SOAP webservices using WS-Security

Miguel Garcia miguel.garcia at roig.com
Fri Apr 8 19:17:38 UTC 2022


Dear All.

We have to build an application through OMNIS to send information to the 
Regional Administration. We have to comunicate the information through 
SOAP webservices using WS-Security based on a certificate.

We know how to use a SOAP webservice building a "Web Service Object" 
using the WIZARD tool. But in this case then WIZARD only allows HTTP 
basic authentication.

Also we now how to use SOAP webservice building the xml message and 
sending it via HTTP POST method.

We have tested the service importing de WSDL file into SOAPUI and we 
know what the content of de xml message should be. But we don't know how 
to get the DigestValue or the Signature value.

We have tried to apply SHA-1 to the reference that we have to sign 
encode it to base64 but the DigestValue is not correct.

Its possible build this in OMNIS?

Some ideas?

Best Regards

PD :

Example of the message send by SOAPUI :

<?xml version="1.0"?>
<soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:vtc="http://mfom.com/vtc">
     <soapenv:Header>
         <wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
             <wsse:BinarySecurityToken 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
wsu:Id="X509-. . . .  . . PUBLIC PART OF THE CERTIFICATE

             </wsse:BinarySecurityToken>
             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
Id="SIG-B824CA2BDE6ED7965D164924150564746">
                 <ds:SignedInfo>
                     <ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                         <ec:InclusiveNamespaces 
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv 
vtc"/>
                     </ds:CanonicalizationMethod>
                     <ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                     <ds:Reference 
URI="#id-B824CA2BDE6ED7965D164924150559745">
                         <ds:Transforms>
                             <ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                 <ec:InclusiveNamespaces 
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="vtc"/>
                             </ds:Transform>
                         </ds:Transforms>
                         <ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4QUunSZKyMcVC0pVu/wtX60wL78=</ds:DigestValue>
                     </ds:Reference>
                 </ds:SignedInfo>
<ds:SignatureValue>NsqRHa6XuRsfYJ+clfWJPMlFTEC2Cx7yv0HDmGoEkZM9r9LGnqEjzWVUxlBnptYWRwJvuZAyH4PQ
4hBu8XbZc6/rWL1urU0x4ygJdsriRdNLRconHErAb84ljzyd8g0K4dI/wJTlMqZoOW4YrfVMaWW3
DW0+64X+siH2bssMhODJKU8k5AJ2G4egvxsv0rK4WzSIpTrkAiOCud+3QI0Cb0ZMVbJ7hGtxxds1
2jUyDojGYGfU9LjulnR/j6LPghnA1M3EkHK6fpPGosmK8zWNw9bJ1mOxCJvxx3NrvWRTPx/9x3Q9
DPypeNbWX8VWsRLavZxbpY+DxgvlSKrhV9Ey/w==</ds:SignatureValue>
                 <ds:KeyInfo Id="KI-B824CA2BDE6ED7965D164924150559643">
                     <wsse:SecurityTokenReference 
wsu:Id="STR-B824CA2BDE6ED7965D164924150559644">
                         <wsse:Reference 
URI="#X509-B824CA2BDE6ED7965D164924150559642" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                     </wsse:SecurityTokenReference>
                 </ds:KeyInfo>
             </ds:Signature>
         </wsse:Security>
     </soapenv:Header>
     <soapenv:Body 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="id-B824CA2BDE6ED7965D164924150559745">
         <vtc:qconsultavtc>
             <header fecha="2022-04-05T20:00:00" version="1.0" 
versionsender="1.0"/>
             <body>
                 <vtcconsulta idservicio="253000"/>
             </body>
         </vtc:qconsultavtc>
     </soapenv:Body>
</soapenv:Envelope>

We have applied SHA1 to soapenv:Body section and after encode the result 
in to base64 but the result is not a correct digest.
-- 
*Miguel Garcia Segui
DPTO Informatica
971 65 71 73 Ext. 2044*




More information about the omnisdev-en mailing list