source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/SOAP content.txt @ 4130

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/wssecurity/SOAP content.txt@5053
Revision 4130, 10.2 KB checked in by cbyrom, 12 years ago (diff)

Add doc on what the expected SOAP message content should be for the
wsSecurity tests.

Line 
1A typical SOAP message is as follows:
2
3<SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ZSI="http://www.zolera.com/schemas/ZSI/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Security SOAP-ENV:mustUnderstand="1"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="binaryToken" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRHMQ0wCwYDVQQL
4EwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0MVoXDTA4MTIxNzExNDI0MVow
5TDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3QxHTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0
6ZXN0MQ8wDQYDVQQDEwZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf
75GAGGJEY38Vukj0UNfb/Q78yCucsJ0aQLKb+ItHvURqU2X/WEmiNLa90VQ4BBFoYiuFYtAyqxubn
8p1m1XM97iJrUwo85Cw7/FKvM0gRkLbvbPrYDVcy7EHvjrB9O2mhEFoz6svqdtdmasmOG1JEagdmf
9JrQLuiG5hrsPxCA/8ucLxH4FnmcMh5kRo0MwlXlva582RzWRWKgO2vDOmtvitXt9HJwdCZbPmPyx
10s6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXESRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+x
11fgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqNAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkq
12hkiG9w0BAQQFAAOBgQDBKxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ7
138cO3pJS190GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXmePNLR
14B2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==
15</wsse:BinarySecurityToken><wsu:Timestamp wsu:Id="timestamp"><wsu:Created>2008-07-17T10:50:27.907837Z</wsu:Created><wsu:Expires>2008-07-17T10:55:27.907837Z</wsu:Expires></wsu:Timestamp><ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#binaryToken"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>3cTLHmLl7SWPuGIk55D0QXJVSQE=</ds:DigestValue></ds:Reference><ds:Reference URI="#timestamp"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>buiHmynkxL5T3c3ySxR4U3G6v8Y=</ds:DigestValue></ds:Reference><ds:Reference URI="#body"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>oyxxnXryBlWE/kf+VTUgtyazD1o=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>jDJHMgxTaKf/Pd0LsokCwkDII52p3tYEaCDDaxja783W986QPyAcRL/CHUBlG61kUHFL+x/hCBQE
166TbX9+ix3ky02cgtsGRt1hYADO4hAsRItbeEbKhNMnS8kno2t3U/z3P8YONYBu76O4CuixsLvUMk
17TYwQvws1+e7JVvZ+J65CxQZp1nuHjbtAlbCk4DmI/jUCgeUvTKqWbfYGv7ZHZ4LgSmDNh/3Wopms
18pNOaInWTPLDwPYNDaHoWFtomawEnhLCiJV9jOF1wrGlfdVESM8uX+xKDpZhD+hHL3ss9sOv4KBnt
19rwlKILlQUmJwMk7Zk9RzXqsCDrdBndW10wGO9Q==</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#binaryToken"></wsse:Reference></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body xmlns:ns1="urn:ndg:security:test:wssecurity" wsu:Id="body" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ns1:Echo><ns1:EchoIn>Hello from client</ns1:EchoIn></ns1:Echo></SOAP-ENV:Body></SOAP-ENV:Envelope>
20
21
22This tidies into:
23
24<SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ZSI="http://www.zolera.com/schemas/ZSI/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
25        <SOAP-ENV:Header xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
26                <wsse:Security SOAP-ENV:mustUnderstand="1">
27                        <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="binaryToken" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509">
28                                MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRHMQ0wCwYDVQQL
29EwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA3MTIxODExNDI0MVoXDTA4MTIxNzExNDI0MVow
30TDEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3QxHTAbBgNVBAsTFFdTLVNlY3VyaXR5IFVuaXR0
31ZXN0MQ8wDQYDVQQDEwZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY7CFf
325GAGGJEY38Vukj0UNfb/Q78yCucsJ0aQLKb+ItHvURqU2X/WEmiNLa90VQ4BBFoYiuFYtAyqxubn
33p1m1XM97iJrUwo85Cw7/FKvM0gRkLbvbPrYDVcy7EHvjrB9O2mhEFoz6svqdtdmasmOG1JEagdmf
34JrQLuiG5hrsPxCA/8ucLxH4FnmcMh5kRo0MwlXlva582RzWRWKgO2vDOmtvitXt9HJwdCZbPmPyx
35s6STvFHMZru1mY5dj1YWT8PBT5Svmpo/EEiL+TZctcXESRRSVxu99yRBJ0f9Nd8IPxtuyyIVX4+x
36fgOLrNoVQuIV5vKTCZh5RrWjpbk/0eqNAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIE8DANBgkq
37hkiG9w0BAQQFAAOBgQDBKxEOw/4+8ofuSOXxKZwfo9jr+TrUr3XHtDngsoNe7nF8/Chz++RifpZ7
388cO3pJS190GkMmoWS4xgNgzBeWJRqnn6Hoygglgoxs/am3nrOvO/4kqOwvNVP7nGDlXqqXmePNLR
39B2yBkC+pVLpKfjzwfIbF4LNxpUiod+ODtkhteA==
40                        </wsse:BinarySecurityToken>
41                        <wsu:Timestamp wsu:Id="timestamp">
42                                <wsu:Created>2008-07-17T10:50:27.907837Z</wsu:Created>
43                                <wsu:Expires>2008-07-17T10:55:27.907837Z</wsu:Expires>
44                        </wsu:Timestamp>
45                        <ds:Signature>
46                                <ds:SignedInfo>
47                                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
48                                        </ds:CanonicalizationMethod>
49                                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">
50                                        </ds:SignatureMethod>
51                                        <ds:Reference URI="#binaryToken">
52                                                <ds:Transforms>
53                                                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
54                                                </ds:Transforms>
55                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
56                                                <ds:DigestValue>3cTLHmLl7SWPuGIk55D0QXJVSQE=</ds:DigestValue>
57                                        </ds:Reference>
58                                        <ds:Reference URI="#timestamp">
59                                                <ds:Transforms>
60                                                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
61                                                </ds:Transforms>
62                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
63                                                <ds:DigestValue>buiHmynkxL5T3c3ySxR4U3G6v8Y=</ds:DigestValue>
64                                        </ds:Reference>
65                                        <ds:Reference URI="#body">
66                                                <ds:Transforms>
67                                                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
68                                                </ds:Transforms>
69                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
70                                                <ds:DigestValue>oyxxnXryBlWE/kf+VTUgtyazD1o=</ds:DigestValue>
71                                        </ds:Reference>
72                                </ds:SignedInfo>
73                                <ds:SignatureValue>
74                                        jDJHMgxTaKf/Pd0LsokCwkDII52p3tYEaCDDaxja783W986QPyAcRL/CHUBlG61kUHFL+x/hCBQE
756TbX9+ix3ky02cgtsGRt1hYADO4hAsRItbeEbKhNMnS8kno2t3U/z3P8YONYBu76O4CuixsLvUMk
76TYwQvws1+e7JVvZ+J65CxQZp1nuHjbtAlbCk4DmI/jUCgeUvTKqWbfYGv7ZHZ4LgSmDNh/3Wopms
77pNOaInWTPLDwPYNDaHoWFtomawEnhLCiJV9jOF1wrGlfdVESM8uX+xKDpZhD+hHL3ss9sOv4KBnt
78rwlKILlQUmJwMk7Zk9RzXqsCDrdBndW10wGO9Q==
79                                </ds:SignatureValue>
80                                <ds:KeyInfo>
81                                        <wsse:SecurityTokenReference>
82                                                <wsse:Reference URI="#binaryToken"></wsse:Reference>
83                                        </wsse:SecurityTokenReference>
84                                </ds:KeyInfo>
85                        </ds:Signature>
86                </wsse:Security>
87        </SOAP-ENV:Header>
88        <SOAP-ENV:Body xmlns:ns1="urn:ndg:security:test:wssecurity" wsu:Id="body" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
89        <ns1:Echo>
90                <ns1:EchoIn>Hello from client</ns1:EchoIn>
91        </ns1:Echo>
92        </SOAP-ENV:Body>
93</SOAP-ENV:Envelope>
94
95- which is simplified (removing namespaces + security content) to:
96
97<SOAP-ENV:Envelope>
98        <SOAP-ENV:Header>
99                <wsse:Security SOAP-ENV:mustUnderstand="1">
100                        <wsse:BinarySecurityToken EncodingType="http://...#Base64Binary" wsu:Id="binaryToken" ValueType="http://...#X509">
101                                MIICizCCAfSgAwIBAgICAPMwDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRHMQ0wCwYDVQQL
102                                ...
103                        </wsse:BinarySecurityToken>
104                        <wsu:Timestamp wsu:Id="timestamp">
105                                <wsu:Created>2008-07-17T10:50:27.907837Z</wsu:Created>
106                                <wsu:Expires>2008-07-17T10:55:27.907837Z</wsu:Expires>
107                        </wsu:Timestamp>
108                        <ds:Signature>
109                                <ds:SignedInfo>
110                                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
111                                        </ds:CanonicalizationMethod>
112                                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">
113                                        </ds:SignatureMethod>
114                                        <ds:Reference URI="#binaryToken">
115                                                <ds:Transforms>
116                                                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
117                                                </ds:Transforms>
118                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
119                                                <ds:DigestValue>3cTLHmLl7SWPuGIk55D0QXJVSQE=</ds:DigestValue>
120                                        </ds:Reference>
121                                        ... repeat for #timestamp + #body
122                                </ds:SignedInfo>
123                                <ds:SignatureValue>
124                                        jDJHMgxTaKf/Pd0LsokCwkDII52p3tYEaCDDaxja783W986QPyAcRL/CHUBlG61kUHFL+x/hCBQE
125                                        ....
126                                </ds:SignatureValue>
127                                <ds:KeyInfo>
128                                        <wsse:SecurityTokenReference>
129                                                <wsse:Reference URI="#binaryToken"></wsse:Reference>
130                                        </wsse:SecurityTokenReference>
131                                </ds:KeyInfo>
132                        </ds:Signature>
133                </wsse:Security>
134        </SOAP-ENV:Header>
135        <SOAP-ENV:Body wsu:Id="body" >
136                <ns1:Echo>
137                        <ns1:EchoIn>Hello from client</ns1:EchoIn>
138                </ns1:Echo>
139        </SOAP-ENV:Body>
140</SOAP-ENV:Envelope>
141
142- NB, essentially there are three signed info parts (binaryToken, timestamp + body) - which canonicalise the data in the referenced SOAP section and produce a digest
143+ there is a binaryToken which is used as the security token for the message (unsure how this is produced).
Note: See TracBrowser for help on using the repository browser.