Does SOATest support Thumbprint SHA1?

rvmsengrvmseng Posts: 11
edited January 21 in SOAtest

I need to use thumbprint sha1 WS-Security for signing soap body? Does Soatest support it

Best Answer

Answers

  • rvmsengrvmseng Posts: 11

    Thanks for your reply, do you have any alternative solution (e.g. using scripting or extension tools)?

  • benken_parasoftbenken_parasoft Posts: 397 ✭✭✭

    Just about anything is possible using scripting, provided you are able to write the code you need. In this particular case, it is possible to chain an Extension tool to the outgoing Request output to transform the message, like how you would chain an XML Signer tool. So, instead of chaining an XML Signer you could chain an Extension tool that would invoke WSS4J APIs to sign the SOAP message your script receives as input and then return the signed version. I don't know if you care to attempt this. You would effectively be coding your own custom version of the XML Signer.

    If you want to attempt to code this, you would create an instance of org.apache.ws.security.message.WSSecSignature then invoke a bunch of methods on it. I don't have any code to share with you. However, in case this helps, WSS4J has some unit tests that can be helpful to get an understanding for how to user their API, such as SignatureTest.testX509SignatureThumb().

    Again, I don't know if you care to attempt this. I just want to highlight that you can do just about anything with scripting. Scripting always enables you to do something in SOAtest that is not otherwise available out-of-box.

  • rvmsengrvmseng Posts: 11

    Dear Benken_parasoft,

    I have been faced with below error,

    Error Message:
    Error during script execution. View Details for more information.

    org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory cannot be cast to
    javax.xml.crypto.dsig.XMLSignatureFactory

    Additional Details:
    org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory cannot be cast to
    javax.xml.crypto.dsig.XMLSignatureFactory

    java.lang.ClassCastException: org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory cannot be cast
    to javax.xml.crypto.dsig.XMLSignatureFactory

    at javax.xml.crypto.dsig.XMLSignatureFactory.findInstance(XMLSignatureFactory.java:202)
    
    at javax.xml.crypto.dsig.XMLSignatureFactory.getInstance(XMLSignatureFactory.java:186)
    
    at org.apache.ws.security.message.WSSecSignature.init(WSSecSignature.java:129)
    
    at org.apache.ws.security.message.WSSecSignature.<init>(WSSecSignature.java:115)
    
    at mp.auto.Utility.X509SignatureThumb(Utility.java:134)
    
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    
    at java.lang.reflect.Method.invoke(Unknown Source)
    
    at com.parasoft.scripting.java.JavaCode$JavaMethodRunnable.run(JavaCode.java:200)
    
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    
    at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
    
    at java.util.concurrent.FutureTask.run(Unknown Source)
    
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    
    at java.lang.Thread.run(Unknown Source) 
    
  • benken_parasoftbenken_parasoft Posts: 397 ✭✭✭

    That type of ClassCastException should not happen anymore in the next release. For now, you can remove the javax folder from the XMLSecurity.jar located under "{soatest_install}/eclipse/plugins\com.parasoft.xtest.libs.web_{ver}/root/lib-java-mod". For example, you could rename the jar to "XMLSecurity.zip", delete "javax" from zip file, then rename back to "XMLSecurity.jar" again. Don't forget to close SOAtest before modifying the jar.

Sign In or Register to comment.