diff --git a/integration-tests/santuario-xmlsec/pom.xml b/integration-tests/santuario-xmlsec/pom.xml
index 2467efdb9..d814744d7 100644
--- a/integration-tests/santuario-xmlsec/pom.xml
+++ b/integration-tests/santuario-xmlsec/pom.xml
@@ -33,6 +33,11 @@
rest-assured
test
+
+ io.smallrye.certs
+ smallrye-certificate-generator-junit5
+ test
+
@@ -48,207 +53,6 @@
-
- org.codehaus.mojo
- keytool-maven-plugin
-
- 3650
- RSA
- ${keytool.skip}
-
-
-
-
- generate-cxfca-keypair
- generate-sources
-
- clean
- generateKeyPair
-
-
- cxfca
- CN=cxfca, OU=eng, O=apache.org
-
- bc:c=ca:true,pathlen:2147483647
- IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE
-
- cxfca-password
- cxfca-password
- ${project.build.outputDirectory}/cxfca.jks
-
-
-
- export-cxfca-certificate
- generate-sources
-
- exportCertificate
-
-
- cxfca
- ${project.build.outputDirectory}/cxfca.jks
- true
- cxfca-password
- ${project.build.outputDirectory}/cxfca.pem
-
-
-
-
- generate-myclient-keypair
- generate-sources
-
- clean
- generateKeyPair
-
-
- myclient
- CN=myclient, OU=eng, O=apache.org
-
- bc:c=ca:true,pathlen:2147483647
- IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE
-
- myclient-keystore-password
- myclient-keystore-password
- ${project.build.outputDirectory}/myclient-keystore.jks
-
-
-
- generate-myclient-certificate-request
- generate-sources
-
- generateCertificateRequest
-
-
- myclient
- myclient-keystore-password
- ${project.build.outputDirectory}/myclient-keystore.jks
- ${project.build.outputDirectory}/myclient.csr
-
-
-
- sign-myclient-certificate
- generate-sources
-
- generateCertificate
-
-
- cxfca
- cxfca-password
- ${project.build.outputDirectory}/cxfca.jks
- true
- ${project.build.outputDirectory}/myclient.csr
- ${project.build.outputDirectory}/myclient.pem
-
-
-
- import-cxfca-certificate-to-myclientkey-keystore
- generate-sources
-
- importCertificate
-
-
- cxfca
- true
- true
- myclient-keystore-password
- ${project.build.outputDirectory}/myclient-keystore.jks
- ${project.build.outputDirectory}/cxfca.pem
-
-
-
- import-signed-myclientkey-certificate-to-myclient-keystore
- generate-sources
-
- importCertificate
-
-
- myclient
- true
- true
- myclient-keystore-password
- ${project.build.outputDirectory}/myclient-keystore.jks
- ${project.build.outputDirectory}/myclient.pem
-
-
-
-
- generate-myservice-keypair
- generate-sources
-
- clean
- generateKeyPair
-
-
- myservice
- CN=myservice, OU=eng, O=apache.org
-
- bc:c=ca:true,pathlen:2147483647
- IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE
-
- myservice-keystore-password
- myservice-keystore-password
- ${project.build.outputDirectory}/myservice-keystore.jks
-
-
-
- generate-myservice-certificate-request
- generate-sources
-
- generateCertificateRequest
-
-
- myservice
- myservice-keystore-password
- ${project.build.outputDirectory}/myservice-keystore.jks
- ${project.build.outputDirectory}/myservice.csr
-
-
-
- sign-myservice-certificate
- generate-sources
-
- generateCertificate
-
-
- cxfca
- cxfca-password
- ${project.build.outputDirectory}/cxfca.jks
- true
- ${project.build.outputDirectory}/myservice.csr
- ${project.build.outputDirectory}/myservice.pem
-
-
-
- import-cxfca-certificate-to-myservice-keystore
- generate-sources
-
- importCertificate
-
-
- cxfca
- true
- true
- myservice-keystore-password
- ${project.build.outputDirectory}/myservice-keystore.jks
- ${project.build.outputDirectory}/cxfca.pem
-
-
-
- import-signed-myservice-certificate-to-myservice-keystore
- generate-sources
-
- importCertificate
-
-
- myservice
- true
- true
- myservice-keystore-password
- ${project.build.outputDirectory}/myservice-keystore.jks
- ${project.build.outputDirectory}/myservice.pem
-
-
-
-
diff --git a/integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java b/integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java
index 8a247d0a2..80e533d4e 100644
--- a/integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java
+++ b/integration-tests/santuario-xmlsec/src/main/java/io/quarkiverse/xmlsec/it/XmlsecResource.java
@@ -38,16 +38,20 @@
@ApplicationScoped
public class XmlsecResource {
+ public static final String LOCALHOST_KEYSTORE_PASSWORD = "myservice-keystore-password";
+
+ public static final String CLIENT_KEYSTORE_PASSWORD = "myclient-keystore-password";
+
public static final List PAYMENT_INFO = List.of(new QName("urn:example:po", "PaymentInfo"));
private final KeyStore keyStore;
public XmlsecResource() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
// Set up the Key
- keyStore = KeyStore.getInstance("jks");
+ keyStore = KeyStore.getInstance("pkcs12");
keyStore.load(
- this.getClass().getClassLoader().getResource("myservice-keystore.jks").openStream(),
- "myservice-keystore-password".toCharArray());
+ this.getClass().getClassLoader().getResource("localhost-keystore.p12").openStream(),
+ LOCALHOST_KEYSTORE_PASSWORD.toCharArray());
}
/**
@@ -62,7 +66,7 @@ public XmlsecResource() throws KeyStoreException, NoSuchAlgorithmException, Cert
@POST
@Path("/{encryption}/encrypt")
public byte[] encrypt(byte[] plaintext, @PathParam("encryption") Encryption encryption) throws Exception {
- X509Certificate cert = (X509Certificate) keyStore.getCertificate("myservice");
+ X509Certificate cert = (X509Certificate) keyStore.getCertificate("localhost");
// Set up the secret Key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
@@ -86,7 +90,7 @@ public byte[] encrypt(byte[] plaintext, @PathParam("encryption") Encryption encr
@POST
@Path("/{encryption}/decrypt")
public byte[] decrypt(byte[] encrypted, @PathParam("encryption") Encryption encryption) throws Exception {
- Key privateKey = keyStore.getKey("myservice", "myservice-keystore-password".toCharArray());
+ Key privateKey = keyStore.getKey("localhost", LOCALHOST_KEYSTORE_PASSWORD.toCharArray());
return encryption.decrypt(encrypted, "http://www.w3.org/2009/xmlenc11#aes256-gcm", privateKey);
}
@@ -104,12 +108,12 @@ public byte[] decrypt(byte[] encrypted, @PathParam("encryption") Encryption encr
public byte[] signEnveloped(byte[] plaintext, @PathParam("signature") Signing signature) throws Exception {
// Set up the Key
- KeyStore keyStore = KeyStore.getInstance("jks");
+ KeyStore keyStore = KeyStore.getInstance("pkcs12");
keyStore.load(
- this.getClass().getClassLoader().getResource("myclient-keystore.jks").openStream(),
- "myclient-keystore-password".toCharArray());
- Key key = keyStore.getKey("myclient", "myclient-keystore-password".toCharArray());
- X509Certificate cert = (X509Certificate) keyStore.getCertificate("myclient");
+ this.getClass().getClassLoader().getResource("localhost-client-keystore.p12").openStream(),
+ LOCALHOST_KEYSTORE_PASSWORD.toCharArray());
+ Key key = keyStore.getKey("client", CLIENT_KEYSTORE_PASSWORD.toCharArray());
+ X509Certificate cert = (X509Certificate) keyStore.getCertificate("client");
return signature.sign(plaintext, key, cert, PAYMENT_INFO);
}
@@ -127,11 +131,11 @@ public byte[] signEnveloped(byte[] plaintext, @PathParam("signature") Signing si
public void verifyEnveloped(byte[] plaintext, @PathParam("signature") Signing signature) throws Exception {
// Set up the Key
- KeyStore keyStore = KeyStore.getInstance("jks");
+ KeyStore keyStore = KeyStore.getInstance("pkcs12");
keyStore.load(
- this.getClass().getClassLoader().getResource("myclient-keystore.jks").openStream(),
- "myclient-keystore-password".toCharArray());
- X509Certificate cert = (X509Certificate) keyStore.getCertificate("myclient");
+ this.getClass().getClassLoader().getResource("localhost-client-keystore.p12").openStream(),
+ LOCALHOST_KEYSTORE_PASSWORD.toCharArray());
+ X509Certificate cert = (X509Certificate) keyStore.getCertificate("client");
signature.verify(plaintext, cert);
}
diff --git a/integration-tests/santuario-xmlsec/src/main/resources/application.properties b/integration-tests/santuario-xmlsec/src/main/resources/application.properties
index f26d4242e..1374634e4 100644
--- a/integration-tests/santuario-xmlsec/src/main/resources/application.properties
+++ b/integration-tests/santuario-xmlsec/src/main/resources/application.properties
@@ -1 +1 @@
-quarkus.native.resources.includes=myclient-keystore.jks,myservice-keystore.jks
\ No newline at end of file
+quarkus.native.resources.includes = localhost-client-keystore.p12,localhost-keystore.p12
\ No newline at end of file
diff --git a/integration-tests/santuario-xmlsec/src/test/java/io/quarkiverse/xmlsec/it/XmlsecResourceTest.java b/integration-tests/santuario-xmlsec/src/test/java/io/quarkiverse/xmlsec/it/XmlsecResourceTest.java
index b12c27450..1f2afd4af 100644
--- a/integration-tests/santuario-xmlsec/src/test/java/io/quarkiverse/xmlsec/it/XmlsecResourceTest.java
+++ b/integration-tests/santuario-xmlsec/src/test/java/io/quarkiverse/xmlsec/it/XmlsecResourceTest.java
@@ -24,7 +24,20 @@
import org.xml.sax.SAXException;
import io.quarkus.test.junit.QuarkusTest;
-
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Alias;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+
+@Certificates(baseDir = "target/classes", //
+ certificates = @Certificate( //
+ name = "localhost", //
+ password = XmlsecResource.LOCALHOST_KEYSTORE_PASSWORD, //
+ aliases = @Alias(//
+ name = "client", //
+ password = io.quarkiverse.xmlsec.it.XmlsecResource.CLIENT_KEYSTORE_PASSWORD, //
+ client = true), //
+ formats = { Format.PKCS12 }))
@QuarkusTest
public class XmlsecResourceTest {