SOAP requests in Ruby with X509 Certificates

Question

I am using Soap4r and HTTPClient to interact with a Webservice. The Service only accepts requests which have been digitally signed with an X509 certificate. I have gone through the steps of generating a private key, getting the certificate request ( CSR ) and getting the actual certificate from the authority ( the company hosting the web service. )

Are there any examples out there for how to do this?

Answer 1

It seems that the webservice you are consuming uses WS-Security. WS-Security is a OASIS standard that utilizes XML-Signature and XML-Encryption to secure SOAP-Messages. However, as far as I know Soap4r does not support WS-Security. Implementing it yourself is pretty hopeless since it is rather complex (and involves annoying stuff like XML-Canonicalization).

WSO2 has ruby bindings for their framework (http://wso2.org/projects/wsf/ruby) maybe you could use it. If not you will probably have to wrap some C library (like libxmlsec) to sign the messages created by Soap4r. There are ruby bindings (http://rubygems.org/gems/xmlsec-ruby) for it but I think they do not expose the full functionality of xmlsec.

If this is an option you could implement your code in Java as it has quite a few powerful open source SOAP libraries with support for WS-Security like Metro (http://metro.java.net/), Axis2 (http://ws.apache.org/axis2/) and CXF (http://cxf.apache.org/)