Forum Discussion

SRSeedBurners's avatar
SRSeedBurners
New Contributor
7 years ago

SoapUI WS-Security header

We are trying to duplicate in openssl the WS-Security header that SoapUI generates.  Right now we are unable to get the same signature.

 

When I apply the 'Outgoing WSS' I can see the digest value that SoapUI created as well as the signature.

 

 

Step 1: I tried to duplicate the digest value in openssl using the command (openssl dgst -binary -sha1 <file> | openssl enc -base64).  My input file contains only the 'body' portion of the request which is what SoapUI is digesting.  The only way I am able to get a match on the digest value is to remove all leading white space in SoapUI, generate the header, then take that request, canonicalize it in a java program I wrote and use that in openssl dgst command.  

 

Step 2: I am stuck on the 'signedinfo' portion now.   This needs to be canonicalized (C14N  exl), digested and signed.   Using the same method that I used to get the body digest is not working.

 

Can someone explain how SoapUI generates this header?   We have to duplicate this behavior in a Nonstop server and all we have is openssl.  

 

What library is SoapUI using to do the digital signature?

No RepliesBe the first to reply