web service SOAP Header Encryption in wm8.2SP1

,
1

Hi All,

Am working on wm 8.2 sp1,I have the requirement that need to do webservice SOAP header level encription with our privatekey and partner public keys with time stamp , signature and encryption(EncryptionAlgorithm is AES 256 and key algorithm rsa15) for outbout security.

i have created below custom policy for outbout security and kept in <WM_installation>\IntegrationServer\config\policy folder and restarted IS to effect. in webservice consumer i have adder WS Secrity Handler added my custom policy name and effective policy name.

i have created flow service and invoking web service consumer connector by passing my keystoreAlias and key alias (auth/message/serverCerts/keyStoreAlias,auth/message/serverCerts/keyAlias).
i kept my partner public keys in pacakege config folder ,using getFile service loanding patner PublicKey as bytes and mapping to auth/message/partnerCert

requirement is BinarySecurityToken ValueType should be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3” and KeyInfo ValueType should be "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier”

while testing BinarySecurityToken ValueType coming as a ValueType=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1” and KeyInfo ValueType=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3

Please help me any one how to get expected BinarySecurityToken ValueType and KeyInfo ValueType.

if i change below xml Signature TokenReferenceType=“Direct” to TokenReferenceType=“SubjectKeyIdentifier” had no luck.

	<OutboundSecurity>

	

		<Timestamp

			TimeToLiveInSeconds="1200"

			IncludeMilliseconds="True"/>



		<Signature 

			TokenReferenceType="Direct" 

			IncludeCertPath="true"/>

		

		<Encryption

			TokenReferenceType="Direct"

		      	EncryptionAlgorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"

		      	KeyWrappingAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

		      	

	</OutboundSecurity>

	

</SecurityPolicy>
2

After below changes in policy file , now working fine as per requirement, now problem is there are Line Feed characters in Cipher values and another requirement is need to sing the timestamp, how can we achieve signing the timestamp.

OutboundSecurity>

                                            <Signature 
                                                            TokenReferenceType="Direct" 
                                                            IncludeCertPath="False" RequireSignedBody="True"/>

                                            <Encryption
                                                            TokenReferenceType=" SubjectKeyIdentifier "
                                                            EncryptionAlgorithm="aes256"
                                                            KeyWrappingAlgorithm="rsa15"/>
                            </OutboundSecurity>
3

Hi All,

with my previous policy file, got attached encrypted data.

Am looking for Timestamp singing in signature, please help me how to achive sign timestamp in singanture.

<?xml version="1.0"?>

SOAP-ENV:Envelope
<SOAP-ENV:Header >
wsse:Security
xenc:EncryptedKey/
<wsse:BinarySecurityToken />
<ds:Signature Id>
ds:SignedInfo
<ds:Reference xmlns=“” URI=“#Timestamp-1499472507”>
ds:Transforms
<ds:Transform xmlns=“” />
</ds:Transforms>
ds:DigestMethod"/
ds:DigestValuefhs9u1DnMri81vToIzHnfneWeLw=</ds:DigestValue>
</ds:Reference
</ds:SignedInfo>
</ds:Signature Id>

	<wsu:Timestamp wsu:Id="Timestamp-1499472507" />


</wsse:Security>
</SOAP-ENV:Header >

<SOAP-ENV:Body wsu:Id="id-1133288806">
</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

Thanks and Regards,
Anil Kumar Ellendula
1036082IBIDXService 2013-12-13_09-57-40-AM.xml (8.8 KB)