From 343ea9ad25303d5a1e3c7a8ba426f7c3941a30fd Mon Sep 17 00:00:00 2001 From: JiriOndrusek Date: Thu, 2 Nov 2023 15:57:09 +0100 Subject: [PATCH] Cxf-soap tests fail in FIPS environment --- .../cxf-soap-ws-security-server/README.adoc | 48 +++- .../cxfca-openssl.cnf | 16 ++ .../cxf-soap-ws-security-server/pom.xml | 233 +++--------------- .../src/main/resources/alice.p12 | Bin 0 -> 4537 bytes .../src/main/resources/alice.properties | 4 +- .../src/main/resources/application.properties | 5 +- .../src/main/resources/bob.p12 | Bin 0 -> 4533 bytes .../src/main/resources/bob.properties | 4 +- .../cxf-soap/cxf-soap-ws-trust/README.adoc | 65 +++++ .../cxf-soap-ws-trust/cxfca-openssl.cnf | 16 ++ .../cxf-soap/cxf-soap-ws-trust/pom.xml | 33 +++ .../trust/server/ServerCallbackHandler.java | 2 +- .../it/ws/trust/sts/StsCallbackHandler.java | 2 +- .../src/main/resources/application.properties | 3 + .../main/resources/serviceKeystore.properties | 5 +- .../src/main/resources/servicestore.jks | Bin 3475 -> 0 bytes .../src/main/resources/servicestore.p12 | Bin 0 -> 3543 bytes .../src/main/resources/stsKeystore.properties | 4 +- .../src/main/resources/stsstore.jks | Bin 5570 -> 0 bytes .../src/main/resources/stsstore.p12 | Bin 0 -> 5327 bytes .../it/ws/trust/ClientCallbackHandler.java | 4 +- .../test/resources/clientKeystore.properties | 4 +- .../src/test/resources/clientstore.jks | Bin 5571 -> 0 bytes .../src/test/resources/clientstore.p12 | Bin 0 -> 5349 bytes 24 files changed, 231 insertions(+), 217 deletions(-) create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-security-server/cxfca-openssl.cnf create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.p12 create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/bob.p12 create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/README.adoc create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/cxfca-openssl.cnf delete mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.p12 delete mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.p12 delete mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks create mode 100644 integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.p12 diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc index f5a485d1accc..f31785720ce8 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/README.adoc @@ -16,4 +16,50 @@ We test in two ways how the SOAP service endpoints are deployed: the Camel way a * The service method then forwards to a Camel route defined in `WsSecurityPolicyServerRoutesCxfWay` * See also `WssSecurityPolicyHelloServiceCxfWayImpl` * This way may come in handy in situations when the Camel way does not work properly, - such as https://github.com/apache/camel-quarkus/issues/4291 \ No newline at end of file + such as https://github.com/apache/camel-quarkus/issues/4291 + += FIPS + +Please use profile `fips` if running the tests in the FIPS-enabled environment. The tests have to leverage BouncyCastle-fips dependency instead of standard BouncyCastle. + += Generating keystores + +=== Generate keys + +``` +openssl genrsa -out alice.key 2048 +openssl genrsa -out bob.key 2048 +``` + +=== Certificate authority + +When prompted for certificate information, confirm default values. +``` +openssl genrsa -out cxfca.key 2048 +openssl req -x509 -new -key cxfca.key -nodes -out cxfca.pem -config cxfca-openssl.cnf -days 3650 -extensions v3_req +openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' -x509 -key cxfca.key -out cxfca.crt +``` + +=== Generate certificates +``` +openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' -x509 -key cxfca.key -out cxfca.crt + +openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=alice' -key alice.key -out alice.csr +openssl x509 -req -in alice.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out alice.crt + +openssl req -new -subj '/O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=bob' -key bob.key -out bob.csr +openssl x509 -req -in bob.csr -CA cxfca.pem -CAkey cxfca.key -CAcreateserial -out bob.crt +``` + +=== Export keystores + +When prompted for password, type `password`. +When prompted whether to trust the certificate, type `yes`. + +``` +openssl pkcs12 -export -in alice.crt -inkey alice.key -certfile cxfca.crt -name "alice" -out alice.p12 -passout pass:password -keypbe aes-256-cbc -certpbe aes-256-cbc +openssl pkcs12 -export -in bob.crt -inkey bob.key -certfile cxfca.crt -name "bob" -out bob.p12 -passout pass:password -keypbe aes-256-cbc -certpbe aes-256-cbc + +keytool -import -trustcacerts -alias bob -file bob.crt -keystore alice.p12 +keytool -import -trustcacerts -alias alice -file alice.crt -keystore bob.p12 +``` \ No newline at end of file diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/cxfca-openssl.cnf b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/cxfca-openssl.cnf new file mode 100644 index 000000000000..e30286ea7e51 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/cxfca-openssl.cnf @@ -0,0 +1,16 @@ +[req] +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[req_distinguished_name] +organizationName = Organization Name (eg, company) +organizationName_default = apache.org +organizationalUnitName = Organization Unit (eg, company) +organizationalUnitName_default = eng (NOT FOR PRODUCTION) +commonName = Common Name (eg, YOUR name) +commonName_default = cxfca + +[v3_req] +basicConstraints = CA:true +keyUsage = critical, keyCertSign + diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml index 546df014f801..64919fc34121 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/pom.xml @@ -118,206 +118,6 @@ password - - generate-cxfca-keypair - generate-sources - - clean - generateKeyPair - - - cxfca - CN=cxfca, OU=eng, O=apache.org - - bc:c=ca:true,pathlen:2147483647 - IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE - - ${project.build.outputDirectory}/cxfca.jks - - - - export-cxfca-certificate - generate-sources - - exportCertificate - - - cxfca - ${project.build.outputDirectory}/cxfca.jks - true - ${project.build.outputDirectory}/cxfca.pem - - - - generate-alice-keypair - generate-sources - - clean - generateKeyPair - - - alice - CN=alice, OU=eng, O=apache.org - - IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE - SubjectAlternativeName=DNS:localhost,IP:127.0.0.1 - - ${project.build.outputDirectory}/alice.jks - - - - generate-bob-keypair - generate-sources - - clean - generateKeyPair - - - bob - CN=bob, OU=eng, O=apache.org - - IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE - SubjectAlternativeName=DNS:localhost,IP:127.0.0.1 - - ${project.build.outputDirectory}/bob.jks - - - - generate-alice-certificate-request - generate-sources - - generateCertificateRequest - - - alice - ${project.build.outputDirectory}/alice.jks - ${project.build.outputDirectory}/alice.csr - - - - generate-alice-certificate - generate-sources - - generateCertificate - - - cxfca - ${project.build.outputDirectory}/cxfca.jks - true - ${project.build.outputDirectory}/alice.csr - ${project.build.outputDirectory}/alice.pem - - - - generate-bob-certificate-request - generate-sources - - generateCertificateRequest - - - bob - ${project.build.outputDirectory}/bob.jks - ${project.build.outputDirectory}/bob.csr - - - - generate-bob-certificate - generate-sources - - generateCertificate - - - cxfca - ${project.build.outputDirectory}/cxfca.jks - true - ${project.build.outputDirectory}/bob.csr - ${project.build.outputDirectory}/bob.pem - - - - import-cxfca-certificate-to-alice - generate-sources - - importCertificate - - - cxfca - true - true - ${project.build.outputDirectory}/alice.jks - ${project.build.outputDirectory}/cxfca.pem - - - - import-cxfca-certificate-to-bob - generate-sources - - importCertificate - - - cxfca - true - true - ${project.build.outputDirectory}/bob.jks - ${project.build.outputDirectory}/cxfca.pem - - - - import-alice-certificate - generate-sources - - importCertificate - - - alice - true - true - ${project.build.outputDirectory}/alice.jks - ${project.build.outputDirectory}/alice.pem - - - - import-bob-certificate - generate-sources - - importCertificate - - - bob - true - true - ${project.build.outputDirectory}/bob.jks - ${project.build.outputDirectory}/bob.pem - - - - import-bob-certificate-to-alice - generate-sources - - importCertificate - - - bob - true - true - ${project.build.outputDirectory}/alice.jks - ${project.build.outputDirectory}/bob.pem - - - - import-alice-certificate-to-bob - generate-sources - - importCertificate - - - alice - true - true - ${project.build.outputDirectory}/bob.jks - ${project.build.outputDirectory}/alice.pem - - @@ -383,6 +183,39 @@ true + + fips + + + fips + + + + quarkus.security.security-providers=BCFIPS + + + + io.quarkiverse.cxf + quarkus-cxf-rt-ws-security + + + + * + org.bouncycastle + + + + + org.bouncycastle + bc-fips + + + + io.quarkus + quarkus-security + + + diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.p12 b/integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/resources/alice.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d89c588542f0a5e1c154002c46aa1a2968ca561c GIT binary patch literal 4537 zcmaJ^Ra6uVwlzP-}a(rU^LIkxP06}g2 zmo|qYfCc|Y0wMtjV8UNI=5Iw1k^ZlX42(}uhyaTGB?X~o|2Tl;P)#WBzmN>d0s!Tl zDeQu&s^A0!AUr4;5$Jzb5Rd@zpsYkBc2Vm1F9-qnd;qH0C#TI<1DCd72Xm*5AM!c? z1YmLs&d2qVtM2AfdAKW8XwpKi(P=(RXqqczZ1r8evpDlk*Z9gUM74sk4ShfVB}Oxm zs?yLatNfv7FRtNn9TNnCFg!xvpcbm6n2Bld1fW7qbRxDtS7VUg`^RLxO+}OmYA*4Q zcrx@%sj^?}{<*cfGi3gg8-EYZJ-tzGQpdgTSES*MG3^F?b&v#43MKK6Ai8R^N;7&s z;iAOk3gk&eC7KB(>V(6GfxBg0@f!(Bx=8XI#4UixU9fcglyL&TzjOT;P5NF9vlvF@ zLsZd18Ry;xeW#PF&oi$XBqfaD-utWK^+C+6a0H_R8Cot=p<;qQC|=@tUT$N4C0O|7 zLf2ttd}T$-E?7c;#R@y}!is@W(0xK+BU&ZUC-ZB|Y-CeFmLmW3Id74l)J*49N?v$@ z>O*o@7LBJSszbwBrTa9DR`EN(h^H)1l7L5=0ps#4zet0V`pHXMxZio42Riq86mIPq zcXKeysz_R%?9op{K}a%J3I+A~ zUWqy)1pUgE0Wz^1qhCgT@RA%&Rhs5&JF32{Nx`omP%S`i&&{OGzIlHgSS*GorIEUjpVGkXz-y1hsPEDMX z&Pt{%!T?%3KD%9w9@(*;l#>L)%ei1!q3AL);G@4=eA1KmAlo$Bn}Mq=Q)9h;yJjVzw1MnP znA$CbQ>NpS`*DWaf^l%({3Al%z3Q##v6u`j(imP*5oUI<$t0?XsG;sTirmJi>_(~G zIK|tT8Qn#PNhDTiq!QrF6x&Cw4s>*5qfLn-ak@2>i!9LX-*Vr)@|O}b$i@G-cwXm} z9+CP?5XE_aZ_odo_U^UA?mVNn?MZ=@7v$hT+qOrdd-~#7c=_@Aw|!1LMrwt6av#%$ z(~W5Pko%ENXMS@#^CoLM_y!9ZceR!YAK$wa`=t??5-7+#?CA>_$`fU^V~?xr?QweT zao!&~2p0sW6dABk@?4F|tG5W!}kt zMFExlU709VHWh{a*z18d%!El^3cmn_x3+zEInFp{W-w3?fmGEoWEY`CFC8DYf)k>+ z50wu?n+=ZOF)k-YLLwI!?Diw}$G_?=QboWN!iO-Cs@%S{2#F!?9vl5n9JlgLf7HYB zQ#NRv+1N3{W`fLq49wrjvYzn6N)_*o5ga7D+s^`#*$QUR=Wki!v*>kV@tVEiLf&N7bleM{AoLO-CQbx=^RJY$QEbB2f_l<}W@B!P&Kv4Qbm zcHDIx#&J)eSRkwBGdH}Z{fHC0NLjz~9ziI*|%drLIoH`l{QZEx3BoHUJd zAxhx5&&pjS30AygU> z-c9Qgv@;5hYrbefiS4$-1jokXK9@SE9bZ`E9{M`6EoBMq5V95aZ!&E|0`|2Fg4*uG z#(K4rF~MKw2KE3-O)_S_H3O-6l}b9%e&=GW%!Z|&>w0DSD_>tqYpPJbN+5GWylKq{ zjjw3@am(e5VlpLp+#7bWFVIBEa-Uc)tEhqQ-7x80yGKr^W3lvRXG7~mN*nA>hkQ-{ z&{AVt{Ap!16H&Tu1kOUc5WeRelCnC^RgSJQfjyL%0t#!(VaYf^p{3`2r9qPqNnI^~ zYjn;2_*l-Av**Vzg20dOvUy`;yUq9JW?1D2PKy>;mqa`$7xJj%P&clQuyWMQ>*U4k z1Q3&}WTCJsROo4;NBSTTa%DIL<-RO8`tj#ir1aMVi3q#MwZxGd}cU586s@<*ty=uLzi%iIC_C}>Gf9z3AOaG++Y-9YELG(Slk*i^R zjM66my$z_~IiW@9)&rZ_8wQ^=g~ZNj zdPsf~E(}R-Yevr`4XD~ZdzxtgOd8XpyH{;oX~FDT_~03sH!;q{wt59&cSZ|~uA#CV zF#!W{cw4Vt<4S9}{oA>V;k7S(9%~O~xjus1enI>O+uUfg>3jL?^w-?S?avz|jacOl z7$vEV`Rl4LWQ4l0r=#>75=(}aCwi;~hUHUfviyrszBprx(E1F@wFcj0V%>B->u~Z2 zB~=83(z$%B(VtLr$?RZkTE73SHSzc}0zM>v&9?2;GQUo^x_r#Xd;+t#wm^gNbCE%~ zSSZSP8=*hXn(n*cHprS$U^+o?swB+VN%Ag1&B=Er?zw@SmBS=MjFHX<^oP2)n=8HC zd~*qrQTdA(nI)_JsSQJK^-XUdS$;?rFC;l+JI}w78`cy(*1TWBT)LMUG^k4_Kvl#Q zS2gmLx38w!v`%vK_~$VPp}TK{TmKE@9wkpr{};KNiS7mhV#~*OZ1_^2srP98#I&|S z*(mkKP`pKk@R>O|p{-ioK2LRD+k^VLASR6=1Yjl4lI42&K|!GZJoIh3-yKiH!3QBwQVf{c=1U7Ps&7g!zP0MU zRP?bwl4-fH_si=oyZL_hr|x|XBd)h6;7hI411x~v$Bg2O$$wQsU+H?8bs*^+P##+s;&ZztN7&{+zC93_)=z3LBM1STBs zDsxS^U)vuPsjLqp?Q@Xfo6YsgJb|*%u5Kv@QtzD3d;y3`PXT_YNXO_s* zM)mk;%8#Z#8XzIb-*y5evKP=`?kqtg=xm zuuC@z^CuBj4tcZ_o!%qcY@jR>u{VRFuBw7E$hVPpPC3dAF`iD$idPQPg=!@5n-Z9ZNvUHp-iB;kAu8f6b#_W*oJXJ%^~jdW3C=VnR4#S3RH z#{)*f;o6lQzF5Za?U7TMyn5ZbXCG}$_KtI)D64!B(n{kSd|q6=-z|hJq|GgDMXTT| z+4~;9i8>*Qx)#d!PIJU&*S^N0gT2!f&Tg``=a(NAZlygV+c3bUErYQ#?hWu&xEMer zRWVUUeo(qCgS9<(>mQcp-i`Z z*0gDLZnEE+O5+9H7N7FHxd>v@|3qV8vnXIW+OY+YXvCsvwaSIPvw8xHwwJ(-jr*Ki zh3>Ya-`v}*E9^p)^GGQ;-$$}Scj(rvf0RRw()a9}KM{Jo*nt_F*|=ZD%A^Eo@Sqds zaX5$qn1pcP{De`7H~-vmaPw1Y)hrbu_6U8K%Vp$Ml3%6QI%~m;Ef>?8SMv}4k)=C| zDnX54Z6q7Ik8LD?5VbNW=wo%xw>Nje>}WDC%iQO-m(9`N0nnZgBh24wIE#E6+T?SN zblMc|I;%HD1%n5~Klit%(xeGH^s*^?C}9lGHkKSQEok;w*al`)M(V4^LnW&0dQQLH z(#vM$i^q!Cp7hO3k$OxXxw>1Qr_L0)(?Z``*7Ir|?wxK8jV(xY-Yl3;B3P{K~pEh8nWnkKSDw2e)D$Zx~}{^hGbZj{n^p*{rbV z%-@IR`(cLI%Te!2`{;UX(^C4mx&&$^Am1k6mJJprhhurQgfkyZ=3}1vgWqZhyna+d zDhm15o~u2o#AbU%;Wyly5@lH$|C)5Wh25_M`Q*B;hS$1^JFP?fj~36J)v2d};Haot zLZoXU2{qL)EZsavQS}d*b>Y+`F}o|bUgH9NL2Nh(=}6jjY7{1U@zXO%_7x9HjETp~ zXHE9!FsM9~9ZEt3{KfiE zBu>Hq8Q~-XkT|h_apd0$!zK7%7Z@KC>opQb@Gs=JL=L8lW4hEDC7tbnM71I_QfXNLY(Wvmx&qz6!PqvWAhzpj6Csvc?cO+P%yvTWqmLl}`k7-?MU#MG(_#FHrM^Aqj&qQiNGccug;e?m0i${91=S@4;` zfpeKBI;Xk5z@oHYS|n1$n;lQqPP=VCY(VFe#hpnYbe|_Y%K-uRYzW?06auv24jo99 zKDfZ+s1tF*Kb{eHg81?rWyyJD4+hVqiBKqQOnJ?4$JAD!zd+ni^z3?8&dX~ zN4}UMO9f8-?3*4wf9x$(Jj)MJh+z3eulL!;RihW?VZi@n*;VIhJ}icZbWO+2!`1J7 zUZFYclxNdzho->wQ^bzhOUkwFKmLgIqH-$n*lQWo*8DlA`%RSy2wnm!pp8kY$Id;BtT`WP- z98Zyt2*iSNf=KLoR1dB)d=mKZni^RyN4ub*w}G3U1=3@3oSKkaXvJz~YIFaghhBP*w-fC%t4XaM~SgD?icRqV;3@Ij;ggD%H{oj^iASiP1ND5C5DAfKxI2< zi+<0hp;KDiX`jycjQUl+VDyTE|Jnm3stHG%qQpJI#=ZoTH?1?S>$eK>J5bMM?agOK z`fu5<#VdZLx$Sx;Wxi$o@bWEJrp3XeSrV4-F>b3jAK6=93PH;Si79oZR_&#)=j@zZ zoOMDGI&RdHJ_*8?$th~@k0pfKJBxN)cYf+d;1A7jZ~T!b>&kIyPm;4iSWI!G>Hy6a zfU^uLGV+KKqJrVp`zeC%q4F4XYa&_Hl2WuM=V{AkPh-t*hUSi~_uANLT5B$}1Hw)2 z{c8Fr+Zf)?htVG+8yF8rb?QF?hrZn|DwzsDO?qW#mteO(IH&*nb5=y~aqfmt;o{0x zn!Sf*WLt|neUDm%wlSsT&A9$1qRQ*~VhuW9>mo_&b#X5`_2}}lbbH&)Id3e8NnEer zP)71OrGz*aUEVv%ULC@qcgbJ*;14TGaJw(Bi$N4Y9De4qiNs}3Rr44WB_e5>|9Gq- z4#Te#3R3+uwe=;?>K7l#XC3zmOP_9_^Aw6XU22L;ojFPlO!X7u?$M9gth;sd9}r|- zM3=lGE?;9|FC^n_xe3ZYU6zX9Oh!*s_XHt09<9tlT-s7Clb$i~mWo-E(m`&wrv%UC z7sp)|Ay4>x)yoqP{iKbUMvO~O1V=-IHO9!x!% zkdRQ0n#!JK)-Wq1lD2lgt?*uldc35$ZlF@JCMwisS|751S(A~}qj@Y~Fvf7|H{HyiKV;4JfjemVzCNt^^Tc3a5RF{ck>FVKV-|5$zCz zrPyI6%14~3e#~hCX$wOVFjB|5a1N_KO?vqyJ~ zWjZ?R8ELQmW)t>BP(<&XW5mYn3eDCZAp-9lee|rCbf|O1rJb3v@Che?(@-D{^mDXD zs9yTdjbrhQA+hM}LD*8`Y>di{TqHeSwTQfgrHE^B$!NVO95FjbR_k+S69M4$+b^gq z@I~hfEUUf>d~ACouO?@2o-G`!%IK&sH>Nv(6Oj%ovW;GlZS9?C+`Lpw(-Gd0i`8>S)AVQ2xA=rIqZ`wXclQq&t1`C;40?OCye^*GG~quB44l^Hg_~=@ zdlNXMeF=%xgaemwPtFW`$v$Ekthh09i$PWg(iiVc={&SY!&W^S{Bzfh_FtNmgi4Z_ z=Uq`%U>{?2TaLBSbhuqt+P6Hpw4Wnq?0q3lf|wnd=1wuSZI=bz*cqZW!fNGn38g4d zfI!202U4R4hdqqypYxCdgKEZ?uX8kJqbh_;zlAaPek0ZPO9GxRtbs*~&O5G?TEX@g^oK^yJ(*l#CjHR0!+G2O?o7=pn^wG>Ap(8X=Q&nz+;Cd z=0?qd>%Pye;G*hte*kIa!{=4RgV8hJqbP(8io?GDENrw#kKV$xL6M2otP#>!U!z@D zdYFqG43c?9wxwi!RW(x1hV#V((l61nHuNRs=f#n;3+s$*UKjKG`GGZWyK|BkU9wd7 z!(3e&-u=$mcep0Rsh7wLh=Dk(n`MCibv4LQKQCgHFyzlaInIOjtq&MdBbi~y zinK_^a+hwprRO?(S~mO<)z4RNby7RzHB&9~zz5sv#JD5gr*%KDNu-#N_7$@5E37c1D8vyWTJSp4` ztc>ao)NQapRko$4F>ro?Z)gQ$z+D-iVZ+FCGtCv3#hisPm}u-nkq}K0p@MAL?x$K? z5>LaMy7%Umu>e96wHZlW{mDMbTakBpldHY?@#XYR;v={bfW7NzrpqDK9EO^BZDi%K~9P7Pej9aIx}&p z4p4gvQ{>xXVlnxzZ9Ym>roU#bqF0uP;qMlL!wn6beJJ^a>ViHuEriMuNKX7<@0(~QdEWc{G}>Dj*nkG@INqfDWII~Sax-v%0^)=;3Z>b_;L(#RLrs+iU|2E z?b^GT{pM{*Ex?sUELG|V4~n68$0%brdWYtMlJB8EA$(@bwSsxZLxwN1xSAip0X1|d znqoi1&aKBlSNzyQJ#}7%S^kx=uTl&?h7c{h=m_1dSKw`os!hk9p=8D*Z5wv~;BO{# zu+*cp@w?`>c~f2C05SDx@}6DGUEW;vnvK#+3Po^|eBSi#dKaU*mC(Gy#roybJLc_p zLv-eF0UjI|Tki*G{5ukNWrw!^;9uL^a;k?3{H6m;08@RPw|Kp^023RFi*CCS~@hR zOC^08)x$}*cro#@qG5?0!-T|lAjE{d`lQ?%?deBE2Jd}Ejt^g$9v-vsWB2NBr}rN+ z;-ni<&GKw-7VIrEkc17aZIWK5OXrjN-9$O!FYm=(isE4PCUQ^lCyUhX;;&cuX5sPa z0w-?`Viu+V*pOop)+3+p1n;?zv#lqcPkFb)YWkAsv%YD;*{he{FLxD7+~TA&Af_wL z=;`r3lJ*Dd2`Ttu2hHVXM>+oP1QW!b1-&ov{e56(s3QyM4%7)>eHE%}503@A3~YjS;uy?v58;XW%@3)<=GxU2QV?z!~*hslBC>zIu|mHNz%8`*LD zj5J|VlvYG} z<>dw3HIr@gvpo`im1>DT(_^amhFnk|sCuYrP`mZxh>IM__L!nvPWEIloA^O#WDfJD z|7ERLr@f%Cv+6;6Dv;Q`4@2SHaaQ<$Kve)RKIn)&U_6jqOqB=aO?JEmo zyi*ob2Fe7*!^Pnt!p5S;!2m#paGgtOaB9aqtrue + + fips + + + fips + + + + quarkus.security.security-providers=BCFIPS + + + + io.quarkiverse.cxf + quarkus-cxf-services-sts + + + + * + org.bouncycastle + + + + + org.bouncycastle + bc-fips + + + + io.quarkus + quarkus-security + + + \ No newline at end of file diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java index 9579a3e249bb..d8441410688c 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java @@ -25,6 +25,6 @@ public class ServerCallbackHandler extends PasswordCallbackHandler { public ServerCallbackHandler() { - super(Map.of("myservicekey", "skpass")); + super(Map.of("myservicekey", "sspass")); } } diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java index 68e4b2e874ad..38a746a5d7f5 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java @@ -26,7 +26,7 @@ public class StsCallbackHandler extends PasswordCallbackHandler { public StsCallbackHandler() { super(Map.of( - "mystskey", "stskpass", + "mystskey", "stsspass", "alice", "clarinet")); } } diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties index 98c1825180fc..6b9ac77ca85e 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties @@ -22,3 +22,6 @@ quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-sts".features=org.apache. quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-cxf-way".implementor=org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.cxf.way.TrustHelloServiceCxfWayImpl quarkus.native.resources.includes=*.properties,*.jks,*.wsdl,*.xml,*.xsd + +#If profile 'fips' is active, this property is used to select a security-provider. +quarkus.security.security-providers=BCFIPS diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties index 58141f467966..74aea2be73c9 100644 --- a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties @@ -33,8 +33,7 @@ # under the License. # org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin -org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 org.apache.ws.security.crypto.merlin.keystore.password=sspass org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey -org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks - +org.apache.ws.security.crypto.merlin.keystore.file=servicestore.p12 diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks deleted file mode 100644 index 999ee824c3248c0b89da0336bdc451678795fbc2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3475 zcmds(XHe728pc!TArz^CN<#1cLugW@t3e=vBmx3bBT_;*fE4K<5m1n(QUyesf*eso z5kwFW=|!XpN19TU4i^sK1&`;9bLQT;b3fkuVQ1%kc4ueb-FKh;?SI+-0s?^`e>Em@ zfVYpg8z}$;0^>e>xY-7xw~$u?PJuwsEg%BA21GzcbD$6~1VZO_GHMTiGcZe2&r!GF zU@(jx1cVo(U;r}%lt{5oB;b_z{JI5Z0{A|ZtvlQIs$MUN{n30y7ulqE@X-q z2_*$c9BM3F2)sSn)18FC6YvN*IfMz8fH;FSL*UG?`b0ef25W-i1-K8V!noiV0z#kU zY47DjCVBXvxPc>wI+P3M=jSJXkb}G4prfl_<;DFPe!Tpr`h7g1=?Zhfr3l$yS})L+eHF_M z%JhTeOLL!tCWCUAm-rH2@T2$Hc~~a^7v$L646RrzwiLZR)vZ)3t^#5@?_j`}=Bw9S z=lCB;OxEd-mTEo7kzUjg$r8Cu;xvUy#Xv`>4QrV9VcE`2N8wR-n#XRAa#o*mVQit1 zWrAk}->8YrdCTny@$lrgJJ7}H7zT1k2wD!V(yO~o7#R1B@Lex!Fpl>%_(kywJmaW^ zYIkgR;Pd7**_R)sZ#v8tC)78=YTM7c;McU%iYqB*>akaLZ+(h<|7^sgDR91Pez6Ef z$Cwj1lW=#MrgouZ&=4wc=F&Q+Ze{hVA-Utg8^9pe179F{`MNlg{`7`1bSDTz4+bLW z_5d~p78wRG9atK|2|lPjx(K>C6epKbA-9>iRQqG}l_$A;kH$|p2}tI(XBl09Y4_u= z^&{yo!txor)V6w{@aksY4HFCRC7Pgp*&Uuncg%B&k)5C{TK#;2f3k{Wq}{hbUteWZ zmfP=URTQWCl+4Ky`p;5ZZ{ze&4O)Qqd2`RyK6bV6-jqzRco>nX(NBOUTANwVT->v` zH9S!;Um5N8wJIUH;<;$2;E3i_$7EAy8vUF~=z0P*mAEU2t+F|Xc;uTmn>`OrV%M=! z=j>U1Yjz|jp@b*{e8PNc?QrFN=NQ5Ga4W{F8KMh$n!TX1qlnXuc>VaHL;Gy6~IpSELb%RIX2u(#U(d7f85)+jVuVl%?{a) z4G=fc_WB%G?*p@lJP3-(8glfQzb>p*blc?4wN@h5v6=Alv!PN)5xC=)i+qHM4y^R} zMR&ej0nFFnM1Krq*fgp`-$ODM^}ynp;;hAO3aK?)s-V-2M%a#jg$leRnJe>NFEu?A zAgNM}7EUD24;KcOw-AFeojqU2OFqj7+ptB<%I*hMC~2-TG+R$5={QLzO-$V^+Gpr| zoyct4m=j7T>zz7a=$&Q5+3S)VD7L483{6InFixhCd!wnEPVc7bEPsoB3My9>&%-4s zb2JAz=$@RG&z(I)0bw1eD{XsxqouZG zLfWwJxDpvH;ubDI9>8Z1yza5J@KknheG;@_wTU+HDWoWD zuSd#==o62@zYJdU+92{O70{UZUS!!-*hJzx@~BUQkI7TRRZ1&E5F9H3xMm$MPeLnq zP4oz@_}&2KrRwfK4AW@xisNn6zQV<@Bl;(TZ|WE#8@l&%cT|mfyc_Dz>0QrZ|GY`T zC6wF;#7sD1)d4t>>D5T2qJ2T|=+NVON&4cGVZ@=d{iw>$hZya**m<0gm&iK99j_~o zF3N6jU2&WbJKF!KMXe4ZhWF{)a3(HoM+rzub1GpU$=a2LU=unU>_#k`5?>3eMZd!s zPAr{}{(vhZD6o4~%)lhI6Cp!4bQkL0o%XEFjwvuG4Pod%$|00o!SwUAHtT$h}&Lu!S6FoHMEKxE%2wN2Tru#LNRP!dJ@vNWp@vt*F*G`e8 z_;ZF>TXrRudc4B1gY%A|n{(%t;*f=|(Te@&dlpkz^oO}I)6dM84a+VEL&+-;qXpq# zJ9wL`-Uw4G*sN>EgPSBuy4Gui1e*s+l((L=Vs>qR6S=E2(3mT1MYc(B80~a; zIe&4mZSA8UJ6K+`9o-v@D4t-o78N&(NlJH;JYnOPT;6sTuW|EtdaLYY4}V$w*U`id zEk1Wfz0jr^RYivJcNf=@Uwe<$XBP@KOchJ`RHMU>Nqx7+KOu=u?!XVF4nT?X2P8=v za##QDQvt%8{v9Nlko*vq6fZXv$AP7Oha^VbtCug^yHikVfa;;b!iD;QNaiF51pW_8 zM&P_CzAjEAum6&n_yOKOn2G&6GySpHcWx2}5I=Jh*AMU4{?Q-K`I(>4Xa&We`00E2 z|B~i^LMtjx%*5zuytn!0NMEIb<>mlrg+|9(bE`GcYK1?YT{R;p{3D)8t4C@qJA0ZK zQ%(zl+j%aL5z{wvIItVc$qMkKySu)n4OP?1TTS!L{j!DK#fdvQ1%f#6V zk?r1|J03W(K|&VM!0*4#)rh?r_Ri(%xO7)JI4tB?R!r2>nEr5VLYbzj_*P{1H=nhJ zI^w@VE6>@8jmNnhJt`lPu-l6z%Y7z})_;2i-_eRtbgz8U>XB_180Ps<^lXIxC28}f zm0w{Wa_OzwLsu9xcMCZlI`8k9FuHj&&6K^3j~lHqcZpSL+uX^N)6!7RbIR`@COj}* zD`RKbmwgw!3@tojGP6n!DWan-f6(KGtgI}CxFBt1_fYK|yqWCgf}J$U;mi7q73Pr{ zPMBo<>u$KQtfi*}h36@CXQ%oANUudP(Wl#IKay>s=4oomu}-^(Yfj!G{=U^ZZ;@0U zfI+Or3B}JZ5fE^aqU-Mwg0V?i5gTNhWkL8GXW*C1sRf8Ntz^_kDi9=l$}2IM2Q3+;i{8bCGz)5fBiJ#4|pjg&_!rgabw(6iCK1hC}d- zp=UAr42%d&`CO<#JGg|up-C{Tg1d;JHa%ZA6()OPX8b+isQsQ6AfaHbH z*;RqC6wXx(5Qq+dWT2({pA#S$4FJhU3qunOfgWH85CLH+GMD*O7*i(XWc9aD@Ez0} zf`@#f&x4P82rcmZev^HdHbl$ls(*AvnM?jBCTCLc-K2NIHK$i*`NvR6oL*4=xx^jE zK7};aR}&V!xCf~5Wfs!1A8HmJht_>E-@FsuP+PYdp44npkjY9Ux9!OtBstL^4_Y;= zIP@M-#7zceoQ(PSDL|kGa=2&dI1(R})0m*oPSp*zzPAgE%kmT<`z)Sn;DC^@|M%)6l(BJfDKRWQe( ze7_ji+|_%tTYN+&d&4u8h9UTq)Ruzsl_M|TzY`1FSKE1t5AK}DJS#b3KKA5@wLN55 zg3_9t*r~-=lVWj+AfJhd-cG*zzY%pa#R=*Pt&p9opLA{y6g$0egp^*#I6XPBGars% zCG$9NZgtn08DvMKpkkk`WoXCQJPG4q!NhvI?w6)|Z4yFB^(NFPDMN&Ipa}PO{vM`& z(h|@*=AMam)L8Le^N=riVdqB9-eRC8(1QyojOm-YYhz9XO-<|Gwp8$EW}0$*VMhpR zk#1azdb@1{GjT%Nai>v}H+kjLXQ*KAsY2$|Z-E=UW|7m%^6_e?xyS%{r{AB}?6{uw zS(}c%n1d&Cx~+@$RgxI&#L|LgIBvFkdDba6zbMepVV>}L$edVjr)PQj5x09wy}+(w zF!L`NA3^ZFcSxLMC=lUESXgbh=e~~69rMgB1-4_g-SGWN!dS zPq)d%E7W0iQ#4P)BfeMGb)($kyF2>(_8KS`FM)S`g?&?lE-k|Z{LN2lX@>OiP7{v} zD_cm6(;+h!F5Txd6X#tjeguMFVGU&WjmOdB=Uf8~RPJ+f9Zkd#lIPLk#l}Oe^lNBu zOKRn@5m*!TT~P1iZPnSQ5J|ltmJdkfZ|Dm&k(&l{AElVWs*Qi{?(JN;Mj2Gh7dM;l z+&+BmCq61v4E!Mc_s3u);?25SArH8Y8knmxYvS#;3(WA)ntb=jPfs(n@Wu5QO#DFY zt6F19<#L8&T7f*1hzfSe<+uwoo^iRKwf=G?OF8K~bYsgp%pR9j(A66p7E0;7Vj;y{ zM|j#$^UO#55-pEI#PosE!VDfV7{JLb)Z>PE+A&F{xbCFdxpd)^7s$WeB4o`*WGx%E z(;1|$%s8yREa11H5ok?mf0S@3W^KwbKVP6THnFqFqJv~W?Yy9bZW+(VE0(X$e!Exy z7nG8pzDQb|Fcw9}ekBRXxL$nYSaXuw`Fy(cwzo{akOGj9X;SS1-%vkda`7)$nr*=L zl}mL7L1EqX=YK9V#(pWLsEuAt9T^f%wlZqKEv?ZxN3qd~?sNY#qw}GtLKBYCekn$T zd;Q98+_=ldz6Y9V*W)|=Qe7MR@YkY%jg!NXvtcPDAO7dPrrK_0s%OH55WDb^E*QbQutpZyBr6EP2?Q`F6+)*JP- z|FJ=7$#`hxnM45r0cWM?-w6=u`42fuX*;Cqzmx$f31O>5-yYK`{0c#+tJ38WR|0Nq z#TflJu|YtA|2MRqu3yYb5DHTA8CrMS(p=Pxz(bMTOFU&VjJ{FEr9ou)_=?9z| z>{V-4Dc?J66u54xBaoF;ivav^Jbo&^U=s?N?3K&GW2~&UPGl0xDz$Z{9%W>tPGqYt z=<-Q-R>^-(%9dhM>Gf#~ZL(~pCrSp0wwHD%ilURJezvX=RV-6xQB=&A1-E0?&GIId zU*{JxvRFX7vkG?>Zc$Lcbtm2sp85l7K8l136lCbktJzT0y>r=bX_@`LR|exD0?g#K>wQQgF)R2f)Tr8uoC3Q7fhvA2dp7c(|I?y875@A zI*7IuF;o^Fa-gfZFREx8;^e!V6A)^}W_+tE<&RI|sVIws(NDQfaFe97$6iLqnN3;Y$6)kfMce0q|HDn$d{>E2n^3dn+FiPwbUKE{$X%^{uc)r~`!n6Ek zT|?%b#LG);Cn7^s!8qq+eCM^G`oQzB`Yn*!NKED&dd7qQHA)Nil}I>9@m8HXx#P0p z5j7QJ&nF0xyS$P1x2`<(I4x$=Z6Z&ob3B7w!AW^OcF{tzz+r*RfjO9`$3 zZUtoS@vqWm5%F?t8m%Tb7xfY!+Z&Ht&W6Y7xiPeJlr`v>CkW*)D^GIGKVW|FJo*xt zK2&9&&er>qOD*T+u_ttdcD;n})c6VPEpp$s={OXKL*9A|vkzN8=c@~yEQ!mTx`>Mw zD+BfJZ_Gptliicp%1oTk8GA810NP=r_BR{SnMj=*9OS|KgJPTBRXsuim7dA(K|~U zt@BSn^=;k6@{T6`l-Fbt-fgi{zMlU45p%^*+-%L{ot`$_)KlcmTi4ZYw59vD#%gB2 z#g*u;PZN$gzBT+^Mb2-M>E7{&92Pi`?EV4Vvb?u1TnCDeB2( z%&+39R<-tWjVo(Z*aCg+SSrU)S2)i`s&rrUl$LxPWK@@2^ur%%$iQ}n@O5=~qrDKw_}gls5(}?Iv#{xOf0v-1Dv9?MVk@L* zUHxFJnA$l|g7nkJegqw*xp1r{0ZRF!^xc_hDxmK7vlQ$%@4b)B>d%*DYO4U2Jd({F z_=2%&P#<}tLE<>$dcrM$b3b8k4(FGayTeg zMlUlF&xHRi`rsRrx;7y`UeXOY;0e_B-(<4B=2|S z?+N_bm&s0%U6OS`t7lqX&@hXgGv|TSJ&mJ;^Qgo41tEzO6!%L`MuNX%X)TtveBFgZ zyJkh>ME|iuMQlM@@K}<;%EcS|-nrTw7&t?L0ey>#km-d%Ys<%U>V-uZ1(8qS@KHUQ ztk;z?r76c+s<4anTES3TxTFN};p5Ls@3Gv6Sk9sKaVUMIX^B~WJ3LKO9O%B}o!gKdx4q-Fk~ib2r}RRRV~<^ao6cH$ z=c_;4iU#X=G#T^D^4Eixr;`sjjlO+rDyuFz<&99fR5aMvuWHHswEy;^bZSYmH8Tr@ zL9KtLGTI1Gm+kpVbkCsYGuSg6?20pyQY$#7=J+05|@gROH>l<XM z(R|Ui|JDfwO0JzRK5x*q+?d^JAsSv4m zNi8{AwvwA+IUQl|%}~o*h+JL^wIIekTUl)5UMg)#G#CkRR4XNFZ5?KdxTv|_JpnEC z_6;%y@`ZtD|AN2VfjN#@iN{xrt_R_&^N1DI^MM~&3bOk}AS1BS@K&li0ks`f| zA}F9BAVn#Hbm^kfzJQ!_y^iyZGtR$z?~gt9m~*YM$C`7m_gU}SU*2B^001P!2TXi` z018JhH+MICOD|%e^?q>J1^^%hU;@Cq7+Nx_Q)ECeP=JI12qXo71Hf~qKGcsa2UP_1 z|E99SoR+WH2x~lv3XWJJpoH~+3boJ6Wdsi}%`BoO_{2C-8EV?dgt|erA*rVs%Xcw= zX%{+TYOG(IAR9}zz#7-t=5p1^lTN}@Vr+fxD0?3Qm`HJD%l$H|Y z{c_D!$(p_bRbp`o%sbs;~YvCuAU+{*Y*vp1pWzpL+TTvGJ zH7-!QeY=?`(zAxWM##Wr1fgP~9J-gME z&~f00HfEw2?e5r0TiKaom1l@JbvcfvW&CyBkQGyB?L3K4YlbKD(HW?6lpUSlLHcxbjh}|Vb zOK1aRDC_#8U=YK?tEj_3Fttsbq>!_+_H&qc|7sWwi@l@~Gq~L@}cTSS=aR2UlyQ1yn zuV-|@7wn~m2!rS~uWe(KezVKVacXlM1P^Hl^4)vLcsI*Kn=<)6wvevnCHH|y)3?E> zgs;jB9!m(E{KSh&g%hrZ;Mm_jldSfB6ba;7x$$=8`Ku<)QhGcHmr{A5QVJkoIqX#_ zaduBlZ<+N4`~Ln8cj{svd}xFuZ}|I^*HfJ>zM_n~k7EXe+}kDwq@gAy!Mwg60tONq zM#BkyqA?Uon;3XEFbZur9FU)qHn|E~ECmAN1?rc1jfaF=C1@i}bO>9QgtxFi4Aj^*Gsw-#FX(J9yt-bI&l)@VbyQjjH#G*Z=o9a*e z_%cuHGVW7`G)SIvZum;O_WpC9-=xmB0a6(;MWqy1i*N(3eeV8IVK!gBR=Mc7an4!o z&pPKD<_4I-WDk=8p%!-4Hp$~xd{j+&_M|zA?xjSGtLLV`1vae>Z&>Ds?+WD&+%KY_ z4~Q9x=H)(Hro$$q-CgUsNLCLlUDVUL1`nvTzc5Kf?bb5ZfCKVcJ%~eCZWlwf?&P&Ji#ME5leTR4SP3YiRWRL%=kjPCGK{ErMQtwxAyK>$ zMs;!bl7EfS)}p?Lz(lAiC)LUPxKDkCy<35vD^vWtpdcus@w%=#9b zo6jc0h;$%Gcho6@N~T|ydugWNDfnBVKxGm^DoA`nE3X~E^@#yLnq2DOJfi*}Yvn=a`D?8#J&NmBhA-)@QkPG}#l3E0JJ@#*gR4db&z+y#eA=?+B}yrs1%eq4 z^t*}oomg$tS1?suSxw9Tz!yprSV@Zb{8{oo^+~V`(DlJHyN_Ja)3@zHw(ml;T}35| zD|88Tx2~uhk&)CuSPUZx0D!hJ0iX>`0Lf@3hy+MN0=7RLyoZ61Q3`}y2-$`Jfz(7` z`WIrUF_dH=Jun%RL{A6HfT24KD4-PTcvmk6Ji!9Xh@n4BkwYov@eb~`j!v$YSbhxO zVU7xl)WJJCJ6IxhbajwILP!lwU8J(+C8X9RO+`HgT~$pDEDMI|a4IzvqNE6KJ67`bGa9A!)l}r>iYp zum@FHL2GMY20rvQ*Y;$*(XtTHl6WdA^Om;^kbPr5b6MSZPVkWj>_cZJ=Xu}Js5gzw z<$_@`g!vpuCCz0@{o0T?CNnP2{+9a~oo@w3)@nXnBp@IFn8StP#GD}Rk`uIG7BG{1 z^D7O~TemLE!XL1io!xUP(UCOzxrxO6Ol%?$z|Sz{Xrvq6j1BN@L~6_I@puI`*HDEz zO=sUVo}crX^2wxJf!(Qxi|o@e(~M(mxyCwE&qWy0#w+Zd*-kcu=IPyI8S+|w=5fPr z9-hrN)u=dHaxOblU`ZOCj*hWp&<62`gGNGHH&h4xGOXKKA;AgH#v(@3Y`88}K#&6}PNad~K+RLXu_Nxg3b7F61*9(_&8Mbrk8%4%?? zH=@_O@>z;t)1*M8*{8zT=633amnyb88|PCBtDP=MMcC}#o(&wV7$LNKFZ3)d6;Ol8 zGrebG6Q`@r{$5NZC7ZJGCWCx+?Yf%dt0SL8L-a?MuGehME&uRHW48_ff3N{8M6^o$ zL_RPav*Dx~Q|&Lk#Q3-We{9gOypFu=F%Uethf*7bpz!XIwy!OFn=6KAiJ2Hbg{l zqCa8dDEwb3^Y4ffqQ#?eku};)|I0{UHSY440l-=nn5ORbi#vvE@OyM;Qhod>Lc@4`IWMOCOT}|d+U@yw&98|u5mY+Ljn(= zligh!>9mSU{woi{XqT-~=PK6gSy-a=7z~wW6jagZ&{|#Z68W&;SqXFwIeov>v(b+q z>HKr%4(v*!yk%g!lNCC09WeaPaed9Z$!wTNd<{aiaK5KVSCr@ZhrWet*r_QkgTn z+kw3Y?i;O*dVfU}=T8A!MOpN(CEmwrep@PD?b9&7`ilyVh@xANR6b?+(4+@Q?VQW4 z65weppx?gsnEHJdso~38YvgIW`SiKg`+FMX_HGn2rJd1HqjmbW5fWWrzNZPDlNQgh zc+fwro2|W3N=LOX`1a;1D4$VdX5G=Z09>{DUV({ZZEeZdmdiwN5BrjyC5=uW(Oq?N z*h+EfiGEiW&U662rv??8cIs1J2b0R?N?*g9e9i1UwNLZ*oK za(5zNB`{(?SR#DP5;=2sIXC3bMEPf)YT z!Qya#g#Wn<|2xq?>hH7QR_Xq}uvdF0^{bYQXQRD0JU_)~r!4VoiHHE-AmS2PgjNDu zV&uYFu_=>SSoe}f4O&5(iU0lJ+!tmlH5>KZ82%AhlB>1yOs`!f&L7YC^6N^3@;oBG zszJW7>W15R&5FHNv(J!GOS1Gu-hv(AUlPKU8Gr<(D=NO4UqXqqG`ynb3O%K zqnKXZvshVSb>Q79&=lY(O|bTMajK>Qx$D_&7V` zFjsAc2Fppep$^(SE>K;*uLyMRcF|wUdq)bVycFJ^qc`FI^jzaD^ug$hf8qX|M zc&v=GZkx;YUx_}*Wks<@1kA2yx~*kT_pMnUQKa+BPCXL6)r`nRv^;tKSfawhQv@>Q zp!ex!;5}nBU21uJ$a*YCc!wC6Rdg8629SF&Sn|2=>ZZ-+`Z8>4CWi)=#_LO|yWoSu zUaRTXMLKp%1hqI*LYsRR5^H?FOLDq(KHTzd_LCXhu!1S5MDpaC{3hej=;))2 ztB%TNmFO5Vvv~hlpyXki%oVZR(+3NTtK5K&jT!uTAv=k@iydF$pas>7Yd2y6FBN*b zriVmmp*2a9Z|%cVY*!al!Yg=4CJHcg@OxqkOb&anPq3(n;PP!}Oyj#Z8sDso9}7#J zPL}z;9w{Ca%4wIaKUSE^yrRI4x*h8p@UH%2TQctU)DO`+di_xRA1-3#<(of64~7w4 z1e7THonz6TAw%)}(n^ef?Z1ouUpI_DUBt00$)OMpTf8;i6^~TLJ2<#u1u+6Y^p8H) zzrqoG{-Jw-VVDoU0)o;WivCA6N9F;E;rQ7+F#H%g|F0Q8TL+vZ?vM+A-Z&1!|LWTQ z4jomLN@GJJ+dkNGr>4vm?@NB1a2Au<#IPCTkk<=z6t`(2e@%jQZbAoa8MmF4Fv+#Q_%Iwm#@9LI# zH}d;0L~8)P*O&q(YFG^jONo}O0`UneM%gwolRbNx6=LMGFYedeQHN9pO_P5Ox&4sM zz)m)cJ)8Lh1t~RUJ-+Os`t^EWPX8EA(IIrZ_ZR`^tx+q-#a2=|_8;v*>kk$67zRxiGrJT)cjsuF;J1!8? z4>(yVkMrD8WdLBA_PKHCu9o*c`?lXabKYI(0ItIFAC)AQ+q20;w3M9QoW9xne;=5O A6aWAK diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.p12 b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..fe75a2e0825d3068e68b80c31f6ff6c19e979268 GIT binary patch literal 5327 zcmaJ^XD}QL*WG1z^-d5yx+p7puhCYE9=-QYqFXjfln}iIE9w$0I?6{H4SHRxpI%e_e$5KrAEz%<`9HfExef024tqpxpmLLMS~5mk0Eu zm(n8ac5BX;*L5IKR^gj zPoI%#+xSb%yu`q*ISC!_gF$|8A+sDs6N}S#hM{=?8Re|s+cLS`N9kZ>pj-Y!jq~hu z){;i9=XFUPE1p|8tHiO=2aZd&W?%RogXnDNCmCDfH-D}(vzM8543R|o@;IEdQf;{N zlAaJ~2udcmk=}gCSm%Je*kISHt}K&#Uq04<4$7h{dmKzmAkXpkxsjC8ln`ZbSdea` z-q!|$X@4k>=aYmyR+d;E1*Kd$6Wj9fC`jIzMY?5;c`T4MfLvI;?&(HD)f+y?2i-YO z!;qk*8}Lg>;CR()EL4su5A>0(j*+-!^VhDG+Got(?olDyQaqAx-1WH^E%V!QajHbP z-&}V6ygY%vnEatCP$m`MKXx*SdaDNJvG9tA%jRa~&NiG5U$EZXq(9SBYmSVUbKsi# zL+bnm*k)-~xS_&mx^m30S)AtHj?VJx zoZicqk`$t~k&>d-*2}AfIV_rOb-2Ts4I;V2bKNzw=m1tmpRUO<>8Bo^1V)qoF#+R_ zhXz&1h*$w~sae9pE6y6l*(`l&P;c7~r_RSFrNsg#df0ymAv$DB51B8y4yt6DaJbff z`&l3c@zb~j#0Z0Y{xdUI6 zc1Jk_jK^n9Afp!~@akS2Zwvm3)mnL4rH%crkKa71E;Q8D2EMz>m~3ME8ebaDtu8ZI zntrvq3078+BFA-weZP?X;2Za*knEUTE0dg2^QDq~PhF)oNtvJIk?}O*0WziLPqO*l zy@m^M#YPDECFJv4Ikpk4O-9>C0B?bWQ9k-n7J<$4mtG!L;$)E-G79HLt>O@NO)sHu zDWnT(FI(qagb&o8d8$lA3N&Q-M3g$cXveWT4+!xm<`cmlWK?*dgZ1%uxZ{OF;vzi< zzj3W?d?=yTec;auxfG0v6h%i8Ss6Q~Hm@*na@Jr&J8MM~ZkL!F zl>s@dPl+SYf8yy^JJH7BYg>bZ&TuJHrdK#UivAKrW0;>w7pHTGjS-xa&8^>qbN$Z7 z*=W=z_K!fezb7R9E~#QDr|p*#l;luU!ub=gYX%C0WBHZrJ|t1%1!hoV9slk?=tjeE zmnH4FR0$t$O6!}(v`Zw+Nu>Ic`-@EV^&l;$B*UwL*$^kb$?o5`;i6fHk5uymJ3#6aT|>Xhs#(zb8~Zjq*TO-{Lgvn$yG0@r zyR}5r9L#4I{Y&+zvU*WF6avAP>5D%ps|Ta-*e}2AGKD<_)0M}a@i*O(%dJw;wAGKD zIso)0De-c@XB6V~eP($)kVrt%Wq2y60%iIq5Ai4k$r(uj9)KW#AHe@_xd9viK~UCz z1yq6$K$QKrF^Zd)zHrVIBAcH$dFX1)I4KlCJpGRh2ZBTpfBs8#VF3YuTg$%_Ak^_6 z@HdU0L&g7vgwV$z%CU+UEPo=d-%anBJ5f8;KHOm7u={T^V*#1}-*A?wPfi|^A&}f!dRo=OiuQTSNKb1<0B;Mm4+K`JugpoVl z!IF!sBrn@4tg2U1Nw8v$O$HqM7AzWhoqrN%aGJ0dA;J)>d{aOC3a) zR-O=#Xqa{+g_G!UgOZ@3PsfQvM8@s$jDMSAl?euv9!Ag@I2<==WmkLOOBI!|mps|q zti8WHohxY+9Qhs#-qlW*w5=!YVgvBv%!Enp?8rVKQf-zVIym0CgzCts@{=2QeoKR4 zwJ%*_#n1^9ntFETdyd&+q8LIYu3oB!W?5ND^V_bCJ{Sd3Qs@*tP0n;Pd=nz1VOy+n z^D+dl>jU-t6$*AXeA=$$8%rN!@2C3iz8mLNc>4V%GCQnw?9L=D{2``Up?dXGJw%y0 zyN?eQWButyRdaV=K(YR)K)NJ^$DruMit^u=uocQlXi z`csh~>o>wO{n<%Yu)z6dF3|T}Px9F|#%Lq$V%KtNii?dP6~OnF-z5H?x{@beUSa#l zql&eR{1ptpl3+FDx|r5P-pDsq^yN-TXrJ!ER+krMuCB;ASY$S3nwdQD390p?Uzn?@ z766CvXC!+3gavbft6!jJ1;3xp#VpwO;TV`|%cNCe+drTXX}3=9o3e9y0Kn{-_*XE1ScmC+Eham`x`IGoosE6}_Gv_XiwVx!MZON9J{_^S>j|TVRaB$g`ugWhys^(!{R^AFO?VrtGNr=)e>JE)F`o{}v7#Als@;(le}B!nB5K_a4HAm3;~!+^z{FvbrS*CScsYX&2YT|CLmJG$&^lEJ&=709!}kVnhCOtow`c_y-RTVDR65hDKWEq*S$>56)I z@sfnW^o#bQYxex0OdPQK{aI`j#h$5Uj(2X#iQ?CurehQ}UjqCE3*OpH<;uH7tua*0}hQp~> zo7ero29|Td9&lW&44(RJgy?D+jpetT+?Yi&BOv~JcHvhCd-{_uSz(7x;FQymx4D>g zUA1ouYdFi{pQ+Yoz2iUw!2kobG>Nnw-MaqmsHhsv?ez4gNte@G=d$QD4@+E*o%-@* z_)7iJ15%o-bGXlZ=?l&HHL3OXTo&hR1_2Q22?@49quav+R7pVzn`)<$B_ll+8@Cwg znQ^R*L#gOm3|8SURb2NZOStsh64`|a%x%5geD5~EMve=kkqBOw0epYt&EB<%;CmZzEk)9vtrt)d@9}f(GQgPJ;8V7oVrkh%9v;a4X#1G z*V972er@W~>q;q}m*qicvvb+UZ%W!K?U@{6#=#`GTX`(r$n9%fc2mTyzn|_5RQj z5hBcxQI@9Yr(IzGmmSPN&7+XKVqk&gNAo?CsnfPDN{c;K4hC;q`xK{AGQlFN^0^KF zG8q(;qI5k&d|WQm4~&4%qkZi<_15EM`c9w*wlzW28ZIf)J`qO?^6IH=4Lj zs&x5|iPhz&Xowq3ui%I8w$ek%W>aa_(z#%nTEPH5!n3fR_lY(MoD$oF?Eqtdq`^D& z<+`CtvThS?mDc8Br_}+nE|PY-4`iWw{BnNo_|ENk*6o3$Uh6zpV+%jbCQ-AwOmK?hPk!I<JXGqPigStOy|G=fuQFL8-PKU&Wny-8_cuj3c8_8KnHk!Z{m zcg^M?>689L-+tg&^%aO5qvz2=g;Dr4hVR;liEibaqwZoLzpdkIU~vJLh|nnzO@IE9 z$o$m~%@dz3ZI#7=)Aq!=n+ z=rQ=$R#LHw(~hNgrB!Bf8ykoE>!I$fUe{1S6V5bOYRNm)pAHS`$JgzG#ZbMjDJE>a zQkiM~;kdVieczeI0kNRs>3jFsrb~2-2h#?}iNPG7Uh1hAfi80e%$W!82Q4Q8t8VV~ z#^fb>W{v+^YE5|1mP0J9z<1I2fMgJsgUv6*wD3F+c$)-piwpB0YoS$6fqCYRB*ou> zY~4rd%DYEI0TxZffhTTlvsO4a(A}!zA5?M(HYDY*DX+IFoT5P{r?{B#@kw^AW?BJh z#my-s*GU3A9*bQ*m$NR3d+v>wdV^pAgH>Hw!Sf@WQuJx|a{)p1R@y~ZbTn27m~Uz! zVIOEZlfm74@q6Mh&@(FhG4ni)Ns6qha~y~g&fGU~o>;sp3N(9G6okzsc90?G1dGC& zY)(bMVV6&e#*i6=&uo6&7W?H~eJ%sPy|f0+aqU zvPzH6o#`hcJzLEsT9X?{jd))uFsXI?W=>xyQOtOKaS(E9U&X*amKPx(e9173=WuC! zC(=b%5vc|V$>P3zd#n)G&I<5^)DiInhi>=$1 zBW?BT;T<0v;7dYT#_n^h=R6WBlb*?^DIL4s)=mpQ+%^H%031do8i`~N4km_7C5+a# zA#4_u`x0U;4{6-UlEhmajZNgl`q966D_@@q2WV7DO&s5fN6=Rbcx|0%ZEGhVPr$Mp zun`JkfCT$9Vg$3W+WRD_p+RP|@VA?k1D#`?4zKMdWoS3wsjxaNdxY6m#2&AJasUK6 zU?bc%q4mMUWQn6)Yp*w(R2eX($F0O0O=>UJj;2?JSE|>vt@+=Xv=RAHxEz;uAmv6I zPDj5$t7Du*K65NV!?olY{PlA+_|0CyCmh(@502^Utq4fOJ<CmB@Hv z&uapuj+G&)`K8m^X?z*m?{+^w^aQI*C_jkxue$9-Q*cJ}(sV1%B{rPoCHgr=Kh$LF z5s)yd$A45<)J@DQ?~xoTPsTcEsk`T!8)AHR8sVV@e8DwU_2Y!0?RNA+AE1pmSXsYzuCeGsaU zbsId%Ka%j)$P8@aHYW)ic23OnX>Ew-;8j<(5Vu;o)t=zS39OxNIJ)AfxPXI-y*&hy zbO&uvlG|Endf9q9KV?Q%x|*t5U7|0qVl8yxvfF+=pe|{o+Hcf_05apPc!H#94CJOf z@p4caE{*#hzB4m;D=f-#_l-KF;&L?)$jU^SHjB>w8__KYjlM0)dG3FUaAY z5*J`)<74IRViy1cfiKos^R|LWj71~>X%L9`HGn663E+vUbBT$-L_`qoM%-P1hLl1u z@{h<(8ZelO1O$YoqNxB1Qes00DU8TaA58;L9R%bsh>oL^I~uw_em^9Gk*Zh)__({F zB>{ixIJL#{nD&8Vnl1prrvZakRwA z^9UL-0FA-?4F7X~91lkQ+GH>Zh!_usf&e_2k_Zn5gYNbB+488r++N(RPtN*^mGf_M z31lwLF#A@Kda7JZkbjU(k2D5*gEcjFk#N_NQR3>$CG9$HWm!gniNW~|CdxC8S_O#$ zqlh#w2esK==PFE?6+`#eyI@;_hRj;iW!Kwyz_witLHy48 z3|+Tt8TQOn2$C{o{^aD%L%6Pm4DLFWoZ6m`RS)g=0^07x3cBULpd7dzHLm#wuqVH>(P)8PQIu^*?X~;w>qXIla5?tOvG)$_=jCBb3!+c?&Gg%DFb-g48gz@x?5XPsgoo zCmslv-^rFcFHs=6x5)5?2lRAx)=ELxS+Yp;>Bco!N$p3%r6f?da_{q*Au(E5UE2Er zm*@kuYObKO1*ImR1M10JZ%1sZTY52AFmc!i#A~K@sa@#AhCnKUb zo%4;xOS71kmDy2oNnZHj#_9HSOx)C==E-pZ-abc)$4-18i~pD6H}@64y07@LBgMOj zUfKPvk3d-Izbl>|fF1~w97e8X0X9O4yK0yqlI*|H)4F^I;vjWV2B8dVFr`pde96dXL09pc#22P?SF_L1K zeF$IoMY7!bMw3G=J4^hSPudv``jD3Nh2v3sRJa-5+lUHd+5pE}XqIzCmjc zq^{g9Z$NlU9c7gJO#XHAh54YVpj?V&L~(r)ae0>Q=_%d?Z{b}|CZ@t}Ye>A}nLs*zHj|+h5*e4bs#<-ch=}`b zS_yutp5l%)SuDmfGI-GsLWF=44!a4!zIK)ug}A4~8LH-Md3 zILGoQ8z8~}9wM;M2l^v696!TY|64DCu#W$a4cc}WktXh5E@(P{_6Hltlzi>&tz6yF zrvRxRWI!L0;a4+&^>X)fvbFR2hp1o%;6G3SJw(NivJP>90+7Gr0(Mlg!qNSwcle17 zF)@tzFW5K?|5wWVJEBBld9^iJ61H@PHuKAKIs=K?k!E;RxDz} zg3CDFn$wR*nE9qgCPu2Xdj$^3e_p-1!!~DxEdC;(ng_PfXVu+Zp#ZavJlycQc9|(M zd=K{i<#X*ES{2o><-)79pBzx9AFedQ;R%NHrmC~b8r{JUNpjyNqwAM> zGB!PV+TilA4oS37@7BVxz_;smTqQN&!Osf~yiZ5G^I$K`Q%_zF4Q9`YzETn0AEuLZ zUrvf|GrV`tXSJ=#@UMvC@d3YHmPhwWa^jlK*3#WCecCn`epA6AQ4C7bDyK~ESoDCY zJPLT!@&4w5MjeC)R1E0PHyQv?GBGP9Eo;5p^RnenUE}uW{kR%<_0yj6?EBIVsYO&)v zehEQ9G0F=%;9EuK&0p)AHR$E>i1J`v?~Kpu0<8B^??G+_F1?}6rYOvr#%P9~V~xKt zTGib7aJfuU+kb5bO*K{*}X0R-Ew^q6SJmCb;XLB>7r?hHfNl0AWX$m zD1S@BK(mxBPb6q(K1<_X3tSJKo7R>2X5cbZ^lWur;hXuD^I}((Ddj#$(3@>o=N78p+INTc#Ni4Tyzp zKi1d@R_4u`PNj&3ZVZFlq9T`I35`H$p2kXbowtO@i-25iwRV>t!KS3{;oRNhF^ztl z{7kUIIdeCuK%Vb(7qpYvTgjt!cw7tWcvw4;FIw~L^go^T#Bhw9B%AJ0OL3gC9}P)h zQp1r;Ly7Q~Y?7M%pG}@cCNGL=sIt0P56gZRHCxAPVvZw>qK8(-&P+cV4XB`UcWy$FS$XP16SP`22f31!xPEEk}E^RaL9Sop1> zP42{4yWyQx4DG01LkMS}mBKWd_HLh|U|(e?y1Z!vU&iXh=88OE2nwS~hu1fR1hq5gO?K+;u|}jI zLSJSfS#zS~VrPg3K*RlXm8SvRJIbwkbHdJwYf_TPaxtbOXYEXJbsy0i14O3z;5=lK z{XH^lTrYChR7?(kkG$%`4V|mliy0(z3&n7Ss5QoFPvgm+wNK?DjZX+I;(^a16N#$J ze2UeP)5UX$&h~JVjyodp@QO(2{Phm{^6TzJeSGM>g55VTnc}l$NkgHt5L4p|!zvo= z_3$FZU4>q$Z23ZSOL=w=(ifvyucVVy3e#`D>RTIPNWSdqr!y67NcMOMinl&JkbCJ^ zBL{oZg_8?JH9mn}TAkNqsGdMg86>pdYT+U2`6YKR!9^&!mK??-2 z4@B7hw(HxGwUQ!5@&2}`0AcliYpsrsNXTF`+D=vuR$f*}H7i$FZ?q5~_`_gv9~ms= zLn!}4ON9WKepo8n155RT>xYgC32^-CsOWz@Qux=1f7^yhV-C(@{@jKgg#XpG{hf)b zp->$k659+ySGqUnE(hv`ax%j$=2EZL`HHZhCN*%(rmPw$bW=^O{x07(btV<}xWx(?|Hxv6g}vH+ko2ofAe7erY*#VogQ8Fyk`t zy1(V!3vp=KulNTRl{+`{!=>Wy@6{{%gs}8@THMc*fJCBLGvYm0xWs+$pA@=|x=X?s z_K90b`vp|_v*JaY2(gZ)^7}mN#3`W{WC=x2s~?uS?|!gy9c#K;)XJwW$~+g#J%gez z>A9O=e}-%N0^z3dwSE;F9@1`CJO+X@z)rs__F9EsQME0{(zM;?fEbmp@P=WN~U2IYZG z0%3~@+Mw+^OVGPI7Gt-iR67>IlpD)t`HqS2dvTB~=GO<1zgs4X8(f+-xWCdF>w>`%Lq@6&+u3?2)%6d(x0h zV&r9f6?kMSK;R19({E*;w@w6ociQs5J^V)~8_vSD`CF&1iA}()2adq!&nqVBmXHFfjhF91Q}aRsJ6f zEf*Dx2K_5T{#FV)_Ww@dU?CwFg3);Yid-P0e6Oe<==#8WrRBW={WPU=;>3 zG6n#IgO2e(E08hK03aH4Osm+}NcJeGNbINtIMqhy>a8*+GXcFAPaiF(QNgG%|G=60 z$i9okKtu?w=)3I~>H&cSxD*>gC0HmE;6ONHm20!5B%hr{<1Q~sL35UrgXaBjOc5d9 zcxFix)^HwVaCf}e;JR{6%UDAG4;A*pbnngOlDgvkjhV(E^OfzOtBy&WXtn(O_{)gY zWvr6U;3sJuW!d+iyfU{h!Ri1dgZZj*_CaqZX5Z1d&r~jFL!?=-hq%6o(e;V^8+{{M zcvsny3{c&*tK|OrcJ5s>p3NJgle&h9=2a_emcEaY;36>y-(J_W!t3FPpab*jQKEy3 zf|2An9*(WMa>~2fC_4LynGd6>Bl)^O+5@qXw`S*Cd}RXmXkm9oN4DrVYI){ZHa_WF z3EaVlh|V7`c|CIB5=$A$Y`-OE!vd*Sf*{Yy-5Pc2_q+{tQuQw+8^T$yq$5;Y=nRd} z?&{V(YOg7h8O{Z)JFxLJaPWms_>30MyM`$=KhYpFy@0=VflI1(nzk)wWv#EtGO9U3 z_lbYiw~KgOi&rp_OFwO+Q;@jm<#3{IdS5TqKNJ{~9cZmK0bYNzHx9k4pSclhL}>8o zc#l;-y&&02*j6I*HH46#2wRJ2cn&HerVNrXy7SwwN@?_Z#EGA@s$xIHTC-N^Lq7h37iu#NUBRb~Jt$=}=-uM;@o&>u)-sO<(P`oB@yqWPe1FaV= z7JRPv$wdV*%u*$RSDq;!!W07NG9eRkYIHuOD^f^r_DgqS{2cmA8kx%3FFtB{k~V-$ z8gdwFxM{2t>I7RMV99f(|I)#sd$raYe9$@336YpQC!1r0Uf3P{>a=1$_2h(2eyqrj z&*N)r!FA2Mn_IP{@pj*uWNKuAx*YO~FmZbO653)o{b}iOTCFhbNZ#c-NWU(gr~Q7u zqsZZMv5s3^$e1YKmG!7~ACuDuyP_CYtq+$-9G|Kfshr2>*C@U{RcU0(+hhdzQ|)ml zJJ1mKmWe#_X}ZhNOka8V_R71-&f$6snqEaf<>@!=GoKu&KRj1yMQ19BH`H!kYXH@*fpqJ1b(u-;ij=5Mzxc3-XybqLt3tLZ~I;>Mb9#m;`mYq82~G1hg=bRrmeVV zM;1lM)#e`SGut%TI7wqMdxS%>C}oE%p+x8DNLYQIMAaGNDinBVv!z)Bl;zb_q-Mv9 zxwZXyH^nH2Mz5%zGCAIT0okyN{AltTBl~tKATKwMQuiG1atyLrv%1F6#0CM^gO-a= zga@-b_Q<{IdU=KKj~~86Y@q`}}=i&0dgV7j=&vWj0KF7R8zQW5%z#nEnUe;jCfjOU37q#og^P@#by`<_-1 zB2xLar+k%uvioCCsSQE9IEqDW6hGlZ?lW2x-^W2Dc-28n|KuYkke8g66yOdB2G|1J z0L}n=fCs=2;QAMXK@9)4k?@kD0)sM@x!raS6*xS~genAP74j?Pvq50I$$#2jpcjJi z`u<8?$Vh;{(DJW?1akO?{LN?+kjTFj2gHF2yjXSeQAnyW6)M*TyCaEvsH={P|2MCZ zk?8*4$R1_$pr=;maU4z+NPHo7a~TQ7li>(<)V(7cHLq-K>Bd3Nv(0lYXPiQWNNx^7v}hq(gPN%8gV?3yVJA))_ix44Qkp}XxXjj z+@JQ=WqhrScU3>Iy{dlSHcF+PBeArm<_>AH?>5*S;iRmzxJa9))f6op!X2*C7JPhi zB7%-4$Z4+(1jv9b4N$XjVOS{U=j$`vw~#p;MCTO8=fNd1x;+^dIjTHs^{O)RyGDEY z^~>(KW&0P5HA^tZ2<=+zu{#<1cdF$vbQ^sLxl~9Qm_3DH0pSz zQbo1pPqux%n|#tOFDo~|V6z8~8B`RHQ1FiEb}3`#HXqR|-{|A?=pv`N;~D|E%eBa=3RW|VfQ9>;%TUzLn|E$?$=3U30|o}? z{RH7iN3{m8rEF#f*ryWMhKzPf_w^sVWm~zBbTUe74;lXqCsO!l!g$Q!8r$x_Pox+$ zM&_4Vt<%zZp{ZkWM+W14(5CnzL=)8qOI>Mm>S<{&R1a^7vAu zSuf4fYZOt)%exkv(ik##q|*gC&&Dkz1*Nc$Oeq=C2u*1}jsSjTirgvNPF-!g5OL7M zK-b({Z3GqEsvEcFRhaNig*kA@00#$QpO6~mr%Fu|E?IsgAUQ6!epuyxSj4oFWw(3; zW#HJF=-Xia(MW-liUO^P>W}2w^}Bm`<#htZ`bL>I1JvkJWh;|&<6NwM^-+{u4hREbrMzh6+M;1z^VuVSZ{B)Az2rzs;JeDnHa)jiJ7F~vMG3yY zq=uP!BJR%^8;xon*J*nm4((SBRH^FN{U3xMrF;p@X5QEsO~*ucl&hSeaum&F4LtpP zW)~W`a0|@uj+=6~JvQuIYr`+NCrFIVa%z!pqfOEyvDi3k?_D#RV)h(V@j;}{WiCb$ z2BZsMB83hd!NhXHb^ji8_+pSbR#__5lwatKk|wn{#fwcCHa8_?|I91oQPH}5@57Jv zusX`aZA^naKyEJWTG(gi6o^Cj(cCtiRPAq#0!>AlAJbqFJEm>KZ{ z``Ap?QBw+{$!c!a|RX@EdCAIsP5zVJ8BXeOKcsLi>JR*p4{& z+P|-G+W}odXXS?`bTz%|l_7xJL*&=X?$fVo@mc=i=pa#gfwOiCNXeJW8(`7W)X@b( zNwn>~tpicZ7+ujJX5v~>aC<~cB*73H|F=>=Qp_vnVlGg^H~K_VrEeJJI0RMN#{O^b}!_cVgrsd*Ay!bZfGKH59g zhs?w9?v5q#_%HN}9Ixs{1>x-DTv^a7Ca)XF^*Ncn9_TYRTH8)uIUP^vyJsKO{(vB( z3-o3jScU0#qml1<>`r3#f@oqfuJ0b4Nvh1hq;*4Jo!b1Jo+jw( z%R`N{-S^UO)1U4It9ZmeK66qQ9V( z8l?9<;Vvc|o=`TR??z!Oe|s6cPHTCL@q$|0&$0RtY|rB@ZBuTlFJ$WcU~58HL%qL{ zWs)bac~~qc_1wX&Fj)8<+a^yk8d5LQs$3TLo})u8Jk+t1Lc!tQZry_EIm);ps9}A< zfIPEVs2tU%1r+hU@&e|V(6^BPoiXR;`e&^KQ?aa@C`gz@QuVyr^5)5P{MmuQS&fhY zyi&_^;H+0^2=#<%T``40Tj?-^*}D`uIY+#9q>Pv=cnIkFN-nnh8rGmva>H7k${T5n zR_hN$0hr?@%sdk6k5V<6AVe#3Nv(Y5urJNg%Jdvn&^7mQz+Il39Gnjf+yIV`>O-yFnY{&KoqEs7625kM$`=JcYKwab>QJrg zFgdJiP!$z)vRDnKKKG=HHm(Hon#A6%cDb@~lHslXsf<-ww;}Hhc-il-k<0gWCwFPm zZ;3`7RgQb3*Ee2{m>X%SG<8|m^v6$U)@*SfK{h_}l*!H!7ziGIfAoC-?VgG>236k7(munSoW z=U>Qfi&thCuSH?KlP1jm&N@A&WMlhQ3+={-0n+NV$ZbjjGh37Rs*(bNhXHC2!w+Il zb|#G_lj(UzLTyx|lZ(`Z181Wmvwx<^WMhX&Zf_d_l4QLwSHkws@01f_RDL+vJvM7+ zDPIwztbKMH06aGvL#Gc4mn5viPob(VRed|>E^Z=zQs{33YHt~?z53~_9k;F3guK+2 zGCGP$th9*Kp035+QThMm{_zzIqQ^QnG1xUYm!!8G3qNk|{%-D4>-*f2!Smx;>b;om znp#+*1(m}`CHHn^>Gc`6@xYAtM>}3;zh#MI{lXm%FiwZ1q`Ac4L3UJMm(I>uV}JEq zOil#`zFB}8qJxZEsA3rz-1rnJWM6VrL`}qImn+^}Ou&ikJrd3!@|8YHBPz4qC{SA} zu#?#w`I|Z)?ozI`GvFoPUBrHKO<(el1)+A?z!c}YU-(ys;f z?HL_!HKjV2urK8355QM6Gw(EVEWu`pGIecB1!yR|_-_MSWr-3WIzOzm=$$C)5!sGP zt4T!ZnXB;xzx_H5}b%(_n=r6+Vw4P0x*rcQY_k*V)GH-(V;n&g!bUhHiZ_Zg9h? z`e9>8ZtyA-$a^`h^oM+6=Yy@NvM`I1OjV`iYhxzIW`Bk~67t>tqNHM38DPGS24gn} z0dF39@h4F9q3c+ILK6<$>)y?_V(07Z?8PE|UcXb%wzr6qbS{!$AUI_L zE=su&o+q(L``nNoi5UMb$ru-~PraJt*d8VEXW4DJ%O#p_KOHv2+OCrd4m z!DVUEfGz)z=}aWi29>M6&TAxj7Hn;hi3@J4Qc;^H{N8xaysyJ}pgU11t^j90ga#kM zBoJ{NWEM=IXhq99XAARgTMLu#JM=7cq@fSZmcoxuVc?dZUnIB|-7&u=kM+8=g4IqZ z8V_+YmzFpVUVApG&U|u1!P|h}myb$Gs?*{@b*LXxsDh7*(Rf4FzX=AntfPn|H0{?Z z3A~aR`ucLE#mXdrZRl9oU179XAasvtUG43K9|c{N<748gv3P5!NkfW+Yt;wJDe@-q z?d)mYp3CZH-Q>c-9}QwoLvOn}071uRa*@1wi38T!%Y3iI)ho&NV_{SUr80>=OV literal 0 HcmV?d00001