combine wsdl code generation with username token security

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

combine wsdl code generation with username token security

Jorge Infante Osorio
Hi folks.

I´m try to implement a client for a secure proxy service in ESB, with
username token.

I generated the code client using the wsdl2php script and them I modified
this code with the security requirement  for username token, like this:
NOTE: this is not all the script.

try {

    $my_cert = ws_get_cert_from_file("/var/www/clienteubuntu.cert");
    $my_key = ws_get_key_from_file("/var/www/clienteubuntu.pem");

    // Set up security options
    $security_options = array("useUsernameToken" => TRUE );
    $policy = new WSPolicy(array("security" => $security_options));
    $security_token = new WSSecurityToken(array("user" => "admin",
                                                "password" => "admin",
                                                "passwordType" => "Digest",
    "privateKey" => $my_key,
                                            "certificate" =>
$my_cert));

    // create client in WSDL mode
    $client = new WSClient(array ("wsdl"
=>"http://192.168.231.1:8280/services/HelloServiceProxySecure?wsdl",
                                       "to"
=>"https://192.168.231.1:8243/services/HelloServiceProxySecure",
                                               "classmap" => $class_map,
                                       "useWSA" => TRUE,
                        "policy" => $policy,
                        "securityToken" => $security_token
                                  )
                          );
    // get proxy object reference form client
    $proxy = $client->getProxy();


When I call this script I see this errors:

[Tue Mar  8 17:22:43 2011] [info]  Cannot find path
/usr/lib/php5/20090626+lfs/wsf_c/services.
[Tue Mar  8 17:22:43 2011] [info]  [rampart] rampart_mod initialized
[Tue Mar  8 17:22:43 2011] [info]  [rahas]Rahas module initialized
[Tue Mar 08 17:22:43 2011] [notice] Apache/2.2.14 (Ubuntu)
PHP/5.3.2-1ubuntu4.7 with Suhosin-Patch configured -- resuming normal
operations
[Tue Mar  8 17:22:58 2011] [info]  Cannot find path
/usr/lib/php5/20090626+lfs/wsf_c/services.
[Tue Mar  8 17:22:58 2011] [info]  [rampart] rampart_mod initialized
[Tue Mar  8 17:22:58 2011] [info]  [rahas]Rahas module initialized
[Tue Mar  8 17:22:58 2011] [info]  Starting addressing out handler
[Tue Mar  8 17:22:58 2011] [warning] msg_ctx.c(1384)
RampartClientConfiguration not set in message context
[Tue Mar  8 17:22:58 2011] [error] key_mgr.c(295)
[rampart][rampart_signature] Public key certificate file is not specified.
[Tue Mar  8 17:22:58 2011] [error] rampart_signature.c(856)
[rampart][rampart_signature] Cannot get certificate
[Tue Mar  8 17:22:58 2011] [error] rampart_sec_header_builder.c(131)
[rampart][shb] Signing failed. ERROR
[Tue Mar  8 17:22:58 2011] [error] rampart_sec_header_builder.c(601)
[rampart][shb] Asymmetric Binding failed
[Tue Mar  8 17:22:58 2011] [error] rampart_out_handler.c(130)
[rampart]Security header building failed.
[Tue Mar  8 17:22:58 2011] [error] phase.c(224) Handler RampartOutHandler
invoke failed within phase Security
[Tue Mar  8 17:22:58 2011] [error] engine.c(657) Invoking phase Security
failed
[Tue Mar  8 17:22:58 2011] [error]
/opt/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response
envelope not found
[Tue Mar  8 17:22:58 2011] [info]  [rampart] rampart_mod shutdown
[Tue Mar  8 17:22:58 2011] [info]  [rahas] Rahas module shutdown
[Tue Mar 08 17:22:59 2011] [notice] child pid 1214 exit signal Segmentation
fault (11)


Do you have an example that combine wsdl code generation with username token
security?

By the way the public and private key I have to extracted it from a jks
using portecle-1.7, exist another way? The public certificate is in CER
format and the private key it´s in PEM format.

Thanks,
                Jorge.



_______________________________________________
Wsf-php-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: combine wsdl code generation with username token security

Nandika Jayawardana
When using the WSDL Mode, you have to have the security policy defined
in the WSDL itself. Hence the policy object is not required for the
client options array. Also since your endpoint is an https endpoint,
you need to specify the CACert option in the client options.

Regards
Nandika

On Wed, Mar 9, 2011 at 9:26 AM, Jorge Infante Osorio <[hidden email]> wrote:

> Hi folks.
>
> I´m try to implement a client for a secure proxy service in ESB, with
> username token.
>
> I generated the code client using the wsdl2php script and them I modified
> this code with the security requirement  for username token, like this:
> NOTE: this is not all the script.
>
> try {
>
>    $my_cert = ws_get_cert_from_file("/var/www/clienteubuntu.cert");
>    $my_key = ws_get_key_from_file("/var/www/clienteubuntu.pem");
>
>    // Set up security options
>    $security_options = array("useUsernameToken" => TRUE );
>    $policy = new WSPolicy(array("security" => $security_options));
>    $security_token = new WSSecurityToken(array("user" => "admin",
>                                                "password" => "admin",
>                                                "passwordType" => "Digest",
>                         "privateKey" => $my_key,
>                                                 "certificate" =>
> $my_cert));
>
>    // create client in WSDL mode
>    $client = new WSClient(array ("wsdl"
> =>"http://192.168.231.1:8280/services/HelloServiceProxySecure?wsdl",
>                                       "to"
> =>"https://192.168.231.1:8243/services/HelloServiceProxySecure",
>                                               "classmap" => $class_map,
>                                       "useWSA" => TRUE,
>                        "policy" => $policy,
>                        "securityToken" => $security_token
>                                  )
>                          );
>    // get proxy object reference form client
>    $proxy = $client->getProxy();
>
>
> When I call this script I see this errors:
>
> [Tue Mar  8 17:22:43 2011] [info]  Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar  8 17:22:43 2011] [info]  [rampart] rampart_mod initialized
> [Tue Mar  8 17:22:43 2011] [info]  [rahas]Rahas module initialized
> [Tue Mar 08 17:22:43 2011] [notice] Apache/2.2.14 (Ubuntu)
> PHP/5.3.2-1ubuntu4.7 with Suhosin-Patch configured -- resuming normal
> operations
> [Tue Mar  8 17:22:58 2011] [info]  Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar  8 17:22:58 2011] [info]  [rampart] rampart_mod initialized
> [Tue Mar  8 17:22:58 2011] [info]  [rahas]Rahas module initialized
> [Tue Mar  8 17:22:58 2011] [info]  Starting addressing out handler
> [Tue Mar  8 17:22:58 2011] [warning] msg_ctx.c(1384)
> RampartClientConfiguration not set in message context
> [Tue Mar  8 17:22:58 2011] [error] key_mgr.c(295)
> [rampart][rampart_signature] Public key certificate file is not specified.
> [Tue Mar  8 17:22:58 2011] [error] rampart_signature.c(856)
> [rampart][rampart_signature] Cannot get certificate
> [Tue Mar  8 17:22:58 2011] [error] rampart_sec_header_builder.c(131)
> [rampart][shb] Signing failed. ERROR
> [Tue Mar  8 17:22:58 2011] [error] rampart_sec_header_builder.c(601)
> [rampart][shb] Asymmetric Binding failed
> [Tue Mar  8 17:22:58 2011] [error] rampart_out_handler.c(130)
> [rampart]Security header building failed.
> [Tue Mar  8 17:22:58 2011] [error] phase.c(224) Handler RampartOutHandler
> invoke failed within phase Security
> [Tue Mar  8 17:22:58 2011] [error] engine.c(657) Invoking phase Security
> failed
> [Tue Mar  8 17:22:58 2011] [error]
> /opt/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response
> envelope not found
> [Tue Mar  8 17:22:58 2011] [info]  [rampart] rampart_mod shutdown
> [Tue Mar  8 17:22:58 2011] [info]  [rahas] Rahas module shutdown
> [Tue Mar 08 17:22:59 2011] [notice] child pid 1214 exit signal Segmentation
> fault (11)
>
>
> Do you have an example that combine wsdl code generation with username token
> security?
>
> By the way the public and private key I have to extracted it from a jks
> using portecle-1.7, exist another way? The public certificate is in CER
> format and the private key it´s in PEM format.
>
> Thanks,
>                Jorge.
>
>
>
>



--
Nandika Jayawardana
Technical Lead and Project Manager,
WSO2 Inc ; http://wso2.com
lean.enterprise.middleware
_______________________________________________
Wsf-php-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: combine wsdl code generation with username token security

Jorge Infante Osorio
Thanks.
As the proxy Service use the username token level security inside WSO2 ESB
the policy are in the WSDL itself, but when the client code is generated I
don´t see a different with no-security client code.

Do you have an example that use the CACert option?

Jorge.


-----Mensaje original-----
De: Nandika Jayawardana [mailto:[hidden email]]
Enviado el: martes, 08 de marzo de 2011 23:41
Para: Jorge Infante Osorio
CC: [hidden email]
Asunto: Re: combine wsdl code generation with username token security

When using the WSDL Mode, you have to have the security policy defined in
the WSDL itself. Hence the policy object is not required for the client
options array. Also since your endpoint is an https endpoint, you need to
specify the CACert option in the client options.

Regards
Nandika

On Wed, Mar 9, 2011 at 9:26 AM, Jorge Infante Osorio <[hidden email]> wrote:
> Hi folks.
>
> I´m try to implement a client for a secure proxy service in ESB, with
> username token.
>
> I generated the code client using the wsdl2php script and them I
> modified this code with the security requirement  for username token, like
this:

> NOTE: this is not all the script.
>
> try {
>
>    $my_cert = ws_get_cert_from_file("/var/www/clienteubuntu.cert");
>    $my_key = ws_get_key_from_file("/var/www/clienteubuntu.pem");
>
>    // Set up security options
>    $security_options = array("useUsernameToken" => TRUE );
>    $policy = new WSPolicy(array("security" => $security_options));
>    $security_token = new WSSecurityToken(array("user" => "admin",
>                                                "password" => "admin",
>                                                "passwordType" =>
> "Digest",
>                         "privateKey" => $my_key,
>                                                 "certificate" =>
> $my_cert));
>
>    // create client in WSDL mode
>    $client = new WSClient(array ("wsdl"
> =>"http://192.168.231.1:8280/services/HelloServiceProxySecure?wsdl",
>                                       "to"
> =>"https://192.168.231.1:8243/services/HelloServiceProxySecure",
>                                               "classmap" =>
> $class_map,
>                                       "useWSA" => TRUE,
>                        "policy" => $policy,
>                        "securityToken" => $security_token
>                                  )
>                          );
>    // get proxy object reference form client
>    $proxy = $client->getProxy();
>
>
> When I call this script I see this errors:
>
> [Tue Mar  8 17:22:43 2011] [info]  Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar  8 17:22:43 2011] [info]  [rampart] rampart_mod initialized
> [Tue Mar  8 17:22:43 2011] [info]  [rahas]Rahas module initialized
> [Tue Mar 08 17:22:43 2011] [notice] Apache/2.2.14 (Ubuntu)
> PHP/5.3.2-1ubuntu4.7 with Suhosin-Patch configured -- resuming normal
> operations [Tue Mar  8 17:22:58 2011] [info]  Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar  8 17:22:58 2011] [info]  [rampart] rampart_mod initialized
> [Tue Mar  8 17:22:58 2011] [info]  [rahas]Rahas module initialized
> [Tue Mar  8 17:22:58 2011] [info]  Starting addressing out handler
> [Tue Mar  8 17:22:58 2011] [warning] msg_ctx.c(1384)
> RampartClientConfiguration not set in message context [Tue Mar  8
> 17:22:58 2011] [error] key_mgr.c(295) [rampart][rampart_signature]
> Public key certificate file is not specified.
> [Tue Mar  8 17:22:58 2011] [error] rampart_signature.c(856)
> [rampart][rampart_signature] Cannot get certificate [Tue Mar  8
> 17:22:58 2011] [error] rampart_sec_header_builder.c(131)
> [rampart][shb] Signing failed. ERROR [Tue Mar  8 17:22:58 2011]
> [error] rampart_sec_header_builder.c(601) [rampart][shb] Asymmetric
> Binding failed [Tue Mar  8 17:22:58 2011] [error]
> rampart_out_handler.c(130) [rampart]Security header building failed.
> [Tue Mar  8 17:22:58 2011] [error] phase.c(224) Handler
> RampartOutHandler invoke failed within phase Security [Tue Mar  8
> 17:22:58 2011] [error] engine.c(657) Invoking phase Security failed
> [Tue Mar  8 17:22:58 2011] [error]
> /opt/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response
> envelope not found [Tue Mar  8 17:22:58 2011] [info]  [rampart]
> rampart_mod shutdown [Tue Mar  8 17:22:58 2011] [info]  [rahas] Rahas
> module shutdown [Tue Mar 08 17:22:59 2011] [notice] child pid 1214
> exit signal Segmentation fault (11)
>
>
> Do you have an example that combine wsdl code generation with username
> token security?
>
> By the way the public and private key I have to extracted it from a
> jks using portecle-1.7, exist another way? The public certificate is
> in CER format and the private key it´s in PEM format.
>
> Thanks,
>                Jorge.
>
>
>
>



--
Nandika Jayawardana
Technical Lead and Project Manager,
WSO2 Inc ; http://wso2.com
lean.enterprise.middleware

_______________________________________________
Wsf-php-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: combine wsdl code generation with username token security

Jorge Infante Osorio
The errors change after I added the CACert  and clientCert option:

[Wed Mar  9 20:35:12 2011] [info]  Cannot find path
/usr/lib/php5/20090626+lfs/wsf_c/services.
[Wed Mar  9 20:35:12 2011] [info]  [rampart] rampart_mod initialized
[Wed Mar  9 20:35:12 2011] [info]  [rahas]Rahas module initialized
[Wed Mar  9 20:35:13 2011] [info]  Starting addressing out handler
[Wed Mar  9 20:35:13 2011] [warning] msg_ctx.c(1384)
RampartClientConfiguration not set in message context
[Wed Mar  9 20:35:13 2011] [error] ssl/ssl_utils.c(94) [ssl client] Loading
client key failed, key file /var/www/clienteubuntu.pem
[Wed Mar  9 20:35:13 2011] [error] ssl/ssl_stream.c(99) Error occurred in
SSL engine
[Wed Mar  9 20:35:13 2011] [error] http_client.c(294) Data stream creation
failed for Host 192.168.231.1 and 8243 port
[Wed Mar  9 20:35:13 2011] [error] http_client.c(560) Client data stream
null or socket error for host 192.168.231.1 and 8243 port
[Wed Mar  9 20:35:13 2011] [error] http_client.c(562) A read attempt(HTTP)
for the reply without sending the request
[Wed Mar  9 20:35:13 2011] [error] http_sender.c(1303) status_code < 0
[Wed Mar  9 20:35:13 2011] [error] engine.c(171) Transport sender invoke
failed
[Wed Mar  9 20:35:13 2011] [error]
/opt/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response
envelope not found
[Wed Mar  9 20:35:13 2011] [info]  [rampart] rampart_mod shutdown
[Wed Mar  9 20:35:13 2011] [info]  [rahas] Rahas module shutdown
[Wed Mar 09 20:35:13 2011] [notice] child pid 3928 exit signal Segmentation
fault (11)

The problem now is the way I created the client certificate. I use this
command: keytool -export -alias cliente -file clienteubuntu.pem -keystore
cliente.jks
After that I include the private key I obtain from  Portecle at the end of
the file.


The php file include this code:

NOTE: the policy file are the same that appear in the ESB.

    $policy_xml = file_get_contents("policy.xml");
    $policy = new WSPolicy($policy_xml);
    $security_token = new WSSecurityToken(array("user" => "admin",
                                                "password" => "admin",
                                                "passwordType" => "Digest",
 
"clientCert"=>"clienteubuntu.pem",
                                                "ttl" => 60,
                                                )
                                           );
    // create client in WSDL mode
    $client = new WSClient(array ("wsdl"
=>"http://192.168.231.1:8280/services/HelloServiceProxySecure?wsdl",
                                  "to"
=>"https://192.168.231.1:8243/services/HelloServiceProxySecure",
                                  "classmap" => $class_map,
                                  "useWSA" => TRUE,
                                  "CACert" => "serverca.pem",
                                  "clientCert" => "clienteubuntu.pem",
                                  "passphrase" => "abc1234567890",
                                  "policy" => $policy,
                                  "securityToken" => $security_token
                                  )
                           );


How I can create a valid client certificate?

Jorge.

-----Mensaje original-----
De: [hidden email] [mailto:[hidden email]] En
nombre de Jorge Infante Osorio
Enviado el: miércoles, 09 de marzo de 2011 9:04
Para: 'Nandika Jayawardana'
CC: [hidden email]
Asunto: Re: [wsf-php-user] combine wsdl code generation with username token
security

Thanks.
As the proxy Service use the username token level security inside WSO2 ESB
the policy are in the WSDL itself, but when the client code is generated I
don´t see a different with no-security client code.

Do you have an example that use the CACert option?

Jorge.


-----Mensaje original-----
De: Nandika Jayawardana [mailto:[hidden email]] Enviado el: martes, 08 de
marzo de 2011 23:41
Para: Jorge Infante Osorio
CC: [hidden email]
Asunto: Re: combine wsdl code generation with username token security

When using the WSDL Mode, you have to have the security policy defined in
the WSDL itself. Hence the policy object is not required for the client
options array. Also since your endpoint is an https endpoint, you need to
specify the CACert option in the client options.

Regards
Nandika

On Wed, Mar 9, 2011 at 9:26 AM, Jorge Infante Osorio <[hidden email]> wrote:
> Hi folks.
>
> I´m try to implement a client for a secure proxy service in ESB, with
> username token.
>
> I generated the code client using the wsdl2php script and them I
> modified this code with the security requirement  for username token,
> like
this:

> NOTE: this is not all the script.
>
> try {
>
>    $my_cert = ws_get_cert_from_file("/var/www/clienteubuntu.cert");
>    $my_key = ws_get_key_from_file("/var/www/clienteubuntu.pem");
>
>    // Set up security options
>    $security_options = array("useUsernameToken" => TRUE );
>    $policy = new WSPolicy(array("security" => $security_options));
>    $security_token = new WSSecurityToken(array("user" => "admin",
>                                                "password" => "admin",
>                                                "passwordType" =>
> "Digest",
>                         "privateKey" => $my_key,
>                                                 "certificate" =>
> $my_cert));
>
>    // create client in WSDL mode
>    $client = new WSClient(array ("wsdl"
> =>"http://192.168.231.1:8280/services/HelloServiceProxySecure?wsdl",
>                                       "to"
> =>"https://192.168.231.1:8243/services/HelloServiceProxySecure",
>                                               "classmap" =>
> $class_map,
>                                       "useWSA" => TRUE,
>                        "policy" => $policy,
>                        "securityToken" => $security_token
>                                  )
>                          );
>    // get proxy object reference form client
>    $proxy = $client->getProxy();
>
>
> When I call this script I see this errors:
>
> [Tue Mar  8 17:22:43 2011] [info]  Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar  8 17:22:43 2011] [info]  [rampart] rampart_mod initialized
> [Tue Mar  8 17:22:43 2011] [info]  [rahas]Rahas module initialized
> [Tue Mar 08 17:22:43 2011] [notice] Apache/2.2.14 (Ubuntu)
> PHP/5.3.2-1ubuntu4.7 with Suhosin-Patch configured -- resuming normal
> operations [Tue Mar  8 17:22:58 2011] [info]  Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar  8 17:22:58 2011] [info]  [rampart] rampart_mod initialized
> [Tue Mar  8 17:22:58 2011] [info]  [rahas]Rahas module initialized
> [Tue Mar  8 17:22:58 2011] [info]  Starting addressing out handler
> [Tue Mar  8 17:22:58 2011] [warning] msg_ctx.c(1384)
> RampartClientConfiguration not set in message context [Tue Mar  8
> 17:22:58 2011] [error] key_mgr.c(295) [rampart][rampart_signature]
> Public key certificate file is not specified.
> [Tue Mar  8 17:22:58 2011] [error] rampart_signature.c(856)
> [rampart][rampart_signature] Cannot get certificate [Tue Mar  8
> 17:22:58 2011] [error] rampart_sec_header_builder.c(131)
> [rampart][shb] Signing failed. ERROR [Tue Mar  8 17:22:58 2011]
> [error] rampart_sec_header_builder.c(601) [rampart][shb] Asymmetric
> Binding failed [Tue Mar  8 17:22:58 2011] [error]
> rampart_out_handler.c(130) [rampart]Security header building failed.
> [Tue Mar  8 17:22:58 2011] [error] phase.c(224) Handler
> RampartOutHandler invoke failed within phase Security [Tue Mar  8
> 17:22:58 2011] [error] engine.c(657) Invoking phase Security failed
> [Tue Mar  8 17:22:58 2011] [error]
> /opt/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response
> envelope not found [Tue Mar  8 17:22:58 2011] [info]  [rampart]
> rampart_mod shutdown [Tue Mar  8 17:22:58 2011] [info]  [rahas] Rahas
> module shutdown [Tue Mar 08 17:22:59 2011] [notice] child pid 1214
> exit signal Segmentation fault (11)
>
>
> Do you have an example that combine wsdl code generation with username
> token security?
>
> By the way the public and private key I have to extracted it from a
> jks using portecle-1.7, exist another way? The public certificate is
> in CER format and the private key it´s in PEM format.
>
> Thanks,
>                Jorge.
>
>
>
>



--
Nandika Jayawardana
Technical Lead and Project Manager,
WSO2 Inc ; http://wso2.com
lean.enterprise.middleware

_______________________________________________
Wsf-php-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user

_______________________________________________
Wsf-php-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
Loading...