Web Service Test: Sign SOAP request and Security configuration
[Scenario]
-The web service wsdl is ready and test cases can be executed successfully in SoapUI pro.
-For security certificate, in SoapUI, it supports .jks file.
-The goal is to convert the test from SoapUI to HP UFT API Test

Enviornment:
Windows 8.1 Enterprise
SoapUI Pro 5.1.2 and NG 1.4.1
UFT 12.02




There is no security at the transport level
wsse:UsernameToken is used in header
A timestamp is included in the SOAP headers to prevent replay attacks
The message is signed using XML DSIG (the public certificate is included as a BinaryToken). The
following element must be signed :
o NBFG custom soap header serviceContext
o All WS-Addressing soap headers
o Timestamp inside the wsse:Security element
o SAML Token using a STR-Transform (not handled by soapUI) or UsernameToken
o Body of the request
[Steps to configure the security section in SoapUI pro]
Choose WSS Config windows for the web service. Click “Keystores” tab and select the .jks
certificate file with password.
Click “Outgoing WS-Security Configurations” tab and create a security configuration name.
Choose “Timestamp”. You can give a reasonable time.
Choose “Username” item and set it as below. The wsse:UsernameToken is applied.
1.1. For the “Signature” item, choose the jks keystore file and information like, enter a key password,
select BinarySecurityToken as the key identifier type, select
http://www.w3.org/2000/09/xmldsig#rsa-sha1 as the signature algorithm, select
http://www.w3.org/2001/10/xml-exc-c14n# as the canonicalization algorithm, select
http://www.w3.org/2000/09/xmldsig#sha1 as the digest algorithm and check the use single
certificate box. And in “parts” section, there are 6 items and their specific namespace information
to be signed.
Choose the request that will be executed and choose “WS-A” (WS-Addressing) section and
enable it with the version: 200508. Check the “was:Aaction”with default value and check
Randomly generate MessageId box.
Now execute the test, which can fetch correct response data.
The request XML in soapUI doesn’t show the encrypted data, but you can find them in the
“Raw” section.
The Request XML (original and raw data) will be attached.
[Steps to reproduce problems]
Same wsdl and test want to convert to HP UFT API Testing.
-
I use “SoapUI to API test converter” from UFT 12.02 to generate test cases to UFT version. Open
one test case, which only contains one request.
I have the .p12 file (Converted from .jks) and also is applied to my windows 8 workstation as
windows store.
After conversion, only “serviceContext” and “Action” properties are converted.
I created one “MessageID” property and using beforeExecuteStepEvent to generate uuid
Set the “Security setting”
In “WS Addressing” section, there is no 200508 version supported as we required. Here I have tried
both “None” and “WSA 04/08”.
In WS-Security tab, create “UserName Token”, there is no “PasswordDigest” password type as
our request. I have tried both “Text” and “Hash”.
Create the “X509 certificate Token” and invoke the .p12 file. The reference type is:
“BinarySecurityToken”
Or directly the File. Both methods are tired.
Create and sign the 6 WSS entries (same as ‘parts’ in SoapUI) with MessageSignature. I tried
multiple ways.
1) Choose all Predefined parts and leave xPath empty
2) Change another algorithm
3) Appling wsa and xpath for ‘serviceContext” which is not predefined parts
4) Using xpath matching the body with special namespace
Execute the test. It failed to sign (encrypted) the request data.
Attaching both the request XML (before and after generating).
Also the wsdl file (btw, I think it’s soap 1.1, which doesn’t mean wsdl 2, right? Since UFT12.02
doesn’t support wsdl verion 2), soapUI test project xml and UFT test folder (including test result)
will be attached.