on 11-21-2016 3:16 PM
Hello Experts,
We are using PI 7.11 and got a new requirement PROXY <--> SOAP. As we need to send the data to government website they provided the details to be in the header which are to be encrypted using key symmetric and Base 64 encoded result. Please find below example Header structure :
<S:Header>
<wss:Security xmlns:wss="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wss:UsernameToken>
<wss:Username>599999993/37</wss:Username>
<wss:Password>ikCyRV+SWfvZ5c6Q0bhrBQ==</wss:Password>
<wss:Nonce>
fkAHne7cqurxpImCfBC8EEc2vskyUyNofWi0ptIijYg4gYCxir++unzfPVPpusloEtmLkcZjf+E6T9/76tsCqdupUkxOhWtkRH5IrNwmfEW1ZGFQgYTF21iyKBRzMdsJMhhHrofYYV/YhSPdT4dlgG0tk9Z736jFuw061mP2TNqHcR/mQR0yW/AEOC6RPumqO8OAfc9/b4KFBSfbpY9HRzbD8bKiTo20n0PtamZevCSVHht4yt/Xwgd+KV70WFzyesGVMOgFRTWZyXyXBVaBrkJS8b6PojxADLcpWRnw5+YeOs3cPU2o1H/YgAam1QuEHioCT2YTdRt+9p6ARNElFg==
</wss:Nonce>
<wss:Created>>YEWoIoqIY5DOD11SeXz+0i4b/AJg1/RgNcOHOYpSxGk</wss:Created>
</wss:UsernameToken>
</wss:Security>
</S:Header>
Request you to provide your suggestion for this.
Thanks
Ravi.
Hi Ravi,
You have two options:
1. use an Axis adapter which supports WS Security,
2. use a SOAP adapter and check 'Do Not Use SOAP Envelope' option in you communication channel. But in this case you have to create SOAP envelope with a security header by yourself (in java mapping for example).
Best regards,
Andrzej
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
How about AddSoapHeaderBean
Hi,
It seems it could be an another option, but it depends on which type of password we have to use ('PasswordText' or 'PasswordDigest'). In case of 'PasswordText' type - your idea could work. In case of 'PasswordDigest' type - we would also need some piece of code which would calculate the password digest for us.
In the example above I can see 'Nonce' and 'Created' values so I guess we have PasswodDigest here.
Best regards,
Andrzej Filusz
Hello Andrzej Filusz,
Does the fields should be encrypted with RSA algorithm mentioned as below:
Nonce: KS: = byte array with the symmetric key 128 bits produced according to the standard AES. CRSA, KpubSA: = symmetric key encryption function with the RSA algorithm using the public key of Authentication system (KpubSA). Base64: = Encoding Base 64 of the result.
Created: AES ECB PKCS Padding Ks C = Cipher Function using the AES algorithm, Model ECB, PKCS5Padding and the symmetric key request (KS). Base64: Base64 encoding = result.
Password:
This password must be encrypted using the key Symmetrical application (see Nonce field) and encoded Base64.: 64 (()), 5 Password Base C SenhaPF AES ECB PKCS Padding Ks
SenhaPF: = User Password set in the field
Please let me know. These also should be converted to Base64 after encryption.
Thanks
Ravi
Hi Ravi,
I don't know which algorithm you should use (in your first message you wrote that you have to use a symmetric algorithm, and then you wrote about RSA, but this is an asymmetric algorithm). Well, you must read the documentation from your Web Service provider and do exactly what is written there (I assume that the above specification comes from that documentation). That's what I did when I had to connect to WS using the WS-Security. I'm sorry that I can't be more helpful.
Best regards,
Andrzej
Hi Andrzej,
Yes, the three fields Nonce, Created and Password are extracted as it is from document provided by Web service provider. Saying that NONCE should be a 128 bit symmetric key generated and that should be encrypted using RSA algorithm. And rest of the fields CREATED and PASSWORD should be encrypted using RSA. And after encryption all should be converted to BASE64.
Please suggest.
Thanks
Ravi.
Hi Ravi,
In general, as I wrote, to implement WS-Security you can use an axis adapter or write everything by yourself in your java mapping. Please check the following note: 1039369 (FAQ XI Axis Adapter) if you need more information about an axis adapter. But which approach is better in your case? Well, it depends on your requirements. I'm afraid that an axis adapter doesn't support all your requirements and you will have to write your own handler(s) to support them. I had a similar case and when I realized that an axis adapter can't meet all my requirements then I decided to implement a java mapping. Note that Base64 encoding is not a problem - you can use an external libraries like Apache Commons or a standard classes from JDK (since java 6). I'm not sure if a RSA algorithm is available in standard JDK or PI libraries. If not - you will have to use an external library.
Best regards,
Andrzej
Hello All,
Due to PI 7.11 version, we are unable to use JAVA code due to lower version issues which leads to failing importing of respective classes. Can you please provide an XSLT for achieving the same. Awaiting your response.
Ravi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ravi!
And what are the problems with importing the needed classes?
The point is that you should understand that XSLT won't encrypt the data in WSS header by itself. If any additional java libraries are used for that - you would have to implement required java methods using custom class and use that class in your XSL transformation.
Regards, Evgeniy.
User | Count |
---|---|
85 | |
10 | |
9 | |
9 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.