cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gma...@apache.org
Subject svn commit: r1368552 - in /cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https: ./ certs/ src/main/config/ src/main/java/httpsdemo/client/ src/main/java/org/apache/commons/httpclient/contrib/ssl/ src/main/resources/
Date Thu, 02 Aug 2012 15:40:00 GMT
Author: gmazza
Date: Thu Aug  2 15:39:59 2012
New Revision: 1368552

URL: http://svn.apache.org/viewvc?rev=1368552&view=rev
Log:
Removed DisableCNCheck from configuration in basic_https sample.

Added:
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/KeyREADME.txt
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/clientKeystore.jks
  (with props)
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/serviceKeystore.jks
  (with props)
Removed:
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/certs/
Modified:
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/httpsdemo/client/Client.java
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ClientConfig.xml
    cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml

Modified: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt?rev=1368552&r1=1368551&r2=1368552&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt (original)
+++ cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/README.txt Thu Aug
 2 15:39:59 2012
@@ -56,10 +56,6 @@ To remove the target dir, run "mvn clean
 
 Certificates
 ------------
+See the src/main/config folder for the sample keys used (don't use
+these keys in production!) as well as scripts used for their creation.
 
-If the certificates are expired or unusable for some reason, a shell 
-script in the certs folder will generate a new set of certificates 
-needed for this sample. Just do the following:
-
-  cd certs
-  sh gencerts.sh

Added: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/KeyREADME.txt
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/KeyREADME.txt?rev=1368552&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/KeyREADME.txt
(added)
+++ cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/KeyREADME.txt
Thu Aug  2 15:39:59 2012
@@ -0,0 +1,20 @@
+# The below scripts show the commands used to generate the self-signed keys for this sample.
+# If you use the below script to create your own keys be sure to change the passwords used
here
+# DO NOT USE THE SUPPLIED KEYS IN PRODUCTION--everyone has them!!
+# For production recommended to use keys signed by a third-party certificate authority (CA)
+
+# Create the combination keystore/truststore for the client and service.
+# Note you can create separate keystores/truststores for both if desired
+keytool -genkeypair -validity 730 -alias myservicekey -keystore serviceKeystore.jks -dname
"cn=localhost" -keypass skpass -storepass sspass
+keytool -genkeypair -validity 730 -alias myclientkey -keystore clientKeystore.jks -keypass
ckpass -storepass cspass
+
+# Place server public cert in client key/truststore
+keytool -export -rfc -keystore serviceKeystore.jks -alias myservicekey -file MyService.cer
-storepass sspass
+keytool -import -noprompt -trustcacerts -file MyService.cer -alias myservicekey -keystore
clientKeystore.jks -storepass cspass
+
+# Place client public cert in service key/truststore
+# Note this needs to be done only if you're requiring client authentication
+# as configured in resources/ServerConfig.xml
+keytool -export -rfc -keystore clientKeystore.jks -alias myclientkey -file MyClient.cer -storepass
cspass
+keytool -import -noprompt -trustcacerts -file MyClient.cer -alias myclientkey -keystore serviceKeystore.jks
-storepass sspass
+

Added: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/clientKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/clientKeystore.jks?rev=1368552&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/clientKeystore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/serviceKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/serviceKeystore.jks?rev=1368552&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/serviceKeystore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/httpsdemo/client/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/httpsdemo/client/Client.java?rev=1368552&r1=1368551&r2=1368552&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/httpsdemo/client/Client.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/httpsdemo/client/Client.java
Thu Aug  2 15:39:59 2012
@@ -41,14 +41,14 @@ public final class Client {
 
     public static void main(String args[]) throws Exception {
        
-        File clientKeystore = new File("certs/clientKeystore.jks");
-        File truststore = new File("certs/commonTruststore.jks");
+        File clientKeystore = new File("src/main/config/clientKeystore.jks");
+        File truststore = new File("src/main/config/clientKeystore.jks");
 
         // Send HTTP GET request to query customer info - using portable HttpClient method
         Protocol authhttps = new Protocol("https",
-                new AuthSSLProtocolSocketFactory(clientKeystore.toURI().toURL(), "password",
-                truststore.toURI().toURL(), "password"),
-                9000);
+            new AuthSSLProtocolSocketFactory(clientKeystore.toURI().toURL(), "cspass",
+            "ckpass", truststore.toURI().toURL(), "cspass"),
+            9000);
         Protocol.registerProtocol("https", authhttps);
 
         System.out.println("Sending HTTPS GET request to query customer info");

Modified: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?rev=1368552&r1=1368551&r2=1368552&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/java/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java
Thu Aug  2 15:39:59 2012
@@ -170,6 +170,7 @@ public class AuthSSLProtocolSocketFactor
 
     private URL keystoreUrl = null;
     private String keystorePassword = null;
+    private String keyPassword = null;
     private URL truststoreUrl = null;
     private String truststorePassword = null;
     private SSLContext sslcontext = null;
@@ -180,17 +181,19 @@ public class AuthSSLProtocolSocketFactor
      *
      * @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if HTTPS
client
      *        authentication is not to be used.
-     * @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation
-     *        assumes that the same password is used to protect the key and the keystore
itself.
+     * @param keystorePassword Password to unlock the keystore.
+     * @param keyPassword Password to unlock any private key in the keystore.
      * @param truststoreUrl URL of the truststore file. May be <tt>null</tt>
if HTTPS server
      *        authentication is not to be used.
      * @param truststorePassword Password to unlock the truststore.
      */
     public AuthSSLProtocolSocketFactory(final URL keystoreUrl, final String keystorePassword,
+                                        final String keyPassword,
                                         final URL truststoreUrl, final String truststorePassword)
{
         super();
         this.keystoreUrl = keystoreUrl;
         this.keystorePassword = keystorePassword;
+        this.keyPassword = keyPassword;
         this.truststoreUrl = truststoreUrl;
         this.truststorePassword = truststorePassword;
     }
@@ -213,14 +216,14 @@ public class AuthSSLProtocolSocketFactor
         return keystore;
     }
 
-    private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
+    private static KeyManager[] createKeyManagers(final KeyStore keystore, final String keyPassword)
         throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
         if (keystore == null) {
             throw new IllegalArgumentException("Keystore may not be null");
         }
         LOG.debug("Initializing key manager");
         KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-        kmfactory.init(keystore, password != null ? password.toCharArray() : null);
+        kmfactory.init(keystore, keyPassword != null ? keyPassword.toCharArray() : null);
         return kmfactory.getKeyManagers();
     }
 
@@ -269,7 +272,7 @@ public class AuthSSLProtocolSocketFactor
                         }
                     }
                 }
-                keymanagers = createKeyManagers(keystore, this.keystorePassword);
+                keymanagers = createKeyManagers(keystore, this.keyPassword);
             }
             if (this.truststoreUrl != null) {
                 KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword);

Modified: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ClientConfig.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ClientConfig.xml?rev=1368552&r1=1368551&r2=1368552&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ClientConfig.xml
(original)
+++ cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ClientConfig.xml
Thu Aug  2 15:39:59 2012
@@ -35,16 +35,15 @@ under the License.
     <!-- -->
     <http:conduit name="https://localhost:.*/customerservice/.*">
         <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
-        <http:tlsClientParameters disableCNCheck="true">
-            <sec:keyManagers keyPassword="password">
-              <sec:keyStore type="JKS" password="password" 
-                   file="certs/clientKeystore.jks"/>
-              </sec:keyManagers>
-           <sec:trustManagers>
-              <sec:keyStore type="JKS" password="password"
-                  file="certs/commonTruststore.jks"/>
-           </sec:trustManagers>
+        <http:tlsClientParameters>
+            <sec:keyManagers keyPassword="ckpass">
+                <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass"
type="JKS"/>
+            </sec:keyManagers>
+            <sec:trustManagers>
+                <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass"
type="JKS"/>
+            </sec:trustManagers>
         </http:tlsClientParameters>
     </http:conduit>
 
 </beans>
+

Modified: cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml?rev=1368552&r1=1368551&r2=1368552&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml
(original)
+++ cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml
Thu Aug  2 15:39:59 2012
@@ -19,33 +19,31 @@
 -->
 
 <!-- 
-  ** This file configures the Cherry Server.
- -->
-
+  ** This file configures the Server which exposes the REST endpoint.
+-->
 <beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:sec="http://cxf.apache.org/configuration/security"
   xmlns:http="http://cxf.apache.org/transports/http/configuration"
   xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
   xsi:schemaLocation="
-       http://cxf.apache.org/configuration/security  		      http://cxf.apache.org/schemas/configuration/security.xsd
-            http://cxf.apache.org/transports/http/configuration
-            http://cxf.apache.org/schemas/configuration/http-conf.xsd
-            http://cxf.apache.org/transports/http-jetty/configuration
-            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
-            http://www.springframework.org/schema/beans
-            http://www.springframework.org/schema/beans/spring-beans.xsd">
+       http://cxf.apache.org/configuration/security  		      
+       http://cxf.apache.org/schemas/configuration/security.xsd
+       http://cxf.apache.org/transports/http/configuration
+       http://cxf.apache.org/schemas/configuration/http-conf.xsd
+       http://cxf.apache.org/transports/http-jetty/configuration
+       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+       http://www.springframework.org/schema/beans
+       http://www.springframework.org/schema/beans/spring-beans.xsd">
 
   <httpj:engine-factory bus="cxf">
    <httpj:engine port="9000">
     <httpj:tlsServerParameters>
-      <sec:keyManagers keyPassword="password">
-           <sec:keyStore type="JKS" password="password" 
-                file="certs/serverKeystore.jks"/>
+      <sec:keyManagers keyPassword="skpass">
+           <sec:keyStore file="src/main/config/serviceKeystore.jks" password="sspass"
type="JKS"/>
       </sec:keyManagers>
       <sec:trustManagers>
-          <sec:keyStore type="JKS" password="password"
-               file="certs/commonTruststore.jks"/>
+           <sec:keyStore file="src/main/config/serviceKeystore.jks" password="sspass"
type="JKS"/>
       </sec:trustManagers>
       <sec:cipherSuitesFilter>
         <!-- these filters ensure that a ciphersuite with



Mime
View raw message