Forum Discussion

PMI_Mortgage_In_1's avatar
PMI_Mortgage_In_1
Occasional Contributor
13 years ago

Web Services - WS Security (Decryp and Sig) for responses

We use SOAP UI for testing all our services. Our external services are secured using WS-Security (X509), encrypting and signing the message content.
- Consumer encrypts the message with Service public key and then signs the message with Consumer's private key
- The service then validates the signature using consumer's public key and decryps the message using Service's private key
- The service then processes the request and prepares the response for sending
- The service then encrypts the message with Consumer's public key and signs the message with Service's private key
- The consumer then validates the signature with Service's public key and decrypts the message with it's private key

We're trying to setup SOAP UI to test these secured services and are trying to do following -
1. For request (Outgoing): SOAP UI encrypts the request message with Service public key and signing the message with Consumer's private key
2. For response (Incoming): SOAP UI validates the signature with Service's public key and decrypts the message with consumer's private key

We're able to do #1 above that is adding encrypting and signature for outgoing message. Bur for response XML, we're unable to add details for signature validation and decryption, and SOAP UI shows the response in decrypted form.

So the question is that how can we set WS-Security (Signature validation and Decryption settings) for response (Incoming message) so that we can see the actual response (and not cryptic response).


Refer to following article that lists setting up WS-Security -
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
Refer to Section 3 Outgoing WSS and Section 4 Incoming WSS. Please note that Section 3 refers to Encryption and Signature but Section 4 does not provide this information. I want to understand how to setup security for responses.

6 Replies

  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    Hi,

    for responses you need to create an incoming wss configuration and specify with keystores soapUI should use for decrypting and veriifying signatures (in the "Incoming WS-Security Configurations" tab) - then specify this incoming WSS configuration in the requests AUT tab. When the response is received soapUI will try to decrypt and validate using the specified keystores...

    Does that help?

    regards!

    /Ole
    SmartBear Stockholm
  • PMI_Mortgage_In_1's avatar
    PMI_Mortgage_In_1
    Occasional Contributor
    Thanks for your reply.

    From Outgoing WS-Security Configurations tab, I see options for setting security for Encryption and Signature where I can specify which keys to use for encryption and signing the message.

    However, for Incoming WS-Security Configurations tab, I only see option for specifying key store, there is no option to specify the keys. See screen shot 1. So for decryption, even if we specify the keystore that needs to be used for decryption and signature validation, how will we specify which keys to be used for decryption and signature validation?

    In our case, we have only one keystore with two keys. Key1 (our private key) and Key2 (web service provider public key). For Outgoing we use Key1 for signing and Key2 for encryption. For Incoming, we want to specify use Key1 for decryption and Key2 for signature verification? Any documentation/suggestions that how to accomplish this?
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    Hi,

    hmm.. I guess you would have to create and add two separate keystores each containing the desired keys...!?

    regards,

    /Ole
    SmartBear Stockholm
  • PMI_Mortgage_In_1's avatar
    PMI_Mortgage_In_1
    Occasional Contributor
    It's not a good idea to have one key store for every key. However, for testing I tried to do what you said. So I made two copies of the keystore. From first I deleted the client's public key and from second I deleted the provider's private key.

    Then I added the keystores to SoapUI. It added the store with private key but when I added the store that only had the public key, SoapUI complained that <error: java.security.KeyStoreException: No private keys found in keystore!>.

    Please advise.

    I want to provide some more information like screen shots etc. but I can't do that here as this is an open forum. Can you please provide me your email address and I can email you those. Also, if you can provide a phone number then it will help to resolve this issue faster. This process is taking lot of time.
  • Janakiram's avatar
    Janakiram
    New Contributor

    Have you found the solution? I'm also facing the same issue