[xmlsec] Re: Implementing WS-Security using XMLSec...
Aleksey Sanin
aleksey@aleksey.com
Tue, 03 Jun 2003 08:28:54 -0700
This is a multi-part message in MIME format.
--------------070507090908090707030908
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
First of all, I would appreciate if you would use xmlsec mailing list
for any question about xmlsec library (this reply is copied to the list,
btw).
It seems that your <Reference/> element contains URI with Id attribute.
And I am not sure I understand how you got the error you describe
without a DTD.
Most likely you should have something like this instead:
func=xmlSecXPathDataExecute:file=xpath.c:line=250:obj=unknown:subj=xmlXPtrEval:
error=5:libxml2 library function failed:
expr=xpointer(id('wssecurity_body_id_3550107555769326699_1054623170226'))
Please read section 3.2 from the FAQ
(http://www.aleksey.com/xmlsec/faq.html)
for explanation "why".
Assuming you add a correct DTD, the signature seems to be trivial
(Reference with an ID
type URI plus one exc C14N transform) and I would be really surprised if
xmlsec does
a wrong thing here. Unfortunately, there is no easy way to determine why
digests do not
match. In xmlsec you can use '--print-all' option to get the binary
stream just before
digesting. The best you can do is to compare this data with similar ones
from WebSphere
(if you would be able to get same data from WebSphere). Read
documentation or search
mailing list. There were several similar problems before.
And if you want me to guess, I would bet that you have different digests
because
something introduced spaces and/or end of lines when you've dumped XML
document
to file.
Aleksey
arvasoft@attbi.com wrote:
>Hi Alexsey,
>
>I am implementing WS-Security using XMLSec. Currently, I am trying to
>validate signatures generated by Websphere, but am running into a problem
>where the Digests generated by Websphere and that by XMLSec are different.
>This causes the following error
>
>func=:file=..\src\openssl\digests.c:line=164:obj=sha1:subj=unknown:error=12:
>inva
>lid data:data and digest do not match
>Signature is INVALID
>
>I would really appreciate your help on resolving this issue.
>
>Thanks,
>
>Regards,
>
>-Venky
>
>
>PS: I am attaching the following files:
>
> 1. original Websphere signed document
> 2. a modified version of the xml document that I am using for the test, I
>have
> copied the X509 from <wsse:BinarySecurityToken> to <X509Certificate> in
> <KeyInfo>.
> 3. cacert.pem the trusted root that I use
>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
> <wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
> MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
> BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
> IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
> MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
> A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
> cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
> hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
> ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
> aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
> eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
> VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
> YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
> FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
> MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
> b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
> ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
> cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
> QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
> FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
> </wsse:BinarySecurityToken>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>5zj77bM9zGNVvLBIdy6yho/IZ+g=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>
> vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
> sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
> vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
> </SignatureValue>
> <KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#wssecurity_binary_security_token_id_3491871345588805218_1054623170226"/>
> </wsse:SecurityTokenReference>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
> <getGreetingResponse xmlns="http://Sample8.wsdk.ibm.com">
> <getGreetingReturn xmlns="">Hello venky. How are you?</getGreetingReturn>
> </getGreetingResponse>
> </soapenv:Body>
></soapenv:Envelope>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
> <wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
> MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
> BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
> IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
> MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
> A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
> cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
> hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
> ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
> aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
> eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
> VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
> YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
> FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
> MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
> b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
> ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
> cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
> QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
> FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
> </wsse:BinarySecurityToken>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>5zj77bM9zGNVvLBIdy6yho/IZ+g=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>
> vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
> sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
> vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
> </SignatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
> BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
> IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
> MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
> A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
> cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
> hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
> ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
> aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
> eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
> VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
> YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
> FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
> MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
> b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
> ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
> cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
> QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
> FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
> <getGreetingResponse xmlns="http://Sample8.wsdk.ibm.com">
> <getGreetingReturn xmlns="">Hello venky. How are you?</getGreetingReturn>
> </getGreetingResponse>
> </soapenv:Body>
></soapenv:Envelope>
>
--------------070507090908090707030908
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
First of all, I would appreciate if you would use xmlsec mailing list <br>
for any question about xmlsec library (this reply is copied to the
list, btw).<br>
<br>
It seems that your <Reference/> element contains URI with Id
attribute.<br>
And I am not sure I understand how you got the error you describe
without a DTD.<br>
Most likely you should have something like this instead:<br>
<br>
func=xmlSecXPathDataExecute:file=xpath.c:line=250:obj=unknown:subj=xmlXPtrEval:<br>
error=5:libxml2 library function failed:<br>
expr=xpointer(id('wssecurity_body_id_3550107555769326699_1054623170226'))<br>
<br>
Please read section 3.2 from the FAQ
(<a class="moz-txt-link-freetext" href="http://www.aleksey.com/xmlsec/faq.html">http://www.aleksey.com/xmlsec/faq.html</a>)<br>
for explanation "why".<br>
<br>
Assuming you add a correct DTD, the signature seems to be trivial
(Reference with an ID<br>
type URI plus one exc C14N transform) and I would be really surprised
if xmlsec does<br>
a wrong thing here. Unfortunately, there is no easy way to determine
why digests do not <br>
match. In xmlsec you can use '--print-all' option to get the binary
stream just before<br>
digesting. The best you can do is to compare this data with similar
ones from WebSphere<br>
(if you would be able to get same data from WebSphere). Read
documentation or search<br>
mailing list. There were several similar problems before.<br>
<br>
And if you want me to guess, I would bet that you have different
digests because<br>
something introduced spaces and/or end of lines when you've dumped XML
document <br>
to file.<br>
<br>
<br>
Aleksey<br>
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:arvasoft@attbi.com">arvasoft@attbi.com</a> wrote:<br>
<blockquote type="cite"
cite="mid000401c329d3$bff971e0$030aa8c0@corp.arvasoft.com">
<pre wrap="">Hi Alexsey,
I am implementing WS-Security using XMLSec. Currently, I am trying to
validate signatures generated by Websphere, but am running into a problem
where the Digests generated by Websphere and that by XMLSec are different.
This causes the following error
func=:file=..\src\openssl\digests.c:line=164:obj=sha1:subj=unknown:error=12:
inva
lid <a class="moz-txt-link-freetext" href="data:data">data:data</a> and digest do not match
Signature is INVALID
I would really appreciate your help on resolving this issue.
Thanks,
Regards,
-Venky
PS: I am attaching the following files:
1. original Websphere signed document
2. a modified version of the xml document that I am using for the test, I
have
copied the X509 from <wsse:BinarySecurityToken> to <X509Certificate> in
<KeyInfo>.
3. cacert.pem the trusted root that I use
</pre>
<pre wrap="">
<hr width="90%" size="4">
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/soap/envelope/">"http://schemas.xmlsoap.org/soap/envelope/"</a> xmlns:xsd=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema">"http://www.w3.org/2001/XMLSchema"</a> xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/secext">"http://schemas.xmlsoap.org/ws/2002/07/secext"</a>>
<wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>>
MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
</wsse:BinarySecurityToken>
<Signature xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>>
<SignedInfo>
<CanonicalizationMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/>
<SignatureMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/>
<Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226">
<Transforms>
<Transform Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/>
</Transforms>
<DigestMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/>
<DigestValue>5zj77bM9zGNVvLBIdy6yho/IZ+g=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#wssecurity_binary_security_token_id_3491871345588805218_1054623170226"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>>
<getGreetingResponse xmlns=<a class="moz-txt-link-rfc2396E" href="http://Sample8.wsdk.ibm.com">"http://Sample8.wsdk.ibm.com"</a>>
<getGreetingReturn xmlns="">Hello venky. How are you?</getGreetingReturn>
</getGreetingResponse>
</soapenv:Body>
</soapenv:Envelope></pre>
<pre wrap="">
<hr width="90%" size="4">
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/soap/envelope/">"http://schemas.xmlsoap.org/soap/envelope/"</a> xmlns:xsd=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema">"http://www.w3.org/2001/XMLSchema"</a> xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/secext">"http://schemas.xmlsoap.org/ws/2002/07/secext"</a>>
<wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" wsu:Id="wssecurity_binary_security_token_id_3491871345588805218_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>>
MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583
</wsse:BinarySecurityToken>
<Signature xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>>
<SignedInfo>
<CanonicalizationMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/>
<SignatureMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/>
<Reference URI="#wssecurity_body_id_3550107555769326699_1054623170226">
<Transforms>
<Transform Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/>
</Transforms>
<DigestMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/>
<DigestValue>5zj77bM9zGNVvLBIdy6yho/IZ+g=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
vU35ynJzQdJ7zu09Gitf4hcsoG6OT/qYW1MTcvAigjNxKfgdZYN90BASwwpPN5LxaL
sEi+f8OXpAYM5aPMlLH1rht+es1xPkq6lrG5JbGcUJtNbSG0LfLhcoWfV4aak1pXdC
vczRurJyoDEpImeYNsFr6ItLaRciTTTA7qaSCKw=
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDwjCCAyugAwIBAgICUAcwDQYJKoZIhvcNAQEEBQAwaDELMAkGA1UEBhMCVVMxFjAU
BgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFzb2Z0IFByaW1hcnkgQ0Ex
IzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMB4XDTAzMDUyMjE2NTQ1
MVoXDTA0MDUyMTE2NTQ1MVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAG
A1UEBxMJU2FuIFJhbW9uMRYwFAYDVQQKEw1BcnZhc29mdCwgSW5jMRwwGgYDVQQLExNB
cnZhc29mdCBQcmltYXJ5IENBMRgwFgYDVQQDEw9XZWJzcGhlcmUgVGVzdDExIzAhBgkq
hkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC+U+xYlYjrxUXUnEWh/k3TdDT3B2+bTQ/Uqcaayj/1oyKCVuiRzd5gYolx
aCkUEPRGwbe4ZkzDfBuAy38uV9KyfOoc5SxzHpUcnQSTCH2fxGhYbzOBAfC3DXOQRagj
eMnFBaBADMrfYMlyEQOqI+faW+0920bZ6/FuHrurbFGjCQIDAQABo4IBPTCCATkwCQYD
VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMgYJYIZIAYb4QgENBCUWI0NlcnRpZmlj
YXRlIGlzc3VlZCBieSBBcnZhc29mdCwgSW5jMB0GA1UdDgQWBBRmZnJHx2GUWyIckvup
FvjVP3CkjTCBkgYDVR0jBIGKMIGHgBRBK48bKkx6NoJ2JVo47clzdvNhkaFspGowaDEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUFydmFzb2Z0LCBJbmMxHDAaBgNVBAsTE0FydmFz
b2Z0IFByaW1hcnkgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhYWRtaW5AYXJ2YXNvZnQuY29t
ggEAMDEGCWCGSAGG+EIBBAQkFiJodHRwOi8vd3d3LmFydmFzb2Z0LmNvbS9jYS1jcmwu
cGVtMA0GCSqGSIb3DQEBBAUAA4GBAArehDZer5IGiB+NboI2TN6NkKT/qKJVd3xGCiPi
QwfbFzAjgESCON7Dr6Eszn2+mLItIBE/yfX0ukZDFD4h82KWUJygRAL0LMvYSa8f1O1T
FVScAEFGaaI69+2ynFq3o0bByg9/L/i4xfFvdtUwlEvrbJomsa4nx5NbwWmTw583</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="wssecurity_body_id_3550107555769326699_1054623170226" xmlns:wsu=<a class="moz-txt-link-rfc2396E" href="http://schemas.xmlsoap.org/ws/2002/07/utility">"http://schemas.xmlsoap.org/ws/2002/07/utility"</a>>
<getGreetingResponse xmlns=<a class="moz-txt-link-rfc2396E" href="http://Sample8.wsdk.ibm.com">"http://Sample8.wsdk.ibm.com"</a>>
<getGreetingReturn xmlns="">Hello venky. How are you?</getGreetingReturn>
</getGreetingResponse>
</soapenv:Body>
</soapenv:Envelope></pre>
</blockquote>
</body>
</html>
--------------070507090908090707030908--