proton-j/src/test/resources/README.txt - qpid-proton-j - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #

 # The various PKCS12 SSL stores and certificates were created with the following commands:
 # Seems to require the JDK8 keytool.

 # Clean up existing files
 # -----------------------
 rm -f *.crt *.csr *.keystore *.truststore

 # Create a key and self-signed certificate for the CA, to sign certificate requests and use for trust:
 # ----------------------------------------------------------------------------------------------------
 keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -keypass password -alias ca -genkey -dname "O=My Trusted Inc.,CN=my-ca.org" -validity 9999 -ext bc:c=ca:true
 keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -exportcert -rfc > ca.crt

 # Create a key pair for the server, and sign it with the CA:
 # ----------------------------------------------------------
 keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -keypass password -alias server -genkey -dname "O=Server,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA

 keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -alias server -certreq -file server.csr
 keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -gencert -rfc -infile server.csr -outfile server.crt -validity 9999 -ext bc=ca:false -ext eku=sA

 keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt
 keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -keypass password -importcert -alias server -file server.crt

 # Create trust store for the server, import the CA cert:
 # -------------------------------------------------------
 keytool -storetype pkcs12 -keystore server-pkcs12.truststore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt

 # Create a key pair for a client, and sign it with the CA:
 # ----------------------------------------------------------
 keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -keypass password -alias client -genkey -dname "O=Client,CN=client" -validity 9999 -ext bc=ca:false -ext eku=cA

 keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -alias client -certreq -file client.csr
 keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -gencert -rfc -infile client.csr -outfile client.crt -validity 9999 -ext bc=ca:false -ext eku=cA

 keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt
 keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -keypass password -importcert -alias client -file client.crt

 # Create trust store for the client, import the CA cert:
 # -------------------------------------------------------
 keytool -storetype pkcs12 -keystore client-pkcs12.truststore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#

	# The various PKCS12 SSL stores and certificates were created with the following commands:
	# Seems to require the JDK8 keytool.

	# Clean up existing files
	# -----------------------
	rm -f .crt .csr .keystore .truststore

	# Create a key and self-signed certificate for the CA, to sign certificate requests and use for trust:
	# ----------------------------------------------------------------------------------------------------
	keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -keypass password -alias ca -genkey -dname "O=My Trusted Inc.,CN=my-ca.org" -validity 9999 -ext bc:c=ca:true
	keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -exportcert -rfc > ca.crt

	# Create a key pair for the server, and sign it with the CA:
	# ----------------------------------------------------------
	keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -keypass password -alias server -genkey -dname "O=Server,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA

	keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -alias server -certreq -file server.csr
	keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -gencert -rfc -infile server.csr -outfile server.crt -validity 9999 -ext bc=ca:false -ext eku=sA

	keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt
	keytool -storetype pkcs12 -keystore server-pkcs12.keystore -storepass password -keypass password -importcert -alias server -file server.crt

	# Create trust store for the server, import the CA cert:
	# -------------------------------------------------------
	keytool -storetype pkcs12 -keystore server-pkcs12.truststore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt

	# Create a key pair for a client, and sign it with the CA:
	# ----------------------------------------------------------
	keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -keypass password -alias client -genkey -dname "O=Client,CN=client" -validity 9999 -ext bc=ca:false -ext eku=cA

	keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -alias client -certreq -file client.csr
	keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass password -alias ca -gencert -rfc -infile client.csr -outfile client.crt -validity 9999 -ext bc=ca:false -ext eku=cA

	keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt
	keytool -storetype pkcs12 -keystore client-pkcs12.keystore -storepass password -keypass password -importcert -alias client -file client.crt

	# Create trust store for the client, import the CA cert:
	# -------------------------------------------------------
	keytool -storetype pkcs12 -keystore client-pkcs12.truststore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt