diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java index 331307b836c9..444e639fa3ee 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/AbstractHttpClientServerTest.java @@ -195,7 +195,7 @@ public SslContextFactory newServerSslContextFactory() private void configure(SslContextFactory ssl) { - Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks"); + Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12"); ssl.setKeyStorePath(keystorePath.toString()); ssl.setKeyStorePassword("storepwd"); } diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java index 16a776dfba19..b10c12896915 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/HostnameVerificationTest.java @@ -60,7 +60,7 @@ public void setUp() throws Exception server = new Server(serverThreads); SslContextFactory serverSslContextFactory = new SslContextFactory.Server(); - serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); serverSslContextFactory.setKeyStorePassword("storepwd"); connector = new ServerConnector(server, serverSslContextFactory); server.addConnector(connector); @@ -76,7 +76,7 @@ public void handle(String target, Request baseRequest, HttpServletRequest reques server.start(); // keystore contains a hostname which doesn't match localhost - clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); clientSslContextFactory.setKeyStorePassword("storepwd"); QueuedThreadPool clientThreads = new QueuedThreadPool(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java index f1fc9268c605..39a60a16c6e8 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java @@ -122,7 +122,7 @@ private SslContextFactory.Client createClientSslContextFactory() private void configureSslContextFactory(SslContextFactory sslContextFactory) { - sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); sslContextFactory.setKeyStorePassword("storepwd"); } diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java index 1816d5947a95..2b2133ea73e7 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/Socks4ProxyTest.java @@ -199,7 +199,7 @@ public void testSocks4ProxyWithTLSServer() throws Exception { // The client keystore contains the trustedCertEntry for the // self-signed server certificate, so it acts as a truststore. - ssl.setTrustStorePath("src/test/resources/client_keystore.jks"); + ssl.setTrustStorePath("src/test/resources/client_keystore.p12"); ssl.setTrustStorePassword("storepwd"); // Disable TLS hostname verification, but // enable application hostname verification. @@ -233,7 +233,7 @@ public void testSocks4ProxyWithTLSServer() throws Exception // Wrap the socket with TLS. SslContextFactory.Server serverTLS = new SslContextFactory.Server(); - serverTLS.setKeyStorePath("src/test/resources/keystore.jks"); + serverTLS.setKeyStorePath("src/test/resources/keystore.p12"); serverTLS.setKeyStorePassword("storepwd"); serverTLS.start(); SSLContext sslContext = serverTLS.getSslContext(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java index 310b7acf6c4f..4278bab0a677 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/TLSServerConnectionCloseTest.java @@ -49,7 +49,7 @@ private void startClient() throws Exception { SslContextFactory sslContextFactory = new SslContextFactory.Client(); sslContextFactory.setEndpointIdentificationAlgorithm(null); - sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); sslContextFactory.setKeyStorePassword("storepwd"); QueuedThreadPool clientThreads = new QueuedThreadPool(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java index 6323860c648a..815c20932e88 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/NeedWantClientAuthTest.java @@ -82,7 +82,7 @@ private void startClient(SslContextFactory sslContextFactory) throws Exception private SslContextFactory.Server createServerSslContextFactory() { SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); - sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks"); + sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12"); sslContextFactory.setKeyStorePassword("storepwd"); return sslContextFactory; } @@ -141,7 +141,7 @@ public void handshakeSucceeded(Event event) }); SslContextFactory clientSSL = new SslContextFactory.Client(true); - clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks"); + clientSSL.setKeyStorePath("src/test/resources/client_keystore.p12"); clientSSL.setKeyStorePassword("storepwd"); startClient(clientSSL); @@ -232,7 +232,7 @@ public void handshakeSucceeded(Event event) }); SslContextFactory clientSSL = new SslContextFactory.Client(true); - clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks"); + clientSSL.setKeyStorePath("src/test/resources/client_keystore.p12"); clientSSL.setKeyStorePassword("storepwd"); startClient(clientSSL); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java index bdd7bdc12cc6..38ad95fe444b 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesClientTest.java @@ -72,7 +72,7 @@ public void init() throws Exception sslContextFactory = new SslContextFactory.Client(true); client = new HttpClient(sslContextFactory); client.setMaxConnectionsPerDestination(1); - File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks"); + File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12"); sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath()); sslContextFactory.setKeyStorePassword("storepwd"); client.start(); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java index e6df53934dc0..16162f34aae0 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslBytesServerTest.java @@ -117,7 +117,7 @@ public void init() throws Exception httpParses.set(0); serverEndPoint.set(null); - File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks"); + File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12"); sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath()); sslContextFactory.setKeyStorePassword("storepwd"); diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java index 5107663ce3cb..3ebf8acaa01d 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/ssl/SslConnectionTest.java @@ -42,7 +42,7 @@ public class SslConnectionTest @Test public void testSslConnectionClosedBeforeFill() throws Exception { - File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks"); + File keyStore = MavenTestingUtils.getTestResourceFile("keystore.p12"); SslContextFactory sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath()); sslContextFactory.setKeyStorePassword("storepwd"); diff --git a/jetty-client/src/test/resources/client_keystore.jks b/jetty-client/src/test/resources/client_keystore.jks deleted file mode 100644 index 9c31ff30c63b..000000000000 Binary files a/jetty-client/src/test/resources/client_keystore.jks and /dev/null differ diff --git a/jetty-client/src/test/resources/client_keystore.p12 b/jetty-client/src/test/resources/client_keystore.p12 new file mode 100644 index 000000000000..429720049b8b Binary files /dev/null and b/jetty-client/src/test/resources/client_keystore.p12 differ diff --git a/jetty-client/src/test/resources/keystore.jks b/jetty-client/src/test/resources/keystore.jks deleted file mode 100644 index 428ba54776ed..000000000000 Binary files a/jetty-client/src/test/resources/keystore.jks and /dev/null differ diff --git a/jetty-client/src/test/resources/keystore.p12 b/jetty-client/src/test/resources/keystore.p12 new file mode 100644 index 000000000000..70d68ea7f44e Binary files /dev/null and b/jetty-client/src/test/resources/keystore.p12 differ diff --git a/jetty-client/src/test/resources/readme_keystores.txt b/jetty-client/src/test/resources/readme_keystores.txt new file mode 100644 index 000000000000..9d4d40e2eb55 --- /dev/null +++ b/jetty-client/src/test/resources/readme_keystores.txt @@ -0,0 +1,27 @@ +Since OpenJDK 13.0.2/11.0.6 it is required that CA certificates have the extension CA=true. + +The keystores are generated in the following way: + +# Generates the server keystore. Note the BasicConstraint=CA:true extension. +$ keytool -v -genkeypair -validity 36500 -keyalg RSA -keysize 2048 -keystore keystore.p12 -storetype pkcs12 -dname "CN=server, OU=Jetty, O=Webtide, L=Omaha, S=NE, C=US" -ext BC=CA:true + +# Export the server certificate. +$ keytool -v -export -keystore keystore.p12 -rfc -file server.crt + +# Export the server private key. +$ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out server.key + +# Generate the client keystore. +$ keytool -v -genkeypair -validity 36500 -keyalg RSA -keysize 2048 -keystore client_keystore.p12 -storetype pkcs12 -dname "CN=client, OU=Jetty, O=Webtide, L=Omaha, S=NE, C=US" + +# Generate the Certificate Signing Request. +$ keytool -certreq -file client.csr -keystore client_keystore.p12 + +# Sign the CSR. +$ openssl x509 -req -days 36500 -in client.csr -CA server.crt -CAkey server.key -CAcreateserial -sha256 -out signed.crt + +# Import the server certificate into the client keystore. +$ keytool -v -import -alias ca -file server.crt -keystore client_keystore.p12 + +# Import the signed CSR. +$ keytool -import -file signed.crt -keystore client_keystore.p12