SoapUI Configuration for Messaging Encryption
This section provides a tutorial example on how to create a configuration entry to support SOAP messag encryption with an X.509 certificate in a JKS (Java KeyStore) file.
If you want to encrypt some parts of a SOAP message with X.509 certificates for testing purpose,
you can use SoapUI.
Here is what I did to set a configuration in SoapUI to encrypt outgoing SOAP message
with default options as much as possible.
1. Start SoapUI and load Hello_WSDL_11_SOAP.wsdl as shown in previous tutorials.
2. Double-click on the project name "helloProject"
The project properties screen shows up.
3. Click on the "Keystores" tab.
4. Click the "+" icon to add a keystore by select
"MyKeyStore.jks" file created from the previous tutorial.
The key store file password needs to be entered too.
5. Click on the "WS-Security Configurations" tab.
4. On the next level tab list, click on "Outgoing WS-Security Configurations".
5. Click the "+" icon to add a WS-Security configuration.
Then enter "Encryption" as the configuration name.
6. Click the "+" icon below the configuration name list to add a configuration entry,
Then select "Encryption" from the entry type list.
7. Enter the following to complete the configuration entry:
Key Identifier Type: Binary Security Token
Symmetric Encoding Algorithm: default
Key Encryption Algorithm: default
Create Encrypted Key: [x] Indicates whether to encrypt the symmetric
key into an EncryptedKey or not
Notes on above settings:
- The "Keystore" value must specify a JKS (Java KeyStore) file.
- The "Alias" value must specify a certificate entry in the specified JKS file.
- The specified certificate entry must have an X.509 certificate provided by the SOAP message receiver.
It binds the public key of a private-public key pair to the receiver.
In this example, "mycertificate" has a self-signed X.509 certificate.
- The "password" value is not needed, because no private key is needed to encrypt a SOAP message.
- The public key in the X.509 certificate will be used by the send to encrypt a randomly generated
- The SOAP message will be encrypted by the secret key.
- The X.509 certificate will be attached to the SOAP message for the SOAP message receiver.
- The receiver will find the private key matching the public key in the X.509 certificate
in receiver's database.
- The private key will be used to decrypt the SOAP message.
The picture belows shows you the WS-Security configuration entry
to support message encryption:
Last update: 2014.
Table of Contents
About This Book
Introduction to Web Service
Introduction to SOAP (Simple Object Access Protocol)
SOAP Message Structure
SOAP Message Transmission and Processing
SOAP Data Model
SOAP RPC Presentation
SOAP Properties Model
SOAP Message Exchange Patterns
SOAP HTTP Binding
SOAP Perl Implementations
SOAP PHP Implementations
SOAP Java Implementations
Perl SOAP::Lite - SOAP Server-Client Communication Module
Perl Socket Test Program for HTTP and SOAP
Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service
Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services
Perl SOAP::Lite 0.710 for WSDL
PHP SOAP Extension Client Programs
PHP SOAP Extension Server Programs
Java Socket and HttpURLConnection for SOAP
SAAJ - SOAP with Attachments API for Java
SoapUI - SOAP Web Service Testing Tool
WS-Security - SOAP Message Security Extension
►WS-Security X.509 Certificate Token
What Is WS-Security X.509 Certificate Token Profile?
What Is XML Signature Syntax and Processing?
Generating a Self-Signed Certificate with "keytool"
SoapUI Configuration for Messaging Signing
Generating Digital Signature with SoapUI
Validating ds:Signature with X.509 Certificate
Digital Signature Options Supported in SoapUI
What Is XML Encryption Syntax and Processing?
►SoapUI Configuration for Messaging Encryption
"not an RSA key" - Encryption Failed in SoapUI
Encryption using RSA Public Key with SoapUI
2-Step Message Encryption - Symmetric and RSA
Decrypting Encrypted SOAP Message
Message Encryption Options Supported in SoapUI
Web Services and SOAP Terminology
PDF Printing Version