blob: ab34c019b8cb39d75b5fb34993b2d56726bde9f1 [file] [log] [blame]
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
This program and the accompanying materials are made available under the
terms of the Eclipse Public License v. 2.0, which is available at
http://www.eclipse.org/legal/epl-2.0.
This Source Code may also be made available under the following Secondary
Licenses when the conditions for such availability set forth in the
Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
version 2 with the GNU Classpath Exception, which is available at
https://www.gnu.org/software/classpath/license.html.
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
-->
<!DOCTYPE project [
<!ENTITY commonSetup SYSTEM "file:../../../config/properties.xml">
<!ENTITY commonBuild SYSTEM "file:../../../config/common.xml">
<!ENTITY reporting SYSTEM "file:../report.xml">
]>
<project name="webservice_security" default="usage" basedir=".">
&commonSetup;
&commonBuild;
&reporting;
<target name="check-nss" depends="init-common">
<!--
Determine if we need to use the certutil or the keytool command to
access the certificate truststore
-->
<property name="nss.db.dir" location="${admin.domain.dir}/${admin.domain}/config"/>
<condition property="use.certutil">
<and>
<or>
<available file="${env.S1AS_HOME}/lib/certutil"/>
<available file="${env.S1AS_HOME}/lib/certutil.exe"/>
</or>
<available file="${nss.db.dir}/cert8.db"/>
<available file="${nss.db.dir}/key3.db"/>
<available file="${nss.db.dir}/secmod.db"/>
</and>
</condition>
</target>
<target name="setup" depends="init-common, check-nss">
<echo message="Creating the valid certificate in kestore.jks"/>
<exec executable="${java.home}/bin/keytool" failonerror="false">
<arg value="-genkey"/>
<arg value="-alias"/>
<arg value="s1astester"/>
<arg value="-keypass"/>
<arg value="${ssl.password}"/>
<arg value="-keystore"/>
<arg value="keystore.jks"/>
<arg value="-storepass"/>
<arg value="${ssl.password}"/>
<arg value="-dname"/>
<arg value="cn=Duke Smith, ou=Purchasing, o=BlueSoft, c=US"/>
</exec>
<echo message="Creating the invalid certificate in invalid_kestore.jks"/>
<exec executable="${java.home}/bin/keytool" failonerror="false">
<arg value="-genkey"/>
<arg value="-alias"/>
<arg value="s1astester"/>
<arg value="-keypass"/>
<arg value="${ssl.password}"/>
<arg value="-keystore"/>
<arg value="invalid_keystore.jks"/>
<arg value="-storepass"/>
<arg value="${ssl.password}"/>
<arg value="-dname"/>
<arg value="cn=Unknown Duke, ou=Prog, o=HackSoft, c=US"/>
</exec>
<antcall target="setup-pe"/>
<antcall target="setup-ee"/>
</target>
<target name="setup-pe" depends="init-common" unless="use.certutil">
<echo message="Exporting appserver public key from ${admin.domain}"/>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-export -alias s1as -keystore ${env.S1AS_HOME}/domains/${admin.domain}/config/keystore.jks -storepass ${ssl.password} -file appserver.cer"/>
</exec>
<echo message="Importing the Appserver certificate"/>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-import -noprompt -alias s1as -keystore cacerts.jks -storepass ${ssl.password} -file appserver.cer"/>
</exec>
<echo message="Extracting tester public key"/>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-export -alias s1astester -keystore keystore.jks -storepass ${ssl.password} -file client.cer"/>
</exec>
<echo message="Importing tester public key in appserver trusted certificates"/>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-import -noprompt -alias s1astester -keystore ${env.S1AS_HOME}/domains/${admin.domain}/config/cacerts.jks -storepass ${ssl.password} -file client.cer"/>
</exec>
<antcall target="restart-pe-server"/>
</target>
<target name="setup-ee" depends="init-common" if="use.certutil">
<echo message="Exporting appserver public key from ${admin.domain}"/>
<exec executable ="${env.S1AS_HOME}/lib/certutil" failonerror="true">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-L -n s1as -d ${env.S1AS_HOME}/domains/${admin.domain}/config -a -o appserver.cer"/>
</exec>
<echo message="Importing the Appserver certificate on the client keystore"/>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-import -noprompt -alias s1as -keystore cacerts.jks -storepass ${ssl.password} -file appserver.cer"/>
</exec>
<echo message="Extracting tester public key"/>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-export -rfc -alias s1astester -keystore keystore.jks -storepass ${ssl.password} -file client.cer"/>
</exec>
<echo message="Importing tester public key in appserver trusted certificates"/>
<exec executable ="${env.S1AS_HOME}/lib/certutil" failonerror="true">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-A -a -n s1astester -t CTP,CTP,CTP -d ${env.S1AS_HOME}/domains/${admin.domain}/config -i client.cer"/>
</exec>
<antcall target="restart-ee-server"/>
</target>
<target name="restart-pe-server">
<echo message="Restarting PE server..."/>
<exec executable="${ASADMIN}" failonerror="false">
<arg line="stop-domain"/>
</exec>
<exec executable="${ASADMIN}" failonerror="true">
<arg line="start-domain"/>
</exec>
</target>
<target name="restart-ee-server">
<echo message="Restarting EE server..."/>
<exec executable="${ASADMIN}" failonerror="false">
<arg line="stop-domain"/>
</exec>
<exec executable="${ASADMIN}" failonerror="true">
<arg line="start-domain --user ${admin.user} --passwordfile ${admin.password.file}"/>
</exec>
</target>
<target name="unsetup" depends="init-common, check-nss">
<delete file="cacerts.jks"/>
<delete file="invalid_keystore.jks"/>
<delete file="keystore.jks"/>
<delete file="appserver.cer"/>
<delete file="client.cer"/>
<antcall target="unsetup-pe"/>
<antcall target="unsetup-ee"/>
</target>
<target name="unsetup-pe" depends="init-common" unless="use.certutil">
<echo message="Removing tester public key from appserver trusted certificates"/>
<exec executable="${java.home}/bin/keytool" failonerror="true">
<arg line="-delete -alias s1astester -keystore ${env.S1AS_HOME}/domains/${admin.domain}/config/cacerts.jks -storepass ${ssl.password}"/>
</exec>
<antcall target="restart-pe-server"/>
</target>
<target name="unsetup-ee" depends="init-common" if="use.certutil">
<echo message="Removing tester public key from appserver trusted certificates"/>
<exec executable ="${env.S1AS_HOME}/lib/certutil" failonerror="true">
<env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
<arg line="-D -n s1astester -d ${env.S1AS_HOME}/domains/${admin.domain}/config"/>
</exec>
<antcall target="restart-ee-server"/>
</target>
<target name="all">
<antcall target="setup"/>
<ant dir="ejb_ssl_cacert" target="all"/>
<ant dir="ejb3_ssl_cacert" target="all"/>
<antcall target="unsetup"/>
</target>
<target name="clean">
<delete>
<fileset dir="${basedir}"
includes="**.output, count.txt"/>
</delete>
<ant dir="ejb_ssl_cacert" target="clean"/>
</target>
<target name="usage">
<echo>
Usage:
ant all (Executes all the webservice security tests)
ant ejb_ssl_cacert (Executes the client certificate ejb ssl endpoint test)
</echo>
</target>
</project>