Java Mailing List Archive

http://www.java2.5341.com/

Home » axis-user.ws »

Message-level security on Axis 2 client against WebLogic web service

Maria Aneva

2010-02-19


Author LoginPost Reply

We are trying to apply message-level security to our Web Services – encrypting and singing the SOAP messages.

Our web service is deployed on Oracle WebLogic 10.3 application server. It complies with standards:

  • WS Security 1.1
  • WS Security Policy 1.2
  • WS Policy 1.2

 

For implying message-level security on server side we use pre-populated policy files, implementing WS Security Policy 1.2 specification.

 

On client side, we create the client application, using Axis2 1.5.1 with Rampart 1.5. Security requirements for the client are provided by WS-Security Policy file (policy_from_wsdl.xml attached), defining security requirements, corresponding to the service’s policies and the WSDL file (SecureHelloWorldService.wsdl attached).

 

We have also configured x509 certificates for both server and client to be used for encrypting and signing.

 

As a result of running the client against the service, we have:

  1. Client sends to the server a request message, which is signed and encrypted.
  2. Server processes this request – decrypts the data and verifies clients’ signature.
  3. Server sends a response to the client, which is signed and encrypted.
  4. Client fails to process the response:

 

     [java] org.apache.axis2.AxisFault: The signature or decryption was invalid

     [java]     at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)

     [java]     at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)

     [java]     at org.apache.axis2.engine.Phase.invoke(Phase.java:318)

     [java]     at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)

     [java]     at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)

     [java]     at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)

     [java]     at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)

     [java]     at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)

     [java]     at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

     [java]     at com.sosnoski.ws.library.adb.SecureHelloWorldServiceStub.sayHello(SecureHelloWorldServiceStub.java:187)

     [java]     at com.sosnoski.ws.library.adb.WebServiceClient.main(WebServiceClient.java:82)

     [java] Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid

     [java]     at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:529)

     [java]     at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)

     [java]     at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)

     [java]     at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)

     [java]     at org.apache.rampart.RampartEngine.process(RampartEngine.java:154)

     [java]     at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)

 

 

While investigating the problem, we observe that:

-          even that we are using the same policies for the client and server (the policy for the client is extracted from the WSDL, while the WSDL is generated from the service including its policy files), the client and server create SOAP messages with different structures (see attached request and response messages). We assume that Axis client expects to receive a message with different structure in order to process it.

 

Therefore here comes the question about Axis2 and WebLogic web services interoperability. Both frameworks claim to comply with WS - Security 1.1 and WS - Security Policy - 1.2 standards. We have tested secured Axis2 service with Axis2 client, also secured WebLogic service with WebLogic-specific client – in both cases the communication was successful, but when trying to connect Axis2 client with WebLogic service it fails.

 

Please provide us with information:

 - if there are any known problems/bugs/limitations on Axis2 client communicating with non-Axis2 web service;

 - does Axis2 1.5.1 with Rampart 1.5 really implements above mentioned standards?

 - are there any other requirements for the other party application (non-Axis2), except for complying with these standards, in order to communicate securely (encrypted and signed messages) with the Axis2 application?

 

 

Thank you very much for your kind support

Maria Aneva

  

 

 

 

<?xml version='1.0' encoding='UTF-8'?>
<!--
  Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version
  is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt).
-->
<!--
  Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version
  is Oracle JAX-WS 2.1.3-07/10/2008 08:41 PM(bt).
-->
<wsp:Policy wsu:Id="Wssp1.2-2007-Wss1.1-X509-Basic256.xml"
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
       xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
  <wsp:All>
   <sp:AsymmetricBinding
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:Policy>
      <sp:InitiatorToken>
       <wsp:Policy>
        <sp:X509Token
          sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
          <wsp:Policy>
           <!--sp:RequireThumbprintReference /-->
           <!--sp:RequireKeyIdentifierReference /-->
           <sp:WssX509V3Token11 />
          </wsp:Policy>
        </sp:X509Token>
       </wsp:Policy>
      </sp:InitiatorToken>
      <sp:RecipientToken>
       <wsp:Policy>
        <sp:X509Token
          sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
          <wsp:Policy>
           <!--sp:RequireThumbprintReference /-->
           <!--sp:RequireKeyIdentifierReference /-->
        <sp:WssX509V3Token11/>
          </wsp:Policy>
        </sp:X509Token>
       </wsp:Policy>
      </sp:RecipientToken>
      <sp:AlgorithmSuite>
       <wsp:Policy>
        <sp:TripleDesRsa15/>
       </wsp:Policy>
      </sp:AlgorithmSuite>
      <sp:Layout>
       <wsp:Policy>
        <sp:Lax />
       </wsp:Policy>
      </sp:Layout>
      <sp:IncludeTimestamp />
      <sp:ProtectTokens/>
      <sp:OnlySignEntireHeadersAndBody />
    </wsp:Policy>
   </sp:AsymmetricBinding>

   <sp:Wss11
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:Policy>
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefIssuerSerial/>
    <sp:MustSupportRefThumbprint/>
    <sp:MustSupportRefEncryptedKey/>
    <sp:RequireSignatureConfirmation/>
           <!--sp:RequireKeyIdentifierReference /-->
    </wsp:Policy>
   </sp:Wss11>

   <sp:EncryptedParts
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body />
   </sp:EncryptedParts>

   <sp:SignedParts
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <sp:Body />
   </sp:SignedParts>

   <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
    <ramp:user>clientkey</ramp:user>
    <ramp:encryptionUser>serverkey</ramp:encryptionUser>
     <!-- weblogicserverkey --> <!-- serverkey -->
    <ramp:passwordCallbackClass>com.sosnoski.ws.library.adb.PWCBHandler</ramp:passwordCallbackClass>
    <!--
      <ramp:signatureCrypto> <ramp:crypto
      provider="org.apache.ws.security.components.crypto.Merlin">
      <ramp:property
      name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
      <ramp:property
      name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property>
      <ramp:property
      name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
      </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCrypto>
      <ramp:crypto
      provider="org.apache.ws.security.components.crypto.Merlin">
      <ramp:property
      name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
      <ramp:property
      name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property>
      <ramp:property
      name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
      </ramp:crypto> </ramp:encryptionCrypto>
    -->
    <ramp:signatureCrypto>
      <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
       <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
       <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property>
       <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
      </ramp:crypto>
    </ramp:signatureCrypto>

    <ramp:encryptionCrypto>
      <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
       <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
       <ramp:property name="org.apache.ws.security.crypto.merlin.file">client_keystore.jks</ramp:property>
       <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
      </ramp:crypto>
    </ramp:encryptionCrypto>

   </ramp:RampartConfig>

  </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

Attachment: SecureHelloWorldService.wsdl (zipped)
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
  <wsse:Security
   xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
   S:mustUnderstand="1">
   <ns1:EncryptedKey xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"
    Id="15t3sZzj2poCIpwX">
    <ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
    <ns2:KeyInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
      <wsse:SecurityTokenReference
       xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
       wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
       wsu:Id="str_FLvoOBWuHqrXQF4x">
       <wsse:KeyIdentifier
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
        ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">
      1MzezCfheKiI29jp5HW2fPYGyHU=
     </wsse:KeyIdentifier>
      </wsse:SecurityTokenReference>
    </ns2:KeyInfo>
    <ns1:CipherData>
      <ns1:CipherValue>
      bCWky8LDXWCBFbKJkBW+uSEn6hImutKnXweAEVugZBYN9vsVJYrtKPddRX7TmZZdEenJ1DExQX9Bj7uGfhADP/nnJGtkRoLM5hFDbMl3b0Td212cpPfnjuFo0GhqEhkP/aJojMVVBhhLvAlabElavqQBALmCV5w3HSOaOFhtsJs=
    </ns1:CipherValue>
    </ns1:CipherData>
    <ns1:ReferenceList>
      <ns1:DataReference URI="#afW22kxqCab7NPKb" />
    </ns1:ReferenceList>
   </ns1:EncryptedKey>
   <wsse11:SignatureConfirmation
    xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
    Value="PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A="
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    wsu:Id="sigconf_RyhzddnlBzu3xW0m" />
   <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
    <dsig:SignedInfo>
      <dsig:CanonicalizationMethod
       Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
       <exc14n:InclusiveNamespaces
        xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" />
      </dsig:CanonicalizationMethod>
      <dsig:SignatureMethod
       Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <dsig:Reference URI="#Timestamp_6uijMQPmQCwnq01f">
       <dsig:Transforms>
        <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
          <exc14n:InclusiveNamespaces
           xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </dsig:Transform>
       </dsig:Transforms>
       <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
       <dsig:DigestValue>
       AcwdLcC9DS5egZTiN7A6OlSOHG8=
     </dsig:DigestValue>
      </dsig:Reference>
      <dsig:Reference URI="#Body_YQnFXxh6RBDQoM10">
       <dsig:Transforms>
        <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
          <exc14n:InclusiveNamespaces
           xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </dsig:Transform>
       </dsig:Transforms>
       <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
       <dsig:DigestValue>t2CUpcKkNct0SAAxlLY3cxtNqxw=</dsig:DigestValue>
      </dsig:Reference>
      <dsig:Reference URI="#sigconf_RyhzddnlBzu3xW0m">
       <dsig:Transforms>
        <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
          <exc14n:InclusiveNamespaces
           xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </dsig:Transform>
       </dsig:Transforms>
       <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
       <dsig:DigestValue>AAbuve6qwSgdWZuD1NZKOC3rAIU=</dsig:DigestValue>
      </dsig:Reference>
      <dsig:Reference URI="#str_xHB4AkDj3T212LpD">
       <dsig:Transforms>
        <dsig:Transform
          Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
          <wsse:TransformationParameters>
           <dsig:CanonicalizationMethod
            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <exc14n:InclusiveNamespaces
              xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" />
           </dsig:CanonicalizationMethod>
          </wsse:TransformationParameters>
        </dsig:Transform>
       </dsig:Transforms>
       <dsig:DigestMethod
        Algorithm="h082fttp://www.w3.org/2000/09/xmldsig#sha1" />
       <dsig:DigestValue>WmgBvkgTFiOYX2VC4dUxKV/yi+4=</dsig:DigestValue>
      </dsig:Reference>
    </dsig:SignedInfo>
    <dsig:SignatureValue>h8W7qHjgGOI8OTwevLuyyPdiJn689TkN3rg7DzZOqkbt7mUbpD5V64mppJQGGbNLRKWlaMT/pPlkpQ23lbrj49thYg96slX5NIT83wIUiGTKufOyETg81ZXc8PHPVgY5fsqE1WWeeCsFm1d47zFF2pPwWNCm3GrbPsZO10gqN6w=</dsig:SignatureValue>
    <dsig:KeyInfo>
      <wsse:SecurityTokenReference
       xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
       wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
       wsu:Id="str_xHB4AkDj3T212LpD">
       <wsse:KeyIdentifier
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
        ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">
      fM1KfdQAjKBvZzeaWpRUkjVXyOg=
     </wsse:KeyIdentifier>
      </wsse:SecurityTokenReference>
    </dsig:KeyInfo>
   </dsig:Signature>
   <wsu:Timestamp
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    wsu:Id="Timestamp_6uijMQPmQCwnq01f">
    <wsu:Created>2010-02-12T10:10:44Z</wsu:Created>
    <wsu:Expires>2010-02-12T10:11:44Z</wsu:Expires>
   </wsu:Timestamp>
  </wsse:Security>
</S:Header>
<S:Body
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  wsu:Id="Body_YQnFXxh6RBDQoM10">
  <ns1:EncryptedData
  xmlns:ns1="http://www.w3.org/2001/04/xmlenc#"
   Id="afW22kxqCab7NPKb"
  Encoding="UTF-8"
  MimeType="text/xml"
   Type="http://www.w3.org/2001/04/xmlenc#Content">
   <ns1:EncryptionMethod
    Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
   <ns1:CipherData>
    <ns1:CipherValue>ta9DAmg1D3YVjFPYCz+agHUUpOV97sfdQHu7y0oPjthB7jnNK6Ixdf1px2Itmzj51os++DiIt6zAZOu4cyFYjR19b4fsrdojslss6vrpQRIktH3Guamito25Nf61itTpKw6vsn5etKniV+mlX0nJloMQkpZZTK7S02990L8A6KE=</ns1:CipherValue>
   </ns1:CipherData>
  </ns1:EncryptedData>
</S:Body>
</S:Envelope>
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soapenv:Header>
  <wsse:Security
   xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
   soapenv:mustUnderstand="1">
   <wsu:Timestamp
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    wsu:Id="Timestamp-1">
    <wsu:Created>2010-02-12T10:10:41.470Z
    </wsu:Created>
    <wsu:Expires>2010-02-12T10:15:41.470Z
    </wsu:Expires>
   </wsu:Timestamp>
   <xenc:EncryptedKey Id="EncKeyId-75CCEA48EACB75B70412659694440955">
    <xenc:EncryptionMethod
      Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <wsse:SecurityTokenReference>
       <wsse:KeyIdentifier
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">
        1TdlyAJ8gQz7EeJI7/TEMkrremg=
       </wsse:KeyIdentifier>
      </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    <xenc:CipherData>
      <xenc:CipherValue>
       mmFl6AVe8XXmd+2O7Lz0jh4rX5mQEExIzUxlq6WL9FIFccyR9WifSictkYbA3G4oZfkss18IolsoBw0tdAIPXqAVHIJWqZt4VnDnXKAlCariyA0geWcmUS/27dpLR63wdyw54FSnq27QcVhBoyHzLp0XbFJ8ceXSOoed0OhMXaA=
      </xenc:CipherValue>
    </xenc:CipherData>
    <xenc:ReferenceList>
      <xenc:DataReference URI="#EncDataId-3" />
    </xenc:ReferenceList>
   </xenc:EncryptedKey>
   <wsse:BinarySecurityToken
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
    wsu:Id="CertId-75CCEA48EACB75B70412659694418141">
    MIIDtTCCAx6gAwIBAgIBHTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCQkcxDjAMBgNVBAgTBVNvZmlhMQ4wDAYDVQQHEwVTb2ZpYTEVMBMGA1UEChMMaTpGQU8gQkcgTFREMQ8wDQYDVQQLEwZJVFMgQkcxHjAcBgNVBAMTFW5vbmFtZS5zb2ZpYS5pZmFvLm5ldDEiMCAGCSqGSIb3DQEJARYTdGVjaG5pay1iZ0BpZmFvLm5ldDAeFw0xMDAxMTExNTA4NThaFw0xNTAxMTAxNTA4NThaMH4xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFzAVBgNVBAoTDmk6RkFPIEJ1bGdhcmlhMQ8wDQYDVQQLEwZJVFMtQkcxJTAjBgNVBAMTHG1hbmV2YS5jbGllbnQuc29maWEuaWZhby5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAITL0ZRBzEBP+hqbTSniEIAHTsKx21RaD5FYN/bGkEg2vvM5d7ldc9npbCJ8AxL59qKVc+4gdOoDvs2HDWBHADISFV7p8257ZznmCPrZQLqaXS4buPdCsPauOPuI0A/lz0ot38v4lfQwnDyt677n203j063gvf2HSMtdeqXKYH+nAgMBAAGjggElMIIBITAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYgzEyhc6ryZWcKho+9c2znrtVQ8wgcYGA1UdIwSBvjCBu4AUPh3kQ4kagsBrKfUre+FLVuFCaGShgZ+kgZwwgZkxCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEOMAwGA1UEBxMFU29maWExFTATBgNVBAoTDGk6RkFPIEJHIExURDEPMA0GA1UECxMGSVRTIEJHMR4wHAYDVQQDExVub25hbWUuc29maWEuaWZhby5uZXQxIjAgBgkqhkiG9w0BCQEWE3RlY2huaWstYmdAaWZhby5uZXSCAQAwDQYJKoZIhvcNAQEEBQADgYEAVewc9jYQIFTs3dHjmnWN1gxbZajIXb+hpMHFI7ViFp0s769KndUblYIg2SHUte5fXAPyHwZJcRqn54eu6olhDnQnYUkTv1N58nJml1tRMgH0jmeKM15+rfpRCD/xdw3XDyFgjBe0mAt2oAB2Efrcz2IkxiloNggC6pg1g1tSZPI=
   </wsse:BinarySecurityToken>
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    Id="Signature-2">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod
       Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <ds:SignatureMethod
       Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference URI="#Id-9175756">
       <ds:Transforms>
        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
       </ds:Transforms>
       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
       <ds:DigestValue>7bNU7War5Sw6rVnYZ1rkdRZDkhQ=
       </ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#Timestamp-1">
       <ds:Transforms>
        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
       </ds:Transforms>
       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
       <ds:DigestValue>StndUMB/iWVsT1ALIqj7Sy6755I=
       </ds:DigestValue>
      </ds:Reference>
      <ds:Reference UR857I="#CertId-75CCEA48EACB75B70412659694418141">
       <ds:Transforms>

        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
       </ds:Transforms>
       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
       <ds:DigestValue>tg3OIUyNmkqL0MdQqpeSr6f0sL0=
       </ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>
      PeZLYYYvdOqsadUe2wv73pIe2YZonTeDg3xIleWuOi0rXBAU9UFVnOzQbPC0M4aCzBWpRInNtwIN7/Vq/EIqvQxVrITWJRQJxyS3YXgAY5cFamNkZG31Yu9SJIJEMgY6VfZrthwdfPxVI+sQb8uleAnNCJyZdfK2XYCtYpAL+1A=
    </ds:SignatureValue>
    <ds:KeyInfo Id="KeyId-75CCEA48EACB75B70412659694418292">
      <wsse:SecurityTokenReference
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
       wsu:Id="STRId-75CCEA48EACB75B70412659694418453">
       <wsse:Reference URI="#CertId-75CCEA48EACB75B70412659694418141"
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
      </wsse:SecurityTokenReference>
    </ds:KeyInfo>
   </ds:Signature>
  </wsse:Security>
</soapenv:Header>
<soapenv:Body
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  wsu:Id="Id-9175756">
  <xenc:EncryptedData Id="EncDataId-3"
   Type="http://www.w3.org/2001/04/xmlenc#Content">
   <xenc:EncryptionMethod
    Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
   <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <wsse:SecurityTokenReference
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:Reference URI="#EncKeyId-75CCEA48EACB75B70412659694440955" />
    </wsse:SecurityTokenReference>
   </ds:KeyInfo>
   <xenc:CipherData>
    <xenc:CipherValue>
      J9mC94g5ZUnnqCWxq+qtwdSr+75YAra6kmkWgVCIwfF4S234AKj1J0NCI+C/R67b88F7V439WTwKTTPOtDsw636hJyHR0LOjBgNHmAQU0Z5ehzCEj7sprakrbt90zCbWENvuCLESw8cm7QUkwV+GbaGvI15QQbN4cBqz7uizPNSRAfvibqeAwXfWhYV9u+KeJRQfnj40Og4DwxHbzT3fEWssd2QY3J8x6Xq5UQrqSg2d87blHW/o7FL0ZQ0SEG98fO86385IiDuOKcd/6rwm6zpgNe0aRtjsr9xrQNx7opP4IEZ25h0fHK/BbRBsMW/HmE+CpIE4/wMlOQmn49vMhvG1TzqgSD3faZZ5zqH2n89N78NzNmoPi+wObN0TPgFL3i4amffbjTY=
    </xenc:CipherValue>
   </xenc:CipherData>
  </xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
©2008 java2.5341.com - Jax Systems, LLC, U.S.A.