NO-JIRA Update broker connection AMQP SSL example

examples/features/broker-connection/amqp-sending-overssl/pom.xml

@@ -85,7 +85,7 @@ under the License.
                      <ignore>${noServer}</ignore>
                      <spawn>true</spawn>
                      <location>${basedir}/target/server1</location>
-                     <testURI>tcp://localhost:5771?sslEnabled=true;trustStorePath=target/server1/etc/server-ca-truststore.jks&amp;trustStorePassword=securepass</testURI>
+                     <testURI>tcp://localhost:5771?sslEnabled=true;trustStorePath=target/server1/etc/server-ca-truststore.p12&amp;trustStorePassword=securepass</testURI>
                      <args>
                         <param>run</param>
                      </args>
@@ -101,7 +101,7 @@ under the License.
                      <spawn>true</spawn>
                      <ignore>${noServer}</ignore>
                      <location>${basedir}/target/server0</location>
-                     <testURI>tcp://localhost:5671?sslEnabled=true;trustStorePath=target/server0/etc/server-ca-truststore.jks&amp;trustStorePassword=securepass</testURI>
+                     <testURI>tcp://localhost:5671?sslEnabled=true;trustStorePath=target/server0/etc/server-ca-truststore.p12&amp;trustStorePassword=securepass</testURI>
                      <args>
                         <param>run</param>
                      </args>

examples/features/broker-connection/amqp-sending-overssl/src/main/java/org/apache/activemq/artemis/jms/example/BrokerConnectionSenderSSL.java

@@ -35,7 +35,7 @@ public class BrokerConnectionSenderSSL {
 
    public static void main(final String[] args) throws Exception {
       Connection connectionOnServer0 = null;
-      ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5671?transport.trustStoreLocation=target/server0/etc/server-ca-truststore.jks&transport.trustStorePassword=securepass");
+      ConnectionFactory connectionFactoryServer0 = new JmsConnectionFactory("amqps://localhost:5671?transport.trustStoreLocation=target/server0/etc/server-ca-truststore.p12&transport.trustStorePassword=securepass");
 
       // Step 1. Create a connection on server0, and send a few messages
       try {
@@ -58,7 +58,7 @@ public static void main(final String[] args) throws Exception {
       // Step 2. create a connection on server1, and receive a few messages.
       //          the sender on the broker conneciton will take care of the transfer.
       Connection connectionOnServer1 = null;
-      ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5771?transport.trustStoreLocation=target/server0/etc/server-ca-truststore.jks&transport.trustStorePassword=securepass");
+      ConnectionFactory connectionFactoryServer1 = new JmsConnectionFactory("amqps://localhost:5771?transport.trustStoreLocation=target/server1/etc/server-ca-truststore.p12&transport.trustStorePassword=securepass");
 
       try {
          connectionOnServer1 = connectionFactoryServer1.createConnection();

examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server0/broker.xml

@@ -32,11 +32,11 @@ under the License.
       <acceptors>
          <!-- keystores will be found automatically if they are on the classpath -->
          <!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
-         <acceptor name="netty-ssl-acceptor">tcp://localhost:5671?sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
+         <acceptor name="netty-ssl-acceptor">tcp://localhost:5671?sslEnabled=true;keyStorePath=server-keystore.p12;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
       </acceptors>
 
       <broker-connections>
-         <amqp-connection uri="tcp://localhost:5771?sslEnabled=true;verifyHost=true;trustStorePath=server-ca-truststore.jks;trustStorePassword=securepass" name="otherBrokerSSL" retry-interval="1000">
+         <amqp-connection uri="tcp://localhost:5771?sslEnabled=true;verifyHost=true;trustStorePath=server-ca-truststore.p12;trustStorePassword=securepass" name="otherBrokerSSL" retry-interval="1000">
             <sender address-match="#"/>
          </amqp-connection>
       </broker-connections>

examples/features/broker-connection/amqp-sending-overssl/src/main/resources/activemq/server1/broker.xml

@@ -32,7 +32,7 @@ under the License.
       <acceptors>
          <!-- keystores will be found automatically if they are on the classpath -->
          <!-- The CORE protocol only used for artemis-maven-plugin verifying the server is up for example to start -->
-         <acceptor name="netty-ssl-acceptor">tcp://localhost:5771?sslEnabled=true;keyStorePath=server-keystore.jks;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
+         <acceptor name="netty-ssl-acceptor">tcp://localhost:5771?sslEnabled=true;keyStorePath=other-server-keystore.p12;keyStorePassword=securepass;protocols=AMQP,CORE</acceptor>
       </acceptors>
 
       <!-- Other config -->

examples/features/broker-connection/amqp-sending-overssl/store-generation.txt

@@ -1,38 +1,55 @@
 # The various SSL stores and certificates were created with the following commands:
 # This can be run as a script by sourcing the file, e.g ". store-generation.txt"
+# Requires use of JDK 8+ keytool command.
+set -e
+
+KEY_PASS=securepass
+STORE_PASS=securepass
+CA_VALIDITY=365000
+VALIDITY=36500
+SERVER_NAMES="san=dns:localhost"
+
+# Clean up existing files
+# -----------------------
+rm -f *.crt *.csr *.p12
+rm -f src/main/resources/activemq/server0/*.keystore src/main/resources/activemq/server0/*.p12
+rm -f src/main/resources/activemq/server1/*.keystore src/main/resources/activemq/server1/*.p12
+
+# Create a key and self-signed certificate for the CA, to sign server certificate requests and use for trust:
+# ----------------------------------------------------------------------------------------------------
+keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server-ca -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server Certification Authority, OU=Artemis, O=ActiveMQ" -validity $CA_VALIDITY -ext bc:c=ca:true
+keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -exportcert -rfc > server-ca.crt
 
+# Create trust store with the server CA cert:
+# -------------------------------------------------------
+keytool -storetype pkcs12 -keystore server-ca-truststore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt
 
-# Clean up any existing files
-# ---------------------------
-rm -f *.crt *.csr *.keystore *.truststore
-rm -f src/main/resources/activemq/server0/*.keystore src/main/resources/activemq/server0/*.truststore
-rm -f src/main/resources/activemq/server1/*.keystore src/main/resources/activemq/server1/*.truststore
+# Create a key pair for the server, and sign it with the CA:
+# ----------------------------------------------------------
+keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext $SERVER_NAMES
 
-# Create a key and self-signed certificate for the CA, to sign certificate requests and use for trust:
-# ----------------------------------------------------------------------------------------------------
-keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -keypass activemqexample -alias ca -genkey -keyalg "RSA" -keysize 2048 -dname "O=My Trusted Example Inc.,CN=my-example-ca.org" -validity 9999 -ext bc:c=ca:true
-keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -exportcert -rfc > ca.crt
+keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -alias server -certreq -file server.csr
+keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile server.crt -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES
 
-# Create a key pair, and sign it with the CA:
-# -------------------------------------------
-keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -alias broker -genkey -keyalg "RSA" -keysize 2048 -dname "O=Server,CN=localhost" -validity 9999 -ext bc=ca:false -ext eku=sA
+keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt
+keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server -file server.crt
 
-keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -alias broker -certreq -file broker.csr
-keytool -storetype pkcs12 -keystore ca-pkcs12.keystore -storepass activemqexample -alias ca -gencert -rfc -infile broker.csr -outfile broker.crt -validity 9999 -ext bc=ca:false -ext eku=sA
+# Create a key pair for the other server, and sign it with the CA:
+# ----------------------------------------------------------
+keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -alias other-server -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Other Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES
 
-keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
-keytool -storetype pkcs12 -keystore activemq.example.keystore -storepass activemqexample -keypass activemqexample -importcert -alias broker -file broker.crt
+keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -alias other-server -certreq -file other-server.csr
+keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass $STORE_PASS -alias server-ca -gencert -rfc -infile other-server.csr -outfile other-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext $SERVER_NAMES
 
-# Create trust store, import the CA cert:
-# -------------------------------------------------------
-keytool -storetype pkcs12 -keystore activemq.example.truststore -storepass activemqexample -keypass activemqexample -importcert -alias ca -file ca.crt -noprompt
+keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt
+keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias other-server -file other-server.crt
 
 # Copy the stores into place
-cp activemq.example.truststore src/main/resources/activemq/server1/
-cp activemq.example.keystore src/main/resources/activemq/server1/
+cp server-ca-truststore.p12 src/main/resources/activemq/server0/
+cp server-keystore.p12 src/main/resources/activemq/server0/
 
-cp activemq.example.truststore src/main/resources/activemq/server0/
-cp activemq.example.keystore src/main/resources/activemq/server0/
+cp server-ca-truststore.p12 src/main/resources/activemq/server1/
+cp other-server-keystore.p12 src/main/resources/activemq/server1/
 
 # Clean up tmp files
-rm -f *.crt *.csr *.keystore *.truststore
+rm -f *.crt *.csr *.p12