appserver/tests/appserv-tests/devtests/security/common.xml - glassfish - Git at Google

 <!--

     Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.

     This program and the accompanying materials are made available under the
     terms of the Eclipse Public License v. 2.0, which is available at
     http://www.eclipse.org/legal/epl-2.0.

     This Source Code may also be made available under the following Secondary
     Licenses when the conditions for such availability set forth in the
     Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
     version 2 with the GNU Classpath Exception, which is available at
     https://www.gnu.org/software/classpath/license.html.

     SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

 -->

 <!-- common security tasks -->
 <property name="webtest.classname" value="org.apache.tomcat.task.GTest"/>
 <property name="webtest.classpath" value="${env.APS_HOME}/lib/testdriversecurity.jar:${env.APS_HOME}/lib/commons-logging.jar"/>
 <property name="webtest.report.dir" value="${env.APS_HOME}/"/>
 <!-- this is for referencing generate key/trust stores in client -->
 <property name="mykeystore.db.file" value="${env.APS_HOME}/build/__keystore.jks"/>
 <property name="mytruststore.db.file" value="${env.APS_HOME}/build/__cacerts.jks"/>
 <property name="appserver.config.name" value="server-config"/>

 <condition property="wsimport.VMARGS" value="${env.WSIMPORT_OPTS}" else="">
   <isset property="env.WSIMPORT_OPTS" />
 </condition>

 <target name="init-security-util" depends="gethostname">
 <!--    <ant dir="${env.APS_HOME}/devtests/security/util" target="all"/>
     <taskdef name="s1asCN" classname="devtests.security.util.S1ASCN" classpath="${env.APS_HOME}/devtests/security/util/build:${env.S1AS_HOME}/lib/appserv-rt.jar"/>
     <s1asCN/>
     <echo message="s1as CN = ${s1asCN}"/> -->
 </target>
 <target name="gethostname">
     <exec executable="hostname" osfamily="unix" failifexecutionfails="false" outputproperty="env.COMPUTERNAME"/>
     <property name="s1asCN" value="${env.COMPUTERNAME}" />
     <echo message="s1as CN = ${s1asCN}"/>
 </target>
 <!-- Create auth realm -->
 <target name="create-auth-realm" depends="init-common">
     <echo message="Creating auth realm ${realmname} ..."/>
      <exec executable="${ASADMIN}">
        <arg line="create-auth-realm"/>
        <arg line="${as.props} --target=${appserver.instance.name}"/>
        <arg line="--classname ${realmclass}"/>
        <arg line="${realmproperties}"/>
        <arg line="${realmname}"/>
      </exec>
 </target>

 <!-- Create file auth realm -->
 <target name="create-auth-filerealm">
     <!-- workaround for handling the special character : in the admin command -->
     <echo message="file=${keyfile.path}" file="temp.txt"/>
     <replace file="temp.txt" token="\" value="/"/>
     <replace file="temp.txt" token=":" value="\\:"/>
     <loadproperties srcFile="temp.txt"/>
     <echo message="${file}"/>
     <delete file="temp.txt"/>

     <antcall target="create-auth-realm">
        <param name="realmname" value="${file.realm.name}"/>
        <param name="realmclass" value="com.sun.enterprise.security.auth.realm.file.FileRealm"/>
        <param name="realmproperties" value="--property file=${file}:jaas-context=fileRealm"/>
     </antcall>
 </target>

 <target name="create-user">
         <antcall target="create-user-common">
             <param name="user" value="harpreet"/>
             <param name="password" value="harpreet"/>
             <param name="groups" value="employee"/>
        </antcall>
 </target>

 <target name="delete-user">
       <antcall target="delete-user-common">
         <param name="user" value="harpreet"/>
       </antcall>
 </target>

 <target name="env-check" depends="init-common">
     <!--
       Determine if we need to use the certutil or the keytool command to
       access the certificate truststore
     -->
     <property name="nss.db.dir" location="${admin.domain.dir}/${admin.domain}/config"/>
     <condition property="isNSS">
         <and>
             <available file="${nss.db.dir}/cert8.db"/>
             <available file="${nss.db.dir}/key3.db"/>
             <available file="${nss.db.dir}/secmod.db"/>
         </and>
     </condition>
 </target>

 <!-- this target parpare stores with client and server have different keys -->
 <target name="prepare-store-common" depends="env-check">
     <property name="cert.rfc.file" location="${build.base.dir}/${cert.nickname}.rfc"/>
     <property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>
     <delete quiet="true" file="${mytruststore.db.file}"/>
     <delete quiet="true" file="${mykeystore.db.file}"/>
     <delete quiet="true" file="${cert.rfc.file}"/>
     <delete quiet="true" file="${keycert.rfc.file}"/>

     <mkdir dir="${build.base.dir}"/>
     <antcall target="prepare-store-certutil-common"/>
     <antcall target="prepare-store-keytool-common"/>
 </target>

 <target name="prepare-store-certutil-common" depends="init-common" if="isNSS">
     <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true" output="${cert.rfc.file}">
         <!--
             LD_LIBRARY_PATH is needed on Unix platforms and should have no
             effect on Windows
         -->
         <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
         <arg line="-L -n '${cert.nickname}' -a"/>
         <arg value="-d"/>
         <arg file="${nss.db.dir}"/>
     </exec>
     <antcall target="import-cert-jks">
         <param name="cert.alias" value="${cert.nickname}"/>
         <param name="keystore.file" value="${mytruststore.db.file}"/>
         <param name="cert.file" value="${cert.rfc.file}"/>
     </antcall>

     <antcall target="generate-jks-key"/>
     <exec executable="${java.home}/bin/keytool" failonerror="true">
         <arg line="-export -rfc -alias ssltest -file ${keycert.rfc.file} -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
     </exec>

     <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
         <!--
             LD_LIBRARY_PATH is needed on Unix platforms and should have no
             effect on Windows
         -->
         <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
         <arg line="-A -n ssltest -i ${keycert.rfc.file} -a"/>
         <arg value="-t"/>
         <arg value="P,p,p"/>
         <arg value="-d"/>
         <arg file="${nss.db.dir}"/>
     </exec>
 </target>

 <target name="prepare-store-keytool-common" depends="init-common" unless="isNSS">
     <copy file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks" tofile="${mytruststore.db.file}"/>
     <antcall target="generate-jks-key"/>

     <exec executable="${java.home}/bin/keytool" failonerror="true">
         <arg line="-export -rfc -alias ssltest -file ${keycert.rfc.file} -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
     </exec>
     <exec executable="${java.home}/bin/keytool" failonerror="true">
         <arg line="-import -trustcacerts -alias ssltest -storepass '${ssl.password}' -noprompt "/>
         <arg value="-file"/>
         <arg file="${keycert.rfc.file}"/>
         <arg value="-keystore"/>
         <arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
     </exec>
 </target>

 <target name="generate-jks-key" depends="init-common">
     <exec executable="${java.home}/bin/keytool" failonerror="true">
         <arg line="-genkey -alias ssltest -dname"/>
         <arg value="CN=SSLTest, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US"/>
         <arg value="-validity"/>
         <arg value="3650"/>
         <arg value="-keypass"/>
         <arg value="${ssl.password}"/>
         <arg value="-keystore"/>
         <arg value="${mykeystore.db.file}"/>
         <arg value="-storepass"/>
         <arg value="${ssl.password}"/>
     </exec>
 </target>

 <target name="remove-store-common" depends="env-check">
     <property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>

     <delete quiet="true" file="${mykeystore.db.file}"/>
     <delete quiet="true" file="${keycert.rfc.file}"/>

     <antcall target="remove-store-certutil-common"/>
     <antcall target="remove-store-keytool-common"/>
 </target>

 <target name="remove-store-certutil-common" depends="init-common" if="isNSS">
     <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
         <!--
             LD_LIBRARY_PATH is needed on Unix platforms and should have no
             effect on Windows
         -->
         <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
         <arg line="-D -n ssltest "/>
         <arg value="-d"/>
         <arg file="${nss.db.dir}"/>
     </exec>
 </target>

 <target name="remove-store-keytool-common" depends="init-common" unless="isNSS">
     <exec executable="${java.home}/bin/keytool" failonerror="true">
         <arg line="-delete -alias ssltest -storepass '${ssl.password}'"/>
         <arg value="-keystore"/>
         <arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
     </exec>
 </target>

 <!-- this target parpare stores with client and server have the same key -->
 <target name="prepare-store-nickname-common" depends="env-check">
     <property name="cert.rfc.file" location="${build.base.dir}/${cert.nickname}.rfc"/>
     <property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>
     <delete quiet="true" file="${mytruststore.db.file}"/>
     <delete quiet="true" file="${mykeystore.db.file}"/>
     <delete quiet="true" file="${cert.rfc.file}"/>
     <delete quiet="true" file="${keycert.rfc.file}"/>

     <mkdir dir="${build.base.dir}"/>
     <antcall target="prepare-store-nickname-certutil-common"/>
     <antcall target="prepare-store-nickname-keytool-common"/>
 </target>

 <target name="prepare-store-nickname-keytool-common" depends="init-common" unless="isNSS">
     <copy file="${admin.domain.dir}/${admin.domain}/config/keystore.jks" tofile="${mykeystore.db.file}"/>
     <copy file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks" tofile="${mytruststore.db.file}"/>
 </target>

 <target name="prepare-store-nickname-certutil-common" depends="init-common" if="isNSS">
     <antcall target="export-cert-p12-nss">
         <param name="cert.file" value="${build.base.dir}/s1as.p12"/>
         <param name="cert.dir" value="${nss.db.dir}"/>
         <param name="certdb.pwd" value="${ssl.password}"/>
         <param name="cert.pwd" value="${ssl.password}"/>
         <param name="cert.nickname" value="${cert.nickname}"/>
     </antcall>
     <antcall target="convert-pkcs12-to-jks">
         <param name="pkcs12.file" value="${build.base.dir}/s1as.p12"/>
         <param name="pkcs12.pass" value="${ssl.password}"/>
         <param name="jks.file" value="${mykeystore.db.file}"/>
         <param name="jks.pass" value="${ssl.password}"/>
     </antcall>
     <antcall target="get-certdb-to-jks">
         <param name="cert.nickname" value="${cert.nickname}"/>
     </antcall>
 </target>

 <target name="export-cert-p12-nss" depends="init-common">
     <exec executable="${env.S1AS_HOME}/lib/pk12util">
         <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
         <arg line="-o ${cert.file}"/>
         <arg line="-d ${cert.dir}"/>
         <arg line="-n ${cert.nickname}"/>
         <arg line="-K ${certdb.pwd}"/>
         <arg line="-W ${cert.pwd}"/>
     </exec>
 </target>


 <target name="convert-pkcs12-to-jks" depends="init-common">
     <delete file="${jks.file}" failonerror="false"/>
     <java classname="com.sun.enterprise.security.KeyTool">
         <arg line="-pkcs12"/>
         <arg line="-pkcsFile ${pkcs12.file}"/>
         <arg line="-pkcsKeyStorePass ${pkcs12.pass}"/>
         <arg line="-pkcsKeyPass ${pkcs12.pass}"/>
         <arg line="-jksFile ${jks.file}"/>
         <arg line="-jksKeyStorePass ${jks.pass}"/>
         <classpath>
             <pathelement path="${s1as.classpath}"/>
             <pathelement path="${env.JAVA_HOME}/jre/lib/jsse.jar"/>
             <pathelement path="${env.JAVA_HOME}/bundle/Classes/jsse.jar"/>
         </classpath>
     </java>
 </target>


 <!-- Get certificate from NSS db to JKS format -->
 <target name="get-certdb-to-jks" depends="init-common">
     <exec executable="${env.S1AS_HOME}/lib/certutil" output="${admin.domain.dir}/${admin.domain}/config/certdb.rfc">
         <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
         <arg line="-L -n ${cert.nickname}"/>
         <arg line="-d ${nss.db.dir} -a"/>
     </exec>
     <antcall target="import-cert-jks">
         <param name="cert.alias" value="${cert.nickname}"/>
         <param name="keystore.file" value="${mytruststore.db.file}"/>
         <param name="cert.file" value="${admin.domain.dir}/${admin.domain}/config/certdb.rfc"/>
     </antcall>
 </target>

 <target name="import-cert-jks">
     <exec executable="${java.home}/bin/keytool" failonerror="true">
         <arg line="-import -trustcacerts -alias ${cert.alias} -storepass '${ssl.password}' -noprompt "/>
         <arg value="-file"/>
         <arg file="${cert.file}"/>
         <arg value="-keystore"/>
         <arg file="${keystore.file}"/>
     </exec>
 </target>

 <!-- for WSS -->
 <target name="enable-wss-message-security-provider" depends="init-common">
    <exec executable="${ASADMIN}">
       <arg line="set"/>
       <arg line="${as.props}"/>
       <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_provider=${wss.server.provider.name}"/>
    </exec>
    <exec executable="${ASADMIN}">
       <arg line="set"/>
       <arg line="${as.props}"/>
       <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_client_provider=${wss.client.provider.name}"/>
    </exec>
 </target>

 <target name="disable-wss-message-security-provider" depends="init-common">
    <exec executable="${ASADMIN}">
       <arg line="set"/>
       <arg line="${as.props}"/>
       <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_provider="/>
    </exec>
    <exec executable="${ASADMIN}">
       <arg line="set"/>
       <arg line="${as.props}"/>
       <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_client_provider="/>
    </exec>
 </target>

 <target name="set-wss-provider-request-auth-recipient" depends="init-common">
    <exec executable="${ASADMIN}">
       <arg line="set"/>
       <arg line="${as.props}"/>
       <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.request-policy.auth_recipient=${request.auth.recipient}"/>
    </exec>
 </target>

 <target name="set-wss-provider-response-auth-recipient" depends="init-common">
    <exec executable="${ASADMIN}">
       <arg line="set"/>
       <arg line="${as.props}"/>
       <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.response-policy.auth_recipient=${response.auth.recipient}"/>
    </exec>
 </target>

 <target name="backup-glassfish-acc.xml" depends="init-common">
     <copy overwrite="true" failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.SAVE"/>
 </target>

 <target name="enable-wss-appclient-message-security-provider" depends="init-common">
     <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="&quot;SOAP&quot;>" value="&quot;SOAP&quot; default-client-provider=&quot;${wss.client.provider.name}&quot;>"/>
 </target>

 <target name="set-wss-appclient-request-recipient">
     <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="request-policy auth-source" value="request-policy auth-recipient=&quot;${request.auth.recipient}&quot; auth-source"/>
 </target>

 <target name="set-wss-appclient-response-recipient">
     <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="response-policy auth-source" value="response-policy auth-recipient=&quot;${response.auth.recipient}&quot; auth-source"/>
 </target>

 <target name="disable-wss-appclient-message-security-provider" depends="init-common">
     <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="&quot;SOAP&quot; default-client-provider=&quot;${wss.client.provider.name}&quot;>" value="&quot;SOAP&quot;>"/>
 </target>

 <target name="unset-wss-appclient-request-recipient">
     <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="request-policy auth-recipient=&quot;${request.auth.recipient}&quot; auth-source" value="request-policy auth-source"/>
 </target>

 <target name="unset-wss-appclient-response-recipient">
     <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="response-policy auth-recipient=&quot;${response.auth.recipient}&quot; auth-source" value="response-policy auth-source"/>
 </target>

 <target name="setJAXWSToolsForWin" if="isWindows">
     <property name="WSGEN" value="${env.S1AS_HOME}/bin/wsgen.bat"/>
     <property name="WSIMPORT" value="${env.S1AS_HOME}/bin/wsimport.bat"/>
     <property name="ASAPT" value="${env.S1AS_HOME}/bin/asapt.bat"/>
 </target>

 <target name="setJAXWSToolsForUnix" if="isUnix">
     <property name="WSGEN" value="${env.S1AS_HOME}/bin/wsgen"/>
     <property name="WSIMPORT" value="${env.S1AS_HOME}/bin/wsimport"/>
     <property name="ASAPT" value="${env.S1AS_HOME}/bin/asapt"/>
 </target>

 <target name="wsgen" depends="init-common,setJAXWSToolsForWin,setJAXWSToolsForUnix">
     <exec executable="${WSGEN}" failonerror="true" >
         <arg line="${wsgen.args}" />
     </exec>
 </target>

 <target name="wsimport" depends="init-common,setJAXWSToolsForWin,setJAXWSToolsForUnix">
     <exec executable="${WSIMPORT}" failonerror="true" >
         <env key="WSIMPORT_OPTS" value="${wsimport.VMARGS}"/>
         <arg line="${wsimport.args}" />
     </exec>
 </target>
	<!--

	Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.

	This program and the accompanying materials are made available under the
	terms of the Eclipse Public License v. 2.0, which is available at
	http://www.eclipse.org/legal/epl-2.0.

	This Source Code may also be made available under the following Secondary
	Licenses when the conditions for such availability set forth in the
	Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
	version 2 with the GNU Classpath Exception, which is available at
	https://www.gnu.org/software/classpath/license.html.

	SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

	-->

	<!-- common security tasks -->
	<property name="webtest.classname" value="org.apache.tomcat.task.GTest"/>
	<property name="webtest.classpath" value="${env.APS_HOME}/lib/testdriversecurity.jar:${env.APS_HOME}/lib/commons-logging.jar"/>
	<property name="webtest.report.dir" value="${env.APS_HOME}/"/>
	<!-- this is for referencing generate key/trust stores in client -->
	<property name="mykeystore.db.file" value="${env.APS_HOME}/build/__keystore.jks"/>
	<property name="mytruststore.db.file" value="${env.APS_HOME}/build/__cacerts.jks"/>
	<property name="appserver.config.name" value="server-config"/>

	<condition property="wsimport.VMARGS" value="${env.WSIMPORT_OPTS}" else="">
	<isset property="env.WSIMPORT_OPTS" />
	</condition>

	<target name="init-security-util" depends="gethostname">
	<!-- <ant dir="${env.APS_HOME}/devtests/security/util" target="all"/>
	<taskdef name="s1asCN" classname="devtests.security.util.S1ASCN" classpath="${env.APS_HOME}/devtests/security/util/build:${env.S1AS_HOME}/lib/appserv-rt.jar"/>
	<s1asCN/>
	<echo message="s1as CN = ${s1asCN}"/> -->
	</target>
	<target name="gethostname">
	<exec executable="hostname" osfamily="unix" failifexecutionfails="false" outputproperty="env.COMPUTERNAME"/>
	<property name="s1asCN" value="${env.COMPUTERNAME}" />
	<echo message="s1as CN = ${s1asCN}"/>
	</target>
	<!-- Create auth realm -->
	<target name="create-auth-realm" depends="init-common">
	<echo message="Creating auth realm ${realmname} ..."/>
	<exec executable="${ASADMIN}">
	<arg line="create-auth-realm"/>
	<arg line="${as.props} --target=${appserver.instance.name}"/>
	<arg line="--classname ${realmclass}"/>
	<arg line="${realmproperties}"/>
	<arg line="${realmname}"/>
	</exec>
	</target>

	<!-- Create file auth realm -->
	<target name="create-auth-filerealm">
	<!-- workaround for handling the special character : in the admin command -->
	<echo message="file=${keyfile.path}" file="temp.txt"/>
	<replace file="temp.txt" token="\" value="/"/>
	<replace file="temp.txt" token=":" value="\\:"/>
	<loadproperties srcFile="temp.txt"/>
	<echo message="${file}"/>
	<delete file="temp.txt"/>

	<antcall target="create-auth-realm">
	<param name="realmname" value="${file.realm.name}"/>
	<param name="realmclass" value="com.sun.enterprise.security.auth.realm.file.FileRealm"/>
	<param name="realmproperties" value="--property file=${file}:jaas-context=fileRealm"/>
	</antcall>
	</target>

	<target name="create-user">
	<antcall target="create-user-common">
	<param name="user" value="harpreet"/>
	<param name="password" value="harpreet"/>
	<param name="groups" value="employee"/>
	</antcall>
	</target>

	<target name="delete-user">
	<antcall target="delete-user-common">
	<param name="user" value="harpreet"/>
	</antcall>
	</target>

	<target name="env-check" depends="init-common">
	<!--
	Determine if we need to use the certutil or the keytool command to
	access the certificate truststore
	-->
	<property name="nss.db.dir" location="${admin.domain.dir}/${admin.domain}/config"/>
	<condition property="isNSS">
	<and>
	<available file="${nss.db.dir}/cert8.db"/>
	<available file="${nss.db.dir}/key3.db"/>
	<available file="${nss.db.dir}/secmod.db"/>
	</and>
	</condition>
	</target>

	<!-- this target parpare stores with client and server have different keys -->
	<target name="prepare-store-common" depends="env-check">
	<property name="cert.rfc.file" location="${build.base.dir}/${cert.nickname}.rfc"/>
	<property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>
	<delete quiet="true" file="${mytruststore.db.file}"/>
	<delete quiet="true" file="${mykeystore.db.file}"/>
	<delete quiet="true" file="${cert.rfc.file}"/>
	<delete quiet="true" file="${keycert.rfc.file}"/>

	<mkdir dir="${build.base.dir}"/>
	<antcall target="prepare-store-certutil-common"/>
	<antcall target="prepare-store-keytool-common"/>
	</target>

	<target name="prepare-store-certutil-common" depends="init-common" if="isNSS">
	<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true" output="${cert.rfc.file}">
	<!--
	LD_LIBRARY_PATH is needed on Unix platforms and should have no
	effect on Windows
	-->
	<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
	<arg line="-L -n '${cert.nickname}' -a"/>
	<arg value="-d"/>
	<arg file="${nss.db.dir}"/>
	</exec>
	<antcall target="import-cert-jks">
	<param name="cert.alias" value="${cert.nickname}"/>
	<param name="keystore.file" value="${mytruststore.db.file}"/>
	<param name="cert.file" value="${cert.rfc.file}"/>
	</antcall>

	<antcall target="generate-jks-key"/>
	<exec executable="${java.home}/bin/keytool" failonerror="true">
	<arg line="-export -rfc -alias ssltest -file ${keycert.rfc.file} -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
	</exec>

	<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
	<!--
	LD_LIBRARY_PATH is needed on Unix platforms and should have no
	effect on Windows
	-->
	<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
	<arg line="-A -n ssltest -i ${keycert.rfc.file} -a"/>
	<arg value="-t"/>
	<arg value="P,p,p"/>
	<arg value="-d"/>
	<arg file="${nss.db.dir}"/>
	</exec>
	</target>

	<target name="prepare-store-keytool-common" depends="init-common" unless="isNSS">
	<copy file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks" tofile="${mytruststore.db.file}"/>
	<antcall target="generate-jks-key"/>

	<exec executable="${java.home}/bin/keytool" failonerror="true">
	<arg line="-export -rfc -alias ssltest -file ${keycert.rfc.file} -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
	</exec>
	<exec executable="${java.home}/bin/keytool" failonerror="true">
	<arg line="-import -trustcacerts -alias ssltest -storepass '${ssl.password}' -noprompt "/>
	<arg value="-file"/>
	<arg file="${keycert.rfc.file}"/>
	<arg value="-keystore"/>
	<arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
	</exec>
	</target>

	<target name="generate-jks-key" depends="init-common">
	<exec executable="${java.home}/bin/keytool" failonerror="true">
	<arg line="-genkey -alias ssltest -dname"/>
	<arg value="CN=SSLTest, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US"/>
	<arg value="-validity"/>
	<arg value="3650"/>
	<arg value="-keypass"/>
	<arg value="${ssl.password}"/>
	<arg value="-keystore"/>
	<arg value="${mykeystore.db.file}"/>
	<arg value="-storepass"/>
	<arg value="${ssl.password}"/>
	</exec>
	</target>

	<target name="remove-store-common" depends="env-check">
	<property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>

	<delete quiet="true" file="${mykeystore.db.file}"/>
	<delete quiet="true" file="${keycert.rfc.file}"/>

	<antcall target="remove-store-certutil-common"/>
	<antcall target="remove-store-keytool-common"/>
	</target>

	<target name="remove-store-certutil-common" depends="init-common" if="isNSS">
	<exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
	<!--
	LD_LIBRARY_PATH is needed on Unix platforms and should have no
	effect on Windows
	-->
	<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
	<arg line="-D -n ssltest "/>
	<arg value="-d"/>
	<arg file="${nss.db.dir}"/>
	</exec>
	</target>

	<target name="remove-store-keytool-common" depends="init-common" unless="isNSS">
	<exec executable="${java.home}/bin/keytool" failonerror="true">
	<arg line="-delete -alias ssltest -storepass '${ssl.password}'"/>
	<arg value="-keystore"/>
	<arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
	</exec>
	</target>

	<!-- this target parpare stores with client and server have the same key -->
	<target name="prepare-store-nickname-common" depends="env-check">
	<property name="cert.rfc.file" location="${build.base.dir}/${cert.nickname}.rfc"/>
	<property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>
	<delete quiet="true" file="${mytruststore.db.file}"/>
	<delete quiet="true" file="${mykeystore.db.file}"/>
	<delete quiet="true" file="${cert.rfc.file}"/>
	<delete quiet="true" file="${keycert.rfc.file}"/>

	<mkdir dir="${build.base.dir}"/>
	<antcall target="prepare-store-nickname-certutil-common"/>
	<antcall target="prepare-store-nickname-keytool-common"/>
	</target>

	<target name="prepare-store-nickname-keytool-common" depends="init-common" unless="isNSS">
	<copy file="${admin.domain.dir}/${admin.domain}/config/keystore.jks" tofile="${mykeystore.db.file}"/>
	<copy file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks" tofile="${mytruststore.db.file}"/>
	</target>

	<target name="prepare-store-nickname-certutil-common" depends="init-common" if="isNSS">
	<antcall target="export-cert-p12-nss">
	<param name="cert.file" value="${build.base.dir}/s1as.p12"/>
	<param name="cert.dir" value="${nss.db.dir}"/>
	<param name="certdb.pwd" value="${ssl.password}"/>
	<param name="cert.pwd" value="${ssl.password}"/>
	<param name="cert.nickname" value="${cert.nickname}"/>
	</antcall>
	<antcall target="convert-pkcs12-to-jks">
	<param name="pkcs12.file" value="${build.base.dir}/s1as.p12"/>
	<param name="pkcs12.pass" value="${ssl.password}"/>
	<param name="jks.file" value="${mykeystore.db.file}"/>
	<param name="jks.pass" value="${ssl.password}"/>
	</antcall>
	<antcall target="get-certdb-to-jks">
	<param name="cert.nickname" value="${cert.nickname}"/>
	</antcall>
	</target>

	<target name="export-cert-p12-nss" depends="init-common">
	<exec executable="${env.S1AS_HOME}/lib/pk12util">
	<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
	<arg line="-o ${cert.file}"/>
	<arg line="-d ${cert.dir}"/>
	<arg line="-n ${cert.nickname}"/>
	<arg line="-K ${certdb.pwd}"/>
	<arg line="-W ${cert.pwd}"/>
	</exec>
	</target>


	<target name="convert-pkcs12-to-jks" depends="init-common">
	<delete file="${jks.file}" failonerror="false"/>
	<java classname="com.sun.enterprise.security.KeyTool">
	<arg line="-pkcs12"/>
	<arg line="-pkcsFile ${pkcs12.file}"/>
	<arg line="-pkcsKeyStorePass ${pkcs12.pass}"/>
	<arg line="-pkcsKeyPass ${pkcs12.pass}"/>
	<arg line="-jksFile ${jks.file}"/>
	<arg line="-jksKeyStorePass ${jks.pass}"/>
	<classpath>
	<pathelement path="${s1as.classpath}"/>
	<pathelement path="${env.JAVA_HOME}/jre/lib/jsse.jar"/>
	<pathelement path="${env.JAVA_HOME}/bundle/Classes/jsse.jar"/>
	</classpath>
	</java>
	</target>


	<!-- Get certificate from NSS db to JKS format -->
	<target name="get-certdb-to-jks" depends="init-common">
	<exec executable="${env.S1AS_HOME}/lib/certutil" output="${admin.domain.dir}/${admin.domain}/config/certdb.rfc">
	<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
	<arg line="-L -n ${cert.nickname}"/>
	<arg line="-d ${nss.db.dir} -a"/>
	</exec>
	<antcall target="import-cert-jks">
	<param name="cert.alias" value="${cert.nickname}"/>
	<param name="keystore.file" value="${mytruststore.db.file}"/>
	<param name="cert.file" value="${admin.domain.dir}/${admin.domain}/config/certdb.rfc"/>
	</antcall>
	</target>

	<target name="import-cert-jks">
	<exec executable="${java.home}/bin/keytool" failonerror="true">
	<arg line="-import -trustcacerts -alias ${cert.alias} -storepass '${ssl.password}' -noprompt "/>
	<arg value="-file"/>
	<arg file="${cert.file}"/>
	<arg value="-keystore"/>
	<arg file="${keystore.file}"/>
	</exec>
	</target>

	<!-- for WSS -->
	<target name="enable-wss-message-security-provider" depends="init-common">
	<exec executable="${ASADMIN}">
	<arg line="set"/>
	<arg line="${as.props}"/>
	<arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_provider=${wss.server.provider.name}"/>
	</exec>
	<exec executable="${ASADMIN}">
	<arg line="set"/>
	<arg line="${as.props}"/>
	<arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_client_provider=${wss.client.provider.name}"/>
	</exec>
	</target>

	<target name="disable-wss-message-security-provider" depends="init-common">
	<exec executable="${ASADMIN}">
	<arg line="set"/>
	<arg line="${as.props}"/>
	<arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_provider="/>
	</exec>
	<exec executable="${ASADMIN}">
	<arg line="set"/>
	<arg line="${as.props}"/>
	<arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_client_provider="/>
	</exec>
	</target>

	<target name="set-wss-provider-request-auth-recipient" depends="init-common">
	<exec executable="${ASADMIN}">
	<arg line="set"/>
	<arg line="${as.props}"/>
	<arg line="${appserver.config.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.request-policy.auth_recipient=${request.auth.recipient}"/>
	</exec>
	</target>

	<target name="set-wss-provider-response-auth-recipient" depends="init-common">
	<exec executable="${ASADMIN}">
	<arg line="set"/>
	<arg line="${as.props}"/>
	<arg line="${appserver.config.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.response-policy.auth_recipient=${response.auth.recipient}"/>
	</exec>
	</target>

	<target name="backup-glassfish-acc.xml" depends="init-common">
	<copy overwrite="true" failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.SAVE"/>
	</target>

	<target name="enable-wss-appclient-message-security-provider" depends="init-common">
	<replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token=""SOAP">" value=""SOAP" default-client-provider="${wss.client.provider.name}">"/>
	</target>

	<target name="set-wss-appclient-request-recipient">
	<replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="request-policy auth-source" value="request-policy auth-recipient="${request.auth.recipient}" auth-source"/>
	</target>

	<target name="set-wss-appclient-response-recipient">
	<replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="response-policy auth-source" value="response-policy auth-recipient="${response.auth.recipient}" auth-source"/>
	</target>

	<target name="disable-wss-appclient-message-security-provider" depends="init-common">
	<replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token=""SOAP" default-client-provider="${wss.client.provider.name}">" value=""SOAP">"/>
	</target>

	<target name="unset-wss-appclient-request-recipient">
	<replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="request-policy auth-recipient="${request.auth.recipient}" auth-source" value="request-policy auth-source"/>
	</target>

	<target name="unset-wss-appclient-response-recipient">
	<replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="response-policy auth-recipient="${response.auth.recipient}" auth-source" value="response-policy auth-source"/>
	</target>

	<target name="setJAXWSToolsForWin" if="isWindows">
	<property name="WSGEN" value="${env.S1AS_HOME}/bin/wsgen.bat"/>
	<property name="WSIMPORT" value="${env.S1AS_HOME}/bin/wsimport.bat"/>
	<property name="ASAPT" value="${env.S1AS_HOME}/bin/asapt.bat"/>
	</target>

	<target name="setJAXWSToolsForUnix" if="isUnix">
	<property name="WSGEN" value="${env.S1AS_HOME}/bin/wsgen"/>
	<property name="WSIMPORT" value="${env.S1AS_HOME}/bin/wsimport"/>
	<property name="ASAPT" value="${env.S1AS_HOME}/bin/asapt"/>
	</target>

	<target name="wsgen" depends="init-common,setJAXWSToolsForWin,setJAXWSToolsForUnix">
	<exec executable="${WSGEN}" failonerror="true" >
	<arg line="${wsgen.args}" />
	</exec>
	</target>

	<target name="wsimport" depends="init-common,setJAXWSToolsForWin,setJAXWSToolsForUnix">
	<exec executable="${WSIMPORT}" failonerror="true" >
	<env key="WSIMPORT_OPTS" value="${wsimport.VMARGS}"/>
	<arg line="${wsimport.args}" />
	</exec>
	</target>