We are trying to duplicate in openssl the WS-Security header that SoapUI generates. Right now we are unable to get the same signature.
When I apply the 'Outgoing WSS' I can see the digest value that SoapUI created as well as the signature.
Step 1: I tried to duplicate the digest value in openssl using the command (openssl dgst -binary -sha1 <file> | openssl enc -base64). My input file contains only the 'body' portion of the request which is what SoapUI is digesting. The only way I am able to get a match on the digest value is to remove all leading white space in SoapUI, generate the header, then take that request, canonicalize it in a java program I wrote and use that in openssl dgst command.
Step 2: I am stuck on the 'signedinfo' portion now. This needs to be canonicalized (C14N exl), digested and signed. Using the same method that I used to get the body digest is not working.
Can someone explain how SoapUI generates this header? We have to duplicate this behavior in a Nonstop server and all we have is openssl.
What library is SoapUI using to do the digital signature?