Saturday, January 28, 2017

String concatenation in Script Mediator of WSO2 ESB 5.0.0

If you are using String concatenation inside Javascript mediator, as the Rhino engine ( Rhino JavaScript engine (1.74) ) has been updated in WSO2 ESB5.0.0, the same concatenation functionality worked in ESB4.9.0 will not work in ESB5.0.0. As it is a problem in Rhino Engine, to overcome the issue you need to follow the below. To get more understanding you can refer [1] also.

[1] https://www-01.ibm.com/support/docview.wss?uid=swg1JR55739

When you set up proxy as below:

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="StringConcatenationJS"
       startOnLoad="true"
       statistics="disable"
       trace="disable"
       transports="http,https">
   <target>
      <inSequence>
         <property name="STATUS"
                   value="--------------------StringConcatenationJS Proxy Invoked-------------------"/>
         <script language="js">var log = mc.getServiceLog();         
          log.info("-----------Executing Script Mediator-------------------- ");
          var name = 'ajanthan';
var addres = 'batticaloa'; 
var cconcatenatedString = name + addres;
           log.info("Concatenated string: " + cconcatenatedString);
           
           mc.setProperty('concatString',cconcatenatedString);</script>
         <log level="custom">
            <property expression="get-property('concatString')"
                      name="Concatenated String @ Property: "/>
         </log>
      </inSequence>
   </target>
   <description/>
</proxy>

You will get and Empty Result as below:

[2017-01-28 14:20:29,382]  INFO - ScriptMessageContext -----------Executing Script Mediator-------------------- 
[2017-01-28 14:20:29,383]  INFO - ScriptMessageContext Concatenated string: ajanthanbatticaloa
[2017-01-28 14:20:29,387]  INFO - LogMediator Concatenated String @ Property:  =

To overcome this when you set the property cconcatenatedString.toString().

Updated proxy as below:

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="StringConcatenationJS"
       startOnLoad="true"
       statistics="disable"
       trace="disable"
       transports="http,https">
   <target>
      <inSequence>
         <property name="STATUS"
                   value="--------------------StringConcatenationJS Proxy Invoked-------------------"/>
         <script language="js">var log = mc.getServiceLog();         
          log.info("-----------Executing Script Mediator-------------------- ");
          var name = 'ajanthan';
var addres = 'batticaloa'; 
var cconcatenatedString = name + addres;
           log.info("Concatenated string: " + cconcatenatedString);
           
           mc.setProperty('concatString',cconcatenatedString.toString());</script>
         <log level="custom">
            <property expression="get-property('concatString')"
                      name="Concatenated String @ Property: "/>
         </log>
      </inSequence>
   </target>
   <description/>
</proxy>

The Result will be:

[2017-01-28 14:27:21,679]  INFO - ScriptMessageContext -----------Executing Script Mediator-------------------- 
[2017-01-28 14:27:21,679]  INFO - ScriptMessageContext Concatenated string: ajanthanbatticaloa
[2017-01-28 14:27:21,680]  INFO - LogMediator Concatenated String @ Property:  = ajanthanbatticaloa


Posted by at 1 comment:
Labels: ,

Saturday, January 21, 2017

Separating logs for API's based on API Names in WSO2 APIM 1.10

This article explains how we can separate the logs for each API's based on their API names. It is possible using log4j, but the limitation is you need to provide the api name in the log4j.properties file. You can achieve this using the below configuration in log4j.properties file.

Here, important thing is the name of the API, you should mention as admin--TestAPI_10 in the log4j.properties file. For example, if you are creating a api TestAPI_10 then the name should specify in log4j.properties is  admin--TestAPI_10.

log4j.logger.API_LOGGER.admin--TestAPI_10=DEBUG, TestAPI_10
log4j.logger.API_LOGGER.admin--TestAPI_11=DEBUG, TestAPI_11

log4j.appender.TestAPI_10=org.apache.log4j.DailyRollingFileAppender
log4j.appender.TestAPI_10.Append = true
log4j.appender.TestAPI_10.File=${carbon.home}/repository/logs/TestAPI_10.log
log4j.appender.TestAPI_10.layout=org.apache.log4j.PatternLayout
log4j.appender.TestAPI_10.layout.ConversionPattern=TID: [%d] %5p {%c} - %x %m {%c}%n

log4j.appender.TestAPI_11=org.apache.log4j.DailyRollingFileAppender
log4j.appender.TestAPI_11.Append = true
log4j.appender.TestAPI_11.File=${carbon.home}/repository/logs/TestAPI_11.log
log4j.appender.TestAPI_11.layout=org.apache.log4j.PatternLayout
log4j.appender.TestAPI_11.layout.ConversionPattern=TID: [%d] %5p {%c} - %x %m {%c}%n

The result log at TestAPI_10.log is:

TID: [2017-01-20 17:05:55,351]  INFO {API_LOGGER.admin--TestAPI_10} -  Initializing API: admin--TestAPI_10:v1.0.0 {API_LOGGER.admin--TestAPI_10}
TID: [2017-01-20 17:09:02,388]  INFO {API_LOGGER.admin--TestAPI_10} -  Initializing API: admin--TestAPI_10:v1.0.0 {API_LOGGER.admin--TestAPI_10}
TID: [2017-01-20 17:09:04,389]  INFO {API_LOGGER.admin--TestAPI_10} -  Destroying API: admin--TestAPI_10:v1.0.0 {API_LOGGER.admin--TestAPI_10}
TID: [2017-01-20 17:09:31,084]  INFO {API_LOGGER.admin--TestAPI_10} -  To: /testAPI_10/1.0.0, MessageID: urn:uuid:0e535d55-ee59-47b5-95b4-be8f6f574234, Direction: request, Envelope: TestAPI_10 {API_LOGGER.admin--TestAPI_10}

The result log at TestAPI_11.log is:

TID: [2017-01-20 17:10:57,702]  INFO {API_LOGGER.admin--TestAPI_11} -  Initializing API: admin--TestAPI_11:v1.0.0 {API_LOGGER.admin--TestAPI_11}
TID: [2017-01-20 17:12:05,909]  INFO {API_LOGGER.admin--TestAPI_11} -  Initializing API: admin--TestAPI_11:v1.0.0 {API_LOGGER.admin--TestAPI_11}
TID: [2017-01-20 17:12:07,910]  INFO {API_LOGGER.admin--TestAPI_11} -  Destroying API: admin--TestAPI_11:v1.0.0 {API_LOGGER.admin--TestAPI_11}
TID: [2017-01-20 17:12:17,324]  INFO {API_LOGGER.admin--TestAPI_11} -  To: /testAPI_11/1.0.0, MessageID: urn:uuid:a3fd5281-3382-4df2-9195-84e0192e0c0b, Direction: request, Envelope: TestAPI_11 {API_LOGGER.admin--TestAPI_11}

Posted by at No comments:
Labels:

Wednesday, January 18, 2017

Connect to Remote IBM Websphere MQ v8 using WSO2 ESB 4.9.0

To achieve the remote connection with IBM MQ, get your .bindings generated from the IBM MQ and copy it to a folder where ESB instance is running. Edit it and replace all the localhost -> [ip of the websphere MQ]. Here my ip is 172.22.217.23 and below is the updated .bindings file.

#This file is used by the JNDI FSContext.
#Wed Dec 21 12:38:07 IST 2016
ConnectionFactoryNormal/RefAddr/73/Encoding=String
ConnectionFactoryNormal/RefAddr/7/Type=MNS
ConnectionFactoryNormal/RefAddr/33/Encoding=String
ConnectionFactoryNormal/RefAddr/74/Type=XMSC_WMQ_PUB_ACK_INTERVAL
ConnectionFactoryNormal/RefAddr/77/Content=1
LOCALQUEUENORMAL/RefAddr/3/Encoding=String
LOCALQUEUENORMAL/RefAddr/0/Content=7
ConnectionFactoryNormal/RefAddr/9/Content=NONE 
ConnectionFactoryNormal/RefAddr/34/Type=wildcardFormat
ConnectionFactoryNormal/RefAddr/59/Content=[0]
ConnectionFactoryNormal/RefAddr/66/Content=0
ConnectionFactoryNormal/RefAddr/81/Type=XMSC_WMQ_STATUS_REFRESH_INTERVAL
ConnectionFactoryNormal/RefAddr/88/Type=XMSC_WMQ_BROKER_CC_SUBQ
ConnectionFactoryNormal/RefAddr/26/Encoding=String
ConnectionFactoryNormal/RefAddr/48/Content=1800
ConnectionFactoryNormal/RefAddr/5/Content=SYSTEM.DEF.SVRCONN
ConnectionFactoryNormal/RefAddr/55/Content=true
ConnectionFactoryNormal/RefAddr/9/Encoding=String
ConnectionFactoryNormal/RefAddr/37/Content=1
ConnectionFactoryNormal/RefAddr/51/Content=0
ConnectionFactoryNormal/RefAddr/96/Encoding=String
ConnectionFactoryNormal/RefAddr/56/Encoding=String
LOCALQUEUENORMAL/RefAddr/5/Type=TC
ConnectionFactoryNormal/RefAddr/26/Content=1
ConnectionFactoryNormal/RefAddr/33/Content=[0]
ConnectionFactoryNormal/RefAddr/43/Type=XMSC_WMQ_CLEANUP_LEVEL
ConnectionFactoryNormal/RefAddr/40/Content=-1
ConnectionFactoryNormal/RefAddr/90/Type=XMSC_WMQ_CLEANUP_INTERVAL
ConnectionFactoryNormal/RefAddr/97/Type=XMSC_WMQ_SSL_PEER_NAME
ConnectionFactoryNormal/RefAddr/22/Content=1
ConnectionFactoryNormal/RefAddr/103/Content=0
ConnectionFactoryNormal/RefAddr/5/Encoding=String
ConnectionFactoryNormal/RefAddr/49/Encoding=String
ConnectionFactoryNormal/RefAddr/50/Type=XMSC_WMQ_RECEIVE_EXIT_INIT
ConnectionFactoryNormal/RefAddr/11/Content=0
ConnectionFactoryNormal/RefAddr/57/Type=XMSC_WMQ_CONNECTION_MODE
ConnectionFactoryNormal/RefAddr/52/Encoding=String
ConnectionFactoryNormal/RefAddr/12/Encoding=String
LOCALQUEUENORMAL/RefAddr/15/Encoding=String
ConnectionFactoryNormal/RefAddr/10/Type=CT
ConnectionFactoryNormal/RefAddr/79/Encoding=String
ConnectionFactoryNormal/RefAddr/17/Type=UCP
ConnectionFactoryNormal/RefAddr/64/Type=XMSC_WMQ_RECEIVE_ISOLATION
ConnectionFactoryNormal/RefAddr/82/Encoding=String
ConnectionFactoryNormal/RefAddr/42/Encoding=String
LOCALQUEUENORMAL/RefAddr/9/Content=2
ConnectionFactoryNormal/RefAddr/101/Type=XMSC_WMQ_QMGR_CCSID
LOCALQUEUENORMAL/RefAddr/11/Encoding=String
LOCALQUEUENORMAL/RefAddr/13/Type=RACP
LOCALQUEUENORMAL/RefAddr/19/Content=1208
ConnectionFactoryNormal/RefAddr/75/Encoding=String
ConnectionFactoryNormal/RefAddr/35/Encoding=String
ConnectionFactoryNormal/RefAddr/26/Type=AEX
ConnectionFactoryNormal/RefAddr/6/Type=CCS
ConnectionFactoryNormal/RefAddr/73/Type=XMSC_RTT_PROXY_HOSTNAME
LOCALQUEUENORMAL/RefAddr/15/Content=-1
LOCALQUEUENORMAL/RefAddr/5/Encoding=String
ConnectionFactoryNormal/RefAddr/79/Content=17
ConnectionFactoryNormal/RefAddr/86/Content=1
ConnectionFactoryNormal/RefAddr/93/Content=5000
LOCALQUEUENORMAL/RefAddr/11/Content=false
ConnectionFactoryNormal/RefAddr/33/Type=XMSC_WMQ_HEADER_COMP
ConnectionFactoryNormal/RefAddr/28/Encoding=String
ConnectionFactoryNormal/RefAddr/80/Type=XMSC_WMQ_PROVIDER_VERSION
ConnectionFactoryNormal/RefAddr/102/Encoding=String
ConnectionFactoryNormal/RefAddr/82/Content=com.ibm.msg.client.wmq
ConnectionFactoryNormal/RefAddr/87/Type=XMSC_WMQ_SYNCPOINT_ALL_GETS
ConnectionFactoryNormal/RefAddr/7/Content=true
ConnectionFactoryNormal/RefAddr/64/Content=0
ConnectionFactoryNormal/RefAddr/71/Content=true
ConnectionFactoryNormal/RefAddr/98/Encoding=String
ConnectionFactoryNormal/RefAddr/58/Encoding=String
LOCALQUEUENORMAL/RefAddr/1/Encoding=String
ConnectionFactoryNormal/RefAddr/18/Encoding=String
ConnectionFactoryNormal/RefAddr/3/Content=172.22.217.23
ConnectionFactoryNormal/RefAddr/53/Content=10
ConnectionFactoryNormal/RefAddr/61/Encoding=String
ConnectionFactoryNormal/RefAddr/60/Content=0
ConnectionFactoryNormal/RefAddr/21/Encoding=String
LOCALQUEUENORMAL/RefAddr/4/Type=CCS
ConnectionFactoryNormal/RefAddr/42/Type=XMSC_WMQ_MESSAGE_SELECTION
ConnectionFactoryNormal/ClassName=com.ibm.mq.jms.MQQueueConnectionFactory
ConnectionFactoryNormal/RefAddr/42/Content=0
ConnectionFactoryNormal/RefAddr/49/Type=XMSC_WMQ_TEMP_TOPIC_PREFIX
ConnectionFactoryNormal/RefAddr/96/Type=XMSC_WMQ_SSL_CERT_STORES_STR
ConnectionFactoryNormal/RefAddr/91/Encoding=String
ConnectionFactoryNormal/RefAddr/31/Content=
ConnectionFactoryNormal/RefAddr/14/Encoding=String
ConnectionFactoryNormal/RefAddr/20/Content=0
ConnectionFactoryNormal/RefAddr/56/Type=XMSC_WMQ_SPARSE_SUBSCRIPTIONS
LOCALQUEUENORMAL/RefAddr/17/Encoding=String
ConnectionFactoryNormal/RefAddr/101/Content=819
LOCALQUEUENORMAL/RefAddr/20/Encoding=String
ConnectionFactoryNormal/RefAddr/0/Encoding=String
ConnectionFactoryNormal/RefAddr/84/Encoding=String
ConnectionFactoryNormal/RefAddr/16/Type=SPAG
ConnectionFactoryNormal/RefAddr/44/Encoding=String
ConnectionFactoryNormal/RefAddr/63/Type=XMSC_WMQ_POLLING_INTERVAL
ConnectionFactoryNormal/RefAddr/100/Type=XMSC_WMQ_SECURITY_EXIT_INIT
LOCALQUEUENORMAL/RefAddr/7/Content=1
ConnectionFactoryNormal/RefAddr/77/Encoding=String
ConnectionFactoryNormal/RefAddr/37/Encoding=String
LOCALQUEUENORMAL/RefAddr/12/Type=MDCTX
LOCALQUEUENORMAL/RefAddr/19/Type=RCCS
ConnectionFactoryNormal/RefAddr/40/Encoding=String
LOCALQUEUENORMAL/RefAddr/3/Content=-2
ConnectionFactoryNormal/RefAddr/25/Type=TCM
ConnectionFactoryNormal/RefAddr/5/Type=CHAN
ConnectionFactoryNormal/RefAddr/72/Type=XMSC_RTT_PROXY_PORT
LOCALQUEUENORMAL/RefAddr/7/Encoding=String
ConnectionFactoryNormal/RefAddr/79/Type=XMSC_ADMIN_OBJECT_TYPE
ConnectionFactoryNormal/RefAddr/67/Encoding=String
ConnectionFactoryNormal/RefAddr/70/Encoding=String
ConnectionFactoryNormal/RefAddr/30/Encoding=String
ConnectionFactoryNormal/RefAddr/104/Encoding=String
ConnectionFactoryNormal/RefAddr/32/Type=MRET
LOCALQUEUENORMAL/RefAddr/13/Content=2
LOCALQUEUENORMAL/RefAddr/20/Content=1
ConnectionFactoryNormal/RefAddr/39/Type=XMSC_WMQ_SSL_SOCKET_FACTORY
ConnectionFactoryNormal/RefAddr/86/Type=failIfQuiesce
ConnectionFactoryNormal/RefAddr/91/Content=
ConnectionFactoryNormal/RefAddr/29/Content=172.22.217.23(1414)
ConnectionFactoryNormal/RefAddr/36/Content=SYSTEM.BROKER.DEFAULT.STREAM
ConnectionFactoryNormal/RefAddr/63/Encoding=String
ConnectionFactoryNormal/RefAddr/80/Content=8
ConnectionFactoryNormal/RefAddr/23/Encoding=String
ConnectionFactoryNormal/RefAddr/18/Content=5000
ConnectionFactoryNormal/RefAddr/25/Content=true
ConnectionFactoryNormal/RefAddr/100/Encoding=String
LOCALQUEUENORMAL/RefAddr/3/Type=PER
ConnectionFactoryNormal/RefAddr/62/Content=
ConnectionFactoryNormal/RefAddr/41/Type=multicast
ConnectionFactoryNormal/RefAddr/14/Content=0
ConnectionFactoryNormal/RefAddr/1/Content=1
ConnectionFactoryNormal/RefAddr/48/Type=XMSC_WMQ_CLIENT_RECONNECT_TIMEOUT
ConnectionFactoryNormal/RefAddr/93/Encoding=String
ConnectionFactoryNormal/RefAddr/95/Type=XMSC_WMQ_SEND_EXIT
ConnectionFactoryNormal/RefAddr/16/Encoding=String
LOCALQUEUENORMAL/RefAddr/19/Encoding=String
ConnectionFactoryNormal/RefAddr/55/Type=XMSC_WMQ_TARGET_CLIENT_MATCHING
ConnectionFactoryNormal/RefAddr/2/Encoding=String
ConnectionFactoryNormal/RefAddr/86/Encoding=String
ConnectionFactoryNormal/RefAddr/46/Encoding=String
ConnectionFactoryNormal/RefAddr/15/Type=SFIPS
ConnectionFactoryNormal/RefAddr/62/Type=XMSC_WMQ_TEMP_Q_PREFIX
LOCALQUEUENORMAL/RefAddr/12/Encoding=String
ConnectionFactoryNormal/RefAddr/39/Encoding=String
LOCALQUEUENORMAL/RefAddr/18/Content=0
LOCALQUEUENORMAL/RefAddr/11/Type=MDW
ConnectionFactoryNormal/FactoryName=com.ibm.mq.jms.MQQueueConnectionFactoryFactory
LOCALQUEUENORMAL/RefAddr/18/Type=RTOST
ConnectionFactoryNormal/RefAddr/89/Content=false
LOCALQUEUENORMAL/RefAddr/9/Encoding=String
ConnectionFactoryNormal/RefAddr/24/Type=RINT
LOCALQUEUENORMAL/RefAddr/5/Content=0
ConnectionFactoryNormal/RefAddr/4/Type=PORT
ConnectionFactoryNormal/RefAddr/69/Encoding=String
ConnectionFactoryNormal/RefAddr/71/Type=XMSC_WMQ_OUTCOME_NOTIFICATION
ConnectionFactoryNormal/RefAddr/78/Content=7
ConnectionFactoryNormal/RefAddr/72/Encoding=String
ConnectionFactoryNormal/RefAddr/78/Type=version
ConnectionFactoryNormal/RefAddr/32/Encoding=String
LOCALQUEUENORMAL/RefAddr/1/Content=-2
ConnectionFactoryNormal/RefAddr/67/Content=ESBQManagerNormal
ConnectionFactoryNormal/RefAddr/31/Type=TQPFX
ConnectionFactoryNormal/RefAddr/38/Type=XMSC_WMQ_BROKER_SUBQ
LOCALQUEUENORMAL/RefAddr/2/Encoding=String
LOCALQUEUENORMAL/RefAddr/20/Type=RCNV
ConnectionFactoryNormal/RefAddr/49/Content=
ConnectionFactoryNormal/RefAddr/85/Type=XMSC_ASYNC_EXCEPTIONS
ConnectionFactoryNormal/RefAddr/56/Content=false
ConnectionFactoryNormal/RefAddr/65/Encoding=String
ConnectionFactoryNormal/RefAddr/25/Encoding=String
ConnectionFactoryNormal/RefAddr/38/Content=SYSTEM.JMS.ND.SUBSCRIBER.QUEUE
ConnectionFactoryNormal/RefAddr/45/Content=1
ConnectionFactoryNormal/RefAddr/8/Encoding=String
ConnectionFactoryNormal/RefAddr/27/Content=0
ConnectionFactoryNormal/RefAddr/34/Content=0
LOCALQUEUENORMAL/RefAddr/2/Type=PRI
ConnectionFactoryNormal/RefAddr/95/Encoding=String
LOCALQUEUENORMAL/RefAddr/9/Type=MBODY
ConnectionFactoryNormal/RefAddr/55/Encoding=String
ConnectionFactoryNormal/RefAddr/40/Type=brokerVersion
ConnectionFactoryNormal/RefAddr/16/Content=false
ConnectionFactoryNormal/RefAddr/47/Type=XMSC_WMQ_RECEIVE_EXIT
ConnectionFactoryNormal/RefAddr/23/Content=
ConnectionFactoryNormal/RefAddr/30/Content=SYSTEM.DEFAULT.MODEL.QUEUE
ConnectionFactoryNormal/RefAddr/104/Content=false
ConnectionFactoryNormal/RefAddr/94/Type=XMSC_WMQ_BROKER_CONTROLQ
ConnectionFactoryNormal/RefAddr/12/Content=0
ConnectionFactoryNormal/RefAddr/4/Encoding=String
ConnectionFactoryNormal/RefAddr/54/Type=XMSC_WMQ_USE_CONNECTION_POOLING
ConnectionFactoryNormal/RefAddr/88/Encoding=String
ConnectionFactoryNormal/RefAddr/48/Encoding=String
ConnectionFactoryNormal/RefAddr/51/Encoding=String
ConnectionFactoryNormal/RefAddr/11/Encoding=String
LOCALQUEUENORMAL/RefAddr/14/Encoding=String
ConnectionFactoryNormal/RefAddr/14/Type=SRC
ConnectionFactoryNormal/RefAddr/61/Type=XMSC_WMQ_CHANNEL
ConnectionFactoryNormal/RefAddr/78/Encoding=String
ConnectionFactoryNormal/RefAddr/68/Type=XMSC_WMQ_SSL_CIPHER_SUITE
ConnectionFactoryNormal/RefAddr/81/Encoding=String
LOCALQUEUENORMAL/RefAddr/10/Type=MDR
LOCALQUEUENORMAL/RefAddr/10/Encoding=String
LOCALQUEUENORMAL/RefAddr/17/Type=QMGR
ConnectionFactoryNormal/RefAddr/23/Type=LA
LOCALQUEUENORMAL/RefAddr/16/Content=LOCALQUEUENORMAL
ConnectionFactoryNormal/RefAddr/74/Encoding=String
ConnectionFactoryNormal/RefAddr/34/Encoding=String
ConnectionFactoryNormal/RefAddr/3/Type=HOST
ConnectionFactoryNormal/RefAddr/70/Type=XMSC_WMQ_SEND_CHECK_COUNT
ConnectionFactoryNormal/RefAddr/77/Type=XMSC_WMQ_MESSAGE_RETENTION
ConnectionFactoryNormal/RefAddr/87/Content=false
LOCALQUEUENORMAL/RefAddr/4/Encoding=String
ConnectionFactoryNormal/RefAddr/30/Type=TM
ConnectionFactoryNormal/RefAddr/69/Content=0
ConnectionFactoryNormal/RefAddr/37/Type=XMSC_WMQ_SHARE_CONV_ALLOWED
ConnectionFactoryNormal/RefAddr/27/Encoding=String
ConnectionFactoryNormal/RefAddr/84/Type=XMSC_WMQ_CCDTURL
ConnectionFactoryNormal/RefAddr/8/Content=NONE 
ConnectionFactoryNormal/RefAddr/58/Content=1000
ConnectionFactoryNormal/RefAddr/65/Content=1
ConnectionFactoryNormal/RefAddr/72/Content=443
LOCALQUEUENORMAL/ClassName=com.ibm.mq.jms.MQQueue
ConnectionFactoryNormal/RefAddr/4/Content=1414
ConnectionFactoryNormal/RefAddr/54/Content=true
ConnectionFactoryNormal/RefAddr/61/Content=SYSTEM.DEF.SVRCONN
ConnectionFactoryNormal/RefAddr/97/Encoding=String
ConnectionFactoryNormal/RefAddr/57/Encoding=String
LOCALQUEUENORMAL/RefAddr/0/Encoding=String
LOCALQUEUENORMAL/RefAddr/1/Type=EXP
ConnectionFactoryNormal/RefAddr/43/Content=1
ConnectionFactoryNormal/RefAddr/60/Encoding=String
LOCALQUEUENORMAL/RefAddr/8/Type=WCFMT
ConnectionFactoryNormal/RefAddr/20/Encoding=String
ConnectionFactoryNormal/RefAddr/46/Type=XMSC_WMQ_SSL_CERT_STORES_COL
ConnectionFactoryNormal/RefAddr/93/Type=XMSC_WMQ_RESCAN_INTERVAL
ConnectionFactoryNormal/RefAddr/32/Content=1
ConnectionFactoryNormal/RefAddr/6/Encoding=String
ConnectionFactoryNormal/RefAddr/90/Encoding=String
ConnectionFactoryNormal/RefAddr/21/Content=10
ConnectionFactoryNormal/RefAddr/102/Content=172.22.217.23(1414)
LOCALQUEUENORMAL/FactoryName=com.ibm.mq.jms.MQQueueFactory
ConnectionFactoryNormal/RefAddr/53/Type=XMSC_WMQ_MSG_BATCH_SIZE
ConnectionFactoryNormal/RefAddr/53/Encoding=String
ConnectionFactoryNormal/RefAddr/13/Encoding=String
ConnectionFactoryNormal/RefAddr/10/Content=\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000
LOCALQUEUENORMAL/RefAddr/16/Encoding=String
ConnectionFactoryNormal/RefAddr/13/Type=SCALD
ConnectionFactoryNormal/RefAddr/60/Type=XMSC_WMQ_CLIENT_RECONNECT_OPTIONS
ConnectionFactoryNormal/RefAddr/83/Encoding=String
ConnectionFactoryNormal/RefAddr/43/Encoding=String
ConnectionFactoryNormal/RefAddr/67/Type=XMSC_WMQ_QUEUE_MANAGER
LOCALQUEUENORMAL/RefAddr/8/Content=0
ConnectionFactoryNormal/RefAddr/69/Type=XMSC_WMQ_CLONE_SUPPORT
ConnectionFactoryNormal/RefAddr/104/Type=XMSC_WMQ_SSL_FIPS_REQUIRED
ConnectionFactoryNormal/RefAddr/76/Encoding=String
LOCALQUEUENORMAL/RefAddr/16/Type=QU
LOCALQUEUENORMAL/RefAddr/4/Content=1208
ConnectionFactoryNormal/RefAddr/36/Encoding=String
ConnectionFactoryNormal/RefAddr/22/Type=FIQ
ConnectionFactoryNormal/RefAddr/2/Type=QMGR
ConnectionFactoryNormal/RefAddr/29/Type=CRSHOSTS
ConnectionFactoryNormal/RefAddr/9/Type=MC
ConnectionFactoryNormal/RefAddr/76/Type=XMSC_WMQ_CF_DESCRIPTION
LOCALQUEUENORMAL/RefAddr/6/Encoding=String
LOCALQUEUENORMAL/RefAddr/14/Content=-1
ConnectionFactoryNormal/RefAddr/66/Encoding=String
ConnectionFactoryNormal/RefAddr/29/Encoding=String
ConnectionFactoryNormal/RefAddr/103/Encoding=String
ConnectionFactoryNormal/RefAddr/85/Content=1
ConnectionFactoryNormal/RefAddr/36/Type=XMSC_WMQ_BROKER_PUBQ
ConnectionFactoryNormal/RefAddr/92/Content=SYSTEM.DEFAULT.MODEL.QUEUE
LOCALQUEUENORMAL/RefAddr/10/Content=false
ConnectionFactoryNormal/RefAddr/83/Type=XMSC_WMQ_SSL_KEY_RESETCOUNT
ConnectionFactoryNormal/RefAddr/74/Content=25
ConnectionFactoryNormal/RefAddr/81/Content=60000
ConnectionFactoryNormal/RefAddr/19/Content=8
ConnectionFactoryNormal/RefAddr/99/Encoding=String
ConnectionFactoryNormal/RefAddr/59/Encoding=String
ConnectionFactoryNormal/RefAddr/19/Encoding=String
ConnectionFactoryNormal/RefAddr/6/Content=819
ConnectionFactoryNormal/RefAddr/63/Content=5000
ConnectionFactoryNormal/RefAddr/62/Encoding=String
ConnectionFactoryNormal/RefAddr/70/Content=0
ConnectionFactoryNormal/RefAddr/22/Encoding=String
LOCALQUEUENORMAL/RefAddr/0/Type=VER
ConnectionFactoryNormal/RefAddr/15/Content=false
LOCALQUEUENORMAL/RefAddr/7/Type=FIQ
ConnectionFactoryNormal/RefAddr/2/Content=ESBQManagerNormal
ConnectionFactoryNormal/RefAddr/52/Content=true
ConnectionFactoryNormal/RefAddr/45/Type=XMSC_WMQ_SUBSCRIPTION_STORE
ConnectionFactoryNormal/RefAddr/89/Encoding=String
ConnectionFactoryNormal/RefAddr/92/Type=XMSC_WMQ_TEMPORARY_MODEL
ConnectionFactoryNormal/RefAddr/92/Encoding=String
ConnectionFactoryNormal/RefAddr/41/Content=0
ConnectionFactoryNormal/RefAddr/99/Type=XMSC_WMQ_BROKER_QMGR
ConnectionFactoryNormal/RefAddr/15/Encoding=String
LOCALQUEUENORMAL/RefAddr/18/Encoding=String
ConnectionFactoryNormal/RefAddr/52/Type=XMSC_WMQ_MAP_NAME_STYLE
ConnectionFactoryNormal/RefAddr/59/Type=XMSC_WMQ_MSG_COMP
ConnectionFactoryNormal/RefAddr/1/Encoding=String
ConnectionFactoryNormal/RefAddr/85/Encoding=String
ConnectionFactoryNormal/RefAddr/45/Encoding=String
ConnectionFactoryNormal/RefAddr/12/Type=SCC
ConnectionFactoryNormal/RefAddr/19/Type=PVER
ConnectionFactoryNormal/RefAddr/66/Type=XMSC_WMQ_PROCESS_DURATION
ConnectionFactoryNormal/RefAddr/38/Encoding=String
ConnectionFactoryNormal/RefAddr/103/Type=XMSC_RTT_DIRECT_AUTH
ConnectionFactoryNormal/RefAddr/41/Encoding=String
LOCALQUEUENORMAL/RefAddr/15/Type=PAALD
LOCALQUEUENORMAL/RefAddr/6/Content=273
ConnectionFactoryNormal/RefAddr/21/Type=MBS
ConnectionFactoryNormal/RefAddr/1/Type=TRAN
LOCALQUEUENORMAL/RefAddr/8/Encoding=String
ConnectionFactoryNormal/RefAddr/28/Type=CRT
ConnectionFactoryNormal/RefAddr/8/Type=HC
ConnectionFactoryNormal/RefAddr/68/Encoding=String
ConnectionFactoryNormal/RefAddr/75/Type=XMSC_WMQ_SECURITY_EXIT
LOCALQUEUENORMAL/RefAddr/2/Content=-2
ConnectionFactoryNormal/RefAddr/71/Encoding=String
ConnectionFactoryNormal/RefAddr/31/Encoding=String
ConnectionFactoryNormal/RefAddr/57/Content=1
ConnectionFactoryNormal/RefAddr/35/Type=XMSC_WMQ_CONNECTION_TAG
ConnectionFactoryNormal/RefAddr/94/Content=SYSTEM.BROKER.CONTROL.QUEUE
ConnectionFactoryNormal/RefAddr/82/Type=XMSC_CONNECTION_TYPE_NAME
LOCALQUEUENORMAL/RefAddr/12/Content=0
ConnectionFactoryNormal/RefAddr/89/Type=XMSC_WMQ_OPT_PUB
ConnectionFactoryNormal/RefAddr/83/Content=0
ConnectionFactoryNormal/RefAddr/64/Encoding=String
ConnectionFactoryNormal/RefAddr/90/Content=3600000
ConnectionFactoryNormal/RefAddr/24/Encoding=String
ConnectionFactoryNormal/RefAddr/28/Content=1800
ConnectionFactoryNormal/RefAddr/35/Content=[B@9e7132af
ConnectionFactoryNormal/RefAddr/101/Encoding=String
ConnectionFactoryNormal/RefAddr/7/Encoding=String
ConnectionFactoryNormal/RefAddr/17/Content=true
LOCALQUEUENORMAL/RefAddr/6/Type=ENC
ConnectionFactoryNormal/RefAddr/24/Content=5000
ConnectionFactoryNormal/RefAddr/94/Encoding=String
ConnectionFactoryNormal/RefAddr/44/Type=XMSC_CLIENT_ID
ConnectionFactoryNormal/RefAddr/54/Encoding=String
ConnectionFactoryNormal/RefAddr/91/Type=XMSC_WMQ_LOCAL_ADDRESS
ConnectionFactoryNormal/RefAddr/13/Content=1
ConnectionFactoryNormal/RefAddr/17/Encoding=String
ConnectionFactoryNormal/RefAddr/98/Type=XMSC_WMQ_SEND_EXIT_INIT
ConnectionFactoryNormal/RefAddr/0/Content=7
ConnectionFactoryNormal/RefAddr/51/Type=XMSC_WMQ_CONNECT_OPTIONS
ConnectionFactoryNormal/RefAddr/3/Encoding=String
ConnectionFactoryNormal/RefAddr/58/Type=XMSC_WMQ_MAX_BUFFER_SIZE
ConnectionFactoryNormal/RefAddr/87/Encoding=String
ConnectionFactoryNormal/RefAddr/47/Encoding=String
ConnectionFactoryNormal/RefAddr/50/Encoding=String
ConnectionFactoryNormal/RefAddr/10/Encoding=String
ConnectionFactoryNormal/RefAddr/11/Type=CTO
LOCALQUEUENORMAL/RefAddr/13/Encoding=String
ConnectionFactoryNormal/RefAddr/18/Type=PINT
ConnectionFactoryNormal/RefAddr/65/Type=XMSC_CONNECTION_TYPE
ConnectionFactoryNormal/RefAddr/80/Encoding=String
ConnectionFactoryNormal/RefAddr/102/Type=XMSC_WMQ_CONNECTION_NAME_LIST_INT
ConnectionFactoryNormal/RefAddr/99/Content=
LOCALQUEUENORMAL/RefAddr/14/Type=RAALD
LOCALQUEUENORMAL/RefAddr/17/Content=ESBQManagerNormal
ConnectionFactoryNormal/RefAddr/20/Type=WCFMT
ConnectionFactoryNormal/RefAddr/0/Type=VER
ConnectionFactoryNormal/RefAddr/88/Content=SYSTEM.JMS.ND.CC.SUBSCRIBER.QUEUE
ConnectionFactoryNormal/RefAddr/27/Type=CROPT


Then modify the axis2.xml below to point to the updated .bindings location.

<parameter name="java.naming.provider.url" locked="false">file:///home/mqm/wso2/IBM/bindnormal/</parameter>

After the change restart the server, now you will be able to connect to the remote IBM Websphere MQ.



Posted by at 4 comments:
Labels:

Friday, January 13, 2017

Using dynamic alias name inside wso2:vault-lookup in WSO2 ESB 5.0.0


Below is a sample proxy service to use dynamic alias names inside wso2:vault-lookup.

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="UsingDynamicAlias"
       startOnLoad="true"
       statistics="disable"
       trace="disable"
       transports="https,http">
   <target>
      <inSequence>
         <log level="custom">
            <property name="STATUS"
                      value="------------------UsingDynamicAlias Proxy Invoked-----------------"/>
         </log>
         <property name="alias_name" value="testAlias"/>
         <log>
            <property expression="wso2:vault-lookup(get-property('alias_name'))"
                      name="secured_password"/>
         </log>
      </inSequence>
   </target>
   <description/>
</proxy>

The Result Log:

[2017-01-13 21:50:27,121]  INFO - ProxyService Successfully created the Axis2 service for Proxy service : UsingDynamicAlias
[2017-01-13 21:52:13,071]  INFO - LogMediator STATUS = ------------------UsingDynamicAlias Proxy Invoked-----------------
[2017-01-13 21:52:13,106]  INFO - DependencyTracker Local entry : conf:/repository/components/secure-vault was added to the Synapse configuration successfully
[2017-01-13 21:52:13,109]  INFO - LogMediator To: /services/UsingDynamicAlias.UsingDynamicAliasHttpSoap11Endpoint, WSAction: urn:mediate, SOAPAction: urn:mediate, MessageID: urn:uuid:989b03ef-55e1-49ff-9942-1dab202edfe5, Direction: request, secured_password = ajanpassword

Posted by at No comments:
Labels:

Tuesday, January 3, 2017

1-way SSL Communication between WSO2 ESB4.9.0 and IBM Websphere MQ v8 - PART2


7) Logging the SSL communication handshaking.

sh wso2esb-4.9.0-blog/bin/wso2server.sh -Djavax.net.debug=all -> SSL_RSA_WITH_3DES_EDE_CBC_SHA.txt


[2016-12-30 18:15:24,685]  INFO - JMSListener JMS listener started
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1483101669 bytes = { 118, 249, 140, 177, 16, 207, 139, 191, 242, 183, 191, 31, 46, 27, 193, 46, 213, 175, 178, 128, 31, 180, 76, 211, 94, 117, 138, 124 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes:  len = 52
0000: 01 00 00 30 03 01 58 66   56 E5 76 F9 8C B1 10 CF  ...0..XfV.v.....
0010: 8B BF F2 B7 BF 1F 2E 1B   C1 2E D5 AF B2 80 1F B4  ................
0020: 4C D3 5E 75 8A 7C 00 00   02 00 0A 01 00 00 05 FF  L.^u............
0030: 01 00 01 00                                        ....
localhost-startStop-1, WRITE: TLSv1 Handshake, length = 52
[Raw write]: length = 57
0000: 16 03 01 00 34 01 00 00   30 03 01 58 66 56 E5 76  ....4...0..XfV.v
0010: F9 8C B1 10 CF 8B BF F2   B7 BF 1F 2E 1B C1 2E D5  ................
0020: AF B2 80 1F B4 4C D3 5E   75 8A 7C 00 00 02 00 0A  .....L.^u.......
0030: 01 00 00 05 FF 01 00 01   00                       .........
[Raw read]: length = 5
0000: 16 03 01 03 59                                     ....Y
[Raw read]: length = 857
0000: 02 00 00 4D 03 01 00 00   00 E5 F7 95 75 78 8F D0  ...M........ux..
0010: DB DF AE 82 B3 7E 7C E0   85 A2 04 C3 3B A4 DB C5  ............;...
0020: B3 8E 82 71 20 B5 20 38   BA 42 29 35 44 08 96 C1  ...q . 8.B)5D...
0030: 41 A2 34 EC A5 61 B5 BA   E7 E1 BD C9 71 1C 11 25  A.4..a......q..%
0040: 2A C4 CC 0E 67 2C CA 00   0A 00 00 05 FF 01 00 01  *...g,..........
0050: 00 0B 00 02 87 00 02 84   00 02 81 30 82 02 7D 30  ...........0...0
0060: 82 01 E6 A0 03 02 01 02   02 04 58 65 17 82 30 0D  ..........Xe..0.
0070: 06 09 2A 86 48 86 F7 0D   01 01 05 05 00 30 6D 31  ..*.H........0m1
0080: 0B 30 09 06 03 55 04 06   13 02 4C 4B 31 0D 30 0B  .0...U....LK1.0.
0090: 06 03 55 04 08 13 04 77   65 73 74 31 10 30 0E 06  ..U....west1.0..
00A0: 03 55 04 07 13 07 63 6F   6C 6F 6D 62 6F 31 0D 30  .U....colombo1.0
00B0: 0B 06 03 55 04 0A 13 04   77 73 6F 32 31 0C 30 0A  ...U....wso21.0.
00C0: 06 03 55 04 0B 13 03 65   73 62 31 20 30 1E 06 03  ..U....esb1 0...
00D0: 55 04 03 13 17 61 6A 61   6E 74 68 61 6E 2D 54 68  U....ajanthan-Th
00E0: 69 6E 6B 50 61 64 2D 54   34 34 30 70 30 1E 17 0D  inkPad-T440p0...
00F0: 31 36 31 32 32 39 31 34   30 32 34 32 5A 17 0D 31  161229140242Z..1
0100: 37 31 32 32 39 31 34 30   32 34 32 5A 30 6D 31 0B  71229140242Z0m1.
0110: 30 09 06 03 55 04 06 13   02 4C 4B 31 0D 30 0B 06  0...U....LK1.0..
0120: 03 55 04 08 13 04 77 65   73 74 31 10 30 0E 06 03  .U....west1.0...
0130: 55 04 07 13 07 63 6F 6C   6F 6D 62 6F 31 0D 30 0B  U....colombo1.0.
0140: 06 03 55 04 0A 13 04 77   73 6F 32 31 0C 30 0A 06  ..U....wso21.0..
0150: 03 55 04 0B 13 03 65 73   62 31 20 30 1E 06 03 55  .U....esb1 0...U
0160: 04 03 13 17 61 6A 61 6E   74 68 61 6E 2D 54 68 69  ....ajanthan-Thi
0170: 6E 6B 50 61 64 2D 54 34   34 30 70 30 81 9F 30 0D  nkPad-T440p0..0.
0180: 06 09 2A 86 48 86 F7 0D   01 01 01 05 00 03 81 8D  ..*.H...........
0190: 00 30 81 89 02 81 81 00   9B BC 5C 57 D9 01 11 6E  .0........\W...n
01A0: F9 89 C8 15 FD 0C C4 CD   0C 61 3D C1 AF 66 F5 5D  .........a=..f.]
01B0: 37 C8 05 F0 CB BA 39 FC   01 53 16 B2 F3 AE 42 9F  7.....9..S....B.
01C0: 24 7C 5E C4 4E C0 56 21   D0 6A 2A 4D A2 3F 27 46  $.^.N.V!.j*M.?'F
01D0: 5E 0F 52 7C E0 53 10 E7   B5 2F 82 08 91 4B 06 CC  ^.R..S.../...K..
01E0: 76 06 35 EA 13 B5 67 07   C2 5B 1A DE 9D D6 33 CC  v.5...g..[....3.
01F0: AB 4E 49 32 F8 D5 86 28   39 DB 73 58 8F 19 A1 81  .NI2...(9.sX....
0200: 3D 72 8C 6C 70 B1 22 DF   30 C0 10 81 44 30 39 40  =r.lp.".0...D09@
0210: 87 8E 18 F5 38 8A D3 5F   02 03 01 00 01 A3 2A 30  ....8.._......*0
0220: 28 30 13 06 03 55 1D 23   04 0C 30 0A 80 08 04 28  (0...U.#..0....(
0230: CD 25 B5 2B BE 52 30 11   06 03 55 1D 0E 04 0A 04  .%.+.R0...U.....
0240: 08 04 28 CD 25 B5 2B BE   52 30 0D 06 09 2A 86 48  ..(.%.+.R0...*.H
0250: 86 F7 0D 01 01 05 05 00   03 81 81 00 75 34 68 10  ............u4h.
0260: BB 71 28 07 52 09 A7 E3   A8 0D 33 95 F8 F1 88 3A  .q(.R.....3....:
0270: 73 13 E3 D7 3F 08 3C 2A   18 0D 5B 26 1A 60 58 09  s...?.<*..[&.`X.
0280: 4C 09 CB 26 DA C1 99 F5   04 B9 26 24 BC D5 48 69  L..&......&$..Hi
0290: 44 F5 41 E8 73 33 1B 61   57 68 6D 1D 8D 0E 71 9C  D.A.s3.aWhm...q.
02A0: E0 07 A2 B7 C4 05 30 B1   C6 EF 08 80 3E 79 0B 67  ......0.....>y.g
02B0: C3 1E E7 23 58 E4 C0 52   7D 31 61 6A A4 F8 36 39  ...#X..R.1aj..69
02C0: 0D 93 B9 A8 A7 1B 1B 85   6A 3A 47 71 6F 47 B8 E8  ........j:GqoG..
02D0: 68 8A 53 A6 9E 66 CE 93   A7 97 42 2F 0D 00 00 75  h.S..f....B/...u
02E0: 01 01 00 71 00 6F 30 6D   31 0B 30 09 06 03 55 04  ...q.o0m1.0...U.
02F0: 06 13 02 4C 4B 31 0D 30   0B 06 03 55 04 08 13 04  ...LK1.0...U....
0300: 77 65 73 74 31 10 30 0E   06 03 55 04 07 13 07 63  west1.0...U....c
0310: 6F 6C 6F 6D 62 6F 31 0D   30 0B 06 03 55 04 0A 13  olombo1.0...U...
0320: 04 77 73 6F 32 31 0C 30   0A 06 03 55 04 0B 13 03  .wso21.0...U....
0330: 65 73 62 31 20 30 1E 06   03 55 04 03 13 17 61 6A  esb1 0...U....aj
0340: 61 6E 74 68 61 6E 2D 54   68 69 6E 6B 50 61 64 2D  anthan-ThinkPad-
0350: 54 34 34 30 70 0E 00 00   00                       T440p....
localhost-startStop-1, READ: TLSv1 Handshake, length = 857
*** ServerHello, TLSv1
RandomCookie:  GMT: -27 bytes = { 247, 149, 117, 120, 143, 208, 219, 223, 174, 130, 179, 126, 124, 224, 133, 162, 4, 195, 59, 164, 219, 197, 179, 142, 130, 113, 32, 181 }
Session ID:  {56, 186, 66, 41, 53, 68, 8, 150, 193, 65, 162, 52, 236, 165, 97, 181, 186, 231, 225, 189, 201, 113, 28, 17, 37, 42, 196, 204, 14, 103, 44, 202}
Cipher Suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
[read] MD5 and SHA1 hashes:  len = 81
0000: 02 00 00 4D 03 01 00 00   00 E5 F7 95 75 78 8F D0  ...M........ux..
0010: DB DF AE 82 B3 7E 7C E0   85 A2 04 C3 3B A4 DB C5  ............;...
0020: B3 8E 82 71 20 B5 20 38   BA 42 29 35 44 08 96 C1  ...q . 8.B)5D...
0030: 41 A2 34 EC A5 61 B5 BA   E7 E1 BD C9 71 1C 11 25  A.4..a......q..%
0040: 2A C4 CC 0E 67 2C CA 00   0A 00 00 05 FF 01 00 01  *...g,..........
0050: 00                                                 .
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 109361386652187050654616234823827908562789195891666203185282006633704103921705602730977807798154726310494838271053493113115990241310829257811317251634138054170408008582147927146743592902016570993271525165694574823260610406549711733272218485805759122340881728888583401587419195151783350671558912291281964815199
  public exponent: 65537
  Validity: [From: Thu Dec 29 19:32:42 IST 2016,
               To: Fri Dec 29 19:32:42 IST 2017]
  Issuer: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  SerialNumber: [    58651782]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 75 34 68 10 BB 71 28 07   52 09 A7 E3 A8 0D 33 95  u4h..q(.R.....3.
0010: F8 F1 88 3A 73 13 E3 D7   3F 08 3C 2A 18 0D 5B 26  ...:s...?.<*..[&
0020: 1A 60 58 09 4C 09 CB 26   DA C1 99 F5 04 B9 26 24  .`X.L..&......&$
0030: BC D5 48 69 44 F5 41 E8   73 33 1B 61 57 68 6D 1D  ..HiD.A.s3.aWhm.
0040: 8D 0E 71 9C E0 07 A2 B7   C4 05 30 B1 C6 EF 08 80  ..q.......0.....
0050: 3E 79 0B 67 C3 1E E7 23   58 E4 C0 52 7D 31 61 6A  >y.g...#X..R.1aj
0060: A4 F8 36 39 0D 93 B9 A8   A7 1B 1B 85 6A 3A 47 71  ..69........j:Gq
0070: 6F 47 B8 E8 68 8A 53 A6   9E 66 CE 93 A7 97 42 2F  oG..h.S..f....B/

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 109361386652187050654616234823827908562789195891666203185282006633704103921705602730977807798154726310494838271053493113115990241310829257811317251634138054170408008582147927146743592902016570993271525165694574823260610406549711733272218485805759122340881728888583401587419195151783350671558912291281964815199
  public exponent: 65537
  Validity: [From: Thu Dec 29 19:32:42 IST 2016,
               To: Fri Dec 29 19:32:42 IST 2017]
  Issuer: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  SerialNumber: [    58651782]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 75 34 68 10 BB 71 28 07   52 09 A7 E3 A8 0D 33 95  u4h..q(.R.....3.
0010: F8 F1 88 3A 73 13 E3 D7   3F 08 3C 2A 18 0D 5B 26  ...:s...?.<*..[&
0020: 1A 60 58 09 4C 09 CB 26   DA C1 99 F5 04 B9 26 24  .`X.L..&......&$
0030: BC D5 48 69 44 F5 41 E8   73 33 1B 61 57 68 6D 1D  ..HiD.A.s3.aWhm.
0040: 8D 0E 71 9C E0 07 A2 B7   C4 05 30 B1 C6 EF 08 80  ..q.......0.....
0050: 3E 79 0B 67 C3 1E E7 23   58 E4 C0 52 7D 31 61 6A  >y.g...#X..R.1aj
0060: A4 F8 36 39 0D 93 B9 A8   A7 1B 1B 85 6A 3A 47 71  ..69........j:Gq
0070: 6F 47 B8 E8 68 8A 53 A6   9E 66 CE 93 A7 97 42 2F  oG..h.S..f....B/

]
[read] MD5 and SHA1 hashes:  len = 651
0000: 0B 00 02 87 00 02 84 00   02 81 30 82 02 7D 30 82  ..........0...0.
0010: 01 E6 A0 03 02 01 02 02   04 58 65 17 82 30 0D 06  .........Xe..0..
0020: 09 2A 86 48 86 F7 0D 01   01 05 05 00 30 6D 31 0B  .*.H........0m1.
0030: 30 09 06 03 55 04 06 13   02 4C 4B 31 0D 30 0B 06  0...U....LK1.0..
0040: 03 55 04 08 13 04 77 65   73 74 31 10 30 0E 06 03  .U....west1.0...
0050: 55 04 07 13 07 63 6F 6C   6F 6D 62 6F 31 0D 30 0B  U....colombo1.0.
0060: 06 03 55 04 0A 13 04 77   73 6F 32 31 0C 30 0A 06  ..U....wso21.0..
0070: 03 55 04 0B 13 03 65 73   62 31 20 30 1E 06 03 55  .U....esb1 0...U
0080: 04 03 13 17 61 6A 61 6E   74 68 61 6E 2D 54 68 69  ....ajanthan-Thi
0090: 6E 6B 50 61 64 2D 54 34   34 30 70 30 1E 17 0D 31  nkPad-T440p0...1
00A0: 36 31 32 32 39 31 34 30   32 34 32 5A 17 0D 31 37  61229140242Z..17
00B0: 31 32 32 39 31 34 30 32   34 32 5A 30 6D 31 0B 30  1229140242Z0m1.0
00C0: 09 06 03 55 04 06 13 02   4C 4B 31 0D 30 0B 06 03  ...U....LK1.0...
00D0: 55 04 08 13 04 77 65 73   74 31 10 30 0E 06 03 55  U....west1.0...U
00E0: 04 07 13 07 63 6F 6C 6F   6D 62 6F 31 0D 30 0B 06  ....colombo1.0..
00F0: 03 55 04 0A 13 04 77 73   6F 32 31 0C 30 0A 06 03  .U....wso21.0...
0100: 55 04 0B 13 03 65 73 62   31 20 30 1E 06 03 55 04  U....esb1 0...U.
0110: 03 13 17 61 6A 61 6E 74   68 61 6E 2D 54 68 69 6E  ...ajanthan-Thin
0120: 6B 50 61 64 2D 54 34 34   30 70 30 81 9F 30 0D 06  kPad-T440p0..0..
0130: 09 2A 86 48 86 F7 0D 01   01 01 05 00 03 81 8D 00  .*.H............
0140: 30 81 89 02 81 81 00 9B   BC 5C 57 D9 01 11 6E F9  0........\W...n.
0150: 89 C8 15 FD 0C C4 CD 0C   61 3D C1 AF 66 F5 5D 37  ........a=..f.]7
0160: C8 05 F0 CB BA 39 FC 01   53 16 B2 F3 AE 42 9F 24  .....9..S....B.$
0170: 7C 5E C4 4E C0 56 21 D0   6A 2A 4D A2 3F 27 46 5E  .^.N.V!.j*M.?'F^
0180: 0F 52 7C E0 53 10 E7 B5   2F 82 08 91 4B 06 CC 76  .R..S.../...K..v
0190: 06 35 EA 13 B5 67 07 C2   5B 1A DE 9D D6 33 CC AB  .5...g..[....3..
01A0: 4E 49 32 F8 D5 86 28 39   DB 73 58 8F 19 A1 81 3D  NI2...(9.sX....=
01B0: 72 8C 6C 70 B1 22 DF 30   C0 10 81 44 30 39 40 87  r.lp.".0...D09@.
01C0: 8E 18 F5 38 8A D3 5F 02   03 01 00 01 A3 2A 30 28  ...8.._......*0(
01D0: 30 13 06 03 55 1D 23 04   0C 30 0A 80 08 04 28 CD  0...U.#..0....(.
01E0: 25 B5 2B BE 52 30 11 06   03 55 1D 0E 04 0A 04 08  %.+.R0...U......
01F0: 04 28 CD 25 B5 2B BE 52   30 0D 06 09 2A 86 48 86  .(.%.+.R0...*.H.
0200: F7 0D 01 01 05 05 00 03   81 81 00 75 34 68 10 BB  ...........u4h..
0210: 71 28 07 52 09 A7 E3 A8   0D 33 95 F8 F1 88 3A 73  q(.R.....3....:s
0220: 13 E3 D7 3F 08 3C 2A 18   0D 5B 26 1A 60 58 09 4C  ...?.<*..[&.`X.L
0230: 09 CB 26 DA C1 99 F5 04   B9 26 24 BC D5 48 69 44  ..&......&$..HiD
0240: F5 41 E8 73 33 1B 61 57   68 6D 1D 8D 0E 71 9C E0  .A.s3.aWhm...q..
0250: 07 A2 B7 C4 05 30 B1 C6   EF 08 80 3E 79 0B 67 C3  .....0.....>y.g.
0260: 1E E7 23 58 E4 C0 52 7D   31 61 6A A4 F8 36 39 0D  ..#X..R.1aj..69.
0270: 93 B9 A8 A7 1B 1B 85 6A   3A 47 71 6F 47 B8 E8 68  .......j:GqoG..h
0280: 8A 53 A6 9E 66 CE 93 A7   97 42 2F                 .S..f....B/
*** CertificateRequest
Cert Types: RSA
Cert Authorities:
<CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK>
[read] MD5 and SHA1 hashes:  len = 121
0000: 0D 00 00 75 01 01 00 71   00 6F 30 6D 31 0B 30 09  ...u...q.o0m1.0.
0010: 06 03 55 04 06 13 02 4C   4B 31 0D 30 0B 06 03 55  ..U....LK1.0...U
0020: 04 08 13 04 77 65 73 74   31 10 30 0E 06 03 55 04  ....west1.0...U.
0030: 07 13 07 63 6F 6C 6F 6D   62 6F 31 0D 30 0B 06 03  ...colombo1.0...
0040: 55 04 0A 13 04 77 73 6F   32 31 0C 30 0A 06 03 55  U....wso21.0...U
0050: 04 0B 13 03 65 73 62 31   20 30 1E 06 03 55 04 03  ....esb1 0...U..
0060: 13 17 61 6A 61 6E 74 68   61 6E 2D 54 68 69 6E 6B  ..ajanthan-Think
0070: 50 61 64 2D 54 34 34 30   70                       Pad-T440p
*** ServerHelloDone
[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00                                        ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain

8) Configuring TLS cipher’s.

As mentioned in section 4, when we use TLS cipher suites then we need to do additional configuration at ESB wso2server.sh and also to the SSL configuration of IBM Websphere. 

For example: Take ECDHE_RSA_AES_128_CBC_SHA256 cipher spec. Based on the IBM documentation the mapped cipher suite is SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256. But this cipher suite is not supported by the non-IBM JDK oracle JDK and will get the below error:

Caused by: com.ibm.mq.jmqi.JmqiException: CC=2;RC=2393;AMQ9771: SSL handshake failed. [1=java.lang.IllegalArgumentException[Unsupported ciphersuite SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256],3=localhost/127.0.0.1:1414 (localhost),4=SSLSocket.createSocket,5=default]
 
Based on the 

http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840 

The latest mapped cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and if we want to use the TLS cipher suites, then we need to pass the -Dcom.ibm.mq.cfg.useIBMCipherMappings=false as JVM argument.

i) Add the below two properties to wso2server.sh

-Dcom.ibm.mq.cfg.useIBMCipherMappings=false \    
-DCMQC.SSL_CIPHER_SUITE_PROPERTY="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" \

 ii) Under Channel configure the cipher spec as below.




iii)Under Connection Factory configuration, configure the cipher suite as custom cipher suite as below:


 









Now you will be able to connect through SSL.



trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1483107437 bytes = { 43, 10, 141, 59, 44, 160, 128, 139, 99, 75, 221, 60, 183, 205, 56, 117, 139, 52, 98, 68, 83, 254, 38, 204, 207, 6, 62, 1 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes:  len = 142
0000: 01 00 00 8A 03 03 58 66   6C 6D 2B 0A 8D 3B 2C A0  ......Xflm+..;,.
0010: 80 8B 63 4B DD 3C B7 CD   38 75 8B 34 62 44 53 FE  ..cK.<..8u.4bDS.
0020: 26 CC CF 06 3E 01 00 00   02 C0 27 01 00 00 5F 00  &...>.....'..._.
0030: 0A 00 34 00 32 00 17 00   01 00 03 00 13 00 15 00  ..4.2...........
0040: 06 00 07 00 09 00 0A 00   18 00 0B 00 0C 00 19 00  ................
0050: 0D 00 0E 00 0F 00 10 00   11 00 02 00 12 00 04 00  ................
0060: 05 00 14 00 08 00 16 00   0B 00 02 01 00 00 0D 00  ................
0070: 18 00 16 06 03 06 01 05   03 05 01 04 03 04 01 03  ................
0080: 03 03 01 02 03 02 01 02   02 FF 01 00 01 00        ..............
localhost-startStop-1, WRITE: TLSv1.2 Handshake, length = 142
[Raw write]: length = 147
0000: 16 03 03 00 8E 01 00 00   8A 03 03 58 66 6C 6D 2B  ...........Xflm+
0010: 0A 8D 3B 2C A0 80 8B 63   4B DD 3C B7 CD 38 75 8B  ..;,...cK.<..8u.
0020: 34 62 44 53 FE 26 CC CF   06 3E 01 00 00 02 C0 27  4bDS.&...>.....'
0030: 01 00 00 5F 00 0A 00 34   00 32 00 17 00 01 00 03  ..._...4.2......
0040: 00 13 00 15 00 06 00 07   00 09 00 0A 00 18 00 0B  ................
0050: 00 0C 00 19 00 0D 00 0E   00 0F 00 10 00 11 00 02  ................
0060: 00 12 00 04 00 05 00 14   00 08 00 16 00 0B 00 02  ................
0070: 01 00 00 0D 00 18 00 16   06 03 06 01 05 03 05 01  ................
0080: 04 03 04 01 03 03 03 01   02 03 02 01 02 02 FF 01  ................
0090: 00 01 00                                           ...
[Raw read]: length = 5
0000: 16 03 03 04 46                                     ....F
[Raw read]: length = 1094
0000: 02 00 00 53 03 03 00 00   00 6F 17 C0 DD ED 62 17  ...S.....o....b.
0010: 64 23 48 53 92 9B 6E 6D   AF 1E 2B 7B 74 74 D6 6B  d#HS..nm..+.tt.k
0020: FD 37 96 CF E6 0A 20 AE   E6 C6 63 B2 01 41 79 85  .7.... ...c..Ay.
0030: EA D1 D3 89 E7 97 38 E6   14 3F 81 B5 24 04 A4 1A  ......8..?..$...
0040: 3E FC 7B 8E 3E 8C 94 C0   27 00 00 0B 00 0B 00 02  >...>...'.......
0050: 01 00 FF 01 00 01 00 0B   00 02 87 00 02 84 00 02  ................
0060: 81 30 82 02 7D 30 82 01   E6 A0 03 02 01 02 02 04  .0...0..........
0070: 58 65 17 82 30 0D 06 09   2A 86 48 86 F7 0D 01 01  Xe..0...*.H.....
0080: 05 05 00 30 6D 31 0B 30   09 06 03 55 04 06 13 02  ...0m1.0...U....
0090: 4C 4B 31 0D 30 0B 06 03   55 04 08 13 04 77 65 73  LK1.0...U....wes
00A0: 74 31 10 30 0E 06 03 55   04 07 13 07 63 6F 6C 6F  t1.0...U....colo
00B0: 6D 62 6F 31 0D 30 0B 06   03 55 04 0A 13 04 77 73  mbo1.0...U....ws
00C0: 6F 32 31 0C 30 0A 06 03   55 04 0B 13 03 65 73 62  o21.0...U....esb
00D0: 31 20 30 1E 06 03 55 04   03 13 17 61 6A 61 6E 74  1 0...U....ajant
00E0: 68 61 6E 2D 54 68 69 6E   6B 50 61 64 2D 54 34 34  han-ThinkPad-T44
00F0: 30 70 30 1E 17 0D 31 36   31 32 32 39 31 34 30 32  0p0...1612291402
0100: 34 32 5A 17 0D 31 37 31   32 32 39 31 34 30 32 34  42Z..17122914024
0110: 32 5A 30 6D 31 0B 30 09   06 03 55 04 06 13 02 4C  2Z0m1.0...U....L
0120: 4B 31 0D 30 0B 06 03 55   04 08 13 04 77 65 73 74  K1.0...U....west
0130: 31 10 30 0E 06 03 55 04   07 13 07 63 6F 6C 6F 6D  1.0...U....colom
0140: 62 6F 31 0D 30 0B 06 03   55 04 0A 13 04 77 73 6F  bo1.0...U....wso
0150: 32 31 0C 30 0A 06 03 55   04 0B 13 03 65 73 62 31  21.0...U....esb1
0160: 20 30 1E 06 03 55 04 03   13 17 61 6A 61 6E 74 68   0...U....ajanth
0170: 61 6E 2D 54 68 69 6E 6B   50 61 64 2D 54 34 34 30  an-ThinkPad-T440
0180: 70 30 81 9F 30 0D 06 09   2A 86 48 86 F7 0D 01 01  p0..0...*.H.....
0190: 01 05 00 03 81 8D 00 30   81 89 02 81 81 00 9B BC  .......0........
01A0: 5C 57 D9 01 11 6E F9 89   C8 15 FD 0C C4 CD 0C 61  \W...n.........a
01B0: 3D C1 AF 66 F5 5D 37 C8   05 F0 CB BA 39 FC 01 53  =..f.]7.....9..S
01C0: 16 B2 F3 AE 42 9F 24 7C   5E C4 4E C0 56 21 D0 6A  ....B.$.^.N.V!.j
01D0: 2A 4D A2 3F 27 46 5E 0F   52 7C E0 53 10 E7 B5 2F  *M.?'F^.R..S.../
01E0: 82 08 91 4B 06 CC 76 06   35 EA 13 B5 67 07 C2 5B  ...K..v.5...g..[
01F0: 1A DE 9D D6 33 CC AB 4E   49 32 F8 D5 86 28 39 DB  ....3..NI2...(9.
0200: 73 58 8F 19 A1 81 3D 72   8C 6C 70 B1 22 DF 30 C0  sX....=r.lp.".0.
0210: 10 81 44 30 39 40 87 8E   18 F5 38 8A D3 5F 02 03  ..D09@....8.._..
0220: 01 00 01 A3 2A 30 28 30   13 06 03 55 1D 23 04 0C  ....*0(0...U.#..
0230: 30 0A 80 08 04 28 CD 25   B5 2B BE 52 30 11 06 03  0....(.%.+.R0...
0240: 55 1D 0E 04 0A 04 08 04   28 CD 25 B5 2B BE 52 30  U.......(.%.+.R0
0250: 0D 06 09 2A 86 48 86 F7   0D 01 01 05 05 00 03 81  ...*.H..........
0260: 81 00 75 34 68 10 BB 71   28 07 52 09 A7 E3 A8 0D  ..u4h..q(.R.....
0270: 33 95 F8 F1 88 3A 73 13   E3 D7 3F 08 3C 2A 18 0D  3....:s...?.<*..
0280: 5B 26 1A 60 58 09 4C 09   CB 26 DA C1 99 F5 04 B9  [&.`X.L..&......
0290: 26 24 BC D5 48 69 44 F5   41 E8 73 33 1B 61 57 68  &$..HiD.A.s3.aWh
02A0: 6D 1D 8D 0E 71 9C E0 07   A2 B7 C4 05 30 B1 C6 EF  m...q.......0...
02B0: 08 80 3E 79 0B 67 C3 1E   E7 23 58 E4 C0 52 7D 31  ..>y.g...#X..R.1
02C0: 61 6A A4 F8 36 39 0D 93   B9 A8 A7 1B 1B 85 6A 3A  aj..69........j:
02D0: 47 71 6F 47 B8 E8 68 8A   53 A6 9E 66 CE 93 A7 97  GqoG..h.S..f....
02E0: 42 2F 0C 00 00 C9 03 00   17 41 04 02 CD CA F1 42  B/.......A.....B
02F0: EA B9 71 00 F4 90 67 44   47 E6 38 91 32 CC 41 E5  ..q...gDG.8.2.A.
0300: C2 8A E1 27 D0 E4 A1 24   F6 45 DE FA A7 33 D6 CE  ...'...$.E...3..
0310: 96 36 B7 2B D6 95 E0 25   B2 92 95 F0 EF C1 F1 AB  .6.+...%........
0320: 05 B6 A3 AE 43 26 0D 0B   42 13 47 06 01 00 80 25  ....C&..B.G....%
0330: 0F F1 64 E6 0F EB 29 6E   4A B2 6D 0F CF 7A 77 88  ..d...)nJ.m..zw.
0340: 60 D4 B4 7E 90 9D F2 0F   B8 EB 54 1C 2E BF E0 55  `.........T....U
0350: 9B A7 44 27 7E 30 64 5D   FA EE 0B 49 63 95 1C F1  ..D'.0d]...Ic...
0360: 74 B0 1E 16 E0 6A 92 4D   3B 08 EA 35 D6 E7 00 93  t....j.M;..5....
0370: 0A D2 0F 2D D5 4B BB 03   E7 E3 3A A5 BF 74 4D 40  ...-.K....:..tM@
0380: 08 32 C3 4B C2 0F A9 57   2F A3 AF 78 41 96 C8 AA  .2.K...W/..xA...
0390: 66 4B 0A FA A4 C1 92 ED   56 F2 84 12 90 B9 C4 E2  fK......V.......
03A0: 7B 2D 37 96 1F EE E2 B6   67 B2 7F F2 72 59 AB 0D  .-7.....g...rY..
03B0: 00 00 8F 03 01 02 40 00   16 06 01 05 01 04 01 03  ......@.........
03C0: 01 02 01 06 03 05 03 04   03 03 03 02 03 02 02 00  ................
03D0: 71 00 6F 30 6D 31 0B 30   09 06 03 55 04 06 13 02  q.o0m1.0...U....
03E0: 4C 4B 31 0D 30 0B 06 03   55 04 08 13 04 77 65 73  LK1.0...U....wes
03F0: 74 31 10 30 0E 06 03 55   04 07 13 07 63 6F 6C 6F  t1.0...U....colo
0400: 6D 62 6F 31 0D 30 0B 06   03 55 04 0A 13 04 77 73  mbo1.0...U....ws
0410: 6F 32 31 0C 30 0A 06 03   55 04 0B 13 03 65 73 62  o21.0...U....esb
0420: 31 20 30 1E 06 03 55 04   03 13 17 61 6A 61 6E 74  1 0...U....ajant
0430: 68 61 6E 2D 54 68 69 6E   6B 50 61 64 2D 54 34 34  han-ThinkPad-T44
0440: 30 70 0E 00 00 00                                  0p....
localhost-startStop-1, READ: TLSv1.2 Handshake, length = 1094
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 111 bytes = { 23, 192, 221, 237, 98, 23, 100, 35, 72, 83, 146, 155, 110, 109, 175, 30, 43, 123, 116, 116, 214, 107, 253, 55, 150, 207, 230, 10 }
Session ID:  {174, 230, 198, 99, 178, 1, 65, 121, 133, 234, 209, 211, 137, 231, 151, 56, 230, 20, 63, 129, 181, 36, 4, 164, 26, 62, 252, 123, 142, 62, 140, 148}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension ec_point_formats, formats: [uncompressed]
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[read] MD5 and SHA1 hashes:  len = 87
0000: 02 00 00 53 03 03 00 00   00 6F 17 C0 DD ED 62 17  ...S.....o....b.
0010: 64 23 48 53 92 9B 6E 6D   AF 1E 2B 7B 74 74 D6 6B  d#HS..nm..+.tt.k
0020: FD 37 96 CF E6 0A 20 AE   E6 C6 63 B2 01 41 79 85  .7.... ...c..Ay.
0030: EA D1 D3 89 E7 97 38 E6   14 3F 81 B5 24 04 A4 1A  ......8..?..$...
0040: 3E FC 7B 8E 3E 8C 94 C0   27 00 00 0B 00 0B 00 02  >...>...'.......
0050: 01 00 FF 01 00 01 00                               .......
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 109361386652187050654616234823827908562789195891666203185282006633704103921705602730977807798154726310494838271053493113115990241310829257811317251634138054170408008582147927146743592902016570993271525165694574823260610406549711733272218485805759122340881728888583401587419195151783350671558912291281964815199
  public exponent: 65537
  Validity: [From: Thu Dec 29 19:32:42 IST 2016,
               To: Fri Dec 29 19:32:42 IST 2017]
  Issuer: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  SerialNumber: [    58651782]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 75 34 68 10 BB 71 28 07   52 09 A7 E3 A8 0D 33 95  u4h..q(.R.....3.
0010: F8 F1 88 3A 73 13 E3 D7   3F 08 3C 2A 18 0D 5B 26  ...:s...?.<*..[&
0020: 1A 60 58 09 4C 09 CB 26   DA C1 99 F5 04 B9 26 24  .`X.L..&......&$
0030: BC D5 48 69 44 F5 41 E8   73 33 1B 61 57 68 6D 1D  ..HiD.A.s3.aWhm.
0040: 8D 0E 71 9C E0 07 A2 B7   C4 05 30 B1 C6 EF 08 80  ..q.......0.....
0050: 3E 79 0B 67 C3 1E E7 23   58 E4 C0 52 7D 31 61 6A  >y.g...#X..R.1aj
0060: A4 F8 36 39 0D 93 B9 A8   A7 1B 1B 85 6A 3A 47 71  ..69........j:Gq
0070: 6F 47 B8 E8 68 8A 53 A6   9E 66 CE 93 A7 97 42 2F  oG..h.S..f....B/

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 109361386652187050654616234823827908562789195891666203185282006633704103921705602730977807798154726310494838271053493113115990241310829257811317251634138054170408008582147927146743592902016570993271525165694574823260610406549711733272218485805759122340881728888583401587419195151783350671558912291281964815199
  public exponent: 65537
  Validity: [From: Thu Dec 29 19:32:42 IST 2016,
               To: Fri Dec 29 19:32:42 IST 2017]
  Issuer: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
  SerialNumber: [    58651782]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 75 34 68 10 BB 71 28 07   52 09 A7 E3 A8 0D 33 95  u4h..q(.R.....3.
0010: F8 F1 88 3A 73 13 E3 D7   3F 08 3C 2A 18 0D 5B 26  ...:s...?.<*..[&
0020: 1A 60 58 09 4C 09 CB 26   DA C1 99 F5 04 B9 26 24  .`X.L..&......&$
0030: BC D5 48 69 44 F5 41 E8   73 33 1B 61 57 68 6D 1D  ..HiD.A.s3.aWhm.
0040: 8D 0E 71 9C E0 07 A2 B7   C4 05 30 B1 C6 EF 08 80  ..q.......0.....
0050: 3E 79 0B 67 C3 1E E7 23   58 E4 C0 52 7D 31 61 6A  >y.g...#X..R.1aj
0060: A4 F8 36 39 0D 93 B9 A8   A7 1B 1B 85 6A 3A 47 71  ..69........j:Gq
0070: 6F 47 B8 E8 68 8A 53 A6   9E 66 CE 93 A7 97 42 2F  oG..h.S..f....B/

]
[read] MD5 and SHA1 hashes:  len = 651
0000: 0B 00 02 87 00 02 84 00   02 81 30 82 02 7D 30 82  ..........0...0.
0010: 01 E6 A0 03 02 01 02 02   04 58 65 17 82 30 0D 06  .........Xe..0..
0020: 09 2A 86 48 86 F7 0D 01   01 05 05 00 30 6D 31 0B  .*.H........0m1.
0030: 30 09 06 03 55 04 06 13   02 4C 4B 31 0D 30 0B 06  0...U....LK1.0..
0040: 03 55 04 08 13 04 77 65   73 74 31 10 30 0E 06 03  .U....west1.0...
0050: 55 04 07 13 07 63 6F 6C   6F 6D 62 6F 31 0D 30 0B  U....colombo1.0.
0060: 06 03 55 04 0A 13 04 77   73 6F 32 31 0C 30 0A 06  ..U....wso21.0..
0070: 03 55 04 0B 13 03 65 73   62 31 20 30 1E 06 03 55  .U....esb1 0...U
0080: 04 03 13 17 61 6A 61 6E   74 68 61 6E 2D 54 68 69  ....ajanthan-Thi
0090: 6E 6B 50 61 64 2D 54 34   34 30 70 30 1E 17 0D 31  nkPad-T440p0...1
00A0: 36 31 32 32 39 31 34 30   32 34 32 5A 17 0D 31 37  61229140242Z..17
00B0: 31 32 32 39 31 34 30 32   34 32 5A 30 6D 31 0B 30  1229140242Z0m1.0
00C0: 09 06 03 55 04 06 13 02   4C 4B 31 0D 30 0B 06 03  ...U....LK1.0...
00D0: 55 04 08 13 04 77 65 73   74 31 10 30 0E 06 03 55  U....west1.0...U
00E0: 04 07 13 07 63 6F 6C 6F   6D 62 6F 31 0D 30 0B 06  ....colombo1.0..
00F0: 03 55 04 0A 13 04 77 73   6F 32 31 0C 30 0A 06 03  .U....wso21.0...
0100: 55 04 0B 13 03 65 73 62   31 20 30 1E 06 03 55 04  U....esb1 0...U.
0110: 03 13 17 61 6A 61 6E 74   68 61 6E 2D 54 68 69 6E  ...ajanthan-Thin
0120: 6B 50 61 64 2D 54 34 34   30 70 30 81 9F 30 0D 06  kPad-T440p0..0..
0130: 09 2A 86 48 86 F7 0D 01   01 01 05 00 03 81 8D 00  .*.H............
0140: 30 81 89 02 81 81 00 9B   BC 5C 57 D9 01 11 6E F9  0........\W...n.
0150: 89 C8 15 FD 0C C4 CD 0C   61 3D C1 AF 66 F5 5D 37  ........a=..f.]7
0160: C8 05 F0 CB BA 39 FC 01   53 16 B2 F3 AE 42 9F 24  .....9..S....B.$
0170: 7C 5E C4 4E C0 56 21 D0   6A 2A 4D A2 3F 27 46 5E  .^.N.V!.j*M.?'F^
0180: 0F 52 7C E0 53 10 E7 B5   2F 82 08 91 4B 06 CC 76  .R..S.../...K..v
0190: 06 35 EA 13 B5 67 07 C2   5B 1A DE 9D D6 33 CC AB  .5...g..[....3..
01A0: 4E 49 32 F8 D5 86 28 39   DB 73 58 8F 19 A1 81 3D  NI2...(9.sX....=
01B0: 72 8C 6C 70 B1 22 DF 30   C0 10 81 44 30 39 40 87  r.lp.".0...D09@.
01C0: 8E 18 F5 38 8A D3 5F 02   03 01 00 01 A3 2A 30 28  ...8.._......*0(
01D0: 30 13 06 03 55 1D 23 04   0C 30 0A 80 08 04 28 CD  0...U.#..0....(.
01E0: 25 B5 2B BE 52 30 11 06   03 55 1D 0E 04 0A 04 08  %.+.R0...U......
01F0: 04 28 CD 25 B5 2B BE 52   30 0D 06 09 2A 86 48 86  .(.%.+.R0...*.H.
0200: F7 0D 01 01 05 05 00 03   81 81 00 75 34 68 10 BB  ...........u4h..
0210: 71 28 07 52 09 A7 E3 A8   0D 33 95 F8 F1 88 3A 73  q(.R.....3....:s
0220: 13 E3 D7 3F 08 3C 2A 18   0D 5B 26 1A 60 58 09 4C  ...?.<*..[&.`X.L
0230: 09 CB 26 DA C1 99 F5 04   B9 26 24 BC D5 48 69 44  ..&......&$..HiD
0240: F5 41 E8 73 33 1B 61 57   68 6D 1D 8D 0E 71 9C E0  .A.s3.aWhm...q..
0250: 07 A2 B7 C4 05 30 B1 C6   EF 08 80 3E 79 0B 67 C3  .....0.....>y.g.
0260: 1E E7 23 58 E4 C0 52 7D   31 61 6A A4 F8 36 39 0D  ..#X..R.1aj..69.
0270: 93 B9 A8 A7 1B 1B 85 6A   3A 47 71 6F 47 B8 E8 68  .......j:GqoG..h
0280: 8A 53 A6 9E 66 CE 93 A7   97 42 2F                 .S..f....B/
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
  public x coord: 1268230002602471301102650115611092404431672358926016256067662263130575488478
  public y coord: 113373633385882986794422769344135290121381809065405471446632561843687733203783
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
[read] MD5 and SHA1 hashes:  len = 205
0000: 0C 00 00 C9 03 00 17 41   04 02 CD CA F1 42 EA B9  .......A.....B..
0010: 71 00 F4 90 67 44 47 E6   38 91 32 CC 41 E5 C2 8A  q...gDG.8.2.A...
0020: E1 27 D0 E4 A1 24 F6 45   DE FA A7 33 D6 CE 96 36  .'...$.E...3...6
0030: B7 2B D6 95 E0 25 B2 92   95 F0 EF C1 F1 AB 05 B6  .+...%..........
0040: A3 AE 43 26 0D 0B 42 13   47 06 01 00 80 25 0F F1  ..C&..B.G....%..
0050: 64 E6 0F EB 29 6E 4A B2   6D 0F CF 7A 77 88 60 D4  d...)nJ.m..zw.`.
0060: B4 7E 90 9D F2 0F B8 EB   54 1C 2E BF E0 55 9B A7  ........T....U..
0070: 44 27 7E 30 64 5D FA EE   0B 49 63 95 1C F1 74 B0  D'.0d]...Ic...t.
0080: 1E 16 E0 6A 92 4D 3B 08   EA 35 D6 E7 00 93 0A D2  ...j.M;..5......
0090: 0F 2D D5 4B BB 03 E7 E3   3A A5 BF 74 4D 40 08 32  .-.K....:..tM@.2
00A0: C3 4B C2 0F A9 57 2F A3   AF 78 41 96 C8 AA 66 4B  .K...W/..xA...fK
00B0: 0A FA A4 C1 92 ED 56 F2   84 12 90 B9 C4 E2 7B 2D  ......V........-
00C0: 37 96 1F EE E2 B6 67 B2   7F F2 72 59 AB           7.....g...rY.
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, SHA384withRSA, SHA256withRSA, SHA224withRSA, SHA1withRSA, SHA512withECDSA, SHA384withECDSA, SHA256withECDSA, SHA224withECDSA, SHA1withECDSA, SHA1withDSA
Cert Authorities:
<CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK>
[read] MD5 and SHA1 hashes:  len = 147
0000: 0D 00 00 8F 03 01 02 40   00 16 06 01 05 01 04 01  .......@........
0010: 03 01 02 01 06 03 05 03   04 03 03 03 02 03 02 02  ................
0020: 00 71 00 6F 30 6D 31 0B   30 09 06 03 55 04 06 13  .q.o0m1.0...U...
0030: 02 4C 4B 31 0D 30 0B 06   03 55 04 08 13 04 77 65  .LK1.0...U....we
0040: 73 74 31 10 30 0E 06 03   55 04 07 13 07 63 6F 6C  st1.0...U....col
0050: 6F 6D 62 6F 31 0D 30 0B   06 03 55 04 0A 13 04 77  ombo1.0...U....w
0060: 73 6F 32 31 0C 30 0A 06   03 55 04 0B 13 03 65 73  so21.0...U....es
0070: 62 31 20 30 1E 06 03 55   04 03 13 17 61 6A 61 6E  b1 0...U....ajan
0080: 74 68 61 6E 2D 54 68 69   6E 6B 50 61 64 2D 54 34  than-ThinkPad-T4
0090: 34 30 70                                           40p
*** ServerHelloDone
[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00                                        ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain

References


[1] http://nandikajayawardana.blogspot.com/2015/03/configuring-ibm-mq-with-wso2-esb.html
[2] http://www.dushantech.com/2015/06/connecting-ibm-mq-with-wso2-esb-via-ssl.html
[3] https://qadeer786.wordpress.com/2013/10/08/using-ssl-support-for-java-clients-websphere-mq/
Posted by at No comments:
Labels:

1-way SSL Communication between WSO2 ESB4.9.0 and IBM Websphere MQ v8 - PART1

This articles explains how we can use WSO2 ESB4.9.0 to connect to IBM Websphere MQ through SSL communication. In this article covering the below sections, which will give a brief guide to setup a environment with SSL 1-way 
communication with WSO2 ESB4.9.0 with specific cipher’s for communication.

Contents Included


1) Prerequisite
2) Configuring Key Repository in IBM Websphere MQ
3) Building the IBM Client bundle to use in WSO2 ESB 4.9.0
4) Information about the cipher’s used in the communication.
5) Configuring QueueManager, Queue, Channel, ConnectionFactory and Destination in IBM Websphere MQ for SSL communication
6) Configuring WSO2 ESB4.9.0 to handle the SSL communication using specific ciphers.
7) Logging the SSL communication handshaking
8) Configuring TLS cipher suites.

1) Prerequisite


WSO2 ESB4.9.0

JDK1.8.0_91 installed with latest policy files for Unlimited ciphers. ( Can be downloaded from
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html )

IBM Websphere MQ8 - 8.0.0.4 ( Download it from IBM Website and you can follow the below blog to install it in linux
(http://rangasiriwardena.blogspot.com/2016/02/how-to-install-ibm-websphere-mq-ubuntu.html )


2) Configuring Key Repository in IBM Websphere MQ


As here we are considering the 1-way communication, we need to setup a keystore with private and public key of IBM websphere MQ server’s queue manager and then we need to upload the public key of the IBM to WSO2 ESB4.9.0 client-trustore.jks. 


To start the key Repository creation in IBM Websphere MQ, first we need to create a Queue Manager, to which we need to create the key repository.

Go to Queue Managers -> New -> Queue Manager... Then follow the below screens to create a new Queue Manager.








After successfully create the Queue Manager, Go to IBM Websphere MQ Explorer and click on Manage SSL Certificates...






Go to Key Database File -> New and the below screen will appear. Select the key type as CMS, then provide a file name and a location to store.



After Clicking OK, in the next screen, provide a password and select the stash password to a file option.




Now we have the key repository and we need to create a self signed certificate to load into it. To do that, select Personal Certificates and click on the New Self-signed...

The important thing when create the personal certificate is the Key Label, the name of the Key Label must be in small letters and it should start with “ibmwebspheremq+queue manager name in small letters.




Now we have the self signed certificate for the queue manager, we need to extract the public certificate of this to upload it into the client’s trustore, here it is the client-trustore.jks of WSO2 ESB. To do that, select the self signed certificate created above and then click Extract Certificate.



Now in the key_repo folder will have the below files.


Now we need to configure the queue manager to use these certificates.

Right click on the queue manager and select properties and will get the below screen. In that select SSL.



Here, in SSL Key Repository need to point the key repository created in the above step. Copy the ESB.QM1_REPO.kdb and ESB.QM1_REPO.sth to /var/mqm/qmgrs/ESB!QM1/ssl/ directory and specify the repo as “/var/mqm/qmgrs/ESB!QM1/ssl/ESB.QM1_REPO”.




Now we have successfully configured the Key repository for IBM Websphere MQ.


3) Building the IBM Client bundle to use in WSO2 ESB 4.9.0


To create the client bundle to use with WSO2 ESB, follow the below steps.

i) Create a folder named “wmq-client-8.0.0.4” and copy the below pom.xml file into it. 


<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>
 <groupId>wmq-client</groupId>
 <artifactId>wmq-client</artifactId>
 <version>8.0.0.4</version>
 <packaging>bundle</packaging>

 <dependencies>
  <dependency>
   <groupId>com.ibm</groupId>
   <artifactId>fscontext</artifactId>
   <version>8.0.0.4</version>
   <scope>system</scope>
   <systemPath>${basedir}/lib/fscontext.jar</systemPath>
  </dependency>
  <dependency>
   <groupId>com.ibm</groupId>
   <artifactId>providerutil</artifactId>
   <version>8.0.0.4</version>
   <scope>system</scope>
   <systemPath>${basedir}/lib/providerutil.jar</systemPath>
  </dependency>
  <dependency>
   <groupId>com.ibm</groupId>
   <artifactId>allclient</artifactId>
   <version>8.0.0.4</version>
   <scope>system</scope>
   <systemPath>${basedir}/lib/com.ibm.mq.allclient.jar</systemPath>
  </dependency>
  <dependency>
   <groupId>javax.jms</groupId>
   <artifactId>jms</artifactId>
   <version>1.1</version>
   <scope>system</scope>
   <systemPath>${basedir}/lib/jms.jar</systemPath>
  </dependency>
 </dependencies>

 <build>
  <plugins>
   <plugin>
    <groupId>org.apache.felix</groupId>
    <artifactId>maven-bundle-plugin</artifactId>
    <version>2.3.4</version>
    <extensions>true</extensions>
    <configuration>
     <instructions>
      <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
      <Bundle-Name>${project.artifactId}</Bundle-Name>
      <Export-Package>*;-split-package:=merge-first</Export-Package>
      <Private-Package />
      <Import-Package/>
      <Embed-Dependency>*;scope=system;inline=true</Embed-Dependency>
      <DynamicImport-Package>*</DynamicImport-Package>
     </instructions>
    </configuration>
   </plugin>
  </plugins>
 </build>
</project>



Then create a folder “lib”. Your folder structure will look like below.



Go to the installation directory of IBM Websphere MQ ( You can find it at /opt/mqm/java/lib, if you followed the blog mentioned in Prerequisite ) and copy the below JARS into the lib folder of the “wmq-client-8.0.0.4”.

    com.ibm.mq.allclient.jar
    fscontext.jar
    jms.jar
    providerutil.jar


ii) Run mvn clean install. Now we will have the wmq-client-8.0.0.4.jar.


4) Information about the cipher’s used in the communication.


When considering the SSL communication with IBM Websphere MQ, need to consider about the cipher suites supported by Oracle JDK1.8 and the cipher suites supported by the IBM Websphere MQ. 

To get the list of cipher suites supported by Oracle JDK refer 
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html 

To get the list of cipher suites supported by IBM Websphere MQ refer 
http://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113210_.htm 

Further, the important consideration on cipher’s is cipher suite and cipher spec mapping. The cipher spec is specified at server side and cipher suite is specified at client side. When using the combination, need to consider the correct mapping of them. You can find the mappings at  http://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113210_.htm


Note: When we use non-IBM java environments, like Oracle, although the IBM have the mappings for cipher suite to cipher spec for both SSL and TLS protocols, only the SSL protocol CipherSuites could be used.

To use the TLS CipherSuite to CipherSpec mappings as detailed in http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840 

To enable these non-default mappings ( TLS CipherSuite to CipherSpec mappings ) for non-IBM runtime environments, the following Java System Property:

  com.ibm.mq.cfg.useIBMCipherMappings

must be set to the value:

  false

For example, this can be configured by using the JVM argument:

  -Dcom.ibm.mq.cfg.useIBMCipherMappings=false

Refer http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840 for more information.


5) Configuring Queue, Channel, ConnectionFactory and Destination in IBM Websphere MQ for SSL communication


As we already configured the Queue Manager ( ESB.QM1 ), the SSL setting will look like below.



Create a Queue.





Create a server connection channel





Create the .bindings file.
















Create Destination.







Now we have done the configuration at IBM Websphere MQ side.

6) Configuring WSO2 ESB4.9.0 to handle the SSL communication using specific ciphers.


i) Copy the bundle created during step 2 ( wmq-client-8.0.0.4.jar ) into ESB_HOME/repository/components/dropins

ii) Copy the jta-1.1.jar from /opt/mqm/java/lib and copy to ESB_HOME/repository/components/lib.

iii) Remove following line from                  <ESB_4.9..0_Home>\repository\conf\etc\launch.ini

javax.jms,\

iv) Add the below to the axis2.xml and enable the JMSSender configuration.





<transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
  <parameter name="default" locked="false">
    <parameter name="java.naming.factory.initial" locked="false">com.sun.jndi.fscontext.RefFSContextFactory</parameter>
    <parameter name="java.naming.provider.url" locked="false">file:///home/mqm/wso2/IBM/bindesbqm1/</parameter>
    <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">ConnectionFactoryESBQM1</parameter>
    <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
    <parameter name="transport.jms.UserName" locked="false">mqm</parameter>
    <parameter name="transport.jms.Password" locked="false">1qaz2wsx@</parameter>    
    <parameter name="transport.jms.ReconnectInterval">300000</parameter>    
 
  </parameter>

  <parameter name="myQueueConnectionFactory1" locked="false">
    <parameter name="java.naming.factory.initial" locked="false">com.sun.jndi.fscontext.RefFSContextFactory</parameter>
    <parameter name="java.naming.provider.url" locked="false">file:///home/mqm/wso2/IBM/bindesbqm1/</parameter>
    <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">ConnectionFactoryESBQM1</parameter>
    <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
    <parameter name="transport.jms.UserName" locked="false">mqm</parameter>
    <parameter name="transport.jms.Password" locked="false">1qaz2wsx@</parameter>    
    <parameter name="transport.jms.ReconnectInterval">300000</parameter> 
   
  </parameter>
</transportReceiver>



v) Upload the public key certificate extracted from the Key repository. ( esb.qm1_pubkey.arm )

keytool -import -file esb.qm1_pubkey.arm -alias ibmwebspheremqesb.qm1 -keystore client-truststore.jks -storepass wso2carbon


Result:


mqm@ajanthan-ThinkPad-T440p:~/wso2/blog/wso2esb-4.9.0-blog/repository/resources/security$ keytool -import -file esb.qm1_pubkey.arm -alias ibmwebspheremqesb.qm1 -keystore client-truststore.jks -storepass wso2carbon
Owner: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
Issuer: CN=ajanthan-ThinkPad-T440p, OU=esb, O=wso2, L=colombo, ST=west, C=LK
Serial number: 58651782
Valid from: Thu Dec 29 19:32:42 IST 2016 until: Fri Dec 29 19:32:42 IST 2017
Certificate fingerprints:
  MD5:  4F:B2:E9:93:74:C9:C8:7B:ED:7B:9C:5E:70:A7:2F:89
  SHA1: 6A:25:71:50:C9:73:B9:E7:A2:77:49:3D:60:DF:C7:8E:81:6B:D9:C2
  SHA256: 54:7A:9B:26:72:14:75:BB:6C:45:E8:E0:9F:DA:CB:9A:F0:22:57:CC:B2:83:76:E7:86:04:D4:AA:1B:C8:84:72
  Signature algorithm name: SHA1withRSA
  Version: 3

Extensions: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 04 28 CD 25 B5 2B BE 52                            .(.%.+.R
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore
mqm@ajanthan-ThinkPad-T440p:~/wso2/blog/wso2esb-4.9.0-blog/repository/resources/security$



vi) Add the below to wso2server.sh

-DCMQC.SSL_CIPHER_SUITE_PROPERTY="SSL_RSA_WITH_3DES_EDE_CBC_SHA" \


vii) Disable Channel Authentication in IBM Websphere MQ.


Consider we are doing this only for testing purpose, to enable our mqm user to authenticate through channel.

IBM Websphere have an option to secure the channels. By default it will block all the remote users created during installation.

To fully disable the Channel Authentication for a particular Queue Manager,
Go to /opt/mqm/bin and run ./runmqsc ESB.QM1 then use the below commands.

ALTER QMGR CHLAUTH(DISABLED)

REFRESH SECURITY TYPE(CONNAUTH)

Or else we can allow our mqm user by removing the default “*MQADMIN” in the below screen and add a new value there.




The continuation of the blog can be find at PART2.

http://ajanthane.blogspot.com/2017/01/1-way-ssl-communication-between-wso2_3.html
Posted by at 1 comment:
Subscribe to: Posts (Atom)