SOAP Web Service Tutorials - Herong's Tutorial Examples - Version 5.01, by Dr. Herong Yang
Encryption using RSA Public Key with SoapUI
This section provides a tutorial example on how to encryption the SOAP body element content with a RSA public key certificate using SoapUI.
To try to fix the error occurred in the previous tutorial, let's grab a RSA public key certificate from JDK's "cacerts" keystore file.
1. Export the "globalsignca" certificate JDK's "cacerts" keystore file to certificate file, globalsignca.crt:
C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -exportcert -alias globalsignca -file globalsignca.crt -keystore "\Program Files\java\jdk1.8.0\jre\lib\security\cacerts" Enter keystore password: changeit Certificate stored in file <globalsignca.crt>
2. Import the certificate from globalsignca.crt into "MyKeyStore.jks" file:
C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -importcert -alias globalsignca -keystore MyKeyStore.jks -storepass MyKeyStore -file globalsignca.crt Owner: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Serial number: 40000000001154b5ac394 Valid from: Tue Sep 01 08:00:00 EDT 1998 until: Fri Jan 28 07:00:00 EST 2028 Certificate fingerprints: MD5: 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C SHA256: EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6: 68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99 Signature algorithm name: SHA1withRSA Version: 3 ... Trust this certificate? [no]: yes Certificate was added to keystore
3. Restart SoapUI and modify the "Encryption" configuration setting:
Keystore: MyKeyStore.jks ALias: mycertificate Password: ...
4. Resubmit the SOAP request. The response message will be displayed.
5. Click on the "Raw" vertical tab. This time, you should see "wsse:Security" SOAP header element added to the request message automatically. And the SOAP body element content is replaced with a "xenc:EncryptedData" element:
<soapenv:Envelope ...> <soapenv:Header> <wsse:Security> ... </wsse:Security> </soapenv:Header> <soapenv:Body> <xenc:EncryptedData Id="ED-3F60678EF1C89DEFF1140372822597218" ...> ... </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>
Congratulations! We have successfully encrypted SOAP request message with SoapUI with a X.509 certificate from "globalsignca". No body can see what we are actually sending in the SOAP body except for the owner of "globalsignca", who has the private key associated with the public key in the certificate.
Of course, in a real world integration, we need to use a certificate of RSA public key from the message receiver.
Last update: 2014.
Table of Contents