From 410a552894140cc9fac5cd1fed5b5d21cda999cb Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Tue, 14 Apr 2020 11:01:46 -0500 Subject: [PATCH] ARTEMIS-2711 use peer host:port for acceptor SSL engine --- .../remoting/impl/netty/NettyAcceptor.java | 33 ++++++++++++------ ...CoreClientOverTwoWayOpenSSLServerTest.java | 29 +-------------- .../ssl/CoreClientOverTwoWayOpenSSLTest.java | 4 +-- .../ssl/CoreClientOverTwoWaySSLTest.java | 6 ++-- .../verified-client-side-keystore.jceks | Bin 2203 -> 2222 bytes .../verified-client-side-keystore.jks | Bin 2226 -> 2242 bytes .../verified-client-side-keystore.p12 | Bin 2565 -> 2581 bytes ...erified-openssl-client-side-keystore.jceks | Bin 655 -> 674 bytes .../verified-openssl-client-side-keystore.jks | Bin 679 -> 695 bytes ...ified-openssl-server-side-truststore.jceks | Bin 543 -> 560 bytes ...erified-openssl-server-side-truststore.jks | Bin 544 -> 560 bytes .../verified-server-side-truststore.jceks | Bin 935 -> 952 bytes .../verified-server-side-truststore.jks | Bin 935 -> 952 bytes .../verified-server-side-truststore.p12 | Bin 1162 -> 1186 bytes 14 files changed, 29 insertions(+), 43 deletions(-) diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java index 3b0234bd29..924f335bbd 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java @@ -73,6 +73,7 @@ import io.netty.util.concurrent.GenericFutureListener; import io.netty.util.concurrent.GlobalEventExecutor; import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration; import org.apache.activemq.artemis.api.core.ActiveMQException; +import org.apache.activemq.artemis.api.core.Pair; import org.apache.activemq.artemis.api.core.SimpleString; import org.apache.activemq.artemis.api.core.TransportConfiguration; import org.apache.activemq.artemis.api.core.management.CoreNotificationType; @@ -404,12 +405,24 @@ public class NettyAcceptor extends AbstractAcceptor { @Override public void initChannel(Channel channel) throws Exception { ChannelPipeline pipeline = channel.pipeline(); + Pair peerInfo = getPeerInfo(channel); if (sslEnabled) { - pipeline.addLast("ssl", getSslHandler(channel.alloc())); + pipeline.addLast("ssl", getSslHandler(channel.alloc(), peerInfo.getA(), peerInfo.getB())); pipeline.addLast("sslHandshakeExceptionHandler", new SslHandshakeExceptionHandler()); } pipeline.addLast(protocolHandler.getProtocolDecoder()); } + + private Pair getPeerInfo(Channel channel) { + try { + String[] peerInfo = channel.remoteAddress().toString().replace("/", "").split(":"); + return new Pair<>(peerInfo[0], Integer.parseInt(peerInfo[1])); + } catch (Exception e) { + logger.debug("Failed to parse peer info for SSL engine initialization", e); + } + + return new Pair<>(null, 0); + } }; bootstrap.childHandler(factory); @@ -498,12 +511,12 @@ public class NettyAcceptor extends AbstractAcceptor { startServerChannels(); } - public synchronized SslHandler getSslHandler(ByteBufAllocator alloc) throws Exception { + public synchronized SslHandler getSslHandler(ByteBufAllocator alloc, String peerHost, int peerPort) throws Exception { SSLEngine engine; if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) { - engine = loadOpenSslEngine(alloc); + engine = loadOpenSslEngine(alloc, peerHost, peerPort); } else { - engine = loadJdkSslEngine(); + engine = loadJdkSslEngine(peerHost, peerPort); } engine.setUseClientMode(false); @@ -572,7 +585,7 @@ public class NettyAcceptor extends AbstractAcceptor { return new SslHandler(engine); } - private SSLEngine loadJdkSslEngine() throws Exception { + private SSLEngine loadJdkSslEngine(String peerHost, int peerPort) throws Exception { final SSLContext context; try { if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider)) @@ -602,8 +615,8 @@ public class NettyAcceptor extends AbstractAcceptor { SSLEngine engine = Subject.doAs(subject, new PrivilegedExceptionAction() { @Override public SSLEngine run() { - if (verifyHost) { - return context.createSSLEngine(host, port); + if (peerHost != null && peerPort != 0) { + return context.createSSLEngine(peerHost, peerPort); } else { return context.createSSLEngine(); } @@ -612,7 +625,7 @@ public class NettyAcceptor extends AbstractAcceptor { return engine; } - private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc) throws Exception { + private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc, String peerHost, int peerPort) throws Exception { final SslContext context; try { if (kerb5Config == null && keyStorePath == null && TransportConstants.DEFAULT_TRUSTSTORE_PROVIDER.equals(keyStoreProvider)) @@ -642,8 +655,8 @@ public class NettyAcceptor extends AbstractAcceptor { SSLEngine engine = Subject.doAs(subject, new PrivilegedExceptionAction() { @Override public SSLEngine run() { - if (verifyHost) { - return context.newEngine(alloc, host, port); + if (peerHost != null && peerPort != 0) { + return context.newEngine(alloc, peerHost, peerPort); } else { return context.newEngine(alloc); } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLServerTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLServerTest.java index f7fcca811e..78502ec639 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLServerTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLServerTest.java @@ -74,34 +74,7 @@ public class CoreClientOverTwoWayOpenSSLServerTest extends ActiveMQTestBase { public static final SimpleString QUEUE = new SimpleString("QueueOverSSL"); /** - * These artifacts are required for testing 2-way SSL with open SSL - note the EC key and ECDSA signature to comply with what OpenSSL offers - * - * Commands to create the JKS artifacts: - * keytool -genkey -keystore openssl-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore openssl-server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore openssl-server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-server-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore openssl-client-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-openssl-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore verified-openssl-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample - * keytool -import -keystore verified-openssl-server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt - * - * Commands to create the JCEKS artifacts: - * keytool -genkey -keystore openssl-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore openssl-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore openssl-server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore openssl-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore openssl-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * - * keytool -genkey -keystore verified-openssl-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA - * keytool -export -keystore verified-openssl-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample - * keytool -import -keystore verified-openssl-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt - * + * See {@link CoreClientOverTwoWayOpenSSLTest} for details about the SSL artifacts needed for this test. */ private String storeType; diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLTest.java index e557dacfb4..cdb8d033f6 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWayOpenSSLTest.java @@ -85,7 +85,7 @@ public class CoreClientOverTwoWayOpenSSLTest extends ActiveMQTestBase { * keytool -export -keystore openssl-server-side-keystore.jks -file activemq-jks.cer -storepass secureexample * keytool -import -keystore openssl-client-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt * - * keytool -genkey -keystore verified-openssl-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA + * keytool -genkey -keystore verified-openssl-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA -ext san=ip:127.0.0.1 * keytool -export -keystore verified-openssl-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample * keytool -import -keystore verified-openssl-server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt * @@ -98,7 +98,7 @@ public class CoreClientOverTwoWayOpenSSLTest extends ActiveMQTestBase { * keytool -export -keystore openssl-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore openssl-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt * - * keytool -genkey -keystore verified-openssl-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA + * keytool -genkey -keystore verified-openssl-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA -ext san=ip:127.0.0.1 * keytool -export -keystore verified-openssl-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore verified-openssl-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt * diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java index adf6951d58..b195f1457e 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java @@ -85,7 +85,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { * keytool -export -keystore client-side-keystore.jks -file activemq-jks.cer -storepass secureexample * keytool -import -keystore server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt * - * keytool -genkey -keystore verified-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -genkey -keystore verified-client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA -ext san=ip:127.0.0.1 * keytool -export -keystore verified-client-side-keystore.jks -file activemq-jks.cer -storepass secureexample * keytool -import -keystore verified-server-side-truststore.jks -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt * @@ -94,7 +94,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { * keytool -export -keystore client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt * - * keytool -genkey -keystore verified-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -genkey -keystore verified-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA -ext san=ip:127.0.0.1 * keytool -export -keystore verified-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore verified-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt * @@ -103,7 +103,7 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { * keytool -export -keystore client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample * keytool -import -keystore server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt * - * keytool -genkey -keystore verified-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -genkey -keystore verified-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA -ext san=ip:127.0.0.1 * keytool -export -keystore verified-client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample * keytool -import -keystore verified-server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt */ diff --git a/tests/unit-tests/src/test/resources/verified-client-side-keystore.jceks b/tests/unit-tests/src/test/resources/verified-client-side-keystore.jceks index 250832ba8babfe5df8333e11d53ff6123c883134..b8dad478ca287efdca905037e2c510d9b633408d 100644 GIT binary patch delta 1977 zcmV;q2S)gt5v~!C8h>$lz%o4m00izZf&}U?90mz11_1;CDgqM$Fb@O>KTCENlq%iV z0s{jLKm>vW$cDN#Q}*uf96aksWLYZ?#o=acWM?iTCfkUI`vZP)?uQV*=K#=lP$U)* zQ8hD}9(^&zfIAytlKWiDE|I|(kO^>N$ydU+fr$$|lXf5jn}1gbgWt3dzh_1my!Gxg zZ^2#BSa5-l7EiS0qN6f4{ZCo0>|yWv4u%wAQU4ByUMsM5Nw{PIXYBoMp4NFS-#IPd*1 z=F&g%Q;SXZku&H8cwp&FP;){FZw@codfFWJ2>_MDJ#XUa;T+$qXHl!m)AT+a?MjDh z1q10yg$OjT2b6AuP%@o7s~#6{x1jPU0A`(>bA>qiTGh;wuD6s%WWeng0_-^9rrO=< zEo87?D%sR>Z#%eYmUSd`lf26}lh4b4X8!I5=SRy=ME;7hF_xf51-1f}3g*QU=|8kx zZ5M*<;Jt4PsQ$$ZgO+N?a>64GRCGHX~0-6 zZYo3n@0^-Z?0|0$>kmsRaaegJdBu7ss6w)-r^?4H4@#YR8?;v)m@*7P>{0m>dw;zf zqE-5!-JUzY)Gy}L<<=rxU?oLqmDGpRk$wjH>5-~;MmJ?v zCZF*k2ZZhb3Qq{ss*6k>x3#)das4!eKKnMSAZk$M2U<0cir_a~V}5$z?!ewY6K(>Y zFJmyM#xmf2f4FcvkUHaK*!mG&>F9!uOI2sS>&-Ni;A{zs|DXZ1bx9NZfFsBN00031 z1z0XMFgXAK19~um19mWi0$!j40s#U71b9^?F_SR`cpNe?Ff=hVF*h?ZH8ENj4Kgq= zH!(9YH#0IdFR zPHiXUtIiDcq9B^UY1mMmFfLywQJMADTtV+SjV!39&sb*O75fFyUZO^1wpxDRZ7xyV z*!+S~^YQf_tb(@Olr?|U5ds4N00E;iFfcF=1_Mqc9S#H* z1Qad~9%x?2NXpb^%5K8R+aOlj<`ysw1_>&LNQU)%M$hx%YdU#6CDVwT7pP%+?4~Bl)+>rE#xE`B$;n(Dq z;eclDIz!)^9QWikYs%dPsWWZ46KkGrkRHyYScL(w)lYHZ&m^YKpL4eLHA)PHu1hXW z1ozeM(#Qf&>xE_FrdiIm=sI!#fTiA#T)tjh!KXmGw1?P1d7a$GWqvO>?rGjdiJ_;j zxDjk&I-$xI delta 1953 zcmV;S2VVHD5t|W^8h=)R56$ra00itXf&}O=8U_g~1_1;CDgqM$FbxCmbfs8neJ$+L39$1 znZQ>ZFx+XaJSeN9)`3p@uQ^dGwsDKb<0$A>S?4;8mQA9}q<{J&-!^a;B!fQ==aJmc zPaB{!B0NfUabRg^J{)QxQnOBJXW>7I$#(8A;2U@W?RK}A*O&Wfa`U&h@RZ4k)P7*8Gpyc^~(Hs>b2e3s5hmY71*3{ zRWrf>+I##3JnZjmWxdArVDSGS{<91pM^~qQLN;mSr7*L7`(-8^s$L(P^bPVHC~`E6 z7`L~wgDlONmjSIf;V>2}x!i@Ua+7kq$N9|1P$S2y7zT!Md4S_!L6f(^i@_yN@)WS7psE|y6!_I%{@Y#`d5)%& zr0#c7F@qU5-;_^J0z^>1>S*aQoNsVJ7ZY~sdQdjie59$4(W%!t-m<`5IKO~GhL~GfQqg+VCuz{`aq2W z@V081DHx4w(2(2V@1_08?vB8vAKMZqDrocG&^3wpy5_H0Vm*!wDfwNtVfKSBkcV8n zIDak@T=?+)Uvplih<5qSQQjc))HzQYRioZZc4@3^?JA9Bao}=}B zOIJyo>A90N*cK-M2GIcOk?kNE<$Bg3i|?CRUCY1+HKLiki$bP@L*MS(03iSX0RRP9 zE;TSY000ANFoFYRFoFV2paTK{0s;hV`;VNHGX;1XF*YzbF)}eYG%_(XS{Ds5HZd_V zFflkZGBGrh#s!Ceu$0wdrQ*xN2HCnTh#Gp2(q8|?khyGN3KB8{*=X*AQZ1qOta~&m z+qAZteO%wdXw8n#jArfr%y-jafD$~ly%ARM`&Qx?IT^;DDrpmK-8@fBm=|3e{x4wh$`}Q^fB~rng$R6H6u^rOqq_L; z?6wHQ54YFVq{g48w0FhFvKQXivDzdkjkhdyi)Niu((3Cx-d$ zJUT?*dWzwH>fHhZ0RRD`Aut~>9R>qc9S#H*1QgF*)<+MR$gVM+aEm88p9WjcRs}E( z1_>&LNQUY9%LXxbUly zsZ}#MS0yH1n8ls$<@vpbTq2kVZ)(As4#y$~=kdz53QnnwvBxeb`Zw&{QjC<#n187d zMHn9V1w;$AE}|qDK|`0c7dxrOJF(wi_rYUAQ;2a}9`PsN%W8h&Ca0IdE}|19;o7Fj z`2n<4>hzv9s{gL(fDGmuklYF-RZ8LYRTZ`+0vTf%BL_cjy_yf~RPX$c8=6(Oul@%V nc0nEua0lsfoqq97=&xq9ZLtdZLra-t*it%@NAa6#;d%jL%F>pH diff --git a/tests/unit-tests/src/test/resources/verified-client-side-keystore.jks b/tests/unit-tests/src/test/resources/verified-client-side-keystore.jks index 88e7e4031d83f3dd7c75077e4ca714001415db6a..e9980c3882356cd3bd975992db4ab113992e6f76 100644 GIT binary patch delta 1992 zcmV;(2RHb#5yBCW8h>$lx=AfZ_>g;mXbdTN+(W8CLoa75$!A3S(ti8A9w|@Al<-Ou#^Ey93V(=R634Nm4AQ06hZ-zvM&&|JZAOxJ z=^WmPqU&5yaR0oOJ1<{=`=S;+Zq7oqtQSJm8i@sB=ZA-D<)&@Q!&mi?@D+4IrqYldx5M-^eZo1$$zEvMtdj1yrN{M^oEn1oWiuQ_BkIS zdm4WtdC=~c>XD3UYx+6y^_Xfi(o!5h+kvVd4WsaVa5#l3i9t(IhY=D{5sL&E zez@?$W(*{R0exKR3CbcZTKWhb-&4_^%{h`fzjw5hIM&l;u%kqh_LV8IR@HPWlyB}; zD1Sws{HmouBD2RNTwIyVIFbr_HdU*ipKB9P#@vV`3t_0Q{n!{s1_sj^+l76$duywZ zFizjplQcd#)jY#!4)oc*b09xPjJZFniqIAnOT7TKr)>TkH?8iulQ&1-bA;gw>U)*T zvqJymFSCzxF3C^`)LOO_Ec@TIX2m?|5PwtYA}*``VC@lb?xBLyT~R%%MLryHpL)d3 za?pPVpR$`|GFgffkekHx0)gex;24eOMVtbjgAyR>*Wzz>pTg32;gYWDAc2*DV8L6& zvTGBpc$Oykj`NS>IvFC-eFm=vo#>t<)v;xjT!l&*E*!*yNh!D)EGhU=i0%qXRDaeu zpr($1b`;sDpqALn$e4v9Z1GYWkZhiL25L%M(U|Sw3mKHmE`6Z+NcRkqp!t!~Tz5MS zUncW@rTyIY9xZ5V<*$LfCZf=JV|{|J)x%nW#=yhmp?MxAH5@|f-N3#yO9Il8nwfC( zU4c20MeLtBfimcHm#<0e^Mt{6%`+u}Q|GC+@Tuu%dWMCIwOw$xvgWr|L!+ zV+?C;ZQ%=mKBr#TMvCtGa^oP44xwQ8xhXv4VexDQt@#^vfvw|~W;8TDLPvd4;_r#F ztk+vT+k4uidK!rCjkLwPhb%i_yD6hRN0hJ_E+@*Ff=hVF*h@#fk_^AN; zpP0h}`J{}c8f_RXtR7eRUH9BMQrui_#C6qtjV3B7EOe#Abg&wam-pD9OGO6?g&QH^ z=@e#V@I+DSOe3SK*ONB2>xOL`g+XWf4OCEddXAHXo-H-L=R4E`7&arkae*rQ=A&lE z8i*NYfPcx)NA$Ryht;1gw2ny!LFu0^0c<&l>PrykH18ylt4<8o0?r9lF?tkv`CGyd z5LPK*i7-I61H1#!49U2zI`~#Xoxmo?8L8OLQE4c#gZ z`hVI?(x|~a)ocO$M>^18ev4{Ao*0^@F#f4Qz$eEe4`2ZU_$*Wyuc7d4y6wLbXKZ$tb;v5DWX_*lP`90$JG%=X&P zz+LCNVn}I7oqw|SR+QINl4C$3X!=$!sY8joT#Q~olR`u;(L?7bef;R%g0|P(ia@tI zZ6v|cn1(o~4M^7H-Ll9K>)R9X%Xaft`|f^I2~NuwPcpOGzE(E87g}v2tr3r5{8TU9KR`n~PgYC|JM&(K+7^ z9X$yVS;6fAf|)%t@(KS%!bP5v1yVltw4ho8YZx?jRs7lbLE%uWs@Hj>93cXir!=^kdHx3X8+t7T&83b1oUl zNOCL;sP_<8aS)aE$dFw0dX=e~x1>nN8pRO{0ye<}K^~s@PD3>z*BE=LShZ!hBbL6E zVJ3K@puTOPH2k?_vkbB}$<+DdJ(}c=x03!NVSl5zl>~kJ=h;&9r+EdD+;8_8xR?jw za(hFXdIYwtVa<&7bZQq_;hs&*+g0t&c1%;X#F@@Wtw8!M z?vTV3{Ess9z3$rn5KqYt?|_<4OU#~&Nf6kqhF2@$pOZA!x=LqJlOtcLFnp9UEOt`- z!+u~I;mK5q#y_~gRi81Yn(>L!3%;~r{C`VDc*N7x0yC-Z^#0!diB>s34*P=_-Da_U zC1DPgQcCZr3B||}CP<=Z{36E?9)5}-7E>Jm=U<+DfX-@S4oD~J86tf`d%aXZ3S?rL zqcx3I#N9Ln*+$<+>QenMAR}OSAaFMQQ$`aAKx=nw_(qswhP~LG-K8{U37c)nbAKQ( zQ?~bXdITd!%0ZQ?+GJM%XI4A!ihOn{>vvlm6m6`_OSec_3qMF6TekRX!l3=?IQo__ z_7#s1P<|y27#=AypUc)~8cX$D((kWlT){$9*w#ZC)eiyr%5^RtJe08;Xk!Y1HeBv1Sv{S2SiM$Y&gBLK7Y#8sF)=YPF*h+VGdPpl1&4pBXF|do^z~HsXm5uU)tglf zRido6Q*$auM*{>btFt7b{P^Q*r^(W|2uDL@r2LX}0H1^~j8jnn9CTSfm}k{<>ONld z4$P_drm@YBxte4zQxa>;n-6KHOh`m%ZBzQ&d2bV=`|b&u_SZwnh%mTe0%ZRRI5KFu zr&p`nD@T9sm{1wB^$qlYd}{8vMvA}V=}Az+&^}58-3)R#2wnKI4e^yn-?ttfamzb5 z?A~`EPM=Q;huSWe7zesxO9!RnS7HqdsM)+8j5k2OL4JV-Y*0;}hS7k3B-P~OVBz%0 zhi+}0Zl-?aBpRhxf4GXetv00E;RFdr}-1_M!(gBddafvf2qfqDR&I$=_vr$W@TtxzD5ehzw1Gs)9JlLRZ|}`IgJn z0^og41Y9@r<3H;rMqCldx;;86V{im#5Q|js=!!1(a;~rwM(RDVTHzhaP22?+ce~h4 z77g%$_q9PSQ?`n)!X^8O--MhqJ-Rj7P)&M9cmPNU;rXtGPR9G3r~S_OF+<32#|Mmy K-O>@AGgF@-NS3AZqU3A2$RMt=ZH z{C^^~^dqLvN$nKs)`^h>%+>+}0K-rOf&|E60L4W~a4mADDX4)bBWol>G!?9c0=H4c zT2-m4SRvpOszGZV^js7!*UaQ_|27n9?s(>tt4w}uH^ou+_%?R;fi_w~8<@5#MN%{U zYFVMIdl=90(cv)1x#sJYxGL-4qkmdc#h@UbiEjQ7%wB#PfQInfS+!&hp+}Yl>Ezm% z7Zq(RkO-#6@5V``hF~1zfn;jC!i&H;E>uN!=kc+B-mmCaZ1rlY`j=4RhBg4Xv<(5w)<_u4V9be*;u`V$kL+KpIyl4?%5rbPQI5q zb6Ww{#!87NN}bT7C=Ap`C$m%mWMLhCK62Z|q0RI~v2a6_PDVV#C?3NPNlAY_HV^OM zeLupGc_E!Tq4dHL{=GTRX@CB~u*~PX*qCr)g*0l`P77%$+z~;2c~a-@N=j*xmg5-e zdNez0Q(PCS;MX)X;`7{eDWaZJ?~ufKKB_`{VI1ntx{7C7N3STkL)>Iaudq;m^tknt zxrTg)_HSDgbLz31W(t8q`aty)cky>*Ml}|QhS#9Z4_JG5EF@8@6o0^iAg3Z5A$GI7 zH4e0*Y|j|PGFh;P2r3fI{J31M2n5f@8X3=%3Wi=~Pw*$NA|Es%%V{!QjlDSjwf@wFjSP|*hzlW|MOBr!l3=fJ|2!20@tg6`q6@u^%VpALHNs*;`l ztslfxG8$kKq$nvot*pdfK*u0;jE3eHr9pcpxz^W z=RY-^3VYPxC%o^`b;90qT+~XOntDhqOlA%zH~O?Qgp2al zRIyRam44NtV}A?Tl&yZ($?Mf{`Y>L==Nz@dMXtA93fkEh^V1*Wq}bI~`x_DhO03qP z1f2*_ScM1&JdGFw>>697cXgN}X|#ryXoVZWt860bTVh%aKs{>U^vR9%%>kiB=R4pX z_+JDPJb^hiuyF7?giph7z=8stn`ZsU;)}^0E|u}Ee=P5Jg>2e|=Yn|Y z>7rCIup}0784BAGWOW#;%^MNeVOT7^UL;KQ%rvcjs$CLxycKEO#walDB23iq1-_SyMch!TXN1#oL}3;Ut6bnbB; zpr6D-v+Kw|Og>4(hO%&a5CrxQ=Xf)nyEpoeiQ5ROrQBqG7bX?)Z&5HVh zG?wZ}5L0GGfE2H2F+MOE1_>&LNQUDU4>INEFU0s{cU zP=JC1@P{L3JOd?ya|sZ*|7fGVr)Uh&Q@*0qo1+CS@zW8?i8ZE9Nbue=OOS2dsJeN7 z+@H<#8wkMC+2B9}kUtm_Ab7nYX2acOkC}N=7SF1Ca_;8(Mrlm66UfF!zlK$W7RCa~ z6LJ9DH!FRZZg4)|k`f)`AI(XKv8|9qM30ax3weChngiU$WdewD0r~2kv6&W zwm}#e4yT7!w24xT5O%wdSbUEmM}+&PoLAevc(e%?$u*UwtE=~}-!o)kM}qAgMI<34 zsB9~+-&eTyxT0j|d@e?~KOQiwxB9} z{7N8O{wz6x8yz;=F+H+W3CSHcmGGYsXiKx=6{;CTfxD=nNZEQfXdq2(KA@dudl3?} z5_1udeTXYM`#B0Pkmj&^F*@Btl42?oU8#;1+(oTDFu6l3+%3?JmE_2oY*=oWjo!(# zcRhlfxC}?t#y*n?L3SZ_z1)O<@-(V*A(o9&&J+kS(e{??Pmdi#zAh9?&oY_N->B!~ zS#x^mIdYF(0F_JF9Xt7Q0{5ptiJNJHCUBvF7eD!yq(*G->}AUD`t7Reo&kMRkG4kU zgB8Jh&0{UkBRMgNI-SIyyNfXEcfCp8K3S1MFwj)oEo=iZZE85}>8*%=SJAio98G$m za7oq`)D)eV>wjD*7(aZKH{{|D%y0g+_!+PgT%@P;S#|H~VXOucW~Za*Ss*bS+DhWt zZ*b#jS;Bc**xnA2#$`0GGXKxaZ)aaQtFdao%ZrEr4oG3l7Mj(_I;SEd8r%W> zYYNNrbAMyHZI;a*{!aaWE;ZlK!si2|8}UxiNi(UQyW*LIHeBicBu8LuG;*D&$%UV? zmlAdJqhw+Wdw@v5s>O}kgXRil8$(CG&Jnp>X~8Ms)mpc!qT1DV6xUXnu{|2=CXJC3 zjv^gw!mRlGI!s@$a$B4MhL|XDH>ZjDtCq+hPf+o;SiMEQj)7Z$7QTybQHS=OKit1+ z+T|N}qvN47ex@)WsK7-WCWv%yrMT9a80gqE*5Tx4|EuYcuxKpU8pWJ;LuI6F2vgbZ z7D?Sf+T1TWLq2BnUEuP_OiLnWkuW|mAutIB1uG5%0vZJX1QcME w(<^gQQxN)Got7DH!{a1UiL3+^HK~aRrSeOPhEOE=)t|;Eg?>s+0s{etpi?QTt^fc4 delta 2466 zcmV;T30?M;6onKbFoFsJ0s#Xsf(g0?2`Yw2hW8Bt2LYgh39AHx38yfE38RrBMt{dk z*$iIO_fU0VLQ>CpS6DS5s0IQ90K-rOf&|Ew|Hcepq>xNMWSLvNo4RiEG3^dJ?o&(r z{&a4Lq-JOi_wCb212%An3)Gp1mt7?JXAB zc@M02*}Mdc6&11}9xMS)Vhm-93t8ZZJ5jQ8Qx?*=gNt1@`Fe>muQ`crPSPag9BAM` z7mHKel7A`|Dx8arEG07Nm7oMa157k{8n}Ms2W9kkbY~j(nNDZa(=hgQ0!joC%T*U} zacV}|uPdq#3jXr~PpzX1mwyfO^^hBgY!gQ8)#@USM`BC66V&<9*E9+Vr(^Li(VIO_ zPtxuktYLDe_=bUF)OGJdJ66q2gyRVnK_fM^a2Iz+c?|#2#H(!P8{cCxRqt}0-4A|E zpd8Gn4DKVr_n z@sWCo|5q&RKiZ@O9sZvR7z$^iev_JVLz$+0ce)HI5OMKaC?$h6_B|VlUIO*(=8;LGb?#t62{rHWs#)U~NJ+_?N+1~^9NZMFe>&r7McjAe8kUoHX7 zud6osIe>J-&$cL+b8hxDCWS?g|bR$d3T)d!*4 z*8=b;6%>8NT)%uZm=)fYK;|tQKCR3%aJY)15h-e>-+Snk%>@#JFvZNmXX}wNNX-sp zX<1Xg0DdX*15g-}_6MlB7v3~^E1S*yH^%fcV#1bodVk8(+ZrmSi>#d8X)f*kXU>t& zkyjy>A?jaGwvA)%+=oAq$l6Dgx83V`tK~WOK_1e6NG$ZK_FCoZoyitoV*%@$tCFcc zK4FVngWI-gB8)L#1(@@?TPtqoV;`THsRK7?h(i8$wGrypy&LNQU%oCXh~V3g&u&a=Z&F+HAD)L!&Di#In` ztC+^o&p@#UuulLH5~Y%q7dJF{fjrKZsav7a_}69!tg#7j@tTuO!qQ`x1cDYp_5D3^ z7mLYJ`$H%cy>O2JT4G?yDFahzLNaTArNaz;d`P)V!&7@W8Db{Hz{t#{YF94?QeVd3 zzhgfI!S@cG2dyB$gm`iUMSL-deU^JbqWrE^`1I|)2&9{)D6t&SPp~TRTN5JC%EI_i zOEn;HH@k#<&}YTc)c9G0XP~nw+AEoFP1KtddCR_|M>e>H=RqSsMm}x0_nWbQuyKi_ z!L+?178U|aDpGOL!-*#q=KyuRx-FHEK8~BdeRXWpj9%!@0@ni`fdMO@fu!oX%W>b( zWu35VJx&|L|MKYAzkwdV$Le%)T(Qk|*8~23_+ETd;V01Ew-!Xx&~s?$aieelD!Mh^ z)$nKeC^XX;wbIro41^GtpgD1WNR4;x({{bu6-X#Ar$!bg4!fFcKB`4h#FCyp$6AJ= zmI#GWi?_3O)?*fRKB?c@KxP47^Ciylu{9prMG%!roXbC8?DqU_SG?+3pWLOckU`DE z(NUi%pgzog9Tdf;)P1eU0H`m+mX=XOnIo}s7aWDlcwMk%`K{*Si6mct%rl z8BdrqQpr^Dt$`xYX3T@;Z9eFz)3Jb5l({;Y*U`T>>&Uq9TVB`n7L3HBPB%?&-!O?? zo8u*+MIOsZQX#3FXxV{I%~u#jh>{CnriZ^<)mU3Du8&w_Xl@SxuTWvAfsIv}KFz_i zBEI2=XdTDFdYJ^%lZPRHS#19@V1}d?^KG|0(&rPi;`j1CS{Ci&aZxm+mBHjWckBRq zneWxAr=l!2OXg)M&dbnI)_Ew}|JQ$kjnos{-D)i# z{wq@CEA&aPCuV?&+?(7{nx~s9St;9knD+ma_lH<8w1>8uS*t2Rs|^v~s5V4}Jl>&G z@e{M=ZH$xHT!TWVQopV1JR6OoQ4xrx@NSwj=8h`qBu;p|7`dH@(9$lH0b5a~{*@&? z`1e`Kxoy<@y3b2RHdqcEA}~HMAutIB1uG5%0vZJX1QZXvaQ3sjjp_aBj1rw;U&8#b gCi?^w!h!5^9Z*NlRsmu_jUt+SQ_-nb0s{etpj*DNZvX%Q diff --git a/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jceks b/tests/unit-tests/src/test/resources/verified-openssl-client-side-keystore.jceks index fc8c4cc4d1b2818156d1aba3be9d5e9407472d9c..d2f4128a0db1271e7ac03a989791fd948206577b 100644 GIT binary patch delta 418 zcmV;T0bTx&1)>Fz8h>$l$!GNd003$*XfPZG2`dHx1OX}n69F&}1PItNpv^1CN~r<^ z0}Vg~NF`s-l7f`#sbQBC)3wq7F;$(Q1@AluixKW22%$O##4&0MV$YDJJffJ+SU#rV zqXq;sA9Z~9KWHS-M|ebg-VKAn?i&K)M!x0iMQxsnch3lSkrBln_1V4j65%X8+`AT8#Kp-UVLsrUrU!CB6?e& zeGj6gqcSisFb@U;RUHuo2rveR1b+Yk0Wci~163Uk1QrAoCTYgjLD*!Tixbh#9>#pU z7+99VFboC=DuzhTJp=<`0tEmANB}TJ0w5YGGld7_FzpHqAJnOr0jSQe(C^a8F)3XK zsL2z8eTV`f0QO5;?E)jE+Sj<5pTs~!`N%+y%WgN_|HkmGE+kNvP3UIPOE!k6&&14i M-~dJ%Kou~Y5{_1vod5s; delta 399 zcmV;A0dW4J1&;-g8h>MB1E!S#003w(W-uBC2`dHx1OX}n69F&{1PJ=r-xKJG{~iJX z6a+{X^U9PL?9LqsMT5sxc)88?BO|if5Pz)KDoJPTM~=t2wW{}Y7y1`w#gJS1a69)w z*CH>(LVqN^*(A(nzB)Y1O{#2;YEk_F000311z0XMFgXAK0Tkgdf&twyf&qb`0|Eg8 z0t9OomiCdacN;M{Ff}nXFgP_fF*8~h4KX+{I59IYI5jpgGm}99fq&ywCNp2gS9I~) zPG5)(nG!#81VM!3vPhmsN`yHOt&>!%i0v-wb_0!G6nx0f)Mgh7^(%%lWHg48(=w>5 zBb=ilFdr}-1_M10hYj zFPdza#YI1AF}x!h|6P?nMIn@?&kv0Itl|Iw00966SS~d%IRF3w@-Tt{?l2C50g|8t z0s#U71ZVYqJ(0wB8!|93G%++WH#0dfHd+@AGB7YVF*7kYGdVCelU4zNf3V3zwlp6$ zJgn~sU!C`1=H2*8|C6ve{^UpEs-Zult%^KA{%cXT3V~t*gh8WhWaQBt7Fu)rfYiT; zehvcM9-}faFfb1W163Un1PCw&hXj8B00A%^1_M>oZ@R40w4w>*9X4gUAJJ_u7fl&HH delta 403 zcmV;E0c`%a1*Zj&8U_F}?%hNeh^n7@3$@SQTQ{PqZzUHZm|U zF*GqWH!(6bi4x}pa?K5mA>4`Q8|!l_9Lob|HvZ0@TJUzZQw#f*jDX{v+g~Kkyk~tO z;&SfP*^$?KdTjLTq-)+!l{Puv8dsC&81Fq@Ua2a2el7o^rHg?E8t}6*hsp}Fa2T+) zv(y9KVjv3=;A0VE5mC!LcFpld%Disji|6Ey)$Eaon0Cm3hmAw4&EuRc3v(h9D+99! zgMllPf|RClEBh0Jw_H5(S5{7ETybvwh4+_E8fwO}uQ(~(RNKL%$necO`Yn_4(p%Se x%$$G3!R6-(hrZK!=6C-e`><9|C19Gb>@$? zgyXVEo<~ZAIS{RrRI7;XF6wpzjb0Rd$j{Vf7Yg+&hB9O{hLh7WsH-EKqaiRKFdYU1 zRUHll76cSB)=_Zevf`y=n7$YFhv3&0zK#; zIOWe!cCq7L3{)e+Rz|14JNc({FwtXcGaRa-F9IO|lbd}owu3Do7t>+&k;ZOd*ZXZKfL}=-eCFfiTk5f z3+)%L?Xq$BmmRo`t1*eG#c^>?%9D#SVo}Av8?Nl{sN-Y0Bexi6paDM{bEvE!3x@$) zJ4-##Ee5h60X`Nn7LnN+&pe{n8_%t?+w#KH>v*;D2BjGWJZv0VZ64=rS(p=$|f2>s{&dYAcl2yuDv{^Rz$L(Bg`;?rapqaiRKFdYU1 zRUHll76cT}_Bo^=BfqO<48>dIy!bpWYd@GU3nw|n70QMDDdq{Gb(cGuDBN~pYRe_HT ksj3`k*xo?U$+yESNQl=%+|fbnKs@mgg2AC&^4o{Uwk&QpLf<8^I zlf6kWNJ3)M{;nV|1;5AAL()vow3c2`M{Qz3#72Yw?Spg(eXMZBKYVvJ!ZD|x=>Q|8Xj0%H2}XcP$d$a~|;Lp3dg%Qt7O zXp!rGMdYXy<=nMs=C7-MwgXBzmzLR_SVDH7;_^iFLj<*UvN^r9e|z-ib}oiHw6CsCR8)?7jFIgKo+rq5Vr-WB@= z&|acOWVTv<;B78Z+}QkrQS|wc)DZ#$0RRD`GB7YO4+aBO9T5ZwFb0PN ze*gdhFdYU1RUHll76cS74jyP;$4JW5X3B2D$=e`S+U6E84F(A+hDe6@4FLfQ1potr z0RaF@)_cI&AJ|l|o%V-v_Y#Of*^=OOwR{K8v!|LHcRJ+a*h56Tf5Sl{mOAK^rmIh6vyy~w(>>3Vod&MBL!LZ6@ZYY&Eg z+T4)zhqxY_c;VONmEnM9?m9!?n;iG#HEYV<1*tP_xf5%iZIB+$q*#Rku+>j-;m;(d z&YyF(^)*Tig|163O$7JV?$XEtPwRzc;-*>7w&*%>|A3|5k6gZ9T*0S6yR?VcL3y3r z#$|plIPPiQMTw!OuecFxVLGtxRPzQXS)gV6Br%SC0BuNywxbgjD&I#T@+kjYoIUn& Y{IT~XRVNYS$$k%RXla<2JL(yGQ+wKu$0wdrQ*xN2HCnTh#Gp2(q8|? zkhyGN3KB8{*=X*AQZ1qOta~&m+qAZteO%wdXw8n#jArfr%y-jafD$~ly%ARM`&Qx?IT^;DDrpmK-8@fBm=|3e{x4wh$`}Q^fB~rng$R6 zH6u^rOqq_L;?6wHQ54YFVq{g48w0FhFvKQXivDzdkjkhdyi)Niu((3Cx-d$JUT?*dWzvH>fHhZ0RRD`Aut~>9R>qc9S#H*1QgF* z)<+MR$gVM+aEm88p9WjcRt1xg0u+CUx_4=C)y0r7gI}UEEGH}shW|Rp{C-S!1Vq^x z^GhtXA#hczfP<|il_^+vT%BPw{!$gQ;d&f^!7P0p_0-5pgxEcQjJB+yS)vE>Y9%LX zxbUlysZ}#MS0yH1n8ls$<@vpbTq2kVZ)(As4#y$~=kdz53QnnwvBxeb`Zs^<+)|8` z%b0(u5Jeas_yt4@wJxG07(qjqv==+6#yhd!U-!XdLQ{xwTORQz-^*%#;wGn;!7ic` zCE?np$@u}a>hzv9s{gL(fDGmuklYF-RZ8LYRTZ`+0vTf%BL_cjy_yf~RPX$c8=6(O sul@%Vc0nEua0lsfoqq97=&u%Lv`XjmKrZSatUCvJZb}Q^NZ1(u60Q#Sp z!vguFjHMcF7%Z$FSNL7`+&NO*TyDg5)qIU6Dk&^A2MUE7A>rv1 zW@Ye1QR+-1qpR1GHnr=9Z5xF_XZj6PP<48alZ2ivHNNLN)B_kcBfN2eD*Wc7X2%+c z8D@Zg$~x}-p++F_ZIVL63N zrIV%^mqu2#?Fiy2&cDouAW(s>DEm`V%^X&L$X@~j0RRD`GB7YO4+aBO9T5ZwFb0PN ze*gdhFdYU1RUHll76cTfF{+$I$DDh1*z#J`L8gQ;zN|?w4F(A+hDe6@4FLfQ1potr z0RaGx9``ae7|%k!GtTZI-EHHwO8mo~hg2I6_qw}o?afKSx?vn`OXda(UYh67E#R~&9vxv0!z^Q6Q@3s7Y@7$rO8kgC8nF2X8X z(OdcKQBAjQh6(8j?1kdb%W1?X6bQ;?%^u15&IARgi7korn$WPn#QSfrXCzW>Hty^q zNd$?wxiNt^XW%kq`^urME3K7`&y00mR`}PNXu+27^ZW4P8a=>^Pw=mjD0& delta 658 zcmV;D0&V@c2d4*+8Y5PJyf>Zz1z0XMFgXAK18FdV17$FR0!^R;0s#U71a6lOu#r7@ z8!Ksb@mM8}#*5_GoX16xEwm4OOD7 zwo`K|M@It$EUU95q5SycYp2Q5xClo>Wu*L)bO4`(FpN`C0338#KbU9LbLu``^bX9a z_olJUkGYy;FH;h0%$pBsr%XshXl+ya+j(yjqx$Kv#W7#zu&a?QB|8NJ~ILX0RRD`Aut~>9R>qc9S#H*1Qc9! z7^)i^to9Bg7$%m@iEhhdnPQWW0u+Cxue%YYw|`>0%u=@W)Z8Y6HUuh%U(Vn=d-Q#bDG2Eq9Muu%Fn;v-p$2?z$SssGovX|$a!#W> z&kkRHbubcIZ<}eg2XKI0hPj-_#DI;e$B~U*tDsgWiiJBbBf(sw6t_Fez$1UFf`YQz z2|c1m)%?ldWqZg~klne@qxy&pO@pd}ILSg++}!z=%hUqkeNF^iH}c~@>n28A5y-kd zIw@mt1ZNP7@aT#z_HwSU6GrMiuv+0A%1zt_7k9hZO%@ICf%mmREmO9Nufiq!iQj~r sGd;RB*-%Y-MtA^72;upzg-#a6`z9c%u1@6y4ASmcNW5LT9z;7GE8Z+Ae*gdg diff --git a/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 index 619adb2ba48782a8ab14fbe413a96c56daa306bd..5da56154f8f0d91ebd36adfb76193e1f74669b3d 100644 GIT binary patch delta 1174 zcmV;H1Zn$<38D!=FoFc00s#Xsf&^Cv2`Yw2hW8Bt2LYgh1V{ve1Vk``1VAu?1Uv=_ zDuzgg_YDCD2B3ljEii%vDFOiiFoFakkw6`Pf8=%|8vOc-XrSyu)O0@&j;B^00s{cU zP=JC1=tnTEraCw^Dr%z1S|9*72gcnCke1f}S%ukyNQZie8W&1PDam?=5c{z0Tl2-g zO>P}xEMNU(6kOXwU_m&hCBn7M)B;#6ir`4QT3g4$0erY)XKx&Yq&_$|DXwzK&)-QGmvP}S*&ijf%whF^Zy#gvOyDY_EVc$34`2XPIu;0^MLY-rf10NK zN3McYmz%I1eQh^&(vLmxkaL;LwYM)bDwhwlC^A9wSzHbDLxIEuQ7cBgdzZR3hQ<2E(OTV(ljP(bLg?@`6HP z3=W`JOJ&)MoqpIF*`?t#DJmi9$(9*y&SGZ5eI?6!CrXRf%RAjd-yKkt#9G=r@_J$* zdNvg9^kY9~1j!8Z4;@Hhz^Qk8jNy-;icc(S(Y!!N6qdCCF75Gu(bdl<$VT2m0_oiw8~P81G)!8=F;$lK8shp`l(?8A zm;(uy9DcJfWbt6M0_mdFqs^m7+vq<)p+gIAQ|oNN8^6OLJng{WPP6+czO|n3vxx%_ za05T2yYaH~y`h+Chxq30M; z`=xi?7mt$_xTgZMV|<&(=farSG%t1FvT}4=%uI3&6z_>JeG$O|wb9r=_(Pg|z3DO} zx^-K{l@qB!gkPz3mG#El7V7Esp*3e_USJolb;JVQT~JmZ$nzxxO^bJ?KP{*v^ar?| z8EuKCV|~L^p{MXi^>Y}1jg{neQZ}MU@qhO_yE!pjpvgQ!p35DtI9bs2uo_1;aS9AW z1Lc};->sN5Lc$86?(PAC=-9+CEv<1$jq7OF@5@aqT)%@lfZ}dJ7ezYWT2Q%VEf}le zsc8u)7?#-&4rEVq1=)^HuQP?k<7}|;Vm<@2dAmAdJV;mujZln#Iw70hiV{jn2(!oM z?_^o3A>JJ5v+}xyf%FNau+LT$1s?oYF48V$(rx@xNVDTATT~KAutIB1uG5%0vZJX1QdM&AI%i2(|i3y o@ohz5Ag>~{v!etQI8A!BPy`1yaseOj`gS(0%VRR+0s{etpx~t-_W%F@ delta 1150 zcmV-^1cCda35p3oFoFbz0s#Xsf&@PX2`Yw2hW8Bt2LYgh1TX}G1S~Lu1Sl|q1SAFt zDuzgg_YDCD2B3lj6)=JX5dr}KFoFaMkw6`P=H($$YB$b(0nd4Usnh=*eefQ30s{cU zP=JC1&^N~0Qz6C;_Z!G9#@v=3##Nua?hGk8jBZ2{*67(tLR-5EG^cF z%{r9H@Za_#AbLE-%dYFrt zIClvDR>k)SP{Jl9TT;hpx9ThRkwUt{MqkNDBX9#WW*>r3zpi%Pb$Bw2)n{N^913$f zR|+=@j8+$`qG8}Ct^kwc4~tIB&gpj!CcfBep?V@EQ^}XQyl%pko``oVY-ja<45r}z z>OO$}nUjsZ?)VgD|DO#h1#sM=9eB`M)hu*?mN{I%S8S$n`cbF?8|(C&Mk+xV;ywx~ zM@ei9#+ax(cv}$;WiPWWzv!R)&$-mH`QFCMp(IH)K?%To8bhcs^rOPjWi+t&cznV+#dq5|DXI{(qqk7qVxM(wr3N)2M8`+6i6pQR_;23?;BT)06 zuTtJ0o)7g${DhmYO5T8y;$UyWycDoP)MU^Oa5GD7613hk;$(z;jxP|_I6xkzR_!+%4+9ONK`(x}XDXWk(@^M#&@3OHfI)PR$>2JIr zjup|CcK8H@uv_v@1Q|S)e`MLQPDs8NIxh zMRh={(rId%6@Q3207^$I(}DsW=j3ljJlZ#P6MLRadO&{u*3re#sVosGZ~Ae28$+)%Wl}< zFg`FLFbM_)D-HuS0vZJX1Qck%8T||6c1tYHlxSoHek6>KqK*U<-wvI3FT=TZOy4$O Q>Q8E$`;N@x0s{etpl5L*F8}}l