SOAP Web Service Tutorials - Herong's Tutorial Examples - Version 5.02, by Dr. Herong Yang
Digital Signature Options Supported in SoapUI
This section describes digital signature options supported in SoapUI that allows you to specify how to identify the key used in the signature, which digest algorithm to use, which parts of the SOAP message to sign, etc.
SoapUI also allows us to generate digital signatures with multiple options. These options are listed on the "Sigature" WS-Security configuration entry section:
Keystore - Specifies which Java keystore file that contains the sender's private-public key and X.509 certificate.
Alias - Specifies which certificate entry in the keystore file is the sender's private-public key and X.509 certificate.
Password - Specifies the password used in the keystore file to protect sender's private key.
Key Identifier Type - Specifies how to identify the public key that is needed to validate the signature:
- Issuer Name and Serial Number - The issuer name and serial number of the public key certificate will be included in the "ds:Signature" element. The receiver should search for the certificate by the issuer name and serial number from its own certificate database.
- Binary Security Token - The reference ID to a wsse:BinarySecurityToken element will be included in the "ds:Signature" element. The receiver should retrieve the certificate from the referenced wsse:BinarySecurityToken element.
- X509 Certificate - The actual X.509 certificate will be included in the "ds:Signature" element.
- Subject Key Identifier - The SubjectKeyIdentifier of the public key certificate will be included in the "ds:Signature" element. The receiver should search for the certificate by the SubjectKeyIdentifier from its own certificate database.
- Thumbprint SHA1 Identifier - The SHA1 fingerprint of the public key certificate will be included in the "ds:Signature" element. The receiver should search for the certificate by the fingerprint from its own certificate database.
Signature Algorithm - Specifies which algorithm to use when generating the digital signature. The selected algorithm needs to be compatible with the type of private-public key pair or secret key that you are using.
- ...#rsa-sha1 - Specifies the RSA-SHA1 digital signature algorithm, which is compatible with RSA private-public key pairs.
- ...#dsa-sha1 - Specifies the DSA-SHA1 digital signature algorithm, which is compatible with DSA private-public key pairs.
- ...#hmac-sha1 - Specifies the HMAC-SHA1 digital signature algorithm, which is compatible with HMAC secret keys.
- ...#ecdsa-sha1 - Specifies the ECDSA-SHA1 digital signature algorithm, which is compatible with ECDSA private-public key pairs.
- ...
Signature Canonicalization - Specifies which algorithm to use when serializing the XML element in the message selected for signing.
- http://www.w3.org/2001/10/xml-exc-c14n# - Specifies the canonicalization algorithm defined in "Exclusive XML Canonicalization Version 1.0".
- http://www.w3.org/2001/10/xml-exc-c14n#WithComments - Specifies the canonicalization algorithm defined in "Exclusive XML Canonicalization Version 1.0" with XML comments included.
- ...
Digest Algorithm - Specifies which algorithm to use when generating the message digest on the serialized XML element selected for signing. The selected algorithm needs to be compatible with the selected signature algorithm.
- http://www.w3.org/2000/09/xmldsig#sha1 - Specifies the SHA1 digest algorithm, which is compatible with the DSA-SHA1 and the RSA-SHA1 digital signature algorithms.
- http://www.w3.org/2001/04/xmldsig-more#md5 - Specifies the MD5 digest algorithm.
- ...
Using Single Certificate - Turns on the flag to using a single certificate or the entire certificate path in the Binary Security Token.
Parts - Specifies a list of parts (elements) of the SOAP message to be selected for signing. Each part is defined by the following criteria. If a single part matches multiple elements, all elements are signed independently. If not part is defined, the soapenv:Body element will be signed by default.
- ID - The "id" value of the element. I am not sure on how to use this criteria. You can leave it blank.
- Name - The name value of the element.
- Namespace - The namespace value of the element.
- Encode - Signing option of: signing the element content only or signing the entire element including attributes.
The following picture shows you WS-Security digital signature options supported in SoapUI:
Last update: 2014.
Table of Contents
Introduction to SOAP (Simple Object Access Protocol)
SOAP Message Transmission and Processing
SOAP Message Exchange Patterns
Perl SOAP::Lite - SOAP Server-Client Communication Module
Perl Socket Test Program for HTTP and SOAP
Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service
Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services
Perl SOAP::Lite 0.710 for WSDL
PHP SOAP Extension Client Programs
PHP SOAP Extension Server Programs
Java Socket and HttpURLConnection for SOAP
SAAJ - SOAP with Attachments API for Java
SoapUI - SOAP Web Service Testing Tool
WS-Security - SOAP Message Security Extension
►WS-Security X.509 Certificate Token
What Is WS-Security X.509 Certificate Token Profile?
What Is XML Signature Syntax and Processing?
Generating a Self-Signed Certificate with "keytool"
SoapUI Configuration for Messaging Signing
Generating Digital Signature with SoapUI
Validating ds:Signature with X.509 Certificate
►Digital Signature Options Supported in SoapUI
What Is XML Encryption Syntax and Processing?
SoapUI Configuration for Messaging Encryption
"not an RSA key" - Encryption Failed in SoapUI
Encryption using RSA Public Key with SoapUI
2-Step Message Encryption - Symmetric and RSA
Decrypting Encrypted SOAP Message
Message Encryption Options Supported in SoapUI