Ajanthan Eliyathamby's Tech Thoughts: April 2017

Sunday, April 30, 2017

Invoke a Secured Backend ( Non-Repudiation ) using WSO2 ESB 5.0.0

This article explains how we can invoke a backend service, which is secured by Non-Repudiation through WSO2 ESB 5.0.0. Here I'm using the class mediator which is written for this purpose by Asela in [1]. The reason behind this class mediator option is clearly mentioned in [2].

[1] https://svn.wso2.org/repos/wso2/people/asela/ws-security/secure-callback/
[2] http://xacmlinfo.org/2014/09/26/improved-callback-for-calling-backend-services-from-wso2esb/

In this sample, I'm using the below flow:

SOAP UI Client -> EBS 5.0.0 Proxy service with secured endpoint with policy -> Backend ( ESB proxy secured with Non-Repudiation )

For the backend, we can use ESB4.8.1 functionality of securing using Non-Repudiation, in which way we can easily secure it using the management console.

1) Created a keystore to use to sign the outgoing request.

 keytool -genkeypair -alias partner2 -keyalg RSA -keysize 4096 -keystore partner2_keystore.jks -dname "C=LK,ST=WP,L=Colombo,O=WSO2,OU=Carbon,CN=partner2.com" -storepass partner2 -keypass partner2 -ext ku:c=dig,keyEncipherment,nR,dataEncipherment

2) As our sample flow is like: Client (SOAP UI) -> ESB 5.0.0 ( Endpoint Secured Proxy ) -> Backend ( ESB Proxy secured with non repudiation policy )

We need to load the wso2carbon certificate to our newly created keystore ( partner2_keystore.jks ).

 keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2carbon.cer  
   
 keytool -import -trustcacerts -alias wso2carbon -file wso2carbon.cer -keystore partner2_keystore.jks -storepass partner2

3) Now if we check our newly created keystore we will see:

 keytool -v -list -keystore partner2_keystore.jks

 Keystore type: JKS  
 Keystore provider: SUN  
   
 Your keystore contains 2 entries  
   
 Alias name: wso2carbon  
 Creation date: Apr 27, 2017  
 Entry type: trustedCertEntry  
   
 Owner: CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US  
 Issuer: CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US  
 Serial number: 4b7e3782  
 Valid from: Fri Feb 19 12:32:26 IST 2010 until: Tue Feb 13 12:32:26 IST 2035  
 Certificate fingerprints:  
       MD5: 02:FB:AA:5F:20:64:49:4A:27:29:55:71:83:F7:46:CD  
       SHA1: 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D  
       SHA256: 1D:72:9F:B8:C4:68:EA:D8:20:A2:A0:BE:4A:DB:8F:BA:BE:D9:AB:1B:A1:26:C9:D2:14:66:C5:70:6E:8E:4D:30  
       Signature algorithm name: SHA1withRSA  
       Version: 3  
   
 Extensions:   
   
 #1: ObjectId: 2.5.29.15 Criticality=true  
 KeyUsage [  
  DigitalSignature  
  Non_repudiation  
  Key_Encipherment  
  Data_Encipherment  
 ]  
   
   
   
 *******************************************  
 *******************************************  
   
   
 Alias name: partner2  
 Creation date: Apr 27, 2017  
 Entry type: PrivateKeyEntry  
 Certificate chain length: 1  
 Certificate[1]:  
 Owner: C=LK, ST=WP, L=Colombo, O=WSO2, OU=Carbon, CN=partner2.com  
 Issuer: C=LK, ST=WP, L=Colombo, O=WSO2, OU=Carbon, CN=partner2.com  
 Serial number: 5e0d9a7b  
 Valid from: Thu Apr 27 12:38:49 IST 2017 until: Wed Jul 26 12:38:49 IST 2017  
 Certificate fingerprints:  
       MD5: 05:1F:15:7F:D1:56:6E:FA:BA:5F:FA:85:57:75:83:A8  
       SHA1: 29:60:F3:5E:F1:06:DF:78:C4:74:89:A3:CE:C4:13:9E:04:16:98:E7  
       SHA256: 59:1B:AE:34:9C:14:EC:EA:5C:35:07:01:16:CE:B9:73:98:A4:86:2B:D8:22:3C:5E:58:B9:FF:F4:08:FB:0D:33  
       Signature algorithm name: SHA256withRSA  
       Version: 3  
   
 Extensions:   
   
 #1: ObjectId: 2.5.29.15 Criticality=true  
 KeyUsage [  
  DigitalSignature  
  Non_repudiation  
  Key_Encipherment  
  Data_Encipherment  
 ]  
   
 #2: ObjectId: 2.5.29.14 Criticality=false  
 SubjectKeyIdentifier [  
 KeyIdentifier [  
 0000: 2E D6 37 7F DF A2 F1 39  5E 28 1D 43 2A 45 B7 60 ..7....9^(.C*E.`  
 0010: F8 8E 37 D7                    ..7.  
 ]  
 ]  
   
   
   
 *******************************************  
 *******************************************

4) Now we need to load the certificate of our client to the backend Server's keystore.

 keytool -export -keystore partner2_keystore.jks -alias partner2 -file partner2.cer  
   
 keytool -import -trustcacerts -alias partner2 -file partner2.cer -keystore wso2carbon.jks -storepass wso2carbon

5) Now we are done with certificate configurations.

6) Then download and copy the org.soasecurity.wssecurity.secure.callback-1.0.0.jar from [1] to ESB_HOME/repository/components/dropins.

7) Restart the ESB and load the partner2_keystore.jks to Keystores in management console.

8) Now create a policy which do the signing and send the message to backend and load it to the registry.

 <wsp:Policy wsu:Id="SigOnly"  
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">  
   <wsp:ExactlyOne>  
     <wsp:All>  
       <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">  
         <wsp:Policy>  
           <sp:InitiatorToken>  
             <wsp:Policy>  
               <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">  
                 <wsp:Policy>  
                   <sp:RequireIssuerSerialReference/>  
                   <sp:WssX509V3Token10/>  
                 </wsp:Policy>  
               </sp:X509Token>  
             </wsp:Policy>  
           </sp:InitiatorToken>  
           <sp:RecipientToken>  
             <wsp:Policy>  
               <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">  
                 <wsp:Policy>  
                   <sp:RequireIssuerSerialReference/>  
                   <sp:WssX509V3Token10/>  
                 </wsp:Policy>  
               </sp:X509Token>  
             </wsp:Policy>  
           </sp:RecipientToken>  
           <sp:AlgorithmSuite>  
             <wsp:Policy>  
               <sp:Basic256/>  
             </wsp:Policy>  
           </sp:AlgorithmSuite>  
           <sp:Layout>  
             <wsp:Policy>  
               <sp:Strict/>  
             </wsp:Policy>  
           </sp:Layout>  
           <sp:IncludeTimestamp/>  
           <sp:OnlySignEntireHeadersAndBody/>  
         </wsp:Policy>  
       </sp:AsymmetricBinding>  
       <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">  
         <wsp:Policy>  
           <sp:MustSupportRefKeyIdentifier/>  
           <sp:MustSupportRefIssuerSerial/>  
         </wsp:Policy>  
       </sp:Wss10>  
       <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">  
         <sp:Body/>  
       </sp:SignedParts>  
     </wsp:All>  
   </wsp:ExactlyOne>  
   <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">  
        <rampart:rampartConfigCallbackClass>org.soasecurity.wssecurity.secure.callback.handler.ESBConfigCallbackHandler</rampart:rampartConfigCallbackClass>  
   </rampart:RampartConfig>  
 </wsp:Policy>

9) Create a proxy as below:

Here:
privateKeyAlias - Alias name of the key inside the partner2_keystore.jks.
keyStore - The keystore we are going to use for the signing.
encryptionKeyAlias - This is the public certificate of the backend. Here I'm using wso2carbon as that's the backend i used in this sample.
http://ajanthan-ThinkPad-T440p:8280/services/NonRepudiationBackEND - This is the mock backend we created using the ESB's non-repudiation feature.

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="TestRampartLoadProxy"  
     startOnLoad="true"  
     statistics="disable"  
     trace="disable"  
     transports="https,http">  
   <target>  
    <inSequence>  
      <log level="custom">  
       <property name="STATUS:"  
            value="-----------------TestRampartLoadProxy Invoked------------------"/>  
      </log>  
      <class name="org.soasecurity.wssecurity.secure.callback.mediator.ESBCallbackMediator">  
       <property name="privateKeyAlias" value="partner2"/>  
       <property name="keyStore" value="partner2_keystore.jks"/>  
       <property name="encryptionKeyAlias" value="wso2carbon"/>  
       <property name="userName" value=""/>  
      </class>  
      <send>  
       <endpoint>  
         <address uri="http://ajanthan-ThinkPad-T440p:8280/services/NonRepudiationBackEND">  
          <enableSec policy="conf:/policy/endpointsignpolicy.xml"/>  
         </address>  
       </endpoint>  
      </send>  
      <log level="custom">  
       <property name="STATUS:"  
            value="-----------------TestRampartLoadProxy Invoked: After Send------------------"/>  
      </log>  
    </inSequence>  
    <outSequence>  
      <log level="custom">  
       <property name="STATUS:"  
            value="-----------------TestRampartLoadProxy OUT Invoked ------------------"/>  
      </log>  
      <log level="full"/>  
      <send/>  
    </outSequence>  
   </target>  
   <description/>  
 </proxy>

10) The Backend Proxy configuration as below:

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="NonRepudiationBackEND"  
     transports="https,http,local"  
     statistics="disable"  
     trace="disable"  
     startOnLoad="true">  
   <target>  
    <inSequence>  
      <log level="custom">  
       <property name="STATUS"  
            value="-----------------NonRepudiationBackEND IN Invoked--------------------"/>  
      </log>  
      <log level="full"/>  
      <respond/>  
    </inSequence>  
   </target>  
   <parameter name="disableREST">true</parameter>  
   <parameter name="ScenarioID">scenario2</parameter>  
   <enableSec/>  
   <policy key="conf:/repository/axis2/service-groups/NonRepudiationBackEND/services/NonRepudiationBackEND/policies/SigOnly"/>  
   <description/>  
 </proxy>

11) For testing send a message as below:

 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">  
   <soapenv:Header/>  
   <soapenv:Body>  
    <echo:echoString>  
      <in>Test</in>  
    </echo:echoString>  
   </soapenv:Body>  
 </soapenv:Envelope>

12) If we checked the wire logs, we can confirm that the message got signed during it goes out from fron end ESB and successfully invoked the backend and another signed message will come as out from the backend and when goes out from front ESB to the SOAP client it will remove the sign part and sent to SOAP client. This is because our front proxy is not secured for response signing only the back invocation is secured.

 [2017-04-27 14:42:41,072] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "POST /services/TestRampartLoadProxy HTTP/1.1[\r][\n]"  
 [2017-04-27 14:42:41,072] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Content-Length: 281[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "ProxySignOnlyHost: ajanthan-ThinkPad-T440p:8282[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "[\r][\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">[\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "  <soapenv:Header/>[\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "  <soapenv:Body>[\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "  </soapenv:Body>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "</soapenv:Envelope>"  
 [2017-04-27 14:42:41,077] INFO - LogMediator STATUS: = -----------------TestRampartLoadProxy Invoked------------------  
 [2017-04-27 14:42:41,159] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "POST /services/NonRepudiationBackEND HTTP/1.1[\r][\n]"  
 [2017-04-27 14:42:41,159] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "[\r][\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "1413[\r][\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.080Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.080Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-82A538C385C5F453B614932843610897">MIIFdTCCA12gAwIBAgIEXg2aezANBgkqhkiG9w0BAQsFADBjMRUwEwYDVQQDEwxwYXJ0bmVyMi5jb20xDzANBgNVBAsTBkNhcmJvbjENMAsGA1UEChMEV1NPMjEQMA4GA1UEBxMHQ29sb21ibzELMAkGA1UECBMCV1AxCzAJBgNVBAYTAkxLMB4XDTE3MDQyNzA3MDg0OVoXDTE3MDcyNjA3MDg0OVowYzEVMBMGA1UEAxMMcGFydG5lcjIuY29tMQ8wDQYDVQQLEwZDYXJib24xDTALBgNVBAoTBFdTTzIxEDAOBgNVBAcTB0NvbG9tYm8xCzAJBgNVBAgTAldQMQswCQYDVQQGEwJMSzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIUeFnqDGnzcoLEUrUCcRjKAKvgWDFDgSS8fQV8pf5wYoccArkXSbttS+PbBXVhB1L5mzNOBiGYONLg0uLYMQEtVv5GRcqcmNQa4rDTbHykqUjgZfWcaoBmlGqobXkO9yGg7JBDvKqg37jsJ2S9CptV8WYQlxnM2WJWFLxvJHFdoTSd6aAmE0KdG0GYggcrAnV/8OVcCzQ/7ZRExTKBRu+TfWSPVP/dCOrwYPMZzos2+j/KH3nfLtHjJdgOPzL/z6/+ycp87YQh2aSd6LLAK5GBkCAyuYEl7rJ+KDyj0jO3DTRF6PQcCXN5ESvjKqViSVl4myo1WcOcoL9KoyKVQcykPNR2+f7F/jtFp4nIPz2nEGqji6ULt0550Xybwsuflrs8PgST8BsyA1i8pKsdK4sy7EzmxOlE2yG/unURGCstmO8ddXo1ybHQPoz65z2IVO+7hCjRXGZCQtnFNcQSnOwr5sPux03nkW+M8SKVtqQfpUQZ9QbI9xsGKcuqmIGK/12tX5lfIut7oPy30/y0VnHe+6DzYwDkbJCinmU1qeldGYWmpJ522botqZXEDfTBlDRrkEA+Mqv6kjzrlU1AWxB3lCg67wgwEg18oOT6Q1vjaQAtWc27ypsJxLSBcUnk8jzJnynF7A84dOR/TjoR9Xp9H0k/AYaWIofyB9V9FAarfAgMBAAGjMTAvMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQULtY3f9+i8TleKB1DKkW3YPiON9cwDQYJKoZIhvcNAQELBQADggIBAARiUPwci4bi4BKloW/QiQK2A+NCAe8phgMf3d54GM8OW2i2CNGrd5W8qjCIMTP+8PaFFG94zcTZWn+KOz2cru3NZktYiTo25SjdRzSxXadMK6qnWuybgHET55zwmAvju8yCiBVLqBF++3cV2h1EZWThjRYrsWJURFC7p6MNCKLdLfEJUlX5N3cdcyf6k+CenD0it1ktkddKujIkQlyNBpCM8nG6oJi13O5oO4kn9jSngWgcE+6hNv7X/dl9Y4NmrzXld5CMRamh/Mjm5p05dvuagesvZl64kQNZV6U0PF3f5L7PI9j5crm5te0A59jg8zaxv83DstovjcRFAzDqBCo5HTBUkE/L6oiIl1BNbaQalN14LfLqPY4K8ABR6SKa1dUODv3wN5pDkdhdMSyCR06Gt4uclI9haCUEpEndOiSyDoe9lq6+4FTCnDhMjpRm2Fy+MUjKG9ase9DH/71E0i2UQ0pP0ikEtIHUYU6MccobNfYjCBNMh4z6kdvcTXrmKlrtaeAPmnXoDs2pc20cAR80Aa9g6lyAkV1lQLO/axjfTruwmGxIbW0jq5bYKGs0+O/OcY16iENS2wmfSXNVi502CvDIIlIt/f0j4omdz4CCwraj04TGER9/xaK35j8Gkzk/UhcrDb3fDQKXiK1IOcMT+oj8N2tD8teOqZ8CSReo</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">[\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Reference URI="#Id-666433853">[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Reference URI="#Timestamp-5">[\n]"  
 [2017-04-27 14:42:41,164] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,164] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"  
 [2017-04-27 14:42:41,166] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,166] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestValue>ZRSs0tPK6yxqHCUv/J0jGSzHnYw=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "CYCLRYfVOaZfVfXVUbxPdDfDT5fjh070Ii9OgIwvW+lQE9MN+yyOuMb7HUY1RU2oNfPUu8XzsWAe[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "EV9SfHKKDXK+3MRX0SKIk/ZzHG2UxgvPLZQUeyvLkaCeKh6G1ubXMFDr3HeWtZjYyKQnYDt0Rpfv[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "k1PQ7Dufnn1OKu15RHMKvAMHIIxlblJmjGi4JkV3X3OiWiWudKtaUR8mq7qepspVqU66Pm54GdQR[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "UuWY2UH3GzbNsNnKwWGwm/39sJJXD78Ehuv4LQP0cKq/jrc3U897OX4ZmlDkVr2BUCicIwJ+uybz[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "e2bh07yp0TL7MDLLWc+sR4DaylZDFJxUSApaPgxTKBl/4kMDVdVXiOzMAOCVPtnT1dkzmWgTGjWS[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "j37xKu8SkT6rwHnP9hCsJOhszQ+Ua0Tg6dOMFEsNAjZ4dCyF+tfgLAK+wPzphJOn/yEm261fLIDB[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "wgYM7WI4tZM4VBVEBdNa2PNfG0CqY6eNFEOwlTh5SpByh7cwnHQX0NqX1SwYrEVFanKNnmJccbqr[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "FAh50E8gJkEXk6frs2Hkd7AR/RPWdigZtPMRy9O1F74POH9r5toq47ZU9cIWNCl5TPbne4rdzFXU[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "TUy00XeaNQl/92NGHtRi3+ZsD3u5g57mPnHd2y3Cvoxm5EAjHEFx726/DzosdLkiDXaC64jS4oU=[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:KeyInfo Id="KeyId-82A538C385C5F453B614932843610898">[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-82A538C385C5F453B614932843610899"><wsse:Reference URI="#CertId-82A538C385C5F453B614932843610897" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:KeyInfo>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "  </soapenv:Body></soapenv:Envelope>[\r][\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "0[\r][\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "HTTP/1.1 200 OK[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Date: Thu, 27 Apr 2017 09:12:41 GMT[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Server: WSO2-PassThrough-HTTP[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "a08[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.174Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.174Z</wsu:Expires></wsu:Timestamp><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">[\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Reference URI="#Id-666433853">[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Reference URI="#Timestamp-5">[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestValue>R1RdAeLnHkyi8cHBp8aoPLUF5EY=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "KneVvSOq/l5roCjtIYtoMDjgjUm4QYAWVO9tMmVxWYNairpLeE4QyKfpVL6D6y6PZ6PBB34m/PP2[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "tWAyObh22PzlAZZBM/ikbMf7Whsc5mL44tBlKPIUz9PTErLQNTq1QswPeMSCw0uo5mqynYns8LCW[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "BJG9PHDv4zU8rcSkj3A=[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:KeyInfo Id="KeyId-E822D37D00541EA0F514932843611758">[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E822D37D00541EA0F514932843611759"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier></wsse:SecurityTokenReference>[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:KeyInfo>[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "  </soapenv:Body></soapenv:Envelope>[\r][\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "0[\r][\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "[\r][\n]"  
 [2017-04-27 14:42:41,194] INFO - LogMediator STATUS: = -----------------TestRampartLoadProxy OUT Invoked ------------------  
 [2017-04-27 14:42:41,195] INFO - LogMediator To: http://www.w3.org/2005/08/addressing/anonymous, WSAction: , SOAPAction: , MessageID: urn:uuid:061fde37-7eac-4170-86f6-97ecea67839e, Direction: response, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.174Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.174Z</wsu:Expires></wsu:Timestamp><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">  
 <ds:SignedInfo>  
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>  
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>  
 <ds:Reference URI="#Id-666433853">  
 <ds:Transforms>  
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>  
 </ds:Transforms>  
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>  
 <ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>  
 </ds:Reference>  
 <ds:Reference URI="#Timestamp-5">  
 <ds:Transforms>  
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>  
 </ds:Transforms>  
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>  
 <ds:DigestValue>R1RdAeLnHkyi8cHBp8aoPLUF5EY=</ds:DigestValue>  
 </ds:Reference>  
 </ds:SignedInfo>  
 <ds:SignatureValue>  
 KneVvSOq/l5roCjtIYtoMDjgjUm4QYAWVO9tMmVxWYNairpLeE4QyKfpVL6D6y6PZ6PBB34m/PP2  
 tWAyObh22PzlAZZBM/ikbMf7Whsc5mL44tBlKPIUz9PTErLQNTq1QswPeMSCw0uo5mqynYns8LCW  
 BJG9PHDv4zU8rcSkj3A=  
 </ds:SignatureValue>  
 <ds:KeyInfo Id="KeyId-E822D37D00541EA0F514932843611758">  
 <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E822D37D00541EA0F514932843611759"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier></wsse:SecurityTokenReference>  
 </ds:KeyInfo>  
 </ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">  
    <echo:echoString>  
      <in>Test</in>  
    </echo:echoString>  
   </soapenv:Body></soapenv:Envelope>  
 [2017-04-27 14:42:41,197] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "HTTP/1.1 200 OK[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Date: Thu, 27 Apr 2017 09:12:41 GMT[\r][\n]"  
 [2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "[\r][\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "19a[\r][\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "  </soapenv:Body></soapenv:Envelope>[\r][\n]"  
 [2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "0[\r][\n]"  
 [2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "[\r][\n]"

References

[1] https://svn.wso2.org/repos/wso2/people/asela/ws-security/secure-callback/
[2] http://xacmlinfo.org/2014/09/26/improved-callback-for-calling-backend-services-from-wso2esb/

Saturday, April 22, 2017

Sending Single character < in a message which goes through a XSLT transformation WSO2 ESB 4.9.0

When we try to send a message which holds single character < we will encounter a problem as explained in [1].

[1] http://ajanthane.blogspot.com/2017/04/reason-behind-comctcwstxexcwstxunexpect.html

Take the below request:

 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">  
   <soapenv:Header/>  
   <soapenv:Body>  
    <Description>Test for escaping &lt; &gt; characters</Description>  
   </soapenv:Body>  
 </soapenv:Envelope>

Which goes through a sample proxy as below:

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="CheckXSLTEscapeCharacters"  
     transports="https,http"  
     statistics="disable"  
     trace="disable"  
     startOnLoad="true">  
   <target>  
    <inSequence>  
      <log level="custom">  
       <property name="STATUS"  
            value="--------------------CheckXSLTEscapeCharacters Invoked--------------------"/>  
      </log>  
      <log level="full"/>  
      <log level="custom">  
       <property name="STATUS"  
            value="--------------------CheckXSLTEscapeCharacters After Log full Invoked--------------------"/>  
      </log>  
      <xslt key="conf:TransformationXSLT.xslt"/>  
      <log level="custom">  
       <property name="STATUS"  
            value="--------------------CheckXSLTEscapeCharacters Invoked After XSLT Transformation--------------------"/>  
      </log>  
      <respond/>  
    </inSequence>  
   </target>  
   <description/>  
 </proxy>

The XSLT used here is as below:

 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="2.0">  
   <xsl:output method="xml" indent="yes" cdata-section-elements="Description"/>  
   <xsl:preserve-space elements="*" />  
   <xsl:template match="Description">  
     <Description>  
      <xsl:value-of select="." disable-output-escaping="yes" />  
     </Description>  
   </xsl:template>  
   <xsl:template match="@*|node()">  
     <xsl:copy>  
       <xsl:apply-templates select="@*|node()"/>  
     </xsl:copy>  
   </xsl:template>  
 </xsl:stylesheet>

During this will get an error as below:

 [2017-04-21 21:15:23,882] DEBUG - wire >> "POST /services/CheckXSLTEscapeCharacters HTTP/1.1[\r][\n]"  
 [2017-04-21 21:15:23,883] DEBUG - wire >> "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-21 21:15:23,883] DEBUG - wire >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-21 21:15:23,883] DEBUG - wire >> "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-21 21:15:23,883] DEBUG - wire >> "Content-Length: 281[\r][\n]"  
 [2017-04-21 21:15:23,883] DEBUG - wire >> "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-21 21:15:23,884] DEBUG - wire >> "Connection: Keep-Alive[\r][\n]"  
 [2017-04-21 21:15:23,884] DEBUG - wire >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"  
 [2017-04-21 21:15:23,884] DEBUG - wire >> "[\r][\n]"  
 [2017-04-21 21:15:23,884] DEBUG - wire >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">[\n]"  
 [2017-04-21 21:15:23,884] DEBUG - wire >> "  <soapenv:Header/>[\n]"  
 [2017-04-21 21:15:23,885] DEBUG - wire >> "  <soapenv:Body>[\n]"  
 [2017-04-21 21:15:23,885] DEBUG - wire >> "   <Description>Test for escaping &lt; &gt; characters</Description>[\n]"  
 [2017-04-21 21:15:23,885] DEBUG - wire >> "  </soapenv:Body>[\n]"  
 [2017-04-21 21:15:23,885] DEBUG - wire >> "</soapenv:Envelope>"  
 [2017-04-21 21:15:23,917] INFO - LogMediator STATUS = --------------------CheckXSLTEscapeCharacters Invoked--------------------  
 [2017-04-21 21:15:23,917] INFO - LogMediator To: /services/CheckXSLTEscapeCharacters, WSAction: urn:echoString, SOAPAction: urn:echoString, MessageID: urn:uuid:4e549a72-8b19-494f-84a9-351509a2b184, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Body>  
    <Description>Test for escaping &lt; > characters</Description>  
   </soapenv:Body></soapenv:Envelope>  
 [2017-04-21 21:15:23,917] INFO - LogMediator STATUS = --------------------CheckXSLTEscapeCharacters After Log full Invoked--------------------  
 [2017-04-21 21:15:31,664] ERROR - XSLTMediator Unable to perform XSLT transformation using : Value {name ='null', keyValue ='conf:TransformationXSLT.xslt'} against source XPath : s11:Body/child::*[position()=1] | s12:Body/child::*[position()=1] reason : com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character ' ' (code 32) in content after '<' (malformed start element?).  
  at [row,col {unknown-source}]: [2,33]  
 org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character ' ' (code 32) in content after '<' (malformed start element?).  
  at [row,col {unknown-source}]: [2,33]  
      at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296)  
      at org.apache.axiom.om.impl.llom.OMSerializableImpl.build(OMSerializableImpl.java:78)  
      at org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:722)  
      at org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:700)  
      at org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:105)  
      at org.apache.axiom.om.impl.llom.OMNodeImpl.insertSiblingAfter(OMNodeImpl.java:203)  
      at org.apache.synapse.mediators.transform.XSLTMediator.performXSLT(XSLTMediator.java:360)  
      at org.apache.synapse.mediators.transform.XSLTMediator.mediate(XSLTMediator.java:196)  
      at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:81)  
      at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:48)  
      at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:149)  
      at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:185)  
      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)  
      at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:395)  
      at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:142)  
      at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)  
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)  
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)  
      at java.lang.Thread.run(Thread.java:745)  
 Caused by: com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character ' ' (code 32) in content after '<' (malformed start element?).  
  at [row,col {unknown-source}]: [2,33]  
      at com.ctc.wstx.sr.StreamScanner.throwUnexpectedChar(StreamScanner.java:639)  
      at com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2843)  
      at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1072)  
      at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:681)  
      at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:214)  
      at org.apache.axiom.om.impl.llom.OMElementImpl.buildNext(OMElementImpl.java:653)  
      at org.apache.axiom.om.impl.llom.OMNodeImpl.getNextOMSibling(OMNodeImpl.java:122)  
      at org.apache.axiom.om.impl.traverse.OMChildrenIterator.getNextNode(OMChildrenIterator.java:36)  
      at org.apache.axiom.om.impl.traverse.OMAbstractIterator.hasNext(OMAbstractIterator.java:58)  
      at org.apache.axiom.om.impl.util.OMSerializerUtil.serializeChildren(OMSerializerUtil.java:554)  
      at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:875)  
      at org.apache.axiom.om.impl.llom.OMSerializableImpl.serialize(OMSerializableImpl.java:125)  
      at org.apache.axiom.om.impl.llom.OMSerializableImpl.serialize(OMSerializableImpl.java:113)  
      at org.apache.axiom.om.impl.llom.OMElementImpl.toString(OMElementImpl.java:988)  
      at org.apache.synapse.mediators.transform.XSLTMediator.performXSLT(XSLTMediator.java:310)  
      ... 12 more  
 [2017-04-21 21:15:31,671] INFO - LogMediator To: /services/CheckXSLTEscapeCharacters, WSAction: urn:echoString, SOAPAction: urn:echoString, MessageID: urn:uuid:4e549a72-8b19-494f-84a9-351509a2b184, Direction: request, MESSAGE = Executing default 'fault' sequence, ERROR_CODE = 0, ERROR_MESSAGE = Unable to perform XSLT transformation using : Value {name ='null', keyValue ='conf:TransformationXSLT.xslt'} against source XPath : s11:Body/child::*[position()=1] | s12:Body/child::*[position()=1] reason : com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character ' ' (code 32) in content after '<' (malformed start element?)., Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Body>  
    <Description>Test for escaping &lt; > characters</Description>  
   </soapenv:Body></soapenv:Envelope>  
 [2017-04-21 21:15:31,672] DEBUG - wire << "HTTP/1.1 202 Accepted[\r][\n]"  
 [2017-04-21 21:15:31,673] DEBUG - wire << "Date: Fri, 21 Apr 2017 15:45:31 GMT[\r][\n]"  
 [2017-04-21 21:15:31,673] DEBUG - wire << "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-21 21:15:31,673] DEBUG - wire << "Connection: Keep-Alive[\r][\n]"  
 [2017-04-21 21:15:31,674] DEBUG - wire << "[\r][\n]"  
 [2017-04-21 21:15:31,674] DEBUG - wire << "0[\r][\n]"  
 [2017-04-21 21:15:31,674] DEBUG - wire << "[\r][\n]"

To overcome this we need to follow the below steps.

1) Create a file named XMLInputFactory.properties inside ESB_HOME folder.

2) Add the below content to it.
javax.xml.stream.isCoalescing=false

3) Make sure to enable cdata-section-elements in the XSLT file. I have already enabled it in the above sample and provided the Description tag, which is the one holds the data which needs to be passed as CDATA segment.

Also make sure that disable-output-escaping="no" in the XSLT stylesheet.

4) Now send the same request. Will get the below log which indicates that we successfully sent the message.

 [2017-04-21 21:28:06,529] DEBUG - wire >> "POST /services/CheckXSLTEscapeCharacters HTTP/1.1[\r][\n]"  
 [2017-04-21 21:28:06,531] DEBUG - wire >> "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-21 21:28:06,531] DEBUG - wire >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "Content-Length: 281[\r][\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "Connection: Keep-Alive[\r][\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "[\r][\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">[\n]"  
 [2017-04-21 21:28:06,532] DEBUG - wire >> "  <soapenv:Header/>[\n]"  
 [2017-04-21 21:28:06,533] DEBUG - wire >> "  <soapenv:Body>[\n]"  
 [2017-04-21 21:28:06,533] DEBUG - wire >> "   <Description>Test for escaping &lt; &gt; characters</Description>[\n]"  
 [2017-04-21 21:28:06,533] DEBUG - wire >> "  </soapenv:Body>[\n]"  
 [2017-04-21 21:28:06,533] DEBUG - wire >> "</soapenv:Envelope>"  
 [2017-04-21 21:28:06,535] INFO - LogMediator STATUS = --------------------CheckXSLTEscapeCharacters Invoked--------------------  
 [2017-04-21 21:28:06,536] INFO - LogMediator To: /services/CheckXSLTEscapeCharacters, WSAction: urn:echoString, SOAPAction: urn:echoString, MessageID: urn:uuid:9813658e-ea39-48aa-9da4-d88e91ac087f, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Body>  
    <Description>Test for escaping &lt; > characters</Description>  
   </soapenv:Body></soapenv:Envelope>  
 [2017-04-21 21:28:06,537] INFO - LogMediator STATUS = --------------------CheckXSLTEscapeCharacters After Log full Invoked--------------------  
 [2017-04-21 21:28:06,543] INFO - LogMediator STATUS = --------------------CheckXSLTEscapeCharacters Invoked After XSLT Transformation--------------------  
 [2017-04-21 21:28:06,554] DEBUG - wire << "HTTP/1.1 200 OK[\r][\n]"  
 [2017-04-21 21:28:06,558] DEBUG - wire << "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-21 21:28:06,559] DEBUG - wire << "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-21 21:28:06,559] DEBUG - wire << "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-21 21:28:06,560] DEBUG - wire << "Content-Type: text/xml;charset=UTF-8; charset=UTF-8[\r][\n]"  
 [2017-04-21 21:28:06,560] DEBUG - wire << "Date: Fri, 21 Apr 2017 15:58:06 GMT[\r][\n]"  
 [2017-04-21 21:28:06,560] DEBUG - wire << "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-21 21:28:06,560] DEBUG - wire << "Connection: Keep-Alive[\r][\n]"  
 [2017-04-21 21:28:06,560] DEBUG - wire << "[\r][\n]"  
 [2017-04-21 21:28:06,560] DEBUG - wire << "145[\r][\n]"  
 [2017-04-21 21:28:06,561] DEBUG - wire << "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">[\n]"  
 [2017-04-21 21:28:06,561] DEBUG - wire << "  <soapenv:Header/>[\n]"  
 [2017-04-21 21:28:06,561] DEBUG - wire << "  <soapenv:Body>[\n]"  
 [2017-04-21 21:28:06,561] DEBUG - wire << "   <Description><![CDATA[Test for escaping < > characters]]></Description>[\n]"  
 [2017-04-21 21:28:06,561] DEBUG - wire << "  </soapenv:Body>[\n]"  
 [2017-04-21 21:28:06,561] DEBUG - wire << "</soapenv:Envelope>[\r][\n]"  
 [2017-04-21 21:28:06,561] DEBUG - wire << "0[\r][\n]"  
 [2017-04-21 21:28:06,562] DEBUG - wire << "[\r][\n]"