - *

- * Create ca.conf file with - *

- * [ ca ] - * default_ca = myca - *

- * [ crl_ext ] - * # issuerAltName=issuer:copy #this would copy the issuer name to altname - * authorityKeyIdentifier=keyid:always - *

- * [ myca ] - * dir = ./ - * new_certs_dir = $dir - * unique_subject = no - * certificate = $dir/ca.crt - * database = $dir/certindex - * private_key = $dir/ca.key - * serial = $dir/certserial - * default_days = 730 - * default_md = sha1 - * policy = myca_policy - * x509_extensions = myca_extensions - * crlnumber = $dir/crlnumber - * default_crl_days = 730 - *

- * [ myca_policy ] - * commonName = supplied - * stateOrProvinceName = supplied - * countryName = optional - * emailAddress = optional - * organizationName = supplied - * organizationalUnitName = optional - *

- * [ myca_extensions ] - * basicConstraints = CA:false - * subjectKeyIdentifier = hash - * authorityKeyIdentifier = keyid:always - * keyUsage = digitalSignature,keyEncipherment - * extendedKeyUsage = serverAuth, clientAuth - * crlDistributionPoints = URI:http://example.com/root.crl - * subjectAltName = @alt_names - *

- * [alt_names] - * DNS.1 = example.com - * DNS.2 = *.example.com - *

- * Continue executing the commands: - *

- * openssl genrsa -out keystore1.key 2048 - * openssl req -new -key keystore1.key -out keystore1.csr - * openssl ca -batch -config ca.conf -notext -in keystore1.csr -out keystore1.crt - * openssl genrsa -out client_revoked.key 2048 - * openssl req -new -key client_revoked.key -out client_revoked.csr - * openssl ca -batch -config ca.conf -notext -in client_revoked.csr -out client_revoked.crt - * openssl genrsa -out client_not_revoked.key 2048 - * openssl req -new -key client_not_revoked.key -out client_not_revoked.csr - * openssl ca -batch -config ca.conf -notext -in client_not_revoked.csr -out client_not_revoked.crt - * openssl ca -config ca.conf -gencrl -keyfile ca.key -cert ca.crt -out root.crl.pem - * openssl ca -config ca.conf -revoke client_revoked.crt -keyfile ca.key -cert ca.crt - * openssl ca -config ca.conf -gencrl -keyfile ca.key -cert ca.crt -out root.crl.pem - *

- * openssl pkcs12 -export -name client_revoked -in client_revoked.crt -inkey client_revoked.key -out client_revoked.p12 - * keytool -importkeystore -destkeystore client_revoked.jks -srckeystore client_revoked.p12 -srcstoretype pkcs12 -alias client_revoked - *

- * openssl pkcs12 -export -name client_not_revoked -in client_not_revoked.crt -inkey client_not_revoked.key -out client_not_revoked.p12 - * keytool -importkeystore -destkeystore client_not_revoked.jks -srckeystore client_not_revoked.p12 -srcstoretype pkcs12 -alias client_not_revoked - *

- * openssl pkcs12 -export -name keystore1 -in keystore1.crt -inkey keystore1.key -out keystore1.p12 - * keytool -importkeystore -destkeystore keystore1.jks -srckeystore keystore1.p12 -srcstoretype pkcs12 -alias keystore1 - *

- * keytool -import -trustcacerts -alias trust_key -file ca.crt -keystore truststore.jks - */ @Test public void crlRevokedTest() throws Exception { @@ -131,7 +54,7 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase { Thread.sleep(50); } - connection1 = retrieveMQTTConnection("ssl://localhost:1883", "truststore.jks", "changeit", "client_revoked.jks", "changeit"); + connection1 = retrieveMQTTConnection("ssl://localhost:1883", "server-ca-truststore.jks", "securepass", "other-client-keystore.jks", "securepass"); // Subscribe to topics Topic[] topics = {new Topic("test/+/some/#", QoS.AT_MOST_ONCE)}; @@ -170,7 +93,7 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase { Thread.sleep(50); } - connection1 = retrieveMQTTConnection("ssl://localhost:1883", "truststore.jks", "changeit", "client_not_revoked.jks", "changeit"); + connection1 = retrieveMQTTConnection("ssl://localhost:1883", "server-ca-truststore.jks", "securepass", "client-keystore.jks", "securepass"); // Subscribe to topics Topic[] topics = {new Topic("test/+/some/#", QoS.AT_MOST_ONCE)}; @@ -220,11 +143,11 @@ public class MQTTSecurityCRLTest extends ActiveMQTestBase { TransportConfiguration transportConfiguration = new TransportConfiguration(NettyAcceptorFactory.class.getCanonicalName(), null, "mqtt", null); transportConfiguration.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - transportConfiguration.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "truststore.jks"); - transportConfiguration.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "changeit"); - transportConfiguration.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "keystore1.jks"); - transportConfiguration.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "changeit"); - transportConfiguration.getParams().put(TransportConstants.CRL_PATH_PROP_NAME, "root.crl.pem"); + transportConfiguration.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + transportConfiguration.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + transportConfiguration.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + transportConfiguration.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + transportConfiguration.getParams().put(TransportConstants.CRL_PATH_PROP_NAME, "other-client-crl.pem"); transportConfiguration.getParams().put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, "true"); transportConfiguration.getParams().put(TransportConstants.PORT_PROP_NAME, "1883"); transportConfiguration.getParams().put(TransportConstants.HOST_PROP_NAME, "localhost"); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java index 1da806d5c2..45b1082ac3 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java @@ -78,6 +78,9 @@ import org.junit.Before; import org.junit.Ignore; import org.junit.Test; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ public class SecurityTest extends ActiveMQTestBase { static { @@ -183,10 +186,10 @@ public class SecurityTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(clientAuthPropName, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); @@ -195,10 +198,10 @@ public class SecurityTest extends ActiveMQTestBase { TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); @@ -218,10 +221,10 @@ public class SecurityTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); @@ -234,10 +237,10 @@ public class SecurityTest extends ActiveMQTestBase { server.start(); ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616?verifyHostName=false"); - factory.setTrustStore("client-side-truststore.jks"); - factory.setTrustStorePassword("secureexample"); - factory.setKeyStore("client-side-keystore.jks"); - factory.setKeyStorePassword("secureexample"); + factory.setTrustStore("server-ca-truststore.jks"); + factory.setTrustStorePassword("securepass"); + factory.setKeyStore("client-keystore.jks"); + factory.setKeyStorePassword("securepass"); try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) { Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); @@ -264,10 +267,10 @@ public class SecurityTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); @@ -275,10 +278,10 @@ public class SecurityTest extends ActiveMQTestBase { ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616?verifyHostName=false"); factory.setUserName("test-user"); - factory.setTrustStore("client-side-truststore.jks"); - factory.setTrustStorePassword("secureexample"); - factory.setKeyStore("client-side-keystore.jks"); - factory.setKeyStorePassword("secureexample"); + factory.setTrustStore("server-ca-truststore.jks"); + factory.setTrustStorePassword("securepass"); + factory.setKeyStore("client-keystore.jks"); + factory.setKeyStorePassword("securepass"); factory.setWatchTopicAdvisories(false); try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) { @@ -381,9 +384,9 @@ public class SecurityTest extends ActiveMQTestBase { * This test requires a client-side certificate that will be trusted by the server but whose dname will be rejected * by the CertLogin login module. I created this cert with the follow commands: * - * keytool -genkey -keystore bad-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=Bad Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore bad-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt -alias bad + * keytool -genkey -keystore bad-client-keystore.jks -storepass securepass -keypass securepass -dname "CN=Bad Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore bad-client-keystore.jks -file activemq-jks.cer -storepass securepass + * keytool -import -keystore client-ca-truststore.jks -file activemq-jks.cer -storepass securepass -keypass securepass -noprompt -alias bad */ @Test public void testJAASSecurityManagerAuthenticationWithBadClientCert() throws Exception { @@ -392,10 +395,10 @@ public class SecurityTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); @@ -404,10 +407,10 @@ public class SecurityTest extends ActiveMQTestBase { TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "bad-client-side-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "unknown-client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); @@ -701,10 +704,10 @@ public class SecurityTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); @@ -717,10 +720,10 @@ public class SecurityTest extends ActiveMQTestBase { TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); @@ -894,10 +897,10 @@ public class SecurityTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); params.put(clientAuthPropName, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); @@ -909,10 +912,10 @@ public class SecurityTest extends ActiveMQTestBase { TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-side-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-side-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); ClientSession session = addClientSession(cf.createSession()); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java index 5d912f6436..710bb16925 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java @@ -56,6 +56,9 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ @RunWith(value = Parameterized.class) public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { String suffix = ""; @@ -82,60 +85,18 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { if (suffix.equalsIgnoreCase("PKCS12")) { suffix = "p12"; } - SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix; - CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + suffix; + SERVER_SIDE_KEYSTORE = "server-keystore." + suffix; + CLIENT_SIDE_TRUSTSTORE = "server-ca-truststore." + suffix; } public static final SimpleString QUEUE = new SimpleString("QueueOverSSL"); - /** - * These artifacts are required for testing 1-way SSL - * - * Commands to create the JKS artifacts: - * keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore server-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore client-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore other-server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=Other ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore other-server-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore other-client-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore verified-server-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore verified-client-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * Commands to create the JCEKS artifacts: - * keytool -genkey -keystore server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore other-server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=Other ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore other-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore other-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore verified-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore verified-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * Commands to create the PKCS12 artifacts: - * keytool -genkey -keystore server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore other-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=Other ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore other-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore other-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore verified-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore verified-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - */ private boolean generateWarning; private String storeProvider; private String storeType; private String SERVER_SIDE_KEYSTORE; private String CLIENT_SIDE_TRUSTSTORE; - private final String PASSWORD = "secureexample"; + private final String PASSWORD = "securepass"; private ActiveMQServer server; @@ -476,13 +437,13 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { @Test public void testOneWaySSLVerifyHost() throws Exception { - createCustomSslServer(true); + createCustomSslServer(); String text = RandomUtil.randomString(); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, storeProvider); tc.getParams().put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, storeType); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "verified-" + CLIENT_SIDE_TRUSTSTORE); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, CLIENT_SIDE_TRUSTSTORE); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD); tc.getParams().put(TransportConstants.VERIFY_HOST_PROP_NAME, true); @@ -505,7 +466,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { @Test public void testOneWaySSLVerifyHostNegative() throws Exception { - createCustomSslServer(); + createCustomSslServer(true); String text = RandomUtil.randomString(); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); @@ -548,7 +509,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, storeProvider); tc.getParams().put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, storeType); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "other-client-side-truststore." + suffix); + tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "other-server-truststore." + suffix); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)).setCallTimeout(3000); @@ -561,7 +522,7 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { // reload the acceptor to reload the SSL stores NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); - acceptor.setKeyStorePath("other-server-side-keystore." + suffix); + acceptor.setKeyStorePath("other-" + SERVER_SIDE_KEYSTORE); acceptor.reload(); // create a session with the locator which failed previously proving that the SSL stores have been reloaded @@ -1000,20 +961,20 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { createCustomSslServer(null, null, false, sniHost); } - private void createCustomSslServer(boolean useVerifiedKeystore) throws Exception { - createCustomSslServer(null, null, useVerifiedKeystore, null); + private void createCustomSslServer(boolean useUnknownKeystore) throws Exception { + createCustomSslServer(null, null, useUnknownKeystore, null); } private void createCustomSslServer(String cipherSuites, String protocols, - boolean useVerifiedKeystore, + boolean useUnknownKeystore, String sniHost) throws Exception { - createCustomSslServer(cipherSuites, protocols, useVerifiedKeystore, sniHost, null); + createCustomSslServer(cipherSuites, protocols, useUnknownKeystore, sniHost, null); } private void createCustomSslServer(String cipherSuites, String protocols, - boolean useVerifiedKeystore, + boolean useUnknownKeystore, String sniHost, String trustManagerFactoryPlugin) throws Exception { Map params = new HashMap<>(); @@ -1025,8 +986,8 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { params.put(TransportConstants.SNIHOST_PROP_NAME, sniHost); } - if (useVerifiedKeystore) { - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "verified-" + SERVER_SIDE_KEYSTORE); + if (useUnknownKeystore) { + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "unknown-" + SERVER_SIDE_KEYSTORE); } else { params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, SERVER_SIDE_KEYSTORE); } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java index ed78d7217c..c21dc45292 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java @@ -55,6 +55,9 @@ import org.junit.runners.Parameterized; import io.netty.handler.ssl.SslHandler; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ @RunWith(value = Parameterized.class) public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { @@ -96,90 +99,14 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { suffix = "p12"; } - String prefix = ""; - if (TransportConstants.OPENSSL_PROVIDER.equals(clientSSLProvider) || TransportConstants.OPENSSL_PROVIDER.equals(serverSSLProvider)) { - prefix = "openssl-"; - } - SERVER_SIDE_KEYSTORE = prefix + "server-side-keystore." + suffix; - SERVER_SIDE_TRUSTSTORE = prefix + "server-side-truststore." + suffix; - CLIENT_SIDE_TRUSTSTORE = prefix + "client-side-truststore." + suffix; - CLIENT_SIDE_KEYSTORE = prefix + "client-side-keystore." + suffix; + SERVER_SIDE_KEYSTORE = "server-keystore." + suffix; + SERVER_SIDE_TRUSTSTORE = "client-ca-truststore." + suffix; + CLIENT_SIDE_TRUSTSTORE = "server-ca-truststore." + suffix; + CLIENT_SIDE_KEYSTORE = "client-keystore." + suffix; } public static final SimpleString QUEUE = new SimpleString("QueueOverSSL"); - /** - * These artifacts are required for testing 2-way SSL in addition to the artifacts for 1-way SSL from {@link CoreClientOverOneWaySSLTest} - * - * Commands to create the JKS artifacts: - * keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore client-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA -ext san=ip:127.0.0.1 - * keytool -export -keystore verified-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore verified-server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * Commands to create the JCEKS artifacts: - * keytool -genkey -keystore client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA -ext san=ip:127.0.0.1 - * keytool -export -keystore verified-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore verified-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * Commands to create the PKCS12 artifacts: - * keytool -genkey -keystore client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA - * keytool -export -keystore client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA -ext san=ip:127.0.0.1 - * keytool -export -keystore verified-client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore verified-server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - * - * These artifacts are required for testing 2-way SSL with Open SSL - note the EC key and ECDSA signature to comply with what OpenSSL offers - * - * Commands to create the OpenSSL JKS artifacts: - * keytool -genkey -keystore openssl-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore openssl-server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore openssl-server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-server-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore openssl-client-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-openssl-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA -ext san=ip:127.0.0.1 - * keytool -export -keystore verified-openssl-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore verified-openssl-server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * Commands to create the OpenSSL JCEKS artifacts: - * keytool -genkey -keystore openssl-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore openssl-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore openssl-server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore openssl-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-openssl-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA -ext san=ip:127.0.0.1 - * keytool -export -keystore verified-openssl-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore verified-openssl-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * Commands to create the OpenSSL PKCS12 artifacts: - * keytool -genkey -keystore openssl-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore openssl-server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore openssl-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore openssl-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-openssl-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA -ext san=ip:127.0.0.1 - * keytool -export -keystore verified-openssl-client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample - * keytool -import -keystore verified-openssl-server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt - */ - private String storeType; private String storeProvider; private String clientSSLProvider; @@ -188,7 +115,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { private String SERVER_SIDE_TRUSTSTORE; private String CLIENT_SIDE_TRUSTSTORE; private String CLIENT_SIDE_KEYSTORE; - private final String PASSWORD = "secureexample"; + private final String PASSWORD = "securepass"; private ActiveMQServer server; @@ -255,7 +182,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { public void testTwoWaySSLVerifyClientHost() throws Exception { NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor("nettySSL"); acceptor.getConfiguration().put(TransportConstants.VERIFY_HOST_PROP_NAME, true); - acceptor.getConfiguration().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "verified-" + SERVER_SIDE_TRUSTSTORE); + acceptor.getConfiguration().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, SERVER_SIDE_TRUSTSTORE); server.getRemotingService().stop(false); server.getRemotingService().start(); server.getRemotingService().startAcceptors(); @@ -272,7 +199,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { tc.getParams().put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, storeProvider); tc.getParams().put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, storeType); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "verified-" + CLIENT_SIDE_KEYSTORE); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, CLIENT_SIDE_KEYSTORE); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); @@ -310,7 +237,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD); tc.getParams().put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, storeType); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, CLIENT_SIDE_KEYSTORE); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "unknown" + CLIENT_SIDE_KEYSTORE); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); server.getRemotingService().addIncomingInterceptor(new MyInterceptor()); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java index 7da92b268a..d87b20a80b 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/DualAuthenticationTest.java @@ -50,7 +50,7 @@ import org.junit.Before; import org.junit.Test; /** - * See {@link CoreClientOverTwoWaySSLTest} for details about the keystores required for this test. + * See the tests/security-resources/build.sh script for details on the security resources used. */ public class DualAuthenticationTest extends ActiveMQTestBase { @@ -67,11 +67,11 @@ public class DualAuthenticationTest extends ActiveMQTestBase { } } - private String SERVER_SIDE_KEYSTORE = "server-side-keystore.jks"; - private String SERVER_SIDE_TRUSTSTORE = "server-side-truststore.jks"; - private String CLIENT_SIDE_TRUSTSTORE = "client-side-truststore.jks"; - private String CLIENT_SIDE_KEYSTORE = "client-side-keystore.jks"; - private final String PASSWORD = "secureexample"; + private String SERVER_SIDE_KEYSTORE = "server-keystore.jks"; + private String SERVER_SIDE_TRUSTSTORE = "client-ca-truststore.jks"; + private String CLIENT_SIDE_TRUSTSTORE = "server-ca-truststore.jks"; + private String CLIENT_SIDE_KEYSTORE = "client-keystore.jks"; + private final String PASSWORD = "securepass"; private ActiveMQServer server; diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java index 72db844e76..08e7c773d3 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java @@ -32,6 +32,9 @@ import java.util.Collection; import java.util.HashMap; import java.util.Map; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ public abstract class SSLTestBase extends ActiveMQTestBase { @Parameterized.Parameters(name = "sslProvider={0},clientProvider={1}") @@ -44,11 +47,11 @@ public abstract class SSLTestBase extends ActiveMQTestBase { protected static final String QUEUE = "ssl.test.queue"; - protected final String PASSWORD = "secureexample"; - protected String SERVER_SIDE_KEYSTORE = "openssl-server-side-keystore.jks"; - protected String SERVER_SIDE_TRUSTSTORE = "openssl-server-side-truststore.jks"; - protected String CLIENT_SIDE_TRUSTSTORE = "openssl-client-side-truststore.jks"; - protected String CLIENT_SIDE_KEYSTORE = "openssl-client-side-keystore.jks"; + protected final String PASSWORD = "securepass"; + protected String SERVER_SIDE_KEYSTORE = "server-keystore.jks"; + protected String SERVER_SIDE_TRUSTSTORE = "client-ca-truststore.jks"; + protected String CLIENT_SIDE_TRUSTSTORE = "server-ca-truststore.jks"; + protected String CLIENT_SIDE_KEYSTORE = "client-keystore.jks"; protected ActiveMQServer server; diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java index 92aab6d7b1..98c23d6572 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/transports/netty/NettyConnectorWithHTTPUpgradeTest.java @@ -75,6 +75,8 @@ import static org.apache.activemq.artemis.tests.util.RandomUtil.randomString; /** * Test that Netty Connector can connect to a Web Server and upgrade from a HTTP request to its remoting protocol. + * + * See the tests/security-resources/build.sh script for details on the security resources used. */ @RunWith(value = Parameterized.class) public class NettyConnectorWithHTTPUpgradeTest extends ActiveMQTestBase { @@ -102,9 +104,9 @@ public class NettyConnectorWithHTTPUpgradeTest extends ActiveMQTestBase { private NioEventLoopGroup bossGroup; private NioEventLoopGroup workerGroup; - private String SERVER_SIDE_KEYSTORE = "server-side-keystore.jks"; - private String CLIENT_SIDE_TRUSTSTORE = "client-side-truststore.jks"; - private final String PASSWORD = "secureexample"; + private String SERVER_SIDE_KEYSTORE = "server-keystore.jks"; + private String CLIENT_SIDE_TRUSTSTORE = "server-ca-truststore.jks"; + private final String PASSWORD = "securepass"; @Override @Before diff --git a/tests/integration-tests/src/test/resources/AMQauth.ldif b/tests/integration-tests/src/test/resources/AMQauth.ldif index 74f04f74b4..e4d18ff8da 100755 --- a/tests/integration-tests/src/test/resources/AMQauth.ldif +++ b/tests/integration-tests/src/test/resources/AMQauth.ldif @@ -144,6 +144,6 @@ uniquemember: cn=role3 ## group with member identified just by DN from SASL external tls certificate subject DN dn: cn=widgets,ou=system cn: widgets -member: uid=O=Internet Widgits Pty Ltd,C=AU,ST=Some-State,CN=cert4 +member: uid=CN=ActiveMQ Artemis Client,OU=Artemis,O=ActiveMQ,L=AMQ,ST=AMQ,C=AMQ objectClass: groupOfNames objectClass: top \ No newline at end of file diff --git a/tests/integration-tests/src/test/resources/cert-regexps.properties b/tests/integration-tests/src/test/resources/cert-regexps.properties index 9677bd81ae..0083306eaa 100644 --- a/tests/integration-tests/src/test/resources/cert-regexps.properties +++ b/tests/integration-tests/src/test/resources/cert-regexps.properties @@ -16,4 +16,4 @@ # first=/CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ(, [A-Z]+=AMQ)+/ -second=O=Internet Widgits Pty Ltd, C=AU, ST=Some-State, CN=lakalkalaoioislkxn +second=/CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ(, [A-Z]+=AMQ)+/ diff --git a/tests/integration-tests/src/test/resources/cert-users.properties b/tests/integration-tests/src/test/resources/cert-users.properties index d1b556e719..97ca6cec13 100644 --- a/tests/integration-tests/src/test/resources/cert-users.properties +++ b/tests/integration-tests/src/test/resources/cert-users.properties @@ -16,4 +16,4 @@ # first=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ -second=O=Internet Widgits Pty Ltd, C=AU, ST=Some-State, CN=cert4 +second=CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ diff --git a/tests/integration-tests/src/test/resources/client_not_revoked.jks b/tests/integration-tests/src/test/resources/client_not_revoked.jks deleted file mode 100644 index b03e57a4f0856bea20e67ce2b8dd23637f0a198d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2380 zcmah~XHb*d7R{G@p(O}NRT4rGr1J$ZG?6MQ#Gpu(P$YyRB@#nbijfWiS5UeHLy;>e zQUojrC`Cn7st81liXd>YZ~>_gy>H(5X5P&Ev1iWOXYI51nRRBJjk%3E7z_sA3gB04 zrv&;_gBc#dG=>MA8b%ACdT(vf;=YPZ!C*)LVuI_?HXZ>r9smSX;UWNlgn>+O+AfD! zm;ZRmz?dkl_h88T-Po-Ib%x~RB<|Q^=m|- z=*gAtP@Ck9la&NCv1F>opg_0)P#!!wOU`IZLEY?J%=zN3-kqbX6s&==j(@V)?Y=t- zr9~CZtw7A)`;e?W^I7Y@4x8o1lB3jP(ktx6My}y~^jC#442Aj4%^ukMwV-AaRt}4= z;lwnQOZK!(RC`YN9xS-iQr;gFPrFcO%4-IS-+b&kKpIjiy>t!T?eNl=rpbvZ5b(8q zHr70a5e`%-X^hNUDc^5{6)9B8%GAyYY`22j25` zFz0AShM&duNe$j;ZTrAW=n2di>&#@fd12p5(@Xvsg}GDllyjZf5Ob%9+|1hz@is+4 zhR;=PLN0#)^eQaIt?VSHa5R{pX2hqv=4NGeh9cb_lXYn^Zu^cR)_$bccW(#Lckkt0 z5|e~XAF_QEcmDCX#lYAk#!^JDM>^@iXQgNX{DyqyS&0Ecz-Ga;)aE5-erxzn({bn^ z_T!YhO>R*ahTePajO&4ziM`7H+b9*A@89!fZ0x;TRe2`@PrNff^I;vc*TZ?AWDY~2 za|dd1M4;Jun351$u@WUAQZsUqTY4!s*s^*LSYJk^0DOJIy5GKA`4{0tq9gxyNHNzv zg1?JYGf_LGA3y&_wmvQ~wR}X3$sc#91#G*MTzx#9_bOL@a$s6t=c4y(r1k4nW&fk< zUhUS`vx`Q)alSp}h<{7!-6j-mde3pGpFSdaB$6^^f7bHtM5^3FSAAp~htyq8HoDze zFgYC|P+oTzXFO6n`}`npF#W5czIfSFiI>ipam;ve^<+nt*Kp4WCLl1&3x%P%)?Br9 z-&JV@YkK12GB(+i=2n3t(G@a$@5<0VIR~$Gh238a4~hSTSxpek&K&Zc6V0l0sg7@? zI!BKhI1q~ZV_{E@8f?2YDwS)rC5L~m6~A540*tDdtjk$Fbvxv(%Rba=d!-``^6QEctPOtEcNkiDt7 z9U?!{tHB`ZT+ync5$y8RAiXNEr>r&Myf^Fm%Z{mqYwNwF58VV}yFqc(i5?7h!q3I{ ztl~>oq*}yjjh#zZ1byO4L}^WNIc!yuL$dr-sAuNVOiJQ`ocI z{-S2dv>`B-*Hw^q0BoGQaiR-gl}=+un5yQ=Nd#K`DAAxwC_U|1c;F9~((7fTr{OEv zaJsv^GfB4DwN>d1ZqvUT0zTm_r!xeUDFNXm8x`0(Cn z)07C17b7tq(Hc0tw`xb%tRmjI%9XGI8DGAuJt8dmW1HrLk4yH4qPki;Hle&>RmCT| zNHVTRsmT@t*F`&(u245S*!#S~7yU-fj6O)bb~Ij{-c1##X){rl9{-v~3|msX;#Ng~ zxtxE3Wp=QtEfqWY#O)TcQLiPT6!OIjuku#MqMH6xTB~^xfVK!(5gT?=9(3NSn1}_42_I)6-~b#BARs{=e$~W-iA#c8&WMCT_IMP; z&x3FPc|_r64tP;Wr86KINkMH0!b5s^!X8~6{P8WQy#)#XhL8h(8-)I+0Qs{( z_kTD3uhIVh6c7`T|NVYj){kHULa?p80GtT`uv!>;tdPt1YOJoEUAIKdA3y1cBU=<6 z(uZO&vmwP#Ii)x3F3r>@?CLKj$F*qpajk77Q=0VN57&|q@%I+Va_R%2l_>bRTS{QJffArt z)E#j~HrD~ zDv+v4p#^EtX*7l=g&qhg{$z`QG7yG|`i;O8RMq?q{;v7fo8HnKfVp#<4krvCD0}CN zW5(*S7btp66R~)}s6NcLk63j>$-FSeueF`X22s-zDsH|?<6Xqx5H3YIVa}R z@losHn?&@tA8VZD+=1!cf1H2y02?=cC|3u)-Eg9lw6D4*=MkTI@2(*i-$`=W=`5*U z+vCG`Ibg??z3ZnxzEn}X9v#3QmMpByeQ~*RA(R;8xK=~7ZGO0a%2c`Jc>dM5<%9PL z^ZOn??m9AB*pd2W%=8(nF)dkOF2ZwYgn#vZW?Rd>G53qZV%MM;S(W^Tn;| z1Us#}e^bjP4a-e1OeRPhnM`}rs4~+N&f;>-~IIf diff --git a/tests/integration-tests/src/test/resources/client_revoked.jks b/tests/integration-tests/src/test/resources/client_revoked.jks deleted file mode 100644 index 5e9987c7eca21f3ebd2d9d1dfa20794fb57a789c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2377 zcmah~2{hF08voB?Y{OtQTv=wwF8@_BI`tm zvPC{cDO(}enn`1cFkSlYxu<*1J?EbDKIgo@-+7+*dEWDT&+la~v6lbb~cM{CKwTS zgHY>~%2(-N{M_*-uKY|OHr6`Ip+5_)K%Z;fwiZ`DSZ`s-syF49GlNMlZl9)c7QN*X z4^?7QN^iE8>QP6EsD>)jsoYxvI!K;xVC`H5<6wi!U#zqPA9=4m=&g<@VNF+VezP|% zQZUatUaz>Y`Cv#x1MSv3TSM>bzE|QrS%0iLp&h3YRefe=KFu^G0Z`0zJiw4Zu`>cJ z^Qx3ibY{1)07t*4ooDE|7j47DPAZt)&y5DFxX-z2lWw@VHmKY6tm7q7qlFpY+)%Ee zqc{);#OY{`^xgw_syvqnF{Ogrkl)q1#1pG7`>>9PB>tQPLUryA3wEj9e% zI3!GAGQ(k`;>SercSGO&y6ZhJ^)C1nqBHzi8nz64u!D0==}&43Ccr&=fHacXr?YZ{ z-ElrUGOzwZk|f&bK(o3e4PsV ziWzB|Sxi-wjS{^QiP!WzlwQExNxBsRkXko{3@YWc3~cYoxy~K-7YZ0Uj4}zlL+L4c zgT6^u3I=HrLZuHElBUdlWO{n=ieyy(biO=vx7u>l#mJR%W%rM0W@i$Z7MS7;}8Q(mB+zk4YGhlg!T6j@Wztv+GL& zY3>aw3%!bJ6_-L@<*_VV%-0-BA?cRS09fSWnbj?_XM^+Y978Twv*FJ@QI1IjtbW}T zD@`E3xs`C`a#R{ppPxK4zo?DBVwGI%C7pc4)V&KD4EY{hk)M5u&XBQ<>sOUzu8lpq z5We!MAbHX3s;hdm4G^?(PCi|1(EicjXtcKf;*r@e?kA2p{voOy9a}h*Rlf1oYHn*4 z%HAh$e8Am3w#es2^QYk_t723u76%c;{WHu?uzn4MBT#eh~S00moi}=KpT|U!(p1 zDL^Vj`uF?odOwT`K>@ow50nal055_bZ)R*{bEl9GU~hf$7v5^af>ONR*>d@Rjw6Mg zmEZf(+Kuh6Z=dj7?p*?K3*}Naah22SVJo5|i|hOQ6wbZ>RN_LBPs5Kqj`@jQ@pbHd z304grVk~DIb#Uu$G=BlJjw(ot&@U##^3faUknU$15~FXbKR?$JZ=C(mW0-L&d4{>U zanxMdQHh#Asu`xMCGKv|Zj0-hXLT?vef;}wN5(phj>zCm`fG@eCi_LdU{K9tntp<> zy&cAKI8!RYlvmrNTX@%ho^0kW*_X-VLL+1)YRiZjA;{?7OWiy4ix*qbjS?4=;!hbc z%_{DGn?SZ(sjjm7-X)vTM4&JT04a{{2cuv85?ulfhk^hov8#jxKO6%Wc4&|z1h2aK zDjb9Y#|>?4YTV+ge~B+40~ZA`QNm=AOJASl4G4VHtc8ch9b9ENY##e1y#xvlhe0_C z{yt0=jsb-cT)V$82L~q%@}C_PRN3n#1(yY7KwN=Tfkga%KMLi7o|+o*l1IP=f1;{a zP=FdaD2Sr!MfL|}_p$}ylAt)1_qPNppOWft@ORC3-}J8L5Wv0sRRq6mh>RhZ{=+RS z!=>@GoP+>^zq$lPdD=_p%VVNrKW~S zj#(CWiPYq4F=hqbJUwZ-IME61B8|YOq|3{=+;JA~DFd3;Gb|;Qja-ClkFzItl6*KP z{Mu&2And=qzI3O0=av^3y1hWv=@f>}($v($YUi%_TNgKHOGuv$fQ z{aB-_Z5xXiRj%FtFv5VvWivTu*h zOs<%YuHTy>^FZpS6*UVH`=f$p3y&)Fjuq>NX_Yo4IuVuNcK6fEk1QN4Y%Phbe}AC> zRlK#@{ZvcuF9nAhvd#53q6;6*->4mGZ#z5SF)}9Z`!L2ux_5Z|#b)!$V}$eXw;(yF zhE}PR)8@_8#cGp*h$vt=kik7a9tU3=xzMn5t%=+-wl0& z1waW%>~pL7iXsTTGBLFkEJ(fI7%d_M7GWx%?Mq3);P+~6Q@rxBTYVB7d&F*~8T3VLtYN2m0ajbx5#{-B=I z;dwtR4MMPN&)@Z$qy1Nq~U-Pb*Ns!HmqAI^LA}gS`iwmbyJ=nFWuKA(kwD8 zbcHv)*SEGFtNmK#qISl&;J)sy`{3HII%RWFTZR_O3y)_UC%MOlyxH4EHsz!O&Ioiz_{@F z+#h7KO2r>a6+thHt?xBes*JEtWsXRUeX|?NJxrI55-qhrpa+8j1S~ZnMX#gcWsHKn|ZBz zw^w>1u5p5bgC-@U<@RAr$-<{(1xdxG7ZO|)>n%K>@z ziX;B9}!DteqPcw@;^183p5chi0Pt?yOUmJ05*@`%$Z}-)2XiHGl9yfQ#7W zbV&<7%zHud=F%Xd$AeQFw>Gpv(o15pw^_;tv+OD86!REHm=9CF#<)^u`; zGrk)adMh>moxkizCBS=7wQsu;LNb#K2;aH&rd-k|C4%puSdPi+cA#wFi{8h!kFIIV z{PaeIjjB3$6as;N1zGSlkOdpdhQpvR7!(TfA-R>q4Z}D1cAXIc0WFBUAU6_j2_S`F zx|T#C5VHrk&^+dz?lcv1rX!O^lmT&jBoA7g;=!abJZMb3wF~vC3)2U0$_&68GpR&A zkasTyjs~vK7)(%FjE@9@L{O8cp-v{NUEGDFU8wPI2wD>PLG(Wbh`j>R|8D$Wqy7IW zKo(T?*Zp>_AI^dbKz4Z^7z+x8^fmAewVhkA%ACA|d~5Ot7%Jc`QdTSP zW6L|U9Pz$5 zZ8mW6%WRfQb+pit$dZcE*fEjK)~t~Sg#jfrOpL@}_er_q($eTvq`Y$u_r&?G(hKT5 zEd^o2(v_GpuKsEp!?%?i75Jb=YlL8qL$z2kN@HF4meA0(zoL>K_e^Q;Oy3^R>q`YD zm%N)TkBz7J=XhOiWpicGU~nh|nj6{!hIalG9V-ODKnRH4RRYTohyublB}s`(cWPrL za*RiLz&=*#g1pI3@v(A%I4Bw-%n-!N9|Ny>Ng6C?k1;LfA_7fRL(0QAGQSsylk9WZ60mkc^MhGSs4sM47m+B*_cCF z*o2uJLk)!u1VJ1Q9*ZxxJU#iwa=#JR9j3T@)5G7Sz5XTOQ}6icNVM=fJq>-PGfiCQX2l06 z-4Qf76Z>tq(l(BzQa2w2PceKw!En(8>zn`FejL@^tJWV&982no?f&>@ZZC$M(Gu@OJtd< z)@a7qCCvVH;)#073&Hi1rp{}y^4hO+ZP#Ymmv54{oPM;}kt=D^*?W#G3twzotLi(+ zJL%;0MSL6IpW7vMv-je!tE@c24h5|-I!Bq985tNC2O9($$O0ovmXAe@MWjf);{A@f zmjvz^Z(%8G)%~(P?57Jjx@DDFBn-qFuq)sP=@({X{LjK_zzn32gB_TvfWgklFvwTmOT0b5Z?2MH`&T?= zrMmi5cKfx8?=MJS@wxD0?TXb!UKg@bb=be_{P+ECoYrUfTheQ@bw~Br<@~z3wevq0 zpIG3)u!)cJtWy8oOTUKeZE&nxa+TWZ`GQ{o=gGx=Wc>fK*fT7J5H hQLg^)R_BGxoA!jW$z4Bm**Pxg==2}z_e>vY0|293ciI2| diff --git a/tests/security-resources/build.sh b/tests/security-resources/build.sh new file mode 100755 index 0000000000..82484a4f3c --- /dev/null +++ b/tests/security-resources/build.sh @@ -0,0 +1,156 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# The various SSL stores and certificates were created with the following commands: +# Requires use of JDK 8+ keytool command. +set -e + +KEY_PASS=securepass +STORE_PASS=securepass +CA_VALIDITY=365000 +VALIDITY=36500 + +# Clean up existing files +# ----------------------- +rm -f *.crt *.csr openssl-* *.jceks *.jks *.p12 *.pem + +# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust: +# ---------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt +openssl pkcs12 -in server-ca-keystore.p12 -nodes -nocerts -out server-ca.pem -password pass:$STORE_PASS + +# Create trust store with the server CA cert: +# ------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -importkeystore -srckeystore server-ca-truststore.p12 -destkeystore server-ca-truststore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore server-ca-truststore.p12 -destkeystore server-ca-truststore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create a key pair for the server, and sign it with the CA: +# ---------------------------------------------------------- +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -alias server -certreq -file server.csr +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt + +keytool -importkeystore -srckeystore server-keystore.p12 -destkeystore server-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore server-keystore.p12 -destkeystore server-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create a key pair for the other server, and sign it with the CA: +# ---------------------------------------------------------- +keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -alias other-server -certreq -file other-server.csr +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile other-server.csr -outfile other-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-server -file other-server.crt + +keytool -importkeystore -srckeystore other-server-keystore.p12 -destkeystore other-server-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore other-server-keystore.p12 -destkeystore other-server-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create trust store with the other server cert: +# ------------------------------------------------------- +keytool -storetype pkcs12 -keystore other-server-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-server -file other-server.crt -noprompt +keytool -importkeystore -srckeystore other-server-truststore.p12 -destkeystore other-server-truststore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore other-server-truststore.p12 -destkeystore other-server-truststore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create crl with the other server cert: +# ------------------------------------------------------- +> openssl-database +echo 00 > openssl-crlnumber +openssl ca -config openssl.conf -revoke other-server.crt -keyfile server-ca.pem -cert server-ca.crt +openssl ca -config openssl.conf -gencrl -keyfile server-ca.pem -cert server-ca.crt -out other-server-crl.pem -crldays $VALIDITY + +# Create a key pair for the broker with an unexpected hostname, and sign it with the CA: +# -------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias unknown-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA + +keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -alias unknown-server -certreq -file unknown-server.csr +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile unknown-server.csr -outfile unknown-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA + +keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt +keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias unknown-server -file unknown-server.crt + +keytool -importkeystore -srckeystore unknown-server-keystore.p12 -destkeystore unknown-server-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore unknown-server-keystore.p12 -destkeystore unknown-server-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create a key and self-signed certificate for the CA, to sign client certificate requests and use for trust: +# ---------------------------------------------------------------------------------------------------- +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias client-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -exportcert -rfc > client-ca.crt +openssl pkcs12 -in client-ca-keystore.p12 -nodes -nocerts -out client-ca.pem -password pass:$STORE_PASS + +# Create trust store with the client CA cert: +# ------------------------------------------------------- +keytool -storetype pkcs12 -keystore client-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -importkeystore -srckeystore client-ca-truststore.p12 -destkeystore client-ca-truststore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore client-ca-truststore.p12 -destkeystore client-ca-truststore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create a key pair for the client, and sign it with the CA: +# ---------------------------------------------------------- +keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -alias client -certreq -file client.csr +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client -file client.crt + +keytool -importkeystore -srckeystore client-keystore.p12 -destkeystore client-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore client-keystore.p12 -destkeystore client-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create a key pair for the other client, and sign it with the CA: +# ---------------------------------------------------------- +keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -alias other-client -certreq -file other-client.csr +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile other-client.csr -outfile other-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext san=dns:localhost,ip:127.0.0.1 + +keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-client -file other-client.crt + +keytool -importkeystore -srckeystore other-client-keystore.p12 -destkeystore other-client-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore other-client-keystore.p12 -destkeystore other-client-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Create crl with the other client cert: +# ------------------------------------------------------- +> openssl-database +echo 00 > openssl-crlnumber +openssl ca -config openssl.conf -revoke other-client.crt -keyfile client-ca.pem -cert client-ca.crt +openssl ca -config openssl.conf -gencrl -keyfile client-ca.pem -cert client-ca.crt -out other-client-crl.pem -crldays $VALIDITY + +# Create a key pair for the client with an unexpected hostname, and sign it with the CA: +# ---------------------------------------------------------- +keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias unknown-client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA + +keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -alias unknown-client -certreq -file unknown-client.csr +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile unknown-client.csr -outfile unknown-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA + +keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias unknown-client -file unknown-client.crt + +keytool -importkeystore -srckeystore unknown-client-keystore.p12 -destkeystore unknown-client-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass +keytool -importkeystore -srckeystore unknown-client-keystore.p12 -destkeystore unknown-client-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass + +# Clean up working files +# ----------------------- +rm -f *.crt *.csr openssl-* diff --git a/tests/security-resources/client-ca-keystore.p12 b/tests/security-resources/client-ca-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..7c6fae79e7dc90da5837da734db100451745ecf5 GIT binary patch literal 2589 zcmY+EX*d*&7RSwop~%iC*|INVHw|OS7Aj;X`@U~^P1dG~gzPdzDrp644?w!VW4<02HJjs zKf*B(-+!zic3=#|`U0C@lrbgkf4(l!0DyTI@F^SvK7@}3Jc6DB zg7_;`&R0eX1y2672ZAW@24D=hk5^jESG;NNq{XH%btTDyMQMFiT=cU@9Ci0KjWwey zrn53v_Dq;VSemnupb3tO-lz=7@ydZ|>Jh_j;az24%nc`V8*8O<<^~&qg8AgtR`#Bu zOq|(6dR}|(6WKSgE#6;0f7T(7k6s2v_fHJP1mCN+Rzrk$TA(d0n$-wJW5wxiraUfz zUAm0Q-~}aWpazZm>MK@mKMrBvHn#1OM*N85ydHw7y~7D%is$v1KT1v?do32WevESt zgP~i!#B>v8(<_60!nKi)gys4L64{5TT@`HXzVy;psrm)m`O|Qm3pt(cJ1Tj!=Gteu zOQ*-mBzR_~7RJ&lU)xD1{~`9we|lakWlR;#Gq%&5=^5 zSRX&n=#~V9$*)1ZJ8R`!Lp#+Ls?_MQ)yf5v#phiId%|s+jv3afbeKMkB55t;8D3_b z9Z`uk1$WgHeHKB{m(YIMS_zpAYsM*34?EU9^c5~h4XMJ&+4vJet-Q;}$F6I3jdIaz zmPNx*f4)1^v(jsOT{g)ne=>~Se~1RX+|OF9SNCXqL*`M?BwVeic~5{z@=OR#U13kz zsRo>@if5m$>4`o}(&?o8BW(P)W?t!IAtQ1mj7vxN3>nJ5o6)izSzt1bE^{<`ivSls za!3QNk$(y3oO9yTV+!*T-B&jM$|fjfz~_o_DIZgBR# zzUbPOJG?_%+sag<(#K3SP0kRR)u#$U*Npm~HNDOMqCWRD21{zhzri? zr|MgS06XxRml4gMNprtb-7GhGZ z>F1uVx*lD#Q+EbFjg{r}4{+XQ?mVs-MXk+3-A(Ug_1jGIVy{kDd`E>9sBL_gaqPx2 zao6;v``kK&=&nbI=1j(KEe^j+idV^4x6&agV7h%(OOMkUwXKH|u9|;D`xt$izsd9T zx94ktit;YRu;5^hMhz{^{l1o1lD_oB0_xGeN5Sw63sZUz@p^Ho{UZ`KbN7{`7V^N= zmR019=QCaTzzv$s9CqEb4kx}<ffG?!hp6B z1x z>hH(?vBT?Y8MsBC7C57XG1i{Va`iZ_IUeL1^oWZhYUPk!#s&64i*?udIUDv>iSC4^ z)Dyo4A(M>kQb8mAPx@@=#TH40i(*Fee0N`d3JL%V*LzM1i6fc2hA*f5FacID>8c^0 zR4cVlqy^daoZSAFr1fKEBcBod5r-l#a$~tX*v@|Py$+mG#C}wf=Oc@6YQ>*9Sn1A* zB5$u}fhH90rcV%Gn2|n76U6||ZumoALL9lp9BW&_LO*Ix%fEfc1U^sYuU`?@-NdI* z*RxQSL=%VTvb4D_E>8@2%`xW2Vg&aYDTh$;ch`1gKh?hJWCDtVG#d{5mbtm@8?i6g z7?#*nHmKw@Nq#pgDerxlnu8W3M26#D?*xqg|VBq!YHy=)^Qo z9d0np?N&~PE*gg3up-FCFvNY4G#to6d0$qyEyw2rx;%2MSe7Q&Y6F}}af2BL^2w7< zaQyP2&$5}*sO6sO0jD$9#$*>u?EJp>!+D44>ct;v0U0Hm93QX&Ua?F4dEvr>`G}-N z@%BUL=`P`CQx#|Qo^j(Fs}g+YrTxspN%>iQIXSKuVvQQiGgU3O)C~b6EBEheWKL6@ z(``3iDT>TJV$LoK>d_u1KFQ^>1fBB8v$kYbAo|c#TVpoPMptfX^w0z7`^;kxkg#&k!D%daEk5Z+1z}Z=DdYPe>l4>LE z<4(a?-Zwajm!udmP+UliEp@5lnM%3eie(En5|BzM>X{H(L7(ATqWynPg*Ua7u1%GN zCU)=#o7~uRWW)D~*oAzkfBCt_a=AWtzLK7jmnZBVw`Q?LN7zb&N2fn7KgQptSo*s~ zu5gZ4-r8a+SMDYEKr{36&7nuN12FzVR0KjPs$4wp^jiPg)9ggib}vf9=Ocp}(PqKm zv!!%WK?zs{8;mfTQ3%a4022lnw-hK`6k??DviCy{+TE?6f$5Vm&BY*2vX< g0cPHvndoA5>zKkOPE~9MZoL4%?XCxc0MU7W0V4Ux?f?J) literal 0 HcmV?d00001 diff --git a/tests/security-resources/client-ca-truststore.jceks b/tests/security-resources/client-ca-truststore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..8c7f939c6c8310dc6c18e8ddd3842a2f75e03350 GIT binary patch literal 950 zcmX?i?%X*B1_mY|W(3om$vK&+c_q5Zi9nHR9vPzp46G4)rUsS_49q14P0R%bO-vCB zn3))vm{`j0x3d}WvTFyI3T zaSO9M7L}ytW)>S-7?^=Xn1%IWiWHzy3eI2$C^)AUm1L%6CMT9;=I1FmmX>7X7iE@I z8YqbK8W|c`7#JHG8yJ~dL`m=iX#+ze0~4qK?VZrXsD$ioMpg#qCPsb+gC<5UrY1&4 zhP4%b^F%n=f9(~zFWHcqm;CG0tdD{Ve}9^wz97MoD~I>Vb~m4N^YlGi70cc}C=i{l z-s;rN5;!|+$Kwqpkxy!v?e6U7J`&pY?R=DO!`^&7p&wOG^5^%f|5UYCX8e8rdLrxo z=)D^`PFxc`{zBvWyWl1_o9u3$KQFGlX;QvwU1IZX=E9~FWoswLZJjws)bhg}4twv( zmzvqW^JaWNN$JTO2QI(1N-(hqXl^{{y`S^oT_pyU>l)J>{P>vn&WSa@_~*>*x>;K7 zOYSw5EU~y0as5YcQ}*KEndc4|EfvUfJgZ)^^P#D$7He~ITgdMf?<<3DY3Xqm=8O85 zoG@(2y|mP&@hKBCBLm}NBLf3)N{|(1Wc<&5IqXt2sjcPIni2mxnVqN!Oe{vVP{OZlgshS>5e@ zfy?juGQUrq@MZVH35(YI-dxSMZ+*i)#-=HIYERyNGa>f~n{M2dbHaHaq~r{@pUBh6 zU$*VjORp9D;xqIA%Fo-bpzo=e+CA%1Yv{)l*#~mf!-5zVi(Cq`>+|#AUcF^+;o5 z%uI|-Oe|&h+u00w**LY@JlekVGBR?rG8n`g3L5aUF^95n33E6mmt>Zu`UV;b81R9F zxP{pri%L>+Gm8x^49q|x%)*yc0NkCVQ;>k(2uGo`SbhLf2!ImGyXn*J&|>P z^xlmeC$5Pef1z>xU2v0|O?EfWpBGo&G$~)TF0uJGb7518vbB@rw$7X*YWd*~hrRdY zOU-QGc{4tsr1a#C1D9W0C74(QG&dgf-p_gPt`dXFb&Y8betgV(=fs*{{Bve@-7Ky4 zCHI<2mRMYhxc;NJDSL77%yS2fmI~xKo>ec|`Owr=i?unqE#&u#_mx4nwDdR&^F{qj zP8c@iURvtX_>_s6k%4isk%0j?CCCahGX7^_HDCr(2C~3dm*ry-V-ZQKkJnl9Htdzfz(DzhK?Vfe1HT2_&>;t*#VL=RwMJ|Qe_4#>luimmZaoX|~ zMR(^;V#$y>_wU{0^VQB19XyPx9oIg4wk|6E|L!>vpJDSbs*vBz(~~FQHuuwx#-p`AcBY5y{8{%DbF~Ompq8sAfmp9S`stam z7c%B%>eqa_haDYBw)|`?bM5^d zMYNm~t z0{U(Fp%f$~9Ps(e;?(%2g~9;OA+L6CF7!1=q9sDdJj#8+p zJR3mD$}zd{2PCz01o%8go++G^cSps($rhH8WS43w1@dq&rPo-@)_qOc18NCa5)O=< z{WQC`W@NGs&^1nfIBJd~xMvfH!aWU99NNYg)Vl&Vix6SrQ?zg*(8#-z3}@Qedg27N z|K2--CrzRPY9O6?Fr!yR^e&3^2Qq3-k4J;I2tuj_FF>I~#CXc(Vx?y2rylwhka{dG zbaUO!40tc?)7=&2*rl@`PPM_)0r$0>EMAJPHCsn)F;_+chY($HiPh7Npha&e-ZUis z@v?BdcRcMtHD-?qiIt6U)@=jH>yup->7X1D5&~jz(3)3yONaaI*tkm??f*-q)E_`J zq8ZrY9Zngczfl zQb~RFEfd?1iFeY4a8-ttCwJiM{X*r%7m+PrW`D|kbilp%6SnSS>45IFxFJSOcdBAtF^%jAByxg;t8fJCY zm72U=dr)<~&3o_4G}ECh5SjkrPa|pq(JCGXz1gg=Mb^g!Inh(hAFHa#$+torynXB%AO)x$%AutIB1uG5%0vZJX z1QZ@cN=u3i`ptVfnXWa6KM~fg1Da7g1@F0s{etpc9WH A&Hw-a literal 0 HcmV?d00001 diff --git a/tests/security-resources/client-ca.pem b/tests/security-resources/client-ca.pem new file mode 100644 index 0000000000..6eab31a900 --- /dev/null +++ b/tests/security-resources/client-ca.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: client-ca + localKeyID: 54 69 6D 65 20 31 36 32 37 39 39 35 37 37 38 32 30 33 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCteE6eFAkH+r0S +3xmAZW5j+sqa8RGh+/KQJ6BgQQpsDeS3RkxnN2e8tSF27eBwFZcnhUKLBFGbarjj +sHRZ5HwDPty/C8RVhvbPWi2AvW8uEvh65G+fjyf5JT8jAfvP12EFv1u9sQjI1hXH +6CjX7lOCRjxriwz86NTsgiPVO3Q89pmhgmQjO0JBtolsxCZvV0DDS7xvGpmHudlf +UHR1ydjA0+s6YDQ4UIOBwUu/CcHdIgAk1yiWQE4OA72cXTfR/Mybfpoqh6TegnSk +ONJY1/iNgmujU5nOwDKlEG5BzSd0ueE1RSoFg2OGVPuo73lS2iouCXFvFU90yDGA +bdKlRIHlAgMBAAECggEAdbXYay4fPrnnSQH4tQafFNreVqtUkr17SFSLYCViZBY9 +aBwcxkFzdDrY3XHnRUdxTVEA6YJhuft+QIrBOSpw+GbUthLPBFZT7jo7/EsPQY1/ +7SxLjlM/BbI/mIrFC7ET1imWoC6cTmPvXbps1LGVGyZ742H0yz1XFrHsjMoOQzrW +itL29T09CYfZrB+/uo2ozfAjTDKVUALhrd4qN/uiJsHTfZPOwIv/qgZTSUHDsfZP +SbUjJjWoEWJBhIewosCeyFaGOYN4JmHUQG597Xp8PS+cAvfLWMpBcSsX1ULClY2Q +PSv0PKVprZdIfeOtQHmRk56lwhW2QV7PhwstKdqjNQKBgQDvbfFlYkCq6HwMcPQJ +h2hBIUFHm7rBVflw72LKEYE5oiouSflMVRujujPUWIHkF9TRBZ0f4B+J9sUXTyPY +wAlbRTAaG5JGLjF6JxLjkw5MiPooJk8YcHPaadpOgT/vLall3mhdQG+hEshtysHP +jdagK93joWVc0aTdj2NFkJUFFwKBgQC5ebxmnkb2PyzH2oatZNfMLWnLjs8GFoWe +NHbJTzLAadl/sVTVhaWHYDjvbtZPq+0ynzLGnNQ7HPtuSqNiG2bY3/eedWdruPIO +Dcztr05YUzDX5pItoUucu19V0k0sWSOeKBD5mTVdUHgCLxd0GyZ4ODkS63ItjiBM +78m5q8MGYwKBgCed7X91DnY5Ga2FUxvwh9OfCQosPm6XJzsEoTgGRXef2ZLnMpTq +0DP7L3BHZNa1CsW7RBBuKUnOxzXgJnJK9EFh5V+siDuMkStBI+L8BjWrxJi4HgZR +NRpCwZiT0lxlFc6BSouDifUBAqEIF6GcOpMuLvznS7pcBgeTHj34em/pAoGAW8kS +ovXQyCubTYum+kfdQv12TXXunWSn2xK7dgPraaz4JWjsQn5Q3B2SD2saQ3Mhftup +lQAnRtmg04O8NuC4lLrBH3maJITxxGKv9y+55ZvFoBJKZKpdcMKI+z+HUVsLdUj+ +nYZkEjmwKeSEBsEo2HV6SRKa/lBHS8ueWHPXn2ECgYBn/WeTob0JMmoF5dIhISpP +bA/j/gj2r7aTR7/o9bpmJjj0f71zuPvJRIo5L1qs/UvsZIoU8DuZwSx8KyzS6g+J +VB5gE3JBKUhshy8TnMNIR+ZzJBFYtYc1TbB2OSsWP6sIilFN8KQKU9RMpmo6yiZZ +us6gZcNh399Hz894wYKyog== +-----END PRIVATE KEY----- diff --git a/tests/security-resources/client-keystore.jceks b/tests/security-resources/client-keystore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..a0ac1a3dad13328141399bcd331793130ddbcaba GIT binary patch literal 4124 zcmeH~c{r5)8pmfNOV+V3W2-QUXKan#*bs~Uo+~42tdY=2b@8@%WuU~g}cQ*(Gg8aO| zAbM9%JkFa40)c}M3TbPCK(G%03AO|X(K8;U2gATf2pkNs!59Sirqtl*SQZEr%AyS; z!P@9Cn{pMnUD~~GxZlXEX$X?a^FIIKWBij5W#uMsHvI8p+sj(Yf;s+GK-KUxHuEWg zH+b7IMJ8N{*eY|SbE7O>kWzGXG{NSXlHdecZ3BElHY(`rNi(^K(n(_pBlG1)a|4Sv zq#0`4tT2lb*L z6&(ED*Wk%Dr}jCw&YpDv&rWWXnBi<>BZy}RSx0K-e$=W}H@2Kn|EcyeVVU!J8@@^@ zCq~#X*t>cuux24sXi!h&%|nZ;T}M=4SeIDq8kF_8s*KRIkotVh;<|eXyF-#@tFVXT zThR{(4^?PiT5zoT>h&db`zxj=XR&i#`N)b2FGaAB*jouX{H#62-9G@Lq$Eijf8 zxc`O1%TD%n;88rPs5Kz<@tMaGRw)^))|&fvma7djt0v&xXeAZozalsjo0tJFBRpnx`qma+h1@v z@fMLEYPWE*UiP(eMINQLL%;2dKk1QL20Up3+`=1~#pQB*WO|BMdF#tsK(51*X-SHG zddC)oWlW#zs+nAHx@W+v*+og@lV!!0oULg3*II{jn+W{j)Vgv03ZCU@n;S-w@_wh( zJp8iU)i+(ECCsMvF{0}D4775tst>2-9l_qFmP;-wYaU4NVxD+$3;xv-rPNo_72ZQC z67wYMR&{!s2o|B?l<73%I~ZL^dr>o$a-uTX#}3t)7Z-iR5mlNfSuHppzj80`bv`nV zF7xwl^3#?Gj;x`HmV!nOW4B9rnYU(jszY++ibGe{d6sXhF%;d2G_;H5AP*oACbNwS zko<~I2G|1r8F9V!J1>VIWz}{hWvO~x6FyG0H!>{lWWJdlNu~88YfA0~IKwjd{+a1 zzIqj<882YiQP4PSbto=4_9U(m-N_sH*1)OE*TA_?G=Gd5n3PaQ5)t>mF*Vo{$j!uQ z-!W1?nbvr&-G7?MYp2BL#2hbv%2j@{^DR@K?#44I8-)QV*Bnox=2T^tiO%f0@T*s0 z8p$P&GuFlqXyvQ?YS3{hG@^MnNGR6rnTKR|+Z10+ag z9uxwGKwt{Lbe#fN=oyhQhB2R5z+h%N5a5L30NCiEXJAZl28=5a?~glWj$#K`_a$cd z0gNvZ=Y_w7LIcYC3KTB)&rPB~mqc~H&spny^U6abVRADcXCPdJVOehR=v)Ior0|Lyc}C}!{LKO=@eLBANyD=ybzba;=ejJj_%slZ6L$Va> z&N#WrC0NY%{Zg1nm)239mYzeG3B%v?3@5s69<^QMcXG4e>9dKG9vEsA2g>zG5%waq zXtS${D!r&T28mh=LFQj;t3!N7{FTG5II{)KdEIO2Sya8>NriSH1>5q-C)%3R-rFU< ze{iF0&Q#w&!Roj+$7u1uZn;xcV{OuT+25Q)UcNwY%3>|id_E*MJ-cIM4R?6$^9x&c zxG{Lv3m03f6~+gkbDdJ^l*eaU)k@prE*Ev>Nv<&|CQ>8|2*F)p1$>`O5E+n^rXq8( zK-JbbrojduzUn;!|7z8c|1400iy-Es8!1w^32(I(tPBMin*6+l- zmsFYk2DS$>t11D;{S9y!1ONf>{l~+w{r)lR`7IsY0Vo6z*cUlqaDaov=t*#O@pLC# zBF4hP_e>fP-d|&d@xZuDRRe7K>8}(ded^?KMnjTQ)vTs}-=V!gie{@{n8fE+H>zaJa^hk2ZYcMgbobfpuKe81r8MTNm9G9M- zvpUSO!41vz;AV&ll&1lZ`a@2 zGuAoscQ=wH^PDkEo-DIZ3{2dPyVX7x^Iw_r;ZB!~)*-{pGcP=yDJT9i8v@lFYhZ3Z z6Z5gh?pQ<}L6&nTXqJ#mk^J?rmIQdWXUK)F!M?77q3tzy>w?tK2TPKHx(E5-=Y@gy zB#A*aqWVW#KIxo_0licl>fv!=+2EC+!M0&t=$}nxDkxXMS!MZ8hhVsFf(s%Ff z+c|x!$+F#WFqbaZN>^Knwvk#Y>QL%UlH^&^l30^)eQL%K_ E0VQ{-@hw(v4Sma!#K^o(`v#+K~+E+Y{!MhpoJM)qZF+1G5PP%7D%5-K8z zG$}7C+hi?DIHNk}>V2 zaLJ$X_M`JJel^-`wZJ^6hEE%l;)L9%=9-$hSGzRRH|gUQ!>hoS!m2K~epaNFX+ANJ zz$F{Ps5(MnQ=t%Ds<;(Q16rxKtv`LW(>-vAQIu%&(z)LB__v^WDP2IUET#4tb&Sk6f!BiwP7;&~p}GFy~!sI=2wH6e2B^0P(79Lwai zH2T6cT{$S0Wb>G;BwsG)mC6h(MObEO#}Id$A{Z2Eb^&Y^9` zqcMp^WE+tDb^i2L1Zy1MxS3NaE;?kI=smnGG;B;&2p zb6@jy^ik?erMBDCw?bMhWLCKCU8o)&u8ZiwUF`iNdYNfn8#Fuxb0+#jS|hPf5k@(o zd2N|^Kn!pU)Q#vCjBGZ~=OEUN->lWmX!76I*m=fO}=RX&;aca`H zwrz_wUA3_x>(tywrRUIeY}+;I#qCg@7EeWTa{l(lmw2?zJZ_*~D+Mo!nkY?Kl=V{JO{IQlMRAaX>eP{DrziHgYubvYisZW*S^R-Ci$lM%N3Wffwaq5~E{rIu4?w`Mb#`9pH3ep+;Pw=!jL4Gpptna2It#7Tnw%B1 zB4oshy9{@oCSN`x6xZE=Oi?1N@bDpuED4?-JPG$+wI>spF30)#H!l&`6*dW7748oe z7E1aV70xO;A%ic-{CMv0W!wOPRF-_3A>4n?J(9@Z!=m z^Uk$|EA_#?(W_p@<}#I!!>6{qiN2%C`?~R1h8vjp+boam@flrBE1z%AOq$9^S;&5M zl2O-rsDjdzZwXz$L{YmVGZfKXarTYe74`=aN>IfBSWiRGpz~-=*|=EBS->2`)W!jF zoP!^m8))vqW)u%(sp**=NV9C1?p(`^!OvpMC+&K(F)>v+*S}{tY>u%;z`$l9vZ%vPX>P{`usq}~t!83$FwAhQV4VMpE$?o_ z_wGn%CoK;sfk4nOmqztOrVO=3pSWBdv3IIjQ{8c^6%ponAtTqN{!N=W;A9~RPf_a}IH zc)7U}yzst4m_ULj-rtLG0TAM5kwF1yKo%tn$O0$_9yS>iO;AJuKLy|%Y9GL~w>umG z#n9gVbHwn65&e(R{}ikcfcz0G_kRc$Ab~}GO$5y+pd>IGh^8|^NMJCC3eo>&iEJ&& zdBGdMBy6Cn2uWpTeq+y&dYE-{BC*RgRM>8Do+vn=afIvP;K5-0_^yuro2RyS`pzA2 zIpetb%r;J9WUNyJxT!;ma1_jqHcLuY8bZC)OV*eTG2dxz4)c2zq(HocWea(SyYX;v zPPw)}6FMNt*H@Bwys!K6qC@gxeNNpw6WyQ$D@9FqO4Z2LO_!$5))Wuvuh_6hJ?J%Q zXG=7XAL)#agH)oLC!+Pi*>wl^*NB21S34^zV?F3}|6x_~UF%+zn#Xa$6$2&W%S>{~ zWbrb5=m4>dXTu1Y2TALyFc-d{+#ARAqQj4;FgFDU8 z5P)}2WQQRDb`qlx-p$p=6CXf`g@x0M8xYu=V})_SI8Bt#+Z}*kDofeu=fa{Psp%?K zQ@>V-_Nme;1O^#6PcP*|Y+pZ($X>TZYB)q|;rat(n z9)atDmq~DJKY9P#X6WQIE8Pir+Ei4xB%co(CsJ!%&gc{=JwcZvmqkmqV{pJXx-K(3 zY+d;Bnuf(0%77OugQmLk{%0@I=X;NoN|dm!@rREH>36k%I5NSTLH?99+EQwn9hn$5 zszRQXW4oWIG(C8onJF(o8*?iUQDxVm)0B}kG-i%Ge@!g*)`(|nq2fb_4-q)zkU`@K zqge5~dEW}XUag0VN6n$jCnP?+vl3(3WJ_6}s{rbfo$d#>*Fc__FJJ5}uvTZX5cG(v z=0NaJNPL+Mpnt(lpuz1&gWK*W+(B<+;eX25UkkU4Jemf#EFc4*WB@rD+wVbEWHWY`ewK zH@d%f_VCz8OOl?dcjCTpvm=Wn(HANN)z7)5q|>4*T9}4-pYB6=Tg?ZCt$5zt*rst8 zGeY2_mz~cSl(BMXv#7`}!w$x-2@%l2vBO!KCalo50%yf%-}-64pOUfVZ%Bl4^swF7 zW-`gU%rf_Br%c6fzL)`VLeuZ^x{`EJZZTF{SC=kWypoh=Jcr+JO6WsH;D#%7BH#T$ zSq1>Uw|M~s7`zLk1E93qFZlgivj6B5-|;I-50|LUO4;J;ewSxwVtxYi?7q<58R#hy z%a||Dp8S*KW{hct{@^WyN3=UKlD*{Ay8iSF9}ZKkiBiM!wonpZ*pu$M-0DP`E2qyU z#-^B8O&CL$+*8+EN>i`Y8INCQZLf=H2a_^eFFv9yrsBHcQYS~AB7B#5k*IrpzDMzu z4XbkoSJ}98@!Nt$_k@m}5Oz<@8;-VK>GSTyiQ8C!$~cE@)Kg6KnXlhzbIq!{>OWDK z4)f%Hy7Mt(FjPBDQ(q<&Q}h0Pt%J*MOM%_0lexrAjcgTawC&;fiYM|zDdJr78luah zZjEM~_{t8``24gdQ)IzRVKATMRIuRf@BYg8s(V$rPj0=h@;qm%E0E)}IhyVZp literal 0 HcmV?d00001 diff --git a/tests/security-resources/client-keystore.p12 b/tests/security-resources/client-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..13b246823dc606038f60a97a05b73a71aa44cfe0 GIT binary patch literal 4759 zcmY+EWmFW5wuUDdIt3)9K|*908l<}$q`P52x?`lIyQPs9X&kzwTL+{|T3Q-8-@WVJ zbJqE>*Iw&+-@Si6P{gxT5D*MSJX1l(Vvkgayv74!01FY%M9~n>g#N*NPz1!`zaoes z8UmvC57zo;)X;JM?+O?gv@Ox2C z$Ae57?TmOJrtD*8l|B~*&?K`$wY-2(g=YHGq|^tf7h&)p^myUKLBDEiyHvKM z#Xa8rg}M#xJpylWRz4v;xE0HY_|?ioP{?jQ@wd`x^quW+n53zu8jrRxfEps?_{h_+ z5wtXzP`LwN@RO!FCY~cAV_PxE5?km=cveMLh8YGSw&<`giEvQB?LznmOX#_`}kWiLjZF^+R4Ikc4;FPyG71OU$-`xYjOLbSTfeq{Xou$ zEcLayZq9t3YT?uBU<`%IkLEuot;V>*B~(Sk*e%{C(MFT2ZUpkBw=9n~JO#r!8=>V< z%-@e}<8J8Tv8cCNM^qspO)?;5>yc3ys_)4`OzHD!xHo87sHpw(_`6xuTgGyBr7iYu zetgPvuXU8jqDh!)BLlaD55|GK3ot+=q6!>5R+^-)7~U5K@Z?4(j-sGaiI{~>RHpHc zmC1cIg%sHALY?2kSp%C`>J4^T`5i~t8}zHblVDZV^x4X%-QrVtNE4c_5RYsS+^ovw z*f@AMbRXw)t z6o;YSsw$H0{r!zk57}tv3|fr-7~sE{ZM4XCbd4vM7o@ zXHO5tWh^qUIXR()AF%A9*9;*#g)uQDIc2wj(~9TzCmS=A_FXrL5_1t%7GBX|g-P)4 zYgxAGPiR{F3AQ2}EKp|>Q9Ew8?4w9ph3P!w9{<;#Vq2}cxdYOqpmg<^%=i8jhe`6g zSS_+_-^X*k!MXa4eeHJ$&8KHVd?CJ-!_D;+nj&ji0xtci9{J|?W3fCDaT16rv(Y6E z81`*1UJkL}j1LV%oMP0c=~Db<1Un!9Vi6%hBGq1+SZ1TBVkL>!=fTaMcD%dZUV&a|-h*_xhFK z-i{0Hx3vC)nH=-<7GKDvty5~wK9Yt^VPZOjy(HXtzasO-J!e~&dx%_*T+C>pD&>;7 zkC9k|k$MD|3Gj<>P*XFpX4%H8`E{G^qomwfLw`vB9I1nl7?>T{cQuT!9% zeO;HOlhy(c539_L7{OF*+H7p?c6LNQgx24^CHf09Fg{xqU-m2GkRiJwk8j%Ckmhkt zQnW^}uqY)8vN6W*g7u9*XZsnI;h!+4 z0vZN<22n4OB?tY>Pu4MT<@_fh5Q6h*W##r0G-z`9|tQy5)sjLpM@?yOO5 z^jbLRr&uLp`4Q+1YnDqs$qZ21hD>Gy?4hB58XEn9DMyeatQ;0tG3lQ`CUt~ymqjSo zPI5b^L=@y8182BmNh}%9BT3yXx^WN~#Y)0`nDNV%MZN%CQKHw2=bqDTvK^zAc7X|GG<2rj2yX)q*g$F+I)0QN@JXKU-BPxFtRNM9j;oTDtoX;?{P|;t zy50jV+;>Ll*IK5Ck$62(g@o%qxwL-i$OC3;N5*9c1*@!QrQ06XrFCk!QF0asDK@ir zgC>Py;y`hysiXzeA>10AEMpz0;nav*I()I}0#9<4lm?{+Lr=iTvf97_B+B`}W*~;fn1A zFZiOFV&g6Y&pA509IK-}8V~T?u92C|nTtFjACCJK(d9lMKU2FM$Bum?zl_=Afi7Hk zM12-e<)3y+gOiD1Q}QdBRV9dvCyvVwhPxQ#P{G^y61t}Uj#U!Dn4SMdh%85b3R6cS zeYUoZ)Ld?Ia0d4B9FC4!5MuUBJgGc3;RHvh0_xgFv28j&4Z&+&CXVB|FaDV1=n zJV7PK8L(S6?lY|++h>!)cU^q#UC`D&Y5c=z+{uuUuM}smOVb~llm~3VJg>&Jy19D| zQ_NYhScQcZnmRn$Daa^Qf@}~+q_f6Pq$&l$juqkadlr|yXd$_G5xgJOtgASM)`|FP zatVlekkXRw-c-b@xm7D=t#>GNUI$hh*z(r^U^vwhHl+C35iPUu#RP zxV!@<>4zlchbOlJl>uz$ho}ALA$)kQkofkJ$qoaPswK2Y`nz2A-lTL8c0DY@59KDk z@}X_Fu~jv12WJhrYtxCtCAi-YRIeg(xqe`6!tf-OMQIJ+SYwT`S!5E?+AmEC(1a2m zd4||<%ag^FSI zli3nZI+rx1N#_CZQY%Bo9#ah(ULU_aYuR6NaB|$xLv(InisDmTX0j5`oKQb7_)3(2 zisRj8mM&g(*i!I(Blq^C)#jI*F8kR4 zleitgXe%!Rs{~*1m89;v<*8o0FJ16Aj9-3I4{_FT=6}g~rhn0O zF!V)vlAfynv_{9t?TMJ1mmn`0NI8&7rGj0a38-tk!dfj+W@9Lyj=jZc>-Eb!Z{g(h zn_xo0QV;N#jfBSP=q#cj0C)e)mmtdcm3+AxwPk!Tay3}($4{IB7MEiwC3e$s%l#^( z&>i{Nbd!0JZZAMbzwkHfK|o16rxm5J75>%sq@B^V`LZko)_xbX@I$iW6_>2!JHc@V zT;8M9EftF=ChBSCLIYl^G|(m1Sr67p{a7g@LLhOMjQgH6<8bQNY>{tkxa8;?4MaXp zMsebRUU-7xNpf0^`0#9@APi5vQ?RDc}ui$nYr>bl$`DJv8=rA^4nmEttdrc~v6yTYs);IedvX@}WL;icB-Y6Aq2?|cuScTeh6@9Q-T2T#wc~dre*^;Gx^CDG? zuiwE=doBA{B`3RF-=$vNUcnji-XCNkBKv{4m;Od zWq5dO-wT=@Ql9+{cwTAS={CRGNID{#xvca|FI>_@oeF(NB`2|(2GFj zcZrk<-;=01*e7MOsTrv{3!QIsz~3!b`7Cn~g(7x_j^tB~Qor9ZWc@Kvt88w~iO49H(3mVas{L4d zrPkGi_gxio6PO?)DwE#zYmNQdm2ybd#CA<8WKd(XtT(G(2Xo;*mVgmA;LH9yBBZHxST%>hw(D#juwLrzFVjCY2-;vmd(xd8)sAKTW0 zh)*o2%pf91B`}-yrZsE60Kd^XG1vk1(z_N%)4(Ft^>w+hE{^>~xlIPn+oqD$h-`7G9^1pPnr;~^xcW> z2Y)_H4u5WQwHyZu^8RdFur6Zzdb|dTk?IoJL6T z<-Kqwyn80Cq@Z!0c3#{Kko#(t4jK;L=jDo&Gq_n2UbHFd|K&kN#tzzyjIvztn29y$3qWOCx(*h z&={T^4#=PC&DS?IkH==dXj)C}oRaJL5Svprjpp*kcQ;V>_b!5)VfZwysy;Y)G>cVX zN}oa?ifh4b3U@*J~*PG6eIx>QApT#@2kkEZjeJ1P17qXB9xxN0U5)568J;UcMbvzEY>@ z*FQVr@q4!D^TFIr$D{*u5t;OpqHwXTp|T!Rh!We0_{Pu@Vy_6*$I`_XfbVq8Zj1RV zaB(u-RXZ~3(3<{SAN;a!v81~5?)@q7YZ&MZ)PvtblQTDCw%FG~M{5-C!E)==)3C7R zvWAli6@$`4vCttL_+Stv1b{}uyn?Z?t0p#?P!RNKPjkGYyz+S;8VRj^*|3H2qk?2w Tg}!au?Ylu9e_0S17+Lr)H<$jX literal 0 HcmV?d00001 diff --git a/tests/security-resources/openssl.conf b/tests/security-resources/openssl.conf new file mode 100644 index 0000000000..efe2ffba63 --- /dev/null +++ b/tests/security-resources/openssl.conf @@ -0,0 +1,26 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# OpenSSL configuration for CRL generation +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = ./ +database = $dir/openssl-database +crlnumber = $dir/openssl-crlnumber +default_md = default diff --git a/tests/security-resources/other-client-crl.pem b/tests/security-resources/other-client-crl.pem new file mode 100644 index 0000000000..45f51abe29 --- /dev/null +++ b/tests/security-resources/other-client-crl.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIB0zCBvAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll +bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTIxMDgwMzEzMDMwN1oYDzIxMjEw +NzEwMTMwMzA3WjAXMBUCBH493qkXDTIxMDgwMzEzMDMwN1qgDjAMMAoGA1UdFAQD +AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQBzM0YCos5sHRAN4pPzNWCAonqezX6FfcY+ +SuufVcxD583O2Vnuwmz9i9PhGJJbWxGuCtXwS1JNldm7/rXhpZOd539W1BJQprGb +nwooQWTBBU8qTaXmUVWiPsMlL/IcMUTB/DVgWsRuwjA7wtVAseIoa2Z/geZZAOwO +vgp7RAtWW9M1Vr7/XWNsJqIOoPnPqGhg8Nve2sFfySQmJQZP8LnnDgC6pv51TnRa +VrOmHtralj2d0U3z78nRZW26S1XMxA0wb5yTc4T8lxCZ969vwtiWOQRCoKL/EFWe +Yy2oBbRjTHEZWYyhYHCMcGP2JSGcDnSZmc+d7ydgx4Gq7nHy3FCM +-----END X509 CRL----- diff --git a/tests/security-resources/other-client-keystore.jceks b/tests/security-resources/other-client-keystore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..0cf978c275b8447fd4f9a1a59faf58ca566b79a8 GIT binary patch literal 4136 zcmeI#X*iVa9suy!EMrZBgfjM>XNC!hjO9f#w(Lcg5e6eB3Rwn)3fYPfSxdHr%I=+% zZDglH*%BoNNyr)1d9TiU&UMcDaL%{)!*kuw{eSKc_jBL(|GIyFDwRqFfk2Qy9=MB_ z2i}Jy@8SdkfrHruO)NnSHVPO(4FrOc05a4UAVX|&pb#(w0t=Y9%m}bE!euTQTv}%b zgIO6sfFp_v;ADha!dMW@SQnB<0N&UPwFltX4Y4Aauzn=Gw}(GU6*#mTfg%+DJ_z~q z6H@2<1duv-Kaz)=hl>-*gXn|Ao+G&v{X9q)0OUS)Gzw4!lu$|l8l!5*$4PGi6dF+e z8TkKCfeaS;^|!$cASfBk2?EGq76=&(29=)2Wpl%szBcTg*dLDfarxSjvCNgbNlTQ> zIgMrUVxO-4?f4m$GxgQN0UzJ^^4yS&*1iHWyXE<4s)A%Y9Rk&S-NZ_6agmI+~KswU0FSFC0FttZEt=(PGpDZy6H-i49Ao zY2i4a4VkA@dbhf6g=WZH&L1a}@>Tn6hQC}R6Y?z5sm1URwO70A(h_24`l7?QKO? zPeYwWEG})Fau`^5ll|0zu5ljL!vi@QQl#Iitt(DKZvS* z?juJmtf9R>R?N9CowzNOU5ivS6vki4=!>>oeokoimb5Yl<#G2}X~yFWSW6x@IHeU8 z`;BEK!Q2I@-xia5f_1KI8K8r)rL(hTc8)uBnKrbOX3`Z$Z>WEaww9VN=)}B;m*ky4 zD!L@<^2n5%SlDC|d+U1VWP(tNFjzol^1M(LJu|@|HX_L#?`Q)W|#BrA*1H&6x?P?eOs3poh<#4QC^Egop>5mNYT$Pt}sow+YU3 z!}{{Hn5I;`Ug2x>dvwTcv)>&f*p`(%2K>lp^B=Vl}44@Q-k_(Zcu*5 z3Y1|L^W^rz)=W&Ess6_1Tcyd`xd3FCC#A9*S^lJ{J2!4qtlgj z@kb7ZQ%dEp@ZAc%CJNKM0){i1yifQ!<;Al+Oz(QH-)HNu(!&yV3_my7FM+Byi<6@i z=8SHhI>s7P5^UJ#^hy6jnbv4x$T|qM0KgF<(}IM7yaUns%J(qGz_Sv zm484e=e#*JlqWW^Ke$z_N23ray<3W>nang%uKx-k^yS` zEQBk$QhxrMv3ywo9$p8;?l0*>cbTncO-pIUrF^w})%=VBul%8BojmKHJptiN>reG)IOL9@T21S2nR-sfsg!Rbc_ z;;;#_X{T9Vv@ttQr6rTp0AX4$IE`)>Rgs67F8CyJ}y=N@qu3(9yRSLN?{E`4S46J=|wwQ z#T+w6=#1^yGNw42wxVh7My5%az``yIOW(Mgr@ojmmjfyneuvl`qNUp$sjN3j%xIzY zarC$d&6S=Dt1cVky=OP*?-X#ERZnky%(f&1TTc<$+p2%Q-B~vw$8}Ivy<=v4dbQns*%5XFX%fmcu&Z*)&1(Mse!Z~|-X>sq{3UnTo5kn7m9Y93u3FXJPY$ zi`a@=A3De>zGI9_bJmo7;F55##4)x1PON&%HdE#y<=NEIkm-QE$LG_1#yoa{XoI!u zvxPO=mLyL3w@EEcrua@W;wA~FcKQ<(?>DP3p^J-E-{;6I{D3TC=i`Q&NfH-WF1|@H z7uq*h7d>*aWilY>q|?ZErToE>5jsZ(=p3p4$&pZv@wYyM z6%;_{$Zh}#M6m%ZyVzkwK(TZT{p>OSLyzf4@4vE>1R(aqP6z(UPA0q8#7{xdIr8tB z((tMIZINwTWPug~v`EF0ClE88{4K`cG~K~pT$ zyqP$2aPpzOwqS-tIVMig`g3DfmpFeSP3vX7L9&2+DZIy{R5fn7JFxMneL_tqd&AJ% zB4W&TEp>j4fo07rQ$G5lY~ENtTgs)2$uHe7FZDPENau&>7tjYWIQWcBZtoF;B zv1GOw5v}IN$mlx@*;gff&^h-&D+|mU126Ybwe+=o4ePqIHk_iS0;ArO9OT|1((a&m z39q|D_FG8~6>KQp=@kigOL8g~YF0xA?VRyilcls|G-rMr9%=As>7IxpgyzS-;?&^J zJHY>#8L7);?bmusHl;u^=}68>#5(vkef;S_utkfMnq77ZWndAZnEj z3}%6W07n!Tz_AN*3d)RtV_XQhi`e7lC{BQVC&hwb#P|@f=W)I$4Pf6+27*xj`y|ny zpG5V3TY#t@)`x&|#kn{WaCk3Kj32=b?}H-*0;0RwR8W8hpo&rjRL~l>dpPJLfKma} zekT6>B@n^lzit~013`#j4iG>DGcypuU{FbbNj47?;|=?h%B8;glD zIZha6PqvBjBgf9EpL_mT?Bd*rH}6fENZnYdd4~Iw@iKzVL@-2au$ra*RMbkFtzu{; zUWt3{(ggk%NoHM2TLQe%*5eGTwyV4kZ|LTIJuTbw*@AfFphqn0=5*&LqD0pL!oiia zT;f@Y1G*Smv}e6E-b&|%@pHUD+SR9hj%EbE#@?EDv-_RYG|a-oYK^OzYTt{4Bzt62 zbWGSGm6@m2J2sm$Leh~}Zx0a(w>92c_pHSeJ@PHmT5D7&oL-m~8N$<1v_29R?h7 z3CJ07i>UR}Zh|AEXBbn8LEC+VYa~`Uj4S8NlEHYFC%38Y`&?sxD+qCKa8rG08Z}lW z@2q?5)dcgx_s1b$u!&0*xruqD$NP%et4c$wz{Km%FE;oN!*7XXmy0SJieY2Z-$tHVXz-{xFJpNEl+W|lQY*p4fTj3RrE^MQ zk-J}ITaaFoj)6)LretdBo~`5eicIT8dvm!m?VAVYBCTX+C{5`01R1^= zZHajamnUXC_=0NF=!~SMF_Or2G4NjGSb)ewx-!8aRy@HC>!bKXn?Hs54FrNQ07U3E zU0lrayTDK|l7S0MFGeU4I>S606I#b;9XoKXj7Hu*P^gCHP4X*UWfET{$eMx7+uXUz z3k29zKfKf$^!CU9T^RUGt_fQ z6Ip@C13h7#+pii^X|tk774s2CHkk#SZhFn#bN!s(br}J%;#tO%+4vWur z4Qaj}6Jn8V|-7uCTy`9nQ z<%o}k=9Tf2wpcRA`>5Cl?8Pqe1rV&-tCv^yB_5BCM8yZpeTF=7WfHe?_uf7`GO7MS+LWzqm!7T7f>@V(nM`l zTuPQ|{ao*ga#<|;m{X{b=hTMvH!x@{G1H{yFI8Lq^9P*yF z;+9i4k#`*r>ahFjd=H=G^qBTEPT2HPHWVS(9}=h}xwl2qwqYtks>J4^`jL}c;Trn( z_nulilSemB@Nm{PuikcA=e=C=#5QbC6Mv;wD!CHd-Bgs~BUSc?7+SwnQ8p_S7ieSVoG8`sgDLp z9qrQJ9x+&#OO%Cw7`T(apRDhw@1Z|0+(ZgSo+BBKyuh_A7t-|kIQEv9l!8E(7bKV->RG#eyeJ zISS_cvX^7I1YaKwe)hIHT(YVk1^`ctVVOva;T&AgFF6wSU_ah8co2q&@ni@Uc zf6#@hvwd=S+q7>P-PY6I03ixLB*QsLclTZ!rnWef#V`u(q4ul+0`F!@65; z8r_k$Iu^)%6wl-vhqe)74=DhwK=xA3^8Dj#{Nw(lD_tICqucj*QJJXZF3x0^3^Ep? znOo|)rDfvu<+(&V&YFN%p4#&hW(e-#k12N=!ysa6g@S@%kfD@OQ}#2K z$ngeBsanthg@S$(tu3kMOozG(_u7zp>dBUg?6c2k);Twt&ATe%*0xM!=e|t7)w0}T&Z^El8#u4!#WL*`M+*hF4Yzr{GbyKq32HJpb3PX9g9>E(As>7^q|Cmm6q|3s9K zLqm7|&{h6?KKK<;Q~@*{QB+WLW>H50bVS)n0RAXefO!Xib|D}bIw1Xw;Qtgc{)ql3 zo{|P6fAEyhzwnglPV4wdRdhu8&*)P5rDn9y=2bXF2L>rrKgH{ho*-{u^EFFz@RgDy zR0fSiJics%K7V3Smy%<{>aB?xt$7oQ{0)h*nYGzaKu@;>R|Bu?PAn6<@5s<-lFz+%-2Q7oS}EpydlzG z7qYLXv<@s_Na5a1TOmz->uzG2KhPxv2nIxUNJRp=2jC0+_pHLSGXVi*06+j@=T!>2 zbBl0#Cx*coAq;@PPLd0X0Jw-uo_H5$PdB_T;VSeBy?y_JLGcE1O-c8@vyV$f92hz& zRyup*I`$6*`x^#@Ozuw9@9<8%W;#>ht+9_=K6_*V{Xw!HYKGV>)MHq2oK7#^(=5-V z-Tu^QBI`AAotmof$h_I?I2kXM94hGREPTDQpR-lx zsE)T`MN8JYbHuoR#7BaI!Usf39*WOnuqBw^Ql^`-uAJ8)9_pIxTq;tdDSGMqInQPJ z`r7oG%N4c7Q)H44=6p?mO-Zj=CD+T| z5XL3b+;ivAa;?zT^%EaG53PP$mdx)IL&ob7mqp>yMd+n^zi+jA(+&avU+XjbQ16>O z9q)hw0folWe@Of<7xKdh{WmH9zwQUopV0kPy{s^h=&hFP`eV5@F6vje<<*X@lXhA3jzeS$zN;$ zMG(IDuZYl@072;R7sLLRB@x;GU6GUG0Z|BoD=32C50saP^#AeS=S&2&9q^(UuQy^U zqYNDE%N#x2EuK4DKzzVweF6l*Ae-RRpfyeE3_GI;Gvap(8eZ4w`f&+blBaWD#j8S0 zi8E`20!v`|72E}IABShA9pk#q$};Mw+C&J zMe{5DF3LwQ>r^q?{ItC?`ts50jn!F3RyQfD>wLORGsOYC!*)@2XNo4YiRA#4L4dY8 zyMK-@5U)ganx0j5gZzqwh+k&Ka8vO-BH=hKwNx||m;_Rrjbh-wXRl+<9k!*wtsfuA z!n*Uh4jQXA*lk>Ju;*yCZvR=fmy17~-Os!tC0An_eJVG?k|*3H+3Wo%O(mbPn$Xm= zZunTfi#Qgt>v7h_O1!KP`k2`*@HNFrd`BwxXv7!n0`21aJhK8k5EqOA(ro7Ony_dG z;cVWaBk&|G^HsES^{_>8FE5o)6nnidNjOr+2Rlk5o?BJ1ar*4kg0JLwIvfxoDxFfm zf^MMsIi4?9ZThKvy?=7?g55aIm-5N=7LK()JE_LO>UvaA(b3Ol(5Uy@?W)}B!$eb~ zLt>941iqkiQaCI@?fzXz&^KJeYEGmyCVOGA7f$%|`r2!Xn!{>~{2PAub4Anm{$&ejToc)MAC3ixhMk9P`9Lvm7P@kes?(c$^{q{}K39{@$b2y7GHFV8w;!=(B za~{!&BnZ(b(aJG*Y87zFy~qc;j^{0UpJJyRz$rC;0xi!F8-4T6M0bmd+dt+;y_@S( z!|)^l+cSJ?lt)bk?R|N3^Ptg^{lQVY9$t$WTqc$v;Es;VWgCXVdM8XU9-chnvfE~- z7S`~PUIM1om;J-C3F?4QvmYAa3_U-URCrG3W@;?!Ap3ir;g;Mla}-V?|J7Tsnczd?1MM;4wzj8}`80x0yxBNtd*T6(A&O9MwiCY!7L_e{wh#P{P` zOWtX`FqdW9x^gL6>Dmw8)k*-dz(_sE9bc1~fOZYXbD_>-G{U545dYR-n6G zPE$KV#2AfHrFNg7bsKP@%meECSTi67mqc>M;D>KCqq`;{jnccHYqRw)DnqCf4Y0U>Mh#h z?HLpOgRzTauCmZ;5w*ssYv;a?+26a`Hbi7&35m(otdL9%)Eh-bT;qDhnbfDl-0m07 zs^nCm(L9yH;f;g09FrQIP~me~yf<(X)`oKb zTa_fV!i*4lfH%M&;0ka8_yQgQ908sHx4-jqfIpP&KZ|t2v;@?~ZeC8T!V)5q($eCR zQWBz4!cYYH^uL#giBJgg{=cXPhzI!FTK|*a{g-Wt{>Qcr!kOAwlB26ds!m$0)@c^1 zEY;+HZ5xFkk1}MSNqzx^NdV*}oH`7uEoro;iVr_#6+zx*m`Jv1F1$grd!NPT*cez! z7xe9z41>UqWERF+V<0J2ZL%F6O}TElb<0VA>t*+>wJHnpLSxWJlZYCuOavK#e^dnnXSw~DR5%uKebci2SN@%>7u-}C?*Ea zAX4!A+{PGNo0wX1WW#>V{;<63iuyb?feY6MjFcgGTCCvH?J9m&RPnQ(M{RJ$NdJ(n z#XoWPRTjHw6gGOSnAfu4zO+ArVZxHm_%Mn?J2rL~1{%j@yD?ROX>+r*9~t7a&l#>e zg+4}yBrn}v^+DI$HNyLFlQq#QeQPiu=YeiUvPs)0d#zIi=5jIUPbGRF=9z#a!HXAFBs;Zyto?}G z<@%XH8ac()Q)kyV{>(r9L8fv^wXqA^wyH~^UlvC^&{H^Y!He^HiZ#JNsn}w~%AfKt zRX9}@?+)pq z=qSNY5k|Ln_nHZe(V>M1=^jh>l~>c=omtLrz9`jdhf%#le(jr>JMZgy$3M*aWx01U z5^C&VA;@jN9QITOz+2a|A;Al%0P&0){y-vVHI zZEoDr>5o?x#@S;x-1OYt2xQ4r2f8u=3U|Xj#?9y#1S_{Zm9cC=eJVWuxV^-yrwNPS z#9M>xnQs$SdmDRX!pLsL&jX$JdEPTT39k%$OOs!h-$ODh#Ii-3=`|1eM(zSAJ|B1_ z1Nl94SF&tM#IiHv7k6{RD%#O;j`$-AQxk2US>R#vO~M9ogGp;|`VC59eckriW4gZy z>c;v=A`Hi7=I@M(xiD;&+eU}-!=b}U6SMf!-bikP5bZ{kx!LLtQ-~v0fKUPD!!<0n zOJu*osoFs9uf-P!u76DJotHkupr=_OKcuyG#FDT_9#L}l^1*b(B;N`iH zCcy*VCmP#W!IBli)EOQA!5SjEd2;$BGDt_NCdHdI>Q1lMQvaM^d1cYCT^VF0&27f{ z@h;Ew>2%0>?%PbTG6{Hj{@@xc{gx0M+yWNUUH*xqO}~7L ztNgv1)aUo5Y6c&W*LsiZhRWEvLRr9a;HmpwXskXX1TopWpH`7JJreBalUl82@Q;$9 z|7JWo?aPKJIBC0rjg;&+k(c6n$V{~Wj3bXDs#LTDpAj};fXS`t{)7xyuIc2jB^>xj zZ++CSC0{H}%!=ecLRA#k2CJ`ubDY0RHtXefQ5jsVAT~AEPnl#bn%Vo5d6Z3JIZ>g_AXS?1bK{iZEX* zr3p#?b-_<4Bm~)2V^Yl}4m z3I^Ubay6em7uTy3fxr!axaz%Cc?|_`_2qe%Gta$O?;3c@9{I-TlRl59zywuDXOH8@ z-~N+H0rr22`YFM-N@R}Hs?FxpNd<48(dum?w6FYg-e#XJMvxTX^mXnS%~j%StyqBV z?WQi#Xp9}KmCh?I0__kyrk6)LN-KVl*hLWFA(i1m9-ChJRrh1DdP$jxC{*U%+^gKE z%<-)KdJh|$h0&K2r6w5jXO9o+so;7*bJ`m$6?BIC%nE=0X;toQBqv{PeM<(-{A~Sk z73KFCSU&W+pDiF3&B!X^9=edrv`%Wc^JjQbS9O0o{v%2+@-BW)dX+URn@YEcfqd#x zQE+yN4aTK$oAq--jsBxYfJ>Tm5-Z*eJYX16371l?xohFlbf=~M_bbzml85Xh_8VmJ=N8Kbf{jsqbz_Wtf^142$@`k>y!}Ycj9N&FQ#^x3hUe0jhJPcsn z5(thlpyC$yT|>@UY=lBmzQ+)HtvtAhK)X-Sz=vz6PMVd$X$Q^ zBfbf)V5(r5e$m5Oy#=ymxQYn}movXdZ#WH4;u5A@j!n9lS2U!y34ZF>3(oUy90Xxf zUtWDsru}FWGtyno_+mF!;`@F`P@;rsqyp*g;+R9)R)We)2~F!6s@W91^gFcqtec)T zPRm5oI0Klhka1xWJPq+Y-rUfsXBByJmm2A8^w5@b1XylqXA{r)H5rbEn#gf_bdQIM zrHc7mGf2j*(FcNK9=k$66b-n(`c#VERSMd|;W`S!wT61H91nIqmCY8}|5$DV8%2xY zAspv|4q_oaVzGiFF+^RdPJcjBWJ;~L{QAb($Fy_f!qu8C$+%R;W7)PdnpX6kwumCU ze|gad@qXHuSvPh&&(66F)h~&Sik&6bh~>6|5wsufkup9ki^ZIg4=@#OyUCVRx<|)G zz4*oOD822AcEIeju%%W=^Y!hAg?IJDEp3$nk;f=d4sVResU71x3Y=%1J`^sti6RGk ztd|*TAe}n=*PGQ_JZ@Gvj~cXgMf*S6=V@le{8B~31C0_qBwV*TLf?c z`EclVm^YgHgU_bx1JmY?b{#vTFV&0d6}m0KnaedH--KVbQOO7niuUV+*Pj@tu}WgDQ7_u$4#%3yh&B6SbmeuYG>wMH`cO;Vx128ZGbe+*JfxPMU5wRSh;e+d>QP9ejL!F z`#i$8`7yt7iCg(*H-nQ8{UTg`vL+{^XZO3XJ!8AP*&jV)$;^3=0QWZ3sn^nlxtYiHxHAa+!J z?Hd66*gk&=akG%q?l28fCniBU8Be+2OR>m%Vpm127NqwQ)f*|e-fDbZ$t;}DLWEBk z^vlR~Q{<4h#gOO;;vTu1;xhm~D8B@v}vNIt3n)nJz|azbk-~;jwQM2P!T~1`pVFQD6I|S%iz!DGgK($_6DNBIKvU2Qm@@2xyBv yrs%^%p+9-MJuY8G%38M>@Pi0w1<&p^+f?Xmig0Z}y;p$k!mom?fcSVw)V~1bkN(sE literal 0 HcmV?d00001 diff --git a/tests/security-resources/other-server-crl.pem b/tests/security-resources/other-server-crl.pem new file mode 100644 index 0000000000..05ea5ae033 --- /dev/null +++ b/tests/security-resources/other-server-crl.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CRL----- +MIIB0zCBvAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBTZXJ2 +ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTIxMDgwMzEzMDI1NFoYDzIxMjEw +NzEwMTMwMjU0WjAXMBUCBFu18ooXDTIxMDgwMzEzMDI1NFqgDjAMMAoGA1UdFAQD +AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQA8+qy2sN70qrXKuAwdIk1gF6mj+3ikFIhj +LP9hU8PBxolCzcz9SJv3xvcuGsrZtp30EU0JYQBIadfpsm6Fe6iCpXxD62n99vry +OpRF9Nt2qjkQpGVrAl4LeM53Z3CFiC9Ghg7rZftB+Glxte3+mSyxWRB3drj1xiqg +Rt6y43ipQh4F9bxMANhgEUSvC7SrGGKke2z0nHj7gpzseSYbZucfagRk9LzSFFC6 +HWXmFdWFYhEV6Gh7XFKRKVi7DNXp1jWDTAt+g4bif/N2aIES+gqJFsufnqOYNiiL +J70UOUc9D7l2GHbPaVOOHuqo+zhjTy3IJv1329uYbvMHuGJUIjVV +-----END X509 CRL----- diff --git a/tests/security-resources/other-server-keystore.jceks b/tests/security-resources/other-server-keystore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..5e3a13378353e7945829d9e003f5f51bf1bea9dd GIT binary patch literal 4136 zcmeH~c{r5)8pmg|jLDv{XB$h@cxEg~c9NzvDqDjhMur(929>o@Q4HBiL~2NuAz4GR z7Ow~gMfR;QdM(LIsY5yEdf)e)>pJJ3bN+h&c&_KUzrWx0Jok0q&*%PLzmATM4iE?g z*}lM_9aNeJ(RZ&O(KmqT3j%?Ic1VfFff%tb0>oeW)fa5nYSao)OuOBI4t82I(zgKU1_Ro`(!DG zijvPe*3QWLZ4%;k=zwF3u+sU++&ovcJ2FSd)oO&AQxz9`<1lX<#~xO=%NO8Z&{@rI zMIVDp3lcmlFFXh>%zf-u95gZ`mFbzXzcpK-8Z4$`MLoP{$kq;PvW{3Ar_Y_r9qfSF{@2TB7mHAYHvDbfvdg)7g3_vV@r!7#~~E zL;9GC_PW~?SCn(Vxv9=*LhbQ5I#Tc8t9+Zgx7)ZWLvvYad8m&rh@&rDQ1HRty{i7l zUk^t2{W3HKn~n`SbYgLkOR3iV6=_jmB|gJ(vQ8tz){$55FmJOj(Sa#JtM@WvpcnR} z%Xn$-D-cR!SF`25E#NaQ%w_ueeH-&M&611WNL$6cwC8UPJNu=U4DMS!xRwgsd(^C<+Z$2lSpy+r^vT7K1AXnXV2$I+sPUVCHhg9L2|BKRpnY zc4FqS)=kax61@|!*2l-8IoBO)PLfXIFYw;(y-}GW6*OIc@0dt;yJ|mwtXf%C2rkO{ zRy}4I$!N+~Eo*Zt>U)61JPPI)9~oE?Jj-}RtEJjJrJYjejryX1e1r2FeN}WsJpC#k zvFa(xFUtTOl0Qbz_8eJ6&4m=@Dal=0f@m|T?5QzO8qdDSR+B6({Uv`C;%>D|<`XwN z>YRvnwsg>GQ~lfJCS$?=ppJfQRKT>T&@S+NY}MoYxbHd3eKr<`N;wrOopCE>8=i?e z7yV@HSZb#!yg_uP$GpJ$GG#a00wp54{IlL|Z&q<0-rC5#rwC0f}~P+1>uPgIn;fR#R}h$9+@8fG-o@Ngoz=gtk)G zUPPdW)c~_+vk{UTGL^^~Z0}2`R$THhWld<;+Pawkggb<90g?bZUsooH&DF$suhKT& z^&`Z7A?U}J*m9X#t>Mk=D4I`aD?IPR>Kk(vlIS*awo!c6mig&OPfWAZw5IFXiRk$d z!sW3RoWL>Vr7~|3`ZF&cOpCG)YL7}MQlev5n^shz(%Mib84F4JF%LQH(OSTM5D5Af zphJ5AI;18O3IRhPFo&|G8vrjST=km8wN+j)7{LJo&R_%qeom+jj7ON;*p)^KAX*;B z2mpLr5<-~E*q276ko+(@fcBOG6;}VpCfV&J*^@tJuB<81mqv0Yxw_CuRBu^hf0_r? zmqfb=$cpk}F@O%Bfzbf4S{Q;DKNhno?85-t0uYGV0q|_Sol_WUy!rL*i2Dx_*U#v` zN>&L#{Y+N+Uy{Xd*~E6r039s<`*MIeKu|iEAGE3SKC0B*(+0T zf?Jyl3X`w?BujT%l|W-sP!5r&*owi1jyYe0l1nf2mXCx)@n$(LY^3NV(4%gJcd5Lz zC?AQ^SoUvxQf#;{ra50(o8b^PeomrOTCmiwJcZJf^Ue*uyG?OVyw9X=ov5%kWbsUZ z1KQb|ZBRh^nrUSdyS{Axe)nOVnnby0GMPU3T{%%g7Tz z-&rtE);CfzpPqszcK^nX8cNGOe;$BuZ4ib*01zO&^{5Ej>LT~1>vC{#LBW8;mM91l z1_bGFGS$_E>_PRTMZ&^1ts0QtTH}KuVLSC2Et(e{^lbGehRz9^`%*Cd#*)A9(B==j z*ɗ@NopP&-0XFm<=6h9mipnAtaNfkh=dnwrT0i z=ktQ#eHn+Jgx1Osbqj7f-$141taT&0{e?zbJtxgOuJO*vXV(;nDAuot5ET59EtZx} zXFTY?ZEN4t9%p$}&6_-2%h9xd?A;=9l!m)=sY`+@n)xAAS}Nn+{6Jcrzb4z{6~|RP z`uV^clUdy5$;bY`a&=v{dvV(3ZyE!;%@CiiJfkS?dz-&=h`DpLnrZr#ae)gt;OOxb z#0~l<;(wIyI|arFhb&BIPrGGh1g?`;g|HIyOFp;{d_xvxU&rZv*kTxY_Fl!eKV> zyGH`0O1^O)X(JehTX%)njn1@-2O0Q4FQ&kO6*h>q8 z!QWvV0Ce;AJN*7F*?;tlZT#d{luM&87F$9W$&Mpo@VsVejfI3pNN)6(huv{biS2!| zm9HIaN$=Vx*6q6# zwv$xyN7-rg-^Fa NJA}pZ{%SBK_II@wtG)mL literal 0 HcmV?d00001 diff --git a/tests/security-resources/other-server-keystore.jks b/tests/security-resources/other-server-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..4661445cc7a59ea100b481c11994b037cc9c9403 GIT binary patch literal 4155 zcmeH~c{r5)8pmg|Gxj}M!W7~eCR?(M$nwgTZR|;AGJ|YW5t)gUH4+ioLRrcZLUu`B zYa&F*zGW;g3Y}5Tx!(6Z=eo}M=e&Qte>~Uo+~42tdY=2b@8@%WuixI%-Vz7|f*f36 z5VNN**46vCkE^%8t2YP)4q!gS{{#f00Rtr1E&!)xl%@s4z)}!)Fqj4eBf;jnm&?UMPHtcwWOhTShn=mziMFa7AVz()iqAi$uxD^r2;E z_td2G1!cA83&peU?`lQ(7uCh9c5I4r_|4nspVLvUPfBo;msA_dYz!04v}j@oMXa@a zt|r=FTH;SWu8T0peP_I`2iFh5N;F4ZOW-QdAkdJ3k(Ijodd)2GyD6!;C$bPW3&~78GFd(|PTB z5vV5_U(44Qg^OGb!!@aI?QKTS5o$8Dn-dUj&-_=zwZrC(lL3>)(Bo1SZzkRzIkuB7 zmfZDTJE8UaUR}*u%Tb*vT>8Mh8l9EEdEKPgFY<##Ra8CEv^7)WEqe7inG8`^^n*lR z&xSKK?X)>-r%Y7lXUD#xbP%F~L(X3_V{BCY9NdtGx^KU1=lf3 zpxIu%lJ0!ev};P&4#+e+bg(zD~}+w?UF z2=<0iXS$NRwR4F^CR??W(W%VgLC}i@U(5g#&9m*5MA|Dycv*4fRbGQ+S+rq7Zj@8A zR!sfO4v}`#CT(ko=4q`t`_N8NiB6nVbk$d@s2;Onhe8sg!P;4Fty&dldL zaOTuWOpU0(Mt5MK2G(?)Je<-IT&`nM8_7@z!fZtvztXeSJ+zaD-rm^Z6pmURe)dL5 zA=-}wx8!klh_!hTKr7hXTYzCRdw@*!)4d+ z15#WHyN>3&Ds4=#Dt)bx^OYXXk~xu@cp2uh8K#BzLzc_VxVkPtwKPY81assng1Bf{ zwkr7_b5_;l8289)zH`&tp>AswDf?#j?pD!!;3%0=q9J9ioAqKyc*I4K$tZM>bAQ<9=tv)YCqaZNuC_A zW2dBL4|>=1EuzTF>NdKY?^1(r>a>0&B@B0`be~@R5Gj?!G{@?bsQprs#4|ATPH?qB zT|f512AlITw0EFc=d~$Oo1osi2alTgp5ndK~B%ll^AQb@l6G#jnt2~k_C?SCZ z0U#oo0ml8e({e(!s9!&b=>HJW{fz#nWF-OdpUDdSTe8Oc&T)`3Kmv>Xz8qAufRezh zAgay?A%Vf5tPuRU+nUBc+nQMTtNSyWE|C zgt9B|%RgNYXUVo(*-cW5BZc3;(Q~v_ul!TE!kS-GNwJ1fWJ^9mG0HZ0!cCxCh`r3G zJc-bpJA6U*Si6MGU9U;idR|Ts2*uIgR@Uj@R5`!moEbh`x`i6 z5C8;l?mtSv_Pa<=HDVeXIw%+r*caJhoB%tC0q^PJjK_NV_}+pAQ{5X7+Fygicwk&= zO?oX9TQy6y&m(T^y50ojpqAk8J4F3qsT~4?NCBN4>b3er==6on2~~JZjq9d$G_Ii0 zFPbPQNH9r=M5FDrNsZ$T*}2n_vm*|dOv~z7H!x+=^Hu!ny1i@M#ud^@A2j9`4Ia@* zU1ofN%xdhERkj;FI>M7xcqCcnyL|Ji<8PPQ!AfcRB|){quBrvGPItspa<_Y#di^-Y z+AdA%c80Mmh&`?;;Ff6E;Km&BNzhwebx6w`OtiG_>xeP>McM;DT1(TcGCoXk9rHDK zaIHsxE+T6-Na#@7@X}C9y&q~3{VPqVv25MY0D9gaWb(P+7rLGhtJeIxmtkRA3Vh#vGW#C@rVdr=X$K0w@oAC~;5iv7iiqfk`D zsi*@;c>uMKI92%nr|{oUj`BJxTq=BBP2t*hV|C7m&AeQdgtISi^}tgXHXC7 z7mcseoWz*?rpFPwH+0t^X8yK1XRrmsLqp=B(mi^^c8tc2b3NCs#^yTs1Ju2sS5ri= zYlUXsGvC5`3<7BzTcjB#Fyi7Y{-uP`=F^X})i5%YGd2@mHBldf?v{se4;HJV+=D^~ zviC$S%WhZ6`SKDzBWU@FaGjB3D$Viu`4lEJnSDmcJF;FOw)8#KJUx&$FGJHHzG*&3&8mXJ&5o|H*TXocvk!`hk^2w>i zH3RdwmU!rbnq0R_yVg&Xcpi;bWZ zyxpf@hNmq;3M+9r7>S;z9idoVO~&J*=wqGGd)fVx=VH+!uK+7DnbY z-jvJS^%N$(K3u3BWq+pq@N|En+EZAFG3%M20@x6&n%>)RIt<{n+_FR#QjMff8k zs`24zjgRtPynI$=D{pCf!>&vDD^VXyL~vKIt+X+8@!`*&xX<^)Wf^`RKaRUNADlp* m{!Qhdz5j12|EBUUqtb>HD}}9%KFX7Lm@h+fPA;VZ?e-7Ug3+1) literal 0 HcmV?d00001 diff --git a/tests/security-resources/other-server-keystore.p12 b/tests/security-resources/other-server-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..e21a4e11ff042e0d12a139cb911dd861b2ef52d2 GIT binary patch literal 4787 zcmY+EWmFW7w#A7VasUBokOnEGOH>%@PuI|0(%m36bPEjKAuyDn3@~&zf*>K?%_!aQ zym!5K?|L83*=zmwKIh}+g_3;1K*!{TlGtM5az_3Wc}0MZja~>P(FZ_DwEtoaUMSG( z|5?Bf04UJnFE;r*23Yw2dj-Nn$0&pX?s%bqD_#yPy#K?0pVI)IC-fUnV3Ett)=_?x z-SoNk*1X~Vg@K9Is}6tyh5$7sqc{E=wt7RrM|Y2jO|rpnSNOTljyulIHZW#*o2#Y{Eq0xT5C>;|S!hEa< zm4F^f!zs09X})$IOH5bP&np>;)y1MH<=-8FM=w4c!KXn&))Qsi+J%+Og!NzwM&0Hs zon;)LG*SC-O|&ok823^2ieeuSu?J(peOrFn`$ThX3kz1zuC7a!kSv2PF{4;{8Lx*c zhM}K@2b-ri1|-xy!fMx;97jdxOCc}1tBC6e1<3WT37yzzQ|dH0yoNSr=X9@A`jvWF zLLD{Iy0@ELRCWpwJ$1wECE zVmz0j&D~-UOyTkOFdH%V<{O^^uhM8o@HoQsO03UL`$L}%PXxbns#Z{UD%XfGKMTcM z*iI$7dZjS0?0jT}f`LSvt3v=!C8hV<7W&Lu6m-az8JI2jpV3*0zC>z^Vy@cjp5e#n zzHME`9`>cu9sNbTr=B)%^7?2#o!Ff+96hb44+My9o-Q_SoyQj=zvY#CH3~S1=WDCq zil6WIo9U1jh^6x`>9!;fJ$!Y;Z^qFf^2$D8j>?1wyOXUe7~tA}K=5axBSMy6QqmYS zF+$^5P9nsY~woiua~7bSV*26X;5;f?* zUNUoj=*bBfr*!tsL7SQW5aSG}$jv%-NweF14SkT6xL@C%tBg$ow3 zBXiX_{$~T{#m``xuOAY;HU*!5Au}phV}79BRwIxV-HnBT{rl`7ZR>WJBh=6$3`|bV zl>TtfV{}Cu6|CaISg}FNj~PbfeDe=sIbAOyG%3_ybSV`SvS4oebS)8RSrN>2(ijI# zYGO2F zz5AU+JmbDUhb0q$QmtLRJZ5)FT%JXf@kfJIZp5X9kn^p;GEAmXx{i|#+t%!i^T^}a zb5a@zPQ~a?C)_rEqT<9~x>e9r+S5IZMp20mea5iv0#5fOfVF(FWf3h%dIb>wCXqU`|RlP@?mVhbI_=7eTXRUwLfq~++EF-IG>`(A3dcO0d2L4b^@AjKWoOp}avVFz_-iCjW2bh&* z68O(TrZK7X+WXpHS$Vmf1H2RL-EPlf)Krul9f-dtm1-$gN@W+Hck}qGRgoMSypQ(z zSe`$askXjr1Jk>^q5FJ`vFpx~GyW%>Afrd$iUw)mmNmOH7~a~$OP*5|iISBjrghCA zaKmIjEJ}$RDv+8kFc0H?wrLa<{f^*E7e2zJ`t-6VXXR2(?(=ZDu?AbaNChY-OdNb& zApvyD3VzGb!X<}Hr*s&+_w*JwZ}f&2jOV3+Wi~M{tq>9rD>St@~>hSt2}XlYNtz)O(&4ep(8 zzUbLhBqv$X7`^Qzkd>Bnjii z!9-5z)IltEd5%(=>izHSOA?sGjx}bwDJ@70ic1LLq7q9vTM-c)LFjU9Xk}o6Iwn+> z;;E5k&)Uqn(={5r-d7=NeX288 zwjScxk3Wn2c+_SI8j#Uy+U|4KBOj0s%8uie*7j8fLItL2CEvXq1!iIggVvTKT2eDq zz?P+*XGZ#whud=0!GNFv#(GFwP*3jrD#Z~A!pnk=s?p0xZ>+Kgln+6m6g-(`A41E` zUq2&cb_u${bi9h5m;fso6CrVk4hIF(PuVIX6jc z-n*TbgJa~$=SK0(mN~Er4oTIEfwFlTRGm zV?+#${U9FX79Wez+fuk3z5Z5|9CvT5qCz6scyw%|S!H85R+bGDbrFm|^5Z-DQ5fhu zTll#PL{IJruhCoW1!@qD9P_e2Kz3w>r*e z0@@o|dV5IxO^1<8K{}1|W9+hnwgE-a-(F#g6N^&gOlASjey8E;uIi^vD504v*dG?H zHr=$DzBOtepKV#QILWEIf>)GG9FAia6#^I#4qRdOjpu98k}{!f+fY;6?0R2(_TPSd z$s+g^E8%W|RRn@(LUecvbBmesd!3H7q}rVcC^!AnLif)2?uXG^qUMHt)Lhg}-2-bd z(J~bAY{Km`OoTZ&eLi$+s?fx8pf=yx%>O;ZFP{>RBStMDFTMU8&mT4ID0T~avd5-{ z9h_sno|9b_^8+cvP~r?SuIh{v-j)2;!DevT79{gN7~Q|E;jf|65iFk*+1Vj(aH)*21AWq{ zi@{u5h6~`aVBdAH;WBYFn31=K=U1BsSG`Wz$9BunE{`ofSxpl9L331D7%`xKY5>{v}J%hELemZl}3~Wn2An|(N z@g4aGjNNq@-&ubOGq%}MY%o>Dey%vN21@81p!^I%*w2{|*f*Qi6IIo!z}VUYS$ z)mo(9ltfzex&n4h_RO9kYp|`&{6|OhN>Q}Z#|VOJX*R@p_1E{ets&YWyj#65tXi{k zOssXCOk3X+kH$f8c!1sS#B3m81{5q>Q#hm)Ak0UMm0#ICJJSOA22w!k>2!;#ar@vX z&-*U>&f}rRM`Ph2>cNf!+p0*p?dXcyeyY9|Nc|~~N^yY)o9?8#sK|^fzB%_X1uRL$ zZZaoOkz|O)#J}vN8L!Io*`F+nscd8Xd{bwx;r>hW6muTjX*pC~6G*)ypx7mSikaT4 z;;zWc=?ij1xNOqd^4O2-R3mh&lQyi~Hx$k9avX952?YuGt`d}VY&2A|LAKwWFZ99T z&Y^E{d93H_uY6*~4<%;_@w0}S*F z7ab|YrHN~8ZUNb4-m{SI{@^v7IT z3$*>zQ()>bx0hjW;`w@mmMc$sB@V#m$6)_{{&-;HSCimM)6P}2W9pT$NwX%0n5qq< zYZ6fCd*r6f_cG`4e?S#c3N5>tIzFDUcc1&wHIl}!hbNeUJ;2gL9j~evt%2KniogrT zvu2UV82N9#!kl(~l_vTgyiQai8pt~Yu|kaNH?X7ovEvu>i=KmQ%+H@yP2%A1B%GK& zB4*Uo-te(h3BJ%=L}7dMD#7mYDmn&$1N+s24@Z{>^vV<)6yX{H88dx9^Gb!;W$DD+ z$REV#{Fw~)NuzGW2D&U5r#yLqQO!GpUn=oux0(eP&TY6XQWJ0KrZEAZwcz|@%rM76 zd-q^xeDESo?p58l&L@noX7GCK_F^Ov@5`{T5Sr+TcXgIXzt;;BGPQxGs}H40Xcoby za6e=Yv6N;8-Nb?wM6e#$=zM+1cL{g%ac%56jZ1Hsm~BF6aX-PP$PP0DkMQCFl=d5G zybuo8r_?|uO}B#BxB0$MoCw?pKo>4z&^?&3h}=@_@ZqM^^D?u2l5Vs##Xn zs`(JatEF@BP%$md=a0Onl(u#>xyCTle>Swe9q*1`ev+t?Kt-gO@8!_}9cAgNI|WpqyzTM#F4a3Wu6ZET8ZxbKzB|&{XD!rYt8k+}sP^1l&+5!8 zo6F{$`uC-axnc>FkY~p`Nv=?W>dlc$T4dJlaZ$vUoLTmrxnAV}F?7OO?j<&uv+@Fc zQSz2c6Xs)Ve7krc!-}v!o$OEpBfnwz`g-8%@H?Ym_CP<81EMPvA1=JtyHiPkY@Aoe zD4d7>%6SrAUxz5eJMD$+@^>xwesU}TXh9f{Kb%IwaV6fFVpJhGBMqf+{wK9^2-rLifT$zE5y8v_$PvhaTZY;^vI literal 0 HcmV?d00001 diff --git a/tests/security-resources/other-server-truststore.jceks b/tests/security-resources/other-server-truststore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..58d5e0a1af188dea9ef8d7245d465d990e0cf611 GIT binary patch literal 1053 zcmX?i?%X*B1_mY|W(3nb`6U^tMY_eQMP;c)K*4Gr8JSfKtPy&q29^vA%r^|0n6DT# zG3{Bv%*4pV#1g&rQd#AN85K^Mn-N{27`D*K?8m^=1>+cVGhUSlFYJH-#|kF z13r)tw=lb7QAuiUX0f4#ff-1ISy&&YNC7IP5Dd0m!8x_4Br`2DIk6-&KTpB2v?L?H zD6^!}KtY_>$k4#Tz}V2(z{u1vN`l|W5GY`7XaE&3C^zIW-~yS>Cd}*zv>nRhK;f}N zctkl?%|Hd>SXm6m`hx-t>STi^MkVCnU}R-rZerwT0E%-lH8C2&Zf{(1ja zuCDw+C$FEctLv3^e^F?P{Vt_vI7216J@SoejeX4WKh;yWR9xM5zqW&SNz8}8Gi)X` zbxdoxsBzq5+x-sX&!vYqZL~MLpV|DJr4I)WxrR3#rIBL@m|%f1#K_Q8eeSH?KF@OIXDQzwS@HGnN&Oztm$~Lp zX;t7HZ=BAsw)*SszjfW|l~?1F4W;kdFE)lB zi%Yz0d`r`X`%BB-TvhWMt3~cE7J0CHvGbqa3U;wuF&R4@5qwPB{BO^B}gF(EZpaDM{b0`a!Fo$DuNoHB9Z=j)o z0Ut<+TbSLks3bKvv)ItWzzih9EUXVxqyUvt2nO4(;G9}il9`s7oLG{XpQqqhT9T1p zlvz?~pdij`WN2VvU~Fh?U}S0-CBbiG2ox|kG=K^ilpFFGaDhx`6J~Y<+79J$pzzos zJfa+{W}pIbtSp9O{Xqc+b+SPdqY`p(FtRc*H!<=v0L8hOniv@w7B}XEbUOGK|Ga-I zS6BX^lh@DJ)%8ldzbG`tewWfSoS_ok9{EPK#y)2GpX#YwDz0w3U)#aEB<92488(xe zI;J&T)Hv?3?S6;x=hDNQHrku_99^w$)*D^_C|&A;tl*a7Z8LI@EWe$ir+HdcXJWw< zs{`V~c}ySU%cAuXLf+V|$^5e*Ahhq-XSe5?o?hBg+p?zSG~M~HK3PgM$Y|GFhgoKM z-`|PZ@GNyY@cF!uM)bQCQZ?(eXIhyS&rOYwJMr)gS8GJRgy%wyhG#D}8g}O%PRQTH z88p}SwdJ*(kJo}!w)P2JdVDFA-$`6@`<2Gt;El8V1%AJ|Skv;!IdZbr&uo6q(@e~a z42+BG3~CJIf#E5u%pzeR)*!OxZH}#jn%lFdoRcs8c++ur_R7LS15S_vVHPF>1_NOb zQj3wrIcFC28k&>9eT+cI_EA>|eg| zn$N0L$hFmQ@u72i7BTlU?usp5t31o{ztNFT@!tvs8O`T;ZmQcSpK7&cLPD3y?Bzc% zabGGGdT=u9iQBn0-q%V?_pA|BJ@{2LO1XHd$EQzm^A_El9u{%sY`?FMc3#fCeXK_; zAKw0$`k=&XX4OS0_U^?m>SSf+-F|y(_JLB9H%@0*TmAL+-@5Mf%B%6ohSK-!7aPNm z#U)-gzNP8H{iS7ZuB!Qs)gpHni#*u9*!fRy1-sa-n2ena9Ay!rMj3vUGfptwc6gC` KCTZ?NuRs7uR)*OC literal 0 HcmV?d00001 diff --git a/tests/security-resources/other-server-truststore.p12 b/tests/security-resources/other-server-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..93b1d0b58fae866657df94e25f2e4b420fc0864c GIT binary patch literal 1290 zcmV+l1@-zcf&~Tw0Ru3C1iuCeDuzgg_YDCD0ic2eumpkxtT2KEs4#*Aqy`BphDe6@ z4FLxRpn?RIFoFb;0s#Opf&_{N2`Yw2hW8Bt2LUiC1_~;MNQU(3YrcD=YL)0&q!3cRL0s{cUP=JC2P;>jEY>%$gdtgG%5_stu@l5u6ort>bNo1hA z<5y^j+?xO`rn4uA-&=BA{CC*4pN7En9{wA06b|I}vVNceG_UH$b| zVXYG7w*Y#^wH1F0e}K{K4Dr^ebi*Hr{#63Zt3OeDAY@4dK*8KT++aeCh7a!Hhc2zj6`FRQSC17 zZ6lwb zcCm&z`+*hf9ZnVtTn6ftS2Pg1!}>(W!=9&)e~;w*JK{RKiElJJcG321q?>9T zZ}lMuEQRYq0sfHGnO#R(00RITzkbJegU=Pw2MU zKbYbbO&X||C%m@K`UD(VWdQx3Rdme@iFe_}iB6`q#8P_Q^LpTKmJeWZSoP9;wA(T-Dy7r#l(ouIUqk6M)q!%1Jxukrh#1Oe+mTvL|sp{ zi_(%H7`~%AFkq+-hq@4;PB`?Sk$T~T$)j;5CLzGCxD_miZo4*mXA@+APJDu{higmo zDrGh4Yt7Net8Xikho98xxn~DR6tZt$sfope2DZ>s;SbFFmeQ*p!PRLkpOkOC@vpzP zJPvl>fj4TSWY9U#+kdjKrKTorw1QD z$pf8UA-#^%^Zzr>5B|~NMtC6gT2;1g$3MrP>LQ(3lj9d%_iS^#i&N;WIps9k!XSCN z#pO%KppmsJf=X`{STS2xtyP$NrsM=D25@i0CxAutIB1uG5%0vZJX z1QdYj9rCz^s^M2XT9AdN(GuXMbH)S|z5Cw#Ryh#8AN>IKk*ReB2(Cor}GQ z3T^{Y!L6sb8AIjp{l6851Bl9Ddx~$JmIde8e}8d9*a1aU&=H0T+QVGtg!~7ehKqpU z)@jR+atj-J-7lK9^#QFDw_f&I0)T97rXVV)yVcmkam3Rx=xWYF%T%b0*_Ga{!>0NQ zYxHM8A98bSbNLE6_4$;9qnlpf{hp0WX+OClKk6UWY4670fB)Qo%ko#A1Ti^9^}}2F zW9f&_mTnq9%064UGS^sPH%pVSQ2aD@G_1l?XD=mS5?C^NHo0tAD({?{dP;;$P=0TFk z%#E&o63s>yADGeeO`s}BAZw4sA(|Jrulah6S(_77pLQESb-|C*G8%krLMYSb^L6LG z;#?`sTQsK;+$vA)p>_h~n^Y>C^~sjlv!!;N`t3}H68GgarVdW(?Kl~710 z+#z~-FuX~6^mPvZs_;go^$brNi3{*Xw7@kS-=QA$0lYxne+*0aR@DhpOaA&URFn2G z7|RHY_>%Jdi2r9uyE`_>tZHjqX?<%3L;pL@@H|8kl*sk`+@?4<)*$f!M}HYL)7v|aC4a4$vq z^N7t$Zp1aL29pfTey_-@P{5o=HTmEq_4C%yUt(r+>E z79(PG#EQ*NG;2U6Ih5K3-+MMU1VMMAh^iZNf9&_BG8RNYnHg@XyBEYa53WVp3CMnR zB!8TM3Ju!>TNysgfu1LP0cUEhkFDGH)Kq?m%4_ipO}J_Pjx3KFNsujob8f|CHj2>1 z+Hv!0ys%vLMucBwO=*H)9fB(B$;&OBEuE>yQ`(#;ocwg3%rhDBrc9&;ro`ELrNjz{ z{i4o3G3Ij)?e9ds|LNKZtf3*6IhWSSx@6h!U%?!l#YS8>Y$>v`Ns zf%m`BiwW<{2CT^!aQ*0KQpvg^Q0}xuX?ePb!D=_Mqml#bX3Kk6Y7R?JvBO%nh|Stb zCRG%pvxyI|zYupa4q|UfScQjIwYmrsBH}Q?mKN?s%swsmgOi=B6Xy?FJxzciyLUUK zobQ>BBT!h|R6a}XfH__6BRzwu(n?Bk-mbA>>28{d>GKm=hjeZh452}RD#g7bq%3qi zX4w7V(A+B-uh-Yj_W%j+yCo*4hF#}hn&Ul#1S=KD?(ScFZ$=%W~Tv`$dk(oB;^xZoLk#L~Rf6FPaItf2fo!g90c^p4bvZU?Hpl-x;a7lz&RKYPyNWBQDq_{uRj{hc zYRbx|3f2ERhl}&nsw$^Q0l?07I?(^!u>YTDIsfI^J_^Q5I|YF5ti}6>p2d3_8;`lSeOwL9F2Fy39aa|1KIxI*I; z=+*^ly#!BEJJNqi^m4qJkUUts<6;e#d&54`sD(oRke-$}=2!d9s6yk=F}2HyoqplW zkk&o?*PhEHnacRk=ue&qy5LBLqTo2%%iq7*Lu5GDPdQko9DHP?-Q^~|-Z+wK(GVNu z%K~ZK&(OjTcko@YHQyL?>M@r%94gM{>A96-kg$#4xa^NNbPaF1zOhy)cH-&pYP|Q- z8}$yg4V!*;riqj#$`>hVb1HJMQMZE-Lrf4-dt1Z1i&ZML2s!8bN8lL%ce#LYX z>O^R;FV?5~u}`(5IXjZF&4-YW(=Ph)=aF*)-2Re^!i#^5A3f)e!Y`4j3RO`I;}HoQ ziZkEEF?=gByUiZ+seBJlZDFmE6e6GhvKC;JZYD z0a-o+$dgrdUfkPhvecUM40-3!bgz3y8>h!of<6`2642K_8f|Q8tEbs3z9p4OzMsDs z_R@@I+xVX1*AF<+rJdYmASIFkU%p+T~JxNKVWHib{7qBAcb_TjqK| z*B}}Q7$xSLuXyMYWClW_io>Vr7qZjZU^(}67<`JX*NU~9JbJ!ghG!Rt-X9J;lTd(j z^%}~k2R0BdimXn*5N`Tzqb~oLGktPXk*zF@Yb&26xDjZ{?Kl@rF{4%8O^UnNf7$Y5 z<*{=#gr883N{A4e_);5tvnALaMq!ikE%)|_Ak=VSX(4syQgJ&lqtIQYETvhj_SaT6wmPYmfe-;=(;Ml-6gA_*T~pQpI!qi zg+-*E<9Qrit!;$xBB0*3aIgY%lrYyYC=8gBLxu+kIM2Zbf?u%C-I;Bptq?7qFi;Ru lQ0c?LFCaJ%$jOxWxwZdI>aSX1pQmeuKV literal 0 HcmV?d00001 diff --git a/tests/security-resources/server-ca-truststore.jceks b/tests/security-resources/server-ca-truststore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..5c2cc80a98fcb5d8c713e26033c35e109e113e79 GIT binary patch literal 950 zcmX?i?%X*B1_mY|W(3om#i>PQsYSZUi9nHR9_hc|8CWCqObsj<7??{8nwSd=nwTOM zFf%bSF|ou+vdl8zW#iOp^Jx3d%gD&h%3u(0C}_aX#vIDRCCuTNT#{Lq>KkY%V890w z;udCiEGkLO%`7&wFfap&FbnI$6e&QZ6oSDHP;gEyD#=XCOinDx%+FJBEG@~%FUl;b zG*A%dH8M1?FfcYWHZU?ViIU(4(gub`1}0De+B>0%Q3=`GjI0dIO^o~u22G4yOihf8 z47~*!@|)#rZH%ja9@@R^ZsaTdU8=#M+h=^^Kl;Yvm6^NA%mZ)yYgw(M0={_&wf?&` z(X0Per=4(pDCZpSa+%HlIJ{3s**An-tPOwg@~mXFT>*3DY=w-^YlDiO|8BeJRl|1Z zs5a-LC>0gnvdy{oj<_scViTqF(LM4}!JghbbrZKWir(C4XOdmldVR@1#jq`%yYx%M zb04d-NtW}u-qo}`GCAkfY;LD!!RN9?Jx4y2@4Caq7Ns|(CTFjc#pc%q^4B?&K4wf- z2vv~b{9CqFDe8QgqS5}SC2zf#-d*=#t!!$K+w8ph&=)1UH1fFwJ{@_o()P_~ui!~X zCo{jc(Z7&<+L4Kwk%4isk%0j?CCCahGX7^_HDCr(2C~3dm*ry-V-Z>NHpkXM&F$G! z&dHa4yy>_*du3rEa;O3m6EIX68JenyCLLy4+5LOj zrT*B-XRj&jI3FFBdHd|+UlA7m4;rm@`7Bj8y_Av@{%G^x zImrU+qQ7u&DOIVvwnn&pM@L@xE{}y15&|Y@sp@CH5ldU!v+Pid{-VG6@=eF&);jmb zx}TPNc5SVid%K%2i^$>~)|<*dF5h9-9I)WPw$0p93VO$n+$`(&m00~NXX+ID%$Pan z9;<%Z|D+~)y?3I@#;}v?yzgxBnksjkeMa+v({HL@&QH6xZAaAM?lSf6-8mie4$WV& zb?5qB(MDl`4Ke2}ewBM>l&gzw7x-|J^SnfkpXoG-QPQsYSZUi9nHR9_jzZ46G4)rUsS_49q14P0R%bO-vCB zn3))vm{{T@S!NmVvTFyI3T zaSO9M7L}ytW)>S-7?^=Xn1%IWiWHzy3c+9pC^)AUm1L%6CMT9;=I1FmmX>7X7iE@I z8YqbK8W|c`7#JHG8yK0GL`m=iX#+ze0~4qK?VZrXsD$ioMpg#qCPsb+gC<5UrY1&4 zhTZ}V`OWgRHpW#y5A9xdH}aMKF4f@B?K8gdAAMu-%FNwl=7Bf>ENZ)`mZLc~-L8u7J66wnE0|wLwMCf45!qs$n~H zRGafrl!^*(+2-7PM_iUJv5C_8=pOl~U{CLzx{2EwMQ?7jGs&)Ny}sn1V%V0>UHT>B zxsTP^B+L0+?`m2enVj=#Hn&r=;B(oco+BU1cirJ)i_)7?le5>!V)N?)`RklXA2TK^ zgeu5z{w>?86m`B#(P)3vlDFPV@2-2WRyMWAZFXLL=!=qF8u?rTpN>3PY5V50SMa2x zlbK)J=wC=a?a0K;$iTSR$iM)c5@dxL8UM4e8ZZMX16g3K%kr^^v52gBn`7&s=JxC< z=j2O2-gMlZy|S}zdRQ0pph^4LVS$3#Jf6?E3`KDuXYn^*z z-A~IsyS7%%z1_{1MP%^~>rLe!m+!D^4p?wt+h%Sl1-;`(ZkF}?O052sGj)o6X3U&( zk5xbIe^QgY-aAocW7x@c-gmZmO_e*&KBM`-={MCc=cirUwj=6rcbR(k?wpQ!hvu)? zx^w-mXrr*ehM4mfzsfx`%GE`;3w$`qd0ryN&vcr^JMA^r@dgs@@(s&d?F4h`!=FsL F1psjpaqa*B literal 0 HcmV?d00001 diff --git a/tests/security-resources/server-ca-truststore.p12 b/tests/security-resources/server-ca-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..1fa9c61b533a13fcc74cc63876de0afd7578d7ec GIT binary patch literal 1186 zcmV;T1YP?uf&`ud0Ru3C1Xl(LDuzgg_YDCD0ic2eNCbieL@?NGBas!AZPKs&dX1**lDB$QyO(jJ8_=Qz-%}Ced3PyJ3FKSe6h(0qfBvvgJ#p5%rfpuj?5~-Bg-O zmU*0GTZ@;iRSm?)i^F~#-7%VwI0SfB&MeC|1qrFHP6K5~W2y(y3(CI|rw0ENpB|87 z$A|>@gx(^+_Go_G&k&VugYoJ1UU;l}1V^TGwk`TErz(`X!4xK}_MH?C z73lwLV}7j{ea%ds21LFuN!xP`b2GF(O`Ps#vCK1uH^&X^YK$QZ6azy!qk;b@P`dmV z2M~3lzPDX%qrYAFTTnw$s18G&7zGG&IUd|N~PzOmFwU`Xl;mKQ@T;E030 zUU_K3KnZh)UphO#o&Bc-yxNjpq4aw-+Qd>m(TTbp&E2xyb z=7TKPi{QhkK<=7MQeX#4&&Ks6W>R6X}mYDB<6XUi^GnZ{?wM2{TSY7a@(ITj3dilb_Hpw~Jy<1N8GXgSyE7qgAHCVHv z6jc=q&li?W7Prg{il@|Hfg`JmM8}_IQ*HEmesFW9yd~m~1Rj^0 z7A_3eiTtVnbJRU#e)sCt&nfVovVJKxUX>FHOqK7t(c69nye)ym)i%@#lt^ni+LOLn6?BIRoEeQrh+UqF>ZCQ=_CaQ+pL>w0s{etptijs Aga7~l literal 0 HcmV?d00001 diff --git a/tests/security-resources/server-ca.pem b/tests/security-resources/server-ca.pem new file mode 100644 index 0000000000..7327a779de --- /dev/null +++ b/tests/security-resources/server-ca.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: server-ca + localKeyID: 54 69 6D 65 20 31 36 32 37 39 39 35 37 36 34 38 34 34 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCNcCgfsx99PDN6 ++cK7pt1Z6i+6JVNVt5j2D8XsOOo2RzSZwOxPfQU7WlD2SBKF/tqRSo/qiT4Tf1UJ +nEt3HLP+CEvLWj+AVNF9V+DpzRl7PnADeZsgaPOtUnLn+4bRSnwGwsUrCeJaJCQN +drNt3sREpaQ8WizxR1nicLyN3H6RtoEV2bE+NGt+hdek/iFWtIm6L3QXbeMnBhl3 +DkXdKTnEk2zqmwtCgxHnHXKMxPB3utwKBloulHxsvUI4s+twH9cJYvFokyBVIBwJ +/Xa1IlrPdiEyv1qk7Uul3a7grR1ljEabbn9V6HS6KG8KEPLE5Kk97PNKU5LFkwPr +PC/QY8tBAgMBAAECggEARQlqvFZdV26sHimNMLU5NCtIEo8nhx5vriNy02PQhp/o +/+eYMRBwHlFuVVhGmlsUani/mJZW04OCiYddmo1LGgMIpACwID7GZm0fnl97QZnv +aPLRkldIIeCtr6gpXT0DHvWw8doIP0GGy3+WA1oJ6QwFB2RorXjLWej3UDNBIHP/ +UN/DuMvvl82ZVVpgLSAxWWDQxZpDE7Mvwcpd+yms9qhzaH6Sf3/TPxkn6tPrGSN/ +E3O7ez+ixqATQ5L+N4ZsBUWfrX2fPplZB3Zmt8QUSYDZ9IeO0Oga4N6g0PRxQILG +QxJ7MCwu0DAGx3KgKWsQg5f8tLSeHzwEHnz63+1xlQKBgQDO/cm2bJ8bqyIxERTD +s8FekrL2vlzTd+uChZEIX74nCjnG6jWK7TExqq/56khGORz5OFSRXqKR6CkEs5o8 +SzUHduc34OtFsQovyxFSxIY7O8qcbIcpav1CA5S7BtU9zleUr5Av3DsG8hZwyIhk +zDk6Vf/tLTH6PVGPfPe3E5mAxwKBgQCu7Qn7HkjLXcVzgzpp1CXYoBQTmKHZf2fF +wnTASFrRjQTwVN+p0afueTqzn4TutSosKiymtGgVonZoLWmBWSuKbEHLECHXlQcY +wjRAccB6u0Q5NZLcVmFLVjLiKw+kljSNgpQI6vYgPWp4zF6x/9ioRbz0+3wuKzsI +pUkcPg5btwKBgEyWeOFH1aNOMeuHz3AN/dl5XECR9RTFxV1ZAG3hxyD41qH0HPWX +h+FBr7U/65gYH9FS92+GXY6xISQ9NC9lAG0PoMP7M/JobEV81J8UWjpmiDRSr7wy +exzG6Gw/Pf2NcLhyMV6UFT8fqg/3EwiAzBf6pCRk2Z4mvBvkeF/EH8MXAoGAIuzm +6kGQrTIKw1Z3KjwWVlsXxxXZctCSSpTZtK59m4s5aja39XMLwXxo8QYvh22afvjo +s1wfz/oBBCnU/+Nq4xdcR4vwBdgWc6YKwrczhA2xwG5m5SFGCcGrJScN14G5+msQ +3Xr0K1m30WiUm5uGiYprAMrZb2poPgCqST5GpZ8CgYA7dc8QWQWUzaP1gjA6hspC +4qcHecNaYxaNPjhR9kBlzx9VXtVpqk0IyDkHIdJ7nz+GPa9WJTSmkgpYwz7hSWw7 +O8PbsxZ1qY4j9/yNUGcIodjgwUckwj8ULkl8mDGQCZByImZzjqHUfWuezWmhjW43 +sfD8CrHOirVMRbu49FEAVw== +-----END PRIVATE KEY----- diff --git a/tests/security-resources/server-keystore.jceks b/tests/security-resources/server-keystore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..57cc472efe029d89ae6f7a73ccf3ce4484ee613b GIT binary patch literal 4103 zcmeH~c{tSH9>-_T*fV4|V;A9T29XFAGDwA~31#OJGmMd)u_u>MDU^LHBx@pN&?0+C zB~!Mn*>}2H?tOm0-*fMC??3nV*YA(>ob!2~^PKZ}KIgnXpXao1G}t5{gh0w6z%Z~Z1O)~-U`#1aEzVsCx+Vk)Wz&YyU@zG9 zq^GT98*Ilq?M;{IJMp|zm$Smr(XI^vWSKQ7+VW{{@YgCb)a_vNr<(T$^UMM0nTCnO zLOxyu^yW?E-U+7lCY_5us>2mpAn7Uo=y*4uqP;(z2{gO@|dZ$!Y7Y^TI+2ml#fQU7o`a} z3i83{HdgzE_&3wC<35rs-I(>&@3hI*EaFQ!RVHO6 zXhQB&Urf8rhEJlZ4f#V&82g#%c|8GF9nZ<&1FiHW!!rwGFb#RPc)d4G#6+w1p~ zUuXG{nHR%3Y}B9gT=Ihk>IEHomn$tgA}X`*AeSL)Tei&wD$cs#=z%`M;pTqEcK1N< zIV?RmT@BuiZyqeMH8FT|FK+##_?HJpGa^lvTg$VjYS-Ny1galtd&eFvT~13} zgJ!6X`ld1ktv$-pEh{-7WY9+lD4d6bNLuE~fV)!_&sjS^70emALb}D^;-XAKNqSL-gy)`~6IW`Yyu2_&S-E;O%;=a){M?F{4U0}Av81BY~t|T>TH>MBETBHjxKt4 zvb@k;5`0~YG-*l8UE-}3rf+aGbNY|*ukrVenCM^wAKmm=Uy*#;B&slDUp3uZFdVm} zxfA6b+N7LD@8Q^N3n2R)&=3)q3zn78-Z;f-b!!naP%|G-}Ty zA~n;{x@oLODmkcD(oj(RF^h{wPJc1@!is+)Y4~YneqPPi&}KUiUsiy>t=N@AY?m<4 zqS6lKIGH3f>5$u6KRZ-gIUlwI!hwlvW-Q!G_7{Ao}Pke_i!T zXn@Ws7-Pmp>bzb~-vwudYp-rGd8A0REK-RXG>B%zm@TZ9v7z7SM~5rO7OXw*JoQ|z zS1ep|z4F-DojP94xNEWXT&AgJ7jrsQWyjcjJCzNhMB9Q``@YeGEZ3i$b|5-3Mzm)2n4MMXwXLh4U(Aw zg@7Rt*#5ks695|mDH~}Jxyl9xv%o>X1*N?J2LfsiV@5IQ*il@l4#uaHI05$W5({dN zjwi+8l8cv;8ld`Jfua=uxd`)X3UlU1&cz&c@T9mny4cxJTs+({I^Gm#4^J10FM#1? z!zux408R-9V3pN~d>mM%UE!b-@Jj&5N~{3$_uUaFsLt-`zbvNTS$lq3|C6&AK;);h zy#K*jfCd)(Z6J2DD3k`~0PX6`5E>W^YSjOxu>*NCH=kiFyHNGB$*TSxsh99__@36 zg186T%=1=T($vwAGTQ2yZPDV8sXB~};oI+|r{KYi=(I`OS-UU-^?t;}#U z;Ykd*TQk4vl%W)}%fS#zZZq34`$`BD3<77n08RjUHk2>1ONH%)CRy|Gbb zQuo?)^k8ZsnG7JmFF?T{00ow47z`)t=)4E*I#+Ffdl|d0a`!U8pb*7?Uaswau`t0tYcBDq3-QOWhA<7+ zsfI$5C{5{OF^DynjX_!^-$*bmc&TChx9uEr;_|lHV_@URMo${0QzS^-ZzwzioP2&s zcUBn&wZ-|az%AEELcCVVULNQhZiAb~N_#_z91g8HUnoEM8v zdya2Lb{PgB8k^;ipNSF@Y}E2gADfQl<{Ty-nAbn|nN%0|A?R9FD9=Edma=P5M1RhX zs6|Cgts;f@(y%mw--rG9;C}U{B)7>_7TvJDK<(Vg;Fcy!OXePG*YNJy=ZtQ zu{jAkby%^}u2ttJwO9c7k9Dwe2zrpX{Lj3!p@B=@Zzu2;LMXYa`F?8O| zawr&C)GUmfOQb^zV>k1<sMaKGyrSzlpjA7i_H5w0n=JRW`!b~%sR+X~|U=*G=4N&8a`R;AF zT~9vZVwu)HEVJY)^jNBN>|?j+ zJB@b>Dj${Bp2u383bE`^+weKz>?6%n%{liH*}>;#qH=@pM=3@A{7}f-+5G%dun7M} k-@RGqO&0!;rPaGsZGy3uWK4^jb3_GBL&&M3%8lAwr9?q^yOStl6`a z2%%_`Eo3Lj&e3wt^}g?Q&UMZ|=l$#b%KkQ(!7BbY_Ig>?1bC1tXik92=35im$khbgSrfY+5#+fCSJC= zC4171Lk%URYqCjP8u<>=eCe~O3mN0Z`t#;5>Q$Ic90a*dj5!lzE`8xz&MGQaNxO=P zM84mYg*v(B-fc)_dhe7J!r4_4krY;AD)9C~t6GBnXNPe=5C;a|)~?~UR^9NaaIH1C z6xHVFu(sk+WarjFdFXHP)J6UN2yboQ{JfQbT1H%+&O0b2+oNUywB{eNs|^Ix?rcvexc6PajYlq%=j< zEb0_N_uG!od8-&+ijI83VUCT?(-=Q4_;#Q%|H?OpVBgAGl9u zzDza7*byxc^&&g*A@h*^1twyn&*$3cFdxKbhUV$ZZYwMsBhM5Kge3zkhWQ1bWM^df zrzQ>aNVguDuEK4|G_Tc1EhQMi$2WT)hR3!$TQ=CFyfx-{{Y+wH^#DQqZ26#K07EOa zElwy|BoJrarakcBu_LrBSE7k?ooH%eQHyhXEbXuJcH8Do1dT$Y7+DA{%D**cv zAK`!7HbEpM(mMHD8-3mkkhFVmqfwj*9u<(MN}Ll5{V#9&rr^!egw71e&DI21q>Kav z5nm6yd_|ov@U>)EO8it1_#nV|V5ay`;0>ptQ9}>&J3C+SlPqP_=`uC%T3S2km5A_8 zCP}t|uK!dg?UAzc)ZkL#e4gK!IQANTr&Y$mNY6HZ@;SIE9K$s!ehw`T18bRF_fh%U zNf$^z$I9)V>Hy6Tu)82I7<9Dv3}g3%&=AaK{c%E&OtCMiCeFC&?EQsaRo@Zrgb2ekQ5D_TqVu=6(@uTJ?qnhja6 z7<@J>$JtJ63Rv*w0#Ue?qeMSj2h&Z@8ESGx`e%q0d!jXUp9DaT;5*qWL}XVL$`Cty zeG_o-h{}fd1TI8^$+p+)R3=xX0>XMBQ?+ghPsnAmc*}G@zpx(FptSQoey-SM{&w=$ zkHgpaCo%>GBkMFa?fj-F2c;GczR(^U4SpV~Tx#zquWWrdtE?K^ms%@iUL$5D%I%Sg ztmw~zZhMY+!ZqTw>D3%><~#K|E2ukWysMawA<^hUn}W)~(V3(jwdxQDZWG+Gm5nR| z{XGB4!j}|e{9%+*Lu;BQga=$&%4lJYQxoFi6ovro0V1)8xqgKc+!@PClYLG+jwU{J zGH0b9XOzPZo_7;oJ~gzheTTP!^_nvA`a@O1lT*WwS=oe+SKM=Vu(>jHD_z|6gV;>7 z4L@6-u4$A0R0z9$MLv~TBI9c@}NFDa5b?fE}ciW{TBbl)p4`f=Z&N z^gI1%jtnPd6@kMb5VRJcLLUQENY-sA1Pp<|q;m)L0TxF1foQ$x6&5g1)MD}n>=P$P{shi1i%Ng7eIXf zIwKOQx%>BD5z`-{JwK!WDOofi^fOtW|Bx&|1&jW^5W6-3rGnW&yE+0w1%pA2x;rY{ zkoYV+Hzw&wdq4b9=0o?Rj4}5ni9;j)F^{kp@8AvDTRC+F=EefFMNy?q`@B}OjGXko z1tH6t-aC%+-h4uo(yz^l-V`-l$Yd43K0Jz$&hp;BS21}p{AlC7r#>Hyxhebaz99)T zdGOiPz9`!24UjTIlF`|v(Z^+!IuC&}ie9X4dIAq5e1>y+U9^2gLf=_bLL(z=CtT($ zCpJIHua3r6Q0^3L5d2uNWs^#-S3=PaWnh(_wxo*1bRIrgrM@$kwepMxhm^<6nLn$F zt$fkxYLUVZ@AP-;?{qApW|&#%1{;ZW7r{MhdFAE?5(p3FFmg@{%dyjC5GWV~zUu*; z0fcueiP{h21-QfZ70wdWj!Ni^kHM3BR%d7fw+eiG0QmO>NEieF0sP-zIbcYDg9;~j zyEqfvy?x0su+UwL22kJUSYh0-eM|2gC^yG8tn`M4&N$L?A9iZS;eWpwyQgw@Gr*uQ zx!~8FTm7OD0)390`(vCEj>#LqR6M8a3y30A%*P_o-W--8;)>6;M6>+oD#mBGvaM{F zw=AoHb&d7jH1bQKkp1TeBX5IK?7nKvDZrq3Y~Z(?iNXgbnI!ScBA(yB6Cf` zqyep|M5Lf%DmE?Nu(55=+Q4Cf8cQqFn41He8F%001O~ehSB2_AU3*0QZxlkOER%9I z(+wg_6?vwyftxy{TSm1t9gHp|?03Z{ND9@kol(9|Cg-W$Ns_M%w05%Ta3vG2?s&}x zTCD^|KQsI&LpnApZ!|jlVwz#L{8D)|<>IURG+bi7R~zqzz3XEGt}EZdm9og7e{oFS z<(Rn3@yTBtJMzJ9{;6VrHOC6O9PjcBVB`UX9~>*#{{K_>Z`8&UrG!g_FQ{VAuQgWZ z4*WJHS0#SJs^Z2sww4*(l#;GOYQv1_1qKycvu}EwQQPmX7$i(xR7Zwd!P5-=1xvP> z4BKrr!YsQl*bGf}@CB(8p@Fy1?n^}$q=}8_Zi8UP#+HNd5nC}a7D~yvkIlz&vQ=$m z7Il9cA=boy2)R-o&h?hAuHYFG)t|jBVqJQ%N{-BPZd8(y&!6@9fb`+!WWv-fW~~U0 z2^1-=dBMNx1A@_3HYJ!)tA#6>CJOh%@r&-sXe+cJe2Y>hYTHE-k*~MSo;A!FC>|<8 zxyI?-@(Q*3OsQeTKr1R2k(+D)yWv*o>5HrMa*d+kIs&^%D!}D@4Xr z(!6Y{^s*99nI#?&m-C$Ab}Nd@ZH$z=v*j&JeJWI>9q*vqE;Qa(B%vFlV+`AOw^HSi z|6*RHdW6~ShVl|-ezfef=C_mtW8VAggsUkU9`V8Psr;MDzl_SMFh(tlISs=%4!o(G<*ilM I)(|iL0pakxbN~PV literal 0 HcmV?d00001 diff --git a/tests/security-resources/server-keystore.p12 b/tests/security-resources/server-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..fe5eab72684d1cda5a45f34cc0981bdb3bf3dc01 GIT binary patch literal 4735 zcmY+FS2P>|u!dP{)gVf=s1ebv-a8>$uv(B<(QEV?tY!7yMPI#_=n>uOy#`^G5JV?J z7B}~vTh4u$nRC8>W}fE!1BR0a0I+euaB^V~0av(M`1K=fJnRBE`EwwgoaG;80K;+Z z|DS|w0)*ol{=<6zLK{T%-&4ed*nk2!@Glq+yascE2>%EFTTTz8gnJE*q(Zbx&Jio& z!Cfs@uyXak0357-9UvSyES*52(gBH?w)v1GMS&7;8S#ene`ksx!qoJqs_k_?Yg6aV z?fPt@Rff`8uxg83)H82(Of;t!o9BE$#C?H`g+gPB1R$H$Y{^5K(yCu8AF1M^qaATH z=&}8VpijbB1NU=`ONtSnqHzoRrX57{$-d8Q?WZb6O?vxjyP!>zAfq5uVqgq2NGuo zce4_=VG&w214{9~S~E#<`8Xr;X|qK~(nn+vTc&4Kml35|nmzIF${DIKcdxJso<8YZ zCG0kTIf*TQAw(k5j1ASamU{H_nlriN{00j*ZvBD)u5zWHn9}2{AgkFQ9fJ`$S#IbN zGNn`3rF?JI6YJj_uWp2G!N~qRCypD^=fuv6286mrjmqpqBvnl0)kT=Aa+o&=wq5fe z*z-9*BKoWm5MG|~wbPo&AFv=l)Y6oH>^2EEYtxNFvjr!TsQ}M{*`6=!#pIRSLhO^6 zWsa3CMw6A(>>sH6vZ7l^3wAhp$=HXHWZaCYaCP5QW736=Jw)M}dai z>KjH@;9=dc;q;!9ZlgKc^{3N;JUyO%on^HP>xEcc%{A$pn~{}zoEt+@Em$8|CqVaXe;dsUgGlZ2kcEl1H-s|hu+v{ z*ZL2!&_KCNwB`GkCg^=YAVhZYvP~6^FGtR60t2SqH`8fQ@wDXziLA>hz0rG;O;;}P za3t{p$>Fs2nNKwKt2e9W0mt)~9OoH))~zW1!CPf6vVHZe)k(8@ zork`t7eWLsc#oUKl3|D&yV4p7)nrB^vzlQm90t={D+$Y(`JmtH<}|$Pw2BU9oae0% zeJPsSGOUwr^O(7TLB*%p+Pq@E6H1dL+nsd?xGa`;7)fT01=VL{Q>qN0@SB!jqsBtUK%w^DI*%bQcCb*_;w7xb=>^7Lb0(Nuc40 zP%JI7zqbowoj^e;cs4U^)DLyDzaaXkcan&FsXw0UFZmO($;t7wTVnOSeqCprpN%O# zGfMN8f9_v@4P2T-~@`uY~oHB#OLY#_sZ>r{5GSZQL&G?lx4iTe#;1RWo^di;Ci zg~J$;!oQRDA*QV03GuuaG)ss#mHOFY-SFd2rpRP3Xo%f~Fy39?DM}${eV`sTm-Z-d zm|$hrN+z~f-0(#wjMVYVCusZW9{`UjPkaoA>%C%jQ%Fz3>{9CN<-xvyJedA}t&)IJ zfP|44%LB_A%N@)6KQox+|3oSQN+7wuy|Xp5fT*CDgoKEgsJMi<5ExEe{l86kpaM8? z?mv_Tz{dJllK)S^{(lY&`cH>-n49RQPEQ&5e(VmyelLe}5 zk(iE+^`PnrKakS4>~9)w4o!SeO`%=kCp@a(_pt(|Bw{-BhJxsumtmJq#WGabyJe zX_WnlIf|rJ?MU^V_I{Tq%pqxlADNjX((${)zs`__^0e; zyhBCcV;pCx%{2hb^vMCqd(`W4TEF*HyAan{=4tCKJHUU+wZ`H_Tjj#-+MeN#ZtPZi zLey;pRASpHVDV^{jt-hu^YUakMm@O_<+C@kByq_pu|wDl)M{DSg|b?w3uf zU)&{y*^RyBL=q@>nY52N{eBf2SF6j#QAu*j<9Bs(3}0** zlnKX@R2`gKC!}^d^iMz5k>hx@{n@Q{*LC%C3Rf=3;PL$&c1r_e5@aXUUDZH%fuDGt za9r=#GGs4ZihnZ)xI|2=CV|2 z7&fcvbf6q8Q+DSNf+uqU-wA|Hb-;Nx2#PJ*RBTR@jQ!*@ymvU<>a2pkzc-y&CytqP zzGQd5BTf0-B+O_K_o)^y(Vz~uP?Wd21jCiyET;EP5G>~P^^va6=m9Gh!rqNLcGte% z`E?%f~2~ z;zt6~lpaLsioUkcim|hZ`Z@XDE&XX~qr9EP&ulI6UMkh>fP~JkvjZW z+!ncQbhUHsOaY9<-U)WYu!2oPf@7_6BFqN~`{ZrJ#$LSLTb~M*^s-=vqu`+<4Y~+h zlP?!QVW-|c*m4FR$32c~!_HXTA#s~eM$nJ2rJQq~c@=17mVF?1oHpwFIxN`QHW)vr z-sIh ztr4?F6M`BcdL#sQw0M7AC{coR!tR!2`MEq4Y^)ow3Hl%Mn0u%%(=52qb|)cj+>G zZS8e50~50rq1b@u9`C6A5D8B?vGZ6-X&$~?Sbr;70=2>!2PV~HDI?<2@PxaU@I5Oy z$*ZKzLXBx{>EFLpsMYI;>l#g_mi~R(d%!oI&6y8LCNnh}vLYMF8ldO6|J!Ah>xTVM zmi$>v%Xv&<=)z``Bed+xP(ap+Ga&T_>lVfFG;N zlZ)g%60uJq=_r*%6kB28nRUOvPdT26z|z$t%!^z?pn|2R%s7BXD$ZugAk`dXe{ zr6?2fshp;gqHUn;ZL0P`cf+!8#O`rPh;hilZTAk1&HB)41jvk9`$i?x+e}ScS(YvE zPa-2~VnB!?fAg@pU9>LCbETiK;(aY9{w*gcKmT!-%u~yn(f65D)9sUru#H9Jwg%-37SW?>?T+_CQ z-(p*AjSas057wE8Z-7tne< z-|nC@(xf>cDJgunW;GJsSyAy6Vi-(qW}H{55b`TOgxd@Jj15HFC+^`6qAg16ZgW6< zUpp|e-4p+^IeYV?N}@J44v7!%x{6kYoMy*LBzhnT)5}I5s>xuBWCN}yzCCgtq%Gw$ z)%po5q9M&9C61G`i85Qv1UHmz^{hNLR1(vKg?m{to-PBgwOpOE=*+WD>pgrB7QooIedy5r`Mv#gmPo zXxXEBeJC)8hKpOgmb19Do!88#B)zqd)qIg(5N?(evW9`)n+=M6tAaCt`KdoaS@LC| z=iv*-y9wX7n~?|x2Q5?!G=eBI<_|m%`PG(>-mZ;z*j}@nw&km^?A%En-p`Mgh#lKU zPrDze;(7!YwcHoVPRc3#&noB(9`it3`9ds9lAw|cxsWa*&~beUgIeoZ>-ujoj4{lc zcjbOP@>T~Y9l_(AlG7?ynCSURt3q^*nt1L}WX&U2`3Om{ESLpM0K(-a!2!_WVgV^1 zNbZOdSx98>-wF>;C<_ySuv~5D4^- z2kGYLO(ap2-CQ6LAc9NO!4JY_tFjx!K_D;+NQDJ}RH$t(3<^M@@Q{}Y2#_0r#KarN zFL46^CmRHG!t#T>2$(e-h33G!QM^NlrWRN}kY_W*iDt(KQHcKD$FN$U#%2VDR{i@R z$)BGj4Zlx7(vTQL@%Hd`bD?;XNs{!7Ug*_2U(kBNLG@-JurF4(s^OJ$A~` zO=J~;FX0p9oD}(GSv?tGwWrU8t>tJ_B?t4lVCP$fzF8~k0Uci&*Vnhb(^Q#f+7zA7 z^gOD&jJ5&3Hp#C;j(k|Z-K3E$OiySSa3WBG@AtPpeZR+fmlh%BRGUc)vTaxzvZGHS zQ{RjS)^yQ9^U2qTjHql(Lcs`?QlQ1M?fY_;>YHyx?`~BqE zS}p!?-0}rR1sO;dG^a4J(f+K$eWzYSVE_ckR|CQCCqWDi0PAoz5Vp~PVjH_I#sl99 z-{Nu7X=lNV&7^eq)E>^@-o;)dH5 znhBVzv{n4FgO}*5lv{Z7LgSuFv_~9K{1kt#>nG#!XMO_a2E%zKp@(5qk;tx&a(XFE z?TWh(Eg{+B>aZ#712Of}?Yz`0<)#DIc$&+jn*nM@bWxny1~ z4jR6c4)+r6UYkAF6JeO9Z>$!9FPogaVdu1d`=afFy@g_hUY7Pu++l^O!mizqljXNg z>B-E=xYZN3kc(Q(lNf1TV<{3DQh*3%EKK6&MrHyKo?wzMi5yB&{*j$OQq%r31OlH0 zsqiUK6oFJi0B`^UMFSu&oWt07H9sKmx*`+?~7b`UVx)4S~jaPO0mgAuKG7&7O&15-o^)l>51p*0+1TQ}QY;tEa<8%aCI1k|_qDcRT+=TPobFdyk+c)Y8l9CFR%_p?;OpYVp`FW+ zT_Ds=59qAQj7*AIel+|Jjod!n0TEi(-e){c%G` zqA@`;&0`swSrip>;x#M!O5hfa0XC)lTiWmzVO0yh4!<$*X?z1bNg@7_{aK>NSuE{s4(7Fe_FRra5gFt!7o#Rkh9u- zE5%l@Cu3kVv=7sqIy4h0g>+n(O{g-_tF88^igg!Y2?49w-eDO58VfC`8ufP9mJcPb zO!_WlRmZzb+)+6pKWSo|FmtU$Bzdhp=A3_hIO${5NPJ9%@i9=(_no`w`}3&ttGmaXiPWJFj0jvLUMmN2(e%Ib@DYz(^{8sxTh zSzZa98e{)OVA+51VENIw6t20)bIX;=n&C+ziwPz|1sS^vGqYZp^N3wN@IW=F)#vRS zf7Lzq>(%lLoPY_3f>)%q`kV9GXAfKE-fi7~sQkl@I}cpjKBS!cVK;n>qU8 zlO;;kpqm0oo zl7CN?!lD^Gr>cSp35NqL1WcV1_d8C@>YIm<+>Q^@4@shu>kG#<2JzwU!tB@72$<1J zDG!l>T~Ye?)+XZ%r?uW_ZpTN+&N$YB8o$vwGOJd+UrJ{_A-!@)nJT$TFX(mrsPazN zjz`EyRm=YQ`p(>@-c*Cp9SQKb0yD19y9UWdQ0?mlg(ha=9bY*IIf@6HsJBE=9%C!K z@BF?&AO`IAFI@x!ZR@lu*B%8CtO$d-idk50JrwD2Y}LK$BjG6#<%>5*+@C~^jD5|% z#kVX)9nfZ~OdeNEJ48J_%MVyZzP|gc@|IDY-hO`BhwOsmhSpBa!&kJXA2hHe$p34EtDXbku zQRi+h``V&*&I6k{zrxs>XqePc~WZP#2DX7^8_#5yW{5(AkM*ZY_F z#S47*4RYUm?yRXDJ41l3m#XaKPdQC|$Y4h7O(QF*2=MH(|1y8#_x8D7zl#oeFm!B+ z1!KfxuSCV^IKGd*-_}h2sx1Co-2A6>{j0M0tFri?RTl06lS9E@PI*2(bJV!hRqn_+ IktN>00RhsWnE(I) literal 0 HcmV?d00001 diff --git a/tests/security-resources/unknown-client-keystore.jks b/tests/security-resources/unknown-client-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..10c7c434aaf611cd91db4e88432c2abbf18485b0 GIT binary patch literal 4132 zcmeI#X*iVa9suy!Y-2Z;$i8F?&)DS+BU!>&N-rXN8p{kCghGQ+oI+&hrG_jCS+b3# zCJCuDQMR%)N=8MJrEx}e-mCMTbDeWOocG)N;koYT{y+DJ`?>G?f8D=7gU+CXKp@EP z4~I_>#t(~E^YH?Kz%g9n9x5OfXLTLG00e^K0Rl7xAV8c;pb#(w0*iQ=%nER`a;Ok3 ziEG?oFeeKL@IdkdysS_s7#zWl^1)*w{A?YNd;rf*h!eqv3d8#aV@@IU0o|Pl6ru5t zLDD}yNgwz&0qFyNVR+05jE@%{gTqRr!tp0@VHkWAAT7eJi3IckEubp>NN@aCgYFP5%jq2Tm+6x%GvIJwE)w^X{kb_IYaS+b5jsvF_sNnUn>| zk1A!Gpn0I=LU+9Q+TpyRZp|`2Eb5^mzI9sXpbATZ z5An!m#rr77F%@-=P@Iq*z7H86JX~gW?llAo27#|>0>HPEAb|jbw_z**l-U3h%w3n@ zfeFI|PsDlbCDD)4WQP{^afVY@sRgagKd&nDFfmsZ3@W}Hr(BhNX>&K_b-pv&!3y={ zj&#!;)LZs2aozo-_^Y%wlwFzSqk6=NBtOY>{3YI>EN7nu3D}uVmRd*t3MK45GeD`$ zt4h_p>Kl-ne97VZq%HKlU;3x^()6pfwlAuAI&0%Q!Gx@ivk%4>(}O9jYR9QV2|R`X^YYt66}%#OxUW*hx1}|#Wc*U|hm)K>_62qaD;{+OT@xHWYIF&0$ywb< z_R79q5jI(L8Fo^9h_RIUDCR(hiKS)?s)k0p>FTlFUg*5+=Ac|>oMT8&`c-M6Y(VGn zB}L%{W4RA_%AQsqH%_#EF_z!F8qhpprS4pd3x@mfmW=WF?1`$m zIMrIK5#u*edFo=n2=b(N)S2g6>4>M9MgUrJ@~K(9TfVFWQsNGD6zeb){m_R%YcI}v zYL~!H+l=ouvdxLHnGCWq{JIu$K~W*DWlS7t$<=V~x~6GRgm7n{kdRuI1CqqXwk+ymsa zT~7;B1!*>KMx2j@TTrxkG#zfxGP?mDb9k#+*aZs7{MD5%**BO?X}7ld;T6S1tLUlI z?h5D6THO+bp4Lh~NmtRCriS=Ve@#$#otRxli#xD|p(^)gwqNqkAm1axFj=Gmt~$;e zZcvPGX@u1FYeS4~8fi{QAt~SHaqkD1Mw!{&D@Xp;t+k}RfUEm$jy)W(#~AI znOL3SI%7p>u9G~==Oo$H z5AMr?m5LhAh_KwQ(yB|SxRcfO%BiP2rad_~uKaF0+0{05g10DX_r#&}V&d?e@4Q5x zc-*;*46o><#g!vwd&JNPuN5_eHjS(qIZ~GFbv>HJ=*3TMLSC)2@N%o}$x79!TB}V` z&Dh%kuDY)sMzd6p_XnHEuxmsWF1Wmvd(VeDk(j6s=|U)r4+v1ku!1FsZu>&ED&8Uw8`iXpSTl@!=5vg0O@dC5vy1zn`F^KNhwP}B(kok?yP&5l78)H#hX`IG?GiY?<_DoF`jiM88x7|I znbjJhfl1N9r5DGeBNITwfqAk0_oqg$WvoqY6uF(HTAk{8SXsw$OWV=8#e6MiTHtvy zUWyvM(eiBQ&Et-T?WS~Wx!O?;eEQZZI?i`-Yj zzMG3RGk1t9OL{F=p)VK1)2Jh=G*uCP3XmcDpq|>OifKCwV z1i6ihMDzyA4a!;+8t*w|7sO~ntkYPxFsl9b^=6Any^U7VkL3ls1Ge2kbLi0FN=c$7 z;9T zPoh!+_IwwW)W3+z>HFpJLsm?t{Aa$DmD5q28cNn!0|T&wfUW2GgU1&YOza}CK2hU& zN2KAGTFPd1$5GL~VrvX)QGZ@f6cwXDKi&-J9?E0SzO{jQ zDVzNS`^r6Sq4IhjiF$lR{jHHJkBEhazT3$5-V!o3-E>+$8J0vsbA8qx$5}uOZ;;BY z(UO!c&T;mNaWbK8H~hrR2JhRTuON^qo7+n-p-|`B`t^*5VfKgZ$4iuRkle;_?Bm2+ zy^Su>X)(2{4O6~PVy9-d^4s{IwC-LiS*pt;=NSYACBcW?$}4(G|MjtfV2)P1F^OK zO&3Pc(Pz=))t^5TNG0yX^VMzUi04bI7Nyi34&p$uMsf`3@(f%%7yi>Y!-Va?BA?{aIX$psPh~CTTI7;@T@ph;Q z>$fullUC?FA^-J|^|WF6^4Kfw>jrf0KqrZ<7L)z;6Mff?8z?6_-se(nkqu0=opxq; zEiWBhfJ;#71I~x`N!@t9#xF?X9YEYqjDHM^I=1?$oV!u>fN)q2n;8%wAU)9DR3!eX$u76bF$zFW#|SG1Zj}&?(Xi+b@yzX{qf@5 zd*A!{0fX?f;NcK}LHJt8XzXF~VRu+?C~&z!_%et=_>%u*abOVA*Z*fB*&zlYS^tyG z|CKQ^#(!U7qQk-G1|dEHgAnh4Y{=;UBma9&fk=43AKwTXRk^>D+mOvwUL6%h(bt1V z0Q^-)3_|QT-57}YtMNW+l({C3rL&;;D)n2)mSfQU!8I|MyA_fD|W9D^;fka z64a`8GSncV!EucK!cnuxYks2Wqa9_-v`WhTFB^9NJwAT-Xwmsrc^q-c-Yiga0W-E*$QHUR>OQML+ za@2Cf6i)VQDq0MKIL*vU76!bBu`=gZEpy zxMJFN&#m^<%CrjB^XKjv9%G74=u*`o-{aAaF92i+qsMN(BBQs~76sj#dVUc`N9C$x&bTM(D!?4uosW!P5SenuKHY(!%VV&=DK-XjwFG_Hi496wbd zKZCwwQ$TI>T*8EI^CdNdx>}g}BkY&aE&7Xec6m|}9RhKtJJD*ogR10dE@VR=mP2Or z63koJbfQGk1jd%D!nIhjh9c8Ty_<|5+fhjR3j*eWa= z^GkJ(-F?!+CPA$)s(srK-O`7R_7n;pep-%X^6Ej_`*VtwCJil45Dxk7!`!l|ZI7<& z7_GqfFiB#xn>9$BQUxH*0^OV=tl7>gwr}j%`aw2&pD;dmL4+J}#kDgGu(1E$$9or{ z;eb&L99WdXsOO^zne@ERP@Pd2FOy#P@`6U>VYeBnbjLeX)lP{#>=od$pqZg^N_nxf zaLU)jo7RenGx(7cgVHBCW2D15rd3Pg^Eym8BzG0i^gLPizVb!A_N(*uuxfBV{xG4j zF_4zEcB=2_GhF3I zn~C2>IUD1pg_BG?y!{4BBYl+!cbpp<(5%r*!!o3z-xJ}FqN96ty=D2Er|3Cvq`$N{ zP|^hxARlC^W~dwVzq|H12j+Zk84T^@Pb}g*p>66mQx6vRbkF<~jBYk{O-@*O6h=(3 z4r|i!7S(+}pK#ykVqY3LM4|fOy3D_lZ9Mctx696vb*M0-B)Q{tdtxM@`Nvz43G?5f2fnq@NvSo!ucBm3Ej>El z$uOTfGtGZpaykNxe4iPpUp}B95~A`azNjZnELSbp4^axqBLsTLpsWg%KiR75XFLlA zx8RZhpXqe6z1f%L>Fg9?Y?KlTQo3%C=3Mh3Il^M zTmCnMf}9(KS@};Yg@*(D8+rfd!2LhsBL63G$1(W};qo_#xWuBcVo|lGs=nh-c~aRbHmT-`50V zIV3loSE#^yOg;_c;nGh^%!`gz!;^$|fC33?7O=;< zEf-8Y2k3V&!?4+jaJCVwgY2WF{(?;;0*%z`1C(IT3XM{LEKegrT`!x%i*OkMBLzn` ztD-nXxvs&r>5bBe3x8@X@}m3x_jT-CMu9?#P@&zKcgoOs2+2@!R>2SsmD!R_kBbbh zNqEY#Lb4!~_ZQI}on%H!vI6aSwvkWO@SEw@V>gHbxvL*~A; zyD7uk!{ftFfar{kn58iD2~%~y5R_Wq8E<)AG1{nkkmIpR zQ<6ofyb2bG8dDABiq1>^4BQ1U=qN9Ui#Wyd19Ww=Wv}JaKe(W!bzqovY4MvTIyflu z(A!r#O6a|F^C?>xhFG?Fr?7f78+O~d1V|u&qAzpgj~Wh)EL7UDWgJB-Y>Ry}!I@Zw zZFYs;Tn7UqMAM=aog9Xs>DFtKg6mak%_2UaIWvVNo3-5p75hUW>=I`~jv|y!;%t!s zS6sdOnpI}7VCF?bZL5lq+SZtMSA~QFN(1q@$!F$~whSTB;iqpKMJuD7lAr(Lc`LV} zuY?t)Hgrc|VvvQDzTaW#G5N>z1y4y+mOWuuT7u$BX;_NZK~Z>J#p{-D{f_wQ+g)l+ zDIMqGR!o4V48uYHz9?!xsBlUaS3Rk>Nb1n>e5?+(RXlR%t5@j$U6wL<&nj`713MLS zgR2HYw5_lG{7bAGBrc@WMJhHm5AQW7(fL#5%D)Y4;}I+G*i@BH=N6e+bLHf=!!U7t zr&&v48Wf{%4!?s8>x#%5@5z_o9FQw@FJNJ6)*hvW40ydkTl3D`;11qHOo{-BHT|Se z;n#3u9MQo<)P69lXk*!9z~j=9@jwBL!_KqR@MM5K5+_}Vzmcc`aOY4z8xnkClZC?o zm5+0qw@`CE2}YUOr%=DHzyV|^hU^K#Z|+bzO~|#^Yj3eSA9LRLW%edZe(!-kzu8)|N!Xgyvwku?+nROa1&rM;9I4#HW;~SQ7np zNxGRvUC$dWOFAnCgUt|UF>ZsEK?Kj;?pXliNeW`kg_$J4KMkJ>5g*+K|J@+&^ti;F zO&8n^J(?kFP3R8eoWy35Wln!kf^dQH+&<#5Me0rPYP9~*4%Q}=rR_SHOcvZak9P+R z#8X8s-xAP*rag0f8zxVIAck0Dc^Z8|;=*0%q0#3w9t!2xNnuJboP(TOHz0Fk< z*VOu}9zZxT8sQcAl}_JW42d$8r_d;|x;zS`Iwz_Rw;PE5k_!g6)l|t1W#u<>VAsSp zh#u!5mKN!fo!ZIL($^q=Io3dnZPn3RRjFpsthe0NLw*q$$1HAzg`I8d8etgwhuR(= z*?x^hE=}`{#uaSQ8RM!S3uj5h>LNr=wn2tRA-{hS;FKF5f+UyexhrRzdCHy{#Zh`B}6 zlSkLRM;#5Br3*!g-^gIf7GB0EySk$W)44WTE7Ze@y-4_m(+cudfvb5IUvt28imih} z5KY$_(>}tAnihq^fZp6^)UHUQrWwLxSdMAMtOsUlsK~gQqU3y+dFdE21oLaF0g=KF zlzH_$0YG2LEXUtgD1C5`d1_2>$aw;ezphk?du{V!$99XG2seL`-?Aiqo_|}u$8H?N zb?;xa4LvTW>wKO4iQ~BQyfw9j;v&C`%7Y$pOU>%@^MRlIlp$?9dksv2Mn|B;1a#B2 z*0dVUZ^?Gu$wj$+OBJmy&3Hn10>npKA1b}ESFQ71$mX}ZK zCz@hZwA#|@18QT>x=^KC^LVf9fsWBObnSDB7@_JaRQ*G?O|L&S7EN~q>ZJHg2@cHs z9@4~t=Pnd)9Ju%s;+6<&K=v=7fWd`~!$N$20y_0jlaF#l0<)Vz7{#kE%MdnoZ3Iad z0i`DB0w;^R-d;vnQ*QrvTr&PHJmI$rQ)9^?yF@(=NzDl5g^b8TUzIPZc9%|iC0m-} zwBG)eTk9cE@D%B*pr}DujlOH`B+WF8kTYXqFmiSf}dg6e!D9Vx*u{;_HtA30nvzlbP~rbih$G14c%Q)ypc7pANf!AG|YD3 zk;*6BXh@r{e10Tv`=~p{<)jWV#7faNB~nmn91*`CNVK>_0&&mszHGOVZDj9azV8|| z7gKK4bW7bcl~QB+a@o8Xd0fR88=XYwkH9+oL24JyZ2#tC+j>gw#M>n@sP8NRfhB8R z-D}G*TwqG0n6qRwFhiJ_fIr>ZR6;D=8Wd$Fg5?7rbE%Q-EGjc+b9POCl0Pi6*Er2_ zp61d1d-$V;D|^^Pz%^ZXR~dU{U-z*B4Qe9^#h}wq7%Jikr|ENOv{mtDK=92Lx)2o0 zaLAoXhqhogMAQLp# zRWi$0S^asvrahu87^BZ8f+X|AxxmXrCZ;Z%M`H-(A7a z@r0o-*s>uCj2TSqxow?2u1Q~5wAziQ7jVUzv+=hF`}6ja#1(0z5h&&^wA??T&S0t6 z&~a9GxM)ur0e>1N|AG2VYqaBb4O9v#{7V0_rFF2ihtHva zm8bHta!N%1Q@L+|)*jIs!*up<_sQ%}ijk;JwyL$r8#8@?Qi}W#+q!{e*oQa#M!2zj zzBK|$0O^2e$VeR62=L@c07Swu#)?=vue!iNNlu3oo02g84ZlT1LWzBfbS8hi?Q+C$ TA>@UeHCbC!LwE$Zu-yLu@5%{o literal 0 HcmV?d00001 diff --git a/tests/security-resources/unknown-server-keystore.jceks b/tests/security-resources/unknown-server-keystore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..ef2b078e4c5f4420a316339a8958f023d81ea0c0 GIT binary patch literal 4112 zcmeI#S5#C<8UWzV+kGA^h2uxNA@F7q~bpZ zp}v1Yo&Gujl&-U{KhcHgXzx$-@!1t5@;Oj{cLW03xU~mAs*8oC$yDr2I zhnD$l`45E<5)}_m0gP)i}SKMvhgfl&A z6~Zjvdg97cQ%U99%Sr;^m?h_b!1l0dH}qa z7dP%aPww!uD-gQTa$ws*{fY;H7&no$utt9iM&HZ7s`o&@DhI9WR&iJKIO4A7s>#Wp z#m{RtOZgj@9^&Zbjlf%SbyYqSp1#_ra!J?n!|Kmv$Z`kZz^7`umRGmlN3{>IO?qo; z(AYrqxzYSN%TDfwD=&sjVmxd~4L~|1UFp?N&*qSg~ByG=`SaYecW?mvdWATN@Kk=r$L)y#~5c{F!&R z|6oqZF>XZ}0nBpU{UTS@cVkgyuM-IO4p3jO%$X~No=@NXIFR{la?VA~n_eC(m~Yj3 z=p||Zgqc-Zw&BBOt)&4>t*UW%WocwgyJCi=-`!NGqKNvWansC(j0dlGsUBxoQG}Oc zrBZj^H7xoQGAMa;w%nwB_6EbEP^hv0ugUNA-px)&R_5vzFKzjlM(xrgy~;ny3oK*R z=czpsh1ACsKw4}v{m>k`e|whS#E>S>2^9VuCLE! znVIu4mqTOE zZI6Ng#;f!mgEWc2C!QmGG!$lxGhzXaXu5Q9G(D(OL-)mdl;-fH5=fLS4vw3NnAxBU zW#yYYU9|K!xov1hHWqOM^m zO}MV|DC5h@>Sj8lRZeZ4_cP(rP*VAE4DeEN9a zU~vQe!)sUgGw+)+%3$Z~bpm(zOl*$*vW5S3ia%EPr?lM=yIbSOoES$imOBHJnr$8( zqt$tb4SEGeEN(z1@>aZ%VuuZ?I#Sd$QuSNQng_&^T2e9}={{smGD~CCMB zU6JH%v%F*Wqzo-GBIV6SwYK6_;*+Dfx)5jj_zl)*pe|f|!K$=)j#DE0FYG10HZg7M zs@&-U_e;2qCG`!2cT7Kib;@rb`DG6zHG3e*{tgnSkm0F6-64Oy2L1pN6_q`ZD53X+ zauf~hgJdrN1fy92=6&uUkWlO%hrah1|IlOj*889IBm+o&)04=*=n4PrqWG?;J(B!q zs!%BHgklY``I^3#pJ@+}hVEF_pmbGMrPy%glSxxPs1OaS8-lIrPB;#kmpJiPy^Vsm zs-A)abc-{2b`GR$E%!CHK(hl!7O^5>7aU#B9PgV1XsZY%3PUz+EuDEp<)U)#ntpv4y9CWe@Z*6v$iwSjo zOG!Cx)Hx6l)_ye12d(Mn+_dxAn378a-yq0cU=)8omxWVaPN=}@XZUWbJ*H|w>^HN3 zoD$V}iE7|;E@_h9^%6qSnL`c3-z)H~2aNL_qct^pXzo-pKotuon zQaqEa^th+`1))D3%dfQ2mdrelz7->Qmad=G@tLQ1o+~6=cZIV-VdGafj)SM$?#$Jx zc;tOvza$_fWgj>4 zv2~%YmE$AB7v*n)X64y4&xpqfo$aiWebYN1d;5a5OBI9bxll|;Aq`hF+eBf+?lc6G z=P511X1RXbf2J{JqT{CpbBV$Ku~{x0`&$c5bHcB1Pp<|><+_j1N)f}vau$y zpZ0^nY;X{80et}AV1io0Sh-mAo&4PbiRP!#oB;b?h>eR`-`Ah$;pT_d0Mzy(P%g!P z3_||+gtYiJ0i*%Z*WbrmnL_OwdzBlU=aA85&(QV2|`?8@GcAvKp71n#MpHq zb{H>=`w`t;_o$@N)FdLM>+?d~P-c;j&+k{2ahMpZ3I7^1$R<4xGp~cmL>;$7Xva zdu`Q!&^34Xrp;tGUsC+NX?pJ*`Vs0U#Dp603s)|9ej@QBuac?zS^lZkD$hlavX=xI zOev_aDc$iWNb3`txd57i8YSQBeG*=+)FZ zi;x7Io}8b`;^ylq>ws9C-?%AyXD;Z_lY+WJ&CCx6ovllg`3!~Ac!yr}fFzysi{B?n zmu#w26+TtTl7PI zgnJjQlW*s^y^L9LRgJ;5*+(mkzV*W1FLB_>adg~lF-kQuF5}>EJhn7kzOrxBFZ(g1 zrFi$6{;Lu`b9G0*9J929X2EpyWrEU-9@Xtfu9ff9r46; z)lLk8Xw0N6mFr@N8tcwV=nfnl>{`-^)3ji2Wsnd!cV2#5EtRC33l1Ii+xZ$(MzTKZx-Z%L!}4b|C> zLwVZx9Rw?d`@Q!kW;)ACxpi*foubm|z8e|E#!EA2@KrpHEkem1F&NL}1D|S%GaXAo zD0%)5L!4bRzG^P#Pl=^*zT1)%MjoCnNfz7o?zrC;$EPma@cZ z=G^wOQpMQm<J!s8A%`J>pM;vjLkiGj(rBNj|WnX=z#$)Vy8DclRh?baMD&J>l zYwiS_@A)8o>$dzNlzX5n_L&v4c$n+YQ_XFBX(gI|n%d}4ee*Zh8%&CF!s4WtukhPr zEl)c+hX@}uDrFh?5TX29P94l%dr$bej&7f>Uv*xGEGfM3rlv*4$iu8^!&GFed=&~M z2TyU){u)fkB4%CH_;Yo#j^D<_#-dj>s@e!eWr=_Nkztaf|@m)IiE zL*a`Ldu(9HO&U+vlF=wzkb`uGrmhuuYn1rn;9JBd|i&x7Jx8x3&S)xo-)_7k_#?cB}I%29$i zyL?pJyDL&>Cj&o!CKfC5sMOmJm(8iY`RKiP|M+9XPh=~#GfoTVkR~Ca8sVw4+EX{o zD`FKn#aR)dZE#T=M-ee5wj51}%}(Lmm{?&kE5_bbavni;Rt4**!BSndHdx~E((I{J z7)An8$5EfNao3}_PqiGjKA}y)c%KHh9dBIeljt5736x(o^{ui|dwt$ZcTLJgljoo^ zR2e(J?n;>!X}#ovwa6Sdoo2J?dHGf*m}qffu&*oU$RPh^QJ-T7!R3a<;Pe=(hl5p| z+0ABpj2ugLZ`Fc>0D-WQ5G~qh7yV!+e9W&B z8~f9>^8W|IAB>`^$}ox&nt>K|G_YqBMgRy#?*mx(1jNJz)n^FlM~~$XJ?8Jd{|Z#n zfaG^jiTo3&EWh6!KVZdB%D>kOh0=mA)e)Pm>7d>0FW@qE*WVYEp|MXXAyNgGGUkH} z(K&xrusP$R8He;cGx1;B8w77to4^4ErP;jO2h+BeIvQxuyMgZ)^hF|EoLtWy?HC1N z679EFP*v|wImlcbaOI(J zrm}RcQvZ0S?-#AdS$YtM&$&Q;nZ~R{HSo2NJUaE}9fWdh8rcV@EAXuc4Do69KX35R z-L6hLU__quFjA}Xe7i-u_gycJfIT3xhZS)cAHW;+uepNQ8^8sF03d*C?-d2x+ea40 zRSbtSL&3k(&a&H7$S|soBrWhU86hJzKAN?) zk9wg~DzN*7aPo4(@z))M}r&PV~1Rd_x-t z2=9MP#k7;he|lucv|_n!ixCc9g-UnEXQc}IR#j&QG_7w6^0&(mlbc52lAqb~`)eI& zBc1Z1Od>V4BK($Kh18|d2Ce>t26(6)TinLFDQC3bU&Y3s>z)6Uu74F9e-#`5vtpz5 Y$k|Cl=$oB8PfyYA(!BLTGHM8a2cRO!4gdfE literal 0 HcmV?d00001 diff --git a/tests/security-resources/unknown-server-keystore.p12 b/tests/security-resources/unknown-server-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..8fbec3e02642ac61dac2139225689a8062a0268f GIT binary patch literal 4767 zcmY+EXEYp+w#Ah(>L?SvW^{uX(T6C}qKg_bO4LF0-lLZwB!sA8kT81hhS6J)Q6dP@ zf*2**UrAo>TkqYw?uWC_T6^zvKK@|Q;5;HiVpufT1V|2ze-wWKA|xez9}QLqM1xiS z+7DpSB*Fg`k+=e)Nu2)Lc7MkjNcn$PR1}0n@1p_NuxP*qObAHv|MuVKYykS}O(_Z@ z=8J6ZfI)~PE;-81NR0w z?MlY}9KG?051%d|!#L8O2u?#qVu~=Ld|e{-rq%0(X$7v^o?R~RU=JU*OT2(QShHFWPs{3aW3BISrdk)mf?cM}6>eV}Bo8W+eHHsE3T3SZ z{=4IJwtZ)#X?-TE*f%p`8KN?3-6Oa3N?B3#?pf#xIc<-UO!c^p~AVd%rXUgwj zEyzVQRJm zln#tCj}@iBZ*AFk2x9oXtD?4M_;tyfwbbg3kmB(-3&;Z|TwT%mli_8dNuhH2dn`}| znx6nEkC5`YDDPXcpDd$AwTN;-4;R6<=Dkr?Qt=XBMijl^T4%jR4Oxp(;P0rtM`qq) z#&Hbd4n zh<(VW5S=tavimH7TQEW3Oa%J$%oIUD!MVI%y?zo~0)Bc)o6^3>x zc9Q->Co5P9cd(aeE_GgV@40z!1M?t*n29X>*i?n^Bw0_sWG3w=-^N%uHm%^B=UrLG zBWv_Ju;2Q&es3)$N~~ElB=IP7{sY7E_I?~~IDV_UGGs=Blz#l=LSQc+GGb(`PjrA# z1!|~FHc@UIpTLAp8ikOvO&L7(s{mK3VC}YP$ZpTWNM#Pgk}{KK2A;rrUJ&pse%YM> z@_q0sc0?BSRyr1JX(}^V5JSbd7aSP=4J)`tlc1wHlBc9zEe zV-^`83nebMkxtk1oT>_+W?}pEh3D#iICG=C!dOfGPdBb}ef{s8x-u@A5#za7W8Eji z7t;a+>}hkq&5Fe*v>)N@(e`h~xr7zpS!9dMAHfkb!AsZ(N!E6f6^UBt^krW@V{El$ zXtj?6))h7Wc0>PAi}W;+-n0|O!_)Ho#{7jQ@XFx3!Jl9BX`DzGD1NJv#U*9OcU0UE zCj4(ylGBTGak(QB>fJIYv{kud8d>>6!{nx4>A|&{`O8%1&{ugn9|03=n#=7GI)%t;xx_|lM zpQQwswnFmnq#&$~sHUpBQwj`QU?~#%gatzw z?*^(PZfyw8wTVEzlu2Mx-eUUEkdUvvGt~@)$dl797X!d$s zA%<1e0r#jxbLP9x1}~)Tq`yRJy@8e|Ont|SX=OQV*oU9)@U|7&4%3V>!3Qad{YC~J z=!{*_}T)0 z`>TqBJaD#nqL&|aRhE!Hx;>lljuom9r|5VG)3_dLaY&<6iY(IZ81+u~UXTC&9uKtoD_ zv%zP{W+|MUXwI_u#F#;M{)`)Wf!LPgqE&VLlBl&uVz6{sM}JIhrB=;zHY~l@)7j8~ z)v%=uCpsOERu}zBqYOtXMvK2RSG)7zowCr>i!Kca(A8xN}5?(7-2`ypT; zK*w_Yc&(L8!sdmB#mB`&u^-FW>;{QeZ4Z+8Jpgv2B!^ne5D=!0OZTwdbKko?n54^8 zobR||i7oX!KG!RQdONa?08N1=!bfXvO|-uodh5U@*eB<9vEoNdJP%R#oIf)9x0^U_ zds*;5rs(6!^Lu)Mm$|=KwTijK(VnYY6G8@7qtHm5Pm#>68UcGUsvNAdIbFXTBi5a7 zdgol0^^a$y>rJP%S=UwYYT8Q_e5st{w>a1%D35GY`R zta}nMK|9SZqZ?O%y9b^174rci$-RxVH_M>;To;rT1%lpb^V^L>I__shr zKgS6%C_yQ;{ooj&L{_ovmHU%0^R3UF5Ure#z)>6D`GDqB?bKR^f3`LYhzsSI%Csy> zXJaz&%J?cbP_GaG+|er2FONH&?8=8}I6jChtz?lQrF>5#l|I6~^o$S_)F1~!=K$1I zTb5W*?7**Z`RUgN?ig1?dfNQ+z(#g;xGe2`wD8OVT|h%XdMCoMD9M4b z0Y`)}l#T>K%E&J#VqIJ^#+&>yWosx)rF3!6=^*RmEbW=+Rr^!O7d>53@_Cm24$Mmi zz7z#z#rlZWG<~CtCCYu;t?#&BwKci*hiYs;Ks4*Z4|)u+P+q%*m42mUC+8*QQ%Mc&$#R*?|w69Fal6WfwLk zj-=JT9_0^SZs+pG@OF?y-skp{iIf5sumqH%ZK$A}@@Z78mx`fwo}j z#+&&jtL9U#XvZ-{D0kGy>|R5)MVa|-hWnjIm`7g3mTlC# zpe}1xwuKLtn5gfU3t!d>ntLDf>#$w!ChL92LJdG5x@fU8<>TcKa_W6k{Y7ins8sYn z5t17=)Gsw7T6gUbjVR*8rcs~sbGYlSR*|ny9)nWz1ij3o*E);Y8KD_)n(`h=gn&8P zqJ{QYPYWc8SImj&cWP#S6M0lH(sGb`!zMP?O80D5B#qBMA|FLbF5R@0*kR;(by}}nTfr=*hX-S2J2%qfYmEBb%XijX3kS7y zP;X{>E2Cf77tuBkBZB$3yZq(wr7aYM)7aIB95r9^_Q`Zi+=~2e-Sl z_x*%LAM=ycC3LrPyhD99immaTNm1^}X}rDRe!JPW7%r5-{D)LB|JZTpwwUO$#T9(o zSFW37IP!=F+;A*W@6odULqNOx%ExGQC!?Ee24nDPwZ}i~H9)8E=GSRpjVWoGS)^5q zcmI&Hv3xT^a~B>gokq?}GX9*X|20GXkog1AVTJpzSFvSf!z_XZK|SA*WuR9-I16fz z$8sz-`%AI(IOW-wH4jqOcF>Jz(`2)TUC m5f zYRLkq@Ix**b@ZptPosj&f;#pU%B;gi8fqxzaN3TQsy@>dM+KJqiV0!{Y-A*Z(@6BN z^&L+53b+tid(?N+$P9=g{n)cEiPI_f{PZrYZaba-xT)mx?EUSQM>? zQ`^>>uU`a?OF>t=t#LZWjCejiArozv&lBv>^icF#*eyDZHAcZ!qpVuzS=SXo84q#E z#+VMp$3Ggr5!K9hNSr2jncon)!?@we`!7-v8Btm>O=kZ0bSOyv=S#3IK;>&kbO!(6S% zx9(id6a$Tk-{1KsCK*r4_igKQl}^%xBH@`AF;;Eh>P5u7=+ZvJ2Z?R|nogXuSql~9Vw)@Gj})>S4g(_ zEve{EK~MsP=sccHR^=7x(Mq0dF>F3q%ZQHYcQCopn5Ol7&4g)@&Q+Jp5Ho*eK+`xz z7V7QQB|qpeoTn$qYHvOsSthlp*0@NTZT^1MN$ZozgP_QfBd6bd)Qd?h)zKP zYc^IT{a5f0sHe!-5pJz3sXzV`qXX)ayF)!+h=RuMKg4mwB?l^or;0wmz?nTD7txX z>Uh06$-J0Mn*d93Myp+n-%-Ks8Fn20IvBiJ+^c{3LV5G|Zp&l_XNJ=85$xWyiYphMGqs8AnD($9j7Bjl(MrxKy~PuwEk=&gVvv zejFoj+nIjAiS~U@bxG9(s8u<;LQHUNC?^$g14*iea8P@?XR|4cfhO#w2L{$wA;wC6 zhU7}^n|r)gwZ;+&1ZjYq9sh?Uz9LE~F$+;kcXjFG)if2B1UN8|w2HUU+_#+X3jDw%3O<{s^{JdOV!>3KGQroUo~*PpfHaNz z-`H2V1!E~__`Q2ejuS%k2g@gPq4A%njEsFF*g(Sa*&zxSf>O}@*iN!OGz;7u@P4Hu z(c=+{kTlOg4pZt|&}4`HlY2;Vz3Nb9ovwJa6A-GGbY(b*8_0UN$ledW^ zSKIK->P6MKB)ZMc&5I2PQw~R*ZNBB6EL=B4%?%=@Rkj5z8rE%rGFAjc2&<%D&P!$L z=g0o8EDj$o@>duvLH~TPsGG8y_Ph{8&(Q0OG91OuI($snr!6sCks#oHru~j=%Fh4* zy<8*{ + + + ../security-resources + + org.apache.activemq diff --git a/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/broker.xml b/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/broker.xml index 0166df412d..e3bf43573b 100644 --- a/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/broker.xml +++ b/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/broker.xml @@ -30,7 +30,7 @@ under the License. tcp://localhost:61616?securityDomain=guest - tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=server-side-keystore.jks;keyStorePassword=secureexample;trustStorePath=server-side-truststore.jks;trustStorePassword=secureexample + tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=../../test-classes/server-keystore.jks;keyStorePassword=securepass;trustStorePath=../../test-classes/client-ca-truststore.jks;trustStorePassword=securepass diff --git a/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/client-side-keystore.jks b/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/client-side-keystore.jks deleted file mode 100644 index 654d691b5c3a56cb7fdcd1abbf06826b07169893..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2252 zcmc(g`9IVP7suy2i)ApzE?KiCGGmuPC`)BVmXIynVXWC@n-JnA#+D>p+eNo-Ok`iO zgllJv(v(5jGAL{A$fM`p`+D8yFL-`9KfKTR{BT~Mb6)3sXMAUXKp^mO0RIh`f21!y z@|dDVa(%KvAQ*s3fF7a{Ebucd02ELJ^8f%01Wkah=#^EV>H=&1A#LuihYB+$8SBn) zrrIpkS<$S8d|mLp79}cVUiroyP)BG&H`SnDctsXJ*2Yhf&vZ6%spyWemC8O__>9&1 z?o2VKj6_BDe)0rL$_c(&XjD()nYFfFBgDhhD$*=4MCfw@b^1ktaY1&XX;{my^-cOk z1?((5%}Y4CX0Qt0h;VhN1x-)8#ayp~gB z#2slDs+qP3-t?2A*27ntRDEuGScP1z2|mc@a(JaNR@3SuwR!%Nlv&V+8}7)#5|=Q` z`&st3vT9Fc#4G(zXfGMx5|jJ3E0Q{)Wy)(#M_RP>V+ zsA|Xy8HgSxQ>&A^Wb`9~?oom%nDT%lL}w0FILtlTDGvf$P2Yw5NfB8Pgbz6`=Ew#c zJJL-nZ78`vQ+h)7@;D}P$tUe*(0X!hG~fB1B%ZExtO}R{d*&4%j!o&oMcmjLR|&e- zgS(gyvKokL`r^Ng!^|w$6SUTlws@9v9&3mag6KhXWcRz7RptksVuGgblkhX^1&1GL zfC}FrEe(8GRnLM<#}4737Y0elq5~TXba3(;e^C93Bd1D&n5AiICG}G(SHV9 zGuI}GCvC=JafZS>d&zXcd?stE=c)fE!dsC&{Fvj7qH8K8= zrGtRI5sb;mtTJDU+h{xEMlIBpAdn`787W%5sZht7_Y^n5CJNd?l@BohL6D^X_?a zyqE#0%Dh7$VVL*=S1$??prKXsz3Hy6@~ZkoOi56wo3HFjmDehr1f;{U>_dNUV!__q zp313~S@(^X^sKnIq`gq>RzF>rmkebt$w%ntGnGdih54fo{Iu#jGWBzb8_jxyW?Hfc zue?KWDz>gE<23obEADLdowt7A6C*v<0qjL)K@fHyTT+|z{t4gZmf0Ygi#Nm#`bexc zB7T=z1P7XY68%ZqkFg&@?$b9OnFB@@cp?(aU;R&!6Acdaxt!qAd z5;ZB?`~7kAABp6rVliO&pqjjrBelL@Ajy5HZ+tIN{@Sic7$*6)(nPzC#n{eKk3}i9 zrZ_m!EaOA^WRcUCSikg0T5YZw(Y&4YJqgQwJIZp%JuEiulucbK-LPstZ_2u^nk|*B zwNp0GlD2W4ujkq{0d4^&evUA7cHB zcu?FwlyE*aLyu7JaQv|xd3A1x&Sr~Yls@!NnT0Nfx{0ssdm001cN9wT!N z=n@Nz+XfFeetAs^ynH_5^%Q0cWpVH2W_!xd&hr(T%T`xY4K^P_7LEAk-OM$&zXYP$ zD}t#>%g<}&I`n8~AVT#D(cK%P9a?H>HR3CxLSt^)QsB_n`8YE#MNaFvypBGHuWrpb zuMt#rkR=aZGKzKT3#ycvt8qcPcp{6OWwUE@?BmNh7v6&^FT<+lrI@PPebXT=jJWE*O+4PNV-o=on$c7;3A`bn6Ap<9+L$un ztPCAd((4+vL8F1|Vaim7mk7{Wkc)Xz^ClrFg1hvCv8UporlGrp!}oFlPB{~lu8 z98MJe<2L@fp>YU5yS^<{gp8f6jeVOv{+kq_{C6L>2lSa zi-CxVA+&(9j5q}u$n|o%tM_qpr^$@<#!id%7WGJ4=K|^R+h@un51R1tv-z7wNNNnP zvZ-wKC4l5F@@atT-n-q&PgbKAn#j^zk;D9M>7rrYHH`J%1pI-$^<|+9gHIc+h5rHQ Cc-a#G diff --git a/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/client-side-truststore.jks b/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/client-side-truststore.jks deleted file mode 100644 index 95e451a698f26e8d54c6f08c424048df8b18eb55..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 963 zcmezO_TO6u1_mY|W(3o$xs}w%%f_kI=F#?@mywa1mBFCUkjH?FjX9KsO_h&tTBR$i>ve$jETz>~_iW=h0%q zGbi8k>o?oRGHoUw^S=#ijE>yqi@I&QipApllXGj`ewT9S>darSJR{mD*^5C;^n>b} z2T`-SQ;%n7Fa2ewuPeuRQ)iZOl}!GYYh9ll*b0;nL^@=@+N~F2mU`CfNNu&$%+>>Q zw|jb~8kleUc=P0BCZVk-KW9yD44V>lZEyb6rytgzcpACB{nc^LMH_EcN2GBrx*ERV z#V#I|8;9>)$Y&Pa`MWCXLf5yrSP!jwBdKF0_I8oU6WXsPFX%nibL2gLZ{ozh#}Bvu zNen)4e#y7=MW41xZxcy8Zu$Q85stf$9Asr=cEm}WdcE9YF>6iIKE+QvcqV-6eQhe@ltEG^d9H|o#REKd2p!8@gY(W9SxGmW%oIZS`k+4kJ{y@TGX2N|ct z78Pb~{;C?&s4+FFn@iv4dY5rs{?w+!^@}T-suJBeA4;^J=jT+LHN(H?YQ5)-yltLB z@=tiV6=UDme)<%2;NyChoQ=1ZU1s}mU!={->x1-~E0cR4dwBTYJZWNozDo4yQJom= z*YVYld6rvj|FiX@jnv7!iN7ZQslAYW?wkK&Kc6|->CdFqX0T>|dls?bO4k*Gf0I>` z{n8&l&0cpiRk=+w=DwJ`@w;P^5ihnYyzCN8ReZT!-hbL@Hsgr8%MquVW-ovH^5KQ8 j&A-=QtXp%q%eMx*&1VMD3MZ@kaVq+EDhPR%hFiJzAuxpFOihS)(B}B zH&d3ZWk{4_M%FNvVl=&a@4e4+-@oAf;r#G9=ljEXzUMsWaF#jC004k%FM$6IZtqY} zZ0H_^4dmQf0sy!{NIdu#k{<$9gaE-n1uhs6$PEDF!HXNF`d0E#7u!%ar50MqCtu5! zUq9{7N$Cc!IAf&x%G5`eLI}JQrdNb(V7XRv3881wQchp%|I`?FnZ_-c-b<+ekw+Y_ ziKPjqE?~fNHC)GP*CS~F)6oc0-1LJ5`4X=Uao7|w_6(eU-^U{ebFz|2MSQAgU{ad-+*WzpQrO`-&o`rsbCB^O~PKh z=26~3fSqtht{uk!xU_XU&F7w8Z&8XdC3`)A;l~$%9&TM@6{*2P#2(5ok_~GGw7zo2 zt{^tWZ_~|WUaYyD-3{^EU7Gb+#%*q&(@9!1`-~rf$WHDweIU*e9Z+S&4u<)eZ*WNT z`AWFP!hE@|-dgrMl1pY`2pb`XeQ{pw^3NL)$3a@l&6j zyA|^=RbV;kSD|i3qh|S!U6-Myp|_?d6CO19_VnwsFeJYXQ{40#pl%+JDE7JW&+`OR za0bj~)*06pTc!1DI%z9nFg(w~`u^&tMp5Q6ObT}sSA=-TXHMF62#&Rio_ybKb+!Ab znhLCj*^O3iV?0mg<3YKgT}*0pP58<779U;>n+Y+5+{N1_T-}+eZY{gsWXIX=OX@N| zV>K=Wf$j+#X<}l>66rbb-dJ?JRH>j^2)1j|)c(-S&#=4?gk7l9Q-*G&u@_bhO8He@ zRQsh-GHX6$>@!bZ>O{0T+MRfCcH{am&16)3A@lXl3ia@fTzv(DZ!dMPRis-rezCX7 z-9O_qRT(UYK3zVCdL#e7f{ZcgqDg+0P}7bpZ|$6k$@$@^Hjo;h>YP7x%eQX0z){b> zFz#bats)kNW&D^JIG9H3A|i|b6t~LCP561$i3h9tD5FI##@BCCK_p+9_fE;Zg8CUt z^IYzO;*ck0y$Bdp$ICGta_!DQ89`~k&YzK`iVPd1h%F2t`XB-3 z;iH1xcz0r6=Qj)RPswd?ty|`(taqgVxpZYHENc5g*!o=!mEts(;xx6*!hn`!`La0? zoG7r0(zHzvYEnz@qOGOcX&J!}VkL>iKHE!Vq0S=R#)K3D=IpTEpldASq;~6#QjZDm z&ND%+R)q$`W`SBL&hy$Jw?`Y7gm#DDBC9XenI6Hm21F>A0qrPnq2se{(Glp#J{RZ1 z{GB%A5l|=H2xsCa&M-3(sEd1RfauG3TIKo3f!$afT;E&Jb4arMX$rHXfkAHD!T7Hg zE&f!m%*8F1f0PKvtKZSz)MWa@2M!5b0rii2v^*7ZV^pOef}PFo13%&+--FY^%+aF=u?@BAuA(> z$qb(C66%AfQ6le}^|+FTFaHl2mUYQ0_)GrqoRS-0sug9 zNIWPSiRW@J191VlxWKLjMF=DxWWPeZVf=SKAdr_Efb>&6fP_Loe}Exy&^c3!e~9OQ zXy0E1Lkj#>Lg75;Tms#Lv3v4^dk1$f#S7ne&OZ?A?H-^ijg$iI!*dmJDPaZt1i#&cPBj?)oiR{zksZXNtW;Vjn`e)5F$RbT zugZ}=+ZCi>yF5KBcg~(vmIRI~6{v-Y`!tRwv-BXovK_X1o(nHju4!WXjcK@WvHZA> z;$|ZwEb>&-+ISCvOYm9Gx(6ZJ>Ym+bn@DJy;E%d=f4%Z|YZ zTW;m7XNV>tr!K9PMHSnCPj9!mqZAADa+i|gzpAb1sVscH)hkl&=Rw|-!$iyH*rh;E zULH$Ui}1<8cScr(;KQ6Q?*DQ)VNhWIv4T8ve|n@*-t8tMK`90wugvuo9E)|eW33MC z)$rlrJILykP`tMBDuOgZNSiS${SAaw?-p01?NsC#b%;924_i4~ws Jjzs&Z{{W`|_>TYp diff --git a/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/server-side-truststore.jks b/tests/smoke-tests/src/main/resources/servers/audit-logging-amqp-mutual-ssl/server-side-truststore.jks deleted file mode 100644 index e039222af3d8202ca0a22a02c9d39fc60cbdbbbd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 963 zcmezO_TO6u1_mY|W(3o$xs}pyJJyFYHnt+p@M-NNQ7Bf9HvMCDy86@lbM=VVjw5ZYh-9( zZe(O=VrXG%76sxO8WB-efa(P{pQ9!8{}Tfh+jywP-H4OHq+lDU5h99;q?8-BR?hX znsSWK$HV{Gi*w<&zakmmW?Cvw58r?I$n;J6n|7S#o4|VBV)_2LZ!LshzsM0fxQA)c zj1Zm2L34lYnP^hQyVyC6Rm}hKfw#rw_p^>OPEu!j?o=Cdyl}b7!wqo)acKhcVpS(^ zoD$KvVi$B+G&OEKZt?Z8t zKNB+}1LI;v19<~kVC2g3v52vVB>9JbQ9JuI;8B3Ak#Vp48FL#sBji8?rY>M0GBOyx z-MR2GbvFDQveM>o zA8UUBTr9SL*4>Ye`4H91z)Ld~L3q h>YaFjvm%LoK2-`0r?}7CMp?_HWfseZ#fkRw0RT params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); @@ -184,10 +187,10 @@ public class NettyConnectorTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "openssl-client-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME,"openssl-client-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME,"server-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); NettyConnector connector = new NettyConnector(params, handler, listener, executorService, Executors.newCachedThreadPool(ActiveMQThreadFactory.defaultThreadFactory()), Executors.newScheduledThreadPool(5, ActiveMQThreadFactory.defaultThreadFactory())); @@ -210,10 +213,10 @@ public class NettyConnectorTest extends ActiveMQTestBase { }; //system properties will override the bad transport constants - System.setProperty(NettyConnector.JAVAX_KEYSTORE_PATH_PROP_NAME, "openssl-client-side-keystore.jks"); - System.setProperty(NettyConnector.JAVAX_KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PATH_PROP_NAME, "openssl-client-side-truststore.jks"); - System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + System.setProperty(NettyConnector.JAVAX_KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + System.setProperty(NettyConnector.JAVAX_KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); @@ -252,10 +255,10 @@ public class NettyConnectorTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); params.put(TransportConstants.FORCE_SSL_PARAMETERS, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "openssl-client-side-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME,"openssl-client-side-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME,"server-ca-truststore.jks"); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); NettyConnector connector = new NettyConnector(params, handler, listener, executorService, Executors.newCachedThreadPool(ActiveMQThreadFactory.defaultThreadFactory()), Executors.newScheduledThreadPool(5, ActiveMQThreadFactory.defaultThreadFactory())); @@ -279,10 +282,10 @@ public class NettyConnectorTest extends ActiveMQTestBase { }; //bad system properties will override the transport constants - System.setProperty(NettyConnector.JAVAX_KEYSTORE_PATH_PROP_NAME, "openssl-client-side-keystore.jks"); - System.setProperty(NettyConnector.JAVAX_KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PATH_PROP_NAME, "openssl-client-side-truststore.jks"); - System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + System.setProperty(NettyConnector.JAVAX_KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + System.setProperty(NettyConnector.JAVAX_KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + System.setProperty(NettyConnector.JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); @@ -318,10 +321,10 @@ public class NettyConnectorTest extends ActiveMQTestBase { NettyConnector connector = new NettyConnector(params, handler, listener, executorService, Executors.newCachedThreadPool(ActiveMQThreadFactory.defaultThreadFactory()), Executors.newScheduledThreadPool(5, ActiveMQThreadFactory.defaultThreadFactory())); - System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PATH_PROP_NAME, "openssl-client-side-keystore.jks"); - System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME, "openssl-client-side-truststore.jks"); - System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); connector.start(); Assert.assertTrue(connector.isStarted()); @@ -343,10 +346,10 @@ public class NettyConnectorTest extends ActiveMQTestBase { NettyConnector connector = new NettyConnector(params, handler, listener, executorService, Executors.newCachedThreadPool(ActiveMQThreadFactory.defaultThreadFactory()), Executors.newScheduledThreadPool(5, ActiveMQThreadFactory.defaultThreadFactory())); - System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PATH_PROP_NAME, "openssl-client-side-keystore.jks"); - System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME, "secureexample"); - System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME, "openssl-client-side-truststore.jks"); - System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample"); + System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + System.setProperty(NettyConnector.ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME, "securepass"); + System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); + System.setProperty(NettyConnector.ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); System.setProperty(NettyConnector.JAVAX_KEYSTORE_PATH_PROP_NAME, "bad path"); System.setProperty(NettyConnector.JAVAX_KEYSTORE_PASSWORD_PROP_NAME, "bad password"); diff --git a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java index 7539b55475..45d0aa04fe 100644 --- a/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java +++ b/tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/remoting/impl/ssl/SSLSupportTest.java @@ -30,6 +30,9 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ @RunWith(value = Parameterized.class) public class SSLSupportTest extends ActiveMQTestBase { @@ -57,8 +60,8 @@ public class SSLSupportTest extends ActiveMQTestBase { if (storeType.equals("PKCS12")) { suffix = "p12"; } - keyStorePath = "server-side-keystore." + suffix; - trustStorePath = "server-side-truststore." + suffix; + keyStorePath = "server-keystore." + suffix; + trustStorePath = "client-ca-truststore." + suffix; } private String storeProvider; @@ -87,7 +90,7 @@ public class SSLSupportTest extends ActiveMQTestBase { @Before public void setUp() throws Exception { super.setUp(); - keyStorePassword = "secureexample"; + keyStorePassword = "securepass"; trustStorePassword = keyStorePassword; } @@ -190,7 +193,7 @@ public class SSLSupportTest extends ActiveMQTestBase { new SSLSupport() .setKeystoreProvider(storeProvider) .setKeystoreType(storeType) - .setKeystorePath("src/test/resources/" + keyStorePath) + .setKeystorePath("../security-resources/" + keyStorePath) .setKeystorePassword(keyStorePassword) .setTruststoreProvider(storeProvider) .setTruststoreType(storeType) diff --git a/tests/unit-tests/src/test/resources/bad-client-side-keystore.jks b/tests/unit-tests/src/test/resources/bad-client-side-keystore.jks deleted file mode 100644 index ee0de7b550e0f9224f50fe9d370c5fbc42985d20..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2226 zcmchY`8(8$7sux_GiI0}%gC0UuB;73l#8KkDVeNgESb4>*+poKHHEArWXTp1*&4?-tYH$?)M+~{&1f2yv}oeIOl!NbI#G~(JBZ80v{Xjw=uZ-I}`km z=^m8%=oARV0H8@wI{E|*Aq@kdfE1V=02n|}5|pOrD62GKKa+nu&suywJErrX)N4ZO zP)T9|uOs@lw`%JhRoRlt_I#=oncUI-NqJuh9p^>!F}|HW&_DL@Fab=QMGiOyQ(FyN zJw*oFAXlTC&dMdqo5WAIJySRJ@n6ORl233iW1DrK)g)4HmY6|=_XKpDceaL0!(Euu zFSykP)JqYQ6HLUNXST9evheVGS{ASO$5!6)2H|Ba%0+OjH8mHdXIAaP?($=#?$%-p z$jJ0==L~TRsVNGJuQ0cv!@s&8JhN(|#EzL4KVD;`OK&1<< zq0(XctvhRlxD9!eYY&rnHI}$6H9Yy6Bbnq}H`%(=q>K1O`MAafhq+FiAsn$ef|wH3uN`hq3cLtB~X;>z3hp29g{}R zen@APg*`(3n+K2`y%bc~J*DJ6%%qfGT zWai*eYEsL-#GeZE;8AhIaudvC6RIH&)zeK0FrwV@G!!Wm3v>}vA`Ig${j2!|woQPKJt=D$WYM#zPsO?Qk1KMjP(H3)z zk3V=}KzG()WXJpDuYQgOEN)>O(X=f)t0Q8@ZphOkwVc#T!Kj4EpDIl18+8 z8AOxUza3`EK1dd*h!@hk&%54oE7%8nGEB0whkiz_*$hxTnL8GF@|MBkjqtbwRF;(k-Q z_r0f1<1XpbGBd7Znh=~mB&aF2KL|ql+gOX+jW`Spiv%z!$+!qh3uVrB)WJo%cHmPQ zweNofznTy{bNj>vdhe^9uC~0o=bf)9aYQ=KdBo6{g`Bk8F;4}n!HKB_YWosa)!!?w zM|3Gpz`{><2N%eOzKT*AdpZ@bUSc&l-gnl_0bPEV)-s&$iilnK=PsJdDWX+CAc!-X z1hGexz=qinFaQQaFVwA&(JU|~sR-SOT^0a9GJw!{d1f>M1~GxcP!P;DqyG}){}B8i zVn?(7%0!?TF?QaLzJ%j+w&Qbq973Yt7*B74tD~1Z3eEm20zn}(ZSlfdE{+5@Z?qsc zi-J7*99mHU{mb9_8pn3z1+{3w!=_nNr z0zuD{f;Hva;*yf8auro6*CG*~^Ta0c>RO7DeoGneTyVjI_@T7f7nLhox2qT2fwOq# z5zi_HkI&b~b{|l+XnJMin-iBVU_!UU?@I!9krkymhc}kinczR!m@k8T^S&ui6Oh-Q ztvGCY>~fi6mf!2$p&GF4ZFX(}uLibZCDEuyIrPP#$@p2)9IDM_{6gS0JFrSs)1&W5dl!hH&TncLLw`O#8YE(v=|EE=ZSHh zwyeHnQgJ}RVpMFSi~3~@aafzBx#u}CoEJ6C+!}gk(yc4#gKIC;ln&YAvIU^U&D-x7 zK`fm0yjvmz7A$O){eOJ4;rA_%K~6Opg9N_8%i6Y>N0#L(_<0uG5^|7$Z6M=B^@^%T{EvcUcIfgiOQNoizT%)d+w=d?(sFln%J7cJAOs02y?=qob!6`rk zi>o73`eX!+uuqKAt7qME#oRrp1m$zsU9J&FzX5)Bx2uE9`(B^9KiyAD4ob6Wt9@!M y@&hjRsJqeyhmoXPV)b9fh13dP-spGR61Ek#f)QO3^7%P+16$ZPGK+0`HU0t($I{#Y diff --git a/tests/unit-tests/src/test/resources/beans1.xml b/tests/unit-tests/src/test/resources/beans1.xml deleted file mode 100644 index b7ef164d44..0000000000 --- a/tests/unit-tests/src/test/resources/beans1.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - \ No newline at end of file diff --git a/tests/unit-tests/src/test/resources/client-side-keystore.jceks b/tests/unit-tests/src/test/resources/client-side-keystore.jceks deleted file mode 100644 index 3bebbf401423e8a163f6be01c855336fcb9b4501..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2233 zcmc(f`8$*g8^@n#7W>$o~S7Swmw> zC}kf;*6PjJDobPO7_TK6UY+H-&ifa6($BkLI@ti81_O4LO>J-hog)U6ht?2JtURn zM6;$I6PIiWM*5e%*pwE~F{T==(%oJBq_DERK_BY~>OBopwE#s}JrB{?Oc%ZIW%pqHj^QFHBURK;>bub;f_tkT#!yP7iX zMAEuP{01cg397JoSW@xZ7IsPvzpyBHPtQbB&>6ZhQC%cFyx{is_HY5(-azw4hT_gdpV&tT=H zF-h}YZB>Ql+hvUpoOk)AE@T&uiyuvmJMEYvyTV^jFU->{$-Gp*b2vur2&bFyi1^M> zvRwXNXew*x7~{P=qcEa|cB(Ff_hYhuLtDS@W`(P(;VOA8EG91{k5AQHdB0MYt;u@> zWJ2kjdhwa=#pwi#Jn193le*`@j%ZrFdrPgf&DxTtEf()FGDn4vG9|%?$S>A`0XYR; z?t}>RPCx4Hk8zTU4?B*bMQ2u8U^#d*CNk@UGiYCa!{eZ@n7C_+Q{4btl7~A@ZKL=wLm1##H11Lt$LD&qyx9Xn?mulDM|)yh;K^0-$?aqU%2H_ix@&(L?JwqJs+r6W?mh& z!YRbwxS9Us2mS7$q%UtPD&^d=>M>Yt!2H6n#{c2N0a^8oVxFHXbdGpC9MJYP3q!o;_wvE@xsJI<*T*Bvs##w4mXV}FQ zyGzXj0`?rC9M1Opw)HVhn-+Vlhh4&Yen(n_X7lL&$g1F)gst-LQq+|JTWin0o0IhT zMgG!$5>BQ{+aSNbd#JrRHQzKxeI^7{@{>iad=v5r8Sd@n9l5MCHM8%oYv-ecwFks+9%6a-5BMhHn$D8_4(ZC9aoszOH5s;xE?<(q;`3UI zzl?be6(G@A9n)|-;OHSwmsEP2Rn(+eN3ZvCvCbCaQKWZ@vm#!;c3Au};b5i%^M%QdUbEu5RIXr3IzF)02H7l0P%6bFCn@BbPw_l_S};TLxMkB z{9@cE1A{yX-Xtw~NcLw3E++Z6NdB*pyvYr3Pro2YRuZMH1?fN-EnRI$3xody^&p+U z@c*$A1yuZ}F(49vQ$QgAqJVrb3J3y>6A-G6E!FnekW{r(eA^0FJ<0ukV%^&L%0SVu zW8{J$-KRQIgRNPo zIpQriSZnV2NoTo(ouPpYdkTH%yte#pG;CO3AlSUS1t;r3#8tCA=>!6fwg6{&r0 zm_ZUFOClUEfUaviQ{sf~_{{9ne??)pQdhkrx5s}EHghK9-T0o4Hocx=1Q}a~ZaSgwGQaM=(8m}K9yuEq0G`4 zNUOfD+QTlXeK<{T?3t~VSsOhDgM$EApa981=)L2j1rZVm@g-%ZOO8=ytO=)cH{0*m zdf}!E&HprUFI{^kfqDN zM+`XJ&Z5~Xw&sAw0oQ4X=&00#`TGV8bXqp41)B7&;CmzEpE}XFhLuyZshJ_M3YNo{ h%zkfBf diff --git a/tests/unit-tests/src/test/resources/client-side-keystore.jks b/tests/unit-tests/src/test/resources/client-side-keystore.jks deleted file mode 100644 index 0949d201d807fdc0eaa0df48cb25107e5180ce40..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2253 zcmc(g`8$*i7su~=7TYvqUnXT4QTE%G@#0}3WK?!zdI}k3?Ab!-v1U!K?6QR+lqEG~ z4G~evWMmg2OH&x7hj=~Pbv^H2@cwXq_?+|o;auNyu5)%j?|udV0Jb0CpMmra^>ho} zrw~|YWe@-$VNf(;7s7DxC~|-ZPyxmdf=B=njaZH(6-B<7{nj7(=o$7wSuy`}(hw!E z%cf1XCQBb?muWoO7mmw#ud_k`A19ZLlZw0ATm(JF=obj>1ytFN%BZ9!w;1apX4TcC z0~R&|B*YU9rB(g6kfF{jmu{+Hcaxo?8ri0gxj}D*{|%WLcJry<^gN&4Fid_ zE&}bruN-@5L%7X~u-RwUeE2~}+q^&_>k;v}RyUOcEt>Qn@xZ;WguKSlj1Yqve{R(* z#r{Iqz81c4&X1JC1n;)0b}1?p9JdOKYCRRE8M-uxPV*Y<`b4Yn!rtWi*c1T|7sA&# z-n`VQ!2K?%OL5f--Z8sov>UvzI3-h>_CmF@TdA_tU1p&SW2x$Bk`NMb`lrJE`Gk0$ z_S)AW?d(2wMnxMTCyH1iAW2KjeWj-;^sC8&)-NJtY>N_^POQ9lTs3Dph)voV!ua8+Q^OcFC!TF%+I^JCz$u5tduWbfAJ)9h&-*woW8YY}0Jn9n&m+FL&~yyh6^R zLgY(@a=<}Lz(%-QD!$=Xt#GC#)Eh87jAFj=1t;q(M0MS_u3cNUGh^Ae3&|G;P_h~~ z;;~icMiu^8kx*Z;i9954udW7d=?Z{IyfxZX(A z3AxWT=iJ(L5QRMXd)z0FA>NtM*`InBX1TcJB|EWH7ff*Wvjh59r$+QB28J20PHqe` zVj>XYy6`~LLSt>!<=ZKlw|A!C4|Zu&tPh)}nsqU}%@P<7j8H1PcWwGhd|Q&LnT9s9%4uH`DaiekWjB=U%#fcpNs* z$Nrs?l8bcNLRBv;;n2oJOqeW0npSRO-go(=vFZDzurjQ#rOrZ*ujod@*!sc~MxeW& zE>N}?XrT3WCA{+&$ z7-p$5il|g*%R)^`ji>&U8+52?`H`o49{07p2%lA9AiQ>*2xgD0ozkJLVWaSL*5`fef{X01sfIB%!OAbV5M> z^Wi-|n>+3`E2Dbs<_@vMH*G~xePmkmw=uBKmE^7c`qE#Ak))yp=>Pyc4vL0HLD4X3 zF&qZMUaT~Rv#@o>QH5FCPV!fC62i0gld^Dp9uc>hrH z2yziz1F6Ao`*Obhd%K@P333wr1Kqr-0cui^#2*>Bpy)p$slQ87MqX4mpFl`L6s@iX zX+TY@;9qL#Yx zOS{m(ZZy$ZF(P@HSn)$Q)+qF$(^1};qM^B?`SRA3{2BTyT?I0Ze%k5x-n2)hAkU`! z+E=Gv@BKDiKX-$+Qoc?tL=-S9Y)_ndm(hRm(#2k3bZfD^t-npFG?R^sKym?Q21pL!)vJ&B1WPoM0~uBJ;JGZ!!X&<=;eK>#e3h9sfG`@=nqL5LuP zPCpkvu8PSzCDz>~=~(Y)p=o$w_unS&Z`ZzwAmDkc+cvMa_HojuisC2oI>++a{X;k}=-ZGM>E_8`!cxv?^*kDqLe)9%v4t5z z2fY|h<$T1;xSq`Z?kH`Hy>gn?He4xv;5n%fEfoWF(Al9cuYAvv>>W0Yd-&meo2_i3 z1lyBtYPA2W$5Hvp?%~5OYxMQ=^&_5G?VufB!o#^Yj7jC5WI6q2pq$UCp^Rg^x}XXd zSvTveKCx_iYqFd6A&V8NE;~|=_gtEt;FjY)lAQZAqC})>l9jqL6Pc_U{P^7Tfw-1| xCJw=%7nbi$-_hLIho@DyJ9lNkPnHQ6eVlePS}DbdCWDqiTYfu!&O-#5{{lUN)c61Z diff --git a/tests/unit-tests/src/test/resources/client-side-keystore.p12 b/tests/unit-tests/src/test/resources/client-side-keystore.p12 deleted file mode 100644 index fd4055f7416077769cff2ab413739a49f02213c5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2589 zcmY+Ec{~#iAICSgl`C@PSXM^Lxkb)$v#_L?6eV&m2^HhVn2b^^cTyB#G}qjWt;ixr zoBLKt%YB7hkLP(k&+qqo{`kJWuh;wY`F{U=BM7{bTtIFFfrka*Q6!!xt_uJU0J8}^ zA3y}2rhQzGAb>spF9JJ&2w=N?Y_mUT2;YCN_<4a`*#yuQf&f}aoPzNF5AQ#h28psq zm48rjm&5|%8P8cn z@^@5vQnoG9`H@*Pugyg#eVZ{CLqJ_jD0z#S_dGE5A-}-KNq_GL#=L)p*XnKgV60rC zIvmw^AmgIGLU-5?WcWt&IumU>RS$9j2>xkN^ybbe_HK;nQ|H-PVI0l5IOQa!;6-sMdAFNfS#W(A699B#wn%Vga?mDa%^Pzkns1E7Ki%qIQa;ZM8#WdAg z?Ldw~BX^mUcpt|icEu^40pnjEKL(TT(WZ}In?|ez1E$ZvDpjh|_lSYNCspfF=Mvge zytHGy>yxKH%|D;i)Q(w}2CR1#tFYDs3F2KTG{ZtYm(YkCzC#Yy9C4D!Q1ugAsi9jO zL-<)c6K6HivAC!^;t&yo;aKS}Z;!-W^RKYLmDKfz+N*oV-Td?z%Sqj+;qk~c&3f-j zeJr?C`*BA5Y={MYEZt7?PfG2Ddc`x37Uryho-&Cr-ReBW_Ir_;Ol3<|3Q788D+!-y znfIZO-sCITqF$`GFv>StxA=}Z7#;q*J;z_G;?x0$QBx^}bl*6J`fe%~*( z75V_y`1o4NqR;OeWuf7wnsM5d@Dc{RYVU@@p#OyF4V%=+wxsNUQ;S$Bdnic0IzQRr zOc&ZcSU6l_JX4VFL>gX356GQMgch3O1m?&wOFgtP7iSXb(_dsTkIJL8n%kfy%Xo`cTq5`9|Hr@QAK}){IdKGfv)x+>DP7u6{`Lzy^#Lk7e$z*7;co z&qzhkqgRiSXNTcNv&%?}$Kk0@N)KUO%xr7myXxSl?il9))FBrl-x7xkut~zdtQ8JUWQ6 z9gdsB7bY(vnmDf#)@mrq5c>jvSl?Qu`Ux+Ufx6M+_v`8(D!{S5$k#@0uRv#U6^?8gwgYVz+A3eXfCIr17yX&l)oD}VUlYb<1A*@#j zUB|#Ens+1tW+&eGXf<3$MVuhKpDB;3fP;=_1^P!8i)GfY$vRFd@={uK0+NFNQ= z)`t~tCNFQHhC5W@X(F4C3>o!SPh>QNP3at_VI?)Nk{vh)K#|sa-OOzbaN=p z6rjNQqZ1K-GQKhYzT%6p)_H{+mMFs`{y;YM>(QdDIgD*y>deaE_0|oxI&J0I>C0PV z@?qp4ao(4kF}2Q7{%@PR?>6JHjG1QfZs`KrAs1bq&DZXeWe#_f^|o`h1Sp^GLe(Xj z{XA&-gD?y_?6Zai2SVAb5L%YCcPJW!&XdT)5)eaQb4o?;3iARw??-<@Q0PKw@@u}U zl9GS$O*PK2ezKK^d9IGb-cvLZcWL4$YlClg^x^lMyE$LC$sV4)vnp+`b=i&6JVOL@B(}RH~<#l4!|Lf{}YKJMM1)L-oEa~keWyhoiiE;q^9;6^?h}s|1KSX z?A!F*KGNX=0`}MGe-hyT`4#eSzp80=6#tM|@1oFx6Z>9!usCbd!ryQkt$)%evtFR_&qqba1&3s^(?uL9C&`bFUDSKx+&qlWD71< z`U(JQ_r^xl8}p0u=gd~0=g7#yhc++n45PDJ0@Y3YLblS2OI!USx=$m?-9j!dnQH~O zCb`FhqdM4W0sH8;p&?KEOGr>WKCPPXm9@y>m0sf~@|tvb&f*!*Zzi=77S8jMnQap%V`L2EhD$U`eXp8e&>l`XZF?g(<=1DtBuX@_`u0dc-3RJm!#KF{M8&p4v0)nKamIwWM-XlL9eUqz*-ym?}W48U*!q#Ie|W zmMm#mqjVwes-8GZv#nz;sOE4rS;|;&DK+D%_u5-qVPrnP80=?EYwWe9ZBH!%^QUzq z1O|P+X0>v;D{Igoc#^oj>7feN^)OrllyQmd|u%(T%=# zD*G8HZ0CiClD=9N?VX!b9IrY5H!wKiuWh>Et3!Wkr|%{xQn!N_?#(5>)67V~^puNi5ECNPcc$d$c<~2MnUjfq zvFU^Acnk0iQBj)hdQIk)-7S03A3mfF!23XUb zsidnzX=CC1Hd-6MzF5bHD3(hZ4S;pooL9tV^*rvKR8|woQ0QwuH*&eaHyLOkn9>Mw zfSNhskhi^0)F1rta^PIwR59;z_R9u}!7tm);D*M;=X1RhQ9bepzq9OaDeE~o9WIqg zD3h2>xIf-9NEys(vIw86|M}Zw-J0fE>9fk!^YycZvE;+RA^;x6UG)lL&ZcQ^bho22 z^up&_L4bTRA=I69XfOmH3XvB zB(o`J)lgyl$C4v;-=i?mPAyg=f!WQq>Yw2q&eH~YcTX#?kHSnY4jyXZYG`^%x|w~c z?ZfS)`B=@l!W4$E;o`yBDFw#OtYFR+->K<*uBF=*RX%%4BW?XQabu=dvsCdV{p1(S zlOvr5xIKuA?IfIQ7xQ)bSjdKfLn#EIk2sFtfq<0`adSz50U*(PC``9fnEst-j%gZ- nhbMxLKE!r|MAyUu@->diyvB_a113GsDc2XMhjVcQiP`@G!d&4C diff --git a/tests/unit-tests/src/test/resources/client-side-truststore.jceks b/tests/unit-tests/src/test/resources/client-side-truststore.jceks deleted file mode 100644 index 20884ded0659daf43731f15e91497cd527ffd339..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 963 zcmX?i?%X*B1_mY|W(3o$xs}!Ehabq)gKe(w+WogC zCEqizcs;%GSouWBWz9FN*Yf>Z^l=f^Ck=lNpcd7fsoex1~p5;%1Eqk6zP# z@o(0pZBhtcv-$XYfi)V3R;64~+s<0XeK)lB{K-O(Wv}O@-jTb-a5Jp_h4N=fpI2YQ z^Y>x1i z%HFQ!Ts*Z|@3&9w-;41cUCytYPlnq3O}N^h8>PpllCwrc$vQdk`GN;ermtEzt6rN^ z#apKP{T7MF376HQAB%;{yTANbR<=-E_BM$xizaSLnV zib;C~?&VZGTO;~|<9ht+rTJg{1B0e>{<}G2=bMdRCT-_=Jxl+|k{!ETzcl>eFFh^4 z=EL8}Rc_mY1SB7LsA|gCo9*^!n|*JaKxwd-@!W-aUfJ>vXWy8q^)*@iy6e~)^Qo|vT!Ehl8 zdgb|HY46`E0)PhFKYXqmqxX76fX#@QaQDsUA%Zx@thBGK?Yx&P35QW z4vm-*<-C{kS%hoy><8;I{ndKe-!n>ya2ROE*z6EI5P$CPtdElxJ3pN`!%rYLPI5{9 zkH8gd+}{m&G_yroSuMBhot^tj*RNFhQ5)aS`nl6jO-NIfT61;I-uyqp+)G2YY5IIJ zu(ou5PDV9j}u$3}Y+4s4Zx$t@U(KKkVNq!a3m;^W)`v{Fd?^ zXgFQeruoIUSSn_%z3#TNmiC?N6CX-BW_%1({oT*H{FvK3>(^@!e*UJ{%y#xx;$pv( zVj>OtUDN7QH-6Mnzx1fARk>e0^0t9#)z`0EZrrXEHJ0Mldv|+@`yuY@MrJ3kJglf$ z8mqH9G3wjTjWzuzZ+l&>X&KlYV4bb4HT6|0eUVE@N2xu+N%d{aY$0xlgbjZOa^ gl*ztyg3u$OojO&a($)SfUK^fApMCLt-R~cF0W+Xv3;+NC diff --git a/tests/unit-tests/src/test/resources/client-side-truststore.p12 b/tests/unit-tests/src/test/resources/client-side-truststore.p12 deleted file mode 100644 index 229e6ec855db0193136f5b6e5a9957ea2dd408e8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1194 zcmV;b1XcSmf&``l0Ru3C1YZUTDuzgg_YDCD0ic2ePy~VmOfZ53NHBr~LbwZ zPp~Wn;Q77LhmytTvC1=ZfdIt?k4XQqn4pPHvH&|Yv7ae09tg~^^5)A{ zr%FK=%Z&tp05&#kG+^P4y`VRF+;v}l*u?HpN5yXNq#}YUI{*d{t?w}3$=&4*y!?e0 zF?TXmSn*039G=tk!JppJGA+PtI`u$Tu7(M!0ET-%n^9dc|5{#37v>| z9}?$@ACkO+#-0#&v@Mn?I~06tG{Hx&U$b!>m^AQ~L0OZRmBvhAGVjSTh_))c-B-r1 znEbls-yySfysoXH%7BFpoHUjqRu=7(v527u3weCgJEpHir0kS?50_^k@4){o}HSt}<^A5)U|6%#V(dMqZn9|Wa8Acp3iNjXk;>-6R0dRF2aEP^B9 z98-P@p1Qh0jm}l5^3SRi`MjatLO@g@ZL;>@#dcax70qD^c4WmW65!8yus|(%LFFsJ zsF|&JDav`je=vIJ?RRnzs6?CbVK@Rj^hS=j>u~7Bkv;;dA_G+s=*Pwa?~V&RBF0#= z)kwA2)~B-Smbw91vB-qqIom^)(#q@+Uv*x}(v)Z1l~^7Jj}x?Qk=!KDopV!NrQr^s zX@~la=Zd%?32t%lAZzI!Eq+q4PW7(Eb!SHYuNIJJYCtG&$h8N2oxbGJz+z@tsWX$ekfsmC23)#)u@Foo$qf1eukrI!aRw6k({P4sY&qg18Cz z_ay>o>vmA3FX#_hsObNjbO`yd)WY%CTMK@^zBt-Jl zh3BCShl1!GQI}N1MXbmlKBNJf2GshrH(p>y2k^R6Maek$x2M4d4$^6tY3R9Ox&Idb zl&qI3U~#JE1ZgDl2Og0WD8%(2c$z2`SpE=hGsV+k%gTWMqZsFZgigUnr+Fwr94k$9 z>24acTPCry;*tTFi24i;fCBOX-ivi%Edj2#5zpjbbw-k(Xsm|%fRpV46S6imtX^Fj zoqeTSw19DEf2>xj*~vgN-#F*4pGN{MlA0cq*uXiB7LrxJ^BhPcVX6QP?BQbMLUBmW zatO(DTRhMMtUB-?lG~sz4=c{Dd@L=)23zVmCw44W2*xd)m*@rgk+V%&&c&Y|&u~NCCv$g~jbW*J)Kri_dG_x8dV7MSNWR-M1 I0s{etpznnw3IG5A diff --git a/tests/unit-tests/src/test/resources/openssl-client-side-keystore.jceks b/tests/unit-tests/src/test/resources/openssl-client-side-keystore.jceks deleted file mode 100644 index f69d19faada2a7abaa301e729050ab5d2bbb7fe3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 684 zcmX?i?%X*B1_mY|W&~r_+{*0KN+7R-nRDw>piq`UhJg$lr#2fS3!@g3FrxuK3r9>+ zu5zj-g8&mVGp_@S$B~*I<*r2=PyP9_J(9Q4?+?#eBZq+gZ3-qQk5ydGTOr(iJVZBA z@{14uujc_jvN z;=D$N2F3=ahNi~mriM{qu9<-`lsgbkiZl>rV+V%{6C*Tum>Jobofud=Ybuk?4#?PT zzMXM$qwUuTaXZ@1m~gH7x6Ax=)2Sr0@62}-q&nWsKlLo}<)oIdknNGDig_Pz-tEM5 z?YwvK(Tr7#6%FJKWPu?f%f}+dBGUbLD_4Az;Dj~%wK_F+C4M+s8qJFuBh2m$1};nr zQS)L}J?eg5l+MYr$HV{lRLyI94+|FUW-wO^xw3fnZC)mY;E raLZum-KM>13IB;FDM}@;%Bts{H$5?Zh55mMYqQR66RKRz>vRwRVd~CD diff --git a/tests/unit-tests/src/test/resources/openssl-client-side-keystore.jks b/tests/unit-tests/src/test/resources/openssl-client-side-keystore.jks deleted file mode 100644 index 674681d75ba0a1fa7e6b818d2e252152670f5e3a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 706 zcmezO_TO6u1_mY|W&~r_+{*0KN+7R-nR8AFs7ti1_wRfL|YfhEvYe+`-#e**E`1Rf2KVA8b!wCS(FxI31 diff --git a/tests/unit-tests/src/test/resources/openssl-client-side-keystore.p12 b/tests/unit-tests/src/test/resources/openssl-client-side-keystore.p12 deleted file mode 100644 index 098abe789b8cc419d03f07f2bbb7df87fde90e43..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1034 zcmXqLVqs%qWHxAG-p|IV)#lOmotKfFaX}OF29_q~H9+AN290--Wg5@3G@dbNJZaE) zjEx(rfrpEcX+gO`sevXN7fc9frZkJl@?7n(L)FPy8=7WH-xX1bNto7d$HdHVIDp0D zY0qgJcK-#xSX20y)z%(doO&@R>G$p0?Gwa;={a+o-ySpBx&tjIdTD7O{ zotoUc*8y>@*Am)R)GHkSz!bRN>=%=~p`C#w+<}}ThCFgy47m)I4A~5+43!3o2q{rR z5f-74%-mE3Lo-7YOEXJDO9MkoBZDTUBXC9RYzvy0wgQDVGBGj$sZ|IWMik$%fqW-) zLVdy`_O9AgV zbm@rn^N+k7omXQnPciA9eNsoa#%hwT!r7&tm4p%>t48#z9as>zahEN-bndGf-AOwg zr&J0QvdaFgeXiS+a^Zse(Vo!ro3%xrba&k1HlMYo<7sa@=W zV!b=|q@3RyrKRua8@9tW+wrTY{q=Om>L)Y0JDm?UWHiby(_!;6ILaayt7^W=Ic1kh zDc3xm^n>@b+oSX?=3AW-OWz%`?%s~>nsqM~qclFf+9IR;BW&4g`xo~9nrVgorYpa! zElEHBqpgp7`>smykTXKg{`W;h_C`whimZ}zYb;>ctu^DGjqZehtW!cICv1Krm633j zH~frpZH}>tLT=bI&2)LGd)Z}su76&;3&fzVZ9yC21wS z$9=D#u~~LKb4xmpt?uWk`n_#GzK1qB>M#2KrI9i2;98#01y2JedS7_)w*5!Rfwaue z*CmqJEV(?zYI?SZC>=OF*Py)g$=z>nLw9*y2w&KJM$RXpf_d`FN4M7qoVw-aIJDz}Mv^syY-WYwr7Y$D;6KIy2(^5Qv? zoJM_DAG>KA*cm7qaI&##^D#3?u`;lT*lvmBoqlWXg@<$Z>UZ2*qB3E*o2uKeFI@U4ip|cgePdg4^qh`%;A_^ zl3A7tR4!n^2NL2IW_K(qNzKhHHdHW>1BoyTi^CKtK&2FdQ;W({iwxw%d5sJWj15c; zO^wY>4WqzZGXrBNcOaY;X&}tT4h|J2MriObGqN)~F|hotDUtCF_1$~-vlW+i=8q3L zK@W1De_x^epkv9|yNhO*@on6D>`dR{y)zE!9%j55yv4G!Y@TeyyYespm8#ZE`CYSE z(Lmln78oM3d@N!tB356yk5*ayT)BlKZfhggF{bZt7qy_q2(t%+fh&`OOh5PBmMNO= z{_FcbEB|<`{)bzP2KTMUEM|!}OjmQ-NHZxi+&|E{z2{7p56@S{(iBmnR|hBEeETOY kvSQULRVx#*8YYw@QEm{BMjo_4?V+Za60ILzInE(I) diff --git a/tests/unit-tests/src/test/resources/openssl-client-side-truststore.jks b/tests/unit-tests/src/test/resources/openssl-client-side-truststore.jks deleted file mode 100644 index 30c92b480bad6738cbab8bc4874635e1ed31f995..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 572 zcmezO_TO6u1_mY|W(3o$xs}gH&<}b2uiK zWR|4@l?xc~frPk)*&T~YQgbtl4HXRJKqAb-;xI)DP$`Ar)S|M~A_F;bUL!*TV*^t| zQ)6>egD5c9%)l7R9SA2y8VIwogF}Uh5gI(qjO@%#3@i_uAC!7lt~pWkIMYpF*$$N! z&+PgcAATS0z*WWk420{WSfFTUD1(qza~h{yX0Un^X}{|B5tTL!tBXl;KroLFnQtn-8;^{ zm*u~;)>f#8zf4(fR_*0&k*zzN0*XHbhb#vwc@VWo_rbEb`Pw@d&Cy&fy84aD-jWa< k!yQ`}-kAKWafWx@Pu+Dj8(nYaT8phWdH6fF$owuN0Q*v^y8r+H diff --git a/tests/unit-tests/src/test/resources/openssl-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/openssl-client-side-truststore.p12 deleted file mode 100644 index ce77bd620be8f130724032d651b7c4c82d407501..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 802 zcmV+-1Ks>Ef&(4`0Ru3C0@nr!Duzgg_YDCD0ic2c$OM7{#4v&az%YUWyaov>hDe6@ z4FLxRpn?LeFoFW90s#Opf&!uj2`Yw2hW8Bt2LUiC1_~;MNQUbWW(vr=5>v;L4qm@W$lir*Fv zBF3Dz*8y|C&2(ecnD{a_I&X)>*`43OwjlhvK*D|SaYXAFjwBtHtj0ZXq*aKMa3j=> zMzB4IZDu{$fUp8y2GLAFuv1M=O>iHVR#;A4fb67szfJVjf(MVP&W&#UVN)`^_sie% z9PlxCv!69lA7!0NH}A63EZCfN`z8Teu_DOMZiE?gIAk_#kaJF!4N9WHN6sJ@FNiEU z_EB&Nz&*Mi#h=@7{PvZ150>kQlz2rwIM=(AxAutIB1uG5%0vZJX1Qd=xoN{ gW?cjn8V+vBORb@NI2T>$G}&SJBTwWh0s{etpv2Z~asU7T diff --git a/tests/unit-tests/src/test/resources/openssl-server-side-keystore.jceks b/tests/unit-tests/src/test/resources/openssl-server-side-keystore.jceks deleted file mode 100644 index 7e869474f056c1837ff20bc1675afd59c85d5c8a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 685 zcmX?i?%X*B1_mY|W&~r_+{*0KN+7R-nR9y~P$W?lyt55r?`^x0jm%>3zjuy9Z8MmDx(m+kpX%!?1VuRT<-Y+r!fms7d3 z`gCJ2RBF5wKd))kE_>{{XmIF>1qz88n)ac}(~Kp1tUI~uAr6SpGc~XTI^eHC6XQ=H zp1XjViIItkCFi;DQ3D<}4y`tibG9tZOsotBg@!x^Tx`stENsHej=q5~9tR4K9l{ed z;0LMX66SDBF3BuQ1u7RX-~$P93$r^Gm89lo78@!U$bm$dg~eft6rfTH!Kp=MsYM2I z;=D$N2F3=ahNi~mriM{qu9<-`lsgbkiZl>rV+V%{6C*Tum>JobofugD)|ANjhWhTk z``L<1JM+f}ouCJ~&%duwe$cVx?A=AP%lJ0#J$9yV@!lDSbPqG$4BledSvF5L;$8Wd z|4LPBru?p1tY{!_APWo;Sw0pq77?qj+()Y{ey-fY5x2FG>loAbw~Ja(V}#j*!N8SC zL8hO3Zp#$ScmMT$pOt?+R{z5-MuYp-V-~Z-8>Xu{ZKRnL8SWqG+}?90%ZKNyVrhz~ s(W`@#Zod7K7Fn@sm8uns>dy6UZU;&dL&V!$-cL{58_s|8_K#nA08NL`SO5S3 diff --git a/tests/unit-tests/src/test/resources/openssl-server-side-keystore.jks b/tests/unit-tests/src/test/resources/openssl-server-side-keystore.jks deleted file mode 100644 index 85a560a68cfd0c2c1ce931794ce7d6e12aec9fb1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 707 zcmezO_TO6u1_mY|W&~r_+{*0KN+7R-nRC-QpisR*tpOh!mo^(C3!@g3AR{9y1538{ zW3|j(oZs>f*Ld<@T)H^UG~mN>YX5%Z>w0V+fi&w ztl8GK|0~2Hu8PnzHLwJ_>YqUq<1ZkdyMURAk%@^#Fsr%3fQOAktIgw_EekUfD}zCy zA&&tU8*?ZNn=rGZZy=1vfx=^l@B|I`K`Oa~IUJKqGRsnd$_0SF1qyKsvpW`*q~>N8 z8!8ycfkc>v#bJsRpi&CKsYPX}MFw)>yherw#s;Q_rpD%`22o(HnSn8sI}lEaG!SNE z2Zst1BQ$uJ8QGbg7+4-QKPdIATyvu6ai*KVvK=Zdp4s&?KKxwVXU8bxywv>o`RCWl zuU*^gdiR;^y9HHzmz#E1{Bv4AYvPHQ@-y9v|G6wyG>|ut1%`+$ABz}^$TkIwx}qcJ zeoc^?cgewE=H1y_MBGqggxQn9z>P_fVe-QDyLX&@FUx;xt*uZGf0?q}tlG=lB3pMj z1r&b>4p|OV@*rxF?t^7<^R;&_nxnZ|boCpPy(J+!hC8+{yfOJ#;|%XlE}tajb{bt3 Q$TYaw77*}ZN%Kq*05!nkcK`qY diff --git a/tests/unit-tests/src/test/resources/openssl-server-side-keystore.p12 b/tests/unit-tests/src/test/resources/openssl-server-side-keystore.p12 deleted file mode 100644 index 8aa49b64dd7d4893cc06e6df6c140449c235723b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1034 zcmXqLVqs%qWHxAG-p|IV)#lOmotKfFaX}OF29_q~H9+AN290--Wg5@3G@dbNJZaE) zjEx(rfrpEcX+gO`sevXN7fc9frZkI)vGe5T{?Ej2iG91vdX#6<9?Q#$NleTPhXYtV zDm25>4J14gEpKcx&Cj2bog}7W+t4^Y)H-!dHrtUEleVXSnOi@#Y^C1EWiqO-{uMht zkyM}JTqn@Jc#Zd)MVI3zls2AUA(}YT(9S>-?m$ivLmoLUhFpe9hHQpZhDrlPgp{bE z2#ZiiW^Ss2p_!qHrJ1FnrGcfnxj_@t5x63DwgpX0TY*9wnHU*>)GCAwBZ}|XK)zd` z6TmOWxmDBj=)Ws&%g=o~yC$m%?7N00rUG4|-R4nq*U!~$z53v|+x-TMU$*C;+^}up zKiA}_wfRq^*!F{LVN(*c>JQ&6oSpGZekQpW#KZ;X99CR+p-- zIWX^;A293m9kZU9yytJ-2nhMP_^AJ)U&d06(JzlKKPR6OVXgGLuZr`$Tdm_vw+#lx zZ4)ONXQ?{u=JZoCYu^n1PvySh(s>1MGbLlyIXY*T&p0lWT9=lwg z5OiqkKaP$6CeG60wXr+=<%h8K=80!4RQO6_uT5H1aM)gRM!j>)hK#ieai)nGJ10zE z63r5y7T_4MZbM7K@g;Lt{WBC&bgVB-l@0$V^K*A_%b^qR9=<8@b;$K%iDQ{KZNHVN zLf@0x1_ry;FD`z{?C~iNsIilaj)f3XqoPA&E-~4hocURTxbH*37LbLBZJ`!9q z`#Zbzm{n{Tr5TMA#I+PsYw+v{VmUHtGh=B03eif_P!^jDL0>Mt2O z%=yK7D1FY-c}%v(9p7K~X1{2irZPq2`~UBSuei;84N5q3qI=aE%;b#xOIZqEnXl3< z3JX#AoUPVeSH7e7)672;mG`dp$y7YocTfH3w%M1SP5-6%#-i}-UalQZ{r#fNd5Ix% zQCGiNgjb%voa}k-(02V>PXy#Q2Tm2Zbf?#&!J?f(P;N#LfA%k?zsLJ}ZTdf$FX$`W zzHd(Yj%n-;26hID2ApiH+I-ARQmhOtB01&_k6-Lt{Qb(NA2(ND<$7x0@mP>WB>2aM ce@y2hbtkOm$2h10FUGtu~Kywk*s{tPBQ)hCBvbY|No7Y{JZrzJV|v2MUiJ!V@&$2dU%|=5S0d z$t+6+Di<)|0|{{pvpW`*q~>N88!8ycfkc>v#bJsRpi&CXIhm<>B?fZhyherw#s;Q_ zrpD%`hEZUynSn8sI}lEaG!SNE2Zst1BQ$uJ8QGbg7+5@ODwE9)$k=VZopExb?biu$ zJKD~eaIN~c%lvfHsU)-S%y$!{I^NAc^(^t_q?WLd?UAR7c^_}y?Zk8Kym#@@j8%&j z4de}EfgvKx$0Eie(*1WUSA3J;gf;uMIyH7BemGhh&5If%%ZE=&qh^I}##>V967 z&dIXJ!~ghH&1-uP3l{BWFjot?vUv7wUM7X$ke{p7VuF<2>tvqo*3Y(Z%V6l;roCwi i|A{9lN+qw#_Wg8W+j4sTnpOQ~H``~UzW7N(Q{ diff --git a/tests/unit-tests/src/test/resources/openssl-server-side-truststore.jks b/tests/unit-tests/src/test/resources/openssl-server-side-truststore.jks deleted file mode 100644 index 54cc5a41fdfc42e58e43b6394587f7e24e96e0a5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 571 zcmezO_TO6u1_mY|W(3o$xs}N88!8ycfkc>v#bJsRpi&CXIhm<>B?fZhyherw#s;Q_ zrpD%`22o(HnSn8sI}lEaG!SNE2Zst1BQ$uJ8QGbg7+6;Bsnwm*!j^F?#%ju>;Go99 z34bJ?eyY54WVZLT`*IaN+T5)6kDrwa{nGF`v2+>dnH;Ul_Ai$hr7gbs!^T1`>dsb(zrpDd)yVdQ_t!TkHu9=2HF diff --git a/tests/unit-tests/src/test/resources/openssl-server-side-truststore.p12 b/tests/unit-tests/src/test/resources/openssl-server-side-truststore.p12 deleted file mode 100644 index 2937f289e512f464824f13be2bb420044cecd2ad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 802 zcmV+-1Ks>Ef&(4`0Ru3C0@nr!Duzgg_YDCD0ic2c$OM7{#4v&az%YUWyaov>hDe6@ z4FLxRpn?LeFoFW90s#Opf&!uj2`Yw2hW8Bt2LUiC1_~;MNQU zy8UG7CgY?>hf)B~SH@%*0s{cUP=JC0Xd2I`H5J94i#wY5K0Avmv?P+g4<%w1-dDEo zoCs?YIHs{`4Mtp(!hWYbGj}cg1?aPE#Xhaz`*|v0H7*yOvduDy`TX@ID@T31B~6Lj zHI%JpMS*nAQDmZg?7IsG%Jisa`Xcg6kTayeg7%{ySrd2oa4n8c@oeMXOOg#NTi!6E zUW?cxxO7qIr7Xnj8kwKsULiyxXRL(BoiiZF8ftgQy|)QCJEl=YiJQ-+b|sv1Oa^Q= zc>H|SC|@o!o^UNLmBA0?>JoImrmg+UnS6Zj90<-ze%waYG2D*iX5e(H8OFWn*c98> zo0H)_!wUZ$D|Sg>tIwvcN27LNPFM4rhyX8nAO>`e zt>z-_A*u0eMBcEYZKEyD*G)&n(;jqDFsZ@;Os0U8mvH*vK^F*VpRk>xn@U=G||zI7kPA{Sz> z1Xi3dk(*Xcl>i>`fJqC+p&x;5v7Jyx@f_vbR>S@7$_#p6nl7LGmS+AC_*>qU{&8-d z$C89LdN(x>B=32L-L^|Mf*Qu7-b|P5+(2GTJupCinx!HY+*XMW&0$E+dRqu}6pH-E zx|Fwkfj2hEbbN6wo0a1(gZ&kEXl&!2FzJW$mqh7#cGs3ZDlYsGap0EinVDYa8uv{7-Sy+&&WX+Lg;mAvr+JR)r9Mcp|CFdQVXgB2eL4cCU5-C3e4x zaosB;e$|D%Ow5c7jEfZwi$yQ2D9v3Nvg5e@@+s~x8t zmj9;7VqSI8Gv>z);Wf?9hYTO=neBT?za{6-*>GWg4W*vk=sumvTwO0zI})BgW@vwE n+G3)At%Q^Rz3GC_>>k0s*DRZU_$=Rv-G%@!YG%=MfU}j=u zVq#IXsbVnTW#iOp^Jx3d%gD&h%3x4#$Ya38#vIDRCd};U8wlfZpzzosJV66~kV-CL z4#(t@%(7IVasdNAkPx>pyJJyFYHnt+p_+jTNQ7Bf*1sepwMYS`Q~|0$Avm?DEVal$ zPMp`s(7@Qh)X>Dpz`!yJ%r!GGhH?kaVNHxm$brPj%D~*j$j@NV#K^_e#K_3dr}}-z zwQc%6ypQ=WhRzLo^``0m#c7&+j~j9)_SF?#W4C%4n{>12_81vB%_KSvinI-}w=$9Ka& zg_RfHb@~eJ=ZY%Pd-my%XNi*)Kln`W zuGMQ|oB!E+dQqh5KJGihdjx-J%UbzIxd|M+(GnoB(qgX0*0o=@1Tp`RYHitae%FHQ zzuf(d4>K_{GB7SyG>|ut1xBI39J1g11# zATl!W+J6>c<16^3`@hF>+K1evCzFk)?P0DxB+78e@BYW*MG}kHw!Jfqa+EFj<)m~- zCx*e{D*Hw88w>2x1s44ixx1*SupnRJ)z&u2%!j-hUsIX;wWV&JFBY5E(EH8am2<=1 z=D4g2ao+^WJl2cYsLfU4kTH5I*KNk)V6?tRG%mI=G(4br!U=M2d+GsapSv@)W6Js3%pM6Tb)>`GWD_7-L!l2MBZ`a zAH2r;y@|(`vGCf{25a^HP>Z7Df?ID_2FLe01=Q`;o^GcX{r{-v?&ohl-U<6R`^2Sx mZjL2CHz&lTtyKB>xJiv`7W?@<8!MHbea~4gFIpckKOF$M-eoKR diff --git a/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 deleted file mode 100644 index f573785fd32f9ee1bc088e148384f16ed2f1d868..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1202 zcmV;j1Wo%ef&{Jt0Ru3C1ZM^bDuzgg_YDCD0ic2eSOkIuR4{@BP%wf7Oa=)mhDe6@ z4FLxRpn?QFFoFa*0s#Opf&?-K2`Yw2hW8Bt2LUiC1_~;MNQUZ#w|xM#~`3v031oGsm$I1V@QO z&OzQI7@KsXYu5R(bs(cEVBtDV1FP`Bi4I+V3TGFk^E%^Y z5#(%@*(X~QMM7IHwW5i*%BJ~7Cwp&35y7Zp;Z4^?OMDhhe&pW(2*EE)bjaqdUFM>sYL$Xk9!J=+e zG4xZ6<%l7KtI`Q|A9Hz>GR|m6c{Hg$UL&d-P7DMc&RgYDbg;|h3KVnIte zBa{IX#6Hx>g4~`$xf_3ez_nLui7Sk#TZk($p@@v)Rut~a-6++)lmUB3=_m-ns zX-`;E(rw#Uuih-s#Jev!y}kP$wDHDX%en~(ww#Jn^*uuewZ7*=TADfWn9eP@Uf>=U zKV~Kyeh5}vrTpHN;L)rX!Z~#St=b4ZD*fjAC957Id`VQ>fWcKD;Zf%53iD6nQ==HX$_Rk%;d>mHjgHqdbUulQ zLh}Nn(k^9xkCijGt{!w<5A1h`KAO?lRF*2>sjVs1Nf{S)(f@sJ6$7w!%`7dZhU4&( z&wr#O_e|v{&kFnl@`v`cVz%prW=$PRi5DQhMePf%FX@i%w_LW{?}O@g<%emWw0>q{ zu=%FmD#jH;kQG;*)j|;435`!NPDX^e1b3oOn3+30`(H{e>1pIpBAQ`P1NI5(f}qRY zS}tsF^Y%7D>D`>1UY*1cTUXuuUJ(g}v;%p-SFvOe2B5OzhrB$cTg9GaYb?sP2+yE& z^~(30xu^@$`9Jc+qw*`Nft%GARiffa5X>D?nSEj~)KWz_=Wm-u&I%kfh{8W!_0Gcl zULsjhuV#b7$do7VcBsmJDs{a;*tn2@^HLQ3FXOuZ9*%c{#>A5UOu!747`u=g9y79k zG%!9eAutIB1uG5%0vZJX1QcZPb!dq9WJ5E5ex!eOWcD6wya)sojGf8ougz$$PvVPr QyDaQq{-Zo90s{etpx6mFqW}N^ diff --git a/tests/unit-tests/src/test/resources/other-server-side-keystore.jceks b/tests/unit-tests/src/test/resources/other-server-side-keystore.jceks deleted file mode 100644 index acf1603252bb71847f35a60caa3dc5ba72a42c42..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2245 zcmc(f=R4br8^*Jc8VwS=F=`yE^(A5)r3lBUh*hIDjZuwb#%?P{oKS);9J5x37Ufji z*fnZZX^o0Ds%q4xiWW!DxUTd23w|%|7oYpOUp&|SJl8WYFfafDfgpzh|0On3Q~)vR zkRl;%x%MCsY#E@y7Jy^yN0ivXFt8#72?h`_cvmDF{1?I5JO~uZqYtCNy04NtyQj=o zXs+u0!WmBlIQ8!E2X2x?tmm)vTYaxoNG3)-UKabbjvvoa6502(QW(W6%@;5$;?0aL z%iFu)rHolz?%f2J*r*67|M@hkBEfuP#Tn)}Xve~47+*H5G(rb3Xd_-P>gpH`7reDlb8@l_r;_-!_x}6Fh&1xGp)eCDp*q*Dh0LBpVAAyi`L6)F4b9e;_6oI zTBn{3+b$~feI}nc=P0Q{l`k9Uv-tJ+%E`uC;N7ut!N#5PQ!ep}G&)uzmHC^HP`fW( zsQimKe2y?pE~M>fw{Y{7mmgU*(jH{!9Ipp2?9KDmfV>&kZ6b4-b1$jBZ^w(Da*P!?-cb#tZz1s4~j^P<}bCq+F|~ zWr0E8^1Lg;wLlyqzC!m~$8SbcBfj%an?`S~U1Y+Yk{U$6mbKN&M@Gd8b2IXyD=;7H z?B|hkCDovww7AU?u`hbYxV=3#iq}OoNr$>6L-i1?GvgliSvxE(%u=&Di@MzH5^AEE z#Q)*Uk_cO8`a(=oal@n@@@TM5G!*A%onjWl7F)22_Ih!f{IHwCn**Oa-Ql7eyEJ^j3bS?gioG0IKck%M%-TfVr zf^JSFN<6_Kl{UPj!pyx}6Rb&G)HXx?Grd^s`3QTz-MRz&GzWVvc1!PM>%~$Pnoo_5 zm5Je1xJ%`d^tHDBI_p?kYc=!tWr1>SpuS{Y^6Z+~q ztA$mQ*VjaDttX*EwzH;r>n~hgkn4YR|nS=LU)rKfh#Uk`(a8AbsXz`loFL#j#jrW&K3Be+uQ`k9w$0;BeGX5U$IYcF_@598o8={yvPz@)29_ z^_vqOS@S(XE?S-5O5D7j`CH7ix_4hiPO}^FicNUfXk_^EgFV<}dIDDP(2EQ}oqHNac{OYr|8j=zZyK>SE@BH;$!Vg6*|VVoB@ z`orQvau|e!5lQ}`s&atL4+n}w6T)&YG`%f})C{Oqpq-K6jY`TT)kUlkI#O05HnbK{TOpNXjz=Ag06-QSTCby7jQdP+*pi= z@Gl{5I_3|@gshu>Y%O_J`qk6ZbZx)*n@R%?Uu_W)$;(oDY52gu&f_Gt3>SyBBRwaIM$iYwxbVDg_rc!%xYDa&h`X3 z$=EWl_xE_PmYt^pb&O=%kXtOwr3E#FY%vc63I>61O92u9`f$J4KMJ4R+} z{gmpAi_A77k&-j3{#)YVr5%_949Nr0gD0#ui52)B+OGbIhQ^X&T+4 zqAO1ejQP^*)qN?gXumdM+QL#Em`y_G;g4DOYGQ;n9ESl{W?%QYmLp!;n*Ev*txtGuw0{v*9*AhK zP>nIT)-JK70Mm?qW#+OyhPB`xhv^m)nkC|x@ obq1TLt}+sK1hIlG+Tbv?v&kFnG0$<55=j&>ez>% diff --git a/tests/unit-tests/src/test/resources/other-server-side-keystore.jks b/tests/unit-tests/src/test/resources/other-server-side-keystore.jks deleted file mode 100644 index 98276fdc99916b75cdb592af94d33c8b664ad8ac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2265 zcmc(g={wX77sux}GiJszj7ErLFqSY3vS*n=30cEnQuf@EF-gsc7)uKhp0bp^2dyeQ zW3Pm)lPycxUAAmRBja{&*L6RC!Smw0_?+we;#}WzuJ7S2bCy9M5O}|UKZ`4n7T`nM zr)%Km`-&hC7Z}fga`5~x9wit61r))80Kf%;GN22)nenlmEnU>0Lpjf65YM-CIAD%$ zouBlOc0h5@OHx1(l`>#SY$Wb{7Fr$~pWhHqbyJoy39&h`NbK(mhfCJ#Wd5ij;r$S{ zzYa+K%0{Ooerl6Mcjc**c@9k71iec40Dxu|AJyv1o@ovF!jp>il-}!c8*x>Y24h%_ zerouvX+BnMaH-bwMURVrw_T4Yi#58IalUQ9@D4TA1vTZhxoDMQRhgzJONkVY-W7dR zFP>m>f+?qrzcT1SL~r!SwHfHsQM9Kuqs8Ab=Lo#)Q*9S^dx+|Edv)^YZnxUo4`z{i z%KGUSEvs#+Bks1GDPwMzIewFZuae{er(;S>4q1itC^b>t< zIl#R2t##SMpV6;x(ANuRyHipIzg%AkN{Y*j?7@`{T!ugP8}@C(a+Js|{$>1=_o_%^ z_uE~%&aH(V8TmvjO|m@?Zwp-wg{w~w%gY;6s|=!#9imJS;5xo%Y(+?-^z~v*89NPA z335DYmY7G6CWxV1Jmd5alKXRKqBDsCL$illX_kJ^b@S&XGe}H@`rdr0a-Y)F8%?K* z-pTE`_bYkM-9lJcj5tQJ?AiVv@PfO{z@r7VE+H41dqmDM>-GrSR<=n#t|x869QCF* zs7=!dG-8DVv5hch#M3M*B@T^h(IJp`jRg|kO0!+bcF3Lf&LxWi^r*vSp@Lf)6oCAb zuerSDtG~Rq_Q%5?3`AhwM25b}42J2${N{*2lp!N?Ji!3gS&n zlWMo=9l63f5TLsACCuUW>O-&n1OZOuwQ9YOzBlb2j4IeMi+ITg9 zmb0*wAx}_s^cdP3X+MV1M2c3{S8WwH++R67*?i%wDhvI7Wo^&W>T7wz2kmhwdGF|) zmnBZtu-9FXe$t^`4b8mC)<958-T@p|;NPO}VW|%d#l2Tt5 zA`T1)zoI(y*Ik=fQ{V}jG6(0aNa3UkeIGe@1EMz;2SybvM=xe!U%?pr@PPi!KpOv@`i$&l}jUnVE*Ga+HITgF3Ehe`Oy+uCg7r zs&9;Uy$)Y-0m4`}J-8LpPFgA;qcyBgRk)7p(LZiE#g$ItHuGGine=Kjqsflm{Q zk#?wsd5<+BBd`_`z8;|h_i z{*GA9Z&~SNHuziVHTp!bS4XXD19sIH2ORw+xyNJmx$dXiSl~c1OC^{v(?Fz)R?j(v zN8y%CR&)hJDXv3aS_R{cXRxF!O;2y*w1^U!t*8k1_ql%sBS}RQuL}Y}lJN{kBAx-h zk_!O?U@%nnI30vX!nhUV%;UC@0Km%y!e3S6!}Gu(j!+mHLO5;r4TU z4;n%63h@v1*_WgC^LD?*i-r@ZAwGfrm(}F(*grZDw1iE_1s^KrA1UT<0mi|H8tOyE z9}z*StKl{9nrg??@pxU=KT!*>@i+ee24euy|2Ap=hd>yB00_?jc)$z*0Ns_{sv4+J zO+Zcw^g3qQFDx;>^gcMsKNT66d^dtR0M}jSTQnWCF_LRJrpFi`aW>+WlP}Z#wPUY} ztmv?LAd+{5aR9+1yc<2YiL0#;shTkCm34*`hn3gDLE1F(j+6Zz^Z0EEWOtr)$@db) zH#BQ6;!I(M-*jZ$x>lB1`*x>E?LEy@p?XS2koJaK@Z?7<@zLp59L$rRmD{HeH1M7! zM5WO#ZG_>unPl^6%)*!k`Y0KizUB!DkwL!boY|iBNR?W(x@Q@#!hq#$Sf){3H0yas z(M&j_lTP>ikU6P+xD@)w(B_K@(B(sRiSN`(OWU;{K)Wn+SlAMjI#?KZT9kOVE9=8t6Hl zs{Vip32#0KYPSBe)=Cx4hgGboxe_EOY@&3tG8tst5APKj$~E*u<#U9_@~Od;Akl^L zxI_LENQLh{kR&Cs;qJ@A*^!AqjLf)S)kVAi*5m#I6>450bX+b=8gW>C`AEDL)L6YF zwup!v8H*`pYn&g>jB=mUSyvsb5T^`RYsKDtqtAU?K3jO{M@=GeGv2B3({%dKmbw_n zpOb6RQUAgq`tnJRI@DId@)4TDxkRFEM4eKa zp^DqyyHmAuOKYP}oQEI!I41}pKTFS(eV<@|PQ_wzAVWQzVARd8&GP5t#9go#HGc5WsmU!iysak?ivMlF$$=m&8hnXBgU=8G5c2=y+v6-?I#RHO$BJS= zS^+RlQ6X2)0EhmR zp_EZ^vFz+a`|EF*sVE$xAsNx5w-Q|AGF>3k4Vhn1y}TJZX7fIJsHqyT8k){2G^(W4 z%WX+tFV%=GV8YCDK@-bWcK_^s_cJZS@y|GRj&n_K&hMw;n5YPDlY%QPz2OhHWK*vI&%72VjbcRKuFjj_(Jm3*4Q=Ba*j;@4wNi zgDUD&v!+cgCDYQdte7PbowVd?|s3mP{wdwSN7-ec3jC*Ba`RK$*V+ zO;{9WlFoT7zfd8xO-#P1G*tqg7~2`~^|!qih1-}*Sq3JHpcq82>!d@Qn`F)IF?*Tr zKT8oBz~3C2do7T4Pgw_B*=R$4e}W_^C_23lR1%cn7w+AZ&h^XE zLm*SB@aM=vz)=W)!AxBr?1-n&gX7)yF08{qkWKr>)B$Uv6gV?B8wQQxTkocs^*PEm zvBK6X#bj`|gD5AtWGIqE*+F68JaD75j^?2}|p_-HP;T{YfhKHPs%^Pb+lt z3*~V#6Vs8zrh|upkJ!R|msnv{fiK&Hk=*PZGXJUqBclmUoLE!)a{Dy(<0 zBih7OCuI5=mPK>mrS{{6r2hNF?x&ye<*1dU7 z1E^Apn^k^t;)b+#G?ZxtyOh&xrcaD}lQbgO?tLC(UoHNXSz*bcn44_fEzH_oW^*ZS7YSICU)tN9g05|g z3^T4o;O!`4M`=B;H@%vfR@wOyu`pl{uRnD9|aK7aVW8it^YjPl~od z-*p8ZdwW^8FCx=VU|Yvr&X^qSdo-H@VqIUdmmy4g3Ulnfo6U4;QyY> z+D~^1LC#M+#p`UTmEu_dIQ5M4EDZ7k{L-MxOp-;ZdPbxXCDP?|GoL#F59GNsbjVM9 z>?^W&SYg;uhPs?!6$ZV=Q+Rx2KUq{*rOwbI+uK_vG7t~x!3NyUB;4sC5@Ty0R{K2jky(ujlplyU{w%h-A3w9 zaxi9Ev79LMm}EOO#yUQeghk%A`6zPxd96h>;}XZ)4#0yA$j;5anAJl`&FIH!nLPIJ zqLWt}@-is1>595pjgtNd5Wp%r#2% zQ}0KW*!lBQf7xaaOIi$>jJWP=L1j#8?s!Fw=QBDCdMA#6u3Ia-xNhvSGVpn}-3Ep? zZTgSW2goX3!+WD}>O#DkaJ}QRk1Fi<5l?wXf}L>(E(kA^-6!Wrij}lBY&r<^pfngYJK{?`v58U%!T;!DNlb3#WBq z7iU&n6w565mTm15E{%mWfX59^WSAYzAl$Uau}GOggVQuL%ti8c#MnFwsZv?lF7BI? zN=pO|&sJvsQmmbmP_pn{u0<-1yOL0^&g>W5NX}ona98JJuYvtW z){>e=be-oSOsRDwKNhxIf;D%TyCJ?Rnp7U1i?S=Ch?VS4-J3Uxck>F`u5|Hth>;J1 zTrv$jLO$0u()(QATPbKR$oP{ZshB(W#$>o8{Bs_|GXZjHA4;kR@Ub_cYearO;TI_3 zmovdyqXq(dP)ULLlFnK=5)aS1L-qn@Y)5a{kOH1XuVAX5_Flh9Dpo%%*{Jk~M9|jF{nl~QfvC!lQTJo>weVv}7 zubI8+wf3Pic-q)ccB-k|bL7oP++0VAfE7va6k#3fniM{oWV`%EeC-M&5tEy&+%I>o z_^M1T63bTSXW`NuyeS%$LqcFIK0mG>*OIVpJi2}4W+10Lu`)FtUd1#Ll>+JTX?JzI-5i`EBGTXz4A}Z`d5mSLOMSVziQy8 zqFHl$43c=2EWbjO=Pux=E!f5%36iPCEqdA$Qc>}yGq4ENG85TO!jGHrv}B91-78O= za-9XQE2OV4pp<#DQ;x7=-fG}`hcMCx1?duOgY~70hU4jn?Y+(iSIc-3k+{WfF;Sv0 zab?i{o`ce zob94cS*<(c{EYBhdlYnk5E8xAz%gw9-sk`y4xPo{#pVGVPWAhWTmjaq^`N*R|~EW zLQp0}ncK9yav`#cq`#3*ielUN{c8^}r+XZ2ss=`-7>jYuq-Qc#Gvs?aMN^o0dcP)c%S*%O*lszQLHf;-Ys@cwZPDCqbS zoAc+7sm`k z^h1G-L&^!}zW2K3A2Zc$?Z_=%H7Hg&cOHaVMSI_uE4PA1*M^pOo3MbUJ6N=HBm!QjUff00cQZ#%sd%Bz|Y<5m|N`UMyD zAZ|L-QU@OL2UQ^^>V7&$jj|4{@45VxhJ@FtgN$4l=%zNWdtvA1ElGVPn}ngrW`XFb zH}J1d*Iw!QDg|>6F4azc!nKG&dMiXS6$7c@Sa*2pl2(3}i&1l&V_zfzuCXd4SZwI7 z5)^@8gK)@W+Vk9C4=v@kRvYAZt~g2i-H)mLUXaPBua4f-#jBgFT+v@RDnP7wv5V$5 zt#uxK?T{*~gEUt~uX@t&N_vL2a3op#b*vMPR2l|f{!GaH@-7K;_l}q4P5U;g*C{2B zJeOK&;nXz~YCS1C=v)4Bdd3wEY_3|=f8zEE8 z>m0&hD@=$xHnqk<0F+j{$l_`^b87>%Bx!)`|k+@aKCfJ;}vXQKPcsS?V z8)q;U)hT^hjO_F-ut@_1xF9X=-HRGTxzfAhXuCe!S zwY{YY7>a(Fd73vCd$O}#@0ByAw*2nb7A?`l3PgmTr`_|gUWxD5#?s9`@Om@W(stLi zl?HLMtFb9ErSFHu#C_}<@L1=Cl5;huUBrZ6+ zQE;e-pLYlb1t5MYEO60(O{jlbC>xJpqDL@*5am(F09Zf+b5tF`0QP^OCV>41{~se! zz%u_02FwOxp@8{700qnmp@6}l?4GkJ)mn)uJlDGzg^suuucXV}RXrdO*PKNmFn9?j zoOWyaH*+J#HOrh>rc+^p{>3%dZM53A(|aF%u!B_i99;dhQ+lz$Y~OO+zh| zp6>~I@ieI-|B-)FI)6^1f*n3Xqr-Wr!SfNyrmnGng}+Xrr^bC$u7!=rHEtX8dLRg2 zy?E2(GlB;Cc#iZHy&-;@v3WkA-78$+(NB`v^BpJ9nuIdkQ;&8MkeyfL77R0OWo{rfYamJ?}UyL8H#qGJg%kr~Vg&y{;6Oz$&vzjlP zq8HUPTqh~R4xf@tTWJy_Xa6qmFe7pvvBYL=?Kv`1>+R%NO4dqr3;V9ZRelxjhL$w-s1S+Tw4{uw6L-+g6)4Se!BFKncKp>cwLQt`$?+_Gwu(* zFe0@ht@hQBlqNIUl8~$p^#AE(28*^-FxvIGj(r{==Q!bODwKHirh#hRk g;Dn>nUdmluc+Pu*l=lK}lj=6morhb%7 diff --git a/tests/unit-tests/src/test/resources/server-side-keystore.jks b/tests/unit-tests/src/test/resources/server-side-keystore.jks deleted file mode 100644 index f1fd537e7c64480f46cd647c1d942e68587ea6d0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2254 zcmc(g`9IVP7sqEejNKFsp@fX>I~e!cjUj6od-f?4leAdlWvPkD5ayX|F_th_S+YFF zQiy9Q5)oxBOGuuUk(hMlaktm&K7YaU!};NT&gX~o`keDR=f{U1A3z`wWIw=v1UxJ@ zloGp7S0KOMB7i_}C_sbl0ip;Ybp#j&#zG{(U^oaygRMI(bUqxZsBY|Rrbn`65Sf{A zA)k6uU%rU9@lY|(c4#*ZYgU-TU3o|UCWAoUc0Y<1yXyPsa(C2c-C^0=+vq4mvb zr%uI3miEvzI4@|MBAMuOYa?M75^B8eX)?->?X?l<%(}q+6o0nsdBrZ{T~uF&2$6F9 zGzKKL!Sn4eoS}|Cy|wbCMUFXaRz1==F&#=4D{jSYi4f&*v!ot8J~C2&TPEka1!#Hh z3VKw(x{@(9f2@^{!fw9S4|2`r;G6B* zFPqzlg+3;t#?_9{P`AVtL(qHC##3Q@^6N22x$mT)U@7+@Keg;0{6gM5jFWQ}XykjZ zFpRigoOajx)7=+|vL@kB=oJm5sIDrniXbW7GG(=eLScDm_D6z`F^bFdV3`^D-{j3u<|&(gmD65Lk-qMVh$h7nXInFIK!c@JhA6@mqSD1 zl*D@djszs@D2kFD`spX`FAN}WNX)yxmNd=vX{(?3DNDn{dH@mmrrI>AU1lJBCY`zIMdh^WZ zxhy3&wz60JPDA-`(}|^*u%p9<`Qk9%5>zpI0Bdcp9O4mCKeEAZ#$;(M_&T0_5wFVP z%K29rQPd2@)?OH=#%AWMO=qualCqS!dMe|>HPJQUPL{kfn8pe6%6e#imYJmv(*U>S z)Rk27z>nirIbh?jwpNg;9o9UPSzV`8bm10vaGAY*+2x!ELUCKcc{Ra^7|CMaVpv;cSxhSV~%H6qtOwdIfTjHlliPsK>DD& zXW%R_S(GtS&tm}U)q@jl%-6e8kU)r=Zzk$CA}uy<62OwmP2W#4*jAfti>6cCQ>~8c zDXwnQcQ#0}T4(dN3b4YX#LT1{P0|F>VPY?p5tQ0t>wfNbu^N626LPbFgF3wYu-7|z z$ADWsU?34Z(`zmENlA#60LtDoDsDE3CIPEfyZ!@ zHsT{yqVZ>QOU9JLy?+<0z{o8iH_#y-Ik}i?17hUPdo1JYWCEXri26X(jq!I zKo`K{^mG8g!21u>2Xz0!|3^zS@X>!7v;R1tG_V*5pn-)TG%y&n5q*h*?t4?hD&E7c zT~aZV3Ur**F;sa+e`5Zn0j{E_W6#vr^y(G1T&IX|udUUh8nk$`kWV+8xNybJL4I$j~~p}SYUH?c!- z#mnkU;rxB7lS+obCol$$1k`zgm6&QXDoMR={T)eW?>sfR;ggdCI9jXVfqwst%qRp327$|u01Ck2{ox)Kg&l;U zPy5GwRFI9bElt!ddp_P7Y*`pc_@{~c+qG{Z7?i|EHa6W6YoETL7+_boGopP_c4}q0 zb^Xk7oZppAmC|bo3AUE1JxXnZE!1%(Ic#fY&HQ9UXTSI)-z>M8QtkBX_*9%vNVIKKy z`l_ch>d@ZO)yGBMHNwm^+tu1TmwgU>ZV4BTRFk}g1;wrL4 zG9uZxM3b>J*V2%^a=q_)-+Ryf@SNwI-~azSAAfKxk0=K_0FDI@bAnH&Tc__FW9MQg zVZmKMEV%s$x4^NWz<)&`cOVwza)cd^2Fc0$zbif-b`BC2cmT%&ci_sLJpac>&tX7F z_63sW3gYUO#{~yIA)i-L%oDJ94gg!1BM=Lu6>R6hu>4nT9xgS-0ROS zRCc#6gp^Fjy{?{@SCYLSmFZfgAF(#9z>z$AK-UUMnTFPJ0qUZ^Xgijt<>^Pg9sUGi~$Wo*|%umCF`%c+iWz=0tc_88I`!%yC{2t%W zRPA9#0?E>%UZ4H?Sr!%z?7zm4@!+3))tg*Xl&01GFLu&FG0aWN>~mOGlcnZACmS|0 zx=+8?dhNC!;{1&N3Xdf(wQ+|`;6yh7?$M%jZOv|L&uf{#{1UVoY81Ojp?XpzXN@_0 zp?k}9y=xZB?nV{#nQ;0<&)4LWd!~@ko-~J|pH|)JgfIo|WAAl)$2&d%DoWHt5`$*jEb846}aLo3hg zX?H0Vw|Zv*(Llb4!vu`@pb9&PF`mX-&6jLmkJR1)!p2a=$C4!4Wibw!M1}enS^8m= z!^Sl|?ld1P0__cdrhx2#U^doX!eC7^Vx-?%dPfpEoU^%`?DoJ#ADz~{3 z3!8xmupIn8Hqr^N@-g?)PbqnYb;Wg%8ZldXG`I4BFk^TO3q-i zC(|Sn+qhQ+Eu|%akPrA7d5D*erZrU~^npaKs|;gM7bbD7RtxXOFAb@P>cOcwhpmXnt)-_K&I4iV~@0kt6MIwNL|Z=|dH0 zHyn=T3xTNgPF2y2nmHT(&YB@_9fDY9FZNyx$n2oX8A zP3ctvs&ls`BD7oYHu_mq-2P7F@XTKXjUaR=k8}<#=S9u7}uXDHlrepD^X_>ftdD4hM5Uzr1toJFPTbL_- z^m;ZU;#rJ34q)2v+5Zl8@@;M#kUa=LPC3rh!2+`LKtf%&XpV z_EkCtGHK-VPW^Jrmx4y!;mKQs_hl?FbXNKP#7dft+FFTH^^Tj(oTK2$&C=j6sYMBw zxrvU@5b@#1k1lex$2^(IMRB&WcLbWJXFjh8?wX3k-C?JB)={QW?MPXa?%`cMIDnp~ z|@Zewo#vt!Y~~vp0Clx0I~;%dn-1yJq}}_+gXf zVafBv*BC4fuZ9~s;hM|vLiU71bFwV?wx!Gn^-B09=?4Nd`z1GF)wbF*&o%in@?LiJ zO4w6+(5V>)o-IEEz*Eb1uiWjhXrKIde5vz~o8aSXYPgEp49%7zb43vc9K+59Eh>|! zSGyy~&-L*#jJHnQdlzF@9Ji4xYa}F=F>Vr5#9yfRoJ>>LCEj4{@S&Et5&O{S4L}5s zXI&qb&(D?cabbI+5iu z$hZ=+EFy2n=Ydmo{V0(MqbP>`Z*@ZK77O!DszK3T-g_#>j3H06GrC*i6T@EaDmySeQ z)xBf}XkBo3Gd%n1*N^q563T-xb9W8DXqIPg zgd%-fXMHw3TRppC-aPsHy95R2#SguoT1EtNnphJLzP*v#yC~tkUJEQlJa=`LygIAo zLk&BmfE`4b_w%^(c;6}hK|!xsxrvz;=9zmJUGhMl$ctzs-U(fhOCIkm#aEBz7gww&b&*=(`fww-3>?e}QsD=1h=JIE5MkQu?YLG2h?x z=|J1(%-TP9Ka{z})kGz6t-ZSY;DfUz4t`ZXR+|QGP7Av4xH{$N_n64HOJ~?FX_;sm z9}=Fi*j4)89NVmxspq$zFjO|#btWixq0@vQG1XUk7p89L)H?ZT#g<7APwhPUY>U*_ ztJX}+j0}v66%FJKWPy<@%f}+dBJx)CPW(LkSsl)QkNuyUH*=f7?%+Mhfe1`pz(8bV zIQH$bf1!Fm_q!*DITo!qko9Khx#M~q=R+|3d`1EPR+VqH4UDgKg8vn|v`&FE7JQ8^AP*y9S zU#NNH)usrg1M?Ui3NtqK$~I0>TO@kH(s=KWw#E9VewDRcx%=pttnc=ZPS2*yD(_JA jyBzBFVNdtPN$<)Hw(oW+)5)=$*)Z$JEX7HpTnz01B-3ms diff --git a/tests/unit-tests/src/test/resources/server-side-truststore.jks b/tests/unit-tests/src/test/resources/server-side-truststore.jks deleted file mode 100644 index e8e831118a620132259d9db204544fb736ffcfc7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1866 zcmezO_TO6u1_mZLW=={>VPIgaVBxhXXJC!cGc~YeU|`NRXktz`XkzkTz|6$R#KdC0 z^UZVvUN%mxHjlRNyo`+8tPBPzhCBvbY|No7Y{JZrzJV|v2MUiJ!V@&$2dU%|=5S0d z$t+6+Di<)|0|{{pvpW`*q~>N88wwi;f<%~wxttPH6r6K1Q}ap;RT-mXh<6){~`0uzGc1|xhHc#7|d)sNbx_`c%s=S_0*&e@? zh-u%!~|-ixmyz z4P=2)D9gtp#v(H5PD;3EU~4i*?q=4WV< z*cSTlc{8(&L~rhcn61{Kn|_}Taf7-T=PuRr>k=h|z% zO)?VC@+K|ho}4T8@A;AJ#Pg4>+GH9STO&3cQ%m!~N%X{naeX?>aZV~g;EePwbv ze|{fw+vt&L;jOpgPe896N9NV+oPJ~7q_$=yE{lJ>bv{DM+`oAr6rO6UeBGa%$Dn$7 z_d>~!XOFEhvVFtoCK-N6@tEoio2i?EHgel~^(4C|YPGl-_I|e8FLLHzlXrr4ZTBnh zqP(7#f)5EH9vlck6GDpf8*o! zWv`ch%AChC_uBFhC%-FGPA8=$oe<^SyFfFfD0s1A=9^94sa-DDCcoNV+MIaw+6oKJ zTi32<6u&qj@42J7CF;KGiRr7iD` zz=5?gN;wAKE}2I3xt2M;oN;sY6J7%a?hOh5zldHIk;=Iozf{0GUFq1=(?=W4`NDMj zO@A}%OgwWWVjizTGsD5{Un)-(exD|P;;KXI=7+KSLR35DzGQEAcXqIRbens&Zbr@3 z#E;uQ#csTwEool*C*N`NK^M>v)#?GR3LuS61Ll`=dMz!+wdsg=*}zm33rb! zdpPY~rIG6Or54#QAKl?p<5cOMxwCem*s8nldS5@N>((#Z7JZ+mbcO)P)gB&Jdvc7Gw*(7tmjVEuEvg#; diff --git a/tests/unit-tests/src/test/resources/server-side-truststore.p12 b/tests/unit-tests/src/test/resources/server-side-truststore.p12 deleted file mode 100644 index fcdafdba9283a8a0ec477245b67bbdec47f53107..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1194 zcmV;b1XcSmf&``l0Ru3C1YZUTDuzgg_YDCD0ic2ePy~VmOfZ53NHBr~LP< zo1%b*C8>>BP}2;K<7Z7r0s{cUP=JC1@RB!yf0|UEiM}>N)(_E7op@~I7r2NXvvT2( z$Hvi{fhy&qH1G@DrcqV>2pp`JMvGBn;w9;9P90^H$nmt^p4}Zi;rXXi?|x9pWgz1@ z&;muz1DQ)82FqaDWH?}$hHiV>{nnS}$fkl;VNHlB2dnXNP#788{%&L| zU_q5GD@;}rpcsS0Oi~@wA%={nH^enkwgQ%Y2EWyf{goMFQAxbzo|GtN;IB!Ry1Bho9Te64vhXh74?RGy zr4lP#Fgx$88U#I2pE2wgFRn1{f|T;(9wJQmafI|5{kA|xjj6t6oPRhV5ya}!W+ue< zxGHavu-!rX2AaiBo+IAPLctNWiHNp;AowQ-A%eLXaLf!1))|HIun;ckku3eQI_M?Y zf7P_9x|$EW)8+F?fr;0kE{dsfb(~mr2IA-o__N@WmTHj@eti<(gJK)8aE(o@qFAJvCQaC8!F`j73-a+0w@4~^7WCu+e*_RcsGDm4ac!UV(GUx?VSK9*+tn0@xm^TC+ zoAdew9k3;W7S>Id#j)Kw#JjC4sI*mR!s%iMYzV^wqnTeJl{LI^o;cVr_9ks{^rLV4 zIXp^{U&4j7hT3+-r#hRz%g%}UTe?o=JrhK?2P@0E#fgMFy zbD&fx!`9zq|IxxFuDpi9BV0bdwt>jr?&>jS#~6}|gJ`JROD4zq0qQ%;Rk;M7dLtIh zro8^WCxUr8UpF@qEeQka;s?1?wBeXA7{P?+i7op*0MfpB1|9>H@;k{gHGO!ur=85Z z3KaEIW|S8Rpq%tR2;4%L6R}Du>G0XX^pdf1a;Csj>Ak3CiPeS!oOC`yCO_q|!YmpLa6BLJNf4K~uD I0s{etpm3BciU0rr diff --git a/tests/unit-tests/src/test/resources/verified-client-side-keystore.jceks b/tests/unit-tests/src/test/resources/verified-client-side-keystore.jceks deleted file mode 100644 index f8b23bef13bdda5d184e23e7765cdfd3040b7333..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2222 zcmchY`9IW+7RTp1GmLGRX^3RVQug|eHIyYKYgq=BvW_&2b!?*%uaSMm9?J44J;+*- zH6n$`zGR}1Efli5UFK2Gy|34E|AG6%`QiO}ogdEmobx)Tr>Ca}0)ape0{9(lo)iyP z$^ivKUzb}#An;|7244h4*g56d0XQHB#Q-25oTHuXn5f6pIkh*Xhyu*%X^h$1A z(dl&JQr%sh{xgjd(eB-X9XO=vgx%E%(X+ho>R&|ZiEF$%+1R!1126)!it_Ca@xQ_M z*k8#rLS1Z6DA@2_cX8l=SIYgUFGhAACU7R%nz++ja&22iC8Or12Stu=HZ48Rft%=8n8SvZL_^mEZP#g`v$&Quv90Qm&_2pXrY`w4j&v58`1N3 z!sidP3m~^TnYWG#x&@5eleb@)x>8Mgx-dfs?(U-{pZyf(p|l(ohCWT|S;f$um7`%H zW|78%XTR}`hVEI;CH@GX+S~h-X?a9zPf_LKi6+V8{`ocVkqymhpFX!Kl0eNAHCC;0 z446#;N)E5EaYYQF;XQWqq(m>pt}@ez$gIJ9I7M1qqp|H95q}{kfkCEyrI6{@C%7rCFp`6+|e%Z@qZgZZ`9Sbj66{Vn5Qncf&h96c!K75vI+bX4HDqa+w__I^Z;jOO%YF4!SnN`kn@=3T)-)fk9zgqUa8?GrN%+@4xa_Tt3fV@T@YctI}#y%77K~npEb^9ef zA#Lr_V{y0o?UIGm*qeIVW%jo#1J<;YNQ1?UPAlZ3%b2$%_Cvq%sB5~COHKDD-ucO? z1~KyMhy-$Cb@CY1XmvO2p+JN2R~tdBW452Mc3_^BoE$-YfRvI|;QTt{19Lx6-uI(C z&ZN4%YK{Ab5!m2+(vg=)K03X@DD55auo@lkc&nhtq6^7Lf*7jdVsS-kOo>es~+Fh+^ z&8`FD#5gV7dhuo8<)z66kE{uDpk~+T2F4{gFBx7N|m1gVvC*@GctF~ zS41AJG|d;bB|)}Y@cOz8%&aOhnfC7z^$4Amy!c#-ff`YmOxf0d&}C8elx!Fr9KzXG z|3!N|#>%6u*ICy`v4VX~GRdg3`sMzE2*k*_X7RY8s4nAcX*@sAm`0tGYVMk%PP5x3 z$7-tAMqdNe4a$OS;JUz(cee#%1KpF0|J4CfHYVjNQ2tv!Jq&X3fBoo$ACz7 zPPr(f~Uyj`3~x4g;zpr{~H2?r{JsyG!T5T|zSH>!ck|H1!H z5i~&JpUneo5Eu>MgMc)E3rYh3NRjKaROu2!Yo8zS!ljr)-o+V~x~N-MN?YqNb4p^b zN_Cr4I7IfAcL(IJ`;aPL#Gs$Cu~;}XX~yu2WsI}N%$tP(of8sNu1K{m-?T~$vsdmk zM-H35bOSG$ndD`=o4w(n0^c7V_rzwbd51sN;CnP&NDu~+tktmIzUm!~fGR}WU|z*PW(9v2^^Fv6E&7ctS8)t{7gJ?qw&!>}`%lg2c8 z`s6*A*<(=iJ7#IX4Aef}vP(vucv-$lh~M?XsKXmkOEk&x{VVgnJ(5wRF&ua$=5l^*n z6zV1dr4eDo=dX9i#!=8yLf@Gm&1L7kRl=VLWjC(hXX4)rDj4;ZJM5f@_c&A#?RiPI z*QzZO`)z!vfUDX)V|`s5d9{kIZEh?z*=vcFB_Pnt?MUcpKa0Qar?}ASUmE>Knw8*G tw2h*8sHM9K|Hu2CF)E|yn}hHDgq^2;{QPxs5DXh#AlaDaFeT@H`~}G~#ytQ4 diff --git a/tests/unit-tests/src/test/resources/verified-client-side-keystore.jks b/tests/unit-tests/src/test/resources/verified-client-side-keystore.jks deleted file mode 100644 index 492aee8f5acefe6d3a57a254dfa3a5bc555c41b8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2270 zcmc(g={wX56vt0=lP!VoU_T>!UU^obt1e;6wm_1sEkff)-ElszTiS5C$J(P+} z%F-(~m0hKsikIYex09v6@B$)m+(3%n1D{odz+D!2wB*d$VN=!eyyP);O$gO)!v0ED z&cykommd_Yqv6b2Q>Bv=G>hP!Ovm6~rVXaM0(7qD$QRlSFKsE*?5B;rDiYTmM-RHL zGnvCx)b#wB>oXo``aYq>`7WubA;Fo;c_#j|fsaidj<{0md?yp6P0_8(JAi62RtqM?<}CF}L~S`JT1Tmj%(qtEs`jLS(pJ;9nh3BWw%Mey z?BzK^Reh-tYd@0Ck>#J7MHa2>~M5_$sTbkI$t(=FFtJuZHOYS+JF3tnlz7{`RPWZm!8}mF8 zKQ*HcA(XdW2~{*;l0y^E=^DMPqFt8X``l_n-{^?YqIjAG@98YlVclcSE5vg&&RaJ% z;nWsB>kQ5mjNpXW#;Dm+{4yNpOQcj{`63wN34;`6HA=Gk)#N|HKlzy>ZB3 zhaZg_9Q^3&yWqy=jH<}{xeWJUw3#u1d|V_Tltub5fOPY#nOt^ae@#^LsbDQ}cZq6u z-6l-gu>}pkvZfgD4g$-n++bd$;X9>CuC3gCUC=t9Z%onNoGcfUc(f?;T#!ZR$6P{w z3aRB(LKANRFO5+X*1AMRZ*i2SJE3KHg%R%fzL|##librvl=$ed7<0>p3;7?9yZG=m zR)R!cnH@ED7Ib=P_^o%>ckfw;=>qJY>=&g5^o*4RY&G3?!<*648|r3RTe2B4d}}Vg z8w9IWfurBPVQZd49$PqbZw_Lq*6@xKmWCU0d|(b&l{l+kb&90CqjFwLL8%?bzNW6{ zXIXRHdEcNt#rlw4t#{0oi~Vbbn1$Sh>I^;aiMm3mkPeuLhT_Qqv#UteoOr6d7~Jk< zA*7n`y~)|Zx4pgSWB0Fy>e-iZD#RddS|BCi^HS**Yj4Ev*lf1z^P~1xbnMEsV$L(( zR~>SwB-K-li9URsjvD3BJfbb-2F5BO;oAHp(Z4;sOr+k1rtP)+IFx*+E>ejl!;k`K zBylZd4dS)K_rMsG-&91l^Ehv}+um4vUFJaxvkirvU)|dF7E*<;sNm8;ltN(q|1^~wU3FIXSs(k*df!S(A+lKg0$R^N}U$T4X| z%6#(U%J{~I>eg>Mis7U92pz?Bd&s!Lvo~6{LPZYhd|01K(7`_Z&=fb@e|fmPOOP|} z-ZL1-p*1bW+mhFCH`D8xIPP%l=uDL#(8{55d6w1CMn;9z+eG52snok1ds@*BMgCt8d%!?Lwx_C9e}2X11m;zcbN1Mhp^N>@%vL4Y?bHH^!Y@$Y|33aTvT$=tg<$T@s7z7Fify*@j;O7QN zioo~)L@F#{`}qQr+tZd5hKa#M1Q;~G)AJJd&5cc%NAV7nO;>W= z95;J~&FEXQ{L)94&v|LsJX2jX@j3jK9Nw~cUA#Y#n0i@e(rc+bBH7OYBu+e{Zlq&+ z1bY%fK$mfSP92;=9a1@+z?jzExz#r`gl1!Q-PJ)^#lBVK&`az!BXd2k_7Z8$-V)mJ zq=bsQzUI8&Cu#s?>Boz%F7o`JOCqCcTiV)jA@5O}GZ^_gCw`FAJ-oe@+3f@7a>In> z<<2cBXIGwzf7)Ji6o#fdfveAaE`W|F-O7dvv`dv1_g|CcJm8OQ)Zo%z-+NU79f<$! Ri-cU0acAJ#XF4ME;vdJ7+A;tD diff --git a/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 b/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 deleted file mode 100644 index 5b88b94b4bd43be7e0f0278db47670ef53fb9d69..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2581 zcmY+EXEYlM8^?(lA=Ip*+^X6oiIFB|xkwsYRBN>M9;NoIrnah0#fodIp!Td;+)%Dr zd-Nh|)M#zxdf)TD_n!OVInO!2|NnVD{-8K|762s`6bB;FfW#uu5l4)aw3GxKs0D}v zHC*8uD303xUlH|VAdcGb3hP~s77fGyuE6w^00Itp2E_r7prSPN|HoI)d4TMmetbfo zRNlqA&U&7`_oaVUBf-lBprYv31LA=F0euheo7uX%EaO#uq5Hiue4YSvb>%I|vdB-; zg+RXBv;hYj4Ir%=nOi-#2#G9NifAkLjiZ|aLI}dV7n=!v& z54)`C7#Prfv{RaXq_KKeaml(SAhIc;>rVUy)%{92`8|sS|Ls6!n$kHhBPUGe1!udg zHWEwR2v!+GHH$5l)5PRVu{wWoaLwnUV!|M0dIgKY58F$@*zFatOrb+^d-ru`Dd{qDZ_DdFCp6Uv5FS!#XPT~caMo`jish%UFy z=L-|VgvDa)5WeP}RO%#NHSbT7aWFY?yOWN{>{Q-)TmMJaZ+T2$On!=yIH;w-V`wgkbkX-A4PnGBq-=8C_ zOc~phxza13=@3RnsnH<`hu^qHd@j*qA= za~jXuw8 zLgxpP*S)1ZQuEFCBm~FVQAJ-+c^Ib_IstT{ioud-hNclKlXcUn;yEojJcN*=&Xt_t z|6Ek$-TG*zY>h~^aAmJ#m_&4Vw0Y4CzVd8?$g6K$n(m?YnhAUM>k^awlV-h{pb3{( zXazRz+bbUn%}sx_FtV9hqh>^|?bZ5cDOlbt96*Ll&A@&qM+#K=?0%1%@SEnk9P-w$ zJXlx4#qVCa^b4h%YW(QbXr`gK6R&DOT&|vGEq8{QykrCwEMR{^v^}-t8#_I^vJ<~% zxW`B8L_LJGKi^t(;l5L(e|lLM?%x#uxGp}zU*v&`@1Xi?6+t0dY}9BsxfV9w2`0GrGNs3!1i&9~j$Fszc z)_uazDdGuLyq`U4erVva4=rG5lTp|0x6la^{DU;h65bpAiz`{&(a244g|l_;dORVe zU{q}5clZ{_S^d*^5oRQx5Ap^maAyIUrIp-*yt&w6X?k@S49FoPDhdvx-`qZ~>7>&C)8)zg8S zmj~bJLu1S`=kUrHNC2tA+Cc7Y3#{WlX*ShX>f3#FaP(dTxg&&QpDUZB6^dq<1NI3~ zRmmD^GA{Kw#9(We?Iec-g!cGS(}oMYXoc-0MMiZk815z&2231d9y3{R2quZ=U|>p6 zuD?|YVuykG=qX$&{3)C%Y$^Pq{QpE8Fm@oTp`)wqEf^dogOo+UW#Lk?h%0rf{avD^ zxw5J36@mdMDXx~-KMCc({7Um5zq&sn>VC>R38}2>G3$BQ0N)yu@A|J_Lvd8Q*~6+S z5O4~la%03zkVcY`Kv2i6?{u$|3^3hRsfLuD2Z%9ANZj~~-%>r(+RNAce>#+leNERa zc3p7J7%V#++KIW(5YqwfZKZC@L~KhxFuH~@a`mV=y?5x{tL++FnSGtZSGi zrbp*U9gXNcpiXy0MNvYtSU^&-;fYUUs6r(wwPnwoIo!CFwR`vJl!6flN zb08*8Zg(y!`*Ip}+MM$#+9DIBrdm0xiPn%D$U@y~cC8X#HZYZGmk_a>YJq*?lCT-s?y3E7npb5`d2S zt2x2TO1U3|BJ;ld`j)eEctqc%N=(My89eXKCM~=|>-z4&0Ux|A;#~5N zBMJ#sb^yde#M6VLx}zr}4hGYCs!DjD9~~&THr6a9VwELbtRWCp8>h!d%w=F(?dZvs zT6FYxAvJPQZ!9K};#U~QrGJ{Rstw*|d1>li&U3;1iW0S<6<~!7Y&tykO_Ou z2)1iSTIbBty!SkqRwn6|N~y&>t}V@RU8Y#GM=Q9CF~8pIhK`m@&RXBuq(!7b%kJkO;FdXHI@{VopYWafyMPIIoeRfw6(9 zp^1@!p*ZWZTPt}PYsDa17Kkp29o8teC`*E1e!cv7>7Putw1^$+*MsTT_uCY*?U z;Cx>@Zf(J{TPLn4rwWQSFMf7M%=Cp;$v3Vlw}SJhT@Gy3Tzr$AEji)O|FW8s7Lz

WSMPuQr#?SV6i#;#UbFfR<4hCvLM73kvvi*us=YnOcye>z@y9`O zPqf~cw{)GC=~~bqSYgGm!e<%dO5w`WdyVE&%%nby2h$|bf< zN|kGwSSdDPSS&9s9D4hxwE&lX83cj&+mS-DO_M{!9&K9 zq%6jsbq*&D+CD5z6@%6j(5 eiglYWRvw+|dTvGk5-ZIw31`@!@YZZ?n*jh>L0Sd? diff --git a/tests/unit-tests/src/test/resources/verified-client-side-truststore.jks b/tests/unit-tests/src/test/resources/verified-client-side-truststore.jks deleted file mode 100644 index 0adc640beeb90ce3d3306e64bb251763c533a8fe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 935 zcmezO_TO6u1_mY|W(3o$xs}@XR z!!fxevn&;;T)==2B*ZPu?pRcknwwc{C}bc25@8nR%*jtq%*n_vE-{c3=QT1kFg7qX zG%+$TG>8Io%?ym8T>3boiBSpJ^Ng$v%uS5^3)Flh zrdxkW-F&p&Hgv`kkF{#gpUnT4BYq(Y+iI- zY1_QuCBH7s(sbWw*gWCj&Xki)iW!sizWbcfV7h$A&9}lQLbfz=+4c16{(1X1MKduo zGB7SyG>|ut1xBDOABz}^$mX**zMK4T{v;_|<5C?}Jiprfau{+T0#gt$5E&Ub))+~x zlQmd=LGYGg=~935_Ipg}^OwBXW>!BdeDXbKSH;Tw&%wtyK66bjJa1_?`^`)>)ziGa zulyslPxvIN%`WF&+9d7r@ut$!D@A*1>^J8&Hw&KaE)M;}Zz}NSvF4}8*MISN=7p=(r`7QbDja5Fn^X^1Q9MpB? e|7lh6@IBMfDqdEG+AT^+wW4fJ@3+Zs_yhpyw^vaB diff --git a/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 deleted file mode 100644 index 7e2c6f04205bc979dbd85de056607aa6e2fe8ab9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1162 zcmV;51aZ%2`Yw2hW8Bt2LUiC1_~;MNQUYXvmK z>Bal(lTnzTF%QLnJ>?W5TuS+1HtS?+{+-WH?;}XcE5`IwY!>&XW;XM;HVSp5C4z(n zhcoOO&{c|Z6Q}65R<>O4ok) zg>yODS$a?0`c$hobPGFzN^HMco01>LNw(3?!inpQBlSDVX5Dd>-$euSHoTx%0u9^X zRlueP!$z%!!~iQ7Y_JKZQohTgyu!rLndp~?DEOC&LriY`3Nvlx&%D^rm&(@-di159oy4|N46j~=9 zkZTiJUGW`Meh2@DhA7EJO{vkX;R5^A*Z*jb zwa5D)EBO5KGHr9F+plOukN|ZtN~j)=ZQVL@ubgYm|t;Nq)`DG3-Ps%Z!t`EmU6O_t?7~+GJ%zy z`QB$Q0Ji{+9U`sS$cfGdUBT9BynPM3-6O>40m)9gT3}XcdbCUl&ZIWKlqClaPN3%2 z1I9J!|AD0rSF%OOM^M&}HKb(^p#-0a1*12^jRXm@%V<5R-^ivJT<=LZJY;ok!t>z9 zio*CU#2jD3SYVDWy)Zs7AutIB1uG5%0vZJX1QbWS$U2L|49V+_<{3Sb?or>?6te^r c%unn;b(GH$eq<5^i(*8Cx%ClD0s{etpz*jPGynhq diff --git a/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jceks b/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jceks deleted file mode 100644 index 12682dfafc81f777764f961126fcd0ff2af8d7f9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 673 zcmX?i?%X*B1_mY|W&~r_+{*0KN+7R-nRBN-P$}A^fb z5wH2vX3m#2Yhca_)ksY@D*e_gv0+j~)W%DpXQxQUBnNW2LL3mGXKG*xbihZ0CdRiw zJZS+l6C)E7OZkKDcLqFc99nH2=WJP+nOGSNk_~wbxY(FOS=fY`9eo2~JPs5dJA@}_ zzzQZIo0}R%fw^V|#!xPO91&?C%*GD(ITIr^2$&h!nVlF|?3Z0~?X1gQ75?3= zFmtN1&WBC4`~}743-+h|{?>o<(LeWqV-HGX|7@IDJol!#zhU-fmwSO1RsC$td~EoH zexxs5Y-C^n4jNfO77hcpc9wcz*c-?KgF%*$MT|vcd3*9*MQ%>6e%~VYAKQMK+(;6A zjv5Wj?hFPlObQAA-kp2AKwB_p@><2c>cTCqo8r#vq^{U*F#qD&;ANignG{sqOG94Y zyd)Y|{of-u;MwC1pRJwEmVA4g^M-AQrczu_!2OsR8$52@JN<@rg4?aXpA>dVE&%|W C2FPvz diff --git a/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jks b/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jks deleted file mode 100644 index 8a7b07754adbff95e2b6841b5dd193254839d8e0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 695 zcmezO_TO6u1_mY|W&~r_+{*0KN+7R-nRAO7P^jLZ)_{+VOPh_6g;9%1kdcvC1l@rYrX9b?)BM^f2D}r~T%eBDKp(`KOtme)BI% zVP=B7zEvRSv4>ygJd%1``%Oo|eo^KL>kAU^s`d3c80LvGZ+mZu0+kB@eG3%g7G`%WDoM@F zEH)G}5CDlV3v=e=Cnx4)QZIo0}R$fw^V|#!xPO91&?C%*GD( zITIr^2$&h!nVlF|EY1YP-o0(Jk?ZpTQ6|NS`i0Pebi`R_Fyn@Wm07L`rTXd=-Tut(+mQ`RTtg1 zytcBDCr0*&rdQ>ygMydielaQJeVh3HKex#2FTu*U4KJ+LxcgJV+1&8-f%vuRIj-zq a7`8Y2vnDD`aFMMDmH(b^-zOkbT?zoy($fF{ diff --git a/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.p12 b/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.p12 deleted file mode 100644 index 3d07421fdc044f4ff18b98ad914d98469ca4425a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1026 zcmXqLV*ba($ZXKWyq%3xtIebBJ1-+Uxnu%QT*6X*^@lc+#Np z7#lZK0}mG?(}Hq?QUgskE|?I|OlcO8W#_wJI!sqn4Z1nqGHnI-efBKbCMITv!vQQF zBDL{XwEhab*vT=qadSU61An;s#SY17<;InLW*;>DEf(ZX3E!-^#g(!5dG8^{Gmp1$ zOmH~K{AsmKhx7N`?$C?TFTcJB*pvL*(9S>-?m$ivLmoLUhFpe9hHQpZhDrlPgp{bE z2#ZiiW^Ss2p_!qHrJ1FnrJ=d8p+OVV9=IZQwgpX0Yk@*5nHU*>)FOloBZ}|XK)yT2 zJU8aX_RV%zuc_!BIHT_Ljq8Pb z!fhTNDU{#;#pgQr`!jO)7ANiMTr5>?cs-IS&&PWf>xBiIW6V?j8rz$F6ELj1mDQ=F zv(O>C;*;~UbsrlJEc_F0s5Wy_wJ3v=hr_&SPRA^nzW($vcUD>1nUZv7m(iYi3K7v) zmP8gt_bkgZG^}nv_8>2QU(L)Xn}5t~Hrn@YgI9pa*~jlfUM-h>UjCYc<7tzlaL4=O z;k>K*53fBS?P$DhH{YwG7mN8`INV}RsLGB$C&FXTXms`E#bsx2)O5T2h};m9@^|MI zk?9F4r}m!{P->p&k-s==wnE-|m2CDcA6kmD>vRh%8AWQZyliNC(IM618(?F4R*#neMZbmQC*1eUtqg-@EkLh9A!}6)TDc#P5}QcrWv0uzRS&wo9QL z26hID2ApiH+I-ARQmhOtA~owfFIlJQ#j&!haDEKS&Xbt0^oB(w*73=u8wp;I`gxr0 SUvi4_2xM>OXJTe-TL1tQC%#?) diff --git a/tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.jceks b/tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.jceks deleted file mode 100644 index 63c03c245c800b79d121adcd00b445eba05f58ac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 559 zcmX?i?%X*B1_mY|W(3o$xs}*qB3E*o2uKeFI@U4ip|cgePdg4^qh`%;A_^ zl3A7tR4!n^2NL2IW_K(qNzKhHHWV@t0EsXQbLQkHC+1}27nc~wiSrs68W5&P%eEO5osXI#t!y56C*STm>Jobofuf`mtAu0tjk^%{@txGbE>k=hfTHo z1;yqI_NV>+)_?QSKlgxR4@zYJY@As<_olhOVfJR1dw~~K{cOy9Z1{wJq%U1;WMBXe z8d*UW4g{=8^{8KL6(n2j74O5d-7dHZceU#-y-%O+kTqdND_UH8V$_u3UkrEnu&X>C0EEMz#Q*>R diff --git a/tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.jks b/tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.jks deleted file mode 100644 index af8a9875feea379a10d29e606d1ef8e1e8701192..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 560 zcmezO_TO6u1_mY|W(3o$xs}r<2xXpw1An3k%@`L z!}D8~0S_C8R-4B;TNY*}RtAG)LmmSzHs(+kHeqH*-#{3T1BJ&9;Rzb>gH&<}b2uiK zWR|4@l?xc~frPk)*&T~YQgbtl4TTH@KqAb-oH_Z)i8&eh#U%!E;=D$N2F3=ahNi~m zrUp@9u9<-`luI8+L>dUQv4efi#0U)nW=3{qCk7UaGXb%8Z(F)bOBl!Qv@hHdVe|Sz z^OUdlm5F;9&X>&a?`bRBbBAZ4*5}xzY9DSg&D>a?c695Gg$?Ha?@FD$&319Ik%0j? zXk-OhI1Jd@S?YmdZy*Z{23bB9F&2@}{vv#Kf-w_MHPzkL3!Jf5#6eUaH5!;b7z|vQ z6dAsL_m(`mHhs!8gTQdrMYk=lt!(6pkv*d6Re9^6;N`eqObU75CcgjAEi(H{u<~ug t3#&Em{#0-_H#~hHeyw_rEBhA)smoi^zx^oCUT6C4`;q=g`PhSt!~q+con`<4 diff --git a/tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-openssl-server-side-truststore.p12 deleted file mode 100644 index be0c8f03877f8b9416a3065be94fa4b1ca4f8d11..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 794 zcmV+#1LgcMf&&%;0Ru3C0?!5sDuzgg_YDCD0ic2czyyKU^0rIxp7fyR zyA}kHA$51w70y+CEiLp!xV$Sm=wm?LC-MmOjaMdZa%bpDY9^aj^FIGVANTuz)w z>>PntIi9$ajYQO&LLSbfPo-{7OkD^fqN)23g9J|Wfpw~Xe&-$XjHgqZh57lyma?gn zQP^TM(R>=8<_=>L_fXHG*o%4_gpF^sP6bm%VX^yJLWN&gUtqIzZdjNWh()u3Ol!r; zXbXca$`LD@ys#)o^>C%q+HaVi4U``|2WNQuV#UdGYeSK0NG_2F5T1eWQxEq5h`i~e z_lu_YB~JM|{-&&Z1@50J3Nc`g5x+=#8}nr5bw+)g{cHN_Ym$J2-vEy20h80}=g1AI zrkpD5D2C^_`~%~&mA^D_&BYj}{EuInvByYE(7Q5IbtC;mD{VPuXir16I<S= zA>QJ`P0Qu{>L#y+pim5dQBD$PrRtMT<{8Mla>zVcksNu!cF|@+JS8*6k}zb~fLrIiW3b@K!iCWlEv YJ5eCq&yr{oW}eAZQ=VmW0s{etpuetY3jhEB diff --git a/tests/unit-tests/src/test/resources/verified-server-side-keystore.jceks b/tests/unit-tests/src/test/resources/verified-server-side-keystore.jceks deleted file mode 100644 index ee7992f920f336ce6674cba3208610e185a5823a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2205 zcmchX={wX58^`B2GiD6gGf9>#=`@ypV~?_AZ_vq-kcv5DJ9cAVVhUL%N?C@ohC-*xqzxRFJG#ZTtfk2=K1^iuXo*};z zLJlYx`ZoI}1Oi_MN$@{F5d=yW0l)zaQ~&^Z;Oy?a(LQ!FuNTfYw7iL zvY`xmG$+}$YupP@NT77!o@zEhhOcY5g3icK@mX&ch_LfrNh>)D&*v$!5mct%SC*BP zh^fxzQRl3(^j?`zzbvIR?q`J1+_>OdXV~L#O_NxMe02i~-R(&6;Ih%^4%*X~i=rqtuLc^9ws?;|e0>z8$vu zw4d5q$@u|#clAaG&O9>07N?)u_b8G^PI;)@+{ER(VKVM&EYney@aMRDUc(l{mA82bE4pN%^qFS=DeNmC~qZ50^V zfpj{BSbw~I_j5BzUi)s0$R-z!-K-x|CtyB?OWO)}S&^y_zL;UEM^4=fmlZZqJ~t2( z@C3=Kn{Y~|=g?a1>X6A&Q9Y{M4YtQlch`3Atbj9qEPv0)@6nF089dBZh$>OGyTH&> zkhl2oSj+>VvX=Ng(^aNN+etpFBuCg;kni+q4fCNexy3hD4+dA2qdi&cp@d=?;djE>*)??V)D7 z@6C!8I z!b5ACf=(I=ULO2@hf3b$$ZKoBC0JG7ZIqnNv(V5K#7K|K1UUYhQoL}%9+b+TbmrS_ z&)4Osb3SwEqrQw9Gn;(V-CQfP@eNutH5&R+H1V-strud8aEw;dJHlL63LKWe?8(=*G3MUq z6c#s2=5iKEcbEo$Zb$2@HMS}w4LEHaf+%bxvs$mR_=O^bOYZl?=8d~dn^C*&sSmQ< z!ZB;*_{I|9n2PEEM^s@^c}QiTHIdNPW)skK`Nz{Ke%VEf^R22Wp`C}Iqv}$6oN5@2 zjOky{RC{`mwVmY*UD&~;VA9P<#zb~@Pp%xPJ8zv@i@QmBoD~wF8T*>4W8q?{Y z4R%=;E!xizY<_H=uw=LUjEu^~6jQ`sFd~_yS2icp%jNNW0Syzb?Q6W$U!(iaUVJq6 z3Z=L(%}Vh;j$92Kh!vU>Mi7fXL zgEf?~=UUTMV^)9Jb>axtkTs5P@Wwah6NaLDrkgV`^6MpEu zx7s!z~9*24-D^8zi;BkgoVjD3r-=i;nR0HlMA|ZOc%}a0gfzUevwWu>D) zrt(Q&Nx^N3{8y~ZHyY4YLpx|%x_eM{IM3IiZOfdnWHiXJRblpBtQ9}eD#@-?h@I#Q~BY0C({fzkW3 z%<11D9$e5thycWGUascld3osL#!e@3VML&>wpOT#``}{MrGl=ulNaA|EpLg^i1P zRZ_%WGuXjpQCjn*z>2H$6>7)=Y%w#k;&l3jT4<;;Fd*J49DL7PwA-AZm{y5;*^<*# z=cdW^AV}!NeS+BSdm-qQqVV~)-X#m&WTPoI2}||Mzr3${r+Q^ete1hwxX4-Iow!tO z!%Ov<0*FrTK+5#L0Lf&`QggiW;LthM@`41*zgPGrQ-^{sa5re)!$sGaQKFi-NFtj z6w;l^0D(AQ0F?s-2yntrbAn-D1qc!h<^aK{utoQF3-g~htTgPVJIKfC^id(2v9`Qn z;d`=PsRvKY-J+Z(bqd29G9OBr&uA{cPw`>X&VSmn2>#}ngDk&n;sxhr$4#9~a^W^e z{bH@C4=1cV9WBLegol5wDHtR*<~P$Pd%MF_Y)M4yl^CuVieu-Ub-xf;o}$Wwmdlv| zJ}rHZvmA!J$Hzh$y-mZc44t>Kxo{DAd@gD0w@V|*@dzRQ9@ReX46CrlwzZ=mugI_E zXrg|PQt+3iDaY3X5ra7KK7MvQu#BAV@!`*6*_cZZ!P_}UoY%!nakze*=yXa8>-{=U zDFUNsC?RF85ifXMb-B=+pEchXu*?G;>nunyNje%__$E$!CaXBYKh+v|{b?6`QE16U_(B4Hgq= zcZeovxO-*Mk-WwD=}7qpO*j^MRn3atVE2AdN!eY)gFUESLGL9XvFzpqf7yU7&$S=s z3|yT0@EA{61FB$KKZ3RR`^)9lR;m4U*$Rbl5#P~BXXZWBYH&q&F*&=M$1*L-aeKb7 z>;AnVLWhtL#r@?$`s?0Zh4F-g@YthS4`h|+4HfhT4kr$bc>@xG~dYQDw3SH}lfn2Lw143&cs`<>yaF*LFW!7co z&FMOPr7zBm+=6Wn5k5AmOdgvQLtot0*C52wG1N6BP5O^bl9sr7?2VU&gj% z^um(ut9le;Q>qf8*IONm!C-sui(0p%PQF7Sr>7(VWVy|Xn6qVf(VgbcOhwoD7_8)r z4MYD}_pF>S)GPc<`kbA5i_`RworIB8aWOU=S~+-6Wk#xM^p#2anJDdb%qJdotAf#e z^hfuk(d4$cnB!W5vvO(GqDz)PZ;?G#Qk5!X0*^L%MlO{eQCnCi)@MaG)2g-i14us# z?13>Up*pFpL<`SHK$~S0Zv5ufFCWY{+Z>JZfQd##`q~RgrzYzOB^~d3&_(0eHnwOL z$H0j%_~2a?6jz@Lr~Px+o#~A=ee_-1)V*cNuv>wKzDwZa?ZNV`n2tw9r0w$!y{ay8 zu^t(p7HT!}xb)^kGbNk3kWtWCU-{{k`JA~DnN%H^R>o7&z`cQEdtzxtLEj{!&ydXB zpKlWoVi`e#DTuKrV_dX{*WPAzEjnu%k66FnIh*Py@$01~FOY{AO>?tBjj!I#8UF`? zkUsO>q3P6Mn|0jTo`yBN5-*uV!*qRpo^e&^x(fTU%VhvfoE zLoQP8X*%bd(;n=U+qUuGH+3-JALWYeBypobq8CP=hd6VBwA16^$v(dOu%yzhbu+l$DyaY$Kp?0WK!v&i zR0yFE3IRhPF#QBRZh)VYM2p0b(?*AdKzX=H- z{#3$+xG%W`dIh^3$^{P{_b|mP#C0hk(9PG2f<*y>e`cUUJU%yFoP0cQQUZaaqWm~4 za1KzxD&qhwaP2Qt1{_s0MsbB;Mpn~BLDi{n(xL$%$@_l?|%-OQ(^&4w7usynAHK8&gC`eP-HTYF8imRj21r)-!Dp!U}?Bp(d zR7oj&tB{p(8Eu1ad>+X$as`ye7+hQG*sD*xbx}94{2-`KXC^cUW!{}_s;iazEXzdl zEax72C_^z#xO@dZw9H|F6%o*`NS`22M=BgM3pX~u;Mc!*Jox?)Ti)NCtkSS6!TO^~ z(;!#lY zrBO9H$L{`T9X;8wo8PSZxxc~h`;T0}=PqWWPYm+kT`(h_ere)_&JE!$rAq3qvE)kM z20Xj1#qf=bLk`m@Hv0$_!Nn=e`V@1QAN?+Z^fVE)i2%Jg$;E9ks|!kBQ2#)$17OcM z4Nh3>ImLZ?xl!hAD@@=0NK(ow66YI z;W{)8W)fWJ8cDQGD3O{5(1`+KfxXT13d2bSb`!x_ryMSQVk%r7N$$;Tp-$g+r%m*W z;*?u#^?P)7&(wz>m0khk^|%*f>rdk2>Ih5IJXhvznLxE`m!-h`zTXl6{%3?fjP<~mX9QPM__wy5W^ zlI1+JWod+uYuB?5OBAy^vSrlXq}^4$HHwyB%{RVTlyj!|FcG9%sL)m^eLr?^$XYG) z+H<#)#@35uflXzn8uNI5uP^zLNq)WP*j7Ge?>Ef1zZ7Kt*2~y73a8<6?}!!_=hcPa z*CT)-LJpk#IrofV!}UctgWJSQwJ}cUh}Tk=Gjy9}^(2ltmiK92_1yKgQqhZ>V;?LW zyHxw<{tFn#GdLG)m0IjW&hwXKH+{^kcTS`MSXukVfs*AzvF$@K^G_U8p=JJqEt3?y7Vt)+QxIR5K=|0sJb9dR;EKeM!vv$+l{mIlmjA zTGOU)-zp2f&tL($1O2qoLu?V+SxnsPYt2vNW=`%Ujqb%(-m=7Vwtk;T4)pVh8RC`L zlZ}Sz1$`CTh-K1(O5!%UiYY@M+$Jw0>nuMUzM z^+d$_=HwDW3CAz$$QhG)c77}f`5)PH7_l9m8)H9561Jrr$62qpStWX;ZL3o-O=jlF zsFDelD%NotW-*^dJ?g?+4)plc@#V(09)4ZoM7p@0MA#W2yOg{ns$u2brcQ#5hOdGX zPJWDJbMp+Z7O8aTnb{5-xVnnT0NSl|HpT^4pe$Y9!uG~>{wOe4<9fFSZ$NeNw{@>b z(BOw^ks#|#XCg$GFtqMtBrX+%onHJ?8{^wc{Xc&ySt%IFqroNydYIp2My(3ZH1^+fw!^9nVo7wZ&)S z)1dO5;36uMt*>z@*?yOnpFWwZR_f*R{76!+kg^ftmqQW|jlu5e)?r-VO70!0+8A>> zy|6XX0mg7C+d#jDZwNh8=7^wH7rvP7r(ZVtew8D2p^Lvy!vjQj);MP}#(qZcL;l`z zd4=tDHIUo?q~byawP`snYlA6CW%yMf@aMQQ++Nl}uVgj1v@C6#L5JU><7XmTf4Vny z3-{DMC2tOHpHE8G%zt_9xSO+q?W1hO)SE4$7@LPh zGl3v`#Ql+!2AElCeG7d4oXa)ml!d};NqHr(s|_oOl(ZjZ?)c57IGx)a9R7MCB~iZL zugv9r;YhvA<%KLh-f*{y(XA=uFF9!PuAN55VRBr73gtlc*|yDV%r0ZKGH}8 z*WaoHvq>}ZLjazD0DwEd2@rsQ{}ZuGvjL$duAWYU((=->N^-IYX<3Af+_^es|30Fl zJ-6wla|EZR0-P`Ie-f&H`IYuRe(ir{{>5u{ojoUPT7Z@56<^o&0KWhFH4IBLAFZaI z7t!vVWL(D`;w59_ipr5BK?9H?wm6a}Jzt!h&Sdxj2$rQ%?aCXr&olD9L$pgueBA0F zHb&vfFR0jwrV}`c66o687|rIp7h@=Hq|@0Q(SBSNv}S%7u2~f~p_q3_f)7N-s>HO6 zgdP~^-+?dEu@OT7-j2cX&#GLWvQ-Xup9S_`EuN|bd~1+l5KA%{=EM^d*OoQ9(o142 zp$Y8-$c(({ugyDpA?!TgE8C+io;XkX^dJYe&B|%Ju5VE3CoBq{%JAZq@zq&$YFeqG z+!(bTa@|IgX|}4k)IixX6!p2)^P{88QWwp#uLSY&G7O6-$}7$_Xl-n7S>EtdH?J&_ z6#W&Ep@lXRrD&NGK7S}CQ#E@KCOmk+nNflga*l7z3XNt8`Z5TXO+#&Sj7oOuQGxO$ zX46^&%#E1rmEe07kdTR7SVE*qgU>ZD^4#R!=(t zXTIetcI($3n+~9%**$J3AISbTLoN<@5@)y@e`*;0X*14&ht(DY^XxHTo;M$opI~4N z-+b>Lv?trfE5k$?Rk15WH~ZM`4j2Xu$=!vjk~Z=BU<$k`dY3}am}X~?vO|GA3>((X> zize}6IqL_6_*R2+sSEpEM!!mF0LSI^Mn2tzJsd8GfrV}%`tg)hD0_tI{=A`|2+HUW zHF}Mq2QzX-UZrsU`-;P$CmCO0i~?G~w;IJaZcdMl8NR;*gSx>UAlITwAG`(lix`W~ zDx5y;3kVI)`Q;AEx_P}3SvC7<23l=;Wa2M87&LL^#CEmmAPiBbv^P^FN&enBWygR* zNAn~Zf2d2#%5;$p0@g3c8Td^&lcxeW_$rAv1V<4ssnkxZRlh29c8>0v1U0m-Su#Cl zNM+K!M|7T~y{MD8Q%l^TFDkMo6ZpzStqDZcWEqm(QS555h4h4Fynho{yGUfOK|_r! z!GJM{2;^rhzZzv9E`I0y)M4L7adTD^1ChQTFLl#&-~K~Wx}U>h zGiP^@XR z!!fxevn&;;T)==2B*ZPu?pRcknwwc{C}bc25@8nR%*jtq%*n_vE-{c3=QT1kFg7qX zG%+$TG>Zar%?ym8T>3boiBSpJ^Ng$v%uS5^3B1?Sg>RnMvf!A@>a4z-ulVMKyzrlMzQmib{JVN5S9bcR{Dvi# z{EMzGPmyAr5NalyUub?}@4Azd|1zuV?rS}r&3sCV=ZOO2cF`}vA8XwBc>kAcIOi|3 z@Hlq%e2%ff}`16`AWE5_`~nY&yJyo_grPRneo7@NxSF4)a0iMOaXPiQy8Bx z#dQar*3i!M*WM=~lInUR{)k+VU{1oB{Q(zLrS5IWdh$~Gv+Pl`41didDV7cfUw1g( zpX^wmvLwVI+-LT*lzlU%gH&<} zb2uiKWR|4@l?xc~frPk)*&T~YQgbtl4HXRJKqAb-;xI)DP$>oHoXpg`5(7DLUL!*T zV*^t|6C(pd(Bg6Dt*LE!m@i_Q* z)h&g&-)bV1mn84hlJ$(WGVT5x5vlXwn8L>oZ@wz8kn9$@J#(7p%YF?>T&^O_xV={j;s6%C7I`Y&;snJ*z-D<2-9Z`RrL-7fwYf zm8p4^9iIJTOYhD@6J`B<#jGcqL_YE`woT0yulAX4e|hgIqqLtQ?ehA?2cA0fA72?) zb@sAq-mb}!-kY}Hwz$yoLMv2GWl4syQ1YeYwxz9YDkU#;`*y~@T|2$+e5c|4Jm*k{ z*d5HipKtl}1RpK&ulW7<_} ziJ6gsaj}ts0XPN73bJq*u(h+)1CyMAEHJiZ`B=nQM3i6izU2I|yX<}bXV;{|pSZT} zxax@7Y!VD zJhDp?Pn%j@|Azmq>Y}GhU&e+0JI&`c|GyHayye%zB%^?9x}Q8!%pNwE?EJJ`{9JZw z`xJ${NuT$Xwx)+Lh^JcUyIOl%n7T8?3NLz@5~lf>Ut1@te(O^kf&XVNUKBoSD7wv> z->>?i`jz=}f{n|jCN4Og+P@=N+N!Rye#y2p@3*zLR~l%^ANv#&t-|?XPFeZtoxAs$ z=Re{9_smdbO#~-H#CGRkKd;TI-pZF^zkWUZUoJA{txiUVlsCU&zs+s)wSCvQh3hIe uPGsiZCpUNYxrIts_H$NmFnT%ve)rEqzx3x!_vl znnl<+w^RjKmKAV_jQ72#0s{cUP=JC1=oOF?%TF36Z#-WOkRoewFDG&sLV7TxhTm=b z=)yu0bhdf+Jal>aLt}mG<5fr6=>k0aAntbh=$$o^-fM@bXMx=DWkPetw|=I<1@>l>r0XB6Z3Op%HVtElALj3q zVm)XmH@G+tfeRc>2i;uPVej+trdpdq)Z?gS6m1)#T{tIj7dh~#n#3>^Zg2w;b#r(Z z65Y9HPgzgH>y6PvoD6<^|Ba9E^%}QuZ zf8U(BFjS~2Nod+0{Jpw%J>~XVC!Iwqv1$CcZc@ER9W8w!q(R0>j+Jl>ky_+CzDAT5 zxnq*Ro1KFI*W{uAR0qh@Dk0Ndp}_PvaF%wDm~00;$g=t+cfbQs+@onbp6cJZ&2B`u6Vmj?($f_))Yh;u9rmJ9`N>a+ikO^@QrWObQ!=gY|H%Y54 zagEh<<8XNAi??2sfh?8O=S<&^qsQ3Y80XCN!P{qXBc5C@`MPU^02Flav?)v#q*khm zlvw`uoUL{@rgd0;lJ`F491RD%I!D@xp0Q#r3{9^Dqp)S8HZp6p;qCf28P|Cej0M)$ zx9Hx~oo8C)&G^KveZ5kNdT7BWz|VMVla{YJU`_+&f$Tl5bq2wTg9=lE%GsS<%z9`2 zK$#h$ZV)RR@()>xMc&?i;U}N(zpl59zkGSdr`hW(6@}-V)F7aj6nd-Y|>`#zvE5>!@|-x5UA*j zYJqw~ft0dz;)D05upso4*3z1G-!T5naoe-V)D;~^i}UX1nFAc%d6$|z!t2k@`etww zguUQdb2Oxf)oklUH6YAgxetjaV6zdQmdXAgs|mPhTvvk3IH!?qculA z#K`tuueF+jK|VIV?{p6toJ5y=j#p6O1f6*J!mty@*Y8kO<6>rRNHp!jOowoyI;+HS zkVh1dMn!R>iU}zZCP$>pe~6_bnHf1^gBPsg(wDIOn5Z`cjjU;IFn%vwsfo6>sPl8> z$fd3N;(d!S+%1Q^;?+sm);q4StKv=Mc2*^r>3HT2kDRLZgBbD0a^p9{LY+S_*V-KL zGj`PwqXYcTu@@z4(FLgN;DZ!u^^HqiZz?p`33s(jUxT2m^1?H1W^CxJiq_iFzPGI? zslWhG&5yAcThImLO6~Ro&FNUR{bSiG5zX73Wb_$Y?h+twe=t5UAutIB1uG5%0vZJX z1QhG>Ad)e>J1BV+_Yu=gqh4n%Ly!a%g@VC7p8NIpRKPx#