• David Hall 29
  • 5 Points
  • Member since 2016
  • Programmer/Analyst
  • University of Wisconsin-Extension

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
  • 1

I'm trying to make a call to a WebService that requires the Soap Security Header to be provided in the message. They also require Password Digest.

I am able to POST a message to the service, and getting the response I'm looking for, using a tool such as SOAP UI. In the log I see the Soap Header looks like this

<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" 
<wsse:UsernameToken wsu:Id="UsernameToken-0A895E4ED2XY1B64BB142239383782811>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">kxPMdaV96UNV1OXw0B83IpnwgNc=</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">LTYzMDgmJTU1MTE5ODgyMjQ2HOZ==</wsse:Nonce>

What I'm trying to do is to create this header in an Apex Class.
I highligheted in BOLD (above) the "variable" fields.

- For Password Digest, I'm generating the string using the process below

            Blob targetBlob = Blob.valueOf('mypass');
            Blob hash = Crypto.generateDigest('SHA1', targetBlob);
            String b64 = EncodingUtil.base64Encode(hash);  

- For Nonce, I'm generating the string using the process below

            Long randomLong = Crypto.getRandomLong();
            String Nounce = EncodingUtil.base64Encode(Blob.valueOf(String.valueOf(randomLong)));

- For Created, I'm generating the string using the process below

            String Create = Datetime.now().formatGmt('yyyy-MM-dd\'T\'hh:mm:ss\'Z\'');

I am not sure what goes in the wsu:Id="UsernameToken part of the header. How are tools such as SOAP UI generating a different and accepted Token in each call?

Any help or ideas on this would be highly appreciated