Menu
I am using Soap4r and HTTPClient to interact with a Webservice. The Service only accepts requests which have been digitally signed with an X509 certificate. I have gone through the steps of generating a private key, getting the certificate request ( CSR ) and getting the actual certificate from the authority ( the company hosting the web service. )
Are there any examples out there for how to do this?
606
It seems that the webservice you are consuming uses WS-Security. WS-Security is a OASIS standard that utilizes XML-Signature and XML-Encryption to secure SOAP-Messages. However, as far as I know Soap4r does not support WS-Security. Implementing it yourself is pretty hopeless since it is rather complex (and involves annoying stuff like XML-Canonicalization).
WSO2 has ruby bindings for their framework (http://wso2.org/projects/wsf/ruby) maybe you could use it. If not you will probably have to wrap some C library (like libxmlsec) to sign the messages created by Soap4r. There are ruby bindings (http://rubygems.org/gems/xmlsec-ruby) for it but I think they do not expose the full functionality of xmlsec.
If this is an option you could implement your code in Java as it has quite a few powerful open source SOAP libraries with support for WS-Security like Metro (http://metro.java.net/), Axis2 (http://ws.apache.org/axis2/) and CXF (http://cxf.apache.org/)
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
