I am trying to send a request via web service (SoapHttpClientProtocol) method. Unfortunately for me, this request requires to have wsse:Security Token in soap header, with signature of request xml, and raw data of public key (as I understand).
Soap exammple how it should be:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soap:mustUnderstand="1">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-D517D5F699516D846F15717371831011">
MIIE_certificate_raw_data_==
</wsse:BinarySecurityToken>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2021-03-15T09:39:43.086Z</wsu:Created>
<wsu:Expires>2021-03-15T09:44:43.086Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-3">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Digest_Value</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Digest_Value</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Signature_Value</ds:SignatureValue>
<ds:KeyInfo Id="KI-D517D5F699516">
<wsse:SecurityTokenReference wsu:Id="STR-D517D5F6">
<wsse:Reference URI="#X509-D517D5F699516D846F" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2">
<Tag1>
<T>12345678</T>
<B>2342</B>
<C>3456345435</C>
</Tag1>
</soap:Body>
</soap:Envelope>
What I have done:
Created class
public class SecurityHeader : SoapHeader, IXmlSerializable
{
public XmlElement Xml { get; set; }
public XmlSchema GetSchema()
{
return null;
}
public void ReadXml(XmlReader reader) { }
public void WriteXml(XmlWriter writer)
{
writer.WriteRaw(Xml.InnerXml);
}
}
added class which adds SecurityHeader
SecurityHeaderExtension : SoapExtension
into web.config:
<system.web>
</system.web>
And finally I am getting soap:Header <wsse_x003A_Security ...> instead of soap:Header <wsse:Security ...>
Can somebody give me a hand of help? I have read a lot links already, with no result at the moment...
UPD:
Partialy solved this issue by:
var requestContext = myWebService.RequestSoapContext;
var token = new Microsoft.Web.Services2.Security.Tokens.X509SecurityToken(certX);
requestContext.Security.Tokens.Add(token);
requestContext.Security.Timestamp.TtlInSeconds = 5;
// Sign the message using the X509 certificate.
var messageSign = new Microsoft.Web.Services2.Security.MessageSignature(token);
messageSign.SignatureOptions = Microsoft.Web.Services2.Security.SignatureOptions.IncludeSoapBody | Microsoft.Web.Services2.Security.SignatureOptions.IncludeTimestamp;
requestContext.Security.Elements.Add(messageSign);
var resp = myWebService.ExecuteCall(req);
Now I have problem with reading response, I am getting error: 'The signature or decryption was invalid'.
As I understand the problem is on my side, but not sure...
Related
I want to create something like below:
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1">
<wsse:BinarySecurityToken EncodingType="…#Base64Binary" ValueType="…#X509v3" wsu:Id="CertId-1776694">
MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0SDGBSDJHBK34...
</wsse:BinarySecurityToken>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-1464350">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue">1JmC1C0FrlPB42xfFKolgaCew5k=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue">
H1b7jH2bHpbrzJXkFS0msdUYycDMH4n6m4oTRtbo4Yk35/JzGcuwUYZ3...
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="STRId-13498124">
<wsse:Reference URI="#CertId-1776694" ValueType="…#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="id-1464350">
...
</SOAP-ENV:Body>
I have the next code:
OperationsClient client = new OperationsClient();
var response = await client.MarketInfoAsync(request);
...
internal partial class OperationsClient
{
static partial void ConfigureEndpoint(ServiceEndpoint serviceEndpoint, ClientCredentials clientCredentials)
{
serviceEndpoint.Address = new EndpointAddress("https://testmisapi.ercot.com/2007-08/Nodal/eEDS/EWS/");
(serviceEndpoint.Binding as BasicHttpBinding).Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
(serviceEndpoint.Binding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.Transport;
clientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, 509FindType.FindBySerialNumber, "XXXXX");
}
}
I recieve the error:
SECU1075: An error was discovered processing the <wsse:Security> header
I have tried changig this:
(serviceEndpoint.Binding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
(serviceEndpoint.Binding as BasicHttpBinding).Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
But in this case I recieve following error:
Could not establish trust relationship for the SSL/TLS secure channel with authority 'testmisapi.ercot.com'.
I have read that I can use IClientMessageInspector but I don't know how can I add the complete Security header.
Thank you very much!
I am trying to modify a XML file. I already delete the part of the XML that I do not need, but now I am trying to append a node from another XML file.
This is my code to delete the node 'saml:AssertionEncrypted' from the XML file:
XmlDocument Doc = new XmlDocument();
Doc.PreserveWhitespace = true;
Doc.Load("XMLAssertionEncrypted.xml");
XmlNamespaceManager ns = new XmlNamespaceManager(Doc.NameTable);
ns.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
XmlNode node = Doc.SelectSingleNode("//saml:EncryptedAssertion", ns);
var list = Doc.DocumentElement.GetElementsByTagName("saml:EncryptedAssertion").OfType<XmlElement>().ToArray();
XmlNode root = Doc.DocumentElement;
foreach(var element in list) {
var parent = element.ParentNode;
if (parent != null) {
parent.RemoveChild(element);
//parent.ReplaceChild(newNodeElement, element); //This neither works
}
}
Now, I want to add the whole Mytest.xml file into XMLAssertionEncrypted.xml, in the same position where was the node deleted before.
XmlDocument newNode = new XmlDocument();
xml.PreserveWhitespace = true;
xml.Load("Mytest.xml");
XmlNode newNodeElement = newNode.DocumentElement.SelectSingleNode("/");
root.InsertAfter(newNodeElement, root.LastChild);
I am getting the error "The specified node cannot be inserted as the valid child of this node, because the specified node is the wrong type."
This is "xmlAssertionEncrypted.xml" once the node is removed:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="mReKMQjpJ81L9Yu" IssueInstant="2019-09-11T13:29:01.254Z" Destination="https://test.com/sso.aspx">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">saml.test.com</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#mFCXf3nW6C7tzReKMQjpJ81L9Yu">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>hwFmHiMyh07qJB88=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue> 73Z/brHijqXg3sRQGsgeZlsnH5JyBj/ADJZgCablLXHBr75wQmZi1AvsLE9e/h3+U7RMalqqx0TI bo8OXA/9ZTdJnF9zWU9hYcFhHBTPF9fGDdsFIg== </ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate> MIIGojCCBYqgAwIBAgIQCEZjQ1QTXW74RfN6KsynzjANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVEaWdpQ2VydCBHbG9iYWwgQ0Eg RzIwHhcNMTkwMjAxMDAwMDAwWhcNMjEwMjAxMTIwMDAwWjB0MQswCQYDVQQGEwJVUzERMA8GA1UE bxAyKah48l0k7uCG4u+WOsvO9edQ+3WjLl7u7oneLqB2mXSccz545tUQJyTFZUVdaTI7E7cy
vmHkx2ubL1gnvSAQ/h5huCoc4zoFHWLdkfDpJzYwjm/rXWfhanaxYlTlYb7ExD09RuUrMS0ahcLt K2nRAx7CD6oLdH6LTCuuZNaaQloK1QBRQWSr5X1Q5v56/VeMVEs8/qd/28y+a4G+Fg== </ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus> QxcV+y50B1E+oV8oHD0c+ZTN1NRGWCfFLPoRhIShIG5QaPpQy1h9E74BO2VohQPhkj9hwRC7qTIb pKXztQi0T2BERs/iDxEEHa9xzY0AjBEqvUoZ8iqbd4IoqcF0+ryWwP+rCR9FPy43aW+U0mvYn2KT N+MA0JSdhLrAD9h1KKQIpXnL64W7QDexiJaXUQ== </ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status>
</samlp:Response>
And I would like to append the new XML node from "Mytest.xml" right after '/samlp:Status' and before '/samlp:Response'.
This is "Mytest.xml" file:
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="zrvyPwcFJXd5nKoaGoVP24Y_KYO" IssueInstant="2019-09-11T13:29:01.257Z" Version="2.0">
<saml:Issuer>saml.test.com</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
<ds:Reference URI="#zrvyPwcFJXd5nKoaGoVP24Y_KYO">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>R2ho2iZU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
051pdJAuf2oHLQQzWN1RW0KLwATj0MRfdy0TLg==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
vmHkx2ubL1gnvSAQ/h5huCoc4zoFHWLdkfDpJzYwjm/rXWfhanaxYlTlYb7ExD09RuUrMS0ahcLt K2nRAx7CD6oLdH6LTCuuZNaaQloK1QBRQWSr5X1Q5v56/VeMVEs8/qd/28y+a4G+Fg==
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
N+MA0JSdhLrAD9h1KKQIpXnL64W7QDexiJaXUQ==
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">835</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2019-09-11T13:30:01.257Z" Recipient="https://test.com/sso.aspx"></saml:SubjectConfirmationData>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2019-09-11T13:28:01.257Z" NotOnOrAfter="2019-09-11T13:30:01.257Z">
<saml:AudienceRestriction>
<saml:Audience>https://test.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2019-09-11T13:29:01.256Z" SessionIndex="P24Y_KYO">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
I managed to consume a java based web service (third party) with WS-Security 1.1 protocol. The web service needs only to be signed over a x509 certificate, not encrypted.
But I'm getting this error:
The signature confirmation elements cannot occur after the primary signature.
The captured server response package looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-501">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-502">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#SigConf-500">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
...
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-...">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-...">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB</ds:X509IssuerName>
<ds:X509SerialNumber>...</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="..." wsu:Id="SigConf-500"/>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-502">
<altaClienteResponse xmlns="...">
<altaClienteReturn>
<codigoError>7</codigoError>
<descripcionError>El código de banco no es válido.</descripcionError>
<idTransaccion xsi:nil="true"/>
</altaClienteReturn>
</altaClienteResponse>
</soapenv:Body>
</soapenv:Envelope>
The server is responding what it should but my app seems not to be interpreting it correctly. It seems that the <wsse11:SignatureConfirmation .../> tag must be before <ds:Signature></ds:Signature> tag.
I couldn't find any reference to a order standard of this.
EDIT: Adding my code.
try
{
var certificate = new X509Certificate2(#"C:\Users\...\cert.pfx", PassKeyStore);
var binding = new CustomBinding();
var security = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
security.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters
{
InclusionMode = SecurityTokenInclusionMode.Never,
ReferenceStyle = SecurityTokenReferenceStyle.Internal,
});
security.RecipientTokenParameters.InclusionMode = SecurityTokenInclusionMode.Never;
security.RecipientTokenParameters.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
security.MessageSecurityVersion =
MessageSecurityVersion.
WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
security.IncludeTimestamp = false;
security.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
security.RequireSignatureConfirmation = true;
security.AllowSerializedSigningTokenOnReply = true;
binding.Elements.Add(security);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement());
var client = new SistarbancService.WsMediosPagoClient(binding, new EndpointAddress(new Uri(UrlSistarbanc), new DnsEndpointIdentity("..."), new AddressHeaderCollection()));
client.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2("C:\\Users\\...\\servidor.cer");
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =
System.ServiceModel.Security.X509CertificateValidationMode.None;
client.ClientCredentials.ClientCertificate.Certificate = certificate;
client.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
var response = await client.altaClienteAsync("XXX", "0", "0", "0", "0", "0");
}
catch (Exception ex)
{
}
The exception is thrown by the ReceiveSecurityHeader class - see the source code of it here:
https://referencesource.microsoft.com/#system.servicemodel/system/servicemodel/Security/ReceiveSecurityHeader.cs
Search for SignatureConfirmationsOccursAfterPrimarySignature and see this line:
if (this.orderTracker.PrimarySignatureDone)
{
throw TraceUtility.ThrowHelperError(new MessageSecurityException(SR.GetString(SR.SignatureConfirmationsOccursAfterPrimarySignature)), this.Message);
}
I can't find any references to any kind of standard supporting this either...
You might be better off asking this question to Microsoft.
I am posting a GZip compressed SOAP request to IRS ACA webservice using httpClient. Below you will find the SOAP request. I get boundary error quoted below. Can anyone point to problems with my request?
Multipart stream ended before a terminating boundary was encountered
POST URL HTTP/1.1
SOAPAction: BulkRequestTransmitter
Accept-Encoding: gzip, deflate
Content-Type: multipart/related; type="application/xop + xml"; start="< http://tempuri.org/SOAP>"; start-info="text/xml"; boundary="------------030003010806000401010306"
MIME-Version: 1.0
Host: HOST
Content-Length: 17797
Expect: 100-continue
Connection: Keep-Alive
--------------030003010806000401010306
Content-Type: application/xop+xml; type="text/xml"; charset=utf-8
Content-ID: <http://tempuri.org/SOAP>
Content-Transfer-Encoding: 8bit
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header soap:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Security>
<ds:Signature Id="SIG-9c4e3c69-8d46-4868-90ce-6f3a8e6585b2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#TS-7b0551e0-3c09-44e5-9de8-e1e55db97921">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="ds" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Reference1DigestValue</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-77b05a65-5962-4ad3-9987-068ff21bc387">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Reference2DigestValue=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-c0901773-b32f-4870-a934-6812ad67f5a6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Reference3DigestValue=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SignedInfo Signature Value</ds:SignatureValue>
<ds:KeyInfo Id="KI-e3234134-1755-481b-a113-49ab4b692d94">
<wsse:SecurityTokenReference wsu:Id="STR-2a97bc36-9cb7-482d-90bb-2769b971d362">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">Public Key</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-7b0551e0-3c09-44e5-9de8-e1e55db97921">
<wsu:Created>2016-03-07T16:25:11Z</wsu:Created>
<wsu:Expires>2016-03-07T16:35:11Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<ACATrnsmtManifestReqDtlType xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" wsu:Id="id-77b05a65-5962-4ad3-9987-068ff21bc387" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<PaymentYr xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">2015</PaymentYr>
<PriorYearDataInd xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">0</PriorYearDataInd>
<EIN xmlns="urn:us:gov:treasury:irs:common">EIN</EIN>
<TransmissionTypeCd xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">O</TransmissionTypeCd>
<TestFileCd xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">T</TestFileCd>
<TransmitterNameGrp xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">
<BusinessNameLine1Txt>Busness Name</BusinessNameLine1Txt>
</TransmitterNameGrp>
<CompanyInformationGrp xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">
<CompanyNm>Busness Name</CompanyNm>
<MailingAddressGrp>
<USAddressGrp>
<AddressLine1Txt>Street Address</AddressLine1Txt>
<CityNm xmlns="urn:us:gov:treasury:irs:common">City</CityNm>
<USStateCd>State</USStateCd>
<USZIPCd xmlns="urn:us:gov:treasury:irs:common">Zip</USZIPCd>
</USAddressGrp>
</MailingAddressGrp>
<ContactNameGrp>
<PersonFirstNm>FirstName</PersonFirstNm>
<PersonLastNm>Last Name</PersonLastNm>
</ContactNameGrp>
<ContactPhoneNum>Contact Phone</ContactPhoneNum>
</CompanyInformationGrp>
<VendorInformationGrp xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">
<VendorCd>I</VendorCd>
<ContactNameGrp>
<PersonFirstNm>FirstName</PersonFirstNm>
<PersonLastNm>Last Name</PersonLastNm>
</ContactNameGrp>
<ContactPhoneNum>Contact Phone</ContactPhoneNum>
</VendorInformationGrp>
<TotalPayeeRecordCnt xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">2</TotalPayeeRecordCnt>
<TotalPayerRecordCnt xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">1</TotalPayerRecordCnt>
<SoftwareId xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">15A0000488</SoftwareId>
<FormTypeCd xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">1094/1095B</FormTypeCd>
<BinaryFormatCd xmlns="urn:us:gov:treasury:irs:common">application/xml</BinaryFormatCd>
<ChecksumAugmentationNum xmlns="urn:us:gov:treasury:irs:common">HASH</ChecksumAugmentationNum>
<AttachmentByteSizeNum xmlns="urn:us:gov:treasury:irs:common">8919</AttachmentByteSizeNum>
<DocumentSystemFileNm xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">1094B_Request_TCC_Timestamp.xml</DocumentSystemFileNm>
</ACATrnsmtManifestReqDtlType>
<ACABulkBusinessHeaderRequestType xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" wsu:Id="id-c0901773-b32f-4870-a934-6812ad67f5a6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<UniqueTransmissionId xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">UniqueTransmissionId</UniqueTransmissionId>
<Timestamp xmlns="urn:us:gov:treasury:irs:common">2016-03-07T08:25:08Z</Timestamp>
</ACABulkBusinessHeaderRequestType>
</soap:Header>
<soap:Body>
<ns0:ACABulkRequestTransmitter xmlns:ns0="urn:us:gov:treasury:irs:msg:irsacabulkrequesttransmitter" version="1.0">
<ns1:BulkExchangeFile xmlns:ns1="urn:us:gov:treasury:irs:common">
<xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="cid:1094B_Request_TCC_Timestamp.xml" />
</ns1:BulkExchangeFile>
</ns0:ACABulkRequestTransmitter>
</soap:Body>
</soap:Envelope>
--------------030003010806000401010306
Content-Type: application/xml
Content-ID: 1094B_Request_TCC_Timestamp.xml
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; name="1094B_Request_TCC_Timestamp.xml"
name: 1094B_Request_TCC_Timestamp.xml
<Form109495BTransmittalUpstream xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:us:gov:treasury:irs:msg:form1094-1095Btransmitterupstreammessage">
<Form1094BUpstreamDetail recordType="" lineNum="0" xmlns="urn:us:gov:treasury:irs:ext:aca:air:7.0">
<SubmissionId>1</SubmissionId>
<TaxYr xmlns="urn:us:gov:treasury:irs:common">2015</TaxYr>
<BusinessName>
<BusinessNameLine1Txt>FilerBusinessName</BusinessNameLine1Txt>
</BusinessName>
<TINRequestTypeCd xmlns="urn:us:gov:treasury:irs:common">BUSINESS_TIN</TINRequestTypeCd>
<EmployerEIN xmlns="urn:us:gov:treasury:irs:common">000000151</EmployerEIN>
<ContactNameGrp>
<PersonFirstNm>TestFirstName</PersonFirstNm>
<PersonLastNm>TestLastName</PersonLastNm>
</ContactNameGrp>
<ContactPhoneNum>Phone</ContactPhoneNum>
<MailingAddressGrp>
<USAddressGrp>
<AddressLine1Txt>StreetAddress</AddressLine1Txt>
<CityNm xmlns="urn:us:gov:treasury:irs:common">City</CityNm>
<USStateCd>State</USStateCd>
<USZIPCd xmlns="urn:us:gov:treasury:irs:common">Zip</USZIPCd>
</USAddressGrp>
</MailingAddressGrp>
<Form1095BAttachedCnt>2</Form1095BAttachedCnt>
<Form1095BUpstreamDetail recordType="" lineNum="0">
<RecordId>1</RecordId>
<CorrectedInd>0</CorrectedInd>
<TaxYr xmlns="urn:us:gov:treasury:irs:common">2015</TaxYr>
<ResponsibleIndividualGrp>
<ResponsibleIndividualName>
<PersonFirstNm>TestFirstName</PersonFirstNm>
<PersonMiddleNm>TestMiddleName</PersonMiddleNm>
<PersonLastNm>TestLastName</PersonLastNm>
</ResponsibleIndividualName>
<TINRequestTypeCd xmlns="urn:us:gov:treasury:irs:common">INDIVIDUAL_TIN</TINRequestTypeCd>
<SSN xmlns="urn:us:gov:treasury:irs:common">000000101</SSN>
<MailingAddressGrp>
<USAddressGrp>
<AddressLine1Txt>StreetAddress</AddressLine1Txt>
<CityNm xmlns="urn:us:gov:treasury:irs:common">City</CityNm>
<USStateCd>State</USStateCd>
<USZIPCd xmlns="urn:us:gov:treasury:irs:common">Zip</USZIPCd>
</USAddressGrp>
</MailingAddressGrp>
<PolicyOriginCd>D</PolicyOriginCd>
</ResponsibleIndividualGrp>
<SponsoringEmployerInfoGrp />
<IssuerInfoGrp>
<BusinessName>
<BusinessNameLine1Txt>BusinessName</BusinessNameLine1Txt>
</BusinessName>
<TINRequestTypeCd xmlns="urn:us:gov:treasury:irs:common">BUSINESS_TIN</TINRequestTypeCd>
<EIN xmlns="urn:us:gov:treasury:irs:common">000000151</EIN>
<ContactPhoneNum>Phone</ContactPhoneNum>
<MailingAddressGrp>
<USAddressGrp>
<AddressLine1Txt>StreetAddress</AddressLine1Txt>
<CityNm xmlns="urn:us:gov:treasury:irs:common">City</CityNm>
<USStateCd>State</USStateCd>
<USZIPCd xmlns="urn:us:gov:treasury:irs:common">Zip</USZIPCd>
</USAddressGrp>
</MailingAddressGrp>
</IssuerInfoGrp>
<CoveredIndividualGrp>
<CoveredIndividualName>
<PersonFirstNm>TestFirstName</PersonFirstNm>
<PersonMiddleNm>TestMiddleName</PersonMiddleNm>
<PersonLastNm>TestLastName</PersonLastNm>
</CoveredIndividualName>
<TINRequestTypeCd xmlns="urn:us:gov:treasury:irs:common">INDIVIDUAL_TIN</TINRequestTypeCd>
<SSN xmlns="urn:us:gov:treasury:irs:common">000000101</SSN>
<CoveredIndividualAnnualInd>1</CoveredIndividualAnnualInd>
<CoveredIndividualMonthlyIndGrp>
<JanuaryInd>0</JanuaryInd>
<FebruaryInd>0</FebruaryInd>
<MarchInd>0</MarchInd>
<AprilInd>0</AprilInd>
<MayInd>0</MayInd>
<JuneInd>0</JuneInd>
<JulyInd>0</JulyInd>
<AugustInd>0</AugustInd>
<SeptemberInd>0</SeptemberInd>
<OctoberInd>0</OctoberInd>
<NovemberInd>0</NovemberInd>
<DecemberInd>0</DecemberInd>
</CoveredIndividualMonthlyIndGrp>
</CoveredIndividualGrp>
<CoveredIndividualGrp>
<CoveredIndividualName>
<PersonFirstNm>TestFirstName</PersonFirstNm>
<PersonLastNm>TestLastName</PersonLastNm>
</CoveredIndividualName>
<TINRequestTypeCd xmlns="urn:us:gov:treasury:irs:common">INDIVIDUAL_TIN</TINRequestTypeCd>
<SSN xmlns="urn:us:gov:treasury:irs:common">000000102</SSN>
<CoveredIndividualAnnualInd>1</CoveredIndividualAnnualInd>
<CoveredIndividualMonthlyIndGrp>
<JanuaryInd>0</JanuaryInd>
<FebruaryInd>0</FebruaryInd>
<MarchInd>0</MarchInd>
<AprilInd>0</AprilInd>
<MayInd>0</MayInd>
<JuneInd>0</JuneInd>
<JulyInd>0</JulyInd>
<AugustInd>0</AugustInd>
<SeptemberInd>0</SeptemberInd>
<OctoberInd>0</OctoberInd>
<NovemberInd>0</NovemberInd>
<DecemberInd>0</DecemberInd>
</CoveredIndividualMonthlyIndGrp>
</CoveredIndividualGrp>
</Form1095BUpstreamDetail>
<Form1095BUpstreamDetail recordType="" lineNum="0">
<RecordId>2</RecordId>
<CorrectedInd>0</CorrectedInd>
<TaxYr xmlns="urn:us:gov:treasury:irs:common">2015</TaxYr>
<ResponsibleIndividualGrp>
<ResponsibleIndividualName>
<PersonFirstNm>TestFirstName</PersonFirstNm>
<PersonLastNm>TestLastName</PersonLastNm>
</ResponsibleIndividualName>
<BirthDt xmlns="urn:us:gov:treasury:irs:common">1973-02-06</BirthDt>
<MailingAddressGrp>
<USAddressGrp>
<AddressLine1Txt>StreetAddress</AddressLine1Txt>
<CityNm xmlns="urn:us:gov:treasury:irs:common">City</CityNm>
<USStateCd>State</USStateCd>
<USZIPCd xmlns="urn:us:gov:treasury:irs:common">Zip</USZIPCd>
</USAddressGrp>
</MailingAddressGrp>
<PolicyOriginCd>D</PolicyOriginCd>
</ResponsibleIndividualGrp>
<SponsoringEmployerInfoGrp />
<IssuerInfoGrp>
<BusinessName>
<BusinessNameLine1Txt>BusinessName</BusinessNameLine1Txt>
</BusinessName>
<TINRequestTypeCd xmlns="urn:us:gov:treasury:irs:common">BUSINESS_TIN</TINRequestTypeCd>
<EIN xmlns="urn:us:gov:treasury:irs:common">000000151</EIN>
<ContactPhoneNum>Phone</ContactPhoneNum>
<MailingAddressGrp>
<USAddressGrp>
<AddressLine1Txt>StreetAddress</AddressLine1Txt>
<CityNm xmlns="urn:us:gov:treasury:irs:common">City</CityNm>
<USStateCd>State</USStateCd>
<USZIPCd xmlns="urn:us:gov:treasury:irs:common">Zip</USZIPCd>
</USAddressGrp>
</MailingAddressGrp>
</IssuerInfoGrp>
<CoveredIndividualGrp>
<CoveredIndividualName>
<PersonFirstNm>TestFirstName</PersonFirstNm>
<PersonLastNm>TestLastName</PersonLastNm>
</CoveredIndividualName>
<BirthDt xmlns="urn:us:gov:treasury:irs:common">DOB</BirthDt>
<CoveredIndividualAnnualInd>0</CoveredIndividualAnnualInd>
<CoveredIndividualMonthlyIndGrp>
<JanuaryInd>0</JanuaryInd>
<FebruaryInd>0</FebruaryInd>
<MarchInd>0</MarchInd>
<AprilInd>0</AprilInd>
<MayInd>0</MayInd>
<JuneInd>1</JuneInd>
<JulyInd>1</JulyInd>
<AugustInd>1</AugustInd>
<SeptemberInd>1</SeptemberInd>
<OctoberInd>1</OctoberInd>
<NovemberInd>1</NovemberInd>
<DecemberInd>1</DecemberInd>
</CoveredIndividualMonthlyIndGrp>
</CoveredIndividualGrp>
<CoveredIndividualGrp>
<CoveredIndividualName>
<PersonFirstNm>TestFirstName</PersonFirstNm>
<PersonLastNm>TestLastName</PersonLastNm>
</CoveredIndividualName>
<TINRequestTypeCd xmlns="urn:us:gov:treasury:irs:common">INDIVIDUAL_TIN</TINRequestTypeCd>
<SSN xmlns="urn:us:gov:treasury:irs:common">000000120</SSN>
<CoveredIndividualAnnualInd>0</CoveredIndividualAnnualInd>
<CoveredIndividualMonthlyIndGrp>
<JanuaryInd>0</JanuaryInd>
<FebruaryInd>0</FebruaryInd>
<MarchInd>0</MarchInd>
<AprilInd>0</AprilInd>
<MayInd>0</MayInd>
<JuneInd>1</JuneInd>
<JulyInd>1</JulyInd>
<AugustInd>1</AugustInd>
<SeptemberInd>1</SeptemberInd>
<OctoberInd>1</OctoberInd>
<NovemberInd>1</NovemberInd>
<DecemberInd>1</DecemberInd>
</CoveredIndividualMonthlyIndGrp>
</CoveredIndividualGrp>
</Form1095BUpstreamDetail>
</Form1094BUpstreamDetail>
</Form109495BTransmittalUpstream>
--------------030003010806000401010306--
Sorry, I did not see your comments on the other post.
Unfortunately, I don't recall what exactly I had to do to fix the issue I reported in this post. I've had to go through a lot of iterations of code trying different things in order to get to where I am, and I'm still somewhere in the last half of the tunnel that is this project.
However, in reviewing what you posted and comparing against what I (currently) have working (with errors, but not the above error), try removing the two extra dash characters from beginning of your boundary definition.
You defined your MIME boundary as --------------030003010806000401010306 but the references in your parts have two extra dashes at the beginning of your reference.
Here's what I have in my current "working" code.
I have my boundary set to something simple: MIME_boundary.
In the MIME Header prior to the SOAP Envelope root element AND prior to the start of the FormData file, it says --MIME_boundary.
Then, at the bottom of the request, it says --MIME_boundary--.
I have a program that needs to validate xml signatures, I have not had any troubles until a provider sent me one xml with a strange format and my code couldn't validate it's signature.
public bool Validate(XmlDocument p_doc)
{
XmlNamespaceManager l_nsManager = new XmlNamespaceManager(new NameTable());
l_nsManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
XmlElement l_signatureElement = p_doc.SelectSingleNode("//ds:Signature", l_nsManager) as XmlElement;
SignedXml l_signed = new SignedXml(p_doc);
l_signed.LoadXml(l_signatureElement);
return l_signed.CheckSignature();
}
The method CheckSignature returns false, and I know it is a valid document.
The xml I am trying to validate:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><EnvioCFE_entreEmpresas xmlns="http://cfe.dgi.gub.uy" xmlns:ns2="http://www.w3.org/2001/04/xmlenc#" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0" xsi:schemaLocation="http://cfe.dgi.gub.uy EnvioCFE_entreEmpresasv1.32.xsd"><Caratula version="1.0"><RutReceptor>211162510010</RutReceptor><RUCEmisor>213217030011</RUCEmisor><Idemisor>58653</Idemisor><CantCFE>1</CantCFE><Fecha>2014-10-27T09:02:01.184-03:00</Fecha><X509Certificate>MIIF1zCCA7+gAwIBAgIQSzsXgTwTfUNTXrVmLRLoJTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJVWTErMCkGA1UECgwiQURNSU5JU1RSQUNJT04gTkFDSU9OQUwgREUgQ09SUkVPUzEfMB0GA1UECwwWU0VSVklDSU9TIEVMRUNUUk9OSUNPUzEdMBsGA1UEAwwUQ29ycmVvIFVydWd1YXlvIC0gQ0EwHhcNMTQwNDI4MjAwOTEwWhcNMTUwNDI4MjAwOTEwWjCBrjEsMCoGCSqGSIb3DQEJARYdam9yZ2UucGFuemVyYUB1eS5yc2Fncm91cC5jb20xDDAKBgNVBAoMA1JTQTETMBEGA1UECAwKTW9udGV2aWRlbzELMAkGA1UEBhMCVVkxGDAWBgNVBAUTD1JVQzIxMzIxNzAzMDAxMTE0MDIGA1UEAwwrUk9ZQUwgJiBTVU4gQUxMSUFOQ0UgU0VHVVJPUyAoVVJVR1VBWSkgUy5BLjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqhNCuOvb7x4Yr/0UAhvGG4TkgDc4G8zraH4KD6Rzm57npoGRpmFui+4ZcH/FxLVY906jkmn6YEEbu4O3CGep3/D9h60WAwSe29lDNyPVRNfnTy+syM9z+vVhwF5jqR3Eor1RuzkKqULPxWb45+KVq0dC/qsCQ9tMTQruWP/VIo0CAwEAAaOCAaYwggGiMGIGA1UdEQRbMFmgOAYKKwYBBAGCNxQCA6AqDChJREUyNTc2MjE0Mi9KT1JHRSBSQVVMIFBBTlpFUkEgVkFMU0VDQ0hJgR1qb3JnZS5wYW56ZXJhQHV5LnJzYWdyb3VwLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwID+DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBRgMymkjJgcwBUXEzR+4I4t1s+2JjAfBgNVHSMEGDAWgBQlj99DL45qugu+RlxXUJO3Ub782TBUBgNVHSAETTBLMEkGDCsGAQQBgfVPAQEBBDA5MDcGCCsGAQUFBwIBFitodHRwOi8vd3d3LmNvcnJlby5jb20udXkvY29ycmVvY2VydC9jcHMucGRmMBgGDSsGAQQBgfVPAQEBBAEEBwwFRGlzY28wPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL3d3dy5jb3JyZW8uY29tLnV5L0NvcnJlb0NlcnQvYW5jLmNybDANBgkqhkiG9w0BAQUFAAOCAgEAYAfbCj+/9Q6gPRTJG8Y2UmP23wG/R9zC/A+NieOVKo5PFM4lL72EJgUCSKHG//WiMHykH2KmmHOiv1Gq6uwMb/V5kTx3MACgppe2+GmIdRMP/rdeAzgdMLFZgfzaMNdZg5Y2lec3L6ObfTEeDspwurAJlv1rDnyJDmV+AfFgzJHRBzHGsef8WPDm6IIWQzRuhnkHlec2TU7AUh2ucFt3/EEF8v0I9ak4S8CTaY0yzjHHES+QN6aC1RWN3CVloyt5PWT4U06P4FXqg/MYlhFkvUF+KBcMEx0sxVboexR74QQ7vYg5UrTcZEGqbbljF4EiIkxpB3t60CL/t/7OVVfL9JzjbRwm2r65dBUFSnHviWG9dbzMA7G4Fj9UuD6rV829OfIH4u/BsHgA/nezzbmO7pDa/anf6/UX5Rt8F0IdgkVbMqkBrftzHTkXqF1QQBp5ytUb0skFxYWQeHXt+QUIPU/M5Grd/N5QqraNAf96Mhg3kPlpzYeVaD3MEkSBsG4IaZZZtj2ZREq0matEwiEMaakb6SOMpg4jeVOqzsymqMIAisSUwEYhjFEYnMWxUXUang+jG242NxHEG7muw6UHyl+yW1iF1+Jm8vqllcZny1QfAM8JFJp63Sw0M9E0jZetSpZ3eYvzcduumYvu3+Quo3T2QcDgnl3CNAWVkevg7jo=</X509Certificate></Caratula><ns2:CFE_Adenda xmlns="http://tilsor.com.uy/#StringAdenda" xmlns:ns2="http://cfe.dgi.gub.uy" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:ns4="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://cfe.dgi.gub.uy CFEEmpresas_v1.20.xsd"><CFE xmlns="http://cfe.dgi.gub.uy" xmlns:ns2="http://www.w3.org/2001/04/xmlenc#" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0" xsi:schemaLocation="http://cfe.dgi.gub.uy CFEDGI_v1.19.xsd"><eFact><TmstFirma>2014-10-20T08:56:38.167-03:00</TmstFirma><Encabezado><IdDoc><TipoCFE>111</TipoCFE><Serie>A</Serie><Nro>20003</Nro><FchEmis>2014-10-16</FchEmis><PeriodoDesde>2014-06-30</PeriodoDesde><PeriodoHasta>2015-06-30</PeriodoHasta><FmaPago>1</FmaPago></IdDoc><Emisor><RUCEmisor>213217030011</RUCEmisor><RznSoc>Royal & SunAlliance (Uruguay) S.A.</RznSoc><NomComercial>Royal & SunAlliance Uruguay SA</NomComercial><GiroEmis>Seguros</GiroEmis><Telefono>29170505</Telefono><CorreoEmisor>dgi_cfe#uy.rsagroup.com</CorreoEmisor><EmiSucursal>RSA UY</EmiSucursal><CdgDGISucur>1</CdgDGISucur><DomFiscal>Sarandi 620</DomFiscal><Ciudad>Montevideo</Ciudad><Departamento>Montevideo</Departamento></Emisor><Receptor><TipoDocRecep>2</TipoDocRecep><CodPaisRecep>UY</CodPaisRecep><DocRecep>211162510010</DocRecep><RznSocRecep>PUNTO LUZ S.A.</RznSocRecep><DirRecep> SORIANO 1032</DirRecep><CiudadRecep>MONTEVIDEO</CiudadRecep><DeptoRecep>MONTEVIDEO</DeptoRecep><CP>0</CP></Receptor><Totales><TpoMoneda>UYU</TpoMoneda><TpoCambio>1.0000</TpoCambio><MntNoGrv>0.00</MntNoGrv><MntExpoyAsim>0.00</MntExpoyAsim><MntImpuestoPerc>0.00</MntImpuestoPerc><MntIVaenSusp>0.00</MntIVaenSusp><MntNetoIvaTasaMin>0.00</MntNetoIvaTasaMin><MntNetoIVATasaBasica>14754.10</MntNetoIVATasaBasica><MntNetoIVAOtra>0.00</MntNetoIVAOtra><IVATasaMin>10</IVATasaMin><IVATasaBasica>22</IVATasaBasica><MntIVATasaMin>0.00</MntIVATasaMin><MntIVATasaBasica>3245.90</MntIVATasaBasica><MntIVAOtra>0.00</MntIVAOtra><MntTotal>18000.00</MntTotal><MntTotRetenido>0.00</MntTotRetenido><CantLinDet>1</CantLinDet><MontoNF>0.00</MontoNF><MntPagar>18000.00</MntPagar></Totales></Encabezado><Detalle><Item><NroLinDet>1</NroLinDet><IndFact>3</IndFact><IndAgenteResp>R</IndAgenteResp><NomItem>DEDUCIBLE AUTOMOVILES/FLOTAS</NomItem><DscItem>POLIZA 619064</DscItem><Cantidad>1</Cantidad><UniMed>Unid</UniMed><PrecioUnitario>14754.10</PrecioUnitario><DescuentoPct>0.00</DescuentoPct><DescuentoMonto>0.00</DescuentoMonto><RecargoPct>0.00</RecargoPct><RecargoMnt>0.00</RecargoMnt><MontoItem>14754.10</MontoItem></Item></Detalle><DscRcgGlobal></DscRcgGlobal><MediosPago><MedioPago><NroLinMP>1</NroLinMP><GlosaMP>EFECTIVO</GlosaMP><ValorPago>18000.00</ValorPago></MedioPago></MediosPago><Referencia></Referencia><CAEData><CAE_ID>90140013992</CAE_ID><DNro>1</DNro><HNro>25000</HNro><FecVenc>2016-06-16</FecVenc></CAEData></eFact><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>
not(ancestor-or-self::ds:Signature)
</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>Z1wbJ/j3XZ9IuC1d4SYnq2Y7pjE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
de1w5zlI7BdJjdBpvTR/0aaDmonR7ICEVNEjvJDGk6MsvI8vs93M+wXIDcKJvm5RuRlrlR7W0TGY
8xP1WuiChOcAl5Fje9ExrvS1HPc+5NsguDFwGCBRWxs1gZP8coTkH596/cYsscM1I7XexoRLXHWS
TdghDNUJv7vNVQFTTXU=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Correo Uruguayo - CA,OU=SERVICIOS ELECTRONICOS,O=ADMINISTRACION NACIONAL DE CORREOS,C=UY</ds:X509IssuerName>
<ds:X509SerialNumber>99998921932968755343991161283803277349</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>qhNCuOvb7x4Yr/0UAhvGG4TkgDc4G8zraH4KD6Rzm57npoGRpmFui+4ZcH/FxLVY906jkmn6YEEbu4O3CGep3/D9h60WAwSe29lDNyPVRNfnTy+syM9z+vVhwF5jqR3Eor1RuzkKqULPxWb45+KVq0dC/qsCQ9tMTQruWP/VIo0=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature></CFE><ns2:Adenda><data>PGRzQ0ZFIHhtbG5zPSJodHRwOi8vY2ZlLmRnaS5ndWIudXkiPg0KICA8ZGF0b3NBZGVuZGE+DQogICAgPGxleWVuZGFzPg0KICAgICAgPGNvbnN0YW5jaWFJVkE+SVZBIGFsIGTDrWE8L2NvbnN0YW5jaWFJVkE+DQogICAgICA8cmVzb2x1Y2lvbj5SZXMuIDY5NS8yMDE0PC9yZXNvbHVjaW9uPg0KICAgICAgPHZlcmlmaWNhckNvbXByb2JhbnRlPlB1ZWRlIHZlcmlmaWNhciBjb21wcm9iYW50ZSBlbiBodHRwczovL3d3dy5lZmFjdHVyYS5kZ2kuZ3ViLnV5LzwvdmVyaWZpY2FyQ29tcHJvYmFudGU+DQogICAgPC9sZXllbmRhcz4NCiAgICA8ZGF0b3NFeHRyYVJTQT4NCiAgICAgIDxyZWZEb2M+NzY2MDI0NjwvcmVmRG9jPg0KICAgIDwvZGF0b3NFeHRyYVJTQT4NCiAgPC9kYXRvc0FkZW5kYT4NCjwvZHNDRkU+</data></ns2:Adenda></ns2:CFE_Adenda></EnvioCFE_entreEmpresas>
Thanks in advance for any anwser or suggestion