Setup svn server on ubuntu

This post describes about setting up the svn server on ubuntu.

• Install Subversion

$ sudo apt-get install subversion libapache2-svn apache2

• Configure Subversion

Create a directory for where you want to keep your subversion repositories:

$ sudo mkdir /subversion

$ sudo chown -R www-data:www-data /subversion/

• Open the subversion config file dav_svn.conf (/etc/apache2/mods-available) and add the lines at the end as shown below. Comment or delete all the other lines in the config file:

#</Location>

<Location /subversion>

DAV svn

SVNParentPath /subversion

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /etc/apache2/dav_svn.passwd

Require valid-user

</Location>

• Now create a SVN user using the following command. Here I create a new SVN user called sohani with password msc12345:

$ sudo htpasswd -cm /etc/apache2/dav_svn.passwd sohani

New password: 

Re-type new password: 

Adding password for user sohani

Use -cm parameter for the first time only, you can create another user with only -m parameter.

• Create Subversion repository called sohani.repo under /subversion directory:

$ cd /subversion/

$ sudo svnadmin create sohani.repo

Restart Apache service:

$ /etc/apache2 sudo service apache2 reload

• Open the browser and navigate to http://ip-address/subversion/sohani.repo. Enter the SVN username and password which you have created in the earlier step. In my case, username is sohani and password is msc12345.

Maven private remote repository setup

1. Download nexus-2.11.1-01-bundle.tar.gz or latest version of nexus oss.

2. Extract the tar file in you home directory-

$ tar -xvf nexus-2.11.1-01-bundle.tar.gz

Now you will get two directories - nexus-2.11.1-01 and sonatype-work in your home directory.

3. Copy these two directories to /usr/local/ directory 

$ cp -r nexus-2.11.1-01 /usr/local/

$ cp -r sonatype-work /usr/local/

The executable/configuration files related to nexus are stored in nexus-2.11.1-01 directory and the jar file mentioned in pom.xml are stored in sonatype-work directory.

These jar files are mirror of your ~/.m2/repository. First time you issue a mvn package command then all the jars are stored here. After then when you issue mvn package again then all jars are downloaded from the nexus repository instead of downloading from the central repository.

4. Go to the /usr/local/ directory 

$ cd /usr/local/  

5. Create a link to nexus-2.11.1-01 

$ sudo ln -s nexus-2.7.0-06 nexus

6. Now to run nexus, execute the following 

$ bash nexus/bin/nexus console  

Here nexus is attached with your console. If you close your console then the nexus server will be terminated. 

7.Then grant permission as follows

$ sudo chmod -R 777 nexus-2.11.1-01/

$ sudo chmod -R 777 sonatype-work/

8. Now in browser type the address - http://localhost:8081/nexus/. The default login user name is - admin and password is - admin123

9. To stop nexus. Just close the terminal or press Ctrl+C. Copy the following content into this settings.xml file 

<settings>

    <mirrors>

        <mirror>

        <!--This sends everything else to /public -->

            <id>nexus</id>

            <mirrorOf>*</mirrorOf>

            <url>http://localhost:8081/nexus/content/groups/public</url>

        </mirror>

    </mirrors>

    <profiles>

        <profile>

            <id>nexus</id>

            <!--Enable snapshots for the built in central repo to direct -->

            <!--all requests to nexus via the mirror -->

            <repositories>

                <repository>

                <id>central</id>

                <url>http://central</url>

                <releases><enabled>true</enabled></releases>

                <snapshots><enabled>true</enabled></snapshots>

                </repository>

            </repositories>

            <pluginRepositories>

                <pluginRepository>

                    <id>central</id>

                    <url>http://central</url>

                    <releases><enabled>true</enabled></releases>

                    <snapshots><enabled>true</enabled></snapshots>

                </pluginRepository>

            </pluginRepositories>

        </profile>

    </profiles>

    <activeProfiles>

    <!--make the profile active all the time -->

        <activeProfile>nexus</activeProfile>

    </activeProfiles>

</settings>

10. And add these following line in your project's pom.xml file 

<distributionManagement>

    <snapshotRepository>

        <id>my-snapshots</id>

        <name>My internal repository</name>

        <url>http://localhost:8081/nexus/content/repositories/snapshots</url>

    </snapshotRepository>

    <repository>

        <id>my-releases</id>

        <name>My internal repository</name>

        <url>http://localhost:8081/nexus/content/repositories/releases</url>

    </repository>

</distributionManagement>

Building/Releasing projects with maven release plugin

This post describes about building/releasing projects with maven using the maven release plugin with org.wso2.maven:wso2-release-pre-prepare-plugin.


1. Checkout the svn repo and create two folders as tag and trunk.

2. Then you need to create a Maven Multi Module project called 'trunk' and then add following sections to the main pom.xml

<properties>
      <project.scm.id>my.svn.server</project.scm.id>
</properties>

 <scm>
      <connection>scm:svn:http://127.0.0.1/subversion/sohani.repo/test9/trunk</connection>
 <developerConnection>scm:svn:http://127.0.0.1/subversion/sohani.repo/test9/trunk</developerConnection>
<url>http://127.0.0.1/subversion/sohani.repo/test9/trunk</url>
</scm>


 <plugin>
          <artifactId>maven-release-plugin</artifactId>
          <version>2.5</version>
          <configuration>
            <preparationGoals>clean</preparationGoals>
            <completionGoals>org.wso2.maven:wso2-release-pre-prepare-plugin:1.1.0:pre-prepare</completionGoals>
<!-- This must be set! The plugin throws a NPE when not set -->
             <tagBase>http://127.0.0.1/subversion/sohani.repo/test9/tags</tagBase>
          </configuration>
 </plugin>


   <distributionManagement>
<repository>
      <id>my-releases</id>
      <url>http://localhost:8081/nexus/content/repositories/releases/</url>
    </repository>
</distributionManagement>


  <pluginRepository>
<id>wso2-public</id>
<url>http://maven.wso2.org/nexus/content/groups/wso2-public</url>
  </pluginRepository>

3. In settings.xml resides at .m2, you need to add below sections.

   <server>

      <id>my-releases</id>

      <username><nexus_uname></username>

      <password><nexus_password></password>

    </server>

  <server>

     <id>my.svn.server</id>

     <username><svn_uname></username>

     <password><svn_password></password>

   </server>

  <mirror>

      <id>nexus</id>

      <mirrorOf>*</mirrorOf>

      <name>Human Readable Name for this Mirror.</name>

      <url>http://localhost:8081/nexus/content/groups/public</url>

    </mirror>

   <profile>

            <id>nexus</id>

            <!--Enable snapshots for the built in central repo to direct -->

            <!--all requests to nexus via the mirror -->

            <repositories>

                <repository>

                <id>central</id>

                <url>http://central</url>

                <releases><enabled>true</enabled></releases>

                <snapshots><enabled>true</enabled></snapshots>

                </repository>

            </repositories>

            <pluginRepositories>

                <pluginRepository>

                    <id>central</id>

                    <url>http://central</url>

                    <releases><enabled>true</enabled></releases>

                    <snapshots><enabled>true</enabled></snapshots>

                </pluginRepository>

            </pluginRepositories>

        </profile>

   <activeProfile>nexus</activeProfile>

4. Then navigate to the checkout location (trunk) of the svn repo and execute below commands

mvn release:prepare -Dusername=<svn_uname> -Dpassword=<svn_password>

mvn release:perform

5. If you want to revert changes you can execute below commands

mvn release:rollback

mvn release:clean

Installing a new keystore into WSO2 Products

Basically WSO2 carbon based products are shipped with a default keystore (wso2carbon.jks) which can be found at <CARBON_HOME>/repository/resources/security directory. This has a private/public key pair which is mainly use for encrypt the sensitive information.

When the products are deployed in production environment it is better to replace this default keystore with a self signed or CA signed certificates.


1). Create a new keystore with a private and public key pair using keytool which is shipped with JDK installation.

Go to <CARBON_HOME>/repository/resources/security directory and type the following command

keytool -genkey -alias testcert -keyalg RSA -keysize 1024 -keypass testpassword -keystore testkeystore.jks -storepass testpassword

Then you have to provide necessary information in order to construct the DN of the certificate.
After you enter the information the created keystore can be found at the above location.

Note: You can view the contents of the generated keystore by:

keytool -list -v -keystore testkeystore.jks -storepass testpassword

2). In order to signed the public certificate, you can use two options as follows.

• Get your public certificate signed by a CA(recommended for production environment) - http://blog.facilelogin.com/2008/03/keystore-management-part-i.html 
• Use the above generated self signed certificate (for local testing purposes).

3). Export your public certificate from the keystore and import it into the trust store.

In WSO2 Carbon products, this trust store is set as client-truststore.jks which resides in the same above directory as the keystore.

Now we have to imort the new public certificate into this trust store for Front End and Back End communication.

• Export the new public certificate:

keytool -export -alias testcert -keystore testkeystore.jks -storepass testpassword -file testcert.pem

This will export the public certificate into a file called testcert.pem in the same directory.

• Import it into client-truststore.jks with following command:

keytool -import -alias testnewcert -file testcert.pem -keystore client-truststore.jks -storepass wso2carbon

(Password of client-truststore.jks keystore is: wso2carbon)

4). Change the below configuration files:

Go to  <CARBON_HOME>/repository/conf  and point the new keystore as below:

•  carbon.xml 

<keystore>   
<location>${carbon.home}/repository/resources/security/testkeystore.jks</location>  
<type>JKS</type>   
<password>testpassword</password>   
<keyalias>testcert</keyalias>   
<keypassword>testpassword</keypassword>   
</keystore>  

•  axis2.xml (Only for WSO2 ESB) (WSO2 ESB uses different HTTPS transport sender and receiver for accessing the services exposed over HTTPS as below, and the keystore used for this purpose is specified in the following configuration)

<transportreceiver class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLListener" name="https">  
<parameter locked="false" name="port">8243</parameter>  
<parameter locked="false" name="non-blocking">true</parameter>  
<parameter locked="false" name="httpGetProcessor">org.wso2.carbon.transport.nhttp.api.NHttpGetProcessor</parameter>  
<parameter locked="false" name="keystore">  
<keystore>  
<location>repository/resources/security/testkeystore.jks</location>  
<type>JKS</type>  
<password>testpassword</password>  
<keypassword>testpassword</keypassword>  
</keystore>  
</parameter>  
<parameter locked="false" name="truststore">  
<truststore>  
<location>repository/resources/security/client-truststore.jks</location>  
<type>JKS</type>  
<password>wso2carbon</password>  
</truststore>  
</parameter>  
</transportreceiver>
 
<transportsender class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender" name="https">  
<parameter locked="false" name="non-blocking">true</parameter>  
<parameter locked="false" name="keystore">  
<keystore>  
<location>repository/resources/security/testkeystore.jks</location>  
<type>JKS</type>  
<password>testpassword</password>  
<keypassword>testpassword</keypassword>  
</keystore>  
</parameter>  
<parameter locked="false" name="truststore">  
<truststore>  
<location>repository/resources/security/client-truststore.jks</location>  
<type>JKS</type>  
<password>wso2carbon</password>  
</truststore>  
</parameter>  
</transportsender>

Testing secured proxies using a security client 

Please follow the below steps to test a secured proxy

1. Create a Java project with SecurityClient.java and client.properties
 files

2. Add Following configuration parameters to client.properties file

clientRepo = Path for Client repository location. Sample repo can be found in ESB_HOME/samples/axis2Server/repository location.

clientKey =Path for Client’s Key Store.  Here I am using same key Store (wso2carbon.jks). You can find it from ESB_HOME/resources/security.

securityPolicyLocation=Path for the client side security policy files. You can fine 15 policy files from here. https://github.com/sohaniwso2/wso2Articles/tree/master/securityPolicies

trustStore= This is trusted store that is used for ssl communication on https. You can use same key store for this. (wso2carbon.jks)

securityScenarioNo=Security scenario number that used to secure (eg: If it is non-repudiation it is 2)

SoapAction =You can find it from wsdl

endpointHttp =Http endpont of proxy service

endpointHttpS=Https endpont of proxy service

body = Body part of your Soap message

Sample configuration

clientRepo=/home/sohani/Downloads/Desktop/ServerUP/new/wso2esb-4.8.1/samples/axis2Server/repository/
clientKey =/home/sohani/Downloads/Desktop/ServerUP/new/wso2esb-4.8.1/repository/resources/security/wso2carbon.jks
securityPolicyLocation=/home/sohani/Downloads/Desktop/Support/CAPGRPDEV-105/sample_policy/securityPolicies
trustStore=/home/sohani/Downloads/Desktop/ServerUP/new/wso2esb-4.8.1/repository/resources/security/wso2carbon.jks
securityScenarioNo=2
SoapAction =urn:mediate
endpointHttp =http://localhost:8280/services/SampleProxy
endpointHttpS =https://localhost:8243/services/SampleProxy
body=<a/>

3. Copy Following Java code

import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.llom.util.AXIOMUtil;
import org.apache.axiom.om.OMElement;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.RampartMessageData;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.client.Options;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.callback.CallbackHandler;
import java.io.File;
import java.io.IOException;
import java.io.FileInputStream;
import java.util.Properties;

public class SecurityClient implements CallbackHandler {

 public static void main(String srgs[]) {

        SecurityClient securityCl = new SecurityClient();
        OMElement result = null;
          try {
                result = securityCl.runSecurityClient();
            } catch (Exception e) {
                e.printStackTrace();
            }
            System.out.println(result.toString());

        }

    public OMElement runSecurityClient( ) throws Exception {

        Properties properties = new Properties();
        File file = new File("/home/sohani/workspace_new/TestClient/src/client.properties ");
        FileInputStream freader=new FileInputStream(file);
        properties.load(freader);
        String clientRepo  = properties.getProperty("clientRepo");
        String endpointHttpS   = properties.getProperty("endpointHttpS");
        String endpointHttp   = properties.getProperty("endpointHttp");
        int securityScenario =Integer.parseInt(properties.getProperty("securityScenarioNo"));
        String clientKey = properties.getProperty("clientKey");
        String SoapAction = properties.getProperty("SoapAction");
        String body = properties.getProperty("body");
        String trustStore=properties.getProperty("trustStore");
        String securityPolicy =properties.getProperty("securityPolicyLocation");

        OMElement result = null;

        System.setProperty("javax.net.ssl.trustStore", trustStore);
        System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");

        ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(clientRepo, null);
        ServiceClient sc = new ServiceClient(ctx, null);
        sc.engageModule("rampart");
        sc.engageModule("addressing");

        Options opts = new Options();

            if(securityScenario==1){
                opts.setTo(new EndpointReference(endpointHttpS));
            }else{
                opts.setTo(new EndpointReference(endpointHttp));
            }

        opts.setAction(SoapAction);

            if(securityScenario!=0){
                try {
                    String securityPolicyPath=securityPolicy+File.separator +"scenario"+securityScenario+"-policy.xml";
                    opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(securityPolicyPath,clientKey));
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        sc.setOptions(opts);
        result = sc.sendReceive(AXIOMUtil.stringToOM(body));
        return result;
    }
   
    public Policy loadPolicy(String xmlPath , String clientKey) throws Exception {

        StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
        Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());

        RampartConfig rc = new RampartConfig();

        rc.setUser("admin");
        rc.setUserCertAlias("wso2carbon");
        rc.setEncryptionUser("wso2carbon");
        rc.setPwCbClass(SecurityClient.class.getName());

        CryptoConfig sigCryptoConfig = new CryptoConfig();
        sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

        Properties prop1 = new Properties();
        prop1.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
        prop1.put("org.apache.ws.security.crypto.merlin.file", clientKey);
        prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
        sigCryptoConfig.setProp(prop1);

        CryptoConfig encrCryptoConfig = new CryptoConfig();
        encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

        Properties prop2 = new Properties();
        prop2.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
        prop2.put("org.apache.ws.security.crypto.merlin.file", clientKey);
        prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
        encrCryptoConfig.setProp(prop2);

        rc.setSigCryptoConfig(sigCryptoConfig);
        rc.setEncrCryptoConfig(encrCryptoConfig);

        policy.addAssertion(rc);
        return policy;
    }

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

        WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[0];
        String id = pwcb.getIdentifer();
        int usage = pwcb.getUsage();

        if (usage == WSPasswordCallback.USERNAME_TOKEN) {

           if ("admin".equals(id)) {
               pwcb.setPassword("admin");
           }

        } else if (usage == WSPasswordCallback.SIGNATURE || usage == WSPasswordCallback.DECRYPT) {

            if ("wso2carbon".equals(id)) {
                pwcb.setPassword("wso2carbon");
            }
        }
    }
}

4. Add relevant libraries to your class path

It is easy , Go to ESB_HOME/bin and run ant command. You will see created jar file in ESB_HOME/repository/lib  directory. Do not forget to add saxon9he.jar  that is in ESB_HOME/lib/endorsed directory.

5. Then run your secured client