consume custom binding oracle WFC web service with ruby / savon

Question

I am trying to consume a wfc web service with a non basicthttp binding with ruby and savon.

The provider of the WS implemented the oracle/wss11_username_token_with_message_protection_service_policy (which is described here http://www.oracle.com/technetwork/articles/soa/oracle-msft-interoperate-183511.html)

If I understand correctly this policy is expecting some sort of encryption (according to this http://blog.raastech.com/2012/08/owsm-security-errors.html) due to the non basic http binding

The WS described actually goes over ssl which may be the root of all evil due to me implementing it poorly.

Is even possible to consume a WFC WS with non basic http binding with savon?

My background is ruby and rails, yet I am new to WS (and savon) and ssl usage.

Now the provider of the WS does not give much of support. Actually their outing is that they only provide support for implementations in java or .net (is that even possible given that it’s a WS and thus platform independent?).

In an attempt to run the fairly simple code which is the following

require 'savon'
client = Savon.client do 

  wsdl      "https://apps.ika.gr/hospitalisationWSS_TEST-hospitalisationWSS_TEST-context-root/MainWSClassPort?WSDL"
  wsse_auth "ΥΥΥΥ", "ΧΧΧΧ"     # ALTERED
  wsse_timestamp true

  pretty_print_xml true
  log_level :debug

  ssl_verify_mode :none
  ssl_cert_file       "files/ika.cer"  # provided by WS provider
end


save_admission_hl7_msg = "MSH|^~\&|||||201310111112||ADT^A13^ADT_A13|2013000012113|P|2.6|||||||||66645678912345678945|^^^^^^^^^10000\nEVN|A13|201310101122|||nosiliapap\nPID\nPV1||I|||||||||||||||||2013000012111|||||||||||||||||||||||||||||||2013000012113\n"

response = client.call(:save_admission_hl7,  
         :attributes => { :xmlns => "http://bean.intracom.com/" }, 
          :message => { :arg0 => {  :@xmlns=>'', :content! =>{ :hl7ADT =>     save_admission_hl7_msg     }    }  } )
end

puts response.body

Ι get the following output

D, [2013-12-04T08:21:20.445549 #3088] DEBUG -- : HTTPI GET request to apps.ika.gr (httpclient)
I, [2013-12-04T08:21:22.074643 #3088]  INFO -- : SOAP request: https://apps.ika.gr/hospitalisationWSS_TEST-hospitalisationWSS_TEST-context-root/MainWSClassPort
I, [2013-12-04T08:21:22.074643 #3088]  INFO -- : SOAPAction: "saveAdmissionHl7", Content-Type: text/xml;charset=UTF-8, Content-Length: 1363
D, [2013-12-04T08:21:22.075643 #3088] DEBUG -- : <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="http://bean.intracom.com/" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
        <wsse:Username>YYYY</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXX</wsse:Password>
      </wsse:UsernameToken>
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-2">
        <wsu:Created>2013-12-04T06:21:22Z</wsu:Created>
        <wsu:Expires>2013-12-04T06:22:22Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
  </env:Header>
  <env:Body>
    <tns:saveAdmissionHl7 xmlns="http://bean.intracom.com/">
      <arg0 xmlns="">
        <hl7ADT>MSH|^~&amp;|||||201310111112||ADT^A13^ADT_A13|2013000012113|P|2.6|||||||||66645678912345678945|^^^^^^^^^10000
EVN|A13|201310101122|||nosiliapap
PID
PV1||I|||||||||||||||||2013000012111|||||||||||||||||||||||||||||||2013000012113
</hl7ADT>
      </arg0>
    </tns:saveAdmissionHl7>
  </env:Body>
</env:Envelope>

D, [2013-12-04T08:21:22.076643 #3088] DEBUG -- : HTTPI POST request to apps.ika.gr (httpclient)
I, [2013-12-04T08:21:22.472665 #3088]  INFO -- : SOAP response (status 500)
D, [2013-12-04T08:21:22.473665 #3088] DEBUG -- : <?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
  <S:Body>
    <ns2:Fault xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns3="http://www.w3.org/2003/05/soap-envelope">
      <faultcode xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns0:FailedCheck</faultcode>
      <faultstring>FailedCheck : failure in security check</faultstring>
    </ns2:Fault>
  </S:Body>
</S:Envelope>

f:/rubystack/ruby/lib/ruby/gems/1.9.1/gems/savon-2.3.0/lib/savon/response.rb:85:in `raise_soap_and_http_errors!': (ns0:FailedCheck) FailedCheck : failure in security check (Savon::SOAPFault)
        from f:/rubystack/ruby/lib/ruby/gems/1.9.1/gems/savon-2.3.0/lib/savon/response.rb:14:in `initialize'
        from f:/rubystack/ruby/lib/ruby/gems/1.9.1/gems/savon-2.3.0/lib/savon/operation.rb:64:in `new'
        from f:/rubystack/ruby/lib/ruby/gems/1.9.1/gems/savon-2.3.0/lib/savon/operation.rb:64:in `create_response'
        from f:/rubystack/ruby/lib/ruby/gems/1.9.1/gems/savon-2.3.0/lib/savon/operation.rb:55:in `call'
        from f:/rubystack/ruby/lib/ruby/gems/1.9.1/gems/savon-2.3.0/lib/savon/client.rb:36:in `call'
        from eopyy.rb:82:in `<main>'

Now given my poor knowledge on WS's and SSL usage I cant figure out the error. Is it the SSL? Should I use ssl_ca_cert_file instead of ssl_cert_file ? (obviously I tried that already). Do I need to use a key file also?

The provider actually provides a .jks file (next to the above "ika.cer" certificate) but also mentions that it should be used only within a java implementation (an not a .net). I already unpacked the jks file and attempted to use its contained certificates and files, unsuccesfully.

Any help, clues, tips, greatly appreciated.