summaryrefslogtreecommitdiffstats
path: root/sca-java-2.x/trunk/itest/ws/http-ssl/README
diff options
context:
space:
mode:
authorslaws <slaws@13f79535-47bb-0310-9956-ffa450edef68>2010-02-26 13:44:40 +0000
committerslaws <slaws@13f79535-47bb-0310-9956-ffa450edef68>2010-02-26 13:44:40 +0000
commita968a1ff5448680cb24918e6fa31db6158cf9944 (patch)
tree2681333b61338d25005af2240fef80498769816f /sca-java-2.x/trunk/itest/ws/http-ssl/README
parentb94f0eefa25f47579547e39de6a283d05a035af3 (diff)
Create a new key store and enable the test. Using a ws binding without an explicit HTTPS url doesn't work at the moment. The providers need to do more work based on the the security configuration.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@916679 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r--sca-java-2.x/trunk/itest/ws/http-ssl/README68
1 files changed, 68 insertions, 0 deletions
diff --git a/sca-java-2.x/trunk/itest/ws/http-ssl/README b/sca-java-2.x/trunk/itest/ws/http-ssl/README
new file mode 100644
index 0000000000..41dcb8680b
--- /dev/null
+++ b/sca-java-2.x/trunk/itest/ws/http-ssl/README
@@ -0,0 +1,68 @@
+The module tests web service communications running over HTTPS. HTTPS is configured
+in this embedded test environment by adding the confidentiality intent to both
+reference and service and by configuring reference and service side policy sets
+to configure the web service binding appropriately to enable SSL.
+
+When running the web service binding in a container that itself is configured
+to provide SSL support these policy sets are not required. TODO can they themselves
+detect that they are not required.
+
+The SSL configuration depends on public/private key pairs and a keystore. This is how
+they are organized and generated
+
+
+Generate Private/Public keys into a keystore for use at the server
+------------------------------------------------------------------
+
+keytool -genkey -keyalg RSA -sigalg MD5withRSA -keysize 1024 -alias TuscanyUser -dname "CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, S=Hampshire, C=UK" -storetype JKS -keystore tuscany.jks -validity 9999 -keypass tuscany -storepass tuscany
+
+View the contents of the key store that result
+----------------------------------------------
+
+keytool -list -v -keystore tuscany.jks -storepass tuscany
+
+Keystore type: JKS
+Keystore provider: SUN
+
+Your keystore contains 1 entry
+
+Alias name: tuscanyuser
+Creation date: 26-Feb-2010
+Entry type: PrivateKeyEntry
+Certificate chain length: 1
+Certificate[1]:
+Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
+Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
+Serial number: 4b87b4d7
+Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
+Certificate fingerprints:
+ MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
+ SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
+ Signature algorithm name: MD5withRSA
+ Version: 3
+
+
+IN THIS EMBEDDED TEST THE FOLLOWING ARE NOT REQUIRED AS BOTH REFERENCE AND SERVICES
+ARE RUNNING IN THE SAME JVM AND HAVE ACCESS TO THE SERVICE SIDE KEY STORE
+
+Generate the client side certificate
+------------------------------------
+
+keytool -export -alias TuscanyUser -file tuscany.cer -keystore tuscany.jks -storepass tuscany
+
+Print the contents of the generated certificate file
+----------------------------------------------------
+
+keytool -printcert -v -file tuscany.cer
+
+Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
+Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
+Serial number: 4b87b4d7
+Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
+Certificate fingerprints:
+ MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
+ SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
+ Signature algorithm name: MD5withRSA
+ Version: 3
+
+ \ No newline at end of file