Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Symmetric XML Cryptography in Mule 4

DZone's Guide to

Symmetric XML Cryptography in Mule 4

Don't get scared away by the fancy title! Mule has made the process super easy. Read on to learn how to encrypt your XML.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

There are major changes introduced in the security module in Mule 4. Here, we are going to validate changes/enhancements made to the security module in Mule4.

Let's start with XML Cryptography.

The below information are the steps to perform XML encryption and decryption in Mule 4 in XML cryptography module.

Step 1: Download the security module's plug-in from the exchange in Anypoint Studio. Once downloaded, we will able to search the security module's components in Anypoint Studio's pallet.

Image title

Step 2: Based on the new release in the security module in Mule 4, encryption/decryption has been enhanced to secure the key bases process, so now we need to generate a keystore file. Below is the command to generate a keystore file (jceks).

keytool.exe -genseckey -alias srccodes -keyalg AES -keystore aesKelltontech.jceks -keysize 128 -storeType JCEKS

The below are additional steps to generate a key.

Image title

Once the above command and steps successfully completed we will find below keystore file has been generated.

Image title

Step 3: Now, let's configure the "XML encrypt" component to encrypt the data in flow with the below steps.

  • Module configuration (global configuration): To make global configurations, we need to follow the below steps.

In a keystore file go to"askKelltontech.jceks," which we have generated with the alias = 'srccodes' and password = '123456.' We have configured this in the global configuration section of Anypoint. 

Image title

  • Refer to the global configuration in the XML encrypt component as shown below.    

Image title

Above, we have the steps to configure our XML encryption. Below is what final flow will look like. 

Image title

The above is a graphical flow. Below is the XML syntax of the flow.

<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:vm="http://www.mulesoft.org/schema/mule/vm" xmlns:crypto="http://www.mulesoft.org/schema/mule/crypto"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/crypto http://www.mulesoft.org/schema/mule/crypto/current/mule-crypto.xsd
http://www.mulesoft.org/schema/mule/vm http://www.mulesoft.org/schema/mule/vm/current/mule-vm.xsd">
<http:listener-config name="HTTP_Listener_config" doc:name="HTTP Listener config" doc:id="a0e1172f-eca9-4a09-a87e-00cb9c7a66e2" >
<http:listener-connection host="0.0.0.0" port="8081" />
</http:listener-config>
<crypto:jce-config name="Crypto_Jce" doc:name="Crypto Jce" doc:id="de44bc8f-2267-4b4d-a58f-a93f0877b377" keystore="aesKelltontech.jceks" password="123456" type="JCEKS">
<crypto:jce-key-infos >
<crypto:jce-symmetric-key-info keyId="aseKellton" alias="srccodes" password="123456" />
</crypto:jce-key-infos>
</crypto:jce-config>
<vm:config name="VM_Config" doc:name="VM Config" doc:id="98333712-0c44-4443-a32b-e6b75304ea81" >
<vm:queues >
<vm:queue queueName="xmlVM" />
</vm:queues>
</vm:config>
<flow name="xmlencrypdemomule4Flow" doc:id="8bf6a653-5012-4fc9-af06-f3ad4b920027" >
<http:listener doc:name="Listener" doc:id="0e4b2ff7-379e-45a8-82ff-cfa429b49f13" config-ref="HTTP_Listener_config" path="/posXmlData"/>
<crypto:xml-encrypt doc:name="Xml encrypt" doc:id="61e315d0-c92a-4047-979c-9c8a5645b4a4" config-ref="Crypto_Jce" keyId="aseKellton" elementPath="/Country/City"/>
<logger level="INFO" doc:name="Logger" doc:id="1e05f8a5-5a05-4a9d-b844-c45669ab2e72" message="==================This is main flow  value ================  #[payload]"/>
<vm:publish doc:name="Publish" doc:id="29454982-3080-4aa1-84ee-a6c2e5840469" config-ref="VM_Config" queueName="xmlVM"/>
</flow>
<flow name="xmlencrypdemomule4Flow1" doc:id="20929f78-cac2-4fc4-ab72-ef62053f65cf" >
<vm:listener queueName="xmlVM" doc:name="Listener" doc:id="015739e8-dba1-4e08-ab2e-ab40b8a1583f" config-ref="VM_Config"/>
<crypto:xml-decrypt doc:name="Xml decrypt" doc:id="93cf0754-1d56-496c-925f-8d1b40545beb" config-ref="Crypto_Jce" keyId="aseKellton"/>
<logger level="INFO" doc:name="Logger" doc:id="c2e5c441-4a3f-4f31-9e46-9a1c781decd4" message="==================This is final value ================  #[payload]"/>
</flow>
</mule>

Now start the application. The below logs show that the application is configured and deployed successfully.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Mule is up and kicking (every 5000ms)                    +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
INFO  2018-05-12 07:23:38,559 [WrapperListener_start_runner] org.eclipse.jetty.server.AbstractConnector: Started ServerConnector@669787da{HTTP/1.1,[http/1.1]}{0.0.0.0:50345}
INFO  2018-05-12 07:23:38,560 [WrapperListener_start_runner] org.mule.runtime.module.deployment.internal.StartupSummaryDeploymentListener: 
**********************************************************************
*              - - + DOMAIN + - -               * - - + STATUS + - - *
**********************************************************************
* default                                       * DEPLOYED           *
**********************************************************************
*******************************************************************************************************
*            - - + APPLICATION + - -            *       - - + DOMAIN + - -       * - - + STATUS + - - *
*******************************************************************************************************
* xmlencrypdemomule4                            * default                        * DEPLOYED           *
*******************************************************************************************************

We're all set to go and to test the flow. Follow the below steps to test the application.

Image title

In the logs, we can find encrypted data and decrypted data as expected.

INFO  2018-05-12 07:25:27,773 [[MuleRuntime].cpuLight.03: [xmlencrypdemomule4].xmlencrypdemomule4Flow.CPU_LITE @5805f136] [event: 0-89c7aab0-5587-11e8-916a-34f64bf39778] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: ==================This is main flow  value ================  <?xml version="1.0" encoding="UTF-8" standalone="no"?><Country>
<City><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>aseKellton</ds:KeyName>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>bv2dhOXlCTG3a1EC4THZZcKyOgKA4jOytQOP9jcZxrc=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></City>
</Country>
INFO  2018-05-12 07:25:27,832 [[MuleRuntime].cpuLight.11: [xmlencrypdemomule4].xmlencrypdemomule4Flow1.CPU_LITE @7ae5e993] [event: 0-89c7aab0-5587-11e8-916a-34f64bf39778] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: ==================This is final value ================  <?xml version="1.0" encoding="UTF-8" standalone="no"?><Country>
<City>Gurgaon</City>
</Country>

Now in Mule 4, we find that the encryption module has been enhanced to share knowledge for different encryption criteria.

Happy learning!

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
mule 4 ,security ,mule security ,mulesoft ,anypoint studio

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}