diff --git a/core/src/main/java/com/redhat/lightblue/client/LightblueClientConfiguration.java b/core/src/main/java/com/redhat/lightblue/client/LightblueClientConfiguration.java index 52db9af..ecfcc4e 100644 --- a/core/src/main/java/com/redhat/lightblue/client/LightblueClientConfiguration.java +++ b/core/src/main/java/com/redhat/lightblue/client/LightblueClientConfiguration.java @@ -74,7 +74,7 @@ public LightblueClientConfiguration(LightblueClientConfiguration configuration) caFilePath = configuration.caFilePath; certFilePath = configuration.certFilePath; certPassword = configuration.certPassword; - certAlias = FilenameUtils.getBaseName(certFilePath); + certAlias = configuration.certAlias; compression = configuration.compression; readPreference = configuration.readPreference; writeConcern = configuration.writeConcern; @@ -169,7 +169,6 @@ public String getCertFilePath() { */ public void setCertFilePath(String certFilePath) { this.certFilePath = certFilePath; - certAlias = FilenameUtils.getBaseName(this.certFilePath); } public String getCertPassword() { @@ -362,4 +361,8 @@ public void setAcceptSelfSignedCert(boolean acceptSelfSignedCert) { this.acceptSelfSignedCert = acceptSelfSignedCert; } + public void setCertAlias(String certAlias) { + this.certAlias = certAlias; + } + } diff --git a/core/src/main/java/com/redhat/lightblue/client/PropertiesLightblueClientConfiguration.java b/core/src/main/java/com/redhat/lightblue/client/PropertiesLightblueClientConfiguration.java index fbe1b28..e564acf 100644 --- a/core/src/main/java/com/redhat/lightblue/client/PropertiesLightblueClientConfiguration.java +++ b/core/src/main/java/com/redhat/lightblue/client/PropertiesLightblueClientConfiguration.java @@ -57,6 +57,7 @@ public final class PropertiesLightblueClientConfiguration { private static final String CA_FILE_PATH_KEY = "caFilePath"; private static final String CERT_FILE_PATH_KEY = "certFilePath"; private static final String CERT_PASSWORD_KEY = "certPassword"; + private static final String CERT_ALIAS_KEY = "certAlias"; private static final String COMPRESSION = "compression"; private static final String BASIC_AUTH_USERNAME_KEY = "basicAuthUsername"; private static final String BASIC_AUTH_PASSWORD_KEY = "basicAuthPassword"; @@ -190,6 +191,7 @@ public static LightblueClientConfiguration fromObject(Properties properties) { config.setCaFilePath(properties.getProperty(CA_FILE_PATH_KEY)); config.setCertFilePath(properties.getProperty(CERT_FILE_PATH_KEY)); config.setCertPassword(properties.getProperty(CERT_PASSWORD_KEY)); + config.setCertAlias(properties.getProperty(CERT_ALIAS_KEY)); config.setDataServiceURI(properties.getProperty(DATA_SERVICE_URI_KEY)); config.setMetadataServiceURI(properties.getProperty(METADATA_SERVICE_URI_KEY)); config.setAcceptSelfSignedCert(Boolean.parseBoolean(properties.getProperty(ACCEPT_SELF_SIGNED_CERT_KEY))); diff --git a/core/src/test/java/com/redhat/lightblue/client/LightblueClientConfigurationTest.java b/core/src/test/java/com/redhat/lightblue/client/LightblueClientConfigurationTest.java index 7e2dc2f..0a9935f 100644 --- a/core/src/test/java/com/redhat/lightblue/client/LightblueClientConfigurationTest.java +++ b/core/src/test/java/com/redhat/lightblue/client/LightblueClientConfigurationTest.java @@ -23,6 +23,7 @@ public void shouldCopyAllPropertiesInCopyConstructor() { original.setCertPassword("pass"); original.setCertFilePath("certpath"); original.setCaFilePath("capath"); + original.setCertAlias("certalias"); LightblueClientConfiguration copy = new LightblueClientConfiguration(original); @@ -32,7 +33,7 @@ public void shouldCopyAllPropertiesInCopyConstructor() { assertEquals("pass", copy.getCertPassword()); assertEquals("certpath", copy.getCertFilePath()); assertEquals("capath", copy.getCaFilePath()); - assertEquals("certpath", copy.getCertAlias()); + assertEquals("certalias", copy.getCertAlias()); // make sure they are copies original.setUseCertAuth(false); @@ -48,7 +49,7 @@ public void shouldCopyAllPropertiesInCopyConstructor() { assertEquals("pass", copy.getCertPassword()); assertEquals("certpath", copy.getCertFilePath()); assertEquals("capath", copy.getCaFilePath()); - assertEquals("certpath", copy.getCertAlias()); + assertEquals("certalias", copy.getCertAlias()); } @Test diff --git a/core/src/test/java/com/redhat/lightblue/client/PropertiesLightblueClientConfigurationTest.java b/core/src/test/java/com/redhat/lightblue/client/PropertiesLightblueClientConfigurationTest.java index 4f9fe7b..890c56b 100644 --- a/core/src/test/java/com/redhat/lightblue/client/PropertiesLightblueClientConfigurationTest.java +++ b/core/src/test/java/com/redhat/lightblue/client/PropertiesLightblueClientConfigurationTest.java @@ -111,7 +111,7 @@ public void shouldLookup_certPassword_PropertyForCertPassword() { @Test public void shouldLookup_certAlias_PropertyForCertAlias() { Properties properties = new Properties(); - properties.setProperty("certFilePath", "/path/to/theCert.pkcs12"); + properties.setProperty("certAlias", "theCert"); LightblueClientConfiguration config = PropertiesLightblueClientConfiguration.fromObject(properties); diff --git a/http/src/main/java/com/redhat/lightblue/client/http/auth/CertificateManager.java b/http/src/main/java/com/redhat/lightblue/client/http/auth/CertificateManager.java new file mode 100644 index 0000000..db1d166 --- /dev/null +++ b/http/src/main/java/com/redhat/lightblue/client/http/auth/CertificateManager.java @@ -0,0 +1,128 @@ +package com.redhat.lightblue.client.http.auth; + +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Set; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.redhat.lightblue.client.LightblueClientConfiguration; + +/** + * Provides access to certificates. + * + * @author mpatercz + * + */ +public class CertificateManager { + + private static final Logger LOGGER = LoggerFactory.getLogger(SslSocketFactories.class); + + static final String FILE_PROTOCOL = "file://"; + + static List getCaCertFiles(List caCertFilePaths) throws FileNotFoundException { + List caCertFiles = new ArrayList<>(); + + for(String caCertFilePath : caCertFilePaths) { + caCertFiles.add(loadFile(caCertFilePath)); + } + + return caCertFiles; + } + + static Set getCertificates(List certAuthorityFiles) throws CertificateException { + Set caCertificates = new LinkedHashSet<>(); + + for(InputStream certAuthorityFile : certAuthorityFiles) { + caCertificates.add(getCertificate(certAuthorityFile)); + } + return caCertificates; + } + + static InputStream loadFile(String filePath) throws FileNotFoundException { + InputStream stream = loadFile(CertificateManager.class.getClassLoader(), filePath); + if (stream == null) { + throw new FileNotFoundException("Could not read certs from "+filePath); + } + return stream; + } + + private static InputStream loadFile(ClassLoader classLoader, String filePath) throws FileNotFoundException { + if (filePath.startsWith(FILE_PROTOCOL)) { + return new FileInputStream(filePath.substring(FILE_PROTOCOL.length())); + } + return classLoader.getResourceAsStream(filePath); + } + + static X509Certificate getCertificate(InputStream certificate) + throws CertificateException { + CertificateFactory cf = CertificateFactory.getInstance("X509"); + return (X509Certificate) cf.generateCertificate(certificate); + } + + static KeyStore getPkcs12KeyStore(InputStream lightblueCert, char[] certPassword) + throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + KeyStore ks = KeyStore.getInstance("pkcs12"); + ks.load(lightblueCert, certPassword); + return ks; + } + + static KeyStore getJksKeyStore(Set caCertFiles, KeyStore lightblueCertKeystore, + String lightblueCertAlias, char[] lightblueCertPassword) + throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException, + UnrecoverableKeyException { + KeyStore jks = KeyStore.getInstance("jks"); + + jks.load(null, lightblueCertPassword); + for(Certificate caCertFile : caCertFiles) { + jks.setCertificateEntry(caCertFile.toString(), caCertFile); + } + + Certificate[] chain; + Key key ; + + if (lightblueCertAlias != null) { + LOGGER.debug("Loading certificates using alias='"+lightblueCertAlias+"'"); + chain = lightblueCertKeystore.getCertificateChain(lightblueCertAlias); + key = lightblueCertKeystore.getKey(lightblueCertAlias, lightblueCertPassword); + + if (chain == null || key == null) { + throw new RuntimeException("Specified alias='"+lightblueCertAlias+"' does not appear to exist in the keystore."); + } + } else { + LOGGER.debug("Certificate alias not specified"); + + List aliases = Collections.list(lightblueCertKeystore.aliases()); + + if (aliases.size() == 1) { + String alias = aliases.get(0); + LOGGER.debug("Certificate alias was not specified, but only one alias exist is the keystore. Using alias='"+alias+"'"); + chain = lightblueCertKeystore.getCertificateChain(alias); + key = lightblueCertKeystore.getKey(alias, lightblueCertPassword); + } else { + throw new RuntimeException("Certificate alias not specified and the keystore has more than one alias or keystore is empty. Aliases found: "+aliases); + } + } + + jks.setKeyEntry("anykey", key, lightblueCertPassword, chain); + + return jks; + } + +} diff --git a/http/src/main/java/com/redhat/lightblue/client/http/auth/SslSocketFactories.java b/http/src/main/java/com/redhat/lightblue/client/http/auth/SslSocketFactories.java index f6feda3..09a94c6 100644 --- a/http/src/main/java/com/redhat/lightblue/client/http/auth/SslSocketFactories.java +++ b/http/src/main/java/com/redhat/lightblue/client/http/auth/SslSocketFactories.java @@ -1,13 +1,7 @@ package com.redhat.lightblue.client.http.auth; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; -import java.net.URI; -import java.net.URISyntaxException; -import java.nio.file.Paths; -import java.security.Key; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -15,10 +9,7 @@ import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.LinkedHashSet; import java.util.List; import java.util.Objects; import java.util.Set; @@ -38,12 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.redhat.lightblue.client.LightblueClient; import com.redhat.lightblue.client.LightblueClientConfiguration; -import com.redhat.lightblue.client.LightblueException; -import com.redhat.lightblue.client.PropertiesLightblueClientConfiguration; -import com.redhat.lightblue.client.http.LightblueHttpClient; -import com.redhat.lightblue.client.request.metadata.MetadataGetEntityNamesRequest; public class SslSocketFactories { private static final Logger LOGGER = LoggerFactory.getLogger(SslSocketFactories.class); @@ -52,7 +38,6 @@ public class SslSocketFactories { private static final String[] SUPPORTED_PROTOCOLS = new String[]{TLSV1}; private static final String[] SUPPORTED_CIPHER_SUITES = null; - private static final String FILE_PROTOCOL = "file://"; /** * @return A default SSL socket factory based on whether or not the @@ -65,8 +50,11 @@ public static SSLConnectionSocketFactory fromLightblueClientConfig(LightblueClie KeyStoreException, KeyManagementException, IOException { if (config.useCertAuth()) { validateLightblueClientConfigForCertAuth(config); - return defaultCertAuthSocketFactory(getCaCertFiles(config), loadFile(config.getCertFilePath()), - config.getCertPassword().toCharArray(), config.getCertAlias(), config.isAcceptSelfSignedCert()); + + return defaultCertAuthSocketFactory( + CertificateManager.getCaCertFiles(config.getCaFilePaths()), + CertificateManager.loadFile(config.getCertFilePath()), + config.getCertPassword().toCharArray(), config.getCertAlias(), config.isAcceptSelfSignedCert()); } return defaultNoAuthSocketFactory(); @@ -102,9 +90,9 @@ public static SSLConnectionSocketFactory defaultCertAuthSocketFactory( throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException { - Set certificates = getCertificates(certAuthorityFiles); - KeyStore pkcs12KeyStore = getPkcs12KeyStore(authCert, authCertPassword); - KeyStore sunKeyStore = getJksKeyStore(certificates, pkcs12KeyStore, authCertAlias, authCertPassword); + Set certificates = CertificateManager.getCertificates(certAuthorityFiles); + KeyStore pkcs12KeyStore = CertificateManager.getPkcs12KeyStore(authCert, authCertPassword); + KeyStore sunKeyStore = CertificateManager.getJksKeyStore(certificates, pkcs12KeyStore, authCertAlias, authCertPassword); SSLContext sslContext = getSSLContext(sunKeyStore, pkcs12KeyStore, authCertPassword, acceptSelfSignedCert); return new SSLConnectionSocketFactory(sslContext, SUPPORTED_PROTOCOLS, SUPPORTED_CIPHER_SUITES, @@ -116,21 +104,12 @@ public static SSLSocketFactory javaNetSslSocketFactory(LightblueClientConfigurat UnrecoverableKeyException, KeyManagementException { validateLightblueClientConfigForCertAuth(config); - return javaNetSslSocketFactory(getCaCertFiles(config), loadFile(config.getCertFilePath()), + return javaNetSslSocketFactory( + CertificateManager.getCaCertFiles(config.getCaFilePaths()), + CertificateManager.loadFile(config.getCertFilePath()), config.getCertPassword().toCharArray(), config.getCertAlias(), config.isAcceptSelfSignedCert()); } - private static List getCaCertFiles(LightblueClientConfiguration config) throws FileNotFoundException { - List caCertFilePaths = config.getCaFilePaths(); - List caCertFiles = new ArrayList<>(); - - for(String caCertFilePath : caCertFilePaths) { - caCertFiles.add(loadFile(caCertFilePath)); - } - - return caCertFiles; - } - public static SSLSocketFactory javaNetSslSocketFactory(List certAuthorityFiles, InputStream authCert, char[] authCertPassword, String authCertAlias, boolean acceptSelfSignedCert) throws CertificateException, NoSuchAlgorithmException, @@ -143,65 +122,14 @@ public static SSLSocketFactory javaNetSslSocketFactory(List certAut + "the certificate file is on the classpath or defined on the file system using the " + "'file://' prefix."); - Set caCertificates = getCertificates(certAuthorityFiles); + Set caCertificates = CertificateManager.getCertificates(certAuthorityFiles); - KeyStore pkcs12KeyStore = getPkcs12KeyStore(authCert, authCertPassword); - KeyStore sunKeyStore = getJksKeyStore(caCertificates, pkcs12KeyStore, authCertAlias, authCertPassword); + KeyStore pkcs12KeyStore = CertificateManager.getPkcs12KeyStore(authCert, authCertPassword); + KeyStore sunKeyStore = CertificateManager.getJksKeyStore(caCertificates, pkcs12KeyStore, authCertAlias, authCertPassword); SSLContext sslContext = getSSLContext(sunKeyStore, pkcs12KeyStore, authCertPassword, acceptSelfSignedCert); return sslContext.getSocketFactory(); } - private static Set getCertificates(List certAuthorityFiles) throws CertificateException { - Set caCertificates = new LinkedHashSet<>(); - - for(InputStream certAuthorityFile : certAuthorityFiles) { - caCertificates.add(getCertificate(certAuthorityFile)); - } - return caCertificates; - } - - private static InputStream loadFile(String filePath) throws FileNotFoundException { - return loadFile(SslSocketFactories.class.getClassLoader(), filePath); - } - - private static InputStream loadFile(ClassLoader classLoader, String filePath) throws FileNotFoundException { - if (filePath.startsWith(FILE_PROTOCOL)) { - return new FileInputStream(filePath.substring(FILE_PROTOCOL.length())); - } - return classLoader.getResourceAsStream(filePath); - } - - private static X509Certificate getCertificate(InputStream certificate) - throws CertificateException { - CertificateFactory cf = CertificateFactory.getInstance("X509"); - return (X509Certificate) cf.generateCertificate(certificate); - } - - private static KeyStore getPkcs12KeyStore(InputStream lightblueCert, char[] certPassword) - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = KeyStore.getInstance("pkcs12"); - ks.load(lightblueCert, certPassword); - return ks; - } - - private static KeyStore getJksKeyStore(Set caCertFiles, KeyStore lightblueCertKeystore, - String lightblueCertAlias, char[] lightblueCertPassword) - throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException, - UnrecoverableKeyException { - KeyStore jks = KeyStore.getInstance("jks"); - - jks.load(null, lightblueCertPassword); - for(Certificate caCertFile : caCertFiles) { - jks.setCertificateEntry(caCertFile.toString(), caCertFile); - } - - Certificate[] chain = lightblueCertKeystore.getCertificateChain(lightblueCertAlias); - Key key = lightblueCertKeystore.getKey(lightblueCertAlias, lightblueCertPassword); - jks.setKeyEntry("anykey", key, lightblueCertPassword, chain); - - return jks; - } - /** * Naive trust manager trusts all. * @@ -255,5 +183,7 @@ private static void validateLightblueClientConfigForCertAuth(LightblueClientConf if (StringUtils.isBlank(config.getCertPassword())) { throw new IllegalArgumentException("Must provide a certPassword."); } + + // certAlias is not required if only one cert exists in the keystore (usually the case) } } diff --git a/http/src/test/java/com/redhat/lightblue/client/http/auth/TestCertificateManager.java b/http/src/test/java/com/redhat/lightblue/client/http/auth/TestCertificateManager.java new file mode 100644 index 0000000..94731cf --- /dev/null +++ b/http/src/test/java/com/redhat/lightblue/client/http/auth/TestCertificateManager.java @@ -0,0 +1,78 @@ +package com.redhat.lightblue.client.http.auth; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.util.Arrays; +import java.util.Set; + +import org.junit.Assert; +import org.junit.Test; + + + +public class TestCertificateManager { + + String CACERT = "alias/cacert.pem"; + String AUTHCERT = "alias/authcert.pkcs12"; + String ALIAS = "Blah Blah"; + String PASSWORD = "foobar"; + + @Test + public void testCertConfigurationCorrect() throws Exception { + loadCerts(CACERT, AUTHCERT, ALIAS, PASSWORD); + } + + @Test + public void testWrongPassword() throws Exception { + try { + loadCerts(CACERT, AUTHCERT, ALIAS, "wrongpassword"); + Assert.fail(); + } catch (IOException e) { + Assert.assertTrue(e.getMessage().startsWith("keystore password was incorrect") || e.getMessage().startsWith("failed to decrypt safe contents entry")); + } + } + + @Test + public void testWrongAlias() throws Exception { + try { + loadCerts(CACERT, AUTHCERT, "wrongalias", PASSWORD); + Assert.fail(); + } catch (RuntimeException e) { + Assert.assertEquals("Specified alias='wrongalias' does not appear to exist in the keystore.", e.getMessage()); + } + } + + @Test + public void testNoAliasWorksBecuaseThereIsOnlyOneCert() throws Exception { + loadCerts(CACERT, AUTHCERT, null, PASSWORD); + } + + @Test + public void testWrongCacertPath() throws Exception { + try { + loadCerts("foo/bar.pem", AUTHCERT, ALIAS, PASSWORD); + Assert.fail(); + } catch (FileNotFoundException e) { + Assert.assertEquals("Could not read certs from foo/bar.pem", e.getMessage()); + } + } + + @Test + public void testWrongAuthCertPath() throws Exception { + try { + loadCerts(CACERT, "foo/bar.pkcs12", ALIAS, PASSWORD); + Assert.fail(); + } catch (FileNotFoundException e) { + Assert.assertEquals("Could not read certs from foo/bar.pkcs12", e.getMessage()); + } + } + + void loadCerts(String cacertPath, String authCertPath, String alias, String password) throws Exception { + Set certificates = CertificateManager.getCertificates(CertificateManager.getCaCertFiles(Arrays.asList(new String[]{ cacertPath }))); + KeyStore pkcs12KeyStore = CertificateManager.getPkcs12KeyStore(CertificateManager.loadFile(authCertPath), password.toCharArray()); + KeyStore sunKeyStore = CertificateManager.getJksKeyStore(certificates, pkcs12KeyStore, alias, password.toCharArray()); + } + +} diff --git a/http/src/test/java/com/redhat/lightblue/client/http/auth/TestSSLSocketFactory.java b/http/src/test/java/com/redhat/lightblue/client/http/auth/TestSSLSocketFactory.java index 2048a95..e311715 100644 --- a/http/src/test/java/com/redhat/lightblue/client/http/auth/TestSSLSocketFactory.java +++ b/http/src/test/java/com/redhat/lightblue/client/http/auth/TestSSLSocketFactory.java @@ -18,6 +18,7 @@ public void certFilePathsPersedCorrectlyWhenOnlyOneIsSpecified() throws Exceptio config.setCaFilePath("certificates-ca/lightblue-root-ca-1.pem"); config.setCertFilePath("certificates-client/lightblue-client-1.pkcs12"); config.setCertPassword("secret"); + config.setCertAlias("lightblue-client-1"); SslSocketFactories.fromLightblueClientConfig(config); } @@ -28,6 +29,7 @@ public void certFilePathsParsedCorrectlyWhenMultipleAreSpecified() throws Except config.setCaFilePath("certificates-ca/lightblue-root-ca-1.pem,certificates-ca/lightblue-root-ca-2.pem"); config.setCertFilePath("certificates-client/lightblue-client-1.pkcs12"); config.setCertPassword("secret"); + config.setCertAlias("lightblue-client-1"); SslSocketFactories.fromLightblueClientConfig(config); } diff --git a/http/src/test/resources/alias/authcert.pkcs12 b/http/src/test/resources/alias/authcert.pkcs12 new file mode 100644 index 0000000..35af65d Binary files /dev/null and b/http/src/test/resources/alias/authcert.pkcs12 differ diff --git a/http/src/test/resources/alias/cacert.pem b/http/src/test/resources/alias/cacert.pem new file mode 100644 index 0000000..b8f4334 --- /dev/null +++ b/http/src/test/resources/alias/cacert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFkzCCA3ugAwIBAgIJAMc2X1cGvBLaMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV +BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg +Q29tcGFueSBMdGQxHDAaBgNVBAMME2xpZ2h0Ymx1ZS10ZXN0LWNlcnQwHhcNMTcw +NTI2MTQzMjU4WhcNMTcwNjI1MTQzMjU4WjBgMQswCQYDVQQGEwJYWDEVMBMGA1UE +BwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRww +GgYDVQQDDBNsaWdodGJsdWUtdGVzdC1jZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOC +Ag8AMIICCgKCAgEAqlMFcHZJrWYsRH+bsuHWzPlTYiAastpS+2nOWljdJAv3B6y/ +K8oXHoB4IoFwxMIHr6yues8sw1pOH0wgOLbfEL7wrVtBts3klBn9v4+igAJdLh1p +Ky0OrmX4SgCsM9bOVTxYznEhkUSFTSRX1Ho3WihXKpqLANFOqsTW8Ypz3B/sAhMW +3CwXdx80boFNgh48ex2LkiLbI4siSNQMn/DBipkYfDXKcTBBuzSC9CVjEwqc6PxG +kqDvYAo72FK9ItxIIupZkMhiQC8QRPUuLFp1GWnlbtN+gjUaKXCewwHVNTIYXEml +d7Yf/rCe+O75pCHzzbDsGZ7C9krPpoXkpTtw0iiMZfASP8bWMRH+YbNhR9DVoZhN +jxxpUWTvraYywJT0l0Tm3bZfA1krpc3tF12ie4UW5KB8yyq7gw5bFB9lIvkEfyNo +GkTX1HZaXB/a98iYqrYNLOjD1OZ2gc9ucK+ouOzJYIYcGD9qQs/Hdr5CmxH8+8Cu +aEoL2+HxM7y1HY07hoFKBMCazY/jyirJ+tFIU2uvrKc2f+h54Pf++5UDYdMBJHwk +GrHPr6b+BfRdcRkLX0TlKTBQsHZLZEfKS9myXaWAge7VvfFlwKvFyli0+poV06eC +Jf/ez3MQVadV7OCXlNNs2ty4IXdclqq9ByU9U+ZqzylfqbxNsLzT80faGVkCAwEA +AaNQME4wHQYDVR0OBBYEFJbTAcIbcQLbzJQ7BppUgFTxU/J6MB8GA1UdIwQYMBaA +FJbTAcIbcQLbzJQ7BppUgFTxU/J6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggIBAAM9qw8fAKAeK2xWA0zFqdMr93tEGsfBM4U6Kn6s2lBN+l/HMZPMcfRu +M4z+aHfQCzQxzpg79fbagtGqWdWIWf7y7asJ56KulD2bOM6PHCbVQHafoEP6fL/N +sEibYed4/0p0cqAx1FEiSVlFFgN6qCRgam3/uQJyt4vnP49SHDNeIgMkccQDimRq +eENk9Z78K3vQL2q1oEY855TqD5/1ve7gbKBkp5REm8kw709rE44OmQ6K3NmFTcR1 +ZjA8lcVGZQQvpFcDM+LthxOaSI+YbyUfF2BK1PJ9d8/aIBB+OqKck+wfSmKnlZ1h +phpN34FEBHdpzzfNbsZMG4EgIm44Xm662u7jwYoaudF6n68GAryW9SSIjhtPumYE +ikk6cl0lMQBiQ4JO7F/YY5iRJDWHyEa0YuLZc9cuI+6fWR2OEAHL6uSea96QcRLd +9HOWkgH9BdEuM4nQ/tz2YOEbyKvOF3uolyryqHNzieDXiAzsR7dg0++i6SyjiRDn +5ktRTPhd/MZRnk/b1kUTGCqYh24xnhBqmGuKStB2lVHpm/F0uvv90w2fWeTZN4Bc +1Bx7g6bo89GjOBX4whAEtT1Ni050+bCoOMi1oPcUDmyNeuMKk1lXDmZ2/V9CU35d +d5qrPBSfr1FET5ciJOOALpmtlOhoJowHPcNqH/ynsGDNbuhB3T8z +-----END CERTIFICATE----- diff --git a/http/src/test/resources/alias/key.pem b/http/src/test/resources/alias/key.pem new file mode 100644 index 0000000..e731ada --- /dev/null +++ b/http/src/test/resources/alias/key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCqUwVwdkmtZixE +f5uy4dbM+VNiIBqy2lL7ac5aWN0kC/cHrL8ryhcegHgigXDEwgevrK56zyzDWk4f +TCA4tt8QvvCtW0G2zeSUGf2/j6KAAl0uHWkrLQ6uZfhKAKwz1s5VPFjOcSGRRIVN +JFfUejdaKFcqmosA0U6qxNbxinPcH+wCExbcLBd3HzRugU2CHjx7HYuSItsjiyJI +1Ayf8MGKmRh8NcpxMEG7NIL0JWMTCpzo/EaSoO9gCjvYUr0i3Egi6lmQyGJALxBE +9S4sWnUZaeVu036CNRopcJ7DAdU1MhhcSaV3th/+sJ747vmkIfPNsOwZnsL2Ss+m +heSlO3DSKIxl8BI/xtYxEf5hs2FH0NWhmE2PHGlRZO+tpjLAlPSXRObdtl8DWSul +ze0XXaJ7hRbkoHzLKruDDlsUH2Ui+QR/I2gaRNfUdlpcH9r3yJiqtg0s6MPU5naB +z25wr6i47MlghhwYP2pCz8d2vkKbEfz7wK5oSgvb4fEzvLUdjTuGgUoEwJrNj+PK +Ksn60UhTa6+spzZ/6Hng9/77lQNh0wEkfCQasc+vpv4F9F1xGQtfROUpMFCwdktk +R8pL2bJdpYCB7tW98WXAq8XKWLT6mhXTp4Il/97PcxBVp1Xs4JeU02za3Lghd1yW +qr0HJT1T5mrPKV+pvE2wvNPzR9oZWQIDAQABAoICAHeGBx0ihRV/y7TN788aGIiC +tnb3nITCHNV9LGfOUHFJTDNAkG8ERDENakCcoSwSFR68iTx5QipcptHjtADYo7S2 +qWKd1YGY/rzHeIADJb+66PTBgtnfppvPxur3ieBe7zB1RsSoMywj739w74mVsl48 +TN8C0GTkfNXtiAC8bg2dARt7leEvt8/KQBsD9gZHfZ3P3+/PMgTBUG/XDnz2kHrY +cIxJmyTO/nGGqhb2XY4xNmdxEX04HoNA6zok5cEe4ChQWEX3uKrd3AboH1zUpbQN +0glxtSdeaFuIQoEKOjo4S0wICmv1jIJII2cBHIKHqPVBII3iEWKQoSN0dj1Vdxd+ +b4J7YVzC4j0LNN93gfwje8Gj8Nh7YwmOPkhY8zf/x2SdF/+GIGYblo73C9Y0tAyt +Jid4PL3VnJYiu1BZphrdnapPKdXq2aOn9iUiLiz/MDxTwYRygqlwuy6PxdIvoCJ4 +/AbdFRx0x1x+cnyrZVVEibOuqlmPVMiK2F/GcaYgF9kcKEG8aO6syBCWgvqtrJo/ +YYd2vdOSAdnHg58wXUgTvFNcQjQ+Lu6plqEMRlfIOpCx4wN2Ru1XJizTn1ttpQ7N +F8nZcG03onsyJa18UybUQsd4i4J4xin0cFJZkHuOclyUUbPbGPY0vI7Yk0HW7kJB +UtF6DLG3UK4XwO2Y3+JZAoIBAQDTx90PWNK/qJ3wh7NndT/sjz18CosT+hC5B0i7 +NGXmhxcH6Wb0eCKZaXPgDCSbozJQENQuV7KBOXZm6pXBO6xRnEmTPMAvQZuFxgpi +cp+eDcAk7ztG5Xyt2MG6wvQnKFmoaF3daVigWl+ixFwCydXOQIEweOC6xtYYjHE4 +ibK/gvZ40v7yyHu4PJ/gIWsYckqdAk10waJ+q320tURdKYn5S5G8QYLDt1wdFH0k +/vLlGB4R+qe0/+D43CynhdTyKgw9yS06xQIBbmX7iSVxt8XHLGi9kUzHRpo11DrZ +ZVouEhBDV6NjD4kHn6z614KQ3HEw++hB3HUptomfx16f9B8LAoIBAQDN4zkM4Mp2 +9/WU5o/yP/l6RLy1FGwijhAoleV+3NEYkl7qNsLiGTgqD//d8XCwjPR6u6YXbugh +zqrJ9yloW2zE/sgRIavifU3k3mQm3KGzxT52z5b3VyXCYb+HqLQW2Cd2h5kDXUXl +MzdL95Y6zzD0E0TvLu0un5bOKhvGZBo/aOlXPpoZ3cqoYPcFiXXyITcKy7+sQ9he +/QCP/yTX7Xqj9/8z28cCPSvelOBrqqnlbaINXdWsG9qIiV5WCy4Z4jl1IMD2q/S0 +FZNIy/LD9in4/QNQs+bQDbM3GVrL9u9OcAlt/hTnPBZffaiFKwd01qoiRe25VR3c +jg9/jt9CGjerAoIBAQCEA+GcUH1HNgAGUUEXa/KGLyBfs17Q/B/yh0TiVZ5z3qAP +sYIZQM4onaC6+DbVwhx55pOts8M1ZLGXJAJoKx+W2/rNSqBulNIyyKnuho9TgjTV +kT99SU64PBc/qYly42dIYI6ql6HEi7F0ED1fC5w47uLZaXCFXa9WLC3j1YpUcXnd +BYIhq7HbvgbXO128Jnq2dxn7fz0hAxvgSuKrxFoaye210YyHHkTQZ9Y++qJFBwyv +nnVukdcWqoE3iGie8HEjDsYgDXDbnYr7CpoJ0kn6h4dfLDUVP8Cfb4WjwNc/Qsla +gUX7WVLNKs80qqTcUl5I767vZ1KtxvjxXeFxikbTAoIBAQC2Hy00CxSNsEF4eYsT +iyuv0GXs+Ce/WVNJ026yjboYtkFnhRFW12ArNQPs28oHImiQuLTvPZfxb9L73Lqw +KU9J4uYu4U4ehyEENwT4q2oOj4f1qSOtn1UzYSv/YGgNXR9rZf8gTr2pRWjAtj4Z +v3VaMkFkImqEN38611zCXYIqXS8rkaDXCK5fy4Y3S6UdjewWjKz8QPeA7uQ0fEmn +B9bYfGMvCFY90Mahmaf7FXg8DoKuuDZujCT/aiQckL8y/j49Mb//c5R+SCeE2YPh +fDscmRL5rGmb2MKTFsaObdy50blFpt/uu+Q+i/Up9yodXFYbAyiKLJTBqJhlCYjL +/E0JAoIBAHwIcg5huyHNaxc9nnM9ocUHdK4AO+OiZ44blVt+6zpWDiB4yhACHTHJ +lFEbHSQb2fXbKMScpceNVcivM7SKsHrISTidvWv5xgzUAD4pTg50+ySvyKv6Qgc6 +qStmr4vrQE9fV8zjew8cO9d/38DozDqLV6avxRV47V1Yi2BxZtimbMvrj5lGCBae +Odbi0NICDO0i3Xd8pPVb4MAVbw8Umw2Z1L+eBgunrvO30CcPXX5PUBrv6KLZ8fMC +bMdyl5746Iw81M1jK3wu+skO5u6HZ4nVlWBdjI0dGueEebfKpbj4O4W1sU8oeWYY +itexne+WfjbmHPO8Mv2QTx/aOrmMEgE= +-----END PRIVATE KEY-----