diff --git a/spring-security-modules/spring-security-x509/keystore/Makefile b/spring-security-modules/spring-security-x509/keystore/Makefile deleted file mode 100644 index 2cd7c55c5b..0000000000 --- a/spring-security-modules/spring-security-x509/keystore/Makefile +++ /dev/null @@ -1,92 +0,0 @@ -PASSWORD=changeit -KEYSTORE=keystore.jks -HOSTNAME=localhost -CLIENTNAME=cid -CLIENT_PRIVATE_KEY="${CLIENTNAME}_pk" - -# CN = Common Name -# OU = Organization Unit -# O = Organization Name -# L = Locality Name -# ST = State Name -# C = Country (2-letter Country Code) -# E = Email -DNAME_CA='CN=Baeldung CA,OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC' -# For server certificates, the Common Name (CN) must be the hostname -DNAME_HOST='CN=$(HOSTNAME),OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC' -DNAME_CLIENT='CN=$(CLIENTNAME),OU=baeldung.com,O=Baeldung,L=SomeCity,ST=SomeState,C=CC' -TRUSTSTORE=truststore.jks - -all: clean create-keystore add-host create-truststore add-client - -create-keystore: - # Generate a certificate authority (CA) - keytool -genkey -alias ca -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \ - -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \ - -validity 3650 -dname $(DNAME_CA) \ - -keystore $(KEYSTORE) -storepass $(PASSWORD) - -add-host: - # Generate a host certificate - keytool -genkey -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 \ - -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \ - -validity 3650 -dname $(DNAME_HOST) \ - -keystore $(KEYSTORE) -storepass $(PASSWORD) - # Generate a host certificate signing request - keytool -certreq -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \ - -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \ - -validity 3650 -file "$(HOSTNAME).csr" \ - -keystore $(KEYSTORE) -storepass $(PASSWORD) - # Generate signed certificate with the certificate authority - keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \ - -validity 3650 -sigalg SHA512withRSA \ - -infile "$(HOSTNAME).csr" -outfile "$(HOSTNAME).crt" -rfc \ - -keystore $(KEYSTORE) -storepass $(PASSWORD) - # Import signed certificate into the keystore - keytool -import -trustcacerts -alias $(HOSTNAME) -ext san=dns:localhost,ip:127.0.0.1 \ - -file "$(HOSTNAME).crt" \ - -keystore $(KEYSTORE) -storepass $(PASSWORD) - -export-authority: - # Export certificate authority - keytool -export -alias ca -ext san=dns:localhost,ip:127.0.0.1 -file ca.crt -rfc \ - -keystore $(KEYSTORE) -storepass $(PASSWORD) - - -create-truststore: export-authority - # Import certificate authority into a new truststore - keytool -import -trustcacerts -noprompt -alias ca -ext san=dns:localhost,ip:127.0.0.1 -file ca.crt \ - -keystore $(TRUSTSTORE) -storepass $(PASSWORD) - -add-client: - # Generate client certificate - keytool -genkey -alias $(CLIENT_PRIVATE_KEY) -ext san=dns:localhost,ip:127.0.0.1 \ - -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD) \ - -validity 3650 -dname $(DNAME_CLIENT) \ - -keystore $(TRUSTSTORE) -storepass $(PASSWORD) - # Generate a host certificate signing request - keytool -certreq -alias $(CLIENT_PRIVATE_KEY) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \ - -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \ - -validity 3650 -file "$(CLIENTNAME).csr" \ - -keystore $(TRUSTSTORE) -storepass $(PASSWORD) - # Generate signed certificate with the certificate authority - keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \ - -validity 3650 -sigalg SHA512withRSA \ - -infile "$(CLIENTNAME).csr" -outfile "$(CLIENTNAME).crt" -rfc \ - -keystore $(KEYSTORE) -storepass $(PASSWORD) - # Import signed certificate into the truststore - keytool -import -trustcacerts -alias $(CLIENTNAME) -ext san=dns:localhost,ip:127.0.0.1 \ - -file "$(CLIENTNAME).crt" \ - -keystore $(TRUSTSTORE) -storepass $(PASSWORD) - # Export private certificate for importing into a browser - keytool -importkeystore -srcalias $(CLIENT_PRIVATE_KEY) -ext san=dns:localhost,ip:127.0.0.1 \ - -srckeystore $(TRUSTSTORE) -srcstorepass $(PASSWORD) \ - -destkeystore "$(CLIENTNAME).p12" -deststorepass $(PASSWORD) \ - -deststoretype PKCS12 - # Delete client private key as truststore should not contain any private keys - keytool -delete -alias $(CLIENT_PRIVATE_KEY) \ - -keystore $(TRUSTSTORE) -storepass $(PASSWORD) - -clean: - # Remove generated artifacts - find . \( -name "$(CLIENTNAME)*" -o -name "$(HOSTNAME)*" -o -name "$(KEYSTORE)" -o -name "$(TRUSTSTORE)" -o -name ca.crt \) -type f -exec rm -f {} \; diff --git a/spring-security-modules/spring-security-x509/keystore/keystore.jks b/spring-security-modules/spring-security-x509/keystore/keystore.jks deleted file mode 100644 index 044a820c39..0000000000 Binary files a/spring-security-modules/spring-security-x509/keystore/keystore.jks and /dev/null differ diff --git a/spring-security-modules/spring-security-x509/spring-security-x509-basic-auth/src/main/resources/application.properties b/spring-security-modules/spring-security-x509/spring-security-x509-basic-auth/src/main/resources/application.properties index 53dfe9976a..208cc90b47 100644 --- a/spring-security-modules/spring-security-x509/spring-security-x509-basic-auth/src/main/resources/application.properties +++ b/spring-security-modules/spring-security-x509/spring-security-x509-basic-auth/src/main/resources/application.properties @@ -1,4 +1,4 @@ -server.ssl.key-store=keystore/keystore.jks +server.ssl.key-store=store/keystore.jks server.ssl.key-store-password=changeit server.ssl.key-alias=localhost server.ssl.key-password=changeit diff --git a/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java b/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java index 050423238e..18bbfba835 100644 --- a/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java +++ b/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/java/com/baeldung/spring/security/x509/X509AuthenticationServer.java @@ -23,7 +23,11 @@ public class X509AuthenticationServer extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().authenticated().and().x509().subjectPrincipalRegex("CN=(.*?)(?:,|$)").userDetailsService(userDetailsService()); + http.authorizeRequests().anyRequest().authenticated() + .and() + .x509() + .subjectPrincipalRegex("CN=(.*?)(?:,|$)") + .userDetailsService(userDetailsService()); } @Bean @@ -31,7 +35,7 @@ public class X509AuthenticationServer extends WebSecurityConfigurerAdapter { return new UserDetailsService() { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { - if (username.equals("cid")) { + if (username.equals("Bob")) { return new User(username, "", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")); } throw new UsernameNotFoundException("User not found!"); diff --git a/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/resources/application.properties b/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/resources/application.properties index 743c9c4582..b841a37916 100644 --- a/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/resources/application.properties +++ b/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/resources/application.properties @@ -1,4 +1,4 @@ -server.ssl.key-store=../keystore/keystore.jks +server.ssl.key-store=store/keystore.jks server.ssl.key-store-password=changeit server.ssl.key-alias=localhost server.ssl.key-password=changeit @@ -6,6 +6,6 @@ server.ssl.enabled=true server.port=8443 spring.security.user.name=Admin spring.security.user.password=admin -server.ssl.trust-store=../keystore/truststore.jks +server.ssl.trust-store=store/truststore.jks server.ssl.trust-store-password=changeit server.ssl.client-auth=need \ No newline at end of file diff --git a/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/resources/keystore.jks b/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/resources/keystore.jks deleted file mode 100644 index 044a820c39..0000000000 Binary files a/spring-security-modules/spring-security-x509/spring-security-x509-client-auth/src/main/resources/keystore.jks and /dev/null differ diff --git a/spring-security-modules/spring-security-x509/store/clientBob.p12 b/spring-security-modules/spring-security-x509/store/clientBob.p12 new file mode 100644 index 0000000000..e5d6dbcefb Binary files /dev/null and b/spring-security-modules/spring-security-x509/store/clientBob.p12 differ diff --git a/spring-security-modules/spring-security-x509/store/keystore.jks b/spring-security-modules/spring-security-x509/store/keystore.jks new file mode 100644 index 0000000000..8650651a1e Binary files /dev/null and b/spring-security-modules/spring-security-x509/store/keystore.jks differ diff --git a/spring-security-modules/spring-security-x509/store/rootCA.crt b/spring-security-modules/spring-security-x509/store/rootCA.crt new file mode 100644 index 0000000000..12677eb99f --- /dev/null +++ b/spring-security-modules/spring-security-x509/store/rootCA.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFDzCCAvegAwIBAgIUHBIbl/8i0uLnPD8BuNHninzcqEMwDQYJKoZIhvcNAQEL +BQAwFzEVMBMGA1UEAwwMQmFlbGR1bmcuY29tMB4XDTIwMDQxOTE2MTYyOFoXDTMw +MDQxNzE2MTYyOFowFzEVMBMGA1UEAwwMQmFlbGR1bmcuY29tMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAx5UzDt8Q+p8fAERc8mb8vPJTMi1oTe3YsMjj +QsMpRJBjVyQ2BLe0AzevQjDthCD56sv+u6EoBibIDQ3rtXUpTi20XQU6aaU6tsmG +QBp/PapXU0qoRzoyTPjSpkjp8/VngH52adeQ0YFSQQfxzcFsEpIlceKC8bSqplQg +mM9GoRLzEHu8JoLtHHQvZhTZabB/t0SUNy6O848OmoEjW2PCyMG/XczP0BlSFDT/ +3FIJlTnKe+MfhXxbYuydQQbStoDuRqkHxprjRaCT/PXeEuW68FahyiTgeKL5Ite9 +NI0k37mRsO/gMPIMgJDU0Soz0zcaRZdQDrxTZBk43i2O/LSwPtcpxvOy5JCLJSP7 +Ff6yx6BkkIAxLrWZGIQ0DiL4L+XocjEy3WMhzQ/ka6M1Zi0JxCRBOPpV2yO1GE7U +NUVvHaHijiJlXGZ/YGzplkLGaPIPGLHRsJFf9+IDepyJ9+E2mKD1rXAYXrcGW/Hk +Is1A2Je0iH4IjYTrieMSuHG4Jb0fytMAPoFOXnLS18xv7CPX0m9M2OIL9/kFfI+f +4M7/mEOUwQw+Jt9EAz9QsjUdZ0ybT0gtq9GaIHBo844YbyEKe7Hzp5Msk4/+3qJz +FHyC8ay73jkLDv1jOKr9D/wd/TOfSrytktcP+y96+gUdp1RxMxv9hfFSAZ0lXd2E +X18X6RECAwEAAaNTMFEwHQYDVR0OBBYEFPIRVQmLHgzCWfvENpeURm3jt2K4MB8G +A1UdIwQYMBaAFPIRVQmLHgzCWfvENpeURm3jt2K4MA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggIBAGa6bvEvira9FJ559bRvnqNsdaybj++Q9ItRyejs +BvLupLhhCnFWC1rX3WufpyGxgQCu4Lng+ZXtJxSo4dJL4wXDf5U+/EgL0nNQXhQh +kcqm2k1GBgAPnKEt+9nF3326EchI7Vx7JV4AO89ifdfc3Z7q9MOWE4siro6JtK7l +WWfv7LwT9QdDW/Ww7wUAOKdJYlUBzqMYHwEBnIhNMyuFejDzc2GmkZiIjFq5bKoN +FpsjHCkPH4DdDhQKdwa1JRvML7r8IkVqL3NoSp2vkB07MkRiHtQL5R2/wI/WhiK2 +19YPeEP2fQc5NduFAqyz8VaxwskwtjCjUxJHKpEzUTa1n53X+0jx6yw7bmDnE4SW +JEq9563apphJWeFTGCSuTvc98TcZvxWDW8FeLoaWdBF+Tohddje10BW2IUvrSJHI +jh0LpWIJ6QTY+amwLF2USSgnBZwPZT34PS81FYmA1bn/Sa6uWc/dPZg9lvwKU6ta +Z9K4loc8OF+FXQHruV+3tqzXybR9dZG3fvW4RPR9BgxApzSw8lYKAfR5Lth7ihVi +/zlxZjvbXy0D+4xPg5OGwn3g/3n4XLhAMT87KvHc9VjbHt6uwmLgny+6Dw9JXuTC +R004LuQe3wfUye4x9WmQD5Zlg1dENvezCG8l9z5LRUDF+Rh0qXPMpUCaCuT3TvEN +clOH +-----END CERTIFICATE----- diff --git a/spring-security-modules/spring-security-x509/store/truststore.jks b/spring-security-modules/spring-security-x509/store/truststore.jks new file mode 100644 index 0000000000..56654d8894 Binary files /dev/null and b/spring-security-modules/spring-security-x509/store/truststore.jks differ