Problems connecting to WSE3 service with usernameForCertifcate policy using Metro
I am connecting to a WSE3 service and have been battling for more than a week now using Metro 2.1.1. Part of the problem is that the wsdl did not contain the policy assertions and the guys at the other end used a turnkey usernameForCertifcate policy which I list below. The metro message looks similar to their sample, except for some different ordering and a few other cosmetic things (like metro adds xsi:type="KeyInfoType").
The problem I get when using metro is:
"Referenced security token could not be retrieved ---> WSE590: Failed to resolve the following Key Info"
<faultstring>
Referenced security token could not be retrieved ---> WSE590: Failed to resolve the following Key Info
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#_4" />
</wsse:SecurityTokenReference>
</KeyInfo>
</faultstring>
I am able to send a sample message of their's successfully with JMeter. So I did the following as well, as a last resort hack as this project hinges on this. I take their message as a template and replace the encrypted and signed data with what is generated by metro. This manages to get past password authentication, but then fails with this:
"The signature or decryption was invalid"
That's the only detail I get and am not sure if more logging could be enabled on their side...
Microsoft policy:
<policy name="AspectClientPolicy">
<usernameForCertificateSecurity establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
<serviceToken>
<x509 storeLocation="LocalMachine" storeName="My" findValue="CN=AspectWS2" findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
</policy>
WSDL additions:
<wsp:Policy wsu:Id="ClientKeystorePolicy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/client"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:scc="http://schemas.sun.com/ws/2006/05/sc/client" >
<wsp:ExactlyOne>
<wsp:All>
<sunsp:DisableInclusivePrefixList xmlns:sunsp="http://schemas.sun.com/2006/03/wss/client"></sunsp:DisableInclusivePrefixList>
<sc:TrustStore wspp:visibility="private" storepass="XXX" type="JKS" location="XXX" peeralias="XXX"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="UserNameForCertificate_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:RequireDerivedKeys />
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<!-- Have tried with and without this following element /-->
<!-- sp:EncryptSignature /-->
<sp:SignBeforeEncrypting />
<!-- Have tried with and without this following element /-->
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:SignedEncryptedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedEncryptedSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
</wsp:Policy>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust13>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Metro message:
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing" wsu:Id="_5004">XXX</To>
<Action xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing" wsu:Id="_5005">XXX</Action>
<ReplyTo xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing" wsu:Id="_5006">
<Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing" wsu:Id="_5007">uuid:145a0194-dd4e-40fe-a7f3-9785885bae37</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_5">
<wsu:Created>2011-09-08T13:08:45Z</wsu:Created>
<wsu:Expires>2011-09-08T13:13:45Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_5002">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XXX
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>XXX
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>24</ns19:Length>
<ns19:Nonce>XXX</ns19:Nonce>
</ns19:DerivedKeyToken>
<ns19:DerivedKeyToken xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_4">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<ns19:Offset>0</ns19:Offset>
<ns19:Length>32</ns19:Length>
<ns19:Nonce>XXX</ns19:Nonce>
</ns19:DerivedKeyToken>
<xenc:ReferenceList xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope">
<xenc:DataReference URI="#_5010" />
<xenc:DataReference URI="#_5011" />
</xenc:ReferenceList>
<xenc:EncryptedData xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_5011"
Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>XXX
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<ds:Signature xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<ds:Reference URI="#_5004">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XXX</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5005">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XXX</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5006">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XXX</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5007">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XXX</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5008">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XXX</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XXX</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#uuid_cb40a9a9-d60d-474a-8d1a-0f59e167de38">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XXX</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>XXX</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="_5003">
<wsse:Reference URI="#_3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="_5008">
<xenc:EncryptedData xmlns:ns19="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns18="http://www.w3.org/2003/05/soap-envelope" Id="_5010"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#_4" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>XXX
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</S:Body>
</S:Envelope>
Their message:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-d330500d-f6c7-44f1-9c41-366a8b113c8b">XXX</wsa:Action>
<wsa:MessageID wsu:Id="Id-5eb5d564-1594-4f15-ab0a-6e8aec86cdc0">urn:uuid:315cae87-7f8b-4ec0-9875-2fcf81594ccb</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-1fb4bfa4-5c16-494e-8f7d-ad0370e00138">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-70bd8ebf-580e-424a-86bb-3a64ce02d29a">XXX</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-1a34bff5-908b-4310-8d32-7dad291991ad">
<wsu:Created>2011-09-06T13:34:56Z</wsu:Created>
<wsu:Expires>2011-09-06T13:39:56Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey Id="SecurityToken-047d4682-02bd-424f-9c2d-b4f75b5eb8d7" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XXX</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>XXX
</xenc:CipherData>
</xenc:EncryptedKey>
<wssc:DerivedKeyToken wsu:Id="SecurityToken-856faf50-7736-41c1-b636-66616a1fb84f" Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-047d4682-02bd-424f-9c2d-b4f75b5eb8d7" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>32</wssc:Length>
<wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
<wssc:Nonce>XXX</wssc:Nonce>
</wssc:DerivedKeyToken>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:DataReference URI="#Enc-519e1e55-9407-4401-a92d-ebcf737b4669" />
<xenc:DataReference URI="#Enc-6805eb5a-4c80-4bcc-9e21-1fc63051021c" />
</xenc:ReferenceList>
<xenc:EncryptedData Id="Enc-519e1e55-9407-4401-a92d-ebcf737b4669" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-856faf50-7736-41c1-b636-66616a1fb84f" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>XXX</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<wssc:DerivedKeyToken wsu:Id="SecurityToken-97b849c3-bf59-4b9d-93af-90673b5cc8cb" Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-047d4682-02bd-424f-9c2d-b4f75b5eb8d7" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>24</wssc:Length>
<wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
<wssc:Nonce>XXX</wssc:Nonce>
</wssc:DerivedKeyToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<Reference URI="#SecurityToken-940d8767-aff0-4f07-9a10-ed501106dc74">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XXX</DigestValue>
</Reference>
<Reference URI="#Id-d330500d-f6c7-44f1-9c41-366a8b113c8b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XXX</DigestValue>
</Reference>
<Reference URI="#Id-5eb5d564-1594-4f15-ab0a-6e8aec86cdc0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XXX</DigestValue>
</Reference>
<Reference URI="#Id-1fb4bfa4-5c16-494e-8f7d-ad0370e00138">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XXX</DigestValue>
</Reference>
<Reference URI="#Id-70bd8ebf-580e-424a-86bb-3a64ce02d29a">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<Digest开发者_Python百科Value>XXX</DigestValue>
</Reference>
<Reference URI="#Timestamp-1a34bff5-908b-4310-8d32-7dad291991ad">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XXX</DigestValue>
</Reference>
<Reference URI="#Id-93c6fa92-cc95-4d14-abd6-41c27568b004">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XXX</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XXX</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-97b849c3-bf59-4b9d-93af-90673b5cc8cb" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-93c6fa92-cc95-4d14-abd6-41c27568b004">
<xenc:EncryptedData Id="Enc-6805eb5a-4c80-4bcc-9e21-1fc63051021c" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-856faf50-7736-41c1-b636-66616a1fb84f" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>XXX</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
Oh and I realize WSE3 is obsolete...
加载中,请稍侯......
精彩评论