[1] https://svn.wso2.org/repos/wso2/people/asela/ws-security/secure-callback/
[2] http://xacmlinfo.org/2014/09/26/improved-callback-for-calling-backend-services-from-wso2esb/
In this sample, I'm using the below flow:
SOAP UI Client -> EBS 5.0.0 Proxy service with secured endpoint with policy -> Backend ( ESB proxy secured with Non-Repudiation )
For the backend, we can use ESB4.8.1 functionality of securing using Non-Repudiation, in which way we can easily secure it using the management console.
1) Created a keystore to use to sign the outgoing request.
keytool -genkeypair -alias partner2 -keyalg RSA -keysize 4096 -keystore partner2_keystore.jks -dname "C=LK,ST=WP,L=Colombo,O=WSO2,OU=Carbon,CN=partner2.com" -storepass partner2 -keypass partner2 -ext ku:c=dig,keyEncipherment,nR,dataEncipherment
2) As our sample flow is like: Client (SOAP UI) -> ESB 5.0.0 ( Endpoint Secured Proxy ) -> Backend ( ESB Proxy secured with non repudiation policy )
We need to load the wso2carbon certificate to our newly created keystore ( partner2_keystore.jks ).
keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2carbon.cer
keytool -import -trustcacerts -alias wso2carbon -file wso2carbon.cer -keystore partner2_keystore.jks -storepass partner2
3) Now if we check our newly created keystore we will see:
keytool -v -list -keystore partner2_keystore.jks
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: wso2carbon
Creation date: Apr 27, 2017
Entry type: trustedCertEntry
Owner: CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US
Issuer: CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US
Serial number: 4b7e3782
Valid from: Fri Feb 19 12:32:26 IST 2010 until: Tue Feb 13 12:32:26 IST 2035
Certificate fingerprints:
MD5: 02:FB:AA:5F:20:64:49:4A:27:29:55:71:83:F7:46:CD
SHA1: 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D
SHA256: 1D:72:9F:B8:C4:68:EA:D8:20:A2:A0:BE:4A:DB:8F:BA:BE:D9:AB:1B:A1:26:C9:D2:14:66:C5:70:6E:8E:4D:30
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
*******************************************
*******************************************
Alias name: partner2
Creation date: Apr 27, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: C=LK, ST=WP, L=Colombo, O=WSO2, OU=Carbon, CN=partner2.com
Issuer: C=LK, ST=WP, L=Colombo, O=WSO2, OU=Carbon, CN=partner2.com
Serial number: 5e0d9a7b
Valid from: Thu Apr 27 12:38:49 IST 2017 until: Wed Jul 26 12:38:49 IST 2017
Certificate fingerprints:
MD5: 05:1F:15:7F:D1:56:6E:FA:BA:5F:FA:85:57:75:83:A8
SHA1: 29:60:F3:5E:F1:06:DF:78:C4:74:89:A3:CE:C4:13:9E:04:16:98:E7
SHA256: 59:1B:AE:34:9C:14:EC:EA:5C:35:07:01:16:CE:B9:73:98:A4:86:2B:D8:22:3C:5E:58:B9:FF:F4:08:FB:0D:33
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2E D6 37 7F DF A2 F1 39 5E 28 1D 43 2A 45 B7 60 ..7....9^(.C*E.`
0010: F8 8E 37 D7 ..7.
]
]
*******************************************
*******************************************
4) Now we need to load the certificate of our client to the backend Server's keystore.
keytool -export -keystore partner2_keystore.jks -alias partner2 -file partner2.cer
keytool -import -trustcacerts -alias partner2 -file partner2.cer -keystore wso2carbon.jks -storepass wso2carbon
5) Now we are done with certificate configurations.
6) Then download and copy the org.soasecurity.wssecurity.secure.callback-1.0.0.jar from [1] to ESB_HOME/repository/components/dropins.
7) Restart the ESB and load the partner2_keystore.jks to Keystores in management console.
8) Now create a policy which do the signing and send the message to backend and load it to the registry.
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireIssuerSerialReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireIssuerSerialReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:rampartConfigCallbackClass>org.soasecurity.wssecurity.secure.callback.handler.ESBConfigCallbackHandler</rampart:rampartConfigCallbackClass>
</rampart:RampartConfig>
</wsp:Policy>
9) Create a proxy as below:
Here:
privateKeyAlias - Alias name of the key inside the partner2_keystore.jks.
keyStore - The keystore we are going to use for the signing.
encryptionKeyAlias - This is the public certificate of the backend. Here I'm using wso2carbon as that's the backend i used in this sample.
http://ajanthan-ThinkPad-T440p:8280/services/NonRepudiationBackEND - This is the mock backend we created using the ESB's non-repudiation feature.
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="TestRampartLoadProxy"
startOnLoad="true"
statistics="disable"
trace="disable"
transports="https,http">
<target>
<inSequence>
<log level="custom">
<property name="STATUS:"
value="-----------------TestRampartLoadProxy Invoked------------------"/>
</log>
<class name="org.soasecurity.wssecurity.secure.callback.mediator.ESBCallbackMediator">
<property name="privateKeyAlias" value="partner2"/>
<property name="keyStore" value="partner2_keystore.jks"/>
<property name="encryptionKeyAlias" value="wso2carbon"/>
<property name="userName" value=""/>
</class>
<send>
<endpoint>
<address uri="http://ajanthan-ThinkPad-T440p:8280/services/NonRepudiationBackEND">
<enableSec policy="conf:/policy/endpointsignpolicy.xml"/>
</address>
</endpoint>
</send>
<log level="custom">
<property name="STATUS:"
value="-----------------TestRampartLoadProxy Invoked: After Send------------------"/>
</log>
</inSequence>
<outSequence>
<log level="custom">
<property name="STATUS:"
value="-----------------TestRampartLoadProxy OUT Invoked ------------------"/>
</log>
<log level="full"/>
<send/>
</outSequence>
</target>
<description/>
</proxy>
10) The Backend Proxy configuration as below:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="NonRepudiationBackEND"
transports="https,http,local"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<log level="custom">
<property name="STATUS"
value="-----------------NonRepudiationBackEND IN Invoked--------------------"/>
</log>
<log level="full"/>
<respond/>
</inSequence>
</target>
<parameter name="disableREST">true</parameter>
<parameter name="ScenarioID">scenario2</parameter>
<enableSec/>
<policy key="conf:/repository/axis2/service-groups/NonRepudiationBackEND/services/NonRepudiationBackEND/policies/SigOnly"/>
<description/>
</proxy>
11) For testing send a message as below:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<echo:echoString>
<in>Test</in>
</echo:echoString>
</soapenv:Body>
</soapenv:Envelope>
12) If we checked the wire logs, we can confirm that the message got signed during it goes out from fron end ESB and successfully invoked the backend and another signed message will come as out from the backend and when goes out from front ESB to the SOAP client it will remove the sign part and sent to SOAP client. This is because our front proxy is not secured for response signing only the back invocation is secured.
[2017-04-27 14:42:41,072] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "POST /services/TestRampartLoadProxy HTTP/1.1[\r][\n]"
[2017-04-27 14:42:41,072] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"
[2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
[2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "SOAPAction: "urn:echoString"[\r][\n]"
[2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Content-Length: 281[\r][\n]"
[2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "ProxySignOnlyHost: ajanthan-ThinkPad-T440p:8282[\r][\n]"
[2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Connection: Keep-Alive[\r][\n]"
[2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
[2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "[\r][\n]"
[2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">[\n]"
[2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> " <soapenv:Header/>[\n]"
[2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> " <soapenv:Body>[\n]"
[2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> " <echo:echoString>[\n]"
[2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> " <in>Test</in>[\n]"
[2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> " </echo:echoString>[\n]"
[2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> " </soapenv:Body>[\n]"
[2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "</soapenv:Envelope>"
[2017-04-27 14:42:41,077] INFO - LogMediator STATUS: = -----------------TestRampartLoadProxy Invoked------------------
[2017-04-27 14:42:41,159] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "POST /services/NonRepudiationBackEND HTTP/1.1[\r][\n]"
[2017-04-27 14:42:41,159] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Accept-Encoding: gzip,deflate[\r][\n]"
[2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Content-Type: text/xml;charset=UTF-8[\r][\n]"
[2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "SOAPAction: "urn:echoString"[\r][\n]"
[2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Transfer-Encoding: chunked[\r][\n]"
[2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"
[2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Connection: Keep-Alive[\r][\n]"
[2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"
[2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "[\r][\n]"
[2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "1413[\r][\n]"
[2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.080Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.080Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-82A538C385C5F453B614932843610897">MIIFdTCCA12gAwIBAgIEXg2aezANBgkqhkiG9w0BAQsFADBjMRUwEwYDVQQDEwxwYXJ0bmVyMi5jb20xDzANBgNVBAsTBkNhcmJvbjENMAsGA1UEChMEV1NPMjEQMA4GA1UEBxMHQ29sb21ibzELMAkGA1UECBMCV1AxCzAJBgNVBAYTAkxLMB4XDTE3MDQyNzA3MDg0OVoXDTE3MDcyNjA3MDg0OVowYzEVMBMGA1UEAxMMcGFydG5lcjIuY29tMQ8wDQYDVQQLEwZDYXJib24xDTALBgNVBAoTBFdTTzIxEDAOBgNVBAcTB0NvbG9tYm8xCzAJBgNVBAgTAldQMQswCQYDVQQGEwJMSzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIUeFnqDGnzcoLEUrUCcRjKAKvgWDFDgSS8fQV8pf5wYoccArkXSbttS+PbBXVhB1L5mzNOBiGYONLg0uLYMQEtVv5GRcqcmNQa4rDTbHykqUjgZfWcaoBmlGqobXkO9yGg7JBDvKqg37jsJ2S9CptV8WYQlxnM2WJWFLxvJHFdoTSd6aAmE0KdG0GYggcrAnV/8OVcCzQ/7ZRExTKBRu+TfWSPVP/dCOrwYPMZzos2+j/KH3nfLtHjJdgOPzL/z6/+ycp87YQh2aSd6LLAK5GBkCAyuYEl7rJ+KDyj0jO3DTRF6PQcCXN5ESvjKqViSVl4myo1WcOcoL9KoyKVQcykPNR2+f7F/jtFp4nIPz2nEGqji6ULt0550Xybwsuflrs8PgST8BsyA1i8pKsdK4sy7EzmxOlE2yG/unURGCstmO8ddXo1ybHQPoz65z2IVO+7hCjRXGZCQtnFNcQSnOwr5sPux03nkW+M8SKVtqQfpUQZ9QbI9xsGKcuqmIGK/12tX5lfIut7oPy30/y0VnHe+6DzYwDkbJCinmU1qeldGYWmpJ522botqZXEDfTBlDRrkEA+Mqv6kjzrlU1AWxB3lCg67wgwEg18oOT6Q1vjaQAtWc27ypsJxLSBcUnk8jzJnynF7A84dOR/TjoR9Xp9H0k/AYaWIofyB9V9FAarfAgMBAAGjMTAvMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQULtY3f9+i8TleKB1DKkW3YPiON9cwDQYJKoZIhvcNAQELBQADggIBAARiUPwci4bi4BKloW/QiQK2A+NCAe8phgMf3d54GM8OW2i2CNGrd5W8qjCIMTP+8PaFFG94zcTZWn+KOz2cru3NZktYiTo25SjdRzSxXadMK6qnWuybgHET55zwmAvju8yCiBVLqBF++3cV2h1EZWThjRYrsWJURFC7p6MNCKLdLfEJUlX5N3cdcyf6k+CenD0it1ktkddKujIkQlyNBpCM8nG6oJi13O5oO4kn9jSngWgcE+6hNv7X/dl9Y4NmrzXld5CMRamh/Mjm5p05dvuagesvZl64kQNZV6U0PF3f5L7PI9j5crm5te0A59jg8zaxv83DstovjcRFAzDqBCo5HTBUkE/L6oiIl1BNbaQalN14LfLqPY4K8ABR6SKa1dUODv3wN5pDkdhdMSyCR06Gt4uclI9haCUEpEndOiSyDoe9lq6+4FTCnDhMjpRm2Fy+MUjKG9ase9DH/71E0i2UQ0pP0ikEtIHUYU6MccobNfYjCBNMh4z6kdvcTXrmKlrtaeAPmnXoDs2pc20cAR80Aa9g6lyAkV1lQLO/axjfTruwmGxIbW0jq5bYKGs0+O/OcY16iENS2wmfSXNVi502CvDIIlIt/f0j4omdz4CCwraj04TGER9/xaK35j8Gkzk/UhcrDb3fDQKXiK1IOcMT+oj8N2tD8teOqZ8CSReo</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">[\n]"
[2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignedInfo>[\n]"
[2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"
[2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>[\n]"
[2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Reference URI="#Id-666433853">[\n]"
[2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transforms>[\n]"
[2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"
[2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Transforms>[\n]"
[2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>[\n]"
[2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>[\n]"
[2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Reference>[\n]"
[2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Reference URI="#Timestamp-5">[\n]"
[2017-04-27 14:42:41,164] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transforms>[\n]"
[2017-04-27 14:42:41,164] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"
[2017-04-27 14:42:41,166] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Transforms>[\n]"
[2017-04-27 14:42:41,166] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>[\n]"
[2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestValue>ZRSs0tPK6yxqHCUv/J0jGSzHnYw=</ds:DigestValue>[\n]"
[2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Reference>[\n]"
[2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:SignedInfo>[\n]"
[2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignatureValue>[\n]"
[2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "CYCLRYfVOaZfVfXVUbxPdDfDT5fjh070Ii9OgIwvW+lQE9MN+yyOuMb7HUY1RU2oNfPUu8XzsWAe[\n]"
[2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "EV9SfHKKDXK+3MRX0SKIk/ZzHG2UxgvPLZQUeyvLkaCeKh6G1ubXMFDr3HeWtZjYyKQnYDt0Rpfv[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "k1PQ7Dufnn1OKu15RHMKvAMHIIxlblJmjGi4JkV3X3OiWiWudKtaUR8mq7qepspVqU66Pm54GdQR[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "UuWY2UH3GzbNsNnKwWGwm/39sJJXD78Ehuv4LQP0cKq/jrc3U897OX4ZmlDkVr2BUCicIwJ+uybz[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "e2bh07yp0TL7MDLLWc+sR4DaylZDFJxUSApaPgxTKBl/4kMDVdVXiOzMAOCVPtnT1dkzmWgTGjWS[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "j37xKu8SkT6rwHnP9hCsJOhszQ+Ua0Tg6dOMFEsNAjZ4dCyF+tfgLAK+wPzphJOn/yEm261fLIDB[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "wgYM7WI4tZM4VBVEBdNa2PNfG0CqY6eNFEOwlTh5SpByh7cwnHQX0NqX1SwYrEVFanKNnmJccbqr[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "FAh50E8gJkEXk6frs2Hkd7AR/RPWdigZtPMRy9O1F74POH9r5toq47ZU9cIWNCl5TPbne4rdzFXU[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "TUy00XeaNQl/92NGHtRi3+ZsD3u5g57mPnHd2y3Cvoxm5EAjHEFx726/DzosdLkiDXaC64jS4oU=[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:SignatureValue>[\n]"
[2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:KeyInfo Id="KeyId-82A538C385C5F453B614932843610898">[\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-82A538C385C5F453B614932843610899"><wsse:Reference URI="#CertId-82A538C385C5F453B614932843610897" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>[\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:KeyInfo>[\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << " <echo:echoString>[\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << " <in>Test</in>[\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << " </echo:echoString>[\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << " </soapenv:Body></soapenv:Envelope>[\r][\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "0[\r][\n]"
[2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "[\r][\n]"
[2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "HTTP/1.1 200 OK[\r][\n]"
[2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"
[2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "SOAPAction: "urn:echoString"[\r][\n]"
[2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"
[2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
[2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Date: Thu, 27 Apr 2017 09:12:41 GMT[\r][\n]"
[2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Server: WSO2-PassThrough-HTTP[\r][\n]"
[2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Transfer-Encoding: chunked[\r][\n]"
[2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Connection: Keep-Alive[\r][\n]"
[2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "[\r][\n]"
[2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "a08[\r][\n]"
[2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.174Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.174Z</wsu:Expires></wsu:Timestamp><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">[\n]"
[2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignedInfo>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Reference URI="#Id-666433853">[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transforms>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Transforms>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Reference>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Reference URI="#Timestamp-5">[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transforms>[\n]"
[2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Transforms>[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestValue>R1RdAeLnHkyi8cHBp8aoPLUF5EY=</ds:DigestValue>[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Reference>[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:SignedInfo>[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignatureValue>[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "KneVvSOq/l5roCjtIYtoMDjgjUm4QYAWVO9tMmVxWYNairpLeE4QyKfpVL6D6y6PZ6PBB34m/PP2[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "tWAyObh22PzlAZZBM/ikbMf7Whsc5mL44tBlKPIUz9PTErLQNTq1QswPeMSCw0uo5mqynYns8LCW[\n]"
[2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "BJG9PHDv4zU8rcSkj3A=[\n]"
[2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:SignatureValue>[\n]"
[2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:KeyInfo Id="KeyId-E822D37D00541EA0F514932843611758">[\n]"
[2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E822D37D00541EA0F514932843611759"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier></wsse:SecurityTokenReference>[\n]"
[2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:KeyInfo>[\n]"
[2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"
[2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> " <echo:echoString>[\n]"
[2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> " <in>Test</in>[\n]"
[2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> " </echo:echoString>[\n]"
[2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> " </soapenv:Body></soapenv:Envelope>[\r][\n]"
[2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "0[\r][\n]"
[2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "[\r][\n]"
[2017-04-27 14:42:41,194] INFO - LogMediator STATUS: = -----------------TestRampartLoadProxy OUT Invoked ------------------
[2017-04-27 14:42:41,195] INFO - LogMediator To: http://www.w3.org/2005/08/addressing/anonymous, WSAction: , SOAPAction: , MessageID: urn:uuid:061fde37-7eac-4170-86f6-97ecea67839e, Direction: response, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.174Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.174Z</wsu:Expires></wsu:Timestamp><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-666433853">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>R1RdAeLnHkyi8cHBp8aoPLUF5EY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
KneVvSOq/l5roCjtIYtoMDjgjUm4QYAWVO9tMmVxWYNairpLeE4QyKfpVL6D6y6PZ6PBB34m/PP2
tWAyObh22PzlAZZBM/ikbMf7Whsc5mL44tBlKPIUz9PTErLQNTq1QswPeMSCw0uo5mqynYns8LCW
BJG9PHDv4zU8rcSkj3A=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-E822D37D00541EA0F514932843611758">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E822D37D00541EA0F514932843611759"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">
<echo:echoString>
<in>Test</in>
</echo:echoString>
</soapenv:Body></soapenv:Envelope>
[2017-04-27 14:42:41,197] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "HTTP/1.1 200 OK[\r][\n]"
[2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"
[2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "SOAPAction: "urn:echoString"[\r][\n]"
[2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Accept-Encoding: gzip,deflate[\r][\n]"
[2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Content-Type: text/xml;charset=UTF-8[\r][\n]"
[2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Date: Thu, 27 Apr 2017 09:12:41 GMT[\r][\n]"
[2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Transfer-Encoding: chunked[\r][\n]"
[2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Connection: Keep-Alive[\r][\n]"
[2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "[\r][\n]"
[2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "19a[\r][\n]"
[2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"
[2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << " <echo:echoString>[\n]"
[2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << " <in>Test</in>[\n]"
[2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << " </echo:echoString>[\n]"
[2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << " </soapenv:Body></soapenv:Envelope>[\r][\n]"
[2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "0[\r][\n]"
[2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "[\r][\n]"
References
[1] https://svn.wso2.org/repos/wso2/people/asela/ws-security/secure-callback/
[2] http://xacmlinfo.org/2014/09/26/improved-callback-for-calling-backend-services-from-wso2esb/