Feeds:
Posts
Comments

Posts Tagged ‘wsclient’

WSO2 wsclient can consume web services from your platforms command line shell. I have already introduced it in my previous entry titled Access security enabled web services from command line and in an article titled Calling web services from the shell

Today I discuss about generating your custom soap messages using wsclient. You may need pre-built custom soap messages for various purposes. For example your performance test tool may need pre-built soap messages in order to generate load for the target server, or you may need to customize each of your message sent to the target server and observe how server react.

Here is a sample usage of wsclient to send a message to target server at http://localhost:8280/services/EchoProxy

./wsclient –action echo –log-level debug –soap –no-mtom http://localhost:8280/services/EchoProxy < ./data/msg.xml

So your input file msg.xml contain

<m:buyStocks xmlns:m=”http://services.samples/xsd”&gt;
<m:order>
<m:symbol>IBM</m:symbol>
<m:buyerID>asankha</m:buyerID>
<m:price>140.34</m:price>
<m:volume>200000</m:volume>
</m:order>
<m:order>
<m:symbol>MSFT</m:symbol>
<m:buyerID>ruwan</m:buyerID>
<m:price>23.56</m:price>
<m:volume>803000</m:volume>
</m:order>
<m:order>
<m:symbol>SUN</m:symbol>
<m:buyerID>indika</m:buyerID>
<m:price>14.56</m:price>
<m:volume>500000000</m:volume>
</m:order>
</m:buyStocks>

Now we want instead of sending that message to the server, dump it to a file.

./wsclient –action echo –log-level debug –soap –no-mtom –soap-dump http://localhost:8281/services/EchoProxy < ./data/msg.xml > output.xml

The trick is –soap-dump option passed to the wsclient.

Here is the message dumped into a file by the wsclient

<soapenv:Envelope xmlns:soapenv=”http://www.w3.org/2003/05/soap-envelope”&gt;
<soapenv:Header xmlns:wsa=”http://www.w3.org/2005/08/addressing”&gt;
<wsa:To>http://localhost:8281/services/EchoProxy</wsa:To&gt;
<wsa:Action>echo</wsa:Action>
<wsa:MessageID>urn:uuid:da14cd20-6820-1df1-2c4f-000000000000</wsa:MessageID>
</soapenv:Header>
<soapenv:Body>
<m:buyStocks xmlns:m=”http://services.samples/xsd”&gt;
<m:order>
<m:symbol>IBM</m:symbol>
<m:buyerID>asankha</m:buyerID>
<m:price>140.34</m:price>
<m:volume>200000</m:volume>
</m:order>
<m:order>
<m:symbol>MSFT</m:symbol>
<m:buyerID>ruwan</m:buyerID>
<m:price>23.56</m:price>
<m:volume>803000</m:volume>
</m:order>
<m:order>
<m:symbol>SUN</m:symbol>
<m:buyerID>indika</m:buyerID>
<m:price>14.56</m:price>
<m:volume>500000000</m:volume>
</m:order>
</m:buyStocks>
</soapenv:Body>
</soapenv:Envelope>

You may argue that you can hand write these messages without going into hassle of downloading and using wsclient to do the task. But the real important usage comes when your target server expect ws secured soap messages. How do you encrypt and/or sign your messages?. wsclient come into rescue.
Say you need to encrypt and sign your message. Here is how you do it in wsclient.

./wsclient –log-level error –no-wsa –soap –no-mtom –sign-body –key $WSFC_HOME/samples/src/rampartc/data/keys/ahome/alice_key.pem –certificate $WSFC_HOME/samples/src/rampartc/data/keys/ahome/alice_cert.cert –recipient-certificate /home/damitha/projects/perftest-framework/wsclient/wso2carbon.pem –encrypt-payload –policy-file ./policy.xml –soap-dump http://localhost:8280/services/EchoProxy < ./data/message1k.xml > output.xml

I can take you one step further by showing how this could be useful when using httperf,  a populer opensource performance testing tool.

Say you need to load your server with signed and encryped timestamped messages with a nonce. Each of your messages should be different. That means your input file to httperf should not contain the same message.

My trick is to generate an input file with as much as different messages by using the following script, which uses wsclient

echo -n "/services/SignEncProxy method=POST contents=\"" > inputfile
./wsclient --log-level error --no-wsa --soap --no-mtom --sign-body --key $WSFC_HOME/samples/src/rampartc/data/keys/ahome/alice_key.pem --certificate $WSFC_HOME/samples/src/rampartc/data/keys/ahome/alice_cert.cert --recipient-certificate /home/damitha/projects/perftest-framework/wsclient/wso2carbon.pem --encrypt-payload --policy-file ./policy.xml --soap-dump http://localhost:8280/services/EchoProxy < ./data/message1k.xml > inputfile_temp
perl -e 'while (<>) { if (! /\|$/ ) { chomp; } print ;}' inputfile_temp >> inputfile

echo -n "\"" >> inputfile
echo "" >> inputfile
echo "" >> inputfile

for i in {1..10}
do
echo -n "/services/SignEncProxy method=POST contents=\"" >> inputfile
./wsclient --log-level error --no-wsa --soap --no-mtom --sign-body --key $WSFC_HOME/samples/src/rampartc/data/keys/ahome/alice_key.pem --certificate $WSFC_HOME/samples/src/rampartc/data/keys/ahome/alice_cert.cert --recipient-certificate /home/damitha/projects/perftest-framework/wsclient/wso2carbon.pem --encrypt-payload --policy-file ./policy.xml --soap-dump http://localhost:8280/services/EchoProxy < ./data/message1k.xml > inputfile_temp
perl -e 'while (<>) { if (! /\|$/ ) { chomp; } print ;}' inputfile_temp >> inputfile

echo -n "\"" >> inputfile
echo "" >> inputfile
echo "" >> inputfile

done
sed s/'"'/'\\\"'/g < inputfile > x
sed s/'Envelope>\\"'/'Envelope\>"'/g < x > y
sed s/'contents=\\"'/'contents="'/g < y > z
cat z > inputfile

rm x y z inputfile_temp

Above script would generate an httperf input file for http post with 11 different soap messages.
In the above example codes and scripts make sure that you replace paths with your own environment.

Advertisements

Read Full Post »

In my article on WSF/C wsclient command line tool I have explained briefly on how Rampart/C is used to provide security for messages sent using wsclient. Here I would like to explain in detail some examples.

I assume you have installed Rampart/C and wsclient as explained in respective documentations. When you install WSF/C both of them get automatically installed.

Service used is the sec_echo sample service which is deployed when you install Rampart/C.

Also you need to set your WSFC_HOME variable to your repository location.

Now execute the script providing the port you wish to run simple axis2 server.

$ cd WSFC_HOME/bin/samples/wsclient

sh sec_echo.sh 9091

Let me explain what happen when you execute this script.

First you need to change the sec_echo/services.xml according to the policy you wish it to have. So the script will copy a services.xml file with the desired policy and restart the server. After that it execute the following command.

$WSFC_HOME/bin/wsclientsoapno-mtomuser alice —digestpassword password —timestamp sign-bodykey /axis2c/deploy/bin/samples/rampart/keys/ahome/alice_key.pem —certificate /axis2c/deploy/bin/samples/rampart/keys/ahome/alice_cert.cert —recipient-certificate /axis2c/deploy/bin/samples/rampart/keys/ahome/bob_cert.cert encrypt-signatureencrypt-payload http://localhost:9090/axis2/services/sec_echo < $WSFC_HOME/bin/samples/wsclient/data/echo.xml

When you closely examine the above command you can see that user alice send a echo message to the service which is signed and encrypted. To sign the body of the message she need her private key which she provide through —key option. To encrypt the body of the message she need the recipients public key which she provide through —recipient-certificate option.  You need to provide public key of alice using option —certificate which is required for verification process. Note that service policy requires you to sign the signature and timestamp the message. The default behaviour of wsclient is to sign the message before encrypting it. If you need to change this behaviour(encrypt before sign) use —encrypt-before-signing option.

Now if you need to run the sample by providing a policy file run the following sample.

$ sh sec_echo_with_policy.sh 9091

The ability to provide a policy file enable the wsclient to provide fine grained security policies required by the service.  Following is the wsclient command used to send the request.

$WSFC_HOME/bin/wsclient —soapno-mtomuser alice —digestpassword password —key /axis2c/deploy/bin/samples/rampart/keys/ahome/alice_key.pem —certificate /axis2c/deploy/bin/samples/rampart/keys/ahome/alice_cert.cert —recipient-certificate /axis2c/deploy/bin/samples/rampart/keys/ahome/bob_cert.cert —policy-file $WSFC_HOME/bin/samples/wsclient/data/policy.xml http://localhost:9090/axis2/services/sec_echo <$WSFC_HOME/bin/samples/wsclient/data/echo.xml

Note that —policy-file option is used to provide the policy xml file. Also since now security policy is provided by policy xml file you don’t need to use wsclient specific options like —timestamp, —sign-body, —encrypt-signature and —encrypt-payload

Read Full Post »