WCF client exception -"Message security verification failed, The signature verification failed" - how can I debug further?

0
votes

Getting the following exception when my WCF client gets a response calls a Java based Spring Web Services server -

System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Message security verification failed.
<StackTrace>
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.TransactionRequestChannelGeneric`1.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&amp; msgData, Int32 type)
at Exxx.Client.xxxService.xxxx.submitx(submitXxxRequest request)
at xxx.Client.ExxxService.exxxsClient.Exxx.Client.ExxxService.exxxs.submitxxx(submitxxxRequest request)
at xxx.Client.ExxxService.exxxsClient.submitxxx(submissionRequest submissionRequest)
at xxx.Client.ClientService.Submitxxx(String xxxId, String username, Int32 batchType)
at xxx.Main.Start()
at ESubmission.Service.SchedulerService.CreateInstance(String assemblyName, Object argsObj)
at ESubmission.Service.SchedulerService.LoadAssembly(BOESubmissionSchedule eSubmissionSchedule)
at ESubmission.Service.SchedulerService.&lt;&gt;c__DisplayClass2.&lt;RunSchedules&gt;b__0()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
</StackTrace>
<ExceptionString>System.ServiceModel.Security.MessageSecurityException: Message security verification failed. ---&gt; System.Security.Cryptography.CryptographicException: The signature verification failed.
   at System.IdentityModel.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter)
   at System.IdentityModel.SignedXml.StartSignatureVerification(SecurityKey verificationKey)
   at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver, Object signatureTarget, String id)
   at System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteSignatureEncryptionProcessingPass()
   at System.ServiceModel.Security.LaxModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
   at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message&amp; message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
   at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
   at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
   --- End of inner exception stack trace ---</ExceptionString>

The Inner Exception - The signature verification failed.

<InnerException>
<ExceptionType>System.Security.Cryptography.CryptographicException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>The signature verification failed.</Message>
<StackTrace>
at System.IdentityModel.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter)
at System.IdentityModel.SignedXml.StartSignatureVerification(SecurityKey verificationKey)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver, Object signatureTarget, String id)
at System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteSignatureEncryptionProcessingPass()
at System.ServiceModel.Security.LaxModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message&amp; message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
</StackTrace>
<ExceptionString>System.Security.Cryptography.CryptographicException: The signature verification failed.
   at System.IdentityModel.SignedXml.VerifySignature(HashAlgorithm hash, AsymmetricSignatureDeformatter deformatter)
   at System.IdentityModel.SignedXml.StartSignatureVerification(SecurityKey verificationKey)
   at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.VerifySignature(SignedXml signedXml, Boolean isPrimarySignature, SecurityHeaderTokenResolver resolver, Object signatureTarget, String id)
   at System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature(SignedXml signedXml, Boolean isFromDecryptedSource)
   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteSignatureEncryptionProcessingPass()
   at System.ServiceModel.Security.LaxModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
   at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message&amp; message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
   at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
   at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)</ExceptionString>

The Java based server web-service seems to process my request fine but I'm having the above trouble with the response. Note: I have no access to the server side of things - I can request changes and query actions but that's all

The set-up

  • WCF .NET 3.5 client web-service
  • Java Spring Web Services 2.1.0 (SOAP protocol implementation) + Apache WSS4J 1.6.7 (WS-Security 1.1 implementation) server
  • The following security binding in config:

    [customBinding]
                [binding name="MY_BINDING"]
                    [transactionFlow/]
                    [security defaultAlgorithmSuite="Basic256Rsa15"     authenticationMode="MutualCertificate"
                messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
                requireDerivedKeys="false" messageProtectionOrder="SignBeforeEncrypt" 
                allowSerializedSigningTokenOnReply="true" securityHeaderLayout="Lax"
                requireSignatureConfirmation="true"
                enableUnsecuredResponse="true"]
                    [secureConversationBootstrap   authenticationMode="CertificateOverTransport"
                      messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                        requireDerivedKeys="false" /]
                [/security]
                [textMessageEncoding messageVersion="Soap11WSAddressing10"/]
                [httpsTransport requireClientCertificate="true"/]
       [/binding]
    [/customBinding]

  • Binding has been modified in code like so

    public static CustomBinding GetServiceBinding()
{
//Get custom binding reference from app.config
CustomBinding binding = new CustomBinding(SettingsLookup.WcfCustomBindingName);
binding.ReceiveTimeout = new TimeSpan(0, 0, 15, 0);
binding.SendTimeout = new TimeSpan(0, 0, 15, 0);

// Get the x509ProtectionParams from the security element
X509SecurityTokenParameters tokenParameters = new X509SecurityTokenParameters();
tokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
tokenParameters.RequireDerivedKeys = false;
tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;

// Reference the asymettric security element            
AsymmetricSecurityBindingElement securityBindingElement = binding.Elements.Find<AsymmetricSecurityBindingElement>();
// Set the X509SecurityTokenParameters to point to the one's just configured. This is for symetric encryption, for asymetric this line needs to change
//securityBindingElement.ProtectionTokenParameters = tokenParameters;
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBindingElement.InitiatorTokenParameters = tokenParameters;
securityBindingElement.LocalClientSettings.DetectReplays = false;                

securityBindingElement.IncludeTimestamp = true;
securityBindingElement.LocalClientSettings.TimestampValidityDuration = new TimeSpan(12, 0, 0);

return binding;
}

    What I can't seem to do is:

    1. Figure out which signature has failed? The stack trace for the inner exception mentions System.ServiceModel.Security.ReceiveSecurityHeader.ProcessPrimarySignature so I presumed the Primary Signature was the main envelope body signature? Contradictory to this, however, is the line in the StackTrace System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeaderwhich would lead me to think that it's a header element - but which one?

    2. Check the signatures in a Console application or something similar using System.Security.Cryptography.Xml.SignedXml classes to verify in a separate, isolated environment which of the signatures are returning false for CheckSignature() - I have tried this and cant seem to get it to return true for elements in my request from WCF (I've pulled the request from fiddler)

Any and all help appreciated

2
.netwcfweb-servicessoapwss4j
please publish the request and response xml (get them from WCF logging). Also - can a java client consume this service from the same machine w/o error? If the message references the certificate that signed it - maybe you have a wrong version of it in the machine? Also check out here a small c# app to do signing and verification, may be useful: github.com/yaronn/xml-crypto/blob/master/test/validators/…Yaron Naveh
@YaronNaveh Thanks Yaron - have added the response/request below. To answer your questions - 1. The vendor tells me that a Java client on a different laptop works, can see about getting the same client onto our test machines. Have tried the WCF client on two different production servers with two different client certs with the same issue popping up on both 2. Have double and triple checked the certs as these are usually the issue but they're fine as far as i can see - serial numbers all tie up correctly from the message 3. Will try out your C# app and see how I get onStickyMcGinty
my next suggestion is to change MessageProtectionOrder but from an external conversation this did not work. Now you should try to simplify things by asking the vendor to remove encryption. If possible also ask them to only sign one element and not use InclusiveNamespace. Then if this works we can add everything we took down one at a time. Another thing I would watch out for is if any of the element values contain a new line character and try to remove it. Another options is to build your own WCF service to talk to your client and see how its response differs from the failing one.Yaron Naveh
use the exact vendor certs for both service and client (best is if they give you the working jks and you convert it to pfx yourself).Yaron Naveh
btw primary signature is the whole signature here. if you had two signature elements in the soap only one would be the primary. so primary does not refer to just the first referenced element in the signature.Yaron Naveh

2 Answers

2
votes

Yaron - you were correct with your comments. Turning off InclusiveNamespaces on the server fixed the issue (The vendor turned off Basic Security Profile 1.1 compliance on their side). My .NET client didn't like the InclusiveNamespaces element at all - pity it just couldn't say so!

Many thanks again Yaron

0
votes

Update: as requested by Yaron, request and response messages below -

Couldn't add this to the body of the question due to size limits

REQUEST

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_3">http://www.xxxxx.xx/xxxx/v1/submitxxxxRequest</a:Action>
<a:MessageID u:Id="_4">urn:uuid:759216c6-eebf-4a65-b1e9-8dde47bee45c</a:MessageID>
<a:To s:mustUnderstand="1" u:Id="_5">https://wss.xxx.xxx.xxx/exxxx1/</a:To>
<a:From u:Id="_6">
<a:Address>http://example.com/</a:Address>
</a:From>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-060792f1-35d1-4d5e-bdcc-c29847a039a7-1">
<u:Created>2013-01-29T15:29:44.185Z</u:Created>
<u:Expires>2013-01-30T03:29:44.185Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken>
<!-- Removed-->
</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">oNEIRj8uPIkIP4+BfAo/CmYDwzk=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>AUbgDqZQRmameOEExgcK4m+3umf//4xl5kPt+7X84yHvprlZkta0Xp20/cmZLxJjTo8SeCPGjVSh0062+FCXBqsG1JBOcCRB+ulvM2fb0QoALyR8qxa+IyEnWS6XHecf8navZQ2SzsPRke9NZ/1YHaFdImYmediE0BH3/Mtc5KbwPxHgUeK/K/So9L+nJiPgvbLNwCMIdI0Tkcefb+8gPnNE3RK5oCb4sFeWzb6l+KSTtcMSd+3wrzC0iztdryvNuUCizK+P3ElndLM/IGCWY7kXOsbalNE2iv2MvTnW3DN/xNh8/2hg8KDuFATgChMXh9fmqAg94Zqd8Z6gKYBs8A==</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"></e:DataReference>
</e:ReferenceList>
</e:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>ArKSZjaaytFKKWquZw2neYuML9I=</DigestValue>
</Reference>
<Reference URI="#_3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>2YgeR5vFw0ICk8r+wiaVYknO4E8=</DigestValue>
</Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>MCtfgxgeH95HKveKjpMXAbNrDz0=</DigestValue>
</Reference>
<Reference URI="#_5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>ynr1icJszUi4OG5vt0usO0419As=</DigestValue>
</Reference>
<Reference URI="#_6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>y8jXxE1bLmeg6vJi9iqKczNvEDo=</DigestValue>
</Reference>
<Reference URI="#uuid-060792f1-35d1-4d5e-bdcc-c29847a039a7-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>0t9JLZ1xs/Kg1kNEsLXzFHirlNo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>n6yTehZLf9uI4wR/YMEfecW5IMMtOFHrMlfZhXRz3d9I412s3Z7rqjGz4NEmnJkpRj3vIWDryywk5ms3jmvKfb3L9tpCsZcRN6wDzfBtV0T5cI+dGx1h/wILQpth73U9p1ejAUXLV21eQPxrlDyeeurg6FNJCO9/MZUkNY4uuEMy1kyrbg4MwxK8TQ8JSAOcOQDEwyqtUU1kYWckw8ht4OpKCATiasAsy1l2bNgQOhfZ8YmGJ3g1YEedb4MKh4RozS3UnEB5ryjtHPZRlITCNcu2jTjH5PCdTzWH8RcIFPHFUgLfMHMuDVaLhfaFvqzC8D2bBTlvvrqO6FNY+UcvYg==</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-b4a8c5b5-0509-4536-b68a-57c396db4496-2"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
<e:CipherData>
<e:CipherValue>njNbaa7uxaB1U1oPZFWQFbedoPmFs8bAmdLMblTeDYtzdTMSsU65gNerLtBfdG24pSlYR7Q2AyN2xbvsO/m7JuJTqcm3hb56UXqJu/p84tf6GvoQYPnkJSnObGC83/Ujkv1zrAENAHdD3YgWNI57DrE7BWi3sXA6juP58uD7annHIy+AJoW7SSSC2SKaXkmmkISB1JHlr9HOXcsa5GUrGRWVLLWFKjBWHq1wHOZNsQW8d89sRLQ7kJyaZH1AWtYzXXq6KwJO3TuVUbuhC3uFDRPAmFd6hg6lXeXGIMuswXKYei/7KazDmXpIfJKEfEMvBKrY2m3+MF5CJvlC6jmabU1w0/Jmz4GWMX0804BnpxkNFdxHVlMgWTdtxPwph25t9n9Hsia+n7FW60FbN9i1+hz5Zl2OGbrpv6T7pQwhhUGuHmGy3PWjOVWp/CLnyS+VAh5Mwk6JLGHODCKpM9HV+sFxP9P+vNExPU0ILGhavOiofw7bgqVl3+eukGYk5GI9+CT8R86b8QMt1+j1cZihECODT8raVYxqK6kJcafdaKh+qQ/gEbCgjnZE9OMpgr43/FBi6tz6TkdoNCCizcD7euGmze432JwI3BRC4xfzc700W1nllIvQiCFqAW8VHqGcru/QB1HC6Om54eu9knZAdeobBMjmjJseZC9M/pKeTLKjAhWoxY6rO5VJR5XL+H6jv1E7Vdnjy/4QRtktdd4gQhksoxIFlmxGrFtMvRbmmMmtCKIiD1g+iCq3v7jJtXiMe64wCPDeuieev7tWYPM3Fb1xzaqWixXkPhuQuTAiwi0Muqi4OFl9Jbskihb5rURi85QgnCBTjDCK7+X9kWxy7O7xm1BwV0xM0QmtP4lTVXQzNUAmQC+174QgOmKMLna3YNw+emphWrI0jeIIj9VNB4Ps5TYhDHYERH4vu3QWrHzHrin+VwnpPPnwSE1vLeeIgGB9DedV5odjsK84kQqWP3GxkRh5WtgHwIWhB9YyZ1eQlDy2l3xjmrwQ3pUtGgbDCJd0N5L0Oe7PNnACDfPJ1MdZw0plIQqMaGITSJMySC86LFdUYPAnnWMSkDynrNwSvOYk90zFPCrxUQ76bbFQju5+DqzODJ94ZcwVWI8qoPhqgx95rirmYQjmUyBJZ+VpAa6v+0e40rBwY7U+Sqe7GzcmxpdKStEQdOZ0FP5lw+CO3NVqr4hnf1s7Usle3zuQhWjvTPLVUTRIiKuEial61wlL8yKER6c3M2YOnLMGchZA6ddKO3kR1WzV2n+/a/Id06ZSuOqu6vvV/alEKRdK6zORutqoQLPfj5F/YiprESSpwkEAzHZuxNHPTXXDgNBhfrcs3TsuusSOtTUNKT93Z1sSsE7bLZVqqaXzQDXzjpBosUtSJrW6MDmY19ux82UJswhOiK2KLUs2+QHENnOUwbSkId0n3ROCKXpT+JM9U5LsswpoiSdFGk9/WUj/ogA2mXA7yGu03Bp7sBldbeZSU+ho9Ix6dpznkYdroa4u84WOSfCH0Kb7X7stBuZ9IgOKml5xr3c8FJVOlUPGyGSMn5J8SYTmsLt9HLLsM8sJiDBvguaQgN8YR6zk/qA/xXK2yGIlfRZIqkfow/vb9hpm5YdByeokyABSml9KcvhjCOGZIkgltW19txFtzPGYX0Dc7F/xteREwRMqO3cuqEE/Ufl3N6pRnR+9NHnJHPqkSexH1h5aHXylaWNQbsdvkQTT9co7Z5dtAAOSe1PsCHUaex0dXMzROG4FFRwjiu2YrNqDMPXItlkHn3ScK4XBoLhyVS8PPnWnGfYvR5iQRXHoZTmEZKqBAOoVaUVRftBWa/j4GW0NKD6GE8N8qtMCvFyALkL7XvIXKwZ+LhDOivVp1phmFxdIpG1KWLhotfPskFzXxeOxPOariFnxV4UEIEbI+Oso1BC8UF2rSWkbIpErPQfygnGEB/RCPlTigIi80MJkEvzL41H8lSJJ9Gng3jvPP8W5sJ/YOE4+QK6MtwS8heQdcPDCcV3m6lKwQ/c0xHtVA/65uLmADS16XINr6uUicnxOodH2lq8Ju08sMCHFjwMK9SnSN96nJ1rcgoH2dCR6S7yWf/wKx9QaFmcXKouwhE3xbgU2UUF2NjM3gbuhkqXZouZL1m9bpP94LUhEnt/IhQ4Q0QdeHLD3iLzfxuq5vdxxbEcfugMHOleMRAHAdEhnG0bk88YbPflwobs0kUFtNO1AttZxokGDnlS1gRuty/m+42d0/58aXtkdQDeWg47XKaLOqfiCobi7C6EqAKJgNKf52uax93HYO3peJd6wG2i1yKbSyXv1VKoAVw9LrmhUMcQVNuehs56DrXO21RGeqehxCk8JIRHaEtcBEYym2reVGm4AHf44UUDmi8b8vUZG1vWw2KulEQ09Q+nYCg4l1FNWk7KsIguUFt7lqa6c4/HY32NaI6Q9LEh3o/BTgDFKT7Icq6s/aiySFk1aS90tsBt9TJ8WnsM3ork5HVCgLYl1bLkDAjb5NEZoLwU5wE2JsIbhTYAkjJZMSznr6Pa5tlD/rzpZ6xF1+CF979Gkic3AKIS1b17TLpZiUcT24b2D2yda0tNxGIxuDbN60TC5C9SL8e/MAqRQ9wRI2sLFOk+ZdxiIo7tFnGNxIlV89iTnbXjy93XI7mq4ifGZwywj56AaSuCWML46ZOsbP9Jpo26n6QbbSQxLZHzMuIGwr26NF4ebXvHnbetwqyu5oY2j9ilfGfjNG4i+c85nhz+8hrrVA/VrRTDLIYcUCh1ax63ZbyTF2TyFI3e5DwNvnh2c8LQ1Ppajjek8SQZOqnWmmzAj9lNtfHQ8+8mmuS642oaGks7PE/ZaKUiKfv0CQTlOhY7QfB6SKX9tmo/jtyI7KD7sETygLAlSVjEiVI0uMn3cXtKSrLSwsKxdBgerLvQHZV4JyMl087oFUgGCNk6v5m7GBMfByys7tftlIXKtGa/GWpRvw4XO355HkZQSBr5L3zTplJZCeyiO42n9q0ow5SEqObrRmIlA11Oei6eRk8IQWmgNlnLHI/++CVKdlm4e4BZx/L8djTRf3S6wBVqVsTTluHLAu9+1whkARjAnGWAxvsYIQYNdjA95coYRFkdkwZJnUv0lRHq7bIRIkg96fVygMheC09RbGHd4vBo5/8wDRQkK0upM+1QhM/Gg/zbdFKRIP5EhYBPqmWhV5RYsV7m78Q2FLHEMnkcVFxYOOSUbTcQ3MmmR9gCgV9KSNVKzlhA1tFXDkF1s5wcC4WDahtxEHeFzYz+l0JmskIxJRSn5mT3+pEG81bvanAPnub2mtoXs7zN8Eb01SPusy1GVkq/AFHjyJNQNuPaWVY1gcM8mFk/Y041Bo3qmS/APp5YTrtm7wiUbmf6EnimwtHZ8z90/VytAVBp8iR22jyN642YiONCmKqLHncSAEUR74aoOSld5qJS/wqzAl8A5DXSYtkbmFJj4z9KBbAoBQ1bsAw7jFdbBsfhTTyWNknLtdkhVtFJueGqL6t+iHxxo376l4DZh+CKbhTAM3Gmqx6mwChJLnJcTh0cZ/pjpCvDjMrvAijrhm9iYkNdx7u/0RKXkod84MZeX39dDbvknL44FiYkhJw3zaNmFzh8bJEFEx0HzhXVPiMCSBDttuJI8VSyOjnA7aUGL46UGUwM+Sku0Xr6/UY0fbray7fhRlMMYUOBg316c79NfRubAWh4LK3uUufwoJGyY2oKKnUGaPC3dosYVZoKn7dHqWc6AvuKknkUo+c6ACPD6qR3FjrV9frHR8kzxpXjpq0E4bzq2vXkEB1/A6NBBLnyqjhu9vKqM59OJhKdujQpz2INQAWer6WFZ0332OMgYj5EKskxLQvb/KcHq4wbfx4l+BBHw5ZTe12606iHbeVJT9yRehAuGWt2b99UqmlahsO4BZ7czSY3KxNoxF6C6BRJqNAPflEFUcWkGXb3PZByZouB4zpht4oUmn2AT+ZVk6vxCFcKgS4S7/VMsD/69bXARMVaVwDXqy40ffVW10ZJOxrvmpoG6nKRLiDfgkdVdxysWusgXO3/3E+vPP5Mn0RnX0bT6pxZMbVvgi81SeOXrkJQ82Gk5G2xw6CnoTft/c3G25bO3O8WbfwNqU8juYmxYttvjZcRUgtssfsogRlVZeEWw7sLG/L2wycsuTsBtuWyBHb1bz7QEYtf2LiYgdtOmcjJvFr6hmaPVcSk437Oirk0iRwbbfox1cmNpC8dODjOe1pcoirPsO22ARDZ019xsf27zPoweduj+pFql57rdr/kEIpW8paQlWyae7FEZPyce9boV5Gf+pE0mq6IHqSpRNhLbkgiJyeVBK3qSiDMtZgVRcTOu9yfH9bkBTOtmL369YP+glnqo4Np1sqrHrEuu3LxrYWxEkzgkPWjF91sKgJ1il6zmpbVUIPDUyBghL+dMUW6rVIwnuWAs0AcRugy3mhgzuZ7hMIjYSWYDjXCn4mmgIqJXuw+oItjiLqs3ypxZGiHsGh3pBK2DOTaNDtd0bhgicZGl0InTt3nOovnq6lZkHGSVTbx9AqAdC/tH4wi+1qnZlSLMCxoJMrtIYScz2WsFNERb8r/k4+9EZOR/tE2QcLPgnhajUEeeEr2f4yBod8ojqTejNp9XdwfXr9rn/UZ7ZP0n0kKKlW9o/oMI/p1acVox5sndxXYtluRFwS+kauCBM6Pvkx94rQ5TGduVDP/3j2yxOV1BmFt1M0gxi7eimTEFJVLZ/B4N9gPd40B5KkipmQtd1Rq58FFcbcdxQC8D+kBD2wPliejvMou6KuopmZ2x8gMF7NAS6KVe/02AFOJSAYz+HgJTL9eXEFlvmF6pGx4vPhTzrN9YRMeYciKVNSAjEkvHGnTIMxU3sGL6LWn357BQRWtgggJPxpG29q1MTh0X0srp5+fKNFgbStZv9duzU15YzFsJ8++flgXnD1K6OGdreQarUCXG0qdoX12+bKN1ZJZfi2j7xVTl2Fpp4YAtjAo1xzQh1ec6g6xZDZOnv3l50EW7Ke9E/v9i6pLQWQwVw6/vugpaWXpb+nzTL9yekznOl+07lgcC1D4JQrn31AAjtasTmGr3bEm7LjTnMV9l9sFayhu9QrfQqHhNrebLuuCSlDteT4q972N76rl04qkBy7JiflFlD5UIKZ5kXsgTyWK54NL9vB06vfOCGbL5B27R0QduZOg1DsD6oJGDfF41YdXCNU+65AjoeKod+qwXxu6vLd6dwmkZaVFeWlJg7JpYPrGkddM9W/MHXFyBNQ3TT1lIqqDjTkY2kkGk0ROvKZF5kRuPdVcXhmffdS8auZq9W2Nvx7X2+u9oqxIqm29GVvRBgsigrqQFlj5rU92XjUhGSBvffCrCpCyp7/IQd/inPveumGNj0o1agD6FgpNSp0v1USNDMo9t6jwf1hmxR0y/bdz6xv/iB34GxXcD2wiJEON/EPQYZz3bqIjaDdyZBZSgGP4jqXfyMbqExr6MAaWCISSHQFVKvLopjPlLSuK87aVrJChr1AxjPz8YI6dbMwSHI9AByS77T0Fh+wj3xDBVdr48xhxQcS11wNIG42lUh1Mw41m81LvsfktbhzAQ6xOe9woa+n2mEvczXUnGZFLALbREa3cWIssJMivj19jonrXIUKcwBR8fp6PtCWHD+T7OpU2sWuo4ezLJRP6zZCrJzccU5rJ3jvB/MDXRywCPj+Rmo2TGttxDsNq5nCESMQdtCempmyzGohkw9orCd3IwnFjyd0pHwHzzIWlaltdhwVrtn2CbfqQ3ZQVIVOHUVZcy6+o3L2PDOxNp/ikQbebBch6B7X6M0BBVX3TJsVE/0GXmleaP5oLTXA940M+wVzvNQdpbMSGbs4tBffY5eJL+/2kL/rMeorHWuhKcMYh6mz6GgGA4/YI6+cWCAbqgVsPhSCdCVOG248ln14w3Mm5pWWVYS0aWbwxyOhDkDXyleYfSeTCX03ovxHokmMZN+M17ogx3V7mXrw1p7YVo5MRiBP575pE3iNcDoKmFBFbu9q32kZvZAdsiuQNnKCrSIP0kYxcRJ4/og/GI+JfZJtbNKgjn4IyPCFsD72uUbGkE4752n1ZgiWFgp61VacHD+OuIU2aLpuyGXHfqtBw5HdVKgtW+KoDkqXZr8hjYsWbATflt9GcvcM2paJKnvL+OrWXHz+TUZod9kkFRKzQQ4LsBQ4KV4cAIFg11JKY3wSrJuT/6rbAG4gQ/uvaJLx39uCguusmnfQ6Rb7+WbGjjh/2TtnatMmJSBFMtY92JJUdn/E7/gExQjoch3Ki/bAN4umO9L8/CfR+SS9yZKas1A16sITMhq0bhSC4rGpo9HfkzSceJT4TOd/BedWGTg5PfvpgeNH0b7kJTYatTDLVUqcy49JdARIuDJ522PhEjx813ArrBj302MsmHgj1E+wtPnhsCGa7cHehxe2rvpwuNhGfvFBhB5mdJNjRyu4sThkfzT0fQ4JMGhdCj4AGRUfE+b+OzuDhKix9HmV/H7R3XPyVyXt3JC8YyUFCD5jth0MEWn94V5fu5EONOBv/vvcB4bQkHtZcRLuW0NgDBOPRZ2bvVyUcM4GbjqXE24nMjQL9WYdQBarZ6yb4aXIWWijflY0JquqmIZUGzSb0w36fII7HQ5JDaH93yMpvvFRTd1rAUY11kZVa/PVvISujU4dJIrXCL2PrMKBcPGZfNim0N27Qv9Iwjw/QXAtgc3bnNiR1IN88uC9Zrsnnf68jxv64XGsFyrwBkpWg74SfmIW53uupi/A9B65B+HImGkUPdxzvTP9wVC9McxeGlZznKswcWgKg0+WAW5FX8bk54ET+Em05qPHSpg23eSpOnIJKyAVzHgol3jSxBdgVZO8woyiYHTVtYYmgq6JUFM6meImVfq3Jj4ejhy3f26VbRa5cn46g6VCRzbbvZUH6GHoEMBWeKvy/Pnkccexsuy/7fq14HvLpYw8GrMLH8fxxdt1EGits5i2vRjVgkNXHPId54CEzU5Z6meyyeEgFpOHj/Zn7BDmeKm1MkvxVFo+p5ELN065OpsIh6zFQTKpKDEMBEmXXhW4Ptn44S7pDUTUsmmaZwjJNoeoAT3YXLQk9racrAaubASkvthb+sNpEDRMZOvAmOagyUWsQy9/j8QghqPia5KiD0qW2dkeT1yWlAVdLqtpRNqU2JSjugf9hwGhZQdEaODfJj4TtaxgxfUEYwGnoaLoAwFDjK5LYu9nfDqrt0FOlyuZOxxwkB9hwYouS9Lhfy3Yzi9xgTKWB4V0t9u1LdpKwBF3GRnFp0OOxqYhN0woFNE0CYWpAtVRx9IoK6DsInu1U5BIq+7dOOzhwn+1wYKcm5KWFtLuZecTmOc2GC0lCJTeaADmuf+4M7ScdR/74R75AyGELY+zZOWlSXNAHmDMlVWn5lXznRZ9Q3/q0azRK5A8H7almVeYADhVKPY50vzFAZu59BIYrUw0d1lQMeWa/OLHk3AwZLOnSzf16FIcpm+ueXypopJbiOe7mAGZqHxh/N+0Fp5lL8Q65r3I3GjJdfU6Bx2E7aYgjq54rYH8hiDNeNYi00hVMxy2+VWTgK9Dfsfc7YzKcXlS00gT+VxFvKlMspCNjHorZdURpwsE5LFK1pylU1WIqD1RHRmZSA+K0GWc5saFZaCc/4/y84N1a2n8EzSPo7jTmRem+AZO+Pl5SaltglZlPGzQedHCeJ41vMNsCf09RIjR3uU+EHlENNN1xOgD/SC/wujTEflil/9h5/9GMiHBRqw3t3qyaycYsulPlqLRO7XK9iUg7p6oymXeYFJZEOUn2GxoKruPfUy6OVGf1qddMpaaswG+mI9BC2lTo5yyCZx17v9oP6k/dpoLO4VUz8Jk7b90G7hWbe6pzeiqcOFVpF7mTmZW67g7VqQiS1J+l/CE7sqQESVn/gMrTUmi+Pwaim16t9E9YjNaH0pAo4UuFsXUPa8+XjsmrN2/Uykys8yw1ny3E3PJHwEN6cxwHJ/xib67QQp4iZ+ZMGeVDWwZeTZokuub0FthEu0Tq/JG9zteGbrvURIq9y1n861hdZ04FIpjU1XqNYVKLKqbEx56NPlcmq9jAievj05jz7UjrLS9KUBt8OffbWf62pqq6DTxXtduz1t1iWKfSvPDMHVYQDuAxeK+aJTo+2QXVFLVLfYjwoMpqTRseMZQQLve6bXQrOH0/sSuixQOOOXAtyVm9lKc919Bo+hDAuEisFfhjlA/a41FE3g4ncH6jk2nUkr6bRraNpo9mY63JckBU0RhJvl1t3yVwBsBu+hpS8AAzBzgabOZuVTy6jOj95/tktN3nFAHxVi1Z+P2L7UGQqe9LCXOeLoU5d23eYAcTM8z4Go2bybwQfar0WZU61bJ8lXoDTNc4Yry0w7XPHMMd/1Wt9hLNDumgCcZxtzvFUI/w/iMGWE031yMnTEiax4M6Hu61+a9FHc0+7wkOvUuVhrPYmu/AJv/PMRycE471fjaY4ozWvjI6RYS/T/M3pqPbfAIQJRxHZWOmnujVWzKgkhSiDgQFZksvT9fjoKfSE7gnDXHk2tnxvbx/MUaUPqJGsttAyv2efXbeqw+qN17k8gBFNdiZW/uKeht1tNOKiGrxKDJVzLGYw88k=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>

RESPONSE

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-574D52A06E52AF3EE4135947330291524">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=XXX-Issuing-CA,DC=XXX,DC=net</ds:X509IssuerName>
<ds:X509SerialNumber>79408981557796405248060</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>er/9uf5ssREPDuqM+se+BX4rQaOFC73XlCSd+3Sqy/2ifnWA6FMS0lJ30Gnm2n9Ce4DusC3JCxgKSbITCn4ddHMFiy5/532bhh6vIOLEn2mIZwf3XkSNPbit0dIuDXzEV+bbmxW94Vy/hHauSacUzZN0/n4qTEii2pisWUx8OwSUQ7OUyWEZ9DkynZ/WofVCSvGAufYL+exY8XUWFRepm6rWED0k9yNBfbcZ2YKlgmBy3TEB1W7KB+VvSDfxUgTthVvjIosBojXQCPGdP6mONy59/Gxm2BcWzYTr9xzBBTicQGCH780MFmLH/BZby3GPioQyV3+tCdpjjTG4jdoLOA==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-59"></xenc:DataReference>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-58">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsa SOAP-ENV"></ec:InclusiveNamespaces>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#id-52">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>GFAtBwpzYjMSEYH7Duk+slEfc4Y=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-53">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>OrY4HPfi3cAW+vlBPYm2/fT+fjM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-54">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>7iU/1JeLjAExQOkZdo9ZIB7b+hs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-55">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>wm8HiqQXlaagQyZuYS2i3OqYXGI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-56">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>IGFJ58avXiQXLEce7T0FG0LRlDs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-57">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>w99rafTw8pKc/n1NNUgE6HY8fU4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#TS-51">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>WE4iIBB4g9gWGpwt3vJ/sOI199o=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#SC-50">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse wsa SOAP-ENV"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>nsxvRxURon7NXk0Ts/435VWpYdo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>HrlESvWPyLCnfjSDsUmHq1/ZoMXhJJIyWwWeZhkhb3Y3wjbUsYJOyaEWbL+zdLC+PxC8ioCGTOxdl1iGqbQPUBVGdD6tklLdJart+aFRtuvu9dD9a/hBcR19s9AiN76V89+H/JYLFFJ2ZQ2RBERznHOgNcnjmAcerWzL4pikPpAs8zedk+G7gfWF2oZ+2DKhTWz9gkxVZvcwFG1eP1CeJE9JT3IjwGOYDUAVWRvGnGxK+WjzZXGhvjmqQcUdfycqDAAxISs5/F3WS7lZZBDLRaMlnOKF2rCUdk2Ynxx3N5ypMij/hJ9bR8BIGj20VZPdZmVleFHFFu9LUOG7qqyhTw==</ds:SignatureValue>
<ds:KeyInfo Id="KI-574D52A06E52AF3EE4135947330285222">
<wsse:SecurityTokenReference wsu:Id="STR-574D52A06E52AF3EE4135947330285223">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Digi-Sign CA Digi-SSL Xp,OU=Terms and Conditions of use: http://www.digi-sign.com/repository,O=Digi-Sign Limited,L=x,ST=x,C=IE</ds:X509IssuerName>
<ds:X509SerialNumber>332400447372114521873343220359135431141</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-51">
<wsu:Created>2013-01-29T15:28:22.852Z</wsu:Created>
<wsu:Expires>2013-01-30T03:28:22.852Z</wsu:Expires>
</wsu:Timestamp>
<wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" Value="n6yTehZLf9uI4wR/YMEfecW5IMMtOFHrMlfZhXRz3d9I412s3Z7rqjGz4NEmnJkpRj3vIWDryywk5ms3jmvKfb3L9tpCsZcRN6wDzfBtV0T5cI+dGx1h/wILQpth73U9p1ejAUXLV21eQPxrlDyeeurg6FNJCO9/MZUkNY4uuEMy1kyrbg4MwxK8TQ8JSAOcOQDEwyqtUU1kYWckw8ht4OpKCATiasAsy1l2bNgQOhfZ8YmGJ3g1YEedb4MKh4RozS3UnEB5ryjtHPZRlITCNcu2jTjH5PCdTzWH8RcIFPHFUgLfMHMuDVaLhfaFvqzC8D2bBTlvvrqO6FNY+UcvYg==" wsu:Id="SC-50"></wsse11:SignatureConfirmation>
</wsse:Security>
<wsa:From xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-55">
<wsa:Address>https://wss.xxx.xxxx.xxx/exxxxx1/</wsa:Address>
</wsa:From>
<wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1" wsu:Id="id-56">http://www.w3.org/2005/08/addressing/anonymous</wsa:To>
<wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-53">http://www.xxxxx.xxx/exxxx/v1/submitxxxFault</wsa:Action>
<wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-54">urn:uuid:1bb2caaa-8900-4ba8-9bab-6ce7a4c8b5ba</wsa:MessageID>
<wsa:RelatesTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-57">urn:uuid:759216c6-eebf-4a65-b1e9-8dde47bee45c</wsa:RelatesTo>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-52">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-59" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#EK-574D52A06E52AF3EE4135947330291524"></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>zlDlBzico4mvxJUWO1ONL2C2RVpOK8Ii3WNInBMO9W7DCHAe+WzjfKxuwpXUC6F+oRcvG+uDKkkJEgcZ9oeezwJQmeN6taJWyCSxCOsmx2parKfiYkfX0HZLmo+/bB+ApgeFJ8xAu4TzckPTFD9RwOnlyh9hgwMa7oXa+P9hhljXOXabGinoa0GHAm+F16CAc/3Q7Utzd7z8XTBMnPVDg+dFXp8vtNTIORDSYYHc68XQmpMRAfQE3U5pypCIUb9GaLW/0gP3n9hAtIubqtVNAa1+i8uI9WNsWF5PfwdKL0sB7RzYX8JRBTqTLYbg6akDuUIBQiCbi0MTMg15uqSGs2PCsS5LUJUGU5XLotavpClonaxkURzJwwFeb8BxrHEQAXe/TrFKrne4lMzn84EegL1ETLw9Swgby1AzLEktvM7xVM509dIVPuhJuwcfJi+fpGjSNWw60VBplR6XGfcGOdjVI+JGCq/OyWrY2bM+hGOhmTErm3R73n2dI3F9NGjwgrf87+IT5gDLwCNoKrBc2R3Ku++035XxXbh9RWNQR74YsPNL93m9W5DxTaBQPSTeL01+zbWN95nyAqKM+47VT6sEaKYCIBHkXUIoqf0X1hJj/nwNNY8WABXKN8Kzd8HalumIEg2woTJXS9yhH+sQlHw4acz4ifTyZQupGBoyBiHcpx9swPGzFNOC9UFsMuQV/UVmhlV+LZmasGf8O/XJa7/nJZzXzGQnEWtMNK+TE8dYDGTAXF41GryHOuc7QoxswF8EreThEEDkrrvJWXOO27VWK8wN7zEo7ev1Lvq5FZk=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>