* QpidPeersOnlyTrustManager against the broker peerstore, a regular TrustManager
* against the broker truststore.
*/
public void testQpidMultipleTrustManagerWithTrustAndPeerStores() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
final KeyStore ts = SSLUtil.getInitializedKeyStore(BROKER_TRUSTSTORE_PATH, STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
boolean trustManagerAdded = false;
for (final TrustManager tm : delegateTrustManagers)
{
if (tm instanceof X509TrustManager)
{
// add broker's trust manager
mulTrustManager.addTrustManager((X509TrustManager) tm);
trustManagerAdded = true;
}
}
assertTrue("The regular trust manager for the trust store was not added", trustManagerAdded);
final KeyStore ps = SSLUtil.getInitializedKeyStore(BROKER_PEERSTORE_PATH, STORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
boolean peerManagerAdded = false;
for (final TrustManager tm : delegatePeerManagers)
{
if (tm instanceof X509TrustManager)
{
// add broker's peer manager
mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(ps, (X509TrustManager) tm));
peerManagerAdded = true;
}
}
assertTrue("The QpidPeersOnlyTrustManager for the peerstore was not added", peerManagerAdded);
try
{
// verify the CA-trusted app1 cert (should succeed)
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH, CERT_ALIAS_APP1), "RSA");
}
catch (CertificateException ex)
{
fail("Trusted client's validation against the broker's multi store manager failed.");
}
try
{
// verify the CA-trusted app2 cert (should succeed)
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH, CERT_ALIAS_APP2), "RSA");
}
catch (CertificateException ex)
{
fail("Trusted client's validation against the broker's multi store manager failed.");
}
try
{
// verify the untrusted cert (should fail)
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_UNTRUSTED_KEYSTORE_PATH, CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
}
catch (CertificateException ex)
{
// expected