From 3602713a7e8b3488410174c513480742e0427c4e Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Wed, 23 May 2018 13:12:44 -0500 Subject: [PATCH] ARTEMIS-1882 verify PKCS12 keystores work --- .../ssl/CoreClientOverOneWaySSLTest.java | 24 +++++++++++++++--- .../ssl/CoreClientOverTwoWaySSLTest.java | 24 ++++++++++++++---- .../test/resources/client-side-keystore.p12 | Bin 0 -> 2589 bytes .../test/resources/client-side-truststore.p12 | Bin 0 -> 1194 bytes .../other-client-side-truststore.p12 | Bin 0 -> 1202 bytes .../resources/other-server-side-keystore.p12 | Bin 0 -> 2605 bytes .../test/resources/server-side-keystore.p12 | Bin 0 -> 2589 bytes .../test/resources/server-side-truststore.p12 | Bin 0 -> 1194 bytes .../verified-client-side-keystore.p12 | Bin 0 -> 2565 bytes .../verified-client-side-truststore.p12 | Bin 0 -> 1162 bytes .../verified-server-side-keystore.p12 | Bin 0 -> 2565 bytes .../verified-server-side-truststore.p12 | Bin 0 -> 1162 bytes 12 files changed, 40 insertions(+), 8 deletions(-) create mode 100644 tests/unit-tests/src/test/resources/client-side-keystore.p12 create mode 100644 tests/unit-tests/src/test/resources/client-side-truststore.p12 create mode 100644 tests/unit-tests/src/test/resources/other-client-side-truststore.p12 create mode 100644 tests/unit-tests/src/test/resources/other-server-side-keystore.p12 create mode 100644 tests/unit-tests/src/test/resources/server-side-keystore.p12 create mode 100644 tests/unit-tests/src/test/resources/server-side-truststore.p12 create mode 100644 tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 create mode 100644 tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 create mode 100644 tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 create mode 100644 tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java index aeb7524455..6217dbdb6e 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java @@ -58,13 +58,18 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { @Parameterized.Parameters(name = "storeType={0}") public static Collection getParameters() { - return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}}); + return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}, {"PKCS12"}}); } public CoreClientOverOneWaySSLTest(String storeType) { this.storeType = storeType; - SERVER_SIDE_KEYSTORE = "server-side-keystore." + storeType.toLowerCase(); - CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + storeType.toLowerCase(); + String suffix = storeType.toLowerCase(); + // keytool expects PKCS12 stores to use the extension "p12" + if (storeType.equals("PKCS12")) { + suffix = "p12"; + } + SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix; + CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + suffix; } public static final SimpleString QUEUE = new SimpleString("QueueOverSSL"); @@ -97,6 +102,19 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { * keytool -genkey -keystore verified-server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" * keytool -export -keystore verified-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore verified-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt + * + * Commands to create the PKCS12 artifacts: + * keytool -genkey -keystore server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt + * + * keytool -genkey -keystore other-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=Other ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore other-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore other-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt + * + * keytool -genkey -keystore verified-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore verified-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore verified-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt */ private String storeType; private String SERVER_SIDE_KEYSTORE; diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java index 609174e00f..9c814e93b1 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java @@ -58,15 +58,20 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { @Parameterized.Parameters(name = "storeType={0}") public static Collection getParameters() { - return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}}); + return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}, {"PKCS12"}}); } public CoreClientOverTwoWaySSLTest(String storeType) { this.storeType = storeType; - SERVER_SIDE_KEYSTORE = "server-side-keystore." + storeType.toLowerCase(); - SERVER_SIDE_TRUSTSTORE = "server-side-truststore." + storeType.toLowerCase(); - CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + storeType.toLowerCase(); - CLIENT_SIDE_KEYSTORE = "client-side-keystore." + storeType.toLowerCase(); + String suffix = storeType.toLowerCase(); + // keytool expects PKCS12 stores to use the extension "p12" + if (storeType.equals("PKCS12")) { + suffix = "p12"; + } + SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix; + SERVER_SIDE_TRUSTSTORE = "server-side-truststore." + suffix; + CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + suffix; + CLIENT_SIDE_KEYSTORE = "client-side-keystore." + suffix; } public static final SimpleString QUEUE = new SimpleString("QueueOverSSL"); @@ -91,6 +96,15 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { * keytool -genkey -keystore verified-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA * keytool -export -keystore verified-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore verified-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt + * + * Commands to create the PKCS12 artifacts: + * keytool -genkey -keystore client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt + * + * keytool -genkey -keystore verified-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore verified-client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore verified-server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt */ private String storeType; diff --git a/tests/unit-tests/src/test/resources/client-side-keystore.p12 b/tests/unit-tests/src/test/resources/client-side-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f36af7cbd95a8103bac5958a2491f87fcb76e6aa GIT binary patch literal 2589 zcmY+EXEYlM8^;rgh(yq9G|>{&RwSe~YL;qM%u-sjM$`yJUHg_;MeR|u7Zn<_U=V$)GVdA-uJxkz2|;-&U4Q1|9_s3KMVr$bAHm37AJ> z{s1O1H=p4~42jX{UlF4@n8avuh7HdK4}t&hiUkH_$RmM|FeLCkMjQhBKR$bY0nB*? zlHz?4|0CAjZr(_ExR3EAAYq;X1o&VGCV@MHqx6OKWUdefQhBuMr81{COgsH4=sct0 zDVW>o^5gf5?&?0IA1yydW$y;^XU?Rzb+v3?o+n(5*r0CC2+Suy!c^CH`Daw4zRmuc z{E=N*{OOS@gR@9+dtzLE_@{Q$U<1CWu6#;3qJ6h3QKBq%ByJXM$~!qk6*N6c(2E;O zzv%o<=tO*@8$-56lbj;DI*CJz-whr)%fb zw2v2}77QW@f{Z96SRS)kDMf%qcB%C)ue?P9Oh=grQY-Kn9l8%-nd64or2R1->| zy$u|HX<@ch&Ae@GPuCFQP{}rPBXK0TnFC+k&b_(X=paT^k5ZfT*0~pteFL_%PL|&> zQzM{7ra68Kx)YMGd#R`%G38}b3!<-Q(JZ`mu2@z_4FyHcHm zbG^=flu14(3y3Xbxj8oDV}p=-yo#?(ylzl+8A+p)*?>KTwi_Aivco>HELIN$d|)0x z?E}mApZd{`Rft;2S5Q=)gFENd6z+}k@G!qt9%Lz|$q&UXZA#=A6MPR-K=$Bl*qK(; zK~SZt*`E&`HXCZLE>)spqm4gV|Gu%^Q{_%f}Yj+X5EES4s)sr2t_NlM|HeQl#qnkOU)ZWBH4Aa z*EI))1@ig$9CVvDG8;=-QJ5n`_NsS@pm3_(fFRu0xbTLn#qdgamULmXSZk0K>n>Na zb!q>K*_OzZ-!fGxj+z?BI>Ov17_XBqxEpj#pQ*i8oi-d?59XHDhKS9*4X}uhHni`1 z2MwsRMQgsupVM_$!_P-o6!bCt*2*3*dUb!^tcHy#t|}Ke6D{(9a3Dw^${mTR=}Pq5 zo3#!4_R*i`PQz8!4I3za$!42}xmDGlUa{Y3j%Sfg# zLj+$y-BH&$1&5{bW}j0WvMk1{RK^^6&G+ER+dfgV{X2TNrGcnna$mp6%_35=uLV>v zjo3o0+laYd@yy$@z^!V(7s zH`gM%fjHa2*7{qO=C8w(Xp8IdJ3AB0j%jckxtSlEpVX@?3-#I`6(fNr z{I04Z85tyZL1b$}NBg^E{qUb!Ds{fyOVM#1OliTP{KwM~zXs$4Ca4MNs_QY$%x?VA z0wx*1_@%4y@v$tCs`1v5CM2!Ra*{1=BZdB!!byna5VpUcb&uynQCQqA!nMFDa~7+L zLH(^tW=<>%9}GYQ_yb%4jsSm*z&{ZemJ|Goi8IlWAA3bs9-}C)ASbV&h&@v${_heK zS+@=i~S14v7|cuYI?wH|Zz7H()iIEcdBS zblK7#Yq;4p%L;0`Kd8&7Vby;dh1FDGJ_*JZz8p09X**3t3;(q1`t!LbC@EhN??YoO z*zNf`&n;=#7H;=3TSavsng;c=hyElJu-xpDxJc`kQ8MFV7396;Hv9Z>)leI%ckv|L zN0iRVwD>xAufEHmp3EQowQX~hRo_#3?Za5lKzRQ5ZguT8+>!OS6eER^(k9KeOv(~3 z0(pB{Op8zi?%pBh*2+zOS>*pw?cb{o>!`s9098FdzPd%yM@HN}A-M7->^U3vFJCZ! z1b4IP8$aiS7cP|VpVd#KVF(Rk)QPWFI$fDs{4DUjp#}HwBd$WqlVHPO^~(|-k8p@o zj^%5$<)kT|fRio{j|lMGm%GF{?mz~ShD$NmlbwES`|sD8(Y?i04bpW<#O(@S5GhE?Oc36+O|5l(PbR$ z2UM_=Uft8n{W3l`qFud~`a>buN?Pj>hi>IlB|w&>dy3HyHgo!^^&9Zk~m`dMi(ClnRJ zy?b=J9e#c%nqTnK4hFw;jX7h~IGd~E%gM{S+LV$ZkL~f^!;#1GLaiX+2rGJzD+!g- znYnEdc~p=wH=P=MerFfBXHb`L+ah#Bm4GGk6@T`_udymZF4eW>ziU!&*U8)BO(}j7 zF#EgXTRGFxveLwH|03^^tl_L?zx028pM+Y5Yh-eF=5vRXS3iTwEgJ z6Q#SHU|tKJ42-+t95qYe51AgpDJf-59AwkSdml*CLKu+8W)q?pURcnqB=7i(ewV>n!{~PUrvtwDNWXHj04`Ge4rdKZ7U-Eu zj?6hv1*J?rP#2eKRp8M|dNxuXdnVnZl(!cvHhOQg4z5xm$tu=CyrN2|YY3ippZM0fLI$g60 zB+nW3aUnxW#;r0P%1%Y;OTIw)e2gka0K*Jnlw<`l@Gt_voDLUyq^YdP;G1T*H70~Y lUtWDuH~{AKF#I!eEL7BTY%xCP-u}&~PK5Rc1`seZ?=KUt!zus( literal 0 HcmV?d00001 diff --git a/tests/unit-tests/src/test/resources/client-side-truststore.p12 b/tests/unit-tests/src/test/resources/client-side-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..de15aa4b6afb8d2cc06b0c0b5c227cf41b829d81 GIT binary patch literal 1194 zcmV;b1XcSmf&``l0Ru3C1YZUTDuzgg_YDCD0ic2ePy~VmOfZ53NHBr~LcDHbZtwlZ83N-Xw;@3 zf!TXFit$}leWy)@^XKWkbqJzMhODZf?6zPq?F@JQTZ>Z8t`jYBK#1Haq z(#4}W+^$!ZW0u-clj)BmCt3A7=*s@r(?rfa=#&4j`Z9rOfKmlRJVn%1o>NOVUu`14 z&H}ddIGgM#(Prb9@pb}$%NqEO3zhEg!FESa7}Pag^*c4l5A3%8UfQxmWm6qJoVxsC z==Z^-7#~G!*hC+w$W^newlIVvlyBY!7cYnzq>lX|zPv@m-&CIOdNCeMFY$NtumHpV z8cLjq81o@ZF;6}$TPWMbj05XKvOj26O(LQ286$e{aD#KoaMr7Jh;wRlQv^@x;dB0u z&DZS|NFQ$xRQxT5dF1kl?Eh7BOGVu05dC}W!6~z7hkrNGl1mkJ;ziUmuI+`Yb{*{c zi(hX;%QGCVE@sVrU~~@W9ek=Hu#I}86A6?j;)FI38K1JFbv5gMU!!&oEeiEU_|bM# zYUZ5IIrtt+7~uSQ-75`Wa@hQLPSz(UPCQbFT#e5G%8s=0r?j zb8T9}pIJsz81Q1f^mGFo{>zYL+Lwn+_b&7*@&tv5>iFf6_}dJ6r*qvY)7mP*V^ z&gh)rAXTI}*xFmdokwcn|0XLHA+{E5dO52pES2}Iwb=u83yL5H6(iD;UJ$YoF~{s` zr1}bw)oLzpuGB9)K3Yg26OBxR)X_v$BbRxW$Sy6fab;**p~^hwNrhg!vHSVpbk^L|z#>=P*7nAutIB z1uG5%0vZJX1Qe(pgpIMq@~Jp&Tq?_w|Mp7bzW4+b^m;X!o9Ky{Ci9-ggFSMH#tx?v I0s{etpl!@6761SM literal 0 HcmV?d00001 diff --git a/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..4f06c036645c56b2bf165e85effcd1b6313621f4 GIT binary patch literal 1202 zcmV;j1Wo%ef&{Jt0Ru3C1ZM^bDuzgg_YDCD0ic2eSOkIuR4{@BP%wf7Oa=)mhDe6@ z4FLxRpn?QFFoFa*0s#Opf&?-K2`Yw2hW8Bt2LUiC1_~;MNQU!XwS_|_Hu6;gYea~ZCA9NxBOM5V@ic6{>$UW3T=^pMCdUs*MSkYdDr26;s zG)RHU)mlbF&oV)rXTCquI5)^z9Iww%np3rR_rK1^fab|sX9y#hHzrD)zA%H>+)N`K zFGO0VMbQ-yg*L%fK!yl!*#${CW$ZzVzvQtkZ1~V_JPUy-TJ<}mVhm%W;8eK4Mor9f*RLgAf{_FO5vD# z7cz-7jK1yrULW{J!BXx5iwa`VKJ~P7+Iih#JxM&Oy-pS2q4>c{D96OTG6J)>HA9aFju^Pw9>)aW|PVPH78^~8t*wg~f#4wz`=|?zPTmWzpfLVkhaxJ7(zFR(c zxnKF^_74Jg?OBN^^r%>LmftW%tn`hi{00*NTZ};XXHXlTZXbuU5mDrlq>~3p`z|#{ zb$dAqMPwmHupZSki@5ZJolB?g>f6*EyVP^*RyrZBA6EU3vyau$7YH|fZ|_K#M4J&OM_)&(uJLt?#r`-@^*8n113aY3%a}(*%tNxOA z612gPR4|pv{8~*+yJOq2tigk?kv2c{E5f&OgePc==es^kyyvvP$6JV3Y2|wqZSnAE zZ%aofV;_7EL%x!OQJ7Jh6{&su6a0zMvsk(vY{gTcFp~b~a7bukQ9XFRRvuZ&mtJNM$DB1#_AOJXg+)xA2lvHd|e0i_#h4 zEigVXAutIB1uG5%0vZJX1QbTx(tVoFv^pAH2GzSPOoJ@zq1pr#(v$YcmC~5K%(kz! Q&aA70RTCGB0s{etpn3HvD*ylh literal 0 HcmV?d00001 diff --git a/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 b/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..40384bf2d8e15e946e70726d736feb9a46502108 GIT binary patch literal 2605 zcmY+EX*d*$8pmfCGxiK)SC&!CC1$dYC6O(=#xjnzB>R>v<5Xitk}MH}tc6e#vhTa> zBulo)*o7f8S-b9i?mg!@AKvGEp5Oofz8`-`0yBaRNRK2ieFroBD^fp_#s-7{a|leM zAOh3S8SX<87+n7mFVyBUZ8`m{Q%yAp?wS1u^pbq;(Zj@?dp5<$Iw{kw4J zwgT8(=m}qov*EZfW5KY|L3wBP(Fi~|)n)o&NaS>vC%?^BNYEj?)DW|+qFfmJttluN zeO-^rplhXYJDcAwv2?7^McnFo_Dlziuc2iHRDzie%M$)`UPDRqlYCp5z*_rtcSz|6 zpQg%~@d2|O-){@*PRPJZxQw86G<2`z-a0KxcaGyC`P53Ob<6Nr|HqG%7Bk2;+YX#x>W1R(-K6sRNlPDB4ozK{ftBrP?&@>0W)WVO9-8LZ)zhiE$&+PEEc+RnA%Nq49PPk2^W^2%8 zTGor+k=`{-@t-zNKdO`bG-Y4g}>ZAE|Y7_!UYd_tZ)C|j3 zv~03i{B6Iu%@02kweZg_9;Uc#8x9UzAy$#+me=0>+Uq?%*0?*^U=!tLq`H^}q#d!` z2czeH`g^>KnR!L3-2oPEFqZjd2ZNS%gCxoG>@>+wfu{ptHT{`6t~s{kiyUGx;kz-P zLyV>_#9d4wePd+*o%b0ldEOe%xPsC(y3Zc3Q{< zAFY>cC+QpaRe~_gLE)mQcMPU&%PJE?U#>`4@*?Z^{%Gr9G;`yDZZw@x`#@aYKA~3tPENN!#lZSQ) z8J(+)nO#^`FzLJ{B8?Q%worgJgmk=*s)5J)98l9quD8j^#2Ja5wtNK*F9bqW{K?J2 z4`!dyLJOU{jHrYlyrL4@C}*+_E5ezsp47h@~X#+Fi*Kr1n)?2{(@`IzRVQ&uq? z@s?!waN{~NKGSWMTqki)hN@&b{R7L2Hqzrhw9_%=Y{RQB%X_CJ120)_pyk$h-miI=2oowv9qylFV?u(J#&UKOLaTyLR;8R-bM-=%GR8FW>w{Z zx{BogOO;G86zc_MfHxo%;0bU6gd#=%j<``U5T}K^w~Gi$;ffLxt*D4nKr1VpsnhPS z5(Io^Q{yvqgANEdTUvi7z<>A^{2#xfIi2pBMHSyLPVZ#vVDF`wCq3!@uV3*55TkdK zHB&d6L!#|>Wq=nR>4>XA##;=3$=uCE`wHah^WbUJw^JN-J)o{`slL=kA@v>SrHkh9 zhe$H{)IG%Xcd)DG_VOVlU^fz_>SQU&<4pNQk-B<(psj)N0GZ1)C$};UEX2FvOETW2&eCCQ7Rjq7^9@!PCecn*(Os}C#!vw z$R^pRt@SOs3MM^Xe=KwsQi_V>HSn#N4T%f}#ZW9KPAqr+c!c6INAqT-=lKwVIWBQ6 z64b^*6ngE2^C75ERv+f_Dw-OsDKBrIXnZZO?6L~~fzN1iQW^}d*UOM8@CRd`Rl@G5 zbcxkZ^a&!NH*rI>DVynNWT@loIPVUq)f4_&mzUxabSvu$y03akT0rDvIE7nvvuLhc zu>Z6|Ej+&Vc%Q^N&u6@s!g%*OtNGRPeMKLPH^4A?|q&2IB{d1!Sw@?9h^Qw)MP&}3`eW%OJ{VK zjxrJ2#>)AN{gMrM5Ih%3XYd%E!>l(vp55Wz zEWNhh?*jaL0h>+jUs}D~MSl0SOf;2zTU}+^s~2o;oCFWg%#rL-b=A$A@8=7Zb2c@f zZuX$3r0`4z{FMU70fRbf(2qUDpXHjo1$NAlVp|7AJ)%NgWTIJl#=~IT{#JTN^FYC+ z#Y39>Wyu(-Wm=z2*lIfKFSm8~+R!NW1|DF4j$6A(obS3Y8@K=S39gF|ENOk|p)6du z{fK~-M}UWxkG)t7J&p*ViG0V);jqSqP(;ZHQ#naSpJS&Gc@-&&WCAltvD4EDFaSWX zpy!Y^jvm29!^IOjLi8rXZg$f literal 0 HcmV?d00001 diff --git a/tests/unit-tests/src/test/resources/server-side-keystore.p12 b/tests/unit-tests/src/test/resources/server-side-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f9f4dabbe72833ebc0e57dcce725ce393f73b2cf GIT binary patch literal 2589 zcmY+EXEYlM8^@DKLX2L!X4NKwq(-HxRn&?qrA5sk#NH*T8JoIlrB-dlHA+!ijHpqn zHEvsKuTrz9)pEV>dEa}_{qUUUoZtWdJRg5Z5O zNifPeZb6bDj{k}vreG4p_#7LYj~UQd7X0RQjqL;*QwEv!N zlvikhYo+}xy2t|eF@mu*d(wEB@eowixtSV9FbXw4wMzE;KBRM9R+IHt^P-SKFvkQ7 zG}|fnMhzVIo1G#eM98k#H!&dJ`9j29ez~FD8ei@DSi0TYcsCnyRfOh94AQ37SD)psGukXejerSRMlaNqc-dA)YcW}ySy7F2$&WhgPb!!PpWfV5)sG-$Z6}<0E}SJ)LkG z+6gLyuGbBtSi?+Z#+@QLk{6~R9AM4-6M3nv z>&yxbYf!f2`&umB>W-!jP%6%S!G)Hpk}r1-dObLF5MjC0Z|y{(WlwR%N1w9#&&FJR ze>X$-m0ewSc&nVDez~5+rUG~4Ta&iLvF&L8D%6MHWKNXia|ipzG&eOr)Rf%XEUC`c z;Qa=Y6>YEK6U|HGh(a)k-W05rj<+wUfd?GyIQ!@ddaPYeY>1!cs{KgtHE6!1DD7Vf zaJ^g9ub8noBCe2D)5{ZH?w_!rjC+`HHE}tBy}d^)qtXP_yj1YUXC^Th>S4!_rE9`m z)*1yKKX{yMH$xDmv&O2x`QK%A*b&s4QjV+5_<~09A1gbH%Rggs=17b~xbzywq+TK6 zkt->kA0gj~BYS352p0WFO)a|ISIP%3B_0KLsjGeU3N}#MsH15l0>O$d=4XBPe`Kf} z$V`h$=8`g`{AeSx;FrV)n`l=CJH?Z2JTFu*zw4)y?D&POZy6ueN@bpY&CFoRpOI-O zm-&2c@Z?x0yzH1S^tjb%h0|xy|DsAQ1KB0w{{8)}JIKh8c{au6<;}2kf%KSs`N%SQ zx@vd4^UDWX1m=LHY+bsBcLMS_YrZ5uO?-81_0vFG zDjPX@J94eRxX0>s8z-B`;!xxS*j&>584CoTS;r;Yk^qmWa9idW0c2g{^!^>FuQ%;e z{z;{|LAABU=7lhO>$}w#$Vb{?BOk}8lM2SY>a$9pW#x#EA=9<>88$u}!TpPnclQ3! zfHg*AAWAh_MB8vG)X8^v)w!JpHnGxVxN^kqVu`L(#IDv)%8k$c=}aO|kHE0^q*xKY zxskqHTI(}Upb_x8xrUxLoLDWK$Kj<_?CUaDVn^kMqfnW;J^fPVPGN?+OV5;}lG#=! zk^kDzg0$x|=x^S(gKjPQiY+~*&N+waU-tMJbn{FR?RRGCep$?a9la{p>=F)1e_k<$ zx`E{WTa_?&6yqg&fE$1SZ~@=|1f<|U5eJGL%xdi9hP#YXxN;SVR#ZgEqZAa*)v5P) zi57ZpQ&ia~@Lzs~{>QHxN}E<`Iv(niZ3^+)@g`+fOkmaj`Zbh9bI2-H z`HYG?O+606ebCO~ZzS!M@^O4!Em%MHdYw)LDQ&kk7v&6%6$v)NUyCCW#v0gK7C-DM@iML8q77y6b0TH$KVXMwAuW%}EKJ*oa0`)OtKU=Eolru7sB7T!H0lRJ8ulQAtrWBlVy@ck~{_ zsxN;zoU)J?i!xKwQ^qDaZmKLci`hMJrdA)ZnQ!bu;M4%c+uB!)EHqjlMYWnY%@^Lw z#I$%_5n6Pmt4D83VEKVe-DLHq<2|clzR4(iRsomwHX$AsllWATt=kS87pJl|?+I3x zPR`?A9-2$))BBp5jXxpo0X5d5-Yl$p4m5jBpBPdyI7^KAH`}5uo+j_Vx^N;bEGOqA zr}yOTA;1=H*R@X!8=#50!Q=es?aw#f4K@hH`)%!KLbndHe@oRRhs9^^Jveu94o`47z~~s~Ec^6IjA z_gXL9OHHuFC#bSn}s(tKP2P7>NABIq`WGx zmaM`x!t$-F)MJd|dD{#wGTzy9&}TspgnXlC+2ZyQo%a=dl*608$}6O!JS6RGbij1m^&v0v22v0SgF>V((13U#05JPQ)AmZ9sNw5&C{PK4_a*I;b81FuL54CfM|eGd4B=aLB1jY literal 0 HcmV?d00001 diff --git a/tests/unit-tests/src/test/resources/server-side-truststore.p12 b/tests/unit-tests/src/test/resources/server-side-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f8daaa35e44dcfa59740dba0d38ebe57e4454e69 GIT binary patch literal 1194 zcmV;b1XcSmf&``l0Ru3C1YZUTDuzgg_YDCD0ic2ePy~VmOfZ53NHBr~L1wVCyECBdF*U&doH6;6`!> zjJpT02_+b}V%y6H?G{R5K zO+}C)MTZU5sPI%nu6JnGKWUszSc5EK4`(~c8 zc;oi}U=`*^Yi5wDlRaB=WX`Ga5sp_YuIb$T7e>H)26k5%F0Og8vrLAx_(SrVUqJ~o z%Jp~CM)ber_=&3rw7!w*UO1nH zdz|O(*hcw-V%&S3j*|YY@)V|`M&J{dtQVnp%zHk4@8E+z5gRBTa+!Ec?TZ2Xx8vQ5 z9c|!L*7LJ!@nt_8!YvN@relYR=t4u=Xl@HHgMom%O-%S>rry->q5w?U%vCf!(|Gf3 z+=v@N=V<|oke(UR{sbyP3gJTm2-`hOqet|OY69`gh|@l6L?QqN4GI z;VMh>IsU1_2W#6!w>evdo~V7^HwFZ-GQWGoKGK_I|G;S$C|g>dp|8zx=Mboh4>@#h-y>u@!MyO z)wD1;t58gO5RBLD_F78a#%S->G8%+Q>wXPBz%GWg2g47#5$~|8D#yPMo?9NbI0wsL(VM&kUVJ)jU_{nV)jFy+xTCG!s{x)FzL?i=vJ0w|#cBsAU0&g3wT~cd{vX@cGwyr(GP%u6)AutIB z1uG5%0vZJX1QfPcXJ%*@^c5Ip1jp}jHHB_Y!gC;Wb9PNQkLvv4Iv~drZHKvW~?&}l9*x=W#2-&w#XJk z_93#nHTESUQ!!lcd*1inb3Z)iIp_C(p8v-mDvApT0)kOd(0X>LY@AUX^C*x5m>mTz zfkZ(I4si}Dip}d^5!+Qr6r0Tq99BZlAY`S_^@0U!cQ|9 z<8~QhS_Zi3S@j3oUsV+=WCwu(ZI+NINN3tX2lw^dWK-=M=}wK*dhC|s8qbAwYm>cw ze=ITgrZ*3BZO90$hKoNkoF4zwS(3{&jhtY68JEWJ!G{L09E_CnFfqv06K@;1F0u+F zj5xM$Sfy}`3WM)pIk(>G+P}UGrs6~A?!qs9mjVAO+sxGE!cKDLCVX*gUk?@N4_$y; z9hJLeN;uj8#ldB2JQ+T+txXI7YjTUo0BSgN^|q0=x}BlLzj-&f-;p%dBZTU;N(ZKX z?eUB!7b`%c-z4#}UE>Qg;4s@8sd5=`+KjMf0bUDjYv(*Co)G-n)s#eElZTB3A1e(S zYk-gi1m1`v&H~Ndxji2qahN4uz`VI<4WrjalbzLmg^-lWHA%kabV-JY_pA<_Y(1Is zKo%zZoSb-8N@+1I8=?(1Rk<%z8^Pf4+z#^h5@M#CdkqhvcKkuc5Z-QEIL`03!Fah` z@iDIbEs#Z7&XK1_w|*oG6Mgs$RzEFEBpJG!yyF}GH8`rm1ugK{R2ZacSy<55MN8fA z1wZ2m9>W3O^e))-n#FvD3h16zeT#z!83uD741Or_nHQe%P_q4o&zw3IVU{h@({z(l zqOjTo7i%XykB4JSNh~Lu)zdG+6)KJqH@}`<*c)@;6B?1|0P_~0EQNR_qLcn_nh?cUeC`8b4hV1IU% zAy&`YhOd@yw7T=ln1~XLXo>;rRv%6a*}0V6`DRKdf>&HGikG=zQf-kbpJ`qCw+u;Y z6#SLd?;Z-ur*KvOz`LJfC#&K6liz215 zw3;kTI%l=sJ%nKGcTzhSkEhP6Q;$<8T+vw<)aP(Yh*D4v{AuD^4mT}MIV)@M${cFOl)b$*&x4cB{mu94YTYt68 z(|gz*73o<0BnGW`L>BYoYJBy^6+*PouF3IoWBa?09PM&T?~?^9poL%IUqDY%=`4O> zq9#GX+1NuN%Sh=#&X-++JlVF{@;lNF^G5F5mDkw!b}k&%pEzEQkAgO21o*?-uQi3K zJ`)aa4tM76DV|#Im__C`-b)v`m zWW08A=eS{N&D2V8$($xr7eS9OI=fxG<2bjH*#&d;0Ip<|q!gjiZe*wEiRxPt35u?4 z&$jBF%CnGLF0+ve*R`5()@-9;79gu-%$ET z=6BKbCHCfx-!2{aucP13B!m5hV*Fb{Xc%?PP*j(0mP%mBguS$cu2W!XXXp~uU{jhz_U%$ zDw&U7r+Tf$jc{&PEUvT=42iQ7kNUBux9?gxZJl}%Z$1Fsk(W><+u9VcC*TPaS&wjyA8qkM=hIejT&*ziE$u$HNJxP0!jBHEEy0Cz3JsZLb#=RvXB~t6I+Yw1 z769H8c`2!Ib(LVk#Xd@r(@Xl#(VHBll~CMf#uKwvy2n#U6ioLAOA8MtcVTuf$?!Mg z9swNPuXiEA*4}zbckPZE2^;Wg zrw{*hi1x~^LXOL&-!&Vi@&|Xn&oNZ1ja|?^t!;qztz}XxEBr_~EpHnoU@(x0td-wj z8|jR|0wAEVUOp`uokV>f9^f;S;Ih~U8U-T=K)EbJ?s9#%-^_q#X2l&XbK$mw?~9+C z2#6-yvOoS>WpCgpct7H&OPKYaX9lKgV3&sm?s+fz<=j1xtyi7?wBhwjMrG*aAM_C! z?wI40Y)wC-#GtjIz{YU_BN>GP1DG_=y9^(6vA)%Zlowhw$GDdi&R7h&rYdm60~UZT znif5YTMU3koPcwert$lrUXAf)NuVS12=o3 z=Y7$Og+rB*HmP;z(?Jw9rT+feha{6@D>D=o_S3SJ3#{lJ)ZiR$I+jMkqOO?d?KjXbcX)Ph?kfA5> z;toCsO4s9ZVOzd67wHRpRbQCj(T=dSuYMSn+_V;kX3#1iB>mf`;(}La)lB9+k$v3* zn2}(a@q^I^gv60lV}{3)TJJgIS7XU~my&H0A48sd4Tby;w2qz(&fB2xfbDU%%Xmv+ znsJM8s7U7qJYiR?Wjm<(GHmLGLn@8J**J$BKxE*jZp)wAm$PEXZC@!rb2E}ONu9)G z6j0?HkP{)#b`DaR@mEoAYyb%Vu?E~uRYT$uYdPUWrkiW)UWN27guj)riWjvs?6(8D>m*8K Pgjo+3*@3{oxa_|GP6opI literal 0 HcmV?d00001 diff --git a/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d95f854024227276089f4314792cda54aacd754d GIT binary patch literal 1162 zcmV;51aZ%2`Yw2hW8Bt2LUiC1_~;MNQUDhKxMa$E7%>gG4>Dyv(<8=@J zf>;51p?KV#fRQvkHW7g}C$x_?SS60f7n!D$Q#8EtOKAM)&aT(M-6d^ckJs|;reum9 z%sGW%EHr28#%t?}w$M_De+X=O-JC}EBbv0JB3X9s%wXjC@iZ8%uJQUzncK=C=2m-l z7BW8DLQENS)>WTy!JPP>Dl2A0)*5Mw8N^AeP0+t5S0*~A2MEw~_ZoJh?S;KRhT}fN z5LwsrZTwFcr75%OfsI9uxazyu8VP6Yfm(BYF1v{*Hu9n1RUO%g461a%*7>p$-uD*= zJXwVQ?*-bvMA&`4eG}!z0N^jnEPAOirPb&PU=7D4hg>fY25wGXUzev--aSBiLf5am z7wE;;fc5HooNCRNKhF+#|R z+1f*x%&cZ`v*D1A zLMpr2ups_3)X~T!E5$$dbPbYEqG;{Dgb#L(pp+$rl+xeSPnyWe=*}jYjtzEVIZ=$P z5%o!3-{EA~sSSn$%XbPBQFxMc9bjH}N2AJOCl;dnZnkq!ISjzuvga4S%Q!D1?fVUB9H~^8& za$%qXd48uZXJl|9UR*5Zn1c<+jo*2^WYjMo`zA@D zueFASPi99qx4~(dHyJgKzw(ns`43!W87l^gRN`(e4l}XsX5K|vB`2Rc`pV|}O};M8 zTzAEN$oz!#U=?Ik3%t}48j4%Q&p(ryNg&sFt#iX(z{^ulB%3RrGOozHa%i+ZK&$nu zxIm`?Qu61{IVk5*9FP8X5hv;lyp~z|0w>V>*XpOh;mLM3x#~@k<)u%zmom{^nKa)k z>x>0YpFwww2=*z0Sacv1o9Skfon6TuAucAtR8#PoptB~SS)kQtOoNDRKbe=Jao24) zNfZ8;qR-fE0t9d6UD?UezCEg4WSbataOdlYBdOZa;7BXRXpIQ!925;=1Xa{-2sLU`EB4+cNF7>Qdv8qt;a zRB=&a)~Hppb=~{id(Lw{ywCeQzyJIGKmL#eS|AmW8cBdQgP}rE8c|2rfDm8-0a^|s zKuaz$5lNuI{Uf3=1`%isF0t9y}iPjsqZPtJA2sR6sn z90lgHzP;88L4njTo~(#^_Igv{ji0<*3t@}v>0i7ngtYYh7cs+71NKhp@MI%tkLIT# zw3<->ot=7}(QcRm8F99lGP`)nxp&gu3w)cv@Ab7+Q~2 z{VYz7ZAh?tQB}|$VJsAt5%d!~G`YRjem^vHlDnCNS78T!kHmS_-Ifj=jT#{2@K(F z2%iq*J-54$_6zKwSOM(g03KS^IdF0*_`VMZyj+Vkp6avE_ij_GU$tgL^^t%Pd#xdO zWtn{Us`JJzM*Zt5?!2=ezUWk+LpJu;cAG4Z$=1Tz>vI|Uz`R-5xUyZuy;j7QOpWE( z9pB~Kxt8KqdfLn7Pkt)poNZuwErJS?xuusILcxhMuZN3Upd=S4Q+;gcK(DQ#hMr0P zA3cK>fUXzwfj+F-(Z4*G7VTK`Zob&)Y_883bk2BpdR)rmw@9_7g%7R`K*3p(M!GI;Y2-tZeg-P$WGBzcSncJSMgtc#q%LFrMJnX&xR zeuHvPlFGXIFO#hNkhoaP)O8qRc`WNdO+DXZO7@{o)D<1z`LVxvc*iNXD4X_4;S{#) z0iKl-y!~1WFXDF?X#&mSLwp&k1YtMcTXW!xD9S{hIoeJ`t=Cl}LMc zx;weo)~txM(yJ^^st7e7j*Vc>%c}JBeHyeMlMQ}mqGgNWi{)2-^0lF}WRq}1Ay?(I zDCZ#{W63ozH+pPgI}*!gTvL@q>*T2ES}(B2iwsC4jg#bHFe=_8uch_y35~n;?mrO4 zB&Runuy9nhTaKr$`(Y{1m}7#l046`!k$P0D5gaTtG8HWOTxwpBVNZ)EKtMcN@iy8& zMAv{NDst=#KaL$#tYWCC?boJJ(>A-CAgiEoI(>&>3ue!9D@K}l{I8kMHvKTk%F4uG z^_D>Gao@2T3$^w~^Lla3#99JV?V}jmhQe^ucIT&h_dE)CAnRonNSX#QgO3_w3doy( zsS?U8MhB+_xB-FyE&zK#5R&Kbh((MU#AM*)W{(h)6qiP#rKH59B_*UT)rtD+2m-#e zDgPznp#lOf7yI7{@E?8!|HrTN>WffyMkVojqorVs4ePewT#UA zE_Z$LUY(+SbycIIyzgGq%6d{jM}PCDA|G|?l(D_?gNiFBx)+46d9=m7!z)}km3>CX z0`IkegytB~i(DYK*zQ1yWV*4=yCTr6WWLyBJD#cLO5~qQjM;xy?BWxOC)koLb|Z%F{=0nyiLmsLf`|`E;?-`M@aR{qV%z-eea;o z4tL-~W@(RPhd16=*h=4?H=R(@OW!x!@DKHmdUc~A5ts zw~TN(%wf~=TO+A=^hDdxy8>Tw`Z#iI$_t$MJN>yW0lcC(m{ZJL0wiT$JP9?)MHC=L zW8c+=hSu3T98XkgzhulgUiZ424FhFZ<`BrqrY;^pWmB2SEI*REejsw|~#%+iZ^w#jqLYi(c#G9%ZvN(#a|dZ3#HowB%>Ac0_f9UA_B4m$p{}jhqhrhd5S@1>smHD@` zCJSF9d@St)B^AfrPI8(hQ76|i)cK4}djeVR(=O45)k&PnXnzvtMzQuo8@|_)*(7F= z;JYOnIM?c!Z-@%(JCUDMvt3?-qMm!oP!*2Es04GhgauwZ&@2UhCw+eeaZA_PEY8$3 zW^+tq4V15bGfnZaLok(?tACA9TVq>I{kW=opyZ@K+m@?b4wyC*n*Ut2t>`?Z^xK%< zjl&&hXNRI4n-Th{n%pR1_#J8IZBIp_48l;((#Qq91YR5YtSZ~GNHP}FDt9tKDj<1~ zP%zDH7&R3;4FJTfB7GNKqL7W6DXZLm1krnLcjpy7h*|tLGA|6#EzBTFZtVMwjEsZ%2`Yw2hW8Bt2LUiC1_~;MNQUG^cF%{r9H@Za_#AbL({a_XtqJCM8=^$7r|eEBBE?y23_Z$w(t`12kqI zf>6J%cHVV(GK|${U|Sptb2?WFHwuha7ptOS;3uvClj9GIPR!2fcMc}L*lMAAA|+GF zm%6-e!j+zgcPngX^$e!q{^~w}{+W}Fz3%uFX8)fJDFtxcq8)h9TGcFcfR;I2zgKLg zar#lH0vqe}n?@=@7~(z(DMv|c491wKJ9t|W4rMR1Ex+iW`_H-5viaV|%b_GmH9-l$ zd>TWjF!ZCs(PcES{+W$L&>=CvrIvDl%g^7(S-+Y~?t4HdXI{(qqk7qVxM(wr3N)2M z8`+6i6pQR_;23?;BT)06uTtJ0o)7g${DhmYO5T8y;$UyWycDoP)MU^Oa5G?$d%kTdde zSBCGhu_`)&RxaspydRDg(U#@zevKdCaGu{POLBTGPIczco_FfOE;jL}5IXOmK}yvU z?LSe`Kl(^NC`7=OD>V$B;FBph?r3yRe57#dK*nw=5K9MFhQS5LPDm^4w9Mx7w4BHv zUbj2eJ626Dnf%LVJ6)qXn!KqK*U< c-wvI3FT=TZOy4$O>Q8E$`;N@x0s{etpkx&wk^lez literal 0 HcmV?d00001