From 6d65799bada3f48ec073dfd8f4898da4423e4999 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Thu, 16 Jan 2020 15:20:34 +0100 Subject: [PATCH] Fixes #4481 - Fix NeedWantClientAuthTest for OpenJDK 13.0.2/11.0.6. Updated the keystores to PKCS12 and added the Basic Constraint CA:true to the server certificate. Signed-off-by: Simone Bordet --- .../client/AbstractHttpClientServerTest.java | 2 +- .../client/HostnameVerificationTest.java | 4 +-- .../jetty/client/HttpClientTLSTest.java | 2 +- .../eclipse/jetty/client/Socks4ProxyTest.java | 4 +-- .../client/TLSServerConnectionCloseTest.java | 2 +- .../client/ssl/NeedWantClientAuthTest.java | 6 ++-- .../jetty/client/ssl/SslBytesClientTest.java | 2 +- .../jetty/client/ssl/SslBytesServerTest.java | 2 +- .../jetty/client/ssl/SslConnectionTest.java | 2 +- .../src/test/resources/client_keystore.jks | Bin 3956 -> 0 bytes .../src/test/resources/client_keystore.p12 | Bin 0 -> 4541 bytes jetty-client/src/test/resources/keystore.jks | Bin 2206 -> 0 bytes jetty-client/src/test/resources/keystore.p12 | Bin 0 -> 2573 bytes .../src/test/resources/readme_keystores.txt | 27 ++++++++++++++++++ 14 files changed, 40 insertions(+), 13 deletions(-) delete mode 100644 jetty-client/src/test/resources/client_keystore.jks create mode 100644 jetty-client/src/test/resources/client_keystore.p12 delete mode 100644 jetty-client/src/test/resources/keystore.jks create mode 100644 jetty-client/src/test/resources/keystore.p12 create mode 100644 jetty-client/src/test/resources/readme_keystores.txt diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java index 331307b836c..444e639fa3e 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java @@ -195,7 +195,7 @@ public abstract class AbstractHttpClientServerTest private void configure(SslContextFactory ssl) { - Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks"); + Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12"); ssl.setKeyStorePath(keystorePath.toString()); ssl.setKeyStorePassword("storepwd"); } diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java index 16a776dfba1..b10c1289691 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java @@ -60,7 +60,7 @@ public class HostnameVerificationTest server = new Server(serverThreads); SslContextFactory serverSslContextFactory = new SslContextFactory.Server(); - serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); serverSslContextFactory.setKeyStorePassword("storepwd"); connector = new ServerConnector(server, serverSslContextFactory); server.addConnector(connector); @@ -76,7 +76,7 @@ public class HostnameVerificationTest server.start(); // keystore contains a hostname which doesn't match localhost - clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); clientSslContextFactory.setKeyStorePassword("storepwd"); QueuedThreadPool clientThreads = new QueuedThreadPool(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java index f1fc9268c60..39a60a16c6e 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java @@ -122,7 +122,7 @@ public class HttpClientTLSTest private void configureSslContextFactory(SslContextFactory sslContextFactory) { - sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); sslContextFactory.setKeyStorePassword("storepwd"); } diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java index 1816d5947a9..2b2133ea73e 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java @@ -199,7 +199,7 @@ public class Socks4ProxyTest { // The client keystore contains the trustedCertEntry for the // self-signed server certificate, so it acts as a truststore. - ssl.setTrustStorePath("src/test/resources/client_keystore.jks"); + ssl.setTrustStorePath("src/test/resources/client_keystore.p12"); ssl.setTrustStorePassword("storepwd"); // Disable TLS hostname verification, but // enable application hostname verification. @@ -233,7 +233,7 @@ public class Socks4ProxyTest // Wrap the socket with TLS. SslContextFactory.Server serverTLS = new SslContextFactory.Server(); - serverTLS.setKeyStorePath("src/test/resources/keystore.jks"); + serverTLS.setKeyStorePath("src/test/resources/keystore.p12"); serverTLS.setKeyStorePassword("storepwd"); serverTLS.start(); SSLContext sslContext = serverTLS.getSslContext(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java index 310b7acf6c4..4278bab0a67 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java @@ -49,7 +49,7 @@ public class TLSServerConnectionCloseTest { SslContextFactory sslContextFactory = new SslContextFactory.Client(); sslContextFactory.setEndpointIdentificationAlgorithm(null); - sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); sslContextFactory.setKeyStorePassword("storepwd"); QueuedThreadPool clientThreads = new QueuedThreadPool(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java index 6323860c648..815c20932e8 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java @@ -82,7 +82,7 @@ public class NeedWantClientAuthTest private SslContextFactory.Server createServerSslContextFactory() { SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); - sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); sslContextFactory.setKeyStorePassword("storepwd"); return sslContextFactory; } @@ -141,7 +141,7 @@ public class NeedWantClientAuthTest }); SslContextFactory clientSSL = new SslContextFactory.Client(true); - clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks"); + clientSSL.setKeyStorePath("src/test/resources/client_keystore.p12"); clientSSL.setKeyStorePassword("storepwd"); startClient(clientSSL); @@ -232,7 +232,7 @@ public class NeedWantClientAuthTest }); SslContextFactory clientSSL = new SslContextFactory.Client(true); - clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks"); + clientSSL.setKeyStorePath("src/test/resources/client_keystore.p12"); clientSSL.setKeyStorePassword("storepwd"); startClient(clientSSL); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java index bdd7bdc12cc..38ad95fe444 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java @@ -72,7 +72,7 @@ public class SslBytesClientTest extends SslBytesTest sslContextFactory = new SslContextFactory.Client(true); client = new HttpClient(sslContextFactory); client.setMaxConnectionsPerDestination(1); - File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks"); + File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12"); sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath()); sslContextFactory.setKeyStorePassword("storepwd"); client.start(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java index e6df53934dc..16162f34aae 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java @@ -117,7 +117,7 @@ public class SslBytesServerTest extends SslBytesTest httpParses.set(0); serverEndPoint.set(null); - File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks"); + File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12"); sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath()); sslContextFactory.setKeyStorePassword("storepwd"); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java index 5107663ce3c..3ebf8acaa01 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java @@ -42,7 +42,7 @@ public class SslConnectionTest @Test public void testSslConnectionClosedBeforeFill() throws Exception { - File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks"); + File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12"); SslContextFactory sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath()); sslContextFactory.setKeyStorePassword("storepwd"); diff --git a/jetty-client/src/test/resources/client_keystore.jks b/jetty-client/src/test/resources/client_keystore.jks deleted file mode 100644 index 9c31ff30c63b5efe401234d044db32cea9e157df..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3956 zcmeI#c{tSj9tZGQFxhF!l07O*G&9z5kSV*7QI@eC$ymlR!%#w!!7#QYOUO-G#!?ZY zl#pezH`W+JqQ*s(y>QiYPS1JnxzD}#uk+XW_0R`Ed`+czw3ObE~?}rI|zXO4CVqATR(kR~`B3uB*_dVl+LQDxk zuDNMlGuZ+EvKn6xl2907wPG~pTubr{@1 zgdYL_9>7$83;xolAp;NpaTq{$0GJHq2f)ZcE)W?A1kmy9&pU_rz z8p2YH<6*NRwK^*xx?FQ+W^ORYZma+@!OKzaAJuk8bCY|QGh7(hmtG`ga{JDzSI~ok z&Y;T^b)k}W;COZ8GzGnH`3v%?!e&8!N<2{}CWf+jiCx`f|Iv;z%P0&_u9ddnRfp{U zu}xd^lWFk7n)XZSTLEK**~#<>O9HtDNKlGa&}5kXf~~$D+!xuYQEjM-u|F#!&ST`H zeCUxu@AIg}oLt>leh~<0xDM-h{mA@XE5y6Y;*3CC;nTyy!0-ZQyqVr?w$^52++BX) zPyqX-6q^P)&XHJsh$%GJh?Fv}!n7hu&s$X>L0}*N_{RzD9hbcc0Ra@~p|vA*y6OYf z>&`^MThQ=>@s5MrSH1EoWm#epRa-B`2}uTw@sjg%=LYct&KxB!(BwmCws$oIv5YiqK)tVBIddwei5?_odV{P^9T1V!(S zw6a>vMV^^~xS1(p30_Ld)ce>)z*~Ym>GOM}^EZEO-j&j+a9`EBj?gNRz0v^z?0z9W?jb)q zm!Wq90AL5g$ZXqt<=|4{0I~rUL4tez0pCj-;G*CPdroFB&z%FHMA@%%*JF~|Vg% zdU`8MT&C|3wTt2swF_>>T>6SpHL$|s$!eyMz@?3W^!C>SsO6)>o7Ab~n1@puThXG#1lFOq z`}|tf)_RoXR~J?j`HXO+7c(Nz2xt0jSi3@) z-z16iiz~1y*6qRk^|~p@_4|RH8rf(DMgPdvY?47m!61X0Jed*w%DTzcBLuzF5@u4h z8G5X(fU!QX?uNWDcA23b}5@-`$3F>{gcJ)k!JmJ^pCy@{ACxh1}1RHKH zn7v9E^L5oPlYE#j`%IteB+gLl0=*Ba(Q_Amn z{`7RljUiF(Lx>W=Vgn5+m$c9{m6)5AQIM#zGTh_+$413CD%*{o)fcBpO^J7d6x<)u zL!vwn0#X*QX(MxGhSd`Jb8M>~4K>I!(PwrP7b8TVZ#J%a+^tV}D5Z<~dfqnLaTf{W z#n9rv*-03A;@VC$_#wr2(Iz7aca723X1XrwCda9$ykls!-G3PJg(-M-OmHIE-2wh@ zb@;4{Qb}33#Jm=^)t+yeO*7BXv+upmGU$9IrZnKEn^4ch?z&(%U6&MpaTq8akX&w~ zUE2C|TsEM?Ty}UV0}EHi2VSKt>&shRk__}&$c^8w$kWk!8LQo150ZK*{MKmWmTgv- ze}BX;;}0$})$=HN+v-Pd=eFmV^6l5D0{H^5R-^cN&FK+W)pY;kC#2Vi+V`)XGwRq; zC+o3f8fF4$Gua;;6}5_8I_)3NH8pvQyXn(BC4k-BLFJ)B?A7?s+N<5;>GZGlKBkU~ zBswLj-z1Qg${H(C?P4x?95;B=U)!Y|U@B_-r5>xtCMN$b96tcTi^OE^5FMS%5k>dM zFp&pmWw&TkcRyr(ednL0eCXqovQ;}|-fVg2{%xAKgzs!Xsb9;*l}2x$Y^DXa zBU(u8!?Mupov*om0{Uf{n0!y$krZw!?HUOJ&hHv7Xr%b+YF51{KRakqHhF{G#W*^q z$c&ErG&^0#-Y-{3-Na~3Mk(4nbImyTlv#DBX=!WU5EC7Or;RBrrSeSN6Kj^Fh}-X9 zEp&o+p5Cs%b@SDe2Hb|E=ng3x{kjh8G$G|~pdor;QTAqKYA?qRjQqrh;~qZj_V95M z#0hAH47e(YjMxA1Yr_2(<3n-}ADS>Vm>OIip$0=b2=gMoFA={jVFAC>h64(*A@~r8 z!GzzFeSb>i$b(t(C|uHOe-9_Fkp1nm%@6 zLs+pYUexDG);O<8WP_=%Cb23U_jLJELm`R8@XVLQcG8_?<1I#8gCo9hztDRUA!s~h z*kY2h`)DCc44CQCU5}sSV@o{XPPo`?gnMD3H3RM_xb`&p1Hzk>B#^x`^FttHy`miX z@G9x_2?OF(Uo&QS+v2EaEHiptYc1@~3n!-)KVIds%=|WIna`&hRVycNXRx5GLf-@x zx^$$BjgBe#4Bxs~7JvSm7Cvi&_kJF}w%u4G0ajJ$2|R9%sTUZS}#zvVAh;dWNmU zZnH&Y1<)Q1K0a|&%D^~=5;i7F?NE5rmrwi)i0@K; diff --git a/jetty-client/src/test/resources/client_keystore.p12 b/jetty-client/src/test/resources/client_keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..429720049b8b52e4799787f0f4899e49d42bf3e3 GIT binary patch literal 4541 zcmY+IWl$7gw1!z&x{;8O?p#7*X^;k4Qep{VX^=)bmTpkGyCkIqrIBu=VUZ;zq`R*7 z&W*W0zBx0`d(Qd!%$W}aCvHOppn>4TZW!2{5y}zQ_y9~m0i4(p2q!lChmApSbesPd zp&J0<=(_(fKRK zuut{ePq{}$L+OJ6;lLr`UwkXbMw+7C?I7UV37pj#cNVkSV7MTSDO2KdXak&>o$GZPOa5e8QZIkuCVA2lU8ZT^~j$ zGCMBRiXvHP)SI24+6X(OKhfHXBqyq!*E}gjIdNL;3a>qgvqD>yHtqh@r+Oi}4wv|H zJykR_tTZjQDxEm3J|!q>tTjh_x{!7MvwRK=F0tFBTqnZK92?zDxdwUuk!lvp`8H3} zgF92&8M0o{*JkiJfex7@JpO%f^EPBy`IToFMZ39CJ%;&{FP2VKe{6AUwO(?@amFQ& zSD=E7So|1mC^o>(5R_7=yj-&ocVF4xAtzuf?ZgG@k=+c-BRhI_N+s{^%KW%-@WNG& zu&y-3T-!QmWoSH&x5|%rG)TxHo3ikc;=UpEmfS^BQH6z`7W{Q4(LzMdTa*dwGQZq> zqtLnfVSlhb?yZ?y`ufMIPL98_$N_4Vs0QNc_~C2apX!G|*-JjRyX=I8 z;a#xW+W`S=j`S85s_?P;&XHb(jGE4ww6AH4YWr%&HqKpW{Jf55Z|2FXa zlx>e#UrdYH-R4&$dkPD|tI{4)59@XJ>e~^75?&h91UV2b z7iShgrDQtj?5^b0wie81rAu<~H}R#gh784cgiAt0IPTy^Lv5L#Q9eg?AE$jdvxWrC zryE-)RiWj;sJhr|?PMQmh7@?Eo(hOC4dqxyrx(vb^g;Ab=A$>R;m~5BTw!K-F@F1oF(kSEdKq8;Zf&txTjiOdb0}OM$l2|2swcx{xUhLLB=dR^p`cjwWI||Kh{`EcWn}zZOE4r~OX$9|5 z`=~_a-=pW%hG{3^1_{+>=)wrW-YT^d(v{!WHX* zpTM+fOEwQE(XfYo`Vo)0iRUGvd!06w;cpvvJGd@Ze_uyXv5@V}cjq6s=05vk1B2fH zfAu2PZs#{>w|@6|+$IupM$4Rqs*9tp`{eJ$=%RPXeDcxE67f}MR?;ybwV|ka{5mY_BOL<=2KoW<269vNyC?*EmCM&;2?BYXsNX7HL z4!^9%%O$`$EI;q0+YTI*{kZ{h9u@i(Fvj2qMlRbGa=?kPrHr>| zbW^AKF`A&*m z?T)s0qXc?T2Y^Fcgj0f#HCpox9yt)m~rft z_1n&tXJG`P;v}p?Ad0en`?z`9_YU;FpnRXp5p2OJV1`h}$Rqjn@>qXkS~Qyj7^a!=^|6-&>YM?2V)(NyQ~z zcRJ)-7VJ2|r3*HLHv3m&PfUUXe!=u*i-NfQF}18)kTolWWBXY0c6Yf=^ul*h@GBH= z0Uv2*5l>8iK0Y!WtfHBcW-WML8t63pp)739e_1AfxbXf8&o?!%D(~=`c1ae33ckK@ zu7t2wWC;xtr@rQCL#b?lC-|3{pN=AU;{A=HdQ5RFQAlDr?CFYZ>pp;U z{2e(^P;Ij}Xt^@_GPw^hLirkY5aiA4_shb}x8M}l^2n1SNLP2u1m}Q1dKak`1Q8i^ z{=&hDJKVoP70W`*K2_`UYTYKV>vXE@1`l&uTt|~;I^;wnUg*SI{!+c+&78ETeKTmE zYrJ!lb0Xu(O)>DjKlw&fZp}@WdT%yC(*WfLu>tfYE1!T-RzhCj`in?o?@zHFx{K(& zxH(zBh|;CsDkG~$X`C%psU67qpAJ&iTo*(Ij@v$67+&lZxird%d7PT+t59Cw5h(q% zf72OKAbr|HC7fZi>8B^baYXaP)2NgiMSXn{e=xp8RDI34W+Q1K_astA^Ur;WI!1EeW( z9U6QbGcd!TYtQD$7jbBU)H1L-Y_GU{qtYd!pM;E!qcQ?vsVW&Ex|koW9|9)JDKaZd z736dhdhmsjwj~S}HrdQ#@(i+}DX(XtGhy$g%(|mSEhv9{0u-P1{Un-4$;_hJeaSB~ z)wTX2#KKHSf8ZmZUi=1cVx~x$PAO*R-Kmp05$B(C7U}cbSOs>oUb&DHAQ?^`>C?lP zR{JhN_c#(Ofpd;+wS<;MI)%t5KjSG*{W*ew?EM7NomL`mbt9~GKiQ7 zH;#g3i4am&aiAn*?8jlX=S2z6aTn*>3~OsK{rIpwqO>@1Yafz2ivCf1(`E2@^E!>( zxc@oA`i7DI&S^3Us|9cua^(k=duRb0dTHyKysvj6WcC$voZoI~g}kC|77KV0I3cJp zEFsF2CxTE*TbxWqI5uL~5Q+IW(>bw##6;u}@mG#RU#|w4f}1S6YBX!^irslTmp`c2 zS_{XQW$a`py?%Q*h?NXnXlZf^>R(Crs4&#WhoWaPd_1jcW*5Yb#+N>NgAK$!I%Kuh z2YXD4qO#bz0>TL*&D4x*9@MEtZWG(acI0gTU@I)K{TNYSN==>zw|E7z0VkA&-da*p zLhF*qGrsKlB&)S6u&eHsbI^XM9VFi6-N}PwzmiP^^y)pOXr-Hy_>ei0mdiAdi)7h^ z%v<{S`Hts=%bGF?>A0?UtQ*gyyD-V7C^DPW6MhFhU5HciFZEiC%6JXLZfJ;JEdVNU zj4%Z>&fhxrsl3l)D%es$f)N3skH-e?BV_(|FePCc{&j&qY{N~aU zO;gn4iS)xKwvy$3fvHhtLnL+7K;R}Ec($ZovE z+3e2lbK)bKA(F0^?+)As4hs^35+11qz*s7J9@2PQ07E;ei__As2TKz>H*rp$NYZZ( zP1OiVZW1i-eADgKhBRoN>QdZ+iTb>s-}$Nu&pnGiFJiB{oojC@cB}5WTQbBpA6~=x zIb!j%+wGq!`pm`BX5u~%q4O>LsbD;E?H_(U3ejksC|=!7{>_JZhdDhOg#)>d8wq#6 z`yq-7m}6!32q1MH_7x01(Qg|5wx1C;z*MAnJ6^=hxwcpIa{{Wt;y3a+H(OC!uznA- zHp0Fc`_iU@KPJ#jWkoMeRgdq(O!$&!8eV`-MK!qZgJJbMs^y9LI!L>qU3Q4|Z-(kp%)i>U+t_NXA0TcEzcPw0P0!yR> zUss=eyW1o5Q`bg}Zgy>o&F2p{pLJy9vrG)TTUQGQvoeY4x32`TQP_|sTibpI&C&>#O(y)-3G>y1hWo=6%+mUASdNP}sENzt zI0&B$SKZmMblRwO_o@r+qH@Y5gLeDUNxzBPJ^d3z2aGK@`jy>NrI6J~LXYYQL!pQP=HE-=ELR?O~L4 z8vyW~t{SSE_>4;pt!nu52(Fk7D;lIkz)Z@WX3QH~kKD5snmqxd1CUN%AD>Z>k3Kbe zmn(y-)3soa_B0R;>~j5^()fZ-%`7sE<4=$0vz7vSZPJU>NLJz*_s05}Nt8in!niQI zW63RZiu=>bS7`)+;C&okl2@z9i9rPjU+N9&2nJo+)hExSIeFQJ#q88<&@HCGp%`5Z zpG!c^YtPc+BDdY>q_BV&&+0Y%H#9Ov+# zW3lwy2UuNqIMMmE4gQ?S#9WdnBMnO%9>&J;qyA)rgDZ z1~j@eSI}gQUXvj38WiFMwxeHU?4)3Sg#fK(N{QGAlABdBTbI05oqFcppVX%Cu2GC( z6r59on+#`tP!jr1$?vD*c!Q<(&5>Ks3HL8O;G$259Nm@>A;VE4A*<}X^$q&8DvVVT zasr?)*(&jC+*yE(!Z9(|B*F10aO+WuUoa;*{Q%k6wB{)~G0wsWmK&e=NMuN1Hs@uA zJ0W4T6(KI;Q2h1HG6=s?X}&z1w^1X48J3C^jqMm1))_FW?+4$h#6q)7S zJ^^Osv=mxd_}vIH-)zySdfKlr%fiP&VSB+6x`wp5*_)v3ilCZfWXiXft(-{FWU`W9 zRn^{~{Z4{fRqd3H{p+)K-S3bN9Mhg;2Q3f%vp0R<;go91^3uv8f)lAc_vHd30~AX@ z@LjK^e8r$A-V&n^6Pc&^AuQXnKir$#{P@ND9ON z!p1=7B0xi>LPr6TD%^c+FA>OoX!RH7&DXrjt019m0Ft&^Yg>{{@TaT^dA_sw{&fMW MZe@Uq28by54}r3n`2YX_ literal 0 HcmV?d00001 diff --git a/jetty-client/src/test/resources/keystore.jks b/jetty-client/src/test/resources/keystore.jks deleted file mode 100644 index 428ba54776ede2fdcdeedd879edb927c2abd9953..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2206 zcmcgt`9Bkm8{cNkoMUp6gmShKn!AQX*(l6Nj(i=TnQPOKYtv{*Wg>ItE=Q!pRYH8a z$Sp#S#2lYw#aw;$y9u4T}83H*%lp zAKZay0sy=q1Qoo85aAQh;$ zD(c2EIN#D7WwYDLKUg!CotQPD@dp;5FR#bgaace(^x$6g5frD~(_b(MI^J&*A2DRp zf5Q2onfE(zvUb9|9C`66)YFRNM6~xrz4;iVbU=P|*YT2eWHFJJtr+M@zt2qPm)K~rRcqcs=LM12)PX0TT%QO zlf*xkqD3}7l)1J`5W(>=9nR0e6j-<79<11v3ZuXXcQpoCsqY~n`$FN+S}hcVm5Y>G zXnD{@DYs1@{S0z(lW+?86LWKtku$$-(khsh>0qRUXn=84`GRn?77M^_JY`durnN;KE zW#OJ`h<6xcB{I))ekGpc*Ylt}0cx4|OMBDPQvx4`r`}4Ze5_ipdObGMTi3bZHd5PC zcY0;?uBWu$PSvjJeb87nY7ghNv?%M@SoDl6IWt`bQCosfSh$#D6$ea~QhKM^ud2Ut z+9PYJuVpoELmN-A`F$BicO{BSYg@#tS%avVfb}DxL)|NanJ)#zB!2~?#Ot%H7--9N zU$bs0fS5G!m5M4&WK3#a|H|Tgw*?X-;H+Lu@kwA>qSR~7UC7b)7MJXTn6PG>n@8jP zW+}F^X$$c;U~4ryqRF; z>`j!tbLMK4ZGyY643|~?%Mu#fm!l%wAKjBDmd+VYmp3S#$scD$~bxbf|z#)hShN0*AhRaPDcmqrftGlHq4^54MM$Xfy(2> zH8QYVMzmn_oHbvJCB`IN~E&{1*h&0gEM{e zKvWvzp(!BqMX8`t#)~0nq}Wa zr6>FRPyp;AAB&)1$5@;r$23J{K&~>TWjZf7V$wFzmGM95CXhFG1cJNVAXks}C+&2- zbf9Qn*D8N}Afd2kpwDxns3%1uaFhAqDV8ksWiWY|quuLGZ0)SqrJ!Y8yX}@}IyC$C zQ3rCUsn}#>F#D8%D?q~ySy4j&he%Bs{{7V%rl!ui`@KQP?NTi+_iN{cwom&9RaMRR zB~z!hz|0HAgB9_Ijvpe-zr#jLbckJsc>vmo{+im?t8lA;N#fD4?{lb&J0V8Gocq%; f1ihv=QIDh{M_<9V+45Z2{KE4_qW}V3B0uV%GgrOJ diff --git a/jetty-client/src/test/resources/keystore.p12 b/jetty-client/src/test/resources/keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..70d68ea7f44e4ff3a25e26c9d66c4959b764fb47 GIT binary patch literal 2573 zcmY+ES5Om(7KQ^Un9v~!bs2SibxkJ5=0?%BArlGx%BB0dJ zi$Lfl77$&Uz)}{Ld*|NW*@rV{=KKG19zQez2BoJ1q6yFs5U5nVVf+Cz9Rpnn0a_0t zKx@x&6`BC{`d0*Y01?2p=h*UmOd*W_yJCXT(U%ZF$7llR04)iD{U4t{=L5khZ@$&U z+-sk5{&lRx!2AWf2J5mCJrK}o2_k^{Zr>gl?ENt+*xGV{gz=Bcn^m>gQ0qr>-)wsO zJcg?UxBeX6{_z~KCNc%b^=pC0?B&~Ph9YKA=E8rT(YeT~vc`I8tmGTCFxdkSoNQ01 zJWBb zC@I*#Vc96`*b_ch4)~^K<5l(ZyRi79JAp;H^+MGz^gH@;+U$@D*IS^C(W-c>$jgj% zLO);#m+?9Ha+`=7bw8sqVsLQU0Md=a+X)s6qEEo>*y`*}hEC*8L;VPOsR9>%y|*puEgwIS$w9?DCi9kCuO8;`DU~=d+fYZqUC~cA1ndLXm9tX@ zxa=qEJm<@}`#&I=-bK)^H9Sz{eIL;qJ0UmAqVOyp%W78u)bs>Xs5vh`a`Zh3X!nl~ z>Ws9p4s2>|Zmcq0H8X!>3-#m<&A*FbMBZB1$hT0_cAV|^SCKPc;C1lal)G>w>vJ6^ zeR9h`OcoWcDa#JRL?dz*_?*vf1yz0m`Ti8Vb0_)x&q2TAy*#d z-aZM8U~lNn9+nuBFr0TPqkP!}c4P5Po+4s-%aPKfh_K@*^UQRS8|6AjA%JlyBc`@7 z&BHlpc7`5bN`*pa&PIrg*eggQ(I-RkjDJww#dyzyv!l|W`_>Yo6qgsGAa0fttgq$r zC*47^Gf^+(yU^=-QC~ktLAKLWqxIsRN5a+C{IDUu{Agj*-<6JfAIbT)t+iiXmm$>S zL$?{OhfhtrIqRod_V8)>v3junh+>ebQD@ei{kp7|6;7hlFXQ9s-Q^0uVlxpT?hDFO z#92DAPKtY(pflUtD%yQLOeEAI^X2QmMdk@`j}$Gnx`1M*f1S0%Kc?>%+urcb8m&%Z zUZxqNA^r**=I-XT2Er5t3Wc~VT-!0_`9l!oIv9$sLpKItB?>b*W5#{;3+E-q-4Bis zSgfkmwiozy0P1jm+M02s2~cHYV>u1kzWJhkK*Gwd@0v_!UZmPnZ22K(Tvm91Z?F$g zl{Hbu!qG9j9w@M#gQ@{BTbtg$NmO<>C2ldRhPehWeype%0CjFcFEIH>*7BN-M{<_`Hx>U4LR)klZhOwoZbuhSDJng+>NgJuV14Hz_r;A>ncq! zeKr}5<>|dG3+g58aGjGDUO=DYVFKnoz;5V4NSBh4<|ri*bG!S%I1jx$kkm1m->zFQ zZ;W6#HI=zrAN55oLN{K8HuK1%_1)~v`+XTq^kmR+Q6N`g$=u4SG@uP?tQh~zgXg8` zPuK<3G(8*^v8T0O#Xr<~w}(~`euoy7tJ6c%-%ZpVJx#m$d`9#v#Q`R)rid{*NgP{A zs6Xrl%$dVqg3T5`yU6wW9J&R>z)9Ulq}IU1mR~Aqaat}(Usvwr@3CRUZ^a&W^zaSL zm4+tV+Y%&W0~rsADUAq>qrOzt{-9zlS%^S}zwP{a7vDUu;S|iK*M--0t@$ecF>v0l zyevO+f9);y@=6giim~Q!%1cZw#%U2@OK~M#g>|Y~E|HPQk@Tml4|5I85?z`NftWOe z{Pd)mo2v|$xpq>!kh8os$MXamlo6!G!S_;=1SWVdz;u%39ghh+QE()uTwP7()4OkW z0`hsJT5Tg->_DP3p)Mz=ro_fbLnKQ5#x-X#$yU$e(q?xD1xlz%I#VI&s4mFiAv-a= zWtCSwogS480o^D{!j-$X?0i;K(UIT|4b2c`eXLgr@n2jJ3XXw&P}aDngb%3GS!75} zKS>MKZbPQ(UP!S|w%lg=Xsf7tKqB2Qqp^G`K?Z=;Qu3sX8FRZDi{$fD9~Ns?5+3NM zYaj0mo^`M+bdopHc+DDPm$2(i-m9;EOR*UsYocRo4y&WhVgA30??VmW2oo@jE$ z!Ik51Q(9LX02cH3tLjrs??$W<+r$*or%7VU(({~mOc4Jzes9u?)IOCQRFS& zH$C(7j-K|C1J4esdW=}kOS}s*YQPh4A6p|NY8x()7BDlEZ$9-q)KkSWN0m4CbQ>7? zgRVw*QqhCR5ZLH*ju^wE8hH<=UT3q-BZu4S&A+5RjVd8#abV)^-|rCeZ9fSv8y-y(SRRh%+k1c+%?#xjS^rLCPt0v0jyZHyh zj29*9jD~(w{b1oC_QU-+o2pary3Me~CZ!C9d#h8O@IhR9dhOT3U4M4S^h3`8(p=Eu zlHuD-mi24+l4WkpI&yGUzDFzu^Qwx;U&xi>a5zAs5BAvTT3h=4ph~s#A zrTAG38iN)>Lm^;k79c$@7yyFf)iZPpC59Ai9CUs?Pf#}91-3h#+9Q*yn S^}%6b?kO;2g&s&3U-B2ymY+}n literal 0 HcmV?d00001 diff --git a/jetty-client/src/test/resources/readme_keystores.txt b/jetty-client/src/test/resources/readme_keystores.txt new file mode 100644 index 00000000000..9d4d40e2eb5 --- /dev/null +++ b/jetty-client/src/test/resources/readme_keystores.txt @@ -0,0 +1,27 @@ +Since OpenJDK 13.0.2/11.0.6 it is required that CA certificates have the extension CA=true. + +The keystores are generated in the following way: + +# Generates the server keystore. Note the BasicConstraint=CA:true extension. +$ keytool -v -genkeypair -validity 36500 -keyalg RSA -keysize 2048 -keystore keystore.p12 -storetype pkcs12 -dname "CN=server, OU=Jetty, O=Webtide, L=Omaha, S=NE, C=US" -ext BC=CA:true + +# Export the server certificate. +$ keytool -v -export -keystore keystore.p12 -rfc -file server.crt + +# Export the server private key. +$ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out server.key + +# Generate the client keystore. +$ keytool -v -genkeypair -validity 36500 -keyalg RSA -keysize 2048 -keystore client_keystore.p12 -storetype pkcs12 -dname "CN=client, OU=Jetty, O=Webtide, L=Omaha, S=NE, C=US" + +# Generate the Certificate Signing Request. +$ keytool -certreq -file client.csr -keystore client_keystore.p12 + +# Sign the CSR. +$ openssl x509 -req -days 36500 -in client.csr -CA server.crt -CAkey server.key -CAcreateserial -sha256 -out signed.crt + +# Import the server certificate into the client keystore. +$ keytool -v -import -alias ca -file server.crt -keystore client_keystore.p12 + +# Import the signed CSR. +$ keytool -import -file signed.crt -keystore client_keystore.p12