[xmlsec] Re: Implementing WS-Security using XMLSec...

Aleksey Sanin aleksey@aleksey.com
Tue, 03 Jun 2003 08:28:54 -0700


This is a multi-part message in MIME format.
--------------070507090908090707030908
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

First of all, I would appreciate if you would use xmlsec mailing list
for any question about xmlsec library (this reply is copied to the list, 
btw).

It seems that your <Reference/> element contains URI with Id attribute.
And I am not sure I understand how you got the error you describe 
without a DTD.
Most likely you should have something like this instead:

func=xmlSecXPathDataExecute:file=xpath.c:line=250:obj=unknown:subj=xmlXPtrEval:
error=5:libxml2 library function failed:
expr=xpointer(id('wssecurity_body_id_3550107555769326699_1054623170226'))

Please read section 3.2 from the FAQ 
(http://www.aleksey.com/xmlsec/faq.html)
for explanation "why".

Assuming you add a correct DTD, the signature seems to be trivial 
(Reference with an ID
type URI plus one exc C14N transform) and I would be really surprised if 
xmlsec does
a wrong thing here. Unfortunately, there is no easy way to determine why 
digests do not
match. In xmlsec you can use '--print-all' option to get the binary 
stream just before
digesting. The best you can do is to compare this data with similar ones 
from WebSphere
(if you would be able to get same data from WebSphere). Read 
documentation or search
mailing list. There were several similar problems before.

And if you want me to guess, I would bet that you have different digests 
because
something introduced spaces and/or end of lines when you've dumped XML 
document
to file.


Aleksey


arvasoft@attbi.com wrote:

>Hi Alexsey,
>
>I am implementing WS-Security using XMLSec. Currently, I am trying to
>validate signatures generated by Websphere, but am running into a problem
>where the Digests generated by Websphere and that by XMLSec are different.
>This causes the following error
>
>func=:file=..\src\openssl\digests.c:line=164:obj=sha1:subj=unknown:error=12:
>inva
>lid data:data and digest do not match
>Signature is INVALID
>
>I would really appreciate your help on resolving this issue.
>
>Thanks,
>
>Regards,
>
>-Venky
>
>
>PS: I am attaching the following files:
>
>  1. original Websphere signed document
>  2. a modified version of the xml document that I am using for the test, I
>have
>     copied the X509 from <wsse:BinarySecurityToken> to <X509Certificate> in
>     <KeyInfo>.
>  3. cacert.pem the trusted root that I use
>  
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>  <soapenv:Header>
>    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
>      <wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
>        MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
>        BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
>        IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
>        MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
>        A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
>        cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
>        hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
>        ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
>        aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
>        eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
>        VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
>        YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
>        FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
>        MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
>        b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
>        ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
>        cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
>        QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
>        FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
>      </wsse:BinarySecurityToken>
>      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>        <SignedInfo>
>          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>          <Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226">
>            <Transforms>
>              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>            </Transforms>
>            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>            <DigestValue>5zj77bM9zGNVvLBIdy6yho/IZ+g=</DigestValue>
>          </Reference>
>        </SignedInfo>
>        <SignatureValue>
>          vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
>          sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
>          vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
>        </SignatureValue>
>        <KeyInfo>
>          <wsse:SecurityTokenReference>
>            <wsse:Reference URI="#wssecurity_binary_security_token_id_3491871345588805218_1054623170226"/>
>          </wsse:SecurityTokenReference>
>        </KeyInfo>
>      </Signature>
>    </wsse:Security>
>  </soapenv:Header>
> <soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
>  <getGreetingResponse xmlns="http://Sample8.wsdk.ibm.com">
>   <getGreetingReturn xmlns="">Hello venky. How are you?</getGreetingReturn>
>  </getGreetingResponse>
> </soapenv:Body>
></soapenv:Envelope>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>  <soapenv:Header>
>    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
>      <wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
>        MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
>        BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
>        IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
>        MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
>        A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
>        cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
>        hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
>        ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
>        aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
>        eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
>        VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
>        YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
>        FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
>        MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
>        b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
>        ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
>        cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
>        QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
>        FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
>      </wsse:BinarySecurityToken>
>      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>        <SignedInfo>
>          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>          <Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226">
>            <Transforms>
>              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>            </Transforms>
>            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>            <DigestValue>5zj77bM9zGNVvLBIdy6yho/IZ+g=</DigestValue>
>          </Reference>
>        </SignedInfo>
>        <SignatureValue>
>          vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
>          sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
>          vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
>        </SignatureValue>
>        <KeyInfo>
>          <X509Data>
>            <X509Certificate>MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
>        BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
>        IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
>        MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
>        A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
>        cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
>        hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
>        ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
>        aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
>        eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
>        VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
>        YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
>        FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
>        MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
>        b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
>        ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
>        cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
>        QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
>        FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583</X509Certificate>
>          </X509Data>
>        </KeyInfo>
>      </Signature>
>    </wsse:Security>
>  </soapenv:Header>
> <soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
>  <getGreetingResponse xmlns="http://Sample8.wsdk.ibm.com">
>   <getGreetingReturn xmlns="">Hello venky. How are you?</getGreetingReturn>
>  </getGreetingResponse>
> </soapenv:Body>
></soapenv:Envelope>
>

--------------070507090908090707030908
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body>
First of all, I would appreciate if you would use xmlsec mailing list <br>
for any question about xmlsec library (this reply is copied to the
list, btw).<br>
<br>
It seems that your &lt;Reference/&gt; element contains URI with Id
attribute.<br>
And I am not sure I understand how you got the error you describe
without a DTD.<br>
Most likely you should have something like this instead:<br>
<br>
func=xmlSecXPathDataExecute:file=xpath.c:line=250:obj=unknown:subj=xmlXPtrEval:<br>
error=5:libxml2 library function failed:<br>
expr=xpointer(id('wssecurity_body_id_3550107555769326699_1054623170226'))<br>
<br>
Please read section 3.2 from the FAQ
(<a class="moz-txt-link-freetext" href="http://www.aleksey.com/xmlsec/faq.html">http://www.aleksey.com/xmlsec/faq.html</a>)<br>
for explanation "why".<br>
<br>
Assuming you add a correct DTD, the signature seems to be trivial
(Reference with an ID<br>
type URI plus one exc C14N transform) and I would be really surprised
if xmlsec does<br>
a wrong thing here. Unfortunately, there is no easy way to determine
why digests do not <br>
match. In xmlsec you can use '--print-all' option to get the binary
stream just before<br>
digesting. The best you can do is to compare this data with similar
ones from WebSphere<br>
(if you would be able to get same data from WebSphere). Read
documentation or search<br>
mailing list. There were several similar problems before.<br>
<br>
And if you want me to guess, I would bet that you have different
digests because<br>
something introduced spaces and/or end of lines when you've dumped XML
document <br>
to file.<br>
<br>
<br>
Aleksey<br>
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:arvasoft@attbi.com">arvasoft@attbi.com</a> wrote:<br>
<blockquote type="cite"
 cite="mid000401c329d3$bff971e0$030aa8c0@corp.arvasoft.com">
  <pre wrap="">Hi Alexsey,

I am implementing WS-Security using XMLSec. Currently, I am trying to
validate signatures generated by Websphere, but am running into a problem
where the Digests generated by Websphere and that by XMLSec are different.
This causes the following error

func=:file=..\src\openssl\digests.c:line=164:obj=sha1:subj=unknown:error=12:
inva
lid <a class="moz-txt-link-freetext" href="data:data">data:data</a> and digest do not match
Signature is INVALID

I would really appreciate your help on resolving this issue.

Thanks,

Regards,

-Venky


PS: I am attaching the following files:

  1. original Websphere signed document
  2. a modified version of the xml document that I am using for the test, I
have
     copied the X509 from &lt;wsse:BinarySecurityToken&gt; to &lt;X509Certificate&gt; in
     &lt;KeyInfo&gt;.
  3. cacert.pem the trusted root that I use
  </pre>
  <pre wrap="">
<hr width="90%" size="4">
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;soapenv:Envelope xmlns:soapenv=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/soap/envelope/">"http://schemas.xmlsoap.org/soap/envelope/"</a> xmlns:xsd=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema">"http://www.w3.org/2001/XMLSchema"</a> xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>&gt;
  &lt;soapenv:Header&gt;
    &lt;wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/secext">"http://schemas.xmlsoap.org/ws/2002/07/secext"</a>&gt;
      &lt;wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>&gt;
        MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
        BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
        IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
        MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
        A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
        cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
        hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
        ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
        aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
        eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
        VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
        YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
        FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
        MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
        b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
        ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
        cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
        QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
        FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
      &lt;/wsse:BinarySecurityToken&gt;
      &lt;Signature xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>&gt;
        &lt;SignedInfo&gt;
          &lt;CanonicalizationMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/&gt;
          &lt;SignatureMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/&gt;
          &lt;Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226"&gt;
            &lt;Transforms&gt;
              &lt;Transform Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/&gt;
            &lt;/Transforms&gt;
            &lt;DigestMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/&gt;
            &lt;DigestValue&gt;5zj77bM9zGNVvLBIdy6yho/IZ+g=&lt;/DigestValue&gt;
          &lt;/Reference&gt;
        &lt;/SignedInfo&gt;
        &lt;SignatureValue&gt;
          vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
          sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
          vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
        &lt;/SignatureValue&gt;
        &lt;KeyInfo&gt;
          &lt;wsse:SecurityTokenReference&gt;
            &lt;wsse:Reference URI="#wssecurity_binary_security_token_id_3491871345588805218_1054623170226"/&gt;
          &lt;/wsse:SecurityTokenReference&gt;
        &lt;/KeyInfo&gt;
      &lt;/Signature&gt;
    &lt;/wsse:Security&gt;
  &lt;/soapenv:Header&gt;
 &lt;soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>&gt;
  &lt;getGreetingResponse xmlns=<a class="moz-txt-link-rfc2396E" href="http://Sample8.wsdk.ibm.com">"http://Sample8.wsdk.ibm.com"</a>&gt;
   &lt;getGreetingReturn xmlns=""&gt;Hello venky. How are you?&lt;/getGreetingReturn&gt;
  &lt;/getGreetingResponse&gt;
 &lt;/soapenv:Body&gt;
&lt;/soapenv:Envelope&gt;</pre>
  <pre wrap="">
<hr width="90%" size="4">
&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;soapenv:Envelope xmlns:soapenv=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/soap/envelope/">"http://schemas.xmlsoap.org/soap/envelope/"</a> xmlns:xsd=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema">"http://www.w3.org/2001/XMLSchema"</a> xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>&gt;
  &lt;soapenv:Header&gt;
    &lt;wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/secext">"http://schemas.xmlsoap.org/ws/2002/07/secext"</a>&gt;
      &lt;wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>&gt;
        MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
        BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
        IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
        MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
        A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
        cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
        hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
        ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
        aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
        eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
        VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
        YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
        FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
        MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
        b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
        ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
        cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
        QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
        FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
      &lt;/wsse:BinarySecurityToken&gt;
      &lt;Signature xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>&gt;
        &lt;SignedInfo&gt;
          &lt;CanonicalizationMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/&gt;
          &lt;SignatureMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/&gt;
          &lt;Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226"&gt;
            &lt;Transforms&gt;
              &lt;Transform Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/&gt;
            &lt;/Transforms&gt;
            &lt;DigestMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/&gt;
            &lt;DigestValue&gt;5zj77bM9zGNVvLBIdy6yho/IZ+g=&lt;/DigestValue&gt;
          &lt;/Reference&gt;
        &lt;/SignedInfo&gt;
        &lt;SignatureValue&gt;
          vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
          sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
          vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
        &lt;/SignatureValue&gt;
        &lt;KeyInfo&gt;
          &lt;X509Data&gt;
            &lt;X509Certificate&gt;MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
        BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
        IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
        MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
        A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
        cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
        hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
        ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
        aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
        eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
        VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
        YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
        FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
        MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
        b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
        ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
        cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
        QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
        FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583&lt;/X509Certificate&gt;
          &lt;/X509Data&gt;
        &lt;/KeyInfo&gt;
      &lt;/Signature&gt;
    &lt;/wsse:Security&gt;
  &lt;/soapenv:Header&gt;
 &lt;soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>&gt;
  &lt;getGreetingResponse xmlns=<a class="moz-txt-link-rfc2396E" href="http://Sample8.wsdk.ibm.com">"http://Sample8.wsdk.ibm.com"</a>&gt;
   &lt;getGreetingReturn xmlns=""&gt;Hello venky. How are you?&lt;/getGreetingReturn&gt;
  &lt;/getGreetingResponse&gt;
 &lt;/soapenv:Body&gt;
&lt;/soapenv:Envelope&gt;</pre>
</blockquote>
</body>
</html>

--------------070507090908090707030908--