Tuesday, March 25, 2014

Create Proxy Service for secure web service call using Mule ESB

Mule is open source Enterprise Service Bus. You can create proxy service of a web-service easily with mule. You can transform request and response payload using Mule XSLT transformation.

Following figure is showing diagram of Mule proxy service and XSLT transformation.



Below is configuration XML.
To set password following code snippet is used for password callback 
package lr.mule.security;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordCallback implements CallbackHandler
{
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
    {
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

       
         
            pc.setPassword("password");
       
       
    }
}
Posted by at 1:10 PM 2 comments
Labels:

Thursday, March 6, 2014

How to resolve Java SSL certificate error PKIX path building failed

If you found following error while connecting a secure server

"org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

follow the below step to resolve the issue.

Step 1. Go to your Mozilla Firefox and browse the server URL and follow the highlighted steps.


Step 2. Download the certificate by following highlighted steps and save it to location direction with file extension ".crt", e.g: example.crt.

       


Step 3. Now open command prompt with "run as administrator" and run the following command

keytool -import -trustcacerts -file F:\qatoes002.unix.gsm1900.org.crt -alias CA_ALIAS -keystore "%JAVA_HOME%/jre/lib/security/cacerts"

it might ask password if needed then ask server administrator.

Certificate will be store in JDK home. If you are using eclipse IDE for development, make sure you are using same JDK home.




Using Unix Command:


echo -n | openssl s_client -connect HOST:PORT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SERVERNAME.cert

echo -n | openssl s_client -connect localhost:5116 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SERVERNAME.cert


 /opt/msdp/local/jdk1.8.0_51/bin/keytool -importcert -file /tmp/$SERVERNAME.cert  -keystore keystore1.jks -alias "Alias1"

Reference:
https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

Posted by at 10:06 PM 0 comments
Labels:
Subscribe to: Posts (Atom)