cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gma...@apache.org
Subject svn commit: r1368316 - in /cxf/trunk/distribution/src/main/release/samples/wsdl_first_https: ./ bin/ certs/ src/main/config/ src/main/java/demo/hw_https/client/ src/main/java/demo/hw_https/resources/ src/main/java/demo/hw_https/server/ src/main/resources/
Date Wed, 01 Aug 2012 23:59:11 GMT
Author: gmazza
Date: Wed Aug  1 23:59:10 2012
New Revision: 1368316

URL: http://svn.apache.org/viewvc?rev=1368316&view=rev
Log:
Revamp of WSDL-first-https sample; DisableCNCheck no longer done, new keys used

Added:
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks
  (with props)
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks
  (with props)
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
Removed:
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/bin/
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/certs/
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/InsecureClient.xml
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/SecureClient.xml
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/resources/
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/CherryServer.xml
Modified:
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
    cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java

Modified: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml (original)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml Wed Aug  1 23:59:10
2012
@@ -63,28 +63,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <artifactId>maven-antrun-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>copyxmlfiles</id>
-                        <phase>generate-sources</phase>
-                        <goals>
-                            <goal>run</goal>
-                        </goals>
-                        <configuration>
-                            <tasks>
-                                <copy file="${basedir}/src/main/java/demo/hw_https/server/CherryServer.xml"
todir="${basedir}/target/classes/demo/hw_https/server" />
-                                <copy file="${basedir}/src/main/java/demo/hw_https/client/SecureClient.xml"
todir="${basedir}/target/classes/demo/hw_https/client" />
-                                <copy file="${basedir}/src/main/java/demo/hw_https/client/InsecureClient.xml"
todir="${basedir}/target/classes/demo/hw_https/client" />
-                                <copy todir="${basedir}/target/classes/certs">
-                                    <fileset dir="${basedir}/certs" />
-                                </copy>
-                            </tasks>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
         </plugins>
     </build>
     <profiles>
@@ -119,7 +97,7 @@
         <profile>
             <id>insecure.client</id>
             <build>
-                <defaultGoal>test</defaultGoal>
+                <defaultGoal>integration-test</defaultGoal>
                 <plugins>
                     <plugin>
                         <groupId>org.codehaus.mojo</groupId>

Added: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt?rev=1368316&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
(added)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
Wed Aug  1 23:59:10 2012
@@ -0,0 +1,20 @@
+# The below scripts show the commands used to generate the self-signed keys for this sample.
+# If you use the below script to create your own keys be sure to change the passwords used
here
+# DO NOT USE THE SUPPLIED KEYS IN PRODUCTION--everyone has them!!
+# For production recommended to use keys signed by a third-party certificate authority (CA)
+
+# Create the combination keystore/truststore for the client and service.
+# Note you can create separate keystores/truststores for both if desired
+keytool -genkeypair -validity 730 -alias myservicekey -keystore serviceKeystore.jks -dname
"cn=localhost" -keypass skpass -storepass sspass
+keytool -genkeypair -validity 730 -alias myclientkey -keystore clientKeystore.jks -keypass
ckpass -storepass cspass
+
+# Place server public cert in client key/truststore
+keytool -export -rfc -keystore serviceKeystore.jks -alias myservicekey -file MyService.cer
-storepass sspass
+keytool -import -noprompt -trustcacerts -file MyService.cer -alias myservicekey -keystore
clientKeystore.jks -storepass cspass
+
+# Place client public cert in service key/truststore
+# Note this needs to be done only if you're requiring client authentication
+# as configured in resources/ServerConfig.xml
+keytool -export -rfc -keystore clientKeystore.jks -alias myclientkey -file MyClient.cer -storepass
cspass
+keytool -import -noprompt -trustcacerts -file MyClient.cer -alias myclientkey -keystore serviceKeystore.jks
-storepass sspass
+

Added: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks?rev=1368316&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks?rev=1368316&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
Wed Aug  1 23:59:10 2012
@@ -58,9 +58,9 @@ public final class Client {
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = null;
         if ("secure".equals(args[1])) {
-            busFile = Client.class.getResource("SecureClient.xml");
+            busFile = Client.class.getResource("/SecureClient.xml");
         } else if ("insecure".equals(args[1])) {
-            busFile = Client.class.getResource("InsecureClient.xml");
+            busFile = Client.class.getResource("/InsecureClient.xml");
         } else {
             System.out.println("arg1 needs to be either secure or insecure");
             System.exit(1);

Modified: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
Wed Aug  1 23:59:10 2012
@@ -80,10 +80,6 @@ public final class ClientNonSpring {
             System.exit(1);
         }
         
-        
-
-
-
         System.out.println("Invoking greetMe...");
         try {
             String resp = port.greetMe(System.getProperty("user.name"));
@@ -100,35 +96,23 @@ public final class ClientNonSpring {
     
     private static void setupTLS(Greeter port) 
         throws FileNotFoundException, IOException, GeneralSecurityException {
-        String contextPath = "";
-        try {
-            contextPath = new ClientNonSpring().getClass().getResource("/certs").toURI().getPath();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
+        String keyStoreLoc = "src/main/config/clientKeystore.jks";
         HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
  
         TLSClientParameters tlsCP = new TLSClientParameters();
-        String keyPassword = "password";
+        String keyPassword = "ckpass";
         KeyStore keyStore = KeyStore.getInstance("JKS");
-        String keyStoreLoc = contextPath + "/wibble.jks";
-        keyStore.load(new FileInputStream(keyStoreLoc), keyPassword.toCharArray());
+        keyStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
         KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
         tlsCP.setKeyManagers(myKeyManagers);
  
         
         KeyStore trustStore = KeyStore.getInstance("JKS");
-        String trustStoreLoc = contextPath + "/truststore.jks";
-        trustStore.load(new FileInputStream(trustStoreLoc), keyPassword.toCharArray());
+        trustStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
         TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
         tlsCP.setTrustManagers(myTrustStoreKeyManagers);
         
-        //The following is not recommended and would not be done in a prodcution environment,
-        //this is just for illustrative purpose
-        tlsCP.setDisableCNCheck(true);
- 
         httpConduit.setTlsClientParameters(tlsCP);
-
     }
 
     private static TrustManager[] getTrustManagers(KeyStore trustStore) 

Modified: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java
Wed Aug  1 23:59:10 2012
@@ -33,7 +33,7 @@ public class Server {
         System.out.println("Starting Server");
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = Server.class.getResource("CherryServer.xml");
+        URL busFile = Server.class.getResource("/ServerConfig.xml");
         Bus bus = bf.createBus(busFile.toString());
         BusFactory.setDefaultBus(bus);
 

Added: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml?rev=1368316&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
(added)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
Wed Aug  1 23:59:10 2012
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:conduit name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
+  </http:conduit>
+
+</beans>

Added: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml?rev=1368316&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
(added)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
Wed Aug  1 23:59:10 2012
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Wibble Client
+  -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xsi:schemaLocation="
+           http://cxf.apache.org/configuration/security
+           http://cxf.apache.org/schemas/configuration/security.xsd
+           http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schemas/configuration/http-conf.xsd
+           http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:conduit name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
+    <http:tlsClientParameters disableCNCheck="true">
+      <sec:keyManagers keyPassword="ckpass">
+          <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass" type="JKS"/>
+      </sec:keyManagers>
+      <sec:trustManagers>
+          <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass" type="JKS"/>
+      </sec:trustManagers>
+      <sec:cipherSuitesFilter>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_AES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:cipherSuitesFilter>
+    </http:tlsClientParameters>
+   </http:conduit>
+</beans> 
+

Added: cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml?rev=1368316&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
(added)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
Wed Aug  1 23:59:10 2012
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Server which runs the web service.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+  xsi:schemaLocation="
+            http://cxf.apache.org/configuration/security  		      
+            http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://cxf.apache.org/transports/http-jetty/configuration
+            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination name="{http://apache.org/hello_world_soap_http}GreeterPort.http-destination">

+  </http:destination>
+
+  <httpj:engine-factory>
+   <httpj:engine port="9001">
+    <httpj:tlsServerParameters>
+      <sec:keyManagers keyPassword="skpass">
+           <sec:keyStore file="src/main/config/serviceKeystore.jks" password="sspass"
type="JKS"/>
+      </sec:keyManagers>
+      <sec:trustManagers>
+           <sec:keyStore file="src/main/config/serviceKeystore.jks" password="sspass"
type="JKS"/>
+      </sec:trustManagers>
+      <sec:cipherSuitesFilter>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_AES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:cipherSuitesFilter>
+      <sec:clientAuthentication want="true" required="true"/>
+    </httpj:tlsServerParameters>
+   </httpj:engine>
+  </httpj:engine-factory>
+</beans>



Mime
View raw message