SOAP Web Service Tutorials - Herong's Tutorial Examples - Version 5.02, by Dr. Herong Yang
Encryption using RSA Public Key with SoapUI
This section provides a tutorial example on how to encryption the SOAP body element content with a RSA public key certificate using SoapUI.
To try to fix the error occurred in the previous tutorial, let's grab a RSA public key certificate from JDK's "cacerts" keystore file.
1. Export the "globalsignca" certificate JDK's "cacerts" keystore file to certificate file, globalsignca.crt:
C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -exportcert -alias globalsignca -file globalsignca.crt -keystore "\Program Files\java\jdk1.8.0\jre\lib\security\cacerts" Enter keystore password: changeit Certificate stored in file <globalsignca.crt>
2. Import the certificate from globalsignca.crt into "MyKeyStore.jks" file:
C:\herong>"\Program Files\java\jdk1.8.0\bin\keytool" -importcert -alias globalsignca -keystore MyKeyStore.jks -storepass MyKeyStore -file globalsignca.crt Owner: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Serial number: 40000000001154b5ac394 Valid from: Tue Sep 01 08:00:00 EDT 1998 until: Fri Jan 28 07:00:00 EST 2028 Certificate fingerprints: MD5: 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A SHA1: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C SHA256: EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6: 68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99 Signature algorithm name: SHA1withRSA Version: 3 ... Trust this certificate? [no]: yes Certificate was added to keystore
3. Restart SoapUI and modify the "Encryption" configuration setting:
Keystore: MyKeyStore.jks ALias: mycertificate Password: ...
4. Resubmit the SOAP request. The response message will be displayed.
5. Click on the "Raw" vertical tab. This time, you should see "wsse:Security" SOAP header element added to the request message automatically. And the SOAP body element content is replaced with a "xenc:EncryptedData" element:
<soapenv:Envelope ...> <soapenv:Header> <wsse:Security> ... </wsse:Security> </soapenv:Header> <soapenv:Body> <xenc:EncryptedData Id="ED-3F60678EF1C89DEFF1140372822597218" ...> ... </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>
Congratulations! We have successfully encrypted SOAP request message with SoapUI with a X.509 certificate from "globalsignca". No body can see what we are actually sending in the SOAP body except for the owner of "globalsignca", who has the private key associated with the public key in the certificate.
Of course, in a real world integration, we need to use a certificate of RSA public key from the message receiver.
Last update: 2014.
Table of Contents
Introduction to SOAP (Simple Object Access Protocol)
SOAP Message Transmission and Processing
SOAP Message Exchange Patterns
Perl SOAP::Lite - SOAP Server-Client Communication Module
Perl Socket Test Program for HTTP and SOAP
Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service
Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services
Perl SOAP::Lite 0.710 for WSDL
PHP SOAP Extension Client Programs
PHP SOAP Extension Server Programs
Java Socket and HttpURLConnection for SOAP
SAAJ - SOAP with Attachments API for Java
SoapUI - SOAP Web Service Testing Tool
WS-Security - SOAP Message Security Extension
►WS-Security X.509 Certificate Token
What Is WS-Security X.509 Certificate Token Profile?
What Is XML Signature Syntax and Processing?
Generating a Self-Signed Certificate with "keytool"
SoapUI Configuration for Messaging Signing
Generating Digital Signature with SoapUI
Validating ds:Signature with X.509 Certificate
Digital Signature Options Supported in SoapUI
What Is XML Encryption Syntax and Processing?
SoapUI Configuration for Messaging Encryption
"not an RSA key" - Encryption Failed in SoapUI
►Encryption using RSA Public Key with SoapUI
2-Step Message Encryption - Symmetric and RSA
Decrypting Encrypted SOAP Message
Message Encryption Options Supported in SoapUI