Database Reference
In-Depth Information
folder. The keystore configuration is available in
jps-config.xml
under the
serviceInstance
element with an attribute titled
keystore:
<!-- KeyStore Service Instance -->
<serviceInstance name="keystore" provider="keystore.provider" location=
"./default-keystore.jks"
>
<description>Default JPS Keystore Service</description>
<property name="keystore.type" value=
"JKS"
/>
<property name="keystore.csf.map" value=
"oracle.wsm.security"
/>
<property name="keystore.pass.csf.key" value=
"keystore-csf- key"
/>
<property name="keystore.sig.csf.key" value=
"sign-csf-key"
/>
<property name="keystore.enc.csf.key" value=
"enc-csf-key"
/>
</serviceInstance>
The preceding configuration in property name value pairs indicates that
./default-keystore.jks
is the keystore file of
JKS (Java Keystore)
type,
and it is in the current directory containing the certificate keys responsible for
message level security such as message signing and encryption. However, as
stated earlier, the credentials required to access a keystore as well as the ali-
ases defined within it are stored separately in a credential store. The credential
store is a file-based store materialized as an encrypted
cwallet.sso
file and
configured in
jps-config.xml
as shown:
<!-- JPS Credential Store Service Instance -->
<serviceInstance name="credstore" provider="credstoressp" location="./">
<description>File Based Credential Store Service Instance </description>
</serviceInstance>
The following diagram shows a logical depiction of the relationship between a
keystore and a credential store. For the ease of explanation, the diagram depicts
a single alias storekey that is used for all the keys in the credential store. The
credential store is split into maps containing a set of keys that points to the actual
credential. The aliases created in the keystore must have a corresponding cre-
dential in the credential store. The predefined credential map used in OWSM is
oracle.wsm.security
. For example, if you name an alias as
storekey
in
the keystore, there must be a credential defined as
storekey
in the credential