问题
I am trying to call a secure proxy service in WSO2 ESB. I followed this tutorial. I have successfully called the proxy service. I have also received the response in my proxy service "Out" sequence. But when I am sending this response back to SOAPUI. I am facing certain problems.
I have done all the configurations as mentioned in the tutorial.
First Method:
When I try to send my request and define "Authentication" Properties in the following way. In which i include both the Outgoing WSS and Incoming WSS, First SoapUI asks for password(password is "wso2carbon") then it shows error.
Error:
Error Getting Response :null
Second Way:
When i only include Outgoing WSS in the "Authentication Properties", SoapUI didn't ask for password and also gets a response. But the response is encrypted and didn't contain my result.
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-174" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2015-02-18T16:18:38.284Z</wsu:Created>
<wsu:Expires>2015-02-18T16:23:38.284Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey Id="EncKeyId-F8FEAAA25C72C38AF11424276318297215">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>R4aI0V2uS7h64n7qEMwzvs6iFN9YCTM7iMW7N+L3IxMP+Z7R9wwzlJpJ4vE3+tunVZyqdHzuOxGP0b3LLhNUsc7ys9QByvJoID3RkfkBlSz4AstOffL4t4CKIepx4fGXccFj0cvKxDrv/4SNREO2cQsHtYnsl/LOktxsq3Cd3kc=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-177"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse11:SignatureConfirmation Value="ZhUpeBE6eupgRfq+ZBKCb7lvdNeSfC/XP+9q9pgr41u53oFa93+yJ0lM5E+nqlK/8NvW4We8RYUSLwNZiJZnZ5bHBXADR9+mGsWi+mGv2grpSNS1/x40bsTSfbe+YTL1azQQNrdyFUBZHazX9I6VXaau1rYS6Wak1MC7Ndtmas4=" wsu:Id="SigConf-175" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
<ds:Signature Id="Signature-176" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-1240651390">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>E9q9gvsO64SKD7LFluO62pEpFIM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-174">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Y8ICfco6fqwNx0SC6eVN+fWGo6M=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#SigConf-175">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>VJe/lgh2CALKbFN1B+YKif6HJVM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>FbmcmvnHalQH14UiN9m6sVNsFoy0/IAS5tsdg2hg7n5kxD/MiNz/MS9w/q0VESAT61eV4/u8p+ho
HP0ehudU2s+U/PjGNU2M2eG7hI4T43gfdXLaOOemv4LcOeJwLTTp0at2AC2CRexUNmUMQ1UhQsoU
qrDYb/fHh47p+sOkbGE=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-F8FEAAA25C72C38AF11424276318286212">
<wsse:SecurityTokenReference wsu:Id="STRId-F8FEAAA25C72C38AF11424276318286213" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">a/jhNus21KVuoFx65LmkW2O/l10=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-1240651390" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="EncDataId-177" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-F8FEAAA25C72C38AF11424276318297215"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Jg/EODedQJtbgBYc7xUa86fAtgALcbsHoiwDLJkyoPLOq1+Se+A/HEQOnmYwJhl7prw7pVK0ap3N
4F3Yvw3gZu0cdS+AUEAikrUzYdMwJAbQ8BYGSqK5IFdHourk74cFsshMYaMLqkwIgN+ZvmPuHxI8
tZCv+DF0kHecsq7qLXIfjxvI87TNygkzaj9gOex/</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
Note:
There is no error in ESB Logs in any case. I am using WSO2 ESB 4.8.1. and SoapUI 5.0.0. If you need any more information about my proxy service code and my request, it is exactly same as mentioned in the tutorial. And it works fine because there is a response in out sequence of ESB.
Problem:
I want to understand two things , first why is my response in in encrypted form and how to decrypt it. Second Why when in include "Incoming WSS", there is no response at all?
回答1:
Well that took me a while to figure out as had same issue after upgrading from SoapUI 4.5 (which worked) to 5.1.3 (which didn't).
The error is in this file: C:\Program Files\SmartBear\SoapUI-5.1.3\bin\soapui-errors.log
Easiest fix is this:
- Go to C:\Program Files\SmartBear\SoapUI-5.1.3\lib
- Rename wss4j-1.6.16.jar to wss4j-1.6.16.jar.old
- Copy wss4j-1.6.2.jar from same location for SoapUI 4.5 to this folder.
Restart and it works now.
Answer based on this link so credit to Thorsten to pointing me in the right direction: http://community.smartbear.com/t5/SoapUI-NG/SoapUI-4-5-difference-Getting-Error-getting-response-NULL/m-p/41816/highlight/true#M21455
回答2:
I had a very similar problem and I solved it by exchanging xmlsec-1.4.5.jar with a newer one, e.g. xmlsec-1.5.8.jar Hope this helps...
来源:https://stackoverflow.com/questions/28582769/how-to-decrypt-recieving-message-from-wso2-secured-proxy-service-in-soap-ui-5-0