We are trying to apply message-level security to our Web Services -
encrypting and singing the SOAP messages.

Our web service is deployed on Oracle WebLogic 10.3 application server. It
complies with standards:

*       WS Security 1.1
*       WS Security Policy 1.2
*       WS Policy 1.2

 

For implying message-level security on server side we use pre-populated
policy files, implementing WS Security Policy 1.2 specification.

 

On client side, we create the client application, using Axis2 1.5.1 with
Rampart 1.5. Security requirements for the client are provided by
WS-Security Policy file (policy_from_wsdl.xml attached), defining security
requirements, corresponding to the service's policies and the WSDL file
(SecureHelloWorldService.wsdl attached).

 

We have also configured x509 certificates for both server and client to be
used for encrypting and signing.

 

As a result of running the client against the service, we have:

1.      Client sends to the server a request message, which is signed and
encrypted.
2.      Server processes this request - decrypts the data and verifies
clients' signature.
3.      Server sends a response to the client, which is signed and
encrypted.
4.      Client fails to process the response:

 

     [java] org.apache.axis2.AxisFault: The signature or decryption was
invalid

     [java]     at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(Ram
partReceiver.java:166)

     [java]     at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)

     [java]     at org.apache.axis2.engine.Phase.invoke(Phase.java:318)

     [java]     at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)

     [java]     at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)

     [java]     at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx
isOperation.java:364)

     [java]     at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:417)

     [java]     at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO
peration.java:229)

     [java]     at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

     [java]     at
com.sosnoski.ws.library.adb.SecureHelloWorldServiceStub.sayHello(SecureHello
WorldServiceStub.java:187)

     [java]     at
com.sosnoski.ws.library.adb.WebServiceClient.main(WebServiceClient.java:82)

     [java] Caused by: org.apache.ws.security.WSSecurityException: The
signature or decryption was invalid

     [java]     at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Signa
tureProcessor.java:529)

     [java]     at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignaturePro
cessor.java:97)

     [java]     at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngi
ne.java:326)

     [java]     at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngi
ne.java:243)

     [java]     at
org.apache.rampart.RampartEngine.process(RampartEngine.java:154)

     [java]     at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)

 

 

While investigating the problem, we observe that:

-          even that we are using the same policies for the client and
server (the policy for the client is extracted from the WSDL, while the WSDL
is generated from the service including its policy files), the client and
server create SOAP messages with different structures (see attached request
and response messages). We assume that Axis client expects to receive a
message with different structure in order to process it.

 

Therefore here comes the question about Axis2 and WebLogic web services
interoperability. Both frameworks claim to comply with WS - Security 1.1 and
WS - Security Policy - 1.2 standards. We have tested secured Axis2 service
with Axis2 client, also secured WebLogic service with WebLogic-specific
client - in both cases the communication was successful, but when trying to
connect Axis2 client with WebLogic service it fails.

 

Please provide us with information: 

 - if there are any known problems/bugs/limitations on Axis2 client
communicating with non-Axis2 web service;

 - does Axis2 1.5.1 with Rampart 1.5 really implements above mentioned
standards? 

 - are there any other requirements for the other party application
(non-Axis2), except for complying with these standards, in order to
communicate securely (encrypted and signed messages) with the Axis2
application?

 

 

Thank you very much for your kind support

Maria Aneva

  

 

 

 

<?xml version='1.0' encoding='UTF-8'?>
  <!--
    Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version
    is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt).
  -->
  <!--
    Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version
    is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt).
  -->
<wsp:Policy wsu:Id="Wssp1.2-2007-Wss1.1-X509-Basic256.xml"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
            xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:AsymmetricBinding
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
        <wsp:Policy>
          <sp:InitiatorToken>
            <wsp:Policy>
              <sp:X509Token
                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
                <wsp:Policy>
                  <!--sp:RequireThumbprintReference /-->
                  <!--sp:RequireKeyIdentifierReference /-->
                  <sp:WssX509V3Token11 />
                </wsp:Policy>
              </sp:X509Token>
            </wsp:Policy>
          </sp:InitiatorToken>
          <sp:RecipientToken>
            <wsp:Policy>
              <sp:X509Token
                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
                <wsp:Policy>
                  <!--sp:RequireThumbprintReference /-->
                  <!--sp:RequireKeyIdentifierReference /-->
				  <sp:WssX509V3Token11/>
                </wsp:Policy>
              </sp:X509Token>
            </wsp:Policy>
          </sp:RecipientToken>
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:TripleDesRsa15/>
            </wsp:Policy>
          </sp:AlgorithmSuite>
          <sp:Layout>
            <wsp:Policy>
              <sp:Lax />
            </wsp:Policy>
          </sp:Layout>
          <sp:IncludeTimestamp />
          <sp:ProtectTokens/>
          <sp:OnlySignEntireHeadersAndBody />
        </wsp:Policy>
      </sp:AsymmetricBinding>

      <sp:Wss11
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
        <wsp:Policy>
		  <sp:MustSupportRefKeyIdentifier/>
		  <sp:MustSupportRefIssuerSerial/>
		  <sp:MustSupportRefThumbprint/>
		  <sp:MustSupportRefEncryptedKey/>
		  <sp:RequireSignatureConfirmation/>
                  <!--sp:RequireKeyIdentifierReference /-->
        </wsp:Policy>
      </sp:Wss11>

      <sp:EncryptedParts
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
        <sp:Body />
      </sp:EncryptedParts>

      <sp:SignedParts
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
        <sp:Body />
      </sp:SignedParts>

      <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
        <ramp:user>clientkey</ramp:user>
        <ramp:encryptionUser>serverkey</ramp:encryptionUser>
         <!-- weblogicserverkey -->  <!-- serverkey -->
        <ramp:passwordCallbackClass>com.sosnoski.ws.library.adb.PWCBHandler</ramp:passwordCallbackClass>
        <!--
          <ramp:signatureCrypto> <ramp:crypto
          provider="org.apache.ws.security.components.crypto.Merlin">
          <ramp:property
          name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
          <ramp:property
          name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property>
          <ramp:property
          name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
          </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto>
          <ramp:crypto
          provider="org.apache.ws.security.components.crypto.Merlin">
          <ramp:property
          name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
          <ramp:property
          name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property>
          <ramp:property
          name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
          </ramp:crypto> </ramp:encryptionCrypto>
        -->
        <ramp:signatureCrypto>
          <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
            <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property>
            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
          </ramp:crypto>
        </ramp:signatureCrypto>

        <ramp:encryptionCrypto>
          <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
            <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property>
            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
          </ramp:crypto>
        </ramp:encryptionCrypto>

      </ramp:RampartConfig>

    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Attachment: SecureHelloWorldService.wsdl
Description: Binary data

<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";>
  <S:Header>
    <wsse:Security
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
      S:mustUnderstand="1">
      <ns1:EncryptedKey xmlns:ns1="http://www.w3.org/2001/04/xmlenc#";
        Id="15t3sZzj2poCIpwX">
        <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
        <ns2:KeyInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#";>
          <wsse:SecurityTokenReference
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
            xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
            wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
            wsu:Id="str_FLvoOBWuHqrXQF4x">
            <wsse:KeyIdentifier
              EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
              ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
			  1MzezCfheKiI29jp5HW2fPYGyHU=
			</wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </ns2:KeyInfo>
        <ns1:CipherData>
          <ns1:CipherValue>
		     bCWky8LDXWCBFbKJkBW+uSEn6hImutKnXweAEVugZBYN9vsVJYrtKPddRX7TmZZdEenJ1DExQX9Bj7uGfhADP/nnJGtkRoLM5hFDbMl3b0Td212cpPfnjuFo0GhqEhkP/aJojMVVBhhLvAlabElavqQBALmCV5w3HSOaOFhtsJs=
		  </ns1:CipherValue>
        </ns1:CipherData>
        <ns1:ReferenceList>
          <ns1:DataReference URI="#afW22kxqCab7NPKb" />
        </ns1:ReferenceList>
      </ns1:EncryptedKey>
      <wsse11:SignatureConfirmation
        xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
        Value="PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A="
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
        wsu:Id="sigconf_RyhzddnlBzu3xW0m" />
      <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
        <dsig:SignedInfo>
          <dsig:CanonicalizationMethod
            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
            <exc14n:InclusiveNamespaces
              xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
          </dsig:CanonicalizationMethod>
          <dsig:SignatureMethod
            Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
          <dsig:Reference URI="#Timestamp_6uijMQPmQCwnq01f">
            <dsig:Transforms>
              <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
                <exc14n:InclusiveNamespaces
                  xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
              </dsig:Transform>
            </dsig:Transforms>
            <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
            <dsig:DigestValue>
			   AcwdLcC9DS5egZTiN7A6OlSOHG8=
			</dsig:DigestValue>
          </dsig:Reference>
          <dsig:Reference URI="#Body_YQnFXxh6RBDQoM10">
            <dsig:Transforms>
              <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
                <exc14n:InclusiveNamespaces
                  xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
              </dsig:Transform>
            </dsig:Transforms>
            <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
            <dsig:DigestValue>t2CUpcKkNct0SAAxlLY3cxtNqxw=</dsig:DigestValue>
          </dsig:Reference>
          <dsig:Reference URI="#sigconf_RyhzddnlBzu3xW0m">
            <dsig:Transforms>
              <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
                <exc14n:InclusiveNamespaces
                  xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
              </dsig:Transform>
            </dsig:Transforms>
            <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
            <dsig:DigestValue>AAbuve6qwSgdWZuD1NZKOC3rAIU=</dsig:DigestValue>
          </dsig:Reference>
          <dsig:Reference URI="#str_xHB4AkDj3T212LpD">
            <dsig:Transforms>
              <dsig:Transform
                Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";>
                <wsse:TransformationParameters>
                  <dsig:CanonicalizationMethod
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
                    <exc14n:InclusiveNamespaces
                      xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                  </dsig:CanonicalizationMethod>
                </wsse:TransformationParameters>
              </dsig:Transform>
            </dsig:Transforms>
            <dsig:DigestMethod
              Algorithm="h082fttp://www.w3.org/2000/09/xmldsig#sha1" />
            <dsig:DigestValue>WmgBvkgTFiOYX2VC4dUxKV/yi+4=</dsig:DigestValue>
          </dsig:Reference>
        </dsig:SignedInfo>
        <dsig:SignatureValue>h8W7qHjgGOI8OTwevLuyyPdiJn689TkN3rg7DzZOqkbt7mUbpD5V64mppJQGGbNLRKWlaMT/pPlkpQ23lbrj49thYg96slX5NIT83wIUiGTKufOyETg81ZXc8PHPVgY5fsqE1WWeeCsFm1d47zFF2pPwWNCm3GrbPsZO10gqN6w=</dsig:SignatureValue>
        <dsig:KeyInfo>
          <wsse:SecurityTokenReference
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
            xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
            wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
            wsu:Id="str_xHB4AkDj3T212LpD">
            <wsse:KeyIdentifier
              EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
              ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>
			  fM1KfdQAjKBvZzeaWpRUkjVXyOg=
			</wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </dsig:KeyInfo>
      </dsig:Signature>
      <wsu:Timestamp
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
        wsu:Id="Timestamp_6uijMQPmQCwnq01f">
        <wsu:Created>2010-02-12T10:10:44Z</wsu:Created>
        <wsu:Expires>2010-02-12T10:11:44Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
  </S:Header>
  <S:Body
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    wsu:Id="Body_YQnFXxh6RBDQoM10">
    <ns1:EncryptedData 
	  xmlns:ns1="http://www.w3.org/2001/04/xmlenc#";
      Id="afW22kxqCab7NPKb" 
	  Encoding="UTF-8" 
	  MimeType="text/xml"
      Type="http://www.w3.org/2001/04/xmlenc#Content";>
      <ns1:EncryptionMethod
        Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; />
      <ns1:CipherData>
        <ns1:CipherValue>ta9DAmg1D3YVjFPYCz+agHUUpOV97sfdQHu7y0oPjthB7jnNK6Ixdf1px2Itmzj51os++DiIt6zAZOu4cyFYjR19b4fsrdojslss6vrpQRIktH3Guamito25Nf61itTpKw6vsn5etKniV+mlX0nJloMQkpZZTK7S02990L8A6KE=</ns1:CipherValue>
      </ns1:CipherData>
    </ns1:EncryptedData>
  </S:Body>
</S:Envelope>
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
  <soapenv:Header>
    <wsse:Security
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
      soapenv:mustUnderstand="1">
      <wsu:Timestamp
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
        wsu:Id="Timestamp-1">
        <wsu:Created>2010-02-12T10:10:41.470Z
        </wsu:Created>
        <wsu:Expires>2010-02-12T10:15:41.470Z
        </wsu:Expires>
      </wsu:Timestamp>
      <xenc:EncryptedKey Id="EncKeyId-75CCEA48EACB75B70412659694440955">
        <xenc:EncryptionMethod
          Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
          <wsse:SecurityTokenReference>
            <wsse:KeyIdentifier
              EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>
              1TdlyAJ8gQz7EeJI7/TEMkrremg=
            </wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>
            mmFl6AVe8XXmd+2O7Lz0jh4rX5mQEExIzUxlq6WL9FIFccyR9WifSictkYbA3G4oZfkss18IolsoBw0tdAIPXqAVHIJWqZt4VnDnXKAlCariyA0geWcmUS/27dpLR63wdyw54FSnq27QcVhBoyHzLp0XbFJ8ceXSOoed0OhMXaA=
          </xenc:CipherValue>
        </xenc:CipherData>
        <xenc:ReferenceList>
          <xenc:DataReference URI="#EncDataId-3" />
        </xenc:ReferenceList>
      </xenc:EncryptedKey>
      <wsse:BinarySecurityToken
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
        wsu:Id="CertId-75CCEA48EACB75B70412659694418141">
        MIIDtTCCAx6gAwIBAgIBHTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCQkcxDjAMBgNVBAgTBVNvZmlhMQ4wDAYDVQQHEwVTb2ZpYTEVMBMGA1UEChMMaTpGQU8gQkcgTFREMQ8wDQYDVQQLEwZJVFMgQkcxHjAcBgNVBAMTFW5vbmFtZS5zb2ZpYS5pZmFvLm5ldDEiMCAGCSqGSIb3DQEJARYTdGVjaG5pay1iZ0BpZmFvLm5ldDAeFw0xMDAxMTExNTA4NThaFw0xNTAxMTAxNTA4NThaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFzAVBgNVBAoTDmk6RkFPIEJ1bGdhcmlhMQ8wDQYDVQQLEwZJVFMtQkcxJTAjBgNVBAMTHG1hbmV2YS5jbGllbnQuc29maWEuaWZhby5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAITL0ZRBzEBP+hqbTSniEIAHTsKx21RaD5FYN/bGkEg2vvM5d7ldc9npbCJ8AxL59qKVc+4gdOoDvs2HDWBHADISFV7p8257ZznmCPrZQLqaXS4buPdCsPauOPuI0A/lz0ot38v4lfQwnDyt677n203j063gvf2HSMtdeqXKYH+nAgMBAAGjggElMIIBITAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYgzEyhc6ryZWcKho+9c2znrtVQ8wgcYGA1UdIwSBvjCBu4AUPh3kQ4kagsBrKfUre+FLVuFCaGShgZ+kgZwwgZkxCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFTATBgNVBAoTDGk6RkFPIEJHIExURDEPMA0GA1UECxMGSVRTIEJHMR4wHAYDVQQDExVub25hbWUuc29maWEuaWZhby5uZXQxIjAgBgkqhkiG9w0BCQEWE3RlY2huaWstYmdAaWZhby5uZXSCAQAwDQYJKoZIhvcNAQEEBQADgYEAVewc9jYQIFTs3dHjmnWN1gxbZajIXb+hpMHFI7ViFp0s769KndUblYIg2SHUte5fXAPyHwZJcRqn54eu6olhDnQnYUkTv1N58nJml1tRMgH0jmeKM15+rfpRCD/xdw3XDyFgjBe0mAt2oAB2Efrcz2IkxiloNggC6pg1g1tSZPI=
      </wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
        Id="Signature-2">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod
            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
          <ds:SignatureMethod
            Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
          <ds:Reference URI="#Id-9175756">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
            <ds:DigestValue>7bNU7War5Sw6rVnYZ1rkdRZDkhQ=
            </ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#Timestamp-1">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
            <ds:DigestValue>StndUMB/iWVsT1ALIqj7Sy6755I=
            </ds:DigestValue>
          </ds:Reference>
          <ds:Reference UR857I="#CertId-75CCEA48EACB75B70412659694418141">
            <ds:Transforms>

              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
            <ds:DigestValue>tg3OIUyNmkqL0MdQqpeSr6f0sL0=
            </ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
          PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A=
        </ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-75CCEA48EACB75B70412659694418292">
          <wsse:SecurityTokenReference
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
            wsu:Id="STRId-75CCEA48EACB75B70412659694418453">
            <wsse:Reference URI="#CertId-75CCEA48EACB75B70412659694418141"
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; />
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    wsu:Id="Id-9175756">
    <xenc:EncryptedData Id="EncDataId-3"
      Type="http://www.w3.org/2001/04/xmlenc#Content";>
      <xenc:EncryptionMethod
        Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; />
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
        <wsse:SecurityTokenReference
          xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
          <wsse:Reference URI="#EncKeyId-75CCEA48EACB75B70412659694440955" />
        </wsse:SecurityTokenReference>
      </ds:KeyInfo>
      <xenc:CipherData>
        <xenc:CipherValue>
          J9mC94g5ZUnnqCWxq+qtwdSr+75YAra6kmkWgVCIwfF4S234AKj1J0NCI+C/R67b88F7V439WTwKTTPOtDsw636hJyHR0LOjBgNHmAQU0Z5ehzCEj7sprakrbt90zCbWENvuCLESw8cm7QUkwV+GbaGvI15QQbN4cBqz7uizPNSRAfvibqeAwXfWhYV9u+KeJRQfnj40Og4DwxHbzT3fEWssd2QY3J8x6Xq5UQrqSg2d87blHW/o7FL0ZQ0SEG98fO86385IiDuOKcd/6rwm6zpgNe0aRtjsr9xrQNx7opP4IEZ25h0fHK/BbRBsMW/HmE+CpIE4/wMlOQmn49vMhvG1TzqgSD3faZZ5zqH2n89N78NzNmoPi+wObN0TPgFL3i4amffbjTY=
        </xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedData>
  </soapenv:Body>
</soapenv:Envelope>

Reply via email to