Generating Digital Signature with SoapUI

SOAP Web Service Tutorials - Herong's Tutorial Examples

∟Generating Digital Signature with SoapUI

This section provides a tutorial example on how to generate a digital signature on the 'soapenv:Body' and include the signature in the 'wsse:Security' SOAP header element using SoapUI.

With the "Signature" configuration created, we can continue to generate a SOAP request message that contains a digital signature with SoapUI.

1. Right-click on "Hello" and select "New Request". The request screen is displayed with a new SOAP test request message.

2. Click on "Auth" below the request message area on the request screen, The authorization area is displayed.

3. Select "Add a New Authorization". Then select "Basic" as the "Type". Basic authorization fields are displayed.

4. Set "Outgoing WSS" to "Signature", which represents the "Signature" WS-Security configuration created in the previous tutorial.

5. Click on "Submit request ..." icon in the icon bar on the request screen. The response message will be displayed.

6. Click on the "Raw" vertical tab. You should see "wsse:Security" SOAP header element added to the request message automatically with two sub elements: "wsse:BinarySecurityToken" and "ds:Signature":

<soapenv:Envelope xmlns:ser="..." xmlns:soapenv="..."
  xmlns:wsse="..." xmlns:wsu="..." xmlns:ds="...">
<soapenv:Header>
 <wsse:Security>

  <wsse:BinarySecurityToken 
   wsu:Id="X509-2F79CD0E07E6607321140352609015051" ...>
   ... X.509 certificate ...
   </wsse:BinarySecurityToken>

  <ds:Signature ...>
   <ds:SignedInfo>
    <ds:CanonicalizationMethod>...</ds:CanonicalizationMethod>
    ...
    <ds:Reference URI="#id-2F79CD0E07E6607321140352609015154">
    </ds:Reference>

   </ds:SignedInfo>

   <ds:SignatureValue>
   ... DSA-SHA1 Signature ...
   </ds:SignatureValue>
   
   <ds:KeyInfo ...>
    <wsse:SecurityTokenReference ...>
     <wsse:Reference URI="#X509-2F79CD0E07E6607321140352609015051"/>
    </wsse:SecurityTokenReference>

   </ds:KeyInfo>
  </ds:Signature>
 </wsse:Security>
</soapenv:Header>

<soapenv:Body wsu:Id="id-2F79CD0E07E6607321140352609015154">
 <ser:HelloRequest>Hello</ser:HelloRequest>
</soapenv:Body>
</soapenv:Envelope>

Note that the request message listed above has been simplified. See the next tutorial for the full request message. The "ds:Signature" element has 3 sub elements:

"ds:SignedInfo" sub element contains information on which part of the message the signature was done. It has a reference to 'wsu:Id="id-2F79CD0E07E6607321140352609015154"' pointing to the "soapenv:Body" element. This tells us that the "soapenv:Body" part of the request is signed.
"ds:SignatureValue" sub element contains the digital signature of the "soapenv:Body" part. The digital signature was generated with the DSA-SHA1 algorithm in 2 steps: generating the message digest from the selected message part using the SHA1 algorithm and generating the digital signature by encrypting the message digest with sender's private key using the DSA algorithm.
"ds:KeyInfo" sub element contains the information about sender's public key which is needed for anyone wants to validate the digital signature. In this example, the public key is provided as a reference to 'wsu:Id="X509-2F79CD0E07E6607321140352609015051"' pointing to the "wsse:BinarySecurityToken" element, which contains the actual public key in an X.509 certificate.

In this SOAP request example, the X.508 certificate passed in the "wsse:BinarySecurityToken" element can be used the SOAP message receiver for 2 purpose: authenticating the message sender and validating the digital signature.

Last update: 2014.

Table of Contents

About This Book

Introduction to Web Service

Introduction to SOAP (Simple Object Access Protocol)

SOAP Message Structure

SOAP Message Transmission and Processing

SOAP Data Model

SOAP Encoding

SOAP RPC Presentation

SOAP Properties Model

SOAP Message Exchange Patterns