Tuesday 24 April 2012

Comparing Open Source ESBs

I've working heavily with webMethods (http://goo.gl/z69Nu) for the last 7 or so years, I'm always thinking about what open source alternatives are there and how mature they have become compared to more proprietary EBS's like webMethods, Tibco, Oracle Fusion, IBM WebSphere etc.

I've been playing around recently with Apache Camel (http:/camel.apache.org) and Mule ESB (http://www.mulesoft.org) to get a better idea of how easy it is to use these open source ESBs

I've found that Apache Camel has quite a lot of the standard endpoints used in most organisations, however, the GUI for quick mappings and orchestrations is lacking. The tutorials are good and very detailed, especially with providing sample code, but doesn't feel like it's complete. Due to it's open source nature and with many collaborators working on Apache projects, there is a big talent pool out there to help make this a solid alternative to a paid ESB.

Mule, on the other hand, was originally driven through a XML file that had all the endpoint configurations. When dealing with configuring XML for endpoints, it was quite painful. With Mule Studio GA releasing, it has made development and integration a whole lot easier with a GUI that allows for orchestrations and quick integration projects.
One of my good friends has done quite a bit of Mule integration and with the new GUI, he's been able to reduce the amount of time taken to do his projects.

I've been looking to use Mule for my home projects and eventual integration to websites, but with the very small nature of those projects, I might just stick with using some simpler Java based solution.

This was just my experience with some of the commonly used open source ESB's compared to paid alternatives. I'll be using them more in the future and will be keeping track of them as well as any newer ones that pop up.

Tuesday 17 April 2012

Communication between MWS & ESB with certificates

Introduction

The following article guides you through setting up your MWS and IS instances to encrypt data/decrypt data 

MWS

Installing the IS certificate into the MWS truststore

  1. On your MWS server download a copy of InstallCert.java
  2. Open the file and change the line 72 to reflect your install path of MWS
  3. Compile the code javac InstallCert.java
  4. Run the code as follows:
    • java -cp . InstallCert <ISHostName:httpsPortNum> <glueTrustStore.jksPassword>
  5. This will try to download the certificate from the IS server and install it in the MWS truststore

Setup environment variables in your CAF application

Configure your CAF application to have the following environment entries:

String store = "<MWS_HOME>/server/<server_Instance>/config/glue/glueTrustStore.jks";
String sPass = passphrase_for_file_above;
String alias = alias_of_IS_key;

Write a method that takes in your data to be encrypted with the Certificate, plus the above parameters:

private static byte[] encryptData(String store, String sPass, String alias, String data) throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");
    FileInputStream fis = new FileInputStream(store);
    ks.load(fis, sPass.toCharArray());
    fis.close();
    java.security.cert.Certificate cert = ks.getCertificate(alias);
    PublicKey key = cert.getPublicKey();
    Cipher cipher = Cipher.getInstance(key.getAlgorithm());  
    cipher.init(Cipher.ENCRYPT_MODE, key);
    return cipher.doFinal(data.getBytes());
}

Bind the byte[] to the input provided by the ESB WSD.

ESB

Create a service that takes in a byte[] input from above and retrieves the privateKey of the IS as well as decryption of the payload (using the following flow service to get the privateKey):
pub.security.keystore:getKeyAndChain

Here is the Java code for the decryption service:

public static final void decryptData(IData pipeline) throws ServiceException {
    // pipeline
    IDataCursor pipelineCursor = pipeline.getCursor();
    PrivateKey privateKey = (PrivateKey) IDataUtil.get(pipelineCursor, "privateKey");
    byte[] encryptedData = (byte[]) IDataUtil.get(pipelineCursor, "encryptedData");
    pipelineCursor.destroy();

    Cipher cipher = null;
    String decryptedData = null;
    try {
        cipher = Cipher.getInstance(privateKey.getAlgorithm());
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        decryptedData = new String(cipher.doFinal(encryptedData));
    } catch (Exception e) {
        throw new ServiceException(e);
    }
    // pipeline
    IDataCursor pipelineCursor_1 = pipeline.getCursor();
    IDataUtil.put(pipelineCursor_1, "decryptedData",decryptedData);
    pipelineCursor_1.destroy();
}

For details on setting up the certificates on the IS, please refer to the Administration Guide.