Archived Forum Post

Index of archived forum posts

Question:

Using SOAP Web Service with encrypted message bodies

Apr 24 '17 at 12:44

Can someone help me understand how can I achieve the following? 1. Perform a secured mutual authentication connection with the interface server. 2. Encrypt the SOAP body for all web service requests, using the server public certificate received during mutual authentication. 3. Sign all SOAP requests using the client private certificate, before sending the request via this interface. 4. Decrypt the SOAP body for all web service responses (that are received in this interface) using the client private certificate. 5. Verify the signatures on all received web service responses using the server public certificate before decrypting the SOAP body.

So far I have the following: 1. Use Chilkat_9_5_0.Http and SetSslClientCertPfx to set the certificate for mutual TLS. 2. Use Chilkat_9_5_0.Rsa, Chilkat_9_5_0.Crypt2, Chilkat_9_5_0.PublicKey, Chilkat_9_5_0.PrivateKey to encrypt an XML file. 3. This is where I'm having issue, how do POST using the file created with AES encrypt (CkEncryptFile)


Answer

This link shows an example of an encrypted SOAP message. It may help you understand what the service is looking for.

http://www.ibm.com/support/knowledgecenter/SSGMCP_5.3.0/com.ibm.cics.ts.webservices.doc/wsSecurity/dfhws_soapmsg_encrypted.html


Answer

Thanks for the link. Interesting stuff indeed. I didn't even think that you can inject the encrypted message inside the XML itself.


Answer

To follow up on this one to fully understand how to things should work: If I have a simple XML like so:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tns="http://interop.manitoba-ehealth.ca/health_hub/public/LabResultService"> <soapenv:Header/> <soapenv:Body> <tns:GetResultRequest> <ClientID>TESTH1</ClientID> <NumberOfMessages>10</NumberOfMessages> <TransactionID>0123456789</TransactionID> </tns:GetResultRequest> </soapenv:Body> </soapenv:Envelope>

Do I have to re-create the XML with all the corresponding tags similar to the link you have given below: https://www.ibm.com/support/knowledgecenter/SSGMCP_5.3.0/com.ibm.cics.ts.webservices.doc/wsSecurity/dfhws_soapmsg_encrypted.html


Answer

If memory serves me, what is inside the <soapenv:body> tag is unique to each service you connect to. Information in the <soapenv:header> tag may be similar, not the same.


Answer

Hi Tracy, you seem to have an experience doing this specifically on VFP. Anyway I can PM you some details with what I have for this issue. I'm actually looking for a dev that can write this specific piece. Let me know if you are interested.