WEB SERVICES

1. SSL CERTIFICATES
SSL certificates are what enable websites to move from HTTP to HTTPS, which is more
secure. An SSL certificate is a data file hosted in a website's origin server. SSL certificates
make SSL/TLS encryption possible, and they contain the website's public key and the
website's identity, along with related information. Devices attempting to communicate with
the origin server will reference this file to obtain the public key and verify the server's
identity. The private key is kept secret and secure.

What information does an SSL certificate contain?

• The domain name that the certificate was issued for
• Which person, organization, or device it was issued to
• Which certificate authority issued it
• The certificate authority's digital signature
• Associated subdomains
• Issue date of the certificate
• Expiration date of the certificate
• The public key (the private key is kept secret)

What is a self-signed SSL certificate?

Technically, anyone can create their own SSL certificate by generating a public-private key
pairing and including all the information mentioned above. Such certificates are called self-
signed certificates because the digital signature used, instead of being from a CA, would
be the website's own private key.

But with self-signed certificates, there's no outside authority to verify that the origin server
is who it claims to be. Browsers don't consider self-signed certificates trustworthy and may
still mark sites with one as "not secure," despite the https:// URL. They may also terminate
the connection altogether, blocking the website from loading.

Sample SSL:

-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIUSgTUejfe1KBnm9J/+C9A7HUMMIAwDQYJKoZIhvcNAQEL
BQAwgZMxCzAJBgNVBAYTAklOMQ8wDQYDVQQIDAZLZXJhbGExEDAOBgNVBAcMB1
Bv
bm5hbmkxETAPBgNVBAoMCFRlY2hsZXRzMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEV
MBMGA1UEAwwMdGVjaGxldHMuY29tMSEwHwYJKoZIhvcNAQkBFhJ0ZWNobGV0c0Bn
bWFpbC5jb20wHhcNMjAxMDIzMTUxMTUyWhcNMjExMDIzMTUxMTUyWjCBkzELMAkG
A1UEBhMCSU4xDzANBgNVBAgMBktlcmFsYTEQMA4GA1UEBwwHUG9ubmFuaTERMA8
G
A1UECgwIVGVjaGxldHMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRUwEwYDVQQDDAx0
ZWNobGV0cy5jb20xITAfBgkqhkiG9w0BCQEWEnRlY2hsZXRzQGdtYWlsLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkYgjkpnGwUk91WX049hS0F
WKkb0UOAoQ42tqneJvxJZ8teAQoy27QzUS7x+FO53tduSbcsQz27XqA36unWrdPH
ZGjcDyujONj6z6MLt7LF1HmJVNhx8pKBWimZY9WeBBsgLL25qX7ziK+isT8hDm/T
Wwve1Tx5iVK7C01xDArsMFsA1rXMedrt8rQ6EYGkWkg+4yf6d6j23lO2S0aphtCR
EyVxgyOOg9N8E85q4OANxW01nXwZrZqaqG6kQQUdn3FIs26lE/ScjtGq7M8ySvoy
9d2YZ/lUgFZyoKyIQkrf472sxuVLgyXkkbCL5fZg+nSup2+H6oOlw6YVLYCrABMC
AwEAAaNTMFEwHQYDVR0OBBYEFB48RzGguL4rdlWu0w0X769sZ0EOMB8GA1UdIwQY
MBaAFB48RzGguL4rdlWu0w0X769sZ0EOMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAJVF9OW2erX1xzU6f7PCZ2uUMTG358sXBU6HabcVVcbzrIEz
YnGZrLoaoNjjAVpYouptzfGMSdI1vqiWrWMmr5wbNVkzJiOUNxAZbONC7bRWufMw
wA/ksWv/MWnOKSx6rg00mVPHuH4f/tnKSZXGsIQVLNH58kizKxei4cOAJN4Bp7yF
RL/9ceG0yFQXP2GhymnniivDD1skVY+g+cOLuqUg5Ro1Ug/jzMSegyf2wOZwr8WT
kM3e900JlxPu8ZOYfTMoAKFzJTEgpbSi3U0I0nBuloGMcP18TCow60Nn7yFPZ3pL
rX+16BAc5PitxbOvbGPoDMXxpQMP3G2LwPm90Wc=
-----END CERTIFICATE-----

We can decode the certificate using the below online tool

https://www.sslshopper.com/certificate-decoder.html

Java Keytool
Java Keytool is a key and certificate management utility. It allows users to manage their
own public/private key pairs and certificates. It also allows users to cache certificates. Java
Keytool stores the keys and certificates in what is called a keystore. By default the Java
keystore is implemented as a file. It protects private keys with a password. A Keytool
keystore contains the private key and any certificates necessary to complete a chain of
trust and establish the trustworthiness of the primary certificate.

Each certificate in a Java keystore is associated with a unique alias. When creating a Java
keystore you will first create the .jks file that will initially only contain the private key. You
will then generate a CSR and have a certificate generated from it. Then you will import the
certificate to the keystore including any root certificates. Java Keytool also several other
functions that allow you to view the details of a certificate or list the certificates contained
in a keystore or export a certificate.

FREE SSL

There are many free SSL certificate provides. You can purchase these SSL certificates free of cost
and install it for your domain. Free SSLs are more secure than the self signed SSL but they are less
secure than the paid ones.

1. www.thawte.com
2. AutoSSL by cPAnel.

These are some Free SSL providers.

To do:
Create a self signed certificate and configure your apache server for the localhost IP.

Then show the following outputs.

1. Decoding of the certificate with the help of any online tool.

2. Show the certificate from the web browser like this.
Both the values should match.

3. Create a Self-Signed certificate with java keytool and export it and then decode it.

For Reference:

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-
apache-in-ubuntu-16-04

https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG181

2. Soap Webservices in java

Web Services work on client-server model where they communicate over the network.
Server side component provides the endpoint URL where service is located and client
application can invoke different methods.

There are two types of web services:

1. SOAP Web Services

2. Restful Web Services
SOAP
SOAP stands for Simple Object Access Protocol. SOAP is an XML based industry
standard protocol for designing and developing web services. Since it’s XML based, it’s
platform and language independent. So our server can be based on JAVA and client can
be on .NET, PHP etc. and vice versa.

Restful Web Services

is a lightweight, maintainable, and scalable service that is built on the REST architecture.
Restful Web Service, expose API from your application in a secure, uniform, stateless
manner to the calling client. The calling client can perform predefined operations using the
Restful service. The underlying protocol for REST is HTTP. REST stands for
REpresentational State Transfer.

TO DO:
1. Create a webservice application of your choice in java using eclipse idee.
Use Apache axis 2.
After development create a video demo of the webservice with proper explanation about
the flow and method invocations.
Expecting a minimum of 4 useful methods in the application.

For Reference:

https://www.journaldev.com/9131/soap-webservices-in-java-example-eclipse

2. Testing Tools

Purify testing tool

Memory access errors and memory leaks are some of the most difficult problems
for programmers to solve. The bugs often only exhibit symptoms intermittently, making
it very difficult to recreate and debug.

Rational Purify is a run-time memory related error detection tool. It can discover
almost all kinds of memory related errors and helps programmers to get to the root of the
runtime problems

How Purify finds memory-access errors

Before execution, Purify copies the program and each library the program calls, and
instruments the copies using Object Code Insertion (OCI) technology. The
instrumentation process inserts instructions before each memory operation, including
read, write, memory allocation and deallocation. The instrumented copies of each module
are stored in the Purify cache directory. When rerunning a program, Purify saves time
and resources by using the cached modules, re-instrumenting only the ones that have
changed since the previous run. After the preparation, Purify starts the instrumented
program and begins validating all the memory access.
During the execution, Purify maintains a table to track the status of each memory
byte used by the program. For each byte, two bits are used to record whether it has been
allocated and whether it has been initialized. The combination of the 2 bits identifies 4
states of memory, called red, yellow, green and blue in Purify.

Purify checks each memory operation against the color state of the memory block to
determine whether the operation is valid. If not, an error will be reported.
Purify for simple C/C++ programs
There are 5 categories of memory access errors in simple C/C++ programs.

1. Array Bounds Checking Errors

• Dynamic Array Bounds Checking

• Statistic Array Bounds Checking
2. Memory Usage Errors
• Uninitialized Memory Use
• Free Memory Use
• Free Mismatch Errors
3. Pointer Errors
• Null Pointer Use
• Invalid Pointer Read/Write
4. Other Stack Related Errors
• Stack Overflow
• Stack Out of Bounds Read and Write Errors
5. Memory Allocation Failure and Memory Leak
• Memory Allocation Failure
• Memory Leak
Loadrunner

Loadrunner from Micro Focus is the most widely used Load Testing tool. Performance Test
Results produced by Loadrunner are used as a benchmark against other tools.

LoadRunner works on a principal of simulating Virtual Users on the subject application.

These Virtual Users also termed as VUsers, replicate client's requests and expect a
corresponding response to passing a transaction.

For Reference:

https://www.guru99.com/guide-to-download-and-install-hp-loadrunner-12-0.html

Winrunner

WinRunner is an automated functional GUI testing tool that allows a user to record and
play back UI interactions as test scripts.

WinRunner is an automated functional GUI testing tool that allows a user to record and
play back UI interactions as test scripts.

Recording modes of Winrunner

1) Context Sensitive Recording: Context Sensitive mode records user actions on the
application under test test in terms of selected GUI objects like windows, lists, and buttons
etc. while ignoring the actual location of the object on the screen. Every time any action is
done on the application under test, a TSL statement gets generated in the test script. This
TSL statement describes the details of the object selected and the action performed.

2) Analog Recording: Analog mode records mouse clicks, keyboard inputs, and the precise
two dimensional (X, Y) coordinates traversed by the mouse. When the test is run,
WinRunner retraces all the mouse tracks. When exact mouse coordinates are important to
the test, analog mode is used, e.g. testing a drawing application.

with respect to the image captured in an earlier version.

How to Run the Tests:

The WinRunner during execution of the test does line by line interpretation. As the test
runs, WinRunner operates the application as if someone is actually present at the controls.
WinRunner provides three types of the run modes.
1) Verify mode: Is meant for checking the application
2) Debug mode: Is meant for debugging of the test
3) Update mode: Is meant for updating the desired results.

To do:

1. Show the memory allocation and leakages (if any) in any of the program you have
written in the past using Purify tool.
2. Show the current load and the details using Loadrunner.
3. Use Winrunner and show the testing of a website you have made in the earlier
assignments.