testing/itest/ws/http-ssl/README - tuscany-sca-2.x - Git at Google

 The module tests web service communications running over HTTPS. HTTPS is configured
 in this embedded test environment by adding the confidentiality intent to both
 reference and service and by configuring reference and service side policy sets
 to configure the web service binding appropriately to enable SSL.

 When running the web service binding in a container that itself is configured
 to provide SSL support these policy sets are not required. TODO can they themselves
 detect that they are not required.

 The SSL configuration depends on public/private key pairs and a keystore. This is how
 they are organized and generated


 Generate Private/Public keys into a keystore for use at the server
 ------------------------------------------------------------------

 keytool -genkey -keyalg RSA -sigalg MD5withRSA -keysize 1024 -alias TuscanyUser -dname "CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, S=Hampshire, C=UK" -storetype JKS -keystore tuscany.jks -validity 9999 -keypass tuscany -storepass tuscany

 View the contents of the key store that result
 ----------------------------------------------

 keytool -list -v -keystore tuscany.jks -storepass tuscany

 Keystore type: JKS
 Keystore provider: SUN

 Your keystore contains 1 entry

 Alias name: tuscanyuser
 Creation date: 26-Feb-2010
 Entry type: PrivateKeyEntry
 Certificate chain length: 1
 Certificate[1]:
 Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
 Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
 Serial number: 4b87b4d7
 Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
 Certificate fingerprints:
          MD5:  C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
          SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
          Signature algorithm name: MD5withRSA
          Version: 3


 IN THIS EMBEDDED TEST THE FOLLOWING ARE NOT REQUIRED AS BOTH REFERENCE AND SERVICES
 ARE RUNNING IN THE SAME JVM AND HAVE ACCESS TO THE SERVICE SIDE KEY STORE

 Generate the client side certificate
 ------------------------------------

 keytool -export -alias TuscanyUser -file tuscany.cer -keystore tuscany.jks -storepass tuscany

 Print the contents of the generated certificate file
 ----------------------------------------------------

 keytool -printcert -v -file tuscany.cer

 Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
 Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
 Serial number: 4b87b4d7
 Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
 Certificate fingerprints:
          MD5:  C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
          SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
          Signature algorithm name: MD5withRSA
          Version: 3
	The module tests web service communications running over HTTPS. HTTPS is configured
	in this embedded test environment by adding the confidentiality intent to both
	reference and service and by configuring reference and service side policy sets
	to configure the web service binding appropriately to enable SSL.

	When running the web service binding in a container that itself is configured
	to provide SSL support these policy sets are not required. TODO can they themselves
	detect that they are not required.

	The SSL configuration depends on public/private key pairs and a keystore. This is how
	they are organized and generated


	Generate Private/Public keys into a keystore for use at the server
	------------------------------------------------------------------

	keytool -genkey -keyalg RSA -sigalg MD5withRSA -keysize 1024 -alias TuscanyUser -dname "CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, S=Hampshire, C=UK" -storetype JKS -keystore tuscany.jks -validity 9999 -keypass tuscany -storepass tuscany

	View the contents of the key store that result
	----------------------------------------------

	keytool -list -v -keystore tuscany.jks -storepass tuscany

	Keystore type: JKS
	Keystore provider: SUN

	Your keystore contains 1 entry

	Alias name: tuscanyuser
	Creation date: 26-Feb-2010
	Entry type: PrivateKeyEntry
	Certificate chain length: 1
	Certificate[1]:
	Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
	Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
	Serial number: 4b87b4d7
	Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
	Certificate fingerprints:
	MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
	SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
	Signature algorithm name: MD5withRSA
	Version: 3


	IN THIS EMBEDDED TEST THE FOLLOWING ARE NOT REQUIRED AS BOTH REFERENCE AND SERVICES
	ARE RUNNING IN THE SAME JVM AND HAVE ACCESS TO THE SERVICE SIDE KEY STORE

	Generate the client side certificate
	------------------------------------

	keytool -export -alias TuscanyUser -file tuscany.cer -keystore tuscany.jks -storepass tuscany

	Print the contents of the generated certificate file
	----------------------------------------------------

	keytool -printcert -v -file tuscany.cer

	Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
	Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
	Serial number: 4b87b4d7
	Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
	Certificate fingerprints:
	MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
	SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
	Signature algorithm name: MD5withRSA
	Version: 3