What does Soap UI uses from soap envelope to create XMLDsig signature? or the opposite question, how can I validate a signature of a Soap XMLDsig response? I'm asking because I only managed to get the proper response using Soap UI.
Let say we have this petition generated in SoapUI:
<soapenv:Envelope xmlns:dat="..." xmlns:pet="..." xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-...">{BinarySecurityToken}</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-..." xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="dat pet soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-...">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="dat pet" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>{Sha1Diest encoded base 64}</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
{Signature encoded base 64}
</ds:SignatureValue>
<ds:KeyInfo Id="KI-...">
<wsse:SecurityTokenReference wsu:Id="STR-...">
<wsse:Reference URI="#X509-..." ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-..." xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<pet:Petition>
...data...
</pet:Petition>
</soapenv:Body>
</soapenv:Envelope>
I have this java code to generate binary security token (which match the generated by soapui because same certificate), but with the same envelope I get different signature and digest values:
Java code: https://pastebin.com/06NUwkLW
So, what should I use in String plaintext to get the proper signature and digest values?
I already tried with a cxf3.4 and axis2 client (using wsdl2java), but adding WS-Security is so complex, and I only find username/password auth, which is not what I need.
