From 731b91ed971735b94a262d7279b2e8d5ee049fd5 Mon Sep 17 00:00:00 2001
From: Maksym Ostroverkhov <m.ostroverkhov@gmail.com>
Date: Thu, 28 Sep 2023 15:34:04 +0300
Subject: [PATCH] tests: use test certificates instead of temporary self-signed
 certificates

---
 .../http2/websocketx/perftest/Security.java   |  30 +++++++++++++-----
 .../perftest/bulkcodec/server/Main.java       |   4 ++-
 .../perftest/callbackscodec/server/Main.java  |   4 ++-
 .../perftest/messagecodec/server/Main.java    |   4 ++-
 .../src/main/resources/localhost.p12          | Bin 0 -> 4077 bytes
 5 files changed, 31 insertions(+), 11 deletions(-)
 create mode 100644 netty-websocket-http2-perftest/src/main/resources/localhost.p12

diff --git a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/Security.java b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/Security.java
index 39d3148..5917299 100644
--- a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/Security.java
+++ b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/Security.java
@@ -17,21 +17,35 @@
 package com.jauntsdn.netty.handler.codec.http2.websocketx.perftest;
 
 import io.netty.handler.codec.http2.Http2SecurityUtil;
-import io.netty.handler.ssl.*;
+import io.netty.handler.ssl.ApplicationProtocolConfig;
+import io.netty.handler.ssl.ApplicationProtocolNames;
+import io.netty.handler.ssl.OpenSsl;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import io.netty.handler.ssl.SupportedCipherSuiteFilter;
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
-import io.netty.handler.ssl.util.SelfSignedCertificate;
-import java.security.SecureRandom;
+import java.io.InputStream;
+import java.security.KeyStore;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLException;
 
 public final class Security {
 
-  public static SslContext serverSslContext() throws Exception {
-    SecureRandom random = new SecureRandom();
-    SelfSignedCertificate ssc = new SelfSignedCertificate("com.jauntsdn", random, 1024);
+  public static SslContext serverSslContext(String keystoreFile, String keystorePassword)
+      throws Exception {
+    SslProvider sslProvider = sslProvider();
+    KeyStore keyStore = KeyStore.getInstance("PKCS12");
+    InputStream keystoreStream = Security.class.getClassLoader().getResourceAsStream(keystoreFile);
+    char[] keystorePasswordArray = keystorePassword.toCharArray();
+    keyStore.load(keystoreStream, keystorePasswordArray);
 
-    return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
+    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+    keyManagerFactory.init(keyStore, keystorePasswordArray);
+
+    return SslContextBuilder.forServer(keyManagerFactory)
         .protocols("TLSv1.3")
-        .sslProvider(sslProvider())
+        .sslProvider(sslProvider)
         .applicationProtocolConfig(alpnConfig())
         .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
         .build();
diff --git a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/bulkcodec/server/Main.java b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/bulkcodec/server/Main.java
index 4501de4..f06b353 100644
--- a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/bulkcodec/server/Main.java
+++ b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/bulkcodec/server/Main.java
@@ -57,6 +57,8 @@ public static void main(String[] args) throws Exception {
 
     String host = System.getProperty("HOST", "localhost");
     int port = Integer.parseInt(System.getProperty("PORT", "8088"));
+    String keyStoreFile = System.getProperty("KEYSTORE", "localhost.p12");
+    String keyStorePassword = System.getProperty("KEYSTORE_PASS", "localhost");
     boolean isNativeTransport =
         Boolean.parseBoolean(System.getProperty("NATIVE_TRANSPORT", "true"));
     int flowControlWindowSize =
@@ -75,7 +77,7 @@ public static void main(String[] args) throws Exception {
 
     Transport transport = Transport.get(isNativeTransport);
 
-    SslContext sslContext = Security.serverSslContext();
+    SslContext sslContext = Security.serverSslContext(keyStoreFile, keyStorePassword);
 
     ServerBootstrap bootstrap = new ServerBootstrap();
     Channel server =
diff --git a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/callbackscodec/server/Main.java b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/callbackscodec/server/Main.java
index 722ac71..5d35949 100644
--- a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/callbackscodec/server/Main.java
+++ b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/callbackscodec/server/Main.java
@@ -51,6 +51,8 @@ public static void main(String[] args) throws Exception {
 
     String host = System.getProperty("HOST", "localhost");
     int port = Integer.parseInt(System.getProperty("PORT", "8088"));
+    String keyStoreFile = System.getProperty("KEYSTORE", "localhost.p12");
+    String keyStorePassword = System.getProperty("KEYSTORE_PASS", "localhost");
     boolean isNativeTransport =
         Boolean.parseBoolean(System.getProperty("NATIVE_TRANSPORT", "true"));
     int flowControlWindowSize =
@@ -69,7 +71,7 @@ public static void main(String[] args) throws Exception {
 
     Transport transport = Transport.get(isNativeTransport);
 
-    SslContext sslContext = Security.serverSslContext();
+    SslContext sslContext = Security.serverSslContext(keyStoreFile, keyStorePassword);
 
     ServerBootstrap bootstrap = new ServerBootstrap();
     Channel server =
diff --git a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/messagecodec/server/Main.java b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/messagecodec/server/Main.java
index eb75184..28320be 100644
--- a/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/messagecodec/server/Main.java
+++ b/netty-websocket-http2-perftest/src/main/java/com/jauntsdn/netty/handler/codec/http2/websocketx/perftest/messagecodec/server/Main.java
@@ -45,6 +45,8 @@ public static void main(String[] args) throws Exception {
 
     String host = System.getProperty("HOST", "localhost");
     int port = Integer.parseInt(System.getProperty("PORT", "8088"));
+    String keyStoreFile = System.getProperty("KEYSTORE", "localhost.p12");
+    String keyStorePassword = System.getProperty("KEYSTORE_PASS", "localhost");
     boolean isNativeTransport =
         Boolean.parseBoolean(System.getProperty("NATIVE_TRANSPORT", "true"));
     int flowControlWindowSize =
@@ -63,7 +65,7 @@ public static void main(String[] args) throws Exception {
 
     Transport transport = Transport.get(isNativeTransport);
 
-    SslContext sslContext = Security.serverSslContext();
+    SslContext sslContext = Security.serverSslContext(keyStoreFile, keyStorePassword);
 
     ServerBootstrap bootstrap = new ServerBootstrap();
     Channel server =
diff --git a/netty-websocket-http2-perftest/src/main/resources/localhost.p12 b/netty-websocket-http2-perftest/src/main/resources/localhost.p12
new file mode 100644
index 0000000000000000000000000000000000000000..3d07e307ed4b5addc2833d8c8dc1f5f86ba399c8
GIT binary patch
literal 4077
zcmV<J4-)V&f)D8e0Ru3C53dFZDuzgg_YDCD0ic2ppag;soG^k9m@t9`&jtx9hDe6@
z4FLxRpn?U!FoFfV0s#Opf(5k(2`Yw2hW8Bt2LUh~1_~;MNQU<f0So~KFb)I=)hMmm
zf6w!t0s;sCfPw{x3QpamndsLXjaG^<N7Uih+~k6<dHM3mO^Y6<ytbN~50Y!cNty=@
z1u+a<qG8sN_-JJ4tU&4JSxY;spuzWpxU4A|e5Aj>Lj{#%>?ss5W{0EWqT)Yp30^TG
z8S=>I9#DH4t51d7o)TZI4}|Eiy?25Y@5S3=JS~k(xL>u*(XG!zx&V1-DM7q_m@+~%
zHfD}1*`ac;AB?)~J<_kt;1>Us)<spq&H!#ZK+y6a=m-G6A+Sc~?3~_)ct0C9<*{r?
zT<ZZ|IOPe`>53ai`ZrOYtalY|5-riu?mo;bNC$3-uw#}e_sB&2;4l2i(ra9Yl^?u^
z8w&(Go8F*h?Ej8A%l#HcGKDxYjvQK`W$NskvlWT@@|A<qo{$}cnIO0_6dM>QpC(+>
zdVGu2b^giC&A|XGM_~#W)^YLz242c+VvJ-iE!)y3Od%FIi9Sb;3pzEKzwc;hCWIVi
zo=047s%C@(^+)2c)F9~(D=u)1a|UlUr@Tzfmh{v7bu{`agK|2hb4Zt{n_9QfLq!j0
zLW}B#vSEZV>yvv;W%&_YmdB~QdQtk6<{z}bsXxMf&0N=LX;3Hk5$z$rCfa<U8R+!Y
zU$2q$z3m~Xb+81|V4FMlC_}5Jp6H)x+i{@4DVpb^MT_`x4C6WQ!JTziz-wp=hir=V
z03hSAjwLlBT*7h*AO)H@WKMA&qsuQf0sJY?mGDoJqZO(PLhjrxAo#6>2=+!STTgBU
zX`}A5m+@5&ea`vMm<3>Y*g=ReYYk2@$DKw+b%16H#sIyHIlpb|Q*fhDq!jbv6n^zW
zeDkDCo<1u4x_|G!W@&PEZ>34|3-{+{#1j-S_^*|gu46Sv$RL&>PL@if*x0ZfkLW;^
zMovfHlQq)_-X&e0D}g$-nRSHYPHE1p140JYvzRWOS`c+Lw`u~(k`$j(u--PNXZoYN
zXY`QFVK4w8Yrd(eLVVf6+7;t`(Jr6IBx7-j_p6sz2nzD7Q0s3K%7zBgL8>Axv=$M*
zxl?b-pH3k^y=;cp4QQcAAtQ^R$UBzKE0U9|k1RFUrn)MpLxc&QJWVb7RV|ON3i8NQ
znZi5|;C)8f*bx!}P4lYjjKUb}_}odz{{@K^a1^!dCcXZc8;jE9_V1}UZ%VmWiG1b%
zIuwp6bZ$1c;3Kf6Sq2@r4<r3X4*>9tG{v(r^?}BH9U){rZjUzKvDzjUJxT0qd9WWA
zBRgpC@X1^D$#4OuGhNq3hZ%iNLAeqMNQf3Q;9VkVG#ZvpKA))5f91!s;xZmK(|r7*
zf=YGW2nUgN9hTEzAJ<TI=fl{VU<ywZ?^Ofi6Xx$Rxfbvjo9x~G=|m*X#?y^KFu~u!
z5((G5yZI!G5QHt51I0s+6@Xkv4K!SNolgiDEl&>+AF5GkcA90>z;>Nny!8zABB~mq
zk{dQ6>G_}hG!Eh$lcGH!pK)x)uQ|NhaLko`NR)BO7bpRRqOiva^`#q|<VS>!jB8ui
zKBOq`FO?QN`S4|Bj$~$8I}?|B)r_Iq@l+_amahO+>8L?i_-iswvDWtD7%yiNDyl6`
zeSVA;1ii)3_56I^(}XigC^vRC;P^qo;eB{_-H@_fv}z&_D7XX2Iryiojcn@mZigve
zwSsIq6^a!s5bF)i!thyW7Lr)^o6H+v$#L<bKw=sByAP{CqPYcpx&)n7Y(^;kR)6gq
zd?aw7;>p%rYTh{mX|9y}2fbxfTL9H7NhPDQcFYJo6#LHM6gC8;c;9-M1hkn$_lxGb
zGgdY(|3JsY6u-8ICg-YgOc){lVdD-Ca;y+hQjzj1!E9KS7}$J2TIfPG6D^;I$xN#9
zdwLmnyuN-a|G57WDCp>jeW)IO$B@HZFoFre1_>&LNQU<f0S5t~f(fz&f(foLf(fcH
zf(fPu3o3?4hW8Bt3<?1Ppn?f*FoFqcFdPO7Duzgg_YDCI0Ru1&1PHO%X(D|KMT!Cf
z2ml0v2}t8@Yos<e!bMgl=WC5~xNCfQWbB-_&GX>rK0##Jn<O#xBc_f(e|voypNmN|
zP`GDg6wuo_9A3&K7r90V|3WGG3l(^o;=$DyGU<J4xE8ASBm3CzUiby8yaE~!jRO$7
z>#4jnLD!u7$}!X<0eRk7OLlw}iwlJ&&efe;=uojNK#cQU#v!@1ZrPDv4SV}X19|yu
ztEu63tB`mf9;!`~N7AmiA1#1wU3Wt>r!|;ir^>DleK?w7!M00aT;Z&$0q)ukW*HX9
zjQwdAKFpl`=jl7jhSsZ~#<aO!Oj@n#R*(woBwUQVE!5^fjnGi@s+{O`2TKEXG3(WP
zO1-rsTHV47cY_<k^K8)Z`SXD+ximuw@mLreySZf%nm(40L+~W+JBYp4ptYj!Lwu1F
z$a76{NxgS90@u6~=&tIPNV9_`Qp2zCVZ_Q~xuqbfX`MHdZjX*rwn{t7k-!L0uhI9R
zbQ(1b@xy#q*#a{Lv$dMC$XNTDdOM1+?^?P>r~Skis30~R9bzl!6<<9LPQ5$EMXWH8
zE={{(iq&6Vg)1HAYXOyAw<a>Xfs&3ZQ65|JNNkx7uLEE(ypknkH5m8kPZ=fW?vElp
z5Hn_a_DU6*FHf*_y`VfGmc+RSA1x0_;T96qA?x5>3xDtRNi9nCFUZ*W6B$ZYlxfUo
z`+ELQ#-4g(umIpS>iPs4vmt8ndxzjIZe(RHPiwy`yOMFY<%PtURdrF&7q0kP;<nRy
z>)@d5-e~5kMw-zCU+T}x%7|5j$_OSNawrvZ6vof7KqP?5f`xlUTMoZqu^r0?OKy>%
zOQ;mc`Wzi<22jV!xdW6w49aH!TIR^;6N#?TrVq~6scv<(X{~H?U-g^W3}Y>-Nk-EG
z4@q;IOhXKZRc4#J5>jOhEha>~cvPh7f7!^Rs|4iA3(k4A#isX&1Re{n9Xe;@-Yo9!
zwinJZ8ga!=u_`#IRu@lW8L?m@vctqb`YDGkvb}Za(n_P&YG2{QQO@9{F_THbZKiFK
z5{WtFT`zfPfV#Dy9o5JrGS&B|;Q67Z=dw>&3oBOTwPM-H!F?&0w6rK~t;DF9m^E|4
z+eT|!b&tijehmo1(-14Bzx#4jeJU9_4YW~SJsd930Qp%6x<Ec@ioQ<yz*g$(+p%gI
zV=XMNY*=6KUQi%Qga%;^>Tm#vl;F1w^6fO~u&{ROZI>!FU%78U@bFJiLne7|xd_as
z)UngE5w?1AzU!6(k^(T#mbDy>wKN0>z<l~LaSozM0aHI~{i&-(TXlzF+4Wg~%_5{L
z1fo|_T2~C}FA80&j&UF{{#&>Au5&%vn9<cQkN-QLGGOK2039YDSxYH#K%;Shhe0&X
zv%>xn-H^4E%zRX6+T1ADd5TLrZT7mvA;;`2-=k@Xm8K9J0^5tfcriJnuv!r-zwxf1
zn6^=TTL#`WC?TpO7dRBXX}WJjZ@@s+;<aQ;R$bltYJo-d^hFmMH4Cz;>0OTFRBU{%
z88EYU_o|1@xfIzRwn5qD9Ys8a^9wInP26<<Ec%t@x$3!{ug~u{nFn(|i<KK6aySzT
z!%txM2-)i*aITYPlx~^T*O$XnsG!eLVHW0w$u)U1Yh%Tg-pg<D;<AUZWS3?nME^d|
z{wy3$rwC(o(4~QlW;)sPh?!*V)DS<PW}YE@Ojx>34Es)5wXdv?$K6Z&pmEp3NGSGS
z|5oi64iY^bX!|iW#GBv*pB)N~%1~g41-KYphgc%>XSVMSgzov}NhffG=i}wIbHUz3
zL_<T~TqoH9(%E(8qi|e<{GU9!3-r=mSIhIxSsf8rV!(r5zGrN8pqhn6-z!?xKfBvu
zO;1<&jV2wO;a0`+n5+VNX=gW1Z1Ud1v-6jGEm&Vbx*yrMlyWDs#U+ErB$gC$wVS7d
z(LOn4Nm-m(?to?Pt)tG#k9wfiPyNX#Y_2sK3WlU`8Nhghg?~t?@bG$VBT7*D9mr^-
zJk6x&R}=YjZseyDE7#)0KO9ukmfTH?g)|WoL`oz3+<Tg#)h1K<f+uMO_M+Dp206*H
z?-TIyB(n2flni5As^r7Wv-#6x&3q6GcbNHZ@}~^pne}N4?A>wcf>_yuWUEz;L>|U}
zx+J3S<Ch+QPyGV8;uH708u%quMWFYDBNW`|HM3fs%3wddRF5OA$VxX=>Ri@BFp1}l
zv=ZOE-Mv!a47Rw>OXSXqh)Y9Xww|2t&)6%fucji#h}D1YKToR1q4uW7^<L`)RGQ2P
zM-P$p^<Zn2$#mmoagns)z|-2R@?BNE@b%sECw4v&9^dI;lbD!87xWr&*(Zddk5hhX
zj!N#lBFP!c@`~~|;BTM9TMdvHEW@65WCwc-<wYU(Rz};nMJ4QJa7-t4SN1PJp25#J
zrDdv?H0jSZ_3t!l-`7c*VdFb{p-=*WBA_Om93jB;@*0;Os_VIU5?XSAMYbgNqP=1j
z+41;YmO|7Ph|4(=<p{F5r2NsFT^&6=nUVn9E(hS=GHk-xauxJxD<*bRft7e6Mb)4e
zlwvuvgM(iUmZ&El45!fLPahvsp;a@C38Zzr8@xY=gz}#glc!B+h4lk7-{OuP^PhN#
z&r9Z~9MvXCxxuJ7u91t1%#7^C5QFBdY9q~?zX6SxZVxf5iXwm&v1O}EdUtxAyfgEt
z?FxVU45lbURh<b4+y>nqW?o?AAEjfEQ!j*6qvdH8Qg5|KB;S!bkNG$ZW@M=yvB;<E
z#J!I5Fz}73C1hrfReVQXX2qrCz|@LAf6fhbL(r2Z%YN;n)aSTBrv&iR*!(woR-(ej
z3Ux4x%8*___sI(gPb1z+>@Hl3(c4Dajk$1OZBFxV9Y9?Ui6!}|0!o%)VY#IoOmPz}
zks(RvNRkP%&|E{{20UYI(d+XJ!=HwDOD1Gv_p{#<twJKRft}y#m^4)U>GKj8pE@A9
z<;o!##aKRhE0)Rm_eWF+yHUP^s&l4pP=s~lqHkPc*jIk$AA&=@BruHgMhjo+Qm}=%
zb!w~Wp2)Cz(Orq{H#vTcF)9XBt6cLaIFMyM0!8amZ#+*7(+ybXUrjpC-UgR3?20AR
zIhbHSg|Ub158iflXKi2*LR{L_WDx`xrd8AVl-ydtl;36-DH=lr)$1`OFe3&DDuzgg
z_YDCF6)_eB6cZ4_6Sxa6(7ZTkxBXPd{Ej?>HZU<TAutIB1uG5%0vZJX1Qa9|?=?<a
f(+M`tReI1(&ZPR(;N%1d_nu5G3gqyL0s;sC7*w%R

literal 0
HcmV?d00001