Sunday, April 30, 2017

Invoke a Secured Backend ( Non-Repudiation ) using WSO2 ESB 5.0.0

This article explains how we can invoke a backend service, which is secured by Non-Repudiation through WSO2 ESB 5.0.0. Here I'm using the class mediator which is written for this purpose by Asela in [1]. The reason behind this class mediator option is clearly mentioned in [2].

[1] https://svn.wso2.org/repos/wso2/people/asela/ws-security/secure-callback/
[2] http://xacmlinfo.org/2014/09/26/improved-callback-for-calling-backend-services-from-wso2esb/

In this sample, I'm using the below flow:

SOAP UI Client -> EBS 5.0.0 Proxy service with secured endpoint with policy -> Backend ( ESB proxy secured with Non-Repudiation )

For the backend, we can use ESB4.8.1 functionality of securing using Non-Repudiation, in which way we can easily secure it using the management console.

1) Created a keystore to use to sign the outgoing request.

 keytool -genkeypair -alias partner2 -keyalg RSA -keysize 4096 -keystore partner2_keystore.jks -dname "C=LK,ST=WP,L=Colombo,O=WSO2,OU=Carbon,CN=partner2.com" -storepass partner2 -keypass partner2 -ext ku:c=dig,keyEncipherment,nR,dataEncipherment


2) As our sample flow is like: Client (SOAP UI) -> ESB 5.0.0 ( Endpoint Secured Proxy ) -> Backend ( ESB Proxy secured with non repudiation policy )

We need to load the wso2carbon certificate to our newly created keystore ( partner2_keystore.jks ).

 keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2carbon.cer  
   
 keytool -import -trustcacerts -alias wso2carbon -file wso2carbon.cer -keystore partner2_keystore.jks -storepass partner2

3) Now if we check our newly created keystore we will see:

 keytool -v -list -keystore partner2_keystore.jks  


 Keystore type: JKS  
 Keystore provider: SUN  
   
 Your keystore contains 2 entries  
   
 Alias name: wso2carbon  
 Creation date: Apr 27, 2017  
 Entry type: trustedCertEntry  
   
 Owner: CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US  
 Issuer: CN=localhost, O=WSO2, L=Mountain View, ST=CA, C=US  
 Serial number: 4b7e3782  
 Valid from: Fri Feb 19 12:32:26 IST 2010 until: Tue Feb 13 12:32:26 IST 2035  
 Certificate fingerprints:  
       MD5: 02:FB:AA:5F:20:64:49:4A:27:29:55:71:83:F7:46:CD  
       SHA1: 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D  
       SHA256: 1D:72:9F:B8:C4:68:EA:D8:20:A2:A0:BE:4A:DB:8F:BA:BE:D9:AB:1B:A1:26:C9:D2:14:66:C5:70:6E:8E:4D:30  
       Signature algorithm name: SHA1withRSA  
       Version: 3  
   
 Extensions:   
   
 #1: ObjectId: 2.5.29.15 Criticality=true  
 KeyUsage [  
  DigitalSignature  
  Non_repudiation  
  Key_Encipherment  
  Data_Encipherment  
 ]  
   
   
   
 *******************************************  
 *******************************************  
   
   
 Alias name: partner2  
 Creation date: Apr 27, 2017  
 Entry type: PrivateKeyEntry  
 Certificate chain length: 1  
 Certificate[1]:  
 Owner: C=LK, ST=WP, L=Colombo, O=WSO2, OU=Carbon, CN=partner2.com  
 Issuer: C=LK, ST=WP, L=Colombo, O=WSO2, OU=Carbon, CN=partner2.com  
 Serial number: 5e0d9a7b  
 Valid from: Thu Apr 27 12:38:49 IST 2017 until: Wed Jul 26 12:38:49 IST 2017  
 Certificate fingerprints:  
       MD5: 05:1F:15:7F:D1:56:6E:FA:BA:5F:FA:85:57:75:83:A8  
       SHA1: 29:60:F3:5E:F1:06:DF:78:C4:74:89:A3:CE:C4:13:9E:04:16:98:E7  
       SHA256: 59:1B:AE:34:9C:14:EC:EA:5C:35:07:01:16:CE:B9:73:98:A4:86:2B:D8:22:3C:5E:58:B9:FF:F4:08:FB:0D:33  
       Signature algorithm name: SHA256withRSA  
       Version: 3  
   
 Extensions:   
   
 #1: ObjectId: 2.5.29.15 Criticality=true  
 KeyUsage [  
  DigitalSignature  
  Non_repudiation  
  Key_Encipherment  
  Data_Encipherment  
 ]  
   
 #2: ObjectId: 2.5.29.14 Criticality=false  
 SubjectKeyIdentifier [  
 KeyIdentifier [  
 0000: 2E D6 37 7F DF A2 F1 39  5E 28 1D 43 2A 45 B7 60 ..7....9^(.C*E.`  
 0010: F8 8E 37 D7                    ..7.  
 ]  
 ]  
   
   
   
 *******************************************  
 *******************************************

4) Now we need to load the certificate of our client to the backend Server's keystore.

 keytool -export -keystore partner2_keystore.jks -alias partner2 -file partner2.cer  
   
 keytool -import -trustcacerts -alias partner2 -file partner2.cer -keystore wso2carbon.jks -storepass wso2carbon

5) Now we are done with certificate configurations.

6) Then download and copy the org.soasecurity.wssecurity.secure.callback-1.0.0.jar from [1] to ESB_HOME/repository/components/dropins.

7) Restart the ESB and load the partner2_keystore.jks to Keystores in management console.



8) Now create a policy which do the signing and send the message to backend and load it to the registry.

 <wsp:Policy wsu:Id="SigOnly"  
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">  
   <wsp:ExactlyOne>  
     <wsp:All>  
       <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">  
         <wsp:Policy>  
           <sp:InitiatorToken>  
             <wsp:Policy>  
               <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">  
                 <wsp:Policy>  
                   <sp:RequireIssuerSerialReference/>  
                   <sp:WssX509V3Token10/>  
                 </wsp:Policy>  
               </sp:X509Token>  
             </wsp:Policy>  
           </sp:InitiatorToken>  
           <sp:RecipientToken>  
             <wsp:Policy>  
               <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">  
                 <wsp:Policy>  
                   <sp:RequireIssuerSerialReference/>  
                   <sp:WssX509V3Token10/>  
                 </wsp:Policy>  
               </sp:X509Token>  
             </wsp:Policy>  
           </sp:RecipientToken>  
           <sp:AlgorithmSuite>  
             <wsp:Policy>  
               <sp:Basic256/>  
             </wsp:Policy>  
           </sp:AlgorithmSuite>  
           <sp:Layout>  
             <wsp:Policy>  
               <sp:Strict/>  
             </wsp:Policy>  
           </sp:Layout>  
           <sp:IncludeTimestamp/>  
           <sp:OnlySignEntireHeadersAndBody/>  
         </wsp:Policy>  
       </sp:AsymmetricBinding>  
       <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">  
         <wsp:Policy>  
           <sp:MustSupportRefKeyIdentifier/>  
           <sp:MustSupportRefIssuerSerial/>  
         </wsp:Policy>  
       </sp:Wss10>  
       <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">  
         <sp:Body/>  
       </sp:SignedParts>  
     </wsp:All>  
   </wsp:ExactlyOne>  
   <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">  
        <rampart:rampartConfigCallbackClass>org.soasecurity.wssecurity.secure.callback.handler.ESBConfigCallbackHandler</rampart:rampartConfigCallbackClass>  
   </rampart:RampartConfig>  
 </wsp:Policy>

9) Create a proxy as below:

Here:
privateKeyAlias - Alias name of the key inside the partner2_keystore.jks.
keyStore - The keystore we are going to use for the signing.
encryptionKeyAlias - This is the public certificate of the backend. Here I'm using wso2carbon as that's the backend i used in this sample.
http://ajanthan-ThinkPad-T440p:8280/services/NonRepudiationBackEND - This is the mock backend we created using the ESB's non-repudiation feature.

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="TestRampartLoadProxy"  
     startOnLoad="true"  
     statistics="disable"  
     trace="disable"  
     transports="https,http">  
   <target>  
    <inSequence>  
      <log level="custom">  
       <property name="STATUS:"  
            value="-----------------TestRampartLoadProxy Invoked------------------"/>  
      </log>  
      <class name="org.soasecurity.wssecurity.secure.callback.mediator.ESBCallbackMediator">  
       <property name="privateKeyAlias" value="partner2"/>  
       <property name="keyStore" value="partner2_keystore.jks"/>  
       <property name="encryptionKeyAlias" value="wso2carbon"/>  
       <property name="userName" value=""/>  
      </class>  
      <send>  
       <endpoint>  
         <address uri="http://ajanthan-ThinkPad-T440p:8280/services/NonRepudiationBackEND">  
          <enableSec policy="conf:/policy/endpointsignpolicy.xml"/>  
         </address>  
       </endpoint>  
      </send>  
      <log level="custom">  
       <property name="STATUS:"  
            value="-----------------TestRampartLoadProxy Invoked: After Send------------------"/>  
      </log>  
    </inSequence>  
    <outSequence>  
      <log level="custom">  
       <property name="STATUS:"  
            value="-----------------TestRampartLoadProxy OUT Invoked ------------------"/>  
      </log>  
      <log level="full"/>  
      <send/>  
    </outSequence>  
   </target>  
   <description/>  
 </proxy>

10) The Backend Proxy configuration as below:

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="NonRepudiationBackEND"  
     transports="https,http,local"  
     statistics="disable"  
     trace="disable"  
     startOnLoad="true">  
   <target>  
    <inSequence>  
      <log level="custom">  
       <property name="STATUS"  
            value="-----------------NonRepudiationBackEND IN Invoked--------------------"/>  
      </log>  
      <log level="full"/>  
      <respond/>  
    </inSequence>  
   </target>  
   <parameter name="disableREST">true</parameter>  
   <parameter name="ScenarioID">scenario2</parameter>  
   <enableSec/>  
   <policy key="conf:/repository/axis2/service-groups/NonRepudiationBackEND/services/NonRepudiationBackEND/policies/SigOnly"/>  
   <description/>  
 </proxy>

11) For testing send a message as below:

 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">  
   <soapenv:Header/>  
   <soapenv:Body>  
    <echo:echoString>  
      <in>Test</in>  
    </echo:echoString>  
   </soapenv:Body>  
 </soapenv:Envelope>

12) If we checked the wire logs, we can confirm that the message got signed during it goes out from fron end ESB and successfully invoked the backend and another signed message will come as out from the backend and when goes out from front ESB to the SOAP client it will remove the sign part and sent to SOAP client. This is because our front proxy is not secured for response signing only the back invocation is secured.
 [2017-04-27 14:42:41,072] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "POST /services/TestRampartLoadProxy HTTP/1.1[\r][\n]"  
 [2017-04-27 14:42:41,072] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Content-Length: 281[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "ProxySignOnlyHost: ajanthan-ThinkPad-T440p:8282[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,073] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "[\r][\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">[\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "  <soapenv:Header/>[\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "  <soapenv:Body>[\n]"  
 [2017-04-27 14:42:41,074] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "  </soapenv:Body>[\n]"  
 [2017-04-27 14:42:41,075] DEBUG - wire HTTP-Listener I/O dispatcher-3 >> "</soapenv:Envelope>"  
 [2017-04-27 14:42:41,077] INFO - LogMediator STATUS: = -----------------TestRampartLoadProxy Invoked------------------  
 [2017-04-27 14:42:41,159] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "POST /services/NonRepudiationBackEND HTTP/1.1[\r][\n]"  
 [2017-04-27 14:42:41,159] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,160] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "[\r][\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "1413[\r][\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.080Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.080Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-82A538C385C5F453B614932843610897">MIIFdTCCA12gAwIBAgIEXg2aezANBgkqhkiG9w0BAQsFADBjMRUwEwYDVQQDEwxwYXJ0bmVyMi5jb20xDzANBgNVBAsTBkNhcmJvbjENMAsGA1UEChMEV1NPMjEQMA4GA1UEBxMHQ29sb21ibzELMAkGA1UECBMCV1AxCzAJBgNVBAYTAkxLMB4XDTE3MDQyNzA3MDg0OVoXDTE3MDcyNjA3MDg0OVowYzEVMBMGA1UEAxMMcGFydG5lcjIuY29tMQ8wDQYDVQQLEwZDYXJib24xDTALBgNVBAoTBFdTTzIxEDAOBgNVBAcTB0NvbG9tYm8xCzAJBgNVBAgTAldQMQswCQYDVQQGEwJMSzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIUeFnqDGnzcoLEUrUCcRjKAKvgWDFDgSS8fQV8pf5wYoccArkXSbttS+PbBXVhB1L5mzNOBiGYONLg0uLYMQEtVv5GRcqcmNQa4rDTbHykqUjgZfWcaoBmlGqobXkO9yGg7JBDvKqg37jsJ2S9CptV8WYQlxnM2WJWFLxvJHFdoTSd6aAmE0KdG0GYggcrAnV/8OVcCzQ/7ZRExTKBRu+TfWSPVP/dCOrwYPMZzos2+j/KH3nfLtHjJdgOPzL/z6/+ycp87YQh2aSd6LLAK5GBkCAyuYEl7rJ+KDyj0jO3DTRF6PQcCXN5ESvjKqViSVl4myo1WcOcoL9KoyKVQcykPNR2+f7F/jtFp4nIPz2nEGqji6ULt0550Xybwsuflrs8PgST8BsyA1i8pKsdK4sy7EzmxOlE2yG/unURGCstmO8ddXo1ybHQPoz65z2IVO+7hCjRXGZCQtnFNcQSnOwr5sPux03nkW+M8SKVtqQfpUQZ9QbI9xsGKcuqmIGK/12tX5lfIut7oPy30/y0VnHe+6DzYwDkbJCinmU1qeldGYWmpJ522botqZXEDfTBlDRrkEA+Mqv6kjzrlU1AWxB3lCg67wgwEg18oOT6Q1vjaQAtWc27ypsJxLSBcUnk8jzJnynF7A84dOR/TjoR9Xp9H0k/AYaWIofyB9V9FAarfAgMBAAGjMTAvMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQULtY3f9+i8TleKB1DKkW3YPiON9cwDQYJKoZIhvcNAQELBQADggIBAARiUPwci4bi4BKloW/QiQK2A+NCAe8phgMf3d54GM8OW2i2CNGrd5W8qjCIMTP+8PaFFG94zcTZWn+KOz2cru3NZktYiTo25SjdRzSxXadMK6qnWuybgHET55zwmAvju8yCiBVLqBF++3cV2h1EZWThjRYrsWJURFC7p6MNCKLdLfEJUlX5N3cdcyf6k+CenD0it1ktkddKujIkQlyNBpCM8nG6oJi13O5oO4kn9jSngWgcE+6hNv7X/dl9Y4NmrzXld5CMRamh/Mjm5p05dvuagesvZl64kQNZV6U0PF3f5L7PI9j5crm5te0A59jg8zaxv83DstovjcRFAzDqBCo5HTBUkE/L6oiIl1BNbaQalN14LfLqPY4K8ABR6SKa1dUODv3wN5pDkdhdMSyCR06Gt4uclI9haCUEpEndOiSyDoe9lq6+4FTCnDhMjpRm2Fy+MUjKG9ase9DH/71E0i2UQ0pP0ikEtIHUYU6MccobNfYjCBNMh4z6kdvcTXrmKlrtaeAPmnXoDs2pc20cAR80Aa9g6lyAkV1lQLO/axjfTruwmGxIbW0jq5bYKGs0+O/OcY16iENS2wmfSXNVi502CvDIIlIt/f0j4omdz4CCwraj04TGER9/xaK35j8Gkzk/UhcrDb3fDQKXiK1IOcMT+oj8N2tD8teOqZ8CSReo</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">[\n]"  
 [2017-04-27 14:42:41,161] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Reference URI="#Id-666433853">[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"  
 [2017-04-27 14:42:41,162] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,163] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Reference URI="#Timestamp-5">[\n]"  
 [2017-04-27 14:42:41,164] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,164] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>[\n]"  
 [2017-04-27 14:42:41,166] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,166] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:DigestValue>ZRSs0tPK6yxqHCUv/J0jGSzHnYw=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "CYCLRYfVOaZfVfXVUbxPdDfDT5fjh070Ii9OgIwvW+lQE9MN+yyOuMb7HUY1RU2oNfPUu8XzsWAe[\n]"  
 [2017-04-27 14:42:41,167] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "EV9SfHKKDXK+3MRX0SKIk/ZzHG2UxgvPLZQUeyvLkaCeKh6G1ubXMFDr3HeWtZjYyKQnYDt0Rpfv[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "k1PQ7Dufnn1OKu15RHMKvAMHIIxlblJmjGi4JkV3X3OiWiWudKtaUR8mq7qepspVqU66Pm54GdQR[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "UuWY2UH3GzbNsNnKwWGwm/39sJJXD78Ehuv4LQP0cKq/jrc3U897OX4ZmlDkVr2BUCicIwJ+uybz[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "e2bh07yp0TL7MDLLWc+sR4DaylZDFJxUSApaPgxTKBl/4kMDVdVXiOzMAOCVPtnT1dkzmWgTGjWS[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "j37xKu8SkT6rwHnP9hCsJOhszQ+Ua0Tg6dOMFEsNAjZ4dCyF+tfgLAK+wPzphJOn/yEm261fLIDB[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "wgYM7WI4tZM4VBVEBdNa2PNfG0CqY6eNFEOwlTh5SpByh7cwnHQX0NqX1SwYrEVFanKNnmJccbqr[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "FAh50E8gJkEXk6frs2Hkd7AR/RPWdigZtPMRy9O1F74POH9r5toq47ZU9cIWNCl5TPbne4rdzFXU[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "TUy00XeaNQl/92NGHtRi3+ZsD3u5g57mPnHd2y3Cvoxm5EAjHEFx726/DzosdLkiDXaC64jS4oU=[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,168] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<ds:KeyInfo Id="KeyId-82A538C385C5F453B614932843610898">[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-82A538C385C5F453B614932843610899"><wsse:Reference URI="#CertId-82A538C385C5F453B614932843610897" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:KeyInfo>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "  </soapenv:Body></soapenv:Envelope>[\r][\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "0[\r][\n]"  
 [2017-04-27 14:42:41,169] DEBUG - wire HTTP-Sender I/O dispatcher-3 << "[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "HTTP/1.1 200 OK[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Date: Thu, 27 Apr 2017 09:12:41 GMT[\r][\n]"  
 [2017-04-27 14:42:41,183] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Server: WSO2-PassThrough-HTTP[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "a08[\r][\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.174Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.174Z</wsu:Expires></wsu:Timestamp><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">[\n]"  
 [2017-04-27 14:42:41,184] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Reference URI="#Id-666433853">[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Reference URI="#Timestamp-5">[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,185] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Transforms>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:DigestValue>R1RdAeLnHkyi8cHBp8aoPLUF5EY=</ds:DigestValue>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Reference>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:SignedInfo>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "KneVvSOq/l5roCjtIYtoMDjgjUm4QYAWVO9tMmVxWYNairpLeE4QyKfpVL6D6y6PZ6PBB34m/PP2[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "tWAyObh22PzlAZZBM/ikbMf7Whsc5mL44tBlKPIUz9PTErLQNTq1QswPeMSCw0uo5mqynYns8LCW[\n]"  
 [2017-04-27 14:42:41,186] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "BJG9PHDv4zU8rcSkj3A=[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:SignatureValue>[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<ds:KeyInfo Id="KeyId-E822D37D00541EA0F514932843611758">[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E822D37D00541EA0F514932843611759"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier></wsse:SecurityTokenReference>[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:KeyInfo>[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"  
 [2017-04-27 14:42:41,187] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "  </soapenv:Body></soapenv:Envelope>[\r][\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "0[\r][\n]"  
 [2017-04-27 14:42:41,188] DEBUG - wire HTTP-Sender I/O dispatcher-3 >> "[\r][\n]"  
 [2017-04-27 14:42:41,194] INFO - LogMediator STATUS: = -----------------TestRampartLoadProxy OUT Invoked ------------------  
 [2017-04-27 14:42:41,195] INFO - LogMediator To: http://www.w3.org/2005/08/addressing/anonymous, WSAction: , SOAPAction: , MessageID: urn:uuid:061fde37-7eac-4170-86f6-97ecea67839e, Direction: response, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-5"><wsu:Created>2017-04-27T09:12:41.174Z</wsu:Created><wsu:Expires>2017-04-27T09:17:41.174Z</wsu:Expires></wsu:Timestamp><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">  
 <ds:SignedInfo>  
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>  
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>  
 <ds:Reference URI="#Id-666433853">  
 <ds:Transforms>  
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>  
 </ds:Transforms>  
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>  
 <ds:DigestValue>cZzOvBs4Xoea7pl71Jqb8sWcMOE=</ds:DigestValue>  
 </ds:Reference>  
 <ds:Reference URI="#Timestamp-5">  
 <ds:Transforms>  
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>  
 </ds:Transforms>  
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>  
 <ds:DigestValue>R1RdAeLnHkyi8cHBp8aoPLUF5EY=</ds:DigestValue>  
 </ds:Reference>  
 </ds:SignedInfo>  
 <ds:SignatureValue>  
 KneVvSOq/l5roCjtIYtoMDjgjUm4QYAWVO9tMmVxWYNairpLeE4QyKfpVL6D6y6PZ6PBB34m/PP2  
 tWAyObh22PzlAZZBM/ikbMf7Whsc5mL44tBlKPIUz9PTErLQNTq1QswPeMSCw0uo5mqynYns8LCW  
 BJG9PHDv4zU8rcSkj3A=  
 </ds:SignatureValue>  
 <ds:KeyInfo Id="KeyId-E822D37D00541EA0F514932843611758">  
 <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-E822D37D00541EA0F514932843611759"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier></wsse:SecurityTokenReference>  
 </ds:KeyInfo>  
 </ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">  
    <echo:echoString>  
      <in>Test</in>  
    </echo:echoString>  
   </soapenv:Body></soapenv:Envelope>  
 [2017-04-27 14:42:41,197] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "HTTP/1.1 200 OK[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Host: ajanthan-ThinkPad-T440p:8280[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "SOAPAction: "urn:echoString"[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Accept-Encoding: gzip,deflate[\r][\n]"  
 [2017-04-27 14:42:41,203] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Content-Type: text/xml;charset=UTF-8[\r][\n]"  
 [2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Date: Thu, 27 Apr 2017 09:12:41 GMT[\r][\n]"  
 [2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Transfer-Encoding: chunked[\r][\n]"  
 [2017-04-27 14:42:41,204] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "Connection: Keep-Alive[\r][\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "[\r][\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "19a[\r][\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org"><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-666433853">[\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "   <echo:echoString>[\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "     <in>Test</in>[\n]"  
 [2017-04-27 14:42:41,205] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "   </echo:echoString>[\n]"  
 [2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "  </soapenv:Body></soapenv:Envelope>[\r][\n]"  
 [2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "0[\r][\n]"  
 [2017-04-27 14:42:41,206] DEBUG - wire HTTP-Listener I/O dispatcher-3 << "[\r][\n]"


References


[1] https://svn.wso2.org/repos/wso2/people/asela/ws-security/secure-callback/
[2] http://xacmlinfo.org/2014/09/26/improved-callback-for-calling-backend-services-from-wso2esb/
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)