diff --git a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/PemConfigUtil.java b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/PemConfigUtil.java new file mode 100644 index 0000000000..0f5b6d145c --- /dev/null +++ b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/PemConfigUtil.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.utils; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; +import java.util.Properties; + +public class PemConfigUtil { + + public static final String PEMCFG_STORE_TYPE = "PEMCFG"; + public static final String SOURCE_PREFIX = "source."; + + public static boolean isPemConfigStoreType(String storeType) { + return PEMCFG_STORE_TYPE.equals(storeType); + } + public static String[] parseSources(final InputStream stream) throws IOException { + List sources = new ArrayList<>(); + Properties pemConfigProperties = new Properties(); + + pemConfigProperties.load(stream); + + for (final String key : pemConfigProperties.stringPropertyNames()) { + if (key.startsWith(SOURCE_PREFIX)) { + String source = pemConfigProperties.getProperty(key); + if (source != null) { + sources.add(source); + } + } + } + + return sources.toArray(new String[sources.size()]); + } +} \ No newline at end of file diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java index 2fdad78462..9d97f2d408 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java @@ -1611,4 +1611,7 @@ public interface ActiveMQServerLogger { @LogMessage(id = 224136, value = "Skipping correlation ID when converting message to OpenWire since byte[] value is not valid UTF-8: {}", level = LogMessage.Level.WARN) void unableToDecodeCorrelationId(String message); + + @LogMessage(id = 224137, value = "Skipping SSL auto reload for sources of store {} because of {}", level = LogMessage.Level.WARN) + void skipSSLAutoReloadForSourcesOfStore(String storePath, String reason); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java index e15e7c7513..0eeb8190ca 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java @@ -19,6 +19,7 @@ package org.apache.activemq.artemis.core.server.impl; import javax.management.MBeanServer; import java.io.File; import java.io.IOException; +import java.io.InputStream; import java.io.PrintWriter; import java.io.StringWriter; import java.lang.invoke.MethodHandles; @@ -207,6 +208,7 @@ import org.apache.activemq.artemis.utils.ActiveMQThreadPoolExecutor; import org.apache.activemq.artemis.utils.CompositeAddress; import org.apache.activemq.artemis.utils.ConfigurationHelper; import org.apache.activemq.artemis.utils.ExecutorFactory; +import org.apache.activemq.artemis.utils.PemConfigUtil; import org.apache.activemq.artemis.utils.ReusableLatch; import org.apache.activemq.artemis.utils.SecurityFormatter; import org.apache.activemq.artemis.utils.ThreadDumpUtil; @@ -226,8 +228,10 @@ import org.slf4j.LoggerFactory; import static java.util.stream.Collectors.groupingBy; import static org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.DEFAULT_SSL_AUTO_RELOAD; import static org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.KEYSTORE_PATH_PROP_NAME; +import static org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.KEYSTORE_TYPE_PROP_NAME; import static org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.SSL_AUTO_RELOAD_PROP_NAME; import static org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.TRUSTSTORE_PATH_PROP_NAME; +import static org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.TRUSTSTORE_TYPE_PROP_NAME; import static org.apache.activemq.artemis.utils.collections.IterableStream.iterableOf; /** @@ -3398,18 +3402,13 @@ public class ActiveMQServerImpl implements ActiveMQServer { configuration.getAcceptorConfigurations().forEach((acceptorConfig) -> { Map config = acceptorConfig.getCombinedParams(); if (ConfigurationHelper.getBooleanProperty(SSL_AUTO_RELOAD_PROP_NAME, DEFAULT_SSL_AUTO_RELOAD, config)) { - URL pathUrl = fileUrlFrom(config.get(KEYSTORE_PATH_PROP_NAME)); - if (pathUrl != null) { - reloadManager.addCallback(pathUrl, (uri) -> { - reloadNamedAcceptor(acceptorConfig.getName()); - }); - } - pathUrl = fileUrlFrom(config.get(TRUSTSTORE_PATH_PROP_NAME)); - if (pathUrl != null) { - reloadManager.addCallback(pathUrl, (uri) -> { - reloadNamedAcceptor(acceptorConfig.getName()); - }); - } + addAcceptorStoreReloadCallback(acceptorConfig.getName(), + fileUrlFrom(config.get(KEYSTORE_PATH_PROP_NAME)), + storeTypeFrom(config.get(KEYSTORE_TYPE_PROP_NAME))); + + addAcceptorStoreReloadCallback(acceptorConfig.getName(), + fileUrlFrom(config.get(TRUSTSTORE_PATH_PROP_NAME)), + storeTypeFrom(config.get(TRUSTSTORE_TYPE_PROP_NAME))); } }); } @@ -3425,12 +3424,35 @@ public class ActiveMQServerImpl implements ActiveMQServer { return true; } - private void reloadNamedAcceptor(String name) { - // preference for Control to capture consistent audit logging - if (managementService != null) { - Object targetControl = managementService.getResource(ResourceNames.ACCEPTOR + name); - if (targetControl instanceof AcceptorControl) { - ((AcceptorControl) targetControl).reload(); + private void addAcceptorStoreReloadCallback(String acceptorName, URL storeURL, String storeType) { + if (storeURL != null) { + reloadManager.addCallback(storeURL, (uri) -> { + // preference for Control to capture consistent audit logging + if (managementService != null) { + Object targetControl = managementService.getResource(ResourceNames.ACCEPTOR + acceptorName); + if (targetControl instanceof AcceptorControl) { + ((AcceptorControl) targetControl).reload(); + } + } + }); + + if (PemConfigUtil.isPemConfigStoreType(storeType)) { + String[] sources = null; + + try (InputStream pemConfigStream = storeURL.openStream()) { + sources = PemConfigUtil.parseSources(pemConfigStream); + } catch (IOException e) { + ActiveMQServerLogger.LOGGER.skipSSLAutoReloadForSourcesOfStore(storeURL.getPath(), e.toString()); + } + + if (sources != null) { + for (String source : sources) { + URL sourceURL = fileUrlFrom(source); + if (sourceURL != null) { + addAcceptorStoreReloadCallback(acceptorName, sourceURL, null); + } + } + } } } } @@ -3445,6 +3467,13 @@ public class ActiveMQServerImpl implements ActiveMQServer { return null; } + private String storeTypeFrom(Object o) { + if (o instanceof String) { + return (String)o; + } + return null; + } + @Override public void installMirrorController(MirrorController mirrorController) { logger.debug("Mirror controller is being installed"); diff --git a/artemis-web/pom.xml b/artemis-web/pom.xml index 00e304377a..8f33100c03 100644 --- a/artemis-web/pom.xml +++ b/artemis-web/pom.xml @@ -180,8 +180,10 @@ server-keystore.p12 server-cert.pem server-key.pem - server-pem-props-config.txt + server-keystore.pemcfg other-server-keystore.p12 + other-server-cert.pem + other-server-key.pem diff --git a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java index a67096a5ee..2093cc3487 100644 --- a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java +++ b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java @@ -18,6 +18,9 @@ package org.apache.activemq.artemis.component; import javax.servlet.DispatcherType; import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; import java.lang.invoke.MethodHandles; import java.net.URI; import java.nio.file.Files; @@ -38,6 +41,7 @@ import org.apache.activemq.artemis.dto.BindingDTO; import org.apache.activemq.artemis.dto.ComponentDTO; import org.apache.activemq.artemis.dto.WebServerDTO; import org.apache.activemq.artemis.marker.WebServerComponentMarker; +import org.apache.activemq.artemis.utils.PemConfigUtil; import org.eclipse.jetty.security.DefaultAuthenticatorFactory; import org.eclipse.jetty.server.ConnectionFactory; import org.eclipse.jetty.server.CustomRequestLog; @@ -278,8 +282,8 @@ public class WebServerComponent implements ExternalComponent, WebServerComponent } } if (Boolean.TRUE.equals(binding.getSslAutoReload())) { - addStoreResourceScannerTask(binding.getKeyStorePath(), sslFactory); - addStoreResourceScannerTask(binding.getTrustStorePath(), sslFactory); + addStoreResourceScannerTask(binding.getKeyStorePath(), binding.getKeyStoreType(), sslFactory); + addStoreResourceScannerTask(binding.getTrustStorePath(), binding.getTrustStoreType(), sslFactory); } SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslFactory, "HTTP/1.1"); @@ -359,7 +363,7 @@ public class WebServerComponent implements ExternalComponent, WebServerComponent getScanner().addDirectory(parentFile.toPath()); } - private void addStoreResourceScannerTask(String storeFilename, SslContextFactory.Server sslFactory) { + private void addStoreResourceScannerTask(String storeFilename, String storeType, SslContextFactory.Server sslFactory) { if (storeFilename != null) { File storeFile = getStoreFile(storeFilename); addScannerTask(storeFile, () -> { @@ -369,6 +373,23 @@ public class WebServerComponent implements ExternalComponent, WebServerComponent logger.warn("Failed to reload the ssl factory related to {}", storeFile, e); } }); + + if (PemConfigUtil.isPemConfigStoreType(storeType)) { + String[] sources; + + try (InputStream pemConfigStream = new FileInputStream(storeFile)) { + sources = PemConfigUtil.parseSources(pemConfigStream); + } catch (IOException e) { + throw new IllegalArgumentException("Invalid PEM Config file: " + e); + } + + if (sources != null) { + for (String source : sources) { + addStoreResourceScannerTask(source, null, sslFactory); + } + } + } + } } diff --git a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java index 46f05335f8..9a8ce4c6dd 100644 --- a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java +++ b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java @@ -79,6 +79,7 @@ import org.apache.activemq.artemis.dto.AppDTO; import org.apache.activemq.artemis.dto.BindingDTO; import org.apache.activemq.artemis.dto.BrokerDTO; import org.apache.activemq.artemis.dto.WebServerDTO; +import org.apache.activemq.artemis.utils.PemConfigUtil; import org.apache.activemq.artemis.utils.ThreadLeakCheckRule; import org.apache.activemq.artemis.utils.Wait; import org.apache.http.HttpException; @@ -119,7 +120,7 @@ public class WebServerComponentTest extends Assert { static final String KEY_STORE_PATH = WebServerComponentTest.class.getClassLoader().getResource("server-keystore.p12").getFile(); - static final String PEM_KEY_STORE_PATH = WebServerComponentTest.class.getClassLoader().getResource("server-pem-props-config.txt").getFile(); + static final String PEM_KEY_STORE_PATH = WebServerComponentTest.class.getClassLoader().getResource("server-keystore.pemcfg").getFile(); static final String KEY_STORE_PASSWORD = "securepass"; @@ -473,6 +474,64 @@ public class WebServerComponentTest extends Assert { } } + @Test + public void testSSLAutoReloadPemConfigSources() throws Exception { + File serverKeyFile = tempFolder.newFile(); + File serverCertFile = tempFolder.newFile(); + File serverPemConfigFile = tempFolder.newFile(); + + Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("server-key.pem"), + serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("server-cert.pem"), + serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + Files.write(serverPemConfigFile.toPath(), Arrays.asList(new String[]{ + "source.key=" + serverKeyFile.getAbsolutePath(), + "source.cert=" + serverCertFile.getAbsolutePath() + })); + + BindingDTO bindingDTO = new BindingDTO(); + bindingDTO.setSslAutoReload(true); + bindingDTO.setKeyStorePath(serverPemConfigFile.getAbsolutePath()); + bindingDTO.setKeyStoreType(PemConfigUtil.PEMCFG_STORE_TYPE); + + WebServerComponent webServerComponent = startSimpleSecureServer(bindingDTO); + + try { + int port = webServerComponent.getPort(0); + AtomicReference sslSessionReference = new AtomicReference<>(); + HostnameVerifier hostnameVerifier = (s, sslSession) -> { + sslSessionReference.set(sslSession); + return true; + }; + + // check server certificate contains ActiveMQ Artemis Server + Assert.assertTrue(testSimpleSecureServer("localhost", port, "localhost", null, hostnameVerifier) == 200 && + sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName: server.artemis.activemq")); + + // check server certificate doesn't contain ActiveMQ Artemis Server + Assert.assertFalse(testSimpleSecureServer("localhost", port, "localhost", null, hostnameVerifier) == 200 && + sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName: other-server.artemis.activemq")); + + // update server PEM config sources + Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("other-server-key.pem"), + serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("other-server-cert.pem"), + serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + // check server certificate contains ActiveMQ Artemis Other Server + Wait.assertTrue(() -> testSimpleSecureServer("localhost", port, "localhost", null, hostnameVerifier) == 200 && + sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName: other-server.artemis.activemq")); + + // check server certificate doesn't contain ActiveMQ Artemis Server + Assert.assertFalse(testSimpleSecureServer("localhost", port, "localhost", null, hostnameVerifier) == 200 && + sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName: server.artemis.activemq")); + } finally { + webServerComponent.stop(true); + } + } private int testSimpleSecureServer(String webServerHostname, int webServerPort, String requestHostname, String sniHostname) throws Exception { return testSimpleSecureServer(webServerHostname, webServerPort, requestHostname, sniHostname, null); diff --git a/pom.xml b/pom.xml index 976ae4535a..bbecdb11b5 100644 --- a/pom.xml +++ b/pom.xml @@ -973,6 +973,7 @@ **/*.jks **/*.p12 **/xml.xsd + **/*.pemcfg **/org/apache/activemq/artemis/utils/json/** **/org/apache/activemq/artemis/utils/Base64.java **/.settings/** diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java index 79e919cfa7..4e453987d7 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java @@ -17,6 +17,9 @@ package org.apache.activemq.artemis.tests.integration.ssl; import java.io.File; +import java.nio.file.Files; +import java.nio.file.StandardCopyOption; +import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -27,6 +30,7 @@ import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; import org.apache.activemq.artemis.core.server.ActiveMQServer; import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; +import org.apache.activemq.artemis.utils.PemConfigUtil; import org.apache.activemq.artemis.utils.Wait; import org.junit.Test; @@ -82,4 +86,60 @@ public class SSLAutoReloadTest extends ActiveMQTestBase { return false; }, 5000, 100); } + + @Test + public void testOneWaySSLWithAutoReloadPemConfigSources() throws Exception { + File serverKeyFile = temporaryFolder.newFile(); + File serverCertFile = temporaryFolder.newFile(); + File serverPemConfigFile = temporaryFolder.newFile(); + + Files.copy(this.getClass().getClassLoader().getResourceAsStream("unknown-server-key.pem"), + serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + Files.copy(this.getClass().getClassLoader().getResourceAsStream("unknown-server-cert.pem"), + serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + Files.write(serverPemConfigFile.toPath(), Arrays.asList(new String[]{ + "source.key=" + serverKeyFile.getAbsolutePath(), + "source.cert=" + serverCertFile.getAbsolutePath() + })); + + Map params = new HashMap<>(); + params.put(TransportConstants.SSL_AUTO_RELOAD_PROP_NAME, true); + params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, serverPemConfigFile.getAbsolutePath()); + params.put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, PemConfigUtil.PEMCFG_STORE_TYPE); + + ConfigurationImpl config = createBasicConfig().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params, "nettySSL")); + ActiveMQServer server = createServer(false, config); + server.getConfiguration().setConfigurationFileRefreshPeriod(50); + server.start(); + waitForServerToStart(server); + + String url = "tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=server-ca-truststore.p12;trustStorePassword=" + PASSWORD; + ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(url)).setCallTimeout(3000); + + try { + createSessionFactory(locator); + fail("Creating session here should fail due to SSL handshake problems."); + } catch (Exception ignored) { + } + + // update server PEM config sources + Files.copy(this.getClass().getClassLoader().getResourceAsStream("server-key.pem"), + serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + Files.copy(this.getClass().getClassLoader().getResourceAsStream("server-cert.pem"), + serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + + // expect success after auto reload, which we wait for + Wait.waitFor(() -> { + try { + addSessionFactory(createSessionFactory(locator)); + return true; + } catch (Throwable ignored) { + } + return false; + }, 5000, 100); + } } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java index 642279df5d..7f9d025bb8 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java @@ -122,7 +122,7 @@ public class SslPEMTest extends ActiveMQTestBase { Map params = new HashMap<>(); params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); params.put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, "PEMCFG"); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-pem-props-config.txt"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.pemcfg"); params.put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, "PEM"); params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-cert.pem"); params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); diff --git a/tests/security-resources/build.sh b/tests/security-resources/build.sh index e65237bb02..6ba2652996 100755 --- a/tests/security-resources/build.sh +++ b/tests/security-resources/build.sh @@ -24,12 +24,12 @@ KEY_PASS=securepass STORE_PASS=securepass CA_VALIDITY=365000 VALIDITY=36500 -CLIENT_NAMES="san=dns:localhost,ip:127.0.0.1" -SERVER_NAMES="san=dns:localhost,dns:localhost.localdomain,dns:artemis.localtest.me,ip:127.0.0.1" +LOCAL_CLIENT_NAMES="dns:localhost,ip:127.0.0.1" +LOCAL_SERVER_NAMES="dns:localhost,dns:localhost.localdomain,dns:artemis.localtest.me,ip:127.0.0.1" # Clean up existing files # ----------------------- -rm -f *.crt *.csr openssl-* *.jceks *.jks *.p12 *.pem +rm -f *.crt *.csr openssl-* *.jceks *.jks *.p12 *.pem *.pemcfg # Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust: # ---------------------------------------------------------------------------------------------------- @@ -45,10 +45,10 @@ keytool -importkeystore -srckeystore server-ca-truststore.p12 -destkeystore serv # Create a key pair for the server, and sign it with the CA: # ---------------------------------------------------------- -keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext $SERVER_NAMES +keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:server.artemis.activemq,$LOCAL_SERVER_NAMES" keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -alias server -certreq -file server.csr -keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:server.artemis.activemq,$LOCAL_SERVER_NAMES" keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt @@ -58,10 +58,10 @@ keytool -importkeystore -srckeystore server-keystore.p12 -destkeystore server-ke # Create a key pair for the other server, and sign it with the CA: # ---------------------------------------------------------- -keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES +keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:other-server.artemis.activemq,$LOCAL_SERVER_NAMES" keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -alias other-server -certreq -file other-server.csr -keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile other-server.csr -outfile other-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext $SERVER_NAMES +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile other-server.csr -outfile other-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:other-server.artemis.activemq,$LOCAL_SERVER_NAMES" keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-server -file other-server.crt @@ -84,10 +84,10 @@ openssl ca -config openssl.conf -gencrl -keyfile server-ca.pem -cert server-ca.c # Create a key pair for the broker with an unexpected hostname, and sign it with the CA: # -------------------------------------------------------------------------------------- -keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias unknown-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA +keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias unknown-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:unknown-server.artemis.activemq" keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -alias unknown-server -certreq -file unknown-server.csr -keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile unknown-server.csr -outfile unknown-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA +keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile unknown-server.csr -outfile unknown-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext "san=dns:unknown-server.artemis.activemq" keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias unknown-server -file unknown-server.crt @@ -109,10 +109,10 @@ keytool -importkeystore -srckeystore client-ca-truststore.p12 -destkeystore clie # Create a key pair for the client, and sign it with the CA: # ---------------------------------------------------------- -keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext $CLIENT_NAMES +keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext "san=dns:client.artemis.activemq,$LOCAL_CLIENT_NAMES" keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -alias client -certreq -file client.csr -keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext $CLIENT_NAMES +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext "san=dns:client.artemis.activemq,$LOCAL_CLIENT_NAMES" keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client -file client.crt @@ -122,10 +122,10 @@ keytool -importkeystore -srckeystore client-keystore.p12 -destkeystore client-ke # Create a key pair for the other client, and sign it with the CA: # ---------------------------------------------------------- -keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext $CLIENT_NAMES +keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext "san=dns:other-client.artemis.activemq,$LOCAL_CLIENT_NAMES" keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -alias other-client -certreq -file other-client.csr -keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile other-client.csr -outfile other-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext $CLIENT_NAMES +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile other-client.csr -outfile other-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext "san=dns:other-client.artemis.activemq,$LOCAL_CLIENT_NAMES" keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-client -file other-client.crt @@ -142,10 +142,10 @@ openssl ca -config openssl.conf -gencrl -keyfile client-ca.pem -cert client-ca.c # Create a key pair for the client with an unexpected hostname, and sign it with the CA: # ---------------------------------------------------------- -keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias unknown-client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA +keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias unknown-client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext "san=dns:unknown-client.artemis.activemq" keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -alias unknown-client -certreq -file unknown-client.csr -keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile unknown-client.csr -outfile unknown-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA +keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass $STORE_PASS -alias client-ca -gencert -rfc -infile unknown-client.csr -outfile unknown-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext "san=dns:unknown-client.artemis.activemq" keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias unknown-client -file unknown-client.crt @@ -157,10 +157,18 @@ keytool -importkeystore -srckeystore unknown-client-keystore.p12 -destkeystore u ## separate private and public cred pem files combined for the keystore via prop openssl pkcs12 -in server-keystore.p12 -out server-cert.pem -clcerts -nokeys -password pass:$STORE_PASS openssl pkcs12 -in server-keystore.p12 -out server-key.pem -nocerts -nodes -password pass:$STORE_PASS +openssl pkcs12 -in other-server-keystore.p12 -out other-server-cert.pem -clcerts -nokeys -password pass:$STORE_PASS +openssl pkcs12 -in other-server-keystore.p12 -out other-server-key.pem -nocerts -nodes -password pass:$STORE_PASS +openssl pkcs12 -in unknown-server-keystore.p12 -out unknown-server-cert.pem -clcerts -nokeys -password pass:$STORE_PASS +openssl pkcs12 -in unknown-server-keystore.p12 -out unknown-server-key.pem -nocerts -nodes -password pass:$STORE_PASS ## PEMCFG properties format -echo source.key=classpath:server-key.pem > server-pem-props-config.txt -echo source.cert=classpath:server-cert.pem >> server-pem-props-config.txt +echo source.key=classpath:server-key.pem > server-keystore.pemcfg +echo source.cert=classpath:server-cert.pem >> server-keystore.pemcfg +echo source.key=classpath:other-server-key.pem > other-server-keystore.pemcfg +echo source.cert=classpath:other-server-cert.pem >> other-server-keystore.pemcfg +echo source.key=classpath:unknown-server-key.pem > unknown-server-keystore.pemcfg +echo source.cert=classpath:unknown-server-cert.pem >> unknown-server-keystore.pemcfg ## combined pem file for client openssl pkcs12 -in client-keystore.p12 -out client-key-cert.pem -nodes -password pass:$STORE_PASS diff --git a/tests/security-resources/client-ca-cert.pem b/tests/security-resources/client-ca-cert.pem index cba2d51049..4815798aa9 100644 --- a/tests/security-resources/client-ca-cert.pem +++ b/tests/security-resources/client-ca-cert.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDcDCCAligAwIBAgIEJbym6DANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB -Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0 -ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0 -ODUyWhgPMzAyMzA0MDkxNjQ4NTJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD -VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIENsaWVudCBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAIaj9LoncxRCfTayohTMSqWCutkAXE8rTDKbpmrTt3RMkmqJw2sO3tn0 -CZkcfkf+1eXsJHRoH9uhUZI7Cc+vGFCfWF9RTi4aCjYFtTXmb0FAsOl1TTRjDgWb -eyUYI25KpVBz57JD3GlFlFo0tLQkc/C1QWU3dlpU5INh5vo/1Si4hrVSX8/Hun8q -daZg4bjfUGnNa0H5nPfkCaZjAamAKp6L50e0cLS4PQCPhVMdH6uU2CEJDxNURN3i -tD6z3YJReFpxNM3HmDwLgUxQcvByQ60Qc90aUihKqXKj8rlFJn76d/kkH3xj2n5t -msY4/GNxh+P0W8whH4C7uglo/vSaDbMCAwEAAaMyMDAwHQYDVR0OBBYEFKUM1JFb -FBp0jlZ9Cb6UbaPQAOr7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD -ggEBAFmb6rDuirRpEpO/+jXRqq3A4gqMW4Qbjqb61pIQyNim+0Z+RDwQn4nfnZxY -CaAlRiwg7Ihr85brwHcAC2YG/ir3AEcY70r15xIFCiRkDo47r8cXhTAiQfVBjd1j -m1Bo1w1Sae/Vhe/Jryuqz7C+lXads6xWr9x+RoKb9IDgRhz6aVUBQfkyuusm3D+c -RN7i3IRD2ypf1dEAH51+n+U3gEtWbztA2R1MFCGq/pWfEbMaI7fkBu77h6e/Okwq -dNAbXMYlKvv/BgkmzPvHWtepa/1vWZmyC1t0Oo3jNBrUMPCrkQwHbSMl9vMQwICJ -LnIXqz1dSY/M11jjOVS8ZoZ0gdE= +MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN +USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz +MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx +EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp +ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF +b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl +sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce +O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg +Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+ +Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU +mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0 +0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b +Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl +J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T +V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n +7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog== -----END CERTIFICATE----- diff --git a/tests/security-resources/client-ca-keystore.p12 b/tests/security-resources/client-ca-keystore.p12 index d04fbb172c..e9588060ed 100644 Binary files a/tests/security-resources/client-ca-keystore.p12 and b/tests/security-resources/client-ca-keystore.p12 differ diff --git a/tests/security-resources/client-ca-truststore.jceks b/tests/security-resources/client-ca-truststore.jceks index f5c9a67ca5..f6fda07a31 100644 Binary files a/tests/security-resources/client-ca-truststore.jceks and b/tests/security-resources/client-ca-truststore.jceks differ diff --git a/tests/security-resources/client-ca-truststore.jks b/tests/security-resources/client-ca-truststore.jks index 1fa96e3bda..feb1f29e51 100644 Binary files a/tests/security-resources/client-ca-truststore.jks and b/tests/security-resources/client-ca-truststore.jks differ diff --git a/tests/security-resources/client-ca-truststore.p12 b/tests/security-resources/client-ca-truststore.p12 index a04081dd0b..30bd31c173 100644 Binary files a/tests/security-resources/client-ca-truststore.p12 and b/tests/security-resources/client-ca-truststore.p12 differ diff --git a/tests/security-resources/client-ca.pem b/tests/security-resources/client-ca.pem index 7bf5cd2bef..0d23aba857 100644 --- a/tests/security-resources/client-ca.pem +++ b/tests/security-resources/client-ca.pem @@ -1,32 +1,32 @@ Bag Attributes friendlyName: client-ca - localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 33 32 36 35 35 + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 39 34 37 36 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCGo/S6J3MUQn02 -sqIUzEqlgrrZAFxPK0wym6Zq07d0TJJqicNrDt7Z9AmZHH5H/tXl7CR0aB/boVGS -OwnPrxhQn1hfUU4uGgo2BbU15m9BQLDpdU00Yw4Fm3slGCNuSqVQc+eyQ9xpRZRa -NLS0JHPwtUFlN3ZaVOSDYeb6P9UouIa1Ul/Px7p/KnWmYOG431BpzWtB+Zz35Amm -YwGpgCqei+dHtHC0uD0Aj4VTHR+rlNghCQ8TVETd4rQ+s92CUXhacTTNx5g8C4FM -UHLwckOtEHPdGlIoSqlyo/K5RSZ++nf5JB98Y9p+bZrGOPxjcYfj9FvMIR+Au7oJ -aP70mg2zAgMBAAECggEAdj5/qw0CUASkmuj+120jEYBiQDnE1/KalMeFu8P8FbM5 -0z7x1I/Wv2tHEqSncusnRynASks3z1c5oEchMrf/jq6imfN5yZss5IzWvGOHybLa -q+1MxHlJ0zrdR5KPa0k7LhDcpv5aEEn/I8mt+ZcaC4fjytSOqH5twcS1aYmt1ngR -aQKd3UkB5AhxbHcx3V4iX9opdy0NhwaimAGY+U7yVE7tc58n/ZA5FPF2GImuyQOS -F12LytmtDIkMjSmBERNlU+67t79rx5a91Tavy8Hz0htEzNQ4wulG/v+Jqnbdh7j7 -dpCN7EvTDQ08jDihuUpFPVo1UF9Atrn3c3zJuGy8gQKBgQDGQO7EeHUZzb+yyF+M -9XP+8R9Sb/4qoDMpAIn/5le9sN/riYQbCctQ2HmbxMGm3vu7FUl8MrRvCLCiASK8 -5ng4oP3pel3P4jUvnVy57WzgfkmdKhSB1sxojtMOibLZgP09bRT/Q1bTKLJtA5GY -imt3cg0fF0YD0UI8GaNEmNxFUQKBgQCt251PKK3GzCo1J6iheiwSMkuG47WBcnLL -1oYl61TH7z/pKEs4GGCE31xn7+P88QY7XftNmJkuh91u0SMdCf4w3yHYzz62OdZL -go9tov5F06K1kkOmQ23ORtTbGnNlrNBTsDYIjnoufWMIf66RsAO9d7k3f/o4bXBa -88rLCpDxwwKBgQClxT+g+pP32olzJYZ35/lw8A9fsBNXcxK0MyYw2lr9WvsxCJB0 -x1DBLfEpZXEDZioY+aizd/ZVbW+8VrTEPPXDbCJD6rSskZolUTBqqvNCF3bYOoph -MslCmEI0QsFQi0G07hQDiTv9XmcrLjO81+kaPDxqhdxebsgyVsGlJyfvsQKBgEZY -9KARH6+u8O0tLOiZ3LdILpNYFBtayeR82y8At/9maX/YVAdQpc1d67AKuz+f7xua -fZL6ShEv3IN4kDKx1m7D+pgV05Q8dt965rpAF479gXriwgjGg+nRc1NssoDTmkAi -rtprfDjPd4D62RIOHJVPmlxApmiqr6m9t7LMhbWtAoGBAITtzDRoOwDGwA3UB3cR -ObFmijIzfjqxU0Q3T4QZe6gbLE1ExEdXMcMX/JhU6n4LJ/FcAf7/dwm15xqIQmzK -iqmRb8Nnk0li1pUxusZ2jt5W4DGmafim7XdzDaLpSukws51Zj7WpiFDBBaQbww7k -0yWnt8ORrQTF6/2ZESuODqK0 +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCXxwUIaikPjcKF +chyYQE1ESZoUbBjeeVGS+bKFftfSn7uwxUVvWjESQuXQG/2+W5zt9pA8LnWKQ8UT +twV1a+xMDGQOwwL/eWcC95VxomL73H6d02WxMvdYhldD8kGr1aBlvheuXUHCr7EB +/nyj+mBzyxjqaBcgmC17kdUtkHU36mobUJ47iyJW9V57Dvgx3mCHeDPAiSrqy8Sh +FHqa/H6KZrjL3jZup07+tfMEqRUo8zdajOA6P7nLugz2h6DwHTHy8f+c7YdkAzmU +GErmjRkOkOs5rpDjjmBmqNyfXd8Ro0CFOj4CTnHtkxmS6Klk+MgSD/0XBwLSozac +mHLyUEtLAgMBAAECggEAIPYLLUMkzKhsFJ/t/tCEFy7mw8Wf9vygzwrkDqK3yxl+ +YMrOo/qRypX1o6bYibUKlRElTLSIOTEzhO8Lw+7en7tXJW+LYKDkUpwi+80Ysvq1 +EqBcpslbNwHhxLNBOMiJb18DdI3zII0YI0c5mUDgHnV+YTWexCjYQ8wtYBpNookz +utW+pLPJ9T2eQQ5rhZ7GL5UmLhg/ymrQ+uu16iGVNpMCPj9Dzfo434SYv5JaJ81w +vEmyivrVlP8gxym5eeK3sOcDfcoz6WEgW2Yn8yasVULrlPnrGgUh+ptnQb2kqyVS +dqLyBF0FauP38nXCezbfuf+RUcBNb5x+SeKKaQzxMQKBgQC+HKnfCtrOQX2No+JN +/05XqEOjD/XivSocJd2fuH8N4shJQ9NM8CSyEPFB1YQCzOa+OAgYH1C+m4sN2wGR +U0+Y8M+4x42qp+wty7USaZQqn9JBZqLTwPwADq7pKld+uY69mDfKaYX51kyUm5zb +WMm9m7OnM/9UO3Asno+falxq+wKBgQDMYTGP2W9f37HMBp79IoWbDgmW6vitPoTz +5YOXLO3jex/BqhnSh4e7pXFxiLx7ciKRzMad/Ebh8ACO4aHpTqVng9NTHPfd5LaG +BZ/Egu7QYKNvElwvLHp4vRxDfydEZ7Fo+vXLgLKjBwkGVrs+kNTdNZfblmTqDFdL +K6AnlSqv8QKBgDVFWuRA6mb5OvFBhtxMOeueHrXGdyP91ZrlkWB8Fj4R2gWNl9vr +Pp0W2kOUTNVsDQwoLzxzKfD/LMvJHntWWOuGLu6cHDpBq5B5kFeEdhwrhIMG+4FS +hkqN0r1LPBEqdbDywk9Zmk0Tm4nYwO9FxeH3izPDAjzcGual16DX8OWZAoGAJwAd +DxA0+pybNw3EZRWjXTVOiygHkDev80LG26BNPO2P38rv5obKVfp6LWokXYIoKp5j +AF7Vv+Oml51i4jyJv7keKGwMuKEeW3DTThKWM9ldFqLwSGg6brPXouGuwpTu+9N3 +9/91FzsOc9E1JflJRXUmp1aJp0f3mHaYtzT10mECgYBVmuH3T3zcjLcI3VJ6TW+k +E7X40XmpgLLRbB/H5KDyhm4amn6OpXJxcxwv920FBK2C7CVE+FiyfnB0aT/q4I/+ +wNV3m1anzYqAmUFJ7A7ha1eOLxg7jKgfvcN6qfvrSJX43ClWd4bkwdjBfzz6WWAv +dIbe6F+cINGho+JRwdc7Pw== -----END PRIVATE KEY----- diff --git a/tests/security-resources/client-key-cert.pem b/tests/security-resources/client-key-cert.pem index d8041a2e95..bb31733511 100644 --- a/tests/security-resources/client-key-cert.pem +++ b/tests/security-resources/client-key-cert.pem @@ -1,87 +1,88 @@ Bag Attributes friendlyName: client - localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 33 35 35 38 36 + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 39 32 37 38 34 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCIkFoX0dZKHYjq -aB9tWy7Hi4d09sKpLFqpVCv/KrHPMTLXAKXCgb43lnPOD5nlFdHq/JAOn/bDsjkZ -5IQn3ACVsZKopFLfy0ivPpdrHbfoOWtlTUm5RR7tQDiJfnpjAt07AMy3EQ7OARmV -1lWjpvcs4LkGkUQG1qj6hsIEvQ68L4CPn/ZYv/M4VSt3LL6asGLgNBAi+n0wJFe7 -VFXawlpc/zm0K95Wu+ml0CBYD2kaodlOzJmeId3nZHB8noYNIk0/xflZ9EQVASUI -zSo3fHziiv8D7CR454KC6KzxTvuDSCzQBDb9eoirXQ2ejUnF4IDXIk1hoa7GEQsm -ZsWp+EJpAgMBAAECggEBAIZ3LF6b3RYpMrEsSRWSXONafcwrVMziwXpNSOz9Cwtp -9BdDqfN1cOinGevh7LRm4cUxXl8oHv/eMt9N5Nqig2jh6fhnpLp7HVyAkvOD1Zux -PhAHI/prFuKhA4pOoQ9wuIjqZqgzAZLR/nFNFBIJywPDWiwfSQ46uzPDELM9vI6J -9KvFM8F6mdtSHQ0jbPuphOQMJDZoVkxxILaUibsZtsSR+U/ePn+VdMkOYmQ7QvVi -v4Pxej5rgW4lAfdqLRh6lTER5hxsXPbIFscgHB+0TietY1nx8bHPM29/zaooJH04 -+oCppFL/H9mTmJfDkJlG8lLAY25HIAM1EpSPvbbyzMkCgYEA7TIHf4XNjw68rIpq -YBD4wesv52Eno+ay6y3o7G9EIUTMwPDA8OV0MMxsyu3TllzhSQZCi0LzatE5RboO -a/1UCy+RKA5KjSarekfQo/Ag0ay7peUcGdydHYly5ki6OPbm7vZ0veriO6EXqn5R -OwkzQJt44O1okovgXZYCJ7GggSMCgYEAk2P3oUUQexGwlTUSDYxdiFrE/D5Zpk5T -Lo4UwphIy0RTIz+HFbnAj1W80Z2wX453CG38NsYc6E0iu4DwErAsx9Y98fvLYdjW -IgZ4sPdKmklSe2g3Mlan2wCSfFB4taxrrykyRdafLTZ/vkcShSUkOCQqYQal9a5i -Ml6ky+YjtQMCgYEAvf8lInD7h2w2lb8KFomBuVO6u4yHRDK3fsr3mOxHlp6VpLc0 -1cH2oGAfhS2cHwWnL+djxkmK0jVluwSeKMJzX8Jqc7t+3DHtibWc2rSulUXXybsM -F2swL0i6UNxQzvB3a1LfkIFlVn5jhp5IUxG7jDT9Tq7c5QZGYrCWaVVPTCECgYAZ -Vs9kz13U+qaUEEqpP5946LoC76kz+TU9xLl29v1UzMtKPQq5RnT/b2sF0olW9EQs -k9QPiqG/ojs9Zx5e6CDavk9qAbLmgIPX16r6KZmOyto+Ux1iLxmugfutGZyXByyA -MaHt9cbp2/u8N7XMZCVE7ZrHkYAIq9E//ZtxXoB3BwKBgQDZrEA4i2kCo1XXfqW3 -s3WGcLU+OIKMIM89hypoAzvLt9IUX7DwSO3lbHxhIGI2y4pav8vAWAPe78Gd6VOY -78tUE9nVC42rMSrrC93jDyqRC6PFKOtoxBgotYOhP/gZSJEtiSBqXhG7nYyJ4OIl -0wGcRusJmrC0+3S/Kc/NSScGbw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDABinqOLO9G+8C +jHY0gWiyNcLZEerM1SCvfj4edwyeWOZPfvas6oZde4mfo6y8pZgI4eTDrfIQ+FWI +qxC8l8I8gXfQesNB3YZCY5Y6a18pIzhgKyfGWisw45VR0j0eq50cN6HawA7GLmQi +bA4kAZjRTkbRADUXZ4ILFUa48zWw19t8UCUuWxqc7nKaijNPghKTdPrOwWgdgbwz +GpO93MM//GGmS5DmOKdBOoS1d1rpK8Zk5h56kjfvLm5/cXv2OoBEuZnWQNF1IZpV +qo1e57M/vQWH17/Lhlx5t6+PjzXVlYZcQAmpyqCjFX9CFbBYupArHtpm30X+4YpF +AuqhSMvRAgMBAAECggEAHy+BFCh0TGSievv74IgZzEN96woFY5HDdqzegs0b0AWp +FcUNY8TM4JbFIZeP4K1WFS82m27/DrF+Fq2NkMtmwLPYFRQy7NoAyXxp8//nGwO8 +zqWDlqujMxPq9rhZs8b0Q5ZnY2Loo1f6bDq3SzK1MlzvlFbfyHbHgGxKqZPaJueH +KmdbR2U1Wa7qdNNCC93X9Qq1v3/hIiiBQ0in3plMtikgfC+5hP2DZMR3aJSNTG/n +kWxK4piBIfF3OCHvFusQCAGlRBgonfXLL+6FUlQfzF/xFxeKaBxtCkS+I2a8QPuX +VvLWm5dnGSPrRrqMnPMgZkoE/zFfYozCgEjH2n1Q9wKBgQD3gMuS0BZM68wt6EUJ +okewU5H+5Ls9I6eGxI/4Ab+ygnOpLhZUqGpfK9RM/984FXIAjZ7p6aNnoFGJER6a +7MCzDQkt61DIT7X7NFtkkUF9WAbn3xhB+tqwabD8XETP0ZgQd5kgjTd8myCJLr82 +i5tKuYFpOE8uAtBPHV6VB7FqIwKBgQDGnckm/jRVdRfTiWyfo0wRAPxsoUNUW2GB +JCyDJbX4VAt6IXJMiy5ZWKosSI3txKDFOD+DY1UdSduOsjtHSWEBRuXfAH2Bg0Mp +hXIZ6BV/Sdzge0MX495JUs/7wB6Ye+TrYyys/qdN0iCndQ3gvq9fMZoXi830RNiM +/dUVvy5PewKBgFvIADX2Qn7N5k6T1p4m9qy1oOtECQc4JJS+aaEPjPX2mEuBkrhc +J+4ZA8Z2EGHs2fTIj8iwYm84LWRF2/KZnzAGwoOrwq41mQeJt+aIUx/XN+Beg9Fb +5CMNXpuG3+GtGNXqc/d1RsFHiX41vqTMio7gUdQiFIK8emEMRBnB25G/AoGBAIVB +Y64Xq4ESeJPihdBtPSHDaZhwcb3tOXPtkzfCW15q9PBR9F/KmaQ0Sqg/XYoC/GKV +pHdAc+CcpwQMLJ1dbAnxSVTe/VWhfbQj5jPfdFzcb6bkzFUA+yhyuTwM3/oqVaJf +/Z9rk1AxBNuVO2RoSz0xCFN35wxWDHw76XUXubh1AoGASevvtnKnrzoGfJtaJ903 +YMzFLfdyfDjfES4I06eDjHOLiBVg/tlgcuOpWpXlxlrIsXtR/Q5MM3XnKkASdKIs +MH9jJzyV8dPLOC1U41QO2Be5L+fNn3zTqcz1Lv4mRTwgt/g5YE+dmDDfrRZaGq0M +Fn8JKRZVK59xV5FFH3wqfag= -----END PRIVATE KEY----- Bag Attributes friendlyName: client - localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 33 35 35 38 36 + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 39 32 37 38 34 subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority -----BEGIN CERTIFICATE----- -MIIDzjCCAragAwIBAgIEGCpcHTANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB -Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0 -ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0 -ODU0WhgPMjEyMzExMTMxNjQ4NTRaMHExDDAKBgNVBAYTA0FNUTEMMAoGA1UECBMD -QU1RMQwwCgYDVQQHEwNBTVExETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdB -cnRlbWlzMSAwHgYDVQQDExdBY3RpdmVNUSBBcnRlbWlzIENsaWVudDCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAIiQWhfR1kodiOpoH21bLseLh3T2wqks -WqlUK/8qsc8xMtcApcKBvjeWc84PmeUV0er8kA6f9sOyORnkhCfcAJWxkqikUt/L -SK8+l2sdt+g5a2VNSblFHu1AOIl+emMC3TsAzLcRDs4BGZXWVaOm9yzguQaRRAbW -qPqGwgS9DrwvgI+f9li/8zhVK3csvpqwYuA0ECL6fTAkV7tUVdrCWlz/ObQr3la7 -6aXQIFgPaRqh2U7MmZ4h3edkcHyehg0iTT/F+Vn0RBUBJQjNKjd8fOKK/wPsJHjn -goLorPFO+4NILNAENv16iKtdDZ6NScXggNciTWGhrsYRCyZmxan4QmkCAwEAAaN+ -MHwwHQYDVR0OBBYEFAuvq7i0CQqcrhUxgsgccmRcnKJXMBoGA1UdEQQTMBGCCWxv -Y2FsaG9zdIcEfwAAATAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFKUM1JFbFBp0jlZ9 -Cb6UbaPQAOr7MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB -AQBX9nafR8GU+LZi/kP2F7j+4Z4yUKw2afUux0UbrV49GIXV42ELNyt1+0dNwhdp -LuZU+1AwBgJc7GgE7KagYcaqgEN51NP4dIC1qL6OM+MNUgfyjjbeLED/Hxr7YPqq -AhQoYYw7CdEVnSqwY6BknuHiMEW0aakZhInCNP+6A6Wf4x0lf7fhEYxoN7J0YZgl -JFzNT1kKN7K/sH/EK0h9Le038ckERnr9cDgBrP7WwzDBMszYf6iWGkOQ4ENWrsF9 -W87l41aqPO+bjK5WdNsrACwaRaoL7xqJJlxonOuW2LjidgdLZYp1Kna0OT/FR9/Y -9Q3yxoadGlb6P6BTb3VXFHVr +MIID7jCCAtagAwIBAgIJANaUYBHdNtAQMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN +USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz +MjIxMTUxMzFaGA8yMTI0MDIyNzExNTEzMVowcTEMMAoGA1UEBhMDQU1RMQwwCgYD +VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV +BAsTB0FydGVtaXMxIDAeBgNVBAMTF0FjdGl2ZU1RIEFydGVtaXMgQ2xpZW50MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAYp6jizvRvvAox2NIFosjXC +2RHqzNUgr34+HncMnljmT372rOqGXXuJn6OsvKWYCOHkw63yEPhViKsQvJfCPIF3 +0HrDQd2GQmOWOmtfKSM4YCsnxlorMOOVUdI9HqudHDeh2sAOxi5kImwOJAGY0U5G +0QA1F2eCCxVGuPM1sNfbfFAlLlsanO5ymoozT4ISk3T6zsFoHYG8MxqTvdzDP/xh +pkuQ5jinQTqEtXda6SvGZOYeepI37y5uf3F79jqARLmZ1kDRdSGaVaqNXuezP70F +h9e/y4Zcebevj4811ZWGXEAJqcqgoxV/QhWwWLqQKx7aZt9F/uGKRQLqoUjL0QID +AQABo4GYMIGVMB0GA1UdDgQWBBQhXlzDqOhheZmJ5hs2zgDKLmGXZDAzBgNVHREE +LDAqghdjbGllbnQuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxob3N0hwR/AAABMAkG +A1UdEwQCMAAwHwYDVR0jBBgwFoAUmQHkKAJROOr1cSjoSuMcvR0s0OswEwYDVR0l +BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAIqZxEeS2TSLoCdaPu3D +i4KaYBKJaUgKNZw/EOeB/kK+yxFEfRxbuQwtrkNt1mg3uEoDvL1GDa/6hZocWsx5 +eWZNQmDmCnsSPzFI/C08XJh4xKe4y05o7jejDnMFWzM6vzRZrGlylEUHXhRdXAKA +TmeZRuysvIwUiZsZksxHGl1dZmFasD7LjzxybSlrkuJLj+vKDHKG9khp7OSXeRA3 +0lQplc20h6SLjbowTjlB/TvebEIaaAgQ4p5nXmKrgt5Aq0aBefqGOmzMbTFxk1nW +Q/hIaO/sLVcmMrAbP802ECg/x6d9P9MPQUZeH6sUwElFr5NN8MDFyVDO46YyC1bg +BLU= -----END CERTIFICATE----- Bag Attributes friendlyName: CN=ActiveMQ Artemis Client Certification Authority,OU=Artemis,O=ActiveMQ subject=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority -----BEGIN CERTIFICATE----- -MIIDcDCCAligAwIBAgIEJbym6DANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB -Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0 -ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0 -ODUyWhgPMzAyMzA0MDkxNjQ4NTJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD -VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIENsaWVudCBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAIaj9LoncxRCfTayohTMSqWCutkAXE8rTDKbpmrTt3RMkmqJw2sO3tn0 -CZkcfkf+1eXsJHRoH9uhUZI7Cc+vGFCfWF9RTi4aCjYFtTXmb0FAsOl1TTRjDgWb -eyUYI25KpVBz57JD3GlFlFo0tLQkc/C1QWU3dlpU5INh5vo/1Si4hrVSX8/Hun8q -daZg4bjfUGnNa0H5nPfkCaZjAamAKp6L50e0cLS4PQCPhVMdH6uU2CEJDxNURN3i -tD6z3YJReFpxNM3HmDwLgUxQcvByQ60Qc90aUihKqXKj8rlFJn76d/kkH3xj2n5t -msY4/GNxh+P0W8whH4C7uglo/vSaDbMCAwEAAaMyMDAwHQYDVR0OBBYEFKUM1JFb -FBp0jlZ9Cb6UbaPQAOr7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD -ggEBAFmb6rDuirRpEpO/+jXRqq3A4gqMW4Qbjqb61pIQyNim+0Z+RDwQn4nfnZxY -CaAlRiwg7Ihr85brwHcAC2YG/ir3AEcY70r15xIFCiRkDo47r8cXhTAiQfVBjd1j -m1Bo1w1Sae/Vhe/Jryuqz7C+lXads6xWr9x+RoKb9IDgRhz6aVUBQfkyuusm3D+c -RN7i3IRD2ypf1dEAH51+n+U3gEtWbztA2R1MFCGq/pWfEbMaI7fkBu77h6e/Okwq -dNAbXMYlKvv/BgkmzPvHWtepa/1vWZmyC1t0Oo3jNBrUMPCrkQwHbSMl9vMQwICJ -LnIXqz1dSY/M11jjOVS8ZoZ0gdE= +MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN +USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz +MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx +EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp +ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF +b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl +sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce +O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg +Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+ +Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU +mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0 +0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b +Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl +J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T +V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n +7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog== -----END CERTIFICATE----- Bag Attributes friendlyName: client-ca @@ -89,23 +90,23 @@ Bag Attributes subject=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority -----BEGIN CERTIFICATE----- -MIIDcDCCAligAwIBAgIEJbym6DANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB -Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0 -ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0 -ODUyWhgPMzAyMzA0MDkxNjQ4NTJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD -VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIENsaWVudCBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAIaj9LoncxRCfTayohTMSqWCutkAXE8rTDKbpmrTt3RMkmqJw2sO3tn0 -CZkcfkf+1eXsJHRoH9uhUZI7Cc+vGFCfWF9RTi4aCjYFtTXmb0FAsOl1TTRjDgWb -eyUYI25KpVBz57JD3GlFlFo0tLQkc/C1QWU3dlpU5INh5vo/1Si4hrVSX8/Hun8q -daZg4bjfUGnNa0H5nPfkCaZjAamAKp6L50e0cLS4PQCPhVMdH6uU2CEJDxNURN3i -tD6z3YJReFpxNM3HmDwLgUxQcvByQ60Qc90aUihKqXKj8rlFJn76d/kkH3xj2n5t -msY4/GNxh+P0W8whH4C7uglo/vSaDbMCAwEAAaMyMDAwHQYDVR0OBBYEFKUM1JFb -FBp0jlZ9Cb6UbaPQAOr7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD -ggEBAFmb6rDuirRpEpO/+jXRqq3A4gqMW4Qbjqb61pIQyNim+0Z+RDwQn4nfnZxY -CaAlRiwg7Ihr85brwHcAC2YG/ir3AEcY70r15xIFCiRkDo47r8cXhTAiQfVBjd1j -m1Bo1w1Sae/Vhe/Jryuqz7C+lXads6xWr9x+RoKb9IDgRhz6aVUBQfkyuusm3D+c -RN7i3IRD2ypf1dEAH51+n+U3gEtWbztA2R1MFCGq/pWfEbMaI7fkBu77h6e/Okwq -dNAbXMYlKvv/BgkmzPvHWtepa/1vWZmyC1t0Oo3jNBrUMPCrkQwHbSMl9vMQwICJ -LnIXqz1dSY/M11jjOVS8ZoZ0gdE= +MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN +USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz +MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx +EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp +ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF +b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl +sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce +O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg +Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+ +Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU +mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0 +0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b +Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl +J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T +V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n +7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog== -----END CERTIFICATE----- diff --git a/tests/security-resources/client-keystore.jceks b/tests/security-resources/client-keystore.jceks index 6118f80b8e..3d9b5ef866 100644 Binary files a/tests/security-resources/client-keystore.jceks and b/tests/security-resources/client-keystore.jceks differ diff --git a/tests/security-resources/client-keystore.jks b/tests/security-resources/client-keystore.jks index 3b7d5e3f21..2c23b236d3 100644 Binary files a/tests/security-resources/client-keystore.jks and b/tests/security-resources/client-keystore.jks differ diff --git a/tests/security-resources/client-keystore.p12 b/tests/security-resources/client-keystore.p12 index a99065d63e..df084e2c08 100644 Binary files a/tests/security-resources/client-keystore.p12 and b/tests/security-resources/client-keystore.p12 differ diff --git a/tests/security-resources/other-client-crl.pem b/tests/security-resources/other-client-crl.pem index c3b9765473..81c3fc59fa 100644 --- a/tests/security-resources/other-client-crl.pem +++ b/tests/security-resources/other-client-crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIB0zCBvAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MIIB1zCBwAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll -bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTIzMTIwNzE2NDg1OFoYDzIxMjMx -MTEzMTY0ODU4WjAXMBUCBC+fTRwXDTIzMTIwNzE2NDg1OFqgDjAMMAoGA1UdFAQD -AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQA4h2JCaBPm4qBKVN6xzwMj/eszkCyGUczE -yxI7j2Gyn+Wr3WQ+W6HwedY9HCG83SLFaxc3DpMHCE6qfASFoZ3+cv4qXj+ezgL6 -rjti71lU7HZ2ET4lA9U5YnYrU2G4MzDCt2rxLqcc23v7y/qLcQ4mPt7XB/uOsKn9 -ddpe+bsAfXeh+95ECvWtn+2n4siu2QoNAkTTrhJpCPQYn6bJFiROZs/47d0V7EVB -jOiuj1BP7TfhqQUzK2a0OzYK1xNN+Q+D29pEWxhP1XyRvull7q8s3EKC1o69lKss -b/Ir/oGhGewQ7yiraX/0Ia0X9rlw5QP7f/s3+6yw+1mp4aea1+eH +bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI0MDMyMjExNTEzNloYDzIxMjQw +MjI3MTE1MTM2WjAbMBkCCDX8+5iW7sP9Fw0yNDAzMjIxMTUxMzZaoA4wDDAKBgNV +HRQEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAFFLNW5vD8vMv56DqlopUnrSlzfqW +iqUgBOL1WnDhyMjHPvU1TXQg0MH5r/vjBoA+S7hljU1CHb1u8N7MEUY4iBqlGJsy +u77wBQwPviQfJEb6hSByBzbHMgw2YgE+OUvhnnldnDiGnEQkT5ZZl1O9hVH3Fp8Y +AmCF9qjvMNieM3V1HyML3iOHnNmQUyikvSWS+vlIl0AzD47tOXgHrkorbD/nHljP +k/0gcVrKK3VHPxNtgVyhtfv+JhRQqekLWvZOKM+Cz5sdnGqOA2AkOfJmhu7kp/Lx +DAbaTLUNHaLX+H8BG1PZ0iHDgnXQQXAzXfkJlEOp6bl3eaOXlMCC6J+tWA== -----END X509 CRL----- diff --git a/tests/security-resources/other-client-keystore.jceks b/tests/security-resources/other-client-keystore.jceks index 980fe86ecd..93ebf9886a 100644 Binary files a/tests/security-resources/other-client-keystore.jceks and b/tests/security-resources/other-client-keystore.jceks differ diff --git a/tests/security-resources/other-client-keystore.jks b/tests/security-resources/other-client-keystore.jks index 06ba9fd123..e1e55f0cf2 100644 Binary files a/tests/security-resources/other-client-keystore.jks and b/tests/security-resources/other-client-keystore.jks differ diff --git a/tests/security-resources/other-client-keystore.p12 b/tests/security-resources/other-client-keystore.p12 index db7b95fc85..1f724cf056 100644 Binary files a/tests/security-resources/other-client-keystore.p12 and b/tests/security-resources/other-client-keystore.p12 differ diff --git a/tests/security-resources/other-server-cert.pem b/tests/security-resources/other-server-cert.pem new file mode 100644 index 0000000000..52a926e293 --- /dev/null +++ b/tests/security-resources/other-server-cert.pem @@ -0,0 +1,30 @@ +Bag Attributes + friendlyName: other-server + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 34 39 35 33 +subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Other Server +issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification Authority +-----BEGIN CERTIFICATE----- +MIIEJzCCAw+gAwIBAgIJAIYtNmfo1IcvMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN +USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz +MjIxMTUxMjRaGA8yMTI0MDIyNzExNTEyNFowdzEMMAoGA1UEBhMDQU1RMQwwCgYD +VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV +BAsTB0FydGVtaXMxJjAkBgNVBAMTHUFjdGl2ZU1RIEFydGVtaXMgT3RoZXIgU2Vy +dmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupddeWP1OET5W9A3 +UrVz0xYW3wGvmkrlsYjpqENqcaXmcsLXrvfxCoavQpWxrd2OtmTuHA59tWYyd8FW +3Mvp7NnOUZ0Xz5nAgjHwhlfIQ2qhrKV8V+jUdcWsh+09elwO7qRbjllKRW2I4zVx +KFzP3r1Ncojrb8V0wPAKjSWdZn8jptfzsondvlxkkU5CuX+6VTh1P099a4iHO9bT +5UNFjJS9FTgN+ln8Iq5tSUJID1PsTY5Ob/LdEx5TVJ/xr1jwBRI2QrLtM3ju6Dtt +y2eA8G17u/gPIpjCUnAf+xGHDePKJQ014nnSxPlfT/z0Fs4twapt7dBtwlLXIXht +6E5UGQIDAQABo4HLMIHIMB0GA1UdDgQWBBRtzYiKCZfZCX5WUq38rGDHBIZuhTBm +BgNVHREEXzBdgh1vdGhlci1zZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxo +b3N0ghVsb2NhbGhvc3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0ZXN0Lm1l +hwR/AAABMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUfI39SB/hKrHFXIQqijOWKIOk +6FgwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAMOoB/kr +yA2zQ4buePXySKyUlcN5XzdyWqDXZI9gRXlyFgoHyOvr8xd6ak+EaxZVd6nZ99V+ +ua96UCuy9eiWi8iupdfTeBH2XJrdFUGmd54W/a9ORKIN0ljW5OLW2bmD3Gb/esJr +sbiWmmgUpGW9CLlQiz8xkHLQvV1pl3xONe0AEr7EVw2Pkr6QhS0tmq36IJXTetPb +Tccnj26YPaAVUozEHLzINakp8UonmFNLnNCjgtqAQ63yaw5BDyqTjb5xAMF4oyt8 +is45SO/2P6TSWc6i6YMA1rCJDM2jCrVIeHk3AZ4gsre/j23ZQc/EGBWTWYbZw6G8 +/nOiLulSd6+ulps= +-----END CERTIFICATE----- diff --git a/tests/security-resources/other-server-crl.pem b/tests/security-resources/other-server-crl.pem index 81d268278f..ecdf96481c 100644 --- a/tests/security-resources/other-server-crl.pem +++ b/tests/security-resources/other-server-crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIB0zCBvAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBTZXJ2 -ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTIzMTIwNzE2NDg0OVoYDzIxMjMx -MTEzMTY0ODQ5WjAXMBUCBGkc2MsXDTIzMTIwNzE2NDg0OVqgDjAMMAoGA1UdFAQD -AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAHvw9QamvkDupseQyZsn9UM/uTzWktMvGd -USVRJm8GI6EeZEQjQU4+s3bOA+OJC2Q3RIM4irLxIg0CEEcy171+XEE3wMiCs1uw -n7fb59sLicYz00LcNg1f/oeAE7gytJZslN9ohBLxKA5Bc11tqYiRirVGTZGihwR9 -LUdhpEwsfnDw82QYyMU4Zcr9VeF42lQBMuWQBoWMQVttW1Lay+fI6J9mF1T5DWmn -aU2uGdGpMbNphy9d4LnCvqRQG62qTHKOuiu464zRoBRWEoSzQmwQwH1Sq8n1eOQW -QG4AlFmUN6NMa5j5ngJlUZ/E+KRHlbQKFjgekdScdKSr2JjTbBZn +ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI0MDMyMjExNTEyNloYDzIxMjQw +MjI3MTE1MTI2WjAcMBoCCQCGLTZn6NSHLxcNMjQwMzIyMTE1MTI2WqAOMAwwCgYD +VR0UBAMCAQAwDQYJKoZIhvcNAQELBQADggEBAKjeovsRpImr/CoS4PdD4Rh5/s0U +lm1dgmK/2HuD5m5K6XvJCBnNkvThkVWK8tgG6t2bjFJnFTQbgIazJtVmpE5kxPdy +sRD/3WQ61vuOc/EYzslwBrgMTujtj6J2JwIBe7JgCYH4KPuG6Lb8nVFCDZ2t8K9p +ca7VQdfLhKxh+5bbIuVv077bY+DllcJRAhza32x6xp6Occ+09O0JCWSiazVjVUi8 +Umt5c7HFI+NJwLWACqbYImrWg6A0hD2lptAFaMaRgEpvcyWYhU3foJmBoFuNve1u +mx894jQ1X/I3t1EHWhTg7vtJSwowjxl2woc3BOxxIO2FQ4rHiSCiG3+XoDc= -----END X509 CRL----- diff --git a/tests/security-resources/other-server-key.pem b/tests/security-resources/other-server-key.pem new file mode 100644 index 0000000000..6e3b1f3336 --- /dev/null +++ b/tests/security-resources/other-server-key.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: other-server + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 34 39 35 33 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6l115Y/U4RPlb +0DdStXPTFhbfAa+aSuWxiOmoQ2pxpeZywteu9/EKhq9ClbGt3Y62ZO4cDn21ZjJ3 +wVbcy+ns2c5RnRfPmcCCMfCGV8hDaqGspXxX6NR1xayH7T16XA7upFuOWUpFbYjj +NXEoXM/evU1yiOtvxXTA8AqNJZ1mfyOm1/Oyid2+XGSRTkK5f7pVOHU/T31riIc7 +1tPlQ0WMlL0VOA36Wfwirm1JQkgPU+xNjk5v8t0THlNUn/GvWPAFEjZCsu0zeO7o +O23LZ4DwbXu7+A8imMJScB/7EYcN48olDTXiedLE+V9P/PQWzi3Bqm3t0G3CUtch +eG3oTlQZAgMBAAECggEAOhXbtenNkRY7r/658iflZg1G0mZSdYwiQ+mUn1pZPQbB +nfEUtnWd1kKGNYqnFLJXdmUmEJrcPEeTp18K/NIHwMEu7o4iNvCsknscXp3eDEqa +CMY9Vpp25TDDnE7YqAoXZefJTp9yNPm7tstQrhlyZmr0vJZuAE3uIg+3oSfX/2tF +loA31evQPLWePIyHUapsctKjnAbsVn5lxBN/Ef0rKh6v++aSrgNRdHBZUhofDedo +oWBd1slUxK18aj1q2Dl3DrSxuX7ygiX+3sZl+RBNDH3PXpR93kRN1Go4AYPnMQfd +ExQ8Lc5RViKCfSVBQv8lKttyOZJ/glzCKTe+8bcp1wKBgQDTf5MwZW9oe49pgxFl +foA4GS4MwOWOsf4CI+xKwEPFrTvibZJWk5S6wCqYs8RIl//DY3RqSR5QEw5/5xOq +bmq/YW2UY/Xem18wT495HkoIafm08KrLCs+xD+oui1M+jI3sGi6FBrwYc/n9zTzm +PI+7BnWK07kqg4aIlPuJ91UsowKBgQDh2im5StYoIj8Zm67PD6w4JCXiEfqgVn1f +XJN4CqmxlZqRNBdYPeuT5ECQJbIVRj9RJxKHcCpd1PMbwJfnMJ0wQR5ZhyT0h9HB +f3PzU+ndhwZj52rmIsNJrfwIxEmIe4Zjt9KcLbfHOQOJ/sdgiPiY3Wrkoe8LhV1+ +ig4ANnAsEwKBgFQ/i2hJ37klDxmepj1hyL2P+jIGXOscp+w+Vw/nypdhzGsD7rki +DKrfhZhSc6vfMHiqk2MLQVHwZWQ5rjHDzi3yJ25m6zgDeEWMS8CZejAj1t5myAId +imIjzss/oKdX4ejc/Q7sgdzTxg99w/aKxU5g4k2szSPMRLj/b7ujlIA1AoGAOVEc +daHAZ78JNH6GBpZ7pmPGGXFmoXpRpvnfkv9hwWeuKluF8ScFuiqbF/n5D90cBIRd +93FHzzhT2h8ubcWwnqZoBWB+yHAPk4O88WvCVi4GOSRpxK3d0b0N0Uu/PZvbp0Ln +eCtCEJUviL3X62/XZzQKBKvz9oCKEasHkpY+MXECgYEAgsUxytP8AyQAEd09lBM8 +n+ZuLSOegJc8lH4NJ/1VLtaADpynEdoRwLp2/5u8U0b8B88zxPZOckVy8CypAlDK +GhqmBjCtqL/wF7uRC4yEkYXDa6bK/Rnawpt98zU0SRv3QVdDexMvYL0XMOBVaq+Z +6E16UwNXcn2l3siaZ1486xc= +-----END PRIVATE KEY----- diff --git a/tests/security-resources/other-server-keystore.jceks b/tests/security-resources/other-server-keystore.jceks index f397037db6..a3248cc226 100644 Binary files a/tests/security-resources/other-server-keystore.jceks and b/tests/security-resources/other-server-keystore.jceks differ diff --git a/tests/security-resources/other-server-keystore.jks b/tests/security-resources/other-server-keystore.jks index 3b38450c83..9b7d2e6c78 100644 Binary files a/tests/security-resources/other-server-keystore.jks and b/tests/security-resources/other-server-keystore.jks differ diff --git a/tests/security-resources/other-server-keystore.p12 b/tests/security-resources/other-server-keystore.p12 index 1c832bff8b..de223cb32f 100644 Binary files a/tests/security-resources/other-server-keystore.p12 and b/tests/security-resources/other-server-keystore.p12 differ diff --git a/tests/security-resources/other-server-keystore.pemcfg b/tests/security-resources/other-server-keystore.pemcfg new file mode 100644 index 0000000000..6fab6a0e0f --- /dev/null +++ b/tests/security-resources/other-server-keystore.pemcfg @@ -0,0 +1,2 @@ +source.key=classpath:other-server-key.pem +source.cert=classpath:other-server-cert.pem diff --git a/tests/security-resources/other-server-truststore.jceks b/tests/security-resources/other-server-truststore.jceks index a7a3f6f5f8..56d89057d1 100644 Binary files a/tests/security-resources/other-server-truststore.jceks and b/tests/security-resources/other-server-truststore.jceks differ diff --git a/tests/security-resources/other-server-truststore.jks b/tests/security-resources/other-server-truststore.jks index afffac5926..9598d6f62d 100644 Binary files a/tests/security-resources/other-server-truststore.jks and b/tests/security-resources/other-server-truststore.jks differ diff --git a/tests/security-resources/other-server-truststore.p12 b/tests/security-resources/other-server-truststore.p12 index e8e8a68644..5774c7978d 100644 Binary files a/tests/security-resources/other-server-truststore.p12 and b/tests/security-resources/other-server-truststore.p12 differ diff --git a/tests/security-resources/server-ca-cert.pem b/tests/security-resources/server-ca-cert.pem index 65c3c41fb0..54027eb206 100644 --- a/tests/security-resources/server-ca-cert.pem +++ b/tests/security-resources/server-ca-cert.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDcDCCAligAwIBAgIEP2f++jANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB -Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0 -ZW1pcyBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0 -ODQyWhgPMzAyMzA0MDkxNjQ4NDJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD -VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIFNlcnZlciBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAKEtuezvOgOTJTPmB23v8KLePxxxVEX3lykW2FXNd2hL2Xth00gSnLfa -T0ijqKf1F5zCwognSP+IsvFpLnsJ3URs7am2kAKY7JwgnI38mBdLB6HFC5T/A/jA -/3eN5ZQLqMzx/M7UUt7jEUqWIKBkCeE/rsrcb7rktZxF7bSF2OHwv5IEd9a/QgJD -8f3Z1bAAzc9K4zG9BwoxEAdh24ablmnjJuKRfUeTuUQBVmbS1TfpLnn5felTUUM4 -EDThWExNnSvhHhi5AuUb+ZTPqcmZaG13v6UeeiAixEosu9gVLBiv/E2CSheVzuUb -kEZmCr+sUesgVmerr3alLQ/eZqSq0GMCAwEAAaMyMDAwHQYDVR0OBBYEFDCEoV10 -BTs8Wpgf7t/dA/Y+tCUVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD -ggEBAERApyTlBRh5nw5QvJmOTByA+GOyC+cSQB2bbw+vkJPlFoiu5fX9NBW2DyTz -+ZQsIYDztUVL8JdQ8G7m/ycg9Chd1nCkhTfSgYEHlQMAJGeXYVucqg/PSxTZetMf -SkVnF2UEGUl7+cgSbzNbgegEQ5w9JKUeFZlOrnFuXDeg8FkvCvZ6skxkPO+scVVU -pdHRoh42UzsDhPA8qnpu+qZEsFmnTtIg3RL63gakuCoymxbvN3DI14YLC/5PWpA6 -1597tbUwE650/kYkwKqs+v1mkJaXrSmbMZ4nJ9OfV3AWu7a76mIKhfiWYBEP34Fa -RVpSDPO8UvxXGPINOuv1TmTl4WA= +MIIDdTCCAl2gAwIBAgIJAJYwDleGKNA2MA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN +USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz +MjIxMTUxMTlaGA8zMDIzMDcyNDExNTExOVowXzERMA8GA1UEChMIQWN0aXZlTVEx +EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA6c3CBzuy7/p9EH1OFx2O+bpBsaZLk3dWi9VaGgRhRMqPV/rR +5hOfZ1oECDkP2RhX/rEgaATS3simYXEApuLcEvoFUFZQzomb2dtSZUJnkhaQzYaL +zHaXZxggc9L8bhDqa4eKAatEEkvvT/u+DDq7l/88ATUwDdzwTg7YbcYbAe10rPEQ +vf0pQzuIFHWqMdYkQAjgBPF+gUgWL/DXRmqowtrwy8m5MbiRdRVuQV85nzF8RiV9 +cU0VNW4YMIcRFOsvKGb1muF8BDeXhrbiYLWddESrPtlQAaEqMv3VeU87AApNtwfC +wKHgtwoUa1pjr0hizocKHAJbtvoEyzI+v/tZywIDAQABozIwMDAdBgNVHQ4EFgQU +fI39SB/hKrHFXIQqijOWKIOk6FgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAQEAgnOTubyCsTUdA0lrInKKBHaXCZLhPhDqbQz6N21Oakh7oG7i8VDi +uzjMsbtKDUCgl65CBQ/YQNrvFRco9I+7/z3fgLmgPnmHX4lqkuKgmmEExNIiQgZs +nRg6eiuWS+5TD6d4FNoUwEcf5N1m5coiDBRh/8Qp53FyZb5gW9xjPoAP0/NmCQO8 +rXglv6sSPe53Aba1M/uxu8ZHGz4JvBEcSHQeMgBHyp8UsbY/u/k0Zxa3u2grOTia +zostUkgSZDfl356UFcpkzsJklAYUzEAzzAd4FksSo+zLKglPk0O1rdqyQAEgasSe +SZp2cdAB9sxCFwbWXoR4OL85AToghSNvRw== -----END CERTIFICATE----- diff --git a/tests/security-resources/server-ca-keystore.p12 b/tests/security-resources/server-ca-keystore.p12 index 7c60abd3a8..1b8df3a60e 100644 Binary files a/tests/security-resources/server-ca-keystore.p12 and b/tests/security-resources/server-ca-keystore.p12 differ diff --git a/tests/security-resources/server-ca-truststore.jceks b/tests/security-resources/server-ca-truststore.jceks index 3405b6b6ac..dde313b4ec 100644 Binary files a/tests/security-resources/server-ca-truststore.jceks and b/tests/security-resources/server-ca-truststore.jceks differ diff --git a/tests/security-resources/server-ca-truststore.jks b/tests/security-resources/server-ca-truststore.jks index a0fcd1e126..7d7849b94d 100644 Binary files a/tests/security-resources/server-ca-truststore.jks and b/tests/security-resources/server-ca-truststore.jks differ diff --git a/tests/security-resources/server-ca-truststore.p12 b/tests/security-resources/server-ca-truststore.p12 index 3fbfa40e11..f9241482c9 100644 Binary files a/tests/security-resources/server-ca-truststore.p12 and b/tests/security-resources/server-ca-truststore.p12 differ diff --git a/tests/security-resources/server-ca.pem b/tests/security-resources/server-ca.pem index bb00345773..49b31faf89 100644 --- a/tests/security-resources/server-ca.pem +++ b/tests/security-resources/server-ca.pem @@ -1,32 +1,32 @@ Bag Attributes friendlyName: server-ca - localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 32 32 32 38 33 + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 37 39 32 33 38 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChLbns7zoDkyUz -5gdt7/Ci3j8ccVRF95cpFthVzXdoS9l7YdNIEpy32k9Io6in9RecwsKIJ0j/iLLx -aS57Cd1EbO2ptpACmOycIJyN/JgXSwehxQuU/wP4wP93jeWUC6jM8fzO1FLe4xFK -liCgZAnhP67K3G+65LWcRe20hdjh8L+SBHfWv0ICQ/H92dWwAM3PSuMxvQcKMRAH -YduGm5Zp4ybikX1Hk7lEAVZm0tU36S55+X3pU1FDOBA04VhMTZ0r4R4YuQLlG/mU -z6nJmWhtd7+lHnogIsRKLLvYFSwYr/xNgkoXlc7lG5BGZgq/rFHrIFZnq692pS0P -3makqtBjAgMBAAECggEAc2t+UCiD39l4c7DPMy/2n3sNsL2LPsttiPQeGVuYnaxr -YkqMdXk2lwYTbo4cEaKWtSBXFA8l3C+1DOFocp1+wShMDRN6DxIZpjhIQ/lVpKCL -J5ImmB0CaBk1GBUaCSlMSO8lPauYaJosYMAfPxxEYvQqpIS00h5D21PMRFDxHeIV -gErw03eEQZUecxv2ek44kq+d1UFacYmcWr0nTPQyostZNbE66eEg5xVoeUVR8L34 -YkstuypEuBSAB/wn1jJpQL8oEjbFu3f6mlf2K5QGqJKqmniP8o6FUD94x9t6tExl -K/rbI+4ELZLXkkAVYI7dONpqduL+jHUY5ECsHE0uyQKBgQDuJWjCFk3MTk8tjePa -UtJpf2yXNbzTcXVRpjzV/ugD8gon2Xc7LBBpwXsVPPjsBFvk9sJ+9oQL+veCig/o -U9Ry8ucaQtlxtLJVfUMkXltpwdPV+4A2MyukdFooGzsd5jIMlBIP0ggxDT4r97dz -lZ8axPhHnm6UTl0fMCtH/ZJvRwKBgQCtQyCdrWo5BeV2AFTMvX48EoLz/OvwRLZo -0ZqSm3/tnNvQ/FuTjBsGzpF+bwkoz0Vi889hqvmk752bQ3LFH7KRp+t+yPUIOm9K -slqAzoCc+hWQGWRYA9yyTF+Ogpv6ATUGV+wnqp6Ccid5D/sTEod1hV3n7gYCk1LB -MCe4THY8BQKBgAStOWRuWbLEauujGLFl5PnrZa+Gf6HLXZlv4Uv2iInjS+3CaIQB -9oSNJySgoObJoyBY9DLYFnnBwPCQU4Wld8uWF5G9dFW2TbY+En55V+Q4yTcvjDIE -STweiNK2zi9lIOB8W+pxnnWQJANrBvA/JPO6oIGPi+5fp5aANKliQmjrAoGBAISC -VE2DNTwLQGSw+CnluseiuLh1dNS7GG6t73O0rXBCiPMaLcd4XaslDK0PqoeljcGS -Ccb+hhMYlwcJ3JraFS3EqRy8AHqchkUwhnsAc+iacydT5CRUP9O1CVfql/PqPG1v -jNMBcFz/hSTXjgQWJbdBmoIozjvmBGJvu9D92WcpAoGBAKCdf/OvxUUW8V10ahIZ -FmUdJNFrJZZvu5Zdy7jianasoXp5VAKK+T3E6DkXMcrEKTSmyZIaDNxIqFgvWotf -X7NtR7z6+dIfJfRFG07MhzZLozwXdAgpeyux2uef9SJYMxpgSu8Z6C/1YiBouafP -pYG5aE/ywMdqRttjTwS95j/C +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpzcIHO7Lv+n0Q +fU4XHY75ukGxpkuTd1aL1VoaBGFEyo9X+tHmE59nWgQIOQ/ZGFf+sSBoBNLeyKZh +cQCm4twS+gVQVlDOiZvZ21JlQmeSFpDNhovMdpdnGCBz0vxuEOprh4oBq0QSS+9P ++74MOruX/zwBNTAN3PBODthtxhsB7XSs8RC9/SlDO4gUdaox1iRACOAE8X6BSBYv +8NdGaqjC2vDLybkxuJF1FW5BXzmfMXxGJX1xTRU1bhgwhxEU6y8oZvWa4XwEN5eG +tuJgtZ10RKs+2VABoSoy/dV5TzsACk23B8LAoeC3ChRrWmOvSGLOhwocAlu2+gTL +Mj6/+1nLAgMBAAECggEACscGU6kH1ZIZY8Iy8FPXfGF+l77PqwuMPMPn9F0RUsd3 +lhmkxVNQPMZkezCOL3a0z7PAh6r5QXXEXaeE3SyF8oX96rcf4HVtbrxybuKBvbU2 +lZLHLPSmhAUTseMe6b/z3mMQFIWdjK5daLV1DEFE1nvYe0HFZk4x8ZczmNPR+OOv +tu9beDHTTKQR8a4WzVRV7zz4Z/B749pXdPYs+Hy9JxK49/LOmomIE/i+gr/dAkch +sGF1hFTPf4oSylmQk8J7Il/gV0+/fBJkWvnWx6J1IDI7WqvoPicNSwPaEfTfsCRT +ew7TG7vt+vur2R6pD9KUIudYzUzGRL31bycqFGTWqQKBgQD5gAsH5EwJW8+PSWf3 +AvX0Bk/QI/q7NA4kyI2zNHXRG2dynnItAYCWtnpgqsbTSvQeulWxrhf8JoN1m+08 +l2S01IYTx6IdjYaL9wMhvZVbeJkZeuOPNmDVwourO+8U4OD/55ss33Q72P1Rl7Tv +W/FfNns7WsWHsD/jPInQl80obQKBgQDv5QhnoLi1ma8JVrPVowr1tMYOszar4oTT +uBdN4Cdgx5QHkZvNJ6YBOhZPIqObHDbtj5zKglp7lNegFk7XWBCysS0sIFqAzHWF +eKLo7vLFyIqkwWVHRYGgcgsy0JLwOcS/1oQ2wPlMfaUjXQ0+5fiIQZH56uGD0X2y +SLJTPzyYFwKBgFPfTlX90e3HdlPVumRYE3RP9t6iabQqwKJu5OucNAryamkmiH1G +pwKDH0qFvkbjSINX4lzTiG6UR9bububSgeEkHFpj3sSOge9lPyFFiQLx3I2rOPo4 +rn7NYoRSpoFfQ2PjaM/B4mIIBMg79nAMeWyndO+0CPkfL6rk+/MqRKZVAoGBANPK +LVBnyYqyQqEJBb2vsuZXkZ+6wqKfWksctJ5RLhK4QE0qVRWbUmi04qs81poDH889 +wdvbl4yRTIiOCU7+9cb8uvfBHIWnfH24koL5KiZJNXXdM8/nYljHNnHHSGKDbds7 +xQAeADpyls+QwDfuiiupT/oHTs+0rLcwjRcHtjRDAoGBALADaNAULIqFLR94VTrK +D86aEVXX03RW7JnvwGFLV3z6rGB5LthB7u+7Qw/ywQ2sy2bEErf56HS5X87b2rJy +6Px3+GxkobfNJsvKrSKz27NoeVTUtntXqd9tYecNEq2LrpDhV3Yrim32sABTSLNH +jYmA2F+wbHfpeiGJu5XTNzgl -----END PRIVATE KEY----- diff --git a/tests/security-resources/server-cert.pem b/tests/security-resources/server-cert.pem index 240dc5c524..5beb564c7e 100644 --- a/tests/security-resources/server-cert.pem +++ b/tests/security-resources/server-cert.pem @@ -1,28 +1,29 @@ Bag Attributes friendlyName: server - localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 32 35 32 38 31 + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 32 34 33 31 subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification Authority -----BEGIN CERTIFICATE----- -MIID6DCCAtCgAwIBAgIEQjyGpTANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB -Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0 -ZW1pcyBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0 -ODQ0WhgPMjEyMzExMTMxNjQ4NDRaMHExDDAKBgNVBAYTA0FNUTEMMAoGA1UECBMD -QU1RMQwwCgYDVQQHEwNBTVExETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdB -cnRlbWlzMSAwHgYDVQQDExdBY3RpdmVNUSBBcnRlbWlzIFNlcnZlcjCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKSO+QRx5W1uY/azvD3nFyVCygTDHZXG -DKa4g8Fkrf9ltn4pe6peuu3Jdq+7NRq/mmy5RJKu3wfQIEHj4r+bfudT2FwUoUPt -GD3wa3gJR2k30cPLASqW5I65i32BzyTkdo75APfC/1CwtnYgwYdG8mktF0/G0m2p -fK4BG8BoMTAcZ/pWrjcyOAk940Q7oC+dl96Dkpd1I6vTwUfyup1RMvTQkpa8Lc0K -lplKybKEYPQJCzPaLuoXTk11XgCzGTHAyHJuXWmXtsrAZnDA5stoGCQW89p+kxrc -3TzaiuKcQEpATK7BMNocFrJ1+LEGUFfK9x8DW9a4zoMLTUUew7KhaSsCAwEAAaOB -lzCBlDAdBgNVHQ4EFgQUtag+cMyaaX/xPcjSSPqs9agB/9IwRwYDVR0RBEAwPoIJ -bG9jYWxob3N0ghVsb2NhbGhvc3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0 -ZXN0Lm1lhwR/AAABMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUMIShXXQFOzxamB/u -390D9j60JRUwDQYJKoZIhvcNAQELBQADggEBAD3CHSQkBdh16Cfrc984m+7czhwF -ZMupsCz+EGgvM/PIYSZLHbsNKjKOKuTiHXwcPFuT2U9mhU6f1XKw9cHIKCYjfRut -xgq4q0Vhu6ARLmFdCLQUFx4G8WwBRW+Mi3UuYuK5GPA8ZRbg8wPjfLkmF9Yr/c/g -+FUNUW9MuAqWPnnXo+gOR60F5DBNdiaOMR9U060jjiMMyDD6a/HB53efDVAsbNGM -wZNScmqbv5trh9BLIj+VSprPvOH3ScvxFtBu8Pt9gho+2RhEd5Ry7h5hzpI8rO2F -1x9vPmkvyg8Wlz5R1Wy/myIsKxHWY6eihMGxvipfn6vbuWzq3oJhuYohJBs= +MIIEGzCCAwOgAwIBAgIJAMPESNFBct/0MA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN +USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz +MjIxMTUxMjFaGA8yMTI0MDIyNzExNTEyMVowcTEMMAoGA1UEBhMDQU1RMQwwCgYD +VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV +BAsTB0FydGVtaXMxIDAeBgNVBAMTF0FjdGl2ZU1RIEFydGVtaXMgU2VydmVyMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTbxTDdSdRIrWcO0v2BYBQbN +doEiAM8S0+PyJemqlYqpp43OSdzvoWkwa0lWforogCNljohJYUwQ/omSaDdP0Y16 +SMylgDpw8qm7j1z7uLPbbXKdzRIVSPmOvQPMZDl3FE9QOaUlcJU+6NShIQll/ken +t8+EvHVPz96YduTxY+UROJ9Z0eiwHGmDIHm/2fEiqWXsbhq81DWhvOkzdtYnVST8 +BfZkx2DGiLph94KV8snQJGWnTzicVO9QQWJVQcF6aQOXguxRIW8b53UdcM0d9mQ7 +LjbEl66Pz+wPo7GiBhGRHQ9Gpk+L2fE0iy0Ws1Xr9JNIPpkQyxgFPPbqzPBxMwID +AQABo4HFMIHCMB0GA1UdDgQWBBSrmXLlIK7Xh0xn+dfw4I0q+1nTczBgBgNVHREE +WTBXghdzZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxob3N0ghVsb2NhbGhv +c3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0ZXN0Lm1lhwR/AAABMAkGA1Ud +EwQCMAAwHwYDVR0jBBgwFoAUfI39SB/hKrHFXIQqijOWKIOk6FgwEwYDVR0lBAww +CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBALseu8YBowlLbNfhxVTpdeSt +AJy4geCC53uLe9Pft3UydLDCFaMtciSUuieb25R+vMipRyGUX+2ovTsI3nGIhWV9 +F8jWCTXM9SGe8tUy6+GPkmBRI0Y0eakihDl9FH+JvQJO794cK4mXZFOqVuFadfye +eTT1Bmj0225HrAEV/d6lNcEOxLZkqXy5VYyptejCsV9Ba2S62227KJVixrDuVa23 +bRhP7YHFRz1SjxSKEJJHDyU6jZL9/BDjcviom8QTfaGjjRFyHsR3KGetLKH/9tjS +9g7XLPiRzz/qnqdesoXC1H4pBLViFbxL+FvkDnD1KDEybYmLm4A+A57wEAv0tRw= -----END CERTIFICATE----- diff --git a/tests/security-resources/server-key.pem b/tests/security-resources/server-key.pem index 17f801be5e..2370041c27 100644 --- a/tests/security-resources/server-key.pem +++ b/tests/security-resources/server-key.pem @@ -1,32 +1,32 @@ Bag Attributes friendlyName: server - localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 32 35 32 38 31 + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 32 34 33 31 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkjvkEceVtbmP2 -s7w95xclQsoEwx2VxgymuIPBZK3/ZbZ+KXuqXrrtyXavuzUav5psuUSSrt8H0CBB -4+K/m37nU9hcFKFD7Rg98Gt4CUdpN9HDywEqluSOuYt9gc8k5HaO+QD3wv9QsLZ2 -IMGHRvJpLRdPxtJtqXyuARvAaDEwHGf6Vq43MjgJPeNEO6AvnZfeg5KXdSOr08FH -8rqdUTL00JKWvC3NCpaZSsmyhGD0CQsz2i7qF05NdV4AsxkxwMhybl1pl7bKwGZw -wObLaBgkFvPafpMa3N082orinEBKQEyuwTDaHBaydfixBlBXyvcfA1vWuM6DC01F -HsOyoWkrAgMBAAECggEAHVKUsOQSu8M18NnqKyWojC0wjlSuSuf1jSfH4ogsMRxQ -vn5p2Nv0dza0/W9gcRm/TKxeubyLZXsCpHsVBouQu2vHW/EZI192OGNE4yjUHr2h -lT/xP0OQCpapcn3VCX/kWGmqcHvAvwIeIUKI+a/8th0g0EhfascOvnrYFRr72NSN -I33OaYITuoCIHGytZb1OZeIUi2d9IUfy5nWoh2kqm5jbWY11rpzgTFhSu0zG3CI/ -fKGGX9pNnsiWf2Bmcqa8lru94e2HhNDVWlD8gukzb7jX9TcS/aEJWYRbAlWGiOt8 -XOalszJja/NVvPdvdXiV7MvIU3A2tdkzLlVPxjsWsQKBgQDrg1tqRMchd8jsBRSg -88je/uDEtu3PNOPHKzh7dfPAFcrF4WCijdboeC35GLTiuw77hmOk0yWbZG0SvH7s -vRcdC6t057251RqJbqVJPn3wz3H0q+aEwjnSvhH2b4aGwyXyQqbb4siq+ZEpStQY -JX9pBHYFbi40bg29YNyUq6Qv5wKBgQCy34bR+EhWWOTAmOHFykMHSGkY52lJIt3S -bNxKh5BDMmyMEx7LTNMpWHkJhHg94n5ulCS0wzuWCaWpqVSIon8oipLuK5TFnzmy -2YupCiMN7NyYzplHdVqAxZi8Sa9rbvHm1+QVtDM58+8Thlnum5r33exons6v3uPY -8cuV7+ikHQKBgQDVtfcoMY05c4chlWKow0+N+19fYlfd5TKkszWn4trzfVLpyaB1 -IZzYiuW82oyaCgCIgeS91tSTc8f+booGrXfh5YsKpJfnn9daysq18j06XiQcUDj4 -U39BGzUVmRJMC53NfmoHsn1BmQH+pGZeGvjJBUFLoDXRYeSZ6uF/D1oIFQKBgBkJ -SmCXROC5HoOKoodBsTISw4sV0NnIxI2QaSERanLNWv4cKwI/pYqy9HYNkZrv2cx2 -ddDLRsrQXNyrc8aQIAY3pyso9HDYwYW0B2VIovFvBs1olXG4DkvZ3G/2TFRYOgma -jDUxfL4O05bDBlFsfDtXV6CpIbriErgp19oLs19NAoGARVSkf/gSzEY4wBHceIf2 -AXUokS0j7u2grSlDYjrf4CPyUsG5jJ8r/vyib0VIHD/PNyl9xcupU8L/ahpDRy3m -iB8g2ptqffdnsLVVGnCdfbla8+gid+0a21lQf5Ioys9VVkK9gepDqh7RwQ41Cu/8 -OJOFKUcKv/il2LZwTrqnB9Q= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVNvFMN1J1EitZ +w7S/YFgFBs12gSIAzxLT4/Il6aqViqmnjc5J3O+haTBrSVZ+iuiAI2WOiElhTBD+ +iZJoN0/RjXpIzKWAOnDyqbuPXPu4s9ttcp3NEhVI+Y69A8xkOXcUT1A5pSVwlT7o +1KEhCWX+R6e3z4S8dU/P3ph25PFj5RE4n1nR6LAcaYMgeb/Z8SKpZexuGrzUNaG8 +6TN21idVJPwF9mTHYMaIumH3gpXyydAkZadPOJxU71BBYlVBwXppA5eC7FEhbxvn +dR1wzR32ZDsuNsSXro/P7A+jsaIGEZEdD0amT4vZ8TSLLRazVev0k0g+mRDLGAU8 +9urM8HEzAgMBAAECggEABHWIX301vx7kYcHZ+HAiIUBTSovQXtLRXrisp1pkySRE +LqgrtoReOuYgVsxxw8VV7mJgahKDkt9JkLm+wNOKVJpUQbGv7nWQo4fT/ZRLR3lE +gPBQa+zy6uPeUqK27HXVK6u1G4vmYwdqwl18VTbpL+CnT/RpJJKi6HTf/ImZ9yC5 +JH4F8WJaMDaEuoZjG5NK7j+elxYCaWirf+qimX6vqOSpttH2+hYuMkJpL04ypddU +y+SerLAKJHSDquTwiG0vQugP90FDMELBrO6dpFhfA2jR9+yVglPBY5N6VwUZqUca +cZgjEwbTjQlNVxlvgvv2QTOfb+vNrK9z4qiShUJMdQKBgQC/r01GNTArsbvgW3lq +H65gCGI/hy4WSLDZH+NFaX/gfsrbQ8FScQ1lHd9HVWMZcRGPYWmR4GqQgI3SfCsH +joXQElqj7YHucrfJ9q4dyvITjdIYPcrRB6l5ZZBWxLrXtGEg8ynP+a7WbDx5YEvW +FKk5tf/3AC1ZJBFRHqW94F2YnQKBgQDHR65u7UQsgRGB9IAF/3xnUjA0Ok5K/eGZ +8BK80mntvxvDoNowEUn/ZBw0v1o/ZMULd5Mc6JnIlC48bRoZTVB9S9V5yJ/8Irr9 +BKxCHsNE/wrdf72nwtUWgLo89LxF26/SLArj/ma6SGgmXUx8wgkk25Ow/B5CA0rc +XP/In96ADwKBgHJX6iq1U7Tc4wvkxTqPB3/1wFXRF6bnWcdLhFFFq6iJOg0uD8ZT +9f+ZoDV3NBRbJHR5UXZZfngQl4k11J0/YYdLS5J5/YX2HLh3VEolY95SPT+ErNWg +UnI+Kan41NQTn9T9+LU9ZhQ2oKRu0w4zaPcqIDSBgIuqPkI7m/b2Ph7pAoGAIXjo +07kGunLzfeCToG5JdxFXB27Dt9TtD+5DN3QgVs7C2xkpjOlahItMMY/ymLNUZZiw +HSr0qbw6B+xLdfSGkIUsVkhclv0+a0Fdrb19DxnHuWy7bnJLWHxGy/ZPqWw9HBBJ +xAH3P1LqK4eAUXRGFOrM4+11J6Fl8Z2tWQWBWgECgYEAoeW1KURlRQZAiNs0zfsZ +R/8+t1bo0igvt+wVewfam91GRX9hj2eNYyYHbXJe94Py0/ny+jJniNMCVpJ+mlY9 +kx9d9fd9zLBu0M7G5f6MLRgUzgxFytIc5X42KatoOepKYVycrjHw5BtulakhQmVn +B17jc9DMyEmdIBNvLXegSfQ= -----END PRIVATE KEY----- diff --git a/tests/security-resources/server-keystore.jceks b/tests/security-resources/server-keystore.jceks index 390887814e..4950ede5a8 100644 Binary files a/tests/security-resources/server-keystore.jceks and b/tests/security-resources/server-keystore.jceks differ diff --git a/tests/security-resources/server-keystore.jks b/tests/security-resources/server-keystore.jks index d4db133c0b..f67334a278 100644 Binary files a/tests/security-resources/server-keystore.jks and b/tests/security-resources/server-keystore.jks differ diff --git a/tests/security-resources/server-keystore.p12 b/tests/security-resources/server-keystore.p12 index 88ec78e540..677631e33d 100644 Binary files a/tests/security-resources/server-keystore.p12 and b/tests/security-resources/server-keystore.p12 differ diff --git a/tests/security-resources/server-pem-props-config.txt b/tests/security-resources/server-keystore.pemcfg similarity index 100% rename from tests/security-resources/server-pem-props-config.txt rename to tests/security-resources/server-keystore.pemcfg diff --git a/tests/security-resources/unknown-client-keystore.jceks b/tests/security-resources/unknown-client-keystore.jceks index 8decec0f64..21a8dd91be 100644 Binary files a/tests/security-resources/unknown-client-keystore.jceks and b/tests/security-resources/unknown-client-keystore.jceks differ diff --git a/tests/security-resources/unknown-client-keystore.jks b/tests/security-resources/unknown-client-keystore.jks index da7ddb73ad..0271247509 100644 Binary files a/tests/security-resources/unknown-client-keystore.jks and b/tests/security-resources/unknown-client-keystore.jks differ diff --git a/tests/security-resources/unknown-client-keystore.p12 b/tests/security-resources/unknown-client-keystore.p12 index 1f85b64dc9..d4e2d7ea8e 100644 Binary files a/tests/security-resources/unknown-client-keystore.p12 and b/tests/security-resources/unknown-client-keystore.p12 differ diff --git a/tests/security-resources/unknown-server-cert.pem b/tests/security-resources/unknown-server-cert.pem new file mode 100644 index 0000000000..baf3c288c7 --- /dev/null +++ b/tests/security-resources/unknown-server-cert.pem @@ -0,0 +1,28 @@ +Bag Attributes + friendlyName: unknown-server + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 38 31 39 33 +subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Unknown Server +issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification Authority +-----BEGIN CERTIFICATE----- +MIID7DCCAtSgAwIBAgIIeFmpOanwEvYwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE +ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R +IEFydGVtaXMgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI0MDMy +MjExNTEyN1oYDzIxMjQwMjI3MTE1MTI3WjB5MQwwCgYDVQQGEwNBTVExDDAKBgNV +BAgTA0FNUTEMMAoGA1UEBxMDQU1RMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UE +CxMHQXJ0ZW1pczEoMCYGA1UEAxMfQWN0aXZlTVEgQXJ0ZW1pcyBVbmtub3duIFNl +cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqXcCJgZMxVl8Gl ++XV8plYpVJ8FjGYfo6VfZoE9eDR7gl+w9TzeypyPL8uv2FF9jTpDpHQe/9NOd2hW +qKGo3ZxjU/qTrCE/IcUxUkAa9raS59ZUg2qiqExQ5b981d8JUFnp+EYDqeQbbU4W +uOlRgH+TORHlLMh+D2stvJDpa+XDUR/QjnHktNzrW5LLQ/kjiFqnsyurxN4HaCqL +53kenZewlOpHOt513XuWEe6jdKD1zS4LYwI8keGqhF1p5qB/03vycdODLz0bcUPD +tvLM0ZZrOJ0PlskNN+JCdA/10a+XMzWFti+N4B2rUbmk5k+IXC9C+B4C+xr63Pv5 +AoLXxjcCAwEAAaOBjzCBjDAdBgNVHQ4EFgQUxSGWcqxYAQASz4Mb/qvj7df0VSQw +KgYDVR0RBCMwIYIfdW5rbm93bi1zZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcTAJBgNV +HRMEAjAAMB8GA1UdIwQYMBaAFHyN/Ugf4SqxxVyEKoozliiDpOhYMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBgMnAetG3I+hYLtf7HFZgz +P3UaIa3iVz97eWsqC9PVdpPUiOFd28NmGsN2otgrPsM8DMEQ34jTDCs8ADzPu/dl +LTz3iBoypbNropHWxX9g/p9evs2KTME8KrkTICyfKy6aQYrYeEmYrPWCZy24uPSq +6LN9vrBEa8JZid6oRUiowTMvjUe/a1RPcexw7KMlqooe9cwgn6Pl1LaWbQ+iCNfw +uTs0Dzu0YUjQDG8wsPl+ZLC/y8CkntzlEt+gz1l7QNi166X0J5sbsNCtDM2L+L+P +43RhW8txIDXo5A0ooxScYbAiHyfwL1VvtH55GbPi4JEplg89Y+K2sAwSENNq8RVO +-----END CERTIFICATE----- diff --git a/tests/security-resources/unknown-server-key.pem b/tests/security-resources/unknown-server-key.pem new file mode 100644 index 0000000000..938a7a1e54 --- /dev/null +++ b/tests/security-resources/unknown-server-key.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: unknown-server + localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 38 31 39 33 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6l3AiYGTMVZfB +pfl1fKZWKVSfBYxmH6OlX2aBPXg0e4JfsPU83sqcjy/Lr9hRfY06Q6R0Hv/TTndo +VqihqN2cY1P6k6whPyHFMVJAGva2kufWVINqoqhMUOW/fNXfCVBZ6fhGA6nkG21O +FrjpUYB/kzkR5SzIfg9rLbyQ6Wvlw1Ef0I5x5LTc61uSy0P5I4hap7Mrq8TeB2gq +i+d5Hp2XsJTqRzredd17lhHuo3Sg9c0uC2MCPJHhqoRdaeagf9N78nHTgy89G3FD +w7byzNGWazidD5bJDTfiQnQP9dGvlzM1hbYvjeAdq1G5pOZPiFwvQvgeAvsa+tz7 ++QKC18Y3AgMBAAECggEAUG2gZyD3seAfFtiNC6hcJn2QPS9uEkMHDexuSb0OSEkI +rGihfMhnu045AupcKtwceQXZKDiIezOyYqYf7/bS92sVMshehMIqs04MLxewSohO +KGOrddaBBsxEC+MqaQYhvXANlVhU7b8owWUn9WItKlByZBVN1WoJCWDgi/IhkRp/ +G2+II+PFNV7f5TrHzEdqGV+joaxEKI9SXGfpkgrQZaj1UKwKzwr/uv/kIcNjVRxv +mdlvwhrFWIE5bJmIhc6/tdAdj+IoYHgcy6xMcNRORJlp8JO2LzIFu14nWK4Zzlo+ +ayaP5xvSdlJxLNW3HVZqwEhdKlrQUH6nEfoMi5pLMQKBgQDD28FoCf2TS7/a2aUN +/7WV988XWMN64GbfLUn4RmRkBSjiYO8X5NQbj9D4jUYf0CoJYqLCFyAO8KX7F+rq +nutbla10F4KZWZjRyLmvtJYJynBEN2yfWFpcJtg5PKUQ3tP76UQNZIbeS3ETQj0L +PEPCB4Tx5W4v0uOfKIj1Gew0KQKBgQDz4zkaZQD1K3RMMDZXZ41fEBCPH/JXMi8T +hIAXuZtT4De5HnqRojpgkKb5l9Cl1jnyTK5+QBVdyJ89JBV2VaqRCHsryfFN3X0M +GlgLWNmsgIowIGLKLM+0RX0b7LQwZSN8jqWWp0Uo+AlCCNHgLUWZJJsO2dE5aZzH +KK0i6vJzXwKBgQCX9cj5j8bOodcZVgRZ+CxLTxm+Y4BHthQa1Giv2O3LLLWr7smT +IFfxioP4VKQzyq7S2VSugoK9FLmzN7tsjiDNzjPl/te1Y27OVY68ZMCEmCzCwL3m +ZAa3uOvKfOMVU83lhfbm7Tg3ARGaf6odLYTk5jCf/gKf2GAC/NBGWvaJAQKBgE0D +iKmsEXRaB3xzkQVivsKxGPmJNgaQ40q/gY98Xe9Lk20SkdPhLZwGsaOJbCqiDmRU +EJnvdI/L5XTyKxDWFml8CyEVwOw8r9sdioXyxbHyWTC/WVLMeb5MXyhtQ60wktcn +WGTNZ0p7oLjIfjXTNfIZHBnBcI83qXk+gAXRuUPzAoGAc+ztGl8U8A+z8HxyMQfD +N8I5+G/bwbaIyCxRJxDlRgjf8fs86TzUcj8e4IhRIw97+WlL/9waJl6iuo7EEnap +aeTViOKjpfBvhpffurtde9/Ql92f0KDg2Lyt08t1NBzNxM9O3XC6rdDJGOZJQzPt +6LEldRv0hMXPf1sHX2qrG3E= +-----END PRIVATE KEY----- diff --git a/tests/security-resources/unknown-server-keystore.jceks b/tests/security-resources/unknown-server-keystore.jceks index e3f219a73e..041d50f822 100644 Binary files a/tests/security-resources/unknown-server-keystore.jceks and b/tests/security-resources/unknown-server-keystore.jceks differ diff --git a/tests/security-resources/unknown-server-keystore.jks b/tests/security-resources/unknown-server-keystore.jks index 8540110c02..88a23305d2 100644 Binary files a/tests/security-resources/unknown-server-keystore.jks and b/tests/security-resources/unknown-server-keystore.jks differ diff --git a/tests/security-resources/unknown-server-keystore.p12 b/tests/security-resources/unknown-server-keystore.p12 index 050f2b1b3f..d5b8d543ed 100644 Binary files a/tests/security-resources/unknown-server-keystore.p12 and b/tests/security-resources/unknown-server-keystore.p12 differ diff --git a/tests/security-resources/unknown-server-keystore.pemcfg b/tests/security-resources/unknown-server-keystore.pemcfg new file mode 100644 index 0000000000..d8782dd6ed --- /dev/null +++ b/tests/security-resources/unknown-server-keystore.pemcfg @@ -0,0 +1,2 @@ +source.key=classpath:unknown-server-key.pem +source.cert=classpath:unknown-server-cert.pem