Showing posts with label idea. Show all posts
Showing posts with label idea. Show all posts

November 19, 2016

Import Certificate to IntelliJ IDEA to Runtime


In order to import a certificate to run-time in IntelliJ IDEA do the following steps.

1. Go to Run > Edit Configuration


2. In VM options provide the trustStore as below : 
-Djavax.net.ssl.trustStore=C:\Source\vds\vdsstore.jks -Djavax.net.ssl.trustStorePassword=vdsstore


In order to import the certificate to a trust store do the following : 

keytool -import -alias vdsfmr -file Cert.cer -keystore wso2carbon.jks
VMArgument  -Djavax.net.ssl.trustStore=vdsStore -Djavax.net.ssl.trustStorePassword=vdsStore

Reference : https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html 

TroubleShooting

Unable to Find Cert :

Ceritificate is not available during runtime. To resolve add the VM Arguments pointing to Trust Store as above.

javax.naming.CommunicationException: simple bind failed: localhost:389 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at LDAPAuthenticator.main(LDAPAuthenticator.java:23)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:889)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at com.sun.jndi.ldap.Connection.run(Connection.java:855)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 18 more


When the Trust Store is Not Provided as an Absolute Path : 
Reference : http://stackoverflow.com/questions/4764611/java-security-invalidalgorithmparameterexception-the-trustanchors-parameter-mus

I was able to solve this error by providing the absolute path to the trust store instead of the relative path.

javax.naming.CommunicationException: simple bind failed: localhost:389 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
 at javax.naming.InitialContext.init(InitialContext.java:242)
 at javax.naming.InitialContext.<init>(InitialContext.java:216)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
 at VDSAuth.main(VDSAuth.java:31)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1862)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1845)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1771)
 at sun.security.ssl.AppInputStream.read(AppInputStream.java:113)
 at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
 at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
 at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
 at com.sun.jndi.ldap.Connection.run(Connection.java:855)
 at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
 at sun.security.validator.Validator.getInstance(Validator.java:179)
 at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:314)
 at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:173)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:186)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:849)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
 at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:889)
 at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
 ... 5 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
 at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
 at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
 at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
 ... 18 more

November 13, 2014

Remote Debugging WSO2 ESB with IntellijIdea and Eclipse

This post assumes you are familiar with debugging concepts. The remote debugging will be explained using WSO2 ESB product.

What happens in remote debugging is that the debugging information of a running application is communicated with an IDE that has the source of the application. The application is not running from the source, and thus the term "remote" debugging. Similar to any normal debug scenario, where you would be running the application in debug mode from the IDE, you can have breakpoints, watch expressions, etc.

Read more about how remote debugging works in JVM at [1].

Let's proceed on how to debug WSO2 ESB.

Setup the Source for Debugging WSO2 ESB

There are a number of components in WSO2 stack that contribute to the complete WSO2-ESB product. Some of these components are : wso2-synapse, carbon-mediation, wso2-axis2-transport, carbon4-kernel, etc. You can download source of all these components at https://github.com/wso2.

Decide on the component(s) you need to debug, and import them to your preferred IDE (Eclipse or IntellijIdea). To do this :
  1. Clone the required component from the git repository : git clone <repository_url>
  2. Build the component : mvn clean install or mvn clean install -Dmaven.test.skip=true (to skip tests)
  3. To setup as an IDE project : mvn idea:idea (for IntellijIdea) or mvn eclipse:eclipse (for Eclipse)
  4. Add breakpoints as needed
  5. If debugging multiple components, 
    • Eclipse : Import as project to the same workspace and add breakpoints
    • Idea : Import as module to the same window and add breakpoints
    • Optionally, at the time of debug, when debugging takes you to the .class files, you can attach the relevant components as sources with "attach source" option and continue.
Note : 
If you want to debug message flow on ESB, add a breakpoint to receive(org.apache.axis2.context.MessageContext mc) method in org.apache.synapse.core.axis2.ProxyServiceMessageReceiver class in wso2-synapse. This is the start point to the message flow on ESB.

Remote Debugging WSO2-ESB

Step 1 : Start WSO2-ESB in debug mode

$ sh bin/wso2server.sh debug 5005
Please start the remote debugging client to continue...
JAVA_HOME environment variable is set to /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
CARBON_HOME environment variable is set to /Users/maheeka/wso2esb-4.8.1
Listening for transport dt_socket at address: 5005

We have started the ESB in debug mode, and it listens now on port 5005 for a remote debugging client. 

Step 2 : Start Remote Debugging Client (IDE)

IntelliJIdea
  1. Run > Edit Configurations
  2. On the left panel, click on "+" and add a new Remote Configurations. Notice the port to be same as you give when starting ESB.
  3. Then Run > Debug 'wso2-synapse' to start the listener
  4. The application will now run as normal and stop at the breakpoints you have added




Eclipse
  1. Run > Debug Configurations
  2. Add a new Remote Java Application Configuration. Notice the port number to be same as you give when starting ESB.
  3. Click on Debug to start debugging