SOAP Web Service Tutorials - Herong's Tutorial Examples - Version 5.02, by Dr. Herong Yang

SOAP Web Service Tutorials - Herong's Tutorial Examples

∟WS-Security X.509 Certificate Token

∟2-Step Message Encryption - Symmetric and RSA

Now let's take a closer look at the SOAP request message generated by SoapUI from the previous tutorial. Note that the request message listed below has been simplified. See the next tutorial for the full request message.

<soapenv:Envelope xmlns:ser="..." xmlns:soapenv="..." 
xmlns:wsse11="..." xmlns:wsse="..." xmlns:wsu="..."
xmlns:ds="..." xmlns:xenc="...">
<soapenv:Header>
 <wsse:Security>

  <wsse:BinarySecurityToken 
   wsu:Id="3F60678EF1C89DEFF1140372822597117" ...>
    ... X.509 certificate ...
   </wsse:BinarySecurityToken>

  <xenc:EncryptedKey Id="EK-3F60678EF1C89DEFF1140372822597116">
   <xenc:EncryptionMethod Algorithm="...rsa-oaep-mgf1p"/>

   <ds:KeyInfo>
    <wsse:SecurityTokenReference>
     <wsse:Reference URI="#3F60678EF1C89DEFF1140372822597117" .../>
    </wsse:SecurityTokenReference>
   </ds:KeyInfo>

   <xenc:CipherData>
    <xenc:CipherValue>
     ... Encrypted secret key with the public key ...
    </xenc:CipherValue>
   </xenc:CipherData>
   
   <xenc:ReferenceList>
    <xenc:DataReference URI="#ED-3F60678EF1C89DEFF1140372822597218"/>
   </xenc:ReferenceList>
  </xenc:EncryptedKey>

 </wsse:Security>
</soapenv:Header>
<soapenv:Body>

 <xenc:EncryptedData Id="ED-3F60678EF1C89DEFF1140372822597218" ...>
  <xenc:EncryptionMethod Algorithm="...aes128-cbc"/>
  <ds:KeyInfo>
   <wsse:SecurityTokenReference wsse11:TokenType="...#EncryptedKey">
    <wsse:Reference URI="#EK-3F60678EF1C89DEFF1140372822597116"/>
   </wsse:SecurityTokenReference>
  </ds:KeyInfo>
  <xenc:CipherData>
   <xenc:CipherValue>
    ... Encrypted "Body" content with the secret key ...
   </xenc:CipherValue>
  </xenc:CipherData>
 </xenc:EncryptedData>

</soapenv:Body>
</soapenv:Envelope>

This message confirms that the encrypted SOAP message was generated by SoapUI in 2 steps. The first step is to perform a symmetric encryption on the specified message element with a random secret key:

• Since no message part is specified in the configuration, SoapUI picked up the "soapenv:Body" element content by default as the input for message encryption.
• Since no symmetric encoding algorithm is specified in the configuration, SoapUI picked the "aes128-cbc" by default as the algorithm for message encryption, see value of "xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm] attribute.
• SoapUI selected a secret key randomly as the key for message encryption.
• SoapUI serialized the "soapenv:Body" element content and encrypted it with the secret key.
• SoapUI replaced the "soapenv:Body" element content with a "xenc:EncryptedData" element.
• The Base64 encoded string of the encryption output was then included in the "xenc:EncryptedData/xenc:CipherData/xenc:CipherValue" sub element.

The second step is to perform RSA encryption on the secret key with SOAP message receiver's public key:

• Since no key encryption algorithm is specified in the configuration, SoapUI picked the "rsa-oaep-mgf1p" by default as the algorithm for encrypting the secret key. see value of "wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm] attribute.
• Since "globalsignca" certificate entry in "MyKeyStore.jks" file is specified, SoapUI picked up the public key from the "globalsignca" certificate as the public key for encrypting the secret key.
• The Base64 encoded string of the encrypted secret key was included in the "wsse:Security/xenc:EncryptedKey/xenc:CipherData/xenc:CipherValue" element.
• SoapUI also included the "globalsignca" certificate in the "wsse:Security/wsse:BinarySecurityToken" element. This helps the message receiver to find the match private key from its own certificate database in order to decrypt the secret key.

Last update: 2014.

Table of Contents

 About This Book

 Introduction to Web Service

 Introduction to SOAP (Simple Object Access Protocol)

 SOAP Message Structure

 SOAP Message Transmission and Processing

 SOAP Data Model

 SOAP Encoding

 SOAP RPC Presentation

 SOAP Properties Model

 SOAP Message Exchange Patterns

 SOAP HTTP Binding

 SOAP Perl Implementations

 SOAP PHP Implementations

 SOAP Java Implementations

 Perl SOAP::Lite - SOAP Server-Client Communication Module

 Perl Socket Test Program for HTTP and SOAP

 Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service

 Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services

 Perl SOAP::Lite 0.710 for WSDL

 PHP SOAP Extension Client Programs

 PHP SOAP Extension Server Programs

 Java Socket and HttpURLConnection for SOAP

 SAAJ - SOAP with Attachments API for Java

 SoapUI - SOAP Web Service Testing Tool

 WS-Security - SOAP Message Security Extension

►WS-Security X.509 Certificate Token

 What Is WS-Security X.509 Certificate Token Profile?

 What Is XML Signature Syntax and Processing?

 Generating a Self-Signed Certificate with "keytool"

 SoapUI Configuration for Messaging Signing

 Generating Digital Signature with SoapUI

 Validating ds:Signature with X.509 Certificate

 Digital Signature Options Supported in SoapUI

 What Is XML Encryption Syntax and Processing?

 SoapUI Configuration for Messaging Encryption

 "not an RSA key" - Encryption Failed in SoapUI

 Encryption using RSA Public Key with SoapUI

►2-Step Message Encryption - Symmetric and RSA

 Decrypting Encrypted SOAP Message

 Message Encryption Options Supported in SoapUI

 Web Services and SOAP Terminology

 References

 PDF Printing Version

2-Step Message Encryption - Symmetric and RSA - Updated in 2017, by Dr. Herong Yang