0

I have a webservice for which i have configured the Wssp1.2-2007-Wss1.1-X509-Basic256.xml weblogic policy.

I have configured a timestamp , a signature with key identifier type as BinarySecurityToken . But i am not able to understand how to configure the soap ui for sp:RequireThumbprintReference/.

I tried specifying encryption with key identifier as ThumbPrint SHA1 identifer , but still not working .

m pasting the logs from the weblogic server ..

<soapenv:Envelope xmlns:cus="http://customerinfo.org.ascent.com/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://do
cs.oasis-open.org/wss/2`enter code here`004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">


<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200
401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-8E9E164BA738DA391D1424325487026195">MIICSzCCAbSgAwIBAgIEVOH2WzANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJJTjELMAkGA1UECBMCTUgxCzAJBgNVBAcTAlBOMRAwDgYDVQQKEwdHZW1hbHRvMQwwCgYDVQQLEwNTSEQxITAfBgNVBAMMGHdlYnNlcnZpY2VzZXNzaW9uX2
NsaWVudDAeFw0xNTAyMTYxMzUzMzFaFw0xNTA1MTcxMzUzMzFaMGoxCzAJBgNVBAYTAklOMQswCQYDVQQIEwJNSDELMAkGA1UEBxMCUE4xEDAOBgNVBAoTB0dlbWFsdG8xDDAKBgNVBAsTA1NIRDEhMB8GA1UEAwwYd2Vic2VydmljZXNlc3Npb25fY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC42vKAGMuWXwmc5s2cKKU/JSJ/5xUuz6pcv11q
n6oiWVuyIOr0j9+20mzqnxC4WA/hdudA1bOxXPALt71ITCsTMA+evHDnRS9cKCuWAtgkFiZ+sTtzN9rt2Ki10ptU3ubdY+3RsOl8DdoTM0QwpkElWGV9ejypGdSSvf6zH7H3BwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJkKIeSzranu1quuGj1ntP4K4YayHnkAEKaVCAwR4uuqEw+60GmzoNl0Fo24D8jZvEwHa0ZvQct6cozkwYpgYqvdj/4v7W7RjcZAhjpFaa
Jl1covLcb2yGiJ6Q4cGTuCiwjctWpD1HBjCDf53NgbKlqmF55SKngEGmiI51JaQtpE</wsse:BinarySecurityToken>


<ds:Signature Id="SIG-152" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="cus soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-151"><ds:Transforms><ds:Transform Algorithm="http://
www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="cus" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>qDpp2xQiu+9OLR0Uq9Ksy7u2eBc
=</ds:DigestValue></ds:Reference>
</ds:SignedInfo>

<ds:SignatureValue>iZ+ykpXm/z+HBgJpVcGuomQXUBefZ4adDodUNLJpKSOTRdhsXKfjnaNO65bTSkDZaVbWKl5NOad/
jym2b7oqT1ldOC+t5alEi5luuiegT9s8HlXMU9YP+yu4mPAN/CzlHnFW2rwo0FHAUxxrgqZHGfEc
2jfeDxYgsHpoM8VZRNk=</ds:SignatureValue>

<ds:KeyInfo Id="KI-8E9E164BA738DA391D1424325487026196">
<wsse:SecurityTokenReference wsu:Id="STR-8E9E164BA738DA391D1424325487026197">
<wsse:Reference URI="#X509-8E9E164BA738DA391D1424325487026195" ValueType="http://docs.oasis-open.o
rg/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

</wsse:SecurityTokenReference>
</ds:KeyInfo>


</ds:Signature>

<wsu:Timestamp wsu:Id="TS-150"><wsu:Created>2015-02-19T05:58:06.992Z</wsu:Created><wsu:Expires>2015-02-19T05:59:06.992Z</wsu:Expires>
</wsu:Timestamp>

<xenc:EncryptedKey Id="EK-8E9E164BA738DA391D1424325486991194" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">INRAkRgCa9YCbonrDxyWpeqG0qg=

</wsse:KeyIdentifier>

</wsse:SecurityTokenReference></ds:KeyInfo>

<xenc:CipherData><xenc:CipherValue>Q/gNIHO7QyIpWzW30cdpAWcev/fJvMGpZBblZCfA/xpeloGJ/xbcvLsXUjxe2t0CVkrppR/3wQ5RueFvnL3Nd4R7MZpdpMYG1xGiUemJsb5DuEQaWSc7V3qectjI0i5xBqkRmyuLkkT6ixBL52RQi8Oe0ai9lNuIcYAHecIAooc=</xenc:Cipher
Value></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-149"/></xenc:ReferenceList></xenc:EncryptedKey>

</wsse:Security>
</soapenv:Header>



<soapenv:Body wsu:Id="id-151" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1
.0.xsd">

<xenc:EncryptedData Id="ED-149" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss
/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#EK-8E9E164BA738DA391D1424325486991194"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>

<xenc:CipherData>

<xenc:CipherValue>+R8VzgZ1+q7w7Ne1Z308v4JXBOSos8q5Brq872k8gnZk4sUUVjRzceDfNBbmD5VmNOyqWLv94ZWqnFfs+rkOC3pPPQvp
oQYXrIkYvbIYYjMekj5dQLdqRTJYaRw7xa7SFeljOLN1y6dC42EkWg0kelS22HC2Fe+VlP8cwkcbtlhxDl8cShiQtG/EnovmWgWnnMCHhnvzhd0J7SUMv1V2XAEBp7CQ3VEZlom9ypDlXBQ=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>


</soapenv:Envelope>


<WSEE:12>Created<SoapMessageContext.<init>:48>
** E N D  I N P U T S T R E A M **



<WSEE:12>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@3d96a6<SoapMessageContext.setMessage:65>
<WSEE:12>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=false><SoapMsgHeaders.parse
Headers:202>
<WSEE:12>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@3d96a6<SoapMessageContext.setMessage:65>
<WSEE:12>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=false><SoapMsgHeaders.parse
Headers:202>
<WSEE:12>set Message called: com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl@3d96a6<SoapMessageContext.setMessage:65>
<WSEE:12>isCompatMSFT set to false<SecurityPolicyBlueprintPlotter.drawPolicyCompatibilityPreference:110>
<WSEE:12>policyNamespaceUri is http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702<SecurityPolicyBlueprintPlotter.drawPolicyCompatibilityPreference:111>
<WSEE:12>Inspecting message age ...<SecurityMessageInspector.checkMessage:167>
<WSEE:12> timestamp(maxAgesSecs=60) verified<SecurityMessageInspector.doMessageAge:755>
<WSEE:12>Inspecting message authentication identity ...<SecurityMessageInspector.checkMessage:175>
<WSEE:12>Identity is not required.<SecurityMessageInspector.inspectIdentity:803>
<WSEE:12>Inspecting signature ...<SecurityMessageInspector.checkMessage:268>
SignInfo mismatch  Refs: Msg size =1#id-151, Policy size =3 #TS-150, #id-151, #X509-8E9E164BA738DA391D1424325487026195,
STR type mismatch Actual KeyInfo:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Reference|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3,  StrTypes size=1 :{http://docs.oasis-open.org/wss/2004/01
/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier||http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1,
<WSEE:12>set Message called: weblogic.xml.saaj.SOAPMessageImpl@16d10b7<SoapMessageContext.setMessage:65>
<WSEE:12>set Message called: weblogic.xml.saaj.SOAPMessageImpl@16478c1<SoapMessageContext.setMessage:65>
<WSEE:12>WSEE[MONITORING[Invocation[DispatchTime=412121007][ExecutionTime=0][ResponseTime=412121007]]]<WseeBaseOperationRuntimeData.reportInvocation:185>
** S T A R T   R E S P O N S E  O U T P U T S T R E A M **

<?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurity</faultcode><faul
tstring>Error on verifying message against security policy Error code:3000</faultstring></env:Fault></env:Body></env:Envelope>
     ** E N D  R E S P O N S E  O U T P U T S T R E A M **
<WSEE:12>HTTP RESPONSE
  ContentType= text/xml;charset="utf-8"
  CharacterEncoding= utf-8
<ServletDebugUtil.printResponse:42>
<WSEE:12>*** JAXWS post finish ***<VerboseHttpProcessor.post:45>

StoreCleaner for weblogic.wsee.server.WsStorage@11192bd timer popped
<WSEE:12>Now checking persistent state objects<StoreCleaner$TimerListenerImpl.doClean:166>
StoreCleaner(weblogic.wsee.server.WsStorage@11192bd) - persistent store empty.

Could some one please guide how to make it work ....or else provide any reference to the documentation where i can understand particular things from any policy and can configure soap ui accordingly .

M struggling for this since 2 days , please help .

thanks a lot in advance ..

Yogesh Chavan
  • 37
  • 8

1 Answers1

0

finally i managed to set up the configuration for the policy Wssp1.2-2007-Wss1.1-X509-Basic256.xml in the soap ui 5.0.0 ..

for the sp:RequireThumbprintReference policy assertion .configure the signature with the key identifier as "Thumbprint SHA1 identifier" , which was not available in soap ui version 4.5.1 , but in 5.0.0 .

cheers !!

Yogesh Chavan
  • 37
  • 8