SOAP webservices using WS-Security

Kelly Burgess kellyb at
Fri Apr 8 21:24:15 UTC 2022

Hi Miguel,

I'm just working on an interface, not SOAP, but I have to send an SHA1 digest in a header.

>We have applied SHA1 to soapenv:Body section

I'm guessing that you'd only want to apply it to what's inside the <body> tag, and not to the whole section with surrounding tags.  Just a guess.

I'm using my stringJockey xcomp to get the digest.  There's also an SHA1 function in Doug Easterbrook's TMObjs xcomp, and there's an algorithm written in Omnis that you can find in the list archives.

Here's how I generate the header.  Note the convention of appending the base64 string to an 'sha=' prefix:

Calculate digestAsHex as stringjockey.$sha1digest(pBinary)     ;; get the digest as a 40-char hex string
Calculate digestAsBin as binfromhex(digestAsHex)     ;; get the 20-byte binary digest
Calculate encodedDigest as stringjockey.$base64encode(digestAsBin)     ;; get the base64-encoded form of the 20-byte digest
Do headerList.$add('digest',con('sha=',encodedDigest))     ;; required header containing SHA1 digest of the file. The SHA1 digest must be Base64 encoded.

Hope it helps,


More information about the omnisdev-en mailing list