Figure 96. Signature Tool - Main Screen The status bar at the bottom of the application informs the user of current action progress and results. 5.6.3. Sign To sign a UDDI structure, you must set up the Java keystore. Use JDK tool keytool to generate the keystore. Please, see your JDK documentation for more information how to use keytool. The Signer tool has been tested with keystores in JKS and PKCS12 formats. Note To generate the certificate issue the following command keytool -genkey -keyalg RSA -storetype JKS -alias demo_john -keystore test_certificate.jks Example of the dialog: Enter keystore password: changeit What is your first and last name? [Unknown]: John Johnson What is the name of your organizational unit? [Unknown]: UDDI What is the name of your organization? [Unknown]: Myorg What is the name of your City or Locality? [Unknown]: San Diego What is the name of your State or Province? [Unknown]: California What is the two-letter country code for this unit? [Unknown]: CA Is CN=John Johnson, OU=UDDI, O=Myorg, L=San Diego, ST=California, C=CA correct? [no]: yes Enter key password for demo_john Page 278 5.6.3. Sign RETURN if same as keystore password: To sign a UDDI structure, you must set the Java keystore file, alias, and password as follows: 1. Click on the Sign button. This returns the Select identity dialog. 2. In the box labeled Select identity, type the path to the file with your Java keystore. 3. In the box labeled Alias, type the alias located in the identity. 4. In the box labeled Password, type the password used to encrypt the private key. Important If you enter the wrong value for the alias or the password, the tool will not be able to open the identity. 5. If the keystore is in the Sun JKS format, you do not have to click on Choose format button. You can leave default values there. If the keystore is not in the Sun JKS format, you can specify the format by clicking the Choose format button. In the returned dialog window, set the keystore format and its provider. For example, to use the PKCS12 format, set the format to PKCS12 and the provider to SunJSSE. Figure 97. KeyStore Format Dialog 6. When the signing operation succeeds, the selected UDDI structure will have a digital signature and its XML representation will be updated. For security reasons, the signing process takes place on your computer so as not to risk compromise to your private key. 7. Finally the Publish changes and Remove signatures buttons are enabled. 5.6.4. Validation The Validate button is used to perform validity check of UDDI structures that contain XML digital signatures. The result of this operation is displayed in the status bar. 5.6.5. Remove Signatures The Remove signatures button is used to remove all digital signatures from the selected UDDI structure. When this operation is complete, the XML representation of the UDDI structure is updated. If the Publish changes button had been disabled, it is enabled. Page 279 5.6.5. Remove Signatures 5.6.6. Publish Changes If you have signed the selected UDDI structure or removed digital signatures from it, you can select the Publish changes button to publish the changes to the registry. Its invocation uses standard UDDI publishing methods save_tModel, etc. to update this UDDI structure on the registry. The private key is not used during this operation.

5.6.7. Signer Configuration

The Signer tool automatically remembers the actual configuration such as registry endpoints or keystore location and format. The config file is saved in the users home directory with the name signer.conf. You can change the location and filename by using the signer scripts -c option. If you do not want this feature, use -n. The list of valid options can be obtained with -h option. The Signer tool performs signing and verification via an XML digital security provider. The distribution comes with 2 digital signature providers ssj Uses the XML digital security implementation of Systinet Server for Java. oracle Uses the Oracle XML digital security implementation. ssj is the default. If you want to switch to oracle, modify the command that runs the Signer tool in the associated script. • Add system property -Dregistry.xml.dsig.providerName=oracle. • Prepend Oracle XML security libraries to classpath. Page 280

5.6.7. Signer Configuration

Integration Guide Oracle provides specific integration points between Oracle Service Registry and several other Oracle Fusion Middleware components. The following sections provide instructions on this integration. Oracle SOA Suite 11g This section describes how to integrate Oracle Service Registry with Oracle SOA Suite 11g. • Section 1.1, Integrating with Oracle JDeveloper This section describes how to create a connection between JDeveloper and the Oracle Service Registry. • Section 1.2, Configuring Oracle Service Registry at Runtime This section describes how to configure Oracle Service Registry with Oracle SOA Suite 11g at runtime. Integrating with Oracle Enterprise Repository By integrating Oracle Service Registry with Oracle Enterprise Repository, you can query Oracle Service Registry to find a service to register as a gateway enforcement component. Integrating with Oracle Service Bus Oracle Service Bus is the enterprise service bus for use with Oracle WebLogic Server. By integrating Oracle Service Registry with Oracle Service Bus, you can query Oracle Service Registry to find a service to register as a gateway enforcement component for SOA composite applications deployed to Oracle WebLogic Server. Oracle SOA Suite 10.1.3 This section describes how to integrate Oracle Service Registry with Oracle SOA Suite 10.1.3. • Section 4.1, Integrating with Oracle JDeveloper This section describes how to create a connection between JDeveloper and the Oracle Service Registry and how to use JDeveloper to create a client that will use a connection to the Oracle Service Registry. • Section 4.2, Integrating with BPEL Designer By integrating Oracle Service Registry BPEL Designer can search the Registry for services to add as partner links to a BPEL process. • Section 4.3, Integrating with Enterprise Service Bus ESB Designer Oracle Enterprise Service Bus ESB is the enterprise service bus for use with OC4J. By integrating Oracle Service Registry with ESB Designer, you can query an Oracle Application Server instance to discover a service to create as an ESB Service or ESB adapter for SOA composite applications deployed to OC4J. • Section 4.4, Enabling Dynamic Lookup of BPEL Partner Link Endpoints By integrating Oracle Service Registry the BPEL Server can dynamically retrieve BPEL partner link endpoints. • Section 4.5, Enabling Dynamic Lookup of ESB SOAP Endpoints By integrating Oracle Service Registry the ESB Server can retrieve the latest SOAP endpoint for a service. • Section 4.6, Integrating with Oracle Web Services Manager WSM By integrating Oracle Service Registry with Oracle Web Services Manager, you can query Oracle Service Registry to find a service to register as a gateway enforcement component. Page 281