X509 certificate

More info: This is signature is generated with SoapUI 3.0 (Signature Algorithm = X509 Certificate)
-
-
  MIIEFzC......
 
 

If I read the standard, http://docs.oasis-open.org/wss/2004/01/ ... le-1.0.pdf, (page=8, line 209). Then it says that the ValueTypeUri has to be "X509 SubjectKeyIdentifier". This is not the case in SoapUI as you can see above. Is this an error in SoapUI or am I reading the standard in a wrong way.

If I change Sequrity Algorithm to Binary Sequrity Token it work fine.

Hi,
  I found this documentation about wsse problem.  It looks very similar to the fault I am getting. Are you using this library and are you using it as it is stated in this documentation:

https://issues.apache.org/jira/browse/WSS-200

/Fredrik

Hi Fredrik,

yes, this is the library we are using, thanks for digging into this.. how do you suggest we change the UI / behaviour?

regards!

/Ole
eviware.com

I think you might use the WSS4J in an incorrect way. Read the last 3 comments, they are about SoapUI. https://issues.apache.org/jira/browse/WSS-200

I just want to try to use the "SKI_KEY_IDENTIFIER" instead of the X509_KEY_IDENTIFIER to very if this is the problem.

Thanks, we'll look into this after we've gotten out the 3.0 release.

Regards,
Dain
eviware support

Hi,

I am using soapUI v3.6.1 (Trail version) and trying to send SOAP requests using X509 certificate. But, the request fails with "500 Internal server error". There is no information in the error log or soapui log. In the http log, I can see the below SOAP message.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" mustUnderstand="0" actor="">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-7">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-8">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Cl0KhgzIct++bRKNZ/M7WTty4Ec=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>QzGfVGLbmOEN3RF27sREt0DDp387bbLAOXX1krb7ctY=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-A738352153DAE7C9EE129056247962411">
<wsse:SecurityTokenReference wsu:Id="STRId-A738352153DAE7C9EE129056247962412" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIG2jCCBcKgAwIBAgIKO5QhCQAAAAF9IzANBgkq.....
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-8" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<spml:searchRequest xmlns:spml="urn:siemens:names:prov:gw:SPML:2:0" xsi:schemaLocation="urn:siemens:names:prov:gw:SDS_SUBSCRIBER:1:0 sds_subscriber-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<version>SDS_SUBSCRIBER_v10</version>
<base>
<objectclass>Subscriber</objectclass>
<alias name="msisdn" value="61400606462"/>
</base>
</spml:searchRequest>
</soapenv:Body>
</soapenv:Envelope>


However, as per the standard, its expected that the SOAP message would be in the below format..

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-
20010315#WithComments"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>C/XuRHa+cndQKRJEk+falPNaYEE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
GxZMhsrcRIujUT5GKW/OUI06CIBNgoIjl8efq8ch5UmFyU6lH4XGslpOvxrCp/j7+B6o0FOOhZ5NZldKRihZoDzG9pzdNi9Ljw
EFO1p/wOaxisDoMNuDo0Ymi2TEEZzOKkApcDK6zF7oQqfONrRTM=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIG2jCCBcKgAwIBAgIKO5QhCQAAAAF9IzANBgkq.....
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
pWgJX6zaUSVLrCb08vjHJ9un21OpWM99d+hSgVJQBnVSL+eXSvA5jPcZQbYkNEY4bCG+mc8G6oaNN8T8RESEOvfdsykMhkfMLL
oYbARLHEmw/iDVNbdCCocgbc6QWCYJQ6dMqlBE7lYnJcuS/TI+/UtDkyw2tR6/yU=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</soapenv:Header>
<soapenv:Body Id="Body">
<spml:searchRequest xmlns:spml="urn:siemens:names:prov:gw:SPML:2:0" xsi:schemaLocation="urn:siemens:names:prov:gw:SDS_SUBSCRIBER:1:0 sds_subscriber-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<version>SDS_SUBSCRIBER_v10</version>
<base>
<objectclass>Subscriber</objectclass>
<alias name="msisdn" value="61400606462"/>
</base>
</spml:searchRequest>
</soapenv:Body>
</soapenv:Envelope>

If you compare, you will notice that soapUI isn't sending some of the required tags like - <X509Data>, <X509Certificate>, <RSAKeyValue>, <Modulus>, etc

I would like to know if this is a known bug/issue and whether its fixed in the licensed version or not.
Appreciate if I could get a quick response. I really need one.

Thanks in advance,
Manu

soapui 4.5.1 same problem. My peer is expecting
<X509Data>
<X509SubjectName>
tags. And I cannot find a way to create them.