Wednesday Feb 05, 2014

Fast Data in Action

       A demonstration of how Fusion Middleware can be used to build an architecture based on Oracle Event Processor, Coherence and Oracle Database for customers that have a requirement for a mixture of real-time processing, near-time analysis and long running batch analysis of the same or a similar data set. This use-case is certainly common in Financial Services where customers need to process market and financial data in real-time as well as analyse long-term trends in large data sets. This architecture will also be applicable to any industry where the customer has requirements for analysing data at different frequencies and volumes.

For example:
       • Financial Services -- Real-time Market and Financial data
       • Commercial Banking -- Customer Experience
       • Retail -- Real-time point of sale analysis
       • Telecommunications -- Real-time billing analysis
       • Oil and Gas -- Drilling (upstream) analysis
       • Energy -- Smart metering
       • Logistics -- Vehicle location analysis

In January 2014 we recorded a webcast for Fast Data. Please see it here.

Friday Oct 11, 2013



Friday Apr 26, 2013

SOAP UI, WebService, Keystore, Certificate

Most of the time, we are dealing with secured web services that use certificates. I created just a simple step by step scenario to help you when you have to invoke an web service that has a certificate attached.


Suppose we have files: SvapTestRootCA.crt and 2020MOBILETEST.pfx for authenticating a WebService.

Steps for configure SoapUI security (Windows Machine):

1. 1. Install SvapTestRootCA.crt

2. 2. In SoapUI, create a project named Vodafone. Open project and open tab Security Configurations. On Keystore/Certificates in the Source Add file2020MOBILETEST.pfx, with specified password that you have for this file = 2020MOBILETEST. Add also a default alias and a default password that matches your password from 2020MOBILETEST.pfx = 2020MOBILETEST.

In Output WS-Security Configurations add a new row with Name = 2020MOBILE and password = 2020MOBILETEST. Also, here add Signature , choose keystore 2020MOBILETEST.pfx, choose alias, enter password 2020MOBILETEST.

In SoapUI, configure Incoming WS-Security Configurations. Add row with Name=2020Mobile, decrypt Keystore=2020MOBILETEST.pfx, Signature Keystore=2020MOBILETEST.pfx, Password=2020MOBILETEST

3. 3. Add WSDL into SoapUI.

4. 4. Open the request, and at Authenticate set Outgoing WSS = 2020MOBILE and Incoming WSS = 2020Mobile. In the request, payload, click right and Outgoing WSS -> Apply 2020MOBILE.

5. 5. Execute the request.

Steps for configure WEBLOGIC Server:

1. Exporting the Different Certificates from PFX to PEM

Run the openssl binary from the <OpenSSL>/bin folder. It will start the OpenSSL command prompt. Execute the following command:

pkcs12 -in 2020MOBILETEST.pfx –out 2020MOBILETESTPEM.pem -nodes

This will convert the data in the 2020MOBILETEST.pfx file to the PEM format, placing the result in the 2020MOBILETESTPEM.pem file. The resulting file will have all the certificates in the following order:

  • Private key
  • Identity certificate
  • Root certificate
  • Intermediate certificate

Note that all the certificates (Private Key, Identity certificate, Root certificate, Intermediate certificate) are wrapped within some headers, and these headers are part of the certificates.

2. Creating the Trust Java Key Store

Now you need to extract the root certificate from the resulting PEM file and use it to create the Trust JKS:

  1. Open the 2020MOBILETESTPEM.pem file in a text editor, copy the root certificate and paste it to a new file, say SvapTestRootCA.pem. You can easily find the root certificate since its issuer and subject headers must be same.
  2. Use the Java key tool utility and import the above SvapTestRootCA.pem file to a JKS file:

keytool -import -trustcacerts -file SvapTestRootCA.pem -alias SvapTestRootCA

-keystore SvapTestRootCA.jks -storepass 2020MOBILETEST

The resulting JKS can be used as a Trust Key Store in WebLogic Server.

3. Creating the Identity Java Key Store

  1. From the 2020MOBILETESTPEM.pem file, copy the private key and paste it in different file, say 2020MOBILETEST.pem. It is very easy to identify the private key as it is wrapped with in the following two headers:



d. -----END RSA PRIVATE KEY-----

  1. From the 2020MOBILETESTPEM.pem file, copy the following certificates and paste them in new text file, say SvapTestRootRCACRT.pem:
    • Identity certificate
    • Intermediate certificate
    • Root certificate

Note that the certificates must be in the order listed above. The identity certificate can be located easily in 2020MOBILETESTPEM.pem since there must be header that shows the identity--information such as the name of a person or an organization, their address, and so forth. The intermediate certificate will be the last certificate in the 2020MOBILETESTPEM.pem file.

  1. Now set the WebLogic environment and run following command:

g. java utils.ImportPrivateKey -keystore SvapVodafone.jks -storepass

2020MOBILETEST -storetype JKS -keypass 2020MOBILETEST -alias

SvapVodafone.jks -certfile SvapTestRootRCACRT.pem -keyfile 2020MOBILETEST.pem

-keyfilepass 2020MOBILETEST

This will create a JKS file that can be used in WebLogic Server. Note that you can import many private keys into a key store using the utils.ImportPrivateKey command as mentioned above.

4. Adding keystore and SSL weblogic

Weblogic console -> Admin server -> Keystores -> Change on Custom Identity and Custom Trust

Enter values for :

Custome Identity Keystore: <path>/SvapVodafone.jks

Custome Indetity keystore Type: JKS

Custom Identity Keystore Passphrase:2020MOBILETEST

Confirm Custom Identity Keystore Passphrase:

Custom Trust Keystore:<path>/SvapTestRootRCA.keystore

Custom Trust Keystore Type:JKS

Custom Trust Keystore Passphrase:2020MOBILETEST

Confirm Custom Trust Keystore Passphrase:2020MOBILETEST

Then enter SSL:

PrivateKey Alias: SvapVodafone

And password : 2020MOBILETEST

5. Restart admin server

6. Configure credential mappings

Weblogic Console -> Security Realms-> myrealm -> Credential Mapings >Providers

New Provider of type PKI Credential Mapping Provider and enter name SvapVdfProvider for it.

In Provider Specific enter values:

Keystore Type = JKS

Keystore File Name = <path>/SvapVodafone.jks

And password : 2020MOBILETEST

Save configuration.

7. Restart admin server

Configure OSB webservice console:

Create service key provider in your project and choose svapvodafone.jks as SSL Client Authentication Key: