How to decrypt raw soap response encrypted with x509

2.9k views Asked by At

We have a batch program that talks with a third party providers web service with WSE, the call to the WSE webservice is encrypted with a x509 certificate.

We have two different certificates to the third party provider

  1. Pre-Production Certificate
  2. Production Certificate

We have implemented a WebServiceResponseLogger that inherits from SoapInputFilter, this is added to the Pipeline as an InputFilter. this does a fine job logging the response when using the pre-production certificate. However when we switch to Production and utilize the production certificate, the response is not logged.

Now we have seen the request and response trough fiddler, so we know that a response actually appears, the problem is that the response we can see in fiddler is the raw response.

I've tried googling trying to figure out if we could decrypt the response in fiddler, we have the correct certificates, so I'd figure it would be possible. and if not with fiddler, does a Tool already exist that would allow me to decrypt the soap response?

1

There are 1 answers

1
thmsn On BEST ANSWER

Finally got around to posting the solution i found, in case someone else runs into this problem :)

I managed to find a link on MSDN that put me on the right track and constructed the following console program that sucessfully decrypted the response I had from our fiddler sessions.

I installed the WSE 2.0 NuGet package

try
{
    // http://msdn.microsoft.com/en-us/library/aa529137.aspx
    XmlDocument response = new XmlDocument();
    response.Load("Response.xml");
    var encryptedKeyElement = response.GetElementsByTagName("xenc:EncryptedKey")[0] as XmlElement;
    var encryptedDataElement = response.GetElementsByTagName("xenc:EncryptedData")[0] as XmlElement;

    EncryptedKey encryptedKey = new EncryptedKey(encryptedKeyElement);
    EncryptedData data = new EncryptedData(encryptedDataElement, encryptedKey);

    var decryptedData = data.Decrypt();
}
catch (Exception ex)
{
    Console.WriteLine(ex.ToString());
    Console.WriteLine("Press any key to exit");
    Console.Read();
}