You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2012/02/08 05:34:19 UTC
svn commit: r1241772 [1/2] - in /river/jtsk/skunk/peterConcurrentPolicy: qa/
qa/jtreg/certs/ qa/jtreg/certs/keys/ qa/jtreg/certs/keys/old/
qa/jtreg/net/jini/jeri/ssl/UnitTests/ qa/jtreg/unittestlib/
src/com/sun/jini/action/ src/net/jini/jeri/ src/net/j...
Author: peter_firmstone
Date: Wed Feb 8 04:34:17 2012
New Revision: 1241772
URL: http://svn.apache.org/viewvc?rev=1241772&view=rev
Log:
River-404 Fixed expired test certificates.
Also fixed:
A null pointer exception in SslServerEncpointImpl.
Minor synchronisation issues in some jtreg tests.
Class variables in SslServerEndpointImpl and SslConnection were non final for testing purposes, their values were changed using reflection, however this created some synchronisation issues in the tests themselves, instead I've changed the property variables to final instance variables, that retrieve properties on construction. Takes a little longer to construct, but has the advantage of being final.
Also includes some other minor refactorings.
svn qa/jtreg/certs/keystores has become corrupted, will have to check out a fresh copy and regenerate the keystores
Added:
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.cert
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.key (with props)
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.properties
- copied, changed from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.cert
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.key (with props)
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.properties
- copied, changed from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.chain
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.request
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.chain
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.properties
- copied, changed from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.request
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.chain
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.request
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.chain
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.properties
- copied, changed from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.request
river/jtsk/skunk/peterConcurrentPolicy/qa/svn-commit.tmp
Removed:
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/CA.class
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/old/
Modified:
river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/CA.java
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.cert
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.key
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.cert
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.key
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/run-ca.sh
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca2.properties
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/truststore
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/unittestlib/BasicTest.java
river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/unittestlib/UnitTestUtilities.java
river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/action/GetPropertyAction.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/BasicObjectEndpoint.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/AuthManager.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/ServerAuthManager.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslConnection.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslServerEndpointImpl.java
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml Wed Feb 8 04:34:17 2012
@@ -58,7 +58,7 @@
<property name="jtreg.home" location="${env.JT_HOME}" />
<!-- probably should rename the environment variable, to enable using the correct -->
<!-- jdk version for the jtreg tests which depend on jdk1.5 -->
- <property name="jdk1.5.home" location="/usr/jdk/jdk1.6.0_30"/>
+ <property name="jdk1.5.home" location="/usr/jdk/jdk1.6.0_25"/>
<property name="jtlib.tmp" location="${jtreg.dir}/JTlib-tmp"/>
<!-- classpath for use by ClassDep in this build -->
@@ -206,6 +206,7 @@
<file name="jsk-resources.jar"/>
<file name="phoenix-init.jar"/>
<file name="tools.jar"/>
+ <file name="classserver.jar"/>
</filelist>
</move>
<move file="${river.lib-ext.dir}/jsk-policy.jar" todir="${jtreg.dir}/JTlib-tmp"/>
@@ -213,21 +214,34 @@
errorproperty="jtreg.fail" failureproperty="jtreg.fail"
reportdir="${jtreg.dir}/JTreport" workdir="${jtreg.dir}/JTwork"
jdk="${jdk1.5.home}">
- <arg value="-cpa:${jtlib.tmp}/jsk-policy.jar${path.separator}${jtlib.tmp}/jsk-lib.jar${path.separator}${jtlib.tmp}/jsk-platform.jar${path.separator}${jtlib.tmp}/jsk-resources.jar${path.separator}${jtlib.tmp}/phoenix-init.jar${path.separator}${jtlib.tmp}/tools.jar"/>
- <arg value="-timeout:4"/>
+ <arg value="-cpa:${jtlib.tmp}/jsk-policy.jar${path.separator}${jtlib.tmp}/jsk-lib.jar${path.separator}${jtlib.tmp}/jsk-platform.jar${path.separator}${jtlib.tmp}/jsk-resources.jar${path.separator}${jtlib.tmp}/phoenix-init.jar${path.separator}${jtlib.tmp}/tools.jar${path.separator}${jtlib.tmp}/classserver.jar"/>
+ <arg value="-timeout:8"/>
<!--<arg value="-Djsk.home=${river.home}"/>-->
<arg value="-Djtlib.tmp=${jtlib.tmp}"/>
<arg value="-Dscratch.dir=${jtreg.dir}/JTwork/scratch"/>
+ <!-- This argument only runs the tests that failed on the last test run -->
<!--<arg value="-status:fail"/>-->
<!--<arg value="-Djava.security.debug=access,failure"/>-->
+ <!-- -DtestLevel Controls the amount of information printed.
+ * 0 - Just print final results and failures.
+ * 5 - Include stack trace for unexpected exceptions (default).
+ * 10 - Print test number and class for each new top level test class
+ * 15 - Print test number and class for every test.
+ * 20 - Print full test entry and pass/fail for every test.
+ * 25 - Include passing results.
+ * 30 - Include additional test debugging output, including time. -->
+ <arg value="-DtestLevel=5"/>
<!--<arg value="-Dsun.security.krb5.debug=true"/>-->
- <arg value="-Djavatest.maxOutputSize=500000"/>
+ <!-- For an unknown reason the following property is ignored -->
+ <arg value="-Djavatest.maxOutputSize=300000"/>
<!--<arg value="net/jini/jeri/kerberos/UnitTests/runTestPerformance.sh" />-->
<!--<arg value="-Bug:6307813"/>-->
<!--<arg value="net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/Test.java"/>-->
<!--<arg value="net/jini/security/Security/implicitGrants/Test.java"/>-->
<!--<arg value="net/jini/security/GrantPermission/implies/Test.java" />-->
<!--<arg value="net/jini/url/httpmd/TestEqual.java"/>-->
+ <!--<arg value="net/jini/jeri/ssl/UnitTests/TestEndpoint.java"/>-->
+ <!--<arg value="net/jini/jeri/ssl/UnitTests/TestRMI.java"/>-->
</jtreg>
<move todir="${river.lib.dir}">
<filelist dir="${jtreg.dir}/JTlib-tmp">
@@ -236,6 +250,7 @@
<file name="jsk-resources.jar"/>
<file name="phoenix-init.jar"/>
<file name="tools.jar"/>
+ <file name="classserver.jar"/>
</filelist>
</move>
<move file="${jtreg.dir}/JTlib-tmp/jsk-policy.jar" todir="${river.lib-ext.dir}"/>
@@ -252,6 +267,8 @@
<file name="jsk-platform.jar"/>
<file name="jsk-resources.jar"/>
<file name="phoenix-init.jar"/>
+ <file name="tools.jar"/>
+ <file name="classserver.jar"/>
</filelist>
</move>
<move file="${jtreg.dir}/JTlib-tmp/jsk-policy.jar" todir="${river.lib-ext.dir}"/>
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/CA.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/CA.java?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/CA.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/CA.java Wed Feb 8 04:34:17 2012
@@ -17,78 +17,102 @@
*/
//import com.dstc.security.pki.ConsoleCATool;
//import com.dstc.security.provider.DSTC;
+import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
+import java.io.FilenameFilter;
import java.io.IOException;
import java.io.InputStream;
+import java.io.InputStreamReader;
import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.Writer;
import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.Key;
+import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
import java.security.PrivateKey;
+import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
-import java.security.SignatureException;
import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
+import java.util.Iterator;
+import java.util.Map.Entry;
import java.util.Properties;
+import java.util.Set;
+import java.util.regex.Pattern;
import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
+import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
import javax.security.auth.x500.X500Principal;
+import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.openssl.PEMWriter;
+import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestHolder;
-/**
+/*
+ * HISTORICAL:
* Run the DSTC Certificate Authority console after installing the provider.
* Install the provider here, rather than in the java.security file, since it
* conflicts with the RSAJCA provider that comes with the JDK 1.3.
*/
+/**
+ * args must be one of two arguments:
+ *
+ * -CA Generate Certificate Authority.
+ * -CR Process Certification Requests.
+ *
+ * @author peter
+ */
public class CA {
- public static void main(String[] args) throws Exception {
+
+ public static void main(String[] args) {
// The original implementation only consisted of these two calls.
//Security.insertProviderAt(new DSTC(), 1);
//com.dstc.security.pki.ConsoleCATool.main(args);
- String configFile = System.getProperty("jcsi.ca.conf", "${user.home}${/}.jcsi${/}ca.properties");
- Properties p = new Properties();
- File conf = new File(configFile);
- conf.canRead();
- try {
- InputStream in = new FileInputStream(conf);
- p.load(in);
- } catch (IOException ex) {
- processException(ex);
- }
Security.insertProviderAt(new BouncyCastleProvider(), 1);
- KeyPairGenerator keyGen = null;
- String algorithm = p.getProperty("jcsi.ca.keyAlg", "RSA");
- int keyLen = Integer.parseInt(p.getProperty("jcsi.ca.keyLength", "256"));
try {
- keyGen = KeyPairGenerator.getInstance(algorithm, "BC");
- } catch (NoSuchAlgorithmException ex) {
- processException(ex);
- } catch (NoSuchProviderException ex) {
- processException(ex);
+ if (args[0].equals("-CA")) {
+ generateCertificateAuthorityCerts();
+ return;
+ } else
+ if (args[0].equals("-CR")) {
+ signCertificationRequests();
+ return;
+ } else {
+ throw new IllegalArgumentException("Argument required either -CA or -CR");
+ }
+ }catch (Exception ex){
+ ex.printStackTrace(System.err);
}
+ }
+
+ private static void generateCertificateAuthorityCerts() throws Exception{
+ Properties p = readProperties();
+
+ // Generate CA key pair
+ KeyPairGenerator keyGen = null;
+ String algorithm = p.getProperty("jcsi.ca.keyAlg", "DSA");
+ int keyLen = Integer.parseInt(p.getProperty("jcsi.ca.keyLength", "512"));
+ keyGen = KeyPairGenerator.getInstance(algorithm, "BC");
SecureRandom random = new SecureRandom();
keyGen.initialize(keyLen, random);
KeyPair keys = keyGen.generateKeyPair();
@@ -96,25 +120,239 @@ public class CA {
PrivateKey privKey = keys.getPrivate(); // The key used to sign our Certificate.
String issuerDN = p.getProperty("jcsi.ca.issuerDN");
- int validDays
+ long validDays
= Integer.parseInt(p.getProperty("jcsi.ca.validityPeriod"));
- String signerAlgorithm = p.getProperty("jcsi.ca.sigAlg", "SHA1withRSA");
+ String signerAlgorithm = p.getProperty("jcsi.ca.sigAlg", "SHA1withDSA");
- //
- ContentSigner sigGen = null;
- try {
- sigGen = new JcaContentSignerBuilder(signerAlgorithm).setProvider("BC").build(privKey);
- } catch (OperatorCreationException ex) {
- processException(ex);
- }
-
+ // Generate root certificate
+ ContentSigner sigGen = new JcaContentSignerBuilder(signerAlgorithm).setProvider("BC").build(privKey);
X500Principal issuer = new X500Principal(issuerDN);
X500Principal subject = issuer; // Self signed.
long time = System.currentTimeMillis();
BigInteger serial = BigInteger.valueOf(time);
Date notBefore = new Date(time - 50000);
- Date notAfter = new Date(time + validDays* 86400000);
+ Date notAfter = new Date(time + validDays* 86400000L);
+ Certificate rootCert = build(sigGen,issuer,serial, notBefore, notAfter, subject, publicKey);
+
+ //Write Private key and Certificate to file.
+ writePrivateKey(privKey, p, random);
+ writeRootCertificate(rootCert, p);
+
+// // Pasword Protect the private key in preparate to write to file.
+// String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+// byte[] salt = "salt and pepper shakers &*@".getBytes();
+// int iterationCount = 2048;
+// PBEKeySpec pbeSpec = new PBEKeySpec(password.toCharArray(), salt, iterationCount);
+// Cipher cipher = null;
+// SecretKeyFactory skf = null;
+// byte [] wrappedPrivKey = null;
+// cipher = Cipher.getInstance("PBEWithSHA1AndDES", "BC");
+// skf = SecretKeyFactory.getInstance("PBEWithSHA1AndDES", "BC");
+// cipher.init(Cipher.WRAP_MODE, skf.generateSecret(pbeSpec));
+// wrappedPrivKey = cipher.wrap(privKey);
+//
+// String directory = p.getProperty("jcsi.ca.key.dir", ".");
+//
+// String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+// String certFileName = p.getProperty("jcsi.ca.cert", "user.cert");
+//
+// File keyFile = new File(directory + "/" + keyFileName);
+// keyFile.canWrite();
+// File certFile = new File (directory + "/" + certFileName);
+// certFile.canWrite();
+// writeFile(certFile, rootCert.getEncoded());
+// writeFile(keyFile, wrappedPrivKey);
+ }
+
+ private static void signCertificationRequests() throws Exception{
+ Properties p = readProperties();
+ ContentSigner sigGen = getContentSigner(p);
+ Certificate rootCert = readRootCertificate(p);
+ X500Principal issuer = getIssuer(p);
+ long time = System.currentTimeMillis();
+ Date notBefore = new Date(time - 50000);
+ long validDays
+ = Integer.parseInt(p.getProperty("jcsi.ca.validityPeriod"));
+ Date notAfter = new Date(time + validDays * 86400000L);
+ /*
+ * Get certificate requests and write chains to file.
+ */
+ String reqDir = p.getProperty("ca.requests", "requests");
+ String pattern = p.getProperty("ca.regex.pattern", "request");
+ File requests = new File(reqDir);
+ if ( requests.isDirectory()){
+ Filter filter = new Filter(pattern);
+ File [] certRequests = requests.listFiles(filter);
+ int l = certRequests.length;
+ for (int i = 0; i < l; i++){
+ String fileName = certRequests[i].getName();
+ String chainName = fileName.replaceAll("request", "chain");
+ Reader input = new InputStreamReader(
+ new BufferedInputStream(
+ new FileInputStream(certRequests[i]))
+ );
+ PEMReader pemRead = new PEMReader(input);
+ PKCS10CertificationRequest certReq =
+ (PKCS10CertificationRequest) pemRead.readObject();
+ JcaPKCS10CertificationRequestHolder holder =
+ new JcaPKCS10CertificationRequestHolder(certReq);
+ PublicKey publicKey1 = holder.getPublicKey();
+ X500Name x500Name = holder.getSubject();
+ X500Principal subject1 = new X500Principal(x500Name.toString());
+ BigInteger ser = BigInteger.valueOf(System.currentTimeMillis());
+ Certificate issuedCert = build(sigGen, issuer, ser,
+ notBefore, notAfter, subject1, publicKey1);
+ File f = new File(reqDir + "/" + chainName);
+ OutputStreamWriter out = new OutputStreamWriter(
+ new BufferedOutputStream(new FileOutputStream(f)));
+ PEMWriter pemWrt = new PEMWriter(out);
+ pemWrt.writeObject(issuedCert);
+ pemWrt.writeObject(rootCert);
+ pemWrt.close();
+ }
+
+ }
+ }
+
+ private static Properties readProperties() throws Exception {
+ Properties systemProperties = System.getProperties();
+ String userHome = systemProperties.getProperty("user.home", "");
+ String configFile = systemProperties.getProperty("jcsi.ca.conf", userHome + "{/}.jcsi${/}ca.properties");
+ Properties p = new Properties();
+ File conf = new File(configFile);
+ conf.canRead();
+ InputStream in = new FileInputStream(conf);
+ p.load(in);
+ expand(p, systemProperties);
+ return p;
+ }
+
+ private static void writePrivateKey( PrivateKey k, Properties p, SecureRandom r) throws Exception {
+ // Pasword Protect the private key in preparate to write to file.
+ String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+ byte[] salt = "salt and pepper shakers &*@".getBytes();
+ int iterationCount = 2048;
+ PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, iterationCount);
+
+ PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, iterationCount);
+ String pbeAlgorithm = "PBEwithSHA1AndDESede";
+ Cipher cipher = Cipher.getInstance(pbeAlgorithm);
+ SecretKeyFactory skf = SecretKeyFactory.getInstance(pbeAlgorithm);
+ cipher.init(Cipher.WRAP_MODE, skf.generateSecret(pbeKeySpec));
+ byte [] wrappedPrivKey = cipher.wrap(k);
+ // Info to enable later retreival. cipher.getParameters() returns null.
+// AlgorithmParameters algParam = AlgorithmParameters.getInstance(pbeAlgorithm);
+// algParam.init(pbeParamSpec);
+ EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(cipher.getParameters(), wrappedPrivKey);
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+ File keyFile = new File(directory + "/" + keyFileName);
+ keyFile.canWrite();
+ writeFile(keyFile, pInfo.getEncoded());
+
+// PKCS8Generator generator = new PKCS8Generator(k, "PBEWithSHA1AndDES", "BC");
+// String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+// String directory = p.getProperty("jcsi.ca.key.dir", ".");
+// String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+// generator.setIterationCount(2048);
+// generator.setPassword(password.toCharArray());
+// generator.setSecureRandom(r);
+// File f = new File(directory +"/"+ keyFileName);
+// Writer out = new OutputStreamWriter(new BufferedOutputStream(new FileOutputStream(f)));
+// PEMWriter pemWriter = new PEMWriter(out, "BC");
+// pemWriter.writeObject(generator);
+// pemWriter.flush();
+// pemWriter.close();
+ }
+
+ private static PrivateKey readPrivateKey( Properties p ) throws Exception {
+ // Retrieve property strings
+ String secretKeyAlgorithm = p.getProperty("jcsi.ca.keyAlg", "DSA");
+ String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+ // Read ASN.1 Encoded byte[] from file.
+ File keyFile = new File(directory + "/" + keyFileName);
+ InputStream in = new BufferedInputStream(new FileInputStream(keyFile));
+ int len = (int) keyFile.length();
+ byte [] bytes = new byte[len];
+ in.read(bytes);
+ // Reconstruct ASN.1 encoded bytes.
+ EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(bytes);
+ // Get the wrapper key algorithm.
+ String wrapKeyAlgorithm = pInfo.getAlgName();
+ // Factory to generate the wrapper key.
+ SecretKeyFactory secretKeyFact = SecretKeyFactory.getInstance(wrapKeyAlgorithm);
+ // Get the cipher.
+ Cipher cipher = Cipher.getInstance(pInfo.getAlgName());
+ // The wrapper key password.
+ PBEKeySpec pbeSpec = new PBEKeySpec(password.toCharArray());
+ // initialise the cypher with wrapper key in unwrap mode.
+ cipher.init(Cipher.DECRYPT_MODE, secretKeyFact.generateSecret(pbeSpec), pInfo.getAlgParameters());
+ // Retrieve the private key.
+ PKCS8EncodedKeySpec pcks8Spec = pInfo.getKeySpec(cipher);
+ KeyFactory keyFact = KeyFactory.getInstance(secretKeyAlgorithm, "BC");
+ return keyFact.generatePrivate(pcks8Spec);
+
+// if (rootKey != null ) return rootKey;
+// String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+// String directory = p.getProperty("jcsi.ca.key.dir", ".");
+// String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+// File f = new File(directory +"/"+ keyFileName);
+// Reader in = new InputStreamReader(new BufferedInputStream(new FileInputStream(f)));
+// PEMReader pemReader = new PEMReader(in, new Pass(password),"BC");
+// rootKey = (PrivateKey) pemReader.readObject();
+// return rootKey;
+ }
+
+ private static void writeRootCertificate( Certificate c, Properties p) throws Exception{
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String certFileName = p.getProperty("jcsi.ca.cert", "user.cert");
+ File f = new File(directory +"/"+ certFileName);
+ Writer out = new OutputStreamWriter(new BufferedOutputStream(new FileOutputStream(f)));
+ PEMWriter pemWriter = new PEMWriter(out, "BC");
+ pemWriter.writeObject(c);
+ pemWriter.flush();
+ pemWriter.close();
+ }
+
+ private static Certificate readRootCertificate( Properties p ) throws FileNotFoundException, IOException, Exception{
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String certFileName = p.getProperty("jcsi.ca.cert", "user.cert");
+ File f = new File(directory +"/"+ certFileName);
+ Reader in = new InputStreamReader(new BufferedInputStream(new FileInputStream(f)));
+ PEMReader pemReader = new PEMReader(in);
+ return (Certificate) pemReader.readObject();
+ }
+
+ private static X500Principal getIssuer( Properties p ){
+ String issuerDN = p.getProperty("jcsi.ca.issuerDN");
+ return new X500Principal(issuerDN);
+ }
+
+ private static ContentSigner getContentSigner(Properties p) throws Exception{
+ String signerAlgorithm = p.getProperty("jcsi.ca.sigAlg", "SHA1withDSA");
+ return new JcaContentSignerBuilder(signerAlgorithm).setProvider("BC").build(readPrivateKey(p));
+ }
+
+ private static void writeFile(File f, byte[] bytes) throws Exception{
+ OutputStream out = new BufferedOutputStream(new FileOutputStream(f));
+ out.write(bytes);
+ out.flush();
+ out.close();
+ }
+
+ private static Certificate build(
+ ContentSigner sigGen,
+ X500Principal issuer,
+ BigInteger serial,
+ Date notBefore,
+ Date notAfter,
+ X500Principal subject,
+ PublicKey publicKey
+ ) throws Exception
+ {
X509v1CertificateBuilder certBuilder =
new JcaX509v1CertificateBuilder(
issuer,
@@ -127,84 +365,84 @@ public class CA {
X509CertificateHolder certHolder = certBuilder.build(sigGen);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
Certificate cert = null;
- try {
- cert = converter.getCertificate(certHolder);
- } catch (CertificateException ex) {
- processException(ex);
+ cert = converter.getCertificate(certHolder);
+ return cert;
+ }
+
+ public static void expand(Properties p, Properties system) throws Exception{
+ Set<Entry<Object, Object>> entrySet = p.entrySet();
+ Iterator<Entry<Object, Object>> i = entrySet.iterator();
+ while (i.hasNext()){
+ Entry<Object, Object> entry = i.next();
+ Object value = entry.getValue();
+ value = expand(value.toString(), system);
+ entry.setValue(value);
}
- try {
- cert.verify(publicKey);
- } catch (CertificateException ex) {
- processException(ex);
- } catch (NoSuchAlgorithmException ex) {
- processException(ex);
- } catch (InvalidKeyException ex) {
- processException(ex);
- } catch (NoSuchProviderException ex) {
- processException(ex);
- } catch (SignatureException ex) {
- processException(ex);
+ }
+ /**
+ * Substitutes all entries like ${some.key}, found in specified string,
+ * for specified values.
+ * If some key is unknown, throws ExpansionFailedException.
+ * @param str the string to be expanded
+ * @param properties available key-value mappings
+ * @return expanded string
+ * @throws Exception
+ */
+ public static String expand(String str, Properties properties)
+ throws Exception {
+ final String START_MARK = "${"; //$NON-NLS-1$
+ final String END_MARK = "}"; //$NON-NLS-1$
+ final int START_OFFSET = START_MARK.length();
+ final int END_OFFSET = END_MARK.length();
+
+ StringBuilder result = new StringBuilder(str);
+ int start = result.indexOf(START_MARK);
+ while (start >= 0) {
+ int end = result.indexOf(END_MARK, start);
+ if (end >= 0) {
+ String key = result.substring(start + START_OFFSET, end);
+ String value = properties.getProperty(key);
+ if (value != null) {
+ result.replace(start, end + END_OFFSET, value);
+ start += value.length();
+ } else {
+ System.err.println(str + " key not found: " + key);
+ throw new Exception("Failed to expand properties"); //$NON-NLS-1$
+ }
+ }
+ start = result.indexOf(START_MARK, start);
}
-
- // Pasword Protect the private key in preparate to write to file.
- String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
- byte[] salt = "salt and pepper shakers &*@".getBytes();
- int iterationCount = 2048;
- PBEKeySpec pbeSpec = new PBEKeySpec(password.toCharArray(), salt, iterationCount);
- Cipher cipher = null;
- SecretKeyFactory skf = null;
- byte [] wrappedPrivKey = null;
- try {
- cipher = Cipher.getInstance("PBEWithSHA1AndDES", "BC");
- skf = SecretKeyFactory.getInstance("PBEWithSHA1AndDES", "BC");
- cipher.init(Cipher.WRAP_MODE, skf.generateSecret(pbeSpec));
- wrappedPrivKey = cipher.wrap(privKey);
- } catch (InvalidKeySpecException ex) {
- processException(ex);
- } catch (NoSuchAlgorithmException ex) {
- processException(ex);
- } catch (NoSuchProviderException ex) {
- processException(ex);
- } catch (NoSuchPaddingException ex) {
- processException(ex);
- }catch (InvalidKeyException ex) {
- processException(ex);
- }catch (IllegalBlockSizeException ex) {
- processException(ex);
+ return result.toString();
+ }
+
+ private static class Filter implements FilenameFilter {
+ private final Pattern regex;
+ private Filter(String regex){
+ this.regex = Pattern.compile(regex);
}
-
- String directory = p.getProperty("jcsi.ca.key.dir", ".");
-
- String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
- String certFileName = p.getProperty("jcsi.ca.cert", "user.cert");
-
- File keyFile = new File(directory + "/" + keyFileName);
- keyFile.canWrite();
- File certFile = new File (directory + "/" + certFileName);
- certFile.canWrite();
- OutputStream out = null;
- try {
- out = new BufferedOutputStream(new FileOutputStream(certFile));
- out.write(cert.getEncoded());
- out.flush();
- out.close();
- out = new BufferedOutputStream(new FileOutputStream(keyFile));
- out.write(wrappedPrivKey);
- out.flush();
- out.close();
- } catch (FileNotFoundException ex) {
- processException(ex);
- } catch (CertificateEncodingException ex) {
- processException(ex);
- } catch (IOException ex) {
- processException(ex);
+
+ @Override
+ public boolean accept(File dir, String name) {
+ if (regex.matcher(name).matches()){
+ return true;
+ }
+ return false;
}
}
- private static void processException(Exception ex) throws Exception{
- ex.printStackTrace(System.err);
- throw ex;
+ private static class Pass implements PasswordFinder {
+ private final String password;
+
+ private Pass(String password){
+ this.password = password;
+ }
+
+ @Override
+ public char[] getPassword() {
+ return password.toCharArray();
+ }
+
}
}
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.cert
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.cert?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.key
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.key?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
Files river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.key (original) and river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca1.key Wed Feb 8 04:34:17 2012 differ
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.cert
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.cert?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.key
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.key?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
Files river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.key (original) and river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/keys/test-ca2.key Wed Feb 8 04:34:17 2012 differ
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/run-ca.sh
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/run-ca.sh?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/run-ca.sh (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/run-ca.sh Wed Feb 8 04:34:17 2012
@@ -17,7 +17,7 @@
# limitations under the License.
#*/
# Run a DSTC certificate authority, specifying the properties file as
-# the first argument.
+# the argument.
# Directory containing classes that patch JCSI
#PATCHROOT=/home/tjb/.jcsi
@@ -25,7 +25,8 @@
#DSTCROOT=/home/tjb/lib/jcsi/jcsi_v1.0b1
# JCSI has been replaced with Bouncy Castle
-BC_LIB=../../../bouncy-castle
+BC_LIB=${RIVER_HOME}/bouncy-castle
+JTREG_DIR=${RIVER_HOME}/qa/jtreg
# JCSI uses a different format for requesting Cipher algorithms than is
# supported by the JDK 1.4, so use 1.3
@@ -34,5 +35,6 @@ BC_LIB=../../../bouncy-castle
#$JDK13HOME/bin/java -cp .:$PATCHROOT:$DSTCROOT/classes:$DSTCROOT/jars/jcsi.jar \
# -Djcsi.ca.conf=$1 CA
-$JAVA_HOME/bin/java -cp .:${BC_LIB}/bcprov-jdk16-146.jar:${BC_LIB}/bcmail-jdk16-146.jar \
- -Djcsi.ca.conf=$1 CA
+# Changed, so the first argument is the option to pass the CA, the second is the configuration file.
+$JAVA_HOME/bin/java -cp .:${BC_LIB}/bcprov-jdk16-146.jar:${BC_LIB}/bcmail-jdk16-146.jar:${JTREG_DIR}/certs \
+ -Djtreg.dir=${JTREG_DIR} -Djcsi.ca.conf=$2 CA $1
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties Wed Feb 8 04:34:17 2012
@@ -36,3 +36,9 @@ jcsi.ca.ldap.publish=false
# The validity period for generated certificates, in days
jcsi.ca.certValidityPeriod=3650
+
+# The requests directory
+ca.requests=requests
+
+# Regex for filtering files.
+ca.regex.pattern=^.*[1]{1}[A-Z]{1}\\.request$
\ No newline at end of file
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca2.properties
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca2.properties?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca2.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca2.properties Wed Feb 8 04:34:17 2012
@@ -36,3 +36,9 @@ jcsi.ca.ldap.publish=false
# The validity period for generated certificates, in days
jcsi.ca.certValidityPeriod=3650
+
+# The requests directory
+ca.requests=requests
+
+# Regex for filtering files.
+ca.regex.pattern=^.*[2]{1}[A-Z]{1}\\.request$
\ No newline at end of file
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java Wed Feb 8 04:34:17 2012
@@ -306,39 +306,55 @@ public class TestRMI extends TestUtiliti
/** Test timing out client and server SSL sessions. */
public static class TestTimeout extends BasicTest {
+ static final String serverPropName = "com.sun.jini.jeri.ssl.maxServerSessionDuration";
+ static final String clientPropName = "com.sun.jini.jeri.ssl.maxClientSessionDuration";
+ static final String max = Long.toString(Long.MAX_VALUE);
/* Time needed to complete an initial call successfully */
static final long CALLTIME = 10 * 1000;
+ static final String calltime = Long.toString(CALLTIME);
static Test[] localtests = {
new TestTimeout("client timeout", 2 * CALLTIME) {
public Object run() throws IOException {
- long old = setMaxClientSessionDuration(CALLTIME);
+ String old = System.setProperty(clientPropName, calltime);
try {
return super.run();
} finally {
- setMaxClientSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(clientPropName, old );
+ }else{
+ System.clearProperty(clientPropName);
+ }
}
}
},
new TestTimeout("client timeout wraparound", CALLTIME) {
public Object run() throws IOException {
- long old = setMaxClientSessionDuration(Long.MAX_VALUE);
+ String old = System.setProperty(clientPropName, max);
try {
return super.run();
} finally {
- setMaxClientSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(clientPropName, old );
+ }else{
+ System.clearProperty(clientPropName);
+ }
}
}
},
new TestTimeout("server timeout", 2 * CALLTIME) {
public Object run() throws IOException {
- long old = setMaxServerSessionDuration(CALLTIME);
+ String old = System.setProperty(serverPropName, calltime);
try {
return super.run();
} catch (IOException e) {
return e;
} finally {
- setMaxServerSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(serverPropName, old );
+ }else{
+ System.clearProperty(serverPropName);
+ }
}
}
public void check(Object result) {
@@ -350,20 +366,24 @@ public class TestRMI extends TestUtiliti
},
new TestTimeout("server timeout wraparound", CALLTIME) {
public Object run() throws IOException {
- long old = setMaxServerSessionDuration(Long.MAX_VALUE);
+ String old = System.setProperty(serverPropName, max);
try {
return super.run();
} finally {
- setMaxServerSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(serverPropName, old );
+ }else{
+ System.clearProperty(serverPropName);
+ }
}
}
}
};
- Subject clientSubject = getClientSubject();
+ final Subject clientSubject = getClientSubject();
- long timeout;
- int calls;
+ final long timeout;
+ volatile int calls; //Ok cause only one thread increments.
IOException ioException;
boolean done;
@@ -374,6 +394,9 @@ public class TestRMI extends TestUtiliti
TestTimeout(String name, long timeout) {
super(name);
this.timeout = timeout;
+ calls = 0;
+ ioException = null;
+ done = false;
}
Subject getClientSubject() {
@@ -415,14 +438,14 @@ public class TestRMI extends TestUtiliti
} catch (InterruptedException e) {
}
} while (!done && System.currentTimeMillis() < stop);
- }
- if (calls == 0) {
- throw new FailedException("No calls made");
- } else if (ioException != null) {
- throw ioException;
- } else {
- return null;
- }
+ if (calls == 0) {
+ throw new FailedException("No calls made");
+ } else if (ioException != null) {
+ throw ioException;
+ } else {
+ return null;
+ }
+ }
}
void runInThread() {
@@ -457,7 +480,9 @@ public class TestRMI extends TestUtiliti
}
server.unexport();
} catch (IOException e) {
- ioException = e;
+ synchronized (this){
+ ioException = e;
+ }
} finally {
synchronized (TestTimeout.this) {
done = true;
@@ -475,7 +500,11 @@ public class TestRMI extends TestUtiliti
/** Test with expired certificates. */
public static class TestExpired extends BasicTest {
- static Test[] localtests = { new TestExpired() };
+ static final String serverPropName = "com.sun.jini.jeri.ssl.maxServerSessionDuration";
+ static final String clientPropName = "com.sun.jini.jeri.ssl.maxClientSessionDuration";
+ static final String clientMax = Long.toString(23*60*60*1000);
+ static final String serverMax = Long.toString(24*60*60*1000);
+ static Test[] localtests = { new TestExpired()};
Subject clientSubject = new WithSubject() { {
addX500Principal("clientDSA2", subject);
@@ -504,9 +533,9 @@ public class TestRMI extends TestUtiliti
});
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
- }
- }
-
+ }
+ }
+
public void check(Object result) { }
Object runInternal() throws IOException {
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java Wed Feb 8 04:34:17 2012
@@ -76,8 +76,8 @@ public class TestUtilities extends UnitT
/* Reflection */
/** The name of the package containing the classes */
- static String PACKAGE = "net.jini.jeri.ssl";
-
+ static final String PACKAGE = "net.jini.jeri.ssl";
+
static final LazyMethod impliesConstraintConstraint = new LazyMethod(
"Utilities", "implies",
new Class[] { InvocationConstraint.class, InvocationConstraint.class });
@@ -179,11 +179,11 @@ public class TestUtilities extends UnitT
/* Credentials */
- private static KeyStore keyStore;
+ private static volatile KeyStore keyStore;
- private static CertificateFactory certFactory;
+ private static volatile CertificateFactory certFactory;
- static char[] keyStorePassword = "keypass".toCharArray();
+ static final char[] keyStorePassword = "keypass".toCharArray();
static final String clientDSA = "CN=clientDSA";
static final String clientRSA1 = "CN=clientRSA1, C=US";
@@ -402,10 +402,10 @@ public class TestUtilities extends UnitT
/** Like Method, but resolves method when first invoked */
static class LazyMethod {
- private String className;
- private String methodName;
- private Class[] argumentTypes;
- private Method method;
+ private final String className;
+ private final String methodName;
+ private final Class[] argumentTypes;
+ private volatile Method method;
LazyMethod(String className,
String methodName,
@@ -430,7 +430,10 @@ public class TestUtilities extends UnitT
*/
Object invoke(Object object, Object[] arguments) {
try {
- return getMethod().invoke(object, arguments);
+ Method m = getMethod();
+ synchronized (m){
+ return m.invoke(object, arguments);
+ }
} catch (InvocationTargetException e) {
throw unexpectedException(e.getTargetException());
} catch (Exception e) {
@@ -446,7 +449,10 @@ public class TestUtilities extends UnitT
throws InvocationTargetException
{
try {
- return getMethod().invoke(object, arguments);
+ Method m = getMethod();
+ synchronized (m){
+ return m.invoke(object, arguments);
+ }
} catch (InvocationTargetException e) {
throw e;
} catch (Exception e) {
@@ -457,13 +463,17 @@ public class TestUtilities extends UnitT
/** Returns the requested provider method */
private Method getMethod() {
if (method == null) {
- try {
- Class type = TestUtilities.getClass(className);
- method = type.getDeclaredMethod(methodName, argumentTypes);
- method.setAccessible(true);
- } catch (NoSuchMethodException e) {
- throw unexpectedException(e);
- }
+ synchronized (this){
+ if (method == null){
+ try {
+ Class type = TestUtilities.getClass(className);
+ method = type.getDeclaredMethod(methodName, argumentTypes);
+ method.setAccessible(true);
+ } catch (NoSuchMethodException e) {
+ throw unexpectedException(e);
+ }
+ }
+ }
}
return method;
}
@@ -471,9 +481,9 @@ public class TestUtilities extends UnitT
/** Like Constructor, but resolves constructor when first used */
static class LazyConstructor {
- private String className;
- private Class[] argumentTypes;
- private Constructor constructor;
+ private final String className;
+ private final Class[] argumentTypes;
+ private volatile Constructor constructor;
LazyConstructor(String className, Class[] argumentTypes) {
this.className = className;
@@ -513,13 +523,17 @@ public class TestUtilities extends UnitT
/** Returns the requested provider constructor */
private Constructor getConstructor() {
if (constructor == null) {
- try {
- Class type = TestUtilities.getClass(className);
- constructor = type.getDeclaredConstructor(argumentTypes);
- constructor.setAccessible(true);
- } catch (NoSuchMethodException e) {
- throw unexpectedException(e);
- }
+ synchronized (this){
+ if (constructor == null){
+ try {
+ Class type = TestUtilities.getClass(className);
+ constructor = type.getDeclaredConstructor(argumentTypes);
+ constructor.setAccessible(true);
+ } catch (NoSuchMethodException e) {
+ throw unexpectedException(e);
+ }
+ }
+ }
}
return constructor;
}
@@ -527,10 +541,10 @@ public class TestUtilities extends UnitT
/** Like Field, but resolves field when first used */
static class LazyField {
- private String packageName;
- private String className;
- private String fieldName;
- private Field field;
+ private final String packageName;
+ private final String className;
+ private final String fieldName;
+ private volatile Field field;
LazyField(String className, String fieldName) {
this(PACKAGE, className, fieldName);
@@ -559,15 +573,19 @@ public class TestUtilities extends UnitT
/** Returns the requested provider field */
private Field getField() {
if (field == null) {
- try {
- Class type =
- TestUtilities.getClass(packageName, className);
- field = type.getDeclaredField(fieldName);
- field.setAccessible(true);
- } catch (NoSuchFieldException e) {
- throw unexpectedException(e);
- }
- }
+ synchronized (this) {
+ if (field == null){
+ try {
+ Class type =
+ TestUtilities.getClass(packageName, className);
+ field = type.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ } catch (NoSuchFieldException e) {
+ throw unexpectedException(e);
+ }
+ }
+ }
+ }
return field;
}
@@ -579,7 +597,10 @@ public class TestUtilities extends UnitT
/** Sets a field */
void set(Object object, Object value) {
try {
- getField().set(object, value);
+ Field f = getField();
+ synchronized (f){
+ f.set(object, value);
+ }
} catch (Exception e) {
throw unexpectedException(e);
}
@@ -660,8 +681,12 @@ public class TestUtilities extends UnitT
/* -- Credentials -- */
static class TestPrincipal implements Principal {
- String name;
- TestPrincipal(String name) { this.name = name; }
+ private final String name;
+
+ TestPrincipal(String name) {
+ this.name = name;
+ }
+
public String getName() { return name; }
public String toString() { return "TestPrincipal{" + name + "}"; }
public int hashCode() { return name.hashCode(); }
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.cert
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.cert?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.cert (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.cert Wed Feb 8 04:34:17 2012
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICYjCCAcsCBgE1UXOGdjANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNVBAoTFFN1biBN
+aWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIwEAYDVQQDEwlU
+ZXN0IENBIDEwHhcNMTIwMjA2MDY1NjEwWhcNMjIwMjAzMDY1NzAwWjB3MQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNV
+BAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIw
+EAYDVQQDEwlUZXN0IENBIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJue
+EFstcakAxlgBPxi6qzf04EhOh5aaEU7HiC6OJ558SqqqLqPVxZ9cxc3RtDCIG5XI
+JU1PL8CIqI6mjZZD0yPa7aZVo+ipc3TR++V+ylyBO06c1WaRmMaD9IDCqGpwC1D2
+6OCN/qbXvBnRjlqPbJxyURywCtI+laC/qIXsQ7ejAgMBAAEwDQYJKoZIhvcNAQEF
+BQADgYEAYylgEgpw8xrFCELTva782YB5FwCvEsYl/i0X+wW4g1OvBX5e7M5RfJC8
+ruPSZkZYeCKybODgFaEaPpi1z1P31IfXM/IjXEFQ1yNuZ1G7KSVrosxG1G6MxuWm
+LkMAnQCX/k7y6iPsi+fKM22VCXDrzJERz9gx3C+/8uykxn2DUMc=
+-----END CERTIFICATE-----
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.key
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.key?rev=1241772&view=auto
==============================================================================
Binary file - no diff available.
Propchange: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.key
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Copied: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.properties (from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.properties?p2=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.properties&p1=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties&r1=1235231&r2=1241772&rev=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca.properties Wed Feb 8 04:34:17 2012
@@ -1,4 +1,4 @@
-# JCSI configuration file for Test CA 1
+# JCSI configuration file for Test CA
#------------------------------------------------------------------------
# the CA's email address
@@ -20,19 +20,22 @@ jcsi.ca.sigAlg=SHA1withRSA
jcsi.ca.keyAlg=RSA
# the CA's key directory
-jcsi.ca.key.dir=keys
+jcsi.ca.key.dir=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
# the CA's private key in the key directory
-jcsi.ca.privKey=test-ca1.key
+jcsi.ca.privKey=ca.key
# the password to protect the CA's private key (needed by onlineCA)
-jcsi.ca.privKey.password=test-ca1-keypass
+jcsi.ca.privKey.password=keypass
# the CA's cert in the key directory
-jcsi.ca.cert=test-ca1.cert
+jcsi.ca.cert=ca.cert
# whether onlineCA publishes to LDAP repository
jcsi.ca.ldap.publish=false
-# The validity period for generated certificates, in days
-jcsi.ca.certValidityPeriod=3650
+# The requests directory
+ca.requests=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
+
+# Regex for filtering files.
+ca.regex.pattern=^.*RSA[\\d]{1}\\.request$
\ No newline at end of file
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.cert
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.cert?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.cert (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.cert Wed Feb 8 04:34:17 2012
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAuACBgE1UXSFjDAJBgcqhkjOOAQDMHcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMUU3VuIE1pY3Jv
+c3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNVBAMTCVRlc3Qg
+Q0EgMTAeFw0xMjAyMDYwNjU3MTVaFw0yMjAyMDMwNjU4MDVaMHcxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMU
+U3VuIE1pY3Jvc3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNV
+BAMTCVRlc3QgQ0EgMTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDJctkyvO2WLdCN
+3/IAy5FAq22/TXXwsfHQWZ4d43oGD6Uf4bzcVb0U3iMqbAqfZ14jmUEJZN++AeD5
+bdtJz2kx6qfQX803457Vr0uqM4WJYcmC9yGPj8VjzaIeJ32z6F65Bu1AKe/ntzeB
+pS7pXheHYjHbe+nOF/5PsYGwiPFL1QIVAKE07vx+RjmF3/a2LGK5LwhFIyQjAoGB
+ALJBr4dov03Uo6QJlesqWqiTOOL/LxSdUiO6hFS1SNO6oX0PyVnNwM+DXMDDmSxJ
+b17QIKK2Dv2vvalJXnvtWj15kO4wzTXvA94yO9KIanH8hbAzvwQVO3PcR68KSGkf
+qhYAlq/jqjPV8TcYDreWE1MVz50mPLKsrpzWDb442vV3A4GEAAKBgGkr+st+MMBA
+9vHsqar/K6R3Qaxg0O0QhQxBNzQGRTFpYu81tRjAP9hM/YmeissLLgzTmxqRUvYT
+UMkU8QQ7OD77kdaW0t8WZXxHcWJxytdSsEUINAkr7DzeXA5Pqw3JXCnMjoXtu/cX
+yeRTuXa4FxbXMVVJ2D3DpGcJ+66V48FVMAkGByqGSM44BAMDLwAwLAIUF5eExqgp
+ALpngTBa7u4p7mICeRgCFEwFpwmdg+GhnzBXr53skNahV8Tp
+-----END CERTIFICATE-----
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.key
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.key?rev=1241772&view=auto
==============================================================================
Binary file - no diff available.
Propchange: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.key
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Copied: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.properties (from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.properties?p2=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.properties&p1=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties&r1=1235231&r2=1241772&rev=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/ca1.properties Wed Feb 8 04:34:17 2012
@@ -1,4 +1,4 @@
-# JCSI configuration file for Test CA 1
+# JCSI configuration file for Test CA
#------------------------------------------------------------------------
# the CA's email address
@@ -15,24 +15,27 @@ jcsi.ca.issuerDN=CN=Test CA 1, OU=Jini G
# algorithms the CA uses
# was SHA-1/DSA
-jcsi.ca.sigAlg=SHA1withRSA
+jcsi.ca.sigAlg=SHA1withDSA
# was DSA
-jcsi.ca.keyAlg=RSA
+jcsi.ca.keyAlg=DSA
# the CA's key directory
-jcsi.ca.key.dir=keys
+jcsi.ca.key.dir=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
# the CA's private key in the key directory
-jcsi.ca.privKey=test-ca1.key
+jcsi.ca.privKey=ca1.key
# the password to protect the CA's private key (needed by onlineCA)
-jcsi.ca.privKey.password=test-ca1-keypass
+jcsi.ca.privKey.password=keypass
# the CA's cert in the key directory
-jcsi.ca.cert=test-ca1.cert
+jcsi.ca.cert=ca1.cert
# whether onlineCA publishes to LDAP repository
jcsi.ca.ldap.publish=false
-# The validity period for generated certificates, in days
-jcsi.ca.certValidityPeriod=3650
+# The requests directory
+ca.requests=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
+
+# Regex for filtering files.
+ca.regex.pattern=^.*DSA[\\d]{1}\\.request$
\ No newline at end of file
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.chain
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.chain?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.chain (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.chain Wed Feb 8 04:34:17 2012
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAn8CBgE1UXTIzTAJBgcqhkjOOAQDMHcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMUU3VuIE1pY3Jv
+c3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNVBAMTCVRlc3Qg
+Q0EgMTAeFw0xMjAyMDYwNjU3MzJaFw0yMjAyMDMwNjU4MjJaMBUxEzARBgNVBAMT
+CmNsaWVudERTQTIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qc
+Luzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
+8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oW
+kTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD3
+4aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkW
+cSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvM
+pPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEAuCSUBNWy2Gal
+ekLjRfn+MNiBu2ue8gPrd2iJRLRPsMhhjV34tnVMem2J0q3k1V3kZDaZraLbcI9C
+pNKCk5yhLGSrdLz9QjhCndrXIqcC/U0oShHphOdSP15X/8Wo4jd5KyJUufe3C4W3
+ml9fQ0mU0KfNgJBEbBJFf/JWWQm8vW4wCQYHKoZIzjgEAwMvADAsAhR2ur/D5cvO
+QylC4QasYhHqtakjHQIUdAuvv4VXcTkZc5QvN3mY8ZKbLXY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAuACBgE1UXSFjDAJBgcqhkjOOAQDMHcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMUU3VuIE1pY3Jv
+c3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNVBAMTCVRlc3Qg
+Q0EgMTAeFw0xMjAyMDYwNjU3MTVaFw0yMjAyMDMwNjU4MDVaMHcxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMU
+U3VuIE1pY3Jvc3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNV
+BAMTCVRlc3QgQ0EgMTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDJctkyvO2WLdCN
+3/IAy5FAq22/TXXwsfHQWZ4d43oGD6Uf4bzcVb0U3iMqbAqfZ14jmUEJZN++AeD5
+bdtJz2kx6qfQX803457Vr0uqM4WJYcmC9yGPj8VjzaIeJ32z6F65Bu1AKe/ntzeB
+pS7pXheHYjHbe+nOF/5PsYGwiPFL1QIVAKE07vx+RjmF3/a2LGK5LwhFIyQjAoGB
+ALJBr4dov03Uo6QJlesqWqiTOOL/LxSdUiO6hFS1SNO6oX0PyVnNwM+DXMDDmSxJ
+b17QIKK2Dv2vvalJXnvtWj15kO4wzTXvA94yO9KIanH8hbAzvwQVO3PcR68KSGkf
+qhYAlq/jqjPV8TcYDreWE1MVz50mPLKsrpzWDb442vV3A4GEAAKBgGkr+st+MMBA
+9vHsqar/K6R3Qaxg0O0QhQxBNzQGRTFpYu81tRjAP9hM/YmeissLLgzTmxqRUvYT
+UMkU8QQ7OD77kdaW0t8WZXxHcWJxytdSsEUINAkr7DzeXA5Pqw3JXCnMjoXtu/cX
+yeRTuXa4FxbXMVVJ2D3DpGcJ+66V48FVMAkGByqGSM44BAMDLwAwLAIUF5eExqgp
+ALpngTBa7u4p7mICeRgCFEwFpwmdg+GhnzBXr53skNahV8Tp
+-----END CERTIFICATE-----
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.request
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.request?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.request (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2.request Wed Feb 8 04:34:17 2012
@@ -0,0 +1,12 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICGjCCAdgCAQAwFTETMBEGA1UEAxMKY2xpZW50RFNBMjCCAbgwggEsBgcqhkjOOAQBMIIBHwKB
+gQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeB
+O4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1
+864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
+V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyN
+KOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq
+A4GFAAKBgQC4JJQE1bLYZqV6QuNF+f4w2IG7a57yA+t3aIlEtE+wyGGNXfi2dUx6bYnSreTVXeRk
+Npmtottwj0Kk0oKTnKEsZKt0vP1COEKd2tcipwL9TShKEemE51I/Xlf/xajiN3krIlS597cLhbea
+X19DSZTQp82AkERsEkV/8lZZCby9bqAAMAsGByqGSM44BAMFAAMvADAsAhQGHa9TmzDglrkUjiSb
+Wf4DMr9C8wIUdCcx6xs9p16wsv9y6gJASA8Us3g=
+-----END NEW CERTIFICATE REQUEST-----
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.chain
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.chain?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.chain (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.chain Wed Feb 8 04:34:17 2012
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAn4CBgE1UXUC7zAJBgcqhkjOOAQDMHcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMUU3VuIE1pY3Jv
+c3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNVBAMTCVRlc3Qg
+Q0EgMTAeFw0xMjAyMDYwNjU3NDdaFw0xMjAyMDYwNjU4MzdaMBUxEzARBgNVBAMT
+CmNsaWVudERTQTIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qc
+Luzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
+8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oW
+kTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD3
+4aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkW
+cSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvM
+pPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAuuuomKfyVUe4c
+KPY6MPszcQxgkGFG7OdZuzeMYp5lNcTW/SaNvENK/UChq8tfDjqPo0dccn73gdeI
+IKBXsmUYt0JGuzeyFmG+DXoWbdyHOijLmos3CfurfpIhC+Y3TCwaNpHP4+98e0OL
+JnX444j6nAA7dZtQoD7TCch9xPpNJzAJBgcqhkjOOAQDAzAAMC0CFAOdCw155LRH
+wkzAccNkZPwKB+T7AhUAiSQ7FrAY9UxVirLEFdys12bcXbM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAuACBgE1UXSFjDAJBgcqhkjOOAQDMHcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMUU3VuIE1pY3Jv
+c3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNVBAMTCVRlc3Qg
+Q0EgMTAeFw0xMjAyMDYwNjU3MTVaFw0yMjAyMDMwNjU4MDVaMHcxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjEdMBsGA1UEChMU
+U3VuIE1pY3Jvc3lzdGVtcyBJbmMxEzARBgNVBAsTCkppbmkgR3JvdXAxEjAQBgNV
+BAMTCVRlc3QgQ0EgMTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDJctkyvO2WLdCN
+3/IAy5FAq22/TXXwsfHQWZ4d43oGD6Uf4bzcVb0U3iMqbAqfZ14jmUEJZN++AeD5
+bdtJz2kx6qfQX803457Vr0uqM4WJYcmC9yGPj8VjzaIeJ32z6F65Bu1AKe/ntzeB
+pS7pXheHYjHbe+nOF/5PsYGwiPFL1QIVAKE07vx+RjmF3/a2LGK5LwhFIyQjAoGB
+ALJBr4dov03Uo6QJlesqWqiTOOL/LxSdUiO6hFS1SNO6oX0PyVnNwM+DXMDDmSxJ
+b17QIKK2Dv2vvalJXnvtWj15kO4wzTXvA94yO9KIanH8hbAzvwQVO3PcR68KSGkf
+qhYAlq/jqjPV8TcYDreWE1MVz50mPLKsrpzWDb442vV3A4GEAAKBgGkr+st+MMBA
+9vHsqar/K6R3Qaxg0O0QhQxBNzQGRTFpYu81tRjAP9hM/YmeissLLgzTmxqRUvYT
+UMkU8QQ7OD77kdaW0t8WZXxHcWJxytdSsEUINAkr7DzeXA5Pqw3JXCnMjoXtu/cX
+yeRTuXa4FxbXMVVJ2D3DpGcJ+66V48FVMAkGByqGSM44BAMDLwAwLAIUF5eExqgp
+ALpngTBa7u4p7mICeRgCFEwFpwmdg+GhnzBXr53skNahV8Tp
+-----END CERTIFICATE-----
Copied: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.properties (from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.properties?p2=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.properties&p1=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties&r1=1235231&r2=1241772&rev=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.properties Wed Feb 8 04:34:17 2012
@@ -1,11 +1,11 @@
-# JCSI configuration file for Test CA 1
+# JCSI configuration file for Test CA
#------------------------------------------------------------------------
# the CA's email address
# jcsi.ca.email=
-# the CA's cert validity period (in days)
-jcsi.ca.validityPeriod=3650
+# the cert validity period (in days)
+jcsi.ca.validityPeriod=0
# the CA's key strength
jcsi.ca.keyLength=1024
@@ -15,24 +15,27 @@ jcsi.ca.issuerDN=CN=Test CA 1, OU=Jini G
# algorithms the CA uses
# was SHA-1/DSA
-jcsi.ca.sigAlg=SHA1withRSA
+jcsi.ca.sigAlg=SHA1withDSA
# was DSA
-jcsi.ca.keyAlg=RSA
+jcsi.ca.keyAlg=DSA
# the CA's key directory
-jcsi.ca.key.dir=keys
+jcsi.ca.key.dir=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
# the CA's private key in the key directory
-jcsi.ca.privKey=test-ca1.key
+jcsi.ca.privKey=ca1.key
# the password to protect the CA's private key (needed by onlineCA)
-jcsi.ca.privKey.password=test-ca1-keypass
+jcsi.ca.privKey.password=keypass
# the CA's cert in the key directory
-jcsi.ca.cert=test-ca1.cert
+jcsi.ca.cert=ca1.cert
# whether onlineCA publishes to LDAP repository
jcsi.ca.ldap.publish=false
-# The validity period for generated certificates, in days
-jcsi.ca.certValidityPeriod=3650
+# The requests directory
+ca.requests=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
+
+# Regex for filtering files.
+ca.regex.pattern=^client.*[\\d]{1}expired\\.request$
\ No newline at end of file
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.request
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.request?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.request (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/clientDSA2expired.request Wed Feb 8 04:34:17 2012
@@ -0,0 +1,12 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICGTCCAdcCAQAwFTETMBEGA1UEAxMKY2xpZW50RFNBMjCCAbcwggEsBgcqhkjOOAQBMIIBHwKB
+gQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeB
+O4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1
+864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
+V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyN
+KOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq
+A4GEAAKBgC666iYp/JVR7hwo9jow+zNxDGCQYUbs51m7N4xinmU1xNb9Jo28Q0r9QKGry18OOo+j
+R1xyfveB14ggoFeyZRi3Qka7N7IWYb4NehZt3Ic6KMuaizcJ+6t+kiEL5jdMLBo2kc/j73x7Q4sm
+dfjjiPqcADt1m1CgPtMJyH3E+k0noAAwCwYHKoZIzjgEAwUAAy8AMCwCFB2sr4y3+zbJrNWmg0Fm
+tD//rtp5AhRVzSofL71Auu8NmHnwDt2EA/or7w==
+-----END NEW CERTIFICATE REQUEST-----
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh Wed Feb 8 04:34:17 2012
@@ -19,6 +19,11 @@
#
# Create the keystore and truststore files
# Usage: keystore.sh
+#
+# You must first compile CA.java in the qa/jtreg/certs directory by calling
+# make compile, in that directory. When you've finished, run this script,
+# to generate new certificates.
+# This task needs to be performed once every ten years when certificates expire.
if [ "${TESTJAVA}" ]; then
JAVABIN=${TESTJAVA}/bin/;
@@ -34,6 +39,7 @@ TRUSTSTORE=${TESTSRC}/truststore
KEYTOOL=${JAVABIN}keytool
+KEYSTORECMDEXP="${KEYTOOL} -keystore ${KEYSTORE} -storepass keypass -keypass keypass -validity 1"
KEYSTORECMD="${KEYTOOL} -keystore ${KEYSTORE} -storepass keypass -keypass keypass -validity 3650"
TRUSTSTORECMD="${KEYTOOL} -keystore ${TRUSTSTORE} -storepass keypass -keypass keypass -validity 3650"
@@ -60,21 +66,34 @@ ${KEYSTORECMD} -genkey -alias notTrusted
${KEYSTORECMD} -genkey -alias clientDSA2 -dname CN=clientDSA2 -keyalg DSA
${KEYSTORECMD} -certreq -alias clientDSA2 -file clientDSA2.request
-${KEYSTORECMD} -keyclone -alias clientDSA2 -dest clientDSA2expired -new keypass
-${KEYSTORECMD} -selfcert -alias clientDSA2expired
+${KEYSTORECMDEXP} -genkey -alias clientDSA2expired -dname CN=clientDSA2 -keyalg DSA
+${KEYSTORECMDEXP} -certreq -alias clientDSA2expired -file clientDSA2expired.request
${KEYSTORECMD} -genkey -alias serverRSA2 -dname CN=serverRSA2 -keyalg RSA
${KEYSTORECMD} -certreq -alias serverRSA2 -file serverRSA2.request
-${KEYSTORECMD} -keyclone -alias serverRSA2 -dest serverRSA2expired -new keypass
-${KEYSTORECMD} -selfcert -alias serverRSA2expired
+${KEYSTORECMDEXP} -genkey -alias serverRSA2expired -dname CN=serverRSA2 -keyalg RSA
+${KEYSTORECMDEXP} -certreq -alias serverRSA2expired -file serverRSA2expired.request
set +x
+echo Sign clientDSA2.req, serverRSA2.req, clientDSA2expired.req and serverRSA2expired.req,\
+ then import them:
+echo expired certificates need one day to expire before testing.
-echo Sign clientDSA2.req and serverRSA2.req and then import them:
-echo ${TRUSTSTORECMD} -import -noprompt -alias ca -file ca.cert
-echo ${KEYSTORECMD} -import -noprompt -alias ca -file ca.cert
-echo ${KEYSTORECMD} -import -noprompt -alias clientDSA2 -file clientDSA2.cert
-echo ${KEYSTORECMD} -import -noprompt -alias clientDSA2expired -file clientDSA2expired.cert
-echo ${KEYSTORECMD} -import -noprompt -alias serverRSA2 -file serverRSA2.cert
-echo ${KEYSTORECMD} -import -noprompt -alias serverRSA2expired -file serverRSA2expired.cert
+set -x
+
+../../../../../certs/run-ca.sh -CA ./ca.properties
+../../../../../certs/run-ca.sh -CA ./ca1.properties
+../../../../../certs/run-ca.sh -CR ./ca.properties
+../../../../../certs/run-ca.sh -CR ./ca1.properties
+../../../../../certs/run-ca.sh -CR ./serverRSA2expired.properties
+../../../../../certs/run-ca.sh -CR ./clientDSA2expired.properties
+
+${TRUSTSTORECMD} -import -noprompt -alias ca -file ca.cert
+${TRUSTSTORECMD} -import -noprompt -alias ca1 -file ca1.cert
+${KEYSTORECMD} -import -noprompt -alias ca -file ca.cert
+${KEYSTORECMD} -import -noprompt -alias ca1 -file ca1.cert
+${KEYSTORECMD} -import -noprompt -alias clientDSA2 -file clientDSA2.chain
+${KEYSTORECMDEXP} -import -noprompt -alias clientDSA2expired -file clientDSA2expired.chain
+${KEYSTORECMD} -import -noprompt -alias serverRSA2 -file serverRSA2.chain
+${KEYSTORECMDEXP} -import -noprompt -alias serverRSA2expired -file serverRSA2expired.chain
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy Wed Feb 8 04:34:17 2012
@@ -48,6 +48,10 @@ grant {
permission net.jini.security.AuthenticationPermission
"TestUtilities$TestPrincipal \"*\"", "connect,accept";
+// permission net.jini.security.AuthenticationPermission
+// "javax.security.auth.x500.X500Principal \"CN=clientDSA2expired\" peer javax.security.auth.x500.X500Principal \"CN=serverRSA2\"",
+// "connect";
+
permission java.security.SecurityPermission "insertProvider.*";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.SecurityPermission "getPolicy";
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.chain
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.chain?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.chain (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.chain Wed Feb 8 04:34:17 2012
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIICADCCAWkCBgE1UXSrpTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNVBAoTFFN1biBN
+aWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIwEAYDVQQDEwlU
+ZXN0IENBIDEwHhcNMTIwMjA2MDY1NzI0WhcNMjIwMjAzMDY1ODE0WjAVMRMwEQYD
+VQQDEwpzZXJ2ZXJSU0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChJZ9J
+wvTvaeLq8wOgTjJCxi+o4FMsTkdOyvNRnlts7xHqEzVSfRwr7bfqM2UUjG/oEb9O
+5I6D7wtGLNLym25DoLG4nHv6cw6Fl1/C/OvDI2KHzENH4nOHfMNyTqn0gDNeKmCH
+W9JF+RhCXFDTP+s1yh8k7E7LLjda98Qfm3GVdQIDAQABMA0GCSqGSIb3DQEBBQUA
+A4GBAB+HAZOkLnPTRZGUl5/X5Ub7qvDWdMT7nD5ouD9ZQtDt7vEtnFYpwn/qZNyk
+0bYC5T1cIHrl6yQpKNA8S0nmVSxdDN4iPhPSFbDjRN87qDGfaFZrdTp1PDQrIBAy
+LlXYHiNuZ+yVHXuAErOJ2IydAWKDA4u21GqhkFYVknLcC0LT
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICYjCCAcsCBgE1UXOGdjANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNVBAoTFFN1biBN
+aWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIwEAYDVQQDEwlU
+ZXN0IENBIDEwHhcNMTIwMjA2MDY1NjEwWhcNMjIwMjAzMDY1NzAwWjB3MQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNV
+BAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIw
+EAYDVQQDEwlUZXN0IENBIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJue
+EFstcakAxlgBPxi6qzf04EhOh5aaEU7HiC6OJ558SqqqLqPVxZ9cxc3RtDCIG5XI
+JU1PL8CIqI6mjZZD0yPa7aZVo+ipc3TR++V+ylyBO06c1WaRmMaD9IDCqGpwC1D2
+6OCN/qbXvBnRjlqPbJxyURywCtI+laC/qIXsQ7ejAgMBAAEwDQYJKoZIhvcNAQEF
+BQADgYEAYylgEgpw8xrFCELTva782YB5FwCvEsYl/i0X+wW4g1OvBX5e7M5RfJC8
+ruPSZkZYeCKybODgFaEaPpi1z1P31IfXM/IjXEFQ1yNuZ1G7KSVrosxG1G6MxuWm
+LkMAnQCX/k7y6iPsi+fKM22VCXDrzJERz9gx3C+/8uykxn2DUMc=
+-----END CERTIFICATE-----
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.request
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.request?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.request (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2.request Wed Feb 8 04:34:17 2012
@@ -0,0 +1,9 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIBVDCBvgIBADAVMRMwEQYDVQQDEwpzZXJ2ZXJSU0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQChJZ9JwvTvaeLq8wOgTjJCxi+o4FMsTkdOyvNRnlts7xHqEzVSfRwr7bfqM2UUjG/oEb9O
+5I6D7wtGLNLym25DoLG4nHv6cw6Fl1/C/OvDI2KHzENH4nOHfMNyTqn0gDNeKmCHW9JF+RhCXFDT
+P+s1yh8k7E7LLjda98Qfm3GVdQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAQLosIpk6Msy1TGwM
+vP6uyTnpn1xasYmOJS36RWXnuttVkt/V13No3ue1nidiLWScXPMezYVQck+7+lxhvlu8rdGhVdwQ
+SFwUBRpKPcglL+9Pmuxegz/u8ExdEkX34LA1qu5uMG3zlqI3jNhQEBkX+t/v56KXikbAd+uwVsOQ
+JZA=
+-----END NEW CERTIFICATE REQUEST-----
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.chain
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.chain?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.chain (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.chain Wed Feb 8 04:34:17 2012
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIICADCCAWkCBgE1UXTlhTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNVBAoTFFN1biBN
+aWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIwEAYDVQQDEwlU
+ZXN0IENBIDEwHhcNMTIwMjA2MDY1NzM5WhcNMTIwMjA2MDY1ODI5WjAVMRMwEQYD
+VQQDEwpzZXJ2ZXJSU0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCV2+kl
+TibI1qKojtr/9PPPOnmMXmCqWEJwiPDcVNKNYb+3miZj2DNwjEUmGeMXTBgQne23
+DctYXbjj7JDZMFAjT3Vuz4tGSyRjRFqhGFYaJr+pKDiL9mQCY6kQ9aBrvQmJkAza
+NE36CV1fcVpB8DA343rtEKu2DHFOMK6Qw+hslwIDAQABMA0GCSqGSIb3DQEBBQUA
+A4GBAABT1X0Yx1FoNUXm3fJE+HjpXbvudShXQUDnqbObEioA491UDABvAbFw05aO
+g6T8UXQOYR5p+yUkobxJAuScfwUuonEfJD4Dg21ELucrSnW9WG7uvzwx1TTvmZsK
+XfDhtX1ja07FwbuRk98P5ndO+UiJmwJ6KFReh4xWCqtz3oCM
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICYjCCAcsCBgE1UXOGdjANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNVBAoTFFN1biBN
+aWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIwEAYDVQQDEwlU
+ZXN0IENBIDEwHhcNMTIwMjA2MDY1NjEwWhcNMjIwMjAzMDY1NzAwWjB3MQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xHTAbBgNV
+BAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMRMwEQYDVQQLEwpKaW5pIEdyb3VwMRIw
+EAYDVQQDEwlUZXN0IENBIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJue
+EFstcakAxlgBPxi6qzf04EhOh5aaEU7HiC6OJ558SqqqLqPVxZ9cxc3RtDCIG5XI
+JU1PL8CIqI6mjZZD0yPa7aZVo+ipc3TR++V+ylyBO06c1WaRmMaD9IDCqGpwC1D2
+6OCN/qbXvBnRjlqPbJxyURywCtI+laC/qIXsQ7ejAgMBAAEwDQYJKoZIhvcNAQEF
+BQADgYEAYylgEgpw8xrFCELTva782YB5FwCvEsYl/i0X+wW4g1OvBX5e7M5RfJC8
+ruPSZkZYeCKybODgFaEaPpi1z1P31IfXM/IjXEFQ1yNuZ1G7KSVrosxG1G6MxuWm
+LkMAnQCX/k7y6iPsi+fKM22VCXDrzJERz9gx3C+/8uykxn2DUMc=
+-----END CERTIFICATE-----
Copied: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.properties (from r1235231, river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.properties?p2=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.properties&p1=river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties&r1=1235231&r2=1241772&rev=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/certs/test-ca1.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.properties Wed Feb 8 04:34:17 2012
@@ -1,11 +1,11 @@
-# JCSI configuration file for Test CA 1
+# JCSI configuration file for Test CA
#------------------------------------------------------------------------
# the CA's email address
# jcsi.ca.email=
-# the CA's cert validity period (in days)
-jcsi.ca.validityPeriod=3650
+# the cert validity period (in days)
+jcsi.ca.validityPeriod=0
# the CA's key strength
jcsi.ca.keyLength=1024
@@ -20,19 +20,22 @@ jcsi.ca.sigAlg=SHA1withRSA
jcsi.ca.keyAlg=RSA
# the CA's key directory
-jcsi.ca.key.dir=keys
+jcsi.ca.key.dir=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
# the CA's private key in the key directory
-jcsi.ca.privKey=test-ca1.key
+jcsi.ca.privKey=ca.key
# the password to protect the CA's private key (needed by onlineCA)
-jcsi.ca.privKey.password=test-ca1-keypass
+jcsi.ca.privKey.password=keypass
# the CA's cert in the key directory
-jcsi.ca.cert=test-ca1.cert
+jcsi.ca.cert=ca.cert
# whether onlineCA publishes to LDAP repository
jcsi.ca.ldap.publish=false
-# The validity period for generated certificates, in days
-jcsi.ca.certValidityPeriod=3650
+# The requests directory
+ca.requests=${jtreg.dir}/net/jini/jeri/ssl/UnitTests
+
+# Regex for filtering files.
+ca.regex.pattern=^server.*[\\d]{1}expired\\.request$
\ No newline at end of file
Added: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.request
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.request?rev=1241772&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.request (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/serverRSA2expired.request Wed Feb 8 04:34:17 2012
@@ -0,0 +1,9 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIBVDCBvgIBADAVMRMwEQYDVQQDEwpzZXJ2ZXJSU0EyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCV2+klTibI1qKojtr/9PPPOnmMXmCqWEJwiPDcVNKNYb+3miZj2DNwjEUmGeMXTBgQne23
+DctYXbjj7JDZMFAjT3Vuz4tGSyRjRFqhGFYaJr+pKDiL9mQCY6kQ9aBrvQmJkAzaNE36CV1fcVpB
+8DA343rtEKu2DHFOMK6Qw+hslwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAVldwJPkUOAMdNLp9
+UwGVc5W5YASYuYfuzE5qlXJAYk94uKoPdmmTDCqKM7jFZugZU/ARi23tOHPTosWtyRQ3IP3MxKYF
+I+l26JQFapXnb81ejXosKYbvEjhQ7V9NeQUs4z2v4Z2jPDyhCVC9mV993y5SWdYTek6/a7povHOo
+9lA=
+-----END NEW CERTIFICATE REQUEST-----
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/truststore
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/net/jini/jeri/ssl/UnitTests/truststore?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/unittestlib/BasicTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/unittestlib/BasicTest.java?rev=1241772&r1=1241771&r2=1241772&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/unittestlib/BasicTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/jtreg/unittestlib/BasicTest.java Wed Feb 8 04:34:17 2012
@@ -39,16 +39,20 @@ public abstract class BasicTest extends
/** Set the value to compare to. */
protected void setCompareTo(Object compareTo) {
- this.compareTo = compareTo;
- compareToSet = true;
+ synchronized (this){
+ this.compareTo = compareTo;
+ compareToSet = true;
+ }
}
/** Get the value to compare to. Throws an exception if not set. */
protected Object getCompareTo() {
- if (!compareToSet) {
- throw new FailedException("Test error: compareTo not set");
- }
- return compareTo;
+ synchronized (this){
+ if (!compareToSet) {
+ throw new FailedException("Test error: compareTo not set");
+ }
+ return compareTo;
+ }
}
/**
@@ -64,8 +68,9 @@ public abstract class BasicTest extends
}
public void check(Object result) throws Exception {
- if (!safeEquals(getCompareTo(), result)) {
- throw new FailedException("Should be: " + compareTo);
+ Object compareToObj = getCompareTo();
+ if (!safeEquals(compareToObj, result)) {
+ throw new FailedException("Should be: " + compareToObj);
}
}
}