I don't know much about this stuff, but I had a dig around, and here's what I found:
I appreciate the response, JHunt , but I was hoping for a log or some way within SoapUI to actually view the canonicalized string used in generating the hashed value.
Perhaps that could be logged as a feature request for future versions? I'm sure many would appreciate it, not just myself...
SoapUI only uses WSS4J to do create the Signature. As part of generating the signature, WSS4J does the canonicalization. SoapUI never sees the canonicalized version inside it's own code base.
I put this script together by looking at how SoapUI prepares the request, and what WSS4J was doing internally.
import javax.xml.parsers.DocumentBuilderFactory
import org.apache.xml.security.c14n.Canonicalizer
import org.w3c.dom.Document
import org.xml.sax.InputSource
def request = context.testCase.testSteps["Test Request - login"].testRequest
Document doc = {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance()
dbf.setValidating(false)
dbf.setNamespaceAware(true)
return dbf.newDocumentBuilder()
.parse(new InputSource(new StringReader(context.expand(request.requestContent))))
}()
Byte[] canonicalBytes = {
org.apache.xml.security.Init.init()
Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#")
.canonicalizeSubtree(doc.documentElement)
}()
String canonicalBase64 = canonicalBytes.encodeBase64()
String canonicalXml = new String(canonicalBytes)
Create a new Groovy Script test step, put in the script and adjust line 7 with the name of your request. Hopefully I've not omitted any important steps in the preparation.
