SOAP webservices using WS-Security

Miguel Garcia miguel.garcia at roig.com
Sun Apr 10 22:15:36 UTC 2022


Exactly Rudolf,
We send the message build by Sopaui through  CURL and it works.
To build the massage we need know compute the digest value and the signature value.
I think the question is how calculate the canonical of the xml message to apply sha256.
Regards


> El 9 abr 2022, a las 8:45, Rudolf Bargholz <rudolf at bargholz.ch> escribió:
> 
> Hi Miguel,
> 
> I would use soapui (https://www.soapui.org/downloads/latest-release/) to generate the request and test the response. When you get everything working in SoapUI you can view the raw HTTP request and responses inside of SoapUI to determine what exactly needs to be done in Omnis. If this is then not easy in Omnis you can use cURL to send the request, and call cURL from Omnis. Using this workflow you can test outside of Omnis in a tool where you know for sure that it supports WS-Security based on a certificate, and then reverse engineer in Omnis.
> 
> Regards
> 
> Rudolf Bargholz
> 
> -----Ursprüngliche Nachricht-----
> Von: omnisdev-en <omnisdev-en-bounces at lists.omnis-dev.com> Im Auftrag von Miguel Garcia
> Gesendet: Freitag, 8. April 2022 21:18
> An: OmnisDev List - English <omnisdev-en at lists.omnis-dev.com>
> Betreff: SOAP webservices using WS-Security
> 
> Dear All.
> 
> We have to build an application through OMNIS to send information to the Regional Administration. We have to comunicate the information through SOAP webservices using WS-Security based on a certificate.
> 
> We know how to use a SOAP webservice building a "Web Service Object" 
> using the WIZARD tool. But in this case then WIZARD only allows HTTP basic authentication.
> 
> Also we now how to use SOAP webservice building the xml message and sending it via HTTP POST method.
> 
> We have tested the service importing de WSDL file into SOAPUI and we know what the content of de xml message should be. But we don't know how to get the DigestValue or the Signature value.
> 
> We have tried to apply SHA-1 to the reference that we have to sign encode it to base64 but the DigestValue is not correct.
> 
> Its possible build this in OMNIS?
> 
> Some ideas?
> 
> Best Regards
> 
> PD :
> 
> Example of the message send by SOAPUI :
> 
> <?xml version="1.0"?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
> xmlns:vtc="http://mfom.com/vtc">
>     <soapenv:Header>
>         <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>             <wsse:BinarySecurityToken
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
> wsu:Id="X509-. . . .  . . PUBLIC PART OF THE CERTIFICATE
> 
>             </wsse:BinarySecurityToken>
>             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
> Id="SIG-B824CA2BDE6ED7965D164924150564746">
>                 <ds:SignedInfo>
>                     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
>                         <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soapenv vtc"/>
>                     </ds:CanonicalizationMethod>
>                     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>                     <ds:Reference
> URI="#id-B824CA2BDE6ED7965D164924150559745">
>                         <ds:Transforms>
>                             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
>                                 <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="vtc"/>
>                             </ds:Transform>
>                         </ds:Transforms>
>                         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>4QUunSZKyMcVC0pVu/wtX60wL78=</ds:DigestValue>
>                     </ds:Reference>
>                 </ds:SignedInfo>
> <ds:SignatureValue>NsqRHa6XuRsfYJ+clfWJPMlFTEC2Cx7yv0HDmGoEkZM9r9LGnqEjzWVUxlBnptYWRwJvuZAyH4PQ
> 4hBu8XbZc6/rWL1urU0x4ygJdsriRdNLRconHErAb84ljzyd8g0K4dI/wJTlMqZoOW4YrfVMaWW3
> DW0+64X+siH2bssMhODJKU8k5AJ2G4egvxsv0rK4WzSIpTrkAiOCud+3QI0Cb0ZMVbJ7hGtx
> DW0+64X+siH2bssMhODJKU8k5AJ2G4egvxsv0rK4WzSIpTrkAiOCud+xds1
> 2jUyDojGYGfU9LjulnR/j6LPghnA1M3EkHK6fpPGosmK8zWNw9bJ1mOxCJvxx3NrvWRTPx/9x3Q9
> DPypeNbWX8VWsRLavZxbpY+DxgvlSKrhV9Ey/w==</ds:SignatureValue>
>                 <ds:KeyInfo Id="KI-B824CA2BDE6ED7965D164924150559643">
>                     <wsse:SecurityTokenReference wsu:Id="STR-B824CA2BDE6ED7965D164924150559644">
>                         <wsse:Reference URI="#X509-B824CA2BDE6ED7965D164924150559642" 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
>                     </wsse:SecurityTokenReference>
>                 </ds:KeyInfo>
>             </ds:Signature>
>         </wsse:Security>
>     </soapenv:Header>
>     <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
> wsu:Id="id-B824CA2BDE6ED7965D164924150559745">
>         <vtc:qconsultavtc>
>             <header fecha="2022-04-05T20:00:00" version="1.0" 
> versionsender="1.0"/>
>             <body>
>                 <vtcconsulta idservicio="253000"/>
>             </body>
>         </vtc:qconsultavtc>
>     </soapenv:Body>
> </soapenv:Envelope>
> 
> We have applied SHA1 to soapenv:Body section and after encode the result in to base64 but the result is not a correct digest.
> --
> *Miguel Garcia Segui
> DPTO Informatica
> 971 65 71 73 Ext. 2044*
> 
> 
> _____________________________________________________________
> Manage your list subscriptions at https://lists.omnis-dev.com Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com 
> _____________________________________________________________
> Manage your list subscriptions at https://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com 





More information about the omnisdev-en mailing list