Ik probeer via de volgende code om de KBO Public Search Webservice uit te lezen:
--
-- Tested according to http://www.herongyang.com/Web-Services/WS-Security-Validate-Password-Digest-String.html
-- using:
-- l_created := '2014-06-21T12:43:21.791Z';
-- l_password := 'iLoveDogs';
-- l_username := 'herong';
--
--
declare
l_nonce blob;
l_created varchar2;
l_expires varchar2;
l_password_digest varchar2;
l_xml varchar2;
l_out_contents_char varchar2;
l_out_http_status_code int32;
l_created_date datetime;
l_expires_date datetime;
--
l_enterprise_number varchar2 := '0314595348';
l_username varchar2 := 'wsop9999';
l_password varchar2 := 'secret';
l_language_code varchar2 := 'nl';
l_msg_id varchar2 := to_char(newid());
begin
l_created_date := sysdateutc;
--
-- Default maximum offset of wss4j is 300 seconds.
--
l_expires_date := l_created_date + 300/86400;
--
l_created := to_char(l_created_date, 'YYYY-MM-DD') || 'T' || to_char(l_created_date, 'HH24:MI:SS') || '.000Z';
l_expires := to_char(l_expires_date, 'YYYY-MM-DD') || 'T' || to_char(l_expires_date, 'HH24:MI:SS') || '.000Z';
--
--
l_nonce := random_blob(16);
--
-- Calculate digested password.
--
l_password_digest := base64_encode(hex_to_blob(sha1(l_nonce || to_binary(l_created) || to_binary(l_password))));
--
l_xml := '<?xml version="1.0" encoding="UTF-8"?>';
l_xml := l_xml || chr(13) || chr(10) || '<soapenv:Envelope';
l_xml := l_xml || chr(13) || chr(10) || ' xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"';
l_xml := l_xml || chr(13) || chr(10) || ' xmlns:mes="http://economie.fgov.be/kbopub/webservices/v1/messages"';
l_xml := l_xml || chr(13) || chr(10) || ' xmlns:dat="http://economie.fgov.be/kbopub/webservices/v1/datamodel"';
l_xml := l_xml || chr(13) || chr(10) || ' xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"';
l_xml := l_xml || chr(13) || chr(10) || ' xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"';
l_xml := l_xml || chr(13) || chr(10) || '>';
l_xml := l_xml || chr(13) || chr(10) || ' <soapenv:Header>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsse:Security>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsu:Timestamp>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsu:Created>' || l_created || '</wsu:Created>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsu:Expires>' || l_expires || '</wsu:Expires>';
l_xml := l_xml || chr(13) || chr(10) || ' </wsu:Timestamp>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsse:UsernameToken>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsse:Username>' || xmlencode(l_username) || '</wsse:Username>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">' || xmlencode(l_password_digest) || '</wsse:Password>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">' || xmlencode(l_nonce) || '</wsse:Nonce>';
l_xml := l_xml || chr(13) || chr(10) || ' <wsu:Created>' || l_created || '</wsu:Created>';
l_xml := l_xml || chr(13) || chr(10) || ' </wsse:UsernameToken>';
l_xml := l_xml || chr(13) || chr(10) || ' </wsse:Security>';
l_xml := l_xml || chr(13) || chr(10) || ' <mes:RequestContext>';
l_xml := l_xml || chr(13) || chr(10) || ' <mes:Id>' || xmlencode(l_msg_id) || '</mes:Id>';
l_xml := l_xml || chr(13) || chr(10) || ' <mes:Language>' || xmlencode(l_language_code) || '</mes:Language>';
l_xml := l_xml || chr(13) || chr(10) || ' </mes:RequestContext>';
l_xml := l_xml || chr(13) || chr(10) || ' </soapenv:Header>';
l_xml := l_xml || chr(13) || chr(10) || ' <soapenv:Body>';
l_xml := l_xml || chr(13) || chr(10) || ' <mes:ReadEnterpriseRequest>';
l_xml := l_xml || chr(13) || chr(10) || ' <dat:EnterpriseNumber>' || xmlencode(l_enterprise_number) || '</dat:EnterpriseNumber>';
l_xml := l_xml || chr(13) || chr(10) || ' </mes:ReadEnterpriseRequest>';
l_xml := l_xml || chr(13) || chr(10) || ' </soapenv:Body>';
l_xml := l_xml || chr(13) || chr(10) || '</soapenv:Envelope>';
dbms_output.put_line(l_xml);
--
select htp.CONTENTS_CHAR
, htp.http_status_code
into l_out_contents_char
, l_out_http_status_code
from HTTPDownload@DataDictionary
( url => 'https://kbopub.economie.fgov.be/kbopubws110000/services/wsKBOPub'
, acceptMimeType => 'application/xml;charset=UTF-8'
, contentType => 'application/xml;charset=UTF-8'
, method => 'POST'
, textPayload => l_xml
, ignoreWebError => false
) htp
;
dbms_output.put_line(l_out_http_status_code);
dbms_output.put_line(l_out_contents_char);
end;
Er treedt echter een HTTP 500 statuscode op met de inhoud:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode xmlns:ns1="http://ws.apache.org/wss4j">ns1:SecurityError</faultcode>
<faultstring>A security error was encountered when verifying the message</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Het gehele verzoek is:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:mes="http://economie.fgov.be/kbopub/webservices/v1/messages"
xmlns:dat="http://economie.fgov.be/kbopub/webservices/v1/datamodel"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>
<soapenv:Header>
<wsse:Security>
<wsu:Timestamp>
<wsu:Created>2023-05-23T16:01:32.000Z</wsu:Created>
<wsu:Expires>2023-05-23T16:06:32.000Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken>
<wsse:Username>wsop9999</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">xxxxxxxxx=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">xLwxqqvwAxkivJ51nYDEOQ==</wsse:Nonce>
<wsu:Created>2023-05-23T16:01:32.000Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<mes:RequestContext>
<mes:Id>91f25327-edea-45f1-a1c0-e9174cf47819</mes:Id>
<mes:Language>nl</mes:Language>
</mes:RequestContext>
</soapenv:Header>
<soapenv:Body>
<mes:ReadEnterpriseRequest>
<dat:EnterpriseNumber>0314595348</dat:EnterpriseNumber>
</mes:ReadEnterpriseRequest>
</soapenv:Body>
</soapenv:Envelope>
Dezelfde foutmelding treedt op als ik via SOAP UI probeer om het request uit te voeren gebruik makend van password digest authenticatie met timestamp met maximale levensduur van 300 seconden.
Weet iemand hoe de gegevens van deze KBO Webservice toch uit te lezen zijn?