Monday, May 30, 2016

How to change default keystore password on WSO2 servers



Sometimes, you may require to change default key store password in WSO2 prodcuts due to security reasons.

Here are the steps when changing keystore passwords:

Step 1:
Navigate to wso2 server location:
ex: cd $wso2_server/repository/resources/security

Step 2:
Change keystore password:
keytool -storepasswd -new [new password] -keystore [keystore name]
ex: keytool -storepasswd -new simplenewpassword -keystore wso2carbon.jks

Step 3:
Change Private Key password
keytool -keypasswd -alias wso2carbon -keystore wso2carbon.jks  
 Enter keystore password: <simplenewpassword>  
 Enter key password for <wso2carbon> wso2carbon  
 New key password for <wso2carbon>: <simplenewpassword>  
 Re-enter new key password for <wso2carbon>: <simplenewpassword>

Both keystore and private key password must be the same in some cases like WSO2 BAM. Specially, in Thrift, we need to configure to use one password for both.


Step 4:
Configure wso2 server (example taken here as WSO2 BAM)

  • Change carbon.xml at @wso2_server/repository/conf

<KeyStore>  
      <!-- Keystore file location-->  
      <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>  
      <!-- Keystore type (JKS/PKCS12 etc.)-->  
      <Type>JKS</Type>  
      <!-- Keystore password-->  
      <Password>simplenewpassword</Password>  
      <!-- Private Key alias-->  
      <KeyAlias>wso2carbon</KeyAlias>  
      <!-- Private Key password-->  
      <KeyPassword>simplenewpassword</KeyPassword>  
 </KeyStore>  
 <RegistryKeyStore>  
      <!-- Keystore file location-->  
      <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>  
      <!-- Keystore type (JKS/PKCS12 etc.)-->  
      <Type>JKS</Type>  
      <!-- Keystore password-->  
      <Password>simplenewpassword</Password>  
      <!-- Private Key alias-->  
      <KeyAlias>wso2carbon</KeyAlias>  
      <!-- Private Key password-->  
      <KeyPassword>simplenewpassword</KeyPassword>  
 </RegistryKeyStore>

  • Change identtity.xml at @wso2_server/repository/conf
 <ThirftBasedEntitlementConfig>  
      <EnableThriftService>true</EnableThriftService>  
      <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>          <ClientTimeout>10000</ClientTimeout>  
      <KeyStore>  
           <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>               <Password>simplenewpassword</Password>  
      </KeyStore>  
 </ThirftBasedEntitlementConfig>

Posted by at No comments:

Thursday, May 26, 2016

How to resolve "File Upload Failure" when importing a schema with dependany in WSO2 GREG


Schema is one of the main asset model used in WSO2 GREG and you can find more information on https://docs.wso2.com/display/Governance520/Adding+a+Schema.

There can be situations where you want to import a schema to GREG which imports another schema (It has a dependency)

 1. Lets say you have a schema file.
example: original.xsd
 <?xml version="1.0" encoding="UTF-8"?>  
 <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:listing1">  
   <xsd:complexType name="Phone1">  
     <xsd:sequence>  
       <xsd:element name="areaCode1" type="xsd:int"/>  
       <xsd:element name="exchange1" type="xsd:int"/>  
       <xsd:element name="number1" type="xsd:int"/>  
     </xsd:sequence>  
   </xsd:complexType>  
 </xsd:schema>

 2. Import above schema on publisher as per the instructions given on https://docs.wso2.com/display/Governance520/Adding+a+Schema.

3. Now, you need to import another schema which import/ has reference to previous schema
example: link.xsd
<?xml version="1.0" encoding="UTF-8"?>  
 <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:listing">  
   <xsd:import namespace="urn:listing1"  
         schemaLocation="original.xsd"/>  
   <xsd:complexType name="Phone">  
     <xsd:sequence>  
       <xsd:element name="areaCode" type="xsd:int"/>  
       <xsd:element name="exchange" type="xsd:int"/>  
       <xsd:element name="number" type="xsd:int"/>  
     </xsd:sequence>  
   </xsd:complexType>  
 </xsd:schema>

Issue: You may encounter an error similar to following:
ERROR {org.wso2.carbon.registry.extensions.handlers.utils.SchemaProcessor} - Could not read the XML Schema Definition file. this.schema.needs  
 org.apache.ws.commons.schema.XmlSchemaException: Could not evaluate Schema Definition. This Schema contains Schema Includes that were not resolved  
      at org.apache.ws.commons.schema.SchemaBuilder.handleInclude(SchemaBuilder.java:1676)  
      at org.apache.ws.commons.schema.SchemaBuilder.handleXmlSchemaElement(SchemaBuilder.java:221)  
      at org.apache.ws.commons.schema.SchemaBuilder.build(SchemaBuilder.java:121)  
      at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:512)  
      at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:385)  
      at org.apache.ws.commons.schema.XmlSchemaCollection.read(XmlSchemaCollection.java:425)  
 ....................  
 Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Could not read the XML Schema Definition file. this.schema.needs  
      at org.wso2.carbon.registry.extensions.handlers.utils.SchemaProcessor.putSchemaToRegistry(SchemaProcessor.java:137)  
      at org.wso2.carbon.registry.extensions.handlers.XSDMediaTypeHandler.processSchemaUpload(XSDMediaTypeHandler.java:263)  
      at org.wso2.carbon.registry.extensions.handlers.XSDMediaTypeHandler.put(XSDMediaTypeHandler.java:186)  
      at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.put(HandlerManager.java:2503)  
      at org.wso2.carbon.registry.core.jdbc.handlers.HandlerLifecycleManager.put(HandlerLifecycleManager.java:957)  
      at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.put(EmbeddedRegistry.java:697)  
      at org.wso2.carbon.registry.core.caching.CacheBackedRegistry.put(CacheBackedRegistry.java:550)  
      at org.wso2.carbon.registry.core.session.UserRegistry.putInternal(UserRegistry.java:827)  
      at org.wso2.carbon.registry.core.session.UserRegistry.access$1000(UserRegistry.java:60)  
      at org.wso2.carbon.registry.core.session.UserRegistry$11.run(UserRegistry.java:803)  
      at org.wso2.carbon.registry.core.session.UserRegistry$11.run(UserRegistry.java:800)  
      at java.security.AccessController.doPrivileged(Native Method)  
      at org.wso2.carbon.registry.core.session.UserRegistry.put(UserRegistry.java:800)  
      at org.wso2.carbon.registry.resource.services.utils.AddResourceUtil.addResource(AddResourceUtil.java:88)

Solution 1:
Zip all schemas together and upload

 Solution 2:
Specify the absolute path for dependent schema file:
example:
 <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:listing">  
   <xsd:import namespace="urn:listing1"  
         schemaLocation="http://www.example.com/schema/original.xsd"/>





Posted by at No comments:
Subscribe to: Posts (Atom)