This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.6.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit eb49e2ee47d0f87fcbed96eb70f30651da937cd5 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Wed Nov 19 05:05:20 2025 +0000 Removing keys from wsdl_first_https demo (cherry picked from commit 0aa231d9352cdebaac8172a7d3fbbf88d7551ab1) (cherry picked from commit 7402e1a4ca7e7a8de48f576ca2f9f17108393575) --- .../main/release/samples/wsdl_first_https/pom.xml | 6 ++++++ .../wsdl_first_https/src/main/config/KeyREADME.txt | 20 -------------------- .../src/main/config/clientKeystore.jks | Bin 4559 -> 0 bytes .../src/main/config/serviceKeystore.jks | Bin 3475 -> 0 bytes .../wsdl_first_https/src/main/config/stsstore.jks | Bin 4557 -> 0 bytes .../java/demo/hw_https/client/ClientNonSpring.java | 4 ++-- .../src/main/resources/SecureClient.xml | 8 ++++---- .../src/main/resources/ServerConfig.xml | 8 ++++---- 8 files changed, 16 insertions(+), 30 deletions(-) diff --git a/distribution/src/main/release/samples/wsdl_first_https/pom.xml b/distribution/src/main/release/samples/wsdl_first_https/pom.xml index 679e57e85a..d5ace7c8d2 100644 --- a/distribution/src/main/release/samples/wsdl_first_https/pom.xml +++ b/distribution/src/main/release/samples/wsdl_first_https/pom.xml @@ -210,6 +210,12 @@ <artifactId>cxf-rt-transports-http-jetty</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-testutils</artifactId> + <version>4.1.5-SNAPSHOT</version> + <classifier>keys</classifier> + </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt b/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt deleted file mode 100644 index edeb2ca8e0..0000000000 --- a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt +++ /dev/null @@ -1,20 +0,0 @@ -# The below scripts show the commands used to generate the self-signed keys for this sample. -# If you use the below script to create your own keys be sure to change the passwords used here -# DO NOT USE THE SUPPLIED KEYS IN PRODUCTION--everyone has them!! -# For production recommended to use keys signed by a third-party certificate authority (CA) - -# Create the combination keystore/truststore for the client and service. -# Note you can create separate keystores/truststores for both if desired -keytool -genkeypair -validity 730 -alias myservicekey -keystore serviceKeystore.jks -dname "cn=localhost" -keypass skpass -storepass sspass -keytool -genkeypair -validity 730 -alias myclientkey -keystore clientKeystore.jks -keypass ckpass -storepass cspass - -# Place server public cert in client key/truststore -keytool -export -rfc -keystore serviceKeystore.jks -alias myservicekey -file MyService.cer -storepass sspass -keytool -import -noprompt -trustcacerts -file MyService.cer -alias myservicekey -keystore clientKeystore.jks -storepass cspass - -# Place client public cert in service key/truststore -# Note this needs to be done only if you're requiring client authentication -# as configured in resources/ServerConfig.xml -keytool -export -rfc -keystore clientKeystore.jks -alias myclientkey -file MyClient.cer -storepass cspass -keytool -import -noprompt -trustcacerts -file MyClient.cer -alias myclientkey -keystore serviceKeystore.jks -storepass sspass - diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks b/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks deleted file mode 100644 index f734f87b3a..0000000000 Binary files a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/clientKeystore.jks and /dev/null differ diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks b/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks deleted file mode 100644 index 999ee824c3..0000000000 Binary files a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/serviceKeystore.jks and /dev/null differ diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/stsstore.jks b/distribution/src/main/release/samples/wsdl_first_https/src/main/config/stsstore.jks deleted file mode 100644 index 51f131f223..0000000000 Binary files a/distribution/src/main/release/samples/wsdl_first_https/src/main/config/stsstore.jks and /dev/null differ diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java b/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java index 55e0cd0e1f..1b511ef156 100644 --- a/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java +++ b/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/client/ClientNonSpring.java @@ -96,12 +96,12 @@ public final class ClientNonSpring { tlsCP.setDisableCNCheck(true); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - try (InputStream is = new FileInputStream("src/main/config/clientKeystore.jks")) { + try (InputStream is = ClientNonSpring.class.getResourceAsStream("/keys/clientstore.jks")) { keyStore.load(is, "cspass".toCharArray()); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(keyStore, "ckpass".toCharArray()); + kmf.init(keyStore, "cspass".toCharArray()); tlsCP.setKeyManagers(kmf.getKeyManagers()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml b/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml index 0a406f694f..24cc25c38e 100644 --- a/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml +++ b/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/SecureClient.xml @@ -27,12 +27,12 @@ xsi:schemaLocation="http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> <http:conduit name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit";> <http:tlsClientParameters disableCNCheck="true"> - <sec:keyManagers keyPassword="ckpass"> - <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass" type="JKS"/> + <sec:keyManagers keyPassword="cspass"> + <sec:keyStore resource="keys/clientstore.jks" password="cspass" type="JKS"/> </sec:keyManagers> <sec:trustManagers> - <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass" type="JKS"/> + <sec:keyStore resource="keys/clientstore.jks" password="cspass" type="JKS"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit> -</beans> \ No newline at end of file +</beans> diff --git a/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml b/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml index 2be0f076f1..3c96365934 100644 --- a/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml +++ b/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml @@ -31,14 +31,14 @@ <httpj:engine-factory> <httpj:engine port="9001"> <httpj:tlsServerParameters> - <sec:keyManagers keyPassword="skpass"> - <sec:keyStore file="src/main/config/serviceKeystore.jks" password="sspass" type="JKS"/> + <sec:keyManagers keyPassword="sspass"> + <sec:keyStore resource="keys/servicestore.jks" password="sspass" type="JKS"/> </sec:keyManagers> <sec:trustManagers> - <sec:keyStore file="src/main/config/stsstore.jks" password="stsspass" type="JKS"/> + <sec:keyStore resource="keys/stsstore.jks" password="stsspass" type="JKS"/> </sec:trustManagers> <sec:clientAuthentication want="true" required="true"/> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> -</beans> \ No newline at end of file +</beans>
