Ignore:
Timestamp:
18/12/08 13:45:04 (11 years ago)
Author:
pjkersha
Message:

Global replace to fix copyright from STFC & NERC to STFC alone because it's not possible to have copyright held by two orgs.

Location:
TI12-security/trunk/java/axis2
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/java/axis2/src/ndg/security/attAuthority/README.txt

    r4109 r4680  
    11Running Tests 
    22----------------- 
    3 The AttAuthorityClientADBTest class contains a number of tests to exercise the AttAuthorityClientADB class 
    4 under a variety of circumstances.  To get this running, edit the test.properties file so that 
    5 the configuration dir, certFile (which should point to the public cert of the server) and  
    6 the endpoint url are correct.  NB, the endpoints are currently set 
    7 to allow tcpmon to be connected into the system - i.e. input port 4900, service port 5000 and 5100. 
     3The AttAuthorityClientADBTest class contains a number of tests to exercise the  
     4AttAuthorityClientADB class under a variety of circumstances.  To get this  
     5running, edit the test.properties file so that the configuration dir, certFile 
     6(which should point to the public cert of the server) and the endpoint url are  
     7correct.  NB, the endpoints are currently set to allow tcpmon to be connected  
     8into the system - i.e. input port 4900, service port 5000 and 5100. 
  • TI12-security/trunk/java/axis2/src/ndg/security/attAuthority/test.properties

    r4253 r4680  
     1<<<<<<< .mine 
     2certFile=/home/pjkersha/workspace/security/python/ndg.security.test/ndg/security/test/attAuthority/siteA-aa.crt 
     3confDir=/home/pjkersha/workspace/security/java/axis2 
     4======= 
    15certFile=/home/pjkersha/workspace/security/python/ndg.security.test/ndg/security/test/attAuthority/siteA-aa.crt 
    26confDir=/home/pjkersha/workspace/axis2 
     7>>>>>>> .r4253 
    38endpoint=http://localhost:4900/AttributeAuthority 
  • TI12-security/trunk/java/axis2/xmlbWsseEchoClient/src/wssecurity/test/security/ndg/README.txt

    r4245 r4680  
    11Instructions for getting a working Java client 
    2 ------------------------------- 
     2---------------------------------------------- 
     3* JDK 1.6 is assumed for this  
    34 
    4 1. Download and unpack axis2-1.4 (http://ws.apache.org/axis2/download/1_4/download.cgi#std-bin) 
    5 2. Download and unpack rampart1.3 (http://ws.apache.org/rampart/download/1.3/download.cgi) 
     51. Download and unpack axis2-1.4  
     6(http://ws.apache.org/axis2/download/1_4/download.cgi#std-bin) 
     72. Download and unpack rampart1.3  
     8(http://ws.apache.org/rampart/download/1.3/download.cgi) 
    693. Ensure that the AXIS2_HOME environment variable is set correctly then  
    7 run 'ant' in the $RAMPART_HOME/samples dir - this will copy the required rampart 
    8 files into the axis2 install 
    9 4. Download wss4j-1.5.3.jar (http://mirror.fubra.com/ftp.apache.org/ws/wss4j/) and add to the $AXIS2_HOME/lib dir 
     10run 'ant' in the $RAMPART_HOME/samples dir - this will copy the required  
     11rampart files into the axis2 install. (If ant is not installed it can be 
     12downloaded from http://ant.apache.org/) 
     134. Download wss4j-1.5.3.jar (http://mirror.fubra.com/ftp.apache.org/ws/wss4j/)  
     14and add to the $AXIS2_HOME/lib dir 
    10155. Create a java project in eclipse 
    11166. In the top level directory of this project, run the following command: 
    1217 
     18$AXIS2_HOME/bin/wsdl2java.sh -uri <service>.wsdl -p ndg.security.client -d adb -s 
     19 
     20[For Windows ... 
    1321%AXIS2_HOME%\bin\WSDL2Java -uri <service>.wsdl -p ndg.security.client -d adb -s 
     22...] 
    1423 
    1524NB: '-uri' should point to the wsdl to create the service against (can use 
    1625absolute file path if the wsdl if available locally) 
    1726 '-p' specifies the package to create 
    18  '-d' specifies the databindings to create - here we use the Axis Data Binding default - which is a simple, but not too flexible approach 
    19  (other options are available: xmlbeans - http://ws.apache.org/axis2/1_4/userguide-creatingclients-xmlbeans.html; and 
     27 '-d' specifies the databindings to create - here we use the Axis Data Binding  
     28 default - which is a simple, but not too flexible approach (other options are  
     29 available: xmlbeans -  
     30 http://ws.apache.org/axis2/1_4/userguide-creatingclients-xmlbeans.html; and 
    2031 JiBX - http://ws.apache.org/axis2/1_4/userguide-creatingclients-jibx.html) 
    21  '-s' specifies synchronous invocation - i.e. the client will wait for a response - use '-a' for 
    22  asynch clients - i.e. with callback handlers) 
     32 '-s' specifies synchronous invocation - i.e. the client will wait for a  
     33 response - use '-a' for asynch clients - i.e. with callback handlers) 
    2334  
    24  7. Refresh the project in eclipse to import the generated stub file - which will be called 
    25  <service>ServiceStub.java (NB, if other binding types are used there will likely be many more  
    26  stub files produced) 
    27  8. Open the <service>ServiceStub.java file and correct the package name, if need be.  Also make 
    28  use of eclipse's auto formatting function (ctrl-F) to tidy up the code. 
    29  9. Add the contents of $AXIS2_HOME/lib to the build classpath - this should then remove all 
    30  the errors displayed in eclipse for the stub file. 
    31  10. Create a new class - <service>Client.java - in the same package as the stub file. 
    32  11. The new class should be based on the example client jar in this folder - i.e. EchoClientADB.jar 
    33  12. Download geronimo-j2ee_1.4_spec-1.0.jar and add this to the classpath (otherwise you end up with 
    34  a org.apache.axis2.deployment.DeploymentException: javax/jms/JMSException error when running the client) 
    35  13. Copy the $AXIS2_HOME\repository\modules directory to the top level of the project - otherwise you'll get errors involving rampart not being engaged (NB, you can probably 
    36  avoid this step by setting up the build path to include the original axis2 install home?) 
     35 7. Refresh the project in eclipse to import the generated stub file - which  
     36 will be called <service>ServiceStub.java (NB, if other binding types are used  
     37 there will likely be many more stub files produced) 
     38 8. Open the <service>ServiceStub.java file and correct the package name, if  
     39 need be.  Also make use of eclipse's auto formatting function (ctrl-F) to tidy 
     40 up the code. 
     41 9. Add the contents of $AXIS2_HOME/lib to the build classpath - this should  
     42 then remove all the errors displayed in eclipse for the stub file. 
     43 10. Create a new class - <service>Client.java - in the same package as the  
     44 stub file. 
     45 11. The new class should be based on the example client jar in this folder -  
     46 i.e. EchoClientADB.jar 
     47 12. Download geronimo-j2ee_1.4_spec-1.0.jar and add this to the classpath  
     48 (otherwise you end up with a org.apache.axis2.deployment.DeploymentException:  
     49 javax/jms/JMSException error when running the client) 
     50 13. Copy the $AXIS2_HOME\repository\modules directory to the top level of the  
     51 project - otherwise you'll get errors involving rampart not being engaged (NB, 
     52  you can probably 
     53 avoid this step by setting up the build path to include the original axis2  
     54 install home?) 
    3755 14. Copy the $AXIS2_HOME\conf directory to the top level of the project 
    38  15. Copy the client.properties file from this project into the top level directory of your project 
     56 15. Copy the client.properties file from this project into the top level  
     57 directory of your project 
    3958 16. Set up security keys to use: 
    4059        a) $JAVA_HOME/bin/keytool -genkey -alias client -keystore client.jks -keypass apache -storepass apache -keyalg RSA 
    41         (NB, can adjust names, but key needs to be RSA format to be accepted by the python ZSI webservice library also, 
    42         best to use the default keystore type of 'JKS' - since 'PKCS12' doesn't allow trusted certificates to be stored - so 
    43         it is not possible to store the service key - i.e. step (c), below) 
     60        (NB, can adjust names, but key needs to be RSA format to be accepted by the 
     61        python ZSI webservice library also, best to use the default keystore type  
     62        of 'JKS' - since 'PKCS12' doesn't allow trusted certificates to be stored - 
     63        so it is not possible to store the service key - i.e. step (c), below) 
    4464         
    45         b) The key now needs to be signed by a Certificate Authority (CA) (to allow ZSI processing to complete successfully): 
     65        b) The key now needs to be signed by a Certificate Authority (CA) (to allow 
     66        ZSI processing to complete successfully): 
    4667                i) Firstly generate a certificate request via: 
    4768 
    4869$JAVA_HOME/bin/keytool -certreq -keystore client.jks -storepass apache -alias client -file client.cert.req 
    4970 
    50                 ii) Now, to get hold of a Certificate Authority key pair, copy the index.txt. openssl.cnf and serial files from  
    51                 axis2/xmlbWsseEchoclient/opensslFiles/ (originally from http://wso2.org/library/174) 
     71                ii) Now, to get hold of a Certificate Authority key pair, copy the  
     72                index.txt. openssl.cnf and serial files from  
     73                axis2/xmlbWsseEchoclient/opensslFiles/ (originally from  
     74                http://wso2.org/library/174) 
    5275                iii) Run,  
    5376                 
    5477openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -config openssl.cnf 
    5578                Enter a password for the CA private key when prompted. 
    56                 (NB, some of the DN data that you input whilst running this command will need to match the DN 
    57                 data of the generated key that you want to sign - so try and ensure the data is similar - especially, avoid 
    58                 using the default values since these are not the 'Unknown' values that the keytool provides) 
     79                (NB, some of the DN data that you input whilst running this command  
     80                will need to match the DN data of the generated key that you want to  
     81                sign - so try and ensure the data is similar - especially, avoid 
     82                using the default values since these are not the 'Unknown' values that  
     83                the keytool provides) 
    5984 
    6085                iv) Create new certificates signed by the CA key using: 
    6186 
    6287openssl ca -config openssl.cnf -out client.pem -infiles client.cert.req 
    63                 (NB, this command will fail if the DN data between the CA cert and the generated key mismatches significantly - as described in (iii) 
     88                (NB, this command will fail if the DN data between the CA cert and the  
     89                generated key mismatches significantly - as described in (iii) 
    6490 
    65                 v) To import the new signed key into the keystore, need to put into binary format: 
     91                v) To import the new signed key into the keystore, need to put into  
     92                binary format: 
    6693                 
    6794openssl x509 -outform DER -in client.pem -out client.cert 
     
    7198openssl x509 -outform DER -in cacert.pem -out cacert.cert 
    7299 
    73                 vi) Lastly, import both the CA certificate and the new key (NB, the CA cert needs to be imported first -  
    74                 therwise you'll get a 'keytool error: java.lang.Exception: Failed to establish chain from reply') 
     100                vi) Lastly, import both the CA certificate and the new key (NB, the CA  
     101                cert needs to be imported first -  
     102                therwise you'll get a 'keytool error: java.lang.Exception: Failed to  
     103                establish chain from reply') 
    75104                                 
    76105$JAVA_HOME/bin/keytool -import -file cacert.cert -keystore client.jks -storepass apache -alias ca 
    77106$JAVA_HOME/bin/keytool -import -file client.cert -keystore client.jks -storepass apache -alias client 
    78107 
    79         c) The last thing to do is import the public key of the service into the client keystore: 
     108        c) The last thing to do is import the public key of the service into the  
     109        client keystore: 
    80110 
    81111$JAVA_HOME/bin/keytool -import -alias service -file service.cert -keystore client -storepass apache 
    82112 
    83 17. Edit the contents of client.properties to ensure the file and password properties are set correctly. 
    84 18. Edit the contents of $AXIS2_HOME\conf\axis2.xml adjusting the rampart set up as appropriate.  NB, the 
    85 example file included in this codebase (axis2/xmlbWsseEchoclient/conf/axis2.xml) should be sufficient for 
    86 the purposes here.  The README.txt file in axis2/xmlbWsseEchoclient/conf/ gives a more detailed explanation 
    87 of the various configurations of this file. 
    88 19. Include a password callback class, if this is set in axis2.xml, in the source code structure - NB, the 
    89 basic PWCBHandler.java, included in this directory, can be used as a starting point. 
    90 20. Adjust the server configuration file - to include the CA cert file in pem format - i.e. 
     11317. Edit the contents of client.properties to ensure the file and password  
     114properties are set correctly. 
     11518. Edit the contents of $AXIS2_HOME\conf\axis2.xml adjusting the rampart set  
     116up as appropriate.  NB, the 
     117example file included in this codebase  
     118(axis2/xmlbWsseEchoclient/conf/axis2.xml) should be sufficient for the purposes 
     119here.  The README.txt file in axis2/xmlbWsseEchoclient/conf/ gives a more  
     120detailed explanation of the various configurations of this file. 
     12119. Include a password callback class, if this is set in axis2.xml, in the  
     122source code structure - NB, the basic PWCBHandler.java, included in this  
     123directory, can be used as a starting point. 
     12420. Adjust the server configuration file - to include the CA cert file in pem  
     125format - i.e. 
    91126as created in step 16(iii) in the trusted CA cert file list. 
    92 21. Start up the service associated with the wsdl used in step 6. and run the client as a 
    93 java app - with luck the service should return without a problem. 
     12721. Start up the service associated with the wsdl used in step 6. and run the  
     128client as a java app - with luck the service should return without a problem. 
    94129 
    95130Further notes/examples 
    96131------------------- 
    97 XmlBwsseEchoClient.java is a client that uses xmlbeans bindings - to get this to work, you need to run the 
    98 build in its top level directory - 'ant client.jar' - then include the produced XBeans-packaged.jar file 
    99 in the build path. 
     132XmlBwsseEchoClient.java is a client that uses xmlbeans bindings - to get this  
     133to work, you need to run the build in its top level directory -  
     134'ant client.jar' - then include the produced XBeans-packaged.jar file in the  
     135build path. 
    100136 
    101 EchoClientProgrammatical.java is a client that sets up the wss settings programmatically. 
     137EchoClientProgrammatical.java is a client that sets up the wss settings  
     138programmatically. 
    102139 
    103140EchoClientADB.java is a client that uses the Axis Data Bindings. 
     
    105142Running Tests 
    106143----------------- 
    107 The EchoClientADBTest class contains a number of tests to exercise the EchoClientADB class 
    108 under a variety of circumstances.  To get this running, edit the test.properties file so that 
    109 the configuration dir and the endpoint url are correct.  NB, the endpoints are currently set 
    110 to allow tcpmon to be connected into the system - i.e. input port 7000, service port 7100. 
     144The EchoClientADBTest class contains a number of tests to exercise the  
     145EchoClientADB class under a variety of circumstances.  To get this running,  
     146edit the test.properties file so that the configuration dir and the endpoint  
     147url are correct.  NB, the endpoints are currently set to allow tcpmon to be  
     148connected into the system - i.e. input port 7000, service port 7100. 
Note: See TracChangeset for help on using the changeset viewer.