PROTON-1447: add a test to exercise the changes in ad60967463fe697800d24eaf0286dbf9e7d38473
diff --git a/proton-j/src/test/java/org/apache/qpid/proton/systemtests/engine/SslTest.java b/proton-j/src/test/java/org/apache/qpid/proton/systemtests/engine/SslTest.java
index b8cb97f..32ab62d 100644
--- a/proton-j/src/test/java/org/apache/qpid/proton/systemtests/engine/SslTest.java
+++ b/proton-j/src/test/java/org/apache/qpid/proton/systemtests/engine/SslTest.java
@@ -52,6 +52,9 @@
private static final String CLIENT_JKS_TRUSTSTORE = "src/test/resources/client-jks.truststore";
private static final String PASSWORD = "password";
+ private static final String SERVER_2_JKS_KEYSTORE = "src/test/resources/server2-jks.keystore";
+ private static final String CA_CERTS = "src/test/resources/ca-certs.crt";
+
private static final String SERVER_CONTAINER = "serverContainer";
private static final String CLIENT_CONTAINER = "clientContainer";
@@ -64,7 +67,7 @@
private final Connection _serverConnection = Proton.connection();
@Test
- public void testOpenConnectionOverSslTransports() throws Exception
+ public void testOpenConnectionsWithProvidedSslContext() throws Exception
{
SslDomain clientSslDomain = SslDomain.Factory.create();
clientSslDomain.init(Mode.CLIENT);
@@ -169,4 +172,74 @@
assertEquals("Unexpected local state", localState, endpoint.getLocalState());
assertEquals("Unexpected remote state", remoteState, endpoint.getRemoteState());
}
+
+ @Test
+ public void testMultiplePemTrustCertificates() throws Exception
+ {
+ doMultiplePemTrustCertificatesTestImpl(SERVER_JKS_KEYSTORE);
+ doMultiplePemTrustCertificatesTestImpl(SERVER_2_JKS_KEYSTORE);
+ }
+
+ private void doMultiplePemTrustCertificatesTestImpl(String serverKeystore) throws Exception {
+ Transport clientTransport = Proton.transport();
+ Transport serverTransport = Proton.transport();
+
+ TransportPumper pumper = new TransportPumper(clientTransport, serverTransport);
+
+ Connection clientConnection = Proton.connection();
+ Connection serverConnection = Proton.connection();
+
+ SslDomain clientSslDomain = SslDomain.Factory.create();
+ clientSslDomain.init(Mode.CLIENT);
+ clientSslDomain.setPeerAuthentication(VerifyMode.VERIFY_PEER);
+ clientSslDomain.setTrustedCaDb(CA_CERTS);
+ clientTransport.ssl(clientSslDomain);
+
+ SslDomain serverSslDomain = SslDomain.Factory.create();
+ serverSslDomain.init(Mode.SERVER);
+ SSLContext serverSslContext = createSslContext(serverKeystore, PASSWORD, SERVER_JKS_TRUSTSTORE, PASSWORD);
+ serverSslDomain.setSslContext(serverSslContext);
+ serverTransport.ssl(serverSslDomain);
+
+ clientConnection.setContainer(CLIENT_CONTAINER);
+ serverConnection.setContainer(SERVER_CONTAINER);
+
+ clientTransport.bind(clientConnection);
+ serverTransport.bind(serverConnection);
+
+ assertConditions(clientTransport);
+ assertConditions(serverTransport);
+
+ clientConnection.open();
+
+ assertEndpointState(clientConnection, ACTIVE, UNINITIALIZED);
+ assertEndpointState(serverConnection, UNINITIALIZED, UNINITIALIZED);
+
+ assertConditions(clientTransport);
+ assertConditions(serverTransport);
+
+ pumper.pumpAll();
+
+ assertEndpointState(clientConnection, ACTIVE, UNINITIALIZED);
+ assertEndpointState(serverConnection, UNINITIALIZED, ACTIVE);
+
+ assertConditions(clientTransport);
+ assertConditions(serverTransport);
+
+ serverConnection.open();
+
+ assertEndpointState(clientConnection, ACTIVE, UNINITIALIZED);
+ assertEndpointState(serverConnection, ACTIVE, ACTIVE);
+
+ assertConditions(clientTransport);
+ assertConditions(serverTransport);
+
+ pumper.pumpAll();
+
+ assertEndpointState(clientConnection, ACTIVE, ACTIVE);
+ assertEndpointState(serverConnection, ACTIVE, ACTIVE);
+
+ assertConditions(clientTransport);
+ assertConditions(serverTransport);
+ }
}
diff --git a/proton-j/src/test/resources/README.txt b/proton-j/src/test/resources/README.txt
index 91d8cf3..2cf3d9a 100644
--- a/proton-j/src/test/resources/README.txt
+++ b/proton-j/src/test/resources/README.txt
@@ -57,3 +57,24 @@
# -------------------------------------------------------
keytool -storetype jks -keystore client-jks.truststore -storepass password -keypass password -importcert -alias ca -file ca.crt -noprompt
+
+# Create a key and self-signed certificate for a second CA, to sign certificate requests and use for trust:
+# ---------------------------------------------------------------------------------------------------------
+
+keytool -storetype jks -keystore ca2-jks.keystore -storepass password -keypass password -alias ca2 -genkey -dname "O=My Other Trusted Inc.,CN=my-ca2.org" -validity 9999 -ext bc:c=ca:true
+keytool -storetype jks -keystore ca2-jks.keystore -storepass password -alias ca2 -exportcert -rfc > ca2.crt
+
+# Create a key pair for a second server, and sign it with the second CA:
+# ----------------------------------------------------------------------
+keytool -storetype jks -keystore server2-jks.keystore -storepass password -keypass password -alias server2 -genkey -dname "O=Server2,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA
+
+keytool -storetype jks -keystore server2-jks.keystore -storepass password -alias server2 -certreq -file server2.csr
+keytool -storetype jks -keystore ca2-jks.keystore -storepass password -alias ca2 -gencert -rfc -infile server2.csr -outfile server2.crt -validity 9999 -ext bc=ca:false -ext eku=sA
+
+keytool -storetype jks -keystore server2-jks.keystore -storepass password -keypass password -importcert -alias ca2 -file ca2.crt -noprompt
+keytool -storetype jks -keystore server2-jks.keystore -storepass password -keypass password -importcert -alias server2 -file server2.crt
+
+# Create a file containing both CA certs to use for trusting both:
+# ----------------------------------------------------------------
+cat ca.crt > ca-certs.crt
+cat ca2.crt >> ca-certs.crt
diff --git a/proton-j/src/test/resources/ca-certs.crt b/proton-j/src/test/resources/ca-certs.crt
new file mode 100644
index 0000000..a421a8a
--- /dev/null
+++ b/proton-j/src/test/resources/ca-certs.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAoigAwIBAgIEKyYwuDALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJbXktY2Eub3JnMRgw
+FgYDVQQKEw9NeSBUcnVzdGVkIEluYy4wHhcNMTcwMzA2MTI1ODEwWhcNNDQwNzIxMTI1ODEwWjAu
+MRIwEAYDVQQDEwlteS1jYS5vcmcxGDAWBgNVBAoTD015IFRydXN0ZWQgSW5jLjCCAbgwggEsBgcq
+hkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6
+v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF
+HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfh
+oIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88J
+MozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2Ze
+gHtVJWQBTDv+z0kqA4GFAAKBgQCPSdkR8LppXQ3JvChf6mOcRB2MJcjqok78JW5OX9qDNS3UnB2P
++1xHX1eZ2LbVg9q5flGoPIHjqyS/523goObyHt6H1/VLzqF+4k7sWuyZUvhsgGbPrBVnbYYaMpw+
+Y4K8QXzTE2Jdwb0pkgXq8SEsokDBD2VlArklEhfp+LkXbaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUlUQ80rbvt+awTI8tQclL1tjNxG8wCwYHKoZIzjgEAwUAAy8AMCwCFE0zhebu96ZY
+LRD6zSecbolRd4uUAhQhA2M1pVNYie25XDEthBdW99MlaA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC1zCCApWgAwIBAgIEZ4oLWjALBgcqhkjOOAQDBQAwNTETMBEGA1UEAxMKbXktY2EyLm9yZzEe
+MBwGA1UEChMVTXkgT3RoZXIgVHJ1c3RlZCBJbmMuMB4XDTE3MDUwMjExMjg1N1oXDTQ0MDkxNjEx
+Mjg1N1owNTETMBEGA1UEAxMKbXktY2EyLm9yZzEeMBwGA1UEChMVTXkgT3RoZXIgVHJ1c3RlZCBJ
+bmMuMIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2
+USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4
+O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC
+ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB
+gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhR
+kImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGALZ8Zvw4G04ppM2AWYqWPmV7/qJy8UpCv
+v2iqWbbfVn5E0fjdv8FoLfpF44ef1b28MAifJu1paIOW1/SvpHFtWuYprEDjKJdc1XiWtAO5HDkJ
+dC6peIhdZPkUG2uUjyUSPHzuYfLz97p3Wmo52F8VDbbM6YzwMKIkmJBHpMchzGSjMjAwMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFF31qGbKSag94nAG6J5rpsWbOTzxMAsGByqGSM44BAMFAAMv
+ADAsAhQM3QLWpy6ewndppyHioMXr6JrQ+QIUdRHfnJTNGccs+YGYnuVBkI8Ugf4=
+-----END CERTIFICATE-----
diff --git a/proton-j/src/test/resources/ca2-jks.keystore b/proton-j/src/test/resources/ca2-jks.keystore
new file mode 100644
index 0000000..4a508e4
--- /dev/null
+++ b/proton-j/src/test/resources/ca2-jks.keystore
Binary files differ
diff --git a/proton-j/src/test/resources/ca2.crt b/proton-j/src/test/resources/ca2.crt
new file mode 100644
index 0000000..ef95296
--- /dev/null
+++ b/proton-j/src/test/resources/ca2.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIIC1zCCApWgAwIBAgIEZ4oLWjALBgcqhkjOOAQDBQAwNTETMBEGA1UEAxMKbXktY2EyLm9yZzEe
+MBwGA1UEChMVTXkgT3RoZXIgVHJ1c3RlZCBJbmMuMB4XDTE3MDUwMjExMjg1N1oXDTQ0MDkxNjEx
+Mjg1N1owNTETMBEGA1UEAxMKbXktY2EyLm9yZzEeMBwGA1UEChMVTXkgT3RoZXIgVHJ1c3RlZCBJ
+bmMuMIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2
+USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4
+O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC
+ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB
+gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhR
+kImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGALZ8Zvw4G04ppM2AWYqWPmV7/qJy8UpCv
+v2iqWbbfVn5E0fjdv8FoLfpF44ef1b28MAifJu1paIOW1/SvpHFtWuYprEDjKJdc1XiWtAO5HDkJ
+dC6peIhdZPkUG2uUjyUSPHzuYfLz97p3Wmo52F8VDbbM6YzwMKIkmJBHpMchzGSjMjAwMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFF31qGbKSag94nAG6J5rpsWbOTzxMAsGByqGSM44BAMFAAMv
+ADAsAhQM3QLWpy6ewndppyHioMXr6JrQ+QIUdRHfnJTNGccs+YGYnuVBkI8Ugf4=
+-----END CERTIFICATE-----
diff --git a/proton-j/src/test/resources/server2-jks.keystore b/proton-j/src/test/resources/server2-jks.keystore
new file mode 100644
index 0000000..1b2b464
--- /dev/null
+++ b/proton-j/src/test/resources/server2-jks.keystore
Binary files differ
diff --git a/proton-j/src/test/resources/server2.crt b/proton-j/src/test/resources/server2.crt
new file mode 100644
index 0000000..f1e048a
--- /dev/null
+++ b/proton-j/src/test/resources/server2.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAregAwIBAgIENihwHDALBgcqhkjOOAQDBQAwNTETMBEGA1UEAxMKbXktY2EyLm9yZzEe
+MBwGA1UEChMVTXkgT3RoZXIgVHJ1c3RlZCBJbmMuMB4XDTE3MDUwMjExMjg1N1oXDTQ0MDkxNjEx
+Mjg1N1owJjESMBAGA1UEAxMJbG9jYWxob3N0MRAwDgYDVQQKEwdTZXJ2ZXIyMIIBuDCCASwGByqG
+SM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/
+xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
+wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg
+hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
+jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6A
+e1UlZAFMO/7PSSoDgYUAAoGBAL1XjANsZoKVbgOyThbm+ivQD5cO+MNgFy+p9R1g6nh801PZKhy9
+bTGdMVSjdkvLBEGQ/AvojP0XMtZ/Iip1kyMXLmcpIJy6fQqDN8ln9fM/3o7j03PasGL5vT2ZHHmr
+HHr/kCIzMsZtW9tlSC+bV0OieWAJTVOsatXsKOPQNOppo2IwYDAfBgNVHSMEGDAWgBRd9ahmykmo
+PeJwBuiea6bFmzk88TAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBT5
+78CwItJ6T2MOMvCzLJyxs1OuPDALBgcqhkjOOAQDBQADLwAwLAIUBXUGqb6d+k+16JJ/8+Uc5Ywg
+RcQCFEK7yMXUh/1qPleBVPD8H7exPQEu
+-----END CERTIFICATE-----
diff --git a/proton-j/src/test/resources/server2.csr b/proton-j/src/test/resources/server2.csr
new file mode 100644
index 0000000..81b7c29
--- /dev/null
+++ b/proton-j/src/test/resources/server2.csr
@@ -0,0 +1,13 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICWzCCAhkCAQAwJjESMBAGA1UEAxMJbG9jYWxob3N0MRAwDgYDVQQKEwdTZXJ2ZXIyMIIBuDCC
+ASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7
+WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E
++4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUC
+gYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo
+FhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWf
+BpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAL1XjANsZoKVbgOyThbm+ivQD5cO+MNgFy+p9R1g6nh8
+01PZKhy9bTGdMVSjdkvLBEGQ/AvojP0XMtZ/Iip1kyMXLmcpIJy6fQqDN8ln9fM/3o7j03PasGL5
+vT2ZHHmrHHr/kCIzMsZtW9tlSC+bV0OieWAJTVOsatXsKOPQNOppoDAwLgYJKoZIhvcNAQkOMSEw
+HzAdBgNVHQ4EFgQU+e/AsCLSek9jDjLwsyycsbNTrjwwCwYHKoZIzjgEAwUAAy8AMCwCFE/v8hqM
+qfBY4v/lSu7o2L+KQlR7AhQyx/fwp2yi4fCzGaJ7JLYQDgjCyQ==
+-----END NEW CERTIFICATE REQUEST-----