List of usage examples for java.security.cert X509Certificate getEncoded
public abstract byte[] getEncoded() throws CertificateEncodingException;
From source file:org.wso2.carbon.mex2.MexGetService.java
public OMElement get(OMElement element) throws Exception { if (log.isDebugEnabled()) { log.debug("---------------begin POST Mex get--------------------"); }// w w w . j av a 2 s .co m MessageContext msgCtx = MessageContext.getCurrentMessageContext(); String service = msgCtx.getAxisService().getName(); if (StringUtils.isEmpty(service)) { throw new AxisFault("Service Mex has not registered successfully"); } String CarbonserviceURL = IdentityUtil.getServerURL("", true, true); X509Certificate cert; cert = KeyUtil.getCertificateToIncludeInMex(service); if (cert == null) { throw new AxisFault("STS's certificate is null"); } byte[] byteArray = cert.getEncoded(); String encodedCertificate = Base64.encode(byteArray); if (StringUtils.isEmpty(encodedCertificate)) { throw new AxisFault("STS's certificate has not successfully encoded"); } if (log.isDebugEnabled()) { log.debug("Encoded Certificate value: " + encodedCertificate); } String stsEndpointUrl = CarbonserviceURL + MexGetService.SERVICE_URL + MexGetService.STS_END_POINT; String kerbosEndpointUrl = CarbonserviceURL + MexGetService.SERVICE_URL + MexGetService.KERBEROS_MIXED; if (StringUtils.isBlank(stsEndpointUrl) || StringUtils.isBlank(kerbosEndpointUrl)) { throw new AxisFault("STS"); } if (log.isDebugEnabled()) { log.debug("stsEndpointUrl:=> " + stsEndpointUrl + "mexEndpointUrl:=> " + kerbosEndpointUrl); } String response = "<Metadata xmlns=\"http://schemas.xmlsoap.org/ws/2004/09/mex\" xmlns:wsx=\"http://schemas.xmlsoap.org/ws/2004/09/mex\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n" + " <wsx:MetadataSection xmlns=\"\" Dialect=\"http://schemas.xmlsoap.org/wsdl/\" Identifier=\"http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice\">\n" + " <wsdl:definitions xmlns:wsdl=\"http://schemas.xmlsoap.org/wsdl/\" xmlns:msc=\"http://schemas.microsoft.com/ws/2005/12/wsdl/contract\" xmlns:soap=\"http://schemas.xmlsoap.org/wsdl/soap/\" xmlns:soap12=\"http://schemas.xmlsoap.org/wsdl/soap12/\" xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" xmlns:tns=\"http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice\" xmlns:trust=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\" xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:wsa10=\"http://www.w3.org/2005/08/addressing\" xmlns:wsam=\"http://www.w3.org/2007/05/addressing/metadata\" xmlns:wsap=\"http://schemas.xmlsoap.org/ws/2004/08/addressing/policy\" xmlns:wsaw=\"http://www.w3.org/2006/05/addressing/wsdl\" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" name=\"SecurityTokenService\" targetNamespace=\"http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice\">\n" + " <wsp:Policy wsu:Id=\"CustomBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <http:NegotiateAuthentication xmlns:http=\"http://schemas.microsoft.com/ws/06/2004/policy/http\" />\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CertificateWSTrustBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:X509Token sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:RequireThumbprintReference />\n" + " <sp:WssX509V3Token10 />\n" + " </wsp:Policy>\n" + " </sp:X509Token>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportRefThumbprint />\n" + " </wsp:Policy>\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CertificateWSTrustBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"true\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:SymmetricBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:ProtectionToken>\n" + " <wsp:Policy>\n" + " <sp:X509Token sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\">\n" + " <wsp:Policy>\n" + " <sp:RequireDerivedKeys />\n" + " <sp:RequireThumbprintReference />\n" + " <sp:WssX509V3Token10 />\n" + " </wsp:Policy>\n" + " </sp:X509Token>\n" + " </wsp:Policy>\n" + " </sp:ProtectionToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " <sp:EncryptSignature />\n" + " <sp:OnlySignEntireHeadersAndBody />\n" + " </wsp:Policy>\n" + " </sp:SymmetricBinding>\n" + " <sp:SignedSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:UsernameToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:WssUsernameToken10 />\n" + " </wsp:Policy>\n" + " </sp:UsernameToken>\n" + " </wsp:Policy>\n" + " </sp:SignedSupportingTokens>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportRefThumbprint />\n" + " <sp:MustSupportRefEncryptedKey />\n" + " </wsp:Policy>\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_Input_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:SignedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"From\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"FaultTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"ReplyTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"MessageID\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"RelatesTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"Action\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " <sp:EncryptedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " </sp:EncryptedParts>\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_output_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:SignedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"From\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"FaultTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"ReplyTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"MessageID\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"RelatesTo\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " <sp:Header Name=\"Action\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " <sp:EncryptedParts xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <sp:Body />\n" + " </sp:EncryptedParts>\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:SignedSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:UsernameToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:WssUsernameToken10 />\n" + " </wsp:Policy>\n" + " </sp:UsernameToken>\n" + " </wsp:Policy>\n" + " </sp:SignedSupportingTokens>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CustomBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic128 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:KerberosToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once\">\n" + " <wsp:Policy>\n" + " <sp:WssGssKerberosV5ApReqToken11 />\n" + " </wsp:Policy>\n" + " </sp:KerberosToken>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>\n" + " <t:EncryptWith>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</t:EncryptWith>\n" + " <t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</t:SignatureAlgorithm>\n" + " <t:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm>\n" + " <t:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken RequireClientCertificate=\"false\" />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>\n" + " <t:KeySize>256</t:KeySize>\n" + " <t:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptWith>\n" + " <t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1</t:SignatureAlgorithm>\n" + " <t:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm>\n" + " <t:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <mssp:RsaToken xmlns:mssp=\"http://schemas.microsoft.com/ws/2005/07/securitypolicy\" sp:IncludeToken=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust10 xmlns:sp=\"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust10>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CustomBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic128 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:KerberosToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once\">\n" + " <wsp:Policy>\n" + " <sp:WssGssKerberosV5ApReqToken11 />\n" + " </wsp:Policy>\n" + " </sp:KerberosToken>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"CertificateWSTrustBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:X509Token sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:RequireThumbprintReference />\n" + " <sp:WssX509V3Token10 />\n" + " </wsp:Policy>\n" + " </sp:X509Token>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportRefThumbprint />\n" + " </wsp:Policy>\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"UserNameWSTrustBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:SignedEncryptedSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:UsernameToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <wsp:Policy>\n" + " <sp:WssUsernameToken10 />\n" + " </wsp:Policy>\n" + " </sp:UsernameToken>\n" + " </wsp:Policy>\n" + " </sp:SignedEncryptedSupportingTokens>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrust13Async_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</trust:KeyType>\n" + " <trust:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>\n" + " <trust:EncryptWith>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:EncryptWith>\n" + " <trust:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</trust:SignatureAlgorithm>\n" + " <trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>\n" + " <trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsp:Policy wsu:Id=\"IssuedTokenWSTrustBinding_IWSTrust13Async1_policy\">\n" + " <wsp:ExactlyOne>\n" + " <wsp:All>\n" + " <sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:TransportToken>\n" + " <wsp:Policy>\n" + " <sp:HttpsToken />\n" + " </wsp:Policy>\n" + " </sp:TransportToken>\n" + " <sp:AlgorithmSuite>\n" + " <wsp:Policy>\n" + " <sp:Basic256 />\n" + " </wsp:Policy>\n" + " </sp:AlgorithmSuite>\n" + " <sp:Layout>\n" + " <wsp:Policy>\n" + " <sp:Strict />\n" + " </wsp:Policy>\n" + " </sp:Layout>\n" + " <sp:IncludeTimestamp />\n" + " </wsp:Policy>\n" + " </sp:TransportBinding>\n" + " <sp:EndorsingSupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:IssuedToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" + " <sp:RequestSecurityTokenTemplate>\n" + " <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>\n" + " <trust:KeySize>256</trust:KeySize>\n" + " <trust:KeyWrapAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>\n" + " <trust:EncryptWith>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>\n" + " <trust:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignatureAlgorithm>\n" + " <trust:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>\n" + " <trust:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>\n" + " </sp:RequestSecurityTokenTemplate>\n" + " <wsp:Policy>\n" + " <sp:RequireInternalReference />\n" + " </wsp:Policy>\n" + " </sp:IssuedToken>\n" + " <sp:KeyValueToken sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never\" wsp:Optional=\"true\" />\n" + " <sp:SignedParts>\n" + " <sp:Header Name=\"To\" Namespace=\"http://www.w3.org/2005/08/addressing\" />\n" + " </sp:SignedParts>\n" + " </wsp:Policy>\n" + " </sp:EndorsingSupportingTokens>\n" + " <sp:Wss11 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy />\n" + " </sp:Wss11>\n" + " <sp:Trust13 xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" + " <wsp:Policy>\n" + " <sp:MustSupportIssuedTokens />\n" + " <sp:RequireClientEntropy />\n" + " <sp:RequireServerEntropy />\n" + " </wsp:Policy>\n" + " </sp:Trust13>\n" + " <wsaw:UsingAddressing />\n" + " </wsp:All>\n" + " </wsp:ExactlyOne>\n" + " </wsp:Policy>\n" + " <wsdl:types>\n" + " <xsd:schema targetNamespace=\"http://schemas.microsoft.com/ws/2008/06/identity/securitytokenservice/Imports\">\n" + " <xsd:import namespace=\"http://schemas.microsoft.com/Message\" />\n" + " <xsd:import namespace=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" />\n" + " <xsd:import namespace=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\" />\n" + " </xsd:schema>\n" + " </wsdl:types>\n" + " <wsdl:message name=\"IWSTrustFeb2005Async_TrustFeb2005IssueAsync_InputMessage\">\n" + " <wsdl:part name=\"request\" element=\"t:RequestSecurityToken\" />\n" + " </wsdl:message>\n" + " <wsdl:message name=\"IWSTrustFeb2005Async_TrustFeb2005IssueAsync_OutputMessage\">\n" + " <wsdl:part name=\"TrustFeb2005IssueAsyncResult\" element=\"t:RequestSecurityTokenResponse\" />\n" + " </wsdl:message>\n" + " <wsdl:message name=\"IWSTrust13Async_Trust13IssueAsync_InputMessage\">\n" + " <wsdl:part name=\"request\" element=\"trust:RequestSecurityToken\" />\n" + " </wsdl:message>\n" + " <wsdl:message name=\"IWSTrust13Async_Trust13IssueAsync_OutputMessage\">\n" + " <wsdl:part name=\"Trust13IssueAsyncResult\" element=\"trust:RequestSecurityTokenResponseCollection\" />\n" + " </wsdl:message>\n" + " <wsdl:portType name=\"IWSTrustFeb2005Async\">\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <wsdl:input wsaw:Action=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" message=\"tns:IWSTrustFeb2005Async_TrustFeb2005IssueAsync_InputMessage\" />\n" + " <wsdl:output wsaw:Action=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue\" message=\"tns:IWSTrustFeb2005Async_TrustFeb2005IssueAsync_OutputMessage\" />\n" + " </wsdl:operation>\n" + " </wsdl:portType>\n" + " <wsdl:portType name=\"IWSTrust13Async\">\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <wsdl:input wsaw:Action=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" message=\"tns:IWSTrust13Async_Trust13IssueAsync_InputMessage\" />\n" + " <wsdl:output wsaw:Action=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal\" message=\"tns:IWSTrust13Async_Trust13IssueAsync_OutputMessage\" />\n" + " </wsdl:operation>\n" + " </wsdl:portType>\n" + " <wsdl:binding name=\"CustomBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CustomBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CertificateWSTrustBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CertificateWSTrustBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CertificateWSTrustBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CertificateWSTrustBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_Input_policy\" />\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async_TrustFeb2005IssueAsync_output_policy\" />\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CustomBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#CustomBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1\" type=\"tns:IWSTrustFeb2005Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrustFeb2005Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"TrustFeb2005IssueAsync\">\n" + " <soap12:operation soapAction=\"http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CustomBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#CustomBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"CertificateWSTrustBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#CertificateWSTrustBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"UserNameWSTrustBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#UserNameWSTrustBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrust13Async\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrust13Async_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:binding name=\"IssuedTokenWSTrustBinding_IWSTrust13Async1\" type=\"tns:IWSTrust13Async\">\n" + " <wsp:PolicyReference URI=\"#IssuedTokenWSTrustBinding_IWSTrust13Async1_policy\" />\n" + " <soap12:binding transport=\"http://schemas.xmlsoap.org/soap/http\" />\n" + " <wsdl:operation name=\"Trust13IssueAsync\">\n" + " <soap12:operation soapAction=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue\" style=\"document\" />\n" + " <wsdl:input>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:input>\n" + " <wsdl:output>\n" + " <soap12:body use=\"literal\" />\n" + " </wsdl:output>\n" + " </wsdl:operation>\n" + " </wsdl:binding>\n" + " <wsdl:service name=\"SecurityTokenService\">\n" + " <wsdl:port name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async\" binding=\"tns:UserNameWSTrustBinding_IWSTrustFeb2005Async\">\n" + " <soap12:address location=\"$params1\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params1</wsa10:Address>\n" + " <Identity xmlns=\"http://schemas.xmlsoap.org/ws/2006/02/addressingidentity\">\n" + " <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n" + " <X509Data>\n" + " <X509Certificate>$params3</X509Certificate>\n" + " </X509Data>\n" + " </KeyInfo>\n" + " </Identity>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"UserNameWSTrustBinding_IWSTrustFeb2005Async1\" binding=\"tns:UserNameWSTrustBinding_IWSTrustFeb2005Async1\">\n" + " <soap12:address location=\"$params1\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params1</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"CustomBinding_IWSTrustFeb2005Async1\" binding=\"tns:CustomBinding_IWSTrustFeb2005Async1\">\n" + " <soap12:address location=\"$params2\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params2</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"CustomBinding_IWSTrust13Async\" binding=\"tns:CustomBinding_IWSTrust13Async\">\n" + " <soap12:address location=\"$params2\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params2</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " <wsdl:port name=\"UserNameWSTrustBinding_IWSTrust13Async\" binding=\"tns:UserNameWSTrustBinding_IWSTrust13Async\">\n" + " <soap12:address location=\"$params1\" />\n" + " <wsa10:EndpointReference>\n" + " <wsa10:Address>$params1</wsa10:Address>\n" + " </wsa10:EndpointReference>\n" + " </wsdl:port>\n" + " </wsdl:service>\n" + " </wsdl:definitions>\n" + " </wsx:MetadataSection>\n" + " <wsx:MetadataSection xmlns=\"\" Dialect=\"http://www.w3.org/2001/XMLSchema\" Identifier=\"http://schemas.microsoft.com/Message\">\n" + " <xs:schema xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:tns=\"http://schemas.microsoft.com/Message\" elementFormDefault=\"qualified\" targetNamespace=\"http://schemas.microsoft.com/Message\">\n" + " <xs:complexType name=\"MessageBody\">\n" + " <xs:sequence>\n" + " <xs:any minOccurs=\"0\" maxOccurs=\"unbounded\" namespace=\"##any\" />\n" + " </xs:sequence>\n" + " </xs:complexType>\n" + " </xs:schema>\n" + " </wsx:MetadataSection>\n" + " <wsx:MetadataSection xmlns=\"\" Dialect=\"http://www.w3.org/2001/XMLSchema\" Identifier=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">\n" + " <xs:schema xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" elementFormDefault=\"qualified\" targetNamespace=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">\n" + " <xs:element name=\"RequestSecurityToken\" type=\"wst:RequestSecurityTokenType\" />\n" + " <xs:complexType name=\"RequestSecurityTokenType\">\n" + " <xs:choice minOccurs=\"0\" maxOccurs=\"unbounded\">\n" + " <xs:any minOccurs=\"0\" maxOccurs=\"unbounded\" namespace=\"##any\" processContents=\"lax\" />\n" + " </xs:choice>\n" + " <xs:attribute name=\"Context\" type=\"xs:anyURI\" use=\"optional\" />\n" + " <xs:anyAttribute namespace=\"##other\" processContents=\"lax\" />\n" + " </xs:complexType>\n" + " <xs:element name=\"RequestSecurityTokenResponse\" type=\"wst:RequestSecurityTokenResponseType\" />\n" + " <xs:complexType name=\"RequestSecurityTokenResponseType\">\n" + " <xs:choice minOccurs=\"0\" maxOccurs=\"unbounded\">\n" + " <xs:any minOccurs=\"0\" maxOccurs=\"unbounded\" namespace=\"##any\" processContents=\"lax\" />\n" + " </xs:choice>\n" + " <xs:attribute name=\"Context\" type=\"xs:anyURI\" use=\"optional\" />\n" + " <xs:anyAttribute namespace=\"##other\" processContents=\"lax\" />\n" + " </xs:complexType>\n" + " </xs:schema>\n" + " </wsx:MetadataSection>\n" + " <wsx:MetadataSection xmlns=\"\" Dialect=\"http://www.w3.org/2001/XMLSchema\" Identifier=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">\n" + " <xs:schema xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:trust=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\" elementFormDefault=\"qualified\" targetNamespace=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">\n" + " <xs:element name=\"RequestSecurityToken\" type=\"trust:RequestSecurityTokenType\" />\n" + " <xs:complexType name=\"RequestSecurityTokenType\">\n" + " <xs:choice minOccurs=\"0\" maxOccurs=\"unbounded\">\n" + " <xs:any minOccurs=\"0\" maxOccurs=\"unbounded\" namespace=\"##any\" processContents=\"lax\" />\n" + " </xs:choice>\n" + " <xs:attribute name=\"Context\" type=\"xs:anyURI\" use=\"optional\" />\n" + " <xs:anyAttribute namespace=\"##other\" processContents=\"lax\" />\n" + " </xs:complexType>\n" + " <xs:element name=\"RequestSecurityTokenResponse\" type=\"trust:RequestSecurityTokenResponseType\" />\n" + " <xs:complexType name=\"RequestSecurityTokenResponseType\">\n" + " <xs:choice minOccurs=\"0\" maxOccurs=\"unbounded\">\n" + " <xs:any minOccurs=\"0\" maxOccurs=\"unbounded\" namespace=\"##any\" processContents=\"lax\" />\n" + " </xs:choice>\n" + " <xs:attribute name=\"Context\" type=\"xs:anyURI\" use=\"optional\" />\n" + " <xs:anyAttribute namespace=\"##other\" processContents=\"lax\" />\n" + " </xs:complexType>\n" + " <xs:element name=\"RequestSecurityTokenResponseCollection\" type=\"trust:RequestSecurityTokenResponseCollectionType\" />\n" + " <xs:complexType name=\"RequestSecurityTokenResponseCollectionType\">\n" + " <xs:sequence>\n" + " <xs:element minOccurs=\"1\" maxOccurs=\"unbounded\" ref=\"trust:RequestSecurityTokenResponse\" />\n" + " </xs:sequence>\n" + " <xs:anyAttribute namespace=\"##other\" processContents=\"lax\" />\n" + " </xs:complexType>\n" + " </xs:schema>\n" + " </wsx:MetadataSection>\n" + "</Metadata>"; response = response.replace("$params1", stsEndpointUrl); response = response.replace("$params2", kerbosEndpointUrl); response = response.replace("$params3", encodedCertificate); OMElement omBody = AXIOMUtil.stringToOM(response); if (log.isDebugEnabled()) { log.debug("Mex-Response => " + response); } return omBody; }
From source file:eu.europa.ec.markt.dss.report.Tsl2PdfExporter.java
/** * Produce a human readable export of the given tsl to the given file. * /* w ww. j a v a 2s. c o m*/ * @param tsl * the TrustServiceList to export * @param pdfFile * the file to generate * @return * @throws IOException */ public void humanReadableExport(final TrustServiceList tsl, final File pdfFile) { Document document = new Document(); OutputStream outputStream; try { outputStream = new FileOutputStream(pdfFile); } catch (FileNotFoundException e) { throw new RuntimeException("file not found: " + pdfFile.getAbsolutePath(), e); } try { final PdfWriter pdfWriter = PdfWriter.getInstance(document, outputStream); pdfWriter.setPDFXConformance(PdfWriter.PDFA1B); // title final EUCountry country = EUCountry.valueOf(tsl.getSchemeTerritory()); final String title = country.getShortSrcLangName() + " (" + country.getShortEnglishName() + "): Trusted List"; Phrase footerPhrase = new Phrase("PDF document generated on " + new Date().toString() + ", page ", headerFooterFont); HeaderFooter footer = new HeaderFooter(footerPhrase, true); document.setFooter(footer); Phrase headerPhrase = new Phrase(title, headerFooterFont); HeaderFooter header = new HeaderFooter(headerPhrase, false); document.setHeader(header); document.open(); addTitle(title, title0Font, Paragraph.ALIGN_CENTER, 0, 20, document); addLongItem("Scheme name", tsl.getSchemeName(), document); addLongItem("Legal Notice", tsl.getLegalNotice(), document); // information table PdfPTable informationTable = createInfoTable(); addItemRow("Scheme territory", tsl.getSchemeTerritory(), informationTable); addItemRow("Scheme status determination approach", substringAfter(tsl.getStatusDeterminationApproach(), "StatusDetn/"), informationTable); final List<String> schemeTypes = new ArrayList<String>(); for (final String schemeType : tsl.getSchemeTypes()) { schemeTypes.add(schemeType); } addItemRow("Scheme type community rules", schemeTypes, informationTable); addItemRow("Issue date", tsl.getListIssueDateTime().toString(), informationTable); addItemRow("Next update", tsl.getNextUpdate().toString(), informationTable); addItemRow("Historical information period", tsl.getHistoricalInformationPeriod().toString() + " days", informationTable); addItemRow("Sequence number", tsl.getSequenceNumber().toString(), informationTable); addItemRow("Scheme information URIs", tsl.getSchemeInformationUris(), informationTable); document.add(informationTable); addTitle("Scheme Operator", title1Font, Paragraph.ALIGN_CENTER, 0, 10, document); informationTable = createInfoTable(); addItemRow("Scheme operator name", tsl.getSchemeOperatorName(), informationTable); PostalAddressType schemeOperatorPostalAddress = tsl.getSchemeOperatorPostalAddress(Locale.ENGLISH); addItemRow("Scheme operator street address", schemeOperatorPostalAddress.getStreetAddress(), informationTable); addItemRow("Scheme operator postal code", schemeOperatorPostalAddress.getPostalCode(), informationTable); addItemRow("Scheme operator locality", schemeOperatorPostalAddress.getLocality(), informationTable); addItemRow("Scheme operator state", schemeOperatorPostalAddress.getStateOrProvince(), informationTable); addItemRow("Scheme operator country", schemeOperatorPostalAddress.getCountryName(), informationTable); List<String> schemeOperatorElectronicAddressess = tsl.getSchemeOperatorElectronicAddresses(); addItemRow("Scheme operator contact", schemeOperatorElectronicAddressess, informationTable); document.add(informationTable); addTitle("Trust Service Providers", title1Font, Paragraph.ALIGN_CENTER, 10, 2, document); List<TrustServiceProvider> trustServiceProviders = tsl.getTrustServiceProviders(); for (TrustServiceProvider trustServiceProvider : trustServiceProviders) { addTitle(trustServiceProvider.getName(), title1Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable providerTable = createInfoTable(); addItemRow("Service provider trade name", trustServiceProvider.getTradeName(), providerTable); addItemRow("Information URI", trustServiceProvider.getInformationUris(), providerTable); PostalAddressType postalAddress = trustServiceProvider.getPostalAddress(); addItemRow("Service provider street address", postalAddress.getStreetAddress(), providerTable); addItemRow("Service provider postal code", postalAddress.getPostalCode(), providerTable); addItemRow("Service provider locality", postalAddress.getLocality(), providerTable); addItemRow("Service provider state", postalAddress.getStateOrProvince(), providerTable); addItemRow("Service provider country", postalAddress.getCountryName(), providerTable); document.add(providerTable); List<TrustService> trustServices = trustServiceProvider.getTrustServices(); for (TrustService trustService : trustServices) { addTitle(trustService.getName(), title2Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable serviceTable = createInfoTable(); addItemRow("Type", substringAfter(trustService.getType(), "Svctype/"), serviceTable); addItemRow("Status", substringAfter(trustService.getStatus(), "Svcstatus/"), serviceTable); addItemRow("Status starting time", trustService.getStatusStartingTime().toString(), serviceTable); document.add(serviceTable); addTitle("Service digital identity (X509)", title3Font, Paragraph.ALIGN_LEFT, 2, 0, document); final X509Certificate certificate = trustService.getServiceDigitalIdentity(); final PdfPTable serviceIdentityTable = createInfoTable(); addItemRow("Version", Integer.toString(certificate.getVersion()), serviceIdentityTable); addItemRow("Serial number", certificate.getSerialNumber().toString(), serviceIdentityTable); addItemRow("Signature algorithm", certificate.getSigAlgName(), serviceIdentityTable); addItemRow("Issuer", certificate.getIssuerX500Principal().toString(), serviceIdentityTable); addItemRow("Valid from", certificate.getNotBefore().toString(), serviceIdentityTable); addItemRow("Valid to", certificate.getNotAfter().toString(), serviceIdentityTable); addItemRow("Subject", certificate.getSubjectX500Principal().toString(), serviceIdentityTable); addItemRow("Public key", certificate.getPublicKey().toString(), serviceIdentityTable); // TODO certificate policies addItemRow("Subject key identifier", toHex(getSKId(certificate)), serviceIdentityTable); addItemRow("CRL distribution points", getCrlDistributionPoints(certificate), serviceIdentityTable); addItemRow("Authority key identifier", toHex(getAKId(certificate)), serviceIdentityTable); addItemRow("Key usage", getKeyUsage(certificate), serviceIdentityTable); addItemRow("Basic constraints", getBasicConstraints(certificate), serviceIdentityTable); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("cert: " + e.getMessage(), e); } addItemRow("SHA1 Thumbprint", DigestUtils.shaHex(encodedCertificate), serviceIdentityTable); addItemRow("SHA256 Thumbprint", DigestUtils.sha256Hex(encodedCertificate), serviceIdentityTable); document.add(serviceIdentityTable); List<ExtensionType> extensions = trustService.getExtensions(); for (ExtensionType extension : extensions) { printExtension(extension, document); } addLongMonoItem("The decoded certificate:", certificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(certificate), document); } } X509Certificate signerCertificate = tsl.verifySignature(); if (null != signerCertificate) { Paragraph tslSignerTitle = new Paragraph("Trusted List Signer", title1Font); tslSignerTitle.setAlignment(Paragraph.ALIGN_CENTER); document.add(tslSignerTitle); final PdfPTable signerTable = createInfoTable(); addItemRow("Subject", signerCertificate.getSubjectX500Principal().toString(), signerTable); addItemRow("Issuer", signerCertificate.getIssuerX500Principal().toString(), signerTable); addItemRow("Not before", signerCertificate.getNotBefore().toString(), signerTable); addItemRow("Not after", signerCertificate.getNotAfter().toString(), signerTable); addItemRow("Serial number", signerCertificate.getSerialNumber().toString(), signerTable); addItemRow("Version", Integer.toString(signerCertificate.getVersion()), signerTable); byte[] encodedPublicKey = signerCertificate.getPublicKey().getEncoded(); addItemRow("Public key SHA1 Thumbprint", DigestUtils.shaHex(encodedPublicKey), signerTable); addItemRow("Public key SHA256 Thumbprint", DigestUtils.sha256Hex(encodedPublicKey), signerTable); document.add(signerTable); addLongMonoItem("The decoded certificate:", signerCertificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(signerCertificate), document); addLongMonoItem("The public key in PEM format:", toPem(signerCertificate.getPublicKey()), document); } document.close(); } catch (DocumentException e) { throw new RuntimeException("PDF document error: " + e.getMessage(), e); } catch (Exception e) { throw new RuntimeException("Exception: " + e.getMessage(), e); } }
From source file:org.ejbca.core.protocol.ocsp.ProtocolOcspHttpTest.java
/** * adds a CA Using ECDSA keys to the database. * * It also checks that the CA is stored correctly. * * @throws Exception// ww w .j a va2 s .c o m * error */ private CAInfo addECDSACA(String dn, String keySpec) throws Exception { log.trace(">addECDSACA()"); boolean ret = false; int cryptoTokenId = 0; CAInfo info = null; try { cryptoTokenId = CryptoTokenTestUtils.createCryptoTokenForCA(admin, dn, keySpec); final CAToken catoken = CaTestUtils.createCaToken(cryptoTokenId, AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA, AlgorithmConstants.SIGALG_SHA1_WITH_RSA); // Create and active OSCP CA Service. List<ExtendedCAServiceInfo> extendedcaservices = new ArrayList<ExtendedCAServiceInfo>(); extendedcaservices.add(new HardTokenEncryptCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE)); extendedcaservices.add(new KeyRecoveryCAServiceInfo(ExtendedCAServiceInfo.STATUS_ACTIVE)); List<CertificatePolicy> policies = new ArrayList<CertificatePolicy>(1); policies.add(new CertificatePolicy("2.5.29.32.0", "", "")); X509CAInfo cainfo = new X509CAInfo(dn, dn, CAConstants.CA_ACTIVE, CertificateProfileConstants.CERTPROFILE_FIXED_ROOTCA, 365, CAInfo.SELFSIGNED, null, catoken); cainfo.setDescription("JUnit ECDSA CA"); cainfo.setPolicies(policies); cainfo.setExtendedCAServiceInfos(extendedcaservices); caAdminSession.createCA(admin, cainfo); info = caSession.getCAInfo(admin, dn); X509Certificate cert = (X509Certificate) info.getCertificateChain().iterator().next(); assertTrue("Error in created ca certificate", cert.getSubjectDN().toString().equals(dn)); assertTrue("Creating CA failed", info.getSubjectDN().equals(dn)); // Make BC cert instead to make sure the public key is BC provider type (to make our test below easier) X509Certificate bccert = (X509Certificate) CertTools.getCertfromByteArray(cert.getEncoded()); PublicKey pk = bccert.getPublicKey(); if (pk instanceof JCEECPublicKey) { JCEECPublicKey ecpk = (JCEECPublicKey) pk; assertEquals(ecpk.getAlgorithm(), "EC"); org.bouncycastle.jce.spec.ECParameterSpec spec = ecpk.getParameters(); if (StringUtils.equals(keySpec, "implicitlyCA")) { assertNull("ImplicitlyCA must have null spec", spec); } else { assertNotNull("secp256r1 must not have null spec", spec); } } else if (pk instanceof BCECPublicKey) { BCECPublicKey ecpk = (BCECPublicKey) pk; assertEquals(ecpk.getAlgorithm(), "EC"); org.bouncycastle.jce.spec.ECParameterSpec spec = ecpk.getParameters(); if (StringUtils.equals(keySpec, "implicitlyCA")) { assertNull("ImplicitlyCA must have null spec", spec); } else { assertNotNull("secp256r1 must not have null spec", spec); } } else { assertTrue("Public key is not EC: " + pk.getClass().getName(), false); } ret = true; } catch (CAExistsException pee) { log.info("CA exists."); } assertTrue("Creating ECDSA CA failed", ret); log.trace("<addECDSACA()"); return info; }
From source file:test.unit.be.fedict.eid.applet.service.IdentityDataMessageHandlerTest.java
public void testHandleMessageInvalidIntegritySignature() throws Exception { // setup//from w w w .ja va 2 s. c o m KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=TestNationalRegistration", notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession mockHttpSession = EasyMock.createMock(HttpSession.class); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityServiceClass")) .andStubReturn(IdentityIntegrityTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("AuditService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("AuditServiceClass")) .andStubReturn(AuditTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("SkipNationalNumberCheck")).andStubReturn(null); EasyMock.expect(mockServletRequest.getRemoteAddr()).andStubReturn("remote-address"); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_ADDRESS_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_CERTIFICATES_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_PHOTO_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); byte[] idFile = "foobar-id-file".getBytes(); IdentityDataMessage message = new IdentityDataMessage(); message.idFile = idFile; KeyPair intruderKeyPair = MiscTestUtils.generateKeyPair(); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(intruderKeyPair.getPrivate()); signature.update(idFile); byte[] idFileSignature = signature.sign(); message.identitySignatureFile = idFileSignature; message.rrnCertFile = certificate.getEncoded(); // prepare EasyMock.replay(mockServletConfig, mockHttpSession, mockServletRequest); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); try { this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, mockHttpSession); fail(); } catch (ServletException e) { LOG.debug("expected exception: " + e.getMessage()); // verify EasyMock.verify(mockServletConfig, mockHttpSession, mockServletRequest); assertNull(IdentityIntegrityTestService.getCertificate()); assertEquals("remote-address", AuditTestService.getAuditIntegrityRemoteAddress()); } }
From source file:be.fedict.eid.tsl.Tsl2PdfExporter.java
/** * Produce a human readable export of the given tsl to the given file. * /*from w w w. j ava 2 s . co m*/ * @param tsl * the TrustServiceList to export * @param pdfFile * the file to generate * @return * @throws IOException */ public void humanReadableExport(final TrustServiceList tsl, final File pdfFile) { Document document = new Document(); OutputStream outputStream; try { outputStream = new FileOutputStream(pdfFile); } catch (FileNotFoundException e) { throw new RuntimeException("file not found: " + pdfFile.getAbsolutePath(), e); } try { final PdfWriter pdfWriter = PdfWriter.getInstance(document, outputStream); pdfWriter.setPDFXConformance(PdfWriter.PDFA1B); // title final EUCountry country = EUCountry.valueOf(tsl.getSchemeTerritory()); final String title = country.getShortSrcLangName() + " (" + country.getShortEnglishName() + "): Trusted List"; Phrase footerPhrase = new Phrase("PDF document generated on " + new Date().toString() + ", page ", headerFooterFont); HeaderFooter footer = new HeaderFooter(footerPhrase, true); document.setFooter(footer); Phrase headerPhrase = new Phrase(title, headerFooterFont); HeaderFooter header = new HeaderFooter(headerPhrase, false); document.setHeader(header); document.open(); addTitle(title, title0Font, Paragraph.ALIGN_CENTER, 0, 20, document); addLongItem("Scheme name", tsl.getSchemeName(), document); addLongItem("Legal Notice", tsl.getLegalNotice(), document); // information table PdfPTable informationTable = createInfoTable(); addItemRow("Scheme territory", tsl.getSchemeTerritory(), informationTable); addItemRow("Scheme status determination approach", substringAfter(tsl.getStatusDeterminationApproach(), "StatusDetn/"), informationTable); /* final List<String> schemeTypes = new ArrayList<String>(); for (final String schemeType : tsl.getSchemeTypes()) { schemeTypes.add(schemeType); } */ final List<String> schemeTypes = new ArrayList<String>(); List<NonEmptyMultiLangURIType> uris = tsl.getSchemeTypes(); for (NonEmptyMultiLangURIType uri : uris) { schemeTypes.add(uri.getValue()); } addItemRow("Scheme type community rules", schemeTypes, informationTable); addItemRow("Issue date", tsl.getListIssueDateTime().toString(), informationTable); addItemRow("Next update", tsl.getNextUpdate().toString(), informationTable); addItemRow("Historical information period", tsl.getHistoricalInformationPeriod().toString() + " days", informationTable); addItemRow("Sequence number", tsl.getSequenceNumber().toString(), informationTable); addItemRow("Scheme information URIs", tsl.getSchemeInformationUris(), informationTable); document.add(informationTable); addTitle("Scheme Operator", title1Font, Paragraph.ALIGN_CENTER, 0, 10, document); informationTable = createInfoTable(); addItemRow("Scheme operator name", tsl.getSchemeOperatorName(), informationTable); PostalAddressType schemeOperatorPostalAddress = tsl.getSchemeOperatorPostalAddress(Locale.ENGLISH); addItemRow("Scheme operator street address", schemeOperatorPostalAddress.getStreetAddress(), informationTable); addItemRow("Scheme operator postal code", schemeOperatorPostalAddress.getPostalCode(), informationTable); addItemRow("Scheme operator locality", schemeOperatorPostalAddress.getLocality(), informationTable); addItemRow("Scheme operator state", schemeOperatorPostalAddress.getStateOrProvince(), informationTable); addItemRow("Scheme operator country", schemeOperatorPostalAddress.getCountryName(), informationTable); List<String> schemeOperatorElectronicAddressess = tsl.getSchemeOperatorElectronicAddresses(); addItemRow("Scheme operator contact", schemeOperatorElectronicAddressess, informationTable); document.add(informationTable); addTitle("Trust Service Providers", title1Font, Paragraph.ALIGN_CENTER, 10, 2, document); List<TrustServiceProvider> trustServiceProviders = tsl.getTrustServiceProviders(); for (TrustServiceProvider trustServiceProvider : trustServiceProviders) { addTitle(trustServiceProvider.getName(), title1Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable providerTable = createInfoTable(); addItemRow("Service provider trade name", trustServiceProvider.getTradeNames(), providerTable); addItemRow("Information URI", trustServiceProvider.getInformationUris(), providerTable); PostalAddressType postalAddress = trustServiceProvider.getPostalAddress(); addItemRow("Service provider street address", postalAddress.getStreetAddress(), providerTable); addItemRow("Service provider postal code", postalAddress.getPostalCode(), providerTable); addItemRow("Service provider locality", postalAddress.getLocality(), providerTable); addItemRow("Service provider state", postalAddress.getStateOrProvince(), providerTable); addItemRow("Service provider country", postalAddress.getCountryName(), providerTable); document.add(providerTable); List<TrustService> trustServices = trustServiceProvider.getTrustServices(); for (TrustService trustService : trustServices) { addTitle(trustService.getName(), title2Font, Paragraph.ALIGN_LEFT, 10, 2, document); PdfPTable serviceTable = createInfoTable(); addItemRow("Type", substringAfter(trustService.getType(), "Svctype/"), serviceTable); addItemRow("Status", substringAfter(trustService.getStatus(), "Svcstatus/"), serviceTable); addItemRow("Status starting time", trustService.getStatusStartingTime().toString(), serviceTable); document.add(serviceTable); addTitle("Service digital identity (X509)", title3Font, Paragraph.ALIGN_LEFT, 2, 0, document); final X509Certificate certificate = trustService.getServiceDigitalIdentity(); final PdfPTable serviceIdentityTable = createInfoTable(); addItemRow("Version", Integer.toString(certificate.getVersion()), serviceIdentityTable); addItemRow("Serial number", certificate.getSerialNumber().toString(), serviceIdentityTable); addItemRow("Signature algorithm", certificate.getSigAlgName(), serviceIdentityTable); addItemRow("Issuer", certificate.getIssuerX500Principal().toString(), serviceIdentityTable); addItemRow("Valid from", certificate.getNotBefore().toString(), serviceIdentityTable); addItemRow("Valid to", certificate.getNotAfter().toString(), serviceIdentityTable); addItemRow("Subject", certificate.getSubjectX500Principal().toString(), serviceIdentityTable); addItemRow("Public key", certificate.getPublicKey().toString(), serviceIdentityTable); // TODO certificate policies addItemRow("Subject key identifier", toHex(getSKId(certificate)), serviceIdentityTable); addItemRow("CRL distribution points", getCrlDistributionPoints(certificate), serviceIdentityTable); addItemRow("Authority key identifier", toHex(getAKId(certificate)), serviceIdentityTable); addItemRow("Key usage", getKeyUsage(certificate), serviceIdentityTable); addItemRow("Basic constraints", getBasicConstraints(certificate), serviceIdentityTable); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("cert: " + e.getMessage(), e); } addItemRow("SHA1 Thumbprint", DigestUtils.shaHex(encodedCertificate), serviceIdentityTable); addItemRow("SHA256 Thumbprint", DigestUtils.sha256Hex(encodedCertificate), serviceIdentityTable); document.add(serviceIdentityTable); //add Scheme service definition if (null != trustService.getSchemeServiceDefinitionURI()) { addTitle("Scheme Service Definition URI", title3Font, Paragraph.ALIGN_LEFT, 2, 0, document); final PdfPTable schemeServiceDefinitionURITabel = createInfoTable(); for (NonEmptyMultiLangURIType uri : trustService.getSchemeServiceDefinitionURI().getURI()) { addItemRow(uri.getLang(), uri.getValue(), schemeServiceDefinitionURITabel); } document.add(schemeServiceDefinitionURITabel); } List<ExtensionType> extensions = trustService.getExtensions(); for (ExtensionType extension : extensions) { printExtension(extension, document); } addLongMonoItem("The decoded certificate:", certificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(certificate), document); ServiceHistoryType serviceHistoryType = trustService.getServiceHistoryInstanceType(); if (null != serviceHistoryType) { for (ServiceHistoryInstanceType serviceHistoryInstanceType : serviceHistoryType .getServiceHistoryInstance()) { PdfPTable serviceHistoryTable = createInfoTable(); //Service approval history information addTitle("Service approval history information", title3Font, Paragraph.ALIGN_LEFT, 10, 2, document); // service type identifier //5.6.2 Service name InternationalNamesType i18nServiceName = serviceHistoryInstanceType.getServiceName(); String servName = TrustServiceListUtils.getValue(i18nServiceName, Locale.ENGLISH); addItemRow("Name", servName, serviceHistoryTable); //5.6.1 Service type identifier addItemRow("Type", substringAfter(serviceHistoryInstanceType.getServiceTypeIdentifier(), "Svctype/"), serviceHistoryTable); addItemRow("Status", serviceHistoryInstanceType.getServiceStatus(), serviceHistoryTable); //5.6.4 Service previous status addItemRow("Previous status", serviceHistoryInstanceType.getServiceStatus(), serviceHistoryTable); //5.6.5 Previous status starting date and time addItemRow( "Previous starting time", new DateTime(serviceHistoryInstanceType .getStatusStartingTime().toGregorianCalendar()).toString(), serviceHistoryTable); //5.6.3 Service digital identity final X509Certificate previousCertificate = trustService.getServiceDigitalIdentity( serviceHistoryInstanceType.getServiceDigitalIdentity()); document.add(serviceHistoryTable); addTitle("Service digital identity (X509)", title4Font, Paragraph.ALIGN_LEFT, 2, 0, document); final PdfPTable serviceIdentityTableHistory = createInfoTable(); addItemRow("Version", Integer.toString(previousCertificate.getVersion()), serviceIdentityTableHistory); addItemRow("Serial number", previousCertificate.getSerialNumber().toString(), serviceIdentityTableHistory); addItemRow("Signature algorithm", previousCertificate.getSigAlgName(), serviceIdentityTableHistory); addItemRow("Issuer", previousCertificate.getIssuerX500Principal().toString(), serviceIdentityTableHistory); addItemRow("Valid from", previousCertificate.getNotBefore().toString(), serviceIdentityTableHistory); addItemRow("Valid to", previousCertificate.getNotAfter().toString(), serviceIdentityTableHistory); addItemRow("Subject", previousCertificate.getSubjectX500Principal().toString(), serviceIdentityTableHistory); addItemRow("Public key", previousCertificate.getPublicKey().toString(), serviceIdentityTableHistory); // TODO certificate policies addItemRow("Subject key identifier", toHex(getSKId(previousCertificate)), serviceIdentityTableHistory); addItemRow("CRL distribution points", getCrlDistributionPoints(previousCertificate), serviceIdentityTableHistory); addItemRow("Authority key identifier", toHex(getAKId(previousCertificate)), serviceIdentityTableHistory); addItemRow("Key usage", getKeyUsage(previousCertificate), serviceIdentityTableHistory); addItemRow("Basic constraints", getBasicConstraints(previousCertificate), serviceIdentityTableHistory); byte[] encodedHistoryCertificate; try { encodedHistoryCertificate = previousCertificate.getEncoded(); } catch (CertificateEncodingException e) { throw new RuntimeException("cert: " + e.getMessage(), e); } addItemRow("SHA1 Thumbprint", DigestUtils.shaHex(encodedHistoryCertificate), serviceIdentityTableHistory); addItemRow("SHA256 Thumbprint", DigestUtils.sha256Hex(encodedHistoryCertificate), serviceIdentityTableHistory); document.add(serviceIdentityTableHistory); ExtensionsListType previousExtensions = serviceHistoryInstanceType .getServiceInformationExtensions(); if (null != previousExtensions) { for (ExtensionType extension : previousExtensions.getExtension()) { printExtension(extension, document); } } addLongMonoItem("The decoded certificate:", previousCertificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(previousCertificate), document); } } } } X509Certificate signerCertificate = tsl.verifySignature(); if (null != signerCertificate) { Paragraph tslSignerTitle = new Paragraph("Trusted List Signer", title1Font); tslSignerTitle.setAlignment(Paragraph.ALIGN_CENTER); document.add(tslSignerTitle); final PdfPTable signerTable = createInfoTable(); addItemRow("Subject", signerCertificate.getSubjectX500Principal().toString(), signerTable); addItemRow("Issuer", signerCertificate.getIssuerX500Principal().toString(), signerTable); addItemRow("Not before", signerCertificate.getNotBefore().toString(), signerTable); addItemRow("Not after", signerCertificate.getNotAfter().toString(), signerTable); addItemRow("Serial number", signerCertificate.getSerialNumber().toString(), signerTable); addItemRow("Version", Integer.toString(signerCertificate.getVersion()), signerTable); byte[] encodedPublicKey = signerCertificate.getPublicKey().getEncoded(); addItemRow("Public key SHA1 Thumbprint", DigestUtils.shaHex(encodedPublicKey), signerTable); addItemRow("Public key SHA256 Thumbprint", DigestUtils.sha256Hex(encodedPublicKey), signerTable); document.add(signerTable); addLongMonoItem("The decoded certificate:", signerCertificate.toString(), document); addLongMonoItem("The certificate in PEM format:", toPem(signerCertificate), document); addLongMonoItem("The public key in PEM format:", toPem(signerCertificate.getPublicKey()), document); } document.close(); } catch (DocumentException e) { throw new RuntimeException("PDF document error: " + e.getMessage(), e); } catch (Exception e) { throw new RuntimeException("Exception: " + e.getMessage(), e); } }
From source file:org.globus.gsi.gssapi.GlobusGSSContextImpl.java
private X509Certificate bcConvert(X509Certificate cert) throws GSSException { if (!(cert instanceof X509CertificateObject)) { ByteArrayInputStream inputStream = null; try {/*from ww w . j a v a 2s . c om*/ inputStream = new ByteArrayInputStream(cert.getEncoded()); return CertificateLoadUtil.loadCertificate(inputStream); } catch (Exception e) { throw new GlobusGSSException(GSSException.FAILURE, e); } finally { if (inputStream != null) { try { inputStream.close(); } catch (Exception e) { logger.warn("Unable to close streamreader."); } } } } else { return cert; } }
From source file:org.signserver.client.cli.validationservice.ValidateCertificateCommand.java
private ValidateResponse runHTTP(final X509Certificate cert) throws Exception { final URL processServlet = new URL(useSSL ? "https" : "http", hosts[0], port, servlet); OutputStream out = null;/*from w w w .j a va 2 s. co m*/ InputStream in = null; try { final URLConnection conn = processServlet.openConnection(); conn.setDoOutput(true); conn.setAllowUserInteraction(false); final StringBuilder sb = new StringBuilder(); sb.append("--" + BOUNDARY); sb.append(CRLF); try { final int workerId = Integer.parseInt(service); sb.append("Content-Disposition: form-data; name=\"workerId\""); sb.append(CRLF); sb.append(CRLF); sb.append(workerId); } catch (NumberFormatException e) { sb.append("Content-Disposition: form-data; name=\"workerName\""); sb.append(CRLF); sb.append(CRLF); sb.append(service); } sb.append(CRLF); sb.append("--" + BOUNDARY); sb.append(CRLF); sb.append("Content-Disposition: form-data; name=\"processType\""); sb.append(CRLF); sb.append(CRLF); sb.append("validateCertificate"); sb.append(CRLF); sb.append("--" + BOUNDARY); sb.append(CRLF); sb.append("Content-Disposition: form-data; name=\"datafile\""); sb.append("; filename=\""); sb.append(certPath.getAbsolutePath()); sb.append("\""); sb.append(CRLF); sb.append("Content-Type: application/octet-stream"); sb.append(CRLF); sb.append("Content-Transfer-Encoding: binary"); sb.append(CRLF); sb.append(CRLF); conn.addRequestProperty("Content-Type", "multipart/form-data; boundary=" + BOUNDARY); out = conn.getOutputStream(); out.write(sb.toString().getBytes()); out.write(cert.getEncoded()); out.write(("\r\n--" + BOUNDARY + "--\r\n").getBytes()); out.flush(); // Get the response in = conn.getInputStream(); final ByteArrayOutputStream os = new ByteArrayOutputStream(); int len; final byte[] buf = new byte[1024]; while ((len = in.read(buf)) > 0) { os.write(buf, 0, len); } os.close(); // read string from response final String response = os.toString(); final String[] responseParts = response.split(";"); // last part of the response string can by empty (revocation date) if (responseParts.length < 4 || responseParts.length > 5) { throw new IOException("Malformed HTTP response"); } final String revocationDateString = responseParts.length == 4 ? null : responseParts[4]; final Date revocationDate = revocationDateString != null && revocationDateString.length() > 0 ? new Date(Integer.valueOf(revocationDateString)) : null; final Validation validation = new Validation(cert, null, Validation.Status.valueOf(responseParts[0]), responseParts[2], revocationDate, Integer.valueOf(responseParts[3])); final ValidateResponse validateResponse = new ValidateResponse(validation, responseParts[1].split(",")); return validateResponse; } catch (IOException e) { throw new RuntimeException(e); } finally { if (out != null) { try { out.close(); } catch (IOException ex) { throw new RuntimeException(ex); } } if (in != null) { try { in.close(); } catch (IOException ex) { throw new RuntimeException(ex); } } } }
From source file:org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore.java
/** * Get user UID attribute for the given certificate. * * @param lookupValue value used for credentials lookup * @param certificate user certificate// w w w . j av a2s. c o m * @param cp credential provider * @return user UID * @throws NamingException LDAP error obtaining user UID. * @throws IOException */ protected String loadUID(String lookupValue, X509Certificate certificate, CredentialProvider cp) throws NamingException, IOException { String uidValue = null; InitialLdapContext ctx = createLdapInitialContext(false); StartTlsResponse tls = null; if (getEnableStartTls()) { tls = startTls(ctx); } String schemeName = null; if (cp instanceof AuthenticationScheme) { schemeName = ((AuthenticationScheme) cp).getName(); } String principalLookupAttrName = this.getPrincipalLookupAttributeID(); if (principalLookupAttrName == null || principalLookupAttrName.trim().equals("") || !"strong-authentication".equals(schemeName)) { principalLookupAttrName = this.getPrincipalUidAttributeID(); } String principalUidAttrName = this.getPrincipalUidAttributeID(); String certificateAttrName = this.getUserCertificateAtrributeID(); String usersCtxDN = this.getUsersCtxDN(); try { // NamingEnumeration answer = ctx.search(usersCtxDN, matchAttrs, principalAttr); // This gives more control over search behavior : NamingEnumeration answer = ctx.search(usersCtxDN, "(&(" + principalLookupAttrName + "={0})(" + certificateAttrName + "={1}))", new Object[] { lookupValue, certificate.getEncoded() }, getSearchControls()); while (answer.hasMore()) { SearchResult sr = (SearchResult) answer.next(); Attributes attrs = sr.getAttributes(); Attribute uidAttr = attrs.get(principalUidAttrName); if (uidAttr == null) { logger.warn("Invalid user uid attribute '" + principalUidAttrName + "'"); continue; } uidValue = uidAttr.get().toString(); if (uidValue != null) { if (logger.isDebugEnabled()) logger.debug("Found user " + principalUidAttrName + "=" + uidValue); } else { if (logger.isDebugEnabled()) logger.debug("User not found for certificate '" + certificate.getSubjectX500Principal().getName() + "'"); } } } catch (NamingException e) { if (logger.isDebugEnabled()) logger.debug("Failed to locate user", e); } catch (CertificateEncodingException e) { if (logger.isDebugEnabled()) logger.debug("Certificate encoding exception", e); } finally { // Close the context to release the connection if (tls != null) { tls.close(); } ctx.close(); } return uidValue; }
From source file:test.unit.be.fedict.eid.applet.service.IdentityDataMessageHandlerTest.java
public void testHandleMessageWithIntegrityCheck() throws Exception { // setup// w w w . j a v a 2s .c o m KeyPair rootKeyPair = MiscTestUtils.generateKeyPair(); KeyPair rrnKeyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); X509Certificate rootCertificate = MiscTestUtils.generateCertificate(rootKeyPair.getPublic(), "CN=TestRootCA", notBefore, notAfter, null, rootKeyPair.getPrivate(), true, 0, null, null); X509Certificate rrnCertificate = MiscTestUtils.generateCertificate(rrnKeyPair.getPublic(), "CN=TestNationalRegistration", notBefore, notAfter, null, rootKeyPair.getPrivate(), false, 0, null, null); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession mockHttpSession = EasyMock.createMock(HttpSession.class); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("IdentityIntegrityServiceClass")) .andStubReturn(IdentityIntegrityTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter("AuditService")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("AuditServiceClass")).andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter("SkipNationalNumberCheck")).andStubReturn(null); EasyMock.expect(mockHttpSession.getAttribute("eid.identifier")).andStubReturn(null); mockHttpSession.setAttribute(EasyMock.eq("eid.identity"), EasyMock.isA(Identity.class)); EasyMock.expect(mockHttpSession.getAttribute("eid")).andStubReturn(null); mockHttpSession.setAttribute(EasyMock.eq("eid"), EasyMock.isA(EIdData.class)); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_ADDRESS_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_CERTIFICATES_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockHttpSession.getAttribute(RequestContext.INCLUDE_PHOTO_SESSION_ATTRIBUTE)) .andStubReturn(false); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); byte[] idFile = "foobar-id-file".getBytes(); IdentityDataMessage message = new IdentityDataMessage(); message.idFile = idFile; Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(rrnKeyPair.getPrivate()); signature.update(idFile); byte[] idFileSignature = signature.sign(); message.identitySignatureFile = idFileSignature; message.rrnCertFile = rrnCertificate.getEncoded(); message.rootCertFile = rootCertificate.getEncoded(); // prepare EasyMock.replay(mockServletConfig, mockHttpSession, mockServletRequest); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, mockHttpSession); // verify EasyMock.verify(mockServletConfig, mockHttpSession, mockServletRequest); assertEquals(rrnCertificate, IdentityIntegrityTestService.getCertificate()); }
From source file:org.wso2.carbon.idp.mgt.IdentityProviderManager.java
/** * Retrieves resident Identity provider for a given tenant * * @param tenantDomain Tenant domain whose resident IdP is requested * @return <code>LocalIdentityProvider</code> * @throws IdentityProviderManagementException Error when getting Resident Identity Providers *//* www . j a va2 s .c om*/ public IdentityProvider getResidentIdP(String tenantDomain) throws IdentityProviderManagementException { String tenantContext = ""; if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equalsIgnoreCase(tenantDomain)) { tenantContext = MultitenantConstants.TENANT_AWARE_URL_PREFIX + "/" + tenantDomain + "/"; } String serverUrl = IdentityUtil.getServerURL("") + "/"; String openIdUrl = null; String samlSSOUrl = null; String samlLogoutUrl = null; String oauth1RequestTokenUrl = null; String oauth1AuthorizeUrl = null; String oauth1AccessTokenUrl = null; String oauth2AuthzEPUrl = null; String oauth2TokenEPUrl = null; String oauth2UserInfoEPUrl = null; String passiveStsUrl = null; String stsUrl = null; String scimUserEndpoint = null; String scimGroupsEndpoint = null; OMElement elem = IdentityConfigParser.getInstance().getConfigElement("OpenID.OpenIDServerUrl"); if (elem != null) { openIdUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("SSOService.IdentityProviderURL"); if (elem != null) { samlSSOUrl = elem.getText(); samlLogoutUrl = samlSSOUrl; } elem = IdentityConfigParser.getInstance().getConfigElement("OAuth.OAuth1RequestTokenUrl"); if (elem != null) { oauth1RequestTokenUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("OAuth.OAuth1AuthorizeUrl"); if (elem != null) { oauth1AuthorizeUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("OAuth.OAuth1AccessTokenUrl"); if (elem != null) { oauth1AccessTokenUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("OAuth.OAuth2AuthzEPUrl"); if (elem != null) { oauth2AuthzEPUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("OAuth.OAuth2TokenEPUrl"); if (elem != null) { oauth2TokenEPUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("OAuth.OAuth2UserInfoEPUrl"); if (elem != null) { oauth2UserInfoEPUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("PassiveSTS.IdentityProviderURL"); if (elem != null) { passiveStsUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("SecurityTokenService.IdentityProviderURL"); if (elem != null) { stsUrl = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("SCIM.UserEPUrl"); if (elem != null) { scimUserEndpoint = elem.getText(); } elem = IdentityConfigParser.getInstance().getConfigElement("SCIM.GroupEPUrl"); if (elem != null) { scimGroupsEndpoint = elem.getText(); } if (StringUtils.isBlank(openIdUrl)) { openIdUrl = serverUrl + "openid"; } if (StringUtils.isBlank(samlSSOUrl)) { samlSSOUrl = serverUrl + "samlsso"; } if (StringUtils.isBlank(samlLogoutUrl)) { samlLogoutUrl = serverUrl + "samlsso"; } if (StringUtils.isBlank(oauth1RequestTokenUrl)) { oauth1RequestTokenUrl = serverUrl + "oauth/request-token"; } if (StringUtils.isBlank(oauth1AuthorizeUrl)) { oauth1AuthorizeUrl = serverUrl + "oauth/authorize-url"; } if (StringUtils.isBlank(oauth1AccessTokenUrl)) { oauth1AccessTokenUrl = serverUrl + "oauth/access-token"; } if (StringUtils.isBlank(oauth2AuthzEPUrl)) { oauth2AuthzEPUrl = serverUrl + "oauth2/authorize"; } if (StringUtils.isBlank(oauth2TokenEPUrl)) { oauth2TokenEPUrl = serverUrl + "oauth2/token"; } if (StringUtils.isBlank(oauth2UserInfoEPUrl)) { oauth2UserInfoEPUrl = serverUrl + "oauth2/userinfo"; } if (StringUtils.isBlank(passiveStsUrl)) { passiveStsUrl = serverUrl + "passivests"; } if (StringUtils.isBlank(stsUrl)) { stsUrl = serverUrl + "services/" + tenantContext + "wso2carbon-sts"; } if (StringUtils.isBlank(scimUserEndpoint)) { scimUserEndpoint = serverUrl + "wso2/scim/Users"; } if (StringUtils.isBlank(scimGroupsEndpoint)) { scimGroupsEndpoint = serverUrl + "wso2/scim/Groups"; } IdentityProvider identityProvider = dao.getIdPByName(null, IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME, IdentityTenantUtil.getTenantId(tenantDomain), tenantDomain); if (identityProvider == null) { String message = "Could not find Resident Identity Provider for tenant " + tenantDomain; log.error(message); throw new IdentityProviderManagementException(message); } int tenantId = -1; try { tenantId = IdPManagementServiceComponent.getRealmService().getTenantManager().getTenantId(tenantDomain); } catch (UserStoreException e) { throw new IdentityProviderManagementException( "Exception occurred while retrieving Tenant ID from Tenant Domain " + tenantDomain, e); } X509Certificate cert = null; try { IdentityTenantUtil.initializeRegistry(tenantId, tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); // derive JKS name String jksName = ksName + ".jks"; KeyStore keyStore = keyStoreManager.getKeyStore(jksName); cert = (X509Certificate) keyStore.getCertificate(tenantDomain); } else { cert = keyStoreManager.getDefaultPrimaryCertificate(); } } catch (Exception e) { String msg = "Error retrieving primary certificate for tenant : " + tenantDomain; log.error(msg, e); throw new IdentityProviderManagementException(msg, e); } if (cert == null) { throw new IdentityProviderManagementException( "Cannot find the primary certificate for tenant " + tenantDomain); } try { identityProvider.setCertificate(Base64.encode(cert.getEncoded())); } catch (CertificateEncodingException e) { String msg = "Error occurred while encoding primary certificate for tenant domain " + tenantDomain; log.error(msg, e); throw new IdentityProviderManagementException(msg, e); } List<FederatedAuthenticatorConfig> fedAuthnCofigs = new ArrayList<FederatedAuthenticatorConfig>(); List<Property> propertiesList = null; FederatedAuthenticatorConfig openIdFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator( identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.OpenID.NAME); if (openIdFedAuthn == null) { openIdFedAuthn = new FederatedAuthenticatorConfig(); openIdFedAuthn.setName(IdentityApplicationConstants.Authenticator.OpenID.NAME); } propertiesList = new ArrayList<Property>(Arrays.asList(openIdFedAuthn.getProperties())); if (IdentityApplicationManagementUtil.getProperty(openIdFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.OpenID.OPEN_ID_URL) == null) { Property openIdUrlProp = new Property(); openIdUrlProp.setName(IdentityApplicationConstants.Authenticator.OpenID.OPEN_ID_URL); openIdUrlProp.setValue(openIdUrl); propertiesList.add(openIdUrlProp); } openIdFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()])); fedAuthnCofigs.add(openIdFedAuthn); FederatedAuthenticatorConfig saml2SSOFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator( identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.SAML2SSO.NAME); if (saml2SSOFedAuthn == null) { saml2SSOFedAuthn = new FederatedAuthenticatorConfig(); saml2SSOFedAuthn.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.NAME); } propertiesList = new ArrayList<Property>(Arrays.asList(saml2SSOFedAuthn.getProperties())); if (IdentityApplicationManagementUtil.getProperty(saml2SSOFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL) == null) { Property ssoUrlProp = new Property(); ssoUrlProp.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.SSO_URL); ssoUrlProp.setValue(samlSSOUrl); propertiesList.add(ssoUrlProp); } if (IdentityApplicationManagementUtil.getProperty(saml2SSOFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.LOGOUT_REQ_URL) == null) { Property logoutReqUrlProp = new Property(); logoutReqUrlProp.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.LOGOUT_REQ_URL); logoutReqUrlProp.setValue(samlLogoutUrl); propertiesList.add(logoutReqUrlProp); } if (IdentityApplicationManagementUtil.getProperty(saml2SSOFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID) == null) { Property idPEntityIdProp = new Property(); idPEntityIdProp.setName(IdentityApplicationConstants.Authenticator.SAML2SSO.IDP_ENTITY_ID); idPEntityIdProp.setValue(IdPManagementUtil.getResidentIdPEntityId()); propertiesList.add(idPEntityIdProp); } saml2SSOFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()])); fedAuthnCofigs.add(saml2SSOFedAuthn); FederatedAuthenticatorConfig oauth1FedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator( identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.OAuth10A.NAME); if (oauth1FedAuthn == null) { oauth1FedAuthn = new FederatedAuthenticatorConfig(); oauth1FedAuthn.setName(IdentityApplicationConstants.OAuth10A.NAME); } propertiesList = new ArrayList<Property>(Arrays.asList(oauth1FedAuthn.getProperties())); if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL) == null) { Property oauth1ReqTokUrlProp = new Property(); oauth1ReqTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_REQUEST_TOKEN_URL); oauth1ReqTokUrlProp.setValue(oauth1RequestTokenUrl); propertiesList.add(oauth1ReqTokUrlProp); } if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL) == null) { Property oauth1AuthzUrlProp = new Property(); oauth1AuthzUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_AUTHORIZE_URL); oauth1AuthzUrlProp.setValue(oauth1AuthorizeUrl); propertiesList.add(oauth1AuthzUrlProp); } if (IdentityApplicationManagementUtil.getProperty(oauth1FedAuthn.getProperties(), IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL) == null) { Property oauth1AccessTokUrlProp = new Property(); oauth1AccessTokUrlProp.setName(IdentityApplicationConstants.OAuth10A.OAUTH1_ACCESS_TOKEN_URL); oauth1AccessTokUrlProp.setValue(oauth1AccessTokenUrl); propertiesList.add(oauth1AccessTokUrlProp); } oauth1FedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()])); fedAuthnCofigs.add(oauth1FedAuthn); FederatedAuthenticatorConfig oidcFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator( identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.OIDC.NAME); if (oidcFedAuthn == null) { oidcFedAuthn = new FederatedAuthenticatorConfig(); oidcFedAuthn.setName(IdentityApplicationConstants.Authenticator.OIDC.NAME); } propertiesList = new ArrayList<Property>(Arrays.asList(oidcFedAuthn.getProperties())); if (IdentityApplicationManagementUtil.getProperty(oidcFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_AUTHZ_URL) == null) { Property authzUrlProp = new Property(); authzUrlProp.setName(IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_AUTHZ_URL); authzUrlProp.setValue(oauth2AuthzEPUrl); propertiesList.add(authzUrlProp); } if (IdentityApplicationManagementUtil.getProperty(oidcFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL) == null) { Property tokenUrlProp = new Property(); tokenUrlProp.setName(IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_TOKEN_URL); tokenUrlProp.setValue(oauth2TokenEPUrl); propertiesList.add(tokenUrlProp); } if (IdentityApplicationManagementUtil.getProperty(oidcFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_USER_INFO_EP_URL) == null) { Property userInfoUrlProp = new Property(); userInfoUrlProp.setName(IdentityApplicationConstants.Authenticator.OIDC.OAUTH2_USER_INFO_EP_URL); userInfoUrlProp.setValue(oauth2UserInfoEPUrl); propertiesList.add(userInfoUrlProp); } oidcFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()])); fedAuthnCofigs.add(oidcFedAuthn); FederatedAuthenticatorConfig passiveSTSFedAuthn = IdentityApplicationManagementUtil .getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.PassiveSTS.NAME); if (passiveSTSFedAuthn == null) { passiveSTSFedAuthn = new FederatedAuthenticatorConfig(); passiveSTSFedAuthn.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.NAME); } propertiesList = new ArrayList<Property>(Arrays.asList(passiveSTSFedAuthn.getProperties())); if (IdentityApplicationManagementUtil.getProperty(passiveSTSFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL) == null) { Property passiveSTSUrlProp = new Property(); passiveSTSUrlProp.setName(IdentityApplicationConstants.Authenticator.PassiveSTS.IDENTITY_PROVIDER_URL); passiveSTSUrlProp.setValue(passiveStsUrl); propertiesList.add(passiveSTSUrlProp); } passiveSTSFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()])); fedAuthnCofigs.add(passiveSTSFedAuthn); FederatedAuthenticatorConfig stsFedAuthn = IdentityApplicationManagementUtil.getFederatedAuthenticator( identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.WSTrust.NAME); if (stsFedAuthn == null) { stsFedAuthn = new FederatedAuthenticatorConfig(); stsFedAuthn.setName(IdentityApplicationConstants.Authenticator.WSTrust.NAME); } propertiesList = new ArrayList<Property>(Arrays.asList(stsFedAuthn.getProperties())); if (IdentityApplicationManagementUtil.getProperty(stsFedAuthn.getProperties(), IdentityApplicationConstants.Authenticator.WSTrust.IDENTITY_PROVIDER_URL) == null) { Property stsUrlProp = new Property(); stsUrlProp.setName(IdentityApplicationConstants.Authenticator.WSTrust.IDENTITY_PROVIDER_URL); stsUrlProp.setValue(stsUrl); propertiesList.add(stsUrlProp); } stsFedAuthn.setProperties(propertiesList.toArray(new Property[propertiesList.size()])); fedAuthnCofigs.add(stsFedAuthn); FederatedAuthenticatorConfig sessionTimeoutConfig = IdentityApplicationManagementUtil .getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), IdentityApplicationConstants.Authenticator.IDPProperties.NAME); if (sessionTimeoutConfig == null) { sessionTimeoutConfig = new FederatedAuthenticatorConfig(); sessionTimeoutConfig.setName(IdentityApplicationConstants.Authenticator.IDPProperties.NAME); } propertiesList = new ArrayList<Property>(Arrays.asList(sessionTimeoutConfig.getProperties())); if (IdentityApplicationManagementUtil.getProperty(sessionTimeoutConfig.getProperties(), IdentityApplicationConstants.Authenticator.IDPProperties.SESSION_IDLE_TIME_OUT) == null) { Property sessionIdletimeOutProp = new Property(); sessionIdletimeOutProp .setName(IdentityApplicationConstants.Authenticator.IDPProperties.SESSION_IDLE_TIME_OUT); String idleTimeout = IdentityUtil.getProperty(IdentityConstants.ServerConfig.SESSION_IDLE_TIMEOUT); if (StringUtils.isBlank(idleTimeout)) { idleTimeout = IdentityApplicationConstants.Authenticator.IDPProperties.SESSION_IDLE_TIME_OUT_DEFAULT; } else if (!StringUtils.isNumeric(idleTimeout)) { log.warn("SessionIdleTimeout in identity.xml should be a numeric value"); idleTimeout = IdentityApplicationConstants.Authenticator.IDPProperties.SESSION_IDLE_TIME_OUT_DEFAULT; } sessionIdletimeOutProp.setValue(idleTimeout); propertiesList.add(sessionIdletimeOutProp); } if (IdentityApplicationManagementUtil.getProperty(sessionTimeoutConfig.getProperties(), IdentityApplicationConstants.Authenticator.IDPProperties.REMEMBER_ME_TIME_OUT) == null) { Property rememberMeTimeOutProp = new Property(); rememberMeTimeOutProp .setName(IdentityApplicationConstants.Authenticator.IDPProperties.REMEMBER_ME_TIME_OUT); String rememberMeTimeout = IdentityUtil .getProperty(IdentityConstants.ServerConfig.REMEMBER_ME_TIME_OUT); if (StringUtils.isBlank(rememberMeTimeout)) { rememberMeTimeout = IdentityApplicationConstants.Authenticator.IDPProperties.REMEMBER_ME_TIME_OUT_DEFAULT; } else if (!StringUtils.isNumeric(rememberMeTimeout)) { log.warn("RememberMeTimeout in identity.xml should be a numeric value"); rememberMeTimeout = IdentityApplicationConstants.Authenticator.IDPProperties.REMEMBER_ME_TIME_OUT_DEFAULT; } rememberMeTimeOutProp.setValue(rememberMeTimeout); propertiesList.add(rememberMeTimeOutProp); } if (IdentityApplicationManagementUtil.getProperty(sessionTimeoutConfig.getProperties(), IdentityApplicationConstants.Authenticator.IDPProperties.CLEAN_UP_PERIOD) == null) { Property cleanUpPeriodProp = new Property(); cleanUpPeriodProp.setName(IdentityApplicationConstants.Authenticator.IDPProperties.CLEAN_UP_PERIOD); String cleanUpPeriod = IdentityUtil.getProperty(IdentityConstants.ServerConfig.CLEAN_UP_PERIOD); if (StringUtils.isBlank(cleanUpPeriod)) { cleanUpPeriod = IdentityApplicationConstants.Authenticator.IDPProperties.CLEAN_UP_PERIOD_DEFAULT; } else if (!StringUtils.isNumeric(cleanUpPeriod)) { log.warn("PersistanceCleanUpPeriod in identity.xml should be a numeric value"); cleanUpPeriod = IdentityApplicationConstants.Authenticator.IDPProperties.CLEAN_UP_PERIOD_DEFAULT; } cleanUpPeriodProp.setValue(cleanUpPeriod); propertiesList.add(cleanUpPeriodProp); } sessionTimeoutConfig.setProperties(propertiesList.toArray(new Property[propertiesList.size()])); fedAuthnCofigs.add(sessionTimeoutConfig); identityProvider.setFederatedAuthenticatorConfigs( fedAuthnCofigs.toArray(new FederatedAuthenticatorConfig[fedAuthnCofigs.size()])); ProvisioningConnectorConfig scimProvConn = IdentityApplicationManagementUtil .getProvisioningConnector(identityProvider.getProvisioningConnectorConfigs(), "scim"); if (scimProvConn == null) { scimProvConn = new ProvisioningConnectorConfig(); scimProvConn.setName("scim"); } propertiesList = new ArrayList<Property>(Arrays.asList(scimProvConn.getProvisioningProperties())); if (IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), "scimUserEndpoint") == null) { Property property = new Property(); property.setName("scimUserEndpoint"); property.setValue(scimUserEndpoint); propertiesList.add(property); } if (IdentityApplicationManagementUtil.getProperty(scimProvConn.getProvisioningProperties(), "scimUserEndpoint") == null) { Property property = new Property(); property.setName("scimGroupEndpoint"); property.setValue(scimGroupsEndpoint); propertiesList.add(property); } scimProvConn.setProvisioningProperties(propertiesList.toArray(new Property[propertiesList.size()])); identityProvider.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[] { scimProvConn }); return identityProvider; }