You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ja...@apache.org on 2023/10/31 15:45:28 UTC
(camel-quarkus) branch main updated: Platform-http test fails in FIPS environment
This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new 82f14232bc Platform-http test fails in FIPS environment
82f14232bc is described below
commit 82f14232bc2e13bf200112c1398bf3f4513c9321
Author: JiriOndrusek <on...@gmail.com>
AuthorDate: Tue Oct 31 16:45:22 2023 +0100
Platform-http test fails in FIPS environment
---
integration-tests/platform-http/README.adoc | 32 +++++++++++--
integration-tests/platform-http/ca-openssl.cnf | 18 +++++++
.../src/main/resources/server-cert.pem | 33 +++++++------
.../src/main/resources/server-key.pem | 52 ++++++++++-----------
.../src/test/resources/truststore.p12 | Bin 2285 -> 1190 bytes
5 files changed, 89 insertions(+), 46 deletions(-)
diff --git a/integration-tests/platform-http/README.adoc b/integration-tests/platform-http/README.adoc
index a567f2ab50..9ef992cbb2 100644
--- a/integration-tests/platform-http/README.adoc
+++ b/integration-tests/platform-http/README.adoc
@@ -1,15 +1,37 @@
# Generating server SSL certificates and trust store
-1. Generate the certificate keypair
+* The CA is self-signed:
-When prompted for the 'Common Name', use localhost. The other prompts can be skipped.
+When prompted for certificate information, everything is default.
+```
+$ openssl genrsa -out ca.key 2048
+$ openssl req -x509 -new -key ca.key -nodes -out ca.pem -config ca-openssl.cnf -days 3650 -extensions v3_req
+```
+
+* Server certificate issued by CA:
+
+```
+$ openssl genrsa -out server.key.rsa 2048
+$ openssl pkcs8 -topk8 -in server.key.rsa -out server.key -nocrypt
+$ rm server.key.rsa
+```
+
+When prompted for certificate information, everything is default except the common name which is set to _localhost_ for simple testing.
+```
+$ openssl req -new -key server.key -out server.csr
+$ openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -outform PEM -days 5000
+```
+
+* Rename files
```
-openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout src/main/resources/server-key.pem -out src/main/resources/server-cert.pem
+$ mv server.pem server-cert.pem
+$ mv server.key server-key.pem
```
-2. Generate the PKCS12 trust store
+* Generate the PKCS12 trust store
+When prompted for a password, the value is _s3cr3t_.
```
-cat src/main/resources/server-key.pem src/main/resources/server-cert.pem | openssl pkcs12 -export -out src/test/resources/truststore.p12 -passout pass:s3cr3t
+$ keytool -import -file server-cert.pem -alias server -keystore truststore.p12
```
diff --git a/integration-tests/platform-http/ca-openssl.cnf b/integration-tests/platform-http/ca-openssl.cnf
new file mode 100644
index 0000000000..e15866b281
--- /dev/null
+++ b/integration-tests/platform-http/ca-openssl.cnf
@@ -0,0 +1,18 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+
+[req_distinguished_name]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+organizationName = Organization Name (eg, company)
+organizationName_default = Internet Widgits Pty Ltd
+commonName = Common Name (eg, YOUR name)
+commonName_default = testca
+
+[v3_req]
+basicConstraints = CA:true
+keyUsage = critical, keyCertSign
+
diff --git a/integration-tests/platform-http/src/main/resources/server-cert.pem b/integration-tests/platform-http/src/main/resources/server-cert.pem
index d5f9ce332b..4f6fb1f400 100644
--- a/integration-tests/platform-http/src/main/resources/server-cert.pem
+++ b/integration-tests/platform-http/src/main/resources/server-cert.pem
@@ -1,17 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICpDCCAYwCCQDF3E7qvZcoTjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
-b2NhbGhvc3QwHhcNMjEwOTE3MDkyODA4WhcNMzEwOTE1MDkyODA4WjAUMRIwEAYD
-VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi
-1+uq4ZcXTrY3j28k5ivqvSp9PyYhfCn6VZHB3Yk9+8Mn+QGMsUow9F4SPCTsHaOP
-p0SAVVBIiQxR5ucfrxPq+6TcZaccJcDTkiM2xsZeL5t1pRVz77RrUOPvDfTuPDSV
-MR2DVx/I/IZyKHYYL9JweUMHcCoAxWHWg74YiC9QLOiK55rO5Js9uz4FObf9oQee
-tjN4rVhBfwl8LSysnKdbRJzeLWajwlKRUwLZIUXDDyEG5kpEZI3P/E6IfaoOxLzE
-BnHa93ospIVSjgc24xgkUWkrki0LFQcooyu4kExJAO7uCjbqWjfOvoE7DOkjUslB
-bJQrzTGX8Ix+IR8Bg6XpAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFRpebKqbaET
-+2OcY4YGvun2e6zigc1Rd5fCHFt2CnOMAkJRrqrfRpLm71IvYp+lHGxk/fHW7Bi6
-vH66KC2sCIOjGIRF+/VL6Umwx3SPTVPilYHQ54bHSF5c4MV6pi3hPjFZyMfUY0RJ
-cgltmEMxIXtGU088jurqEsXHeBS5iOCNItVOjanUv9C2bl4dyMwwJDa7jkbHLII6
-VxrohPSdVSqVPRJisH6we7/txquEbtnW4YnrGFvNvhR4PJPJlyVfMQi904vxdxqq
-XSaaBHGDBomitbxp+NxMZ8yEDVlZeDPJb8nW0po7+i5ul2T0hGtCaCtJiwxZzKD2
-aPPjxB4aNfo=
+MIIDMzCCAhsCFDB5CEpzuIQrToqmWRvTo5C5HpflMA0GCSqGSIb3DQEBCwUAMFYx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnRlc3RjYTAeFw0yMzEwMzEx
+MjE0NThaFw0zNzA3MDkxMjE0NThaMFYxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxE
+ZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8q
+ewu3nW28mp4YZ0ZDM5vhkwiduCOkUcq6EwUFwetlp4plmdf/dm9CTLw/ue/Gkyz8
+h7MPgFkNc3l0wKfubuwt77ATMmzhvOIoTh1hNr+ZdfUGGtxXtU4yEQCYd8XvihbG
+DYERu7WnMoVMqxixhc02iSvlmSATpDUGQ5awVOLvvpKa4k0EoZtqvE5Xx7SkyJHo
+80OUK6gXM1Qe3naC2yX6vdYBq8vO9AB+19pC4Hla/9+RlRhcmhZsUvSxuZzqaQT0
+CETve10PFw9YvY2K1fchw0iiuvVP1TKcjOledrFO36kp8dXdh0oiAR2fonSyq9pS
+0FdBKlwzmd7XOirEjZ8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAvrpKOKpz6YEw
+AqvXGMohjaTxEDW1CyeDCmAmjo4VqPR3nTBjslXbhJgwu8YK/qnUL2WEVXh0cUiI
+gMp4/6UxeH29wMSnK20hIocqjiR3suaV/pNJ4bsl9yNbImtsHZ9Y6kCizsSQ+Qt+
+b3OX1ycwPDcvR2DTxLKO6G0AShFXKvqdPNORGMap6n5kZgjGEwIdrnvWB9zF/uO+
+g/GYF9FCO78LOzfcACqJ09cuhve1KJreorMTTC5ps5YUOkE8K4xpmq7MM6W15vAK
+gPyb7sQMuD5n6ZlMHlJKF+EoXCid2Rc2llU96YO0tuDoJMjbVwUupI1emfqRPDvQ
+EfYwoInX3A==
-----END CERTIFICATE-----
diff --git a/integration-tests/platform-http/src/main/resources/server-key.pem b/integration-tests/platform-http/src/main/resources/server-key.pem
index 35a0a96715..e937e3a275 100644
--- a/integration-tests/platform-http/src/main/resources/server-key.pem
+++ b/integration-tests/platform-http/src/main/resources/server-key.pem
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCi1+uq4ZcXTrY3
-j28k5ivqvSp9PyYhfCn6VZHB3Yk9+8Mn+QGMsUow9F4SPCTsHaOPp0SAVVBIiQxR
-5ucfrxPq+6TcZaccJcDTkiM2xsZeL5t1pRVz77RrUOPvDfTuPDSVMR2DVx/I/IZy
-KHYYL9JweUMHcCoAxWHWg74YiC9QLOiK55rO5Js9uz4FObf9oQeetjN4rVhBfwl8
-LSysnKdbRJzeLWajwlKRUwLZIUXDDyEG5kpEZI3P/E6IfaoOxLzEBnHa93ospIVS
-jgc24xgkUWkrki0LFQcooyu4kExJAO7uCjbqWjfOvoE7DOkjUslBbJQrzTGX8Ix+
-IR8Bg6XpAgMBAAECggEBAIK+0DX8OH57MSw82qUKtRoc1Z+H80qRUXbv+z5na8i7
-ej5+2/KlagcSPPFxHsgBKBCv4P0VAoeqmZyswscan+hcMUrPxzN/UGnOfL1/LUfz
-+2KisC3MuNQtN0T5tL0O070xmRuZ+Sg7MIs510+mHdU2V04CjYbe86XzUs6JkUtR
-62l9ed5eVoYl7K6n/S0JyDzR/2wCdsLYvr+Y5r31qB4yYyVmKat3pTTb52EuseCl
-vZ4LggKz7jxDof/Kn/CyjkhU8dh6mv6opFsw7hUMO9f/OLfDMbFpBSm9eJCxrlm/
-qaD17gSpkSVehK5Hhnzc4jwlTgYHeQ89ga7+tfNCyAECgYEAzIYVuSJcA7j7Ye/3
-RFFoV2dDRu6YfXYKYkQP32gLpwWF3N1fKddGh45V73fa4SJN/5PeTlouK3F0OUNk
-Yr0F8AVkyEBMKDvvDKmz0aR9FHqsooGPLzucwMiEpWkGeX2hO+g1V2vRX1SHrdO2
-ywDlHqEHqKvlYBn6zwzqTN1mhwECgYEAy9RH2aqqEc/RFUylbLcmF6Rks7HdTOzS
-yA6wdiy/3zVxXjCpp++yMmTYjn9To//47Yx/7LSTBamiv21Kq8iKWnoku+ekxO6V
-pfIA6kiY6MgR7+Q+RW/xmXu8VZ6NYm5wffSWMLwYcRuLaof8SdnX3ODwDZLX3DOf
-UgvTvLrIxukCgYAEfzpBDNlbF5knaSBVtziFG3cmOx7NO2g1CuwSbHY9IOj1l0R9
-Zgdd+ao4DrmYU6nFYdn0fRUgzWjRzYKKjT9xLJ0vrgI+rDqwW5bhmC1L4vqixBiC
-4Fus/Xu1K18CEtoVuCBcILnEz9X/43TUd9uR1daWRdlQSKH0JYONVxznAQKBgQCV
-9vduJGzAciApBZ1oYU/7cQ5OT3y8zjk+y9/08nOw7Ace/7qzPl3jSeMy5GdLcFdb
-n1W3eBv7vJVrNiQMQ53Xd6pzPbky0z7zOxyFQyiNjDX2Q/205OnivPESJXdshkjp
-wvyFmr546YUnuilaxJZXgn/b3MBI2QpNOTptzxdNkQKBgDOOuUDz0uHFUFU3o+Mg
-xOb5Ilsa/h26HmtviA1H+GUXOyUPqnWpBcIEHJcgCdpSRQ13mfe6ItLKDdo8Ig8d
-udA76MX1brGYo6o5wzhgRf8slDXXaZ3/2TzZFJbQb8c5+oqDvLJxGxFCjYxw2Xnx
-eu9IttUytA5O9JVxngDTtJJE
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC/KnsLt51tvJqe
+GGdGQzOb4ZMInbgjpFHKuhMFBcHrZaeKZZnX/3ZvQky8P7nvxpMs/IezD4BZDXN5
+dMCn7m7sLe+wEzJs4bziKE4dYTa/mXX1BhrcV7VOMhEAmHfF74oWxg2BEbu1pzKF
+TKsYsYXNNokr5ZkgE6Q1BkOWsFTi776SmuJNBKGbarxOV8e0pMiR6PNDlCuoFzNU
+Ht52gtsl+r3WAavLzvQAftfaQuB5Wv/fkZUYXJoWbFL0sbmc6mkE9AhE73tdDxcP
+WL2NitX3IcNIorr1T9UynIzpXnaxTt+pKfHV3YdKIgEdn6J0sqvaUtBXQSpcM5ne
+1zoqxI2fAgMBAAECggEBAIh5SFzGGgLUqcGCBICZy0dW1ARLrMDtN2M2Ugu834Mx
+EFnyTNFyVFf7ihK+n/x41GtCYZJI18U7oBuuaTe6NcAwzzPxkIdA5PrD8XhyBYbl
+hNuHHzf8+be4cIDvWFqbtwapH8zsHwkBM0UMxf0cBzzI2UbYY+gNfaZJMYlrmz5i
+0UJPPSWjT1IA1oq7mXGBAhgnNsJKxdZHgjoP3wYO/V1216PGdIS2Ufb+ZBOvN+xw
+aZctrSwzVQw/0a4E+gKhLT24a6cCu4sANMQ/+KF0SJYLXEgDWfXGVLRX6hl2oHIG
+mLXzzjxG8wIVvHW9aNVYQzE4Cxa0VDUOtq0cwi9cMSkCgYEA+3IH8awVrGEX6jTX
+Gd7V0MmybyhXqbC8egKxT2bHpnMJyL6Zi3moEK1z3LBcbYgavqpYTEJk3Fid+zKF
+DPSP+bynPqxR+x5E2wG5FlRzBpSuTBNHTAZlcb7gBJdHbbRfXUco7umaG1fxTrx+
+cLJ84+iapErpRWAStaJYpdbV+U0CgYEAwqDt/Y2h8Jjd1E6ZLKk0+iwbOsi7io5t
+0o+Z7XgKuO3FU4RbWTPqrLuCo6aA4bjuD2K9l2twM+L5sdlvqcPrDi8Sfa+rpFv8
+4vIUvaHkIWyNSjPSV6gHgt8wnwJkXwweeqBmOWGfcQo5ELwRhqmyXzyoQOQUuyLL
+990pCOIjDJsCgYEAm7FsAdTQRsCIEllNp5M3SeTaO8H7JfNtgQ8Rw1yc2w/4Svja
+EmbuDgWY7Fm3oYrZJJ5NtkqWMWodyGDrya3VSInr9P62dIu1jvZuKMl5v+VoV2rI
+huafAeNyyuTxMZiyRAu/6M90wOGfZWWJ1TZv5p8swfYwouhuLVGtGmMAczECgYEA
+us/vP7WHn8GLAvKicczELfDR/h2YbYkCft4ZOGdFm3WWNvDPIZMEiOG+pkf2YzK3
+RgtXwZR9cUBGvV/gn0mPP+EM1ZkdnjgxRsBoChDvQOnJwFR3bG27L/H84FNSdizS
+wI9fL2q1uLHAToDGLcSKkoFNWmPSRkFDGFmuvnkYfUsCgYEAyg8N8Ha3WDZqaj26
+TgOQlrl3rTp77qTWWG0nNnpGYLMu/T56ED2gjAdFFR/Kl589jWUbdZBwIHLKMb1y
+ctL00b+e2Rs7idV6gieQvRSkqy9VkhkKk3bU3pVmM1i0cVw1I7HDA0nh4Dv0fOiA
+S8QEYnxRrnyf3KmtpWxXTOwPWPI=
-----END PRIVATE KEY-----
diff --git a/integration-tests/platform-http/src/test/resources/truststore.p12 b/integration-tests/platform-http/src/test/resources/truststore.p12
index f28784cbd5..2612d2c7be 100644
Binary files a/integration-tests/platform-http/src/test/resources/truststore.p12 and b/integration-tests/platform-http/src/test/resources/truststore.p12 differ