This is an automated email from the ASF dual-hosted git repository.
aldettinger pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new be98edb0b7 Generates certificates for cxf security tests (#7945)
be98edb0b7 is described below
commit be98edb0b74dce3d0c1b61c1b9ecb8b706010399
Author: JiriOndrusek <[email protected]>
AuthorDate: Thu Nov 6 20:00:08 2025 +0100
Generates certificates for cxf security tests (#7945)
---
Co-authored-by: gansheer <[email protected]>
---
.../cxf-soap/cxf-soap-ws-trust/generate-certs.sh | 80 +++++++++++++++++++++
.../it/ws/trust/server/ServerCallbackHandler.java | 2 +-
.../soap/it/ws/trust/sts/StsCallbackHandler.java | 2 +-
.../src/main/resources/actasstore.pkcs12 | Bin 0 -> 3640 bytes
.../src/main/resources/serviceKeystore.properties | 7 +-
.../src/main/resources/servicestore.jks | Bin 3475 -> 0 bytes
.../src/main/resources/servicestore.pkcs12 | Bin 0 -> 4751 bytes
.../src/main/resources/stsKeystore.properties | 7 +-
.../src/main/resources/stsstore.jks | Bin 5570 -> 0 bytes
.../src/main/resources/stsstore.pkcs12 | Bin 0 -> 6711 bytes
.../soap/it/ws/trust/ClientCallbackHandler.java | 4 +-
.../src/test/resources/clientKeystore.properties | 6 +-
.../src/test/resources/clientstore.jks | Bin 5571 -> 0 bytes
.../src/test/resources/clientstore.pkcs12 | Bin 0 -> 6717 bytes
14 files changed, 95 insertions(+), 13 deletions(-)
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/generate-certs.sh
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/generate-certs.sh
new file mode 100755
index 0000000000..9f4a5881e0
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/generate-certs.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+set -e
+set -x
+
+keySize=2048
+days=10000
+password="password"
+encryptionAlgo="aes-256-cbc"
+
+workDir="target/openssl-work"
+destinationDir="src/main/resources"
+destinationTestDir="src/test/resources"
+
+# see https://stackoverflow.com/a/54924640
+export MSYS_NO_PATHCONV=1
+
+if [[ -n "${JAVA_HOME}" ]] ; then
+ keytool="$JAVA_HOME/bin/keytool"
+elif ! [[ -x "$(command -v keytool)" ]] ; then
+ echo 'Error: Either add keytool to PATH or set JAVA_HOME' >&2
+ exit 1
+else
+ keytool="keytool"
+fi
+
+if ! [[ -x "$(command -v openssl)" ]] ; then
+ echo 'Error: openssl is not installed.' >&2
+ exit 1
+fi
+
+mkdir -p "$workDir"
+mkdir -p "$destinationDir"
+
+# Certificate authority
+openssl genrsa -out "$workDir/cxfca.key" $keySize
+openssl req -x509 -new -subj '/O=apache.org/OU=eng (NOT FOR
PRODUCTION)/CN=cxfca' -key "$workDir/cxfca.key" -nodes -out
"$workDir/cxfca.pem" -days $days -extensions v3_req
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca'
-x509 -key "$workDir/cxfca.key" -days $days -out "$workDir/cxfca.crt"
+
+for actor in client service sts actas; do
+ # Generate keys
+ openssl genrsa -out "$workDir/$actor.key" $keySize
+
+ # Generate certificates
+ openssl req -new -subj "/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=$actor"
-key "$workDir/$actor.key" -out "$workDir/$actor.csr"
+ openssl x509 -req -in "$workDir/$actor.csr" -CA "$workDir/cxfca.pem" -CAkey
"$workDir/cxfca.key" -CAcreateserial -days $days -out "$workDir/$actor.crt"
+
+ # Export keystores
+ openssl pkcs12 -export -in "$workDir/$actor.crt" -inkey
"$workDir/$actor.key" -certfile "$workDir/cxfca.crt" -name "my${actor}key" -out
"$destinationDir/${actor}store.pkcs12" -passout pass:"$password" -keypbe
"$encryptionAlgo" -certpbe "$encryptionAlgo"
+done
+
+keytool -import -trustcacerts -alias mystskey -file "$workDir/sts.crt"
-noprompt -keystore "$destinationDir/servicestore.pkcs12" -storepass
"$password"
+
+keytool -import -trustcacerts -alias actasclient -file "$workDir/actas.crt"
-noprompt -keystore "$destinationDir/stsstore.pkcs12" -storepass
"$password"
+keytool -import -trustcacerts -alias myclientkey -file "$workDir/client.crt"
-noprompt -keystore "$destinationDir/stsstore.pkcs12" -storepass
"$password"
+keytool -import -trustcacerts -alias myservicekey -file "$workDir/service.crt"
-noprompt -keystore "$destinationDir/stsstore.pkcs12" -storepass
"$password"
+
+keytool -import -trustcacerts -alias myactaskey -file "$workDir/actas.crt"
-noprompt -keystore "$destinationDir/clientstore.pkcs12" -storepass
"$password"
+keytool -import -trustcacerts -alias myservicekey -file "$workDir/service.crt"
-noprompt -keystore "$destinationDir/clientstore.pkcs12" -storepass
"$password"
+keytool -import -trustcacerts -alias mystskey -file "$workDir/sts.crt"
-noprompt -keystore "$destinationDir/clientstore.pkcs12" -storepass
"$password"
+
+mv "$destinationDir/clientstore.pkcs12"
"$destinationTestDir/clientstore.pkcs12"
+rm "$destinationDir/actasstore.pkcs12"
\ No newline at end of file
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
index 9579a3e249..0ce9b4ab59 100644
---
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
+++
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
@@ -25,6 +25,6 @@ import
org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common.PasswordCa
public class ServerCallbackHandler extends PasswordCallbackHandler {
public ServerCallbackHandler() {
- super(Map.of("myservicekey", "skpass"));
+ super(Map.of("myservicekey", "password"));
}
}
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
index 68e4b2e874..242b2272a7 100644
---
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
+++
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
@@ -26,7 +26,7 @@ public class StsCallbackHandler extends
PasswordCallbackHandler {
public StsCallbackHandler() {
super(Map.of(
- "mystskey", "stskpass",
+ "mystskey", "password",
"alice", "clarinet"));
}
}
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/actasstore.pkcs12
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/actasstore.pkcs12
new file mode 100644
index 0000000000..8c044e528c
Binary files /dev/null and
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/actasstore.pkcs12
differ
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
index 58141f4679..70ccef3ac1 100644
---
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
+++
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
@@ -33,8 +33,9 @@
# under the License.
#
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
-org.apache.ws.security.crypto.merlin.keystore.password=sspass
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
+org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
-org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks
+org.apache.ws.security.crypto.merlin.keystore.file=servicestore.pkcs12
+
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks
deleted file mode 100644
index 999ee824c3..0000000000
Binary files
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks
and /dev/null differ
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.pkcs12
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.pkcs12
new file mode 100644
index 0000000000..1bdab8d7a6
Binary files /dev/null and
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.pkcs12
differ
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
index c67a29ed4c..0b5bc453a4 100644
---
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
+++
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
@@ -33,7 +33,8 @@
# under the License.
#
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
-org.apache.ws.security.crypto.merlin.keystore.password=stsspass
-org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.keystore.alias=mystskey
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.pkcs12
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks
deleted file mode 100644
index 4ba33e40ef..0000000000
Binary files
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks
and /dev/null differ
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.pkcs12
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.pkcs12
new file mode 100644
index 0000000000..034a59372c
Binary files /dev/null and
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.pkcs12
differ
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
index 6ede4fa0e2..4047395692 100644
---
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
+++
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
@@ -32,7 +32,7 @@ public class ClientCallbackHandler implements CallbackHandler
{
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if ("myclientkey".equals(pc.getIdentifier())) {
- pc.setPassword("ckpass");
+ pc.setPassword("password");
break;
} else if ("alice".equals(pc.getIdentifier())) {
pc.setPassword("clarinet");
@@ -41,7 +41,7 @@ public class ClientCallbackHandler implements CallbackHandler
{
pc.setPassword("trombone");
break;
} else if ("myservicekey".equals(pc.getIdentifier())) { // rls
test added for bearer test
- pc.setPassword("skpass");
+ pc.setPassword("password");
break;
}
}
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
index f864336040..2a0ee704d2 100644
---
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
+++
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
@@ -33,8 +33,8 @@
# under the License.
#
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
-org.apache.ws.security.crypto.merlin.keystore.password=cspass
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
+org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
-org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks
+org.apache.ws.security.crypto.merlin.keystore.file=clientstore.pkcs12
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks
deleted file mode 100644
index 5c48cb437d..0000000000
Binary files
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks
and /dev/null differ
diff --git
a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.pkcs12
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.pkcs12
new file mode 100644
index 0000000000..00a2de2965
Binary files /dev/null and
b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.pkcs12
differ
