This cookbook entry describes changes to client and server configurations needed to secure communications using OpenSSL calls.

The sample web service used builds off the insurance example. Simple web services are found in Getting Started: Web services in 1 Hour. The basic structure of these examples is to create and deploy a web service in separate server and client images on a single machine and to invoke operations from the client image.

This cook book entry was originally tested on a web service using RPC literal encoding and exchanging complex data types. The operation ratePolicy was used to invoke the service for policy number 29467810.

If you first make an unsecure web service request, you will need to close the Smalltalk client and server images before you make the changes to make a secure one using OpenSSL. The security files used are the ones shipped with VAST Platform. The changes involved to the web service take place in the WSDL and in the transport layer configuration. A custom transport configuration is created and registered to enable secure communications.

These are shipped with version 10.0.2 in the <varoot>/samples/ssl directory. They should be copied to the director(ies) in which the client and server Smalltalk images are started.

vast_ca.pem is the certificate authorization file. The certificates are found in vast_client.pem and vast_ server.pem. Each certificate contains a public key. The private keys are found in vast_client_key.pem and vast_server _key.pem.

The high level concrete definition of the web service implementation is in ‘SstWSInsurancePolicyInterface.wsdl’. The URL of the web service is changed from ‘http:’ to ‘https:’ in order to make it secure.

Modify ‘SstWSInsurancePolicyInterface.wsdl’ and change the location URL from http to https.

This is one change which is necessary for passing secure data between client and server.

Modifications to the transport layer take the form of Smalltalk expressions in the client and server workspaces. The insecure versions are in Appendix A Insurance Policy Example Workspace Code .

The changes to the server concern modifying the default configuration of the server transport configuration and registering that modified configuration. The following sub expression in the above Smalltalk expression answers the currently registered server configuration.

The following code should be placed in the server workspace after the container startup and before the service is deployed.

The security configuration shown is fully configured for authentication and with a private key. For more information on the variations in the use of SSL to secure http connections, see Securing Applications with SSL.

The following sub expression registers the configuration once the security configuration has been specified.

The entire workspace then looks like this

The configuration of the client transport must be modified to coordinate with the server. The transport layer, SstTransport maintains a registry of configurations. The ‘httpsl’ entry is the default for the client web services transport layer.

Inspecting this expression will reveal that the certificate is defaulted to ‘cert.pem’ and the private key to ‘key.pem.

This configuration must be modified to match the way the web service was deployed in the server image. The Smalltalk expression below shows how to modify configurations for the client to exchange data securely with the server. These changes are placed after the container startup and before the service is deployed

The security configuration shown is fully configured for authentication and with a private key. For more information on the variations in the use of SSL to secure http connections, see Securing Applications with SSL.

The entire workspace then looks like this

To deploy the service execute the modified server workspace in the server image.

To invoke the service, first deploy the service in the client image using the modified client workspace, then in the resulting web service inspector, invoke the server with one of the operations (commented out in the workspace.) For instance

will open an inspector on the rate for the policy 29467810. Depending on the web service with which you started, the value will be a string or a float.