Hello!
I use synapse, to mediate (proxy) secure request from secure
client (client is axis2 1.1.1, secured by rampart module), to a
service, that does not understand security headers, encryption and
signing.
For test, i tried to implement such scheme, using example 103, but
all I've got, is strange Exception:
java.lang.NullPointerException
at
org.apache.ws.security.util.WSSecurityUtil.findElementById(WSSecurityUtil.java:298)
at
org.apache.ws.security.util.WSSecurityUtil.getElementByWsuId(WSSecurityUtil.java:438)
at
org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:176)
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at
org.apache.rampart.RampartEngine.process(RampartEngine.java:71)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:69)
at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:276)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
at
ru.krai.ws.StockQuoteProxyStub.Test(StockQuoteProxyStub.java:154)
at ru.krai.ws.security.test.main(test.java:39)
As i tried to find out what's wrong, i found that exception
occures, inside a cycle, that is searching elements (xml tags) with
given id. Exception is thrown when, after several iterations,
processedNode variable contains null (variable foundElement contains
tag, with X509 certificate). I tried to surround this piece of code
with try/catch, another exception was thrown. This exception indicates,
thet a signature verification failed (as i can see form the debug, the
signature, is a one, signed by X509 certificate, and search procedure
has found x509 certificate included as BST into message);
P.S. When i try to connect to a sample axis2 services, everything
goes fine, no exceptions is thrown
Response that came from synapse is:
<wsdl:definitions
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:chead="http://www.intersystems.com/SOAPheaders"
xmlns:s0="http://ws.krai.ru"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:s="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.xmlsoap.org/wsdl/"
targetNamespace="http://ws.krai.ru"><wsdl:types><s:schema
attributeFormDefault="unqualified" elementFormDefault="qualified"
targetNamespace="http://ws.krai.ru">
<s:element name="Test">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="Param" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="TestResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="TestResult" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
</s:schema><s:schema attributeFormDefault="unqualified"
elementFormDefault="qualified"
targetNamespace="http://www.intersystems.com/SOAPheaders">
<s:element name="CSPCHD" type="chead:CSPCHD" />
<s:complexType name="CSPCHD">
<s:sequence>
<s:element name="id" type="s:string" />
</s:sequence>
</s:complexType>
</s:schema>
</wsdl:types>
<wsdl:message name="TestSoapIn">
<wsdl:part name="part1" element="s0:Test" />
</wsdl:message><wsdl:message
name="CacheSessionHeader"><wsdl:part name="CSPCHD"
element="chead:CSPCHD" /></wsdl:message><wsdl:message
name="TestSoapOut"><wsdl:part name="part1"
element="s0:TestResponse" /></wsdl:message><wsdl:message
name="CacheSessionHeader"><wsdl:part name="CSPCHD"
element="chead:CSPCHD" /></wsdl:message><wsdl:portType
name="StockQuoteProxyPortType"><wsdl:operation
name="Test"><wsdl:input
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
message="s0:TestSoapIn"
wsaw:Action="" class="moz-txt-link-rfc2396E" href="http://ws.krai.ru/KrAI.Test.Service.Test">"http://ws.krai.ru/KrAI.Test.Service.Test"
/><wsdl:output
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
message="s0:TestSoapOut"
wsaw:Action="" class="moz-txt-link-rfc2396E" href="http://ws.krai.ru/TestServiceSoap/TestResponse">"http://ws.krai.ru/TestServiceSoap/TestResponse"
/></wsdl:operation></wsdl:portType><wsdl:binding
name="StockQuoteProxySOAP11Binding"
type="s0:StockQuoteProxyPortType"><wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256
/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict
/></wsp:Policy></sp:Layout><sp:IncludeTimestamp
/><sp:OnlySignEntireHeadersAndBody
/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier
/><sp:MustSupportRefIssuerSerial
/></sp:Policy></sp:Wss10><sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:SignedParts><sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap:binding
transport="http://schemas.xmlsoap.org/soap/http" style="document"
/><wsdl:operation name="Test"><soap:operation
soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document"
/><wsdl:input><soap:body use="literal" /><soap:header
use="literal" part="CSPCHD" message="s0:CacheSessionHeader"
/></wsdl:input><wsdl:output><soap:body use="literal"
/><soap:header use="literal" part="CSPCHD"
message="s0:CacheSessionHeader"
/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:binding
name="StockQuoteProxySOAP12Binding"
type="s0:StockQuoteProxyPortType"><wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256
/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict
/></wsp:Policy></sp:Layout><sp:IncludeTimestamp
/><sp:OnlySignEntireHeadersAndBody
/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier
/><sp:MustSupportRefIssuerSerial
/></sp:Policy></sp:Wss10><sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:SignedParts><sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap12:binding
transport="http://schemas.xmlsoap.org/soap/http" style="document"
/><wsdl:operation name="Test"><soap12:operation
soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document"
/><wsdl:input><soap12:body use="literal"
/><soap12:header use="literal" part="CSPCHD"
message="s0:CacheSessionHeader"
/></wsdl:input><wsdl:output><soap12:body
use="literal" /><soap12:header use="literal" part="CSPCHD"
message="s0:CacheSessionHeader"
/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service
name="StockQuoteProxy"><wsdl:port
name="StockQuoteProxySOAP11port_http"
binding="s0:StockQuoteProxySOAP11Binding"><soap:address
location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy"
/></wsdl:port><wsdl:port
name="StockQuoteProxySOAP12port_http"
binding="s0:StockQuoteProxySOAP12Binding"><soap12:address
location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy"
/></wsdl:port></wsdl:service></wsdl:definitions>
Insecure service WSDL:
<?xml version='1.0' encoding='UTF-8' ?>
<definitions xmlns:http='http://schemas.xmlsoap.org/wsdl/http/'
xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/'
xmlns:s='http://www.w3.org/2001/XMLSchema'
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xmlns:s0='http://ws.krai.ru'
xmlns:SOAP-ENC='http://schemas.xmlsoap.org/soap/encoding/'
xmlns:mime='http://schemas.xmlsoap.org/wsdl/mime/' targetNamespace =
'http://ws.krai.ru'
xmlns:chead='http://www.intersystems.com/SOAPheaders'
xmlns='http://schemas.xmlsoap.org/wsdl/'>
<types>
<s:schema elementFormDefault='qualified' targetNamespace =
'http://ws.krai.ru'>
<s:element name="Test">
<s:complexType>
<s:sequence>
<s:element name="Param" type="s:string" minOccurs="0"
/>
</s:sequence>
</s:complexType>
</s:element>
<s:element name="TestResponse">
<s:complexType>
<s:sequence>
<s:element name="TestResult" type="s:string"
minOccurs="0" />
</s:sequence>
</s:complexType>
</s:element>
</s:schema>
<s:schema elementFormDefault='qualified'
targetNamespace='http://www.intersystems.com/SOAPheaders'>
<s:element name='CSPCHD' type='chead:CSPCHD'/>
<s:complexType name="CSPCHD">
<s:sequence>
<s:element name="id" type="s:string" />
</s:sequence>
</s:complexType>
</s:schema>
</types>
<message name="TestSoapIn">
<part name="parameters" element="s0:Test" />
</message>
<message name="TestSoapOut">
<part name="parameters" element="s0:TestResponse" />
</message>
<message name='CacheSessionHeader'>
<part name='CSPCHD' element='chead:CSPCHD' />
</message>
<portType name='TestServiceSoap'>
<operation name='Test'>
<input message='s0:TestSoapIn' />
<output message='s0:TestSoapOut' />
</operation>
</portType>
<binding name='TestServiceSoap' type='s0:TestServiceSoap' >
<soap:binding
transport='http://schemas.xmlsoap.org/soap/http' style='document' />
<operation name='Test' >
<soap:operation
soapAction='http://ws.krai.ru/KrAI.Test.Service.Test' style='document'
/>
<input>
<soap:body use='literal' />
<soap:header message='s0:CacheSessionHeader'
part='CSPCHD' use='literal' />
</input>
<output>
<soap:body use='literal' />
<soap:header message='s0:CacheSessionHeader'
part='CSPCHD' use='literal' />
</output>
</operation>
</binding>
<service name='TestService' >
<port name='TestServiceSoap' binding='s0:TestServiceSoap'
>
<soap:address
location='http://127.0.0.1:8972/csp/user/KrAI.Test.Service.cls' />
</port>
</service>
</definitions>
Synapse service WSDL:
<wsdl:definitions
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:chead="http://www.intersystems.com/SOAPheaders"
xmlns:s0="http://ws.krai.ru"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:s="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.xmlsoap.org/wsdl/"
targetNamespace="http://ws.krai.ru"><wsdl:types><s:schema
attributeFormDefault="unqualified" elementFormDefault="qualified"
targetNamespace="http://ws.krai.ru">
<s:element name="Test">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="Param" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="TestResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="TestResult" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
</s:schema><s:schema attributeFormDefault="unqualified"
elementFormDefault="qualified"
targetNamespace="http://www.intersystems.com/SOAPheaders">
<s:element name="CSPCHD" type="chead:CSPCHD" />
<s:complexType name="CSPCHD">
<s:sequence>
<s:element name="id" type="s:string" />
</s:sequence>
</s:complexType>
</s:schema></wsdl:types><wsdl:message
name="TestSoapIn"><wsdl:part name="part1" element="s0:Test"
/></wsdl:message><wsdl:message
name="CacheSessionHeader"><wsdl:part name="CSPCHD"
element="chead:CSPCHD" /></wsdl:message><wsdl:message
name="TestSoapOut"><wsdl:part name="part1"
element="s0:TestResponse" /></wsdl:message><wsdl:message
name="CacheSessionHeader"><wsdl:part name="CSPCHD"
element="chead:CSPCHD" /></wsdl:message><wsdl:portType
name="StockQuoteProxyPortType"><wsdl:operation
name="Test"><wsdl:input
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
message="s0:TestSoapIn"
wsaw:Action="" class="moz-txt-link-rfc2396E" href="http://ws.krai.ru/KrAI.Test.Service.Test">"http://ws.krai.ru/KrAI.Test.Service.Test"
/><wsdl:output
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
message="s0:TestSoapOut"
wsaw:Action="" class="moz-txt-link-rfc2396E" href="http://ws.krai.ru/TestServiceSoap/TestResponse">"http://ws.krai.ru/TestServiceSoap/TestResponse"
/></wsdl:operation></wsdl:portType><wsdl:binding
name="StockQuoteProxySOAP11Binding"
type="s0:StockQuoteProxyPortType"><wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256
/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict
/></wsp:Policy></sp:Layout><sp:IncludeTimestamp
/><sp:OnlySignEntireHeadersAndBody
/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier
/><sp:MustSupportRefIssuerSerial
/></sp:Policy></sp:Wss10><sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:SignedParts><sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap:binding
transport="http://schemas.xmlsoap.org/soap/http" style="document"
/><wsdl:operation name="Test"><soap:operation
soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document"
/><wsdl:input><soap:body use="literal" /><soap:header
use="literal" part="CSPCHD" message="s0:CacheSessionHeader"
/></wsdl:input><wsdl:output><soap:body use="literal"
/><soap:header use="literal" part="CSPCHD"
message="s0:CacheSessionHeader"
/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:binding
name="StockQuoteProxySOAP12Binding"
type="s0:StockQuoteProxyPortType"><wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10
/></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256
/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict
/></wsp:Policy></sp:Layout><sp:IncludeTimestamp
/><sp:OnlySignEntireHeadersAndBody
/></wsp:Policy></sp:AsymmetricBinding><sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier
/><sp:MustSupportRefIssuerSerial
/></sp:Policy></sp:Wss10><sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:SignedParts><sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body
/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap12:binding
transport="http://schemas.xmlsoap.org/soap/http" style="document"
/><wsdl:operation name="Test"><soap12:operation
soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document"
/><wsdl:input><soap12:body use="literal"
/><soap12:header use="literal" part="CSPCHD"
message="s0:CacheSessionHeader"
/></wsdl:input><wsdl:output><soap12:body
use="literal" /><soap12:header use="literal" part="CSPCHD"
message="s0:CacheSessionHeader"
/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service
name="StockQuoteProxy"><wsdl:port
name="StockQuoteProxySOAP11port_http"
binding="s0:StockQuoteProxySOAP11Binding"><soap:address
location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy"
/></wsdl:port><wsdl:port
name="StockQuoteProxySOAP12port_http"
binding="s0:StockQuoteProxySOAP12Binding"><soap12:address
location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy"
/></wsdl:port></wsdl:service></wsdl:definitions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
