Dear,
I have problem with signing soap message mime attachments.
I don't know how to do it? I have configured outgoing WSS signature, but I don't know how to mention the attachments?
Is there a way to do it?
Thanks,
Piotr
Hi Rao,
Thanks for the suggestion, I have been there already many times :(
Let me give you an example of what I need to achieve by use of SoapUI:
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"
xmlns:xsd="http://www.w3.org/1999/XMLSchema"
xmlns:eb3="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soapenv:mustUnderstand="true">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-bb231ee6-959b-45f2-b3a3-191007e23cbd"
>MIIDJTCCAo6gAwIBAgIJAM4lB6SmU6gDMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNVBAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZMb25kb24xGDAWBgNVBAoTD0luc3RpdHV0aW9uIDAwMTEcMBoGA1UEAxMTaW5zdDAwMS51ay5lZXNzaS5ldTAeFw0xNTA0MjgxNTQxNTZaFw0yMDA0MjYxNTQxNTZaMGsxCzAJBgNVBAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZMb25kb24xGDAWBgNVBAoTD0luc3RpdHV0aW9uIDAwMTEcMBoGA1UEAxMTaW5zdDAwMS51ay5lZXNzaS5ldTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtVodColQfHrgQEHY6xkLavI2gFrA9twpJoPLKkRFbC/FFKNHARwbUAEsK77y8pZ0OdU1Ose0wNluw5nsAaR8sTjvhCf33auLIuMXjyj0DswNL8dHXyUyF5z1DBWxQ0ypjwpmjeYHFYH96brcv8PWwii8wJt9ngb7o2FINPDX3+0CAwEAAaOB0DCBzTAdBgNVHQ4EFgQU/yiUd7NOsKeZryZpNeyEmwZ/EIowgZ0GA1UdIwSBlTCBkoAU/yiUd7NOsKeZryZpNeyEmwZ/EIqhb6RtMGsxCzAJBgNVBAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZMb25kb24xGDAWBgNVBAoTD0luc3RpdHV0aW9uIDAwMTEcMBoGA1UEAxMTaW5zdDAwMS51ay5lZXNzaS5ldYIJAM4lB6SmU6gDMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAnPgi42kUQ8PfVz1b+H9XVT8/7dpO2/En72/eZenTlLhE7Xay+gEiCj+MBmHv8gV5lVGAPM/T1jbigzkmx1iNkZiOSjMEgR4NLOWneMoXJRleW6JEAv6p1gAEP94BKwEM+niIw519oEdPZVrnh9FD8pr4aHMxYnKQBdWH8eeAWmI=</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-92b59d46-3f24-4de2-99d3-9eb4a1270b0b">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="eb3 soapenv xsd xsi"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-5685789a-bac1-4004-bfe4-9ff8cbc5dba4">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="xsd xsi"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>L4S3abfBduf3ARj0dtomWC+lGwRkqhXNoDEapzvpwck=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-7fff962b-0e0b-4aa9-a9d0-0ad9afa8d86e">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="eb3 xsd xsi"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>R0U9WM3TsHXMnihFk6uiqHj7qvgqHMAIS+BNzLnYnpE=</ds:DigestValue>
</ds:Reference>
<ds:Reference
URI="cid:f680700a-fbd9-4c66-bd8d-468e32d7950-1469649050@gecko.fritz.box">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>sdsfYBbMy8UajSYQ1wfV/cP4krj6s8FVvQbgqBLkzj0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>YqiVq7RC2WuqGk20Q7qzUAjCIVILuq/PZl6t2vu+jkUbRs97dSiRW712Vz8Q6btueQP0Y8zcs44p1TeAt7tPB7y4s0XNy8feq/sVDcurZ+1KKwSbHbQvyqh3rSjRL/fWS7/mp1rrQidtMzXyz8E8etwVghuF3HrdyYFW+H5I2Tg=</ds:SignatureValue>
<ds:KeyInfo Id="KI-6575c128-e390-4db0-9c3e-2299d586a073">
<wsse:SecurityTokenReference wsu:Id="STR-8a8e51d4-ce14-4f4e-a7ab-ecc2f08ce261">
<wsse:Reference URI="#X509-bb231ee6-959b-45f2-b3a3-191007e23cbd"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<eb3:Messaging
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-5685789a-bac1-4004-bfe4-9ff8cbc5dba4" soapenv:mustUnderstand="true"
soapenv:role="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/part2/200811/nextmsh">
<eb3:UserMessage>
<eb3:MessageInfo>
<eb3:Timestamp>2015-06-23T15:03:50.293Z</eb3:Timestamp>
<eb3:MessageId>f680700a-fbd9-4c66-bd8d-468e32d7950b@gecko.fritz.box</eb3:MessageId>
</eb3:MessageInfo>
<eb3:PartyInfo>
<eb3:From>
<eb3:PartyId type="type22">sample@1</eb3:PartyId>
<eb3:Role>role33</eb3:Role>
</eb3:From>
<eb3:To>
<eb3:PartyId type="type22">sample@2</eb3:PartyId>
<eb3:Role>role33</eb3:Role>
</eb3:To>
</eb3:PartyInfo>
<eb3:CollaborationInfo>
<eb3:Service type="type1">Messaging</eb3:Service>
<eb3:Action>Send</eb3:Action>
<eb3:ConversationId>converID_1</eb3:ConversationId>
</eb3:CollaborationInfo>
<eb3:PayloadInfo>
<eb3:PartInfo
href="cid:f680700a-fbd9-4c66-bd8d-468e32d7950-1469649050@gecko.fritz.box">
<eb3:PartProperties>
<eb3:Property name="PartType">SED</eb3:Property>
<eb3:Property name="CompressionType">application/gzip</eb3:Property>
<eb3:Property name="MimeType">application/xml</eb3:Property>
</eb3:PartProperties>
</eb3:PartInfo>
</eb3:PayloadInfo>
</eb3:UserMessage>
</eb3:Messaging>
</soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-7fff962b-0e0b-4aa9-a9d0-0ad9afa8d86e"/>
</soapenv:Envelope>I am not able to generate by use of SoapUI wss security settings/configuration/usage the following part which concerns attachments. In other words I don't know how to sign attachments:
<ds:Reference
URI="cid:f680700a-fbd9-4c66-bd8d-468e32d7950-1469649050@gecko.fritz.box">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>sdsfYBbMy8UajSYQ1wfV/cP4krj6s8FVvQbgqBLkzj0=</ds:DigestValue>
</ds:Reference>
Also the setup of my signature ws security settings:
Hi, good example of the target Signature format to sign both a msg body and its attachment, but I dont think SOAPUI 'Signature Tab' can add a second<ds:Reference/> element (eg to reference the attachment by cid)- the Parts Table looked like it might have this capability with the "ID" column but I couldnt get it to generate any multi-part messages and cant find any documentation to support this.
Happy to be corrected if SOAPUI can do this ?
