Brian,
the Axis handler that drive the WSS4J library read the action from left to right.
Thus if you have the action value "Timestamp UsernameToken Encrypt"
then WSS4J first creates the wsse:Security element and inserts the timestamp
element. After that WSS4J sets up the username token element and
prepends it (inserts it before) the timestamp, then WSS4J handles encryption
and prepends all encryption related elements. Thus, as described in
WSS specs the wsse:Security element is built from bottom to top.
After all actions are done the wsse:Security element contains, from top to bottom: - Encryption elements - UsernameToken elements - Timestamp elements
The receiver part of the handler automatically reverts the actions, thus you can
use the same order of actions in both handlers.
As for you problem with the encryption exception: in your example you reveresed the order of action. Thus you ordered to encrypt an element that does not yet exists.
Regards, Werner
Brian Nielsen schrieb:
I've got a question regarding how to configure my security handlers (actions), since they don't behave like I would want them to. Here's the facts that I've found before going into the specifics of my 'problem':
A) The order of actions In [1] under "Combining security actions", there is an example the WS Interoperability specifications:
1) Insert a UsernameToken, use PasswordText to set the password. In addition add a timestamp and a nonce into the UsernameToken 2) Encrypt the UsernameToken to protect the information.
That should be configured like this
<parameter name="action" value="UsernameToken Encrypt"/>
Should first 'things' first, and very intuitive.
Okay I'll add a Timestamp prior to that, so that'll be:
<parameter name="action" value="Timestamp UsernameToken Encrypt"/>
Enenthough the timestamp is'nt important for my problem is does make it some what clearer.
B) processing order In the WS-Security spec [2] section 5. "Security Header", it says:
<quote> As elements are added to a <wsse:Security> header block, they SHOULD be prepended to the existing elements. As such, the <wsse:Security> header block represents the signing and encryption steps the message producer took to create the message. This prepending rule ensures that the receiving application can process sub-elements in the order they appear in the <wsse:Security> header block, because there will be no forward dependency among the sub- elements. Note that this specification does not impose any specific order of processing the sub- elements. The receiving application can use whatever order is required. When a sub-element refers to a key carried in another sub-element (for example, a signature sub-element that refers to a binary security token sub-element that contains the X.509 certificate used for the signature), the key-bearing element SHOULD be ordered to precede the key-using Element: </quote>
C) sequence af serialized ws-security
The following examples are all taken from client-side requests!. My first example is based on :
<parameter name="action" value="Timestamp UsernameToken Encrypt"/>
With no specific 'encryptionParts', so it'll encrypt the soap body, I've inserted it as a big footnote to keep this text readable [3]. The child elements of the 'wsse:Security' element are, taken from the top: 1) 'xenc:EncryptedKey' 2) 'wsse:UsernameToken' 3) 'wsu:Timestamp'
That looks like just the opposite of what I expected, so I'll try and turn it around:
<parameter name="action" value="Encrypt UsernameToken Timestamp"/>
And then I get [4] where the order is just the way I wanted them. Now'll insert am 'encryptionParts' so that it's the UsernameToken that get's encrypted. Ups, that did not go well:
Exception in thread "main" AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultSubcode: faultString: WSDoAllSender: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 .0.xsd}UsernameToken) faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1 .0.xsd}UsernameToken) at org.apache.ws.axis.security.WSDoAllSender.performENCRAction(WSDoAllSender.ja va:455) at org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:316) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java: 32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) ...
Uhmmm, that did not work, but had i change the sequence of the 'Encrypt' and
'UsernameToken' in the 'action' parameter I would get through but with the
'wrong' ordering of the serialized elements. One last try, I'll do it in two
steps, that surely must be a way around eventhough not that intuitive:
<handler type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="action" value="UsernameToken Timestamp"/> ... </handler> <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="action" value="Encrypt"/> ... </handler>
But the result [5] is still with 'xenc:EncryptedKey' at the top (both with and without 'NoSerialization'), and to some degree it makes more sense since this is prepended the existing elements.
So after going through all this:
1) what should I do different?
2) is this an error?
3) does it not matter at all?
I certainly think it does matter and that it can make it harder to configure for interoperability, but would like a second opinion.
Regards Brian
[1]http://ws.apache.org/ws-fx/wss4j/package.html
[2]http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-secu rity-1.0.pdf
[3] <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd"> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m essage-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3">MIICojCCAgugAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1 UEBhMCREsxEzARBgNVBAgT CkNPUEVOSEFHRU4xDTALBgNVBAcTBENJVFkxFDASBgNVBAoTC0Zha2UgU1NMIENBMRQwEgYDVQQL EwtJVCBESVZJU0lPTjEUMBIGA1UEAxMLRkFLRSBTU0wgQ0ExGjAYBgkqhkiG9w0BCQEWC2JuaUBp dHN0LmRrMB4XDTA0MDkyOTA4MDkwMloXDTA3MDkyOTA4MDkwMlowgY4xCzAJBgNVBAYTAkRLMRIw EAYDVQQIFAlCSVJLRVLDmEQxJDAiBgNVBAoTG0RFVCBDRU5UUkFMRSBQRVJTT05SRUdJU1RFUjEV MBMGA1UECxMMQ1BSIEtPTlRPUkVUMRMwEQYDVQQDEwp3d3cuY3ByLmRrMRkwFwYJKoZIhvcNAQkB FgpjcHJAY3ByLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC31NZppksvJ1ilKuBD6flx +HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+P8eSa/6qvNW utsdxVuPaB6rZwzy4gpNFP+7KvuIQZVVxOA9NMqXv1VDzBb5hV/DAcAlnyos7IjtsmsoNTX1QwID AQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKR/kL3zvnWQr0V/zr0qNWQvUfhZ BFMy03RuAJw3G51L/mhUiXH8mMPjB9uozQ9FiAzZ9mQ/Ebt7tHUNE+fgPMWg/rO2wfmwvnp0Mp/F O/5DVS4hwun+3me6wNi5GBDmlKiOWFXWnHxKsKVEx5weAsebgeh1JijGtSGK0NZnrU8Z</wsse:K eyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData>
<xenc:CipherValue>Fo7OjT1pNea1e2u3SqJruV64X6h3Zl+R62/cL9GEg7pv8ZPzQZX/VJnPqv JSGELyl5WED0/yPnOS xHNHEvrZ6OanhQNxjwhOem93O1MKmz0NlreXdthQP2HAieGb9OW14suOJhaxoViJUXEICNN/A5wM PdhW9ZfuW2KfsLG7rVg=</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-26622782"/> </xenc:ReferenceList> </xenc:EncryptedKey> <wsse:UsernameToken> <wsse:Username>benny</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token -profile-1.0#PasswordText">bennysPassword</wsse:Password> </wsse:UsernameToken> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"> <wsu:Created>2005-05-06T20:34:06Z</wsu:Created> <wsu:Expires>2005-05-06T20:39:06Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body> <xenc:EncryptedData Id="EncDataId-26622782" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <xenc:CipherData>
<xenc:CipherValue>OaOy3N1efI+f3v/F48zxJi/lPT1IQAe9Oa4zLSY4hoRo//aEsIjT/A5H1A ziwPp18aHs7bE0WWJS e1JsigoikCjYmFHzE/8ycFx6K6mTn+PTyDobjb7886hQWv0d4ykoz/P8Z/Lomm06tbiiS8ZQYeZZ 26fsUpOatdxWtgPlKsv5BCGdhTURwDoqqm36ukM5o4nhD6Jd59swLlpy3IBsv1lqMfEP/EZHY4Vg ejJxK2ZJtghd8++I0swRvxdUQ51Fvk1JbaQDL8R4jDSBDTnU8VC5Hnc/+jSx5MRYcx1be2tVFH/3 XhDeUSfku9HQYhJcUKHZs+W4CTsCSHdWU5uK0yg074vfc18E4mAAbRezU5gr2/SdzrPu8iSpyo3K 5DtlfHI0OtCtFs+cLtYP9UsW+UpyLDMeA2FmE0KGTvBHy51gyACfjJiq6dGlZMmUlJeV</xenc:C ipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>
[4] <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"> <wsu:Created>2005-05-06T20:35:16Z</wsu:Created> <wsu:Expires>2005-05-06T20:40:16Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken> <wsse:Username>benny</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token -profile-1.0#PasswordText">bennysPassword</wsse:Password> </wsse:UsernameToken> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m essage-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3">MIICojCCAgugAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1 UEBhMCREsxEzARBgNVBAgT CkNPUEVOSEFHRU4xDTALBgNVBAcTBENJVFkxFDASBgNVBAoTC0Zha2UgU1NMIENBMRQwEgYDVQQL EwtJVCBESVZJU0lPTjEUMBIGA1UEAxMLRkFLRSBTU0wgQ0ExGjAYBgkqhkiG9w0BCQEWC2JuaUBp dHN0LmRrMB4XDTA0MDkyOTA4MDkwMloXDTA3MDkyOTA4MDkwMlowgY4xCzAJBgNVBAYTAkRLMRIw EAYDVQQIFAlCSVJLRVLDmEQxJDAiBgNVBAoTG0RFVCBDRU5UUkFMRSBQRVJTT05SRUdJU1RFUjEV MBMGA1UECxMMQ1BSIEtPTlRPUkVUMRMwEQYDVQQDEwp3d3cuY3ByLmRrMRkwFwYJKoZIhvcNAQkB FgpjcHJAY3ByLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC31NZppksvJ1ilKuBD6flx +HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+P8eSa/6qvNW utsdxVuPaB6rZwzy4gpNFP+7KvuIQZVVxOA9NMqXv1VDzBb5hV/DAcAlnyos7IjtsmsoNTX1QwID AQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKR/kL3zvnWQr0V/zr0qNWQvUfhZ BFMy03RuAJw3G51L/mhUiXH8mMPjB9uozQ9FiAzZ9mQ/Ebt7tHUNE+fgPMWg/rO2wfmwvnp0Mp/F O/5DVS4hwun+3me6wNi5GBDmlKiOWFXWnHxKsKVEx5weAsebgeh1JijGtSGK0NZnrU8Z</wsse:K eyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData>
<xenc:CipherValue>VFKi6bc8ErjMRQaN+Ir7rZ9hfLlPOZysYLF71z+afA+tWC9tFIQO1rsqTG JdqIxWVjRwUMO2Gznj w9BTHUZkgVQKgju92XCM6dYtQK+19H/7O39UQKTCklEZnDAPMjjw6dTrKRqLWD/E/gX0YXpSbFmb /lfJNxoCkNW1FrY2maM=</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-3556929"/> </xenc:ReferenceList> </xenc:EncryptedKey> </wsse:Security> </soapenv:Header> <soapenv:Body> <xenc:EncryptedData Id="EncDataId-3556929" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <xenc:CipherData>
<xenc:CipherValue>ywYGy+KP4teYT0z0CqFvnteu6czZNSyFbUcR1IQlThjqR5mKJVUeF6pHD6 9iy1yh5wMFmJQMzIGr eFtrp73XTLdXNf+gCtsBN0Wpy2m36Ee+06BH1n+v+GY9qGM57Ol42zIYC13MErrGvNFCo0fssIr7 BZ5g9Iv/qZZYxZj8Atf5NMKUgyMsM216EmtSATu3a79B7InK2v3MsQ29CDpZa67TqvXLwradkhA5 mLNSv3TVHNoPXEtxWVyVMsKydYX39vaUeprPtuJ+W5j0KdyuxvYn92MN7me1qdoxshfyvYKqaadp 4ulQiBdu0+3qr0q+Sj17058f6Yo3Wjar49Pr1KNGDTmpaR/5aeXKfss6qFP1+0fdmDqjj2KPC2ji n32hzUjsrtzD8DLW3/B0Kkoh8xR3z+J8/swWBe0tnzk/qYcKnmEtKbJGWevr1umERI+K</xenc:C ipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>
[5] <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd"> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m essage-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3">MIICojCCAgugAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1 UEBhMCREsxEzARBgNVBAgT CkNPUEVOSEFHRU4xDTALBgNVBAcTBENJVFkxFDASBgNVBAoTC0Zha2UgU1NMIENBMRQwEgYDVQQL EwtJVCBESVZJU0lPTjEUMBIGA1UEAxMLRkFLRSBTU0wgQ0ExGjAYBgkqhkiG9w0BCQEWC2JuaUBp dHN0LmRrMB4XDTA0MDkyOTA4MDkwMloXDTA3MDkyOTA4MDkwMlowgY4xCzAJBgNVBAYTAkRLMRIw EAYDVQQIFAlCSVJLRVLDmEQxJDAiBgNVBAoTG0RFVCBDRU5UUkFMRSBQRVJTT05SRUdJU1RFUjEV MBMGA1UECxMMQ1BSIEtPTlRPUkVUMRMwEQYDVQQDEwp3d3cuY3ByLmRrMRkwFwYJKoZIhvcNAQkB FgpjcHJAY3ByLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC31NZppksvJ1ilKuBD6flx +HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+P8eSa/6 +HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+qvNW utsdxVuPaB6rZwzy4gpNFP+7KvuIQZVVxOA9NMqXv1VDzBb5hV/DAcAlnyos7IjtsmsoNTX1 utsdxVuPaB6rZwzy4gpNFP+QwID AQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKR/kL3zvnWQr0V/zr0qNWQvUfhZ BFMy03RuAJw3G51L/mhUiXH8mMPjB9uozQ9FiAzZ9mQ/Ebt7tHUNE+fgPMWg/rO2wfmwvnp0Mp/F O/5DVS4hwun+3me6wNi5GBDmlKiOWFXWnHxKsKVEx5weAsebgeh1JijGtSGK0NZnrU8Z</wsse:K eyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData>
<xenc:CipherValue>NGbRneWj5Xmv/U2YevVoBqV/iIiyCjqPpiqdo4ctK28102Dlfb0tnBuDiY WgsHCY+CBTpRqmhb5O zhKyYa7QnXtCSSsWETm537Sb2Rl0SgYgV0US331N/qbiII86B5uElgk8+PbmKhCqY1piCXg6sPY0 GWwm3GnrVZGKTnCOxO4=</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-28524838"/> </xenc:ReferenceList> </xenc:EncryptedKey> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"> <wsu:Created>2005-05-06T20:52:26Z</wsu:Created> <wsu:Expires>2005-05-06T20:57:26Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken> <xenc:EncryptedData Id="EncDataId-28524838" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <xenc:CipherData>
<xenc:CipherValue>Xu2hWw6vcVgP4kw8OR/a3Tz2BjM2M9rr3+CUrNrXmqkRZ+5P/Ejb7QbeH5 KxOI6vmMbCIVAuVXGd THpHIYH4lenXH3Kd8FCO2uVmUsRbPlP9aiVaWUrbCK4SM5+MZVC0WAAVfgzCaepquqA+hsoj THpHIYH4lenXH3Kd8FCO2uVmUsRbPlP9aiVaWUrbCK4SM5+MZVC0WAAVfgzCaepquqA+/MoV Y/eeLHAma0WHRDH7ikycOHyxsj8rEqe7mlSPORCvuyLm2p6s8TAJs0fZuVh0KOZln6RN6rbdgS5Z CPDvBrE95E3ey/yBd9REBwKjvqcamPvXyK63hQv43E8/tzXXwZmv5B3hmdL8xXmIMtOdG8rhHOCx T6VH1s3wjJ7+AB/4xn7xw/WGm/cFRT4SPaY/zAifpcGjq/Zw+TKrnk1NVvYbD7BpnG2dUkp0 T6VH1s3wjJ7+fdUS KBWJy/74pJIC7f4Y0dx/M7QwV0aS2EzPZSsb2Mwu0yvuAJpg1CE4SRUn0QmngAdyTK3K9WFMGFu/ wbv9QdqzTkOAsk0TTCKt8ZAjpGS+K/f1mCvv6KwLofM3dkMMpqIx9J4A6AZBf0Hd2g7J0Saz wbv9QdqzTkOAsk0TTCKt8ZAjpGS+ERkN 8kXxiQP9RubGYW9Xpa+E6BbGS/D7992oB8YVoid47x+itiLMKCaCTE2WHto96KGI7UwXmK6G 8kXxiQP9RubGYW9Xpa+xou6 gjnORTMvhtH24tn4iMAHIa8mlh8DwIOjSd5tZZuB6xBF6EAh/fd+HQ==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <CivilRegistrationNumber xmlns="http://rep.oio.dk/cpr.dk/xml/schemas/core/2002/06/28/";>1212561234</Ci vilRegistrationNumber> </soapenv:Body> </soapenv:Envelope>
