Fixes #4481 - Fix NeedWantClientAuthTest for OpenJDK 13.0.2/11.0.6.
Updated the keystores to PKCS12 and added the Basic Constraint CA:true to the server certificate. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet
parent
b75cf1c6a6
commit
6d65799bad
|
|
@ -195,7 +195,7 @@ public abstract class AbstractHttpClientServerTest
|
|||
|
||||
private void configure(SslContextFactory ssl)
|
||||
{
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks");
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12");
|
||||
ssl.setKeyStorePath(keystorePath.toString());
|
||||
ssl.setKeyStorePassword("storepwd");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ public class HostnameVerificationTest
|
|||
server = new Server(serverThreads);
|
||||
|
||||
SslContextFactory serverSslContextFactory = new SslContextFactory.Server();
|
||||
serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
serverSslContextFactory.setKeyStorePassword("storepwd");
|
||||
connector = new ServerConnector(server, serverSslContextFactory);
|
||||
server.addConnector(connector);
|
||||
|
|
@ -76,7 +76,7 @@ public class HostnameVerificationTest
|
|||
server.start();
|
||||
|
||||
// keystore contains a hostname which doesn't match localhost
|
||||
clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
clientSslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
QueuedThreadPool clientThreads = new QueuedThreadPool();
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ public class HttpClientTLSTest
|
|||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -199,7 +199,7 @@ public class Socks4ProxyTest
|
|||
{
|
||||
// The client keystore contains the trustedCertEntry for the
|
||||
// self-signed server certificate, so it acts as a truststore.
|
||||
ssl.setTrustStorePath("src/test/resources/client_keystore.jks");
|
||||
ssl.setTrustStorePath("src/test/resources/client_keystore.p12");
|
||||
ssl.setTrustStorePassword("storepwd");
|
||||
// Disable TLS hostname verification, but
|
||||
// enable application hostname verification.
|
||||
|
|
@ -233,7 +233,7 @@ public class Socks4ProxyTest
|
|||
|
||||
// Wrap the socket with TLS.
|
||||
SslContextFactory.Server serverTLS = new SslContextFactory.Server();
|
||||
serverTLS.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
serverTLS.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
serverTLS.setKeyStorePassword("storepwd");
|
||||
serverTLS.start();
|
||||
SSLContext sslContext = serverTLS.getSslContext();
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ public class TLSServerConnectionCloseTest
|
|||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
QueuedThreadPool clientThreads = new QueuedThreadPool();
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ public class NeedWantClientAuthTest
|
|||
private SslContextFactory.Server createServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
|
@ -141,7 +141,7 @@ public class NeedWantClientAuthTest
|
|||
});
|
||||
|
||||
SslContextFactory clientSSL = new SslContextFactory.Client(true);
|
||||
clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks");
|
||||
clientSSL.setKeyStorePath("src/test/resources/client_keystore.p12");
|
||||
clientSSL.setKeyStorePassword("storepwd");
|
||||
startClient(clientSSL);
|
||||
|
||||
|
|
@ -232,7 +232,7 @@ public class NeedWantClientAuthTest
|
|||
});
|
||||
|
||||
SslContextFactory clientSSL = new SslContextFactory.Client(true);
|
||||
clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks");
|
||||
clientSSL.setKeyStorePath("src/test/resources/client_keystore.p12");
|
||||
clientSSL.setKeyStorePassword("storepwd");
|
||||
startClient(clientSSL);
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ public class SslBytesClientTest extends SslBytesTest
|
|||
sslContextFactory = new SslContextFactory.Client(true);
|
||||
client = new HttpClient(sslContextFactory);
|
||||
client.setMaxConnectionsPerDestination(1);
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
client.start();
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ public class SslBytesServerTest extends SslBytesTest
|
|||
httpParses.set(0);
|
||||
serverEndPoint.set(null);
|
||||
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ public class SslConnectionTest
|
|||
@Test
|
||||
public void testSslConnectionClosedBeforeFill() throws Exception
|
||||
{
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,27 @@
|
|||
Since OpenJDK 13.0.2/11.0.6 it is required that CA certificates have the extension CA=true.
|
||||
|
||||
The keystores are generated in the following way:
|
||||
|
||||
# Generates the server keystore. Note the BasicConstraint=CA:true extension.
|
||||
$ keytool -v -genkeypair -validity 36500 -keyalg RSA -keysize 2048 -keystore keystore.p12 -storetype pkcs12 -dname "CN=server, OU=Jetty, O=Webtide, L=Omaha, S=NE, C=US" -ext BC=CA:true
|
||||
|
||||
# Export the server certificate.
|
||||
$ keytool -v -export -keystore keystore.p12 -rfc -file server.crt
|
||||
|
||||
# Export the server private key.
|
||||
$ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out server.key
|
||||
|
||||
# Generate the client keystore.
|
||||
$ keytool -v -genkeypair -validity 36500 -keyalg RSA -keysize 2048 -keystore client_keystore.p12 -storetype pkcs12 -dname "CN=client, OU=Jetty, O=Webtide, L=Omaha, S=NE, C=US"
|
||||
|
||||
# Generate the Certificate Signing Request.
|
||||
$ keytool -certreq -file client.csr -keystore client_keystore.p12
|
||||
|
||||
# Sign the CSR.
|
||||
$ openssl x509 -req -days 36500 -in client.csr -CA server.crt -CAkey server.key -CAcreateserial -sha256 -out signed.crt
|
||||
|
||||
# Import the server certificate into the client keystore.
|
||||
$ keytool -v -import -alias ca -file server.crt -keystore client_keystore.p12
|
||||
|
||||
# Import the signed CSR.
|
||||
$ keytool -import -file signed.crt -keystore client_keystore.p12
|
||||
Loading…
Reference in New Issue