You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2013/01/08 09:29:32 UTC
svn commit: r1430167 [3/3] - in /qpid/proton/branches/jni-binding: ./ bin/
proton-c/ proton-c/bindings/perl/ proton-c/bindings/php/
proton-c/bindings/python/ proton-c/bindings/ruby/
proton-c/bindings/ruby/lib/qpid_proton/ proton-c/include/proton/ proto...
Modified: qpid/proton/branches/jni-binding/proton-j/proton/src/main/scripts/proton.py
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/proton-j/proton/src/main/scripts/proton.py?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/proton-j/proton/src/main/scripts/proton.py (original)
+++ qpid/proton/branches/jni-binding/proton-j/proton/src/main/scripts/proton.py Tue Jan 8 08:29:31 2013
@@ -17,18 +17,22 @@
#
from uuid import UUID
-from org.apache.qpid.proton.engine import EndpointState, TransportException, Sasl, Ssl
+
+from org.apache.qpid.proton.engine import EndpointState, TransportException, Sasl, SslDomain
from org.apache.qpid.proton.engine.impl import ConnectionImpl, SessionImpl, \
SenderImpl, ReceiverImpl, TransportImpl
+from org.apache.qpid.proton.engine.impl.ssl import SslDomainImpl, SslPeerDetailsImpl
from org.apache.qpid.proton.message import MessageFormat
from org.apache.qpid.proton.message.impl import MessageImpl
-from org.apache.qpid.proton.messenger import AcceptMode, MessengerException, Status
+from org.apache.qpid.proton.messenger import MessengerException, Status
from org.apache.qpid.proton.messenger.impl import MessengerImpl
from org.apache.qpid.proton.amqp.messaging import Source, Target, Accepted, AmqpValue
from org.apache.qpid.proton.amqp import UnsignedInteger
from jarray import zeros
from java.util import EnumSet, UUID as JUUID
+LANGUAGE = "Java"
+
class Skipped(Exception):
skipped = True
@@ -48,15 +52,6 @@ STATUSES = {
MANUAL = "MANUAL"
AUTOMATIC = "AUTOMATIC"
-_ACCEPT_MODE2CONST = {
- AcceptMode.AUTO: AUTOMATIC,
- AcceptMode.MANUAL: MANUAL
- }
-_CONST2ACCEPT_MODE = {
- AUTOMATIC: AcceptMode.AUTO,
- MANUAL: AcceptMode.MANUAL
- }
-
class Endpoint(object):
LOCAL_UNINIT = 1
@@ -549,12 +544,11 @@ class Messenger(object):
def incoming(self):
return self.impl.incoming()
- def _get_accept_mode(self):
- return _ACCEPT_MODE2CONST(self.impl.getAcceptMode())
- def _set_accept_mode(self, mode):
- mode = _CONST2ACCEPT_MODE[mode]
- self.impl.setAcceptMode(mode)
- accept_mode = property(_get_accept_mode, _set_accept_mode)
+ def _get_timeout(self):
+ return self.impl.getTimeout()
+ def _set_timeout(self, t):
+ self.impl.setTimeout(t)
+ timeout = property(_get_timeout, _set_timeout)
def accept(self, tracker=None):
if tracker is None:
@@ -827,29 +821,50 @@ class SSLException(Exception):
class SSLUnavailable(SSLException):
pass
-class SSL(object):
-
- MODE_SERVER = Ssl.Mode.SERVER
- MODE_CLIENT = Ssl.Mode.CLIENT
- VERIFY_PEER = Ssl.VerifyMode.VERIFY_PEER
- ANONYMOUS_PEER = Ssl.VerifyMode.ANONYMOUS_PEER
-
- def __init__(self,transport):
- self._ssl = transport.impl.ssl()
+class SSLDomain(object):
- def init(self, mode):
- self._ssl.init(mode)
+ MODE_SERVER = SslDomain.Mode.SERVER
+ MODE_CLIENT = SslDomain.Mode.CLIENT
+ VERIFY_PEER = SslDomain.VerifyMode.VERIFY_PEER
+ ANONYMOUS_PEER = SslDomain.VerifyMode.ANONYMOUS_PEER
+ VERIFY_PEER_NAME = None # TBD
+
+ def __init__(self, mode):
+ self._domain = SslDomainImpl()
+ self._domain.init(mode)
- def set_credentials(self, cert_file,key_file,password):
- self._ssl.setCredentials(cert_file,key_file,password)
+ def set_credentials(self, cert_file, key_file, password):
+ self._domain.setCredentials(cert_file, key_file, password)
def set_trusted_ca_db(self, certificate_db):
- self._ssl.setTrustedCaDb(certificate_db)
+ self._domain.setTrustedCaDb(certificate_db)
def set_peer_authentication(self, verify_mode, trusted_CAs=None):
- self._ssl.setPeerAuthentication(verify_mode)
+ self._domain.setPeerAuthentication(verify_mode)
if trusted_CAs is not None:
- self._ssl.setTrustedCaDb(trusted_CAs)
+ self._domain.setTrustedCaDb(trusted_CAs)
+
+ def allow_unsecured_client(self, allow_unsecured = True):
+ self._domain.allowUnsecuredClient(allow_unsecured)
+
+class SSLSessionDetails(object):
+
+ def __init__(self, session_id):
+ self._session_details = SslPeerDetailsImpl(session_id, 1)
+
+class SSL(object):
+
+ def __init__(self, transport, domain, session_details=None):
+
+ internal_session_details = None
+ if session_details:
+ internal_session_details = session_details._session_details
+
+ self._ssl = transport.impl.ssl(domain._domain, internal_session_details)
+ self._session_details = session_details
+
+ def get_session_details(self):
+ return self._session_details
def cipher_name(self):
return self._ssl.getCipherName()
@@ -857,13 +872,41 @@ class SSL(object):
def protocol_name(self):
return self._ssl.getProtocolName()
- def allow_unsecured_client(self):
- self._ssl.allowUnsecuredClient(True)
-
-__all__ = ["Messenger", "Message", "ProtonException", "MessengerException",
- "MessageException", "Timeout", "Condition", "Data", "Endpoint",
- "Connection", "Session", "Link", "Terminus", "Sender", "Receiver",
- "Delivery", "Transport", "TransportException", "SASL", "SSL",
- "SSLException", "SSLUnavailable", "PN_SESSION_WINDOW", "symbol",
- "MANUAL", "PENDING", "ACCEPTED", "REJECTED"]
+ def _set_peer_hostname(self, hostname):
+ raise Skipped()
+ def _get_peer_hostname(self):
+ raise Skipped()
+ peer_hostname = property(_get_peer_hostname, _set_peer_hostname)
+__all__ = [
+ "ACCEPTED",
+ "LANGUAGE",
+ "MANUAL",
+ "PENDING",
+ "REJECTED",
+ "PN_SESSION_WINDOW",
+ "Condition",
+ "Connection",
+ "Data",
+ "Delivery",
+ "Endpoint",
+ "Link",
+ "Message",
+ "MessageException",
+ "Messenger",
+ "MessengerException",
+ "ProtonException",
+ "Receiver",
+ "SASL",
+ "Sender",
+ "Session",
+ "SSL",
+ "SSLDomain",
+ "SSLException",
+ "SSLSessionDetails",
+ "SSLUnavailable",
+ "symbol",
+ "Terminus",
+ "Timeout",
+ "Transport",
+ "TransportException"]
Modified: qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java (original)
+++ qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java Tue Jan 8 08:29:31 2013
@@ -26,11 +26,10 @@ import static org.junit.Assert.assertTru
import java.nio.ByteBuffer;
import javax.net.ssl.SSLEngineResult;
-import javax.net.ssl.SSLException;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLEngineResult.Status;
+import javax.net.ssl.SSLException;
-import org.apache.qpid.proton.engine.impl.ssl.SslEngineFacade;
/**
@@ -39,7 +38,7 @@ import org.apache.qpid.proton.engine.imp
*
* Using a true SSLEngine for this would be impractical.
*/
-public class CapitalisingDummySslEngine implements SslEngineFacade
+public class CapitalisingDummySslEngine implements ProtonSslEngine
{
static final int SHORT_ENCODED_CHUNK_SIZE = 2;
private static final int MAX_ENCODED_CHUNK_SIZE = 5;
@@ -223,4 +222,10 @@ public class CapitalisingDummySslEngine
assertTrue("Clear text character " + uncapitalisedChar + " must be lowercase", Character.isLowerCase(uncapitalisedChar));
assertEquals("Unexpected clear text pad", Character.toString(CLEARTEXT_PADDING), Character.toString(underscore));
}
+
+ @Override
+ public boolean getUseClientMode()
+ {
+ return true;
+ }
}
Modified: qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapperTest.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapperTest.java?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapperTest.java (original)
+++ qpid/proton/branches/jni-binding/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapperTest.java Tue Jan 8 08:29:31 2013
@@ -24,10 +24,7 @@ import static org.apache.qpid.proton.eng
import static org.apache.qpid.proton.engine.impl.ssl.ByteTestHelper.createFilledBuffer;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import org.apache.qpid.proton.engine.Ssl;
import org.junit.Before;
import org.junit.Test;
@@ -37,9 +34,6 @@ import org.junit.Test;
*/
public class SimpleSslTransportWrapperTest
{
- private Ssl _sslConfiguration = mock(Ssl.class);
- private SslEngineFacadeFactory _dummySslEngineFacadeFactory = mock(SslEngineFacadeFactory.class);
-
private RememberingTransportInput _underlyingInput = new RememberingTransportInput();
private CannedTransportOutput _underlyingOutput = new CannedTransportOutput();
@@ -50,8 +44,7 @@ public class SimpleSslTransportWrapperTe
@Before
public void setUp()
{
- when(_dummySslEngineFacadeFactory.createSslEngineFacade(_sslConfiguration)).thenReturn(_dummySslEngine);
- _transportWrapper = new SimpleSslTransportWrapper(_sslConfiguration, _underlyingInput, _underlyingOutput, _dummySslEngineFacadeFactory);
+ _transportWrapper = new SimpleSslTransportWrapper(_dummySslEngine, _underlyingInput, _underlyingOutput);
}
@Test
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/engine.py
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/engine.py?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/engine.py (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/engine.py Tue Jan 8 08:29:31 2013
@@ -200,7 +200,7 @@ class ConnectionTest(Test):
assert self.c2.state == Endpoint.LOCAL_ACTIVE | Endpoint.REMOTE_CLOSED
rcond = self.c2.remote_condition
- assert rcond == cond
+ assert rcond == cond, (rcond, cond)
class SessionTest(Test):
@@ -290,6 +290,28 @@ class SessionTest(Test):
self.ssn.close()
self.pump()
+ def test_condition(self):
+ self.ssn.open()
+ self.pump()
+ ssn = self.c2.session_head(Endpoint.REMOTE_ACTIVE | Endpoint.LOCAL_UNINIT)
+ assert ssn != None
+ ssn.open()
+ self.pump()
+
+ assert self.ssn.state == Endpoint.LOCAL_ACTIVE | Endpoint.REMOTE_ACTIVE
+ assert ssn.state == Endpoint.LOCAL_ACTIVE | Endpoint.REMOTE_ACTIVE
+
+ cond = Condition("blah:bleh", "this is a description", {symbol("foo"): "bar"})
+ self.ssn.condition = cond
+ self.ssn.close()
+
+ self.pump()
+
+ assert self.ssn.state == Endpoint.LOCAL_CLOSED | Endpoint.REMOTE_ACTIVE
+ assert ssn.state == Endpoint.LOCAL_ACTIVE | Endpoint.REMOTE_CLOSED
+
+ rcond = ssn.remote_condition
+ assert rcond == cond, (rcond, cond)
class LinkTest(Test):
@@ -463,6 +485,26 @@ class LinkTest(Test):
timeout=7,
capabilities=[]))
+ def test_condition(self):
+ self.snd.open()
+ self.rcv.open()
+ self.pump()
+
+ assert self.snd.state == Endpoint.LOCAL_ACTIVE | Endpoint.REMOTE_ACTIVE
+ assert self.rcv.state == Endpoint.LOCAL_ACTIVE | Endpoint.REMOTE_ACTIVE
+
+ cond = Condition("blah:bleh", "this is a description", {symbol("foo"): "bar"})
+ self.snd.condition = cond
+ self.snd.close()
+
+ self.pump()
+
+ assert self.snd.state == Endpoint.LOCAL_CLOSED | Endpoint.REMOTE_ACTIVE
+ assert self.rcv.state == Endpoint.LOCAL_ACTIVE | Endpoint.REMOTE_CLOSED
+
+ rcond = self.rcv.remote_condition
+ assert rcond == cond, (rcond, cond)
+
class TerminusConfig:
def __init__(self, address=None, timeout=None, durability=None, filter=None,
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/messenger.py
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/messenger.py?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/messenger.py (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/messenger.py Tue Jan 8 08:29:31 2013
@@ -136,7 +136,7 @@ class MessengerTest(Test):
assert "unable to send to address: totally-bogus-address" in err, err
def testOutgoingWindow(self):
- self.server.accept_mode = MANUAL
+ self.server.incoming_window = 10
self.start()
msg = Message()
msg.address="amqp://0.0.0.0:12345"
@@ -157,23 +157,28 @@ class MessengerTest(Test):
for i in range(10):
trackers.append(self.client.put(msg))
- for t in trackers:
+ for i in range(5):
+ t = trackers[i]
+ assert self.client.status(t) is None, (t, self.client.status(t))
+
+ for i in range(5, 10):
+ t = trackers[i]
assert self.client.status(t) is PENDING, (t, self.client.status(t))
self.client.send()
- count = 0
- for t in trackers:
- count += 1
- if count > 5:
- assert self.client.status(t) is ACCEPTED
- else:
- assert self.client.status(t) is None
+ for i in range(5):
+ t = trackers[i]
+ assert self.client.status(t) is None
+
+ for i in range(5, 10):
+ t = trackers[i]
+ assert self.client.status(t) is ACCEPTED
def testReject(self, process_incoming=None):
if process_incoming:
self.process_incoming = process_incoming
- self.server.accept_mode = MANUAL
+ self.server.incoming_window = 10
self.start()
msg = Message()
msg.address="amqp://0.0.0.0:12345"
@@ -214,7 +219,7 @@ class MessengerTest(Test):
def testIncomingWindow(self):
- self.server.accept_mode = MANUAL
+ self.server.incoming_window = 10
self.server.outgoing_window = 10
self.start()
msg = Message()
@@ -232,14 +237,15 @@ class MessengerTest(Test):
assert self.client.status(t) is ACCEPTED, (t, self.client.status(t))
self.client.incoming_window = 10
-
remaining = 10
trackers = []
while remaining:
self.client.recv(remaining)
while self.client.incoming:
- trackers.append(self.client.get())
+ t = self.client.get()
+ trackers.append(t)
+ self.client.accept(t)
remaining -= 1
for t in trackers:
assert self.client.status(t) is ACCEPTED, (t, self.client.status(t))
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl.py
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl.py?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl.py (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl.py Tue Jan 8 08:29:31 2013
@@ -30,26 +30,39 @@ class SslTest(common.Test):
def setup(self):
try:
- self.t_server = Transport()
- self.server = SSL(self.t_server)
- self.server.init(SSL.MODE_SERVER)
- self.t_client = Transport()
- self.client = SSL(self.t_client)
- self.client.init(SSL.MODE_CLIENT)
+ self.server_domain = SSLDomain(SSLDomain.MODE_SERVER)
+ self.client_domain = SSLDomain(SSLDomain.MODE_CLIENT)
except SSLUnavailable, e:
raise Skipped(e)
def teardown(self):
- self.t_client = None
- self.t_server = None
+ self.server_domain = None
+ self.client_domain = None
- def _pump(self):
+ class SslTestConnection(object):
+ """ Represents a single SSL connection.
+ """
+ def __init__(self, domain=None, session_details=None):
+ try:
+ self.ssl = None
+ self.domain = domain
+ self.transport = Transport()
+ self.connection = Connection()
+ self.transport.bind(self.connection)
+ if domain:
+ self.ssl = SSL( self.transport, self.domain, session_details )
+ except SSLUnavailable, e:
+ raise Skipped(e)
+
+ def _pump(self, ssl1, ssl2):
+ """ Allow two SslTestConnections to transfer data until done.
+ """
while True:
- out_client = self.t_client.output(1024)
- out_server = self.t_server.output(1024)
- if out_client: self.t_server.input(out_client)
- if out_server: self.t_client.input(out_server)
- if not out_client and not out_server: break
+ out1 = ssl1.transport.output(1024)
+ out2 = ssl2.transport.output(1024)
+ if out1: ssl2.transport.input(out1)
+ if out2: ssl1.transport.input(out2)
+ if not out1 and not out2: break
def _testpath(self, file):
""" Set the full path to the certificate,keyfile, etc. for the test.
@@ -57,223 +70,568 @@ class SslTest(common.Test):
return os.path.join(os.path.dirname(__file__),
"ssl_db/%s" % file)
+ def _do_handshake(self, client, server):
+ """ Attempt to connect client to server. Will throw a TransportException if the SSL
+ handshake fails.
+ """
+ client.connection.open()
+ server.connection.open()
+ self._pump(client, server)
+ assert client.ssl.protocol_name() is not None
+ client.connection.close()
+ server.connection.close()
+ self._pump(client, server)
+
def test_defaults(self):
""" By default, both the server and the client support anonymous
ciphers - they should connect without need for a certificate.
"""
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
# check that no SSL connection exists
- assert not self.server.cipher_name()
- assert not self.client.protocol_name()
+ assert not server.ssl.cipher_name()
+ assert not client.ssl.protocol_name()
- client_conn.open()
- server_conn.open()
- self._pump()
+ #client.transport.trace(Transport.TRACE_DRV)
+ #server.transport.trace(Transport.TRACE_DRV)
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
# now SSL should be active
- assert self.server.cipher_name() is not None
- assert self.client.protocol_name() is not None
+ assert server.ssl.cipher_name() is not None
+ assert client.ssl.protocol_name() is not None
- client_conn.close()
- server_conn.close()
- self._pump()
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
def test_server_certificate(self):
""" Test that anonymous clients can still connect to a server that has
a certificate configured.
"""
- self.server.set_credentials(self._testpath("server-certificate.pem"),
- self._testpath("server-private-key.pem"),
- "server-password")
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
- self._pump()
- assert self.client.protocol_name() is not None
- client_conn.close()
- server_conn.close()
- self._pump()
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert client.ssl.protocol_name() is not None
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
def test_server_authentication(self):
""" Simple SSL connection with authentication of the server
"""
- self.server.set_credentials(self._testpath("server-certificate.pem"),
- self._testpath("server-private-key.pem"),
- "server-password")
-
- self.client.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.client.set_peer_authentication( SSL.VERIFY_PEER )
-
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
- self._pump()
- assert self.client.protocol_name() is not None
- client_conn.close()
- server_conn.close()
- self._pump()
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert client.ssl.protocol_name() is not None
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
def test_client_authentication(self):
""" Force the client to authenticate.
"""
# note: when requesting client auth, the server _must_ send its
# certificate, so make sure we configure one!
- self.server.set_credentials(self._testpath("server-certificate.pem"),
- self._testpath("server-private-key.pem"),
- "server-password")
- self.server.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.server.set_peer_authentication( SSL.VERIFY_PEER,
- self._testpath("ca-certificate.pem") )
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER,
+ self._testpath("ca-certificate.pem") )
+ server = SslTest.SslTestConnection( self.server_domain )
# give the client a certificate, but let's not require server authentication
- self.client.set_credentials(self._testpath("client-certificate.pem"),
- self._testpath("client-private-key.pem"),
- "client-password")
- self.client.set_peer_authentication( SSL.ANONYMOUS_PEER )
-
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
- self._pump()
- assert self.client.protocol_name() is not None
- client_conn.close()
- server_conn.close()
- self._pump()
+ self.client_domain.set_credentials(self._testpath("client-certificate.pem"),
+ self._testpath("client-private-key.pem"),
+ "client-password")
+ self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert client.ssl.protocol_name() is not None
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
+
+ def test_client_authentication_fail_bad_cert(self):
+ """ Ensure that the server can detect a bad client certificate.
+ """
+ # note: when requesting client auth, the server _must_ send its
+ # certificate, so make sure we configure one!
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER,
+ self._testpath("ca-certificate.pem") )
+ server = SslTest.SslTestConnection( self.server_domain )
+
+ self.client_domain.set_credentials(self._testpath("bad-server-certificate.pem"),
+ self._testpath("bad-server-private-key.pem"),
+ "server-password")
+ self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.connection.open()
+ server.connection.open()
+ try:
+ self._pump( client, server )
+ assert False, "Server failed to reject bad certificate."
+ except TransportException, e:
+ pass
+
+ def test_client_authentication_fail_no_cert(self):
+ """ Ensure that the server will fail a client that does not provide a
+ certificate.
+ """
+ # note: when requesting client auth, the server _must_ send its
+ # certificate, so make sure we configure one!
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER,
+ self._testpath("ca-certificate.pem") )
+ server = SslTest.SslTestConnection( self.server_domain )
+ self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.connection.open()
+ server.connection.open()
+ try:
+ self._pump( client, server )
+ assert False, "Server failed to reject bad certificate."
+ except TransportException, e:
+ pass
def test_client_server_authentication(self):
""" Require both client and server to mutually identify themselves.
"""
- self.server.set_credentials(self._testpath("server-certificate.pem"),
- self._testpath("server-private-key.pem"),
- "server-password")
- self.server.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.server.set_peer_authentication( SSL.VERIFY_PEER,
- self._testpath("ca-certificate.pem") )
-
- self.client.set_credentials(self._testpath("client-certificate.pem"),
- self._testpath("client-private-key.pem"),
- "client-password")
- self.client.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.client.set_peer_authentication( SSL.VERIFY_PEER )
-
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
- self._pump()
- assert self.client.protocol_name() is not None
- client_conn.close()
- server_conn.close()
- self._pump()
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER,
+ self._testpath("ca-certificate.pem") )
+
+ self.client_domain.set_credentials(self._testpath("client-certificate.pem"),
+ self._testpath("client-private-key.pem"),
+ "client-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert client.ssl.protocol_name() is not None
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
def test_server_only_authentication(self):
""" Client verifies server, but server does not verify client.
"""
- self.server.set_credentials(self._testpath("server-certificate.pem"),
- self._testpath("server-private-key.pem"),
- "server-password")
- self.server.set_peer_authentication( SSL.ANONYMOUS_PEER )
-
- self.client.set_credentials(self._testpath("client-certificate.pem"),
- self._testpath("client-private-key.pem"),
- "client-password")
- self.client.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.client.set_peer_authentication( SSL.VERIFY_PEER )
-
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
- self._pump()
- assert self.client.protocol_name() is not None
- client_conn.close()
- server_conn.close()
- self._pump()
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+
+ self.client_domain.set_credentials(self._testpath("client-certificate.pem"),
+ self._testpath("client-private-key.pem"),
+ "client-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert client.ssl.protocol_name() is not None
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
def test_bad_server_certificate(self):
""" A server with a self-signed certificate that is not trusted by the
client. The client should reject the server.
"""
- self.server.set_credentials(self._testpath("bad-server-certificate.pem"),
- self._testpath("bad-server-private-key.pem"),
- "server-password")
- self.server.set_peer_authentication( SSL.ANONYMOUS_PEER )
+ self.server_domain.set_credentials(self._testpath("bad-server-certificate.pem"),
+ self._testpath("bad-server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER )
- self.client.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.client.set_peer_authentication( SSL.VERIFY_PEER )
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
+ client.connection.open()
+ server.connection.open()
try:
- self._pump()
+ self._pump( client, server )
assert False, "Client failed to reject bad certificate."
except TransportException, e:
pass
+ del server
+ del client
+
+ # now re-try with a client that does not require peer verification
+ self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+
+ client = SslTest.SslTestConnection( self.client_domain )
+ server = SslTest.SslTestConnection( self.server_domain )
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert client.ssl.protocol_name() is not None
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
+
def test_allow_unsecured_client(self):
- """ Client is allows to connect unsecured to secured client
+ """ Server allows an unsecured client to connect if configured.
"""
- self.t_client = Transport()
-
- self.server.set_credentials(self._testpath("server-certificate.pem"),
- self._testpath("server-private-key.pem"),
- "server-password")
- self.server.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.server.set_peer_authentication( SSL.VERIFY_PEER,
- self._testpath("ca-certificate.pem") )
- self.server.allow_unsecured_client()
-
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
- self._pump()
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER,
+ self._testpath("ca-certificate.pem") )
+ # allow unsecured clients on this connection
+ self.server_domain.allow_unsecured_client()
+ server = SslTest.SslTestConnection( self.server_domain )
+
+ # non-ssl connection
+ client = SslTest.SslTestConnection()
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert server.ssl.protocol_name() is None
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
def test_disallow_unsecured_client(self):
- """ Client is disallowed from connecting unsecured to secured client
+ """ Non-SSL Client is disallowed from connecting to server.
+ """
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+ server = SslTest.SslTestConnection( self.server_domain )
+
+ # non-ssl connection
+ client = SslTest.SslTestConnection()
+
+ client.connection.open()
+ server.connection.open()
+ try:
+ self._pump( client, server )
+ assert False, "Server did not reject client as expected."
+ except TransportException:
+ pass
+
+ def test_session_resume(self):
+ """ Test resume of client session.
"""
- self.t_client = Transport()
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER )
+
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER )
+
+ # details will be used in initial and subsequent connections to allow session to be resumed
+ initial_session_details = SSLSessionDetails("my-session-id")
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain, initial_session_details )
+
+ # bring up the connection and store its state
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert client.ssl.protocol_name() is not None
+
+ # cleanly shutdown the connection
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
+
+ # destroy the existing clients
+ del client
+ del server
+
+ # now create a new set of connections, use last session id
+ server = SslTest.SslTestConnection( self.server_domain )
+ # provide the details of the last session, allowing it to be resumed
+ client = SslTest.SslTestConnection( self.client_domain, initial_session_details )
+
+ #client.transport.trace(Transport.TRACE_DRV)
+ #server.transport.trace(Transport.TRACE_DRV)
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert server.ssl.protocol_name() is not None
+ if(LANGUAGE=="C"):
+ assert client.ssl.resume_status() == SSL.RESUME_REUSED
+ else:
+ # Java gives no way to check whether a previous session has been resumed
+ pass
+
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
+
+ # now try to resume using an unknown session-id, expect resume to fail
+ # and a new session is negotiated
+
+ del client
+ del server
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain, SSLSessionDetails("some-other-session-id") )
+
+ client.connection.open()
+ server.connection.open()
+ self._pump( client, server )
+ assert server.ssl.protocol_name() is not None
+ if(LANGUAGE=="C"):
+ assert client.ssl.resume_status() == SSL.RESUME_NEW
+
+ client.connection.close()
+ server.connection.close()
+ self._pump( client, server )
+
+ def test_multiple_sessions(self):
+ """ Test multiple simultaineous active SSL sessions with bi-directional
+ certificate verification, shared across two domains.
+ """
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER,
+ self._testpath("ca-certificate.pem") )
+
+ self.client_domain.set_credentials(self._testpath("client-certificate.pem"),
+ self._testpath("client-private-key.pem"),
+ "client-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER )
+
+ max_count = 100
+ sessions = [(SslTest.SslTestConnection( self.server_domain ),
+ SslTest.SslTestConnection( self.client_domain )) for x in
+ range(max_count)]
+ for s in sessions:
+ s[0].connection.open()
+ self._pump( s[0], s[1] )
+
+ for s in sessions:
+ s[1].connection.open()
+ self._pump( s[1], s[0] )
+ assert s[0].ssl.cipher_name() is not None
+ assert s[1].ssl.cipher_name() == s[0].ssl.cipher_name()
+
+ for s in sessions:
+ s[1].connection.close()
+ self._pump( s[0], s[1] )
+
+ for s in sessions:
+ s[0].connection.close()
+ self._pump( s[1], s[0] )
+
+ def test_server_hostname_authentication(self):
+ """ Test authentication of the names held in the server's certificate
+ against various configured hostnames.
+ """
+
+ # Check the CommonName matches (case insensitive).
+ # Assumes certificate contains "CN=A1.Good.Server.domain.com"
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "a1.good.server.domain.com"
+ assert client.ssl.peer_hostname == "a1.good.server.domain.com"
+ self._do_handshake( client, server )
+ del server
+ del client
+ self.teardown()
+
+ # Should fail on CN name mismatch:
+ self.setup()
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
- self.server.set_credentials(self._testpath("server-certificate.pem"),
- self._testpath("server-private-key.pem"),
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "A1.Good.Server.domain.comX"
+ try:
+ self._do_handshake( client, server )
+ assert False, "Expected connection to fail due to hostname mismatch"
+ except TransportException:
+ pass
+ del server
+ del client
+ self.teardown()
+
+ # Wildcarded Certificate
+ # Assumes:
+ # 1) certificate contains Server Alternate Names:
+ # "alternate.name.one.com" and "another.name.com"
+ # 2) certificate has wildcarded CommonName "*.prefix*.domain.com"
+ #
+
+ # Pass: match an alternate
+ self.setup()
+ self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"),
+ self._testpath("server-wc-private-key.pem"),
+ "server-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "alternate.Name.one.com"
+ self._do_handshake( client, server )
+ del client
+ del server
+ self.teardown()
+
+ # Pass: match an alternate
+ self.setup()
+ self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"),
+ self._testpath("server-wc-private-key.pem"),
"server-password")
- self.server.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
- self.server.set_peer_authentication( SSL.VERIFY_PEER,
- self._testpath("ca-certificate.pem") )
-
- client_conn = Connection()
- self.t_client.bind(client_conn)
- server_conn = Connection()
- self.t_server.bind(server_conn)
- client_conn.open()
- server_conn.open()
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "ANOTHER.NAME.COM"
+ self._do_handshake(client, server)
+ del client
+ del server
+ self.teardown()
+
+ # Pass: match the pattern
+ self.setup()
+ self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"),
+ self._testpath("server-wc-private-key.pem"),
+ "server-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "SOME.PREfix.domain.COM"
+ self._do_handshake( client, server )
+ del client
+ del server
+ self.teardown()
+
+ # Pass: match the pattern
+ self.setup()
+ self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"),
+ self._testpath("server-wc-private-key.pem"),
+ "server-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "FOO.PREfixZZZ.domain.com"
+ self._do_handshake( client, server )
+ del client
+ del server
+ self.teardown()
+
+ # Fail: must match prefix on wildcard
+ self.setup()
+ self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"),
+ self._testpath("server-wc-private-key.pem"),
+ "server-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
+
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "FOO.PREfi.domain.com"
try:
- self._pump()
- assert False, "Expecting exception"
+ self._do_handshake( client, server )
+ assert False, "Expected connection to fail due to hostname mismatch"
except TransportException:
- assert True
+ pass
+ del server
+ del client
+ self.teardown()
+
+ # Fail: leading wildcards are not optional
+ self.setup()
+ self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"),
+ self._testpath("server-wc-private-key.pem"),
+ "server-password")
+ self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME )
+ server = SslTest.SslTestConnection( self.server_domain )
+ client = SslTest.SslTestConnection( self.client_domain )
+
+ client.ssl.peer_hostname = "PREfix.domain.COM"
+ try:
+ self._do_handshake( client, server )
+ assert False, "Expected connection to fail due to hostname mismatch"
+ except TransportException:
+ pass
+ self.teardown()
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/README.txt
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/README.txt?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/README.txt (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/README.txt Tue Jan 8 08:29:31 2013
@@ -11,27 +11,52 @@ client-private-key.pem - encrypted key u
"client-password"
server-certificate.pem - the public certificate used to identify the server. Signed by
-the CA.
+the CA. The CommonName is "A1.Good.Server.domain.com", and is checked by some unit tests.
server-private-key.pem - encrypted key used to create server-certificate.pem. Password is
"server-password"
bad-server-certificate.pem, bad-server-private-key.pem - a certificate/key that is not trusted by the client, for negative test.
+server-wc-certificate.pem and server-wc-private-key.pem - similar to
+server-certificate.pem and server-private-key.pem, but contains Subject Alternate Name
+entries, and a wildcard CommonName. Used for certificate name checking tests.
+
These certificates have been created using the OpenSSL tool.
-The following commands were used to create these certificates:
+The following bash script can be used to create these certificates (requires keytool from Java 1.7, and openssl):
+
+--8<--
+#!/bin/bash
+#set -x
+
+rm -f *.pem *.pkcs12
# Create a self-signed certificate for the CA, and a private key to sign certificate requests:
- openssl req -x509 -newkey rsa:512 -keyout ca-private-key.pem -passout pass:ca-password -out ca-certificate.pem -days 99999 -subj "/O=Trust Me, Inc/CN=127.0.0.1"
+keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com"
+openssl pkcs12 -nokeys -passin pass:ca-password -in ca.pkcs12 -passout pass:ca-password -out ca-certificate.pem
# Create a certificate request for the server certificate. Use the CA's certificate to sign it:
- openssl req -newkey rsa:512 -keyout server-private-key.pem -passout pass:server-password -out server-request.pem -subj "/O=Server/CN=127.0.0.1"
- openssl x509 -req -in server-request.pem -CA ca-certificate.pem -CAkey ca-private-key.pem -CAcreateserial -passin pass:ca-password -days 99999 -out server-certificate.pem
+keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey -dname "O=Server,CN=A1.Good.Server.domain.com"
+keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request.pem
+keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request.pem -outfile server-certificate.pem
+openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-private-key.pem
# Create a certificate request for the client certificate. Use the CA's certificate to sign it:
- openssl req -newkey rsa:512 -keyout client-private-key.pem -passout pass:client-password -out client-request.pem -subj "/O=Client/CN=127.0.0.1"
- openssl x509 -req -in client-request.pem -CA ca-certificate.pem -CAkey ca-private-key.pem -CAcreateserial -passin pass:ca-password -days 99999 -out client-certificate.pem
+keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -genkey -dname "O=Client,CN=127.0.0.1"
+keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -certreq -file client-request.pem
+keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request.pem -outfile client-certificate.pem
+openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -passout pass:client-password -out client-private-key.pem
# Create a "bad" certificate - not signed by a trusted authority
- openssl req -x509 -newkey rsa:512 -keyout bad-server-private-key.pem -passout pass:server-password -out bad-server-certificate.pem -days 99999 -subj "/O=Not Trusted, Inc/CN=127.0.0.1"
+keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1"
+openssl pkcs12 -nocerts -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-private-key.pem
+openssl pkcs12 -nokeys -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-certificate.pem
+
+# Create a server certificate with several alternate names, including a wildcarded common name:
+keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -genkeypair -dname "O=Server,CN=*.prefix*.domain.com"
+keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -certreq -file server-wc-request.pem
+keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-wc-request.pem -outfile server-wc-certificate.pem
+openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-wc-private-key.pem
+
+
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-certificate.pem
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-certificate.pem?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-certificate.pem (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-certificate.pem Tue Jan 8 08:29:31 2013
@@ -1,11 +1,22 @@
+Bag Attributes
+ friendlyName: bad-server
+ localKeyID: 54 69 6D 65 20 31 33 35 35 35 31 33 31 37 36 34 33 38
+subject=/CN=127.0.0.1/O=Not Trusted Inc
+issuer=/CN=127.0.0.1/O=Not Trusted Inc
-----BEGIN CERTIFICATE-----
-MIIBqTCCAVOgAwIBAgIJAJEjvDZ89puoMA0GCSqGSIb3DQEBBQUAMC8xGTAXBgNV
-BAoMEE5vdCBUcnVzdGVkLCBJbmMxEjAQBgNVBAMMCTEyNy4wLjAuMTAgFw0xMjEy
-MTExNjUyMTFaGA8yMjg2MDkyNTE2NTIxMVowLzEZMBcGA1UECgwQTm90IFRydXN0
-ZWQsIEluYzESMBAGA1UEAwwJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAw
-SAJBAMj44RxONUFt8VWGtg0qMvkd8mSJALlWwttMkCvSRG2lTDoNGb2CLNWkY9K1
-DWB6/7sGyOYOiJSyWGkdPh5or00CAwEAAaNQME4wHQYDVR0OBBYEFOtFQ5lE51bn
-w6MmgNZirgHJYihLMB8GA1UdIwQYMBaAFOtFQ5lE51bnw6MmgNZirgHJYihLMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADQQBQ5U43uyblaqnrtJ/xr6olYqlp
-h3NFjhG1B99Gg5IiI1SghSZH2GXqlzAdTsV7BYEzEvLtXl142QSEWKCvXCAe
+MIICuDCCAnagAwIBAgIEORFSwTALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJMTI3
+LjAuMC4xMRgwFgYDVQQKEw9Ob3QgVHJ1c3RlZCBJbmMwHhcNMTIxMjE0MTkyNjE2
+WhcNMTMwMzE0MTkyNjE2WjAuMRIwEAYDVQQDEwkxMjcuMC4wLjExGDAWBgNVBAoT
+D05vdCBUcnVzdGVkIEluYzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUS
+KVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeB
+O4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMC
+NVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1
+AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQ
+gYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8fti
+egEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgFmK1k4m
+fUIkoNBN+RDNupwB23KAY7ndKYSpsRb/1emUmHt95hlW2YVLY2sAxs1L4f/P86Pq
+1VQ1ikoPUQUVG7K2DiGiZ9cBlAlpjT5Tc3UIUy3Pp+dLvsV/XTjlwQtVkeixSglS
+MaGQgsY2cyHNIgfjDI1btWaf59KUT7fghZ6UoyEwHzAdBgNVHQ4EFgQU7W7iB3hz
+3v/ZSNNNc4SUkppnQOYwCwYHKoZIzjgEAwUAAy8AMCwCFH+2yE3PEcoDD+OpLLYZ
+kIUyaKmnAhQFn6PxXYxKNpjKvNBA5YrWPlQRQw==
-----END CERTIFICATE-----
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-private-key.pem
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-private-key.pem?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-private-key.pem (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/bad-server-private-key.pem Tue Jan 8 08:29:31 2013
@@ -1,11 +1,19 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIw9Kz/03IB70CAggA
-MBQGCCqGSIb3DQMHBAi8P10Ee3rvAwSCAWAGD5ZVWCtZdBKNTJgbJU4EBCLhNrwU
-SSGWM+k7FTuMkZ8MQPAW9cAcTO4oLZOSXsG+3A3fnooyIwaK2PW6c3GvyOG9F4j5
-Zov4scl1E8Ccst0qQF1N+NaimXTNsEIlUpoRm501K3yi3itz5FdAyW8dre+Ypb1j
-JX/B3CiwYqBGXGBH7wR1AvlPYIXU3++a+xVtxrU1vAZitXWVSJS2wSfOe7FrxaAG
-NLgyej4GQaxoYDQjOVBx8/KIUtjP1adHdZLAPqBAJ/R9yDAVVRy+ZQfLu3AEmY2u
-ssg34AMtdG6QQO/BvydUTju5sShQ3GwU1EjeNwtsKA9wmgSz07e9mpbspLS1ujH2
-RL5NzqoICaMx2pKglsDsOe2d63bsNRwjcjtxFzFHra1cJlI4OOPMM6OwARtnR0t7
-2vD6OS5k58R9zNvAM0yfS149lZAWV3e/1t9z9rHyhNVowoxfAPMW2tXR
------END ENCRYPTED PRIVATE KEY-----
+Bag Attributes
+ friendlyName: bad-server
+ localKeyID: 54 69 6D 65 20 31 33 35 35 35 31 33 31 37 36 34 33 38
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,299D5E2BB33A3040
+
+6Ara87J4e49jG5/gvll26BpBT+B77CAwKQexUUtM+KYcD5X6URlVfCKd7DZA6T/w
+hugr7rJ9OrM9YK2gWMXAAkAsQdNzh4MZbudwo1HVZtt+K1/qMjrNBvMOgHR/0OQK
+i/moB7/JZl2z69G+m84cQEXY+M4Afxky2UTaWcVw43xgsTPlSapptE+4RyN8ISOK
+jL8KK7HQTceIwTJSd2GFThQ9Xc6VI+UGuCvXIc3IxhHAvvnvU5UhKFZqbIxaZmtv
+E1nQq4r9y4/X8ZNImOqf37nxpnk1bSFtgtJiq1FHBQ9ShlYvbRiLizwGyHc1eFOC
+DkQDtm0repS/K0WuxoBN6WoXYe8B6ATdWpnuKCwvE34UD6W4BoViF6+HCdTkiad3
+rbNSZtuEKK/1K4g5lJakoWSWnjxLusfAkgivO9D0hQDoB2oKNB7H9gul27fm8LYM
+7vbYW7+bsRBk0XXVXHvcz3mFWV0TiebmRzXLl589qS8rk2JbDI8SSSkCaLsULKIG
+u4GnKWBwFO+HOoo+6/4f2IUgGnSsc2yeDV/28QFjJtyDfterdV8uu6kRYdSnuanZ
+EfdZdEI7T3Eir8DneFSVpw==
+-----END DSA PRIVATE KEY-----
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/ca-certificate.pem
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/ca-certificate.pem?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/ca-certificate.pem (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/ca-certificate.pem Tue Jan 8 08:29:31 2013
@@ -1,11 +1,22 @@
+Bag Attributes
+ friendlyName: ca
+ localKeyID: 54 69 6D 65 20 31 33 35 35 35 31 33 31 36 30 39 31 30
+subject=/CN=Trusted.CA.com/O=Trust Me Inc.
+issuer=/CN=Trusted.CA.com/O=Trust Me Inc.
-----BEGIN CERTIFICATE-----
-MIIBozCCAU2gAwIBAgIJAKNyHMRC1uR6MA0GCSqGSIb3DQEBBQUAMCwxFjAUBgNV
-BAoMDVRydXN0IE1lLCBJbmMxEjAQBgNVBAMMCTEyNy4wLjAuMTAgFw0xMjEyMTEx
-NjUxMzlaGA8yMjg2MDkyNTE2NTEzOVowLDEWMBQGA1UECgwNVHJ1c3QgTWUsIElu
-YzESMBAGA1UEAwwJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALo3
-ceSN7jJN+WWThcjCqHjEo2W89Ki9HY7eqo5zX5m1j3qg+cVJctkIa4dBgMnZSsbu
-wn4CgKURw+DpSg/MFFUCAwEAAaNQME4wHQYDVR0OBBYEFNdELcsmF7BNHItDX8ZH
-Dawvuv8BMB8GA1UdIwQYMBaAFNdELcsmF7BNHItDX8ZHDawvuv8BMAwGA1UdEwQF
-MAMBAf8wDQYJKoZIhvcNAQEFBQADQQACaKFGEC6J+pXI697kycz6viWd5CdYS9I2
-CodIS7XS+kmsxv4qESaxFTCjo45jfKfiSIoDJb6vPWVYLVYavQQ2
+MIICvjCCAnygAwIBAgIELdXscjALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
+c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wHhcNMTIxMjE0MTky
+NjAwWhcNMTMwMzE0MTkyNjAwWjAxMRcwFQYDVQQDEw5UcnVzdGVkLkNBLmNvbTEW
+MBQGA1UEChMNVHJ1c3QgTWUgSW5jLjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9
+f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2
+y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD
+9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLr
+hAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrU
+WU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6
+ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKB
+gGZu/tpRZvKeg9d7iOVqN2HwowyusbF9cO3QsydzGjq59gYqnjN7rnJirI9tYXHI
+ZWnvHCaCmqvV8VuWYf2PAQ1pDQg2vDsEvtLVtNbJ3rUVox9m5Yi2wxzMXSjgTdV1
+1phee+4NgOjGq/xi0x9hkZJfQ/GMAARMfVhe3LWmhNM6oyEwHzAdBgNVHQ4EFgQU
+3fv7OplupQHzZWg73w/VnllBZoMwCwYHKoZIzjgEAwUAAy8AMCwCFBtqL951J0EC
+s7veW5jyMMtmEFxkAhQjFox6PwBvsQjbJbAXdrt4tjGZ1g==
-----END CERTIFICATE-----
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-certificate.pem
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-certificate.pem?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-certificate.pem (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-certificate.pem Tue Jan 8 08:29:31 2013
@@ -1,9 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIIBRDCB7wIJANpQ/9sWD3q5MA0GCSqGSIb3DQEBBQUAMCwxFjAUBgNVBAoMDVRy
-dXN0IE1lLCBJbmMxEjAQBgNVBAMMCTEyNy4wLjAuMTAgFw0xMjEyMTExNjUyMDRa
-GA8yMjg2MDkyNTE2NTIwNFowJTEPMA0GA1UECgwGQ2xpZW50MRIwEAYDVQQDDAkx
-MjcuMC4wLjEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoscJn5dvHacd9a6rQHl4
-l3/GqsGDBcQFUvIjlXmZSkaokh0bhTQZWh4la2jCE/f9aC4oyOGv8OpXtN4YtLqU
-EwIDAQABMA0GCSqGSIb3DQEBBQUAA0EAdgqg3ikCBXVHO6im2Kx9CfwzKJdwkGJI
-RxEIQdx5AoMH/+NNa6LSVyfYgE6xpnwCQ79QkJi8uD8QM9MUxTlMlA==
+MIIC1jCCApSgAwIBAgIEAmLTmzALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1c3RlZC5DQS5j
+b20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTIxMjE0MTkyNjExWhgPMjI4NjA5MjgxOTI2
+MTFaMCUxEjAQBgNVBAMTCTEyNy4wLjAuMTEPMA0GA1UEChMGQ2xpZW50MIIBuDCCASwGByqGSM44
+BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6
+MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1
+VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gghdab
+Pd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim
+4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1Ul
+ZAFMO/7PSSoDgYUAAoGBAODM2tGD+AgXUy32NySP7YXFMEIcjUO02pHBxstkidoxTWbhDh086r3p
+ax25/NJkr3VZ0OeYQN3Z5L839pcACyWJCJ0iQE++brq/EBTZ1cTspGzptTxFfY6NMhZJq4iBMI1M
++NkkJd7C3qQn2lkVH3BPigNUwtIs0l+U0GpJKXoho0IwQDAfBgNVHSMEGDAWgBTd+/s6mW6lAfNl
+aDvfD9WeWUFmgzAdBgNVHQ4EFgQUSwL8QhJIHykb8kmFjjtTI3j6apIwCwYHKoZIzjgEAwUAAy8A
+MCwCFHH6w6G/4bAerSS8CsjuTStgdcLnAhQUbwI8KMOPhvOzGuvbE2nIGAB2AA==
-----END CERTIFICATE-----
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-private-key.pem
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-private-key.pem?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-private-key.pem (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/client-private-key.pem Tue Jan 8 08:29:31 2013
@@ -1,11 +1,19 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIuOBtxQCo/cQCAggA
-MBQGCCqGSIb3DQMHBAgNGKK3qXSFegSCAViDAVPZqEi19DogA60ljI8iMAqve5Q7
-GIA7gYhGpkBufJrBKEzOdrBfdE1a2pIf/KPpPLsREZlIpSYL8Pf5lbuhgDVoZrM9
-bL8VK3+9R1x2eerTe2/l8792jImkuv5cvFCQ0dD8pIYe0gm9+z5mARyjjo7nGSPu
-5qreZQug+zsRG850GsR2oNbwFF5WggVPFD6LWxQ/qk6vH10yM5JoZXSXK4XrfKNL
-oXhUcySosVYlETHdep6gg384SNx8dmlm+jQhA4HseVZIaAG3WEWLsby4Ck6gz/2v
-blYy46bR4diSAMA5YKCVditnEU3J3p4IhsouuL2aC8sWnAnM9tqwuuy8T0lQkk8M
-8bTCwZkMaI8GsTJ2nEUEjhTjFt5n6TbiQacqtTzMimk1Buga9lall5zDyxzX92SH
-p33cl7PTKm/8JtNSUek7HalTYjlKvJ8f+JJcARx9m3XQjw==
------END ENCRYPTED PRIVATE KEY-----
+Bag Attributes
+ friendlyName: client-certificate
+ localKeyID: 54 69 6D 65 20 31 33 35 35 35 31 33 31 37 31 30 31 39
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,18C986B8096E0FF2
+
+Kp6cthNXlAYau8hvrkS4iGtucTpSpSHQzvZAZc/TGueeavYPXDj5JktfdXhIYEke
+/YOUNn1CDpEJAS3rUqsO8uZEvgWLI4NtQ6vZyidTitBnnx2FtH0XM1gqg6YXHM3E
+0jkKnZRm8GM2Hma50U+jb46f43khH1yjtWBUstVG2o6eI5O/00VJ2LZQWtTs5J0C
+lxIMJBKGhEyy6kbnt0EkAwpLmZ4kRHbbfLe0vEmwB21aRMF8sjD03Jxi63UG2x/B
+rZqspGumO/MaiQPKnSl3SnOSkD6ah4kHqyDZYl97ub/tHJlL7paI6sTNh5JrDY5L
+9Ex8onrrotf33s3FOtH7nM+p77vOZFt/pnsrpEsgUJEp493KNk05IBJddjvESiqI
++0bqjyOUBFigZyqbYFSMFlPlbKYfn1803hBF74u628cTGr+j46l9wsMsukPjSZnO
+GZnG3Ey0zWs/X58wNowSpyWmMT8y6YrZ+jTC/3eaOFy4q5xl4vdq0IZnrQdBkjpP
+pyl2ca9AQf5gj2yf9n5ds3HCMDkAcvRIQ8YPjt9biEEz7FQxcKiKOcGOd7H33buy
+t/ovR11DT866Vi3Nr9CwncRn9kYjqx75
+-----END DSA PRIVATE KEY-----
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-certificate.pem
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-certificate.pem?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-certificate.pem (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-certificate.pem Tue Jan 8 08:29:31 2013
@@ -1,9 +1,16 @@
-----BEGIN CERTIFICATE-----
-MIIBRDCB7wIJANpQ/9sWD3q4MA0GCSqGSIb3DQEBBQUAMCwxFjAUBgNVBAoMDVRy
-dXN0IE1lLCBJbmMxEjAQBgNVBAMMCTEyNy4wLjAuMTAgFw0xMjEyMTExNjUxNTJa
-GA8yMjg2MDkyNTE2NTE1MlowJTEPMA0GA1UECgwGU2VydmVyMRIwEAYDVQQDDAkx
-MjcuMC4wLjEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArx8jSO/NgZefqiGgsFFy
-hYADlvNZ+A+GpJu1GZKnyLxSiJHKl31zbK80eDPxUBBjgksHx6Sba4fUEfGE8NX5
-MwIDAQABMA0GCSqGSIb3DQEBBQUAA0EAEx+fUkI+j8Tomca6hPSSXhjPQdzzLTjQ
-ydIPMDODhx4xTeFhsPDyEIr1KxkYljhpKR9J6/o8/ZR+RAK1Ra0aJw==
+MIIC5zCCAqSgAwIBAgIEJfye2zALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1c3RlZC5DQS5j
+b20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTIxMjE0MTkyNjA3WhgPMjI4NjA5MjgxOTI2
+MDdaMDUxIjAgBgNVBAMTGUExLkdvb2QuU2VydmVyLmRvbWFpbi5jb20xDzANBgNVBAoTBlNlcnZl
+cjCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEm
+aUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX
+58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLr
+hAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0
+SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJ
+qIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDNyK03d2on1/UdPTlPGNZZ1USJ43XHPjz/
+ElYSEYPrqoOVjvyPbszQyzoeirch5cehwPpEVGjQqwAs2SmP4Ft5qCp6jz4lWLXviynw4fWpLcpK
+TjK8b2Fkgjr4vh+x8ZqS8RFZhmFFthVDeRJUA6m84p50XAqWy3sHWfbEF5ivd6NCMEAwHwYDVR0j
+BBgwFoAU3fv7OplupQHzZWg73w/VnllBZoMwHQYDVR0OBBYEFH2AxfbbZ0p9h3ByiZzJ4LcIZdlr
+MAsGByqGSM44BAMFAAMwADAtAhUAgtdQUhmdgXgfYhT1t15hthfcirsCFEePH//ihba3GW0zvpIZ
+WTiqxzgJ
-----END CERTIFICATE-----
Modified: qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-private-key.pem
URL: http://svn.apache.org/viewvc/qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-private-key.pem?rev=1430167&r1=1430166&r2=1430167&view=diff
==============================================================================
--- qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-private-key.pem (original)
+++ qpid/proton/branches/jni-binding/tests/proton_tests/ssl_db/server-private-key.pem Tue Jan 8 08:29:31 2013
@@ -1,11 +1,19 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIx78+YntrBu4CAggA
-MBQGCCqGSIb3DQMHBAg1sR4m8AJpxgSCAWAIhKd/GbGzHhQIlCDJQBYXIE26QIr7
-dWaO42gSslIKHIcStBydPxZMAAGVXtLfMWQMrEodVBwhryCjIg+JkjVKvh9zEhNb
-O/D5YGPi6CbUUGk92g097V5x6aQrd1s33tZL+Wydg1iG49S2gveb6U6MDOZVMir1
-qVWmT2XxNuNJPJa9Qucl2FanBW8zju9/iHcQeDc7u0chs2likgElB/8LTcd3moe5
-vs09auK6YjjvlIasLV0CmgDdAN/z9Q0YVHynm3+n1wLw+47uqqEtqBySvG+Z5z/l
-2HuGHcwMGo7Yh/laAHQ+AWu1xQV5B3GBeBwWw0N/DuKjY+najNITUn7C0p2Bsx37
-SIf5ZcUvTvIym3I/w8I59jrcYbuHQWL5u0djj20P5Y23sscndDIUrGKTrQDXbzfc
-VkTdef9sJ/W+JmjHRneaym7OhlehqYzv9ffrDV3mWyztmNqxsgE/u2v5
------END ENCRYPTED PRIVATE KEY-----
+Bag Attributes
+ friendlyName: server-certificate
+ localKeyID: 54 69 6D 65 20 31 33 35 35 35 31 33 31 36 36 34 32 36
+Key Attributes: <No Attributes>
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5018108267068260
+
+D7UPNM1qXkP07q1lPEk7V8n4WDZ3L/6VPEl7okiPraozpXCK5tTr4Lj+vciEmyNa
+RVBChV/O84N4L0ISP2OpTuaPi/fYYtOnPwNX2NRNAX2Or1WDn2MRk9Q2LeNWqRLW
+O66eT+cYQfhvb9QhK/XlihyHNdcr9hgpnPYmJTYZoSrGBG8yoM8YwYOGt7w8QSw6
+/figQF8Zd6cUiWNE8/fVTUVPHR6syorvYPMIPj+AGewykh0YpmXNWnXsrOeuT072
+NtBTOQh8d110p470HV6tqJcv4kjtri/5z0IsHGzTMe34eYwQJ4BDoz6+jbCk06ub
+xbkFLB6HIAhf/UJ8/Kg3j8r0ey7njwBMXRqCfa2uLoaomn8GaW+3eg8iBKoYLOvG
+dPV9oR0bm4ZJ5pI7RETpY7q/pQ/u6h1h41bvX2wNz0sxop8PAFmZBLKyJkMihd2o
+7VBhM4Yo68vOoAyeXtXPjW+Yz0Q6xFNRkL8mTjqMw1oXmq23VikDoNB6hs+ltpab
+sviEr4xiO0lPKKGKVnyiSh1rMmnuR/72WFw3N0yAmlMY8wPfKSjm7Eajs8hZUNhe
+jnDE4zn16C8g2/4Z/gHOTrRapL3Znf+q
+-----END DSA PRIVATE KEY-----
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org