blob: 09502bd4385b1a57c6534923f3a8872b0fe05458 [file] [log] [blame]
<?xml version="1.0"?>
<!DOCTYPE project [
<!--
Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
This program and the accompanying materials are made available under the
terms of the Eclipse Public License v. 2.0, which is available at
http://www.eclipse.org/legal/epl-2.0.
This Source Code may also be made available under the following Secondary
Licenses when the conditions for such availability set forth in the
Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
version 2 with the GNU Classpath Exception, which is available at
https://www.gnu.org/software/classpath/license.html.
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
-->
<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
<!ENTITY testProperties SYSTEM "./build.properties">
]>
<project name="web-mutual-auth" basedir="." default="usage">
&commonSetup;
&commonBuild;
&commonRun;
&commonSecurity;
&testProperties;
<target name="all" depends="build, setup, deploy, run, undeploy, unsetup"/>
<target name="clean" depends="init-common">
<delete dir="${build.classes.dir}"/>
<delete dir="${assemble.dir}"/>
</target>
<target name="compile" depends="clean">
<mkdir dir="build"/>
<antcall target="compile-common">
<param name="src" value="servlet"/>
</antcall>
<javac srcdir="." destdir="./build" classpath="${env.APS_HOME}/lib/reporter.jar"
includes="WebSSLClient.java"/>
</target>
<target name="build" depends="compile">
<property name="hasWebclient" value="yes"/>
<antcall target="webclient-war-common">
<param name="hasWebclient" value="yes" />
<param name="webclient.war.classes" value="**/*.class"/>
</antcall>
</target>
<target name="build-publish-war" depends="build, publish-war-common" />
<target name="deploy" depends="init-common,build">
<antcall target="deploy-war-common"/>
</target>
<target name="re-deploy" depends="init-common,build">
<antcall target="deploy-war-common"/>
</target>
<target name="run" depends="init-common,init-security-util">
<!-- <property name="myhttps.host" value="localhost"/>
<property name="myhttps.port" value="8181"/> -->
<java classname="devtests.security.WebSSLClient">
<sysproperty key="javax.net.debug1" value="ssl,handshake,data,trustmanager" />
<sysproperty key="sun.security.ssl.allowUnsafeRenegotiation" value="true" />
<arg value="${s1asCN}"/>
<arg value="${https.port}"/>
<arg value="${contextroot}"/>
<arg value="${mykeystore.db.file}"/>
<arg value="${mytruststore.db.file}"/>
<arg value="${ssl.password}"/>
<classpath>
<pathelement location="${env.APS_HOME}/lib/reporter.jar"/>
<pathelement location="./build"/>
</classpath>
</java>
</target>
<target name="undeploy" depends="init-common">
<antcall target="undeploy-war-common"/>
</target>
<target name="usage">
<antcall target="usage-common"/>
</target>
<target name="setup" depends="init-common,prepare-store-common">
<antcall target="env-check" />
<antcall target="generate-ca-client-certs-pe" />
<antcall target="generate-ca-client-certs-ee" />
<antcall target="restart-server-instance-common"/>
</target>
<target name="unsetup">
<antcall target="restore"/>
</target>
<target name="restore" depends="init-common" >
<antcall target="remove-store-common"/>
<antcall target="restart-server-instance-common"/>
</target>
<target name="generate-ca-client-certs-pe" depends="init-common" unless="isNSS">
<!--client side -->
<exec executable="${java.home}/bin/keytool" failonerror="false">
<arg line="-delete -alias testcert1 -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
</exec>
<exec executable="${java.home}/bin/keytool" failonerror="false">
<arg line="-delete -alias testca -keystore ${mytruststore.db.file} -storepass ${ssl.password}"/>
</exec>
<antcall target="import-cert-jks">
<param name="cert.alias" value="testca"/>
<param name="keystore.file" value="${mytruststore.db.file}"/>
<param name="cert.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/certificate/testca.rfc"/>
</antcall>
<antcall target="convert-pkcs12-to-jks">
<param name="pkcs12.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/certificate/testcert1.p12"/>
<param name="pkcs12.pass" value="${ssl.password}"/>
<param name="jks.file" value="${mykeystore.db.file}"/>
<param name="jks.pass" value="${ssl.password}"/>
</antcall>
<!-- server side -->
<exec executable="${java.home}/bin/keytool" failonerror="false">
<arg line="-delete -alias testca -keystore ${admin.domain.dir}/${admin.domain}/config/cacerts.jks -storepass ${ssl.password}"/>
</exec>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-import -trustcacerts -alias testca -storepass '${ssl.password}' -noprompt "/>
<arg value="-file"/>
<arg file="${env.APS_HOME}/devtests/security/web-mutual-ssl/certificate/testca.rfc"/>
<arg value="-keystore"/>
<arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
</exec>
</target>
<!--
generate selfsigned CA cert testca, and testcert1(issued by/signed by testca) in ${nss.db.dir};
export testca to testca.rfc and then import to ${mytruststore.db.file};
export testcert1 to testcert.p12 and then import it to ${mykeystore.db.file}.
-->
<target name="generate-ca-client-certs-ee" depends="init-common" if="isNSS">
<mkdir dir="build"/>
<echo message="${ssl.password}" file="build/passfile"/>
<echo message="anything" file="build/seedfile"/>
<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="false">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-D -n testcert1 -d ${nss.db.dir}"/>
</exec>
<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="false">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-D -n testca -d ${nss.db.dir}"/>
</exec>
<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-S -x -n testca -s 'CN=testca, O=Sun, OU=JWS, L=Santa Clara, C=US' -t TCu,Pu,Pu -m 1111 -v 1111 -f ./build/passfile -z ./build/seedfile -d ${nss.db.dir}"/>
</exec>
<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true" output="build/testca.rfc">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-L -n testca -a"/>
<arg value="-d"/>
<arg file="${nss.db.dir}"/>
</exec>
<antcall target="import-cert-jks">
<param name="cert.alias" value="testca"/>
<param name="keystore.file" value="${mytruststore.db.file}"/>
<param name="cert.file" value="build/testca.rfc"/>
</antcall>
<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-S -n testcert1 -s 'CN=testcert1, O=Sun, OU=JWS, L=Santa Clara, C=US' -t Pu,Pu,Pu -m 2111 -v 2111 -c testca -f ./build/passfile -z ./build/seedfile -d ${nss.db.dir}"/>
</exec>
<antcall target="export-cert-p12-nss">
<param name="cert.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/build/testcert1.p12"/>
<param name="cert.dir" value="${nss.db.dir}"/>
<param name="certdb.pwd" value="${ssl.password}"/>
<param name="cert.pwd" value="${ssl.password}"/>
<param name="cert.nickname" value="testcert1"/>
</antcall>
<antcall target="convert-pkcs12-to-jks">
<param name="pkcs12.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/build/testcert1.p12"/>
<param name="pkcs12.pass" value="${ssl.password}"/>
<param name="jks.file" value="${mykeystore.db.file}"/>
<param name="jks.pass" value="${ssl.password}"/>
</antcall>
<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="false">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-D -n testcert1 -d ${nss.db.dir}"/>
</exec>
</target>
</project>