From 2c0bf9ac102f394d3eb5f33a467fa8d013790ef2 Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Sun, 12 Oct 2014 17:43:08 +0000
Subject: [PATCH] Use SSLContextBuilder from HttpCore

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1631230 13f79535-47bb-0310-9956-ffa450edef68
---
 .../examples/client/ClientConfiguration.java  |   2 +-
 .../http/examples/client/ClientCustomSSL.java |   2 +-
 .../http/conn/ssl/PrivateKeyDetails.java      |   3 +
 .../http/conn/ssl/PrivateKeyStrategy.java     |   3 +
 .../http/conn/ssl/SSLContextBuilder.java      |   3 +
 .../org/apache/http/conn/ssl/SSLContexts.java |   3 +
 .../conn/ssl/SSLConnectionSocketFactory.java  |   1 +
 .../apache/http/conn/ssl/TrustStrategy.java   |  21 +-
 .../http/impl/client/HttpClientBuilder.java   |   2 +-
 .../http/conn/ssl/TestSSLContextBuilder.java  | 100 ------
 .../http/conn/ssl/TestSSLSocketFactory.java   | 286 ------------------
 .../src/test/resources/hc-test-1.truststore   | Bin 870 -> 0 bytes
 .../src/test/resources/hc-test-2.truststore   | Bin 868 -> 0 bytes
 .../test/resources/test-keypasswd.keystore    | Bin 1378 -> 0 bytes
 httpclient/src/test/resources/test.keystore   | Bin 1344 -> 0 bytes
 15 files changed, 17 insertions(+), 409 deletions(-)
 rename httpclient/src/main/{java => java-deprecated}/org/apache/http/conn/ssl/PrivateKeyDetails.java (95%)
 rename httpclient/src/main/{java => java-deprecated}/org/apache/http/conn/ssl/PrivateKeyStrategy.java (94%)
 rename httpclient/src/main/{java => java-deprecated}/org/apache/http/conn/ssl/SSLContextBuilder.java (99%)
 rename httpclient/src/main/{java => java-deprecated}/org/apache/http/conn/ssl/SSLContexts.java (97%)
 delete mode 100644 httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLContextBuilder.java
 delete mode 100644 httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
 delete mode 100644 httpclient/src/test/resources/hc-test-1.truststore
 delete mode 100644 httpclient/src/test/resources/hc-test-2.truststore
 delete mode 100644 httpclient/src/test/resources/test-keypasswd.keystore
 delete mode 100644 httpclient/src/test/resources/test.keystore

diff --git a/httpclient/src/examples/org/apache/http/examples/client/ClientConfiguration.java b/httpclient/src/examples/org/apache/http/examples/client/ClientConfiguration.java
index 6f7d27a78..ac6aa394c 100644
--- a/httpclient/src/examples/org/apache/http/examples/client/ClientConfiguration.java
+++ b/httpclient/src/examples/org/apache/http/examples/client/ClientConfiguration.java
@@ -61,7 +61,6 @@ import org.apache.http.conn.routing.HttpRoute;
 import org.apache.http.conn.socket.ConnectionSocketFactory;
 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
 import org.apache.http.impl.DefaultHttpResponseFactory;
 import org.apache.http.impl.client.BasicCookieStore;
 import org.apache.http.impl.client.BasicCredentialsProvider;
@@ -80,6 +79,7 @@ import org.apache.http.io.SessionInputBuffer;
 import org.apache.http.message.BasicHeader;
 import org.apache.http.message.BasicLineParser;
 import org.apache.http.message.LineParser;
+import org.apache.http.ssl.SSLContexts;
 import org.apache.http.util.CharArrayBuffer;
 
 /**
diff --git a/httpclient/src/examples/org/apache/http/examples/client/ClientCustomSSL.java b/httpclient/src/examples/org/apache/http/examples/client/ClientCustomSSL.java
index ec3a565f3..5a02bf0d4 100644
--- a/httpclient/src/examples/org/apache/http/examples/client/ClientCustomSSL.java
+++ b/httpclient/src/examples/org/apache/http/examples/client/ClientCustomSSL.java
@@ -36,10 +36,10 @@ import org.apache.http.HttpEntity;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
 import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContexts;
 import org.apache.http.util.EntityUtils;
 
 /**
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyDetails.java b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyDetails.java
similarity index 95%
rename from httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyDetails.java
rename to httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyDetails.java
index 1abb449fe..ff94d4d57 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyDetails.java
+++ b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyDetails.java
@@ -35,7 +35,10 @@ import java.util.Arrays;
  * Private key details.
  *
  * @since 4.3
+ *
+ * @deprecated (4.4) use {@link org.apache.http.ssl.PrivateKeyDetails}.
  */
+@Deprecated
 public final class PrivateKeyDetails {
 
     private final String type;
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyStrategy.java b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyStrategy.java
similarity index 94%
rename from httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyStrategy.java
rename to httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyStrategy.java
index 4238e287c..119869bca 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyStrategy.java
+++ b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyStrategy.java
@@ -33,7 +33,10 @@ import java.util.Map;
  * A strategy allowing for a choice of an alias during SSL authentication.
  *
  * @since 4.3
+ *
+ * @deprecated (4.4) use {@link org.apache.http.ssl.PrivateKeyStrategy}.
  */
+@Deprecated
 public interface PrivateKeyStrategy {
 
     /**
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContextBuilder.java
similarity index 99%
rename from httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java
rename to httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContextBuilder.java
index c71810b87..7e36ee88a 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java
+++ b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContextBuilder.java
@@ -57,8 +57,11 @@ import org.apache.http.annotation.NotThreadSafe;
  * Builder for {@link SSLContext} instances.
  *
  * @since 4.3
+ *
+ * @deprecated (4.4) use {@link org.apache.http.ssl.SSLContextBuilder}.
  */
 @NotThreadSafe
+@Deprecated
 public class SSLContextBuilder {
 
     static final String TLS   = "TLS";
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContexts.java
similarity index 97%
rename from httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java
rename to httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContexts.java
index 32446117e..26ab3e500 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java
+++ b/httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContexts.java
@@ -38,8 +38,11 @@ import org.apache.http.annotation.Immutable;
  * {@link SSLContext} factory methods.
  *
  * @since 4.3
+ *
+ * @deprecated (4.4) use {@link org.apache.http.ssl.SSLContexts}.
  */
 @Immutable
+@Deprecated
 public class SSLContexts {
 
     /**
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java b/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
index 9a5177297..4c5be354c 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
@@ -48,6 +48,7 @@ import org.apache.http.annotation.ThreadSafe;
 import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
 import org.apache.http.conn.util.PublicSuffixMatcherLoader;
 import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
 import org.apache.http.util.Args;
 import org.apache.http.util.TextUtils;
 
diff --git a/httpclient/src/main/java/org/apache/http/conn/ssl/TrustStrategy.java b/httpclient/src/main/java/org/apache/http/conn/ssl/TrustStrategy.java
index c7e3dc12a..53a8091d4 100644
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/TrustStrategy.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/TrustStrategy.java
@@ -26,9 +26,6 @@
  */
 package org.apache.http.conn.ssl;
 
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
 /**
  * A strategy to establish trustworthiness of certificates without consulting the trust manager
  * configured in the actual SSL context. This interface can be used to override the standard
@@ -36,22 +33,6 @@ import java.security.cert.X509Certificate;
  *
  * @since 4.1
  */
-public interface TrustStrategy {
-
-    /**
-     * Determines whether the certificate chain can be trusted without consulting the trust manager
-     * configured in the actual SSL context. This method can be used to override the standard JSSE
-     * certificate verification process.
-     * <p>
-     * Please note that, if this method returns {@code false}, the trust manager configured
-     * in the actual SSL context can still clear the certificate as trusted.
-     *
-     * @param chain the peer certificate chain
-     * @param authType the authentication type based on the client certificate
-     * @return {@code true} if the certificate can be trusted without verification by
-     *   the trust manager, {@code false} otherwise.
-     * @throws CertificateException thrown if the certificate is not trusted or invalid.
-     */
-    boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException;
+public interface TrustStrategy extends org.apache.http.ssl.TrustStrategy {
 
 }
diff --git a/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java b/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java
index 2c0d9c0c7..2b296c7ee 100644
--- a/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java
+++ b/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java
@@ -83,7 +83,6 @@ import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
 import org.apache.http.conn.ssl.DefaultHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
 import org.apache.http.conn.ssl.X509HostnameVerifier;
 import org.apache.http.conn.util.PublicSuffixMatcher;
 import org.apache.http.conn.util.PublicSuffixMatcherLoader;
@@ -118,6 +117,7 @@ import org.apache.http.protocol.ImmutableHttpProcessor;
 import org.apache.http.protocol.RequestContent;
 import org.apache.http.protocol.RequestTargetHost;
 import org.apache.http.protocol.RequestUserAgent;
+import org.apache.http.ssl.SSLContexts;
 import org.apache.http.util.TextUtils;
 import org.apache.http.util.VersionInfo;
 
diff --git a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLContextBuilder.java b/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLContextBuilder.java
deleted file mode 100644
index cf906ba2b..000000000
--- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLContextBuilder.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.http.conn.ssl;
-
-import java.io.InputStream;
-import java.net.URL;
-import java.security.KeyStore;
-import java.security.UnrecoverableKeyException;
-
-import org.junit.Test;
-
-/**
- * Unit tests for {@link org.apache.http.conn.ssl.SSLContextBuilder}.
- */
-public class TestSSLContextBuilder {
-
-    private static KeyStore load(final String res, final char[] passwd) throws Exception {
-        final KeyStore keystore  = KeyStore.getInstance("jks");
-        final ClassLoader cl = TestSSLContextBuilder.class.getClassLoader();
-        final URL url = cl.getResource(res);
-        final InputStream instream = url.openStream();
-        try {
-            keystore.load(instream, passwd);
-        } finally {
-            instream.close();
-        }
-        return keystore;
-    }
-
-    @Test
-    public void testBuildDefault() throws Exception {
-        new SSLContextBuilder().build();
-    }
-
-    @Test
-    public void testBuildAllNull() throws Exception {
-        new SSLContextBuilder()
-                .useProtocol(null)
-                .setSecureRandom(null)
-                .loadTrustMaterial(null)
-                .loadKeyMaterial(null, null)
-                .build();
-    }
-
-    @Test
-    public void testLoadTrustMultipleMaterial() throws Exception {
-        final KeyStore truststore1 = load("hc-test-1.truststore", "nopassword".toCharArray());
-        final KeyStore truststore2 = load("hc-test-2.truststore", "nopassword".toCharArray());
-        new SSLContextBuilder()
-                .loadTrustMaterial(truststore1)
-                .loadTrustMaterial(truststore2)
-                .build();
-    }
-
-    @Test
-    public void testKeyWithAlternatePassword() throws Exception {
-        final KeyStore keystore = load("test-keypasswd.keystore", "nopassword".toCharArray());
-        final String keyPassword = "password";
-        new SSLContextBuilder()
-                .loadKeyMaterial(keystore, keyPassword.toCharArray())
-                .loadTrustMaterial(keystore)
-                .build();
-    }
-
-    @Test(expected=UnrecoverableKeyException.class)
-    public void testKeyWithAlternatePasswordInvalid() throws Exception {
-        final KeyStore keystore = load("test-keypasswd.keystore", "nopassword".toCharArray());
-        final String keyPassword = "!password";
-        new SSLContextBuilder()
-                .loadKeyMaterial(keystore, keyPassword.toCharArray())
-                .loadTrustMaterial(keystore)
-                .build();
-    }
-
-}
diff --git a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java b/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
deleted file mode 100644
index 9ca78a587..000000000
--- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.http.conn.ssl;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLHandshakeException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-
-import org.apache.http.HttpHost;
-import org.apache.http.impl.bootstrap.HttpServer;
-import org.apache.http.impl.bootstrap.ServerBootstrap;
-import org.apache.http.localserver.LocalServerTestBase;
-import org.apache.http.localserver.SSLTestContexts;
-import org.apache.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.HttpContext;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Ignore;
-import org.junit.Test;
-
-/**
- * Unit tests for {@link SSLConnectionSocketFactory}.
- */
-public class TestSSLSocketFactory {
-
-    private HttpServer server;
-
-    @After
-    public void shutDown() throws Exception {
-        if (this.server != null) {
-            this.server.shutdown(10, TimeUnit.SECONDS);
-        }
-    }
-
-    static class TestX509HostnameVerifier implements HostnameVerifier {
-
-        private boolean fired = false;
-
-        @Override
-        public boolean verify(final String host, final SSLSession session) {
-            this.fired = true;
-            return true;
-        }
-
-        public boolean isFired() {
-            return this.fired;
-        }
-
-    }
-
-    @Test
-    public void testBasicSSL() throws Exception {
-        this.server = ServerBootstrap.bootstrap()
-                .setServerInfo(LocalServerTestBase.ORIGIN)
-                .setSslContext(SSLTestContexts.createServerSSLContext())
-                .create();
-        this.server.start();
-
-        final HttpContext context = new BasicHttpContext();
-        final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
-        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-                SSLTestContexts.createClientSSLContext(), hostVerifier);
-        final Socket socket = socketFactory.createSocket(context);
-        final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
-        final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
-        final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
-        try {
-            final SSLSession sslsession = sslSocket.getSession();
-
-            Assert.assertNotNull(sslsession);
-            Assert.assertTrue(hostVerifier.isFired());
-        } finally {
-            sslSocket.close();
-        }
-    }
-
-    @Test
-    public void testBasicDefaultHostnameVerifier() throws Exception {
-        this.server = ServerBootstrap.bootstrap()
-                .setServerInfo(LocalServerTestBase.ORIGIN)
-                .setSslContext(SSLTestContexts.createServerSSLContext())
-                .create();
-        this.server.start();
-
-        final HttpContext context = new BasicHttpContext();
-        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-                SSLTestContexts.createClientSSLContext(), SSLConnectionSocketFactory.getDefaultHostnameVerifier());
-        final Socket socket = socketFactory.createSocket(context);
-        final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
-        final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
-        final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
-        try {
-            final SSLSession sslsession = sslSocket.getSession();
-
-            Assert.assertNotNull(sslsession);
-        } finally {
-            sslSocket.close();
-        }
-    }
-
-    @Test
-    public void testClientAuthSSL() throws Exception {
-        this.server = ServerBootstrap.bootstrap()
-                .setServerInfo(LocalServerTestBase.ORIGIN)
-                .setSslContext(SSLTestContexts.createServerSSLContext())
-                .create();
-        this.server.start();
-
-        final HttpContext context = new BasicHttpContext();
-        final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
-        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-                SSLTestContexts.createClientSSLContext(), hostVerifier);
-        final Socket socket = socketFactory.createSocket(context);
-        final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
-        final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
-        final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
-        try {
-            final SSLSession sslsession = sslSocket.getSession();
-
-            Assert.assertNotNull(sslsession);
-            Assert.assertTrue(hostVerifier.isFired());
-        } finally {
-            sslSocket.close();
-        }
-    }
-
-    @Ignore("There is no way to force client auth with HttpServer in 4.4a1")
-    @Test(expected=IOException.class)
-    public void testClientAuthSSLFailure() throws Exception {
-        this.server = ServerBootstrap.bootstrap()
-                .setServerInfo(LocalServerTestBase.ORIGIN)
-                .setSslContext(SSLTestContexts.createServerSSLContext())
-                .create();
-        this.server.start();
-
-        final HttpContext context = new BasicHttpContext();
-        final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
-        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-                SSLTestContexts.createClientSSLContext(), hostVerifier);
-        final Socket socket = socketFactory.createSocket(context);
-        final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
-        final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
-        final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
-        try {
-            final SSLSession sslsession = sslSocket.getSession();
-
-            Assert.assertNotNull(sslsession);
-            Assert.assertTrue(hostVerifier.isFired());
-        } finally {
-            sslSocket.close();
-        }
-    }
-
-    @Test
-    public void testClientAuthSSLAliasChoice() throws Exception {
-        // TODO unused - is there a bug in the test?
-        final PrivateKeyStrategy aliasStrategy = new PrivateKeyStrategy() {
-
-            @Override
-            public String chooseAlias(
-                    final Map<String, PrivateKeyDetails> aliases, final Socket socket) {
-                Assert.assertEquals(2, aliases.size());
-                Assert.assertTrue(aliases.containsKey("hc-test-key-1"));
-                Assert.assertTrue(aliases.containsKey("hc-test-key-2"));
-                return "hc-test-key-2";
-            }
-
-        };
-
-
-
-        this.server = ServerBootstrap.bootstrap()
-                .setServerInfo(LocalServerTestBase.ORIGIN)
-                .setSslContext(SSLTestContexts.createServerSSLContext())
-                .create();
-        this.server.start();
-
-        final HttpContext context = new BasicHttpContext();
-        final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
-        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-                SSLTestContexts.createClientSSLContext(), hostVerifier);
-        final Socket socket = socketFactory.createSocket(context);
-        final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
-        final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
-        final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
-        try {
-            final SSLSession sslsession = sslSocket.getSession();
-
-            Assert.assertNotNull(sslsession);
-            Assert.assertTrue(hostVerifier.isFired());
-        } finally {
-            sslSocket.close();
-        }
-    }
-
-    @Test(expected=SSLHandshakeException.class)
-    public void testSSLTrustVerification() throws Exception {
-        this.server = ServerBootstrap.bootstrap()
-                .setServerInfo(LocalServerTestBase.ORIGIN)
-                .setSslContext(SSLTestContexts.createServerSSLContext())
-                .create();
-        this.server.start();
-
-        final HttpContext context = new BasicHttpContext();
-        // Use default SSL context
-        final SSLContext defaultsslcontext = SSLContexts.createDefault();
-
-        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(defaultsslcontext,
-                NoopHostnameVerifier.INSTANCE);
-
-        final Socket socket = socketFactory.createSocket(context);
-        final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
-        final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
-        final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
-        sslSocket.close();
-    }
-
-    @Test
-    public void testSSLTrustVerificationOverride() throws Exception {
-        this.server = ServerBootstrap.bootstrap()
-                .setServerInfo(LocalServerTestBase.ORIGIN)
-                .setSslContext(SSLTestContexts.createServerSSLContext())
-                .create();
-        this.server.start();
-
-        final HttpContext context = new BasicHttpContext();
-
-        final TrustStrategy trustStrategy = new TrustStrategy() {
-
-            @Override
-            public boolean isTrusted(
-                    final X509Certificate[] chain, final String authType) throws CertificateException {
-                return chain.length == 1;
-            }
-
-        };
-        final SSLContext sslcontext = SSLContexts.custom()
-            .loadTrustMaterial(null, trustStrategy)
-            .build();
-        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-                sslcontext,
-                NoopHostnameVerifier.INSTANCE);
-
-        final Socket socket = socketFactory.createSocket(context);
-        final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
-        final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
-        final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
-        sslSocket.close();
-    }
-
-}
diff --git a/httpclient/src/test/resources/hc-test-1.truststore b/httpclient/src/test/resources/hc-test-1.truststore
deleted file mode 100644
index d8610f64050053785c5dafbeb5cc615294f4a812..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 870
zcmezO_TO6u1_mY|W(3om8OgdOsl_F_hCmVf#Pn(F7+53pObsj<7?@QInwS*~nwah`
zU}j=uVq)PtcVU(RHygWFo5wi|7G_okgCIj?14TCGP!=v>DaV4u<cw5>;QX|b^2DN4
z1-Jatyp+U}%=|n<aRX71B5q+mkCKuC=ltA){Jhk>l43(40|Af(voNQJvjWH&3Wf#>
z;=G2&24+SEhK43aCKgc={6<C=<_0DPrceQz*xJOn!=Q;#2j)3OAV;35v610#eQ={}
zsgP#SeXlusZ=O8=Cb&Jw=DiEUVLAJTZGmc;uCWeEfxjbddn11BKl*i-!MD@1LvyY-
zS~tj=<bO&_*q%KzVCj<i^Ix!33n(4(-@WqszwO7Qe^`e<Kel3-C_l^Z=5Lpe${l7h
z4H1qKn`rc{^z%CH#Oqq`KPfRw&b{ctc$`U;VR}M9zo;_znN5>+HZ6MH!u=sa<}1i)
z-ybe$y*AtS-swH7W6XAh@2s4%e)lh{S4}^|eYkDeo6-X#!~1q!iS&O~$S%;>u*FlX
zQ2B+AhM4g7^PEOKCzd_55v%GBsp-{tuy~!E_U2`!6Z00=bN^B_P5Ssdsftm>`plA#
z`&I-_=v>i!|6$bA`D~NA)8ZPcLse54eXReT_tau;Y-IqsWAj8MzSC1G`z~_s@_ZZB
z5Ss6B*F7Tb>)+TVWe?XsJKY}7v3y<sf%m2H<&Wp*FAUl@^YP7YSHVA*w{ySBTc^+-
zEByMF$(30jX3FZs9*p^zDyjT5nK|p|IfbIHpX(iVBm}+=?Ob(_``V^W+U!?Yx#F6c
z=4E{ATlxN-)&4mJYga3^EVebUHjo9TBUwHcF&2?@xdj%NR3@vfoe|?Y(S3?V%@rF@
z11XTSAd9epU=wFfesW??Mt*TgJ4-z<(W9hjW&;KTT_zFEvXxt`&d-WBYO`Wm=aBJh
z@k|+iP)u;>pFMDOg_yCdIirT0_x*~{1Dq))yzi9TjF_&m>@;lN(NlBIFOVAm^`l2V

diff --git a/httpclient/src/test/resources/hc-test-2.truststore b/httpclient/src/test/resources/hc-test-2.truststore
deleted file mode 100644
index 20c196463e6fe2ec92721c9e83a3b901427d10b9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 868
zcmezO_TO6u1_mY|W(3om8OgdOsl_F_MnDn!#PsX;7+53pObsj<7?_m|nwaGbnwah^
zU}j=uVq&S~+FN13&Bm_P=5fw~g_)JXAjnYJK#`3(l!Z%J%CR6ZIU`jeI6tkVJh3QM
z!7aZuFD0=gGe6Hz+&~nhh+CM?qokz3IX|}`KQA?}q}Wi%Kma7cEX?WQtN?O`f{}rO
zIIp3xftitkp`nSfiE)$!zmbuJxq*p+DO7+awl*<tH)vwifq9M*$dPAiY-IRbAKWNg
zDx?{7-)oNEn<vk|32qOvdGEq-SkAs-TcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay
z)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMccdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5r
zLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{
z_lFBwug$i-cY4q27_%MWJ1eKG-~G$#RnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;
zRDR*3Att>2Jf~65iDeIM#HzYOYI-#uEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TG
zz7>HJI#)E`e;D<2KHH@3w77=qP}LMhAM1bTJ++t{TNs!c8*I)#czJpDdX-sy$LhcE
zUP-M9iQLlmCrGljaHC}B-3U*8qhm}7HxlQZ@Ly82VzDr@^_}M}9eg`flA?AqDad3=
z6$+gWoVJkv*t3Z@qLSy|Z%Amka@(*=wXk;nu1q_*8!P@DWt6{Fqn!V?*D}yPSH}0n
z1^ZujR`V#$(sYcvBy?79v8{o%fh;f?$?~y?v4}J;emKL#W#`(jpCA8^VK-a2v3)j^
zffPtukVV))u!%D#KRGccBfq$$ouwX_=1~$fvp$1?4wHz*tFX%_gQ~<@|8zWN$(-9R
zckZexlStYz|0A|ZVatsDYUHcUKOAdlb6Cpc@pZ<tbDMX?$2D~+YID@(ZA_K~0Gnz^
AM*si-

diff --git a/httpclient/src/test/resources/test-keypasswd.keystore b/httpclient/src/test/resources/test-keypasswd.keystore
deleted file mode 100644
index 01dd1bbee38cd0a2988d22cc90c5a805bc38fcf6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1378
zcmezO_TO6u1_mY|W&~rQ;>_HFoK)S6l9B@5;?$zD)FPmiU3MAcTp-<V(8Snnz{kd=
z&Bn;WsKq46$jHjT(!^L^a9?QitIV=3C+`IuEX`jR-5$TGqMk4R-^u^8r)AA5S}1tn
z-oeVH#&cJ`xaj8Bv*!Jl2$4pSpnY<tX^fkyl0O{}J$U8857RK)0`a})o@ACc+*SzG
z@nDHr>fM&xzTA2iV_o23v1@s2n)c;cGR-M?d3v^m`iC~H?K{^kU1w-@YtPMExnp5r
zv5AvTEP3_po{Mb54Tr|UwZS`0v^H#D3Rh;GHPz=z_tyV?<vh2o-m>5PTzf|6M{3#;
z<xOorH+C1@(VstAe#W`~Z_OAt7e3w?p~19cwP4D^>%DR7<V{i@-F@@HxZ`ago6nUO
zr8ZMHe7aw_kK^x}nJtgw(w}f|pXPhXs+na@+7it>lh)PTd+c*=qUnat2@2<HXI`zn
zAG)VoU2n#;$l1<02U0(B#H@0zxUZ6+9r|z6!?VWcwH3|JuAkz;E%!ZX>X$d>hl-~3
zOXybJOHN3t6^i|TbwkAyb|wEGe5%u9@9#=<ZO`jTub)}OwdFu`(~n)#C7WIvf}@Nz
zLeJE|l7WG_!Jvt`28gW|Ff%bSF|njQSQ%iz&Bm_P=5fw~g_)JXpt0Xj02qDDp)72|
z?4fztdHLmeFcA(65q5-#vVkH<7niV<V?knaMyf(^ep*R+Vo|DsTYhO?N@7W7ex9M6
zfec6yx3DNwkq0mlIp^mV<maX4l@uEa83=&nnT0uX@{<#DGV+T{4CKUl4UG*<4U7%V
zjZI8VqrhAX14Afx5W2XDaXT;<=)i)N5y+8eYHVcqTOZsgTPma(bl+=^-kT@SzX@&+
zvU%^qa9Ga1VOyYDrfaN&QsD1M+un#@`;UIzW$^9v?9iO+jn)maCi$Pz61Hd03|P8k
z{`?m#)dEU~{CBUs{%`v+=^xhN&yTHGCd$w9yZPJYqjHCtOhbgD#3mYjEB(AqJMp^K
z`%g;Dl5;P5Fdk<TWtg52&@ZaYeP+|7olT2gw{U-mkogL7+V_VGTCdHvy?1)g>KL;f
z;X5m*tl$01>Q&Rva35}4_NMf}$nd^hS0eqN6|xI7Hf-?}D^z~rqah}|{XC~p&xvIZ
zZN#d&Luz_89xPrbr@eVu>BPLn_1wP{O_M(UPO4&5u|Bip<GvMv6FOHk-+vhObUxdp
z?zFgu>QL1bMjz{c=RLKU8(SEd8XKgNogA62Ef6<NocovGCiThWLm%Dk3eDOsNijaO
zddJweB2#AO1!i@dLm3701#US^y?9#TRQQ38GPAlU*?nOp)4E@Lzxvj8&EllgD`E|=
z&fGLRw=q+oXPSG%pPj5>e{(M#&@=fG^rGZ~lTc67cLDE@`PE_;8bJYK%=f0uba8V^
zU94yzZy*ayg0g%pVk{zClA7WYzU>VD+a0CwL0ff2gqa^3N_Jt^XE4xV67iKhz!>`D
zL1(~(`@GwV7x8?mYnsF);vKX&{=povPQeNCD%NV3f3&Web9)Z2#))_KdX~j1j}`bD
Lwq~DYHuwqvL$N2I

diff --git a/httpclient/src/test/resources/test.keystore b/httpclient/src/test/resources/test.keystore
deleted file mode 100644
index 917f83ea7d47dad1a41fe46ff2582cdc4fcd4dd7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1344
zcmezO_TO6u1_mY|W&~rQ;>_HFoK)S6l9B@5;?$zD)FPmie$PwZ>p;5Spoy{DfRBw!
zn~jl$QHx2Ck&%^wrHQfp)N!H413LsXN{ZXQ``u<r>U?Ol=zhzh%HD7v+ePcNw3fbI
zXEfDy{)q;0o*#)n8?w^3Hox7<cq?1*n7hQmt871?tqXnTZ?Y@cdPn6HDfi}L&+sCv
z-$lO+?1LU&$+4Nw=r8l{;Y4wX{k7E$0bBpcZ>e9uB)H8kR(3*Wyk4Pq;2qx+KO16B
z=!T1l=bQK%uzWnpaPxA@mv0}pSRD8rJRwN3PUglAk1ti*xwV(uOxSRTx7s?`*qzVf
z>rW}WgcsY7Oj{Xk#jx^_OIJjIY%)u~hS8)qy;Ef`opN_kX4qC68@1!MlsW%`BYnSm
zmNmvc`|)nc{jg<@$5iCE2VII+w(;Jte(_JnNz0>_H{(_;`F5(ZNWM|Tm_g2dUPegV
z=I@gYT+c9ZGJi3-x%!@8^Pc_vM{Kow!!Pd@xa};me0Rh|zQ@-^;)JfLtME)+b}BsB
zy#Dx|6Kh&y)5Kq}am@<SJ$|L}XrEk{U)&i1@z>g(T9PX{W`8%^_-pSf=Vjn1V~x-=
zHLzr0V2(3rVvYi0@deCGj7&@{zFVu647l0Ywc0$+S+Fp(G8i=W8wvoUk2#cuO_)72
zFFP;4JP#(qfg!?<5K%Tz1nJ@umU1jeOwLGE2+mI{DNig)RdCBM%}Yrv$;{6)lrxY4
zDdH9ug(~s@CL-tj+=BeP)Vz{nLm>kJkUX<6XHI@{VopYWafyMPIIp3hfr*i+p|OdX
zp+OXwYi?u$<qkp@H!*Gp<^mm9urdNU@=T4541eo`8)Zv{G=uJY&Cz@F<oP$j?Ljv0
zT^J6_**9zpRLgXYbx;cY9ckMe@oWFlue%Jsot_<<bG^~JLDnSyQ(D6I?3n>em&~94
zf~8tO>5%{KmDm4mKPLUdI{f*u70X2VS$;QvyL?pcFq3JBaFp0Yqi?03*J&qS*Lwd+
ziCJ>)MGwZ~Ori|a69W20mATJsnzXZN(d!oO4-qn7K~DSra6#*}*|zsi?^zvVwj+FJ
z<&^cie_6e1`Wf!SZOh)29vB(kx9duz|Fc4NfyRa{o??Z{FMKq_gtwpPH0n9A?4gZV
zRd+~Duf~JL>*TaIFDspxx454Bm!fIX$KOd+j4IY=mVDf|B5*?Iist(dqn^%Zo79~a
z*H9g*n!@N~{qMY|7IR|@15;yz>0+P0+f&ZU^(~yTZqkJ5(;fzVun(N4zm%cAvC`jr
z?W<dA8#g3oH7;uXUKQ%^?B?*v@zlI4ll<bcDn6Jt{IL3B=y)PT<@AHlRZEJL#dd$m
zmeI7|FMok~!$JAjDbDeq9Srh+pI11!lf8R+w3*R^MU5_rk8b~|uUpUJ{KWl7mq0s8
zUSKw0FwkWZQT!->VPjchZk>L~m7p`)D%VcVTMrD$hR?;qZEp8AdH*+A%{-4S)wO?4
b)xWi;ALp8_yfsJQWbmc~e~(4!EN}q;sl*hE