Hi,
I am looking for help with achieveing WSS based encryption/decryption in Apigee proxy using following algorithms combination.
Security Token profile: X509v3
Key Encryption method: rsa-1_5
Content Encryption method: aes256-cbc
Basically, we have requirement to decrypt a payload that looks like below (the encrypted content is changed to ****)
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><SOAP-ENV:Header> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="EncCertId-2045221500" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">********************************************************************************************************************************************************************************************************************************</wsse:BinarySecurityToken> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference><wsse:Reference URI="#EncCertId-2045221500" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData><xenc:CipherValue>********************************************************************************************************************************************************************************************</xenc:CipherValue></xenc:CipherData> <xenc:ReferenceList><xenc:DataReference URI="#EncDataId-1457291972"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body><ns0:GetCustomerPartyListVBMResponse xmlns:ns0="http://xxx.xxx.com/schema/xxx/customer/customer-party/v1"><xenc:EncryptedData Id="EncDataId-1457291972" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><xenc:CipherData><xenc:CipherValue> *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></ns0:GetCustomerPartyListVBMResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
Solved! Go to Solution.
After a lot of research and effort, I was able to achieve this using java callout. I have another question regarding making certificate reference configurable in apigee here.
https://community.apigee.com/questions/32070/making-certificate-reference-configurable-in-wss4j.html
You'd have to implement this using a Java callout. I haven't tried this, but I think WSS4J might help you here.
All the documentation reg. Wss4j points to configuration based implementations for app servers.
any pointers for plain Java code that I can use for call out?
I have used wss4j inside a Java callout. But I have not done decryption of payload.
After a lot of research and effort, I was able to achieve this using java callout. I have another question regarding making certificate reference configurable in apigee here.
https://community.apigee.com/questions/32070/making-certificate-reference-configurable-in-wss4j.html
Do you a sample policy to share to implement wss security encryption/decryption?
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |