i trying test soap webservice uses ws-security authentication , message encryption.
now soapui seem provide functionality in regard, struggling perform simple username token authentication authenticated encryption.
so far, generate usertoken adding username wss entry in outgoing ws-security configurations. able encrypt body additional encryption wss entry.
but usernametoken remains in clear text (it needs encrypted).
signature generation should done using hmac symmetric key used encryption, although algorithm can selected, creation fails following stacktrace:
mon aug 08 17:00:36 cest 2016:error:org.apache.ws.security.wssecurityexception: signature creation failed org.apache.ws.security.wssecurityexception: signature creation failed @ org.apache.ws.security.message.wssecsignature.computesignature(wssecsignature.java:561) @ org.apache.ws.security.message.wssecsignature.computesignature(wssecsignature.java:481) @ org.apache.ws.security.message.wssecsignature.build(wssecsignature.java:386) @ com.eviware.soapui.impl.wsdl.support.wss.entries.signatureentry.process(signatureentry.java:238) @ com.eviware.soapui.impl.wsdl.support.wss.outgoingwss.processoutgoing(outgoingwss.java:175) @ com.eviware.soapui.impl.wsdl.actions.request.applyoutgoingwsstorequestaction.actionperformed(applyoutgoingwsstorequestaction.java:55) @ javax.swing.abstractbutton.fireactionperformed(unknown source) @ javax.swing.abstractbutton$handler.actionperformed(unknown source) @ javax.swing.defaultbuttonmodel.fireactionperformed(unknown source) @ javax.swing.defaultbuttonmodel.setpressed(unknown source) @ javax.swing.abstractbutton.doclick(unknown source) @ javax.swing.plaf.basic.basicmenuitemui.doclick(unknown source) @ javax.swing.plaf.basic.basicmenuitemui$handler.mousereleased(unknown source) @ java.awt.component.processmouseevent(unknown source) @ javax.swing.jcomponent.processmouseevent(unknown source) @ java.awt.component.processevent(unknown source) @ java.awt.container.processevent(unknown source) @ java.awt.component.dispatcheventimpl(unknown source) @ java.awt.container.dispatcheventimpl(unknown source) @ java.awt.component.dispatchevent(unknown source) @ java.awt.lightweightdispatcher.retargetmouseevent(unknown source) @ java.awt.lightweightdispatcher.processmouseevent(unknown source) @ java.awt.lightweightdispatcher.dispatchevent(unknown source) @ java.awt.container.dispatcheventimpl(unknown source) @ java.awt.window.dispatcheventimpl(unknown source) @ java.awt.component.dispatchevent(unknown source) @ java.awt.eventqueue.dispatcheventimpl(unknown source) @ java.awt.eventqueue.access$200(unknown source) @ java.awt.eventqueue$3.run(unknown source) @ java.awt.eventqueue$3.run(unknown source) @ java.security.accesscontroller.doprivileged(native method) @ java.security.protectiondomain$1.dointersectionprivilege(unknown source) @ java.security.protectiondomain$1.dointersectionprivilege(unknown source) @ java.awt.eventqueue$4.run(unknown source) @ java.awt.eventqueue$4.run(unknown source) @ java.security.accesscontroller.doprivileged(native method) @ java.security.protectiondomain$1.dointersectionprivilege(unknown source) @ java.awt.eventqueue.dispatchevent(unknown source) @ java.awt.eventdispatchthread.pumponeeventforfilters(unknown source) @ java.awt.eventdispatchthread.pumpeventsforfilter(unknown source) @ java.awt.eventdispatchthread.pumpeventsforhierarchy(unknown source) @ java.awt.eventdispatchthread.pumpevents(unknown source) @ java.awt.eventdispatchthread.pumpevents(unknown source) @ java.awt.eventdispatchthread.run(unknown source) caused by: javax.xml.crypto.dsig.xmlsignatureexception: java.security.invalidkeyexception: key must secretkey @ org.jcp.xml.dsig.internal.dom.domxmlsignature.sign(unknown source) @ org.apache.ws.security.message.wssecsignature.computesignature(wssecsignature.java:556) ... 43 more caused by: java.security.invalidkeyexception: key must secretkey @ org.jcp.xml.dsig.internal.dom.domhmacsignaturemethod.sign(unknown source) ... 45 more my ws-security policy:
<wsp:policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:id="ut_policy"> <wsp:exactlyone> <wsp:all> <wsam:addressing wsp:optional="false"> <wsp:policy> <wsam:anonymousresponses/> </wsp:policy> </wsam:addressing> <sp:symmetricbinding> <wsp:policy> <sp:protectiontoken> <wsp:policy> <sp:x509token sp:includetoken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/includetoken/never"> <wsp:policy> <sp:wssx509v3token10/> </wsp:policy> </sp:x509token> </wsp:policy> </sp:protectiontoken> <sp:layout> <wsp:policy> <sp:strict/> </wsp:policy> </sp:layout> <sp:includetimestamp/> <sp:onlysignentireheadersandbody/> <sp:algorithmsuite> <wsp:policy> <sp:basic256rsa15/> </wsp:policy> </sp:algorithmsuite> </wsp:policy> </sp:symmetricbinding> <sp:wss11> <wsp:policy> <sp:mustsupportrefissuerserial/> <sp:mustsupportrefthumbprint/> <sp:mustsupportrefencryptedkey/> </wsp:policy> </sp:wss11> <sp:signedencryptedsupportingtokens> <wsp:policy> <sp:usernametoken sp:includetoken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/includetoken/alwaystorecipient"> <wsp:policy> <sp:wssusernametoken10/> </wsp:policy> </sp:usernametoken> </wsp:policy> </sp:signedencryptedsupportingtokens> </wsp:all> </wsp:exactlyone> </wsp:policy> soapui generated request:
<soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:header> <wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:encryptedkey id="ek-9aa143be89f4dc04011470669480690103" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <ds:keyinfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:securitytokenreference> <ds:x509data> <ds:x509issuerserial> <ds:x509issuername>cn=docker test root</ds:x509issuername> <ds:x509serialnumber>5</ds:x509serialnumber> </ds:x509issuerserial> </ds:x509data> </wsse:securitytokenreference> </ds:keyinfo> <xenc:cipherdata> <xenc:ciphervalue>pbgpk0et06jc3mnzam+gpqqfbrucvn0khr3uvycou7thbmml9xept/hhmttuyn80srkhkvahrxptsi7qjnljkihcmecr5bwzjy7juj8ofdocphgfdu8m0t7f0z8dqygissweqk1sgxwy4fzogx7govqzq6nridmb0gfmk2jfzl3wut2vw9jmgloqx4cwdzhx3frf+ybcpe415d4uzxgda79vr4stukclhk29rdtcemzyfl+iq87syrdchhvmhdufx/mzf/9xcrrozb/rawovo/nuzq5c0flvsbgl/f1hidbphabbz4tydeyk48b3fybukrchvglhgkbp9c0uon1sqq==</xenc:ciphervalue> </xenc:cipherdata> <xenc:referencelist> <xenc:datareference uri="#ed-9aa143be89f4dc04011470669480690104"/> </xenc:referencelist> </xenc:encryptedkey> <wsse:usernametoken wsu:id="usernametoken-9aa143be89f4dc04011470669480684102"> <wsse:username>sts-testuser</wsse:username> <wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passwordtext">secret</wsse:password> <wsse:nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">k2biryivndfi9jpsd2xw/g==</wsse:nonce> <wsu:created>2016-08-08t15:18:00.684z</wsu:created> </wsse:usernametoken> </wsse:security> </soapenv:header> <soapenv:body> <xenc:encrypteddata id="ed-9aa143be89f4dc04011470669480690104" type="http://www.w3.org/2001/04/xmlenc#content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <ds:keyinfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:securitytokenreference wsse11:tokentype="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#encryptedkey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <wsse:reference uri="#ek-9aa143be89f4dc04011470669480690103"/> </wsse:securitytokenreference> </ds:keyinfo> <xenc:cipherdata> <xenc:ciphervalue>zdgbaeksy95jk22dtuhfa+1ggz6fsaknmeois0wxnkmvb+f3bbkginz28wev5eedytvv0olw4wo9gmnncetjssvk8gbarar7irph01dpriowf1fm3huick1tcnrf1ouzvqx9phi7bry7mjjbvvnulyhuo8aqywudji7nmvjhloxcj1u67k9ixwxebrmf/ee2quaf12bknuqqhhpmqyzmgmwz649i7q6kgvzuukd+ostb2vcd4zvpblwovks3rtdg1hderteqwwywlyugenbw52dxfuwcegid4ojsmzvv1i0zk/xzheuuo73j3+db0nriwv4homc+x1uwub547pvn27ztmrtcryrq/ckl7t5l4ukeondgitlzs5zqep15ahbfwvz5wtvmaqtvdjfddsaynoadmvojsvzxnkhdzkq/amfbqchfpshioyqrnsco9dsqtrv5vbjyodpdhvymqe08fgeggnsqivvl644xysw1na0ag/8yeqfidmw9x2i0ay8deiiu03qyujci0nh7g4ye/w==</xenc:ciphervalue> </xenc:cipherdata> </xenc:encrypteddata> </soapenv:body> </soapenv:envelope>
Comments
Post a Comment