Oracle OWSM wss11_message_protection_service_policy Policy -Testing via SOAPUI
Hello,
I face an issue testing Web Service has OWSM wss11_message_protection_service_policy Policy, via SOAPUI.
I successfully test it via Java Client developed by jDeveloper.
But I fail to test it via SOAPUI.
As per policy description, OWSM wss11_message_protection_service_policy Policy does the following:
It is, message integrity and message confidentiality for inbound SOAP requests in accordance with the WS-Security 1.1 standard.
Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies:
- RSA key mechanisms for message confidentiality ,
- SHA-1 hashing algorithm for message integrity ,
- AES-128 bit encryption.
As per my knowledge, we should configure outgoing WS security : Timestamp, Encryption and Signature.
I think that the main issue is with the signature part, as we don't need to generate new key, but to use the already generated key in the encryption part (EncryptedKey) by the provided server certificate (public key), and then to reference this key in the signature part.
so that the main question is that what is the key identifier type to be used in signature config to inform SOAPUI not to generate new key and to use the already existent key generated in the encryption step ?
below find successful request message .. as seen, for encryption, for SecurityTokenReference, it uses KeyIdentifier with ValueType = ThumbprintSHA1.
and for signing, it refer to the already existent EncryptedKey by using SecurityTokenReference with Reference with ValueType = EncryptedKey.
The question, is how to generate such below sample request with SOAPUI ?
<?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsu:Timestamp wsu:Id="Timestamp-yyTgtYX6I5MVLa2FbmoNSQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2015-12-13T14:10:21Z</wsu:Created> <wsu:Expires>2015-12-13T14:15:21Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EK-ZBxRx8IdiUdW7Ota5jNouA22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" /> </xenc:EncryptionMethod> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsu:Id="STR-8j8GrzYhOwKXqWTXFjmtpQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XfDPshVltIUk3F+ANKhur+qFxs4=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime"> lNZ4n5U2FZYlwnP82KL/7m3D7sbinTjtOpJ+g0ljZ9vJo+Nrhqu3hCyDDSM168t3liF025fNLmqq +5eZdBR/867in+4x0bVo7OfLPkbCTniynvl79tPM1sFbHd90Y/BANmWr/aQE2Pd7kk73/fOBy3iR vDqRUlHJJZ495qIbU/Y= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#_xZrqEzpM6I1zLnNBH0yBUA22" /> </xenc:ReferenceList> </xenc:EncryptedKey> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <dsig:Reference URI="#Timestamp-yyTgtYX6I5MVLa2FbmoNSQ22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>BOi0mHMKNIQsBWcUMpiOUp/6jPM=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body-6fMgpfle8G2QmdAMdzKW8w22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>Hd3355tAsYR16ElYPQkapb3eVl0=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>HqRqFeDXs6XyzKnXn40ux9JGuLg=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#EK-ZBxRx8IdiUdW7Ota5jNouA22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> </wsse:Security> </soap:Header> <soapenv:Body wsu:Id="Body-6fMgpfle8G2QmdAMdzKW8w22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_xZrqEzpM6I1zLnNBH0yBUA22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#EK-ZBxRx8IdiUdW7Ota5jNouA22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" /> </wsse:SecurityTokenReference> </dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime"> qChK3cVSFbAGOW6N4UDFLIIBZOAWERhy75wCVtOhuDoUVPlqJtTpZnJd7e3eAPKzC8UGtngjOg5t VRWaeowi2qrzySAsfJYBhhRKrDnZR77t8g/6LG0B9ZfFjsF4lAnytUx7OYkfiyvudZRQXa9EBCXx IvATkIN4+hliQbLYT/qx9+SIFPtPyF2zgFLJXp0IXURJwtjegJA5P3HFlci8JQjNizgoQtHUx9KO Kpa/i4SKsTZ3/QsEKiQvCPhVVV1A5pc2h2hHCQpHTklb0+dDh8A5kTHs5rBJEjcfeYLAskrFbZdk rlDQUHe4wuiDDJoVHPoqhYURwacbyaNtbzEKI3yU/+uzi4SzGuptP0lMlnfQDdNxeF4Bztnm4+df I3qW </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>