Forum Discussion
I don't know much about this stuff, but I had a dig around, and here's what I found:
- SoapUI uses wss4j. So check out the WSSecSignature class from that package.
- Here's where SoapUI calls it. (ImprovedWSSecSignature extends WSSecSignature and doesn't change much).
- Magua6 years agoNew Contributor
I appreciate the response, JHunt , but I was hoping for a log or some way within SoapUI to actually view the canonicalized string used in generating the hashed value.
Perhaps that could be logged as a feature request for future versions? I'm sure many would appreciate it, not just myself...
- JHunt6 years agoCommunity Hero
SoapUI only uses WSS4J to do create the Signature. As part of generating the signature, WSS4J does the canonicalization. SoapUI never sees the canonicalized version inside it's own code base.
I put this script together by looking at how SoapUI prepares the request, and what WSS4J was doing internally.
import javax.xml.parsers.DocumentBuilderFactory import org.apache.xml.security.c14n.Canonicalizer import org.w3c.dom.Document import org.xml.sax.InputSource def request = context.testCase.testSteps["Test Request - login"].testRequest Document doc = { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance() dbf.setValidating(false) dbf.setNamespaceAware(true) return dbf.newDocumentBuilder() .parse(new InputSource(new StringReader(context.expand(request.requestContent)))) }() Byte[] canonicalBytes = { org.apache.xml.security.Init.init() Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#") .canonicalizeSubtree(doc.documentElement) }() String canonicalBase64 = canonicalBytes.encodeBase64() String canonicalXml = new String(canonicalBytes)
Create a new Groovy Script test step, put in the script and adjust line 7 with the name of your request. Hopefully I've not omitted any important steps in the preparation.
Related Content
Recent Discussions
- 15 years ago