You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/14 22:54:51 UTC
svn commit: r1778855 - in
/axis/axis2/java/rampart/trunk/modules/rampart-integration: pom.xml
src/main/java/org/apache/axis2/integration/JettyServer.java
Author: veithen
Date: Sat Jan 14 22:54:51 2017
New Revision: 1778855
URL: http://svn.apache.org/viewvc?rev=1778855&view=rev
Log:
Generate server certificates dynamically at runtime instead of during the build.
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/main/java/org/apache/axis2/integration/JettyServer.java
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml?rev=1778855&r1=1778854&r2=1778855&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml Sat Jan 14 22:54:51 2017
@@ -368,83 +368,6 @@
</execution>
</executions>
</plugin>
- <plugin>
- <artifactId>maven-clean-plugin</artifactId>
- <executions>
- <execution>
- <!-- Need to clean the keystore because keytool-maven-plugin is not idempotent and fails
- when executing mvn install twice in a row. Note that keytool-maven-plugin also has
- a "clean" goal but we don't use it because it generates a warning if the keystore
- doesn't exist. -->
- <phase>generate-test-resources</phase>
- <goals>
- <goal>clean</goal>
- </goals>
- <configuration>
- <excludeDefaultDirectories>true</excludeDefaultDirectories>
- <filesets>
- <fileset>
- <directory>${project.build.directory}/test-resources/jetty</directory>
- <includes>
- <include>server.jks</include>
- <include>server.cer</include>
- <include>client.jks</include>
- </includes>
- </fileset>
- </filesets>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>keytool-maven-plugin</artifactId>
- <version>1.5</version>
- <executions>
- <execution>
- <id>generate-key-pair</id>
- <phase>generate-test-resources</phase>
- <goals>
- <goal>generateKeyPair</goal>
- </goals>
- <configuration>
- <alias>server</alias>
- <dname>cn=localhost,o=OASIS</dname>
- <keyalg>RSA</keyalg>
- <keypass>password</keypass>
- <keystore>${project.build.directory}/test-resources/jetty/server.jks</keystore>
- <storepass>password</storepass>
- </configuration>
- </execution>
- <execution>
- <id>export-certificate</id>
- <phase>generate-test-resources</phase>
- <goals>
- <goal>exportCertificate</goal>
- </goals>
- <configuration>
- <alias>server</alias>
- <file>${project.build.directory}/test-resources/jetty/server.cer</file>
- <keystore>${project.build.directory}/test-resources/jetty/server.jks</keystore>
- <storepass>password</storepass>
- </configuration>
- </execution>
- <execution>
- <id>import-certificate</id>
- <phase>generate-test-resources</phase>
- <goals>
- <goal>importCertificate</goal>
- </goals>
- <configuration>
- <alias>server</alias>
- <file>${project.build.directory}/test-resources/jetty/server.cer</file>
- <keystore>${project.build.directory}/test-resources/jetty/client.jks</keystore>
- <storepass>password</storepass>
- <noprompt>true</noprompt>
- </configuration>
- </execution>
- </executions>
- </plugin>
<!--plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
@@ -585,5 +508,10 @@
<artifactId>axis2-testutils</artifactId>
<version>${axis2.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>${bcprov.jdk15.version}</version>
+ </dependency>
</dependencies>
</project>
Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/src/main/java/org/apache/axis2/integration/JettyServer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/main/java/org/apache/axis2/integration/JettyServer.java?rev=1778855&r1=1778854&r2=1778855&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-integration/src/main/java/org/apache/axis2/integration/JettyServer.java (original)
+++ axis/axis2/java/rampart/trunk/modules/rampart-integration/src/main/java/org/apache/axis2/integration/JettyServer.java Sat Jan 14 22:54:51 2017
@@ -16,6 +16,17 @@
package org.apache.axis2.integration;
import java.io.File;
+import java.io.FileOutputStream;
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Random;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
@@ -29,38 +40,23 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.transport.http.AxisServlet;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
/**
* Support for running an embedded Jetty server
*/
public class JettyServer extends ExternalResource {
-
- /**
- * Keystore to configure for Jetty's ssl context factory: {@value}
- */
- private static final String KEYSTORE = "target/test-resources/jetty/server.jks";
-
- /**
- * Keymanager password to configure for Jetty's ssl context factory: {@value
- */
- private static final String KEYMAN_PASSWORD = "password";
-
- /**
- * Keystore password to configure for Jetty's ssl context factory: {@value}
- */
- private static final String KEYSTORE_PASSWORD = "password";
-
/**
* The alias of the certificate to configure for Jetty's ssl context factory: {@value}
*/
private static final String CERT_ALIAS = "server";
/**
- * Client keystore containing Jetty's server certificate as trusted certificate entry: : {@value}
- */
- private static final String CLIENT_KEYSTORE = "target/test-resources/jetty/client.jks";
-
- /**
* Axis2 configuration file to use: {@value}
*/
private static final String AXIS2_XML = "src/test/resources/conf/axis2.xml";
@@ -74,6 +70,8 @@ public class JettyServer extends Externa
private final String repository;
private final boolean secure;
+ private File keyStoreFile;
+ private File trustStoreFile;
private Server server;
private boolean systemPropertiesSet;
private String savedTrustStore;
@@ -96,6 +94,23 @@ public class JettyServer extends Externa
this.secure = secure;
}
+ private String generatePassword(Random random) {
+ char[] password = new char[8];
+ for (int i=0; i<password.length; i++) {
+ password[i] = (char)('0' + random.nextInt(10));
+ }
+ return new String(password);
+ }
+
+ private void writeKeyStore(KeyStore keyStore, File file, String password) throws Exception {
+ FileOutputStream out = new FileOutputStream(file);
+ try {
+ keyStore.store(out, password.toCharArray());
+ } finally {
+ out.close();
+ }
+ }
+
@Override
protected void before() throws Throwable {
server = new Server();
@@ -104,21 +119,55 @@ public class JettyServer extends Externa
SelectChannelConnector connector = new SelectChannelConnector();
server.addConnector(connector);
} else {
+ SecureRandom random = new SecureRandom();
+
+ // Generate key pair
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+ keyPairGenerator.initialize(1024, random);
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+ PrivateKey privateKey = keyPair.getPrivate();
+ PublicKey publicKey = keyPair.getPublic();
+
+ // Generate certificate
+ X500Name dn = new X500Name("cn=localhost,o=Apache");
+ BigInteger serial = BigInteger.valueOf(random.nextInt());
+ Date notBefore = new Date();
+ Date notAfter = new Date(notBefore.getTime() + 3600000L);
+ SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
+ X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(dn, serial, notBefore, notAfter, dn, subPubKeyInfo);
+ X509CertificateHolder certHolder = certBuilder.build(new JcaContentSignerBuilder("SHA1WithRSA").build(privateKey));
+ X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
+
+ // Build key store
+ keyStoreFile = File.createTempFile("keystore", "jks", null);
+ String keyStorePassword = generatePassword(random);
+ String keyPassword = generatePassword(random);
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(null, null);
+ keyStore.setKeyEntry(CERT_ALIAS, privateKey, keyPassword.toCharArray(), new X509Certificate[] { cert });
+ writeKeyStore(keyStore, keyStoreFile, keyStorePassword);
+
+ // Build trust store
+ trustStoreFile = File.createTempFile("truststore", "jks", null);
+ String trustStorePassword = generatePassword(random);
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(null, null);
+ trustStore.setCertificateEntry(CERT_ALIAS, cert);
+ writeKeyStore(trustStore, trustStoreFile, trustStorePassword);
+
SslContextFactory sslContextFactory = new SslContextFactory();
- sslContextFactory.setKeyStorePath(KEYSTORE);
- sslContextFactory.setKeyStorePassword(KEYSTORE_PASSWORD);
- sslContextFactory.setKeyManagerPassword(KEYMAN_PASSWORD);
- sslContextFactory.setTrustStore(KEYSTORE);
- sslContextFactory.setTrustStorePassword(KEYSTORE_PASSWORD);
+ sslContextFactory.setKeyStorePath(keyStoreFile.getAbsolutePath());
+ sslContextFactory.setKeyStorePassword(keyStorePassword);
+ sslContextFactory.setKeyManagerPassword(keyPassword);
sslContextFactory.setCertAlias(CERT_ALIAS);
SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
server.addConnector(sslConnector);
savedTrustStore = System.getProperty("javax.net.ssl.trustStore");
- System.setProperty("javax.net.ssl.trustStore", CLIENT_KEYSTORE);
+ System.setProperty("javax.net.ssl.trustStore", trustStoreFile.getAbsolutePath());
savedTrustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
- System.setProperty("javax.net.ssl.trustStorePassword", KEYSTORE_PASSWORD);
+ System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
savedTrustStoreType = System.getProperty("javax.net.ssl.trustStoreType");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
systemPropertiesSet = true;
@@ -195,6 +244,14 @@ public class JettyServer extends Externa
savedTrustStoreType = null;
systemPropertiesSet = false;
}
+ if (keyStoreFile != null) {
+ keyStoreFile.delete();
+ keyStoreFile = null;
+ }
+ if (trustStoreFile != null) {
+ trustStoreFile.delete();
+ trustStoreFile = null;
+ }
}
/**