Repository: qpid-jms Updated Branches: refs/heads/master 785487b81 -> 1f2f4aa65
QPIDJMS-229: add ability to set an SSLContext via the ConnectionFactory This facilitates use of hardware security modules, and other cases where supplying path configuration via the URI options isn't suitable. Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/1f2f4aa6 Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/1f2f4aa6 Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/1f2f4aa6 Branch: refs/heads/master Commit: 1f2f4aa6565ed465545c87eda3d09540f37afa15 Parents: 785487b Author: Robert Gemmell <[email protected]> Authored: Thu Dec 15 12:37:05 2016 +0000 Committer: Robert Gemmell <[email protected]> Committed: Thu Dec 15 12:37:05 2016 +0000 ---------------------------------------------------------------------- .../apache/qpid/jms/JmsConnectionFactory.java | 18 +++ .../apache/qpid/jms/meta/JmsConnectionInfo.java | 17 +++ .../qpid/jms/provider/amqp/AmqpProvider.java | 5 +- .../apache/qpid/jms/transports/Transport.java | 12 +- .../jms/transports/TransportSslOptions.java | 12 ++ .../qpid/jms/transports/TransportSupport.java | 13 +- .../jms/transports/netty/NettyTcpTransport.java | 9 +- .../apache/qpid/jms/JmsQueueConnectionTest.java | 1 - .../jms/integration/SslIntegrationTest.java | 134 +++++++++++++++++++ .../jms/transports/TransportSslOptionsTest.java | 55 ++++---- .../transports/netty/NettySslTransportTest.java | 12 +- .../transports/netty/NettyTcpTransportTest.java | 22 +-- .../transports/netty/NettyWsTransportTest.java | 4 +- qpid-jms-client/src/test/resources/README.txt | 19 ++- .../src/test/resources/broker-jceks.keystore | Bin 2671 -> 2673 bytes .../src/test/resources/broker-jceks.truststore | Bin 776 -> 777 bytes .../src/test/resources/broker-jks.keystore | Bin 2698 -> 2700 bytes .../src/test/resources/broker-jks.truststore | Bin 776 -> 777 bytes .../src/test/resources/broker-pkcs12.keystore | Bin 3212 -> 3212 bytes .../src/test/resources/broker-pkcs12.truststore | Bin 1000 -> 1000 bytes .../resources/broker-wrong-host-jks.keystore | Bin 2711 -> 2712 bytes .../src/test/resources/broker-wrong-host.crt | 16 +-- .../src/test/resources/broker-wrong-host.csr | 12 +- qpid-jms-client/src/test/resources/broker.crt | 16 +-- qpid-jms-client/src/test/resources/broker.csr | 12 +- .../src/test/resources/ca-pkcs12.keystore | Bin 1508 -> 1508 bytes qpid-jms-client/src/test/resources/ca.crt | 16 +-- .../src/test/resources/client-jceks.keystore | Bin 2668 -> 2679 bytes .../src/test/resources/client-jceks.truststore | Bin 776 -> 777 bytes .../src/test/resources/client-jks.keystore | Bin 2695 -> 2699 bytes .../src/test/resources/client-jks.truststore | Bin 776 -> 777 bytes .../resources/client-multiple-keys-jks.keystore | Bin 4617 -> 4625 bytes .../src/test/resources/client-pkcs12.keystore | Bin 3204 -> 3220 bytes .../src/test/resources/client-pkcs12.truststore | Bin 1000 -> 1000 bytes qpid-jms-client/src/test/resources/client.crt | 18 +-- qpid-jms-client/src/test/resources/client.csr | 12 +- .../src/test/resources/client2-jks.keystore | Bin 0 -> 2703 bytes qpid-jms-client/src/test/resources/client2.crt | 18 +-- qpid-jms-client/src/test/resources/client2.csr | 12 +- .../src/test/resources/other-ca-jks.truststore | Bin 794 -> 794 bytes qpid-jms-client/src/test/resources/other-ca.crt | 16 +-- 41 files changed, 350 insertions(+), 131 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/main/java/org/apache/qpid/jms/JmsConnectionFactory.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/JmsConnectionFactory.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/JmsConnectionFactory.java index 1fdb7fc..61e3ac9 100644 --- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/JmsConnectionFactory.java +++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/JmsConnectionFactory.java @@ -32,6 +32,7 @@ import javax.jms.QueueConnection; import javax.jms.QueueConnectionFactory; import javax.jms.TopicConnection; import javax.jms.TopicConnectionFactory; +import javax.net.ssl.SSLContext; import org.apache.qpid.jms.exceptions.JmsExceptionSupport; import org.apache.qpid.jms.jndi.JNDIStorable; @@ -102,6 +103,8 @@ public class JmsConnectionFactory extends JNDIStorable implements ConnectionFact private JmsMessageIDPolicy messageIDPolicy = new JmsDefaultMessageIDPolicy(); private JmsDeserializationPolicy deserializationPolicy = new JmsDefaultDeserializationPolicy(); + private SSLContext sslContext; + public JmsConnectionFactory() { } @@ -259,6 +262,7 @@ public class JmsConnectionFactory extends JNDIStorable implements ConnectionFact connectionInfo.setPresettlePolicy(presettlePolicy.copy()); connectionInfo.setRedeliveryPolicy(redeliveryPolicy.copy()); connectionInfo.setDeserializationPolicy(deserializationPolicy.copy()); + connectionInfo.setSslContextOverride(sslContext); PropertyUtil.setProperties(connectionInfo, properties); connectionInfo.setUsername(username); @@ -859,6 +863,20 @@ public class JmsConnectionFactory extends JNDIStorable implements ConnectionFact this.populateJMSXUserID = populateJMSXUserID; } + /** + * Sets an SSLContext to use when creating an SSL/TLS secured connection with this factory. + * The URI must still be configured to indicate a secure connection should be created. + * Using this method overrides the effect of URI/System property configuration relating + * to the location/credentials/type of SSL key/trust stores and whether to trust all + * certificates or use a particular keyAlias. + * + * @param sslContext + * the sslContext to use, or null to respect the URI/System property configuration again. + */ + public void setSslContext(SSLContext sslContext) { + this.sslContext = sslContext; + } + //----- Static Methods ---------------------------------------------------// /** http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/main/java/org/apache/qpid/jms/meta/JmsConnectionInfo.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/meta/JmsConnectionInfo.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/meta/JmsConnectionInfo.java index 43d8b5d..e095249 100644 --- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/meta/JmsConnectionInfo.java +++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/meta/JmsConnectionInfo.java @@ -19,6 +19,8 @@ package org.apache.qpid.jms.meta; import java.net.URI; import java.nio.charset.Charset; +import javax.net.ssl.SSLContext; + import org.apache.qpid.jms.policy.JmsDefaultDeserializationPolicy; import org.apache.qpid.jms.policy.JmsDefaultMessageIDPolicy; import org.apache.qpid.jms.policy.JmsDefaultPrefetchPolicy; @@ -73,6 +75,7 @@ public final class JmsConnectionInfo implements JmsResource, Comparable<JmsConne private JmsDeserializationPolicy deserializationPolicy; private volatile byte[] encodedUserId; + private SSLContext sslContextOverride; public JmsConnectionInfo(JmsConnectionId connectionId) { if (connectionId == null) { @@ -315,6 +318,20 @@ public final class JmsConnectionInfo implements JmsResource, Comparable<JmsConne this.messageIDPolicy = messageIDPolicy; } + /** + * SSLContext to use for SSL/TLS connections. Overrides URI/System property transport configuration. + * + * @param sslContextOverride + * the sslContext to use, or null to respect the URI/System property configuration again. + */ + public void setSslContextOverride(SSLContext sslContextOverride) { + this.sslContextOverride = sslContextOverride; + } + + public SSLContext getSslContextOverride() { + return sslContextOverride; + } + public boolean isPopulateJMSXUserID() { return populateJMSXUserID; } http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java index b59859b..74d5bb4 100644 --- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java +++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpProvider.java @@ -29,6 +29,7 @@ import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; import javax.jms.JMSException; +import javax.net.ssl.SSLContext; import org.apache.qpid.jms.JmsTemporaryDestination; import org.apache.qpid.jms.message.JmsInboundMessageDispatch; @@ -181,6 +182,8 @@ public class AmqpProvider implements Provider, TransportListener , AmqpResourceP protonTransport.bind(protonConnection); protonConnection.collect(protonCollector); + SSLContext sslContextOverride = connectionInfo.getSslContextOverride(); + try { transport = TransportFactory.create(getTransportType(), getRemoteURI()); } catch (Exception e) { @@ -190,7 +193,7 @@ public class AmqpProvider implements Provider, TransportListener , AmqpResourceP transport.setTransportListener(AmqpProvider.this); try { - transport.connect(); + transport.connect(sslContextOverride); } catch (Exception e) { connectionRequest.onFailure(IOExceptionSupport.create(e)); } http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java index 26843ba..c0eaf6f 100644 --- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java +++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/Transport.java @@ -20,6 +20,8 @@ import java.io.IOException; import java.net.URI; import java.security.Principal; +import javax.net.ssl.SSLContext; + import io.netty.buffer.ByteBuf; /** @@ -28,12 +30,16 @@ import io.netty.buffer.ByteBuf; public interface Transport { /** - * Performs the protocol connect operation for the implemented Transport type - * such as a TCP socket connection etc. + * Performs the connect operation for the implemented Transport type + * such as a TCP socket connection, SSL/TLS handshake etc. + * + * @param sslContextOverride + * a user-provided SSLContext to use if establishing a secure + * connection, overrides applicable URI configuration * * @throws IOException if an error occurs while attempting the connect. */ - void connect() throws IOException; + void connect(SSLContext sslContextOverride) throws IOException; /** * @return true if transport is connected or false if the connection is down. http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java index 834f022..d0a393b 100644 --- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java +++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSslOptions.java @@ -20,6 +20,8 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import javax.net.ssl.SSLContext; + /** * Holds the defined SSL options for connections that operate over a secure @@ -52,6 +54,7 @@ public class TransportSslOptions extends TransportOptions { private boolean verifyHost = DEFAULT_VERIFY_HOST; private String keyAlias; private int defaultSslPort = DEFAULT_SSL_PORT; + private SSLContext sslContextOverride; static { INSTANCE.setKeyStoreLocation(System.getProperty("javax.net.ssl.keyStore")); @@ -262,6 +265,14 @@ public class TransportSslOptions extends TransportOptions { this.defaultSslPort = defaultSslPort; } + public void setSslContextOverride(SSLContext sslContextOverride) { + this.sslContextOverride = sslContextOverride; + } + + public SSLContext getSslContextOverride() { + return sslContextOverride; + } + @Override public TransportSslOptions clone() { return copyOptions(new TransportSslOptions()); @@ -289,6 +300,7 @@ public class TransportSslOptions extends TransportOptions { copy.setKeyAlias(getKeyAlias()); copy.setContextProtocol(getContextProtocol()); copy.setDefaultSslPort(getDefaultSslPort()); + copy.setSslContextOverride(getSslContextOverride()); return copy; } http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java index 5f6ddb6..d12ff4b 100644 --- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java +++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/TransportSupport.java @@ -55,6 +55,10 @@ public class TransportSupport { * Creates a Netty SslHandler instance for use in Transports that require * an SSL encoder / decoder. * + * If the given options contain an SSLContext override, this will be used directly + * when creating the handler. If they do not, an SSLContext will first be created + * using the other option values. + * * @param remote * The URI of the remote peer that the SslHandler will be used against. * @param options @@ -65,7 +69,14 @@ public class TransportSupport { * @throws Exception if an error occurs while creating the SslHandler instance. */ public static SslHandler createSslHandler(URI remote, TransportSslOptions options) throws Exception { - return new SslHandler(createSslEngine(remote, createSslContext(options), options)); + SSLContext sslContext = options.getSslContextOverride(); + if(sslContext == null) { + sslContext = createSslContext(options); + } + + SSLEngine sslEngine = createSslEngine(remote, sslContext, options); + + return new SslHandler(sslEngine); } /** http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java index f1678af..94a5cb7 100644 --- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java +++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/transports/netty/NettyTcpTransport.java @@ -23,6 +23,8 @@ import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; +import javax.net.ssl.SSLContext; + import org.apache.qpid.jms.transports.Transport; import org.apache.qpid.jms.transports.TransportListener; import org.apache.qpid.jms.transports.TransportOptions; @@ -109,7 +111,7 @@ public class NettyTcpTransport implements Transport { } @Override - public void connect() throws IOException { + public void connect(SSLContext sslContextOverride) throws IOException { if (listener == null) { throw new IllegalStateException("A transport listener must be set before connection attempts."); @@ -118,7 +120,10 @@ public class NettyTcpTransport implements Transport { final SslHandler sslHandler; if (isSecure()) { try { - sslHandler = TransportSupport.createSslHandler(getRemoteLocation(), getSslOptions()); + TransportSslOptions sslOptions = getSslOptions(); + sslOptions.setSslContextOverride(sslContextOverride); + + sslHandler = TransportSupport.createSslHandler(getRemoteLocation(), sslOptions); } catch (Exception ex) { // TODO: can we stop it throwing Exception? throw IOExceptionSupport.create(ex); http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsQueueConnectionTest.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsQueueConnectionTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsQueueConnectionTest.java index 8b9fb1d..b6c48f4 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsQueueConnectionTest.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsQueueConnectionTest.java @@ -21,7 +21,6 @@ import javax.jms.JMSException; import javax.jms.ServerSessionPool; import javax.jms.Session; -import org.junit.After; import org.junit.Before; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java index cfedb21..41128d1 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/SslIntegrationTest.java @@ -22,6 +22,7 @@ package org.apache.qpid.jms.integration; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -51,6 +52,8 @@ public class SslIntegrationTest extends QpidJmsTestCase { private static final String BROKER_JKS_TRUSTSTORE = "src/test/resources/broker-jks.truststore"; private static final String CLIENT_MULTI_KEYSTORE = "src/test/resources/client-multiple-keys-jks.keystore"; private static final String CLIENT_JKS_TRUSTSTORE = "src/test/resources/client-jks.truststore"; + private static final String CLIENT_JKS_KEYSTORE = "src/test/resources/client-jks.keystore"; + private static final String CLIENT2_JKS_KEYSTORE = "src/test/resources/client2-jks.keystore"; private static final String PASSWORD = "password"; private static final String CLIENT_KEY_ALIAS = "client"; @@ -192,4 +195,135 @@ public class SslIntegrationTest extends QpidJmsTestCase { assertNull("Attempt should have failed locally, peer should not have accepted any TCP connection", testPeer.getClientSocket()); } } + + /** + * Checks that configuring different SSLContext instances using different client key + * stores via {@link JmsConnectionFactory#setSslContext(SSLContext)} results + * in different certificates being observed server side following handshake. + */ + @Test(timeout = 20000) + public void testCreateConnectionWithSslContextOverride() throws Exception { + assertNotEquals(CLIENT_JKS_KEYSTORE, CLIENT2_JKS_KEYSTORE); + assertNotEquals(CLIENT_DN, CLIENT2_DN); + + // Connect providing the Client 1 details via context override, expect Client1 DN. + doConnectionWithSslContextOverride(CLIENT_JKS_KEYSTORE, CLIENT_DN); + // Connect providing the Client 2 details via context override, expect Client2 DN instead. + doConnectionWithSslContextOverride(CLIENT2_JKS_KEYSTORE, CLIENT2_DN); + } + + private void doConnectionWithSslContextOverride(String clientKeyStorePath, String expectedDN) throws Exception { + TransportSslOptions serverSslOptions = new TransportSslOptions(); + serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE); + serverSslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE); + serverSslOptions.setKeyStorePassword(PASSWORD); + serverSslOptions.setTrustStorePassword(PASSWORD); + serverSslOptions.setVerifyHost(false); + + SSLContext serverContext = TransportSupport.createSslContext(serverSslOptions); + + TransportSslOptions clientSslOptions = new TransportSslOptions(); + clientSslOptions.setKeyStoreLocation(clientKeyStorePath); + clientSslOptions.setTrustStoreLocation(CLIENT_JKS_TRUSTSTORE); + clientSslOptions.setKeyStorePassword(PASSWORD); + clientSslOptions.setTrustStorePassword(PASSWORD); + + SSLContext clientContext = TransportSupport.createSslContext(clientSslOptions); + + try (TestAmqpPeer testPeer = new TestAmqpPeer(serverContext, true);) { + JmsConnectionFactory factory = new JmsConnectionFactory("amqps://localhost:" + testPeer.getServerPort()); + factory.setSslContext(clientContext); + + testPeer.expectSaslPlain("guest", "guest"); + testPeer.expectOpen(); + testPeer.expectBegin(); + + Connection connection = factory.createConnection("guest", "guest"); + connection.start(); + + Socket socket = testPeer.getClientSocket(); + assertTrue(socket instanceof SSLSocket); + SSLSession session = ((SSLSocket) socket).getSession(); + + Certificate[] peerCertificates = session.getPeerCertificates(); + assertNotNull(peerCertificates); + + Certificate cert = peerCertificates[0]; + assertTrue(cert instanceof X509Certificate); + String dn = ((X509Certificate)cert).getSubjectX500Principal().getName(); + assertEquals("Unexpected certificate DN", expectedDN, dn); + + testPeer.expectClose(); + connection.close(); + } + } + + /** + * Checks that configuring an SSLContext instance via + * {@link JmsConnectionFactory#setSslContext(SSLContext)} overrides URI config + * for store location etc, resulting in a different certificate being observed + * server side following handshake. + */ + @Test(timeout = 20000) + public void testCreateConnectionWithSslContextOverrideAndURIConfig() throws Exception { + assertNotEquals(CLIENT_JKS_KEYSTORE, CLIENT2_JKS_KEYSTORE); + assertNotEquals(CLIENT_DN, CLIENT2_DN); + + // Connect without providing a context, expect Client1 DN. + doConnectionWithSslContextOverrideAndURIConfig(null, CLIENT_DN); + + TransportSslOptions clientSslOptions = new TransportSslOptions(); + clientSslOptions.setKeyStoreLocation(CLIENT2_JKS_KEYSTORE); + clientSslOptions.setTrustStoreLocation(CLIENT_JKS_TRUSTSTORE); + clientSslOptions.setKeyStorePassword(PASSWORD); + clientSslOptions.setTrustStorePassword(PASSWORD); + + SSLContext clientContext = TransportSupport.createSslContext(clientSslOptions); + + // Connect providing the Client 2 details via context override, expect Client2 DN instead. + doConnectionWithSslContextOverrideAndURIConfig(clientContext, CLIENT2_DN); + } + + private void doConnectionWithSslContextOverrideAndURIConfig(SSLContext clientContext, String expectedDN) throws Exception { + TransportSslOptions serverSslOptions = new TransportSslOptions(); + serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE); + serverSslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE); + serverSslOptions.setKeyStorePassword(PASSWORD); + serverSslOptions.setTrustStorePassword(PASSWORD); + serverSslOptions.setVerifyHost(false); + + SSLContext serverContext = TransportSupport.createSslContext(serverSslOptions); + + try (TestAmqpPeer testPeer = new TestAmqpPeer(serverContext, true);) { + String connOptions = "?transport.keyStoreLocation=" + CLIENT_JKS_KEYSTORE + "&" + + "transport.keyStorePassword=" + PASSWORD + "&" + + "transport.trustStoreLocation=" + CLIENT_JKS_TRUSTSTORE + "&" + + "transport.trustStorePassword=" + PASSWORD; + + JmsConnectionFactory factory = new JmsConnectionFactory("amqps://localhost:" + testPeer.getServerPort() + connOptions); + factory.setSslContext(clientContext); + + testPeer.expectSaslPlain("guest", "guest"); + testPeer.expectOpen(); + testPeer.expectBegin(); + + Connection connection = factory.createConnection("guest", "guest"); + connection.start(); + + Socket socket = testPeer.getClientSocket(); + assertTrue(socket instanceof SSLSocket); + SSLSession session = ((SSLSocket) socket).getSession(); + + Certificate[] peerCertificates = session.getPeerCertificates(); + assertNotNull(peerCertificates); + + Certificate cert = peerCertificates[0]; + assertTrue(cert instanceof X509Certificate); + String dn = ((X509Certificate)cert).getSubjectX500Principal().getName(); + assertEquals("Unexpected certificate DN", expectedDN, dn); + + testPeer.expectClose(); + connection.close(); + } + } } http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java index b0d4da4..eafaa3b 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/TransportSslOptionsTest.java @@ -20,37 +20,42 @@ import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; +import javax.net.ssl.SSLContext; + import org.apache.qpid.jms.test.QpidJmsTestCase; import org.junit.Test; +import org.mockito.Mockito; /** * Test for class TransportSslOptions */ public class TransportSslOptionsTest extends QpidJmsTestCase { - public static final String PASSWORD = "password"; - public static final String CLIENT_KEYSTORE = "src/test/resources/client-jks.keystore"; - public static final String CLIENT_TRUSTSTORE = "src/test/resources/client-jks.truststore"; - public static final String KEYSTORE_TYPE = "jks"; - public static final String KEY_ALIAS = "myTestAlias"; - public static final String CONTEXT_PROTOCOL = "TLSv1.1"; - public static final boolean TRUST_ALL = true; - public static final boolean VERIFY_HOST = true; - - public static final int TEST_SEND_BUFFER_SIZE = 128 * 1024; - public static final int TEST_RECEIVE_BUFFER_SIZE = TEST_SEND_BUFFER_SIZE; - public static final int TEST_TRAFFIC_CLASS = 1; - public static final boolean TEST_TCP_NO_DELAY = false; - public static final boolean TEST_TCP_KEEP_ALIVE = true; - public static final int TEST_SO_LINGER = Short.MAX_VALUE; - public static final int TEST_SO_TIMEOUT = 10; - public static final int TEST_CONNECT_TIMEOUT = 90000; - public static final int TEST_DEFAULT_SSL_PORT = 5681; - - public static final String[] ENABLED_PROTOCOLS = new String[] {"TLSv1.2"}; - public static final String[] DISABLED_PROTOCOLS = new String[] {"SSLv3", "TLSv1.2"}; - public static final String[] ENABLED_CIPHERS = new String[] {"CIPHER_A", "CIPHER_B"}; - public static final String[] DISABLED_CIPHERS = new String[] {"CIPHER_C"}; + private static final String PASSWORD = "password"; + private static final String CLIENT_KEYSTORE = "src/test/resources/client-jks.keystore"; + private static final String CLIENT_TRUSTSTORE = "src/test/resources/client-jks.truststore"; + private static final String KEYSTORE_TYPE = "jks"; + private static final String KEY_ALIAS = "myTestAlias"; + private static final String CONTEXT_PROTOCOL = "TLSv1.1"; + private static final boolean TRUST_ALL = true; + private static final boolean VERIFY_HOST = true; + + private static final int TEST_SEND_BUFFER_SIZE = 128 * 1024; + private static final int TEST_RECEIVE_BUFFER_SIZE = TEST_SEND_BUFFER_SIZE; + private static final int TEST_TRAFFIC_CLASS = 1; + private static final boolean TEST_TCP_NO_DELAY = false; + private static final boolean TEST_TCP_KEEP_ALIVE = true; + private static final int TEST_SO_LINGER = Short.MAX_VALUE; + private static final int TEST_SO_TIMEOUT = 10; + private static final int TEST_CONNECT_TIMEOUT = 90000; + private static final int TEST_DEFAULT_SSL_PORT = 5681; + + private static final String[] ENABLED_PROTOCOLS = new String[] {"TLSv1.2"}; + private static final String[] DISABLED_PROTOCOLS = new String[] {"SSLv3", "TLSv1.2"}; + private static final String[] ENABLED_CIPHERS = new String[] {"CIPHER_A", "CIPHER_B"}; + private static final String[] DISABLED_CIPHERS = new String[] {"CIPHER_C"}; + + private static final SSLContext SSL_CONTEXT = Mockito.mock(SSLContext.class); @Test public void testCreate() { @@ -71,6 +76,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase { assertNull(options.getTrustStoreLocation()); assertNull(options.getTrustStorePassword()); assertNull(options.getKeyAlias()); + assertNull(options.getSslContextOverride()); } @Test @@ -93,6 +99,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase { assertEquals(KEYSTORE_TYPE, options.getStoreType()); assertEquals(KEY_ALIAS, options.getKeyAlias()); assertEquals(CONTEXT_PROTOCOL, options.getContextProtocol()); + assertEquals(SSL_CONTEXT, options.getSslContextOverride()); assertArrayEquals(ENABLED_PROTOCOLS,options.getEnabledProtocols()); assertArrayEquals(DISABLED_PROTOCOLS,options.getDisabledProtocols()); assertArrayEquals(ENABLED_CIPHERS,options.getEnabledCipherSuites()); @@ -120,6 +127,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase { assertEquals(KEYSTORE_TYPE, options.getStoreType()); assertEquals(KEY_ALIAS, options.getKeyAlias()); assertEquals(CONTEXT_PROTOCOL, options.getContextProtocol()); + assertEquals(SSL_CONTEXT, options.getSslContextOverride()); assertArrayEquals(ENABLED_PROTOCOLS,options.getEnabledProtocols()); assertArrayEquals(DISABLED_PROTOCOLS,options.getDisabledProtocols()); assertArrayEquals(ENABLED_CIPHERS,options.getEnabledCipherSuites()); @@ -152,6 +160,7 @@ public class TransportSslOptionsTest extends QpidJmsTestCase { options.setSoTimeout(TEST_SO_TIMEOUT); options.setConnectTimeout(TEST_CONNECT_TIMEOUT); options.setDefaultSslPort(TEST_DEFAULT_SSL_PORT); + options.setSslContextOverride(SSL_CONTEXT); return options; } http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java index 300764d..a3c544e 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java @@ -85,7 +85,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest { Transport transport = createTransport(serverLocation, testListener, createClientOptionsWithoutTrustStore(false)); try { - transport.connect(); + transport.connect(null); fail("Should not have connected to the server: " + serverLocation); } catch (Exception e) { LOG.info("Connection failed to untrusted test server: {}", serverLocation); @@ -117,7 +117,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest { Transport transport = createTransport(serverLocation, testListener, options); try { - transport.connect(); + transport.connect(null); fail("Should not have connected to the server: " + serverLocation); } catch (Exception e) { LOG.info("Connection failed to untrusted test server: {}", serverLocation); @@ -139,7 +139,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest { Transport transport = createTransport(serverLocation, testListener, createClientOptionsWithoutTrustStore(true)); try { - transport.connect(); + transport.connect(null); LOG.info("Connection established to untrusted test server: {}", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -169,7 +169,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest { NettyTcpTransport transport = createTransport(serverLocation, testListener, clientOptions); try { - transport.connect(); + transport.connect(null); LOG.info("Connection established to test server: {}", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -209,7 +209,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest { NettyTcpTransport transport = createTransport(serverLocation, testListener, clientOptions); try { - transport.connect(); + transport.connect(null); LOG.info("Connection established to test server: {}", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -263,7 +263,7 @@ public class NettySslTransportTest extends NettyTcpTransportTest { Transport transport = createTransport(serverLocation, testListener, clientOptions); try { - transport.connect(); + transport.connect(null); if (verifyHost) { fail("Should not have connected to the server: " + serverLocation); } http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java index da534cf..884372d 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyTcpTransportTest.java @@ -94,7 +94,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); fail("Should have failed to connect to the server: " + serverLocation); } catch (Exception e) { LOG.info("Failed to connect to: {} as expected.", serverLocation); @@ -120,7 +120,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { Transport transport = createTransport(serverLocation, null, createClientOptions()); try { - transport.connect(); + transport.connect(null); fail("Should have failed to connect to the server: " + serverLocation); } catch (Exception e) { LOG.info("Failed to connect to: {} as expected.", serverLocation); @@ -146,7 +146,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { assertNotNull(transport.getTransportListener()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should not have failed to connect to the server at " + serverLocation + " but got exception: " + e); @@ -168,7 +168,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -203,7 +203,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { for (int i = 0; i < CONNECTION_COUNT; ++i) { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); assertTrue(transport.isConnected()); LOG.info("Connected to server:{} as expected.", serverLocation); transports.add(transport); @@ -243,7 +243,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { for (int i = 0; i < CONNECTION_COUNT; ++i) { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); transport.send(sendBuffer.copy()); transports.add(transport); } catch (Exception e) { @@ -280,7 +280,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -319,7 +319,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -347,7 +347,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -399,7 +399,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -443,7 +443,7 @@ public class NettyTcpTransportTest extends QpidJmsTestCase { transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyWsTransportTest.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyWsTransportTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyWsTransportTest.java index 6ed537a..5201381 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyWsTransportTest.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyWsTransportTest.java @@ -64,7 +64,7 @@ public class NettyWsTransportTest extends NettyTcpTransportTest { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); LOG.info("Connected to server:{} as expected.", serverLocation); } catch (Exception e) { fail("Should have connected to the server at " + serverLocation + " but got exception: " + e); @@ -99,7 +99,7 @@ public class NettyWsTransportTest extends NettyTcpTransportTest { Transport transport = createTransport(serverLocation, testListener, createClientOptions()); try { - transport.connect(); + transport.connect(null); fail("Should have failed to connect to the server: " + serverLocation); } catch (Exception e) { LOG.info("Failed to connect to: {} as expected.", serverLocation); http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/README.txt ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/README.txt b/qpid-jms-client/src/test/resources/README.txt index 9b8f012..5e8eacf 100644 --- a/qpid-jms-client/src/test/resources/README.txt +++ b/qpid-jms-client/src/test/resources/README.txt @@ -56,6 +56,16 @@ keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password - keytool -importkeystore -srckeystore client-pkcs12.keystore -destkeystore client-jceks.keystore -srcstoretype pkcs12 -deststoretype jceks -srcstorepass password -deststorepass password keytool -importkeystore -srckeystore client-pkcs12.keystore -destkeystore client-jks.keystore -srcstoretype pkcs12 -deststoretype jks -srcstorepass password -deststorepass password +# Create a key pair for a second client, and sign it with the CA: +# ---------------------------------------------------------- +keytool -storetype jks -keystore client2-jks.keystore -storepass password -keypass password -alias client2 -genkey -dname "O=Client2,CN=client2" -validity 9999 -ext bc=ca:false -ext eku=cA + +keytool -storetype jks -keystore client2-jks.keystore -storepass password -alias client2 -certreq -file client2.csr +keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -gencert -rfc -infile client2.csr -outfile client2.crt -validity 9999 -ext bc=ca:false -ext eku=cA + +keytool -storetype jks -keystore client2-jks.keystore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt +keytool -storetype jks -keystore client2-jks.keystore -storepass password -keypass password -importcert -alias client2 -file client2.crt + # Create trust stores for the client, import the CA cert: # ------------------------------------------------------- keytool -storetype pkcs12 -keystore client-pkcs12.truststore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt @@ -70,13 +80,8 @@ keytool -storetype jks -keystore other-ca-jks.truststore -storepass password -al keytool -storetype jks -keystore other-ca-jks.truststore -storepass password -alias other-ca -delete keytool -storetype jks -keystore other-ca-jks.truststore -storepass password -keypass password -importcert -alias other-ca -file other-ca.crt -noprompt - # Create a store with multiple key pairs for the client to allow for alias selection: # ---------------------------------------------------------- keytool -importkeystore -srckeystore client-pkcs12.keystore -destkeystore client-multiple-keys-jks.keystore -srcstoretype pkcs12 -deststoretype jks -srcstorepass password -deststorepass password - -keytool -storetype jks -keystore client-multiple-keys-jks.keystore -storepass password -keypass password -alias client2 -genkey -dname "O=Client2,CN=client2" -validity 9999 -ext bc=ca:false -ext eku=cA - -keytool -storetype jks -keystore client-multiple-keys-jks.keystore -storepass password -alias client2 -certreq -file client2.csr -keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -gencert -rfc -infile client2.csr -outfile client2.crt -validity 9999 -ext bc=ca:false -ext eku=cA -keytool -storetype jks -keystore client-multiple-keys-jks.keystore -storepass password -keypass password -importcert -alias client2 -file client2.crt +keytool -storetype jks -keystore client-multiple-keys-jks.keystore -storepass password -alias ca -delete +keytool -importkeystore -srckeystore client2-jks.keystore -destkeystore client-multiple-keys-jks.keystore -srcstoretype jks -deststoretype jks -srcstorepass password -deststorepass password http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-jceks.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-jceks.keystore b/qpid-jms-client/src/test/resources/broker-jceks.keystore index 1f394a1..e3d1941 100644 Binary files a/qpid-jms-client/src/test/resources/broker-jceks.keystore and b/qpid-jms-client/src/test/resources/broker-jceks.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-jceks.truststore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-jceks.truststore b/qpid-jms-client/src/test/resources/broker-jceks.truststore index 2cbe908..5123758 100644 Binary files a/qpid-jms-client/src/test/resources/broker-jceks.truststore and b/qpid-jms-client/src/test/resources/broker-jceks.truststore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-jks.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-jks.keystore b/qpid-jms-client/src/test/resources/broker-jks.keystore index 5a370d5..b8de3d2 100644 Binary files a/qpid-jms-client/src/test/resources/broker-jks.keystore and b/qpid-jms-client/src/test/resources/broker-jks.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-jks.truststore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-jks.truststore b/qpid-jms-client/src/test/resources/broker-jks.truststore index 84ca417..8a55d7f 100644 Binary files a/qpid-jms-client/src/test/resources/broker-jks.truststore and b/qpid-jms-client/src/test/resources/broker-jks.truststore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-pkcs12.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-pkcs12.keystore b/qpid-jms-client/src/test/resources/broker-pkcs12.keystore index 4caf582..fdbcc73 100644 Binary files a/qpid-jms-client/src/test/resources/broker-pkcs12.keystore and b/qpid-jms-client/src/test/resources/broker-pkcs12.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-pkcs12.truststore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-pkcs12.truststore b/qpid-jms-client/src/test/resources/broker-pkcs12.truststore index 99a4e97..03d3d3f 100644 Binary files a/qpid-jms-client/src/test/resources/broker-pkcs12.truststore and b/qpid-jms-client/src/test/resources/broker-pkcs12.truststore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-wrong-host-jks.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-wrong-host-jks.keystore b/qpid-jms-client/src/test/resources/broker-wrong-host-jks.keystore index f681ee2..9f17aba 100644 Binary files a/qpid-jms-client/src/test/resources/broker-wrong-host-jks.keystore and b/qpid-jms-client/src/test/resources/broker-wrong-host-jks.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-wrong-host.crt ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-wrong-host.crt b/qpid-jms-client/src/test/resources/broker-wrong-host.crt index e99859e..9dafa39 100644 --- a/qpid-jms-client/src/test/resources/broker-wrong-host.crt +++ b/qpid-jms-client/src/test/resources/broker-wrong-host.crt @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIIC8jCCAq+gAwIBAgIEGWbEljALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw -FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTUwNzAyMTAzNDIzWhcNNDIxMTE2MTAzNDIzWjAl +MIIC8TCCAq+gAwIBAgIEPTohtzALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw +FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTYxMjE1MTExMzMzWhcNNDQwNTAxMTExMzMzWjAl MRIwEAYDVQQDEwl3cm9uZ2hvc3QxDzANBgNVBAoTBlNlcnZlcjCCAbgwggEsBgcqhkjOOAQBMIIB HwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tV bNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaR MvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yr XDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqL VHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+ -z0kqA4GFAAKBgQDN2FOPJ+AJxwRIol94sRr/fVI6zKT1j47Ljigf40vhiRsgTpwqvZi+0izIUPZo -KTkr7avupjCPeb0r9yjSL7XWRCrACOmmOwZX72R8/5nJsaTQ6/WyZj3pEAH+bxXWxriWmaWdcID9 -IJZlOuuhI7Wc9IOMwMFoEYuLREnsoZvsPaNiMGAwHwYDVR0jBBgwFoAU927SkUntv9ipgwEsprfu -YO5m52AwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUWknWpI79Pqlp -p1rkKaKUzfzM6BQwCwYHKoZIzjgEAwUAAzAAMC0CFQCKnegzv3y2BTvp7+tfV59/Sl+o7gIUQLxO -P2leMhl5g1y8nCZbW8nQvZM= +z0kqA4GFAAKBgQC6zCXjqf93jujHkneBSX+50nGuFe5X15v5XROsGYYWuyEW5UEYAg0DwI7qtF7C +hQRSOFeWWU1XEAoGPIP+w88XaS1DCkhdKS2Qp7cTefTUcyrr7dlLM/gBaPqoLU8kLFTudqciofaZ +fGisOJkfcZB0n+vGrbR+55eLso1yv49cVKNiMGAwHwYDVR0jBBgwFoAUGZUi4UnCv/SuzPPzSr1N +cIFyAYcwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUP9NAvS1HgNr3 +/EA/dISmU5U3KMIwCwYHKoZIzjgEAwUAAy8AMCwCFBVsWt5ZGoeiVBpwS+XjXPBawyJhAhRZLZ3P +NTwpopT4G18r67RALRYQew== -----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker-wrong-host.csr ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker-wrong-host.csr b/qpid-jms-client/src/test/resources/broker-wrong-host.csr index 50d3cac..c7e302b 100644 --- a/qpid-jms-client/src/test/resources/broker-wrong-host.csr +++ b/qpid-jms-client/src/test/resources/broker-wrong-host.csr @@ -1,13 +1,13 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIICWzCCAhgCAQAwJTESMBAGA1UEAxMJd3Jvbmdob3N0MQ8wDQYDVQQKEwZTZXJ2ZXIwggG4MIIB +MIICWjCCAhgCAQAwJTESMBAGA1UEAxMJd3Jvbmdob3N0MQ8wDQYDVQQKEwZTZXJ2ZXIwggG4MIIB LAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZ PY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7 g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKB gQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8G -kotmXoB7VSVkAUw7/s9JKgOBhQACgYEAzdhTjyfgCccESKJfeLEa/31SOsyk9Y+Oy44oH+NL4Ykb -IE6cKr2YvtIsyFD2aCk5K+2r7qYwj3m9K/co0i+11kQqwAjppjsGV+9kfP+ZybGk0Ov1smY96RAB -/m8V1sa4lpmlnXCA/SCWZTrroSO1nPSDjMDBaBGLi0RJ7KGb7D2gMDAuBgkqhkiG9w0BCQ4xITAf -MB0GA1UdDgQWBBRaSdakjv0+qWmnWuQpopTN/MzoFDALBgcqhkjOOAQDBQADMAAwLQIVAI350Lc6 -lgQw/pHmjRSfquyYibJNAhROJPe4d+FG0D67/LVIaVB7JpqZcw== +kotmXoB7VSVkAUw7/s9JKgOBhQACgYEAuswl46n/d47ox5J3gUl/udJxrhXuV9eb+V0TrBmGFrsh +FuVBGAINA8CO6rRewoUEUjhXlllNVxAKBjyD/sPPF2ktQwpIXSktkKe3E3n01HMq6+3ZSzP4AWj6 +qC1PJCxU7nanIqH2mXxorDiZH3GQdJ/rxq20fueXi7KNcr+PXFSgMDAuBgkqhkiG9w0BCQ4xITAf +MB0GA1UdDgQWBBQ/00C9LUeA2vf8QD90hKZTlTcowjALBgcqhkjOOAQDBQADLwAwLAIUefXGcrEK +pMgHMi+EqRZA4jU1tKUCFFASkJe4LGuNz98HBp8/rJnCyMYm -----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker.crt ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker.crt b/qpid-jms-client/src/test/resources/broker.crt index c232df4..558c75d 100644 --- a/qpid-jms-client/src/test/resources/broker.crt +++ b/qpid-jms-client/src/test/resources/broker.crt @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIIC8DCCAq6gAwIBAgIERfLI0zALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw -FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTUwNzAyMTAzNDIxWhcNNDIxMTE2MTAzNDIxWjAl +MIIC8DCCAq6gAwIBAgIEWMSPJTALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw +FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTYxMjE1MTExMzMxWhcNNDQwNTAxMTExMzMxWjAl MRIwEAYDVQQDEwlsb2NhbGhvc3QxDzANBgNVBAoTBlNlcnZlcjCCAbcwggEsBgcqhkjOOAQBMIIB HwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tV bNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaR MvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yr XDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqL VHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+ -z0kqA4GEAAKBgEac7ijHkbE0m7X0TYLj6wJ84lWEDM6+kzHrr6jxv+bts0ee5xCdLy8dBhBUGwK4 -MF+22U4WINqpgmKu6Xhp9XseDgsiJ/MpwRcSVOUgmwcfhShTJ4Wv1rRa1mF7qOWryiF+sWh1P/5u -KXv65j5sNP/3v5ShuskQfLTA9/JZJgvFo2IwYDAfBgNVHSMEGDAWgBT3btKRSe2/2KmDASymt+5g -7mbnYDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBRzYBOqwE+U0RPi -1aQzuKxOjOCoJzALBgcqhkjOOAQDBQADLwAwLAIUOM5ASvnZ20EKaIoUIQytOXlpQCcCFHkdfIwv -kyn+o+6aNWZ+e8YRa4RZ +z0kqA4GEAAKBgBHS0KnD/TTB/NG69vI+7p533hbtv1udKR38dpKgICmqrNv5z3VZGIyuuYJ5uv7t +SsA03xwM14gbfMTvKQS4/ZoqZV6eOZUcexjWvn9yGrfgBuf5uskhopS8wLeUUoGZS/PNP7Nq3Xwy +SZ71Wfjem3nBKr6pXOqSqAJBfcDZ/tEDo2IwYDAfBgNVHSMEGDAWgBQZlSLhScK/9K7M8/NKvU1w +gXIBhzAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSkoD6xSueyPxvd +1eUwnPlKlCPtcjALBgcqhkjOOAQDBQADLwAwLAIUQKN4RLJNhthsQSgK5E9P6H2YJwoCFCYuEuqj +7iDJnK39WjpK2A4k9uKI -----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/broker.csr ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/broker.csr b/qpid-jms-client/src/test/resources/broker.csr index 96ac8b1..9076b9d 100644 --- a/qpid-jms-client/src/test/resources/broker.csr +++ b/qpid-jms-client/src/test/resources/broker.csr @@ -1,13 +1,13 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIICWjCCAhcCAQAwJTESMBAGA1UEAxMJbG9jYWxob3N0MQ8wDQYDVQQKEwZTZXJ2ZXIwggG3MIIB +MIICWTCCAhcCAQAwJTESMBAGA1UEAxMJbG9jYWxob3N0MQ8wDQYDVQQKEwZTZXJ2ZXIwggG3MIIB LAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZ PY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7 g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKB gQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8G -kotmXoB7VSVkAUw7/s9JKgOBhAACgYBGnO4ox5GxNJu19E2C4+sCfOJVhAzOvpMx66+o8b/m7bNH -nucQnS8vHQYQVBsCuDBfttlOFiDaqYJirul4afV7Hg4LIifzKcEXElTlIJsHH4UoUyeFr9a0WtZh -e6jlq8ohfrFodT/+bil7+uY+bDT/97+UobrJEHy0wPfyWSYLxaAwMC4GCSqGSIb3DQEJDjEhMB8w -HQYDVR0OBBYEFHNgE6rAT5TRE+LVpDO4rE6M4KgnMAsGByqGSM44BAMFAAMwADAtAhUAjbLZ9LlF -HC8jhW6Dr5zr0ZAhSZoCFBiGU523wTLBtwCpTZxJ87DV3f2a +kotmXoB7VSVkAUw7/s9JKgOBhAACgYAR0tCpw/00wfzRuvbyPu6ed94W7b9bnSkd/HaSoCApqqzb ++c91WRiMrrmCebr+7UrANN8cDNeIG3zE7ykEuP2aKmVenjmVHHsY1r5/chq34Abn+brJIaKUvMC3 +lFKBmUvzzT+zat18Mkme9Vn43pt5wSq+qVzqkqgCQX3A2f7RA6AwMC4GCSqGSIb3DQEJDjEhMB8w +HQYDVR0OBBYEFKSgPrFK57I/G93V5TCc+UqUI+1yMAsGByqGSM44BAMFAAMvADAsAhRaKwmyEcZx +N+rSzMGFwHT2bYh7YgIUSJkKx/nwbZP+Bktsv/DFs1dxgUg= -----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/ca-pkcs12.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/ca-pkcs12.keystore b/qpid-jms-client/src/test/resources/ca-pkcs12.keystore index dad560e..8fa1f44 100644 Binary files a/qpid-jms-client/src/test/resources/ca-pkcs12.keystore and b/qpid-jms-client/src/test/resources/ca-pkcs12.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/ca.crt ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/ca.crt b/qpid-jms-client/src/test/resources/ca.crt index 748acad..ef43af0 100644 --- a/qpid-jms-client/src/test/resources/ca.crt +++ b/qpid-jms-client/src/test/resources/ca.crt @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICyTCCAoegAwIBAgIEeRLR+TALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw -FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTUwNzAyMTAzNDIwWhcNNDIxMTE2MTAzNDIwWjAu -MRIwEAYDVQQDEwlteS1jYS5vcmcxGDAWBgNVBAoTD015IFRydXN0ZWQgSW5jLjCCAbcwggEsBgcq +MIICyjCCAoigAwIBAgIEMLzMwzALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw +FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTYxMjE1MTExMzI5WhcNNDQwNTAxMTExMzI5WjAu +MRIwEAYDVQQDEwlteS1jYS5vcmcxGDAWBgNVBAoTD015IFRydXN0ZWQgSW5jLjCCAbgwggEsBgcq hkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6 v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfh oIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88J MozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2Ze -gHtVJWQBTDv+z0kqA4GEAAKBgEO1CU7fLDojgEkc46FJoiaOg8L3ohqRxb2Kzbj+pVWtj8VMsxfj -u68IZTmuTk6lXA3E0SFDCq+8Qtn2+6fsmK0jiTabYzQIfPeB8WmGihF+rq4vkQHnMuhBQHopbsXp -INF2sl2G9dkeztD0QRW+zAEHmm+0b5Kiajt0YakxSdV8ozIwMDAPBgNVHRMBAf8EBTADAQH/MB0G -A1UdDgQWBBT3btKRSe2/2KmDASymt+5g7mbnYDALBgcqhkjOOAQDBQADLwAwLAIULUAK3z+9OsH2 -ObgbXMLBfbksA94CFBHC95iiB9EYFceWqVzRNMm7dNws +gHtVJWQBTDv+z0kqA4GFAAKBgQDKwvfuzK3ujZ75vNIKsQPtU4XBlov1K5IVHrqKljl6F3BuqAfZ +O1nP2jLcOEshr4AfteIXhtWiw+NOhv/cMWfUvvtYP55a3LgX0FIIl8V3iIylmY13LprwKbsbssZI +gN8wk1+GB2b6bKfyR9exUaqVbbrQUInFSrb+WNs60IFinKMyMDAwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUGZUi4UnCv/SuzPPzSr1NcIFyAYcwCwYHKoZIzjgEAwUAAy8AMCwCFCzbZGLESd4e +x0+mvb9qU4/oUgPVAhQ/06WalHIswSw/XfsmaG4AX/bk8A== -----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client-jceks.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client-jceks.keystore b/qpid-jms-client/src/test/resources/client-jceks.keystore index e812a39..4869c65 100644 Binary files a/qpid-jms-client/src/test/resources/client-jceks.keystore and b/qpid-jms-client/src/test/resources/client-jceks.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client-jceks.truststore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client-jceks.truststore b/qpid-jms-client/src/test/resources/client-jceks.truststore index 2540948..45fadf3 100644 Binary files a/qpid-jms-client/src/test/resources/client-jceks.truststore and b/qpid-jms-client/src/test/resources/client-jceks.truststore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client-jks.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client-jks.keystore b/qpid-jms-client/src/test/resources/client-jks.keystore index 2566eca..8e7e94f 100644 Binary files a/qpid-jms-client/src/test/resources/client-jks.keystore and b/qpid-jms-client/src/test/resources/client-jks.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client-jks.truststore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client-jks.truststore b/qpid-jms-client/src/test/resources/client-jks.truststore index 5ef6ee4..94db7f9 100644 Binary files a/qpid-jms-client/src/test/resources/client-jks.truststore and b/qpid-jms-client/src/test/resources/client-jks.truststore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client-multiple-keys-jks.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client-multiple-keys-jks.keystore b/qpid-jms-client/src/test/resources/client-multiple-keys-jks.keystore index 8959fdd..912e92b 100644 Binary files a/qpid-jms-client/src/test/resources/client-multiple-keys-jks.keystore and b/qpid-jms-client/src/test/resources/client-multiple-keys-jks.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client-pkcs12.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client-pkcs12.keystore b/qpid-jms-client/src/test/resources/client-pkcs12.keystore index e66c7c5..35235d7 100644 Binary files a/qpid-jms-client/src/test/resources/client-pkcs12.keystore and b/qpid-jms-client/src/test/resources/client-pkcs12.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client-pkcs12.truststore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client-pkcs12.truststore b/qpid-jms-client/src/test/resources/client-pkcs12.truststore index 00bc75b..ac2d4a2 100644 Binary files a/qpid-jms-client/src/test/resources/client-pkcs12.truststore and b/qpid-jms-client/src/test/resources/client-pkcs12.truststore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client.crt ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client.crt b/qpid-jms-client/src/test/resources/client.crt index 0d4f9d6..848c6fa 100644 --- a/qpid-jms-client/src/test/resources/client.crt +++ b/qpid-jms-client/src/test/resources/client.crt @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIIC7TCCAqugAwIBAgIEMJmxQDALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw -FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTUwNzAyMTAzNDI2WhcNNDIxMTE2MTAzNDI2WjAi -MQ8wDQYDVQQDEwZjbGllbnQxDzANBgNVBAoTBkNsaWVudDCCAbcwggEsBgcqhkjOOAQBMIIBHwKB +MIIC7jCCAqygAwIBAgIEZXk4+DALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw +FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTYxMjE1MTExMzM1WhcNNDQwNTAxMTExMzM1WjAi +MQ8wDQYDVQQDEwZjbGllbnQxDzANBgNVBAoTBkNsaWVudDCCAbgwggEsBgcqhkjOOAQBMIIBHwKB gQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeB O4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1 864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4 V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyN KOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq -A4GEAAKBgDcb7Zodr6o9Ben0xvXv+jDhoacIEHZEpj4qCboXR0RLCCOTPGH9BE5Wm1EQROfynH82 -H6KDUOZBFgesBs4IFVW2SeoAix25J/oNnoWgvnpsU7Lja/9ZhEO+y5zyn+2bADkZheLt4KgV4r5q -Mr7eHG+83pjuPewDQteoHX1xtQmso2IwYDAfBgNVHSMEGDAWgBT3btKRSe2/2KmDASymt+5g7mbn -YDAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBSwjzUmMi3MsSiEfYis -jhSL4f9WPjALBgcqhkjOOAQDBQADLwAwLAIUXhICIKtRD4eHi5Gfm3oVUWg7Vu8CFFJMYiyPpm4B -yqYSmNqkjg2Po03P +A4GFAAKBgQCGe7nIw7FhJRfMHyHy75Xbh7vU2Vf/6dN9ebrJ1OwBkWO4yMvaWdh29isOQ/Tlz9ch +q1WJhKfYJ7Or229Tw+JoJitIOeGeG3QIBK8XJkLkhk0w5cCKOmzrreFR5gSztyRak2zKCl23GlO+ +UlM6P0O+n3QtaQ2Zul8QFn22bxbZsKNiMGAwHwYDVR0jBBgwFoAUGZUi4UnCv/SuzPPzSr1NcIFy +AYcwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQU01nLqOslIVtDhO+I +jgs1jOtscmowCwYHKoZIzjgEAwUAAy8AMCwCFCdsCfQw+svwnegIyllCRR6fkHcvAhRXOAOveZxU +85hnPKxEMP6Bffi+uw== -----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client.csr ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client.csr b/qpid-jms-client/src/test/resources/client.csr index 9cbe2b1..39a90bd 100644 --- a/qpid-jms-client/src/test/resources/client.csr +++ b/qpid-jms-client/src/test/resources/client.csr @@ -1,13 +1,13 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIICVjCCAhQCAQAwIjEPMA0GA1UEAxMGY2xpZW50MQ8wDQYDVQQKEwZDbGllbnQwggG3MIIBLAYH +MIICVzCCAhUCAQAwIjEPMA0GA1UEAxMGY2xpZW50MQ8wDQYDVQQKEwZDbGllbnQwggG4MIIBLAYH KoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y +r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bT xR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD3 4aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fP CTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8Gkotm -XoB7VSVkAUw7/s9JKgOBhAACgYA3G+2aHa+qPQXp9Mb17/ow4aGnCBB2RKY+Kgm6F0dESwgjkzxh -/QROVptREETn8px/Nh+ig1DmQRYHrAbOCBVVtknqAIsduSf6DZ6FoL56bFOy42v/WYRDvsuc8p/t -mwA5GYXi7eCoFeK+ajK+3hxvvN6Y7j3sA0LXqB19cbUJrKAwMC4GCSqGSIb3DQEJDjEhMB8wHQYD -VR0OBBYEFLCPNSYyLcyxKIR9iKyOFIvh/1Y+MAsGByqGSM44BAMFAAMvADAsAhQ3awY/9Rk2ap7L -H+c+lwXzyYXUWgIUHhvcpWfXgTnlgbgYSwzi7REzcS4= +XoB7VSVkAUw7/s9JKgOBhQACgYEAhnu5yMOxYSUXzB8h8u+V24e71NlX/+nTfXm6ydTsAZFjuMjL +2lnYdvYrDkP05c/XIatViYSn2Cezq9tvU8PiaCYrSDnhnht0CASvFyZC5IZNMOXAijps663hUeYE +s7ckWpNsygpdtxpTvlJTOj9Dvp90LWkNmbpfEBZ9tm8W2bCgMDAuBgkqhkiG9w0BCQ4xITAfMB0G +A1UdDgQWBBTTWcuo6yUhW0OE74iOCzWM62xyajALBgcqhkjOOAQDBQADLwAwLAIUZiZdKXlOu7TC +z7m8REgAPHVDEZkCFF+2Eq/OIN6ulSE9pJ9ruQC1lEk/ -----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client2-jks.keystore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client2-jks.keystore b/qpid-jms-client/src/test/resources/client2-jks.keystore new file mode 100644 index 0000000..8cbacf4 Binary files /dev/null and b/qpid-jms-client/src/test/resources/client2-jks.keystore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client2.crt ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client2.crt b/qpid-jms-client/src/test/resources/client2.crt index a411cdf..e1a8186 100644 --- a/qpid-jms-client/src/test/resources/client2.crt +++ b/qpid-jms-client/src/test/resources/client2.crt @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIIC7zCCAq2gAwIBAgIEFgzulzALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw -FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTUwNzAyMTAzNDMwWhcNNDIxMTE2MTAzNDMwWjAk -MRAwDgYDVQQDEwdjbGllbnQyMRAwDgYDVQQKEwdDbGllbnQyMIIBtzCCASwGByqGSM44BAEwggEf +MIIC8jCCAq6gAwIBAgIEOQTndjALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw +FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTYxMjE1MTExMzM2WhcNNDQwNTAxMTExMzM2WjAk +MRAwDgYDVQQDEwdjbGllbnQyMRAwDgYDVQQKEwdDbGllbnQyMIIBuDCCASwGByqGSM44BAEwggEf AoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs 14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy 9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtc NrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotU fI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7P -SSoDgYQAAoGAQdL+aPybgpymlLnz03VptSST88lb+qoP12YLkLa34vTCy6UwP+NDXg+9DhqcoP4R -z/dJN7LGuJFnQVo6r0mXY/2AevFXQXrrEPVwPUsq6Q20mw3wQUcohUsVLfP6vc0yPL6xpIapzmCu -ahLzSEyHrFbMfNg5ZUl3X49YacJWCZmjYjBgMB8GA1UdIwQYMBaAFPdu0pFJ7b/YqYMBLKa37mDu -ZudgMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFPRigMBK9W5IOjg5 -0/WvE0V9hQnPMAsGByqGSM44BAMFAAMvADAsAhQVZJJ83Z+VL1NxO775Og4zduJluwIUf4AUm9yQ -6ukzVOLrMqf8B6gluQs= +SSoDgYUAAoGBAOA/YVeCfzbcCw21zqXYUgZ8ts6kQhdXB63iNhR4zi5XcitVATYgs7YWzeV0QWiH +OHBEzaAFq19p41BRcXvHR4JlDT3PuUc2zp+aAIu+dPlpk83hwodiFYrgIgl9UCKNus/kHVvpXyb2 +2CQQnwixQS6ynx9X8ir+4j5AD4xHdfJMo2IwYDAfBgNVHSMEGDAWgBQZlSLhScK/9K7M8/NKvU1w +gXIBhzAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBSXaLM9SgiQs8Kd +og+GRvueGMj8STALBgcqhkjOOAQDBQADMQAwLgIVAJM9d6zH/0zIEQFlbTHTCAHS8CqpAhUAj6Lv +c5yGElTJvQ/6p9i5qGNOVm0= -----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/client2.csr ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/client2.csr b/qpid-jms-client/src/test/resources/client2.csr index e6e1917..8c3af0e 100644 --- a/qpid-jms-client/src/test/resources/client2.csr +++ b/qpid-jms-client/src/test/resources/client2.csr @@ -1,13 +1,13 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIICWTCCAhYCAQAwJDEQMA4GA1UEAxMHY2xpZW50MjEQMA4GA1UEChMHQ2xpZW50MjCCAbcwggEs +MIICWTCCAhcCAQAwJDEQMA4GA1UEAxMHY2xpZW50MjEQMA4GA1UEChMHQ2xpZW50MjCCAbgwggEs BgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9 jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD 9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGB APfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYT t88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaS -i2ZegHtVJWQBTDv+z0kqA4GEAAKBgEHS/mj8m4KcppS589N1abUkk/PJW/qqD9dmC5C2t+L0wsul -MD/jQ14PvQ4anKD+Ec/3STeyxriRZ0FaOq9Jl2P9gHrxV0F66xD1cD1LKukNtJsN8EFHKIVLFS3z -+r3NMjy+saSGqc5grmoS80hMh6xWzHzYOWVJd1+PWGnCVgmZoDAwLgYJKoZIhvcNAQkOMSEwHzAd -BgNVHQ4EFgQU9GKAwEr1bkg6ODnT9a8TRX2FCc8wCwYHKoZIzjgEAwUAAzAAMC0CFFct52Ts8lGJ -UUgpxzIU4gEnK3bcAhUAjf0KYpO8QlVXxfwWDxVWVe0dwOE= +i2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDgP2FXgn823AsNtc6l2FIGfLbOpEIXVwet4jYUeM4uV3Ir +VQE2ILO2Fs3ldEFohzhwRM2gBatfaeNQUXF7x0eCZQ09z7lHNs6fmgCLvnT5aZPN4cKHYhWK4CIJ +fVAijbrP5B1b6V8m9tgkEJ8IsUEusp8fV/Iq/uI+QA+MR3XyTKAwMC4GCSqGSIb3DQEJDjEhMB8w +HQYDVR0OBBYEFJdosz1KCJCzwp2iD4ZG+54YyPxJMAsGByqGSM44BAMFAAMvADAsAhRcW0+SqjSd +jkmUoXEiB4w0qN2i9QIURo0682bre0zmABK5n9ETrNroGW8= -----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/other-ca-jks.truststore ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/other-ca-jks.truststore b/qpid-jms-client/src/test/resources/other-ca-jks.truststore index 9f390f2..ad085c6 100644 Binary files a/qpid-jms-client/src/test/resources/other-ca-jks.truststore and b/qpid-jms-client/src/test/resources/other-ca-jks.truststore differ http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/1f2f4aa6/qpid-jms-client/src/test/resources/other-ca.crt ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/resources/other-ca.crt b/qpid-jms-client/src/test/resources/other-ca.crt index a9d3483..f95856b 100644 --- a/qpid-jms-client/src/test/resources/other-ca.crt +++ b/qpid-jms-client/src/test/resources/other-ca.crt @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIIC1TCCApOgAwIBAgIEY28QkjALBgcqhkjOOAQDBQAwNDEVMBMGA1UEAxMMb3RoZXItY2Eub3Jn -MRswGQYDVQQKExJPdGhlciBUcnVzdGVkIEluYy4wHhcNMTUwNzAyMTAzNDI4WhcNNDIxMTE2MTAz -NDI4WjA0MRUwEwYDVQQDEwxvdGhlci1jYS5vcmcxGzAZBgNVBAoTEk90aGVyIFRydXN0ZWQgSW5j +MIIC1TCCApOgAwIBAgIEH+tb6DALBgcqhkjOOAQDBQAwNDEVMBMGA1UEAxMMb3RoZXItY2Eub3Jn +MRswGQYDVQQKExJPdGhlciBUcnVzdGVkIEluYy4wHhcNMTYxMjE1MTExMzM4WhcNNDQwNTAxMTEx +MzM4WjA0MRUwEwYDVQQDEwxvdGhlci1jYS5vcmcxGzAZBgNVBAoTEk90aGVyIFRydXN0ZWQgSW5j LjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEm aUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX 58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLr hAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0 SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJ -qIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgGyh0JNp5i39LcxRIQet77oy5NlmT3d1u7TU -zijqFyM5TWyi4fNorYTBayu8bl4aqnaLGyURoCtxKR+AJ63LBp+76wXZOgcYE5MzynJ7ZAPAPtHX -jDr3naMGjnL2IDskBjFP16UWtXluVxZlVsOaJKhs0EzHThUwQHQb3IyvUYNCozIwMDAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBRtpKZYA03H/BifDWuzMv9uNoC7bDALBgcqhkjOOAQDBQADLwAw -LAIUe78VlIHAJ8/6bt0k5uNGRZKukDUCFDHe16PYm2mkiSA5pbGMZB8Sh6fN +qIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgGF8vwoJml7SF1bie3ajqzZqkgCapAD/UuHS +oNnxlnMM0ITiYp0kZExH2OlYKRznqC//ECfF2MYtlGSYiSle8Zo6GWhR9a71/8EkjvWFfg44lVa2 +84Wo+WYs0Mkny6Z4fZP629OwhDXJPT8rFU4dRe4+DMFVD6WiZntigFND6UvKozIwMDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBSjULdzLYdVyk+FxYTUKqIXKf8+kDALBgcqhkjOOAQDBQADLwAw +LAIUWpjS79eKTrn0FFiKfgH07D5JIB8CFCcC8V6f93hHT+4ucod8ZXLCQ9sK -----END CERTIFICATE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
