You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2019/03/06 16:15:29 UTC
[qpid-broker-j] branch 7.0.x updated (a8749f1 -> a7296ab)
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git.
from a8749f1 [maven-release-plugin] prepare for next development iteration
new 67d0be5 QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources
new 96f57f6 QPID-8281: [Broker-J][Tests] Explicitly specify type of keystores and truststores in tests
new a7296ab NO-JIRA: Stop running some tests from Logback1027WorkaroundTurboFilterTest with IBM JDK
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../berkeleydb/BDBVirtualHostImplTest.java | 2 +-
broker-core/pom.xml | 3 -
.../apache/qpid/server/model/BrokerTestHelper.java | 4 +
.../qpid/server/security/FileKeyStoreTest.java | 81 +++++++------
.../qpid/server/security/FileTrustStoreTest.java | 127 +++++++++++++++------
.../qpid/server/security/NonJavaKeyStoreTest.java | 29 ++---
.../server/security/NonJavaTrustStoreTest.java | 15 ++-
.../security/SiteSpecificTrustStoreTest.java | 9 +-
.../manager/oauth2/OAuth2MockEndpointHolder.java | 17 ++-
.../apache/qpid/server/ssl/TrustManagerTest.java | 70 +++++++-----
.../server/transport/TCPandSSLTransportTest.java | 8 ++
.../src/test/resources}/ssl/expired.crt | 0
broker-core/src/test/resources/ssl/java_broker.crt | 21 ++++
broker-core/src/test/resources/ssl/java_broker.req | 18 +++
.../ssl/java_broker_expired_truststore.pkcs12 | Bin 0 -> 1002 bytes
.../test/resources/ssl/java_broker_keystore.pkcs12 | Bin 0 -> 4425 bytes
.../resources/ssl/java_broker_peerstore.pkcs12 | Bin 0 -> 1162 bytes
.../resources/ssl/java_broker_truststore.pkcs12 | Bin 0 -> 1082 bytes
.../ssl/java_client_expired_keystore.pkcs12 | Bin 0 -> 2397 bytes
.../test/resources/ssl/java_client_keystore.pkcs12 | Bin 0 -> 7641 bytes
.../resources/ssl/java_client_truststore.pkcs12 | Bin 0 -> 1082 bytes
.../ssl/java_client_untrusted_keystore.pkcs12 | Bin 0 -> 2467 bytes
.../src/test/resources/ssl/test_keystore.jks | Bin 5786 -> 6361 bytes
.../virtualhost/jdbc/JDBCVirtualHostTest.java | 3 +-
.../Logback1027WorkaroundTurboFilterTest.java | 44 ++++---
.../org/apache/qpid/test/utils/QpidTestCase.java | 31 +++++
.../apache/qpid/test/utils/TestSSLConstants.java | 2 +
systests/etc/config-systests.json | 6 +-
.../src/main/resources/java_broker_keystore.jks | Bin 0 -> 4425 bytes
.../apache/qpid/systest/rest/RestTestHelper.java | 74 ++++++++----
.../java/org/apache/qpid/client/ssl/SSLTest.java | 9 +-
.../auth/manager/ExternalAuthenticationTest.java | 7 +-
.../management/amqp/AmqpManagementTest.java | 3 +
.../messageencryption/MessageEncryptionTest.java | 17 +++
.../apache/qpid/systest/rest/KeyStoreRestTest.java | 3 +-
.../qpid/systest/rest/TrustStoreRestTest.java | 11 +-
.../qpid/systest/rest/acl/BrokerACLTest.java | 2 +
test-profiles/test_resources/ssl/CA_db/cert8.db | Bin 65536 -> 0 bytes
test-profiles/test_resources/ssl/CA_db/cert9.db | Bin 0 -> 28672 bytes
test-profiles/test_resources/ssl/CA_db/key3.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/CA_db/key4.db | Bin 0 -> 36864 bytes
test-profiles/test_resources/ssl/CA_db/pkcs11.txt | 5 +
test-profiles/test_resources/ssl/CA_db/rootca.crt | 24 ++--
test-profiles/test_resources/ssl/CA_db/secmod.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/app1.crt | 29 ++---
test-profiles/test_resources/ssl/app1.req | 29 ++---
test-profiles/test_resources/ssl/app2.crt | 29 ++---
test-profiles/test_resources/ssl/app2.req | 29 ++---
.../test_resources/ssl/generate-java-keystores.sh | 74 ++++++++----
.../test_resources/ssl/generate-root-ca.sh | 10 +-
test-profiles/test_resources/ssl/java_broker.crt | 28 +++--
test-profiles/test_resources/ssl/java_broker.req | 24 ++--
.../ssl/java_broker_expired_truststore.jks | Bin 769 -> 1002 bytes
.../test_resources/ssl/java_broker_keystore.jks | Bin 3209 -> 4425 bytes
.../test_resources/ssl/java_broker_peerstore.jks | Bin 802 -> 1162 bytes
.../test_resources/ssl/java_broker_truststore.jks | Bin 591 -> 1082 bytes
.../ssl/java_client_expired_keystore.jks | Bin 2057 -> 2397 bytes
.../test_resources/ssl/java_client_keystore.jks | Bin 5786 -> 7641 bytes
.../test_resources/ssl/java_client_truststore.jks | Bin 591 -> 1082 bytes
.../ssl/java_client_untrusted_keystore.jks | Bin 2056 -> 2467 bytes
.../test_resources/ssl/server_db/cert8.db | Bin 65536 -> 0 bytes
.../test_resources/ssl/server_db/cert9.db | Bin 0 -> 28672 bytes
test-profiles/test_resources/ssl/server_db/key3.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/server_db/key4.db | Bin 0 -> 36864 bytes
.../test_resources/ssl/server_db/pkcs11.txt | 5 +
.../test_resources/ssl/server_db/secmod.db | Bin 16384 -> 0 bytes
.../test_resources/ssl/server_db/server.crt | 26 +++--
.../test_resources/ssl/server_db/server.req | 23 ++--
68 files changed, 645 insertions(+), 306 deletions(-)
copy {test-profiles/test_resources => broker-core/src/test/resources}/ssl/expired.crt (100%)
create mode 100644 broker-core/src/test/resources/ssl/java_broker.crt
create mode 100644 broker-core/src/test/resources/ssl/java_broker.req
create mode 100644 broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
create mode 100644 broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
create mode 100644 broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
create mode 100644 broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
create mode 100644 broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
create mode 100644 broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
create mode 100644 broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
create mode 100644 broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12
create mode 100644 systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
delete mode 100644 test-profiles/test_resources/ssl/CA_db/cert8.db
create mode 100644 test-profiles/test_resources/ssl/CA_db/cert9.db
delete mode 100644 test-profiles/test_resources/ssl/CA_db/key3.db
create mode 100644 test-profiles/test_resources/ssl/CA_db/key4.db
create mode 100644 test-profiles/test_resources/ssl/CA_db/pkcs11.txt
delete mode 100644 test-profiles/test_resources/ssl/CA_db/secmod.db
delete mode 100644 test-profiles/test_resources/ssl/server_db/cert8.db
create mode 100644 test-profiles/test_resources/ssl/server_db/cert9.db
delete mode 100644 test-profiles/test_resources/ssl/server_db/key3.db
create mode 100644 test-profiles/test_resources/ssl/server_db/key4.db
create mode 100644 test-profiles/test_resources/ssl/server_db/pkcs11.txt
delete mode 100644 test-profiles/test_resources/ssl/server_db/secmod.db
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-broker-j] 01/03: QPID-8281: [Broker-J][Tests] Regenerate test
certificates with RSA 2048bits keys and copy the keystores into
corresponding module test resources
Posted by or...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit 67d0be52dadd905841f7f454585723e9dae53140
Author: Alex Rudyy <or...@apache.org>
AuthorDate: Wed Feb 27 16:11:33 2019 +0000
QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources
(cherry picked from commit d946bec02cf8cd5d72ab65df38c2733173dbc10b)
---
broker-core/pom.xml | 3 -
.../qpid/server/security/FileKeyStoreTest.java | 67 +++++++------
.../qpid/server/security/FileTrustStoreTest.java | 111 ++++++++++++++-------
.../qpid/server/security/NonJavaKeyStoreTest.java | 26 ++---
.../server/security/NonJavaTrustStoreTest.java | 14 +--
.../security/SiteSpecificTrustStoreTest.java | 6 +-
.../apache/qpid/server/ssl/TrustManagerTest.java | 70 +++++++------
broker-core/src/test/resources/ssl/expired.crt | 17 ++++
broker-core/src/test/resources/ssl/java_broker.crt | 21 ++++
broker-core/src/test/resources/ssl/java_broker.req | 18 ++++
.../ssl/java_broker_expired_truststore.pkcs12 | Bin 0 -> 1002 bytes
.../test/resources/ssl/java_broker_keystore.pkcs12 | Bin 0 -> 4425 bytes
.../resources/ssl/java_broker_peerstore.pkcs12 | Bin 0 -> 1162 bytes
.../resources/ssl/java_broker_truststore.pkcs12 | Bin 0 -> 1082 bytes
.../ssl/java_client_expired_keystore.pkcs12 | Bin 0 -> 2397 bytes
.../test/resources/ssl/java_client_keystore.pkcs12 | Bin 0 -> 7641 bytes
.../resources/ssl/java_client_truststore.pkcs12 | Bin 0 -> 1082 bytes
.../ssl/java_client_untrusted_keystore.pkcs12 | Bin 0 -> 2467 bytes
.../src/test/resources/ssl/test_keystore.jks | Bin 5786 -> 6361 bytes
.../src/main/resources/java_broker_keystore.jks | Bin 0 -> 4425 bytes
test-profiles/test_resources/ssl/CA_db/cert8.db | Bin 65536 -> 0 bytes
test-profiles/test_resources/ssl/CA_db/cert9.db | Bin 0 -> 28672 bytes
test-profiles/test_resources/ssl/CA_db/key3.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/CA_db/key4.db | Bin 0 -> 36864 bytes
test-profiles/test_resources/ssl/CA_db/pkcs11.txt | 5 +
test-profiles/test_resources/ssl/CA_db/rootca.crt | 24 +++--
test-profiles/test_resources/ssl/CA_db/secmod.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/app1.crt | 29 +++---
test-profiles/test_resources/ssl/app1.req | 29 +++---
test-profiles/test_resources/ssl/app2.crt | 29 +++---
test-profiles/test_resources/ssl/app2.req | 29 +++---
.../test_resources/ssl/generate-java-keystores.sh | 74 ++++++++++----
.../test_resources/ssl/generate-root-ca.sh | 10 +-
test-profiles/test_resources/ssl/java_broker.crt | 28 ++++--
test-profiles/test_resources/ssl/java_broker.req | 24 +++--
.../ssl/java_broker_expired_truststore.jks | Bin 769 -> 1002 bytes
.../test_resources/ssl/java_broker_keystore.jks | Bin 3209 -> 4425 bytes
.../test_resources/ssl/java_broker_peerstore.jks | Bin 802 -> 1162 bytes
.../test_resources/ssl/java_broker_truststore.jks | Bin 591 -> 1082 bytes
.../ssl/java_client_expired_keystore.jks | Bin 2057 -> 2397 bytes
.../test_resources/ssl/java_client_keystore.jks | Bin 5786 -> 7641 bytes
.../test_resources/ssl/java_client_truststore.jks | Bin 591 -> 1082 bytes
.../ssl/java_client_untrusted_keystore.jks | Bin 2056 -> 2467 bytes
.../test_resources/ssl/server_db/cert8.db | Bin 65536 -> 0 bytes
.../test_resources/ssl/server_db/cert9.db | Bin 0 -> 28672 bytes
test-profiles/test_resources/ssl/server_db/key3.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/server_db/key4.db | Bin 0 -> 36864 bytes
.../test_resources/ssl/server_db/pkcs11.txt | 5 +
.../test_resources/ssl/server_db/secmod.db | Bin 16384 -> 0 bytes
.../test_resources/ssl/server_db/server.crt | 26 +++--
.../test_resources/ssl/server_db/server.req | 23 +++--
51 files changed, 441 insertions(+), 247 deletions(-)
diff --git a/broker-core/pom.xml b/broker-core/pom.xml
index 3d32a0d..6241041 100644
--- a/broker-core/pom.xml
+++ b/broker-core/pom.xml
@@ -130,9 +130,6 @@
<testResource>
<directory>${basedir}/src/test/resources</directory>
</testResource>
- <testResource>
- <directory>${basedir}/../test-profiles/test_resources/ssl</directory>
- </testResource>
</testResources>
<plugins>
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
index e950ef4..28f49d1 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
@@ -20,6 +20,7 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.server.security.FileTrustStoreTest.createDataUrlForFile;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -40,13 +41,21 @@ import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.util.DataUrlUtils;
import org.apache.qpid.test.utils.QpidTestCase;
import org.apache.qpid.test.utils.TestSSLConstants;
-import org.apache.qpid.server.util.DataUrlUtils;
-import org.apache.qpid.server.util.FileUtils;
+
+
public class FileKeyStoreTest extends QpidTestCase
{
+ private static final String BROKER_KEYSTORE = "ssl/java_broker_keystore.pkcs12";
+ private static final String BROKER_KEYSTORE_PATH = "classpath:" + BROKER_KEYSTORE;
+ private static final String BROKER_KEYSTORE_PASSWORD = TestSSLConstants.BROKER_KEYSTORE_PASSWORD;
+ private static final String CLIENT_KEYSTORE_PATH = "classpath:ssl/java_client_keystore.pkcs12";
+ private static final String CLIENT_KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+ private static final String BROKER_KEYSTORE_ALIAS = TestSSLConstants.BROKER_KEYSTORE_ALIAS;
+
private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -70,8 +79,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -85,9 +94,9 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
- attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -101,7 +110,7 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, "wrong");
try
@@ -120,8 +129,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
try
@@ -138,12 +147,12 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreFromDataUrl_Success() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -155,13 +164,13 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreWithAliasFromDataUrl_Success() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
- attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -173,7 +182,7 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreFromDataUrl_WrongPassword() throws Exception
{
- String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
@@ -198,7 +207,7 @@ public class FileKeyStoreTest extends QpidTestCase
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
try
@@ -216,11 +225,11 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreFromDataUrl_UnknownAlias() throws Exception
{
- String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
@@ -240,8 +249,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -264,7 +273,7 @@ public class FileKeyStoreTest extends QpidTestCase
assertNull("Unexpected alias value after failed change", fileKeyStore.getCertificateAlias());
Map<String,Object> changedAttributes = new HashMap<>();
- changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+ changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
fileKeyStore.setAttributes(changedAttributes);
@@ -278,8 +287,9 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12");
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -290,8 +300,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -311,9 +321,4 @@ public class FileKeyStoreTest extends QpidTestCase
}
}
- private static String createDataUrlForFile(String filename)
- {
- byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
- return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
- }
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
index 9d184be..d0cc0a2 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
@@ -23,6 +23,10 @@ package org.apache.qpid.server.security;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@@ -35,6 +39,8 @@ import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
+import com.google.common.io.ByteStreams;
+
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
@@ -51,12 +57,21 @@ import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationMana
import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.DataUrlUtils;
-import org.apache.qpid.server.util.FileUtils;
import org.apache.qpid.test.utils.QpidTestCase;
import org.apache.qpid.test.utils.TestSSLConstants;
public class FileTrustStoreTest extends QpidTestCase
{
+ private static final String TRUSTSTORE_PASSWORD = TestSSLConstants.TRUSTSTORE_PASSWORD;
+ private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD;
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+ private static final String TRUST_STORE_PATH = "classpath:ssl/java_client_truststore.pkcs12";
+ private static final String PEER_STORE_PATH = "classpath:ssl/java_broker_peerstore.pkcs12";
+ private static final String EXPIRED_TRUST_STORE_PATH = "classpath:ssl/java_broker_expired_truststore.pkcs12";
+ private static final String EXPIRED_KEYSTORE_PATH = "ssl/java_client_expired_keystore.pkcs12";
+ private static final String TRUST_STORE = "ssl/java_client_truststore.pkcs12";
+ private static final String BROKER_TRUST_STORE_PATH = "classpath:ssl/java_broker_truststore.pkcs12";
+ private static final String BROKER_TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD;
private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -80,8 +95,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -95,7 +110,7 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, "wrong");
try
@@ -114,8 +129,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_PEERSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_PEERSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, PEER_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, PEER_STORE_PASSWORD);
attributes.put(FileTrustStore.PEERS_ONLY, true);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -131,8 +146,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -142,9 +157,9 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
- TestSSLConstants.KEYSTORE_PASSWORD,
- KeyStore.getDefaultType());
+ KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
+ KEYSTORE_PASSWORD,
+ "pkcs12");
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -155,8 +170,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
attributes.put(FileTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -167,9 +182,9 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
- TestSSLConstants.KEYSTORE_PASSWORD,
- KeyStore.getDefaultType());
+ KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
+ KEYSTORE_PASSWORD,
+ KeyStore.getDefaultType());
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -195,12 +210,12 @@ public class FileTrustStoreTest extends QpidTestCase
public void testCreateTrustStoreFromDataUrl_Success() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -212,7 +227,7 @@ public class FileTrustStoreTest extends QpidTestCase
public void testCreateTrustStoreFromDataUrl_WrongPassword() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
@@ -237,7 +252,7 @@ public class FileTrustStoreTest extends QpidTestCase
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
try
@@ -257,12 +272,12 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
FileTrustStore<?> fileTrustStore = (FileTrustStore<?>) _factory.create(TrustStore.class, attributes, _broker);
- assertEquals("Unexpected path value before change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl());
+ assertEquals("Unexpected path value before change", TRUST_STORE_PATH, fileTrustStore.getStoreUrl());
try
{
@@ -278,16 +293,16 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate trust store"));
}
- assertEquals("Unexpected path value after failed change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl());
+ assertEquals("Unexpected path value after failed change", TRUST_STORE_PATH, fileTrustStore.getStoreUrl());
Map<String,Object> changedAttributes = new HashMap<>();
- changedAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_TRUSTSTORE);
- changedAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+ changedAttributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH);
+ changedAttributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
fileTrustStore.setAttributes(changedAttributes);
assertEquals("Unexpected path value after change that is expected to be successful",
- TestSSLConstants.BROKER_TRUSTSTORE,
+ BROKER_TRUST_STORE_PATH,
fileTrustStore.getStoreUrl());
}
@@ -295,8 +310,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, KEYSTORE_PASSWORD);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -307,8 +322,9 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -333,10 +349,11 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
- TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
+ TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
Port<?> port = mock(Port.class);
when(port.getTrustStores()).thenReturn(Collections.<TrustStore>singletonList(fileTrustStore));
@@ -354,9 +371,29 @@ public class FileTrustStoreTest extends QpidTestCase
}
}
- private static String createDataUrlForFile(String filename)
+ public static String createDataUrlForFile(String filename) throws IOException
{
- byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
- return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+ InputStream in = null;
+ try
+ {
+ File f = new File(filename);
+ if (f.exists())
+ {
+ in = new FileInputStream(f);
+ }
+ else
+ {
+ in = Thread.currentThread().getContextClassLoader().getResourceAsStream(filename);
+ }
+ byte[] fileAsBytes = ByteStreams.toByteArray(in);
+ return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+ }
+ finally
+ {
+ if (in != null)
+ {
+ in.close();
+ }
+ }
}
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
index 4cd7e6f..e4e14d1 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
@@ -24,16 +24,12 @@ import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.argThat;
-import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.mockito.internal.verification.VerificationModeFactory.times;
-import javax.net.ssl.KeyManager;
-import javax.xml.bind.DatatypeConverter;
-
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
@@ -49,6 +45,9 @@ import java.util.Map;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
+import javax.net.ssl.KeyManager;
+import javax.xml.bind.DatatypeConverter;
+
import org.mockito.ArgumentMatcher;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
@@ -68,6 +67,8 @@ import org.apache.qpid.test.utils.TestFileUtils;
public class NonJavaKeyStoreTest extends QpidTestCase
{
+ private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12";
+
private final Broker<?> _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -111,10 +112,10 @@ public class NonJavaKeyStoreTest extends QpidTestCase
}
}
- private File[] extractResourcesFromTestKeyStore(boolean pem) throws Exception
+ private File[] extractResourcesFromTestKeyStore(boolean pem, final String storeResource) throws Exception
{
java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
- try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+ try(InputStream is = getClass().getResourceAsStream(storeResource))
{
ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
}
@@ -186,7 +187,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
private void runTestCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDerFormat(boolean isPEM)throws Exception
{
- File[] resources = extractResourcesFromTestKeyStore(isPEM);
+ File[] resources = extractResourcesFromTestKeyStore(isPEM, KEYSTORE);
_testResources.addAll(Arrays.asList(resources));
Map<String,Object> attributes = new HashMap<>();
@@ -206,7 +207,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
public void testCreationOfTrustStoreFromValidPrivateKeyAndInvalidCertificate()throws Exception
{
- File[] resources = extractResourcesFromTestKeyStore(true);
+ File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE);
_testResources.addAll(Arrays.asList(resources));
File invalidCertificate = TestFileUtils.createTempFile(this, ".invalid.cert", "content");
@@ -231,7 +232,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
public void testCreationOfTrustStoreFromInvalidPrivateKeyAndValidCertificate()throws Exception
{
- File[] resources = extractResourcesFromTestKeyStore(true);
+ File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE);
_testResources.addAll(Arrays.asList(resources));
File invalidPrivateKey = TestFileUtils.createTempFile(this, ".invalid.pk", "content");
@@ -274,15 +275,16 @@ public class NonJavaKeyStoreTest extends QpidTestCase
{
when(_broker.scheduleHouseKeepingTask(anyLong(), any(TimeUnit.class), any(Runnable.class))).thenReturn(mock(ScheduledFuture.class));
- java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
- try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+ java.security.KeyStore ks = java.security.KeyStore.getInstance("pkcs12");
+ final String storeLocation = KEYSTORE;
+ try(InputStream is = getClass().getResourceAsStream(storeLocation))
{
ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
}
X509Certificate cert = (X509Certificate) ks.getCertificate("rootca");
int expiryDays = (int)((cert.getNotAfter().getTime() - System.currentTimeMillis()) / (24l * 60l * 60l * 1000l));
- File[] resources = extractResourcesFromTestKeyStore(false);
+ File[] resources = extractResourcesFromTestKeyStore(false, storeLocation);
_testResources.addAll(Arrays.asList(resources));
Map<String,Object> attributes = new HashMap<>();
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
index e6276a7..3ab6f83 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
@@ -48,6 +48,8 @@ import org.apache.qpid.test.utils.TestSSLConstants;
public class NonJavaTrustStoreTest extends QpidTestCase
{
+ private static final String EXPIRED_KEYSTORE = "ssl/java_client_expired_keystore.pkcs12";
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
private final Broker<?> _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -69,7 +71,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
- attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.crt").toExternalForm());
+ attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.crt").toExternalForm());
attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -85,7 +87,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
Map<String,Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
- attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/expired.crt").toExternalForm());
+ attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/expired.crt").toExternalForm());
attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -96,9 +98,9 @@ public class NonJavaTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
- TestSSLConstants.KEYSTORE_PASSWORD,
- KeyStore.getDefaultType());
+ KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE,
+ KEYSTORE_PASSWORD,
+ "PKCS12");
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -126,7 +128,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
- attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.req").toExternalForm());
+ attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.req").toExternalForm());
attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
try
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
index 2ac12f6..f012173 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
@@ -59,6 +59,8 @@ public class SiteSpecificTrustStoreTest extends QpidTestCase
{
private static final String EXPECTED_SUBJECT = "CN=localhost,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown";
private static final String EXPECTED_ISSUER = "CN=MyRootCA,O=ACME,ST=Ontario,C=CA";
+ private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12";
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
private final Broker<?> _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -248,8 +250,8 @@ public class SiteSpecificTrustStoreTest extends QpidTestCase
private ServerSocket createTestSSLServerSocket() throws Exception
{
- char[] keyPassword = TestSSLConstants.KEYSTORE_PASSWORD.toCharArray();
- try(InputStream inputStream = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+ char[] keyPassword = KEYSTORE_PASSWORD.toCharArray();
+ try(InputStream inputStream = getClass().getResourceAsStream(KEYSTORE))
{
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
diff --git a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
index f152796..3dcddff 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
@@ -38,13 +38,23 @@ import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
public class TrustManagerTest extends QpidTestCase
{
- private static final String STORE_TYPE = "JKS";
+ private static final String STORE_TYPE = "pkcs12";
private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+ private static final String PEER_STORE = "ssl/java_broker_peerstore.pkcs12";
+ private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD;
+ private static final String KEYSTORE = "ssl/java_client_keystore.pkcs12";
+ private static final String CERT_ALIAS_APP_1 = TestSSLConstants.CERT_ALIAS_APP1;
+ private static final String CERT_ALIAS_APP_2 = TestSSLConstants.CERT_ALIAS_APP2;
+ private static final String TRUST_STORE = "ssl/java_broker_truststore.pkcs12";
+ private static final String TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD;
+ private static final String CERT_ALIAS_UNTRUSTED_CLIENT = TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT;
+ private static final String UNTRUSTED_KEYSTORE = "ssl/java_client_untrusted_keystore.pkcs12";
// retrieves the client certificate's chain from store and returns it as an array
private X509Certificate[] getClientChain(final String storePath, final String alias) throws Exception
{
- final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, TestSSLConstants.KEYSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, KEYSTORE_PASSWORD, STORE_TYPE);
final Certificate[] chain = ks.getCertificateChain(alias);
return Arrays.copyOf(chain, chain.length, X509Certificate[].class);
}
@@ -56,7 +66,7 @@ public class TrustManagerTest extends QpidTestCase
while (aliases.hasMoreElements())
{
final String alias = aliases.nextElement();
- if (!alias.equalsIgnoreCase(TestSSLConstants.CERT_ALIAS_APP1))
+ if (!alias.equalsIgnoreCase(CERT_ALIAS_APP_1))
{
fail("Broker's peer store contains other certificate than client's app1 public key");
}
@@ -70,7 +80,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidPeersOnlyTrustManager() throws Exception
{
// first let's check that peer manager loaded with the PEERstore succeeds
- final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
this.noCAinPeerStore(ps);
final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
@@ -90,7 +100,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// since broker's peerstore contains the client's app1 certificate, the check should succeed
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException e)
{
@@ -100,7 +110,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// since broker's peerstore does not contain the client's app2 certificate, the check should fail
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
fail("Untrusted client's validation against the broker's peer store manager succeeded.");
}
catch (CertificateException e)
@@ -111,7 +121,7 @@ public class TrustManagerTest extends QpidTestCase
// now let's check that peer manager loaded with the brokers TRUSTstore fails because
// it does not have the clients certificate in it (though it does have a CA-cert that
// would otherwise trust the client cert when using the regular trust manager).
- final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -131,7 +141,7 @@ public class TrustManagerTest extends QpidTestCase
{
// since broker's truststore doesn't contain the client's app1 certificate, the check should fail
// despite the fact that the truststore does have a CA that would otherwise trust the cert
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
fail("Client's validation against the broker's peer store manager didn't fail.");
}
catch (CertificateException e)
@@ -143,7 +153,7 @@ public class TrustManagerTest extends QpidTestCase
{
// since broker's truststore doesn't contain the client's app2 certificate, the check should fail
// despite the fact that the truststore does have a CA that would otherwise trust the cert
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
fail("Client's validation against the broker's peer store manager didn't fail.");
}
catch (CertificateException e)
@@ -159,7 +169,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidMultipleTrustManagerWithRegularTrustStore() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
- final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -178,8 +188,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app1 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException ex)
{
@@ -189,8 +198,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app2 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
}
catch (CertificateException ex)
{
@@ -200,8 +208,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted cert (should fail)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
- TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+ CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -217,7 +225,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidMultipleTrustManagerWithPeerStore() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
- final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -236,8 +244,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the trusted app1 cert (should succeed as the key is in the peerstore)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException ex)
{
@@ -247,8 +255,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted app2 cert (should fail as the key is not in the peerstore)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_2), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -259,8 +267,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted cert (should fail as the key is not in the peerstore)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
- TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+ CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -277,7 +285,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidMultipleTrustManagerWithTrustAndPeerStores() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
- final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -293,7 +301,7 @@ public class TrustManagerTest extends QpidTestCase
}
assertTrue("The regular trust manager for the trust store was not added", trustManagerAdded);
- final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -312,8 +320,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app1 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException ex)
{
@@ -323,8 +331,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app2 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_2), "RSA");
}
catch (CertificateException ex)
{
@@ -334,8 +342,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted cert (should fail)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
- TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+ CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
diff --git a/broker-core/src/test/resources/ssl/expired.crt b/broker-core/src/test/resources/ssl/expired.crt
new file mode 100644
index 0000000..933330a
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/expired.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAaegAwIBAgIEAjtn8zANBgkqhkiG9w0BAQ0FADAQMQ4wDAYDVQQDEwVV
+U0VSMTAeFw0xMDAxMDEyMjQ0MjVaFw0xMDAxMDIyMjQ0MjVaMBAxDjAMBgNVBAMT
+BVVTRVIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2wa5um63bXJ
+j7jv3pfhDgkvwE9hfM/DLv1rmkq2Psepefb40VJng61WiTeLNWdXrAJ+ui5iHTCn
+8n+iqaucaPv4mOwH3j57CCLRvFrFSp/cUx2oZ3Zx1DfaSgfIc5F8AJQvYrtCxa6m
+eYCoUJ3BZqARiKc6fk/RtACB1YI9mCDYOgnntNhEwMkRTuPqholyaL1fmw51EDGH
+iGCQwsxj+YMLkuK2aQAs498NcA6fzui0Ey3MJ6LmLYbOSKqZ1cBzC4YfSGH921Ic
+4YDgsvQ1io1zN4AJFHj8ld5rlDCTElgUFmkm2wCLvQAQ9+5MB4fDVLFldpHHBgX2
+0097qFSAEwIDAQABoyEwHzAdBgNVHQ4EFgQUZ30jJvIgSSRkltqIKv7UgEYnlvUw
+DQYJKoZIhvcNAQENBQADggEBABYZ+ZwbRnJvfjnFq9c+GV5/7FJOTlO0SVAVZrYJ
+HzquTr3mFDkhOc6aDlaNGiFAJcs6Udj3MvV7J+Uuai9oJDmVCt94HZL3k09G+z1b
+A3BorBKWDYm2L9CKpjUgD0VY40Tc2yNVyrzCbdjVnBkrLKiAirSrb5NJK2lnJg4Y
+TB7TiAnSydfRWUyUo8/wEMgIo4o0vuB7AnBQFhCd0XRmxBNoBZ19f+R041I6CQ0L
+9jc172XWHL1o111/RS7M8qLcWxi11DN62p6IKNT32DnhVV0RFnfVTQDaQ9qsPFmg
+Dngy+2weYwc6hEKhnunGrv0LNoqp6lQbOZO4c4v0/ynBHf4=
+-----END CERTIFICATE-----
diff --git a/broker-core/src/test/resources/ssl/java_broker.crt b/broker-core/src/test/resources/ssl/java_broker.crt
new file mode 100644
index 0000000..4e5c086
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/java_broker.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC
+Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
+Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE
+BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno
+In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee
+UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw
+Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP
+Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj
+lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ
+wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu
+WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh
+7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc
+8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy
+NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa
+FVo105jdjqfMxt8FRNuQ05vYEQ==
+-----END CERTIFICATE-----
diff --git a/broker-core/src/test/resources/ssl/java_broker.req b/broker-core/src/test/resources/ssl/java_broker.req
new file mode 100644
index 0000000..c618dd3
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/java_broker.req
@@ -0,0 +1,18 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93
+bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH
+VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz
+y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi
+rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj
+3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf
+PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc
+RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO
+MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN
+BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7
+UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv
+hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN
+jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9
+YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL
+FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I=
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
new file mode 100644
index 0000000..9bfe301
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
new file mode 100644
index 0000000..b45991f
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
new file mode 100644
index 0000000..a5b307f
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
new file mode 100644
index 0000000..4184adf
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
new file mode 100644
index 0000000..cb9b876
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
new file mode 100644
index 0000000..9422d9a
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
new file mode 100644
index 0000000..1b45a23
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12
new file mode 100644
index 0000000..8b0b023
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/test_keystore.jks b/broker-core/src/test/resources/ssl/test_keystore.jks
index 941fc7e..afa9d02 100644
Binary files a/broker-core/src/test/resources/ssl/test_keystore.jks and b/broker-core/src/test/resources/ssl/test_keystore.jks differ
diff --git a/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
new file mode 100644
index 0000000..b45991f
Binary files /dev/null and b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/CA_db/cert8.db b/test-profiles/test_resources/ssl/CA_db/cert8.db
deleted file mode 100644
index a3f6c20..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/cert8.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/CA_db/cert9.db b/test-profiles/test_resources/ssl/CA_db/cert9.db
new file mode 100644
index 0000000..2bed63c
Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/cert9.db differ
diff --git a/test-profiles/test_resources/ssl/CA_db/key3.db b/test-profiles/test_resources/ssl/CA_db/key3.db
deleted file mode 100644
index ccde375..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/key3.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/CA_db/key4.db b/test-profiles/test_resources/ssl/CA_db/key4.db
new file mode 100644
index 0000000..4562b1a
Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/key4.db differ
diff --git a/test-profiles/test_resources/ssl/CA_db/pkcs11.txt b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt
new file mode 100644
index 0000000..beb8e0f
--- /dev/null
+++ b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='CA_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/test-profiles/test_resources/ssl/CA_db/rootca.crt b/test-profiles/test_resources/ssl/CA_db/rootca.crt
index eeced5a..b9356b6 100644
--- a/test-profiles/test_resources/ssl/CA_db/rootca.crt
+++ b/test-profiles/test_resources/ssl/CA_db/rootca.crt
@@ -1,13 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICDDCCAXWgAwIBAgIFAKI1edswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDETCCAfmgAwIBAgIFALBcSiAwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMxOTIyMzUyOVoXDTIwMDMxOTIyMzUyOVowQTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDM1OVoXDTI0MDIyNzE2MDM1OVowQTELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMT
-CE15Um9vdENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjbsB++rgz0Kl9
-4VLr/03Tgab+xxf1krNdxriCMf7dd2cOQbHt3ytDeLroR/TH2Jqkv6MuXRlYHByw
-Oa3tqqX9pfCJDMnLiUZ97coeaZdtlLaHsVdp0KUiRPT+aUxbGW4n7r9o/5ahCoDV
-gxWsU0JXlHMI8eRh/smNVWf2AgQKBwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBAKfUcPQHf8Qs5UdLWyOSlnAB3fVjFjZHgBXdGAsZNFMY
-/Grjl1lGc7KJSvm6ICMD1Dq4rHrw1i4KwaeyuCfMgZ5RpsNXNoVVtCms4vD/FbSw
-Vde4OfEDiHcOy5Pd/ovnwPd6znHlYIXWZ3SEBs4MKzWW8BnwOEO+FAog0rAOE9N+
+CE15Um9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7wfxIsA
+yM7HhpEfHy0rEBrhfwCTf/dO/x6DFKjYfxKuhbFcHuBWHhq60mn04Wfo0kwCSZSE
+sabJvba5iHAztzHUeLBTyg9fy57tlNs0sQMqXCD3bwa1HBGgMt5A05zSmi9ZklwH
+xrfB8nbSePD/V1tmwjXvWYx/G2xnRHZbs8dS000DteI2yq8O1i/NJst8KrifxgE2
+RzfNqSLxrmEzZAe5lt2eGIxr+UatR/AKXFixfKEK523Rq9CnJ7Fdgzt0WebbhUwg
+4A0AIJk4h6WKTB+RwdWT9Dgzc+qSkjHco9vqToF92QfQOygPjDSjWKHwPyTskuYf
+W9EohouHZWjsXQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUA
+A4IBAQCYi9vsfbIRihVyVQ8R1xBD+v7HZ31Se4v3ODQ9xD4DBE4qcE4kYTmFdRoD
+5WIm9O2w20Iz4icVr1iyOlund9psL3CSklPVUqGIGQXfzxfI9Dgi+NicIWDFhHra
+hfeYl2Tg4lkkodTewVMdiigh7MBdWnr3j/xEIWxcvD3x5ymXPV6PU9mzn8r/tcNC
+A+07I0eCqcAYHDTEQxumiTBObymnnABYr0lDa+baWrW2YuLx+I5I+rHFEnuy9vDn
+rN0kZuG32V5cIAavDZWkUrxR87TsJ0gxv/cbFU+J2x4Z6X8ryI2HhLujxqXmTzSH
+5Bq18bki5O4kqJFY4CA/N+035Yta
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/CA_db/secmod.db b/test-profiles/test_resources/ssl/CA_db/secmod.db
deleted file mode 100644
index 0c0a006..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/secmod.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/app1.crt b/test-profiles/test_resources/ssl/app1.crt
index 5b32b12..edc890f 100644
--- a/test-profiles/test_resources/ssl/app1.crt
+++ b/test-profiles/test_resources/ssl/app1.crt
@@ -1,18 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIC4TCCAkqgAwIBAgIFAKI1xIUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDYjCCAkqgAwIBAgIFALBcS8MwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMyMDAxMjE1MloXDTIwMDMyMDAxMjE1MlowYTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDcxNloXDTI0MDIyNzE2MDcxNlowYTELMAkGA1UE
BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh
Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGd
-w6z5zPWZ83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtq
-xaYO/Ovt4xGsNspcpcSNVPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmg
-TuyAXPbunwu4poPaWOy0JBTSsS8LPGgofE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sL
-iA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9BrjJvJGfL9UydpjiIl25uMA
-PTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcDAgMBAAGj
-QTA/MB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAJBgNVHRMEAjAAMBMG
-A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBABr7BxsqDpHy2tOo
-F39pthuSpHBh37fxtSCJKMigMFjRUCpLYosMefixVYGT8IAhJ+KSzAg48SKmD0b5
-9R4NZXP16Mbs6U9Air8CSANsfpcG4nJu+QiTIu6RAQOwt+dlYfRe/OkNpunzJBzb
-eAEMdf1CrEFtQi/hniiLffjyk7ln
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNdGrF7GBnVVvkrwzu9xo7scIEUll
+82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecruhfx4jcmaEXwdixuDpCnw1fZ1xfC7
+AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG2Fm6FlZAwQyhfagnA4VBxthFlhGw
+D7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVBVnENmdCg4Xd3WtnPV/boWSUR6Obk
+M7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2ei1eaY0GMnRquW4hyYYw8JXVO3Ji
+JtchVlUo7SL2gDuGmpk+/yceitJWn2e482lgURuVRFSwSgSqEkZrjCSpAgMBAAGj
+QTA/MB0GA1UdDgQWBBTDC6GBKI/QRwIZlVC8SJN6V/6OxDAJBgNVHRMEAjAAMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQBjNo/6CYFVU21q
+TWW88eG1J/I6e+vv9hjNWuxtsOuWUzoepNFAa7gY1C5jMHMe1hXl9hK4mHm/D1o2
+5i3FERDyLz5x6a0oQP6T8F+BLfg8YGfbrcCuZPInPKgw5bc2xRVJc8zaZM5EBw1+
+U80+o5Er2XU/MSfJ6vfsNjZ7aGOo/ssQwBarKGHUwQTazgwRy+kVh9aZf+Vadbnx
+u3mtV6md9EMLfRzOKfTrdlHrS1CgUTKn+LmwSsBNomxXJcW0gpWIx4hoCd07vJCj
+WAvAeHdzAVSiAKkJ42ikOd7g5pXUFkpcNlIyfLpJGwTZYNSCx0eXuSUt3cLA+7V/
+2wXQNMED
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/app1.req b/test-profiles/test_resources/ssl/app1.req
index 318715d..f1f90e0 100644
--- a/test-profiles/test_resources/ssl/app1.req
+++ b/test-profiles/test_resources/ssl/app1.req
@@ -1,15 +1,18 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv
-MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGdw6z5zPWZ
-83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtqxaYO/Ovt4xGsNspcpcSN
-VPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmgTuyAXPbunwu4poPaWOy0JBTSsS8LPGgo
-fE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sLiA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9Brj
-JvJGfL9UydpjiIl25uMAPTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcD
-AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAN
-BgkqhkiG9w0BAQUFAAOCAQEAMlm/PeNAirN/c6KWkVNYBYk1RosQ0TVoRLnrKON/HHcHSlA6YCAD
-LLc2S8fTEjxKoOU3G1pL3s6nD1GKETF/k9Wm9VAK2lg9daG35p5RaEFwLc3r9PVMLNYcnOSXV4tj
-9S7L2FH2mxinj9vs7VYe6ZmI2vp2ts0P5/k4dX/vAQAkS8y6A+gxVzUeeDFT2+WQtmRG/mPfU9Ic
-9w965Po0Dd7cQPgwS7WQoVHovSjIvNXhm6aNki9uyWoDIE4cR2QcHRC6YBlxRiEq6uW87FBgrCH+
-ooLiZS/+p8TWCRro3HvsFRrrCTE+gFK8c3ouueIzmvu4+SKB0lPJOdnhoUsOaw==
+MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH
+EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM
+DWFwcDFAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX
+NdGrF7GBnVVvkrwzu9xo7scIEUll82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecru
+hfx4jcmaEXwdixuDpCnw1fZ1xfC7AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG
+2Fm6FlZAwQyhfagnA4VBxthFlhGwD7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVB
+VnENmdCg4Xd3WtnPV/boWSUR6ObkM7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2
+ei1eaY0GMnRquW4hyYYw8JXVO3JiJtchVlUo7SL2gDuGmpk+/yceitJWn2e482lg
+URuVRFSwSgSqEkZrjCSpAgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
+BBTDC6GBKI/QRwIZlVC8SJN6V/6OxDANBgkqhkiG9w0BAQ0FAAOCAQEAVQ6eZDo+
+aW/JjTsK1duwqkpxWcGWyNApOaEETnunCFUsTYcN3zId7107gNMlKSQrQOztYFNc
+OKjDOicKHSoYoh+qRxprB4CPrhdNMXrtjFUOCDA+eLvf7kHn9hcOzg8XkgDOFVOs
+x61krLsN5jo2pfqdiPj13ilas7lBy4/WjEnazg/g/ckWAbYp2Rec47UnAGi5LB9h
+cgO/+vZUpmCCfHCURBC1qwk9UdbXlaDZcbITszvR86PZ6ztkDO9dxbDDvCHydvcD
+jaEHdvpSlC2WiWc4R/Tjq+xYQkRayPHYzHF1w3YYEbpuQOZwiuzYlQrZnOyH+oVC
+/0qy57VDVqP/HA==
-----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/app2.crt b/test-profiles/test_resources/ssl/app2.crt
index a8fe410..5693e43 100644
--- a/test-profiles/test_resources/ssl/app2.crt
+++ b/test-profiles/test_resources/ssl/app2.crt
@@ -1,18 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIC4TCCAkqgAwIBAgIFAKI1xCswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDZTCCAk2gAwIBAgIFALBcS6owDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMyMDAxMjEwNVoXDTIwMDMyMDAxMjEwNVowYTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDcwM1oXDTI0MDIyNzE2MDcwM1owYTELMAkGA1UE
BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh
Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2
-czDTsr93D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaG
-gD3ggIl9Ws5hUgfxJCWBg7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4b
-wvU6wxGK2uUoruXE/iti/+jtzxjq0PO7ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdet
-XlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5JwIww6oyTDVvXc1kCw0Q
-CtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkRAgMBAAGj
-QTA/MB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAJBgNVHRMEAjAAMBMG
-A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJnedohhbqoY7O6o
-Am+hPScBCng/fl0erVjexL9W8l8g5NvIGgioUfjUDvGOnwB5LOoTnZUCRaLFhQFc
-GFMIjdHpg0qt/QkEFX/0m+849RK6muHT1CNlcXtCFXwPTJ+9h+1auTP+Yp/6ii9S
-U3W1dzYawy2p9IhkMZEpJaHCLnaC
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXMCZtW+a6JxuA2fN45Ta/0ilUqfme
+r+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNWjscgGhtxeY9nw3u+NaxFJxuQrKLu
+nnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poTeunv6MHVdujehJOCph6zDEANjT2f
+gHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoziQ0OopIqFSF/FhFZDK4bJFruAJJc
+0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri9J/GUlnXmN9nk6v5FybDjH6u9jcd
+9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZZWy1c7hfzktCvjW5Y7R7AgMBAAGj
+RDBCMB0GA1UdDgQWBBTzMIzbe9uahZhnVxRWUyelP3jc9TAMBgNVHRMBAf8EAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQAJMyC3QdIH
+ZwdUYKiwAl7W89CarMjCEH960fhHAcyliGYTtRj7aMEkWpFvR16yuRHfbiE4XZ71
+ClySvZxVl9DBcpSx69PBiRELd1wpRk5YP/1mxPtS85JlRCMVG92dizL0jSvugDcp
+pfTR9ifCK9skHrHMRvsmh7w4L2YX1IJXSORjzTHTOpqLM1vDERximf16C5ZPMhbJ
+F3jP8+k74/o3gDTttR/89M8bg5Xi/7VW4CWcBZTWnp43y8UlncbWRRwYMnJ7UAva
+7Dg0un/Nu4K/ggALmzsB3x4XBMvzIFf0orhRuFqS7BCqFg5ZavpMPHwDX7dFEjIC
+BsUjFnrzaxHI
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/app2.req b/test-profiles/test_resources/ssl/app2.req
index cfd67b5..61235b0 100644
--- a/test-profiles/test_resources/ssl/app2.req
+++ b/test-profiles/test_resources/ssl/app2.req
@@ -1,15 +1,18 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv
-MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2czDTsr93
-D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaGgD3ggIl9Ws5hUgfxJCWB
-g7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4bwvU6wxGK2uUoruXE/iti/+jtzxjq0PO7
-ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdetXlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5
-JwIww6oyTDVvXc1kCw0QCtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkR
-AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAN
-BgkqhkiG9w0BAQUFAAOCAQEAIk5xvkcSXoDDsqarHHbeBsYd1WIQbbNyDB4+9GlooI/0igSy6pIm
-wulHIvmXDuMZbYx+mNmVhapEyOWC0Yq4nnAbIkFDQOZ8ac3IdwiP8rf+FziaU49CPH7PvVRmI1dO
-X/cgJobj3EytaCh1+xvDxJuRvQ3UL+MoL3KJxS+JAhH0QYT7ZoXBLfz4UHjVJn/fG4tsrAzdtjsG
-1DHiyaarUxjFqfE8IsaqaT2r1MhFVI0EXDbskCtVDf8x4RbCbBfooerkca4JbdhNfzHXVeq3NjkQ
-NhYdRwwlAWr3bWEhc3F1rHYPnN5C0tonxnz71Emt3zfzO4XYaXePQTm+3JCSEw==
+MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH
+EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM
+DWFwcDJAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX
+MCZtW+a6JxuA2fN45Ta/0ilUqfmer+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNW
+jscgGhtxeY9nw3u+NaxFJxuQrKLunnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poT
+eunv6MHVdujehJOCph6zDEANjT2fgHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoz
+iQ0OopIqFSF/FhFZDK4bJFruAJJc0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri
+9J/GUlnXmN9nk6v5FybDjH6u9jcd9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZ
+ZWy1c7hfzktCvjW5Y7R7AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
+BBTzMIzbe9uahZhnVxRWUyelP3jc9TANBgkqhkiG9w0BAQ0FAAOCAQEAKstPTwyn
+rn7dC+5SeP1ww6bMp77+KdQFu7aJ3Ul2xt6ICp0GkH5motvFx+dw5im8la4NH6Y7
+ZQS9eeoT6Zfi76Ve1wSVE2Gu0k9KgGXXW8ZodKml5vK89jf/3Fsy/058coOjsUDI
+iZqGajqiZshpmIpCJP3PPGA1Db30RY93U3iJAEwJCAXhGEd7EXV5iP3HA8wzuwws
+7osIz2oixsM/6Btf0+7FBt7AtqkknuDcw1Z/ZoUc5iIpMnGTtoajXnpNs7VgpngU
+bjMhgJSEOyjZrPn1VxtP23KVWm3+aAs/3gGW058ku3NYXg9H8FLysUNackZlnxqz
+dvTNaLl4FIUgiw==
-----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/generate-java-keystores.sh b/test-profiles/test_resources/ssl/generate-java-keystores.sh
index ba51b98..f6c8e82 100755
--- a/test-profiles/test_resources/ssl/generate-java-keystores.sh
+++ b/test-profiles/test_resources/ssl/generate-java-keystores.sh
@@ -21,53 +21,53 @@
echo "Remove existing keystore for Apache Qpid Broker-J "
rm java_broker_keystore.jks
echo "Re-create keystore for Apache Qpid Broker-J by importing RootCA certificate"
-keytool -import -v -keystore java_broker_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_broker_keystore.jks -keysize 2048 -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "Generate certificate key 'java-broker'"
-keytool -genkey -alias java-broker -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
+keytool -genkey -alias java-broker -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -storetype pkcs12
echo "Export certificate signing request"
-keytool -certreq -alias java-broker -sigalg SHA1withRSA -keystore java_broker_keystore.jks -storepass password -v -file java-broker.req
+keytool -certreq -alias java-broker -sigalg SHA512withRSA -keystore java_broker_keystore.jks -storepass password -v -file java_broker.req -storetype pkcs12
echo "Sign certificate by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i java-broker.req -o java-broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i java_broker.req -o java_broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -g 4096
echo "Import signed certificate"
-keytool -import -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java-broker.crt
+keytool -importcert -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java_broker.crt -storetype pkcs12 -noprompt
echo "List keystore entries"
-keytool --list --keystore java_broker_keystore.jks -storepass password
+keytool --list --keystore java_broker_keystore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing client keystore"
rm java_client_keystore.jks
echo "Re-create client keystore by importing RootCA certificate"
-keytool -import -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "Generate key for certificate 'app2'"
-keytool -genkey -alias app2 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"
+keytool -genkey -alias app2 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12
echo "Export certificate signing request for 'app2'"
-keytool -certreq -alias app2 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req
+keytool -certreq -alias app2 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req -storetype pkcs12
echo "Sign certificate 'app2' by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512
echo "Import signed certificate 'app2'"
-keytool -import -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt
+keytool -importcert -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt
echo "Generate key for certificate 'app1'"
-keytool -genkey -alias app1 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"
+keytool -genkey -alias app1 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12
echo "Export certificate signing request for 'app1'"
-keytool -certreq -alias app1 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req
+keytool -certreq -alias app1 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req
echo "Sign certificate 'app1' by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation of root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512
echo "Import signed certificate 'app1'"
-keytool -import -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt
+keytool -importcert -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt
echo "List entries in client keystore"
keytool --list --keystore java_client_keystore.jks -storepass password
@@ -75,23 +75,55 @@ read -p "Press [Enter] key to continue..."
echo "Remove existing client truststore"
rm java_client_truststore.jks
echo "Re-create client truststore by importing RootCA certificate"
-keytool -import -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "List entries in client trusttore"
-keytool --list --keystore java_client_truststore.jks -storepass password
+keytool --list --keystore java_client_truststore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing broker truststore"
rm java_broker_truststore.jks
echo "Re-create broker truststore by importing RootCA certificate"
-keytool -import -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "List entries in broker truststore"
-keytool --list --keystore java_broker_truststore.jks -storepass password
+keytool --list --keystore java_broker_truststore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing broker peerstore"
rm java_broker_peerstore.jks
echo "Re-create broker peerstore by importing app1 certificate"
-keytool -import -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt
+keytool -importcert -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt -storetype pkcs12 -noprompt
echo "List entries in broker peerstore"
-keytool --list --keystore java_broker_peerstore.jks -storepass password
+keytool --list --keystore java_broker_peerstore.jks -storepass password -storetype pkcs12
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_keystore.jks
+keytool -importcert -v -alias app1 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt
+keytool -importcert -v -alias app2 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12
+keytool -delete -v -alias rootca -keystore ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 -storepass password
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12
+keytool -delete -v -alias java-broker -keystore ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 -storepass password
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12
+keytool -genseckey -alias testalias -keyalg AES -keysize 256 -storetype pkcs12 -keystore ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 -storepass password
+
+cp java_broker.req ../../../broker-core/src/test/resources/ssl/java_broker.req
+cp java_broker.crt ../../../broker-core/src/test/resources/ssl/java_broker.crt
+
+cp expired.crt ../../../broker-core/src/test/resources/ssl/expired.crt
+cp java_client_expired_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
+cp java_broker_expired_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
+
+cp java_broker_peerstore.jks ../../../broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
+cp java_broker_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
+cp java_broker_keystore.jks ../../../systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
+cp java_client_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
+cp java_client_truststore.jks ../../../broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
+
+rm java_client_untrusted_keystore.jks
+keytool -genkey -keystore java_client_untrusted_keystore.jks -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -alias untrusted_client -storepass password -storetype pkcs12 -dname "CN=untrusted_client"
+cp java_client_untrusted_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12
+
diff --git a/test-profiles/test_resources/ssl/generate-root-ca.sh b/test-profiles/test_resources/ssl/generate-root-ca.sh
index ca14727..14d760c 100755
--- a/test-profiles/test_resources/ssl/generate-root-ca.sh
+++ b/test-profiles/test_resources/ssl/generate-root-ca.sh
@@ -19,7 +19,7 @@
#
echo "Create a new certificate database for root CA"
-rm CA_db/*
+rm -fr CA_db; mkdir CA_db
certutil -N -d CA_db
echo "Create the self-signed Root CA certificate by entering:"
@@ -27,23 +27,23 @@ echo " password which was specified on creation of root CA database."
echo " y for 'Is this a CA certificate [y/N]?'"
echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
-certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA1 -v 60
+certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA512 -v 60 -g 2048
echo "Extract the CA certificate from the CA’s certificate database to a file."
certutil -L -d CA_db -n "MyRootCA" -a -o CA_db/rootca.crt
echo "Create a certificate database for the Qpid Broker."
-rm server_db/*
+rm -fr server_db; mkdir server_db
certutil -N -d server_db
echo "Import the CA certificate into the broker’s certificate database"
certutil -A -d server_db -n "MyRootCA" -t "TC,," -a -i CA_db/rootca.crt
echo "Create the server certificate request"
-certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA1
+certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA512
echo "Sign and issue a new server certificate by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation of root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA512 -g 2048
echo "Import signed certificate to the broker’s certificate database"
certutil -A -d server_db -n localhost.localdomain -a -i server_db/server.crt -t ",,"
diff --git a/test-profiles/test_resources/ssl/java_broker.crt b/test-profiles/test_resources/ssl/java_broker.crt
index 9b88c04..4e5c086 100644
--- a/test-profiles/test_resources/ssl/java_broker.crt
+++ b/test-profiles/test_resources/ssl/java_broker.crt
@@ -1,15 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIICVzCCAcCgAwIBAgIFAJcmLgUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTEyMDIxNzIzMzgxM1oXDTE1MDMxNzIzMzgxM1owejEQMA4GA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE
BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
-MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMVbG9j
-YWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1
-OsmvebKV0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4
-eLoUYBhJfVjRu7XU9XMhrLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9r
-Rt2KX53t3OVxirdKS++2u3apUObJLjOwc+bf/mVbIQIDAQABoyIwIDAJBgNVHRME
-AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBACIRf1BV
-zsniD2qZ9eQsWPCnZ0vIuyKNBbxzXkpbEPBirQZIoY4GCgbIc38OV8SRRHInto6j
-i4G8klxth6gPHs+MbjqVzwZ0mND57JSxTpPZ+au+ZjbJO+efNfNw9hBs44fZ1Int
-DPNiQekOLGHimSDBQr8FHkMLSwTcxGsfcpU/
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno
+In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee
+UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw
+Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP
+Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj
+lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ
+wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu
+WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh
+7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc
+8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy
+NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa
+FVo105jdjqfMxt8FRNuQ05vYEQ==
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/java_broker.req b/test-profiles/test_resources/ssl/java_broker.req
index 5aa50d9..c618dd3 100644
--- a/test-profiles/test_resources/ssl/java_broker.req
+++ b/test-profiles/test_resources/ssl/java_broker.req
@@ -1,10 +1,18 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIBujCCASMCAQAwejEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE
-BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMV
-bG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1OsmvebKV
-0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4eLoUYBhJfVjRu7XU9XMh
-rLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9rRt2KX53t3OVxirdKS++2u3apUObJLjOw
-c+bf/mVbIQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtFBfnlL3ZZEnFJRAzkbIMqRLHcWdIyfq
-MocOammt7Cw//4cJPIdGoJp4ZhSfZX7k5p6FExgudYwuPF7s4ex+bTI49zW44mVdyrvAiY88bUA1
-9vcpRDANN9R0z13v6OIJGW8hpua3oKz+XON6TeksjzbPkNUNt5Ya5tJAylkha0A=
+MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93
+bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH
+VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz
+y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi
+rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj
+3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf
+PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc
+RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO
+MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN
+BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7
+UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv
+hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN
+jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9
+YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL
+FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I=
-----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks
index bbbd248..9bfe301 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_keystore.jks b/test-profiles/test_resources/ssl/java_broker_keystore.jks
index 50bb8d0..b45991f 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_keystore.jks and b/test-profiles/test_resources/ssl/java_broker_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_peerstore.jks b/test-profiles/test_resources/ssl/java_broker_peerstore.jks
index 69cdd40..a5b307f 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_peerstore.jks and b/test-profiles/test_resources/ssl/java_broker_peerstore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_truststore.jks b/test-profiles/test_resources/ssl/java_broker_truststore.jks
index e6d556a..4184adf 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks
index eb86509..cb9b876 100644
Binary files a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks and b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_keystore.jks b/test-profiles/test_resources/ssl/java_client_keystore.jks
index 941fc7e..9422d9a 100644
Binary files a/test-profiles/test_resources/ssl/java_client_keystore.jks and b/test-profiles/test_resources/ssl/java_client_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_truststore.jks b/test-profiles/test_resources/ssl/java_client_truststore.jks
index ab79b54..1b45a23 100644
Binary files a/test-profiles/test_resources/ssl/java_client_truststore.jks and b/test-profiles/test_resources/ssl/java_client_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks
index 45a0c10..8b0b023 100644
Binary files a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks and b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/server_db/cert8.db b/test-profiles/test_resources/ssl/server_db/cert8.db
deleted file mode 100644
index f482e78..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/cert8.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/cert9.db b/test-profiles/test_resources/ssl/server_db/cert9.db
new file mode 100644
index 0000000..9a5f864
Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/cert9.db differ
diff --git a/test-profiles/test_resources/ssl/server_db/key3.db b/test-profiles/test_resources/ssl/server_db/key3.db
deleted file mode 100644
index f1edbaf..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/key3.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/key4.db b/test-profiles/test_resources/ssl/server_db/key4.db
new file mode 100644
index 0000000..f08d318
Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/key4.db differ
diff --git a/test-profiles/test_resources/ssl/server_db/pkcs11.txt b/test-profiles/test_resources/ssl/server_db/pkcs11.txt
new file mode 100644
index 0000000..440f523
--- /dev/null
+++ b/test-profiles/test_resources/ssl/server_db/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='server_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/test-profiles/test_resources/ssl/server_db/secmod.db b/test-profiles/test_resources/ssl/server_db/secmod.db
deleted file mode 100644
index 87867f4..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/secmod.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/server.crt b/test-profiles/test_resources/ssl/server_db/server.crt
index 1a87265..fb51ff1 100644
--- a/test-profiles/test_resources/ssl/server_db/server.crt
+++ b/test-profiles/test_resources/ssl/server_db/server.crt
@@ -1,14 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICKzCCAZSgAwIBAgIFAKI1eqswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDMDCCAhigAwIBAgIFALBcSo0wDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMxOTIyMzYzOVoXDTIwMDMxOTIyMzYzOVowTjELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDQzNFoXDTI0MDIyNzE2MDQzNFowTjELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxHjAcBgNVBAMT
-FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAu4kNLGCxZ3cvQRqd0L6iM1zx4boj7eGlLpgysPn0sd77N8CfBMqnmWOoYafI
-H4+FPMQ3En3D0nV5qFjveNTJQtzRZZUCbF6UESeO6ghu8Rr5AnI51PIrSQPVEG1w
-0AN1TYrn5AxW3G06aVMsggk7TItFb7qkXTO1LuGUcZy1z+MCAwEAAaMiMCAwCQYD
-VR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAc
-w82l72VLrPNtVBp+90rNHLM6ARnghYWLceC07cwgjNItejDlLOHzExThYH5vOwFs
-b6c2KyUt198uccl5wx44HvzR5LCVnJ0JQqw4n0tS9jeztD42urYWP2ouPgqgxAvo
-zNARo6aODfF9I7sxtPhSvhECyKvkZQH4F4xVXwwvSA==
+FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8KKbK6F2DxPKPpV3FuhPxKRLVbDTp
+VgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+kpFD21Z4xcaLTaHQvyiXMXgYJ/AU+
+0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjjLleuP5WwUSZJQ3oR74YQOKFZiDMU
+p5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3BL1mNFV8Q0aFD/qOsZoKNHZR8vb1
+ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSPTtThuwZniSvOqsy2zkkEqG26HOnl
+BlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEAAaMiMCAwCQYDVR0TBAIwADATBgNV
+HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQ0FAAOCAQEASvcXQIq2cyhujhoh
+DKZhenA1MqGTpWsrAo41obxVpzch/z7qrQsGUG/7qXm7XIQ8wPXKUJhQd5+ga5U0
+YV/QNu8Kz+5rxgCxv/hqHaajNfeOs8C3Oxk1IIg+9OC2bIRmR9SF84XBM2YrJuTe
+BlGszTNnOXQGoR0gOMl2EH+4kh00vVnRwrsSGHEWNqNprPFgauZ14bvCeeFJhsYd
+IjmrQgbGvt4463Kaw4gUstSrwQGOTGjqhEcUR6MER83HzDu0qoAHtQLNXh1NJ3M0
+BQg6Aaral1kfgWKbB88SgAAPMHBzIqG1ubYmRykEf+G6OOgBACp1CSiCskbJ59Wc
+2tbblQ==
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/server_db/server.req b/test-profiles/test_resources/ssl/server_db/server.req
index 9eaa228..f2042ce 100644
--- a/test-profiles/test_resources/ssl/server_db/server.req
+++ b/test-profiles/test_resources/ssl/server_db/server.req
@@ -9,13 +9,18 @@ State: Ontario
Country: CA
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIBjTCB9wIBADBOMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsG
-A1UEChMEQUNNRTEeMBwGA1UEAxMVbG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7iQ0sYLFndy9BGp3QvqIzXPHhuiPt4aUu
-mDKw+fSx3vs3wJ8EyqeZY6hhp8gfj4U8xDcSfcPSdXmoWO941MlC3NFllQJsXpQR
-J47qCG7xGvkCcjnU8itJA9UQbXDQA3VNiufkDFbcbTppUyyCCTtMi0VvuqRdM7Uu
-4ZRxnLXP4wIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtuJ9b0OgbijExb/AQlbS
-kw4s28SwMqyMdgt+kUJHaDV+sEtlzzdv7jS0uKtoElBI7+MiYbtGzcqvdPGc147Q
-T6Lk7AMcBrjRFLxuBnAi+Bdh7O6PUUKL9CREAae1QiVOFfXkD07Az9YDLYhe+ZsJ
-qLYrWDGTMRXXsKU3JWIy5M4=
+MIICkzCCAXsCAQAwTjELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTAL
+BgNVBAoTBEFDTUUxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8
+KKbK6F2DxPKPpV3FuhPxKRLVbDTpVgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+k
+pFD21Z4xcaLTaHQvyiXMXgYJ/AU+0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjj
+LleuP5WwUSZJQ3oR74YQOKFZiDMUp5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3
+BL1mNFV8Q0aFD/qOsZoKNHZR8vb1ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSP
+TtThuwZniSvOqsy2zkkEqG26HOnlBlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEA
+AaAAMA0GCSqGSIb3DQEBDQUAA4IBAQB65l4W5FqmHN0KIPS81qwdpncPw0XLM5Wf
+dVY8Q0GZ9AWm5pTBl472AdoL/2FtQEsLnIfDDR9WFDfREqP2grO+98vbMPofNLPH
+es9dOEXRAGMziqFUhFofyWIXZUBQI9nWn9kuNZRtK2JfftG+eMtT8KlibFgVdaHc
+C8/HwlnmoQVtXQeqnEMYK8hN1+4hp9OzwkiwSMBpTNtB9jejnYQe4U2DnWpWD1ko
+w0kAQpb36zSOkZZ0ZMaT7aTLpDmsOvj6bAj6nUxjcGFvSqVIaxyQb2y0JflM+IN7
+K0PL2I1Wi2AGA3WlBs/nY+Ol2NfcD/nsdZdtVNn6WV9DsfnyfS6L
-----END NEW CERTIFICATE REQUEST-----
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-broker-j] 02/03: QPID-8281: [Broker-J][Tests] Explicitly
specify type of keystores and truststores in tests
Posted by or...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit 96f57f6765df2d6ef1bf361c088195041dba1f05
Author: Alex Rudyy <or...@apache.org>
AuthorDate: Wed Mar 6 16:13:31 2019 +0000
QPID-8281: [Broker-J][Tests] Explicitly specify type of keystores and truststores in tests
---
.../berkeleydb/BDBVirtualHostImplTest.java | 2 +-
.../apache/qpid/server/model/BrokerTestHelper.java | 4 ++
.../qpid/server/security/FileKeyStoreTest.java | 16 ++++-
.../qpid/server/security/FileTrustStoreTest.java | 24 +++++--
.../qpid/server/security/NonJavaKeyStoreTest.java | 5 +-
.../server/security/NonJavaTrustStoreTest.java | 3 +-
.../security/SiteSpecificTrustStoreTest.java | 3 +-
.../manager/oauth2/OAuth2MockEndpointHolder.java | 17 ++++-
.../apache/qpid/server/ssl/TrustManagerTest.java | 2 +-
.../server/transport/TCPandSSLTransportTest.java | 8 +++
.../virtualhost/jdbc/JDBCVirtualHostTest.java | 3 +-
.../org/apache/qpid/test/utils/QpidTestCase.java | 31 +++++++++
.../apache/qpid/test/utils/TestSSLConstants.java | 2 +
systests/etc/config-systests.json | 6 +-
.../apache/qpid/systest/rest/RestTestHelper.java | 74 ++++++++++++++--------
.../java/org/apache/qpid/client/ssl/SSLTest.java | 9 ++-
.../auth/manager/ExternalAuthenticationTest.java | 7 +-
.../management/amqp/AmqpManagementTest.java | 3 +
.../messageencryption/MessageEncryptionTest.java | 17 +++++
.../apache/qpid/systest/rest/KeyStoreRestTest.java | 3 +-
.../qpid/systest/rest/TrustStoreRestTest.java | 11 ++--
.../qpid/systest/rest/acl/BrokerACLTest.java | 2 +
22 files changed, 201 insertions(+), 51 deletions(-)
diff --git a/bdbstore/src/test/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBVirtualHostImplTest.java b/bdbstore/src/test/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBVirtualHostImplTest.java
index 36227c8..76d2b99 100644
--- a/bdbstore/src/test/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBVirtualHostImplTest.java
+++ b/bdbstore/src/test/java/org/apache/qpid/server/virtualhost/berkeleydb/BDBVirtualHostImplTest.java
@@ -58,7 +58,7 @@ public class BDBVirtualHostImplTest extends QpidTestCase
_storePath = TestFileUtils.createTestDirectory();
- _node = mock(VirtualHostNode.class);
+ _node = BrokerTestHelper.mockWithSystemPrincipal(VirtualHostNode.class);
when(_node.getParent()).thenReturn(broker);
when(_node.getModel()).thenReturn(BrokerModel.getInstance());
when(_node.getTaskExecutor()).thenReturn(taskExecutor);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java b/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java
index f1958ff..9573bdb 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/model/BrokerTestHelper.java
@@ -299,6 +299,10 @@ public class BrokerTestHelper
public interface TestableSystemPrincipalSource extends SystemPrincipalSource {}
public interface TestableAccessControlSource extends AccessControlSource {}
+ public static <X extends ConfiguredObject> X mockWithSystemPrincipal(Class<X> clazzl)
+ {
+ return mockWithSystemPrincipal(clazzl, SYSTEM_PRINCIPAL);
+ }
public static <X extends ConfiguredObject> X mockWithSystemPrincipal(Class<X> clazz, Principal principal)
{
synchronized (SYSTEM_PRINCIPAL_SOURCE_MOCKS)
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
index 28f49d1..348ebd6 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
@@ -21,6 +21,7 @@ package org.apache.qpid.server.security;
import static org.apache.qpid.server.security.FileTrustStoreTest.createDataUrlForFile;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -81,6 +82,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -97,6 +99,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -112,6 +115,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, "wrong");
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
try
{
@@ -132,6 +136,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
try
{
@@ -141,7 +146,8 @@ public class FileKeyStoreTest extends QpidTestCase
catch (IllegalConfigurationException ice)
{
String message = ice.getMessage();
- assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot find a certificate with alias 'notknown' in key store"));
+ assertTrue("Exception text not as unexpected:" + message,
+ message.contains("Cannot find a certificate with alias 'notknown' in key store"));
}
}
@@ -153,6 +159,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -171,6 +178,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -188,6 +196,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.PASSWORD, "wrong");
attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
try
{
@@ -232,6 +241,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
try
{
@@ -251,6 +261,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -289,7 +300,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
- attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12");
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -302,6 +313,7 @@ public class FileKeyStoreTest extends QpidTestCase
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
index d0cc0a2..28af9e5 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
@@ -20,6 +20,7 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -97,6 +98,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -112,6 +114,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, "wrong");
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
try
{
@@ -132,6 +135,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.STORE_URL, PEER_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, PEER_STORE_PASSWORD);
attributes.put(FileTrustStore.PEERS_ONLY, true);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -144,10 +148,16 @@ public class FileTrustStoreTest extends QpidTestCase
public void testUseOfExpiredTrustAnchorAllowed() throws Exception
{
+ if (getJvmVendor() == JvmVendor.IBM)
+ {
+ //IBMJSSE2 trust factory (IbmX509) validates the entire chain, including trusted certificates.
+ return;
+ }
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -159,7 +169,7 @@ public class FileTrustStoreTest extends QpidTestCase
KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
KEYSTORE_PASSWORD,
- "pkcs12");
+ JAVA_KEYSTORE_TYPE);
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -173,6 +183,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
attributes.put(FileTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -184,7 +195,7 @@ public class FileTrustStoreTest extends QpidTestCase
KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
KEYSTORE_PASSWORD,
- KeyStore.getDefaultType());
+ JAVA_KEYSTORE_TYPE);
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -216,6 +227,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -233,6 +245,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.PASSWORD, "wrong");
attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
try
{
@@ -254,6 +267,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
try
{
@@ -274,6 +288,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
FileTrustStore<?> fileTrustStore = (FileTrustStore<?>) _factory.create(TrustStore.class, attributes, _broker);
@@ -312,6 +327,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, KEYSTORE_PASSWORD);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -324,7 +340,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
- attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -351,7 +367,7 @@ public class FileTrustStoreTest extends QpidTestCase
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
- attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
index e4e14d1..df578c0 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
@@ -20,6 +20,7 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyLong;
@@ -114,7 +115,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
private File[] extractResourcesFromTestKeyStore(boolean pem, final String storeResource) throws Exception
{
- java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
+ java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE);
try(InputStream is = getClass().getResourceAsStream(storeResource))
{
ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
@@ -275,7 +276,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
{
when(_broker.scheduleHouseKeepingTask(anyLong(), any(TimeUnit.class), any(Runnable.class))).thenReturn(mock(ScheduledFuture.class));
- java.security.KeyStore ks = java.security.KeyStore.getInstance("pkcs12");
+ java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE);
final String storeLocation = KEYSTORE;
try(InputStream is = getClass().getResourceAsStream(storeLocation))
{
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
index 3ab6f83..e7b3598 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
@@ -19,6 +19,7 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -100,7 +101,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE,
KEYSTORE_PASSWORD,
- "PKCS12");
+ JAVA_KEYSTORE_TYPE);
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
index f012173..c72ba1c 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
@@ -21,6 +21,7 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -253,7 +254,7 @@ public class SiteSpecificTrustStoreTest extends QpidTestCase
char[] keyPassword = KEYSTORE_PASSWORD.toCharArray();
try(InputStream inputStream = getClass().getResourceAsStream(KEYSTORE))
{
- KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ KeyStore keyStore = KeyStore.getInstance(JAVA_KEYSTORE_TYPE);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyStore.load(inputStream, keyPassword);
keyManagerFactory.init(keyStore, keyPassword);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
index 4c4aa0a..afd4c4d 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java
@@ -20,6 +20,9 @@
*/
package org.apache.qpid.server.security.auth.manager.oauth2;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
+
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
@@ -31,6 +34,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
import junit.framework.TestCase;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
@@ -84,6 +89,7 @@ class OAuth2MockEndpointHolder
};
sslContextFactory.setKeyStorePassword(KEYSTORE_PASSWORD);
sslContextFactory.setKeyStoreResource(Resource.newClassPathResource(KEYSTORE_RESOURCE));
+ sslContextFactory.setKeyStoreType(JAVA_KEYSTORE_TYPE);
// override default jetty excludes as valid IBM JDK are excluded
// causing SSL handshake failure (due to default exclude '^SSL_.*$')
@@ -153,7 +159,16 @@ class OAuth2MockEndpointHolder
List<String> listOfStrings = Collections.emptyList();
if(listAsString != null && !"".equals(listAsString))
{
- listOfStrings = Arrays.asList(listAsString.split("\\s*,\\s*"));
+ try
+ {
+ listOfStrings = new ObjectMapper().readValue(listAsString.getBytes(UTF_8), new TypeReference<List<String>>()
+ {
+ });
+ }
+ catch (IOException e)
+ {
+ listOfStrings = Arrays.asList(listAsString.split("\\s*,\\s*"));
+ }
}
return listOfStrings;
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
index 3dcddff..cafbfc8 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
@@ -38,7 +38,7 @@ import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
public class TrustManagerTest extends QpidTestCase
{
- private static final String STORE_TYPE = "pkcs12";
+ private static final String STORE_TYPE = TestSSLConstants.JAVA_KEYSTORE_TYPE;
private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
private static final String PEER_STORE = "ssl/java_broker_peerstore.pkcs12";
diff --git a/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java b/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
index e83cdd1..08b3d2f 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/transport/TCPandSSLTransportTest.java
@@ -57,6 +57,10 @@ public class TCPandSSLTransportTest extends QpidTestCase
public void testNoSSLv3SupportOnSSLOnlyPort() throws Exception
{
+ if (getJvmVendor() == JvmVendor.IBM)
+ {
+ return;
+ }
try
{
checkSSLExcluded("SSLv3", Transport.SSL);
@@ -99,6 +103,10 @@ public class TCPandSSLTransportTest extends QpidTestCase
public void testNoSSLv3SupportOnSharedPort() throws Exception
{
+ if (getJvmVendor() == JvmVendor.IBM)
+ {
+ return;
+ }
try
{
checkSSLExcluded("SSLv3", Transport.TCP, Transport.SSL);
diff --git a/broker-plugins/jdbc-store/src/test/java/org/apache/qpid/server/virtualhost/jdbc/JDBCVirtualHostTest.java b/broker-plugins/jdbc-store/src/test/java/org/apache/qpid/server/virtualhost/jdbc/JDBCVirtualHostTest.java
index 3af9000..069735f 100644
--- a/broker-plugins/jdbc-store/src/test/java/org/apache/qpid/server/virtualhost/jdbc/JDBCVirtualHostTest.java
+++ b/broker-plugins/jdbc-store/src/test/java/org/apache/qpid/server/virtualhost/jdbc/JDBCVirtualHostTest.java
@@ -33,6 +33,7 @@ import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerModel;
+import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ConfiguredObjectFactoryImpl;
import org.apache.qpid.server.model.SystemConfig;
@@ -60,7 +61,7 @@ public class JDBCVirtualHostTest extends QpidTestCase
public void testInvalidTableNamePrefix() throws Exception
{
- final VirtualHostNode vhn = mock(VirtualHostNode.class);
+ final VirtualHostNode vhn = BrokerTestHelper.mockWithSystemPrincipal(VirtualHostNode.class);
when(vhn.getCategoryClass()).thenReturn(VirtualHostNode.class);
when(vhn.getChildExecutor()).thenReturn(_taskExecutor);
final ConfiguredObjectFactoryImpl factory = new ConfiguredObjectFactoryImpl(BrokerModel.getInstance());
diff --git a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java
index 630dbe0..7e8664f 100644
--- a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java
+++ b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/QpidTestCase.java
@@ -351,4 +351,35 @@ public class QpidTestCase extends TestCase
}
return properties;
}
+
+ public JvmVendor getJvmVendor()
+ {
+ final String property = String.valueOf(System.getProperty("java.vendor")).toUpperCase();
+ if (property.contains("IBM"))
+ {
+ return JvmVendor.IBM;
+ }
+ else if (property.contains("ORACLE"))
+ {
+ return JvmVendor.ORACLE;
+ }
+ else if (property.contains("OPENJDK"))
+ {
+ return JvmVendor.OPENJDK;
+ }
+ else
+ {
+ return JvmVendor.UNKNOWN;
+ }
+ }
+
+ public enum JvmVendor
+ {
+ ORACLE,
+ IBM,
+ OPENJDK,
+ UNKNOWN
+ }
+
+
}
diff --git a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
index 360ecc9..1d4cc82 100644
--- a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
+++ b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
@@ -41,4 +41,6 @@ public interface TestSSLConstants
String BROKER_TRUSTSTORE = "test-profiles/test_resources/ssl/java_broker_truststore.jks";
String BROKER_EXPIRED_TRUSTSTORE = "test-profiles/test_resources/ssl/java_broker_expired_truststore.jks";
String BROKER_TRUSTSTORE_PASSWORD = "password";
+
+ String JAVA_KEYSTORE_TYPE = "pkcs12";
}
diff --git a/systests/etc/config-systests.json b/systests/etc/config-systests.json
index c342413..5d644b5 100644
--- a/systests/etc/config-systests.json
+++ b/systests/etc/config-systests.json
@@ -29,12 +29,14 @@
"keystores" : [ {
"name" : "systestsKeyStore",
"storeUrl" : "${qpid.home_dir}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_keystore.jks",
- "password" : "password"
+ "password" : "password",
+ "keyStoreType": "pkcs12"
} ],
"truststores" : [ {
"name" : "systestsTrustStore",
"storeUrl" : "${qpid.home_dir}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_truststore.jks",
- "password" : "password"
+ "password" : "password",
+ "trustStoreType": "pkcs12"
} ],
"ports" : [ {
"name" : "amqp",
diff --git a/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java b/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
index 4ba8687..b0a1cdd 100644
--- a/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
+++ b/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
@@ -19,9 +19,11 @@
package org.apache.qpid.systest.rest;
import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
@@ -33,6 +35,7 @@ import java.net.URL;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
@@ -47,6 +50,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.DatatypeConverter;
@@ -58,10 +62,10 @@ import org.slf4j.LoggerFactory;
import org.apache.qpid.server.model.Queue;
import org.apache.qpid.server.model.SystemConfig;
-import org.apache.qpid.ssl.SSLContextFactory;
+import org.apache.qpid.server.transport.network.security.ssl.QpidServerX509KeyManager;
+import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.test.utils.QpidBrokerTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
-import org.apache.qpid.transport.network.security.ssl.SSLUtil;
public class RestTestHelper
{
@@ -160,31 +164,38 @@ public class RestTestHelper
if(_useSslAuth)
{
+ if (_keystore == null)
+ {
+ throw new IllegalStateException("Cannot use SSL client auth without providing a keystore");
+ }
try
{
// We have to use a SSLSocketFactory from a new SSLContext so that we don't re-use
// the JVM's defaults that may have been initialised in previous tests.
-
final TrustManager[] trustManagers;
final KeyManager[] keyManagers;
- trustManagers =
- SSLContextFactory.getTrustManagers(_truststore,
- _truststorePassword,
- KeyStore.getDefaultType(),
- TrustManagerFactory.getDefaultAlgorithm());
+ KeyStore ts = SSLUtil.getInitializedKeyStore(_truststore, _truststorePassword, JAVA_KEYSTORE_TYPE);
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(ts);
+ trustManagers = tmf.getTrustManagers();
- if (_keystore == null)
+ if (_clientAuthAlias != null)
{
- throw new IllegalStateException("Cannot use SSL client auth without providing a keystore");
+ keyManagers = new KeyManager[]{new QpidServerX509KeyManager(_clientAuthAlias,
+ new File(_keystore).toURI().toURL(),
+ JAVA_KEYSTORE_TYPE,
+ _keystorePassword,
+ KeyManagerFactory.getDefaultAlgorithm())};
+ }
+ else
+ {
+ KeyStore ks = SSLUtil.getInitializedKeyStore(_keystore, _keystorePassword, JAVA_KEYSTORE_TYPE);
+ char[] keyStoreCharPassword = _keystorePassword == null ? null : _keystorePassword.toCharArray();
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(ks, keyStoreCharPassword);
+ keyManagers = kmf.getKeyManagers();
}
-
- keyManagers =
- SSLContextFactory.getKeyManagers(_keystore,
- _keystorePassword,
- KeyStore.getDefaultType(),
- KeyManagerFactory.getDefaultAlgorithm(),
- _clientAuthAlias);
final SSLContext sslContext = SSLUtil.tryGetSSLContext();
@@ -207,16 +218,29 @@ public class RestTestHelper
// the JVM's defaults that may have been initialised in previous tests.
final TrustManager[] trustManagers;
- final KeyManager[] keyManagers;
+ KeyManager[] keyManagers = null;
- trustManagers =
- SSLContextFactory.getTrustManagers(_truststore,
- _truststorePassword,
- KeyStore.getDefaultType(),
- TrustManagerFactory.getDefaultAlgorithm());
+ KeyStore ts = SSLUtil.getInitializedKeyStore(_truststore, _truststorePassword, JAVA_KEYSTORE_TYPE);
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(ts);
+ trustManagers = tmf.getTrustManagers();
- keyManagers =
- SSLContextFactory.getKeyManagers(null, null, null, null, null);
+ if (_keystore != null)
+ {
+ KeyStore _keyStore;
+ try
+ {
+ URL ks = new File(_keystore).toURI().toURL();
+ _keyStore = SSLUtil.getInitializedKeyStore(ks, _keystorePassword, JAVA_KEYSTORE_TYPE);
+ }
+ catch (MalformedURLException e)
+ {
+ _keyStore = SSLUtil.getInitializedKeyStore(_keystore, _keystorePassword, JAVA_KEYSTORE_TYPE);
+ }
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(_keyStore, _keystorePassword.toCharArray());
+ keyManagers = kmf.getKeyManagers();
+ }
final SSLContext sslContext = SSLUtil.tryGetSSLContext();
diff --git a/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java b/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
index 5703473..898acd6 100644
--- a/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
+++ b/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
@@ -20,6 +20,7 @@
*/
package org.apache.qpid.client.ssl;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE;
import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
@@ -72,6 +73,9 @@ public class SSLTest extends QpidBrokerTestCase
setSslStoreSystemProperties();
+ setSystemProperty("javax.net.ssl.trustStoreType", JAVA_KEYSTORE_TYPE);
+ setSystemProperty("javax.net.ssl.keyStoreType", JAVA_KEYSTORE_TYPE);
+
super.setUp();
}
@@ -106,6 +110,7 @@ public class SSLTest extends QpidBrokerTestCase
options.put("transport.keyStorePassword", KEYSTORE_PASSWORD);
options.put("transport.trustStoreLocation", TRUSTSTORE);
options.put("transport.trustStorePassword", TRUSTSTORE_PASSWORD);
+ options.put("transport.storeType", JAVA_KEYSTORE_TYPE);
con = getConnectionWithOptions(options);
}
@@ -675,7 +680,7 @@ public class SSLTest extends QpidBrokerTestCase
private File[] extractResourcesFromTestKeyStore() throws Exception
{
- java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
+ java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE);
try(InputStream is = new FileInputStream(KEYSTORE))
{
ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
@@ -727,7 +732,7 @@ public class SSLTest extends QpidBrokerTestCase
private File extractCertFileFromTestTrustStore() throws Exception
{
- java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
+ java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE);
try(InputStream is = new FileInputStream(TRUSTSTORE))
{
ks.load(is, TRUSTSTORE_PASSWORD.toCharArray() );
diff --git a/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java b/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
index 7a6a336..b8fb940 100644
--- a/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
+++ b/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
@@ -60,7 +60,8 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase
setSystemProperty("javax.net.ssl.keyStorePassword", null);
setSystemProperty("javax.net.ssl.trustStore", null);
setSystemProperty("javax.net.ssl.trustStorePassword", null);
-
+ setSystemProperty("javax.net.ssl.trustStoreType", JAVA_KEYSTORE_TYPE);
+ setSystemProperty("javax.net.ssl.keyStoreType", JAVA_KEYSTORE_TYPE);
}
@Override
@@ -236,6 +237,7 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase
sslTrustStoreAttributes.put(FileTrustStore.STORE_URL, BROKER_PEERSTORE);
sslTrustStoreAttributes.put(FileTrustStore.PASSWORD, BROKER_PEERSTORE_PASSWORD);
sslTrustStoreAttributes.put(FileTrustStore.PEERS_ONLY, true);
+ sslTrustStoreAttributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE);
getDefaultBrokerConfiguration().addObjectConfiguration(TrustStore.class, sslTrustStoreAttributes);
super.startDefaultBroker();
@@ -380,6 +382,7 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase
if(trustStoreLocation != null)
{
options.put("transport.trustStoreLocation", trustStoreLocation);
+ options.put("transport.trustStoreType", JAVA_KEYSTORE_TYPE);
}
if(trustStorePassword != null)
{
@@ -388,7 +391,7 @@ public class ExternalAuthenticationTest extends QpidBrokerTestCase
if(keyStoreLocation != null)
{
options.put("transport.keyStoreLocation", keyStoreLocation);
-
+ options.put("transport.keyStoreType", JAVA_KEYSTORE_TYPE);
}
if(keyStorePassword != null)
{
diff --git a/systests/src/test/java/org/apache/qpid/systest/management/amqp/AmqpManagementTest.java b/systests/src/test/java/org/apache/qpid/systest/management/amqp/AmqpManagementTest.java
index 58bc844..050ae42 100644
--- a/systests/src/test/java/org/apache/qpid/systest/management/amqp/AmqpManagementTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/management/amqp/AmqpManagementTest.java
@@ -21,6 +21,7 @@
package org.apache.qpid.systest.management.amqp;
import static org.apache.qpid.server.model.Queue.ALERT_THRESHOLD_QUEUE_DEPTH_MESSAGES;
+import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE;
import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
@@ -97,6 +98,8 @@ public class AmqpManagementTest extends QpidBrokerTestCase
// set the ssl system properties
setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
+ setSystemProperty("javax.net.ssl.trustStoreType", JAVA_KEYSTORE_TYPE);
+ setSystemProperty("javax.net.ssl.keyStoreType", JAVA_KEYSTORE_TYPE);
super.setUp();
diff --git a/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java b/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
index 1ba42ef..e55a35f 100644
--- a/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
@@ -49,6 +49,23 @@ public class MessageEncryptionTest extends QpidBrokerTestCase implements TestSSL
public static final String INCLUDED_VIRTUAL_HOST_NODE_NAME = "includedVirtualHostNode";
@Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+
+ // Encryption trust store password is set using system property due to client defect QPID-8283
+ setSystemProperty("javax.net.ssl.trustStorePassword", TestSSLConstants.KEYSTORE_PASSWORD);
+ setSystemProperty("javax.net.ssl.trustStoreType", "pkcs12");
+ setSystemProperty("javax.net.ssl.keyStoreType", "pkcs12");
+ }
+
+ @Override
+ public void tearDown() throws Exception
+ {
+ super.tearDown();
+ }
+
+ @Override
public void startDefaultBroker() throws Exception
{
// tests start broker
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java
index 1b34545..9a7cfeb 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java
@@ -49,7 +49,7 @@ public class KeyStoreRestTest extends QpidRestTestCase
assertEquals("Unexpected name", TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE, keystore.get(KeyStore.NAME));
assertEquals("unexpected path to key store", ConfiguredObject.OVER_SIZED_ATTRIBUTE_ALTERNATIVE_TEXT, keystore.get(FileKeyStore.STORE_URL));
assertEquals("unexpected (dummy) password of default systests key store", AbstractConfiguredObject.SECURED_STRING_VALUE, keystore.get(FileKeyStore.PASSWORD));
- assertEquals("unexpected type of default systests key store", java.security.KeyStore.getDefaultType(), keystore.get(FileKeyStore.KEY_STORE_TYPE));
+ assertEquals("unexpected type of default systests key store", TestSSLConstants.JAVA_KEYSTORE_TYPE, keystore.get(FileKeyStore.KEY_STORE_TYPE));
assertFalse("should not be a certificateAlias attribute", keystore.containsKey(FileKeyStore.CERTIFICATE_ALIAS));
}
@@ -147,6 +147,7 @@ public class KeyStoreRestTest extends QpidRestTestCase
keyStoreAttributes.put(KeyStore.NAME, name);
keyStoreAttributes.put(FileKeyStore.STORE_URL, keyStorePath);
keyStoreAttributes.put(FileKeyStore.PASSWORD, keystorePassword);
+ keyStoreAttributes.put(FileKeyStore.KEY_STORE_TYPE, TestSSLConstants.JAVA_KEYSTORE_TYPE);
if (certAlias != null)
{
keyStoreAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, certAlias);
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java
index 70759f9..b9ce1bd 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java
@@ -50,7 +50,7 @@ public class TrustStoreRestTest extends QpidRestTestCase
assertEquals("unexpected (dummy) password of default systests trust store",
AbstractConfiguredObject.SECURED_STRING_VALUE, truststore.get(FileTrustStore.PASSWORD));
assertEquals("unexpected type of default systests trust store",
- java.security.KeyStore.getDefaultType(), truststore.get(FileTrustStore.TRUST_STORE_TYPE));
+ TestSSLConstants.JAVA_KEYSTORE_TYPE, truststore.get(FileTrustStore.TRUST_STORE_TYPE));
assertEquals("unexpected peersOnly value", false, truststore.get(FileTrustStore.PEERS_ONLY));
}
@@ -67,7 +67,7 @@ public class TrustStoreRestTest extends QpidRestTestCase
assertEquals("unexpected trust store name", name, truststore.get(TrustStore.NAME));
assertEquals("unexpected store URL", TestSSLConstants.TRUSTSTORE, truststore.get(FileTrustStore.STORE_URL));
assertEquals("unexpected password value", AbstractConfiguredObject.SECURED_STRING_VALUE, truststore.get(FileTrustStore.PASSWORD));
- assertEquals("unexpected type", java.security.KeyStore.getDefaultType(), truststore.get(FileTrustStore.TRUST_STORE_TYPE));
+ assertEquals("unexpected type", TestSSLConstants.JAVA_KEYSTORE_TYPE, truststore.get(FileTrustStore.TRUST_STORE_TYPE));
assertEquals("unexpected peersOnly value", true, truststore.get(FileTrustStore.PEERS_ONLY));
}
@@ -88,7 +88,7 @@ public class TrustStoreRestTest extends QpidRestTestCase
assertEquals("nexpected trust store name", name, truststore.get(TrustStore.NAME));
assertEquals("unexpected store URL value", ConfiguredObject.OVER_SIZED_ATTRIBUTE_ALTERNATIVE_TEXT, truststore.get(FileTrustStore.STORE_URL));
assertEquals("unexpected password value", AbstractConfiguredObject.SECURED_STRING_VALUE, truststore.get(FileTrustStore.PASSWORD));
- assertEquals("unexpected type of trust store", java.security.KeyStore.getDefaultType(), truststore.get(FileTrustStore.TRUST_STORE_TYPE));
+ assertEquals("unexpected type of trust store", TestSSLConstants.JAVA_KEYSTORE_TYPE, truststore.get(FileTrustStore.TRUST_STORE_TYPE));
assertEquals("unexpected peersOnly value", false, truststore.get(FileTrustStore.PEERS_ONLY));
}
@@ -109,7 +109,7 @@ public class TrustStoreRestTest extends QpidRestTestCase
assertEquals("unexpected name", TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE, truststore.get(TrustStore.NAME));
assertEquals("unexpected store URL value", ConfiguredObject.OVER_SIZED_ATTRIBUTE_ALTERNATIVE_TEXT, truststore.get(FileTrustStore.STORE_URL));
assertEquals("unexpected password value", AbstractConfiguredObject.SECURED_STRING_VALUE, truststore.get(FileTrustStore.PASSWORD));
- assertEquals("unexpected type of trust store", java.security.KeyStore.getDefaultType(), truststore.get(FileTrustStore.TRUST_STORE_TYPE));
+ assertEquals("unexpected type of trust store", TestSSLConstants.JAVA_KEYSTORE_TYPE, truststore.get(FileTrustStore.TRUST_STORE_TYPE));
assertEquals("unexpected peersOnly value", false, truststore.get(FileTrustStore.PEERS_ONLY));
}
@@ -133,7 +133,7 @@ public class TrustStoreRestTest extends QpidRestTestCase
assertEquals("unexpected name", name, trustStore.get(TrustStore.NAME));
assertEquals("unexpected path to trust store", TestSSLConstants.TRUSTSTORE, trustStore.get(FileTrustStore.STORE_URL));
assertEquals("unexpected password", AbstractConfiguredObject.SECURED_STRING_VALUE, trustStore.get(FileTrustStore.PASSWORD));
- assertEquals("unexpected type", java.security.KeyStore.getDefaultType(), trustStore.get(FileTrustStore.TRUST_STORE_TYPE));
+ assertEquals("unexpected type", TestSSLConstants.JAVA_KEYSTORE_TYPE, trustStore.get(FileTrustStore.TRUST_STORE_TYPE));
assertEquals("unexpected peersOnly value", false, trustStore.get(FileTrustStore.PEERS_ONLY));
}
@@ -154,6 +154,7 @@ public class TrustStoreRestTest extends QpidRestTestCase
trustStoreAttributes.put(FileTrustStore.STORE_URL, truststorePath);
trustStoreAttributes.put(FileTrustStore.PASSWORD, truststorePassword);
trustStoreAttributes.put(FileTrustStore.PEERS_ONLY, peersOnly);
+ trustStoreAttributes.put(FileTrustStore.TRUST_STORE_TYPE, TestSSLConstants.JAVA_KEYSTORE_TYPE);
getRestTestHelper().submitRequest("truststore/" + name, "PUT", trustStoreAttributes, HttpServletResponse.SC_CREATED);
}
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
index 9f704cf..06a530b 100644
--- a/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
@@ -1076,6 +1076,7 @@ public class BrokerACLTest extends QpidRestTestCase
keyStoreAttributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE);
keyStoreAttributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
keyStoreAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, certAlias);
+ keyStoreAttributes.put(FileKeyStore.KEY_STORE_TYPE, TestSSLConstants.JAVA_KEYSTORE_TYPE);
return getRestTestHelper().submitRequest("keystore/" + name, "PUT", keyStoreAttributes);
}
@@ -1087,6 +1088,7 @@ public class BrokerACLTest extends QpidRestTestCase
trustStoreAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.KEYSTORE);
trustStoreAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
trustStoreAttributes.put(FileTrustStore.PEERS_ONLY, peersOnly);
+ trustStoreAttributes.put(FileTrustStore.TRUST_STORE_TYPE, TestSSLConstants.JAVA_KEYSTORE_TYPE);
return getRestTestHelper().submitRequest("truststore/" + name, "PUT", trustStoreAttributes);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[qpid-broker-j] 03/03: NO-JIRA: Stop running some tests from
Logback1027WorkaroundTurboFilterTest with IBM JDK
Posted by or...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit a7296abbdb1f89ff0deddd66b308da6927f6ad9a
Author: Alex Rudyy <or...@apache.org>
AuthorDate: Wed Mar 6 16:15:06 2019 +0000
NO-JIRA: Stop running some tests from Logback1027WorkaroundTurboFilterTest with IBM JDK
---
.../Logback1027WorkaroundTurboFilterTest.java | 44 ++++++++++++++--------
1 file changed, 28 insertions(+), 16 deletions(-)
diff --git a/broker-plugins/logging-logback/src/test/java/org/apache/qpid/server/logging/logback/Logback1027WorkaroundTurboFilterTest.java b/broker-plugins/logging-logback/src/test/java/org/apache/qpid/server/logging/logback/Logback1027WorkaroundTurboFilterTest.java
index 84ab2f3..2fa44b2 100644
--- a/broker-plugins/logging-logback/src/test/java/org/apache/qpid/server/logging/logback/Logback1027WorkaroundTurboFilterTest.java
+++ b/broker-plugins/logging-logback/src/test/java/org/apache/qpid/server/logging/logback/Logback1027WorkaroundTurboFilterTest.java
@@ -64,18 +64,24 @@ public class Logback1027WorkaroundTurboFilterTest extends QpidTestCase
public void testSuppressedExceptionRecursion()
{
- Exception e1 = new Exception();
- Exception e2 = new Exception();
- e2.addSuppressed(e1);
- e1.addSuppressed(e2);
+ // https://www.ibm.com/developerworks/community/forums/html/topic?id=8482d948-665c-47a2-862e-457e49ac71a4&ps=25
+ if (getJvmVendor() != JvmVendor.IBM)
+ {
+ //QPID-7955 Behaviourial difference between the IBM JDK and the Open JDK
- final FilterReply reply = doDecide(e1);
- assertEquals(FilterReply.DENY, reply);
+ Exception e1 = new Exception();
+ Exception e2 = new Exception();
+ e2.addSuppressed(e1);
+ e1.addSuppressed(e2);
+
+ final FilterReply reply = doDecide(e1);
+ assertEquals(FilterReply.DENY, reply);
- final List<ILoggingEvent> events = _snoopingAppender.getEvents();
- assertEquals(1, events.size());
+ final List<ILoggingEvent> events = _snoopingAppender.getEvents();
+ assertEquals(1, events.size());
- assertLoggingEvent(events.get(0));
+ assertLoggingEvent(events.get(0));
+ }
}
private void assertLoggingEvent(final ILoggingEvent loggingEvent)
@@ -89,14 +95,20 @@ public class Logback1027WorkaroundTurboFilterTest extends QpidTestCase
public void testInitCauseRecursion() throws Exception
{
- Exception e1 = new Exception();
- Exception e2 = new Exception();
- e2.initCause(e1);
- e1.initCause(e2);
+ // https://www.ibm.com/developerworks/community/forums/html/topic?id=8482d948-665c-47a2-862e-457e49ac71a4&ps=25
+ if (getJvmVendor() != JvmVendor.IBM)
+ {
+ //QPID-7955 Behaviourial difference between the IBM JDK and the Open JDK
- final FilterReply reply = doDecide(e1);
- assertEquals(FilterReply.DENY, reply);
- assertEquals(1, _snoopingAppender.getEvents().size());
+ Exception e1 = new Exception();
+ Exception e2 = new Exception();
+ e2.initCause(e1);
+ e1.initCause(e2);
+
+ final FilterReply reply = doDecide(e1);
+ assertEquals(FilterReply.DENY, reply);
+ assertEquals(1, _snoopingAppender.getEvents().size());
+ }
}
public void testNoRecursion()
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org