{"id":37024084,"url":"https://github.com/tilln/jmeter-wssecurity","last_synced_at":"2026-01-14T02:54:25.783Z","repository":{"id":41322296,"uuid":"81063858","full_name":"tilln/jmeter-wssecurity","owner":"tilln","description":"WS-Security Plugin for JMeter","archived":false,"fork":false,"pushed_at":"2023-05-21T01:01:46.000Z","size":953,"stargazers_count":13,"open_issues_count":1,"forks_count":8,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-05-07T18:13:55.967Z","etag":null,"topics":["digital-signature","encryption","jmeter","jmeter-plugin","soap-messages","ws-security","wss","wssecurity"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tilln.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-06T08:16:43.000Z","updated_at":"2024-05-07T18:13:55.968Z","dependencies_parsed_at":"2022-08-24T07:31:01.215Z","dependency_job_id":null,"html_url":"https://github.com/tilln/jmeter-wssecurity","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/tilln/jmeter-wssecurity","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilln%2Fjmeter-wssecurity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilln%2Fjmeter-wssecurity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilln%2Fjmeter-wssecurity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilln%2Fjmeter-wssecurity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tilln","download_url":"https://codeload.github.com/tilln/jmeter-wssecurity/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilln%2Fjmeter-wssecurity/sbom","scorecard":{"id":885366,"data":{"date":"2025-08-11","repo":{"name":"github.com/tilln/jmeter-wssecurity","commit":"185cf84f6c0379e10bda763cc64444015b2761cf"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/tilln/jmeter-wssecurity/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/tilln/jmeter-wssecurity/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tilln/jmeter-wssecurity/release.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 1.9 not signed: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/103709812","Warn: release artifact 1.8 not signed: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/40666350","Warn: release artifact 1.7 not signed: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/19220946","Warn: release artifact 1.6 not signed: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/13289107","Warn: release artifact 1.5 not signed: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/9722135","Warn: release artifact 1.9 does not have provenance: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/103709812","Warn: release artifact 1.8 does not have provenance: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/40666350","Warn: release artifact 1.7 does not have provenance: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/19220946","Warn: release artifact 1.6 does not have provenance: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/13289107","Warn: release artifact 1.5 does not have provenance: https://api.github.com/repos/tilln/jmeter-wssecurity/releases/9722135"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T09:49:29.766Z","repository_id":41322296,"created_at":"2025-08-24T09:49:29.766Z","updated_at":"2025-08-24T09:49:29.766Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408797,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["digital-signature","encryption","jmeter","jmeter-plugin","soap-messages","ws-security","wss","wssecurity"],"created_at":"2026-01-14T02:54:25.119Z","updated_at":"2026-01-14T02:54:25.775Z","avatar_url":"https://github.com/tilln.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# jmeter-wssecurity [![github-actions](https://github.com/tilln/jmeter-wssecurity/actions/workflows/release.yml/badge.svg)](https://github.com/tilln/jmeter-wssecurity/actions/workflows/release.yml)\n\nOverview\n------------\n\nApache JMeter plugin for signing, encrypting and decrypting SOAP messages (WS-Security).\n\nThe plugin provides \n* [Pre-Processors](http://jmeter.apache.org/usermanual/component_reference.html#preprocessors) \nfor adding digital signature or encryption to a sampler's payload (based on a certificate from a given keystore),\n* Pre-Processors for adding a Username Token or a Timestamp to a sampler's payload,\n* a [Post-Processor](http://jmeter.apache.org/usermanual/component_reference.html#postprocessors)\nfor decrypting a sampler's response.\n\nSupported are HTTP Request, JMS Publisher and JMS Point-to-Point samplers, SMTP and TCP sampler,\nas well as third party samplers that expose the payload via a\nJMeter [StringProperty](https://jmeter.apache.org/api/org/apache/jmeter/testelement/property/StringProperty.html)\nor a pair of getter/setter methods.\n\nInstallation\n------------\n\n### Via [PluginsManager](https://jmeter-plugins.org/wiki/PluginsManager/)\n\nUnder tab \"Available Plugins\", select \"WS Security for SOAP\", then click \"Apply Changes and Restart JMeter\".\n\n### Via Package from [JMeter-Plugins.org](https://jmeter-plugins.org/)\n\n1. Remove wss4j-\\*.jar and xmlsec-\\*.jar from JMeter's lib directory (if applicable).\n2. Download and extract the [zip package](https://jmeter-plugins.org/files/packages/tilln-wssecurity-1.9.zip) into JMeter's lib directory.\n3. Restart JMeter.\n\n### Via Manual Download\n\n1. Copy the [jmeter-wssecurity jar file](https://github.com/tilln/jmeter-wssecurity/releases/download/1.9/jmeter-wssecurity-1.9.jar) into JMeter's lib/ext directory.\n2. Copy the following dependencies into JMeter's lib directory:\n\t* [org.apache.wss4j / wss4j-ws-security-dom](https://search.maven.org/remotecontent?filepath=org/apache/wss4j/wss4j-ws-security-dom/3.0.0/wss4j-ws-security-dom-3.0.0.jar)\n\t* [org.apache.wss4j / wss4j-ws-security-common](https://search.maven.org/remotecontent?filepath=org/apache/wss4j/wss4j-ws-security-common/3.0.0/wss4j-ws-security-common-3.0.0.jar)\n\t* [org.apache.santuario / xmlsec](https://search.maven.org/remotecontent?filepath=org/apache/santuario/xmlsec/3.0.1/xmlsec-3.0.1.jar)\n3. Make sure to remove older versions of the above dependencies from the JMeter lib directory.\n4. Restart JMeter.\n\nUsage\n------------\n\nFrom the context menu, add the appropriate Pre or Post Processor to the test plan scope with the sampler containing the SOAP message.\n\nThe message to be signed or encrypted must be a valid SOAP message and must be in one of the following locations:\n* For [HTTP request](http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request): Tab \"Body Data\" (not \"Parameters\")\n* For [JMS Point-to-Point](http://jmeter.apache.org/usermanual/component_reference.html#JMS_Point-to-Point): Text area \"Content\"\n* For [JMS Publisher](http://jmeter.apache.org/usermanual/component_reference.html#JMS_Publisher): Text area \"Text Message...\" with \"Message source\": Textarea (from files is not supported)\n* For [SMTP Sampler](http://jmeter.apache.org/usermanual/component_reference.html#SMTP_Sampler): Text area \"Message\" (\"Send .eml\" unchecked)\n* For [TCP Sampler](http://jmeter.apache.org/usermanual/component_reference.html#TCP_Sampler): Text area \"Text to send\"\n\n*Note that the plugin does not assist with composing the message nor does it do any XML schema validation.\nOnly the WS-Security header element will be inserted or modified.*\n*It is recommended to exclude the WS-Security header from the SOAP request and let the plugin generate it.*\n\nUsers familiar with SoapUI will find similarities to the [outgoing WS-Security configuration](https://www.soapui.org/soapui-projects/ws-security.html#3-Outgoing-WS-Security-configurations).\n\n### SOAP Message Signer\n\n![SOAP Message Signer](docs/signature.png)\n\n### SOAP Message Encrypter\n\n![SOAP Message Encrypter](docs/encryption.png)\n\n### SOAP Message Username Token\n\n![SOAP Message Username Token](docs/usernametoken.png)\n\n### SOAP Message Timestamp\n\n![SOAP Message Timestamp](docs/timestamp.png)\n\n### SOAP Message Decrypter\n\n![SOAP Message Decrypter](docs/decryption.png)\n\nConfiguration\n-------------\n\n### Keystore Settings\n\nThe keystore file is expected to contain all keys referenced in the SOAP message headers\nthat are required for signing and/or encrypting/decrypting.\n\nThe default keystore type is JCEKS (since v1.7, before Java platform default). \nOther keystore types can be used by defining the JMeter property `jmeter.wssecurity.keystoreType` (since v1.8),\ne.g. PKCS12, JKS, JCEKS.\n\n### Pre-Processors\n\nThe dropdown fields allow for the customization of most signature and encryption settings, depending on what the endpoint's WSDL defines.\n\n:warning: *Not all setting combinations are valid, and JMeter does not enforce a valid combination to be entered.\nInstead, invalid ones will cause errors to be logged during runtime.*\n\n*Example: Key Identifier Type \"Encrypted Key SHA1\" is only valid for symmetric Signature Algorithms (HMAC).*\n\n#### Parts to Sign/Parts to Encrypt\n\nThese lists are empty by default, however, that results in the SOAP Body content to be signed or encrypted.\n\nSuppose the Timestamp element was to be included in the signature or encryption in addition to the Body element, both would have to be listed as follows: \n\n|ID|Name|Namespace|Encode|\n|--|----|---------|------|\n|  |Body|http://schemas.xmlsoap.org/soap/envelope/ | |\n|  |Timestamp|http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd | |\n\nIf there are multiple XML elements with the same name and namespace, the element's ID attribute can be used to determine which element is to be signed/encrypted.\nIf the ID is specified, the Name and Namespace are not necessary and will not be used.  \n\nExample:\n\n```xml\n\u003csoap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"\u003e\n    \u003csoap:Body\u003e\n        \u003celement ID=\"e1\"\u003ethis should be encrypted\u003c/element\u003e\n        \u003celement ID=\"e2\"\u003ethis is not to be encrypted\u003c/element\u003e\n        \u003celement\u003eanother one\u003c/element\u003e\n    \u003c/soap:Body\u003e\n\u003c/soap:Envelope\u003e\n```\n\n|ID|Name|Namespace|Encode|\n|--|----|---------|------|\n|e1|    |         |      |\n\nEncode is only relevant for encryption (or attachments, see below) and can be one of the following:\n* \"Element\" (default): The entire XML element is encrypted.\n* \"Content\": Only child nodes of the XML element are encrypted (i.e. the element name and its attributes will remain in clear text).\n* \"Header\": Encloses the XML element in an EncryptedHeader element (\"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd\"), \nbut only if it is an immediate child node of the SOAP Header.\n\n### Post-Processor\n\nThe SOAP Message Decrypter takes a sampler's response data as input, expecting a SOAP message with WS-Security header,\nand decrypts the payload based on the content of a given keystore. This requires the private key password\nof the encryption certificate.\n\nUntil plugin version 1.6 this password is expected in the field \"Private Key Password\". As of version 1.7 it needs to be\nprovided in the table *Credentials for WSS Processing*, along with the alias of the keystore entry.\n\nNote: Due to the way the underlying wss4j library is implemented, any other, not encryption related security tokens \nin the response message will also be processed, for example signature tokens. \nAny such processing will fail if key information is not present. For example, should the response message\ninclude a symmetric signature token, the SOAP Message Decrypter needs the secret key that was used to generate the token.\n\nThe key(s) may be provided in the configured keystore, and the secret key password(s) can be listed \nin the table *Credentials for WSS Processing*.\nLikewise, if a response were to contain a Username Token, the password(s) for the expected username(s) can be listed in\nthat table, so that the Post-Processor is able to validate the token.\n\nAny WS-Security related exception encountered by the SOAP Message Decrypter \nwhile trying to decrypt or validate a response message will cause the sampler to fail and will create an \n[assertion](http://jmeter.apache.org/usermanual/component_reference.html#assertions) result, \neffectively behaving like an implicit assertion.\n\nIf this behaviour is not desired, it may be turned off via setting the JMeter property `jmeter.wssecurity.failSamplerOnWSSException=false`.\n\n### Support for 3rd party samplers\n\nSamplers that are not JMeter core functionality, such as [JMeter-Plugins](http://jmeter-plugins.org), can also be used\nif they provide either a JMeter StringProperty or a public String getter/setter to access the sampler's payload with the SOAP message.\n\nIn that case, the JMeter property `jmeter.wssecurity.samplerPayloadAccessors` can be set to specify the class name and property name as in the following examples.\n\nThe SMTP Sampler stores the payload in the TestElement property [\"SMTPSampler.message\"](https://github.com/apache/jmeter/blob/v4_0/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/SmtpSampler.java#L91).\nSo, it would be configured for this plugin via\n`jmeter.wssecurity.samplerPayloadAccessors=org.apache.jmeter.protocol.smtp.sampler.SmtpSampler.\"SMTPSampler.message\"`.\nNote the quotes around the property name if it contains a dot.\n\nAlternatively, if there is no such JMeter property, a Bean property can be used (without the get/set prefix),\nwhich the Pre-Processor will access at run time via Reflection.\n\nSuppose a sampler like the following:\n```java\npackage some.package;\npublic class SomeSampler extends AbstractSampler {\n\tpublic String getPayload() \n\t// ...\n\tpublic void setPayload(String content)\n\t// ...\n}\n```\n\nThen the JMeter property should be set like so: `jmeter.wssecurity.samplerPayloadAccessors=some.package.SomeSampler.payload`\n\nMore than one of these can be comma separated (if really required).\n\n### Support for Attachments\n\nSOAP Message [Attachments](http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-SwAProfile-v1.1.1-os.html)\ncan be digitally secured or validated/decrypted by the plugin.\nHowever, the attachment data must be explicitely provided and must match the attachment(s) transmitted by the sampler,\ni.e. the plugin is unable to automatically access samplers' attachments.\nTo do this, the below lists (Attachments to Sign/Encrypt/Decrypt) have to be filled in with one row for each attachment.\n\nAdditionally, for SwA attachments, the special ID `cid:Attachments` needs to be added to the \"Parts to Sign\"/\"Parts to Encrypt\" (without Name or Namespace).\nThe Encode column can be either:\n* \"Element\": The attachment content will be signed/encrypted as well as the MIME headers `Content-Description`, `Content-Disposition`, `Content-ID`, `Content-Location`, `Content-Type`.\n* \"Content\" (default): Only the attachment content will be signed/encrypted.\n\n#### Attachments to Sign\n\nAn attachment is identified by its Content-ID (`cid:`) and consists of a sequence of bytes and (optionally) some headers.\nThe following columns need to be populated accordingly:\n* Content-ID: The identifier attribute the attachment will be referenced by in the SOAP message.\n* Bytes: Base64-encoded content. This may come from anywhere, e.g. a file or a JMeter variable,\nand will typically be using some custom code snippet via the [`__groovy()` function](https://jmeter.apache.org/usermanual/functions.html#__groovy),\nsuch as `${__groovy(new File('secret.xml').bytes.encodeBase64())}`\n* Headers: Newline-separated headers. Note: JMeter GUI fields do not allow newlines. Use [`${__char(13)}`](https://jmeter.apache.org/usermanual/functions.html#__char).\n\n#### Attachments to Encrypt\n\nThe Content-ID, Bytes and Headers columns have the same semantics as above.\n\nAfter encrypting an attachment, the plugin can make the encrypted data available to the sampler for transmission.\nThis can be done is a few different ways. The following columns determine how the plugin stores the output:\n* Output Mode: Defines how the encrypted attachment will be handed over to the sampler, and can be one of the following:\n    * \"File\": Store encrypted bytes in a file (name and path as per \"Output Destination\" column)\n    * \"Variable\": Assign encrypted bytes to JMeter object [variable](https://jmeter.apache.org/usermanual/best-practices.html#bsh_variables) of type `byte[]` (variable name as per \"Output Destination\" column)\n    * \"Context\": Store encrypted bytes in sampler context as object `byte[]` (context map key as per \"Output Destination\" column)\n    * \"Property\": Assign encrypted bytes to a sampler ObjectProperty (property name as per \"Output Destination\" column)\n    * \"Base64\": Assign encrypted bytes to JMeter variable as a base64-encoded String (variable name as per \"Output Destination\" column)\n* Output Destination: Name of the file/variable/property that will hold the encrypted attachment data.\n\nNotes:\n* For Encode=\"Element\" (`Attachment-Complete` as above), headers will be contained within the encrypted data.\nHowever, this plugin cannot modify the headers sent by the sampler, so the user needs to ensure\nthat sensitive headers are removed from the attachment part.\n* The `Content-Type` header value may be required for the `\u003cxenc:EncryptedData\u003e` MimeType attribute\nas per [processing rules](http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-SwAProfile-v1.1.1-os.html#_Toc307412712),\nso the user needs to provide it in the Headers column.\n\n#### Attachments to Decrypt\n\nThe plugin can also decrypt response attachments. They need to be listed as follows:\n* Content-ID: The Content-ID to tie the attachment back to a reference in the WSS header.\n* Bytes: Base64-encoded encrypted data from the sample response.\nThis will most likely be retrieved by some custom code snippet via [`__groovy()`](https://jmeter.apache.org/usermanual/functions.html#__groovy)\naccessing [`ctx.previousResult.subResults`](https://jmeter.apache.org/api/org/apache/jmeter/samplers/SampleResult.html#getSubResults--),\ndepending on how the sampler handles response attachments.\nExample: `${__groovy(ctx.previousResult.subResults[0].responseData.encodeBase64())}`\n\nNote: If an attachment is referenced in the response's WSS header but not included in the \"Attachments to Decrypt\" list, response validation will fail.\n\nThe decrypted attachment content (and possibly headers) will be stored as a sub-sample of the main sample.\nThe plugin will try to find a sub-sample that matches the attachment's Content-ID and if a match is found replace the sub-sample,\nor otherwise create a new sub-sample and add it to the main sample.\n\nThe search is done via recursively traversing all sub-samples (depth-first), and looking at either the sub-sample's Content-ID response header\nor the sub-sample's label.\nThis can be configured via the JMeter property `jmeter.wssecurity.findAttachmentsBySampleLabel`:\n1. If undefined/empty, use the Content-ID response header for matching the attachment's cid.\n2. If defined/non-empty, use this regular expression's first capture group for matching the attachment's cid.\n\nExample:\n\nSuppose a sampler generates a main sample with an attachment sub-sample \"somecontentid (text/xml)\" but does not set the Content-ID header.\nUsing the property value `jmeter.wssecurity.findAttachmentsBySampleLabel=(.*) \\(.*\\)` this sub-sample will be identified based on the first matcher group \"somecontentid\".\n\nTroubleshooting\n---------------\n\nThe signed or encrypted message payload can be inspected via \"View Results Tree\".\n\nTo avoid common problems, make sure that:\n- the Keystore contains an entry for the specified certificate alias,\n- the certificate and signature/encryption algorithms match,\n- the SOAP message is correctly formed and can be parsed,\n- [Unlimited Strength JCE](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) is installed to support all key lengths,\netc.\n\nIt may be useful to increase the logging level in order to investigate any keystore or encryption related issues, \nfor example by adding `--loglevel=org.apache.wss4j=DEBUG` to the JMeter command line. \n\nIt may also be helpful to inspect server side logs, especially for HTTP 500 type responses, unspecific SOAP Fault messages etc.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftilln%2Fjmeter-wssecurity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftilln%2Fjmeter-wssecurity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftilln%2Fjmeter-wssecurity/lists"}