web stats
Web Service sender and WSSE - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #1  
Old 05-16-2019, 01:07 PM
mitch_nchin mitch_nchin is offline
Mirth Newb
 
Join Date: Nov 2015
Posts: 17
mitch_nchin is on a distinguished road
Default Web Service sender and WSSE

We need to digitally sign a timestamp within a SOAP message. Is this doable from within Mirth? We have the SSH extension but I don't know whether it handles this.

Thanks.

Here's an example message we've been provided; presumably it is the Signature tag that we'll need to generate based on the message's timestamp:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:cdc:iisb:2011">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-D8234953C823AFAE2415536312716865" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-excc14n#">
<ec:InclusiveNamespaces PrefixList="soap urn" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsasha1"/>
<ds:Reference URI="#TS-D8234953C823AFAE2415536312715641">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xmlexc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsse soap urn" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsigestValue>Content Redacted
</dsigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Content Redacted</ds:SignatureValue>
<ds:KeyInfo Id="KI-D8234953C823AFAE2415536312716723">
<wsse:SecurityTokenReference wsu:Id="STRD8234953C823AFAE2415536312716744">
<wsse:KeyIdentifier EncodingType="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
Content Redacted
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-D8234953C823AFAE2415536312715641">
<wsu:Created>2019-03-26T20:14:31Z</wsu:Created>
<wsu:Expires>2019-03-26T20:15:01Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<urn:submitSingleMessage>
<urn:username>Content Redacted User name provided by DOH</urn:username>
<urnassword>Content Redacted Password provided by DOH</urnassword>
<urn:facilityID>Content Redacted Facility ID provided by OHP</urn:facilityID>
<urn:hl7Message>Content Redacted Message content information available DOH
</urn:hl7Message>
</urn:submitSingleMessage>
</soap:Body>
</soap:Envelope

Thanks.
Reply With Quote
  #2  
Old 05-17-2019, 07:27 AM
agermano agermano is offline
Mirth Guru
 
Join Date: Apr 2017
Location: Indiana, USA
Posts: 956
agermano is on a distinguished road
Default

It's likely doable. Most things are.

I assume you meant the SSL (not SSH) extension, and as far as I know that is only for setting up encrypted tunnels, not for digital signatures.

I'm afraid I don't know enough about your requirements to give you a definite answer.
Reply With Quote
  #3  
Old 05-17-2019, 01:46 PM
mitch_nchin mitch_nchin is offline
Mirth Newb
 
Join Date: Nov 2015
Posts: 17
mitch_nchin is on a distinguished road
Default

Yes, SSL extension. Thank you so much. Is anyone else able to offer a definite answer?
Reply With Quote
  #4  
Old 05-17-2019, 02:08 PM
agermano agermano is offline
Mirth Guru
 
Join Date: Apr 2017
Location: Indiana, USA
Posts: 956
agermano is on a distinguished road
Default

You don't have the requirements of what you're trying to do?
Reply With Quote
  #5  
Old 05-20-2019, 06:07 AM
mitch_nchin mitch_nchin is offline
Mirth Newb
 
Join Date: Nov 2015
Posts: 17
mitch_nchin is on a distinguished road
Default

The requirement is to apply a digital signature to fields including the timestamp, as described in WSSE, and include it in the SOAP message.

As an aside, when you cannot actually be helpful, there is absolutely no need to post.
Reply With Quote
  #6  
Old 07-04-2019, 02:14 PM
sterk sterk is offline
What's HL7?
 
Join Date: Jul 2019
Posts: 1
sterk is on a distinguished road
Default

Hi mitch_nchin

Did you find a solution to sign a timestamp ?

I have the same problem, add a signed timestamp in SOAP WSS request.

Thanks for help
Reply With Quote
  #7  
Old 07-08-2019, 08:09 AM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,123
narupley is on a distinguished road
Default

Just an FYI we did add this ability with a new commercial extension in 3.6, the Interoperability Connector Suite. The NHIN-compliant assertion and timestamp are both automatically signed, and it integrates with the SSL Manager so you can choose which local cert/keypair you want to sign with.

Otherwise, I would look into a third-party library like CryptoJS. I think you should be able to create signatures and set them in the SOAP header with that.
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
Reply

Tags
wsse ws security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 09:38 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation