Hey all, I'm trying to use XML::Compile::WSS to create and sign SOAP requests. I've spent a lot of time go through the test examples and poking around in the perl debugger to try and get the right values everywhere, but it looks like I'm still doing something wrong and I'm really at a loss for what it could be.
I'm getting the error (full output following code below):
error: tag `wsu_Id' not processed at
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken
I'm able to communicate with the server using SoapUI and have attached it's
output to the email as well as the WSDL.
Any ideas?
#!/usr/bin/perl -w
use warnings;
use strict;
use Log::Report mode => 'DEBUG';
use XML::Compile::WSDL11;
use XML::Compile::SOAP11;
use XML::Compile::Transport::SOAPHTTP;
use XML::Compile::SOAP::WSS;
use XML::Compile::WSS::Util qw/:dsig :utp11 :xtp10 :wsm10/;
use XML::Compile::C14N::Util qw/:c14n/;
use XML::Compile::WSS::SecToken::X509v3;
use XML::Compile::WSS::KeyInfo;
use XML::Compile::WSS::SignedInfo;
use XML::Compile::WSS::BasicAuth;
use Crypt::OpenSSL::X509;
use Crypt::OpenSSL::RSA;
use File::Slurp qw(read_file);
use Data::Dumper;
$Data::Dumper::Indent = 1;
$Data::Dumper::Quotekeys = 0;
# Local Public Key
my $lcertfn = '/home/talbert/keytool_crt.pem';
my $lcert = Crypt::OpenSSL::X509->new_from_file($lcertfn);
my $ltoken = XML::Compile::WSS::SecToken::X509v3->new
( id => 'x509cert00',
certificate => $lcert
);
# Remote Public Key
my $rcertfn = '/home/talbert/servicenow.pem';
my $rcert = Crypt::OpenSSL::X509->new_from_file($rcertfn);
my $rtoken = XML::Compile::WSS::SecToken::X509v3->new
( id => 'whatever', #do I need this?
certificate => $lcert
);
# Remote Private Key
my $pcertfn = '/home/talbert/nocryptout.pem';
my $key_text = read_file( $pcertfn );
my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($key_text);
$rsa_key->use_pkcs1_padding();
my $wsdlfn = '/home/talbert/HIPPOIPApp.wsdl';
my $user = 'hippo';
my $password = 'appnootmies';
my %stuff = ( remoteuser => "talbert",
hostname => "lukto",
resperson => "jo mama",
physphone => "303 735 4709"
);
# strict order of instantiation!
my $wss = XML::Compile::SOAP::WSS->new; # hooks WSDL parser
my $wsdl = XML::Compile::WSDL11->new($wsdlfn);
my $auth = $wss->basicAuth # add Security record
( username => $user
, password => $password
);
my $ki = XML::Compile::WSS::KeyInfo->new
(
keyinfo => 'KI-1', #does this matter?
publish_token => 'INCLUDE_BY_REF',
#publish_token => 'SECTOKREF_URI', #is there a difference?
sectokref_id => 'STR-2', #does this matter?
keyid_value => XTP10_X509v3,
keyid_encoding => WSM10_BASE64,
keyident_id => 'KIDENT-1', #does this matter?
sectokref_uri => '#x509cert00'
);
my $si = XML::Compile::WSS::SignedInfo->new
(
#c14n => $c14n, #do I need to create my own c14n object?
canon_method => C14N_EXC_NO_COMM,
digest_method => DSIG_SHA1,
#prefix_list => qw/tns SOAP-ENV',
prefix_list => 'tns SOAP-ENV', #is this the right format?
wss => $wss
);
my $sig = $wss->signature
(
key_info => $ki,
prepare => 'WRITER',
#remote_token => $rtoken,
schema => $wsdl,
signed_info => $si,
signer =>
{
#put remote_token here?
#remote_token => $rtoken,
sign_method => DSIG_RSA_SHA1,
private_key => $rsa_key
},
sign_types => 'SOAP-ENV:Body',
#signed_type (aka Parts) empty in SoapUI
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
sign_put => 'wsse:SecurityHeaderType', #what to put here?
sign_when => 'SOAP-ENV:Envelope', #what to put here?
#BinarySecurityToken
token => $ltoken
);
# Will include all defined security features
my $call = $wsdl->compileClient('execute');
my ($answer, $trace) = $call->(%stuff);
#$wsdl->compileCalls; #is this the correct way to call?
#my $answer = $wsdl->call('execute', wsse_Security => $auth, %stuff); #but data
here?
# same, because "all" defined is default, $auth is in 'all'
# my $answer = $wsdl->call($operation, %stuff);
# $wsdl->compileCalls;
# my $answer = $wsdl->call('execute', wsse_Security => $auth, %stuff);
print $answer;
print Dumper $answer;
code output
HIPPOIPApp.wsdl
Description: HIPPOIPApp.wsdl
<?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:hip="http://www.service-now.com/HIPPOIPApp";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-13E5CD4E08C19A0CDB140084268619220"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="hip soapenv" /> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#id-13E5CD4E08C19A0CDB140084268619219"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="hip" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>vf4N2U37VAOmrNv0UbwGhDcbFV4=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>gHCIBfTUao3X8He4GYXXA1wYWL8vNFqHoV5Y/FQ9EjWIhTI0ZkOXInvz/SHb3GZpbIBnDTOckovf ZcKnxXfYkkMNsvLPjRGIj+eml4fkCiTMIouv+ICV+E9Z4I/VO+aOEtgw/aSgBkMIYq7ZBlthJ0Sz 7d2ed8PoEjhmp+ozjX8Q9Txhofs8heaP13YZn9V9ABALMatZgTBBNfpGaIfZkkiKxEd2wg2IPY1F dAYBu6nsIhnTQaZ8eD1G1OadqQqAo2RxS+7L5/I3NYmFNlubWNLaxGI287sMylrJFBPkYxUp/VqL JdltPZhLekZJMGeoRJ8KlXZv6B9wTQ5afUJ8xg==</ds:SignatureValue> <ds:KeyInfo Id="KI-13E5CD4E08C19A0CDB140084268619217"> <wsse:SecurityTokenReference wsu:Id="STR-13E5CD4E08C19A0CDB140084268619218"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIIDqTCCApGgAwIBAgIEIbZLgDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCQ08xETAPBgNVBAgTCENvbG9yYWRvMRAwDgYDVQQHEwdCb3VsZGVyMSowKAYDVQQKEyFVbml2ZXJzaXR5IG9mIENvbG9yYWRvIGF0IEJvdWxkZXIxDDAKBgNVBAsTA09JVDEWMBQGA1UEAxMNQ3JhaWcgVGFsYmVydDAeFw0xNDA1MDkxODU4MjFaFw0xNTA1MDQxODU4MjFaMIGEMQswCQYDVQQGEwJDTzERMA8GA1UECBMIQ29sb3JhZG8xEDAOBgNVBAcTB0JvdWxkZXIxKjAoBgNVBAoTIVVuaXZlcnNpdHkgb2YgQ29sb3JhZG8gYXQgQm91bGRlcjEMMAoGA1UECxMDT0lUMRYwFAYDVQQDEw1DcmFpZyBUYWxiZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEaxraDMRlvRxBDS8q9sl2hQQ+3M65ZRKKZFHP1YhXMCo7uiRz2A8AFmQ781LIctZyqy867Uvzz0uGAg5QqcHwrnyi7xwiwKN7B8gjPEQe99a9ZKCh6gW7IX2SMqB0tHqR3DIw2ki0acBqTouq6YhjkWhAWQurfFRqyNQYEl8liKz5H1pPcNta9R3CCnN5GyGfzbGHrFKVprGEbXvrO0YCiTg5bd/BUOI9YPSU0s5o6TOi4uq/skm6ddFFPGy/KJGQKKQd7aSAn92K4MlK82hFXD7rZrphgKCRK/2sFUT3V5fEyGTJbDOtfSgiEPQ9Hyu6DMiR7yR1XnAo0hoomfIQIDAQABoyEwHzAdBgNVHQ4EFgQUi/Kp1jMy8Whf+eNRt6oyUHvaLB4wDQYJKoZIhvcNAQELBQADggEBAB2ErxfkjV+bOJ4ByJLIuuIe+XbDsmjEMxsC62WL5kpgylUcJUIWoBbOGfFdcg9CSzYX2qVe4Ogl7NpGWSDvg65l2idYJSw6GaXIhvk2mIOCAhuZTDl+AywW7M9AYVIaRwRIeUoDSHyLGd4RWpBNiKWya/kdVUsvU/XaVvXaXEgFuV0PfHm/oWHWrNdIJblFIaTpIys7KKRhA14uRmQRaSQi8iXDAahfOApU65X+UChJOJObLRdOohb8jFuhi/HmlmIHiUhFo56fM6LhhMNgO2jYVVg9p/j4fYAaAAFLou96YeeHitUmMjZjtBuqKJ47uO0TnvJJK0wpSePKWLc1l7g=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-13E5CD4E08C19A0CDB140084268619219"> <hip:execute> <!--Optional:--> <hip:remoteuser>talbert</hip:remoteuser> <!--Optional:--> <hip:hostname>lukto</hip:hostname> <!--Optional:--> <hip:resperson>Craig Talbert</hip:resperson> <!--Optional:--> <hip:physphone>303 735 4709</hip:physphone> <!--Optional:--> <hip:osversion>Ubuntu 12.04</hip:osversion> <!--Optional:--> <hip:roomnumber>118</hip:roomnumber> <!--Optional:--> <hip:ether1>00:01:12:13:14:15</hip:ether1> <!--Optional:--> <hip:inetaddr1>128.128.128.128</hip:inetaddr1> <!--Optional:--> <hip:deptaffil>OIT-Administration</hip:deptaffil> <!--Optional:--> <hip:model>System76</hip:model> <!--Optional:--> <hip:building>COMP</hip:building> <!--Optional:--> <hip:bjack>Wesley Willis</hip:bjack> <!--Optional:--> <hip:comments>Eat me</hip:comments> <!--Optional:--> <hip:email>[email protected]</hip:email> </hip:execute> </soapenv:Body> </soapenv:Envelope>
_______________________________________________ Xml-compile mailing list [email protected] http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile
