keytool -genkey -validity 731 -keystore keystore-clt.jks -storepass keystoreclt -storetype JKS -keyalg RSA -alias sslclt -keypass keystoreclt -dname "CN=SSL Client, OU=PetalsLink, O=EBM, L=Nice, ST=AM, C=FR"
keytool -selfcert -validity 731 -keystore keystore-clt.jks -storetype JKS -storepass keystoreclt -alias sslclt -keypass keystoreclt
{code}
* Creation and auto-sign of the private key 'wsseclt-sign':
{code}
keytool -genkey -validity 731 -keystore keystore-clt.jks -storepass keystoreclt -storetype JKS -keyalg RSA -alias wsseclt-sign -keypass keystoreclt -dname "CN=WSSE Signature, OU=PetalsLink, O=EBM, L=Nice, ST=AM, C=FR"
keytool -selfcert -validity 731 -keystore keystore-clt.jks -storetype JKS -storepass keystoreclt -alias wsseclt-sign -keypass keystoreclt
{code}
* Creation and auto-sign of the private key 'wsseclt-crypt':
{code}
keytool -genkey -validity 731 -keystore keystore-srv.jks -storepass keystoresrv -storetype JKS -keyalg RSA -alias wsseclt-crypt -keypass keystoresrv -dname "CN=WSSE Encryption-In, OU=EBM, O=Capgemini, L=Nice, ST=AM, C=FR"
keytool -selfcert -validity 721 -keystore keystore-srv.jks -storetype JKS -storepass keystoresrv -alias wsseclt-crypt -keypass keystoresrv
{code}
* Creation and auto-sign of the private key 'sslsrv':
{code}
keytool -genkey -validity 731 -keystore keystore-srv-ssl.jks -storepass keystoresrv -storetype JKS -keyalg RSA -alias sslsrv -keypass pwsslsrv -dname "CN=SSL Server, OU=PetalsLink, O=EBM, L=Nice, ST=AM, C=FR"
keytool -selfcert -validity 721 -keystore keystore-srv-ssl.jks -storetype JKS -storepass keystoresrv -alias sslsrv -keypass pwsslsrv
{code}
h4. Generation and export/import of public keys
* Export/Import of public key 'sslclt':
{code}
keytool -export -keystore keystore-clt.jks -storetype JKS -storepass keystoreclt -alias sslclt -file sslclt.crt
keytool -import -keystore keystore-srv-ssl.jks -storetype JKS -storepass keystoresrv -alias sslclt -file sslclt.crt
{code}
* Export/Import of public key 'wsseclt-sign':
{code}
keytool -export -keystore keystore-clt.jks -storetype JKS -storepass keystoreclt -alias wsseclt-sign -file wsseclt-sign.crt
keytool -import -keystore keystore-srv.jks -storetype JKS -storepass keystoresrv -alias wsseclt-sign -file wsseclt-sign.crt
{code}
* Export/Import of public key 'wsseclt-crypt':
{code}
keytool -export -keystore keystore-srv.jks -storetype JKS -storepass keystoresrv -alias wsseclt-crypt -file wsseclt-crypt.crt
keytool -import -keystore keystore-clt.jks -storetype JKS -storepass keystoreclt -alias wsseclt-crypt -file wsseclt-crypt.crt
{code}
* Export/Import of public key 'sslsrv':
{code}
keytool -export -keystore keystore-srv-ssl.jks -storetype JKS -storepass keystoresrv -alias sslsrv -file sslsrv.crt
keytool -import -keystore keystore-clt.jks -storetype JKS -storepass keystoreclt -alias sslsrv -file sslsrv.crt
{code}
h3. Creation of the service unit
Using the Petals Studio, create a service unit to deploy on the BC SOAP and consume your service.
Next update its JBI descriptor to add the right configuration of the WS-Security:
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://InformationDeProduction.cirtil.cer69.recouv/InformationDeProduction.wsdl"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<jbi:services binding-component="true">
<jbi:consumes
interface-name="generatedNs:InformationDeProductionPortType"
service-name="generatedNs:InformationDeProductionService"
endpoint-name="InformationDeProductionPort">
<!-- CDK specific elements -->
<petalsCDK:timeout>30000</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />
<!-- Component specific elements -->
<soap:service-name>InformationDeProductionServiceSSLandWSSE</soap:service-name>
<soap:mode>SOAP</soap:mode>
<soap:enable-http-transport>false</soap:enable-http-transport>
<soap:enable-https-transport>true</soap:enable-https-transport>
<soap:enable-jms-transport>false</soap:enable-jms-transport>
<soap:modules>rampart</soap:modules>
<soap:service-parameters>
<![CDATA[
<parameter name="InflowSecurity">
<action>
<items>Signature Encrypt Timestamp UsernameToken</items>
<user>wsseclt-id</user>
<passwordCallbackClass>org.ow2.petals.test.PWCBHandler</passwordCallbackClass>
<userCertAlias>wsseclt-sign</userCertAlias>
<signaturePropFile>service.properties</signaturePropFile>
<decryptionPropFile>service.properties</decryptionPropFile>
</action>
</parameter>
]]>
</soap:service-parameters>
</jbi:consumes>
</jbi:services>
</jbi:jbi>