You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2018/05/24 20:29:41 UTC
[26/33] activemq-artemis git commit: ARTEMIS-1882 verify PKCS12
keystores work
ARTEMIS-1882 verify PKCS12 keystores work
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/3602713a
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/3602713a
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/3602713a
Branch: refs/heads/2.6.x
Commit: 3602713a7e8b3488410174c513480742e0427c4e
Parents: e6d2607
Author: Justin Bertram <jb...@apache.org>
Authored: Wed May 23 13:12:44 2018 -0500
Committer: Clebert Suconic <cl...@apache.org>
Committed: Thu May 24 11:58:43 2018 -0400
----------------------------------------------------------------------
.../ssl/CoreClientOverOneWaySSLTest.java | 24 ++++++++++++++++---
.../ssl/CoreClientOverTwoWaySSLTest.java | 24 +++++++++++++++----
.../src/test/resources/client-side-keystore.p12 | Bin 0 -> 2589 bytes
.../test/resources/client-side-truststore.p12 | Bin 0 -> 1194 bytes
.../resources/other-client-side-truststore.p12 | Bin 0 -> 1202 bytes
.../resources/other-server-side-keystore.p12 | Bin 0 -> 2605 bytes
.../src/test/resources/server-side-keystore.p12 | Bin 0 -> 2589 bytes
.../test/resources/server-side-truststore.p12 | Bin 0 -> 1194 bytes
.../resources/verified-client-side-keystore.p12 | Bin 0 -> 2565 bytes
.../verified-client-side-truststore.p12 | Bin 0 -> 1162 bytes
.../resources/verified-server-side-keystore.p12 | Bin 0 -> 2565 bytes
.../verified-server-side-truststore.p12 | Bin 0 -> 1162 bytes
12 files changed, 40 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
index aeb7524..6217dbd 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
@@ -58,13 +58,18 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
@Parameterized.Parameters(name = "storeType={0}")
public static Collection getParameters() {
- return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}});
+ return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}, {"PKCS12"}});
}
public CoreClientOverOneWaySSLTest(String storeType) {
this.storeType = storeType;
- SERVER_SIDE_KEYSTORE = "server-side-keystore." + storeType.toLowerCase();
- CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + storeType.toLowerCase();
+ String suffix = storeType.toLowerCase();
+ // keytool expects PKCS12 stores to use the extension "p12"
+ if (storeType.equals("PKCS12")) {
+ suffix = "p12";
+ }
+ SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix;
+ CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + suffix;
}
public static final SimpleString QUEUE = new SimpleString("QueueOverSSL");
@@ -97,6 +102,19 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
* keytool -genkey -keystore verified-server-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ"
* keytool -export -keystore verified-server-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample
* keytool -import -keystore verified-client-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt
+ *
+ * Commands to create the PKCS12 artifacts:
+ * keytool -genkey -keystore server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
+ * keytool -export -keystore server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
+ * keytool -import -keystore client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
+ *
+ * keytool -genkey -keystore other-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=Other ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
+ * keytool -export -keystore other-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
+ * keytool -import -keystore other-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
+ *
+ * keytool -genkey -keystore verified-server-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
+ * keytool -export -keystore verified-server-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
+ * keytool -import -keystore verified-client-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
*/
private String storeType;
private String SERVER_SIDE_KEYSTORE;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
----------------------------------------------------------------------
diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
index 609174e..9c814e9 100644
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverTwoWaySSLTest.java
@@ -58,15 +58,20 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
@Parameterized.Parameters(name = "storeType={0}")
public static Collection getParameters() {
- return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}});
+ return Arrays.asList(new Object[][]{{"JCEKS"}, {"JKS"}, {"PKCS12"}});
}
public CoreClientOverTwoWaySSLTest(String storeType) {
this.storeType = storeType;
- SERVER_SIDE_KEYSTORE = "server-side-keystore." + storeType.toLowerCase();
- SERVER_SIDE_TRUSTSTORE = "server-side-truststore." + storeType.toLowerCase();
- CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + storeType.toLowerCase();
- CLIENT_SIDE_KEYSTORE = "client-side-keystore." + storeType.toLowerCase();
+ String suffix = storeType.toLowerCase();
+ // keytool expects PKCS12 stores to use the extension "p12"
+ if (storeType.equals("PKCS12")) {
+ suffix = "p12";
+ }
+ SERVER_SIDE_KEYSTORE = "server-side-keystore." + suffix;
+ SERVER_SIDE_TRUSTSTORE = "server-side-truststore." + suffix;
+ CLIENT_SIDE_TRUSTSTORE = "client-side-truststore." + suffix;
+ CLIENT_SIDE_KEYSTORE = "client-side-keystore." + suffix;
}
public static final SimpleString QUEUE = new SimpleString("QueueOverSSL");
@@ -91,6 +96,15 @@ public class CoreClientOverTwoWaySSLTest extends ActiveMQTestBase {
* keytool -genkey -keystore verified-client-side-keystore.jceks -storetype JCEKS -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
* keytool -export -keystore verified-client-side-keystore.jceks -file activemq-jceks.cer -storetype jceks -storepass secureexample
* keytool -import -keystore verified-server-side-truststore.jceks -storetype JCEKS -file activemq-jceks.cer -storepass secureexample -keypass secureexample -noprompt
+ *
+ * Commands to create the PKCS12 artifacts:
+ * keytool -genkey -keystore client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
+ * keytool -export -keystore client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
+ * keytool -import -keystore server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
+ *
+ * keytool -genkey -keystore verified-client-side-keystore.p12 -storetype PKCS12 -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
+ * keytool -export -keystore verified-client-side-keystore.p12 -file activemq-p12.cer -storetype PKCS12 -storepass secureexample
+ * keytool -import -keystore verified-server-side-truststore.p12 -storetype PKCS12 -file activemq-p12.cer -storepass secureexample -keypass secureexample -noprompt
*/
private String storeType;
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/client-side-keystore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/client-side-keystore.p12 b/tests/unit-tests/src/test/resources/client-side-keystore.p12
new file mode 100644
index 0000000..f36af7c
Binary files /dev/null and b/tests/unit-tests/src/test/resources/client-side-keystore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/client-side-truststore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/client-side-truststore.p12 b/tests/unit-tests/src/test/resources/client-side-truststore.p12
new file mode 100644
index 0000000..de15aa4
Binary files /dev/null and b/tests/unit-tests/src/test/resources/client-side-truststore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/other-client-side-truststore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/other-client-side-truststore.p12
new file mode 100644
index 0000000..4f06c03
Binary files /dev/null and b/tests/unit-tests/src/test/resources/other-client-side-truststore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/other-server-side-keystore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 b/tests/unit-tests/src/test/resources/other-server-side-keystore.p12
new file mode 100644
index 0000000..40384bf
Binary files /dev/null and b/tests/unit-tests/src/test/resources/other-server-side-keystore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/server-side-keystore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/server-side-keystore.p12 b/tests/unit-tests/src/test/resources/server-side-keystore.p12
new file mode 100644
index 0000000..f9f4dab
Binary files /dev/null and b/tests/unit-tests/src/test/resources/server-side-keystore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/server-side-truststore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/server-side-truststore.p12 b/tests/unit-tests/src/test/resources/server-side-truststore.p12
new file mode 100644
index 0000000..f8daaa3
Binary files /dev/null and b/tests/unit-tests/src/test/resources/server-side-truststore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 b/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12
new file mode 100644
index 0000000..3cee34a
Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-client-side-keystore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12
new file mode 100644
index 0000000..d95f854
Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-client-side-truststore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 b/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12
new file mode 100644
index 0000000..fcf3969
Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-server-side-keystore.p12 differ
http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/3602713a/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12
----------------------------------------------------------------------
diff --git a/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 b/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12
new file mode 100644
index 0000000..619adb2
Binary files /dev/null and b/tests/unit-tests/src/test/resources/verified-server-side-truststore.p12 differ