Tuesday, February 17, 2009

OWSM manual installation

Create Database user orawsm:
$INSTALL_DIR/install/soa_schemas/irca/sql/owsm

sqlplus / as sysdba
@createuser.sql
@loaddata.sql

$ORACLE_HOME/owsm/bin/coresv.properties

cd $ORACLE_HOME/owsm/bin
wsmadmin.sh dataloadConfigure
wsmadmin.sh dataload

$ORACLE_HOME/owsm/bin/wsmadmin.sh deploy coreman
$ORACLE_HOME/owsm/bin/wsmadmin.sh deploy gateway
$ORACLE_HOME/owsm/bin/wsmadmin.sh deploy policymanager
$ORACLE_HOME/owsm/bin/wsmadmin.sh deploy control
on Tuesday, February 17, 2009 Labels: 1 reactions

Wednesday, February 4, 2009

SSO Server Inactivity Timeout Configuration

SSO Server Inactivity Timeout Configuration can be achieved by running an sql script in the metadata repository:

Go to the directory:
$ORACLE_HOME/sso/admin/plsql/sso

Open an SQL*Plus session as the orasso user (password can be found in oidadmin)
sqlplus orasso

Execute the sql script:
@ssogito.sql

Enter an domain for the cookie
Enter an inactivity_period


SQL> @ssogito.sql
=============================================
SSO Server Inactivity Timeout Configuration
=============================================
Timeout          : ENABLED
Cookie name      : OSSO_USER_CTX
Cookie domain    :
Inactivity period: xx minutes
Encryption key   : xxxxxxxxxxxxxxxxxx
Note: timeout cookie domain will be defaulted
to the SSO Server hostname
-------------------------------------------
To disable timeout set inactivity period
to 0, (zero)
Press return key twice if you do not want
to change timeout configuration.

PL/SQL procedure successfully completed.

Enter value for timeout_cookie_domain: .xxxx.xx
Enter value for inactivity_period: xx
Timeout                  : ENABLED
New timeout cookie domain: .xxxx.xx
New inactivity period    : xx minutes

PL/SQL procedure successfully completed.

No errors.


Restart HTTP_SERVER en OC4J_SECURITY 

opmnctl restartproc process-type=HTTP_Server
opmnctl restartproc process-type=OC4J_SECURITY


In the portal the mod_osso.conf has to be changed:
OssoIdleTimeout off change to OsseIdleTimeout on.

Restart HTTP_SERVER

opmnctl restartproc process-type=HTTP_Server


-
on Wednesday, February 04, 2009 Labels: 1 reactions

Import private key and certificate in Java keystore

It is not possible to import an existing private key for which an certificate is already made. But with the description on this website http://www.agentbob.info/agentbob/79-AB.html it is possible to do this.

An summary of the contents:

Convert key and certificate to PEM with openssl

openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER


With an java program ImportKey it is possible to create an new keystore with the private key in it. (java 1.5):

Set the classpath to the directory where ImportKey is placed.


java ImportKey key.der cert.der
Using keystore-file : /home/user/keystore.ImportKey
One certificate, no chain.
Key and certificate stored.
Alias:importkey  Password:importkey


This program creates an keystore named: /home/user/keystore.ImportKey. Now everything can be changed using the keytool:

1. Rename keystore: with an mv or an cp
2. Change password keystore: 

keytool -keystore  –storepasswd 
Enter keystore password:  
New keystore password: 
Re-enter new keystore password:


3. Change password certificate: 

keytool -keypasswd -keypass importkey -new  -alias importkey -keystore


4. Change alias importkey

keytool -keystore  -keyclone -alias importkey -dest 
Enter keystore password:  
Enter key password for 
        (RETURN if same as for )


5. Delete old alias:

keytool -keystore  -delete -alias importkey


Java code ImportKey program:


import java.security.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.DataInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.security.spec.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Iterator;

/**
 * ImportKey.java
 *
 * 
This class imports a key and a certificate into a keystore
 * ($home/keystore.ImportKey). If the keystore is
 * already present, it is simply deleted. Both the key and the
 * certificate file must be in DER-format. The key must be
 * encoded with PKCS#8-format. The certificate must be
 * encoded in X.509-format.

 *
 * 
Key format:

 * 
openssl pkcs8 -topk8 -nocrypt -in YOUR.KEY -out YOUR.KEY.der
 * -outform der

 * 
Format of the certificate:

 * 
openssl x509 -in YOUR.CERT -out YOUR.CERT.der -outform
 * der

 * 
Import key and certificate:

 * 
java comu.ImportKey YOUR.KEY.der YOUR.CERT.der


 *
 * 
Caution: the old keystore.ImportKey-file is
 * deleted and replaced with a keystore only containing YOUR.KEY
 * and YOUR.CERT. The keystore and the key has no password; 
 * they can be set by the keytool -keypasswd-command for setting
 * the key password, and the keytool -storepasswd-command to set
 * the keystore password.
 * 
The key and the certificate is stored under the alias
 * importkey; to change this, use keytool -keyclone.
 *
 * Created: Fri Apr 13 18:15:07 2001
 * Updated: Fri Apr 19 11:03:00 2002
 *
 * @author Joachim Karrer, Jens Carlberg
 * @version 1.1
 **/
public class ImportKey  {
    
    /**
     * 
Creates an InputStream from a file, and fills it with the complete
     * file. Thus, available() on the returned InputStream will return the
     * full number of bytes the file contains

     * @param fname The filename
     * @return The filled InputStream
     * @exception IOException, if the Streams couldn't be created.
     **/
    private static InputStream fullStream ( String fname ) throws IOException {
        FileInputStream fis = new FileInputStream(fname);
        DataInputStream dis = new DataInputStream(fis);
        byte[] bytes = new byte[dis.available()];
        dis.readFully(bytes);
        ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
        return bais;
    }
        
    /**
     * 
Takes two file names for a key and the certificate for the key, 
     * and imports those into a keystore. Optionally it takes an alias
     * for the key.
     * 
The first argument is the filename for the key. The key should be
     * in PKCS8-format.
     * 
The second argument is the filename for the certificate for the key.
     * 
If a third argument is given it is used as the alias. If missing,
     * the key is imported with the alias importkey
     * 
The name of the keystore file can be controlled by setting
     * the keystore property (java -Dkeystore=mykeystore). If no name
     * is given, the file is named keystore.ImportKey
     * and placed in your home directory.
     * @param args [0] Name of the key file, [1] Name of the certificate file
     * [2] Alias for the key.
     **/
    public static void main ( String args[]) {
        
        // change this if you want another password by default
        String keypass = "importkey";
        
        // change this if you want another alias by default
        String defaultalias = "importkey";

        // change this if you want another keystorefile by default
        String keystorename = System.getProperty("keystore");

        if (keystorename == null)
            keystorename = System.getProperty("user.home")+
                System.getProperty("file.separator")+
                "keystore.ImportKey"; // especially this ;-)


        // parsing command line input
        String keyfile = "";
        String certfile = "";
        if (args.length < 2 || args.length>3) {
            System.out.println("Usage: java comu.ImportKey keyfile certfile [alias]");
            System.exit(0);
        } else {
            keyfile = args[0];
            certfile = args[1];
            if (args.length>2)
                defaultalias = args[2];
        }

        try {
            // initializing and clearing keystore 
            KeyStore ks = KeyStore.getInstance("JKS", "SUN");
            ks.load( null , keypass.toCharArray());
            System.out.println("Using keystore-file : "+keystorename);
            ks.store(new FileOutputStream ( keystorename  ),
                    keypass.toCharArray());
            ks.load(new FileInputStream ( keystorename ),
                    keypass.toCharArray());

            // loading Key
            InputStream fl = fullStream (keyfile);
            byte[] key = new byte[fl.available()];
            KeyFactory kf = KeyFactory.getInstance("RSA");
            fl.read ( key, 0, fl.available() );
            fl.close();
            PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec ( key );
            PrivateKey ff = kf.generatePrivate (keysp);

            // loading CertificateChain
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream certstream = fullStream (certfile);

            Collection c = cf.generateCertificates(certstream) ;
            Certificate[] certs = new Certificate[c.toArray().length];

            if (c.size() == 1) {
                certstream = fullStream (certfile);
                System.out.println("One certificate, no chain.");
                Certificate cert = cf.generateCertificate(certstream) ;
                certs[0] = cert;
            } else {
                System.out.println("Certificate chain length: "+c.size());
                certs = (Certificate[])c.toArray();
            }

            // storing keystore
            ks.setKeyEntry(defaultalias, ff, 
                           keypass.toCharArray(),
                           certs );
            System.out.println ("Key and certificate stored.");
            System.out.println ("Alias:"+defaultalias+"  Password:"+keypass);
            ks.store(new FileOutputStream ( keystorename ),
                     keypass.toCharArray());
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

}// KeyStore
on Wednesday, February 04, 2009 12 reactions
Subscribe to: Posts (Atom)