Author: gmazza
Date: Mon Jul 9 16:08:33 2012
New Revision: 1359244
URL: http://svn.apache.org/viewvc?rev=1359244&view=rev
Log:
Added specific keystores for each part of the Fediz samples and components and
a README listing required trust relationships.
Added:
cxf/fediz/trunk/examples/samplekeys/
cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt
cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks (with props)
cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks (with props)
cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks (with props)
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
(with props)
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
(with props)
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks (with props)
Removed:
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/tomcatKeystore.jks
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/stsKeystore.properties
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/stsstore.jks
cxf/fediz/trunk/services/idp/src/main/resources/clientstore.jks
Modified:
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks
Added: cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt?rev=1359244&view=auto
==============================================================================
--- cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt (added)
+++ cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.txt Mon Jul 9
16:08:33 2012
@@ -0,0 +1,74 @@
+Here are sample (non-production use!!!) self-signed keys to run the FEDIZ
samples.
+
+Don't use these keys in production--everyone has them! At a minimum,
regenerate new keys using the scripts (with different passwords) below. These
will be just self-signed keys however, for real production use having
third-party signed CA keys is highly recommended.
+
+1.) Tomcat keys: The Tomcat keys can be simply placed in the root folder of
each Tomcat installation. They are used to configure SSL for the Tomcat
instances as described here: http://cxf.apache.org/fediz-tomcat.html.
+
+Keys:
+a.) tomcat-idp.jks: keystore for the Tomcat instance holding the IDP and IDP
STS.
+Alias: mytomidpkey
+Needs to trust: Nobody.
+Needs to be trusted by: IDP WAR
+
+Scripts:
+keytool -genkeypair -validity 730 -alias mytomidpkey -keystore tomcat-idp.jks
-dname "cn=localhost" -keypass tompass -storepass tompass
+
+keytool -keystore tomcat-idp.jks -storepass tompass -export -alias mytomidpkey
-file MyTCIDP.cer
+
+b.) tomcat-rp.jks: keystore for the Tomcat instance holding the relying party
applications for both samples (simpleWebapp and wsclientWebapp)
+Alias: mytomrpkey
+Needs to trust: Nobody.
+Needs to be trusted by: Nobody.
+
+Scripts:
+keytool -genkeypair -validity 730 -alias mytomrpkey -keystore tomcat-rp.jks
-dname "cn=localhost" -keypass tompass -storepass tompass
+
+c.) tomcat-wsp.jks: keystore for the Tomcat instance holding the web service
provider in the second (wsclientWebapp) sample.
+Alias: mytomwspkey
+Needs to trust: Nobody.
+Needs to be trusted by: wsclientWebapp's webapp module
+
+Script:
+keytool -genkeypair -validity 730 -alias mytomwspkey -keystore tomcat-wsp.jks
-dname "cn=localhost" -keypass tompass -storepass tompass
+
+2.) IDP keystore:
+Alias: myidpkey
+Location: services/idp/src/main/resources/idpstore.jks
+Needs to trust: mytomidpkey (because it makes an SSL call to the IDP STS)
+Needs to be trusted by: IDP STS
+
+Scripts:
+keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias myidpkey
-keypass ikpass -storepass ispass -keystore idpstore.jks
+
+keytool -import -trustcacerts -keystore idpstore.jks -storepass ispass -alias
mytomidpkey -file MyTCIDP.cer -noprompt
+
+keytool -export -rfc -keystore idpstore.jks -storepass ispass -alias myidpkey
-file MyIDP.cer
+
+3.) Making the key for the IDP STS:
+Alias: mystskey
+Location: services/idp/src/main/resources/stsstore.jks
+Needs to trust: myidpkey (because of X.509 auth between IDP and IDP STS)
+Needs to be trusted by: wsclientWebapp's webservice
+
+Scripts:
+keytool -genkey -keyalg RSA -sigalg SHA1withRSA -validity 730 -alias mystskey
-keypass stskpass -storepass stsspass -keystore stsstore.jks
+
+keytool -import -trustcacerts -keystore stsstore.jks -storepass stsspass
-alias myidpkey -file MyIDP.cer -noprompt
+
+4.) Making the key for the simpleWebapp sample: No additional keys needed.
+
+5.) Making the key for the wsclientWebapp "webapp" sample:
+Location: examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
+Trust relationships needed: mytomidpkey (to access IDP STS via HTTPS,
mytomwspkey (to access web service via HTTPS)
+Needs to be trusted by: Nobody.
+
+
+6.) Making the keystore for the wsclientWebapp "webservice" sample:
+Location:
examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
(has no key, just a truststore)
+Trust relationships needed: IDP STS (signature verification)
+Needs to be trusted by: Nobody.
+
+keytool -import -trustcacerts -keystore webserviceKeystore.jks -storepass
wsspass -alias mystskey -file MySTS.cer -noprompt
+
+
+
Added: cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.
Propchange: cxf/fediz/trunk/examples/samplekeys/tomcat-idp.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.
Propchange: cxf/fediz/trunk/examples/samplekeys/tomcat-rp.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.
Propchange: cxf/fediz/trunk/examples/samplekeys/tomcat-wsp.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/resources/webappKeystore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified:
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
---
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
(original)
+++
cxf/fediz/trunk/examples/wsclientWebapp/webapp/src/main/webapp/WEB-INF/applicationContext.xml
Mon Jul 9 16:08:33 2012
@@ -60,16 +60,16 @@
<http:conduit
name="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port.http-conduit";>
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
- <sec:keyStore type="jks" password="tompass"
resource="tomcatKeystore.jks" />
+ <sec:keyStore type="jks" password="waspass"
resource="webappKeystore.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
- <!-- STS WSDL download -->
+ <!-- STS WSDL download -->
<http:conduit name="https://localhost:9443/.*";>
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
- <sec:keyStore type="jks" password="tompass"
resource="tomcatKeystore.jks" />
+ <sec:keyStore type="jks" password="waspass"
resource="webappKeystore.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
@@ -78,9 +78,9 @@
name="{http://apache.org/hello_world_soap_http}GreeterSoapPort.http-conduit";>
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
- <sec:keyStore type="jks" password="tompass"
resource="tomcatKeystore.jks" />
+ <sec:keyStore type="jks" password="waspass"
resource="webappKeystore.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
-</beans>
\ No newline at end of file
+</beans>
Modified: cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml
(original)
+++ cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/pom.xml Mon Jul
9 16:08:33 2012
@@ -49,7 +49,7 @@
<version>1.1</version>
<configuration>
<server>myTomcat</server>
-
<url>http://localhost:10080/manager</url>
+
<url>http://localhost:10080/manager/text</url>
<path>/${project.build.finalName}</path>
</configuration>
</plugin>
Added:
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties?rev=1359244&view=auto
==============================================================================
---
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
(added)
+++
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/resources/webserviceKeystore.properties
Mon Jul 9 16:08:33 2012
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=wsspass
+org.apache.ws.security.crypto.merlin.keystore.file=webserviceKeystore.jks
+
Modified:
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
---
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
(original)
+++
cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/src/main/webapp/WEB-INF/applicationContext.xml
Mon Jul 9 16:08:33 2012
@@ -22,7 +22,7 @@
xmlns:svc="http://apache.org/hello_world_soap_http";
address="/GreeterService">
<jaxws:properties>
- <entry key="ws-security.signature.properties"
value="stsKeystore.properties" />
+ <entry key="ws-security.signature.properties"
value="webserviceKeystore.properties" />
</jaxws:properties>
<jaxws:features>
Added: cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks?rev=1359244&view=auto
==============================================================================
Binary file - no diff available.
Propchange: cxf/fediz/trunk/services/idp/src/main/resources/idpstore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified:
cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
(original)
+++ cxf/fediz/trunk/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
Mon Jul 9 16:08:33 2012
@@ -30,7 +30,7 @@
<http:conduit name="https://localhost:9443/.*";>
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
- <sec:keyStore type="jks" password="cspass"
resource="clientstore.jks"/>
+ <sec:keyStore type="jks" password="ispass" resource="idpstore.jks"/>
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
Modified: cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/main/resources/stsstore.jks?rev=1359244&r1=1359243&r2=1359244&view=diff
==============================================================================
Binary files - no diff available.
