Hi,
I’m sorry for this somewhat lengthy post but I have a problem that I don’t really know how to solve and I’m just looking to see if anyone have run into the same issue, or maybe already solved it.
We are going to fetch data from a time management system that have a SOAP API and all the information I find in the community refers to RSD files, that is not to be used anymore. I don’t know how I would solve the problem that I have even with an RSD file, but that’s somewhat beside the point here. 😊
The issue is that we must take the request XML, encrypt the whole thing using AES, into a fingerprint that in turn will need to be inserted into the actual request that is then sent to the API.
I have received some code in C# that does the following steps:
- Generates a timestamp and an MD5 hash of the request XML
- Generates the fingerprint XML using the timestamp and the newly created MD5 hash with the schema like in the attached picture fingerprint_schema
- Encrypts the fingerprint XML with AES, using the .NET function System.Security.Cryptography.AesCryptoServiceProvider, with the encrypted fingerprint XML, a user password and a user salt as inputs
- This then gets inserted into the actual header XML that then can be sent in the request. The flow in the code can be seen in the attachment c_sharp_flow
The system provider has a test application where it’s easier to see the results.
An example request can be seen in the attachment Test_application_example.
You can see that since we have the FromDat and TomDat dates along with the OrganisationId in the Request XML, which will make the fingerprint unique for every request.
We have SQL server as our backend, and I’ve been trying to do some research on how to solve this problem, but I only find references to SQL server and AES encryption when it comes to database or column encryption. In all other circumstances, when using SQL, it only refers to MD(X) or SHA encryption which are only one-way encryption.
The only other options for encryption besides AES, before anyone asks, is Blowfish and TripleDES, both of which are not supported by modern versions of SQL server.
Constructing the request and header XML will not be that much of a problem if I can only get the encryption bits right. Anyone here who have run into the same issue or have some thoughts about this? Any help or insights would be highly appreciated.
BR
Tomas