Test support certicate

[JiriOndrusek]

fixes #5967
fixes #6125
fixes #6126
fixes #6127

PR refactors following modules to use test-support-certificate-generator:

• ftp
• mail
• http
• netty
• vertx-websocke
• oaimph
• platform-http-proxy-ssl
• platform-http
• nats

for cxf-soap and ldap no change is provided. The certificate-generator project does not allow to customize such high details of certificate generation. Detailed explanation can be seen in the comment.

[jamesnetherton]

Thanks a lot for this @JiriOndrusek!

Please can you check this can work in the quarkus-platform. I tested a few things (mail & kafka) and they passed. But paho and paho-mqtt5 were failing for me with a remote docker host, due to certificate validation errors.

Caused by: org.apache.camel.FailedToCreateProducerException: Failed to create Producer for endpoint: paho://ssl-test-queue?brokerUrl=ssl%3A%2F%2F10.211.55.4%3A32841&httpsHostnameVerificationEnabled=false&retained=true&sslClientProps.com.ibm.ssl.keyStore=xxxxxx&sslClientProps.com.ibm.ssl.keyStorePassword=xxxxxx&sslClientProps.com.ibm.ssl.trustStore=%2Fvar%2Ffolders%2Fk6%2Fn3w463p55p90hngvrn0kfts00000gn%2FT%2Fkeystore-12375241441257024880.p12&sslClientProps.com.ibm.ssl.trustStorePassword=xxxxxx&sslHostnameVerifier=%23hostnameVerifier. Reason: org.apache.camel.RuntimeCamelException: MqttException (0) - javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at org.apache.camel.support.cache.DefaultProducerCache.acquireProducer(DefaultProducerCache.java:143)
	at org.apache.camel.support.cache.DefaultProducerCache.send(DefaultProducerCache.java:159)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.send(DefaultProducerTemplate.java:176)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.send(DefaultProducerTemplate.java:172)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.send(DefaultProducerTemplate.java:153)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:187)
	at org.apache.camel.impl.engine.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:195)
	at org.apache.camel.quarkus.component.paho.PahoResource.producePahoMessage(PahoResource.java:91)
	at org.apache.camel.quarkus.component.paho.PahoResource_ClientProxy.producePahoMessage(Unknown Source)

[JiriOndrusek]

Thank for finding that!

This is just oversight on my side. I refactored away docker=true on paho and paho mqtt5 test classes.

[JiriOndrusek]

I'll check again all affected tests

• on FIPS machine (native) ✅
• with quarkus-platform ✅
• with external docker host

[JiriOndrusek]

@jamesnetherton the first 2 "groups" were successful.
I encountered a few issues with the external-docker. Unfortunately I have some local issues, so I'm using FIPS machine as an external docker, therefore I think that there is no problem.
Can you re-check following modules with external-docker?

• Mail
• Nats
• Kafka SASL SSL
• Kafka SSL

[jamesnetherton]

Can you re-check following modules with external-docker?

I checked and they all passed 👍

So I guess we're good to merge this?

[JiriOndrusek]

Can you re-check following modules with external-docker?

I checked and they all passed 👍

So I guess we're good to merge this?

Yes, we are good.