[wsf-php-user] combine wsdl code generation with username token security
Jorge Infante Osorio
jorgeio at uci.cu
Wed Mar 9 18:08:19 PST 2011
The errors change after I added the CACert and clientCert option:
[Wed Mar 9 20:35:12 2011] [info] Cannot find path
/usr/lib/php5/20090626+lfs/wsf_c/services.
[Wed Mar 9 20:35:12 2011] [info] [rampart] rampart_mod initialized
[Wed Mar 9 20:35:12 2011] [info] [rahas]Rahas module initialized
[Wed Mar 9 20:35:13 2011] [info] Starting addressing out handler
[Wed Mar 9 20:35:13 2011] [warning] msg_ctx.c(1384)
RampartClientConfiguration not set in message context
[Wed Mar 9 20:35:13 2011] [error] ssl/ssl_utils.c(94) [ssl client] Loading
client key failed, key file /var/www/clienteubuntu.pem
[Wed Mar 9 20:35:13 2011] [error] ssl/ssl_stream.c(99) Error occurred in
SSL engine
[Wed Mar 9 20:35:13 2011] [error] http_client.c(294) Data stream creation
failed for Host 192.168.231.1 and 8243 port
[Wed Mar 9 20:35:13 2011] [error] http_client.c(560) Client data stream
null or socket error for host 192.168.231.1 and 8243 port
[Wed Mar 9 20:35:13 2011] [error] http_client.c(562) A read attempt(HTTP)
for the reply without sending the request
[Wed Mar 9 20:35:13 2011] [error] http_sender.c(1303) status_code < 0
[Wed Mar 9 20:35:13 2011] [error] engine.c(171) Transport sender invoke
failed
[Wed Mar 9 20:35:13 2011] [error]
/opt/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response
envelope not found
[Wed Mar 9 20:35:13 2011] [info] [rampart] rampart_mod shutdown
[Wed Mar 9 20:35:13 2011] [info] [rahas] Rahas module shutdown
[Wed Mar 09 20:35:13 2011] [notice] child pid 3928 exit signal Segmentation
fault (11)
The problem now is the way I created the client certificate. I use this
command: keytool -export -alias cliente -file clienteubuntu.pem -keystore
cliente.jks
After that I include the private key I obtain from Portecle at the end of
the file.
The php file include this code:
NOTE: the policy file are the same that appear in the ESB.
$policy_xml = file_get_contents("policy.xml");
$policy = new WSPolicy($policy_xml);
$security_token = new WSSecurityToken(array("user" => "admin",
"password" => "admin",
"passwordType" => "Digest",
"clientCert"=>"clienteubuntu.pem",
"ttl" => 60,
)
);
// create client in WSDL mode
$client = new WSClient(array ("wsdl"
=>"http://192.168.231.1:8280/services/HelloServiceProxySecure?wsdl",
"to"
=>"https://192.168.231.1:8243/services/HelloServiceProxySecure",
"classmap" => $class_map,
"useWSA" => TRUE,
"CACert" => "serverca.pem",
"clientCert" => "clienteubuntu.pem",
"passphrase" => "abc1234567890",
"policy" => $policy,
"securityToken" => $security_token
)
);
How I can create a valid client certificate?
Jorge.
-----Mensaje original-----
De: wsf-php-user-bounces at wso2.org [mailto:wsf-php-user-bounces at wso2.org] En
nombre de Jorge Infante Osorio
Enviado el: miércoles, 09 de marzo de 2011 9:04
Para: 'Nandika Jayawardana'
CC: wsf-php-user at wso2.org
Asunto: Re: [wsf-php-user] combine wsdl code generation with username token
security
Thanks.
As the proxy Service use the username token level security inside WSO2 ESB
the policy are in the WSDL itself, but when the client code is generated I
don´t see a different with no-security client code.
Do you have an example that use the CACert option?
Jorge.
-----Mensaje original-----
De: Nandika Jayawardana [mailto:nandika at wso2.com] Enviado el: martes, 08 de
marzo de 2011 23:41
Para: Jorge Infante Osorio
CC: wsf-php-user at wso2.org
Asunto: Re: combine wsdl code generation with username token security
When using the WSDL Mode, you have to have the security policy defined in
the WSDL itself. Hence the policy object is not required for the client
options array. Also since your endpoint is an https endpoint, you need to
specify the CACert option in the client options.
Regards
Nandika
On Wed, Mar 9, 2011 at 9:26 AM, Jorge Infante Osorio <jorgeio at uci.cu> wrote:
> Hi folks.
>
> I´m try to implement a client for a secure proxy service in ESB, with
> username token.
>
> I generated the code client using the wsdl2php script and them I
> modified this code with the security requirement for username token,
> like
this:
> NOTE: this is not all the script.
>
> try {
>
> $my_cert = ws_get_cert_from_file("/var/www/clienteubuntu.cert");
> $my_key = ws_get_key_from_file("/var/www/clienteubuntu.pem");
>
> // Set up security options
> $security_options = array("useUsernameToken" => TRUE );
> $policy = new WSPolicy(array("security" => $security_options));
> $security_token = new WSSecurityToken(array("user" => "admin",
> "password" => "admin",
> "passwordType" =>
> "Digest",
> "privateKey" => $my_key,
> "certificate" =>
> $my_cert));
>
> // create client in WSDL mode
> $client = new WSClient(array ("wsdl"
> =>"http://192.168.231.1:8280/services/HelloServiceProxySecure?wsdl",
> "to"
> =>"https://192.168.231.1:8243/services/HelloServiceProxySecure",
> "classmap" =>
> $class_map,
> "useWSA" => TRUE,
> "policy" => $policy,
> "securityToken" => $security_token
> )
> );
> // get proxy object reference form client
> $proxy = $client->getProxy();
>
>
> When I call this script I see this errors:
>
> [Tue Mar 8 17:22:43 2011] [info] Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar 8 17:22:43 2011] [info] [rampart] rampart_mod initialized
> [Tue Mar 8 17:22:43 2011] [info] [rahas]Rahas module initialized
> [Tue Mar 08 17:22:43 2011] [notice] Apache/2.2.14 (Ubuntu)
> PHP/5.3.2-1ubuntu4.7 with Suhosin-Patch configured -- resuming normal
> operations [Tue Mar 8 17:22:58 2011] [info] Cannot find path
> /usr/lib/php5/20090626+lfs/wsf_c/services.
> [Tue Mar 8 17:22:58 2011] [info] [rampart] rampart_mod initialized
> [Tue Mar 8 17:22:58 2011] [info] [rahas]Rahas module initialized
> [Tue Mar 8 17:22:58 2011] [info] Starting addressing out handler
> [Tue Mar 8 17:22:58 2011] [warning] msg_ctx.c(1384)
> RampartClientConfiguration not set in message context [Tue Mar 8
> 17:22:58 2011] [error] key_mgr.c(295) [rampart][rampart_signature]
> Public key certificate file is not specified.
> [Tue Mar 8 17:22:58 2011] [error] rampart_signature.c(856)
> [rampart][rampart_signature] Cannot get certificate [Tue Mar 8
> 17:22:58 2011] [error] rampart_sec_header_builder.c(131)
> [rampart][shb] Signing failed. ERROR [Tue Mar 8 17:22:58 2011]
> [error] rampart_sec_header_builder.c(601) [rampart][shb] Asymmetric
> Binding failed [Tue Mar 8 17:22:58 2011] [error]
> rampart_out_handler.c(130) [rampart]Security header building failed.
> [Tue Mar 8 17:22:58 2011] [error] phase.c(224) Handler
> RampartOutHandler invoke failed within phase Security [Tue Mar 8
> 17:22:58 2011] [error] engine.c(657) Invoking phase Security failed
> [Tue Mar 8 17:22:58 2011] [error]
> /opt/wso2-wsf-php-src-2.1.0/src/wsf_wsdl.c(1226) [wsf_wsdl] Response
> envelope not found [Tue Mar 8 17:22:58 2011] [info] [rampart]
> rampart_mod shutdown [Tue Mar 8 17:22:58 2011] [info] [rahas] Rahas
> module shutdown [Tue Mar 08 17:22:59 2011] [notice] child pid 1214
> exit signal Segmentation fault (11)
>
>
> Do you have an example that combine wsdl code generation with username
> token security?
>
> By the way the public and private key I have to extracted it from a
> jks using portecle-1.7, exist another way? The public certificate is
> in CER format and the private key it´s in PEM format.
>
> Thanks,
> Jorge.
>
>
>
>
--
Nandika Jayawardana
Technical Lead and Project Manager,
WSO2 Inc ; http://wso2.com
lean.enterprise.middleware
_______________________________________________
Wsf-php-user mailing list
Wsf-php-user at wso2.org
https://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
More information about the Wsf-php-user
mailing list