Hello everyone, since my last message was kinda disorganized I'm rewriting it. I'm trying to use a CXF Client to access a Web Service which uses a WS-Policy enforced by an Oracle Tool but I'm having some interoperability issues. The Oracle Client obviously works but the CXF Client for some reason sends a different request format and then an error is shown. As what it seams CXF makes a SAML Reference althought there is no mention about it in the policy. Because of that the Oracle Server shows the following error:
<WSM-00035> <Error in Signature reference mechanism compliance : Expected : http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey , Actual : http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey.> I have no idea why CXF has this kind of behavior. The WS-SecurityPolicy in the WSDL is inserted by the Oracle tool and not mannualy written, so I suppose the problem is not in it. I'll show in sequence the WSDL, the Oracle Request, CXF request and my CXF Client Config: WSDL of the service: <definitions name="SwapTestService" targetNamespace="http://swap/test/v01";> <wsp:Policy wsu:Id="SwapTestPort_Fault_Policy" /> <wsp:Policy wsu:Id="SwapTestPort_Input_Policy"> <sp:SignedParts> <sp:Body /> <sp:Header Namespace="http://www.w3.org/2005/08/addressing"; /> <sp:Header Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"; /> <sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> </sp:SignedParts> <sp:EncryptedParts> <sp:Body /> <sp:Header Name="fmw-context" Namespace="http://xmlns.oracle.com/fmw/context/1.0"; /> </sp:EncryptedParts> </wsp:Policy> <wsp:Policy wsu:Id="SwapTestPort_Output_Policy"> <sp:SignedParts> <sp:Body /> </sp:SignedParts> <sp:EncryptedParts> <sp:Body /> </sp:EncryptedParts> </wsp:Policy> <wsp:Policy wsu:Id="wss11_x509_token_with_message_protection_service_policy"> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireThumbprintReference /> <sp:WssX509V3Token11 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128 /> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax /> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp /> <sp:ProtectTokens /> <sp:OnlySignEntireHeadersAndBody /> </wsp:Policy> </sp:SymmetricBinding> <sp:EndorsingSupportingTokens> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token11 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11> <wsp:Policy> <sp:RequireSignatureConfirmation /> <sp:MustSupportRefEncryptedKey /> </wsp:Policy> </sp:Wss11> </wsp:Policy> <types> <xsd:schema> <xsd:import namespace="http://swap/test/v01"; schemaLocation="http://localhost:7001/swaptest/SwapTest?xsd=1"; /> </xsd:schema> </types> <message name="testSwap"> <part name="parameters" element="tns:testSwap" /> </message> <message name="testSwapResponse"> <part name="parameters" element="tns:testSwapResponse" /> </message> <portType name="TestWSImpl"> <operation name="testSwap"> <input message="tns:testSwap" /> <output message="tns:testSwapResponse" /> </operation> </portType> <binding name="SwapTestPortBinding" type="tns:TestWSImpl"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"; /> <wsp:PolicyReference URI="#wss11_x509_token_with_message_protection_service_policy" wsdl:required="false" /> <operation name="testSwap"> <soap:operation soapAction="" /> <input> <soap:body use="literal" /> <wsp:PolicyReference URI="#SwapTestPort_Input_Policy" wsdl:required="false" /> </input> <output> <soap:body use="literal" /> <wsp:PolicyReference URI="#SwapTestPort_Output_Policy" wsdl:required="false" /> </output> </operation> </binding> <service name="SwapTestService"> <port name="SwapTestPort" binding="tns:SwapTestPortBinding"> <soap:address location="http://localhost:7001/swaptest/SwapTest"; /> <wsa:EndpointReference> <wsa:Address>http://localhost:7001/swaptest/SwapTest</wsa:Address> <wsid:Identity> <dsig:KeyInfo> <dsig:X509Data> <dsig:X509Certificate> MIIEUDCCAjigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTI1MDdaFw0xNDA4MTEyMTI1MDdaMFkxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRowGAYDVQQDExFJbnRlZ3JhY2FvIEZpc2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAictuCNxhLJ2kP9p6TZvwRUTvuoKHS2HMUVjVR3u42BoMf7t83eZMUvBxc3+KdF4MjABgn8H/dPzlc09xCQcd/E5NbYEqagvW3mcJRmO/RyTQEbEySzHLoG/yEJZSz/5adwrTMaZCdm5SLzqfbL8g2Ojmrw11kGNOgLhD9W4UpnECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPNBvtmMi8wQ6I2PjOWjTNcICTV6MB8GA1UdIwQYMBaAFDv3oNoqns9YZw4QoyP4tzKaZv1SMA0GCSqGSIb3DQEBBQUAA4ICAQBkDVoCKmkMGdDF7sQAPfv6kKXQoWutQZ62jgoXLy9TLnGFDh1lde+AF6uE68PwzhpSq0+LVtysW0nwoV5lm0bqU4xw/eopelyMrXLjRaWEZ45owDzOE/+qOATMsV4AfXb5MVnQVpAQXQPntJtwFivw1AIBacluL8RXWepz1N5dols1HSERDI3jyPZ067nfFLfCbv9pTrRjLk5MQiQ4+Ri7lFT7Oj8gxqO+4mMt4W9xE4SfR3rUDq3Srtz9bQE2sP5vyG3+D+smmtENb5Wv+TlmNzBzYjvBe76gChMDG9ftGuaiX4NOERod0u7x2s2Q94pDngL7wxRuVpI1cCQ2LxYMGeZ1Nf9fqdj9fvG+prg17OPP/Jp/LiO9rz8CZs3krFFcZI0KXvsCfSK67moxW4acE14pBbkNnGsV1V9AogCUHPmrxs/vaAF/+5GKr0USIHIfS/LsSvW0A8I8BFoa72nLtp7nfsx43sXgzGZ/O0XV75guzu/CEA7XtvvYcgcibEjW+1IaXsIWjUljMDFC81IKP+bbUX0lQEfu9lLiwXBh8EPiVmR59ioQIdAZsiPWSn54146aqWoL2qpPrjMBtvQat9q+XZOdwPn0KlmPUdz/khLp8AInFmuUnGJz6/9CPYP+eG/5vJ7kjAGmt8ckkmAdC4dntC6hxYJpLaq418SEtw== </dsig:X509Certificate> <dsig:X509IssuerSerial> <dsig:X509IssuerName> CN=AI, OU=AI, O=ORG, L=Ra, ST=SP, C=BR </dsig:X509IssuerName> <dsig:X509SerialNumber>1</dsig:X509SerialNumber> </dsig:X509IssuerSerial> <dsig:X509SubjectName> CN=AI, OU=AAI, O=ORG, C=BR </dsig:X509SubjectName> <dsig:X509SKI>80G+2YyLzBDojY+M5aNM1wgJNXo=</dsig:X509SKI> </dsig:X509Data> </dsig:KeyInfo> </wsid:Identity> </wsa:EndpointReference> </port> </service> </definitions> ORACLE REQUEST: <?xml version='1.0' encoding='UTF-8'?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";> <S:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; S:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="bst_GELucxc7pxqk1Tf8">MIIEBDCCAeygAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0xMDA0MTIyMDE5MzlaFw0xNTA0MTIyMDE5MzlaMGAxCzAJBgNVBAYTAkJSMRMwEQYDVQQIEwpQZXJuYW1idWNvMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMQwwCgYDVQQDEwNwZ2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMjyb4xMGkHngVgNxITgBXqg1dcIH7UDnDxg8XXSv35vPkF2kLAWeVGPSCSdMV4F2SNvYIA3sEa+3biAjjpFM4S/y4W0UxXPYF7BXGtweXfvXAEFZxHvjv/pepFvQ+mYML4vSuGe2iTHCqgLv8NKLAaDWUEYeX5yKasOPKc3KD8pAgMBAAGjKDAmMCQGA1UdEQQdMBugGQYFYEwBAwOgEBMOMTAxMjMxMjMwMDAxODEwDQYJKoZIhvcNAQEFBQADggIBABJkSTUASP+xIazYFv9pX7nVWG6B8s7q51j81mhFpgJHz91dGP3tx3OxU0IwCWnb7HJ53+0YcaGt0WuIhCHMW74VqnUfdudLw+xz9ZRQBGKCChdLxLvjb8BJlLoM5kmURrAKxShZfg4uc5FB2AeNaWb01DeYUie1qmIsrQ8hKWAsvy/gU38D8q+4WTlWxhyXhQ1p0zF2bEoNZKv7D2jezcb6gJ1Jiw9i4oOCDW6zxnDL3/SqL1kKXuzvdboxxElodCf17jmo9aAGjLXaFwiR0M2UaXTOw0mM2ztW8ZDZjeorzCKDjgACpopRjjrjFofJVNdFDJ9W+zgWEUnocsgAWeA9naPAZbRO9fXmKiY5Dh7nMmHAinugcvyboInwRRXKWCnJabmmNTWPfOlEslVc/SRq7k2uDBbKRktFtqsLmZ1llxjnMDOOh9el0eFr2/tdFP4BaIzKmTGs/M54E0ASr5alN6yVGLat0nsvQejayILLONpyPos31873QvxbJ+B8OiGyvYNN9vsAGVpOR3m1Iyp7Jp0h0rt5F/cCm5Acn22KXUQ9FOs3YFdQ/XHYaf+TIFOtZ9O13E1MutYGB2QLKQ1KF7dTvxQNqiLbhj2ZWOpEPiNAMjAoT92LVGKnbY+7ifd6w9ild+hZ24qRhhwB3waYlUC0YT7rXHEJscANbQHv</wsse:BinarySecurityToken> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI="#Signature_2PtJxCbJQACoJEYy"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>VF6Q9S4yJobMW2rNYFrBzjOLWZ4=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#bst_GELucxc7pxqk1Tf8"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>h+DAcvTzAt3iP0EJfDFeNbR9Vy4=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>DHvSnT+bZXPhPeyX6inJDBv+zs7gL7kTsFRf3lKGZZaAdf1RPTP7TymZq+x0wP1JRQugBcqEh+UD85Xfu7mM095A0MX7hGSwEZxuAy87i2NwAOSzcuEzfqEOag3HzmjjmOYpHu5hP3R/J9dQDy70+dVBUpVdF8APpAOAfkuWfbM=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="str_bBCxbnYKwqvOXMwl"> <wsse:Reference URI="#bst_GELucxc7pxqk1Tf8" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <ns1:EncryptedKey xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"; Id="encKey_gnMqPPZMpJhyJPdZ"> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <ns2:DigestMethod xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </ns1:EncryptionMethod> <ns3:KeyInfo xmlns:ns3="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="str_VmKZYaHRFydHrhgA"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>4iSUz0GV88TQRCsKTya/PyGfV3M=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ns3:KeyInfo> <ns1:CipherData> <ns1:CipherValue>egJ+Mr2HbKdEkXImrufJVsqXRy4iKOtR8+7jvQ+T714a2L6KENOCTFm4QVmFM3dnG5HQC3RBloDzCIlymKbyHKrxV5cJf2amav1aZAU/jTABJkZt2B6hDCbYj17++nr4YlrTYTRHovoQ8k+74XArFyhEKafs+iCda9rF7bXqNqI=</ns1:CipherValue> </ns1:CipherData> <ns1:ReferenceList> <ns1:DataReference URI="#qST12BwW5F8x26wb"/> </ns1:ReferenceList> </ns1:EncryptedKey> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="Signature_2PtJxCbJQACoJEYy"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <dsig:Reference URI="#Timestamp_gdUhkY5lkSIBfMZt"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>yZw0xMrw8Q25UM1nBLnIvaaqyus=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#Body_NspfiAs6Y9rYpuEU"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>blH5NEUOdBs3o6S5KdF20VuoXBg=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>pUVKqLckwQzy6n1R6l0fd20OLFQ=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; wsu:Id="str_oLlXyqJASBPoe8tn"> <wsse:Reference URI="#encKey_gnMqPPZMpJhyJPdZ" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp_gdUhkY5lkSIBfMZt"> <wsu:Created>2010-06-07T17:05:06Z</wsu:Created> <wsu:Expires>2010-06-07T17:06:06Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </S:Header> <S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Body_NspfiAs6Y9rYpuEU"> <ns1:EncryptedData xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"; Encoding="UTF-8" Id="qST12BwW5F8x26wb" MimeType="text/xml" Type="http://www.w3.org/2001/04/xmlenc#Content";> <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <ns1:CipherData> <ns1:CipherValue>yJAm4Z+fHxLZMEoW2RiIR+eScoxGyXNQEQGVkhdO08p9GFTZK39J3b5UsSz0WxmyQguz5OySBcqLBhujnepaqbCfBayyvfIdCxXszGJfMtkOXiEay5X1jpVaa3Ch+OigZn6ZrhHRlWj5urTp9w6zDA==</ns1:CipherValue> </ns1:CipherData> </ns1:EncryptedData> </S:Body> </S:Envelope> CXF REQUEST: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soap:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-51539E84A0AE53F92912759303819093">MIIESTCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCQlIxEzARBgNVBAgTClBlcm5hbWJ1Y28xDzANBgNVBAcTBlJlY2lmZTENMAsGA1UEChMEVEpQRTEfMB0GA1UECxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzEfMB0GA1UEAxMWQXJxdWl0ZXR1cmEgZSBJbm92YWNhbzAeFw0wOTA4MTEyMTA2MTRaFw0xNDA4MTEyMTA2MTRaMFIxCzAJBgNVBAYTAkJSMQ0wCwYDVQQKEwRUSlBFMR8wHQYDVQQLExZBcnF1aXRldHVyYSBlIElub3ZhY2FvMRMwEQYDVQQDEwpDbGllbnRlIElGMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCX0AijGz0BPnri43wFpfqKBJl7tPoWl/yoS1Nt6UaIcFWr23eOWDtsEU+V+tuaxYOLSmu4GMq9raWCeER4xN2OBw4U/YSTPLjwo5HJs8kVcZUKZR0EYncqRXegPm4bLnhjg/8lVzJvQNWvYmieHqGqYpiTl+t8oqsKQ9EPPkp+JQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUiLn0wahXkOWryZKuNfGpXafhDrIwHwYDVR0jBBgwFoAUO/eg2iqez1hnDhCjI/i3Mppm/VIwDQYJKoZIhvcNAQEFBQADggIBACBRUD9kqCM7TDSxyvxKwHniuS2HfnUsss3XSsGFrGq2ywLN522knUXDt4+blK4DarSXt128IEfBrs9QwxhFdzc1tgfAx04p7b4/yhVnfLTy15tNlbcXlYr7vnzLPcQfUjWR6AS262emS5iNN/aIiB7fniIDOCvkp8RD/BBV8Vl5bS/EF8jMXLRAnWtFyKekJEChEHDAixG9CIAxiX0dXjxlBkiGMPC6tq/w2Le6/hWrjdSVObqGXxfmHjG3R47Am8SgKxe6OCp0pIVs/JQmeC8KojMA/vKbv7LRWBLpKKVmdgLdsoOL+zV5DHtfZc3Mxi1q9VMaT6jczixU37De4OdHxcYltoAN70i7TaRi6PVQv9hQsReRX3LH6+Uc/x3xtzUkVGwMQ0NsQwEl3jFiEkB6ZC9ruFlgE6Gm34erSEMadclwNQUA66jm+4xQYA7Ur88Mpdjva5ypcfGxKCmvJ/SoXG2gdt3OpAONj8PWA2bZ7yRDQrJBLYZv5zBT4aeVkcLmu5zBt1DtNiOln6RbjmwRkCnyVCVT01ti5/iRfU3g661gXZITK0vrlSvSenEQCCNOtoGa4OrWELap0uymm6MZqtEIw5qQBvboUxJB6RSt7ziZjWsf6CUaGjJ/mxNcwVVmG2CLUfx0yKebkPiEbsogt4WDhRyoizK2yhOgaLFn</wsse:BinarySecurityToken> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-3"> <wsu:Created>2010-06-07T17:06:21.571Z</wsu:Created> <wsu:Expires>2010-06-07T17:11:21.571Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncKeyId-51539E84A0AE53F92912759303818952"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>4iSUz0GV88TQRCsKTya/PyGfV3M=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>WSeOC/F+hV5N4SNOEd0axiGp5gFGkcOnDfcKMCumiiGc3rqHH4FfEW0u5WlLbcGP2DB32PeC6wIvUV+79AxQQM5g70rEXKTdTQxN2rTPXi2YADPyyeRmDeKuzdJNX3U6gC5b57PQUwnRfMCk5fcNsTvLn3lYxp1Gnceg8xy4Kfc=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-6" /> </xenc:ReferenceList> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-5"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <ds:Reference URI="#Id-32219102"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>A8EnoPs2s+gNAJW6SG7F8FccOa8=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timeef5stamp-3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>tZ6suHFPmOdOdGdbtI1ypA0t29g=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>bWOaBam1Q/uiNbWcG/SbgQgNiLo=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-51539E84A0AE53F92912759303819186"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-51539E84A0AE53F92912759303819187"> <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#EncKeyId-51539E84A0AE53F92912759303818952" ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-4"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#Signature-5"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>kgw/sOxBHZfaYsNpl8bo6qvflO8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>BQaZGuWidcweXCrjFy7TpCZOhuRKnrZFwYqpOI6D56jPcHG1ZvhRpTW6MR8Mog2lAhvJkGXyGZWVLRH71i+f2lkqT4+uh492KQVdADZ48EfPebT6rZElJLNCviD3Q70cIzriIhCcrIum8nrpJZ+TQSj551fGIz+LwWrdmndBDRI=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-51539E84A0AE53F92912759303819174"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-51539E84A0AE53F92912759303819175"> <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#CertId-51539E84A0AE53F92912759303819093" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soap:Header> <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-32219102"> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncDataId-6" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; URI="#EncKeyId-51539E84A0AE53F92912759303818952" /> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>39o8mG9MsyahakuL2A40G2oRQza++Vp7DQQfBmOx2k5D2CPHSsvWWK0u521FPWa8aPmW8mpuAcP8Cs6oPcjfLaSWxp+Ztn5fGbm7vR1bkL0l2aQOoQX4biBaULE/c5HRtvymbw4xIWbVssTdkdfRMpB/8diYmvc09nSnXSD7Bbp3ID3QvlXrwLB6r0L+79ElRJs7sYVbpOBfLopP9pUzV15P+itwMOBjcyhsrO5TaI4zXEBQWPryKV8q5yAYycW1CBA/Kz9bfLoCu+bDdsAKNdQHfl9HoO9eqxdqPDvHWSLSu2q19zE20JvFitZx2MyziO8oTXwNGXIGol1/6bKZZYF3FSZEPtX0PpZU453KKlz1y3cbmt/t8uMlkuBiTpI5E6NLDcI/+BsTGB76ff8PgQ==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soap:Body></soap:Envelope> CXF Client Config: Config File cxf.xml: <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:beans="http://www.springframework.org/schema/beans"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:soap="http://cxf.apache.org/bindings/soap"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd "> <jaxws:client name="{http://swap/test/v01}SwapTestPort"; createdFromAPI="true"> <jaxws:properties> <entry key="ws-security.username" value="clientif" /> <entry key="ws-security.callback-handler" value="br.jus.tjpe.seguranca.ClientKeystorePasswordCallback" /> <entry key="ws-security.signature.properties" value="client.properties" /> <entry key="ws-security.encryption.properties" value="service.properties" /> </jaxws:properties> </jaxws:client> </beans> Config File client.properties: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.alias=clientif org.apache.ws.security.crypto.merlin.keystore.password=cspass org.apache.ws.security.crypto.merlin.file=clientstore.jks Config file service.properties: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.alias=if org.apache.ws.security.crypto.merlin.keystore.password=cspass org.apache.ws.security.crypto.merlin.file=clientstore.jks This is exactly what's in my environment except for the certificate info which I changed for privacy reasons. Any help will be much appretiated Thank you !
