From 13e034fc5f904f5a79aef21bbdf01016aac3293b Mon Sep 17 00:00:00 2001
From: Lachlan Roberts <lachlan@webtide.com>
Date: Fri, 10 Jul 2020 12:19:28 +1000
Subject: [PATCH] Issue #5019 - add testing for the SslKeyStoreScanner

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
---
 .../jetty/ssl/reload/KeystoreReloadTest.java  | 212 ++++++++++++++++++
 .../src/test/resources/badKeystore            | Bin 0 -> 2457 bytes
 .../test/resources/jetty-logging.properties   |   4 +
 .../src/test/resources/newKeystore            | Bin 0 -> 2071 bytes
 .../src/test/resources/oldKeystore            | Bin 0 -> 2303 bytes
 5 files changed, 216 insertions(+)
 create mode 100644 jetty-ssl-reload/src/test/java/org/eclipse/jetty/ssl/reload/KeystoreReloadTest.java
 create mode 100644 jetty-ssl-reload/src/test/resources/badKeystore
 create mode 100644 jetty-ssl-reload/src/test/resources/jetty-logging.properties
 create mode 100644 jetty-ssl-reload/src/test/resources/newKeystore
 create mode 100644 jetty-ssl-reload/src/test/resources/oldKeystore

diff --git a/jetty-ssl-reload/src/test/java/org/eclipse/jetty/ssl/reload/KeystoreReloadTest.java b/jetty-ssl-reload/src/test/java/org/eclipse/jetty/ssl/reload/KeystoreReloadTest.java
new file mode 100644
index 00000000000..e5aeaf7c4a9
--- /dev/null
+++ b/jetty-ssl-reload/src/test/java/org/eclipse/jetty/ssl/reload/KeystoreReloadTest.java
@@ -0,0 +1,212 @@
+//
+//  ========================================================================
+//  Copyright (c) 1995-2020 Mort Bay Consulting Pty Ltd and others.
+//  ------------------------------------------------------------------------
+//  All rights reserved. This program and the accompanying materials
+//  are made available under the terms of the Eclipse Public License v1.0
+//  and Apache License v2.0 which accompanies this distribution.
+//
+//      The Eclipse Public License is available at
+//      http://www.eclipse.org/legal/epl-v10.html
+//
+//      The Apache License v2.0 is available at
+//      http://www.opensource.org/licenses/apache2.0.php
+//
+//  You may elect to redistribute this code under either of these licenses.
+//  ========================================================================
+//
+
+package org.eclipse.jetty.ssl.reload;
+
+import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.time.Duration;
+import java.util.Calendar;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.eclipse.jetty.http.HttpVersion;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
+import org.eclipse.jetty.util.log.StacklessLogging;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+public class KeystoreReloadTest
+{
+    private static final int scanInterval = 1;
+    private Server server;
+
+    public static void useKeystore(String keystore) throws Exception
+    {
+        Path keystoreDir = MavenTestingUtils.getTestResourcePath("keystoreDir");
+        Path keystorePath = keystoreDir.resolve("keystore");
+        if (Files.exists(keystorePath))
+            Files.delete(keystorePath);
+
+        if (keystore == null)
+            return;
+
+        Files.copy(MavenTestingUtils.getTestResourceFile(keystore).toPath(), keystorePath);
+        keystorePath.toFile().deleteOnExit();
+    }
+
+    @BeforeEach
+    public void start() throws Exception
+    {
+        useKeystore("oldKeystore");
+
+        String keystore = MavenTestingUtils.getTestResourceFile("keystoreDir/keystore").getAbsolutePath();
+        SslContextFactory sslContextFactory = new SslContextFactory.Server();
+        sslContextFactory.setKeyStorePath(keystore);
+        sslContextFactory.setKeyStorePassword("storepwd");
+        sslContextFactory.setKeyManagerPassword("keypwd");
+
+        server = new Server();
+        SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
+        HttpConfiguration httpsConfig = new HttpConfiguration();
+        httpsConfig.addCustomizer(new SecureRequestCustomizer());
+        HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpsConfig);
+        ServerConnector connector = new ServerConnector(server, sslConnectionFactory, httpConnectionFactory);
+        connector.setPort(8443);
+        server.addConnector(connector);
+
+        // Configure Keystore Reload.
+        SslKeyStoreScanner keystoreScanner = new SslKeyStoreScanner(sslContextFactory);
+        keystoreScanner.setScanInterval(scanInterval);
+        server.addBean(keystoreScanner);
+
+        server.start();
+    }
+
+    @AfterEach
+    public void stop() throws Exception
+    {
+        server.stop();
+    }
+
+    @Test
+    public void testKeystoreHotReload() throws Exception
+    {
+        URL serverUrl = server.getURI().toURL();
+
+        // Check the original certificate expiry.
+        X509Certificate cert1 = getCertificateFromUrl(serverUrl);
+        assertThat(getExpiryYear(cert1), is(2015));
+
+        // Switch to use newKeystore which has a later expiry date.
+        useKeystore("newKeystore");
+        Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+
+        // The scanner should have detected the updated keystore, expiry should be renewed.
+        X509Certificate cert2 = getCertificateFromUrl(serverUrl);
+        assertThat(getExpiryYear(cert2), is(2020));
+    }
+
+    @Test
+    public void testReloadWithBadKeystore() throws Exception
+    {
+        URL serverUrl = server.getURI().toURL();
+
+        // Check the original certificate expiry.
+        X509Certificate cert1 = getCertificateFromUrl(serverUrl);
+        assertThat(getExpiryYear(cert1), is(2015));
+
+        // Switch to use badKeystore which has the incorrect passwords.
+        try (StacklessLogging ignored = new StacklessLogging(SslKeyStoreScanner.class))
+        {
+            useKeystore("badKeystore");
+            Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+        }
+
+        // The good keystore is removed, now the bad keystore now causes an SSL Handshake exception.
+        assertThrows(SSLHandshakeException.class, () -> getCertificateFromUrl(serverUrl));
+    }
+
+    @Test
+    public void testKeystoreRemoval() throws Exception
+    {
+        URL serverUrl = server.getURI().toURL();
+
+        // Check the original certificate expiry.
+        X509Certificate cert1 = getCertificateFromUrl(serverUrl);
+        assertThat(getExpiryYear(cert1), is(2015));
+
+        // Delete the keystore.
+        try (StacklessLogging ignored = new StacklessLogging(SslKeyStoreScanner.class))
+        {
+            useKeystore(null);
+            Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+        }
+
+        // The good keystore is removed, having no keystore causes an SSL Handshake exception.
+        assertThrows(SSLHandshakeException.class, () -> getCertificateFromUrl(serverUrl));
+
+        // Switch to use keystore2 which has a later expiry date.
+        useKeystore("newKeystore");
+        Thread.sleep(Duration.ofSeconds(scanInterval * 2).toMillis());
+        X509Certificate cert2 = getCertificateFromUrl(serverUrl);
+        assertThat(getExpiryYear(cert2), is(2020));
+    }
+
+    public static int getExpiryYear(X509Certificate cert)
+    {
+        Calendar instance = Calendar.getInstance();
+        instance.setTime(cert.getNotAfter());
+        return instance.get(Calendar.YEAR);
+    }
+
+    public static X509Certificate getCertificateFromUrl(URL serverUrl) throws Exception
+    {
+        SSLContext ctx = SSLContext.getInstance("TLS");
+        ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
+        SSLContext.setDefault(ctx);
+
+        HttpsURLConnection connection = (HttpsURLConnection)serverUrl.openConnection();
+        connection.setHostnameVerifier((a, b) -> true);
+        connection.connect();
+        Certificate[] certs = connection.getServerCertificates();
+        connection.disconnect();
+
+        assertThat(certs.length, is(1));
+        return (X509Certificate)certs[0];
+    }
+
+    private static class DefaultTrustManager implements X509TrustManager
+    {
+        @Override
+        public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+        {
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] arg0, String arg1)
+        {
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers()
+        {
+            return null;
+        }
+    }
+}
diff --git a/jetty-ssl-reload/src/test/resources/badKeystore b/jetty-ssl-reload/src/test/resources/badKeystore
new file mode 100644
index 0000000000000000000000000000000000000000..568291d71eddf760f6456162653859a89a397b18
GIT binary patch
literal 2457
zcmY*ZS5Om(7EQ;{OCo^{(xMP05^88mkfn$e#n4v;l`2I#f(1x45{NVrkRky@n$nS?
z2nZrgiWDJ8?<F)9h*BPJ=e^z8xpU9GbIvV)2Tz7S0Rh2yGTaOXKS@1H-R1#u02yRB
z5kiJ*9?}Fn8A|z=1oelIq27nI$6>m{xc;}r%?SiC$dF%nGGrT%g>n9$K0N*#1d+2o
zvQAQ|<dS0Hrb@FaW*V?R6hUA>(*+0_(mIbI>Yxt_=ns}m!L{{NwO_^$zH}SVh!xHx
zQd>nRIvH6L)P6>L@9sqDh|i7ctkIstm%M7YOl@W{VK2WsO~q5_-7xRf*vb)pz=O9f
z^fJ{ru^~Srw>KG{QCr_y9@oyf4Cu*<?W^y!FiA}U;_m}jtV?icKS=8luVc1z6%&z5
zZ>+GBgNwSe)$Rv)q5Q8pe4t2{F0Sof52SVPR?^PJ{M#Qi+;}yZN+O*lV_VM72B_Aq
z0(2;kD`nv78n#^1ET{nO<QpeYx=82uk>XDp%_yvg3za09q{U`@UI_JH?{73c7TI9{
zwvN7TI6aod=AM*pwb6E0rUMseVz$cA@0Z&7>tt3{rv-OhP=o&AG@ZKR32M-!@MVjV
zJ$UU*0--!2g`~o1R+BgXtxNe;Rp93z>x~}8PsbTb?Ol`Kw=e>tf=o)`M{=K*{Oi@%
zQA^tstW&47Ow{~Wx9!yu+{45yEKdvT=20SoN=0_{e{bMP8qqV86QghrN8PLqKM=ca
z**(>`70-40)$lW{kiilHOSXM^4#a%LaE(kL5N?gC`;?3(eN4{wx@}1L#9cg&s}G$U
z9?k42euWtqB3|qbQnagJ2jBx<6QE)&VC#^5{MR*m`jDqD4C*!@zp`dI=NH&+yR%{{
zL+>&9sV2@91U*j&D^G$~BFslRkb#A<mmJb$2Hc!u{KO-cYPYEQA(B6HtJ~gmz>vPt
zOVovIfa*p9sxjAWs?nm3jH#a?aMEw~$OBSfjM*FS8Dfg<@jEN`qo2wIe#yVx;pIGY
zS?}grn93Lym2*8qG$m+fUy|=L=&^0TZ8_4aoi^rE_M=4g;$RL<ECWwub$>el`N50$
zip&nmi01)ZZ5?AK+(AgpRTYunmBJ`Qx-h6o_S3Qj9Hrx?Xlt4wot~Z=ndJJ}t*Vhy
z>3iMV%_<pa6D`MLPqk`B$I#w*8+FdtSNavea=jUU%KMN~Kd4lbX>NZM9b4%pUo5w*
zAt8y}@0ag$K66A6BybyH(m~G?Bwq29H#fQwF-ezVA~CwX)qcC9eW{u8l0B2sft$HY
zk{+FvMf*J71+DV2B4G<ixQ=#8@z`>4M-3$y{Y6P(IKar?2>Q(S($p<!;q$|2{miSS
zB2qr6j>+fgh`}>WCbEv0E*8<t&4;Aw8S31W3Mg>a1kFs_r8VenxtEL|X}ZsSg>@!s
z=XxYhnj}=gn1Cv8)(m5lUKDcx8w|W09vvsbR-be#)6ay&1w+jZWTN76rXAn9o#f?|
zHDYJwzAo|9rE_+vdbcD<n+u#c?iDwitgl>^X9>8V_`~om5ZHD{`hFbdL@iMYbNThY
z-w+>*_ZH=kcJXxa=4X_zn~tMbzj;|SG$-bVwG|nJ499W;?%B^}c)2eb#%1TjsMlj3
zS8bm)Z8N>1o;oe{=5|XRLs8xQz1{|07_paDc>3&jtBsc#+Dz+}$&F<j>pOYqq|Nop
zS}^LUUMX)MkGJ{<n~*RRRg4Y`oac+6Ni+==bTY*k4x|fe9Mz7{GU|g*)h5~<-6<?G
z7Gpw;R6CI<UI}e*ob26UZC&)WNXcG)Ke4*S?c^(ZpWQw8BhJ&*d-Lc>6}B_XOu-JX
z^0!sO5el-$P5^EIoB;lZ5e&c`q7%UH5ODza!!G!*{wBZ|;Dnd_XAP-<fCyT+c{)ib
zsHiI|DJ!bs)fEUTcry6q-$NWQ1{s`wNIeAs0f#029|ia??}h!>dpX8;w?eQ9Ge^1F
zQ%^lwDa5uXG5_-3Ff!QYhalSQocNM}kUqDf+(d#sjs|eA@&3ZkR`Zu0xj|)CkLz<k
zaK%&~1k3fEOtufK8KRx}WW>%I*pHEu3p~KU=UH@at*T-C+ZQ6-98PZS*sMnEpM;{r
zk6B~kqT)AvXJ<T3HZ-(`2oL=yxkC)jSuxI!O`Cp~%f{B%%SrTqG*cFdwo(wByWv5o
zN-|TF$IU-AJc3aCm2g%%CGzU*1H$P>TCt7R+BNs2Wika`Wh4tS6K!!%rpgm3c{Ae=
z%^$ij$6UfX!7f|VL0_ZN#?-WR>ju*Ad%`X5UFdbp9{kcDx@dQ^HWGO<z_nHr8(5`<
z0R*9_Mr(Iho6=<l_i|k8ig_vD1K(!qUEnCu29@wKgLs8jq1crzX2nx<6urWjBs4h2
z!<G!^kg#NjOJ~NwFH&6M9Q4bM36br(#sZo5z~+K~mb^SKYFJJp*y3QpSQ&@)hl!Z9
zpDfm$(=rQ>1?t{&w)UZ8IJnp%{j)m(YlOZWuQ`&<bFQL@L3;id`dy9CUe?5qPlm5?
z=(K>T{ET$xY_xum@F#0TVM7R4bir|#OD=-i3@WE@S=b8{$$n7d1G4SY&bTD;I}-?Z
z@OifVTEiUce@$tn#gb^^%mq7cU9h<@?3rcRe5p96Pb4)_U9hv|NJ^T$&(<a6#(1jR
z<JqDK+Q_3onA7vd9(s+STYR0hD4VM^ONPIQv<kQYwjS<(WDm^aI0x3x4i3Q&@C8AQ
zkM4GjUR<Q**uJxC9_sj()?Z%z%O|7EWc_4J?(aZe@!b3+W8f{17S&j|SNwgx?o_S<
zHILuQaISaBco7i4!;&$D+APy{`N^bHCS8c_6SrCDvy<5J$lzd9po78<P0K=cOI$6Q
z@GLrVhiww^(61ax+0}$DwD*K4^{NWXo{;n}yXDTeH!vVrMW8ND`P?4y6jVpBOieK6
z(w#e(xmJJYja*g+OM)Ghpb98)hji@}XNZ>XBdJ=f|Ac>+J7>V)J5r9)<;=Ftew@@6
z+p}L~3}nn91P9v<&s#nzQQNEATvwDK_5{7K*@a{(>M)S`?@EWFN1o=?_62BMw&V=&
z?5gS#SzOL4sH;)l&%GkQDX(*^CIA(J*xmDRv`xEL=@H_J*TzfY;V|eaUNA@$3V<L&
ybRtkzjTXJ{fTWUknLmDoH+=MmAe>#+TzRAWgttEM>B`+s#2BpP6obG(D&s$JS8wG2

literal 0
HcmV?d00001

diff --git a/jetty-ssl-reload/src/test/resources/jetty-logging.properties b/jetty-ssl-reload/src/test/resources/jetty-logging.properties
new file mode 100644
index 00000000000..6af29424dc1
--- /dev/null
+++ b/jetty-ssl-reload/src/test/resources/jetty-logging.properties
@@ -0,0 +1,4 @@
+org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StdErrLog
+org.eclipse.jetty.deploy.LEVEL=WARN
+org.eclipse.jetty.util.Scanner=WARN
+org.eclipse.jetty.ssl.reload.LEVEL=DEBUG
diff --git a/jetty-ssl-reload/src/test/resources/newKeystore b/jetty-ssl-reload/src/test/resources/newKeystore
new file mode 100644
index 0000000000000000000000000000000000000000..133fc4ead39773e902330933d5dcb1313e8a12e1
GIT binary patch
literal 2071
zcmV+y2<Z3z?f&fm0006200031000316KZ92ba^dwWpi{bYh`(JbZ>HH0004VGm@@~
z000F5FoFd9Fb)O^D+U1s0V)C!0RaU71cC(U{wI^t3YE`=z}E|&JEa+8N6rw|yD3y4
zAN*HyF5vS<;(7i3@TH+4$ET8=hax^i-@`A~Ex%nWK~s=()Z)S`0>S-HdMt2S!dugs
zHSi;)A=gNO6XJA%w4$OD8Npr{g-nb{=kEP+v`_Vo0!T{0$u;ESx2}3^@unzW;6Js=
zPU8^-crX&@&`ifO%4-%DNK|n9a8^ATViZyTF^mbk_)=Ac8u4#2`;-QPlD|IZ%&s+k
zrhwJ_O}-_L;t$K|dKx)7@y}}XmGUIDBjsgt-&-{-ks&fDyY)acP*^CXTWLqW!mIfl
zQcSl_kh^^Zaw{n~E_$9v2c98@ICWD!ly699aqre)kTGw`nbW9w2yVUZfIaRtQrIoM
z&FY5GL!-UAY2q!Hb5*S`l!=3&?ldM#Q)~qX<}HLe0AHVjgNkb6lcNAdB%NSOG~xFo
zXR@HCIh@>jCW_10eM>C{(qF*E!oe`tP?2Om!fsIU?m+CK5C!j6`4~-N{Zs-F(+4Cv
z()#C!*v5|pu!tMiSOdFK#}E+V)*->CFh;<k)e+q<F0(=_iKzbk3s8Y5%B%rq1}=zu
z=<YiPM;>s8_H4DOqj-aQoSKM?A>(>u>1W<&6&75woCz?5TtS%rL(RjfPA{5*-^Bz`
z&B$PCo2A*i9yI2)aDV!e;~$MdJFt_gNb=wo8tw&uAv9!1Z!@r189|@T%z`~?oXEvn
zLB;x4ob&{2@9Z1ZZ`(`NOeAD<De)3*Gj1|gIb2&2a0tM@stYwyYatu~GMnFl+}sKh
zYGEcboc!}n^M7Rd&l?X3DkWHuO!ptZL9iE}E0UuvO`3sDNi*f@BO-Uj{2|#|X-C8b
zZgZn!U>Lyw>(4D7u)=H22Gnd*fs4~Nz~N`$HNnTT4uXHUEllS$7r-w;aD0q;UuMFF
z;veO^nF+b1Qlx%Kd$F^+q{?$9Owf8&{W(1Uc^okiTZdZ;sODd{ZSj@oAj<i{$=ct+
z@HbHxU>sCHD3@$LOTH5Suv^fT<4sWJ<mR^ko4mW!?Dr-X#4Mb|C*|y2AL^aF2S46I
z_Tp!~u<)d?V(!cLyC=pUBjfsU!nlbXo;&7k{MqteJgMiNK$yArYVk>XlAGa(nUrwN
zN-!k-GWbkER{+|N?X8K%I*JL+g`7FBGyq+5#A4~o!8umpVg__yU|L!xIr-Bbbx2cO
z`VAG1Wn6M@2PvWiH{(}DMGQQ@&7}>y@!We_`k<01f2h9*-?FuR#%PMEf?#J)ZmlVY
z@d>Ov*MP4lU&as*%mbFd=ij>n=oiHVcT@!s5-qAnf1Et1r)s7pe-v#1pc|NWZ5oVi
zyLUC;kzg*fIv=`R*4h9V4tOPQ>()((4QkO{BXO<KM3Hg~yj@&(2A00$=yiN;u@sQs
z4C)qIYjh4VDK5kXqXWwTAD>g00GlRWE@l|%pSRBCY+i{7Yw3j5sQjOEzOh(b6Ejo~
z&A98fLQgHX)*kOnf19D@m!GB9C+#P*{kd}Q0ytdFp5dv99h%1KeLoGx2U&AqOaOXD
z4){lXQrr%}C{d3>4pP!SF;!Q+QFL(az%-6X25%!V*=f_#TT%e^`mvjJkt#@UgPL$_
zFmQ=|nS8BaCvA!i@wue)1r~%qtFBKaXQ%WyX|(t?<0+GQ0000100mesH842<00P4>
zf&#xVf&r(X0|Eg80t9m|*Ca3v1_>&LNQU<f0RamI05A|S4loP`162eH69sBzbaZ(z
z9v2NVFfcbTIWaOZHZw3<7Y#BnF)%PUF)}eWGcZ~(5HSug3<d*L1PT)cYGrhEc`$+j
zA}|dG2`Yw2hW8Bt0RaU71A+k$05F093Ic)w0RV^aroH1P6JfJp<konZ)9RaAuOE2(
z>yR6n?!E9Zya?f@^W5SBggm)v#!;oZ1CJO$_Fzcg2<MmkK`fS%CNiEwM_KBtr&po1
zH@N_{^znDjxm<Vcg;jjKyV(xR7ifoRji$;FI?Ty^z`hJR&46kPRj8TOT%H^}ObnWK
zT=NC#Td0IG%;XGI1GX?+;{l?`ntz&ghzNK2wkI8%s9N7Q3{CrmuvHW26pNuK{4~h=
z&Fh4ms6vzOGmljkJSmr`o##4dKo;y7o4C;aA$VPN-%=&Q*pE+XaaS(3%9|8|T(-|X
znEM(%aIvWaBSzx&6Eg$ywVpGb7Njd7D8&K;0RRD`Aut~>9R>qc9S#H*1QaUvR}e>W
zuhYx_Sz4e_D!#?={6H`b1_>&LNQU<f0RamI00V*n0RR$^N;xmM8viYOmBe{&cvhAr
zIz$Y$1ZopY2MQqHDMsvZZ|KF1Tg3L0im$_dn0|NM>jflyiJJgX&|NRC{VF3;m+~d#
zlTCCrz*zlxK-D14CB?qkV-XZBVEB^o+clQU^v0vpJ-7H@@t}8z4mh5y8Iry2GIM+{
z7Lt*Ey=$+QpSbWMGu33S{s?U06!c4pM!aglWxFVrQ>&1K@O!lyH5#W?6)Z2NgG&S7
z>o^%(^7(;D5=5E8!b6Q0T4gg)=z#Kv8q--$dnylevZcMy$N54AT;Ptp7N3{4?FF^9
zwMsLbbPI6a<EhD8pj+n4%S5ll@YFT&R&y0d@XkrzuDE2ksYGTn;lnn1A>Vt%@+&%y
Bv6TP-

literal 0
HcmV?d00001

diff --git a/jetty-ssl-reload/src/test/resources/oldKeystore b/jetty-ssl-reload/src/test/resources/oldKeystore
new file mode 100644
index 0000000000000000000000000000000000000000..8325b026098e23fd9b3cd6607fc55c63c247a45a
GIT binary patch
literal 2303
zcmd6o`8O2&9>-^~WNgDUjg);~hG9mAFtYCkL*kKb7$XcCF^Y#tJocq-M4s%8L?IPQ
zkwnZB4Ur`#VQeX)XyU4S@43%8_aC@Fe13Sp&-ZiA=e$4P^ZM+r?ydp=0MLE`e-&?N
z5S2>XSB_Cq-_!sAUI2>D!$pbkK{WV)JV14j7!b${;Gy$y3XMHRSvnI2ZR_;7RXOj?
zZTnjLn_TM4qXB5*%~{dvx>08>g}hP|nu{UhWZR5EM10RNMMIOeRsoO!o-gsSnOolO
zWc-psgp1--%-S-(oD**_YzRb9FJ_rRn)5B@*0Zl1&x5C592D?t3cp>lE1CA4G*SEx
z0BaDd7VPuDVyfbwT<^&WsdcV&O7ZN<Pzt<dE?}SgO4@8;KExzds<?G*L8?whGAL-9
zMTE`wi_G~{VKehAJ@1`Jo(}Q+EYTwE)y0kvu1oT9Cj;-7wMtq|^dfW)&zt-v{_=g$
zFkSR<!xITS<5rW?Glx#AFVh2JZFB6q#wS$cJN{~@>oMfeN^UI7a5cgF5(&|U8!J!Q
zB+bQZYo4nwy+6fnc}MdMx}-Uu(zb`g9^t!_u2$EgPXJB%AI3b*xcS6t)@-C<2X4DJ
zSeSxYZiY$}S0mnb?45MEAj9x~r{3r;?a<ya7A@kwN|yNiAsilnTUJw6NfdIT$N#~e
z^Ag7>+cqD1A$PRx`S#uE&8k9^A)f`T#m6rOk%{q;3RQy~jP-!2UMZ{yH*!|AK2*%d
z#ZrD`>-&TgZui)hF>&idC8NQF-@*1))0MVqBX6eFqoM)+-a%qP3X*SfA%%c-yA1x(
zvXfV~qnIe16DV`U<W;27Vdq=22-XFA=V+sUh%=dl;~fc83SR3GgM*|14(mekJY2zY
zJ*7MNfkly|t_m6Ie>zz)yXQ$p$HbnR_?rBEw@Y@g^Y7}6IK$3GvN#|k_b4wklCvP4
zg;`qAJ1Q`Qr5Y@&5A2mQZr{CoDQkQ_3cpsmXzR3ui>MZAdff}r4A&5MJpbWr>^I+G
zvcKh4^Gs3aHk&Aas|lUhoB5?xW3V1sRG-m7Ik?GIs%fur0I;B^lTvFBmxt~V;W(9V
z7*eA{WM{V4fl=EQ$84`TMq+H><H8fIFtvw21`1)&5(p@TZDSNY`(bfNfv;kQ>)hAJ
zpNj&Cd3TlX+LQ{oj#qRWxRv+Fd37s^TO0S>VG`Jw<`Em3RKHgZec7TfTz!4aK1G6H
zU+A~%H&V=LJK}=P4JKVakQpo5Uzd~qu#-1Lp6aiAsjJ1hn6DsfBKG>g(tx=VM$GxD
z&$E8Sy3qp%wp3%Y=jl@$Tb8I#xb8z6F0z8paLFlCGfc+uLYulm#ZLaGRsl@Uir0U1
zB5Bv4G37rx?OJ@eOGt|Z*pjHZ>t-<glaNonI=4$juK$23L~mX3V8{I%qb(OZYT_ct
zt$Yb@{W|X*wCDXZsS&D@keH@!>1h*X^e!zgweE!_o*R4E^LNGqKzVxd`JJfZVfPwI
zQgZ>qt}DScoTXu&=~|@QF!Fxa_ajnfnCt7>7P-CAaUhcL@p4X!jPGnFEx82rI(<;T
z`3E}h+mr9Lq@;E%@7ayaFQSYe<D-?S4T~5>)&_}Ohz`7YwCk%?rqgweGrC4XA|1j#
zes~SxE&XSb<AFZL`pQ)j(c|)CxD4r&ci>Z3`(+&vT%zVEdmW_M2u14FZO3J9)#~YL
z_pg8^EauZ~w1B1A>O<Tdrsx1`8!qXE3mNs@X#Mia8NAc=ywthW?V&=xeFG(arGm+1
ze{HIm$>99?D#=5>Mg{<VaX$zHl#`gQ)E=j(RT)>jBeaq^Lp5$Qw4Hxp(NjwgWdHzx
zTTygy3yKaZEdzsqAP^6)TZ;lpm`^}G)h6|;Fc2uX56t8Y9q2wW!R|bKFn;%lGZB>7
zi2pbT{>S0}ucM4o{MiM8NjXxYsj_DNG+A>>#MziIDmj8Ai>K1GWF4qPEgcb*(9d^*
zFkZW#wAPVCN&M7cnAk6RYXt>{kt5FrX;Gp{C~1VSjvh)+7p0?v#-h+(za&-%`)~RG
zH7p${|MxKWFAbOu6x}~TKnREq1OifoG*q$YuM+js#yC;rVoaQ>v%c&CT576`vAv8K
zG7pIFh5JMVPF6)f#NVkQ-Cbk$Pek89XVu;lDVub{2#P+UI_f?6YGXX#d4UO+Moz)W
zvAZuM@c07mxLC36Zx{=q+>*EQK@`34Q&H<R*WZJC-dy4Q6)GbN*)S`PTV5Ga{hoJk
zPsx&^>?Bigt)Dvf0$sMbY_^k{?p>5<qVZOd!eNJa*vV@lSBl>dK9<R!1n;l_E$4EE
z*S?3e&)P6W+XO=ccq0-`k!bND+HH-jIoRWTHY{>D^hloMqN!dVGR{yr`e~Neq}Z?|
zD>o|%4Y@SrNA<N<Z;lDp27!S9V5J;N1|_w>a48X<Lp%pFTOfC=b_!Wdz2zmX`I?_m
z{X4FI4{`rT?uQ5jXc1GnyTq6TAp2^4$+<x>%VRSlNfaVBWQ6`aC)Ki&FJ!0o`iBZY
z&m;=DbncZd;o2$fvTxE*TzMMVkqoAl8{rUA?ISDx*}<FnY1ZP-IT>oYQkh4>u%xdW
zXL1QHr#;?=xuQ~d&b=v@>^{hhxlAD_>9alq%%G!r)#vOelxM-iB=GM6<m$__&*yKX
zzdqmF*m^NKJ4_YM{D_y*l)K;M5L_gJ^cbNn)Kf8sOcOPxLRndZ;`xp3>84XBU|kmX
zlG3}aCnG_K(9mYVbjy`DH$S<@^uCwiIp$sK=iUTik<2(Mh+<BaqN4U<ZQ-Pggs)bR
fxAnU54^BbfHI|;pD#JL49u`BWN#^u;#+v^VTn_J*

literal 0
HcmV?d00001