From aeba732ba576c03fee22d5261411e7bc399c1893 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Sun, 27 Jan 2008 20:42:10 +0000
Subject: [PATCH] SEC-647: Created separate "certificates" directory so SSL
 certificates and keys can be shared between different sample applications.
 Added key for user "scott" and separate certificate authority pem file (can
 be installed in a browser).

---
 samples/certificates/Readme.txt               |  10 ++++++++
 samples/certificates/ca.pem                   |  22 ++++++++++++++++++
 samples/{tutorial => certificates}/dianne.p12 | Bin
 samples/{tutorial => certificates}/rod.p12    | Bin
 samples/certificates/scott.p12                | Bin 0 -> 1768 bytes
 samples/{tutorial => certificates}/server.jks | Bin
 samples/tutorial/pom.xml                      |   4 ++--
 7 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 samples/certificates/Readme.txt
 create mode 100644 samples/certificates/ca.pem
 rename samples/{tutorial => certificates}/dianne.p12 (100%)
 rename samples/{tutorial => certificates}/rod.p12 (100%)
 create mode 100644 samples/certificates/scott.p12
 rename samples/{tutorial => certificates}/server.jks (100%)

diff --git a/samples/certificates/Readme.txt b/samples/certificates/Readme.txt
new file mode 100644
index 0000000000..64b415cf83
--- /dev/null
+++ b/samples/certificates/Readme.txt
@@ -0,0 +1,10 @@
+This directory contains certificates and keys for use with SSL in the sample applications. Certificates are issued by
+our "Spring Security Test CA" certificate authority.
+
+ca.pem     - the certificate authority's certificate.
+server.jks - Java keystore containing the server certificate and privatekey. It Also contains the certificate authority
+             file and this is used as both keystore and truststore for they jetty server when running the samples with
+             the maven jetty plugin ("mvn jetty:run").
+
+rod.p12, dianne.p12, scott.p12 are all certificate/key combinations for client authentication and can be installed in
+your browser if you want to try out support for X.509 authentication.
\ No newline at end of file
diff --git a/samples/certificates/ca.pem b/samples/certificates/ca.pem
new file mode 100644
index 0000000000..a5b52ca9d7
--- /dev/null
+++ b/samples/certificates/ca.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIEMKX1dzANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMC
+R0IxETAPBgNVBAgTCFNjb3RsYW5kMRAwDgYDVQQHEwdHbGFzZ293MRkwFwYDVQQK
+ExBTcHJpbmcgRnJhbWV3b3JrMRgwFgYDVQQLEw9TcHJpbmcgU2VjdXJpdHkxIDAe
+BgNVBAMTF1NwcmluZyBTZWN1cml0eSBUZXN0IENBMB4XDTA4MDEyNTExMTIyMVoX
+DTE4MDIyNTAwMDAwMFowgYkxCzAJBgNVBAYTAkdCMREwDwYDVQQIEwhTY290bGFu
+ZDEQMA4GA1UEBxMHR2xhc2dvdzEZMBcGA1UEChMQU3ByaW5nIEZyYW1ld29yazEY
+MBYGA1UECxMPU3ByaW5nIFNlY3VyaXR5MSAwHgYDVQQDExdTcHJpbmcgU2VjdXJp
+dHkgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzl/wEe
+snYrwqaGZuB8hmwACtptazh1+eXCfd66FkioxlLF7yTnjCC7DT+vmMgSuThIEIsN
+xlxLpEgyU3bU8GIuR8wyYIyvuSMcptdFJLV7NKYuRycxpDuqimTM7Br0nfNgKVEv
+1QwguGWr6YN3aZ68/xe/D5xyPhakKu++7VFXIXw9f0+nqojdrFTqQ6l9GAVRgfX6
+h4JOaV1VFx83y2pnFj0iFneVxRcvXyWnyXlcOvJDIyVuyS/hYxb+E5rtBvp5XQ0o
+5CP4OMwCZGx/jEqlL8oO7BwEgu9aEBxKvoIKJmHDTHgWIxgawTrKabmong4utnMI
+yNrhsI77bmh2U7UCAwEAAaMQMA4wDAYDVR0PBAUDAwcGADANBgkqhkiG9w0BAQUF
+AAOCAQEAuD8W9Ukkfyi0y65mwguFVAqBC3RSTMRXcjbLQV4rMDM/Q9kjA6acY4Ta
+WgxGTwNCydqaqwDVsmn+6Je8Lp2xm9KLDLypVdNopGs+Mlfo55dhwqymXkQw1oJI
+CPhR3nBmGEnSWW0UY9bPlpxRF2D5GDVwpuxDtXvWa4baPwRRI9MxwPWHA3ITl+fc
+s9QVKy+pRAnuP9MSIp755cJ1CODOn2ElNCqnxxsZmcWcmI3LkHAwTmegl3PVvhrk
+MKMEA/neshh/M/hWGNTFt77Hoa7pU9dv5RCWFvZPqsUgPrwGrmUvcmSDir3lSWQm
+SuSED2LKVo+BFqwWS+jp49AR9b8B/Q==
+-----END CERTIFICATE-----
diff --git a/samples/tutorial/dianne.p12 b/samples/certificates/dianne.p12
similarity index 100%
rename from samples/tutorial/dianne.p12
rename to samples/certificates/dianne.p12
diff --git a/samples/tutorial/rod.p12 b/samples/certificates/rod.p12
similarity index 100%
rename from samples/tutorial/rod.p12
rename to samples/certificates/rod.p12
diff --git a/samples/certificates/scott.p12 b/samples/certificates/scott.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f0a6357e730752bd6b2f05658ec8a1a85ade6de9
GIT binary patch
literal 1768
zcmV<E1{e7-f(GOQ0Ru3C2BHQDDuzgg_YDCD0ic2glLUeWk1&D;i!g!)hXx5MhDe6@
z4FLxRpn?W?FoFhj0s#Opf(C5{2`Yw2hW8Bt2LUi71_~;MNQU<f0So~KFct(5$?Mk2
z+G>@jf7w>$2!v?*0s;rnfPw}%uQ6CU(Nz)C_gUU@<NSk@=K%dM`Aa4K%PN}wtf4J&
zn*h^xL~7y(+n9zKJRNg!^9ZxG?lBY>R@`pK{nk{#voCp;uha`md~4O@7hBjyQh3eo
z2Dr>lsCwI_;J6Q9#e*Q-_2+&^`>0prztBJEvGhS1c`XtNV#hQTuC?S}RhFW4^~y*B
zGgpJ+#R0=#oF0A<*-4I$xyyy&-M9;-oo<2b313{3rZTX}48q01?bD|PnrOk?fe`jn
z_l_~K{O0pPH9tTM=eTSKvvoTn-f{ST$8AZdRaF9nV80a}RvM6@0ts#9CoR`k^0@Sh
z<_tf3>whiFAMtPX(^GOeCDz3<QCP}Q|FkC3KqAnLcHF8x=Z@#b+T`!A8jaSfFyYQJ
zUn2!|77{ZOfot>r`cDl-IXYFT#jDV;`W7i0#kMF@@&$0@?xH#ec23RAm&A2OB4P0<
z@=z4KlB&fTb%svo>dJffN^0CR-3zA@$VY2+<cnegu*F-9PtFjlO{_27)$U8`Fza{m
z88$3W<tX;iLZqNM1|QQgxvS3%ujl7a<bv%yiSm^))H(Mmw$FMZS5h>TFl>Vy_3o>~
zXkA|xn~hqi<yEZSPkkeJJ{OEr{zFu{ap+KCWZp#YMAf8sN;L|#IasMCxFZLMSmS5&
zqa`)Xq0BHmt4Mf-Mz#3*^XEs}8}0!MlX;E!PU3~%S%_*iI=Ii)$(0(bZA?p{9B;WA
zI<L|SSTF_7ZDwNw_H!)0fl?+*c1uNx)he2@n~ukg{e&qX)?uc_dJIoq(ub`UENj;$
z`9)7lcsIs>U>JpesBOi7R~2s-8P+**;kfW?XbWQHMh^z(FT?3GQ4LBzlh%tIMtWFo
zG#E<mwp0-+q6}?`&sQ~tKgpupX4Uu()5mH~jVu*kw%JpOf(5cH0k_V6fcycAL@bJn
zcy*+k*tHn_Ng_aH@5)uL9SiT^OTI3ta>r$LwKuC)<R+cG%$eBZNu7n6>OQztsIN3W
z8v1+Ad#ai{N?c%;l@v6&v6IC;KD4yUL=yCjguAc;DnA8`gCTH@C9!T+i19x;@!kG5
zebit)i6ut-TIo41YO|`MkA4y7#wsxs6S?70lQ8%f>(iX`bEZIeZEr7;`n74|=7Xj3
zJT~w61y-v&U?7RqM_O|_*;RPS8?|Q3Bcq3yo<IXnIVHOh6qoO*2PvHAYd3WRc<&jN
z*nIvTyq@hI%L3?@YIf#c*EEWpz80yfCwB9CG*~K8UD8MY2A?fCMZV}~CJ^2*&#YBR
zc(sQJMa-eY<vj8Zaf4zN{cS+cg(s##AUGl_Iu;QUfUNF5xeZgsqp%52DgfAwHOflu
zvGAOtp7R~H;yQKakX^^&H0|RQ970N$T+rfFUK|ULapDmVFC}#)&8CV{aFnYnUA7}Y
zZVnXz^cs=F8NNMgFDz}7XA|;nP?hRSp-uu+kNIb6hm?P5q>53=GM1CbtWl_p!n*#1
ztFk}3$cAyy7HC|5m<m5XlG{2)&+ml?&8ufdD7cve*mDt1H7mY?az7$rJGa!q3w?l^
zN1f@P%|`_(wx4Jp*5MU6*TO2~i*$Mt2kp_#<BNRZ*;8vh-?uDaxdx5=XG6S+B+Vk#
z%b%w>VIt5(1{Wk<gnaQeB=<ZRYza5#J?KsEGxgyR@2G(|DNhXe!?uGN7W|obx98(s
zNVQ=0ujWZ3GC+0z>*nddhl4G#5=b+?@URP3+(Iau3Iq8YsEntB-R@2;%w7^0OD<9G
zzHa*RbCEssx#1=w*2Te1SxaxMahd}x?$pG_0XvvSYp*5>QK5GKuYcWCoE3YhIvVQN
zlT7h+OxHdb-Pm-(-x&jr6J<77g$;-HJj-)COD)MSKaVx*zxDn{*?Daf7=f->R@b%e
zjiy)c86OA)aNG^VHK~!e^eMG~`QHoGtzQr6g`X4N?bK4|@Qf1p+*g^eK+Un={OOl~
zO%x9HmFZ`_(N_5fPm+?;Ijlir02QE?-!F;}3aMvVbT07Sm){U{Ilz_LOI{q#3)5j?
zIk%D<FLcNsM!H5ZI+C856Ii>p?AO7AQ3%sfDqDqRwP}NB+5Ls(M@;Pn#=1)-e9^#f
zFgY+GFbM_)D-Ht!8U+9Z6qH(bRzE1NLfB>#tCj=qGCB<P!2}RcCF!EjEox!(dl^&I
Kr5SVr0te8k#Z8g`

literal 0
HcmV?d00001

diff --git a/samples/tutorial/server.jks b/samples/certificates/server.jks
similarity index 100%
rename from samples/tutorial/server.jks
rename to samples/certificates/server.jks
diff --git a/samples/tutorial/pom.xml b/samples/tutorial/pom.xml
index b87d27f50e..2d5b504422 100644
--- a/samples/tutorial/pom.xml
+++ b/samples/tutorial/pom.xml
@@ -103,10 +103,10 @@
                         </connector>
                         <connector implementation="org.mortbay.jetty.security.SslSocketConnector">
                             <port>8443</port>
-                            <keystore>server.jks</keystore>
+                            <keystore>../certificates/server.jks</keystore>
                             <password>password</password>
                             <keyPassword>password</keyPassword>
-                            <truststore>server.jks</truststore>
+                            <truststore>../certificates/server.jks</truststore>
                             <trustPassword>password</trustPassword>
                             <wantClientAuth>true</wantClientAuth>
                             <needClientAuth>false</needClientAuth>