Version 9
Created by jason.greene on Oct 27, 2005 3:07 PM. Last modified by jason.greene on Nov 1, 2005 4:01 PM.

    WS-Security Message Sign + Encrypt Example

     

    In this example we configure both the client and the server to sign and encrypt the message body. Both also require this from each other. So, if you remove either the client or the server security deployment descriptor, you will notice that the other party will throw a fault explaining that the message did not conform to the proper security requirements.

     

     

    Server configuration (jboss-wsse-server.xml)

         <?xml version="1.0" encoding="UTF-8"?>
     <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
       xsi:schemaLocation="http://www.jboss.com/ws-security/config
         http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  1.   <key-store-file>WEB-INF/wsse.keystore</key-store-file>
  2.   <key-store-password>jbossws</key-store-password>
  3.   <trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
  4.   <trust-store-password>jbossws</trust-store-password>
  5.   <config>
  6     <sign type="x509v3" alias="wsse"></sign>
  7.    <encrypt type="x509v3" alias="wsse"></encrypt>
  8.     <requires>
  9.       <signature></signature>
 10.       <encryption></encryption>
         </requires>
       </config>
     </jboss-ws-security>

     

    Explanation

     

     

    1. This specifies that the key store we wish to use is WEB-INF/wsse.keystore, which is located in our war file.

    2. This specifies that the store password is "jbossws"

    3. This specifies that the trust store we wish to use is WEB-INF/wsse.truststore, which is located in our war file.

    4. This specifies that the trust store password is also "jbossws"

    5. Here we start our root config block. The root config block is the default configuration for all services in this war file.

    6. This means that the server must sign the message body of all responses. Type means that we are to use a X.509v3 certificate (a standard certificate). The alias option says that the certificate/key pair to use for signing is in the key store under the "wsse" alias

    7. This means that the server must encrypt the message body of all responses. Type means that we are to use a X.509v3 certificate (a standard certificate). The alias option says that the certificate of the party we are communicating with is in the key store under the "wsse" alias.

    8. Here we start our optional requires block. This block specifies all security requirements that must be met when the server receives a message.

    9. This means that all web services in this war file require the message body to be siged.

    10. This means that all web services in this war file require the message body to be encrypted.

     

    Notes

     

    The key alias specified in the encrypt tag is usually different than the one you would specify in a sign tag. The reason is that, with encryption, you actually are using the other party's public key, not your own key pair. This is normal 2-way asymmetric encryption semmantics. Each person uses the other's public key to send data to each other, because each person never gives out their private key, which is the only key that can decrypt the message. What this means to you is that when you want to set up encryption between another party, you need to get a certificate from them, and import that into your keystore as a trustedCertEntry. You will then be able to send encrypted data to them. If this is mutual (they send data to you as well), then you will also need to give them your certificate.

     

     

    Client configuration (jboss-wsse-client.xml)

         <?xml version="1.0" encoding="UTF-8"?>
     <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
       xsi:schemaLocation="http://www.jboss.com/ws-security/config   
         http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  1.   <config>
  2.     <sign type="x509v3" alias="wsse"></sign>
  3.     <encrypt type="x509v3" alias="wsse/
  4.     <requires>
  5.       <signature></signature>
  6.       <encryption></encryption>
         </requires>
       </config>
     </jboss-ws-security>

     

    Explanation

     

     

    1. Here we start our root config block. The root config block is the default configuration for all web service clients (Call, Proxy objects).

    2. This means that the client must sign the message body of all requests it sends. Type means that we are to use a X.509v3 certificate (a standard certificate). The alias option says that the certificate/key pair to use for signing is in the key store under the "wsse" alias

    3. Here we start our optional requires block. This block specifies all security requirements that must be met when the client receives a response.

    4. This means that all web service clients must receive signed response messages.

    5. This means that all web service clients must receive encrypted response messages.

     

    Notes

     

    • We did not specify a key store or trust store, because client apps instead use the wsse System properties instead. If this was a web or ejb client (meaning a webservice client in a war or ejb jar file), then we would have specified them in the client descriptor.

     

     

    Client Request Before Signing & Encrypting

     

    <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header></env:Header>
  <env:Body>
    <ns1:echoUserType xmlns:ns1="http://org.jboss.test.ws/wsse">
      <UserType_1 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <msg>Kermit</msg>
      </UserType_1>
    </ns1:echoUserType>
  </env:Body>
</env:Envelope>

     

    Server Response Before Signing & Encrypting

     

    <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header>
  </env:Header>
  <env:Body>
    <ns1:echoUserTypeResponse xmlns:ns1="http://org.jboss.test.ws/wsse">
      <result xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <msg>Kermit</msg>
      </result>
    </ns1:echoUserTypeResponse>
  </env:Body>
</env:Envelope>

     

    Client Request after Signing & Encrypting

     

    <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header>
    <wsse:Security env:mustUnderstand="1"
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="timestamp">
        <wsu:Created>2005-10-27T20:45:57.765Z</wsu:Created>
      </wsu:Timestamp>
      <wsse:BinarySecurityToken
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
        wsu:Id="token-2-1130445958046-5369678">
        MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT
        Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j
        LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A
        amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT
        MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl
        bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl
        bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g
        N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP
        1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0
        8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q
        qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj
        JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
        T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq
        St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG
        EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD
        VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI
        hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs
        M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit
        hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04
        Hb1iUP9iqcdN2w==</wsse:BinarySecurityToken>
      <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
          xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference wsu:Id="reference-5-1130445958781-33440105">
            <wsse:Reference URI="#token-2-1130445958046-5369678"
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
            ></wsse:Reference>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
        <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
          <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
WHrLY5i+Ejx0MFvTH8G1cx01ncjsloYSn8wtgce8dKEF810JqrECA8Mhuh4OWjkgfqRzDi+6raYn
            6wjzAF+A5l8tQaXqHHodnvEd9CPu6tosAJnqsHgT0fsFDDtORr6q3QwtgeUHzDWDCuiYAqLRAzbz
            lBe7qUTfVVKjKRWjT6dzqSmyuIjdJQzZCwqiJscDGVWGi2er5bJAzkVg9uKKuNo/MujLh2ilFTj6
            Vd58zfYl4yNBNscgNX/4ZP4UgAZy35AX6uZL9oLs9ovwV8d3FXHkeai5KzqGs9HtMwi7taja7fmU
            h6r6YSkCLu56ytNhFIkxOJnRpHs8JEIt2HD6RA==</xenc:CipherValue>
        </xenc:CipherData>
        <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
          <xenc:DataReference URI="#encrypted-4-1130445958718-27532487"
            xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:DataReference>
        </xenc:ReferenceList>
      </xenc:EncryptedKey>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod>
          <ds:Reference URI="#element-1-1130445957765-23954271"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
              xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
            <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
              >/AIOmsyl9P/L9Uc682GuQcaIHh8=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#timestamp" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
              xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
            <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
              >Z2z1VXbpPq+p7XSR2THp64B8YR4=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          WusA1hEd1C41UinAxE7VhtHLKPglrSsQ2l7RwfoUzCzfRig6d3CPQsK4SLCKgAE704m68OqoGxAA
          WJS7LZK3dvULf7J46I+jXVzd+EZgMf6DCyhGsSDVEMpEIWnr/B4MqL0QC+BnpuFGIPrIo5iAlyf0
          fI6IRcT3Ij9j/BiURfrAt1OeMjhYNRzILHePnuGkGpB40JW5d9D1zt78iLPe60eIIkhftPkb2uhK
          Q834r4sil0X2gxSumOX8Mls77QLBLVSAEcubS4xLubVYxSRRrj9DSI0Mp5VXhDCc9nP4g39bff0y
          RtnHSDZA1QRp2LJbSXnmtuptqMewmEccm7XxgQ==</ds:SignatureValue>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference wsu:Id="reference-3-1130445958046-20313166">
            <wsse:Reference URI="#token-2-1130445958046-5369678"
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
            ></wsse:Reference>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
  </env:Header>
  <env:Body wsu:Id="element-1-1130445957765-23954271"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <xenc:EncryptedData Id="encrypted-4-1130445958718-27532487"
      Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod>
      <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
          wFuJ3VykkidswqkQHRRUVOfOeDE2Ps7vH0pCgdQMLOm7whH+bS2tC2QpU4PutERFzCm6hAUJjLqD
          TRu9clKtsJPyS6FuK/XcveIRXZ4cJJZf3VU1I6EZUZmrwLamVqoyhFGAcaXozB2lTmRtHyJNEJDy
          D/dE/nF26JZAGTkFiy9o8kI84z2wMqKRhfZrwBHxN6xM8fhhch/L5SgZ2Kw3Z8mzw1bbrExLAXaN
          RX19tSBpzboYQbTU0Jbpjbncegid3DkZv7+l0bU9chG/nTUfh7o+3fP7RSFFPkJ45JK23fDOaSNA
          nr1yIbAJ8gjwg8KhSZGxQ/8Z79hdAMqNAaX6Rvhb6we3oKaM1Yp0kpSP1Ew3M69rMMRDjtMHq5uj
          WVDNM2QD0btAGJIo80BDBUDEf2kGm3sDb91C19u9dTVmjD8bNI78n1O0f9mWRR/DlKYD/t+OeS3K
          LNvgebJFtyn7rg==</xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedData>
  </env:Body>
</env:Envelope>

     

     

    Server Response after Signing & Encryption

    <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header>
    <wsse:Security env:mustUnderstand="1"
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="timestamp">
        <wsu:Created
          xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
          >2005-10-27T20:46:00.984Z</wsu:Created>
      </wsu:Timestamp>
      <wsse:BinarySecurityToken
        EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
        wsu:Id="token-2-1130445961093-13498482"
        >MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT
        Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j
        LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A
        amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT
        MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl
        bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl
        bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g
        N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP
        1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0
        8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q
        qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj
        JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
        T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq
        St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG
        EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD
        VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI
        hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs
        M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit
        hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04
        Hb1iUP9iqcdN2w==</wsse:BinarySecurityToken>
      <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
          xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference wsu:Id="reference-5-1130445961109-17793193"
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:Reference URI="#token-2-1130445961093-13498482"
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
              xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            ></wsse:Reference>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
        <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
          <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
            >r6WBF7+Tx8BrKvc8q0rzvdPzkUhMl4VS6HJQwlsNKv4pqmGAfhzadEHos9J72EwarnyYEPYTI/hG
            3O3EaRoXKUEDUbcjrb4D5uCdgGH8wbtxM3Ilp8ThH3vVTVHm20xNZKRF76NcKh9aIVax3V6kVzce
            mJEpU2Z+zacGvwT/3Qs+B8Kaz9WTynMjODCpFJusUCQ2cjTitAls4OYpJzjaxEeIMKJwtfdXSXIT
            7nxQbM8CHHeZAlEkGcCfAIJpQNmNjYtI83RELPClR1ceSVx+5y8FzV7jmYisEj/kg8no72K063Ip
            5C3kd2EMzjohdVs3LGbJveMDdIBcW1uzytQtRQ==</xenc:CipherValue>
        </xenc:CipherData>
        <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
          <xenc:DataReference URI="#encrypted-4-1130445961093-3664555"
            xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:DataReference>
        </xenc:ReferenceList>
      </xenc:EncryptedKey>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod>
          <ds:Reference URI="#element-1-1130445961000-6872109"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
              xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
            <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
              >E0xaW/6V9ArKkgQgID7bnX0Y8lA=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#timestamp" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
              xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
            <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
              >oRjuNbRvBJbptun1Q/0M0UNhB+I=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          Qf2sf1pn1Kd5w+abzZ1OOwLgnSGeNuVA30K+tZAuGOsrYwC0diqThif7Gkxwk6MMk4TPSW606e3G
          4E8tmbU9AhelIecJJcW/oyhKkjXA5OsInIAEJv6mQ1nPQRY16KyIO0YJyhIyPEdGm5rPQiGLoq73
          QoJ8RSOh4ne83aByDTt98t7/3syMkX1kBH5UmQOwAxPHrJM9+HyeYacLO8sCQXXoGkWlYsTIhsxI
          ErqXg9aMKpG0iyftFczYTz6i5XwS7VQR/3FE5M1rfp2LDd6XjixvwdlwSQsamGmJh39LkJTO+xwI
          hhFO5WbGI/yP88ikENfpnJLZXl1XpBY/34cD7A==</ds:SignatureValue>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference wsu:Id="reference-3-1130445961093-7481256"
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:Reference URI="#token-2-1130445961093-13498482"
              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
              xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
            ></wsse:Reference>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
  </env:Header>
  <env:Body wsu:Id="element-1-1130445961000-6872109"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <xenc:EncryptedData Id="encrypted-4-1130445961093-3664555"
      Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod>
      <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
          >wB7v/3zrzZCS4PMjVsyCVLa1WGKmjhWmgv+MBrK0C7pKKI0/u+ITvVWkUMiVGzhZv2Ye3k4sjesZ
          Imfp41GQOHODxtgLScSd9UpNVSCLKK4FTEdTnGoeZpLNQpto27NAbtDVE1UsiTrsBvW5JLWAo6Gf
          7bUGxsgkD5hiRjdMxTMrr4V/H6vW60XWmmmSGZW6D07I/nBTRlmpBQ4FXUWBZHEha2bK8f7kNImg
          K8d//Rvdtep7KkHxfFtRkINbCjjGo60lPbBS9AoYkU1WeICWJ9xs6RBe/HExKnGtdRpovvaNDYGy
          y3L1PL1BGiCBAjZRwfChgmfDjeGzTkF0qB0/NyI/HgogBE4CZw/tjAiNOuMoMcwa1wpZ3VRvhE8z
          KYFMVpIyQCpIJfW3lmFERxRElHz6wNIAD1noMODAJUVBzO2YaYYK+4UbMxPqDUoeKUu6mMPeDjCV
          4m48y87/ECrGbw==</xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedData>
  </env:Body>
</env:Envelope>

     

    2929 Views Categories: Tags: