You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2019/03/06 16:15:30 UTC
[qpid-broker-j] 01/03: QPID-8281: [Broker-J][Tests] Regenerate test
certificates with RSA 2048bits keys and copy the keystores into
corresponding module test resources
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
commit 67d0be52dadd905841f7f454585723e9dae53140
Author: Alex Rudyy <or...@apache.org>
AuthorDate: Wed Feb 27 16:11:33 2019 +0000
QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources
(cherry picked from commit d946bec02cf8cd5d72ab65df38c2733173dbc10b)
---
broker-core/pom.xml | 3 -
.../qpid/server/security/FileKeyStoreTest.java | 67 +++++++------
.../qpid/server/security/FileTrustStoreTest.java | 111 ++++++++++++++-------
.../qpid/server/security/NonJavaKeyStoreTest.java | 26 ++---
.../server/security/NonJavaTrustStoreTest.java | 14 +--
.../security/SiteSpecificTrustStoreTest.java | 6 +-
.../apache/qpid/server/ssl/TrustManagerTest.java | 70 +++++++------
broker-core/src/test/resources/ssl/expired.crt | 17 ++++
broker-core/src/test/resources/ssl/java_broker.crt | 21 ++++
broker-core/src/test/resources/ssl/java_broker.req | 18 ++++
.../ssl/java_broker_expired_truststore.pkcs12 | Bin 0 -> 1002 bytes
.../test/resources/ssl/java_broker_keystore.pkcs12 | Bin 0 -> 4425 bytes
.../resources/ssl/java_broker_peerstore.pkcs12 | Bin 0 -> 1162 bytes
.../resources/ssl/java_broker_truststore.pkcs12 | Bin 0 -> 1082 bytes
.../ssl/java_client_expired_keystore.pkcs12 | Bin 0 -> 2397 bytes
.../test/resources/ssl/java_client_keystore.pkcs12 | Bin 0 -> 7641 bytes
.../resources/ssl/java_client_truststore.pkcs12 | Bin 0 -> 1082 bytes
.../ssl/java_client_untrusted_keystore.pkcs12 | Bin 0 -> 2467 bytes
.../src/test/resources/ssl/test_keystore.jks | Bin 5786 -> 6361 bytes
.../src/main/resources/java_broker_keystore.jks | Bin 0 -> 4425 bytes
test-profiles/test_resources/ssl/CA_db/cert8.db | Bin 65536 -> 0 bytes
test-profiles/test_resources/ssl/CA_db/cert9.db | Bin 0 -> 28672 bytes
test-profiles/test_resources/ssl/CA_db/key3.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/CA_db/key4.db | Bin 0 -> 36864 bytes
test-profiles/test_resources/ssl/CA_db/pkcs11.txt | 5 +
test-profiles/test_resources/ssl/CA_db/rootca.crt | 24 +++--
test-profiles/test_resources/ssl/CA_db/secmod.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/app1.crt | 29 +++---
test-profiles/test_resources/ssl/app1.req | 29 +++---
test-profiles/test_resources/ssl/app2.crt | 29 +++---
test-profiles/test_resources/ssl/app2.req | 29 +++---
.../test_resources/ssl/generate-java-keystores.sh | 74 ++++++++++----
.../test_resources/ssl/generate-root-ca.sh | 10 +-
test-profiles/test_resources/ssl/java_broker.crt | 28 ++++--
test-profiles/test_resources/ssl/java_broker.req | 24 +++--
.../ssl/java_broker_expired_truststore.jks | Bin 769 -> 1002 bytes
.../test_resources/ssl/java_broker_keystore.jks | Bin 3209 -> 4425 bytes
.../test_resources/ssl/java_broker_peerstore.jks | Bin 802 -> 1162 bytes
.../test_resources/ssl/java_broker_truststore.jks | Bin 591 -> 1082 bytes
.../ssl/java_client_expired_keystore.jks | Bin 2057 -> 2397 bytes
.../test_resources/ssl/java_client_keystore.jks | Bin 5786 -> 7641 bytes
.../test_resources/ssl/java_client_truststore.jks | Bin 591 -> 1082 bytes
.../ssl/java_client_untrusted_keystore.jks | Bin 2056 -> 2467 bytes
.../test_resources/ssl/server_db/cert8.db | Bin 65536 -> 0 bytes
.../test_resources/ssl/server_db/cert9.db | Bin 0 -> 28672 bytes
test-profiles/test_resources/ssl/server_db/key3.db | Bin 16384 -> 0 bytes
test-profiles/test_resources/ssl/server_db/key4.db | Bin 0 -> 36864 bytes
.../test_resources/ssl/server_db/pkcs11.txt | 5 +
.../test_resources/ssl/server_db/secmod.db | Bin 16384 -> 0 bytes
.../test_resources/ssl/server_db/server.crt | 26 +++--
.../test_resources/ssl/server_db/server.req | 23 +++--
51 files changed, 441 insertions(+), 247 deletions(-)
diff --git a/broker-core/pom.xml b/broker-core/pom.xml
index 3d32a0d..6241041 100644
--- a/broker-core/pom.xml
+++ b/broker-core/pom.xml
@@ -130,9 +130,6 @@
<testResource>
<directory>${basedir}/src/test/resources</directory>
</testResource>
- <testResource>
- <directory>${basedir}/../test-profiles/test_resources/ssl</directory>
- </testResource>
</testResources>
<plugins>
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
index e950ef4..28f49d1 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
@@ -20,6 +20,7 @@
package org.apache.qpid.server.security;
+import static org.apache.qpid.server.security.FileTrustStoreTest.createDataUrlForFile;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -40,13 +41,21 @@ import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.util.DataUrlUtils;
import org.apache.qpid.test.utils.QpidTestCase;
import org.apache.qpid.test.utils.TestSSLConstants;
-import org.apache.qpid.server.util.DataUrlUtils;
-import org.apache.qpid.server.util.FileUtils;
+
+
public class FileKeyStoreTest extends QpidTestCase
{
+ private static final String BROKER_KEYSTORE = "ssl/java_broker_keystore.pkcs12";
+ private static final String BROKER_KEYSTORE_PATH = "classpath:" + BROKER_KEYSTORE;
+ private static final String BROKER_KEYSTORE_PASSWORD = TestSSLConstants.BROKER_KEYSTORE_PASSWORD;
+ private static final String CLIENT_KEYSTORE_PATH = "classpath:ssl/java_client_keystore.pkcs12";
+ private static final String CLIENT_KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+ private static final String BROKER_KEYSTORE_ALIAS = TestSSLConstants.BROKER_KEYSTORE_ALIAS;
+
private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -70,8 +79,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -85,9 +94,9 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
- attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -101,7 +110,7 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
attributes.put(FileKeyStore.PASSWORD, "wrong");
try
@@ -120,8 +129,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
try
@@ -138,12 +147,12 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreFromDataUrl_Success() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -155,13 +164,13 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreWithAliasFromDataUrl_Success() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
- attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -173,7 +182,7 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreFromDataUrl_WrongPassword() throws Exception
{
- String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
@@ -198,7 +207,7 @@ public class FileKeyStoreTest extends QpidTestCase
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
try
@@ -216,11 +225,11 @@ public class FileKeyStoreTest extends QpidTestCase
public void testCreateKeyStoreFromDataUrl_UnknownAlias() throws Exception
{
- String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+ String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
@@ -240,8 +249,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -264,7 +273,7 @@ public class FileKeyStoreTest extends QpidTestCase
assertNull("Unexpected alias value after failed change", fileKeyStore.getCertificateAlias());
Map<String,Object> changedAttributes = new HashMap<>();
- changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+ changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
fileKeyStore.setAttributes(changedAttributes);
@@ -278,8 +287,9 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12");
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -290,8 +300,8 @@ public class FileKeyStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileKeyStore.NAME, "myFileKeyStore");
- attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
- attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+ attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker);
@@ -311,9 +321,4 @@ public class FileKeyStoreTest extends QpidTestCase
}
}
- private static String createDataUrlForFile(String filename)
- {
- byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
- return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
- }
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
index 9d184be..d0cc0a2 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
@@ -23,6 +23,10 @@ package org.apache.qpid.server.security;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@@ -35,6 +39,8 @@ import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
+import com.google.common.io.ByteStreams;
+
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
@@ -51,12 +57,21 @@ import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationMana
import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.DataUrlUtils;
-import org.apache.qpid.server.util.FileUtils;
import org.apache.qpid.test.utils.QpidTestCase;
import org.apache.qpid.test.utils.TestSSLConstants;
public class FileTrustStoreTest extends QpidTestCase
{
+ private static final String TRUSTSTORE_PASSWORD = TestSSLConstants.TRUSTSTORE_PASSWORD;
+ private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD;
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+ private static final String TRUST_STORE_PATH = "classpath:ssl/java_client_truststore.pkcs12";
+ private static final String PEER_STORE_PATH = "classpath:ssl/java_broker_peerstore.pkcs12";
+ private static final String EXPIRED_TRUST_STORE_PATH = "classpath:ssl/java_broker_expired_truststore.pkcs12";
+ private static final String EXPIRED_KEYSTORE_PATH = "ssl/java_client_expired_keystore.pkcs12";
+ private static final String TRUST_STORE = "ssl/java_client_truststore.pkcs12";
+ private static final String BROKER_TRUST_STORE_PATH = "classpath:ssl/java_broker_truststore.pkcs12";
+ private static final String BROKER_TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD;
private final Broker _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -80,8 +95,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -95,7 +110,7 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
attributes.put(FileTrustStore.PASSWORD, "wrong");
try
@@ -114,8 +129,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_PEERSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_PEERSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, PEER_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, PEER_STORE_PASSWORD);
attributes.put(FileTrustStore.PEERS_ONLY, true);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -131,8 +146,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -142,9 +157,9 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
- TestSSLConstants.KEYSTORE_PASSWORD,
- KeyStore.getDefaultType());
+ KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
+ KEYSTORE_PASSWORD,
+ "pkcs12");
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -155,8 +170,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
attributes.put(FileTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -167,9 +182,9 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
- TestSSLConstants.KEYSTORE_PASSWORD,
- KeyStore.getDefaultType());
+ KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
+ KEYSTORE_PASSWORD,
+ KeyStore.getDefaultType());
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -195,12 +210,12 @@ public class FileTrustStoreTest extends QpidTestCase
public void testCreateTrustStoreFromDataUrl_Success() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -212,7 +227,7 @@ public class FileTrustStoreTest extends QpidTestCase
public void testCreateTrustStoreFromDataUrl_WrongPassword() throws Exception
{
- String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+ String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE);
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
@@ -237,7 +252,7 @@ public class FileTrustStoreTest extends QpidTestCase
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
try
@@ -257,12 +272,12 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
FileTrustStore<?> fileTrustStore = (FileTrustStore<?>) _factory.create(TrustStore.class, attributes, _broker);
- assertEquals("Unexpected path value before change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl());
+ assertEquals("Unexpected path value before change", TRUST_STORE_PATH, fileTrustStore.getStoreUrl());
try
{
@@ -278,16 +293,16 @@ public class FileTrustStoreTest extends QpidTestCase
assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate trust store"));
}
- assertEquals("Unexpected path value after failed change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl());
+ assertEquals("Unexpected path value after failed change", TRUST_STORE_PATH, fileTrustStore.getStoreUrl());
Map<String,Object> changedAttributes = new HashMap<>();
- changedAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_TRUSTSTORE);
- changedAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+ changedAttributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH);
+ changedAttributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
fileTrustStore.setAttributes(changedAttributes);
assertEquals("Unexpected path value after change that is expected to be successful",
- TestSSLConstants.BROKER_TRUSTSTORE,
+ BROKER_TRUST_STORE_PATH,
fileTrustStore.getStoreUrl());
}
@@ -295,8 +310,8 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, KEYSTORE_PASSWORD);
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -307,8 +322,9 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -333,10 +349,11 @@ public class FileTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, "myFileTrustStore");
- attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
- attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+ attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
- TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
+ TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
Port<?> port = mock(Port.class);
when(port.getTrustStores()).thenReturn(Collections.<TrustStore>singletonList(fileTrustStore));
@@ -354,9 +371,29 @@ public class FileTrustStoreTest extends QpidTestCase
}
}
- private static String createDataUrlForFile(String filename)
+ public static String createDataUrlForFile(String filename) throws IOException
{
- byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
- return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+ InputStream in = null;
+ try
+ {
+ File f = new File(filename);
+ if (f.exists())
+ {
+ in = new FileInputStream(f);
+ }
+ else
+ {
+ in = Thread.currentThread().getContextClassLoader().getResourceAsStream(filename);
+ }
+ byte[] fileAsBytes = ByteStreams.toByteArray(in);
+ return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+ }
+ finally
+ {
+ if (in != null)
+ {
+ in.close();
+ }
+ }
}
}
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
index 4cd7e6f..e4e14d1 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
@@ -24,16 +24,12 @@ import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyLong;
import static org.mockito.Matchers.argThat;
-import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.mockito.internal.verification.VerificationModeFactory.times;
-import javax.net.ssl.KeyManager;
-import javax.xml.bind.DatatypeConverter;
-
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
@@ -49,6 +45,9 @@ import java.util.Map;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
+import javax.net.ssl.KeyManager;
+import javax.xml.bind.DatatypeConverter;
+
import org.mockito.ArgumentMatcher;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
@@ -68,6 +67,8 @@ import org.apache.qpid.test.utils.TestFileUtils;
public class NonJavaKeyStoreTest extends QpidTestCase
{
+ private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12";
+
private final Broker<?> _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -111,10 +112,10 @@ public class NonJavaKeyStoreTest extends QpidTestCase
}
}
- private File[] extractResourcesFromTestKeyStore(boolean pem) throws Exception
+ private File[] extractResourcesFromTestKeyStore(boolean pem, final String storeResource) throws Exception
{
java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
- try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+ try(InputStream is = getClass().getResourceAsStream(storeResource))
{
ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
}
@@ -186,7 +187,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
private void runTestCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDerFormat(boolean isPEM)throws Exception
{
- File[] resources = extractResourcesFromTestKeyStore(isPEM);
+ File[] resources = extractResourcesFromTestKeyStore(isPEM, KEYSTORE);
_testResources.addAll(Arrays.asList(resources));
Map<String,Object> attributes = new HashMap<>();
@@ -206,7 +207,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
public void testCreationOfTrustStoreFromValidPrivateKeyAndInvalidCertificate()throws Exception
{
- File[] resources = extractResourcesFromTestKeyStore(true);
+ File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE);
_testResources.addAll(Arrays.asList(resources));
File invalidCertificate = TestFileUtils.createTempFile(this, ".invalid.cert", "content");
@@ -231,7 +232,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
public void testCreationOfTrustStoreFromInvalidPrivateKeyAndValidCertificate()throws Exception
{
- File[] resources = extractResourcesFromTestKeyStore(true);
+ File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE);
_testResources.addAll(Arrays.asList(resources));
File invalidPrivateKey = TestFileUtils.createTempFile(this, ".invalid.pk", "content");
@@ -274,15 +275,16 @@ public class NonJavaKeyStoreTest extends QpidTestCase
{
when(_broker.scheduleHouseKeepingTask(anyLong(), any(TimeUnit.class), any(Runnable.class))).thenReturn(mock(ScheduledFuture.class));
- java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
- try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+ java.security.KeyStore ks = java.security.KeyStore.getInstance("pkcs12");
+ final String storeLocation = KEYSTORE;
+ try(InputStream is = getClass().getResourceAsStream(storeLocation))
{
ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
}
X509Certificate cert = (X509Certificate) ks.getCertificate("rootca");
int expiryDays = (int)((cert.getNotAfter().getTime() - System.currentTimeMillis()) / (24l * 60l * 60l * 1000l));
- File[] resources = extractResourcesFromTestKeyStore(false);
+ File[] resources = extractResourcesFromTestKeyStore(false, storeLocation);
_testResources.addAll(Arrays.asList(resources));
Map<String,Object> attributes = new HashMap<>();
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
index e6276a7..3ab6f83 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
@@ -48,6 +48,8 @@ import org.apache.qpid.test.utils.TestSSLConstants;
public class NonJavaTrustStoreTest extends QpidTestCase
{
+ private static final String EXPIRED_KEYSTORE = "ssl/java_client_expired_keystore.pkcs12";
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
private final Broker<?> _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -69,7 +71,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
- attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.crt").toExternalForm());
+ attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.crt").toExternalForm());
attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -85,7 +87,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
Map<String,Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
- attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/expired.crt").toExternalForm());
+ attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/expired.crt").toExternalForm());
attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -96,9 +98,9 @@ public class NonJavaTrustStoreTest extends QpidTestCase
assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
- KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
- TestSSLConstants.KEYSTORE_PASSWORD,
- KeyStore.getDefaultType());
+ KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE,
+ KEYSTORE_PASSWORD,
+ "PKCS12");
String alias = clientStore.aliases().nextElement();
X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
@@ -126,7 +128,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
{
Map<String,Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
- attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.req").toExternalForm());
+ attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.req").toExternalForm());
attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
try
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
index 2ac12f6..f012173 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
@@ -59,6 +59,8 @@ public class SiteSpecificTrustStoreTest extends QpidTestCase
{
private static final String EXPECTED_SUBJECT = "CN=localhost,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown";
private static final String EXPECTED_ISSUER = "CN=MyRootCA,O=ACME,ST=Ontario,C=CA";
+ private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12";
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
private final Broker<?> _broker = mock(Broker.class);
private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
private final Model _model = BrokerModel.getInstance();
@@ -248,8 +250,8 @@ public class SiteSpecificTrustStoreTest extends QpidTestCase
private ServerSocket createTestSSLServerSocket() throws Exception
{
- char[] keyPassword = TestSSLConstants.KEYSTORE_PASSWORD.toCharArray();
- try(InputStream inputStream = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+ char[] keyPassword = KEYSTORE_PASSWORD.toCharArray();
+ try(InputStream inputStream = getClass().getResourceAsStream(KEYSTORE))
{
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
diff --git a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
index f152796..3dcddff 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
@@ -38,13 +38,23 @@ import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
public class TrustManagerTest extends QpidTestCase
{
- private static final String STORE_TYPE = "JKS";
+ private static final String STORE_TYPE = "pkcs12";
private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
+ private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+ private static final String PEER_STORE = "ssl/java_broker_peerstore.pkcs12";
+ private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD;
+ private static final String KEYSTORE = "ssl/java_client_keystore.pkcs12";
+ private static final String CERT_ALIAS_APP_1 = TestSSLConstants.CERT_ALIAS_APP1;
+ private static final String CERT_ALIAS_APP_2 = TestSSLConstants.CERT_ALIAS_APP2;
+ private static final String TRUST_STORE = "ssl/java_broker_truststore.pkcs12";
+ private static final String TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD;
+ private static final String CERT_ALIAS_UNTRUSTED_CLIENT = TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT;
+ private static final String UNTRUSTED_KEYSTORE = "ssl/java_client_untrusted_keystore.pkcs12";
// retrieves the client certificate's chain from store and returns it as an array
private X509Certificate[] getClientChain(final String storePath, final String alias) throws Exception
{
- final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, TestSSLConstants.KEYSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, KEYSTORE_PASSWORD, STORE_TYPE);
final Certificate[] chain = ks.getCertificateChain(alias);
return Arrays.copyOf(chain, chain.length, X509Certificate[].class);
}
@@ -56,7 +66,7 @@ public class TrustManagerTest extends QpidTestCase
while (aliases.hasMoreElements())
{
final String alias = aliases.nextElement();
- if (!alias.equalsIgnoreCase(TestSSLConstants.CERT_ALIAS_APP1))
+ if (!alias.equalsIgnoreCase(CERT_ALIAS_APP_1))
{
fail("Broker's peer store contains other certificate than client's app1 public key");
}
@@ -70,7 +80,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidPeersOnlyTrustManager() throws Exception
{
// first let's check that peer manager loaded with the PEERstore succeeds
- final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
this.noCAinPeerStore(ps);
final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
@@ -90,7 +100,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// since broker's peerstore contains the client's app1 certificate, the check should succeed
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException e)
{
@@ -100,7 +110,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// since broker's peerstore does not contain the client's app2 certificate, the check should fail
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
fail("Untrusted client's validation against the broker's peer store manager succeeded.");
}
catch (CertificateException e)
@@ -111,7 +121,7 @@ public class TrustManagerTest extends QpidTestCase
// now let's check that peer manager loaded with the brokers TRUSTstore fails because
// it does not have the clients certificate in it (though it does have a CA-cert that
// would otherwise trust the client cert when using the regular trust manager).
- final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -131,7 +141,7 @@ public class TrustManagerTest extends QpidTestCase
{
// since broker's truststore doesn't contain the client's app1 certificate, the check should fail
// despite the fact that the truststore does have a CA that would otherwise trust the cert
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
fail("Client's validation against the broker's peer store manager didn't fail.");
}
catch (CertificateException e)
@@ -143,7 +153,7 @@ public class TrustManagerTest extends QpidTestCase
{
// since broker's truststore doesn't contain the client's app2 certificate, the check should fail
// despite the fact that the truststore does have a CA that would otherwise trust the cert
- peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
fail("Client's validation against the broker's peer store manager didn't fail.");
}
catch (CertificateException e)
@@ -159,7 +169,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidMultipleTrustManagerWithRegularTrustStore() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
- final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -178,8 +188,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app1 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException ex)
{
@@ -189,8 +198,7 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app2 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
}
catch (CertificateException ex)
{
@@ -200,8 +208,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted cert (should fail)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
- TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+ CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -217,7 +225,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidMultipleTrustManagerWithPeerStore() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
- final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -236,8 +244,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the trusted app1 cert (should succeed as the key is in the peerstore)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException ex)
{
@@ -247,8 +255,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted app2 cert (should fail as the key is not in the peerstore)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_2), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -259,8 +267,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted cert (should fail as the key is not in the peerstore)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
- TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+ CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -277,7 +285,7 @@ public class TrustManagerTest extends QpidTestCase
public void testQpidMultipleTrustManagerWithTrustAndPeerStores() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
- final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -293,7 +301,7 @@ public class TrustManagerTest extends QpidTestCase
}
assertTrue("The regular trust manager for the trust store was not added", trustManagerAdded);
- final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+ final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -312,8 +320,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app1 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_1), "RSA");
}
catch (CertificateException ex)
{
@@ -323,8 +331,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the CA-trusted app2 cert (should succeed)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
- TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+ CERT_ALIAS_APP_2), "RSA");
}
catch (CertificateException ex)
{
@@ -334,8 +342,8 @@ public class TrustManagerTest extends QpidTestCase
try
{
// verify the untrusted cert (should fail)
- mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
- TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+ mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+ CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
diff --git a/broker-core/src/test/resources/ssl/expired.crt b/broker-core/src/test/resources/ssl/expired.crt
new file mode 100644
index 0000000..933330a
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/expired.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAaegAwIBAgIEAjtn8zANBgkqhkiG9w0BAQ0FADAQMQ4wDAYDVQQDEwVV
+U0VSMTAeFw0xMDAxMDEyMjQ0MjVaFw0xMDAxMDIyMjQ0MjVaMBAxDjAMBgNVBAMT
+BVVTRVIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2wa5um63bXJ
+j7jv3pfhDgkvwE9hfM/DLv1rmkq2Psepefb40VJng61WiTeLNWdXrAJ+ui5iHTCn
+8n+iqaucaPv4mOwH3j57CCLRvFrFSp/cUx2oZ3Zx1DfaSgfIc5F8AJQvYrtCxa6m
+eYCoUJ3BZqARiKc6fk/RtACB1YI9mCDYOgnntNhEwMkRTuPqholyaL1fmw51EDGH
+iGCQwsxj+YMLkuK2aQAs498NcA6fzui0Ey3MJ6LmLYbOSKqZ1cBzC4YfSGH921Ic
+4YDgsvQ1io1zN4AJFHj8ld5rlDCTElgUFmkm2wCLvQAQ9+5MB4fDVLFldpHHBgX2
+0097qFSAEwIDAQABoyEwHzAdBgNVHQ4EFgQUZ30jJvIgSSRkltqIKv7UgEYnlvUw
+DQYJKoZIhvcNAQENBQADggEBABYZ+ZwbRnJvfjnFq9c+GV5/7FJOTlO0SVAVZrYJ
+HzquTr3mFDkhOc6aDlaNGiFAJcs6Udj3MvV7J+Uuai9oJDmVCt94HZL3k09G+z1b
+A3BorBKWDYm2L9CKpjUgD0VY40Tc2yNVyrzCbdjVnBkrLKiAirSrb5NJK2lnJg4Y
+TB7TiAnSydfRWUyUo8/wEMgIo4o0vuB7AnBQFhCd0XRmxBNoBZ19f+R041I6CQ0L
+9jc172XWHL1o111/RS7M8qLcWxi11DN62p6IKNT32DnhVV0RFnfVTQDaQ9qsPFmg
+Dngy+2weYwc6hEKhnunGrv0LNoqp6lQbOZO4c4v0/ynBHf4=
+-----END CERTIFICATE-----
diff --git a/broker-core/src/test/resources/ssl/java_broker.crt b/broker-core/src/test/resources/ssl/java_broker.crt
new file mode 100644
index 0000000..4e5c086
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/java_broker.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC
+Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
+Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE
+BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno
+In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee
+UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw
+Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP
+Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj
+lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ
+wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu
+WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh
+7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc
+8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy
+NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa
+FVo105jdjqfMxt8FRNuQ05vYEQ==
+-----END CERTIFICATE-----
diff --git a/broker-core/src/test/resources/ssl/java_broker.req b/broker-core/src/test/resources/ssl/java_broker.req
new file mode 100644
index 0000000..c618dd3
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/java_broker.req
@@ -0,0 +1,18 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93
+bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH
+VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz
+y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi
+rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj
+3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf
+PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc
+RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO
+MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN
+BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7
+UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv
+hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN
+jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9
+YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL
+FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I=
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
new file mode 100644
index 0000000..9bfe301
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
new file mode 100644
index 0000000..b45991f
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
new file mode 100644
index 0000000..a5b307f
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
new file mode 100644
index 0000000..4184adf
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
new file mode 100644
index 0000000..cb9b876
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
new file mode 100644
index 0000000..9422d9a
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
new file mode 100644
index 0000000..1b45a23
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12
new file mode 100644
index 0000000..8b0b023
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/test_keystore.jks b/broker-core/src/test/resources/ssl/test_keystore.jks
index 941fc7e..afa9d02 100644
Binary files a/broker-core/src/test/resources/ssl/test_keystore.jks and b/broker-core/src/test/resources/ssl/test_keystore.jks differ
diff --git a/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
new file mode 100644
index 0000000..b45991f
Binary files /dev/null and b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/CA_db/cert8.db b/test-profiles/test_resources/ssl/CA_db/cert8.db
deleted file mode 100644
index a3f6c20..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/cert8.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/CA_db/cert9.db b/test-profiles/test_resources/ssl/CA_db/cert9.db
new file mode 100644
index 0000000..2bed63c
Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/cert9.db differ
diff --git a/test-profiles/test_resources/ssl/CA_db/key3.db b/test-profiles/test_resources/ssl/CA_db/key3.db
deleted file mode 100644
index ccde375..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/key3.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/CA_db/key4.db b/test-profiles/test_resources/ssl/CA_db/key4.db
new file mode 100644
index 0000000..4562b1a
Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/key4.db differ
diff --git a/test-profiles/test_resources/ssl/CA_db/pkcs11.txt b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt
new file mode 100644
index 0000000..beb8e0f
--- /dev/null
+++ b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='CA_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/test-profiles/test_resources/ssl/CA_db/rootca.crt b/test-profiles/test_resources/ssl/CA_db/rootca.crt
index eeced5a..b9356b6 100644
--- a/test-profiles/test_resources/ssl/CA_db/rootca.crt
+++ b/test-profiles/test_resources/ssl/CA_db/rootca.crt
@@ -1,13 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICDDCCAXWgAwIBAgIFAKI1edswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDETCCAfmgAwIBAgIFALBcSiAwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMxOTIyMzUyOVoXDTIwMDMxOTIyMzUyOVowQTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDM1OVoXDTI0MDIyNzE2MDM1OVowQTELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMT
-CE15Um9vdENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjbsB++rgz0Kl9
-4VLr/03Tgab+xxf1krNdxriCMf7dd2cOQbHt3ytDeLroR/TH2Jqkv6MuXRlYHByw
-Oa3tqqX9pfCJDMnLiUZ97coeaZdtlLaHsVdp0KUiRPT+aUxbGW4n7r9o/5ahCoDV
-gxWsU0JXlHMI8eRh/smNVWf2AgQKBwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBAKfUcPQHf8Qs5UdLWyOSlnAB3fVjFjZHgBXdGAsZNFMY
-/Grjl1lGc7KJSvm6ICMD1Dq4rHrw1i4KwaeyuCfMgZ5RpsNXNoVVtCms4vD/FbSw
-Vde4OfEDiHcOy5Pd/ovnwPd6znHlYIXWZ3SEBs4MKzWW8BnwOEO+FAog0rAOE9N+
+CE15Um9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7wfxIsA
+yM7HhpEfHy0rEBrhfwCTf/dO/x6DFKjYfxKuhbFcHuBWHhq60mn04Wfo0kwCSZSE
+sabJvba5iHAztzHUeLBTyg9fy57tlNs0sQMqXCD3bwa1HBGgMt5A05zSmi9ZklwH
+xrfB8nbSePD/V1tmwjXvWYx/G2xnRHZbs8dS000DteI2yq8O1i/NJst8KrifxgE2
+RzfNqSLxrmEzZAe5lt2eGIxr+UatR/AKXFixfKEK523Rq9CnJ7Fdgzt0WebbhUwg
+4A0AIJk4h6WKTB+RwdWT9Dgzc+qSkjHco9vqToF92QfQOygPjDSjWKHwPyTskuYf
+W9EohouHZWjsXQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUA
+A4IBAQCYi9vsfbIRihVyVQ8R1xBD+v7HZ31Se4v3ODQ9xD4DBE4qcE4kYTmFdRoD
+5WIm9O2w20Iz4icVr1iyOlund9psL3CSklPVUqGIGQXfzxfI9Dgi+NicIWDFhHra
+hfeYl2Tg4lkkodTewVMdiigh7MBdWnr3j/xEIWxcvD3x5ymXPV6PU9mzn8r/tcNC
+A+07I0eCqcAYHDTEQxumiTBObymnnABYr0lDa+baWrW2YuLx+I5I+rHFEnuy9vDn
+rN0kZuG32V5cIAavDZWkUrxR87TsJ0gxv/cbFU+J2x4Z6X8ryI2HhLujxqXmTzSH
+5Bq18bki5O4kqJFY4CA/N+035Yta
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/CA_db/secmod.db b/test-profiles/test_resources/ssl/CA_db/secmod.db
deleted file mode 100644
index 0c0a006..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/secmod.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/app1.crt b/test-profiles/test_resources/ssl/app1.crt
index 5b32b12..edc890f 100644
--- a/test-profiles/test_resources/ssl/app1.crt
+++ b/test-profiles/test_resources/ssl/app1.crt
@@ -1,18 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIC4TCCAkqgAwIBAgIFAKI1xIUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDYjCCAkqgAwIBAgIFALBcS8MwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMyMDAxMjE1MloXDTIwMDMyMDAxMjE1MlowYTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDcxNloXDTI0MDIyNzE2MDcxNlowYTELMAkGA1UE
BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh
Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGd
-w6z5zPWZ83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtq
-xaYO/Ovt4xGsNspcpcSNVPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmg
-TuyAXPbunwu4poPaWOy0JBTSsS8LPGgofE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sL
-iA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9BrjJvJGfL9UydpjiIl25uMA
-PTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcDAgMBAAGj
-QTA/MB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAJBgNVHRMEAjAAMBMG
-A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBABr7BxsqDpHy2tOo
-F39pthuSpHBh37fxtSCJKMigMFjRUCpLYosMefixVYGT8IAhJ+KSzAg48SKmD0b5
-9R4NZXP16Mbs6U9Air8CSANsfpcG4nJu+QiTIu6RAQOwt+dlYfRe/OkNpunzJBzb
-eAEMdf1CrEFtQi/hniiLffjyk7ln
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNdGrF7GBnVVvkrwzu9xo7scIEUll
+82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecruhfx4jcmaEXwdixuDpCnw1fZ1xfC7
+AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG2Fm6FlZAwQyhfagnA4VBxthFlhGw
+D7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVBVnENmdCg4Xd3WtnPV/boWSUR6Obk
+M7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2ei1eaY0GMnRquW4hyYYw8JXVO3Ji
+JtchVlUo7SL2gDuGmpk+/yceitJWn2e482lgURuVRFSwSgSqEkZrjCSpAgMBAAGj
+QTA/MB0GA1UdDgQWBBTDC6GBKI/QRwIZlVC8SJN6V/6OxDAJBgNVHRMEAjAAMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQBjNo/6CYFVU21q
+TWW88eG1J/I6e+vv9hjNWuxtsOuWUzoepNFAa7gY1C5jMHMe1hXl9hK4mHm/D1o2
+5i3FERDyLz5x6a0oQP6T8F+BLfg8YGfbrcCuZPInPKgw5bc2xRVJc8zaZM5EBw1+
+U80+o5Er2XU/MSfJ6vfsNjZ7aGOo/ssQwBarKGHUwQTazgwRy+kVh9aZf+Vadbnx
+u3mtV6md9EMLfRzOKfTrdlHrS1CgUTKn+LmwSsBNomxXJcW0gpWIx4hoCd07vJCj
+WAvAeHdzAVSiAKkJ42ikOd7g5pXUFkpcNlIyfLpJGwTZYNSCx0eXuSUt3cLA+7V/
+2wXQNMED
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/app1.req b/test-profiles/test_resources/ssl/app1.req
index 318715d..f1f90e0 100644
--- a/test-profiles/test_resources/ssl/app1.req
+++ b/test-profiles/test_resources/ssl/app1.req
@@ -1,15 +1,18 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv
-MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGdw6z5zPWZ
-83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtqxaYO/Ovt4xGsNspcpcSN
-VPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmgTuyAXPbunwu4poPaWOy0JBTSsS8LPGgo
-fE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sLiA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9Brj
-JvJGfL9UydpjiIl25uMAPTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcD
-AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAN
-BgkqhkiG9w0BAQUFAAOCAQEAMlm/PeNAirN/c6KWkVNYBYk1RosQ0TVoRLnrKON/HHcHSlA6YCAD
-LLc2S8fTEjxKoOU3G1pL3s6nD1GKETF/k9Wm9VAK2lg9daG35p5RaEFwLc3r9PVMLNYcnOSXV4tj
-9S7L2FH2mxinj9vs7VYe6ZmI2vp2ts0P5/k4dX/vAQAkS8y6A+gxVzUeeDFT2+WQtmRG/mPfU9Ic
-9w965Po0Dd7cQPgwS7WQoVHovSjIvNXhm6aNki9uyWoDIE4cR2QcHRC6YBlxRiEq6uW87FBgrCH+
-ooLiZS/+p8TWCRro3HvsFRrrCTE+gFK8c3ouueIzmvu4+SKB0lPJOdnhoUsOaw==
+MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH
+EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM
+DWFwcDFAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX
+NdGrF7GBnVVvkrwzu9xo7scIEUll82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecru
+hfx4jcmaEXwdixuDpCnw1fZ1xfC7AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG
+2Fm6FlZAwQyhfagnA4VBxthFlhGwD7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVB
+VnENmdCg4Xd3WtnPV/boWSUR6ObkM7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2
+ei1eaY0GMnRquW4hyYYw8JXVO3JiJtchVlUo7SL2gDuGmpk+/yceitJWn2e482lg
+URuVRFSwSgSqEkZrjCSpAgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
+BBTDC6GBKI/QRwIZlVC8SJN6V/6OxDANBgkqhkiG9w0BAQ0FAAOCAQEAVQ6eZDo+
+aW/JjTsK1duwqkpxWcGWyNApOaEETnunCFUsTYcN3zId7107gNMlKSQrQOztYFNc
+OKjDOicKHSoYoh+qRxprB4CPrhdNMXrtjFUOCDA+eLvf7kHn9hcOzg8XkgDOFVOs
+x61krLsN5jo2pfqdiPj13ilas7lBy4/WjEnazg/g/ckWAbYp2Rec47UnAGi5LB9h
+cgO/+vZUpmCCfHCURBC1qwk9UdbXlaDZcbITszvR86PZ6ztkDO9dxbDDvCHydvcD
+jaEHdvpSlC2WiWc4R/Tjq+xYQkRayPHYzHF1w3YYEbpuQOZwiuzYlQrZnOyH+oVC
+/0qy57VDVqP/HA==
-----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/app2.crt b/test-profiles/test_resources/ssl/app2.crt
index a8fe410..5693e43 100644
--- a/test-profiles/test_resources/ssl/app2.crt
+++ b/test-profiles/test_resources/ssl/app2.crt
@@ -1,18 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIC4TCCAkqgAwIBAgIFAKI1xCswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDZTCCAk2gAwIBAgIFALBcS6owDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMyMDAxMjEwNVoXDTIwMDMyMDAxMjEwNVowYTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDcwM1oXDTI0MDIyNzE2MDcwM1owYTELMAkGA1UE
BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh
Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2
-czDTsr93D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaG
-gD3ggIl9Ws5hUgfxJCWBg7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4b
-wvU6wxGK2uUoruXE/iti/+jtzxjq0PO7ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdet
-XlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5JwIww6oyTDVvXc1kCw0Q
-CtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkRAgMBAAGj
-QTA/MB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAJBgNVHRMEAjAAMBMG
-A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJnedohhbqoY7O6o
-Am+hPScBCng/fl0erVjexL9W8l8g5NvIGgioUfjUDvGOnwB5LOoTnZUCRaLFhQFc
-GFMIjdHpg0qt/QkEFX/0m+849RK6muHT1CNlcXtCFXwPTJ+9h+1auTP+Yp/6ii9S
-U3W1dzYawy2p9IhkMZEpJaHCLnaC
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXMCZtW+a6JxuA2fN45Ta/0ilUqfme
+r+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNWjscgGhtxeY9nw3u+NaxFJxuQrKLu
+nnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poTeunv6MHVdujehJOCph6zDEANjT2f
+gHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoziQ0OopIqFSF/FhFZDK4bJFruAJJc
+0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri9J/GUlnXmN9nk6v5FybDjH6u9jcd
+9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZZWy1c7hfzktCvjW5Y7R7AgMBAAGj
+RDBCMB0GA1UdDgQWBBTzMIzbe9uahZhnVxRWUyelP3jc9TAMBgNVHRMBAf8EAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQAJMyC3QdIH
+ZwdUYKiwAl7W89CarMjCEH960fhHAcyliGYTtRj7aMEkWpFvR16yuRHfbiE4XZ71
+ClySvZxVl9DBcpSx69PBiRELd1wpRk5YP/1mxPtS85JlRCMVG92dizL0jSvugDcp
+pfTR9ifCK9skHrHMRvsmh7w4L2YX1IJXSORjzTHTOpqLM1vDERximf16C5ZPMhbJ
+F3jP8+k74/o3gDTttR/89M8bg5Xi/7VW4CWcBZTWnp43y8UlncbWRRwYMnJ7UAva
+7Dg0un/Nu4K/ggALmzsB3x4XBMvzIFf0orhRuFqS7BCqFg5ZavpMPHwDX7dFEjIC
+BsUjFnrzaxHI
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/app2.req b/test-profiles/test_resources/ssl/app2.req
index cfd67b5..61235b0 100644
--- a/test-profiles/test_resources/ssl/app2.req
+++ b/test-profiles/test_resources/ssl/app2.req
@@ -1,15 +1,18 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv
-MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2czDTsr93
-D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaGgD3ggIl9Ws5hUgfxJCWB
-g7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4bwvU6wxGK2uUoruXE/iti/+jtzxjq0PO7
-ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdetXlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5
-JwIww6oyTDVvXc1kCw0QCtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkR
-AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAN
-BgkqhkiG9w0BAQUFAAOCAQEAIk5xvkcSXoDDsqarHHbeBsYd1WIQbbNyDB4+9GlooI/0igSy6pIm
-wulHIvmXDuMZbYx+mNmVhapEyOWC0Yq4nnAbIkFDQOZ8ac3IdwiP8rf+FziaU49CPH7PvVRmI1dO
-X/cgJobj3EytaCh1+xvDxJuRvQ3UL+MoL3KJxS+JAhH0QYT7ZoXBLfz4UHjVJn/fG4tsrAzdtjsG
-1DHiyaarUxjFqfE8IsaqaT2r1MhFVI0EXDbskCtVDf8x4RbCbBfooerkca4JbdhNfzHXVeq3NjkQ
-NhYdRwwlAWr3bWEhc3F1rHYPnN5C0tonxnz71Emt3zfzO4XYaXePQTm+3JCSEw==
+MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH
+EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM
+DWFwcDJAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX
+MCZtW+a6JxuA2fN45Ta/0ilUqfmer+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNW
+jscgGhtxeY9nw3u+NaxFJxuQrKLunnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poT
+eunv6MHVdujehJOCph6zDEANjT2fgHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoz
+iQ0OopIqFSF/FhFZDK4bJFruAJJc0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri
+9J/GUlnXmN9nk6v5FybDjH6u9jcd9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZ
+ZWy1c7hfzktCvjW5Y7R7AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
+BBTzMIzbe9uahZhnVxRWUyelP3jc9TANBgkqhkiG9w0BAQ0FAAOCAQEAKstPTwyn
+rn7dC+5SeP1ww6bMp77+KdQFu7aJ3Ul2xt6ICp0GkH5motvFx+dw5im8la4NH6Y7
+ZQS9eeoT6Zfi76Ve1wSVE2Gu0k9KgGXXW8ZodKml5vK89jf/3Fsy/058coOjsUDI
+iZqGajqiZshpmIpCJP3PPGA1Db30RY93U3iJAEwJCAXhGEd7EXV5iP3HA8wzuwws
+7osIz2oixsM/6Btf0+7FBt7AtqkknuDcw1Z/ZoUc5iIpMnGTtoajXnpNs7VgpngU
+bjMhgJSEOyjZrPn1VxtP23KVWm3+aAs/3gGW058ku3NYXg9H8FLysUNackZlnxqz
+dvTNaLl4FIUgiw==
-----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/generate-java-keystores.sh b/test-profiles/test_resources/ssl/generate-java-keystores.sh
index ba51b98..f6c8e82 100755
--- a/test-profiles/test_resources/ssl/generate-java-keystores.sh
+++ b/test-profiles/test_resources/ssl/generate-java-keystores.sh
@@ -21,53 +21,53 @@
echo "Remove existing keystore for Apache Qpid Broker-J "
rm java_broker_keystore.jks
echo "Re-create keystore for Apache Qpid Broker-J by importing RootCA certificate"
-keytool -import -v -keystore java_broker_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_broker_keystore.jks -keysize 2048 -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "Generate certificate key 'java-broker'"
-keytool -genkey -alias java-broker -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
+keytool -genkey -alias java-broker -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -storetype pkcs12
echo "Export certificate signing request"
-keytool -certreq -alias java-broker -sigalg SHA1withRSA -keystore java_broker_keystore.jks -storepass password -v -file java-broker.req
+keytool -certreq -alias java-broker -sigalg SHA512withRSA -keystore java_broker_keystore.jks -storepass password -v -file java_broker.req -storetype pkcs12
echo "Sign certificate by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i java-broker.req -o java-broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i java_broker.req -o java_broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -g 4096
echo "Import signed certificate"
-keytool -import -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java-broker.crt
+keytool -importcert -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java_broker.crt -storetype pkcs12 -noprompt
echo "List keystore entries"
-keytool --list --keystore java_broker_keystore.jks -storepass password
+keytool --list --keystore java_broker_keystore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing client keystore"
rm java_client_keystore.jks
echo "Re-create client keystore by importing RootCA certificate"
-keytool -import -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "Generate key for certificate 'app2'"
-keytool -genkey -alias app2 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"
+keytool -genkey -alias app2 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12
echo "Export certificate signing request for 'app2'"
-keytool -certreq -alias app2 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req
+keytool -certreq -alias app2 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req -storetype pkcs12
echo "Sign certificate 'app2' by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512
echo "Import signed certificate 'app2'"
-keytool -import -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt
+keytool -importcert -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt
echo "Generate key for certificate 'app1'"
-keytool -genkey -alias app1 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"
+keytool -genkey -alias app1 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12
echo "Export certificate signing request for 'app1'"
-keytool -certreq -alias app1 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req
+keytool -certreq -alias app1 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req
echo "Sign certificate 'app1' by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation of root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512
echo "Import signed certificate 'app1'"
-keytool -import -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt
+keytool -importcert -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt
echo "List entries in client keystore"
keytool --list --keystore java_client_keystore.jks -storepass password
@@ -75,23 +75,55 @@ read -p "Press [Enter] key to continue..."
echo "Remove existing client truststore"
rm java_client_truststore.jks
echo "Re-create client truststore by importing RootCA certificate"
-keytool -import -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "List entries in client trusttore"
-keytool --list --keystore java_client_truststore.jks -storepass password
+keytool --list --keystore java_client_truststore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing broker truststore"
rm java_broker_truststore.jks
echo "Re-create broker truststore by importing RootCA certificate"
-keytool -import -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "List entries in broker truststore"
-keytool --list --keystore java_broker_truststore.jks -storepass password
+keytool --list --keystore java_broker_truststore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing broker peerstore"
rm java_broker_peerstore.jks
echo "Re-create broker peerstore by importing app1 certificate"
-keytool -import -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt
+keytool -importcert -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt -storetype pkcs12 -noprompt
echo "List entries in broker peerstore"
-keytool --list --keystore java_broker_peerstore.jks -storepass password
+keytool --list --keystore java_broker_peerstore.jks -storepass password -storetype pkcs12
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_keystore.jks
+keytool -importcert -v -alias app1 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt
+keytool -importcert -v -alias app2 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12
+keytool -delete -v -alias rootca -keystore ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 -storepass password
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12
+keytool -delete -v -alias java-broker -keystore ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 -storepass password
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12
+keytool -genseckey -alias testalias -keyalg AES -keysize 256 -storetype pkcs12 -keystore ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 -storepass password
+
+cp java_broker.req ../../../broker-core/src/test/resources/ssl/java_broker.req
+cp java_broker.crt ../../../broker-core/src/test/resources/ssl/java_broker.crt
+
+cp expired.crt ../../../broker-core/src/test/resources/ssl/expired.crt
+cp java_client_expired_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
+cp java_broker_expired_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
+
+cp java_broker_peerstore.jks ../../../broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
+cp java_broker_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
+cp java_broker_keystore.jks ../../../systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
+cp java_client_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
+cp java_client_truststore.jks ../../../broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
+
+rm java_client_untrusted_keystore.jks
+keytool -genkey -keystore java_client_untrusted_keystore.jks -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -alias untrusted_client -storepass password -storetype pkcs12 -dname "CN=untrusted_client"
+cp java_client_untrusted_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12
+
diff --git a/test-profiles/test_resources/ssl/generate-root-ca.sh b/test-profiles/test_resources/ssl/generate-root-ca.sh
index ca14727..14d760c 100755
--- a/test-profiles/test_resources/ssl/generate-root-ca.sh
+++ b/test-profiles/test_resources/ssl/generate-root-ca.sh
@@ -19,7 +19,7 @@
#
echo "Create a new certificate database for root CA"
-rm CA_db/*
+rm -fr CA_db; mkdir CA_db
certutil -N -d CA_db
echo "Create the self-signed Root CA certificate by entering:"
@@ -27,23 +27,23 @@ echo " password which was specified on creation of root CA database."
echo " y for 'Is this a CA certificate [y/N]?'"
echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
-certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA1 -v 60
+certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA512 -v 60 -g 2048
echo "Extract the CA certificate from the CA’s certificate database to a file."
certutil -L -d CA_db -n "MyRootCA" -a -o CA_db/rootca.crt
echo "Create a certificate database for the Qpid Broker."
-rm server_db/*
+rm -fr server_db; mkdir server_db
certutil -N -d server_db
echo "Import the CA certificate into the broker’s certificate database"
certutil -A -d server_db -n "MyRootCA" -t "TC,," -a -i CA_db/rootca.crt
echo "Create the server certificate request"
-certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA1
+certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA512
echo "Sign and issue a new server certificate by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation of root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA512 -g 2048
echo "Import signed certificate to the broker’s certificate database"
certutil -A -d server_db -n localhost.localdomain -a -i server_db/server.crt -t ",,"
diff --git a/test-profiles/test_resources/ssl/java_broker.crt b/test-profiles/test_resources/ssl/java_broker.crt
index 9b88c04..4e5c086 100644
--- a/test-profiles/test_resources/ssl/java_broker.crt
+++ b/test-profiles/test_resources/ssl/java_broker.crt
@@ -1,15 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIICVzCCAcCgAwIBAgIFAJcmLgUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTEyMDIxNzIzMzgxM1oXDTE1MDMxNzIzMzgxM1owejEQMA4GA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE
BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
-MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMVbG9j
-YWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1
-OsmvebKV0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4
-eLoUYBhJfVjRu7XU9XMhrLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9r
-Rt2KX53t3OVxirdKS++2u3apUObJLjOwc+bf/mVbIQIDAQABoyIwIDAJBgNVHRME
-AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBACIRf1BV
-zsniD2qZ9eQsWPCnZ0vIuyKNBbxzXkpbEPBirQZIoY4GCgbIc38OV8SRRHInto6j
-i4G8klxth6gPHs+MbjqVzwZ0mND57JSxTpPZ+au+ZjbJO+efNfNw9hBs44fZ1Int
-DPNiQekOLGHimSDBQr8FHkMLSwTcxGsfcpU/
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno
+In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee
+UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw
+Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP
+Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj
+lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ
+wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu
+WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh
+7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc
+8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy
+NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa
+FVo105jdjqfMxt8FRNuQ05vYEQ==
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/java_broker.req b/test-profiles/test_resources/ssl/java_broker.req
index 5aa50d9..c618dd3 100644
--- a/test-profiles/test_resources/ssl/java_broker.req
+++ b/test-profiles/test_resources/ssl/java_broker.req
@@ -1,10 +1,18 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIBujCCASMCAQAwejEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE
-BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMV
-bG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1OsmvebKV
-0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4eLoUYBhJfVjRu7XU9XMh
-rLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9rRt2KX53t3OVxirdKS++2u3apUObJLjOw
-c+bf/mVbIQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtFBfnlL3ZZEnFJRAzkbIMqRLHcWdIyfq
-MocOammt7Cw//4cJPIdGoJp4ZhSfZX7k5p6FExgudYwuPF7s4ex+bTI49zW44mVdyrvAiY88bUA1
-9vcpRDANN9R0z13v6OIJGW8hpua3oKz+XON6TeksjzbPkNUNt5Ya5tJAylkha0A=
+MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93
+bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH
+VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz
+y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi
+rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj
+3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf
+PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc
+RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO
+MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN
+BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7
+UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv
+hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN
+jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9
+YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL
+FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I=
-----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks
index bbbd248..9bfe301 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_keystore.jks b/test-profiles/test_resources/ssl/java_broker_keystore.jks
index 50bb8d0..b45991f 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_keystore.jks and b/test-profiles/test_resources/ssl/java_broker_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_peerstore.jks b/test-profiles/test_resources/ssl/java_broker_peerstore.jks
index 69cdd40..a5b307f 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_peerstore.jks and b/test-profiles/test_resources/ssl/java_broker_peerstore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_truststore.jks b/test-profiles/test_resources/ssl/java_broker_truststore.jks
index e6d556a..4184adf 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks
index eb86509..cb9b876 100644
Binary files a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks and b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_keystore.jks b/test-profiles/test_resources/ssl/java_client_keystore.jks
index 941fc7e..9422d9a 100644
Binary files a/test-profiles/test_resources/ssl/java_client_keystore.jks and b/test-profiles/test_resources/ssl/java_client_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_truststore.jks b/test-profiles/test_resources/ssl/java_client_truststore.jks
index ab79b54..1b45a23 100644
Binary files a/test-profiles/test_resources/ssl/java_client_truststore.jks and b/test-profiles/test_resources/ssl/java_client_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks
index 45a0c10..8b0b023 100644
Binary files a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks and b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/server_db/cert8.db b/test-profiles/test_resources/ssl/server_db/cert8.db
deleted file mode 100644
index f482e78..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/cert8.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/cert9.db b/test-profiles/test_resources/ssl/server_db/cert9.db
new file mode 100644
index 0000000..9a5f864
Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/cert9.db differ
diff --git a/test-profiles/test_resources/ssl/server_db/key3.db b/test-profiles/test_resources/ssl/server_db/key3.db
deleted file mode 100644
index f1edbaf..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/key3.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/key4.db b/test-profiles/test_resources/ssl/server_db/key4.db
new file mode 100644
index 0000000..f08d318
Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/key4.db differ
diff --git a/test-profiles/test_resources/ssl/server_db/pkcs11.txt b/test-profiles/test_resources/ssl/server_db/pkcs11.txt
new file mode 100644
index 0000000..440f523
--- /dev/null
+++ b/test-profiles/test_resources/ssl/server_db/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='server_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/test-profiles/test_resources/ssl/server_db/secmod.db b/test-profiles/test_resources/ssl/server_db/secmod.db
deleted file mode 100644
index 87867f4..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/secmod.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/server.crt b/test-profiles/test_resources/ssl/server_db/server.crt
index 1a87265..fb51ff1 100644
--- a/test-profiles/test_resources/ssl/server_db/server.crt
+++ b/test-profiles/test_resources/ssl/server_db/server.crt
@@ -1,14 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICKzCCAZSgAwIBAgIFAKI1eqswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDMDCCAhigAwIBAgIFALBcSo0wDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMxOTIyMzYzOVoXDTIwMDMxOTIyMzYzOVowTjELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDQzNFoXDTI0MDIyNzE2MDQzNFowTjELMAkGA1UE
BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxHjAcBgNVBAMT
-FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAu4kNLGCxZ3cvQRqd0L6iM1zx4boj7eGlLpgysPn0sd77N8CfBMqnmWOoYafI
-H4+FPMQ3En3D0nV5qFjveNTJQtzRZZUCbF6UESeO6ghu8Rr5AnI51PIrSQPVEG1w
-0AN1TYrn5AxW3G06aVMsggk7TItFb7qkXTO1LuGUcZy1z+MCAwEAAaMiMCAwCQYD
-VR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAc
-w82l72VLrPNtVBp+90rNHLM6ARnghYWLceC07cwgjNItejDlLOHzExThYH5vOwFs
-b6c2KyUt198uccl5wx44HvzR5LCVnJ0JQqw4n0tS9jeztD42urYWP2ouPgqgxAvo
-zNARo6aODfF9I7sxtPhSvhECyKvkZQH4F4xVXwwvSA==
+FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8KKbK6F2DxPKPpV3FuhPxKRLVbDTp
+VgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+kpFD21Z4xcaLTaHQvyiXMXgYJ/AU+
+0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjjLleuP5WwUSZJQ3oR74YQOKFZiDMU
+p5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3BL1mNFV8Q0aFD/qOsZoKNHZR8vb1
+ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSPTtThuwZniSvOqsy2zkkEqG26HOnl
+BlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEAAaMiMCAwCQYDVR0TBAIwADATBgNV
+HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQ0FAAOCAQEASvcXQIq2cyhujhoh
+DKZhenA1MqGTpWsrAo41obxVpzch/z7qrQsGUG/7qXm7XIQ8wPXKUJhQd5+ga5U0
+YV/QNu8Kz+5rxgCxv/hqHaajNfeOs8C3Oxk1IIg+9OC2bIRmR9SF84XBM2YrJuTe
+BlGszTNnOXQGoR0gOMl2EH+4kh00vVnRwrsSGHEWNqNprPFgauZ14bvCeeFJhsYd
+IjmrQgbGvt4463Kaw4gUstSrwQGOTGjqhEcUR6MER83HzDu0qoAHtQLNXh1NJ3M0
+BQg6Aaral1kfgWKbB88SgAAPMHBzIqG1ubYmRykEf+G6OOgBACp1CSiCskbJ59Wc
+2tbblQ==
-----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/server_db/server.req b/test-profiles/test_resources/ssl/server_db/server.req
index 9eaa228..f2042ce 100644
--- a/test-profiles/test_resources/ssl/server_db/server.req
+++ b/test-profiles/test_resources/ssl/server_db/server.req
@@ -9,13 +9,18 @@ State: Ontario
Country: CA
-----BEGIN NEW CERTIFICATE REQUEST-----
-MIIBjTCB9wIBADBOMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsG
-A1UEChMEQUNNRTEeMBwGA1UEAxMVbG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7iQ0sYLFndy9BGp3QvqIzXPHhuiPt4aUu
-mDKw+fSx3vs3wJ8EyqeZY6hhp8gfj4U8xDcSfcPSdXmoWO941MlC3NFllQJsXpQR
-J47qCG7xGvkCcjnU8itJA9UQbXDQA3VNiufkDFbcbTppUyyCCTtMi0VvuqRdM7Uu
-4ZRxnLXP4wIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtuJ9b0OgbijExb/AQlbS
-kw4s28SwMqyMdgt+kUJHaDV+sEtlzzdv7jS0uKtoElBI7+MiYbtGzcqvdPGc147Q
-T6Lk7AMcBrjRFLxuBnAi+Bdh7O6PUUKL9CREAae1QiVOFfXkD07Az9YDLYhe+ZsJ
-qLYrWDGTMRXXsKU3JWIy5M4=
+MIICkzCCAXsCAQAwTjELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTAL
+BgNVBAoTBEFDTUUxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8
+KKbK6F2DxPKPpV3FuhPxKRLVbDTpVgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+k
+pFD21Z4xcaLTaHQvyiXMXgYJ/AU+0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjj
+LleuP5WwUSZJQ3oR74YQOKFZiDMUp5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3
+BL1mNFV8Q0aFD/qOsZoKNHZR8vb1ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSP
+TtThuwZniSvOqsy2zkkEqG26HOnlBlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEA
+AaAAMA0GCSqGSIb3DQEBDQUAA4IBAQB65l4W5FqmHN0KIPS81qwdpncPw0XLM5Wf
+dVY8Q0GZ9AWm5pTBl472AdoL/2FtQEsLnIfDDR9WFDfREqP2grO+98vbMPofNLPH
+es9dOEXRAGMziqFUhFofyWIXZUBQI9nWn9kuNZRtK2JfftG+eMtT8KlibFgVdaHc
+C8/HwlnmoQVtXQeqnEMYK8hN1+4hp9OzwkiwSMBpTNtB9jejnYQe4U2DnWpWD1ko
+w0kAQpb36zSOkZZ0ZMaT7aTLpDmsOvj6bAj6nUxjcGFvSqVIaxyQb2y0JflM+IN7
+K0PL2I1Wi2AGA3WlBs/nY+Ol2NfcD/nsdZdtVNn6WV9DsfnyfS6L
-----END NEW CERTIFICATE REQUEST-----
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org