Module: WSDL::Security

Defined in:

lib/wsdl/security.rb,
lib/wsdl/security/config.rb,
lib/wsdl/security/policy.rb,
lib/wsdl/security/digester.rb,
lib/wsdl/security/verifier.rb,
lib/wsdl/security/constants.rb,
lib/wsdl/security/reference.rb,
lib/wsdl/security/signature.rb,
lib/wsdl/security/timestamp.rb,
lib/wsdl/security/id_generator.rb,
lib/wsdl/security/canonicalizer.rb,
lib/wsdl/security/verifier/base.rb,
lib/wsdl/security/request_policy.rb,
lib/wsdl/security/secure_compare.rb,
lib/wsdl/security/username_token.rb,
lib/wsdl/security/request_context.rb,
lib/wsdl/security/response_policy.rb,
lib/wsdl/security/security_header.rb,
lib/wsdl/security/algorithm_mapper.rb,
lib/wsdl/security/signature_options.rb,
lib/wsdl/security/xml_builder_helper.rb,
lib/wsdl/security/request_materializer.rb,
lib/wsdl/security/credential_normalizer.rb,
lib/wsdl/security/response_verification.rb,
lib/wsdl/security/verifier/reference_validator.rb,
lib/wsdl/security/verifier/signature_validator.rb,
lib/wsdl/security/verifier/structure_validator.rb,
lib/wsdl/security/verifier/timestamp_validator.rb,
lib/wsdl/security/verifier/certificate_resolver.rb,
lib/wsdl/security/verifier/certificate_validator.rb,
lib/wsdl/security/verifier/element_position_validator.rb

Overview

WS-Security implementation for SOAP message security.

This module provides support for the OASIS WS-Security specifications:

• SOAP Message Security 1.1
• UsernameToken Profile 1.1
• X.509 Token Profile 1.1

It enables authentication through username/password tokens and message integrity through X.509 certificate signatures.

Examples:

UsernameToken authentication

operation = wsdl.operation('Service', 'Port', 'Operation')
operation.security.username_token('user', 'secret')
response = operation.invoke

Digest authentication

operation.security.username_token('user', 'secret', digest: true)

X.509 certificate signing

cert = OpenSSL::X509::Certificate.new(File.read('cert.pem'))
key = OpenSSL::PKey::RSA.new(File.read('key.pem'), 'password')

operation.security.timestamp
operation.security.signature(certificate: cert, private_key: key)
response = operation.invoke

Combined authentication and signing

operation.security.username_token('user', 'secret')
operation.security.timestamp(expires_in: 300)
operation.security.signature(
  certificate: cert,
  private_key: key,
  digest_algorithm: :sha256
)

See Also:

• https://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
• https://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameTokenProfile.pdf
• https://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-x509TokenProfile.pdf

Defined Under Namespace

Modules: AlgorithmMapper, Constants, IdGenerator, ResponseVerification, SecureCompare Classes: Canonicalizer, Config, CredentialNormalizer, Digester, Policy, Reference, RequestContext, RequestMaterializer, RequestPolicy, ResponsePolicy, SecurityHeader, Signature, SignatureOptions, Timestamp, UsernameToken, Verifier, XmlBuilderHelper