This is an automated email from the ASF dual-hosted git repository. robertlazarski pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git
commit 61699d88ee9cc66ac7419a652de9e3d80aeea21c Author: Robert Lazarski <[email protected]> AuthorDate: Tue May 19 04:13:46 2026 -1000 Move demo certs from repo root to sample directory Development-only PKI certificates (self-signed CA, password "changeit") were at the repository root. Move them to the springbootdemo-tomcat11 sample directory where they belong, and add a README making clear they are for development only and must NOT be used in production. Reported by Christian Ortlepp during 2.0.1 release vote review. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> --- .../springbootdemo-tomcat11/certs/README.md | 26 +++++++++++++++++++++ .../certs}/ca-truststore.p12 | Bin .../springbootdemo-tomcat11/certs}/ca.crt | 0 .../springbootdemo-tomcat11/certs}/ca.key | 0 .../springbootdemo-tomcat11/certs}/ca.srl | 0 .../certs}/client-keystore.p12 | Bin .../springbootdemo-tomcat11/certs}/client.crt | 0 .../springbootdemo-tomcat11/certs}/client.csr | 0 .../springbootdemo-tomcat11/certs}/client.key | 0 .../certs}/server-keystore.p12 | Bin .../springbootdemo-tomcat11/certs}/server.crt | 0 .../springbootdemo-tomcat11/certs}/server.csr | 0 .../springbootdemo-tomcat11/certs}/server.key | 0 13 files changed, 26 insertions(+) diff --git a/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/README.md b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/README.md new file mode 100644 index 0000000000..493d9070fe --- /dev/null +++ b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/README.md @@ -0,0 +1,26 @@ +## DEVELOPMENT CERTIFICATES ONLY — DO NOT USE IN PRODUCTION + +These certificates are for the Axis2 MCP bridge mTLS demo and +the springbootdemo-tomcat11 sample application. They are: + +- **Self-signed** (not issued by a trusted CA) +- **Password: `changeit`** (hardcoded in sample configs) +- **Committed to a public repository** (the CA private key is public) + +Using these certificates in production would provide zero security — +any attacker can download the CA key from this repository and forge +client certificates. + +For production mTLS, generate your own PKI with a proper CA that is +NOT committed to source control. + +### Files + +| File | Purpose | +|------|---------| +| `ca.key` / `ca.crt` | Root CA (RSA 4096, 10-year validity) | +| `server.key` / `server.crt` | Server cert for `localhost` | +| `server-keystore.p12` | Tomcat server keystore | +| `ca-truststore.p12` | Tomcat truststore (CA cert only) | +| `client.key` / `client.crt` | Client cert (`CN=axis2-mcp-bridge`) | +| `client-keystore.p12` | MCP bridge client keystore | diff --git a/certs/ca-truststore.p12 b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca-truststore.p12 similarity index 100% rename from certs/ca-truststore.p12 rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca-truststore.p12 diff --git a/certs/ca.crt b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca.crt similarity index 100% rename from certs/ca.crt rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca.crt diff --git a/certs/ca.key b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca.key similarity index 100% rename from certs/ca.key rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca.key diff --git a/certs/ca.srl b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca.srl similarity index 100% rename from certs/ca.srl rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/ca.srl diff --git a/certs/client-keystore.p12 b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client-keystore.p12 similarity index 100% rename from certs/client-keystore.p12 rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client-keystore.p12 diff --git a/certs/client.crt b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client.crt similarity index 100% rename from certs/client.crt rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client.crt diff --git a/certs/client.csr b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client.csr similarity index 100% rename from certs/client.csr rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client.csr diff --git a/certs/client.key b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client.key similarity index 100% rename from certs/client.key rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/client.key diff --git a/certs/server-keystore.p12 b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server-keystore.p12 similarity index 100% rename from certs/server-keystore.p12 rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server-keystore.p12 diff --git a/certs/server.crt b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server.crt similarity index 100% rename from certs/server.crt rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server.crt diff --git a/certs/server.csr b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server.csr similarity index 100% rename from certs/server.csr rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server.csr diff --git a/certs/server.key b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server.key similarity index 100% rename from certs/server.key rename to modules/samples/userguide/src/userguide/springbootdemo-tomcat11/certs/server.key
