Closed duke-nuke closed 1 week ago
@duke-nuke what exact profile do you need to follow. The vanilla CEF profile is rarely used - most of the time some additioal requirements are imposed on top of it. Without the profile details, it's hard to provide a reasonable explanation
Hi Philip
this is the pmode config shared by CEF
<?xml version="1.0" encoding="UTF-8"?>
<db:configuration xmlns:db="http://domibus.eu/configuration" party="einvoicingct_121_gw">
<mpcs>
<mpc name="defaultMpc"
qualifiedName="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC"
enabled="true"
default="true"
retention_downloaded="0"
retention_undownloaded="14400"/>
</mpcs>
<businessProcesses>
<roles>
<role name="defaultInitiatorRole"
value="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/initiator"/>
<role name="defaultResponderRole"
value="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/responder"/>
</roles>
<parties>
<partyIdTypes>
<partyIdType name="partyTypeUrn" value="urn:oasis:names:tc:ebcore:partyid-type:unregistered"/>
</partyIdTypes>
<party name="einvoicingct_121_gw" endpoint="https://uatas4server.xaana.net/as4" allowChunking="true">
<identifier partyId="einvoicingct_121_gw" partyIdType="partyTypeUrn"/>
</party>
<party name="gitb-engine" endpoint="https://www.itb.ec.europa.eu/cef/domibus/services/msh" allowChunking="true">
<identifier partyId="domibus-gitb" partyIdType="partyTypeUrn"/>
</party>
</parties>
<meps>
<mep name="oneway" value="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/oneWay"/>
<mep name="twoway" value="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/twoWay"/>
<binding name="push" value="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/push"/>
<binding name="pushAndPush" value="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/push-and-push"/>
</meps>
<properties>
<property name="originalSenderProperty"
key="originalSender"
datatype="string"
required="true"/>
<property name="finalRecipientProperty"
key="finalRecipient"
datatype="string"
required="true"/>
<propertySet name="ecodexPropertySet">
<propertyRef property="finalRecipientProperty"/>
<propertyRef property="originalSenderProperty"/>
</propertySet>
</properties>
<payloadProfiles>
<payload name="businessContentPayload"
cid="cid:message"
required="true"
mimeType="text/xml"/>
<payload name="businessContentAttachment"
cid="cid:attachment"
required="false"
mimeType="text/xml"/>
<payloadProfile name="MessageProfile"
maxSize="40894464">
<attachment name="businessContentPayload"/>
<attachment name="businessContentAttachment"/>
</payloadProfile>
</payloadProfiles>
<securities>
<security name="eDeliveryAS4Policy"
policy="eDeliveryAS4Policy.xml"
signatureMethod="RSA_SHA256" />
<security name="noSigNoEnc"
policy="doNothingPolicy.xml"
signatureMethod="RSA_SHA256"/>
<security name="eSensPolicy"
policy="eSensPolicy.v2.0.xml"
signatureMethod="RSA_SHA256"/>
<security name="signOnly"
policy="signOnly.xml"
signatureMethod="RSA_SHA256"/>
</securities>
<errorHandlings>
<errorHandling name="demoErrorHandling"
errorAsResponse="true"
businessErrorNotifyProducer="false"
businessErrorNotifyConsumer="false"
deliveryFailureNotifyProducer="false"/>
</errorHandlings>
<agreements>
<agreement name="agreement1" value="A1" type=""/>
<agreement name="agreement2" value="A2" type=""/>
<agreement name="agreement3" value="A3" type=""/>
</agreements>
<services>
<service name="testService1" value="bdx:noprocess" type="tc1"/>
</services>
<actions>
<action name="tc1Action" value="TC1Leg1"/>
<action name="tc2Action" value="TC2Leg1"/>
</actions>
<as4>
<receptionAwareness name="receptionAwareness" retry="12;4;CONSTANT" duplicateDetection="true"/>
<reliability name="AS4Reliability" nonRepudiation="true" replyPattern="response"/>
<reliability name="noReliability" nonRepudiation="false" replyPattern="response"/>
</as4>
<legConfigurations>
<legConfiguration name="pushTestcase1tc1Action"
service="testService1"
action="tc1Action"
defaultMpc="defaultMpc"
reliability="AS4Reliability"
security="eDeliveryAS4Policy"
receptionAwareness="receptionAwareness"
propertySet="ecodexPropertySet"
payloadProfile="MessageProfile"
errorHandling="demoErrorHandling"
compressPayloads="true"/>
</legConfigurations>
<process name="tc1Process"
agreement=""
mep="oneway"
binding="push"
initiatorRole="defaultInitiatorRole"
responderRole="defaultResponderRole">
<initiatorParties>
<initiatorParty name="einvoicingct_121_gw"/>
<initiatorParty name="gitb-engine"/>
</initiatorParties>
<responderParties>
<responderParty name="einvoicingct_121_gw"/>
<responderParty name="gitb-engine"/>
</responderParties>
<legs>
<leg name="pushTestcase1tc1Action"/>
</legs>
</process>
</businessProcesses>
</db:configuration>`
i am not sure if this is causing the issue, but what i have observed so far is i also tried domibus to send einvoice and its working well, but with Phase4 its not working, i can see there is a lot of difference in security header generated by phase 4 and domibus below is soap envelop generated by phase4
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<S12:Envelope
xmlns:S12="http://www.w3.org/2003/05/soap-envelope">
<S12:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" S12:mustUnderstand="true">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="G9736953a-7bcb-4cf1-a0b0-11533ea4a1af">MIIDZTCCAk2gAwIBAgIUHlGckiPB7td1GeChi6ATyNH9Rh4wDQYJKoZIhvcNAQELBQAwQjEcMBoGA1UEAwwTZWludm9pY2luZ2N0XzEyMV9ndzEVMBMGA1UECgwMZUludm9pY2luZ0NUMQswCQYDVQQGEwJCRTAeFw0yNDA4MTQxMzQzMTFaFw0yNTA4MTQxMzQzMTFaMEIxHDAaBgNVBAMME2VpbnZvaWNpbmdjdF8xMjFfZ3cxFTATBgNVBAoMDGVJbnZvaWNpbmdDVDELMAkGA1UEBhMCQkUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKqLXvlbHSKLViaskcz/fquoJGgWTqW8/h9kNhv1/myLxNslUNT3tVSbPorKDJjXYcemhD82dCIi/fWR44c2NXqHkzexVXkCHvo6qWamETYuDdEk1sDGwiZwVxWBZzvasRpLQ6S+LRaFwm3zgcEy7I8GW3tDhOAJ6mqSavjbMCa+nX73n0QX6pGN0YT8AFDDuDJPnW2BiO7tJKXb+FvL9psV1KC/8bmw+mL3+O4kGk0nEZs3eoA7RUNtCLFubdnlEEG2OUL7qBv8MpvzaGSzNngQh/98nx2WwXqzc51VC7wm0zttpKgWiGMtHE9Xtecc8qT4ulKblNNMHmmCWYkNIlAgMBAAGjUzBRMB0GA1UdDgQWBBR1lWbODGODt5AoP3OVUea4eBfGcTAfBgNVHSMEGDAWgBR1lWbODGODt5AoP3OVUea4eBfGcTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCSkLqZP3rFsSDS1boJ4AH43izw4nW0Z4vtPz0lSGRu3RDbrYBReXot4epgYzYoF09tY2LuQPXSlCgDMPl7NEruN7oAftsqJqyG7tKPMLjUpmMjE0jBSQf1HliiBNsli2yHgvEHLziVVEE7mWioL3rW78QxBUwluYMv2/twFf6NWHeopF6BprdoW7qsMeD7eWavUQvPvU/cyCPwT94u67ZyW/bDSVX1X3CYOf6n5rJYiVAU/td3NZapzgJ0npuyR2fkn4wzRtAltyhRfH/lqAeOP3lNu46Sf4ee8V8hUxBsgkmRVsLreWEYUd3qi9pq+pz/c/ui+bN8evbzbycrGRZo</wsse:BinarySecurityToken>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-3f8dcdd6-67d1-400c-b8e8-388d9497ecd3">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<xenc11:MGF Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256"
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
</xenc:EncryptionMethod>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#G9736953a-7bcb-4cf1-a0b0-11533ea4a1af" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Pj6jjqrLdfOfq6d6Ka7dc53THfnXfJWCVlRM0/cgCYeyTKFotQXKfO7l/sKZUIy24q6R+GsIBxhe/XaUtI7e/c29qG4KR7ae5BAk/TVjkqczWL2bwKW4LmkSNDtnvD+leKqicxrNclmeNBX7uZXOehOPknzGAaJdyvYqKlJP+FhfkLukeVe/SOLl+A0ZgFssEbNt5GP+swbeM8WvIdjDFDvcUmEDYsnnzFdSRril95SSZZPjkXZ5lkf2tAbItCtKS4Tw/jS2cGiI8QVVOqL68SPXvOptLqINF84SC4Hm39O6QeZ8fYeK1yfRoN+HxoubyYlhHo892mtLiRwtxVs5Yw==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-e7243a30-3d8a-46ab-980f-46223828898e"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id="ED-e7243a30-3d8a-46ab-980f-46223828898e" MimeType="application/gzip" Type="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#EK-3f8dcdd6-67d1-400c-b8e8-388d9497ecd3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherReference URI="cid:message">
<xenc:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</xenc:Transforms>
</xenc:CipherReference>
</xenc:CipherData>
</xenc:EncryptedData>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-1036ee39-1ea1-4110-b91a-c3be5f6e4c65">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="S12"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#phase4-msg-4cbbb938-f78f-457a-9ec6-e1b62082091d">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="S12"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>34DPqvvneIal2D2i0+rHKlM4whkjTgIx93jFhO9a//o=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-cca4e742-9dd7-4e61-bcee-8facc1871bb7">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>MWO5dzi7IfoWhJbdRpzvKaueHVC8/38ryK+uot40yvg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="cid:message">
<ds:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>bSb4AEu5z0SQWPZt9TriUC6EDNMdpVWKq+eImwVp4YA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>I7YGq/MGJvTlh186bH77hSYqdaoFGIQJYsJu0VNmJa3rTPsndIz+3nWeesB9dNcKM9s7vGhzvYVM59GyleGn9T3hN5hYECei4amiurYw0wbkpHkp/34f88tjQvSEFrlQMsOOG46hKv0G1d9hKHkkVPuz0vPtoNNN8obG7zkcR8myy3DUOdIE6Cb1uvUM6IygbWSeseeG1JP+uk9hSO3trw+kiCSXnvGZ37YdFgaIrPGjrUkRbrWuxh04lsmfSuhhC7ONJAE/Acjq2wo+3JISCUK2KIUYObQxEyLP8vQYhkYpW574b5CakzIkk+hCxi6SMX0EKtNwRulpMNQmgAoK9g==</ds:SignatureValue>
<ds:KeyInfo Id="KI-ef9d6b13-c3cb-4035-b189-0da0a1348c0d">
<wsse:SecurityTokenReference wsu:Id="STR-a31a998c-7012-4537-a629-a154ad7f1c0a">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDZTCCAk2gAwIBAgIUHlGckiPB7td1GeChi6ATyNH9Rh4wDQYJKoZIhvcNAQELBQAwQjEcMBoGA1UEAwwTZWludm9pY2luZ2N0XzEyMV9ndzEVMBMGA1UECgwMZUludm9pY2luZ0NUMQswCQYDVQQGEwJCRTAeFw0yNDA4MTQxMzQzMTFaFw0yNTA4MTQxMzQzMTFaMEIxHDAaBgNVBAMME2VpbnZvaWNpbmdjdF8xMjFfZ3cxFTATBgNVBAoMDGVJbnZvaWNpbmdDVDELMAkGA1UEBhMCQkUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKqLXvlbHSKLViaskcz/fquoJGgWTqW8/h9kNhv1/myLxNslUNT3tVSbPorKDJjXYcemhD82dCIi/fWR44c2NXqHkzexVXkCHvo6qWamETYuDdEk1sDGwiZwVxWBZzvasRpLQ6S+LRaFwm3zgcEy7I8GW3tDhOAJ6mqSavjbMCa+nX73n0QX6pGN0YT8AFDDuDJPnW2BiO7tJKXb+FvL9psV1KC/8bmw+mL3+O4kGk0nEZs3eoA7RUNtCLFubdnlEEG2OUL7qBv8MpvzaGSzNngQh/98nx2WwXqzc51VC7wm0zttpKgWiGMtHE9Xtecc8qT4ulKblNNMHmmCWYkNIlAgMBAAGjUzBRMB0GA1UdDgQWBBR1lWbODGODt5AoP3OVUea4eBfGcTAfBgNVHSMEGDAWgBR1lWbODGODt5AoP3OVUea4eBfGcTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCSkLqZP3rFsSDS1boJ4AH43izw4nW0Z4vtPz0lSGRu3RDbrYBReXot4epgYzYoF09tY2LuQPXSlCgDMPl7NEruN7oAftsqJqyG7tKPMLjUpmMjE0jBSQf1HliiBNsli2yHgvEHLziVVEE7mWioL3rW78QxBUwluYMv2/twFf6NWHeopF6BprdoW7qsMeD7eWavUQvPvU/cyCPwT94u67ZyW/bDSVX1X3CYOf6n5rJYiVAU/td3NZapzgJ0npuyR2fkn4wzRtAltyhRfH/lqAeOP3lNu46Sf4ee8V8hUxBsgkmRVsLreWEYUd3qi9pq+pz/c/ui+bN8evbzbycrGRZo</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<eb:Messaging
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
xmlns:ebbp="http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0"
xmlns:ns5="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns6="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xlink="http://www.w3.org/1999/xlink" ns6:mustUnderstand="true" wsu:Id="phase4-msg-4cbbb938-f78f-457a-9ec6-e1b62082091d">
<eb:UserMessage>
<eb:MessageInfo>
<eb:Timestamp>2024-09-05T00:11:15.904+05:00</eb:Timestamp>
<eb:MessageId>112332555-662-44-95fd-470bec2b538e-100@phase4</eb:MessageId>
</eb:MessageInfo>
<eb:PartyInfo>
<eb:From>
<eb:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">einvoicingct_121_gw</eb:PartyId>
<eb:Role>http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/initiator</eb:Role>
</eb:From>
<eb:To>
<eb:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">domibus-gitb</eb:PartyId>
<eb:Role>http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/responder</eb:Role>
</eb:To>
</eb:PartyInfo>
<eb:CollaborationInfo>
<eb:Service type="tc1">bdx:noprocess</eb:Service>
<eb:Action>TC1Leg1</eb:Action>
<eb:ConversationId>phase4@Conv-7468146718074880245</eb:ConversationId>
</eb:CollaborationInfo>
<eb:MessageProperties>
<eb:Property name="originalSender">urn:oasis:names:tc:ebcore:partyid-type:unregistered:C1</eb:Property>
<eb:Property name="finalRecipient">urn:oasis:names:tc:ebcore:partyid-type:unregistered:C4</eb:Property>
</eb:MessageProperties>
<eb:PayloadInfo>
<eb:PartInfo href="cid:message">
<eb:PartProperties>
<eb:Property name="MimeType">text/xml</eb:Property>
<eb:Property name="CompressionType">application/gzip</eb:Property>
</eb:PartProperties>
</eb:PartInfo>
</eb:PayloadInfo>
</eb:UserMessage>
</eb:Messaging>
</S12:Header>
<S12:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-cca4e742-9dd7-4e61-bcee-8facc1871bb7"/>
</S12:Envelope>
and below is soap envelop generated by domibus
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<env:Envelope
xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header>
<eb:Messaging
xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="true" wsu:Id="_187dcb87d3354c28caa8e75ebc358d006a8c8e2c7178d64a0dd4d76f03d908a8c">
<eb:UserMessage mpc="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/defaultMPC">
<eb:MessageInfo>
<eb:Timestamp>2024-09-04T15:13:37.000Z</eb:Timestamp>
<eb:MessageId>99089-662a-441f-95fd-470bec2b538e-100@phase4</eb:MessageId>
</eb:MessageInfo>
<eb:PartyInfo>
<eb:From>
<eb:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">einvoicingct_121_gw</eb:PartyId>
<eb:Role>http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/initiator</eb:Role>
</eb:From>
<eb:To>
<eb:PartyId type="urn:oasis:names:tc:ebcore:partyid-type:unregistered">domibus-gitb</eb:PartyId>
<eb:Role>http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/responder</eb:Role>
</eb:To>
</eb:PartyInfo>
<eb:CollaborationInfo>
<eb:Service type="tc1">bdx:noprocess</eb:Service>
<eb:Action>TC1Leg1</eb:Action>
<eb:ConversationId>421f6474-6ad0-11ef-98e3-0242bf89de83@domibus.eu</eb:ConversationId>
</eb:CollaborationInfo>
<eb:MessageProperties>
<eb:Property name="originalSender">urn:oasis:names:tc:ebcore:partyid-type:unregistered:C1</eb:Property>
<eb:Property name="finalRecipient">urn:oasis:names:tc:ebcore:partyid-type:unregistered:C4</eb:Property>
</eb:MessageProperties>
<eb:PayloadInfo>
<eb:PartInfo href="cid:message">
<eb:PartProperties>
<eb:Property name="MimeType">text/xml</eb:Property>
<eb:Property name="CompressionType">application/gzip</eb:Property>
</eb:PartProperties>
</eb:PartInfo>
</eb:PayloadInfo>
</eb:UserMessage>
</eb:Messaging>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="true">
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-4ef892e5-ac2a-4e69-9971-75b5293b73f1">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<xenc11:MGF Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256"
xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
</xenc:EncryptionMethod>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">KQJK8ttIQHL5cPuKaMUAvEyPhIE=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>HQWScAvwQBSxvM9yjWVO7HkSd7G3F8Ezra4XPVLVFl1ND5S/nAIABfwpO+6ep5aftZEUgbk822tLqwoGQKOdj2DC5lAkAnRm+Y8ZHC/on8vlfOEUud/ZAvA1W+1BsjibiNZn2vxhza4CV2Yfo19I3JhuXuzid9Ek+ACnhaQkJy/N8LESs10QyayOcm3C4991j+e9SofaIjemfgBRgWTO2zx4VU2Af/FHF+56ITG1yX5RdqR99NcTnAYPZRyAXlp9U1X88sUuQGpZq9CdWH7UBxgZu1NHC6Ebs7bARFWrjIi/culPg8tsBDbQbc60b1mZ1PH6l0sgfz1yITA+CpSMIQ==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-ae266151-def8-461d-9ddb-59e1fa18bb2f"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData Id="ED-ae266151-def8-461d-9ddb-59e1fa18bb2f" MimeType="application/gzip" Type="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#EK-4ef892e5-ac2a-4e69-9971-75b5293b73f1"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherReference URI="cid:message">
<xenc:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</xenc:Transforms>
</xenc:CipherReference>
</xenc:CipherData>
</xenc:EncryptedData>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-91aeac9f-eaab-482a-93be-0b515de62da5">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="env"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_287dcb87d3354c28caa8e75ebc358d006a8c8e2c7178d64a0dd4d76f03d908a8c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>fcNqLMKwZbBn+cdh+m0sVH2XBW4s1LBRY92Y7AMLAFM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_187dcb87d3354c28caa8e75ebc358d006a8c8e2c7178d64a0dd4d76f03d908a8c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>L7zKqob2r3kFgVbjtwIedrTr5jB4h8/aUUW7l3LW7G4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="cid:message">
<ds:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>oL7cIOmfjSNB0pKGiiDDw2ea53f2DkXibL5N9uUM9ng=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>B0/HXUA62dRco0vb0KJFKHDa0aEBS+w10q/p7zlBHizwnc5N4mO9//RPDR8JXjkUTxtopqWPCdSQkF/ZqWhfuIfecjJcxutimC0OC701WoeaWxMA8wrSC7LQKmUXT2syYI6TQdm1kGFKjASsSCczk05fRlZbtvieh0YhCc3J2Cb2TqNESbLQKC71FvY/UtrKnXZUxxLghKTMrlB2bHDHICz6mco92pyV+K7NMjxEzUZl+UUTxkRUX6qjCWYqq/z9Z2/9S7Kvx8t18fW4ZR/4OPkCs2zydofTN0hN+zsWL+DLzIRuWlEivYHMP5w2MVwh31XLOugVgWT5bXYxZTlLhA==</ds:SignatureValue>
<ds:KeyInfo Id="KI-052b3f93-defc-4f97-8046-d47ed2b6d036">
<wsse:SecurityTokenReference wsu:Id="STR-e30d5d44-1a2c-4632-92ab-e066632b4077">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">dZVmzgxjg7eQKD9zlVHmuHgXxnE=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</env:Header>
<env:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_287dcb87d3354c28caa8e75ebc358d006a8c8e2c7178d64a0dd4d76f03d908a8c"/>
</env:Envelope>
as you can see there is a bit of difference is security header, domibus is not including token in header also domibus is using wsp policy
<!--
Reference to a Subject Key Identifier
The <wsse:SecurityTokenReference> element contains a <wsse:KeyIdentifier> element that specifies the
token data by means of a X.509 SubjectKeyIdentifier reference.
A subject key identifier MAY only be used to reference an X.509v3 certificate.
-->
<wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"
wsu:Id="eDeliveryAS4Policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:SignBeforeEncrypting/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp-cxf:${algorithmSuitePlaceholder}
xmlns:sp-cxf="http://e-delivery.eu/custom/security-policy"/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts>
<sp:Header
Namespace="http://docs.oasis-open.org/ebxml-msg/ns/v3.0/mf/2010/04/"
Name="MessageFragment"/>
<sp:Header
Namespace="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
Name="Messaging"/>
<sp:Body/>
<sp:Attachments>
<sp13:ContentSignatureTransform/>
</sp:Attachments>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Attachments/>
</sp:EncryptedParts>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefEmbeddedToken/>
</wsp:Policy>
</sp:Wss11>
</wsp:All>
</wsp:ExactlyOne>
there is not much information from the error msg itself, do you see where i am making a mistake?, i have contacted the CEF team and they asking to follow the config in pmmode. i am looking to solve the issue with phase4 as i am already using it on production for peppol. otherwise i will need to setup another app like domibus or oxilis to send einvoice to CEF which i don't want
Regards Khurram shahzad
Thanks for the detailed information. I compared the headers and found the following differences:
The rest looks totally fine for me. Try calling these message on the sender:
cryptParams ().setKeyIdentifierType (ECryptoKeyIdentifierType.SKI_KEY_IDENTIFIER);
signingParams ().setKeyIdentifierType (ECryptoKeyIdentifierType.SKI_KEY_IDENTIFIER);
Hi Philip
Thanks its worked.
Regards
Hi
i am trying to use MainCEFeInvoicingConnectivityTest.java class to send einvoice to CEF but getting the Transport error
look like the payload is fine but issue is in the security policy, CEF has shared their security policy when sending the einvoice, but i am not sure how to upload the pmode.xml file into as4, however when inspecting the SOAP message which is generated through phase4 and domibus there i see one difference
but domibus is generating
look like phase4 is using the whole certificate but domibus is only using subject key identifier how can i change this behavior in phase4
regards Khurram Shahzad