You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by jl...@apache.org on 2008/01/08 06:39:44 UTC
svn commit: r609875 [1/2] - in
/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https:
./ bin/ certs/ certs/demoCA/ certs/demoCA/newcerts/ src/ src/demo/
src/demo/jaxrs/ src/demo/jaxrs/client/ src/demo/jaxrs/server/
Author: jliu
Date: Mon Jan 7 21:39:40 2008
New Revision: 609875
URL: http://svn.apache.org/viewvc?rev=609875&view=rev
Log:
Added a secure jax-rs demo to show how to use https
Added:
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLX509TrustManager.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/Client.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/add_customer.txt (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/update_customer.txt (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Customer.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/CustomerService.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Order.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Product.java (with props)
incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Server.java (with props)
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf Mon Jan 7 21:39:40 2008
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+ ** This file configures the Cherry Server.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+ xsi:schemaLocation="
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
+ http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+ <httpj:engine-factory bus="cxf">
+ <httpj:engine port="9000">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password"
+ file="certs/cherry.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password"
+ file="certs/truststore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+</beans>
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt Mon Jan 7 21:39:40 2008
@@ -0,0 +1,141 @@
+JAX-RS Basic Demo With HTTPS communications
+===========================================
+
+This demo takes the JAX-RS basic demo a step further
+by doing the communication using HTTPS.
+
+The JAX-RS server is configured with a HTTPS listener. The listener
+requires client authentication so the client must provide suitable
+credentials. The listener configuration is taken from the
+"CherryServer.cxf" file located under demo directory.
+
+The client is configured to provide its certificate "CN=Wibble" and
+chain stored in the Java KeyStore "certs/wibble.jks" to the server. The
+server authenticates the client's certificate using its trust store
+"certs/truststore.jks", which holds the Certificate Authorities'
+certificates.
+
+Likewise the client authenticates the server's certificate "CN=Cherry"
+and chain against the same trust store. Note also the usage of the
+cipherSuitesFilter configuration in the configuration files,
+where each party imposes different ciphersuites contraints, so that the
+ciphersuite eventually negotiated during the TLS handshake is acceptable
+to both sides. This may be viewed by adding a -Djavax.net.debug=all
+argument to the JVM.
+
+But please note that it is not adviseable to store sensitive data such
+as passwords stored in a clear text configuration file, unless the
+file is sufficiently protected by OS level permissions. The KeyStores
+may be configured programatically so using user interaction may be
+employed to keep passwords from being stored in configuration files.
+The approach taken here is for demonstration reasons only.
+
+Please review the README in the samples directory before
+continuing.
+
+
+Prerequisites
+-------------
+
+If your environment already includes cxf-manifest-incubator.jar on the
+CLASSPATH, and the JDK and ant bin directories on the PATH
+it is not necessary to set the environment as described in
+the samples directory README. If your environment is not
+properly configured, or if you are planning on using wsdl2java,
+javac, and java to build and run the demos, you must set the
+environment.
+
+
+Building and running the demo using Ant
+---------------------------------------
+
+From the base directory of this sample (i.e., where this README file is
+located), the Ant build.xml file can be used to build and run the demo.
+The server and client targets automatically build the demo.
+
+Using either UNIX or Windows:
+
+ ant server (from one command line window)
+ ant client (from a second command line window)
+
+
+To remove the code generated from the WSDL file and the .class
+files, run "ant clean".
+
+
+Building the demo using wsdl2java and javac
+-------------------------------------------
+
+From the base directory of this sample (i.e., where this README file is
+located), first create the target directory build/classes and then
+compile the provided client and server applications with the commands:
+
+For UNIX:
+ mkdir -p build/classes
+
+ export CLASSPATH=$CLASSPATH:$CXF_HOME/lib/cxf-manifest-incubator.jar:./build/classes
+ javac -d build/classes src/demo/jaxrs/client/*.java
+ javac -d build/classes src/demo/jaxrs/server/*.java
+
+For Windows:
+ mkdir build\classes
+ Must use back slashes.
+
+ set classpath=%classpath%;%CXF_HOME%\lib\cxf-manifest-incubator.jar;.\build\classes
+ javac -d build\classes src\demo\jaxrs\client\*.java
+ javac -d build\classes src\demo\jaxrs\server\*.java
+
+
+Finally, copy resource files into the build/classes directory with the commands:
+
+For UNIX:
+ cp ./src/demo/jaxrs/client/*.xml ./build/classes/demo/jaxrs/client
+ cp ./src/demo/jaxrs/server/*.xml ./build/classes/demo/jaxrs/server
+
+For Windows:
+ copy src\demo\jaxrs\client\*.xml build\classes\demo\jaxrs\client
+ copy src\demo\jaxrs\server\*.xml build\classes\demo\jaxrs\server
+
+
+Running the demo using java
+---------------------------
+
+From the samples/jax_rs/basic_https directory run the following commands. They
+are entered on a single command line.
+
+For UNIX (must use forward slashes):
+ java -Djava.util.logging.config.file=$CXF_HOME/etc/logging.properties
+ demo.jaxrs.server.Server &
+
+ java -Djava.util.logging.config.file=$CXF_HOME/etc/logging.properties
+ demo.jaxrs.client.Client
+
+The server process starts in the background. After running the client,
+use the kill command to terminate the server process.
+
+For Windows (may use either forward or back slashes):
+ start
+ java -Djava.util.logging.config.file=%CXF_HOME%\etc\logging.properties
+ demo.jaxrs.server.Server
+
+ java -Djava.util.logging.config.file=%CXF_HOME%\etc\logging.properties
+ demo.jaxrs.client.Client
+
+A new command windows opens for the server process. After running the
+client, terminate the server process by issuing Ctrl-C in its command window.
+
+To remove the code generated from the WSDL file and the .class
+files, either delete the build directory and its contents or run:
+
+ ant clean
+
+
+Certificates
+------------
+
+If the certificates are expired for some reason, a shell script in
+bin/gencerts.sh will generate the set of certificates needed for
+this sample. Just do the following:
+
+ cd certs
+ sh ../bin/gencerts.sh
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh Mon Jan 7 21:39:40 2008
@@ -0,0 +1,163 @@
+#!/bin/sh
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+#
+# This file uses openssl and keytool to generate 2 chains of 3 certificates
+# CN=Wibble CN=Cherry
+# CN=TheRA
+# CN=TheCA
+# and generates a CRL to revoke the "CN=TheRA" certificate.
+#
+# This file also serves as a specification on what needs to be done to
+# get the underlying CXF to work correctly.
+# For the most part, you need to use only JKS (Java Key Store) formatted
+# keystores and truststores.
+
+
+# Initialize the default openssl DataBase.
+# According to a default /usr/lib/ssl/openssl.cnf file it is ./demoCA
+# Depending on the Openssl version, comment out "crlnumber" in config file.
+# We echo 1345 to start the certificate serial number counter.
+
+ rm -rf demoCA
+ mkdir -p demoCA/newcerts
+ cp /dev/null demoCA/index.txt
+ echo "1345" > demoCA/serial
+
+# This file makes sure that the certificate for CN=TheRA can be a Certificate
+# Authority, i.e. can sign the user certificates, e.g. "CN=Wibble".
+
+cat <<EOF > exts
+[x509_extensions]
+basicConstraints=CA:TRUE
+EOF
+
+# Create the CA's keypair and self-signed certificate
+# -x509 means create self-sign cert
+# -keyout means generate keypair
+# -nodes means do not encrypt private key.
+# -set_serial sets the serial number of the certificate
+
+ openssl req -verbose -x509 -new -nodes -set_serial 1234 \
+ -subj "/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+ -days 365 -out cacert.pem -keyout caprivkey.pem
+
+# Create the RA's keypair and Certificate Request
+# without -x509, we generate an x509 cert request.
+# -keyout means generate keypair
+# -nodes means do not encrypt private key.
+
+ openssl req -verbose -new -nodes \
+ -subj "/CN=TheRA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+ -days 365 -out csrra.pem -keyout raprivkey.pem
+
+# Have the CN=TheCA issue a certificate for the CN=TheRA
+# We need -extfile exts -extenstions x509_extensions to make sure
+# CN=TheRA can be a Certificate Authority.
+
+ openssl ca -batch -days 364 -cert cacert.pem -keyfile caprivkey.pem \
+ -in csrra.pem -out ra-ca-cert.pem -extfile exts -extensions x509_extensions
+
+# Create keypairs and Cert Request for a certificate for CN=Wibble and CN=Cherry
+# This procedure must be done in JKS, because we need to use a JKS keystore.
+# The current version of CXF using PCKS12 will not work for a number of
+# internal CXF reasons.
+
+ rm -f wibble.jks
+
+ keytool -genkey \
+ -dname "CN=Wibble, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+ -keystore wibble.jks -storetype jks -storepass password -keypass password
+
+ keytool -certreq -keystore wibble.jks -storetype jks -storepass password \
+ -keypass password -file csrwibble.pem
+
+
+ rm -f cherry.jks
+
+ keytool -genkey \
+ -dname "CN=Cherry, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+ -keystore cherry.jks -storetype jks -storepass password -keypass password
+
+ keytool -certreq -keystore cherry.jks -storetype jks -storepass password \
+ -keypass password -file csrcherry.pem
+
+
+# Have the CN=TheRA issue a certificate for CN=Wibble and CN=Cherry via
+# their Certificate Requests.
+
+ openssl ca -batch -days 364 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+ -in csrwibble.pem -out wibble-ra-cert.pem
+
+ openssl ca -batch -days 364 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+ -in csrcherry.pem -out cherry-ra-cert.pem
+
+
+# Rewrite the certificates in PEM only format. This allows us to concatenate
+# them into chains.
+
+ openssl x509 -in cacert.pem -out cacert.pem -outform PEM
+ openssl x509 -in ra-ca-cert.pem -out ra-ca-cert.pem -outform PEM
+ openssl x509 -in wibble-ra-cert.pem -out wibble-ra-cert.pem -outform PEM
+ openssl x509 -in cherry-ra-cert.pem -out cherry-ra-cert.pem -outform PEM
+
+# Create a chain readable by CertificateFactory.getCertificates.
+
+ cat wibble-ra-cert.pem ra-ca-cert.pem cacert.pem > wibble.chain
+ cat cherry-ra-cert.pem ra-ca-cert.pem cacert.pem > cherry.chain
+
+# Replace the certificate in the Wibble keystore with their respective
+# full chains.
+
+ keytool -import -file wibble.chain -keystore wibble.jks -storetype jks \
+ -storepass password -keypass password -noprompt
+
+ keytool -import -file cherry.chain -keystore cherry.jks -storetype jks \
+ -storepass password -keypass password -noprompt
+
+# Revoke the CN=TheRA certificate (happens in the Openssl DB)
+
+ openssl ca -verbose -cert cacert.pem -keyfile caprivkey.pem \
+ -revoke ra-ca-cert.pem -crl_reason keyCompromise
+
+# Create the CRL from that revocation (from the Openssl DB)
+
+ openssl ca -verbose -gencrl -out ca.crl -cert cacert.pem \
+ -keyfile caprivkey.pem
+
+# Create the Truststore file containing the CA cert.
+
+ rm -f truststore.jks
+
+ keytool -import -file cacert.pem -alias TheCA -keystore truststore.jks \
+ -storepass password -noprompt
+
+# Uncomment to see what's in the Keystores and CRL
+
+ keytool -v -list -keystore wibble.jks -storepass password
+
+ keytool -v -list -keystore cherry.jks -storepass password
+
+ keytool -v -list -keystore truststore.jks -storepass password
+
+ openssl crl -in ca.crl -text -noout
+
+# Get rid of everything but wibble.chain and ra.crl
+#rm -rf *.pem exts demoCA *pk12
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml Mon Jan 7 21:39:40 2008
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project name="RESTful demo" default="build" basedir=".">
+ <property name="codegen.notrequired" value="true"/>
+
+ <import file="../../common_build.xml"/>
+
+ <target name="client" description="run demo client" depends="build">
+ <cxfrun classname="demo.jaxrs.client.Client"
+ param1="${basedir}/certs/wibble.jks"
+ param2="${basedir}/certs/truststore.jks"/>
+ </target>
+
+ <target name="server" description="run demo server" depends="build">
+ <cxfrun classname="demo.jaxrs.server.Server" jvmarg1="-Dcxf.config.file=CherryServer.cxf"/>
+ </target>
+
+</project>
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl Mon Jan 7 21:39:40 2008
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBRTCBrwIBATANBgkqhkiG9w0BAQQFADBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkG
+A1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNV
+BAgTAk5ZMQswCQYDVQQGEwJVUxcNMDcwNTI1MDYwODI2WhcNMDcwNjI0MDYwODI2
+WjAjMCECAhNFFw0wNzA1MjUwNjA4MjZaMAwwCgYDVR0VBAMKAQEwDQYJKoZIhvcN
+AQEEBQADgYEAK8OzQ7XrcDkQkq6xTO0Rts64amO+awWDVaQtix1Ux2QDsd5vri6f
+qSkS6hIH+H6Rqr2xPTXDtb9JHbIpsf6DrF94ad92xx1SvcSi4TpxdN1Tn+pVjQvw
+EYldg+ksHmHJc9LpBBPX1VFS9wnT4gTkLA8HYV1O2fCbbhKJ07vNYuc=
+-----END X509 CRL-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkWgAwIBAgICBNIwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTI0MDYwODI0WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQ
+Uk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQG
+EwJVUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAslkOm83+Ofgl4yJ3PAII
+aYEULJEOlElo9Rzr6e1iNdbGXncnRrfn3s3WqU4eWQpj417IpFvwXOjzsll2Gigk
+AAZgYrueUE/WmNDlcK0Ni7MRXpcGxyKJoeaXZyvfV5Wdmy9sCY7GoEGUBF7KOuUI
+nE3jT2wjME1Lko1ksBJNu80CAwEAAaOBtDCBsTAdBgNVHQ4EFgQUjiS4vGjDGQni
+HDhqYjlxtx+OcrIwgYEGA1UdIwR6MHiAFI4kuLxowxkJ4hw4amI5cbcfjnKyoVyk
+WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9O
+MQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQGEwJVU4ICBNIw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQA0SQ4zV3AptrjBbj+J88xo
+ek4ir+B7hBHKaF4AWc+ex8Fi7z1fWesLwuYvzE81tdnTHA9Vef/lxXIEj8ld690e
+mlq3NVYrFVj4jgrQlzxh7Yfy1e4CQz8n+XWGT/mGLrwGDIZegA4qkE4bhR62FHFP
+cD5xmVCYkfYW9E8wqVNRSA==
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCyWQ6bzf45+CXjInc8AghpgRQskQ6USWj1HOvp7WI11sZedydG
+t+fezdapTh5ZCmPjXsikW/Bc6POyWXYaKCQABmBiu55QT9aY0OVwrQ2LsxFelwbH
+Iomh5pdnK99XlZ2bL2wJjsagQZQEXso65QicTeNPbCMwTUuSjWSwEk27zQIDAQAB
+AoGAMerZOuSJ/mGlARC5fLM49YaqRdsH0JtHZCuHID9P2K/Xb8M73ABHRsYoCdUS
+i2tsD8yMrewJt4eABfAiLSoFAQErCSPHJIz761ErjUOCTGhMQ3ZKM5mdhqpR03+K
+1uMyqaTuY0wKzn2hGvNXtHk4yc1YbAlMZ/1L423c8shUikUCQQDWdV59sAK446IN
+2isifEJrkgmQe/l+QTKs6aYhRQXEg5S9JNAm6uXJobFqYdWy0W95wnEzLTAgNoV6
+z5wb8B9fAkEA1OUGaGHF0jqRwlH0QlJtp6y4ptWxt8AMwIDjHhTAhHlZSFbS/RA9
+CZJvsspJhZnDDViTgSaM8XoHT+aktoZwUwJAWqWPhAbCj82/sKU3uELXfEpk+oo8
+Ya5DMi0sSEG5d1+6ndwSk3CUIg7TQ8kIn6XAvbF/UYdXITaKYuef73smdwJALCqH
+Nchy3bZA3utZnRi0nwB6HkJe6BvziUwz0d3EQrdaCmPYyZ9AymeSvKiysADCMlaZ
+40U4IDCMq8rRiPxC+QJAZ6BgqEmkiOfiOzJSPP/JJ01xWS5OgPpASo+bVbFqjpv1
+K0e3qt+6l00MlKGnglMPwiO/YzbiQwLuM1vQEnuxnQ==
+-----END RSA PRIVATE KEY-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0cwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZD
+aGVycnkwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYB1NaU39qdzgkV/87eMtbky
+KBf6odRdpWmgMJr2jTx/66DMLBznejnRHDdxWxNQUXmmnd1rqP1QAimLrCFwzBO+
+boOVvVwfGDPujYtKUFaj9JX5R4bkNSPjTGGQBOYcAiTQtkgpNwvZexGxgaLK4Hpg
+ilkr3DPPrIMKdj3cr5eqfaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsvDKBSLg
+f53uWQGt+kVb0h03rpIwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAH7D
+0Lo9qYM+XEHlNdm/RMzyV/gw1fdgrqaPpq2HFp5Y6hKOL3FPG2XvoiwonMZLj7LH
+Klft7wc88OnUgx6y6Xs/6RcHUQJvSQMfhE/zJsvl4JSNx/IoZGVWi2UVK44a3Jml
+fw1c3Bcm6ip/mz1EbAiAe8Wv4q4giBGI3mAZPVf7
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain Mon Jan 7 21:39:40 2008
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0cwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZD
+aGVycnkwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYB1NaU39qdzgkV/87eMtbky
+KBf6odRdpWmgMJr2jTx/66DMLBznejnRHDdxWxNQUXmmnd1rqP1QAimLrCFwzBO+
+boOVvVwfGDPujYtKUFaj9JX5R4bkNSPjTGGQBOYcAiTQtkgpNwvZexGxgaLK4Hpg
+ilkr3DPPrIMKdj3cr5eqfaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsvDKBSLg
+f53uWQGt+kVb0h03rpIwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAH7D
+0Lo9qYM+XEHlNdm/RMzyV/gw1fdgrqaPpq2HFp5Y6hKOL3FPG2XvoiwonMZLj7LH
+Klft7wc88OnUgx6y6Xs/6RcHUQJvSQMfhE/zJsvl4JSNx/IoZGVWi2UVK44a3Jml
+fw1c3Bcm6ip/mz1EbAiAe8Wv4q4giBGI3mAZPVf7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkWgAwIBAgICBNIwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTI0MDYwODI0WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQ
+Uk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQG
+EwJVUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAslkOm83+Ofgl4yJ3PAII
+aYEULJEOlElo9Rzr6e1iNdbGXncnRrfn3s3WqU4eWQpj417IpFvwXOjzsll2Gigk
+AAZgYrueUE/WmNDlcK0Ni7MRXpcGxyKJoeaXZyvfV5Wdmy9sCY7GoEGUBF7KOuUI
+nE3jT2wjME1Lko1ksBJNu80CAwEAAaOBtDCBsTAdBgNVHQ4EFgQUjiS4vGjDGQni
+HDhqYjlxtx+OcrIwgYEGA1UdIwR6MHiAFI4kuLxowxkJ4hw4amI5cbcfjnKyoVyk
+WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9O
+MQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQGEwJVU4ICBNIw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQA0SQ4zV3AptrjBbj+J88xo
+ek4ir+B7hBHKaF4AWc+ex8Fi7z1fWesLwuYvzE81tdnTHA9Vef/lxXIEj8ld690e
+mlq3NVYrFVj4jgrQlzxh7Yfy1e4CQz8n+XWGT/mGLrwGDIZegA4qkE4bhR62FHFP
+cD5xmVCYkfYW9E8wqVNRSA==
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks?rev=609875&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,13 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICXTCCAhsCAQAwWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUx
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEAxMGQ2hlcnJ5MIIBtzCCASwGByqG
+SM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/
+xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
+wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg
+hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
+jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6A
+e1UlZAFMO/7PSSoDgYQAAoGAdTWlN/anc4JFf/O3jLW5MigX+qHUXaVpoDCa9o08f+ugzCwc53o5
+0Rw3cVsTUFF5pp3da6j9UAIpi6whcMwTvm6Dlb1cHxgz7o2LSlBWo/SV+UeG5DUj40xhkATmHAIk
+0LZIKTcL2XsRsYGiyuB6YIpZK9wzz6yDCnY93K+Xqn2gADALBgcqhkjOOAQDBQADLwAwLAIUaxs1
+1fWsupiR2qg3z0jMLpf9XhoCFAKNGxHh/ERLveRH+U80TAJHos+X
+-----END NEW CERTIFICATE REQUEST-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmDCCAQECAQAwWDEOMAwGA1UEAxMFVGhlUkExGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQswCQYDVQQIEwJOWTELMAkGA1UE
+BhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALImbgGYGKayj4sFL27M
+AHhB41Cwj9G3GCJ4uimwswWcDu+J7n8NI6QRPm/u8EhtHeQM7J+05fsWGE7R3Mqi
+zsx4tZHi1OaM0sKSMbzpbZBTEqk0us7CeJqXz0MVdv+iCY4I/Dg7Qn+Cp9bcnp0u
+NXRNg99XfItRnk3KTQ7QfUDVAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQBMS/Xs
+jTmj9QXbmArPK0fQK3irxirKuwk/Rv0tQMPb/jBMMGUTYq2ryqOQJ7xh4JaUM9aA
+vEFp+43TImDypPCoNO4Y4fFZPHuRPUp3KGEyYfknefmDym8FGZFL5EH52NTtG4k7
+4ZAV9XJQcYSsnLqk/dGB/gawco9hSB9BHoEYfw==
+-----END CERTIFICATE REQUEST-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,13 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICXjCCAhsCAQAwWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUx
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEAxMGV2liYmxlMIIBtzCCASwGByqG
+SM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/
+xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
+wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg
+hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
+jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6A
+e1UlZAFMO/7PSSoDgYQAAoGANKoFSVHn9yJkrCT8IVK1ri0YrFxCzvPBpbiCt9gX9l8EQiIh280S
+7x9WN0K65rcKru1mweXI9duNhp/+XKFJfF+rPuoyQzqCYsiWRX24ke5eajpy+ECxr3FuujQ/AtVB
+U1P3TIRCNF3IKteefh0OKC5fQfWikN84LtCFej6yWjmgADALBgcqhkjOOAQDBQADMAAwLQIVAIAo
+23R658Bz3LkVTBp7kIJfAB83AhQpSbl+w0s7BWhJ//GejVtZtg6xPA==
+-----END NEW CERTIFICATE REQUEST-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt Mon Jan 7 21:39:40 2008
@@ -0,0 +1,3 @@
+R 080523060824Z 070525060826Z,keyCompromise 1345 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
+V 080523060825Z 1346 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
+V 080523060825Z 1347 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old Mon Jan 7 21:39:40 2008
@@ -0,0 +1,3 @@
+V 080523060824Z 1345 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
+V 080523060825Z 1346 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
+V 080523060825Z 1347 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,50 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4933 (0x1345)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: CN=TheCA, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US
+ Validity
+ Not Before: May 25 06:08:24 2007 GMT
+ Not After : May 23 06:08:24 2008 GMT
+ Subject: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=TheRA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b2:26:6e:01:98:18:a6:b2:8f:8b:05:2f:6e:cc:
+ 00:78:41:e3:50:b0:8f:d1:b7:18:22:78:ba:29:b0:
+ b3:05:9c:0e:ef:89:ee:7f:0d:23:a4:11:3e:6f:ee:
+ f0:48:6d:1d:e4:0c:ec:9f:b4:e5:fb:16:18:4e:d1:
+ dc:ca:a2:ce:cc:78:b5:91:e2:d4:e6:8c:d2:c2:92:
+ 31:bc:e9:6d:90:53:12:a9:34:ba:ce:c2:78:9a:97:
+ cf:43:15:76:ff:a2:09:8e:08:fc:38:3b:42:7f:82:
+ a7:d6:dc:9e:9d:2e:35:74:4d:83:df:57:7c:8b:51:
+ 9e:4d:ca:4d:0e:d0:7d:40:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: md5WithRSAEncryption
+ 29:87:e0:b0:13:25:1b:0d:ea:74:aa:15:2f:9e:f4:16:f4:eb:
+ c1:66:bd:14:ca:6c:46:92:22:61:14:b3:c5:f2:68:a5:00:8b:
+ 26:6d:a7:d6:fb:0b:e3:6c:b9:a8:35:86:58:1f:9e:13:3f:de:
+ 85:3d:19:04:1c:cb:dc:4e:44:20:9b:4c:46:3c:c4:4a:d6:d6:
+ 66:01:1c:6c:95:d0:16:d0:47:56:13:ff:37:9f:45:c6:d5:06:
+ 71:66:90:a4:e8:4b:01:6c:44:3b:8c:8b:df:f6:87:8b:05:47:
+ ec:9b:3c:fe:4b:4e:41:a4:45:77:b2:f5:da:d8:09:08:dd:9e:
+ bf:c0
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,90 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4934 (0x1346)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=TheRA
+ Validity
+ Not Before: May 25 06:08:25 2007 GMT
+ Not After : May 23 06:08:25 2008 GMT
+ Subject: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=Wibble
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 34:aa:05:49:51:e7:f7:22:64:ac:24:fc:21:52:b5:
+ ae:2d:18:ac:5c:42:ce:f3:c1:a5:b8:82:b7:d8:17:
+ f6:5f:04:42:22:21:db:cd:12:ef:1f:56:37:42:ba:
+ e6:b7:0a:ae:ed:66:c1:e5:c8:f5:db:8d:86:9f:fe:
+ 5c:a1:49:7c:5f:ab:3e:ea:32:43:3a:82:62:c8:96:
+ 45:7d:b8:91:ee:5e:6a:3a:72:f8:40:b1:af:71:6e:
+ ba:34:3f:02:d5:41:53:53:f7:4c:84:42:34:5d:c8:
+ 2a:d7:9e:7e:1d:0e:28:2e:5f:41:f5:a2:90:df:38:
+ 2e:d0:85:7a:3e:b2:5a:39
+ P:
+ 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+ e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+ 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+ c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+ 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+ 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+ c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+ 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+ f2:22:03:19:9d:d1:48:01:c7
+ Q:
+ 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+ 84:0b:f0:58:1c:f5
+ G:
+ 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+ 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+ 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+ 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+ 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+ ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+ f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+ a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+ 25:64:01:4c:3b:fe:cf:49:2a
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 1F:CC:F5:95:B6:FD:E4:B0:1C:88:B9:46:DD:5E:D8:E5:8A:42:6F:83
+ X509v3 Authority Key Identifier:
+ DirName:/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US
+ serial:13:45
+
+ Signature Algorithm: md5WithRSAEncryption
+ 08:67:bb:df:d2:ac:4a:b2:0c:bf:06:e1:68:f5:94:29:a5:33:
+ 2b:01:d1:9f:04:75:26:82:44:9b:1b:3a:68:50:ab:c4:67:a0:
+ 93:fa:5b:e2:a4:98:97:50:0c:64:d6:ed:d5:9b:31:dc:b1:4b:
+ 07:c2:9c:eb:26:18:e3:29:2c:62:57:e8:ad:eb:3a:e9:d9:4c:
+ 4f:f0:d0:63:fe:f9:e4:9b:5d:a6:6b:09:cb:7a:80:2e:da:a9:
+ 3e:da:64:f6:70:4c:de:81:b8:de:94:6f:64:1b:4a:ee:b5:e5:
+ b9:2e:51:7b:96:2b:c1:e3:cf:20:d9:1d:69:66:11:5c:eb:54:
+ 3a:ab
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0YwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZX
+aWJibGUwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYA0qgVJUef3ImSsJPwhUrWu
+LRisXELO88GluIK32Bf2XwRCIiHbzRLvH1Y3Qrrmtwqu7WbB5cj1242Gn/5coUl8
+X6s+6jJDOoJiyJZFfbiR7l5qOnL4QLGvcW66ND8C1UFTU/dMhEI0Xcgq155+HQ4o
+Ll9B9aKQ3zgu0IV6PrJaOaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUH8z1lbb9
+5LAciLlG3V7Y5YpCb4MwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAAhn
+u9/SrEqyDL8G4Wj1lCmlMysB0Z8EdSaCRJsbOmhQq8RnoJP6W+KkmJdQDGTW7dWb
+MdyxSwfCnOsmGOMpLGJX6K3rOunZTE/w0GP++eSbXaZrCct6gC7aqT7aZPZwTN6B
+uN6Ub2QbSu615bkuUXuWK8HjzyDZHWlmEVzrVDqr
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,90 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4935 (0x1347)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=TheRA
+ Validity
+ Not Before: May 25 06:08:25 2007 GMT
+ Not After : May 23 06:08:25 2008 GMT
+ Subject: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=Cherry
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 75:35:a5:37:f6:a7:73:82:45:7f:f3:b7:8c:b5:b9:
+ 32:28:17:fa:a1:d4:5d:a5:69:a0:30:9a:f6:8d:3c:
+ 7f:eb:a0:cc:2c:1c:e7:7a:39:d1:1c:37:71:5b:13:
+ 50:51:79:a6:9d:dd:6b:a8:fd:50:02:29:8b:ac:21:
+ 70:cc:13:be:6e:83:95:bd:5c:1f:18:33:ee:8d:8b:
+ 4a:50:56:a3:f4:95:f9:47:86:e4:35:23:e3:4c:61:
+ 90:04:e6:1c:02:24:d0:b6:48:29:37:0b:d9:7b:11:
+ b1:81:a2:ca:e0:7a:60:8a:59:2b:dc:33:cf:ac:83:
+ 0a:76:3d:dc:af:97:aa:7d
+ P:
+ 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+ e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+ 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+ c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+ 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+ 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+ c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+ 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+ f2:22:03:19:9d:d1:48:01:c7
+ Q:
+ 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+ 84:0b:f0:58:1c:f5
+ G:
+ 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+ 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+ 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+ 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+ 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+ ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+ f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+ a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+ 25:64:01:4c:3b:fe:cf:49:2a
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ B2:F0:CA:05:22:E0:7F:9D:EE:59:01:AD:FA:45:5B:D2:1D:37:AE:92
+ X509v3 Authority Key Identifier:
+ DirName:/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US
+ serial:13:45
+
+ Signature Algorithm: md5WithRSAEncryption
+ 7e:c3:d0:ba:3d:a9:83:3e:5c:41:e5:35:d9:bf:44:cc:f2:57:
+ f8:30:d5:f7:60:ae:a6:8f:a6:ad:87:16:9e:58:ea:12:8e:2f:
+ 71:4f:1b:65:ef:a2:2c:28:9c:c6:4b:8f:b2:c7:2a:57:ed:ef:
+ 07:3c:f0:e9:d4:83:1e:b2:e9:7b:3f:e9:17:07:51:02:6f:49:
+ 03:1f:84:4f:f3:26:cb:e5:e0:94:8d:c7:f2:28:64:65:56:8b:
+ 65:15:2b:8e:1a:dc:99:a5:7f:0d:5c:dc:17:26:ea:2a:7f:9b:
+ 3d:44:6c:08:80:7b:c5:af:e2:ae:20:88:11:88:de:60:19:3d:
+ 57:fb
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0cwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZD
+aGVycnkwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYB1NaU39qdzgkV/87eMtbky
+KBf6odRdpWmgMJr2jTx/66DMLBznejnRHDdxWxNQUXmmnd1rqP1QAimLrCFwzBO+
+boOVvVwfGDPujYtKUFaj9JX5R4bkNSPjTGGQBOYcAiTQtkgpNwvZexGxgaLK4Hpg
+ilkr3DPPrIMKdj3cr5eqfaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsvDKBSLg
+f53uWQGt+kVb0h03rpIwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAH7D
+0Lo9qYM+XEHlNdm/RMzyV/gw1fdgrqaPpq2HFp5Y6hKOL3FPG2XvoiwonMZLj7LH
+Klft7wc88OnUgx6y6Xs/6RcHUQJvSQMfhE/zJsvl4JSNx/IoZGVWi2UVK44a3Jml
+fw1c3Bcm6ip/mz1EbAiAe8Wv4q4giBGI3mAZPVf7
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial Mon Jan 7 21:39:40 2008
@@ -0,0 +1 @@
+1348
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old Mon Jan 7 21:39:40 2008
@@ -0,0 +1 @@
+1347
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts Mon Jan 7 21:39:40 2008
@@ -0,0 +1,2 @@
+[x509_extensions]
+basicConstraints=CA:TRUE
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCyJm4BmBimso+LBS9uzAB4QeNQsI/RtxgieLopsLMFnA7vie5/
+DSOkET5v7vBIbR3kDOyftOX7FhhO0dzKos7MeLWR4tTmjNLCkjG86W2QUxKpNLrO
+wnial89DFXb/ogmOCPw4O0J/gqfW3J6dLjV0TYPfV3yLUZ5Nyk0O0H1A1QIDAQAB
+AoGBAIVNqjz5IWEC9dPxsld2wNc7fiuvoj4rghyxN6Pge2S0LJzjGhnprASlfpHl
+OdkIBTjSzvCGPRyPoOrBsDPUdWZciodsQq5j60pYwzeUBQOcZoIiiVZjKw2MMbAs
+/nhX5m1KN2tMJK+C7qdmXfXTbi9Kjakzk+CrLtdMaHsKaUiBAkEA5JDEeTEpuzXi
+vrYdLH6Np46+CAPz9RdsrR1C8Mfkne+uSlPa8AI/QvYhpVv2yGYVj+Dw8KmrJXtA
+jTWPPXOP9QJBAMeIhtG02K/hcn8RMKSRNqA1Gr37uMSszXhFAiuiVbd9FzfICerD
+fJ0QcIbOUazCciwWqtgUF49SFEY71wf8wWECQDvVOdmP6SC85nKOMezn5CUs1Mo8
+XqyWSTi4JEHr0gkWKUYD1ZhmvjDFReGHxX6IWrSjae9WOxtAvJE6qBiqG9ECQQCT
+gFKhrX3NruxUEKIT1aE7F2a4cN/qzA9sTB9JoEybQuap/r+OA4sYFLIKhXSNMIT0
+IKGU8G1mLnf8X3obVnahAkBQI/aJ0aybPl/EOcDvuBX41C+LX11iFF8SRrpHTi7z
+QWvT2kwWXf6l/OqEcZMZ75XBC5VjP+ekx0uhxs9iJ1jU
+-----END RSA PRIVATE KEY-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks?rev=609875&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem Mon Jan 7 21:39:40 2008
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0YwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZX
+aWJibGUwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYA0qgVJUef3ImSsJPwhUrWu
+LRisXELO88GluIK32Bf2XwRCIiHbzRLvH1Y3Qrrmtwqu7WbB5cj1242Gn/5coUl8
+X6s+6jJDOoJiyJZFfbiR7l5qOnL4QLGvcW66ND8C1UFTU/dMhEI0Xcgq155+HQ4o
+Ll9B9aKQ3zgu0IV6PrJaOaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUH8z1lbb9
+5LAciLlG3V7Y5YpCb4MwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAAhn
+u9/SrEqyDL8G4Wj1lCmlMysB0Z8EdSaCRJsbOmhQq8RnoJP6W+KkmJdQDGTW7dWb
+MdyxSwfCnOsmGOMpLGJX6K3rOunZTE/w0GP++eSbXaZrCct6gC7aqT7aZPZwTN6B
+uN6Ub2QbSu615bkuUXuWK8HjzyDZHWlmEVzrVDqr
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain Mon Jan 7 21:39:40 2008
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0YwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZX
+aWJibGUwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYA0qgVJUef3ImSsJPwhUrWu
+LRisXELO88GluIK32Bf2XwRCIiHbzRLvH1Y3Qrrmtwqu7WbB5cj1242Gn/5coUl8
+X6s+6jJDOoJiyJZFfbiR7l5qOnL4QLGvcW66ND8C1UFTU/dMhEI0Xcgq155+HQ4o
+Ll9B9aKQ3zgu0IV6PrJaOaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUH8z1lbb9
+5LAciLlG3V7Y5YpCb4MwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAAhn
+u9/SrEqyDL8G4Wj1lCmlMysB0Z8EdSaCRJsbOmhQq8RnoJP6W+KkmJdQDGTW7dWb
+MdyxSwfCnOsmGOMpLGJX6K3rOunZTE/w0GP++eSbXaZrCct6gC7aqT7aZPZwTN6B
+uN6Ub2QbSu615bkuUXuWK8HjzyDZHWlmEVzrVDqr
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkWgAwIBAgICBNIwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTI0MDYwODI0WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQ
+Uk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQG
+EwJVUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAslkOm83+Ofgl4yJ3PAII
+aYEULJEOlElo9Rzr6e1iNdbGXncnRrfn3s3WqU4eWQpj417IpFvwXOjzsll2Gigk
+AAZgYrueUE/WmNDlcK0Ni7MRXpcGxyKJoeaXZyvfV5Wdmy9sCY7GoEGUBF7KOuUI
+nE3jT2wjME1Lko1ksBJNu80CAwEAAaOBtDCBsTAdBgNVHQ4EFgQUjiS4vGjDGQni
+HDhqYjlxtx+OcrIwgYEGA1UdIwR6MHiAFI4kuLxowxkJ4hw4amI5cbcfjnKyoVyk
+WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9O
+MQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQGEwJVU4ICBNIw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQA0SQ4zV3AptrjBbj+J88xo
+ek4ir+B7hBHKaF4AWc+ex8Fi7z1fWesLwuYvzE81tdnTHA9Vef/lxXIEj8ld690e
+mlq3NVYrFVj4jgrQlzxh7Yfy1e4CQz8n+XWGT/mGLrwGDIZegA4qkE4bhR62FHFP
+cD5xmVCYkfYW9E8wqVNRSA==
+-----END CERTIFICATE-----
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks?rev=609875&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java Mon Jan 7 21:39:40 2008
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+/**
+ * <p>
+ * Signals fatal error in initialization of {@link AuthSSLProtocolSocketFactory}.
+ * </p>
+ *
+ * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this
+ * component. The component is provided as a reference material, which
+ * may be inappropriate for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLInitializationError extends Error {
+
+ /**
+ * Creates a new AuthSSLInitializationError.
+ */
+ public AuthSSLInitializationError() {
+ super();
+ }
+
+ /**
+ * Creates a new AuthSSLInitializationError with the specified message.
+ *
+ * @param message error message
+ */
+ public AuthSSLInitializationError(String message) {
+ super(message);
+ }
+}
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java Mon Jan 7 21:39:40 2008
@@ -0,0 +1,383 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * <p>
+ * AuthSSLProtocolSocketFactory can be used to validate the identity of the HTTPS
+ * server against a list of trusted certificates and to authenticate to the HTTPS
+ * server using a private key.
+ * </p>
+ *
+ * <p>
+ * AuthSSLProtocolSocketFactory will enable server authentication when supplied with
+ * a {@link KeyStore truststore} file containg one or several trusted certificates.
+ * The client secure socket will reject the connection during the SSL session handshake
+ * if the target HTTPS server attempts to authenticate itself with a non-trusted
+ * certificate.
+ * </p>
+ *
+ * <p>
+ * Use JDK keytool utility to import a trusted certificate and generate a truststore file:
+ * <pre>
+ * keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
+ * </pre>
+ * </p>
+ *
+ * <p>
+ * AuthSSLProtocolSocketFactory will enable client authentication when supplied with
+ * a {@link KeyStore keystore} file containg a private key/public certificate pair.
+ * The client secure socket will use the private key to authenticate itself to the target
+ * HTTPS server during the SSL session handshake if requested to do so by the server.
+ * The target HTTPS server will in its turn verify the certificate presented by the client
+ * in order to establish client's authenticity
+ * </p>
+ *
+ * <p>
+ * Use the following sequence of actions to generate a keystore file
+ * </p>
+ * <ul>
+ * <li>
+ * <p>
+ * Use JDK keytool utility to generate a new key
+ * <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore</pre>
+ * For simplicity use the same password for the key as that of the keystore
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Issue a certificate signing request (CSR)
+ * <pre>keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Send the certificate request to the trusted Certificate Authority for signature.
+ * One may choose to act as her own CA and sign the certificate request using a PKI
+ * tool, such as OpenSSL.
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Import the trusted CA root certificate
+ * <pre>keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Import the PKCS#7 file containg the complete certificate chain
+ * <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * <li>
+ * <p>
+ * Verify the content the resultant keystore file
+ * <pre>keytool -list -v -keystore my.keystore</pre>
+ * </p>
+ * </li>
+ * </ul>
+ * <p>
+ * Example of using custom protocol socket factory for a specific host:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ *
+ * HttpClient client = new HttpClient();
+ * client.getHostConfiguration().setHost("localhost", 443, authhttps);
+ * // use relative url only
+ * GetMethod httpget = new GetMethod("/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * <p>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ * <pre>
+ * Protocol authhttps = new Protocol("https",
+ * new AuthSSLProtocolSocketFactory(
+ * new URL("file:my.keystore"), "mypassword",
+ * new URL("file:my.truststore"), "mypassword"), 443);
+ * Protocol.registerProtocol("https", authhttps);
+ *
+ * HttpClient client = new HttpClient();
+ * GetMethod httpget = new GetMethod("https://localhost/");
+ * client.executeMethod(httpget);
+ * </pre>
+ * </p>
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ *
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+ /** Log object for this class. */
+ private static final Log LOG = LogFactory.getLog(AuthSSLProtocolSocketFactory.class);
+
+ private URL keystoreUrl = null;
+ private String keystorePassword = null;
+ private URL truststoreUrl = null;
+ private String truststorePassword = null;
+ private SSLContext sslcontext = null;
+
+ /**
+ * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file
+ * must be given. Otherwise SSL context initialization error will result.
+ *
+ * @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if HTTPS client
+ * authentication is not to be used.
+ * @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation
+ * assumes that the same password is used to protect the key and the keystore itself.
+ * @param truststoreUrl URL of the truststore file. May be <tt>null</tt> if HTTPS server
+ * authentication is not to be used.
+ * @param truststorePassword Password to unlock the truststore.
+ */
+ public AuthSSLProtocolSocketFactory(final URL keystoreUrl, final String keystorePassword,
+ final URL truststoreUrl, final String truststorePassword) {
+ super();
+ this.keystoreUrl = keystoreUrl;
+ this.keystorePassword = keystorePassword;
+ this.truststoreUrl = truststoreUrl;
+ this.truststorePassword = truststorePassword;
+ }
+
+ private static KeyStore createKeyStore(final URL url, final String password) throws KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, IOException {
+ if (url == null) {
+ throw new IllegalArgumentException("Keystore url may not be null");
+ }
+ LOG.debug("Initializing key store");
+ KeyStore keystore = KeyStore.getInstance("jks");
+ InputStream is = null;
+ try {
+ is = url.openStream();
+ keystore.load(is, password != null ? password.toCharArray() : null);
+ } finally {
+ if (is != null)
+ is.close();
+ }
+ return keystore;
+ }
+
+ private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
+ throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
+ if (keystore == null) {
+ throw new IllegalArgumentException("Keystore may not be null");
+ }
+ LOG.debug("Initializing key manager");
+ KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmfactory.init(keystore, password != null ? password.toCharArray() : null);
+ return kmfactory.getKeyManagers();
+ }
+
+ private static TrustManager[] createTrustManagers(final KeyStore keystore) throws KeyStoreException,
+ NoSuchAlgorithmException {
+ if (keystore == null) {
+ throw new IllegalArgumentException("Keystore may not be null");
+ }
+ LOG.debug("Initializing trust manager");
+ TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory
+ .getDefaultAlgorithm());
+ tmfactory.init(keystore);
+ TrustManager[] trustmanagers = tmfactory.getTrustManagers();
+ for (int i = 0; i < trustmanagers.length; i++) {
+ if (trustmanagers[i] instanceof X509TrustManager) {
+ trustmanagers[i] = new AuthSSLX509TrustManager((X509TrustManager)trustmanagers[i]);
+ }
+ }
+ return trustmanagers;
+ }
+
+ private SSLContext createSSLContext() {
+ try {
+ KeyManager[] keymanagers = null;
+ TrustManager[] trustmanagers = null;
+ if (this.keystoreUrl != null) {
+ KeyStore keystore = createKeyStore(this.keystoreUrl, this.keystorePassword);
+ if (LOG.isDebugEnabled()) {
+ Enumeration aliases = keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ String alias = (String)aliases.nextElement();
+ Certificate[] certs = keystore.getCertificateChain(alias);
+ if (certs != null) {
+ LOG.debug("Certificate chain '" + alias + "':");
+ for (int c = 0; c < certs.length; c++) {
+ if (certs[c] instanceof X509Certificate) {
+ X509Certificate cert = (X509Certificate)certs[c];
+ LOG.debug(" Certificate " + (c + 1) + ":");
+ LOG.debug(" Subject DN: " + cert.getSubjectDN());
+ LOG.debug(" Signature Algorithm: " + cert.getSigAlgName());
+ LOG.debug(" Valid from: " + cert.getNotBefore());
+ LOG.debug(" Valid until: " + cert.getNotAfter());
+ LOG.debug(" Issuer: " + cert.getIssuerDN());
+ }
+ }
+ }
+ }
+ }
+ keymanagers = createKeyManagers(keystore, this.keystorePassword);
+ }
+ if (this.truststoreUrl != null) {
+ KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword);
+ if (LOG.isDebugEnabled()) {
+ Enumeration aliases = keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ String alias = (String)aliases.nextElement();
+ LOG.debug("Trusted certificate '" + alias + "':");
+ Certificate trustedcert = keystore.getCertificate(alias);
+ if (trustedcert != null && trustedcert instanceof X509Certificate) {
+ X509Certificate cert = (X509Certificate)trustedcert;
+ LOG.debug(" Subject DN: " + cert.getSubjectDN());
+ LOG.debug(" Signature Algorithm: " + cert.getSigAlgName());
+ LOG.debug(" Valid from: " + cert.getNotBefore());
+ LOG.debug(" Valid until: " + cert.getNotAfter());
+ LOG.debug(" Issuer: " + cert.getIssuerDN());
+ }
+ }
+ }
+ trustmanagers = createTrustManagers(keystore);
+ }
+ SSLContext sslcontext = SSLContext.getInstance("SSL");
+ sslcontext.init(keymanagers, trustmanagers, null);
+ return sslcontext;
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("Unsupported algorithm exception: " + e.getMessage());
+ } catch (KeyStoreException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("Keystore exception: " + e.getMessage());
+ } catch (GeneralSecurityException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("Key management exception: " + e.getMessage());
+ } catch (IOException e) {
+ LOG.error(e.getMessage(), e);
+ throw new AuthSSLInitializationError("I/O error reading keystore/truststore file: "
+ + e.getMessage());
+ }
+ }
+
+ private SSLContext getSSLContext() {
+ if (this.sslcontext == null) {
+ this.sslcontext = createSSLContext();
+ }
+ return this.sslcontext;
+ }
+
+ /**
+ * Attempts to get a new socket connection to the given host within the given time limit.
+ * <p>
+ * To circumvent the limitations of older JREs that do not support connect timeout a
+ * controller thread is executed. The controller thread attempts to create a new socket
+ * within the given limit of time. If socket constructor does not return until the
+ * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
+ * </p>
+ *
+ * @param host the host name/IP
+ * @param port the port on the host
+ * @param clientHost the local host name/IP to bind the socket to
+ * @param clientPort the port on the local machine
+ * @param params {@link HttpConnectionParams Http connection parameters}
+ *
+ * @return Socket a new socket
+ *
+ * @throws IOException if an I/O error occurs while creating the socket
+ * @throws UnknownHostException if the IP address of the host cannot be
+ * determined
+ */
+ public Socket createSocket(final String host, final int port, final InetAddress localAddress,
+ final int localPort, final HttpConnectionParams params) throws IOException,
+ UnknownHostException, ConnectTimeoutException {
+ if (params == null) {
+ throw new IllegalArgumentException("Parameters may not be null");
+ }
+ int timeout = params.getConnectionTimeout();
+ SocketFactory socketfactory = getSSLContext().getSocketFactory();
+ if (timeout == 0) {
+ return socketfactory.createSocket(host, port, localAddress, localPort);
+ } else {
+ Socket socket = socketfactory.createSocket();
+ SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
+ SocketAddress remoteaddr = new InetSocketAddress(host, port);
+ socket.bind(localaddr);
+ socket.connect(remoteaddr, timeout);
+ return socket;
+ }
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+ */
+ public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
+ throws IOException, UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+ */
+ public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(host, port);
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+ */
+ public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException,
+ UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
+ }
+}