[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] SOAP header wsse: and wsu:



Hi Rob,

This is what I sent to another guy a few days ago:

<quote>
a) Develop a procedure that creates the WSSE header. Parameters passed:
passwordType and saltType. Return value: String with WSSE header encoded
in job CCSID. Actually that procedure should go into the WSDL2RPG
runtime service program (WSDL2RPGRT) and call getLoginDataImpl() to get
the login credentials.

b) Change the generated stub to call the new createWssHeader() procedure
and add the header returned to the SOAP request:

   // Namespaces
   g_requestBuffer =
   ' xmlns:tns="http://www.ripedev.com/";' +
   '>';
   OutputStream_appendBuffer(
   hOutStream: %addr(g_requestBuffer)+2: %len(g_requestBuffer));

   // Add WSSE header
   g_requestBuffer =
      createWsseHeader(WSDL2RPG_WSSE_PWD_TYPE_DIGEST
                       : WSDL2RPG_WSSE_SLAT_TYPE_NONE);

   OutputStream_appendBuffer(
   hOutStream: %addr(g_requestBuffer)+2: %len(g_requestBuffer));

   // SOAP header

   // Message body
   g_requestBuffer =
   '<soapenv:Body>' +
   '';

It is not a big deal to convert the password to UTF-8 before creating a
SHA-1 hash as described on
http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html.

I do not know where you copied your information from, that reference a
MD5 hash. However calculating an MD5 hash is also not a big thing.

The "nonce" could be a UUID which is also easy to produce.
</quote>

Optionally WSDL2RPG_WSSE_PWD_TYPE_DIGEST and
WSDL2RPG_WSSE_SLAT_TYPE_NONE could be integer fields which could be
logical or'ed and passed as an "option" parameter. This way it was
easier to add additional option such as
"WSDL2RPG_WSSE_MUST_UNDERSTAND_YES" or similar things.

There are already procedure like f_genUUID(), f_genMd5() and
f_genSHA1(). UTF-8 conversion is done with Transcoder_new(),
Transcoder_xlateString() and Transcoder_delete(). Last but not least
base64_encode() encodes a buffer to Base64. So actually everything
should be there.

Are you willing to develop that procedure or share your code with me and
eventually test WSDL2RPG? I do not have a server that uses the WSSE header.

Thomas.

Am 10.07.2018 um 13:48 schrieb Rob van Bezouwen - DSV:
> Hi Scott,
> 
>  
> 
> https://wsbexpress.dhl.com/sndpt/DocumentRendering?wsdl
> 
>  
> 
> Where and how can I implement the soapenv:Header part for wsse: and wsu: ?
> 
>  
> 
> <soapenv:Envelopexmlns:dhl=*"_http://www.dhl.com_"*xmlns:soapenv=*"_http://schemas.xmlsoap.org/soap/envelope/_"*xmlns:trac=*"_http://scxgxtt.phx-dc.dhl.com/glDHLExpressTrack/providers/services/trackShipment_"*>**
> 
> *   *<soapenv:Header>**
> 
> *     
> *<wsse:Securitysoapenv:mustUnderstand=*"**1"*xmlns:wsse=*"_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd_"*xmlns:wsu=*"_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd_"*>**
> 
> *     
> *<wsse:UsernameTokenwsu:Id=*"**UsernameToken-404040404040404040404040"*>**
> 
> *      *<wsse:Username>*MyUserName*</wsse:Username>**
> 
> *     
> *<wsse:PasswordType=*"_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText_"*>*MyPassword*</wsse:Password>**
> 
> *     
> *<wsse:NonceEncodingType=*"_http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary_"*>*MyNonce*</wsse:Nonce>**
> 
> *     
> *<wsu:Created>*2016-02-09T07:31:11.078Z*</wsu:Created></wsse:UsernameToken></wsse:Security>**
> 
> *   *</soapenv:Header>
> 
>  
> 
> Thank you,
> 
> Rob Bezouwen 
> 
>  
> 
> 
> 
-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi