Friday, June 28, 2013

Servicepack patches applying procedure

Recently I was involved in implementing Servicepack feature on Carbon kernel. Up to this implementation WSO2 products only supported to apply patches as needed. But when time goes this number of patches get increased(sometimes patche0001 to patch0100 so on....) and it will be difficult to maintain and sometimes some of these patches can get missed and will be difficult to check. Servicepack implementation was taken into account to address this scenario.

Let me first tell you the structure of a Servicepack. Servicepack is a collection of patches combined to one such that it will be easy to distribute to a customer. (ex: patch0001 to patch0080). It mainly contain two elemets,

  • lib directory : which contain all the jar files corresponding to the patches that will be applied by Servicepack
  • servicepack_patches.txt file : contain the list of patch numbers included on the servicepack




With this approach during server start up with ./wso2server.sh -DapplyPatches the code will first check on available service packs on $CARBON_HOME/repository/components/servicepack directory and apply the latest Servicepack available in the directory. Then with the help of servicepack_patches.txt file of the Servicepack patch applying process will apply the remaining patches that was not applied by Servicepack to the server.

The order the patches and Servicepacks get installed will be shown in the below diagram. It will first apply patch0000 which is the plugins backup directory if exist. Then it apply the latest Servicepack available. Finally the process apply the remaining patches which was not applied by Servicepack.



Then we will verify the components inside applied latest Servicepack and patch list with the $CARBON_HOME/repository/components/plugins directory. If plugins directory contain the latest patch list we assume the process is successfully completed :)
Posted by at No comments:
Labels: , ,

CarbonApp Deployment Process


In this artical I will discuss about the deployment process of CApp artifacts. CApp namly CarbonApplication Deployer is an collection of different artifacts bundled to a single deployable component. When deploying a CApp on any WSO2 product it directly deploy all the relevent artifacts for the product by calling the relevant artifact deployers programmatically. This will be done by the CAppDeployer when the corresponding CApp get deployed. According to this process the deployment of the artifacts will be synchronous and the artifact deployment will be atomic. So if the CApp successfully deployed we can guarantee that all the artifacts have successfully deployed.



Steps involved during deployment of CarbonApp,
  • Artifacts inside CApp get extracted to temp location
  • CAppDeployer then call the relevant deployer based on the artifact and deploy the artifacts
  • When the CApp get deployed all its artifacts are up and running


The sample code to the new implementation is shown in the below segments. In this case I have given the example code for webapp deployment. The deployment of the other artifacts will be in same fashion except synapse artifacts.
Read more »
Posted by at No comments:
Labels: , ,

Generate MD5 thumbprint form security certificate

Recently I was involved in implementing keystore validation on default wso2carbon keystore. The main idea behind this implementaion was to make customer aware about security risks by leaving default JKS in production because wso2 keystore is publically available since we are an open source company.

During system validation what I did was obtain the primary keystore of the vendor and validate its MD5 thumbprint value with default wso2carbon certificate thumbprint value. This method used to generate the thumb print form an X509Certificate is interesting and I hope this will be useful to someone someday + me :)


/**
* Generate the MD5 thumbprint of the certificate
*
* @param certificate that we need the thumbprint
* @return MD5 thumbprint value
* @throws CertificateEncodingException
* @throws NoSuchAlgorithmException
*/
private String getCertFingerprint(X509Certificate certificate) throws CertificateEncodingException, NoSuchAlgorithmException {
MessageDigest digestValue = MessageDigest.getInstance("MD5");
byte[] der = certificate.getEncoded();
digestValue.update(der);
byte[] digestInBytes = digestValue.digest();
return hexify(digestInBytes);
}

/**
* Helper method to hexify a byte array.
* @param bytes
* @return hexadecimal representation
*/
private String hexify(byte bytes[]) {

char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
StringBuffer buf = new StringBuffer(bytes.length * 2);

// appending : marks to make fingerprint more readable
for (int i = 0; i < bytes.length; ++i) {
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
buf.append(hexDigits[bytes[i] & 0x0f] + ":");
}
// removing the last : value from the buffer string
buf.deleteCharAt(buf.length()-1);
return buf.toString();
}
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)