Buscar este blog

jueves, 28 de mayo de 2015

SVN - SSL handshake failed: SSL error: certificate verify failed

Recently I was configuring a SVN server in a CentOS machine. The access to the repositories was made with Apache (httpd) and mod_DAV over SSL.
Apache SSL config was almost default (yum install mod_ssl), just changing certificate public and private keys, and CAS files.
If you logg in with a browser it worked fine, but with TortoiseSVN you got this error:
svn: E175002: Unable to connect to a repository at URL 'https://myServer/svn-exp/dart/conf'
svn: E175002: OPTIONS of 'https://myServer/svn-exp/dart/conf': SSL handshake failed: SSL error: certificate verify failed (https://myServer)

Thins I checked:
  • Certificate Common Name (CN)  matches URL domain
  • URL domain matches the ServerName of virtual host
  • The ServerName of virtual host matches de machine´s host name (hostname -f)
  • Server public certificate is a trusted certificate in the svn client´s machine
  • In  a desperate movement, I even added the certificate to cacerts of JRE
Result: failed


Finally, a partner (by this time I was in a deep hole of  resignation) found a workarround:
  • Go to %APPDATA%\Subversion
  • Edit servers file.
  • Manually, set the value of ssl-authority-files key in order it points de server certificate CA
[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
# http-proxy-host = defaultproxy.whatever.com
# http-proxy-port = 7000
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.

ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem

#
# Password / passphrase caching parameters:
# store-passwords = no
# store-plaintext-passwords = no
# store-ssl-client-cert-pp = no
# store-ssl-client-cert-pp-plaintext = no

Publicado por en 1 comentario:
Etiquetas: , ,

miércoles, 27 de mayo de 2015

jenkins - Apache: jenkins/j_acegi_security_check error

When using Jenkins behind a reverse proxy, you can get this error during login.
Solved using this proxy config:

ProxyRequests     Off
ProxyPreserveHost On

<Location /jenkins>
 SSLRequireSSL

 ProxyPass http://myHost:8080/jenkins
 ProxyPassReverse http://myHost:8080/jenkins

 RequestHeader set X-Forwarded-Proto "https"
 RequestHeader set X-Forwarded-Port "443"
</Location>
Header edit Location ^http://myHost/jenkins https://myHost/jenkins
Publicado por en No hay comentarios:
Etiquetas: ,

martes, 26 de mayo de 2015

Sonatype Nexus Apache reverse proxy - Service unavaliable

In order to execute Sonatype Nexus behind an Apache httpd poxy, you can follow this instrunctions: http://books.sonatype.com/nexus-book/reference/install-sect-proxy.html

But you may get an apache error of "service unavaliable". Te solution is executing de followning command:

/usr/sbin/setsebool -P httpd_can_network_connect true

Publicado por en No hay comentarios:
Etiquetas: , ,

lunes, 25 de mayo de 2015

Centos update proxy config

Proxy config is located in ~/.bash_profile. To configure proxy you have to edit this file and insert de followning lines:
# The Web proxy server used by this account
http_proxy="http://usuario:password@my.proxy:8080"
export no_proxy=localhost,127.0.0.1
export http_proxy

User and password are optional.

In order to make changes take efect you have to exectuete de follownin comand: 
# The Web proxy server used by this account
source .bash_profile
Publicado por en No hay comentarios:
Etiquetas:

domingo, 24 de mayo de 2015

JBoss + Camel JMS + Spring Example

In this post I´ll show you how to configure Apache Camel JMS to read messages from a Queue in JBoss.

Versions:
  • Apache Camel 2.12.0
  • Spring 3.2.4.RELEASE
  • JBoss EAP 6.2
  • HornetQ
The server side and producer configuration can be found in helloworld-jms, in https://github.com/jboss-developer/jboss-eap-quickstarts/tree/6.2.x.
Basically, there is a queue named "testQueue" and a simple app that send messages to it. In helloworld example there is a producer and a consumer, but in this case the consumer can be omited because it will be a camel route.

Camel project config

Pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>es.cixtec.arq.pruebas</groupId>
  <artifactId>camel-dynamic-route</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>war</packaging>
  
    
 <properties>
  <camel.version>2.12.0</camel.version>
  <version.jboss.as> 7.3.0.Final-redhat-14</version.jboss.as>     
  <spring.version>3.2.4.RELEASE</spring.version>
  <slf4j.version>1.6.6</slf4j.version>  
  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 </properties>
 
 <build>
  <plugins>
   <plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-compiler-plugin</artifactId>
    <version>3.3</version>
    <configuration>
     <source>1.7</source>
     <target>1.7</target>
    </configuration>
   </plugin>


   <plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-war-plugin</artifactId>
    <version>2.6</version>
   </plugin>


   <plugin>
    <groupId>org.apache.camel</groupId>
    <artifactId>camel-maven-plugin</artifactId>
    <version>${camel.version}</version>
   </plugin>  

  </plugins>
  
 </build>
 
 <dependencies>
  <dependency>
   <groupId>org.apache.camel</groupId>
   <artifactId>camel-core</artifactId>
   <version>${camel.version}</version>   
  </dependency>
  
  <dependency>
   <groupId>org.apache.camel</groupId>
   <artifactId>camel-jms</artifactId>
   <version>${camel.version}</version>   
  </dependency>
  
  <dependency>
   <groupId>org.jboss.as</groupId>
   <artifactId>jboss-as-jms-client-bom</artifactId>
   <version>${version.jboss.as}</version>
   <type>pom</type>
  </dependency>
        
  <dependency>
   <groupId>org.apache.camel</groupId>
   <artifactId>camel-spring</artifactId>
   <version>${camel.version}</version>   
  </dependency>
  
  
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-web</artifactId>
   <version>${spring.version}</version>
  </dependency>

  <dependency>
   <groupId>org.slf4j</groupId>
   <artifactId>slf4j-log4j12</artifactId>
   <version>${slf4j.version}</version>
  </dependency>
  
 </dependencies>
 
</project>

Spring + camel config:
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xmlns:context="http://www.springframework.org/schema/context" 
 xsi:schemaLocation="
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd     
     http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">

 <!-- ********************************************* -->
 <!-- ********** JMS CONFIG *********************** -->
 <!-- ********************************************* -->
 <bean id="jndiTemplate" class="org.springframework.jndi.JndiTemplate">
  <property name="environment">
   <props>
    <prop key="java.naming.factory.initial">org.jboss.naming.remote.client.InitialContextFactory</prop>
    <prop key="java.naming.provider.url">remote://localhost:4447</prop>
    <prop key="java.naming.security.principal">quickstartUser</prop>
    <prop key="java.naming.security.credentials">quickstartPwd1!</prop>    
   </props>
  </property>
 </bean>
 
 <bean id="jmsQueueConnectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
  <property name="jndiTemplate" ref="jndiTemplate"/>  
  <property name="jndiName" value="jms/RemoteConnectionFactory"/>  
 </bean>

 <bean name="jms" class="org.apache.camel.component.jms.JmsComponent">
  <property name="connectionFactory" ref="jmsQueueConnectionFactory" />
 </bean>

 <!-- ********************************************* -->


 <!-- ****************************** -->
 <!-- ****** RUTA ****************** -->
 <!-- ****************************** -->
 <camelContext id="camelContext" xmlns="http://camel.apache.org/schema/spring">
  <route id="mainGestionRoute">
   <from uri="jms:queue:testQueue?username=quickstartUser&amp;password=quickstartPwd1!" />

   <log message="JMSCorrelationID: ${header.JMSCorrelationID}"/>
   <log message="JMSDeliveryMode: ${header.JMSDeliveryMode}"/>
   <log message="JMSDestination: ${header.JMSDestination}"/>
   <log message="JMSExpiration: ${header.JMSExpiration}"/>
   <log message="JMSMessageID: ${header.JMSMessageID}"/>
   <log message="JMSPriority: ${header.JMSPriority}"/>
   <log message="JMSRedelivered: ${header.JMSRedelivered}"/>
   <log message="JMSReplyTo: ${header.JMSReplyTo}"/>
   <log message="JMSMessageID: ${header.JMSMessageID}"/>
   <log message="JMSTimestamp: ${header.JMSTimestamp}"/>
   <log message="JMSType: ${header.JMSType}"/>
   <log message="JMSXGroupID: ${header.JMSXGroupID}"/>
   
   <to uri="log:receivedMessage?level=INFO" />
  </route>
 </camelContext>

</beans>

This route just prints the message and JMS headers received.
Publicado por en No hay comentarios:
Etiquetas: , , ,

domingo, 3 de mayo de 2015

org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto property file supplied to verify signature)

This exception may happens due to you are using "SignaturePropRefId" instead of "signaturePropRefId" with wss4j version 1.6.X +.

In wss4j versions prior 1.6, constant value to refrerence "signaturePropRefId" was in uppercase, but this changed sinces 1.6.

<bean id="wsss4JOutInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
 <constructor-arg>
  <map>
   <entry key="action" value="Signature"/>
   <entry key="user" value="xxxxx"/> <!--  This is a bug in CXF 2.7.6. It was solved in laters versions -->
  
   <entry key="signaturePropRefId" value="signaturePropertiesBean" />
   <entry key="signaturePropertiesBean" value-ref="signatureProperties" />
   
   <entry key="signatureUser" value="myclientkey" />
   <entry key="passwordCallbackRef" value-ref="clientCallback" />
   
   <entry key="signatureKeyIdentifier" value="DirectReference" />
   <entry key="signatureParts" value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
   <entry key="addInclusivePrefixes" value="false" />
   <entry key="includeSignatureToken" value="true" />
   <entry key="mustUnderstand" value="false" />
  </map>
 </constructor-arg>
</bean>


<util:properties id="signatureProperties">      
 <prop key="org.apache.ws.security.crypto.provider">org.apache.ws.security.components.crypto.Merlin</prop>      
 <prop key="org.apache.ws.security.crypto.merlin.keystore.file">D:/temp/certificates/client-IdentityStore(1234).jks</prop>      
 <prop key="org.apache.ws.security.crypto.merlin.keystore.type">jks</prop>
 <prop key="org.apache.ws.security.crypto.merlin.keystore.provider">SUN</prop>
 <prop key="org.apache.ws.security.crypto.merlin.keystore.password">1234</prop>
 <prop key="org.apache.ws.security.crypto.merlin.load.cacerts">false</prop>
</util:properties>

You can check all available constant values in the class org.apache.ws.security.handler.WSHandlerConstants.
Using eclipse is just Ctrl + T.
Publicado por en No hay comentarios:
Etiquetas:
Suscribirse a: Entradas (Atom)