Author: gmazza
Date: Wed Aug 1 23:59:10 2012
New Revision: 1368316
URL: http://svn.apache.org/viewvc?rev=1368316&view=rev
Log:
Revamp of WSDL-first-https sample; DisableCNCheck no longer done, new keys used
Added:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks
(with props)
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks
(with props)
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
Removed:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/bin/
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/certs/
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/InsecureClient.xml
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/SecureClient.xml
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/resources/
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/CherryServer.xml
Modified:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java
Modified:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml
(original)
+++ cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/pom.xml
Wed Aug 1 23:59:10 2012
@@ -63,28 +63,6 @@
</execution>
</executions>
</plugin>
- <plugin>
- <artifactId>maven-antrun-plugin</artifactId>
- <executions>
- <execution>
- <id>copyxmlfiles</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>run</goal>
- </goals>
- <configuration>
- <tasks>
- <copy
file="${basedir}/src/main/java/demo/hw_https/server/CherryServer.xml"
todir="${basedir}/target/classes/demo/hw_https/server" />
- <copy
file="${basedir}/src/main/java/demo/hw_https/client/SecureClient.xml"
todir="${basedir}/target/classes/demo/hw_https/client" />
- <copy
file="${basedir}/src/main/java/demo/hw_https/client/InsecureClient.xml"
todir="${basedir}/target/classes/demo/hw_https/client" />
- <copy todir="${basedir}/target/classes/certs">
- <fileset dir="${basedir}/certs" />
- </copy>
- </tasks>
- </configuration>
- </execution>
- </executions>
- </plugin>
</plugins>
</build>
<profiles>
@@ -119,7 +97,7 @@
<profile>
<id>insecure.client</id>
<build>
- <defaultGoal>test</defaultGoal>
+ <defaultGoal>integration-test</defaultGoal>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
Added:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt?rev=1368316&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
(added)
+++
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt
Wed Aug 1 23:59:10 2012
@@ -0,0 +1,20 @@
+# The below scripts show the commands used to generate the self-signed keys
for this sample.
+# If you use the below script to create your own keys be sure to change the
passwords used here
+# DO NOT USE THE SUPPLIED KEYS IN PRODUCTION--everyone has them!!
+# For production recommended to use keys signed by a third-party certificate
authority (CA)
+
+# Create the combination keystore/truststore for the client and service.
+# Note you can create separate keystores/truststores for both if desired
+keytool -genkeypair -validity 730 -alias myservicekey -keystore
serviceKeystore.jks -dname "cn=localhost" -keypass skpass -storepass sspass
+keytool -genkeypair -validity 730 -alias myclientkey -keystore
clientKeystore.jks -keypass ckpass -storepass cspass
+
+# Place server public cert in client key/truststore
+keytool -export -rfc -keystore serviceKeystore.jks -alias myservicekey -file
MyService.cer -storepass sspass
+keytool -import -noprompt -trustcacerts -file MyService.cer -alias
myservicekey -keystore clientKeystore.jks -storepass cspass
+
+# Place client public cert in service key/truststore
+# Note this needs to be done only if you're requiring client authentication
+# as configured in resources/ServerConfig.xml
+keytool -export -rfc -keystore clientKeystore.jks -alias myclientkey -file
MyClient.cer -storepass cspass
+keytool -import -noprompt -trustcacerts -file MyClient.cer -alias myclientkey
-keystore serviceKeystore.jks -storepass sspass
+
Added:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks?rev=1368316&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks?rev=1368316&view=auto
==============================================================================
Binary file - no diff available.
Propchange:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
(original)
+++
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/Client.java
Wed Aug 1 23:59:10 2012
@@ -58,9 +58,9 @@ public final class Client {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = null;
if ("secure".equals(args[1])) {
- busFile = Client.class.getResource("SecureClient.xml");
+ busFile = Client.class.getResource("/SecureClient.xml");
} else if ("insecure".equals(args[1])) {
- busFile = Client.class.getResource("InsecureClient.xml");
+ busFile = Client.class.getResource("/InsecureClient.xml");
} else {
System.out.println("arg1 needs to be either secure or insecure");
System.exit(1);
Modified:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
(original)
+++
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java
Wed Aug 1 23:59:10 2012
@@ -80,10 +80,6 @@ public final class ClientNonSpring {
System.exit(1);
}
-
-
-
-
System.out.println("Invoking greetMe...");
try {
String resp = port.greetMe(System.getProperty("user.name"));
@@ -100,35 +96,23 @@ public final class ClientNonSpring {
private static void setupTLS(Greeter port)
throws FileNotFoundException, IOException, GeneralSecurityException {
- String contextPath = "";
- try {
- contextPath = new
ClientNonSpring().getClass().getResource("/certs").toURI().getPath();
- } catch (Exception e) {
- e.printStackTrace();
- }
+ String keyStoreLoc = "src/main/config/clientKeystore.jks";
HTTPConduit httpConduit = (HTTPConduit)
ClientProxy.getClient(port).getConduit();
TLSClientParameters tlsCP = new TLSClientParameters();
- String keyPassword = "password";
+ String keyPassword = "ckpass";
KeyStore keyStore = KeyStore.getInstance("JKS");
- String keyStoreLoc = contextPath + "/wibble.jks";
- keyStore.load(new FileInputStream(keyStoreLoc),
keyPassword.toCharArray());
+ keyStore.load(new FileInputStream(keyStoreLoc),
"cspass".toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
KeyStore trustStore = KeyStore.getInstance("JKS");
- String trustStoreLoc = contextPath + "/truststore.jks";
- trustStore.load(new FileInputStream(trustStoreLoc),
keyPassword.toCharArray());
+ trustStore.load(new FileInputStream(keyStoreLoc),
"cspass".toCharArray());
TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsCP.setTrustManagers(myTrustStoreKeyManagers);
- //The following is not recommended and would not be done in a
prodcution environment,
- //this is just for illustrative purpose
- tlsCP.setDisableCNCheck(true);
-
httpConduit.setTlsClientParameters(tlsCP);
-
}
private static TrustManager[] getTrustManagers(KeyStore trustStore)
Modified:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java?rev=1368316&r1=1368315&r2=1368316&view=diff
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java
(original)
+++
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java
Wed Aug 1 23:59:10 2012
@@ -33,7 +33,7 @@ public class Server {
System.out.println("Starting Server");
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = Server.class.getResource("CherryServer.xml");
+ URL busFile = Server.class.getResource("/ServerConfig.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
Added:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml?rev=1368316&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
(added)
+++
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/InsecureClient.xml
Wed Aug 1 23:59:10 2012
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
+
+ <http:conduit
name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit";>
+ </http:conduit>
+
+</beans>
Added:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml?rev=1368316&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
(added)
+++
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml
Wed Aug 1 23:59:10 2012
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+ ** This file configures the Wibble Client
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xsi:schemaLocation="
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd";>
+
+ <http:conduit
name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit";>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="ckpass">
+ <sec:keyStore file="src/main/config/clientKeystore.jks"
password="cspass" type="JKS"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore file="src/main/config/clientKeystore.jks"
password="cspass" type="JKS"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
+
Added:
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml?rev=1368316&view=auto
==============================================================================
---
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
(added)
+++
cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
Wed Aug 1 23:59:10 2012
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+ ** This file configures the Server which runs the web service.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
+ xsi:schemaLocation="
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
+ http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd";>
+
+ <http:destination
name="{http://apache.org/hello_world_soap_http}GreeterPort.http-destination";>
+ </http:destination>
+
+ <httpj:engine-factory>
+ <httpj:engine port="9001">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="skpass">
+ <sec:keyStore file="src/main/config/serviceKeystore.jks"
password="sspass" type="JKS"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore file="src/main/config/serviceKeystore.jks"
password="sspass" type="JKS"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+</beans>
