Installing CT-V as SOAP Web Services
This section contains the following topics, which describes how to install CT-V as SOAP Web Service.
Prerequisites
The installation program is used to install the CT-V API and Web Service (WS) for Java developers.
Note
Throughout this document, UNIX-style slashes ( / ) are used to delineate directory names. If you are using a Windows system, you’ll see backslashes ( \ ) on your system instead.
Before installing the CT-V, ensure the following conditions are met:
The JVM version must be 8 (minimum 1.8.0_111), 10, 11, or 17. The JAVA_HOME variable is no longer required; however, it is used in CT-V documentation to represent the location of your JVM. When using JRE, the jar and properties files will be placed in JAVA_HOME/lib/ext. When using JDK, the jar and properties files will be placed in JAVA_HOME/jre/lib/ext or in the user-specified location. Be sure that the location is part of your CLASSPATH.
Thales supports the CT-V SOAP Web Service (WS) with Tomcat (versions 6 through 9) and Axis2 version 1.7.8. Copy the axis2.war file to CATALINA_HOME/webapps. Refer to the appropriate and Axis2 documentation for detailed information. For Axis2 it is required to create a Stub. To create a Stub, see Creating Stub for Axis2 Client.
If installing the SOAP Web Service, the CATALINA_HOME variable must be set to the location of your Tomcat installation. The jar and properties files will be placed in CATALINA_HOME/webapps/axis2/WEB-INF/ services/SafeNetTokenizer/lib.
If you are developing using Java and the Web Service, the following product installation instructions assume that you are using Tomcat and Axis2. If you use some other solution for creating WS clients, the installation and sample information in this chapter will not apply. The Web Service samples must be run on the same machine on which the CT-V, Tomcat, and Axis2 are installed.
Download the encryption policy files for unlimited strength ciphers (US_export_policy.jar and local_policy.jar) and install them in JAVA_HOME/lib/security. You need these to use AES-256 keys.
For Sun/Oracle Java, download corresponding version of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from https://www.oracle.com/technetwork/java/javase/downloads/index.html.
Note
For Java 10, 11, and 17, the encryption policy files are not required to be installed separately.
Remove any earlier versions of the CADP JCE Provider (IngrianNAE-x.x.x.jar) from JAVA_HOME/lib/ext or JAVA_HOME/jre/lib/ext. Having an older version of the IngrianNAE jar file will abort the installation process immediately with an error.
Note
You cannot simply rename the old jar file; It must be deleted or moved to a directory not in JAVA_HOME. Otherwise, the JVM will still find it, even if its file name doesn't end in jar.
Backup any existing
IngrianNAE.properties
files. The installer will copy your previous settings to the new properties file, but any embedded comments will be lost. Keeping a copy of your old properties file will help you if troubleshooting is necessary.Have access to a database user account with the following permissions:
CREATE TABLE
SELECT on the token vault table
INSERT on the token vault table
DELETE on the token vault table
UPDATE on the token vault table
If there are multiple instances or versions of Java on your machine, be sure that the following are true before testing the CT-V:
The CLASSPATH variable lists the JDK/JRE instance that holds the CT-V files. If the CLASSPATH variable includes multiple JDKs or JREs, the instance used by the CT-V must be listed before the others.
If the CADP JCE is not installed in JAVA_HOME/lib/ext, the CLASSPATH variable includes the IngrianNAE- 8.12.2.000.jar file included in this software.
No other java bin directories occur before the system32 directory in the PATH variable.
The first instance of java.exe file included in the PATH variable is the same as the java.exe included in JAVA_HOME/bin.
Create NAE user on Key Manager.
Create versioned AES-256 key and non-versioned HmacSHA256 key on Key Manager.
Create Token vault using either KeySecure Classic UI or API.
See topics in Tasks section for details.
For Java 11 and higher versions, download the following JAR files from a trusted source and add their paths in Tomcat's CLASSPATH:
jaxb-api-2.3.1.jar
jaxb-impl-2.3.1.jar
jaxb-core-2.3.0.1.jar
javax.activation-1.2.0.jar
Extracting the Package
Navigate to the directory where you have downloaded CT-V.
Unzip the software file using any standard archive utility.
The software adheres to the following naming convention:
Part Number - Product Name - Product Version Number - File Format
For example,
610-000671-002_CipherTrustVaultedTokenization-8.12.4.000-xxx.zip
When the CT-V package is extracted, a directory structure is created. Refer to CipherTrust Vaulted Tokenization Package Details for details.
Installation
To install CT-V as SOAP Web Service:
Navigate to the /SafeNetTokenization/Tokenization/lib/ext directory and run the installation program as an administrator as shown below:
java -jar TokenizationInstaller-8.12.4.000.jar
Accept the software license agreement.
The installation program verifies the java environment by checking:
the JAVA_HOME variable is correctly configured
the JVM version is 8 (minimum 1.8.0_111), 10, 11, or 17
the encryption policies needed to use AES-256 encryption keys are in place.
Enter yes against the prompt
Set up the CipherTrust Vaulted Tokenization to operate with an Apache Tomcat Server and Axis2 SOAP Web Service
.Note
Be sure to run the installation program on the web server itself. Once installed there, any device that can access your Axis2 installation can use the CT-V web service.
The installer places the JCE provider jar files to
JAVA_HOME/lib/ext
(for JRE 8) orJAVA_HOME/jre/lib/ext
(for JDK 8) or the user-specified location.Configure the following parameters in the
IngrianNAE.properties
file:Log_File - The location of the log file that the client will create.
NAE_IP.1 - The IP address of the NAE server on the Key Manager.
If using IPV6 address, specify it in curly braces, for example, {2002:0dc8:85k3:0000:0000:9a2e:0370:5221}.
Note
A combination of IPv4 and IPv6 addresses can be specified, provided, they are separated by colons(:) and each IPv6 address must be enclosed within {}. IPv6 is supported only for CipherTrust Manager.
NAE_Port - The port number of the NAE server on the Key Manager.
The installer places the CT-V files to CATALINA_HOME and enables you to set the following, required, values in the
SafeNetToken.properties
file:HostName - The hostname or IP address of the database server.
PortNumber - The port number of the database server. If your database installation uses the default ports, this value will be 1433 for SQLServer, 1521 for Oracle, 3306 for MySQL, and 9088 for Informix.
DatabaseType - The type of database. Either SQLServer, Oracle, MySQL, and Informix. Use one of these values exactly.
Note
To enable SQLServer over SSL, you have the option to manually modify the properties file after completing the standard installation process. To use this option, set DatabaseType to SQLServerSSL.
InformixServerName - Provide the Informix server name. This option is displayed only when Informix is specified in the DatabaseType.
DatabaseLibraryPath - Displays the complete path to a database specific .jar file that implements token vault operations. The jar file is TVMMySQL.jar, TVMOracle.jar, TVMSQLServer.jar or TVMInformix.jar as per the selected database type.
Note
You may modify the location of the jar file using the DatabaseLibraryPath parameter in the SafeNetToken.properties file. The new location for the jar file must be specified in the CLASSPATH.
Run the CT-V Upgrade. Enter yes to run the upgrade process. This feature will upgrade token vault tables created using older versions.
Enter the database user name and password as prompted to run the upgrade process.
Enter yes to run the token vault conversion process.
The screen displays the list of available tables including the ones already converted (converted table means the token vaults structure are up to date).
Enter yes to upgrade another schema, else no.
Restart the Tomcat web server. (You must restart the web server whenever you change the configuration files.)
Update the Tomcat Hostname and Port, as required.
Installation completion message appears on the prompt.
Navigate to http://<YourHost>:8080/axis2/services/listServices. Click the SafeNetTokenizer option to view the WSDL.
Note
When using Java 10, 11, and 17, add the installation directory of JCE Provider to the Tomcat Apache's CLASSPATH. For example, on a Windows machine, navigate to Tomcat>Java>Java Classpath and add the installation directory.
CT-V provides the feature to install the application in silent mode, see Silent Installation.