From 65d98a78f955441e991c43fb81843f514f332d40 Mon Sep 17 00:00:00 2001
From: Maxim Nesen <maxim.nesen@oracle.com>
Date: Thu, 4 Jan 2024 13:42:52 +0100
Subject: [PATCH] webserver-signatures modifications

Signed-off-by: Maxim Nesen <maxim.nesen@oracle.com>
---
 .../security/webserver-signatures/README.md   |   4 +++
 .../automatic-store-generator.sh              |  33 ++++++++++++++++++
 .../SignatureExampleBuilderMain.java          |   2 +-
 .../src/main/resources/keystore.p12           | Bin 2716 -> 2693 bytes
 .../src/main/resources/service1.yaml          |   4 +--
 5 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100755 examples/security/webserver-signatures/automatic-store-generator.sh

diff --git a/examples/security/webserver-signatures/README.md b/examples/security/webserver-signatures/README.md
index 887e297d..bfeafcf7 100644
--- a/examples/security/webserver-signatures/README.md
+++ b/examples/security/webserver-signatures/README.md
@@ -14,6 +14,10 @@ There are two examples with exactly the same behavior
     2. "internal" service protected by a combination of basic authentication (for user propagation) and http signature
     (for service authentication)
 
+## Steps to generate keystore (optional)
+1. run the scripts ``auomatic-store-generator.sh`` (openssl and keytool are required to be present on the PATH)
+2. move generated ``keystore.p12`` into the ``main/resources`` folder
+
 ## Build and run
 
 ```bash
diff --git a/examples/security/webserver-signatures/automatic-store-generator.sh b/examples/security/webserver-signatures/automatic-store-generator.sh
new file mode 100755
index 00000000..e82097c4
--- /dev/null
+++ b/examples/security/webserver-signatures/automatic-store-generator.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copyright (c) 2024 Oracle and/or its affiliates.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+echo 'Generate new key store...'
+keytool -genkeypair -keyalg RSA -keysize 2048 -alias service_cert -dname "CN=security.j4c,O=Oracle,L=Prague,ST=Some-State,C=CZ" -validity 21650 -keystore keystore.p12 -storepass changeit -keypass changeit -deststoretype pkcs12
+echo 'Obtaining certificate...'
+keytool -exportcert -keystore keystore.p12 -storepass changeit -alias service_cert -rfc -file service_cert.cer
+
+echo 'Adding single private key to the keystore...'
+openssl pkcs12 -in keystore.p12 -nodes -out keystore-private.key -nocerts -passin pass:changeit
+openssl pkcs12 -inkey keystore-private.key -export -out keystore.p12 -name myprivatekey -passin pass:changeit -passout pass:changeit -nocerts
+
+echo 'Adding self-signed certificate to the keystore...'
+keytool  -importcert  -alias service_cert -file service_cert.cer -keystore keystore.p12 -storepass changeit -noprompt
+
+echo 'Cleaning key and cer files'
+rm keystore-private.key  service_cert.cer
+
+
diff --git a/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java b/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java
index ff0b1bbf..880f2ec7 100644
--- a/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java
+++ b/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java
@@ -219,7 +219,7 @@ private static OutboundTarget rsaTarget() {
                                                                         "src/main/resources/keystore.p12")))
                                                                 .keystorePassphrase("changeit".toCharArray())
                                                                 .keyAlias("myprivatekey")
-                                                                .keyPassphrase("password")
+                                                                .keyPassphrase("changeit")
                                                                 .build())
                                       .build())
                 .build();
diff --git a/examples/security/webserver-signatures/src/main/resources/keystore.p12 b/examples/security/webserver-signatures/src/main/resources/keystore.p12
index d9bee733524ffbde9f8fb02a5dd44ce69cd72dad..17b7fbeb7823d3a18e4b6a394f71eb14d73a0971 100644
GIT binary patch
literal 2693
zcmaKuc{CLM7Qko5j2V-eFjMv|g|Rh$jeRWHLZT;YmIm3^ktNK8u@y-eAzL9COCzGh
zki9H3UX4hWNutQlmXs{dJMW!3@1OU_J@?$tz4!ay_j4|m0#5(|xv&(tA~%mhido7Q
z0tf}(qrk<$6u8g<Mq??E!vASOZh|S0>jyaLAmX_X{dbEO4g}q!KvWN)GS=bu1_Xh%
zz+(QCyjU?X?Al>ufqeZCHwXj+V0pP=|9Jw$0|8*gxp@dFW<W14Fi-)^cRB|fC?~*h
z>d7S1Ut=97!4&X_g?tpQvdt#Dtzftk8m`{qqKIF{)r!Ao-HX7OBdQbLx)iyY1U(>X
z6(}Gn@m(%;LL(UTOztPErJjI^Zo_M~2*f<BZ5DraHNbYS%22e5R{GUntKAp9%a1O+
zJ1}N1{v7mPKzJl{VMwxNT35ynEwX8wnC#z~H`WSINV@0&@tfD+8Gsa4AR~d3TYP=s
zIjp*@rKhg3BdYX9#J;afXmyOArysXp_atBcDq!-I>70I<X}@$C&B26TbA>5--Czgr
z%?ho)u-?^8UDkt5MJ~pQ2Co{0$r96%QZMXG>6@T1qk6jD&|ilyZdH`Oiyr^_3(>jG
zTUEaQ*}HVA?4iGT0E-OwxZ0ouAl0uf3PA?lx~)I1u<MW}ax|th&;9COT`b!jv9iX1
z1pk1Y%v&F19ag$-G2R?Dn0R>}@wd~P31X4SAxRsTZ;}~_0j4`P<$<18a&}%klP{cT
z9%vF&^rl8KaB8|6)2dwMJaxU*Yy6m<oV!CC6*=^in33+6jIt%7tyM%yEfi70Sv=ut
z@QQQo<SA`h@zna6mTQuHcZKxGINd{A!2Z_FfNvymL4%8vX}w=wzb_>}TlEa{e09?#
z?CJP@Y!|B4l#|w!x^XG8(_5Q9Lpbitm&y({X?|YsEuiaYn<{N7<d+>=-Z{K6`_Y1!
z1)FSBLVD&V9Irv9`<faSFEaIo!R=0i@Dc&%$HQXwn?-rOFpj=*{rKG~97*@p$!x(&
zS*il5;4@MrSl`vRRSPPXpcE=_@^-)Fj4e$*z8IhuBgflUV<G^3G<(nZBSTEN61kH;
z)DXT>;@LWIw(Q;Gw0mbX*B*{{kbeXo-ET_IuK)#_iJrz(EY(SMDE<?b<VHwJQA4i9
z&HQroZL^Qfc6P5C87uQYobt*_W)OMZm6?aUJcc8VIb#A(n2TGQBG>i{doRViW3u6y
z_lxasZfJPTnsqNwlLItFBHJP)cs>VYW=VXNgsCMi4DX(};U-C`%dC>C_>$4LwdRbj
zJDK3fVUXgMtP2w+|CVhRDmE7z<>8eX8mndM#*G^1oqL#MbMTE!zJA$Iq4-9mgc(i_
z^Fz2yci!s>=-`M~4z<3H5t9Z16gr&-{lF9WvWIr*&d`B@w4Nse%gMAS@>p|A3JZEZ
zYg2luUC_`;7jU1%qboG>GYP+?IGgI^H@})XFv&soj?Pzk%&Mi41w5@7#5erzw=8am
zZD|XPVkD)C=A#bLrE|%#@3SVR{dcU6@++4HHmIi6W@$7eGTeQ@Wgi-53nUV&{dkAN
zpGp_@jOV(hZCv4;vaWtzV3;>A(YU(;^9j%T5FG3)_fyUopEcPc)rXv0nIL!GVLYwU
zLs!WT^I3eLVhM)%xMMfo_uY>3Jez@k{Bk!EFCJsdfS$tX)#uSOS8o9^ro16GmNPR>
zIqG}c7<k;}tFexPhVDN-{IvgCS%Nb-yKoy9C!b%9ZX(WMtRTJ3YM+{gqEC9l5&4M<
zpFYJ(C!sjX(M!Zo)mOK<j}BwgH7<v(a976%gHAnOa2T$!8dB&!v)t^<7LjnP5<(lL
zDI0#|dV9`;ElV^1*kP-=j@ii=Q6&G6&~S5n+n(}nJ!Ng_o8S|A4p@Qpk0Mn(R_?bS
zdC;mN5<-9=Kr|o}5C-rAL;~Ca;Q%i{z(GV~`Tq<aQ3ZoR*aO{yiN7I~`yK`Cae&-F
zK)^xzqhTlz>-~G|z{yTn%|9hCRuPP5ADu>#2V?NY+OZ7}o~$sXrJ55#AUQq|Q0o6G
z`Z#H&CnhOt6rCoy=Y<nQ##6XB3+HOL;`=x4_9?liVV2KqkXdy~xfW>V8<WqPUPS-Y
ztqvz*PC;76YQrkGGITG0;F~InT@uL~Q7CG1p6a&@!DW#QSBm1^4*!BDwlZJl3nF09
zCPk6Hj>D!?JjAjG!b;UcljiT#_Pjmv0t#A;DM{d(Un)_yo{qG>Xi=Xm^c=?}jcbgJ
zxHuFRm7f~XAg}4HJ{4(qD#M|f7`N>qb+~<YJy1d>&Kk|4^-c0XG0Bu&{L)cBO-e}a
zP{xZn3C8&1UzJk5L9SM(*=8irZkG-L(@}p(&!pR6IRn+GR9}g=v`GH(%R+Hm(3$qV
zSf{71QwtNArd2UQtHquNstL25hf_=QYle>E7r#3OQ#)n$%3LMBYZ|nsPw8k``EaP=
z&bv5pV~@uzHRBuZZ4(G#OZDij;-n|`63?1>3r^-hI+Z-S46IeYz>>cUOMQ`GqDGI<
z@+QNKJLv24vu9w}eDV?8;>KC;;uK;Cqh!^$^c7x3w4cxiV6JdOwgr!Nzp?kT+F%L$
zH-v#Et4CxH-BP0g)YDdlc0s&;g6mta$B2ll8=}mgq~t5mkkjv(x9-$1%nO2LGqp?!
z+t%v*Ybbvfigms3Zc{x)nKnkAP8RwCD;6zb2y;l#N*ytl1%OadbN8cVgUXhH*UY<)
z+VS0b9piNI?22l=P~7B~mO@fv%#m^zNdI2PSjc7biZM9-&U&d*kl<Lndr025hF2ja
zk{%0TT+iK5mtvc|NBx)nuGmX*AP--tPcs|ryYObFJ@m)|bCiv;34g$a(z#fyw1S3R
z_EnhK&p4hdY}}F<GG_ybm$}2HsFdsvUAAoouE^~A_WeWW=|=G9{o`}Wclfp+NnJf@
z{v)0^ViVuhNzlj%PSmJxOD|H>=#A_Nq(4#Xbko@Ot((_&1k*`$pEE@p$7s{AEi<ks
z%tSTk<Q$`nf+F{qx97y{tfP)i+3!DGs_%bfO<Vo|)9mRgsy%Jjaia=-1}G%mymp%z
z*vY-_RY)lgRmm6N-$^!OQ!nqH2pUY8O1aZxZ|+gTN*0s6@6yaBmYNj4dwA(3WOZ2O
zwtSY(F;LfSh67ImRET-=bA{C!TYboVjOxag=Z|(DIeUq4LFlyNBi8p>6u9t{hk0tc
z_ob*J+~L4#?BZOHQjq0i^`42Ig%>{rx`wVb<3kV`1eWGASyDJxwP0^?M(nF&1we)o
z!M`$UO{)Y83OT`UHqm&{JHyrNojV4w`GEFm%eK?kyIIBHs8Eftl@2!YKT+k>7wwJG
zpWLPqiTW=@(2CD>N#+b1m0*2=j6HWC9>niU4FrS$z*2d!=ax%2u{))9Sefg~S@Gw~
sx0@8_u9!2{e8OA8Sgm06G2i>Z@A=ft*lj@rB~GK5gT<8mzfZt_0qsW35dZ)H

delta 2681
zcmV-<3WoKC6`U1+FoFu00s#Xsf(lXw2`Yw2hW8Bt2LYgh3PS{f3O_J{3Og`@1y}|N
zDuzgg_YDCD0ic2fNd$rgMKFQ|K`?>^Jq8OZhDe6@4FL=a0Ro_c1nw|`1nMvx1_~;M
zNQU<f0So~HFb)I=+2A(CG<Yt?0s;sC1cC&}OzNeAc>XniavL!nB><Ki<nbmgVWURJ
z9DbNaJoNiS)a-ZGSD}eSH>x?Jg6&Yr#+qo)xN#%4B?o)4KzBMj7d?Qk2Jb(4vrZ*f
zK}p^^HhSx933rT+98(aw_%bDfrDf)wkDXiOHd+dUBvKJ<$)7{^hr{|bJ>&cOqZtG!
z?XPT9DXPJLMH1uqAkoy>b0Dog41|RYO9z1<ukQQz@=~)=7Fpsr(UVkxcOXq3Dn#$|
zKL|L-oS4l8466+w6nKfWCLa#rf(JhW)EgZuW++6QIGP57{y>bME`SS}ME`hZU!lb8
zDyB&k;YWtmw_or-(p3%c8Y1#qojg@U4d2qe|JZGR^yUIgPYg)-tFBKYBLEZduD(s_
zDDiN%;;$$TL*<41qk|MQmKBxj$$T{rwe$KC_sml-yqA*jksHQdv433Ji*ys*?QgT9
z;qQhGf0{Zf-H43QY7RIj1PN#q8Fk*cCgUZb7P!)d=tF&`WA{gsJo4L$M}M!Oo12d8
z8^x1<zOqvu!8hwhJMYxdH%6`zruHFrFNTiRdT!kCdi^_!H+cL-q<zEw5Ib((T$BqN
zN@oq*e6*Bv$zjHj%gDNJ&Xa$!5Z!}Zz2GW3Z20@<9PyX+bYIVxb`d#J%iw$A=vry=
znru<rd$1_VaMWQp4zkE*We;gF9}4a$>%T*P9I)_`s$58V6@~|IH4N$zMY4ac`NFdv
zeJ!L{7#=I9kGr#dBoKNfB{T8&eyo@FXWaoev_FIJxS}fD#+JgD;~~~qMgL&_-*O_7
zABb%1P`9#m`hxL1R_4@9i6x=td;074ow}$%&GCsO1c2L;Y-wEVVyAsT-ryBqeO~{6
zq1W~ATzD>^PvqK&n+t`#rV?wq6Hw)T&q7B9mMm397)ru_euRobiN*=?>I-OH(83|u
z=?S26Ot;#DYTTkkNr1dRkjl+*5d<&qZ#f|*KmGpU-Q0e_adAo|o--PzqRGAsPjlf6
z7P)eGVJmMnP-Kbc2|w+2K`)iXPDDh1&<N?oZ*&92X#DN6_gMeWilKfgU0I*B-U>5L
zNlOa+B~xl(h9e1OA<{>{fjnP-KdsXs(hdm089YqpM|V(ua1C*ry(1TfUpgdkovr0g
zp+w=P^0l>T!L0P0#CF)df!;&=p`MY-@DdY0an|A6oPmfD>||`;dcyQB<J3QYe?-ul
z<^Q%JFm4Sa`p>3$d3zG~O%b{gvg4pM2*Oy&prvt;{F!5vv7cTKKW8h*e$<8r_mj-|
zFEQTC$k$^%2XTFq=s?g_Nn|x(4D`4x(fgc<&Ev`fQZnig1o3#4nAi2wZ<OY{gyfX4
z3<mE|^{HBl0S9oy({nmOHKi<nj%Gs4HR2F{d#QK-09VEZSLl4+|KL7AZrhWHY+d_X
z5&<FV?%0W1J$yR(qeq??4(@(Ll=`^c^$2&j6H}{Qn<P6Ccv!U<G~|!6SVC|7Dxm~Q
zr5p(!W9}79QRlt_c?rj^9s$>FRR81`h^?%GOHEWSj?1C01tudjHC`Y}G<!b$OTW6A
zNPERp7M^V^V=WMw&Zks4pxD0fykMdf=rZ=7Klr7RgQCjG??rO+F07GY(?U*{w<_vJ
zuD)89RwX;x;`rXURv?pu1wnt?1_>&LNQU<f0S5-4f&|Pkf&|C{0RS+91i=OgDuzgg
z_YDCD0Wc^A3Mz(3hW8Bt3;_l(8Uz%-_}l(?2!6&Uh;#??VZIDy$%tnH0t5hnf&_?e
z-&6A3UjDZn>uJn)4XfZR?o>V|cKDJOsz;-27o?|#RVYhVJ|WO2FRXtg6@S^4V-gxo
zGpZ_sfql_ytG$SjJbO+Z>vypn2s>4QMMP8z@|t4L>kVDFtp1<ba-d?%A)UOog_>=t
zi`>1!TI$5ixdzV8x*_w{<zvTWtep>)wYeXH+`>3g9}IAFai%O2+f0D8l`BdFyVnN8
zN~RK;A^T27bQ-%_p-+Fi=z5V|<N7Fn2$acWEddO*OeTmshJIB?r-&7dtfK)K-<vCZ
zn_ZKzpRKMnnP6*3xl+B&nEOlUpw>=8a?%Ge?2s}6rC98;h8}+ic%u*{#4&H@Hy+b9
zOVcb9outRMk!Io-)yRKc4F}RKgg)M>i8YQC2l>CiStM0nXq<n3+khK_msxj<;PTEG
z+6^h$VEV&JESxD>-um=Fa>q-t3tmudss49SM$mWAweLAQ8Ej=!qf*+Oz3isWu1GOB
z)+2}PGfR*fF#IZe>B>N(4e6k^Mji(w>(kFD2vS?i@crH+U7To;w#=6j+x<Fd+hiwz
zk0d2f?!%e{jwye5re}X^G*F%--q{3TXe|g2lbqzRJeeZ+4n&EcX|s!s_+4*T%PW|A
zves>8_w^ZEF4NSDC2zO78yxfbk^G1m_H-ox$t9?<Js%-xa?<BHFKMO7ja%&^eEJ>Y
zd03N)AGB1n%Vp~fNpMG-o>20-TI<hN`<6$@EttwK>N|f}%@v(naXVrt!PbYQ{@}$w
z`kvPW=*#zTBh93mOOn)!=Bq=|Y2B?fh0NbKv3)Gu#oa=dh)VuLZM0wB=QItd*(-O4
zX=+J(ss}E2BtrSo#$M>`Snu(=QyL3Kru4n9z!5DmjT-rtT4Dwm2(6HTa6{DWNQ{%D
z`|ks9)%Abof=<hRDWu{^D2T~6lyx>2^Phmtws^8#3Wwp2qn8K0w*ehSP-ZK4ZbUSH
zOxkil!cFgq2FJB?ao-4PGYBk5w8(-@>y+v{Hf_Z4fe|2_9mUOhmaJH|dD2$)<ym&G
z0U;+zxYs33@}~jpq4VGA9w0i!ne0P(>8~QZaIb&xuI6FO!0I(lQ2x)c$%2Pdg3p|$
zj0e10-2kKoJLNf#>|0#O*@NV14po>|;Fj{{^SFiwkZBIfSDHIIukh0hEi4hd(~&$z
zZiK&%X0GTyJq~Ua{Zqnxh}aqu|2UP7e*!ExIxTm?3@}qh#7r%#?iVum&V468_r>Te
zilTo!b4}wDZF>89s+VNW7`;#%3-KbT_1UeCCc$9aO)=xo;52(OFu?MY`Eohbc|Rke
zv4>s{v~YT@=Z}TgF!viknni>DPMt~7lH4Si;>e<zNS6Z`Z~l=|u9@#^^yqJw(}cvN
zjeWh`iK4n~T~mwNiQPqfpunn?(?Puq0{DMkJiPubvtx3Cbly{!gA^g>C4%%sz8y>w
zopkJhzn;wQRqwa|@a;z$CRWVz@|47kPrysxbL<0<eHpEe4p-;8MV$~wgZ^9WPownT
z)XR?f!9QKx!gJT#YmW-fH2o4$P+7=~Fg-9KFbM_)D-Ht!8U+9Z6csK11GL?v1~Mgs
nfBW^y6N_K)xKRWYB)-PoW6x2cFK{TGYVTBXgZerS0s;g8pTQA6

diff --git a/examples/security/webserver-signatures/src/main/resources/service1.yaml b/examples/security/webserver-signatures/src/main/resources/service1.yaml
index 8adf06f0..fe1db8b3 100644
--- a/examples/security/webserver-signatures/src/main/resources/service1.yaml
+++ b/examples/security/webserver-signatures/src/main/resources/service1.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2016, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -70,7 +70,7 @@ security:
                   passphrase: "changeit"
                   # alias of the key to sign request
                   key.alias: "myprivatekey"
-                  key.passphrase: "password"
+                  key.passphrase: "changeit"
   web-server:
     # Configuration of integration with web server
     defaults: