AW: SOAP webservices using WS-Security

Rudolf Bargholz rudolf at bargholz.ch
Sat Apr 9 06:44:51 UTC 2022


Hi Miguel,

I would use soapui (https://www.soapui.org/downloads/latest-release/) to generate the request and test the response. When you get everything working in SoapUI you can view the raw HTTP request and responses inside of SoapUI to determine what exactly needs to be done in Omnis. If this is then not easy in Omnis you can use cURL to send the request, and call cURL from Omnis. Using this workflow you can test outside of Omnis in a tool where you know for sure that it supports WS-Security based on a certificate, and then reverse engineer in Omnis.

Regards

Rudolf Bargholz

-----Ursprüngliche Nachricht-----
Von: omnisdev-en <omnisdev-en-bounces at lists.omnis-dev.com> Im Auftrag von Miguel Garcia
Gesendet: Freitag, 8. April 2022 21:18
An: OmnisDev List - English <omnisdev-en at lists.omnis-dev.com>
Betreff: SOAP webservices using WS-Security

Dear All.

We have to build an application through OMNIS to send information to the Regional Administration. We have to comunicate the information through SOAP webservices using WS-Security based on a certificate.

We know how to use a SOAP webservice building a "Web Service Object" 
using the WIZARD tool. But in this case then WIZARD only allows HTTP basic authentication.

Also we now how to use SOAP webservice building the xml message and sending it via HTTP POST method.

We have tested the service importing de WSDL file into SOAPUI and we know what the content of de xml message should be. But we don't know how to get the DigestValue or the Signature value.

We have tried to apply SHA-1 to the reference that we have to sign encode it to base64 but the DigestValue is not correct.

Its possible build this in OMNIS?

Some ideas?

Best Regards

PD :

Example of the message send by SOAPUI :

<?xml version="1.0"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:vtc="http://mfom.com/vtc">
     <soapenv:Header>
         <wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
             <wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
wsu:Id="X509-. . . .  . . PUBLIC PART OF THE CERTIFICATE

             </wsse:BinarySecurityToken>
             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
Id="SIG-B824CA2BDE6ED7965D164924150564746">
                 <ds:SignedInfo>
                     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                         <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv vtc"/>
                     </ds:CanonicalizationMethod>
                     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                     <ds:Reference
URI="#id-B824CA2BDE6ED7965D164924150559745">
                         <ds:Transforms>
                             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                 <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="vtc"/>
                             </ds:Transform>
                         </ds:Transforms>
                         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4QUunSZKyMcVC0pVu/wtX60wL78=</ds:DigestValue>
                     </ds:Reference>
                 </ds:SignedInfo>
<ds:SignatureValue>NsqRHa6XuRsfYJ+clfWJPMlFTEC2Cx7yv0HDmGoEkZM9r9LGnqEjzWVUxlBnptYWRwJvuZAyH4PQ
4hBu8XbZc6/rWL1urU0x4ygJdsriRdNLRconHErAb84ljzyd8g0K4dI/wJTlMqZoOW4YrfVMaWW3
DW0+64X+siH2bssMhODJKU8k5AJ2G4egvxsv0rK4WzSIpTrkAiOCud+3QI0Cb0ZMVbJ7hGtx
DW0+64X+siH2bssMhODJKU8k5AJ2G4egvxsv0rK4WzSIpTrkAiOCud+xds1
2jUyDojGYGfU9LjulnR/j6LPghnA1M3EkHK6fpPGosmK8zWNw9bJ1mOxCJvxx3NrvWRTPx/9x3Q9
DPypeNbWX8VWsRLavZxbpY+DxgvlSKrhV9Ey/w==</ds:SignatureValue>
                 <ds:KeyInfo Id="KI-B824CA2BDE6ED7965D164924150559643">
                     <wsse:SecurityTokenReference wsu:Id="STR-B824CA2BDE6ED7965D164924150559644">
                         <wsse:Reference URI="#X509-B824CA2BDE6ED7965D164924150559642" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                     </wsse:SecurityTokenReference>
                 </ds:KeyInfo>
             </ds:Signature>
         </wsse:Security>
     </soapenv:Header>
     <soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="id-B824CA2BDE6ED7965D164924150559745">
         <vtc:qconsultavtc>
             <header fecha="2022-04-05T20:00:00" version="1.0" 
versionsender="1.0"/>
             <body>
                 <vtcconsulta idservicio="253000"/>
             </body>
         </vtc:qconsultavtc>
     </soapenv:Body>
</soapenv:Envelope>

We have applied SHA1 to soapenv:Body section and after encode the result in to base64 but the result is not a correct digest.
--
*Miguel Garcia Segui
DPTO Informatica
971 65 71 73 Ext. 2044*


_____________________________________________________________
Manage your list subscriptions at https://lists.omnis-dev.com Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com 


More information about the omnisdev-en mailing list