Forum Discussion

ErikLundJensen's avatar
ErikLundJensen
New Contributor
12 years ago

x.509 encryption ref uri is null

I'm using soapUI 4.5 to call a web service secured by sign/encrypt with x.509 certificate.
However, the encrypt SecurityTokenReference contains: <wsse:Reference URI="#null" /> in the soapUI generated request as seen below.

It looks like a bug in soapUI as the error persists even though I change the encrypt configuration in soapUI.
There are no errors in the soapui.log


<soapenv:Body wsu:Id="id-119"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <xenc:EncryptedData Id="ED-121"
   Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
   <xenc:EncryptionMethod
    Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
   <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <wsse:SecurityTokenReference
     wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
     <wsse:Reference URI="#null" />
    </wsse:SecurityTokenReference>
   </ds:KeyInfo>
   <xenc:CipherData>
    <xenc:CipherValue>


soapUI encrypt configuration:
keystore: clientKeystore.jks
alias: publicAlias
password: (empty as alias refs the servers public key, which is added to the clientKeystore)
key identifier type: Binary Security Token

The policy is quite common:


<wsp:Policy 
 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
 xmlns:wsp="http://www.w3.org/ns/ws-policy" 
 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
 wsu:Id="skat-b2b-x509-policy">
    <wsp:ExactlyOne>
      <wsp:All>
        <sp:AsymmetricBinding>
          <wsp:Policy>
            <sp:InitiatorToken>
              <wsp:Policy>
                <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                  <wsp:Policy>
                    <sp:WssX509V1Token11/>
                  </wsp:Policy>
                  </sp:X509Token>
              </wsp:Policy>
            </sp:InitiatorToken>
            <sp:RecipientToken>
              <wsp:Policy>
                <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
                  <wsp:Policy>
                    <sp:WssX509V1Token11/>
                  </wsp:Policy>
                </sp:X509Token>
              </wsp:Policy>
            </sp:RecipientToken>
            <sp:AlgorithmSuite>
              <wsp:Policy>
                <sp:TripleDes/>
              </wsp:Policy>
            </sp:AlgorithmSuite>
            <sp:Layout>
              <wsp:Policy>
                <sp:Lax/>
              </wsp:Policy>
            </sp:Layout>
            <sp:IncludeTimestamp/>            
            <sp:OnlySignEntireHeadersAndBody/>
            <sp:SignBeforeEncrypting/>
          </wsp:Policy>
        </sp:AsymmetricBinding>
    <sp:SignedParts>
           <sp:Body/>
        </sp:SignedParts>
        <sp:EncryptedParts>
          <sp:Body/>
        </sp:EncryptedParts>         
      </wsp:All>
    </wsp:ExactlyOne>
  </wsp:Policy>

1 Reply

Sort By
  • ErikLundJensen's avatar
    ErikLundJensen
    New Contributor
    12 years ago
    The answer is related to the x509 token type. I changed it to version 3 "WssX509V3Token10" in the WSDL (and also change to SOAP 1.2). The reference is now generated correctly by soapUI.
    It looks like soapUI 4.5 does not support the older token versions.