WSO2 ESB 소비 WCF 인증서가있는 보안 방법

Question

WSO2 ESB에서 새로워졌습니다. 자체 인증서로 보안 된 wsHttpBinding을 사용하여 wcf 서비스를 구축했습니다. 그 서비스를 ESB와 통합하는 방법을 찾을 수 없습니다. 제안 사항을 알려주십시오.

makecert 명령을 사용하여 자체 서명 된 인증서를 만들었지 만 생성 된 인증서를 사용하도록 성벽을 구성 할 수 없습니다. 내가 어떻게 할 수 있니? 나는 길을 잃었다. 내있는 wsHttpBinding은 다음과 같습니다

<wsHttpBinding> 
    <binding name="BasicHttpAuthentication_Config">   
     <security mode="Message"> 
     <message clientCredentialType="UserName" algorithmSuite="Basic256" establishSecurityContext="false"/> 
     </security> 
    </binding> 
    </wsHttpBinding> 

와 성벽의 구성은 다음과 같습니다 : 나는 프록시 서비스를 만든 후 다음과 같은 오류

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
      <ramp:user>acc1</ramp:user> 
      <ramp:userCertAlias>acc1</ramp:userCertAlias> 
      <ramp:encryptionUser>acc1</ramp:encryptionUser> 
      <ramp:passwordCallbackClass>org.wso2.samples.pwcb.PWCBHandler</ramp:passwordCallbackClass> 
      <ramp:TimeToLive>360</ramp:TimeToLive> 
      <ramp:signatureCrypto> 
       <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.file">C:\ESB_HOME\repository\resources\security\cert1.pfx</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">123</ramp:property> 
       </ramp:crypto> 
      </ramp:signatureCrypto> 
      <ramp:encryptionCypto> 
       <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.file">C:\ESB_HOME\repository\resources\security\cert1.pfx</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">123</ramp:property> 
       </ramp:crypto> 
      </ramp:encryptionCypto> 
     </ramp:RampartConfig> 

내가 가지고 :

org.apache.synapse.SynapseException: Unexpected error during sending message out at org.apache.synapse.core.axis2.Axis2Sender.handleException(Axis2Sender.java:257) at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:84) at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:548) at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:382) at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:65) at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:231) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403) at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.apache.axis2.AxisFault: Signature token missing at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426) at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:185) at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:167) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:581) at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:78) ... 11 more Caused by: org.apache.rampart.RampartException: Signature token missing at org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:434) at org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:86) at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144) at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) ... 20 more 

을 내가 뭘해야 작동하게 만드시겠습니까? 전체 정책 파일은 다음과 같습니다 : 나는 그것을 알아 낸

<wsp:Policy wsu:Id="WSHttpBinding_IBasicHttpService_policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"> 
<wsp:ExactlyOne> 
    <wsp:All> 
     <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
      <wsp:Policy> 
       <sp:ProtectionToken> 
        <wsp:Policy> 
         <mssp:SslContextToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy"> 
          <wsp:Policy> 
           <sp:RequireDerivedKeys/> 
          </wsp:Policy> 
         </mssp:SslContextToken> 
        </wsp:Policy> 
       </sp:ProtectionToken> 
       <sp:AlgorithmSuite> 
        <wsp:Policy> 
         <sp:Basic256/> 
        </wsp:Policy> 
       </sp:AlgorithmSuite> 
       <sp:Layout> 
        <wsp:Policy> 
         <sp:Strict/> 
        </wsp:Policy> 
       </sp:Layout> 
       <sp:IncludeTimestamp/> 
       <sp:EncryptSignature/> 
       <sp:OnlySignEntireHeadersAndBody/> 
      </wsp:Policy> 
     </sp:SymmetricBinding> 
     <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
      <wsp:Policy> 
       <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> 
        <wsp:Policy> 
         <sp:WssUsernameToken10/> 
        </wsp:Policy> 
       </sp:UsernameToken> 
      </wsp:Policy> 
     </sp:SignedSupportingTokens> 
     <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
      <wsp:Policy/> 
     </sp:Wss11> 
     <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
      <wsp:Policy> 
       <sp:MustSupportIssuedTokens/> 
       <sp:RequireClientEntropy/> 
       <sp:RequireServerEntropy/> 
      </wsp:Policy> 
     </sp:Trust10> 
     <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
      <sp:Body /> 
      <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" /> 
      <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" /> 
      <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
      <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
      <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" /> 
      <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
      <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" /> 
     </sp:SignedParts> 
     <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
      <sp:Body /> 
     </sp:EncryptedParts> 
     <wsaw:UsingAddressing/> 
     <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
      <ramp:user>acc1</ramp:user> 
      <ramp:userCertAlias>BasicHttpAuthentication</ramp:userCertAlias> 
      <ramp:encryptionUser>acc1</ramp:encryptionUser> 
      <ramp:passwordCallbackClass>org.wso2.samples.pwcb.PWCBHandler</ramp:passwordCallbackClass> 
      <ramp:TimeToLive>360</ramp:TimeToLive> 
      <ramp:signatureCrypto> 
       <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.file">C:\ESB_HOME\repository\resources\security\cert1.pfx</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">123456</ramp:property> 
       </ramp:crypto> 
      </ramp:signatureCrypto> 
      <ramp:encryptionCypto> 
       <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.file">C:\ESB_HOME\repository\resources\security\cert1.pfx</ramp:property> 
        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">123456</ramp:property> 
       </ramp:crypto> 
      </ramp:encryptionCypto> 
     </ramp:RampartConfig>   
    </wsp:All> 

</wsp:ExactlyOne> 

Answer 1

, 문제가, 축이되도록 내가 변화를 이해하지 못하기 때문에 SSLContextToken를 사용하여 문제가 있음을 것 같다 wsHttpBinding은 다음과 같습니다.

<security mode="Message"> 
    <message clientCredentialType="None" 
     negotiateServiceCredential="false" 
     establishSecurityContext="false"/> 
</security> 

모든 것이 올바르게 작동합니다. 지금은 인증을위한 새로운 방법을 찾아야하지만 적어도 메시지는 Google 인증서로 보호됩니다.