From cda39d60554c3e36c5c8d480b08171ed21785e4a Mon Sep 17 00:00:00 2001 From: markt Date: Tue, 1 Mar 2011 01:15:11 +0000 Subject: [PATCH] Start of an SSL re-negotiation test. Need to expand it to handle request bodies and the other issues highlighted by Filip. Switch to using a CA since it makes the code cleaner and it is easier to get CLIENT-CERT working than will all self-signed certs. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1075604 13f79535-47bb-0310-9956-ffa450edef68 --- test/org/apache/tomcat/util/net/TestCustomSsl.java | 2 +- test/org/apache/tomcat/util/net/TestSsl.java | 111 ++++++++++++++++++--- test/org/apache/tomcat/util/net/TesterSupport.java | 59 ++++++----- test/org/apache/tomcat/util/net/ca.jks | Bin 0 -> 952 bytes test/org/apache/tomcat/util/net/localhost-cert.pem | 79 +++++++++++++++ test/org/apache/tomcat/util/net/localhost-key.pem | 27 +++++ test/org/apache/tomcat/util/net/localhost.jks | Bin 0 -> 2198 bytes test/org/apache/tomcat/util/net/test-cert.pem | 15 --- test/org/apache/tomcat/util/net/test-key.pem | 16 --- test/org/apache/tomcat/util/net/test.keystore | Bin 1369 -> 0 bytes test/org/apache/tomcat/util/net/user1.jks | Bin 0 -> 2194 bytes 11 files changed, 239 insertions(+), 70 deletions(-) create mode 100644 test/org/apache/tomcat/util/net/ca.jks create mode 100644 test/org/apache/tomcat/util/net/localhost-cert.pem create mode 100644 test/org/apache/tomcat/util/net/localhost-key.pem create mode 100644 test/org/apache/tomcat/util/net/localhost.jks delete mode 100644 test/org/apache/tomcat/util/net/test-cert.pem delete mode 100644 test/org/apache/tomcat/util/net/test-key.pem delete mode 100644 test/org/apache/tomcat/util/net/test.keystore create mode 100644 test/org/apache/tomcat/util/net/user1.jks diff --git a/test/org/apache/tomcat/util/net/TestCustomSsl.java b/test/org/apache/tomcat/util/net/TestCustomSsl.java index 20b5ca44a..8bf61bc07 100644 --- a/test/org/apache/tomcat/util/net/TestCustomSsl.java +++ b/test/org/apache/tomcat/util/net/TestCustomSsl.java @@ -40,7 +40,7 @@ public class TestCustomSsl extends TomcatBaseTest { try { SSLContext sc = SSLContext.getInstance("SSL"); - sc.init(null, TesterSupport.TRUST_ALL_CERTS, + sc.init(null, TesterSupport.getTrustManagers(), new java.security.SecureRandom()); javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( sc.getSocketFactory()); diff --git a/test/org/apache/tomcat/util/net/TestSsl.java b/test/org/apache/tomcat/util/net/TestSsl.java index cbec9e5a0..3983162a7 100644 --- a/test/org/apache/tomcat/util/net/TestSsl.java +++ b/test/org/apache/tomcat/util/net/TestSsl.java @@ -26,7 +26,17 @@ import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.catalina.Context; +import org.apache.catalina.authenticator.SSLAuthenticator; +import org.apache.catalina.deploy.LoginConfig; +import org.apache.catalina.deploy.SecurityCollection; +import org.apache.catalina.deploy.SecurityConstraint; +import org.apache.catalina.startup.TestTomcat.MapRealm; import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.TomcatBaseTest; import org.apache.tomcat.util.buf.ByteChunk; @@ -40,18 +50,7 @@ import org.apache.tomcat.util.buf.ByteChunk; public class TestSsl extends TomcatBaseTest { public void testSimpleSsl() throws Exception { - // Install the all-trusting trust manager so https:// works - // with unsigned certs. - - try { - SSLContext sc = SSLContext.getInstance("SSL"); - sc.init(null, TesterSupport.TRUST_ALL_CERTS, - new java.security.SecureRandom()); - javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( - sc.getSocketFactory()); - } catch (Exception e) { - e.printStackTrace(); - } + configureClientSsl(); Tomcat tomcat = getTomcatInstance(); @@ -88,7 +87,7 @@ public class TestSsl extends TomcatBaseTest { tomcat.start(); SSLContext sslCtx = SSLContext.getInstance("TLS"); - sslCtx.init(null, TesterSupport.TRUST_ALL_CERTS, + sslCtx.init(null, TesterSupport.getTrustManagers(), new java.security.SecureRandom()); SSLSocketFactory socketFactory = sslCtx.getSocketFactory(); SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost", getPort()); @@ -163,7 +162,8 @@ public class TestSsl extends TomcatBaseTest { } SSLContext sslCtx = SSLContext.getInstance("TLS"); - sslCtx.init(null, TesterSupport.TRUST_ALL_CERTS, new java.security.SecureRandom()); + sslCtx.init(null, TesterSupport.getTrustManagers(), + new java.security.SecureRandom()); SSLSocketFactory socketFactory = sslCtx.getSocketFactory(); SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost", getPort()); @@ -205,6 +205,64 @@ public class TestSsl extends TomcatBaseTest { } + public void testClientCert() throws Exception { + + Tomcat tomcat = getTomcatInstance(); + + String protocol = tomcat.getConnector().getProtocolHandlerClassName(); + if (protocol.indexOf("Nio") != -1) { + return; // Not supported yet (2011-03-01) + } + if (protocol.indexOf("Apr") != -1) { + return; // Disabled by default in 1.1.20 windows binary (2010-07-27) + } + + TesterSupport.initSsl(tomcat); + + // Need a web application with a protected and unprotected URL + // Must have a real docBase - just use temp + Context ctx = + tomcat.addContext("", System.getProperty("java.io.tmpdir")); + + Tomcat.addServlet(ctx, "simple", new SimpleServlet()); + ctx.addServletMapping("/unprotected", "simple"); + ctx.addServletMapping("/protected", "simple"); + + // Security constraints + SecurityCollection collection = new SecurityCollection(); + collection.addPattern("/protected"); + SecurityConstraint sc = new SecurityConstraint(); + sc.addAuthRole("testrole"); + sc.addCollection(collection); + ctx.addConstraint(sc); + + // Configure the Realm + MapRealm realm = new MapRealm(); + realm.addUser("CN=user1, C=US", "not used"); + realm.addUserRole("CN=user1, C=US", "testrole"); + ctx.setRealm(realm); + + // Configure the authenticator + LoginConfig lc = new LoginConfig(); + lc.setAuthMethod("CLIENT-CERT"); + ctx.setLoginConfig(lc); + ctx.getPipeline().addValve(new SSLAuthenticator()); + + // Start Tomcat + tomcat.start(); + + configureClientSsl(); + + // Get the unprotected resource + ByteChunk res = + getUrl("https://localhost:" + getPort() + "/unprotected"); + assertEquals("OK", res.toString()); + + // Get the protected resource + res = getUrl("https://localhost:" + getPort() + "/protected"); + assertEquals("OK", res.toString()); + } + @Override public void setUp() throws Exception { if (!TesterSupport.RFC_5746_SUPPORTED) { @@ -213,4 +271,29 @@ public class TestSsl extends TomcatBaseTest { } super.setUp(); } + + private void configureClientSsl() { + try { + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(TesterSupport.getUser1KeyManagers(), + TesterSupport.getTrustManagers(), + new java.security.SecureRandom()); + javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( + sc.getSocketFactory()); + } catch (Exception e) { + e.printStackTrace(); + } + } + + public static class SimpleServlet extends HttpServlet { + + private static final long serialVersionUID = 1L; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + resp.setContentType("text/plain"); + resp.getWriter().print("OK"); + } + } } diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java b/test/org/apache/tomcat/util/net/TesterSupport.java index 4a9ccdc92..db373db3a 100644 --- a/test/org/apache/tomcat/util/net/TesterSupport.java +++ b/test/org/apache/tomcat/util/net/TesterSupport.java @@ -17,15 +17,19 @@ package org.apache.tomcat.util.net; import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; import java.security.KeyManagementException; +import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import java.security.cert.X509Certificate; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.TrustManagerFactory; import org.apache.catalina.startup.Tomcat; @@ -55,40 +59,25 @@ public final class TesterSupport { RFC_5746_SUPPORTED = result; } - protected static final TrustManager[] TRUST_ALL_CERTS = new TrustManager[] { - new X509TrustManager() { - @Override - public X509Certificate[] getAcceptedIssuers() { - return null; - } - @Override - public void checkClientTrusted(X509Certificate[] certs, - String authType) { - // NOOP - Trust everything - } - @Override - public void checkServerTrusted(X509Certificate[] certs, - String authType) { - // NOOP - Trust everything - } - } - }; - protected static void initSsl(Tomcat tomcat) { String protocol = tomcat.getConnector().getProtocolHandlerClassName(); if (protocol.indexOf("Apr") == -1) { tomcat.getConnector().setProperty("sslProtocol", "tls"); File keystoreFile = new File( - "test/org/apache/tomcat/util/net/test.keystore"); + "test/org/apache/tomcat/util/net/localhost.jks"); tomcat.getConnector().setAttribute("keystoreFile", keystoreFile.getAbsolutePath()); + File truststoreFile = new File( + "test/org/apache/tomcat/util/net/ca.jks"); + tomcat.getConnector().setAttribute("truststoreFile", + truststoreFile.getAbsolutePath()); } else { File keystoreFile = new File( - "test/org/apache/tomcat/util/net/test-cert.pem"); + "test/org/apache/tomcat/util/net/localhost-cert.pem"); tomcat.getConnector().setAttribute("SSLCertificateFile", keystoreFile.getAbsolutePath()); keystoreFile = new File( - "test/org/apache/tomcat/util/net/test-key.pem"); + "test/org/apache/tomcat/util/net/localhost-key.pem"); tomcat.getConnector().setAttribute("SSLCertificateKeyFile", keystoreFile.getAbsolutePath()); } @@ -96,4 +85,26 @@ public final class TesterSupport { tomcat.getConnector().setProperty("SSLEnabled", "true"); } + protected static KeyManager[] getUser1KeyManagers() throws Exception { + KeyManagerFactory kmf = KeyManagerFactory.getInstance( + KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(getKeyStore("test/org/apache/tomcat/util/net/user1.jks"), + "changeit".toCharArray()); + return kmf.getKeyManagers(); + } + + protected static TrustManager[] getTrustManagers() throws Exception { + TrustManagerFactory tmf = TrustManagerFactory.getInstance( + TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(getKeyStore("test/org/apache/tomcat/util/net/ca.jks")); + return tmf.getTrustManagers(); + } + + private static KeyStore getKeyStore(String keystore) throws Exception { + File keystoreFile = new File(keystore); + InputStream is = new FileInputStream(keystoreFile); + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(is, "changeit".toCharArray()); + return ks; + } } diff --git a/test/org/apache/tomcat/util/net/ca.jks b/test/org/apache/tomcat/util/net/ca.jks new file mode 100644 index 0000000000000000000000000000000000000000..cb9c21b5a786cdc8a90bbbd6f1c2a375c3f5769c GIT binary patch literal 952 zcmezO_TO6u1_mY|W(3nr$%#OwUf$85lMJj8dZq@J3=GV*22ISB22D(f3z(T0nV2{k z=3jqs>)PwZhYWbxIJMe5+P?ELGP1HV7#JFI8*s8QhqAB~G*yoQDbMn)D!My3`<22tX?Mj);!luM40O^iy& z4r63xU~XdMXE11DpO>&9op18BY>QQS z<^QKgwrn_SxL)7Ul2813->J=IuAx`sK2|6%J7gT3$rRnl=^US4H-_%5X z9tfXy=%29FV6wbUk@WoaGd5}}Mn`Qp?C7;NR8;HPy*~kW?>Vl#W0z`G()hfLcYSm6 z6(<3{iPx_;%w8B>RPOSWDQQ*prh82@-`$+!%3XHj5L1~KOOx;FP35~w?(thy3CEq2 zI<~^-K~(DB-4$F+F$&wXLz%33<#Lz0eSIy<#LURRxVUk$LE{7iSzrXo^0A1qh-|Rl zbMlu)yd8`D?40A>88;X={IE4h1W7BiL>WXhU{$ctbcrz;QPhN#gm^$!2(z#nFf%g# zM~*jOf&#`HBSY+mMFOS8vPweBza5$Ccf;(W-+%rA!iWp?xxKaTHrI<} rbu^a$kgI&BYZurRP`ysO#XxkoGj2NIL`oAD(N@ literal 0 HcmV?d00001 diff --git a/test/org/apache/tomcat/util/net/localhost-cert.pem b/test/org/apache/tomcat/util/net/localhost-cert.pem new file mode 100644 index 000000000..1994dfbe4 --- /dev/null +++ b/test/org/apache/tomcat/util/net/localhost-cert.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, CN=ca-test.tomcat.apache.org + Validity + Not Before: Feb 28 23:10:55 2011 GMT + Not After : Feb 27 23:10:55 2013 GMT + Subject: C=US, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:b0:e3:8b:82:f8:b1:82:d9:b1:e8:e8:08:fd:3c: + 8a:14:d1:cd:a1:b7:d8:f8:58:93:46:54:c2:6b:b3: + 52:fe:ae:7f:a5:70:9e:6c:cf:1f:c7:fb:d7:c2:c2: + 5d:0f:18:c9:66:2a:c4:8a:57:ca:0e:4d:b0:0b:af: + 1b:26:e9:ad:dd:95:86:69:e4:ac:60:9d:b9:ae:65: + aa:d4:9d:3b:02:19:31:60:df:c3:3e:a5:85:cd:49: + 01:12:84:36:4c:02:f5:9c:38:b2:20:bf:43:1d:5f: + 0c:ae:86:5a:67:24:65:74:77:fa:f4:cd:04:9f:8c: + c0:f2:5e:4f:bf:db:da:ce:d2:db:a6:51:82:40:ce: + 62:0c:9b:5e:d3:10:7b:49:d5:7a:c9:8e:bf:4b:b8: + e3:ac:30:ed:d8:b7:25:1c:c5:5c:0e:1e:57:7c:ad: + 60:44:ba:65:6d:45:26:e4:08:a2:1f:c9:3a:cf:7d: + bc:e5:61:23:ea:3e:19:46:f0:16:f8:26:e5:32:c6: + 69:e5:ea:18:62:2e:05:65:93:49:23:45:11:c3:da: + 4c:3b:b4:c6:4a:72:ea:0b:e9:26:06:2c:69:4d:e7: + b2:a5:3d:54:ae:7f:17:d3:63:8f:d8:36:5b:46:43: + af:bc:c1:09:fc:98:e1:4f:be:74:68:a2:3e:d5:21: + 31:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 36:5C:54:F4:2E:91:6D:E7:BC:DD:94:C7:F8:D7:55:01:4A:F7:7D:CD + X509v3 Authority Key Identifier: + keyid:B0:3B:BC:C9:FA:28:5F:3E:04:1F:9B:6C:C7:8B:68:D8:01:B0:F8:3D + + Signature Algorithm: sha1WithRSAEncryption + 30:d5:b3:07:2d:04:25:9b:f1:20:bb:91:49:dc:3d:bf:7e:1c: + 2d:09:01:87:a0:30:2b:50:fe:3b:17:34:c6:1d:fa:51:c0:b3: + af:f5:62:a6:de:3a:bf:6c:f7:07:e6:80:26:08:d1:84:5b:a3: + 5a:0c:6a:07:de:d6:26:1d:c1:89:ed:8a:15:1d:1a:36:0c:13: + db:ab:7c:43:35:0b:c2:c6:63:a6:43:81:ce:e5:52:28:cd:ee: + c7:0d:3c:8e:a1:07:3b:7c:48:ff:fe:b9:1d:04:51:18:27:d1: + fb:b4:1e:bf:36:f1:ef:a9:87:89:3b:b1:49:a9:70:62:5b:f0: + 49:e7:27:3a:cc:91:6f:08:43:a4:de:28:f2:1c:69:90:09:5d: + bd:78:9f:25:ec:b6:4c:7a:ce:d4:3c:a1:d3:5c:3c:78:04:91: + b3:35:56:81:64:4c:61:7b:80:ae:42:34:e1:9a:a1:33:0e:23: + dc:76:bf:29:ca:6e:c1:ce:1a:f0:1b:a6:b5:ab:dc:be:19:e9: + 9a:e3:6f:7d:ed:a1:e7:bf:f5:23:ad:60:ce:2b:79:49:4e:73: + 7f:00:da:a6:95:af:f1:ae:e7:51:de:7f:35:70:60:5d:fb:61: + 54:34:a9:22:7a:7e:76:49:70:9f:e7:ab:f1:38:a7:a1:53:87: + fb:61:b8:3f +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCVVMx +IjAgBgNVBAMTGWNhLXRlc3QudG9tY2F0LmFwYWNoZS5vcmcwHhcNMTEwMjI4MjMx +MDU1WhcNMTMwMjI3MjMxMDU1WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAxMJbG9j +YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOOLgvixgtmx +6OgI/TyKFNHNobfY+FiTRlTCa7NS/q5/pXCebM8fx/vXwsJdDxjJZirEilfKDk2w +C68bJumt3ZWGaeSsYJ25rmWq1J07AhkxYN/DPqWFzUkBEoQ2TAL1nDiyIL9DHV8M +roZaZyRldHf69M0En4zA8l5Pv9vaztLbplGCQM5iDJte0xB7SdV6yY6/S7jjrDDt +2LclHMVcDh5XfK1gRLplbUUm5AiiH8k6z3285WEj6j4ZRvAW+CblMsZp5eoYYi4F +ZZNJI0URw9pMO7TGSnLqC+kmBixpTeeypT1Urn8X02OP2DZbRkOvvMEJ/JjhT750 +aKI+1SEx0wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu +U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUNlxU9C6Rbee83ZTH ++NdVAUr3fc0wHwYDVR0jBBgwFoAUsDu8yfooXz4EH5tsx4to2AGw+D0wDQYJKoZI +hvcNAQEFBQADggEBADDVswctBCWb8SC7kUncPb9+HC0JAYegMCtQ/jsXNMYd+lHA +s6/1YqbeOr9s9wfmgCYI0YRbo1oMagfe1iYdwYntihUdGjYME9urfEM1C8LGY6ZD +gc7lUijN7scNPI6hBzt8SP/+uR0EURgn0fu0Hr828e+ph4k7sUmpcGJb8EnnJzrM +kW8IQ6TeKPIcaZAJXb14nyXstkx6ztQ8odNcPHgEkbM1VoFkTGF7gK5CNOGaoTMO +I9x2vynKbsHOGvAbprWr3L4Z6Zrjb33toee/9SOtYM4reUlOc38A2qaVr/Gu51He +fzVwYF37YVQ0qSJ6fnZJcJ/nq/E4p6FTh/thuD8= +-----END CERTIFICATE----- diff --git a/test/org/apache/tomcat/util/net/localhost-key.pem b/test/org/apache/tomcat/util/net/localhost-key.pem new file mode 100644 index 000000000..bc1c7e7b3 --- /dev/null +++ b/test/org/apache/tomcat/util/net/localhost-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAsOOLgvixgtmx6OgI/TyKFNHNobfY+FiTRlTCa7NS/q5/pXCe +bM8fx/vXwsJdDxjJZirEilfKDk2wC68bJumt3ZWGaeSsYJ25rmWq1J07AhkxYN/D +PqWFzUkBEoQ2TAL1nDiyIL9DHV8MroZaZyRldHf69M0En4zA8l5Pv9vaztLbplGC +QM5iDJte0xB7SdV6yY6/S7jjrDDt2LclHMVcDh5XfK1gRLplbUUm5AiiH8k6z328 +5WEj6j4ZRvAW+CblMsZp5eoYYi4FZZNJI0URw9pMO7TGSnLqC+kmBixpTeeypT1U +rn8X02OP2DZbRkOvvMEJ/JjhT750aKI+1SEx0wIDAQABAoIBACTERx1D//GIujgE +8slgKftF2I4CnrCQCJyXxYmJTnjtYE7M58EKFDsHF8O9joYyyrnXrd5rfO4YK71h ++izOaXsjNzsPctzqK8waCbYDsF4xSlguanC9CuCuifCFVpvaCZ8dEblIx/R06zfj +aSsDH6tjvN/hNVLMeNZnz/+6/PH7/SP+HbDWGEi15yx1CSuqD3Dj/wIY7uhvlv/J +DGDeYhjcSupjofBkk2guwHzV6qL7fLWyn7MPVS3iRHeX8yWxAWabiW7WVqpClAKE +OTfP9h13yutQx10dhMzIYdxcXeyyfOVfI+mwyi8AN9FAwP11dN7w/0xqTMNErCox +qW1C1YECgYEA6QKjfMGkmtpWsDKpu0I4wgnPh0VtuhQGaLy/f0IFn05BOZVD0LiF +0jqyj1HtNkBSeX0Cz5GCG7DihX4seMjiYbHrOLTRrqIGxMLGJdMNUkmZZHCX7ZhT +SXFTgbqF3gCSPL5avta2eyPKjrCJYDYwqpbvd2lc7YKPOfHyOgqyDnMCgYEAwldk +xZUK3HR94/4GWS46TNIsv0IYLTbrzJKNFnbn0t1JVPR7aHUeI8cSrGa5mCHzn1wK +JFwe7JzlgyLZvgblqbxgDw5x8/GrLNhR3ClxtROusAg7zgX2Pxl0Gk1pr8dBgoiU +m3cZPKgvhagPQ6NKkP+ryzqJxXc8Pm51neZbFyECgYEA0Z91ExRmkIVivasmdXfS +9gW7dNeqKmA/j9RWdxcfVb0iArrdQpXulj4GS9eJj2f4iqFDeRdPtLfCYhQr0BHx +T7Cvi9loVjIf4r3TY03myyO5YtnEZJTIQOc6GBiEvD9JUGpz2wHxMwD1Br+dJzg5 +Og8FqijY2De/wIKAx2S94S8CgYEAlZ4gx/ipxvWsYhWUn532ZmQ87PYelNi+it2c +31mlunKA3XXneJEKJjNCDhZ79kLVQ6/hYwLFEBbun5n6FtFKiPWs4oqVcmBxD3Ju ++1ew4d6IU5/TIxb18LhQ6VsF7b0ykyNBfbsgY9F73KN5NPKHGsCrayfjH3JfoBT8 +WhcZs+ECgYBu7Y+hbGzMpHiuzyV/Niii5Iec2X+5H5rnM6S5h9I37aVnOp2Kl8bo +Eg5krCCeR6/F+I8Qj3KSgu3af1pTliO4m7Dt0sm3SEJeGrb7xQF2m0mf4VJ7Bf/w +H/H3Cuk63tsLedxWD0AYdlNbT7cA47bl15G8J+5qRQXZyuxUP1mZ9Q== +-----END RSA PRIVATE KEY----- diff --git a/test/org/apache/tomcat/util/net/localhost.jks b/test/org/apache/tomcat/util/net/localhost.jks new file mode 100644 index 0000000000000000000000000000000000000000..a9f4f102af65025c314f5206bd190e795eb051cf GIT binary patch literal 2198 zcmY+FX*kr27sux}#u!;L$Ucq6zQk`ZL-v}+7L~DODJBg~!%(J0Xfzlp%SBWuku{kl zOCsXNs4m^ek~O!{lqHd6B3!roe{ugW&Wq1E&vTyhobP$QXJd9_76O4lw*vSTa7I{Y zAepg+26XHBknE1C8yD0Em>W_@%i9;r3i+X2aSi|L5FN?!fX9bs{9llqmuhD`LhzNhj1 z*G-}0jSjFVB!8N8N^aEJ5owjLVKLSkS0^`;VjtI#aaJlbU~_r{LbquMI@4r?CS zr9s6dB$l#Db=*?{!tVMUPdmuAtcO@;9Uh`f4Bj(}Xp3_e-w1?Grrl-uM-R>s5|Ymm zc;lO=1IK8gWl6UHI@9{r$|>6UPTG?0o4jC6LoWk094zXAE&@{ozO?x!?z3iv7CHmV;*`tH{BHIuFK_BEHE07UWmyD6VM4|H& zH_hsi5%=ZByeFqp#^!rl$zE&9ZRKT;ZE)QdGhqLjhlJM&T%hpg1sm-RY@;Q zHz+y{POHG*V`We))Vdy*MWuxz3;jNme1xm5di-qSsYfwH_Oe@2-Sr%_HVErIZ0+@& z)*tzodRpROv)z+6^^5IY_E+8K()4RrPlRqBO!-1&e4dkj4S`V*pq)(o^t5&O9dS}5k z)ppiX@!mg#?Q>DM2^^an-W{`YlLvVIRDbe5ApUSRP&%)l%8V$?uh+ZWTpfwboEyl!VXT!=wPI~7rK@nveg$_AlklGNh*;?D_0IB# z%K$L^;{sRC%oC4S1)Z1uR6u-5e4Nh6r}h55`=p?H2pKa?t1NZ81hHy!Nd?3k|QJKtm&9jVT(8Z#7y%%>eu9yj}eK})BU&kbG8{zid3(BpyQB&{j~h7W|8ed z0q0MXWC^lt-Q^2?IlbxL{$IJ0@+WQ_Syk&~llGV+dN5-d)_ ziOTDS8D-S4Gk&I;vOR7lTL7o-1-GWUr^I%sY1!MoUncofd>x&xdxzke9F5Oa$RR`- z&@OWt4j!owBG_NiINj^38QG|_=XSoqxU#EO%?$p^+aK~V?%6aG<6q7we8d0;?twsr zTtJqPBglec?+QTyC=@CM0VUv~x@-sbio}*T3PV6FRtyw{3wglcGEfgUECy8l2ZUr4 z1IfD?ln92wzb0!y4krhmq!@&q2?lq{OJK2}k&&5^F&4z(e74Yd3r+ur;I98~DGf^f z+fpGAx1tvH;9~2ibCIAr`P5vX$QkWdQ)B>f<$*;1TQnqtBla>y}q#-*y$$ z4+@TC+PSyU9+NgW%;NAnA#c#!wSl&_quUi;2I;=I>h(&}rAq9fvgVh{(JVHV_aNYQ z1BY_|-E9k~A~sL#5qMa;H~xWx)QYlu)834^fDI zY5pdrX_BlqWvyuUO-`UWY1BcToKiS$AWX@0R3jpPA9A*+>2NwTCH6%Vu1|I0R~K8k zbC~kIfoX$yUpvCXrdH9PHzy7?Gfoy-_wB;=LWKYba4!ms{G|;_1_lKopgvqQfb9UV z1^WOA7+MZ>D4arfb8}X;r_d>9$PCH}RRZMuFNe61x_4(t6OUFyb%v(ZML_Wo8BHqUP z-t!SZB{J5piE2%ny}ARXgcp|?u81b!#M(LnO9+>{CrR2}U%3*NsRbey(GHs%4Jeqa zg4Wx$nw>59`ML7MB#TFm<>AMDzd7=?%>PIaLlBC_v=>yUzlk1wb|GJ5rq20d_dCmi zUO&qVu=K|`&&wyA$x*SKeI^q*1;&zUBj;LlUeQ~-mA)yL)K-i%D}KrO7#1^Iz;9Vn zs|@JYi*!5~!GsKzWIdec@Lk84xbT3ZYh-tma?Hg`=N!ZH`4#hKr3G$@Yvd<37fUL> Ve{xM2G)zs)mL$Nc8h~9ke*+j4)|vnS literal 0 HcmV?d00001 diff --git a/test/org/apache/tomcat/util/net/test-cert.pem b/test/org/apache/tomcat/util/net/test-cert.pem deleted file mode 100644 index e1ac5e0bb..000000000 --- a/test/org/apache/tomcat/util/net/test-cert.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICUzCCAbygAwIBAgIESviASzANBgkqhkiG9w0BAQUFADBuMRAwDgYDVQQGEwdV -bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD -VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRIwEAYDVQQDEwlsb2NhbGhv -c3QwHhcNMDkxMTA5MjA0OTE1WhcNMTAwMjA3MjA0OTE1WjBuMRAwDgYDVQQGEwdV -bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD -VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRIwEAYDVQQDEwlsb2NhbGhv -c3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALGOFqjC4Fefz0oOcfJeS8eL -V8jYzA3sHUnTKmASfgfhG8prWUgSEq7O/849MrBysiKpIvTN8R+ykV4QCAxauGUR -DsNI2ZtAv23YX2MbcfYfYqD0tgHEn355HKey0ICgmRuq3norlUWAH3hRv5qiQMc0 -UIhNrmdTs0jyvQ8E8AlZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAPHUr1BDENlV2 -8yIQvJOWKYbcNWLd6Cp8xCltSI897xhPpKQ5tDvs+l0gVfdBv5+jou0F5gbCkqgc -lBuUnUUWsU7r4HYBLVB8FiGSy9v5yuFJWyMMLJkWAfBgzxV1nHsCPhOnrspSB+i6 -bwag0i3ENXstD/Fg1lN/7l9dRpurneI= ------END CERTIFICATE----- diff --git a/test/org/apache/tomcat/util/net/test-key.pem b/test/org/apache/tomcat/util/net/test-key.pem deleted file mode 100644 index 1b7ca8c3b..000000000 --- a/test/org/apache/tomcat/util/net/test-key.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALGOFqjC4Fefz0oO -cfJeS8eLV8jYzA3sHUnTKmASfgfhG8prWUgSEq7O/849MrBysiKpIvTN8R+ykV4Q -CAxauGURDsNI2ZtAv23YX2MbcfYfYqD0tgHEn355HKey0ICgmRuq3norlUWAH3hR -v5qiQMc0UIhNrmdTs0jyvQ8E8AlZAgMBAAECgYBybr8P2Tk5gBfbBOBPcpKocpgL -LB6nQmvF7sC61nA/p8d/eBw8pNlBrMuVIkAPFHzWdee/mxMyeKXT18U4ISgBdIKL -F9LwILhIgR8CwElLucmF2OdXqFe7baBIFI6OaqLvDgOwdHSIS6uZhAWOWIAZ38Dh -JbHMzPpfeBv1bAIhAQJBAPwhjzWqSWZjAfcED4htKa/ZSbdqMa1iYtveoHdXIcLu -j4Ck1DKQEFpzLnUe2gwul/TDcoW3ZVp85jn7jwnrNDECQQC0R5LgkGdGNMBih4kP -U87tHFHUnggSMyIOBnCEXuQEN6i68VOwbdm2F7Rg1XGHD8IIJmVeiTSgLtS/mJRh -t6WpAkEAqs9VhQbTaTDkEOPIXiWOW1q6rS6dbxg7XzdowNDfx3706zM/qu2clpp3 -u9Ll5+DdA24xtNM1L+Nz2Y5KLm8Q0QJAQqpxEx/zQNADEKyEL6nTTHV7gT+LRoeo -IT2aYCji8vhOKgtR4l1M8/xiFKj5mXNnUjI4rDPaxR1sSQm4XUZXOQJBAJaCD0Ah -acU+KaOtk65tBJ7N2dKTbc5gs/CAz1uGgJtoD/jPjELMQwrxdp6AZP6+L6osqy6z -DI3WzNHXS+wWAd0= ------END PRIVATE KEY----- diff --git a/test/org/apache/tomcat/util/net/test.keystore b/test/org/apache/tomcat/util/net/test.keystore deleted file mode 100644 index 8491841b71078688eb98184d964698d12db0e28c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1369 zcmezO_TO6u1_mY|W&~rllKkA{#1bG^<+H8z0j9N^BjEt-d zEKN*{V?XqsDagF~Ds8*^>8JnpyC^$NNjTZH_qedD_^;%3B8jJ`>GQS~ct<|n^OB7% z@$~V(J9BoWy_$1%;xp?_2khdljL*E{Vg9{yuh{?ov=uEy{|i25ymaUK*CG=5F_*z? z<{Xx3rL4tAKbdU2bpPRLw@q_X+^bG~6g@lX)qzN}>7j<7Lp=^}WpcZHeCq#?1$2i0-D#C$f6I&Ys2uY%m#k%tIbvL9;TbVWvTq+f zkx{Gq@Rs*NNJb`O`_txQ4cRwx1$!bV@H|+1zu=PK+YPN(tXFNc*FIAG?@e9r%ZbN% z+0&<&8n$lBc2t|>w_@1>DbMvjTnZC1AB*hTuZbkzIKmlkLH{h2hGPD^}_|Hfay z^L9#VE$=zDC6g@#WpB(ZyWA}J@BXr47oIZ19i8SZW%ZtaC-Xlj)!Y?$TuO~Kj%~K{ zI_a${b?Z#~&6=iIJp7jZ!rjpL)lM;O^<*cj`B%KMWzVmYD425J{ZrIphn$7CGz@rF zRY?||x~P69wcyoD`55j1^<9@7B0t>=tNoYKRWK*Oz~$_9u^+`-d@9+C4B3*Z?M^eT zp0~=c?!MTIDaU0G2|j%(vC-0}Z_8=ct$ZtFUS)H5p4c`ys@c3gezjkrS97U$=VvF8 zK=$^#%d2J_>Yci@vhaSIa*b1?=_k4&C9>E+q~2J&t7hDl4gz2Gc~XTrsQy7 zN)9$?V%)QUnTe5!iN)(jgSP=M8>d#AN85K^V6tXqFvv3$0H$^3P!={}_RzfSy!>*w z2nU7;JBA1sh6p!8M94q@WHPfbXHI@{VopYWafyMPIIn@Fp`n4Lk%5V&p=p#juc3i~ zk%2jsOLzA)&PNUrU`}Ul>}4=$>||?;Baq z%UTISb?gtNPi04X2nnq__y3%&(T1W;N-LGVoc$=jX=0oJ2T#z9MkMEVS&ilE9wH(=^-em?qtQp;dE4GuNZv_PvDv zk|mZ~tl#{KRS5m=xPSiQMQ>T3u^pPULS~Bel)0{A8~t8CC}Y$Os1Z|~bo%zsQx83( zm3ee#iZOmjI4@c{r<%!5c=@_hLF_Mf<+Clgq*hmojn@wqws(I$QL$0wz&-%ZHY`E_ diff --git a/test/org/apache/tomcat/util/net/user1.jks b/test/org/apache/tomcat/util/net/user1.jks new file mode 100644 index 0000000000000000000000000000000000000000..cc420f5ddd03b98a0cfb939656789cbd9ecb018f GIT binary patch literal 2194 zcmY+EX*kpi8^-591{sZL>`V3~+x%xx_O+3vF}4X4G8klU24kya-xWf($d-LA32z#_ zI%LbPMA5=nl2AJ7IH&i+c|SZKe$R7V_w`)Q{ap9q#^DA80)ZYC@J}%ZQ^^$c5h?qx zeV>3pn3=$6*e{TS1+KsXzyNtD7XUCrV9_wf7afuqGOrY~Nox+LX4R+X2j4%Ph(*=x zUAe{@7%sC`B4&9w>@U+aSrr;2K`f+KYP-{-6Z_oOA1+5FZd@H%u%sa0=$C0CK9{cE81^k-?RcM2X$$@dSnJz>9sm+{< ztyX}#@}Bei%Dz@U-TJp*cW)=@U8djH`ZT~A%nSFtWj+45HXSd8Py8#lI)GHs5)p4H7c@h*Sq?jNx_--TUoE77!@ zdTTPDe|Y{_X>C7=E`aM_FR&iS`I@}I$tmAuX)!xyV;?9-YMT{u%OMP0Vhc6(Xaa&F z!AUl%Tv%IZgRmmr$k1J2zKr!MZ7|h(Ry~{g!o&xCrT%@JYHeJI*asL`4MMiJ7FjL63W%l)1d=qD3oDImsj_d~Cp2Y;2LHswr( z!m?+X8^>CLVX}b&scAt3I$I-YXLIx&~zTfGGa$iQg>OnrXEcUr0bkpTn zKxw^+!xJgg#L&S$ru~B5mE;rcNpqH&3l*Uh(v2Q?e$LE$4GYqQ?74eXB$nSIPmQ54 zUrv4Gm4WtMe=Wdav2<&?1sdmdSfLtbfa`mtFFnTET)s<3U*p?AYthz&3f10U#~q6o zBnK9X{l_q<^Fyb9)C*W1tcrd}(ax08WU(4Lklu2Od_%bC%B=lkRoy)!__0$UPq)uh z)oqNh%Z)^DhVoJsyK~@S(1|JcQ0ygCBGEW0>WQ^BN)^ zl0bPHG+X~%1YycQswCRLXWKAmt_P7e_K@v{)jIyq&oTjKO*iJo%?~ zCQ@B+WR38n+;nv9Kv2=Z3LeL=qaE-BzxLfS3p2|sYyYtl>7+?~aj-0Ke=y)|xFo97 zcG;=p)LR0bs%Z$~uw69ereSOJQp|ni1F9mM_Ggv((xMA_LnUf^5vj5C7p|Jv8P7fE z&E~DTI#xcZYQ31M8CGO_{b>atZ<^b?JVmKPa#lmG=WyGXEl<$C|5a*>R&d{g;~wd% z%5J;kWvM*aMr}bGYdj=6`}N@|Fapmj=X8wMI@ zSreFnzeQhon7R|=f((c~^KLa)f3p2s?`1}5*qBrbS9TGU@jDsqmDNBE2!zQLjAp`u z(NLulCMW=fLOB5t!NMjVZxX+cI0{E*2#7|rgKR8J1Q-hvO0YpofMS0G6H>s9q!dJ^ z1}O&x__>jSlu3akH!res0L2qL#fLznK@3J6qoSswszy9Ql_Na+KLkboUy=hn{#){Q zUW3tq#J`s~ifE>2-~{BT4~Iqr0A#C7Q};8H$w3wGywb55(|yXR(czd}rah{T?@x`e ztZmEXxmYW^waVbWp%#tFo;qxszK`LrF4@Mm#myfgobZ}BZZZtq^`a5tmG%bN?@7xG zmDw@kCPue!)_0k;l3>(x8WMfH$FzV1|B>`lqWO@9og{o|m15i&uKI#sZ5zA12Qi8* z$T5PwJvf;~v|5;TrVJNso;RT_6zp4fT73M$7o8UIj{FX-PW76MOPwiKH`cC&fEZ46 zyN^YRxF~n~+^jIHhg^DfdX?97uFsG|ji0AM@#6(q2ea-62+5n59{qeeb5_dYyAG_P zLEK-}W!Qt$1i&Qlr^gVMw4h7?1SpFD!~XF_1POzJ5KxhY%_ZIhi2r5?AYh`rBKSbE zzm3fWvGZhqGKCaGb{8`uQ-ZE|TsiWJ42m2bT!aJ03*)AZ4-n_FJN#8ys?tQK5~658 z(g#rV@3AC|ALNbVZqn-d<3R4RE=;t*cOb=U7HImW^KW~Oe&om=03u(>Z{(MuvO2J! z8&Sg}k%VYEe7MpwR8+01%bA=$ZEhmDs8-_KW3$obp%ZgO{W>8t0 zh$mi`(J%o|C?nyd(9X|3hgJhCF^FV)BQdugP?1dEV73k(eI_d6wB((S(yR}kuUeMi15_q zO+tIcz5b}mwAYR}yEJq5Gu<_~_mkkzQ(rE=f%Jjl?5O7T-h+VQUFyP@{(h{qrzKi1 IB8I{G7dzg?eE