On Wed, Jul 29, 2009 at 8:27 AM, Uthaiyashankar<[email protected]> wrote:
> Hi Cyril,
>
> On Wed, Jul 29, 2009 at 4:24 AM, Cyril
> DANGERVILLE<[email protected]> wrote:
>> Hello,
>> I tried out the Commodity Quote Sample shipped with WSO2 WSAS 3.0 (see
>> http://wso2.org/project/wsas/java/3.0.1/docs/wso2wsas-3.0.1-docs/commodity_quote_guide.html),
>> scenario 2: Sign only - X509 Authentication.
>> When I look at the client request with WSO2 WSAS SOAP message tracer,
>> only the timestamp part of the security header and the body of the
>> message are signed. The <wsse:BinarySecurityToken> part of the
>> security header is not signed (no reference to this part in the
>> SignedInfo element). Why?
>
> This is the correct behavior. <wsse:BinarySecurityToken> contains the
> public certificate which should be used to validate the signature. It
> will not be included in the signature.
>
>> How do I make it signed? Do I have to force it some way in the
>> client's securitypolicy file? Is it a Rampart issue?
>>
>> My problem is I have to make it communicate with a weblogic component
>> that expects it to be signed.
>
> This might be a problem of inconsistency of server and client policy
> files. Can you get the policy/WSDL from the service and attach it?
> Also attach the SOAP request/reply captured using message tracer.
> Possibly the server might expect the addressing headers to be signed,
> in that case, you have to modify the client side policy.
>
I managed to get Rampart to sign the <wsse:BinarySecurityToken> and
now it works with my weblogic component. The "weblogic component" I am
referring to, and that I want my Axis2/Rampart client to communicate
with, is a helloworld proxy service in Oracle Service Bus 10gR3. For
info, it relies on Weblogic for all the web service security stuff.
Below is what you asked for:
Service policy/WSDL
===============
I have attached my service's WSDL (simple hello world) with the policy
inside as you asked. Unfortunately, it actually supports only a
subset of the standards that Weblogic supports. In particular,
WS-SecurityPolicy format cannot be used for signature policy.
Therefore, the policy in the attached WSDL is in Weblogic proprietary
format. It is Weblogic predefined policy for digital signature:
Sign.xml. See
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/webserv_sec/message.html#wp238771
for the description of the policy.
Client side policy
=============
You will find below my client's rampart policy.xml which signs
<wsse:BinarySecurityToken> and works with my OSB proxy service. What
matters is the <sp:ProtectTokens/> line (...with-token-protect.xml). I
am using rampart 1.4.
----BEGIN RAMPART POLICY--
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:ProtectTokens/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>client</ramp:user>
<ramp:passwordCallbackClass>com.ecerami.www.wsdl.helloservice_wsdl.PCWBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">ressources/client.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">mystorepass</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
--END RAMPART POLICY--
I have attached the SOAP request/reply (files ending
...-with-token-protect.xml).
Now, if I remove/comment <sp:ProtectTokens/> in the client policy, I
get the request/reply attached (files ending
...without-token-protect.xml). The reply is a SOAP fault.
So, it seems OSB/Weblogic considers signing BinarySecurityToken as a
correct behavior.
I think this can be useful to know if you are doing interoperability
tests between WSO2WSAS/Rampart and OSB (or Weblogic I assume).
Regards,
--Cyril
<?xml version="1.0" encoding="UTF-8"?>
<s2:definitions name="HelloService" targetNamespace="http://www.ecerami.com/wsdl/HelloService.wsdl"; xmlns:s0="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:s1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:s2="http://schemas.xmlsoap.org/wsdl/"; xmlns:s3="http://www.w3.org/2001/XMLSchema"; xmlns:s4="http://www.ecerami.com/wsdl/HelloService.wsdl"; xmlns:s5="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<s0:Policy s1:Id="Sign.xml">
<wssp:Integrity xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part"; xmlns:wssp="http://www.bea.com/wls90/security/policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wssp:SignatureAlgorithm URI="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<wssp:CanonicalizationAlgorithm URI="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<wssp:Target>
<wssp:DigestAlgorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"/>
<wssp:MessageParts Dialect="http://www.bea.com/wls90/security/policy/wsee#part";>
wls:SystemHeaders()
</wssp:MessageParts>
</wssp:Target>
<wssp:Target>
<wssp:DigestAlgorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"/>
<wssp:MessageParts Dialect="http://www.bea.com/wls90/security/policy/wsee#part";>
wls:SecurityHeader(wsu:Timestamp)
</wssp:MessageParts>
</wssp:Target>
<wssp:Target>
<wssp:DigestAlgorithm URI="http://www.w3.org/2000/09/xmldsig#sha1"/>
<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part";>
wsp:Body()
</wssp:MessageParts>
</wssp:Target>
<wssp:SupportedTokens>
<wssp:SecurityToken IncludeInMessage="true" TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
<wssp:TokenIssuer>CN=Certificate Authority,O=Soasec Theresis Domain,</wssp:TokenIssuer>
</wssp:SecurityToken>
</wssp:SupportedTokens>
</wssp:Integrity>
<wssp:MessageAge Age="60" xmlns:wssp="http://www.bea.com/wls90/security/policy"/>
</s0:Policy>
<wsp:UsingPolicy s2:Required="true"/>
<s2:message name="SayHelloRequest">
<s2:part name="firstName" type="s3:string"/>
</s2:message>
<s2:message name="SayHelloResponse">
<s2:part name="greeting" type="s3:string"/>
</s2:message>
<s2:portType name="Hello_PortType">
<s2:operation name="sayHello">
<s2:input message="s4:SayHelloRequest"/>
<s2:output message="s4:SayHelloResponse"/>
</s2:operation>
</s2:portType>
<s2:binding name="Hello_Binding" type="s4:Hello_PortType">
<s5:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:Policy>
<wsp:PolicyReference URI="#Sign.xml"/>
</wsp:Policy>
<s2:operation name="sayHello">
<s5:operation soapAction="sayHello"/>
<s2:input>
<s5:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"; namespace="urn:examples:helloservice" use="encoded"/>
</s2:input>
<s2:output>
<s5:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"; namespace="urn:examples:helloservice" use="encoded"/>
</s2:output>
</s2:operation>
</s2:binding>
<s2:service name="Hello_BindingQSService">
<s2:port binding="s4:Hello_Binding" name="Hello_BindingQSPort">
<s5:address location="http://THERESIS042:7001/mysecproject/HelloWorld_WSDL_WS"/>
</s2:port>
</s2:service>
</s2:definitions><?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-7408068">
<wsu:Created>2009-08-04T13:12:28.657Z</wsu:Created>
<wsu:Expires>2009-08-04T13:17:28.657Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
wsu:Id="CertId-3201971">
MIIDITCCAgmgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBBMR8wHQYDVQQKExZTb2FzZWMgVGhlcmVzaXMgRG9tYWluMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNDMwMTUzODU2WhcNMDkxMDI3MTUzODU2WjBJMQswCQYDVQQGEwJGUjEZMBcGA1UEAxQQQWxlcnRfTWdyX0NsaWVudDEfMB0GCgmSJomT8ixkAQETD2FsZXJ0bWdyLWNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3pQG3IrNd3p82JXbYtc5w3fXSeJShrXFTKN8TqNbMWy67+HKTute7Z9cbTDH2lsWU+DhJQbKclCGnODky2hIzZFvtKI49s3Rk9tOQ0hwGHeom0c1HYlh6TkMTkUKiG2KJSnyMkJCl5d+IPOtumP4DTxgXYkoozyjbgC4j8yc9J0CAwEAAaOBnzCBnDAfBgNVHSMEGDAWgBS5JFQ82gQKIPHEUgxqsAOE6ET9QDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9kb2d0YWcuc29hc2VjLnRoZXJlc2lzLm9yZzo5MDgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEAcvDM8GHbluesoQRJVbwTVxtetZirxu5nPhm75tNb0qcR11aNW9zWHQtip52VyJ5gvgs9IsseUtgc7LAEgNsKsugieZGgfyHlk4FhvFf0+d8NSSHnxTx0Nezw3YwtWh7QDkSD8i5Fu1pJCy6n3E+tQtmpRnRnyXPqJU/IjzKjsRIGQX3LUaeiNpQKnlEnUEAwl9OezpIoTob+0x08jtEeuQFGiJa2Ik0qA44JsX+FBUNeD3KNk1wJWRfxYo9VIxZ4wj1+1PDFtTd49DE+VQc4Gq61rm8dHY5PwsWFgIQwZuiMYk2msS84mQfOQDR4E3mhO9cxHhBIOyTDipDwT36r9g==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="Signature-23414511">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#Id-28235257">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>
eK6WhrGEs9WgXnNPl5lLnJ4XoJ8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-7408068">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>
wBqLkPu+YAlskbPmMvcU7AQWMX0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
iO0KUDigpwW0CxPaUig2haQTz9y1IS4YllV7xropFSGom+HbH5JtnCQ4n0yS6zw+7DqIPFkkhlwN
LHolORIYREoXGb3g4a99F3+aP3ghuUOHidNKSP6Sja2YaF3bhojwY8/UCKj+ox0+4Ww67lbkP4PH
5/r/Rq2wOyypkyi9jgY=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-25840096">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-23930419">
<wsse:Reference URI="#CertId-3201971"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-28235257">
<ns1:sayHello xmlns:ns1="urn:examples:helloservice">
<firstName>Hello</firstName>
</ns1:sayHello>
</soapenv:Body>
</soapenv:Envelope>
<?xml version="1.0" encoding="utf-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";>
<env:Header />
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Could not validate signature using any of the
supported token types</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
<?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-30863650">
<wsu:Created>2009-08-04T13:24:17.982Z</wsu:Created>
<wsu:Expires>2009-08-04T13:29:17.982Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
wsu:Id="CertId-3201971">
MIIDITCCAgmgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBBMR8wHQYDVQQKExZTb2FzZWMgVGhlcmVzaXMgRG9tYWluMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNDMwMTUzODU2WhcNMDkxMDI3MTUzODU2WjBJMQswCQYDVQQGEwJGUjEZMBcGA1UEAxQQQWxlcnRfTWdyX0NsaWVudDEfMB0GCgmSJomT8ixkAQETD2FsZXJ0bWdyLWNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3pQG3IrNd3p82JXbYtc5w3fXSeJShrXFTKN8TqNbMWy67+HKTute7Z9cbTDH2lsWU+DhJQbKclCGnODky2hIzZFvtKI49s3Rk9tOQ0hwGHeom0c1HYlh6TkMTkUKiG2KJSnyMkJCl5d+IPOtumP4DTxgXYkoozyjbgC4j8yc9J0CAwEAAaOBnzCBnDAfBgNVHSMEGDAWgBS5JFQ82gQKIPHEUgxqsAOE6ET9QDBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGGLmh0dHA6Ly9kb2d0YWcuc29hc2VjLnRoZXJlc2lzLm9yZzo5MDgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEAcvDM8GHbluesoQRJVbwTVxtetZirxu5nPhm75tNb0qcR11aNW9zWHQtip52VyJ5gvgs9IsseUtgc7LAEgNsKsugieZGgfyHlk4FhvFf0+d8NSSHnxTx0Nezw3YwtWh7QDkSD8i5Fu1pJCy6n3E+tQtmpRnRnyXPqJU/IjzKjsRIGQX3LUaeiNpQKnlEnUEAwl9OezpIoTob+0x08jtEeuQFGiJa2Ik0qA44JsX+FBUNeD3KNk1wJWRfxYo9VIxZ4wj1+1PDFtTd49DE+VQc4Gq61rm8dHY5PwsWFgIQwZuiMYk2msS84mQfOQDR4E3mhO9cxHhBIOyTDipDwT36r9g==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="Signature-20079748">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#Id-20469344">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>
Am+TsDy6P0KbLiXViHTkKIVGlR0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-30863650">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>
sQzb8aMwNWbkfh4bG1mi6o0bZ3E=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#CertId-3201971">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>
5eik4SB6Q0N9fWnyA9HDtDnfjeY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
z7rMKOz8DmXWH00hkrACs2UoxwUfmVcIzdfnjIBV8UANwM3kaera6MsnFCoozOh/td2xFrIPgDyj
tsYeXZydhjeJVMxTq/jEUahg+NQWRZrhy5IqkAD/GMb9Ja6Ok3iZhoysctB/ognyagppcVyE9rcB
3Lwfyl+6qL90CIjgAQs=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-1321194">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-33040770">
<wsse:Reference URI="#CertId-3201971"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-20469344">
<ns1:sayHello xmlns:ns1="urn:examples:helloservice">
<firstName>Hello</firstName>
</ns1:sayHello>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsse:BinarySecurityToken wsu:Id="bst_DdNHE1gK8N71Lp1b"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>
MIIDTzCCAjegAwIBAgIBHzANBgkqhkiG9w0BAQUFADBBMR8wHQYDVQQKExZTb2FzZWMgVGhlcmVzaXMgRG9tYWluMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNjI1MTMxMDQxWhcNMTEwMzA5MTcyMTI0WjB3MQ8wDQYDVQQGEwZmcmFuY2UxFjAUBgNVBAgTDWlsZSBkZSBmcmFuY2UxEjAQBgNVBAcTCXBhbGFpc2VhdTENMAsGA1UEChMEc2NpczEPMA0GA1UECxMGdGhhbGVzMRgwFgYDVQQDEw9wYXBhIGRhbWUgc2FtYmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALITZEZIAqmb2SPlK0zZAGS8kWEnxj/51LmG0l3UySQDPDAgBhdjn4Xnx+SHaqV1XEkc4gpBJt9Ofo2rXqWZCocv1K8TH3qki3HnNHoc/J7hyAV/kLxLc0u8evplA+biObVz+2BsCWWpudjyEjdUTqr7Pf2MPorlIoOZ6NXA97AxAgMBAAGjgZ8wgZwwHwYDVR0jBBgwFoAUuSRUPNoECiDxxFIMarADhOhE/UAwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8vZG9ndGFnLnNvYXNlYy50aGVyZXNpcy5vcmc6OTA4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAGhivZsG/0lE2y23F2f0gdkLS2BN/ycHGUnnAWDrNbX8QM5YbDCV/IdmzmaL55H2GGfmdNbr4trV7JNCCBzRBBVqXEiLO7Dv2QeNbH9+LL1dbkCzJEwSGVzatsH7OneKSGS8cWaIL/Wn66uN6tkb/ppGcG8m3OJtdEbBG8mzRsT42xaO3wM2UjIdwiNVjsasMYynuQqASBWfgZP/EZsd6pJ/BoNUFm+YculFKfrMVfKEgna3qNfibrRImg8eQ4kpIR+X6/OUAHpMGIT01N/rnZNoYRkRuIkvhufV13CHPaUygRZsWX+YmVFF5aFEk+R4jrbaRkIN6isYU0wyTWMrrlg=</wsse:BinarySecurityToken>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</dsig:CanonicalizationMethod>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<dsig:Reference URI="#Timestamp_FHeBCOIw12Koj2QA">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<dsig:DigestValue>
ORA7p7yNlDrd/ZBechCBse0kKpQ=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#Id-20469344">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<dsig:DigestValue>
Am+TsDy6P0KbLiXViHTkKIVGlR0=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#bst_DdNHE1gK8N71Lp1b">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
<exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<dsig:DigestValue>
fD8CNAOphwvfr5+DMgRZ/P/SMMo=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
rwasKP0dC2BIo5zjG7YdJYf4fByeLD1tIIWsGztBOosuxtEj3tRWmm7LesnV1EtV58Zivf5PTFFN25QoV/jp2VvJ0Wv/aa2wm2TU3ARuyd/1Xp8jho59TQhLPwGneYbrXADsLInXraFUvej5x2U5P8ad5YdNm6va8D3lCJdqbO8=</dsig:SignatureValue>
<dsig:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
wsu:Id="str_DgHjon1fUtmOWmkD">
<wsse:Reference URI="#bst_DdNHE1gK8N71Lp1b"
ValueType="http://docs.oasis-open.org/w 029e ss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
<wsu:Timestamp wsu:Id="Timestamp_FHeBCOIw12Koj2QA"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsu:Created>2009-08-04T13:24:18Z</wsu:Created>
<wsu:Expires>2009-08-04T13:25:18Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-20469344"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<ns1:sayHello xmlns:ns1="urn:examples:helloservice">
<firstName>Hello</firstName>
</ns1:sayHello>
</soapenv:Body>
</soapenv:Envelope>
_______________________________________________
Wsas-java-user mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
