Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
Can someone help me understand how can I achieve the following? 1. Perform a secured mutual authentication connection with the interface server. 2. Encrypt the SOAP body for all web service requests, using the server public certificate received during mutual authentication. 3. Sign all SOAP requests using the client private certificate, before sending the request via this interface. 4. Decrypt the SOAP body for all web service responses (that are received in this interface) using the client private certificate. 5. Verify the signatures on all received web service responses using the server public certificate before decrypting the SOAP body.
So far I have the following: 1. Use Chilkat_9_5_0.Http and SetSslClientCertPfx to set the certificate for mutual TLS. 2. Use Chilkat_9_5_0.Rsa, Chilkat_9_5_0.Crypt2, Chilkat_9_5_0.PublicKey, Chilkat_9_5_0.PrivateKey to encrypt an XML file. 3. This is where I'm having issue, how do POST using the file created with AES encrypt (CkEncryptFile)
This link shows an example of an encrypted SOAP message. It may help you understand what the service is looking for.
Thanks for the link. Interesting stuff indeed. I didn't even think that you can inject the encrypted message inside the XML itself.
To follow up on this one to fully understand how to things should work: If I have a simple XML like so:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tns="http://interop.manitoba-ehealth.ca/health_hub/public/LabResultService">
<soapenv:Header/>
<soapenv:Body>
<tns:GetResultRequest>
<ClientID>TESTH1</ClientID>
<NumberOfMessages>10</NumberOfMessages>
<TransactionID>0123456789</TransactionID>
</tns:GetResultRequest>
</soapenv:Body>
</soapenv:Envelope>
Do I have to re-create the XML with all the corresponding tags similar to the link you have given below: https://www.ibm.com/support/knowledgecenter/SSGMCP_5.3.0/com.ibm.cics.ts.webservices.doc/wsSecurity/dfhws_soapmsg_encrypted.html
If memory serves me, what is inside the <soapenv:body> tag is unique to each service you connect to. Information in the <soapenv:header> tag may be similar, not the same.
Hi Tracy, you seem to have an experience doing this specifically on VFP. Anyway I can PM you some details with what I have for this issue. I'm actually looking for a dev that can write this specific piece. Let me know if you are interested.