webserver-signatures modifications

Signed-off-by: Maxim Nesen <[email protected]>

examples/security/webserver-signatures/README.md

@@ -14,6 +14,10 @@ There are two examples with exactly the same behavior
     2. "internal" service protected by a combination of basic authentication (for user propagation) and http signature
     (for service authentication)
 
+## Steps to generate keystore (optional)
+1. run the scripts ``auomatic-store-generator.sh`` (openssl and keytool are required to be present on the PATH)
+2. move generated ``keystore.p12`` into the ``main/resources`` folder
+
 ## Build and run
 
 ```bash

examples/security/webserver-signatures/automatic-store-generator.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copyright (c) 2024 Oracle and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+echo 'Generate new key store...'
+keytool -genkeypair -keyalg RSA -keysize 2048 -alias service_cert -dname "CN=security.j4c,O=Oracle,L=Prague,ST=Some-State,C=CZ" -validity 21650 -keystore keystore.p12 -storepass changeit -keypass changeit -deststoretype pkcs12
+echo 'Obtaining certificate...'
+keytool -exportcert -keystore keystore.p12 -storepass changeit -alias service_cert -rfc -file service_cert.cer
+
+echo 'Adding single private key to the keystore...'
+openssl pkcs12 -in keystore.p12 -nodes -out keystore-private.key -nocerts -passin pass:changeit
+openssl pkcs12 -inkey keystore-private.key -export -out keystore.p12 -name myprivatekey -passin pass:changeit -passout pass:changeit -nocerts
+
+echo 'Adding self-signed certificate to the keystore...'
+keytool  -importcert  -alias service_cert -file service_cert.cer -keystore keystore.p12 -storepass changeit -noprompt
+
+echo 'Cleaning key and cer files'
+rm keystore-private.key  service_cert.cer
+
+

examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java

@@ -219,7 +219,7 @@ private static OutboundTarget rsaTarget() {
                                                                         "src/main/resources/keystore.p12")))
                                                                 .keystorePassphrase("changeit".toCharArray())
                                                                 .keyAlias("myprivatekey")
-                                                                .keyPassphrase("password")
+                                                                .keyPassphrase("changeit")
                                                                 .build())
                                       .build())
                 .build();

examples/security/webserver-signatures/src/main/resources/service1.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2016, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -70,7 +70,7 @@ security:
                   passphrase: "changeit"
                   # alias of the key to sign request
                   key.alias: "myprivatekey"
-                  key.passphrase: "password"
+                  key.passphrase: "changeit"
   web-server:
     # Configuration of integration with web server
     defaults: