diff --git a/README.md b/README.md index 17424dd..2ba40d2 100644 --- a/README.md +++ b/README.md @@ -85,9 +85,9 @@ The SOAP client module introduces a robust framework for configuring security me There are two primary security configurations available for SOAP clients: -- `inboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. +- `outboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. -- `outboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. +- `inboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. ### Policies @@ -133,7 +133,7 @@ These policies empower SOAP clients to enhance the security of their web service #### Outbound Security Configurations -- `OutboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. +- `InboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. - Fields: - `crypto:PublicKey` verificationKey : The public key to verify the signature of the SOAP envelope - `crypto:PrivateKey`|`crypto:PublicKey` decryptionKey : The private key to decrypt the SOAP envelope @@ -153,7 +153,7 @@ import ballerina/soap.soap11; public function main() returns error? { soap11:Client soapClient = check new ("https://www.secured-soap-endpoint.com", { - inboundSecurity: [ + outboundSecurity: [ { username: "username", password: "password", @@ -190,13 +190,13 @@ public function main() returns error? { soap12:Client soapClient = check new ("https://www.secured-soap-endpoint.com", { - inboundSecurity: { + outboundSecurity: { signatureAlgorithm: soap:RSA_SHA256, encryptionAlgorithm: soap:RSA_ECB, signatureKey: clientPrivateKey, encryptionKey: serverPublicKey, }, - outboundSecurity: { + inboundSecurity: { verificationKey: serverPublicKey, signatureAlgorithm: soap:RSA_SHA256, decryptionKey: clientPrivateKey, diff --git a/ballerina/Module.md b/ballerina/Module.md index f7aa647..4c5718a 100644 --- a/ballerina/Module.md +++ b/ballerina/Module.md @@ -77,9 +77,9 @@ The SOAP client module introduces a robust framework for configuring security me There are two primary security configurations available for SOAP clients: -- `inboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. +- `outboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. -- `outboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. +- `inboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. ### Policies @@ -125,7 +125,7 @@ These policies empower SOAP clients to enhance the security of their web service #### Outbound Security Configurations -- `OutboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. +- `InboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. - Fields: - `crypto:PublicKey` verificationKey : The public key to verify the signature of the SOAP envelope - `crypto:PrivateKey`|`crypto:PublicKey` decryptionKey : The private key to decrypt the SOAP envelope @@ -145,7 +145,7 @@ import ballerina/soap.soap11; public function main() returns error? { soap11:Client soapClient = check new ("https://www.secured-soap-endpoint.com", { - inboundSecurity: [ + outboundSecurity: [ { username: "username", password: "password", @@ -182,13 +182,13 @@ public function main() returns error? { soap12:Client soapClient = check new ("https://www.secured-soap-endpoint.com", { - inboundSecurity: { + outboundSecurity: { signatureAlgorithm: soap:RSA_SHA256, encryptionAlgorithm: soap:RSA_ECB, signatureKey: clientPrivateKey, encryptionKey: serverPublicKey, }, - outboundSecurity: { + inboundSecurity: { verificationKey: serverPublicKey, signatureAlgorithm: soap:RSA_SHA256, decryptionKey: clientPrivateKey, diff --git a/ballerina/Package.md b/ballerina/Package.md index 9b4ce35..d9959ae 100644 --- a/ballerina/Package.md +++ b/ballerina/Package.md @@ -77,9 +77,9 @@ The SOAP client module introduces a robust framework for configuring security me There are two primary security configurations available for SOAP clients: -- `inboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. +- `outboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. -- `outboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. +- `inboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. ### Policies @@ -125,7 +125,7 @@ These policies empower SOAP clients to enhance the security of their web service #### Outbound Security Configurations -- `OutboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. +- `InboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. - Fields: - `crypto:PublicKey` verificationKey : The public key to verify the signature of the SOAP envelope - `crypto:PrivateKey`|`crypto:PublicKey` decryptionKey : The private key to decrypt the SOAP envelope @@ -145,7 +145,7 @@ import ballerina/soap.soap11; public function main() returns error? { soap11:Client soapClient = check new ("https://www.secured-soap-endpoint.com", { - inboundSecurity: [ + outboundSecurity: [ { username: "username", password: "password", @@ -182,13 +182,13 @@ public function main() returns error? { soap12:Client soapClient = check new ("https://www.secured-soap-endpoint.com", { - inboundSecurity: { + outboundSecurity: { signatureAlgorithm: soap:RSA_SHA256, encryptionAlgorithm: soap:RSA_ECB, signatureKey: clientPrivateKey, encryptionKey: serverPublicKey, }, - outboundSecurity: { + inboundSecurity: { verificationKey: serverPublicKey, signatureAlgorithm: soap:RSA_SHA256, decryptionKey: clientPrivateKey, diff --git a/ballerina/configs.bal b/ballerina/configs.bal index 85d067e..8242714 100644 --- a/ballerina/configs.bal +++ b/ballerina/configs.bal @@ -19,10 +19,10 @@ import ballerina/http; # SOAP client configurations. # # + httpConfig - HTTP Configuration -# + inboundSecurity - Web service security configurations for SOAP requests -# + outboundSecurity - Web service security configurations to decrypt and verify SOAP responses +# + outboundSecurity - Web service security configurations for SOAP requests +# + inboundSecurity - Web service security configurations to decrypt and verify SOAP responses public type ClientConfig record {| http:ClientConfiguration httpConfig = {}; - InboundSecurityConfig|InboundSecurityConfig[] inboundSecurity = NO_POLICY; - OutboundSecurityConfig outboundSecurity = {}; + OutboundSecurityConfig|OutboundSecurityConfig[] outboundSecurity = NO_POLICY; + InboundSecurityConfig inboundSecurity = {}; |}; diff --git a/ballerina/modules/soap11/Module.md b/ballerina/modules/soap11/Module.md index 6d34c9f..4c0a972 100644 --- a/ballerina/modules/soap11/Module.md +++ b/ballerina/modules/soap11/Module.md @@ -69,9 +69,9 @@ The SOAP client module introduces a robust framework for configuring security me There are two primary security configurations available for SOAP clients: -- `inboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. +- `outboundSecurity`: This configuration is applied to the SOAP envelope when a request is made. It includes various ws security policies such as Username Token, Timestamp Token, X509 Token, Symmetric Binding, Asymmetric Binding, and Transport Binding, either individually or in combination with each other. -- `outboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. +- `inboundSecurity`: This configuration is applied to the SOAP envelope when a response is received. Its purpose is to decrypt the data within the envelope and verify the digital signature for security validation. ### Policies @@ -117,7 +117,7 @@ These policies empower SOAP clients to enhance the security of their web service #### Outbound Security Configurations -- `OutboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. +- `InboundSecurityConfig`: Represents the record for outbound security configurations to verify and decrypt SOAP envelopes. - Fields: - `crypto:PublicKey` verificationKey : The public key to verify the signature of the SOAP envelope - `crypto:PrivateKey`|`crypto:PublicKey` decryptionKey : The private key to decrypt the SOAP envelope @@ -141,13 +141,13 @@ public function main() returns error? { soap11:Client soapClient = check new ("http://www.secured-soap-endpoint.com", { - inboundSecurity: { + outboundSecurity: { signatureAlgorithm: soap:RSA_SHA256, encryptionAlgorithm: soap:RSA_ECB, signatureKey: clientPrivateKey, encryptionKey: serverPublicKey, }, - outboundSecurity: { + inboundSecurity: { verificationKey: serverPublicKey, signatureAlgorithm: soap:RSA_SHA256, decryptionKey: clientPrivateKey, diff --git a/ballerina/modules/soap11/soap11.bal b/ballerina/modules/soap11/soap11.bal index f6f5979..c33e59a 100644 --- a/ballerina/modules/soap11/soap11.bal +++ b/ballerina/modules/soap11/soap11.bal @@ -23,8 +23,8 @@ import ballerina/jballerina.java; # Object for the basic SOAP 1.1 client endpoint. public isolated client class Client { private final http:Client soapClient; - private final readonly & soap:InboundSecurityConfig|soap:InboundSecurityConfig[] inboundSecurity; - private final readonly & soap:OutboundSecurityConfig outboundSecurity; + private final readonly & soap:OutboundSecurityConfig|soap:OutboundSecurityConfig[] outboundSecurity; + private final readonly & soap:InboundSecurityConfig inboundSecurity; # Gets invoked during object initialization. # @@ -36,8 +36,8 @@ public isolated client class Client { check soap:validateTransportBindingPolicy(config); self.soapClient = check new (url, config.httpConfig); readonly & soap:ClientConfig readonlyConfig = soap:getReadOnlyClientConfig(config); - self.inboundSecurity = readonlyConfig.inboundSecurity; self.outboundSecurity = readonlyConfig.outboundSecurity; + self.inboundSecurity = readonlyConfig.inboundSecurity; } on fail var err { return error Error(SOAP_CLIENT_ERROR, err); } @@ -71,7 +71,7 @@ public isolated client class Client { xml mimeEntity = body is xml ? body : check body[0].getXml(); lock { xml envelope = body is xml ? body.clone() : mimeEntity.clone(); - securedBody = check soap:applySecurityPolicies(self.inboundSecurity.clone(), envelope.clone(), false); + securedBody = check soap:applySecurityPolicies(self.outboundSecurity.clone(), envelope.clone(), false); } xml|mime:Entity[] response; if body is mime:Entity[] { @@ -81,13 +81,13 @@ public isolated client class Client { response = check soap:sendReceive(securedBody, self.soapClient, action, headers, path, false); } lock { - soap:OutboundSecurityConfig? outboundSecurity = self.outboundSecurity.clone(); + soap:InboundSecurityConfig? inboundSecurity = self.inboundSecurity.clone(); do { - if outboundSecurity is soap:OutboundSecurityConfig && outboundSecurity != {} { + if inboundSecurity is soap:InboundSecurityConfig && inboundSecurity != {} { if response is xml { - return check soap:applyOutboundConfig(outboundSecurity.clone(), response.clone(), false); + return check soap:applyOutboundConfig(inboundSecurity.clone(), response.clone(), false); } else { - return check soap:applyOutboundConfig(outboundSecurity.clone(), + return check soap:applyOutboundConfig(inboundSecurity.clone(), check response[0].getXml().clone(), false); } } @@ -119,7 +119,7 @@ public isolated client class Client { xml mimeEntity = body is xml ? body : check body[0].getXml(); lock { xml envelope = body is xml ? body.clone() : mimeEntity.clone(); - securedBody = check soap:applySecurityPolicies(self.inboundSecurity.clone(), envelope.clone(), false); + securedBody = check soap:applySecurityPolicies(self.outboundSecurity.clone(), envelope.clone(), false); } return check soap:sendOnly(securedBody, self.soapClient, action, headers, path, false); } on fail error soapError { diff --git a/ballerina/modules/soap11/tests/soap11_client_test.bal b/ballerina/modules/soap11/tests/soap11_client_test.bal index 2bbe88d..979a908 100644 --- a/ballerina/modules/soap11/tests/soap11_client_test.bal +++ b/ballerina/modules/soap11/tests/soap11_client_test.bal @@ -209,8 +209,8 @@ function testSendOnlyError() returns error? { function testSendReceive() returns error? { Client soapClient = check new ("http://localhost:9090", { - inboundSecurity: NO_POLICY, - outboundSecurity: {} + outboundSecurity: NO_POLICY, + inboundSecurity: {} } ); @@ -235,8 +235,8 @@ function testSendReceive() returns error? { function testSendReceiveWithInvalidAction() returns error? { Client soapClient = check new ("http://localhost:9090", { - inboundSecurity: NO_POLICY, - outboundSecurity: {} + outboundSecurity: NO_POLICY, + inboundSecurity: {} } ); @@ -287,7 +287,7 @@ function testSendReceiveWithHeaders() returns error? { } function testTransportBindingError() returns error? { Client|Error soapClient = new ("http://localhost:9090", - inboundSecurity = TRANSPORT_BINDING + outboundSecurity = TRANSPORT_BINDING ); test:assertTrue(soapClient is Error); test:assertEquals((soapClient).message(), SOAP_CLIENT_ERROR); @@ -298,7 +298,7 @@ function testTransportBindingError() returns error? { } function testTransportBindingError2() returns error? { Client|Error soapClient = new ("http://localhost:9090", - inboundSecurity = [ + outboundSecurity = [ TRANSPORT_BINDING ] ); @@ -332,7 +332,7 @@ function testSendReceiveError() returns error? { function testSendReceiveWithTimestampTokenSecurity() returns error? { Client soapClient = check new ("http://localhost:9091", { - inboundSecurity: [ + outboundSecurity: [ { timeToLive: 600 } @@ -364,12 +364,12 @@ function testSendReceiveWithTimestampTokenSecurity() returns error? { function testSendReceiveWithUsernameTokenSecurity() returns error? { Client soapClient = check new ("http://localhost:9091", { - inboundSecurity: { + outboundSecurity: { username: "user", password: "password", passwordType: soap:TEXT }, - outboundSecurity: {} + inboundSecurity: {} } ); xml body = xml `soapClient).message(), SOAP_CLIENT_ERROR); } @@ -331,7 +331,7 @@ function testTransportBindingError() returns error? { } function testTransportBindingError2() returns error? { Client|Error soapClient = new ("http://localhost:9091", - inboundSecurity = [ + outboundSecurity = [ TRANSPORT_BINDING ] ); @@ -365,7 +365,7 @@ function testSendReceiveError() returns error? { function testSendReceiveWithTimestampTokenSecurity() returns error? { Client soapClient = check new ("http://localhost:9091", { - inboundSecurity: [ + outboundSecurity: [ { timeToLive: 600 } @@ -399,12 +399,12 @@ function testSendReceiveWithTimestampTokenSecurity() returns error? { function testSendReceiveWithUsernameTokenSecurity() returns error? { Client soapClient = check new ("http://localhost:9091", { - inboundSecurity: { + outboundSecurity: { username: "user", password: "password", passwordType: soap:TEXT }, - outboundSecurity: {} + inboundSecurity: {} } ); xml body = xml `