Hello World Demo Using HTTPS Communications
===========================================

This demo takes the hello world demo a step further by securing the 
communication using HTTPS.

Please review the README in the samples directory before continuing.



Prerequisite
------------

$SUBSTITUTE_PREREQ$



Building and running the demo using ant
---------------------------------------

From the samples/hello_world_https directory, build the demo on either UNIX or 
Windows using the following command:

  ant build


To remove the code generated from the WSDL file and the .class files, run:

  ant clean


The demo illustrates how authentication can be achieved through
configuration using two different scenarios. The non-defaulted security
policy values are specified via configuration files.

Scenario 1:

A HTTPS listener requires the client to provide suitable authentication details.
The listener configuration is taken from the "CherryServer.cxf" file
located in this directory. The client's security data is taken from 
the "InsecureClient.cxf" file, using the bean name:
"{http://apache.org/hello_world_soap_http}SoapPort.http-conduit". 
The client does NOT provide the appropriate credentials and so the
invocation on the server fails.

To run:

  ant server
  ant insecure.client

Scenario 2:

The same HTTPS listener is used. The client's security data is taken from the 
"WibbleClient.cxf" configuration file in this directory, using the bean name:
"{http://apache.org/hello_world_soap_http}SoapPort.http-conduit". 

The client is configured to provide its certificate "CN=Wibble" and chain stored 
in the Java KeyStore "certs/wibble.jks" to the server. The server authenticates 
the client's certificate using its trust store "certs/truststore.jks", which 
holds the Certificate Authorities' certificates.

Likewise the client authenticates the server's certificate "CN=Cherry" against 
the same trust store. Note the usage of the cipherSuitesFilter configuration in 
the configuration files, where each party imposes different ciphersuite 
constraints, so that the ciphersuite eventually negotiated during the TLS 
handshake is acceptable to both sides. You can view this by adding a 
-Djavax.net.debug=all argument to the JVM.

Note: It is not advisable to store sensitive data such as passwords in a clear 
      text configuration file, unless the file is sufficiently protected by 
      operating system permissions. The approach taken here is for demonstration 
      purposes only.


To run:

  ant server
  ant secure.client

Regenerating Certificates
-------------------------

If the certificates needed for this sample expire, you can regenerate them by 
running the following: 

        cd certs
        sh ../bin/gencerts.sh
