From 46b02c66407e26f95cf20dd384061d325b80b736 Mon Sep 17 00:00:00 2001
From: Sam Byng <sam.byng@gmail.com>
Date: Fri, 28 Apr 2023 18:29:38 +0100
Subject: [PATCH] Issue 203: Update the truststore/keystore for stream-tests
 (#301)

* Update the stream-tests truststore/keystore to refer to pekko-remote

The same truststore/keyspace as the one generate with the Makefile at remote/src/test/resources is used here"

* Revert "Update the stream-tests truststore/keystore to refer to pekko-remote"

This reverts commit 7bab689bb6257e80d2bd8cdff2b8a715bb08c619.

* Issue 203: Update keystore/truststore for stream-tests:

Note that no SAN extension file is used in this case. Therefore the verify hostname code looks at the CN= instead of the subjectAltName field.
I've added a Makefile here to make it easier to regenerate this in future: just delete the trust/keystores and run 'make'

* 203: Add comment explaining new Makefile
---
 stream-tests/src/test/resources/Makefile      |  19 ++++++++++++++++++
 stream-tests/src/test/resources/keystore      | Bin 1342 -> 2397 bytes
 stream-tests/src/test/resources/truststore    | Bin 637 -> 857 bytes
 .../pekko/stream/io/DeprecatedTlsSpec.scala   |   2 +-
 .../org/apache/pekko/stream/io/TlsSpec.scala  |   2 +-
 5 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 stream-tests/src/test/resources/Makefile

diff --git a/stream-tests/src/test/resources/Makefile b/stream-tests/src/test/resources/Makefile
new file mode 100644
index 0000000000..068a75523f
--- /dev/null
+++ b/stream-tests/src/test/resources/Makefile
@@ -0,0 +1,19 @@
+# Documents how truststore and keystore were created
+# A similar Makefile is found in remote/src/test/resources/, however here the cert is created without specifying a Subject Alternate Name
+all: truststore keystore
+
+truststore: domain.crt
+	keytool -importcert -file domain.crt -keystore truststore -deststorepass changeme
+
+keystore: domain.crt domain.key
+	openssl pkcs12 -export -inkey domain.key -passin pass:changeme -in domain.crt -out keystore -passout pass:changeme
+
+domain.crt: domain.csr domain.key
+	openssl x509 -req -in domain.csr -sha256 -out domain.crt -signkey domain.key
+
+domain.csr:
+	openssl req -new -newkey rsa:2048 -keyout domain.key -subj "/C=US/ST=Delaware/O=Apache/CN=pekko-remote" -out domain.csr -passout pass:changeme
+
+.PHONY: clean
+clean:
+	rm domain.key domain.crt domain.csr keystore truststore 
\ No newline at end of file
diff --git a/stream-tests/src/test/resources/keystore b/stream-tests/src/test/resources/keystore
index ee5581d930a1cb38981f2a547aab3acf24861e71..2b0237562b4aa1a7f9042997d976b4adfc75d144 100644
GIT binary patch
literal 2397
zcmXqL;*4ZsWHxBxlxO4AYV&CO&dbQoxS)wsfTf9($DoOm!=Q<IKSGLaK@;-^gC^!R
zOpFW$P0ULXGK>Z?Y+O(ico^9X_*gi?Ib0<}JFiY+V&Y(EXkxCg%eddQb<us>$etbT
zX)#UfeNL#j99OaN_%QiN$iKXM`pYd2U3oEKzpG)htx-P9qeputn6$Ru)D#TVJ}$aY
zK4quFG?T!$A$iZrb}zeEJKMY?V%Oyfb7N-loVm89J(kZpFTg}H_)AGfhQh%PKL*{S
zQyZ49|DLmfyGCca&i(=;tu({cZ8ORjnb>@PS?E_~!*WdZl6ccKn-^D(zMmx0Gv%B8
zz1eRbG<UU{|1&bJOX)HDk@0$!jO;2!ku~PcGaQaB59R+I6n3yx_AgV1<N3?G&&#&6
zy!@zaJNd%Q5<O3a71C#3>pLeGnVE{bXwEpQ5GCJ~7P_!~uISdlV}I{d^S+%mdz+n>
z@=CT%`VWs*iQn2XDQ5#mU6R_FXDyrSzyA|hbK&!s-X(9P4{S*gy}Db(SYG*cYS-uW
zmuD(>hHU-gsQY!w%a@b7+~1W<UB21yk!h@H*q(PMST=qztK`gkv|q|EUc@bIV($KJ
zT`cXVIym`*f0S43^0_hbY>aN{>22&`N?AXBzgW2_uK#=S*ZK^8DGTiok7%u)qbZ-3
zRaM8QzR>TFHNNY_nz3&-r-OjL<gA?ahA$UdFFvs@)1e^q%B;}Z<7*de7t?uqoxyqb
zansj_9K#NMJio~H+>gxZ%@3qA;wLD~w|l-trhwzzi8a~1jNL^Yjtdht+Rk76oPM`#
zv)?R_^=%9bF33AxKf!Wr?QW)h^Sy*U?o~=DzRH_6o8#4@oYUq``_#|7MS8w^U2w#*
z<HwX*-BO+s#+>W&pJvV6y5TkV|6hwfuZvh_QoP=`=!fIpwn^9cZ*1jV;^JEtG@CcA
zv;L}q@M?ccm5!)siyChFzxw@Obju7oBj&;_eFn}q)UUtTC$la;HuZHsn>^!9Nw=sy
z37ksyB@t7%tZ8r8nkD=^ZM(5%MnOUJQ<2>s>m+Zwyl^q)pSkz^1)*wl_V0D6TCDTS
zoug+<7v9#K?fb!+V`IRAhca6<HFn-u;#hrjdfsw*n`5P#VTTmr`1=)($?8o1cx&-J
z{eMe-R&Pjdxhdr_;fcz7wb&DjueWB*Pkqn(ys~${k+A8fjRx_17%DE^tmsb9E0;cT
z&!{9kvvu*pz@D=<XYRd`N<V7l)XJ(7@6dR3<B8vAU0)<B#T4Fr`DInY97D~Z-QrjF
z-k4k*(<HIG^Vo+qoMsc!tzGu;&&UgPD#@Cfez0}cegoNil{*$0G_g7&Wz+>ttVS$N
zta=7btXc+5tZHoBux!i4$h4q|<()wj%PW-J%nZuS`;RTM5)p230Oe+uCYBSoFUq@I
zUbP@L?82V?6{3e2z3+1B?LE5Wvc9Wh;j@xcqSsEvU7P>PyZB-6!DTyZtFuHI>z4`q
zx<2*Ie13tfw7E^)1~Ok}D6+Y#MX@b?+T|K=UvA7h<8+gTx>!bj&}&EbROfpSx9F;f
zI;^PJ-+r=zi9cO_PPzVDHo*>uqWfAKy~V|iv(Ds8I8Ne<{krh>qDa3~)iu$-OBr{Z
z|M%~0$juKE4ldKI&b0iX)%1Sa-;7`C8{QXu>^_&5!Zc@^_L^sGZ?v{4cFnzd=$*<P
zmMN-@5{a@Fb~jc#T)useEiJ`t{(Rm_{$9Dx8_IoIXSJD5s>sji(Y+OtzdF_7C?Ch;
zu9g(TbM2f`B3BmtUOIc(y5gUjUK=v+6(81k{Y!Gs<NfWrRz;Vzms)KQem~>V+0VOd
zJ{;K|w*J>dRg)v%EV^2JcRiZberZ*A<z+=-WA<N*I%Yp%`Ws=EW*6+h+IISzYR5hX
z0r~V@Z}S|E_FG>+E_YyKfuPhz6Y=*_AGjxQ<`rA3%51d1*tj_(<)X=}zAv49YuB4O
z$#>n6390|F=^!`5r4Q$=)0Zl%+_R~_Qy}~H>tt6Wt}V}-XX_YT$ULcjO!dOEc@Nd~
zHmjb|ZVoV;lx?wz@q+I~SJu`GwTYeIy=1zLUezsOdok_INweNfHg{aVY(B_$@1p-*
zNv0l4<Bp$8H$1y9aVxZF?iTNrZa0!Qohn%uum7QS=Fxr`r}MWrzc}R;zpL|M*@0|%
zj+T`-_Wge@Dzfq4gx~IxH!In^zh8_<`e?K!?aX2Gf~gVT+b6$j;&Gn!`^Tal#Rbv%
zSMLgz9=Ud5nTOa*j}7Tzsn%<!n#{Jk`$9Lmdd0#x!_Vs#gA7;seB1xVU1s}P0h=cp
zl|0iv=jBbD&glO5*^`bxOVwttk<U8!W6q0y1*g>hPYdt)sJ1*xirc2i{=rp(Ve`9{
zx}}RXE`InPp|i2<jD7p{=g+5oy_>_6Wx2`I;fi~XcgwcKT`n@#+Iv(N$=clf)+Rpf
z{*hIyx}O|$jM}%rSyIPq!!LjKPdqlSe>WaDDDSX8X4czip${2fQ|*{%7Hr+~R_5E=
z%^!ATcw9K7@baWhAnWO7ecqfY+2OhC)>|dAXyi?D+TgLxqU5*q-?+*5N&~~rR67>C
zNO1=5T(C-GZ^j}$t@?fJC6{W?_I#dT)Ed}naj<t&l$O@R9oKKB|IYvT{XSom_GOg{
zbq#gq!c&6ZK6?j0-gH^5VN0RP`~A|#`WippS~cyA<+Y>xh2FoM(fVHI)TbBBVv%_T
zLf`BQ=PRGu5~IF)MP<q))sjiZ)9-zaxn=PB$|mciuTu{N?5TJW@m7GZsNma+9XdWw
zR^G~dq`s6Z#QB9d>o=wT2akSDl(Mv)`Z8_NF$?#7>#RTNTGsAk%5m9MutEQ^?cW~d
z`BN_kZ~c~Y?{Sf6biUHf#ZP!Yd|zwntJxW_xvb<z_R4#QnpTGizH-f9qF=PB!E*g%
z(~HYBqkn2SvK%v#o9^<%aCK3RZM$9UEA3AqddyFCb6##Qc*(tN+hy^sX}MC~JNz%E
zu9cO`St(((J?_Yssh>GBjqP7_PrrJ&Vw!@&-QdYT_S~#ieR^?PsvhUj!gn{XEPSo0
zw?<cZ#h$;u6Bav1ZlC?xRriX{mS$CkH9Q(+uB-Qk9<24Qy{QykYN%?U3@;ryMGeJR
zL|%PtR+u*PuhW72v#(!%OEQtU{b7xPp@E_SCmX9aA2X8_D+7y&o}9I+jPu2m4&~LE
a)w@2{JQ4E=X5qM#GIjdWtIv5sr6d6RG;%fo

literal 1342
zcmezO_TO6u1_mYu1_nkjX3ee4POW5MU^GA7;L^;%z_in#iD|0=9~+l88zT#&7Ly<&
zBP#<-6Vt*Lr#iO3d!phiO(!{)GWxCBqR4KxSN-)mxxc<^>*`br4K@BHt~ki3Iko1i
zFn8Nbu2<ZDuk>)`EZ_Af-S6!S9{%lD6ax4vqIuM+Etxqil0#b86~A#=eO1S5e{%P`
zhYnuWFE;T9el?upf9KpL2M6scKEBl)M^>G$c$Iv(L^i>I!QWzb!&R<^cdxnpEHmO(
z8K}k0SiDi;<e`73<4^niPx)-o`OUR-bxd-CPu+t#`<^5`pJ&9WW4$XiS76N+HjQgm
z^$RCzJr0sxR&m}fGiqPF|IcVwzE5|`beUar-Ok7#`yZsRD<@;q#q%?5Pd78Z5#6{;
zm+9fkDm%L)VJu7xd#vx5cOBdP=9cu+6{1l~Y?sC}E^OQQ({g8(?fyy6>JC}m__6Fv
zLMoe`r*C1^2g5)1?{|Du3sS23oqUC_hIh`US(9us=SS{HdR0C@@tH=BqR!UWPX(7B
zc(K)gj>j3T1Dh}Os_XUsR>{b^%=Y@v!@M(BcO70}bu#5n%8SYCluveUTh=L8%Co}!
ziN?j`{(_9t4(j}lldH}KYrgy6xz4Ts!i&f6l%-A8epId97}3*F%Bq{?*?z~a?Uee|
z>=?rnTQ!?fvab9)lz02}_wuuP$6Bu3YU7$zcjVX3{m-Jq=DX`WySH-R8&3IH@nbxb
z!yl?F4PSZT-p`n*S+*5LO^akEIn`c2Z@kTLRm{)xt2V`I&+7gar>VgG)K>i8$(yCG
zYpW)|Uia<8N70(OcT;D&UkVZV&3%DOI#oYIXiZPJ<tzCUGxsg5n8&%RrQYwd`2Sfu
z7v=MPlC-?iamv0xT-SI>QweYQUItB7d8acv+a~mEI`{98=_Og#`sGaDy|wHLA{Iza
z>N)g8dddg$GixUvnOn#F=Y3Cdo#t-7gp2G(I{#xNPF?Bsn-F+P6_TDK^h^yb85o%C
z4Vsv&4VoC2EMR70WMX3Rzj*3`0WTY;R+~rLcV0$DR#pasL_=-^PB!LH7B*p~C`Usc
z11=DULzuZdH3`OJhwuaq_(5`9!W<!$1*ye}X{m<12HYSaZef<h?CeBC5d$F*msyw_
z#MLcI&CM@KHBb=eH8e6XGq5nQG&L}=h?3wpGBmI>G&C}Y3edw5jq{Ox&dAEZ+}O)t
z(Ade;*vQbe%rjTX@(7Re$BD;t4m_~q`sUtt=l0fllUD55_+Zv%*=G|Zd;gv3ICyPh
z$PTVI^Rt*QIf$K+oB6h{YVS?~4+ZwyU0L!~i!XU<>#G$+{5`r|Eze=8p45+HOG3MD
z1q;|e++`MRP-bc;e<>nd*K6Ut+1^vWHbk%aQtlt)ee=|(4ZTdvj0}v(&SM2RuaO}n
z{@bs4%#V`Vwz&V>%<+7Jc9XZ=O@ZUCPcEk=o?m+74v(IM-nyGQtKAkoO<JEPntXMs
zQb_jdfT!zi!k8W{)w*UIX(IkUtY%-tNuI5uCFyH(7pbl_p74L+SqaYldaRra9VeLu
zRM&fpddmyUXFNQGT{ZZz)c<QvPVH^sZ>GN8U;EPUNAwEWKh{Z;W<0QMEHk{lvQ`-Y
DEz%@Z

diff --git a/stream-tests/src/test/resources/truststore b/stream-tests/src/test/resources/truststore
index cc07616dad6cd4bb2833468ee5b4e6bf79b62b97..3cc1983600897997df7958c8591fe7eabb079248 100644
GIT binary patch
literal 857
zcmezO_TO6u1_mYu1_nkj&6-=8om$Djz}SAsZ0#`y)(AaQ14{-5W@&>aW^sci#{Wzr
z5?pc)`=+!@o?!p^<eI+EmSunU-Z0>0<J4;NX#38~$jHsgVBlfMZNSOK9LmBb%oG}I
zC}_YB;&AYAxTNMJmM0da8uA<Pf`qtu*c=NIlQU8cMGb^O0?a%-1*zHD`MO1^x%nlj
z26E!OM#csvM&^bFhGqtqQDCkqoJ&QUni!Rky}`)Jz}&>h&tTBR$i>ve$jESp#qgKD
z$(g6kYo0DHl$f*j#+hDWzPeW%_fP+}oL5fG@yeO$&Re$@ZIo@9wKO)sr1|yr$1k=C
z|59FUs&PN({%6a%)zRi_|J&c56C`tE2Yc)LhAr_IzH~)Pc6>c$mwMc4_VvWXYSXhp
zcY6x#?sx^8x|x64`G2vS#CQ4sf4zO4O>&(lVYAV61;5P1>&k@z+VRV#oU7g}@mqW4
z`uyv^?bRKhf0CclC>NUcXF|2bhFdjh%*!@1_1;pbmD@bu>goCmfx+*8#V@H$I9tEt
z%yPzwzuM9qUR+km{=EE)RfO!3ADgF`TPg-uCZ7|3##;9BQpWVA{KI^FM`dgt)c%+(
zSjZXa<Ilv*$iRpkLfqgGVq{nwI)7T*@~Q52YLCAi3~tDK@jLG7;dRcOkB+szSbXY1
z<@ct^>!t_E{m!`)_D@NfDR6!2t_wK@rlB8ti$n_K^5zL~PwI|R^HH70x$@Au6Y<s8
zT~-S24e3s4vve!`xVt28Q~pwO{={`N|2^RgUAktY`jYMO8FQb$x{~|-=l2a2kAK`!
z4$Ce0uso^WeQ9-)g4Kk=`K7Ad>@!8q$^6&4{`XSLF_H9{TduF{`gFMJ>jOR)iD=Ko
z%dQ@;?Q?6EW}GrhvUbvjpB9a8@1I*LsUI<MXInbgQ;(Y=E1uQzzBEZaoOMimZZ%W*
zy|6nXxth@~4$*97OVioAZkp)0S9reYsfdYv!g}GDGSA{yhm=}(=)CuS9JDKkWjO!_
CF<5K>

literal 637
zcmezO_TO6u1_mYu1_nkj&6-=8om$Djz-WHDxle<EHA2tSz><N1$=;xe$=aZaamfN^
zCPpSE7XOQ<E*S8#acZ@Bw0-AgWMpM!Fi14yHsEAq4rO5zW{Pq&<T2m^aX5sT%TtqJ
zJa!0A(10H#$0f`WQdy8%oS2qs$ZNn265<wSNzBepG!!uq0&$szxj|grqSV~{l2ii)
zab80s12Y2)14~l_1B)mLej`HzOG85=bEp749ML!*+2@R`49tza3<iyzOpT2UUCTUk
zl`N0&D1V%IJm<gzJFai;ZFg>Ooi}O4j*SmyZI*pDL9+MXnT~_kCWh?bdNV(Z`I3X!
z8M&En`>OWt6!1`BzulE3U$yv>r?$RYLB!vq+tu<Mmg-6UIJP9T>sGLU{li^m(FSFv
zcJh}Z!gakC&YSH$<!eLqnlI)4G2S;%ecI5=#LURRi0nL8kn<WDLgK&un#cSoscnn<
zzs(%aCulc$+uam6?)v0%TH^VoH}3H0N$9P+sk7Q`(bJ^$d7{Zzmnwy1uMT*+-X@Ic
z(Ne8zwvi^{@55^LMV#c>Dq51hHg}QgTH^`-7oL^i+^@&VxzKTvSwMBYx2U(gz<kET
sQ`l95A4~ne=H%4g7XD`H+x@jg?w_YHcRX&H@AcjHbKOSYYQ_`u053|>o&W#<

diff --git a/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala b/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala
index 168d8d62ba..e16d8bda64 100644
--- a/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala
+++ b/stream-tests/src/test/scala/org/apache/pekko/stream/io/DeprecatedTlsSpec.scala
@@ -526,7 +526,7 @@ class DeprecatedTlsSpec extends StreamSpec(DeprecatedTlsSpec.configOverrides) wi
 
         Source.single(SendBytes(ByteString.empty)).via(flow).runWith(Sink.ignore)
       }
-      Await.result(run("akka-remote"), 3.seconds) // CN=akka-remote
+      Await.result(run("pekko-remote"), 3.seconds) // CN=pekko-remote
       val cause = intercept[Exception] {
         Await.result(run("unknown.example.org"), 3.seconds)
       }
diff --git a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
index 871c54dffd..415eababc2 100644
--- a/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
+++ b/stream-tests/src/test/scala/org/apache/pekko/stream/io/TlsSpec.scala
@@ -574,7 +574,7 @@ class TlsSpec extends StreamSpec(TlsSpec.configOverrides) with WithLogCapturing
           Source.single(SendBytes(ByteString.empty)).via(flow).runWith(Sink.ignore)
         }
 
-        Await.result(run("akka-remote"), 3.seconds) // CN=akka-remote
+        Await.result(run("pekko-remote"), 3.seconds) // CN=pekko-remote
         val cause = intercept[Exception] {
           Await.result(run("unknown.example.org"), 3.seconds)
         }