Repository: activemq-artemis Updated Branches: refs/heads/master e6d260749 -> c915ed1d9
ARTEMIS-1882 verify PKCS12 keystores work Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/3602713a Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/3602713a Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/3602713a Branch: refs/heads/master Commit: 3602713a7e8b3488410174c513480742e0427c4e Parents: e6d2607 Author: Justin Bertram <[email protected]> Authored: Wed May 23 13:12:44 2018 -0500 Committer: Clebert Suconic <[email protected]> Committed: Thu May 24 11:58:43 2018 -0400 ---------------------------------------------------------------------- .../ssl/CoreClientOverOneWaySSLTest.java | 24 ++++++++++++++++--- .../ssl/CoreClientOverTwoWaySSLTest.java | 24 +++++++++++++++---- .../src/test/resources/client-side-keystore.p12 | Bin 0 -> 2589 bytes .../test/resources/client-side-truststore.p12 | Bin 0 -> 1194 bytes .../resources/other-client-side-truststore.p12 | Bin 0 -> 1202 bytes .../resources/other-server-side-keystore.p12 | Bin 0 -> 2605 bytes .../src/test/resources/server-side-keystore.p12 | Bin 0 -> 2589 bytes .../test/resources/server-side-truststore.p12 | Bin 0 -> 1194 bytes .../resources/verified-client-side-keystore.p12 | Bin 0 -> 2565 bytes .../verified-client-side-truststore.p12 | Bin 0 -> 1162 bytes .../resources/verified-server-side-keystore.p12 | Bin 0 -> 2565 bytes .../verified-server-side-truststore.p12 | Bin 0 -> 1162 bytes 12 files changed, 40 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java ---------------------------------------------------------------------- diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java index aeb7524..6217dbd 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java @@ -58,13 +58,18 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { @Parameterized.Parameters(name = "storeType={0}") public static Collection getParameters() { - return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}}); + return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}, {"PKCS12"}}); } public CoreClientOverOneWaySSLTest(String storeType) { this.storeType = storeType; - SERVER_SIDE_KEYSTORE = "server-side-keystore." + storeType.toLowerCase(); - CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + storeType.toLowerCase(); + String suffix = storeType.toLowerCase(); + // keytool expects PKCS12 stores to use the extension "p12" + if (storeType.equals("PKCS12")) { + suffix = "p12"; + } + SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix; + CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + suffix; } public static final SimpleString QUEUE = new SimpleString("QueueOverSSL"); @@ -97,6 +102,19 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase { * keytool -genkey -keystore verified-server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" * keytool -export -keystore verified-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore verified-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt + * + * Commands to create the PKCS12 artifacts: + * keytool -genkey -keystore server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt + * + * keytool -genkey -keystore other-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=Other ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore other-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore other-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt + * + * keytool -genkey -keystore verified-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore verified-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore verified-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt */ private String storeType; private String SERVER_SIDE_KEYSTORE; http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java ---------------------------------------------------------------------- diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java index 609174e..9c814e9 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java @@ -58,15 +58,20 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { @Parameterized.Parameters(name = "storeType={0}") public static Collection getParameters() { - return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}}); + return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}, {"PKCS12"}}); } public CoreClientOverTwoWaySSLTest(String storeType) { this.storeType = storeType; - SERVER_SIDE_KEYSTORE = "server-side-keystore." + storeType.toLowerCase(); - SERVER_SIDE_TRUSTSTORE = "server-side-truststore." + storeType.toLowerCase(); - CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + storeType.toLowerCase(); - CLIENT_SIDE_KEYSTORE = "client-side-keystore." + storeType.toLowerCase(); + String suffix = storeType.toLowerCase(); + // keytool expects PKCS12 stores to use the extension "p12" + if (storeType.equals("PKCS12")) { + suffix = "p12"; + } + SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix; + SERVER_SIDE_TRUSTSTORE = "server-side-truststore." + suffix; + CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + suffix; + CLIENT_SIDE_KEYSTORE = "client-side-keystore." + suffix; } public static final SimpleString QUEUE = new SimpleString("QueueOverSSL"); @@ -91,6 +96,15 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase { * keytool -genkey -keystore verified-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA * keytool -export -keystore verified-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample * keytool -import -keystore verified-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt + * + * Commands to create the PKCS12 artifacts: + * keytool -genkey -keystore client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt + * + * keytool -genkey -keystore verified-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA + * keytool -export -keystore verified-client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample + * keytool -import -keystore verified-server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt */ private String storeType; http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/client-side-keystore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/client-side-keystore.p12 b/tests/unit-tests/src/test/resources/client-side-keystore.p12 new file mode 100644 index 0000000..f36af7c Binary files /dev/null and b/tests/unit-tests/src/test/resources/client-side-keystore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/client-side-truststore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/client-side-truststore.p12 b/tests/unit-tests/src/test/resources/client-side-truststore.p12 new file mode 100644 index 0000000..de15aa4 Binary files /dev/null and b/tests/unit-tests/src/test/resources/client-side-truststore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 new file mode 100644 index 0000000..4f06c03 Binary files /dev/null and b/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 b/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 new file mode 100644 index 0000000..40384bf Binary files /dev/null and b/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/server-side-keystore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/server-side-keystore.p12 b/tests/unit-tests/src/test/resources/server-side-keystore.p12 new file mode 100644 index 0000000..f9f4dab Binary files /dev/null and b/tests/unit-tests/src/test/resources/server-side-keystore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/server-side-truststore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/server-side-truststore.p12 b/tests/unit-tests/src/test/resources/server-side-truststore.p12 new file mode 100644 index 0000000..f8daaa3 Binary files /dev/null and b/tests/unit-tests/src/test/resources/server-side-truststore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 b/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 new file mode 100644 index 0000000..3cee34a Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 new file mode 100644 index 0000000..d95f854 Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 b/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 new file mode 100644 index 0000000..fcf3969 Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 differ http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 ---------------------------------------------------------------------- diff --git a/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 new file mode 100644 index 0000000..619adb2 Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 differ
