cancel
Showing results for 
Search instead for 
Did you mean: 

Signing soap message mime attachments - problem

picia
New Contributor

Signing soap message mime attachments - problem

Dear,

I have problem with signing soap message mime attachments.

I don't know how to do it? I have configured outgoing WSS signature, but I don't know how to mention the attachments?

Is there a way to do it?

 

Thanks,

Piotr

3 REPLIES 3
nmrao
Community Hero

Re: Signing soap message mime attachments - problem

See if the below link is helpful?
http://www.soapui.org/soap-and-wsdl/headers-and-attachments.html


Regards,
Rao.
picia
New Contributor

Re: Signing soap message mime attachments - problem

Hi Rao,

Thanks for the suggestion, I have been there already many times 😞

Let me give you an example of what I need to achieve by use of SoapUI:

<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"
    xmlns:xsd="http://www.w3.org/1999/XMLSchema"
    xmlns:eb3="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
    xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance/">
	<soapenv:Header>
		<wsse:Security
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            soapenv:mustUnderstand="true">
			<wsse:BinarySecurityToken
                EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                wsu:Id="X509-bb231ee6-959b-45f2-b3a3-191007e23cbd"
                >MIIDJTCCAo6gAwIBAgIJAM4lB6SmU6gDMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNVBAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZMb25kb24xGDAWBgNVBAoTD0luc3RpdHV0aW9uIDAwMTEcMBoGA1UEAxMTaW5zdDAwMS51ay5lZXNzaS5ldTAeFw0xNTA0MjgxNTQxNTZaFw0yMDA0MjYxNTQxNTZaMGsxCzAJBgNVBAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZMb25kb24xGDAWBgNVBAoTD0luc3RpdHV0aW9uIDAwMTEcMBoGA1UEAxMTaW5zdDAwMS51ay5lZXNzaS5ldTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtVodColQfHrgQEHY6xkLavI2gFrA9twpJoPLKkRFbC/FFKNHARwbUAEsK77y8pZ0OdU1Ose0wNluw5nsAaR8sTjvhCf33auLIuMXjyj0DswNL8dHXyUyF5z1DBWxQ0ypjwpmjeYHFYH96brcv8PWwii8wJt9ngb7o2FINPDX3+0CAwEAAaOB0DCBzTAdBgNVHQ4EFgQU/yiUd7NOsKeZryZpNeyEmwZ/EIowgZ0GA1UdIwSBlTCBkoAU/yiUd7NOsKeZryZpNeyEmwZ/EIqhb6RtMGsxCzAJBgNVBAYTAlVLMRMwEQYDVQQIEwpTb21lLVN0YXRlMQ8wDQYDVQQHEwZMb25kb24xGDAWBgNVBAoTD0luc3RpdHV0aW9uIDAwMTEcMBoGA1UEAxMTaW5zdDAwMS51ay5lZXNzaS5ldYIJAM4lB6SmU6gDMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAnPgi42kUQ8PfVz1b+H9XVT8/7dpO2/En72/eZenTlLhE7Xay+gEiCj+MBmHv8gV5lVGAPM/T1jbigzkmx1iNkZiOSjMEgR4NLOWneMoXJRleW6JEAv6p1gAEP94BKwEM+niIw519oEdPZVrnh9FD8pr4aHMxYnKQBdWH8eeAWmI=</wsse:BinarySecurityToken>
			<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                Id="SIG-92b59d46-3f24-4de2-99d3-9eb4a1270b0b">
				<ds:SignedInfo>
					<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
						<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                            PrefixList="eb3 soapenv xsd xsi"/>
					</ds:CanonicalizationMethod>
					<ds:SignatureMethod
                        Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
					<ds:Reference URI="#id-5685789a-bac1-4004-bfe4-9ff8cbc5dba4">
						<ds:Transforms>
							<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
								<ec:InclusiveNamespaces
                                    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                                    PrefixList="xsd xsi"/>
							</ds:Transform>
						</ds:Transforms>
						<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
						<ds:DigestValue>L4S3abfBduf3ARj0dtomWC+lGwRkqhXNoDEapzvpwck=</ds:DigestValue>
					</ds:Reference>
					<ds:Reference URI="#id-7fff962b-0e0b-4aa9-a9d0-0ad9afa8d86e">
						<ds:Transforms>
							<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
								<ec:InclusiveNamespaces
                                    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                                    PrefixList="eb3 xsd xsi"/>
							</ds:Transform>
						</ds:Transforms>
						<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
						<ds:DigestValue>R0U9WM3TsHXMnihFk6uiqHj7qvgqHMAIS+BNzLnYnpE=</ds:DigestValue>
					</ds:Reference>
					<ds:Reference
                        URI="cid:f680700a-fbd9-4c66-bd8d-468e32d7950-1469649050@gecko.fritz.box">
						<ds:Transforms>
							<ds:Transform
                                Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"
                            />
						</ds:Transforms>
						<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
						<ds:DigestValue>sdsfYBbMy8UajSYQ1wfV/cP4krj6s8FVvQbgqBLkzj0=</ds:DigestValue>
					</ds:Reference>
				</ds:SignedInfo>
				<ds:SignatureValue>YqiVq7RC2WuqGk20Q7qzUAjCIVILuq/PZl6t2vu+jkUbRs97dSiRW712Vz8Q6btueQP0Y8zcs44p1TeAt7tPB7y4s0XNy8feq/sVDcurZ+1KKwSbHbQvyqh3rSjRL/fWS7/mp1rrQidtMzXyz8E8etwVghuF3HrdyYFW+H5I2Tg=</ds:SignatureValue>
				<ds:KeyInfo Id="KI-6575c128-e390-4db0-9c3e-2299d586a073">
					<wsse:SecurityTokenReference wsu:Id="STR-8a8e51d4-ce14-4f4e-a7ab-ecc2f08ce261">
						<wsse:Reference URI="#X509-bb231ee6-959b-45f2-b3a3-191007e23cbd"
                            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                        />
					</wsse:SecurityTokenReference>
				</ds:KeyInfo>
			</ds:Signature>
		</wsse:Security>
		<eb3:Messaging
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            wsu:Id="id-5685789a-bac1-4004-bfe4-9ff8cbc5dba4" soapenv:mustUnderstand="true"
            soapenv:role="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/part2/200811/nextmsh">
			<eb3:UserMessage>
				<eb3:MessageInfo>
					<eb3:Timestamp>2015-06-23T15:03:50.293Z</eb3:Timestamp>
					<eb3:MessageId>f680700a-fbd9-4c66-bd8d-468e32d7950b@gecko.fritz.box</eb3:MessageId>
				</eb3:MessageInfo>
				<eb3:PartyInfo>
					<eb3:From>
						<eb3:PartyId type="type22">sample@1</eb3:PartyId>
						<eb3:Role>role33</eb3:Role>
					</eb3:From>
					<eb3:To>
						<eb3:PartyId type="type22">sample@2</eb3:PartyId>
						<eb3:Role>role33</eb3:Role>
					</eb3:To>
				</eb3:PartyInfo>
				<eb3:CollaborationInfo>
					<eb3:Service type="type1">Messaging</eb3:Service>
					<eb3:Action>Send</eb3:Action>
					<eb3:ConversationId>converID_1</eb3:ConversationId>
				</eb3:CollaborationInfo>
				<eb3:PayloadInfo>
					<eb3:PartInfo
                        href="cid:f680700a-fbd9-4c66-bd8d-468e32d7950-1469649050@gecko.fritz.box">
						<eb3:PartProperties>
							<eb3:Property name="PartType">SED</eb3:Property>
							<eb3:Property name="CompressionType">application/gzip</eb3:Property>
							<eb3:Property name="MimeType">application/xml</eb3:Property>
						</eb3:PartProperties>
					</eb3:PartInfo>
				</eb3:PayloadInfo>
			</eb3:UserMessage>
		</eb3:Messaging>
	</soapenv:Header>
	<soapenv:Body
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
        wsu:Id="id-7fff962b-0e0b-4aa9-a9d0-0ad9afa8d86e"/>
</soapenv:Envelope>

I am not able to generate by use of SoapUI wss security settings/configuration/usage the following part which concerns attachments. In other words I don't know how to sign attachments:

<ds:Reference
URI="cid:f680700a-fbd9-4c66-bd8d-468e32d7950-1469649050@gecko.fritz.box">
<ds:Transforms>
<ds:Transform
Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"
/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>sdsfYBbMy8UajSYQ1wfV/cP4krj6s8FVvQbgqBLkzj0=</ds:DigestValue>
</ds:Reference>

Also the setup of my signature ws security settings:

soapuiWSSsettings.png

 

grb123
New Contributor

Re: Signing soap message mime attachments - problem

Hi, good example of the target Signature format to sign both a msg body and its attachment, but I dont think SOAPUI 'Signature Tab' can add a second<ds:Reference/> element (eg to reference the attachment by cid)- the Parts Table looked like it might have this capability with the "ID" column but I couldnt get it to generate any multi-part messages and cant find any documentation to support this.

Happy to be corrected if SOAPUI can do this ?

New Here?
Join us and watch the welcome video:
Top Kudoed Authors