You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2007/10/02 20:55:17 UTC
svn commit: r581347 - in /incubator/cxf/trunk:
common/schemas/src/main/resources/schemas/configuration/
rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/
systests/src/test/java/org/apache/cxf/systest/http/ systests/src/test/jav...
Author: dkulp
Date: Tue Oct 2 11:55:16 2007
New Revision: 581347
URL: http://svn.apache.org/viewvc?rev=581347&view=rev
Log:
[CXF-1085] TrustStores in PEM format - Patch from Fred Dushin applied.
Added:
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12 (with props)
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12 (with props)
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml (with props)
Modified:
incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
Modified: incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd (original)
+++ incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd Tue Oct 2 11:55:16 2007
@@ -25,10 +25,10 @@
xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
xmlns:tns="http://cxf.apache.org/configuration/security"
xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
jaxb:version="2.0">
<xs:import namespace="http://www.springframework.org/schema/beans"/>
@@ -116,6 +116,16 @@
</xs:complexType>
<xs:complexType name="KeyStoreType">
+ <xs:annotation>
+ <xs:documentation>
+ A KeyStoreType represents the information needed to load a collection
+ of key and certificate material from a desired location.
+ The "url", "file", and "resource" attributes are intended to be
+ mutually exclusive, though this assumption is not encoded in schema.
+ The precedence order observed by the runtime is
+ 1) "file", 2) "resource", and 3) "url".
+ </xs:documentation>
+ </xs:annotation>
<xs:attribute name="type" type="xs:string">
<xs:annotation>
<xs:documentation>
@@ -173,6 +183,49 @@
</xs:attribute>
</xs:complexType>
+ <xs:complexType name="CertStoreType">
+ <xs:annotation>
+ <xs:documentation>
+ A CertStoreType represents a catenated sequence of X.509 certificates,
+ in PEM or DER format.
+ The "url", "file", and "resource" attributes are intended to be
+ mutually exclusive, though this assumption is not encoded in schema.
+ The precedence order observed by the runtime is
+ 1) "file", 2) "resource", and 3) "url".
+ </xs:documentation>
+ </xs:annotation>
+ <xs:attribute name="file" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the File location of the certificate store.
+ This element should be a properly accessible file from the
+ working directory. Only one attribute of
+ "url", "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="resource" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the Resource location of the certificate store.
+ This element should be a properly accessible on the classpath.
+ Only one attribute of
+ "url", "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="url" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute specifies the URL location of the certificate store.
+ This element should be a properly accessible URL, such as
+ "http://..." "file:///...", etc. Only one attribute of
+ "url", "file", or "resource" is allowed.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
+
<xs:complexType name="KeyManagersType">
<xs:annotation>
<xs:documentation>
@@ -183,37 +236,37 @@
<xs:sequence>
<xs:element name="keyStore" type="tns:KeyStoreType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element specified the Keystore for these JSSE KeyManagers.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element specified the Keystore for these JSSE KeyManagers.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:sequence>
<xs:attribute name="keyPassword" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the password that unlocks the keys
- within the keystore.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the password that unlocks the keys
+ within the keystore.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="provider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the KeyManagers provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the KeyManagers provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="factoryAlgorithm" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the algorithm the KeyManagers Factory
- will use in creating the KeyManagers from the KeyStore. Most
- common examples are "PKIX".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the algorithm the KeyManagers Factory
+ will use in creating the KeyManagers from the KeyStore. Most
+ common examples are "PKIX".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="TrustManagersType">
@@ -223,31 +276,40 @@
a single Keystore used for trusted certificates.
</xs:documentation>
</xs:annotation>
- <xs:sequence>
- <xs:element name="keyStore" type="tns:KeyStoreType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the KeyStore used as a trust store.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="provider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the KeyManagers provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:choice>
+ <xs:element name="keyStore" type="tns:KeyStoreType"
+ minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the KeyStore used as a trust
+ store.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="certStore" type="tns:CertStoreType" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the CertStore used as a trust store.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:choice>
+ <xs:attribute name="provider" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the KeyManagers provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="factoryAlgorithm" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the algorithm the KeyManagers Factory
- will use in creating the KeyManagers from the KeyStore. Most
- common examples are "PKIX".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the algorithm the KeyManagers Factory
+ will use in creating the KeyManagers from the KeyStore. Most
+ common examples are "PKIX".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="CipherSuites">
@@ -281,122 +343,122 @@
<xs:complexType name="TLSClientParametersType">
<xs:all>
<xs:element name="keyManagers" type="tns:KeyManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the KeyManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the KeyManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="trustManagers" type="tns:TrustManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the TrustManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the TrustManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuites" type="tns:CipherSuites" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the the CipherSuites that will be supported.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the the CipherSuites that will be supported.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuitesFilter" type="tns:FiltersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the filters of the supported CipherSuites
- that will be supported and used if available.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the filters of the supported CipherSuites
+ that will be supported and used if available.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="secureRandomParameters"
type="tns:SecureRandomParameters" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains SecureRandom specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains SecureRandom specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:all>
<xs:attribute name="jsseProvider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the JSSE provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the JSSE provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="secureSocketProtocol" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the Protocol Name. Most common
- example is "SSL", "TLS" or "TLSv1".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the Protocol Name. Most common
+ example is "SSL", "TLS" or "TLSv1".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="TLSServerParametersType">
<xs:all>
<xs:element name="keyManagers" type="tns:KeyManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the KeyManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the KeyManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="trustManagers" type="tns:TrustManagersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the TrustManagers specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the TrustManagers specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuites" type="tns:CipherSuites" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the the CipherSuites that will be supported.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the the CipherSuites that will be supported.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="cipherSuitesFilter" type="tns:FiltersType" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains the filters of the supported CipherSuites
- that will be supported and used if available.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the filters of the supported CipherSuites
+ that will be supported and used if available.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="secureRandomParameters"
type="tns:SecureRandomParameters" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains SecureRandom specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains SecureRandom specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="clientAuthentication"
type="tns:ClientAuthentication" minOccurs="0">
- <xs:annotation>
- <xs:documentation>
- This element contains Client Authentication specification.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
+ <xs:annotation>
+ <xs:documentation>
+ This element contains Client Authentication specification.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:all>
<xs:attribute name="jsseProvider" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the JSSE provider name.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the JSSE provider name.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
<xs:attribute name="secureSocketProtocol" type="xs:string">
- <xs:annotation>
- <xs:documentation>
- This attribute contains the Protocol Name. Most common
- example is "SSL", "TLS" or "TLSv1".
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the Protocol Name. Most common
+ example is "SSL", "TLS" or "TLSv1".
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
</xs:schema>
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java Tue Oct 2 11:55:16 2007
@@ -23,13 +23,21 @@
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import org.apache.cxf.configuration.security.CertStoreType;
import org.apache.cxf.configuration.security.KeyManagersType;
import org.apache.cxf.configuration.security.KeyStoreType;
import org.apache.cxf.configuration.security.SecureRandomParameters;
@@ -108,6 +116,65 @@
}
return keyStore;
}
+
+ /**
+ * This method converts a JAXB generated CertStoreType into a KeyStore.
+ */
+ public static KeyStore getKeyStore(final CertStoreType pst)
+ throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
+
+ if (pst == null) {
+ return null;
+ }
+
+ if (pst.isSetFile()) {
+ return createTrustStore(new FileInputStream(pst.getFile()));
+ }
+ if (pst.isSetResource()) {
+ return createTrustStore(
+ pst.getClass().getClassLoader().getResourceAsStream(
+ pst.getResource()
+ )
+ );
+ }
+ if (pst.isSetUrl()) {
+ return createTrustStore(new URL(pst.getUrl()).openStream());
+ }
+ // TODO error?
+ return null;
+ }
+
+ /**
+ * Create a KeyStore containing the trusted CA certificates contained
+ * in the supplied input stream.
+ */
+ private static KeyStore createTrustStore(final java.io.InputStream is)
+ throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
+
+ final Collection<? extends Certificate> certs = loadCertificates(is);
+ final KeyStore keyStore =
+ KeyStore.getInstance(KeyStore.getDefaultType());
+ keyStore.load(null, null);
+ for (Certificate cert : certs) {
+ final X509Certificate xcert = (X509Certificate) cert;
+ keyStore.setCertificateEntry(
+ xcert.getSubjectX500Principal().getName(),
+ cert
+ );
+ }
+ return keyStore;
+ }
+
+ /**
+ * load the certificates as X.509 certificates
+ */
+ private static Collection<? extends Certificate>
+ loadCertificates(final java.io.InputStream is)
+ throws IOException, CertificateException {
+
+ final CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ return factory.generateCertificates(is);
+ }
/**
* This method converts the JAXB KeyManagersType into a list of
@@ -145,23 +212,27 @@
* This method converts the JAXB KeyManagersType into a list of
* JSSE TrustManagers.
*/
- public static TrustManager[] getTrustManagers(TrustManagersType kmc)
+ public static TrustManager[] getTrustManagers(TrustManagersType tmc)
throws GeneralSecurityException,
IOException {
- KeyStore keyStore = getKeyStore(kmc.getKeyStore());
-
+ final KeyStore keyStore =
+ tmc.isSetKeyStore()
+ ? getKeyStore(tmc.getKeyStore())
+ : (tmc.isSetCertStore()
+ ? getKeyStore(tmc.getCertStore())
+ : (KeyStore) null);
if (keyStore == null) {
return null;
}
- String alg = kmc.isSetFactoryAlgorithm()
- ? kmc.getFactoryAlgorithm()
+ String alg = tmc.isSetFactoryAlgorithm()
+ ? tmc.getFactoryAlgorithm()
: KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac =
- kmc.isSetProvider()
- ? TrustManagerFactory.getInstance(alg, kmc.getProvider())
+ tmc.isSetProvider()
+ ? TrustManagerFactory.getInstance(alg, tmc.getProvider())
: TrustManagerFactory.getInstance(alg);
fac.init(keyStore);
Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java (original)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java Tue Oct 2 11:55:16 2007
@@ -106,4 +106,10 @@
testSuccessfulCall("resources/jaxws-publish.xml",
"https://localhost:9001/SoapContext/HttpsPort");
}
+
+ @Test
+ public final void testPKCS12Endpoint() throws Exception {
+ testSuccessfulCall("resources/pkcs12.xml",
+ "https://localhost:9003/SoapContext/HttpsPort");
+ }
}
Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12?rev=581347&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12?rev=581347&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem?rev=581347&view=auto
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem Tue Oct 2 11:55:16 2007
@@ -0,0 +1,60 @@
+-----BEGIN CERTIFICATE-----
+MIICIDCCAYkCBEYRaYcwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZCZXRoYWwxDzANBgNVBAMTBkJl
+dGhhbDAeFw0wNzA0MDIyMDM3MjdaFw0zNDA4MTgyMDM3MjdaMFcxCzAJBgNVBAYTAlVTMREwDwYD
+VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGQmV0aGFsMQ8wDQYD
+VQQDEwZCZXRoYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJHOyFu8tTt4g9tBv0bY8c4K
+uidfMlHbFQAukIFXLkR4xu5IxG5OI53ZE0F6rqcPFve1sdEV9h+MxmzqQbo180Wyv1rUEq2AScK3
+6bo0ALuZsreQQmNVGBOjxBpTtrRErRfNJe1mvzNMz9VlGdSNWW17CrBz9kmz6G1EWg8aGfZHAgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAbw+VwP1tnBm3cFLFgONnGCozN8XqV2M0OklJ5lBDJL7BV2Ng
+BtTZ8as9jTGYdjetKQXX75wWL7OS7vnkm/9tbr/vNBljT0OP0Yr2X7TAbDdhFfsk/D5mBpXdzXz2
+wqxVZjj6sm5zvwC32e4AxGG0edmY1DN9VMZzA/FrzBP0qoE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICHDCCAYUCBEYRaYkwDQYJKoZIhvcNAQEEBQAwVTELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ4wDAYDVQQLEwVHb3JkeTEOMAwGA1UEAxMFR29y
+ZHkwHhcNMDcwNDAyMjAzNzI5WhcNMzQwODE4MjAzNzI5WjBVMQswCQYDVQQGEwJVUzERMA8GA1UE
+BxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDjAMBgNVBAsTBUdvcmR5MQ4wDAYDVQQD
+EwVHb3JkeTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqIbNth+G4Q5tkZvoUZdQsY9RnjAA
+mgKVBUaOVvv//qOniOTskLqBFyKGoMpbCfNAU7/zVKP5fLTLccLdJyCagKGrs1ZmKaNiTRcOnfkE
+3dHnEIp83+hNmASGsrZcyLihtro1N3pMTuXbXzu7x3F2U7fxYFg66iviTEGF6T7dY3MCAwEAATAN
+BgkqhkiG9w0BAQQFAAOBgQBPjsYFdqz0JF9shNpvke/H1eHqhyXJgPdHdCu/ewRO2wV6I9WBrGNU
+cmmKZmAUsv99Y0Tpz59uEXFcM3cBZU4/obw3DlwwWmaVMoIwQ2Nd2FChC6uyKIJ0Bvpx+aDxjm48
+b8c58EHCcU2FRo/nVWctJL9xJ7oBrke5GZrBlUF+rA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNDCCAZ0CBEYRaY4wDQYJKoZIhvcNAQEEBQAwYTELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZNb3JwaXQxGTAXBgNVBAMTEHdo
+YXRldmVyaG9zdC5jb20wHhcNMDcwNDAyMjAzNzM0WhcNMzQwODE4MjAzNzM0WjBhMQswCQYDVQQG
+EwJVUzERMA8GA1UEBxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDzANBgNVBAsTBk1v
+cnBpdDEZMBcGA1UEAxMQd2hhdGV2ZXJob3N0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAk4FbJxfjllrApiECK5oRbgmTC1exx59HWck20R2AYU6kIkdZa78Ca+oc/zaPCtsVL/QZbjHE
+7lnvVK55tnpGW9qzLxsAHZmYyA/4Wdmcbz/Niwsfm062z94+AKMCGum/1Ug1QZUiRKweZTRBHhmT
+VsxSDEGTTi6UVim6nv47ZlcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAjWR/W+YO0I5sBlb+zNTbJ
+TPs4CqM4UHQS+prOx59R134FbocgkGncm00FBrO857KJHdSCRjOUUpc3S+MP13FGqSQm2Q0lNjUV
+IygvdZ+BATfgsJ92NbnuIhIVAA+i8AVZK//qPRCMz1Rdm1G994qCw3A4lQMi5eqKYYwqkRJeXw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICIDCCAYkCBEYRaYwwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZQb2x0aW0xDzANBgNVBAMTBlBv
+bHRpbTAeFw0wNzA0MDIyMDM3MzJaFw0zNDA4MTgyMDM3MzJaMFcxCzAJBgNVBAYTAlVTMREwDwYD
+VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGUG9sdGltMQ8wDQYD
+VQQDEwZQb2x0aW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/bdivrpaR4Njvo7WB4ipEh
+422V2bAyapFvgOq/tHusGR/e3wH0v9g+9xwnNyqFjhueceuWahXAvNHvknuUaelW0346Aay0fBAu
+EsyowWBTVi/pU+iZleN9FD8uBalY1s6e+xqu+yckhHuBP77TcTar1hBjCIfy2Eo2YevDL6qlAgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAuT7QoNfGG7GjfQuU/oYj5vHPH7nPhLtkQBVTEi0WyzgJUXie
+rNG/u4VEZtNtK4+4J5tQyb4YtP2GPUUpWrhusKUaW4eMU79rzpUbZnGUBzTbth8kBoN9xHzXiSop
+ohPdOnGo5ZjThZnLEn/o9doUEX64o4eauu15SPoDLzSfLJ0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICIDCCAYkCBEYRaYswDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZUYXJwaW4xDzANBgNVBAMTBlRh
+cnBpbjAeFw0wNzA0MDIyMDM3MzFaFw0zNDA4MTgyMDM3MzFaMFcxCzAJBgNVBAYTAlVTMREwDwYD
+VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGVGFycGluMQ8wDQYD
+VQQDEwZUYXJwaW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKGG8UtWnHyWKFVDJSuSlhT/
+vKxrPjfNBtvdaiQx5gNAlc8QVL5lPOXcJljTF3dEb0QQ1ajai3kC71NE2ABOrxk7Jvk3bEma5Yfy
+U3m/OBthL9H8kE3O3+bh4K2LTsRwIa2Zd1wYbj44vUxsiHhzxer3q3FDfLxsqtahsxz7WjG1AgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAE6EWRbYxGOlwmtpv0XE4FwbXYdSDArc+ArhOJWKTzoE3U9l8
+kg1wJL49VXEmVIxpipXKs7d9lpIVLPFsbBVJRZwH8sgHE39nTjfeyHNmwZcd63Lrn+2RydkAo5P9
+FYi8HFGEM5dON4PSo3Et6ycHy1IrS8htrNu+FoW84FRTKDA=
+-----END CERTIFICATE-----
Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh (original)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh Tue Oct 2 11:55:16 2007
@@ -25,6 +25,7 @@
# Start with a clean slate. Remove all keystores.
#
rm -f *.jks
+rm -f Truststore.pem
#
# This function generates a key/self-signed certificate with the following DN.
@@ -47,5 +48,6 @@
for name in Bethal Gordy Tarpin Poltim Morpit
do
genkey $name $name
+ keytool -export -keystore Truststore.jks -storepass password -alias $i -rfc >> Truststore.pem
done
Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml?rev=581347&view=auto
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml Tue Oct 2 11:55:16 2007
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ ">
+
+ <!-- -->
+ <!-- This Spring config file is designed to represent a minimal -->
+ <!-- configuration for spring-loading a CXF servant, where the -->
+ <!-- servant listens using HTTP/S as the transport protocol. -->
+ <!-- -->
+ <!-- Note that the service endpoint is spring-loaded. In the -->
+ <!-- scenario in which this config is designed to run, the -->
+ <!-- server application merely instantiates a Bus, and does not -->
+ <!-- publish any services programmatically -->
+ <!-- -->
+ <!-- This test ensures we can use PKCS12 keystores and PEM truststores -->
+ <!-- -->
+
+ <!-- -->
+ <!-- Spring-load an HTTPS servant -->
+ <!-- -->
+ <jaxws:server
+ id="JaxwsHttpsEndpoint"
+ address="https://localhost:9003/SoapContext/HttpsPort"
+ serviceName="s:SOAPService"
+ endpointName="e:HttpsPort"
+ xmlns:e="http://apache.org/hello_world/services"
+ xmlns:s="http://apache.org/hello_world/services"
+ depends-on="port-9003-tls-config">
+ <jaxws:serviceBean>
+ <bean class="org.apache.cxf.systest.http.GreeterImpl"/>
+ </jaxws:serviceBean>
+ </jaxws:server>
+
+ <!-- -->
+ <!-- TLS Port configuration parameters for port 9002 -->
+ <!-- -->
+ <httpj:engine-factory id="port-9003-tls-config">
+ <httpj:engine port="9003">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="pkcs12" password="password"
+ file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:certStore
+ file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem"/>
+ </sec:trustManagers>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <!-- -->
+ <!-- HTTP/S configuration for clients -->
+ <!-- -->
+ <http:conduit name="{http://apache.org/hello_world/services}HttpsPort.http-conduit">
+ <http:tlsClientParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="pkcs12" password="password"
+ file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:certStore
+ file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+</beans>
Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml