1

The Dutch government moved there datacenter, Digipoort WUS, to a new location and I can't get the new server to accept the XML. They indicated that, besides that, they now only accept WS-Addressing 1.0 with namespace http://www.w3.org/2005/08/addressing where they no longer support the older namespace http://schemas.xmlsoap.org/ws/2004/08/addressing. This said, the error message on submission is very unclear to me. I did some tests by on-purpose send invalid BinarySecurityToken , DigestValue's and SignatureValue. Those errors where much more clearly and therefore maybe indicating that at least -a whole lot- of the XML is correct.

The error which I keep getting back is, translated from Dutch; Generall error; Procesinfrastructure The request is not conform the coupling spec and therefore not accepted at Digipoort. The error which is occurred:

security.wssecurity.WSSContextImpl.s02: 
com.ibm.websphere.security.WSSecurityException: Exception 
org.apache.axis2.AxisFault ocurred while running action: 
[email protected]7a

If I, for example send an invalid BinarySecurityToken it reports a same general Procesinfrastructure error. but it gives a more clear message as;

The request is not conform coupling spec and therefore not accepted at Digipoort. The error which is occurred: The message does not contain a valid digital signature; *ASN.1 parse of certificate failed*

So, the error, to me it seems to indicate a way different fault. Anyone familiair with such errors or does someone have any clue what can be causing this error?

The client is built on a LAMP server. As said it worked fine before the government moved the Digipoort WUS to a new server/location. The XML already was based on WS-Addressing 1.0 with namespace http://www.w3.org/2005/08/addressing and was accepted previously.

The SoapClient is built on overriding the php SoapClient. I think I can control lots of things but I have no idea what I need to change. The error message 'seems' to indicate an security issue. That's why I started to send wrong values in the BinarySecurityToken , DigestValue's and SignatureValue fields. Anyway the server pointed out clearly those errors, like ASN.1 parse of certificate failed, Hash values do not match and Decode signature failed

The submitted request and response XML;

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://logius.nl/digipoort/koppelvlakservices/1.2/">
  <SOAP-ENV:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="Security-Token-c07209cb-a1ef-2922-0000-4a3268f1d48e">MIIKEDCCB/igAwIBAgIUauBm+TiDL5cLsie92JiTYejiMyIwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAk5MMSAwHgYDVQQKDBdRdW9WYWRpcyBUcnVzdGxpbmsgQi5WLjEXMBUGA1UEYQwOTlRSTkwtMzAyMzc0NTkxODA2BgNVBAMML1F1b1ZhZGlzIFBLSW92ZXJoZWlkIE9yZ2FuaXNhdGllIFNlcnZlciBDQSAtIEczMB4XDTE4MDMyNjEwNTc0NloXDTIwMDMyNjExMDcwMFowezEdMBsGA1UEBRMUMDAwMDAwMDM1NjMxNzQzMzAwMDAxCzAJBgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxEDAOBgNVBAcMB01vbnN0ZXIxEDAOBgNVBAoMB0lubm8gM0QxEjAQBgNVBAMMCWlubG9vbi5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIMpMHz+ZJ1W+PEgStNLF/eqYFKZ5I9DAiOIF+Zplm8xErGqQ1QJy10pnP/jSj+/jlpVMkqqZK6bN9WOHpB0+0/vVOIavwaUobXWW5E6a/On9TeBQ/SV0zDVf7ocLj8lua+b068ozyWOsT49tijkJx6NaXrqeQkelP/fIC+66vRm3NEriMz8W4ShQ/jcXbzToISUxml/YmUrlEiMAsX9iaAeJ+Xr8DMPLzv5YvSDRoPxkbLXuq7u3bx8cqPLVmQ8mZPFRcrR5QtdWXdta+EyKFliPvSTAy5zxIFL4cqV5kAClPhGrTo8Xp7U5amJaCqkuP5ztAigXCPd2wzEX9HpX9UCAwEAAaOCBYIwggV+MHsGCCsGAQUFBwEBBG8wbTA8BggrBgEFBQcwAoYwaHR0cDovL3RydXN0LnF1b3ZhZGlzZ2xvYmFsLmNvbS9wa2lvc2VydmVyZzMuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vc2wub2NzcC5xdW92YWRpc2dsb2JhbC5jb20wHQYDVR0OBBYEFN0TxuUkEpo9uXbcZh5IUCou7tRjMB8GA1UdIwQYMBaAFLfp0On/Zw7ZnAwHLpfUfkt5ePQgMIIBOgYDVR0gBIIBMTCCAS0wggEfBgpghBABh2sBAgUGMIIBDzA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5jb20vcmVwb3NpdG9yeTCB1gYIKwYBBQUHAgIwgckMgcZSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHJlbGV2YW50IFF1b1ZhZGlzIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IGFuZCBvdGhlciBkb2N1bWVudHMgaW4gdGhlIFF1b1ZhZGlzIHJlcG9zaXRvcnkgKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tKS4wCAYGZ4EMAQICMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3BraW9zZXJ2ZXJnMy5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATApBgNVHREEIjAggglpbmxvb24ubmyCCGluZXBkLm5sgglpbm5vM2QubmwwggLkBgorBgEEAdZ5AgQCBIIC1ASCAtACzgB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABYmH+HT0AAAQDAEcwRQIgBqyqhO4hTH2dOe2IhbJogwcQwYGj0Rn7tH4hKf+7gswCIQCFVcvEsN3HC+b/Y/Ed9e6dWfdiOzdu+9zbjd3QwOsl+wB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABYmH+HWcAAAQDAEcwRQIhAPn59M1/dB3ewPPrquXkTXs3W/A9rgMYvSFFxNOX2TlMAiBGB7mjBwKtlehVwnoXhsSveP3e5yVK/oaOGeRN5fT+dwB1AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABYmH+HycAAAQDAEYwRAIgRlgQ7Oz7WBrGarkR3ISVlrw/nbNGMTyQ6M0uL+H1O+8CIBVNngrr22mWWidPmUGahwRVkPQRSJJwWJ2XP+XLQSe5AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFiYf4gSwAABAMARjBEAiByyE9W0MDGkQDsECFijRHFvEFCUUJ2jFFpkVVxGke0KAIgK1bH13n14rsP4wOX+CuevyMktm/My7cc8BycgtelCCYAdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWJh/iCFAAAEAwBGMEQCIHJ0BOHnMCSR7+3tpZa9aIEHw5gwZEyjVmwPnKhDhImNAiAaqKE2P1/QkIstg9bQnRbh1I5Gv8OOc6jOQE8HdT0TqgB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABYmH+IWUAAAQDAEgwRgIhAMhOH3VfPuMkkRoa2iV1RHqsPfUeOdcqusocS9TKWN2OAiEA58IpUn7ba/u9TwVkvuP+jAwV3r8i3Lk+P8sX4PZk9tkwDQYJKoZIhvcNAQELBQADggIBAIAGYLfaeJk0CCIRbx2dzVy+e3sLYDQ2xsh3avLaQdAirjMCo3T75ovulWBUt/TycHOT+1N1lc91JoH9gtb17MHNHP7PWGGNbykNg+nfUvaeEwgATvf+HYgQw+ndoXai//FMNnwydm+kcycHmE62tr5jkYmAb8HpimkM4aKJrV1uUeSRRLv78gGv4z9PKZUGdSG/9hfAbbM4sBm0Rwl8Zn1Gwu5spr2N/Hm65SlPP7lm0UyP2kISODS2MdUn6dP8u2a0qyatgTLx4+zgfNpMYlaWzd48R9XrMIWCTKy0P7Io3dHzxhafp5uVpWUUysYB+9VvnZk2bJsZDXBz/fE4nKKKz9end3YRR2qACXrqp2EPQtaUgU7gMf987Ouk4KvWA1cIRXkOXKQ6/vZwO+wkSyHleoE4+3fYHP2EOfuJj7gr/8FxFIiv/qZ3W1/gbj+1qeud9ZdfrJtUpV9TFWM+MhCX0JgRsmeFmqpXV2YSNl30uaNhiGOI02dGYwd5yJMAxP9vQOHeBh/9iJqqdiFEittfIs2aBLIsfuUaQbFD4wKvMjXRq6uPp8NaeS/mDIj63G8PDFh6f1aF0cTsAsOf8viwyqNTPGY1AbG7C3gzVVjMd+qf6rw97ChciL8xZ8dxCyYDMqBzLq5Vkxz/UhCsV91ZQ7wLXXhVF7NIM6tk3ulz</wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#id-Body">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>D4vAe0xfjdCyS3ZWm74suRDwd4Y=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-Action">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>ZrXMqWxfMKKh/h/PW3UxU2BJJUo=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-MessageID">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>W0iGiFN7/zT/q9RZsPmjOSUFRGE=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-Timestamp">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>etPoSe7aCA/nsdqcyXw2z+YMYL0=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-To">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>YuTCwpxUXVFx1GuxKnXjC8pr0DA=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>SfkHyRJFwvXrKZtkTLvqfmNulh9H6sJjXih2HDDXKWwueNMg1uLcKQgR2V9UFAkMQGaeyEsOyvs/JzRVOpVK20BuocWbxTdZI3S17Xnw6y87MosGNYU4OWQ8JVkOkqxrG5fTeps3TwOPHpybwXRpgbJiMm9gYvOcGnqmKyvwsXjsaKNxP2mAkJXEamtTMPdIfdEjTibzK9aSrNmoiH+B7xYR1B1f6x5MWGKA61aIrCLQIZrTFI/PzztLDHB/AZLbcnGTm6kh3l5GuG1hEGWPxJBoufqwlNW/lq0o51a8ISWll/oT8II1LLFIA0gSrxxy3rzBoSAgyeIqieFnDguyQQ==</ds:SignatureValue>
        <ds:KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="#Security-Token-c07209cb-a1ef-2922-0000-4a3268f1d48e"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
    <wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-Action">http://logius.nl/digipoort/wus/2.0/aanleverservice/1.2/AanleverService/aanleverenRequest</wsa:Action>
    <wsa:MessageID xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-MessageID">1107-2019-1-5d00ecf8f3f65</wsa:MessageID>
    <wsa:To xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-To">https://cs-bedrijven.procesinfrastructuur.nl/cpl/aanleverservice/1.2</wsa:To>
    <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-Timestamp">
      <wsu:Created>2019-06-12T12:15:53Z</wsu:Created>
      <wsu:Expires>2019-06-12T12:18:53Z</wsu:Expires>
    </wsu:Timestamp>
  </SOAP-ENV:Header>
  <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-Body">
    <ns1:aanleverRequest>
      <ns1:berichtsoort>Aangifte_LH</ns1:berichtsoort>
      <ns1:aanleverkenmerk>1107-2019-1-5d00ecf8f3f65</ns1:aanleverkenmerk>
      <ns1:identiteitBelanghebbende>
        <ns1:nummer>017541736L01</ns1:nummer>
        <ns1:type>LHnr</ns1:type>
      </ns1:identiteitBelanghebbende>
      <ns1:rolBelanghebbende>Inhoudingsplichtige</ns1:rolBelanghebbende>
      <ns1:berichtInhoud>
        <ns1:mimeType>application/gzip</ns1:mimeType>
        <ns1:bestandsnaam>XMLVoorbeeldbericht.gzip</ns1:bestandsnaam>
        <ns1:inhoud>H4sIAAAAAAACA51Y25LaOBB9z1dQvINv3GbKUcokc2GHADUQvJU3g4RxbGRKFpD8/bYkM1iyZ2p356kvR+1Wt9Q6jP/l9yFrnQkrkpx+bjtdu90idJvjhMaf2z9Wj51R+wv65E/znEYRjZMdJy1YQovP7T3nx3vLAq27IVlUcFiDE0IL3qWZVWz35BAVVnWl5drOnWU7beOLMuD97yJ5C3q5XLoXr5uzGNbYjvX39+lSBuwkED+iW9JGn1otf0xYst1zIYM2waAjx7GHHfGljtPpY9sm291o5+0Gfd9SAAX+FvEVDiJ6QBJrDzqOu3J6907/vu/61s2t4F9zyheQNYpoRHHkW28G5V+RbMaQbXvOoO/0eoNRf+hbyqgAr1JehnP4muP51mvF90Q2bHlZRGlKOEqoqFnrDKXxLc0jdmxVtuwH+JDQpOAs4gk5kwdC9yTBZdDpXiTkDPs9Z+gNprbjW9KkvLPDZIGeo+PxT2sR/cHRH9+SpnI3yS98jtKgbJyyqqKB7bw6l0VzOiLszVrBPSQUV3CewpXWK26dZxnBSUzML8mKg28rN1b3ihxzPqXTzWKPvH4fSnXTa6jluooBrYpYsCn98ThH4L6KVfeExjKo47kDOEGlVkU8PIsuBSeeixgVTQPt5+fike1ClqbQsFhCTVt1wZplwXop07qKetZhMA/yHXLdO5F4qRlbX7AnKO9uF+5TAMr9V016wCB8hMvTF9GEWHWGsRZaHOekeGJHJNpfirpflFKsUnW/aiZG2HqezF/3+pZpgMqP4VSyn+eLqElVNTYdxnthdUVuN9UArcgYbpRz5w0kSKkG5onQG0Iot8NpfXg6Idk0PxScUBh0+/wkxumEJoAmmfaR2ekwWSNojBKqrvJSNV00vW8wg+BWw9SBgVMq2icifjqxLPmVCidMFqMJy3yXzMTUdFzX9TxoRmnRYes8ZxkMDFrAeZSyESaJ6eyAVqTgEEEpOgKuBY5EyQfD635Kk46DhGGOCves5nsiRYbkwsJMIMCMFOOEUkIzmNC6VyTIGQpJDMlxVnM+nxJRN4hcSiZgsUUOJBUEUONtzRtCWY8ZCkTLGY4OcHqVRU/R+iBHudv3G3U7UUeY/zkmRuh/eVpEHRiHkyauuZJ071d48xgWhSgl0z0mxxVGY+FXogEI5ugO/sAfzA3fhOLgzKbpeX7CLKRoJm6xbnpnQRAbcGl4B/wtHke75UbDX23vLHk+1r5QmmoLpvuXnPESWio6aLpZRRsYjHCrlViLAbMa/SUDhE1FCsOrN6w7f16dPxucYZxhqOQribMyw6rFbKWYii+ikcZ4VLHWUTq+lkTJNcgyGDolQopNAPcGcJsAtvcGAFG7EB8deX8Jwzdn8PQk2zxmOTn+/wsBkVCvB/dBCP/9lVswsfCR4qLy2FWMzW9eVxCihmfvw335IWEpJQeYDzGJ4emhZniNEdXpkES8sSGTCl3J0C5/I0O7vLYcjvR4jORyJRoPBZwVGM6CtihJd8+P8SvQ19LnjgCnm3T4w2/OlpEMdxUb41VwhsVMf0KfMgxkyBl2XUGJS4MOCxmeUhFMCWaM+YWlqgJSMgoA3eFMHjRRhJtmnv4br+wKbtZALQ2e1x28Q/Ukrsr0up4gA81Mr8r1ut6oge6JH1YVqtXEsyQnLGmW3e2PBF/bN2AYFllIPlyW86ab0JTKL71BK7rRgPP0CBNNdqAUGwGrXANJ1bjfJClkJ5VQayQL2OaF8bKRV80gHhHl4Mx+CNRNMaYtZ1ueUbh4NqCuWj2Q9JwYoYswRc6opyJqVqNRBLNXyl8Kfha0Qd6Amk0n1h/MkMrQfZ+5CgLY+LMNeHL9d6NgPc2/Un3tnwPo0z8J+fSLjRAAAA==</ns1:inhoud>
      </ns1:berichtInhoud>
      <ns1:autorisatieAdres>http://geenausp.nl</ns1:autorisatieAdres>
    </ns1:aanleverRequest>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Body>
    <soapenv:Fault>
      <faultcode>soapenv:Server</faultcode>
      <faultstring>Algemene fout</faultstring>
      <faultactor>Procesinfrastructuur</faultactor>
      <detail>
        <fault:aanleverFault xmlns:fault="http://logius.nl/digipoort/koppelvlakservices/1.2/">
          <fault:foutcode>ALS100</fault:foutcode>
          <fault:foutbeschrijving>Het verzoek voldoet niet aan de koppelvlakspecificaties en kan hierdoor niet door Digipoort worden verwerkt.

De volgende fout is opgetreden: 

security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault ocurred while running action: [email protected]06</fault:foutbeschrijving>
        </fault:aanleverFault>
      </detail>
    </soapenv:Fault>
  </soapenv:Body>
</soapenv:Envelope>

Can the error be due to the way it is calling the function? Underneath the constructor is filled with some params like crypto_method and ciphers. Would it be possible that a fault param causes such an error?

$options = array(
    'ssl_method'            => SOAP_SSL_METHOD_TLS,
    'cache_wsdl'            => WSDL_CACHE_NONE,
    'trace'                 => true,
    'soap_version'          => SOAP_1_1,
    'passphrase'            => $password,
    'local_cert'            => $ClientCertFile,
    'public_cert'           => $PublicCertFile,
    'output_canonicalize'   => false,
    'output_last_request'   => false,
    'wsa'   => array    (
            'Action' => 'http://logius.nl/digipoort/wus/2.0/aanleverservice/1.2/AanleverService/aanleverenRequest',
            //'ReplyTo' => 'http://www.w3.org/2005/08/addressing/anonymous',
            'MessageID' => $MessageID,
            'To' => 'https://cs-bedrijven.procesinfrastructuur.nl/cpl/aanleverservice/1.2',
    ),
    'stream_context'        => stream_context_create(   array   (
            'ssl'   => array(
                    'crypto_method'         =>  STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
                    'ciphers'               => 'AES128-GCM-SHA:AES256-SHA:AES128-SHA',
                    'verify_peer'           => false,
                    'verify_peer_name'      => false, 
                    'allow_self_signed'     => true
            )
        )
    )); 

//
$client = new Inno3DSoapClient($wsdl, $options);        

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.