This is an automated email from the ASF dual-hosted git repository. jiriondrusek pushed a commit to branch camel-main in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit eb124ae8ce7e8b2ae5f123ee275e4ff189ff5280 Author: Jiri Ondrusek <[email protected]> AuthorDate: Wed Nov 5 17:05:28 2025 +0100 Generates certificates for cxf security tests --- Co-authored-by: gansheer <[email protected]> --- .../cxf-soap/cxf-soap-ws-trust/generate-certs.sh | 80 +++++++++++++++++++++ .../it/ws/trust/server/ServerCallbackHandler.java | 2 +- .../soap/it/ws/trust/sts/StsCallbackHandler.java | 2 +- .../src/main/resources/actasstore.pkcs12 | Bin 0 -> 3640 bytes .../src/main/resources/serviceKeystore.properties | 7 +- .../src/main/resources/servicestore.jks | Bin 3475 -> 0 bytes .../src/main/resources/servicestore.pkcs12 | Bin 0 -> 4751 bytes .../src/main/resources/stsKeystore.properties | 7 +- .../src/main/resources/stsstore.jks | Bin 5570 -> 0 bytes .../src/main/resources/stsstore.pkcs12 | Bin 0 -> 6711 bytes .../soap/it/ws/trust/ClientCallbackHandler.java | 4 +- .../src/test/resources/clientKeystore.properties | 6 +- .../src/test/resources/clientstore.jks | Bin 5571 -> 0 bytes .../src/test/resources/clientstore.pkcs12 | Bin 0 -> 6717 bytes 14 files changed, 95 insertions(+), 13 deletions(-) diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/generate-certs.sh b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/generate-certs.sh new file mode 100755 index 0000000000..9f4a5881e0 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/generate-certs.sh @@ -0,0 +1,80 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +set -e +set -x + +keySize=2048 +days=10000 +password="password" +encryptionAlgo="aes-256-cbc" + +workDir="target/openssl-work" +destinationDir="src/main/resources" +destinationTestDir="src/test/resources" + +# see https://stackoverflow.com/a/54924640 +export MSYS_NO_PATHCONV=1 + +if [[ -n "${JAVA_HOME}" ]] ; then + keytool="$JAVA_HOME/bin/keytool" +elif ! [[ -x "$(command -v keytool)" ]] ; then + echo 'Error: Either add keytool to PATH or set JAVA_HOME' >&2 + exit 1 +else + keytool="keytool" +fi + +if ! [[ -x "$(command -v openssl)" ]] ; then + echo 'Error: openssl is not installed.' >&2 + exit 1 +fi + +mkdir -p "$workDir" +mkdir -p "$destinationDir" + +# Certificate authority +openssl genrsa -out "$workDir/cxfca.key" $keySize +openssl req -x509 -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' -key "$workDir/cxfca.key" -nodes -out "$workDir/cxfca.pem" -days $days -extensions v3_req +openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' -x509 -key "$workDir/cxfca.key" -days $days -out "$workDir/cxfca.crt" + +for actor in client service sts actas; do + # Generate keys + openssl genrsa -out "$workDir/$actor.key" $keySize + + # Generate certificates + openssl req -new -subj "/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=$actor" -key "$workDir/$actor.key" -out "$workDir/$actor.csr" + openssl x509 -req -in "$workDir/$actor.csr" -CA "$workDir/cxfca.pem" -CAkey "$workDir/cxfca.key" -CAcreateserial -days $days -out "$workDir/$actor.crt" + + # Export keystores + openssl pkcs12 -export -in "$workDir/$actor.crt" -inkey "$workDir/$actor.key" -certfile "$workDir/cxfca.crt" -name "my${actor}key" -out "$destinationDir/${actor}store.pkcs12" -passout pass:"$password" -keypbe "$encryptionAlgo" -certpbe "$encryptionAlgo" +done + +keytool -import -trustcacerts -alias mystskey -file "$workDir/sts.crt" -noprompt -keystore "$destinationDir/servicestore.pkcs12" -storepass "$password" + +keytool -import -trustcacerts -alias actasclient -file "$workDir/actas.crt" -noprompt -keystore "$destinationDir/stsstore.pkcs12" -storepass "$password" +keytool -import -trustcacerts -alias myclientkey -file "$workDir/client.crt" -noprompt -keystore "$destinationDir/stsstore.pkcs12" -storepass "$password" +keytool -import -trustcacerts -alias myservicekey -file "$workDir/service.crt" -noprompt -keystore "$destinationDir/stsstore.pkcs12" -storepass "$password" + +keytool -import -trustcacerts -alias myactaskey -file "$workDir/actas.crt" -noprompt -keystore "$destinationDir/clientstore.pkcs12" -storepass "$password" +keytool -import -trustcacerts -alias myservicekey -file "$workDir/service.crt" -noprompt -keystore "$destinationDir/clientstore.pkcs12" -storepass "$password" +keytool -import -trustcacerts -alias mystskey -file "$workDir/sts.crt" -noprompt -keystore "$destinationDir/clientstore.pkcs12" -storepass "$password" + +mv "$destinationDir/clientstore.pkcs12" "$destinationTestDir/clientstore.pkcs12" +rm "$destinationDir/actasstore.pkcs12" \ No newline at end of file diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java index 9579a3e249..0ce9b4ab59 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java @@ -25,6 +25,6 @@ import org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common.PasswordCa public class ServerCallbackHandler extends PasswordCallbackHandler { public ServerCallbackHandler() { - super(Map.of("myservicekey", "skpass")); + super(Map.of("myservicekey", "password")); } } diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java index 68e4b2e874..242b2272a7 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java @@ -26,7 +26,7 @@ public class StsCallbackHandler extends PasswordCallbackHandler { public StsCallbackHandler() { super(Map.of( - "mystskey", "stskpass", + "mystskey", "password", "alice", "clarinet")); } } diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/actasstore.pkcs12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/actasstore.pkcs12 new file mode 100644 index 0000000000..8c044e528c Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/actasstore.pkcs12 differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties index 58141f4679..70ccef3ac1 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties @@ -33,8 +33,9 @@ # under the License. # org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin -org.apache.ws.security.crypto.merlin.keystore.type=jks -org.apache.ws.security.crypto.merlin.keystore.password=sspass +org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 +org.apache.ws.security.crypto.merlin.keystore.password=password org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey -org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks +org.apache.ws.security.crypto.merlin.keystore.file=servicestore.pkcs12 + diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks deleted file mode 100644 index 999ee824c3..0000000000 Binary files a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks and /dev/null differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.pkcs12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.pkcs12 new file mode 100644 index 0000000000..1bdab8d7a6 Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.pkcs12 differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties index c67a29ed4c..0b5bc453a4 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties @@ -33,7 +33,8 @@ # under the License. # org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin -org.apache.ws.security.crypto.merlin.keystore.type=jks -org.apache.ws.security.crypto.merlin.keystore.password=stsspass -org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks +org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 +org.apache.ws.security.crypto.merlin.keystore.password=password +org.apache.ws.security.crypto.merlin.keystore.alias=mystskey +org.apache.ws.security.crypto.merlin.keystore.file=stsstore.pkcs12 diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks deleted file mode 100644 index 4ba33e40ef..0000000000 Binary files a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks and /dev/null differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.pkcs12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.pkcs12 new file mode 100644 index 0000000000..034a59372c Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.pkcs12 differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java index 6ede4fa0e2..4047395692 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java @@ -32,7 +32,7 @@ public class ClientCallbackHandler implements CallbackHandler { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; if ("myclientkey".equals(pc.getIdentifier())) { - pc.setPassword("ckpass"); + pc.setPassword("password"); break; } else if ("alice".equals(pc.getIdentifier())) { pc.setPassword("clarinet"); @@ -41,7 +41,7 @@ public class ClientCallbackHandler implements CallbackHandler { pc.setPassword("trombone"); break; } else if ("myservicekey".equals(pc.getIdentifier())) { // rls test added for bearer test - pc.setPassword("skpass"); + pc.setPassword("password"); break; } } diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties index f864336040..2a0ee704d2 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties @@ -33,8 +33,8 @@ # under the License. # org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin -org.apache.ws.security.crypto.merlin.keystore.type=jks -org.apache.ws.security.crypto.merlin.keystore.password=cspass +org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 +org.apache.ws.security.crypto.merlin.keystore.password=password org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey -org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks +org.apache.ws.security.crypto.merlin.keystore.file=clientstore.pkcs12 diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks deleted file mode 100644 index 5c48cb437d..0000000000 Binary files a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks and /dev/null differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.pkcs12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.pkcs12 new file mode 100644 index 0000000000..00a2de2965 Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.pkcs12 differ
