Just a quick note -

For those who want to use WS-Security to sign documents with RSA keys, or to validate such signatures using certificates, there is a Java callout that lets you do this in an Apigee proxy. This provides interoperability with existing Java and .NET apps that use WS-Security signing.

Yesterday, I made a few changes to the code to add some new features, eliminate one limitation, and clarify the README.

1. New feature: checking digest and signature method.
   Now at validation time, you can check the digest method and the signature method. Previously, the Validate callout did not check whether sha1 or sha256 was used for digest, and did not check whether rsa-sha1 or rsa-sha256 was used for signing - the Validate callout was happy with either. With the most recent changes, the Validate can optionally check either or both of those things. This may be important if you want to insist on the use of the more secure hashes (sha256) in the WS-Sec signed documents. See the signing-method and digest-method properties.
2. Eliminated: no check of thumbprint for explicit-provided certs.
   The Validate callout can obtain the certificate to verify the signature either in the signed document itself, or it can obtain the certificate from the policy configuration. Which one is necessary depends on how the signed document was constructed. Previously, the Validate callout always checked the thumbprint of the certificate, regardless whether it obtained it implicitly in the signed document, or explicitly from the configuration. Now, the Validate callout does not check the thumbprint of the explicitly-provided certificate. If you provide the cert, you don't want or need to check the thumbprint on it.
3. Clarified the readme on these points and others.

BT if you want WS-Security encryption, there's a different callout for that.