The following describes the format for signed signature requests to be used with the Signed Request Authorizer. Signed signature requests can be created using the SignClient/Client CLI signdocument Command or by following the format detailed below.

Signed Signature Request

The meaning of a Signed Signature Request here is a request intended for one of the workers in SignServer and which is protected by an extra request metadata field called SIGNED_REQUEST containing a signature in the format described here.

Format

The value of the SIGNED_REQUEST metadata property is a JSON Web Signature (JWS) in compact serialization and with a payload format as in JSON Web Token (JWT).

JWS Header Parameters

typ

Type indicating that this is a Signed Signature Request according to this specification.

Fixed value: "http://signserver.org/specs/signedrequest/1.0"

x5c

JSON array of base64 encoded X.509 certificates starting with the certificate of the signer that signed this JWS and followed by the certificate of its issuer, and so on.

Refer to Section 4.1.6 of RFC 7515.

alg

Signature algorithm for the JWS Signature.

Refer to Section 4.1.1 of RFC 7515

JWS Payload

The payload is a JSON object with keys and values.

A key is either a request field name or prefixed with "meta." followed by a request metadata key.

The value is the hash of the field or metadata value.

KeyDescription
workerNameHash of the worker name in hexadecimal encoding, if provided in the request.
workerIdHash of the worker ID in hexadecimal encoding, if provided in the request.
dataHash of the data field or file upload, in hexadecimal encoding.
FILENAME and/or meta.FILENAMEHash of the file name in hexadecimal encoding, if provided. If both FILENAME and meta.FILENAME are provided they must be the same.

JWS Signature

Using algorithm declared in the JWS Header Parameter alg.

Algorithms

Signature algorithms should be using RSA or ECDSA and follow RFC 7518.

The digest algorithm used for hashing in the JWS Payload should be the same as the hash algorithm in the signature algorithm. For example, if ES256 (SHA256withECDSA) is used as signature algorithm then the hash algorithm SHA-256 should be used for every hash in the JWS Payload.

Signing

Follow the steps below to sign:

  1. Construct a key-value map that will be used as the payload in the signature.
    1. To the map, add the key "data" with the value set to the hexadecimal encoded hash of the input data field or file upload.
    2. To the map, add the key "workerName" or "workerId" with the hexadecimal encoded hash of the string value of the workerName or workerId.
    3. If there is a filename provided with the request it must be included in the request metadata and added to the map the key "FILENAME" with the hexadecimal encoded hash of the string value of the file name.
    4. For each request metadata entry, to the map add the key from the metadata entry prefixed with "meta." and the value set to the hexadecimal encoded hash of the request metadata entry value.
  2. Create and sign using JWS:
    1. Set the header parameter "typ" to "http://signserver.org/specs/signedrequest/1.0".
    2. Set the header parameter "x5c" to a list of base64 ((warning) not base64url) encoded certificates making up the certificate chain with the end entity certificate first.
    3. Add the payload key-values with the same structure as JWT claims.
    4. Sign using the private key and use a signature algorithm allowed by the JWT specification.
    5. Finally, encode using JWS Compact Serialization.
  3. Store the signature value in the request metadata as "SIGNED_REQUEST".

Verification

Follow the steps below to verify:

  1. Extract the SIGNED_REQUEST request metadata property value or if missing fail.
  2. Parse the JWS and fail if not signed.
  3. Extract the certificate chain from the "x5c" header parameter.
  4. Perform certificate chain validation and if required certificate revocation checks.
  5. If the certificate was successfully validated and trusted, use the public key of the end entity certificate to verify the signature of the JWS, otherwise fail.
  6. Verify that the header parameter "typ" has the value "http://signserver.org/specs/signedrequest/1.0", otherwise fail.
  7. Extract the payload key-value pairs/claims.
  8. For each key-value pair that starts with "meta." calculate the hash value for the corresponding request metadata property value and check that it is the same, otherwise fail.
  9. For each request metadata property check that there is a corresponding key-value prefixed with "meta.". If it is FILENAME then compare its hash with the key-value FILENAME. If it is any other property that is missing, fail.
  10. Check that if both FILENAME and meta.FILENAME are present they are the same, otherwise fail.
  11. Check that if FILENAME is present in the key-values, its hash matches, otherwise fail.
  12. If there is a workerName in the key-values, check that its hash matches the workerName in the request, otherwise fail.
  13. If there is a workerId in the key-values, check that its hash matches the workerId in the request, otherwise fail.
  14. Calculate the hash of the request data field or file upload and check that it equals the expected hash in the key-value pair "data", otherwise fail.

Examples

The following provides two examples of signed signature requests for signing a file and providing some request metadata, one example using the HTTP protocol and the other example using ClientWS protocol (SOAP/WS). 

Example 1 - Using HTTP Protocol

Example of a signed signature request for signing a file using HTTP protocol and providing some request metadata as well with the request.

SignClient Command

bin/signclient signdocument -workername CMSSigner \
                            -infile document.txt -metadata key1=value2 -metadata key2=value2 \
                            -signrequest -keystore res/test/dss10/dss10_admin1.p12 \
                            -nohttps
CODE

(warning) The "-nohttps" is only used here to more easily capture the request with Wireshark/tcpdump.

Full HTTP Request

POST /signserver/process HTTP/1.1
Content-Type: multipart/form-data; boundary=------------------signserver
User-Agent: Java/11.0.13
Host: localhost:8080
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 6268

--------------------signserver
Content-Disposition: form-data; name="workerName"

CMSSigner
--------------------signserver
Content-Disposition: form-data; name="REQUEST_METADATA.key1"

value1
--------------------signserver
Content-Disposition: form-data; name="REQUEST_METADATA.key2"

value2
--------------------signserver
Content-Disposition: form-data; name="REQUEST_METADATA.SIGNED_REQUEST"

eyJ0eXAiOiJKV1QiLCJ4NWMiOlsiTUlJRWlUQ0NBbkdnQXdJQkFnSUlCeU5RZUJYNU16TXdEUVlKS29aSWh2Y05BUUVMQlFBd1RURVhNQlVHQTFVRUF3d09SRk5USUZKdmIzUWdRMEVnTVRBeEVEQU9CZ05WQkFzTUIxUmxjM1JwYm1jeEV6QVJCZ05WQkFvTUNsTnBaMjVUWlhKMlpYSXhDekFKQmdOVkJBWVRBbE5GTUI0WERURTFNVEl4TVRBNU1qTTFOVm9YRFRJMU1USXhNVEE1TWpNMU5Wb3dPekVTTUJBR0ExVUVBd3dKUVdSdGFXNGdUMjVsTVJnd0ZnWURWUVFLREE5VGFXZHVVMlZ5ZG1WeUlFUmxiVzh4Q3pBSkJnTlZCQVlUQWxORk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbjZsTGRWd1pnZHVMeFVGOWtJNUJzUktjdVgwdGRaNVRZYjlUejBoQ09vaHBhQ0xUQTA5UlBqcXoxSEtEOCthTzBqUkN0Z0ZjMCtGMWg1MkhDSkR6WnI2UXdOWHlMV3RFNVhEcVVQMmJsRUx3bzByUVpaRWlHbU5rMXRvbFNVUjNYZXExSDIwZ2Q4b3NTNGVKRVdJZXErcmwvcmU2eTllbUNOUmZEK0RVMTVuU1lnSnNhdXp3TTVwTkg4MDk3T0YxaTdzdXdaWURrR0h0VVMxcmFNT1lxb3RMZTRsRTZPbGJFOEZUelZQS3k0VXNSWEJzV0FDazRINjFUZ2JmbnVWbi80MThIWnowWFBkUUd0NmpLZU14bVV4NXNZUStkRElzdDQ0bWM3NW5jQlpYOXM4S1VlS3N3Nlg0bFYydFYwT1ptdXJHRW9LTkRPcVBHU3IxeFRYQlFRSURBUUFCbzM4d2ZUQWRCZ05WSFE0RUZnUVVjdEdmUElHRmZGa0FIUFpRUzk5ZFd2dHFJZ0V3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlFnZWlIZTZLMjdBcWo3Y1Zpa0NXSzUyRmdGb2pBT0JnTlZIUThCQWY4RUJBTUNCZUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdJR0NDc0dBUVVGQndNRU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQjdhZDYvd241Z1ltci84bHNBZThsVlduRFJPRkJ2VkZJakozZDhFNnhwM1FZUWpQUDJKbmhaRGNUV2ZNZVlSQjhZalZYWGJOZDRxcW1lY3QzVHpydmZGbEkvLzNzR25oZ1FDSng3ZHAvYzI1dkJybGxMVTJwWDRseHNma05RMUo3bE9MYW9La3YzQkw3bGc5MFdVWjRWem93NzN6Nm5pZmlRRVB0U21ZTzFVZjE0UjRDcDNsQVkxbFdWSUZhOTd3azhueTJqRk1sSEZHR1pzSnBmV3pkaWxUWkN2UTFHSGZiakRVV1JIM3dvMGJsTWo2VTdhZm1uNVB1dHJsTjdyYWdNSWFZZGZjRDlSSXJ0UUNDdGdyazRjWXhBVEtUR0QxSmpwdFVKSHRTblF1ZktaY2FkcmkwZG96SUFjdXpSMy91b1ZrLzVLYkZqdm84czM5NlNsZTA4THc4a1Bac3ZRK0FyUzZEMDBjQ1EvU05SUzVmMmJmS1p6QUw3Z05sYjdRZ2VERFRySmFzY2djc2dPYlVIYVpaejZ4V0kySnhuRGZkTDM1TDBVTXBrWGlKeWxEOHZuZzZuMXJ1WmNVenpXWnlQbzlwRHo2Z3FvMS9mSXRmL1NJb1ZYM3FTMGVHRkZFeHFvd0pJdWRjOTNGemNKaU5hY2I1V25DOVdNRE1BZzJuTFEvK1kranFqMGFGZWF6Z0hBeDNuNktWTnFaZjhXR2RBWG15OUpNZytDU25FSEdOaHBuVW9RTUp0SXB2RzVqL01FV2J5RHpZZzlGVHVDVEZka2NXa3d2amxQSWV4Qm9ndHZiaDJ3dFZaWmlvSW1vRzJLQ2NqTWxOYzNIVmU0Skg3RHptWmtyUW9SWE5DRXVnWjZ0OG1XYTZuUFBodzluRm9aVDh1Q29vTVpRPT0iLCJNSUlGZnpDQ0EyZWdBd0lCQWdJSU1rMUJPSzhDd1R3d0RRWUpLb1pJaHZjTkFRRUxCUUF3VFRFWE1CVUdBMVVFQXd3T1JGTlRJRkp2YjNRZ1EwRWdNVEF4RURBT0JnTlZCQXNNQjFSbGMzUnBibWN4RXpBUkJnTlZCQW9NQ2xOcFoyNVRaWEoyWlhJeEN6QUpCZ05WQkFZVEFsTkZNQjRYRFRFeE1EVXlOekE0TVRReU4xb1hEVE0yTURVeU56QTRNVFF5TjFvd1RURVhNQlVHQTFVRUF3d09SRk5USUZKdmIzUWdRMEVnTVRBeEVEQU9CZ05WQkFzTUIxUmxjM1JwYm1jeEV6QVJCZ05WQkFvTUNsTnBaMjVUWlhKMlpYSXhDekFKQmdOVkJBWVRBbE5GTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFnYmxnalRUa01wMVFBaGdXRHByaHZxRTl6WDFVeC9BL1JUT3U0RzRmNkNUa2Q2SkVFa2JkS1p2K0NLdjRjUm9WQ3RmTzN3bk9va0ZSdy8xSk1tSEhpUTFaLy91RG9Eam84ams4bmVrMEFyRkU5UjVOVDAyd01KQ1FhL21QMXdVOVpTbDF0eDNqUVJVRkIrclROZUNjUFRmdCsxRkw3VWpZTWRrUnpsMjYxSU9sbVh6RE1BK0VZSUdKMmMyd1loT3YyRHFmUXlnTno1R09mMEVGcWxRWkl0L3B6b3BTUyswSzhtTmI1M1JPaGc5R0p1and6dWdTSDVaK3IwZnNWSGJDVjBRVWtaQmZrUm85S01jZGFERVBhOHhwWVRqc0ZQcVU2UmNuR2tWQUJobjhPUzhTSVd3MnJlMWYraHRqNnA5RUdiazFtMEk5cFdHQkE5a3RXbnJxbHFEWFYrdEVoaGgxTzRmK0xIaWVveGlzY3JGN1JYeGxZcXlhbTZvYWJmWHNYM1ZBQzBNMVVrd0ljaUU4d0ExU2ovK2Rnb1NNcXZFRE5EZndwRVl0Nmw4WjhjekRUV0RpN01NMnU1VlkwblAzK0ErUGVwS3JPdHJkYUdTUDM5NmY0YTdBM3VuMW82blFXSHN5V1E3a2M4R0luOHpONW55a1FhZ2hHeVlsSEhZZTFYVVNQdEhteGpiZHN5enRya0lpczNjZmpGbmUwWGdQQWlRdVl4M1QvQitwbzlCaEdJVXdDVjBRaS9nV1ZONk5reWRzYnpNZVJYRUxRWXlLK2xIZ0lHaUVhQnpRUlJ0WGJuQit3UVhpMklhY0pOZEtxSUN3RHNsL1B2dmNaSTlaVjZwQi9LSXpCKzhJSm0wQ0xZMjRLME9YSnMzQnFpajhnbXB2YkkrbzB3VUNBd0VBQWFOak1HRXdIUVlEVlIwT0JCWUVGQ0I2SWQ3b3Jic0NxUHR4V0tRSllybllXQVdpTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SHdZRFZSMGpCQmd3Rm9BVUlIb2gzdWl0dXdLbyszRllwQWxpdWRoWUJhSXdEZ1lEVlIwUEFRSC9CQVFEQWdHR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQXhGdnBPWkY2S29sNDhjUWVLV1E0OFZBZStoNWRteUtNZkRMRFpYNTFJUnpmS0tzSExwRlB4ekdOdzR0OVV2NFlPUjBDRDl6ODFkUitjOTN0MWx3d0lwS2J4OVFtcThqVmlIRUhLWUQ5RlhUaE0rY1Zwc1QyNXBnMzVtM09OZVVYL2IrK2wyZCsyUU5OVFdNdmRzQ3RhUWR5YlpxYllGSWswSWpQd0xMcWRzQThJbzYwa3VFUzRKblFhaFBkTGtmbTcwcmdBZG1SRG96T2ZTRGFhV0hZMjBEb3ZrZnZLVVlqUFI2TUdBUEQ1dzlkRWI0d3AvWmpBVGJseVpuSCtMVGZsd2ZmdFVBb25tQXc0NkUwWmdnMTQzc082UmZPT25id2pYRWMrS1hkL0tRNmtUUTU2MG1seVJkNnE3RUlEWVJmRDRuNGFnS1YyUjVndlZQaE1EMCtJSzdrYWdxS05mV2E5ejhVZTJOM01lZHlXbmI5d3Y0d0M2OXFGbmRHYUlmWUFEa1V5a29PeUxzVlZ0ZUo3MFBWSlBYTzdzNjZMdWNmRDJSMHdvMk1wdU9ZQ3NUT203SEhTK3VaOVZqSGwycVEwWlFHODlYbitBWG56UGJrMUlOZTJ6MGxxM2h6Q1c1RFRZQktzSkVleEVyek1wTHdpRXFVWUpVZlI5RWVDTThVUE10TFNxejF1dGRQb0lZaFVMR3p0NWxTSkVwTUhNYnF1WWZXSnhRaUtDYnZmeFFzUDVkTFVNRUlxVGdqTmRvOThPbE03Wjd6allIOUtpbXozd2dBS1NBSW9RWnI3T3kxZE1ITzVHSzRqQnRaOHdnc3l5UTZEelFRN1I2OFhGVkthcklXOFNBVGV5dWJBUCtXamRNd2svWlh6c0RqTVpFdEVOYUJYekFlZllBPT0iXSwiYWxnIjoiUlMyNTYifQ.eyJtZXRhLmtleTIiOiIwNTM3ZDQ4MWY3M2E3NTczMzQzMjgwNTJkYTNhZjk2MjZjZWQ5NzAyOGUyMGI4NDlmNjExNWMyMmNkNzY1MTk3Iiwid29ya2VySWQiOiI1ZmVjZWI2NmZmYzg2ZjM4ZDk1Mjc4NmM2ZDY5NmM3OWMyZGJjMjM5ZGQ0ZTkxYjQ2NzI5ZDczYTI3ZmI1N2U5IiwiZGF0YSI6ImMxOGNlOWFjYWFhOTUzNWExMTlmNDhlNjg3MTNjMzQwYTk5MTEzMDU2ZmExNTkyYTU5MGIyMmU5OWI3YzUwZDMiLCJtZXRhLmtleTEiOiIzYzk2ODMwMTdmOWU0YmYzM2QwZmJlZGQyNmJmMTQzZmQ3MmRlOWI5ZGQxNDU0NDFiNzVmMDYwNDA0N2VhMjhlIiwid29ya2VyTmFtZSI6IjQ4Y2ZjN2Q4MDU3MmMxNDVmMzRmNzlmNzY5NWQ2N2ZmMTVhZmNhYjUxMmZiZjY4YmMwNGYyMmU5NTdiNmY0YmMiLCJGSUxFTkFNRSI6ImQ1NzQ1MTIyNWQ2ODI0OTI0ZjU5M2M5YTBmNDllN2Q1ODBkNjAzYTExZjFmMTRmMjdjNTlkYTVjMWI5MGM4NmIifQ.NfTY76qDO3vOue-9AbL6ywf8q5hSNnJJerbBhuWnw6GFza4YY9CufZBJc-Xmuze0ZJRQBJNwFaPnZFPRwGx0IYknLemPBMprKuqs9M8M97mF27Du15a96MXG8Zg2E4ldMrVcXYRIAtHfW5S0JHxK8cpGn3PLCgE6WrkcPJS2vV0mvr4ih-Lmiiiyln-BRXVta-gtAeEK18Yezx4HWpxi-1iCVuJLA9tQbH3qAr3UQMlfpKN8DiNBH1hpnBi6gSKy1Zal7UDcasnSwursED3crFMY77JoNzmC3Pz3T4KbERrKvrA67xWgZlq5m1lkECh_BlbeHTWpi1LfjuM7YAV__g
--------------------signserver
Content-Disposition: form-data; name="datafile"; filename="document.txt"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary

My document to be signed

--------------------signserver--
CODE

Metadata Property

SIGNED_REQUEST=eyJ0eXAiOiJKV1QiLCJ4NWMiOlsiTUlJRWlUQ0NBbkdnQXdJQkFnSUlCeU5RZUJYNU16TXdEUVlKS29aSWh2Y05BUUVMQlFBd1RURVhNQlVHQTFVRUF3d09SRk5USUZKdmIzUWdRMEVnTVRBeEVEQU9CZ05WQkFzTUIxUmxjM1JwYm1jeEV6QVJCZ05WQkFvTUNsTnBaMjVUWlhKMlpYSXhDekFKQmdOVkJBWVRBbE5GTUI0WERURTFNVEl4TVRBNU1qTTFOVm9YRFRJMU1USXhNVEE1TWpNMU5Wb3dPekVTTUJBR0ExVUVBd3dKUVdSdGFXNGdUMjVsTVJnd0ZnWURWUVFLREE5VGFXZHVVMlZ5ZG1WeUlFUmxiVzh4Q3pBSkJnTlZCQVlUQWxORk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbjZsTGRWd1pnZHVMeFVGOWtJNUJzUktjdVgwdGRaNVRZYjlUejBoQ09vaHBhQ0xUQTA5UlBqcXoxSEtEOCthTzBqUkN0Z0ZjMCtGMWg1MkhDSkR6WnI2UXdOWHlMV3RFNVhEcVVQMmJsRUx3bzByUVpaRWlHbU5rMXRvbFNVUjNYZXExSDIwZ2Q4b3NTNGVKRVdJZXErcmwvcmU2eTllbUNOUmZEK0RVMTVuU1lnSnNhdXp3TTVwTkg4MDk3T0YxaTdzdXdaWURrR0h0VVMxcmFNT1lxb3RMZTRsRTZPbGJFOEZUelZQS3k0VXNSWEJzV0FDazRINjFUZ2JmbnVWbi80MThIWnowWFBkUUd0NmpLZU14bVV4NXNZUStkRElzdDQ0bWM3NW5jQlpYOXM4S1VlS3N3Nlg0bFYydFYwT1ptdXJHRW9LTkRPcVBHU3IxeFRYQlFRSURBUUFCbzM4d2ZUQWRCZ05WSFE0RUZnUVVjdEdmUElHRmZGa0FIUFpRUzk5ZFd2dHFJZ0V3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlFnZWlIZTZLMjdBcWo3Y1Zpa0NXSzUyRmdGb2pBT0JnTlZIUThCQWY4RUJBTUNCZUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdJR0NDc0dBUVVGQndNRU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQjdhZDYvd241Z1ltci84bHNBZThsVlduRFJPRkJ2VkZJakozZDhFNnhwM1FZUWpQUDJKbmhaRGNUV2ZNZVlSQjhZalZYWGJOZDRxcW1lY3QzVHpydmZGbEkvLzNzR25oZ1FDSng3ZHAvYzI1dkJybGxMVTJwWDRseHNma05RMUo3bE9MYW9La3YzQkw3bGc5MFdVWjRWem93NzN6Nm5pZmlRRVB0U21ZTzFVZjE0UjRDcDNsQVkxbFdWSUZhOTd3azhueTJqRk1sSEZHR1pzSnBmV3pkaWxUWkN2UTFHSGZiakRVV1JIM3dvMGJsTWo2VTdhZm1uNVB1dHJsTjdyYWdNSWFZZGZjRDlSSXJ0UUNDdGdyazRjWXhBVEtUR0QxSmpwdFVKSHRTblF1ZktaY2FkcmkwZG96SUFjdXpSMy91b1ZrLzVLYkZqdm84czM5NlNsZTA4THc4a1Bac3ZRK0FyUzZEMDBjQ1EvU05SUzVmMmJmS1p6QUw3Z05sYjdRZ2VERFRySmFzY2djc2dPYlVIYVpaejZ4V0kySnhuRGZkTDM1TDBVTXBrWGlKeWxEOHZuZzZuMXJ1WmNVenpXWnlQbzlwRHo2Z3FvMS9mSXRmL1NJb1ZYM3FTMGVHRkZFeHFvd0pJdWRjOTNGemNKaU5hY2I1V25DOVdNRE1BZzJuTFEvK1kranFqMGFGZWF6Z0hBeDNuNktWTnFaZjhXR2RBWG15OUpNZytDU25FSEdOaHBuVW9RTUp0SXB2RzVqL01FV2J5RHpZZzlGVHVDVEZka2NXa3d2amxQSWV4Qm9ndHZiaDJ3dFZaWmlvSW1vRzJLQ2NqTWxOYzNIVmU0Skg3RHptWmtyUW9SWE5DRXVnWjZ0OG1XYTZuUFBodzluRm9aVDh1Q29vTVpRPT0iLCJNSUlGZnpDQ0EyZWdBd0lCQWdJSU1rMUJPSzhDd1R3d0RRWUpLb1pJaHZjTkFRRUxCUUF3VFRFWE1CVUdBMVVFQXd3T1JGTlRJRkp2YjNRZ1EwRWdNVEF4RURBT0JnTlZCQXNNQjFSbGMzUnBibWN4RXpBUkJnTlZCQW9NQ2xOcFoyNVRaWEoyWlhJeEN6QUpCZ05WQkFZVEFsTkZNQjRYRFRFeE1EVXlOekE0TVRReU4xb1hEVE0yTURVeU56QTRNVFF5TjFvd1RURVhNQlVHQTFVRUF3d09SRk5USUZKdmIzUWdRMEVnTVRBeEVEQU9CZ05WQkFzTUIxUmxjM1JwYm1jeEV6QVJCZ05WQkFvTUNsTnBaMjVUWlhKMlpYSXhDekFKQmdOVkJBWVRBbE5GTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFnYmxnalRUa01wMVFBaGdXRHByaHZxRTl6WDFVeC9BL1JUT3U0RzRmNkNUa2Q2SkVFa2JkS1p2K0NLdjRjUm9WQ3RmTzN3bk9va0ZSdy8xSk1tSEhpUTFaLy91RG9Eam84ams4bmVrMEFyRkU5UjVOVDAyd01KQ1FhL21QMXdVOVpTbDF0eDNqUVJVRkIrclROZUNjUFRmdCsxRkw3VWpZTWRrUnpsMjYxSU9sbVh6RE1BK0VZSUdKMmMyd1loT3YyRHFmUXlnTno1R09mMEVGcWxRWkl0L3B6b3BTUyswSzhtTmI1M1JPaGc5R0p1and6dWdTSDVaK3IwZnNWSGJDVjBRVWtaQmZrUm85S01jZGFERVBhOHhwWVRqc0ZQcVU2UmNuR2tWQUJobjhPUzhTSVd3MnJlMWYraHRqNnA5RUdiazFtMEk5cFdHQkE5a3RXbnJxbHFEWFYrdEVoaGgxTzRmK0xIaWVveGlzY3JGN1JYeGxZcXlhbTZvYWJmWHNYM1ZBQzBNMVVrd0ljaUU4d0ExU2ovK2Rnb1NNcXZFRE5EZndwRVl0Nmw4WjhjekRUV0RpN01NMnU1VlkwblAzK0ErUGVwS3JPdHJkYUdTUDM5NmY0YTdBM3VuMW82blFXSHN5V1E3a2M4R0luOHpONW55a1FhZ2hHeVlsSEhZZTFYVVNQdEhteGpiZHN5enRya0lpczNjZmpGbmUwWGdQQWlRdVl4M1QvQitwbzlCaEdJVXdDVjBRaS9nV1ZONk5reWRzYnpNZVJYRUxRWXlLK2xIZ0lHaUVhQnpRUlJ0WGJuQit3UVhpMklhY0pOZEtxSUN3RHNsL1B2dmNaSTlaVjZwQi9LSXpCKzhJSm0wQ0xZMjRLME9YSnMzQnFpajhnbXB2YkkrbzB3VUNBd0VBQWFOak1HRXdIUVlEVlIwT0JCWUVGQ0I2SWQ3b3Jic0NxUHR4V0tRSllybllXQVdpTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SHdZRFZSMGpCQmd3Rm9BVUlIb2gzdWl0dXdLbyszRllwQWxpdWRoWUJhSXdEZ1lEVlIwUEFRSC9CQVFEQWdHR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQXhGdnBPWkY2S29sNDhjUWVLV1E0OFZBZStoNWRteUtNZkRMRFpYNTFJUnpmS0tzSExwRlB4ekdOdzR0OVV2NFlPUjBDRDl6ODFkUitjOTN0MWx3d0lwS2J4OVFtcThqVmlIRUhLWUQ5RlhUaE0rY1Zwc1QyNXBnMzVtM09OZVVYL2IrK2wyZCsyUU5OVFdNdmRzQ3RhUWR5YlpxYllGSWswSWpQd0xMcWRzQThJbzYwa3VFUzRKblFhaFBkTGtmbTcwcmdBZG1SRG96T2ZTRGFhV0hZMjBEb3ZrZnZLVVlqUFI2TUdBUEQ1dzlkRWI0d3AvWmpBVGJseVpuSCtMVGZsd2ZmdFVBb25tQXc0NkUwWmdnMTQzc082UmZPT25id2pYRWMrS1hkL0tRNmtUUTU2MG1seVJkNnE3RUlEWVJmRDRuNGFnS1YyUjVndlZQaE1EMCtJSzdrYWdxS05mV2E5ejhVZTJOM01lZHlXbmI5d3Y0d0M2OXFGbmRHYUlmWUFEa1V5a29PeUxzVlZ0ZUo3MFBWSlBYTzdzNjZMdWNmRDJSMHdvMk1wdU9ZQ3NUT203SEhTK3VaOVZqSGwycVEwWlFHODlYbitBWG56UGJrMUlOZTJ6MGxxM2h6Q1c1RFRZQktzSkVleEVyek1wTHdpRXFVWUpVZlI5RWVDTThVUE10TFNxejF1dGRQb0lZaFVMR3p0NWxTSkVwTUhNYnF1WWZXSnhRaUtDYnZmeFFzUDVkTFVNRUlxVGdqTmRvOThPbE03Wjd6allIOUtpbXozd2dBS1NBSW9RWnI3T3kxZE1ITzVHSzRqQnRaOHdnc3l5UTZEelFRN1I2OFhGVkthcklXOFNBVGV5dWJBUCtXamRNd2svWlh6c0RqTVpFdEVOYUJYekFlZllBPT0iXSwiYWxnIjoiUlMyNTYifQ.eyJtZXRhLmtleTIiOiIwNTM3ZDQ4MWY3M2E3NTczMzQzMjgwNTJkYTNhZjk2MjZjZWQ5NzAyOGUyMGI4NDlmNjExNWMyMmNkNzY1MTk3Iiwid29ya2VySWQiOiI1ZmVjZWI2NmZmYzg2ZjM4ZDk1Mjc4NmM2ZDY5NmM3OWMyZGJjMjM5ZGQ0ZTkxYjQ2NzI5ZDczYTI3ZmI1N2U5IiwiZGF0YSI6ImMxOGNlOWFjYWFhOTUzNWExMTlmNDhlNjg3MTNjMzQwYTk5MTEzMDU2ZmExNTkyYTU5MGIyMmU5OWI3YzUwZDMiLCJtZXRhLmtleTEiOiIzYzk2ODMwMTdmOWU0YmYzM2QwZmJlZGQyNmJmMTQzZmQ3MmRlOWI5ZGQxNDU0NDFiNzVmMDYwNDA0N2VhMjhlIiwid29ya2VyTmFtZSI6IjQ4Y2ZjN2Q4MDU3MmMxNDVmMzRmNzlmNzY5NWQ2N2ZmMTVhZmNhYjUxMmZiZjY4YmMwNGYyMmU5NTdiNmY0YmMiLCJGSUxFTkFNRSI6ImQ1NzQ1MTIyNWQ2ODI0OTI0ZjU5M2M5YTBmNDllN2Q1ODBkNjAzYTExZjFmMTRmMjdjNTlkYTVjMWI5MGM4NmIifQ.NfTY76qDO3vOue-9AbL6ywf8q5hSNnJJerbBhuWnw6GFza4YY9CufZBJc-Xmuze0ZJRQBJNwFaPnZFPRwGx0IYknLemPBMprKuqs9M8M97mF27Du15a96MXG8Zg2E4ldMrVcXYRIAtHfW5S0JHxK8cpGn3PLCgE6WrkcPJS2vV0mvr4ih-Lmiiiyln-BRXVta-gtAeEK18Yezx4HWpxi-1iCVuJLA9tQbH3qAr3UQMlfpKN8DiNBH1hpnBi6gSKy1Zal7UDcasnSwursED3crFMY77JoNzmC3Pz3T4KbERrKvrA67xWgZlq5m1lkECh_BlbeHTWpi1LfjuM7YAV__g
CODE

Decoded

Header:

{   
  "typ": "http://signserver.org/specs/signedrequest/1.0",
  "x5c": [
    "MIIEiTCCAnGgAwIBAgIIByNQeBX5MzMwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTE1MTIxMTA5MjM1NVoXDTI1MTIxMTA5MjM1NVowOzESMBAGA1UEAwwJQWRtaW4gT25lMRgwFgYDVQQKDA9TaWduU2VydmVyIERlbW8xCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6lLdVwZgduLxUF9kI5BsRKcuX0tdZ5TYb9Tz0hCOohpaCLTA09RPjqz1HKD8+aO0jRCtgFc0+F1h52HCJDzZr6QwNXyLWtE5XDqUP2blELwo0rQZZEiGmNk1tolSUR3Xeq1H20gd8osS4eJEWIeq+rl/re6y9emCNRfD+DU15nSYgJsauzwM5pNH8097OF1i7suwZYDkGHtUS1raMOYqotLe4lE6OlbE8FTzVPKy4UsRXBsWACk4H61TgbfnuVn/418HZz0XPdQGt6jKeMxmUx5sYQ+dDIst44mc75ncBZX9s8KUeKsw6X4lV2tV0OZmurGEoKNDOqPGSr1xTXBQQIDAQABo38wfTAdBgNVHQ4EFgQUctGfPIGFfFkAHPZQS99dWvtqIgEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQB7ad6/wn5gYmr/8lsAe8lVWnDROFBvVFIjJ3d8E6xp3QYQjPP2JnhZDcTWfMeYRB8YjVXXbNd4qqmect3TzrvfFlI//3sGnhgQCJx7dp/c25vBrllLU2pX4lxsfkNQ1J7lOLaoKkv3BL7lg90WUZ4Vzow73z6nifiQEPtSmYO1Uf14R4Cp3lAY1lWVIFa97wk8ny2jFMlHFGGZsJpfWzdilTZCvQ1GHfbjDUWRH3wo0blMj6U7afmn5PutrlN7ragMIaYdfcD9RIrtQCCtgrk4cYxATKTGD1JjptUJHtSnQufKZcadri0dozIAcuzR3/uoVk/5KbFjvo8s396Sle08Lw8kPZsvQ+ArS6D00cCQ/SNRS5f2bfKZzAL7gNlb7QgeDDTrJascgcsgObUHaZZz6xWI2JxnDfdL35L0UMpkXiJylD8vng6n1ruZcUzzWZyPo9pDz6gqo1/fItf/SIoVX3qS0eGFFExqowJIudc93FzcJiNacb5WnC9WMDMAg2nLQ/+Y+jqj0aFeazgHAx3n6KVNqZf8WGdAXmy9JMg+CSnEHGNhpnUoQMJtIpvG5j/MEWbyDzYg9FTuCTFdkcWkwvjlPIexBogtvbh2wtVZZioImoG2KCcjMlNc3HVe4JH7DzmZkrQoRXNCEugZ6t8mWa6nPPhw9nFoZT8uCooMZQ==",
    "MIIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/RTOu4G4f6CTkd6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02wMJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzDMA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9GJujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVABhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvEDNDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cfjFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHgIGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0CLY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7orbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUIHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfKKsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9FXThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPwLLqdsA8Io60kuES4JnQahPdLkfm70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7kagqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLwiEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgjNdo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SATeyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA=="
  ],
  "alg": "RS256"
}
CODE

Payload:

{
  "meta.key2": "0537d481f73a757334328052da3af9626ced97028e20b849f6115c22cd765197",
  "workerId": "5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9",
  "data": "c18ce9acaaa9535a119f48e68713c340a99113056fa1592a590b22e99b7c50d3",
  "meta.key1": "3c9683017f9e4bf33d0fbedd26bf143fd72de9b9dd145441b75f0604047ea28e",
  "workerName": "48cfc7d80572c145f34f79f7695d67ff15afcab512fbf68bc04f22e957b6f4bc",
  "FILENAME": "d57451225d6824924f593c9a0f49e7d580d603a11f1f14f27c59da5c1b90c86b"
}
CODE

Example 2 - Using ClientWS Protocol

Example of a signed signature request for signing a file using ClientWS protocol (SOAP/WS) and providing some request metadata as well with the request.

SOAP Request

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <ns2:processData xmlns:ns2="http://clientws.signserver.org/">
            <worker>XAdESSigner</worker>
            <metadata name="Key2">Value2</metadata>
            <metadata name="Key1">Value1</metadata>
            <metadata name="SIGNED_REQUEST">eyJ0eXAiOiJodHRwOi8vc2lnbnNlcnZlci5vcmcvc3BlY3Mvc2lnbmVkcmVxdWVzdC8xLjAiLCJ4NWMiOlsiTUlJRWlUQ0NBbkdnQXdJQkFnSUlCeU5RZUJYNU16TXdEUVlKS29aSWh2Y05BUUVMQlFBd1RURVhNQlVHQTFVRUF3d09SRk5USUZKdmIzUWdRMEVnTVRBeEVEQU9CZ05WQkFzTUIxUmxjM1JwYm1jeEV6QVJCZ05WQkFvTUNsTnBaMjVUWlhKMlpYSXhDekFKQmdOVkJBWVRBbE5GTUI0WERURTFNVEl4TVRBNU1qTTFOVm9YRFRJMU1USXhNVEE1TWpNMU5Wb3dPekVTTUJBR0ExVUVBd3dKUVdSdGFXNGdUMjVsTVJnd0ZnWURWUVFLREE5VGFXZHVVMlZ5ZG1WeUlFUmxiVzh4Q3pBSkJnTlZCQVlUQWxORk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbjZsTGRWd1pnZHVMeFVGOWtJNUJzUktjdVgwdGRaNVRZYjlUejBoQ09vaHBhQ0xUQTA5UlBqcXoxSEtEOCthTzBqUkN0Z0ZjMCtGMWg1MkhDSkR6WnI2UXdOWHlMV3RFNVhEcVVQMmJsRUx3bzByUVpaRWlHbU5rMXRvbFNVUjNYZXExSDIwZ2Q4b3NTNGVKRVdJZXErcmwvcmU2eTllbUNOUmZEK0RVMTVuU1lnSnNhdXp3TTVwTkg4MDk3T0YxaTdzdXdaWURrR0h0VVMxcmFNT1lxb3RMZTRsRTZPbGJFOEZUelZQS3k0VXNSWEJzV0FDazRINjFUZ2JmbnVWbi80MThIWnowWFBkUUd0NmpLZU14bVV4NXNZUStkRElzdDQ0bWM3NW5jQlpYOXM4S1VlS3N3Nlg0bFYydFYwT1ptdXJHRW9LTkRPcVBHU3IxeFRYQlFRSURBUUFCbzM4d2ZUQWRCZ05WSFE0RUZnUVVjdEdmUElHRmZGa0FIUFpRUzk5ZFd2dHFJZ0V3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlFnZWlIZTZLMjdBcWo3Y1Zpa0NXSzUyRmdGb2pBT0JnTlZIUThCQWY4RUJBTUNCZUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdJR0NDc0dBUVVGQndNRU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQjdhZDYvd241Z1ltci84bHNBZThsVlduRFJPRkJ2VkZJakozZDhFNnhwM1FZUWpQUDJKbmhaRGNUV2ZNZVlSQjhZalZYWGJOZDRxcW1lY3QzVHpydmZGbEkvLzNzR25oZ1FDSng3ZHAvYzI1dkJybGxMVTJwWDRseHNma05RMUo3bE9MYW9La3YzQkw3bGc5MFdVWjRWem93NzN6Nm5pZmlRRVB0U21ZTzFVZjE0UjRDcDNsQVkxbFdWSUZhOTd3azhueTJqRk1sSEZHR1pzSnBmV3pkaWxUWkN2UTFHSGZiakRVV1JIM3dvMGJsTWo2VTdhZm1uNVB1dHJsTjdyYWdNSWFZZGZjRDlSSXJ0UUNDdGdyazRjWXhBVEtUR0QxSmpwdFVKSHRTblF1ZktaY2FkcmkwZG96SUFjdXpSMy91b1ZrLzVLYkZqdm84czM5NlNsZTA4THc4a1Bac3ZRK0FyUzZEMDBjQ1EvU05SUzVmMmJmS1p6QUw3Z05sYjdRZ2VERFRySmFzY2djc2dPYlVIYVpaejZ4V0kySnhuRGZkTDM1TDBVTXBrWGlKeWxEOHZuZzZuMXJ1WmNVenpXWnlQbzlwRHo2Z3FvMS9mSXRmL1NJb1ZYM3FTMGVHRkZFeHFvd0pJdWRjOTNGemNKaU5hY2I1V25DOVdNRE1BZzJuTFEvK1kranFqMGFGZWF6Z0hBeDNuNktWTnFaZjhXR2RBWG15OUpNZytDU25FSEdOaHBuVW9RTUp0SXB2RzVqL01FV2J5RHpZZzlGVHVDVEZka2NXa3d2amxQSWV4Qm9ndHZiaDJ3dFZaWmlvSW1vRzJLQ2NqTWxOYzNIVmU0Skg3RHptWmtyUW9SWE5DRXVnWjZ0OG1XYTZuUFBodzluRm9aVDh1Q29vTVpRPT0iLCJNSUlGZnpDQ0EyZWdBd0lCQWdJSU1rMUJPSzhDd1R3d0RRWUpLb1pJaHZjTkFRRUxCUUF3VFRFWE1CVUdBMVVFQXd3T1JGTlRJRkp2YjNRZ1EwRWdNVEF4RURBT0JnTlZCQXNNQjFSbGMzUnBibWN4RXpBUkJnTlZCQW9NQ2xOcFoyNVRaWEoyWlhJeEN6QUpCZ05WQkFZVEFsTkZNQjRYRFRFeE1EVXlOekE0TVRReU4xb1hEVE0yTURVeU56QTRNVFF5TjFvd1RURVhNQlVHQTFVRUF3d09SRk5USUZKdmIzUWdRMEVnTVRBeEVEQU9CZ05WQkFzTUIxUmxjM1JwYm1jeEV6QVJCZ05WQkFvTUNsTnBaMjVUWlhKMlpYSXhDekFKQmdOVkJBWVRBbE5GTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFnYmxnalRUa01wMVFBaGdXRHByaHZxRTl6WDFVeC9BL1JUT3U0RzRmNkNUa2Q2SkVFa2JkS1p2K0NLdjRjUm9WQ3RmTzN3bk9va0ZSdy8xSk1tSEhpUTFaLy91RG9Eam84ams4bmVrMEFyRkU5UjVOVDAyd01KQ1FhL21QMXdVOVpTbDF0eDNqUVJVRkIrclROZUNjUFRmdCsxRkw3VWpZTWRrUnpsMjYxSU9sbVh6RE1BK0VZSUdKMmMyd1loT3YyRHFmUXlnTno1R09mMEVGcWxRWkl0L3B6b3BTUyswSzhtTmI1M1JPaGc5R0p1and6dWdTSDVaK3IwZnNWSGJDVjBRVWtaQmZrUm85S01jZGFERVBhOHhwWVRqc0ZQcVU2UmNuR2tWQUJobjhPUzhTSVd3MnJlMWYraHRqNnA5RUdiazFtMEk5cFdHQkE5a3RXbnJxbHFEWFYrdEVoaGgxTzRmK0xIaWVveGlzY3JGN1JYeGxZcXlhbTZvYWJmWHNYM1ZBQzBNMVVrd0ljaUU4d0ExU2ovK2Rnb1NNcXZFRE5EZndwRVl0Nmw4WjhjekRUV0RpN01NMnU1VlkwblAzK0ErUGVwS3JPdHJkYUdTUDM5NmY0YTdBM3VuMW82blFXSHN5V1E3a2M4R0luOHpONW55a1FhZ2hHeVlsSEhZZTFYVVNQdEhteGpiZHN5enRya0lpczNjZmpGbmUwWGdQQWlRdVl4M1QvQitwbzlCaEdJVXdDVjBRaS9nV1ZONk5reWRzYnpNZVJYRUxRWXlLK2xIZ0lHaUVhQnpRUlJ0WGJuQit3UVhpMklhY0pOZEtxSUN3RHNsL1B2dmNaSTlaVjZwQi9LSXpCKzhJSm0wQ0xZMjRLME9YSnMzQnFpajhnbXB2YkkrbzB3VUNBd0VBQWFOak1HRXdIUVlEVlIwT0JCWUVGQ0I2SWQ3b3Jic0NxUHR4V0tRSllybllXQVdpTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SHdZRFZSMGpCQmd3Rm9BVUlIb2gzdWl0dXdLbyszRllwQWxpdWRoWUJhSXdEZ1lEVlIwUEFRSC9CQVFEQWdHR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQXhGdnBPWkY2S29sNDhjUWVLV1E0OFZBZStoNWRteUtNZkRMRFpYNTFJUnpmS0tzSExwRlB4ekdOdzR0OVV2NFlPUjBDRDl6ODFkUitjOTN0MWx3d0lwS2J4OVFtcThqVmlIRUhLWUQ5RlhUaE0rY1Zwc1QyNXBnMzVtM09OZVVYL2IrK2wyZCsyUU5OVFdNdmRzQ3RhUWR5YlpxYllGSWswSWpQd0xMcWRzQThJbzYwa3VFUzRKblFhaFBkTGtmbTcwcmdBZG1SRG96T2ZTRGFhV0hZMjBEb3ZrZnZLVVlqUFI2TUdBUEQ1dzlkRWI0d3AvWmpBVGJseVpuSCtMVGZsd2ZmdFVBb25tQXc0NkUwWmdnMTQzc082UmZPT25id2pYRWMrS1hkL0tRNmtUUTU2MG1seVJkNnE3RUlEWVJmRDRuNGFnS1YyUjVndlZQaE1EMCtJSzdrYWdxS05mV2E5ejhVZTJOM01lZHlXbmI5d3Y0d0M2OXFGbmRHYUlmWUFEa1V5a29PeUxzVlZ0ZUo3MFBWSlBYTzdzNjZMdWNmRDJSMHdvMk1wdU9ZQ3NUT203SEhTK3VaOVZqSGwycVEwWlFHODlYbitBWG56UGJrMUlOZTJ6MGxxM2h6Q1c1RFRZQktzSkVleEVyek1wTHdpRXFVWUpVZlI5RWVDTThVUE10TFNxejF1dGRQb0lZaFVMR3p0NWxTSkVwTUhNYnF1WWZXSnhRaUtDYnZmeFFzUDVkTFVNRUlxVGdqTmRvOThPbE03Wjd6allIOUtpbXozd2dBS1NBSW9RWnI3T3kxZE1ITzVHSzRqQnRaOHdnc3l5UTZEelFRN1I2OFhGVkthcklXOFNBVGV5dWJBUCtXamRNd2svWlh6c0RqTVpFdEVOYUJYekFlZllBPT0iXSwiYWxnIjoiUlMyNTYifQ.eyJtZXRhLktleTIiOiJlMjYyZmJlMGUwY2ExZTI1YzBjMzViYTZkZDAxMjQzMjgyNWZkZjg1YTY1M2RhYjZmOGE5YzM0ZWM5MDdiZTQxIiwiZGF0YSI6ImNlZWQ3ZDkyYzViYzUwYzc4NGZiZGVmZjMwMGVjYTUzZTdjZDc4YzExNjk5M2JkNmIxZTYwNmIxNjg2ZTU2NjEiLCJtZXRhLktleTEiOiJkMDZhMGFhM2JlYmNlYjU2NzFkNzRhYWYyYTZmYzc0MzU4YWRkZWIyZDdlZjcwM2Y2YjkzMmQ5ODRlMWFmN2ZlIiwibWV0YS5GSUxFTkFNRSI6IjMwNzZiMjI3YTY1ZWE0ZDhmMDJiMDM1ZDk2YjhhMTZjYzIxZDdlYjZhNDIzMjM4NjFjYmZhM2Y1M2I3MjkzMzgiLCJ3b3JrZXJOYW1lIjoiOGJmM2U5ODg5MGZlNWNiYjBmZjk5YjczZDM3MTE0NzIzZmU0MDFkOGZjMDYyNGNjN2JkM2RlNmViZjhhZTYzMiIsIkZJTEVOQU1FIjoiMzA3NmIyMjdhNjVlYTRkOGYwMmIwMzVkOTZiOGExNmNjMjFkN2ViNmE0MjMyMzg2MWNiZmEzZjUzYjcyOTMzOCJ9.W-qEV1xyLkmIqHFeSz9rn7bBVNa-RQRRDB0hBfZzAOiFDwJwlUwPwYQzfSp2vygkqZpiiXiwwGeb0-VmBwikw8d-Vu9YNHOcviL-GHmgeuVlBiQcWi8FmVgKWt2UBACwjt9iexT7Oq4Pxxt71eAQPlrTtDUKSNgfdHWEmgZfpb1E0GyzpIdZd8C2h0uDhxcZbLQF30X5uBVYFiJ3N9p-KnhI1SHxAgVCx9P3MVvCNN0MybYjZrmWQqHjgLV3DjNkRnoez5Pm5awWe5eQvjszUX1WST8HmzeJPy_ZQHDlfCqMTdC5DcrShfN5PR-5gf0qy9fSca7GaGO1Il3FwTlhLA</metadata>
            <metadata name="FILENAME">mydoc.xml</metadata>
            <data>
                <xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="cid:c6c82a4b-8529-406c-8fb3-9119295f22b1-1@cxf.apache.org"/>
            </data>
        </ns2:processData>
    </soap:Body>
</soap:Envelope>
CODE

(warning) Data is a reference to a separate part of the HTTP request.

Decoded

Header:

{
  "typ": "http://signserver.org/specs/signedrequest/1.0",
  "x5c": [
    "MIIEiTCCAnGgAwIBAgIIByNQeBX5MzMwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTE1MTIxMTA5MjM1NVoXDTI1MTIxMTA5MjM1NVowOzESMBAGA1UEAwwJQWRtaW4gT25lMRgwFgYDVQQKDA9TaWduU2VydmVyIERlbW8xCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6lLdVwZgduLxUF9kI5BsRKcuX0tdZ5TYb9Tz0hCOohpaCLTA09RPjqz1HKD8+aO0jRCtgFc0+F1h52HCJDzZr6QwNXyLWtE5XDqUP2blELwo0rQZZEiGmNk1tolSUR3Xeq1H20gd8osS4eJEWIeq+rl/re6y9emCNRfD+DU15nSYgJsauzwM5pNH8097OF1i7suwZYDkGHtUS1raMOYqotLe4lE6OlbE8FTzVPKy4UsRXBsWACk4H61TgbfnuVn/418HZz0XPdQGt6jKeMxmUx5sYQ+dDIst44mc75ncBZX9s8KUeKsw6X4lV2tV0OZmurGEoKNDOqPGSr1xTXBQQIDAQABo38wfTAdBgNVHQ4EFgQUctGfPIGFfFkAHPZQS99dWvtqIgEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQgeiHe6K27Aqj7cVikCWK52FgFojAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQB7ad6/wn5gYmr/8lsAe8lVWnDROFBvVFIjJ3d8E6xp3QYQjPP2JnhZDcTWfMeYRB8YjVXXbNd4qqmect3TzrvfFlI//3sGnhgQCJx7dp/c25vBrllLU2pX4lxsfkNQ1J7lOLaoKkv3BL7lg90WUZ4Vzow73z6nifiQEPtSmYO1Uf14R4Cp3lAY1lWVIFa97wk8ny2jFMlHFGGZsJpfWzdilTZCvQ1GHfbjDUWRH3wo0blMj6U7afmn5PutrlN7ragMIaYdfcD9RIrtQCCtgrk4cYxATKTGD1JjptUJHtSnQufKZcadri0dozIAcuzR3/uoVk/5KbFjvo8s396Sle08Lw8kPZsvQ+ArS6D00cCQ/SNRS5f2bfKZzAL7gNlb7QgeDDTrJascgcsgObUHaZZz6xWI2JxnDfdL35L0UMpkXiJylD8vng6n1ruZcUzzWZyPo9pDz6gqo1/fItf/SIoVX3qS0eGFFExqowJIudc93FzcJiNacb5WnC9WMDMAg2nLQ/+Y+jqj0aFeazgHAx3n6KVNqZf8WGdAXmy9JMg+CSnEHGNhpnUoQMJtIpvG5j/MEWbyDzYg9FTuCTFdkcWkwvjlPIexBogtvbh2wtVZZioImoG2KCcjMlNc3HVe4JH7DzmZkrQoRXNCEugZ6t8mWa6nPPhw9nFoZT8uCooMZQ==",
    "MIIFfzCCA2egAwIBAgIIMk1BOK8CwTwwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTExMDUyNzA4MTQyN1oXDTM2MDUyNzA4MTQyN1owTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgblgjTTkMp1QAhgWDprhvqE9zX1Ux/A/RTOu4G4f6CTkd6JEEkbdKZv+CKv4cRoVCtfO3wnOokFRw/1JMmHHiQ1Z//uDoDjo8jk8nek0ArFE9R5NT02wMJCQa/mP1wU9ZSl1tx3jQRUFB+rTNeCcPTft+1FL7UjYMdkRzl261IOlmXzDMA+EYIGJ2c2wYhOv2DqfQygNz5GOf0EFqlQZIt/pzopSS+0K8mNb53ROhg9GJujwzugSH5Z+r0fsVHbCV0QUkZBfkRo9KMcdaDEPa8xpYTjsFPqU6RcnGkVABhn8OS8SIWw2re1f+htj6p9EGbk1m0I9pWGBA9ktWnrqlqDXV+tEhhh1O4f+LHieoxiscrF7RXxlYqyam6oabfXsX3VAC0M1UkwIciE8wA1Sj/+dgoSMqvEDNDfwpEYt6l8Z8czDTWDi7MM2u5VY0nP3+A+PepKrOtrdaGSP396f4a7A3un1o6nQWHsyWQ7kc8GIn8zN5nykQaghGyYlHHYe1XUSPtHmxjbdsyztrkIis3cfjFne0XgPAiQuYx3T/B+po9BhGIUwCV0Qi/gWVN6NkydsbzMeRXELQYyK+lHgIGiEaBzQRRtXbnB+wQXi2IacJNdKqICwDsl/PvvcZI9ZV6pB/KIzB+8IJm0CLY24K0OXJs3Bqij8gmpvbI+o0wUCAwEAAaNjMGEwHQYDVR0OBBYEFCB6Id7orbsCqPtxWKQJYrnYWAWiMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUIHoh3uituwKo+3FYpAliudhYBaIwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAxFvpOZF6Kol48cQeKWQ48VAe+h5dmyKMfDLDZX51IRzfKKsHLpFPxzGNw4t9Uv4YOR0CD9z81dR+c93t1lwwIpKbx9Qmq8jViHEHKYD9FXThM+cVpsT25pg35m3ONeUX/b++l2d+2QNNTWMvdsCtaQdybZqbYFIk0IjPwLLqdsA8Io60kuES4JnQahPdLkfm70rgAdmRDozOfSDaaWHY20DovkfvKUYjPR6MGAPD5w9dEb4wp/ZjATblyZnH+LTflwfftUAonmAw46E0Zgg143sO6RfOOnbwjXEc+KXd/KQ6kTQ560mlyRd6q7EIDYRfD4n4agKV2R5gvVPhMD0+IK7kagqKNfWa9z8Ue2N3MedyWnb9wv4wC69qFndGaIfYADkUykoOyLsVVteJ70PVJPXO7s66LucfD2R0wo2MpuOYCsTOm7HHS+uZ9VjHl2qQ0ZQG89Xn+AXnzPbk1INe2z0lq3hzCW5DTYBKsJEexErzMpLwiEqUYJUfR9EeCM8UPMtLSqz1utdPoIYhULGzt5lSJEpMHMbquYfWJxQiKCbvfxQsP5dLUMEIqTgjNdo98OlM7Z7zjYH9Kimz3wgAKSAIoQZr7Oy1dMHO5GK4jBtZ8wgsyyQ6DzQQ7R68XFVKarIW8SATeyubAP+WjdMwk/ZXzsDjMZEtENaBXzAefYA=="
  ],
  "alg": "RS256"
}
CODE

Payload:

{
  "meta.Key2": "e262fbe0e0ca1e25c0c35ba6dd012432825fdf85a653dab6f8a9c34ec907be41",
  "data": "ceed7d92c5bc50c784fbdeff300eca53e7cd78c116993bd6b1e606b1686e5661",
  "meta.Key1": "d06a0aa3bebceb5671d74aaf2a6fc74358addeb2d7ef703f6b932d984e1af7fe",
  "meta.FILENAME": "3076b227a65ea4d8f02b035d96b8a16cc21d7eb6a42323861cbfa3f53b729338",
  "workerName": "8bf3e98890fe5cbb0ff99b73d37114723fe401d8fc0624cc7bd3de6ebf8ae632",
  "FILENAME": "3076b227a65ea4d8f02b035d96b8a16cc21d7eb6a42323861cbfa3f53b729338"
}
CODE

Sample Code

Java sample code for sending a signed signature request using ClientWS is available in the SignServer Enterprise sources under modules/mod-enterprise/SignServer--Sample-Clients module and called ClientWSWithSignedRequestSampleApp.java.