Security

Message Level Security

• Signing
• Encryption

WS Security - An-introduction-to-Web-Service-Security-using-WSE - Web Service Security

• Defines SOAP extension to implement client Authentication, message Integrity and Confidentiality on message level
  • Client Authentication - clarify about ID/credentials of the caller |UsernameToken|BinarySecurityToken (X.509)
  • Message Integrity - ensures the data has not been tampered/modified during transit | XML Signature
  • Message Confidentiality - ensures the data has not been read during transit | XML Encryption

SSL Security

• ssl-certificates
• client-certificates-v-s-server-certificates

Certificate Database

• KeyStore -javax.net.ssl.keyStore
  • store private key and server's own identity certificate
  • used by SSL servers to authenticate themselves to SSL clients
• trustStore -javax.net.ssl.trustStore
  • Used by SSL client to determines whether the remote connection should be trusted or not
  • store public key/certificates from trusted CA to identify trusted third parties
  • similar to web browser acting as SSL client with trusted CA certificate-InternetOptions>Content>Certificates
  • default trustStore on JRE - JAVA_HOME/JRE/Security/cacerts
  • default password - changeit

Tool for Key Store Management

• KeyTool
• Portecle
• KeyTool IUI
• Connection and Configuration Verification Tool

Encryption

• http://www.w3.org/Encryption/2001/
• http://www.w3.org/TR/xmlenc-core/
• http://www.ibm.com/developerworks/xml/library/x-encrypt/
• https://www.ibm.com/developerworks/xml/library/x-seclay1/
• https://www.ibm.com/developerworks/xml/library/x-seclay2/
• http://scn.sap.com/people/martin.raepple/content

Signing-the-request-message-using-certificates-and-encoding-the-message-using-base64--bouncy-castle-api-format

Using OpenSSL to Test Connectivity

• openssl s_client -connect bing.com:443
• openssl s_client -state -nbio -connect bing.com:443

SSL — May 21, 2018 4:34:13 AM