cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cschnei...@apache.org
Subject [2/2] git commit: CXF-5734 Allow to plug in alternative certificateRepo using OSGi service
Date Wed, 07 May 2014 12:07:15 GMT
CXF-5734 Allow to plug in alternative certificateRepo using OSGi service


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/037abfeb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/037abfeb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/037abfeb

Branch: refs/heads/master
Commit: 037abfeb72fcedc4178bc3788f18562446960306
Parents: 148bbc8
Author: Christian Schneider <chris@die-schneider.net>
Authored: Wed May 7 14:06:49 2014 +0200
Committer: Christian Schneider <chris@die-schneider.net>
Committed: Wed May 7 14:06:49 2014 +0200

----------------------------------------------------------------------
 services/xkms/pom.xml                           |   1 +
 .../cxf/xkms/x509/repo/CertificateRepo.java     |  36 +++
 services/xkms/xkms-features/pom.xml             |   5 +
 .../src/main/resources/features.xml             |  11 +-
 .../src/main/resources/org.apache.cxf.xkms.cfg  |  35 +--
 .../main/resources/org.apache.cxf.xkms.ldap.cfg |  40 +++
 services/xkms/xkms-itests/pom.xml               |  62 ++--
 .../cxf/xkms/itests/BasicIntegrationTest.java   |  77 +++--
 .../handlers/validator/ValidatorCRLTest.java    |  15 +-
 .../xkms/itests/service/XKMSServiceTest.java    |   5 +-
 .../xkms/itests/service/XKRSSDisableTest.java   |  14 +-
 .../test/resources/etc/org.apache.cxf.xkms.cfg  |  55 ----
 .../etc/org.apache.cxf.xkms_noXKRSS.cfg         |  47 ---
 .../etc/org.apache.cxf.xkms_revocation.cfg      |  52 ----
 .../resources/OSGI-INF/blueprint/blueprint.xml  |  53 ++--
 services/xkms/xkms-service/pom.xml              |  10 +
 .../service/CertificateRepoProxyFactory.java    |  58 ++++
 .../cxf/xkms/service/NamedServiceProxy.java     |  47 +++
 services/xkms/xkms-war/pom.xml                  |   5 +
 services/xkms/xkms-x509-handlers/pom.xml        |  11 +
 .../cxf/xkms/x509/repo/CertificateRepo.java     |  36 ---
 .../xkms/x509/repo/CertificateRepoFactory.java  |  43 ---
 .../x509/repo/ldap/LdapCertificateRepo.java     | 299 -------------------
 .../xkms/x509/repo/ldap/LdapSchemaConfig.java   | 149 ---------
 .../cxf/xkms/x509/repo/ldap/LdapSearch.java     | 165 ----------
 .../x509/repo/ldap/LDAPCertificateRepoTest.java | 146 ---------
 .../cxf/xkms/x509/repo/ldap/LDAPSearchTest.java |  51 ----
 services/xkms/xkms-x509-repo-ldap/pom.xml       |  35 +++
 .../x509/repo/ldap/LdapCertificateRepo.java     | 299 +++++++++++++++++++
 .../xkms/x509/repo/ldap/LdapSchemaConfig.java   | 149 +++++++++
 .../cxf/xkms/x509/repo/ldap/LdapSearch.java     | 165 ++++++++++
 .../resources/OSGI-INF/blueprint/blueprint.xml  |  54 ++++
 .../x509/repo/ldap/LDAPCertificateRepoTest.java | 146 +++++++++
 .../cxf/xkms/x509/repo/ldap/LDAPSearchTest.java |  51 ++++
 .../src/test/resources/cert1.cer                |  29 ++
 35 files changed, 1280 insertions(+), 1176 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/pom.xml
----------------------------------------------------------------------
diff --git a/services/xkms/pom.xml b/services/xkms/pom.xml
index e7c9fa7..53da381 100644
--- a/services/xkms/pom.xml
+++ b/services/xkms/pom.xml
@@ -40,5 +40,6 @@
         <module>xkms-osgi</module>
         <module>xkms-war</module>
         <module>xkms-itests</module>
+        <module>xkms-x509-repo-ldap</module>
     </modules>
 </project>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java b/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
new file mode 100644
index 0000000..c6c004d
--- /dev/null
+++ b/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.x509.repo;
+
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
+
+public interface CertificateRepo {
+    List<X509Certificate> getTrustedCaCerts();
+    List<X509Certificate> getCaCerts();
+    List<X509CRL> getCRLs();
+    void saveCertificate(X509Certificate cert, UseKeyWithType key);
+    X509Certificate findBySubjectDn(String dn);
+    X509Certificate findByServiceName(String serviceName);
+    X509Certificate findByEndpoint(String endpoint);
+    X509Certificate findByIssuerSerial(String issuer, String serial);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-features/pom.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-features/pom.xml b/services/xkms/xkms-features/pom.xml
index 1abe08c..ee09e67 100644
--- a/services/xkms/xkms-features/pom.xml
+++ b/services/xkms/xkms-features/pom.xml
@@ -82,6 +82,11 @@
                                     <classifier>org.apache.cxf.xkms.client</classifier>
                                     <type>cfg</type>
                                 </artifact>
+                                <artifact>
+                                    <file>target/classes/org.apache.cxf.xkms.ldap.cfg</file>
+                                    <classifier>org.apache.cxf.xkms.ldap</classifier>
+                                    <type>cfg</type>
+                                </artifact>
                             </artifacts>
                         </configuration>
                     </execution>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-features/src/main/resources/features.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-features/src/main/resources/features.xml b/services/xkms/xkms-features/src/main/resources/features.xml
index 0a54f36..59c10b5 100644
--- a/services/xkms/xkms-features/src/main/resources/features.xml
+++ b/services/xkms/xkms-features/src/main/resources/features.xml
@@ -33,12 +33,21 @@
     <feature name="cxf-xkms-service" version="${project.version}">
         <feature>cxf-jaxws</feature>
         <feature>cxf-http</feature>
+        <feature>wss4j</feature>
         <bundle>mvn:${project.groupId}/cxf-services-xkms-common/${project.version}</bundle>
-        <bundle>mvn:${project.groupId}/cxf-services-xkms-service/${project.version}</bundle>
         <bundle>mvn:${project.groupId}/cxf-services-xkms-x509-handlers/${project.version}</bundle>
+        <bundle>mvn:${project.groupId}/cxf-services-xkms-service/${project.version}</bundle>
         <bundle>mvn:${project.groupId}/cxf-services-xkms-osgi/${project.version}</bundle>
         <configfile finalname="/etc/org.apache.cxf.xkms.cfg">
             mvn:${project.groupId}/cxf-services-xkms-features/${project.version}/cfg/org.apache.cxf.xkms
         </configfile>
     </feature>
+    
+    <feature name="cxf-xkms-ldap" version="${project.version}">
+        <feature>cxf-xkms-service</feature>
+        <bundle>mvn:${project.groupId}/cxf-services-xkms-x509-repo-ldap/${project.version}</bundle>
+        <configfile finalname="/etc/org.apache.cxf.xkms.ldap.cfg">
+            mvn:${project.groupId}/cxf-services-xkms-features/${project.version}/cfg/org.apache.cxf.xkms.ldap
+        </configfile>
+    </feature>
 </features>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg b/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
index f4b17f6..e9a58d3 100644
--- a/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
+++ b/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
@@ -17,35 +17,10 @@
 #
 ################################################################################
 
-# XKMS configuration properties
-
-xkms.enableXKRSS=false
-
+# XKMS configuration
+xkms.enableXKRSS=true
 # Certificate repository ldap or file
-xkms.certificate.repo=ldap
-
-# Filesystem backend
+xkms.certificate.repo=file
+xkms.enableRevocation=false
+xkms.logExceptions=false
 xkms.file.storageDir=data/xkms/certificates
-
-# LDAP backend
-xkms.ldap.url=ldap://localhost:2389
-xkms.ldap.user=cn=Directory Manager,dc=example,dc=com
-xkms.ldap.pwd=test
-xkms.ldap.retry=2
-xkms.ldap.rootDN=dc=example,dc=com
-
-# LDAP schema
-xkms.ldap.schema.certObjectClass=inetOrgPerson
-xkms.ldap.schema.attrUID=uid
-xkms.ldap.schema.attrIssuerID=manager
-xkms.ldap.schema.attrSerialNumber=employeeNumber
-xkms.ldap.schema.attrEndpoint=labeledURI
-xkms.ldap.schema.attrCrtBinary=userCertificate;binary
-xkms.ldap.schema.constAttrNamesCSV=sn
-xkms.ldap.schema.constAttrValuesCSV=X509 certificate
-xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
-xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
-xkms.ldap.schema.crls=(&(objectClass=inetOrgPerson)(ou:dn:=CAs))
-xkms.ldap.schema.trustedAuthorities=(&(objectClass=inetOrgPerson)(ou:dn:=CAs))
-xkms.ldap.schema.intermediates=(objectClass=inetOrgPerson)
-

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.ldap.cfg
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.ldap.cfg b/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.ldap.cfg
new file mode 100644
index 0000000..c96adfb
--- /dev/null
+++ b/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.ldap.cfg
@@ -0,0 +1,40 @@
+#################################################################################
+#
+#    Licensed to the Apache Software Foundation (ASF) under one or more
+#    contributor license agreements.  See the NOTICE file distributed with
+#    this work for additional information regarding copyright ownership.
+#    The ASF licenses this file to You under the Apache License, Version 2.0
+#    (the "License"); you may not use this file except in compliance with
+#    the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+################################################################################
+
+# XKMS LDAP backend
+xkms.ldap.url=ldap://localhost:2389
+xkms.ldap.user=cn=Directory Manager,dc=example,dc=com
+xkms.ldap.pwd=test
+xkms.ldap.retry=2
+xkms.ldap.rootDN=dc=example,dc=com
+
+# LDAP schema
+xkms.ldap.schema.certObjectClass=inetOrgPerson
+xkms.ldap.schema.attrUID=uid
+xkms.ldap.schema.attrIssuerID=manager
+xkms.ldap.schema.attrSerialNumber=employeeNumber
+xkms.ldap.schema.attrEndpoint=labeledURI
+xkms.ldap.schema.attrCrtBinary=userCertificate;binary
+xkms.ldap.schema.constAttrNamesCSV=sn
+xkms.ldap.schema.constAttrValuesCSV=X509 certificate
+xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
+xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
+xkms.ldap.schema.crls=(&(objectClass=inetOrgPerson)(ou:dn:=CAs))
+xkms.ldap.schema.trustedAuthorities=(&(objectClass=inetOrgPerson)(ou:dn:=CAs))
+xkms.ldap.schema.intermediates=(objectClass=inetOrgPerson)

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/pom.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/pom.xml b/services/xkms/xkms-itests/pom.xml
index 08b9e32..5026ac8 100644
--- a/services/xkms/xkms-itests/pom.xml
+++ b/services/xkms/xkms-itests/pom.xml
@@ -22,8 +22,8 @@
         <relativePath>../../../parent/pom.xml</relativePath>
     </parent>
     <properties>
-        <pax-exam.version>3.2.0</pax-exam.version>
-        <karaf.version>2.3.1</karaf.version>
+        <pax.exam.version>3.4.0</pax.exam.version>
+        <karaf.version>2.3.5</karaf.version>
     </properties>
     <dependencies>
         <dependency>
@@ -66,49 +66,65 @@
         <dependency>
             <groupId>org.ops4j.pax.exam</groupId>
             <artifactId>pax-exam-junit4</artifactId>
-            <version>${pax-exam.version}</version>
+            <version>${pax.exam.version}</version>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.ops4j.pax.exam</groupId>
+            <artifactId>pax-exam</artifactId>
+            <version>${pax.exam.version}</version>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.ops4j.pax.exam</groupId>
             <artifactId>pax-exam-container-karaf</artifactId>
-            <version>${pax-exam.version}</version>
+            <version>${pax.exam.version}</version>
             <scope>test</scope>
         </dependency>
+
         <dependency>
-            <groupId>org.ops4j.pax.url</groupId>
-            <artifactId>pax-url-aether</artifactId>
-            <version>1.6.0</version>
+            <groupId>org.ops4j.pax.exam</groupId>
+            <artifactId>pax-exam-link-mvn</artifactId>
+            <version>${pax.exam.version}</version>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
         <dependency>
-            <groupId>org.apache.karaf</groupId>
-            <artifactId>apache-karaf</artifactId>
-            <version>${karaf.version}</version>
-            <type>tar.gz</type>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.apache.karaf</groupId>
-                    <artifactId>org.apache.karaf.client</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse</groupId>
-                    <artifactId>osgi</artifactId>
-                </exclusion>
-            </exclusions>
+        	<groupId>org.slf4j</groupId>
+        	<artifactId>slf4j-jcl</artifactId>
+        	<version>1.7.7</version>
         </dependency>
     </dependencies>
     <build>
         <plugins>
+        	<!-- generate dependency versions -->
+            <plugin>
+                <groupId>org.apache.servicemix.tooling</groupId>
+                <artifactId>depends-maven-plugin</artifactId>
+                <version>1.2</version>
+                <executions>
+                    <execution>
+                    	<phase>generate-resources</phase>
+                        <id>generate-depends-file</id>
+                        <goals>
+                            <goal>generate-depends-file</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
                     <systemPropertyVariables>
                         <org.ops4j.pax.logging.DefaultServiceLog.level>WARN</org.ops4j.pax.logging.DefaultServiceLog.level>
-                        <project.version>${project.version}</project.version>
                         <karaf.version>${karaf.version}</karaf.version>
-                        <buildDirectory>${project.build.directory}</buildDirectory>
                         <org.ops4j.pax.url.mvn.localRepository>${maven.repo.local}</org.ops4j.pax.url.mvn.localRepository>
                     </systemPropertyVariables>
                 </configuration>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
index 67ccded..3ea621f 100644
--- a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
+++ b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
@@ -19,9 +19,15 @@
 package org.apache.cxf.xkms.itests;
 
 import java.io.File;
+import java.util.Iterator;
 
 import javax.inject.Inject;
 
+import org.apache.cxf.xkms.model.extensions.ResultDetails;
+import org.apache.cxf.xkms.model.xkms.LocateResultType;
+import org.apache.cxf.xkms.model.xkms.MessageExtensionAbstractType;
+import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
+import org.junit.Assert;
 import org.ops4j.pax.exam.Configuration;
 import org.ops4j.pax.exam.Option;
 import org.ops4j.pax.exam.options.MavenArtifactUrlReference;
@@ -32,6 +38,7 @@ import org.w3._2002._03.xkms_wsdl.XKMSPortType;
 
 import static org.ops4j.pax.exam.CoreOptions.maven;
 import static org.ops4j.pax.exam.CoreOptions.systemProperty;
+import static org.ops4j.pax.exam.CoreOptions.when;
 import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.configureConsole;
 import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut;
 import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.features;
@@ -46,61 +53,65 @@ public class BasicIntegrationTest {
     
     // Adding apache snapshots as cxf trunk may contain snapshot dependencies
     private static final String REPOS = "http://repo1.maven.org/maven2@id=central, " 
-//        + "http://svn.apache.org/repos/asf/servicemix/m2-repo@id=servicemix, "
         + "http://repository.apache.org/content/groups/snapshots-group@snapshots@noreleases@id=apache-snapshots ";
-//        + "http://repository.springsource.com/maven/bundles/release@id=springsource.release, "
-//        + "http://repository.springsource.com/maven/bundles/external@id=springsource.external, "
-//        + "http://oss.sonatype.org/content/repositories/releases/@id=sonatype"; 
 
+    protected MavenArtifactUrlReference karafUrl;
+    protected MavenUrlReference xkmsFeatures;
+    
     @Inject
     protected XKMSPortType xkmsService;
 
     @Configuration
     public Option[] getConfig() {
-
-        String projectVersion = System.getProperty("project.version");
-        String karafVersion = System.getProperty("karaf.version");
-        MavenArtifactUrlReference karafUrl = maven().groupId("org.apache.karaf").artifactId("apache-karaf")
+        String karafVersion = System.getProperty("karaf.version", "2.3.5");
+        String localRepository = System.getProperty("localRepository");
+        karafUrl = maven().groupId("org.apache.karaf").artifactId("apache-karaf")
             .version(karafVersion).type("tar.gz");
-        MavenUrlReference xkmsFeatures = maven().groupId("org.apache.cxf.services.xkms")
-            .artifactId("cxf-services-xkms-features").version(projectVersion).type("xml");
+        xkmsFeatures = maven().groupId("org.apache.cxf.services.xkms")
+            .artifactId("cxf-services-xkms-features").versionAsInProject().type("xml");
+
 
         return new Option[] {
-                             
             karafDistributionConfiguration().frameworkUrl(karafUrl).karafVersion(karafVersion)
                 .unpackDirectory(new File("target/paxexam/unpack/")).useDeployFolder(false),
             systemProperty("java.awt.headless").value("true"),
 
-            replaceConfigurationFile("data/xkms/certificates/trusted_cas/root.cer",
-                                     new File("src/test/resources/data/xkms/certificates/trusted_cas/root.cer")),
-            replaceConfigurationFile("data/xkms/certificates/trusted_cas/wss40CA.cer",
-                                     new File("src/test/resources/data/xkms/certificates/trusted_cas/wss40CA.cer")),
-            replaceConfigurationFile("data/xkms/certificates/cas/alice.cer",
-                                     new File("src/test/resources/data/xkms/certificates/cas/alice.cer")),
-            replaceConfigurationFile("data/xkms/certificates/dave.cer",
-                                     new File("src/test/resources/data/xkms/certificates/dave.cer")),
-            replaceConfigurationFile("data/xkms/certificates/http___localhost_8080_services_TestService.cer",
-                                     new File("src/test/resources/data/xkms/certificates/" 
-                                     + "http___localhost_8080_services_TestService.cer")),
-            replaceConfigurationFile("data/xkms/certificates/crls/wss40CACRL.cer",
-                                     new File("src/test/resources/data/xkms/certificates/crls/wss40CACRL.cer")),
-            replaceConfigurationFile("etc/org.apache.cxf.xkms.cfg", getConfigFile()),
-            replaceConfigurationFile("etc/org.ops4j.pax.logging.cfg", 
-                    new File("src/test/resources/etc/org.ops4j.pax.logging.cfg")),
+            copy("data/xkms/certificates/trusted_cas/root.cer"),
+            copy("data/xkms/certificates/trusted_cas/wss40CA.cer"),
+            copy("data/xkms/certificates/cas/alice.cer"),
+            copy("data/xkms/certificates/dave.cer"),
+            copy("data/xkms/certificates/http___localhost_8080_services_TestService.cer"),
+            copy("data/xkms/certificates/crls/wss40CACRL.cer"),
+            copy("etc/org.ops4j.pax.logging.cfg"),
             editConfigurationFilePut("etc/org.ops4j.pax.url.mvn.cfg", "org.ops4j.pax.url.mvn.repositories", REPOS), 
             editConfigurationFilePut("etc/org.ops4j.pax.web.cfg", "org.osgi.service.http.port", HTTP_PORT),
             editConfigurationFilePut("etc/org.apache.cxf.xkms.client.cfg", "xkms.endpoint", XKMS_ENDPOINT),
-            editConfigurationFilePut("etc/org.ops4j.pax.url.mvn.cfg", 
-                                     "org.ops4j.pax.url.mvn.localRepository",
-                                     System.getProperty("localRepository")),
-            features(xkmsFeatures, "cxf-xkms-service", "cxf-xkms-client"),
+            when(localRepository != null)
+                .useOptions(editConfigurationFilePut("etc/org.ops4j.pax.url.mvn.cfg", 
+                            "org.ops4j.pax.url.mvn.localRepository",
+                            localRepository)),
+            features(xkmsFeatures, "cxf-xkms-service", "cxf-xkms-client", "cxf-xkms-ldap"),
             configureConsole().ignoreLocalConsole(),
+            
+            //KarafDistributionOption.keepRuntimeFolder(),
             //CoreOptions.vmOption("-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005")
         };
     }
 
-    protected File getConfigFile() {
-        return new File("src/test/resources/etc/org.apache.cxf.xkms.cfg");
+    private Option copy(String path) {
+        return replaceConfigurationFile(path, new File("src/test/resources/" + path));
+    }
+
+    protected void assertSuccess(LocateResultType result) {
+        Iterator<MessageExtensionAbstractType> it = result.getMessageExtension().iterator();
+        String error = "";
+        if (it.hasNext()) {
+            ResultDetails details = (ResultDetails)it.next();
+            error = details.getDetails();
+        }
+        Assert.assertEquals("Expecting success but got error " + error,
+                            ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SUCCESS.value(),
+                            result.getResultMajor());
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorCRLTest.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorCRLTest.java b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorCRLTest.java
index 3bffbea..4994531 100644
--- a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorCRLTest.java
+++ b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorCRLTest.java
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.xkms.itests.handlers.validator;
 
-import java.io.File;
 import java.io.InputStream;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
@@ -41,10 +40,15 @@ import org.apache.cxf.xkms.model.xmldsig.X509DataType;
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.Configuration;
+import org.ops4j.pax.exam.CoreOptions;
+import org.ops4j.pax.exam.Option;
 import org.ops4j.pax.exam.junit.PaxExam;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut;
+
 @RunWith(PaxExam.class)
 public class ValidatorCRLTest extends BasicIntegrationTest {
     private static final String PATH_TO_RESOURCES = "/data/xkms/certificates/";
@@ -56,9 +60,12 @@ public class ValidatorCRLTest extends BasicIntegrationTest {
     
     private static final Logger LOG = LoggerFactory.getLogger(ValidatorCRLTest.class);
     
-    @Override
-    protected File getConfigFile() {
-        return new File("src/test/resources/etc/org.apache.cxf.xkms_revocation.cfg");
+    @Configuration
+    public Option[] getConfig() {
+        return new Option[] {
+            CoreOptions.composite(super.getConfig()),
+            editConfigurationFilePut("etc/org.apache.cxf.xkms.cfg", "xkms.enableRevocation", "true")
+        };
     }
     
     @Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
index 98e74e7..3195bc5 100644
--- a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
+++ b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
@@ -39,7 +39,6 @@ import org.apache.cxf.xkms.model.xkms.UnverifiedKeyBindingType;
 import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
 import org.apache.cxf.xkms.model.xmldsig.KeyInfoType;
 import org.junit.Assert;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.ops4j.pax.exam.junit.PaxExam;
@@ -63,7 +62,6 @@ public class XKMSServiceTest extends BasicIntegrationTest {
     }
 
     @Test
-    @Ignore
     public void testLocateByEndpoint() throws URISyntaxException, Exception {
         LocateRequestType request = XKMS_OF.createLocateRequestType();
         setGenericRequestParams(request);
@@ -83,8 +81,7 @@ public class XKMSServiceTest extends BasicIntegrationTest {
 
         request.setQueryKeyBinding(queryKeyBindingType);
         LocateResultType result = xkmsService.locate(request);
-        Assert.assertEquals(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SUCCESS.value(),
-                            result.getResultMajor());
+        assertSuccess(result);
         List<UnverifiedKeyBindingType> keyBinding = result.getUnverifiedKeyBinding();
         Assert.assertEquals(1, keyBinding.size());
         KeyInfoType keyInfo = keyBinding.get(0).getKeyInfo();

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKRSSDisableTest.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKRSSDisableTest.java b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKRSSDisableTest.java
index 5481530..03bea7b 100644
--- a/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKRSSDisableTest.java
+++ b/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKRSSDisableTest.java
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.xkms.itests.service;
 
-import java.io.File;
 import java.util.UUID;
 
 import org.apache.cxf.xkms.handlers.XKMSConstants;
@@ -31,15 +30,22 @@ import org.apache.cxf.xkms.model.xkms.ResultMinorEnum;
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.Configuration;
+import org.ops4j.pax.exam.CoreOptions;
+import org.ops4j.pax.exam.Option;
 import org.ops4j.pax.exam.junit.PaxExam;
 
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut;
 
 @RunWith(PaxExam.class)
 public class XKRSSDisableTest extends BasicIntegrationTest {
 
-    @Override
-    protected File getConfigFile() {
-        return new File("src/test/resources/etc/org.apache.cxf.xkms_noXKRSS.cfg");
+    @Configuration
+    public Option[] getConfig() {
+        return new Option[] {
+            CoreOptions.composite(super.getConfig()),
+            editConfigurationFilePut("etc/org.apache.cxf.xkms.cfg", "xkms.enableXKRSS", "false")
+        };
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg b/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg
deleted file mode 100644
index 56cb75d..0000000
--- a/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg
+++ /dev/null
@@ -1,55 +0,0 @@
-#################################################################################
-#
-#    Licensed to the Apache Software Foundation (ASF) under one or more
-#    contributor license agreements.  See the NOTICE file distributed with
-#    this work for additional information regarding copyright ownership.
-#    The ASF licenses this file to You under the Apache License, Version 2.0
-#    (the "License"); you may not use this file except in compliance with
-#    the License.  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-#
-################################################################################
-
-# XKMS configuration properties
-xkms.enableXKRSS=true
-
-# Certificate repository ldap or file
-xkms.certificate.repo=file
-
-# Disable Revocation
-xkms.enableRevocation=false
-
-# Do not log exceptions on server side
-xkms.logExceptions=false
-
-# Filesystem backend
-xkms.file.storageDir=data/xkms/certificates
-
-# LDAP backend
-xkms.ldap.url=ldap://localhost:2389
-xkms.ldap.user=cn=Directory Manager,dc=example,dc=com
-xkms.ldap.pwd=test
-xkms.ldap.retry=2
-xkms.ldap.rootDN=dc=example,dc=com
-
-# LDAP schema
-xkms.ldap.schema.certObjectClass=inetOrgPerson
-xkms.ldap.schema.attrUID=uid
-xkms.ldap.schema.attrIssuerID=manager
-xkms.ldap.schema.attrSerialNumber=employeeNumber
-xkms.ldap.schema.attrCrtBinary=userCertificate;binary
-xkms.ldap.schema.attrCrlBinary=certificateRevocationList;binary
-xkms.ldap.schema.constAttrNamesCSV=sn
-xkms.ldap.schema.constAttrValuesCSV=X509 certificate
-xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
-xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
-xkms.ldap.schema.trustedAuthorities=(&(objectClass=inetOrgPerson)(ou:dn:=rootCAs))
-xkms.ldap.schema.crls=(&(objectClass=inetOrgPerson)(ou:dn:=rootCAs))
-xkms.ldap.schema.intermediates=(&(objectClass=inetOrgPerson)(ou:dn:=intermediateCAs))

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_noXKRSS.cfg
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_noXKRSS.cfg b/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_noXKRSS.cfg
deleted file mode 100644
index aad0369..0000000
--- a/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_noXKRSS.cfg
+++ /dev/null
@@ -1,47 +0,0 @@
-#################################################################################
-#
-#    Licensed to the Apache Software Foundation (ASF) under one or more
-#    contributor license agreements.  See the NOTICE file distributed with
-#    this work for additional information regarding copyright ownership.
-#    The ASF licenses this file to You under the Apache License, Version 2.0
-#    (the "License"); you may not use this file except in compliance with
-#    the License.  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-#
-################################################################################
-
-# XKMS configuration properties
-xkms.enableXKRSS=false
-
-# Certificate repository ldap or file
-xkms.certificate.repo=file
-
-# Filesystem backend
-xkms.file.storageDir=data/xkms/certificates
-
-# LDAP backend
-xkms.ldap.url=ldap://localhost:2389
-xkms.ldap.user=cn=Directory Manager,dc=example,dc=com
-xkms.ldap.pwd=test
-xkms.ldap.retry=2
-xkms.ldap.rootDN=dc=example,dc=com
-
-# LDAP schema
-xkms.ldap.schema.certObjectClass=inetOrgPerson
-xkms.ldap.schema.attrUID=uid
-xkms.ldap.schema.attrIssuerID=manager
-xkms.ldap.schema.attrSerialNumber=employeeNumber
-xkms.ldap.schema.attrCrtBinary=userCertificate;binary
-xkms.ldap.schema.constAttrNamesCSV=sn
-xkms.ldap.schema.constAttrValuesCSV=X509 certificate
-xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
-xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
-xkms.ldap.schema.trustedAuthorities=(&(objectClass=inetOrgPerson)(ou:dn:=rootCAs))
-xkms.ldap.schema.intermediates=(&(objectClass=inetOrgPerson)(ou:dn:=intermediateCAs))

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_revocation.cfg
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_revocation.cfg b/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_revocation.cfg
deleted file mode 100644
index 0860908..0000000
--- a/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_revocation.cfg
+++ /dev/null
@@ -1,52 +0,0 @@
-#################################################################################
-#
-#    Licensed to the Apache Software Foundation (ASF) under one or more
-#    contributor license agreements.  See the NOTICE file distributed with
-#    this work for additional information regarding copyright ownership.
-#    The ASF licenses this file to You under the Apache License, Version 2.0
-#    (the "License"); you may not use this file except in compliance with
-#    the License.  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS,
-#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#    See the License for the specific language governing permissions and
-#    limitations under the License.
-#
-################################################################################
-
-# XKMS configuration properties
-xkms.enableXKRSS=true
-
-# Certificate repository ldap or file
-xkms.certificate.repo=file
-
-# Enable Revocation
-xkms.enableRevocation=true
-
-# Filesystem backend
-xkms.file.storageDir=data/xkms/certificates
-
-# LDAP backend
-xkms.ldap.url=ldap://localhost:2389
-xkms.ldap.user=cn=Directory Manager,dc=example,dc=com
-xkms.ldap.pwd=test
-xkms.ldap.retry=2
-xkms.ldap.rootDN=dc=example,dc=com
-
-# LDAP schema
-xkms.ldap.schema.certObjectClass=inetOrgPerson
-xkms.ldap.schema.attrUID=uid
-xkms.ldap.schema.attrIssuerID=manager
-xkms.ldap.schema.attrSerialNumber=employeeNumber
-xkms.ldap.schema.attrCrtBinary=userCertificate;binary
-xkms.ldap.schema.attrCrlBinary=certificateRevocationList;binary
-xkms.ldap.schema.constAttrNamesCSV=sn
-xkms.ldap.schema.constAttrValuesCSV=X509 certificate
-xkms.ldap.schema.serviceCertRDNTemplate=cn=%s,ou=services
-xkms.ldap.schema.serviceCertUIDTemplate=cn=%s
-xkms.ldap.schema.trustedAuthorities=(&(objectClass=inetOrgPerson)(ou:dn:=rootCAs))
-xkms.ldap.schema.crls=(&(objectClass=inetOrgPerson)(ou:dn:=rootCAs))
-xkms.ldap.schema.intermediates=(&(objectClass=inetOrgPerson)(ou:dn:=intermediateCAs))

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml b/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
index 2da4007..7dd6461 100644
--- a/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
+++ b/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
@@ -14,45 +14,30 @@
         <cm:default-properties>
             <cm:property name="xkms.enableXKRSS" value="true"/>
             <cm:property name="xkms.logExceptions" value="false"/>
-            <cm:property name="xkms.certificate.repo" value="ldap"/>
+            <cm:property name="xkms.certificate.repo" value="file"/>
             <cm:property name="xkms.file.storageDir" value="data/xkms/certificates"/>
-            <cm:property name="xkms.ldap.url" value="tcp:localhost:389"/>
-            <cm:property name="xkms.ldap.user" value=""/>
-            <cm:property name="xkms.ldap.pwd" value=""/>
-            <cm:property name="xkms.ldap.retry" value="2"/>
-            <cm:property name="xkms.ldap.rootDN" value=""/>
             <cm:property name="xkms.enableRevocation" value="true"/>
         </cm:default-properties>
     </cm:property-placeholder>
-    <bean id="ldapSearch" class="org.apache.cxf.xkms.x509.repo.ldap.LdapSearch">
-        <argument value="${xkms.ldap.url}"/>
-        <argument value="${xkms.ldap.user}"/>
-        <argument value="${xkms.ldap.pwd}"/>
-        <argument value="${xkms.ldap.retry}"/>
-    </bean>
-    <bean id="ldapSchemaConfig" class="org.apache.cxf.xkms.x509.repo.ldap.LdapSchemaConfig">
-        <property name="certObjectClass" value="${xkms.ldap.schema.certObjectClass}"/>
-        <property name="attrUID" value="${xkms.ldap.schema.attrUID}"/>
-        <property name="attrIssuerID" value="${xkms.ldap.schema.attrIssuerID}"/>
-        <property name="attrSerialNumber" value="${xkms.ldap.schema.attrSerialNumber}"/>
-        <property name="attrEndpoint" value="${xkms.ldap.schema.attrEndpoint}"/>
-        <property name="attrCrtBinary" value="${xkms.ldap.schema.attrCrtBinary}"/>
-        <property name="attrCrlBinary" value="${xkms.ldap.schema.attrCrlBinary}"/>
-        <property name="constAttrNamesCSV" value="${xkms.ldap.schema.constAttrNamesCSV}"/>
-        <property name="constAttrValuesCSV" value="${xkms.ldap.schema.constAttrValuesCSV}"/>
-        <property name="serviceCertRDNTemplate" value="${xkms.ldap.schema.serviceCertRDNTemplate}"/>
-        <property name="serviceCertUIDTemplate" value="${xkms.ldap.schema.serviceCertUIDTemplate}"/>
-        <property name="trustedAuthorityFilter" value="${xkms.ldap.schema.trustedAuthorities}"/>
-        <property name="crlFilter" value="${xkms.ldap.schema.crls}"/>
-        <property name="intermediateFilter" value="${xkms.ldap.schema.intermediates}"/>
-    </bean>
-    <bean id="certificateRepo" class="org.apache.cxf.xkms.x509.repo.CertificateRepoFactory" factory-method="createRepository">
-        <argument value="${xkms.certificate.repo}"/>
-        <argument ref="ldapSearch"/>
-        <argument ref="ldapSchemaConfig"/>
-        <argument value="${xkms.ldap.rootDN}"/>
-        <argument value="${xkms.file.storageDir}"/>
+    <service interface="org.apache.cxf.xkms.x509.repo.CertificateRepo" activation="eager">
+    	<service-properties>
+    		<entry key="name" value="file"/>
+    	</service-properties>
+    	<bean class="org.apache.cxf.xkms.x509.repo.file.FileCertificateRepo">
+        	<argument value="${xkms.file.storageDir}"/>
+	    </bean>
+    </service>
+    
+    <bean id="certificateRepoFactory" class="org.apache.cxf.xkms.service.CertificateRepoProxyFactory" destroy-method="close">
+    	<argument value="org.apache.cxf.xkms.x509.repo.CertificateRepo"/>
+    	<argument value="(name=${xkms.certificate.repo})"/>
+    	<argument ref="blueprintBundleContext"/>
     </bean>
+    
+    <bean id="certificateRepo" class="org.apache.cxf.xkms.service.CertificateRepoProxyFactory"
+    	factory-ref="certificateRepoFactory" 
+    	factory-method="create"/>
+
     <bean id="dateValidator" class="org.apache.cxf.xkms.x509.validator.DateValidator"/>
     <bean id="trustedAuthorityValidator" class="org.apache.cxf.xkms.x509.validator.TrustedAuthorityValidator">
         <argument ref="certificateRepo"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-service/pom.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-service/pom.xml b/services/xkms/xkms-service/pom.xml
index 355642d..e6c2f19 100644
--- a/services/xkms/xkms-service/pom.xml
+++ b/services/xkms/xkms-service/pom.xml
@@ -42,6 +42,16 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
+        	<groupId>org.osgi</groupId>
+        	<artifactId>org.osgi.core</artifactId>
+        	<scope>provided</scope>
+        </dependency>
+        <dependency>
+        	<groupId>org.osgi</groupId>
+        	<artifactId>org.osgi.compendium</artifactId>
+        	<scope>provided</scope>
+        </dependency>
+        <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <scope>test</scope>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/CertificateRepoProxyFactory.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/CertificateRepoProxyFactory.java b/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/CertificateRepoProxyFactory.java
new file mode 100644
index 0000000..fc65f9e
--- /dev/null
+++ b/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/CertificateRepoProxyFactory.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.service;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Proxy;
+
+import org.apache.cxf.xkms.x509.repo.CertificateRepo;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Filter;
+import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.util.tracker.ServiceTracker;
+
+public class CertificateRepoProxyFactory {
+    private ServiceTracker tracker;
+    private CertificateRepo proxy;
+
+    public CertificateRepoProxyFactory(Class<?> serviceInterface, String filterSt, BundleContext context) {
+        Filter filter = createFilter(filterSt, context);
+        this.tracker = new ServiceTracker(context, filter , null);
+        this.tracker.open();
+        Class<?>[] interfaces = new Class<?>[]{serviceInterface};
+        InvocationHandler handler = new NamedServiceProxy(tracker, filterSt);
+        proxy = (CertificateRepo)Proxy.newProxyInstance(serviceInterface.getClassLoader(), interfaces , handler);
+    }
+
+    private Filter createFilter(String filterSt, BundleContext context) {
+        try {
+            return context.createFilter(filterSt);
+        } catch (InvalidSyntaxException e) {
+            throw new IllegalArgumentException("Invalid filter " + filterSt, e);
+        }
+    }
+    
+    public CertificateRepo create() {
+        return proxy;
+    }
+    
+    public void close() {
+        this.tracker.close();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/NamedServiceProxy.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/NamedServiceProxy.java b/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/NamedServiceProxy.java
new file mode 100644
index 0000000..9ec9a31
--- /dev/null
+++ b/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/NamedServiceProxy.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.service;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+
+import org.osgi.util.tracker.ServiceTracker;
+
+public class NamedServiceProxy implements InvocationHandler {
+    private ServiceTracker tracker;
+    private String filter;
+
+    public NamedServiceProxy(ServiceTracker tracker, String filter) {
+        this.tracker = tracker;
+        this.filter = filter;
+    }
+
+    @Override
+    public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
+        Object service = tracker.getService();
+        if (service == null) {
+            throw new IllegalStateException("No service found for filter: " + filter);
+        }
+        return method.invoke(service, args);
+    }
+
+    public void close() {
+        tracker.close();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-war/pom.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-war/pom.xml b/services/xkms/xkms-war/pom.xml
index 9055c1e..05c3348 100644
--- a/services/xkms/xkms-war/pom.xml
+++ b/services/xkms/xkms-war/pom.xml
@@ -65,6 +65,11 @@
             <artifactId>cxf-services-xkms-x509-handlers</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.services.xkms</groupId>
+            <artifactId>cxf-services-xkms-x509-repo-ldap</artifactId>
+            <version>${project.version}</version>
+        </dependency>
     </dependencies>
     <profiles>
         <profile>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-x509-handlers/pom.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/pom.xml b/services/xkms/xkms-x509-handlers/pom.xml
index 9e3ae59..c958828 100644
--- a/services/xkms/xkms-x509-handlers/pom.xml
+++ b/services/xkms/xkms-x509-handlers/pom.xml
@@ -46,6 +46,17 @@
             <artifactId>slf4j-api</artifactId>
         </dependency>
         <dependency>
+        	<groupId>org.osgi</groupId>
+        	<artifactId>org.osgi.core</artifactId>
+        	<scope>provided</scope>
+        </dependency>
+        <dependency>
+        	<groupId>org.osgi</groupId>
+        	<artifactId>org.osgi.compendium</artifactId>
+        	<scope>provided</scope>
+        </dependency>
+
+        <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <scope>test</scope>

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
deleted file mode 100644
index c6c004d..0000000
--- a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.xkms.x509.repo;
-
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
-
-public interface CertificateRepo {
-    List<X509Certificate> getTrustedCaCerts();
-    List<X509Certificate> getCaCerts();
-    List<X509CRL> getCRLs();
-    void saveCertificate(X509Certificate cert, UseKeyWithType key);
-    X509Certificate findBySubjectDn(String dn);
-    X509Certificate findByServiceName(String serviceName);
-    X509Certificate findByEndpoint(String endpoint);
-    X509Certificate findByIssuerSerial(String issuer, String serial);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepoFactory.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepoFactory.java b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepoFactory.java
deleted file mode 100644
index 7a05697..0000000
--- a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepoFactory.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.xkms.x509.repo;
-
-import org.apache.cxf.xkms.x509.repo.file.FileCertificateRepo;
-import org.apache.cxf.xkms.x509.repo.ldap.LdapCertificateRepo;
-import org.apache.cxf.xkms.x509.repo.ldap.LdapSchemaConfig;
-import org.apache.cxf.xkms.x509.repo.ldap.LdapSearch;
-
-public final class CertificateRepoFactory {
-
-    private CertificateRepoFactory() {
-    }
-
-    public static CertificateRepo createRepository(String type, LdapSearch ldapSearch,
-                                                   LdapSchemaConfig ldapSchemaConfig, String rootDN,
-                                                   String storageDir) {
-        if ("ldap".equals(type)) {
-            return new LdapCertificateRepo(ldapSearch, ldapSchemaConfig, rootDN);
-        } else if ("file".equals(type)) {
-            return new FileCertificateRepo(storageDir);
-        } else {
-            throw new RuntimeException("Invalid repo type " + type + ". Valid types are file, ldap");
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
deleted file mode 100644
index b28e6ba..0000000
--- a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
+++ /dev/null
@@ -1,299 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.xkms.x509.repo.ldap;
-
-import java.io.ByteArrayInputStream;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import java.util.regex.Matcher;
-
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.SearchResult;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.xkms.handlers.Applications;
-import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
-import org.apache.cxf.xkms.x509.repo.CertificateRepo;
-
-public class LdapCertificateRepo implements CertificateRepo {
-    private static final Logger LOG = LogUtils.getL7dLogger(LdapCertificateRepo.class);
-    private static final String ATTR_OBJECT_CLASS = "objectClass";
-
-    private LdapSearch ldapSearch;
-    private String rootDN;
-    private CertificateFactory certificateFactory;
-    private final LdapSchemaConfig ldapConfig;
-    private final String filterUIDTemplate;
-    private final String filterIssuerSerialTemplate;
-
-    /**
-     * 
-     * @param ldapSearch
-     * @param rootDN rootDN of the LDAP tree 
-     * @param trustedAuthorityFilter 
-     * @param intermediateFilter
-     * @param attrName
-     */
-    public LdapCertificateRepo(LdapSearch ldapSearch, LdapSchemaConfig ldapConfig, String rootDN) {
-        this.ldapSearch = ldapSearch;
-        this.ldapSearch = ldapSearch;
-        this.ldapConfig = ldapConfig;
-        this.rootDN = rootDN;
-        try {
-            this.certificateFactory = CertificateFactory.getInstance("X.509");
-        } catch (CertificateException e) {
-            LOG.log(Level.SEVERE, e.getMessage(), e);
-        }
-        filterUIDTemplate = "(" + ldapConfig.getAttrUID() + "=%s)";
-        filterIssuerSerialTemplate = "(&(" + ldapConfig.getAttrIssuerID() + "=%s)(" + ldapConfig.getAttrSerialNumber()
-            + "=%s))";
-    }
-
-    @Override
-    public List<X509Certificate> getTrustedCaCerts() {
-        return getCertificatesFromLdap(rootDN, ldapConfig.getTrustedAuthorityFilter(), ldapConfig.getAttrCrtBinary());
-    }
-
-    @Override
-    public List<X509Certificate> getCaCerts() {
-        return getCertificatesFromLdap(rootDN, ldapConfig.getIntermediateFilter(), ldapConfig.getAttrCrtBinary());
-    }
-    
-    @Override
-    public List<X509CRL> getCRLs() {
-        return getCRLsFromLdap(rootDN, ldapConfig.getCrlFilter(), ldapConfig.getAttrCrlBinary());
-    }
-
-    private List<X509Certificate> getCertificatesFromLdap(String tmpRootDN, String tmpFilter, String tmpAttrName) {
-        try {
-            List<X509Certificate> certificates = new ArrayList<X509Certificate>();
-            NamingEnumeration<SearchResult> answer = ldapSearch.searchSubTree(tmpRootDN, tmpFilter);
-            while (answer.hasMore()) {
-                SearchResult sr = answer.next();
-                Attributes attrs = sr.getAttributes();
-                Attribute attribute = attrs.get(tmpAttrName);
-                if (attribute != null) {
-                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
-                    X509Certificate certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(
-                            (byte[]) attribute.get()));
-                    certificates.add(certificate);
-                }
-            }
-            return certificates;
-        } catch (CertificateException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        } catch (NamingException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        }
-    }
-    
-    private List<X509CRL> getCRLsFromLdap(String tmpRootDN, String tmpFilter, String tmpAttrName) {
-        try {
-            List<X509CRL> crls = new ArrayList<X509CRL>();
-            NamingEnumeration<SearchResult> answer = ldapSearch.searchSubTree(tmpRootDN, tmpFilter);
-            while (answer.hasMore()) {
-                SearchResult sr = answer.next();
-                Attributes attrs = sr.getAttributes();
-                Attribute attribute = attrs.get(tmpAttrName);
-                if (attribute != null) {
-                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
-                    X509CRL crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(
-                            (byte[]) attribute.get()));
-                    crls.add(crl);
-                }
-            }
-            return crls;
-        } catch (CertificateException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        } catch (NamingException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        } catch (CRLException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        }
-    }
-
-    private void saveCertificate(X509Certificate cert, String dn, Map<String, String> appAttrs) {
-        Attributes attribs = new BasicAttributes();
-        attribs.put(new BasicAttribute(ATTR_OBJECT_CLASS, ldapConfig.getCertObjectClass()));
-        attribs.put(new BasicAttribute(ldapConfig.getAttrUID(), cert.getSubjectX500Principal().getName()));
-        attribs.put(new BasicAttribute(ldapConfig.getAttrIssuerID(), cert.getIssuerX500Principal().getName()));
-        attribs.put(new BasicAttribute(ldapConfig.getAttrSerialNumber(), cert.getSerialNumber().toString(16)));
-        addConstantAttributes(ldapConfig.getConstAttrNamesCSV(), ldapConfig.getConstAttrValuesCSV(), attribs);
-        if ((appAttrs != null) && (!appAttrs.isEmpty())) {
-            for (String attrName : appAttrs.keySet()) {
-                attribs.put(new BasicAttribute(attrName, appAttrs.get(attrName)));
-            }
-        }
-        try {
-            attribs.put(new BasicAttribute(ldapConfig.getAttrCrtBinary(), cert.getEncoded()));
-            ldapSearch.bind(dn, attribs);
-        } catch (Exception e) {
-            throw new RuntimeException(e.getMessage(), e);
-        }
-    }
-    
-    private void addConstantAttributes(String names, String values, Attributes attribs) {
-        String[] arrNames = names.split(",");
-        String[] arrValues = values.split(",");
-        if (arrNames.length != arrValues.length) {
-            throw new IllegalArgumentException(
-                      String.format("Inconsintent constant attributes: %s; %s",  names, values));
-        }
-        for (int i = 0; i < arrNames.length; i++) {
-            attribs.put(new BasicAttribute(arrNames[i], arrValues[i]));
-        }
-    }
-
-    @Override
-    public X509Certificate findBySubjectDn(String id) {
-        X509Certificate cert = null;
-        try {
-            String dn = id;
-            if ((rootDN != null) && !(rootDN.isEmpty())) {
-                dn = dn + "," + rootDN;
-            }
-            cert = getCertificateForDn(dn);
-        } catch (NamingException e) {
-             // Not found
-        }
-        // Try to find certificate by search for uid attribute
-        try {
-            cert = getCertificateForUIDAttr(id);
-        } catch (NamingException e) {
-            // Not found
-        }
-        return cert;
-    }
-    
-    @Override
-    public X509Certificate findByServiceName(String serviceName) {
-        X509Certificate cert = null;
-        try {
-            String dn = getDnForIdentifier(serviceName);
-            cert = getCertificateForDn(dn);
-        } catch (NamingException e) {
-            // Not found
-        }
-        // Try to find certificate by search for uid attribute
-        try {
-            String uidAttr = String.format(ldapConfig.getServiceCertUIDTemplate(), serviceName);
-            cert = getCertificateForUIDAttr(uidAttr);
-        } catch (NamingException e) {
-            // Not found
-        }
-        return cert;
-    }
-
-    @Override
-    public X509Certificate findByEndpoint(String endpoint) {
-        X509Certificate cert = null;
-        String filter = String.format("(%s=%s)", ldapConfig.getAttrEndpoint(), endpoint);
-        try {
-            Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
-            cert = getCert(attr);
-        } catch (NamingException e) {
-            // Not found
-        }
-        return cert;
-    }
-
-    
-    private String getDnForIdentifier(String id) {
-        String escapedIdentifier = id.replaceAll("\\/", Matcher.quoteReplacement("\\/"));
-        return String.format(ldapConfig.getServiceCertRDNTemplate(), escapedIdentifier) + "," + rootDN;
-    }
-
-    private X509Certificate getCertificateForDn(String dn) throws NamingException {
-        Attribute attr = ldapSearch.getAttribute(dn, ldapConfig.getAttrCrtBinary());
-        return getCert(attr);
-    }
-    
-    private X509Certificate getCertificateForUIDAttr(String uid) throws NamingException {
-        String filter = String.format(filterUIDTemplate, uid);
-        Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
-        return getCert(attr);
-    }
-
-    @Override
-    public X509Certificate findByIssuerSerial(String issuer, String serial) {
-        if ((issuer == null) || (serial == null)) {
-            throw new IllegalArgumentException("Issuer and serial applications are expected in request");
-        }
-        String filter = String.format(filterIssuerSerialTemplate, issuer, serial);
-        try {
-            Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
-            return getCert(attr);
-        } catch (NamingException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        }
-    }
-    
-    private X509Certificate getCert(Attribute attr) {
-        if (attr == null) {
-            return null;
-        }
-        byte[] data;
-        try {
-            data = (byte[]) attr.get();
-        } catch (NamingException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        }
-        if (data == null) {
-            return null;
-        }
-        try {
-            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(data));
-        } catch (CertificateException e) {
-            throw new RuntimeException("Error deserializing certificate: " + e.getMessage(), e);
-        }
-    }
-
-    @Override
-    public void saveCertificate(X509Certificate cert, UseKeyWithType key) {
-        Applications application = Applications.fromUri(key.getApplication());
-        String dn = null;
-        Map<String, String> attrs = new HashMap<String, String>();
-        if (application == Applications.PKIX) {
-            dn = key.getIdentifier() + "," + rootDN;
-        } else if (application == Applications.SERVICE_NAME) {
-            dn = getDnForIdentifier(key.getIdentifier());
-        } else if (application == Applications.SERVICE_ENDPOINT) {
-            attrs.put(ldapConfig.getAttrEndpoint(), key.getIdentifier());
-            dn = getDnForIdentifier(key.getIdentifier());
-        } else {
-            throw new IllegalArgumentException("Unsupported Application " + application);
-        }
-        saveCertificate(cert, dn, attrs);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
deleted file mode 100644
index 6dfe653..0000000
--- a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.xkms.x509.repo.ldap;
-
-public class LdapSchemaConfig {
-    private String certObjectClass = "inetOrgPerson";
-    private String attrUID = "uid";
-    private String attrIssuerID = "manager";
-    private String attrSerialNumber = "employeeNumber";
-    private String attrEndpoint = "labeledURI";
-    private String attrCrtBinary = "userCertificate;binary";
-    private String attrCrlBinary = "certificateRevocationList;binary";
-    private String constAttrNamesCSV = "sn";
-    private String constAttrValuesCSV = "X509 certificate";
-    private String serviceCertRDNTemplate = "cn=%s,ou=services";
-    private String serviceCertUIDTemplate = "cn=%s";
-    private String trustedAuthorityFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
-    private String intermediateFilter = "(objectClass=*)";
-    private String crlFilter = "(&(objectClass=inetOrgPerson)(ou:dn:=CAs))";
-
-    public String getCertObjectClass() {
-        return certObjectClass;
-    }
-
-    public void setCertObjectClass(String crtObjectClass) {
-        this.certObjectClass = crtObjectClass;
-    }
-
-    public String getAttrUID() {
-        return attrUID;
-    }
-
-    public void setAttrUID(String attrUID) {
-        this.attrUID = attrUID;
-    }
-
-    public String getAttrIssuerID() {
-        return attrIssuerID;
-    }
-
-    public void setAttrIssuerID(String attrIssuerID) {
-        this.attrIssuerID = attrIssuerID;
-    }
-
-    public String getAttrSerialNumber() {
-        return attrSerialNumber;
-    }
-
-    public void setAttrSerialNumber(String attrSerialNumber) {
-        this.attrSerialNumber = attrSerialNumber;
-    }
-
-    public String getAttrCrtBinary() {
-        return attrCrtBinary;
-    }
-
-    public void setAttrCrtBinary(String attrCrtBinary) {
-        this.attrCrtBinary = attrCrtBinary;
-    }
-
-    public String getConstAttrNamesCSV() {
-        return constAttrNamesCSV;
-    }
-
-    public void setConstAttrNamesCSV(String constAttrNamesCSV) {
-        this.constAttrNamesCSV = constAttrNamesCSV;
-    }
-
-    public String getConstAttrValuesCSV() {
-        return constAttrValuesCSV;
-    }
-
-    public void setConstAttrValuesCSV(String constAttrValuesCSV) {
-        this.constAttrValuesCSV = constAttrValuesCSV;
-    }
-
-    public String getServiceCertRDNTemplate() {
-        return serviceCertRDNTemplate;
-    }
-
-    public void setServiceCertRDNTemplate(String serviceCrtRDNTemplate) {
-        this.serviceCertRDNTemplate = serviceCrtRDNTemplate;
-    }
-
-    public String getServiceCertUIDTemplate() {
-        return serviceCertUIDTemplate;
-    }
-
-    public void setServiceCertUIDTemplate(String serviceCrtUIDTemplate) {
-        this.serviceCertUIDTemplate = serviceCrtUIDTemplate;
-    }
-
-    public String getTrustedAuthorityFilter() {
-        return trustedAuthorityFilter;
-    }
-
-    public void setTrustedAuthorityFilter(String trustedAuthorityFilter) {
-        this.trustedAuthorityFilter = trustedAuthorityFilter;
-    }
-
-    public String getIntermediateFilter() {
-        return intermediateFilter;
-    }
-
-    public void setIntermediateFilter(String intermediateFilter) {
-        this.intermediateFilter = intermediateFilter;
-    }
-
-    public String getCrlFilter() {
-        return crlFilter;
-    }
-
-    public void setCrlFilter(String crlFilter) {
-        this.crlFilter = crlFilter;
-    }
-
-    public String getAttrCrlBinary() {
-        return attrCrlBinary;
-    }
-
-    public void setAttrCrlBinary(String attrCrlBinary) {
-        this.attrCrlBinary = attrCrlBinary;
-    }
-
-    public String getAttrEndpoint() {
-        return attrEndpoint;
-    }
-
-    public void setAttrEndpoint(String attrEndpoint) {
-        this.attrEndpoint = attrEndpoint;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSearch.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSearch.java b/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSearch.java
deleted file mode 100644
index 7e42db3..0000000
--- a/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSearch.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.xkms.x509.repo.ldap;
-
-import java.util.Hashtable;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.naming.CommunicationException;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.InitialLdapContext;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.xkms.exception.XKMSException;
-import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
-import org.apache.cxf.xkms.model.xkms.ResultMinorEnum;
-
-public class LdapSearch {
-    private static final String SECURITY_AUTHENTICATION = "simple";
-    private static final Logger LOG = LogUtils.getL7dLogger(LdapSearch.class);
-    
-    private String ldapuri;
-    private String bindDN;
-    private String bindPassword;
-    private int numRetries;
-    
-    private InitialDirContext dirContext;
-
-    public LdapSearch(String ldapuri, String bindDN, String bindPassword, int numRetries) {
-        this.ldapuri = ldapuri;
-        this.bindDN = bindDN;
-        this.bindPassword = bindPassword;
-        this.numRetries = numRetries;
-    }
-
-    //CHECKSTYLE:OFF
-    private InitialDirContext createInitialContext() throws NamingException {
-        Hashtable<String, String> env = new Hashtable<String, String>(5);
-        env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-        env.put(javax.naming.Context.PROVIDER_URL, ldapuri.toString());
-        env.put(javax.naming.Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
-        env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindDN);
-        env.put(javax.naming.Context.SECURITY_CREDENTIALS, bindPassword);
-        return new InitialLdapContext(env, null);
-    }
-    //CHECKSTYLE:ON
-
-    public NamingEnumeration<SearchResult> searchSubTree(String rootEntry, String filter) throws NamingException {
-        int retry = 0;
-        while (true) {
-            try {
-                if (this.dirContext == null) {
-                    this.dirContext = createInitialContext();
-                }
-                SearchControls ctls = new SearchControls();
-                ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
-                return dirContext.search(rootEntry, filter, ctls);
-            } catch (CommunicationException e) {
-                LOG.log(Level.WARNING, "Error in ldap search: " + e.getMessage(), e);
-                this.dirContext = null;
-                retry++;
-                if (retry >= numRetries) {
-                    throw new XKMSException(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_RECEIVER,
-                                            ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_FAILURE, "Backend failure");
-                }
-            }
-        }
-    }
-    
-    public Attributes getAttributes(String dn) throws NamingException {
-        int retry = 0;
-        while (true) {
-            try {
-                if (this.dirContext == null) {
-                    this.dirContext = createInitialContext();
-                }
-                return dirContext.getAttributes(dn);
-            } catch (CommunicationException e) {
-                LOG.log(Level.WARNING, "Error in ldap search: " + e.getMessage(), e);
-                this.dirContext = null;
-                retry++;
-                if (retry >= numRetries) {
-                    throw new XKMSException(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_RECEIVER,
-                                            ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_FAILURE, "Backend failure");
-                }
-            }
-        }
-    }
-    
-    public Attribute getAttribute(String dn, String attrName) throws NamingException {
-        Attribute attr = getAttributes(dn).get(attrName);
-        if (attr != null) {
-            return attr;
-        }
-        throw new RuntimeException("Did not find a matching attribute for dn: " + dn 
-                                   + " attributeName: " + attrName);
-    }
-    
-    public Attributes findAttributes(String rootDN, String filter) throws NamingException {
-        NamingEnumeration<SearchResult> answer = searchSubTree(rootDN, filter);
-        if (answer.hasMore()) {
-            SearchResult sr = answer.next();
-            return sr.getAttributes();
-        } else {
-            return null;
-        }
-    }
-
-    public Attribute findAttribute(String rootDN, String filter, String attrName) throws NamingException {
-        Attributes attrs = findAttributes(rootDN, filter);
-        if (attrs != null) {
-            Attribute attr = attrs.get(attrName);
-            if (attr == null) {
-                throw new RuntimeException("Did not find a matching attribute for root: " + rootDN 
-                                           + " filter: " + filter + " attributeName: " + attrName);
-            }
-            return attr;
-        } 
-        return null;
-    }
-
-    public void bind(String dn, Attributes attribs) throws NamingException {
-        int retry = 0;
-        while (true) {
-            try {
-                if (this.dirContext == null) {
-                    this.dirContext = createInitialContext();
-                }
-                dirContext.bind(dn, null, attribs);
-                return;
-            } catch (CommunicationException e) {
-                LOG.log(Level.WARNING, "Error in ldap search: " + e.getMessage(), e);
-                this.dirContext = null;
-                retry++;
-                if (retry >= numRetries) {
-                    throw new XKMSException(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_RECEIVER,
-                                            ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_FAILURE, "Backend failure");
-                }
-            }
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/037abfeb/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java b/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
deleted file mode 100644
index 167eb0c..0000000
--- a/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.xkms.x509.repo.ldap;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.net.URISyntaxException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-
-import org.apache.cxf.xkms.handlers.Applications;
-import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
-import org.apache.cxf.xkms.x509.repo.CertificateRepo;
-import org.easymock.EasyMock;
-import org.easymock.IMocksControl;
-import org.junit.Assert;
-import org.junit.Ignore;
-import org.junit.Test;
-
-/**
- * Tests need a real ldap server
- */
-public class LDAPCertificateRepoTest {
-    private static final String EXPECTED_SUBJECT_DN = "CN=www.issuer.com, L=CGN, ST=NRW, C=DE, O=Issuer";
-    private static final String ROOT_DN = "dc=example,dc=com";
-    private static final String EXPECTED_SUBJECT_DN2 = "CN=www.issuer.com,L=CGN,ST=NRW,C=DE,O=Issuer";
-    private static final String EXPECTED_SERVICE_URI = "http://myservice.apache.org/MyServiceName";
-    private static final String EXPECTED_DN_FOR_SERVICE = 
-            "cn=http:\\/\\/myservice.apache.org\\/MyServiceName,ou=services";
-    private static final LdapSchemaConfig LDAP_CERT_CONFIG = new LdapSchemaConfig();
-
-    @Test
-    @Ignore
-    public void testFindUserCert() throws URISyntaxException, NamingException, CertificateException {
-        CertificateRepo persistenceManager = createLdapCertificateRepo();
-        testFindBySubjectDnInternal(persistenceManager);
-    }
-
-    @Test
-    @Ignore
-    public void testFindUserCertForNonExistantDn() throws URISyntaxException, NamingException, CertificateException {
-        CertificateRepo persistenceManager = createLdapCertificateRepo();
-        X509Certificate cert = persistenceManager.findBySubjectDn("CN=wrong");
-        Assert.assertNull("Certifiacte should be null", cert);
-    }
-
-    @Test
-    @Ignore
-    public void testFindServiceCert() throws URISyntaxException, NamingException, CertificateException {
-        CertificateRepo persistenceManager = createLdapCertificateRepo();
-        String serviceUri = "cn=http:\\/\\/myservice.apache.org\\/MyServiceName,ou=services";
-        X509Certificate cert = persistenceManager.findByServiceName(serviceUri);
-        Assert.assertEquals(EXPECTED_SUBJECT_DN, cert.getSubjectDN().toString());
-    }
-
-    @Test
-    @Ignore
-    public void testSave() throws Exception {
-        CertificateRepo persistenceManager = createLdapCertificateRepo();
-        File certFile = new File("src/test/java/cert1.cer");
-        Assert.assertTrue(certFile.exists());
-        FileInputStream fis = new FileInputStream(certFile);
-        CertificateFactory factory = CertificateFactory.getInstance("X.509");
-        X509Certificate cert = (X509Certificate) factory.generateCertificate(fis);
-
-        UseKeyWithType key = new UseKeyWithType();
-        key.setApplication(Applications.PKIX.getUri());
-        key.setIdentifier(EXPECTED_SUBJECT_DN);
-        persistenceManager.saveCertificate(cert, key);
-        testFindBySubjectDnInternal(persistenceManager);
-    }
-
-    private CertificateRepo createLdapCertificateRepo() throws CertificateException {
-        LdapSearch ldapSearch = new LdapSearch("ldap://localhost:2389", 
-            "cn=Directory Manager,dc=example,dc=com", "test", 2);
-        return new LdapCertificateRepo(ldapSearch, LDAP_CERT_CONFIG, "dc=example,dc=com");
-    }
-
-    private void testFindBySubjectDnInternal(CertificateRepo persistenceManager) throws CertificateException {
-        X509Certificate cert2 = persistenceManager.findBySubjectDn(EXPECTED_SUBJECT_DN);
-        Assert.assertEquals(EXPECTED_SUBJECT_DN, cert2.getSubjectDN().toString());
-    }
-    
-    @Test
-    public void testSaveUserCert() throws Exception {
-        IMocksControl c = EasyMock.createControl();
-        LdapSearch ldapSearch = c.createMock(LdapSearch.class);
-        ldapSearch.bind(EasyMock.eq(EXPECTED_SUBJECT_DN2 + "," + ROOT_DN), EasyMock.anyObject(Attributes.class));
-        EasyMock.expectLastCall().once();
-        LdapCertificateRepo ldapCertRepo = new LdapCertificateRepo(ldapSearch, LDAP_CERT_CONFIG, ROOT_DN);
-        X509Certificate cert = getTestCert();
-
-        c.replay();
-        UseKeyWithType key = new UseKeyWithType();
-        key.setApplication(Applications.PKIX.getUri());
-        key.setIdentifier(EXPECTED_SUBJECT_DN2);
-        ldapCertRepo.saveCertificate(cert, key);
-        c.verify();
-    }
-
-    @Test
-    public void testSaveServiceCert() throws Exception {
-        IMocksControl c = EasyMock.createControl();
-        LdapSearch ldapSearch = c.createMock(LdapSearch.class);
-        ldapSearch.bind(EasyMock.eq(EXPECTED_DN_FOR_SERVICE + "," + ROOT_DN), EasyMock.anyObject(Attributes.class));
-        EasyMock.expectLastCall().once();
-        LdapCertificateRepo ldapCertRepo = new LdapCertificateRepo(ldapSearch, LDAP_CERT_CONFIG, ROOT_DN);
-        X509Certificate cert = getTestCert();
-
-        c.replay();
-        UseKeyWithType key = new UseKeyWithType();
-        key.setApplication(Applications.SERVICE_NAME.getUri());
-        key.setIdentifier(EXPECTED_SERVICE_URI);
-        ldapCertRepo.saveCertificate(cert, key);
-        c.verify();
-    }
-
-    private X509Certificate getTestCert() throws FileNotFoundException, CertificateException {
-        File certFile = new File("src/test/resources/cert1.cer");
-        Assert.assertTrue(certFile.exists());
-        FileInputStream fis = new FileInputStream(certFile);
-        CertificateFactory factory = CertificateFactory.getInstance("X.509");
-        return (X509Certificate) factory.generateCertificate(fis);
-    }
-}


Mime
View raw message