cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gma...@apache.org
Subject svn commit: r1359244 - in /cxf/fediz/trunk: examples/samplekeys/ examples/wsclientWebapp/webapp/src/main/resources/ examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/ examples/wsclientWebapp/webservice/service/ examples/wsclientWebapp/webservice/s...
Date Mon, 09 Jul 2012 16:08:34 GMT
Author: gmazza
Date: Mon Jul  9 16:08:33 2012
New Revision: 1359244

URL: http://svn.apache.org/viewvc?rev=1359244&view=rev
Log:
Added specific keystores for each part of the Fediz samples and components and a README listing
required trust relationships.

Added:
    cxf/fediz/trunk/examples/samplekeys/
    cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt
    cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks   (with props)
    cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks   (with props)
    cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks   (with props)
    cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks 
 (with props)
    cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
  (with props)
    cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
    cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks   (with props)
Removed:
    cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/tomcatKeystore.jks
    cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/stsKeystore.properties
    cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/stsstore.jks
    cxf/fediz/trunk/services/idp/src/main/resources/clientstore.jks
Modified:
    cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
    cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml
    cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
    cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
    cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks

Added: cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt?rev=1359244&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt (added)
+++ cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt Mon Jul  9 16:08:33 2012
@@ -0,0 +1,74 @@
+Here are sample (non-production use!!!) self-signed keys to run the FEDIZ samples.
+
+Don't use these keys in production--everyone has them!  At a minimum, regenerate new keys
using the scripts (with different passwords) below.  These will be just self-signed keys however,
for real production use having third-party signed CA keys is highly recommended.
+
+1.) Tomcat keys:  The Tomcat keys can be simply placed in the root folder of each Tomcat
installation.  They are used to configure SSL for the Tomcat instances as described here:
http://cxf.apache.org/fediz-tomcat.html.
+
+Keys:
+a.) tomcat-idp.jks: keystore for the Tomcat instance holding the IDP and IDP STS.
+Alias: mytomidpkey
+Needs to trust: Nobody.
+Needs to be trusted by: IDP WAR
+
+Scripts:
+keytool -genkeypair -validity 730 -alias mytomidpkey -keystore tomcat-idp.jks -dname "cn=localhost"
-keypass tompass -storepass tompass
+
+keytool -keystore tomcat-idp.jks -storepass tompass -export -alias mytomidpkey -file MyTCIDP.cer
+
+b.) tomcat-rp.jks: keystore for the Tomcat instance holding the relying party applications
for both samples (simpleWebapp and wsclientWebapp)
+Alias: mytomrpkey
+Needs to trust: Nobody.
+Needs to be trusted by: Nobody.
+
+Scripts:
+keytool -genkeypair -validity 730 -alias mytomrpkey -keystore tomcat-rp.jks -dname "cn=localhost"
-keypass tompass -storepass tompass
+
+c.) tomcat-wsp.jks: keystore for the Tomcat instance holding the web service provider in
the second (wsclientWebapp) sample.
+Alias: mytomwspkey
+Needs to trust: Nobody.
+Needs to be trusted by: wsclientWebapp's webapp module
+
+Script:
+keytool -genkeypair -validity 730 -alias mytomwspkey -keystore tomcat-wsp.jks -dname "cn=localhost"
-keypass tompass -storepass tompass
+
+2.) IDP keystore:
+Alias: myidpkey
+Location: services/idp/src/main/resources/idpstore.jks
+Needs to trust: mytomidpkey (because it makes an SSL call to the IDP STS)
+Needs to be trusted by: IDP STS
+
+Scripts:
+keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myidpkey -keypass ikpass
-storepass ispass -keystore idpstore.jks
+
+keytool -import -trustcacerts -keystore idpstore.jks -storepass ispass -alias mytomidpkey
-file MyTCIDP.cer -noprompt
+
+keytool -export -rfc -keystore idpstore.jks -storepass ispass -alias myidpkey -file MyIDP.cer
+
+3.) Making the key for the IDP STS:
+Alias: mystskey
+Location: services/idp/src/main/resources/stsstore.jks
+Needs to trust: myidpkey (because of X.509 auth between IDP and IDP STS)
+Needs to be trusted by: wsclientWebapp's webservice
+
+Scripts:
+keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias mystskey -keypass stskpass
-storepass stsspass -keystore stsstore.jks
+
+keytool -import -trustcacerts -keystore stsstore.jks -storepass stsspass -alias myidpkey
-file MyIDP.cer -noprompt
+
+4.) Making the key for the simpleWebapp sample:  No additional keys needed.
+
+5.) Making the key for the wsclientWebapp "webapp" sample:  
+Location: examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
+Trust relationships needed: mytomidpkey (to access IDP STS via HTTPS, mytomwspkey (to access
web service via HTTPS)
+Needs to be trusted by: Nobody.
+
+
+6.) Making the keystore for the wsclientWebapp "webservice" sample:
+Location: examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
(has no key, just a truststore)
+Trust relationships needed: IDP STS (signature verification)
+Needs to be trusted by: Nobody.
+
+keytool -import -trustcacerts -keystore webserviceKeystore.jks -storepass wsspass -alias
mystskey -file MySTS.cer -noprompt
+
+
+

Added: cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
(original)
+++ cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
Mon Jul  9 16:08:33 2012
@@ -60,16 +60,16 @@
 	<http:conduit name="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port.http-conduit">
 		<http:tlsClientParameters disableCNCheck="true">
 			<sec:trustManagers>
-				<sec:keyStore type="jks" password="tompass" resource="tomcatKeystore.jks" />
+				<sec:keyStore type="jks" password="waspass" resource="webappKeystore.jks" />
 			</sec:trustManagers>
 		</http:tlsClientParameters>
 	</http:conduit>
 
-    <!--  STS WSDL download -->
+        <!--  STS WSDL download -->
 	<http:conduit name="https://localhost:9443/.*">
 		<http:tlsClientParameters disableCNCheck="true">
 			<sec:trustManagers>
-				<sec:keyStore type="jks" password="tompass" resource="tomcatKeystore.jks" />
+				<sec:keyStore type="jks" password="waspass" resource="webappKeystore.jks" />
 			</sec:trustManagers>
 		</http:tlsClientParameters>
 	</http:conduit>
@@ -78,9 +78,9 @@
 		name="{http://apache.org/hello_world_soap_http}GreeterSoapPort.http-conduit">
 		<http:tlsClientParameters disableCNCheck="true">
 			<sec:trustManagers>
-				<sec:keyStore type="jks" password="tompass" resource="tomcatKeystore.jks" />
+				<sec:keyStore type="jks" password="waspass" resource="webappKeystore.jks" />
 			</sec:trustManagers>
 		</http:tlsClientParameters>
 	</http:conduit>
 
-</beans>
\ No newline at end of file
+</beans>

Modified: cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml (original)
+++ cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml Mon Jul  9 16:08:33
2012
@@ -49,7 +49,7 @@
 				<version>1.1</version>
 				<configuration>
 					<server>myTomcat</server>
-					<url>http://localhost:10080/manager</url>
+					<url>http://localhost:10080/manager/text</url>
 					<path>/${project.build.finalName}</path>
 				</configuration>
 			</plugin>

Added: cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties?rev=1359244&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
(added)
+++ cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
Mon Jul  9 16:08:33 2012
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=wsspass
+org.apache.ws.security.crypto.merlin.keystore.file=webserviceKeystore.jks
+

Modified: cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
(original)
+++ cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
Mon Jul  9 16:08:33 2012
@@ -22,7 +22,7 @@
 		xmlns:svc="http://apache.org/hello_world_soap_http" address="/GreeterService">
 
 		<jaxws:properties>
-			<entry key="ws-security.signature.properties" value="stsKeystore.properties" />
+			<entry key="ws-security.signature.properties" value="webserviceKeystore.properties"
/>
 		</jaxws:properties>
 
 		<jaxws:features>

Added: cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml Mon Jul  9
16:08:33 2012
@@ -30,7 +30,7 @@
     <http:conduit name="https://localhost:9443/.*">
       <http:tlsClientParameters disableCNCheck="true">
         <sec:trustManagers>
-          <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+          <sec:keyStore type="jks" password="ispass" resource="idpstore.jks"/>
         </sec:trustManagers>
       </http:tlsClientParameters>
    </http:conduit>

Modified: cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
Binary files - no diff available.



Mime
View raw message