List of usage examples for java.security.cert X509Certificate getEncoded
public abstract byte[] getEncoded() throws CertificateEncodingException;
From source file:org.codice.ddf.security.idp.server.IdpEndpointTest.java
@Test public void testPassiveLoginPkiUnsupportedPost() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException { String samlRequest = authNRequestPassivePkiPost; HttpServletRequest request = mock(HttpServletRequest.class); X509Certificate x509Certificate = mock(X509Certificate.class); Subject subject = mock(Subject.class); PrincipalCollection principalCollection = mock(PrincipalCollection.class); SecurityAssertion securityAssertion = mock(SecurityAssertion.class); SecurityToken securityToken = mock(SecurityToken.class); SecurityManager securityManager = mock(SecurityManager.class); when(subject.getPrincipals()).thenReturn(principalCollection); when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion)); when(securityAssertion.getSecurityToken()).thenReturn(securityToken); //this mock element is what will cause the signature error when(securityToken.getToken()).thenReturn(mock(Element.class)); when(securityManager.getSubject(anyObject())).thenReturn(subject); idpEndpoint.setSecurityManager(securityManager); idpEndpoint.setStrictSignature(false); when(request.isSecure()).thenReturn(true); when(request.getRequestURL()).thenReturn(requestURL); when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*"); //dummy cert/*from w ww . j a va 2s. c o m*/ when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)) .thenReturn(new X509Certificate[] { x509Certificate }); when(x509Certificate.getEncoded()).thenReturn(new byte[48]); Response response = idpEndpoint.showPostLogin(samlRequest, relayState, request); String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse\" value=\"", "\" />"); responseStr = new String(Base64.getDecoder().decode(responseStr)); //the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp assertThat(responseStr, containsString("status:RequestUnsupported")); }
From source file:org.codice.ddf.security.idp.server.IdpEndpointTest.java
@Test public void testPassiveLoginPkiUnsupported() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException { String samlRequest = authNRequestPassivePkiGet; HttpServletRequest request = mock(HttpServletRequest.class); X509Certificate x509Certificate = mock(X509Certificate.class); Subject subject = mock(Subject.class); PrincipalCollection principalCollection = mock(PrincipalCollection.class); SecurityAssertion securityAssertion = mock(SecurityAssertion.class); SecurityToken securityToken = mock(SecurityToken.class); SecurityManager securityManager = mock(SecurityManager.class); when(subject.getPrincipals()).thenReturn(principalCollection); when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion)); when(securityAssertion.getSecurityToken()).thenReturn(securityToken); //this mock element is what will cause the signature error when(securityToken.getToken()).thenReturn(mock(Element.class)); when(securityManager.getSubject(anyObject())).thenReturn(subject); idpEndpoint.setSecurityManager(securityManager); idpEndpoint.setStrictSignature(false); when(request.isSecure()).thenReturn(true); when(request.getRequestURL()).thenReturn(requestURL); when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*"); //dummy cert/* w w w .j a v a 2 s . c o m*/ when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)) .thenReturn(new X509Certificate[] { x509Certificate }); when(x509Certificate.getEncoded()).thenReturn(new byte[48]); Response response = idpEndpoint.showGetLogin(samlRequest, relayState, signatureAlgorithm, signature, request); String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse=", "&RelayState"); responseStr = URLDecoder.decode(responseStr, "UTF-8"); responseStr = RestSecurity.inflateBase64(responseStr); //the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp assertThat(responseStr, containsString("status:RequestUnsupported")); }
From source file:org.globus.myproxy.MyProxy.java
/** * Delegate credentials to a MyProxy server. * * @param credential// w w w. j a va2 s . c om * The GSI credentials to use. * @param params * The parameters for the put operation. * @exception MyProxyException * If an error occurred during the operation. */ public void put(GSSCredential credential, InitParams params) throws MyProxyException { if (credential == null) { throw new IllegalArgumentException("credential == null"); } if (params == null) { throw new IllegalArgumentException("params == null"); } if (!(credential instanceof GlobusGSSCredentialImpl)) { throw new IllegalArgumentException("wrong type of credentials"); } String msg = params.makeRequest(); Socket gsiSocket = null; OutputStream out = null; InputStream in = null; try { gsiSocket = getSocket(credential); out = gsiSocket.getOutputStream(); in = gsiSocket.getInputStream(); if (!((GssSocket) gsiSocket).getContext().getConfState()) throw new Exception("Confidentiality requested but not available"); // send message out.write(msg.getBytes()); out.flush(); if (logger.isDebugEnabled()) { logger.debug("Req sent:" + params); } handleReply(in); BouncyCastleCertProcessingFactory certFactory = BouncyCastleCertProcessingFactory.getDefault(); GlobusGSSCredentialImpl pkiCred = (GlobusGSSCredentialImpl) credential; X509Certificate[] certs = pkiCred.getCertificateChain(); // read in the cert request from socket and // generate a certificate to be sent back to the server X509Certificate cert = certFactory.createCertificate(in, certs[0], pkiCred.getPrivateKey(), -1, BouncyCastleCertProcessingFactory.decideProxyType(certs[0], GSIConstants.DelegationType.FULL)); // write the new cert we've generated to the socket to send it back // to the server // must put everything into one message ByteArrayOutputStream buffer = new ByteArrayOutputStream(2048); buffer.write((byte) (certs.length + 1)); // write signed ceritifcate buffer.write(cert.getEncoded()); for (int i = 0; i < certs.length; i++) { buffer.write(certs[i].getEncoded()); // DEBUG: print out subject name of sent certificate if (logger.isDebugEnabled()) { logger.debug("Sent cert: " + certs[i].getSubjectDN()); } } out.write(buffer.toByteArray()); out.flush(); handleReply(in); } catch (Exception e) { throw new MyProxyException("MyProxy put failed.", e); } finally { // close socket close(out, in, gsiSocket); } }
From source file:com.adito.ldap.LdapUserDatabase.java
/** * Register a certificate X509 in LDAP server for a user * @param user the owner of certificate//from w ww .ja v a 2s .c o m * @param x509Certificate the certificate to register * @throws Exception */ public void registerCertificate(User user, X509Certificate x509Certificate) throws Exception { if (!supportsAccountCreation()) { throw new UnsupportedOperationException("User database is read-only"); } if (logger.isInfoEnabled()) { logger.info("Register Certificat " + user.getPrincipalName()); } if (user instanceof LdapUser) { LdapTemplate ldapTemplate = new LdapTemplate(); ldapTemplate.setContextSource(ldapContextSource); LdapUser ldapUser = (LdapUser) user; String dn = ldapUser.getDn(); int ind = dn.indexOf(baseDn); String rdn = dn.substring(0, ind - 1); //add (or update) the certificat of user DirContextOperations context = ldapTemplate.lookupContext(rdn); context.setAttributeValue(CERTIFICATE_ATTRIBUTE, x509Certificate.getEncoded()); ldapTemplate.modifyAttributes(context); } }
From source file:be.fedict.eid.dss.protocol.simple.client.SignatureResponseProcessor.java
private void verifyServiceSignature(String serviceSigned, String target, String signatureRequest, String signatureRequestId, String signatureResponse, String signatureResponseId, String encodedSignatureCertificate, byte[] serviceSignatureValue, List<X509Certificate> serviceCertificateChain) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { LOG.debug("verifying service signature"); X509Certificate serviceCertificate = serviceCertificateChain.get(0); LOG.debug("service identity: " + serviceCertificate.getSubjectX500Principal()); Signature serviceSignature = Signature.getInstance("SHA1withRSA"); serviceSignature.initVerify(serviceCertificate); StringTokenizer serviceSignedStringTokenizer = new StringTokenizer(serviceSigned, ","); while (serviceSignedStringTokenizer.hasMoreTokens()) { String serviceSignedElement = serviceSignedStringTokenizer.nextToken(); LOG.debug("service signed: " + serviceSignedElement); byte[] data; if ("target".equals(serviceSignedElement)) { data = target.getBytes();/*from www .java2 s . c om*/ } else if ("SignatureRequest".equals(serviceSignedElement)) { data = signatureRequest.getBytes(); } else if ("SignatureRequestId".equals(serviceSignedElement)) { data = signatureRequestId.getBytes(); } else if ("SignatureResponse".equals(serviceSignedElement)) { data = signatureResponse.getBytes(); } else if ("SignatureResponseId".equals(serviceSignedElement)) { data = signatureResponseId.getBytes(); } else if ("SignatureCertificate".equals(serviceSignedElement)) { data = encodedSignatureCertificate.getBytes(); } else { throw new SecurityException("service signed unknown element: " + serviceSignedElement); } serviceSignature.update(data); } boolean valid = serviceSignature.verify(serviceSignatureValue); if (!valid) { throw new SecurityException("service signature not valid"); } if (null != this.serviceFingerprint) { LOG.debug("checking service fingerprint"); byte[] actualServiceFingerprint = DigestUtils.sha(serviceCertificate.getEncoded()); if (!Arrays.equals(this.serviceFingerprint, actualServiceFingerprint)) { throw new SecurityException("service certificate fingerprint mismatch"); } } }
From source file:com.xwiki.authentication.sts.STSTokenValidator.java
/** * validateToken(SignableSAMLObject samlToken) * Validates Token from SAMLlObject - returns boolen * Validates Token - exitracting sertificate from samlToken. * And validates it. Returning true or false according on validation results. * @param samlToken SignableSAMLObject//w w w . j a v a 2 s. c om * @return boolean valid => true, not valid => false */ private static boolean validateToken(SignableSAMLObject samlToken) throws SecurityException, ValidationException, ConfigurationException, UnmarshallingException, CertificateException, KeyException { // Validate XML structure samlToken.validate(true); Signature signature = samlToken.getSignature(); X509Certificate certificate = certFromToken(samlToken); // Certificate data log.debug("certificate issuerDN: " + certificate.getIssuerDN()); log.debug("certificate issuerUniqueID: " + certificate.getIssuerUniqueID()); log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal()); log.debug("certificate notBefore: " + certificate.getNotBefore()); log.debug("certificate notAfter: " + certificate.getNotAfter()); log.debug("certificate serialNumber: " + certificate.getSerialNumber()); log.debug("certificate sigAlgName: " + certificate.getSigAlgName()); log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID()); log.debug("certificate signature: " + new String(certificate.getSignature())); log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal().toString()); log.debug("certificate publicKey: " + certificate.getPublicKey()); log.debug("certificate subjectDN: " + certificate.getSubjectDN()); log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID()); log.debug("certificate version: " + certificate.getVersion()); BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(certificate); // Credential data cred.setEntityId(entityId); log.debug("cred entityId: " + cred.getEntityId()); log.debug("cred usageType: " + cred.getUsageType()); log.debug("cred credentalContextSet: " + cred.getCredentalContextSet()); log.debug("cred hashCode: " + cred.hashCode()); log.debug("cred privateKey: " + cred.getPrivateKey()); log.debug("cred publicKey: " + cred.getPublicKey()); log.debug("cred secretKey: " + cred.getSecretKey()); log.debug("cred entityCertificateChain: " + cred.getEntityCertificateChain()); ArrayList<Credential> trustedCredentials = new ArrayList<Credential>(); trustedCredentials.add(cred); CollectionCredentialResolver credResolver = new CollectionCredentialResolver(trustedCredentials); KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver(); ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(entityId)); Base64 decoder = new Base64(); // In trace mode write certificate in the file if (log.isTraceEnabled()) { String certEncoded = new String(decoder.encode(certificate.getEncoded())); try { FileUtils.writeStringToFile(new File("/tmp/Certificate.cer"), "-----BEGIN CERTIFICATE-----\n" + certEncoded + "\n-----END CERTIFICATE-----"); log.trace("Certificate file was saved in: /tmp/Certificate.cer"); } catch (IOException e1) { log.error(e1); } } return engine.validate(signature, criteriaSet); }
From source file:com.netscape.cmscore.apps.CMSEngine.java
public String getEncodedCert(X509Certificate cert) { try {//from www. ja va 2 s .c o m return Cert.HEADER + "\n" + Utils.base64encode(cert.getEncoded(), true) + Cert.FOOTER + "\n"; } catch (Exception e) { return null; } }
From source file:be.fgov.kszbcss.rhq.websphere.connector.agent.ConnectorSubsystemComponent.java
public OperationResult invokeOperation(String name, Configuration parameters) throws InterruptedException, Exception { if (name.equals("importCertificateFromFile")) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream in = new FileInputStream(parameters.getSimple("file").getStringValue()); try {// w w w . j a v a 2 s. co m Iterator<? extends Certificate> it = cf.generateCertificates(in).iterator(); if (it.hasNext()) { TrustStoreManager.getInstance().addCertificate(parameters.getSimple("alias").getStringValue(), (X509Certificate) it.next()); } else { throw new Exception("No certificate found"); } } finally { in.close(); } return null; } else if (name.equals("retrieveCellCertificate")) { DeploymentManager dm = new DeploymentManager(null, new ConfigurationBasedProcessLocator(parameters)); String cell = dm.getCell(); ConfigQueryExecutor configQueryExecutor = ConfigQueryServiceFactory.getInstance() .getConfigQueryExecutor(dm); try { X509Certificate cert = configQueryExecutor.query(CellRootCertificateQuery.INSTANCE); TrustStoreManager.getInstance().addCertificate("cell:" + cell, cert); } finally { configQueryExecutor.destroy(); } return null; } else if (name.equals("retrieveCertificateFromPort")) { SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(new KeyManager[0], new TrustManager[] { new AutoImportTrustManager(parameters.getSimple("alias").getStringValue()) }, new SecureRandom()); SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket( parameters.getSimple("host").getStringValue(), parameters.getSimple("port").getIntegerValue()); try { socket.startHandshake(); } finally { socket.close(); } return null; } else if (name.equals("listCertificates")) { final PropertyList certificates = new PropertyList("certificates"); TrustStoreManager.getInstance().execute(new TrustStoreAction() { public void execute(KeyStore truststore) throws Exception { // Sort the aliases for convenience Set<String> aliases = new TreeSet<String>(); for (Enumeration<String> e = truststore.aliases(); e.hasMoreElements();) { aliases.add(e.nextElement()); } for (String alias : aliases) { X509Certificate cert = (X509Certificate) truststore.getCertificate(alias); PropertyMap map = new PropertyMap("certificate"); map.put(new PropertySimple("alias", alias)); map.put(new PropertySimple("subject", cert.getSubjectDN().toString())); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(cert.getEncoded()); byte[] digest = md.digest(); StringBuilder fingerprint = new StringBuilder(); for (int i = 0; i < digest.length; i++) { if (i > 0) { fingerprint.append(':'); } fingerprint.append(getHexDigit(((int) digest[i] & 0xf0) >> 4)); fingerprint.append(getHexDigit((int) digest[i] & 0x0f)); } map.put(new PropertySimple("fingerprint", fingerprint.toString())); certificates.add(map); } } }, true); if (log.isDebugEnabled()) { log.debug("certificates=" + certificates); } OperationResult result = new OperationResult(); result.getComplexResults().put(certificates); return result; } else if (name.equals("removeCertificate")) { final String alias = parameters.getSimple("alias").getStringValue(); TrustStoreManager.getInstance().execute(new TrustStoreAction() { public void execute(KeyStore truststore) throws Exception { truststore.deleteEntry(alias); } }, false); return null; } else if (name.equals("renameCertificate")) { final String oldAlias = parameters.getSimple("oldAlias").getStringValue(); final String newAlias = parameters.getSimple("newAlias").getStringValue(); TrustStoreManager.getInstance().execute(new TrustStoreAction() { public void execute(KeyStore truststore) throws Exception { Certificate cert = truststore.getCertificate(oldAlias); truststore.setCertificateEntry(newAlias, cert); truststore.deleteEntry(oldAlias); } }, false); return null; } else { return null; } }
From source file:org.wso2.carbon.mex2.MexGetService.java
public OMElement get2(OMElement element) throws Exception { if (log.isDebugEnabled()) { log.debug("---------------begin REST Mex get--------------------"); }//from w ww. j ava2 s .co m MessageContext msgCtx = MessageContext.getCurrentMessageContext(); String service = msgCtx.getAxisService().getName(); if (StringUtils.isEmpty(service)) { throw new AxisFault("Service Mex has not registered successfully"); } String CarbonserviceURL = IdentityUtil.getServerURL("", true, true); X509Certificate cert; cert = KeyUtil.getCertificateToIncludeInMex(service); if (cert == null) { throw new AxisFault("STS's certificate is null"); } byte[] byteArray = cert.getEncoded(); String encodedCertificate = Base64.encode(byteArray); if (StringUtils.isEmpty(encodedCertificate)) { throw new AxisFault("STS's certificate has not successfully encoded"); } if (log.isDebugEnabled()) { log.debug("Encoded Certificate value: " + encodedCertificate); } String stsEndpointUrl = CarbonserviceURL + MexGetService.SERVICE_URL + MexGetService.STS_END_POINT; String kerbosEndpointUrl = CarbonserviceURL + MexGetService.SERVICE_URL + MexGetService.KERBEROS_MIXED; String mexXSD0 = CarbonserviceURL + MexGetService.MEX_URI_O; String mexXSD1 = CarbonserviceURL + MexGetService.MEX_URI_1; String mexXSD2 = CarbonserviceURL + MexGetService.MEX_URI_2; if (StringUtils.isBlank(mexXSD0) || StringUtils.isBlank(mexXSD1) || StringUtils.isBlank(mexXSD2)) { throw new AxisFault("STS"); } if (StringUtils.isBlank(stsEndpointUrl) || StringUtils.isBlank(kerbosEndpointUrl)) { throw new AxisFault("STS"); } if (log.isDebugEnabled()) { log.debug("stsEndpointUrl:=> " + stsEndpointUrl + "mexEndpointUrl:=> " + kerbosEndpointUrl); } String response = "<wsdl:definitions xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:msc=\"http://schemas.microsoft.com/ws/2005/12/wsdl/contract\" xmlns:soap=\"http://schemas.xmlsoap.org/wsdl/soap/\" xmlns:soap12=\"http://schemas.xmlsoap.org/wsdl/soap12/\" xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" xmlns:tns=\"http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice\" xmlns:trust=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\" xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:wsa10=\"http://www.w3.org/2005/08/addressing\" xmlns:wsam=\"http://www.w3.org/2007/05/addressing/metadata\" xmlns:wsap=\"http://schemas.xmlsoap.org/ws/2004/08/addressing/policy\" xmlns:wsaw=\"http://www.w3.org/2006/05/addressing/wsdl\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsx=\"http://schemas.xmlsoap.org/ws/2004/09/mex\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" name=\"SecurityTokenService\" targetNamespace=\"http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice\">\n" + " <wsp:Policy wsu:Id=\"CustomBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <http:NegotiateAuthentication xmlns:http=\"http://schemas.microsoft.com/ws/06/2004/policy/http\" />\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CertificateWSTrustBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:X509Token sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:RequireThumbprintReference />\n" + " <sp:WssX509V3Token10 />\n" + " </wsp:Policy>\n" + " </sp:X509Token>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportRefThumbprint />\n" + " </wsp:Policy>\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CertificateWSTrustBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"true\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:SymmetricBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:ProtectionToken>\n" + " <wsp:Policy>\n" + " <sp:X509Token sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\">\n" + " <wsp:Policy>\n" + " <sp:RequireDerivedKeys />\n" + " <sp:RequireThumbprintReference />\n" + " <sp:WssX509V3Token10 />\n" + " </wsp:Policy>\n" + " </sp:X509Token>\n" + " </wsp:Policy>\n" + " </sp:ProtectionToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " <sp:EncryptSignature />\n" + " <sp:OnlySignEntireHeadersAndBody />\n" + " </wsp:Policy>\n" + " </sp:SymmetricBinding>\n" + " <sp:SignedSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:UsernameToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:WssUsernameToken10 />\n" + " </wsp:Policy>\n" + " </sp:UsernameToken>\n" + " </wsp:Policy>\n" + " </sp:SignedSupportingTokens>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportRefThumbprint />\n" + " <sp:MustSupportRefEncryptedKey />\n" + " </wsp:Policy>\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_Input_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:SignedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"From\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"FaultTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"ReplyTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"MessageID\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"RelatesTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"Action\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " <sp:EncryptedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " </sp:EncryptedParts>\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_output_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:SignedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"From\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"FaultTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"ReplyTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"MessageID\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"RelatesTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"Action\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " <sp:EncryptedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " </sp:EncryptedParts>\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:SignedSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:UsernameToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:WssUsernameToken10 />\n" + " </wsp:Policy>\n" + " </sp:UsernameToken>\n" + " </wsp:Policy>\n" + " </sp:SignedSupportingTokens>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CustomBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic128 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:KerberosToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once\">\n" + " <wsp:Policy>\n" + " <sp:WssGssKerberosV5ApReqToken11 />\n" + " </wsp:Policy>\n" + " </sp:KerberosToken>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>\n" + " <t:EncryptWith>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</t:EncryptWith>\n" + " <t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</t:SignatureAlgorithm>\n" + " <t:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm>\n" + " <t:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>\n" + " <t:KeySize>256</t:KeySize>\n" + " <t:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptWith>\n" + " <t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1</t:SignatureAlgorithm>\n" + " <t:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm>\n" + " <t:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CustomBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic128 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:KerberosToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once\">\n" + " <wsp:Policy>\n" + " <sp:WssGssKerberosV5ApReqToken11 />\n" + " </wsp:Policy>\n" + " </sp:KerberosToken>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CertificateWSTrustBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:X509Token sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:RequireThumbprintReference />\n" + " <sp:WssX509V3Token10 />\n" + " </wsp:Policy>\n" + " </sp:X509Token>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportRefThumbprint />\n" + " </wsp:Policy>\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:SignedEncryptedSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:UsernameToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:WssUsernameToken10 />\n" + " </wsp:Policy>\n" + " </sp:UsernameToken>\n" + " </wsp:Policy>\n" + " </sp:SignedEncryptedSupportingTokens>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</trust:KeyType>\n" + " <trust:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>\n" + " <trust:EncryptWith>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:EncryptWith>\n" + " <trust:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</trust:SignatureAlgorithm>\n" + " <trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>\n" + " <trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrust13Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>\n" + " <trust:KeySize>256</trust:KeySize>\n" + " <trust:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>\n" + " <trust:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>\n" + " <trust:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignatureAlgorithm>\n" + " <trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>\n" + " <trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsdl:types>\n" + " <xsd:schema targetNamespace=\"http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice/Imports\">\n" + " <xsd:import schemaLocation=\"$params6\" namespace=\"http://schemas.microsoft.com/Message\" />\n" + " <xsd:import schemaLocation=\"$params5\" namespace=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" />\n" + " <xsd:import schemaLocation=\"$params4\" namespace=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\" />\n" + " </xsd:schema>\n" + " </wsdl:types>\n" + " <wsdl:message name=\"IWSTrustFeb2005Async_TrustFeb2005IssueAsync_InputMessage\">\n" + " <wsdl:part name=\"request\" element=\"t:RequestSecurityToken\" />\n" + " </wsdl:message>\n" + " <wsdl:message name=\"IWSTrustFeb2005Async_TrustFeb2005IssueAsync_OutputMessage\">\n" + " <wsdl:part name=\"TrustFeb2005IssueAsyncResult\" element=\"t:RequestSecurityTokenResponse\" />\n" + " </wsdl:message>\n" + " <wsdl:message name=\"IWSTrust13Async_Trust13IssueAsync_InputMessage\">\n" + " <wsdl:part name=\"request\" element=\"trust:RequestSecurityToken\" />\n" + " </wsdl:message>\n" + " <wsdl:message name=\"IWSTrust13Async_Trust13IssueAsync_OutputMessage\">\n" + " <wsdl:part name=\"Trust13IssueAsyncResult\" element=\"trust:RequestSecurityTokenResponseCollection\" />\n" + " </wsdl:message>\n" + " <wsdl:portType name=\"IWSTrustFeb2005Async\">\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <wsdl:input wsaw:Action=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" message=\"tns:IWSTrustFeb2005Async_TrustFeb2005IssueAsync_InputMessage\" />\n" + " <wsdl:output wsaw:Action=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue\" message=\"tns:IWSTrustFeb2005Async_TrustFeb2005IssueAsync_OutputMessage\" />\n" + " </wsdl:operation>\n" + " </wsdl:portType>\n" + " <wsdl:portType name=\"IWSTrust13Async\">\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <wsdl:input wsaw:Action=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" message=\"tns:IWSTrust13Async_Trust13IssueAsync_InputMessage\" />\n" + " <wsdl:output wsaw:Action=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal\" message=\"tns:IWSTrust13Async_Trust13IssueAsync_OutputMessage\" />\n" + " </wsdl:operation>\n" + " </wsdl:portType>\n" + " <wsdl:binding name=\"CustomBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CustomBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CertificateWSTrustBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CertificateWSTrustBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CertificateWSTrustBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CertificateWSTrustBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_Input_policy\" />\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_output_policy\" />\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CustomBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CustomBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CustomBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#CustomBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CertificateWSTrustBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#CertificateWSTrustBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"UserNameWSTrustBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrust13Async1\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrust13Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:service name=\"SecurityTokenService\">\n" + " <wsdl:port name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async\" binding=\"tns:UserNameWSTrustBinding_IWSTrustFeb2005Async\">\n" + " <soap12:address location=\"$params1\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params1</wsa10:Address>\n" + " <Identity xmlns=\"http://schemas.xmlsoap.org/ws/2006/02/addressingidentity\">\n" + " <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n" + " <X509Data>\n" + " <X509Certificate>$params3</X509Certificate>\n" + " </X509Data>\n" + " </KeyInfo>\n" + " </Identity>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async1\" binding=\"tns:UserNameWSTrustBinding_IWSTrustFeb2005Async1\">\n" + " <soap12:address location=\"$params1\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params1</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"CustomBinding_IWSTrustFeb2005Async1\" binding=\"tns:CustomBinding_IWSTrustFeb2005Async1\">\n" + " <soap12:address location=\"$params2\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params2</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"CustomBinding_IWSTrust13Async\" binding=\"tns:CustomBinding_IWSTrust13Async\">\n" + " <soap12:address location=\"$params2\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params2</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"UserNameWSTrustBinding_IWSTrust13Async\" binding=\"tns:UserNameWSTrustBinding_IWSTrust13Async\">\n" + " <soap12:address location=\"$params1\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params1</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " </wsdl:service>\n" + "</wsdl:definitions>"; response = response.replace("$params1", stsEndpointUrl); response = response.replace("$params2", kerbosEndpointUrl); response = response.replace("$params3", encodedCertificate); response = response.replace("$params4", mexXSD0); response = response.replace("$params5", mexXSD1); response = response.replace("$params6", mexXSD2); OMElement omBody = AXIOMUtil.stringToOM(response); if (log.isDebugEnabled()) { log.debug("Mex-Response => " + response); } return omBody; }
From source file:test.unit.be.fedict.eid.applet.service.IdentityDataMessageHandlerTest.java
public void testHandleMessageCorruptIntegritySignature() throws Exception { // setup//from ww w . j av a2 s . co m KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=TestNationalRegistration", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession mockHttpSession = EasyMock.createMock(HttpSession.class); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityServiceClass")) .andStubReturn(IdentityIntegrityTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("AuditService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("AuditServiceClass")) .andStubReturn(AuditTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("SkipNationalNumberCheck")).andStubReturn(null); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_ADDRESS_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_CERTIFICATES_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_PHOTO_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); EasyMock.expect(mockServletRequest.getRemoteAddr()).andStubReturn("remote-address"); byte[] idFile = "foobar-id-file".getBytes(); IdentityDataMessage message = new IdentityDataMessage(); message.idFile = idFile; message.identitySignatureFile = "foobar-signature".getBytes(); message.rrnCertFile = certificate.getEncoded(); // prepare EasyMock.replay(mockServletConfig, mockHttpSession, mockServletRequest); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); try { this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, mockHttpSession); fail(); } catch (ServletException e) { LOG.debug("expected exception: " + e.getMessage(), e); LOG.debug("exception type: " + e.getClass().getName()); // verify EasyMock.verify(mockServletConfig, mockHttpSession, mockServletRequest); assertNull(IdentityIntegrityTestService.getCertificate()); assertEquals("remote-address", AuditTestService.getAuditIntegrityRemoteAddress()); } }