We are trying to apply message-level security to our Web Services - encrypting and singing the SOAP messages.
Our web service is deployed on Oracle WebLogic 10.3 application server. It
complies with standards:
* WS Security 1.1
* WS Security Policy 1.2
* WS Policy 1.2
For implying message-level security on server side we use pre-populated
policy files, implementing WS Security Policy 1.2 specification.
On client side, we create the client application, using Axis2 1.5.1 with
Rampart 1.5. Security requirements for the client are provided by
WS-Security Policy file (policy_from_wsdl.xml attached), defining security
requirements, corresponding to the service's policies and the WSDL file
(SecureHelloWorldService.wsdl attached).
We have also configured x509 certificates for both server and client to be
used for encrypting and signing.
As a result of running the client against the service, we have:
1. Client sends to the server a request message, which is signed and
encrypted.
2. Server processes this request - decrypts the data and verifies
clients' signature.
3. Server sends a response to the client, which is signed and
encrypted.
4. Client fails to process the response:
[java] org.apache.axis2.AxisFault: The signature or decryption was
invalid
[java] at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(Ram
partReceiver.java:166)
[java] at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
[java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
[java] at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
[java] at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx
isOperation.java:364)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:417)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO
peration.java:229)
[java] at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
[java] at
com.sosnoski.ws.library.adb.SecureHelloWorldServiceStub.sayHello(SecureHello
WorldServiceStub.java:187)
[java] at
com.sosnoski.ws.library.adb.WebServiceClient.main(WebServiceClient.java:82)
[java] Caused by: org.apache.ws.security.WSSecurityException: The
signature or decryption was invalid
[java] at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Signa
tureProcessor.java:529)
[java] at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignaturePro
cessor.java:97)
[java] at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngi
ne.java:326)
[java] at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngi
ne.java:243)
[java] at
org.apache.rampart.RampartEngine.process(RampartEngine.java:154)
[java] at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
While investigating the problem, we observe that:
- even that we are using the same policies for the client and
server (the policy for the client is extracted from the WSDL, while the WSDL
is generated from the service including its policy files), the client and
server create SOAP messages with different structures (see attached request
and response messages). We assume that Axis client expects to receive a
message with different structure in order to process it.
Therefore here comes the question about Axis2 and WebLogic web services
interoperability. Both frameworks claim to comply with WS - Security 1.1 and
WS - Security Policy - 1.2 standards. We have tested secured Axis2 service
with Axis2 client, also secured WebLogic service with WebLogic-specific
client - in both cases the communication was successful, but when trying to
connect Axis2 client with WebLogic service it fails.
Please provide us with information:
- if there are any known problems/bugs/limitations on Axis2 client
communicating with non-Axis2 web service;
- does Axis2 1.5.1 with Rampart 1.5 really implements above mentioned
standards?
- are there any other requirements for the other party application
(non-Axis2), except for complying with these standards, in order to
communicate securely (encrypted and signed messages) with the Axis2
application?
Thank you very much for your kind support
Maria Aneva
<?xml version='1.0' encoding='UTF-8'?>
<!--
Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version
is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt).
-->
<!--
Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version
is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt).
-->
<wsp:Policy wsu:Id="Wssp1.2-2007-Wss1.1-X509-Basic256.xml"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<!--sp:RequireThumbprintReference /-->
<!--sp:RequireKeyIdentifierReference /-->
<sp:WssX509V3Token11 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
<wsp:Policy>
<!--sp:RequireThumbprintReference /-->
<!--sp:RequireKeyIdentifierReference /-->
<sp:WssX509V3Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:ProtectTokens/>
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
<sp:RequireSignatureConfirmation/>
<!--sp:RequireKeyIdentifierReference /-->
</wsp:Policy>
</sp:Wss11>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:EncryptedParts>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>clientkey</ramp:user>
<ramp:encryptionUser>serverkey</ramp:encryptionUser>
<!-- weblogicserverkey --> <!-- serverkey -->
<ramp:passwordCallbackClass>com.sosnoski.ws.library.adb.PWCBHandler</ramp:passwordCallbackClass>
<!--
<ramp:signatureCrypto> <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
</ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
</ramp:crypto> </ramp:encryptionCrypto>
-->
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
</ramp:crypto>
</ramp:encryptionCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
SecureHelloWorldService.wsdl
Description: Binary data
<?xml version='1.0' encoding='UTF-8'?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";> <S:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; S:mustUnderstand="1"> <ns1:EncryptedKey xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"; Id="15t3sZzj2poCIpwX"> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ns2:KeyInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="str_FLvoOBWuHqrXQF4x"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";> 1MzezCfheKiI29jp5HW2fPYGyHU= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ns2:KeyInfo> <ns1:CipherData> <ns1:CipherValue> bCWky8LDXWCBFbKJkBW+uSEn6hImutKnXweAEVugZBYN9vsVJYrtKPddRX7TmZZdEenJ1DExQX9Bj7uGfhADP/nnJGtkRoLM5hFDbMl3b0Td212cpPfnjuFo0GhqEhkP/aJojMVVBhhLvAlabElavqQBALmCV5w3HSOaOFhtsJs= </ns1:CipherValue> </ns1:CipherData> <ns1:ReferenceList> <ns1:DataReference URI="#afW22kxqCab7NPKb" /> </ns1:ReferenceList> </ns1:EncryptedKey> <wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; Value="PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A=" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="sigconf_RyhzddnlBzu3xW0m" /> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:CanonicalizationMethod> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <dsig:Reference URI="#Timestamp_6uijMQPmQCwnq01f"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue> AcwdLcC9DS5egZTiN7A6OlSOHG8= </dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body_YQnFXxh6RBDQoM10"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>t2CUpcKkNct0SAAxlLY3cxtNqxw=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#sigconf_RyhzddnlBzu3xW0m"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <dsig:DigestValue>AAbuve6qwSgdWZuD1NZKOC3rAIU=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#str_xHB4AkDj3T212LpD"> <dsig:Transforms> <dsig:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";> <wsse:TransformationParameters> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </dsig:CanonicalizationMethod> </wsse:TransformationParameters> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="h082fttp://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>WmgBvkgTFiOYX2VC4dUxKV/yi+4=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>h8W7qHjgGOI8OTwevLuyyPdiJn689TkN3rg7DzZOqkbt7mUbpD5V64mppJQGGbNLRKWlaMT/pPlkpQ23lbrj49thYg96slX5NIT83wIUiGTKufOyETg81ZXc8PHPVgY5fsqE1WWeeCsFm1d47zFF2pPwWNCm3GrbPsZO10gqN6w=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="str_xHB4AkDj3T212LpD"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";> fM1KfdQAjKBvZzeaWpRUkjVXyOg= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp_6uijMQPmQCwnq01f"> <wsu:Created>2010-02-12T10:10:44Z</wsu:Created> <wsu:Expires>2010-02-12T10:11:44Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </S:Header> <S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Body_YQnFXxh6RBDQoM10"> <ns1:EncryptedData xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"; Id="afW22kxqCab7NPKb" Encoding="UTF-8" MimeType="text/xml" Type="http://www.w3.org/2001/04/xmlenc#Content";> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; /> <ns1:CipherData> <ns1:CipherValue>ta9DAmg1D3YVjFPYCz+agHUUpOV97sfdQHu7y0oPjthB7jnNK6Ixdf1px2Itmzj51os++DiIt6zAZOu4cyFYjR19b4fsrdojslss6vrpQRIktH3Guamito25Nf61itTpKw6vsn5etKniV+mlX0nJloMQkpZZTK7S02990L8A6KE=</ns1:CipherValue> </ns1:CipherData> </ns1:EncryptedData> </S:Body> </S:Envelope>
<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-1"> <wsu:Created>2010-02-12T10:10:41.470Z </wsu:Created> <wsu:Expires>2010-02-12T10:15:41.470Z </wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-75CCEA48EACB75B70412659694440955"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";> 1TdlyAJ8gQz7EeJI7/TEMkrremg= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> mmFl6AVe8XXmd+2O7Lz0jh4rX5mQEExIzUxlq6WL9FIFccyR9WifSictkYbA3G4oZfkss18IolsoBw0tdAIPXqAVHIJWqZt4VnDnXKAlCariyA0geWcmUS/27dpLR63wdyw54FSnq27QcVhBoyHzLp0XbFJ8ceXSOoed0OhMXaA= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-3" /> </xenc:ReferenceList> </xenc:EncryptedKey> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-75CCEA48EACB75B70412659694418141"> MIIDtTCCAx6gAwIBAgIBHTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCQkcxDjAMBgNVBAgTBVNvZmlhMQ4wDAYDVQQHEwVTb2ZpYTEVMBMGA1UEChMMaTpGQU8gQkcgTFREMQ8wDQYDVQQLEwZJVFMgQkcxHjAcBgNVBAMTFW5vbmFtZS5zb2ZpYS5pZmFvLm5ldDEiMCAGCSqGSIb3DQEJARYTdGVjaG5pay1iZ0BpZmFvLm5ldDAeFw0xMDAxMTExNTA4NThaFw0xNTAxMTAxNTA4NThaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFzAVBgNVBAoTDmk6RkFPIEJ1bGdhcmlhMQ8wDQYDVQQLEwZJVFMtQkcxJTAjBgNVBAMTHG1hbmV2YS5jbGllbnQuc29maWEuaWZhby5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAITL0ZRBzEBP+hqbTSniEIAHTsKx21RaD5FYN/bGkEg2vvM5d7ldc9npbCJ8AxL59qKVc+4gdOoDvs2HDWBHADISFV7p8257ZznmCPrZQLqaXS4buPdCsPauOPuI0A/lz0ot38v4lfQwnDyt677n203j063gvf2HSMtdeqXKYH+nAgMBAAGjggElMIIBITAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYgzEyhc6ryZWcKho+9c2znrtVQ8wgcYGA1UdIwSBvjCBu4AUPh3kQ4kagsBrKfUre+FLVuFCaGShgZ+kgZwwgZkxCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFTATBgNVBAoTDGk6RkFPIEJHIExURDEPMA0GA1UECxMGSVRTIEJHMR4wHAYDVQQDExVub25hbWUuc29maWEuaWZhby5uZXQxIjAgBgkqhkiG9w0BCQEWE3RlY2huaWstYmdAaWZhby5uZXSCAQAwDQYJKoZIhvcNAQEEBQADgYEAVewc9jYQIFTs3dHjmnWN1gxbZajIXb+hpMHFI7ViFp0s769KndUblYIg2SHUte5fXAPyHwZJcRqn54eu6olhDnQnYUkTv1N58nJml1tRMgH0jmeKM15+rfpRCD/xdw3XDyFgjBe0mAt2oAB2Efrcz2IkxiloNggC6pg1g1tSZPI= </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#Id-9175756"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>7bNU7War5Sw6rVnYZ1rkdRZDkhQ= </ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-1"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>StndUMB/iWVsT1ALIqj7Sy6755I= </ds:DigestValue> </ds:Reference> <ds:Reference UR857I="#CertId-75CCEA48EACB75B70412659694418141"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>tg3OIUyNmkqL0MdQqpeSr6f0sL0= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-75CCEA48EACB75B70412659694418292"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-75CCEA48EACB75B70412659694418453"> <wsse:Reference URI="#CertId-75CCEA48EACB75B70412659694418141" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-9175756"> <xenc:EncryptedData Id="EncDataId-3" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:Reference URI="#EncKeyId-75CCEA48EACB75B70412659694440955" /> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> J9mC94g5ZUnnqCWxq+qtwdSr+75YAra6kmkWgVCIwfF4S234AKj1J0NCI+C/R67b88F7V439WTwKTTPOtDsw636hJyHR0LOjBgNHmAQU0Z5ehzCEj7sprakrbt90zCbWENvuCLESw8cm7QUkwV+GbaGvI15QQbN4cBqz7uizPNSRAfvibqeAwXfWhYV9u+KeJRQfnj40Og4DwxHbzT3fEWssd2QY3J8x6Xq5UQrqSg2d87blHW/o7FL0ZQ0SEG98fO86385IiDuOKcd/6rwm6zpgNe0aRtjsr9xrQNx7opP4IEZ25h0fHK/BbRBsMW/HmE+CpIE4/wMlOQmn49vMhvG1TzqgSD3faZZ5zqH2n89N78NzNmoPi+wObN0TPgFL3i4amffbjTY= </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>
