This document contains all the use cases related to the Petals-BC-SOAP component.
Use cases are ordered by their complexity, from the most simple to the most complex ones.

Simple Use Cases

Securing a service running into Petals using 2-Way SSL and WS-Security

This use case runs with the Petals BC SOAP 4.0.9+

The goal of this use-case is to show you that it is possible to mixed SSL and WS-Security to secure an internal endpoint as a webservice using several certificats:

• a transport certificate identifying the webservice client,
• a transport certificate to crypt the communication between the serveur and the client,
• a message certificate to sign the message sent by the client and to warranty its integrity,
• a message certificate to crypt the SOAP body content,
• a user name and a password to identify the user of the client,
• a time-stamp to avoid request re-injection.

So, it is needed to have the following key stores:

• a key store 'client': keystore-clt.jks (password: keystoreclt), containing:
  • the private keys of the client,
  • the public keys of the serveur
• a key store 'server': keystore-srv.jks (password: keystoresrv), containing:
  • the private key used to crypt the SOAP body content,
  • the public key of the client used to sign
• a specific key store 'ssl': keystore-srv-ssl.jks (password: keystoresrv), containing:
  • the SSL private key of the server
  • the SSL public key of the client

The private keys of the client (symetrically, public keys of the server) are:

• 'sslclt': the private key identifying the client at SSL level (2-way SSL), password: 'keystoreclt',
• 'wsseclt-sign': the private key to sign the message, password: 'keystoreclt'.

The private keys of the server (symetrically, public keys of the server) are:

• 'sslsrv': the private key to crypt the communication between the server and the client, password: 'pwsslsrv',
• 'wsseclt-crypt': the private key to crypt the message, password: 'keystoresrv'.

Although encrypted message is generated by the client, the private key is located on the server side.

to simplify the use-case, all keys are auto-signed.

the version of the SoapUI used as client needs to have keys with the same password than their keystore.

Complex Use Cases

These use cases involve several Petals components including the Petals-BC-SOAP component.