cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r581347 - in /incubator/cxf/trunk: common/schemas/src/main/resources/schemas/configuration/ rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/ systests/src/test/java/org/apache/cxf/systest/http/ systests/src/test/jav...
Date Tue, 02 Oct 2007 18:55:17 GMT
Author: dkulp
Date: Tue Oct  2 11:55:16 2007
New Revision: 581347

URL: http://svn.apache.org/viewvc?rev=581347&view=rev
Log:
[CXF-1085] TrustStores in PEM format -  Patch from Fred Dushin applied.  

Added:
    incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12
  (with props)
    incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12
  (with props)
    incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
    incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
  (with props)
Modified:
    incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
    incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
    incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh

Modified: incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
(original)
+++ incubator/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
Tue Oct  2 11:55:16 2007
@@ -25,10 +25,10 @@
            xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
            xmlns:tns="http://cxf.apache.org/configuration/security"
            xmlns:beans="http://www.springframework.org/schema/beans"
-  		   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  		   xsi:schemaLocation="
-  		       http://www.springframework.org/schema/beans
-  		       http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="
+               http://www.springframework.org/schema/beans
+               http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
            jaxb:version="2.0">
 
     <xs:import namespace="http://www.springframework.org/schema/beans"/>
@@ -116,6 +116,16 @@
     </xs:complexType>
     
     <xs:complexType name="KeyStoreType">
+      <xs:annotation>
+        <xs:documentation>
+        A KeyStoreType represents the information needed to load a collection
+        of key and certificate material from a desired location.
+        The "url", "file", and "resource" attributes are intended to be
+        mutually exclusive, though this assumption is not encoded in schema.
+        The precedence order observed by the runtime is 
+        1) "file", 2) "resource", and 3) "url".
+        </xs:documentation>
+      </xs:annotation>
         <xs:attribute name="type"     type="xs:string">
           <xs:annotation>
             <xs:documentation>
@@ -173,6 +183,49 @@
         </xs:attribute>
     </xs:complexType>
     
+    <xs:complexType name="CertStoreType">
+      <xs:annotation>
+        <xs:documentation>
+        A CertStoreType represents a catenated sequence of X.509 certificates, 
+        in PEM or DER format.
+        The "url", "file", and "resource" attributes are intended to be
+        mutually exclusive, though this assumption is not encoded in schema.
+        The precedence order observed by the runtime is 
+        1) "file", 2) "resource", and 3) "url".
+        </xs:documentation>
+      </xs:annotation>
+        <xs:attribute name="file"     type="xs:string">
+          <xs:annotation>
+            <xs:documentation>
+            This attribute specifies the File location of the certificate store.
+            This element should be a properly accessible file from the
+            working directory. Only one attribute of
+            "url", "file", or "resource" is allowed.
+            </xs:documentation>
+          </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="resource" type="xs:string">
+          <xs:annotation>
+            <xs:documentation>
+            This attribute specifies the Resource location of the certificate store.
+            This element should be a properly accessible on the classpath.
+            Only one attribute of
+            "url", "file", or "resource" is allowed.
+            </xs:documentation>
+          </xs:annotation>
+        </xs:attribute>
+        <xs:attribute name="url"      type="xs:string">
+          <xs:annotation>
+            <xs:documentation>
+            This attribute specifies the URL location of the certificate store.
+            This element should be a properly accessible URL, such as
+            "http://..." "file:///...", etc. Only one attribute of
+            "url", "file", or "resource" is allowed.
+            </xs:documentation>
+          </xs:annotation>
+        </xs:attribute>
+    </xs:complexType>
+    
     <xs:complexType name="KeyManagersType">
       <xs:annotation>
         <xs:documentation>
@@ -183,37 +236,37 @@
       
          <xs:sequence>
             <xs:element name="keyStore" type="tns:KeyStoreType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element specified the Keystore for these JSSE KeyManagers.
-	            </xs:documentation>
-	          </xs:annotation>
-	        </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element specified the Keystore for these JSSE KeyManagers.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:element>
          </xs:sequence>
             <xs:attribute name="keyPassword" type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the password that unlocks the keys
-	            within the keystore.
-	            </xs:documentation>
-	          </xs:annotation>
-	        </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the password that unlocks the keys
+                within the keystore.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
             <xs:attribute name="provider" type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the KeyManagers provider name.
-	            </xs:documentation>
-	          </xs:annotation>
-	        </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the KeyManagers provider name.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
             <xs:attribute name="factoryAlgorithm"  type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the algorithm the KeyManagers Factory
-	            will use in creating the KeyManagers from the KeyStore. Most
-	            common examples are "PKIX".
-	            </xs:documentation>
-	          </xs:annotation>
-	        </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the algorithm the KeyManagers Factory
+                will use in creating the KeyManagers from the KeyStore. Most
+                common examples are "PKIX".
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
     </xs:complexType>
     
     <xs:complexType name="TrustManagersType">
@@ -223,31 +276,40 @@
         a single Keystore used for trusted certificates.
         </xs:documentation>
       </xs:annotation>
-         <xs:sequence>
-            <xs:element name="keyStore" type="tns:KeyStoreType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the KeyStore used as a trust store.
-	            </xs:documentation>
-	          </xs:annotation>
-	        </xs:element>
-         </xs:sequence>
-            <xs:attribute name="provider" type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the KeyManagers provider name.
-	            </xs:documentation>
-	          </xs:annotation>
-	        </xs:attribute>
+      <xs:choice>
+          <xs:element name="keyStore" type="tns:KeyStoreType"
+              minOccurs="0">
+              <xs:annotation>
+                  <xs:documentation>
+                    This element contains the KeyStore used as a trust
+                    store.
+                  </xs:documentation>
+              </xs:annotation>
+          </xs:element>
+          <xs:element name="certStore" type="tns:CertStoreType" minOccurs="0">
+              <xs:annotation>
+                  <xs:documentation>
+                    This element contains the CertStore used as a trust store.
+                  </xs:documentation>
+              </xs:annotation>
+          </xs:element>
+        </xs:choice>
+      <xs:attribute name="provider" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the KeyManagers provider name.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
             <xs:attribute name="factoryAlgorithm"  type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the algorithm the KeyManagers Factory
-	            will use in creating the KeyManagers from the KeyStore. Most
-	            common examples are "PKIX".
-	            </xs:documentation>
-	          </xs:annotation>
-	        </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the algorithm the KeyManagers Factory
+                will use in creating the KeyManagers from the KeyStore. Most
+                common examples are "PKIX".
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
     </xs:complexType>
     
     <xs:complexType name="CipherSuites">
@@ -281,122 +343,122 @@
     <xs:complexType name="TLSClientParametersType">
         <xs:all>
            <xs:element name="keyManagers" type="tns:KeyManagersType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the KeyManagers specification.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the KeyManagers specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="trustManagers" type="tns:TrustManagersType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the TrustManagers specification.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the TrustManagers specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="cipherSuites" type="tns:CipherSuites" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the the CipherSuites that will be supported.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the the CipherSuites that will be supported.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="cipherSuitesFilter" type="tns:FiltersType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the filters of the supported CipherSuites
-	            that will be supported and used if available.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the filters of the supported CipherSuites
+                that will be supported and used if available.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="secureRandomParameters" 
                        type="tns:SecureRandomParameters" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains SecureRandom specification.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains SecureRandom specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
         </xs:all>
            <xs:attribute name="jsseProvider"          type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the JSSE provider name.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the JSSE provider name.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:attribute>
            <xs:attribute name="secureSocketProtocol"  type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the Protocol Name. Most common
-	            example is "SSL", "TLS" or "TLSv1".
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the Protocol Name. Most common
+                example is "SSL", "TLS" or "TLSv1".
+                </xs:documentation>
+              </xs:annotation>
+           </xs:attribute>
     </xs:complexType>
     
     <xs:complexType name="TLSServerParametersType">
         <xs:all>
            <xs:element name="keyManagers" type="tns:KeyManagersType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the KeyManagers specification.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the KeyManagers specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="trustManagers" type="tns:TrustManagersType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the TrustManagers specification.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the TrustManagers specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="cipherSuites" type="tns:CipherSuites" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the the CipherSuites that will be supported.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the the CipherSuites that will be supported.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="cipherSuitesFilter" type="tns:FiltersType" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains the filters of the supported CipherSuites
-	            that will be supported and used if available.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the filters of the supported CipherSuites
+                that will be supported and used if available.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="secureRandomParameters" 
                        type="tns:SecureRandomParameters" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains SecureRandom specification.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains SecureRandom specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
            <xs:element name="clientAuthentication" 
                        type="tns:ClientAuthentication" minOccurs="0">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This element contains Client Authentication specification.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:element>
+              <xs:annotation>
+                <xs:documentation>
+                This element contains Client Authentication specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
         </xs:all>
            <xs:attribute name="jsseProvider"          type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the JSSE provider name.
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the JSSE provider name.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:attribute>
            <xs:attribute name="secureSocketProtocol"  type="xs:string">
-	          <xs:annotation>
-	            <xs:documentation>
-	            This attribute contains the Protocol Name. Most common
-	            example is "SSL", "TLS" or "TLSv1".
-	            </xs:documentation>
-	          </xs:annotation>
-	       </xs:attribute>
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the Protocol Name. Most common
+                example is "SSL", "TLS" or "TLSv1".
+                </xs:documentation>
+              </xs:annotation>
+           </xs:attribute>
     </xs:complexType>
 </xs:schema>

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
(original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
Tue Oct  2 11:55:16 2007
@@ -23,13 +23,21 @@
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
+import org.apache.cxf.configuration.security.CertStoreType;
 import org.apache.cxf.configuration.security.KeyManagersType;
 import org.apache.cxf.configuration.security.KeyStoreType;
 import org.apache.cxf.configuration.security.SecureRandomParameters;
@@ -108,6 +116,65 @@
         }
         return keyStore;
     }
+    
+    /**
+     * This method converts a JAXB generated CertStoreType into a KeyStore.
+     */
+    public static KeyStore getKeyStore(final CertStoreType pst)
+        throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException
{
+        
+        if (pst == null) {
+            return null;
+        }
+
+        if (pst.isSetFile()) {
+            return createTrustStore(new FileInputStream(pst.getFile()));
+        }
+        if (pst.isSetResource()) {
+            return createTrustStore(
+                pst.getClass().getClassLoader().getResourceAsStream(
+                    pst.getResource()
+                )
+            );
+        }
+        if (pst.isSetUrl()) {
+            return createTrustStore(new URL(pst.getUrl()).openStream());
+        }
+        // TODO error?
+        return null;
+    }
+    
+    /**
+     * Create a KeyStore containing the trusted CA certificates contained
+     * in the supplied input stream.
+     */
+    private static KeyStore createTrustStore(final java.io.InputStream is)
+        throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException
{
+        
+        final Collection<? extends Certificate> certs = loadCertificates(is);
+        final KeyStore keyStore = 
+            KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+        for (Certificate cert : certs) {
+            final X509Certificate xcert = (X509Certificate) cert;
+            keyStore.setCertificateEntry(
+                xcert.getSubjectX500Principal().getName(), 
+                cert
+            );
+        }
+        return keyStore;
+    }
+    
+    /**
+     * load the certificates as X.509 certificates
+     */
+    private static Collection<? extends Certificate> 
+    loadCertificates(final java.io.InputStream is)
+        throws IOException, CertificateException {
+        
+        final CertificateFactory factory = CertificateFactory.getInstance("X.509");
+        return factory.generateCertificates(is);
+    }
 
     /**
      * This method converts the JAXB KeyManagersType into a list of 
@@ -145,23 +212,27 @@
      * This method converts the JAXB KeyManagersType into a list of 
      * JSSE TrustManagers.
      */
-    public static TrustManager[] getTrustManagers(TrustManagersType kmc) 
+    public static TrustManager[] getTrustManagers(TrustManagersType tmc) 
         throws GeneralSecurityException,
                IOException {
         
-        KeyStore keyStore = getKeyStore(kmc.getKeyStore());
-        
+        final KeyStore keyStore = 
+            tmc.isSetKeyStore()
+                ? getKeyStore(tmc.getKeyStore())
+                : (tmc.isSetCertStore()
+                    ? getKeyStore(tmc.getCertStore())
+                    : (KeyStore) null);
         if (keyStore == null) {
             return null;
         }
         
-        String alg = kmc.isSetFactoryAlgorithm()
-                     ? kmc.getFactoryAlgorithm()
+        String alg = tmc.isSetFactoryAlgorithm()
+                     ? tmc.getFactoryAlgorithm()
                      : KeyManagerFactory.getDefaultAlgorithm();
         
         TrustManagerFactory fac = 
-                     kmc.isSetProvider()
-                     ? TrustManagerFactory.getInstance(alg, kmc.getProvider())
+                     tmc.isSetProvider()
+                     ? TrustManagerFactory.getInstance(alg, tmc.getProvider())
                      : TrustManagerFactory.getInstance(alg);
                      
         fac.init(keyStore);

Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
(original)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Tue Oct  2 11:55:16 2007
@@ -106,4 +106,10 @@
         testSuccessfulCall("resources/jaxws-publish.xml",
                            "https://localhost:9001/SoapContext/HttpsPort");
     }
+    
+    @Test
+    public final void testPKCS12Endpoint() throws Exception {
+        testSuccessfulCall("resources/pkcs12.xml",
+                           "https://localhost:9003/SoapContext/HttpsPort");
+    }
 }

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12?rev=581347&view=auto
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12?rev=581347&view=auto
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem?rev=581347&view=auto
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
(added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem
Tue Oct  2 11:55:16 2007
@@ -0,0 +1,60 @@
+-----BEGIN CERTIFICATE-----
+MIICIDCCAYkCBEYRaYcwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZCZXRoYWwxDzANBgNVBAMTBkJl
+dGhhbDAeFw0wNzA0MDIyMDM3MjdaFw0zNDA4MTgyMDM3MjdaMFcxCzAJBgNVBAYTAlVTMREwDwYD
+VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGQmV0aGFsMQ8wDQYD
+VQQDEwZCZXRoYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJHOyFu8tTt4g9tBv0bY8c4K
+uidfMlHbFQAukIFXLkR4xu5IxG5OI53ZE0F6rqcPFve1sdEV9h+MxmzqQbo180Wyv1rUEq2AScK3
+6bo0ALuZsreQQmNVGBOjxBpTtrRErRfNJe1mvzNMz9VlGdSNWW17CrBz9kmz6G1EWg8aGfZHAgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAbw+VwP1tnBm3cFLFgONnGCozN8XqV2M0OklJ5lBDJL7BV2Ng
+BtTZ8as9jTGYdjetKQXX75wWL7OS7vnkm/9tbr/vNBljT0OP0Yr2X7TAbDdhFfsk/D5mBpXdzXz2
+wqxVZjj6sm5zvwC32e4AxGG0edmY1DN9VMZzA/FrzBP0qoE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICHDCCAYUCBEYRaYkwDQYJKoZIhvcNAQEEBQAwVTELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ4wDAYDVQQLEwVHb3JkeTEOMAwGA1UEAxMFR29y
+ZHkwHhcNMDcwNDAyMjAzNzI5WhcNMzQwODE4MjAzNzI5WjBVMQswCQYDVQQGEwJVUzERMA8GA1UE
+BxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDjAMBgNVBAsTBUdvcmR5MQ4wDAYDVQQD
+EwVHb3JkeTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqIbNth+G4Q5tkZvoUZdQsY9RnjAA
+mgKVBUaOVvv//qOniOTskLqBFyKGoMpbCfNAU7/zVKP5fLTLccLdJyCagKGrs1ZmKaNiTRcOnfkE
+3dHnEIp83+hNmASGsrZcyLihtro1N3pMTuXbXzu7x3F2U7fxYFg66iviTEGF6T7dY3MCAwEAATAN
+BgkqhkiG9w0BAQQFAAOBgQBPjsYFdqz0JF9shNpvke/H1eHqhyXJgPdHdCu/ewRO2wV6I9WBrGNU
+cmmKZmAUsv99Y0Tpz59uEXFcM3cBZU4/obw3DlwwWmaVMoIwQ2Nd2FChC6uyKIJ0Bvpx+aDxjm48
+b8c58EHCcU2FRo/nVWctJL9xJ7oBrke5GZrBlUF+rA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNDCCAZ0CBEYRaY4wDQYJKoZIhvcNAQEEBQAwYTELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZNb3JwaXQxGTAXBgNVBAMTEHdo
+YXRldmVyaG9zdC5jb20wHhcNMDcwNDAyMjAzNzM0WhcNMzQwODE4MjAzNzM0WjBhMQswCQYDVQQG
+EwJVUzERMA8GA1UEBxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDzANBgNVBAsTBk1v
+cnBpdDEZMBcGA1UEAxMQd2hhdGV2ZXJob3N0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAk4FbJxfjllrApiECK5oRbgmTC1exx59HWck20R2AYU6kIkdZa78Ca+oc/zaPCtsVL/QZbjHE
+7lnvVK55tnpGW9qzLxsAHZmYyA/4Wdmcbz/Niwsfm062z94+AKMCGum/1Ug1QZUiRKweZTRBHhmT
+VsxSDEGTTi6UVim6nv47ZlcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAjWR/W+YO0I5sBlb+zNTbJ
+TPs4CqM4UHQS+prOx59R134FbocgkGncm00FBrO857KJHdSCRjOUUpc3S+MP13FGqSQm2Q0lNjUV
+IygvdZ+BATfgsJ92NbnuIhIVAA+i8AVZK//qPRCMz1Rdm1G994qCw3A4lQMi5eqKYYwqkRJeXw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICIDCCAYkCBEYRaYwwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZQb2x0aW0xDzANBgNVBAMTBlBv
+bHRpbTAeFw0wNzA0MDIyMDM3MzJaFw0zNDA4MTgyMDM3MzJaMFcxCzAJBgNVBAYTAlVTMREwDwYD
+VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGUG9sdGltMQ8wDQYD
+VQQDEwZQb2x0aW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/bdivrpaR4Njvo7WB4ipEh
+422V2bAyapFvgOq/tHusGR/e3wH0v9g+9xwnNyqFjhueceuWahXAvNHvknuUaelW0346Aay0fBAu
+EsyowWBTVi/pU+iZleN9FD8uBalY1s6e+xqu+yckhHuBP77TcTar1hBjCIfy2Eo2YevDL6qlAgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAuT7QoNfGG7GjfQuU/oYj5vHPH7nPhLtkQBVTEi0WyzgJUXie
+rNG/u4VEZtNtK4+4J5tQyb4YtP2GPUUpWrhusKUaW4eMU79rzpUbZnGUBzTbth8kBoN9xHzXiSop
+ohPdOnGo5ZjThZnLEn/o9doUEX64o4eauu15SPoDLzSfLJ0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICIDCCAYkCBEYRaYswDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5
+cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZUYXJwaW4xDzANBgNVBAMTBlRh
+cnBpbjAeFw0wNzA0MDIyMDM3MzFaFw0zNDA4MTgyMDM3MzFaMFcxCzAJBgNVBAYTAlVTMREwDwYD
+VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGVGFycGluMQ8wDQYD
+VQQDEwZUYXJwaW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKGG8UtWnHyWKFVDJSuSlhT/
+vKxrPjfNBtvdaiQx5gNAlc8QVL5lPOXcJljTF3dEb0QQ1ajai3kC71NE2ABOrxk7Jvk3bEma5Yfy
+U3m/OBthL9H8kE3O3+bh4K2LTsRwIa2Zd1wYbj44vUxsiHhzxer3q3FDfLxsqtahsxz7WjG1AgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAE6EWRbYxGOlwmtpv0XE4FwbXYdSDArc+ArhOJWKTzoE3U9l8
+kg1wJL49VXEmVIxpipXKs7d9lpIVLPFsbBVJRZwH8sgHE39nTjfeyHNmwZcd63Lrn+2RydkAo5P9
+FYi8HFGEM5dON4PSo3Et6ycHy1IrS8htrNu+FoW84FRTKDA=
+-----END CERTIFICATE-----

Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh?rev=581347&r1=581346&r2=581347&view=diff
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
(original)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
Tue Oct  2 11:55:16 2007
@@ -25,6 +25,7 @@
 # Start with a clean slate. Remove all keystores.
 #
 rm -f *.jks
+rm -f Truststore.pem
 
 #
 # This function generates a key/self-signed certificate with the following DN.
@@ -47,5 +48,6 @@
 for name in Bethal Gordy Tarpin Poltim Morpit
 do
    genkey $name $name
+   keytool -export -keystore Truststore.jks -storepass password -alias $i -rfc >> Truststore.pem
 done
 

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml?rev=581347&view=auto
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
(added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
Tue Oct  2 11:55:16 2007
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+       xmlns:jaxws="http://cxf.apache.org/jaxws"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                 http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws                                 http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/transports/http/configuration         http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration   http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                http://cxf.apache.org/schemas/configuration/security.xsd
+        ">
+
+    <!-- -->
+    <!-- This Spring config file is designed to represent a minimal -->
+    <!-- configuration for spring-loading a CXF servant, where the -->
+    <!-- servant listens using HTTP/S as the transport protocol. -->
+    <!-- -->
+    <!-- Note that the service endpoint is spring-loaded.  In the -->
+    <!-- scenario in which this config is designed to run, the -->
+    <!-- server application merely instantiates a Bus, and does not -->
+    <!-- publish any services programmatically -->
+    <!-- -->
+    <!-- This test ensures we can use PKCS12 keystores and PEM truststores -->
+    <!-- -->
+
+    <!-- -->
+    <!-- Spring-load an HTTPS servant -->
+    <!-- -->
+    <jaxws:server 
+        id="JaxwsHttpsEndpoint"        
+        address="https://localhost:9003/SoapContext/HttpsPort"
+        serviceName="s:SOAPService"
+        endpointName="e:HttpsPort"
+        xmlns:e="http://apache.org/hello_world/services"
+        xmlns:s="http://apache.org/hello_world/services"
+        depends-on="port-9003-tls-config">
+        <jaxws:serviceBean>
+           <bean class="org.apache.cxf.systest.http.GreeterImpl"/>
+        </jaxws:serviceBean>
+    </jaxws:server>    
+
+    <!-- -->
+    <!-- TLS Port configuration parameters for port 9002 -->
+    <!-- -->
+    <httpj:engine-factory id="port-9003-tls-config">
+        <httpj:engine port="9003">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="pkcs12" password="password" 
+                        file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.p12"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:certStore
+                        file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem"/>
+                </sec:trustManagers>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+
+    <!-- -->
+    <!-- HTTP/S configuration for clients -->
+    <!-- -->
+    <http:conduit name="{http://apache.org/hello_world/services}HttpsPort.http-conduit">
+        <http:tlsClientParameters>
+            <sec:keyManagers keyPassword="password">
+               <sec:keyStore type="pkcs12" password="password" 
+                    file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.p12"/>
+               </sec:keyManagers>
+            <sec:trustManagers>
+               <sec:certStore
+                   file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.pem"/>
+            </sec:trustManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+
+</beans>

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/pkcs12.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message