From: Roger Meier <roger@apache.org>
Date: Sat, 22 Feb 2014 19:05:21 +0000 (+0100)
Subject: THRIFT-2325 SSL-test-certificates.patch
X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=48555c5d1fd202088f70a04084b73cab9ee41648;p=common%2Fthrift.git

THRIFT-2325 SSL-test-certificates.patch
Java test suite use keys and certs from test/keys/

Patch: Roger Meier
---

diff --git a/lib/java/test/.keystore b/lib/java/test/.keystore
index 0c851114..bfc058ca 100644
Binary files a/lib/java/test/.keystore and b/lib/java/test/.keystore differ
diff --git a/lib/java/test/.truststore b/lib/java/test/.truststore
index c24b4a25..36f3ab6c 100644
Binary files a/lib/java/test/.truststore and b/lib/java/test/.truststore differ
diff --git a/test/keys/README.md b/test/keys/README.md
index fa1684e8..d4bb5a33 100755
--- a/test/keys/README.md
+++ b/test/keys/README.md
@@ -26,6 +26,10 @@ we use the following parameters for test key and certificate creation
     openssl x509 -in server.crt -text > CA.pem
     cat server.crt server.key > server.pem
 
+Export password is **thrift**
+
+    openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
+
 ### create client key and certificate
 
     openssl genrsa -out client.key
@@ -45,3 +49,29 @@ export certificate in PKCS12 format
 export certificate in PEM format for OpenSSL usage
 
     openssl pkcs12 -in client.p12 -out client.pem -clcerts
+
+
+## Java key and certificate import
+Java Test Environment uses key and trust store password **thrift**
+
+list keystore entries
+
+    keytool -list -storepass thrift -keystore ../../lib/java/test/.keystore
+
+list truststore entries
+
+    keytool -list -storepass thrift -keystore ../../lib/java/test/.truststore
+
+import certificate into truststore
+
+    keytool -importcert -storepass thrift -keystore ../../lib/java/test/.truststore -alias ssltest --file server.crt
+
+import key into keystore
+
+    keytool -importkeystore -storepass thrift -keystore ../../lib/java/test/.keystore -srcstoretype pkcs12 -srckeystore server.p12
+
+# Test SSL server and clients
+
+    openssl s_client -connect localhost:9090
+    openssl s_server -accept 9090 -www
+
diff --git a/test/keys/server.p12 b/test/keys/server.p12
new file mode 100644
index 00000000..65fc21ae
Binary files /dev/null and b/test/keys/server.p12 differ