我开始在我的公司使用wso2EI。我们需要调用公开我们的提供者的服务。这个服务是一个SOAP Web服务,通过密钥库在身体中签名(他们发送给我一个pfx),并且想法是使用wso2EI通过这个应用程序调用该服务以进行内部消费。
所以,我创建了一个代理服务和Policy.xml。当我尝试在没有Policy.xml的情况下调用代理服务时,我发出了一个带编码的请求,它可以正常工作。但是,当我把政策即时面临以下错误:
[-1234] [] [PassThroughMessageProcessor-351] ERROR {org.apache.synapse.core.axis2.Axis2Sender} - Unexpected error during sending message out java.lang.NullPointerException at sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:58) at sun.security.provider.JavaKeyStore.engineGetCertificateChain(JavaKeyStore.java:163) at sun.security.provider.JavaKeyStore$JKS.engineGetCertificateChain(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineGetCertificateChain(KeyStoreDelegator.java:101) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetCertificateChain(JavaKeyStore.java:70) at java.security.KeyStore.getCertificateChain(KeyStore.java:1048) at org.apache.ws.security.components.crypto.CryptoBase.getCertificates(CryptoBase.java:468) at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:313) at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:351) at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:266) at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:762) at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:457) at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:97) at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426) at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:185) at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:167) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:603) at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:85) at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:547) at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:384) at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:65) at org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:123) at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108) at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70) at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158) at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:224) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:415) at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
代理是:
<in><header> <sec:OriginPoint xmlns:sec="http://esb.xxx.com/sec/">cd</sec:OriginPoint> </header> <send buildmessage="true"> <endpoint> <address uri="https://xxx.xxx.xxx.xxx:4443/ESB-Host-secure-services/http/host-secure-services/serviceSecureRouter"> <enableSec policy="gov:ws-policy/Policy.xml"/> </address> </endpoint> </send> </in> <out> <log level="full"/> <send/> </out>
和政策:
<wsp:Policy wsu:Id="signingpolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefEmbeddedToken/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">xx/xx/xx/certificado.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">xxx</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig>
</wsp:All> </wsp:ExactlyOne> </wsp:Policy>
UPDATE
在使用DEBUG选项设置org.apache.synapse.transport.http.wire之后,我开始在日志中查看resoponse,但是servirce继续失败。错误是这样的:
[2019-03-19 16:29:29,620] [-1] [] [PassThroughMessageProcessor-2] ERROR {org.apache.axis2.transport.base.threads.NativeWorkerPool} - Uncaught exception java.lang.NullPointerException at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:265) at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:124) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249) at org.apache.rampart.RampartEngine.process(RampartEngine.java:221) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:93) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at org.apache.synapse.transport.passthru.ClientWorker.run(ClientWorker.java:263) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
代理服务器仍然是相同的。
更新2最后我做到了!!!问题出在代理服务和安全中介上。这是最终的代理服务。谢谢大家!!:
<inSequence> <header> <sec:OriginPoint xmlns:sec="http://esb.firstdata.com/sec/">cencosud</sec:OriginPoint> </header> <send> <endpoint> <address uri="https://172.24.4.215:4443/ESB-Host-secure-services/http/host-secure-services/serviceSecureRouter"> <enableAddressing/> <enableSec outboundPolicy="gov:ws-policy/Policy.xml"/> </address> </endpoint> </send> </inSequence> </target> <description/> </proxy>
有两件事让我很突出:根据错误,您似乎有一些密钥库或证书别名问题。一些事情要尝试: