cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject svn commit: r1493072 [1/3] - in /cxf/trunk/services/xkms: xkms-client/src/main/resources/OSGI-INF/blueprint/ xkms-common/src/main/java/org/apache/cxf/xkms/handlers/ xkms-features/ xkms-features/src/main/resources/ xkms-itests/ xkms-itests/src/test/java...
Date Fri, 14 Jun 2013 13:50:32 GMT
Author: ashakirin
Date: Fri Jun 14 13:50:30 2013
New Revision: 1493072

URL: http://svn.apache.org/r1493072
Log:
[CXF-5075], [CXF-5076]: added trust chain validation

Added:
    cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.client.cfg
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorTest.java
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/alice.cer
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/dave.cer
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/expired.cer
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/oscar.cer   (with props)
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/root.cer
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/etc/
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509RegisterHandler.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepoFactory.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSearch.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/ValidateRequestParser.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/handlers/X509LocatorTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPSearchTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/BasicValidationTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/DateValidatorTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/alice.cer
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/dave.cer
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/oscar.cer
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/root.cer
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestInvalidOscar.xml
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestOKAlice.xml
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestOKDave.xml
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestOKRoot.xml
Removed:
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/XkmsServiceTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/AbstractX509RegisterHandler.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/FileRegisterHandler.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapRegisterHandler.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSchemaConfig.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/LdapSearch.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/locator/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/parser/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/file/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ldap/
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/handlers/BasicValidationTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/handlers/ValidateDateHandlerTest.java
Modified:
    cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml
    cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java
    cxf/trunk/services/xkms/xkms-features/pom.xml
    cxf/trunk/services/xkms/xkms-features/src/main/resources/features.xml
    cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
    cxf/trunk/services/xkms/xkms-itests/pom.xml
    cxf/trunk/services/xkms/xkms-osgi/pom.xml
    cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/cxf-endpoint.xml
    cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml
    cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml
    cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml
    cxf/trunk/services/xkms/xkms-x509-handlers/pom.xml
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/DateValidator.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/utils/X509UtilsTest.java

Modified: cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml (original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml Fri Jun 14 13:50:30 2013
@@ -22,16 +22,16 @@
     xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
     xmlns:ext="http://www.osgi.org/xmlns/blueprint-ext/v1.1.0"
     xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
-  						http://www.osgi.org/xmlns/blueprint-ext/v1.1.0 https://svn.apache.org/repos/asf/aries/tags/blueprint-0.3.1/blueprint-core/src/main/resources/org/apache/aries/blueprint/ext/blueprint-ext.xsd  
-  						http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.0.0.xsd
-  						http://cxf.apache.org/blueprint/jaxws http://cxf.apache.org/schemas/blueprint/jaxws.xsd
-  						http://cxf.apache.org/blueprint/core http://cxf.apache.org/schemas/blueprint/core.xsd
+              http://www.osgi.org/xmlns/blueprint-ext/v1.1.0 https://svn.apache.org/repos/asf/aries/tags/blueprint-0.3.1/blueprint-core/src/main/resources/org/apache/aries/blueprint/ext/blueprint-ext.xsd  
+              http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.0.0.xsd
+              http://cxf.apache.org/blueprint/jaxws http://cxf.apache.org/schemas/blueprint/jaxws.xsd
+              http://cxf.apache.org/blueprint/core http://cxf.apache.org/schemas/blueprint/core.xsd
 ">
 
-    <cm:property-placeholder persistent-id="tesbext.runtime">
+    <cm:property-placeholder persistent-id="org.apache.cxf.xkms.client">
         <cm:default-properties>
             <cm:property name="xkms.endpoint"
-                value="http://localhost:8040/services/XKMS/" />
+                value="http://localhost:8040/cxf/XKMS/" />
         </cm:default-properties>
     </cm:property-placeholder>
 

Modified: cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java (original)
+++ cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java Fri Jun 14 13:50:30 2013
@@ -53,5 +53,14 @@ public enum Applications {
     public String getUri() {
         return this.uri;
     }
-
+    
+    public static Applications fromUri(String uri) {
+        for (Applications app :  Applications.values()) {
+            if (app.getUri().equals(uri)) {
+                return app;
+            }
+        }
+        return null;
+    }
+    
 }

Modified: cxf/trunk/services/xkms/xkms-features/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-features/pom.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-features/pom.xml (original)
+++ cxf/trunk/services/xkms/xkms-features/pom.xml Fri Jun 14 13:50:30 2013
@@ -80,6 +80,11 @@
                                     <classifier>org.apache.cxf.xkms</classifier>
                                     <type>cfg</type>
                                 </artifact>
+                                <artifact>
+                                    <file>target/classes/org.apache.cxf.xkms.client.cfg</file>
+                                    <classifier>org.apache.cxf.xkms.client</classifier>
+                                    <type>cfg</type>
+                                </artifact>
                             </artifacts>
                         </configuration>
                     </execution>

Modified: cxf/trunk/services/xkms/xkms-features/src/main/resources/features.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-features/src/main/resources/features.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-features/src/main/resources/features.xml (original)
+++ cxf/trunk/services/xkms/xkms-features/src/main/resources/features.xml Fri Jun 14 13:50:30 2013
@@ -24,6 +24,9 @@
         <feature>spring-dm</feature>
         <bundle>mvn:${project.groupId}/cxf-services-xkms-common/${project.version}</bundle>
         <bundle>mvn:${project.groupId}/cxf-services-xkms-client/${project.version}</bundle>
+        <configfile finalname="/etc/org.apache.cxf.xkms.client.cfg">
+            mvn:${project.groupId}/cxf-services-xkms-features/${project.version}/cfg/org.apache.cxf.xkms.client
+        </configfile>
     </feature>
 
     <feature name="cxf-xkms-service" version="${project.version}">

Modified: cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg (original)
+++ cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg Fri Jun 14 13:50:30 2013
@@ -19,17 +19,20 @@
 
 # XKMS configuration properties
 
-# 1. Filesystem backend
-#xkms.file.storageDir=data/xkms/keys
+# Certificate repository ldap or file
+xkms.certificate.repo=ldap
 
-# 2. LDAP backend
+# Filesystem backend
+xkms.file.storageDir=data/xkms/certificates
+
+# LDAP backend
 xkms.ldap.url=ldap://localhost:2389
-xkms.ldap.user=cn=Directory Manager
+xkms.ldap.user=cn=Directory Manager,dc=example,dc=com
 xkms.ldap.pwd=test
 xkms.ldap.retry=2
 xkms.ldap.rootDN=dc=example,dc=com
 
-# 3. LDAP schema
+# LDAP schema
 xkms.ldap.schema.certObjectClass=inetOrgPerson
 xkms.ldap.schema.attrUID=uid
 xkms.ldap.schema.attrIssuerID=manager
@@ -39,3 +42,5 @@ xkms.ldap.schema.constAttrNamesCSV=sn
 xkms.ldap.schema.constAttrValuesCSV=X509 certificate
 xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
 xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
+xkms.ldap.schema.trustedAuthorities=(&(objectClass=inetOrgPerson)(ou:dn:=CAs))
+xkms.ldap.schema.intermediates=(objectClass=inetOrgPerson)

Added: cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.client.cfg
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.client.cfg?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.client.cfg (added)
+++ cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.client.cfg Fri Jun 14 13:50:30 2013
@@ -0,0 +1,20 @@
+#################################################################################
+#
+#    Licensed to the Apache Software Foundation (ASF) under one or more
+#    contributor license agreements.  See the NOTICE file distributed with
+#    this work for additional information regarding copyright ownership.
+#    The ASF licenses this file to You under the Apache License, Version 2.0
+#    (the "License"); you may not use this file except in compliance with
+#    the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+################################################################################
+
+xkms.endpoint=http://localhost:8040/services/XKMS/
\ No newline at end of file

Modified: cxf/trunk/services/xkms/xkms-itests/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/pom.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/pom.xml (original)
+++ cxf/trunk/services/xkms/xkms-itests/pom.xml Fri Jun 14 13:50:30 2013
@@ -1,21 +1,13 @@
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+    license agreements. See the NOTICE file distributed with this work for additional 
+    information regarding copyright ownership. The ASF licenses this file to 
+    you under the Apache License, Version 2.0 (the "License"); you may not use 
+    this file except in compliance with the License. You may obtain a copy of 
+    the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+    by applicable law or agreed to in writing, software distributed under the 
+    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+    OF ANY KIND, either express or implied. See the License for the specific 
+    language governing permissions and limitations under the License. -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 
@@ -33,7 +25,8 @@
     </parent>
 
     <properties>
-        <exam.version>2.6.0</exam.version>
+        <pax-exam.version>3.1.0-SNAPSHOT</pax-exam.version>
+        <karaf.version>2.3.1</karaf.version>
     </properties>
 
     <dependencies>
@@ -42,163 +35,93 @@
             <artifactId>cxf-services-xkms-common</artifactId>
             <version>${project.version}</version>
         </dependency>
+
         <dependency>
             <groupId>org.apache.cxf.services.xkms</groupId>
             <artifactId>cxf-services-xkms-x509-handlers</artifactId>
             <version>${project.version}</version>
         </dependency>
+
         <dependency>
             <groupId>org.apache.cxf.services.xkms</groupId>
             <artifactId>cxf-services-xkms-service</artifactId>
             <version>${project.version}</version>
         </dependency>
+
         <dependency>
             <groupId>org.apache.cxf.services.xkms</groupId>
-            <artifactId>cxf-services-xkms-ldap-persistence</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.services.xkms</groupId>
-            <artifactId>cxf-services-xkms-file-persistence</artifactId>
+            <artifactId>cxf-services-xkms-features</artifactId>
             <version>${project.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.karaf</groupId>
-            <artifactId>apache-karaf</artifactId>
-            <version>2.2.9</version>
-            <scope>test</scope>
-            <type>tar.gz</type>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.apache.karaf</groupId>
-                    <artifactId>org.apache.karaf.client</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.karaf.tooling.exam</groupId>
-            <artifactId>org.apache.karaf.tooling.exam.container</artifactId>
-            <version>2.3.0</version>
-            <scope>test</scope>
+            <type>xml</type>
         </dependency>
 
         <dependency>
             <groupId>org.ops4j.pax.exam</groupId>
             <artifactId>pax-exam-junit4</artifactId>
-            <version>${exam.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.ops4j.pax.exam</groupId>
-            <artifactId>pax-exam-inject</artifactId>
-            <version>${exam.version}</version>
+            <version>${pax-exam.version}</version>
+            <scope>test</scope>
         </dependency>
+
         <dependency>
             <groupId>org.ops4j.pax.exam</groupId>
-            <artifactId>pax-exam-link-mvn</artifactId>
-            <version>${exam.version}</version>
+            <artifactId>pax-exam-container-karaf</artifactId>
+            <version>${pax-exam.version}</version>
             <scope>test</scope>
         </dependency>
 
         <dependency>
             <groupId>org.ops4j.pax.url</groupId>
             <artifactId>pax-url-aether</artifactId>
-            <version>1.5.0</version>
+            <version>1.5.2</version>
             <scope>test</scope>
         </dependency>
 
         <dependency>
-            <groupId>org.apache.felix</groupId>
-            <artifactId>org.apache.felix.framework</artifactId>
-            <version>3.2.2</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.ops4j.pax.swissbox</groupId>
-            <artifactId>pax-swissbox-tinybundles</artifactId>
-            <version>1.3.1</version>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
+            <groupId>org.apache.karaf.features</groupId>
+            <artifactId>org.apache.karaf.features.core</artifactId>
+            <version>${karaf.version}</version>
             <scope>test</scope>
         </dependency>
+
         <dependency>
             <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
-            <version>1.6.1</version>
+            <artifactId>slf4j-api</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>org.apache.cxf.services.xkms</groupId>
-            <artifactId>cxf-services-xkms-features</artifactId>
-            <version>${project.version}</version>
-            <type>xml</type>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
         </dependency>
     </dependencies>
 
     <build>
         <plugins>
             <plugin>
-                <groupId>org.ops4j.pax.exam</groupId>
-                <artifactId>maven-paxexam-plugin</artifactId>
-                <version>1.2.4</version>
-                <executions>
-                    <execution>
-                        <id>generate-config</id>
-                        <goals>
-                            <goal>generate-config</goal>
-                            <goal>generate-depends-file</goal>
-                        </goals>
-                    </execution>
-                </executions>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
-                    <options>
-                        <platform>equinox</platform>
-                        <profiles>log</profiles>
-                    </options>
+                    <systemPropertyVariables>
+                        <project.version>${project.version}</project.version>
+                        <karaf.version>${karaf.version}</karaf.version>
+                        <buildDirectory>${project.build.directory}</buildDirectory>
+                    </systemPropertyVariables>
                 </configuration>
             </plugin>
         </plugins>
-        <pluginManagement>
-            <plugins>
-                <!--This plugin's configuration is used to store Eclipse 
-                    m2e settings only. It has no influence on the Maven build itself. -->
-                <plugin>
-                    <groupId>org.eclipse.m2e</groupId>
-                    <artifactId>lifecycle-mapping</artifactId>
-                    <version>1.0.0</version>
-                    <configuration>
-                        <lifecycleMappingMetadata>
-                            <pluginExecutions>
-                                <pluginExecution>
-                                    <pluginExecutionFilter>
-                                        <groupId>
-                                            org.ops4j.pax.exam
-                                        </groupId>
-                                        <artifactId>
-                                            maven-paxexam-plugin
-                                        </artifactId>
-                                        <versionRange>
-                                            [1.2.4,)
-                                        </versionRange>
-                                        <goals>
-                                            <goal>
-                                                generate-depends-file
-                                            </goal>
-                                            <goal>generate-config</goal>
-                                        </goals>
-                                    </pluginExecutionFilter>
-                                    <action>
-                                        <ignore></ignore>
-                                    </action>
-                                </pluginExecution>
-                            </pluginExecutions>
-                        </lifecycleMappingMetadata>
-                    </configuration>
-                </plugin>
-            </plugins>
-        </pluginManagement>
     </build>
+
+    <repositories>
+        <repository>
+            <id>ops4j.snapshot</id>
+            <name>The OPS4J SNAPSHOT Repository</name>
+            <url>https://oss.sonatype.org/content/repositories/ops4j-snapshots/</url>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+        </repository>
+    </repositories>
+
 </project>

Added: cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java Fri Jun 14 13:50:30 2013
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.itests;
+
+import java.io.File;
+
+import javax.inject.Inject;
+
+import org.apache.karaf.tooling.exam.options.LogLevelOption.LogLevel;
+import org.ops4j.pax.exam.Configuration;
+import org.ops4j.pax.exam.Option;
+import org.ops4j.pax.exam.options.MavenArtifactUrlReference;
+import org.ops4j.pax.exam.options.MavenUrlReference;
+import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
+import org.ops4j.pax.exam.spi.reactors.PerClass;
+import org.w3._2002._03.xkms_wsdl.XKMSPortType;
+
+import static org.apache.karaf.tooling.exam.options.KarafDistributionOption.editConfigurationFilePut;
+import static org.apache.karaf.tooling.exam.options.KarafDistributionOption.features;
+import static org.apache.karaf.tooling.exam.options.KarafDistributionOption.karafDistributionConfiguration;
+import static org.apache.karaf.tooling.exam.options.KarafDistributionOption.keepRuntimeFolder;
+import static org.apache.karaf.tooling.exam.options.KarafDistributionOption.logLevel;
+import static org.apache.karaf.tooling.exam.options.KarafDistributionOption.replaceConfigurationFile;
+import static org.ops4j.pax.exam.CoreOptions.maven;
+import static org.ops4j.pax.exam.CoreOptions.systemTimeout;
+
+@ExamReactorStrategy(PerClass.class)
+public class BasicIntegrationTest {
+
+    private static final String HTTP_PORT = "9191";
+    private static final String XKMS_ENDPOINT = "http://localhost:" + HTTP_PORT + "/cxf/XKMS";
+
+    @Inject
+    protected XKMSPortType xkmsService;
+
+    @Configuration
+    public Option[] getConfig() {
+
+        String projectVersion = System.getProperty("project.version");
+        String karafVersion = System.getProperty("karaf.version");
+        MavenArtifactUrlReference karafUrl = maven().groupId("org.apache.karaf").artifactId("apache-karaf")
+            .version(karafVersion).type("zip");
+        MavenUrlReference cxfFeatures = maven().groupId("org.apache.cxf.karaf").artifactId("apache-cxf")
+            .version(projectVersion).type("xml").classifier("features");
+        MavenUrlReference xkmsFeatures = maven().groupId("org.apache.cxf.services.xkms")
+            .artifactId("cxf-services-xkms-features").version(projectVersion).type("xml");
+
+        return new Option[] {
+            karafDistributionConfiguration().frameworkUrl(karafUrl).karafVersion(karafVersion)
+                .unpackDirectory(new File("target/paxexam/unpack/")).useDeployFolder(false),
+            /*
+             * Timeout is set to 15 minutes because installation of cxf and xkms takes ages. The reason should
+             * be investigated in the near future. One problem is the usage of pax exam snapshot build which
+             * makes maven scan the snapshot repositories for each dependency but that should not be the main
+             * reason.
+             */
+            systemTimeout(900000),
+            logLevel(LogLevel.ERROR),
+            keepRuntimeFolder(),
+
+            replaceConfigurationFile("data/xkms/certificates/trusted_cas/root.cer",
+                                     new File(
+                                              "src/test/resources/data/xkms/certificates/trusted_cas/root.cer")),
+            replaceConfigurationFile("data/xkms/certificates/cas/alice.cer",
+                                     new File("src/test/resources/data/xkms/certificates/cas/alice.cer")),
+            replaceConfigurationFile("etc/org.apache.cxf.xkms.cfg",
+                                     new File("src/test/resources/etc/org.apache.cxf.xkms.cfg")),
+
+            features(cxfFeatures, "cxf"), features(xkmsFeatures, "cxf-xkms-service", "cxf-xkms-client"),
+
+            editConfigurationFilePut("etc/org.ops4j.pax.web.cfg", "org.osgi.service.http.port", HTTP_PORT),
+            editConfigurationFilePut("etc/org.apache.cxf.xkms.client.cfg", "xkms.endpoint", XKMS_ENDPOINT)
+        };
+    }
+
+}

Added: cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorTest.java?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorTest.java (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorTest.java Fri Jun 14 13:50:30 2013
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.itests.handlers.validator;
+
+import java.io.InputStream;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.UUID;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+
+import org.apache.cxf.xkms.handlers.XKMSConstants;
+import org.apache.cxf.xkms.itests.BasicIntegrationTest;
+import org.apache.cxf.xkms.model.xkms.KeyBindingEnum;
+import org.apache.cxf.xkms.model.xkms.MessageAbstractType;
+import org.apache.cxf.xkms.model.xkms.QueryKeyBindingType;
+import org.apache.cxf.xkms.model.xkms.ReasonEnum;
+import org.apache.cxf.xkms.model.xkms.StatusType;
+import org.apache.cxf.xkms.model.xkms.ValidateRequestType;
+import org.apache.cxf.xkms.model.xmldsig.KeyInfoType;
+import org.apache.cxf.xkms.model.xmldsig.X509DataType;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.junit.PaxExam;
+
+@RunWith(PaxExam.class)
+public class ValidatorTest extends BasicIntegrationTest {
+
+    private static final String PATH_TO_RESOURCES = "/data/xkms/certificates/";
+
+    private static final org.apache.cxf.xkms.model.xmldsig.ObjectFactory DSIG_OF = 
+        new org.apache.cxf.xkms.model.xmldsig.ObjectFactory();
+    private static final org.apache.cxf.xkms.model.xkms.ObjectFactory XKMS_OF = 
+        new org.apache.cxf.xkms.model.xkms.ObjectFactory();
+
+    @Test
+    public void testRootCertIsValid() throws CertificateException {
+
+        X509Certificate rootCertificate = readCertificate("trusted_cas/root.cer");
+        ValidateRequestType request = prepareValidateXKMSRequest(rootCertificate);
+        StatusType result = xkmsService.validate(request).getKeyBinding().get(0).getStatus();
+
+        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID, result.getStatusValue());
+        Assert.assertFalse(result.getValidReason().isEmpty());
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALIDITY_INTERVAL.value(), result
+            .getValidReason().get(0));
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
+            .getValidReason().get(1));
+    }
+
+    @Test
+    public void testAliceSignedByRootIsValid() throws JAXBException, CertificateException {
+        X509Certificate aliceCertificate = readCertificate("cas/alice.cer");
+        ValidateRequestType request = prepareValidateXKMSRequest(aliceCertificate);
+        StatusType result = xkmsService.validate(request).getKeyBinding().get(0).getStatus();
+
+        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID, result.getStatusValue());
+        Assert.assertFalse(result.getValidReason().isEmpty());
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALIDITY_INTERVAL.value(), result
+            .getValidReason().get(0));
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
+            .getValidReason().get(1));
+    }
+
+    @Test
+    public void testDaveSignedByAliceSginedByRootIsValid() throws JAXBException, CertificateException {
+        X509Certificate daveCertificate = readCertificate("dave.cer");
+        ValidateRequestType request = prepareValidateXKMSRequest(daveCertificate);
+        StatusType result = xkmsService.validate(request).getKeyBinding().get(0).getStatus();
+
+        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID, result.getStatusValue());
+        Assert.assertFalse(result.getValidReason().isEmpty());
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALIDITY_INTERVAL.value(), result
+            .getValidReason().get(0));
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
+            .getValidReason().get(1));
+    }
+
+    @Test
+    public void testSelfSignedCertOscarIsNotValid() throws JAXBException, CertificateException {
+        X509Certificate oscarCertificate = readCertificate("oscar.cer");
+        ValidateRequestType request = prepareValidateXKMSRequest(oscarCertificate);
+        StatusType result = xkmsService.validate(request).getKeyBinding().get(0).getStatus();
+
+        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID, result.getStatusValue());
+        Assert.assertFalse(result.getInvalidReason().isEmpty());
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
+            .getInvalidReason().get(0));
+    }
+
+    @Test
+    public void testExpiredCertIsNotValid() throws CertificateException {
+        X509Certificate expiredCertificate = readCertificate("expired.cer");
+        ValidateRequestType request = prepareValidateXKMSRequest(expiredCertificate);
+        StatusType result = xkmsService.validate(request).getKeyBinding().get(0).getStatus();
+
+        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID, result.getStatusValue());
+        Assert.assertFalse(result.getInvalidReason().isEmpty());
+        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALIDITY_INTERVAL.value(), result
+            .getInvalidReason().get(0));
+    }
+
+    /*
+     * Method is taken from {@link org.apache.cxf.xkms.client.XKMSInvokder}.
+     */
+    private ValidateRequestType prepareValidateXKMSRequest(X509Certificate cert) {
+        JAXBElement<byte[]> x509Cert;
+        try {
+            x509Cert = DSIG_OF.createX509DataTypeX509Certificate(cert.getEncoded());
+        } catch (CertificateEncodingException e) {
+            throw new IllegalArgumentException(e);
+        }
+        X509DataType x509DataType = DSIG_OF.createX509DataType();
+        x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(x509Cert);
+        JAXBElement<X509DataType> x509Data = DSIG_OF.createX509Data(x509DataType);
+
+        KeyInfoType keyInfoType = DSIG_OF.createKeyInfoType();
+        keyInfoType.getContent().add(x509Data);
+
+        QueryKeyBindingType queryKeyBindingType = XKMS_OF.createQueryKeyBindingType();
+        queryKeyBindingType.setKeyInfo(keyInfoType);
+
+        ValidateRequestType validateRequestType = XKMS_OF.createValidateRequestType();
+        setGenericRequestParams(validateRequestType);
+        validateRequestType.setQueryKeyBinding(queryKeyBindingType);
+        // temporary
+        validateRequestType.setId(cert.getSubjectDN().toString());
+        return validateRequestType;
+    }
+
+    private void setGenericRequestParams(MessageAbstractType request) {
+        request.setService(XKMSConstants.XKMS_ENDPOINT_NAME);
+        request.setId(UUID.randomUUID().toString());
+    }
+
+    private X509Certificate readCertificate(String path) throws CertificateException {
+        InputStream inputStream = ValidatorTest.class.getResourceAsStream(PATH_TO_RESOURCES + path);
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        return (X509Certificate)cf.generateCertificate(inputStream);
+    }
+
+}

Added: cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java Fri Jun 14 13:50:30 2013
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.itests.service;
+
+import java.net.URISyntaxException;
+import java.util.UUID;
+
+import org.apache.cxf.xkms.itests.BasicIntegrationTest;
+import org.apache.cxf.xkms.model.xkms.PrototypeKeyBindingType;
+import org.apache.cxf.xkms.model.xkms.RegisterRequestType;
+import org.apache.cxf.xkms.model.xkms.RegisterResultType;
+import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
+import org.apache.cxf.xkms.model.xkms.ResultMinorEnum;
+import org.apache.cxf.xkms.model.xmldsig.KeyInfoType;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.junit.PaxExam;
+
+@RunWith(PaxExam.class)
+public class XKMSServiceTest extends BasicIntegrationTest {
+
+    @Test
+    public void testEmptyRegister() throws URISyntaxException, Exception {
+        RegisterRequestType request = new RegisterRequestType();
+        request.setId(UUID.randomUUID().toString());
+        RegisterResultType result = xkmsService.register(request);
+        Assert.assertEquals(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SENDER.value(),
+                            result.getResultMajor());
+        Assert.assertEquals(ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_FAILURE.value(),
+                            result.getResultMinor());
+    }
+
+    @Test
+    public void testRegisterWithoutKey() throws URISyntaxException, Exception {
+        RegisterRequestType request = new RegisterRequestType();
+        PrototypeKeyBindingType binding = new PrototypeKeyBindingType();
+        KeyInfoType keyInfo = new KeyInfoType();
+        binding.setKeyInfo(keyInfo);
+        request.setPrototypeKeyBinding(binding);
+        request.setId(UUID.randomUUID().toString());
+        RegisterResultType result = xkmsService.register(request);
+        Assert.assertEquals(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SENDER.value(),
+                            result.getResultMajor());
+        Assert.assertEquals(ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_FAILURE.value(),
+                            result.getResultMinor());
+    }
+    
+}

Added: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/alice.cer
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/alice.cer?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/alice.cer (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/alice.cer Fri Jun 14 13:50:30 2013
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAligAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJERTEMMAoGA1UECAwD
+TlJXMRQwEgYDVQQKDAtEZW1vIENsaWVudDEXMBUGA1UEAwwOd3d3Lmlzc3Vlci5jb20wHhcNMTMw
+NTI5MDg0NTI4WhcNMjMwNTI3MDg0NTI4WjBYMQswCQYDVQQGEwJERTEMMAoGA1UECBMDTlJXMQww
+CgYDVQQHEwNDR04xDDAKBgNVBAoTA0NYRjEPMA0GA1UECxMGQXBhY2hlMQ4wDAYDVQQDEwVBbGlj
+ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKy/WiJ3FX64AyQgE+OIQFXaTSX2ANLj
+Ga2leZUDjhGiD4bd5Y4lth1c2hSJSNyF80I/Z58pYfnL930lncAOPXpxFq88ngAgJJNuzWv68P8P
+NVrJ7s0t7MNOyhOKpmskTWZiYh51OkyzOc/LnEY0uhQr1BS4cmShdJbNCMo0DFNcTm0b5piYu9ag
+a8p1mTiBTctjy0fif+zLvxMJ2X8szCZ2b7lM3FEMx4dx+4cXFi8YF23L4CwShW6g65YCg+mC+Vwu
+LOniwAHOV6WxLsjxyEs6hgdt+/Z9MjdzYPT4rrzLfWkGoOFmZoY08XIjpmxoZKHD7vdrcjIMPEvG
+TWRzgRkCAwEAAaNTMFEwHQYDVR0OBBYEFOxINJ1wxyAigMDDkStdn/7oucgHMB8GA1UdIwQYMBaA
+FOB7SGdn5upcqrOlUkSW/QzLkgKDMA8GA1UdEwQIMAYBAf8CAQMwDQYJKoZIhvcNAQEFBQADgYEA
+e4wp1RhLxKowAF7/OMI7ZxLAdLPWR/rapKrUdVn90XvzQjz5nW7Ohqe6VmsQ5lpSSRtxrEr1JRT3
+4f6MsMzYmZMazRQgKDiqHnXtNFTwwuADT54yqfgzR+TOlJKr7OfJ72qKnBOTHn/All29UJwKvdMG
+Xsg88Ou2fh6DS7fsfcA=
+-----END CERTIFICATE-----

Added: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/dave.cer
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/dave.cer?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/dave.cer (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/dave.cer Fri Jun 14 13:50:30 2013
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAgsCAQEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCREUxDDAKBgNV
+BAgTA05SVzEMMAoGA1UEBxMDQ0dOMQwwCgYDVQQKEwNDWEYxDzANBgNVBAsTBkFw
+YWNoZTEOMAwGA1UEAxMFQWxpY2UwHhcNMTMwNTI5MDg0ODU1WhcNMjMwNTI3MDg0
+ODU1WjBXMQswCQYDVQQGEwJERTEMMAoGA1UECBMDTlJXMQwwCgYDVQQHEwNDR04x
+DDAKBgNVBAoTA0NYRjEPMA0GA1UECxMGQXBhY2hlMQ0wCwYDVQQDEwREYXZlMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaNr3jK7TrxAseTLE7VifTAC
+zwQf/yLiBZ6mp3DxJZZ1f+9sJNDR8WWei31KC947HhFC0y3s1x8V2t/GIGFWv8Bl
+IF6wjFqZZfiQE0xEZy8yUfnDV2aWdXkni92zPNbttmWpeqD7gmv2VxCc+NdT1WZp
+EyU7aTw/2nRloxtKkwQxqRO2IJUAzRyCcu3i/rfjH2gPaf6tlMEE6IJspLzIqCxe
+0fS5G695o/aCkSB0iRaGe4neuHcCQl59GMgCQekjL4ZropwjrNyPeuTPrYI/2Ddr
+ZrK/mWbWPAJUttzWnTWOdh6VTkzXz839cT6xB0YCxJQh+IloVqSPE4sZs2+TiwID
+AQABMA0GCSqGSIb3DQEBBQUAA4IBAQApJMjAHReII+4RrTkHqANOn4Dhb0TFOa69
+M2SNfdzGd2CB8CHg7UVOxGFOYFXeSKrQipqH4/zJbj6cyXOgTUc7+7uDK3DjxxF5
+EY5Nts/jqrBGgrLa/vW5HmkkinKFvbzH+JcARzLKgoZp9k0j+qrisEATbY9HN/yM
+kEum1ChyYuEVNAq+AY1G/z9QPL1Ts7bd65LX9egYNFOQmMp4f6efbeT/9DfFTSrR
+iECJtjGrmrlyqqNunQKF0iYT7dttDAgshdcTYNCGc3YokuLFaoxoUCMryts72rQq
+OtY9Tp723QBJO82iYqv4wg2qxRLcjZZv7dqTeh2S+j4dEZaI82N/
+-----END CERTIFICATE-----

Added: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/expired.cer
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/expired.cer?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/expired.cer (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/expired.cer Fri Jun 14 13:50:30 2013
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF4DCCA8igAwIBAgIJAKI2DZw3MLqRMA0GCSqGSIb3DQEBBQUAMFMxDzANBgNVBAoTBklzc3Vl
+cjELMAkGA1UEBhMCREUxDDAKBgNVBAgTA05SVzEMMAoGA1UEBxMDQ0dOMRcwFQYDVQQDEw53d3cu
+aXNzdWVyLmNvbTAeFw0xMjAyMjkxMDIzMDFaFw0xMzAyMjgxMDIzMDFaMFMxDzANBgNVBAoTBklz
+c3VlcjELMAkGA1UEBhMCREUxDDAKBgNVBAgTA05SVzEMMAoGA1UEBxMDQ0dOMRcwFQYDVQQDEw53
+d3cuaXNzdWVyLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMSCbQd/92wAJnfa
+FZTRmEP0afGGS0lGJghLg3uoMpewcQj4A2RZVJl2sfFbk/OppUqtJYxLKv0LRkx9MsZ2rQOq1Yfm
+HShxpb6PeyRx8dEgSCtgWivVzKk/w+UudilQVC3cTNWtCayjajHcc0UAG4Kaaypl5CNEWH0M4Jap
+cjFCwU3t7INI/DcAZK2J0aZI0pevw977nEzHyHOeea3O0RFrTTQomt/fv4gtP08F4x13cK0ssD93
+YZwhzFQ/63E/P0UM6daKJG8Ysg9owjwuSGR6bDR/FNuDeH4hqq0QGuvFHANpVTakvE5d+WWw1BDI
+Z8RK2vf3yFs+/jazTUhUJvoiniqtTf6VnMUmI7n5mDFQbutiIOeFzK4bQ+KKYch/aO2Pc6dXoEYm
+CfgA/SdcoOhEfGJKqU8mvPU/bXJEDVj1VgFzRssnaZcmReXfrcFuxW9fkVMEQ4jXlUF6v63uwqpd
+MWqgBGlti5hHjOuE/MOYpmBv6mUNX0MxqtgRU7/8fUoR6HwgAlRBOoWGCHIzv/0V6fSm804OiUf+
+DY65dbpZRhZmd7yANYYoewSwrNokDXGlz6e5cPaXMUnakIgcj2crr+dqQpxkrpTgP5ihq8Jrw8GH
+YZwm0SE4dqhA/DcyL6UlJarZSk7U3XEGvs60p0YThEgbpHCkgyruxocyQ4z3AgMBAAGjgbYwgbMw
+HQYDVR0OBBYEFCN8oLmMeAxU7v5mcE6U2bDmP63cMIGDBgNVHSMEfDB6gBQjfKC5jHgMVO7+ZnBO
+lNmw5j+t3KFXpFUwUzEPMA0GA1UEChMGSXNzdWVyMQswCQYDVQQGEwJERTEMMAoGA1UECBMDTlJX
+MQwwCgYDVQQHEwNDR04xFzAVBgNVBAMTDnd3dy5pc3N1ZXIuY29tggkAojYNnDcwupEwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAPDAcr3TdfLlczzkBR6iiN63ERK/FnIcB8vIJdxJe
+Ysq/w49CgxMjOugGsZ7rKTmT89zPQzVe/GJITRHNS1q81cf8hd4SWZ/i3z7k8tqhMRq0b31aQqkL
+zjPWD6PAwzDWUAY8HMMq9Gbxx52u4yXxx1PabTxq/0EDtX7+JfZ462BGtWCcUrrXq6Wck4acvAw2
+NmMfUR+RYLVKLINen82KD1YAl+mOKFfc3r9i1mLi/ylE2LuKN6Z3LnYAcaUgq22mRKR6hGXyw4zU
+2HzFNlgBnoJottYdZWxa5Chcr6wMgZS/rg3gQ8z6ALOFG/UTBxcXRmI0CCBhTPjn4Dq8gd+BWixB
+zFVF8DoYEyVEX7fGNOAwb3OZCQMVsaM6PuqIfiz0s5oiqdohYSzwXc6ajmQB7JJkfHE8B43dnL+G
+1+d2mqvhXhTeJNlwC0Hcqtc7MY2rRDY0Kj0LrGqjhN6kKiXHXA0YqVpn1W7qsu+GS51jxpxZ2DUE
+LNuIhXU/xbP3IS/BKMgiwNM2kZBtP0qkfKlsO9IemiQTNGZzxm+DJvE5U4wC0cVxsvqRTqdfKuma
+IMoUHsIrC5OWibTZ658KFuZZGHtxolH1sZnSPjs9D9RC9xDv5OyIHcHcMhN6c7wk2Tf3GpY91r6S
+p6TxIkB2cZQDT8eTSS/PTHC+muh5/365lRE=
+-----END CERTIFICATE-----

Added: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/oscar.cer
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/oscar.cer?rev=1493072&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/oscar.cer
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/root.cer
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/root.cer?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/root.cer (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/root.cer Fri Jun 14 13:50:30 2013
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICYjCCAcugAwIBAgIJAIBUDD+Ghp2oMA0GCSqGSIb3DQEBBQUAMEoxCzAJBgNVBAYTAkRFMQww
+CgYDVQQIDANOUlcxFDASBgNVBAoMC0RlbW8gQ2xpZW50MRcwFQYDVQQDDA53d3cuaXNzdWVyLmNv
+bTAeFw0xMzA1MjQxMjUxNDZaFw0yMzA1MjIxMjUxNDZaMEoxCzAJBgNVBAYTAkRFMQwwCgYDVQQI
+DANOUlcxFDASBgNVBAoMC0RlbW8gQ2xpZW50MRcwFQYDVQQDDA53d3cuaXNzdWVyLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxeCtfXDqPmsAcYZGVeEUl2xe9vQl9veaSG6l8O/6QXXH
+3q78yUvQPHltO4PAooK6VamINpgBw2sHMl3sxFIrwJNh1tclXgtowgf/qwbC2TrGumK/bQTg6E0V
+Y1KXdC/tn11gxaEfic1e68gvGfPK18JnLeCw7/mOKafMKQHW8ZMCAwEAAaNQME4wHQYDVR0OBBYE
+FOB7SGdn5upcqrOlUkSW/QzLkgKDMB8GA1UdIwQYMBaAFOB7SGdn5upcqrOlUkSW/QzLkgKDMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAEbuWyVkHKeryUsajA4IjCthswSSoi7NggULj
+LvuHkdgvPJhADSrcsEKQWr8/HMorrKnGh20EAWzjIXwRJYOCrDiYyfWezAE2h36MjZK7jXyAswAT
+YSPINdRP8VdrXBlj1oh0krhLyJrpaONkmpVwxVvxKL0Fc/iEnn5nVtaUyGg=
+-----END CERTIFICATE-----

Added: cxf/trunk/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg (added)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg Fri Jun 14 13:50:30 2013
@@ -0,0 +1,46 @@
+#################################################################################
+#
+#    Licensed to the Apache Software Foundation (ASF) under one or more
+#    contributor license agreements.  See the NOTICE file distributed with
+#    this work for additional information regarding copyright ownership.
+#    The ASF licenses this file to You under the Apache License, Version 2.0
+#    (the "License"); you may not use this file except in compliance with
+#    the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+################################################################################
+
+# XKMS configuration properties
+
+# Certificate repository ldap or file
+xkms.certificate.repo=file
+
+# Filesystem backend
+xkms.file.storageDir=data/xkms/certificates
+
+# LDAP backend
+xkms.ldap.url=ldap://localhost:2389
+xkms.ldap.user=cn=Directory Manager,dc=example,dc=com
+xkms.ldap.pwd=test
+xkms.ldap.retry=2
+xkms.ldap.rootDN=dc=example,dc=com
+
+# LDAP schema
+xkms.ldap.schema.certObjectClass=inetOrgPerson
+xkms.ldap.schema.attrUID=uid
+xkms.ldap.schema.attrIssuerID=manager
+xkms.ldap.schema.attrSerialNumber=employeeNumber
+xkms.ldap.schema.attrCrtBinary=userCertificate;binary
+xkms.ldap.schema.constAttrNamesCSV=sn
+xkms.ldap.schema.constAttrValuesCSV=X509 certificate
+xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
+xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
+xkms.ldap.schema.trustedAuthorities=(&(objectClass=inetOrgPerson)(ou:dn:=rootCAs))
+xkms.ldap.schema.intermediates=(&(objectClass=inetOrgPerson)(ou:dn:=intermediateCAs))

Modified: cxf/trunk/services/xkms/xkms-osgi/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-osgi/pom.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-osgi/pom.xml (original)
+++ cxf/trunk/services/xkms/xkms-osgi/pom.xml Fri Jun 14 13:50:30 2013
@@ -1,72 +1,71 @@
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
-    <modelVersion>4.0.0</modelVersion>
-    <groupId>org.apache.cxf.services.xkms</groupId>
-    <artifactId>cxf-services-xkms-osgi</artifactId>
-    <packaging>bundle</packaging>
-    <name>Apache CXF XKMS OSGi deployment</name>
-    <url>http://cxf.apache.org</url>
-
-    <parent>
-        <groupId>org.apache.cxf</groupId>
-        <artifactId>cxf-parent</artifactId>
-        <version>3.0.0-SNAPSHOT</version>
-        <relativePath>../../../parent/pom.xml</relativePath>
-    </parent>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.apache.cxf.services.xkms</groupId>
-            <artifactId>cxf-services-xkms-common</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.services.xkms</groupId>
-            <artifactId>cxf-services-xkms-x509-handlers</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf.services.xkms</groupId>
-            <artifactId>cxf-services-xkms-service</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.felix</groupId>
-                <artifactId>maven-bundle-plugin</artifactId>
-                <extensions>true</extensions>
-                <configuration>
-                    <instructions>
-                        <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
-                        <Require-Bundle>
-                            org.apache.cxf.bundle,
-                            org.springframework.beans
-                        </Require-Bundle>
-                    </instructions>
-                </configuration>
-            </plugin>
-        </plugins>
-    </build>
-</project>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.apache.cxf.services.xkms</groupId>
+    <artifactId>cxf-services-xkms-osgi</artifactId>
+    <packaging>bundle</packaging>
+    <name>Apache CXF XKMS OSGi deployment</name>
+    <url>http://cxf.apache.org</url>
+
+    <parent>
+        <groupId>org.apache.cxf</groupId>
+        <artifactId>cxf-parent</artifactId>
+        <version>3.0.0-SNAPSHOT</version>
+        <relativePath>../../../parent/pom.xml</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.cxf.services.xkms</groupId>
+            <artifactId>cxf-services-xkms-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.services.xkms</groupId>
+            <artifactId>cxf-services-xkms-x509-handlers</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.services.xkms</groupId>
+            <artifactId>cxf-services-xkms-service</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
+                        <Require-Bundle>
+                            org.springframework.beans
+                        </Require-Bundle>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

Modified: cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/cxf-endpoint.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/cxf-endpoint.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/cxf-endpoint.xml (original)
+++ cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/cxf-endpoint.xml Fri Jun 14 13:50:30 2013
@@ -24,18 +24,17 @@
         <property name="validators">
             <list>
                 <ref component-id="dateValidator" />
+                <ref component-id="trustedAuthorityValidator" />
             </list>
         </property>
         <property name="locators">
             <list>
-                <ref component-id="x509LdapLocator" />
-                <!-- ref component-id="x509FileLocator" / -->
+                <ref component-id="x509Locator" />
             </list>
         </property>
         <property name="keyRegisterHandlers">
             <list>
-                <ref component-id="ldapRegisterHandler" />
-                <!-- ref component-id="fileRegisterHandler" / -->
+                <ref component-id="registerHandler" />
             </list>
         </property>
     </bean>

Modified: cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml (original)
+++ cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/xkms-key-handlers.xml Fri Jun 14 13:50:30 2013
@@ -1,22 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+    license agreements. See the NOTICE file distributed with this work for additional 
+    information regarding copyright ownership. The ASF licenses this file to 
+    you under the Apache License, Version 2.0 (the "License"); you may not use 
+    this file except in compliance with the License. You may obtain a copy of 
+    the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+    by applicable law or agreed to in writing, software distributed under the 
+    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+    OF ANY KIND, either express or implied. See the License for the specific 
+    language governing permissions and limitations under the License. -->
 <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://cxf.apache.org/blueprint/core"
     xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
@@ -31,7 +23,14 @@
 
     <cm:property-placeholder persistent-id="org.apache.cxf.xkms" />
 
-    <bean id="ldapSchemaConfig" class="org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig">
+    <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.repo.ldap.LdapSearch">
+        <argument value="${xkms.ldap.url}" />
+        <argument value="${xkms.ldap.user}" />
+        <argument value="${xkms.ldap.pwd}" />
+        <argument value="${xkms.ldap.retry}" />
+    </bean>
+
+    <bean id="ldapSchemaConfig" class="org.apache.cxf.xkms.x509.repo.ldap.LdapSchemaConfig">
         <property name="certObjectClass" value="${xkms.ldap.schema.certObjectClass}" />
         <property name="attrUID" value="${xkms.ldap.schema.attrUID}" />
         <property name="attrIssuerID" value="${xkms.ldap.schema.attrIssuerID}" />
@@ -43,33 +42,32 @@
             value="${xkms.ldap.schema.serviceCertRDNTemplate}" />
         <property name="serviceCertUIDTemplate"
             value="${xkms.ldap.schema.serviceCertUIDTemplate}" />
+        <property name="trustedAuthorityFilter" value="${xkms.ldap.schema.trustedAuthorities}" />
+        <property name="intermediateFilter" value="${xkms.ldap.schema.intermediates}" />
     </bean>
 
-    <bean id="dateValidator" class="org.apache.cxf.xkms.x509.validator.DateValidator" />
-
-    <bean id="x509LdapLocator" class="org.apache.cxf.xkms.x509.locator.LdapLocator">
+    <bean id="certificateRepo" class="org.apache.cxf.xkms.x509.repo.CertificateRepoFactory"
+        factory-method="createRepository">
+        <argument value="${xkms.certificate.repo}" />
         <argument ref="ldapSearch" />
         <argument ref="ldapSchemaConfig" />
         <argument value="${xkms.ldap.rootDN}" />
+        <argument value="${xkms.file.storageDir}" />
     </bean>
 
-    <bean id="ldapRegisterHandler"
-        class="org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler">
-        <argument ref="ldapSearch" />
-        <argument ref="ldapSchemaConfig" />
-        <argument value="${xkms.ldap.rootDN}" />
+    <bean id="dateValidator" class="org.apache.cxf.xkms.x509.validator.DateValidator" />
+    <bean id="trustedAuthorityValidator"
+        class="org.apache.cxf.xkms.x509.validator.TrustedAuthorityValidator">
+        <argument ref="certificateRepo" />
     </bean>
 
-    <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.handlers.LdapSearch">
-        <argument value="${xkms.ldap.url}" />
-        <argument value="${xkms.ldap.user}" />
-        <argument value="${xkms.ldap.pwd}" />
-        <argument value="${xkms.ldap.retry}" />
+    <bean id="x509Locator" class="org.apache.cxf.xkms.x509.handlers.X509Locator">
+        <argument ref="certificateRepo" />
     </bean>
 
-    <!-- bean id="x509FileLocator" class="org.apache.cxf.xkms.x509.locator.FileLocator"> 
-        <argument value="${xkms.backend.file.storageDir}" /> </bean> <bean id="fileRegisterHandler" 
-        class="org.apache.cxf.xkms.x509.handlers.FileRegisterHandler"> <argument 
-        value="${xkms.filepersistence.storageDir}" /> </bean -->
+    <bean id="registerHandler"
+        class="org.apache.cxf.xkms.x509.handlers.X509RegisterHandler">
+        <argument ref="certificateRepo" />
+    </bean>
 
 </blueprint>

Modified: cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml (original)
+++ cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml Fri Jun 14 13:50:30 2013
@@ -41,18 +41,17 @@
         <property name="validators">
             <list>
                 <ref bean="dateValidator" />
+                <ref bean="trustedAuthorityValidator" />
             </list>
         </property>
         <property name="locators">
             <list>
-                <!--ref bean="x509LdapLocator" /-->
-                <ref bean="x509FileLocator" />
+                <ref bean="x509Locator" />
             </list>
         </property>
         <property name="keyRegisterHandlers">
             <list>
-                <!--ref bean="ldapRegisterHandler" /-->
-                <ref bean="fileRegisterHandler" />
+                <ref bean="registerHandler" />
             </list>
         </property>
     </bean>

Modified: cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml (original)
+++ cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml Fri Jun 14 13:50:30 2013
@@ -1,22 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor 
+    license agreements. See the NOTICE file distributed with this work for additional 
+    information regarding copyright ownership. The ASF licenses this file to 
+    you under the Apache License, Version 2.0 (the "License"); you may not use 
+    this file except in compliance with the License. You may obtain a copy of 
+    the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+    by applicable law or agreed to in writing, software distributed under the 
+    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+    OF ANY KIND, either express or implied. See the License for the specific 
+    language governing permissions and limitations under the License. -->
 <beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws"
     xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -31,51 +23,60 @@
         http://www.springframework.org/schema/util
         http://www.springframework.org/schema/util/spring-util-2.0.xsd">
 
+
     <bean id="dateValidator" class="org.apache.cxf.xkms.x509.validator.DateValidator" />
 
-<!-- LDAP based implementation -->
+    <bean id="trustedAuthorityValidator"
+        class="org.apache.cxf.xkms.x509.validator.TrustedAuthorityValidator">
+        <constructor-arg ref="certificateRepo" />
+    </bean>
 
-    <bean id="ldapSchemaConfig" class="org.apache.cxf.xkms.x509.handlers.LdapSchemaConfig">
-        <property name="certObjectClass" value="inetOrgPerson" />
-        <property name="attrUID" value="uid" />
-        <property name="attrIssuerID" value="manager" />
-        <property name="attrSerialNumber" value="employeeNumber" />
-        <property name="attrCrtBinary" value="userCertificate;binary" />
-        <property name="constAttrNamesCSV" value="sn" />
-        <property name="constAttrValuesCSV" value="X509 certificate" />
-        <property name="serviceCertRDNTemplate" value="cn=%s,ou=services" />
-        <property name="serviceCertUIDTemplate" value="cn=%s" />
+    <bean id="x509Locator" class="org.apache.cxf.xkms.x509.handlers.X509Locator">
+        <constructor-arg ref="certificateRepo" />
     </bean>
 
-    <bean id="x509LdapLocator" class="org.apache.cxf.xkms.x509.locator.LdapLocator">
-        <constructor-arg ref="ldapSearch" />
-        <constructor-arg ref="ldapSchemaConfig" />
-        <constructor-arg value="dc=example,dc=com" />
+    <bean id="registerHandler"
+        class="org.apache.cxf.xkms.x509.handlers.X509RegisterHandler">
+        <constructor-arg ref="certificateRepo" />
     </bean>
 
-    <bean id="ldapRegisterHandler"
-        class="org.apache.cxf.xkms.x509.handlers.LdapRegisterHandler">
+
+    <!-- LDAP based implementation -->
+
+    <bean id="certificateRepo"
+        class="org.apache.cxf.xkms.x509.repo.ldap.LdapCertificateRepo">
         <constructor-arg ref="ldapSearch" />
         <constructor-arg ref="ldapSchemaConfig" />
         <constructor-arg value="dc=example,dc=com" />
     </bean>
 
-    <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.handlers.LdapSearch">
+    <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.repo.ldap.LdapSearch">
         <constructor-arg value="ldap://localhost:2389" />
-        <constructor-arg value="cn=Directory Manager" />
+        <constructor-arg value="cn=Directory Manager,dc=example,dc=com" />
         <constructor-arg value="test" />
         <constructor-arg value="2" />
     </bean>
 
-<!-- File based implementation -->
- 
-    <bean id="x509FileLocator" class="org.apache.cxf.xkms.x509.locator.FileLocator">
-        <constructor-arg value="../conf/certs" />
+    <bean id="ldapSchemaConfig" class="org.apache.cxf.xkms.x509.repo.ldap.LdapSchemaConfig">
+        <property name="certObjectClass" value="inetOrgPerson" />
+        <property name="attrUID" value="uid" />
+        <property name="attrIssuerID" value="manager" />
+        <property name="attrSerialNumber" value="employeeNumber" />
+        <property name="attrCrtBinary" value="userCertificate;binary" />
+        <property name="constAttrNamesCSV" value="sn" />
+        <property name="constAttrValuesCSV" value="X509 certificate" />
+        <property name="serviceCertRDNTemplate" value="cn=%s,ou=services" />
+        <property name="serviceCertUIDTemplate" value="cn=%s" />
+	<property name="trustedAuthorityFilter" value="(&#038;(objectClass=inetOrgPerson)(ou:dn:=CAs))" />
+	<property name="intermediateFilter" value="(objectClass=inetOrgPerson)" />
     </bean>
 
-    <bean id="fileRegisterHandler"
-        class="org.apache.cxf.xkms.x509.handlers.FileRegisterHandler">
+
+    <!-- File based implementation -->
+
+    <!-- bean id="certificateRepo"
+        class="org.apache.cxf.xkms.x509.repo.file.FileCertificateRepo">
         <constructor-arg value="../conf/certs" />
-    </bean>
+    </bean-->
 
 </beans>

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/pom.xml?rev=1493072&r1=1493071&r2=1493072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/pom.xml (original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/pom.xml Fri Jun 14 13:50:30 2013
@@ -45,6 +45,11 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
+            <groupId>org.apache.cxf.services.xkms</groupId>
+            <artifactId>cxf-services-xkms-client</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>

Added: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java?rev=1493072&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java (added)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java Fri Jun 14 13:50:30 2013
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.x509.handlers;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.JAXBElement;
+
+import org.apache.cxf.xkms.exception.XKMSCertificateException;
+import org.apache.cxf.xkms.exception.XKMSException;
+import org.apache.cxf.xkms.handlers.Applications;
+import org.apache.cxf.xkms.handlers.Locator;
+import org.apache.cxf.xkms.model.xkms.LocateRequestType;
+import org.apache.cxf.xkms.model.xkms.QueryKeyBindingType;
+import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
+import org.apache.cxf.xkms.model.xkms.ResultMinorEnum;
+import org.apache.cxf.xkms.model.xkms.UnverifiedKeyBindingType;
+import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
+import org.apache.cxf.xkms.model.xmldsig.KeyInfoType;
+import org.apache.cxf.xkms.model.xmldsig.X509DataType;
+import org.apache.cxf.xkms.model.xmldsig.X509IssuerSerialType;
+import org.apache.cxf.xkms.x509.repo.CertificateRepo;
+import org.apache.cxf.xkms.x509.utils.X509Utils;
+
+public class X509Locator implements Locator {
+
+    private CertificateRepo certRepo;
+
+    public X509Locator(CertificateRepo certRepo) throws CertificateException {
+        this.certRepo = certRepo;
+    }
+
+    @Override
+    public UnverifiedKeyBindingType locate(LocateRequestType request) {
+        List<UseKeyWithType> keyIDs = parse(request);
+        X509Certificate cert;
+        try {
+            cert = findCertificate(keyIDs);
+            if (cert == null) {
+                return null;
+            }
+            UnverifiedKeyBindingType result = new UnverifiedKeyBindingType();
+            result.setKeyInfo(X509Utils.getKeyInfo(cert));
+            return result;
+        } catch (CertificateEncodingException e) {
+            throw new XKMSCertificateException("Cannot encode certificate: " + e.getMessage(), e);
+        } catch (CertificateException e1) {
+            throw new XKMSCertificateException(e1.getMessage(), e1);
+        }
+    }
+
+    public X509Certificate findCertificate(List<UseKeyWithType> ids) throws CertificateException {
+        X509Certificate cert = null;
+        if (ids.size() == 1) {
+            Applications application = Applications.fromUri(ids.get(0).getApplication());
+            String id = ids.get(0).getIdentifier();
+            if (application == Applications.PKIX) {
+                cert = certRepo.findBySubjectDn(id);
+            } else if (application == Applications.SERVICE_SOAP) {
+                cert = certRepo.findByServiceName(id);
+            }
+        }
+        String issuer = getIdForApplication(Applications.ISSUER, ids);
+        String serial = getIdForApplication(Applications.SERIAL, ids);
+        if ((issuer != null) && (serial != null)) {
+            cert = certRepo.findByIssuerSerial(issuer, serial);
+        }
+        return cert;
+    }
+    
+    private String getIdForApplication(Applications application, List<UseKeyWithType> ids) {
+        for (UseKeyWithType id : ids) {
+            if (application.getUri().equalsIgnoreCase(id.getApplication())) {
+                return id.getIdentifier();
+            }
+        }
+        return null;
+    }
+    
+    private List<UseKeyWithType> parse(LocateRequestType request) {
+        List<UseKeyWithType> keyIDs = new ArrayList<UseKeyWithType>();
+        if (request == null) {
+            return keyIDs;
+        }
+
+        QueryKeyBindingType query = request.getQueryKeyBinding();
+        if (query == null) {
+            return keyIDs;
+        }
+
+        // http://www.w3.org/TR/xkms2/ [213]
+        if (query.getTimeInstant() != null) {
+            throw new XKMSException(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_RECEIVER,
+                    ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_TIME_INSTANT_NOT_SUPPORTED);
+        }
+
+        keyIDs.addAll(parse(query.getKeyInfo()));
+
+        List<UseKeyWithType> useKeyList = query.getUseKeyWith();
+        keyIDs.addAll(useKeyList);
+
+        return keyIDs;
+    }
+
+    private List<UseKeyWithType> parse(KeyInfoType keyInfo) {
+        List<UseKeyWithType> keyIDs = new ArrayList<UseKeyWithType>();
+
+        if (keyInfo == null) {
+            return keyIDs;
+        }
+
+        List<Object> content = keyInfo.getContent();
+        for (Object obj1 : content) {
+            if (obj1 instanceof JAXBElement) {
+                JAXBElement<?> keyInfoChild = (JAXBElement<?>) obj1;
+                if (X509Utils.X509_KEY_NAME.equals(keyInfoChild.getName())) {
+                    UseKeyWithType keyDN = new UseKeyWithType();
+                    keyDN.setApplication(Applications.PKIX.getUri());
+                    keyDN.setIdentifier((String) keyInfoChild.getValue());
+                    keyIDs.add(keyDN);
+
+                } else if (X509Utils.X509_DATA.equals(keyInfoChild.getName())) {
+                    X509DataType x509Data = (X509DataType) keyInfoChild.getValue();
+                    List<Object> x509DataContent = x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName();
+
+                    for (Object obj2 : x509DataContent) {
+                        if (obj2 instanceof JAXBElement) {
+                            JAXBElement<?> x509DataChild = (JAXBElement<?>) obj2;
+
+                            if (X509Utils.X509_ISSUER_SERIAL.equals(x509DataChild.getName())) {
+                                X509IssuerSerialType x509IssuerSerial = (X509IssuerSerialType) x509DataChild.getValue();
+
+                                UseKeyWithType issuer = new UseKeyWithType();
+                                issuer.setApplication(Applications.ISSUER.getUri());
+                                issuer.setIdentifier(x509IssuerSerial.getX509IssuerName());
+                                keyIDs.add(issuer);
+
+                                UseKeyWithType serial = new UseKeyWithType();
+                                serial.setApplication(Applications.SERIAL.getUri());
+                                serial.setIdentifier(x509IssuerSerial.getX509SerialNumber().toString());
+                                keyIDs.add(serial);
+
+                            } else if (X509Utils.X509_SUBJECT_NAME.equals(x509DataChild.getName())) {
+                                UseKeyWithType keyDN = new UseKeyWithType();
+                                keyDN.setApplication(Applications.PKIX.getUri());
+                                keyDN.setIdentifier((String) x509DataChild.getValue());
+                                keyIDs.add(keyDN);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        return keyIDs;
+    }
+
+}



Mime
View raw message