Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8281

[Broker-J] Regenerate test keystores and trustores containing RSA 1024bit keys

    Details

      Description

      Unit and integration tests operating with pre-generated test key-stores are failing with newer JDKs like openjdk-1.8.0.201.b09-2 due to deprecation of RSA 1024bit keys:

      Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=MyRootCA, O=ACME, ST=Ontario, C=CA.  Usage was tls server
      	at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817)
      	at sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:419)
      	at sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:167)
      	at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:332)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1222)
      

      Test kestores and key materials based on RSA 1024bit keys need to be re-created with stronger RSA keys

        Attachments

          Activity

            People

            • Assignee:
              orudyy Alex Rudyy
              Reporter:
              orudyy Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: