Re: [Dev] Error with Secured/Encrypted VFS Transport Credentials on ESB500Beta2

[Chaminda Jayawardena]

Hi Rajith,

This is worked when I used a keystore with 1024 keysize. I will verify with
2048 bit keystore with the next release.

I noticed following warning in the logs while server startup even though
the param exists.

*[2016-07-26 12:22:12,199]  WARN - PollTableEntry transport.vfs.FileURI
parameter is missing in the proxy service configuration*

And when I put *"<parameter locked="false"
name="security.provider">BC</parameter>" *param in axis2.xml, getting below
exception[1] while server startup. Better to fix these two.

And following information mentioned in the jira should be corrected.
When we use ciphertool for encryption, it is not needed to put
*security.provider*  parameter either in axis2.xml or in the proxy service.

*[1]*
*[2016-07-26 12:22:15,166] ERROR - VFSTransportListener Unexpected error
when configuring service StockQuoteProxy for the VFS transport. It will be
disabled for this transport and marked as faulty.*
*java.lang.IllegalArgumentException: Illegal group reference*
* at java.util.regex.Matcher.appendReplacement(Matcher.java:857)*
* at java.util.regex.Matcher.replaceFirst(Matcher.java:1004)*
* at
org.apache.synapse.transport.vfs.PollTableEntry.decryptIfRequired(PollTableEntry.java:701)*
* at
org.apache.synapse.transport.vfs.PollTableEntry.loadConfiguration(PollTableEntry.java:414)*
* at
org.apache.axis2.transport.base.AbstractTransportListenerEx.startListeningForService(AbstractTransportListenerEx.java:153)*
* at
org.apache.axis2.transport.base.AbstractTransportListener.internalStartListeningForService(AbstractTransportListener.java:213)*
* at
org.apache.axis2.transport.base.AbstractTransportListener$2.serviceAdded(AbstractTransportListener.java:126)*
* at
org.apache.axis2.transport.base.tracker.AxisServiceTracker.serviceAdded(AxisServiceTracker.java:212)*
* at
org.apache.axis2.transport.base.tracker.AxisServiceTracker.start(AxisServiceTracker.java:188)*
* at
org.apache.axis2.transport.base.AbstractTransportListener.start(AbstractTransportListener.java:178)*
* at
org.apache.axis2.transport.base.AbstractTransportListenerEx.start(AbstractTransportListenerEx.java:83)*
* at
org.apache.axis2.engine.ListenerManager.start(ListenerManager.java:168)*
* at
org.apache.axis2.engine.ListenerManager.startSystem(ListenerManager.java:186)*
* at
org.wso2.carbon.core.internal.StartupFinalizerServiceComponent.completeInitialization(StartupFinalizerServiceComponent.java:165)*
* at
org.wso2.carbon.core.internal.StartupFinalizerServiceComponent.serviceChanged(StartupFinalizerServiceComponent.java:288)*
* at
org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)*
* at
org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)*
* at
org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:451)*
* at
org.wso2.carbon.throttling.agent.internal.ThrottlingAgentServiceComponent.registerThrottlingAgent(ThrottlingAgentServiceComponent.java:123)*
* at
org.wso2.carbon.throttling.agent.internal.ThrottlingAgentServiceComponent.activate(ThrottlingAgentServiceComponent.java:100)*
* at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
* at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
* at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
* at java.lang.reflect.Method.invoke(Method.java:483)*
* at
org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)*
* at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)*
* at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)*
* at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)*
* at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)*
* at
org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)*
* at
org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)*
* at
org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)*
* at
org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)*
* at
org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:451)*
* at
org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:514)*
* at
org.wso2.carbon.core.init.CarbonServerManager.start(CarbonServerManager.java:219)*
* at
org.wso2.carbon.core.internal.CarbonCoreServiceComponent.activate(CarbonCoreServiceComponent.java:94)*
* at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
* at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)*
* at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
* at java.lang.reflect.Method.invoke(Method.java:483)*
* at
org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)*
* at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)*
* at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)*
* at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)*
* at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)*
* at
org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)*
* at
org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)*
* at
org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)*
* at
org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)*
* at
org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)*
* at
org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)*
* at
org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433)*
* at
org.eclipse.equinox.http.servlet.internal.Activator.registerHttpService(Activator.java:81)*
* at
org.eclipse.equinox.http.servlet.internal.Activator.addProxyServlet(Activator.java:60)*
* at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.init(ProxyServlet.java:40)*
* at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.init(DelegationServlet.java:38)*
* at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1282)*
* at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)*
* at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)*
* at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)*
* at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)*
* at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)*
* at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1572)*
* at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1562)*
* at java.util.concurrent.FutureTask.run(FutureTask.java:266)*
* at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)*
* at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)*
* at java.lang.Thread.run(Thread.java:745)*




On Sat, Jul 23, 2016 at 11:11 PM, Chaminda Jayawardena <chami...@wso2.com>
wrote:

> Hi Rajith,
>
> I used a new keystore with 2048 of key size. And other configurations are
> as below. So then the problem is key size accoring to that.
>
> --encrypted "user:pass" as a whole
> --have provided decryption in axis2.xml
>
> On Fri, Jul 22, 2016 at 8:11 PM, Rajith Vitharana <raji...@wso2.com>
> wrote:
>
>> Hi Chaminda,
>>
>> Config level issues I can think of are as follows,
>> Have you encrypted "username:password" as a whole and provided in [1] or
>> separately encrypted them and added as colon separated value?
>> Have you provided same configs for decryption in axis2.xml
>> vfsTransportListner config? (For example if you use bouncycastle(BC) when
>> encrypting, then need to provide that for decryption as well)
>> Have you used a key with larger keystrength for encryption? (for example
>> 2048 key strength). If so there was a issue with that and already fixed
>> with [2]
>>
>>
>> [1] - {wso2:vault-decrypt('encryptedValue')}
>> [2] - https://wso2.org/jira/browse/ESBJAVA-4770
>>
>> Thanks,
>>
>> On Fri, Jul 22, 2016 at 2:59 PM, Chaminda Jayawardena <chami...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I followed the steps in [1] and getting below exception[2] when proxy
>>> service is invoked.
>>> I manually encrypted the username:password using ciphertool.sh and used
>>> encrypted value in the proxy service as below. And also I could success
>>> when the same user:pass combination is not encrypted.
>>> Anything missed here or just a bug ?
>>>
>>> *<parameter
>>> name="transport.vfs.FileURI">smb://{wso2:vault-decrypt('encrypted_user:pass_from_ciphertool')}@localhost/share/test1</parameter>*
>>>
>>> [1] https://wso2.org/jira/browse/ESBJAVA-4679
>>> [2]
>>> [2016-07-22 14:48:11,221] ERROR - VFSTransportListener Error checking
>>> for existence and readability : smb://@localhost/share/test1
>>> org.apache.commons.vfs2.FileSystemException: Could not determine the
>>> type of file "smb://localhost/share/test1".
>>> at
>>> org.apache.commons.vfs2.provider.AbstractFileObject.attach(AbstractFileObject.java:1523)
>>> at
>>> org.apache.commons.vfs2.provider.AbstractFileObject.getType(AbstractFileObject.java:490)
>>> at
>>> org.apache.commons.vfs2.provider.AbstractFileObject.exists(AbstractFileObject.java:478)
>>> at
>>> org.apache.synapse.transport.vfs.VFSTransportListener.scanFileOrDirectory(VFSTransportListener.java:294)
>>> at
>>> org.apache.synapse.transport.vfs.VFSTransportListener.poll(VFSTransportListener.java:188)
>>> at
>>> org.apache.synapse.transport.vfs.VFSTransportListener.poll(VFSTransportListener.java:134)
>>> at
>>> org.apache.axis2.transport.base.AbstractPollingTransportListener$1$1.run(AbstractPollingTransportListener.java:67)
>>> at
>>> org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
>>> at
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> at
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>> Caused by: jcifs.smb.SmbAuthException: Logon failure: unknown user name
>>> or bad password.
>>> at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:406)
>>> at jcifs.smb.SmbSession.send(SmbSession.java:218)
>>> at jcifs.smb.SmbTree.treeConnect(SmbTree.java:176)
>>> at jcifs.smb.SmbFile.doConnect(SmbFile.java:911)
>>> at jcifs.smb.SmbFile.connect(SmbFile.java:954)
>>> at jcifs.smb.SmbFile.connect0(SmbFile.java:880)
>>> at jcifs.smb.SmbFile.queryPath(SmbFile.java:1335)
>>> at jcifs.smb.SmbFile.exists(SmbFile.java:1417)
>>> at jcifs.smb.SmbFile.isDirectory(SmbFile.java:1490)
>>> at
>>> org.apache.commons.vfs2.provider.smb.SmbFileObject.createSmbFile(SmbFileObject.java:119)
>>> at
>>> org.apache.commons.vfs2.provider.smb.SmbFileObject.doAttach(SmbFileObject.java:71)
>>> at
>>> org.apache.commons.vfs2.provider.AbstractFileObject.attach(AbstractFileObject.java:1506)
>>> ... 10 more
>>>
>>>
>>>
>>>
>>> --
>>> Thanks & Regards
>>>
>>> *Chaminda Jayawardena*
>>> Senior Software Engineer - QA
>>> WSO2 Inc. - http://wso2.com
>>> +94-77-7725234
>>>
>>
>>
>>
>> --
>> Rajith Vitharana
>>
>> Senior Software Engineer,
>> WSO2 Inc. : wso2.com
>> Mobile : +94715883223
>> Blog : http://lankavitharana.blogspot.com/
>> <http://wso2.com/signature>
>>
>
>
>
> --
> Thanks & Regards
>
> *Chaminda Jayawardena*
> Senior Software Engineer - QA
> WSO2 Inc. - http://wso2.com
> +94-77-7725234
>



-- 
Thanks & Regards

*Chaminda Jayawardena*
Senior Software Engineer - QA
WSO2 Inc. - http://wso2.com
+94-77-7725234

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev