From da195551e1cd0545efc5e00f87030b59e5524641 Mon Sep 17 00:00:00 2001 From: Justin Bertram Date: Fri, 20 Mar 2026 14:21:11 -0500 Subject: [PATCH] ARTEMIS-5901 support auth w/SSL cert's UPN This commit includes the following changes: - JAAS login module supporting auth via SSL UPN - New & refactored documentation for both certificate login modules - Consolidated logic for parsing SSL certs - New & updated security resources for testing - Configuration parameter for backwards compatibility w/cache - Update properties parsing code to deal with EnumSet - Tests for everything --- .../api/core/management/ManagementHelper.java | 2 + artemis-server/pom.xml | 5 + .../artemis/core/config/Configuration.java | 6 + .../core/config/impl/ConfigurationImpl.java | 92 ++++++- .../impl/FileConfigurationParser.java | 26 ++ .../core/security/impl/SecurityStoreImpl.java | 62 +++-- .../core/server/ActiveMQMessageBundle.java | 7 +- .../core/server/ActiveMQServerLogger.java | 4 + .../core/server/impl/ActiveMQServerImpl.java | 2 +- .../core/server/impl/ServerSessionImpl.java | 9 +- .../NotificationActiveMQServerPlugin.java | 4 +- .../impl/AuthenticationCacheKeyConfig.java | 21 ++ .../security/jaas/CertificateLoginModule.java | 26 +- .../jaas/ExternalCertificateLoginModule.java | 11 +- .../jaas/TextFileCertificateLoginModule.java | 8 +- .../TextFileUpnCertificateLoginModule.java | 106 ++++++++ .../artemis/utils/CertificateUtil.java | 206 ++++++++++++++- .../schema/artemis-configuration.xsd | 24 ++ .../impl/DefaultsFileConfigurationTest.java | 2 + .../config/impl/FileConfigurationTest.java | 2 + .../security/impl/SecurityStoreImplTest.java | 118 ++++++++- .../jaas/StubCertificateLoginModule.java | 5 + ...TextFileUpnCertificateLoginModuleTest.java | 140 +++++++++++ .../artemis/utils/CertificateUtilTest.java | 195 ++++++++++++++ .../ConfigurationTest-full-config.xml | 4 + .../ConfigurationTest-xinclude-config.xml | 4 + ...nfigurationTest-xinclude-schema-config.xml | 4 + .../test/resources/upn-cert-roles.properties | 16 ++ .../test/resources/upn-cert-users.properties | 26 ++ .../_shared-cert-login-details.adoc | 9 + docs/user-manual/security.adoc | 237 +++++++++++------- docs/user-manual/versions.adoc | 4 +- .../management/ActiveMQServerControlTest.java | 6 +- .../management/NotificationTest.java | 1 + .../SSLSecurityNotificationTest.java | 79 +++--- .../management/SecurityNotificationTest.java | 2 + .../integration/security/SecurityTest.java | 91 +++++-- .../src/test/resources/login.config | 7 + .../test/resources/upn-cert-roles.properties | 18 ++ .../test/resources/upn-cert-users.properties | 18 ++ tests/security-resources/build.sh | 32 ++- .../client-and-server-ca-certs.pem | 70 +++--- tests/security-resources/client-ca-cert.pem | 38 +-- .../security-resources/client-ca-keystore.p12 | Bin 2750 -> 2750 bytes .../client-ca-truststore.jceks | Bin 955 -> 954 bytes .../client-ca-truststore.jks | Bin 955 -> 954 bytes .../client-ca-truststore.p12 | Bin 1270 -> 1270 bytes tests/security-resources/client-ca.pem | 54 ++-- tests/security-resources/client-key-cert.pem | 190 +++++++------- .../security-resources/client-keystore.jceks | Bin 4166 -> 4163 bytes tests/security-resources/client-keystore.jks | Bin 4185 -> 4181 bytes tests/security-resources/client-keystore.p12 | Bin 4952 -> 4952 bytes tests/security-resources/other-client-crl.pem | 18 +- .../other-client-keystore.jceks | Bin 4183 -> 4182 bytes .../other-client-keystore.jks | Bin 4203 -> 4201 bytes .../other-client-keystore.p12 | Bin 4980 -> 4980 bytes .../security-resources/other-server-cert.pem | 52 ++-- tests/security-resources/other-server-crl.pem | 18 +- tests/security-resources/other-server-key.pem | 54 ++-- .../other-server-keystore.jceks | Bin 4229 -> 4228 bytes .../other-server-keystore.jks | Bin 4248 -> 4249 bytes .../other-server-keystore.p12 | Bin 5028 -> 5028 bytes .../other-server-truststore.jceks | Bin 1136 -> 1135 bytes .../other-server-truststore.jks | Bin 1136 -> 1135 bytes .../other-server-truststore.p12 | Bin 1446 -> 1446 bytes tests/security-resources/san-keystore.p12 | Bin 4923 -> 2622 bytes tests/security-resources/server-ca-cert.pem | 32 +-- .../security-resources/server-ca-keystore.p12 | Bin 2750 -> 2750 bytes .../server-ca-truststore.jceks | Bin 955 -> 955 bytes .../server-ca-truststore.jks | Bin 955 -> 955 bytes .../server-ca-truststore.p12 | Bin 1270 -> 1270 bytes tests/security-resources/server-ca.pem | 54 ++-- tests/security-resources/server-cert.pem | 40 +-- tests/security-resources/server-key.pem | 54 ++-- .../server-keystore-keypass.jceks | Bin 4211 -> 4211 bytes .../server-keystore-keypass.jks | Bin 4228 -> 4229 bytes .../server-keystore-without-ca.p12 | Bin 3992 -> 3992 bytes .../security-resources/server-keystore.jceks | Bin 4211 -> 4211 bytes tests/security-resources/server-keystore.jks | Bin 4230 -> 4229 bytes tests/security-resources/server-keystore.p12 | Bin 5000 -> 5000 bytes .../unknown-client-keystore.jceks | Bin 4172 -> 4170 bytes .../unknown-client-keystore.jks | Bin 4192 -> 4188 bytes .../unknown-client-keystore.p12 | Bin 4984 -> 4984 bytes .../unknown-server-cert.pem | 49 ++-- .../security-resources/unknown-server-key.pem | 54 ++-- .../unknown-server-keystore.jceks | Bin 4172 -> 4173 bytes .../unknown-server-keystore.jks | Bin 4191 -> 4192 bytes .../unknown-server-keystore.p12 | Bin 4984 -> 4984 bytes .../unknown-upn-client-keystore.jceks | Bin 0 -> 4246 bytes .../unknown-upn-client-keystore.jks | Bin 0 -> 4266 bytes .../unknown-upn-client-keystore.p12 | Bin 0 -> 5072 bytes .../upn-client-keystore.jceks | Bin 0 -> 4219 bytes .../upn-client-keystore.jks | Bin 0 -> 4238 bytes .../upn-client-keystore.p12 | Bin 0 -> 5008 bytes 94 files changed, 1796 insertions(+), 622 deletions(-) create mode 100644 artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/AuthenticationCacheKeyConfig.java create mode 100644 artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileUpnCertificateLoginModule.java create mode 100644 artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileUpnCertificateLoginModuleTest.java create mode 100644 artemis-server/src/test/java/org/apache/activemq/artemis/utils/CertificateUtilTest.java create mode 100644 artemis-server/src/test/resources/upn-cert-roles.properties create mode 100644 artemis-server/src/test/resources/upn-cert-users.properties create mode 100644 docs/user-manual/_shared-cert-login-details.adoc create mode 100644 tests/integration-tests/src/test/resources/upn-cert-roles.properties create mode 100644 tests/integration-tests/src/test/resources/upn-cert-users.properties create mode 100644 tests/security-resources/unknown-upn-client-keystore.jceks create mode 100644 tests/security-resources/unknown-upn-client-keystore.jks create mode 100644 tests/security-resources/unknown-upn-client-keystore.p12 create mode 100644 tests/security-resources/upn-client-keystore.jceks create mode 100644 tests/security-resources/upn-client-keystore.jks create mode 100644 tests/security-resources/upn-client-keystore.p12 diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java index f63a6ea90cf..e5439622798 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/management/ManagementHelper.java @@ -72,6 +72,8 @@ public final class ManagementHelper { public static final SimpleString HDR_CERT_SUBJECT_DN = SimpleString.of("_AMQ_CertSubjectDN"); + public static final SimpleString HDR_CERT_UPN = SimpleString.of("_AMQ_CertUPN"); + public static final SimpleString HDR_CHECK_TYPE = SimpleString.of("_AMQ_CheckType"); public static final SimpleString HDR_SESSION_NAME = SimpleString.of("_AMQ_SessionName"); diff --git a/artemis-server/pom.xml b/artemis-server/pom.xml index 789c4f28da9..1fc0cd83d4a 100644 --- a/artemis-server/pom.xml +++ b/artemis-server/pom.xml @@ -290,6 +290,11 @@ mockserver-client-java test + + org.bouncycastle + bcpkix-jdk18on + test + diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/Configuration.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/Configuration.java index 67aa0279cc2..a667d655d67 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/Configuration.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/Configuration.java @@ -19,6 +19,7 @@ import java.io.File; import java.net.URL; import java.util.Collection; +import java.util.EnumSet; import java.util.List; import java.util.Map; import java.util.Properties; @@ -43,6 +44,7 @@ import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerQueuePlugin; import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerResourcePlugin; import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerSessionPlugin; +import org.apache.activemq.artemis.core.settings.impl.AuthenticationCacheKeyConfig; import org.apache.activemq.artemis.utils.critical.CriticalAnalyzerPolicy; import org.apache.activemq.artemis.api.core.BroadcastGroupConfiguration; import org.apache.activemq.artemis.api.core.DiscoveryGroupConfiguration; @@ -1565,4 +1567,8 @@ default boolean isUsingDatabasePersistence() { void setFederationDownstreamAuthorization(List roles); Configuration addFederationDownstreamAuthorization(String role); + + Configuration setAuthenticationCacheKey(EnumSet authenticationCacheKey); + + EnumSet getAuthenticationCacheKey(); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/ConfigurationImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/ConfigurationImpl.java index 5647b653a30..e2150c1f7cd 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/ConfigurationImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/ConfigurationImpl.java @@ -36,8 +36,11 @@ import java.io.StringWriter; import java.lang.invoke.MethodHandles; import java.lang.reflect.Array; +import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.lang.reflect.ParameterizedType; +import java.lang.reflect.Type; import java.net.URI; import java.net.URL; import java.nio.charset.StandardCharsets; @@ -132,6 +135,7 @@ import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerResourcePlugin; import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerSessionPlugin; import org.apache.activemq.artemis.core.settings.impl.AddressSettings; +import org.apache.activemq.artemis.core.settings.impl.AuthenticationCacheKeyConfig; import org.apache.activemq.artemis.core.settings.impl.ResourceLimitSettings; import org.apache.activemq.artemis.json.JsonArrayBuilder; import org.apache.activemq.artemis.json.JsonObject; @@ -172,6 +176,8 @@ public class ConfigurationImpl extends javax.security.auth.login.Configuration i public static final JournalType DEFAULT_JOURNAL_TYPE = JournalType.ASYNCIO; + public static final EnumSet DEFAULT_AUTHENTICATION_CACHE_KEY = EnumSet.of(AuthenticationCacheKeyConfig.USER, AuthenticationCacheKeyConfig.PASS, AuthenticationCacheKeyConfig.TLS_SUBJECT_DN); + public static final String PROPERTY_CLASS_SUFFIX = ".class"; public static final String REDACTED = "**redacted**"; @@ -491,6 +497,8 @@ public class ConfigurationImpl extends javax.security.auth.login.Configuration i private Map jaasConfigs = new ConcurrentHashMap<>(); + private EnumSet authenticationCacheKey = EnumSet.copyOf(DEFAULT_AUTHENTICATION_CACHE_KEY); + /** * Parent folder for all data folders. */ @@ -646,7 +654,7 @@ public void parsePrefixedProperties(Properties properties, String prefix) throws @Override public void parsePrefixedProperties(Object target, String name, Properties properties, String prefix) throws Exception { - Map beanProperties = new LinkedHashMap<>(); + Map beanProperties = new LinkedHashMap<>(); final Checksum checksum = new Adler32(); synchronized (properties) { String key = null; @@ -706,7 +714,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String realm) { } } - public void populateWithProperties(final Object target, final String propsId, Map beanProperties) throws InvocationTargetException, IllegalAccessException { + public void populateWithProperties(final Object target, final String propsId, Map beanProperties) throws InvocationTargetException, IllegalAccessException { CollectionAutoFillPropertiesUtil autoFillCollections = new CollectionAutoFillPropertiesUtil(getBrokerPropertiesRemoveValue(beanProperties)); BeanUtilsBean beanUtils = new BeanUtilsBean(new ConvertUtilsBean(), autoFillCollections) { @@ -1004,15 +1012,17 @@ public T convert(Class type, Object value) { Map errors = new LinkedHashMap<>(); // Loop through the property name/value pairs to be set - for (final Map.Entry entry : beanProperties.entrySet()) { + for (final Map.Entry entry : beanProperties.entrySet()) { // Identify the property name and value(s) to be assigned final String name = entry.getKey(); try { if (logger.isDebugEnabled()) { logger.debug("set property target={}, name = {}, value = {}", target.getClass(), name, entry.getValue()); } - // Perform the assignment for this property - beanUtils.setProperty(target, name, entry.getValue()); + // Perform the assignment for this property with special handling for EnumSet + if (!handleEnumSet(target, name, entry.getValue())) { + beanUtils.setProperty(target, name, entry.getValue()); + } } catch (InvocationTargetException invocationTargetException) { logger.trace("failed to populate property with key: {}", name, invocationTargetException); Throwable toLog = invocationTargetException; @@ -1028,6 +1038,59 @@ public T convert(Class type, Object value) { updateApplyStatus(propsId, errors); } + /* + * Since an EnumSet relies on parameterized typing BeanUtils can't handle them directly. Therefore, we need to handle + * them manually. + */ + private boolean handleEnumSet(Object target, String name, String value) throws IllegalAccessException { + boolean result = false; + Field field = getField(target.getClass(), name); + if (field != null && EnumSet.class.isAssignableFrom(field.getType())) { + // Extract the from EnumSet + Class enumClass = getEnumClassFromField(field); + if (enumClass != null) { + EnumSet enumSet = convertToEnumSet(enumClass, value); + field.setAccessible(true); + field.set(target, enumSet); + result = true; + } + } + return result; + } + + private static Class getEnumClassFromField(Field field) { + if (field.getGenericType() instanceof ParameterizedType parameterizedType) { + Type[] actualTypeArguments = parameterizedType.getActualTypeArguments(); + if (actualTypeArguments.length > 0 && actualTypeArguments[0] instanceof Class) { + return (Class) actualTypeArguments[0]; + } + } + return null; + } + + private static > EnumSet convertToEnumSet(Class enumClass, String csv) { + if (csv == null || csv.trim().isEmpty()) { + return EnumSet.noneOf(enumClass); + } + + return Arrays.stream(csv.split(",")) + .map(String::trim) + .filter(s -> !s.isEmpty()) + .map(s -> Enum.valueOf(enumClass, s)) + .collect(Collectors.toCollection(() -> EnumSet.noneOf(enumClass))); + } + + private static Field getField(Class clazz, String fieldName) { + while (clazz != null) { + try { + return clazz.getDeclaredField(fieldName); + } catch (NoSuchFieldException e) { + clazz = clazz.getSuperclass(); + } + } + return null; + } + @Override public void exportAsProperties(File file) throws Exception { try (FileWriter writer = new FileWriter(file, StandardCharsets.UTF_8)) { @@ -1299,17 +1362,17 @@ private synchronized void updateReadPropertiesStatus(String propsId, long alder3 this.jsonStatus = JsonUtil.mergeAndUpdate(jsonStatus, jsonObjectBuilder.build()); } - private String getBrokerPropertiesKeySurround(Map propertiesToApply) { + private String getBrokerPropertiesKeySurround(Map propertiesToApply) { if (propertiesToApply.containsKey(ActiveMQDefaultConfiguration.BROKER_PROPERTIES_KEY_SURROUND_PROPERTY)) { - return String.valueOf(propertiesToApply.remove(ActiveMQDefaultConfiguration.BROKER_PROPERTIES_KEY_SURROUND_PROPERTY)); + return propertiesToApply.remove(ActiveMQDefaultConfiguration.BROKER_PROPERTIES_KEY_SURROUND_PROPERTY); } else { return System.getProperty(getSystemPropertyPrefix() + ActiveMQDefaultConfiguration.BROKER_PROPERTIES_KEY_SURROUND_PROPERTY, getBrokerPropertiesKeySurround()); } } - private String getBrokerPropertiesRemoveValue(Map propertiesToApply) { + private String getBrokerPropertiesRemoveValue(Map propertiesToApply) { if (propertiesToApply.containsKey(ActiveMQDefaultConfiguration.BROKER_PROPERTIES_REMOVE_VALUE_PROPERTY)) { - return String.valueOf(propertiesToApply.remove(ActiveMQDefaultConfiguration.BROKER_PROPERTIES_REMOVE_VALUE_PROPERTY)); + return propertiesToApply.remove(ActiveMQDefaultConfiguration.BROKER_PROPERTIES_REMOVE_VALUE_PROPERTY); } else { return System.getProperty(getSystemPropertyPrefix() + ActiveMQDefaultConfiguration.BROKER_PROPERTIES_REMOVE_VALUE_PROPERTY, getBrokerPropertiesRemoveValue()); } @@ -3576,6 +3639,17 @@ public Configuration addFederationDownstreamAuthorization(String role) { return this; } + @Override + public Configuration setAuthenticationCacheKey(EnumSet authenticationCacheKey) { + this.authenticationCacheKey = authenticationCacheKey; + return this; + } + + @Override + public EnumSet getAuthenticationCacheKey() { + return authenticationCacheKey; + } + // extend property utils with ability to auto-fill and locate from collections // collection entries are identified by the name() property private static class CollectionAutoFillPropertiesUtil extends PropertyUtilsBean { diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java index 580355d4ac7..1c94e1493a8 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/deployers/impl/FileConfigurationParser.java @@ -23,6 +23,7 @@ import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collections; +import java.util.EnumSet; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -106,6 +107,7 @@ import org.apache.activemq.artemis.core.server.routing.policies.PolicyFactoryResolver; import org.apache.activemq.artemis.core.settings.impl.AddressFullMessagePolicy; import org.apache.activemq.artemis.core.settings.impl.AddressSettings; +import org.apache.activemq.artemis.core.settings.impl.AuthenticationCacheKeyConfig; import org.apache.activemq.artemis.core.settings.impl.DeletionPolicy; import org.apache.activemq.artemis.core.settings.impl.DiskFullMessagePolicy; import org.apache.activemq.artemis.core.settings.impl.PageFullMessagePolicy; @@ -399,6 +401,8 @@ public final class FileConfigurationParser extends XMLConfigurationUtil { private static final String MQTT_SUBSCRIPTION_PERSISTENCE_ENABLED = "mqtt-subscription-persistence-enabled"; + private static final String AUTHENTICATION_CACHE_KEY = "authentication-cache-key"; + private boolean validateAIO = false; private boolean printPageMaxSizeUsed = false; @@ -516,6 +520,8 @@ public void parseMainConfig(final Element e, final Configuration config) throws config.setMqttSubscriptionPersistenceEnabled(getBoolean(e, MQTT_SUBSCRIPTION_PERSISTENCE_ENABLED, config.isMqttSubscriptionPersistenceEnabled())); + parseAuthenticationCacheKey(e, config); + config.setGlobalMaxSizePercentOfJvmMaxMemory(getInteger(e, GLOBAL_MAX_SIZE_PERCENT_JVM_MAX_MEM, config.getGlobalMaxSizePercentOfJvmMaxMemory(), GT_ZERO)); long globalMaxSize = getTextBytesAsLongBytes(e, GLOBAL_MAX_SIZE, -1, MINUS_ONE_OR_GT_ZERO); @@ -949,6 +955,26 @@ public void parseMainConfig(final Element e, final Configuration config) throws } } + private static void parseAuthenticationCacheKey(Element e, Configuration config) { + NodeList authenticationCachKeyNodes = e.getElementsByTagName(AUTHENTICATION_CACHE_KEY); + + EnumSet authenticationCachKey = EnumSet.noneOf(AuthenticationCacheKeyConfig.class); + + if (authenticationCachKeyNodes.getLength() > 0) { + NodeList parts = authenticationCachKeyNodes.item(0).getChildNodes(); + + for (int i = 0; i < parts.getLength(); i++) { + if ("part".equalsIgnoreCase(parts.item(i).getNodeName())) { + String part = getTrimmedTextContent(parts.item(i)); + authenticationCachKey.add(AuthenticationCacheKeyConfig.valueOf(part)); + } + } + } else { + authenticationCachKey = ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY; + } + config.setAuthenticationCacheKey(authenticationCachKey); + } + private void parseLockCoordinator(final Element lockCoordinatorElement, final Configuration mainConfig) throws Exception { String name = lockCoordinatorElement.getAttribute("name"); String lockId = getString(lockCoordinatorElement, "lock-id", name, NO_CHECK); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java index c07d7bafef7..f016b795342 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java @@ -21,6 +21,7 @@ import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.EnumSet; import java.util.Objects; import java.util.Set; import java.util.concurrent.TimeUnit; @@ -44,6 +45,7 @@ import org.apache.activemq.artemis.core.server.management.NotificationService; import org.apache.activemq.artemis.core.settings.HierarchicalRepository; import org.apache.activemq.artemis.core.settings.HierarchicalRepositoryChangeListener; +import org.apache.activemq.artemis.core.settings.impl.AuthenticationCacheKeyConfig; import org.apache.activemq.artemis.logs.AuditLogger; import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection; import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; @@ -63,8 +65,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import static org.apache.activemq.artemis.utils.CertificateUtil.CERT_SUBJECT_DN_UNAVAILABLE; - /** * The Apache Artemis SecurityStore implementation */ @@ -90,6 +90,8 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC private final NotificationService notificationService; + private final EnumSet authenticationCacheKeyConfigs; + private static final AtomicLongFieldUpdater AUTHENTICATION_SUCCESS_COUNT_UPDATER = AtomicLongFieldUpdater.newUpdater(SecurityStoreImpl.class, "authenticationSuccessCount"); private volatile long authenticationSuccessCount; private static final AtomicLongFieldUpdater AUTHENTICATION_FAILURE_COUNT_UPDATER = AtomicLongFieldUpdater.newUpdater(SecurityStoreImpl.class, "authenticationFailureCount"); @@ -113,13 +115,15 @@ public SecurityStoreImpl(final HierarchicalRepository> securityReposit final String managementClusterPassword, final NotificationService notificationService, final long authenticationCacheSize, - final long authorizationCacheSize) throws NoSuchAlgorithmException { + final long authorizationCacheSize, + final EnumSet authenticationCacheKeyConfigs) throws NoSuchAlgorithmException { this.securityRepository = securityRepository; this.securityManager = securityManager; this.securityEnabled = securityEnabled; this.managementClusterUser = managementClusterUser; this.managementClusterPassword = managementClusterPassword; this.notificationService = notificationService; + this.authenticationCacheKeyConfigs = authenticationCacheKeyConfigs; if (securityEnabled) { if (authenticationCacheSize == 0) { authenticationCache = null; @@ -437,12 +441,14 @@ public Subject getSessionSubject(SecurityAuth session) { } private void authenticationFailed(String user, RemotingConnection connection) throws Exception { - String certSubjectDN = CertificateUtil.getCertSubjectDN(connection); + String certSubjectDN = CertificateUtil.getDistinguishedNameForPrint(connection); + String certUpn = CertificateUtil.getUserPrincipalNameForPrint(connection); if (notificationService != null) { TypedProperties props = new TypedProperties(); props.putSimpleStringProperty(ManagementHelper.HDR_USER, SimpleString.of(user)); props.putSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN, SimpleString.of(certSubjectDN)); + props.putSimpleStringProperty(ManagementHelper.HDR_CERT_UPN, SimpleString.of(certUpn)); props.putSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS, SimpleString.of(connection == null ? "null" : connection.getRemoteAddress())); Notification notification = new Notification(null, CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION, props); @@ -450,7 +456,7 @@ private void authenticationFailed(String user, RemotingConnection connection) th notificationService.sendNotification(notification); } - Exception e = ActiveMQMessageBundle.BUNDLE.unableToValidateUser(connection == null ? "null" : connection.getRemoteAddress(), user, certSubjectDN); + Exception e = ActiveMQMessageBundle.BUNDLE.unableToValidateUser(connection == null ? "null" : connection.getRemoteAddress(), user, certSubjectDN, certUpn); ActiveMQServerLogger.LOGGER.securityProblemWhileAuthenticating(e.getMessage()); @@ -499,7 +505,7 @@ private void handleNoCacheLoginException(NoCacheLoginException e) { } private void putAuthenticationCacheEntry(String key, Subject subject) { - if (authenticationCache != null) { + if (authenticationCache != null && key != null) { Pair value = new Pair<>(subject != null, subject); authenticationCache.put(key, value); logger.trace("Put into authn cache; key: {}; value: {}", key, value); @@ -507,7 +513,7 @@ private void putAuthenticationCacheEntry(String key, Subject subject) { } private Pair getAuthenticationCacheEntry(String key) { - if (authenticationCache == null) { + if (authenticationCache == null || key == null) { return null; } else { Pair value = authenticationCache.getIfPresent(key); @@ -574,23 +580,45 @@ private boolean checkAuthorizationCache(final SimpleString dest, final String us return granted; } + /** + * Creates a unique cache key for authentication using the provided username, password, and connection information. + * The key is generated by hashing the input data, and optionally includes the User Principal Name (UPN). If all + * input data is null, the method returns null to avoid caching. + * + * @param username the username for authentication; can be null + * @param password the password for authentication; can be null + * @param connection the remoting connection used to retrieve additional security attributes; cannot be null + * @return a hexadecimal string representing the authentication cache key, or null if all input parameters are null + */ protected String createAuthenticationCacheKey(String username, String password, RemotingConnection connection) { - MessageDigest md = getDigestClone(); - if (username != null) { - md.update(username.getBytes(StandardCharsets.UTF_8)); + String user = authenticationCacheKeyConfigs.contains(AuthenticationCacheKeyConfig.USER) ? username : null; + String pass = authenticationCacheKeyConfigs.contains(AuthenticationCacheKeyConfig.PASS) ? password : null; + String dn = authenticationCacheKeyConfigs.contains(AuthenticationCacheKeyConfig.TLS_SUBJECT_DN) ? CertificateUtil.getDistinguishedName(connection) : null; + String upn = authenticationCacheKeyConfigs.contains(AuthenticationCacheKeyConfig.TLS_SAN_UPN) ? CertificateUtil.getUserPrincipalName(connection) : null; + + // Return null so that we don't cache anything if all authentication data is null + if (user == null && pass == null && dn == null && upn == null) { + return null; } + + MessageDigest md = getDigestClone(); + updateDigest(md, user); md.update(CACHE_KEY_SEPARATOR); - if (password != null) { - md.update(password.getBytes(StandardCharsets.UTF_8)); - } + updateDigest(md, pass); md.update(CACHE_KEY_SEPARATOR); - String certSubjectDN = CertificateUtil.getCertSubjectDN(connection); - if (!CERT_SUBJECT_DN_UNAVAILABLE.equals(certSubjectDN)) { - md.update(certSubjectDN.getBytes(StandardCharsets.UTF_8)); - } + updateDigest(md, dn); + md.update(CACHE_KEY_SEPARATOR); + updateDigest(md, upn); + return ByteUtil.bytesToHex(md.digest()); } + private void updateDigest(MessageDigest md, String value) { + if (value != null) { + md.update(value.getBytes(StandardCharsets.UTF_8)); + } + } + private static MessageDigest getDigestClone() { try { return (MessageDigest) SHA256.clone(); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java index 02b532341dd..16581ef81e4 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQMessageBundle.java @@ -142,8 +142,8 @@ public interface ActiveMQMessageBundle { @Message(id = 229030, value = "large-message not initialized on server") ActiveMQIllegalStateException largeMessageNotInitialised(); - @Message(id = 229031, value = "Unable to validate user from {}. Username: {}; SSL certificate subject DN: {}") - ActiveMQSecurityException unableToValidateUser(String remoteAddress, String user, String certMessage); + @Message(id = 229031, value = "Unable to validate user from {}. Username: {}; SSL certificate subject DN: {}; UPN: {}") + ActiveMQSecurityException unableToValidateUser(String remoteAddress, String user, String dn, String upn); @Message(id = 229032, value = "User: {} does not have permission='{}' on address {}") ActiveMQSecurityException userNoPermissions(String username, CheckType checkType, SimpleString address); @@ -541,4 +541,7 @@ IllegalStateException invalidRoutingTypeUpdate(String queueName, @Message(id = 229259, value = "Invalid disk full message policy type {}") IllegalArgumentException invalidDiskFullPolicyType(String val); + @Message(id = 229260, value = "Invalid authentication cache key: {}") + IllegalArgumentException invalidAuthenticationCacheKey(String val); + } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java index 0956b37172a..7e7b6409dd8 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java @@ -19,6 +19,7 @@ import javax.naming.NamingException; import javax.transaction.xa.Xid; import java.io.File; +import java.security.cert.CertificateParsingException; import java.util.concurrent.ExecutorService; import io.netty.channel.Channel; @@ -1544,4 +1545,7 @@ void slowConsumerDetected(String sessionID, @LogMessage(id = 224163, value = "Failed to clone SHA256 MessageDigest, falling back to getInstance", level = LogMessage.Level.INFO) void sha256CloneNotSupported(CloneNotSupportedException cns); + + @LogMessage(id = 224164, value = "Failed to parse certificate: {}", level = LogMessage.Level.WARN) + void failedToParseCertificate(String cert, CertificateParsingException cps); } \ No newline at end of file diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java index c3db8beead4..639ac5645ef 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java @@ -3378,7 +3378,7 @@ synchronized boolean initialisePart1(boolean scalingDown) throws Exception { ActiveMQServerLogger.LOGGER.clusterSecurityRisk(); } - securityStore = new SecurityStoreImpl(securityRepository, securityManager, configuration.getSecurityInvalidationInterval(), configuration.isSecurityEnabled(), configuration.getClusterUser(), configuration.getClusterPassword(), managementService, configuration.getAuthenticationCacheSize(), configuration.getAuthorizationCacheSize()); + securityStore = new SecurityStoreImpl(securityRepository, securityManager, configuration.getSecurityInvalidationInterval(), configuration.isSecurityEnabled(), configuration.getClusterUser(), configuration.getClusterPassword(), managementService, configuration.getAuthenticationCacheSize(), configuration.getAuthorizationCacheSize(), configuration.getAuthenticationCacheKey()); queueFactory = new QueueFactoryImpl(executorFactory, scheduledPool, addressSettingsRepository, storageManager, this); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java index 4ec39ed1bfa..44c0ba643bb 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java @@ -19,7 +19,6 @@ import javax.transaction.xa.XAException; import javax.transaction.xa.Xid; import java.lang.invoke.MethodHandles; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -644,13 +643,9 @@ public ServerConsumer createConsumer(final long consumerID, props.putSimpleStringProperty(ManagementHelper.HDR_VALIDATED_USER, SimpleString.of(validatedUser)); - String certSubjectDN = "unavailable"; - X509Certificate[] certs = CertificateUtil.getCertsFromConnection(this.remotingConnection); - if (certs != null && certs.length > 0 && certs[0] != null) { - certSubjectDN = certs[0].getSubjectDN().getName(); - } + props.putSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN, SimpleString.of(CertificateUtil.getDistinguishedNameForPrint(this.remotingConnection))); - props.putSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN, SimpleString.of(certSubjectDN)); + props.putSimpleStringProperty(ManagementHelper.HDR_CERT_UPN, SimpleString.of(CertificateUtil.getUserPrincipalNameForPrint(this.remotingConnection))); props.putSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS, SimpleString.of(this.remotingConnection.getRemoteAddress())); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/NotificationActiveMQServerPlugin.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/NotificationActiveMQServerPlugin.java index 5194c4a259e..38d1e144b76 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/NotificationActiveMQServerPlugin.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/impl/NotificationActiveMQServerPlugin.java @@ -168,10 +168,10 @@ private void sendConnectionNotification(final RemotingConnection connection, fin if (managementService != null && sendConnectionNotifications) { try { - String certSubjectDN = CertificateUtil.getCertSubjectDN(connection); final TypedProperties props = new TypedProperties(); props.putSimpleStringProperty(ManagementHelper.HDR_CONNECTION_NAME, SimpleString.of(connection.getID().toString())); - props.putSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN, SimpleString.of(certSubjectDN)); + props.putSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN, SimpleString.of(CertificateUtil.getDistinguishedNameForPrint(connection))); + props.putSimpleStringProperty(ManagementHelper.HDR_CERT_UPN, SimpleString.of(CertificateUtil.getUserPrincipalNameForPrint(connection))); props.putSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS, SimpleString.of(connection.getRemoteAddress())); managementService.sendNotification(new Notification(null, type, props)); diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/AuthenticationCacheKeyConfig.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/AuthenticationCacheKeyConfig.java new file mode 100644 index 00000000000..8f864ca8d2d --- /dev/null +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/settings/impl/AuthenticationCacheKeyConfig.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.core.settings.impl; + +public enum AuthenticationCacheKeyConfig { + USER, PASS, TLS_SUBJECT_DN, TLS_SAN_UPN; +} diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java index 7bec6c7e807..d9cac23cb09 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/CertificateLoginModule.java @@ -22,16 +22,16 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; -import java.security.cert.X509Certificate; import java.io.IOException; +import java.lang.invoke.MethodHandles; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.LinkedHashSet; import java.util.Map; import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.lang.invoke.MethodHandles; /** * A LoginModule that allows for authentication based on SSL certificates. Allows for subclasses to define methods used @@ -81,7 +81,7 @@ public boolean login() throws LoginException { username = getUserNameForCertificates(certificates); if (username == null) { - throw new FailedLoginException("No user for client certificate: " + getDistinguishedName(certificates)); + throw new FailedLoginException("Failed to lookup user with client certificate using: " + getCertificateInfo(certificates)); } if (debug) { @@ -151,7 +151,6 @@ private void clear() { * Should return a unique name corresponding to the certificates given. The name returned will be used to look up * access levels as well as role associations. * - * @param certs The distinguished name. * @return The unique name if the certificate is recognized, null otherwise */ protected abstract String getUserNameForCertificates(X509Certificate[] certs) throws LoginException; @@ -160,18 +159,17 @@ private void clear() { * Should return a set of the roles this user belongs to. The roles returned will be added to the user's * credentials. * - * @param username The username of the client. This is the same name that getUserNameForDn returned for the user's - * DN. + * @param username The username of the client. This is the same name that + * {@link #getUserNameForCertificates(X509Certificate[])} returned. * @return A Set of the names of the roles this user belongs to */ protected abstract Set getUserRoles(String username) throws LoginException; - protected String getDistinguishedName(final X509Certificate[] certs) { - if (certs != null && certs.length > 0 && certs[0] != null) { - return certs[0].getSubjectDN().getName(); - } else { - return null; - } - } - + /** + * Should return the information from the certs that is used to authenticate the user + * + * @param certificates The certificates of the client. This is the same data that + * {@link #getUserNameForCertificates(X509Certificate[])} returned. + */ + protected abstract String getCertificateInfo(X509Certificate[] certificates); } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java index 5813852f7c8..6e3c0b889be 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/ExternalCertificateLoginModule.java @@ -16,9 +16,6 @@ */ package org.apache.activemq.artemis.spi.core.security.jaas; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -36,6 +33,10 @@ import java.util.Map; import java.util.Set; +import org.apache.activemq.artemis.utils.CertificateUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + /** * A LoginModule that propagates TLS certificates subject DN as a UserPrincipal. */ @@ -79,9 +80,7 @@ public boolean login() throws LoginException { } X509Certificate[] certificates = ((CertificateCallback) callbacks[0]).getCertificates(); - if (certificates != null && certificates.length > 0 && certificates[0] != null) { - userName = certificates[0].getSubjectDN().getName(); - } + userName = CertificateUtil.getDistinguishedName(certificates); if (userName != null && sanUriRolePrefix != null) { // getSubjectAlternativeNames returns a Collection of Lists diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java index 6045bcfac94..d1d8fce1c7c 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java @@ -26,6 +26,8 @@ import java.util.Set; import java.util.regex.Pattern; +import org.apache.activemq.artemis.utils.CertificateUtil; + /** * A LoginModule allowing for SSL certificate based authentication based on Distinguished Names (DN) stored in text * files. The DNs are parsed using a Properties class where each line is <user_name>=<user_DN>. This class @@ -75,7 +77,7 @@ protected String getUserNameForCertificates(final X509Certificate[] certs) throw if (certs == null) { throw new LoginException("Client certificates not found. Cannot authenticate."); } - String dn = getDistinguishedName(certs); + String dn = getCertificateInfo(certs); return usersByDn.containsKey(dn) ? usersByDn.get(dn) : getUserByRegexp(dn); } @@ -109,4 +111,8 @@ private synchronized String getUserByRegexp(String dn) { return name; } + @Override + protected String getCertificateInfo(X509Certificate[] certificates) { + return CertificateUtil.getDistinguishedName(certificates); + } } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileUpnCertificateLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileUpnCertificateLoginModule.java new file mode 100644 index 00000000000..81b33029031 --- /dev/null +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileUpnCertificateLoginModule.java @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.spi.core.security.jaas; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginException; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +import org.apache.activemq.artemis.utils.CertificateUtil; + +/** + * A LoginModule allowing for SSL certificate based authentication based on User Principal Name (UPN). The UPNs are + * retrieved from the Subject Alternative Name (SAN) extension of the client's certificate. There is no mapping from UPN + * to another name as there is with DN when using the {@link TextFileCertificateLoginModule}. + *

+ * This class uses a role definition file where each line is like: + * 

{@code
+ * =, , etc.
+ * }
+ * The role file's locations must be specified in the {@code org.apache.activemq.jaas.textfileupn.role} property. NOTE: + * This class will re-read the role file if it has been modified and the {@code reload} option is {@code true}. + */ +public class TextFileUpnCertificateLoginModule extends CertificateLoginModule { + + private static final String USER_FILE_PROP_NAME = "org.apache.activemq.jaas.textfileupn.user"; + private static final String ROLE_FILE_PROP_NAME = "org.apache.activemq.jaas.textfileupn.role"; + + private Map> rolesByUser; + private Properties users; + + @Override + public void initialize(Subject subject, + CallbackHandler callbackHandler, + Map sharedState, + Map options) { + super.initialize(subject, callbackHandler, sharedState, options); + users = load(USER_FILE_PROP_NAME, "", options).getProps(); + rolesByUser = load(ROLE_FILE_PROP_NAME, "", options).invertedPropertiesValuesMap(); + } + + /** + * Overriding to allow auth based on the User Principal Name (UPN). + * + * @param certs The certificate the incoming connection provided. + * @return The user's authenticated name or null if unable to authenticate the user. + * @throws LoginException Thrown if unable to find user file or connection certificate. + */ + @Override + protected String getUserNameForCertificates(final X509Certificate[] certs) throws LoginException { + if (certs == null || certs.length == 0) { + throw new LoginException("Client certificates not found. Cannot authenticate."); + } + try { + String upn = getCertificateInfo(certs); + if (upn != null && users.containsKey(upn)) { + return upn; + } else { + return null; + } + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + /** + * Overriding to allow for role discovery based on text files. + * + * @param username The name of the user being examined. This is the same name returned by + * {@link #getUserNameForCertificates(X509Certificate[])} + * @return A Set of name Strings for roles this user belongs to + * @throws LoginException Thrown if unable to find role definition file. + */ + @Override + protected Set getUserRoles(String username) throws LoginException { + Set userRoles = rolesByUser.get(username); + if (userRoles == null) { + userRoles = Collections.emptySet(); + } + + return userRoles; + } + + @Override + protected String getCertificateInfo(X509Certificate[] certificates) { + return CertificateUtil.getUserPrincipalName(certificates); + } +} diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java b/artemis-server/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java index 9cf59b824c5..57cfedcf881 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/utils/CertificateUtil.java @@ -18,21 +18,30 @@ import javax.net.ssl.SSLPeerUnverifiedException; import java.io.ByteArrayInputStream; +import java.lang.invoke.MethodHandles; +import java.nio.charset.StandardCharsets; import java.security.Principal; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; +import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; +import java.util.Objects; +import io.netty.buffer.ByteBuf; +import io.netty.buffer.Unpooled; import io.netty.channel.Channel; import io.netty.channel.ChannelHandler; import io.netty.handler.ssl.SslHandler; import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection; import org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection; +import org.apache.activemq.artemis.core.server.ActiveMQServerLogger; import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection; import org.apache.activemq.artemis.spi.core.remoting.Connection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.lang.invoke.MethodHandles; public class CertificateUtil { @@ -40,14 +49,41 @@ public class CertificateUtil { private static final String SSL_HANDLER_NAME = "ssl"; - public static final String CERT_SUBJECT_DN_UNAVAILABLE = "unavailable"; + public static final String UPN_OID = "1.3.6.1.4.1.311.20.2.3"; + + private static final byte[] UPN_OID_BYTES = {0x2b, 0x06, 0x01, 0x04, 0x01, (byte) 0x82, 0x37, 0x14, 0x02, 0x03}; + + public static final String CERT_INFO_UNAVAILABLE = "unavailable"; + + /** + * Inspects the input {@code RemotingConnection} and extracts the Distinguished Name (DN) from the associated SSL + * certificate. If this name cannot be retrieved then it returns the value of {@link #CERT_INFO_UNAVAILABLE}. + * This method is suitable when printing the DN to the logs, adding it to a notification message, etc. It will never + * return {@code null}. + * + * @return the Distinguished Name (DN) of the SSL certificate associated with the {@code RemotingConnection} or + * {@link #CERT_INFO_UNAVAILABLE} otherwise + */ + public static String getDistinguishedNameForPrint(RemotingConnection connection) { + return Objects.requireNonNullElse(getDistinguishedName(getCertsFromConnection(connection)), CERT_INFO_UNAVAILABLE); + } + + /** + * {@return the Distinguished Name (DN) of the SSL certificate associated with the {@code RemotingConnection} + * otherwise {@code null}} + */ + public static String getDistinguishedName(RemotingConnection connection) { + return getDistinguishedName(getCertsFromConnection(connection)); + } - public static String getCertSubjectDN(RemotingConnection connection) { - X509Certificate[] certs = getCertsFromConnection(connection); + /** + * {@return the Distinguished Name (DN) from the first SSL certificate in the array otherwise null} + */ + public static String getDistinguishedName(X509Certificate[] certs) { if (certs != null && certs.length > 0 && certs[0] != null) { return certs[0].getSubjectDN().getName(); } else { - return CERT_SUBJECT_DN_UNAVAILABLE; + return null; } } @@ -94,7 +130,7 @@ public static Principal getLocalPrincipalFromConnection(NettyConnection nettyCon public static X509Certificate[] getCertsFromChannel(Channel channel) { Certificate[] plainCerts = null; - ChannelHandler channelHandler = channel.pipeline().get("ssl"); + ChannelHandler channelHandler = channel.pipeline().get(SSL_HANDLER_NAME); if (channelHandler != null && channelHandler instanceof SslHandler sslHandler) { try { plainCerts = sslHandler.engine().getSession().getPeerCertificates(); @@ -132,4 +168,162 @@ public static X509Certificate[] getCertsFromChannel(Channel channel) { return x509Certs; } + + /** + * Extracts the User Principal Name (UPN) from the Subject Alternative Names (SANs) of the first SSL certificate in + * the array. If this name cannot be retrieved then it returns the value of {@link #CERT_INFO_UNAVAILABLE}. + * This method is suitable when printing the UPN to the logs, adding it to a notification message, etc. It will never + * return {@code null}. + * + * @return the User Principal Name (UPN) of the SSL certificate associated with the {@code RemotingConnection} or + * {@link #CERT_INFO_UNAVAILABLE} otherwise + */ + public static String getUserPrincipalNameForPrint(RemotingConnection connection) { + return Objects.requireNonNullElse(getUserPrincipalName(getCertsFromConnection(connection)), CERT_INFO_UNAVAILABLE); + } + + /** + * {@return the User Principal Name (UPN) of the SSL certificate associated with the {@code RemotingConnection} + * otherwise {@code null}} + */ + public static String getUserPrincipalName(RemotingConnection connection) { + return getUserPrincipalName(getCertsFromConnection(connection)); + } + + /** + * Extracts the User Principal Name (UPN) from the Subject Alternative Names (SANs) of the first SSL certificate in + * the array. + * + * @param certs an array of X.509 certificates, where the first certificate is inspected for the UPN. If the array is + * null, empty, or the first certificate is null, the method returns null. + * @return the extracted UPN as a string, or null if the UPN is not found or if the SANs are null for the given + * certificate. + */ + public static String getUserPrincipalName(X509Certificate[] certs) { + if (certs == null || certs.length == 0 || certs[0] == null) { + return null; + } + Collection> sans; + try { + sans = certs[0].getSubjectAlternativeNames(); + } catch (CertificateParsingException e) { + ActiveMQServerLogger.LOGGER.failedToParseCertificate(certs[0].toString(), e); + return null; + } + if (sans == null) { + logger.debug("No SANs found in certificate"); + return null; + } + + for (List san : sans) { + if (san.size() == 4 && san.get(0) instanceof Integer generalName && generalName == 0 && san.get(2) instanceof String oid && oid.equals(UPN_OID)) { + // This works on Java 21+ + return (String) san.get(3); + } else if (san.size() == 2 && san.get(0) instanceof Integer generalName && generalName == 0) { + // Manual parsing is still required before Java 21 + return parseOtherNameForUpn((byte[]) san.get(1)); + } + } + return null; + } + + /** + * Parses a DER-encoded Subject Alternative Name {@code otherName} value and tries to extract a UPN string. + *

+ * The method walks the nested tag-length-value ASN.1/DER structure. It expects an outer context-specific wrapper, + * verifies the embedded UPN OID, then reads the inner wrapped string value (which may be double-wrapped). It accepts + * either UTF8String or IA5String encodings. + * + * @param der the buffer containing the DER bytes to inspect + * @return the decoded UPN string, or {@code null} if the structure does not match the expected layout + */ + protected static String parseOtherNameForUpn(byte[] der) { + ByteBuf buf = Unpooled.wrappedBuffer(der); + try { + // read outer sequence + short outerSequenceTag = buf.readUnsignedByte(); + if (outerSequenceTag != 0x30) { + logger.debug("Unexpected outer sequence tag 0x{}; expected 0x30", String.format("%02X", outerSequenceTag)); + return null; + } + readDerLength(buf); + + // read & validate OID + short oidTag = buf.readUnsignedByte(); + if (oidTag != 0x06) { + logger.debug("Unexpected oid tag 0x{}; expected 0x06", String.format("%02X", oidTag)); + return null; + } + int oidLen = readDerLength(buf); + byte[] oidBytes = new byte[oidLen]; + buf.readBytes(oidBytes); + if (!Arrays.equals(oidBytes, UPN_OID_BYTES)) { + logger.debug("OID mismatch"); + return null; + } + + // read context tag + short upnContextTag = buf.readUnsignedByte(); + if (upnContextTag != 0xA0) { + logger.debug("Unexpected context tag for UPN 0x{}; expected 0xA0", String.format("%02X", upnContextTag)); + return null; + } + readDerLength(buf); + + // handle potential "double wrap" + short nextTag = buf.getUnsignedByte(buf.readerIndex()); + if (nextTag == 0xA0) { + buf.readUnsignedByte(); + readDerLength(buf); + nextTag = buf.getByte(buf.readerIndex()); + } + + if (nextTag != 0x0C && nextTag != 0x16) { + logger.debug("Unexpected string tag 0x{}; expected UTF8String (0x0C) or IA5String (0x16)", String.format("%02X", nextTag)); + return null; + } + buf.readUnsignedByte(); + + // read the string + int upnLen = readDerLength(buf); + byte[] upnBytes = new byte[upnLen]; + buf.readBytes(upnBytes); + return new String(upnBytes, StandardCharsets.UTF_8); + } finally { + buf.release(); + } + } + + /** + * In DER length encoding: + *

    + *
  • if the first length byte has top bit 0
    • + *
      + *
    • it is a short-form length
      • + *
    • the length is stored right there in that byte
      • + *
    + *
  • if the top bit is 1
    • + *
      + *
    • it is a long-form length
      • + *
    • the lower 7 bits tell you how many additional bytes encode the length
      • + *
    + *
+ * + * @param buf the {@code ByteBuf} to read the length value from. It must contain enough bytes to decode the length + * fully according to the encoded format. + * @return the decoded length as an integer. + */ + private static int readDerLength(ByteBuf buf) { + int first = buf.readUnsignedByte(); + if ((first & 0x80) == 0) { + return first; + } + + int numBytes = first & 0x7F; + int len = 0; + for (int i = 0; i < numBytes; i++) { + len = (len << 8) | buf.readUnsignedByte(); + } + return len; + } } diff --git a/artemis-server/src/main/resources/schema/artemis-configuration.xsd b/artemis-server/src/main/resources/schema/artemis-configuration.xsd index 2af3e1b1449..b4b690349a0 100644 --- a/artemis-server/src/main/resources/schema/artemis-configuration.xsd +++ b/artemis-server/src/main/resources/schema/artemis-configuration.xsd @@ -487,6 +487,30 @@ + + + + comma-separated list of what data to include in the key generated by the broker for the authentication + cache; valid values are USER, PASS, TLS_SUBJECT_DN, and TLS_SAN_UPN; any combination is allowed; or + does not matter + + + + + + + + + + + + + + + + + + diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/DefaultsFileConfigurationTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/DefaultsFileConfigurationTest.java index 8701f6cc31f..5d663e5274d 100644 --- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/DefaultsFileConfigurationTest.java +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/DefaultsFileConfigurationTest.java @@ -165,5 +165,7 @@ public void testDefaults() { assertEquals(ActiveMQDefaultConfiguration.getDefaultSecurityCacheMetrics(), conf.getMetricsConfiguration().isSecurityCaches()); assertEquals(ActiveMQDefaultConfiguration.getDefaultExecutorServiceMetrics(), conf.getMetricsConfiguration().isExecutorServices()); + + assertEquals(ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY, conf.getAuthenticationCacheKey()); } } diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationTest.java index b885e6e3fd2..42ce9904797 100644 --- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationTest.java +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/config/impl/FileConfigurationTest.java @@ -80,6 +80,7 @@ import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin; import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerPlugin; import org.apache.activemq.artemis.core.settings.impl.AddressSettings; +import org.apache.activemq.artemis.core.settings.impl.AuthenticationCacheKeyConfig; import org.apache.activemq.artemis.core.settings.impl.DiskFullMessagePolicy; import org.apache.activemq.artemis.core.settings.impl.SlowConsumerPolicy; import org.apache.activemq.artemis.core.settings.impl.SlowConsumerThresholdMeasurementUnit; @@ -253,6 +254,7 @@ private void validateFullConfig(Configuration configInstance, boolean fromProper assertEquals(123456, configInstance.getMqttSessionScanInterval()); assertEquals(567890, configInstance.getMqttSessionStatePersistenceTimeout()); assertFalse(configInstance.isMqttSubscriptionPersistenceEnabled()); + assertEquals(Set.of(AuthenticationCacheKeyConfig.USER, AuthenticationCacheKeyConfig.PASS), configInstance.getAuthenticationCacheKey()); assertEquals(98765, configInstance.getConnectionTtlCheckInterval()); assertEquals(1234567, configInstance.getConfigurationFileRefreshPeriod()); assertEquals("UUID", configInstance.getTemporaryQueueNamespace()); diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImplTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImplTest.java index 558c4764e8f..c704fa65b86 100644 --- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImplTest.java +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImplTest.java @@ -17,22 +17,29 @@ package org.apache.activemq.artemis.core.security.impl; import javax.security.auth.Subject; +import java.security.NoSuchAlgorithmException; import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.EnumSet; import java.util.Set; import java.util.concurrent.Callable; import org.apache.activemq.artemis.api.core.ActiveMQSecurityException; import org.apache.activemq.artemis.api.core.SimpleString; +import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; import org.apache.activemq.artemis.core.management.impl.ManagementRemotingConnection; +import org.apache.activemq.artemis.core.remoting.impl.netty.NettyServerConnection; import org.apache.activemq.artemis.core.security.CheckType; import org.apache.activemq.artemis.core.security.Role; import org.apache.activemq.artemis.core.security.SecurityAuth; +import org.apache.activemq.artemis.core.settings.impl.AuthenticationCacheKeyConfig; import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; import org.apache.activemq.artemis.logs.AssertionLoggerHandler; import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection; import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager5; import org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal; import org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal; +import org.apache.activemq.artemis.utils.CertificateUtilTest; import org.apache.activemq.artemis.utils.RandomUtil; import org.apache.activemq.artemis.utils.sm.SecurityManagerShim; import org.junit.jupiter.api.Test; @@ -41,6 +48,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -110,7 +118,7 @@ public boolean validateUserAndRole(String user, String password, Set roles @Test public void zeroCacheSizeTest() throws Exception { final String user = RandomUtil.randomUUIDString(); - SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 0, 0); + SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 0, 0, ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY); assertNull(securityStore.getAuthenticationCache()); assertEquals(user, securityStore.authenticate(user, RandomUtil.randomUUIDString(), null)); assertEquals(0, securityStore.getAuthenticationCacheSize()); @@ -144,7 +152,7 @@ public String getSecurityDomain() { @Test public void getCaller() throws Exception { - SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 0, 0); + SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 0, 0, ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY); assertNull(securityStore.getCaller(null, null)); assertEquals("joe", securityStore.getCaller("joe", null)); @@ -176,7 +184,8 @@ public void testManagementAuthorizationAfterNullAuthenticationFailure() throws E null, null, 1000, - 1000); + 1000, + ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY); try { securityStore.authenticate(null, null, Mockito.mock(RemotingConnection.class), null); @@ -207,7 +216,7 @@ public void testManagementAuthorizationAfterNullAuthenticationFailure() throws E @Test public void testWrongPrincipal() throws Exception { - SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), wrongPrincipalSecurityManager, 999, true, "", null, null, 10, 0); + SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), wrongPrincipalSecurityManager, 999, true, "", null, null, 10, 0, ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY); try { securityStore.authenticate(null, null, Mockito.mock(RemotingConnection.class), null); fail(); @@ -220,12 +229,109 @@ public void testWrongPrincipal() throws Exception { } @Test - public void testCacheAlgorithm() throws Exception { + public void testPresenceOfCacheAlgorithm() throws Exception { final String user = RandomUtil.randomUUIDString(); - SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 0, 0); + SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 0, 0, ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY); try (AssertionLoggerHandler handler = new AssertionLoggerHandler()) { securityStore.createAuthenticationCacheKey(user, RandomUtil.randomUUIDString(), null); assertFalse(handler.findText("AMQ224163")); } } + + @Test + // There's no way to conclusively prove a String is a SHA-256 hash, but we can at least check that it's the right length and has the correct format + public void testVerifySha256() throws Exception { + SecurityStoreImpl securityStore = new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 0, 0, ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY); + assertTrue(securityStore.createAuthenticationCacheKey(RandomUtil.randomUUIDString(), RandomUtil.randomUUIDString(), null).matches("^[a-fA-F0-9]{64}$")); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyEnabledWithDifferentUpns() throws Exception { + final String user = RandomUtil.randomUUIDString(); + final String password = RandomUtil.randomUUIDString(); + SecurityStoreImpl securityStore = createSecurityStore(true); + String keyOne = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn("user1@domain.com")); + String keyTwo = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn("user2@domain.com")); + assertNotEquals(keyOne, keyTwo); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyEnabledWithAndWithoutUpn() throws Exception { + final String user = RandomUtil.randomUUIDString(); + final String password = RandomUtil.randomUUIDString(); + SecurityStoreImpl securityStore = createSecurityStore(true); + String keyOne = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn("user@domain.com")); + String keyTwo = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn(null)); + assertNotEquals(keyOne, keyTwo); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyEnabledWithIdenticalUpns() throws Exception { + final String user = RandomUtil.randomUUIDString(); + final String password = RandomUtil.randomUUIDString(); + final String upn = "user@domain.com"; + SecurityStoreImpl securityStore = createSecurityStore(true); + String keyOne = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn(upn)); + String keyTwo = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn(upn)); + assertEquals(keyOne, keyTwo); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyEnabledWithNulls() throws Exception { + SecurityStoreImpl securityStore = createSecurityStore(true); + assertNull(securityStore.createAuthenticationCacheKey(null, null, null)); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyDisabledWithDifferentUpns() throws Exception { + final String user = RandomUtil.randomUUIDString(); + final String password = RandomUtil.randomUUIDString(); + SecurityStoreImpl securityStore = createSecurityStore(false); + String keyOne = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn("user1@domain.com")); + String keyTwo = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn("user2@domain.com")); + assertEquals(keyOne, keyTwo); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyDisabledWithAndWithoutUpn() throws Exception { + final String user = RandomUtil.randomUUIDString(); + final String password = RandomUtil.randomUUIDString(); + SecurityStoreImpl securityStore = createSecurityStore(false); + String keyOne = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn("user@domain.com")); + String keyTwo = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn(null)); + assertEquals(keyOne, keyTwo); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyDisabledWithIdenticalUpns() throws Exception { + final String user = RandomUtil.randomUUIDString(); + final String password = RandomUtil.randomUUIDString(); + final String upn = "user@domain.com"; + SecurityStoreImpl securityStore = createSecurityStore(false); + String keyOne = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn(upn)); + String keyTwo = securityStore.createAuthenticationCacheKey(user, password, getConnectionWithUpn(upn)); + assertEquals(keyOne, keyTwo); + } + + @Test + public void testIncludeUpnInAuthenticationCacheKeyDisabledWithNulls() throws Exception { + SecurityStoreImpl securityStore = createSecurityStore(false); + assertNull(securityStore.createAuthenticationCacheKey(null, null, null)); + } + + private static RemotingConnection getConnectionWithUpn(String upn) throws Exception { + RemotingConnection remotingConnection = Mockito.mock(RemotingConnection.class); + NettyServerConnection serverConnection = Mockito.mock(NettyServerConnection.class); + Mockito.when(serverConnection.getPeerCertificates()).thenReturn(new X509Certificate[]{CertificateUtilTest.generateCertificateWithUPN(upn)}); + Mockito.when(remotingConnection.getTransportConnection()).thenReturn(serverConnection); + return remotingConnection; + } + + private SecurityStoreImpl createSecurityStore(boolean includeUpnInAuthenticationCacheKey) throws NoSuchAlgorithmException { + EnumSet authenticationCacheKey = EnumSet.copyOf(ConfigurationImpl.DEFAULT_AUTHENTICATION_CACHE_KEY); + if (includeUpnInAuthenticationCacheKey) { + authenticationCacheKey.add(AuthenticationCacheKeyConfig.TLS_SAN_UPN); + } + return new SecurityStoreImpl(new HierarchicalObjectRepository<>(), securityManager, 999, true, "", null, null, 1, 0, authenticationCacheKey); + } } diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java index 48b3642750f..95e651249e6 100644 --- a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/StubCertificateLoginModule.java @@ -46,4 +46,9 @@ protected Set getUserRoles(String username) throws LoginException { lastUserName = username; return this.groupNames; } + + @Override + protected String getCertificateInfo(X509Certificate[] certificates) { + return userName; + } } diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileUpnCertificateLoginModuleTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileUpnCertificateLoginModuleTest.java new file mode 100644 index 00000000000..80084161b35 --- /dev/null +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/TextFileUpnCertificateLoginModuleTest.java @@ -0,0 +1,140 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.core.security.jaas; + +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginException; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.lang.invoke.MethodHandles; +import java.net.URL; +import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; +import java.security.Principal; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Map; + +import org.apache.activemq.artemis.spi.core.security.jaas.CertificateCallback; +import org.apache.activemq.artemis.spi.core.security.jaas.CertificateLoginModule; +import org.apache.activemq.artemis.spi.core.security.jaas.JaasCallbackHandler; +import org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoader; +import org.apache.activemq.artemis.spi.core.security.jaas.TextFileUpnCertificateLoginModule; +import org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal; +import org.apache.activemq.artemis.utils.CertificateUtilTest; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; + +public class TextFileUpnCertificateLoginModuleTest { + + private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); + + private static final String CERT_USERS_FILE = "upn-cert-users.properties"; + + private static final String CERT_GROUPS_FILE = "upn-cert-roles.properties"; + + static { + String path = System.getProperty("java.security.auth.login.config"); + if (path == null) { + URL resource = TextFileUpnCertificateLoginModuleTest.class.getClassLoader().getResource("login.config"); + if (resource != null) { + try { + path = URLDecoder.decode(resource.getFile(), StandardCharsets.UTF_8.name()); + System.setProperty("java.security.auth.login.config", path); + } catch (UnsupportedEncodingException e) { + logger.error(e.getMessage(), e); + throw new RuntimeException(e); + } + } + } + } + + private CertificateLoginModule loginModule; + + @BeforeAll + static void setupProvider() { + Security.addProvider(new BouncyCastleProvider()); + } + + @AfterAll + static void cleanupProvider() { + Security.removeProvider("BC"); + } + + @BeforeEach + public void setUp() throws Exception { + loginModule = new TextFileUpnCertificateLoginModule(); + } + + @AfterEach + public void tearDown() throws Exception { + PropertiesLoader.resetUsersAndGroupsCache(); + } + + @Test + public void loginTest() throws Exception { + Map options = Map.of("org.apache.activemq.jaas.textfileupn.user", CERT_USERS_FILE, + "org.apache.activemq.jaas.textfileupn.role", CERT_GROUPS_FILE, + "reload", "true"); + + for (int i = 0; i < 10; i++) { + final String user = "user@domain" + (i + 1) + ".com"; + Subject subject = doAuthenticate(options, getJaasCertificateCallbackHandler(user)); + assertEquals(1, subject.getPrincipals().size()); + Principal principal = subject.getPrincipals().iterator().next(); + assertInstanceOf(UserPrincipal.class, principal); + assertEquals(user, principal.getName()); + loginModule.logout(); + } + } + + private JaasCallbackHandler getJaasCertificateCallbackHandler(String user) throws Exception { + X509Certificate cert = CertificateUtilTest.generateCertificateWithUPN(user); + return new JaasCallbackHandler(null, null, null) { + @Override + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (Callback callback : callbacks) { + if (callback instanceof CertificateCallback certCallback) { + certCallback.setCertificates(new X509Certificate[]{cert}); + } else { + throw new UnsupportedCallbackException(callback); + } + } + } + }; + } + + private Subject doAuthenticate(Map options, + JaasCallbackHandler callbackHandler) throws LoginException { + Subject mySubject = new Subject(); + loginModule.initialize(mySubject, callbackHandler, null, options); + loginModule.login(); + loginModule.commit(); + return mySubject; + } +} diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/utils/CertificateUtilTest.java b/artemis-server/src/test/java/org/apache/activemq/artemis/utils/CertificateUtilTest.java new file mode 100644 index 00000000000..7017961e1b7 --- /dev/null +++ b/artemis-server/src/test/java/org/apache/activemq/artemis/utils/CertificateUtilTest.java @@ -0,0 +1,195 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.utils; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.cert.X509Certificate; +import java.util.Date; + +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.DERPrintableString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.OtherName; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.junit.jupiter.api.Test; + +import static org.apache.activemq.artemis.utils.CertificateUtil.UPN_OID; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; + +public class CertificateUtilTest { + + private static final String TEST_UPN = "user@domain.com"; + + @Test + void testExtractUpnPositive() throws Exception { + String extractedUpn = CertificateUtil.getUserPrincipalName(new X509Certificate[] {generateCertificateWithUPN(TEST_UPN)}); + assertEquals(TEST_UPN, extractedUpn, "Returned UPN should match the one embedded in the cert."); + } + + @Test + void testExtractUpnNegative() throws Exception { + String extractedUpn = CertificateUtil.getUserPrincipalName(new X509Certificate[] {generateCertificateWithUPN(null)}); + assertNull(extractedUpn, "Should return null when no UPN is present."); + } + + /** + * Helper method to generate a self-signed v3 certificate. If upnValue is provided, it embeds it as an 'otherName' in + * the SAN extension. + */ + public static X509Certificate generateCertificateWithUPN(String upnValue) throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); + keyGen.initialize(2048); + KeyPair keyPair = keyGen.generateKeyPair(); + + long now = System.currentTimeMillis(); + JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( + new X500Name("CN=Mock Issuer"), + BigInteger.valueOf(now), + new Date(now - 86400000L), + new Date(now + 86400000L), + new X500Name("CN=Mock Subject"), + keyPair.getPublic() + ); + + // inject the UPN into the Subject Alternative Name extension if provided + if (upnValue != null) { + OtherName otherName = new OtherName(new ASN1ObjectIdentifier(UPN_OID), new DERUTF8String(upnValue)); + GeneralNames subjectAltNames = new GeneralNames(new GeneralName(GeneralName.otherName, otherName)); + certBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); + } + + // sign the certificate + ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); + + // convert BouncyCastle builder format to standard java.security.cert.X509Certificate + return new JcaX509CertificateConverter().getCertificate(certBuilder.build(signer)); + } + + @Test + void testParseOtherNameForUpnSingleWrappedUtf8String() throws Exception { + byte[] derEncoded = createUpnDer(TEST_UPN, UPN_OID, DerStringOption.UTF8, false); + String extractedUpn = CertificateUtil.parseOtherNameForUpn(derEncoded); + assertEquals(TEST_UPN, extractedUpn, "Should extract UPN from single-wrapped UTF8String"); + } + + @Test + void testParseOtherNameForUpnSingleWrappedIa5String() throws Exception { + byte[] derEncoded = createUpnDer(TEST_UPN, UPN_OID, DerStringOption.IA5, false); + String extractedUpn = CertificateUtil.parseOtherNameForUpn(derEncoded); + assertEquals(TEST_UPN, extractedUpn, "Should extract UPN from single-wrapped IA5String"); + } + + @Test + void testParseOtherNameForUpnDoubleWrappedUtf8String() throws Exception { + byte[] derEncoded = createUpnDer(TEST_UPN, UPN_OID, DerStringOption.UTF8, true); + String extractedUpn = CertificateUtil.parseOtherNameForUpn(derEncoded); + assertEquals(TEST_UPN, extractedUpn, "Should extract UPN from double-wrapped UTF8String"); + } + + @Test + void testParseOtherNameForUpnDoubleWrappedIa5String() throws Exception { + byte[] derEncoded = createUpnDer(TEST_UPN, UPN_OID, DerStringOption.IA5, true); + String extractedUpn = CertificateUtil.parseOtherNameForUpn(derEncoded); + assertEquals(TEST_UPN, extractedUpn, "Should extract UPN from double-wrapped IA5String"); + } + + @Test + void testParseOtherNameForUpnInvalidOid() throws Exception { + byte[] derEncoded = createUpnDer(TEST_UPN, "2.5.4.3", DerStringOption.UTF8, false); + String extractedUpn = CertificateUtil.parseOtherNameForUpn(derEncoded); + assertNull(extractedUpn, "Should return null when OID doesn't match UPN_OID"); + } + + /** + * A PrintableString is a restricted character string type in the ASN.1 notation. It is used to describe data that + * consists only of a specific printable subset of the ASCII character set. See more at + * https://en.wikipedia.org/wiki/PrintableString. + *

+ * In the context of UPN encoding, PrintableString is not typically used because UPNs can contain non-printable + * characters. Therefore, encountering a PrintableString in a UPN context is considered invalid. + */ + @Test + void testParseOtherNameForUpnInvalidStringTag() throws Exception { + byte[] derEncoded = createUpnDer(TEST_UPN, UPN_OID, DerStringOption.PRINTABLE, false); + String extractedUpn = CertificateUtil.parseOtherNameForUpn(derEncoded); + assertNull(extractedUpn, "Should return null when string tag is not UTF8String or IA5String"); + } + + /** + * Tests the behavior when the DER-encoded byte sequence is missing the outer sequence tag. + */ + @Test + void testParseOtherNameForUpnMissingSequence() throws Exception { + byte[] derEncoded = createUpnDer(TEST_UPN, UPN_OID, DerStringOption.UTF8, false); + byte[] derEncodedSlice = new byte[derEncoded.length - 2]; + System.arraycopy(derEncoded, 2, derEncodedSlice, 0, derEncodedSlice.length); + String extractedUpn = CertificateUtil.parseOtherNameForUpn(derEncodedSlice); + assertNull(extractedUpn, "Should return null when outer sequence tag is missing"); + } + + /** + * Creates a DER-encoded byte array representing a User Principal Name (UPN) entry. + * + * @param upnValue The UPN value to encode as a string. + * @param oid The object identifier (OID) to use for the entry. + * @param derStringOption The string type (e.g., UTF8, IA5, PRINTABLE) to encode the UPN value. + * @param doubleWrap Indicates whether the string value should be wrapped in an additional tag structure. + * @return A DER-encoded byte array representing the UPN entry. + * @throws IOException If an error occurs during encoding. + */ + private static byte[] createUpnDer(String upnValue, String oid, DerStringOption derStringOption, boolean doubleWrap) throws IOException { + ASN1EncodableVector sequence = new ASN1EncodableVector(); + sequence.add(new ASN1ObjectIdentifier(oid)); + ASN1Encodable stringValue = switch (derStringOption) { + case UTF8 -> new DERUTF8String(upnValue); + case IA5 -> new DERIA5String(upnValue); + case PRINTABLE -> new DERPrintableString(upnValue); + default -> throw new IllegalArgumentException("Unsupported DER string option: " + derStringOption); + }; + + DERTaggedObject taggedString; + DERTaggedObject intermediateTaggedString = new DERTaggedObject(true, 0, stringValue); + if (doubleWrap) { + taggedString = new DERTaggedObject(true, 0, intermediateTaggedString); + } else { + taggedString = intermediateTaggedString; + } + sequence.add(taggedString); + + return new DERSequence(sequence).getEncoded(); + } + + private enum DerStringOption { + UTF8, IA5, PRINTABLE + } +} diff --git a/artemis-server/src/test/resources/ConfigurationTest-full-config.xml b/artemis-server/src/test/resources/ConfigurationTest-full-config.xml index ba33b5a739e..fec753b2ea6 100644 --- a/artemis-server/src/test/resources/ConfigurationTest-full-config.xml +++ b/artemis-server/src/test/resources/ConfigurationTest-full-config.xml @@ -60,6 +60,10 @@ 123456 567890 false + + USER + PASS + 98765 1234567 TEMP diff --git a/artemis-server/src/test/resources/ConfigurationTest-xinclude-config.xml b/artemis-server/src/test/resources/ConfigurationTest-xinclude-config.xml index 86274bc7a25..81c6ce3f4f2 100644 --- a/artemis-server/src/test/resources/ConfigurationTest-xinclude-config.xml +++ b/artemis-server/src/test/resources/ConfigurationTest-xinclude-config.xml @@ -61,6 +61,10 @@ 123456 567890 false + + USER + PASS + 98765 1234567 TEMP diff --git a/artemis-server/src/test/resources/ConfigurationTest-xinclude-schema-config.xml b/artemis-server/src/test/resources/ConfigurationTest-xinclude-schema-config.xml index 05c9e062be0..1569554a15c 100644 --- a/artemis-server/src/test/resources/ConfigurationTest-xinclude-schema-config.xml +++ b/artemis-server/src/test/resources/ConfigurationTest-xinclude-schema-config.xml @@ -61,6 +61,10 @@ 123456 567890 false + + USER + PASS + 98765 1234567 TEMP diff --git a/artemis-server/src/test/resources/upn-cert-roles.properties b/artemis-server/src/test/resources/upn-cert-roles.properties new file mode 100644 index 00000000000..aab571c6141 --- /dev/null +++ b/artemis-server/src/test/resources/upn-cert-roles.properties @@ -0,0 +1,16 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- diff --git a/artemis-server/src/test/resources/upn-cert-users.properties b/artemis-server/src/test/resources/upn-cert-users.properties new file mode 100644 index 00000000000..0023aa746ce --- /dev/null +++ b/artemis-server/src/test/resources/upn-cert-users.properties @@ -0,0 +1,26 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +user@domain1.com +user@domain2.com +user@domain3.com +user@domain4.com +user@domain5.com +user@domain6.com +user@domain7.com +user@domain8.com +user@domain9.com +user@domain10.com diff --git a/docs/user-manual/_shared-cert-login-details.adoc b/docs/user-manual/_shared-cert-login-details.adoc new file mode 100644 index 00000000000..1a58034353b --- /dev/null +++ b/docs/user-manual/_shared-cert-login-details.adoc @@ -0,0 +1,9 @@ +This login module must be used in combination with SSL, and the clients must be configured with their own certificate. +In this scenario, authentication is actually performed during the SSL/TLS handshake, not directly by the JAAS certificate authentication plug-in. +The role of the plug-in is as follows: + +* To further constrain the set of acceptable users, because only the users explicitly listed in the relevant properties file are eligible to be authenticated. +* To associate a list of roles with the received user identity, facilitating integration with the authorization. +* To require the presence of an incoming certificate (by default, the SSL/TLS layer is configured to treat the presence of a client certificate as optional). + +It retrieves data from a pair of flat files. \ No newline at end of file diff --git a/docs/user-manual/security.adoc b/docs/user-manual/security.adoc index f2cd498910f..ce0ca3ddbf3 100644 --- a/docs/user-manual/security.adoc +++ b/docs/user-manual/security.adoc @@ -81,6 +81,62 @@ Using `0` will disable the corresponding cache. How long cache entries are valid is controlled by `security-invalidation-interval`, which is in milliseconds. The default is `10000` ms. +=== Authentication Cache Keys + +Authentication cache entries are stored and fetched using a _key_ generated from data that *uniquely identifies an authentication attempt*. +This includes username and password for the most basic use-cases. +It also includes details from the TLS certificate like the subject distinguished name (DN) and user pricipal name (UPN) for use-cases involving mutual TLS. + +By default, the username, password, and TLS certificate subject DN are included. +The TLS certificate UPN is _not_ included by default in order to maintain backwards compatiblity since it wasn't always possible to authenticate with UPN. +To configure the authentication cache key add the `authentication-cache-key` element to `broker.xml` in the `core` element, e.g.: + +[,xml] +---- + + USER + PASS + TLS_SUBJECT_DN + +---- + +Valid values include: + +USER:: +The username provided by the remote client. + +PASS:: +The password provided by the remote client. + +TLS_SUBJECT_DN:: +The subject distinguished name of the TLS certificate provided by the remote client. +This is technically only relevant in use-cases involving mutual TLS. +However, it can be included even if mutual TLS is not in use as it will not impact the ultimate key value. +Ensure this is configured when using the <>. + +TLS_SAN_UPN:: +The user principal name stored in the subject alternative name of the TLS certificate provided by the remote client. +This is technically only relevant in use-cases involving mutual TLS. +However, it can be included even if mutual TLS is not in use as it will not impact the ultimate key value. +Ensure this is configured when using the <>. + +The order of the parameters does not impact the ultimate key value. +Any combinations of parameters is possible. +The default includes `USER`, `PASS`, & `TLS_SUBJECT_DN`. + +All keys are hashed with a cryptographically secure algorithm before being stored in the cache. +This ensures sensitive data is not available in memory. + +[WARNING] +==== +It is *critically* important that the authentication cache key is correctly configured to include all the data being used to authenticate users. + +An incorrect configuration can lead to both positive and negative invalid authentication. +In other words, users who should not be authenticated may be, and users who should be authentication may not be. + +Users are strongly encouraged to verify the configuration before production deployments. +==== + == Tracking the Validated User To assist in security auditing the `populate-validated-user` option exists. @@ -960,65 +1016,38 @@ The fully qualified class name of a custom password codec for decoding masked pa See xref:masking-passwords.adoc#masking-passwords[password masking] for more details. Default is `org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec`. -==== CertificateLoginModule - -The JAAS certificate authentication login module must be used in combination with SSL and the clients must be configured with their own certificate. -In this scenario, authentication is actually performed during the SSL/TLS handshake, not directly by the JAAS certificate authentication plug-in. -The role of the plug-in is as follows: - -* To further constrain the set of acceptable users, because only the user DNs explicitly listed in the relevant properties file are eligible to be authenticated. -* To associate a list of groups with the received user identity, facilitating integration with the authorization feature. -* To require the presence of an incoming certificate (by default, the SSL/TLS layer is configured to treat the presence of a client certificate as optional). +==== TextFileCertificateLoginModule -The JAAS certificate login module stores a collection of certificate DNs in a pair of flat files. -The files associate a username and a list of group IDs with each DN. +include::_shared-cert-login-details.adoc[] +One file associates the valid certificate DNs with usernames. +The other file associates the usernames with roles. -The certificate login module is implemented by the following class: - -[,java] ----- -org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule ----- - -The following `CertLogin` login entry shows how to configure certificate login module in the login.config file: +The following `CertLogin` login entry shows how to configure certificate login module in the `login.config` file: ---- CertLogin { - org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule + org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required debug=true org.apache.activemq.jaas.textfiledn.user="users.properties" org.apache.activemq.jaas.textfiledn.role="roles.properties"; }; ---- -In the preceding example, the JAAS realm is configured to use a single `org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule` login module. -The options supported by this login module are as follows: +===== Options debug:: boolean flag; -if true, enable debugging; +if `true`, enable debugging; this is used only for testing or debugging; normally, it should be set to `false`, or omitted; default is `false` org.apache.activemq.jaas.textfiledn.user:: specifies the location of the user properties file (relative to the directory containing the login configuration file). - -org.apache.activemq.jaas.textfiledn.role:: -specifies the location of the role properties file (relative to the directory containing the login configuration file). - -reload:: -boolean flag; -whether or not to reload the properties files when a modification occurs; -default is `false` - -normalise:: -boolean flag; whether the DN values should be validated and normalised into the X500Name string format used for matching; default is false. -Using this option can avoid the ambiguity around the string form of a DN that is discussed below. When true, the DN string is validated, and then normalised into the internal X500Name format. - -In the context of the certificate login module, the `users.properties` file consists of a list of properties of the form, `UserName=StringifiedSubjectDN` or `UserName=/SubjectDNRegExp/`. ++ +This file consists of a list of properties of the form, `UserName=StringifiedSubjectDN` or `UserName=/SubjectDNRegExp/`. For example, to define the users, `system`, `user` and `guest` as well as a `hosts` user matching several DNs, you could create a file like the following: - ++ [,properties] ---- system=CN=system,O=Progress,C=US @@ -1026,66 +1055,102 @@ user=CN=humble user,O=Progress,C=US guest=CN=anon,O=Progress,C=DE hosts=/CN=host\\d+\\.acme\\.com,O=Acme,C=UK/ ---- - ++ Note that the backslash character has to be escaped because it has a special treatment in properties files. - ++ Each username is mapped to a subject DN, encoded as a string (where the string encoding is specified by RFC 2253). For example, the system username is mapped to the `CN=system,O=Progress,C=US` subject DN. When performing authentication, the plug-in extracts the subject DN from the received certificate, converts it to the standard string format, and compares it with the subject DNs in the `users.properties` file by testing for string equality. Consequently, you must be careful to ensure that the subject DNs appearing in the `users.properties` file are an exact match for the subject DNs extracted from the user certificates. - ++ NOTE: Technically, there is some residual ambiguity in the DN string format. For example, the `domainComponent` attribute could be represented in a string either as the string, `DC`, or as the OID, `0.9.2342.19200300.100.1.25`. Normally, you do not need to worry about this ambiguity. But it could potentially be a problem, if you changed the underlying implementation of the Java security layer. -The easiest way to obtain the subject DNs from the user certificates is by invoking the `keytool` utility to print the certificate contents. -To print the contents of a certificate in a keystore, perform the following steps: - -. Export the certificate from the keystore file into a temporary file. -For example, to export the certificate with alias `broker-localhost` from the `broker.ks` keystore file, enter the following command: +org.apache.activemq.jaas.textfiledn.role:: +specifies the location of the role properties file (relative to the directory containing the login configuration file). + -[,sh] +This file consists of a list of properties of the form, `Role=UserList`, where `UserList` is a comma-separated list of users. +For example, to define the roles `admins`, `users`, and `guests`, you could create a file like the following: ++ +[,properties] ---- -keytool -export -file broker.export -alias broker-localhost -keystore broker.ks -storepass password +admins=system +users=system,user +guests=guest ---- -+ -After running this command, the exported certificate is in the file, `broker.export`. -. Print out the contents of the exported certificate. -For example, to print out the contents of `broker.export`, enter the following command: -+ -[,sh] +reload:: +boolean flag; +whether to reload the properties files when a modification occurs; +default is `false` + +normalise:: +boolean flag; whether the DN values should be validated and normalised into the X500Name string format used for matching; default is `false`. +Using this option can avoid the ambiguity around the string form of a DN that is discussed below. When `true`, the DN string is validated, and then normalised into the internal X500Name format. + +==== TextFileUpnCertificateLoginModule + +include::_shared-cert-login-details.adoc[] +One file lists the valid UPNs. +The other file associates the UPNs with roles. + +The following `CertLogin` login entry shows how to configure certificate login module in the `login.config` file: + ---- -keytool -printcert -file broker.export +UpnCertLogin { + org.apache.activemq.artemis.spi.core.security.jaas.TextFileUpnCertificateLoginModule required + debug=true + org.apache.activemq.jaas.textfileupn.user="users.properties" + org.apache.activemq.jaas.textfileupn.role="roles.properties"; +}; ---- + +[WARNING] +==== +When using the `TextFileUpnCertificateLoginModule` be sure to <> or <>. +==== + +===== Options + +debug:: +boolean flag; +if `true`, enable debugging; +this is used only for testing or debugging; +normally, it should be set to `false`, or omitted; +default is `false` + +org.apache.activemq.jaas.textfileupn.user:: +specifies the location of the user file (relative to the directory containing the login configuration file). + -Which should produce output similar to that shown here: +This file consists of a list of user principal names (UPNs), e.g.: + +[,properties] ---- -Owner: CN=localhost, OU=broker, O=Unknown, L=Unknown, ST=Unknown, C=Unknown -Issuer: CN=localhost, OU=broker, O=Unknown, L=Unknown, ST=Unknown, C=Unknown -Serial number: 4537c82e -Valid from: Thu Oct 19 19:47:10 BST 2006 until: Wed Jan 17 18:47:10 GMT 2007 -Certificate fingerprints: - MD5: 3F:6C:0C:89:A8:80:29:CC:F5:2D:DA:5C:D7:3F:AB:37 - SHA1: F0:79:0D:04:38:5A:46:CE:86:E1:8A:20:1F:7B:AB:3A:46:E4:34:5C +system@domain.com +user@domain.com +guest@domain.com ---- -+ -The string following `Owner:` gives the subject DN. -The format used to enter the subject DN depends on your platform. -The `Owner:` string above could be represented as either `CN=localhost,\ OU=broker,\ O=Unknown,\ L=Unknown,\ ST=Unknown,\ C=Unknown` or `CN=localhost,OU=broker,O=Unknown,L=Unknown,ST=Unknown,C=Unknown`. -The `roles.properties` file consists of a list of properties of the form, `Role=UserList`, where `UserList` is a comma-separated list of users. +org.apache.activemq.jaas.textfileupn.role:: +specifies the location of the role properties file (relative to the directory containing the login configuration file). ++ +This file consists of a list of properties of the form, `Role=UpnList`, where `UpnList` is a comma-separated list of UPNs. For example, to define the roles `admins`, `users`, and `guests`, you could create a file like the following: - ++ [,properties] ---- -admins=system -users=system,user -guests=guest +admins=system@domain.com +users=system@domain.com,user@domain.com +guests=guest@domain.com ---- +reload:: +boolean flag; +whether to reload the properties files when a modification occurs; +default is `false` + ==== SCRAMPropertiesLoginModule The SCRAM properties login module implements the SASL challenge response for the SCRAM-SHA mechanism. @@ -1634,28 +1699,10 @@ The trust store's password. The web console supports authentication with client certificates, see the following steps: -* Add the <> to the `login.config` file, i.e. -+ ----- -activemq-cert { - org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required - debug=true - org.apache.activemq.jaas.textfiledn.user="cert-users.properties" - org.apache.activemq.jaas.textfiledn.role="cert-roles.properties"; -}; ----- - -* Change the hawtio realm to match the realm defined in the `login.config` file for the <>. -This is configured in the `artemis.profile` via the system property `-Dhawtio.realm=activemq-cert`. -* Create a key pair for the client and import the public key in a truststore file. -+ ----- -keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass securepass -keypass securepass -alias client -genkey -keyalg "RSA" -keysize 2048 -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -ext bc=ca:false -ext eku=cA -keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass securepass -alias client -exportcert -rfc > client.crt -keytool -storetype pkcs12 -keystore client-truststore.p12 -storepass securepass -keypass securepass -importcert -alias client-ca -file client.crt -noprompt ----- - -* Enable secure access using HTTPS protocol with client authentication, use the truststore file created in the previous step to set the `trustStorePath` and `trustStorePassword`: +* Add either the <> or <> certificate login module to `login.config`. +* Change the HawtIO realm to match the realm defined in `login.config` for the aforementioned login module. +This is configured in the `artemis.profile` via the system property `hawtio.realm`. +* Configure the `trustStorePath` and `trustStorePassword` for the embedded web server so that it will trust the client's certificate: + [,xml] ---- @@ -1671,7 +1718,7 @@ keytool -storetype pkcs12 -keystore client-truststore.p12 -storepass securepass ---- -* Use the private key created in the previous step to set up your client, i.e. if the client app is a browser install the private key in the browser. +* Use your private key to set up your client (e.g., if the client app is a browser install the private key in the browser). ## Controlling JMS ObjectMessage deserialization diff --git a/docs/user-manual/versions.adoc b/docs/user-manual/versions.adoc index bec66a0e17a..c24c049a44c 100644 --- a/docs/user-manual/versions.adoc +++ b/docs/user-manual/versions.adoc @@ -744,7 +744,7 @@ Again, this only has potential impact for MQTT 3.x clients using `CleanSession=1 . Due to https://issues.apache.org/jira/browse/ARTEMIS-3892[ARTEMIS-3892] the username assigned to queues will be based on the *validated* user rather than just the username submitted by the client application. This will impact use-cases like the following: .. When `login.config` is configured with the xref:security.adoc#guestloginmodule[`GuestLoginModule`] which causes some users to be assigned a specific username and role during the authentication process. - .. When `login.config` is configured with the xref:security.adoc#certificateloginmodule[`CertificateLoginModule`] which causes users to be assigned a username and role corresponding to the subject DN from their SSL certificate. + .. When `login.config` is configured with the xref:security.adoc#textfilecertificateloginmodule[`TextFileCertificateLoginModule`] which causes users to be assigned a username and role corresponding to the subject DN from their SSL certificate. + In these kinds of situations the broker will use this assigned (i.e. validated) username for any queues created with the connection. @@ -1279,7 +1279,7 @@ https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&versio === Highlights -* Support xref:security.adoc#certificateloginmodule[regular expressions for matching client certificates]. +* Support xref:security.adoc#textfilecertificateloginmodule[regular expressions for matching client certificates]. * Support `SASL_EXTERNAL` for AMQP clients. * New examples showing xref:examples.adoc#openwire[virtual topic mapping] and xref:examples.adoc#exclusive-queue[exclusive queue] features. diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java index d6a5925dcea..fe607a45be2 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/ActiveMQServerControlTest.java @@ -293,7 +293,7 @@ public void registered(ActiveMQServer server) { public void testSecurityCacheSizes() throws Exception { ActiveMQServerControl serverControl = createManagementControl(); - Wait.assertEquals(usingCore() ? 1 : 0, serverControl::getAuthenticationCacheSize); + Wait.assertEquals(0, serverControl::getAuthenticationCacheSize); Wait.assertEquals(0, serverControl::getAuthorizationCacheSize); ServerLocator loc = createInVMNonHALocator(); @@ -311,7 +311,7 @@ public void testSecurityCacheSizes() throws Exception { m.putStringProperty("hello", "world"); producer.send(m); - assertEquals(usingCore() ? 2 : 1, serverControl.getAuthenticationCacheSize()); + assertEquals(1, serverControl.getAuthenticationCacheSize()); Wait.assertEquals(1, () -> serverControl.getAuthorizationCacheSize()); } @@ -344,7 +344,7 @@ public void testClearingSecurityCaches() throws Exception { serverControl.clearAuthenticationCache(); serverControl.clearAuthorizationCache(); - assertEquals(usingCore() ? 1 : 0, serverControl.getAuthenticationCacheSize()); + assertEquals(0, serverControl.getAuthenticationCacheSize()); assertEquals(0, serverControl.getAuthorizationCacheSize()); } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java index e1612ff6373..d91023cb6a7 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/NotificationTest.java @@ -184,6 +184,7 @@ public void testCONSUMER_CREATED() throws Exception { assertEquals(SimpleString.of("invm:0"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_REMOTE_ADDRESS)); assertEquals(consumerName, notifications[0].getSimpleStringProperty(ManagementHelper.HDR_SESSION_NAME)); assertEquals(SimpleString.of("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN)); + assertEquals(SimpleString.of("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_UPN)); assertTrue(notifications[0].getTimestamp() >= start); assertTrue((long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); assertEquals(notifications[0].getTimestamp(), (long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java index 766b2c13547..80328324822 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SSLSecurityNotificationTest.java @@ -27,7 +27,6 @@ import java.lang.management.ManagementFactory; import java.net.URL; -import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; @@ -83,13 +82,23 @@ public class SSLSecurityNotificationTest extends ActiveMQTestBase { private SimpleString notifQueue; @Test - public void testSECURITY_AUTHENTICATION_VIOLATION() throws Exception { + public void testSecurityAuthenticationViolationDn() throws Exception { + testSecurityAuthenticationViolation("CertLogin", "unknown-client-keystore.jks", "CN=ActiveMQ Artemis Unknown Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", "unavailable"); + } + + @Test + public void testSecurityAuthenticationViolationUpn() throws Exception { + testSecurityAuthenticationViolation("UpnCertLogin", "unknown-upn-client-keystore.jks", "CN=ActiveMQ Artemis Unknown UPN Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AA", "unknown@domain.com"); + } + + private void testSecurityAuthenticationViolation(String configName, String keystore, String dnValue, String upnValue) throws Exception { + createServer(configName); TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "unknown-client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, keystore); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); @@ -103,18 +112,20 @@ public void testSECURITY_AUTHENTICATION_VIOLATION() throws Exception { } catch (Exception e) { } - ClientMessage[] notifications = SSLSecurityNotificationTest.consumeMessages(1, notifConsumer); - assertEquals(SECURITY_AUTHENTICATION_VIOLATION.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString()); - assertNull(notifications[0].getObjectProperty(ManagementHelper.HDR_USER)); - assertEquals("CN=ActiveMQ Artemis Unknown Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); - assertTrue(notifications[0].getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("127.0.0.1")); - assertTrue(notifications[0].getTimestamp() >= start); - assertTrue((long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); - assertEquals(notifications[0].getTimestamp(), (long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)); + ClientMessage notification = SSLSecurityNotificationTest.consumeMessages(1, notifConsumer)[0]; + assertEquals(SECURITY_AUTHENTICATION_VIOLATION.toString(), notification.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString()); + assertNull(notification.getObjectProperty(ManagementHelper.HDR_USER)); + assertEquals(dnValue, notification.getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); + assertEquals(upnValue, notification.getObjectProperty(ManagementHelper.HDR_CERT_UPN).toString()); + assertTrue(notification.getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("127.0.0.1")); + assertTrue(notification.getTimestamp() >= start); + assertTrue((long) notification.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); + assertEquals(notification.getTimestamp(), (long) notification.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)); } @Test - public void testCONSUMER_CREATED() throws Exception { + public void testConsumerCreated() throws Exception { + createServer("CertLogin"); SimpleString queue = RandomUtil.randomUUIDSimpleString(); SimpleString address = RandomUtil.randomUUIDSimpleString(); @@ -148,6 +159,7 @@ public void testCONSUMER_CREATED() throws Exception { assertEquals("first", notifications[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString()); assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString()); assertEquals("CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); + assertEquals("unavailable", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_UPN).toString()); assertTrue(notifications[0].getTimestamp() >= start); assertTrue((long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); assertEquals(notifications[0].getTimestamp(), (long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)); @@ -156,7 +168,8 @@ public void testCONSUMER_CREATED() throws Exception { } @Test - public void testCONNECTION_CREATED() throws Exception { + public void testConnectionCreated() throws Exception { + createServer("CertLogin"); Role role = new Role("notif", true, true, true, true, false, true, true, true, true, true, false, false); Set roles = new HashSet<>(); roles.add(role); @@ -179,6 +192,8 @@ public void testCONNECTION_CREATED() throws Exception { assertEquals(CONNECTION_CREATED.toString(), notification.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString()); assertNotNull(notification.getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN)); assertEquals("CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ", notification.getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); + assertNotNull(notification.getObjectProperty(ManagementHelper.HDR_CERT_UPN)); + assertEquals("unavailable", notification.getObjectProperty(ManagementHelper.HDR_CERT_UPN).toString()); assertTrue(notification.getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString().startsWith("127.0.0.1")); assertTrue(notification.getTimestamp() >= start); assertTrue((long) notification.getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); @@ -189,23 +204,24 @@ public void testCONNECTION_CREATED() throws Exception { @BeforeEach public void setUp() throws Exception { super.setUp(); - ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin"); - server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); - Map params = new HashMap<>(); - params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks"); - params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); - params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks"); - params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); - params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); + } + + private void createServer(String configName) throws Exception { + ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(configName); + server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true).setClusterUser("x").setClusterPassword("x"), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); + + Map params = Map.of(TransportConstants.SSL_ENABLED_PROP_NAME, true, + TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-keystore.jks", + TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass", + TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "client-ca-truststore.jks", + TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass", + TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params)); ActiveMQServerPlugin plugin = new NotificationActiveMQServerPlugin(); - Map init = new HashMap(); - init.put(NotificationActiveMQServerPlugin.SEND_CONNECTION_NOTIFICATIONS, "true"); - plugin.init(init); + plugin.init(Map.of(NotificationActiveMQServerPlugin.SEND_CONNECTION_NOTIFICATIONS, "true")); server.registerBrokerPlugin(plugin); server.start(); @@ -217,16 +233,9 @@ public void setUp() throws Exception { roles.add(role); server.getSecurityRepository().addMatch(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(), roles); - TransportConfiguration tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); - tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); - tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); - tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); - tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); - - ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); + ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator("vm://0")); ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); - adminSession = sf.createSession(true, true, 1); + adminSession = sf.createSession("x", "x", false, true, true, false, 1); adminSession.start(); adminSession.createQueue(QueueConfiguration.of(notifQueue).setAddress(ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress()).setDurable(false).setTemporary(true)); @@ -259,6 +268,4 @@ protected static ClientMessage[] consumeMessages(final int expected, return messages; } - - } diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java index cc509f940d9..bc661402992 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/management/SecurityNotificationTest.java @@ -91,6 +91,7 @@ public void testSECURITY_AUTHENTICATION_VIOLATION() throws Exception { assertEquals(SECURITY_AUTHENTICATION_VIOLATION.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString()); assertEquals(unknownUser, notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString()); assertEquals("unavailable", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_SUBJECT_DN).toString()); + assertEquals("unavailable", notifications[0].getObjectProperty(ManagementHelper.HDR_CERT_UPN).toString()); assertEquals("invm:0", notifications[0].getObjectProperty(ManagementHelper.HDR_REMOTE_ADDRESS).toString()); assertTrue(notifications[0].getTimestamp() >= start); assertTrue((long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); @@ -210,6 +211,7 @@ public void testCONSUMER_CREATED() throws Exception { assertEquals("guest", notifications[0].getObjectProperty(ManagementHelper.HDR_VALIDATED_USER).toString()); assertEquals(address.toString(), notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString()); assertEquals(SimpleString.of("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_SUBJECT_DN)); + assertEquals(SimpleString.of("unavailable"), notifications[0].getSimpleStringProperty(ManagementHelper.HDR_CERT_UPN)); assertTrue(notifications[0].getTimestamp() >= start); assertTrue((long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP) >= start); assertEquals(notifications[0].getTimestamp(), (long) notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TIMESTAMP)); diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java index 21fafdb48fd..5d00cd8a310 100644 --- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/security/SecurityTest.java @@ -269,25 +269,35 @@ public void testJAASSecurityManagerAuthenticationWithValidateUser() throws Excep @Test public void testJAASSecurityManagerAuthenticationWithCerts() throws Exception { - testJAASSecurityManagerAuthenticationWithCerts("CertLogin", TransportConstants.NEED_CLIENT_AUTH_PROP_NAME); + testJAASSecurityManagerAuthenticationWithCerts("CertLogin", TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, "client-keystore.jks"); } @Test public void testJAASSecurityManagerAuthenticationWithCertsWantClientAuth() throws Exception { - testJAASSecurityManagerAuthenticationWithCerts("CertLogin", TransportConstants.WANT_CLIENT_AUTH_PROP_NAME); + testJAASSecurityManagerAuthenticationWithCerts("CertLogin", TransportConstants.WANT_CLIENT_AUTH_PROP_NAME, "client-keystore.jks"); } @Test public void testJAASSecurityManagerAuthenticationWithRegexps() throws Exception { - testJAASSecurityManagerAuthenticationWithCerts("CertLoginWithRegexp", TransportConstants.NEED_CLIENT_AUTH_PROP_NAME); + testJAASSecurityManagerAuthenticationWithCerts("CertLoginWithRegexp", TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, "client-keystore.jks"); } @Test public void testJAASSecurityManagerAuthenticationWithRegexpsWantClientAuth() throws Exception { - testJAASSecurityManagerAuthenticationWithCerts("CertLoginWithRegexp", TransportConstants.WANT_CLIENT_AUTH_PROP_NAME); + testJAASSecurityManagerAuthenticationWithCerts("CertLoginWithRegexp", TransportConstants.WANT_CLIENT_AUTH_PROP_NAME, "client-keystore.jks"); } - protected void testJAASSecurityManagerAuthenticationWithCerts(String secManager, String clientAuthPropName) throws Exception { + @Test + public void testJAASSecurityManagerAuthenticationWithUpnCerts() throws Exception { + testJAASSecurityManagerAuthenticationWithCerts("UpnCertLogin", TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, "upn-client-keystore.jks"); + } + + @Test + public void testJAASSecurityManagerAuthenticationWithUpnCertsWantClientAuth() throws Exception { + testJAASSecurityManagerAuthenticationWithCerts("UpnCertLogin", TransportConstants.WANT_CLIENT_AUTH_PROP_NAME, "upn-client-keystore.jks"); + } + + protected void testJAASSecurityManagerAuthenticationWithCerts(String secManager, String clientAuthPropName, String keystore) throws Exception { ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(secManager); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); @@ -307,7 +317,7 @@ protected void testJAASSecurityManagerAuthenticationWithCerts(String secManager, tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, keystore); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); @@ -495,17 +505,27 @@ public void testJAASSecurityManagerAuthenticationBadPassword() throws Exception } /** - * This test requires a client-side certificate that will be trusted by the server but whose dname will be rejected - * by the CertLogin login module. I created this cert with the follow commands: - * 

{@code
-    * keytool -genkey -keystore bad-client-keystore.jks -storepass securepass -keypass securepass -dname "CN=Bad Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
-    * keytool -export -keystore bad-client-keystore.jks -file activemq-jks.cer -storepass securepass
-    * keytool -import -keystore client-ca-truststore.jks -file activemq-jks.cer -storepass securepass -keypass securepass -noprompt -alias bad
-    * }
+ * This test requires a client-side certificate that will be trusted by the server but whose DN will be rejected + * by the {@code TextFileCertificateLoginModule} login module. */ @Test - public void testJAASSecurityManagerAuthenticationWithBadClientCert() throws Exception { - ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin"); + public void testJAASSecurityManagerAuthenticationWithBadDnClientCert() throws Exception { + testJAASSecurityManagerAuthenticationWithBadClientCert("CertLogin", "unknown-client-keystore.jks"); + } + + + /** + * This test requires a client-side certificate that will be trusted by the server but whose UPN will be rejected + * by the {@code TextFileUpnCertificateLoginModule} login module. + */ + @Test + public void testJAASSecurityManagerAuthenticationWithBadUpnClientCert() throws Exception { + testJAASSecurityManagerAuthenticationWithBadClientCert("UpnCertLogin", "unknown-upn-client-keystore.jks"); + + } + + private void testJAASSecurityManagerAuthenticationWithBadClientCert(String configName, String keystore) throws Exception { + ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(configName); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); Map params = new HashMap<>(); @@ -524,7 +544,7 @@ public void testJAASSecurityManagerAuthenticationWithBadClientCert() throws Exce tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "unknown-client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, keystore); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); @@ -943,12 +963,21 @@ public void testJAASSecurityManagerFQQNAuthorizationWithJMS() throws Exception { } @Test - public void testJAASSecurityManagerAuthorizationNegativeWithCerts() throws Exception { + public void testJAASSecurityManagerAuthorizationNegativeWithDnCerts() throws Exception { + testJAASSecurityManagerAuthorizationNegativeWithCerts("CertLogin", "client-keystore.jks"); + } + + @Test + public void testJAASSecurityManagerAuthorizationNegativeWithUpnCerts() throws Exception { + testJAASSecurityManagerAuthorizationNegativeWithCerts("UpnCertLogin", "upn-client-keystore.jks"); + } + + private void testJAASSecurityManagerAuthorizationNegativeWithCerts(String configName, String keystore) throws Exception { final SimpleString ADDRESS = SimpleString.of("address"); final SimpleString DURABLE_QUEUE = SimpleString.of("durableQueue"); final SimpleString NON_DURABLE_QUEUE = SimpleString.of("nonDurableQueue"); - ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin"); + ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(configName); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); Map params = new HashMap<>(); @@ -971,7 +1000,7 @@ public void testJAASSecurityManagerAuthorizationNegativeWithCerts() throws Excep tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, keystore); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); @@ -1148,21 +1177,31 @@ private void internalTestJAASSecurityManagerAuthorizationPositive(boolean useUui } @Test - public void testJAASSecurityManagerAuthorizationPositiveWithCerts() throws Exception { - testJAASSecurityManagerAuthorizationPositiveWithCerts(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME); + public void testJAASSecurityManagerAuthorizationPositiveWithDnCerts() throws Exception { + testJAASSecurityManagerAuthorizationPositiveWithCerts(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, "CertLogin", "client-keystore.jks"); } @Test - public void testJAASSecurityManagerAuthorizationPositiveWithCertsWantClientAuth() throws Exception { - testJAASSecurityManagerAuthorizationPositiveWithCerts(TransportConstants.WANT_CLIENT_AUTH_PROP_NAME); + public void testJAASSecurityManagerAuthorizationPositiveWithDnCertsWantClientAuth() throws Exception { + testJAASSecurityManagerAuthorizationPositiveWithCerts(TransportConstants.WANT_CLIENT_AUTH_PROP_NAME, "CertLogin", "client-keystore.jks"); } - protected void testJAASSecurityManagerAuthorizationPositiveWithCerts(String clientAuthPropName) throws Exception { + @Test + public void testJAASSecurityManagerAuthorizationPositiveWithUpnCerts() throws Exception { + testJAASSecurityManagerAuthorizationPositiveWithCerts(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, "UpnCertLogin", "upn-client-keystore.jks"); + } + + @Test + public void testJAASSecurityManagerAuthorizationPositiveWithUpnCertsWantClientAuth() throws Exception { + testJAASSecurityManagerAuthorizationPositiveWithCerts(TransportConstants.WANT_CLIENT_AUTH_PROP_NAME, "UpnCertLogin", "upn-client-keystore.jks"); + } + + protected void testJAASSecurityManagerAuthorizationPositiveWithCerts(String clientAuthPropName, String configName, String keystore) throws Exception { final SimpleString ADDRESS = SimpleString.of("address"); final SimpleString DURABLE_QUEUE = SimpleString.of("durableQueue"); final SimpleString NON_DURABLE_QUEUE = SimpleString.of("nonDurableQueue"); - ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin"); + ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(configName); ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false)); Map params = new HashMap<>(); @@ -1184,7 +1223,7 @@ protected void testJAASSecurityManagerAuthorizationPositiveWithCerts(String clie tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); tc.getParams().put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-ca-truststore.jks"); tc.getParams().put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "securepass"); - tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-keystore.jks"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, keystore); tc.getParams().put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "securepass"); ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); ClientSessionFactory cf = createSessionFactory(locator); diff --git a/tests/integration-tests/src/test/resources/login.config b/tests/integration-tests/src/test/resources/login.config index e4156daa8d6..56073defca3 100644 --- a/tests/integration-tests/src/test/resources/login.config +++ b/tests/integration-tests/src/test/resources/login.config @@ -259,6 +259,13 @@ CertLoginWithRegexp { org.apache.activemq.jaas.textfiledn.role="cert-roles.properties"; }; +UpnCertLogin { + org.apache.activemq.artemis.spi.core.security.jaas.TextFileUpnCertificateLoginModule required + debug=true + org.apache.activemq.jaas.textfileupn.user="upn-cert-users.properties" + org.apache.activemq.jaas.textfileupn.role="upn-cert-roles.properties"; +}; + DualAuthenticationCertLogin { org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required debug=true diff --git a/tests/integration-tests/src/test/resources/upn-cert-roles.properties b/tests/integration-tests/src/test/resources/upn-cert-roles.properties new file mode 100644 index 00000000000..f9c8f6aa7a7 --- /dev/null +++ b/tests/integration-tests/src/test/resources/upn-cert-roles.properties @@ -0,0 +1,18 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +programmers=user@domain.com diff --git a/tests/integration-tests/src/test/resources/upn-cert-users.properties b/tests/integration-tests/src/test/resources/upn-cert-users.properties new file mode 100644 index 00000000000..99a23a20207 --- /dev/null +++ b/tests/integration-tests/src/test/resources/upn-cert-users.properties @@ -0,0 +1,18 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +user@domain.com diff --git a/tests/security-resources/build.sh b/tests/security-resources/build.sh index 6aa1e8ea16e..8f3a62cb2d8 100755 --- a/tests/security-resources/build.sh +++ b/tests/security-resources/build.sh @@ -154,6 +154,36 @@ keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass $STOR keytool -importkeystore -srckeystore unknown-client-keystore.p12 -destkeystore unknown-client-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass securepass -deststorepass securepass keytool -importkeystore -srckeystore unknown-client-keystore.p12 -destkeystore unknown-client-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass securepass -deststorepass securepass +# Create a key pair for a client using UPN for authentication, and sign it with the CA. +# Use OpenSSL to create the cert since keytool has trouble with setting the UPN. +# ---------------------------------------------------------- +openssl req -new -x509 -newkey rsa:2048 -nodes -keyout upn-client-keystore.key -out upn-client-keystore.crt -days $VALIDITY -subj "/C=AA/ST=AMQ/L=AMQ/O=ActiveMQ/OU=Artemis/CN=ActiveMQ Artemis UPN Client" +openssl pkcs12 -export -in upn-client-keystore.crt -inkey upn-client-keystore.key -out upn-client-keystore.p12 -name "upn-client" -passout pass:$STORE_PASS + +keytool -storetype pkcs12 -keystore upn-client-keystore.p12 -storepass $STORE_PASS -alias upn-client -certreq -file upn-client.csr +openssl x509 -req -in upn-client.csr -CA client-ca.crt -CAkey client-ca.pem -CAcreateserial -out upn-client.crt -days $VALIDITY -sha256 -extfile <(printf "basicConstraints=CA:FALSE\nextendedKeyUsage=clientAuth\nsubjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:user@domain.com,DNS:upn-client.artemis.activemq,DNS:localhost,IP:127.0.0.1") + +keytool -storetype pkcs12 -keystore upn-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -storetype pkcs12 -keystore upn-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias upn-client -file upn-client.crt + +keytool -importkeystore -srckeystore upn-client-keystore.p12 -destkeystore upn-client-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass $STORE_PASS -deststorepass $STORE_PASS +keytool -importkeystore -srckeystore upn-client-keystore.p12 -destkeystore upn-client-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass $STORE_PASS -deststorepass $STORE_PASS + +# Create a key pair for an unknown client using UPN for authentication, and sign it with the CA. +# Use OpenSSL to create the cert since keytool has trouble with setting the UPN. +# ---------------------------------------------------------- +openssl req -new -x509 -newkey rsa:2048 -nodes -keyout unknown-upn-client-keystore.key -out unknown-upn-client-keystore.crt -days $VALIDITY -subj "/C=AA/ST=AMQ/L=AMQ/O=ActiveMQ/OU=Artemis/CN=ActiveMQ Artemis Unknown UPN Client" +openssl pkcs12 -export -in unknown-upn-client-keystore.crt -inkey unknown-upn-client-keystore.key -out unknown-upn-client-keystore.p12 -name "unknown-upn-client" -passout pass:$STORE_PASS + +keytool -storetype pkcs12 -keystore unknown-upn-client-keystore.p12 -storepass $STORE_PASS -alias unknown-upn-client -certreq -file unknown-upn-client.csr +openssl x509 -req -in unknown-upn-client.csr -CA client-ca.crt -CAkey client-ca.pem -CAcreateserial -out unknown-upn-client.crt -days $VALIDITY -sha256 -extfile <(printf "basicConstraints=CA:FALSE\nextendedKeyUsage=clientAuth\nsubjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:unknown@domain.com,DNS:unknown-upn-client.artemis.activemq,DNS:localhost,IP:127.0.0.1") + +keytool -storetype pkcs12 -keystore unknown-upn-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt +keytool -storetype pkcs12 -keystore unknown-upn-client-keystore.p12 -storepass $STORE_PASS -keypass $KEY_PASS -importcert -alias unknown-upn-client -file unknown-upn-client.crt + +keytool -importkeystore -srckeystore unknown-upn-client-keystore.p12 -destkeystore unknown-upn-client-keystore.jceks -srcstoretype pkcs12 -deststoretype jceks -srcstorepass $STORE_PASS -deststorepass $STORE_PASS +keytool -importkeystore -srckeystore unknown-upn-client-keystore.p12 -destkeystore unknown-upn-client-keystore.jks -srcstoretype pkcs12 -deststoretype jks -srcstorepass $STORE_PASS -deststorepass $STORE_PASS + # PEM versions ## separate private and public cred pem files combined for the keystore via prop openssl pkcs12 -in server-keystore.p12 -out server-cert.pem -clcerts -nokeys -password pass:$STORE_PASS @@ -192,4 +222,4 @@ keytool -keypasswd -keystore server-keystore-keypass.jceks -storepass $STORE_PAS # Clean up working files # ----------------------- -rm -f *.crt *.csr openssl-* +rm -f *.crt *.csr openssl-* *.key *.srl diff --git a/tests/security-resources/client-and-server-ca-certs.pem b/tests/security-resources/client-and-server-ca-certs.pem index 6b882177dbc..8facfd52d9a 100644 --- a/tests/security-resources/client-and-server-ca-certs.pem +++ b/tests/security-resources/client-and-server-ca-certs.pem @@ -1,42 +1,42 @@ -----BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV -BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx -EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp -ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF -b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl -sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce -O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg -Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+ -Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU -mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0 -0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b -Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl -J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T -V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n -7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog== +MIIDdDCCAlygAwIBAgIIVRe7mOWvH7MwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE +ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R +IEFydGVtaXMgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI2MDQw +NzAyMTE1MloYDzMwMjUwODA4MDIxMTUyWjBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll +bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCwoFdWwb9B8tLq7rzoQVecEYLTqBCzoOxw3ToDZz8cJVRg4o4V +4VXXGVyxPslma6SD4PldlyZZT6FYbdta/BUL5gZWXgvML6ZXsV3A7UJFLVO6BJ/8 +lePuCfDzppsb4ru9/8qs2zs0rPmfDmP0dkY8D8lbbXDxJ+ZCxaEn3nfqH/fMwAme ++giZdcOIdidLpWpb6+rFe7L8TuJtG4eHx48L2OdZNNegvAKYcIs/bqRERpbxbsAn +NmnxWKctsnOpsLtqcBtj80qUocxjKkHS5LQPz5mG9ONCUDDaV4jRtqvvYmIJjUnK +eDWfTNIvcAPL51O/Vn8soPn+YEw22TU+Ymk3AgMBAAGjMjAwMB0GA1UdDgQWBBSH +/6+PDDI+NTWJy7Tv65tV9wgo4DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQAhU2bnmHwwrYZRxZOrJ5IuufWs3QqUEGtUomuLYRPrB4/4h6DfMcww +SVUarL8SEuL144kLZMPey0SMtj2mh7qRJJus1y8Vogj/rf3QQ9mWnqo3Cddl8heu +c3mtBgJVN0NJNrFC91blYfJjQ397HbBBBKRH6yL1yMOm2uSSkDqjxc0y6xu8qLFm +WBzC/KSC5ytupsBx3lxMdBK7buYWioVebqRZW0PY3a1T9q0mvtliPHfJCwb8LId8 +y0heN5llCA0qo23KuJtt78YZcfc7OWqoI1yPlGqIjG6+VTZbprccB5WujQN4SAPN +AceTTwfOJPttChhCfXwz1/WdfCqHUPhZ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJAJYwDleGKNA2MA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +MIIDdTCCAl2gAwIBAgIJANYhjZS5tiuFMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMTlaGA8zMDIzMDcyNDExNTExOVowXzERMA8GA1UEChMIQWN0aXZlTVEx +USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNjA0 +MDcwMjExNDVaGA8zMDI1MDgwODAyMTE0NVowXzERMA8GA1UEChMIQWN0aXZlTVEx EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgU2Vy dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA6c3CBzuy7/p9EH1OFx2O+bpBsaZLk3dWi9VaGgRhRMqPV/rR -5hOfZ1oECDkP2RhX/rEgaATS3simYXEApuLcEvoFUFZQzomb2dtSZUJnkhaQzYaL -zHaXZxggc9L8bhDqa4eKAatEEkvvT/u+DDq7l/88ATUwDdzwTg7YbcYbAe10rPEQ -vf0pQzuIFHWqMdYkQAjgBPF+gUgWL/DXRmqowtrwy8m5MbiRdRVuQV85nzF8RiV9 -cU0VNW4YMIcRFOsvKGb1muF8BDeXhrbiYLWddESrPtlQAaEqMv3VeU87AApNtwfC -wKHgtwoUa1pjr0hizocKHAJbtvoEyzI+v/tZywIDAQABozIwMDAdBgNVHQ4EFgQU -fI39SB/hKrHFXIQqijOWKIOk6FgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQsFAAOCAQEAgnOTubyCsTUdA0lrInKKBHaXCZLhPhDqbQz6N21Oakh7oG7i8VDi -uzjMsbtKDUCgl65CBQ/YQNrvFRco9I+7/z3fgLmgPnmHX4lqkuKgmmEExNIiQgZs -nRg6eiuWS+5TD6d4FNoUwEcf5N1m5coiDBRh/8Qp53FyZb5gW9xjPoAP0/NmCQO8 -rXglv6sSPe53Aba1M/uxu8ZHGz4JvBEcSHQeMgBHyp8UsbY/u/k0Zxa3u2grOTia -zostUkgSZDfl356UFcpkzsJklAYUzEAzzAd4FksSo+zLKglPk0O1rdqyQAEgasSe -SZp2cdAB9sxCFwbWXoR4OL85AToghSNvRw== +AQ8AMIIBCgKCAQEAplA+qrw8BxO/4oDumvuHZjxbSpUzoypsMI73KPVaZhJjQvJK +8rdQA7lhx8CPz1V/aJmobmWxY4KxkwgiZfXaeuh6wp1/uI4JM5eryAztjpkwQ1bm +Hn3eOOJIIGsVuY9jh0GcJfApgM94+IUkz9uBmLSi1HWUUnL1veKKXPVbKMNlBSVp +myKYn+Yqaa3wzv/QeVANhTDlr/1W3TOZgF1qQvthXImeSC42Yv97BmusbmW0Y5lY +j5ANQf6WnCMRy8wZJrlv4WWQzgtQyr9YG3Wcwey1FKCyeEuyfae7taw3ROXvn/wE +WaMB7Kbwf+COu2Vb1mPAQE/UOW5m6WAkDMNevwIDAQABozIwMDAdBgNVHQ4EFgQU +PbuffkjCWYOlGla0+FG1I05a2X0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAQEAQqrhvmXk4UlRxFeF1+2TbRtccZxYVlsBdrlgmscJxdGoG534ZKf/ +at/OTXvL/G52z27HfSfOtetp0WOwjhvJEJ4/oVcyn8J/oqwrRJjIeUJz3uIq/2nd +JX2lfnltZLzZ+lUcBMRJR5sJoBmVzRmilnIPpUKV4bu5oCADHc0njax4EH6pjtvT +GXtBsjTyvPOqBpu0AOLltyynmzPZkqeU4ZH6U3HeIwZl8nGovn/p05rPYjbU70RA +NOuIBePTWbQB7vebzRjrr1v4POTM3DXfIWkU13ZIHB24RRwo9zY3IpoqmxpQgTaG +DOmX4nJEqWyqHHENos0fhICaa3dEtvkvnQ== -----END CERTIFICATE----- diff --git a/tests/security-resources/client-ca-cert.pem b/tests/security-resources/client-ca-cert.pem index 4815798aa91..374aafbc78c 100644 --- a/tests/security-resources/client-ca-cert.pem +++ b/tests/security-resources/client-ca-cert.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV -BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx -EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp -ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF -b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl -sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce -O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg -Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+ -Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU -mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0 -0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b -Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl -J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T -V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n -7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog== +MIIDdDCCAlygAwIBAgIIVRe7mOWvH7MwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE +ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R +IEFydGVtaXMgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI2MDQw +NzAyMTE1MloYDzMwMjUwODA4MDIxMTUyWjBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll +bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCwoFdWwb9B8tLq7rzoQVecEYLTqBCzoOxw3ToDZz8cJVRg4o4V +4VXXGVyxPslma6SD4PldlyZZT6FYbdta/BUL5gZWXgvML6ZXsV3A7UJFLVO6BJ/8 +lePuCfDzppsb4ru9/8qs2zs0rPmfDmP0dkY8D8lbbXDxJ+ZCxaEn3nfqH/fMwAme ++giZdcOIdidLpWpb6+rFe7L8TuJtG4eHx48L2OdZNNegvAKYcIs/bqRERpbxbsAn +NmnxWKctsnOpsLtqcBtj80qUocxjKkHS5LQPz5mG9ONCUDDaV4jRtqvvYmIJjUnK +eDWfTNIvcAPL51O/Vn8soPn+YEw22TU+Ymk3AgMBAAGjMjAwMB0GA1UdDgQWBBSH +/6+PDDI+NTWJy7Tv65tV9wgo4DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQAhU2bnmHwwrYZRxZOrJ5IuufWs3QqUEGtUomuLYRPrB4/4h6DfMcww +SVUarL8SEuL144kLZMPey0SMtj2mh7qRJJus1y8Vogj/rf3QQ9mWnqo3Cddl8heu +c3mtBgJVN0NJNrFC91blYfJjQ397HbBBBKRH6yL1yMOm2uSSkDqjxc0y6xu8qLFm +WBzC/KSC5ytupsBx3lxMdBK7buYWioVebqRZW0PY3a1T9q0mvtliPHfJCwb8LId8 +y0heN5llCA0qo23KuJtt78YZcfc7OWqoI1yPlGqIjG6+VTZbprccB5WujQN4SAPN +AceTTwfOJPttChhCfXwz1/WdfCqHUPhZ -----END CERTIFICATE----- diff --git a/tests/security-resources/client-ca-keystore.p12 b/tests/security-resources/client-ca-keystore.p12 index e9588060ed2bdb0c8b2120d8bd8c2cf0be21ef04..86be4a210f1bd91a76441d611b253c4ef163b116 100644 GIT binary patch delta 2470 zcmV;X30d~O6}}aab`+1dGm*E1E-`Nov*Gs9@T7+027!@^B!3dx)bpt!G?Ob<4@#=~ z%zy-f1kgW9n0%=8yhXu5I5^cp6*Rc9=>Bz+#0tS39ebjSt4*KIWoU_*FKK9+v4+W| zbmyOAwk2};ISxGm2h)#gELQ$U2|9OQBNS+Vi!{dqovfvGtVd08lh zolc=4iGSmmaxCLu@oPDD2xQHhLxr73>#u<70mrX`p?jVK>8ZrXIn@J&{|-72i)+~P zD+w>%DjPzrDfNa1jMB#&MsnGOVq|SzP(+&ntBi9rh`&$ZoPjipSO_fd@Ci=Fv9Wmd z9@8Pg#bp`EEAi2i#Q|)wDK4TZ4}>lpC?9yR27d=`fFDkjpd}2RG8#Qajc}=gg*)u> z^A#CRC}G03ehkw;VB&R8bHUtK-tJke@Vkg)dBw6<>m0UjdQ=0?fyALheF?;I%SJyJ zjDfn#%MfxXUvWaLJsbJDa=ZC z%;d7wP0@Ro%kK);wOqc(3Q+-Mjr`u;kAKqzz#Y!%RsgD zKY}f=<=5Sv7$ER7>uln(IB68Oky-0jjuyFO3E)LfV2J{O=>at-F3c2U&~kf<`(KNr z&s?^uOJDSfIsVV#;&vFRLHD1<4B9`qaX67&({$)>2Z_ghzya6vK_++EvlQR}^?%&N zAKKuWQlDj9P7)5>D^ijKy=@QF{-IU{-~~UK5y$D#KQd$gZ^87+(wlI9eo2&;6&LB8 z1Ajtu9}nIV--f`QT8vw+#LI-X)vKuY`1xgmslu#bPtBiyX)B;vAa)PscAw}2$A*`x zW9^F?V>UR~a}HFb$$00M?~1T6d4IY-4C0SF@Vua~3ITUlZ%f-p730pO%LljQz^bz< zyAW%Nk2AX<1n1MOa~cTDOJ;sk726_c%`8X~^y2lP>Zxg8d4egaYLMG}oMZny2O3H^ z1CC8dPqNg`2ZEyh^m*Z~hXF=U_;jIE%=0lv8TiH|Gr_X#;%RbZBMEgH&VMi-P$1C8 z{eL3^E;$f8?#hUkX<|pB{gAPZ*w=2di^W@AYWGfTz*+2amF*@}24)Y%`i@Toe0Kjy zz`hUIX3%enrwtrS(tueFZHns!(V-DxGHIvLQV8k@v0_5lxZ>1Z2*7N{tCwy(-;x+H zMlc};2`Yw2hW8Bt2^29D9+RX6D+@O@H8M9jF)}kXH z*{YfGD&IC{pWrt1a)8}yL;>ft6%F8%?3DtOpn~&gf1{d4<)~EF9KZ2;5bJK1Sa9%f zCvDIIi@076P)PsBorVMU4=-p}SBQ{osZyhCDjw}{$|{h^9I{yAKZ zmsc8@UO#}liWvb8;go;TDVMc0h2{KPQu1OXKhbC8_09;XxMw?o$OpnGFtqa>b$wGO zH(dq8UhY>j=~PqSOqNys6TD+|8ZY46ne)XLa!CqbAdQW~>XzPWQ1l_$LelwAq|$i> zPNDRXvwte^0>3^+*4d>TO8?k$-j2iqxp|jzm_y2JGmSpJP$lgYI{ ze#hT_D1dxT{`i)#C$#=;n{D!Z+iyMdmSkjB7Ju1SA&jAn1|N4?^lnydYCR#@WAK=P zooEIMO$XwdI@m$Orq#N*3`3ma70I`ny)|?gCo$d8EX18;L~Pg3=f#$4w!8Z5cYX-7 zgp3=He5@02==q7Y5vt|BAU_cp?9zTaH{@|p?*L$?lL`B~jow!8P<|n_oun{KTPTbVs^c31+Bj|mm zw%t1jkP-|6mVQ#igpq6woa9Xz?EU*7k$H#E zSs0R@i~_m{;#Jy|ES)EDsBcWgMggJ%w-cMtxuUw#&a~Nr*Y}4oIDA7T8@Wd&O5p>F zzo}$F2tEkOu1(^@<5x~S3t8b|c}Z$f*p!*;^jnTd)&F?dWxA~-?3v_@WW103R)4*$ z@qTsSeBm)!WhOa?ixU0K*H*6WoqvMYsHlqRvN-j3wIu5X(*srr&1LD%OmOQOFJSbO zX8fv-nN%ZXWL;&q(oOJo^!iRYvxPR3D9@^=_(?e9dQZ@Tj2<(CSD({eQhYWh;h6TF zOW(dZc^}u%qB|Ksm-PsIGEV1JIHXB^VEyJs0vE}tX78nK-Fy=t?9SS!$DD~5 zi$B4DC6f*Dg!^bC7b^^?uTha?_|A=5Lh1)%$;OOg6N5LM>6zyJUM delta 2470 zcmV;X30d~O6}}aab`(fotAw8iZ7-2`(PV-+Db1Q`sNa!_B!5z1m}(XJ(&zSg({LLW zCYl6-1keK!t2HUWg8;=~pwU+DK)_JR+AVl$erT&v_DPOV(&KH$j<_S41Gf)mrujnK zFv6Z>V|n6LY6&S%hZC5VQ&xGk`m$=UaDr z?VKG@*GYO8sIhKD$`CoUewg10uTnEOXR__EZY+skG_C@;U!1*qtP|;MJG+!}8F8~s zBP|=A5SdT^uSOYkKU~xTLbs`d#al9dAo$8fy^pShhxw9~;P1-hxUUT(r^k_pVAG3R zI}?=#>wmYy35(gudbsw&Qf>m1B`^V#)c`SSGq*dRa4qK+7u9?Qr|tvKSqlGgjmq|k z=8=Nhv@Gaev+~nmufH)ft1YUnrrfJXH>YQx5}t!#*zpwK#ehk+XByaue^c+~YE9Vl z)`9Ci4c*{2GSLxL-J|_GW;XPB<+|LCOkPmXmGuRhSnMgWT04Q` zj(@wfho}T&I%&Yy-!uC`IbvySmk|li>7P;Lo;K>ts*-oj;Ww$gq@y6l#MH*`3y6!c zOSPvr;Q6v1ZWV6d$ll%a}>#b;8B@U8sD`9=f*6jck=uGa6s zB7+#j5V3(ud`{BdcR*>yE?u!*2I{l>K7S{-4_?y`70(`{Jgd#Q&D7@5MFr-dijZ3| ztjI?OwLfMV)HWGe)&#I5L00jr#TY7h#UwXpR9pNizee~UU~huC{B;EST>h3jc2Gqx zWH88YI9>FTBU%!&g0Cth>{_BH#J9Mz+~mdsJAdiaBo~4KgM8S9FL7HvNAi0%|9`-G z4!*ibhNAt~^GLEE>7Ow{@QkJglVXd^!#ez=4mR@BHvG~;43x-EmHK3FF9u6z#p-z6 zm_db0BWRXWCSUW`qCfI3Z;};gcth&O$0FjQ^Y{KJ_0;_2V94nd??$p|$vnqvT{of@ zIB1MewA2O^ilDZu-O*^R})?Vrz0K) zSh@!f#G>Kwc-2rRYB`!ie;I51V8IgGDU=GjX7qOfPJicYnqN2CcURdx%YWp5=kt>S z)W86X2&<0Ys1qXQMH*bKaWGKddm_yNaw&6njE%=hK=UEZrraqJofe5v_$lOG7Ew=LAY0hHfX(mH`#!@-y|| zx$65gE-3R+)e9l)@ATcH1`e@k^bkqeY=0`YZfcSOVByuO+R7UTYr*olTmqFQNIg;T0X14fm@KOLMbcg!b7Rf*P#H^ z?CK{b?c&hXK7p@UQYIH5v>W8G`o5i_b}=k5z!?v|PrIZxU0hT?lx5R)0pm*01&zWR zsmX**yPrI%x)&kI_-KE-_=^cWje6jz_T4{Z!cR_*7KeGC28%NIDtJm!m>lu6V)nl$ zVbo=QA!y{05*G_vQb|sO#MqnXAi$Gv3KcpN1qf;e8i&l6_C=Upg4k?1|6uV{?L>GQz{NkC?OFP00IIh5HUN1z0XMFgXAK19&ik19UKg0$iX20s#U72vrxmnB}h@ zvyn!195ygCFgGwVF)=kVS{M&AFfuhTI50RcGBGhVGLhGVf3ToeR>8kP^3v+=yy!t! zoDqW4s1UQD>~P&W17|-RB~)PIjuqim*BM-~KFMZlq=Vr3U6&?VPoY?C+gkh;3+4t^ zUJJ}GrdP3D!0kdsEmOJ#pZt~M?g{Yorkfk$yS@L)tlK*@tofe~WAt`LJP*lRZE*1? z=0e4xC*F7Je;@bEzzLrE2$^-mh;}DSrD|L2>cxAq{7&L+8;6I-j|GCnmmiOaO_>zh^g2q@r_f&wLfAya1On0zp;hEc_nt0$5!x%I5w3X~9Q zRHAE(VH4{IkNAh6-!aTENmUxGzY-GS_2Y>PWW(OeM2xmQriZ$bB%7?)FBPH)|E>Md zL)n&|sy7MOW%3uUb9t=>0#!FdNj9-U_g3X$@?%4PdmXSr1f)mnBK63_rrP9^kUFD( z#mzG78@#BoW>_4;{G@{CD{iL1ao$`^bP~I6<`#;DUT&mWTSM60tyA``CcfEXJa@?p z2K+3Ce9K5)H<@J!4JxB;%D9_t@5UK%_d7Xis3TmDlxm2KZoXAETc)=h2bHdk19(US x%>l=gPY2E<`)vvsLVbKQ*Y%xzDu+-O_*wR$*Mfg_0CH*v#z;7p_32W=R9)mnHMjr( delta 664 zcmV;J0%!fY2fGK59w?4x0C&Ft1z0XMFgXAK19>ol19dQh0$rd30s#U72>_WCXdD61 zYE+R$bsRJ>GcqzUF*PwVIa(MGGcYnUFgG$ZF)=kUGC7gfgMXLD1qf;>4~@cwavYdI zO+-nW6l@sYc~O%2vW0%v(x1Dq#YJygF%m-M&>Q`}Tb%9okUTDRibKT{w*_@;>`V+~ z4#NWfd1nImm2skC``mt=(`B(T_gIEkL-IkZ)u3g*7p`4F!mqIb{(PhQU~|hD>Sz}r zm@Rve)h&>9H-GAC8&IA*iy~I_UV9GsG2UQ@cr(C>D(cI`p%i+W{Cp8BFHZZO5+^89W2o6lYs&ye|EN!nKExfiA4K)VB(DYA(qdEh0sPX z{lvqr49FS=crkE{zoNAC)9TDXJU>#C?-`88&k?&9(JsSb@5Eo<88Yh~a>JDQMwsMq zTJe$IbWg+~yuvM;WzOC8Wf|u;$Y*{!hTrugqH^J@k<*Pq#9y!-kWy4$XXHJDEH9OC68ka*S83OBSZOQW zMLbik(^vXBR7u86tQq~U(ExCK0ql1CVP6s}>}VDq@&@5=F=Gj7C@Kvjk~)eH4@1ID y=j^&U8nvh#1hN%?e-zHEj4)QwwEgVG7D=M2Q~A5Xq)0#uSSi>Tqc9TPNZW|pt168E diff --git a/tests/security-resources/client-ca-truststore.jks b/tests/security-resources/client-ca-truststore.jks index feb1f29e51600f7c0e81a95a48d383195be0a8f7..a6e6df74ca703d28e152cf57a1a474ec7edd71aa 100644 GIT binary patch delta 663 zcmV;I0%-la2f7E49w(h;wdP9z1z0XMFgXAK19&ik19UKg0$iX20s#U72vrxmnB}h@ zvyn!195ygCFgGwVF)=kVS{M&AFfuhTI50RcGBGhVGLhGVf3ToeR>8kP^3v+=yy!t! zoDqW4s1UQD>~P&W17|-RB~)PIjuqim*BM-~KFMZlq=Vr3U6&?VPoY?C+gkh;3+4t^ zUJJ}GrdP3D!0kdsEmOJ#pZt~M?g{Yorkfk$yS@L)tlK*@tofe~WAt`LJP*lRZE*1? z=0e4xC*F7Je;@bEzzLrE2$^-mh;}DSrD|L2>cxAq{7&L+8;6I-j|GCnmmiOaO_>zh^g2q@r_f&wLfAya1On0zp;hEc_nt0$5!x%I5w3X~9Q zRHAE(VH4{IkNAh6-!aTENmUxGzY-GS_2Y>PWW(OeM2xmQriZ$bB%7?)FBPH)|E>Md zL)n&|sy7MOW%3uUb9t=>0#!FdNj9-U_g3X$@?%4PdmXSr1f)mnBK63_rrP9^kUFD( z#mzG78@#BoW>_4;{G@{CD{iL1ao$`^bP~I6<`#;DUT&mWTSM60tyA``CcfEXJa@?p z2K+3Ce9K5)H<@J!4JxB;%D9_t@5UK%_d7Xis3TmDlxm2KZoXAETc)=h2bHdk19(US x%>l=gPY2E<`)vvsLVbKQ*Y%xzDu+-O_*vfeg7lct{FL28H{z-*19D#mPVfVkHh2I4 delta 664 zcmV;J0%!fY2fGK59w?4x0C>It1z0XMFgXAK19>ol19dQh0$rd30s#U72>_WCXdD61 zYE+R$bsRJ>GcqzUF*PwVIa(MGGcYnUFgG$ZF)=kUGC7gfgMXLD1qf;>4~@cwavYdI zO+-nW6l@sYc~O%2vW0%v(x1Dq#YJygF%m-M&>Q`}Tb%9okUTDRibKT{w*_@;>`V+~ z4#NWfd1nImm2skC``mt=(`B(T_gIEkL-IkZ)u3g*7p`4F!mqIb{(PhQU~|hD>Sz}r zm@Rve)h&>9H-GAC8&IA*iy~I_UV9GsG2UQ@cr(C>D(cI`p%i+W{Cp8BFHZZO5+^89W2o6lYs&ye|EN!nKExfiA4K)VB(DYA(qdEh0sPX z{lvqr49FS=crkE{zoNAC)9TDXJU>#C?-`88&k?&9(JsSb@5Eo<88Yh~a>JDQMwsMq zTJe$IbWg+~yuvM;WzOC8Wf|u;$Y*{!hTrugqH^J@k<*Pq#9y!-kWy4$XXHJDEH9OC68ka*S83OBSZOQW zMLbik(^vXBR7u86tQq~U(ExCK0ql1CVP6s}>}VDq@&@5=F=Gj7C@Kvjk~)eH4@1ID y=j^&U8nvh#1hN%?e-zHEj4)QwwEgVG7D=KwXGAM05}_$$(&-iZa_c{5g$Vz`LMhb% diff --git a/tests/security-resources/client-ca-truststore.p12 b/tests/security-resources/client-ca-truststore.p12 index 30bd31c1738de1c756e8ab7b8ee4ba436fd14fff..2e57a6382d71cce640788e99bd50d61234f2182e 100644 GIT binary patch delta 1146 zcmV-=1cm$d3HAw)YZTO{JJ3ci|KJ@zP)GjC3yEM|5Q33^B!3mMHmDrWT%Sh-SbXLv zKURQ(1MqX0410zA<2;9#Oj?;dgsb0YmlV zeA^%(06zosoB1lVxb;&r?6Y2U5Ldr!LN0p)M=rO8-6Jv*1r zl8_(b#or_s`F~R=l`(6OqkuzQYPw2vSeay#d*Q6G|2)(Gb7&tY*$93HpmD3;LKnzS zD(Qh0q<=5U^PqCx#MY*ISfX`7iq(ju>!WX9C4G3Tes>cYb>urtH8NCrN^*QxPGCI^ zqzWI1`S0K;uAqFx_{_BB)PX1CzG+RXp zV5iGK`LTD6uxjT@uEWN02lc3Z1Eeei^m?~XnV%M$JvGN0h+ zP~yjLsYwDG*hPKV#e?N6eP^HJd`9x98gse{^zY<$qG(dO!f5s8mV)tt!I8EDDt{Ax zph|dQ;yN02KlMR&JhRj2pFFPZz(%y4I)B&(DcdfFrAWP2JP>tp?>S3)>Amiybke7} z8a26iF$5(GGg@E*pE?hhUQR0V7tGJJH&{Dyeo!-Yj9U_^z|0Lr_}qV+@n{=?zauM5`Wh7 znkZ?tgxRJ(DNV0%cAbqboJaqGlc4kg^&5?lK2I~gxqB7Z5v;#Vqm=%Yy`cwGL^&Hp3SxM}?zHonkmrt=bLizBhVa(xH7I!creG5WFflL<1_@w>NC9O71OfpC z00bax?ASRv{LK$c8MM0(eWRT>qPNHmF!~Ou=g{1l9-Ep36nb--FK<{YIe^MZp`IoE M=N(B#%>n`^5E14Z;Q#;t delta 1146 zcmV-=1cm$d3HAw)YZQl7_`A)--^2Pl`%Vwe(MNB$19FjnB!7kU>1UYWZfu%ArpSOY z7mI*`1Mn>>72s+IG;uUvY1Cuw?q+y=ByQW2-A+~PWN(ii{}Fb37(!!`WhxPqnmC>s zf$4mzJ;;9X81xUVUz6ODj$qG3IUOo_y$^%%trgG7;BOu?uaBu_q$zdzh) zre!J8=;G+hr38z%p{TJ8rYw3@-bcQyPN}l|aeQ)bd4C^85N@e&${`b-Y~ox13{9CD zUb#g9kgX9dX6(&;P*0lx1bPX2!^dvpg2nEQ3t{Q=dpmcljNbX0hJsblW!7j!{Dc9G7mx!uo$UiP zr&r*?Pk;KvL*<~isQh9rf5?s}`_GTRH&_mlU2yemc=l&GA_^bF7e`?uExJQIc9)oz zwqKpN_@xJ9@bL}%rN^CnJg<;`=+(Eal$n~%$o0T!>A7W&K{kiVLOy6EkKLu(4Ih^J zepc~959jM_vm-H%^s4zYV}3aN7fqj-=RY*!?|*1NyQvFSid7$d*zyOmevO#HF*jp5 z^CeI$|8gHTNZ%ZcAUZ654%r(mCM5O(DcAWo7xo&tYMG%Dm`^QP$I19dAKe*P9Ab=! zHuL6p`9j5}*h@`gPJj<>OJ{-x3%@|yFg_&8`lIE>gzerW?$#mSVNTr8u(WWtybjiA zE`M@6ygL`x7^rSHQ}A!?7)A7+hhIc1?1he-2t z@0DBO^qSD%Um>Z(P($?19;fhp1q9D!1#qnlvdB&^Ds&cYU;yS-@G!3XyPaE&?%0ucfb<9H-G5yHJ0gKc;&>vMM`O60ptVPXw%G9?!rl{_ z=iEZE`!=MsPp0!Sj|#F-v@*Ji%)iM4%TIL@c_u^T(rse!C)ZAycYN=c#D3vTqtF*{ zm*T0!8gKIp7dEDRVy>$>NividY+`N`*6#j!&t(wHT;n759VfVkCrC1ZCKy%|P=DLv z9e^}p$L8Ku^DE7CVW|?s8EPQTlD`nT5DeirO}~{X%$BLDWuf@`H6#*`zbZM{m?ki9 zjHiEzS5os;yettZmBkaV$%OJV>%3STLXhj1iyP=rl|r~`xFp_^kccD94%u#Cm5#B5 zeuZ7&v>%-4!2L&|S+a6}L986j^;_IYN7AjMO0AsY+Tk!wFflL<1_@w>NC9O71OfpC z00ba6NQ>MR#A-qB-Cm7LeTZ2PPSr%!p>lc1ZS0(`s)Bh06imUbLHKe@VrHGUtzHxN M_sSnu)&c@25MG5c+yDRo diff --git a/tests/security-resources/client-ca.pem b/tests/security-resources/client-ca.pem index 0d23aba857e..13963f8d325 100644 --- a/tests/security-resources/client-ca.pem +++ b/tests/security-resources/client-ca.pem @@ -1,32 +1,32 @@ Bag Attributes friendlyName: client-ca - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 39 34 37 36 + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 31 32 33 35 37 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCXxwUIaikPjcKF -chyYQE1ESZoUbBjeeVGS+bKFftfSn7uwxUVvWjESQuXQG/2+W5zt9pA8LnWKQ8UT -twV1a+xMDGQOwwL/eWcC95VxomL73H6d02WxMvdYhldD8kGr1aBlvheuXUHCr7EB -/nyj+mBzyxjqaBcgmC17kdUtkHU36mobUJ47iyJW9V57Dvgx3mCHeDPAiSrqy8Sh -FHqa/H6KZrjL3jZup07+tfMEqRUo8zdajOA6P7nLugz2h6DwHTHy8f+c7YdkAzmU -GErmjRkOkOs5rpDjjmBmqNyfXd8Ro0CFOj4CTnHtkxmS6Klk+MgSD/0XBwLSozac -mHLyUEtLAgMBAAECggEAIPYLLUMkzKhsFJ/t/tCEFy7mw8Wf9vygzwrkDqK3yxl+ -YMrOo/qRypX1o6bYibUKlRElTLSIOTEzhO8Lw+7en7tXJW+LYKDkUpwi+80Ysvq1 -EqBcpslbNwHhxLNBOMiJb18DdI3zII0YI0c5mUDgHnV+YTWexCjYQ8wtYBpNookz -utW+pLPJ9T2eQQ5rhZ7GL5UmLhg/ymrQ+uu16iGVNpMCPj9Dzfo434SYv5JaJ81w -vEmyivrVlP8gxym5eeK3sOcDfcoz6WEgW2Yn8yasVULrlPnrGgUh+ptnQb2kqyVS -dqLyBF0FauP38nXCezbfuf+RUcBNb5x+SeKKaQzxMQKBgQC+HKnfCtrOQX2No+JN -/05XqEOjD/XivSocJd2fuH8N4shJQ9NM8CSyEPFB1YQCzOa+OAgYH1C+m4sN2wGR -U0+Y8M+4x42qp+wty7USaZQqn9JBZqLTwPwADq7pKld+uY69mDfKaYX51kyUm5zb -WMm9m7OnM/9UO3Asno+falxq+wKBgQDMYTGP2W9f37HMBp79IoWbDgmW6vitPoTz -5YOXLO3jex/BqhnSh4e7pXFxiLx7ciKRzMad/Ebh8ACO4aHpTqVng9NTHPfd5LaG -BZ/Egu7QYKNvElwvLHp4vRxDfydEZ7Fo+vXLgLKjBwkGVrs+kNTdNZfblmTqDFdL -K6AnlSqv8QKBgDVFWuRA6mb5OvFBhtxMOeueHrXGdyP91ZrlkWB8Fj4R2gWNl9vr -Pp0W2kOUTNVsDQwoLzxzKfD/LMvJHntWWOuGLu6cHDpBq5B5kFeEdhwrhIMG+4FS -hkqN0r1LPBEqdbDywk9Zmk0Tm4nYwO9FxeH3izPDAjzcGual16DX8OWZAoGAJwAd -DxA0+pybNw3EZRWjXTVOiygHkDev80LG26BNPO2P38rv5obKVfp6LWokXYIoKp5j -AF7Vv+Oml51i4jyJv7keKGwMuKEeW3DTThKWM9ldFqLwSGg6brPXouGuwpTu+9N3 -9/91FzsOc9E1JflJRXUmp1aJp0f3mHaYtzT10mECgYBVmuH3T3zcjLcI3VJ6TW+k -E7X40XmpgLLRbB/H5KDyhm4amn6OpXJxcxwv920FBK2C7CVE+FiyfnB0aT/q4I/+ -wNV3m1anzYqAmUFJ7A7ha1eOLxg7jKgfvcN6qfvrSJX43ClWd4bkwdjBfzz6WWAv -dIbe6F+cINGho+JRwdc7Pw== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwoFdWwb9B8tLq +7rzoQVecEYLTqBCzoOxw3ToDZz8cJVRg4o4V4VXXGVyxPslma6SD4PldlyZZT6FY +bdta/BUL5gZWXgvML6ZXsV3A7UJFLVO6BJ/8lePuCfDzppsb4ru9/8qs2zs0rPmf +DmP0dkY8D8lbbXDxJ+ZCxaEn3nfqH/fMwAme+giZdcOIdidLpWpb6+rFe7L8TuJt +G4eHx48L2OdZNNegvAKYcIs/bqRERpbxbsAnNmnxWKctsnOpsLtqcBtj80qUocxj +KkHS5LQPz5mG9ONCUDDaV4jRtqvvYmIJjUnKeDWfTNIvcAPL51O/Vn8soPn+YEw2 +2TU+Ymk3AgMBAAECggEAEUTD9UQBFooOrBCGYLDOx4AAyf/TDjTsGQbQHrgP+AkA +TG6qFKKQ2XRt1xh76WsZzRkIWGmoQrAh5rrq6OTfi+fD89rDDYYVHdrF/1BTG99Y +IcZE/BWNkN7g83l1Dc9nqqZhIvBWRAqrZy0pgaO0rzed6LX1BmbvwNSAspyyHa4z +hDVQO/kTXIC9vSfL47do0pzIyCBFtfazr6Tvk2N4yLVjWVCrbJ1BSuEGUsFIdf+Y +xPx8k5KSsmyEzY9L/Z/HqapMOc9495nQRGf3/eswIYsFVsF+x9o4r8aQczD13DA3 +WZNRXb4dKTAV2lR2B2z1imNQWKBxId2tbHWbfxislQKBgQC6fFuaahTvlTC/lN1d +E/ZpBk0QzLRZ8PkVFz8UcnYHXvrWTGBhwpPQQ8quh6pSXQeSq8mAg1e/Qi8ugjSZ +GmCQP0E0YQ6d9J1OXiUiUREjRAFRmxDfyP1YAWiZ08vuqsjAGQ/KvKz9QWuN2lX8 +9fj7oAW+AxlXXym1prAQSgr1zQKBgQDydyI7+ablsZUXiGGNhzLPJwLHUTaBDEcN +qol6XJzvSWCNKBPG0lLezZ0LXzn0FP2As/ItCh+9XMo2w5RTTS4JgqRt1DhTPzMk +k10fwFiRWKJ6HI9uZQwbv8XVLAGrn2kgvTk9Frlii5OYqDEV17WcsCbLWkf6vxBC +74cYlK/XEwKBgCoXN3W6y87nlYEoUG5ZuxwpV+uayHokcZPZE1vCGfG/9k24H2jx +SfuP0YdjB4ZfiP4J2Akxm/SHM68DpGuKEJF+NXFlFq+ALqEpjqgYNA4Jo2KP5Vcd +PlFGwB04OKc91OHGxlG0FDd1NJln1lCqE/B3RdSFTorx57AgV0zV6XNhAoGAZVsv +0Gp4PiSR8phsT0FpF/dyzedBJYkAWtIjTidQ4yaFWfya584cHk9NiudvznzHy/lt +Dy7gPcSAM4xmgLwOtqMKIW9JbGNK+cswbol1fKzUnr85pihPe3obNRWETT4CMFFp +kAPj0zINrQ8CFeNqY+mvDerblBIytghzLO9a4kkCgYEArFSgRjzfvT3hMVT9Rbh6 +P82dlv87Ozu9ZEdxDDMjcgtJ588kgE6qX/TEQNhie87mXfXH064zUa9pKjYpmOs+ +8c0nKHg93PLsOpyQadgxqEnOn4bPZQVuK/lLSkW+5q3SD3c9bAm03n8oHMeB4Mo0 +TboqEeTkVvI1muHMgpLyJZ4= -----END PRIVATE KEY----- diff --git a/tests/security-resources/client-key-cert.pem b/tests/security-resources/client-key-cert.pem index bb31733511a..15604592d7a 100644 --- a/tests/security-resources/client-key-cert.pem +++ b/tests/security-resources/client-key-cert.pem @@ -1,112 +1,112 @@ Bag Attributes friendlyName: client - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 39 32 37 38 34 + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 31 34 31 35 37 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDABinqOLO9G+8C -jHY0gWiyNcLZEerM1SCvfj4edwyeWOZPfvas6oZde4mfo6y8pZgI4eTDrfIQ+FWI -qxC8l8I8gXfQesNB3YZCY5Y6a18pIzhgKyfGWisw45VR0j0eq50cN6HawA7GLmQi -bA4kAZjRTkbRADUXZ4ILFUa48zWw19t8UCUuWxqc7nKaijNPghKTdPrOwWgdgbwz -GpO93MM//GGmS5DmOKdBOoS1d1rpK8Zk5h56kjfvLm5/cXv2OoBEuZnWQNF1IZpV -qo1e57M/vQWH17/Lhlx5t6+PjzXVlYZcQAmpyqCjFX9CFbBYupArHtpm30X+4YpF -AuqhSMvRAgMBAAECggEAHy+BFCh0TGSievv74IgZzEN96woFY5HDdqzegs0b0AWp -FcUNY8TM4JbFIZeP4K1WFS82m27/DrF+Fq2NkMtmwLPYFRQy7NoAyXxp8//nGwO8 -zqWDlqujMxPq9rhZs8b0Q5ZnY2Loo1f6bDq3SzK1MlzvlFbfyHbHgGxKqZPaJueH -KmdbR2U1Wa7qdNNCC93X9Qq1v3/hIiiBQ0in3plMtikgfC+5hP2DZMR3aJSNTG/n -kWxK4piBIfF3OCHvFusQCAGlRBgonfXLL+6FUlQfzF/xFxeKaBxtCkS+I2a8QPuX -VvLWm5dnGSPrRrqMnPMgZkoE/zFfYozCgEjH2n1Q9wKBgQD3gMuS0BZM68wt6EUJ -okewU5H+5Ls9I6eGxI/4Ab+ygnOpLhZUqGpfK9RM/984FXIAjZ7p6aNnoFGJER6a -7MCzDQkt61DIT7X7NFtkkUF9WAbn3xhB+tqwabD8XETP0ZgQd5kgjTd8myCJLr82 -i5tKuYFpOE8uAtBPHV6VB7FqIwKBgQDGnckm/jRVdRfTiWyfo0wRAPxsoUNUW2GB -JCyDJbX4VAt6IXJMiy5ZWKosSI3txKDFOD+DY1UdSduOsjtHSWEBRuXfAH2Bg0Mp -hXIZ6BV/Sdzge0MX495JUs/7wB6Ye+TrYyys/qdN0iCndQ3gvq9fMZoXi830RNiM -/dUVvy5PewKBgFvIADX2Qn7N5k6T1p4m9qy1oOtECQc4JJS+aaEPjPX2mEuBkrhc -J+4ZA8Z2EGHs2fTIj8iwYm84LWRF2/KZnzAGwoOrwq41mQeJt+aIUx/XN+Beg9Fb -5CMNXpuG3+GtGNXqc/d1RsFHiX41vqTMio7gUdQiFIK8emEMRBnB25G/AoGBAIVB -Y64Xq4ESeJPihdBtPSHDaZhwcb3tOXPtkzfCW15q9PBR9F/KmaQ0Sqg/XYoC/GKV -pHdAc+CcpwQMLJ1dbAnxSVTe/VWhfbQj5jPfdFzcb6bkzFUA+yhyuTwM3/oqVaJf -/Z9rk1AxBNuVO2RoSz0xCFN35wxWDHw76XUXubh1AoGASevvtnKnrzoGfJtaJ903 -YMzFLfdyfDjfES4I06eDjHOLiBVg/tlgcuOpWpXlxlrIsXtR/Q5MM3XnKkASdKIs -MH9jJzyV8dPLOC1U41QO2Be5L+fNn3zTqcz1Lv4mRTwgt/g5YE+dmDDfrRZaGq0M -Fn8JKRZVK59xV5FFH3wqfag= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCRU3SLQDwxlfPg +Gv8hmmumaQ03LBakkolMJMjh/Eebff1SXlfJTLI4hpF6V/YWfJ+NpvXNiztXQYYN +vwszSGPR5xiv6EA3x1GaSr8ir/zC+pTl+Xl6cB6jfV9EcSt7igb0RFUA7hjzDAOa +5/wDBgyDtep15lSwd5AYdUvgeXsrikfYRMsYFMusPTQkkZhTrGNGnyhGRqhKscbY +1+NwC4eidfdPFgKRZwjGm1yAjAZreh4vxURXtGO0P9NxTIXvJGKY7S3OECQt47sj +HTHyNYQoEeZsH+dT4R+4nMSB8DA+YE7hHeKnn5L4aLm9/ThOAhJHJy0D0F8CgOZr +mcmx22efAgMBAAECggEAFqBTZ+QzZaupfGiXn8gRdKesgBI5ivFUYRTlFeeXz994 +08c5NxqIMQF6oFLA+iqjE4SS2/1j2tJVKHS92K6E+XGtR/i1buR15xDg22oNGjUL +fmwuJrWoKjTjN/PAHQxAyEKPUtq/QFrMK4/COUegJoLp+JCeT5n98bY+1GSgRwc/ +gjna7Ns4Dc3cyQGQtUF4DLIt5b4zFWoOkkN4UPT9uZJLBDS6OFVw5FLMqXhe/Vg3 +PFYmHpyJsFZVyZiIQLzuaggBJ8L3zCYpFbOQgrpQ2oGCYxSPFLbbCmnZnq692w9w +zRDOfK7oYvlyiFD5+7PbCuOdhaMGBhj9XFC6fRYU6QKBgQDCHjzMDqEpEvJEM05e +SBfkGqSrcQpoCZKcoTyagI1niL//3wLrBXByUAruS8nLm5OLpsrdJeIXO5e2TiKY +g9FPgqc77Dl91nNSCOI07F9mbS2GgkL4ID1TmtwHeiuUyldT630zLIAFuv+51t8K +q+IpbGU9b6PzEhfdsly7TGmKgwKBgQC/p1j2jB68dOYl9DslmigSMprGXMn1SAar +hr6jNBYyqz5PhWxjzJFOWtcXA9WUHG8KyAAezVTySaw3iGGv+C2SLjkE8oUDRtbv +Ziq9+aF5IB3/m2k4QzAxejvXTUn5rymXVcMNSxFf6lPtyT2mK0PpDaNor3+d8mRZ +ADRp7xxTtQKBgCeT5q1sJiursz14gHf0lvpo/D4ANDD2ErBgp2yQ3UPIu+y9WWj1 +mPGVpETlquUaeUC15xKj0K8P9WS0FZWm+pwNdW9gQHCJssV9DjHgJ6tIg0mzcVgJ +qrdLEaVsoUoa3yc7EjHG1utULyOCzcLtPJVZhmK6SmEaxUbsQL/nWnVlAoGAMOmu +5M2CEqrrCgi5B7G+RFax9ao8yOLnAOPUx6ZFfA0ETBtLPHU7KHo6pt8NpU1UcbX1 +geb5pRR0ZX/jHpwCVWqCluamV92+gT7b7bxGH7m4rkGlqvxK0nXVy+8n0BeKT9tN +epkMCCSv4uIXX89u943JhLA1q8PvJF/PALJL0nkCgYBdV5aPQzFxHFkihkTm6DdM +13m154WqrvP4zf5/6RQ99799j1ipedACfZTYC6mIoHD4JtzTfLwFg9QNn+JBu6SW +EfZPEM6TkBRrUZLX8/KMzgpO1+lAKgokUHh0do3YnlLrTOHY18innwizA3KEO631 +oFFtb31lE+A+eFESJrqsFA== -----END PRIVATE KEY----- Bag Attributes friendlyName: client - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 39 32 37 38 34 -subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client -issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 31 34 31 35 37 +subject=C=AMQ, ST=AMQ, L=AMQ, O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Client +issuer=O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Client Certification Authority -----BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIJANaUYBHdNtAQMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV -BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMzFaGA8yMTI0MDIyNzExNTEzMVowcTEMMAoGA1UEBhMDQU1RMQwwCgYD -VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV -BAsTB0FydGVtaXMxIDAeBgNVBAMTF0FjdGl2ZU1RIEFydGVtaXMgQ2xpZW50MIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAYp6jizvRvvAox2NIFosjXC -2RHqzNUgr34+HncMnljmT372rOqGXXuJn6OsvKWYCOHkw63yEPhViKsQvJfCPIF3 -0HrDQd2GQmOWOmtfKSM4YCsnxlorMOOVUdI9HqudHDeh2sAOxi5kImwOJAGY0U5G -0QA1F2eCCxVGuPM1sNfbfFAlLlsanO5ymoozT4ISk3T6zsFoHYG8MxqTvdzDP/xh -pkuQ5jinQTqEtXda6SvGZOYeepI37y5uf3F79jqARLmZ1kDRdSGaVaqNXuezP70F -h9e/y4Zcebevj4811ZWGXEAJqcqgoxV/QhWwWLqQKx7aZt9F/uGKRQLqoUjL0QID -AQABo4GYMIGVMB0GA1UdDgQWBBQhXlzDqOhheZmJ5hs2zgDKLmGXZDAzBgNVHREE -LDAqghdjbGllbnQuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxob3N0hwR/AAABMAkG -A1UdEwQCMAAwHwYDVR0jBBgwFoAUmQHkKAJROOr1cSjoSuMcvR0s0OswEwYDVR0l -BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAIqZxEeS2TSLoCdaPu3D -i4KaYBKJaUgKNZw/EOeB/kK+yxFEfRxbuQwtrkNt1mg3uEoDvL1GDa/6hZocWsx5 -eWZNQmDmCnsSPzFI/C08XJh4xKe4y05o7jejDnMFWzM6vzRZrGlylEUHXhRdXAKA -TmeZRuysvIwUiZsZksxHGl1dZmFasD7LjzxybSlrkuJLj+vKDHKG9khp7OSXeRA3 -0lQplc20h6SLjbowTjlB/TvebEIaaAgQ4p5nXmKrgt5Aq0aBefqGOmzMbTFxk1nW -Q/hIaO/sLVcmMrAbP802ECg/x6d9P9MPQUZeH6sUwElFr5NN8MDFyVDO46YyC1bg -BLU= +MIID7TCCAtWgAwIBAgIIRtkPjASbSF8wDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE +ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R +IEFydGVtaXMgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI2MDQw +NzAyMTE1M1oYDzIxMjYwMzE0MDIxMTUzWjBxMQwwCgYDVQQGEwNBTVExDDAKBgNV +BAgTA0FNUTEMMAoGA1UEBxMDQU1RMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UE +CxMHQXJ0ZW1pczEgMB4GA1UEAxMXQWN0aXZlTVEgQXJ0ZW1pcyBDbGllbnQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRU3SLQDwxlfPgGv8hmmumaQ03 +LBakkolMJMjh/Eebff1SXlfJTLI4hpF6V/YWfJ+NpvXNiztXQYYNvwszSGPR5xiv +6EA3x1GaSr8ir/zC+pTl+Xl6cB6jfV9EcSt7igb0RFUA7hjzDAOa5/wDBgyDtep1 +5lSwd5AYdUvgeXsrikfYRMsYFMusPTQkkZhTrGNGnyhGRqhKscbY1+NwC4eidfdP +FgKRZwjGm1yAjAZreh4vxURXtGO0P9NxTIXvJGKY7S3OECQt47sjHTHyNYQoEeZs +H+dT4R+4nMSB8DA+YE7hHeKnn5L4aLm9/ThOAhJHJy0D0F8CgOZrmcmx22efAgMB +AAGjgZgwgZUwHQYDVR0OBBYEFEwO7kFtHc2KcjGluOeLGP41MdJSMDMGA1UdEQQs +MCqCF2NsaWVudC5hcnRlbWlzLmFjdGl2ZW1xgglsb2NhbGhvc3SHBH8AAAEwCQYD +VR0TBAIwADAfBgNVHSMEGDAWgBSH/6+PDDI+NTWJy7Tv65tV9wgo4DATBgNVHSUE +DDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAFeYX91Fj+aIHDYVGffFf +sxdiFbWf2aBtODk5SP9o0Qw8Vqh2gfbY5ZiLez/WmGHEjrv2Anp/E19WuXRQ7MSU +5WD5LQiOkUHtnKUBZP4LDLphOV/q6198A6CVLBeVXupQ1ZT6+Bri3rv0tmfIJ20/ +nkcDYuBW4GrLt/d2od0dNgEeinDHbLk7kB8ZmlKy4QcSZwtYWSNE3yMnUFF0aKIm +Eus3TFTHThsoUf8Gja228Sbax8KwWaCk6V/R89P3hP3Xjfo+h081iEqJhIEYbf62 +bsakU11lTmf/99a8432j+4UV9cr13dbD3v756P/9L6nPg8kc1SLnizHXYwzy5ZRG +Og== -----END CERTIFICATE----- Bag Attributes friendlyName: CN=ActiveMQ Artemis Client Certification Authority,OU=Artemis,O=ActiveMQ -subject=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority -issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority +subject=O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Client Certification Authority +issuer=O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Client Certification Authority -----BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV -BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx -EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp -ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF -b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl -sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce -O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg -Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+ -Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU -mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0 -0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b -Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl -J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T -V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n -7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog== +MIIDdDCCAlygAwIBAgIIVRe7mOWvH7MwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE +ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R +IEFydGVtaXMgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI2MDQw +NzAyMTE1MloYDzMwMjUwODA4MDIxMTUyWjBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll +bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCwoFdWwb9B8tLq7rzoQVecEYLTqBCzoOxw3ToDZz8cJVRg4o4V +4VXXGVyxPslma6SD4PldlyZZT6FYbdta/BUL5gZWXgvML6ZXsV3A7UJFLVO6BJ/8 +lePuCfDzppsb4ru9/8qs2zs0rPmfDmP0dkY8D8lbbXDxJ+ZCxaEn3nfqH/fMwAme ++giZdcOIdidLpWpb6+rFe7L8TuJtG4eHx48L2OdZNNegvAKYcIs/bqRERpbxbsAn +NmnxWKctsnOpsLtqcBtj80qUocxjKkHS5LQPz5mG9ONCUDDaV4jRtqvvYmIJjUnK +eDWfTNIvcAPL51O/Vn8soPn+YEw22TU+Ymk3AgMBAAGjMjAwMB0GA1UdDgQWBBSH +/6+PDDI+NTWJy7Tv65tV9wgo4DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQAhU2bnmHwwrYZRxZOrJ5IuufWs3QqUEGtUomuLYRPrB4/4h6DfMcww +SVUarL8SEuL144kLZMPey0SMtj2mh7qRJJus1y8Vogj/rf3QQ9mWnqo3Cddl8heu +c3mtBgJVN0NJNrFC91blYfJjQ397HbBBBKRH6yL1yMOm2uSSkDqjxc0y6xu8qLFm +WBzC/KSC5ytupsBx3lxMdBK7buYWioVebqRZW0PY3a1T9q0mvtliPHfJCwb8LId8 +y0heN5llCA0qo23KuJtt78YZcfc7OWqoI1yPlGqIjG6+VTZbprccB5WujQN4SAPN +AceTTwfOJPttChhCfXwz1/WdfCqHUPhZ -----END CERTIFICATE----- Bag Attributes friendlyName: client-ca - 2.16.840.1.113894.746875.1.1: -subject=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority -issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification Authority + Trusted key usage (Oracle): Any Extended Key Usage (2.5.29.37.0) +subject=O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Client Certification Authority +issuer=O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Client Certification Authority -----BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV -BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx -EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp -ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF -b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl -sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce -O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg -Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+ -Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU -mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0 -0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b -Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl -J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T -V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n -7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog== +MIIDdDCCAlygAwIBAgIIVRe7mOWvH7MwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE +ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R +IEFydGVtaXMgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI2MDQw +NzAyMTE1MloYDzMwMjUwODA4MDIxMTUyWjBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll +bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCwoFdWwb9B8tLq7rzoQVecEYLTqBCzoOxw3ToDZz8cJVRg4o4V +4VXXGVyxPslma6SD4PldlyZZT6FYbdta/BUL5gZWXgvML6ZXsV3A7UJFLVO6BJ/8 +lePuCfDzppsb4ru9/8qs2zs0rPmfDmP0dkY8D8lbbXDxJ+ZCxaEn3nfqH/fMwAme ++giZdcOIdidLpWpb6+rFe7L8TuJtG4eHx48L2OdZNNegvAKYcIs/bqRERpbxbsAn +NmnxWKctsnOpsLtqcBtj80qUocxjKkHS5LQPz5mG9ONCUDDaV4jRtqvvYmIJjUnK +eDWfTNIvcAPL51O/Vn8soPn+YEw22TU+Ymk3AgMBAAGjMjAwMB0GA1UdDgQWBBSH +/6+PDDI+NTWJy7Tv65tV9wgo4DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQAhU2bnmHwwrYZRxZOrJ5IuufWs3QqUEGtUomuLYRPrB4/4h6DfMcww +SVUarL8SEuL144kLZMPey0SMtj2mh7qRJJus1y8Vogj/rf3QQ9mWnqo3Cddl8heu +c3mtBgJVN0NJNrFC91blYfJjQ397HbBBBKRH6yL1yMOm2uSSkDqjxc0y6xu8qLFm +WBzC/KSC5ytupsBx3lxMdBK7buYWioVebqRZW0PY3a1T9q0mvtliPHfJCwb8LId8 +y0heN5llCA0qo23KuJtt78YZcfc7OWqoI1yPlGqIjG6+VTZbprccB5WujQN4SAPN +AceTTwfOJPttChhCfXwz1/WdfCqHUPhZ -----END CERTIFICATE----- diff --git a/tests/security-resources/client-keystore.jceks b/tests/security-resources/client-keystore.jceks index 3d9b5ef86689a431b17b0bd883968c93d41178f5..60743bb46ffee34ad2ba24686fc87b754bdabce0 100644 GIT binary patch literal 4163 zcmeH~c{o&k8^>oeMnj9SOd)H?dd9w&T{Vep*_X*~WSJ;YjIt&XS<7HTB1u%1NFfp7 z$r{@kwKybErTrt!oZPhSxnDYjZ%5IC4#mY%cj;@bso!?M-(VApOR zipg0rU#)HokBM+TNvEANGF3YnF`6eS?JdtUpKSh#XIovV|yA~&X) zy+8R=?TPgGQu5k@d)c`gCk{8Q1oKrEm86Q^W=T^tn3?#ZsG;gR+o$p*e7u_m=fHJh zX_Wzkop_-+fB1T0l#w!}>~L?@oYGx=E~dKm#6-cM+06$+f(-G{)-az_k=-J5WcS|! z+>k*J3o}2GRWy?h`3DYz_Ksv-g-CqqCQ4v*K^y(1<|o$m=-4Y@=b4cHUjX z5)Vm_Ch#+Ab-b_c)Khm~eIXT88#>$XgN|Y5@o`LO4uxt`KS{|2a9`A)JsCS}WPJ3{ zxJ;XlWl*uU4}@ z=^U7sy4c+m_R;v2x=XQ!YtUmxP3-*!g#`KjUQx4Wrg0C2KYN)6Lkr(_R2s}j4|o<6 zKPEK4v*77e-~#F2q1sF=NAR)_G!q7AU5!5u=kP3`u3-u&h4tMy#$j7JKIXvD*tv?| zD$e8+tK`;|v+b`oA;Jt1My!!4HO(!dZoXeE?+!&B8UdLg$3!f(Yabi?oK3utBkd+J zBkELkL9&TeW+QgWl@-xbD@K% zZEVxiqWhGfi}eD1$=ZB%y>vB~_eGt|0mVy{oPhZx-2~gS98?n3wbkW{aotKn(2(Sy z$5=xd#~s8%kQ4eb&1b!`uE1=3{Mf;OqB*-z%hNZL_iJULZdb1iGDUiG%*eb@VQV*J zd(oI9YoFV#HWZ_rQm6S+>Uf+0O=GzWgw`kv3x8DFa*1^uj$QuX$G9!d+q_`(Y|wqF zEn9H9d4u)f-LKQ>FC0?^-YklzQo4*(j@R})khgIQXd^9y+?+^j@%~bVLV4JUuv!Nu zrqgJe2fcQ5)_t~6G`OP-q2LuGTTlp82h;r;)Ekcs=97{wt$jNO*-yyL&ynYQkYsz+ zxN)`>VI7~(gd+aNd#Uo1iNmjjDqY|-?s>sM9mBvv?h3K*osj8_j3S^40znr6B6JQQ zLOzh75HJLSFc{c#9hPO}2(ZCfB%+L>Xl!6Gk_iMjV)g-h;7|+LE)+r=NAL`CJ!y*B z3+&!;AyLfQ0R&gPXCOueP}=c8QL_J>B=B=cK=*s!70`7JAb7fY;+zSd=X?dU&l5b( z1$YuJ0s`D@a!P;#pbW@iFpBav=sj|nZHGKY;im)e$FKsscAgGLLAAHv{?kJIo5lRY z`k#Uo01o~Lmis>h3lPCVza|3A1cDO5dqCU%T@WG|3`#O1#2?kbq%MyhU;RictYtk$?fa}o+x-^Ht2X-BcuBjt^7T@-ZL=cCFk zrkTg%0L`P9S)rK}IuyNyzcS5Zd1h=!fq%g4Snwj37_`PXe}Rd&w)U}AaH&}IuMZx@NMUkZ#Rq!#(~|I z0X*NkxB$$(XOwvKmLjJ6G$6k-ybmS?ND#SyNU)6akD`%r{$5Xbe8K00Q`TZiQiJfGeCMno*X>DyOBW7~A$_ftqDOLx_(8sGSLiU^`WT z*j92TCT1w)*Uj6m;_b}?gE*(TX{NZ1JZ83Q24Rbi72GbIl{o_>yo#!-5yPX4Rl~9< zC}ORDDn0(vk=}IY*Eed`AR$*!j+V~}CbO?orkpmU5jT>w=d$mC&u$@EtDRLHXQ+;$ zP*SQCcdEmT$%mA$>j%b1YF4V;--zLl+%<%{j9QL*wLPT;Hfe*&{wfH<&zsbKp z^Yr5}W_EYv8Eav^Pr_m*rUZ{XQFf{_*1W}-N8FSFPbjTg6di17d}K``|L)ke+(Wy% z*_ZHDEBcgT%<(W$;fg0#v>|fYspRmoo-B0!{xNFj<%J?h(khQ;>eYtJ+t3ln5@E$UE8o$9gX3@9b zu3W3t&6^xKx?!ItYJDpA41UOl&WW6cTRI@yWecpz?HlHF^rg+JVL9~FiFuYU%LQ3H z<27}RwZSj7KV$(WJxnd*1GyJsn29~>D5gF%S#RQ3+xaVa{ zooTxCm~K3d=ZTJPNksNjtQGo5wUBhb_#?h#J%ihez71kZo{MJ+r5^|0e^le;$Aeow zo|4;+lhE#-e6puABWh(r#{?L(is`C)u;Ajtl5p(p1;rd}x2zwujbc`Bc}0q}vE_tS z8c@`7@l^gnx*P!f!ug+KxFZsLC@`1-V*;Stmp>HKcLW8^+$iaxKxvd|)2#<$$uiGZ zONMu)?DaO!^Nx2$QJE9hqe-7I?Z7dM110tB?BlBwvB0Y_S_edK?HlzxzzIjzJ zIGKD?Ex+lV9F?cGsNC%gZzG*dq)7S}H29C$VF~OtzSCTB*BpGw*0#F+!=+|xrJ^qe zTr`4Pk#M?HbZDEAgK~x|f=wbH|MpoHexZ54KTTcLt4P=`F~uw9y6+1MCEJ3hyv(T& z6QCE2pzpvfw@xv4h#Thr!=u f{!QjzM&>ld{&~o1tBMs?xb4MPIXN(YE5|%k&tH4 zGLj)gDN6Ao#6e_vsm}X3@A;hf^S=MQ=dbg}^SPhvci+$RT%YT{zSng>U0q#W002OL zTo3^16+rSiMF9XviZ4Lh4FK>NkOrRw(MS#@Bm@pogbF}F6r7!96+r%#i9H8}!MF|K zH2CA^Ui&~{RLU{1$qum7EpENky3!OvY0yev_0>IA|I5({r=Hm%R-~fXm$fM$qn<$B`+?%Y=L=gZ zrg`xUvXXH`+C@kYh1vT9fQdPS*oFNY1n69=F4 zsbV#~VnP=qE$0dvUdwXo%E)b|?z&Yhaluo*%|15N-#)db@a*F0RsFEc;?H?USAup& zl6s3u6zdL`i*`o06mnf(;ia#o92ySFR2mhZ2xMG(w&YBWda(Rx8n`b$lN!Q-1dWK$Q%N9})gQM6Jx{`|I(+Kuk;VxsNl)a|E+ z(PJ+>g@>bgmsG7Lu~w`}TRZv11;SW#6E{uPZ(#1%sn6l{gN|}(9Un~OPMOx0T8G7( zXRKp`g$6B-P$6>0;}ezdjc&>{j`ihIt!EXqD{FwcvY5MP={NOy^&|CCON5`!TaY;l z>#zNEC(80}=1Qcpv|+G7zpfjmW))rC8;{C6LiQ7TQ5t1sM1%QuASSp(B=53jH>)@D zURoYd5|^VM3P<)kyWSxT`bBlI#y&^QCEpsE8Pn%OPgEftCSjdC!9~rheDe3LWrt|O z5(i(Do~dU@6^j%GYgbhlR1aTEa=5+WVi+bf5CqSj_l$c-H)VEa93@PRK6kU~`j808 z40D5c6ef*?o$6--rDN6m=eP)~#wrbXNsO<4%WUu7!8E%P)q-X3fWe?Xai`#FG0ru9 ztK)#r%iRzG$UIOs!ch{glM$*>_5}G9FY4SiW$N%q_vGMB=?y4)nnB+o!`V7?BoGc= z{%pp6b{B_qmH6m&)IMYm*NO2kMeLP9^_8B)uZ`|^Ix*(@UO$w!6jxuTmXCQ#`s-ZUsBdkz9$CGKemtT}49l&ZG41>CaHm4!x&1N6ETX3;A9abk zTwe-la#3o3KJQPf+qroQ<)7jP@Yk`)^VkeQE(k8bm6Zinb{-sZHg#HN+{;llcoldo1;zWlvey&Sjwt*LZ<8Or*W9&nwkbFsAL<%YJ6owE& z@ed@EC=nn=gd3*;s^f52tR_|+>m-W8VYdVvPWy)d24lHE&h57&1z?1&um7;v|IK3i zZv9WrVnC_y&Wij8XF(c7`uBl=AOIK*fPAClm0a}p?lR9^rC1#s8*1h0Q1zA$;E{pkvTV#)fToBaZHJIq z!-8hjz^k)%vZ~JF`7`9piR!jA{tU`$*F%3vYLmKnM)PZi!5ZuIyiC(f8OL?UcVtLWY^^*w=cSl-!W)L#0@-P#=1n*S6;fL*_RdT zV#x9H)1nfgXd|I2$Hr78sUhFDrW>P)rqIc2=1dk81_2-?)Lf971xjwkQj!NQ3>Vzx z=EAr&L5#>t_$Z;(1w2(H=6HkZ+tYk-Wl)hO^1TPE62B*nD)C!BoeZXN1O$2!1N;L| zQ{v#!TP+&o*nUU=4g~>l=l1PxxF{%mUN8?bCJ#NRGr1TnKVkVE-7KlxJp~GEFOY?A zX9fFKD@P#MV9?)h-c}ZGZ5{+j%xl}9KB$pYw8v@RCq@$OvIl?PR>wckI95&~XPUCP3A(yK&)fLrnN62BB?~585lipfFYfB-|mK4u=tV9q=#sBeviV*@EBoH~8}e{n3!_L5-X z)W&IS!@ni`|6TZRsOLOFupd`IU8Kj5(Yc1!CKi_k14Q3M986!SiHREMxq82<-89e% z%Ww3dTVlP%IsemAs-9{{qH()GJtE}9^Z_n!9tLzX!VkKf6tK1uTM2@*)jI0 z@jRidugIrGq{5XzudIe_oGn@PIL#ED^cTV8szj#ssicNzPac=BE8LqT?Xc(;$@2yK z#v?9Vy){8`lG%1m@XY14s6^ie<{Pb3r8XON3-F(Xoit(gQ=~kq^Px0`*_4=yoTfP#*82mn{P4K4-vGj?by}vx>N3Dyn zL3>KH@^i`ac2-v3QOAMc??C@k4!666qyPl62}gjit>F*J^o_yLyJ>m2K;s0HuV*~o zC9mzuejXdsZKk%~#;D+WERGDv1|>fzuKl%lveQt{;84b_Sn{LieD_6Istn?6oBLZa z+>|7lk-1`)I~L^hIqeO_wry7vUFC{T*YKi`*tqs%zbJg{+eM@4IJESOC1iquW0?%M z`<_sXP%?~+t()1OJnq~+cg1Iqt#Bs=4=*NFy-TrBq=*Y56Ce~pAQBKoH;Z1{(irid+zUk?ssN)Zg&m@0zrP9 zU=SSV=4|gy0D-{w>?^-SfIti&fC$?LIN&TYa4-xk4dDiZ89*>1Y)T8&5Tw?>>Zl>$ z=E0I0B%(;!jScoXT{UTP)u$>+w_?vDIm}sdPBZO#+H#qpR&PXE7KZBlSf=?#N0>hP zCXH^@oHq-djub`POxKdRa zXXml7kgwa>^*wpy3b7X9ZK|OlB|dox0cFANiKTtXmx@ zbm5SxhE)Ytgpw*Jj*pDb;hSk&pXpDPHP3ugP{<{-xOi6yb&Yy})mN;B8QQ#IRcIUP z{uBCLC^fy9{e3}^T{q!%`Eg{CB4-xK`k@U^s%TkWm7sp7N2)ir#~(Q^jys%bkk+2{8DCR5ZSPFW?rHYPHX2EA7hHZ3)82DU;|B3w@M^zg-~>ZTo7b!qTcw=x zGMsqV(zVR@jz31F>CwFLxts1i!Q1%aQw}si^jK!*v-B(W@YfT2*>iQsWzO#CaP?K; zSRB5T)G^?eZsb2!JbLMi`xrI1qm*>{*>HS&B3CMM!H3I@VufsAJ(}WoK8Ku;|56y% z@e?+=wPC&@ta18FZly%GnaFMQRFtAPwMI<7{WSq?WyP(1Y^VJZN@sAgm;aZg3BLfW zq^tE#k<59Hsv$?TXa3vMs>~(#OJL&<(v zi|{1LHLAGp6IeOfJ3}7M6~Lvdmgohw7zhc6JkiM&4brwDsh$atS{apO48 za6~dIw@2q{18t$*AdB)=^Ue`sFbxYY2Ld#2Cn?1-x>Z%dPj5 zOq~4f)4Kjvt-3Nr0AE~LUaM=|9yhezLw`xP=?4xQK368^W z1a(R%;SLM+v9g?V*+2-1jAGrAAy(Yok*;xU#Alf^N<`k+$Y`&WHRQjc7=OPi(b7%j z`Q}sFjueiPJjfyZ_?BUvoVQm5R~3)v(p2U7&G|*UqQ%KLU9q3~ci6-J$|Ma|!hwJV^|nhKPaM z-+Cj%#gj-t6$FAV0YvB=K!o(d2DE@E&UI;dT zW&i1LUMPzG_8%70zgdjmt^X-lQ9$^6umb-fSbzu?`+XwlN&zK;Iq4DtW`PjFU{Hc7 zfuyC5NLd*G{Vzhz8`_b*Q8P|7AtT8PHPgNok0x;|RLD{zo*4jyG z7*qs%J*$Equ4_`TY)VVH**N`Ny;#}yo6Y3$4gUa7;k@fuw3kd^415)B4w@HSVS}bm zZbRX0p_Mb&Cd{7r#tUBidBi_ZCgyA(x>fK%Yw>ACiG))$W%|( z$lPl*Lw-ntBh$MKtDCWK*8pL;CN$<5?wRICFN5#}3A@xe*7zEA> zNd-bu03muVg*agRumc7h^C-MfdyF^YLDeKla2JW_HUSj&hq+-V0BNGYcTqlR`@LvR z+J37iycdz#%>!ra=Hzje5D5#WYc{~VzlawG0YHGr{;fDn5a7RgAabuPj!j+ziHvT2 zwlJGvPGdSg0`Trnkc9151ruG{85kI$kl$|}y^86Z2L|y?2+)ji8@Y_^;kwtCuoVJ! ze3jY#Id~OSRlPl@E;eyUt8UaUnm!RX7|}utp0^dw zxAtLeu(xq&cVlXANA6KaXv>ivu}KnwjAL6KPu4vJ`WO3tboL2!_N{)fZ!S=qI$kDH z@rSJa)$GgD*;fGMk$?*Q*lz~%m;V1D{5R5{SX+ikvT= zgQuX5nnxtfY$&(+M$O3wt;#i899;85M>ek9J!WZm{~~_i(l#IK1l+=!wN0)7Q+}mk z?u?GCX$>rUJB2#Wytq=3ahOv3a_>X&fSO|QMm7g-)kjyIv*j}0b4hCAOw)a-A>SDh zT3Z8i)+SThwZQqtJE__z-LTU*YlzUJ3HoE`XBs| z*#_Nmp3v4w(|U{G6FD2ZHU>)lNDVt@DKk}dBnW8BxsoMA*8pl^PtxSofHvPO+& z{iSiJ6&?HhbU|cIf<#6!S&lE4X|H6bQ@j68)?;O6vi-6^=~e#{IK*68TVJXC49#NP zb{VG~94Pbz1E4KE&vEcJqV*IJRrgr(+!*zw_4i}HS+0G|U%D5Lacnw(@5O`|c zC-`H+t=;o2FKhP=mYA-W9DCJor|#Rr3g12v8Puw0t(<1h#4eqO|4@~IUwC)Wi>9XP zQYdZ}m+TT1>;B4I>2kq~BaA7fx1fG{&~|Whk|E=-5?go{!86x`6v%7$f}|sjzFK~h zVCL^#P!?zVYn@V@BXXymiLxHAQ0r|0R|x) z+=xydWDp3P05q!9B@q2U^howI>c z9i5^KytOlB*nm?iQkmQaiN$^k2J6kQrRRNYL{4Z#35+3Fb0PD$>T_Fr5l&BI-`~7H z0SWsgY;dADO^y}!g;Sb({cW7mB6>Sy&gF>+O#}C?fzc9ufJa!;?J68oCcoFsVT+P> zdN}Ioq!)mGp`h z=uX(Yy4H@!A2Fa`7@gjfd)DnyFY-L%5Seu)U8C<*JVCnBL&bQrJ!ZzCa)?7mMvkSf z+s|t&ShlKT8>8XcaevV_iA<)oLry7a3rpmcMU>el6jh!CZ|>|wYBTGn$)nN^Z+Qmq z1%J4?yo#)G2g0wX&m|-gAo=m70^m#*BS{gujb#L5S42pwMu<$I4jid>G`T&ln0D!D z(7I1cg#g)i)?qb!$!8177Ik7BrZ;B&Sc(yCsXCcjf8@-?yYvxg}R~A;0p;W zWB2&_0TF*y`utAU#s}`#OYU@1Gn@FEgCEgXzrH}&rKSsehxZqTJ>Lo(4!(lo-1#g@PSoUA!@?o}m2D>X!pLA=WyHyJ;fJ2EFVrwO5I+xP1^cldoB zMFfx4=85v)gJ){LX3<-ifH%j)xWZ8i>6?CgI$e{7=q-+$Z3s&wcf z%#_TzN{_%RAzj+C8A69V2kKeF9wJh$ye7x_)RIeXez6 zMm&+W+)CQ{$@&}+W=guCv zoJlPxUb4LNP1(RbUcN04)_ z8HzRZhXk1~B)ygDC&MSV*WT;r{F-(1edB5MC&ialb&Gly%o*%rUrfFfXYLubqAGhh zp3KZY)!Z{fXmoE#3ocr%4Yx)On#XM4M?5mq!&YQI^_S0t#Xo?GxHH&wI=RkRG^`Q7 zH%GW7N*+)KfuO4Z1xf`dkdZ!sK zV-^8t^&9E*gXFngC=6UW4?oM-jQ%6o3vE-Mm(0~OKW`F zirc}L7^KW9m8xSS>-?{51p`wRS5O{dUO^k!aIO065w(7wBROYpC)&={;u_&G zqffe`Z2}%tCnw7fXGGhm(cS7SEanQ+;Ht5Flp-bg#(6?}Z!%6BvT#GUs~-XdgTTcR zSwKVvfZWd|k{Nag#(BinrnT$?J|H`GmS3S4)QQ4pIs&o>(`>L~fFyt&@z;UqP7uZ2n(C)iC98Lp;{C@NHt9XC&z@WJ7wv(x^<>Cv)tW=j<<0(1z z?6E{$digvY>s-X1MpGA?R)~OgJ)?A$ruzs%@u5ESaib1X^_Qp|0jutS0B1uD`&s%R zb{txFM_R=u%fGGkVV4nss#whI4Y!uXK9M_DK_sPX)7WyJw}FHkxn%1sRXk4MjLqdu z?LNtO{=75Zsz$XdS%u^-;hH*Ski6K*NQ&OjB`(cm2Cym)m`P;x+>7}&KJgJ?q^!Ps zeB4cgk3h>hmG5GEp`0?VR<08f@Fg1S*6oh=N;@~Axur{3S(3I8#nkZQdK6g2aUG>0 zxIq?m9oxg@oXvXL)oF$wo1eWf>76dYFqprC)q(y6f51NcKKt;W{|)|ZPJ#fq@1ofs z()Jg_k5S%-Ulzc~0*V;91Nira|9=So4fV_pIPFCVmc*7Ql0cT4p_X0_ryI|BfNARX z-Kfyffr5sbXWE`tXm*YFef+yk)_KbtDJm$RIL&7q58ytoOQ#qenOh;>0$d=Q8D2#f zzP=5;KIn7@vuPP^p}DGFK3wS3#9eh>y`}mNcrUp4i@kRj&jNv4C`&r%>acW*kK)2b zev|y;@khvQ?#JCYt_z{U-{q!wwImQvHoX(>^o5;(YvZ!2@GM!}aT=ur$`~+LES`=0lV&t`) z#+&-#mgClQc9vak8puGgLS7bW)x^Ny2kICA_#Nnf%He@aAUVL`Z!kCj-9P=In7%XU zd;e-S##1v^>uaF>RKm`YYcHdt`gCM=+ghs_pYtL7(U%gQ6x~}JTK$8m;+<1`?h=ZPo>Ca&v9M^i7|ty{Qs%2G6M)_23J>G#El&W<`|s^8J<}`tZo+gw w+Mu)p{^t)$>ECGn>8HWpX#S1nUxp?mH^?pUcKLwq2lf~DSwupbafl=T1if~^TL1t6 diff --git a/tests/security-resources/client-keystore.p12 b/tests/security-resources/client-keystore.p12 index df084e2c0894ab8415e826e4a6fb3efabee74c33..d5357c951b9c80091308e612e435555c77dcda1a 100644 GIT binary patch delta 4714 zcmV-w5|!=PCfFvBb`*a5B%q;etDdTCCJGm8b~fBqJA#uj1|)yy;M8T1_l;8n6jyNT%^+qfaRMgLw7WGRCIn%?8_}df_IY?Y&s! zF8m$T*agunmn(mJ4jr9siHfGNHN%2%t9g?ib$hofeUz`?3pYHGF9^#6EbYiR>b@Vu zBw>`z!IcI&V8wZ}8Dyrl=`Kap-^0;rz-+iNA!^G_cS^oem9W zy_ zc!}Nd@KBGqO|aAllIgJ{ln!0xOi408*mCxnpR5-*eA?xn>95vbW{?p1fdze_>oJnp zxe}AXN3ivwau0>JT%y@{BF*bhY6v^++Ek`qP$aUBtC*KR34_psM8$6?Ow3GqGE@?==-QDA zVUcJB^e4fJV-c^Xfj4^v{SrE}pzp$oB{X3x=iJcNN}h_NRMAd4XoIo~kB(y)NYNMk z{|J9X3Jjz94jDPt`+-Bzp<)$M4ef{X~O@!!2ZCRcHCQN1(&= z_oj8@3v15B;^&h)7GDSEp({o2t=_=m|52D!Q`ew?}5viZ(5@OsvvUkw#$E3 zp&-Al7l?1$Vk=Fo0#i*_Ue}#k9I84gSN)VQyDBFZhtBpi2uXb87jDY=`Akt8Uou%k zU4!DpJvUq{Bd7oV4Pi#xz#{E70rRXy)<|oKpFURO;Zkum+8ajqUA&}U0$?FzJn~o} z)vM!{DJMH+q&KnyR#q>`#yu$(0&ahjxawx;@6XFV`%}yx>}qb{f!lJlw)mJ6ZoFcMSqs* zrG@-C9}^BwC$MXMWuswNP+l>@ON&X96YKsrBIi8V1E@7)JLj(GkTXeBnkaue$8AKO z9ZZFA)_~Jd!3~c53D}6*Pkp|^mU3)1)CEw@Jl)$lJ$t(zoV{k>n7v~6xfeRpHR5v1 zFqt7py~^>eQ}MEN#;WguGCdce_$9GP1ouAxZhSuCg3p>7gse_sh&LNQUTO5!3w=tg@F)rNUGJ-}*pnL)FgRV`#F+s(q8TYkl0eK%2a#dd9*swvh6wN#O2f%ysC4V8B9 zcw_RFBEWNhILTVeO^;$9Q6M02kUBsGJ__dt%GPN^ilqZ=SkllfJ}F&`itvHa>`i9d$+@ z7^Y$24-bHDE?XI^3v4xGm4E(sUO^mPK&NH5^~$}>?mxbd%OakqoyxD{Lb*Jde~21?2#J@}f15(A$Dh~j zuH0=tYFOV_TT~f%^+aIzm?s>ht&Ez6e#Z{`$P@0QrJSlQ3g>57y<7n`c_~*)IS3aP zH#{?cn(T34Usb2NC+Xo;QGV6BHb6%ZfQ4XknTIBI$M7XinybX_;pwKrJG&3oTIq7) zf`=Z6ZQs#cIjq3DJ6enTrSSf4mUHX@58u|Zdu-SS?F6@Ob{yOBe8AI6hHqx|GLM=c z{q7|k<|Z;O)MX@r!FZMaXh9E}KTFuMmoz_rlJvh2XyB~7|Tm7 zln1B0vV+-c(~mtDkBmc*u=qDA0K1dqh=6hY%CrEm4*l|r_PylGay()YMr4jKZKiVnnTe8r zit!Hm26M$p#KWVJ3{!Bk{V{PkIsjF{WqswvmY86c8HfWV@PPmn$#Ya3R2AtxBFcNv zuukBYdtZa@)<<5k=4Lif_m`+Vq1@B$pFM;}#)_9te@I40;!I)YE=rYf@uKEwUx|05F7?@eyGF_t zpAA;Qq$NoO72ma(+&1%Rt+sF<$8%YpH_u&tP+3HjK5kMuJaZRy;83ABX->#^Xblya zeEnAPn%X|YnDmHx_LQ#i;$^=OxjI=k`&UGx{|QJa)Af@EB0={F&Xt7r!U0Wn6Wog= zSM1mAG8q2#*2@P!KdyP}sMh>{ERkj$_m;$oB*&hAy60FFusUIucIEt;n3kilIublv z4VMD{n$(_{Yhnhgw*sk@}{zs%#cuC#NN1Wha-9 zqe%8mJPj7bR;h1&#YV*R@4T&iizD+BVuK&AfMQwajS3#i@I(xXV;?Ag7E>M(GH?r) zWsJyz*i_nXB8UVsD7dnzR^b^L;kubPDR2JYFREA;%i8asAK9ypRkh=Q(AvIJH(+in z)?^4Tv@0;nzYKER50$-{huI>T+LA{wX%~6pEcs+~YK{RIa)JsgSm+Jko>cRVl@0%!T- zgaUa^(&2?HvNh)U{(svGmd?)y=2#kCb3kH_G$xQ7^|;F{>2j;O8-&`RT#0Hja4(c~ zIMujZGttWil=3%>Heu}H>C?~NX%L|#m5>KAy2E?d)=jA~yAR=iam>%d2uD@=y-Z&Y zzqQ5n9L45$i}&^Le_r1FTw4GFzO%A5%gR_t=Ki&UwHe6aV;+|1)lB-xA4~hzKQO%m z>~ah3RMaAc#G=vP)WFocFjw@B;6?&6w~oYn%sD$La}wamqDWVy_5)$ zDyzeUQ(%&Yr4CMi%#6h%)CK>LD~PlWc#TfL_rci^O5IdVlYV%Vz~S;S9&^&9PPq=- z!Ec7#V8q27K1!O_7kokIf8K7$!2d47YUyh8z(3HWqc>veKXP0iO>b7~vM>3_I%!?~ zM6x8*Ug00B@G9?k&-6ZIfyeEUM149_OPZ!=wNvU^Z(Iyz-myECXgVEX zYRixcb)J`*Rxg6~J;xtDFg^hE4qd9$SxB)Yp`tVv*sMjZr=^N(R)WLF2bZ&f11hzk z$aclDfO%8L47u>1_$49gEZ7{esPjM6viMKlwbq$`Yt0+HIPG6U^NHq?1P8OC>b44h zdTKiTY$t(s*rYWz60m7VxQ)bkhEFWqd1qjVrqGTm%$)0ZgZd(2w}&l$@3$0b$tacN zlRxL_&@ra)0_JeqdaCLjlFsa?iiEhVY=BGxSK8`GC_m&r7e)tbC?-!j!&Uv>#Y#g+ zIdctvRwV=k>|w*6^<)~i8O)d6xBU*8Z{@!Rq6T}Y5xcHwgvhnv+jmjR`~@S-86ChU z#q68WDwRQWI)i`uh6>yrWe>k#Q-ebo+aIbdS+`6iJA_^`sMSGx0{h7$zUp0ufAIH! zelCQ8IayRK8w6CO0lQ2%61clPm`-iHd495g>iygi0%i1FO~U42>d5~UcIY+nW7ua& z4Ooo@k&<*9fSensrt+m^#H+;vWP9swrApYwQejE&Vvm9Mfd-I=^|Y6+9qR%KbF4D# zU+0jD@&xvKDRon=I|6cUCU^+{PKxeT`JYgs##*dF=?NVG+?5{9pPgP3Ps=ZZEf@NK zXvSzniOAS2lPQY=_fL-AG14em)T>&FgF{vy*ai>*msNU!1<+=(I)P^%`5uiIhROUQCZ%B@tjWfCJptDw_?aH4Ei|rr&Ns!~7qRGpk*S z!l~pWg!#h&Y()P3p2v#N=an0*EvRjO=rQ!3V){O&UG7b^-%hP9lJ2G**>-7)mcg=P z38gk~Sx%{fJ76R)K%IU)QR_fdj4Vx<{)R69f0JR`K3c+)BRh+D$zDc~EW4Yf+<6$)fCX=d;k3~ih+bW<%1{=*Z2%oo#+~Z*4l^Uuj6~vLmFJ^(B!ppm@*uH89j~7 zHnhBWkqA9`0psQX6Ei|#sRzdD@PEG9LlF88?=XN#(z$8Yh+`eUMc{uk6WKELME9|h7^;kzB%@}!I)5!&!yG&Ot*h#$)kUn%po z{x2@sZaxv?;?-r$@MusgoM%uYEz1pZ8+y%Yure3TC~Rih@24Dzj(b;Hy`JLX`|^|HmotVo;NA6h}A}jHjEOvvvTThhhY%dk?Y913*5U)9_q(|d1US- zw0C5{M*E!Af9^*^>ndd9ZFio>@FQd=N)doWPz5M|MvZ%k51;-|GntIp&}^ifpZd4x zXG$xvG>Y;5n&0W9w^@vT2J;6X@AL5AC*WWw1P$mq$)Nu%p7ZZi_ab(7;N1>Bi)yns z<`$qri1k~`Tl>5;g{{jxa2BV(Yl&Z~eXKRX(b0je`T&~RAT%9g?eh;KB~g5jdBdEf zR(%w=b2zv$zHy#OUReRjG6`w_2Acw?#;{?a(1PEyHA%KN3;j`?Sof+ zD;lQ(6h(Ifg*#Zbq|(%AIqx4Jx|+PZtDN8lM={>Av$5*()~6;Pd&xgXZ^}I6Sga)u zQFUYRmyu%>%|KE;XfRDMF)$4V31Egu0c8UO0s#d81R!Nn=A87>tDlnLHig-@W-4N7 shH52QGw$v6$tYqSD^qp^6i?4WEsAHCElQV5LR6oN<=;{}*a8A45JM$0AOHXW delta 4714 zcmV-w5|!=PCfFvBb`(_~2pQQV5bxS+V#K}wU3=v2VVsjO1|)wH!K5e;$0zvDO?2I8JC!_yW15ABKRX zb}_#;=A`no`XcdC%ZNO(`{EJ*dzi8>FLlgayjZC(f4hUrsnQmRA75{Y4boR5c~$LS zPyDIVE*qQ?ZqI)>Q55z;j!6ZVx%SAcSKOW!8Ik4sx?D`~jdF7sIbz*|3S-FNgG-)dYn}bNhzYMPK+(BDl(9%h?uG$6fx; z+)c^lL-rk2!ftY9Yv*%+!bHmRH)%I9!=+b zw8oh5>@8cY5pGMe%4}(8?p5Tf_~V|c38RF#5$B7a)AkOgOks@)B}{K9oJdCO5osmM zoR8{IsZwEM!AyFX(GrWk;qWh#u_uRGkGJD=>BAj{wQ~QRROMkWU+;yM*?b>b9@~E% zk9R)O3XB9-Wo3of;T@%94T6K~daxMaj?y3jMc*fxec{&e6$F8db=0grN_UwYtXbs+otWmqqo=2?%+@vtvnzTh^XU_&t;U|Mpa`}=Lice{TGGi16yhye zM`(sw?xEFDXTSN3*ICr^7&R$X5utD`EoERa1f2)MrK3;gYoOi7284n@HvoT2ZSDF} zJ#g!`JbaL9WF7Q)cy|MJba<($h-weDwOM+9aG&-HzQDEdyNoM(0R|S880Xb2v9@OFSLDT$K>cD5{A&LNQUdXcQrYE=d6R^Z8 zg0&A%>_oYhe17KLeSC{w9&u9`)H%n0AUZYQ=xXNzEd;(L^wzCr zjd!`aLi*z+5G>SieQyRvYBnVd%>RPA!K$}UZu0VGaVOU}cnX=kkHI;IOGLo|#cA9e z-byoAf#ryQa4yvXpa;4&@UV6U4D^Br@nDc>M`ERUsr%Uxv2jOeYBr3B@L0=x@2rZ+0w)}w04>15zP!45G2=FC z(IVnWb|AV%NA#SuoD1wd)R#Y(2!42qJmDIS-jn=)fO~utjcN*VSo7$3alv|e3ePwf zXTK<8gqJm_s01|W-pA)>gA%U2CR*wuqpJD?nqFJU+?&qU!Jo1^a=bO+a8YS+E0@_ z=uxwKD~y`3UJbNCrMz6!j=$&)()PC?AQVJJUL2D$uz=nWM9Ftq`uRpO#DI1 zxuEyIowCQp@JW2}^!tc+O~u0QBI38W9-U!w*;*W})x;tF+4W02+jwdXmpRJIVHbvf zkDuJ9UcU)^Jfh}ZL$|%s8i2>MAVeIO3z^*s*E+2tHWKx?#UuT}LRZ6TF>lPy_)bJu zyB@~3N3+T*3Tbh=HmeAc5`JBHW*jn{WsA0i73qZmxiP%k8za4)J^R#(@KV_CQRocI zKr8jC*QL=mbIh0h-ZqVTT6PQ1z}$F>OhFUm*32|N5NXlwErUh?#E z=ftut87TN%134##p7M~C&DPiGa9o3f3Um1o74Z%CA||ze=_#qsKQXKuoi zz#AYB*XuL?q#zeGC0ar`Ov#=uVobvIN`nvjg}f(IEV)$a#`W&0k-z@x?wC$PeTdXN4{)199g)Xt>3l1w`^+7fKcHCjtHZs14z%}z0~u5LYob~%Q2X<(6psTG zYvfp@oJ6X}?&_w%%Qy^w^>gb-n;NO%S<_;f9&*Hp)t_Cc0PXq0<^eJ$nXT*#!jfZL z+?ze-7oSyv>xA#`GqQnbPa_To0A#TkkV*9dVN^_YiU1w__zffpo_=l;pxaa{@f!~r zN46#j18NtZb0orSWMI7?6BL_S6)yi>-aWJVf1ezRQ5@KD&dsp%Sv*x9k4m^ zc2iZrkP9z?D^6YzsF5MJ<7aV!_z4$Etiu#cnLHmwh`dNF8);39IriovRI25_nNZe~Gj8 z?Ob=1HRi0t#c}z;8F3s^CwPeCd;!pyOaBcp-t(lxHUY?g0+mj12j*FI5Fi5crs}{tTuR2!1mR@8Q6rE*1N|H#f*)MjEGK z%RayRNm}Eq=xk&giduN8>J+p}GleNA5IQ$Hov)w5QJ}6a_Ii7Xz%QEW5q-y5{{1sG zb1G7xvUKGI0gwL7jbbopxOxIT3--FgKOP>vP7~;V$H9Exipb7wcO;~f9Gs`3QHw+2 zZ~A6~c5&B-6HW1FFeGPmYR5VN6Zm(&joufi+anjsRS4L01d6sOsnC)VHq?5OMQFr}$ro(#9fBd*QEk&9G!O#oaIJl^NV~v1t z$1&a1cS8oP&>|f$wmHtBn(T3t3Uz^;rRc1GH6t90S~R>JI(VpNqgykd=;}c_j79?b+~K+&w^PSRIS(TmX=y2?4{H zVme=oP)S4+u*7nYrIr4PEK7o*Ot9)XO?j(-1#AziD>(9odXxD%m8yyr*=EG%xNVeb zGfXG6bUO~edG6eY2om6XE*YBXpqYe!UjS=nZGcCQA8(#`N7=@`?U{A~581^Ykx2_0 z1Q5CorgjDxvGK14wn|WCh#j^wQ(_`FU$FkU`*KPD4nGrx&zD+JunXLfEnmw=u<>*T zRdWKTF1*e$pLW=M_B~ZW|F~{ZjtbV3pz^2$E<|A{haSZzKh?DpzDF;XZw69-uTY%l z5fumiI?33PDKxGloaFyj;d_pNtf%a9dCy=wdhv&F$+s#po zHiQJZ5sgk4y|i~?F3~4kUguW39v^2HN~Be#BAg3^q7I+JlKP<@g5jpqY*H=?SGiN2 z?yqq+)x%|1cWx}IRlL=&C!GsUT-bu`&G?CX)QZlRz-tED}F@h@P58G{VVL%T8KLy4L4#I$u}#BQ=9(RIJR#82Wiz72g-aXSzbo)kVrCO zw$ut(k8Pf{_n4DhA4fbesG2m~*)_1zN&vK^d8NX5o{O6v3Sd=L#xI%;RI`)LfFE?S z^5c-FSVQ@E^4F3!FHmNGnN4q`P|*foPKAQZHS$Gkufusy#8SaI`nQLTz64gDrQHMF z7hGXF`Sp9t6E|NADQmr+wgHVsO$}IsTw$Yr0rC$Ox-x3I^`W(mGfH-Z>1Yh*8}`3V zN~KX==7~_O**r0rl691jfCE1s_2A(^R*ciKKDxnr$*s4_RUFfQ!GSoy4Q7D6?aXCV zz$Nq9st>Q6sYpPsiU27vkJtp3}m}D(6F#uC= sc-&Y=zFlA8TQ$@j*(w$U6y+)Ti%e9mr%m6kIdtHoN{P?Qg8~945T1D)!vFvP diff --git a/tests/security-resources/other-client-crl.pem b/tests/security-resources/other-client-crl.pem index 81c3fc59fa8..3aac4ae591b 100644 --- a/tests/security-resources/other-client-crl.pem +++ b/tests/security-resources/other-client-crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIB1zCBwAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll -bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI0MDMyMjExNTEzNloYDzIxMjQw -MjI3MTE1MTM2WjAbMBkCCDX8+5iW7sP9Fw0yNDAzMjIxMTUxMzZaoA4wDDAKBgNV -HRQEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAFFLNW5vD8vMv56DqlopUnrSlzfqW -iqUgBOL1WnDhyMjHPvU1TXQg0MH5r/vjBoA+S7hljU1CHb1u8N7MEUY4iBqlGJsy -u77wBQwPviQfJEb6hSByBzbHMgw2YgE+OUvhnnldnDiGnEQkT5ZZl1O9hVH3Fp8Y -AmCF9qjvMNieM3V1HyML3iOHnNmQUyikvSWS+vlIl0AzD47tOXgHrkorbD/nHljP -k/0gcVrKK3VHPxNtgVyhtfv+JhRQqekLWvZOKM+Cz5sdnGqOA2AkOfJmhu7kp/Lx -DAbaTLUNHaLX+H8BG1PZ0iHDgnXQQXAzXfkJlEOp6bl3eaOXlMCC6J+tWA== +bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI2MDQwNzAyMTE1NloYDzIxMjYw +MzE0MDIxMTU2WjAcMBoCCQCuDk4fIOnhnBcNMjYwNDA3MDIxMTU2WqAOMAwwCgYD +VR0UBAMCAQAwDQYJKoZIhvcNAQELBQADggEBAE8x5PKvFGxVE6VzeDSd1xekb1PU +ZOvrdH4NA1eoSWymrynBKjWZnq63Mnm9wdKGTb3jnON/rgsWYe7xM50x0flJqkia +EYIrDQruLE1aTrhM06AKfRa8+tCzeBDc6QkFrJuHy/1QF2hhoUobKXVwlmj8dDER +/0B0aiNsxIy0vTT7ESBA14y3JNGqZNjgJ8pJy/7JTOULxyEUPa1EAO/3ggBu2VMx +QWartgzOR5Wa2Ybs7yM2yOrLJDTCUnFk8GxMclB5YVq+NcmYNaVaGd2hNXWbDkj3 +wLpiKQSjljTzY3zYnrrb70IQrSXQ9h/82to6NXSpFY2ftjFJqWsPSDecT9k= -----END X509 CRL----- diff --git a/tests/security-resources/other-client-keystore.jceks b/tests/security-resources/other-client-keystore.jceks index 93ebf9886aabbc16864a9a1aa70f4d62f131dcf3..7bfeb59ff7e571c0916ca39b1f5d0c4fb526da99 100644 GIT binary patch literal 4182 zcmeI#cTf~r8UXM~3^^k?gQO+&AVU@f1Q|dw*YM5)gzDNs5F6@wVK(t-JfdKU_4oJpgFqn2?Oer z^&+?E!C+bn5MYmB1{mQ`Qy2{^l_uH;d)@im1q2hoaM(r5N~!7PZOT zCjfaQpnPx~b^QOQfCmfz_}O3z5EKt)1Oa$34FnGcgQ|1Q&7QVuei~X_XBwAcgyrlc&#X{?Tr0}pnQm&??Xvxc`3tmi%MehTcGfPU80QtOvrtU=mSuu+~ut-EYlk^w`ec7zv(>_Q-89E(0Erg zqkKf}*gdNKirp95uTrv0m8eIYKXFug2UNfzrb^l<#RpnjX73z7p|wM9@KtNV3eGMG zZ*;d8jm;+9QO)ll$uIFVmps5&@IKoqz|a4LD{Aw6V`J#U(uA91za3$RE3mZI9-XMT zxLG0gsQIu8f8H>p@B2u0$ise$lUPG@M$&K_^BwvVx=t#-A+@b|)A_=k9aW*-PeVe}3Pb zS3w}y3V??#0=#hQpWt8^SPH@l1{h&f0W;*6(qxzu1PY};4a38_ZAskEFMA(*@Z=hw zQxB%vtm$Xu?h;#M_$oi0u*QW`KB|7RY3_C#S&BCT*CzzP8vN5!dzb2if{78QoYDEONOv??~;} zcQP*0KAw~4#%2UD`kk{IGVE*bz8KZ{3sxX~kr3nb5ll7nt}hVMS1me-Qqz_cpJ^uf z``CSpRyynwYJ7-FC^c}BDW6UTF z(tZpjLC_V47iY3T6|>5t{5g1myBKQV@j!$d>Fw2bD8tIVU10a#nv_S!NDk3#BB^N*#e6ypwPbJZ^9(zA{* z?qHbqyk@#;#GARaB;~pf_9h%Uy<0M->)wk^gOTPj_ad)(VjW;)x6={%BMMW$>Mh&T za%e4_P-%SbiCmG}nhhT1Rd8u2&Y3T+y;%K3$8x4VlOaLrjId#@RcAlJz%P|Uneev9 zeW~Ik>tj`uM1eIg?p6BXa2rBegBn~$R|r-GE51FXFb+uTMRdLnj73yA{9JH>_;p6` zZCD0fsdY%Cgixv)U4tF#FI_`Qjcu8~@t;lDDtLe*+0g4voY!OQ9RZ5 z1hz_gaEHr-PX=&8`BO<<%8H9KEIJb()|PkXOfQ{t3e516sv)dd-Ln-^N14su9qa?< zF=wh1=ImF(tJWdWtvM29-0GHGPk^_qIjYgkt5MlFHTsp@PHR^viEaSj$}@F#QOm+* zstwG2hyL+#dneMXU}VmPS~|9F0rNZq`O7u7n@rzO;%2iS&UvW zs3}P4{{=<6!-SojF#4j*s&ES&L!)TIW<(sPS){0~tiFl*c_>`dkT$!cY00+JFnNRB z-i*JwV-h7w>~wvfjMeEGr0ZX+Z`YH;s(ekIrAl;QK@J*beIUtKo_3wLGD|qMf^t;9 ziP^i@Go&cO*WRx8Vrh}fq}tRYqUM`aekaM^0ZFzGNHTpy5^7K-!+8P0_fwgFN+bV& z5d6_3$ODteBMy*q0-^BDBuFd34?zde9Eu0d3e`Li(f1bBA6k@0t^W#8Vu0uop!og; zP)3Kj;ya@bO!DuoLgbr?v9M*(y;ZunIA`~g12Yv^SgCLD{GD+IU+xKOz1uJPzbs58 z1uKjgTJi0737vOrnLdtgK;LE=Zq>*+#a3MzV9z80Kx2eG6a8I>GP8r~QV6eoJ2Du0 zn)yBLF3ylI)4l%v)7(S;ueQb@RkiySk$tU9Y-(`w(Cu2k9E1K75rG1_3~Tz~QY3j1yoF{c9Al9u7DT zJB$#jgS1XTK?#NYDWbo@h^tW4xAb9dxdCGv;!2}@eQs*Ep@-?6&iH+?pgUX*PgQDt z{gu^tvbh9tZ<-jehchVho|d){ZuJEr|sI=eU*lJ7q%K(GL(pl&m4 zCd88v(@aKoX)TFaDAgU8*Xch=ybjIrZ{p_`wa1~mnH1*9vzx! zp3UC9_T?0VyJCVvFE^%B7YZW;DDF)wh06IAl}d&!$sm*@Rd3eO)sb~<->+kwfFR{&&VYL8ZH);DfgqGPJlBeXr;}zw{2s6YhC872{&%Q zbrV(08ugL&v-`TK{@=C9UzJDyX}|wnoBUmy{Lg9=#QTo!RPihRBBH-xI7x9Dd0;Ev Fe*g?v*>L~> literal 4183 zcmeI#c{o&i9{}(Fx2k!&rDeX@_SOV<$ZWR#_aXo!fEEulnq zF4>Yqp+vfNCR}7 z;8X;$il7Si(D%S!KLrvX`r~H<2ndV>a6&*5zyc)!0OWcbg6XUjXJX?8f?%4qnZEH2 z9&drsFw2yU@(WRe&$DVuTMYahFxNC4P|BS6^B>Bm*wNv54u1t7td$>~@>J+l60xYIag zYyY*LxC_083iRftVz&0Z451i*%F~>RPyN%+v^BJ>QWsE^wjQn;{yzC8+(NVC7z#Us zCNy2yFie~9cUVduC0aD^f6^$I;nqE};)a@1Y4?ayj~iRjosAb1eX+_w*0L))!0sp! zY#dC05ik$ujVMzmTNX3iBrN!z5!K;2gm*>B{fRowj-}`%E9)~J6Fcoe4`2 z2z(wS!KXn%24)!s01ik)kpRdEXR0pCpqRAdj>1WONtBsh&bkXO| z&-5l*u;f=}PDUul8=UJAP8=>+$0g!qjLQ?OHE3ft>OBh9^u!C2asM!5_0-MNuC02) zkqA@YrzO&%AC#DFw8%V)8)1Jk46yT)k#Y3H2%COyqZb)m(Ak(-N(K?|Ka;ENx{!BC zH)zcLMd~>BQ+3HNspGnwe50aevEj4p-cc${v@V^?>3N$ovh9i@o1ZEcSZZ@WO24Fq zz||$gsE-%V>Xgo1J%PGj-LJujnGWo!J+tMaJTzI$rFEPzb53v%`t+fYj>oZGF%Qex zC+{^_PP~~9l@SsTv?n0Cwt5zhs-`p0hL*O`Js(2x!7=qR&jm!=(uS;TLY~^yi0?15 z4YX2TxybU!*DJIr#fOVy`1l*`Tu*D^X9oC=Nhu@OsJu4?56t!Q{kRl7C$%~fBrjxT z-)GPl&govHd6*q+vKo;RlU+*mlJdDEeeS%BXSlJJxE4knyH?S{D3!(=Ll4yvyKS+o zJD!%^w9aG4E9!+{(>1Brz{;vQSdyfC(`iEd+zU_nFwZ-Z@rR|kr~KnTEgyeeB9tw~ zX*Q|RS{7X;Srno)H%Ux@*?jIbe%wF!5Wu!up2G-c}Ct(^|v$w)I9+tVWq3GqLA)}Q=-XlZ`jR`2FSngS?RS;^ODNyZOKi} zyeTtzZmO2tI$ie><2=gZ>M-}pLr5eps$n&ABC*1H_3})@X^&eIf?FXe!)EV4NNi;Z z?dLE2HDh|6(w?&M3EgXan>{mO?NpC~xaIR;YU9C6)kO|Q6M6j#Cr!vahx>nh@fu+) z*0(NVTEFSYn^yTmHOV^GhPMP)7w3;z*EsQrCiT&Du(MTz+~^FmKOuu!n7!L#&wlhB z^8&gv` ztem?t6_3SHxtC^`nUSyAZR^M8AWofMsq&ji=sPCa*fGhwZzf?<+S*LJHs3`5Llyb! zJ@7k{C?47&2^OD|XRRc*&1 zllTgSbT}hjOpD%f_jv_Tt0;z96%w(s<2+610QGyD2X4bPAa|~`5LpyFIqG>k4#}i& z2I;<9t>F48>Nzf?%5|&mmT-qGPXxxYeW-FNZWU9Uc+2_$Yg2g5Azk{+ZD5f;XM`D? zYBfNbg!v)`A4GH~Y zIhMzLGp#)CD|dYYNX*`TE;w&bzd&L<{QOR}2AOwXMZ%#V1Qg!A6oU(Zd_VuWiIBSw zh{Ja?glVU$BM^)*=pQortBVLa`84E;A%jd)^^zCG_;y$8!2zyz zD;pS2C~UL!+=+#Xg0)3S1nlcA~ty!wqcN7C8oUx1cQR>j!LR$1p1L0Qp| zyh=H-FX=H?xk8I_x3X#ku07%~uncJ%J2tP-FG0zrcTB9s6SA@(^?2p9rkw%}<*+|76uUDgxL$QF+we12u@}#EWtexcghUI4j^}@SU8!q{0KNNcYlm3pu9T+ z<&^u^BJ}r5Xq~SQf!4wK5!_wfvCaf{Z#-HnfZ*os=S~O#&^)a2%77xE0?1=9O7gb6 zYzlz95}-=ozD@l7k3a;A{P@~n1`w18W&;64FakmZgFzKJR+bN&wN?gZ7aOOwtTOi! z2Py2;IrBcFhoR>*1;tOF8NbT))`H4sU#ZdQdcGiX?32Sy2^*7KYp)U8EiRV#jFyfp zJ#s}>l@2Wn+Q((g>tVOHQYIGR%d15h0^WZbGZXvO>K)oYuopxS6A0*#v zx8+K{37SQ%_q4#XKQpHXw8jQXo-FjRo11OBP_<<|?j=AXb&y$JP1z_?a~dIOKJl9P z0$sh-5BL^IW%m!(#WGd?w<{Vvd<3wohRL}-SShW6$r`r)^cdQNwka@d75l8VWXZ(^ zo@me&taQt0K+Xr+J!Rf(8Gb0|)Aku7vC$)F-y-h2Yh`7^Xm7%L2Ak9~+;xuHM%QV1EbG@NdJ8S}{|uy3B{*4#322>j21gZtPqBN{ zRI~UCtHmiz%7%mEhPv#zWKjif&oAd1a$kpD8tZs2INi8r)y99lio>D+476GJku*z(3d>subZB@45odKhEj

_24fNuwboCM9ANiv0 z84)8W5q4EfIQ!{0EcJ|j;X@{wi81Y~Gnp*DeMMG*tukhh&dgzM^G3b*Zc%Owz`d`c2k*`&2#qaz!122Lo2cNqiKMW#!;ON(JA^N2<(y@KGIU#p(jL zT3s<`+Izv;%L^TAdmCLIx_cPa^A-DWZwNWf)o{C|=^;KV?3sOFQlfUPd#-2lJmaSb zpU@2`|9%?P$zwfRSjR%~fJVm$bz@tt1?3T;Wyjz=AO2y7l&71jr!}v}LXV{&rxij1 z`I|)^A{xy))I+(O92@p8vjnofw1G7`Xew5_{dBRHdd5HV&6lLGEVB;s$|^VVstof> zg7RiYjEv24nP9!$h|YcCeLffJ0*~`A^0^{UFFKpKiMw$)9zo+Y&3oBSn6icBJt$vq zi_16Qn$kQK?h3dr4U{h?;#tpI@bA$$P`!a}iX4B*ZR2FQ92$$wyZ$rIg+t)tpkmI6 z*hrLGBFAtWn2q}p35d!S~(=2dDU!+pE6!ABuHhPYvE#Z9R6 zs%@X8hSDQd#@Y2}i`kmxMS@)i>#iSu99eawtyLSj`OKL;6Mju>u>G~~wqqJshDp21 z%;SWCF4lg1xorodnb?75ZhQrA&*mK3u6B_(3SwX0sAKTqojp}HeYkS-g&zW~w)5;I z`~;ytd{dEQs8VLyazmI@6js5g;@#16$@$2z)O6|dgsd~E^MLSIy!@_|ZMsrE)0Hy* zO(}3tIno$~o_U-3r^@p88{v;kQKBBv5O!^PN)_gN#94z ze;6@+8~snFk^scMnM&y2Ol7iLKEBI}&XoVmmrkLH1ZxMRUfiA8+4qhwcwFCx7M2^H zeEiNdLnueVPXEf&zE9I{lP@Y#jckQ>I)sg#o5sblb=WH$gUuSZH1}1Mhd8kx0H6sX zzDdEJ1DV-j_fknC0c{z`uEzboPUJ`U4rWnhTgbu5>Hhh*xUsr0O5bO7pGT)-yY3@` zs81FrC?2wkCHrk#Vp={AB&K$Am~_(i-IFLt)f4O=R81KIEsZRk(@CS{B^KHdni{e) zb46@4hFvp?uQICjW%+k|sh~xpSECqJdI#30NbP0ix34d+&GhtpGV_fum$QM(89xAK>WFrKEonIAg?>%Uc#@!F zVK+1uP}}v*UKpJ^M4=x`w5;T40e7l$N>8%2V9wRc*XG=O zV&r3St)09h5q6EQ?x9*uK(MNM@xu@1>fUSQ*G%`C_d;&Wn64iT5P=Dn?D*c^m&>K| z>!Ix897ulfD-_8ZoN90d`SAw17cA|J{9;ac?32bA z{LX$2s_z%lFu$-~cW&2lM7+Sq?(Nov)RWgG&;u{l#&1p+Mxz+=##JKZf{N}OjGU9f zs2n`Jl^mkH#CNwz5Nm{X@}8+04uc3R;4B)R!cXVJ25;(Y>jzHAB>@^9)=a6lW1%hp z&NXbY#i6@pjkZpcIq?%ezTfksK{03SGUtXj&BE}XcIB@+rvH}j|FkRrv@8F&c7=?O Xm{R17i+zH;#;v0;|MA!3f|9=hWLDVG literal 4203 zcmeI#c{o&U8vyV*vlz-gWXVMMBI}u9vNYDQuL%)vp&?`$#@KtQsT5JRl&m4t$W9Ad zj1bvdY$Zub_Ck!|8`bw-z3=y4-}n9Tz5l&`oa>zDIpk%p5As&`C7+#Qjb80IJsYj-G_<09m)WJQQ zGcc6$zaEnKaZ7^mZ50v(4>HC3s5jA#;!X0G&s3#$sMV6hks4ujQj z66R3>u_~Y%R`tikU%vz@Ao=rW0|*F=3h+QcDzF7g1pvt976kjT-8>16XUJk#bS(`` zuL}4IzYe!aUa342^|CjouKckf$qB=+Ki<8adEYs6dMOdF6dXr*jJk~o_L;Kabmyi+ zH^M!k%a;Q4jxdI!vidwKu*;4y4ul0g+VfnG`$DCM^cu@5fc4|~tFA%q!joP?5?2%> zlb$Ok2CGdT+rBS*?|I1si-#k*zhYjyo()rZ7%Ml~-gHeM;_6yd+|fJjulM*DS*_Q6 zhTjmB{jBB`|3*{iZu>pXrL(znXw1U=M&|TccbG=1u-W?r5$?oK8l{P27hI1P59b^j z;mg-Oqp1zG3Y<<6N&axd{c9^f4^s#U?akkld4;^N&)gge10X;?76d^w>nEeR;oIN> z>A*W#sEzvMVxa5?voWy-v_ki%Z-IhF0l)?v0m4|PpLdlNOsri6AR)C$=~xmW)_@V= z`Zj)TXIfXxnQkLxW)r=XvsIKW3=#|lPV1C{@}&TN z1{UGq{gUkHE&s|8Z(G{uu&QZi+H6rG!Yu271RMvZLe|_|_~oa(w(VG88zo_g9Nw~W zTvExJaXdVPM$3t*dm5rO#bWSE!4uH}owRuHKual4aD?I@SCyCloUx{^8mzuaXDTK*g zI$;(yWFHEl# zezj0|E3YwGsn~N|B+RF!^Am~hsg#sosjv<|x2Mnw?A+VJ(PvM_dK%F_V#X#LONU77 z{rg-n^jJb+3sOZuviQRZtx44zuGjFX@?14(^9@b63ZjL_K|8^TcIHWmhW7!9wt6E8 z$0EHnQkuo%N(V?JpIok!aw{%o-NF1@t| z=R^Dg=3S7?#-}Ig#KOzhXDTH}4e3F(uj9ffGPge{YyFaV@}BvU>qf<0|Em#c@FL!o z3BwnsZ%wHi4#igQQ%~;PaNy#u3MJ@@GLtRRsn0bg@i&`frL)>OD^h9-ONhZW(2JT% zuj-H6c2R?7QB|iN6;Ehs)Rzc4m+^rX0oOk&2(Db&Wh}k0o zBiF*yhpQa!#XB(#s_jPEh-23MEFS4uohiS6DIfwmBbXOPn z>IN~H(vsE)y50$xEyI{l%j6zfbxJTDo(~&&KDo!?(qL?XltY7OQ44W!Q6}hvgeloz zts-hNLqDegZ0bW}oB3AR%`eMEo-fRuLAL7?ruCqGhIB#zUi^q%nn*E^Y&cTFbJlm0! zA()0iLTNpt6|cCWpFLwH*TEYsgu9u{m}rPz^=I0NjW4gvJ(n?`F;zd|6I^B9air>f zfb}WH*S*{Oo+|X;wBElTKU1C*lT|htvzWf>D>1By6wxQ#C2NzK9w91wckX#OV(%8z zb8fawR5kXMRZWBT_>;w#&pevAE<@$PGGfC3F7${OYnq3fi_>6d~ zRAnyvgQ;A<+Jap5Q{#)>tIHG}=e#c#YtvKF3x;?Ok?1x&jF;i^gc>;8fo@`#2FW|Yd&r9J0gR}>QX1h70e|0nPV4FEs9na`-xbw6;&0-m2i7JmVW*esct2l>Tli^uL+Pdb51|kQIw5|Cuk3)~+UZa>m81+#km8PNEjf46Jn(`MAew zh$~M<^bl@g>9;pxP>I`a?9k&mPPCxC;qUPY&b}RQlv6EpTH&n#9UZ7y!jLY2;~_<< zk11P}y|^C=wyDY|^91YnFIDqtMfJLc-gaNRe@(niK_C)i(>hQ)AG3rhO}J)PwUr)G zr>f8VQ~=B|r;RZ$Cz=gW=GSK{g4K;ijb7=@VPwbpEc9=ObuiporYc=%L-knNRRrRZ z1I2NTQT~#D!GS%BDTF5;%`t|JS$o+VPTz@r_aznaoi8V|!IK$30cLLrDKY{Fu%TrmC#tFf+=#E} zO`yi6Z}{LW>QK=?muMxo@6J_n`$k~DKq`kXiRk9*MGB&vg-5e0ILNX2Dhdt-A)xr? zr4(Ek+;-y6orKza;2-eK2w`VcdISOqgZ?3+zgdaAZt@F&ie=Lh0S;QeMHT7bq(s8( z6a5609LJwp5k|a`LFulIt!t%10iU*Kr8Li(lM9RB*nfz%ryYDyrdZw)nB~6metn32 zA-0PKzD>|x8}$2VR7gFWse41b^uCDn_LDDaIc|P2;f~67Y&?{{hx()zS@;>XXv8K@ zzccR>Z(7jNyz4n%>;3~Uw;kb(=3nh+tBaTCxD*fXp^b5u`zArvg#`^7516ELGS`8} z?ORn&*ETC0NfuL(482~fD7Bt`>JncVEq^ViPB`r@x1mjF%gC;AT-}Qq5?`F@#r|g4&kL!6^F8TNN%H<&yTPfA=eY+A{sOg#Wu=`MY2Fzx6BI#Ki|L UcD{4oQq~z^nQrr%7GYWWPf!ig5&!@I diff --git a/tests/security-resources/other-client-keystore.p12 b/tests/security-resources/other-client-keystore.p12 index 1f724cf056284495d043d615175096a861f676bb..3363469512ea709a07ad01a354d7819fd0b33436 100644 GIT binary patch delta 4730 zcmV-=5{2#bCiEtdb`*B5|Ljx*^fEK*vEXDyxuAHoFsYM01|)wt8pN!QmVeVPP7#+2 zN8rx{f&|c@;F{n4J`D6uRpgL8#?t&ycn-3*EdgA8g7WqgitO2l(mcU{L_z>@xnAayL^9v;&OGY;LUBr0d(*^|sd}ZaW*>!u6i{rauP3?lc ze_rHlZrpSts{Qx%N+5h7e?$zThs50?T}w_*aNS+qhA0X{J{rDVkc@3;<(-+;UDp|$ z9E4!uK&TUtY?8n^3!TNV0Oz3%cfwjZsd>o2a}j^5eI6M%)DX$Jrkzs(MFX_y8bq#Z z`IkwU`GCN;W82RNXJz{x|1>X>uUBvn=cLqZ2+66o*t!nS zV_EnKRN=sAYv04+NnwxYwy}j0(6`FrX-H>5T64 zY-vI2vx5tsAD-_R_a5G)RzfZDuo9zMC3}A;1s>gB2HblP`gFNxPRM$1HC61|LSKgt z$&rTTT9(p*zb4|2x(P29scFKOL|(Hw%Bqh4+?#{!^sB0`)m|@8yNaP5D{LudJeuye z@K-;g^=6oKZyuSn1`feLjH1byiU6j)t<#EF)wqNV&Qh!Wgjjl85&I#GQXv z&Hi1jXffg98LVbYBAKcHjR0)*jo-&Y0t!G8bx?WQ{jr) zd1mYl^bkS384dq~EsF(?3_iUn^)=hTegS6F-4=iJ*&9FI;t&Mxkk)UEP&9TqkVjzA zEF@EHRbV@D?%c*LppBf0k;>7DL+5`Y($Yh@d_Fijgx@)D?wfW0LzhO!+S8u21-<43 zys|{TPMS#5zmq zjd6M1?0nv4lm*`^L}W=0)KM57Y>hYcox{dx0}~X;brwNqe9U?Im~B%a$`XGy)yxVD z;E5VIhCK!s;IAV3PuthP=2O;t7Ry^OnO%`+Bq##5&LNQU@@A0*fPxILp1SHGj-hCb6HyJp5cvOMkN-ij z_I@ZLAD~!PAypYuG6UH+J%CEEnY*)2bKy|xt)|tizcIJT&D_lmsyb!6aw@X`VrkF_ zj%@$9o8$IJIfPC=S}G(6i{iU`*z?$N&kPU{|>Qb{?(|;Y*3lm0@8E6&E#zu0Vr_SqLnD2V`cL zyO4U*{ou7+>ehBUh2RauH7r(T(@G9!Nm!73B7uSl*ypmEZGb|j_ z*_QnvQH7d+NmsvS^?`G*Pv~n$UJvsNLc1m_j}P)^EO`I`mr5cJNolNoxDNZp?=2#E zGB2L!pXo$u=z*LQHb|AUboYmLnKi>n>LlH&wSGD$y~{kGhxxV1Vm~%O8x0IzLmu78 zC{(g$e@Zb^Xwc+|rU?RYeS%M58V1A@PvyCO;|g7W#FNSG+Ch&YVKrQiXgiYDWWs8q z!6OwZZs?I6C4kqNhm>J!;ego&6}E(rl^Oql>I|7@R8w;!Nz*bPb@Zyi87#2Ne!n+Q z_UIzFboSFv34yp-m-f8x=QeoT!_t=rEoT3+;1fyskY%Hy~T2{Cydi`b; z)vPA9Ow4tM2seHuedDGw;;qK6n}h3Ep;Gs0Q4iFR<$1(NMYM$S#Cld$#VtH3$I-h= zy}BZ#itkzRKj^?=3pf}90g1s|AH&gDU3#YZ(yr=Ac zHegwUNuxP#*uB)xh1vO(sU?b-1z=e3@9?k8Mx~Eu6@m(D;94vgNn?qn2q#v7U!vsE zXm_;1Svy_+f7J!fKVLypDdZRHgj92+t)Wi!%|5ZvBXV~`4n-QK)9&SRv#gpi9PAX1 z7wBX)z~1df&ErjPt#9G2z*T>J8h^8Y@H7Fl{H;EW04;3c^tdR7^3e|WMQ#$muMh@F zj*2vFmns|n*rYU2(i&Vxd%O9j#*iPI-W0P_&x(J&H}%97eD?S+wFOJ{Iu^WDPpv52YRU_%IHZG|J8{lAcVyxSUyk;H5A{ zg5>nGW~DnHPdwXRoq^L9^%u0k24d}&N*hu7y0EmseSMI4SX@>hy6L#q$$_m*(4xh! zYT)PYgRK4V`h65d-t2XJ>9{@X*JUWJzVS&4;a|_YgCLk|XP7}uOZDuNVqr8&!vV!F zOz|&vUFBsV2v{_MQ~Nnc-e>!NaqaFRy>MwsB>>82l{WO~SI7x6N@reaYjoVnS@qQkI z^{)xy&%S$wWunDxrS^PjQ!wFjliIly&(=TMLis+q!WIRrNKa>EP%`I#F{UkX!V`=J z-Nwl*DVA-Crlw2k&n*J?Uhic%Gje2U--lVFPdotL9p^=g=-dWo>B5tH zUaGfpJh@tO&Wc;V@eDZ5HXvJ|7#5jkx042;+{RmB`1hGB2#gH%3?Ln071awTnNW!!;FEQ= z6bD{Xum-Z8>CXeYQlp(+C=M4QPUvTCzP= zF$_)z49zEN9uvSlk%78YOfZP|#jDAka6+w^YB9^1!w__>4b)VEP+u8kTkB;N+QV zS=Ho*%ht`xmGh?A#Ou@Cc^OlQ=Ylb%iS`ECfZq_xTJDcd*&Ykbr)SLd!A)6ZpJlV| z!#2@l)e(w|>PCJ>^s)EpL1mwT%M-B(2OVE0-r8CC4!@v~)ea!C97fnRO3Ko;A>~C}r`52#J(mh!aDQam?Rl-rsz4#_6x_sJS zd?{q?wx(wsc=Dcuwn zpKg%gUOhv9Hpc~69yn|&WkyoX?6$T{RQh~r>{1b}0ntCIw4D}dsyOw)^O~%E3x$B& zeqmH_<5GR}wk7|YehRSVR9;u~6)%K3QP>_%WuQ4<+?3&a8?xsyZC`C~h7Y@3Py`ZN zW3HzO@!_dJu`wNHgmwD1FsKC=IwgC*KyZtS;NdcV2QNPrzt8j@gl6N#^nWJR^Ueo; zGe%-jdWAXJhRhGG6LTQnI5Kyu^DkkAVQ#W#vA?PoX50cv8j$a3-0C zPLMc%9OOaKNB`=C?oowr*{LxthL}uf+}m0>W>f)uL&XCDm_KXFbi=xGoP3ZZW^%%J z0j`}f4(6)o8VCJ#xt)VVZU}rof!Ka3?U#eVh~yt! zU*RBc7eC#c>P9T2#7fKtf{4zOAOY%53ooZ>$|PG-LFe1BLFh z=2jT_LCsD=F#q0lG$p%IBt)ozN0!rpG-Q?HUZV42+MGlcGYT=!@pH%W|B;Z7#z#

wG@P3QlNO}kF2&B5 z6fMN>g5z<8J|E;gqs?}(VRiqBfFF;C?KOw)qe>Y2bIlHO3Cal>o9$6l`w(`*JFd-v zQ;(R*6G|DHHY>A#s213z)bHHMJix~R*;Eil8rcy6fQLwAYz5TeV=^l zP6!%7kU`9+9Rwcvnr2eb$i)wT@CA4X9v_gYe3q=%F(Jv!XO!J*Nh_7@d{QNx=IHNf z-!sfqC3Dr%%8$7ukw&L{L8&lMZ}WGiR8!o&smXg%2VwYZeKklUn`lBV)=!fGG zaT~O=A2~gF*lpQN#8W2VXKy3VYcyZPgK3y-&-)M=`?eZf@J4-3O5=6>y54dgYdf~O* zx-wn($#^`6#o2$R5qREa^@*RXx I*a8A45XCAcE&u=k delta 4730 zcmV-=5{2#bCiEtdb`&_V>oA&U<)FhPd|+JvyX8HtPdjo!sCBB{8^lO5Hipkem*~9PU6S!^hV-+$BTryK4AtUa>oiuf#wq9F23Rk zf&_lM4X%@IgxG&Ha~qMsS_+2R+20G&bg@$7ypfQ$CN{bE#i>X5Bo7n^COS2OU1$63 zf@wb?yEI@7&x+e37 zLVB7G*caS^;*bokw2&T#S4YNDy>}IMPQ?xouonE9fzWk;hmBZ6H+f~HR0|k$9@JdX zP<$EYA1dKYIMWv|PsIsfeJ5yXp_`I;5f5`uTzqe@uxx(gtC`I%CY3x%s>~vWpYVo# zLuAvhi#va%+#h2~(#=J(=XpgvyHpr;4T6xOL)vRP$tdsEA^_J~u72NMnd@U2wmTa4 zxY9D0A1b0?V!NH!adr>twdcl+qNVc)?Cy_r$pkbBa7nmXRjQ)GsEBUZ+Ff?fJHyt| zff&n^JB=0MW^b(u&wm)#Cw;`HBE`6Zn>-WO_@jS-Vx3^s(UhhhbMe$D|3PFF9fE_I z=}TJ{t!|OFG-ZPg;|;l=MDm+}Gk&{0pW&Pw;BCO=LW*YPr6wuR9X-Sn$iHT&0sgO> zxV!>S9pWn?VmFkX79FF2d9o5_9G@DqM^qk{unLHw+AW@IT$e`-pVAeWEe+tc14ry3 zC$@hHj}kpp3MCQUk*eOl@9h4gMblCU?owv;_?cT-tGhdZ`@J*I1@+MJ3}-*>c|gGh z-E3d1<4Msqhg(R0U3`+&Rm&`};jL%8nYtZf3nN`}auA&h#$!aY0X4tR50?%6N$rSX zfBHOUsb;Ijd{*UL}|Y;uRZW=3(as1t2;qIJ`Ci#<%d0vSXKwUxM`ov_MK$+$9tc zBbfh~1PvrQs>3Xi$`8Gda4pnwQul@CxSoE6BK9wA^U~Ql+Pa21_b!l~t}=ah_jG^4 zjjD#gRJG?ar@!sD$6Z;BZUw8kVYK26oVAGfu4wrPsGQ8dQhwsyD~{C81F8KVIBRS| zxO!dBtLsa%U^NwK@#Fh|gRm%%50e%V?-Al2(=$SgUeofi0zFr*F5ft_gCmap;+i4b z%AIjUe0jcu%B54ob#%ds2*Np_`x1X%5p?H;zNlNmHO9w< z8Qd-Qu$etx~&Q7{+YT(z9H0I#V` z&LNQU7iyMvJnsxg$4V z*zdRH1AC^EJq9FyYrLu|Mc=2nSvt)_joKJefPxILv2)}P5Snz2x3pI_OmKsV3v|)S zVzQ!(Nha;odmE@Y)t2@?D`h2;gY?xp{_da~F#_Br^Z`IQSvZ{Y>$Rr(wR&kk`DqyS z;NBS5n5&!9LH-_p^qaa-I8bJiZtD~-)(+1$@@FURYfR&RWNl6doaGIRaX}$3|DHd% z`K=#j_QUU6ZG6%EKsMqfQMy&=OcLSU2^=B7Q{29jguaQ_6oi_(coS4q1{7N+>wwJjEPrsSOefVGEwH?e0Cul{}cYbw~tntg|LH8aks9m z2+6unYttPB3L~$40#VN_NbLoAklsy!d$bG47kq-%tpCTir*#~a?2<@%?)DWCmz8g* zit$IT(FqK^E0)ENRfG{VSxZdlo%{Wdj($bpIMPCP+{KfK9sioBTG zQ}y!1j1P>%AMxaiIE>2L`!EA+qc#s!wF$IJANrp4{!(H(1er58rV>0&mN$V0TKbkR zEAA4jNi{Xo?{InwM_3a6pqvcNXA`w?Ybtt=#-XXaP)3E?(qGu*XFeEV6LdkK6YYQ* zK{5G%WhvGhrk^PP*;O;Iw&)wIk@nmi+V68+ce5<4nHcuBYN5EykGTQChG7N=LYXnf zWQ2Bf_c3F`A+BHvI^=HQkb@WKtA;mn)5?9nZ*6%>K&-)6HaddGw!{`cEs+}9L>Tab z%m1irxB+kJ4C2LZ+<*X@?=C$`8`wJoTFP zk?(>?)M;OO@{Bxjdbyo?Ibk!&;j@W5K0Y^Y#uhqTce`v%0_`cdH{`Y=%3GL;$}zBT z7~;KE+l4(;RAU5Y2~$c8zOuEkb!FfjNIGZv6H4OD7wA`xU_j0?riLT zOY5;p2WX`vV-#vXN?OxRx3?8%U7rqwzfFFC0gv~`1ftXUj>)^kqA)x!XVc(n9tmB; z;bfqhU0ef{mmiM%Mg?>=LkhEf!R6@XvFKqmO>;KXU2wqI$K;wrRK~xeKrXp@8fSNU z>PbRNNhmYT=upwar5G+_wZ zk%48me3$~s3)rXxK;;J|th$cSin+1Z>F$Itls4b~?N*15ed=A>i_uA0ovK1MWj#Mv zyx2+7?8S%B&#so=J_TH?_MOr-qO;qU$$Mne+Omi4Ro$lsflMe#VI)8cSA^Gp2Nw?+ zmla!S??Gl)K|0XFaG3S8mpy^B#5`0d;4B6*+MK^c7Xl{vlmmAFu^vDJ& z+%rq>7t@pJjMM5%E!)!7uz5Wmw`Nrs;Yc9QY812`;OT7g4JK2yic3s$`#<{MY&~gh zT*<^_0GtQemLzBwDgY{Pvm|MMs+q4b@#qvShbLu2ytXtl zS&dq{=5wyC4B>mdejR2(xeirE4-C|&OkpwruQ~;mX*;TaM7SQRbb1+f@LIr=#VQuQVjT_9Kf>j zEioJMd971pGPh!veM9YSd%6;Fjb;_&C;X}jZHqT`E^tO@TJ72}eYrf=D?b%%tF`%v zFl;4)7xct@UYwE9Z>~oyG4T}PKf8TA$XQ2@nlR@3W+9~VfWKaUZvx0fwBohqVrPks zU1>8SFVAv-Yy8DLmitS!@1+!g`=`vlVwJt?;s}32w-lkNZ>K6J0oyXvdB3ATPRH~# zk#+O{y%LS*(I{85J{jRQ$;Qf_UwsE>U3x$Cm<>1+O|&P*G3T~ULe3YpfokNvY8yhh ziA1sBy(parI$`R6;3ciJt7OjJfP(JIZa~G|Thk!43XnTSz2h6{BDJ}Xp8rl-gBgmk z4Eg_Id0A%;$+yAFNT~U}CX%$RP_7Cs-p4xWT5&Fndx*&}Nao?oPJnXAP2C+Py~(?c zrm1ZcT$-}7ETPk}?i}Jx_oB zADPHf&xggerEcfx9|X#iTq0$>J;#Rc-QGrN1g{Y1X5)D= zf=vy7BIN}F|E5nHL^-qOuUyh+QqP5>8GSWGQr6ogA%qW!FphLH`<_lTBvY-j)DpB=xqZ) zx%Nb^TB)vzNVN&SA&`;=FQvD35%1?rBn#MoauJ|}Oe6lip2Fd+-#g@7xs%08%m$?h zn#+_!j>e;;V!A@4l<`srIe!>0HA>tsH<#?p5%#am9HI~ypaqD8qE5)&h|J0cP-h@&|2vo)?-kPC0q_^Ur1n=)eKeIDl z`sB94A)LH=F-IlhFH`PK1D!vQz-bpUVH(tyXqM9omKe$$_vX2)P#~9$hX6Me_K=cpm_qFta+mIG6XA-|LM77Qf%O2*eL zq+H3#nS{n8)Nh7w%qwu!It;d*0cQEG=UyyN^dl!f%R)HOk+cxeV$bbPdRF&;^~WVL zHU$}JzN{5c?0R!5p#AlUpL7#+cp*p+JLb!qjzflS(2>=M0`ygt4-3$~3NYR;01cn2 znc?e^^txRw$^g9ky89^MC6*z#3O+jdTwM2PYwQsHG21#G5FxhD=Q|YwL$@5t0Mkak z(U9S6%0&R`w4pjaf^V=g?>u{KT2?}u5m|4*}uK@QpGE&R=2^|%L3 ze15~baUJ);Y}LQdpXOX9V#2b+9TO_mQI?AJqnyWpSZuj%)uR0I@riYR{V!z=>Gsx+ zVnwmAorYVPbXDQ}Stn5h@5Z@-=Y?iveenDi9z)Lh<7sVc@{GqNppN60q2#-`WZEEM zhXnVzi%uxI=Ysy_(JhcclB+p&@vfI)HKt|Z{?KS6m$2L*S{qcK zk6__c(#}(rEw5%P?pFmNvsZe}rc_lxK(8ApwQji%#$*f}^4k)Br)ka23(8geFo$wY zd-+Ktpq)~k;}vR427&yczA>_S@jSkJh?@Phpr)UCk}o8xq8bF-)~<3w3x|TzXgudu z?T=ZBj`Qfmkk>YH{Xg%2XUtk}yp$F)$4V31Egu0c8UO0s#d81Rz46 zP_fipD*+&`ZTf>P*Ht9fY@9s!xtc@>YU7`~tNAbl6aosN)|-yUF!>bXy2O2}JB7_O IE&>845V_GeyZ`_I diff --git a/tests/security-resources/other-server-cert.pem b/tests/security-resources/other-server-cert.pem index 52a926e293f..90e24ad4e27 100644 --- a/tests/security-resources/other-server-cert.pem +++ b/tests/security-resources/other-server-cert.pem @@ -1,30 +1,30 @@ Bag Attributes friendlyName: other-server - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 34 39 35 33 -subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Other Server -issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification Authority + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 30 39 36 32 34 +subject=C=AMQ, ST=AMQ, L=AMQ, O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Other Server +issuer=O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Server Certification Authority -----BEGIN CERTIFICATE----- -MIIEJzCCAw+gAwIBAgIJAIYtNmfo1IcvMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV -BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMjRaGA8yMTI0MDIyNzExNTEyNFowdzEMMAoGA1UEBhMDQU1RMQwwCgYD -VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV -BAsTB0FydGVtaXMxJjAkBgNVBAMTHUFjdGl2ZU1RIEFydGVtaXMgT3RoZXIgU2Vy -dmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupddeWP1OET5W9A3 -UrVz0xYW3wGvmkrlsYjpqENqcaXmcsLXrvfxCoavQpWxrd2OtmTuHA59tWYyd8FW -3Mvp7NnOUZ0Xz5nAgjHwhlfIQ2qhrKV8V+jUdcWsh+09elwO7qRbjllKRW2I4zVx -KFzP3r1Ncojrb8V0wPAKjSWdZn8jptfzsondvlxkkU5CuX+6VTh1P099a4iHO9bT -5UNFjJS9FTgN+ln8Iq5tSUJID1PsTY5Ob/LdEx5TVJ/xr1jwBRI2QrLtM3ju6Dtt -y2eA8G17u/gPIpjCUnAf+xGHDePKJQ014nnSxPlfT/z0Fs4twapt7dBtwlLXIXht -6E5UGQIDAQABo4HLMIHIMB0GA1UdDgQWBBRtzYiKCZfZCX5WUq38rGDHBIZuhTBm -BgNVHREEXzBdgh1vdGhlci1zZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxo -b3N0ghVsb2NhbGhvc3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0ZXN0Lm1l -hwR/AAABMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUfI39SB/hKrHFXIQqijOWKIOk -6FgwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAMOoB/kr -yA2zQ4buePXySKyUlcN5XzdyWqDXZI9gRXlyFgoHyOvr8xd6ak+EaxZVd6nZ99V+ -ua96UCuy9eiWi8iupdfTeBH2XJrdFUGmd54W/a9ORKIN0ljW5OLW2bmD3Gb/esJr -sbiWmmgUpGW9CLlQiz8xkHLQvV1pl3xONe0AEr7EVw2Pkr6QhS0tmq36IJXTetPb -Tccnj26YPaAVUozEHLzINakp8UonmFNLnNCjgtqAQ63yaw5BDyqTjb5xAMF4oyt8 -is45SO/2P6TSWc6i6YMA1rCJDM2jCrVIeHk3AZ4gsre/j23ZQc/EGBWTWYbZw6G8 -/nOiLulSd6+ulps= +MIIEJjCCAw6gAwIBAgIIY/KNo0XgDKcwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE +ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R +IEFydGVtaXMgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI2MDQw +NzAyMTE0OVoYDzIxMjYwMzE0MDIxMTQ5WjB3MQwwCgYDVQQGEwNBTVExDDAKBgNV +BAgTA0FNUTEMMAoGA1UEBxMDQU1RMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UE +CxMHQXJ0ZW1pczEmMCQGA1UEAxMdQWN0aXZlTVEgQXJ0ZW1pcyBPdGhlciBTZXJ2 +ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEW0Cc8IRQL+YIIvgv +I7NOuJG8p7SQixKlnZWiQAhKUCL9NELlZfVfNy/YmOpsCk2tcMUf+A1M9WDBNhhW +qBwTmDyg6GRZe87ZP3eeVzmTUVg0cHEAn4yi4A5mfuE2/+6aeGVnCz6YetEEDxWP +oVpMLlbVCWvTNQAFmeBmIRN/eAK+tNnPfeVA/ii73bUTgZum69ip+P8ILEJKM2PK +jjwMM6lCF3RIaK7VuvlIBOdgAT7t46KPIlJZVIsH243oA01Ja1JD/tGRqWHdYSLR +D49k/7LFEqGbSe+0ZcxpP5wBKgS2CLPWs4rBK/PkHbChwXdempFCgeux8lgLquhV +3UQNAgMBAAGjgcswgcgwHQYDVR0OBBYEFMkJfNYVWLEAwGXadUeH2NVJ5FBTMGYG +A1UdEQRfMF2CHW90aGVyLXNlcnZlci5hcnRlbWlzLmFjdGl2ZW1xgglsb2NhbGhv +c3SCFWxvY2FsaG9zdC5sb2NhbGRvbWFpboIUYXJ0ZW1pcy5sb2NhbHRlc3QubWWH +BH8AAAEwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBQ9u59+SMJZg6UaVrT4UbUjTlrZ +fTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAeoQnXfEt +1V0XTMTxjy+6PXd51aLuHlfR4kCBn//ARRrxa7SqGPFGg9BIS/nCHIYRfytRNyST +PeCpp8jxgO7wxY1k2VUAMziVmCuybSxsdSlbmtSJvo64EwCHddWGgUBXGO6kqMeZ +gBkej2DzFbLWudwlqpu/n1EFj2+bwfSkTKIaq03QA33l8s5GGXVUuNQySw8HdG2j +brHOeWacyN+AYzwIXLSYBUKBOi6j/25hTY9+SX9YxRDOyQtKf+ajbHy8ftYb8TwW +OGoJKaozL9uhaeMhtjdpW6oSXI+oYo7myGOVVC8z2fGqxmbu42/d10V6cRu4B34S +ycBJK9j/ShG0QQ== -----END CERTIFICATE----- diff --git a/tests/security-resources/other-server-crl.pem b/tests/security-resources/other-server-crl.pem index ecdf96481cd..0a503076e82 100644 --- a/tests/security-resources/other-server-crl.pem +++ b/tests/security-resources/other-server-crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ +MIIB1zCBwAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBTZXJ2 -ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI0MDMyMjExNTEyNloYDzIxMjQw -MjI3MTE1MTI2WjAcMBoCCQCGLTZn6NSHLxcNMjQwMzIyMTE1MTI2WqAOMAwwCgYD -VR0UBAMCAQAwDQYJKoZIhvcNAQELBQADggEBAKjeovsRpImr/CoS4PdD4Rh5/s0U -lm1dgmK/2HuD5m5K6XvJCBnNkvThkVWK8tgG6t2bjFJnFTQbgIazJtVmpE5kxPdy -sRD/3WQ61vuOc/EYzslwBrgMTujtj6J2JwIBe7JgCYH4KPuG6Lb8nVFCDZ2t8K9p -ca7VQdfLhKxh+5bbIuVv077bY+DllcJRAhza32x6xp6Occ+09O0JCWSiazVjVUi8 -Umt5c7HFI+NJwLWACqbYImrWg6A0hD2lptAFaMaRgEpvcyWYhU3foJmBoFuNve1u -mx894jQ1X/I3t1EHWhTg7vtJSwowjxl2woc3BOxxIO2FQ4rHiSCiG3+XoDc= +ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI2MDQwNzAyMTE1MFoYDzIxMjYw +MzE0MDIxMTUwWjAbMBkCCGPyjaNF4AynFw0yNjA0MDcwMjExNTBaoA4wDDAKBgNV +HRQEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAlPw8HX5uFu0v/QF5sNsTqtWcfoJd +BcMtzJH3WOJhijt8RNoegZzEDpSPwAalbBoVLopAPFg9v2xX4Nyc2M+k7XQP1ozM ++F34BMwte+Y/bnLABsRG22AiIGk6PXR47DFozBXMZ5iVVKBoM3a4YkvlBXxDsgPb +4iJwP0f3ponNle1YJ7sK4kx4cKfGtL/IDzdYXQMUcf/KzMwA4lwWflNIKaetI5uC +/maaEt16cx09GxplMcssEuXwpoxja594SKdxkn3RyIEsWYzRZSAEXJWQTtFaWpl5 +wuQTxrSckBSv2FgEYM57CoTh/ZJePYZydF033tN2aaeUvesL5bPiZd/9Ug== -----END X509 CRL----- diff --git a/tests/security-resources/other-server-key.pem b/tests/security-resources/other-server-key.pem index 6e3b1f33364..3966004c5cb 100644 --- a/tests/security-resources/other-server-key.pem +++ b/tests/security-resources/other-server-key.pem @@ -1,32 +1,32 @@ Bag Attributes friendlyName: other-server - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 34 39 35 33 + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 30 39 36 32 34 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6l115Y/U4RPlb -0DdStXPTFhbfAa+aSuWxiOmoQ2pxpeZywteu9/EKhq9ClbGt3Y62ZO4cDn21ZjJ3 -wVbcy+ns2c5RnRfPmcCCMfCGV8hDaqGspXxX6NR1xayH7T16XA7upFuOWUpFbYjj -NXEoXM/evU1yiOtvxXTA8AqNJZ1mfyOm1/Oyid2+XGSRTkK5f7pVOHU/T31riIc7 -1tPlQ0WMlL0VOA36Wfwirm1JQkgPU+xNjk5v8t0THlNUn/GvWPAFEjZCsu0zeO7o -O23LZ4DwbXu7+A8imMJScB/7EYcN48olDTXiedLE+V9P/PQWzi3Bqm3t0G3CUtch -eG3oTlQZAgMBAAECggEAOhXbtenNkRY7r/658iflZg1G0mZSdYwiQ+mUn1pZPQbB -nfEUtnWd1kKGNYqnFLJXdmUmEJrcPEeTp18K/NIHwMEu7o4iNvCsknscXp3eDEqa -CMY9Vpp25TDDnE7YqAoXZefJTp9yNPm7tstQrhlyZmr0vJZuAE3uIg+3oSfX/2tF -loA31evQPLWePIyHUapsctKjnAbsVn5lxBN/Ef0rKh6v++aSrgNRdHBZUhofDedo -oWBd1slUxK18aj1q2Dl3DrSxuX7ygiX+3sZl+RBNDH3PXpR93kRN1Go4AYPnMQfd -ExQ8Lc5RViKCfSVBQv8lKttyOZJ/glzCKTe+8bcp1wKBgQDTf5MwZW9oe49pgxFl -foA4GS4MwOWOsf4CI+xKwEPFrTvibZJWk5S6wCqYs8RIl//DY3RqSR5QEw5/5xOq -bmq/YW2UY/Xem18wT495HkoIafm08KrLCs+xD+oui1M+jI3sGi6FBrwYc/n9zTzm -PI+7BnWK07kqg4aIlPuJ91UsowKBgQDh2im5StYoIj8Zm67PD6w4JCXiEfqgVn1f -XJN4CqmxlZqRNBdYPeuT5ECQJbIVRj9RJxKHcCpd1PMbwJfnMJ0wQR5ZhyT0h9HB -f3PzU+ndhwZj52rmIsNJrfwIxEmIe4Zjt9KcLbfHOQOJ/sdgiPiY3Wrkoe8LhV1+ -ig4ANnAsEwKBgFQ/i2hJ37klDxmepj1hyL2P+jIGXOscp+w+Vw/nypdhzGsD7rki -DKrfhZhSc6vfMHiqk2MLQVHwZWQ5rjHDzi3yJ25m6zgDeEWMS8CZejAj1t5myAId -imIjzss/oKdX4ejc/Q7sgdzTxg99w/aKxU5g4k2szSPMRLj/b7ujlIA1AoGAOVEc -daHAZ78JNH6GBpZ7pmPGGXFmoXpRpvnfkv9hwWeuKluF8ScFuiqbF/n5D90cBIRd -93FHzzhT2h8ubcWwnqZoBWB+yHAPk4O88WvCVi4GOSRpxK3d0b0N0Uu/PZvbp0Ln -eCtCEJUviL3X62/XZzQKBKvz9oCKEasHkpY+MXECgYEAgsUxytP8AyQAEd09lBM8 -n+ZuLSOegJc8lH4NJ/1VLtaADpynEdoRwLp2/5u8U0b8B88zxPZOckVy8CypAlDK -GhqmBjCtqL/wF7uRC4yEkYXDa6bK/Rnawpt98zU0SRv3QVdDexMvYL0XMOBVaq+Z -6E16UwNXcn2l3siaZ1486xc= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDEW0Cc8IRQL+YI +IvgvI7NOuJG8p7SQixKlnZWiQAhKUCL9NELlZfVfNy/YmOpsCk2tcMUf+A1M9WDB +NhhWqBwTmDyg6GRZe87ZP3eeVzmTUVg0cHEAn4yi4A5mfuE2/+6aeGVnCz6YetEE +DxWPoVpMLlbVCWvTNQAFmeBmIRN/eAK+tNnPfeVA/ii73bUTgZum69ip+P8ILEJK +M2PKjjwMM6lCF3RIaK7VuvlIBOdgAT7t46KPIlJZVIsH243oA01Ja1JD/tGRqWHd +YSLRD49k/7LFEqGbSe+0ZcxpP5wBKgS2CLPWs4rBK/PkHbChwXdempFCgeux8lgL +quhV3UQNAgMBAAECggEAAY85+aUdX+epe4oPj4xIickEe0uXrwgzuzX/sLyydCij +xoAKQfkn1DxDeIRqZDZGvKhnIGRfcquGO7KayeFm667rWFnQJjfKAkazRAIsVmOw +gCYed6NMwiRmaOD8F+w7cGWhZIqd0iczjsUx5iSha3Z4wRNklFZY7DJ3Kkh796iw +Rgfkd9AWy6TjmM4rE7/LdxyWwP5F1A1eniObdt56dc6l3QbAk+D+yEzkZvx77ERd +QcG8s0WNuIa9WKYVAhhGPmAtWqu2dymSGvhUfr0lK7huCqezumNXyMIwJrdvyOHJ +nWZ8fNFn7a5HmzxEVYRG8pNz6QVA2T9fP/NFHGkenwKBgQDzqOhapYPlO1cYGenn +RZ1gQtLdnelWdhJY7vIEvylKtTNu5jXhXsJ4XpFjuNHhTdU8Tq9N/BEaXv7Oiulj +KkqrFoeQFmPQub0Jy1nMXzZcEDOBLiPkwERLrlsUbpGtaorAXoq/U/vMAgdrz3Zg +W4TqGtI9CN5diU6aqe9c7Na31wKBgQDOTQxvkfi3m5JKFOlJipK6VJQBZouwR7yg +EZ2KF3jyLtz6Va0kbmincSyudPEpmwGzYH+aKi58jKzai32GYZvw0YubZeM8arfU ++fXlCvxpQNQuGt7PgD5c51DZeIu/tRSSNIWiOXyajdtaVSVvXco3wfy3V85ox2TJ +Re8oN3uWuwKBgQCfFNQ++nlWnJuMXL7eBBFv27EYiBTkIkpwTfEtMDGhWRSvfxYG +gnutYvDBjtVYqBxkN2s1GzF/ai4qY39lAyOk+Byh8jxQ9jN5xY5nZHJ1QQ6fdKRy +oST11GwatuXdtwXH+vHTYN2woFKADP9YgegRgFlrB/NGVnM/f1uL7AV0GQKBgQDM +0X4pPvl6AQCqgDxlASlPySzwfwjsySwil5qbQVaYy6Ik/+7Ynq1UoG5F/mB4eCam +GoZVXs+sZFYw3BCR3FLgMoqyi+OhViqRTmGtNs0HCpAd/ht8U8yWnCmO37mPaY60 +4WRTfVOSdohzFNoHyUw9M2Fd/dU1/dC4a7BXc05GhQKBgQDq/nhBSzlFTqHd5b47 +mU48P34mIY6bq0Bf+alC61G+C9cyP4UTUW6VanRYpVz9/P0sUAh0315h81yIMqwD +CiZ+CekpaQHd4xYjyaXaPF1a5IWupx2uhU+hLhoegOpxp4CSYZsAV7WU8CUu4K/l +IRl5HHDCvENhu3EFOr6CNG+vbA== -----END PRIVATE KEY----- diff --git a/tests/security-resources/other-server-keystore.jceks b/tests/security-resources/other-server-keystore.jceks index a3248cc226088f415470504907c7738c6652a100..4e1934334df11dce1aa34db48db42e697832aacb 100644 GIT binary patch literal 4228 zcmeH~XH-+!7J$=$gboquT~vzULZ|`?5jB7~pwgv=i-Z<|(1k!iut7vb3B5P5PzMBQ zf}#S_g`o)o78C*HNzVgu-tx_xwch*l=GUyd?z;QzbIv_`?X&l{&*|*!?1VrdupciJ z!cHQ)f<6a)K_7q62Lgenft5qU5C~!ppdvm1BFrdxW+(zG2SY;vE(9|0+w%$Cw3II} zIGjTlK}EFnXic?ce27dra;doT(uZ+GN%toG+~nJd%Y4lJ3eDaX^QH?$7oxkWn;Oa| ztnmir>{j$N*3C+tH~}}UPcrJ&Zmopo7GXP`^}}Xoyx`Rfc54&htDrrbub;avTxln+MB2xUr->5>+sF zqJ{9M4^;ABp;UR%a{?FAV%vA83tB~5wBPx3(|#WA^?VL@&po!vw`aK56!kc`BF6pr zw6WivXVLw~gE-yti#lSt6zHV~9PA_wL*n#&V&5(5er4we@tY^tQ`&;faUpp;R?!Eo z1S%aQWvqU+xGL9E$on+hYP6x`=wdBfyiTi;+gfD{An2kA*|7cWq?s+X7uAASHG31X zBIdqKDpNNRPTyM!7;CLS_KA+bj-XiCJ#43B*X(QGPSC;>^9-rA4;`7#uZTXkL^#u| z0X0D$HTXWF=Mm*2JJC4dMvi9$S@4&Rl+yv?<{KT7OzUw+7pEY;_49gDm+&h1 zK5Zd~{kNmFM#_4*s3CWIOz+{>Ebk6O&E&hfy1tosA7dUCu5Vb$U8MHc4kVcGp|HrI z3Em1>DuZF+VOp7!!{Z}4wEp(7VHF9mvFbQjd^Rw4vh9Vsm$)vVy;>DdcRgF?S9+a`Z zsA{9Zr)=buB+>+OME2dqIDZXN1NTkyVTN+AKDj<(KYCG2wO&Th z^+w>0Nu!oW#20VSu2G1x$1JvOaSFRvpit}X{EUswC4rKf&#~2)N4w|Rbf$)g(Y4Yr z|Nf6MSLuz1TCa6gkM}FR-2JUl_bwtUFiFKt#MXE=Z(R3GfnwEU5eD8qFgI?Tde?OH zBi>(Y>=SBF!kX(FA*ZMsiZUVxLDLjxSrqgAII}^QkD(zog|13>NZlVc+9kMg%;ci;ikjAJDD5Zq56t@q&Q9aX0w(j}iFgrKieQ$n{aDZB>e7t?*MR6{2$y!}$*mW^4g+uS-Y_H{P zWYt%y^i3ZdD|3`t6@83-+r!PUi^~UKgYP$|;e(;mj=i=+oM~g{(>rDjAIfx)Zb2tx zaU~nic~6Kbq!yv-TQaoJT+DDY1S=Y;M<5gZL1R-T zZh&)J#fE0l^C5$tL|-KhKy6zCM=Sn5Na9DA#Od$cl{fus(6qlNsp7RyfS ze=>G2uxH0u(f=^^m+eyV!(@O8mHOEoP$meR3gv=q=~-b^C=}9SqnkP(WuiEPlv-Al zET4J^?($GX|Lj^YtF4?Oq4kmr@U^TvbzEymgR1;ed1t%>+|RmGj<^jBDAiIbFgg)EINgf#5l|LrKBi2rfQamh}mYc|Xd% zR~5oUf9)cPrUb(3D~4W%PU~*&uN|#KN2KJ>4i+slkP0|MEa7>aHaoTm$4|z)-s^w3 zf=9e{fFAnvCYvU8%IeHjmf_fUaAO1aQ%5$tgU=OUJMnNT zR1Q&vEFUPp(j@<7O7uZiQ-ED^JT79kbkUNn_?_9PJ_igAg+Oy6UH}nofasP-ML7|> z5xbtDE)4KlmO>iA-~5ip4E7sLnVbe(w!3){_JA!_^yhMnaohpYvTw27SpGPcQ~S*(&V-YI_|t0tP?;@oiBWApq6H=1rI-2o8-RB^>Ni`NQ_^9bcC*jz+7(OQ+l|d7|r1e zU)ey-h)i)xLxw36jg->#HTOie&>iD0cAV0`3%Mu^c%m6?|fe;K%ZanH-)h@^__ zKEIo%e3l+fUOBsDv;Q&3BtuM*O3Ij#Bi^0wWON0Ya9jkY?{AooV(HM7g#}{Thgv`=xyFgmF9WTF1WXbGyz`kWHWi*U@7dE+Vrtb`3jpPzHdX*zl)$xLsaE z(NHJ@!34m!K7RUGoo~Q?>CJanlEH1wKl;A0R);rbG+y?4juKn|&dOP0H{n5?@H6i8!&w%}8O@aJ5_$ckwjiAE*rXhTI4TpG z7Z&8{TsO38CW2@&IG%#a6in<8%)aHrm4{25sIAGAfQxqQi!BM{4l9Zq?iCEtD^ppl z`%=uDQURHq{#BtM1v_-3;O0d9>S^yWX=ZTIyRe?}zBl=$lUmgRX7Af9YfrV0sE$h#cfIn*i-=Yq71{qyOrTaNN1Y{Ko%xYX0e&;_uY_J2n5Z)U?hz&>MO2AP~c$ O#)I7dPJz`RxA~tkQ{|fg literal 4229 zcmeH~dpMNa8o<9XGniov^Q7*AV zatX=ZY!M<}14nvEX)Im&1iB<8QbwJ%_%EU7(vFG4a^lUYel7(&%AxzghE%e((Z>e1gk&eJ$9*O``vAiKOeUtj6b!Zb)1Wr zX`FqaqID!MzJ%cJqOVqv+-bF)RX6pfLTzn+^a4VxBuYay(RjadC0SF!57$W*N&mQu z`DRsRMl!?YMCqGj;$*2nMMck#E3LT9UjCBBeuKV3U|T&i|CfeGzz*}{>x2VWdf6w+ zmZ;6!f}WK=Z1alo3D? zrwd&I?E-omCJpm0t#)nji>Q>fbY=(QR$OP3<<$p9uP;0;pa#~dkHty6ro7M97+rw( z_onwQ@rdjKLUoY=Tx)BsqYGHVB-=fBH`3D?Ij)HeX6^E>-?U^a<}y$t%IEq@Hln4Q`C& zVQr#t*RK8dBi7SwG4Ua0JWaEAd~&qjUBqhOBxmw=IHpI2hd1?CTNm+ z(N;?2J`V9}tDGQHfTWfY9~1Vr+S7-`NbO; zipO;aF}Tz6=CD`^!(bAta4x!7-0qq$=4hk1cfY_zytXi04%P#^wSW>HTF>LVIho`* z^wJ90xXx1^<#FD7TNXM^Hc;xK@Zr5J!W2hJ{$>~o!_-ndUDis~EMX1^G3TYAY*hM( zJq1e}Uzk1`LnuDEgdM$;!H4qmbRg75Y4S|>d7Wanm_aCupgYxW)2p`2x&KZ=`;-wM zSLAk>X{B{>@J`nijfmUQIq~8)&Ym(ow)d@^T-wtyh3{HrVx#=2tyRn$cCo44`W;-I zwZmG)hq4J&UcKd-ruIFj`wFvRH)kyF@ej;tG>TJ)yjPc;(J`03 zus$(skzXT4EI8%+K>CaRYwR9PQa}LOV%76*>nkGt)Y>%NkT<98D-Ypza*CkpCj4YJ z;kOs0L(xnq8-$Gw0mR5EdConEl?PGm2 z6t4iXH-!dbg;DqepaLF`!ztqM2OLDu_{|2y-q#O{CQ4i)p4weB^0q2|qRGkQf~ij3soT~n!J1|fzHzbY!-LOs_0Od>3aX%1 z?bpQ1Nk%$`Xv>!-Nu~jBCir()TIDTQ*e$^^N;*}q6sU`H>ZBge$R*N=`j2SwtX7NT zJ3sTqqGq}!P>R#EfwoUBW^3<+Sh6kGNU!=ytrjD@sH8blt6$il5CBpT)dNO#f?}H< z72|;k!30QsaS4dbQN&3bi?X#+*A7^W{~3_DHOvQd0iEe$Ki6Y9w{HO?=k_(WNP%>O zUx2%tpI1N-g)aE7uH4t2M*zvq+n+A*W6f73g%CuMBN1X@r#5Rlh}hbPAI1g(;Lfe? zZkPxt6e$p%xNf-fiFD;Xr_<623K>$-g>!Zw|JDQv*j6}kZr%ala1JQs=kwkS|IPD; z0C$TyKFM^Ve$$Ovq`rS+Sell8m*%2Oc3_TpB)jU<$U;bt&KED<3Wxcao%R*74lNm7 z89G^45oRt^^?oknY-jnEkwGfo2PejapmtGcuF!ggsa`&6z;5{I^zdk1^f+-Ntkt*j zRtCdMppekWS!aG$6L+56-{|a}8E&fh3cxhA*`ktDn$Dk*m1UHzV$%o11|OMp>`nI1 zI>;2XIM*iH(5YCmZ~5@vEKB2@{sQ_~q;A<8Umk6=bZTN#AkacBkO@yV28M6MbN3Y>s|~3%Wk@czs`gGYX;l07HW9&8`2!5d*JESB`?wsvKaacZc|*&&B*FgLyKWZTvI&-wE_9blZQ=ur{dFO^s?*uZ3G zky{{8G(C=4g`3-$v*NQyA6XD|JX3_u_r;v;4axKr!3GVi`SULL#wI|n>tT#vn|*HL zR;$n4_y01lrHl&uJ6-Tj}r*Kh8y0a#W@9AJ{e^wB)>Fr$fvk< zY^kTK4tMK9u%N%Ti)tP&{E$RMpoyTOzX%x1C-6dEiuj)KBpjxk8B;UuT78M4cU@!D z9CBG2zdl4WQwNYHwH&R@m#1ox0=^FJ6^6gEVv(Y3jy0>W9=yh#&-Ojv=zs^opV;uH zdAL}irms0j4@#|TpjRr2L5+OH$qBHKOhn2P4c-M3_o_0<)W`4y z(|>x|e7atxx3c~)N{g9Ut^-Fu)Eav&C@l3Zxqjo|7egU6)e4_0>)Q>sYaklD z^0UXeX@cDztX7XSc7a|kgIkzB zA3IG|xuXhE!=Bk4VDPniBfh<1WZm7qKVv5TPR&2PQ~aHpf2ZbOmYVFaz@b8#?+3r= P#@H0hCrFbk+l7Au@e!-w diff --git a/tests/security-resources/other-server-keystore.jks b/tests/security-resources/other-server-keystore.jks index 9b7d2e6c7886bdcaec35c67186cb3f18309fe07d..eee243a055050c858ba5abd2f657e0dc1746c661 100644 GIT binary patch literal 4249 zcmeH~c{r478^C9^jAdvLp{y+?yo@CsWG!n(mPk%C4JM2*V=G~Z%9_YB_I*nfjxAf1 zU6Um$YiN=E2#NVdb-t_beCN8p@1O7c>s;^kUhn4iDSimKcG3r=S?rqOnP`7^^01Z zk*^ucJg0vG$8qolR;8G`BURTB317J-wk@@6L-S>6bm=c!HVQZxK1dzypOc*G4({6F~2_f)HI*0|PsTYFkj}&}VXk={H#fbKtrtQ>GA+6dYtB8m; zvc49^FYdMH+UDb8G`GX{irNls=>DTlme5WkDQV42t9wWY=}UQxt8vG9f2aP{FlJfg z=$RE0Gjt6f`!f54UDLUV)hfZ8tEeIDKx+5R&yvB-4?a#pY7DQr7ldzC+9}0vXifL_ z@+y4Fopa8JGDKKX%j7ruORiybn>06U-<#jw`kh}ja52@MJ@ZPO$7W}7T!7;l5&5fE zm`xg!3I$b&qmg9wg-kK0UqAbeiO>w(C>&1_HuD@UTZR#fPahxKEHXP)Rp!P1s+zn_ zEUw1E{W_lSJk8VM`eM7?s6Ejrp;g?y9{G&#f=gpe7s2!@&3T( zB4>U}N0XAFl5UgyVE()!26OenvV*J|^C5rkz3Fi}AiY0ZzCj zhMm5063pqS+eNF94bzKkPGVMA;&>(M)mbjKQ`_!$+d(s7&MphR0C8#wbAlz5P4iF2 zQ#*!k^a!LoaNeyM=~}*XWM&LCkxw&dZ78K7hOJ>d(#Rr^&gK(oJxEON#jo;))&*}% z7xmViFnhY)O z=Xp{aA>5f;@r%S5Cc=ogHErqV_fme*@;tR*oX2k+GBtO@Kg>NQezr_?txiJ7Hg2uG zX%stJNMB@v1>;+NZE+b5wb7yB4k`Z9Tg_S2!HvuoVcMSO{8hf{Hv5^?Ow&JZdaL9g zzq$WWJ|%Sdx5fYJo|c{|m+G_r!oqN9_ST>Od902-4`9iUpjz{(%S2&6#5*f+h&v z#+taLGV572*Ia56ii@7 zj#c`Mhv)}YB|LHt><;cgPZY4Ms#i@2h^G7c>}yByWz6NK>Dn2|4LF@1%(&8<&f`!x z@Kiw8NXn3mm~~p;E9K?U6O6Je@#{aK)W_Z#D`L?lNkW{K-oN)#XvB-L5be*d2EKs_ z8oW9d4am3Px^4bYrrPeZUp}EO!U@A$C44NgGTAxkkK|`BeO&Vf%=6Lpd9Mn4AdjbT za#gRmq@rJBQ@%kGZY84#sDMB)DFzV_0u(4`1{4B@Kv-}qk=eQv?D+r(6RT9HUg$ap z7|aF-0T<-B0VEUD0){}bXyQl&FTAm-92Wzn3>6!SS<{1rcO`hr9RrkhHBgl7AA>}G zbcvXKgRzJ<-h)JNAmHpt1UI6HCYj{q=0PC&0wQ}kb3aZIi{YQ)CUs}xHTmO}@2LXxi#tQ$Nu_n9qjC~ zpH!kRB>UhU+0+yLXfPyibmloD8OuRd=YB;HJZZu~6cykDX{Z?K^Pkb!Ib1hdi3+0T z%?%fB&{>XZ8DMaoQL5~iLan_dJ*U#a+D$#!J3FxY{M)Q(u`|}@;mofi-$RY{ozH0R z(C!r4kJ^jTkkOau58L)+QuP-r@ZE$HDPSpB70aWcN4J~NtJA_|na$q6Cg0Htnk!$i zVk>%YF{;A>fr3Hc?4T|ns2vbycvP4Z#s}l+V7)fPYgGiMJb%pjrX=A# zNiweZFjxSi-UF<=>!4r|00bP^6~$rv0AC=FT3z~ey%y`>+W@wr_YV}1E}2r zlCa%yVqu&M;BaOr_~-p*gg;}y!63hoL$=G(gSLB(T9>0`Yt_7c2eTITpQTM{1f|oP zboVVgR}}FtpA3GkXSmrS6v`cdHdU6mt2R-X-@Y8Uu+$cLX~Y7AIToLYe&~ACg?z*& zdEiz|#Xm-2dK$|3rs8ta?$sDl@8aDsUlrE6hRF#vmS(E#(44tsh=H=dcH- zwPLXH8x~q)|Ewvx&mzDnsep(t$5G1fvWVf=UirQEYe@~Lj$*|m6t}a_Mq#d9h6v+H9(F#h}3Ho5N4=a7hAHEHQmn zig16am;T%r%W(skd9ZCcib)Ezy{xrmfBsgQo{Z8(`c)?95+c3=mt++k!=brzFGZZY zt6Sh;joTzXrk4%d*=Qw5PHFyB$&>NW$MB(leqCjWvd+w6`d65BHuzKCQoux19o}XL z*Q8-Gph9%`U?;);%WjL)Bf>01tJ6-_qarziDI zThHEjIe*tx@VtA9m8A{XtHv(*8EYG@KrnUVQa=6ic(3u*uCGL|KH@X~L%o%A1RAa^ zO0a_~?L_8T`Sg~6tP-?NV!N-F=h&1KoiHltpL^Zc^-}%F7YiX+tNtk}Ylc94k3iNv z4`i-Z{A68Ch6q%+=TKyc57+g=sMq}hS2Z6htkka-F;Oc(Q!~FE&8K2UV)NrB?|d8fX9G rYV+>z)cngc#owvfZ-eKOYT44MoXya8w-A9o!H53=@qh#< literal 4248 zcmeH~c|6qJ8o=kr7zSeh;Y_2L)we+ zPkCqr>y5L&sml~%$h2NBloDDeiJ)7y%?u7Zvf-swvd_I*eFIUN_Y_zY3|qY%!HC#o zC|Jlo7ex0tXrN(T^p=UpEu)rUKbz2xzg>3@P0m%pk>(r=Ki@X&x|Wjl3d+e>Ow2r2{Ly^ORj20wjSt~Xc@_m?=tdDYRYcLY%Zp5Oa)9pHejQ+oHB>i62#Pd72Svw_Z~M zA7(qrN62{92&@D%U7#qj;o*%zUHE+8-Yk)dvvF0Oa+mS_sRite-4BMIEYAk4IzDGL zD7cTKzV*-7i%m6_?9a=ZW^o9dYCKbabT*MlB$NuKF=XJQ;dnGbCy9n4Rt71$EazH_sPx9lZzo)ST6Hsbayt<^C}lQoTQ_5dQ9b6q?Ywset+eU)m+XV0^XsDie<$m3OgD)%^8dc7lTI1-k$ zG-aNKKR#B(d&f9f{zxqDCN`n&YlXXR0QqHWg#wF`sZxXl($=%MU75-8?Yp;tpVi;I?*dSe`on<+;64J-Ve^b9V{UL@LrOC{EHHnFf~`}M<@EVp@V z(0R<0MV+{TH>F3y@}eguuHfm1j`tt%;22dVHU~VZJ8m(8O`@2wUzb96!H!8nrAPk5+&|3j7nn)`alsJF~%Xlsq3A*2Z@e$VGikG|^VmHI>r z*HM?5CT7D2*Izl&Fyv25zBqh7sA+0jb1o%NH#E#8opMp(YV&r|`RVC6zWzKig8|9C zNU-lq&grY+lDD)bZ6_PtO6D_&VHh>B9A3|G+otxs+J!yYHRJMIUxuddwn zaEMvcxe@PmN_>;_K49+oi<>d9q1ie8H%X%^>Z=eVlrEnq71VO?U^6Xzu`^niyJC8} zyv)q{kY&9vg=o{a(3(;|u(UpvovhAOPSH`znLM}{Z^Owfy7-Vl0d55L7$}3qVlc88>@iCoR_tB_ zVzKf+6rdl58D!l5JB*W7ZEyD<62req^xvib$=JVvN4^`2{tsgf_sho*lR+{d_^Uhi zDh4eXV1?}I8EMD>0IA8aA=$4hXl`2d$QxIB_n}Y|Kv|aVRC(0QZ4Fni!f9gD(7lZn z#>g`DwDQuigev?ZA4^cBBi8Tf+0piy`QffJH@Lh1(MZNDN1C^4xaO4<2AY59_iZVm zET{xnvn&=^C0OX5B1FBF^%Ax29GRHTC0d2Yp}*&HBhe( zt}#>aJz*H+7DZ7W?3>a!6_;AirGVJ7_#$|ZprfwMYBH~%VBoPj#(BuZG-svk+%g@9 zoO;EAjQ`>XWkS1C$THz_?PpfO%qC+`{%v*&;%%ESLY7MEZQjHge))*%l6-oXu+T$j zG9EhYPxxS9%1c8FK!E(vb}+ORMDKYN%>qS1k%Z2u79t1lVcQW$lnr})U z2X7xKf&&E_yjSi)`2IeeP#O>d^6z(rpgbTd1Q{5=qs>1lUfyCIE*>M3E*e(w;T*`h zKS3C}A5IK=*8(~^dRpMu^WF>pz4Hbj&u-IiO0*&#XhbghudiyCq^3P1;pB;yxkLCw z+fyVWijlr`Zf=b`z|}C^4Q1wcXLw`aN_AO)kwnG%hxFLidxb-N{_LNuv&Oj8iu|%s zJ7or%Hxa$(2H#N!hpWRz9d`qo+{z!PXE`Ga9O@aWjbcw=l88O^HZB=~2C@qfj)rD) zL}GG7QiP;rR_T^NT3RGI&3lxig=!Qrn*-4`d5eJbIEy7*^|U z=HW`Qh#Y>FSNGNXrqqnFU)jC%YmlGRpe5}Q!xtpe*!-kMI>=%kDcU3VJGcGG)W9h2 zQ9}mA%7F6NWBb(DQ~du;_-}NW>1?7`u2|X%Vhb|hMkj36sFfG#rTCqV9k4tAwbN`% zG~aqP&6(q531v`Z9p*9rS}x!W?Hz9|vh#uzQAatp=#0)9bwytr{>|7y-6(#u1qU2ivyEVsX`#yr02%jK?yQ_R5xo)!-B(&v(O=K(3~ z$T?|I$MvkqK&X61WEIu6@`jIQvFfl9kSC7a86X)dLm2fR(Kj{by?MllbhETC)4tF} zVdSH+s@j6KV^yDQTeN?t0~Q2-VZ$Hh;eL5Ra{|CFln$ibYkn6@-*S-bol;##E|*2q z>bMCKW1yEZ;K`G!Y_kOBEqQ{0tM=twcj}4}wN{~{yjB-+GB@L%IvwlllOs!9+@c>7 zYj;&9LaK9BNfcbPYce%A%MRMyE2s{;c!NhNKq6gl(S-GuKXL@wsKx(o%yFtskQr&W z+bs6pi|Ei`Yc*=G8p7JQ<_M>)EAWY;#*5<&=PfcW}a<$>Rn((PGWXDOF4tjr-9!LIsyExo1 zMWeEGq~atX;M$z6lXc0f2l&*X&J7zpAMUU4L=jLDh!FD7`c}Q+-=8&-_I5vBHXDDX m<{#cE{z}ciQu9ws&4RLLuPX4DEt#DJjDk9 diff --git a/tests/security-resources/other-server-keystore.p12 b/tests/security-resources/other-server-keystore.p12 index de223cb32f94e631f7c59e9876665ecf0a38ecaf..b1b82c29e1264feb63f65ba78057931c694c574b 100644 GIT binary patch delta 4778 zcmV;b5>@S_C!{Bkb`(N*!v7!=xzo~(Mi*U{f?)6tTZEH61|)y?4a-;wXpVgfLwxyB zqx*0Kf&|bKpUpjn&X!^$3?M4H(19HJNuuFU-nG>EUIlo>o8?rU;RhJoi4onw-4>V) zega;GJ*i``#dYwE8X*pfaHp@JQr8+!mpoMiX zbC>a1lmxj^ePB)h?&3f6d}?fv z1nWQ#GYo&trhm;>YDABOxBbL1$pN0R!n@Y&VE4WM6bB2vM!+8PTU_^@9+^K`LbrD~ zrooPMJk4{_AgEFUz7asaB%a!D?@Vw$tIGguQ0q)JHGF@o3hg6}mAc-$AYFrb# za9_LeB!cb_xr}EtLg0ia$kG&r#}_eg*ISmz)kl8~GWm5xNE3dckO$%wY-*z2`>?td zJvG<)??BbT!Jw-2!!o)oDrC(6w@P^ynbg88)8+9Wt?1Q7z&{*5DnPy| zJ3)_MKQ=D~fT|N-(pImWIIUxCbY}y#`mp{GY8~?d#c(y6UgXQP;sb_J*xjM=ctHCH ziAaA0%vZj^k^(r9;br{R-6q$2ebPCY2=v2L$5l zWB$M^?+N68^fY10L%NETe#@Az;-=HI5hXd10BpismF`M>8 z)H$Z&$vC!zdrs|Mlw|4RRyLBeeiA6>?ET_BH3k#j#MzV<$8-i5{>`Id*SCalJ#GK0I@M%3O4O>CzaQjyyL889I##V##Tit` zF-$Ng1_>&LNQUdGq4c|1#cY zO!^cmz*gfacS(KVUUYQcv4^A<2OsjKK;7Ot&tZG4|CJQAIMxUZ!cKe+Rgo?c=MHL9 zS&LeXOP#-lP;1MZf5v$-GXM=+d2g%IZ}zE!a51*GS(_1m-Nb_wIfWUK=XnS8-u+hI z_|z2>BLI<+KXI4Xu`T>}vPyG8~r6R*T=&CXQGp|)M3+wDQd zikS3=-MCACv#k$sC&V0Saz#IAOxtbi5oi36{NfQ=l1Nr9rp~8bpJz2TKo`bm_9k0Q zU|g9R5tVQ_3CGRT_jB5eFjkD9pQ>_*azzqNj_ha;%PunW*Scdr)eMb`ge(VDN4wbu?6=Xq8$uk{N12gxJ{ zP+^w1ZP5vje#TGm9Y|Rl2CO&H6rHi$Z&Z&f#FHVCy65U-WK@Eobnno81OTr{l=Cd#l$rcww zR0!CN*Tml==Z0mb^yNkY#B`akC4XPjRJF@lp@dfQ>^s1lyy|b3Du{vMo~q1ko5_>H z^rV>ZU%W!GTAm9sL)Nbk@v3OJf#{?0+yglguhnyLu1@=t7J?pzs}6|l*H}|=_D=+V zk<9yj=?uO}=38P{uod~>h^-J+Fj%cU+tctuQ^!PwI1r0+TP-q(O~cjJGds!f{dZiI ztkj|g+R%m!T0VR{S=&Oc6T30Z)gR=l<}80RZpO#J?fRx6#7;y#<*`4H^d8X3Z6v`( zP)H`16_O4y`#RaE=bHFmB(ws|!izT02MkR1cI>f-S|}_D;2Wl2YFUU3X&*k&KXG0eq2=rnu|@hy z(iagzZoHT=b&O||CDDlHd;}kVMvo`37+@edDL>lI-4VVjovkR(nr>ifA=p|Z_;@^b ziKrM|=EF^c_T2<;X35*}JAr23lTp@`EnOONjVzHN-|NLzGLe!xN(+`A4(w;>cFClD_{2 z{T2_IXSN_&l(c+guQiGU=YTRsUl*8^C$jlRG5@B-=afta=dj#iWO>PdW52Xmtn3PHsZfYo zknD9OAvG$Jwf`P;`0v?NmNeG~W1yxN6UQ>HiqIUji_fU37E1_53vVcP7u*Y*NkWdO z2}0)K>jwtm;~d|AdR1BTks;PAJInz0vOrl(t`t5WL*l#Vp^30zW;$0LR4wSMq6;qi z5pS11Zk4J){1NMyF>s=(K@?A71kD0%R1}CXW(FMwGc21_C}a3^WAK&WBxp40*fAh) z3y+LirW1Jea<0)FOATvw#u&4IV6tHzR>nq9B_8EWA_g*lP#kLvnaOZG86ky~W0*P~ zefP@PvVoo>F(vlz3LInXX45F+xC2K^agf2JyDYS9ZnxZ`ad*hg>c$W4Bi|PlyYaLQ zpF$6n6V_sfqJ-Lp2eY|iTohJBRyjS0p#tWDPYH!nxf9a>itwHETmx5e+illNHuf?r zb9}lGBy@;>m&^^v(pHeK4c__yMcSA5mDO%r4iE&ZRdRCx2Y9C7U_)LDZ{Hd$kBgJ= z+GYmgcWMc_O?w=+G9VB8e-&Y<3tOW2r@(FalD4PB)>5l{ZQvHI**|+q<_8XV9N= zM0N0{<(&d#^~u!8I|i7d3w)Xl1yd$qHQ=V`s1C!-BDZHD*D5%)H=|a5a zX5rH4{4S%(d%9Y)5JMMd?nnmNh~{kqaHYO1d$5`W7>)T4irfn}yk7f{4^ok=*MbnHsjhiob5SP*z$%J?jBYh2 z_|wUDi|1R>cyy;;3wrA73xXr&)4oPg(L~lf;$9Iq_k1K<5zT^gmv6Pn;mc531fwN? zRCIOegcf?HON_WUf)$+jyPWwl`$lywLV009Gu!j?P=a7_jncPNoZ&P_I;`gKYPfMR z#t_Wjw3OOx;}!GT_={UF4~cL!eD(cB^9b|oe zTO+$cRWr`9?I(Nn^xzt9(ftW|2jax`_dKmZci}dJQ>heB7CiRg@3y&rv08m|aeTup z4Ok1EX)N*N-f5NnZle~MmCSWK>hI;lCHf~R#3nh#K3DCf$){`)kLF@T^?59$+n{h3 zL*(~4qEq`V$?_+!#nVe524+qHWiu+($l}&M>Pl|JN(k1BGb>i^-Zd@I9ULBTzZu zSF08JC6qPX{nLCapa_F%CCkzE{0c$cKvxA~>E9ezR4OW|#aa~c>J@dQS?z=J;z@fV z3|_ZtvNse|M?|qja;czfD2a@AZzE12*d!fP_bZtym$K%VaX{9H&x`j z_cFC(2gA9Y8d1Cahk~A`mW~wX`lM;CL@E;u?l=e2;pMOa^!9n9ig1T*hpG!xFR7aA zP7yX<(m_QylpUH7r-OpzO}oq(B#!K-t`&NQturXYl2`ZDtwTPB{d$v{v!h#8$v~+m z?Xv~zkSO7Hk-mLh9*HqNOtEeO{clUh1WYhZFflL<1_@w>NC9O71OfpC00bZvJ`D9B zjTtkFljzmm8d=dJx(ZLQHp0ZD2UYfcCq%*o6z|22kvySk%K13*H1_zkYY&gG#R38+ E5FNKa>i_@% delta 4778 zcmV;b5>@S_C!{Bkb`(D6;B@jFn-d`gkgMTPqGt>XebAFV1|)wU7R-b#>q=k}R_tQv zXNAlJf&|dUe5HkmC8^qOn8&&I<}72m@rylP7L9&bUn~aq@rNFDPnZ3S?xtcBc-XY; zXT4Vu4V!Seht>OS(XS?)b+ z5N79gy<-ZGB&yn<#!myk*T9$cu5;1M<)TO6= z)-^GTe!rUx4>~(6)h&Az4Ju&vZbv>LGQ8K?CcIPRR)#&Mm3TTXk}VJ9{DfN3i*|O6 zV=fNI9*v2j=FpO4`jJbGf!flUt43oc53j;Wyzt2K0I3rc!A{b8W(~L4OqgZ<@|?X=32xcn3aO zlkNZ4>9tH@0)7^D3({E3FAq`ElrR>Hk!u|)a2n!3!XcUqb3PL6F2}6p;7S{+?}ND z5h%08E{D=qGmL5s^VSalHo=pmgYX*iqI5iB8!vx@+n7VPMNOQ2ar>iBh92eZKo=~k zyG4Vu-oI3*`mN6_!hXeX27aB(L(;+J)VMrj+8aEc+e-brDhGu4D7$jZZ76Z1rhet{#aMJG_YhVVucqL?$5Hr3ZbC)wJvg>@MXDz`NQ7_m$5#$kT^S2z_4tpA1Tk z`N#7cWBjuDO;L+y+gO}hq^rg}=Q8nCVtGgo{rN`{)ex=?I=j8rzdDCn>cClsWFoW` zfVy=w950`?X5NkWM(ciVOrF>^O|>owyJ>%Vv5vUoZu8xs!P?1xUwFI{I#~97vR}dC z(^iv3rd)nODcukI=eAhTyxHB~JA6<6fwpOj8?j^jt;h!T?d46woCMagMswkD<27nw zj&0w|hNSId=A}=f*ofIo`MXD(k`qbet`>{H#%gF09_y|LRyZH6M)3aMz^g2* z1;KbulL`NCSm@>P`wIr+5eG!V?oxlmtWIRxhOZ>BZfSq1lZMB)DG)D{(l62xkDkpT z<7JQDcNV$sp!)k7CN@KViZ$ms-aXD#!prJFhyUZ z#*jx0Z?xpEjtcUAR#ba2qSED)TNfU%fCWJ?qgDF3)XgNtFVAZ^LHd8)=G}j!?s+44 zpL&Wr1n&_e}@mF51 z0v?9T)Ktg%37g|V`6EZ4yUhHKdQ43LUo{1wg6Fa+Ak5rMjOH*lf>u(NL+yBcW1nsN zF-$Ng1_>&LNQU z@V8r=SocJeJq9Fy$FKcMfPxI*nFCopR2OBhUFZy2B<>k(YI}{b zf0Y0y0Hu#ke5#hRMR)#s8QNav@AQ>DKGze^>x>6}1EX1<_})SU7mOZV2Tm?!`V0;d z>O($Z?mFq1_bLJI1y&fA;V~_B0hgoFB$92dM9FJ!L%V=Lz)%GXdew82j2i< zM>dBrv39I~W3lOBqWb>-{hVe@z9y&Gw40z*%~SoG9_WVJ-dW`EoY_!4IZomsX~?y| zS5(m_?D(9`fSC9)pOBsgXHqV0yxEoM5?+@va8d$fNgd7cuvCEyKkp7Lw}&o8Z1~8K zJbP=>xA^j00=`6Q&ls&QIy^S@xRm(~*y)~pEUb`!RY24>YX2rnB!L)I%`hs5-(oSa z5q#yWG4M?X?1Bfj`i-g4S?k--K2+RNc0|m;<=zZB<$}Uu!nE#T8o9M%^Ho`adtW_ z(@L2AX5}!Bi!{6+Eu_Fm@L*eoaMS5~P0c{7%#zJnYwrknd2rXg&?A{XIq&8r)xUlr zfX>gsWH?AZ-&8o59QgqohYefU{R2fHzU zw}LCBvvu$_oSKk{#&NdrjSSJJ!YEg`e3-$7?A(-DVzCa?}P(5qV` z%`tKmaHD$w3kM2em4Zrb&9h}9Y3CLDWu_SMBEH7?w0beZB|tpK5B%z+=E8`D5J!OaGDO91oy zH{-;SA?^7QDOgQvkK{LzF7*JI5IwhR4A{!}KJ>beQuz}>)nK_PsR8XfzhVN&J;8C&>%FN{voMFB9>Kl>djOiC`JZ$zvB%s+>ekt z=K*d}0KJP~4WgCZSx~$br*a97h!igUam+Rv@C`zwZVi}s%5Ob?f0DQ8XGuhq>rU#& z4Sw`w)phsG=y2Ts60(k3dP+kh7z|7Eu_bEAxgi3Py!?(w4K-1v7rLo$NDidMLC34@KVfBP~V6Z$Dz~T4ac>G{K4F#Ia_gA%j zWIino<0uh@!Q9uS^jHxh8&vF>amVoY0BEYWR-4xp9lu_Gl87>16D0vSS?$46#V+ zstX}uoN;0&=2n*rxplf>a6QcFh)*>7F8j2-Io?9$_iY!xbq0`bADqv?BfXjg&(pGi z1l5L-x1z#-)Hdj#3@?u~(rzgF*yPY&Ir?In04VcO$8H;z-?wRk)5wlUu_^(AS-Jjj z$bIDj9~}Ibn^Kp#Dv9LJOmzutn{yYMIT#6aM5#Eh+dF9q7J8b3KK^2+CICZ%OE#iQ zpdjME1|wVH@SfdrBV!#s@yG~Rp=9iQ>+EC>$f00=H1VNj&672!PeI;~WYaE)rOh7# zX(VCLglxNm+bF5Y=)F&`B*bn^7B`~NHuHaek`kh^|EE({&%H!xLq5aP!dtJB1%S0R z1o(bC$W;Pc2zIe~3rl2xT6MB_A}~MBIf_MpCavORiZL?WyY8A&?#OOfm6658&2hNo z%>F2UTU{{7nde}KP{<#C9tb;zZRiHy9R#cfrZa$^vze;~lIMkIsnbcQ7@^y^!@rnKX-y0_V*O!xSq>#;RzamK7M126-KD=L2 znBVakN`F4ySkN++oARfu1^60flT!Zn)WtZhCo05=xTF_zM8ck^Ty!A1w}47oa0Af- zR3_{#fmxPX0WlBA%a9*qpVz_b;4F%O&yQ~>AFu}<9~%|)TfSBBoqbF6mtw5}(u*>G zR+YzyF?SdumqzUHQ`$-9MMhRly;;S zicWWaMA#KHRvhvGJWinq#4$n9i^rP4-5OTx6G&G%on9Cv;DLjuLJveWxgoh&kPZa7?IwEmQAo z&O8Uiy2@h7@D1FXknJTMU#0I=PpXL;uHkEzs{ggmE7juc$wMTv1(p6N4t`*UQC5ET z{c>CK86<3c_%+|mwe;0YdFa4Ptq2C&W7pg2HinALxPpwaU`m=>vs2lx9k8iLj%5=) zrWhV?WYdDnxFB`Y=WWEJzUMT5Do^%NEb!D1umTAz5L?r^qX#os)exi%!H9GAEVEiA zVm|aQDinVH#A;4-Ku_uRC@hGAHY~6g>KGs#qgO8KV5gnV$JYMxc~>LGCekgYvE*Gr zeHiTw8?y%>wkcQ$!L;l4m!{QMSqUtjM_Q&3H{KBpC{Fn`!u68DOc?uraZQqk-N(ng zCD#ae3e-?n94lTK$=Ph+$wGJl9>3n6r2(momTryEqP5Of=j_|NmfjgZTgp@4% zr-q?)@dI&O?MxGzhD*FXnIZ0>SAg(>zPz}h)WHx=tQU}%3J?iM<>n_w9( z$&0|O69$?Ch(-6RPCzGCcvQ6!X}pfqRSk?$NC9O71OfpC00ba}dV?(* zgw_EJkFm<3PO|_KkY?L1HIzjfRWP)vl!mng6c}JS6ZB;4GjkApWr}Th06nnl&H@4_ E5Y`Sp2mk;8 diff --git a/tests/security-resources/other-server-truststore.jceks b/tests/security-resources/other-server-truststore.jceks index 56d89057d141c73131c88caa26d58dd5c596e817..334249c78d84433f31603627a66cc20f0cfa11ca 100644 GIT binary patch delta 690 zcmV;j0!{t!2=54xAt#+>wcI}d1z0XMFgXAK1S&9s1ST+o0}h}A0s#U72xIb%qeb8h zr;$l@95ygCFgGwVF)=hbS{M&9F)}tVGchzUGBGhUIg#3%f5clrobZHDFXjj$_%9=~ zPPmc0r?ilZ5~ZD$qCf~rP$K;_Lgi)kUpFtw`OQCKu^aR8r;qTmi@e&II%?wWXIXA3@OfFW{32W0e z00o)gW+4-Qe|Q4EwAs&nLN$<2}%xOQI z0V)Kx2(#9+ioq-M0KjG1bw`KT)k)+~Q$lritJP2I0m<2+CIxeICZedN2eo22=#SqTP3rc_HqilSG zFWaGM;~};;XFt1Sc?p0}r4B0s#U72>^yIHfQM6 zhcA&xbsRJ>GcqzUF*PwVG+G!BGBGkVFfuYXF)=kUGBlCdn}52OU3p{mI7Ind&^J=G zbJG?U-vO_hO69SL>8L|$ai!*R!q=|%@d}2oLY1+t-Hx_o?i>z%wPrGR!B*VM>Fn9g zQJojhnZSZE@P=2&Lu#R{rF>WD)OE$IhwVLjTn_G}TaH;uMQw=VHE}3h&)&UFa)|41 z#dN^%3XLV5W`BPprq}bbiQT?jWRXrnxqrG7S1ifs%`DiZNgI5A$V=*PApUz0s{d60i%J-FoDQ09R>qc z9S#H*1Qcz}h>8i9*$IADQmy=~V8;Z8ZiSPc0)P~Jjr~X;;VQAkT!bo$GnOcWr07_a zG6N}p!>9-OE65GALx%2n_3}upl$FDIUpI1Epx0!NU`2Uy777Q*>+ACudTLLEYZg^^ zsoD3{ez~uDP%EVk?kaEzyU1^tmPBra+0202$R}GJnzL142Et;+RAeGa4)7wqQ zCy#EJJ)jj*jKmzg$Tg`c@k%F{Q%juCqk`IiL#^^_4nYqpla0P{0Ks^pD}0L1IY{sJ zKcv!G&Z6mq0M@XH49%kowMck*Hvyg?vbVpFZP`K3#26KmS%%rep}hWcqAuxDcdxD% ZmYbEj41p|&n!Kg`;`%bRbewnnQ(3!vO633m diff --git a/tests/security-resources/other-server-truststore.jks b/tests/security-resources/other-server-truststore.jks index 9598d6f62d0be9f75add96057bdc96c377cccfd0..54abca61909a5743bed37c37200caa49cddcf8f9 100644 GIT binary patch delta 690 zcmV;j0!{t!2=54xAt#+>wcO$W1z0XMFgXAK1S&9s1ST+o0}h}A0s#U72xIb%qeb8h zr;$l@95ygCFgGwVF)=hbS{M&9F)}tVGchzUGBGhUIg#3%f5clrobZHDFXjj$_%9=~ zPPmc0r?ilZ5~ZD$qCf~rP$K;_Lgi)kUpFtw`OQCKu^aR8r;qTmi@e&II%?wWXIXA3@OfFW{32W0e z00o)gW+4-Qe|Q4EwAs&nLN$<2}%xOQI z0V)Kx2(#9+ioq-M0KjG1bw`KT)k)+~Q$lritJP2I0m<2+CIxeICZedN2eo22=#SqTP3rc_HqilSG zFWaGM;~};;XY1z0XMFgXAK1S>Ft1Sc?p0}r4B0s#U72>^yIHfQM6 zhcA&xbsRJ>GcqzUF*PwVG+G!BGBGkVFfuYXF)=kUGBlCdn}52OU3p{mI7Ind&^J=G zbJG?U-vO_hO69SL>8L|$ai!*R!q=|%@d}2oLY1+t-Hx_o?i>z%wPrGR!B*VM>Fn9g zQJojhnZSZE@P=2&Lu#R{rF>WD)OE$IhwVLjTn_G}TaH;uMQw=VHE}3h&)&UFa)|41 z#dN^%3XLV5W`BPprq}bbiQT?jWRXrnxqrG7S1ifs%`DiZNgI5A$V=*PApUz0s{d60i%J-FoDQ09R>qc z9S#H*1Qcz}h>8i9*$IADQmy=~V8;Z8ZiSPc0)P~Jjr~X;;VQAkT!bo$GnOcWr07_a zG6N}p!>9-OE65GALx%2n_3}upl$FDIUpI1Epx0!NU`2Uy777Q*>+ACudTLLEYZg^^ zsoD3{ez~uDP%EVk?kaEzyU1^tmPBra+0202$R}GJnzL142Et;+RAeGa4)7wqQ zCy#EJJ)jj*jKmzg$Tg`c@k%F{Q%juCqk`IiL#^^_4nYqpla0P{0Ks^pD}0L1IY{sJ zKcv!G&Z6mq0M@XH49%kowMck*Hvyg?vbVpFZP`K3#26KmS%%rep}hWcqAuxDcdxD% ZmYb>o_Dm$&@GkyG`Vm>kWMSpqG9$T+Nx=XB diff --git a/tests/security-resources/other-server-truststore.p12 b/tests/security-resources/other-server-truststore.p12 index 5774c7978de8f35f447b774ca1e572d4bab16fd3..1a4f58ca2c625396675bdb5536452930f3efff30 100644 GIT binary patch delta 1324 zcmV+{1=ISb3#JQ@YZPWv*Mw7w1TK z|B8j?Cp{WMe+CZIcjB*cG~eS$3cxocP6%8}!B1}ObIjZUP0$1Dbt1}Uik1QWG9~oWdD%cEU$^I252pTi#{Sb zomxJ(RE@4MCr|fTFGa-=xo=XE?FWaeAFy<1K&*hzw|_sN2!=prfafg4TLP19wKDyB z&k-9Ud?h|9aOO-dGHJ&VS92*Gr=jPI#{9Cou!9 z+xvU4fTQD>O4P9Q0n1b`Ae|u2p{Tj9UOjt$lI2lv8Wa`d?ohoLMlu_RKsFdbK*1e+ z3c7gL3#5X}Xid_IXE7rUgtc&&#L4}Ye{G}Mh<{-;DOx?yE@%l^*z7KKKaeC>d&ogj zGA#uddne~AK>Y|}30{4G)~4(^_|-KKzI|yscbb}QtPcoT`++lT^_V@91hvcmKV5<) z$hPG~^B)R;R$?9&S&+vc2KMRn3<*g{utNEBGti2oBn<8QNSGn2-V>eTSgDB`VWH`( zMt?Hcbh0+T61%9S6`NdzRavIG5~s&*Vdmk zw5uv6g61Dy#k3Gk}>>Qd?Ef6mZ&_=CtsqT;_34R=jHnJ_SRC( z4AxE(xTMg4s4S>_{xvaU7s9keh7ximG=F3_BT%Wuc=T8YWyPoB=%Y21fUzXFdSDlb zjhn9jFOle{GPM9hRpsMsi>`@X1@uMzxoQy6r5Qs5j@`k$c6XU}rl4I%v49&)t~yMk zv+_qfdmf{XEvg7f9a#z~H8ZUN%$qZHv!YUnjaLA(GQyz61hxY^69h7pksM+Pbbo>k z#(k|>6P;Os!A`e{8x5ccDbjHfGKK2x((f(Y8TH$lVp{=SNIc;;7IU7^f~pEM_`tBX zAmu6xk8U;~I=4It((m?SbzRTnCg?hY)F5uN+~?L>mt+-jZ-w)mb-OZ9>dkL zUdk~IC)cwj0+SGgN4@=OMn%&La3FeD-6i%O(U{(dZ!x9gOB*i7B|hzjoYa%A+!DT3 zDQV!TJVBtBs}@w-aQS<&fg$eV2D3M1b#5#U!iZx+aAU_`Mzp-?s&!vw$$upjsMiuD zo#9dE(2|WXJa(MT1*mB$C#5v>pKJ|r?lHBZU}u)l#Jt9SIO83Mt|UM_df6Uj`-|Kn ziBL8$O)xPq4F(BdhDZTr0|WvA1povfSBXV;DK>t_y>GuErIFU&)6NQ$2ly+)#YvTwF2(o!3qKlOOKinLDJRl=NhU} ze_*e4IRYoX>Gn`hvtU|Vj6V(q&ZfTZc4G58nt^#jVyMbd@EFzMV_q6AL+Fp(5}IYc zlpNzV)^z2Drhm`?vjf(Z0+mM|`mNx*gL}@{VJw|(D{E6L;?^IEkl0b?b8B+i^tngL zkZsEwQ-|3!`|ga(!uG+f0NBk>va*Mzq+&~Ug!1sSO(kNAU0qtn(m)H??j6vkWne`E z6YKyIGuooPCcc}!XaZ@lgY-lyE64t7zZ$ro@3W*GVSidRjz#9%B4*K?(ERR({HieC zIe3`T)B~G^dH2+R^->+OZWApnuH*7iMW$s{9eF71~a2`8;S!AEs$* zWR#AXu$4NhMJ5X=K3WfND>SOsNlEfZ#L4LBP9*JLG8LtdH0 zvjN#F=1XcU=M%FO+wI@>EzVbfb9{; z+NySXl^Tz}qTzc)>#j!sp#NeA4LjJkj(;!lnOvf(ET)}^0gYg#p#+we#r6K1z?5g= z$pwy?I&$JVeox36-C5a8v+YU^<)Zj@=ARkdy8jSVjlt~JPF=bOO%mH?(7j&6P=S}5 zZ>-ysx!*)oBHe{ZY9bYW;}VW$$HL9PfA%y8K|Uib%?WAX+^EIWPBHF*K;myv&3|T; z8DB^{$sJOremhQaid79-G^L?2T!xD$|ESo2TN>o4-TEoj&U%5kDCu-doDwSR_uWEZ z_RXZQzPAc!IdM1TFntHIVq?jRU?%Bm5ko#=`;t4R*z-NvbP*6g>c ihkjhU1QaHpn0Y9c5=l(|-VK?)l0L&<(rC#70w)l6{FdYZ diff --git a/tests/security-resources/san-keystore.p12 b/tests/security-resources/san-keystore.p12 index e54bbbd01a9aea490b1e35c30cbbf4448c94c544..0be527420cf06f7f6536d9d0f0335fd6abef5f8b 100644 GIT binary patch delta 2431 zcmV-_34r#yCcYFsFoFs?0s#Xsf(hgX2`Yw2hW8Bt2LYgh3DpFG3DGcu3C%Eq1+)eU zDuzgg_YDCD0ic2fr38Wnp)i64osm5`6v!GpmCe>%aV8S|f8WpW@bnA4L*u<0$&X8a}p@`;eb;29>Q44JTr^ z2#NT>z`#mf#ex9)_NM|bX_^8EoYUSpMrRZ+hRxK3H#o|2aM28aXmpSUK+^*hlE()k zVPsNF4;Y;bzCuwiue0~GHIFyhx!og<{uFS;E5P_Nb?|-4eL&=06d>0+f2y$3G~i;P z`Y$q%l?a!@?gi|_vR(-7={Qoo2n$od(w%!wG|h@NsJGY>iESeGK)8E@1dbRwGvZbe zGPmp>odxi)KBKiQ2wy~nVJr`-RUr%v>6Q1xGBEzMTNi}?=eXsFu_NQ=a}_Pd-Qu%L zFo4V`5}1~7yy-H%dF^pFfAbV6L`JZMKGtv;oen&PcdeZQ(mry3Ho?N^*(3GbY7+x4 zQo|)bpc$Z)UG~|bR~`w}Vsn)u?q#oz~~=gc6N!oIGmJdli!WsM$`+lPj5(%tG1i@XJ=OR$C-z z(U)Tgj?|G|b|E7&f1b8f)am(E#&bQYqjFUW(IHA12>(%xsK_fn`DN~N1a%aLis5eV z|5k7bszBZEbV;SgH{EuDT9mAMp{>F*Z%?S_=8>GvC%7P_ln#_<&5-;8I$??^o#W8e zqT1t9k?y9BHh?cI^W$3Cl&AiO{GY7Gnc*1NB*^M7(}>Gfe_4sFLEMA}Spllg=RB*% zPBNJ#ZbE&oL<$jVDp+gJR*LyM5Rcn`qwAE~lpVuPQnuLJ^9O#zst-=X&YMhuw_<*Y zW@4gVihLTb+HV7^M$kevtttasZf|j#4oWJ#FxJS!X}EVV(aRwOX16Y_f13_;n!?f_ z$EcJ15zr5pf3LkN2ZKMLMh?fLCIPwPlIu`QIss;8I#{xuFduXi?o|Mc9}G&D;wt5( z%cUOyEQ|FU`}GK2geT4yWVWjq()j$QjLvVq^EqK(*;Wd9!I1BnCP+1b67>dUlzNO1 z^G~Pv%@TF!GouyWkxO$~T}AF3&6nUsNd&?U5eu~de|vepWd)+rGG9rh%I6k8nfp3T z)WzhLpT`EYkAPL7DHIJA`j$j4n5uBuqW+Kl>i?=UA)Oc3t zu2{pzZ8C4g6KYk&?aUTbLWg{`ykCiV0?d`jE}ag9e&M~`0INW zwP=eGdWLMt(R7n93qB|{H8M9jGB7hXG%$h$5e5k=hDe6@4FLxRpn?PfFoFaA0s#Op zf&=%Hl?y8rJXY6WgK1S`hYYdVzsv)%dT9Fzk%}aLAS2(9b$F@>CR`_QiW7kTfPw>n zPuX#eSaZZg1mKtyCAwG?NN(r3y)ODj^?h@9__L;71+5NHoMduyWU9M=wv^$2+BFpjt=6><}T=Q!_YQG z=^I!d&h4r3xEf>9IF)hlRCyKS7zj3 zBwjfG~7#COif)iU#_7nz{_>cSuNoBFT2RL+R`OGySqG8DxOBZc$jGA=P0<8a!u@ z6UT+;d56x;pn}cX-S0vQ!VGRc|F^dS?iCsNjcpnlP`qbpu8oEO!qH0^k&Sgz+o}Me z9Jc>Z^D;!rjsdf%T>+QMotkFOqR5d>*5v0*uDNgIixk~ru+7m(VKr`sj5*3`3Bi`Y zO~Vqvr00efu>L}7+J7h5^7(i2cyi$60Q(lGN3IVjXOP|F#_PI9x~yYG*p+84W()Ak zn;um*lhT8^kyQZscKN0sRCbzw{y^HOs(n$X6u+ZOiA#}5Ltj|RV!uJSr@}{?l!iZx zY06L(Isand*K~DTeCORS`_4=gvK40Vwm&2=53FG>QfFK~o$Y=Jb3~FO2n%}7*m8X4 zZiDB3VzC!qYn-U?eTK9D@O)xPq4F(BdhDZTr0|WvA1povf-SwK0pc1ShywWTS xB21W?9uT1c$*<7i@_#ib(xx{s1QgT+?Uy5{a%^=X?QUm{+do|}pY#F(ClGZJl`sGR delta 4666 zcmZYARa6uVw+7%Lhft|OM(J+pk}hfK9CDup(rQtQIsS9 z#Djt;QvLr^kt*S%Nag;CpU2Befu3IG+NO10RO&cV<HJm(LN#s%WM>1M2>(uY;d%DJtuIV`srJ~u7~xg zW0sP9bgY@ehnXt|N=H2yY}(?p%1qvPjt5k??cAquJ2HzF8scv0RHUhx=<& zYFLse?JB$65BN#wvFVjxrCcGo055bTg= zmryogxW@V{9^LsdK2LnF@W}i(@od-?SM%jun510PnH&=$BjBa~%f%0^!$1XK7@yL7 zuQ$AIMXR<{x64SRVel{&jX_56Q<$^x;^;xAb|u4LPb~%RWEb0iqdABka7NKVzSh|0 z&&;HbL@o#0eF{!RQ1P%b#767uOEZMf)1GdQ7(GVx&1u9=3+eL-dVaP5KyLjwn)(}A z-7`LXGMOW9`CG)@=XUjFut^&zvpg*1^scg1OdSDBuYi>94OkVRDF~ zj}?c$v%5V*AgVQ-xGrsPzT{}9if2ArkYRAK&_A|!>_s?)La5>fCSS_cKBejSDjS4D z-V)_X_RYAVA@UEO&!l__5|>*VA3ypv`xZqQvS0P-JHDN{G^Gf_`Iycj=W`jXIpHN3 z;JCYsvn3hMGOzw9YR!_kX?H)?L_@L934g&I)@wO{AX?8Awz<&gmHT5GwzNV%6Q2Py zF}Cooc_BqS)R?^5j*FG-?@m8Mjf|-OY;&|}C%Wu@8=bRJedF~xwl-thERlnj{Z|BD zpW_M(tJ55m>I<`euGQ0`HQ(VaiL*z4%LX;64{F@N3}V%z_ec|0BcJ;4MtQqn(_7Wa zyOJ4egx73L4fVblZw{Q(!p$wC&pe;1*=hcfoCbUP57%RNVJ?!^i60*=Oj$o96^;oILs618&smfK0N2aZa+Cf zOulBO^?v6kqM9c9I#{uT9B z$!Dfxv$axWyRl+$1NdWb{TPB9xUrQOFeVioK_t&jd-8J3Eb@g+_r+pBXP&Z>Y$EK& zD7ky{p=Px2v=hWE9<}0I+I-*Aq}dZwP2#>P{dH##i>cJcB9Guw1zer z;Ol5*J}BL`X`>(u4p4iE*Yf52YIOQ*BSzYKo{>{(0096h7hCm<73QGBsO9fm>Z@iQMyS}i!w|63ypV-&(<~_&faTenMFL{ zlbe~47JWy-e~Dey4=CP;`uzqKg2<|hxUcQRcGstR{Pw3u&x+#@f{l zjMe@e6toHbazOj^8(W{n!c|M`3QKgNVdL7H-y=LR#2KQ99OXFz1Mb{eKf_B09$bE7D0pMtZ+OZwdXqOEM84*fRprfrM3CuI8?VGjvB9-hf% zNiQ^MT~1-lD&PZq-zLedkuz^4fM*Ch6TDO#l7)6ok(%4mBq~|Dc)6`-Ya$^B8nq^8 z$YgI&X;elDif1R$7}_0@`P)T<>u(?|WrU%!k{@{!mBE;7C@_{Ur7&u@5zT;(4gTkS zgrZ+iRO6cM=Q4)u$b3h{X(3OHvirWe2VI&oCGbl|K`Ey|fT|J~QBo?`qrOeI?o|sZ zaYPZ^?9I*gRCPgnvVOd*gzoy9U<2!rjdi0K9&RXUwow2nU@nwZ^FW8(Kzg$LweqO7 z*DQ`2pGFzi_R~AZyudUz3eaUAuCyt)Asl8w@|APVRO1zURwzOYb}VIlbt&9J^;h1w zzppPjb|`+wcURk{w;)+Xy^aM#h*V3300hjTylZZ-smYPFS@p6Y>mmIa)0A(Z6Voses zYn?GVV>6bOK0>Ta6!GV=puU~dEA6|rsIn>nmQ7WHtMOW2QHK~loEqR{Hf^>jqG(`# zccToIU`U@WyC0IODV_mlj5`s)(QUq#Ssv!?%deH`vM#JSZQiO`OihDaM|6q44fI%a zMo#ICcxO>d*q%&&2ZYg_6*AqUMDw;94t`$X4Ed5d8Xy=*h_M1^&jWWr7~IS{bUxpo z>LLq@udJ^tU3Q^?7Q2>7`Eky2Dp zLR?H#Ob`Y1{4cpc!aNiZ`cGtyiv##)nI>Km@Pd4eup9yO;cCFiI9lgxT?RvexQl-w z9h&+q((>d(?x$B*UEAd6B}f$Es<-8F;sE~YT});DZ156y2&7^LtSyo9R9rk?m+c~2 znBidX95GKeWdo{g@uJhV+?}A~-b8^`yLQ7jrV^BklT}2EpQMU{igeuMSocMx*BizE z&aEFCR+k*I2_XxnFZnd3?9>VS|LpK0QoH9MDxdOa)iT$VFDi!Ue^|3uzix&tu#c~U z$~0{8bb|2w5h0E$RhztXEfUu>js{C4%X9%p+GCUb54{JvD~CeUc5)(c{h%KA9%Plm zKtb>Y@9A&H5Mw9t&EUQM?`k3Z(Tk7Y(v>h}U&Ko7HVZAy8GJ^ZVWi7VAV-}D=Yz;6 z{P;a>j5-fOZP$hqbaKtqjfft#VRF-v@(YvS7{>~WL^c60-mSQ`vvz)VuZZ`N>VV~E zj9bONQ8Ztaq-x1lC@4QT(6(Xa0%clM?KaY}RDr$25{+|zTYIZ_`zC3GJYF^5>Pr?7 zXZ-lx*&mxqro@0o><(`QXMgLslZhBkM!*xkF_cm88qBf1( z0Esf*d0`^jOGlCyIx@Grwhdf4XT#Q}I88v|irp!YK#7PE|Fam21l;u{?P%QP$k?BD ztynA1S|gTZ;H#Y~JKv$0oxKSTtIxlt1-5v!_bAci0oHrRL1()c>p2;?$$2FJes>a?o0?_xzbyST~}(iMTY?@`6?z2+|k%2yTaSDqs_VP%i9oj9X=vRcJe zh(HmP3L!PR{>plpjBWTjsTKBxeNNoi>T5EX{)U9aGcwb9s8ii(kTrf;fTkw%VP*P~(?CA19;2)3*X@N@qPyisA%oGXBwOYJ4ni{H+4{QMQZS zub}Q`)cl9kQN5v}ZsvP_cTb~j$5O67K$G+1d+3U=qvPvTz=8KmNK#sAYZD~QfyYJB z9-|fENohWC%uu{51TB=&2zkvY$x;);xL>aoTAiMTfg_%0erqY;ZYw9zTV6jFe>fjW ziE6>wry!T|%^6QO4*qP9shbn%ps##=Wm?MIBGpVx5v9BZ#Df!9&`vZ%J)aPuZZJfw z zu!?b*AwZ-&qhyK9T4>JE<@llv2ipNRBYjX^8}`8%kH^AtN#@C^P6{(f-%kJYGswLY zFG$sRg-F5ua8EEeZhF1Lm9TOVhM>+-b45{K!N zW_b6$Y64TuPda(}0>%r3G6go-^nmWcnc9)fqg!nKL>iJHNE*%c=Ou~+rif57;|FIO z*54A*0EvyO(u&;D!zj(#{qt|^AKQ%u z0RlQ|(&7O@dbOD+z`IqZk#5+jlME-=8=v=9vg|iTTB?n9>-2_p%`8aTIw zj%B?g5fB)e2XwUB$!ZVf?v&Rk75;8OL@jT3wN?~GpA8Gi+|(E}NSCreV{HC*4o6C) z#R~tN&*^k2wIze1#|e5l&ac}3tVY;bTHj>cd$^vNXuerNG@2H0emPdDp*W;ieqyT` zA3D`#!uET!9hB}R1|gw)5IXQkMak^4_d=nX??FDtT;P5f+rkW0+Dv2{N8mCuB6)z? z;qMZmszF_Y`$e&DO5d-#lvFapn~BZUndyl{9UGxTWEsw9`}&&sx(*)GBHKj#?R25er0^SHe1VaQB!4&V2~SvcCj6Gx^j_Z!M zT~+;fzqdo(9$$QO)^qfD5GGh4sG)TjDaePcM6IxQ8GkdkASf^mE6hvuIm?{=Xx;Dt z!Wzz*`SN^Y0uq2$SCX$p2F@IgQ1r+G@0lS`R*rQ0YVebm9>w?1&=Nn%$J zpPrBIO;;`Waaz8CXLwr55i!4K0Ei6MrD{U~b3mN{L5Ypz6UzJ?WNH(eFM`ZMsPq`Y z01l@++kd8NU;pz%sAGWEG2D~FeE}OcU%;GYZX*tRW@&PRq?*DXlLvc_+A`CwKVMy5 z2$IlDJ6xrf5f@2WIg2(UwOg^HoTRk80AwN}zNp;fm|0~!%lSsLvF1J7qV?{ciSckL zjZdRN?@CO4M0?s}YVV(yJ1)>9QZ{Ktxc*YRk_snO^I3`~iI%&Ui|hFFs}aa9Y-`vO`1mQP zMmN5Anc&QrO>`*mxb_SwQUoHMs$W=5P1!A!+w>BdWT+}dsxf2rOtV%N%tM`ro zx~vMeVxQglZxmtyUI@q|ux?EuguwSF~rGE*d zqg|qy-fx!S%^nmI&6|h}4BJ!uyX&Hjt!_ES9j1jg!w`B_cA0mynlq)R_(M5j2ygPdQi5M$Z-u^qj|W7ws>Yjb(r5!sy5(Y=xUAAgYn_F4|=1& z{%^7-X&q@g)ea@7|Cmeb-a&wpvTyg?G+a!=bsE9%Oe)T1%t2_&6muRM{OQ{|>l zitBaj8j4tmm3k(0d&z+!z7D1TOr+>WY)qWnE1*UWZG2es=Fv5+YI%rNGCNmna%^xMx&-q<| z8EX2q*SL|2B!48CW#%+DH|$Y_X*czjF&Th@1OSnL%-DLj>tEj|8d0w_79a1Lu@nsx8 zUjw`X)OaN-UDG(5xuD!&uOu>bXmwgrb+lA&l7i{aER|p`0m4%$1rMp7-L&j3qhiK@ zmq5dwi4BLp9}q?-wwp&m$;fP~kDu}(bW!{HEq$T$lg*lsnnd?;FQgLoxud%3OMgI@rG-;27Sd|_>sAK-FjEoxkr>Xercn}juP$@7pFpv(^pWXe0)b4~flX{YjcFpgd&g7=jIj@I7 zX(;Gq4qTfgE`*K72RdkXoAK95y(WHfbGL{Yap$sJOiZM}nGKLScV)PYo3)RkQD_RU z>VIEFJtAk`#-@v{C5+R++)`L*us9V}E#&v}Xs1g0&9S}!|DBjO5Q`F7HZRKnNpwV}X2uyCS_=QfThUVr9A|6e07r=@TS49|EghKRBsZ^(#P3TEw6 z=~HKEo3Lm;X5FyOsKC|Yahh=8)GH_IQR`D#{C_6+E9&pN(wm}UK|Qmqd_0E3y(dy& z`qljijlGZiaN%DscMF#2e#C0TatrgV=XEvq26blmpGtG|F*+X`Avm`^n})yJ z2u4)+1BFF>UH-ztN#^Qr<)`OoE`0pk3`qtlXC&0`Girni`a$-xt~Xgt16}S}Bq;kU z2Uni-`}nlsFY-&9#ssy8B{7eqtACjJ)|B+n&L(w{1$g@NqonvRQ)na9G{KLILRX${ zhY#U^B(zduTBD2(c{vYg0<53$X~ojx>u*OC?W>*CFH?(VrXD23)LNsqmvyte#;YDf z!^bFNV+!t;Go3TecjLqmsKaZTMm2U)Xdv8>|7BgngO+yq_qn9$>(bh7cpNSFruiH@6#@b$5MHC!5C8xG delta 2470 zcmV;X30d~O6}}aab`)44Wh$s{c*<^;5ti^nEci6<=8KVvB!7%+4-(Fyzv~a%YrQ68k=) zv!pNh+ptiD%vH19`XcyD1n%zX0WZ40gzZW6q5{dZ8}@I~@Wz1KX71I8RXw&h2dm5` zFkpq{;rk?mD}MmbYZWFSO}8d|K-!nk9l(xqvdS}=7rNtIs?1!#wAXZ*&frS$Q;YO( z9-{N8gxm*7ayk!FCS6tg=NtK|sG*?6wq*^PZKp0=XjNuo-NTAVu2983`?*kwTwimf3GuR#h{}14wN7p`9 z$%b)u+}VU8(LnlZEw2lj>2|~o$U?X_#4y}VX}zmR$6-pagFiD_*gY|7pVo;4HP5(t z9&cr{^6H8@LpcwhGbhYfq?5n!8D7jr5d<$6i`q3w-v4&STJE+dEuj#c7$%$JAYb*N zHGk|v&KEPMs=2y{c1s>Cl4BugT2l*MJVtkgu{#t%5G>gQNON;Sw``*bI&nMTG?gr6 z&Zr^(hY8}oZGFJZ?e)iyr(MP9;bbSpP;PU;^FkcLzxMK+1MLWH9l3<{|5J5(yd)&j zpl9`*w1)lJ=ln97|0+e!lipbw>jbt@Mt}WCQ?r7}ax$U_4OBFBjOLfkp#w519^&j) zk0jS6*9o+M^jN$9Pc;Yz5-=pYVs7IZf6ry=e2anD+-L1ogtjd65TZs%A&H04$YkG} zb3`eW=Age>_{uwqfc5h+y3O~!{XNhD!XGQ0f zL>_<*V8Ie=p}JT>Um{!@j~mFu-^hMq3ZaX$(|0%yZ0>4(gE9s43Lv|!*;zEkOr5c> ztHIu=(M@-Z6CC+Kl4Lu0x0lzHsDJSnI3-g1&zXM;QGnJ!i`lxC&3H$&Aax=~T>8<; zxN{D*gpn9hWV{O?>?6;nWFi!kQ4XfZmk!xGy8Dnc_*IX!RIUCr^+&r;)wwnuGF9`3M?CboxqqNrqepYA zF|fF8mBDpM+s2~_ep;guH0xyazsU^6L)qe9c+3gd6jb?|`2BB~R?jxpXLUxG1e|)u z!!hquYx1sgqb*$njr|H-XgWY2DB7fyaNka{UT(Hj=7*B>cdgG~&>6-!U|PxLMylO0 zMlc};2`Yw2hW8Bt2^29D9+RX6D+@6(F)%nXH#sshIFs51Nfe&`doC29R(l4jy;=oj z6<1hGdU}zHB!4z#tOThOl{HTc8o)7LPql!81OWJjN5ENo2(;xE+}?^>R5XZKIFiv|SX51i2bzX;;NJ44?wIR`>_lKJbvdFNb_ui|Lz-y& zrBYzyuHZ#sD`5Lvj`YtO=^2_h+c!?0%9yHg)PM#9O@Dw8JsH}6Tga@FyZ0=f0o?DQ z7u!vU#w(jbXfRCBk;*-LbLBhn8FA=&5A!=hooWUud?qJWDB9POHv=-Lo0I?m8m6_z?TzU4_FM&wdYtJ zSGq|@g@4LX!0`-Tw8qBl7pdgJLqmUkqw-S_Q);1-Wkvh9eSwz08BuyYH}e4pC5B=X zuOs1&HzV!L*2n6qSH=zkXOGb&fi?t)?dn*!`2J}cY@e*K??xfyv8L~kqN`Uh>sUq; z?QS9$Hj|DQx9QG~H!76FsUDQRx1~($5_<&h6{#d!r!G=OPa9$_I#}#y1Ya z{w;sH;LblD1a1`G7Ld`_xZA6Z7PC%SMXC5mJ#QlvxWpI%>_Gi2HK75;`irZoBB1#7 z)PJmPWWLTqsEHWz+W?Qv7bQZGT`-{mj+}(rAsSl$^4{GFIp`L0UR*+IG4FHZVKkTe z-`_cEZ5EHap)gZmF@jf*ee8t?<&bYF$A$`OacW($_=d5N=1oG5y;%of50g_O@h&@Y z_CScN4)o8#T^2-lQefB(*BU0EqftpBmVbG>2-1Whxp`e!nAQH&+sewT3-_p#-2lJs zOFUVcOQxsAIla=~vJhSvGe`i?EzNAOBICq>MMJ0AKzylsv0uCihLcIa(q{7BCg?y+ z(*~v%=LFE{DviPcsJ?*lXE6@iO~!@g&3xHQ&8iJw<`rswp9vwtvn* z4hoU!#|A6p%}W>!`X%6@F)l9WWqjk^0>euI=J$tLGa)FJzuh?%UWVXC@0M*XU+c-o z(*gi2LYmTW;PuCtZMB}At+homx^7-#?e5G|<}r6iu>x^*X!T$> zCRj;N;+^Dgr01(|&RAcvO7R3oXHp}yRv$l>!MqE$3UtYh#|OH$?ewvzQyiVh!h9g6 z9C>u#C7p#<+JYIMskXi2Pol19dQh0$rd30s#U72>{k1jg+~z zD}|9pbsRP@G%zIfbN?6 zhh{umN|iICDr_*0_bByRW)fpU@=EfzPy@MP$H0%zRexxisBUGkV}h}h2qIlBAB1%Drv3o&i~MPPz{AJ<*)r#-7}ehU1~!6VO)uxNG>*F z|9b{&tZrqrW0_cwkPSipmYgFI%gh-jxo_cRkj@KG%D-3}b)3QMwG^PTcuTT&{pZo+_qXF!u@PFWryJcI}W57U9)H!Zu>0l%b!zy0C0s{d60i!Z7Ffbhk163Uk z1QrAoJ-eTNNWxizr5aYW_))bZPFmT0lY#;ze?qF^zGdX$Nm0aCh1czqZ5v#1oLE*{ z0d~1yn#T#n(Wo1p_++R5YTwRHd&~T8cF%6deJ9Sf>uJ$ru#Owa5S~AwS2CZ%f1<1_ zM3~5VLUZ2YD*tKSC4HrSd2M98+4@x+1jI>4n+c#9mCYHVmU0iJLY3jWxu75e9nB|= zf2?>AeyNVz(;0g~vNZC%^Qs1$v;gAew=AcdGue`-l;M&3Q*quS24(VbsJ?&c)0)p> zHq`G#Ks4)!1>@6Mv;pq-o6Q*OuUq&$|Dw delta 664 zcmV;J0%!fZ2fGK59w?4x08di@1z0XMFgXAK19>ol19dQh0$rd30s#U72>_Nb4p)XK z&^D1qbsRJ>GcqzUF*PwUIa(MGGcYnUFgG$ZF)=kUF*%XfgMaDG!UsFD@A`cZeNGo0 zj`_Mlv8GFtcUFtlS{ejlM9Pm>`qAbSpJ!SG2ssbg7+3zWAZP^A-pHn5aR8>`+!Fc) zP*zaRiJRHmQe{GCk`|E7hKtO0muDCtbJF~75bA4(iUF%c5=-w-`@Rf1yO;kw0W~lU z-0)5g*lore0e|gutnm=N{V78`h!l0IG1eqN2;cdRaIiE3nMkRf5O%*k67%+zs6zeZ2X7!rkd;~X_hPL8hwViZCt3KIK0ih}~{ndF- zI{*qzw+F(&q2RX)6l+>zuSjCfhYB15TekWH%Q8N{`zl$>0s{d60i!Z7Ffbhk163Uk z1QrAoe2x7`AK@yo#ax6ciZhldgQVzKlY#;ze}Z$9xx9k0H5~&TL}AH*HR8NPD1e;_*=8yEx3TyGji}pqH*f1rOLj+V2$?DD;oJ|2^M;xu8CIhhK?m zlH#D6VFbj|B0>gioftZLE0#;{QxB(j6xtNPM<3+fX64Ev3>0Di#3|=-a%H|?Tijzl ze}E6u^JWPHysda8zpD~G?soyUwKMy%yT(TwJ_)=L97uE?G5|-)pA@mSKfC!fXBM}+ zXe&85n$C+YQb-bHH|5`+loiTk&cbAr1{BOdGt38g7E2PN?8_<%Pm@Ent=h6c0U&C` yo=KW^anJ$w%t99i)?S2oIKMdoIv|B37H>ybY?alZi}XLnKD*!wpW{tPo$Rw$mKodt diff --git a/tests/security-resources/server-ca-truststore.jks b/tests/security-resources/server-ca-truststore.jks index 7d7849b94dfe65f7539a0191bb22caae3f7b216c..bc5b764adef391f936fc60c4d6b201000af3550e 100644 GIT binary patch delta 664 zcmV;J0%!fZ2fGK59w?nol19dQh0$rd30s#U72>{k1jg+~z zD}|9pbsRP@G%zIfbN?6 zhh{umN|iICDr_*0_bByRW)fpU@=EfzPy@MP$H0%zRexxisBUGkV}h}h2qIlBAB1%Drv3o&i~MPPz{AJ<*)r#-7}ehU1~!6VO)uxNG>*F z|9b{&tZrqrW0_cwkPSipmYgFI%gh-jxo_cRkj@KG%D-3}b)3QMwG^PTcuTT&{pZo+_qXF!u@PFWryJcI}W57U9)H!Zu>0l%b!zy0C0s{d60i!Z7Ffbhk163Uk z1QrAoJ-eTNNWxizr5aYW_))bZPFmT0lY#;ze?qF^zGdX$Nm0aCh1czqZ5v#1oLE*{ z0d~1yn#T#n(Wo1p_++R5YTwRHd&~T8cF%6deJ9Sf>uJ$ru#Owa5S~AwS2CZ%f1<1_ zM3~5VLUZ2YD*tKSC4HrSd2M98+4@x+1jI>4n+c#9mCYHVmU0iJLY3jWxu75e9nB|= zf2?>AeyNVz(;0g~vNZC%^Qs1$v;gAew=AcdGue`-l;M&3Q*quS24(VbsJ?&c)0)p> zHq`G#Ks4)!1>@6Mv;pq-o6Q*OuUq&$ol19dQh0$rd30s#U72>_Nb4p)XK z&^D1qbsRJ>GcqzUF*PwUIa(MGGcYnUFgG$ZF)=kUF*%XfgMaDG!UsFD@A`cZeNGo0 zj`_Mlv8GFtcUFtlS{ejlM9Pm>`qAbSpJ!SG2ssbg7+3zWAZP^A-pHn5aR8>`+!Fc) zP*zaRiJRHmQe{GCk`|E7hKtO0muDCtbJF~75bA4(iUF%c5=-w-`@Rf1yO;kw0W~lU z-0)5g*lore0e|gutnm=N{V78`h!l0IG1eqN2;cdRaIiE3nMkRf5O%*k67%+zs6zeZ2X7!rkd;~X_hPL8hwViZCt3KIK0ih}~{ndF- zI{*qzw+F(&q2RX)6l+>zuSjCfhYB15TekWH%Q8N{`zl$>0s{d60i!Z7Ffbhk163Uk z1QrAoe2x7`AK@yo#ax6ciZhldgQVzKlY#;ze}Z$9xx9k0H5~&TL}AH*HR8NPD1e;_*=8yEx3TyGji}pqH*f1rOLj+V2$?DD;oJ|2^M;xu8CIhhK?m zlH#D6VFbj|B0>gioftZLE0#;{QxB(j6xtNPM<3+fX64Ev3>0Di#3|=-a%H|?Tijzl ze}E6u^JWPHysda8zpD~G?soyUwKMy%yT(TwJ_)=L97uE?G5|-)pA@mSKfC!fXBM}+ zXe&85n$C+YQb-bHH|5`+loiTk&cbAr1{BOdGt38g7E2PN?8_<%Pm@Ent=h6c0U&C` yo=KW^anJ$w%t99i)?S2oIKMdoIv|B37H>y!-L!y6RnB*CI^0eXl+0l41mu-j5E#k; diff --git a/tests/security-resources/server-ca-truststore.p12 b/tests/security-resources/server-ca-truststore.p12 index f9241482c9618c30782163fc8a1d031b5d1970b9..4247844ea6cc7e3a7fcab00e21620d80128f2ce7 100644 GIT binary patch delta 1146 zcmV-=1cm$d3HAw)YZQ8@%0C(Auo9NvV4_V37GOGuzu}R8B!7_}scSrwQ+!WJE90>p zdpUrD1MmVg2W4-?8V=_&J3NyfK1hnSG@y|GT>R62RgMJT+>1#s%q+YP`!xG)cN8Lf zOOctOp*@W%z-)jpBKoW@W0qJMp~>vY-vBjqC!ttNVnEG;F3GjW@PRu|a!8R(Btu`&qNGknR&KmS+&>vJ?w0(r+jqU7MpF@JiRSDZZbnmw%`6sd}EM%!Du$!|#%)`|&p>MN1?1=ckqRcQ>9W7ctc;9Dc^+d{FkU2l{Ia zoOcG|<70c&YcF^60(f z)28%Cz<2KYHq`@lUt)2ih!8Kd-e%uAc5UN+|zkw{r1z@trte*lM*ZcNwdMvch%hQ46EwnD!dO zFldSu#Fo*SJeu*p@2s1#{d4V!`~ffUo`39saH};K_9$qcGrBmPf8srQbjqciQ7q0T z6&VULup?BZRk&A9!ON|S{T8P8t4R3D^gbn1noCQ z|Ca6!+J4eGONC9O71OfpC z00baHgaPY&qBk1rw%Y|IsAY)i_}9uU%W=8|T)kYSze4o{6!2XTPHdC+ftEDL^}emf Mo=Lni=>h^L5LZ7pf&c&j delta 1146 zcmV-=1cm$d3HAw)YZT>zdzmc}#IHC?g=`7lI^PR2@qy=83Urpr|EhxLSBeM8CbeM#8R_P^1B z7K5ZC84be&!hf~VyO49IE8Hv@Q6x*48ozS|F&UVJ8xImWPh??IaF2*WWnBwhAN|yJ zRl73K+G$-a_@l?HopOJ{7O}jiJ%jYYH}3J0h$yEX?ADR8!3mc4r5f0Z9hsZ`Yi}og z*Sa8b8Q3a#O43nQL3%rl_3R1O-=ILv;?^9L;Z=l}eSc-u4-}AfBC5>GC(v!Mosfp{YK;9#`;)$;>& z;-wadZGV?_z@E?pNYiCfHx>7k!cW#*mNrQZ1!FBVpE(2(uoZ`CJN?++v2jdvE-J!V ze#??3o`0?^)k1k0#qHVBKc!15YiJ{4vuwq*?Osg=qj}%tm}BHds5~U#JdJK?g?+*e zjQ9=FxdN?3z^#c@#|(p-Jm<<@T4GBoDN$mL#lmg^Uq~RcYXOLU`mXu0 zg@1YUnI|EY;+vZqjnD=-e&=9VJMZta~j2-QwAP9oD)cFu-!XQXYhiDdMm)@0(&dxZa z%;rYGdtubmoHExNgQKOX-veEnJ+s6R(|@@aDjO=dJ=L`pbuU6&bMw^$264uy81j7M zN<@%Hhy})CX+Al;yr=(v{z8brU^2Z(?-dWAtsvp7`GC|AHNO4|zKFhF(11kcZ2c|< zWE5>&I_Hru1EPX3Loc^$ZMEEFX^tQG@G>1jLi{uZy{7hNZo?sX^m(8EAvJ57*MAvv z2CUJwH#@(#{Ys(si2jG7ZPwf&>{d-I?Q*?XhA2@2(2>>z@sze+$BT09rfkpfPD*&H+yWGh9uSw5`>W@hD(BMO~6Ep~(QF&mKR;0`cOixd| zQM-p4j2)VZ95kWr+G9U*mlXd&-dha&kOqRvX;oM=JESm8FflL<1_@w>NC9O71OfpC z00bZjX}Qq_?E$=Li0iZcogiyuQHaE9ffwBJM*y|kK%p@N6s;k(a#3EvL(pVKZ2(OG Mdp(?LFaiQ65Wt8l;s5{u diff --git a/tests/security-resources/server-ca.pem b/tests/security-resources/server-ca.pem index 49b31faf890..9428bcc5c9f 100644 --- a/tests/security-resources/server-ca.pem +++ b/tests/security-resources/server-ca.pem @@ -1,32 +1,32 @@ Bag Attributes friendlyName: server-ca - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 37 39 32 33 38 + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 30 36 30 31 33 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpzcIHO7Lv+n0Q -fU4XHY75ukGxpkuTd1aL1VoaBGFEyo9X+tHmE59nWgQIOQ/ZGFf+sSBoBNLeyKZh -cQCm4twS+gVQVlDOiZvZ21JlQmeSFpDNhovMdpdnGCBz0vxuEOprh4oBq0QSS+9P -+74MOruX/zwBNTAN3PBODthtxhsB7XSs8RC9/SlDO4gUdaox1iRACOAE8X6BSBYv -8NdGaqjC2vDLybkxuJF1FW5BXzmfMXxGJX1xTRU1bhgwhxEU6y8oZvWa4XwEN5eG -tuJgtZ10RKs+2VABoSoy/dV5TzsACk23B8LAoeC3ChRrWmOvSGLOhwocAlu2+gTL -Mj6/+1nLAgMBAAECggEACscGU6kH1ZIZY8Iy8FPXfGF+l77PqwuMPMPn9F0RUsd3 -lhmkxVNQPMZkezCOL3a0z7PAh6r5QXXEXaeE3SyF8oX96rcf4HVtbrxybuKBvbU2 -lZLHLPSmhAUTseMe6b/z3mMQFIWdjK5daLV1DEFE1nvYe0HFZk4x8ZczmNPR+OOv -tu9beDHTTKQR8a4WzVRV7zz4Z/B749pXdPYs+Hy9JxK49/LOmomIE/i+gr/dAkch -sGF1hFTPf4oSylmQk8J7Il/gV0+/fBJkWvnWx6J1IDI7WqvoPicNSwPaEfTfsCRT -ew7TG7vt+vur2R6pD9KUIudYzUzGRL31bycqFGTWqQKBgQD5gAsH5EwJW8+PSWf3 -AvX0Bk/QI/q7NA4kyI2zNHXRG2dynnItAYCWtnpgqsbTSvQeulWxrhf8JoN1m+08 -l2S01IYTx6IdjYaL9wMhvZVbeJkZeuOPNmDVwourO+8U4OD/55ss33Q72P1Rl7Tv -W/FfNns7WsWHsD/jPInQl80obQKBgQDv5QhnoLi1ma8JVrPVowr1tMYOszar4oTT -uBdN4Cdgx5QHkZvNJ6YBOhZPIqObHDbtj5zKglp7lNegFk7XWBCysS0sIFqAzHWF -eKLo7vLFyIqkwWVHRYGgcgsy0JLwOcS/1oQ2wPlMfaUjXQ0+5fiIQZH56uGD0X2y -SLJTPzyYFwKBgFPfTlX90e3HdlPVumRYE3RP9t6iabQqwKJu5OucNAryamkmiH1G -pwKDH0qFvkbjSINX4lzTiG6UR9bububSgeEkHFpj3sSOge9lPyFFiQLx3I2rOPo4 -rn7NYoRSpoFfQ2PjaM/B4mIIBMg79nAMeWyndO+0CPkfL6rk+/MqRKZVAoGBANPK -LVBnyYqyQqEJBb2vsuZXkZ+6wqKfWksctJ5RLhK4QE0qVRWbUmi04qs81poDH889 -wdvbl4yRTIiOCU7+9cb8uvfBHIWnfH24koL5KiZJNXXdM8/nYljHNnHHSGKDbds7 -xQAeADpyls+QwDfuiiupT/oHTs+0rLcwjRcHtjRDAoGBALADaNAULIqFLR94VTrK -D86aEVXX03RW7JnvwGFLV3z6rGB5LthB7u+7Qw/ywQ2sy2bEErf56HS5X87b2rJy -6Px3+GxkobfNJsvKrSKz27NoeVTUtntXqd9tYecNEq2LrpDhV3Yrim32sABTSLNH -jYmA2F+wbHfpeiGJu5XTNzgl +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCmUD6qvDwHE7/i +gO6a+4dmPFtKlTOjKmwwjvco9VpmEmNC8kryt1ADuWHHwI/PVX9omahuZbFjgrGT +CCJl9dp66HrCnX+4jgkzl6vIDO2OmTBDVuYefd444kggaxW5j2OHQZwl8CmAz3j4 +hSTP24GYtKLUdZRScvW94opc9Vsow2UFJWmbIpif5ipprfDO/9B5UA2FMOWv/Vbd +M5mAXWpC+2FciZ5ILjZi/3sGa6xuZbRjmViPkA1B/pacIxHLzBkmuW/hZZDOC1DK +v1gbdZzB7LUUoLJ4S7J9p7u1rDdE5e+f/ARZowHspvB/4I67ZVvWY8BAT9Q5bmbp +YCQMw16/AgMBAAECggEAUeBfeZ6BztoiNVhUH2iFGAfOycD6UvGnoaBAfaGMh4O1 +6lduHl+wvKSfRr++DMyClPRQv0jBM8Q7t67hgGCw1qFtDjKLlkgWr5eTskDrErDH +2d8GGyzMIiUEbTFK2LeGwCfEv8ikJg39+BtULCBchNko8H+SLaT65iiJBYqk/kOn +DFP+yh3n8TohIOVHTHP61zIRwllre1LoEK2EHuCcy7NJaX3tCgAa0epWhv3kYAEN +vhI0kVruI6zaVrMcAkXKJaA9cgYRpPj3DDlUFJJD9wKjlvZ+JUScMOonSILBXcLM +GIulapl3Cl958ljISNRcbfpdMj18izi7W3mnE7NBAQKBgQDnhL0iM/9VcYyPZB+Q +Mxw8raydYNaCzkHLj1fYubIa9bXHUzDFtKhX8+xtKgpLNqA2YdceQqhqp7339t9H +DMb4stKJ7kZAokYYR+ju4znq8y8mDmZA0iwHAvDISrQE9SXjKgeVSvfpGR92LPQb +gwtje/5WJNMLPVs3/v4JNkqScQKBgQC35mO/Uxr+ga2Q56vkb342FEekytOEK1B/ +Blb8aK/JliRc7zM3WNR6UNGbRoqMlsCfVsEAMPqunFLKKYGYryL9Mj+dH9hhihNU +BMVFHkjUdJ17hj5WxMLK2zY4JD2f7lgvymFgFz8cWbrb/9/84zFd9cu2j094/7b2 +pGR/JsA8LwKBgDUn1eDvfVVZz8LwYwrRoU8RNQuhOz8nKhYZoDrDT/A+r/DG2fDa +rLgc6hCaUWi5bwltZ12sQkzSnJw9E0CV320kaZB/o6OdXmiewg1vIFIgaZfcQH/r +gW5Or4fdFv34Zy2D7d/KKadcPEv+wEE80jWSN3AB3m67NKFjq2HkFDURAoGAe0lZ +VcrBLh6B3cNy2ZJlapvt6+yOIO1o6b+2UUFdmCev+R3jmBdVWysTWqXP/LCUMj5W +5WnwpV7noeBxoYrISjaFrzDKP5nxm0IXfl7vNH95lHZLFKCUdqq/jqO9LJr9RAzJ +e0IabUc6noLMBx3I2tUN3TX2cYf9gRx0w0mXVsECgYBVqceRN6+9ArNhk0s2Z7Nj +Zao287c/NAak9S2hRlhKPMgiseh5Ik5PhJhBkXoxQb+qY6i9v0pdqQ4gsiHIJfVC +cTrnUvEynDPkRLJBFs5Vz/2TNxkGwc8luDfnKCgLINfl74jSFtvi3CTubnA3aNzE +/Haikan34tLwL4DTRtLzrA== -----END PRIVATE KEY----- diff --git a/tests/security-resources/server-cert.pem b/tests/security-resources/server-cert.pem index 5beb564c7e6..848f278503f 100644 --- a/tests/security-resources/server-cert.pem +++ b/tests/security-resources/server-cert.pem @@ -1,29 +1,29 @@ Bag Attributes friendlyName: server - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 32 34 33 31 -subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server -issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification Authority + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 30 37 38 38 36 +subject=C=AMQ, ST=AMQ, L=AMQ, O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Server +issuer=O=ActiveMQ, OU=Artemis, CN=ActiveMQ Artemis Server Certification Authority -----BEGIN CERTIFICATE----- -MIIEGzCCAwOgAwIBAgIJAMPESNFBct/0MA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV +MIIEGzCCAwOgAwIBAgIJAMGUahzqNsfZMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN -USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz -MjIxMTUxMjFaGA8yMTI0MDIyNzExNTEyMVowcTEMMAoGA1UEBhMDQU1RMQwwCgYD +USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNjA0 +MDcwMjExNDdaGA8yMTI2MDMxNDAyMTE0N1owcTEMMAoGA1UEBhMDQU1RMQwwCgYD VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV BAsTB0FydGVtaXMxIDAeBgNVBAMTF0FjdGl2ZU1RIEFydGVtaXMgU2VydmVyMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTbxTDdSdRIrWcO0v2BYBQbN -doEiAM8S0+PyJemqlYqpp43OSdzvoWkwa0lWforogCNljohJYUwQ/omSaDdP0Y16 -SMylgDpw8qm7j1z7uLPbbXKdzRIVSPmOvQPMZDl3FE9QOaUlcJU+6NShIQll/ken -t8+EvHVPz96YduTxY+UROJ9Z0eiwHGmDIHm/2fEiqWXsbhq81DWhvOkzdtYnVST8 -BfZkx2DGiLph94KV8snQJGWnTzicVO9QQWJVQcF6aQOXguxRIW8b53UdcM0d9mQ7 -LjbEl66Pz+wPo7GiBhGRHQ9Gpk+L2fE0iy0Ws1Xr9JNIPpkQyxgFPPbqzPBxMwID -AQABo4HFMIHCMB0GA1UdDgQWBBSrmXLlIK7Xh0xn+dfw4I0q+1nTczBgBgNVHREE +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAon5As9SnPe8dMbu8h2XvHczE +YPGPL1IcsV/5zxN7+9zkS1G657tDEUaTS+6b8NgbeIRYFgXbt+SLq4tUJePAlx1v +7ypiGxPpx5+zoV5JJLPUMcON+DVCMHJx3IsJwqUndVbAaGAC4oJLguaMuzrzJqnn +CmS/6a0q4khpEAqcYtgSiQR4ll9nD0IleYvx0FfD49Ewj911EPmGhPr1lMearhLJ +D14O0uedr35pwQsVDRq58fwQRC6jWilj5OuEHaRuh5/XNztV7qRDLFrPPAuz+TNv +L2FwQF9pOH3cXwTnA1KwSYLjwr0DI0RJ/fj0Cdc8FsrOYmW/u39XUYFHSenPoQID +AQABo4HFMIHCMB0GA1UdDgQWBBR2BoOv3HfR+a/sSux4/MICtDMgGDBgBgNVHREE WTBXghdzZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxob3N0ghVsb2NhbGhv c3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0ZXN0Lm1lhwR/AAABMAkGA1Ud -EwQCMAAwHwYDVR0jBBgwFoAUfI39SB/hKrHFXIQqijOWKIOk6FgwEwYDVR0lBAww -CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBALseu8YBowlLbNfhxVTpdeSt -AJy4geCC53uLe9Pft3UydLDCFaMtciSUuieb25R+vMipRyGUX+2ovTsI3nGIhWV9 -F8jWCTXM9SGe8tUy6+GPkmBRI0Y0eakihDl9FH+JvQJO794cK4mXZFOqVuFadfye -eTT1Bmj0225HrAEV/d6lNcEOxLZkqXy5VYyptejCsV9Ba2S62227KJVixrDuVa23 -bRhP7YHFRz1SjxSKEJJHDyU6jZL9/BDjcviom8QTfaGjjRFyHsR3KGetLKH/9tjS -9g7XLPiRzz/qnqdesoXC1H4pBLViFbxL+FvkDnD1KDEybYmLm4A+A57wEAv0tRw= +EwQCMAAwHwYDVR0jBBgwFoAUPbuffkjCWYOlGla0+FG1I05a2X0wEwYDVR0lBAww +CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAGg6SHXxY31yT/boAETY2idt +tNtZm3u7lfOhlapyHjGCCwECOp/Wyu3H0517iUjM3xqFeHNrqceaA6vmKv8jhk4D +wiZto1dgtFftf5P6jxR7MG4z4JtygetsZMBIvVfgbaPDRdT0BIMZcKTca7zb2aph +m96lsSxKVcw8vSPQUxY2EuPOw0yiWbzkrdJARRldbFxd6RbjpMbDnDr1UGvkYXWF +bkxUwi0+oDCv1B1/iSN+JVf/5uRPyULKmb7cP1nh6YU4/alj8vxK+GsiP3cwK6L9 +Dm4GAvDGcW9Ew3ZZC7hMzh3gj0upe1WIAGUJ2CyNcWzHYGtKuYVR6V/3bXgB9pw= -----END CERTIFICATE----- diff --git a/tests/security-resources/server-key.pem b/tests/security-resources/server-key.pem index 2370041c27f..5cec107853a 100644 --- a/tests/security-resources/server-key.pem +++ b/tests/security-resources/server-key.pem @@ -1,32 +1,32 @@ Bag Attributes friendlyName: server - localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 32 34 33 31 + localKeyID: 54 69 6D 65 20 31 37 37 35 35 32 37 39 30 37 38 38 36 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVNvFMN1J1EitZ -w7S/YFgFBs12gSIAzxLT4/Il6aqViqmnjc5J3O+haTBrSVZ+iuiAI2WOiElhTBD+ -iZJoN0/RjXpIzKWAOnDyqbuPXPu4s9ttcp3NEhVI+Y69A8xkOXcUT1A5pSVwlT7o -1KEhCWX+R6e3z4S8dU/P3ph25PFj5RE4n1nR6LAcaYMgeb/Z8SKpZexuGrzUNaG8 -6TN21idVJPwF9mTHYMaIumH3gpXyydAkZadPOJxU71BBYlVBwXppA5eC7FEhbxvn -dR1wzR32ZDsuNsSXro/P7A+jsaIGEZEdD0amT4vZ8TSLLRazVev0k0g+mRDLGAU8 -9urM8HEzAgMBAAECggEABHWIX301vx7kYcHZ+HAiIUBTSovQXtLRXrisp1pkySRE -LqgrtoReOuYgVsxxw8VV7mJgahKDkt9JkLm+wNOKVJpUQbGv7nWQo4fT/ZRLR3lE -gPBQa+zy6uPeUqK27HXVK6u1G4vmYwdqwl18VTbpL+CnT/RpJJKi6HTf/ImZ9yC5 -JH4F8WJaMDaEuoZjG5NK7j+elxYCaWirf+qimX6vqOSpttH2+hYuMkJpL04ypddU -y+SerLAKJHSDquTwiG0vQugP90FDMELBrO6dpFhfA2jR9+yVglPBY5N6VwUZqUca -cZgjEwbTjQlNVxlvgvv2QTOfb+vNrK9z4qiShUJMdQKBgQC/r01GNTArsbvgW3lq -H65gCGI/hy4WSLDZH+NFaX/gfsrbQ8FScQ1lHd9HVWMZcRGPYWmR4GqQgI3SfCsH -joXQElqj7YHucrfJ9q4dyvITjdIYPcrRB6l5ZZBWxLrXtGEg8ynP+a7WbDx5YEvW -FKk5tf/3AC1ZJBFRHqW94F2YnQKBgQDHR65u7UQsgRGB9IAF/3xnUjA0Ok5K/eGZ -8BK80mntvxvDoNowEUn/ZBw0v1o/ZMULd5Mc6JnIlC48bRoZTVB9S9V5yJ/8Irr9 -BKxCHsNE/wrdf72nwtUWgLo89LxF26/SLArj/ma6SGgmXUx8wgkk25Ow/B5CA0rc -XP/In96ADwKBgHJX6iq1U7Tc4wvkxTqPB3/1wFXRF6bnWcdLhFFFq6iJOg0uD8ZT -9f+ZoDV3NBRbJHR5UXZZfngQl4k11J0/YYdLS5J5/YX2HLh3VEolY95SPT+ErNWg -UnI+Kan41NQTn9T9+LU9ZhQ2oKRu0w4zaPcqIDSBgIuqPkI7m/b2Ph7pAoGAIXjo -07kGunLzfeCToG5JdxFXB27Dt9TtD+5DN3QgVs7C2xkpjOlahItMMY/ymLNUZZiw -HSr0qbw6B+xLdfSGkIUsVkhclv0+a0Fdrb19DxnHuWy7bnJLWHxGy/ZPqWw9HBBJ -xAH3P1LqK4eAUXRGFOrM4+11J6Fl8Z2tWQWBWgECgYEAoeW1KURlRQZAiNs0zfsZ -R/8+t1bo0igvt+wVewfam91GRX9hj2eNYyYHbXJe94Py0/ny+jJniNMCVpJ+mlY9 -kx9d9fd9zLBu0M7G5f6MLRgUzgxFytIc5X42KatoOepKYVycrjHw5BtulakhQmVn -B17jc9DMyEmdIBNvLXegSfQ= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCifkCz1Kc97x0x +u7yHZe8dzMRg8Y8vUhyxX/nPE3v73ORLUbrnu0MRRpNL7pvw2Bt4hFgWBdu35Iur +i1Ql48CXHW/vKmIbE+nHn7OhXkkks9Qxw434NUIwcnHciwnCpSd1VsBoYALigkuC +5oy7OvMmqecKZL/prSriSGkQCpxi2BKJBHiWX2cPQiV5i/HQV8Pj0TCP3XUQ+YaE ++vWUx5quEskPXg7S552vfmnBCxUNGrnx/BBELqNaKWPk64QdpG6Hn9c3O1XupEMs +Ws88C7P5M28vYXBAX2k4fdxfBOcDUrBJguPCvQMjREn9+PQJ1zwWys5iZb+7f1dR +gUdJ6c+hAgMBAAECggEAIME/9DAd7VFlymhsYsPEvXZRMLSI1zJfZ87vuZMVJ0pZ +96fYPA2mwZT/LKuC4jwB35uX8QqJxaorkG8jzYZ5REzyCx05TPmI4s1ZxaHOrzgT +wltH4zyDJOZw9tLNKyAlEdVksDWIZ1X5+D9Wp4hEyuqtUM5J1EYsspQDn7Dv4MmY +W7OBq6iDTfOLesr4qTf7OPNsgyWvGAUIYkwL1JZQj5Avj3bMl/hgplw7bsNpVKN4 +pxjo/Zy1/QdmcXyIgZTJLpceEi1qXHQAVMi8IwJ6l3/CNxo+zv45D2ffgBEdoqMn +6rBJI6DLheG+id84UWXsiO+4oQDgvpqxRa5pZmrk5QKBgQDiAuS2rm6jeOD0ZWNE +XILySQEwetWo5TTqMPtKrYvn8Q6NHWUX4OoESkn/pVRIsuhj+xcF+u3U13SOHko/ +Zqo5YlhKJvDseIFTN27eatqfgo3ikJWZfp7h+6R3d4tLCavfN5aV44zqZRpbTLFC +6WHTnc62kGNqVOJKsJxrgIRjjQKBgQC4DcnO4GJg/fazTFtD3yoHz8Up7sirJEzU +zx6Co0B2XPu5iXgFcJQ5KeP3GVah39tBIHHxIMXrC4wi+dAevvIhqc0IytR2EctQ +QD5GccpyR0UdVY/mLV92SL5r7NN1ADXYh12FAlsM3Y0dvslVO7gQvtt/ap3oBWsv +108i79ntZQKBgCkjb7AU1gypXwD9R3FVCXzCbxX89dEVT2llWwg/yJyCUyy6cgFD +rjTztL50wH+vGP/B33H2N74rLYsE1mzt6gQh84IjzmysjpWwHF0dxAeOwva/bIuQ +8aienlQkjVUuQHuT6bQExEyR9JczwXw1cNoM+mhepcngA4Sm2wHyVaatAoGAa+9i +FtkNuHWW1EUGDIJ14ojcxh+LPJoYGICyEshsCD21PXQ5l28S7Yb8ci9A18MwkDvX +tiGTD6kA8I3xl+ZAlq8+V1ajS+5ZfeF+487dezECfhZsQf7/yZ0VVrNWunl6GlYf +6N2dyaivle8JoNtZsTBMBqfenG95EWBBv2pLMeUCgYA/TDM6E8CTxmT9V6tqAEu7 +Mq1DSt8oPdj6x7MUo/GEKW4wk2vltk2J/Ka7NFfYHmtxcVQ+UiEx62SANUIQUwbC +9O4e9kFZlAVqjrUekmu1V1A0LcUgzzA+wOf0QhTwlZWa696vrP8mw5KF6+yTaaCS +BbTAIhKbSdUj984T/1T/pw== -----END PRIVATE KEY----- diff --git a/tests/security-resources/server-keystore-keypass.jceks b/tests/security-resources/server-keystore-keypass.jceks index 45a35dc073ce34af7316a7a5dddb354b3d6719f3..6c3b141b9dbe45b8d5a9a2b0935f1115b6b89402 100644 GIT binary patch literal 4211 zcmeH~c{r478^C9??*wMSu{qvo_&h=jJ_1^dWJn#G5*Zti0?|xnyjYb23K#(6d z7{us}CHP?pAP_hWTgk8t0>S115^M$#VPrYP2!?@?5I7j%f-xiM6@o{bx)&i(D2FDD z1bZGl`{w#{L zQ04Z^ivhLvmn}tdj8Y$y;GW|6w$H2Ffpm+Uoi>`q{^QF>9-c)ES{ru&$L&Y)I5V{6 zqe|m~t7*p6g{23lCufF-X4`8{=$4h5t#{~@g+0H)biWvX_^YwJooQrHt6T7clvYDV z$;SH5Avo1v@0x77{oFO-9cp}0s=u_^V-Nu|!e%)!do{EL-hcB&oy!@k!oABc-HP!*_0B?z(G%SAN@)SVdtKu@ z(rfnMRAEeE;q;063J?Di&i|O9S0#tzR|5rXCvV+sXEkclOl@z`?{;y%)ExQch5fBB z`7a!WLLglnf&Bdx7x9AlzAe7;Tm`h8@*#(B~~! zIMT3*@q=!MrAzTeNS>~}ckm=-WbLKlsO)`L%E5uBwxr^Pm6MFbPtMVe0&=AeR{de9J_IDeOOsj zXCLu2S48oNjC2GL_F!*wMDcs!#-(c_le&hNDh+1Dxup(5ocPQUwV+)wYCdWxOH~l9 z;;r>eIAJg!fOhj?%8oUqr`e?`RrY0VL$c3OP0Gnq$HXq*TI!wCw&qM>^9>Sq(9_YA z3C#wR0dZ8&ePr6RaQU*8&<4bHo;y)*-ICDCNuuvpybZ;ZKe2sS#1g1Q+7D))AzY@6 zw%*;Ck!5PV7~pw*gAwI@bbid*H;&Tv^t?1`VEXiVPMqwVicGGk-)s}hC1$R6bHQ^K z?TPr#u1TreBY2ae#0{AVW0`xBYY9WNxF^9M_G>R$07O!E>qlv52QSm0P$zvjv$E1^ z;IP_@E#Px~PfTf+S6+Z|r&GH2{cLiwl1*Fw{K%W`LFawT2l@pR*YlPMbmwD^Qr6^m zp^+~Yl0Ra5yZVN+iBQh3ZPluHZE5CH^av}C0$ygiV)kvvmf>}BcuXc4iCeX}!Z~NL zlBa;sV4b^dK*VSY_C_b?jBU;3!*(h@*G}nRJI3!+OnxIF!v%R2;OH*=4(`HF7$8BR z8Bhoq0$~9)C0r7jQEj6G9E>c;2>pmP4ltOF0R-5icmOU&s3nXQ&aCC+gY&~0nW4A= z&OH+woJot|gLTJwqtpP^Jqr}B@N<&bk0CLOZ{QU>g(djlTyRbpADpL$n3k`Pt0w{H z69|ay<4{xulz}6FA_}E^#9EL`5w&YjLMi_+0A46|fOYTdjBu#d?&?1@=6}hq9}DYunVG{PaT%x z6wF0R?KisML7T%9hGw->lv6x<@rLu{#R1`f>lXwVhN>o_3!={<#vAX7dM+Rxh2hg} z>17Y>&PbN^qFQ3sRkQ(u*KjmTbB?s{`9@a<$Qa3xGpJgrUG%xmVOO^4w@sDN+F`n!cL!=?s@=$f@;^yguadY+b_95~A zOO*d6IeWTea2_PSpYMD#`e40%i4zTR40Ea;U5O8o$lz<5W0-=1zDd{2l z%~scP_Mb0bH>;2^wx$OI@VyBL*j@@T@AiEL1|}%@_dC6t^1C|?2Dz&1`z|>J6HGpT z0O<@2O1qa2S&@S%i7O8h^9ct~BsMTaJ^ic;oZhQlJHs$Q_9Y zV`#IKdluTE9Q~0P|0Rwu2=GvPM<#^Lx;Z!M*Q4LLXSL||eu7;Sx|}_XuN$K0W5^>p zrE&(Aof`EL-4+6>yyLW%vzbdo+A&bwvJat<9 ztk|m0(nR0I8Ri99-UMM;2IOMA+}a%Q1~uVk)Anob0pQQ6pr53G2JTYA7a&0{{v^e3 zzr-ZeR2~ZdL)iXmQmE{bLJ3e*0n~P{J#?s8|NmY1Z(Mk2dLqA0g9%O@3!P8dyy2o@ zW00tng>(aA*JM_$U3i_emkpMyOrbTHw#K+FOQLIXt_QZ%iBuZTERJ0ryz=2na~iQa zmPP4q!E^SHvB|)x^OFaHN7Tmj#qj(!aZWe1QW1-?p4cAblxwd zZ^5jxz;h25iSJ@5SexIR8Z}LNk9xRFJ4mv(*ipZ8K@k9cM}O(mq%N$G_7J5_sXdxR=Az}{>cYu#q?%kX5k^7d(Q*4y+_87JGeK9;GB>^cjr3# z7fTV?(=(^ZEEz(HFNHFb2wXYZiKCR73^AzaOX--x0Pc{y*r6VwAgw3L%XKUHjO23A z*!wEEM`R`XKOQBF-uYtTH6p=?UG~atAWrwBbUCW_F6d|~&)#Gh@3ATe&##eR3eFbW ztZPhk4y(NV1;^L#r!OK}tt%q4rg}s?1xem-8m1b-K7DtLpp)m8FXF|K`SRfP&=kDC zPUVI|+P99)@|~H7oiIOsT{QkK%|AUy{9T%Vm*!tqnkCZ*-bbFo=34I$-E@a>)82;7 Gjr|jtn)R6g literal 4211 zcmeH~c|4Tu8pr3E8Ozvan6Z>?vXqFP8DuFk5=tm#NpCV3&0xqFd%O%WND5JQuQppX z$-Wg*7!o2&Ns)c)MIt%0oX>mS&wD=S{BzDVsfr!9fq zx?Bsj$}nG;oT>J-SkS9PG|zobxqaTOi2Lx7dg`vb1yS=^ykrGqCT=w?d(QU-b7yzz zfiEn1RozfqQ=jUX2qAQAZD1djTb(5(-`%(eV@02X$Irwjd`M#PBK+&T&G8Fki>>`D zA)%ux_p=w?FkSN#M&B;iOLtCxKvHSl%jd(h+k>e`?#Y{3bS87#4Qn>?&~LVgr&T0` zx0-Ihf$EXH9ArQ^R8&$SoUbL>+|qMLDFErfXmIN+O~@2{oJ2w$rF3u!^rSrujVh61 z6tHmyEv~cckG86G8`aBCUh?{?TKIb3gT8{mMc^J2VI9>ZIAGy!nM+9zNU~}xJXpW@ z)b56V3HD%pd0OqMmOMEm{gbK&onF);oHB*wg13|XPKK4LYu*shX+OS&Cgf~w;!vZ& zND7=(@rom~J|+BCmvO{*sdestuZUGwfW2MF%Q1aZ<0lI|4k6WB@F{##Za0U6^=qPv zOMiPWS1uU`Db&ucXNu<+bM58KpA~YR-)ZDrQf2_RwCS*>ZGE#PMdps^@Ub(>kbKIg z{pTxH3}xrM-x5~=DO(bAQN@v$Z{|acO!lPR;McWQ^!=RQ*BnhOZ zR-k_mqRzKgYoD#+%@s`W(mVLbKQ|*)~a3XXKU(GaBiBh8~C9Y}W>) z1e%KLdmN^k%$YmRB^Z7ZJ*R9FF}u4wHLC)U^;PSBl`WXi0zPF1Q$4OwXw zqAtd#Br~^<8;+X4wQT~zYVNJojP9>uY%f*sdUznY#zT#Y@)3%Nm!#9fo;Ybi?MA77Ob%C6rn!;c9NS?}Byh zD*x?#ybmf(pkUA?J+0NWz^Zdm*21x_$R&E;FOP%WPG6T=m0<@!1PjE+(StLqvxVMn z-6^b4;)uwXJ3NbysP>6#BcmUxhrHwjpxvj+#3JFs>da6dw$N&TnE#4}{$dD^X7{D2 zVM}t>X;lwJ$>v?t#df}OSJG@a1XlSeOf`)BQ}Su0fbuaHXLYMnQyu#bW5pA7^pBOw zJ66AZUqQ5+6Fhz4tBxP6-cdT^fr^QiHAVBO|9+P$f!63}V*M4C`F=E;j;Ew1M5^~`X^o_QvNC+^BU zDpBzy?`itSZt}&h_VGrSp`j@IApaJYj61_hu{1f;&f_yvJBxB&8VA`~NxBR=s1051mwJcAPik(@9~I1iee;7F(V zkW7!^P@ur3#Ea%4(C8#8#S5ni?%7me=-odTVSh|vkADL%_5g`Sr#Mp_iFAsGJC@*0 zCwtH+bbk;l%8yqARq=QnP92BG*@_|YxD5f1*Z3iTo;W^`XY=ixXc%E*_a7GbzgS$~ zt^dkdEGYHeSv{z+ML-O6Y=TpcW)^D7G zS0s^!x6EUD=hb4AMT#sZ7ZQwhucKPTIQA_~u;)Bgp)ddf;3&Kx=)(p|_Jy?bKJ!w>k-|~s-$w0VyI1=5+ z9$s{Y@IQwt-$qUzR3gQlf%*B&H<3>AqN`9zk?>zP`Zb;3EyG`Ylz9jX0^!Bx+4jkYD8nZ8rK zm-~$;^8zVI^jSAToxQj%Ry9$MdX) zY`wo^_^T~)k{9~jjS2wawKq4_9}6^;IOU!%x4f8JJXXg#LvVGf=%-dHTyGG&fz#R`g(`?w1vT($o21wf{`W5YCoYV))^Y89FuM|j z3NjOwy!5$(z`A9U;A<80(snDHXwV#Iz4GD%I`gb8oLdXoD`x$bg(br~-aNZS^n~1c zHz2gaan$N)TU2UqzXeJEY`n2JOl!ed&>Rre_SZ7C1N)zzfr8Ral6tT-O;4DbLdNk319Q68|nMg$QrxkkRLKOBd4) zP)ahHIgY&Thv~ySGLjyC?L5*f!-pZRH|!ksq>*auPYpQgh9EnCcSgXf3jO43^M!O~ ze1Vc;)m2tyqmj5SqDoN0m@b8f7&T{NSS9-_KdYS;DXk zH#@b}IVEyp*m|mLE~*Zf_YfB7BpcWM4zn*X=b{30W#uoTV+BQ`pWC}$qF JNUoD-{R0$quzmml diff --git a/tests/security-resources/server-keystore-keypass.jks b/tests/security-resources/server-keystore-keypass.jks index 68fcb6b7e2e3d005f1a90cf7020f4ab1a45afb90..debefc49e3585045df2982a02cdb8457c2a235ae 100644 GIT binary patch literal 4229 zcmeH~XH-*L7J$>~AOukiL8?Mfy!0X>O}Yw73q=SaNQ4k6L3s4gRH_OnHA;~tQUsA+ z73m^8sUlqwsfvJtOt8#)^VXX+^JnJQTX)@c_ul8+d-mFA?{A;`ZQnCnyQ*y%dWHk7Z0Q z*1R)#duTQ{hsBTfFy%LAw^KQNmu3}Anj(%n&j?J+lOsw@s@VMY?l*o{WR>4&Bhmtm zf*09@`g*RMWByb;Kn~gQYxgP##3oqzgKmh&uf)x=W9%l-Obv{lpIZWx2TWK^!{#8| z@EFC>fiZ{ALlw&Y{4-U}$8YI^?kVX z1|9hLN42|UpBcC*ibCQ+0rEmeqk2%O3pSI#!wV8H;?x#3 zGh;lDMcevqS6PTW=x#Q#~gpncKqML>h*RZUA)y*>k+dMT;GoXum$ zaS0jW@~Q6|i$;eTnt%AJMd!5$2pQ65f)YEu$SZ4A9wUeffiG#==w)&h4meCPsE&-f zKTil1RX@Uh^NOlvGz7`jyUtn2Z0Kz1*!uhMSDIukB_z(ilq>roIBqcLO&*#(e7K5B z(hE3zL+SccSvK3d%J73N9KBBlG!l7p%pL|>&V21oA69qdNP<&c8$=ysmtMjz5@pF_ z_2-;?A`9k+bgkijo=}I3+F12mzYEPBmaK~J3sZ;$dw0|rcTQkL%8^)OgX?~_Eb?{X zT^=Jw)8{20Y0HpUf6tOcVf`|Ypn)>pwX33$I%0w6I~em4&wY_hNMz_JU?pt?@k8PZyWAZAAhWH#Ci2`A1{NnX=l)*oz}P#kN%6 zBC0g%@!77uf*$%9xp0e^sZqPFkmWiLE0e~;bS`Jd>O-Hdw1Y;XZ9KH^imxW6bGP_a zNq0VYB03=#KFPPH@-W3EYin=M_KaEo^J|R>M{>&gUQaK3cr|Cl_^IMQibO{g9CO!< z8b4&NHhJ3h&^-YU9tu^|v}}CHiM_Nt+P;a=;UmXqWCB%JrVR@urt5Ao)Up}K zk6SXT%~s^@$+HaNqzP5NG&Opw*s&lQ_l;GlcS=x+@nV$H`?lgnc_UZD13i@<2EB>o z&Y4~dwOfp`%gY>)^;UhIq^QzLQf~f;HR791EmvGcv(K{5zUvZH1!*SULvN}^Ak)u9 zxHzQ-&g_U#u3OU@Mb6uQ*d{7SSfPeGgv!pWIHU6@_ta`u`>;LQ1|lW$#QI_sDE(Y9 zbXMNM>}Ecqm_6q4BZsOw8?#x!r~`Ryr*Q2}cQE-LC9L7Inh9YzvK6m%oIH zbI;?XZ!cuV|P@=Yu+nSMs2@d7QdfdD$aV{32#6;E9##F;_Aq3`n2v= z@tuuu3rRUZ2?T;2q~j0;P@&MfPzV?TVFESAU*dZ&-#P@aA($}Xy5Z|=U@!}vnzmA$ z00#nU3S&kxs^dM0UWC)eQhVqirJGog4C?Nl1QO9hN)eFXwLp=_eoYeiIV5oYJBkG~ z3GSXmMA3$Iqo3uP23n&26Qc|)CmisxRrRWA3DcPR}z)gx3 zVBY;Y0tr>8ul`eG{1=VkhxT7ND**8SaCYCnaTcJ0h5i@_daHm^!5s7+0%nF#!C+8E zfZC(}oD)lEsp^^t!VKOV|^%j{4;SBRO^CGKHPwIAfV2J=p|y~v><>Jz#0!n}E^7l?gL*|QlQ`eiM? zHTfY|8^;Cqmv7UG0*H+)d)W?Du59hmlFYOe$4}3PqO)8hXafqzO&7B?k68Aousqt7 zAs@qCRrtngYN5hfdfOYHmEJ zMiTcupGa<0CKoau=i)^6@TBhjrzrVdav+m%L{}>JuXny1JqaG3k|aU|ERf#e0jAv* zkT3`U0uJtq!m#}SPZ0NsYFdD96E-CKfLYmwak=mr%OQUNxjR7=wwpqX^pgM_&Hx4f zai{4iPv2=U$Vpk3vV!+_Kl}L|NNaHTFsW<=o8nuY@bO+kzB|7Zl?4n@roC!kXzfe$ zy{6mw=0KRYhjU(QGPGb8vm+dS2HJFplxc2PX1)-3>q{)RFW@ROp5h)n@8Zy)TWdZ} z%4|N>{|OetdpT>=xn^W2AD1$gU2;U zx)Mt8)RJ3_LWH&9-`@S!lot3ThDqjj!E@Gym?S{cY?j}DOmR|Izd*yzLeIFxJZxa$771nTmTF;U1@@}6 zOKxR)+MA0?+i=L)x%8&{v~S0jt5=U}tN-Ed@_Aw}zBmTewkQ4MJ#%SVQ((pe39UQN zeKb7ACNVq2*P{N}0X`&$nxQYIe6SWhofM|Kya`>r8Hw&3*%}EG)s=Szpy;l{(GR@$ z1mwkx^zr(tm&&fze9T9rlz}E^Dvso&$PC@giJ!Rf<-FUNFoLk^mRlD%*O%O5FW^= zd(vGi&n2JFjV+_=U}#XX^A)Yfo5#|=cWkB~%sh(6{rH)I_WfO&e|e7hyEOkU&Hr0z Z9=+*rSfu!oLskE!3N2Kai*M4q_8*%%<5Bm$NFtIYS;~^6 zQAoD3)fqGPNR}d%C80$j99qujJ@4l|pL6~>?_cj9&*!y}7#hQ36Z@yy({Y1dG2UcCe-cIZvos>EEg`eA zbj|NLe|Ei>BAstZLc4}F!+dgj(&NaO(O5~u;ej#RmV24=N(<5!2@%SkX$e)f^A^n7 z=*JfQ_PBtp>5Kd7hcr%PA$!l!2lTu7aKb3XJcqOn>=ikCZ&#~{OP)8v3mc~H>nX<> zR177<&KzunkMo8dl=k=8v39HLWp@hu$*&yoyjd)wvbPM={_4E`+kLA&d7{C=out{$ zo@2M%?jq-OxA3!H?M;eO8fwgaI9 z&7c$VtX8`g;-n&mCLp~$V_zU+*<5n$R6*?0r==y}uB83qJ6ZqC)Qh-ZQGs*=eD*aP zJpIDZlFI8omS*OyZSq(2Xic0x+eGSg{drbp2y6aV_B$KGW2SRHDyjvhOH zoO9=9Rf4s)f5)(ffj)9jkyFl!Xbii4b3z&G99iD}V4gY`!tH<)V&yx>W`{nE)KkoU zeZA1DuyO|3v@|h1<0#!t?9$}$CAna$M{w!L%iG(BbI4*x#`MFgIK0jpTGzbWQqI{) zDzs!!D#CRl<8q?~KA)3pSa@6P*Y%}EsI)eVr%ajC{28rRrXiR_*|yb z3buBe1in8+c_uR`a9+jV*gO1EIP7E=GNGtsjpzQZL+b5>p0Ov`u3CB z*Mbo@RmYWEm48WdcoDzr;Y68#A%qCEuC9ycR((_Q%*AqLhoY48yY|OXFHBD~T02FT zC`?}|yJL>XAkMBz-f%N6Cf1AEGD@$mu_E5Xu<@`v`Tdf251v{R%SDr-cFzn?6SHU+ zEY_;3L#;r+QqrA0mWfRx9VP*n~q+Cx*0v!7BF z2-_tlY#yO5OuL(!|6pJel~gCz;OKQTq*xK~N!i*Z7ZP=#OqY;$$0g>KN%l*ZQ=*l-Sg!Q5 zYCH^`^2xPjAG*a-#PIgX?JAz-BYe6;A51K{=d<%r9(hi;Ta26D&%S>8CiUY}R_yc( z-X_v-yDAf8JyXL5b>2#hu4*euXhRpN7PF7oS3{0CCK6hiS*`PXcQX|&sjl;j`&oxH zGHf1gMWqMN3Hm~*)o>FiGh>hEfXArPgM}^I=eb76R_R$+w&mn*XWo;jiCt6eCnvW> zX6%!p5~C!`NUrq(YfUlxM}*@$so6(ij#*!}p*3&N7Y*&X(huU5hj-Ij_qaVzcsQ=6 zfs2z>cW`+l`^;yx89(;$VuQF53>Yj21_hu{UPx23X_ukj^N%1Of>$NlH2O0i z0Bq)hfDRZz5Q%^h;hThc3|(lHK=MILi~z{LA#E1sHuR&BsT6;VE~vesz=Sn^4nqIv zLR)_$F?uiAk4AB&xH!=$-dUe{dFL0CKjz_r=oWKYbU^O<`UB|pDA=s3CJ$$Fn`{J6!-*O@eBR}ipzc-Mu8G@{lr!j{hJksxV)9$BZMD5x zxwVs;fqlOa6~1yUkRCaz(6{v^f5r)|J zqO9)pJ!sUOzQq&Om%;1l?c(I=?(I)wi2kdo{;fswraDo)7$QICd=qJ8f0{a#90Lzq zFYqAm#tOo4CW(VOuA>2O>dJ%2{qAMfUwI1>}SCWcDs)^@{ zD<&G54u&42`-9XPrBvtE+wX{_Ra9~FnTQs`ZmUF*IDupWQgLTO^2%3%mwsQ0GMj}% zbMq4f{iK`eN^Ye)a@Q7~b}#Vv@A#6`v1cl~@OXJtWAABYc!jfQt=Sj*aekjqN*F9P zHa;_4AC^5Qu=!(!B;+S4U_tAY2ml$-V?Rl83FJQ#t<REMzuozFfa$XHDALEHpCG1qT$qNwrNT-!gYG53-JM7<0h@K-S*CW@iH2Sv5K#K9Ork!cMj*H0Ov zA#k0v=*lt2iYqkZ68!-SAXf#u@+8Py53=cC6?fx<+!s}wL_F+V%1oWxV>U@b?JJky zZCL$=W!tvzT)=|h@2K#ndALzhq=W%r4bBC^)?a@Jrf)gO@V{7H%V26r!S;E``NhEl z(|D6d^#!J=Tb6XFhfbKD%JCYTw-~F@WixB`^BLr%-7?}rJ~enYD=Mb+F|lTC_w(@T z9Q~jehu9OzV>ua4@aAqgBZTJ_@twh{m(1Q-BMVQ8JQI09kQpC#eZ`X7BI2~xto+8; zk6iC)Kjfkxj_mp1$_uM4J*n7GBDDJ*9jL6(TxQm^5+w9_YXv1uY0_8-fpt}cS-GcX z5$A@gs&QAv>t?jat67-}k#t@?&rT6#k=h$cDF_j^fhL>#B+5)E|81KJuldEj6{XM0 z4FL3s=InhLfxex<0^3Lo(RV!Zq;3Nq*olsk_a=O+*u3AFspjJJ{a+^c_}{7dr}v1z gQ}gfC{L50)dCE*OHP6k}j@zaxTf0sY<-^weCo3G#4gdfE diff --git a/tests/security-resources/server-keystore-without-ca.p12 b/tests/security-resources/server-keystore-without-ca.p12 index db1c6459d5d8cf3bf39d622bf5cab302669cb982..dbb3ba6d870072443ee770a6bee53ed9e163f209 100644 GIT binary patch delta 3746 zcmV;T4qfq>ADADIb`-S{47J&P3OKygLi$*3MLWIKsLYcw1|)wN3&0}jJG5;9NI&qc zjL{DSf&|d`Mp5eV-gqhtry>}?D@dQnS9MGQD4ftU*}K6}S#@j9FW+^ilC)YU zd1%AnMq-V)H!pv+TkkwgmfudB05E)D_(KSBjjftODR7m&I1=i~md(-PM03k9?xedbh8LIA9PR(LLcx zKKy>H_J?tNM3|`9F1cfIdH)q%6tkNE3G?Mh+^Aou>ZFQaV<$Fqny!rp?;{8p39@l< zh$G>qeo`I5&B{45e&5yJ0Y!L5Eq3tl=!b;&dJF9?Y(??hYA1aJL;R zLdLMRbt$}zu>_dZU6`>Dl0Ukc@hYtLHJJ8GTcqtIM*+JK$^!v@^@Mx(gkBJU2V@aV z)-p$9OzmEa$I7z{8knT%DIqKI{<%2fS-;6FgB^2O)?_-p7m;*XeB|_ zGUs$f;j=jz>ABcbb$cQC1So(z@rv#|*O%tWrFosd=#GAe#LuE$1+Yl*9ZPNfCB1;` zs6rf%2{4|CjJ~)Cuc>}Ojm}TC5+iQDi_UDr>=05}W74?djJnZs7QR=MwW1z-^Qr6& z*E)ZWW6}@irmtpW_Z78DIi0P`RCHZ#Ira5|1Z+gu=UqB8bCi|{LkshZh zj}S=)B+4e%&wyk*%wmDz;BtNiVuh6m%-Ru%>3`rLom}dd{eN;ms43n~L>`((6_I~s zFtowcFgcG$KiB1Ot>BM+_K`xr z$x$eA^ONqY*F7vc;G(Ci=y1Ck$kuCz!hZA{>Lm>^hwYQ$pC@_BJAy$j&3hLa0nC=1?Kn8D6s?>zsxWpoNwyG=h;#^ z^cqR^uJ*i-3;GO04%noMkaOIt@b{=ovH4t|hU=$eig=A^+S*)BP~;M=e!+hsGEA!o zUo@E*zPkf-_6<>q-ZSR;f8;x_9c7ydq5$%MI3xamBWgZ;*fUzKmrW1yn|2cyeh$S8{xgYa zF+eaI1_>&LNQU%MEUB5=Yi~(1GcR zw;m7z%aki`8P{Q?Io~0YXH3hPsLgtwo(~IGAgHaPZGi(=$}IOfu4oT{6f) zOeCAaRMV|FE)_f^?OVDJ&y;fU!#jNbCIY|-ssJ5K0ph`*Wp$mf@}U^p)uU3?&NNt1 zS3tb{ z0QSQA{2r=*%K6}dp~wB?7E6$(19G5pl&#UlNk+BLQ~5;vRu(Jbzuh1O$MOr5J!<92 zt*R-rf=yhwr<)Z^!DV_i?}1AQUNOvJIHjKhn_wv8-~6xkVx9v^YRP*EZGYrkv~BWa zp_!uWW?p`LWi!_>NH#MN(jtK)RG3>PY+6B56I3}kM0}Rbb=NN9nUuy~74LG!Niz)931?lG;!<~w) zVhdl~wiNc%)08OG7+>>R{PKtUQCun4t9rM0`P}KdUyO4be5N&19+1+yD{g9ZgQ1IZ z(jw1)i{dW=E}|5ggewRC3G^0zAD^aVqhNg50*1eC?d~t8m^zM&BMPKSid!%hh_Vxk z(JrCwXNFz5TJSc|Y{@Fo4s6;(YOgmSoqFpuQyx*Wa;zbH zz?wefgn}PKvJaf|_Kn003M~Dxx(UkcF%yV?{uu1Jb1oD_2-Y(3LjHvcV1 zVpf&oX)HV>u-f_^fXL%YA~&3h^dhnIucEJD`r32`9}Y`9e{Q=Z4@W|A(2S|1%x`T;e{bxY;PC~2bxfg{ zw-udB(VK#VZMq?aQ{mpcV3IaGtz+#|9aIMib_@;cC4;A}P>rwl7k``Z9y4-oykbPI z0YPIj7Qdf@DgX^j`POc_HX6bmGb`V(<2jPG9#xx;gB_{R{S~*99>;t4Joje_w`vw` zz=3p@(thO;jM|!k`~YbGK;#>LA@213@`wXg{;O1cBO3zxWzFek&yf(p5(99{#rygY z)~^fs&{}#d!AaO%O56npbuC|?7-f9i;+60wwqi?+Gcf}+R4W=xIsVW7vWyBEz;A_D z#Nj~5_RVaT1nH$>KjdZ0?L#P|HbhZVCxfUaj0VIWw}k?yAg^%sIJ;GUr2s$#3yOOE zlv+*CUn?NVp%5BSF$7hwx5C7XDBJEs9G1GS6uO#A|43X(d|RbBfU8R4)R5!?%=--u zL}{G3=jwu-b)U!P2gr{wMR!C7>qTFLNN9Ch?@o%1tCN5Hy+~y)T3_>JScHUu3`-3( zj_Y#}+yt(&UQX)|g=r9fm5mT$VZh>Gr!~w2vSRf@Gj>VbDs&7{8KLZRrwHDOU637SW1j&6Es4zKc*yq;aZ`RDDt@YtnebZf)b?EG4VEHrRHbO!QGma45+Nm#?nU1C>`-(cC zY44$~iZILhjcN1W`*_jpJzkx>!;~!f4Z{Aa*a$+VPmp=YU!4(>3@`Am(0OKz_B>2L z`IZs;m*PVEBxF{9q*TP{DlYt6Zn_J6_cbN+r6M?BZ3_JqbJ4_9{t0N5+iw2vv)zR4 zdc3jFspN3|y$}*r{Lf&Ghep1U_1M$ZZNydR1?LJKVSr1xll6J9XdfX46<16~_IVy?uY zTcwn$WzTPG|L90M@9926L!ytfKVO$hxj6PTDj+2VX*MQQx>0}{MiM1VdO~?Ria_Vq zBdo;pz3T2&KAOfO-;MlDP{(awpBkDHBFZR0e{hJrI$r(I=d&V7V6_OG41K}Y?@%X5 zCPLwVvlT^uX<~KA5F%J?ba;!WyNLDJ`n--(r?4MGS`O|*+U|V8^bNG#Hxei7`{-z( zFP%jIIQw#AhJ2jR1zPI73^_=n4e4g(j0Uufs8mw%$N<~q-Xg)tWj)<@xQnZIWzP5H z5pM%mcofkiUa(tvyJK&ifYYPw*xaD>9&bU62*$2|Y5~Wit!FEEe5FNR14pb?_SS}` zLQW)2Dx;mWM|X0u&nK}Wy3pB~jGuP?e#Wua2>TG;3R7i|yLoNd3`xX0*MU;CPlE_` z|6JX9Zc+^4eR1uVNc&+PigHt_75;X3Qj%*0{RKh|D``{WPm#Jd594ZxZKs$9`o1nE z$(i7Pp`&#%9_Ar&VlsJ5Is;uTR)>&rSMaIA#fNDD{_Ze?gXo6vQS*}(`(ZbU7qp89 zz(Hr|M2O%QlDM^f&r%2-sQ7JUy`p{G|D_x}?6^UhHWy32V4XMCYC0q{80i+}-$p6B z(Dravf2&XKhA;L4G%+xSVFflL<1_@w>NC9O71OfpC z00bZ|hKy@tv|AU2;Qn>VT&uqLbb*cew1!q{YjwEBBN3wn6!DmHA_9$zUzi|unwe5@ M0gsZC#{vQ;5DFwG;{X5v delta 3746 zcmV;T4qfq>ADADIb`)En9Q=ywPqFC%0qqhW`oR}OkfW0^1|)x2>c9c}HnZ2{o}ZJ) zgD^M*f&|c5>1BcbTVaI%2<-~dt44h42e4&;hrlvV;%mUsOm0VOX5ObX&|b7vX}JaS znVJ)uSmqo9x(7*AGavlV{(5c4&zmnG)EMx34eNFbG9fCYQ zaEGiAi@B1_(suY(&+!gc%+Kc2TfP?e-}U;Pj9&(Id~Scx1K01;@0@97+&Eugv4n-I z>>_`zgKCE#Y45(Z6NqTt4Gd5K$BK(zI+z#AHkCRm+Ks%av7j#Yt=`Au5LfT_+SUsN zVVJ%!c4kt`sedv%L5|-@gzqAmuc7k`5Ax#mqa#uGurHm?N78ydrtq~9K!6+}rt-!j zl$43>HhzCI4v|vRTdVEu?IlMUAvQjv4tj>IoCk4gM`#Hl^aLlBIag(!XNfGKG7Tb- z6v{P>3OeGJawsVfQ}rq+a!AA3#+AS;K@q$Qya9n8A7}XXHQOsM^EW@ko0E&huWr+Y zOZP>9B((xyR6gvJm0*E%tZIY%%`|JtoDP!E#S4GqTk0Ib*wKurkf`gI8d51N?9j2N z5Y4j4OSh&ZAka0O>oo!l)!w4Yt02TMRR?uPhQD)!s#7gPiOQpss{a{=Vim3F#4ooe{I=D#>a(1b3G2~@ zy9?ujqL?!jg$bVgEGOF}jD};xIQ_&3fZ9MC+QNu~Y8fWh4T0E%GlT09FnlCg9du*b z%&`q8s3t{wzZnDYkja+-ULnEOW2imt;q&0}KW!bI$@GdG8+9P>C2(YliEcmpF4kR?FuiYKA7xC08SV+Ma(h z@{ylGfB8Aa_eyRGL!@{*S#ACf3DP$d)W%%KNv>aEgL=bbI18&W*$mQWAP(-W8NFs6 zUPeiM&mam;Kg1uQ?L#ZrG8mZ*tx?9IFMuxu!K&lRHo!^BOv|<_|8va7uQxxY5zn;6 zVFt|gK$*b)|A_XY!oTHdzIvcjik5$PK^aLgH;@A#U#)nNZokrn1urZ!XbflWiC>|H z^CnHr$b}H+y`U~k&JkDyY=4*g85C6jw{(T)fW7I9l~FA+D*B|~(A=dd<`30-VB=5& z(mEN2(I*sog_eHY+N@2g|G^p*~G?P4jO&3%KD&LNQUs8)|ky zGPMiHF$N@mb*w}B6vS3O(8xen)V^k z`zuOu@k?Y-e&e@*>yfg_&p4Kz-N`YYsK4jX-Iv+%F=_ok|mb{{)SQvH_Sp24+)*77--Jj2Pz^|?e zv4tW&2X_2L$@04H>XvEFjU1hZt7qZbvIH`9^j?4k2pq&E*isI z%F%0c-k}Mu7#%|I73$haaD5FJ9Brc>;15NJ17(|kZGf6|*@{?mN3$SwMQ#Oug4b|H z86BilW33|kYDsQlA!!9YAl`AC7fxXuCkEE($Ch!t7tr;enST2?HV77M!=|TX$hl#J zQq%Lin2~LqnZ}w`jh&J%Pe0xh;&s^(ZU{bR-2RW064zh=U8yRr2iDm;@e#|-rFbKL z4R;QIl2ArMf%~e>wwapBRrZav%^jZLgQaeKD03#ul8>(`KT5oX{uKxRA8!Q4UhWH2 zHaWcmfcWD!nNl1T+5F3{!*ZYMBP0P=S(9q*9j_%isi-%?JYCGL_xd|y)EN|7;Td&8 z&2)Uh01u)sN{ay>#B(&|sae0yai&6eJRNp8`m@IL* zzRg8zR|`zTiff%tlj#JWJo4`kB6?+#r0Uh+X(gv00u4mBZYGDAy~8CDp$SGQ`Jt(94H`7Z zhWriNC2I-Ofag)aqu@wF{&sBL|HMOo>E)v@-07t)KZ2o-!R1(l+hD=0ZRzEY8HU86 zl1HrHc*>~l+KE)O`e9!AWNwgCX^yZ;V=><&g$wPRAm-=O;ILvN5jd`vK9BuM2sGDK`EWmH$J-^#u=SynPwlg(Xq^{XOA-n|Vh- zLgnP#Pvz{!)VoqXJcd0*!aJhTZl9f*2tKdc0N&dgEZbnM^5mmUCdv7di8e_zYw1WI z#JW&po{=-**uAo`JlpWWZ*zhFk(HSh7IS+*g0Z4daMr zyNe&UGOl1Fj0!`!qPW92-ef_ zC+BP8G)Q*n{2wh%dF`gb&rzLBgHk0pHQi(AR4zE(|D9KwV>kc0fhmoqi z3Bm{V*@ZFMCCHt_jwp|HIgxoqc582HgVbR6Sf)Z?Yc%#TAxgG~pcTM>RL=q2qG zK%BHF*bqs*EZ2g6CXC-Cn=vy5#cx7Kp9{AATmdVvblBCi>FRUt)Gc}PJ`(el=e<@T zi8RL3{1T4Ly)@V>kdo{8G@{EVv$!UM`fIUHsaEN$`q%fxe{OEz8z>!4s_pWv()>LH zpo@1<8P@T~V>VOM)&c-6Ufw(>4ilGuVaifqe5y7=kwSNgv*e>Y z$zYaP5ur^05E~7y{3jz$$HZP*X89F5FbJ1hnEEIjyIb^$LsLRM^20A3{|(It(zr~C zW3jK43On|8BypF(C&EO#(IYc;;+TTBF6VHxWc8jj9r6KWaq%4{!Zl`=ookVLUnjq6 z8;Y_xBb&8V@mo7=QVt+g=>nPlhkvr}2EPfu9ndz6S z#ATbrG80}B?7{0!5qxChWWDG=_Ko^BBE`df#s#I7loru#cJHsa0L%D=1&Qnak?ck&bmZ>KM*sl`#U9Xl?(0I!kbASEnmaoE(Y@$l?{`76{H$R#hK8oX7|vFu?PXz5yE5 zD^gE)rx)pqv$L7z2fAH&A(6hqyo!aw9Pp9+%O^q9K@N{=vrRnlwK=AIfk?00D9M;3 zmc|3}QTC!C&X3V4+?wq=MLrhFGybKm-wJ(IQU2V>*~>6ZFflL<1_@w>NC9O71OfpC z00bcYtvxq(t%rx9D#Oyq99A<-M7#|LOzI*`Gpbi*yRw)B6joPUcdj^ZH*n|6K_+p{ MUR5|T_yPha5cQ-ohX4Qo diff --git a/tests/security-resources/server-keystore.jceks b/tests/security-resources/server-keystore.jceks index 4950ede5a8800890aec0af2bbc043111a8f96f07..5a415468583217c5faa2b45ab4e0b51518de3723 100644 GIT binary patch literal 4211 zcmeH~XH-+!7J$qUgER#J z!304Rh(Ja<0s#?Gnj%Gz2bQB~`}5}4th?^Id+&4ZJ$vo5_qWgO?(Xgefk2QS zHy8x>!x93q1P}Iw6V9ORdwj7qf)$I{+NX6z z$ww+4ITZ0{)sPRzY11&*8Wp0KoK%U*kJ;YYrY1dAveL+`xoIQez~rm0Ha-)Q-#Wqx zoRDMNdNX-?zLe+Gk|b%{jtLb#vIru^B%JGtyUo>%S|-lxxx}cU6-;fOmbc(GozsFS zXbo^RcL{xZWBP)Cyx^@t-rTD>#z|KZmJ+eY);qHEN@fc$+~1R(>>;>5ne*{Pdi**i zC9p-q-m505NfE+;P^rV4LvlmX$TItD9;l46HV2tzo;ccBHP)9Fic=UC#|rg+h_*<~ zAQz#MhZks6f6LW>IHEiFeaShQQ)MMwj!09?QHP-Fp=ynNh+q9ug%QhwFU$_kQ@j>I zYG+#EGh02S&3IWIeAx81*O`?(5Bi0B75!KTY4-bU@h{SkpB^%5d)2y!OS!ZM^2oIl zJ5;6BuED~++8NL3*tj<6UK~$_^-iy`!J;}I-A3S3&Ni};lfBUpr^7Xz`4kGO4k)vB)aR*P4=d7#4n{JPd6<4pG>VQAx4daZH zQsnSF>Y;!OqGc6+&Ki7mfRU@2?jg4+G}C6Qp&YXL-i$P(%XB4QKk&ps*&*A@(3#o7 zVZFrSBOxK9zeU;PigA{<@^|r z%UNJ4SWb%))Z3f54MiL0!fH_j-#yIo60wv>s*KH57A^YNR@!quy}%8Vg0rQh`%(q= z&2Fei(2!?Mq{%ibz4kg=KZaLtL$`$JjL%!_6^FIH52l`}%=t_Y8^&l)OqFL+A70Q! z1<3~0k88)KwTul#=qPxzp2QTON(1(s~I&i%USl@a=T2t zbkQkHnRjZW8|c_?{3Qv~+@f){?|D)}kKM=;#yinkD)BQfGl+&>XAD#fbaiN9jb<#O zOMMdN_4pu{XzJGg$jJ2y6e8WU*EMu2<{_8g%1ni79(=!Cy*%vzSpK6 zkFU7>Lp)2Y@UfbDY_+Yk_V~PsbxU4d--O#`vtRI8mQLb>^7F~sx$YKA%n=5c?^J&F ztL4_A#FHzCC5+Lj-$E4#GrTuU<|TDQ^(8l)orkhNaa?%yR`HWZ!l#?5iG)OxPZs%@ zNTI46Bsv}<&(hkf?8JRX%FMtZ{&A7HaDeivNtLFmBswr4_ZtbBY~+=J<2&%%w*x;B zfDDD^Lm^-YgcbB8*+cZ5O8X$d0cVwoHjG~70E5|?K!7un2jGH3En#d37F~=#E)aXx z49N{}?wZ&U%(?`BtT)aNsRpR*TA&DppOYkh3`v-O1FwW0mf(+b$6;LkalSqhx&i(d zeF-@KU_e5ELs11d2B-pxNaQh9J3%f*iJdF+P)z$5nnY`b5FBcQrFtN+kg{!L^4 zuKiEWN&w>DofY^G&H`lcf!_xL%mjjx!CasnI~#-y27?Mib*kwlS_@*xhQ=7|f>>v( z%Tj{EdC^MebsB>7Wn}8K*`t{TJsyLk)AL!210uvo8-AwYhf~+@UAK^8w4{moF36xo z5VP%h)dfyQ2dn8wYTTMK3LxM|uCr2#r30*5F1kP_$*0M0erZtuc(P-LE6MGdzw&l)IdS&Rp0M+A z2-h!da_h?%*&V@5%|(jc@`=goSJkkbzomE7j;6_8y{_b|;Ce~N8K)L9;tZRCp1*HI zW>A`-lKMtlYoA#AHTj=+qp{5mVb*35r;KK41rR701TKnr3Pex%7f`H5JFb~WYuqF$9@4@n}-;+k(^;qT~s#=Si*!5 zOg_H_=?@G^d)ExxW|10FJ{F{u62y^Yb}&Re@741U?R`0zI0tUrV$Z6xd^0X|COS%io=FSi!MChKwUBI-%{C)gFCOSeWm8;1u= zU9-lDD~}pmc4{_BzBK1o;bnAF&lK7=PL=oSoD_2Oa&VmGXWVL|W~;B5dQQ0pMERVt zpvY zpQL!TKQ6icfo#+t!uD5_LV1T2N`Rs=ptf`EqC?s4|L?+oL3_w$$R0a2jzf>L6`6BE6=N9*}&V zu+lVn&0)pZ`$_RJ#Kz(s_h|M*WS3z%+ z;GShZ*cwcRO~MTh-LI+Hk~}Xug$~vGPGE0zvztC|wh;-)e)7I{Z+;c=bX7=6Lv5L= z{`5lLCd{@7{QmZ0*m!&c*8UZyMaP7G+{b;^<=`HwQ}cH&C<4ImsPLzCxZ6_15Mb~& zj0u45JpPbO-)az5I`J4gHDP4dY8}=8A<0|B0iSJSWe*OlcgbvLecE$JBxlX7WZUC) z_gT`5O`kxTPkV@TckLXm2XjAOq=P&6M1i$p9wn@>OjbYrSuo0PY*J<$H!2lU92)HH z);PFfDGF;fI+ewmFO075aj{&at_xOpHF;8u0vTR+r#h zh5ef5ROg8D>;1UB{egy}Vs$4)53j1I9>|o*5;l!ciQY4tHc8OG>s2a>=P2yj7a5-E z8KnPUT_NXN$7cP`OgW6}k6)LKzf1E^&k=u@=HI3HmzCxt@wqfh7bRMfbeo&y0|33h HuVm$);b-$0 literal 4211 zcmeH~c|4Tu8pr1`GZFCALW=RNP|J)d*_Ip?qUkLUB;*YCcc=e|DIeO=${d6-Nl69R#- z{I~!JYXFH7M4~_-K#Cj0_8tTRn*(XEDNvXdA;${904xhX0P?`tXKEc$a$M7#EKn$y z28;%4wtAc|q0cE*Vd!}tdA<9=d>-liMnuznlZ59EDMUIm*Esv2E97_l*5=#J5q5OCT2SWDG88@u!55HrvI%VTR)u(?5-S_;eTX7m#-v8?P)pXg5h z^|(7`089(m@&x5gnIo2#$owU9a<`QmVp&Yi8c8^75XKyAv4@znLgfL z)wQhd;gTU<Yw zblLKGnrYEd!vvX^&rtqjI~n2b*Gv6YmscMT8(?`9o8O(ikuqd>{^iC)oX=oy67eOwD~T7uUfZJ`iHmeHjU+DA?0A` z_)YGk*Nqd?@t@SLy`B4dVChWCl$hSCrvN9V&ewe{G^ubbYB?m?zL#s4%q;5Ug_=`& zJ<~YEYn#`_i78>N;(6D#=8A4eh-I7FDs^+#8yj{c6$USulXvyaY*w;~zi_x0ww5CH z=}qsHM62Jpf0E^w#D_zgJk|1tqwhm2Vhk^3#}&gjlFG@aI6&jFVsq4p2k{-P#IenS zM2~)@RWVQ`Q7A{hco25Uwn|ohcK!5ghep@KhhLts^R>~xHQMN%lX>_D#Nu1%Xy= zByCEVq*-6))#RezH57Mj8;B_BwUd6+#XiV6Xew6vY2kf#mSlyjb0#UKNAA;H8CPKrUBk#PEcj&JM^|wEibn9OmM~WFipTh}| zP}DiE+2dKnBSd9k;)}HYgsB?{dOfeGV@Ooh&Z`{Kv=}Sl0S{~|P=1A2WWKVOVyAl1W< z;z^zW`}}dOqYa$3EhtI? z($3fQeo5+MVR~Xgelk;ka6Z=)^wzgJmpB=@hm;bp?_`MFOi1%kHhGnNR*!KfQtk9o z0X_BPm#RktWXg>;J^{V8l&4UJt7Z=@|He}}KSzHn@cuXg%OOJ91~ zAxX+NQMrD6-c-}sQuEidp3qF%jG4IK?ukH=(`_QFt_S50G-Q^fw$Je7mEC6Ly(Ge; zbJrxPZ&4{}zu+Uw>E+9M>erC1X!xPkDaL}oA`29N0C`c3U{pOQvK31aZkQkpRdkIq zjw$JhGjw0;Sr|^nezENe03Eldd11DoHBIPy50-cOo;31K-|~sgOP0dk20P3kU(lwugIQXizW`6_&iA zCpLmDYdjf)O;pT~iT-8M2ISvfAO+h_A@;4l4~Mfsfj^$~R?2UkGytKC(wl%hgn>`b zNaOL3fn)a}*Q=t2X%nGIpFj|k=W3b@bj7bY%-(x?ko}#1 z{CQHiQ1crEfw3ZfbLlmHdL%W?(QJ>7Qb>VBjA}S4BH<~E@%%esxr9tti$bdryTIRX zhA6GDdMpq4>J|e68}IHAe&ueca4iUXVtJvUe6qgGLDSo{dVoxqNq254owK}ONk*H@ zMm6dlHcv$*BGYtvq|}nrHhxFGr~Gy=yMaGEH!qo&BH9ov<9>f%?$_1c&Qd>1D$Q{e&!jPY&fQD>QA`qmp zocc+M43OJ8R;J^?pThQkCIwD)ixi3=UJ+ErD{YfvOZeZr@SnKwv8|r%;KTX#aAdf# zkVwi}wPx8}gUi8INw4j8!JLRKsn+YSKJediw}Y{(^7NstH_I>{u+DeQcb)tpcSi^L z*5RgBrp$!wz5#QRmV27u#kSZaMo^|Z8WYg@yDxIeJ1!9@BJvr`n|yi3sYcKIdI%tZ zT!Rb7+`Z(c-M}ohcoF$@Lst7>JSwmd_eN5KeHgZQE=o^OVWCII>t22TLhH*XxT;Hm z0=}9Ks<&`qI#S{OMgjz1G#JN=npTi;Tge&;gDGdmR*X89-=GqU)cZ_egOCi zgM-km+nK>4oO_jxL&x(p4B` z^kZBaIhiF|aGqX`{&@i*ndMaa*TX}RPjb{l;v5pZ(nfQ#oL~)|5?ZW2H_&QlABYC<$xgnr6_s>Yx7V#aP3kE96 z6~C0xn{;=pBWies^{AqFh;GX*R9VFl`kIovU?tr{PE{p~nY7A z=lA&Oe(TtX@66oq;`II3#SZ&-Y5wJR#NVa)cWM6LO4E#}I0QRX6#x9m%-QzcE-`*r Hm9G8+aR8$% diff --git a/tests/security-resources/server-keystore.jks b/tests/security-resources/server-keystore.jks index f67334a278ea4a1781351a1982457ddcab5cf20e..eefe20280b964197d38059181c066a61f8abb559 100644 GIT binary patch literal 4229 zcmeH~XH-+!7J$+ZA9x%cd~&)(nOcXwfT0R#d; zzTIFD+y_tc!;?TDa3=m?e+dZ01Oh0q9e@+gdJGPRfsqg%FqjDhqrg6BcP-2J)Txc1 z!etY;(ajN>IZBUibDaEPQ{6ol`Cu5Wm7Xh8-i<{UY`!+73hl6qOuvmbTHG0`GY^e@ zlM}`96GPJM5WTF zih;3FDgE^{%*T9NI9#I=}zx?>?8VL#Y(LJ&L|;{R7cx1RxwTAVAIXSR$Ec^B z#pv8{RZO~#OV(b-3ry@f17xDykC98MccWWnkw2$9-iU9XxUkGe2=Gkt-lR8$XdhjJ zoIDm2yml+)x8dR*w0xa?RY9M8$>BhLv_?f~EOcCYn%aH5_uW<5Tg6k@QWM%dM73y7 zdP5=hzGo;#p!9izj%1R4`XGN>id1y%_4w6-_}hp1O>M7VHA*`ULB|2FnTOeOV1|gz z?ISgM?e}A}tUj1&%amS1pK=#1@2vG8s3VaPmm`CprCe%bLr+(a^Oj^C$YF0Xb`D6+ zeVb5F+kvT0@Nr$S;R~=3Q+RoX-l@dLnHX zU6?C2KW6|Ph^8{{nqbQ$Y~N2I-bRwfB>l5eXf-vf$6l?XN*r2qPS`6s&TQ2iB25Ns zQ)SK0Wim_md--2+ure^74rVz~Jp_O1>Bza{Os!wMy%gdUl1XLi8&JOs@Kmpo-`<<$ z7D%=V(B2U*o?RJPvV2yNUYDKk*85yR94wqDtK}KEAhH;31O#xB^FFAFmAV9nn!m<2 z60t(&Yjl;3Zcbm!&vkqo7tBk@9c(Q+_*?u$d$AuML(WWmSf&Zx56P#|@uoA-hM{-s zcWQ(BxP4CZmMMD| z>9U=i;FOmLZ7YCJkH4MhY5>@eb=vmGolXOsxg=~O1!u=l5R=u|H`tHRpgLopQ z*7lI_dNz5>eWi7jE{%+tqp*H4Oo4g7#AYbk&9x-_ppPP#_$wH3ko)Yh$e z!XDR9{rye4_1KxLO~Qkz`O4-*5_{$y=%C`ItyQCV{OtRsrc07;n9bskh3x3Zv(;`c=o-=-uizMxp* zB%b6;a3$cJd@r$Bej~$m26wO5{95#D-gSJN|&zL=$u0P3Rka*@}`qGfFe*{*5 zX}D(cX35R-GW3>TM7Q9bZ}kdd^w$29!h9s|rsHVZ#xG}D^{fr3Hc zyznPLcpD(f@TDjxOaR8`2mh&j;L3g7p4z9@b1KE4Vb_-I%dqrwA- z{T+B=5C8;-?~78fLx8|Fz7zFXp@wZXKNSdBRc)9(lrph>69Vw=FOY%lhY$;+6JTOu zhJt^8(u|O2oHQ78S;LULj0+*1Tl)aQ484`}s2a9O52{c8l#^Uc5<^kgzz~hBfzE~Y zSD8UEhF#-Ak^Vl!qV_as$rN%=D#`@fChL)B?O0{K5SF-=z!wB~D!)r7h0nRWv=}y8 zzw^kW>i7Q!`$_Oh{s^&Q_)W1>`dC4Q{AtTB%|@v{3jx&w^d9QjT$_f;vX?sgg7)qg z>}Le%`A?}C8mp$nNhflo=h^dZKWJqG<^7^zF;by2)_YTv=Q{K{Q=3M#ZD=!*>Ys~n zD?6t*h?3e@fn&L!IX&T!rKjFr7^cD5(JIjB6hqDz^WB z6aE_)?wV>9H)t~RHcwppn6@45s%dvRSve2s4#ck?S+#XNfYVz!y;5Tet#fK`N$9l< zyPSH@6JLR&R3x%U;#c1Weh6&K46BVtDF0IOjC~MeAnB zEFHbp>%S2x-8&qfQkC0JPBJI0Hcs5QuxfXNif57`q)Vn`O(6+oOFesi0j3<0!29yg zR-?+P*X-T&ww*4-{KHT|)p;)nPAv7rSK(5z3AZ?Ockg6K@jUMml&$lk;cxY@nRYf~ zg~=JM^AGv5ANZen!04?Wma1XiFJ|q)Z1TYKcbCH6#nDp=lYL(y3ROCvr{iN zf8~M_0Q`;$f0~E;B}J4M4Bmq=0Z_){55e>$2la|+P54Qgk=bMG$iam~58(^m8CWYj zuwR{HT07#&i+jSE8!m-=ZsR@1LC<$Q{dzsyL*#lM&JkYVevKFI;Qohpjk_j<1IrZA&K|`{Uh{$YVr~N+x$|eOI literal 4230 zcmeH~c|4Tu8pr3E8Qa(fGsxC7s1fnZAlr+X>NQi=$Xb?(k*REBtl?#{Bt?l7*;*_m zQCVuJc#%Srl(k4IM7EIK87=4Yp7-;f&pH2`^Vj>w^Lg&;ci;DOU!VKFuJ3g}tDjdt zLm&|7j|YJ82GAHmGzJ6$BzZ#i6Cn^D0A#^eKoMSqDlY&BwnD`KfCmC+!AD}`TDrrZ zLB2XOkws20)~>aUHtI=A)MF^I+2X3GhK~(Lm-9s{uft?!+3_2i!WCPm^u#wTlp6T@ zR=IVRK*|qv)|j8_Ik8zkeMlA0z8jXKpyywowW!`6XP(9|2)rP~x70s*2R)S~Kq-0H}`i+s<-6js`So);m(7wQz z;M?1e0{KYV=#0k}ZWFiZ-Axrp=r!Q_&0!xzxcdb=nGU}PZ#EgHjNgALRsTSQ<1BJ< z+uo4*h6U=(!u|_i5wWyJb|k5 zySzE}A(|lpSW3#W%h(o9n0g zpx_KAqj;+%f##%osrF!U_~Z6>Dt_Kn`1v;LzNS@1gE zdZXN#uuFNGs-SGx-Co0;tRjw;9<)}iy>O)onxQiDso^8P+C1PIe5^sCnr&ewtG9zi zFfUNh?|LLy^4J6r|1h;nwuJIPalVqSnEDjVBLD z2WFgi@4D>X^I%CdMZwJObCB40Mhtdy-t}UIy$WB*`+0Ha140J*cPEm&JfSh}fN?PN z_-;;5dOtR|Z6Dgn$$rX+;ruklNu+T5oU*9g2A!*Y(ZL*bi5HyeEjCO}ca<(yGz3GDFvBjV~(%_rwlB zVtEi|!)9-;r;wO$u!?kiv@n{C*;}3)bwM@O+tCKEf#wJdoJw4n)RO%2)h=pfX1Xv| zZ`^lzOHYVaOrX1698zrdSX(MvZJwOz)ZX>wQX(-%1CaS-czp1flFnO!oE(~Us%PE- zI=s-?(cZ<-_g(*mV55PKw)tS6^YOB4`Q)VRHvgf$(hjww1(VQrpA_by$cg+>8bU() z*FFzVg?(k@yLQRN4>r`^ad>2TwW_-og=>fR>`WrjO!QdNHy7%HS#i@9HyxDC0;Xw1S!p>kCv<^J|&LWy&lAj zez=qC2P!Xmv!8cX#~qg`P7}wmbM=cR@Y1hojTHHMRo^rE%Pq5T*Ralgm+BvKGX9KDMV~2?`tV~3w z8oa7W-!|bJ9C;knwLv`y1iq2WLs^gogXO}Y02C?!`MsXfMq>2OfWo{2TjMBkUxfic zkOu;~;>AEwUYIQ$A;C{_XVQac=6mr-E=jqPpadU@!K8W91Ms@w_H_j&q49GN=0_LC z<{OJKJ829i-IMN4Wzv0pFr+}HmoJ0P3tE-UfRVVX|FHP~#p3&J{a4OnK!xwlO8pyWK^B1h<3@061&jrVLby5t$^rmL z+V&|k9qT}GRmb1&K6G>7;cX3y#zHva?Ss?GBiGYT78RU+w)^!&9vwWg+b;6taFik~ z>BMfT8FDot#Y@Ms?Q|HW`M^@uonCK7R;xIgvXE2*Yw^$vMp;_vT~qc; zGa7!Gw@HAuN-n76#8d}ba{4X=y`OUbAf}t+*fv}$M?a1Ueb_yPEuxM2$W*`7&Z{2L z4C>fotF+8B=keIB@x*=VS615eljlmb0!!UX`zEYN2W?5UVRTqJYi#c(U)iBRdB0Zq zIS&K%?e*y;$(%9KD`l5?#m>r$n&ew1c28*~Zj-!YJ34cYVssJNEY0)F+^3dFe@!S1 zfB;vb8^Gu~P@cP&@*;3aIO@hl#s^GEXS~^=h0e*hr?)OSwg-T2>)m2-N6?-n^}Q^s zQ@;m|I`vyTdHb^jj{3S&k9zqAFj?q-Hr2niJbb;WbRQP#=bUdMlNP{K_ol_ef8&;T zP+)xp2{;slfE(AFig0OAG71%bdWEuaU~5^!ftal)HP7RYUmbP;CDsQh!`DNIpL-SH z;o*Y;e>`b!$a7B`fUp(VjldNF)1#dO4f{p{-`|8>s)~Ng8akGEti8W7kiaahLtoj( zP)fbOC9^j*vbw2=yeZZ7b774Ef1m$}SXzWsQ-^?d%j~A?=~sl&f#ejoy^1DUp+(pj zy$IBA2{llQi9R{igme#^>vjW9fy>#UTC==fGrd0KVgS9;cTKxiq`tzVDEyx7siN}X zx-wVN5s&-5-fUdj!N$^Y+nbf%(w3j28_0&%$*7aa6tbwY{^^vJW#k}ZzA&?1A|mg~ zX)%UEeK79OO|`tWxvm#;BAsgUXF0~7vI|^p$JV`!RDqWtL|2>6?|(1iH;cm)yb}^L zql{qLlSsjtayiIPQousFln4Y_Q0JedI1h^0$KjrD|I@bppGkq&rssm~5??vVz^S{QCfhHzeU!*KQtvrW2M+4}|pD>1)3L+Mw|3NehuK??zeRGqZRKS+kwVc@HaPUjLFoc1 z14hVC-a?By-WG=`$8vq%O$a4!_Xrbn(@S>nh;|WsCeTv2nPm2wVSm)UT%*u< z*M!3 zzjil@5^ewDDFCa!8KV5~hPdH)Fi=shxm3n(B+D8JREx<`me|9SRsmHTAk5pb%3sJL$FGSK*{K{DKRsqX%JIinO+$I8; z!}Zy_GlKk|19L4qqH+$gSVdp*w~8(BotfL*sXzW^cKn^1e|eAiJ2n4K d&Hr0!av06+;%D}+PF!R1nDlw^)|8xo^$*Dtu6O_d diff --git a/tests/security-resources/server-keystore.p12 b/tests/security-resources/server-keystore.p12 index 677631e33d1d5b0de045f90bba3e0afcb51a9f93..1fb15066848c62f6c3cf15b8701082220e203e02 100644 GIT binary patch delta 4762 zcmV;L5@qd(Cx|DIb`-S{47J&P3OKygLi$*3MLWIKsLYcw1|)wN3&0}jJG5;9NI&qc zjL{DSf&|d`Mp5eV-gqhtry>}?D@dQnS9MGQD4ftU*}K6}S#@j9FW+^ilC)YU zd1%AnMq-V)H!pv+TkkwgmfudB05E)D_(KSBjjftODR7m&I1=i~md(-PM03k9?xedbh8LIA9PR(LLcx zKKy>H_J?tNM3|`9F1cfIdH)q%6tkNE3G?Mh+^Aou>ZFQaV<$Fqny!rp?;{8p39@l< zh$G>qeo`I5&B{45e&5yJ0Y!L5Eq3tl=!b;&dJF9?Y(??hYA1aJL;R zLdLMRbt$}zu>_dZU6`>Dl0Ukc@hYtLHJJ8GTcqtIM*+JK$^!v@^@Mx(gkBJU2V@aV z)-p$9OzmEa$I7z{8knT%DIqKI{<%2fS-;6FgB^2O)?_-p7m;*XeB|_ zGUs$f;j=jz>ABcbb$cQC1So(z@rv#|*O%tWrFosd=#GAe#LuE$1+Yl*9ZPNfCB1;` zs6rf%2{4|CjJ~)Cuc>}Ojm}TC5+iQDi_UDr>=05}W74?djJnZs7QR=MwW1z-^Qr6& z*E)ZWW6}@irmtpW_Z78DIi0P`RCHZ#Ira5|1Z+gu=UqB8bCi|{LkshZh zj}S=)B+4e%&wyk*%wmDz;BtNiVuh6m%-Ru%>3`rLom}dd{eN;ms43n~L>`((6_I~s zFtowcFgcG$KiB1Ot>BM+_K`xr z$x$eA^ONqY*F7vc;G(Ci=y1Ck$kuCz!hZA{>Lm>^hwYQ$pC@_BJAy$j&3hLa0nC=1?Kn8D6s?>zsxWpoNwyG=h;#^ z^cqR^uJ*i-3;GO04%noMkaOIt@b{=ovH4t|hU=$eig=A^+S*)BP~;M=e!+hsGEA!o zUo@E*zPkf-_6<>q-ZSR;f8;x_9c7ydq5$%MI3xamBWgZ;*fUzKmrW1yn|2cyeh$S8{xgYa zF+eaI1_>&LNQUo)}!C@a~DfPxIrWp$hr?*e(>bywD~2NH0P@?fy= z1Jn>K#%(T26dFFKwKcDF_-ZO<$fYzF7T{qUqb9H7zP5ogT}}A^pXQ~Mo$!vFn-P+G z_V5peZy|Z8f?~eyBgXaO%e`kJSgKRwz}#HLzqEzePpZ#^EP zAQr%$}LZUMog8OtT(Rr59wPVQfciYfZXePIuogbM>J?IgB1RsDLY8A3U07Z-bK zu6)N~(`T)J4gI`x)>pS3Zdz|YOK7$bb(eH9(O}8_sto%P$mn={GPWZS)ib8X&yFqs zt|TOQ>w#EjTgl!i8E?b80BdDgY%zRJI~T|kp;7KQu;^sYKJ82~65)npRK0glPwt*o z$zw1cJ9F=1qEdPW3oWZnMIcPbY;$95&+RJ0*)n5)rNMuX;cjGFj3F;L>+;Q3(dspy z3M_lF$O@w*MZ)a7Bbze6BbM&P(?uWr9jyeQL%-K2+}{bL0z^X_2e_lt5dFz>u>mZ5 zV3e}RW8*tKlCa~n?yUMD<*06%ryY>%XrAtTfp6_wG8v30<_48G%^6$tIy18+!F#r< z--6$N9~T-&+w)Ji;SxCnN4#$riLN&YUvHo{U0)+M65DQbrJIAX$oeMHly9r>5g#-c zb9gn-dfjo`SVL{vG=sX%m&nT_axTnlQi^q$oLYtI04E~~G9`nj<168#N&D{;yU#K> z1`(@tMKe+%-4D&s0hJPga*NBV4h}gaSoD>D!K*UkatXC7vA}&B;9ea_J@ZOafN;WK zs(+mpt7An8?$VEPdwPR!2LC(!pMl%M7g**9g6F$wGgcaR_lXM8(FYi5rHeL12VYiH zLKOV#879boaAE~$%OF&F?DYb>3^Z)&;ojx{nYZMf+6QrKD8*OPnrBz(FmQTj$$1@r zn9kT>JaAx31zr`n{{~2bdZ0jq$E}z%AfQF^P)=#^Q@K_4*f#^&J60|C69j=UY-1Hp z^;ETGHcq%#fm%I-Cp|M{WqN<)3bAg17gwrj&gW1lG!Xr%qzmiCH^k8CJaZ7eVGPaLw3 z;mq+Ej#0v1Rja~-!A#HM@!jEmI(6F*b?+d;4yvp`)ad|UPY^+-Y}A7?=bXlWY3#in zzwkJXaM%hOK5pUEEYc$miLXsR1>YcYQ za>B7@&GuD8YH4qF_&U9vTyeO+H%@R84)H1VFq`?Ty3?f<03@h!?mKdU7yHM^VV586 z3Hgu4Tvn(v3FHI0H|i@gWwye9FnR3`?Nwfk%FsG_HaRDP>UHykhkUrDvB^$KYXxi# z4(PkNPIB)dvbU-C+^|G%0RR3p!Ae0_B9BbFJ$qFx z)+9@f(?+U_hX_#DSWg~*Kwy`lwtx8U_vm9FzU0)Sl@4?EVP8l_S&;6VvXE!d&dvlD z(2Y_4>sG=O$)3;M;FvMobUNU&q=Z7lqde-vi~6;YEu4FTIK4N}t(>uYxHPU8rT`mR z{yX(&U0j=ylX_=gEyuV?vQ9W-un7GR$%OZv6ZPo$YqLnudPtbeA~rLLNn&^Y5R5VFhe@MdWwu`+qf@#1zh!P z&YsPSHUg)RA)}*oX3)!dMXRLbF@4mJDi~%-Ab_Q$Pr~&PLJu-ZIGO9eqcsiB+jLM2 zBkbvdr#E&P`VU4m;qOBoOy&kJ&Uo^;H*6eo?$$Xjgx`99d}{|!QR6rL%HAWLcOg3o zd+!csjalGZ)NB5)g#E9Tkq-2u8ijBZLxY}blDU9Uw`qKQu^bAn(FkWFYpqt|zZOmQ z5e*hpy2gY!B-LD1ynvpF?2wLvU?O>eY5yryV~C@8|FJI*07ifx{Ic#P9wRQQt0Fs~=RJj|Go9 z=E`nRo2+$gJ&_ssDHQmoN^v3R{7;Gi|EKpoojJSQ9_Zi4k>H?YlrluPp3Ly|=phIA z%k>aiRn%K{>Q9=>g^_4&$GGqr%0Zw=?Fu$7K*x1|RGN*wLaC&^hrC^b!{D_%2P}kt z`(8^D)Jo4>kl&{kZF;}sW8usvxyq$1I4GIGYs98twtIY* z;ef_}9tSZ9#cNC;jx1?Fm64Glpjz@{Dsz>tI!m)VoY?Pum?dVyFB3dF#7`fZwYSc! zuGj(2-is9NobML8O-@}dRgmilRr2%9$_VGtKof^?KE(FF0}p6<&=5FG4=V+K1j59V%SM0Um>a4FE;N%kK7BQ3?Mz)H z+VZfY9ilx47eM=IWtz_CBZ>5P$2>IfM+C6F=K`&Cpcxek#rhFl^;_)cnYPK0@le?G z9gF4Wb!>Q#!_IE(8cu{H1$E_&wND<6YKOR4-U`-GJAY~G#XX9eBzC%s>8N!M3c?+ z6@QpVfdM^f+LJOm(vCgT$Ta=7q*y|Kq2Dpt!Z8j&=~gUmPXGK-uF1CL0`DQkylB;M z$N^3H{-hc|L;3pK_JI!&&vgyG_~LKlp1Pg#-iYo98n&mvjxi8ST#sWEjdw9j*b&d0Hm*6$Zh zt*!i1K4c44eM+__cbJAQK>)H%{*w#d-1%Wf|smtPyQw zI_Pacwo9mF-0j0HBpMi!^4i0HcViZ+>)?;M-$Vn7K}u<mJ?r>#} zWY5Pr`NDJ^Pzx+e&~AbiX~ZYQx+Pp=eAp8+=B$*ZQP{)>d{gLu?%V$X=?sgh|pg$^9SIXn{k3G2`O4RC#u zFBxh?*B7fS42Q2$n(iziB%B{s&PoEM;FZ1x-v*wNC9O71OfpC00banHUkxe=~vK~$W*g+UF!Csi(0;k o-}*_Bh;6oKPVkuo6rS~5pJ5PHA?UdPc9c}HnZ2{o}ZJ) zgD^M*f&|c5>1BcbTVaI%2<-~dt44h42e4&;hrlvV;%mUsOm0VOX5ObX&|b7vX}JaS znVJ)uSmqo9x(7*AGavlV{(5c4&zmnG)EMx34eNFbG9fCYQ zaEGiAi@B1_(suY(&+!gc%+Kc2TfP?e-}U;Pj9&(Id~Scx1K01;@0@97+&Eugv4n-I z>>_`zgKCE#Y45(Z6NqTt4Gd5K$BK(zI+z#AHkCRm+Ks%av7j#Yt=`Au5LfT_+SUsN zVVJ%!c4kt`sedv%L5|-@gzqAmuc7k`5Ax#mqa#uGurHm?N78ydrtq~9K!6+}rt-!j zl$43>HhzCI4v|vRTdVEu?IlMUAvQjv4tj>IoCk4gM`#Hl^aLlBIag(!XNfGKG7Tb- z6v{P>3OeGJawsVfQ}rq+a!AA3#+AS;K@q$Qya9n8A7}XXHQOsM^EW@ko0E&huWr+Y zOZP>9B((xyR6gvJm0*E%tZIY%%`|JtoDP!E#S4GqTk0Ib*wKurkf`gI8d51N?9j2N z5Y4j4OSh&ZAka0O>oo!l)!w4Yt02TMRR?uPhQD)!s#7gPiOQpss{a{=Vim3F#4ooe{I=D#>a(1b3G2~@ zy9?ujqL?!jg$bVgEGOF}jD};xIQ_&3fZ9MC+QNu~Y8fWh4T0E%GlT09FnlCg9du*b z%&`q8s3t{wzZnDYkja+-ULnEOW2imt;q&0}KW!bI$@GdG8+9P>C2(YliEcmpF4kR?FuiYKA7xC08SV+Ma(h z@{ylGfB8Aa_eyRGL!@{*S#ACf3DP$d)W%%KNv>aEgL=bbI18&W*$mQWAP(-W8NFs6 zUPeiM&mam;Kg1uQ?L#ZrG8mZ*tx?9IFMuxu!K&lRHo!^BOv|<_|8va7uQxxY5zn;6 zVFt|gK$*b)|A_XY!oTHdzIvcjik5$PK^aLgH;@A#U#)nNZokrn1urZ!XbflWiC>|H z^CnHr$b}H+y`U~k&JkDyY=4*g85C6jw{(T)fW7I9l~FA+D*B|~(A=dd<`30-VB=5& z(mEN2(I*sog_eHY+N@2g|G^p*~G?P4jO&3%KD&LNQUYSi#AwbknM)M`aAT0hMo=Qj~iwO+{2V}#pA4$Hj>`@RNGr3`1aIQXbitcqcxTy z^O<+Vrst0&{@LGq9IaLlg}IVq?PZZim3(_fB*jnO(nO+v0QBzpvq@C?(e=C7o*qi+ zMT(CCtP1W#G%Ai|3>4kD*H!o{R|b#aDWOf|Dz=h-q2>JSdP`*|HDvIwS+VG253tcc zqAPYC;>YS0gb5GJw;X1{EYMCC%~OWRA=e0CLwEV|4*x)7kQjt} zxvLhJnv*nt=0j6ZKG`oX@jCf6E@`;R9d0fqqoHs2(Az8Nk(m3OC#dv9rbu1W8N7?l#P4ft4vHiA!CaGsJlPUPJ`o@Gpx%?N>+BhX zYOyRe67SC=$joX-CAVK+5S5KQ^-;Yt5*CA8>s~lgMBHSA%@7HY%%8|B!Jx zM@c+#HbArqHWuSN?;C|vf^WB~-~?Qs!D}jYm?7^U zt}M{GaQ;##h?zCvdq>=yO?CkS7izIx*?5HklTzV5rKKWe@w0!3atVAoY;Q>&095BIDGpZXlRG7 zpGUI_P=o75O8XXAt-rF%Lw-~$9 z6q^wRzUliFg5s!uj8Yg3<(S_YZDn9VLq5FB&z5vpl_Q?{@A5A!#pO$^Nau*^3;3m9 zSIN`a>cNFlI;D4;XOMIMVyvZh2wU!dXgPyO7q0EFa}{S*;i(DU&P3o#RaO^xhK*~$ z)ig)sR7iRM)pr`Y1hPr&y=dJfXsp&*uJ`V;iKYxU0v?TiH9=KCku17TEz?gWm#L29 z;2?6;hL{EG4%%=27(prx-w7Fp0!Eikl&~6+cE4xhJ94jVr{E3J$`AA2iUOs372ZG*>8YPKlulJ`?OrGqL|TM0AoveQ4Q^O#w{(!PvlZA_{F zDu1ibJ4qvO0eE-Pr5BQ;0>Hb!TUhCS&x@#~O1{p9ab}^A)7U&4Qx7#*@JW~oGaT{9 zG}dZV0zoS)#L2y5)kfj3g1mfxIsBS>8XRCKsKuoY`>8Ivo2zw&5_q7UW(Vgk&i}J| z)Z=u?PYl}2g^7^P@z;67~jR2fBDuEbdTY5aGA(|CC^j`jQUl0>iW# zi}EZu8j*xACD934Us&4b$;pH=%KV=!xZ%_3LL|;7`p3Rmcz;>LF8d4y*mcxgts+x% z5bs=%OlS|j5C-ruEt!FTxgR*rqF7=sA}HcS_2lO}9AnxjEOKz<2Rn0lr-Lbbjeyrm zBgi5`*{&A+6m=hBhb3(Hx*RGZ+jit0s`Lb$$mbFs_SH`%*wHPp$hKRIM8=&q@oqQm zrB$a{lhAWEqlm9?{mIuMf!z4jph(edroDpuQ~A&yAGp=qNU}C}oYlc9#6muLk#?gva zVfUYTtj=T_>GXMj`}aINzqm1Jp*z~9T$X8&BmaAhr3xL(a%b>ua?Hwya~d#phhvY0 zp>2Zy#+B>+zkR{M(6jM~>e@`t%Uiobz5&a3a?Vi%*Ni+RT$45PjtgMew>#5#D2vl& zCn-hnARlSRj;7$*I7540epl}AU9i`~mu-JS&7AE4Xw$=g<-Uw_V8MUI#N>ZD`z^sb zQ={bw((LRtj{qBmb=^=!Qo&phT2#&uY&Fn0JM-yACG8YTCInbMKHb={0#Z@gD@O}< z_S5Y>Pos@kS92XE_M{oLM@v_wOaD;frYpiI-&JEif_7jDjT7Oiyw_y>KP^C{>sQLj zu#4IqCJm#1Z;(?PppLj!Bj|eRnzJ4g_SB^@f7t<{eW~8|?#71WwNy3i62i0}hcH+O zCtD$`Z(Nsp7@dJIpbXwbuSKan-wVov?PvLkB`j3qq|h4TXQG0fERy1aVUs$?(@4OV zc!j&xDSz#v?jVO7Oz$cPlW^Hh{i-hJ8W7F|X90$PXgCF@;}s08@$1PrtA;zAa8A3& zbak3(HUe)Hs22DTQ2zj>PNQ-cFHRUGfGu<1IN|LtzOKYhoPgw6`6cYrm%j$w#xZBi znw+ds!R?$qq5*Dj%doyoP)5gf*Gr4ER4rL2V3|?#l4^d=z_7MRHZTep$&T_zpI~%T zIE(OqaX#US>(^||xH%}SQ&zxPZ@sEaCfsSariT4FK?m!X^&0&Dh=^_+S zH z{&y4=rSv_qm_fDOJ$n}MxJJSA^ueUFBA5 z!&ze~y-hg2t%*&z!G1V-!=*dMt=?@OA@Ek1eZ>W5!LmQQi+7rf@HKXfFkZeE$OBD( zg%+wiW;HQ6Y2A+nk`0(gk9>qYDFaef12lYD`;YAE9~u2jn*>GQq5S^+y3(jK0qwZn%)^T!X} zB8IOOJ&>!-nU<+5M!t0DDUzUXQ2-f#Xh0`5Z{<_AL!?xli@H1bH+;o!>&z@gcu+KH zO(GpXmv+du_HNNMz|IM-U|lbJiBxY+J>%!V*dDClfA#@&Iq(tz26-Im@&lR=Z|A*d zr{I;>oec(%HO2SjicC#yrYhk`;8Yf=dP0rNjA-KrW%eaD=)iwc6Ts()O2_1X=t5Pu zePF1MBeRJg^l%=j+jZ8(XT1pG3;_b_Asb#J;?Ujf$+20i7+pwWGOXYty;yTHcIKY1 zK<+ylR5o}lXTfzqzkh>61%*W!8mj-v$irmTK3ewr0W(g--vD;#4ZtwS%cNlH*14}{ zbriEc-vffY)aGex(D{Ry;?K5}MJ{DvD#Nw`m#BQ15xBySMdJ<|5x=K_<}i&7&?!4fuxkLA z%wAz@qXRx**E)~ijP3jFXvvc7y#{n_6QX5g73RhV$3>sgT%32p4MpzZD(mqG&ax_CZfl&_2)A$s}n;N{k%SBDx zUI*cAb%EuPnc09Y_Z-NQIz8ul7_g#l7 z4X=o6zL|l5Ph@4<4Q#5k>q{!HtR(l!f71c6NaY=p=92rjUR1VD#k1qt9PgXfvX(r_ z6D0+($C@B-N6D!WKb68gWpN&dLjo2}E<7L#z!sRixj0}hN|0fHnrfWhCVrhc-H%^) zM?TGNInPV>eU{&6T3@Yr%B47G6WnZT5^zdSLe<-ADiNC9O71OfpC00baT$=<5Br;`uynLg}yoE?fYBIYH_ o(KRWrWVS?q_!8X&6lnqEQPhxSTP{XoG`dxJWwgfO?E(TP5ED)w{{R30 diff --git a/tests/security-resources/unknown-client-keystore.jceks b/tests/security-resources/unknown-client-keystore.jceks index 21a8dd91be4df40071e7a4ebfc66da877a653e0f..3339a37c95a3b1c712c0a6bbe5f2193c4b978310 100644 GIT binary patch literal 4170 zcmeI#dpK0<8UXOQ8H0?w3?{cwLTktpb#(wg23-AkNZ$4@dV(8 zb0~!Bg|fK8U@kTga1p}?@W7#X7^eV2n?NCYIT{*ccmd@06qf+Iwg<)0jp&Iv2w=Bo zpaT2EBT3zFn~>CX^q>%(hy*(d(VZlzO{F-ydk`tUfaFeY6)bQ7PzO{n7&Vo1 zB0Q>qiW+cm>-awL*KdIamj3N)gV{h(8kh$J(7>D!8W;>JO0h71Ri!=OH91o;p>6Si zkJg>d`y}Nvc~Ap-NlRST%y#sa&--R@?3q(k?m`wLES$QN+Cos!?s{Ls(;gqXIHq$J=(h;#EPeFF z-k#&8ev^+{vO(8=GPHTzw95RNV#@M{tpT=A?WjFb9RdY|!09Rg0HC*iG8zdJh6&O) z3!`?Z992{Msk!9K)O|b)v1j;Opr8f7;7u4C0NuL$_N#6M)7Do7gQQHI#^VBj{7~b% zm`C!rmCKlUgPeDGUCq*5BkTmG*rUGEQ-&}tfIeO{uZo|4lsWbjmqQJs85dc4B$NIk zdiVXjp8Y~;h|T=<4&A=kq+E559>@8e1)je7a0p&qS07uf!!rM1H&4*L=8rDYhGm?b zl4ds4WcI(m{j)}TU8~BJSVeZRlco4S)-q`0`$(D9R~R-16#jD3N8#|03#1GyYu(<# zeAA_TxtD$RhrJuQ;A@KXfM&f5>hX>UZiRHWrswzFzPv_VVQC(6$(FH+y5kZSNqULL zT4z2JXTMu;6Y8S}Z3WlIoMCUy+GIxsX@l;jOU# zx-212uZ6gW97Pv26OUZaG(x&^58YBYY||B!RAK}|r+eiM3>o0d7U5HRf~(=X-5m;? zpDDzKYjA-Zml}s8OZLd`;ut``X(AX=HJHIS6b;hHOVavU83yY&4>b2`Gbeb_!$7W# zO-^kiL*15Ijy%Sz9J*el%jg*V`I8^KqerD@eA?h}6G}z(m_?DqTc2vgvPE*Wnnd#573+O$a5`!|MtRTu85_G^2{|g*D2{gQ zL9fd4TfUy_hS?0aP6WFYm~>Sgs=s$pFM4-j=Tofuu@Qy4D6)-sCr^LNp0ebbrD#{& z%U0BeSYXM*;EvST2Hf4d3htwZ+(y8tFCR84N|3|8Ah#DnON^E|fSq|4UDGfMv9yD) zK(5VXdru8GH_ILn*Rr=VT#|YQzHfY)kLib0&M)MT z<1tx#x%yMO-G)%f)Zr6~SG(eh77Jc`_>OMugbwjnK1zIh+{SoLd}@SxJ7V%?$iBtX zE*@=M{|M=ybD32Nz;&pQ1$9baqS!8ZHQRr=Ax}TZBaOMAfe#+1k{q_bHC1$s12$ZA%M9Q-bd_x+GZl$ z;hE)_6ds?d6m(gCW!c9!CldhO9|_ds^7slz*;Jn5d`&r|br>8VsQtE6TgKs~i-!Z#nfQ?S&_%YV2h28opoT zX}H$~otF6ZNYZ_&=#-q(gylQmtnw>LX17rCc?%`K{6LAfB=X)>wNTDK)RDhl1iwcK zb_*pcm@TEKVh(&m3HBV|i`fBiZj%Qt0M*_i(T@@0cO&-iqyI@zdjPrbf|B?*LE*m_ ziyxBOV#$BzN@9)Pp^(_k2=+W(YgJsULGlARjBFxN-siNca2tn>l<9H5n7ifH;~TX{ zI7_vv--_Tu?E=;}iiPs?qZx=bl9O`7E<4PWO}Pm7^N@8zRz^&9?SuDG0V$t9BuZX-s7bZ>XbSHLbomcftb*(Tg>BF9!DIj_n#Au*va;QG z*(%$8L$BKvfMa{D01N_v0Ez8e8JGwleErWMB(S|e7PcJ}h^<1-#>NhX{2_?HVJIub zZB55usLej1?w-WH>0-L2bg~<}ot?W)_gn-6#8x6h5%t9GnIVAWMNf8IIU z>~qzTD(lvW_G)dehnKuu$@kmzm2|@uPCrwAvKpYLonDg>VNmSx@Wh#};`XNl3`(B^ z`@Azx;=RD(+is%mlBgKXk?z^zJNNv=8_1xXdgI#6tEo#oR}!Q>7R7Rt#TKH^{N0cI oSxfZa68!Ie>q@vgfJ3^8q zBFZI1?jpH1Y??+PM(&5|>}T(N_H)kpaL%{=VLfZT?|MJH>s|l<^Z)%jIyyQa5D4_Q zi_Ou4fcGLFa&&+|fJA3V`aFcm0<8q9K_IX|kOK1qDNvhi7!-g)*&rEwt|CB}+gXr{ znN2oQFLId+063T+pdDrxh+u}DgR>)9wH(O=f4rdyh6m){nc_gQX!(%wo&;ZvDyY0O z14GLHbCJZ4R}$Lab|ImS_aPIU362hA0?|uC%a80z^dXP~K?wmatRkp@#bPi@7_6G5 zAVLAeDu60j#UB&@|1D4e)bBqVV1mFX00IJ10Cp$^03bJ-nONNpAQI{$d_>Z5hC2E; z`8)(i15Hv_$|6DrdTv*jHXSEgVt9{Db?w=xwaT1jBx|DmVzrx)Pni7N>8CiIxEr8b zfiBSHYu-8M*M>u~dhrjj%NCL5+6!7m{n_|hff5_7`Uekz&EVWsd*3!enyY|B`k{*{ z{fCnMRA_E{PXDYChca8Ty~zC)Gio0dpzu6Kme$sIhcD>ndPuBuW!tE-SH98a<1g@g zyJfzpSjLa5AFXP8%E^ezo)g6^%x`7RMmfRM(gY2DO%UQv{-{=xOii?RE*QRTGqx)i z7omOxYUDk8RVa1lp3~PBUc`m~3$!O!IWyg7;q=LqP#6FKaFvlFVDB8zm zC+)BA?*sF}JpQB`KW)`CcMC6V%->E{hv)cA6s7bgXf@iEiYA{qYwI$3I809d8i{ue z%VbU%@Ub8q967FOTGDI2s(x1g<*8z!jR)NjQZPXGUw5$MJxF)u7h7PSAYvTZ2r{x< zlBw#k2!wXM;WYiJn(*TS5qR0|E0_5?isC`D?(z+KlYY*2dIAt`KQDJL;svim-&6EQ zekMU6@J}EGP6I`l*$y%Ta6lG{1V99w^@DyJBYosKI}`@v!oexEjFd99G`dQ?30@}@q=^v;TDw*he_90D~@vUPw-=ECaXM;E=C-n);~%O zgZQ}yZ{R-SFSn-sbhzx~Y|dy8li;QwLX%%ty%>c|8{?=(PRMxHB z*W|N=r2A`$;uke?b3a!%KIc|l^8F0HyoZuykfJuF-lw@*%)B)A4~1F~PG+!-eMP&B zty>26=E^to74?=%*Tz3FMQFvlwS6E&zRJCF;G726nz7FGxxSor3daJ1_w8IcPB(bo z1R8JRI15My@#ckPVf1*$_iOZ76JBUD#hCFv>aiA*>uokSsF$voUoMw(d)>;ZcRsbo z`k<|C4)>*GZy8jGVo2%j3N|=TlljI_UjD-5?oEw*i1F9?7GnhmD#2dr)D7+ z4ThKTeBGd`$m?9lq`Op3z3-mrMze8`f&dwvlJObR3_rfBW59W1gt2ba?%_6Zw>Ne9 zwfUf!A@NwhO^3jBv_ag3pyXyUT-RYA$2ucb#n`yowd0M4N~qLIPcH|do5cEMqc)y2 zJ+A1PetE_AAyutyjJ@Tekv7VfoQ;NTTG~robyqixS+ZX3FF2z8iT~$HUj?6gufwIs zoYqCxQY*8KTRHOH7Fvi+6g}&s^o7!#l*YOWc`6F1r)(cr*C5ZT72@)y>LK|LCx%r* zZxp=8twc5tiBXr62lY|T(NS&hzA$Oj&sr9oOz3wDBQne?Mqc+Juk{8b#haH3yb|eP zv^TR=)JYj^!Hu+33%3G=WfOD)>qiOreT`aeQnyWF^^eV1sfqip)AG*fnCtOQe#nio zI?z5v)Au_zJi`$7edqu1CqBF9===)5&gc5f^L-!h6B9GDs;N^;4uw)g{Xkc!aCdnc zO@KMtaPUDi^`5lGMXt1)k&0`f0@Ub)gWht3O&=m2;`81`rX^?fgxah;Z`&-g-RBih z+(~Ev;xs#J6l0>sH?NDt?t4shs0>#WZzLvHxW-WLD3QX&QqCI^0kgbGx)s@D@w%>#p0M)!83{#{NQ^ zRA5u#H+{4*VOh-v`aiMj4}*`8LM`g1meVCzPy)&ueZ^O??b4UuSk`~q+)`%Iq2GCb zw>1pKHEo#XLxQ#ODwgwS+?MW&a^OOEC@H>Mkk7fZSALl?Dl-bpOTmUC)ZwNl@t13U zjcm-CwDAdg(pllC_d@-2m^HdWLYZln?&)=p!!lDYSqs2tu55^fld6)3e9?i4r9#CA zNbN4~fko=)eO>!?Yi_kBP`)?~+(N7SAH$)^W!NjP%5DhD2Wbo|?3=JhJbR$F_{%M6 zncjfbR5M$X)zcwX^1|tB4HoW$ZMT^~uJi6_(<4Hlh+&dbaTr4xLPgG( zvZrSX#X_3)9%(a;buAWsdf_9Oc_X}9l1gB0U4S{oNeEs%H-{gJ81zZ09`f`U~CAG98xM=vE_ztM)^PSNX}qpMw0eu)IxM9t?DZM)WL9v)ChU?)s`% z@h&CyNIla&o?!6@neGRByki^F6zyT-DShnM62qs0?@llgtsPmFf|h8N#qHKT%-y;T z(I-maV;V1|GMc_~B{T^PjsG23&PJ-*Y}GF!s%-8oJ!i<=un$2^gR(oG*#(yb_fo|F zSd!5W-(`z-_=a9jZ;)+gEfNj|A)xrqqa<7q_71?zSpXJTT3LH`uQ z-!P;wVPD(Wn4@=hYjtIaRV*V4Dr#x>Kw+xZmfb<*fCsgvph&xqZ};INcTZp$fV;E7 z&++gycX?Du5wLpxNLdJV)VH6C&z?@pYN@J9yZr)BkL6(rTU}hn7HvqK6F;PIRsHQN zAH_n$H9$teHs4(quVgCz>qT_kAn7!B|JAi5hDWX{-rTWXo705u%U? ziApL<5;ByvA=^jwz1RD`-+O)E_s94B_g?2Z*E!E~o`_f~Q{~jt~Y2a5GEG0WyF*AT1>&D{afe zdK8eB1r)ZApA-N8Es(&1zkh8o0|-h2vw{E;mk2VGO*rihEIW=c}_b z@`_GpsBEr&pQJzZ*`!&MWrP@Ib@Q~o+@P$gGfo}?1%tqO(f|PPZU1CG78n>E}1;h?ihNC%2>T`ZRPOxsaD(+$Cl$-{TnX5qg+*&9GtR`e=5XrGkg6_?=q&_d3x z;Ql^%YS|TNs5Z14+)g%v_Z(WoGx3}_PdqxXoK3{U8n4)FXD1lM671{k>lflH{xd^= zrKcANw4HGz*!p&QF&$w9!@wBGZt!+E!bq^G&tq9xx?NA3x-KCI@%(7ITe+jkCG4@y z;YDzHoK&d#I5|%`g1*xF*k_-us}aLqg=_TRsyZHZWV;YJL~i`l_x^qaw@2YyFx(TJrhTIXhcp__2Weu=g1lR z;Ovs*U^!zk`^~Dk%lMmtn;{aaGby#jmuz%B9O>M#W^tt*5%6P{0Squr#9E z;}!g5rTBL>YDC9OJN@;yu-t?OCEZk9H}P>0BcH}%ay^;bxG^cT{Cyp5g67tss^)s8 ze2J^5lJ9DmV5fob^y+bW?P&=*VB0WDDapYx^@|bC7F+5>4T<&)43&iOKk+)(N~@|6S|i+Cl5g`l3wk$)?gKS74_ zopkXFv za8NKq&%p*-`SF&5MHeboKPZqthQ8wUecd%CQEZtxapSQfd=fp(KGxM1@L z8-iDh`9d^xkneQ&6%?P9(X z2~vq=qU#Mf%~wmJ3=?K|^~cXx8w+LkIT&M{P8T>7n?p8UMWTU-wT`gPxbP8^%S-Ut zk~lqOwIoVUWHL$cDfgQ)AliTBjw8d`7g4IYxAludrKC6TbO5d?M~d2KU8=7s6I&`90L+RLg<5*^HV-Gs%(b6da89dZCMF+9twr zp|7mmYSVOixGGscx21a}y+C7>`HB*OV-4C2w6!O&o&NCda9>Q?7tP{&&I5jP z;c3X6O>xtB74Hh1cUF=5b=#s89?cI=O4pK79c36!LB6`yn&?pQ=uZIX5vK5Lx?e7H zWTvgd!-?y+=O$Mbyc^Grw!G5nDNozeyfFu@o>oMW+Laz@{Lss9Oqtte%FH%XUjAZA zhyY7^xNHp5pDN4$-w1zXirh9+q@}jqa#Tv@2UFy1fiS6E0MibF7}=rNZ6y5~A^tFe z{~Y~SrV<5&f0}ClznIG6XZiSLt8J+Kd%$G3Xe&miZN%ROzKLTW5agRan6)F`VZJZSP(GIaXVq_~r5i zF6X_U57QuQ)Mj`q%UPMKk?P_-+I|A&ViIsM;dg`y-@h_CzjCKnS)I z6o~E8&cFbNLjDxQKX_C~F^ynhYeb*pU^bkti_e)aju&uxQPK#6p}^*OopC}geBE$& za~EQV?dH=rxy$7T*@VS0PB&J^zAxqqHul?0`Dw|fMaCICtFb5@wF@o`er1~;O^)iH zLyWpty#O}`dZAmUD=7@e2gSukJmDQ7Uae@4iIU8c`dY*ODKv zUm18?%c!sN`MvkUgh5yMf+uTs`uWjoc;4p%d&$Zl`sXTB($DUD>JKVzH)$;hzxj!8PAM;E3$+lSxa^XgDhhSiR{ss>`{ueh+!}(h3ulJ zY-JZA4l~(}2rt!pu5-?NuJ?UEyyx5b@LbPx-_QNwe(vZ0zy81f7Hx|L0)ZgEUd&FO zIINeyw37n}1SYzGZZd=5XHoKiG6)0>1|p#WKqSN_7YYGGAk3gFE;j*ihr1cT%D^lY zs~1aW1%vm%L4X~a17K%>n!^xCCQT=QTp-r)404$*76<$6mnsp_KrI-5DrS z=3k3Me!ddX`o0ShEiB$2=Yn%`@W*+3iD(A+yLsbr{=tCAepZYeAdA7E(eh}FvK0@z zEP#;(6ftr?C;s{^M1n7)R~8Fzl;JF3@2EmmwVv8|y;?BjxD>*A$m+M4cih1~oWmf-TNZA8H<-)QT}60BgK zz+b(CVtWQz_S;k438tM>1%m>gCTC&1wc@omLhL^g zz8%PT7aP-|E3?_uNM>o}V+ca~5Nh+vm%C@$HPnuoq|WgYTHbL~?e9c2I?OfMedNW= z3gR2nzUpR9_*g9@kNBT%I#AspeGB_`cm>NlrP%5krV{&cloT64L^F4Va0Hf@?63+FOL;x&0%Qvab`guF)2?ntRczJkvU-Xjxk)l8I zlMw`hLx4!w)=qjM4l{sZU?~U(cqbfTk+7M4>>BFFYs`$^dHKvoitZWvfISvl+gl-; z33Yh&(1eeeE^R=Wf}mh`sG4^;my5RW*5a;m!?lCO zZ}=;&%#EcPj7f%eU@y16Jy?ed0&^ESraaJ3=M{GstZNsRo?(>F+Eg|)U%p#eDjjyEK zz)@x{OPLRsnNinZYeMtu>Edg}Hr)3e%mz*(rK}KRa|N3G2)Pmo2#9Uhl@T-K3SufDhmC4x|v?1G{4_L$n}; zF`}tGT+DNtBJG>P${!~%GAzATG54UBPo_AWGrmxb8?v`xK3r(q7IJKFOL)_q&lk<( zi(VOWqC6XfR6b?yrDFe;m?Z|LoC=`3nq^=KEA^p_PeX&F##4+~63$#()6o0Nz}QSJ zjK#u%nT#hzh3SEBb@SE=t!>8N*Cc1&QrlXrw9DWwNEdcW_d?ZYgNn9(;kZ%M#5LFF zFk&pBsUI?_*O&}(egSv2VZM^oIXly1_A*V3imZD5V5mdp?III%=i!SCc_-^T6!g@W zn9iD>tF(-8MMGGhrC1cZknCqe2{VpiHG@!P&ax&SL_I;Q}t~XwGidp{2bK?b`R1Cr%q}w zar()J8YOh}<9->)d2J%DVvk^5lbrng7rJKmB3nSRd~~&qc5qkRQb<@naHQ)u5&2liwa6GDPCVzY8@bM+Ea8` ziw_)m6-uXe>E##rMX~A^3L{Q$gy1;rCTHULA8C}1+KwEoUH@9oO?Lkl#>`c&J$S77 zF)moZ@VawR)T#n#9Jx@6$js(V05u;t+Gd*IRwP(?aTdtF5nUxVj$?YY2z9KiE+O4}7I!`oS)g{9|s=gG@YW_i(i0eQE;Wvmei&e7OZdhi2ZgY2~ZdLMz zeVFJJAhl~84wx8lAX51EWg6x1L%S%4?-0J=3o!4lMZzEe2oTt6?$gtFowf>w4VvXeEo2nT^fp5xVz zNLoEy`_zv<)WxiVJzNa#5MXH@GNNH5@VetsO4#^_-}`ZF?o`_C*5}XDa_X_vguRSW z>&tWuX;a)>SXwq!rT;ZvuFz1&_w2PuVV2t$dXz3%O^~LmXhTlWtQ8RyR;p{P8tTS; zSs)~FAez_cn|KSF;Z?W)7yl0vZ4-Z{$&dXC z$>YOK=@#rk?vb|_EH7@nf_#*j?tXXzsjhGc;Vs%&EOs}Tq1U3qzGK6;L*uT@-f%VZ z=ep8zj;z$u;3XGT)5+<-o0LE8lm1(V|J|hg-K6~Anv^osFqLL)a^F2J`k1W|W>VIM G5cp5x)79Sq diff --git a/tests/security-resources/unknown-client-keystore.p12 b/tests/security-resources/unknown-client-keystore.p12 index d4e2d7ea8e2b05e0571c217ce6a572e95961e45a..7c19b230ea3cf1a4ffc85a7048298e02b784183d 100644 GIT binary patch delta 4730 zcmV-=5{2#fCio_hb`r|S+kn5K17KygHcQ`xT>WM;Sbs^bw4_1VW#d{mfT=Nu+Fe=UE|%1(NxA|(zqXtn8?^f>xo z)$DS9;uj;Z8;qF%{y=K1Tj+kBh)eGkL(G~u@qnF=uUbnj4@nZ&Jr%JsD>lw^UZPMT zbhg00N}9~}K+Rd`h*uGw^6al+IA^$J-i%ziWr zjNyuOr$2ukF9|m+Ccj)ptbQdhIs4Ra_UGs{TWVzUcMMI~bH{#RWoei)vVYVNDlh3= zwmwTk4E6P?p@W!uAl-gU2A8)XR$5Rjo1;%$mCd zMonX`&AX~9iGVxD3$`3MT)3$wf$jhzwXpau@97X4dqf{34V&;0(alzAl> z7lDyWJ?qz7Y7y>8wgKj(x48Ykr`wU7eNKD$pCBf%(kS2}cXlAug4v%)-|)`THG9es zz21Kpi294ki9=VW?f)6Y8nQ)_1B}E2^j3`3(Eb45;QPdB!UjZ@*xhapLlYFhDJiW& zNtg^`DUGd4z;zQu0ZGslwaFF0%hju{GMP{=sGY^@@UCSt;I0V_Vyn zPOJVDURX(>jjWGMa`pyiDhkvU2M~mkGh|{-iN4(`^#j5N7q5RZ zvdo37vWyDdNiZAwtGBs zSWiag%q_1UtX`*b6*rmLN>$LP{C05`ZmhXv>ah@B|I`m?Bg(6Bd?r(%y-mwcf93X5 z;erD}Ry`9yvjJC^^g(5^zRC5Up?`L7uBHH}>d!p=HX9b15ndXQ6I z{FJjQBU;qk2@dLdS%K!^d{FPqo{2jpqMv4uxMUtuKPu1=S@R6g#S#Kjwftys<&LNQU)hkCl;s2#P?VD$`sY>i%<^|Af4P{pF z|1`fSj0s=FoxYfiH##_NPqY_K^7fnbpo{UEf8Vk07(7OQ)46Ff>eF(C7m}XZP_1ov zH1?Jt05&tzGCnB=Z+k!#fJ*d~Enq973lKNABc6Ux!$avlnPGamC0S2MIJmWG4J6WN zOJ2{IlnR>pc~Ai1G4~`?r6P8f#SOh1vijO#dAyM{KrJQ&F3A!QI?eTf5}MhVZj4Xc z54^{^9I(!RJ3<_JdXu(9N~@8|Sq6Fy(Pz_Tl9|a2fk~>b?J~>dpJT+L>~^su$31Y8|I=Fj#)0-FM}QS5{e6w0IN3EFz&Z)Z5PkBATF?AmJbzv`Cv(EEi27$ew*FR({|_n+4|Fq!*^_YF#FOPkIg(O_8>TkJ%(D$}Jwxbu&nx zN<+H=n92wA>GuIFW8e%4V4s7OZb&WkiRK*S&&sKi|LH|d4% zz*}~I@O_LVBXiOaRy}uxHmwt2- zHCidsiKzsOitFV?-GIfWiD`A$x;njOR~pfwpda*+4#1@L6>R0(lVmfcMkmWlNJwbA z>NmpuH8&HRtr7aa(#Mpr_>khTHp4Ej?TfyD&For z%#+q69Ehah))h4~a7lL!GApfK5I!)B=c`9+f>czkMfZEnpqTlaU*@s7Q3T@{-`@R2AX~_ zRTB@P;m)q?uAuY06QKa?ZJ;@i7n3f!F1u~D)f=h>Um zNo}O*LoP&hZ`K}Ffm9Q1&qdQ2mx zXZ3559KDmk7GpboZ)WKx&hm~mrZ;K%jE4N@1b+T!LXgummi^*fR;8xeKZIU?gCx~? z!~x5#1pYB%!X0k7Dhlv>=q>Rf8pYtq`Mw)S31KtILZTpsZ`mcwFODui+l8zbg6)!c z$?|M|M|rcPUQtSgq1pzE=@HzRIgQR$%ofp<6VaeOnnmZZfYV0h)AJecgUwf(op+Sl zsp=jl+>jc~9pyNB6@FkTc3U5R3l-kHH6vnD8qR0eUWRRuw7vGD2si$CCXD1fqY^98 zZ8T%Xt9j|grQH7f z*r~=hq_9?AMp0Vflse_Dq~s}HA&OF1ivF+g=Kfp+kA(Q&eOPsr(g$&1t1t<5EdF|t z6`wd7M*qOI3ISWf2JBy_20Abtr{)a1JdW%e5~?+(c7vNr!%O{tv|^00NTzRela2L@ zP*t=jgrMHe!#0wYHW)ig%#%P>;kP!LshJ^vjUbO;EU;u%%(058N7u3u05sWvr8hx?{Yj>vFzoEIA% z#^0<20$%BV<^QKBsr@Wm5_(08rmh?siRHsW4WYDqp!E;7lz|yVABsz_VgO#5W&^+c z{pDv^P4a&?4k0m6*S{fNZhcc;jD7FoHzT;&5{>+`L8e$9e-{TWpnu|U z8hSOTH&)Lm#qMe~x^^2_(PXC?5Y#bBCa^;fsLLL5Z#KdfTShqPA4BRz) zSEJnrYSBG24kxG15@Gv!b9#rA_S|LAY*9jO&2TOgZ0);y!`=yQNR9#J=bO3l4I3yg zmdVn81D)M^GQYk-o&GowhCQ%0VAl z+-mzZb0Oo;CiAUrx39`+aB5n@%o!4Ejhqu++)1H?vlN1L_aSLPzji&1KjnzxG$l`c z4$AaaBqdc%8i5pT-$-br!F>+azcgpsyAu9?r2;L?-m`TdkPYM!@LkSuA*~YV>s4>Y zi;ct~q9RPUWY|+Z#7|^yNS&|Zh!rk&2NapKlB?qS4xBNL711=4XOGVd7p_ky_pQ8k zY%u(VbWu7}6eX`rs#3K@8lZZReEC+Si`F$t9Z3e8oG+Fel{I8Wx2zL_@+eKGN=%S{ zR4J%r?3JnR6vfs}7(T*aMdcH{J&;{T^Q^@s(;JzE!ZrwrJbmk7y@P9;OV6OOuD@wc zzNZ~_yMPq4)XoLCebcV6;>c0-=)A;Z#b)SRZ6g7_TxUhE^lkLwYl#59Xo)Omkg;v{ zJFMp#+&V#Bl2jfGil0MT6`r)4SCJ}z`Ne#a>-W2W#L4x~#K$txYcBiDt4$Ue`2^Fi zyNjAh*`e#87OfCsIbSl zH@E^cU+7oRn}gn0KI@5#fNTdV5mBRDy6{$Ie96qutk4uToRgy<9#x8!kKksXJhofZ-Lx>5BU-waj4QApY4ac4~$03KEC|JYLcSFVb zSwgiU%Wh6+?s((yKs?D`9aYTZfe-=C5bo;gHlZhg(ZKU-SZZ2`qTEB#AuY9Y-2Z@0 z;eyR=|Nrfec|DKZ$J(IloSGGXUlyop02qG#WLo@2NE(wG>(0k)OGX70%7uAK3ub6r z=AH9K@BkInbV>Q{voN^&OO&hl6yi&;Hn+%?`K0yaIJ4Ysi8Nr{YA8PsA$ooHkiEWf&-DK>_s5wDuve6oURtzj0a5g;q z?sT6g?Z1F+y`?=VF=i2C%5?f(myZR}*at=CEUN7&(g+ z4snH9@-b3WWw16iya*hBpAH)f_YCZTBiZb)0ASQ;WXNbIiH2Cx7PS3cp$Rf-={~Qw zyzVe-> z3?=8Q^vxhF`XN2642IU-IUBpd9O|nW{3}7`GcZjsF)$4V31Egu0c8UO0s#d81Ryy3 zY6$+bzVA*J@UVp~^A(nM`E-8y2bN}D%qWWuG}9df6b8d-Do7MA64P_y^&nxk delta 4730 zcmV-=5{2#fCio_hb`&x&b~6^wqu-E#Xh6y#Qk}w`LT-~m1|)wL`#nbHsS1Q&=8o!s zNTZqrf&|e2e!kG5TDy02vP8KLd-F|)-%BU(oywJr<3Nfc)$qJ@(cx!zk$e*G}S zL-0xHXvd!}BgcQ=74AOeUFo~~llQLr1b<2+FL0^@7^SN4h3nlCP@Q*pglp}Y&D+KDG4AnjIQ|z zFqA*6G(0vR4l|NHJ%Ea2zk@c^qINSr9Ag{|jc&VjO`&(c8whY|l`pr4oyHb43@;v{ zHro~&U1NVQzsB#j?AxDExJR@=wiUk)K{^!u_TAXD!g6XCH&rWg#Q_>wqr$CzPjf zT1(x0JjKN|5!k)4#7=H;ha;OHzn`fp&Zc!G>3@IzNVZD3zZNnS*y{!HdW=F#qk8k2 zP`M1&h!Mq!w`#NHb%Bfq0Zh581o;b0bthOw`#Z`UQZO@@l$4ssaRf%zq1_8XIZ5;h zLtet>OZ`t(=`fE$iY9?--qe>V@wPiw$UkC%&wIdk&78CAaEq$n@rI7$Ts;8c#I#XX z{F;CG*BeNx&+zb6SehzS88~fN<)uhj439vR^dCm?v4QAEiTqi&vedv3wvA-n+4gxC zC%rsqXp`I(`wkp|VU8M`?wygY){|_KtSCpyVw}k|UKvreIh%JvZJ8h~z{@lR=+&+hp==3m^url>3(hwG34+r>K_Y~AP zbu}t*{epY1pHj-0A@G5uy^lH@m7Y%a_U1z+72sdussx@CaM#I2i(4T8mzfP&GVH)opgfW3^cqUqGW3RV5 zr_&wwuGb#re@KgTG7|t*zr_#A$eWaN`v8goUpz+ixD4Vt^0!w&YCWSx#{mOFCy4ED z2)a(Enp?5CUGyxzR-BKc*z0nm5nq2tSFoG1P);sS0)QaT0Ge_M3TtFOv5X{~0jO&^ zBlS%%`BAG%<8K*xhmU{C$5?ntHD)28T4c`S**D*5A>Pw;!(HL#Lc;7OQPivi`y z1*>MLZW#Yy(6&4r{7AR4aL`1Ou_ws&3J|*(G+EFF$%}0qsuYAiUQ{D1$|8Tr0-5W; z6H{%!sjFhJ8%V7ldFU>CiKQg1%9h-l4S5JzBoJ*6@{JT}SX4((SQ-GsUQ{rII|S0R z9gs~RGE$|2`J9YIh@p+WGD|{gDD*9A&7$JqDPtn=!Vb!ig($JNqj2za{t!sHf&LNQU zegkHC6XB7QK?Wp$A9Y_6Y`oDW%6oH&f)GUtfPxILb8_f*FhyDMNRLEQHvsIfI_lC6 zg?Zi-?lK`nWwOA%&wlVtCrd;lr!zIm-l@_!clVxOxes{J8PbQIEokZfEFh298tWKterNZ zH?LW$f(&!7x$#8FY*#wwf82a9D&4`IG*P)4(K}&&CWucCY(`J zaaGf=74gzn#OlRZva{_hr8D3odT$)@)@LEg2*m(KsR?vm$21>sb~Gj;^O-ehkF!bf zVdYsGZLQdUd;p$gE5JPC4ak@OdQ^kbhfHBjd`6D^gCSqiR$#Y?yT*D%sgamm`f?J%Kdkg5OV0eS1S}P6@CBHET9_2FGV^is^}KXsel-4rtDrEW zPV%oim{P{S-Gdq=D5=H?z0h`uTk=S1D7>|ZobO=Ia%@fsPt;mN&KiZ^woUa1j|d?S zi`F?Z=l~}AB=!|my7ec@U_NNS%oS&jH)en{vlqJX+nIdm!lP%B8l7!Tz7x2Dim0{G z)Fldk9A$p-@IMVczp7e=>cEwq>GO?2_?^v$@LJSodmwg<@o07DV}Vos5wYAN8Fd^C z;qLOuFb(xXWNf<|Pl}=nj0=N9<@DkMwPz|Q@CHz&`1nQ0erkvf77L7PmN{nkTLm0U+|ML5#V`jwqSL+FFB@(jk0ca-@HUQH zCh56Lho~76F2J45Kc&S-TX;87eCx89 z2zLZJ#RxkGP62F3=xQ{s8!dHzJ+2DukbV6)Hte#xc&BZAW6Dr3>H|J1N8+13v^t7b zZKe)@r&U_F`mhptofEH)n##^Q!f^X;OJdQ}ZA}*=6MJ)m<}-!om`N%@3%FzvL0{U$ zDByoc?FhdzU6>m2>Y7qyUirT9uw{w15m+iuR~1ISY}sI!l}EOm*e{WP|6|L0 zbQcH^ZDa<>3Hn3<(tUbbfE)W^4STX$oC8PPUH^G~I39JcBnb^~;N%!kSKVRzcTU{y z8ug#J%XO)OY{pRTvw;pBgjQ9&DA+3nP_nDOgIWBSk?{4eoJn?n{9I46BQp_iv#*%> zi43j1)ERAj+1Bj5or;Tz&+@t7DB8YY&o1{8zMP+ERJB){dB8J!JKt9%gxX(=3oSu% zQf56=Hb8)x7;iYZKE1i1I_qP`XS3&*O}2o3{P_#*%INiR&LBGE2vX?Vti-SF5J`43 z2|_=!(?Jhi>m#XuQ~cExVZ1FF3sE{jE@lZun-}i9aIkdyz_AcFcZ2rhgKw`#!ySVd zw5HP?9x5*Sk4^sSVTptl@Zht7obCt!|CAle8a_gV*)vqmJbA7LFLuybJIlnyG!ktv zgEkz(9&S7pcpN@M+2pg}uIvZs87jShgEoL@FeAe-2b|M?H0;DPswm!xw8a^ZshW%q zO=uXfem4`b(dWSDbZAjXinbu?Us}U~E^`pQY3J{OH5kfwWvdgvbF;RW2$&g==@1m8 zpqg3-Y)R7ZweBw0asyt&zFKrEqRWa>>U0*k3ZxKdn}Fyr^@VYOmJ~Hq!S2+qT_Z4J zD0qkpUD|VhnINB{uM|AJuXBdmq2=PcgmzQ9**oTTT0j2Rx8?T%s%;I;yFAV7u-B`-?dtf`%EDDh<_8h#gO429hx!W-CM^k;ylon}X z)~Z~u4HY6>uVAmCz$$iRESA4HU5>HhG zTR31GK~Aokq(?$9m}JD#(WO_*1abI#gKrj4Y}V>nsXEVe<=;>90@{E$Zw0|$5J!Rx zWnZ#?g5gB2F9xC9?M*e@2`+S%PoF1(e+ zmyR=ieQ_TOb|2~VsHBZ@kVy)4Z(gN0E^y);Q+VUhfMB72b8^UZ`)q3r13Z7tXQ-Tk6MXk~Rka8FLnGz7WDtJl*?_ ztpm-Z$iG6}y0{}2UUjtH9+*R*{r{Y}mDM|QsG*`?7YD5!VMdef@+Yv%&1A9RS%#C} z>|vd#XP(j6RAi3Kebu!scn?^e5rAD@g1rH-uiRJuokuD}ZywzoU@oZ6HZ!9D2<1|L z+2(q8Jp?1Ce(?|TioWri&iR`9q*u($T0V>w#T^RdhGOLkSHl90@i_up-*_MTZ|;Q^ z`b#Ktgy|J+k|>Dwk}R@S6X5X=pxN$vS$(hEd>d+ikYI%jDdqH$!#hS6kli$PqXLiG z$urF|3!8u0-z z?xq!{&%LB59eirv^vflG^)8ApMV8oHCU9%Egok|7KhitF=q1GZJ(_r;G?nzqfh$O@SPWB{!{KTMzBH=l}`y7pV@%VGY($VlX?2cNXMpIw?#;>Aeht_9Yu z!emx3BD{@0!V-=mr{Hzjpb!FoevY-Xniq1u8{+j4>+!YbW`K0$Z|aEZw(&6Za3q_` z#G+QK(cg`?y%iTWDYUG{rzbe6<4mCE0Zs+J7d$AA6Xj&R=uRd(i?4XY!`973k&^5N zpfxf_Pi91<1Pek}rc-=A>fw$dqY#XE;KC*UOPs~<)V?mFUXYZ=hYvh|BJxEWM_Aiy zAp0TRc-6!D?dt>{2dE{`l0w>zC@8`#CzI#oPXChjQ&*J$3d{@L_mu2@daG)3uqrhQ zxY~rAND(13F?ekY;;U?e!v6Rp!ZbTa5kr82vib!MKIaH*;{wZ;vD&Zg8xF2%Y}0|@ z5U%F@wQ+w66c!?X?jtOJtY0*4qN8?Bt8+>*6PU$UUZ=eoxJ?edgBNeV<5LxRd!eUZ z4{qv}P}b#$TiYM)KLO&w--O-lnDccpXv7phYMSFpYI3h4?6%&Hc)O zGN49w?EJt$g*8J%PK>MEORB -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6l3AiYGTMVZfB -pfl1fKZWKVSfBYxmH6OlX2aBPXg0e4JfsPU83sqcjy/Lr9hRfY06Q6R0Hv/TTndo -VqihqN2cY1P6k6whPyHFMVJAGva2kufWVINqoqhMUOW/fNXfCVBZ6fhGA6nkG21O -FrjpUYB/kzkR5SzIfg9rLbyQ6Wvlw1Ef0I5x5LTc61uSy0P5I4hap7Mrq8TeB2gq -i+d5Hp2XsJTqRzredd17lhHuo3Sg9c0uC2MCPJHhqoRdaeagf9N78nHTgy89G3FD -w7byzNGWazidD5bJDTfiQnQP9dGvlzM1hbYvjeAdq1G5pOZPiFwvQvgeAvsa+tz7 -+QKC18Y3AgMBAAECggEAUG2gZyD3seAfFtiNC6hcJn2QPS9uEkMHDexuSb0OSEkI -rGihfMhnu045AupcKtwceQXZKDiIezOyYqYf7/bS92sVMshehMIqs04MLxewSohO -KGOrddaBBsxEC+MqaQYhvXANlVhU7b8owWUn9WItKlByZBVN1WoJCWDgi/IhkRp/ -G2+II+PFNV7f5TrHzEdqGV+joaxEKI9SXGfpkgrQZaj1UKwKzwr/uv/kIcNjVRxv -mdlvwhrFWIE5bJmIhc6/tdAdj+IoYHgcy6xMcNRORJlp8JO2LzIFu14nWK4Zzlo+ -ayaP5xvSdlJxLNW3HVZqwEhdKlrQUH6nEfoMi5pLMQKBgQDD28FoCf2TS7/a2aUN -/7WV988XWMN64GbfLUn4RmRkBSjiYO8X5NQbj9D4jUYf0CoJYqLCFyAO8KX7F+rq -nutbla10F4KZWZjRyLmvtJYJynBEN2yfWFpcJtg5PKUQ3tP76UQNZIbeS3ETQj0L -PEPCB4Tx5W4v0uOfKIj1Gew0KQKBgQDz4zkaZQD1K3RMMDZXZ41fEBCPH/JXMi8T -hIAXuZtT4De5HnqRojpgkKb5l9Cl1jnyTK5+QBVdyJ89JBV2VaqRCHsryfFN3X0M -GlgLWNmsgIowIGLKLM+0RX0b7LQwZSN8jqWWp0Uo+AlCCNHgLUWZJJsO2dE5aZzH -KK0i6vJzXwKBgQCX9cj5j8bOodcZVgRZ+CxLTxm+Y4BHthQa1Giv2O3LLLWr7smT -IFfxioP4VKQzyq7S2VSugoK9FLmzN7tsjiDNzjPl/te1Y27OVY68ZMCEmCzCwL3m -ZAa3uOvKfOMVU83lhfbm7Tg3ARGaf6odLYTk5jCf/gKf2GAC/NBGWvaJAQKBgE0D -iKmsEXRaB3xzkQVivsKxGPmJNgaQ40q/gY98Xe9Lk20SkdPhLZwGsaOJbCqiDmRU -EJnvdI/L5XTyKxDWFml8CyEVwOw8r9sdioXyxbHyWTC/WVLMeb5MXyhtQ60wktcn -WGTNZ0p7oLjIfjXTNfIZHBnBcI83qXk+gAXRuUPzAoGAc+ztGl8U8A+z8HxyMQfD -N8I5+G/bwbaIyCxRJxDlRgjf8fs86TzUcj8e4IhRIw97+WlL/9waJl6iuo7EEnap -aeTViOKjpfBvhpffurtde9/Ql92f0KDg2Lyt08t1NBzNxM9O3XC6rdDJGOZJQzPt -6LEldRv0hMXPf1sHX2qrG3E= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCd7OCcaZZnyNRd +0jUtDKp41SoFd10L2B/DrDHyxXN0drQLhx8ckZBfvHX6MmsU6Me2voGWuKohRlLl +rvFjNCGLJM3NpjEaGmCbcBtCgC3xe6w/ztnBX9bQZlYWhPWvkEn4WjhdgzSTHJGs +y2GfrMoeZiMypvKnI4aO9Zbv4PNknkvFDCnMpVarLetXNoNMqySKE4I1+cqMjz+n +FNGG/IpXSxKuuL0GSpBgo/wqqPmMYbChze9aijbMSc78ZVjloB794F4HRT3oVleN +W8sP4Or2g0J++XsPIDFHI8eiGPmt9ckWxEQNPEM5jXY2jLRka4tOcSSxQlnjYtgZ +/MMIup3XAgMBAAECggEACZGnznJrZaB6lbC9/hvNXIL2B9zCq4wN6KpPYHlsVHs4 +z5YBYZbEW7isoVtat6qfJ0iFy58m19tN/JLMF4m6GpdBTRurz/wXLHPvgukHX6Fx +v3AGK7xl5Ly+rKCjzl58zOqSjb/8eIl7ni+4m5c5q/veWBxbiZsSdSkWWzSTKt6A +NC97byt5mp4Cae4kdp9zNQU7As/+CgUk5Flr3hEgZi1rhH7KxBNmIqxG5ZSfAe+W +7qvE8yu2oc25pZ1us4uSDeNKiTjxiSgA0AZnZocR3WLga4OvPjdjbY/rjghOxOwU +09UIIVNnx7gsGSDIZi5nj/7nsWm2zSCk6qRA1SoP6QKBgQDMQRPBOWO0A9NJRXE8 +vKHMP5yjXrMibhF+Nc3vkDvEnePcBmQK0OmtOdYAbPOpQVbjlL9r4qc66FTJd8y9 +6f2d2TvRaOnAzqcbmTsNcdOwGY2aT2JNu1rYVx8Fv3r3/X27NRCckmD+tk7OptKJ +5DepWhp9R4ylZVMpL8x6Ab5eowKBgQDF7yKoviIPmQCy9rkQ4F5S6OWfmHwLl2uU +3RxR+gqOtsWMiJfKMusG/aXZERh9tOxyAZnJnNkiFhb3gbChn+FST21F/mID9a1N +W6YIJWci+xUhKn2p4nYCz/Syi4fXtMxDyC6ID61cKgZi4mHPzChsiJVWGVtv2Elx +dX3fmJ+7PQKBgQCCYLPkbeaXnK18osfyVhINVzl8CtHbk1i1MFEArxeHnKU66BVp +1gqjGTzhzqoGCwAUivlZOzc14eFlLIRTYY4S+Pw24nn7Ka3/buMD5PmT+euqaSu9 +pG8LkyjpOV2b+IIOQoQU/VbOn75UKKZRgIyLHEm2WDqNxMy9iJZD9uL2cwKBgGYd +mID8DrCDXDP4S8QkLSWTGBw9XAnS5eLYLCsy182HB+YX9k+P82cY5z5UrpD0DWRH +5SJ5tB/8y36HvyuzQ1jmt1Z8Be9LCUy2srLTMSF/7ge9VzWVKxMKXJDcoYmsshFq +Lm9tvx+kYsUTTCkbh+Nul7TiwiSyrjlFx1na8NV1AoGAMNIHrufxPYr0akQeU/ys +MZsLxodxtXB0CbHzcVzM/9FT7gSaoHBw8GJlSCXrnv+o2KtyiL5OKeUGwissc29u +Xx+iiVcBLfWYm0XYzcl4YOAAZeL4/1MngXwOOF8SkWSsK+18kTQlTtPXXMw2pf6j +R65YEwDEsT7HbvCykqV2CUs= -----END PRIVATE KEY----- diff --git a/tests/security-resources/unknown-server-keystore.jceks b/tests/security-resources/unknown-server-keystore.jceks index 041d50f822d24d3854dd642fe118dbe7f7433f43..4dc144958b43b0ea0e547a6ba302b03a3c99cf3d 100644 GIT binary patch literal 4173 zcmeI#cQ{<>8UXM)X7p~5j6S;2&gd3VLPTs3qC{tm#7ag+3$YSy2+KvfoZ> z53IX4)?E_g0D%BRY~?f?gxo?(9#n=vpuS)b)C&wEv&n>#0c2#s( zMulDs-KGZsT58aS0E#?!?cd-)2Q31m14(ZVS;-953lTs+W9pu$N6 z3YY$M65lV6_)Na8g6}-m-P6U{1>@l9;)dhX^zyvn=I-L@3-X#BJ3<7A#f&c)LZ*;D(UX>EwG##*5F`>Y_&0%FwJzKRk46RpB;i=-&kOBMfRXqys`Uc z!*qo8rj=+5mR!gsjXybK4&_q3+I!URYeY`~XG;#vCS+3rY`)Xlcd!nBa#2db@yL(D zm4w4qU{Wk%V(B%%B&G{6cXcC#Yu%=>vAwiLKQ>u#dZjlnR&P?fDX*DN| zEXCd8w8p1fm{|edwf3p))NQYyauRo(3XZ;e*L&Ho>j3B7hims2>8SZ#G$V3cvM70Fm>CdRf@e>JhB;hc~8QJvM zeg5nGVPgDL-8aJZI9avYG<>Qo)2|XYmdv(na}!7sU;}~BV&(H03tE6Y6H0h2pjZWnc?Ki=Yr5E}JY_%zE&iNYs z#;fNh65M==?jBbKk&V)&KkPZC4QIg2MZQGrO_Td2i|r!b69t8qZ0SOrZ`d@y+%h2< z?6LbSN~dWr`?-i>uxhc%Vnl+U`GF}-jV zX1>f}X|M!unsuid@R?};Mo8e9UJqT@oFvo zHM7mU7ImcX^K#dzOLtiiDk|zx%f@WEp5J)U`WIn7Y$qkkTrZ8OBbb!pxQfF$pgca) z)tSj^^7iKKdgU*0`Hmc62@Cuj$zo4mPUIvuJ*-nBsm&!Q7ePe}s4eTug+X3&h3#)z z+o|T_Uzg6udWp!)<4GJ$`U%X@XjF{D@S*XNz}Ln##q=eCVg}W;&y0 z(i&QDc>VR!;iz8|V8)$uxx`V|a0Ln^#>@36)~?=b zPsWvXzP+k3FtMf(dBJ%0`DctA@}Xc)Pd=K1!#?dcr&fUEXFrm9?`X5#aKEz|d&p)< ztlo~Ll1;E&9M>aKmqP~WM;>PZnf$c^fzas9#Ffc)rziStbYk6kW<`>p%oT#aEfS1? z2g&dL7#X8p!1_A$Ai`Xq<#|m5#idyLoCDO;-AIShtezFi2!(FF-UF<~Y$ng)q%Eb6 z+Ps;0lvNkwMvVWoJQ-C zf~Hrj~C7iAZJ2s`Pmc z;SMXd+nCZKI0a>Zarx1FU9y+WzKBqL9}yq8r~ART2+3FZy6v1HH(`rm8ID;yIV7o$YrBnG=sO8*3NEZXY; literal 4172 zcmeI#X*iT?9{}*#EQ2wYu|$|`**!BumNeEvvSlgcWo$7MGTFv%q%1iV9Ws%vM7B|g z$XZU;NU~;`ED6OCii4NxJ=ZzsJ=gobAKvrre0Z+sx$o!xa6k9+|6l*#zq`A;8w3JD ze!buq+{uCNWJOm32n7DY19UzC#B^Fo70>{IpcH@#4FISR$80DB41vHwsQ~AxOENu& z00c8!?vl}^bp#m9&IAISFx&u=8EOM#<7L%#_4f*NH?_oY0i1hN?7S?xWPf*WuL~G; z;LzR-lvnv*i_qU+p{>5|03~u1krXfoW$2(HCC+;=}cxbU6WBWWZzc(R{O>L$fw*M+>Y9 zAV!zWI0wC3g~5yd#mihzwq*4W$Dso5V_r+@uuj01BchG?m6ryN5eu4!mpa;NFxA%s z_k5$@a7)&kgQWe9wGSlCn2tQ;2&XL1z^;66b zgV;O?-OWm=@^Q177RY6JUP*kBhWK!v>r_A|rfnZYoy9E2APAYrVs&2y%+MMLorC={Usqr#rAJkJQ?y9+{X z-S)U0p(SDc3AgX2dMD~>1RGwT#>XZyy6|=>n*2n4xg1)8KB^whsJas4@0Gj3Tui*c zA!**+o-(Gyxil!K2Nxt{1cVEDihD)sX9{ymo7UO{lpblnX_L5BV)|I07Rix)T0y)b zRwCQV{FfpHnSk`ySd`-k!cJKAk$9Ynxsc@spXy6CU!rQedau+&GM7WJtHDlw?{9^LDE9? z;P!P>4cReVuEU0WxbBoLYiod5D=1_l-JG}XO~j%11#~9k@(TyUD5~S80*+F?_dZ## zb4DJc;X>(xi&3Peum=zN^8y-~hFeJZHb+|5h(SFb!d1&zQDb#<+cH=o)mmi5b^*~s z;$*4P$ga^(@3p-p;vw8)Ch_C;emRrmrj)|8HQ_gY??v>L*bikKdWV15&qN)@YnQmz z$c^S2izk-mSuJf9&OJ1H0-!Dqtq_`2%4K~uhx(ObL)o?ML`M*gqBAQAA#KXsv()3d zyr2B_P-0ghTYA^&&rFb4yg3I1)S-3$RMORjV&tXE_{h$Xv+5YYp%GQ>8Y73;8sAl7hJxyuIig@l@>UOfbq^?I3+A)eAZwNYO^h3^ZjvoT$Uc@ zrmwedJ*LlP^*vEfg1>1pkuQ<(atv?6NySQ~_n}gs!tllJjf<4npxJ@-pe^KlP7M!{ z@ghXO#-Jdn*8)Lj*cVDK&?jlPt-(m-@l{l@WnTW2lV?#2v(c#(vQ%7{bM?(~OQhS2 zNvHIq`6{-qUki`mIX85ciT|3!kmznr3}R8g`HLvQESrqHbps0%*+grd}K}1 zLY*9sPiT59D^87Y0$G7V#$=KCvF81aG2`bzH}<{% zm~1Y%VQkA+&91`t4yFRIu$9ciDVb6}^BP`xV^rNzY)EWf*%F7;J2J&+baGgyYzH)S z2i3BCaUt?~`1xF!nTQpxBVAiIr;39=cWddGwVQB-a@pr{5qCCM7hQxYthoi@QBgnM z()hI5ur1jk!|HynCkqaZcrE zKnZfBxg~E5XOtI{lRy4oT4LtGuUPq2B}=<1S=d#{t8Xe{4Yn)PC|u%M`$HZ1>qYQ8 zlwj3%QG&(nDg}#G+e69j1VF)X0Bn2YVdjPE?vm*Hi1l|PmT#l~Nl-F?^fy6?{hOd{ zz7>n_lG*NuABv>Vs>O^1F8f(wE zs@zdFXc?ZQsei{`bf?cO$kVnUr{GP7tJOwI@d51v&oC!-gx0E(XJ1>#5OWJoSWGvB z^^e0X?B+fngBDH+dzCEX8_$@SCa_op(s?(ElP4 zXMgXZe9_Y}7EigvS&C?88vVw5L(Q>(H=(KAAM*UOSG$zhT_IZ6C+}Z$^qR?z>sLXDy4k6i67OT($gRw*Yhh2oT$Qlz<5W{84`nA>O?OQn0kmwM6*uWP(&8c15|}$Ek8jc9 zXyO`=>*J8u0%^UdU3XX1T8|UL-hD{Qz5e=Hr1N&xKkB;@PBdxB)$pPfvgDO$x(S29 z#y5*ssb>|dt3Ta;_b|MkZa`|biytdEYE;mKQ%*8$AX%IHEu3G-le(WEy4s1(%A0;w zmFkVmWgS?mIjn*_TtP7E;qV3MUn1P-4IPblZjVm$jAy^F3)LB{oWJ|&;4NW#PYFj? z;^&5|Z~X}l9e!xlcT)(NJX8jOE-rR(N!iA?B7(B-A!FjYY%21IE2E0e!Nb)@T;?l5-wnzCtszk{Ow_TjOi-i`n##isj4I(Wb(;SKHI$7A diff --git a/tests/security-resources/unknown-server-keystore.jks b/tests/security-resources/unknown-server-keystore.jks index 88a23305d246d418f42f39b4ab243aec7634d971..4cc45b97026059c3fc3699b0fcaa3a19c364864d 100644 GIT binary patch literal 4192 zcmeI#XH*mE8UWygBt&|ZUJ^P%a6$s83sM9@Q2~(-3mAfiAP}SlmKG!^(o{NxDjft7 z6a+-tB1#bvkfIbtnn+tZ!Uc8r?C#xj@BMN2-<~;hX1;g6AK%Qp@A;m0XKrT>1On0h zb~0SWyL;i?<#F~P5SWIq9Ipq#%oUV?qaYB33{W7R0ENyb140L;qhkQ|AtPg}AIgOS zEc6U0svdQX1q^0_fdE@H2f#)TF@Z929ni#i5WMhbjnM1>>wbud3$E$zfxkkyiar7; z??)h9hku=f`2GlC{B;$G6L@zIf+GQE??G^NL1=nlwfCW?lMKl_# zWXZ>d0Th*hBYVfUz~8?F3Rvv-uMLKQAQUhg2%vx&=_p_@DA(|KVXZ2htA0G_bMjW0 zqpH>EI7~Lm8HiewS+R8F#Az*^UV3B*skU!@8r@|QcsVKG1%Dq$xqs(?7=C5YcgnYs z7FZRND)g+|A-=#EOhR^Bpb4X0u!ZQOy6RXf^3|$w(PBMr0FRrU)=Sh zClsOl>6wH`{&hE7OQAa z%%^WdEwaI%au)(eqiXP0eYmF@2Ct90I8NJ1FgN{JPX_^mz}bob00{5>WMNh)50qQ2 zCOtr}(IO;Az_eoBs8al#<$(X!L=ol!gLk1Y0J3-a{a4*froFEU25A+JJ;8q%J7v^t z7TP~|=Zc^;Db?K63hY&Fm)y$G(w#3zTX)FYbsFhB>-S>Y#jDGu)nB@^a+c7ID~l3r zV^34hG*e7(49qH)(@uOw*1Gy`9JNb$E9svTK)&KoJFsaY1Z_U0o5GO6AJ@U374OcL zqZKz+Q=Nf;2zN+F7W=RV6hsa6@cU_&W0z`|3+YoTK;sjS4&|j_25#rYj@{ZcCcP7< z$1jocp9D_#BzIj@em$?Pft|e$d*5SG0sg#}(!n=dYPGKVp?z3s1WDlT_tFy*uF?^b zSyNUKOGc##7zQg-nWq!R-L(sx3x!B5SskL+f|7~e+7CAl)Aq^}3}W?kA-cGFyU2el z(eL$H2Li#s00sJGue=!L=)q7hijD)kmyS>hbQ&{+5WeJLP0WoHd|qh6*Ua%2i&1VW z;W%T(WZ?Ep$9rmiv{D3P!fMBTbPH-YqM(cq@9&pdiLI_}^Byt6I>{Mco7GjUxGfMs zc5cg9DA37hMy~ZKwjxaia9-Vmc~36TMV>v@6V#HeBYcc7E`Jo5xM?}qpEJny3*&Vg zUoA;@vY_;F9*4B&ncH`bBkHbR68nXdB)&3GuF>ngb&2HQERh(TU?3pAO{82X=uv!Z z*T;1H?h>k1Dz0r=@bKrvl91ZlrZpK|D{ZY9V%Uxv+JYYb%#G`nJ@{~Z5pOCnUE$XI z2W)rRUiuP3&d7!u3ea}na?Y<+I^Lzhlzkw^vt=T!7V7-FoK)Fk#H2Is)k_YjP#BdK zDB*Kq*N*kMM%u?Z3Eh+*j3-g(@oQ7KnLLBb=TiX{F~nIlwUz7n;EhGEsgtzQIeyN9 zz*3DX#dn;}N_b86TKmg)Rx!ec5{wWV@Crqt_vSAK8wl*BIs~`P^xGCdY|v0{_`<=a z+SO$IDTR%Y>}IXx?tiqe|)#EeT@TEsDjhEoJC9|>$<4U+E6V`&EZ8b+)IHhLVZK2PJ zZZb|?WTDwi579RK?1PBB;kDsB&IB*DONmb(8$Uti_$K`zG3lEAYMdSRi|fIglIC9S zJH(O~s_=@y3$_JnV#&_FE52EnrnQSjSptl1fk_IDf-^ji;LYC!g5(@|3mE5bW zcW)_KeFS&P9o~APSLc5#$9)Wun%}a{ecVmATs)Ml%5N|+oWibay=?sehjCYsi0w2q z30dMV&8$@~epK+LZHV=9X7B~p%+CP}+F7$A!B7^??8k+Sa0`-(KFD8WoqAb1`7Lh}EC}wvfFW1L3^^&P0`oa*s^rWeiGjA6rvxyM@b})mQ z;0Kq}N<(GMSJ}PsRoAAn zk2%BFo-Sv}-Aq#slVOa3$B-qG`d2dw4D(s~wbNod3^Yx6rPll=<2ABM*{IyIW{zIP zx+{#yBUDF=!g#+DjL>dWqI{RjM+%ak6wh#{`+|H7sqvsjVRSEuLxgka_B=jcCW7qD z2QgGO3&AYE5VkxO2=~PFJUBrLSVbzCtPZg}9OzFC^0`)8uXb_Frl2aa6gp!%fnHVM z-DHb-<+H9Rcc|=mdeKndrqDo2RD_*d_<8wW{qf;NVzSYVpPf&CM!1_5rs+B|lx7}g zcYTMX*hnDzM)S5EsFF{ohW$`XjX$kUpQ>@b0q>Tqp1fgw&lye+`RbS7pt86JmAO5r z^!^H!Dp}|nS1PUdPkYPXuY^B9MG3tJ6-D%(Trglo+wt;-t)gD#;Ght|-MpFs#m!7@0d8H)JT@w=m1L=a?4B&zdQRoGFqB=b|WWJdcQ0&*ScCIg-SEEsOUT-|%lY9e7OZ|3;YLXdpP^cZiXSkQ}_0L_pP<@S96n z&PeB^swo4gedBOI#Q`Km^pD%Lg8et`D%gL8@D&okus@dzN(X=d(fwO-C?CKR^w&7z z+Mgf^-A{@Gdz(8928V$El*C_wB=SB%r89Actm@BrklQRLYbb8oORg~V#&X8t?M0L& z@S%93|3X&IGW838L#Bx1GJo@~1?~VX`{gI0&*^H0*S3-c9d+{<0cVDt)rW$H%kmN?Ms%nJH|D98ji2XZQD*F)%EI3_odhmpkTn8*CQ*dpl^?E$=DEwjSl!nwZtAlR1vLY^ec+mOs-Km;HPn#`i$=WU&DR@(N zl3avDRCc!@oapONx)` z`)2sV4h4CVmRV~n2hIsQ{L`fTWuNrlD*T@&<)0?y|JJ1FPn-!HW-T`(IEX3o+Co(w I-qjNR1sPS}5&!@I literal 4191 zcmeI#X*g7E9{})kX2CFwWh`08n%$WhVvs#Nk)@KQG-M|<3=yIci6o6irI0OS$;eWo zl&BtL$(o%~Xrri5d8yv#dY;Lx&jNVr#snuj|8fTz6yN-ltOQrCh=0057KXz(zI26N4Y!$24e1u!5U$3(@hEf6;w zN;%Oo@e?-)av=eTjOT+eY;XqzrvQhs2h}g!Yll6a7vkBN;u2st4xxGl`i0_kpe-9S zZ~={fF2enMh1>Og7dTU|5UQWIpNBiuFE|Ki97gpG4)LQ#LO5Y=f+j>H5b$^{Jf7qt zf+0c#BBV{w{5kRe-vSMk`Tb{uNB~X)F#tpZIbk#q1ZE#MvFlxbw-Un}V`{?B1t^*t;a@@8?Xl}P zne}vdrCp1rJ?A(ba65op`DpnJLOh$nQB&Q@YD{xqD=VO7ip^paPGLl z-gNiM#0^etfQv_k<$;b9oZ_&(wJV4=fhD zO)6Km>^rWUOk^m=7tA<)4-^Rj5L`nbA^7_3_ouoZOzWo#0<=(iT?4IBO9K8&fJ{g- zB0LjycG7@%E)cz<9cbfk8I>C}wO}_@uhU*xzn$ACH}jea5;JHt^iEJ%aWSoaZR>bk zU9Lgo3Gzw*vs1Yj-4V@CWK7r&UKY_kqQbCxy9;wQ0y~7gYa#V~)O)&B290%JYgT$m z3Guq)ws*wCAP&>>!5al{D36eDEal(&_AppmLtL$_e_$bIfNJ0qx1>rE0E^ZfY-O!s z{j#Qy(2aUu6_U=yjuf?>mi(UD)8pA0f~}q%O`aKS*mfggJ9~tX6@UKgHf5A8-L$5B z=(-Vz^KZ`nBMH>SCCCO_tfwak@Pq{g1O*=sQu~pjKl3vi z0FWR=LwsFNFHRLU5CJN~_`vmWM9>hkP71O3XZR-jR{}+1R>(KIU#T?}SzXWC*s5G!wdbp(*8^NXc`0ajOfs8;f$hPsrxjwtWb8`@~!GK=&e#H9x z*r^!XwdN!4I2;u%_CzRtrCYy7yhk3lMV#`PM3nM6G0!Y+G`ZxeShiq3be##&?P~Tt zbQHRk*Z(`{J3oV{7Hy}NwrDW&Ex9_jiIbQg9c_C=<}`)R>=jkOC>Rr|wG zll{8&1*+%S_lv)}dbJnx$wiGnR0G2=`3n{An&tHrG9{(s}~gX ze8Sd6@9;&r1!W34G~r55jX+2F_=HX)v)8{pE&fYqk6t!*^t{qwXXSRClmgwPRodEJ z@0w2^GuN9&T^g?kcx_zYkNRf~@D8)lTK z3>Y8br!lhim9+XzHJMqjVpd$kTF01n0;V=ub&N*`lXrj1U}+uMMC2)_6;aMahR$Po z$uZ0u2@f2sUDG}11lNnU>B} z(@O|BRh5%{}9*Iigzr{h;qp_H4l=Y03CFXo}rPB{zk`0-PC$XctBeRwlf77#O-O*ocI7u0g2rLE1(9cF79 zX=a=G(#PbJFzOxfsK{m`@=fo~a(&_7c5kzx%(g3S)Q0>g_J(?Pod%P7TIGEh_`CE`(z-}~zCe)$b5^XpJ~y$+S$ zA5h_laAuO2^ZXzGR9gQ3Nce+O2-@pTA>h~HLLg{wIAwhTio~NK&J6{z3BZllmGpDO z@rM!nkI{dHDn&@)2dbq01yv3|>c>x9txM(K3+7hlAsIK%c8AP+h09^lMSGNX=O9mc zOXU}my^n2;(2SyySxfq3t(Vd?+A0R^V^VcZ3#gK7JvN7Z_Y_|#9=+tTYlU7WZ7AJ> z-)SWJvG(lC{@wBZdBxUt(~Z%6<0w1l+0W*1=5w(?8=;%C_HnUv65q7yqobGrwT3gZ z0n_*GrMga2o>z~&+IzOmbXhjZ-b>O2FA+DNl4+YN?4Z}pG%cmR-qap*8xqAA- z>AgvluEY1eMem2_4XPO2*GJ#u9Z%{(tLOvzo%Nr*)bu|ki4qE{0`k)PTVmb5Ve2=J+YS9?5 z+m`bB(Cd8pl4QxHc3e*WbZ;#q5R=C-Fkh#qiP5Wex9ma(L#*Yao~*{Uy9L=J)BNMP zoz784gEg-T7dK~#vAW99k5fK3rahy&?`@;tv}T@jE9PS_xwB-XHqUD~1Xmx8+*CC+ zk*>tRZ1tF`Wuf_bd;Av!ZT{|2{<2N_PZ|DqkMehq@;~cQLYdM-+=A$Ao2VFVhv`P( IQl=Q|A5#dF@c;k- diff --git a/tests/security-resources/unknown-server-keystore.p12 b/tests/security-resources/unknown-server-keystore.p12 index d5b8d543edf07dddb568215e23e289cbf968eaf5..9d5dd898cab85fc1db313a58fbee8de43a13e0a9 100644 GIT binary patch delta 4728 zcmV-;5{K>hCio_hb`;|lPXy~Sn76F+zd8Yay1meyBruaf1|)wtIIp@%9s`Q9^Yri) zYVhg=f&|cKK`XQyZPQmF4eSN1P(dmtd?+%N{V@#=!1%mkhvaRw7?*4t=yEaPaI+7w z9`cen1&}m>xYW$tOB98d*IqFV0y{F(>sqi}Zr-|Dp2@LU4!6~KeVa8Jrdi&3nSK#F z%m1fx^>}Q9+yZ}n03`@2`>2j0DE7C((KF?%aR=|%mx;tGPfp%b>Sv8Wwou{9dv<~# zf$ioe6e76UC|TsUi-jC})bwKemQDXgI)Lf*6ba^CSRW|;5Ce@-R+zFn%x;#f^T!IdTd4{ttFFFsiV(zMjY35 zfCIBdWiw|v_SxtL4phA+THtYt*Ggh?3V2}&Mqz)ngu@dEpu4poMKYRe9~&U^Dij&R z-1WAeeHBf&TvpFVRR*BiKh+>l^-c|(lu=L5hI82#je=Qgx!$OMi$kpbQ(m zusM>fSb|xSkq4Lsn0*sz!J2o#N`&-h!j`0KJ)k^tUbS;3Fpb4Z9P67L8wOnx>60wh zv-f`y)JwQEq}DuoM*wYT%UNWH*t}$tqA17KGYmC>s2L4%hv3RI6UTnfNiAQ8WC`Rn zmie*2o>4B6A(CZvt9{9xwhx_5l;IkxweVGNtBFZi_3{O4Z^cGd`lUL7Z7km%gbYIO zw?@_<1v6cFjkX%vWiKmOL6HK4`Y3E}6VZP)I=4D^Y`oK6ZZ)b=mlr)#2sebz|37)p z%4v`FoNT@_@SL2t4WdoTbybP;->}GfigIFR>BJl-Z_=`mN8OtoQZYk`4W1h&J6B}b zvc7x#T91i!o4i?44z6~}oxxxmcxy~G003C-g{iPfIFwqq=WqUNh-92<1?Ei}J@$V@ zUN=VkyV$JsuaFdEiAl4J>|!7q^A4;z;R!cPM@KbgvApEg~Cz*zUaq4R-o#;grPtWpQ z5v#Wjvefcd(oBlk7c?J4>@Wy`yR(0!YS5Z7rw0N^mxGwJW!@D#8R_f?Fx1Q?0-yP9 zny?x|b&_QOI0iAYzeP{b3Jie-|K_FNgTN}hHqT=MQ@gPrL*Sg^d4{l~KTUu9d=R>M z?2n|3==cuUhy0=HD3t{_aqBw(*HW;6Xi}u72fyg+k&!8B6wC^?5R#)L!;^m&*-4Ic z;B6!u0jkH+>s#D~&V`FP@vI~uEdwESPE@yXuoQWsOH4CaqDEMW(ylX^7m|RqI1HoF zEqDrGzgPtDom4vLRh|z@WT;b$K2t9Te_!~_-)TB?y`+Z=tqnBOoL$V)HgRSRwIvI# zF;Flo1_>&LNQUEhG|kH#fK?>)YP5z$knL)fH+#s2&B1?9l>8zX{6|(Aaon5bQxsM zvv;$x@kY5aL|yq|?YUD`k&aW>Ir?oK4uH`K^8Qqh zZ*k)LN+>M^`wGEZxpn1F0%dD?)m@&UuVk&Jy31x3r_!DehOHtnD4ed!fgH&MPtb&n z7RYP#S{T*1RJKHP#+tF$qPLrY+2H_v<&sPeo|UVNi%?Jf+`Yr_kc!O(lJBZw@bE&O)(lH zTvJ3Z46Z)VhJb@~Bd$s?9x8S}n=L~N@=Svc&$(Y%omu){K%WrY+fr}nCC^c<32LTV z`SmfOn9`XLaIuHQ|+xBCVa!e!C`o`hQ2lYxeU^FNC&-N$eSCK ztGC%HLbl=xgHhu4t|WhQBXQ#OoE*VT=6`GbeVp&U@s!L>NPN6VlsUW@v&3YsAdITZ zys<=i5zVLDrdKeg;o$?*o6?AZVh|Jq%^TCC?4t{^lvC|V*}fePgd1Av248$-(4qHo z4-NCUS(7;TEDnoN9r8JRBC3g#A@36gC?_E9s@Yyzw3z{F0(dLQOA-B4FCx2&A z<~a+s*7`TnwCktZL5GIbOyZJTW0r+TyQ0?_^)BK-40wwCWFwFNfG?74RrSjCgIyEt z=9r({66$03eL6=<`KW}|#BIN=rZ5f0Y2w!cz-x0l;nhLM^si+jAOTG4P;sq3u#ZcJ zmSW8rv??`ztP!^Bg9nZFii0C@U4OCvD>GQ>0==9A#YmDhmlN4qOSH(V2tNs4z+Q^e z50ZY}HDHSyvjxE4!_&Y^{Y;o0_TTQS94^BVJtW<)YhOP8SE5z}%D_N_`MS6zt`F_v zWKjjRkPO!oy=V=Guh8pD$Eep9V`Pr^@n_&W_lqHyzIg)r4cvsbVb(ZN=zm)ulP?5k zeonDFdo0nHn)>p-5fSEjXR5d5Z3TC+P_f;9@-f6|ZIt}`4pECj=y3!Min&w}Xgm`H zzJCd8S@P!1M|?BpM{`QwcDwZkIrKZph7{TOEF=5^({uJx*n@P|o;eLefZejH161(U zwX=eA9HU9T87Aq2*Dgq1SAT>gH!;-N6az&EZxyfh(*3CPdJ?89s0b14MWE{%cm-nx zd;l|8KU^ajNZRJDXE{!PNmPxhHjSHOS5l)^a$0wE48#)PW#}fSJtZYtqZo|8gYwDJ$&wmrjyOF&SH@9n$BOX6@N;XgWc&tk`z+O*?6~iE&ak857dH!gkBsA_P1yGGpw|9;<`0{Q%fL&3BG7m1La}%h z4Re%P!#%bb^@@mowJS;%#HF=1Dn;EE+62_)$#TRuk^+26#pT_CAAWC^M*{e?J*VX( zN$H8g1mJ-DnX)KGnSZUGw- zLeqsoMLvNXgzC!$8%j=L^(kC!L37d7v=}^{6r#Sihvga`s4&{?mLg2 zY6CoxScBZj&`TxG(Z(H(7b<71Dm=OpS_YNp0gz z6$-Ex*tYU50_J<B?u13V>Qy#S?7N>jNm_3F zVs>$_1hMb_b+|0+XYYi7*)7M(54_$rn74KxZ`oaOn9tkLqNC{{F=slp2R-?AUx11A zt5Qboc(HWtr@~URVD!I|2;%MpKl!c=IYF=Ps9Eg3Wy7FD8FRg1L=z)#)mecS>ej>pe8_8-S&~DEI!y)pt&$SOI0Bxj+bh&}!2%3z>Ndy^`P79!72*)t}m_=6LVid(1O2 zc*I-xu^;v?Ki20X0Obg^2PI~|6n8vUHL^z3lWQNJ{38!(*^R27_a&5bC?`P1ez-JJWMd?w}bkWW|co%HT{X zJ$uHyr-eVs$?&uOao~kwAk@W9#=r@VNwTrYcNOL6lI8lSH=gMQ)r=3m_kWrIJBFq^gOBlG1#Zz=hY~-ZV-xR%EeMkn%3cC!v1!-~; zdY_E5y*u$^5hPAeDKI`B#~B5FK!4^nD&V+xqtVE}Ag6Ex$L?3;EFeO&<>rEpoH`qJ z8+#M|tBhA0)BQZ8z0G~w@b}91;ZT>e+tWHT)t7pG>(!_ph4WH450y}ky8a&jT0e0ylHrR+uQw;w50)MghUSzXRYGqN zTTvn4&;EmTR@%SzzFMrKdl9M%+6CxR37$2tw4joXbLjES{G{+Pqk%o)x5 zz~i=u2vS_+XfBpit0kOGt$&663(ON_6f!176DF%7cX)N*bCF?}{9msE^OtKmi4n&v zB1Wjg_XmOh5&)J;vz9~chuc7|TR~_d-T}5F6f6drB~}pq_}2wjPNXWHyX^RkfG58~ zsPeFxUey)FKtUe|4NqsQiIm{Weuqb3F8^?;TrIg9oKY-vk)IB2SbtHRy^$&yRavlW zPv*1bFe)6yVzti?FL+ruW<+UMcq}MOm0~&ank0ni>3G8N5EjTi0x=+PN=Dl_ei74v zG^w_hY?gvZs<)E0n_kbHVn?~av)r6FmCE5LKOGo$Vw&Y`4KH;1?GdwePz9?d?dF?P zIyVSR(^pLTI64^-e}7swEA<#4VSz?lE|s@d(-)zxM;2))11-l>e$%SH!OFRtf2VT7 z#PgY!UO=+8;2So7<(xr0PnKDceBe5ioP8L51LZ#h1jG7N7BwI7+Lu`gu1G3*v&|ky#H>vhTsvhCio_hb`)9eCPXyPAsZSaSc`i2#+c|vth$py1|)w?NxWgcD)ZW}!26Q9 zaH>88f&|bV%n7)k>)o`mFn&{!BS#2JL2{LbkeEC$l)@*#-1zhbo|k<5((G8$`YYlu z?*1x>bg>U$6}A};LK4$=#7*$FPP?OMbL9v%{!>pjNd;`mdSu6UwH4#~9G8ffe^xAY zVwTAgn>u==bl-nLo=MS*(+hCabx(8lMj{|;bgRP!NLd*t`KL#wpOjMAlUJTeU^U?Eh5c2g}zYwiL+ zQfQ!UW7@C2GQ;2I_TxUx$Fl=S<6pGmAaHhXL9V_2_^p5GE84RBZkXzMMwI%e`-U13z!kram5rQ0PndB~~8s#EYMa&{Mns5yCNK0AhuKX>7=Ru|S(8R=^ zQXm&ElI)fTj4)&Oy8N@Wfy#_cur4J8V8KnJN_9(xIP;n8m=u^UJwK`p#^(CSbD(S@ zI0Cm`;z1S=wT_?7!DnM)O>tFszPh_{{+47~n6`fiS+v&El}hL?QgwT7xGJpS5>~1d zxxdiZQJZNyha$-5%y&f~ZUZsH&%xqK@0g8auu{SD&}U7$HY{DI!4}VS^21e#@2tte zFK~3%)mdWaPh8?HG16W-(s?HJer$WdJm;w=oJP6+vosnCy?7Z(3m3qj=BZqb4bAkv|EYUzK^ zafLD4W+EGu3NoL_)I&{SW{nm#W+~Szcm1!6+t4jejS?3|(x>W7fxyjNnRR`9WuvI{ z%9AUdOK5&}_lTlziImIYtLL~~&&srY+(=s{muT4)zwDyjnNckGZh*~4x$NEU3LAYe)f~tw*3@4JLCs$`sZ4xFJ6jh@$J28h=)9=Ia=1MOS!8h$(Mf()UZpD z?Ayyf8Q<0HxsqeKj*IqFuVFetXH}=%q6y*TQQc%tb6U6@>Xo!x&)r3fQMzH zHjJ4i1ZtozI67v;B3QaR#d@}yO90`lc@KPQ&NjblALH5HsV$I|CdO=+`*Wa;^DW+l zF;Flo1_>&LNQU6Uj0s(h_A8z z;y6_tC6hr0B!4tdKuZMcY}uoJ7wC*P(9_0)TcVP=K0C0>_wnv#&6R zegz@J=K00WEzJKpTHhxXDKX3qOBEr8ki7no; z>l%v!ezT*J7ku5Sia1g_N8e8_b=d;9`CBzN(+lBZ#!Asb-3gi z!Em*JTz|!3wfQxjiu#01+f-I?0TWwXMWDgR`>+0?{{p*A-M*9+VV+_YutBsF)vWf4Yjr% z9rZPvPJ7PPwD|KwV~A9SF?#`YfC%ygsDkFC9K zq8Zi2wS^Y=hGjt%NsMF0VytZjRmF~ggiMAPr-c;&f7Xq9`Ab+*Y#unT@4H$Z3_=aoA=dUKYd9?dr-$YvaA>ag+dsXFic7!osd!bKNl6$O z2$>484E=frl_BjF3Ut1eLM|}@)Y|?|tba=Ep!Zw#QYC+xN4ESZ5R_R!q4dmh{F00+ z!P4Uvg0Ruy)w`O(a6%E`{ghR4*)apK~gIpBPwa(|!Y zz(MTNogg&*xGu(*jp8w7*-AAn`rSxA%YQ`g4oyf)@Y?Xm?#d`sA3X+$0>D-y0-mUh^quYSL_B*n2P!eCN z5Hv60JnR>K)KLFi0F`9Jme%NZg?RxQ0q*hLii}B$a?OlCAgXizCx0bqN3@%W5Y9L4 zSzVR1?

o?;z%$6Rhvio>p+>lDsBizqbwO=E$uw>R^;I)dsl6_)f@*n6g5g-^BX z_29nO*QU}^=Pw|oel(CtrA61!ylS*at1^pjyK3lvijD@BiQpkw50N9`8C6KQp4GuK zy3OV~ot$v5iHCf;BY%$*xe%rWnPaXH&sczG8aL393`eP!!7q6&h*WBBBnozFuuwK<|BN}EMk#BAS3%fc~0%&Sg^|Hrs4f+eHIvDSq z)n4WITDLvOu$eXqag5gIh|qs-k7jm93$l3@-DO%aU9|$pNZVqmUpj-oPlAyA%?;;& z$G<3-NlS_aPk&G({MxU_y``C>N(PJ1%VSBOxNAP&4NWVKmXcX)st-OzhBjW8Eio-S z!Iq%VyANq>_(iz5WV=-y!%|Yu!D5e1{bnk!HQD}j0Xs9?SpbWInoR@=#Ps1B)r3$P zx2PNujJ+ydbundWlp>GUzAq6-U2D%qI}n&0Pz2So1Ap9o4fAYYQO@H$qrl^N4(o#h=Jnx(uJa_8=8F(InT2o5SUvvIS5=hTZ@d(BKI#51o29 z%5xL>S{7-qO{a+FK9mPJ!~ID?g`kNk1g)3p&wm@Uq85$h<ASv@25Ep;+WE-QCcv59_A!;z;ql8q>XG?iAFLzv!@d7r!?L&W>hlZR-7~<3*5C5m(!MywB z6E7=7x|7IBVSL(DpV%q-#s4wLbg2-CqJL$x>1xU@LLodnhaY1xbhFPt-l}<{;9S?s zpi20L&cOm-6=E+LB0XdHZP(@fX2`$H40^ZSES4Q{F>pZ=TnT;4gRCsrk}fjmdMs4- z1q_?C8xloQcq1-E*MEJa zk-+f&+M4^U-=!ZI@hK(Jm3m?C<1hhv1+<2tmW-owTNREwx5m;^Fe?j3w4ZkGyILk~ z*t{DCGVV2fkPz9T89u(-23f$B;WmZenz&cNi`8;A+xq;*hFVZlY2KoyzZkJckEOlX z+l5;Fx{@I}%XaIak=}Y$yGIc(V}G9*DY8%dOVz$E9I72lMuF2jlwmGi(;OTjIx1}) zBv&tc>9W!8An36aSR{z|#~SqK={WEhh#@Ki;F5Ipy!1lxfp#!`>&?ij7~&-xF2_TM zK;!>vj8c+Q*|SLDE$!~lWe!n_0?|{4h4NC_%zKrW4QO0|5P4(<276eLL4Wqf+ehL; z+^-r78>n&=aKky7C=$UcQ#tM@pQ=b8hfVP|fStCEV@J4uGZ1ixL$~e3gNDIcv!CyL zo_ARaq5-}r1tKTL_q4HHtO-tSAASd2wIo1toF99vM#1j6*|lnBcFKe3)FA75Ilsz~ zAE0q$Cq+yIM75zei^Sq?xPN7boL-TIf!5bszS)nr!B79kk|#A3F#dYiF6`V^J=){; z2vKIQ!mg>p9eD*NHoef1*bCozErhPiFpeT{im zBYr^H`bWZql?FD?Sta8wgbdh04gnNuIlONih4t#m7nlmjQ-uZj2h`)P?+^4@Ad0mbmfq{R$YN` zxJb=4FPd(tDDVkPNx&??l2Yav74AfHN+d}liPZN^z}y7hOxC!>-WALluZSK+F^!E2 zgZV{K%wePpB35>Eh<|%?PGVbV@b{AYb8jrbqr?pjRAuQ=mYf57Z@+_FEY}QsP>p z5EoPmZ*?3_>*V)ZVmVQ>M-1AZ)RUtq&T9?n2)RnKu-M^~X@8KnAdaXY9=auDcokRt zEdArbwI-qMj;K?p)(1?kq1=?V9v_!SlfFYfVWu-wOHE-L2()48$W|_ihpv)SenR$E zL}IqV#}0^ON-`zO5ihSbJLe&>87{^!O)xPq4F(BdhDZTr0|WvA1povf1xpF3 z*nrRiN&dHB3@w=NAYo|{eX&V1q(1Ql7ZUU=RRk0*uE+4Q8Y{r?tj8$`+NHHRA{Q+J G0w)k%+aM4C diff --git a/tests/security-resources/unknown-upn-client-keystore.jceks b/tests/security-resources/unknown-upn-client-keystore.jceks new file mode 100644 index 0000000000000000000000000000000000000000..e58c56235ba4d87b4c673beeb7966ad18ec9d45b GIT binary patch literal 4246 zcmeHKXHXRB7M(;Gaz=z936h~1!T^$nK?wpPNCpW*8p1FN3MfGa0SOWW1tcRuksv`b zBCtpl1y_PZ0Y$PXIX*yrwY9rd@7LR3TU}jU_kLYppSt&+bNcJ)>FEK1K#-p|7{qW5 z?~3>E#*1Ae;Ki_RI0w8J2n0@Zcz&P@0>PF5B5V%eAcc#Nf?;4`2qPGvg^}M}nOoSZ z{a6lxLa9|@L|8lH7cL*@UY#v(QOK8GrbvPeKowH9x-#;&Sr?bFCddQ1OW#l;gEq>6I20%6#I$V_#;R9f zW}el`N$G?Ho<8*TfuPuJ_8C2cm<5HoZ34qYEh#%UifX@P%Uw4345rBE$;|4`vq~|$ zg$<(6T1gkXk5DWPB&!3lrv8-wFHM*1LqSGLD()-GL-pI3qi}j*XH#|xY zOgs{6&xIP-c#pcMs}DPKUgiKeL5JiULib4)h;OxD zFj^yrViS0Ict$I*VxAf~3C?5IN$v9i#TUy+Bga(fBaq&~o5T`vj{I6uiI!-o*p0-F z2(psirA9OFv*|&OxU%S^9n-e+1?g@I+b^Ul74PYlI(S)YhQ6&+<^1Ue3c&Gms&w;T5Gkf^bcm zjRzrL52qc;jmYI%Y@JZ)EEAxpr zxW-Rsn&*YesJ!RRkn-Umz1~|-R1_4P7}|ELCaDvt?kg5pAGc^{3L4=R!fP8vu~psC^GA2eyO-!PC}II&IJ+qJRfL@iXAJ3R)DMz?$7gVl>D zS5ikYV}fT8@)0L&*qvz=6RSd23#08>Y(0~bleQfZsYrPDs4`L=ik37FpLys3uP6C* zdNL{RDpjG5g|Fb`?cBO2o+%bEeQDcX({LW4w`;f+?slAh%k>la~b=I|$ zLy0q0`w`88T@C#7=BW(CN%*6c1%@@l^Oin;RNZ16;*h$NRwcjK-uc`QZosYO1Sf=z? zDz$3)Pb|w8UgQ06cUs~ILb%cUD_ftbh>V8(3EOhEAg$NTU6atdhE3Hi}pm= z*X;7g=+kx^Yy1@q*`l1XShLnKjO+_%-aq_GqUoy-_7wlNuuIiu%1cN{shTqos8VI~ zU4@Fm9X3SXqM&d5I?a^pRqwW*7AUt6IsH7Oc4X*Yp?BqG!n|caK~nqnh=u|)Xi0fb zh$gJBcSaO-ryw3eB2bm#9KTg?Q=EE9ko}4;mIb;QjieE*3~)MCh5dff^t5rwHtOZ0 zSLP}}7CTjrkR4CtEykAcn#-btigRWa# zlkj3+)8xq*+-@W$+b^$sKF?-CbwC)a_Z+%Q8TTnSPS>?`5D1goeUHXvI)CfkwNRGyO;jTOAUX-K*XpT~pjAZDmUJmX!Pf0mI_9z2ol=$@$_s=D6%&`V@ zV;rt};T&;TTQ8gko*RA5%h}^9&dV3zW~D~T0@45qKuSu=$eEv@MM@qfq$H((CICN4 zN&tSeJ1HXsjh3VWD2@VhDk%C8%Fl@GNAwFT)nBnv{THh!AbgCK>eOGb8vXDNZXu00h55BL@+JrFi!y?g2A8?&ozUo67Eg6p$AN6^-fq7`Rt3`P0Xr>w-(}8 zdfRUdYg5MYs(a_Brgv^EX$#GUt<)8bAmTl(az-w+y>rU36!bS@hbll36N+&)q-EJB zc~a9qB=MR>g_9wvBUj$p`kJrkC~WDm^nT5`+?%B!TBg^bKb-WMhCeV->RIN92B(3K zS`^>OP6Mm<8aXz0v;NmbKIIELQG`{^!G4pVCZSZxhkd$;-zRdTO&DTBsJkc-a>hk` zyzwy%yZNi@n!a4O?SFS#-VdFvsx5dnRN!~7ukj6Z6+t|QdyV_S=n z`3e09iuOoDmz|jU$0%2gd93rECj<%xfgc6613|6FT|zLzAOHwpJS;JSA9mCp@<>2zT?q+PXP=czT7w0uP-YKpcI92F3zoBF}F2h`Xef9>`o5`FnWC$3PjIG=S@9 z`4sE~z;cTz?4Tru3aKn36W&#^JfC8;K`uD)$7UZA;IP?X5XyvFRmo3qo#hnMn+7o} zM-$YP$I9N+SNI(XA0s_F*?_cIS0}2xACF#(ar2I~geBU^H!&=d_OT9&RR%g&q zdU#fd-sA?iB=j5?a+<<#G`^dx=4_@^CZmdvW-MMOzn8ek(KJ46{PltEv-4k1=GMFr zS>vz6Urp?V>Cp>|Xira5$-h}RSDLR}>1)wmxu|`1fH?y6OG2PNhw|YC5FwU7B!t|E zwJzyX30L`_s`gLI2J%ogqyVH0Aa{5j=?K#N{}17RDZ{f&6XT{v^tZmbrTQ;ulT>=* zyT^3pnG1wb1*nq>2md9T$!O+}Mgwe?rOF+St~tRITULpu%`Rk_x(}Q0GE;sgHNH&Q zEs-W4A_Q|@2gU-U?Gtz}y88q0{>*o|{J1pD@D*~U@ zTC)Vkyyv(!x?jT6x5<;QwcNQba6Z??Vt%gmX4$UZq&s_9SX&I`;Eb8{KxRE8i4duR z&rv`3UFQsrmf;pS~plI(cX6QkB0SZ3g@QtRe03;8adBi|G3oAl%sh!hd3jG&wF`g z%u>gTp$`9J<0o zS8P`{&d9qwK4lq`;BqGl|H4StBCm>r?0)fGsE;P}HMlMQ0$C5=jyuH(HGe;;fweS0 z;V}J8vtuWR|2WTxVQqgNX`=sS=HLBO{L9RLnfZ?~ljL+{oF7YPqs7v#oBNWi)Js{a G(Ek9V>gxLd literal 0 HcmV?d00001 diff --git a/tests/security-resources/unknown-upn-client-keystore.jks b/tests/security-resources/unknown-upn-client-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..c499ddb9007c734f0242ed05c2bf11673ce2e2b7 GIT binary patch literal 4266 zcmeHKXHXRB7M(=SVaOm!klYM8h{BL1s4(O_fRctZL_uVbC{ZLS0wOs`5|F3}NHh!* z1(c+SWCQ^Pd4u8A*6volUvGbHb#-;!`*nSN>fU?K>F@jM_f-%G1o?G?LG*qYH;iWh zM$FF(BZhW&al&9hAn;wM29OE}L<9kFuX$Qnq z44PYp?lwrq=*aIaKx`z zrHJ}!l}Xc3J3-j|c1i{3UDDx#(czJFAN4f05l82S>J|+{6Z)rgQetoEvM(o?opHft zTBr7NEDX79_O@uSN~~i2=nXIMNHyNNP3FwCW^-n4_QmrfQlErE=X8?3URK|wo!-`^ z(qVmUg&SaPS9`Z|fQ9Bw7FuGwuKXt6GN^*13;0k{qm;sPROcy1iSHPEuiM^>O`*4+ zc)PD^ulLZCS~1MGkJGylw!*hr<`DWhG*^h$9!jp%Jrw>Lr_Rziunhl2XqQgU}CO-6YHaGs-#W)GFJtn&_N zxiUb_O?3W^y5DyKDkNLv9D{>}WR!h9^f2vsYI=W-(W}9}F}Sv?QU=4|t3wZN+<8fd zY5P|4vf%-&(SUb4J|ncy{#*Q3PgT-{%rmyZRI9NWsScuZFGg&0{csBE&AvJ);vo*D zSArj1-AgB8=8f}Mxy+7XLN z2yY3t*T&fk4!QMRMOja=vjNf!HdE-dn(NW4y|R0gBPtzcBT4T{omMlAN4I zZvjJEt<7Lwq3+32m3rDhM})FZzV37_NwEpXq2W1?C;-SM|DY2j3M0>*kPsnLOa4rM=C}!Og$e8>}iub+ol6e zR$yJceK_RlYuiY!usNmL`}Zx*S#t>hil_nUc=&RC;y%?ORUBudqf=I_SK?L6NI9-* z1ZlPOdku2fyLQtmwba_j zyGcM~9B=v6$73zW!heZn`*dP80Iw48)|09}$s8HsRaZ>QoZsR<`<5b|Ek`49f@hZd0ZlKs+16gJ#pMXS@3zhA zhh+l0xxBCFkW;jBMXY_f}p*YT`>6#_@ z-P6DTl?I2=WO7#=<_pLAlcJe6kxm_Z9V%-J(M4OH2C*cy7;f>6%4vAiBN~p+C80%+ z$GQU;vaX^=oPH=Jk(sy*pa25F*DN!w#T}7Vz^cPu$Mi3T(Cg^H!~GN7LW$y z0EDEZjJyR44MLKTkdl=Cl>kB{DFCwL-H90>s;ZKd0Qqr1N(ogZK=~Ds{EU8MrTi;a z%Ku^&1%!WKrR4hyR@6^F;YOV|_=Ow5fqDN}6M}_6abOw{Ax{p$fx)0E-<^x|Ror{- z6X}fRt(VYe6!I?&cEHaXU0X@r#PQbcess|Kj=k)Kc=?X1HZ?;rUai;oO7fc!U zyuMUmbt)9a4poG5&M2oe5!dFk@nq+`$>cSUk0n7+-Pn9>A7rtqr?_vxgx@Hz!QWF9 ztu^R7KbiTQ`eay!RCV5z7T3i4%^Vs=N=843$ z)%+_D`z($Ml|tnfTKb}_XL~wP7A)uE$a`-XxqeG(Es=B6T1H|HS8XipCu-(T%r-2UgliQE5}MGtQrnY$<2-u<$tFE$z$MsRL8Fd4hMz=`8!J{SwYbd53ks49sPp&}y_JMeIQ`3`EA^wi8Bn@u19 zq1j-NoGI1W(;=t6F!3?IY!kC~HkF(A+&rA$Ad8U*L^(ifYdmL44=a`P?|$2Bj5Zuq z^e}#Rb;qh}nWRF)W(U+zqlz5mr)?cdH1^U!ZuD7*X%V!6`cO2y3Vfz3Kzl?_36z~ ze5ON;Je~};RW=(?@6=z?8#j`kToR%)4d#}FYMwwWkcUjC4w5u!%J%WHsI5V-N7ehIbTV${5oU&1^eF}`RnJ(kxB$@IE$22-G}nZAj6A}H&!X;v&&>swmg;_AhY{;YfJ-XL07b!g!s z&C9H)?RmBHz#G#Td_(!Vg9BNDPJf_GuHKM@7j$6J=&?zdXx{#JJ3ZM685IW?xu42_ z0DwPG@^2Y;>@S=QVDJ%)2!IkEe;TGA6yz~-Ud#*uDx)rRrt>wq zcEg@wnIvg1I`5t2AfSU{t9VRLKesa47VluG!%NB^Tc9_!Coy?2!qTub<@l5V-i#ADh~vX(`S93*KE5}<+F(C6Tu zR6~*%{NFstS=2&9q{epch6qQW-!uQ=;mZrMGOHC0l``%B0N6PBumAu6 literal 0 HcmV?d00001 diff --git a/tests/security-resources/unknown-upn-client-keystore.p12 b/tests/security-resources/unknown-upn-client-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..b12d12c4f72d9b88ad32a0759d1a3939403bd12c GIT binary patch literal 5072 zcmai2Ra6uVwl`qG^b;B?Iv7FfgNef#trC5WkBWs_j39LYAV}^0!d74e#>fBH z!sq}XFk1h@O@FNp^V$Eg@NiMliV+yHe?dvG{XYy0e6R^v^xqN>`~m=chgrwFTG}+U zwo6I+P=rN5#-8SnhQ>yOhROiO!^HmIjc7O+C}3Jl9P4NmR0ui%l@mY|!1yCGxz&pZ zcjR>oD@-2_KmcZ5iBCVWCmyggF3iKRm^j=jG4Mn%0Cuk*NKD%l)IH9VU^*OZ;x=TE z1?!jQonN8sgSXOA9wuJ;mjphDHuSkK2i4!|WjEPR=&CoAFF)T?eu0+>zI!ky496Dp z-{P#wgYE~qm+ifFXNjYL#_=bG?oU!7^%z8__f^u)rverHLSQ|OPuqW-v%r`v$94A+ z?K1T=cK2N4+81Xwxt_wu#GBd%N?167a)`Ge>1h0GXH#4CbnzSP;RfeapJ(>4p)pB&AM z(RwvQ)Ia!j^OP=@weIfBR2Dzih2_BmYDn|CXhT=|ET1>#d?#gpBG%g~l;%4;tn||= zB_B_-Xsq7Y`E%|O=9rbBBdEO5(o6t{X})^(>lWXLSim+=V+7Q9n^%%S`&qA+!gZXyVh*{@T}vvKQP-~3WS#{tDYQ< z31PXrHPC!k4UJc(zebk9bnn|-0q?R8VW<5**KgOB$AosCQEw_FalfIzqllt;N&7a6 zGyjEEz+spBEvjs$V7$Cw@w>_ts6#_raISHuz9UZ*u3yq#Sa`IE>|#o>ItQ^!@I$d` z4AJKz1`vP>(2}+29(`=OXuhIF+ z^DA*3dWMW_Fyezyh1Tv{Ew*k%Y%cyWmR9TS+$K}}ksbVGxk2N&#vVT%Y+VyqYA+du zW*C|bJmjcLV%W_CWc&#@5lO+ipPK4~|f*jXPk@J3AXRwQs-C(V^zUfdWVHWH_H_5jZIengt_Uzv^M2L=lvw8?Q)u9S&g03T&PXy44oOfF$)bNr z;Q1`BUmV+Xx~omnHbUgI>MA3v)N`HiE61dCmho_kGYEIlsUH9tMs1ns=j+ zwX!eAQ=x-+*^jJ@Pk4k8@N6=xpVC>G+=-`jB@BjQgiyy11!_ClT}td7DX^|`(N|4P zZ%wcdt@M0OzXn)siaH;ze9AAlzE_0rK!=pU)U9 z@Q+;L0Qp$ym{Gh@+)$kV8Vtqvujl?-!~ZARp}3$xQ6PVFFEHc3Br-lAfJ7ha3SrX z-}K)%&RL?NVWa#f`OZblO%2LA<1&iXIxf~pObSEbqcGnnD%2gpJ6S{V z1*=1@T}w=;Fae|Lnoiu1g}=aJ%*?@zt&y;0?^2BDwk{5B`d(V{70}$(;zM(Fy6-Fj zUFD)i~ZYRGG03A01G-<(fY?X``MrwKLEb4=vW1B67X z65p8R*WH^9kY>4rM6ZosQ}?x{Sy_isoc-#vBhwbM6BgL;c%Xft9Y{oMcbN(%F{Py6 zx=JwO{M6*XL1I_BSetvB(Ww^_zvhx2g4iE4XDW&8)}729dz@2|zSK+=F>V@LtY}ht zg4#n;snkDlob7wR(Qa{9fA66Fn|g6A7e;Q}SYP_$Tw&Ijp}}QXYa$Q1L4Eu28Pw39 z_98@RiTU!EG}?mBgh2v{O<_KXbxVt)-q{3c|L$vP# zWc~c=FKqBQ7wmQm&`6M6DN9X;`O;HP^mAhBZG;zLK@1_?ooH7P1lnCd1)arNprp{<_o2`GTV z$uKGbL*tRC@ii%}3{J*JbXk|x0CnMhgZVO}cOV@lx#~Ozqst|t<=9IkDbkH1PoM=2 z)XnMno!8tuw;sUp;F#Z>^bHfpoi{F(@>T4V@1-5Ir>V*#4|B^ z!g?tzBl_;>eP-Q<0l)`NDR}Orl!G)==+D^s@(igGs{qT71X1?RC1m2>00*?yEot&+$OQpfLtOUemjNpN%Z{+-g$j4VuLfw0NH2l`d%xZCcOMCO5X}33Q7qI*m3j6+}F|MI6^7t<2)?X=m5CM^CC1g?{_aT9p zDApB;_~2yKJ6Y+J{1ARcyVK!fmh7+?-qPVZw~2(+SvJ?KLm1Jk&>z(FU+xb%Dhk)m z4mR~H;`mgw8lXNinU42=p7g2QVvp^0c==S}r|LFh$48J6^sTa^eHH)I&qA?7ipp63 zr>p@M0%2uc?E2bR{I0se?<8qkN>_zdO#H{IoG!$K8d?^DkxG0Pt^mRP2IFhD+Zh9H z_dIO%gj7pM+Cyg_vVuf9QFB$b+dJ@X(za(~j#YH_3#Z-~Oi zfuL@415!ynOumtqVP}87lkJ4m8B&+Zpr_n+N8Wyn#I0ph`vmT4 zWI%LEbv|D}3O*v^rYqF;?=y1AQz2^iU5y{xQ|~lU#Sf5JBd+nIZGdrptvEtOk21Wv z)}RP=f{6K}#2DL;Q|Ai>(>xoXSJW!iU%eEA-RFks64am5l+vULZr41NtigoHN?|GN znoLDM&OT+01ifug!&kAJ=9S<$Dc6ISLYD1lXNwI@cw_EE(=ob8&K}cq=HN|Oix%=2 zuiJQ+N05;6?=KjB1*#L$GS(Y=C5h^-!lA;DD67kK!p1n?4$EIk^hsZS6i0NXIxqEF zSE?PbL9OiK+YR?0%x1(T#?jjOU1d^L<|GfqAc=VUA~fUqsvBn~nKP&ijbec*RwYnw zUgw1)Dq~f*4uO6oRV>a>%L=Ur zgyR7N*_|!y(N>K?%SkJ5t{sR#8L&4)|J?e=OtK{2qNb6i>eE@yTrTA(OZl!{-3e?A zunB5}`TuU{wMnx5uBY(^ta$dBF`^f>$z)lVC2utb_WTKYo_Jz2+iqc8ToLg;8dwfL z7aWsik9Tp4A&P%Pv@XKR1_lwZP4T0=JR*TD8Q#QFLb)szB1Vudr2Z;wTW{=Fk+UjN zG9I!?h8IpjULeps+U&X&S0m+j+Glq&&?PdRiOz{ok!e+}^*^F0_q!yK3asTC#ITQ} zWL&&R<5V|I@50Ul;9c>d8#M*RgEHO;N~8X-FY)~bRGKf+jz-v#DW?kxk+rLj<;$=3 zJU+c{CB2b!P7Jm~Ph?d%rrKB36U|V8XhJf6X{@idc(#5B7Q_otw6I;adm64JSG@}v zMCOM%f}=QlbPL{R#u}X}xL*x(&TS6OQ?yfg|7-=>AK(qH_Z2LB+$I;yDXvust4atB za%4W?lu};FgcBcWyrI0ypYt)I5;;v_jnKJOe#&_oPgtYb>dv3yt0nmsHDf3G3z6*d zac-d<$r=C1+!}WppW{UIM z1*RKqD2&+Xk3a8U5IUHdJP%PA@PF#KU{08kcjssaOgWftN9={%SM#jAxwd^RY_u`C zky9V`OFpF_O1PTqJ3We;fZp0z&Q+v~WbTm$G~W4ueznAgDI8wB?s3b|MRm5FuT+tI zB^y|+I9776ghA8;pQ!i~HAW{AVI-g~TN2u9x_mdSBi*5j(-)e?xY_z$qw~9_(C08U zz63&ufqQe0+_s2}B)~go)?v?u?_s1G1CMVe2Q0U^_IAGo6S9UocrEouo+A+ME6@<2 z%7UumyL`j_lPk(ZUq9|5)sT7_Ux!NTx7|=kb>;>jZ%Uc4pW{Y z;M5aDo!TLth+?s@F(by#RX@A>E#c+xUf+=%t^G=J%yxhurE5-&8~<3HeFikz%mE;e z_tXgEM9)-lXpEH6TU`%`Z5NInTf*)(K5q=mPdzT{KUp-4FWyWTppWl*croJ&%ek6 zQ>HBZ+>u(084<=+z8&xIQt|Rj_@d@3zbNp8Tb4sj=m+|CSZ0C)HSbB?yJ?|pHyq*x zkk8uZicL{n3y!b4O*>>4nI$iSlc|yk1v%L<{F*5)>(+)6gJFdd%wuQ^l>;?i-LWHZ z+@TNeFv=;kDx3U1C2~oa_#Nv8Op}@4-C+0UR2g88v=t1ganqv90W)f$WN|~LVaBEm zk`Da($}Y7Ni0cCJDjEly+FX7M{mP%_A&k5m7Ei4MuIlb|_F4%J{>TC?hh(56cX1`m z8e4litQ)U&z$dK;$W*}R)T^|$DI>clU{xrBFa|eM475+`ir7SQPyV6kd>0+(s2#MV z1+|;7cwv@bX?Z>4jj=|wm1{``YQ=#bh7qfx9_(- z@5`?Hc z#Uy*7M7C=Up-^_csC(ag-+Q0;{pY>^-RC^#InVEV&hwn#`7P)B`F3=4bbvr0$Zsdg z(vfIQB8yoPKp=36_0x?e5S@v*44?o4LA?PAlnhWHW@%6e7y>~Wa#kfy6dfuB7~v?9 zVC~=)Mlcvn2Li6(SO8`?)DT9`hE%g86FsfZ>f`nSOuHd88$!*EZ0$sJ$H@b-yAddx z#IFxwf84@q>~#XGVeLjH+7K-XWTG<(tL8zrb9N(=uK`$2MoC#f8ju4daX1;tiwBsc z07)4@e&_fe`1`v+0rUU zcwcGSN0&iGsI4l`;R{zsBlrJe*o!eMQE9eu$htYQW`6gGscyQ7)BB5?`_Yqdqs!fiE&1<{OXsgWV6t5H)KX$@zU1WcS!hz7 zmM%2pHFIdCtqzsCj!g1s2=Np;^U(g%>zCHCvGaWDGL2=%2c{H?HMG|C0v!1 zby6$gGpSBUmiXD^k=PUWoZ>2b7jDa?({br-mLh6h<7Ld9Nx{ow>Uu!GamefPyafvj zR0O`oTjqgImxK$nb;_XD=*F?Mwe71qvVAft7DPD+6bu4qN&*1DyEDnWOfU`@JM~*p z6oaISj7(^2*}`nH;R^ET$lgNXWdno1!RP?!&gJ)`y0e&eMimU=Gq9OT^aTon^=Ywr zLNVeMU-Ad(?#a;RSGMb1L^YXxwKp_~R@wnTl!Xo9e4sd2-Hw^$99b!wLX z%gcuB{_&V-#Y|ee^j#WGaWK(6={+qEa);R%k+}QyTJm3 zuLVbH`Ye>Zn$hshV^rT(?aOjW)<{N?OsAHglbse`U|d&@E7(64FpG+_54laMF_gWO z{Syx&zAysntqpAlH^u5AIs`YI=nts-`AYSEN%0k->aCjY>`pL<-ou3?_I-E$*qYuT z5NsZxz-9m*I7$=_hJi&OY+!&Hh7#od$J2dR;4%BI3D{(2%EK2=BsRb zdSY>@vBKhV28W)n639FcT~laOk^a@7wx{o73Z93}2q@|>vsG$gX=@{-a~*asaOHln z$#x@du+vL$gi$F}RbPlVQnzXzqZ`pa<{Fd8eLlRDFL+{l!}`hcYfR{*Wwghc!S2)w z)FXQSPTgnW11nE%)Q|W&O^#!-1!7)&o~z5C347u29xceWTdFVk?^FaV8wqHeYpW0R zrWDg&*I44`(D|AP9f1W_jxvtbAH)!XxqP(dE zw(!%JyjKV@+K$_FGArpmldTny@cUaS28!9ZewgoE(@Yv>Q+x`*|zew!|z5x9SU)D`d#k7235H}R2{YCgvgd&_G2 z@^*KkQq{ht<#gK;>TNpjSdUpVx3bMco4D5WIAIawAFj&8&!!=cdp=D#(JYzYZWXUPUR$J4;N=*;W3?E(!`_$>F=iAZo z!RRv#b)Ao~Tr|xRuSPdS0e<_kGabuz;?-%lDicbqyX}aERs@lds`yJUa6Agj%umQan!5Rp4$l5 z2%a4(X9+3O?mpfkv*4Aupz7axwq2KeYZ;=Kmypswg_KV@g)PO1o>vJO(6rcZ?$D^e zZLuC{8BGMAPkQ5bYMP6Pcdr36uDvRBDiCY6;taT5q$JTF7t*Km$Wbuc+qoyfAv%Jo zgP8b zaL?vH^2y&XgFoU#ZU-llxE-xX;iUI)B6krWP z7!t_XC<=>)hzx`DVR^L`O?L=7`jSVHxdH0OZ#^@*xoE1>*gUMR1a6hB44Bg9Y+oIV zyg<;g`;e5b-4N*rj1bI9q!Imj-e14PynQRTbbY*qBtTv7=EAEx2Q~7{-dwa-;SDRcPJBtt-G~LUc|-kgoc*aOsSqTI{x5 z#^BQtTu0%6=%`NCg0RdJo$i9k*VoHeYt-WDy7d>LyN1unU^iT9*;Z;4!3d+mqYex4 z?M@HAx|@iehL+xZhsSp&S3V0Dg&mL$dQFl@G*}n@E|$P*Ah2?8c6ixf5C8=0-g3j?!_p-I zcit8!e5bECVNb%Y^|CQgipiI*rGPex7!{#>z|bX^+* z9NK-c0PFz35%AZX`Xj~n^n|n*;+}3)h}k!@r3KGgK}8gPQty4wBLvc0nHiQz>-&qVQC7q;t-^w^aqEmyx_Vp!TSrBXu}BOm2AR?)DrD#7RU z2Vq-A7Qw7mu|z&|l2Ur+ATC*MerPQx=HLwKv+}WLOd9MwiKBCw>DNjha)>KxKE0tq zcP~S)*MYJ5jHQ6=iuN!66fl2PL;bJc!9NAeKLyPHt$>-t+#Ae&s@iOW?Yy&;8*p%@ Hvfk=nb>!VQ literal 0 HcmV?d00001 diff --git a/tests/security-resources/upn-client-keystore.jks b/tests/security-resources/upn-client-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..224798d16f57294fe9ab794d4af70ed7afb5e62e GIT binary patch literal 4238 zcmeI#XHXPr8UWx)FhdT5WF!g#0zE{D?hH#3R5%!dBw+vHN)Ad=f*?VnAX$VP(B0d;-Mag8`){kOtLuBatNQCN^!vQ~OZ!V85D4IIKD*!r5DzPx_ zuq`?;n1%ubSfiK#21+OvMvX+Eab9>I`*Q{;Mu7e>M1zE*J-qA*cu&-6K>jcSMN0kh z5Z{kmeCkJ?;8VBv@WMObaW-CfS0W$U+so0_1MhVO;A5kcmIq`31wa~wl9Rs3&L9Iw z%K@j!$M?Wr-vts_;J2R*rT{@nUYAPwZIU7B;((WlDH=aqk$-45hIZO@~yj z$s^0AC5(oIVGS%}FL`R2>hqV}bgs$T`h&KjcgnIwI~nx2bstR?hS%lPI%eIF|sx>Li}r!e}!h)G0mb>WJwEme$8 zo1a{UUZ0d3w0+jF(Kz5#=Fa{lJ^5idHCwy_1PTU$v!ww5;2}>k4?T<(#u9!|8b>Rw zCMOr!Ub(W6j@?3>oH$x2JV-G307d~o$(P@bDtR%HM->d>H*}ay@dt{-3|bNkMG_>R zZWN7DCowu3-FJ?*K`y}Kw!<^WQ5}E|mb0jlnR#+!Dw4*od93~C8`Y}0;Wamf(u)SA zj@?Hb6o2bcAHH?3K!Iw|evPff^GY!#1goH~BmW4qWjt-OhEor?##4rd6Luaw==DZRi|m-ooQl>7N!4rx}LnA_w&W})ZBTuYo`jS96Q=9rnQ4~-TZZWaqS z4BM*szNVqvI~DHVu5G1|YLB23%Oe}w1`V`inu{+z{;EFKIVoe zm&8E*w4t5g*2D|&E}^dkYIe+Zf0@CJyZ&O~`rBsY-3bO!d%F=OzVFT-Thko`q5uOV z*f;Xlq86tF!@yz?CNOy^!bq@B57b_gV)CR6cpL=qr>Xe2u#)jN#_4F!9z4YWF3vI` z43katr>k_;S#UzV@ls<>=e%0>X^58>6om%LtQCT zCUEe0Xf;2PxmOCGt~F_aFTb2&jb2>e6uaQ{6=S`|G{iZiMock41xH3oJ7G69VpE?| z>uOA#BH+A-JVdh?^V>u(NPGzrS+v^AE`A!`{6SpJQ-YO-ir&Mc74lI~sf}4nmb<$$ z+L3jBfyZVz_FO%D+;eDx)jC7SC=#NmN?$Lrb@}-V1CAM%3yZX$lhlhV6O~ab!u&<2 z-U(0BUaVAHXIjt8x-mPQAG>R}C)j(eCkQgaSJ9?wLP4yrbD~+(7ih|i(}^4{?nSZQ zk$SwB?h(HPcUZOj88%|=H_7m^x_aHB&*O&XM2vG)zqib%j5j{apPY~aFaa@%-af?w zxcocq6}GRVIse2_dKg9wIp;2^RK zy)@Dx@HjF!tk3k7feqN@TCy)XNd4yC{_~Jj4AV%=^@%5HMwtR&*kVd5#WNGZ;WAsE zs@}2lN}eY?2obf3gf}B0pRl^e+{p%q}h6SkV@ zGa)$etOAmg(Bd@Tn)x`v3}F-Czny&$_Fe}?$@~qUmoK=S)y{5B2#%dxODI6;`Aex) zDS`|;AhzS5HMv?t=>}@=zS_}AE%_{g?qIzq3gkpP0Kd@-&GF*Nm8@d^qvV5y$p883eJ$Zzx%F1WPuAWJ#3q}+ap!{iq247giX+1S$ zCkLi0c(1kRt6f)Xk0@hjOp3GQcYB;%+u2zn9Q5{Jmg}R|#)@LCcd4L*xcZEE>P}IR zmCwPqT(FgNlP&|lGGmwx(q%r1!<|7KZLgzdVd`cUcz&fN;bp@` zT#{WIR~X^3>)w1k@2Qf8eT~u_{v*Zw^;r15R}{!zkw%dLBZHDX@`}PmzzanKP#tQB z5(z=0QM3T{VFN)6MU(0DqXqxo`o&hXf3y|tueK5b1deP)%k>9aVfD}d@D&*={~a+? zl|}{Hm+gqnqCv;cvE0?8cseF{|7&SfJVb09WB@B{eA;@`M$bU{B%&Y?qa0Fa9K2?x z_u}<9Mg`n1UlTa1&DOa+6>DUp=Qx*|rQICs0!-LgJd%Zv6#8u*Bn%8Fe7X9ujVKtt z+s~wQf+QmNzL?^3m5VFR#>LUq(<>YnK+g2P0n{E!f}5TP zFPiLym<@XJbUXE`HV43a_+mjAJHQ(F=fe8E&W}Kaa1!DA^g=O#asHboWzH5=Ovz_V zx76&!UfEov0&yCzv8{f8y=^OMlQ@Yb(#^ARn%&R;S}4}ZU~-X@S+Z=qR5-?h7@lpG z?znDh&5+qTx-8|>Q{TMZSPw_5&MQy9x;yi}xls|p&lHgm7|ZWsv>bJ7>|tS?4$a~_ zQibN}?)8yUXEwKeYc>faeS=DX)D6QJKMQZ*U|qb#he5 zjByxWQ+;a}51XnLdQN>D_RZKfjM**`&u>Xo$;uu@r7J9t?c^sMpQl@HefI3Cmef>day4SimLHRB14}aG*e^yrguiwGnHO=2O&Ht^Y*+4Bb VTWF_sA8#I779AM=1l0+!{ukc3=tKYj literal 0 HcmV?d00001 diff --git a/tests/security-resources/upn-client-keystore.p12 b/tests/security-resources/upn-client-keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d6d2b428d57bc9c68d98e75670712a8c966072e4 GIT binary patch literal 5008 zcmai2WmFUlv)+ZJQx=e=Bm|UPx}}#`%B4G(UTF#GltvNhPLW1JLAtw?6$BP=K{_O) z-#ZhW}ca6em-Yrpb_9i93U<<0xX74#2up+b3q0q02W4oxj+$M_P_80 zXaru%|105DfFkfp{=x-+EeD_E|5&8NK%Bw|Jo&$%4AkKt1|AvI1S;`wN($uxQ6DTM z#goQN>$#Dp>`{5CJ*nv?JHWx=qQn8RKuPfl|92t|5gq`_gimB0qXtCcf`Hs0%2kF2 zadk4+l&J)mTpg)r8YluZoe~~E9k#>%W#)Op(KhpRvln6emLyp%AWvti(FdRlS(Q%KAer zXI30F$2{Gd<|`~)=+WSiRb zgbhm7nptI-9TRGKHQ!wInZ_OEg$gl6)cAC147=#J7pzrUIg7GB1NJ#t1t&S$>kZWy zDKzNc{i5c~>cz8HcY~UEbVJd7hvNIo+))|0yb`(5kVboPL#s`jBM3sr&xXu-q{QC- ztzhcgS198yV_Im2?lU+rrF9vRmgUPR;ymnEK6EyFQ1F>fSFFjkVf(R85;EO%H8y?q zHO#7X|GAfHKg-j+gJVEE!#R|aaisLXLnE{6oxhqg%NkyULQ zRmkmS^$a_wp`e84wZwz~UvtzoFw3Ayzj0{?4zLb-J9|q(zWMX_8Nis0Ml3 zG6Ps=>heO8xV@-j_6V=VG$jOcDpr&*V1*M<*8c{#t^V}$Yv!l9T_wn{x!pBx z=eX{|lIMuu7$STj{jP!f0inm& z243rsnnp59rfj>XCax-vn$e`xz1ZL4F?K%dx~@Lk(&aO&KEbVDJbHY&dCHc*llp32 zpM@JulpGDGJzf^HuIH^bplsJpko4lC3qF476Q>TBJDD)!5gnbmhm`qKJV5eG9qeT^ zS4B~x_c*%&xjVlzU3))%1WjK2;uASMrGn`P)lE3g55M&5`1fza^=6_Lx#P?mELyJN zm#p$R9ptV04{!3DCY(;x>zC44P{xxB*d8OjVG6L#R!Cp-Tp-|$k8>Qikwp{n+Ux#3 z#ly0DYJT_QrXCnhlu1Ao%aWd!GMp$K9zENMx-)rl!f;_j=)~bB;kJ4u7%XTf89gI_ z)iY#{Oi= zCnO|9INpokWs|Y3z4Iq#AtERLEL>AS_9y5!zxVeUm!9H@!7%)`2@jf}{1{nYkH^$a zB_il0M1^GwH7*?|%tCQ%Dfa=^|d9%Gu;~IE8*&UqD>1AIV+LuYTS7<(2-4Mk?*e zqpr-NyOnV5DdxbmFViA0#g-6h3300RKJA}1zdHIOL2X0HW4!*Gu&1N4bCKqAu5UQr z-MEpD-3VY$d=m!(R%6(Oo;Bp7i6EZU8lClO?_aEV38v{8NPQrFWW*w>v^6K5+ONfG@xU@C?8QumiXOoB_zcu@98>-zFMCY7mvaGYZKfC@wB4 zDkLr`C?O;w1dSlG`KO5hzc7Lf@fXs@0RsLy)qg9%|0dTbacyZOytK?0lTMjdvcf>- zWOW!04k6&b$u+6Q>nq`NDq~^FFn`t#Ur<;C>2xZb$-B>H>P8^B-#95bk4oQ2LLcmc z!%2*|?0Qo#KgByho4H)#r>u1*JKjWOAL+0w_t@D6Fi0A{kxuBH<2p%jKTbk~^g2LpB_)ydu!a;Ki#!252lQn z#fD%;DF|ljo6Pl~k+(8&Ys%Hhx$`*R#ARJG)GjUkakcd9Tp5+F>U6u6w~DqLB*mh; zmVKMd`mfI75yqF4lQ^+IV1ByI12uJmIv4Ab11wd1sVDX=`l!!r<$wUMmeRJRSQV@# zMyQ)3P_wP-u@=#vaa_v_bGXi#UfOdIGs)9l*@xvPNic*`G%H)`?{cgxr*G`OaeBeW z$13Pt?(mMdeQo0a8%On5hv0o?0{WW?-WCf#Px?KDed zL~M~g+5FKq+!R4{j}cwrU_18y&bV3MRlGXlk{L76kVx#<7yEr$M`7+@?NZF&dF~@;@UYY3FC{uLSNRqJR<5&o-AB9fi(DsuV z`9+mMe^8g=6G=#(RH4kmc(&0BWGUXhP9(F4$>9*sQ(L{K0InsU@`QV+h@Twc;BrlLMNi{q{nGcsoo{FB1LaX%#KT*98>Q3za6_MBU zo7EU!3*H;29I3t>y~)$haj#^bqVfGp(MDOsn?WTUuBtUui;8{DO7Ef&Sqo z@L4k-ZSpSUhQz5-iE9A#g-ymcR4REuu1{nfxxzITbP3IJ9NO8hY~CTJFg-6X%9!@? z{Q$$OMLvHK$(W?0tB~ALo(?g<`;z~;f>dZ{@LmX)ot`49_UXa#W8r-KC-ZV;!!5t6 zKcQk9I|Uq0@ItJ1XnpDI*USTdTR4@HxpV%Rd&FU2Duyt}VZ+x%tgt(aKcK}eBz)R^ zlzu?6%Sk}j2{=09Bq)8^+laOYzEC6PbsO3{?YZ_BPTfXqX?K9C6lU;Sq%u?K29G)+ZN(8ti6yTi$a-CX8Mq)0@vOGH075H>Bf@^~_d` z8^99%*yp56lI1rv0a0o8hc_wK^g6nO4inC{d52D7nvsi`v)~hB{)Nl1-Oy`;&PQVx z>dZ|OR3c|vf{otn{`rgT&N24kPk7~PA`ISJlt$Q-ubNiS;srved6}ZBCwIQ>4eaeKATa zRqaK3aJ9DKFr#A5C-I7h3Lk5-f7~{>k(Qn=lwwr-;y>>)p`z6w#feoZH>DcZKPva0 z0@Z;foIGb_?!j9JTdBY+rqjR)hTXCUl%~NuCcHmBO2Dut!U-Azoy&_RXf7md2W5pi z&DG9?WUqXps!09#syCPNlafc}iUh&OcxuzxevNV>hwoC_w6EgvPJ8vM%&Xps4Cmc9 zOHa2Ca&vXrz)Y@xe>KzVIk%7D3~x%ARK?fh8r<$icrRdotT|7P=O3|e922)G%lJj0 zNZLjAnBP_$t7E%Mz7MC^P<|u3ZrOr)OKEPk5AyS1gsN4f+vFXwv9`HpMG&_JB|bw{ z-A5rl#5IHn>7DT$H=5&qx3ZV`s&l3ODy}l+p11C;4IVK3ahvcSU3LP$K=(uLrg+(u z3^!ov=jf(!-AKcpKdp8XKz3Pfv<(JwX&$o)#?ZOFQ!2aVI<6klWK{%A(5lhLfw7&P zS@*oX?cP+`fbb%z%fdC8;{$L|`?Oq1h!;dQe5*?Z2mH3-jAHYLI)yH`oTekIpnduM z`=fGq9GT%XTTaV*yibarT?i}`mUp3$WTlr6TiQ97jPpTU#U-Ye_6N3yaAV;YD1Ub;A= zhuu@P#FrzzB7k)5VwLZ%`nCwXxoYJLb7t&|FDvc7(&XdOqZ}MR^^-qF!w^q2&Uf|+ z!kfjmTj#SDRh$?y1r~*O#zwr znP{YfQStlgucSN^2ZKwS-N5HPKsWbTwT;`fu)8m|{qP#|*g|LI7MGVv#KTev!t+Nq zq3hqSyl#4rkZq_6*SwzV?FJm|nV+M`OX^ezHG?88FE{i=23TLDUU#kEMdkHURg z3bZ)M==^?7pUrjw%$AIy-R@7jKOev0!7nd8C@XKAjw2dRHHzuZy%Ovw=Iw5r4c4hO zh*u0BxS;(u!#3Ks&`cX2EbudR>;e<_Wo1qjlThXUHT+NUru}&G9hr5eS(>HCt%Xc3 zz%va^y0v;HeBkh1=^@2vjkJ@tBCRq^dm{^q*HGi3ztEg$^a>>=mD2OHj%zbyggP=h z^JemreyPUqWg*H#4bFcNasbZGyaq~VU4EF|v~Trdff-giRtWfM*mBMb1Gq=F*NfTS z;Y3^Nz6%;INj^$wcJXxaL;Rp~p6N7jOHA}_u{d>}E~=M(eu1x|SQ0dG=kY=m^k?QQ zU5(;X6aUt5{9|eeH2{Z7T|~rzMsQP^9~yufCSbS~%vYtKWA+%EDi{={Qe_R9tah+% zI6yH0Y8$gEViQ>Jx5Q~|QtDu0x1xRbpw_<(rT1cCWFmB5;=fAiy1eTgX#b`{$*W;l zVS8^WV7>{9yl=d1L-P5JC13hVjeJok4uRgiz;@V^O5iNMg3{0j>{!Y|-BW5wv#k3N zipqNr?dpG4#lXtO)>M;kIe8J?iiHId`iN?*!?e_;Xh@gc^SaHi&lC}_J{Yl+ZldRY z{eDAyg4B^@lHO=xFir91TO%_F?ukDh?4FF_d1$gl_)*l#yJsv%UezKfG$ncr&5r?7 zr7kvp=)kzQ@N5Sdr&thCzC3*4@v|NZup2P_Tvx-SRZWiPorJ?MMi}Bd;b2f3*ytK! z0e-Q>sSUaq)S^qdUKors;e1=9U4DI8Yy9o*p8o97bX{QR`4}4gHZ6EkGhi zrA2n>5Z4PnpcPgLr@N+v|17p}8-g;U7Mff&WkZHYXbUp zv)OwULhMc=kZj8OHgNfw};}vU~26D9RUGqvh_)PV@ z+bZW*{?g>Egcs7}csaDfb~aS=DS7}RGp{i3;uz3vCRogu=}E8R>();Yy#^R z>BmLi`SWb5gtUp<3zdY!RAgyrm~QT|V)!YAMO#qpTW_cqR1iw`&zA}Zhz9_%jDI)i z>V>mUj|q}