diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc
index f5a485d1accc..f31785720ce8 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc
@@ -16,4 +16,50 @@ We test in two ways how the SOAP service endpoints are deployed: the Camel way a
* The service method then forwards to a Camel route defined in `WsSecurityPolicyServerRoutesCxfWay`
* See also `WssSecurityPolicyHelloServiceCxfWayImpl`
* This way may come in handy in situations when the Camel way does not work properly,
- such as https://github.com/apache/camel-quarkus/issues/4291
\ No newline at end of file
+ such as https://github.com/apache/camel-quarkus/issues/4291
+
+= FIPS
+
+Please use profile `fips` if running the tests in the FIPS-enabled environment. The tests have to leverage BouncyCastle-fips dependency instead of standard BouncyCastle.
+
+= Generating keystores
+
+=== Generate keys
+
+```
+openssl genrsa -out alice.key 2048
+openssl genrsa -out bob.key 2048
+```
+
+=== Certificate authority
+
+When prompted for certificate information, confirm default values.
+```
+openssl genrsa -out cxfca.key 2048
+openssl req -x509 -new -key cxfca.key -nodes -out cxfca.pem -config cxfca-openssl.cnf -days 3650 -extensions v3_req
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' -x509 -key cxfca.key -out cxfca.crt
+```
+
+=== Generate certificates
+```
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' -x509 -key cxfca.key -out cxfca.crt
+
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=alice' -key alice.key -out alice.csr
+openssl x509 -req -in alice.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out alice.crt
+
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=bob' -key bob.key -out bob.csr
+openssl x509 -req -in bob.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out bob.crt
+```
+
+=== Export keystores
+
+When prompted for password, type `password`.
+When prompted whether to trust the certificate, type `yes`.
+
+```
+openssl pkcs12 -export -in alice.crt -inkey alice.key -certfile cxfca.crt -name "alice" -out alice.p12 -passout pass:password -keypbe aes-256-cbc -certpbe aes-256-cbc
+openssl pkcs12 -export -in bob.crt -inkey bob.key -certfile cxfca.crt -name "bob" -out bob.p12 -passout pass:password -keypbe aes-256-cbc -certpbe aes-256-cbc
+
+keytool -import -trustcacerts -alias bob -file bob.crt -keystore alice.p12
+keytool -import -trustcacerts -alias alice -file alice.crt -keystore bob.p12
+```
\ No newline at end of file
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/cxfca-openssl.cnf b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/cxfca-openssl.cnf
new file mode 100644
index 000000000000..e30286ea7e51
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/cxfca-openssl.cnf
@@ -0,0 +1,16 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+
+[req_distinguished_name]
+organizationName = Organization Name (eg, company)
+organizationName_default = apache.org
+organizationalUnitName = Organization Unit (eg, company)
+organizationalUnitName_default = eng (NOT FOR PRODUCTION)
+commonName = Common Name (eg, YOUR name)
+commonName_default = cxfca
+
+[v3_req]
+basicConstraints = CA:true
+keyUsage = critical, keyCertSign
+
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml
index 546df014f801..64919fc34121 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml
@@ -118,206 +118,6 @@
password
-
- generate-cxfca-keypair
- generate-sources
-
- clean
- generateKeyPair
-
-
- cxfca
- CN=cxfca, OU=eng, O=apache.org
-
- bc:c=ca:true,pathlen:2147483647
- IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE
-
- ${project.build.outputDirectory}/cxfca.jks
-
-
-
- export-cxfca-certificate
- generate-sources
-
- exportCertificate
-
-
- cxfca
- ${project.build.outputDirectory}/cxfca.jks
- true
- ${project.build.outputDirectory}/cxfca.pem
-
-
-
- generate-alice-keypair
- generate-sources
-
- clean
- generateKeyPair
-
-
- alice
- CN=alice, OU=eng, O=apache.org
-
- IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE
- SubjectAlternativeName=DNS:localhost,IP:127.0.0.1
-
- ${project.build.outputDirectory}/alice.jks
-
-
-
- generate-bob-keypair
- generate-sources
-
- clean
- generateKeyPair
-
-
- bob
- CN=bob, OU=eng, O=apache.org
-
- IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE
- SubjectAlternativeName=DNS:localhost,IP:127.0.0.1
-
- ${project.build.outputDirectory}/bob.jks
-
-
-
- generate-alice-certificate-request
- generate-sources
-
- generateCertificateRequest
-
-
- alice
- ${project.build.outputDirectory}/alice.jks
- ${project.build.outputDirectory}/alice.csr
-
-
-
- generate-alice-certificate
- generate-sources
-
- generateCertificate
-
-
- cxfca
- ${project.build.outputDirectory}/cxfca.jks
- true
- ${project.build.outputDirectory}/alice.csr
- ${project.build.outputDirectory}/alice.pem
-
-
-
- generate-bob-certificate-request
- generate-sources
-
- generateCertificateRequest
-
-
- bob
- ${project.build.outputDirectory}/bob.jks
- ${project.build.outputDirectory}/bob.csr
-
-
-
- generate-bob-certificate
- generate-sources
-
- generateCertificate
-
-
- cxfca
- ${project.build.outputDirectory}/cxfca.jks
- true
- ${project.build.outputDirectory}/bob.csr
- ${project.build.outputDirectory}/bob.pem
-
-
-
- import-cxfca-certificate-to-alice
- generate-sources
-
- importCertificate
-
-
- cxfca
- true
- true
- ${project.build.outputDirectory}/alice.jks
- ${project.build.outputDirectory}/cxfca.pem
-
-
-
- import-cxfca-certificate-to-bob
- generate-sources
-
- importCertificate
-
-
- cxfca
- true
- true
- ${project.build.outputDirectory}/bob.jks
- ${project.build.outputDirectory}/cxfca.pem
-
-
-
- import-alice-certificate
- generate-sources
-
- importCertificate
-
-
- alice
- true
- true
- ${project.build.outputDirectory}/alice.jks
- ${project.build.outputDirectory}/alice.pem
-
-
-
- import-bob-certificate
- generate-sources
-
- importCertificate
-
-
- bob
- true
- true
- ${project.build.outputDirectory}/bob.jks
- ${project.build.outputDirectory}/bob.pem
-
-
-
- import-bob-certificate-to-alice
- generate-sources
-
- importCertificate
-
-
- bob
- true
- true
- ${project.build.outputDirectory}/alice.jks
- ${project.build.outputDirectory}/bob.pem
-
-
-
- import-alice-certificate-to-bob
- generate-sources
-
- importCertificate
-
-
- alice
- true
- true
- ${project.build.outputDirectory}/bob.jks
- ${project.build.outputDirectory}/alice.pem
-
-
@@ -383,6 +183,39 @@
true
+
+ fips
+
+
+ fips
+
+
+
+ quarkus.security.security-providers=BCFIPS
+
+
+
+ io.quarkiverse.cxf
+ quarkus-cxf-rt-ws-security
+
+
+
+ *
+ org.bouncycastle
+
+
+
+
+ org.bouncycastle
+ bc-fips
+
+
+
+ io.quarkus
+ quarkus-security
+
+
+
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.p12 b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.p12
new file mode 100644
index 000000000000..d89c588542f0
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.p12 differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.properties
index b562e89eec21..d091ff496354 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.properties
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.properties
@@ -15,7 +15,7 @@
## limitations under the License.
## ---------------------------------------------------------------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=alice
-org.apache.ws.security.crypto.merlin.file=alice.jks
+org.apache.ws.security.crypto.merlin.file=alice.p12
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/application.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/application.properties
index b562d1923498..1951074594fe 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/application.properties
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/application.properties
@@ -19,4 +19,7 @@ quarkus.cxf.path=/soapservice
quarkus.cxf.endpoint."/security-policy-hello-cxf-way".implementor=org.apache.camel.quarkus.component.cxf.soap.securitypolicy.server.cxf.way.it.WssSecurityPolicyHelloServiceCxfWayImpl
-quarkus.native.resources.includes=bob.properties,alice.properties,alice.jks,bob.jks,encrypt-sign-policy.xml
+quarkus.native.resources.includes=bob.properties,alice.properties,alice.p12,bob.p12,encrypt-sign-policy.xml
+
+#If profile 'fips' is active, this property is used to select a security-provider.
+quarkus.security.security-providers=BCFIPS
\ No newline at end of file
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.p12 b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.p12
new file mode 100644
index 000000000000..7710aa9296ff
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.p12 differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.properties
index 4b4e1bd8a567..6f56138d7ebc 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.properties
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.properties
@@ -15,7 +15,7 @@
## limitations under the License.
## ---------------------------------------------------------------------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=bob
-org.apache.ws.security.crypto.merlin.file=bob.jks
\ No newline at end of file
+org.apache.ws.security.crypto.merlin.file=bob.p12
\ No newline at end of file
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/README.adoc b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/README.adoc
new file mode 100644
index 000000000000..75b4327351f9
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/README.adoc
@@ -0,0 +1,65 @@
+= WS-Trust tests
+
+== FIPS
+
+Please use profile `fips` if running the tests in the FIPS-enabled environment. The tests have to leverage BouncyCastle-fips dependency instead of standard BouncyCastle.
+
+== Generating keystores
+
+=== Generate keys
+
+```
+openssl genrsa -out myservice.key 2048
+openssl genrsa -out mysts.key 2048
+openssl genrsa -out myclient.key 2048
+openssl genrsa -out actasclient.key 2048
+```
+
+=== Certificate authority
+
+When prompted for certificate information, confirm default values.
+
+```
+openssl genrsa -out cxfca.key 2048
+openssl req -x509 -new -key cxfca.key -nodes -out cxfca.pem -config cxfca-openssl.cnf -days 3650 -extensions v3_req
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' -x509 -key cxfca.key -out cxfca.crt
+```
+
+=== Generate certificates
+
+```
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=myservice' -key myservice.key -out myservice.csr
+openssl x509 -req -in myservice.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out myservice.crt
+
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=mysts' -key mysts.key -out mysts.csr
+openssl x509 -req -in mysts.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out mysts.crt
+
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=myclient' -key myclient.key -out myclient.csr
+openssl x509 -req -in myclient.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out myclient.crt
+
+openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=actasclient' -key actasclient.key -out actasclient.csr
+openssl x509 -req -in actasclient.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out actasclient.crt
+```
+
+=== Export keystores and import certificates
+
+When prompted for the password, use the appropriate password.
+When prompted whether to trust the certificate, type `yes`.
+
+```
+# servicestore (password: sspass)
+openssl pkcs12 -export -in myservice.crt -inkey myservice.key -certfile cxfca.crt -name "myservicekey" -out servicestore.p12 -passout pass:sspass -keypbe aes-256-cbc -certpbe aes-256-cbc
+keytool -import -trustcacerts -alias mystskey -file mysts.crt -keystore servicestore.p12
+
+# stsstore (password: stsspass)
+openssl pkcs12 -export -in mysts.crt -inkey mysts.key -certfile cxfca.crt -name "mystskey" -out stsstore.p12 -passout pass:stsspass -keypbe aes-256-cbc -certpbe aes-256-cbc
+keytool -import -trustcacerts -alias myservicekey -file myservice.crt -keystore stsstore.p12
+keytool -import -trustcacerts -alias myclientkey -file myclient.crt -keystore stsstore.p12
+keytool -import -trustcacerts -alias myactaskey -file actasclient.crt -keystore stsstore.p12
+
+# clientstore (password: cspass)
+openssl pkcs12 -export -in myclient.crt -inkey myclient.key -certfile cxfca.crt -name "myclientkey" -out clientstore.p12 -passout pass:cspass -keypbe aes-256-cbc -certpbe aes-256-cbc
+keytool -import -trustcacerts -alias myservicekey -file myservice.crt -keystore clientstore.p12
+keytool -import -trustcacerts -alias mystskey -file mysts.crt -keystore clientstore.p12
+keytool -import -trustcacerts -alias actaskey -file actasclient.crt -keystore clientstore.p12
+```
\ No newline at end of file
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/cxfca-openssl.cnf b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/cxfca-openssl.cnf
new file mode 100644
index 000000000000..e30286ea7e51
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/cxfca-openssl.cnf
@@ -0,0 +1,16 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+
+[req_distinguished_name]
+organizationName = Organization Name (eg, company)
+organizationName_default = apache.org
+organizationalUnitName = Organization Unit (eg, company)
+organizationalUnitName_default = eng (NOT FOR PRODUCTION)
+commonName = Common Name (eg, YOUR name)
+commonName_default = cxfca
+
+[v3_req]
+basicConstraints = CA:true
+keyUsage = critical, keyCertSign
+
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml
index 0f09f1922938..9c480d97725b 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml
@@ -147,6 +147,39 @@
true
+
+ fips
+
+
+ fips
+
+
+
+ quarkus.security.security-providers=BCFIPS
+
+
+
+ io.quarkiverse.cxf
+ quarkus-cxf-services-sts
+
+
+
+ *
+ org.bouncycastle
+
+
+
+
+ org.bouncycastle
+ bc-fips
+
+
+
+ io.quarkus
+ quarkus-security
+
+
+
\ No newline at end of file
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
index 9579a3e249bb..d8441410688c 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
@@ -25,6 +25,6 @@
public class ServerCallbackHandler extends PasswordCallbackHandler {
public ServerCallbackHandler() {
- super(Map.of("myservicekey", "skpass"));
+ super(Map.of("myservicekey", "sspass"));
}
}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
index 68e4b2e874ad..38a746a5d7f5 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
@@ -26,7 +26,7 @@ public class StsCallbackHandler extends PasswordCallbackHandler {
public StsCallbackHandler() {
super(Map.of(
- "mystskey", "stskpass",
+ "mystskey", "stsspass",
"alice", "clarinet"));
}
}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties
index 98c1825180fc..6b9ac77ca85e 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties
@@ -22,3 +22,6 @@ quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-sts".features=org.apache.
quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-cxf-way".implementor=org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.cxf.way.TrustHelloServiceCxfWayImpl
quarkus.native.resources.includes=*.properties,*.jks,*.wsdl,*.xml,*.xsd
+
+#If profile 'fips' is active, this property is used to select a security-provider.
+quarkus.security.security-providers=BCFIPS
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
index 58141f467966..74aea2be73c9 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
@@ -33,8 +33,7 @@
# under the License.
#
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=sspass
org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
-org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks
-
+org.apache.ws.security.crypto.merlin.keystore.file=servicestore.p12
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks
deleted file mode 100644
index 999ee824c324..000000000000
Binary files a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks and /dev/null differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.p12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.p12
new file mode 100644
index 000000000000..7c00fab49d9e
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.p12 differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
index c67a29ed4c32..d2efec0c9f55 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
@@ -33,7 +33,7 @@
# under the License.
#
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=stsspass
-org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.p12
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks
deleted file mode 100644
index 4ba33e40ef53..000000000000
Binary files a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks and /dev/null differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.p12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.p12
new file mode 100644
index 000000000000..fe75a2e0825d
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.p12 differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
index 6ede4fa0e25d..c29214631d9a 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
@@ -32,7 +32,7 @@ public void handle(Callback[] callbacks) throws IOException,
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if ("myclientkey".equals(pc.getIdentifier())) {
- pc.setPassword("ckpass");
+ pc.setPassword("cspass");
break;
} else if ("alice".equals(pc.getIdentifier())) {
pc.setPassword("clarinet");
@@ -41,7 +41,7 @@ public void handle(Callback[] callbacks) throws IOException,
pc.setPassword("trombone");
break;
} else if ("myservicekey".equals(pc.getIdentifier())) { // rls test added for bearer test
- pc.setPassword("skpass");
+ pc.setPassword("sspass");
break;
}
}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
index f8643360406b..2456df201f24 100644
--- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
@@ -33,8 +33,8 @@
# under the License.
#
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
-org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=cspass
org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
-org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks
+org.apache.ws.security.crypto.merlin.keystore.file=clientstore.p12
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks
deleted file mode 100644
index 5c48cb437d9c..000000000000
Binary files a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks and /dev/null differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.p12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.p12
new file mode 100644
index 000000000000..d582410978e7
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.p12 differ