| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!-- |
| |
| Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. |
| |
| This program and the accompanying materials are made available under the |
| terms of the Eclipse Public License v. 2.0, which is available at |
| http://www.eclipse.org/legal/epl-2.0. |
| |
| This Source Code may also be made available under the following Secondary |
| Licenses when the conditions for such availability set forth in the |
| Eclipse Public License v. 2.0 are satisfied: GNU General Public License, |
| version 2 with the GNU Classpath Exception, which is available at |
| https://www.gnu.org/software/classpath/license.html. |
| |
| SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 |
| |
| --> |
| |
| <!-- Security WSS Testsuites --> |
| <!-- Author: jagadesh.munta@sun.com --> |
| |
| <!DOCTYPE project [ |
| <!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml"> |
| <!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml"> |
| <!ENTITY run SYSTEM "file:./../../../config/run.xml"> |
| <!ENTITY commonSec SYSTEM "file:./../sec-common.xml"> |
| <!ENTITY commonSecProp SYSTEM "file:./../sec-common.properties"> |
| <!ENTITY testproperties SYSTEM "file:./build.properties"> |
| ]> |
| |
| <project name="sec-wss" default="usage" basedir="."> |
| |
| &commonSetup; |
| &commonBuild; |
| &commonSec; |
| &commonSecProp; |
| &testproperties; |
| &run; |
| |
| <target name="all" depends="display-header,init-common"> |
| <antcall target="setup"/> |
| <ant dir="servletjaxws" target="all"/> |
| <ant dir="ejbws" target="all"/> |
| <ant dir="servletws" target="all"/> |
| |
| <antcall target="unsetup"/> |
| </target> |
| |
| <target name="display-header"> |
| <echo message="-->Running ${ant.project.name} tests from ${basedir} ..."/> |
| </target> |
| |
| <target name="run-test"> |
| <ant dir="servletjaxws" target="all"/> |
| <ant dir="ejbws" target="all"/> |
| <ant dir="servletws" target="all"/> |
| </target> |
| |
| <target name="setup" depends="init-common"> |
| <!-- *** The following is commented as message security level is being provided at application level. Uncomment only to test with default provider at server level policies. ** |
| <antcall target="enable-wss-message-security-provider"/> |
| <antcall target="enable-wss-client-message-security-provider"/> |
| <copy failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" |
| tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.baseconfig"/> |
| --> |
| <antcall target="setup-client-cert-s1as"/> |
| <antcall target="create-users"/> |
| <antcall target="enable-wss-log"/> |
| </target> |
| |
| |
| <target name="enable-wss-client-message-security-provider" depends="set-appserver-version"> |
| <antcall target="enable-wss-client-message-security-provider-pe"/> |
| <antcall target="enable-wss-client-message-security-provider-ee"/> |
| </target> |
| |
| <target name="enable-wss-client-message-security-provider-pe" unless="isEE"> |
| <copy failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" |
| tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.sqe"/> |
| <copy overwrite="true" failonerror="false" file="config/glassfish-acc.xml" |
| tofile="config/glassfish-acc.xml.org"/> |
| <replace token="localhost" value="${admin.host}" file="config/glassfish-acc.xml"/> |
| <replace token="3700" value="${orb.port}" file="config/glassfish-acc.xml"/> |
| <replace token="WSS-CLIENT-CONFIG" value="${env.S1AS_HOME}/lib/appclient/wss-client-config-2.0.xml" file="config/glassfish-acc.xml"/> |
| <copy overwrite="true" failonerror="false" file="config/glassfish-acc.xml" |
| todir="${admin.domain.dir}/${admin.domain}/config"/> |
| <copy overwrite="true" file="config/glassfish-acc.xml.org" |
| tofile="config/glassfish-acc.xml"/> |
| </target> |
| |
| <target name="enable-wss-client-message-security-provider-ee" depends="init-common" if="isEE"> |
| <copy file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" |
| tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.sqe"/> |
| <copy overwrite="true" file="config/glassfish-acc.xml.ee" |
| tofile="config/glassfish-acc.xml.ee.org"/> |
| <replace token="localhost" value="${admin.host}" file="config/glassfish-acc.xml.ee"/> |
| <replace token="3700" value="${orb.port}" file="config/glassfish-acc.xml.ee"/> |
| <replace token="WSS-CLIENT-CONFIG" value="${env.S1AS_HOME}/lib/appclient/wss-client-config-2.0.xml" file="config/glassfish-acc.xml.ee"/> |
| <replace token="CERTDB-PATH" value="${admin.domain.dir}/${admin.domain}/config" file="config/glassfish-acc.xml.ee"/> |
| <replace token="CERTDB-PWD" value="${ssl.password}" file="config/glassfish-acc.xml.ee"/> |
| <copy overwrite="true" file="config/glassfish-acc.xml.ee" |
| tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/> |
| <copy overwrite="true" file="config/glassfish-acc.xml.ee.org" |
| tofile="config/glassfish-acc.xml.ee"/> |
| |
| <antcall target="update-wss-client-alias"/> |
| </target> |
| |
| <target name="generate-sample-jks-cert" depends="init-common"> |
| <antcall target="create-sample-self-jks-cert"/> |
| </target> |
| |
| <target name="unsetup" depends="init-common"> |
| |
| <!-- *** The following is commented as message security level is being provided at application level. Uncomment only to test with default provider at server level policies. ** |
| |
| <antcall target="disable-wss-message-security-provider"/> |
| <copy overwrite="true" failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.sqe" |
| tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/> |
| <delete file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.sqe" failonerror="false"/> |
| <delete file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.baseconfig" failonerror="false"/> |
| --> |
| <antcall target="unsetup-client-cert-s1as"/> |
| <antcall target="delete-users"/> |
| <antcall target="disable-wss-log"/> |
| </target> |
| |
| <target name="usage"> |
| <echo message="=============================================="/> |
| <echo message="****** Security-WSS Testsuites *****"/> |
| <echo message="ant all -->Run all tests"/> |
| <echo message="=============================================="/> |
| </target> |
| |
| <target name="restart" depends="init-common"> |
| <antcall target="restart-server-instance-common"/> |
| </target> |
| |
| <target name="setup-client-cert" depends="set-appserver-version"> |
| <antcall target="create-sample-jks-cert"/> |
| <antcall target="est-cert-trust-ee"/> |
| </target> |
| |
| <target name="create-sample-jks-cert" if="isEE"> |
| <antcall target="create-cert-jks-rsa"> |
| <param name="keystore.file" value="clientcert.jks"/> |
| <param name="keystore.pass" value="changeit"/> |
| <param name="key.pass" value="changeit"/> |
| <param name="key.alias" value="clientcert"/> |
| <param name="dname" value="EMAILADDRESS=jagadesh.munta@sun.com, CN=Jagadesh Munta, UID=munta, OU=Java Software, O=Sun Microsystems Inc, C=US"/> |
| </antcall> |
| <antcall target="list-cert-jks"> |
| <param name="keystore.file" value="clientcert.jks"/> |
| <param name="keystore.pass" value="changeit"/> |
| </antcall> |
| </target> |
| |
| <target name="est-cert-trust-ee" depends="init-common" if="isEE"> |
| <antcall target="export-cert-rfc-jks"> |
| <param name="keystore.file" value="clientcert.jks"/> |
| <param name="keystore.pass" value="changeit"/> |
| <param name="cert.alias" value="clientcert"/> |
| <param name="cert.file" value="clientcert_rfc.crt"/> |
| </antcall> |
| <antcall target="import-cert-nss"> |
| <param name="cert.nickname" value="clientcert"/> |
| <param name="cert.trust.options" value="TPu,TPu,TPu"/> |
| <param name="cert.dir" value="${admin.domain.dir}/${admin.domain}/config"/> |
| <param name="cert.file" value="clientcert_rfc.crt"/> |
| </antcall> |
| |
| <!-- JSSE trust store --> |
| <antcall target="est-cert-trust-jks-ee"/> |
| |
| </target> |
| |
| <target name="est-cert-trust-jks-ee" depends="init-common"> |
| <antcall target="get-certdb-to-jks"> |
| <param name="cert.nickname" value="s1as"/> |
| </antcall> |
| <antcall target="import-cert-jks"> |
| <param name="cert.alias" value="clientcert"/> |
| <param name="keystore.file" value="${admin.domain.dir}/${admin.domain}/config/certdb_cacerts.jks"/> |
| <param name="cert.file" value="clientcert_rfc.crt"/> |
| </antcall> |
| |
| </target> |
| |
| <target name="unsetup-client-cert" depends="set-appserver-version"> |
| <antcall target="unsetup-client-cert-ee"/> |
| <antcall target="update-back-wss-client-alias"/> |
| </target> |
| |
| <target name="unsetup-client-cert-ee" if="isEE"> |
| <antcall target="remove-cert-trust-ee"/> |
| <delete file="${admin.domain.dir}/${admin.domain}/config/certdb_cacerts.jks" failonerror="false"/> |
| <delete file="clientcert.jks" failonerror="false"/> |
| <delete file="clientcert_rfc.crt" failonerror="false"/> |
| </target> |
| |
| <target name="remove-cert-trust-ee" depends="init-common"> |
| <antcall target="delete-cert-nss"> |
| <param name="cert.dir" value="${admin.domain.dir}/${admin.domain}/config"/> |
| <param name="cert.nickname" value="clientcert"/> |
| </antcall> |
| </target> |
| |
| <target name="update-wss-client-alias" depends="init-common"> |
| <echo message="commented the clientcert replacement in wss-client-config-2.0.xml" /> |
| <!-- |
| <replace token="s1as" value="clientcert" file="${env.S1AS_HOME}/lib/appclient/wss-client-config-2.0.xml"/> |
| <replace token="s1as" value="clientcert" file="${admin.domain.dir}/${admin.domain}/config/wss-client-config-2.0.xml"/> |
| --> |
| </target> |
| |
| <target name="update-back-wss-client-alias" depends="init-common"> |
| <replace token="clientcert" value="s1as" file="${env.S1AS_HOME}/lib/appclient/wss-client-config-2.0.xml"/> |
| <replace token="clientcert" value="s1as" file="${admin.domain.dir}/${admin.domain}/config/wss-client-config-2.0.xml"/> |
| </target> |
| |
| <target name="setup-client-cert-s1as" depends="set-appserver-version"> |
| <antcall target="setup-client-cert-s1as-ee"/> |
| </target> |
| |
| <target name="unsetup-client-cert-s1as" depends="set-appserver-version"> |
| <antcall target="unsetup-client-cert-s1as-ee"/> |
| </target> |
| |
| <target name="setup-client-cert-s1as-ee" depends="init-common" if="isEE"> |
| <antcall target="export-cert-p12-nss"> |
| <param name="cert.file" value="${env.APS_HOME}/sqetests/security/wss/s1as.p12"/> |
| <param name="cert.dir" value="${admin.domain.dir}/${admin.domain}/config"/> |
| <param name="certdb.pwd" value="${ssl.password}"/> |
| <param name="cert.pwd" value="${ssl.password}"/> |
| <param name="cert.nickname" value="s1as"/> |
| </antcall> |
| <antcall target="convert-pkcs12-to-jks"> |
| <param name="pkcs12.file" value="${env.APS_HOME}/sqetests/security/wss/s1as.p12"/> |
| <param name="pkcs12.pass" value="${ssl.password}"/> |
| <param name="jks.file" value="${env.APS_HOME}/sqetests/security/wss/s1as.jks"/> |
| <param name="jks.pass" value="changeit"/> |
| </antcall> |
| <antcall target="get-certdb-to-jks"> |
| <param name="cert.nickname" value="s1as"/> |
| </antcall> |
| </target> |
| |
| <target name="unsetup-client-cert-s1as-ee" depends="init-common" if="isEE"> |
| <delete failonerror="false" file="${env.APS_HOME}/sqetests/security/wss/s1as.jks"/> |
| <delete failonerror="false" file="${env.APS_HOME}/sqetests/security/wss/s1as.p12"/> |
| <delete failonerror="false" file="${env.APS_HOME}/sqetests/security/wss/certpassfile"/> |
| <delete failonerror="false" file="${env.APS_HOME}/sqetests/security/wss/passfile"/> |
| <delete failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/certdb_cacerts.jks"/> |
| <delete failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/certdb.rfc"/> |
| </target> |
| |
| <target name="enable-wss-log" depends="init-common"> |
| <replace token="dumpMessages="false"" |
| value="dumpMessages="true"" |
| file="${admin.domain.dir}/${admin.domain}/config/wss-server-config-2.0.xml"/> |
| <replace token="dumpMessages="false"" |
| value="dumpMessages="true"" |
| file="${env.S1AS_HOME}/lib/appclient/wss-client-config-2.0.xml"/> |
| <replace token=""WARNING"" |
| value=""INFO"" |
| file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/> |
| </target> |
| |
| <target name="disable-wss-log" depends="init-common"> |
| <replace token="dumpMessages="true"" |
| value="dumpMessages="false"" |
| file="${admin.domain.dir}/${admin.domain}/config/wss-server-config-2.0.xml"/> |
| <replace token="dumpMessages="true"" |
| value="dumpMessages="false"" |
| file="${env.S1AS_HOME}/lib/appclient/wss-client-config-2.0.xml"/> |
| <replace token=""INFO"" |
| value=""WARNING"" |
| file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/> |
| </target> |
| |
| <target name="create-users" depends="init-common"> |
| <antcall target="create-user-common"> |
| <param name="user" value="munta"/> |
| <param name="password" value="munta"/> |
| <param name="groups" value="secgroup"/> |
| </antcall> |
| </target> |
| |
| <target name="delete-users" depends="init-common"> |
| <antcall target="delete-user-common"> |
| <param name="user" value="munta"/> |
| </antcall> |
| </target> |
| |
| |
| <!-- set the appclient log level to FINE to see the wss xml elements --> |
| <target name="set-client-log-fine"> |
| <antcall target="set-client-log-level"> |
| <param name="log.level" value="FINE"/> |
| </antcall> |
| </target> |
| |
| <target name="set-client-log-warning"> |
| <antcall target="set-client-default-log-level"> |
| <param name="log.level" value="FINE"/> |
| </antcall> |
| </target> |
| |
| |
| </project> |
| |