cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@apache.org
Subject svn commit: r609875 [1/2] - in /incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https: ./ bin/ certs/ certs/demoCA/ certs/demoCA/newcerts/ src/ src/demo/ src/demo/jaxrs/ src/demo/jaxrs/client/ src/demo/jaxrs/server/
Date Tue, 08 Jan 2008 05:39:44 GMT
Author: jliu
Date: Mon Jan  7 21:39:40 2008
New Revision: 609875

URL: http://svn.apache.org/viewvc?rev=609875&view=rev
Log:
Added a secure jax-rs demo to show how to use https

Added:
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLX509TrustManager.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/Client.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/add_customer.txt   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/update_customer.txt   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Customer.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/CustomerService.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Order.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Product.java   (with props)
    incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/server/Server.java   (with props)

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/CherryServer.cxf Mon Jan  7 21:39:40 2008
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Cherry Server.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/configuration/security  		      http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://cxf.apache.org/transports/http-jetty/configuration
+            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+  <httpj:engine-factory bus="cxf">
+   <httpj:engine port="9000">
+    <httpj:tlsServerParameters>
+      <sec:keyManagers keyPassword="password">
+           <sec:keyStore type="JKS" password="password" 
+                file="certs/cherry.jks"/>
+      </sec:keyManagers>
+      <sec:trustManagers>
+          <sec:keyStore type="JKS" password="password"
+               file="certs/truststore.jks"/>
+      </sec:trustManagers>
+      <sec:cipherSuitesFilter>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:cipherSuitesFilter>
+      <sec:clientAuthentication want="true" required="true"/>
+    </httpj:tlsServerParameters>
+   </httpj:engine>
+  </httpj:engine-factory>
+  
+</beans>

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt Mon Jan  7 21:39:40 2008
@@ -0,0 +1,141 @@
+JAX-RS Basic Demo With HTTPS communications
+===========================================
+
+This demo takes the JAX-RS basic demo a step further 
+by doing the communication using HTTPS.
+
+The JAX-RS server is configured with a HTTPS listener. The listener 
+requires client authentication so the client must provide suitable 
+credentials. The listener configuration is taken from the 
+"CherryServer.cxf" file located under demo directory.  
+
+The client is configured to provide its certificate "CN=Wibble" and
+chain stored in the Java KeyStore "certs/wibble.jks" to the server. The
+server authenticates the client's certificate using its trust store
+"certs/truststore.jks", which holds the Certificate Authorities'
+certificates.
+
+Likewise the client authenticates the server's certificate "CN=Cherry"
+and chain against the same trust store.  Note also the usage of the
+cipherSuitesFilter configuration in the configuration files,
+where each party imposes different ciphersuites contraints, so that the
+ciphersuite eventually negotiated during the TLS handshake is acceptable
+to both sides. This may be viewed by adding a -Djavax.net.debug=all 
+argument to the JVM.
+
+But please note that it is not adviseable to store sensitive data such
+as passwords stored in a clear text configuration file, unless the
+file is sufficiently protected by OS level permissions. The KeyStores
+may be configured programatically so using user interaction may be
+employed to keep passwords from being stored in configuration files.
+The approach taken here is for demonstration reasons only. 
+
+Please review the README in the samples directory before
+continuing.
+
+
+Prerequisites
+-------------
+
+If your environment already includes cxf-manifest-incubator.jar on the
+CLASSPATH, and the JDK and ant bin directories on the PATH
+it is not necessary to set the environment as described in
+the samples directory README.  If your environment is not
+properly configured, or if you are planning on using wsdl2java,
+javac, and java to build and run the demos, you must set the
+environment.
+
+
+Building and running the demo using Ant
+---------------------------------------
+
+From the base directory of this sample (i.e., where this README file is
+located), the Ant build.xml file can be used to build and run the demo. 
+The server and client targets automatically build the demo.
+
+Using either UNIX or Windows:
+
+  ant server  (from one command line window)
+  ant client  (from a second command line window)
+    
+
+To remove the code generated from the WSDL file and the .class
+files, run "ant clean".
+
+
+Building the demo using wsdl2java and javac
+-------------------------------------------
+
+From the base directory of this sample (i.e., where this README file is
+located), first create the target directory build/classes and then 
+compile the provided client and server applications with the commands:
+
+For UNIX:  
+  mkdir -p build/classes
+  
+  export CLASSPATH=$CLASSPATH:$CXF_HOME/lib/cxf-manifest-incubator.jar:./build/classes
+  javac -d build/classes src/demo/jaxrs/client/*.java
+  javac -d build/classes src/demo/jaxrs/server/*.java
+
+For Windows:
+  mkdir build\classes
+    Must use back slashes.
+
+  set classpath=%classpath%;%CXF_HOME%\lib\cxf-manifest-incubator.jar;.\build\classes
+  javac -d build\classes src\demo\jaxrs\client\*.java
+  javac -d build\classes src\demo\jaxrs\server\*.java
+
+
+Finally, copy resource files into the build/classes directory with the commands:
+
+For UNIX:    
+  cp ./src/demo/jaxrs/client/*.xml ./build/classes/demo/jaxrs/client
+  cp ./src/demo/jaxrs/server/*.xml ./build/classes/demo/jaxrs/server
+
+For Windows:
+  copy src\demo\jaxrs\client\*.xml build\classes\demo\jaxrs\client
+  copy src\demo\jaxrs\server\*.xml build\classes\demo\jaxrs\server
+
+
+Running the demo using java
+---------------------------
+
+From the samples/jax_rs/basic_https directory run the following commands. They 
+are entered on a single command line.
+
+For UNIX (must use forward slashes):
+    java -Djava.util.logging.config.file=$CXF_HOME/etc/logging.properties
+         demo.jaxrs.server.Server &
+
+    java -Djava.util.logging.config.file=$CXF_HOME/etc/logging.properties
+         demo.jaxrs.client.Client
+
+The server process starts in the background.  After running the client,
+use the kill command to terminate the server process.
+
+For Windows (may use either forward or back slashes):
+  start 
+    java -Djava.util.logging.config.file=%CXF_HOME%\etc\logging.properties
+       demo.jaxrs.server.Server
+
+    java -Djava.util.logging.config.file=%CXF_HOME%\etc\logging.properties
+       demo.jaxrs.client.Client
+
+A new command windows opens for the server process.  After running the
+client, terminate the server process by issuing Ctrl-C in its command window.
+
+To remove the code generated from the WSDL file and the .class
+files, either delete the build directory and its contents or run:
+
+  ant clean
+
+
+Certificates
+------------
+
+If the certificates are expired for some reason, a shell script in 
+bin/gencerts.sh will generate the set of certificates needed for
+this sample. Just do the following:
+
+        cd certs
+        sh ../bin/gencerts.sh

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/README.txt
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh Mon Jan  7 21:39:40 2008
@@ -0,0 +1,163 @@
+#!/bin/sh
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+#
+# This file uses openssl and keytool to generate 2 chains of 3 certificates 
+# CN=Wibble             CN=Cherry
+#             CN=TheRA
+#             CN=TheCA
+# and generates a CRL to revoke the "CN=TheRA" certificate.
+#
+# This file also serves as a specification on what needs to be done to
+# get the underlying CXF to work correctly.
+# For the most part, you need to use only JKS (Java Key Store) formatted
+# keystores and truststores.
+
+
+# Initialize the default openssl DataBase.
+# According to a default /usr/lib/ssl/openssl.cnf file it is ./demoCA
+# Depending on the Openssl version, comment out "crlnumber" in config file.
+# We echo 1345 to start the certificate serial number counter.
+
+    rm -rf demoCA
+    mkdir -p demoCA/newcerts
+    cp /dev/null demoCA/index.txt
+    echo "1345" > demoCA/serial
+
+# This file makes sure that the certificate for CN=TheRA can be a Certificate
+# Authority, i.e. can sign the user certificates, e.g. "CN=Wibble".
+
+cat <<EOF > exts
+[x509_extensions]
+basicConstraints=CA:TRUE
+EOF
+
+# Create the CA's keypair and self-signed certificate
+#   -x509 means create self-sign cert
+#   -keyout means generate keypair
+#   -nodes means do not encrypt private key.
+#   -set_serial sets the serial number of the certificate
+
+    openssl req -verbose -x509 -new -nodes -set_serial 1234 \
+    -subj "/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+    -days 365 -out cacert.pem -keyout caprivkey.pem 
+
+# Create the RA's keypair and Certificate Request
+#    without -x509, we generate an x509 cert request.
+#   -keyout means generate keypair
+#   -nodes means do not encrypt private key.
+
+    openssl req -verbose -new -nodes \
+    -subj "/CN=TheRA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+    -days 365 -out csrra.pem -keyout raprivkey.pem 
+
+# Have the CN=TheCA issue a certificate for the CN=TheRA
+# We need -extfile exts -extenstions x509_extensions to make sure 
+# CN=TheRA can be a Certificate Authority.
+
+    openssl ca -batch -days 364 -cert cacert.pem -keyfile caprivkey.pem \
+    -in csrra.pem -out ra-ca-cert.pem -extfile exts -extensions x509_extensions
+
+# Create keypairs and Cert Request for a certificate for CN=Wibble and CN=Cherry
+# This procedure must be done in JKS, because we need to use a JKS keystore.
+# The current version of CXF using PCKS12 will not work for a number of 
+# internal CXF reasons.
+
+    rm -f wibble.jks
+
+    keytool -genkey \
+    -dname "CN=Wibble, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+    -keystore wibble.jks -storetype jks -storepass password -keypass password
+
+    keytool -certreq -keystore wibble.jks -storetype jks -storepass password \
+    -keypass password -file csrwibble.pem
+
+
+    rm -f cherry.jks
+
+    keytool -genkey \
+    -dname "CN=Cherry, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+    -keystore cherry.jks -storetype jks -storepass password -keypass password
+
+    keytool -certreq -keystore cherry.jks -storetype jks -storepass password \
+    -keypass password -file csrcherry.pem
+
+
+# Have the CN=TheRA issue a certificate for CN=Wibble and CN=Cherry via
+# their Certificate Requests.
+
+   openssl ca -batch -days 364 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+   -in csrwibble.pem -out wibble-ra-cert.pem 
+   
+   openssl ca -batch -days 364 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+   -in csrcherry.pem -out cherry-ra-cert.pem
+
+
+# Rewrite the certificates in PEM only format. This allows us to concatenate
+# them into chains.
+
+    openssl x509 -in cacert.pem -out cacert.pem -outform PEM
+    openssl x509 -in ra-ca-cert.pem -out ra-ca-cert.pem -outform PEM
+    openssl x509 -in wibble-ra-cert.pem -out wibble-ra-cert.pem -outform PEM
+    openssl x509 -in cherry-ra-cert.pem -out cherry-ra-cert.pem -outform PEM
+
+# Create a chain readable by CertificateFactory.getCertificates.
+
+    cat wibble-ra-cert.pem ra-ca-cert.pem cacert.pem > wibble.chain
+    cat cherry-ra-cert.pem ra-ca-cert.pem cacert.pem > cherry.chain
+
+# Replace the certificate in the Wibble keystore with their respective
+# full chains.
+
+    keytool -import -file wibble.chain -keystore wibble.jks -storetype jks \
+    -storepass password -keypass password -noprompt
+
+    keytool -import -file cherry.chain -keystore cherry.jks -storetype jks \
+    -storepass password -keypass password -noprompt
+
+# Revoke the CN=TheRA certificate (happens in the Openssl DB)
+
+    openssl ca -verbose -cert cacert.pem -keyfile caprivkey.pem \
+    -revoke ra-ca-cert.pem -crl_reason keyCompromise 
+
+# Create the CRL from that revocation (from the Openssl DB)
+
+    openssl ca -verbose -gencrl -out ca.crl -cert cacert.pem \
+    -keyfile caprivkey.pem
+
+# Create the Truststore file containing the CA cert.
+
+    rm -f truststore.jks
+    
+    keytool -import -file cacert.pem -alias TheCA -keystore truststore.jks \
+    -storepass password -noprompt
+
+# Uncomment to see what's in the Keystores and CRL
+
+    keytool -v -list -keystore wibble.jks -storepass password
+    
+    keytool -v -list -keystore cherry.jks -storepass password
+    
+    keytool -v -list -keystore truststore.jks -storepass password
+    
+    openssl crl -in ca.crl -text -noout
+
+# Get rid of everything but wibble.chain and ra.crl
+#rm -rf *.pem exts demoCA *pk12

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/bin/gencerts.sh
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml Mon Jan  7 21:39:40 2008
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project name="RESTful demo" default="build" basedir=".">
+    <property name="codegen.notrequired" value="true"/>
+
+    <import file="../../common_build.xml"/>        
+        
+    <target name="client" description="run demo client" depends="build">
+        <cxfrun classname="demo.jaxrs.client.Client"                
+                param1="${basedir}/certs/wibble.jks"
+                param2="${basedir}/certs/truststore.jks"/>
+    </target> 
+        
+    <target name="server" description="run demo server" depends="build">
+        <cxfrun classname="demo.jaxrs.server.Server"  jvmarg1="-Dcxf.config.file=CherryServer.cxf"/>
+    </target>
+
+</project>

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/build.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ca.crl Mon Jan  7 21:39:40 2008
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBRTCBrwIBATANBgkqhkiG9w0BAQQFADBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkG
+A1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNV
+BAgTAk5ZMQswCQYDVQQGEwJVUxcNMDcwNTI1MDYwODI2WhcNMDcwNjI0MDYwODI2
+WjAjMCECAhNFFw0wNzA1MjUwNjA4MjZaMAwwCgYDVR0VBAMKAQEwDQYJKoZIhvcN
+AQEEBQADgYEAK8OzQ7XrcDkQkq6xTO0Rts64amO+awWDVaQtix1Ux2QDsd5vri6f
+qSkS6hIH+H6Rqr2xPTXDtb9JHbIpsf6DrF94ad92xx1SvcSi4TpxdN1Tn+pVjQvw
+EYldg+ksHmHJc9LpBBPX1VFS9wnT4gTkLA8HYV1O2fCbbhKJ07vNYuc=
+-----END X509 CRL-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cacert.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkWgAwIBAgICBNIwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTI0MDYwODI0WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQ
+Uk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQG
+EwJVUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAslkOm83+Ofgl4yJ3PAII
+aYEULJEOlElo9Rzr6e1iNdbGXncnRrfn3s3WqU4eWQpj417IpFvwXOjzsll2Gigk
+AAZgYrueUE/WmNDlcK0Ni7MRXpcGxyKJoeaXZyvfV5Wdmy9sCY7GoEGUBF7KOuUI
+nE3jT2wjME1Lko1ksBJNu80CAwEAAaOBtDCBsTAdBgNVHQ4EFgQUjiS4vGjDGQni
+HDhqYjlxtx+OcrIwgYEGA1UdIwR6MHiAFI4kuLxowxkJ4hw4amI5cbcfjnKyoVyk
+WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9O
+MQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQGEwJVU4ICBNIw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQA0SQ4zV3AptrjBbj+J88xo
+ek4ir+B7hBHKaF4AWc+ex8Fi7z1fWesLwuYvzE81tdnTHA9Vef/lxXIEj8ld690e
+mlq3NVYrFVj4jgrQlzxh7Yfy1e4CQz8n+XWGT/mGLrwGDIZegA4qkE4bhR62FHFP
+cD5xmVCYkfYW9E8wqVNRSA==
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/caprivkey.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCyWQ6bzf45+CXjInc8AghpgRQskQ6USWj1HOvp7WI11sZedydG
+t+fezdapTh5ZCmPjXsikW/Bc6POyWXYaKCQABmBiu55QT9aY0OVwrQ2LsxFelwbH
+Iomh5pdnK99XlZ2bL2wJjsagQZQEXso65QicTeNPbCMwTUuSjWSwEk27zQIDAQAB
+AoGAMerZOuSJ/mGlARC5fLM49YaqRdsH0JtHZCuHID9P2K/Xb8M73ABHRsYoCdUS
+i2tsD8yMrewJt4eABfAiLSoFAQErCSPHJIz761ErjUOCTGhMQ3ZKM5mdhqpR03+K
+1uMyqaTuY0wKzn2hGvNXtHk4yc1YbAlMZ/1L423c8shUikUCQQDWdV59sAK446IN
+2isifEJrkgmQe/l+QTKs6aYhRQXEg5S9JNAm6uXJobFqYdWy0W95wnEzLTAgNoV6
+z5wb8B9fAkEA1OUGaGHF0jqRwlH0QlJtp6y4ptWxt8AMwIDjHhTAhHlZSFbS/RA9
+CZJvsspJhZnDDViTgSaM8XoHT+aktoZwUwJAWqWPhAbCj82/sKU3uELXfEpk+oo8
+Ya5DMi0sSEG5d1+6ndwSk3CUIg7TQ8kIn6XAvbF/UYdXITaKYuef73smdwJALCqH
+Nchy3bZA3utZnRi0nwB6HkJe6BvziUwz0d3EQrdaCmPYyZ9AymeSvKiysADCMlaZ
+40U4IDCMq8rRiPxC+QJAZ6BgqEmkiOfiOzJSPP/JJ01xWS5OgPpASo+bVbFqjpv1
+K0e3qt+6l00MlKGnglMPwiO/YzbiQwLuM1vQEnuxnQ==
+-----END RSA PRIVATE KEY-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry-ra-cert.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0cwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZD
+aGVycnkwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYB1NaU39qdzgkV/87eMtbky
+KBf6odRdpWmgMJr2jTx/66DMLBznejnRHDdxWxNQUXmmnd1rqP1QAimLrCFwzBO+
+boOVvVwfGDPujYtKUFaj9JX5R4bkNSPjTGGQBOYcAiTQtkgpNwvZexGxgaLK4Hpg
+ilkr3DPPrIMKdj3cr5eqfaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsvDKBSLg
+f53uWQGt+kVb0h03rpIwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAH7D
+0Lo9qYM+XEHlNdm/RMzyV/gw1fdgrqaPpq2HFp5Y6hKOL3FPG2XvoiwonMZLj7LH
+Klft7wc88OnUgx6y6Xs/6RcHUQJvSQMfhE/zJsvl4JSNx/IoZGVWi2UVK44a3Jml
+fw1c3Bcm6ip/mz1EbAiAe8Wv4q4giBGI3mAZPVf7
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.chain Mon Jan  7 21:39:40 2008
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0cwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZD
+aGVycnkwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYB1NaU39qdzgkV/87eMtbky
+KBf6odRdpWmgMJr2jTx/66DMLBznejnRHDdxWxNQUXmmnd1rqP1QAimLrCFwzBO+
+boOVvVwfGDPujYtKUFaj9JX5R4bkNSPjTGGQBOYcAiTQtkgpNwvZexGxgaLK4Hpg
+ilkr3DPPrIMKdj3cr5eqfaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsvDKBSLg
+f53uWQGt+kVb0h03rpIwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAH7D
+0Lo9qYM+XEHlNdm/RMzyV/gw1fdgrqaPpq2HFp5Y6hKOL3FPG2XvoiwonMZLj7LH
+Klft7wc88OnUgx6y6Xs/6RcHUQJvSQMfhE/zJsvl4JSNx/IoZGVWi2UVK44a3Jml
+fw1c3Bcm6ip/mz1EbAiAe8Wv4q4giBGI3mAZPVf7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkWgAwIBAgICBNIwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTI0MDYwODI0WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQ
+Uk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQG
+EwJVUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAslkOm83+Ofgl4yJ3PAII
+aYEULJEOlElo9Rzr6e1iNdbGXncnRrfn3s3WqU4eWQpj417IpFvwXOjzsll2Gigk
+AAZgYrueUE/WmNDlcK0Ni7MRXpcGxyKJoeaXZyvfV5Wdmy9sCY7GoEGUBF7KOuUI
+nE3jT2wjME1Lko1ksBJNu80CAwEAAaOBtDCBsTAdBgNVHQ4EFgQUjiS4vGjDGQni
+HDhqYjlxtx+OcrIwgYEGA1UdIwR6MHiAFI4kuLxowxkJ4hw4amI5cbcfjnKyoVyk
+WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9O
+MQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQGEwJVU4ICBNIw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQA0SQ4zV3AptrjBbj+J88xo
+ek4ir+B7hBHKaF4AWc+ex8Fi7z1fWesLwuYvzE81tdnTHA9Vef/lxXIEj8ld690e
+mlq3NVYrFVj4jgrQlzxh7Yfy1e4CQz8n+XWGT/mGLrwGDIZegA4qkE4bhR62FHFP
+cD5xmVCYkfYW9E8wqVNRSA==
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks?rev=609875&view=auto
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/cherry.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrcherry.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,13 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICXTCCAhsCAQAwWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUx
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEAxMGQ2hlcnJ5MIIBtzCCASwGByqG
+SM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/
+xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
+wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg
+hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
+jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6A
+e1UlZAFMO/7PSSoDgYQAAoGAdTWlN/anc4JFf/O3jLW5MigX+qHUXaVpoDCa9o08f+ugzCwc53o5
+0Rw3cVsTUFF5pp3da6j9UAIpi6whcMwTvm6Dlb1cHxgz7o2LSlBWo/SV+UeG5DUj40xhkATmHAIk
+0LZIKTcL2XsRsYGiyuB6YIpZK9wzz6yDCnY93K+Xqn2gADALBgcqhkjOOAQDBQADLwAwLAIUaxs1
+1fWsupiR2qg3z0jMLpf9XhoCFAKNGxHh/ERLveRH+U80TAJHos+X
+-----END NEW CERTIFICATE REQUEST-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrra.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmDCCAQECAQAwWDEOMAwGA1UEAxMFVGhlUkExGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQswCQYDVQQIEwJOWTELMAkGA1UE
+BhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALImbgGYGKayj4sFL27M
+AHhB41Cwj9G3GCJ4uimwswWcDu+J7n8NI6QRPm/u8EhtHeQM7J+05fsWGE7R3Mqi
+zsx4tZHi1OaM0sKSMbzpbZBTEqk0us7CeJqXz0MVdv+iCY4I/Dg7Qn+Cp9bcnp0u
+NXRNg99XfItRnk3KTQ7QfUDVAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQBMS/Xs
+jTmj9QXbmArPK0fQK3irxirKuwk/Rv0tQMPb/jBMMGUTYq2ryqOQJ7xh4JaUM9aA
+vEFp+43TImDypPCoNO4Y4fFZPHuRPUp3KGEyYfknefmDym8FGZFL5EH52NTtG4k7
+4ZAV9XJQcYSsnLqk/dGB/gawco9hSB9BHoEYfw==
+-----END CERTIFICATE REQUEST-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/csrwibble.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,13 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICXjCCAhsCAQAwWTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUx
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEAxMGV2liYmxlMIIBtzCCASwGByqG
+SM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/
+xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue
+wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg
+hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
+jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6A
+e1UlZAFMO/7PSSoDgYQAAoGANKoFSVHn9yJkrCT8IVK1ri0YrFxCzvPBpbiCt9gX9l8EQiIh280S
+7x9WN0K65rcKru1mweXI9duNhp/+XKFJfF+rPuoyQzqCYsiWRX24ke5eajpy+ECxr3FuujQ/AtVB
+U1P3TIRCNF3IKteefh0OKC5fQfWikN84LtCFej6yWjmgADALBgcqhkjOOAQDBQADMAAwLQIVAIAo
+23R658Bz3LkVTBp7kIJfAB83AhQpSbl+w0s7BWhJ//GejVtZtg6xPA==
+-----END NEW CERTIFICATE REQUEST-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt Mon Jan  7 21:39:40 2008
@@ -0,0 +1,3 @@
+R	080523060824Z	070525060826Z,keyCompromise	1345	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
+V	080523060825Z		1346	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
+V	080523060825Z		1347	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/index.txt.old Mon Jan  7 21:39:40 2008
@@ -0,0 +1,3 @@
+V	080523060824Z		1345	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
+V	080523060825Z		1346	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
+V	080523060825Z		1347	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1345.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,50 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4933 (0x1345)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: CN=TheCA, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US
+        Validity
+            Not Before: May 25 06:08:24 2007 GMT
+            Not After : May 23 06:08:24 2008 GMT
+        Subject: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=TheRA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b2:26:6e:01:98:18:a6:b2:8f:8b:05:2f:6e:cc:
+                    00:78:41:e3:50:b0:8f:d1:b7:18:22:78:ba:29:b0:
+                    b3:05:9c:0e:ef:89:ee:7f:0d:23:a4:11:3e:6f:ee:
+                    f0:48:6d:1d:e4:0c:ec:9f:b4:e5:fb:16:18:4e:d1:
+                    dc:ca:a2:ce:cc:78:b5:91:e2:d4:e6:8c:d2:c2:92:
+                    31:bc:e9:6d:90:53:12:a9:34:ba:ce:c2:78:9a:97:
+                    cf:43:15:76:ff:a2:09:8e:08:fc:38:3b:42:7f:82:
+                    a7:d6:dc:9e:9d:2e:35:74:4d:83:df:57:7c:8b:51:
+                    9e:4d:ca:4d:0e:d0:7d:40:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        29:87:e0:b0:13:25:1b:0d:ea:74:aa:15:2f:9e:f4:16:f4:eb:
+        c1:66:bd:14:ca:6c:46:92:22:61:14:b3:c5:f2:68:a5:00:8b:
+        26:6d:a7:d6:fb:0b:e3:6c:b9:a8:35:86:58:1f:9e:13:3f:de:
+        85:3d:19:04:1c:cb:dc:4e:44:20:9b:4c:46:3c:c4:4a:d6:d6:
+        66:01:1c:6c:95:d0:16:d0:47:56:13:ff:37:9f:45:c6:d5:06:
+        71:66:90:a4:e8:4b:01:6c:44:3b:8c:8b:df:f6:87:8b:05:47:
+        ec:9b:3c:fe:4b:4e:41:a4:45:77:b2:f5:da:d8:09:08:dd:9e:
+        bf:c0
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1346.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,90 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4934 (0x1346)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=TheRA
+        Validity
+            Not Before: May 25 06:08:25 2007 GMT
+            Not After : May 23 06:08:25 2008 GMT
+        Subject: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=Wibble
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    34:aa:05:49:51:e7:f7:22:64:ac:24:fc:21:52:b5:
+                    ae:2d:18:ac:5c:42:ce:f3:c1:a5:b8:82:b7:d8:17:
+                    f6:5f:04:42:22:21:db:cd:12:ef:1f:56:37:42:ba:
+                    e6:b7:0a:ae:ed:66:c1:e5:c8:f5:db:8d:86:9f:fe:
+                    5c:a1:49:7c:5f:ab:3e:ea:32:43:3a:82:62:c8:96:
+                    45:7d:b8:91:ee:5e:6a:3a:72:f8:40:b1:af:71:6e:
+                    ba:34:3f:02:d5:41:53:53:f7:4c:84:42:34:5d:c8:
+                    2a:d7:9e:7e:1d:0e:28:2e:5f:41:f5:a2:90:df:38:
+                    2e:d0:85:7a:3e:b2:5a:39
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            Netscape Comment: 
+            OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+            1F:CC:F5:95:B6:FD:E4:B0:1C:88:B9:46:DD:5E:D8:E5:8A:42:6F:83
+            X509v3 Authority Key Identifier: 
+            DirName:/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US
+            serial:13:45
+
+    Signature Algorithm: md5WithRSAEncryption
+        08:67:bb:df:d2:ac:4a:b2:0c:bf:06:e1:68:f5:94:29:a5:33:
+        2b:01:d1:9f:04:75:26:82:44:9b:1b:3a:68:50:ab:c4:67:a0:
+        93:fa:5b:e2:a4:98:97:50:0c:64:d6:ed:d5:9b:31:dc:b1:4b:
+        07:c2:9c:eb:26:18:e3:29:2c:62:57:e8:ad:eb:3a:e9:d9:4c:
+        4f:f0:d0:63:fe:f9:e4:9b:5d:a6:6b:09:cb:7a:80:2e:da:a9:
+        3e:da:64:f6:70:4c:de:81:b8:de:94:6f:64:1b:4a:ee:b5:e5:
+        b9:2e:51:7b:96:2b:c1:e3:cf:20:d9:1d:69:66:11:5c:eb:54:
+        3a:ab
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0YwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZX
+aWJibGUwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYA0qgVJUef3ImSsJPwhUrWu
+LRisXELO88GluIK32Bf2XwRCIiHbzRLvH1Y3Qrrmtwqu7WbB5cj1242Gn/5coUl8
+X6s+6jJDOoJiyJZFfbiR7l5qOnL4QLGvcW66ND8C1UFTU/dMhEI0Xcgq155+HQ4o
+Ll9B9aKQ3zgu0IV6PrJaOaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUH8z1lbb9
+5LAciLlG3V7Y5YpCb4MwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAAhn
+u9/SrEqyDL8G4Wj1lCmlMysB0Z8EdSaCRJsbOmhQq8RnoJP6W+KkmJdQDGTW7dWb
+MdyxSwfCnOsmGOMpLGJX6K3rOunZTE/w0GP++eSbXaZrCct6gC7aqT7aZPZwTN6B
+uN6Ub2QbSu615bkuUXuWK8HjzyDZHWlmEVzrVDqr
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/newcerts/1347.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,90 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4935 (0x1347)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=TheRA
+        Validity
+            Not Before: May 25 06:08:25 2007 GMT
+            Not After : May 23 06:08:25 2008 GMT
+        Subject: C=US, ST=NY, O=Apache, OU=NOT FOR PRODUCTION, CN=Cherry
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    75:35:a5:37:f6:a7:73:82:45:7f:f3:b7:8c:b5:b9:
+                    32:28:17:fa:a1:d4:5d:a5:69:a0:30:9a:f6:8d:3c:
+                    7f:eb:a0:cc:2c:1c:e7:7a:39:d1:1c:37:71:5b:13:
+                    50:51:79:a6:9d:dd:6b:a8:fd:50:02:29:8b:ac:21:
+                    70:cc:13:be:6e:83:95:bd:5c:1f:18:33:ee:8d:8b:
+                    4a:50:56:a3:f4:95:f9:47:86:e4:35:23:e3:4c:61:
+                    90:04:e6:1c:02:24:d0:b6:48:29:37:0b:d9:7b:11:
+                    b1:81:a2:ca:e0:7a:60:8a:59:2b:dc:33:cf:ac:83:
+                    0a:76:3d:dc:af:97:aa:7d
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            Netscape Comment: 
+            OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+            B2:F0:CA:05:22:E0:7F:9D:EE:59:01:AD:FA:45:5B:D2:1D:37:AE:92
+            X509v3 Authority Key Identifier: 
+            DirName:/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US
+            serial:13:45
+
+    Signature Algorithm: md5WithRSAEncryption
+        7e:c3:d0:ba:3d:a9:83:3e:5c:41:e5:35:d9:bf:44:cc:f2:57:
+        f8:30:d5:f7:60:ae:a6:8f:a6:ad:87:16:9e:58:ea:12:8e:2f:
+        71:4f:1b:65:ef:a2:2c:28:9c:c6:4b:8f:b2:c7:2a:57:ed:ef:
+        07:3c:f0:e9:d4:83:1e:b2:e9:7b:3f:e9:17:07:51:02:6f:49:
+        03:1f:84:4f:f3:26:cb:e5:e0:94:8d:c7:f2:28:64:65:56:8b:
+        65:15:2b:8e:1a:dc:99:a5:7f:0d:5c:dc:17:26:ea:2a:7f:9b:
+        3d:44:6c:08:80:7b:c5:af:e2:ae:20:88:11:88:de:60:19:3d:
+        57:fb
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0cwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZD
+aGVycnkwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYB1NaU39qdzgkV/87eMtbky
+KBf6odRdpWmgMJr2jTx/66DMLBznejnRHDdxWxNQUXmmnd1rqP1QAimLrCFwzBO+
+boOVvVwfGDPujYtKUFaj9JX5R4bkNSPjTGGQBOYcAiTQtkgpNwvZexGxgaLK4Hpg
+ilkr3DPPrIMKdj3cr5eqfaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUsvDKBSLg
+f53uWQGt+kVb0h03rpIwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAH7D
+0Lo9qYM+XEHlNdm/RMzyV/gw1fdgrqaPpq2HFp5Y6hKOL3FPG2XvoiwonMZLj7LH
+Klft7wc88OnUgx6y6Xs/6RcHUQJvSQMfhE/zJsvl4JSNx/IoZGVWi2UVK44a3Jml
+fw1c3Bcm6ip/mz1EbAiAe8Wv4q4giBGI3mAZPVf7
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial Mon Jan  7 21:39:40 2008
@@ -0,0 +1 @@
+1348

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/demoCA/serial.old Mon Jan  7 21:39:40 2008
@@ -0,0 +1 @@
+1347

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/exts Mon Jan  7 21:39:40 2008
@@ -0,0 +1,2 @@
+[x509_extensions]
+basicConstraints=CA:TRUE

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/ra-ca-cert.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/raprivkey.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCyJm4BmBimso+LBS9uzAB4QeNQsI/RtxgieLopsLMFnA7vie5/
+DSOkET5v7vBIbR3kDOyftOX7FhhO0dzKos7MeLWR4tTmjNLCkjG86W2QUxKpNLrO
+wnial89DFXb/ogmOCPw4O0J/gqfW3J6dLjV0TYPfV3yLUZ5Nyk0O0H1A1QIDAQAB
+AoGBAIVNqjz5IWEC9dPxsld2wNc7fiuvoj4rghyxN6Pge2S0LJzjGhnprASlfpHl
+OdkIBTjSzvCGPRyPoOrBsDPUdWZciodsQq5j60pYwzeUBQOcZoIiiVZjKw2MMbAs
+/nhX5m1KN2tMJK+C7qdmXfXTbi9Kjakzk+CrLtdMaHsKaUiBAkEA5JDEeTEpuzXi
+vrYdLH6Np46+CAPz9RdsrR1C8Mfkne+uSlPa8AI/QvYhpVv2yGYVj+Dw8KmrJXtA
+jTWPPXOP9QJBAMeIhtG02K/hcn8RMKSRNqA1Gr37uMSszXhFAiuiVbd9FzfICerD
+fJ0QcIbOUazCciwWqtgUF49SFEY71wf8wWECQDvVOdmP6SC85nKOMezn5CUs1Mo8
+XqyWSTi4JEHr0gkWKUYD1ZhmvjDFReGHxX6IWrSjae9WOxtAvJE6qBiqG9ECQQCT
+gFKhrX3NruxUEKIT1aE7F2a4cN/qzA9sTB9JoEybQuap/r+OA4sYFLIKhXSNMIT0
+IKGU8G1mLnf8X3obVnahAkBQI/aJ0aybPl/EOcDvuBX41C+LX11iFF8SRrpHTi7z
+QWvT2kwWXf6l/OqEcZMZ75XBC5VjP+ekx0uhxs9iJ1jU
+-----END RSA PRIVATE KEY-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks?rev=609875&view=auto
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/truststore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble-ra-cert.pem Mon Jan  7 21:39:40 2008
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0YwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZX
+aWJibGUwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYA0qgVJUef3ImSsJPwhUrWu
+LRisXELO88GluIK32Bf2XwRCIiHbzRLvH1Y3Qrrmtwqu7WbB5cj1242Gn/5coUl8
+X6s+6jJDOoJiyJZFfbiR7l5qOnL4QLGvcW66ND8C1UFTU/dMhEI0Xcgq155+HQ4o
+Ll9B9aKQ3zgu0IV6PrJaOaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUH8z1lbb9
+5LAciLlG3V7Y5YpCb4MwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAAhn
+u9/SrEqyDL8G4Wj1lCmlMysB0Z8EdSaCRJsbOmhQq8RnoJP6W+KkmJdQDGTW7dWb
+MdyxSwfCnOsmGOMpLGJX6K3rOunZTE/w0GP++eSbXaZrCct6gC7aqT7aZPZwTN6B
+uN6Ub2QbSu615bkuUXuWK8HjzyDZHWlmEVzrVDqr
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.chain Mon Jan  7 21:39:40 2008
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIECjCCA3OgAwIBAgICE0YwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMQ8wDQYDVQQKEwZBcGFjaGUxGzAZBgNVBAsTEk5PVCBGT1Ig
+UFJPRFVDVElPTjEOMAwGA1UEAxMFVGhlUkEwHhcNMDcwNTI1MDYwODI1WhcNMDgw
+NTIzMDYwODI1WjBZMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ8wDQYDVQQDEwZX
+aWJibGUwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR
+t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZ
+UKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
+3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgW
+E7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQ
+iaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYA0qgVJUef3ImSsJPwhUrWu
+LRisXELO88GluIK32Bf2XwRCIiHbzRLvH1Y3Qrrmtwqu7WbB5cj1242Gn/5coUl8
+X6s+6jJDOoJiyJZFfbiR7l5qOnL4QLGvcW66ND8C1UFTU/dMhEI0Xcgq155+HQ4o
+Ll9B9aKQ3zgu0IV6PrJaOaOByDCBxTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUH8z1lbb9
+5LAciLlG3V7Y5YpCb4MwawYDVR0jBGQwYqFcpFowWDEOMAwGA1UEAxMFVGhlQ0Ex
+GzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hlMQsw
+CQYDVQQIEwJOWTELMAkGA1UEBhMCVVOCAhNFMA0GCSqGSIb3DQEBBAUAA4GBAAhn
+u9/SrEqyDL8G4Wj1lCmlMysB0Z8EdSaCRJsbOmhQq8RnoJP6W+KkmJdQDGTW7dWb
+MdyxSwfCnOsmGOMpLGJX6K3rOunZTE/w0GP++eSbXaZrCct6gC7aqT7aZPZwTN6B
+uN6Ub2QbSu615bkuUXuWK8HjzyDZHWlmEVzrVDqr
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICNzCCAaCgAwIBAgICE0UwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTIzMDYwODI0WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxDzANBgNVBAoT
+BkFwYWNoZTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9OMQ4wDAYDVQQDEwVU
+aGVSQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsiZuAZgYprKPiwUvbswA
+eEHjULCP0bcYIni6KbCzBZwO74nufw0jpBE+b+7wSG0d5Azsn7Tl+xYYTtHcyqLO
+zHi1keLU5ozSwpIxvOltkFMSqTS6zsJ4mpfPQxV2/6IJjgj8ODtCf4Kn1tyenS41
+dE2D31d8i1GeTcpNDtB9QNUCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAph+CwEyUbDep0qhUvnvQW9OvBZr0UymxGkiJhFLPF8milAIsm
+bafW+wvjbLmoNYZYH54TP96FPRkEHMvcTkQgm0xGPMRK1tZmARxsldAW0EdWE/83
+n0XG1QZxZpCk6EsBbEQ7jIvf9oeLBUfsmzz+S05BpEV3svXa2AkI3Z6/wA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAkWgAwIBAgICBNIwDQYJKoZIhvcNAQEEBQAwWDEOMAwGA1UEAxMFVGhl
+Q0ExGzAZBgNVBAsTEk5PVCBGT1IgUFJPRFVDVElPTjEPMA0GA1UEChMGQXBhY2hl
+MQswCQYDVQQIEwJOWTELMAkGA1UEBhMCVVMwHhcNMDcwNTI1MDYwODI0WhcNMDgw
+NTI0MDYwODI0WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQ
+Uk9EVUNUSU9OMQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQG
+EwJVUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAslkOm83+Ofgl4yJ3PAII
+aYEULJEOlElo9Rzr6e1iNdbGXncnRrfn3s3WqU4eWQpj417IpFvwXOjzsll2Gigk
+AAZgYrueUE/WmNDlcK0Ni7MRXpcGxyKJoeaXZyvfV5Wdmy9sCY7GoEGUBF7KOuUI
+nE3jT2wjME1Lko1ksBJNu80CAwEAAaOBtDCBsTAdBgNVHQ4EFgQUjiS4vGjDGQni
+HDhqYjlxtx+OcrIwgYEGA1UdIwR6MHiAFI4kuLxowxkJ4hw4amI5cbcfjnKyoVyk
+WjBYMQ4wDAYDVQQDEwVUaGVDQTEbMBkGA1UECxMSTk9UIEZPUiBQUk9EVUNUSU9O
+MQ8wDQYDVQQKEwZBcGFjaGUxCzAJBgNVBAgTAk5ZMQswCQYDVQQGEwJVU4ICBNIw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQA0SQ4zV3AptrjBbj+J88xo
+ek4ir+B7hBHKaF4AWc+ex8Fi7z1fWesLwuYvzE81tdnTHA9Vef/lxXIEj8ld690e
+mlq3NVYrFVj4jgrQlzxh7Yfy1e4CQz8n+XWGT/mGLrwGDIZegA4qkE4bhR62FHFP
+cD5xmVCYkfYW9E8wqVNRSA==
+-----END CERTIFICATE-----

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks?rev=609875&view=auto
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/certs/wibble.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java Mon Jan  7 21:39:40 2008
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+/**
+ * <p>
+ * Signals fatal error in initialization of {@link AuthSSLProtocolSocketFactory}.
+ * </p>
+ * 
+ * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
+ *         <p>
+ *         DISCLAIMER: HttpClient developers DO NOT actively support this
+ *         component. The component is provided as a reference material, which
+ *         may be inappropriate for use without additional customization.
+ *         </p>
+ */
+
+public class AuthSSLInitializationError extends Error {
+
+    /**
+     * Creates a new AuthSSLInitializationError.
+     */
+    public AuthSSLInitializationError() {
+        super();
+    }
+
+    /**
+     * Creates a new AuthSSLInitializationError with the specified message.
+     * 
+     * @param message error message
+     */
+    public AuthSSLInitializationError(String message) {
+        super(message);
+    }
+}

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLInitializationError.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java?rev=609875&view=auto
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java (added)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/jax-rs/basic_https/src/demo/jaxrs/client/AuthSSLProtocolSocketFactory.java Mon Jan  7 21:39:40 2008
@@ -0,0 +1,383 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * <p>
+ * AuthSSLProtocolSocketFactory can be used to validate the identity of the HTTPS
+ * server against a list of trusted certificates and to authenticate to the HTTPS
+ * server using a private key.
+ * </p>
+ *
+ * <p>
+ * AuthSSLProtocolSocketFactory will enable server authentication when supplied with
+ * a {@link KeyStore truststore} file containg one or several trusted certificates.
+ * The client secure socket will reject the connection during the SSL session handshake
+ * if the target HTTPS server attempts to authenticate itself with a non-trusted
+ * certificate.
+ * </p>
+ *
+ * <p>
+ * Use JDK keytool utility to import a trusted certificate and generate a truststore file:
+ *    <pre>
+ *     keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
+ *    </pre>
+ * </p>
+ *
+ * <p>
+ * AuthSSLProtocolSocketFactory will enable client authentication when supplied with
+ * a {@link KeyStore keystore} file containg a private key/public certificate pair.
+ * The client secure socket will use the private key to authenticate itself to the target
+ * HTTPS server during the SSL session handshake if requested to do so by the server.
+ * The target HTTPS server will in its turn verify the certificate presented by the client
+ * in order to establish client's authenticity
+ * </p>
+ *
+ * <p>
+ * Use the following sequence of actions to generate a keystore file
+ * </p>
+ *   <ul>
+ *     <li>
+ *      <p>
+ *      Use JDK keytool utility to generate a new key
+ *      <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore</pre>
+ *      For simplicity use the same password for the key as that of the keystore
+ *      </p>
+ *     </li>
+ *     <li>
+ *      <p>
+ *      Issue a certificate signing request (CSR)
+ *      <pre>keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore</pre>
+ *     </p>
+ *     </li>
+ *     <li>
+ *      <p>
+ *      Send the certificate request to the trusted Certificate Authority for signature.
+ *      One may choose to act as her own CA and sign the certificate request using a PKI
+ *      tool, such as OpenSSL.
+ *      </p>
+ *     </li>
+ *     <li>
+ *      <p>
+ *       Import the trusted CA root certificate
+ *       <pre>keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore</pre>
+ *      </p>
+ *     </li>
+ *     <li>
+ *      <p>
+ *       Import the PKCS#7 file containg the complete certificate chain
+ *       <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore</pre>
+ *      </p>
+ *     </li>
+ *     <li>
+ *      <p>
+ *       Verify the content the resultant keystore file
+ *       <pre>keytool -list -v -keystore my.keystore</pre>
+ *      </p>
+ *     </li>
+ *   </ul>
+ * <p>
+ * Example of using custom protocol socket factory for a specific host:
+ *     <pre>
+ *     Protocol authhttps = new Protocol("https",
+ *          new AuthSSLProtocolSocketFactory(
+ *              new URL("file:my.keystore"), "mypassword",
+ *              new URL("file:my.truststore"), "mypassword"), 443);
+ *
+ *     HttpClient client = new HttpClient();
+ *     client.getHostConfiguration().setHost("localhost", 443, authhttps);
+ *     // use relative url only
+ *     GetMethod httpget = new GetMethod("/");
+ *     client.executeMethod(httpget);
+ *     </pre>
+ * </p>
+ * <p>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ *     <pre>
+ *     Protocol authhttps = new Protocol("https",
+ *          new AuthSSLProtocolSocketFactory(
+ *              new URL("file:my.keystore"), "mypassword",
+ *              new URL("file:my.truststore"), "mypassword"), 443);
+ *     Protocol.registerProtocol("https", authhttps);
+ *
+ *     HttpClient client = new HttpClient();
+ *     GetMethod httpget = new GetMethod("https://localhost/");
+ *     client.executeMethod(httpget);
+ *     </pre>
+ * </p>
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ *
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class AuthSSLProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+    /** Log object for this class. */
+    private static final Log LOG = LogFactory.getLog(AuthSSLProtocolSocketFactory.class);
+
+    private URL keystoreUrl = null;
+    private String keystorePassword = null;
+    private URL truststoreUrl = null;
+    private String truststorePassword = null;
+    private SSLContext sslcontext = null;
+
+    /**
+     * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file
+     * must be given. Otherwise SSL context initialization error will result.
+     *
+     * @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if HTTPS client
+     *        authentication is not to be used.
+     * @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation
+     *        assumes that the same password is used to protect the key and the keystore itself.
+     * @param truststoreUrl URL of the truststore file. May be <tt>null</tt> if HTTPS server
+     *        authentication is not to be used.
+     * @param truststorePassword Password to unlock the truststore.
+     */
+    public AuthSSLProtocolSocketFactory(final URL keystoreUrl, final String keystorePassword,
+                                        final URL truststoreUrl, final String truststorePassword) {
+        super();
+        this.keystoreUrl = keystoreUrl;
+        this.keystorePassword = keystorePassword;
+        this.truststoreUrl = truststoreUrl;
+        this.truststorePassword = truststorePassword;
+    }
+
+    private static KeyStore createKeyStore(final URL url, final String password) throws KeyStoreException,
+        NoSuchAlgorithmException, CertificateException, IOException {
+        if (url == null) {
+            throw new IllegalArgumentException("Keystore url may not be null");
+        }
+        LOG.debug("Initializing key store");
+        KeyStore keystore = KeyStore.getInstance("jks");
+        InputStream is = null;
+        try {
+            is = url.openStream();
+            keystore.load(is, password != null ? password.toCharArray() : null);
+        } finally {
+            if (is != null)
+                is.close();
+        }
+        return keystore;
+    }
+
+    private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
+        throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
+        if (keystore == null) {
+            throw new IllegalArgumentException("Keystore may not be null");
+        }
+        LOG.debug("Initializing key manager");
+        KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        kmfactory.init(keystore, password != null ? password.toCharArray() : null);
+        return kmfactory.getKeyManagers();
+    }
+
+    private static TrustManager[] createTrustManagers(final KeyStore keystore) throws KeyStoreException,
+        NoSuchAlgorithmException {
+        if (keystore == null) {
+            throw new IllegalArgumentException("Keystore may not be null");
+        }
+        LOG.debug("Initializing trust manager");
+        TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory
+            .getDefaultAlgorithm());
+        tmfactory.init(keystore);
+        TrustManager[] trustmanagers = tmfactory.getTrustManagers();
+        for (int i = 0; i < trustmanagers.length; i++) {
+            if (trustmanagers[i] instanceof X509TrustManager) {
+                trustmanagers[i] = new AuthSSLX509TrustManager((X509TrustManager)trustmanagers[i]);
+            }
+        }
+        return trustmanagers;
+    }
+
+    private SSLContext createSSLContext() {
+        try {
+            KeyManager[] keymanagers = null;
+            TrustManager[] trustmanagers = null;
+            if (this.keystoreUrl != null) {
+                KeyStore keystore = createKeyStore(this.keystoreUrl, this.keystorePassword);
+                if (LOG.isDebugEnabled()) {
+                    Enumeration aliases = keystore.aliases();
+                    while (aliases.hasMoreElements()) {
+                        String alias = (String)aliases.nextElement();
+                        Certificate[] certs = keystore.getCertificateChain(alias);
+                        if (certs != null) {
+                            LOG.debug("Certificate chain '" + alias + "':");
+                            for (int c = 0; c < certs.length; c++) {
+                                if (certs[c] instanceof X509Certificate) {
+                                    X509Certificate cert = (X509Certificate)certs[c];
+                                    LOG.debug(" Certificate " + (c + 1) + ":");
+                                    LOG.debug("  Subject DN: " + cert.getSubjectDN());
+                                    LOG.debug("  Signature Algorithm: " + cert.getSigAlgName());
+                                    LOG.debug("  Valid from: " + cert.getNotBefore());
+                                    LOG.debug("  Valid until: " + cert.getNotAfter());
+                                    LOG.debug("  Issuer: " + cert.getIssuerDN());
+                                }
+                            }
+                        }
+                    }
+                }
+                keymanagers = createKeyManagers(keystore, this.keystorePassword);
+            }
+            if (this.truststoreUrl != null) {
+                KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword);
+                if (LOG.isDebugEnabled()) {
+                    Enumeration aliases = keystore.aliases();
+                    while (aliases.hasMoreElements()) {
+                        String alias = (String)aliases.nextElement();
+                        LOG.debug("Trusted certificate '" + alias + "':");
+                        Certificate trustedcert = keystore.getCertificate(alias);
+                        if (trustedcert != null && trustedcert instanceof X509Certificate) {
+                            X509Certificate cert = (X509Certificate)trustedcert;
+                            LOG.debug("  Subject DN: " + cert.getSubjectDN());
+                            LOG.debug("  Signature Algorithm: " + cert.getSigAlgName());
+                            LOG.debug("  Valid from: " + cert.getNotBefore());
+                            LOG.debug("  Valid until: " + cert.getNotAfter());
+                            LOG.debug("  Issuer: " + cert.getIssuerDN());
+                        }
+                    }
+                }
+                trustmanagers = createTrustManagers(keystore);
+            }
+            SSLContext sslcontext = SSLContext.getInstance("SSL");
+            sslcontext.init(keymanagers, trustmanagers, null);
+            return sslcontext;
+        } catch (NoSuchAlgorithmException e) {
+            LOG.error(e.getMessage(), e);
+            throw new AuthSSLInitializationError("Unsupported algorithm exception: " + e.getMessage());
+        } catch (KeyStoreException e) {
+            LOG.error(e.getMessage(), e);
+            throw new AuthSSLInitializationError("Keystore exception: " + e.getMessage());
+        } catch (GeneralSecurityException e) {
+            LOG.error(e.getMessage(), e);
+            throw new AuthSSLInitializationError("Key management exception: " + e.getMessage());
+        } catch (IOException e) {
+            LOG.error(e.getMessage(), e);
+            throw new AuthSSLInitializationError("I/O error reading keystore/truststore file: "
+                                                 + e.getMessage());
+        }
+    }
+
+    private SSLContext getSSLContext() {
+        if (this.sslcontext == null) {
+            this.sslcontext = createSSLContext();
+        }
+        return this.sslcontext;
+    }
+
+    /**
+     * Attempts to get a new socket connection to the given host within the given time limit.
+     * <p>
+     * To circumvent the limitations of older JREs that do not support connect timeout a
+     * controller thread is executed. The controller thread attempts to create a new socket
+     * within the given limit of time. If socket constructor does not return until the
+     * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
+     * </p>
+     *
+     * @param host the host name/IP
+     * @param port the port on the host
+     * @param clientHost the local host name/IP to bind the socket to
+     * @param clientPort the port on the local machine
+     * @param params {@link HttpConnectionParams Http connection parameters}
+     *
+     * @return Socket a new socket
+     *
+     * @throws IOException if an I/O error occurs while creating the socket
+     * @throws UnknownHostException if the IP address of the host cannot be
+     * determined
+     */
+    public Socket createSocket(final String host, final int port, final InetAddress localAddress,
+                               final int localPort, final HttpConnectionParams params) throws IOException,
+        UnknownHostException, ConnectTimeoutException {
+        if (params == null) {
+            throw new IllegalArgumentException("Parameters may not be null");
+        }
+        int timeout = params.getConnectionTimeout();
+        SocketFactory socketfactory = getSSLContext().getSocketFactory();
+        if (timeout == 0) {
+            return socketfactory.createSocket(host, port, localAddress, localPort);
+        } else {
+            Socket socket = socketfactory.createSocket();
+            SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
+            SocketAddress remoteaddr = new InetSocketAddress(host, port);
+            socket.bind(localaddr);
+            socket.connect(remoteaddr, timeout);
+            return socket;
+        }
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+     */
+    public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
+        throws IOException, UnknownHostException {
+        return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+     */
+    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+        return getSSLContext().getSocketFactory().createSocket(host, port);
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+     */
+    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException,
+        UnknownHostException {
+        return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
+    }
+}



Mime
View raw message