Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SVC2024.1

...

Anchor
General
General
General

...

  • Form: Choose the appropriate form to specify the key and certificate used for encryption.
  • Actor: Enter a value to specify a SOAP actor.
  • Add mustUnderstand="1" attribute: Specifies whether or not the receiver must recognize and decrypt the message. If this option is enabled, a SOAP fault will be sent back if the receiver does not know how to decrypt and deserialize the message.
  • Add timestamp: Select to add a timestamp to the message. When this option is enabled, the following are available:
    • Sign timestamp: Select to provide a digital signature with the timestamp.
    • Add expiration: Select to enter an expiration value in the Time to Live field.

Anchor
Target Elements
Target Elements
Target Elements

When selecting Target Elements from the left pane of the Tools Settings tab, the following options are available if Encrypt is selected in the General tab:

  • SOAP body/entire document: Select to encrypt the entire SOAP body or entire XML document.
  • Click Add (only available if SOAP body/entire document is unselected) to specify an XPath and encrypt a specific element within the XML document. A row will appear in the Element Selection list. The Element Selection list consists of the following two columns:
    • XPath Expression: Allows you to enter the desired XPath you would like encrypted.
    • Target: Allows you to choose either Entire Element or Content Only.
      Selecting Entire Element will encrypt the entire XPath.
      Selecting Content Only will encrypt only the text content.

AnchorEmulation OptionsEmulation OptionsEmulation Options
Info

Emulation options for the XML Encryption tool is deprecated and will be removed in a future version.

When selecting Emulation Options from the left pane of the Tools Settings tab, the following options are available:

Note
titleNote
The following options are available only if WS-Security Mode is selected in the General tab.
  • Emulate: Select the application server you are using to automatically configure the emulation options. You can also select the appropriate version number of your application server from the Version menu.
    • To manually configure the emulation options, select Custom from the Emulate menu. The following options will be available for you to manually configure:
    • wsse URI: Select the namespace URI of the WS-Security specification used.
    • wsu URI: Select the utility namespace URI of the WS-Security specification used

      .

    • Qualify signed element ID attribute: Select to qualify signed element ID attribute.
    • Qualify BinarySecurity Token attributes: Select to qualify binary security token attributes with the wsse namespace.
    • Prefix BinarySecurity Token attribute values: Select to prefix binary security token attributes with the wsse URI.

Anchor
Encryption Options
Encryption Options
Encryption Options

With Encryption Options selected in the left pane of the Tools Settings tab, the following options are available:

  • Security Header Layout: This property indicates which layout rules to apply when adding items to the security header. The following options are available:
    • Lax: Items are added to the security header in any order that conforms to WSS: SOAP Message Security
    • LaxTimestampFirst: Same as Lax, except that the first item in the security header MUST be a wsse:Timestamp
    • LaxTimestampLast: Same as Lax, except that the last item in the security header MUST be a wsse:Timestamp
    • Strict: Items are added to the security header following the numbered layout rules described below according to a general principle of 'declare before use'.

Anchor
Decryption Options
Decryption Options
Decryption Options

With Decryption Options selected in the left pane of the Tools Settings tab, the following options are available:

Note
titleNote
The following options are available only if Decrypt is enabled in the General tab.
Signature verification: This setting allows you to specify whether you'd like to perform a Signature verification when decrypting the XML message
.


  • Key Store: Specifies the key store used to verify the signature. The Key Stores available in this menu depend on the Key Stores you added at the test or Responder suite level.For more information on adding Key Stores, see Global Key Stores.

  • Decrypt all known WSS headers: Select to decrypt WSS header formats.
  • Decrypt specific header formats: Select to decrypt specific header formats

    .

Input Type Tab

The Input Type tab is only available if the XML Encryption tool is added as a standalone tool and not chained to another tool. The following options are available from the Input Type tab:

  • Text: Use this option if you want to type or copy the XML document into the UI. Select the appropriate MIME type, enter the XML in the text field below Text option.
  • File: Use this option if you want to use an existing file. Click Browse to choose a file.
    • Enable Persist as Relative Path if you want the path to this file to be saved as a path that is relative to the current configuration file. Enabling this option makes it easier to share tools across multiple machines. If this option is not enabled, the test or Responder suite will save the path to this file as an absolute path. 

Usage Notes

You can use the XML Encryption tool as a stand-alone tool at the test suite level by right-clicking the main test suite node and choosing Add New > Test, then selecting XML Encryption from the dialog that opens. You can also chain the XML Encryption tool to a tool by right-clicking the desired tool node and choosing Add Output, then selecting XML Encryption from the dialog that opens. The tool will use the transformed XML.

You can chain the XML Encryption tool and the XML Signer tool to a messaging tool to perform both encryption and XML signature on a message. For more information on the XML Signer tool, see XML Signer.

You can also chain any tool, such as an Edit or Browse tool, to the XML Encryption Tool by right-clicking the desired XML Encryption Tool node and choosing Add Output, then selecting XML Encryption from the dialog that opens.

Anchor
Unlimited Strength Java Cryptography Extension
Unlimited Strength Java Cryptography Extension
Unlimited Strength Java Cryptography Extension

Info
titleImportant
In order to perform security operations using the XML Signature Verifier, XML Signer, or XML Encryption tools, or if using Key Stores, you will need to download and install the Unlimited Strength Java Cryptography Extension. For details, see JCE Prerequisite.

Related Tutorials

The following tutorial lesson demonstrates how to use this tool: