Powered By Blogger

Feb 19, 2015

Testing secured proxies using a security client 


Please follow the below steps to test a secured proxy

1. Create a Java project with SecurityClient.java and client.properties
 files

2. Add Following configuration parameters to client.properties file

clientRepo = Path for Client repository location. Sample repo can be found in ESB_HOME/samples/axis2Server/repository location.

clientKey =Path for Client’s Key Store.  Here I am using same key Store (wso2carbon.jks). You can find it from ESB_HOME/resources/security.

securityPolicyLocation=Path for the client side security policy files. You can fine 15 policy files from here. https://github.com/sohaniwso2/wso2Articles/tree/master/securityPolicies

trustStore= This is trusted store that is used for ssl communication on https. You can use same key store for this. (wso2carbon.jks)

securityScenarioNo=Security scenario number that used to secure (eg: If it is non-repudiation it is 2)

SoapAction =You can find it from wsdl

endpointHttp =Http endpont of proxy service

endpointHttpS=Https endpont of proxy service

body = Body part of your Soap message

Sample configuration

clientRepo=/home/sohani/Downloads/Desktop/ServerUP/new/wso2esb-4.8.1/samples/axis2Server/repository/
clientKey =/home/sohani/Downloads/Desktop/ServerUP/new/wso2esb-4.8.1/repository/resources/security/wso2carbon.jks
securityPolicyLocation=/home/sohani/Downloads/Desktop/Support/CAPGRPDEV-105/sample_policy/securityPolicies
trustStore=/home/sohani/Downloads/Desktop/ServerUP/new/wso2esb-4.8.1/repository/resources/security/wso2carbon.jks
securityScenarioNo=2
SoapAction =urn:mediate
endpointHttp =http://localhost:8280/services/SampleProxy
endpointHttpS =https://localhost:8243/services/SampleProxy
body=<a/>

3. Copy Following Java code

import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.llom.util.AXIOMUtil;
import org.apache.axiom.om.OMElement;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.RampartMessageData;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.client.Options;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.callback.CallbackHandler;
import java.io.File;
import java.io.IOException;
import java.io.FileInputStream;
import java.util.Properties;

 public class SecurityClient implements CallbackHandler {

  public static void main(String srgs[]) {

         SecurityClient securityCl = new SecurityClient();
        OMElement result = null;
          try {
                result = securityCl.runSecurityClient();
            } catch (Exception e) {
                e.printStackTrace();
            }
            System.out.println(result.toString());

         }

     public OMElement runSecurityClient( ) throws Exception {

         Properties properties = new Properties();
        File file = new File("/home/sohani/workspace_new/TestClient/src/client.properties ");
        FileInputStream freader=new FileInputStream(file);
        properties.load(freader);
        String clientRepo  = properties.getProperty("clientRepo");
        String endpointHttpS   = properties.getProperty("endpointHttpS");
        String endpointHttp   = properties.getProperty("endpointHttp");
        int securityScenario =Integer.parseInt(properties.getProperty("securityScenarioNo"));
        String clientKey = properties.getProperty("clientKey");
        String SoapAction = properties.getProperty("SoapAction");
        String body = properties.getProperty("body");
        String trustStore=properties.getProperty("trustStore");
        String securityPolicy =properties.getProperty("securityPolicyLocation");

         OMElement result = null;

         System.setProperty("javax.net.ssl.trustStore", trustStore);
        System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");

         ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(clientRepo, null);
        ServiceClient sc = new ServiceClient(ctx, null);
        sc.engageModule("rampart");
        sc.engageModule("addressing");

         Options opts = new Options();

             if(securityScenario==1){
                opts.setTo(new EndpointReference(endpointHttpS));
            }else{
                opts.setTo(new EndpointReference(endpointHttp));
            }

         opts.setAction(SoapAction);

             if(securityScenario!=0){
                try {
                    String securityPolicyPath=securityPolicy+File.separator +"scenario"+securityScenario+"-policy.xml";
                    opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(securityPolicyPath,clientKey));
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        sc.setOptions(opts);
        result = sc.sendReceive(AXIOMUtil.stringToOM(body));
        return result;
    }
   
    public Policy loadPolicy(String xmlPath , String clientKey) throws Exception {

         StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
        Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());

         RampartConfig rc = new RampartConfig();

         rc.setUser("admin");
        rc.setUserCertAlias("wso2carbon");
        rc.setEncryptionUser("wso2carbon");
        rc.setPwCbClass(SecurityClient.class.getName());

         CryptoConfig sigCryptoConfig = new CryptoConfig();
        sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

         Properties prop1 = new Properties();
        prop1.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
        prop1.put("org.apache.ws.security.crypto.merlin.file", clientKey);
        prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
        sigCryptoConfig.setProp(prop1);

         CryptoConfig encrCryptoConfig = new CryptoConfig();
        encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

         Properties prop2 = new Properties();
        prop2.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
        prop2.put("org.apache.ws.security.crypto.merlin.file", clientKey);
        prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
        encrCryptoConfig.setProp(prop2);

         rc.setSigCryptoConfig(sigCryptoConfig);
        rc.setEncrCryptoConfig(encrCryptoConfig);

         policy.addAssertion(rc);
        return policy;
    }

     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

         WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[0];
        String id = pwcb.getIdentifer();
        int usage = pwcb.getUsage();

         if (usage == WSPasswordCallback.USERNAME_TOKEN) {

            if ("admin".equals(id)) {
               pwcb.setPassword("admin");
           }

         } else if (usage == WSPasswordCallback.SIGNATURE || usage == WSPasswordCallback.DECRYPT) {

             if ("wso2carbon".equals(id)) {
                pwcb.setPassword("wso2carbon");
            }
        }
    }
}

4. Add relevant libraries to your class path

It is easy , Go to ESB_HOME/bin and run ant command. You will see created jar file in ESB_HOME/repository/lib  directory. Do not forget to add saxon9he.jar  that is in ESB_HOME/lib/endorsed directory.

5. Then run your secured client

Posted by
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)