xmlsec1 sign failed - id - xml-signature

In the SignInfo node I have
<ds:Reference URI="#Id-132">...
It refers to the node below:
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-132">
Command:
xmlsec1 --sign --output request-signed.xml --privkey-pem privatekey.pem raw_message.xml
I have this error:
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('Id-132'))

To sign with ids references is necessary --id-attr: parameter. Example:
<ds:Reference URI="#Id-132">
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-132">
Command: xmlsec1 --sign --output request-signed.xml --privkey-pem privatekey.pem --id-attr:Id raw_message.xml
More information: https://snippets.aktagon.com/snippets/758-how-to-sign-xml-documents-using-xmldsig-xml-signature-

Related

How do i pull in 2 materials into a stage using GoCD?

I have 2 types of materials:
A static git repo
Artifacts from an upstream pipeline
Down stream i have an AnalysisBuilders that requires both to function. When the task executes, i only seem to have access to the git repository and not the 'web' artifacts.
xml:
<pipeline name="FishAnalysis">
<materials>
<git url="https://fish:XXXXXXX#redacted.com/fish/analysis.git" />
</materials>
<stage name="CommitHandler" cleanWorkingDir="true">
<jobs>
<job name="builder">
<tasks>
<exec command="yarn" workingdir="web">
<arg>install</arg>
<runif status="passed" />
</exec>
<exec command="npm" workingdir="web">
<arg>run</arg>
<arg>build</arg>
</exec>
</tasks>
<artifacts>
<artifact src="web/dist" dest="web" />
<artifact src="web/package.json" dest="web" />
<artifact src="web/node_modules" dest="web" />
<artifact src="web/nginx.conf" dest="web" />
</artifacts>
</job>
</jobs>
</stage>
</pipeline>
.....
<pipeline name="AnalysisBuilders">
<materials>
<pipeline pipelineName="FishAnalysis" stageName="CommitHandler" materialName="FishAnalysis" />
<git url="https://fish:XXXXX#redacted.com/fish/docker.git" dest="docker" materialName="Docker">
</git>
</materials>
<stage name="Builders">
<jobs>
<job name="shellScripts">
<tasks>
<exec command="ls">
<arg>-R</arg>
<arg>.</arg>
<runif status="passed" />
</exec>
</tasks>
</job>
</jobs>
</stage>
</pipeline>
I would expect the ls -R output to have a 'web' & 'docker' folder. It does not. It only has the contents of the docker repo. How do i make both materials available?
Artifacts are not automatically propagated to downstream pipelines. You need to add a fetch artifact task, as shown here:
<tasks>
<fetchartifact pipeline="FishAnalysis" stage="CommitHandler" job="builder" srcdir="web" dest="web">
<runif status="passed" />
</fetchartifact>
<exec command="ls">
...
</exec>
</tasks>
This is because artifacts can be published in multiple upstream jobs and each upstream job can publish different artifacts. Notice that in your upstream material definition in AnalysisBuilders pipeline, you didn't specify a job.
GoCD will ensure that the version of the artifact is correct. That is, it corresponds to the upstream pipeline instance that caused this pipeline to run. Even if you re-run the pipeline sometime later.

java.lang.IllegalArgumentException:An invalid character [34] was present in the Cookie value

This is how my tomcat-users file looks like:
<tomcat-users>
<role rolename="admin"/>
<role rolename="analyst"/>
<role rolename="user"/>
<role rolename="kie-server"/>
<role rolename="developer"/>
<role rolename="manager"/>
<user username="w" password="w" roles="admin"/>
<user username="k" password="k" roles="kie-server"/>
<user username="u" password="u" roles="user,developer,analyst"/>
</tomcat-users>
After entering correct credentials in the KIE IDE WORKBENCH, I get the following exception:
java.lang.IllegalArgumentException: An invalid character [34] was present in the Cookie value
org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateCookieValue(Rfc6265CookieProcessor.java:182)
org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:115)
org.apache.catalina.connector.Response.generateCookieString(Response.java:1019)
org.apache.catalina.connector.Response.addCookie(Response.java:967)
org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
org.uberfire.ext.security.server.SecurityIntegrationFilter.doFilter(SecurityIntegrationFilter.java:61)
CookieProcessor is a new configuration element, introduced in Tomcat 8.0.15.
The CookieProcessor element allows different cookie parsing configuration in each web application, or globally in the default conf/context.xml file.
According to official docs at Apache Tomcat 8 Configuration Reference
Version 8.0.47 :
The standard implementation of CookieProcessor is: org.apache.tomcat.util.http.LegacyCookieProcessor. Note that it is anticipated that this will change to org.apache.tomcat.util.http.Rfc6265CookieProcessor in a future Tomcat 8 release.
Later..
According to official docs at Apache Tomcat 8 Configuration Reference
Version 8.5.23
The standard implementation of CookieProcessor is org.apache.tomcat.util.http.Rfc6265CookieProcessor
To resolve this issue: add this line in conf/context.xml at location %CATALINA_HOME% (i.e. C:\apache-tomcat-8.5.20\conf\context.xml in my case):
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
This is how it looks like after adding:
<?xml version="1.0" encoding="UTF-8"?>
<Context reloadable="true">
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<Transaction factory="bitronix.tm.BitronixUserTransactionObjectFactory"/>
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
</Context>

WSOIS 5.1 roles as comma separated list

WSO2 IS 5.0 returned SAML response with all roles in single AttributeValue as comma separated list. Now the WSO2 IS 5.1 returns all roles as own AttributeValue's.
Is it possible to get 5.1 to return roles as comma separated list in single AttributeValue?
Yes it is possible.
In Identity Server 5.1.0, it returns each role separately like below in the SAML response.
<saml2:Attribute Name="http://wso2.org/claims/role"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>admin</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>Internal/everyone</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>role2</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>role1</saml2:AttributeValue>
</saml2:Attribute>
However, in IS 5.0.0, it was returning the roles in a single attribute as comma separated values like given below.
<saml2:Attribute Name="http://wso2.org/claims/role"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>admin,Internal/everyone,role2,role1</saml2:AttributeValue>
</saml2:Attribute>
In IS 5.1.0, if you want to get the same behavior that retrieving all roles together, you have to add following property to the particular userstore configuration. (two commas).
<Property name="MultiAttributeSeparator">,,</Property>
If it is the primary userstore, you can add it to user-mgt.xml file. If it is a secondary userstore, you can add this property to the particular configuration file in repository/deployment/server/userstores/ location.
I have explained this in the blog post [1].
[1] http://tharindue.blogspot.com/2016/09/saml-multi-valued-attributes-in-wso2.html

Prestashop Webservices - Property OrderDetail->product_price is empty on order creation

I'm trying to create orders thanks to Prestashop WebServices. I successfully created Customers, Addresses and Carts but Order creation is crashing. Here is the error I get using the following curl request :
curl -i -X POST -d #tmpOrder.text http://secretKey#localhost:8888/api/orders
Property OrderDetail->product_price is empty
Here are the XML files I use to create my cart (and trying to create my order.
tmpCart.text
<?xml version="1.0" encoding="UTF-8"?>
<prestashop xmlns:xlink="http://www.w3.org/1999/xlink">
<cart>
<id></id>
<id_address_delivery>6</id_address_delivery>
<id_address_invoice>6</id_address_invoice>
<id_currency>1</id_currency>
<id_customer>2</id_customer>
<id_guest></id_guest>
<id_lang>1</id_lang>
<id_shop_group>1</id_shop_group>
<id_shop>1</id_shop>
<id_carrier>2</id_carrier>
<recyclable></recyclable>
<gift></gift>
<gift_message></gift_message>
<mobile_theme></mobile_theme>
<delivery_option></delivery_option>
<secure_key></secure_key>
<allow_seperated_package></allow_seperated_package>
<date_add></date_add>
<date_upd></date_upd>
<associations>
<cart_rows>
<cart_row>
<id_product>2</id_product>
<product_price>26.999852</product_price>
<id_product_attribute>1</id_product_attribute>
<id_address_delivery>6</id_address_delivery>
<quantity>2</quantity>
</cart_row>
</cart_rows>
</associations>
</cart>
</prestashop>
tmpOrder.txt
<prestashop xmlns:xlink="http://www.w3.org/1999/xlink">
<order>
<id></id>
<id_address_delivery>6</id_address_delivery>
<id_address_invoice>6</id_address_invoice>
<id_cart>42</id_cart>
<id_currency>1</id_currency>
<id_lang>1</id_lang>
<id_customer>2</id_customer>
<id_carrier>2</id_carrier>
<current_state>1</current_state>
<module>cheque</module>
<payment>Chèque</payment>
<total_paid>1</total_paid>
<total_paid_real>54</total_paid_real>
<total_products>2</total_products>
<total_products_wt>54</total_products_wt>
<conversion_rate>1</conversion_rate>
<reference></reference>
<associations>
<order_rows>
<order_row>
<id></id>
<product_id>2</product_id>
<product_attribute_id>1</product_attribute_id>
<product_quantity>2</product_quantity>
<product_name>TEST</product_name>
<product_reference></product_reference>
<product_ean13></product_ean13>
<product_upc></product_upc>
<product_price>26.999852</product_price>
<unit_price_tax_incl>26.999852</unit_price_tax_incl>
<unit_price_tax_excl>26.999852</unit_price_tax_excl>
</order_row>
</order_rows>
</associations>
</order>
</prestashop>
I finally found out what is wrong. It seems that the product_attribute_id of my product was wrong. Therefore, it was looking for an inexistent price in the prices array.

Axis2 exception org.apache.axis2.AxisFault: string using stub

I'm trying to create a WS, deploy it in Tomcat, inside a webapplication and use a stub to call it.
I'm using this interface as a base for the WSDL:
package com.at.iscrizio.ws.services;
public interface SalutareService {
public String sayciao(String name);
}
and this script to generate the wsdl file, the server and deploy files and the client-side files:
set WSDL_FILE=SalutareService.wsdl
set TO_WSDL=%AXIS2_HOME%/bin/java2wsdl.bat
set TO_JAVA=%AXIS2_HOME%/bin/wsdl2java.bat
set CLASS=com.at.iscrizio.ws.services.SalutareService
set SOAP_ADDR=http://localhost:9090/Iscrizio/services/SalutareServiceEx
call %TO_WSDL% -cp build/classes -o ./wsdl -of %WSDL_FILE% -cn %CLASS% -l %SOAP_ADDR%
call %TO_JAVA% -uri wsdl/%WSDL_FILE% -S generated -o axis -ss -sd -ssi --noWSDL
call %TO_JAVA% -uri wsdl/%WSDL_FILE% -S generated -o axis
This is my WS implementation
package com.at.iscrizio.ws.services;
public class SalutareServiceEx implements SalutareServiceSkeletonInterface {
#Override
public SayciaoResponse sayciao(Sayciao sayciao) {
SayciaoResponse resp = new SayciaoResponse();
resp.set_return("Ciao");
return resp;
}
}
this is my service.xml (a little bit different from the one that the standard axis build.xml generated, just to change the ServiceClass):
<?xml version="1.0" encoding="UTF-8"?>
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: 1.6.1 Built on : Aug 31, 2011 (12:22:40 CEST) -->
<serviceGroup>
<service name="SalutareServiceEx">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-out" class="com.at.iscrizio.ws.services.SalutareServiceMessageReceiverInOut"/>
</messageReceivers>
<parameter name="ServiceClass">com.at.iscrizio.ws.services.SalutareServiceEx</parameter>
<parameter name="useOriginalwsdl">true</parameter>
<parameter name="modifyUserWSDLPortAddress">true</parameter>
<operation name="sayciao" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://services.ws.iscrizio.at.com">
<actionMapping>urn:sayciao</actionMapping>
<outputActionMapping>urn:sayciaoResponse</outputActionMapping>
</operation>
</service>
</serviceGroup>
Inside server-config.wsdd, I have:
<handler name="Trace" type="java:com.at.iscrizio.ws.handler.TraceHandler"/>
<service name="SalutareServiceEx" provider="java:RPC">
<requestFlow>
<handler type="Trace"/>
</requestFlow>
<parameter name="allowedMethods" value="sayciao"/>
<parameter name="scope" value="Request"/>
<parameter name="className" value="com.at.iscrizio.ws.services.SalutareServiceEx"/>
</service>
I'm able to see the page http://localhost:9090/Iscrizio/services/SalutareServiceEx?wsdl
We're almost at the end...With this piece of code, i'm using the stub to call the ws:
SalutareServiceStub stub = new SalutareServiceStub();
SalutareServiceStub.Sayciao param = new SalutareServiceStub.Sayciao();
param.setName("Antonio");
SalutareServiceStub.SayciaoResponse resp = stub.sayciao(param);
System.out.println(resp);
the request pass through my handler (the one defined inside the wsdd), I can see using the remote debug.
Using TCPMon, i saw my request:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<ns1:sayciao xmlns:ns1="http://services.ws.iscrizio.at.com">
<ns1:name>Antonio</ns1:name>
</ns1:sayciao>
</soapenv:Body>
</soapenv:Envelope>
and the ws response:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema- instance">
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Sender</soapenv:Value>
<soapenv:Subcode xmlns:ns1="http://www.w3.org/2003/05/soap-rpc">
<soapenv:Value>ns1:BadArguments</soapenv:Value>
</soapenv:Subcode>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en">string</soapenv:Text>
</soapenv:Reason>
<soapenv:Detail>
<ns2:hostname xmlns:ns2="http://xml.apache.org/axis/">anto-note</ns2:hostname>
</soapenv:Detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
This is the stack trace:
Exception in thread "main" org.apache.axis2.AxisFault: string
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at com.at.iscrizio.ws.services.SalutareServiceStub.sayciao(SalutareServiceStub.java:185)
at com.at.iscrizio.ws.client.TestClient.main(TestClient.java:25)
Where is the problem? Excuse me for the huge post, thanks to all
At least you know that it's the server end that had the problem. The req that soapui is generating is different from your orig req? Sounds strange but soapui is usually right. Personally I would debug the server end and try to figure out where it's going wrong eg set some exception breakpoints