I want to validate the digital signature security in web service
Hi Ebin Thomas,
For a WS-Security enabled Web service that returns a digital signature in the response, it is almost always likely that the request side requires a digital signature as well. So my first advice is to find out the requirements for consuming the Web service.
To sign a request and/or validate a response signature using the Web service Execution (XML) step
1. Enable "PRO" mode in the step if it hasn't already been enabled (you should see a "Security" tab if it's enabled), by clicking the PRO icon in the upper right corner
2. In the Security tab you can add a signature token under "Send" or validate a security token under "Receive"
3. You are most likely going to need a private and public key (certificates) to sign and verify signatures, respectively. These certificates need to be added to a Java keystore (JKS) so that you can setup the digital signature in the request
and the verification of the signature in the response
Your question includes very small quantities of information. So it is very hard to say that the information which I can prepare is suitable or not.
But did you check the manual for the DevTest? (https://docops.ca.com/devtest-solutions/10-1/en)You can see the digital signature related(especially SSL related) parts in this manual.
Additionally, if you want to check the SSL and web service related information then please check the. HTTP/HTML Request step. Web Service Execution (XML) step
Thank you very much for your reply. My objective is to create a digital signature test case using Web Service Execution(XML) Step. Can I add xml request message in Web Service Execution(XML) step if yes in which tab can I add the xml?
Does the following link help?
I went through the document. When I created a test case I not getting a response for my request. My request contain an EndPoint, soap message. I have not added any other field in my request.
I think it is better to follow the "Tutorial 8 - Test a Web Service" in the manual.Could you please follow this tutorial? To follow this tutorial you need to install demo server in your DevTest Workstation machine.Additionally, you need to finish "Tutorial 5 - Run a Demo Server Web Application" before doing the Tutotial 8.
Thanks Yusuke Tsuji
Thank you very much William Truong. When I followed the steps I am getting an error which saying "Unexpected number of X509Data: for Signature".
Where are you seeing this exception? Is it an exception from DevTest itself? Or is it an exception from the Web service that you are testing? And is this for sending a signed request to the Web service or are you trying to validate a digitally signed response? A screenshot of the result and how you setup your test case will be helpful.
That said, my recommendation is to first get a successful response from the Web service by sending a valid request. Upon getting past this you can start to setup a verify/assertion mechanism for validating the digitally signed response.
Keep in mind that you need to select the right drop down menu items from the Key Id Type, Algorithm, and Digest Algorithm for both sending a signed request as well as verifying a signed response. Having one of the values off will generate or verify an invalid signature. So I want to stress the importance of finding out the prerequisites for consuming the Web service, such as having the Java Keystore, and the XML Signature algorithm etc.
You can familiarize yourself with a sample WS Security enabled Web service shipped with our Examples project and DemoServer. You can find the Examples project in DevTest home install folder. And the test case is called ws_security-xml.tst, but remember to start up the DemoServer prior to running the test case.
There should also be documentation on running the demoserver and running the test case in the tutorials provided by the other users in this thread.
Thank you very much for your reply.
I am getting an exception from DevTest itself and this is for sending a signed request to the Web service. I am getting a response in the SOAP UI for the same web service but when I tried add a signature in DevTest ,I am getting an error.
If you have a successful request in soapUI, try to compare the requests generated by soapUI and DevTest to see where the discrepancies are. If you are able to share your soapUI and DevTest projects then that will be helpful so we can see how the requests are configured in each of the tools. If you're not able to share it here in communities then I would suggest you open up a support ticket.
Retrieving data ...