We are trying to apply message-level security to our Web Services - encrypting and singing the SOAP messages.
Our web service is deployed on Oracle WebLogic 10.3 application server. It complies with standards: * WS Security 1.1 * WS Security Policy 1.2 * WS Policy 1.2 For implying message-level security on server side we use pre-populated policy files, implementing WS Security Policy 1.2 specification. On client side, we create the client application, using Axis2 1.5.1 with Rampart 1.5. Security requirements for the client are provided by WS-Security Policy file (policy_from_wsdl.xml attached), defining security requirements, corresponding to the service's policies and the WSDL file (SecureHelloWorldService.wsdl attached). We have also configured x509 certificates for both server and client to be used for encrypting and signing. As a result of running the client against the service, we have: 1. Client sends to the server a request message, which is signed and encrypted. 2. Server processes this request - decrypts the data and verifies clients' signature. 3. Server sends a response to the client, which is signed and encrypted. 4. Client fails to process the response: [java] org.apache.axis2.AxisFault: The signature or decryption was invalid [java] at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(Ram partReceiver.java:166) [java] at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95) [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318) [java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) [java] at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) [java] at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx isOperation.java:364) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio n.java:417) [java] at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO peration.java:229) [java] at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) [java] at com.sosnoski.ws.library.adb.SecureHelloWorldServiceStub.sayHello(SecureHello WorldServiceStub.java:187) [java] at com.sosnoski.ws.library.adb.WebServiceClient.main(WebServiceClient.java:82) [java] Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid [java] at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Signa tureProcessor.java:529) [java] at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignaturePro cessor.java:97) [java] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngi ne.java:326) [java] at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngi ne.java:243) [java] at org.apache.rampart.RampartEngine.process(RampartEngine.java:154) [java] at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) While investigating the problem, we observe that: - even that we are using the same policies for the client and server (the policy for the client is extracted from the WSDL, while the WSDL is generated from the service including its policy files), the client and server create SOAP messages with different structures (see attached request and response messages). We assume that Axis client expects to receive a message with different structure in order to process it. Therefore here comes the question about Axis2 and WebLogic web services interoperability. Both frameworks claim to comply with WS - Security 1.1 and WS - Security Policy - 1.2 standards. We have tested secured Axis2 service with Axis2 client, also secured WebLogic service with WebLogic-specific client - in both cases the communication was successful, but when trying to connect Axis2 client with WebLogic service it fails. Please provide us with information: - if there are any known problems/bugs/limitations on Axis2 client communicating with non-Axis2 web service; - does Axis2 1.5.1 with Rampart 1.5 really implements above mentioned standards? - are there any other requirements for the other party application (non-Axis2), except for complying with these standards, in order to communicate securely (encrypted and signed messages) with the Axis2 application? Thank you very much for your kind support Maria Aneva
<?xml version='1.0' encoding='UTF-8'?> <!-- Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt). --> <!-- Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt). --> <wsp:Policy wsu:Id="Wssp1.2-2007-Wss1.1-X509-Basic256.xml" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <!--sp:RequireThumbprintReference /--> <!--sp:RequireKeyIdentifierReference /--> <sp:WssX509V3Token11 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"> <wsp:Policy> <!--sp:RequireThumbprintReference /--> <!--sp:RequireKeyIdentifierReference /--> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax /> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp /> <sp:ProtectTokens/> <sp:OnlySignEntireHeadersAndBody /> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> <sp:MustSupportRefEncryptedKey/> <sp:RequireSignatureConfirmation/> <!--sp:RequireKeyIdentifierReference /--> </wsp:Policy> </sp:Wss11> <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <sp:Body /> </sp:EncryptedParts> <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <sp:Body /> </sp:SignedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>clientkey</ramp:user> <ramp:encryptionUser>serverkey</ramp:encryptionUser> <!-- weblogicserverkey --> <!-- serverkey --> <ramp:passwordCallbackClass>com.sosnoski.ws.library.adb.PWCBHandler</ramp:passwordCallbackClass> <!-- <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property> </ramp:crypto> </ramp:encryptionCrypto> --> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> </ramp:crypto> </ramp:encryptionCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
SecureHelloWorldService.wsdl
Description: Binary data
<?xml version='1.0' encoding='UTF-8'?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1"> <ns1:EncryptedKey xmlns:ns1="http://www.w3.org/2001/04/xmlenc#" Id="15t3sZzj2poCIpwX"> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <ns2:KeyInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="str_FLvoOBWuHqrXQF4x"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"> 1MzezCfheKiI29jp5HW2fPYGyHU= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ns2:KeyInfo> <ns1:CipherData> <ns1:CipherValue> bCWky8LDXWCBFbKJkBW+uSEn6hImutKnXweAEVugZBYN9vsVJYrtKPddRX7TmZZdEenJ1DExQX9Bj7uGfhADP/nnJGtkRoLM5hFDbMl3b0Td212cpPfnjuFo0GhqEhkP/aJojMVVBhhLvAlabElavqQBALmCV5w3HSOaOFhtsJs= </ns1:CipherValue> </ns1:CipherData> <ns1:ReferenceList> <ns1:DataReference URI="#afW22kxqCab7NPKb" /> </ns1:ReferenceList> </ns1:EncryptedKey> <wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" Value="PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A=" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sigconf_RyhzddnlBzu3xW0m" /> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:CanonicalizationMethod> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <dsig:Reference URI="#Timestamp_6uijMQPmQCwnq01f"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue> AcwdLcC9DS5egZTiN7A6OlSOHG8= </dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body_YQnFXxh6RBDQoM10"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>t2CUpcKkNct0SAAxlLY3cxtNqxw=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#sigconf_RyhzddnlBzu3xW0m"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>AAbuve6qwSgdWZuD1NZKOC3rAIU=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#str_xHB4AkDj3T212LpD"> <dsig:Transforms> <dsig:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"> <wsse:TransformationParameters> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" /> </dsig:CanonicalizationMethod> </wsse:TransformationParameters> </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="h082fttp://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>WmgBvkgTFiOYX2VC4dUxKV/yi+4=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>h8W7qHjgGOI8OTwevLuyyPdiJn689TkN3rg7DzZOqkbt7mUbpD5V64mppJQGGbNLRKWlaMT/pPlkpQ23lbrj49thYg96slX5NIT83wIUiGTKufOyETg81ZXc8PHPVgY5fsqE1WWeeCsFm1d47zFF2pPwWNCm3GrbPsZO10gqN6w=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="str_xHB4AkDj3T212LpD"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"> fM1KfdQAjKBvZzeaWpRUkjVXyOg= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp_6uijMQPmQCwnq01f"> <wsu:Created>2010-02-12T10:10:44Z</wsu:Created> <wsu:Expires>2010-02-12T10:11:44Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </S:Header> <S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body_YQnFXxh6RBDQoM10"> <ns1:EncryptedData xmlns:ns1="http://www.w3.org/2001/04/xmlenc#" Id="afW22kxqCab7NPKb" Encoding="UTF-8" MimeType="text/xml" Type="http://www.w3.org/2001/04/xmlenc#Content"> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <ns1:CipherData> <ns1:CipherValue>ta9DAmg1D3YVjFPYCz+agHUUpOV97sfdQHu7y0oPjthB7jnNK6Ixdf1px2Itmzj51os++DiIt6zAZOu4cyFYjR19b4fsrdojslss6vrpQRIktH3Guamito25Nf61itTpKw6vsn5etKniV+mlX0nJloMQkpZZTK7S02990L8A6KE=</ns1:CipherValue> </ns1:CipherData> </ns1:EncryptedData> </S:Body> </S:Envelope>
<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"> <wsu:Created>2010-02-12T10:10:41.470Z </wsu:Created> <wsu:Expires>2010-02-12T10:15:41.470Z </wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-75CCEA48EACB75B70412659694440955"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"> 1TdlyAJ8gQz7EeJI7/TEMkrremg= </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> mmFl6AVe8XXmd+2O7Lz0jh4rX5mQEExIzUxlq6WL9FIFccyR9WifSictkYbA3G4oZfkss18IolsoBw0tdAIPXqAVHIJWqZt4VnDnXKAlCariyA0geWcmUS/27dpLR63wdyw54FSnq27QcVhBoyHzLp0XbFJ8ceXSOoed0OhMXaA= </xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-3" /> </xenc:ReferenceList> </xenc:EncryptedKey> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-75CCEA48EACB75B70412659694418141"> MIIDtTCCAx6gAwIBAgIBHTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCQkcxDjAMBgNVBAgTBVNvZmlhMQ4wDAYDVQQHEwVTb2ZpYTEVMBMGA1UEChMMaTpGQU8gQkcgTFREMQ8wDQYDVQQLEwZJVFMgQkcxHjAcBgNVBAMTFW5vbmFtZS5zb2ZpYS5pZmFvLm5ldDEiMCAGCSqGSIb3DQEJARYTdGVjaG5pay1iZ0BpZmFvLm5ldDAeFw0xMDAxMTExNTA4NThaFw0xNTAxMTAxNTA4NThaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFzAVBgNVBAoTDmk6RkFPIEJ1bGdhcmlhMQ8wDQYDVQQLEwZJVFMtQkcxJTAjBgNVBAMTHG1hbmV2YS5jbGllbnQuc29maWEuaWZhby5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAITL0ZRBzEBP+hqbTSniEIAHTsKx21RaD5FYN/bGkEg2vvM5d7ldc9npbCJ8AxL59qKVc+4gdOoDvs2HDWBHADISFV7p8257ZznmCPrZQLqaXS4buPdCsPauOPuI0A/lz0ot38v4lfQwnDyt677n203j063gvf2HSMtdeqXKYH+nAgMBAAGjggElMIIBITAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYgzEyhc6ryZWcKho+9c2znrtVQ8wgcYGA1UdIwSBvjCBu4AUPh3kQ4kagsBrKfUre+FLVuFCaGShgZ+kgZwwgZkxCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFTATBgNVBAoTDGk6RkFPIEJHIExURDEPMA0GA1UECxMGSVRTIEJHMR4wHAYDVQQDExVub25hbWUuc29maWEuaWZhby5uZXQxIjAgBgkqhkiG9w0BCQEWE3RlY2huaWstYmdAaWZhby5uZXSCAQAwDQYJKoZIhvcNAQEEBQADgYEAVewc9jYQIFTs3dHjmnWN1gxbZajIXb+hpMHFI7ViFp0s769KndUblYIg2SHUte5fXAPyHwZJcRqn54eu6olhDnQnYUkTv1N58nJml1tRMgH0jmeKM15+rfpRCD/xdw3XDyFgjBe0mAt2oAB2Efrcz2IkxiloNggC6pg1g1tSZPI= </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#Id-9175756"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>7bNU7War5Sw6rVnYZ1rkdRZDkhQ= </ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-1"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>StndUMB/iWVsT1ALIqj7Sy6755I= </ds:DigestValue> </ds:Reference> <ds:Reference UR857I="#CertId-75CCEA48EACB75B70412659694418141"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>tg3OIUyNmkqL0MdQqpeSr6f0sL0= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-75CCEA48EACB75B70412659694418292"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-75CCEA48EACB75B70412659694418453"> <wsse:Reference URI="#CertId-75CCEA48EACB75B70412659694418141" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-9175756"> <xenc:EncryptedData Id="EncDataId-3" Type="http://www.w3.org/2001/04/xmlenc#Content"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#EncKeyId-75CCEA48EACB75B70412659694440955" /> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue> J9mC94g5ZUnnqCWxq+qtwdSr+75YAra6kmkWgVCIwfF4S234AKj1J0NCI+C/R67b88F7V439WTwKTTPOtDsw636hJyHR0LOjBgNHmAQU0Z5ehzCEj7sprakrbt90zCbWENvuCLESw8cm7QUkwV+GbaGvI15QQbN4cBqz7uizPNSRAfvibqeAwXfWhYV9u+KeJRQfnj40Og4DwxHbzT3fEWssd2QY3J8x6Xq5UQrqSg2d87blHW/o7FL0ZQ0SEG98fO86385IiDuOKcd/6rwm6zpgNe0aRtjsr9xrQNx7opP4IEZ25h0fHK/BbRBsMW/HmE+CpIE4/wMlOQmn49vMhvG1TzqgSD3faZZ5zqH2n89N78NzNmoPi+wObN0TPgFL3i4amffbjTY= </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>