Sunday, February 8, 2015

Secure File Transfer with VFS (ESB FTP+SSL certificates)



Hello, everyone this post I would discuss a new feature that enables us to share files between ESB and FTP server where FTP server establish connection through SSL certificates. will go step by step discussing how you could prepare FTP server to enable SSL and then share files between ESB
  • Generating KeyPair
    • openssl genrsa -des3 -out dushan.key 1024
    • openssl req -new -x509 -days 365 -key dushan.key -out dushan.crt
    • Import certificate to ESB client-trust store 
      • keytool -import -alias stan  -keystore client-truststore.jks -file dushan.crt

  • Used Filezilla client and server to demonstrate this scenario, 




  • You can configure VFS transport with https://docs.wso2.com/pages/viewpage.action?pageId=26838852
  • Proxy Configuration looks as below
    • Please notice the configuration (special notations) 'vfs.ssl.keystore' ,'vfs.ssl.truststore' ,'vfs.ssl.tspassword','vfs.ssl.kspassword'
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="VFSProxy"
       transports="vfs"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence>
         <property name="OUT_ONLY" value="true"/>
         <property name="transport.vfs.ReplyFileName"
                   expression="fn:concat(fn:substring-after(get-property('MessageID'), 'urn:uuid:'), '.csv')"
                   scope="transport"/>
         <property name="messageType" value="text/plain" scope="axis2"/>
         <property name="ClientApiNonBlocking" scope="axis2" action="remove"/>
         <send>
            <endpoint>
               <address uri="vfs:ftps://dushan:12345@192.168.56.102/test?vfs.ssl.keystore=/Users/dushan/workspace/onlinesupport/ESB/wso2esb-4.8.1/repository/resources/security/wso2carbon.jks&amp;vfs.ssl.truststore=/Users/dushan/workspace/onlinesupport/ESB/wso2esb-4.8.1/repository/resources/security/client-truststore.jks&amp;vfs.ssl.kspassword=wso2carbon&amp;vfs.ssl.tspassword=wso2carbon&amp;vfs.ssl.keypassword=wso2carbon"/>
            </endpoint>
         </send>
         <drop/>
      </inSequence>
   </target>
   <parameter name="transport.PollInterval">10</parameter>
   <parameter name="transport.vfs.ActionAfterProcess">MOVE</parameter>
   <parameter name="transport.vfs.FileURI">file:///Users/xx/in</parameter>
   <parameter name="transport.vfs.MoveAfterProcess">file:///Users/xx/processed</parameter>
   <parameter name="transport.vfs.MoveAfterFailure">file:///Users/xx/fail</parameter>
   <parameter name="transport.vfs.FileNamePattern">.*.csv</parameter>
   <parameter name="transport.vfs.ContentType">text/plain</parameter>
   <parameter name="transport.vfs.ActionAfterFailure">MOVE</parameter>
   <description>Custom file reader proxy for CAP mainframe file. This will perform transformation to DP v2 structure and store data into Vertica</description>
</proxy>

  • Fail to add public certificates would result errors as follows
... 16 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1421) ... 27 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target



2 comments:

  1. tempat nyari SSL murah ya di IDwebhost.com Cuman disini kamu bisa menemukan paket terbaik untuk hosting webkamu.

    ReplyDelete
  2. Chancing a rare occurrence whereby either or both computers are from the dark ages, i.e. a technology of a previous decade in computerize, and don't have USB ports, you can opt to burn files to CD, either a Readable or Rewritable Compact Disk.
    download shareit app

    ReplyDelete