1.5.5 release branch
diff --git a/trunk/ChangeLog.txt b/trunk/ChangeLog.txt
new file mode 100644
index 0000000..56d218a
--- /dev/null
+++ b/trunk/ChangeLog.txt
@@ -0,0 +1,52 @@
+
+This file contains a listing of all Jira tickets that have been closed
+for a given release.  
+
+Portions of this report were generated using the ReleaseNotes facility
+in Jira.
+
+Release 1.5.4
+=============
+
+** Bug
+    * [WSS-51] - Incorrect test for null in WSHandler
+    * [WSS-52] - ArrayIndexOutOfBoundsException if certs.length > 1
+    * [WSS-54] - UsernameTokenProcessor not processing unhashed UsernameToken
+    * [WSS-56] - WSS4j statically inserts Bouncycastle and Juice in list of JCE providers
+    * [WSS-66] - Possible security hole when PasswordDigest is used by client.
+    * [WSS-68] - No way to create a UsernameToken with absent <Password> element
+    * [WSS-70] - WSHandler checkReceiverResults causes security problem
+    * [WSS-82] - Add the ability to use a custom-loaded JCE provider instance instead of using the system-provided one
+    * [WSS-89] - Error in verifying the signature with encrypted key
+    * [WSS-93] - xmlsec NPE on Reference URI and ValueType attributes
+    * [WSS-95] - Missing NOTICE file in WSS4J release
+    * [WSS-96] - Error when making a signature when containing a WSSecTimestamp
+    * [WSS-97] - Merlin passes invalid OID to getExtensionValue
+    * [WSS-100] - Bug in wsse11 element creation
+    * [WSS-101] - Bug in Encrypted SOAP Header creation
+    * [WSS-103] - BinarySecurityToken processor does not allow for custom token types
+    * [WSS-105] - Make WSS4J compliant with X.509 1.1 specification
+    * [WSS-106] - Certs are expired in wss4j.keystore
+    * [WSS-108] - Some work on KeyIdentifiers
+    * [WSS-109] - Review of error handling messages
+    * [WSS-112] - DerivedKeyProcessor is overwritten if more derivedkeys are present in a Soap Message.
+    * [WSS-113] - Bug in WSHandler#getPassword
+    * [WSS-114] - Some test reports are deleted by intermediate tasks in the ant build
+    * [WSS-116] - EncryptedKeyProcessor fails to record QName of decrypted element
+    * [WSS-119] - Error in Singature Processor 
+
+** Improvement
+    * [WSS-37] - Make it easier to set key-stores programmatically
+    * [WSS-38] - Make it easier to set key-stores programmatically
+    * [WSS-74] - Allow Actions and Processors to be customizable
+    * [WSS-80] - Doc fixes to main WSS4J page
+    * [WSS-88] - SecureRandom.getInstance("SHA1PRNG") is slow on IBM JDK 1.4.2 (And perhaps others)
+    * [WSS-92] - Support for Encrypted Header 
+    * [WSS-104] - Reference List processor should provide more information
+    * [WSS-107] - X509NameTokenizer.java contains Bouncy Castle JCE copyright code
+
+
+Version prior to 1.5.4
+======================
+
+no record
diff --git a/trunk/LICENSE.txt b/trunk/LICENSE.txt
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/trunk/LICENSE.txt
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/trunk/NOTICE b/trunk/NOTICE
new file mode 100644
index 0000000..34502df
--- /dev/null
+++ b/trunk/NOTICE
@@ -0,0 +1,5 @@
+This product includes software developed by

+The Apache Software Foundation (http://www.apache.org/).

+

+This product includes software Copyright University of Southampton IT

+Innovation Centre, 2006 (http://www.it-innovation.soton.ac.uk).

diff --git a/trunk/README.txt b/trunk/README.txt
new file mode 100644
index 0000000..2ac8486
--- /dev/null
+++ b/trunk/README.txt
@@ -0,0 +1,217 @@
+* What is WSS4J? *
+
+WSS4J is part of the Apache Web Services project:
+
+http://ws.apache.org/
+
+Apache WSS4J is an implementation of the OASIS Web Services Security specifications
+(WS-Security, WSS) from OASIS Web Services Security TC. WSS4J is primarily
+a Java library that can be used to sign, verify, encrypt, and decrypt SOAP Messages
+according to the WS-Security specifications. WSS4J uses Apache Axis and other Apache 
+XML-Security projects and is interoperable with other JAX-RPC based server/clients 
+and .Net WSE server/clients that follow the OASIS WSS specifications
+
+* Supported WSS Specifications *
+
+WSS4J implements
+
+ * OASIS Web Serives Security: SOAP Message Security 1.0 Standard 200401, 
+   March 2004
+ * Username Token profile V1.0
+ * X.509 Token Profile V1.0
+
+The Web Services Security part of WSS4J is fairly well tested and many
+WebService projects use it already. Also interoperability with
+various other implementations is well tested.
+
+* Support of older WSS specifications *
+
+The WSS4J release 1.1.0 is the last release that was able to emulate previous 
+WSS specs
+
+The next WSS4J releases (>= 1.5.x)
+- support the OASIS V1.0 specs and the relevant namespaces only
+- support one versions of provisional (draft) namespaces for the upcoming version
+
+After the next version of the WSS specs is finished, we do one WSS4J release 
+with the provisional namespaces and another release (with a new release 
+number) with the then fixed namespace URIs. Doing so we could save a lot of
+coding while retaining some backward compatibility using the n-1 release.
+
+
+* Web Services Security Features *
+
+WSS4J can generate and process the following SOAP Bindings:
+
+    o XML Security
+         + XML Signature
+         + XML Encryption
+    o Tokens
+         + Username Tokens
+         + Timestamps
+         + SAML Tokens
+
+WSS4J supports X.509 binary certificates and certificate paths.
+
+The master link to WSS4J: http://ws.apache.org/wss4j/
+
+There is also a Wiki concerning Apache WS projects and WSS4J as one
+of the WS sub-projects:
+    http://wiki.apache.org/ws/
+    http://wiki.apache.org/ws/FrontPage/WsFx
+    
+
+WS-Trust and WS-Secure Conversation specifications
+
+WSS4J now comes with the support for derived key token signature and encryption.
+This is used by the Axis2-"rahas" module to provide the WS-Secure Conversation.
+
+WS-Trust support is also being developed within Axis2 based on WSS4J
+
+org.apache.ws.sandbox. package contains experimental implementations of these 
+specifications.
+
+* Installation (binary distribution) *
+
+The WSS4J zip archive is the binary distribution and contains the wss4j
+jar file, some examples, test classes (incl. sources), the interop test
+classes (incl. sources and necessary certificate store), and the according
+client and server deployment and property files.
+
+The WSS4J jar file contains all classes that implement the basic functions
+and the handlers. To install it make sure this jar file is in the classpath
+of your Axis client and/or Axis server. 
+
+In addition you need to set up the property files that contain information
+about the certificate keystores you use. The property files and the keystore
+are accessed either as resources via classpath or, if that fails, as files
+using the relative path of the application
+
+Thus no specific installation is required. The wss4j jar file could be 
+included into ear or war files of enterprise or web application servers.
+
+Please refer to the JAVADOC files of the distribution for further 
+information how to use WSS4J, the handlers, and how to setup the
+deployment files.
+
+
+* Crypto Notice *
+
+   This distribution includes cryptographic software.  The country in
+   which you currently reside may have restrictions on the import,
+   possession, use, and/or re-export to another country, of
+   encryption software.  BEFORE using any encryption software, please
+   check your country's laws, regulations and policies concerning the
+   import, possession, or use, and re-export of encryption software, to
+   see if this is permitted.  See <http://www.wassenaar.org/> for more
+   information.
+
+   The U.S. Government Department of Commerce, Bureau of Industry and
+   Security (BIS), has classified this software as Export Commodity
+   Control Number (ECCN) 5D002.C.1, which includes information security
+   software using or performing cryptographic functions with asymmetric
+   algorithms.  The form and manner of this Apache Software Foundation
+   distribution makes it eligible for export under the License Exception
+   ENC Technology Software Unrestricted (TSU) exception (see the BIS
+   Export Administration Regulations, Section 740.13) for both object
+   code and source code.
+
+   The following provides more details on the included cryptographic
+   software:
+
+   Apache Santuario : http://santuario.apache.org/
+   Apache WSS4J     : http://ws.apache.org/wss4j/
+   Bouncycastle     : http://www.bouncycastle.org/
+
+
+
+* Required software *
+
+To work with WSS4J you need additional software. Most of the software is also
+needed by your SOAP base system, e.g. Apache Axis. 
+
+To simplify installation and operation of WSS4J an additional ZIP file 
+is provided that holds all other JARs that are required by WSS4J. Please 
+note that we probably not use the very latest versions of these JARs, but 
+we used them during the tests.
+
+To implement the Web Service Security (WSS) part specific software is 
+required:
+
+addressing-1.0.jar
+    This jar contains the implementation of WS-Addressing, required
+    by WSS4J Trust.
+
+    See: http://ws.apache.org/addressing/
+
+axis-1.4.jar
+axis-ant-1.4.jar
+axis-jaxrpc-1.4.jar
+axis-saaj-1.4.jar
+    These jars contain the Apache Axis base software. They implement
+    the basic SOAP processing, deployment, WSDL to Java, Java to WSDL
+    tools and a lot more. Please refer to a Axis documentation how to
+    setup Axis. You should be familiar with Axis, its setup, and 
+    deployment methods before you start with any WSS4J functions.
+    
+    See: http://ws.apache.org/axis/
+
+bcprov-jdk14-140.jar
+    This is the BouncyCastle library that implements all necessary
+    encryption, hashing, certificate, and keystore functions. Without
+    this fantastic library WSS4J wouldn't work at all.
+    
+    See: http://www.bouncycastle.org/
+    
+commons-codec-1.3.jar
+commons-discovery-0.2.jar
+commons-logging-1.1.jar
+    These jars are from the Commons project and provide may useful 
+    functions, such as Base64 encoding/decoding, resource lookup,
+    and much more. Please refer to the commons project to get more
+    information.
+    
+    The master link for the commons project:
+    http://jakarta.apache.org/commons/index.html
+
+junit-3.8.1.jar
+    The famous unit test library. Required if you like to build WSS4J
+    from source and run the unit tests.
+    
+    See: http://www.junit.org/
+    
+log4j-1.2.9.jar
+    The logging library. Required to control the logging, error 
+    reporting and so on.
+    
+    See: http://logging.apache.org/
+
+opensaml-1.1.jar
+    The SAML implementation used by WSS4J to implement the SAML profile.
+    
+    See: http://www.opensaml.org/
+
+wsdl4j-1.5.1.jar
+    The WSDL parsing functions, required by Axis tools to read and
+    parse WSDL.
+    
+    See: http://ws.apache.org/axis/  under related projects
+    
+xalan-2.7.1.jar
+    Library that implements XML Path Language (XPath) and XSLT. The XML 
+    Security implementation needs several functions of Xalan XPath.
+   
+    See: http://xml.apache.org/xalan-j/
+   
+xmlsec-1.4.2.jar
+    This library implements the XML-Signature Syntax and Processing and
+    the XML Encryption Syntax and Processing specifications of the W3C. Thus
+    they form one of the base foundations of WSS4J.  
+    
+    See: http://xml.apache.org/security/
+    
+xercesImpl.jar
+xml-apis.jar
+    The XML parser implementation. Required by anybody :-) .
+
+    See: http://xml.apache.org/xerces2-j/
diff --git a/trunk/assembly/bin.xml b/trunk/assembly/bin.xml
new file mode 100644
index 0000000..eb3a122
--- /dev/null
+++ b/trunk/assembly/bin.xml
@@ -0,0 +1,21 @@
+<assembly>

+  <id>bin</id>

+  <formats>

+    <format>tar.gz</format>

+  </formats>

+  <includeSiteDirectory>true</includeSiteDirectory>

+  <fileSets>

+    <fileSet>

+      <includes>

+        <include>*.txt</include>

+      </includes>

+    </fileSet>

+    <fileSet>

+      <directory>target</directory>

+      <outputDirectory></outputDirectory>

+      <includes>

+        <include>*.jar</include>

+      </includes>

+    </fileSet>

+  </fileSets>

+</assembly>

diff --git a/trunk/assembly/src.xml b/trunk/assembly/src.xml
new file mode 100644
index 0000000..10ec914
--- /dev/null
+++ b/trunk/assembly/src.xml
@@ -0,0 +1,23 @@
+<assembly>

+  <id>src</id>

+  <formats>

+    <format>tar.gz</format>

+  </formats>

+  <fileSets>

+    <fileSet>

+      <includes>

+        <include>*.txt</include>

+        <include>*.xml</include>

+        <include>*.properties</include>

+        <include>.classpath</include>

+        <include>.project</include>

+      </includes>

+    </fileSet>

+    <fileSet>

+      <directory>.settings</directory>

+    </fileSet>

+    <fileSet>

+      <directory>src</directory>

+    </fileSet>

+  </fileSets>

+</assembly>
\ No newline at end of file
diff --git a/trunk/build.properties.sample b/trunk/build.properties.sample
new file mode 100644
index 0000000..cff9c49
--- /dev/null
+++ b/trunk/build.properties.sample
@@ -0,0 +1,8 @@
+# To enable the use of proxy settings Replace XXXXX 

+# with your environment information and remove the '#' 

+# at the beginning of each line below.

+#http.proxyHost=XXXXX

+#http.proxyPort=XXXXX

+#http.nonProxyHosts=localhost|127.0.0.1

+#http.proxyUser=XXXXX

+#http.proxyPassword=XXXX

diff --git a/trunk/build.xml b/trunk/build.xml
new file mode 100644
index 0000000..8f5e901
--- /dev/null
+++ b/trunk/build.xml
@@ -0,0 +1,846 @@
+<?xml version="1.0"?>
+
+<project name="Web Services Security (WSS4J)" default="usage" basedir=".">
+    <!-- ================================================================== -->
+    <description>
+   Build file for WSS4J
+
+   This file is intended for ANT, a Java based build tool.
+   ANT is available from http://jakarta.apache.org/ant/index.html
+
+Prerequisites:
+    See the README file
+
+Build Instructions:
+   To build, run
+
+     ant "target"
+
+   on the directory where this file is located with the target you want.
+
+    </description>
+
+    <target name="init">
+        <property name='product.Name' value='Apache-WS-Security-J'/>
+        <property name='product.name' value='wss4j'/>
+        <property name='product.shortname' value='wss4j'/>
+
+        <property name='product.version.major' value='1'/>
+        <property name='product.version.minor' value='5'/>
+        <property name='product.version.level' value='4'/>
+        <property name='product.version' value='SNAPSHOT'/>
+        <!-- <property name='product.version' value='${product.version.major}.${product.version.minor}.${product.version.level}'/> -->
+        <property name="year" value="2008"/>
+        <property name="copyright" value="Copyright &#169; ${year} Apache WSS4J Project. All Rights Reserved."/>
+
+        <!-- Give user a chance to override without editing this file
+             (and without typing -D each time it compiles it) -->
+        <property file="./build.properties"/>
+        <property file="${user.home}/build.properties"/>
+
+        <!-- Place Holder for proxy settings -->
+        <property name="http.proxyHost" value=""/>
+        <property name="http.proxyPort" value=""/>
+        <property name="http.nonProxyHosts" value="localhost"/>
+        <property name="http.proxyUser" value=""/>
+        <property name="http.proxyPassword" value=""/>
+
+        <property name="dir.doc" value="./doc"/>
+        <property name="dir.dist" value="./dist"/>
+        <property name="dir.libs" value="./lib"/>
+        <property name="dir.endorsed.libs" value="./endorsed"/>
+        <property name="dir.src" value="./src"/>
+        <property name="dir.samples" value="./samples"/>
+        <property name="dir.test" value="./test"/>
+        <property name="dir.keys" value="./keys"/>
+        <property name="dir.specs" value="./specs"/>
+        <property name="dir.interop" value="./interop"/>
+        <property name="dir.webapp" location="./webapps/axis" />
+
+        <property name="build.dir" value="./build"/>
+        <property name="build.classes" value="${build.dir}/classes"/>
+        <property name="build.work" value="${build.dir}/work"/>
+        <property name="build.webapp" location="${build.dir}/webapps/axis"/>
+
+        <property name="jar.library" value="${product.shortname}-${product.version}.jar"/>
+
+        <property name="build.doc" value="${build.dir}/doc"/>
+        <property name="build.doc.xml" value="${build.doc}/xml"/>
+        <property name="build.doc.html" value="${build.doc}/html"/>
+        <property name="build.javadoc" value="${build.doc.html}/api"/>
+        <property name="build.junit.xml" value="${build.doc.xml}/junit"/>
+        <property name="build.junit.html" value="${build.doc.html}/junit"/>
+
+
+        <condition property="jdk13.present">
+          <equals arg1="${ant.java.version}" arg2="1.3"/>
+        </condition>
+
+        <condition property="jdk14.present">
+          <equals arg1="${ant.java.version}" arg2="1.4"/>
+        </condition>
+
+        <condition property="jdk15.present">
+          <equals arg1="${ant.java.version}" arg2="1.5"/>
+        </condition>
+
+        <condition property="merlin.ok">
+            <or>
+                <equals arg1="${ant.java.version}" arg2="1.4"/>
+                <equals arg1="${ant.java.version}" arg2="1.5"/>
+            </or>
+        </condition>
+
+        <!-- 
+
+         for the time being following path id uses the libs in the wss4j
+         lib directory only This is done to test if we really don't need
+         any axis libs. After this is done we can include the
+         java.class.path and leave the wss4j/lib empty. This requires that
+         the CLASSPATH includes all required packages (see above
+
+         -->
+        
+        
+        <path id="classpath.libraries" description="3rd party libs">
+            <fileset dir="${dir.libs}">
+                <include name="**/*.jar"/>
+                <exclude name="**/bcprov-jdk15-*.jar" unless="jdk15.present"/>
+                <exclude name="**/bcprov-jdk13-*.jar" if="jdk15.present" />
+                <!-- <pathelement path="${java.class.path}"/> -->
+            </fileset>
+            <fileset dir="${dir.endorsed.libs}">
+                <include name="**/*.jar"/>
+                <!-- <pathelement path="${java.class.path}"/> -->
+            </fileset>
+        </path>
+
+        <path id="classpath.wss4j" description="wss4j classes; first try pure class files, then jars">
+            <pathelement path="${build.classes}"/>
+            <pathelement path="${build.dir}/${jar.library}"/>
+        </path>
+
+        <path id="classpath.library">
+            <path refid="classpath.wss4j"/>
+            <path refid="classpath.libraries"/>
+        </path>
+
+        <taskdef resource="axis-tasks.properties" classpathref=
+              "classpath.library"/>
+        <taskdef name="runaxisfunctionaltests" classname=
+              "org.apache.axis.tools.ant.axis.RunAxisFunctionalTestsTask"
+            loaderref="axis">
+            <classpath refid="classpath.library"/>
+        </taskdef>
+      
+        <!-- this shall include Axis jars because the tests use the
+         Axis implementation of javax.xml.soap, etc. Therefore the
+         CLASSPATH is included.
+         -->
+        <path id="classpath.test">
+            <!-- classpath for test is librarypath plus junit -->
+            <path refid="classpath.library"/>
+<!--            <pathelement path="${java.class.path}"/> -->
+        </path>
+
+        <path id="classpath.test.jar">
+            <!-- classpath for test is librarypath plus junit -->
+            <path refid="classpath.library"/>
+            <pathelement path="${build.dir}/${jar.library}"/>
+            <pathelement path="${build.dir}/${jar.tests}"/>
+        </path>
+
+        <patternset id="distFiles">
+            <include name="build.xml"/>
+            <include name="LICENSE.txt"/>
+        </patternset>
+
+        <patternset id="srcFiles">
+         <!-- for some strange reasons, I can't use ${src} but must use src -->
+            <include name="src/**/*"/>
+        </patternset>
+
+        <patternset id="srcSamplesFiles">
+            <include name="samples/**/*"/>
+        </patternset>
+
+        <patternset id="srcUnitTestsFiles">
+            <include name="test/**/*"/>
+        </patternset>
+
+        <patternset id="srcInteropFiles">
+            <include name="interop/**/*"/>
+        </patternset>
+
+        <property name="javadoc.packages"
+            value="
+org.apache.ws.security,
+org.apache.ws.security.components,
+org.apache.ws.security.components.crypto,
+org.apache.ws.security.message,
+org.apache.ws.security.message.token,
+org.apache.ws.security.util,
+org.apache.ws.axis,
+org.apache.ws.axis.security,
+org.apache.ws.axis.security.util
+"/>
+
+      <echo level="debug">
+        -------------------------------------------------------------------
+        ${product.Name} v${product.version} [${year}] 
+        -------------------------------------------------------------------
+        Building with ${ant.version}
+        using build file ${ant.file}
+        Java ${java.version} located at ${java.home} 
+        -------------------------------------------------------------------
+        --- Property values ---
+        sun.boot.class.path=${sun.boot.class.path}
+      </echo>
+      <pathconvert targetos="windows" property="classpath.test.as.string" 
+          refid="classpath.test"/>
+      <echo level="debug">
+        classpath.test: ${classpath.test.as.string}
+      </echo>
+    </target>
+
+    <target name="usage" depends="init">
+      <echo>
+         Build instructions                                                
+        -------------------------------------------------------------------
+                                                                           
+         available targets are:                                            
+                                                                           
+           compile         --> compiles everything                         
+           compile.library --> compiles the source code                    
+           compile.samples --> compiles the samples source code            
+           compile.tests   --> compiles the tests source code              
+           compile.interops--> compiles the interop source code            
+                                                                           
+           javadoc         --> generates the API documentation             
+                               (needs Java > 1.2)                          
+                                                                           
+           test            --> runs the defined JUnit tests                
+           report          --> generates html report of test results       
+                                                                           
+           clean           --> cleans up all generated files and           
+                               directories                                 
+           jar             --> creates the JAR file                        
+           gump            --> includes javadoc, compile jar and test      
+                                                                           
+           usage           --> provides help on using the build tool       
+                               (default)                                   
+                                                                           
+           changelog       --> generates changelog.html                    
+                                                                           
+         See comments inside the build.xml file for more details.          
+        -------------------------------------------------------------------
+      </echo>
+    </target>
+
+    <target name="clean" depends="init"
+        description="Clean up all temporary build files">
+        <delete dir="${build.dir}"/>
+        <delete>
+            <fileset dir="." includes="before*.xml"/>
+            <fileset dir="." includes="after*.xml"/>
+            <fileset dir="." includes="signed*.xml"/>
+            <fileset dir="." includes="server*.wsdd"/>
+            <fileset dir="." includes="client*.wsdd"/>
+        </delete>
+        <delete dir="${dir.dist}"/>
+    </target>
+
+    <target name="prepare" depends="init"
+        description="This target generates a first build directory and checks for some libraries">
+        <tstamp/>
+        <mkdir dir="${build.dir}"/>
+        <!--<delete dir="${build.dir}/test-reports"/> -->
+        <mkdir dir="${build.dir}/test-reports"/>
+
+        <available property="junit.present" 
+                classname="junit.framework.TestCase">
+            <!-- check whether JUnit is available -->
+            <classpath refid="classpath.test"/>
+        </available>
+
+        <available property="bc.present" classname="org.bouncycastle.jce.provider.BouncyCastleProvider">
+            <!-- check whether BouncyCastle is available -->
+            <classpath refid="classpath.test"/>
+        </available>
+
+        <echo level="debug">
+        --- Flags (Note: If the {property name} is displayed,
+                   then the component is not present)
+        jdk13.present=${jdk13.present}
+        jdk14.present=${jdk14.present}
+        jdk15.present=${jdk15.present}
+        bc.present=${bc.present}
+        </echo>
+
+    </target>
+
+    <!-- ################################################################## -->
+    <!-- ################################################################## -->
+    <!-- ################################################################## -->
+    <!-- ################################################################## -->
+    <!-- ################################################################## -->
+
+    <target name="prepare-src" depends="prepare" 
+        description="This target copies the Java sources and brands the version information">
+        <!-- create directories -->
+        <mkdir dir="${build.classes}"/>
+    </target>
+
+    <target name="javadoc"
+        depends="prepare-src"
+        description="Generates javadoc from all .java files; this is done on the 'branded' files">
+        <mkdir dir="${build.doc}"/>
+        <mkdir dir="${build.doc.html}"/>
+        <mkdir dir="${build.javadoc}"/>
+
+        <javadoc destdir="${build.javadoc}"
+            packagenames="${javadoc.packages}"
+            classpathref="classpath.test">
+            <!-- additionalparam="-breakiterator"-->
+            <sourcepath>
+                <pathelement location="${dir.src}"/>
+                <pathelement location="${dir.test}"/>
+                <pathelement location="${dir.samples}"/>
+                <pathelement location="${dir.interop}"/>
+            </sourcepath>
+        </javadoc>
+    </target>
+
+    <!-- ################################################################## -->
+
+    <!-- Aliases -->
+    <target name="javadocs" depends="javadoc"/>
+    <target name="jars" depends="jar"/>
+
+    <!-- Collections -->
+    <target name="gump" 
+            depends="clean,javadoc,compile,test" 
+            description="Target for the gump run"/>
+
+    <target name="compile" 
+       depends="compile.library,compile.samples, compile.tests, 
+                compile.interops, fix.properties"
+            description="compile everything"/>
+
+    <target name="test"
+            depends="unitTests, systemTests"
+            description="tests everything"/>        
+
+    <!-- ################################################################## -->
+
+    <target name="fix.properties" if="jdk13.present">
+        <replace dir="${build.dir}" value="org.apache.ws.security.components.crypto.BouncyCastle">
+            <include name="**/*.properties"/>
+            <replacetoken>org.apache.ws.security.components.crypto.Merlin</replacetoken>
+        </replace>
+    </target>
+
+    <target name="compile.library" depends="prepare-src">
+        <!-- Compile the java code from ${dir.src} into ${build.classes} -->
+        <javac srcdir="${dir.src}" destdir="${build.classes}" debug="on" source="1.3" target="1.3">
+            <classpath refid="classpath.library"/>
+            <exclude name="**/Merlin.java" unless="merlin.ok"/>
+            <exclude name="**/sandbox/**/*.java" if="jdk13.present" />
+        </javac>
+        <!-- Copy Property files -->
+        <copy todir="${build.classes}">
+            <fileset dir="${dir.src}">
+                <include name="**/*.properties"/>
+                <exclude name="**/axis/**/*.properties"/>
+            </fileset>
+        </copy>
+    </target>
+
+    <target name="compile.tests"
+        depends="compile.interops"
+        if="junit.present">
+
+        <javac srcdir="${dir.test}" destdir="${build.classes}" debug="on" source="1.3" target="1.3">
+            <classpath refid="classpath.test"/>
+<!--            <exclude name="**/secconv/**/*.java"/> -->
+        </javac>
+
+        <mkdir dir="${build.work}"/>
+
+        <javac srcdir="${build.work}" destdir="${build.classes}" debug="on" source="1.3" target="1.3">
+            <classpath refid="classpath.test"/>
+        </javac>
+
+        <!-- Copy Property files -->
+        <copy todir="${build.classes}">
+            <fileset dir="${dir.test}" includes="**/*.properties"/>
+            <fileset dir="${dir.interop}">
+                <include name="**/*.properties"/>
+            </fileset>
+        </copy>
+    </target>
+
+    <target name="compile.samples"
+        depends="compile.library">
+        <!-- Compile the java code from ${dir.src} into ${build.classes} -->
+        <javac srcdir="${dir.samples}"
+            debug="on"
+            source="1.4"
+            destdir="${build.classes}" target="1.4">
+            <classpath refid="classpath.library"/>
+        </javac>
+        <copy todir="${build.classes}">
+            <fileset dir="${dir.src}" includes="**/axis/**/*.properties"/>
+        </copy>
+    </target>
+
+    <target name="compile.interops"
+        depends="compile.library">
+        <ant dir="${dir.interop}"
+            antfile="build.xml"
+            target="compile"
+            inheritAll="false">
+        </ant>
+    </target>
+
+    <target name="systemTests" unless="skip.tests" depends="compile"
+        if="junit.present"
+        description="Runs all JUnit tests">
+        <runaxisfunctionaltests
+            url="http://localhost:8088"
+            httpServerTarget="start-functional-test-http-server"
+            testTarget="allTests"
+            httpStopTarget="stop-functional-test-http-server"/>
+    </target>
+
+    <target name="start-functional-test-http-server" if="junit.present">
+        <echo message="Starting http server."/>
+        <java classname="org.apache.axis.transport.http.SimpleAxisServer" 
+          fork="yes" dir="${build.dir}">
+            <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
+            <classpath refid="classpath.library"/>
+        </java>
+    </target>
+
+    <target name="stop-functional-test-http-server" if="junit.present">
+        <echo message="Stopping http server."/>
+        <java classname="org.apache.axis.client.AdminClient" fork="yes">
+            <classpath refid="classpath.library"/>
+            <arg line="quit"/>
+        </java>
+    </target>
+
+    <target name="allTests" depends="interopTests">
+    </target>
+
+    <target name="interopTests" depends="init">
+        <echo message="Running system tests - BEGIN..."/>
+
+        <path id="undeploy_xml_files">
+            <fileset dir="${build.work}">
+                <include name="**/undeploy.wsdd"/>
+            </fileset>
+        </path>
+        <property name="undeploy_xml_property" refid="undeploy_xml_files"/>
+
+        <antcall target="deployWSDD" />
+        <junit printsummary="yes"
+            haltonfailure="yes"
+            fork="yes"
+            dir="${basedir}">
+            <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
+            <jvmarg value="-Dhttp.proxyHost=${http.proxyHost}"/>
+            <jvmarg value="-Dhttp.proxyPort=${http.proxyPort}"/>
+            <jvmarg value="-Dhttp.nonProxyHosts=${http.nonProxyHosts}"/>
+            <jvmarg value="-Dhttp.proxyUser=${http.proxyUser}"/>
+            <jvmarg value="-Dhttp.proxyPassword=${http.proxyPassword}"/>
+            <classpath refid="classpath.test"/>
+            <formatter type="xml"/>
+            <batchtest todir="${build.dir}/test-reports">
+                <fileset dir="${build.classes}">
+                    <include name="**/interop/PackageTests.class"/>
+                </fileset>
+            </batchtest>
+        </junit>
+
+        <java classname="org.apache.axis.utils.Admin" fork="true">
+            <classpath refid="classpath.library"/>
+            <arg value="client"/>
+            <arg file=
+               "${build.work}/org/apache/ws/axis/oasis/ping/undeploy.wsdd"/>
+        </java>
+
+        <junit printsummary="yes"
+            haltonfailure="yes"
+            fork="yes"
+            dir="${basedir}">
+            <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
+            <jvmarg value="-Dhttp.proxyHost=${http.proxyHost}"/>
+            <jvmarg value="-Dhttp.proxyPort=${http.proxyPort}"/>
+            <jvmarg value="-Dhttp.nonProxyHosts=${http.nonProxyHosts}"/>
+            <jvmarg value="-Dhttp.proxyUser=${http.proxyUser}"/>
+            <jvmarg value="-Dhttp.proxyPassword=${http.proxyPassword}"/>
+            <classpath refid="classpath.test"/>
+            <formatter type="xml"/>
+            <batchtest todir="${build.dir}/test-reports">
+                <fileset dir="${build.classes}">
+                    <include name="**/interop/TestJAXRPCHandler.class"/>
+                </fileset>
+            </batchtest>
+        </junit>
+
+        <java classname="org.apache.axis.client.AdminClient" fork="yes">
+            <classpath refid="classpath.library"/>
+            <arg line="${undeploy_xml_property}"/>
+        </java>
+        
+        <echo message="Running system tests - END..."/>
+    </target>
+
+    <target name="unitTests" unless="skip.tests" depends="compile">
+        <junit printsummary="yes"
+            haltonfailure="yes"
+            fork="yes"
+            dir="${basedir}">
+            <!-- See if this helps with Gump test failures -->
+            <sysproperty key="build.clonevm" value="true"/>
+
+            <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
+            <jvmarg value="-Dhttp.proxyHost=${http.proxyHost}"/>
+            <jvmarg value="-Dhttp.proxyPort=${http.proxyPort}"/>
+            <jvmarg value="-Dhttp.nonProxyHosts=${http.nonProxyHosts}"/>
+            <jvmarg value="-Dhttp.proxyUser=${http.proxyUser}"/>
+            <jvmarg value="-Dhttp.proxyPassword=${http.proxyPassword}"/>
+            <classpath refid="classpath.test"/>
+            <formatter type="xml"/>
+            <batchtest todir="${build.dir}/test-reports">
+                <fileset dir="${build.classes}">
+                    <include name="**/wssec/PackageTests.class"/>
+                    <include name="**/components/PackageTests.class"/>
+             <!--<include name="**/secconv/components/PackageTests.class"/> -->
+                </fileset>
+            </batchtest>
+        </junit>
+    </target>
+
+    <target name="sandboxTests" depends="compile">
+        <java classname="org.apache.axis.client.AdminClient" fork="yes">
+            <classpath refid="classpath.library"/>
+            <arg line="${dir.samples}/org/apache/ws/sandbox/security/trust2/samples/deploy.wsdd"/>
+        </java>
+
+        <junit printsummary="yes"
+            haltonfailure="yes"
+            fork="yes"
+            dir="${basedir}">
+            <!-- See if this helps with Gump test failures -->
+            <sysproperty key="build.clonevm" value="true"/>
+
+            <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
+            <jvmarg value="-Dhttp.proxyHost=${http.proxyHost}"/>
+            <jvmarg value="-Dhttp.proxyPort=${http.proxyPort}"/>
+            <jvmarg value="-Dhttp.nonProxyHosts=${http.nonProxyHosts}"/>
+            <jvmarg value="-Dhttp.proxyUser=${http.proxyUser}"/>
+            <jvmarg value="-Dhttp.proxyPassword=${http.proxyPassword}"/>
+            <classpath refid="classpath.test"/>
+            <formatter type="xml"/>
+            <batchtest todir="${build.dir}/test-reports">
+                <fileset dir="${build.classes}">
+                    <include name="**/sandbox/PackageTests.class"/>
+                </fileset>
+            </batchtest>
+        </junit>
+
+        <java classname="org.apache.axis.client.AdminClient" fork="yes">
+            <classpath refid="classpath.library"/>
+            <arg line="${dir.samples}/org/apache/ws/sandbox/security/trust2/samples/undeploy.wsdd"/>
+        </java>
+    </target>
+    
+    <target name="tcpmon" depends="init" description=
+                "Start standalone tcp monitor application (provided by axis)">
+        <java dir="${basedir}" fork="yes" failOnError="true" 
+                 className="org.apache.axis.utils.tcpmon">
+            <classpath refid="classpath.library" />
+             <arg value="9080" />
+             <arg value="localhost" />
+             <arg value="8080" />
+         </java>
+    </target>
+
+    <!--
+    This runs the selected scenario with SimpleAxisServer locally.
+    Before you start this target be sure you have started tcpmon too 
+        in a separate
+    "ant tcpmon" call.
+    To run different scenarios use: "ant -DNumber=x scenarioTest" 
+        to run scenario x
+    -->
+    <target name="scenarioTest" depends="compile"
+        if="junit.present"
+        description="Runs all JUnit tests">
+        <runaxisfunctionaltests
+            url="http://localhost:8088"
+            httpServerTarget="start-functional-test-http-server"
+            testTarget="scenario"
+            httpStopTarget="stop-functional-test-http-server"/>
+    </target>
+
+    <target name="scenario" if="junit.present">
+        <echo message=
+          "Running interop test scenario ${Number} on SimpleAxisServer"/>
+
+        <antcall target="deployWSDD" />
+        
+        <java classname="interop.TestScenario${Number}" fork="yes" 
+                 dir="${basedir}">
+            <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
+            <classpath refid="classpath.library"/>
+        </java>
+
+        <antcall target="undeployWSDD" />
+
+    </target>
+    
+    <!--
+    This runs the selected scenario with SimpleAxisServer locally 
+        with perfomance
+    timing switched on.
+    You may also emable the **.TIME entry in log4j.properties to get 
+        the internal
+    timing.
+    To run different scenarios use: "ant -DNumber=x scenarioTest" 
+        to run scenario x
+    -->
+    <target name="performanceTest" depends="compile"
+        if="junit.present"
+        description="Runs all JUnit tests">
+        <runaxisfunctionaltests
+            url="http://localhost:8088"
+            httpServerTarget="start-functional-test-http-server"
+            testTarget="performance"
+            httpStopTarget="stop-functional-test-http-server"/>
+    </target>
+
+    <target name="performance" if="junit.present">
+        <echo message=
+           "Running performance test scenario ${Number} on SimpleAxisServer"/>
+
+        <antcall target="deployWSDD" />
+        <java classname="interop.TestScenario${Number}" fork="yes" 
+            dir="${basedir}">
+            <jvmarg value="-Djava.endorsed.dirs=${basedir}/endorsed"/>
+       <arg value="-lhttp://localhost:8080/axis/services/Ping${Number}" />
+            <arg value="-t" />
+            <classpath refid="classpath.library"/>
+        </java>
+        <antcall target="undeployWSDD" />
+    </target>
+    
+    <target name="deployWSDD">
+      <path id="deploy_xml_files">
+      <fileset dir="${build.work}">
+        <include name="**/deploy.wsdd"/>
+      </fileset>
+      </path>
+
+      <copy todir="${build.dir}/keys">
+        <fileset dir="${dir.keys}" includes="**"/>
+      </copy>
+      <copy todir="${build.dir}/interop">
+        <fileset dir="${dir.interop}" includes="*.jks"/>
+      </copy>
+
+      <property name="deploy_xml_property" refid="deploy_xml_files"/>
+ 
+      <java classname="org.apache.axis.utils.Admin" fork="true">
+        <classpath refid="classpath.library"/>
+        <arg value="client"/>
+        <arg file="${build.work}/org/apache/ws/axis/oasis/Client_deploy.wsdd"/>
+      </java>
+        
+      <java classname="org.apache.axis.client.AdminClient" fork="yes">
+        <classpath refid="classpath.library"/>
+        <arg line="${deploy_xml_property}"/>
+      </java>
+    </target>
+    
+    <target name="undeployWSDD">
+      <path id="undeploy_xml_files">
+        <fileset dir="${build.work}">
+          <include name="**/undeploy.wsdd"/>
+        </fileset>
+      </path>
+
+      <property name="undeploy_xml_property" refid="undeploy_xml_files"/>
+
+      <java classname="org.apache.axis.utils.Admin" fork="true">
+            <classpath refid="classpath.library"/>
+            <arg value="client"/>
+            <arg file=
+                 "${build.work}/org/apache/ws/axis/oasis/ping/undeploy.wsdd"/>
+      </java>
+
+      <java classname="org.apache.axis.client.AdminClient" fork="yes">
+        <classpath refid="classpath.library"/>
+        <arg line="${undeploy_xml_property}"/>
+      </java>
+    </target>
+        
+    <!-- generate a report from all the tests. 
+           requires Xalan or other XSLT engine in ant\lib-->
+
+   <target name="report" depends="init">
+        <junitreport todir="${build.dir}/test-reports">
+            <fileset dir="${build.dir}/test-reports">
+                <include name="TEST-*.xml"/>
+            </fileset>
+            <report format="frames" todir="${build.dir}/test-reports/html"/>
+        </junitreport>
+        <echo message=
+            "point your browser to ${build.dir}/test-reports/html/index.html"/>
+    </target>
+
+    <target name="jar"
+        depends="compile, test"
+        description="Creates the ${jar.library}">
+
+        <jar jarfile="${build.dir}/${jar.library}"
+            basedir="${build.classes}"
+            includes="**/*, *.txt"
+            excludes="components/**, *.properties, **/sandbox/**, wssec/**, **/interop/**, **/oasis/**, **/samples/**" 
+            />
+    </target>
+
+    <target name="dist" depends="bindist, otherdist, srcdist"/>
+
+   <target name="bindist" depends="gump" 
+      description="Build zip file for distro">
+     <delete dir="${dir.dist}"/>
+     <mkdir dir="${dir.dist}"/>
+     <jar jarfile="${dir.dist}/${jar.library}"
+       basedir="${build.classes}"
+       includes="**/apache/**/security/**"  />
+     <zip destfile=
+        "${dir.dist}/${product.shortname}-bin-${product.version}.zip">
+        <zipfileset prefix="wss4j" dir="."
+          includes="keys/**, interop/**, interop2/**, test/**, samples/**,
+          LICENSE.txt, README.txt, NOTICE, legal/**, webapps/**"/>
+        <zipfileset prefix="wss4j/classes" dir="${build.classes}"
+          includes=
+     "*.properties, interop/**, wssec/**, org/**/oasis/**, org/**/samples/**"/>
+        <zipfileset prefix="wss4j/doc/api" dir="${build.javadoc}"/>
+        <zipfileset fullpath="wss4j/${jar.library}" dir="${dir.dist}" 
+          includes="${jar.library}"/>
+      </zip>
+    </target>
+
+    <target name="otherdist" depends="init" 
+             description="Build zip for required jars">
+         <mkdir dir="${dir.dist}"/>
+         <zip destfile=
+           "${dir.dist}/${product.shortname}-otherjars-${product.version}.zip">
+             <zipfileset prefix="wss4j" dir="."
+                 includes="lib/*.jar, endorsed/*.jar"/>
+         </zip>
+     </target>  
+    
+    <target name="srcdist" depends="init" description=
+               "Build source zip file for distro">
+        <mkdir dir="${dir.dist}"/>
+        <zip destfile=
+                 "${dir.dist}/${product.shortname}-src-${product.version}.zip">
+            <zipfileset prefix="wss4j" dir="."
+                includes="src/** LICENSE.txt README.txt NOTICE legal/** build.xml "/>
+        </zip>
+    </target>
+
+    <target name="fixcrlf"
+        description="Fixes CRLF">
+        <fixcrlf srcdir="."
+            eol="crlf"
+            includes="**/*.java"
+            />
+        <fixcrlf srcdir="."
+            eol="crlf"
+            includes="**/*.properties"
+            />
+    </target>
+
+    <target name="changelog"
+        depends="prepare"
+        description="Generate the changelog for WSS4J project">
+        <cvschangelog dir="."
+            destfile="${build.dir}/changelog.xml"
+            />
+        <style in="${build.dir}/changelog.xml"
+            out="${build.dir}/changelog.html"
+            style="./tools/changelog.xsl">
+            <param name="title" expression="WSS4J ChangeLog"/>
+            <param name="module" expression="ws-wss4j"/>
+            <param name="cvsweb" expression="http://cvs.apache.org/viewcvs/"/>
+        </style>
+    </target>
+
+  <!-- =================================================================== -->
+  <!-- Creates a war file for interop testing                              -->
+  <!-- =================================================================== -->
+  <target name="interop-war" depends="test"
+      description="Create the web application" >
+    <mkdir dir="${build.webapp}"/>
+    <copy todir="${build.webapp}">
+      <fileset dir="${dir.webapp}"/>
+    </copy>
+    <copy todir="${build.webapp}/WEB-INF/lib">
+      <fileset dir="${dir.libs}">
+        <include name="*.jar"/>
+      </fileset>
+      <fileset dir="${basedir}/endorsed">
+        <include name="*.jar"/>
+      </fileset>
+    </copy>
+    <copy todir="${build.webapp}/WEB-INF">
+      <fileset dir="${build.dir}">
+        <include name="*.wsdd"/>
+      </fileset>
+    </copy>
+    <copy todir="${build.webapp}/WEB-INF/classes/">
+      <fileset dir="${build.classes}"/>
+    </copy>
+    <copy todir="${build.webapp}/WEB-INF/classes/">
+      <fileset dir=".">
+          <include name="client-config.wsdd"/>
+      </fileset>
+    </copy>
+    <copy todir="${build.webapp}/WEB-INF/classes/interop">
+        <fileset dir="${dir.interop}">
+            <include name="**/interop2.jks"/>
+        </fileset>
+    </copy>
+
+    <delete>
+      <fileset dir="${build.webapp}" includes="**/CVS"/>
+    </delete>
+    <path id="deploy_xml_files">
+        <fileset dir="${build.work}">
+            <include name="**/deploy.wsdd"/>
+        </fileset>
+    </path>
+    <property name="deploy_xml_property" refid="deploy_xml_files"/>
+    <java classname="org.apache.axis.utils.Admin" fork="true"
+        dir="${build.webapp}/WEB-INF/classes">
+      <classpath refid="classpath.library"/>
+      <arg value="client"/>
+      <arg file="${build.work}/org/apache/ws/axis/oasis/Client_deploy.wsdd"/>
+    </java>
+    <java classname="org.apache.axis.utils.Admin" fork="yes" 
+        dir="${build.webapp}/WEB-INF">
+        <classpath refid="classpath.library"/>
+        <arg line="server"/>
+        <arg line="${deploy_xml_property}"/>
+    </java>
+
+    <jar jarfile="${build.dir}/wss4j.war" basedir="${build.webapp}"/>
+  </target>
+
+</project>
diff --git a/trunk/endorsed/xercesImpl.jar b/trunk/endorsed/xercesImpl.jar
new file mode 100644
index 0000000..eac75ae
--- /dev/null
+++ b/trunk/endorsed/xercesImpl.jar
Binary files differ
diff --git a/trunk/endorsed/xml-apis.jar b/trunk/endorsed/xml-apis.jar
new file mode 100644
index 0000000..243eaea
--- /dev/null
+++ b/trunk/endorsed/xml-apis.jar
Binary files differ
diff --git a/trunk/interop/WSETEST.cer b/trunk/interop/WSETEST.cer
new file mode 100644
index 0000000..1ad4118
--- /dev/null
+++ b/trunk/interop/WSETEST.cer
Binary files differ
diff --git a/trunk/interop/build.xml b/trunk/interop/build.xml
new file mode 100644
index 0000000..a72abfe
--- /dev/null
+++ b/trunk/interop/build.xml
@@ -0,0 +1,102 @@
+<project name="Axis_OASIS_Interop" default="compile">
+    <description>
+        generate files from WSDL description, also target to deploy
+        the service in a runing Axis (probably in Tomcat or alike)
+    </description>
+
+    <!-- The following setting assumes that all necessary libs (jars)
+      are located in a lib directory directly under wss4j. First set
+      a reference to the wss4j relative to this working directory -->
+    <property name="dir.wss4j" value="${basedir}/.."/>
+    <property name="dir.interop" value="${dir.wss4j}/interop"/>
+    <property name="dir.work" value="${dir.wss4j}/build/work"/>
+    <property name="dir.classes" value="${dir.wss4j}/build/classes"/>
+    <property name="dir.libs" value="${dir.wss4j}/lib"/>
+
+    <property name="server" value="org/apache/ws/axis/oasis/ping"/>
+    <property name="client" value="org/apache/ws/axis/oasis"/>
+
+    <path id="classpath.libraries" description=" 3rd party and Axis libs">
+        <fileset dir="${dir.libs}">
+            <include name="**/*.jar"/>
+        </fileset>
+    </path>
+
+    <taskdef resource="axis-tasks.properties" classpathref="classpath.libraries"/>
+
+    <target name="clientdeploy">
+        <java classname="org.apache.axis.utils.Admin" fork="true">
+            <classpath refid="classpath.libraries"/>
+            <arg value="client"/>
+            <arg file="${dir.work}/${client}/Client_deploy.wsdd"/>
+        </java>
+    </target>
+
+    <target name="serverdeploy">
+        <java classname="org.apache.axis.client.AdminClient" fork="true">
+            <classpath refid="classpath.libraries"/>
+            <arg file="${dir.work}/${server}/deploy.wsdd"/>
+        </java>
+    </target>
+
+    <target name="serverundeploy">
+        <java classname="org.apache.axis.client.AdminClient" fork="true">
+            <classpath refid="classpath.libraries"/>
+            <arg file="${dir.work}/${server}/undeploy.wsdd"/>
+        </java>
+    </target>
+
+    <target name="chkWsdl">
+      <uptodate property="wsdl.notRequired" 
+        targetfile="${dir.work}/${server}/PingBindingImpl.java"
+        srcfile="${dir.interop}/ping.wsdl"/>
+    </target>
+
+    <target name="wsdl" depends="chkWsdl" unless="wsdl.notRequired">
+      <axis-wsdl2java
+          output="${dir.work}"
+          serverSide="yes"
+          testcase="no"
+          verbose="no"
+          url="${dir.interop}/ping.wsdl">
+          <mapping
+              namespace="http://xmlsoap.org/Ping"
+              package="org.apache.ws.axis.oasis.ping"/>
+      </axis-wsdl2java>
+    </target>
+
+    <target name="init">
+      <mkdir dir="${dir.work}"/>
+    </target>
+
+    <target name="compile" depends="init, wsdl">
+        <copy todir="${dir.work}/${server}" overwrite="yes">
+          <fileset dir="${dir.interop}/${server}">
+            <include name="*.java"/>
+            <include name="*.wsdd"/>
+          </fileset>
+        </copy>
+        <copy todir="${dir.work}/${client}" overwrite="yes">
+          <fileset dir="${dir.interop}/${client}">
+            <include name="*.java"/>
+            <include name="*.wsdd"/>
+          </fileset>
+        </copy>
+        <javac srcdir="${dir.work}" 
+                destdir="${dir.classes}"
+                source="1.4"
+               debug="true">
+          <classpath refid="classpath.libraries" />
+          <include name="${server}/*.java" />
+          <include name="${client}/*.java" />
+        </javac>
+    </target>
+
+    <target name="clean"
+        description="clean up">
+        <delete dir="${dir.work}/${server}"/>
+        <delete dir="${dir.classes}/${server}"/>
+        <delete dir="${dir.work}/${client}"/>
+        <delete dir="${dir.classes}/${client}"/>
+    </target>
+</project>
\ No newline at end of file
diff --git a/trunk/interop/interop.jks b/trunk/interop/interop.jks
new file mode 100644
index 0000000..c8a34a9
--- /dev/null
+++ b/trunk/interop/interop.jks
Binary files differ
diff --git a/trunk/interop/interop2.jks b/trunk/interop/interop2.jks
new file mode 100644
index 0000000..babac0f
--- /dev/null
+++ b/trunk/interop/interop2.jks
Binary files differ
diff --git a/trunk/interop/keys/Alice.cer b/trunk/interop/keys/Alice.cer
new file mode 100644
index 0000000..a23c79b
--- /dev/null
+++ b/trunk/interop/keys/Alice.cer
Binary files differ
diff --git a/trunk/interop/keys/Bob.cer b/trunk/interop/keys/Bob.cer
new file mode 100644
index 0000000..1b8b8ee
--- /dev/null
+++ b/trunk/interop/keys/Bob.cer
Binary files differ
diff --git a/trunk/interop/keys/README.txt b/trunk/interop/keys/README.txt
new file mode 100644
index 0000000..380c8b7
--- /dev/null
+++ b/trunk/interop/keys/README.txt
@@ -0,0 +1,34 @@
+- Certificates and keys are from the Gartner WSS interop show. 
+- Passwords for every private key is 'password' (no quotes). 
+- Bob identity for service and Alice identity for client.
+- The ca.pfx files contains cert and private key for intermediary CA 
+  used to issue Alice and Bob certificates and root.pfx contains cert 
+  and private key for root CA used to issue the intermediary CA 
+  certificate.
+- Conversion tips are from http://mark.foster.cc/kb/openssl-keytool.html
+- Please use JDK1.5 (importing WssIP has problems with JDK1.4)
+
+set CLASSPATH=org.mortbay.jetty-5.1.4rc0.jar;
+
+java org.mortbay.util.PKCS12Import alice.pfx interop2.jks
+keytool -keyclone -keystore interop2.jks -alias 1 -dest alice
+keytool -delete -keystore interop2.jks -alias 1
+
+java org.mortbay.util.PKCS12Import bob.pfx interop2.jks
+keytool -keyclone -keystore interop2.jks -alias 1 -dest bob
+keytool -delete -keystore interop2.jks -alias 1
+
+java org.mortbay.util.PKCS12Import WssIP.pfx interop2.jks
+keytool -keyclone -keystore interop2.jks -alias "wssip's oasis interop test ca id" -dest wssip
+keytool -delete -keystore interop2.jks -alias "wssip's oasis interop test ca id"
+
+java org.mortbay.util.PKCS12Import ca.pfx ca.jks
+java org.mortbay.util.PKCS12Import root.pfx root.jks
+
+keytool -export -alias 1 -keystore root.jks -file root.crt
+keytool -export -alias 1 -keystore ca.jks -file ca.crt
+
+keytool -import -keystore interop2.jks -import -trustcacerts -alias root -file root.crt
+keytool -import -keystore interop2.jks -import -trustcacerts -alias ca -file ca.crt
+
+keytool -list -v -keystore interop2.jks
\ No newline at end of file
diff --git a/trunk/interop/keys/WssIP.cer b/trunk/interop/keys/WssIP.cer
new file mode 100644
index 0000000..df21df8
--- /dev/null
+++ b/trunk/interop/keys/WssIP.cer
Binary files differ
diff --git a/trunk/interop/keys/WssIP.pfx b/trunk/interop/keys/WssIP.pfx
new file mode 100644
index 0000000..e68c46a
--- /dev/null
+++ b/trunk/interop/keys/WssIP.pfx
Binary files differ
diff --git a/trunk/interop/keys/alice.pfx b/trunk/interop/keys/alice.pfx
new file mode 100644
index 0000000..8d1e2f2
--- /dev/null
+++ b/trunk/interop/keys/alice.pfx
Binary files differ
diff --git a/trunk/interop/keys/bob.pfx b/trunk/interop/keys/bob.pfx
new file mode 100644
index 0000000..4cda657
--- /dev/null
+++ b/trunk/interop/keys/bob.pfx
Binary files differ
diff --git a/trunk/interop/keys/ca.cer b/trunk/interop/keys/ca.cer
new file mode 100644
index 0000000..d73fb39
--- /dev/null
+++ b/trunk/interop/keys/ca.cer
Binary files differ
diff --git a/trunk/interop/keys/ca.pfx b/trunk/interop/keys/ca.pfx
new file mode 100644
index 0000000..7f264a7
--- /dev/null
+++ b/trunk/interop/keys/ca.pfx
Binary files differ
diff --git a/trunk/interop/keys/root.cer b/trunk/interop/keys/root.cer
new file mode 100644
index 0000000..e20d049
--- /dev/null
+++ b/trunk/interop/keys/root.cer
Binary files differ
diff --git a/trunk/interop/keys/root.pfx b/trunk/interop/keys/root.pfx
new file mode 100644
index 0000000..e6d14f3
--- /dev/null
+++ b/trunk/interop/keys/root.pfx
Binary files differ
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd b/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd
new file mode 100644
index 0000000..a6f6fae
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Client_deploy.wsdd
@@ -0,0 +1,281 @@
+<deployment xmlns="http://xml.apache.org/axis/wsdd/"
+            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+
+ <!--
+ Usage of cert/key identifiers (parameter: user / encryptionUser):
+ For the interop tests we have two different certificate/key pairs:
+ Server certificate: 
+ 	contained in bob.pfx
+ 	identified with: bob
+ Client certificate:
+    contained in alice.pfx
+    identified with: alice
+ 
+ The Server uses it's certificate/private key to sign its request, the client
+ uses the server's certificate/pub key to encrypt requests
+
+ The client uses it's certificate/private key to sign its request, the server 
+ uses the client's certificate/pub key to encrypt responses-
+ -->
+ <!-- define the service, using the WSDoAllSender security handler in request flow -->
+ <service name="Ping1">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="user" value="Chris"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="UsernameToken"/>
+    <parameter name="passwordType" value="PasswordText" />
+   </handler>
+  </requestFlow>
+  </service>
+
+ <service name="Ping2">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="UsernameToken Encrypt"/>
+    <parameter name="user" value="Chris"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="passwordType" value="PasswordText" />
+    <parameter name="addUTElements" value="Nonce Created" />
+    <parameter name="encryptionPropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <!-- Use the Server's cert/key to encrypt the request -->
+    <parameter name="encryptionUser" value="bob" />
+    <parameter name="encryptionParts" 
+      value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" />  
+   </handler>
+  </requestFlow>
+  </service>
+  
+ <service name="Ping2a">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="UsernameTokenSignature Encrypt Timestamp"/>
+    <parameter name="user" value="Chris"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="encryptionPropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <!-- Use the Server's cert/key to encrypt the request -->
+    <parameter name="encryptionUser" value="bob" />
+    <parameter name="encryptionParts" 
+      value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" />  
+   </handler>
+  </requestFlow>
+  </service>
+
+ <service name="Ping2b">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="UsernameTokenSignature Timestamp"/>
+    <parameter name="user" value="Chris"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="passwordType" value="PasswordDigest" />
+    <parameter name="signatureParts" 
+      value="Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" />  
+    
+   </handler>
+  </requestFlow>
+  </service>
+
+ <service name="Ping3">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <!-- Use the Client's cert/key to sign the request -->
+    <parameter name="user" value="alice"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <parameter name="encryptionUser" value="bob" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>
+  </responseFlow>
+ </service>
+
+ <service name="Ping4">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <!-- Use the Client's cert/key to sign the request -->
+    <parameter name="user" value="alice"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="EmbeddedKeyName" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+    <parameter name="EmbeddedKeyCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1" />
+    <parameter name="EmbeddedKeyName" value="SessionKey" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>
+  </responseFlow>
+  
+  </service>
+
+ <service name="Ping5">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature NoSerialization"/>
+    <!-- Use the Client's cert/key to sign the request -->
+    <parameter name="user" value="alice"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="signatureParts" value="{}{http://xmlsoap.org/Ping}ticket" />    
+   </handler>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature Timestamp"/>
+    <!-- Use the Client's cert/key to sign the request -->
+    <parameter name="user" value="alice"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>  
+  </requestFlow>
+  </service>
+
+ <service name="Ping6">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Encrypt Signature Timestamp"/>
+    <!-- Use the Client's cert/key to sign the request -->
+    <parameter name="user" value="alice"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <!-- Use the Server's cert/key to encrypt the request -->
+    <parameter name="encryptionUser" value="bob" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Encrypt Signature Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>
+  </responseFlow>
+  </service>
+
+
+ <service name="Ping7">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <parameter name="user" value="alice"/>
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="signatureParts"
+      value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <parameter name="encryptionUser" value="bob" />
+    <parameter name="encryptionPropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="decryptionPropFile" value="wsstest.properties" />
+   </handler>
+  </responseFlow>
+  </service>
+
+ <service name="STPing1">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Timestamp SAMLTokenUnsigned"/>
+    <parameter name="samlPropFile" value="saml.properties"/>
+    
+   </handler>
+  </requestFlow>
+  </service>
+  
+  <!--
+    The saml3.properties file defines a SAML token with "sender vouches"
+    option. Thus no further user specific data is required here. The
+    SAML issuer takes all the data from its data store (for the bare bone
+    SAML issuer included here: these data is in the saml properties file).
+    The SAML issuer uses its own certificate to sign, own certificate store,
+    etc.
+    
+    The DoAllSender then gets the issuer's data (key name, key password)
+    and forwards it to the SignEnvelope. The SignEnvelope now signs the
+    SAML token _and_ at least one part of the message (SOAP Body if nothing
+    was specified, or the specified part).
+   --> 
+   <service name="STPing3">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Timestamp SAMLTokenSigned"/>
+    <parameter name="samlPropFile" value="saml3.properties"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+   </handler>
+  </requestFlow>
+  </service>
+  
+  <!--
+    The saml4.properties file defines a SAML token with "holder-of-key"
+    option. Because the DoAllSender handler acts as both, user and requestor,
+    we need the user specific data here. The handler gets this information,
+    forwards it to our (bare bone) SAML issuer. The SAML issuer creates
+    the SAML token and includes the user's certificate, and signs the
+    whole token with its certificate / Private Key.
+    
+    DoAllSender forwards the user's information to SignEnvelope that uses
+    this to sign the message (SOAP Body if nothing was specified, or the 
+    specified part). Because the issuer signed the SAML token the user's
+    certificate (contained in the token) can be trusted.
+   --> 
+   <service name="STPing4">
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Timestamp SAMLTokenSigned"/>
+    <parameter name="samlPropFile" value="saml4.properties"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback"/>
+    <parameter name="signaturePropFile" value="crypto.properties" />    
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+   </handler>
+  </requestFlow>
+  </service>
+  
+ <transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
+ <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
+ <transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
+  
+  
+ </deployment>
diff --git a/trunk/interop/org/apache/ws/axis/oasis/PWCallback.java b/trunk/interop/org/apache/ws/axis/oasis/PWCallback.java
new file mode 100644
index 0000000..d2302b3
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/PWCallback.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * @author Werner Dittmann (Werner.Dittmann@siemens.com)
+ */
+package org.apache.ws.axis.oasis;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+/**
+ * Class PWCallback
+ */
+public class PWCallback implements CallbackHandler {
+
+    /** Field key */
+    private static final byte[] key = {
+        (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+        (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+        (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+        (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+        (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+    };
+
+    /*
+     * (non-Javadoc)
+     * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+     */
+
+    /**
+     * Method handle
+     * 
+     * @param callbacks 
+     * @throws IOException                  
+     * @throws UnsupportedCallbackException 
+     */
+    public void handle(Callback[] callbacks)
+            throws IOException, UnsupportedCallbackException {
+
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WSPasswordCallback) {
+                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+                /*
+                 * here call a function/method to lookup the password for
+                 * the given identifier (e.g. a user name or keystore alias)
+                 * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+                 * for Testing we supply a fixed name here.
+                 */
+                if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+                    pc.setKey(key);
+                } else {
+                    pc.setPassword("security");
+                }
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i],
+                        "Unrecognized Callback");
+            }
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/PWCallback1.java b/trunk/interop/org/apache/ws/axis/oasis/PWCallback1.java
new file mode 100644
index 0000000..ec18e08
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/PWCallback1.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * @author Werner Dittmann (Werner.Dittmann@siemens.com)
+ */
+package org.apache.ws.axis.oasis;
+
+import org.apache.ws.security.WSPasswordCallback;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+/**
+ * Class PWCallback
+ */
+public class PWCallback1 implements CallbackHandler {
+
+    /** Field key */
+    private static final byte[] key = {
+        (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+        (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+        (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+        (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+        (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+    };
+
+
+    /*
+     * (non-Javadoc)
+     * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+     */
+
+
+    /**
+     * Method handle
+     * 
+     * @param callbacks 
+     * @throws java.io.IOException                  
+     * @throws javax.security.auth.callback.UnsupportedCallbackException 
+     */
+    public void handle(Callback[] callbacks)
+            throws IOException, UnsupportedCallbackException {
+
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WSPasswordCallback) {
+                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+                /*
+                 * This usage type is used only in case we received a
+                 * username token with a password of type PasswordText or
+                 * an unknown password type.
+                 * 
+                 * This case the WSPasswordCallback object contains the
+                 * identifier (aka username), the password we received, and
+                 * the password type string to identify the type.
+                 * 
+                 * Here we perform only a very simple check.
+                 */
+
+                if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+                    if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
+                        return;
+                    }
+                    if (pc.getPassword().equals("sirhC")) {
+                        return;
+                    }
+                    throw new UnsupportedCallbackException(callbacks[i],
+                    "check failed");
+                }
+
+                /*
+                 * here call a function/method to lookup the password for
+                 * the given identifier (e.g. a user name or keystore alias)
+                 * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+                 * for Testing we supply a fixed name here.
+                 */
+
+                if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+                    pc.setKey(key);
+                } else if(pc.getIdentifier().equals("alice")) {
+                    pc.setPassword("password");
+                } else if(pc.getIdentifier().equals("bob")) {
+                    pc.setPassword("password");
+                } else if(pc.getIdentifier().equals("Ron")) {
+                    pc.setPassword("noR");
+                } else {
+                    pc.setPassword("sirhC");
+                }
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i],
+                        "Unrecognized Callback");
+            }
+        }
+    }
+}
+
diff --git a/trunk/interop/org/apache/ws/axis/oasis/STScenario1.java b/trunk/interop/org/apache/ws/axis/oasis/STScenario1.java
new file mode 100644
index 0000000..35aaa7e
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/STScenario1.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario1
+ */
+public class STScenario1 {
+
+    /** Field address */
+    private static final String address =
+            "http://localhost:9080/axis/services/STPing1";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getSTPing1(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - ST Scenario 1 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/STScenario3.java b/trunk/interop/org/apache/ws/axis/oasis/STScenario3.java
new file mode 100644
index 0000000..2bcd2ca
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/STScenario3.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario1
+ */
+public class STScenario3 {
+
+    /** Field address */
+    private static final String address =
+            "http://localhost:9080/axis/services/STPing3";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getSTPing3(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - ST Scenario 3 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/STScenario4.java b/trunk/interop/org/apache/ws/axis/oasis/STScenario4.java
new file mode 100644
index 0000000..5b7a132
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/STScenario4.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario1
+ */
+public class STScenario4 {
+
+    /** Field address */
+    private static final String address =
+            "http://localhost:9080/axis/services/STPing4";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getSTPing4(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - ST Scenario 4 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario1.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario1.java
new file mode 100644
index 0000000..8fd2ae8
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario1.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario1
+ */
+public class Scenario1 {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping1";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing1(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 1 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario2.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario2.java
new file mode 100644
index 0000000..3c72968
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario2.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario2
+ */
+public class Scenario2 {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping2";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing2(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 2 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario2a.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario2a.java
new file mode 100644
index 0000000..58495b2
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario2a.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario2a
+ */
+public class Scenario2a {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping2a";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing2a(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 2a text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario2b.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario2b.java
new file mode 100644
index 0000000..3122baf
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario2b.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario2b
+ */
+public class Scenario2b {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping2b";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing2b(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 2b text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario3.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario3.java
new file mode 100644
index 0000000..5e98a3d
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario3.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario3
+ */
+public class Scenario3 {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping3";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing3(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 3 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+//        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+//                System.out.println("\nLoop #" + i);
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario4.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario4.java
new file mode 100644
index 0000000..caa262a
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario4.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario4
+ */
+public class Scenario4 {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping4";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing4(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 4 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario5.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario5.java
new file mode 100644
index 0000000..619dfea
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario5.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+import org.apache.ws.axis.oasis.ping.TicketType;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario5
+ */
+public class Scenario5 {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping5";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing5(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 5 - text");
+        TicketType type = 
+                new TicketType("WSS4J - Scenario 5 - TicketType");
+        
+        port.ping(type, text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(type, text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario6.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario6.java
new file mode 100644
index 0000000..f620b6e
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario6.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario6
+ */
+public class Scenario6 {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping6";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing6(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 6 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Scenario7.java b/trunk/interop/org/apache/ws/axis/oasis/Scenario7.java
new file mode 100644
index 0000000..1f875b7
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Scenario7.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Scenario6
+ */
+public class Scenario7 {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:9080/axis/services/Ping7";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing7(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Scenario 7 text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/Tester.java b/trunk/interop/org/apache/ws/axis/oasis/Tester.java
new file mode 100644
index 0000000..b7a36fe
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/Tester.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.oasis;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.oasis.ping.PingPort;
+import org.apache.ws.axis.oasis.ping.PingServiceLocator;
+
+import javax.xml.rpc.holders.StringHolder;
+
+/**
+ * Class Tester
+ */
+public class Tester {
+
+    /** Field address */
+    private static final java.lang.String address =
+            "http://localhost:8081/axis/services/SecHttp";
+
+    /**
+     * Method main
+     * 
+     * @param args 
+     * @throws Exception 
+     */
+    public static void main(String[] args) throws Exception {
+
+        Options opts = new Options(args);
+        opts.setDefaultURL(address);
+
+        /*
+         *     Start to prepare service call. Once this is done, several
+         *     calls can be made on the port (see below)
+         *
+         *     Fist: get the service locator. This implements the functionality
+         *     to get a client stub (aka port).
+         */
+        PingServiceLocator service = new PingServiceLocator();
+
+        /*
+         *     this is a JAX-RPC compliant call. It uses a preconfigured
+         *     endpoint address (usually contained in the WSDL). Note the
+         *     cast.
+         *    
+         * SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+         *     Here we use an Axis specific call that allows to override the
+         *     port address (service endpoint address) with an own URL. Comes
+         *     in handy for testing.
+         */
+        java.net.URL endpoint;
+
+        try {
+            endpoint = new java.net.URL(opts.getURL());
+        } catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+
+        PingPort port = (PingPort) service.getPing1(endpoint);
+
+        /*
+         *     At this point all preparations are done. Using the port we can
+         *     now perform as many calls as necessary.
+         */
+
+        // perform call
+        StringHolder text =
+                new StringHolder("WSS4J - Tester text");
+        port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+        System.out.println(text.value);
+
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+
+            for (int i = 0; i < 20; i++) {
+                port.ping(new org.apache.ws.axis.oasis.ping.TicketType("WSS4J"), text);
+            }
+
+            long endTime = System.currentTimeMillis();
+
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java b/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java
new file mode 100644
index 0000000..6e9d6ae
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/ping/PingBindingImpl.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * PingBindingImpl.java
+ *
+ * This file was auto-generated from WSDL
+ * by the Apache Axis 1.2dev Oct 27, 2003 (02:34:09 EST) WSDL2Java emitter.
+ */
+
+package org.apache.ws.axis.oasis.ping;
+
+import org.apache.axis.Message;
+import org.apache.axis.MessageContext;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import javax.xml.rpc.holders.StringHolder;
+import java.security.Principal;
+import java.util.Vector;
+
+public class PingBindingImpl
+    implements org.apache.ws.axis.oasis.ping.PingPort {
+    
+    public void ping(
+        org.apache.ws.axis.oasis.ping.TicketType pingTicket, 
+        StringHolder text
+    ) throws java.rmi.RemoteException {
+        MessageContext msgContext = MessageContext.getCurrentContext();
+        Message reqMsg = msgContext.getRequestMessage();
+
+        Vector results = 
+            (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+        if (results == null) {
+            System.out.println("No security results!!");
+        }
+        // System.out.println("Number of results: " + results.size());
+        for (int i = 0; i < results.size(); i++) {
+            WSHandlerResult rResult =
+                (WSHandlerResult) results.get(i);
+            Vector wsSecEngineResults = rResult.getResults();
+
+            for (int j = 0; j < wsSecEngineResults.size(); j++) {
+                WSSecurityEngineResult wser =
+                    (WSSecurityEngineResult) wsSecEngineResults.get(j);
+                int action = 
+                    ((java.lang.Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
+                Principal principal = 
+                    (Principal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+                if (action != WSConstants.ENCR && principal != null) {
+                    // System.out.println(principal.getName());
+                }
+            }
+        }
+    }
+
+}
diff --git a/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd b/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd
new file mode 100644
index 0000000..6976047
--- /dev/null
+++ b/trunk/interop/org/apache/ws/axis/oasis/ping/deploy.wsdd
@@ -0,0 +1,448 @@
+<!-- Use this file to deploy some handlers/chains and services      -->
+<!-- Two ways to do this:                                           -->
+<!--   java org.apache.axis.client.AdminClient deploy.wsdd          -->
+<!--      after the axis server is running                          -->
+<!-- or                                                             -->
+<!--   java org.apache.axis.utils.Admin client|server deploy.wsdd   -->
+<!--      from the same directory that the Axis engine runs         -->
+
+<deployment
+    xmlns="http://xml.apache.org/axis/wsdd/"
+    xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+
+ <globalConfiguration>
+   <parameter name="disablePrettyXML" value="true"/>
+   <parameter name="enableNamespacePrefixOptimization" value="true"/>
+ </globalConfiguration>
+
+  <!-- Services from PingService WSDL service -->
+
+  <service name="Ping1" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping1"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="UsernameToken"/>
+   </handler>
+  </requestFlow>
+  </service>
+
+  <service name="Ping2" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping2"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="UsernameToken Encrypt"/>
+    <parameter name="decryptionPropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  </service>
+
+  <service name="Ping2a" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping2"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="UsernameTokenSignature UsernameToken Encrypt Timestamp"/>
+    <parameter name="decryptionPropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  </service>
+
+  <service name="Ping2b" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping2"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="UsernameTokenSignature UsernameToken Timestamp"/>
+   </handler>
+  </requestFlow>
+  </service>
+
+  <service name="Ping3" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping3"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <!-- Use the Server's cert/key to sign the response -->
+    <parameter name="user" value="bob"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <!-- Use the Client's cert/key to encrypt the response -->
+    <parameter name="encryptionUser" value="alice" />
+   </handler>
+  </responseFlow>
+  </service>
+    
+  <service name="Ping4" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping4"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <!-- Use the Server's cert/key to sign the response -->
+    <parameter name="user" value="bob"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="EmbeddedKeyName" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <parameter name="EmbeddedKeyCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1" />
+    <parameter name="EmbeddedKeyName" value="SessionKey" />
+   </handler>
+  </responseFlow>
+  </service>
+
+  <service name="Ping5" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping5"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Signature Signature Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  </service>
+
+  <service name="Ping6" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping6"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Encrypt Signature Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Encrypt Signature Timestamp"/>
+    <!-- Use the Server's cert/key to sign the response -->
+    <parameter name="user" value="bob"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="DirectReference" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />    
+    <!-- Use the Client's cert/key to encrypt the response -->
+    <parameter name="encryptionUser" value="alice" />
+   </handler>
+  </responseFlow>
+  </service>
+
+  <service name="Ping7" provider="java:RPC" style="wrapped" use="literal">
+      <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+      <parameter name="wsdlServiceElement" value="PingService"/>
+      <parameter name="wsdlServicePort" value="Ping7"/>
+      <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+      <parameter name="wsdlPortType" value="PingPort"/>
+      <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping" >
+        <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+        <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+      </operation>
+      <parameter name="allowedMethods" value="ping"/>
+
+      <typeMapping
+        xmlns:ns="http://xmlsoap.org/Ping"
+        qname="ns:ticketType"
+        type="java:org.apache.ws.axis.oasis.ping.TicketType"
+        serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+        deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+        encodingStyle=""
+      />
+
+  <requestFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="decryptionPropFile" value="wsstest.properties" />
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="action" value="Signature Encrypt Timestamp"/>
+    <!-- Use the Server's cert/key to sign the response -->
+    <parameter name="user" value="bob"/>
+    <parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+    <parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" />
+    <parameter name="signaturePropFile" value="wsstest.properties" />
+    <parameter name="encryptionPropFile" value="wsstest.properties" />
+    <parameter name="encryptionKeyIdentifier" value="DirectReference" />
+    <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />   
+    <!-- Use the Client's cert/key to encrypt the response -->    
+    <parameter name="encryptionUser" value="alice" />
+   </handler>
+  </responseFlow>
+      
+  </service>
+    
+    <service name="STPing1" provider="java:RPC" style="wrapped" use="literal">
+        <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+        <parameter name="wsdlServiceElement" value="PingService"/>
+        <parameter name="wsdlServicePort" value="STPing1"/>
+        <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+        <parameter name="wsdlPortType" value="PingPort"/>
+        <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping">
+            <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+            <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+        </operation>
+        <parameter name="allowedMethods" value="ping"/>
+        <typeMapping
+            xmlns:ns="http://xmlsoap.org/Ping"
+            qname="ns:ticketType"
+            type="java:org.apache.ws.axis.oasis.ping.TicketType"
+            serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+            deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+            encodingStyle=""
+            />
+        <requestFlow>
+            <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+                <parameter name="action" value="Timestamp SAMLTokenUnsigned"/>
+            </handler>
+        </requestFlow>
+    </service>
+    
+    <service name="STPing3" provider="java:RPC" style="wrapped" use="literal">
+        <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+        <parameter name="wsdlServiceElement" value="PingService"/>
+        <parameter name="wsdlServicePort" value="STPing1"/>
+        <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+        <parameter name="wsdlPortType" value="PingPort"/>
+        <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping">
+            <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+            <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+        </operation>
+        <parameter name="allowedMethods" value="ping"/>
+        <typeMapping
+            xmlns:ns="http://xmlsoap.org/Ping"
+            qname="ns:ticketType"
+            type="java:org.apache.ws.axis.oasis.ping.TicketType"
+            serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+            deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+            encodingStyle=""
+            />
+		<!--
+		 ATTENTION: depending on the SAML token type (here "sender vouches") _and_
+		 the keyIdentfier specified by the sender be sure to set the correct
+		 crypto.properties
+		 
+		 action: if the sender specifies "SAMLTokenSigned" then DoAllSender
+		 performs two actions: inserting a SAML Token (unsigned) _and_ an
+		 associated Signature. Thus, at the receiver's side, we need to
+		 define both :-)
+		 -->
+
+        <requestFlow>
+            <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+                <parameter name="action" value="Timestamp Signature SAMLTokenUnsigned"/>
+                <parameter name="signaturePropFile" value="crypto.properties" />
+                
+            </handler>
+        </requestFlow>
+    </service>
+
+    <service name="STPing4" provider="java:RPC" style="wrapped" use="literal">
+        <parameter name="wsdlTargetNamespace" value="http://xmlsoap.org/Ping"/>
+        <parameter name="wsdlServiceElement" value="PingService"/>
+        <parameter name="wsdlServicePort" value="STPing1"/>
+        <parameter name="className" value="org.apache.ws.axis.oasis.ping.PingBindingImpl"/>
+        <parameter name="wsdlPortType" value="PingPort"/>
+        <operation name="ping" qname="operNS:Ping" xmlns:operNS="http://xmlsoap.org/Ping">
+            <parameter qname="pns:ticket" xmlns:pns="http://xmlsoap.org/Ping" type="tns:ticketType" xmlns:tns="http://xmlsoap.org/Ping"/>
+            <parameter qname="pns:text" xmlns:pns="http://xmlsoap.org/Ping" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema" mode="INOUT"/>
+        </operation>
+        <parameter name="allowedMethods" value="ping"/>
+        <typeMapping
+            xmlns:ns="http://xmlsoap.org/Ping"
+            qname="ns:ticketType"
+            type="java:org.apache.ws.axis.oasis.ping.TicketType"
+            serializer="org.apache.axis.encoding.ser.SimpleSerializerFactory"
+            deserializer="org.apache.axis.encoding.ser.SimpleDeserializerFactory"
+            encodingStyle=""
+            />
+		<!--
+		 ATTENTION: depending on the SAML token type (here "key holder") _and_
+		 the keyIdentfier specified by the sender be sure to set the correct
+		 crypto.properties
+		 
+		 action: if the sender specifies "SAMLTokenSigned" then DoAllSender
+		 performs two actions: inserting a SAML Token (unsigned) _and_ an
+		 associated Signature. Thus, at the receiver's side, we need to
+		 define both :-)
+		 -->
+        <requestFlow>
+            <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+                <parameter name="action" value="Timestamp Signature SAMLTokenUnsigned"/>
+			    <parameter name="signaturePropFile" value="crypto.properties" />
+                
+            </handler>
+        </requestFlow>
+    </service>
+
+
+</deployment>
\ No newline at end of file
diff --git a/trunk/interop/ping.wsdl b/trunk/interop/ping.wsdl
new file mode 100644
index 0000000..ca687b8
--- /dev/null
+++ b/trunk/interop/ping.wsdl
@@ -0,0 +1,102 @@
+<definitions xmlns:s1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+             xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
+             xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+             xmlns:s="http://www.w3.org/2001/XMLSchema"
+             xmlns:tns="http://xmlsoap.org/Ping"
+             xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
+             xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/"
+             xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
+             targetNamespace="http://xmlsoap.org/Ping"
+             xmlns="http://schemas.xmlsoap.org/wsdl/">
+    <types>
+        <s:schema elementFormDefault="qualified" targetNamespace="http://xmlsoap.org/Ping">
+            <s:import namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
+            <s:element name="Ping" nillable="true" type="tns:ping"/>
+            <s:complexType name="ping">
+                <s:sequence>
+                    <s:element minOccurs="0" maxOccurs="1" name="ticket" type="tns:ticketType"/>
+                    <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+                </s:sequence>
+            </s:complexType>
+            <s:complexType name="ticketType">
+                <s:simpleContent>
+                    <s:extension base="s:string">
+                        <s:attribute ref="s1:Id"/>
+                    </s:extension>
+                </s:simpleContent>
+            </s:complexType>
+            <s:element name="PingResponse" nillable="true" type="tns:pingResponse"/>
+            <s:complexType name="pingResponse">
+                <s:sequence>
+                    <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+                </s:sequence>
+            </s:complexType>
+        </s:schema>
+        <s:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+            <s:attribute name="Id" type="s:string"/>
+        </s:schema>
+    </types>
+    <message name="PingRequest">
+        <part name="ping" element="tns:Ping"/>
+    </message>
+    <message name="PingResponse">
+        <part name="pingResponse" element="tns:PingResponse"/>
+    </message>
+    <portType name="PingPort">
+        <operation name="Ping">
+            <input message="tns:PingRequest"/>
+            <output message="tns:PingResponse"/>
+        </operation>
+    </portType>
+    <binding name="PingBinding" type="tns:PingPort">
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <operation name="Ping">
+            <soap:operation soapAction="Ping" style="document"/>
+            <input>
+                <soap:body use="literal"/>
+            </input>
+            <output>
+                <soap:body use="literal"/>
+            </output>
+        </operation>
+    </binding>
+    <service name="PingService">
+        <port name="Ping1" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping1"/>
+        </port>
+        <port name="Ping2" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping2"/>
+        </port>
+        <port name="Ping2a" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping2a"/>
+        </port>
+        <port name="Ping2b" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping2b"/>
+        </port>        
+        <port name="Ping3" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping3"/>
+        </port>
+        <port name="Ping4" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping4"/>
+        </port>
+        <port name="Ping5" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping5"/>
+        </port>
+        <port name="Ping6" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping6"/>
+        </port>
+        <port name="Ping7" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/Ping7"/>
+        </port>
+        <port name="STPing1" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/STPing1"/>
+        </port>
+        <port name="STPing3" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/STPing3"/>
+        </port>
+        <port name="STPing4" binding="tns:PingBinding">
+            <soap:address location="http://localhost:9080/pingservice/STPing4"/>
+        </port>
+        
+    </service>
+</definitions>
\ No newline at end of file
diff --git a/trunk/interop/utility.xsd b/trunk/interop/utility.xsd
new file mode 100644
index 0000000..ec531e8
--- /dev/null
+++ b/trunk/interop/utility.xsd
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
+OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
+Copyright © OASIS Open 2002. All Rights Reserved.
+This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself does not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
+The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
+This document and the information contained herein is provided on an “AS IS” basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+-->
+<xsd:schema targetNamespace="http://schemas.xmlsoap.org/ws/2003/06/utility" xmlns="http://schemas.xmlsoap.org/ws/2003/06/utility" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.1">
+	<!-- // Fault Codes /////////////////////////////////////////// -->
+	<xsd:simpleType name="tTimestampFault">
+		<xsd:annotation>
+			<xsd:documentation>
+This type defines the fault code value for Timestamp message expiration.
+          </xsd:documentation>
+		</xsd:annotation>
+		<xsd:restriction base="xsd:QName">
+			<xsd:enumeration value="wsu:MessageExpired"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!-- // Global attributes //////////////////////////////////// -->
+	<xsd:attribute name="Id" type="xsd:ID">
+		<xsd:annotation>
+			<xsd:documentation>
+This global attribute supports annotating arbitrary elements with an ID.
+          </xsd:documentation>
+		</xsd:annotation>
+	</xsd:attribute>
+	<xsd:attributeGroup name="commonAtts">
+		<xsd:annotation>
+			<xsd:documentation>
+Convenience attribute group used to simplify this schema.
+          </xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute ref="wsu:Id" use="optional"/>
+		<xsd:anyAttribute namespace="##other" processContents="lax"/>
+	</xsd:attributeGroup>
+	<!-- // Utility types //////////////////////////////////////// -->
+	<xsd:complexType name="AttributedDateTime">
+		<xsd:annotation>
+			<xsd:documentation>
+This type is for elements whose [children] is a psuedo-dateTime and can have arbitrary attributes. 
+      </xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:string">
+				<xsd:attribute name="ValueType" type="xsd:QName">
+					<xsd:annotation>
+						<xsd:documentation>
+This attribute indicates the actual schema type of the element [children]. 
+If the ValueType attribute is present, conforming processors must process the string value of [children] as if it were affiliated with the type indicated by this attribute.
+If the ValueType attribute is absent, the implied value of this attribute is xsd:dateTime.
+            </xsd:documentation>
+					</xsd:annotation>
+				</xsd:attribute>
+				<xsd:attributeGroup ref="wsu:commonAtts"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="AttributedURI">
+		<xsd:annotation>
+			<xsd:documentation>
+This type is for elements whose [children] is an anyURI and can have arbitrary attributes.
+      </xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:anyURI">
+				<xsd:attributeGroup ref="wsu:commonAtts"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<!-- // Timestamp header components /////////////////////////// -->
+	<xsd:complexType name="TimestampType">
+		<xsd:annotation>
+			<xsd:documentation>
+This complex type ties together the timestamp related elements into a composite type.
+            </xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element ref="wsu:Created" minOccurs="0"/>
+			<xsd:element ref="wsu:Expires" minOccurs="0"/>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:any namespace="##other" processContents="lax"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attributeGroup ref="wsu:commonAtts"/>
+	</xsd:complexType>
+	<xsd:element name="Timestamp" type="wsu:TimestampType">
+		<xsd:annotation>
+			<xsd:documentation>
+This element allows Timestamps to be applied anywhere element wildcards are present,
+including as a SOAP header.
+            </xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<!-- global element decls to allow individual elements to appear anywhere -->
+	<xsd:element name="Expires" type="wsu:AttributedDateTime">
+		<xsd:annotation>
+			<xsd:documentation>
+This element allows an expiration time to be applied anywhere element wildcards are present.
+            </xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:element name="Created" type="wsu:AttributedDateTime">
+		<xsd:annotation>
+			<xsd:documentation>
+This element allows a creation time to be applied anywhere element wildcards are present.
+            </xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+</xsd:schema>
diff --git a/trunk/interop/wsstest.properties b/trunk/interop/wsstest.properties
new file mode 100644
index 0000000..2dfd990
--- /dev/null
+++ b/trunk/interop/wsstest.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=interop/interop2.jks
+
diff --git a/trunk/interop/wsstest1.pfx b/trunk/interop/wsstest1.pfx
new file mode 100644
index 0000000..f7c781a
--- /dev/null
+++ b/trunk/interop/wsstest1.pfx
Binary files differ
diff --git a/trunk/interop/wsstest2.pfx b/trunk/interop/wsstest2.pfx
new file mode 100644
index 0000000..1ca1eb3
--- /dev/null
+++ b/trunk/interop/wsstest2.pfx
Binary files differ
diff --git a/trunk/keys/.keystore b/trunk/keys/.keystore
new file mode 100644
index 0000000..55f59c8
--- /dev/null
+++ b/trunk/keys/.keystore
Binary files differ
diff --git a/trunk/keys/BCMain.java b/trunk/keys/BCMain.java
new file mode 100644
index 0000000..9699778
--- /dev/null
+++ b/trunk/keys/BCMain.java
@@ -0,0 +1,296 @@
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.util.Enumeration;
+
+public class BCMain {
+    public static void main(String[] args) {
+        //==============================
+        // Setup stuff
+        //==============================
+
+        //Input FileName, Alias and Password
+        String jksFileName = ".keystore";
+        String jksAlias = "dims";
+        char[] jksPassword = "security".toCharArray();
+
+        //Output FileName, Alias and Password
+        String pkcs12FileName = "keystore.p12";
+        String pkcs12Alias = "dims";
+        char[] pkcs12Password = "security".toCharArray();
+
+        //Plug the Provider into the JCA/JCE
+        Security.addProvider(new BouncyCastleProvider());
+
+
+
+        //================================
+        // JKS Stuff
+        //================================
+
+        InputStream jksInputStream = null;
+        try {
+            jksInputStream = new FileInputStream(jksFileName);
+            System.out.println("Establish JKS InputStream to " +
+                    jksFileName);
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+        KeyStore jksKeyStore = null;
+        try {
+            jksKeyStore = KeyStore.getInstance("JKS", "SUN");
+            System.out.println("Create JKS KeyStore Object.");
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchProviderException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Load the keystore
+        try {
+            jksKeyStore.load(jksInputStream, jksPassword);
+            System.out.println("Load JKS KeyStore.");
+        } catch (IOException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Fetch all aliases from the keystore.
+        Enumeration aliases = null;
+        try {
+            aliases = jksKeyStore.aliases();
+            System.out.println("Got KeyStore aliases.");
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Shows all aliases from the keystore, only for info
+        while (aliases.hasMoreElements()) {
+            System.out.println("Has alias: " + aliases.nextElement());
+        }
+
+
+
+        //Get PrivateKey
+        RSAPrivateCrtKey jksPrivateCrtKey = null;
+        try {
+            jksPrivateCrtKey =
+                    (RSAPrivateCrtKey) jksKeyStore.getKey(jksAlias, jksPassword);
+            System.out.println("Get PKCS#12 RSAPrivateCrtKey(" + jksPrivateCrtKey +
+                    "): [Bit-Length: " + jksPrivateCrtKey.getModulus().bitLength() +
+                    ", Modulus: " + jksPrivateCrtKey.getModulus() +
+                    ", PublicExponent: " + jksPrivateCrtKey.getPublicExponent() +
+                    ", PrivateExponent: " + jksPrivateCrtKey.getPrivateExponent() +
+                    ", Prime-P: " + jksPrivateCrtKey.getPrimeP() +
+                    ", Prime-Q: " + jksPrivateCrtKey.getPrimeQ() +
+                    ", Prime-Exponent-P: " + jksPrivateCrtKey.getPrimeExponentP() +
+                    ", Prime-Exponent-Q: " + jksPrivateCrtKey.getPrimeExponentQ() +
+                    ", CRT-Coefficient: " + jksPrivateCrtKey.getCrtCoefficient()
+            );
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (UnrecoverableKeyException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Get Certificate
+        Certificate jksCert = null;
+        try {
+            jksCert = jksKeyStore.getCertificate(jksAlias);
+            System.out.println("Get Certificate from PKCS#12: " + jksCert);
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Get Certificate Chain
+        Certificate[] jksCerts = null;
+        try {
+            jksCerts = jksKeyStore.getCertificateChain(jksAlias);
+            System.out.println("Get Certificate Chain from JKS, with " +
+                    jksCerts.length + " certs.");
+            for (int i = 0; i < jksCerts.length; i++) {
+                System.out.println("Certificate " + (i + 1) +
+                        " from JKS in the chain: " + jksCerts[i]);
+            }
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //=====================================
+        // PKCS#12 stuff
+        //=====================================
+
+        KeyStore pkcs12KeyStore = null;
+        try {
+            pkcs12KeyStore = KeyStore.getInstance("PKCS12", "BC");
+            System.out.println("Create PKCS#12 KeyStore Object.");
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchProviderException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+        try {
+            pkcs12KeyStore.load(null, pkcs12Password);
+            System.out.println(
+                    "Load a new fresh PKCS#12 KeyStore from scratch.");
+        } catch (IOException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+        try {
+            pkcs12KeyStore.setKeyEntry(pkcs12Alias, jksPrivateCrtKey,
+                    pkcs12Password, jksCerts);
+            System.out.println("Add the RSA Private Crt Key and the " +
+                    "Certificate Chain to the PKCS#12 KeyStore.");
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+        OutputStream pkcs12OutputStream = null;
+        try {
+            pkcs12OutputStream = new FileOutputStream(pkcs12FileName);
+            System.out.println(
+                    "Establish PKCS#12 OutputStream to " + pkcs12FileName);
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+        try {
+            pkcs12KeyStore.store(pkcs12OutputStream, pkcs12Password);
+            pkcs12OutputStream.close();
+            System.out.println("Store PKCS#12 KeyStore: " + pkcs12FileName);
+        } catch (IOException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //=====================================
+        // Reread the pkcs12KeyStore
+        //=====================================
+
+        InputStream pkcs12InputStream = null;
+        try {
+            pkcs12InputStream = new FileInputStream(pkcs12FileName);
+            System.out.println(
+                    "Establish PKCS#12 InputStream to " + pkcs12FileName);
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+        try {
+            pkcs12KeyStore.load(pkcs12InputStream, pkcs12Password);
+            System.out.println("Re-read the PKCS#12 KeyStore.");
+        } catch (IOException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Get PrivateKey
+        RSAPrivateCrtKey pkcs12PrivateCrtKey = null;
+        try {
+            pkcs12PrivateCrtKey =
+                    (RSAPrivateCrtKey) pkcs12KeyStore.getKey(pkcs12Alias, pkcs12Password);
+            System.out.println(
+                    "Get PKCS#12 RSAPrivateCrtKey(" + pkcs12PrivateCrtKey +
+                    "): [Bit-Length: " + pkcs12PrivateCrtKey.getModulus().bitLength() +
+                    ", Modulus: " + pkcs12PrivateCrtKey.getModulus() +
+                    ", PublicExponent: " + pkcs12PrivateCrtKey.getPublicExponent() +
+                    ", PrivateExponent: " + pkcs12PrivateCrtKey.getPrivateExponent() +
+                    ", Prime-P: " + pkcs12PrivateCrtKey.getPrimeP() +
+                    ", Prime-Q: " + pkcs12PrivateCrtKey.getPrimeQ() +
+                    ", Prime-Exponent-P: " + pkcs12PrivateCrtKey.getPrimeExponentP() +
+                    ", Prime-Exponent-Q: " + pkcs12PrivateCrtKey.getPrimeExponentQ() +
+                    ", CRT-Coefficient: " + pkcs12PrivateCrtKey.getCrtCoefficient()
+            );
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+            System.exit(1);
+        } catch (UnrecoverableKeyException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Get Certificate
+        Certificate pkcs12Cert = null;
+        try {
+            pkcs12Cert = pkcs12KeyStore.getCertificate(pkcs12Alias);
+            System.out.println("Get Certificate from PKCS#12: " + pkcs12Cert);
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+
+        //Get Certificate Chain
+        Certificate[] pkcs12Certs = null;
+        try {
+            pkcs12Certs = pkcs12KeyStore.getCertificateChain(pkcs12Alias);
+            System.out.println("Get Certificate Chain from PKCS#12, with " +
+                    pkcs12Certs.length + " certs.");
+            for (int i = 0; i < pkcs12Certs.length; i++) {
+                System.out.println("Certificate " + (i + 1) +
+                        " from PKCS#12 in the chain: " + pkcs12Certs[i]);
+            }
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+            System.exit(1);
+        }
+    }
+}
diff --git a/trunk/keys/CA.pem b/trunk/keys/CA.pem
new file mode 100644
index 0000000..512e7dd
--- /dev/null
+++ b/trunk/keys/CA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFjCCAn+gAwIBAgIJALgSDgFidfZsMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1UE
+ChMESG9tZTEVMBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIw
+HhcNMDgwNDA0MTkyODUxWhcNMDgwNTA0MTkyODUxWjBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCuwhKUVyJwPQjPZmn9IKVh4rzqp3f5T5uqYC6V
+FRdBFcJHTONAggCoocm+gEhMmDItvCBqZJ4ShcK9rcl+pddDy8/JCjMmg8rZ+Bxd
+2wptSIZy8YL0DyCqRwnjmwu52r6VuZ5Pn3YQZoglnZLYUT7AFxG+6fSCIDnjMvqC
+Smu6YwIDAQABo4HLMIHIMB0GA1UdDgQWBBS/xbBx6JRiDGnFNU2Vv/PAXdhC+jCB
+mAYDVR0jBIGQMIGNgBS/xbBx6JRiDGnFNU2Vv/PAXdhC+qFqpGgwZjELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ0wCwYDVQQK
+EwRIb21lMRUwEwYDVQQLEwxBcGFjaGUgV1NTNEoxDzANBgNVBAMTBldlcm5lcoIJ
+ALgSDgFidfZsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAeR9T/RnK
+yJ8ChKsDRwWv5saCmTo3O+h8YKhXqReoERLeJUrEWLxjfVGE3XdUia2EPCSzximQ
+7/8kN00uTJnRh8XlSoNPYTdQOS7FKX5MZuTOeTUJGYJQnJSIHuJhHrokW033scDJ
+yJdsotJFr0IS/nNO0taXvZiWtO1xvCiapB8=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/CAKey.pem b/trunk/keys/CAKey.pem
new file mode 100644
index 0000000..3cf1189
--- /dev/null
+++ b/trunk/keys/CAKey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7BB47E29807D02B0
+
+tiIERoGm/lMqiW8SJ/z5D63xBXA8u9mR9Lm0wOiZ9r5xWMRmZkHvbS5SfDw+rB8r
+R7dY4hqs7bdiCQ4x8YB9kfxFF0yLxCI8zfx93vqasXV5FPCU/MTrZJbrY4EdFcSl
+thaVxVZJDWXyrM4BhYo7p2vPNWykHMJYJcD62+Vvz+tUOzVl9zvtQr2Zpl2A9Fmc
+r5K3MAcVq9Uuu6ppBtoet8r32z1L+/mTJGPGugwDgF2gCWHJiZQtkWU3ewlk7r2v
+MG7s6Beso2G4dkbxvQwhrMeDdy9qtDLMmojDZUXwUEp1FZXeKc5XHwkLag8IswZo
+KF+F9Fb/sqG5Qw94kbaeQgsvw6AaE3tLrhdXgae+AVlIbyh8yzwByTC5BCkwgDjL
+LhfWQIXBi/sEi1ihSi+ouXm4JaupUxs7Iy/6dFFULwMMkJAf5CeWwXDwILX5ucsq
+W+NAsYBUsPRbzQEUZJRi4gQCmGHNpqVEQ53QcdUTflZNSaLVLElVt5ebO6K1be/4
+9Zi+nhNQzfssc9ZGN+lVDnEKx3KKBKgeXz7QlZH5vNGS4iPDs4Bh6s5RS3fKidkq
+gv0qKnhLjEPwvmpg0kGWW6sY+xiLy/HApdiqmLjy+feRvFtIs55Ka8Tmcg9oLQs2
+j3rNCaR8sKYqEXi42xXRi33Pm5qhA8biboT3KSpkgG2kpfLusSitV6Oz5FSy6ZvY
+se3GrQlY8SHvM7rPGhzaieL+fOfs8rrOti9Dip8xkz/IwGDLUzEg9aNi9UQ0bsvG
+aVoIl/oAVzDzcCWNErAqfRjzuRNDGGh4f4I5WIK/FNEkNbqip9O0MA==
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/keys/ca.config b/trunk/keys/ca.config
new file mode 100644
index 0000000..b4abb6b
--- /dev/null
+++ b/trunk/keys/ca.config
@@ -0,0 +1,74 @@
+#

+# Beginning of file ca.config

+[ ca ]

+default_ca              = CA_own

+[ CA_own ]

+dir                     = .

+certs                   = $dir

+new_certs_dir           = $dir/ca.db.certs

+database                = $dir/ca.db.index

+serial                  = $dir/ca.db.serial

+RANDFILE                = $dir/ca.db.rand

+certificate             = $dir/CA.pem

+private_key             = $dir/CAKey.pem

+default_days            = 365

+default_crl_days        = 30

+default_md              = md5

+preserve                = no

+x509_extensions         = usr_cert

+policy                  = policy_match

+#

+[ usr_cert ]

+basicConstraints        = CA:FALSE

+nsComment               = "OpenSSL Generated Certificate"

+subjectKeyIdentifier    = hash

+authorityKeyIdentifier  = keyid,issuer:always

+[ req ]

+default_bits            = 1024

+distinguished_name      = req_distinguished_name

+x509_extensions         = v3_ca

+policy                  = policy_anything

+[ v3_req ]

+basicConstraints        = CA:FALSE

+keyUsage                = nonRepudiation, digitalSignature, keyEncipherment

+[ v3_ca ]

+subjectKeyIdentifier    = hash

+authorityKeyIdentifier  = keyid:always,issuer:always

+basicConstraints        = CA:true

+#

+# For the CA policy

+#

+[ policy_match ]

+countryName             = match

+stateOrProvinceName     = match

+organizationName        = match

+organizationalUnitName  = optional

+commonName              = supplied

+emailAddress            = optional

+#

+[ policy_anything ]

+countryName             = optional

+stateOrProvinceName     = optional

+localityName            = optional

+organizationName        = optional

+organizationalUnitName  = optional

+commonName              = supplied

+emailAddress            = optional

+#

+[ req_distinguished_name ]

+countryName             = Country Name (2 letter code)

+countryName_default     = DE

+CountryName_min         = 2

+CountryName_max         = 2

+stateOrProvinceName     = State or Province Name (full name)

+stateOrProvinceName_default = Bayern

+localityName            = Locality Name (e.g., city)

+localityName_default    = Munich

+0.organizationName      = Organization Name (e.g., company)

+0.organizationName_default = Home

+organizationalUnitName  = Organizational Unit Name (e.g., section)

+organizationalUnitName_default = Apache WSS4J

+commonName              = Common Name (e.g., your name or server name)

+commonName_max          = 64

+commonName_default		= Werner

+# end of file ca.config

diff --git a/trunk/keys/ca.crt b/trunk/keys/ca.crt
new file mode 100644
index 0000000..cc98749
--- /dev/null
+++ b/trunk/keys/ca.crt
Binary files differ
diff --git a/trunk/keys/ca.db.certs/01.pem b/trunk/keys/ca.db.certs/01.pem
new file mode 100644
index 0000000..fb2cd2d
--- /dev/null
+++ b/trunk/keys/ca.db.certs/01.pem
@@ -0,0 +1,92 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Feb 29 10:51:17 2004 GMT
+            Not After : Feb 28 10:51:17 2005 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=werner
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:e2:aa:a5:25:3a:2e:7b:7f:88:1a:73:a1:d1:1a:
+                    2d:5f:a1:fa:2b:bf:0c:de:55:f2:88:34:21:6c:eb:
+                    71:5a:2c:ce:e4:d1:b4:e6:7b:87:f8:33:2b:83:4c:
+                    4a:05:d0:f5:6c:50:b7:4a:aa:57:44:7a:7a:6c:e7:
+                    37:d1:2c:8d:97:98:34:e1:6b:72:a3:e9:cb:69:02:
+                    57:e9:0d:5d:ab:e8:a2:47:1d:15:01:cf:3d:7b:a8:
+                    c3:23:ea:8e:85:c9:e8:74:60:64:a8:c1:07:16:b2:
+                    87:6b:5d:c9:f8:eb:65:23:3e:2d:33:8a:9a:8f:09:
+                    e0:12:45:8d:7f:fe:44:70:e1
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                55:B1:89:EB:BB:5E:9D:51:54:1C:50:AE:33:84:FC:22:E7:B6:4A:21
+            X509v3 Authority Key Identifier: 
+                keyid:D0:C2:5B:D0:A4:D4:EB:05:FD:7C:4C:0E:A7:1E:2F:A0:CA:68:4F:3A
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        4b:e7:2b:8f:1b:19:92:34:52:af:b5:97:61:33:53:88:c0:dc:
+        db:fd:1c:30:11:3b:38:ab:5a:b4:4f:e6:3a:91:67:ba:89:68:
+        1e:9b:40:70:bc:0c:1d:07:c2:a0:46:c9:fb:e1:4b:02:10:fc:
+        7d:98:81:d7:98:9f:4b:7c:24:4c:1d:b1:6a:45:ca:5b:e7:44:
+        a3:e6:e8:17:8d:1d:87:72:68:86:a4:c3:04:08:b0:ca:09:78:
+        c0:2c:f5:01:3e:6e:ef:eb:64:dc:6c:1e:ad:74:2a:15:87:ec:
+        c9:b5:c4:de:47:6a:27:f7:27:a2:eb:8d:ac:16:b9:c2:2b:16:
+        ce:b0
+-----BEGIN CERTIFICATE-----
+MIIERjCCA6+gAwIBAgIBATANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA0MDIy
+OTEwNTExN1oXDTA1MDIyODEwNTExN1owYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZ3ZXJuZXIwggG4MIIBLAYHKoZIzjgEATCCAR8C
+gYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F
+9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYV
+DwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKS
+uYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZ
+V4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFu
+o38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOB
+hQACgYEA4qqlJToue3+IGnOh0RotX6H6K78M3lXyiDQhbOtxWizO5NG05nuH+DMr
+g0xKBdD1bFC3SqpXRHp6bOc30SyNl5g04Wtyo+nLaQJX6Q1dq+iiRx0VAc89e6jD
+I+qOhcnodGBkqMEHFrKHa13J+OtlIz4tM4qajwngEkWNf/5EcOGjge4wgeswCQYD
+VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFFWxieu7Xp1RVBxQrjOE/CLntkohMIGQBgNVHSMEgYgw
+gYWAFNDCW9Ck1OsF/XxMDqceL6DKaE86oWqkaDBmMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUxFTAT
+BgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggEAMA0GCSqGSIb3
+DQEBBAUAA4GBAEvnK48bGZI0Uq+1l2EzU4jA3Nv9HDAROzirWrRP5jqRZ7qJaB6b
+QHC8DB0HwqBGyfvhSwIQ/H2YgdeYn0t8JEwdsWpFylvnRKPm6BeNHYdyaIakwwQI
+sMoJeMAs9QE+bu/rZNxsHq10KhWH7Mm1xN5Haif3J6LrjawWucIrFs6w
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/02.pem b/trunk/keys/ca.db.certs/02.pem
new file mode 100644
index 0000000..163081d
--- /dev/null
+++ b/trunk/keys/ca.db.certs/02.pem
@@ -0,0 +1,65 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Feb 29 12:00:29 2004 GMT
+            Not After : Feb 28 12:00:29 2005 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=wernerd
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ad:ce:34:88:66:c7:13:0b:41:33:37:10:df:fd:
+                    87:2b:e0:3d:88:07:8d:84:7a:3c:51:1c:46:94:71:
+                    77:ad:e3:b1:4c:b3:30:0e:5d:b5:72:39:ee:89:2f:
+                    ab:bb:2f:08:2f:cd:de:a4:db:f7:4e:51:73:93:a2:
+                    21:e0:47:9f:8b:c2:58:05:c9:f4:60:8c:89:fa:d3:
+                    96:10:07:56:ce:de:06:63:e9:50:97:c1:83:3e:49:
+                    67:e5:82:eb:5f:ef:85:83:01:db:62:10:8d:27:20:
+                    3f:f3:03:40:6f:43:41:9e:e0:40:88:e5:bd:02:8f:
+                    a9:4a:10:58:83:7c:43:42:01
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5E:61:46:E0:09:9A:44:80:9A:A4:B2:6F:04:00:24:F3:86:D6:16:8F
+            X509v3 Authority Key Identifier: 
+                keyid:D0:C2:5B:D0:A4:D4:EB:05:FD:7C:4C:0E:A7:1E:2F:A0:CA:68:4F:3A
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        7c:35:e4:e7:63:18:af:26:77:1c:5f:cc:e6:89:2b:ac:8d:a2:
+        f9:70:60:84:58:75:40:12:6e:b2:37:47:26:92:97:5e:f1:28:
+        06:35:1a:e2:48:6b:89:f3:f0:73:52:ad:77:ce:5a:01:c0:84:
+        cf:e4:3e:a4:ee:6e:ad:93:99:6b:ec:48:27:0e:f4:8c:c9:21:
+        12:76:43:ce:1c:af:c6:2e:1c:c3:eb:8e:22:29:58:50:d2:0d:
+        01:3e:19:df:0f:51:ea:88:37:9c:66:08:a1:df:71:73:11:20:
+        b7:02:19:38:e1:2f:53:d9:0b:1f:cb:62:6c:75:fa:42:10:24:
+        ff:4a
+-----BEGIN CERTIFICATE-----
+MIIDLTCCApagAwIBAgIBAjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA0MDIy
+OTEyMDAyOVoXDTA1MDIyODEyMDAyOVowYjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRAwDgYDVQQDEwd3ZXJuZXJkMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCtzjSIZscTC0EzNxDf/Ycr4D2IB42EejxRHEaUcXet47FMszAOXbVy
+Oe6JL6u7Lwgvzd6k2/dOUXOToiHgR5+LwlgFyfRgjIn605YQB1bO3gZj6VCXwYM+
+SWflgutf74WDAdtiEI0nID/zA0BvQ0Ge4ECI5b0Cj6lKEFiDfENCAQIDAQABo4Hu
+MIHrMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk
+IENlcnRpZmljYXRlMB0GA1UdDgQWBBReYUbgCZpEgJqksm8EACTzhtYWjzCBkAYD
+VR0jBIGIMIGFgBTQwlvQpNTrBf18TA6nHi+gymhPOqFqpGgwZjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ0wCwYDVQQKEwRI
+b21lMRUwEwYDVQQLEwxBcGFjaGUgV1NTNEoxDzANBgNVBAMTBldlcm5lcoIBADAN
+BgkqhkiG9w0BAQQFAAOBgQB8NeTnYxivJnccX8zmiSusjaL5cGCEWHVAEm6yN0cm
+kpde8SgGNRriSGuJ8/BzUq13zloBwITP5D6k7m6tk5lr7EgnDvSMySESdkPOHK/G
+LhzD644iKVhQ0g0BPhnfD1HqiDecZgih33FzESC3Ahk44S9T2Qsfy2JsdfpCECT/
+Sg==
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/03.pem b/trunk/keys/ca.db.certs/03.pem
new file mode 100644
index 0000000..4e91469
--- /dev/null
+++ b/trunk/keys/ca.db.certs/03.pem
@@ -0,0 +1,92 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar  7 09:31:55 2004 GMT
+            Not After : Mar  7 09:31:55 2005 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=wernerdDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:b1:0d:e9:65:0f:68:ec:6c:f0:10:af:c5:1c:42:
+                    53:c0:43:0e:ee:66:5b:33:81:53:9f:87:a2:ef:05:
+                    0e:1f:38:85:33:7e:9d:4b:d9:ba:ea:21:f4:a2:60:
+                    9d:4b:b0:2a:d4:1f:5b:cb:9f:8d:d3:45:46:ef:07:
+                    4c:a1:b9:2d:86:df:f0:81:6f:2a:36:37:b5:c3:8f:
+                    4e:06:e7:87:06:1c:d6:aa:93:10:d8:d7:9b:57:9d:
+                    2b:08:05:f5:8c:1a:fb:d2:64:dd:f4:d3:32:0f:72:
+                    e6:90:03:da:a5:19:60:54:90:be:d8:d7:58:3b:1d:
+                    02:70:61:28:06:dd:c6:f3:45
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                0A:0E:82:F4:FE:57:60:75:CA:81:4F:78:27:3F:92:78:53:28:FF:88
+            X509v3 Authority Key Identifier: 
+                keyid:D0:C2:5B:D0:A4:D4:EB:05:FD:7C:4C:0E:A7:1E:2F:A0:CA:68:4F:3A
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        7a:23:9b:92:0b:95:82:da:5c:f7:e1:7b:1c:76:53:68:17:3d:
+        af:ec:22:94:29:a0:56:5b:4a:24:b9:cb:a5:0d:09:f2:60:cc:
+        1d:48:94:ee:b5:48:f4:16:1c:6a:8c:c4:82:66:e6:05:63:54:
+        65:e6:71:de:20:f4:28:06:73:ea:a8:8b:d5:8a:a1:d9:07:98:
+        a7:84:00:14:2d:aa:03:92:93:02:49:e5:4c:06:72:1e:cd:df:
+        98:21:f3:a3:fc:eb:86:5d:ea:ec:69:7b:99:a4:cb:d7:9c:e4:
+        da:72:fe:f2:0a:d3:d4:96:a1:20:f5:96:c5:d9:81:52:f4:2a:
+        26:31
+-----BEGIN CERTIFICATE-----
+MIIESjCCA7OgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA0MDMw
+NzA5MzE1NVoXDTA1MDMwNzA5MzE1NVowZTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRMwEQYDVQQDEwp3ZXJuZXJkRFNBMIIBuDCCASwGByqGSM44BAEw
+ggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2N
+WPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn
+xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUj
+C8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0H
+gmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuz
+pnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7P
+SSoDgYUAAoGBALEN6WUPaOxs8BCvxRxCU8BDDu5mWzOBU5+Hou8FDh84hTN+nUvZ
+uuoh9KJgnUuwKtQfW8ufjdNFRu8HTKG5LYbf8IFvKjY3tcOPTgbnhwYc1qqTENjX
+m1edKwgF9Ywa+9Jk3fTTMg9y5pAD2qUZYFSQvtjXWDsdAnBhKAbdxvNFo4HuMIHr
+MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBQKDoL0/ldgdcqBT3gnP5J4Uyj/iDCBkAYDVR0j
+BIGIMIGFgBTQwlvQpNTrBf18TA6nHi+gymhPOqFqpGgwZjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ0wCwYDVQQKEwRIb21l
+MRUwEwYDVQQLEwxBcGFjaGUgV1NTNEoxDzANBgNVBAMTBldlcm5lcoIBADANBgkq
+hkiG9w0BAQQFAAOBgQB6I5uSC5WC2lz34XscdlNoFz2v7CKUKaBWW0okuculDQny
+YMwdSJTutUj0FhxqjMSCZuYFY1Rl5nHeIPQoBnPqqIvViqHZB5inhAAULaoDkpMC
+SeVMBnIezd+YIfOj/OuGXersaXuZpMvXnOTacv7yCtPUlqEg9ZbF2YFS9ComMQ==
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/06.pem b/trunk/keys/ca.db.certs/06.pem
new file mode 100644
index 0000000..8d3395a
--- /dev/null
+++ b/trunk/keys/ca.db.certs/06.pem
@@ -0,0 +1,64 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 16:10:24 2006 GMT
+            Not After : Mar  9 16:10:24 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=werner
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1023 bit)
+                Modulus (1023 bit):
+                    72:0b:f1:36:fc:53:b6:20:5b:0e:1f:cc:2c:c6:3f:
+                    3e:f1:75:cc:25:4e:8f:ef:ec:b9:a0:70:95:ad:9a:
+                    6e:2c:03:1c:33:41:4b:4c:c3:22:5e:8d:96:4c:d9:
+                    cb:29:8b:0d:90:2d:7f:7c:1e:e6:27:dd:b1:cc:cc:
+                    b9:45:c0:99:56:4e:92:46:a1:92:ad:68:0c:7c:04:
+                    fd:50:1a:f0:08:9a:f3:56:4d:4b:55:cc:ac:95:cc:
+                    f2:4c:ce:40:e2:ad:63:fc:79:19:03:8f:cc:17:37:
+                    4f:4f:40:27:b2:84:83:41:3e:c9:7d:8a:17:44:6c:
+                    4c:38:09:63:a2:a0:08:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:88:F1:D3:7B:E6:47:03:0F:95:C0:B6:91:1F:7F:15:6D:41:F1:84
+            X509v3 Authority Key Identifier: 
+                keyid:D0:C2:5B:D0:A4:D4:EB:05:FD:7C:4C:0E:A7:1E:2F:A0:CA:68:4F:3A
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        54:50:d9:76:0c:0f:40:f5:8d:f7:46:1a:6f:c9:f4:e3:f7:b8:
+        e0:b8:dc:fa:67:36:74:c2:92:84:f9:ba:8c:d2:b5:5b:cd:a9:
+        38:bf:57:2d:42:0f:78:df:9b:56:5b:0c:1f:a0:53:1f:fc:cf:
+        46:e8:04:1b:9c:87:23:23:79:20:ac:6a:af:a3:29:79:4a:ab:
+        46:a5:4f:12:93:97:9b:94:24:4d:e9:8e:78:25:34:6d:24:8b:
+        b7:c1:f0:0e:18:ef:88:51:44:91:30:0b:79:14:36:74:9f:c2:
+        b8:25:70:9e:5d:a9:60:da:7b:85:d9:cc:14:11:25:85:32:52:
+        ad:09
+-----BEGIN CERTIFICATE-----
+MIIDKzCCApSgAwIBAgIBBjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE2MTAyNFoXDTA4MDMwOTE2MTAyNFowYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZ3ZXJuZXIwgZ4wDQYJKoZIhvcNAQEBBQADgYwA
+MIGIAoGAcgvxNvxTtiBbDh/MLMY/PvF1zCVOj+/suaBwla2abiwDHDNBS0zDIl6N
+lkzZyymLDZAtf3we5ifdsczMuUXAmVZOkkahkq1oDHwE/VAa8Aia81ZNS1XMrJXM
+8kzOQOKtY/x5GQOPzBc3T09AJ7KEg0E+yX2KF0RsTDgJY6KgCD0CAwEAAaOB7jCB
+6zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5Ijx03vmRwMPlcC2kR9/FW1B8YQwgZAGA1Ud
+IwSBiDCBhYAU0MJb0KTU6wX9fEwOpx4voMpoTzqhaqRoMGYxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1UEChMESG9t
+ZTEVMBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXKCAQAwDQYJ
+KoZIhvcNAQEEBQADgYEAVFDZdgwPQPWN90Yab8n04/e44Ljc+mc2dMKShPm6jNK1
+W82pOL9XLUIPeN+bVlsMH6BTH/zPRugEG5yHIyN5IKxqr6MpeUqrRqVPEpOXm5Qk
+TemOeCU0bSSLt8HwDhjviFFEkTALeRQ2dJ/CuCVwnl2pYNp7hdnMFBElhTJSrQk=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/07.pem b/trunk/keys/ca.db.certs/07.pem
new file mode 100644
index 0000000..a7079af
--- /dev/null
+++ b/trunk/keys/ca.db.certs/07.pem
@@ -0,0 +1,92 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 16:10:37 2006 GMT
+            Not After : Mar  9 16:10:37 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=wernerDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:f1:9d:7d:ba:7c:8e:bb:2d:d4:ef:06:e8:9d:8f:
+                    55:d2:54:d5:fd:31:0a:2d:e7:a1:10:b8:cc:a0:3f:
+                    60:5a:07:04:4d:2c:e2:14:81:a6:a7:48:4f:9a:b8:
+                    5a:8c:8a:94:c8:69:4a:e7:7a:80:6a:5a:c5:f9:58:
+                    1e:43:7d:bd:e3:d1:79:4f:b8:00:33:77:31:ed:c1:
+                    aa:3f:a7:8a:5c:a4:dd:1a:98:0e:cc:02:ce:e7:41:
+                    05:f6:5c:fc:7e:e8:06:18:1f:57:ea:16:69:25:99:
+                    71:2d:b1:73:ff:36:f2:ee:bb:4a:0a:80:85:39:84:
+                    f8:8b:eb:d8:f5:ef:ff:9b:fe
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7D:D4:B3:14:1D:F8:86:93:29:91:B3:B7:7F:76:DB:06:05:6B:63:44
+            X509v3 Authority Key Identifier: 
+                keyid:D0:C2:5B:D0:A4:D4:EB:05:FD:7C:4C:0E:A7:1E:2F:A0:CA:68:4F:3A
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        76:b9:1c:89:97:28:3d:df:81:b8:29:fd:84:9c:e1:ae:19:db:
+        18:53:cc:87:dc:13:90:6c:f9:40:64:a4:23:92:f7:65:06:de:
+        b4:88:b0:c9:35:61:7d:d6:57:3e:de:3d:d5:83:6f:78:78:74:
+        cb:f6:84:0b:24:de:02:97:5e:51:b3:e7:8f:6a:e9:cb:5f:78:
+        f4:41:8d:75:55:a5:05:ae:f2:42:c5:ff:c4:39:06:ae:75:fa:
+        c2:2e:dd:3d:bc:12:c9:5b:a5:f0:18:e4:f4:33:2a:b9:cf:95:
+        38:b8:11:21:10:5a:3b:68:b8:e1:14:35:14:28:28:4b:a5:bb:
+        fd:20
+-----BEGIN CERTIFICATE-----
+MIIESTCCA7KgAwIBAgIBBzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE2MTAzN1oXDTA4MDMwOTE2MTAzN1owZDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRIwEAYDVQQDEwl3ZXJuZXJEU0EwggG4MIIBLAYHKoZIzjgEATCC
+AR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y
++r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
+zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC
+Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9J
+KgOBhQACgYEA8Z19unyOuy3U7wbonY9V0lTV/TEKLeehELjMoD9gWgcETSziFIGm
+p0hPmrhajIqUyGlK53qAalrF+VgeQ32949F5T7gAM3cx7cGqP6eKXKTdGpgOzALO
+50EF9lz8fugGGB9X6hZpJZlxLbFz/zby7rtKCoCFOYT4i+vY9e//m/6jge4wgesw
+CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFH3UsxQd+IaTKZGzt3922wYFa2NEMIGQBgNVHSME
+gYgwgYWAFNDCW9Ck1OsF/XxMDqceL6DKaE86oWqkaDBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggEAMA0GCSqG
+SIb3DQEBBAUAA4GBAHa5HImXKD3fgbgp/YSc4a4Z2xhTzIfcE5Bs+UBkpCOS92UG
+3rSIsMk1YX3WVz7ePdWDb3h4dMv2hAsk3gKXXlGz549q6ctfePRBjXVVpQWu8kLF
+/8Q5Bq51+sIu3T28EslbpfAY5PQzKrnPlTi4ESEQWjtouOEUNRQoKEulu/0g
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/08.pem b/trunk/keys/ca.db.certs/08.pem
new file mode 100644
index 0000000..9809308
--- /dev/null
+++ b/trunk/keys/ca.db.certs/08.pem
@@ -0,0 +1,65 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 17:01:56 2006 GMT
+            Not After : Mar  9 17:01:56 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=werner
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1023 bit)
+                Modulus (1023 bit):
+                    72:0b:f1:36:fc:53:b6:20:5b:0e:1f:cc:2c:c6:3f:
+                    3e:f1:75:cc:25:4e:8f:ef:ec:b9:a0:70:95:ad:9a:
+                    6e:2c:03:1c:33:41:4b:4c:c3:22:5e:8d:96:4c:d9:
+                    cb:29:8b:0d:90:2d:7f:7c:1e:e6:27:dd:b1:cc:cc:
+                    b9:45:c0:99:56:4e:92:46:a1:92:ad:68:0c:7c:04:
+                    fd:50:1a:f0:08:9a:f3:56:4d:4b:55:cc:ac:95:cc:
+                    f2:4c:ce:40:e2:ad:63:fc:79:19:03:8f:cc:17:37:
+                    4f:4f:40:27:b2:84:83:41:3e:c9:7d:8a:17:44:6c:
+                    4c:38:09:63:a2:a0:08:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:88:F1:D3:7B:E6:47:03:0F:95:C0:B6:91:1F:7F:15:6D:41:F1:84
+            X509v3 Authority Key Identifier: 
+                keyid:D9:95:2A:4A:3F:76:D0:87:A8:B1:F0:FF:84:B8:C0:7A:11:B9:31:76
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:E6:78:00:61:07:BC:DA:46
+
+    Signature Algorithm: md5WithRSAEncryption
+        26:5b:a1:b6:20:09:b4:c9:11:79:92:f9:d8:91:e1:52:75:18:
+        46:3f:47:87:59:69:e0:e5:da:ea:25:8a:d8:b3:8e:95:8f:f9:
+        43:c0:55:b1:24:cb:1b:1d:31:96:1b:a4:25:14:b6:20:8f:40:
+        a9:e8:f1:a5:2e:41:fc:1c:b8:23:1f:ee:aa:88:39:d0:9f:d0:
+        ce:29:05:f0:24:f0:02:5b:66:26:5f:49:c1:09:89:59:2a:95:
+        0a:86:70:b3:ba:14:2a:3a:9e:15:e7:18:69:b0:1e:e2:04:90:
+        3a:68:b6:f8:77:a8:98:c6:7a:b5:15:ee:87:fd:90:af:71:21:
+        a1:b8
+-----BEGIN CERTIFICATE-----
+MIIDMzCCApygAwIBAgIBCDANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE3MDE1NloXDTA4MDMwOTE3MDE1NlowYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZ3ZXJuZXIwgZ4wDQYJKoZIhvcNAQEBBQADgYwA
+MIGIAoGAcgvxNvxTtiBbDh/MLMY/PvF1zCVOj+/suaBwla2abiwDHDNBS0zDIl6N
+lkzZyymLDZAtf3we5ifdsczMuUXAmVZOkkahkq1oDHwE/VAa8Aia81ZNS1XMrJXM
+8kzOQOKtY/x5GQOPzBc3T09AJ7KEg0E+yX2KF0RsTDgJY6KgCD0CAwEAAaOB9jCB
+8zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5Ijx03vmRwMPlcC2kR9/FW1B8YQwgZgGA1Ud
+IwSBkDCBjYAU2ZUqSj920IeosfD/hLjAehG5MXahaqRoMGYxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1UEChMESG9t
+ZTEVMBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXKCCQDmeABh
+B7zaRjANBgkqhkiG9w0BAQQFAAOBgQAmW6G2IAm0yRF5kvnYkeFSdRhGP0eHWWng
+5drqJYrYs46Vj/lDwFWxJMsbHTGWG6QlFLYgj0Cp6PGlLkH8HLgjH+6qiDnQn9DO
+KQXwJPACW2YmX0nBCYlZKpUKhnCzuhQqOp4V5xhpsB7iBJA6aLb4d6iYxnq1Fe6H
+/ZCvcSGhuA==
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/09.pem b/trunk/keys/ca.db.certs/09.pem
new file mode 100644
index 0000000..77d847d
--- /dev/null
+++ b/trunk/keys/ca.db.certs/09.pem
@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 17:02:07 2006 GMT
+            Not After : Mar  9 17:02:07 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=wernerDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:f1:9d:7d:ba:7c:8e:bb:2d:d4:ef:06:e8:9d:8f:
+                    55:d2:54:d5:fd:31:0a:2d:e7:a1:10:b8:cc:a0:3f:
+                    60:5a:07:04:4d:2c:e2:14:81:a6:a7:48:4f:9a:b8:
+                    5a:8c:8a:94:c8:69:4a:e7:7a:80:6a:5a:c5:f9:58:
+                    1e:43:7d:bd:e3:d1:79:4f:b8:00:33:77:31:ed:c1:
+                    aa:3f:a7:8a:5c:a4:dd:1a:98:0e:cc:02:ce:e7:41:
+                    05:f6:5c:fc:7e:e8:06:18:1f:57:ea:16:69:25:99:
+                    71:2d:b1:73:ff:36:f2:ee:bb:4a:0a:80:85:39:84:
+                    f8:8b:eb:d8:f5:ef:ff:9b:fe
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7D:D4:B3:14:1D:F8:86:93:29:91:B3:B7:7F:76:DB:06:05:6B:63:44
+            X509v3 Authority Key Identifier: 
+                keyid:D9:95:2A:4A:3F:76:D0:87:A8:B1:F0:FF:84:B8:C0:7A:11:B9:31:76
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:E6:78:00:61:07:BC:DA:46
+
+    Signature Algorithm: md5WithRSAEncryption
+        23:fa:01:b9:01:68:54:a4:8a:51:26:0b:b5:7c:17:5b:f0:1c:
+        03:05:f8:30:7d:ac:56:1e:46:18:ad:bc:42:cd:52:85:14:43:
+        77:2a:ee:ee:66:cc:05:96:b4:37:af:25:04:1e:b5:f8:bb:34:
+        db:2e:b8:3e:2c:58:00:57:92:b4:91:3b:40:e3:e0:f5:9b:7e:
+        b2:10:28:97:ee:78:34:9f:70:48:22:bb:3f:14:05:a6:34:fb:
+        0c:3e:58:7c:91:7e:48:70:1e:9d:fd:e5:0b:32:6a:96:83:7d:
+        a4:ce:4f:ac:54:a3:fa:8f:cb:f0:3b:a3:29:f2:9e:c3:23:5a:
+        10:ab
+-----BEGIN CERTIFICATE-----
+MIIEUTCCA7qgAwIBAgIBCTANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE3MDIwN1oXDTA4MDMwOTE3MDIwN1owZDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRIwEAYDVQQDEwl3ZXJuZXJEU0EwggG4MIIBLAYHKoZIzjgEATCC
+AR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y
++r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
+zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC
+Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9J
+KgOBhQACgYEA8Z19unyOuy3U7wbonY9V0lTV/TEKLeehELjMoD9gWgcETSziFIGm
+p0hPmrhajIqUyGlK53qAalrF+VgeQ32949F5T7gAM3cx7cGqP6eKXKTdGpgOzALO
+50EF9lz8fugGGB9X6hZpJZlxLbFz/zby7rtKCoCFOYT4i+vY9e//m/6jgfYwgfMw
+CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFH3UsxQd+IaTKZGzt3922wYFa2NEMIGYBgNVHSME
+gZAwgY2AFNmVKko/dtCHqLHw/4S4wHoRuTF2oWqkaDBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkA5ngAYQe8
+2kYwDQYJKoZIhvcNAQEEBQADgYEAI/oBuQFoVKSKUSYLtXwXW/AcAwX4MH2sVh5G
+GK28Qs1ShRRDdyru7mbMBZa0N68lBB61+Ls02y64PixYAFeStJE7QOPg9Zt+shAo
+l+54NJ9wSCK7PxQFpjT7DD5YfJF+SHAenf3lCzJqloN9pM5PrFSj+o/L8DujKfKe
+wyNaEKs=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/0A.pem b/trunk/keys/ca.db.certs/0A.pem
new file mode 100644
index 0000000..555d2c6
--- /dev/null
+++ b/trunk/keys/ca.db.certs/0A.pem
@@ -0,0 +1,65 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 17:04:55 2006 GMT
+            Not After : Mar  9 17:04:55 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=werner
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1023 bit)
+                Modulus (1023 bit):
+                    72:0b:f1:36:fc:53:b6:20:5b:0e:1f:cc:2c:c6:3f:
+                    3e:f1:75:cc:25:4e:8f:ef:ec:b9:a0:70:95:ad:9a:
+                    6e:2c:03:1c:33:41:4b:4c:c3:22:5e:8d:96:4c:d9:
+                    cb:29:8b:0d:90:2d:7f:7c:1e:e6:27:dd:b1:cc:cc:
+                    b9:45:c0:99:56:4e:92:46:a1:92:ad:68:0c:7c:04:
+                    fd:50:1a:f0:08:9a:f3:56:4d:4b:55:cc:ac:95:cc:
+                    f2:4c:ce:40:e2:ad:63:fc:79:19:03:8f:cc:17:37:
+                    4f:4f:40:27:b2:84:83:41:3e:c9:7d:8a:17:44:6c:
+                    4c:38:09:63:a2:a0:08:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:88:F1:D3:7B:E6:47:03:0F:95:C0:B6:91:1F:7F:15:6D:41:F1:84
+            X509v3 Authority Key Identifier: 
+                keyid:D9:95:2A:4A:3F:76:D0:87:A8:B1:F0:FF:84:B8:C0:7A:11:B9:31:76
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:E6:78:00:61:07:BC:DA:46
+
+    Signature Algorithm: md5WithRSAEncryption
+        27:b1:a2:69:2d:50:38:f6:9c:b1:bd:b9:81:a3:c3:60:25:0f:
+        7f:82:b9:63:16:7a:0c:2b:cc:fa:45:78:ff:9b:b9:f0:96:aa:
+        28:d0:c0:98:d5:fe:bd:81:79:1e:2d:96:8e:a3:0a:bb:d8:ca:
+        cf:c4:cb:d6:56:3a:cf:a7:a8:08:26:dd:97:54:29:9e:eb:93:
+        8d:87:9d:3b:5c:22:9f:94:b9:43:de:e1:05:74:67:00:f5:d1:
+        ca:1f:70:26:00:13:63:01:25:6c:ed:61:6e:20:19:76:68:21:
+        ef:0a:f0:42:e2:2c:1c:13:23:82:7c:d4:2e:a9:38:0c:73:07:
+        a8:2c
+-----BEGIN CERTIFICATE-----
+MIIDMzCCApygAwIBAgIBCjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE3MDQ1NVoXDTA4MDMwOTE3MDQ1NVowYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZ3ZXJuZXIwgZ4wDQYJKoZIhvcNAQEBBQADgYwA
+MIGIAoGAcgvxNvxTtiBbDh/MLMY/PvF1zCVOj+/suaBwla2abiwDHDNBS0zDIl6N
+lkzZyymLDZAtf3we5ifdsczMuUXAmVZOkkahkq1oDHwE/VAa8Aia81ZNS1XMrJXM
+8kzOQOKtY/x5GQOPzBc3T09AJ7KEg0E+yX2KF0RsTDgJY6KgCD0CAwEAAaOB9jCB
+8zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5Ijx03vmRwMPlcC2kR9/FW1B8YQwgZgGA1Ud
+IwSBkDCBjYAU2ZUqSj920IeosfD/hLjAehG5MXahaqRoMGYxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1UEChMESG9t
+ZTEVMBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXKCCQDmeABh
+B7zaRjANBgkqhkiG9w0BAQQFAAOBgQAnsaJpLVA49pyxvbmBo8NgJQ9/grljFnoM
+K8z6RXj/m7nwlqoo0MCY1f69gXkeLZaOowq72MrPxMvWVjrPp6gIJt2XVCme65ON
+h507XCKflLlD3uEFdGcA9dHKH3AmABNjASVs7WFuIBl2aCHvCvBC4iwcEyOCfNQu
+qTgMcweoLA==
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/0B.pem b/trunk/keys/ca.db.certs/0B.pem
new file mode 100644
index 0000000..c4fdb92
--- /dev/null
+++ b/trunk/keys/ca.db.certs/0B.pem
@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11 (0xb)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 17:05:01 2006 GMT
+            Not After : Mar  9 17:05:01 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=wernerDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:f1:9d:7d:ba:7c:8e:bb:2d:d4:ef:06:e8:9d:8f:
+                    55:d2:54:d5:fd:31:0a:2d:e7:a1:10:b8:cc:a0:3f:
+                    60:5a:07:04:4d:2c:e2:14:81:a6:a7:48:4f:9a:b8:
+                    5a:8c:8a:94:c8:69:4a:e7:7a:80:6a:5a:c5:f9:58:
+                    1e:43:7d:bd:e3:d1:79:4f:b8:00:33:77:31:ed:c1:
+                    aa:3f:a7:8a:5c:a4:dd:1a:98:0e:cc:02:ce:e7:41:
+                    05:f6:5c:fc:7e:e8:06:18:1f:57:ea:16:69:25:99:
+                    71:2d:b1:73:ff:36:f2:ee:bb:4a:0a:80:85:39:84:
+                    f8:8b:eb:d8:f5:ef:ff:9b:fe
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7D:D4:B3:14:1D:F8:86:93:29:91:B3:B7:7F:76:DB:06:05:6B:63:44
+            X509v3 Authority Key Identifier: 
+                keyid:D9:95:2A:4A:3F:76:D0:87:A8:B1:F0:FF:84:B8:C0:7A:11:B9:31:76
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:E6:78:00:61:07:BC:DA:46
+
+    Signature Algorithm: md5WithRSAEncryption
+        a9:ce:af:60:82:7e:95:4f:e8:b8:06:a3:9e:c2:1b:3a:45:f1:
+        d7:27:c5:52:90:fe:35:e5:b0:33:c7:52:f7:4e:a5:2d:9b:76:
+        22:d1:c0:e2:03:40:0c:4c:62:99:28:62:41:58:0d:27:8f:44:
+        3a:71:8f:f9:4b:14:44:90:2e:01:6c:4c:17:e3:2a:ac:f0:58:
+        a2:3d:e8:91:7c:8a:a2:58:2f:26:b4:c3:b7:c3:85:69:66:5a:
+        53:da:e7:16:61:7b:0d:13:d7:ba:5e:32:08:e2:ae:64:63:cc:
+        ea:c7:13:be:bb:47:fd:af:ed:e8:da:a4:bd:60:25:41:8c:44:
+        9b:89
+-----BEGIN CERTIFICATE-----
+MIIEUTCCA7qgAwIBAgIBCzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE3MDUwMVoXDTA4MDMwOTE3MDUwMVowZDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRIwEAYDVQQDEwl3ZXJuZXJEU0EwggG4MIIBLAYHKoZIzjgEATCC
+AR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y
++r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
+zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC
+Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9J
+KgOBhQACgYEA8Z19unyOuy3U7wbonY9V0lTV/TEKLeehELjMoD9gWgcETSziFIGm
+p0hPmrhajIqUyGlK53qAalrF+VgeQ32949F5T7gAM3cx7cGqP6eKXKTdGpgOzALO
+50EF9lz8fugGGB9X6hZpJZlxLbFz/zby7rtKCoCFOYT4i+vY9e//m/6jgfYwgfMw
+CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFH3UsxQd+IaTKZGzt3922wYFa2NEMIGYBgNVHSME
+gZAwgY2AFNmVKko/dtCHqLHw/4S4wHoRuTF2oWqkaDBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkA5ngAYQe8
+2kYwDQYJKoZIhvcNAQEEBQADgYEAqc6vYIJ+lU/ouAajnsIbOkXx1yfFUpD+NeWw
+M8dS906lLZt2ItHA4gNADEximShiQVgNJ49EOnGP+UsURJAuAWxMF+MqrPBYoj3o
+kXyKolgvJrTDt8OFaWZaU9rnFmF7DRPXul4yCOKuZGPM6scTvrtH/a/t6NqkvWAl
+QYxEm4k=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/0C.pem b/trunk/keys/ca.db.certs/0C.pem
new file mode 100644
index 0000000..211f7c5
--- /dev/null
+++ b/trunk/keys/ca.db.certs/0C.pem
@@ -0,0 +1,65 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12 (0xc)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 17:07:22 2006 GMT
+            Not After : Mar  9 17:07:22 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=Werner
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:90:a9:4a:94:71:77:ca:03:bd:df:4d:3d:1c:50:
+                    9a:a0:b4:a1:30:3f:34:2d:44:aa:d5:0a:b1:42:46:
+                    5b:c2:d1:3b:b3:66:b6:82:8c:d0:9b:43:b7:8b:06:
+                    7f:66:0e:e7:b2:0e:07:59:c0:b2:9f:77:3b:a6:ed:
+                    39:e0:b4:82:67:aa:de:2a:ba:66:0d:a2:b3:4c:47:
+                    21:ff:33:b2:82:b6:68:83:fa:9d:d1:e0:04:be:6b:
+                    5a:f8:a9:e8:77:76:1f:06:92:26:12:f9:59:1e:65:
+                    45:8c:a5:29:55:72:5b:b4:1a:6e:d2:d8:79:9b:98:
+                    6f:94:88:90:e8:aa:a2:72:7f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C0:92:B0:AC:F1:AA:27:F4:C7:28:77:A2:0E:41:80:7A:B7:9F:5B:F0
+            X509v3 Authority Key Identifier: 
+                keyid:D9:95:2A:4A:3F:76:D0:87:A8:B1:F0:FF:84:B8:C0:7A:11:B9:31:76
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:E6:78:00:61:07:BC:DA:46
+
+    Signature Algorithm: md5WithRSAEncryption
+        cf:54:02:2d:7c:bf:3c:b2:8c:d3:54:16:9d:57:e0:fa:ef:4f:
+        fe:18:72:18:70:08:5d:8d:84:15:39:fa:02:a6:71:85:95:e7:
+        0d:7c:c2:69:24:f8:35:ba:ee:a1:2e:c2:a7:31:cb:95:71:20:
+        98:31:e4:60:52:94:f6:06:cc:0e:e0:b8:ae:27:a0:18:6e:eb:
+        bc:f1:2d:2d:90:ba:25:f6:86:de:2b:e2:bc:c8:d2:6e:9f:a4:
+        e2:d9:ad:94:49:9d:88:fc:93:b1:2c:72:77:a5:49:7d:3a:6e:
+        62:ba:c4:13:cc:ff:90:ac:0d:8d:85:65:0f:36:56:8f:04:7a:
+        74:b9
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBDDANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE3MDcyMloXDTA4MDMwOTE3MDcyMlowYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAJCpSpRxd8oDvd9NPRxQmqC0oTA/NC1EqtUKsUJGW8LRO7NmtoKM0JtD
+t4sGf2YO57IOB1nAsp93O6btOeC0gmeq3iq6Zg2is0xHIf8zsoK2aIP6ndHgBL5r
+Wvip6Hd2HwaSJhL5WR5lRYylKVVyW7QabtLYeZuYb5SIkOiqonJ/AgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFMCSsKzxqif0xyh3og5BgHq3n1vwMIGYBgNV
+HSMEgZAwgY2AFNmVKko/dtCHqLHw/4S4wHoRuTF2oWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkA5ngA
+YQe82kYwDQYJKoZIhvcNAQEEBQADgYEAz1QCLXy/PLKM01QWnVfg+u9P/hhyGHAI
+XY2EFTn6AqZxhZXnDXzCaST4NbruoS7CpzHLlXEgmDHkYFKU9gbMDuC4riegGG7r
+vPEtLZC6JfaG3ivivMjSbp+k4tmtlEmdiPyTsSxyd6VJfTpuYrrEE8z/kKwNjYVl
+DzZWjwR6dLk=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/0D.pem b/trunk/keys/ca.db.certs/0D.pem
new file mode 100644
index 0000000..8ec586d
--- /dev/null
+++ b/trunk/keys/ca.db.certs/0D.pem
@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Mar 10 17:07:29 2006 GMT
+            Not After : Mar  9 17:07:29 2008 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=WernerDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:88:da:f5:b5:f9:81:6d:2d:19:c6:ee:63:bc:15:
+                    e2:08:e3:77:18:4b:20:84:ea:3d:5f:82:a4:65:73:
+                    8b:4a:e3:d6:42:70:7e:5b:da:91:71:db:01:2a:dd:
+                    0c:1b:bb:22:46:31:f9:09:9b:e4:6a:ff:00:f5:dd:
+                    2b:f6:ea:9e:ca:e3:0a:aa:1c:5e:8f:be:6d:ab:57:
+                    60:d0:7f:1d:b4:91:40:d5:44:c4:b9:29:49:a4:18:
+                    fd:31:7a:af:d2:b5:df:9f:c4:20:78:8e:a5:48:b0:
+                    f1:e4:92:67:61:d1:be:76:b2:d7:d9:d9:40:f8:f1:
+                    7e:d2:51:62:3a:02:eb:2c:2d
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                93:A5:0D:37:7D:E9:1F:88:58:29:D5:8E:21:CE:E1:E4:17:5C:ED:DC
+            X509v3 Authority Key Identifier: 
+                keyid:D9:95:2A:4A:3F:76:D0:87:A8:B1:F0:FF:84:B8:C0:7A:11:B9:31:76
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:E6:78:00:61:07:BC:DA:46
+
+    Signature Algorithm: md5WithRSAEncryption
+        81:07:ab:24:e4:30:da:49:e0:30:8f:63:ca:54:65:af:37:2c:
+        f8:3e:b0:d2:88:60:6d:b9:16:e9:90:e5:db:d6:c2:db:79:0a:
+        2c:1c:fb:d3:cb:f2:a7:fb:60:dc:ee:1c:92:a6:fc:58:da:3c:
+        85:3e:21:05:c7:57:74:20:37:e1:3e:d7:19:de:60:5a:0d:dc:
+        60:aa:14:40:8f:e1:cf:3b:be:97:cb:18:22:19:8f:43:e7:37:
+        0f:68:f8:d9:89:98:b3:8d:b1:76:a3:e7:00:b3:c5:68:38:78:
+        da:d3:b5:63:b2:0b:0a:57:f5:98:0c:de:01:09:5b:8b:ee:12:
+        17:8e
+-----BEGIN CERTIFICATE-----
+MIIEUTCCA7qgAwIBAgIBDTANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA2MDMx
+MDE3MDcyOVoXDTA4MDMwOTE3MDcyOVowZDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRIwEAYDVQQDEwlXZXJuZXJEU0EwggG4MIIBLAYHKoZIzjgEATCC
+AR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y
++r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
+zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC
+Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9J
+KgOBhQACgYEAiNr1tfmBbS0Zxu5jvBXiCON3GEsghOo9X4KkZXOLSuPWQnB+W9qR
+cdsBKt0MG7siRjH5CZvkav8A9d0r9uqeyuMKqhxej75tq1dg0H8dtJFA1UTEuSlJ
+pBj9MXqv0rXfn8QgeI6lSLDx5JJnYdG+drLX2dlA+PF+0lFiOgLrLC2jgfYwgfMw
+CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFJOlDTd96R+IWCnVjiHO4eQXXO3cMIGYBgNVHSME
+gZAwgY2AFNmVKko/dtCHqLHw/4S4wHoRuTF2oWqkaDBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkA5ngAYQe8
+2kYwDQYJKoZIhvcNAQEEBQADgYEAgQerJOQw2kngMI9jylRlrzcs+D6w0ohgbbkW
+6ZDl29bC23kKLBz708vyp/tg3O4ckqb8WNo8hT4hBcdXdCA34T7XGd5gWg3cYKoU
+QI/hzzu+l8sYIhmPQ+c3D2j42YmYs42xdqPnALPFaDh42tO1Y7ILClf1mAzeAQlb
+i+4SF44=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/0E.pem b/trunk/keys/ca.db.certs/0E.pem
new file mode 100644
index 0000000..5f57964
--- /dev/null
+++ b/trunk/keys/ca.db.certs/0E.pem
@@ -0,0 +1,65 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14 (0xe)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Apr  4 19:20:01 2008 GMT
+            Not After : Apr  4 19:20:01 2010 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=Werner
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:83:0f:ed:d5:f1:69:5f:b1:30:81:13:2b:0c:84:
+                    ff:d4:9c:f3:7b:4e:25:d0:b2:40:6c:d5:38:6f:fb:
+                    24:2f:eb:6e:3a:66:37:a9:d0:24:4e:1c:d5:c9:b4:
+                    09:8b:a3:2d:0f:04:77:8d:9c:6a:56:99:1e:ec:18:
+                    54:01:29:8f:ef:71:bc:18:b2:65:53:33:e8:f5:41:
+                    f8:81:15:04:23:11:95:50:74:fd:0e:7a:71:f4:09:
+                    84:16:53:a7:b1:ca:2e:7d:39:40:91:ee:0f:02:49:
+                    fd:73:b9:71:9e:7b:ad:61:7a:67:62:f7:9d:c1:ed:
+                    e9:e8:af:bc:11:9a:a4:b3:19
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                A2:3D:00:CA:A7:14:92:0E:6F:F6:78:CB:92:51:D0:82:40:CE:E1:EC
+            X509v3 Authority Key Identifier: 
+                keyid:D2:7A:D8:87:17:51:5D:D6:7E:08:E9:B4:62:BF:E0:55:59:80:9E:BF
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:C2:BC:B4:0E:8B:70:1B:B1
+
+    Signature Algorithm: md5WithRSAEncryption
+        04:6f:22:87:5b:3f:ad:f7:04:48:b6:1f:37:fb:56:0c:48:6a:
+        d8:25:ea:7a:72:09:37:bb:83:03:ea:51:9d:e9:99:88:6f:7b:
+        42:95:f7:e7:af:a9:3b:cc:a3:91:a1:49:f8:e1:ad:88:51:cd:
+        64:ce:1b:8b:89:1e:bb:4c:7a:f1:bf:2c:69:41:f2:c1:26:d1:
+        8f:3e:60:4c:fb:84:46:ed:f2:b7:8a:a2:ba:7b:cb:df:2d:23:
+        29:d9:da:05:5c:2a:83:d6:89:c8:7f:92:66:ab:00:ec:f4:d9:
+        56:8d:02:f3:2f:3d:de:a7:ef:0f:ba:8d:45:ff:e4:f1:69:22:
+        24:28
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBDjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA4MDQw
+NDE5MjAwMVoXDTEwMDQwNDE5MjAwMVowYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAIMP7dXxaV+xMIETKwyE/9Sc83tOJdCyQGzVOG/7JC/rbjpmN6nQJE4c
+1cm0CYujLQ8Ed42calaZHuwYVAEpj+9xvBiyZVMz6PVB+IEVBCMRlVB0/Q56cfQJ
+hBZTp7HKLn05QJHuDwJJ/XO5cZ57rWF6Z2L3ncHt6eivvBGapLMZAgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFKI9AMqnFJIOb/Z4y5JR0IJAzuHsMIGYBgNV
+HSMEgZAwgY2AFNJ62IcXUV3WfgjptGK/4FVZgJ6/oWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAwry0
+DotwG7EwDQYJKoZIhvcNAQEEBQADgYEABG8ih1s/rfcESLYfN/tWDEhq2CXqenIJ
+N7uDA+pRnemZiG97QpX356+pO8yjkaFJ+OGtiFHNZM4bi4keu0x68b8saUHywSbR
+jz5gTPuERu3yt4qiunvL3y0jKdnaBVwqg9aJyH+SZqsA7PTZVo0C8y893qfvD7qN
+Rf/k8WkiJCg=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/0F.pem b/trunk/keys/ca.db.certs/0F.pem
new file mode 100644
index 0000000..ae89dad
--- /dev/null
+++ b/trunk/keys/ca.db.certs/0F.pem
@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15 (0xf)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Apr  4 19:20:17 2008 GMT
+            Not After : Apr  4 19:20:17 2010 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=WernerDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:b8:0e:dd:18:df:90:ea:73:22:24:cf:e8:20:8a:
+                    f8:af:bd:9d:42:f4:84:dc:9e:8b:f1:6f:70:7f:f3:
+                    fb:e1:29:7f:a6:d9:9e:48:97:80:c3:99:79:0b:34:
+                    10:95:46:b1:68:7f:2d:b3:71:57:d2:17:f8:40:9b:
+                    b2:49:6c:26:ad:3d:36:e0:27:46:f5:2d:62:af:c2:
+                    e7:83:19:a6:47:72:a6:0f:ab:8d:3b:72:99:c9:5d:
+                    7d:d8:54:85:c5:0b:38:da:2f:ee:77:c1:21:25:22:
+                    dd:ca:01:32:a8:66:bc:c6:81:d9:cb:d4:09:d8:d1:
+                    ae:b5:f2:c9:c4:4b:9e:b6:8c
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                6C:31:82:3D:76:DA:97:6D:88:C3:A0:F3:C8:97:A6:17:C9:BC:4B:AC
+            X509v3 Authority Key Identifier: 
+                keyid:D2:7A:D8:87:17:51:5D:D6:7E:08:E9:B4:62:BF:E0:55:59:80:9E:BF
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:C2:BC:B4:0E:8B:70:1B:B1
+
+    Signature Algorithm: md5WithRSAEncryption
+        83:03:c8:50:b2:0e:29:b2:22:18:ac:26:4d:05:4a:0f:68:d8:
+        6b:80:41:45:90:20:a3:1d:03:d5:c2:69:48:15:ac:52:2e:3f:
+        2f:8a:9a:26:ab:00:5e:53:44:a3:ef:fe:c0:66:44:9b:a8:fa:
+        02:79:4c:fe:81:8c:d7:2f:24:4a:78:ee:d3:31:08:8a:d7:2e:
+        19:de:9a:57:27:ea:a6:f3:a6:c6:3c:2f:72:0f:3e:7d:d1:25:
+        2d:19:3f:d4:85:06:45:e6:7b:84:d9:1d:0e:35:58:cc:98:d9:
+        3d:a5:7c:5a:33:7a:a4:9d:d2:29:76:28:1b:15:14:2b:40:be:
+        0d:92
+-----BEGIN CERTIFICATE-----
+MIIEUTCCA7qgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA4MDQw
+NDE5MjAxN1oXDTEwMDQwNDE5MjAxN1owZDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRIwEAYDVQQDEwlXZXJuZXJEU0EwggG4MIIBLAYHKoZIzjgEATCC
+AR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y
++r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
+zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC
+Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9J
+KgOBhQACgYEAuA7dGN+Q6nMiJM/oIIr4r72dQvSE3J6L8W9wf/P74Sl/ptmeSJeA
+w5l5CzQQlUaxaH8ts3FX0hf4QJuySWwmrT024CdG9S1ir8LngxmmR3KmD6uNO3KZ
+yV192FSFxQs42i/ud8EhJSLdygEyqGa8xoHZy9QJ2NGutfLJxEuetoyjgfYwgfMw
+CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFGwxgj122pdtiMOg88iXphfJvEusMIGYBgNVHSME
+gZAwgY2AFNJ62IcXUV3WfgjptGK/4FVZgJ6/oWqkaDBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAwry0Dotw
+G7EwDQYJKoZIhvcNAQEEBQADgYEAgwPIULIOKbIiGKwmTQVKD2jYa4BBRZAgox0D
+1cJpSBWsUi4/L4qaJqsAXlNEo+/+wGZEm6j6AnlM/oGM1y8kSnju0zEIitcuGd6a
+VyfqpvOmxjwvcg8+fdElLRk/1IUGReZ7hNkdDjVYzJjZPaV8WjN6pJ3SKXYoGxUU
+K0C+DZI=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/10.pem b/trunk/keys/ca.db.certs/10.pem
new file mode 100644
index 0000000..48034c7
--- /dev/null
+++ b/trunk/keys/ca.db.certs/10.pem
@@ -0,0 +1,65 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Apr  4 19:32:18 2008 GMT
+            Not After : Apr  4 19:32:18 2010 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=Werner
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:83:65:2f:7f:e4:d0:7f:f3:be:49:e9:06:d2:e8:
+                    f2:3c:d7:c3:1f:c8:25:4f:c2:19:2b:fa:32:ca:89:
+                    67:67:f2:67:a9:29:2e:55:c2:b9:20:54:67:fb:5f:
+                    91:dc:69:bb:38:58:ab:f4:9c:ec:0f:1c:b0:89:3d:
+                    80:37:fd:45:46:eb:84:ad:2a:2b:0d:15:3f:a0:e8:
+                    08:82:63:4b:92:1e:37:e3:5e:26:4c:7c:62:39:b3:
+                    2c:f9:99:a8:b6:1b:34:f5:eb:fe:1c:bc:09:1a:d1:
+                    e8:2a:8b:4d:34:a4:07:0a:04:27:e7:03:91:f6:6b:
+                    74:7d:bf:6c:d0:f4:14:42:19
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                54:99:5E:FD:08:E5:B1:BB:5C:F1:30:8F:29:70:1B:79:66:64:67:62
+            X509v3 Authority Key Identifier: 
+                keyid:BF:C5:B0:71:E8:94:62:0C:69:C5:35:4D:95:BF:F3:C0:5D:D8:42:FA
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:B8:12:0E:01:62:75:F6:6C
+
+    Signature Algorithm: md5WithRSAEncryption
+        52:25:21:ff:03:91:55:c4:18:5f:12:21:d7:78:77:c3:60:6d:
+        83:a2:a3:da:0e:95:e9:83:b4:52:d7:3f:80:46:16:c1:3d:f5:
+        d0:2d:8e:ba:ba:0a:03:0c:28:1d:aa:4c:20:85:a2:25:17:25:
+        20:08:80:f0:79:db:d1:2b:ff:a6:eb:87:60:3e:06:e0:d5:85:
+        76:25:63:46:8a:dd:f7:47:99:25:ee:34:34:c1:ab:b9:19:a5:
+        a8:84:48:18:62:82:bf:ec:2f:dc:4e:94:c7:57:16:5b:ce:b6:
+        7f:91:fd:13:2a:dc:a1:c9:1e:d8:ff:b7:18:d0:06:cb:cd:ef:
+        82:10
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBEDANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA4MDQw
+NDE5MzIxOFoXDTEwMDQwNDE5MzIxOFowYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAINlL3/k0H/zvknpBtLo8jzXwx/IJU/CGSv6MsqJZ2fyZ6kpLlXCuSBU
+Z/tfkdxpuzhYq/Sc7A8csIk9gDf9RUbrhK0qKw0VP6DoCIJjS5IeN+NeJkx8Yjmz
+LPmZqLYbNPXr/hy8CRrR6CqLTTSkBwoEJ+cDkfZrdH2/bND0FEIZAgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFFSZXv0I5bG7XPEwjylwG3lmZGdiMIGYBgNV
+HSMEgZAwgY2AFL/FsHHolGIMacU1TZW/88Bd2EL6oWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAuBIO
+AWJ19mwwDQYJKoZIhvcNAQEEBQADgYEAUiUh/wORVcQYXxIh13h3w2Btg6Kj2g6V
+6YO0Utc/gEYWwT310C2OuroKAwwoHapMIIWiJRclIAiA8Hnb0Sv/puuHYD4G4NWF
+diVjRord90eZJe40NMGruRmlqIRIGGKCv+wv3E6Ux1cWW862f5H9Eyrcocke2P+3
+GNAGy83vghA=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.certs/11.pem b/trunk/keys/ca.db.certs/11.pem
new file mode 100644
index 0000000..0418d1c
--- /dev/null
+++ b/trunk/keys/ca.db.certs/11.pem
@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 17 (0x11)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Apr  4 19:32:28 2008 GMT
+            Not After : Apr  4 19:32:28 2010 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=WernerDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    13:ab:7a:33:39:58:6d:23:85:8b:31:cc:36:8c:4d:
+                    a1:1e:72:b7:f7:ba:16:b7:d5:13:3b:3b:00:24:4a:
+                    96:07:1c:c4:0f:b6:cd:c3:fa:48:10:ea:a9:46:94:
+                    a1:50:9e:67:bd:f7:80:8c:09:7d:89:f8:fe:bf:ce:
+                    29:4d:80:62:23:b7:12:23:96:d4:f8:2e:da:94:1f:
+                    ab:6c:d2:11:9a:2a:6a:d6:92:96:57:3c:bc:45:98:
+                    9e:e7:1f:ab:58:fd:5d:d1:2d:c7:eb:4b:e8:9f:19:
+                    70:ea:dd:c8:c6:b4:a4:4f:3e:78:63:a6:50:4c:f9:
+                    7c:52:db:14:2b:dc:87:2a
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C3:EB:D7:FD:B4:B3:CA:02:9F:3E:D8:3D:A5:76:3B:36:97:3E:E6:62
+            X509v3 Authority Key Identifier: 
+                keyid:BF:C5:B0:71:E8:94:62:0C:69:C5:35:4D:95:BF:F3:C0:5D:D8:42:FA
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:B8:12:0E:01:62:75:F6:6C
+
+    Signature Algorithm: md5WithRSAEncryption
+        29:53:ca:fe:b0:ea:67:c9:31:2c:fa:13:12:2a:67:ee:35:71:
+        c1:a1:9e:90:45:45:1c:8e:37:84:3b:ce:41:de:b5:d2:4d:da:
+        ef:cb:5f:72:1d:06:e8:2e:c2:4c:2e:72:88:3a:1c:c2:13:93:
+        6f:8f:04:eb:9f:85:72:e1:35:1a:04:9e:27:66:c4:e9:e6:4e:
+        df:eb:8b:24:5e:74:12:f1:34:a1:b0:5d:59:9f:fd:45:c8:f9:
+        26:e9:f3:94:4a:d7:7d:4f:2f:76:92:77:f4:89:bf:21:86:39:
+        6e:74:d7:fa:8d:45:bf:00:38:b5:ab:17:43:e0:94:c7:51:e0:
+        e2:a3
+-----BEGIN CERTIFICATE-----
+MIIEUDCCA7mgAwIBAgIBETANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA4MDQw
+NDE5MzIyOFoXDTEwMDQwNDE5MzIyOFowZDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRIwEAYDVQQDEwlXZXJuZXJEU0EwggG3MIIBLAYHKoZIzjgEATCC
+AR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y
++r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
+zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC
+Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9J
+KgOBhAACgYATq3ozOVhtI4WLMcw2jE2hHnK397oWt9UTOzsAJEqWBxzED7bNw/pI
+EOqpRpShUJ5nvfeAjAl9ifj+v84pTYBiI7cSI5bU+C7alB+rbNIRmipq1pKWVzy8
+RZie5x+rWP1d0S3H60vonxlw6t3IxrSkTz54Y6ZQTPl8UtsUK9yHKqOB9jCB8zAJ
+BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUw+vX/bSzygKfPtg9pXY7Npc+5mIwgZgGA1UdIwSB
+kDCBjYAUv8WwceiUYgxpxTVNlb/zwF3YQvqhaqRoMGYxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1UEChMESG9tZTEV
+MBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXKCCQC4Eg4BYnX2
+bDANBgkqhkiG9w0BAQQFAAOBgQApU8r+sOpnyTEs+hMSKmfuNXHBoZ6QRUUcjjeE
+O85B3rXSTdrvy19yHQboLsJMLnKIOhzCE5NvjwTrn4Vy4TUaBJ4nZsTp5k7f64sk
+XnQS8TShsF1Zn/1FyPkm6fOUStd9Ty92knf0ib8hhjludNf6jUW/ADi1qxdD4JTH
+UeDiow==
+-----END CERTIFICATE-----
diff --git a/trunk/keys/ca.db.index b/trunk/keys/ca.db.index
new file mode 100644
index 0000000..5c0fae1
--- /dev/null
+++ b/trunk/keys/ca.db.index
@@ -0,0 +1,17 @@
+E	050228105117Z		01	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=werner
+E	050228120029Z		02	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=wernerd
+E	050307093155Z		03	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=wernerdDSA
+V	060309222536Z		04	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=wernerdDSA
+V	060309223016Z		05	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=wernerd
+V	080309161024Z		06	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=werner
+V	080309161037Z		07	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=wernerDSA
+V	080309170156Z		08	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=werner
+V	080309170207Z		09	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=wernerDSA
+V	080309170455Z		0A	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=werner
+V	080309170501Z		0B	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=wernerDSA
+V	080309170722Z		0C	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=Werner
+V	080309170729Z		0D	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=WernerDSA
+V	100404192001Z		0E	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=Werner
+V	100404192017Z		0F	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=WernerDSA
+V	100404193218Z		10	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=Werner
+V	100404193228Z		11	unknown	/C=DE/ST=Bayern/L=Munich/O=Apache/OU=WSS4J/CN=WernerDSA
diff --git a/trunk/keys/ca.db.index.attr b/trunk/keys/ca.db.index.attr
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/trunk/keys/ca.db.index.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/trunk/keys/ca.db.serial b/trunk/keys/ca.db.serial
new file mode 100644
index 0000000..48082f7
--- /dev/null
+++ b/trunk/keys/ca.db.serial
@@ -0,0 +1 @@
+12
diff --git a/trunk/keys/ca.key b/trunk/keys/ca.key
new file mode 100644
index 0000000..9909879
--- /dev/null
+++ b/trunk/keys/ca.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6DA21E161F9EF0BF
+
+QlIo6z9lYaqLSYm66f/4PgWsoBxls2uJkAp0IgQfxqftC9cZpkyYOeD//2JYtyWR
+/09V6Nx4tcRF3JPCXx+BoX11oNZr1ze+1Tgt6ZmIETrKrW4oS69W43q0JiKcHYcP
+3gTZASnBU+KkPEVcyN+XNP/6UURP0Y5P+IgQj8FEi0LSh3RVGXLwsVmeXo0vkGvH
++U+GrGW4h25udkqt62O2gi34XdBBuIMUaLl9wMJ+M/oTzP91v213JGMoVLd3N7Cf
+S24rPb/pabcz+wIPKW2RU8Fgssun4pIRIjOujbzONo7OgoeIXM+n4zNyFa34E5ub
+iLKYOiS8pFkWLKXPxSRTAweWKfyoWNYaGbsSxrJHMLiRplHlHveJdbBJ5Y1h7OEs
+9+UqxZNXX1lMyzueC5TewoSUEkiFw+5Fmrw9N3m5v5oZOdFD/dWeysHimUPQS+zg
+sn7mnY/M3VbPCMWbK4RLs3/ABZxFhmMDZWXRFXSXk+jXqt2mWBKJPALBTbNHFDsm
+05fX0HD+IjRtODSjluK9dpnegS8EdJT5yG2J/Jhr2MzSPe2PlyvnrMXZ+MDWz5XJ
+TWLsn5c3A6FsvIFbCRb/QxfZldT6d/33A6vxSpYHOfti4de7Yw32TlRmYr8F3DLA
+BCHiVcCKzMRiJAbYRsCyKWWttdKV9fixNDhzvDNboMJf/duum8op4ALKaZsaBvq6
+BfY6kmckqStZDJs/ytlnjDnAPBBpJML+vBIbo24n1d3X1mvIVwCADqMspfqr3Ukg
+hACyMhPB+fNx+mUqgW+Sf77ffD62ktyoR5StxsbwJuZqqqghOjAvTg==
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/keys/cert.crt b/trunk/keys/cert.crt
new file mode 100644
index 0000000..bb9b089
--- /dev/null
+++ b/trunk/keys/cert.crt
Binary files differ
diff --git a/trunk/keys/cert.pem b/trunk/keys/cert.pem
new file mode 100644
index 0000000..48034c7
--- /dev/null
+++ b/trunk/keys/cert.pem
@@ -0,0 +1,65 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Apr  4 19:32:18 2008 GMT
+            Not After : Apr  4 19:32:18 2010 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=Werner
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:83:65:2f:7f:e4:d0:7f:f3:be:49:e9:06:d2:e8:
+                    f2:3c:d7:c3:1f:c8:25:4f:c2:19:2b:fa:32:ca:89:
+                    67:67:f2:67:a9:29:2e:55:c2:b9:20:54:67:fb:5f:
+                    91:dc:69:bb:38:58:ab:f4:9c:ec:0f:1c:b0:89:3d:
+                    80:37:fd:45:46:eb:84:ad:2a:2b:0d:15:3f:a0:e8:
+                    08:82:63:4b:92:1e:37:e3:5e:26:4c:7c:62:39:b3:
+                    2c:f9:99:a8:b6:1b:34:f5:eb:fe:1c:bc:09:1a:d1:
+                    e8:2a:8b:4d:34:a4:07:0a:04:27:e7:03:91:f6:6b:
+                    74:7d:bf:6c:d0:f4:14:42:19
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                54:99:5E:FD:08:E5:B1:BB:5C:F1:30:8F:29:70:1B:79:66:64:67:62
+            X509v3 Authority Key Identifier: 
+                keyid:BF:C5:B0:71:E8:94:62:0C:69:C5:35:4D:95:BF:F3:C0:5D:D8:42:FA
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:B8:12:0E:01:62:75:F6:6C
+
+    Signature Algorithm: md5WithRSAEncryption
+        52:25:21:ff:03:91:55:c4:18:5f:12:21:d7:78:77:c3:60:6d:
+        83:a2:a3:da:0e:95:e9:83:b4:52:d7:3f:80:46:16:c1:3d:f5:
+        d0:2d:8e:ba:ba:0a:03:0c:28:1d:aa:4c:20:85:a2:25:17:25:
+        20:08:80:f0:79:db:d1:2b:ff:a6:eb:87:60:3e:06:e0:d5:85:
+        76:25:63:46:8a:dd:f7:47:99:25:ee:34:34:c1:ab:b9:19:a5:
+        a8:84:48:18:62:82:bf:ec:2f:dc:4e:94:c7:57:16:5b:ce:b6:
+        7f:91:fd:13:2a:dc:a1:c9:1e:d8:ff:b7:18:d0:06:cb:cd:ef:
+        82:10
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBEDANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA4MDQw
+NDE5MzIxOFoXDTEwMDQwNDE5MzIxOFowYTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAINlL3/k0H/zvknpBtLo8jzXwx/IJU/CGSv6MsqJZ2fyZ6kpLlXCuSBU
+Z/tfkdxpuzhYq/Sc7A8csIk9gDf9RUbrhK0qKw0VP6DoCIJjS5IeN+NeJkx8Yjmz
+LPmZqLYbNPXr/hy8CRrR6CqLTTSkBwoEJ+cDkfZrdH2/bND0FEIZAgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFFSZXv0I5bG7XPEwjylwG3lmZGdiMIGYBgNV
+HSMEgZAwgY2AFL/FsHHolGIMacU1TZW/88Bd2EL6oWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAuBIO
+AWJ19mwwDQYJKoZIhvcNAQEEBQADgYEAUiUh/wORVcQYXxIh13h3w2Btg6Kj2g6V
+6YO0Utc/gEYWwT310C2OuroKAwwoHapMIIWiJRclIAiA8Hnb0Sv/puuHYD4G4NWF
+diVjRord90eZJe40NMGruRmlqIRIGGKCv+wv3E6Ux1cWW862f5H9Eyrcocke2P+3
+GNAGy83vghA=
+-----END CERTIFICATE-----
diff --git a/trunk/keys/cert.req b/trunk/keys/cert.req
new file mode 100644
index 0000000..18a9db1
--- /dev/null
+++ b/trunk/keys/cert.req
@@ -0,0 +1,10 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIBoTCCAQoCAQAwYTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGTXVu
+aWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNVBAsTBVdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAINlL3/k0H/zvknpBtLo8jzXwx/IJU/CGSv6MsqJZ2fy
+Z6kpLlXCuSBUZ/tfkdxpuzhYq/Sc7A8csIk9gDf9RUbrhK0qKw0VP6DoCIJjS5IeN+NeJkx8Yjmz
+LPmZqLYbNPXr/hy8CRrR6CqLTTSkBwoEJ+cDkfZrdH2/bND0FEIZAgMBAAGgADANBgkqhkiG9w0B
+AQQFAAOBgQAcUGekc0IcK+SRB/9UPWZobKBFE9GtgCg7Q8GWTeKTzEgjGx8JHRtGuRmg1E8bRqUu
+5UncpH6tOyQJppYSsCoZG5wsR0cVXKuK6jdtlzITfbUNhwved/mXVIOI9Prsv3rWjCYXLsCm94pz
+NfUhXd2CIWFfEHTmYtqNOuKeirVErA==
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/trunk/keys/certDSA.crt b/trunk/keys/certDSA.crt
new file mode 100644
index 0000000..9b9d3a7
--- /dev/null
+++ b/trunk/keys/certDSA.crt
Binary files differ
diff --git a/trunk/keys/certDSA.pem b/trunk/keys/certDSA.pem
new file mode 100644
index 0000000..0418d1c
--- /dev/null
+++ b/trunk/keys/certDSA.pem
@@ -0,0 +1,93 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 17 (0x11)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+        Validity
+            Not Before: Apr  4 19:32:28 2008 GMT
+            Not After : Apr  4 19:32:28 2010 GMT
+        Subject: C=DE, ST=Bayern, L=Munich, O=Apache, OU=WSS4J, CN=WernerDSA
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    13:ab:7a:33:39:58:6d:23:85:8b:31:cc:36:8c:4d:
+                    a1:1e:72:b7:f7:ba:16:b7:d5:13:3b:3b:00:24:4a:
+                    96:07:1c:c4:0f:b6:cd:c3:fa:48:10:ea:a9:46:94:
+                    a1:50:9e:67:bd:f7:80:8c:09:7d:89:f8:fe:bf:ce:
+                    29:4d:80:62:23:b7:12:23:96:d4:f8:2e:da:94:1f:
+                    ab:6c:d2:11:9a:2a:6a:d6:92:96:57:3c:bc:45:98:
+                    9e:e7:1f:ab:58:fd:5d:d1:2d:c7:eb:4b:e8:9f:19:
+                    70:ea:dd:c8:c6:b4:a4:4f:3e:78:63:a6:50:4c:f9:
+                    7c:52:db:14:2b:dc:87:2a
+                P:   
+                    00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+                    e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+                    51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+                    c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+                    6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+                    10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+                    c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+                    54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+                    f2:22:03:19:9d:d1:48:01:c7
+                Q:   
+                    00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+                    84:0b:f0:58:1c:f5
+                G:   
+                    00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+                    57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+                    07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+                    81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+                    32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+                    ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+                    f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+                    a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+                    25:64:01:4c:3b:fe:cf:49:2a
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C3:EB:D7:FD:B4:B3:CA:02:9F:3E:D8:3D:A5:76:3B:36:97:3E:E6:62
+            X509v3 Authority Key Identifier: 
+                keyid:BF:C5:B0:71:E8:94:62:0C:69:C5:35:4D:95:BF:F3:C0:5D:D8:42:FA
+                DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+                serial:B8:12:0E:01:62:75:F6:6C
+
+    Signature Algorithm: md5WithRSAEncryption
+        29:53:ca:fe:b0:ea:67:c9:31:2c:fa:13:12:2a:67:ee:35:71:
+        c1:a1:9e:90:45:45:1c:8e:37:84:3b:ce:41:de:b5:d2:4d:da:
+        ef:cb:5f:72:1d:06:e8:2e:c2:4c:2e:72:88:3a:1c:c2:13:93:
+        6f:8f:04:eb:9f:85:72:e1:35:1a:04:9e:27:66:c4:e9:e6:4e:
+        df:eb:8b:24:5e:74:12:f1:34:a1:b0:5d:59:9f:fd:45:c8:f9:
+        26:e9:f3:94:4a:d7:7d:4f:2f:76:92:77:f4:89:bf:21:86:39:
+        6e:74:d7:fa:8d:45:bf:00:38:b5:ab:17:43:e0:94:c7:51:e0:
+        e2:a3
+-----BEGIN CERTIFICATE-----
+MIIEUDCCA7mgAwIBAgIBETANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA4MDQw
+NDE5MzIyOFoXDTEwMDQwNDE5MzIyOFowZDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNV
+BAsTBVdTUzRKMRIwEAYDVQQDEwlXZXJuZXJEU0EwggG3MIIBLAYHKoZIzjgEATCC
+AR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y
++r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML
+zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC
+Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7Om
+dZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9J
+KgOBhAACgYATq3ozOVhtI4WLMcw2jE2hHnK397oWt9UTOzsAJEqWBxzED7bNw/pI
+EOqpRpShUJ5nvfeAjAl9ifj+v84pTYBiI7cSI5bU+C7alB+rbNIRmipq1pKWVzy8
+RZie5x+rWP1d0S3H60vonxlw6t3IxrSkTz54Y6ZQTPl8UtsUK9yHKqOB9jCB8zAJ
+BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUw+vX/bSzygKfPtg9pXY7Npc+5mIwgZgGA1UdIwSB
+kDCBjYAUv8WwceiUYgxpxTVNlb/zwF3YQvqhaqRoMGYxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1UEChMESG9tZTEV
+MBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXKCCQC4Eg4BYnX2
+bDANBgkqhkiG9w0BAQQFAAOBgQApU8r+sOpnyTEs+hMSKmfuNXHBoZ6QRUUcjjeE
+O85B3rXSTdrvy19yHQboLsJMLnKIOhzCE5NvjwTrn4Vy4TUaBJ4nZsTp5k7f64sk
+XnQS8TShsF1Zn/1FyPkm6fOUStd9Ty92knf0ib8hhjludNf6jUW/ADi1qxdD4JTH
+UeDiow==
+-----END CERTIFICATE-----
diff --git a/trunk/keys/certDSA.req b/trunk/keys/certDSA.req
new file mode 100644
index 0000000..ca0f9f8
--- /dev/null
+++ b/trunk/keys/certDSA.req
@@ -0,0 +1,13 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICaDCCAiYCAQAwZDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGTXVu
+aWNoMQ8wDQYDVQQKEwZBcGFjaGUxDjAMBgNVBAsTBVdTUzRKMRIwEAYDVQQDEwlXZXJuZXJEU0Ew
+ggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlF
+XUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fG
+qKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL
+8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkW
+cSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD
+3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYATq3ozOVhtI4WLMcw2jE2hHnK397oWt9UTOzsA
+JEqWBxzED7bNw/pIEOqpRpShUJ5nvfeAjAl9ifj+v84pTYBiI7cSI5bU+C7alB+rbNIRmipq1pKW
+Vzy8RZie5x+rWP1d0S3H60vonxlw6t3IxrSkTz54Y6ZQTPl8UtsUK9yHKqAAMAsGByqGSM44BAMF
+AAMvADAsAhQPRzLS5+6NSxFgg6L/FgMiYH/LrAIUTgYEAJFsUguKvJqtsno2MMhSSrY=
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/trunk/keys/genCAKey.sh b/trunk/keys/genCAKey.sh
new file mode 100644
index 0000000..d59986f
--- /dev/null
+++ b/trunk/keys/genCAKey.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+openssl req -x509 -newkey rsa:1024 -keyout CAKey.pem -out CA.pem -config ca.config
+
diff --git a/trunk/keys/genCertRequest.sh b/trunk/keys/genCertRequest.sh
new file mode 100644
index 0000000..243788a
--- /dev/null
+++ b/trunk/keys/genCertRequest.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Export the key as a request (use security as the password)
+"$JAVA_HOME/bin/keytool" -keystore wss4j.keystore -alias wss4jCert -certreq -file cert.req
+"$JAVA_HOME/bin/keytool" -keystore wss4j.keystore -alias wss4jCertDSA -certreq -file certDSA.req
diff --git a/trunk/keys/genKeystore.sh b/trunk/keys/genKeystore.sh
new file mode 100644
index 0000000..bfb679c
--- /dev/null
+++ b/trunk/keys/genKeystore.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+#
+# Clean out the server and client keystores
+rm wss4j.keystore
+
+# Generate the key that will be used for wss4j
+# (use security as the password)
+"$JAVA_HOME/bin/keytool" -genkey -alias wss4jCert -keyalg RSA -keystore wss4j.keystore -dname "CN=Werner,OU=WSS4J,O=Apache,L=Munich,ST=Bayern,C=DE"
+"$JAVA_HOME/bin/keytool" -genkey -alias wss4jCertDSA -keystore wss4j.keystore -dname "CN=WernerDSA,OU=WSS4J,O=Apache,L=Munich,ST=Bayern,C=DE"
+
diff --git a/trunk/keys/k.bat b/trunk/keys/k.bat
new file mode 100644
index 0000000..c951c5d
--- /dev/null
+++ b/trunk/keys/k.bat
@@ -0,0 +1 @@
+keytool -genkey -keyalg rsa -keysize 2048 -validity 730 -alias dims -keystore .keystore
\ No newline at end of file
diff --git a/trunk/keys/key.bat b/trunk/keys/key.bat
new file mode 100644
index 0000000..3685550
--- /dev/null
+++ b/trunk/keys/key.bat
@@ -0,0 +1,5 @@
+SET PATH=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin;%PATH%
+DEL /F selfcert.*
+makecert -sky exchange -r -n "CN=Davanum Srinivas" -b 01/01/2000 -e 01/01/2099 -sv selfcert.pvk selfcert.cer
+cert2spc selfcert.cer selfcert.spc
+pvkimprt -PFX selfcert.spc selfcert.pvk
\ No newline at end of file
diff --git a/trunk/keys/keystore.p12 b/trunk/keys/keystore.p12
new file mode 100644
index 0000000..7aad86f
--- /dev/null
+++ b/trunk/keys/keystore.p12
Binary files differ
diff --git a/trunk/keys/selfcert.pfx b/trunk/keys/selfcert.pfx
new file mode 100644
index 0000000..8b7d5ce
--- /dev/null
+++ b/trunk/keys/selfcert.pfx
Binary files differ
diff --git a/trunk/keys/signConvertImportCert.sh b/trunk/keys/signConvertImportCert.sh
new file mode 100644
index 0000000..0e38300
--- /dev/null
+++ b/trunk/keys/signConvertImportCert.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# Sign the server certificate request with the CA using the command 
+# (again, "security" is the PEM pass phrase):
+openssl ca -config ca.config -policy policy_anything -days 730 -out cert.pem -infiles cert.req
+openssl ca -config ca.config -policy policy_anything -days 730 -out certDSA.pem -infiles certDSA.req
+
+# Convert the server certificate from PEM (plain text format) to DER (binary) format:
+# openssl x509 -outform DER -in CA.pem -out CA.crt
+openssl x509 -outform DER -in cert.pem -out cert.crt
+openssl x509 -outform DER -in certDSA.pem -out certDSA.crt
+
+# import the CA and server certificate into wss4j's keystore (note that 
+# importing the server certificate results in the keystore's wss4j 
+# certificate being updated with the new signature):
+# "$JAVA_HOME/bin/keytool" -import -file ca.crt -keystore wss4j.keystore
+"$JAVA_HOME/bin/keytool" -import -alias wss4jCert -file cert.crt -keystore wss4j.keystore
+"$JAVA_HOME/bin/keytool" -import -alias wss4jCertDSA -file certDSA.crt -keystore wss4j.keystore
+
diff --git a/trunk/keys/wss4j.keystore b/trunk/keys/wss4j.keystore
new file mode 100644
index 0000000..5b6497a
--- /dev/null
+++ b/trunk/keys/wss4j.keystore
Binary files differ
diff --git a/trunk/keys/x509.PFX.MSFT b/trunk/keys/x509.PFX.MSFT
new file mode 100644
index 0000000..98be0df
--- /dev/null
+++ b/trunk/keys/x509.PFX.MSFT
Binary files differ
diff --git a/trunk/keys/x509.keystore.SUN b/trunk/keys/x509.keystore.SUN
new file mode 100644
index 0000000..318ca8b
--- /dev/null
+++ b/trunk/keys/x509.keystore.SUN
Binary files differ
diff --git a/trunk/keys/x509.txt.BC b/trunk/keys/x509.txt.BC
new file mode 100644
index 0000000..91de954
--- /dev/null
+++ b/trunk/keys/x509.txt.BC
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIDxDCCAy2gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBozELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBlNoYXJvbjEcMBoGA1UE
+ChMTQ29tcHV0ZXIgQXNzb2NpYXRlczEPMA0GA1UECxMGY2EuY29tMRowGAYDVQQD
+FBFwb3N0bWFzdGVyQGNhLmNvbTEgMB4GCSqGSIb3DQEJARYRcG9zdG1hc3RlckBj
+YS5jb20wHhcNMDMwNTA1MjMxNTQzWhcNMDQwNTA0MjMxNTQzWjCBozELMAkGA1UE
+BhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxDzANBgNVBAcTBlNoYXJvbjEc
+MBoGA1UEChMTQ29tcHV0ZXIgQXNzb2NpYXRlczEPMA0GA1UECxMGY2EuY29tMRow
+GAYDVQQDFBFwb3N0bWFzdGVyQGNhLmNvbTEgMB4GCSqGSIb3DQEJARYRcG9zdG1h
+c3RlckBjYS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKkewCBrpOAI
+a0ZZD4SJgTGcqQHoadt8G0WvgVxQhio5A1vSHlsA9JJP6DlsGDBw3IInNWwRI6mv
+uZ++dfB2+q8Uo8CuHaqd23jMH3LQl4VRdWF6PG4KO1FvYlMkOsBJb1CXoNzbBX33
+d2/C6aTW7Tlrg+sFfGL5CQ6smTVIC0QtAgMBAAGjggEEMIIBADAdBgNVHQ4EFgQU
+zsX+6j5MER9d6WIRNmi7s0KbfGcwgdAGA1UdIwSByDCBxYAUzsX+6j5MER9d6WIR
+Nmi7s0KbfGehgamkgaYwgaMxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNo
+dXNldHRzMQ8wDQYDVQQHEwZTaGFyb24xHDAaBgNVBAoTE0NvbXB1dGVyIEFzc29j
+aWF0ZXMxDzANBgNVBAsTBmNhLmNvbTEaMBgGA1UEAxQRcG9zdG1hc3RlckBjYS5j
+b20xIDAeBgkqhkiG9w0BCQEWEXBvc3RtYXN0ZXJAY2EuY29tggEAMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAAKSjYoFyNclkuVMUk17QAUOijXEDwXOL
+xGVVXzRs8fPnskSYOTfZ1j03Kjlf9UIXY20QD74aNfeYOZxLk72NXnXeyjkzJFWD
+Qxrvzlhu093ZC83TAAIwLM0ZRj3ru+BmGpz5JheODWMhOHlUQhi7c/RKflIaXBjY
+JPRT6IUCi7w=
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCpHsAga6TgCGtGWQ+EiYExnKkB6GnbfBtFr4FcUIYqOQNb0h5b
+APSST+g5bBgwcNyCJzVsESOpr7mfvnXwdvqvFKPArh2qndt4zB9y0JeFUXVhejxu
+CjtRb2JTJDrASW9Ql6Dc2wV993dvwumk1u05a4PrBXxi+QkOrJk1SAtELQIDAQAB
+AoGAU53rmlv+mfIvsAmKvZoK8Y+mlFXoOOfkyBCdYhpCK5Ai0/xQm+geBFVT2UhT
+sWer7wIZzMOwoU5L9eqCf5EkIiw9aGzlu4N3HJcJhTtNOTFe6G2PMBP0SdPuYEpd
+w7bOWkbMNtAqYTRoNyrXGdJjPpVccFhotunxDRsaYouOEPUCQQDgDiWKt4mvyhSG
+1OUPJ2pSvkuIG4cCOBmu89JEfy/z02T+uoRj45EpTl5QrUgQzpay0xMhzISgVjq8
+d76yP4QXAkEAwTuC5anE/YAl/WVRihVZNO15cOky6h06W2wPdtpiDoEGvgErvNRI
+qoii0KcPtWLJHPS2AV5jWqqCHoK8q8UwWwJAIjRmrM+qOGj8Sz0zHuYgiDM+6q9x
+I/iWiyvz3LsiAfIyx+SHk4xJO+oX4e8iQlaXkQNCN3W2hZfEbcNGHIYvzwJBAKw/
+lGuNbmBbP4ImMw1YAnE/zyVre0teSor8RLy55vbu5UeyW36z7SK3Mgu1IDecm5II
+QcXukbpcjCkOeYjU+kkCQQDa966ynJGTkdg+ObsoPilztiwqDEZRwEAfkmXt4Edq
+2C7EEyQptJYhG9UFJqVggsP9Yq5MLcynKkKF0YGWDVXM
+-----END RSA PRIVATE KEY-----
diff --git a/trunk/keys/x509v1.keystore b/trunk/keys/x509v1.keystore
new file mode 100644
index 0000000..9d82933
--- /dev/null
+++ b/trunk/keys/x509v1.keystore
Binary files differ
diff --git a/trunk/legal/LICENSE.axis b/trunk/legal/LICENSE.axis
new file mode 100644
index 0000000..6b0b127
--- /dev/null
+++ b/trunk/legal/LICENSE.axis
@@ -0,0 +1,203 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/trunk/legal/LICENSE.bouncycastle b/trunk/legal/LICENSE.bouncycastle
new file mode 100644
index 0000000..cbef4fc
--- /dev/null
+++ b/trunk/legal/LICENSE.bouncycastle
@@ -0,0 +1,7 @@
+Copyright (c) 2000 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
diff --git a/trunk/legal/LICENSE.commons-codec b/trunk/legal/LICENSE.commons-codec
new file mode 100644
index 0000000..6b0b127
--- /dev/null
+++ b/trunk/legal/LICENSE.commons-codec
@@ -0,0 +1,203 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/trunk/legal/LICENSE.commons-discovery b/trunk/legal/LICENSE.commons-discovery
new file mode 100644
index 0000000..2fd9d81
--- /dev/null
+++ b/trunk/legal/LICENSE.commons-discovery
@@ -0,0 +1,54 @@
+/*

+ * The Apache Software License, Version 1.1

+ *

+ * Copyright (c) 1999-2001 The Apache Software Foundation.  All rights

+ * reserved.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ *

+ * 1. Redistributions of source code must retain the above copyright

+ *    notice, this list of conditions and the following disclaimer.

+ *

+ * 2. Redistributions in binary form must reproduce the above copyright

+ *    notice, this list of conditions and the following disclaimer in

+ *    the documentation and/or other materials provided with the

+ *    distribution.

+ *

+ * 3. The end-user documentation included with the redistribution, if

+ *    any, must include the following acknowlegement:

+ *       "This product includes software developed by the

+ *        Apache Software Foundation (http://www.apache.org/)."

+ *    Alternately, this acknowlegement may appear in the software itself,

+ *    if and wherever such third-party acknowlegements normally appear.

+ *

+ * 4. The names "The Jakarta Project", "Commons", and "Apache Software

+ *    Foundation" must not be used to endorse or promote products derived

+ *    from this software without prior written permission. For written

+ *    permission, please contact apache@apache.org.

+ *

+ * 5. Products derived from this software may not be called "Apache"

+ *    nor may "Apache" appear in their names without prior written

+ *    permission of the Apache Group.

+ *

+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED

+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR

+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

+ * SUCH DAMAGE.

+ * ====================================================================

+ *

+ * This software consists of voluntary contributions made by many

+ * individuals on behalf of the Apache Software Foundation.  For more

+ * information on the Apache Software Foundation, please see

+ * <http://www.apache.org/>.

+ *

+ */

diff --git a/trunk/legal/LICENSE.commons-logging b/trunk/legal/LICENSE.commons-logging
new file mode 100644
index 0000000..6b0b127
--- /dev/null
+++ b/trunk/legal/LICENSE.commons-logging
@@ -0,0 +1,203 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/trunk/legal/LICENSE.jaf b/trunk/legal/LICENSE.jaf
new file mode 100644
index 0000000..bb4fb49
--- /dev/null
+++ b/trunk/legal/LICENSE.jaf
@@ -0,0 +1,173 @@
+                           Sun Microsystems, Inc.
+                        Binary Code License Agreement
+
+READ THE TERMS OF THIS AGREEMENT AND ANY PROVIDED SUPPLEMENTAL LICENSE TERMS
+(COLLECTIVELY "AGREEMENT") CAREFULLY BEFORE OPENING THE SOFTWARE MEDIA
+PACKAGE.  BY OPENING THE SOFTWARE MEDIA PACKAGE, YOU AGREE TO THE TERMS OF
+THIS AGREEMENT.  IF YOU ARE ACCESSING THE SOFTWARE ELECTRONICALLY, INDICATE
+YOUR ACCEPTANCE OF THESE TERMS BY SELECTING THE "ACCEPT" BUTTON AT THE END
+OF THIS AGREEMENT.  IF YOU DO NOT AGREE TO ALL THESE TERMS, PROMPTLY RETURN
+THE UNUSED SOFTWARE TO YOUR PLACE OF PURCHASE FOR A REFUND OR, IF THE
+SOFTWARE IS ACCESSED ELECTRONICALLY, SELECT THE "DECLINE" BUTTON AT THE END
+OF THIS AGREEMENT.
+
+1.  LICENSE TO USE.  Sun grants you a non-exclusive and non-transferable
+license for the internal use only of the accompanying software and
+documentation and any error corrections provided by Sun (collectively
+"Software"), by the number of users and the class of computer hardware for
+which the corresponding fee has been paid.
+
+2.  RESTRICTIONS.  Software is confidential and copyrighted. Title to
+Software and all associated intellectual property rights is retained by Sun
+and/or its licensors.  Except as specifically authorized in any Supplemental
+License Terms, you may not make copies of Software, other than a single copy
+of Software for archival purposes.  Unless enforcement is prohibited by
+applicable law, you may not modify, decompile, or reverse engineer
+Software.  You acknowledge that Software is not designed, licensed or
+intended for use in the design, construction, operation or maintenance of
+any nuclear facility.  Sun disclaims any express or implied warranty of
+fitness for such uses.  No right, title or interest in or to any trademark,
+service mark, logo or trade name of Sun or its licensors is granted under
+this Agreement.
+
+3. LIMITED WARRANTY.  Sun warrants to you that for a period of ninety (90)
+days from the date of purchase, as evidenced by a copy of the receipt, the
+media on which Software is furnished (if any) will be free of defects in
+materials and workmanship under normal use.  Except for the foregoing,
+Software is provided "AS IS".  Your exclusive remedy and Sun's entire
+liability under this limited warranty will be at Sun's option to replace
+Software media or refund the fee paid for Software.
+
+4.  DISCLAIMER OF WARRANTY.  UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS
+OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
+WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
+NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS
+ARE HELD TO BE LEGALLY INVALID.
+
+5.  LIMITATION OF LIABILITY.  TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
+EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR
+DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE
+DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
+OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  In no event will Sun's
+liability to you, whether in contract, tort (including negligence), or
+otherwise, exceed the amount paid by you for Software under this Agreement.
+The foregoing limitations will apply even if the above stated warranty fails
+of its essential purpose.
+
+6.  Termination.  This Agreement is effective until terminated.  You may
+terminate this Agreement at any time by destroying all copies of Software.
+This Agreement will terminate immediately without notice from Sun if you
+fail to comply with any provision of this Agreement.  Upon Termination, you
+must destroy all copies of Software.
+
+7. Export Regulations. All Software and technical data delivered under this
+Agreement are subject to US export control laws and may be subject to export
+or import regulations in other countries.  You agree to comply strictly with
+all such laws and regulations and acknowledge that you have the
+responsibility to obtain such licenses to export, re-export, or import as
+may be required after delivery to you.
+
+8.   U.S. Government Restricted Rights.  If Software is being acquired by or
+on behalf of the U.S. Government or by a U.S. Government prime contractor or
+subcontractor (at any tier), then the Government's rights in Software and
+accompanying documentation will be only as set forth in this Agreement; this
+is in accordance with 48 CFR 227.7201 through 227.7202-4 (for Department of
+Defense (DOD) acquisitions) and with 48 CFR 2.101 and 12.212 (for non-DOD
+acquisitions).
+
+9.  Governing Law.  Any action related to this Agreement will be governed by
+California law and controlling U.S. federal law.  No choice of law rules of
+any jurisdiction will apply.
+
+10.  Severability. If any provision of this Agreement is held to be
+unenforceable, this Agreement will remain in effect with the provision
+omitted, unless omission would frustrate the intent of the parties, in which
+case this Agreement will immediately terminate.
+
+11.  Integration.  This Agreement is the entire agreement between you and
+Sun relating to its subject matter.  It supersedes all prior or
+contemporaneous oral or written communications, proposals, representations
+and warranties and prevails over any conflicting or additional terms of any
+quote, order, acknowledgment, or other communication between the parties
+relating to its subject matter during the term of this Agreement.  No
+modification of this Agreement will be binding, unless in writing and signed
+by an authorized representative of each party.
+
+                           JAVA OPTIONAL PACKAGE
+
+              JAVABEANS(TM) ACTIVATION FRAMEWORK, VERSION 1.0.2
+                         SUPPLEMENTAL LICENSE TERMS
+
+These supplemental license terms ("Supplemental Terms") add to or modify the
+terms of the Binary Code License Agreement (collectively, the "Agreement").
+Capitalized terms not defined in these Supplemental Terms shall have the
+same meanings ascribed to them in the Agreement. These Supplemental Terms
+shall supersede any inconsistent or conflicting terms in the Agreement, or
+in any license contained within the Software.
+
+1. Software Internal Use and Development License Grant.  Subject to the
+terms and conditions of this Agreement, including, but not limited to
+Section 3 (Java(TM) Technology Restrictions) of these Supplemental Terms,
+Sun grants you a non-exclusive, non-transferable, limited license to
+reproduce internally and use internally the binary form of the Software,
+complete and unmodified, for the sole purpose of designing, developing and
+testing your Java applets and applications ("Programs").
+
+2. License to Distribute Software.  In addition to the license granted in
+Section 1 (Software Internal Use and Development License Grant) of these
+Supplemental Terms, subject to the terms and conditions of this Agreement,
+including but not limited to, Section 3 (Java Technology Restrictions) of
+these Supplemental Terms, Sun grants you a non-exclusive, non-transferable,
+limited license to reproduce and distribute the Software in binary code form
+only, provided that you (i) distribute the Software complete and unmodified
+and only bundled as part of your Programs, (ii) do not distribute additional
+software intended to replace any component(s) of the Software, (iii) do not
+remove or alter any proprietary legends or notices contained in the
+Software, (iv) only distribute the Software subject to a license agreement
+that protects Sun's interests consistent with the terms contained in this
+Agreement, and (v) agree to defend and indemnify Sun and its licensors from
+and against any damages, costs, liabilities, settlement amounts and/or
+expenses (including attorneys' fees) incurred in connection with any claim,
+lawsuit or action by any third party that arises or results from the use or
+distribution of any and all Programs and/or Software.
+
+3. Java Technology Restrictions. You may not modify the Java Platform
+Interface ("JPI", identified as classes contained within the "java" package
+or any subpackages of the "java" package), by creating additional classes
+within the JPI or otherwise causing the addition to or modification of the
+classes in the JPI.  In the event that you create an additional class and
+associated API(s) which (i) extends the functionality of the Java platform,
+and (ii) is exposed to third party software developers for the purpose of
+developing additional software which invokes such additional API, you must
+promptly publish broadly an accurate specification for such API for free use
+by all developers.  You may not create, or authorize your licensees to
+create additional classes, interfaces, or subpackages that are in any way
+identified as "java", "javax", "sun" or similar convention as specified by
+Sun in any naming convention designation.
+
+4. No Support. Sun is under no obligation to support the Software or to
+provide you with updates or error corrections. You acknowledge that the
+Software may have defects or deficiencies which cannot or will not be
+corrected by Sun.
+
+5. Trademarks and Logos. You acknowledge and agree as between you and Sun
+that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET trademarks
+and all SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET-related trademarks,
+service marks, logos and other brand designations ("Sun Marks"), and you
+agree to comply with the Sun Trademark and Logo Usage Requirements currently
+located at http://www.sun.com/policies/trademarks. Any use you make of the
+Sun Marks inures to Sun's benefit.
+
+6. Source Code. Software may contain source code that is provided solely for
+reference purposes pursuant to the terms of this Agreement.  Source code may
+not be redistributed unless expressly provided for in this Agreement.
+
+7. Termination for Infringement.  Either party may terminate this Agreement
+immediately should any Software become, or in either party's opinion be
+likely to become, the subject of a claim of infringement of any intellectual
+property right.
+
+For inquiries please contact: Sun Microsystems, Inc.  901 San Antonio Road,
+Palo Alto, California 94303
+(LFI#115020/Form ID#011801)
diff --git a/trunk/legal/LICENSE.javamail b/trunk/legal/LICENSE.javamail
new file mode 100644
index 0000000..2173c8c
--- /dev/null
+++ b/trunk/legal/LICENSE.javamail
@@ -0,0 +1,170 @@
+                          Sun Microsystems, Inc.
+                       Binary Code License Agreement
+
+READ THE TERMS OF THIS AGREEMENT AND ANY PROVIDED SUPPLEMENTAL LICENSE
+TERMS (COLLECTIVELY "AGREEMENT") CAREFULLY BEFORE OPENING THE SOFTWARE
+MEDIA PACKAGE.  BY OPENING THE SOFTWARE MEDIA PACKAGE, YOU AGREE TO THE
+TERMS OF THIS AGREEMENT.  IF YOU ARE ACCESSING THE SOFTWARE ELECTRONICALLY,
+INDICATE YOUR ACCEPTANCE OF THESE TERMS BY SELECTING THE "ACCEPT" BUTTON AT
+THE END OF THIS AGREEMENT.  IF YOU DO NOT AGREE TO ALL THESE TERMS,
+PROMPTLY RETURN THE UNUSED SOFTWARE TO YOUR PLACE OF PURCHASE FOR A REFUND
+OR, IF THE SOFTWARE IS ACCESSED ELECTRONICALLY, SELECT THE "DECLINE" BUTTON
+AT THE END OF THIS AGREEMENT.
+
+1.  LICENSE TO USE.  Sun grants you a non-exclusive and non-transferable
+license for the internal use only of the accompanying software and
+documentation and any error corrections provided by Sun (collectively
+"Software"), by the number of users and the class of computer hardware for
+which the corresponding fee has been paid.
+
+2.  RESTRICTIONS.  Software is confidential and copyrighted. Title to
+Software and all associated intellectual property rights is retained by Sun
+and/or its licensors.  Except as specifically authorized in any
+Supplemental License Terms, you may not make copies of Software, other than
+a single copy of Software for archival purposes.  Unless enforcement is
+prohibited by applicable law, you may not modify, decompile, or reverse
+engineer Software.  You acknowledge that Software is not designed, licensed
+or intended for use in the design, construction, operation or maintenance
+of any nuclear facility.  Sun disclaims any express or implied warranty of
+fitness for such uses.  No right, title or interest in or to any trademark,
+service mark, logo or trade name of Sun or its licensors is granted under
+this Agreement.
+
+3. LIMITED WARRANTY.  Sun warrants to you that for a period of ninety (90)
+days from the date of purchase, as evidenced by a copy of the receipt, the
+media on which Software is furnished (if any) will be free of defects in
+materials and workmanship under normal use.  Except for the foregoing,
+Software is provided "AS IS".  Your exclusive remedy and Sun's entire
+liability under this limited warranty will be at Sun's option to replace
+Software media or refund the fee paid for Software.
+
+4.  DISCLAIMER OF WARRANTY.  UNLESS SPECIFIED IN THIS AGREEMENT, ALL
+EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE
+DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
+
+5.  LIMITATION OF LIABILITY.  TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
+EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR
+DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE
+DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT
+OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  In no event will Sun's
+liability to you, whether in contract, tort (including negligence), or
+otherwise, exceed the amount paid by you for Software under this
+Agreement.  The foregoing limitations will apply even if the above stated
+warranty fails of its essential purpose.
+
+6.  Termination.  This Agreement is effective until terminated.  You may
+terminate this Agreement at any time by destroying all copies of Software.
+This Agreement will terminate immediately without notice from Sun if you
+fail to comply with any provision of this Agreement.  Upon Termination, you
+must destroy all copies of Software.
+
+7. Export Regulations. All Software and technical data delivered under this
+Agreement are subject to US export control laws and may be subject to
+export or import regulations in other countries.  You agree to comply
+strictly with all such laws and regulations and acknowledge that you have
+the responsibility to obtain such licenses to export, re-export, or import
+as may be required after delivery to you.
+
+8.   U.S. Government Restricted Rights.  If Software is being acquired by
+or on behalf of the U.S. Government or by a U.S. Government prime
+contractor or subcontractor (at any tier), then the Government's rights in
+Software and accompanying documentation will be only as set forth in this
+Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4
+(for Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and
+12.212 (for non-DOD acquisitions).
+
+9.  Governing Law.  Any action related to this Agreement will be governed
+by California law and controlling U.S. federal law.  No choice of law rules
+of any jurisdiction will apply.
+
+10.  Severability. If any provision of this Agreement is held to be
+unenforceable, this Agreement will remain in effect with the provision
+omitted, unless omission would frustrate the intent of the parties, in
+which case this Agreement will immediately terminate.
+
+11.  Integration.  This Agreement is the entire agreement between you and
+Sun relating to its subject matter.  It supersedes all prior or
+contemporaneous oral or written communications, proposals, representations
+and warranties and prevails over any conflicting or additional terms of any
+quote, order, acknowledgment, or other communication between the parties
+relating to its subject matter during the term of this Agreement.  No
+modification of this Agreement will be binding, unless in writing and
+signed by an authorized representative of each party.
+
+
+                           JAVAMAIL, VERSION 1.3
+                         SUPPLEMENTAL LICENSE TERMS
+
+These supplemental license terms ("Supplemental Terms") add to or modify
+the terms of the Binary Code License Agreement (collectively, the
+"Agreement"). Capitalized terms not defined in these Supplemental Terms
+shall have the same meanings ascribed to them in the Agreement. These
+Supplemental Terms shall supersede any inconsistent or conflicting terms in
+the Agreement, or in any license contained within the Software.
+
+1. Software Internal Use and Development License Grant.  Subject to the
+terms and conditions of this Agreement, including, but not limited to
+Section 3 (Java(TM) Technology Restrictions) of these Supplemental Terms,
+Sun grants you a non-exclusive, non-transferable, limited license to
+reproduce internally and use internally the binary form of the Software,
+complete and unmodified, for the sole purpose of designing, developing and
+testing your Java applets and applications ("Programs").
+
+2. License to Distribute Software. Subject to the terms and conditions of
+this Agreement, including, but not limited to Section 3 (Java (TM)
+Technology Restrictions) of these Supplemental Terms, Sun grants you a
+non-exclusive, non-transferable, limited license to reproduce and
+distribute the Software in binary code form only, provided that (i) you
+distribute the Software complete and unmodified and only bundled as part
+of, and for the sole purpose of  running, your Java applets or applications
+("Programs"), (ii) the Programs add significant and primary functionality
+to the Software, (iii) you do not distribute additional software intended
+to replace any component(s) of the Software, (iv) you do not remove or
+alter any proprietary legends or notices contained in the Software, (v) you
+only distribute the Software subject to a license agreement that protects
+Sun's interests consistent with the terms contained in this Agreement, and
+(vi) you agree to defend and indemnify Sun and its licensors from and
+against any damages, costs, liabilities, settlement amounts and/or expenses
+(including attorneys' fees) incurred in connection with any claim, lawsuit
+or action by any third party that arises or results from the use or
+distribution of any and all Programs and/or Software.
+
+3. Java Technology Restrictions. You may not modify the Java Platform
+Interface ("JPI", identified as classes contained within the "java" package
+or any subpackages of the "java" package), by creating additional classes
+within the JPI or otherwise causing the addition to or modification of the
+classes in the JPI.  In the event that you create an additional class and
+associated API(s) which (i) extends the functionality of the Java platform,
+and (ii) is exposed to third party software developers for the purpose of
+developing additional software which invokes such additional API, you must
+promptly publish broadly an accurate specification for such API for free
+use by all developers.  You may not create, or authorize your licensees to
+create additional classes, interfaces, or subpackages that are in any way
+identified as "java", "javax", "sun" or similar convention as specified by
+Sun in any naming convention designation.
+
+4. Trademarks and Logos. You acknowledge and agree as between you and Sun
+that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, STAROFFICE, STARPORTAL
+and iPLANET trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, STAROFFICE,
+STARPORTAL and iPLANET-related trademarks, service marks, logos and other
+brand designations ("Sun Marks"), and you agree to comply with the Sun
+Trademark and Logo Usage Requirements currently located at
+http://www.sun.com/policies/trademarks. Any use you make of the Sun Marks
+inures to Sun's benefit.
+
+5. Source Code. Software may contain source code that is provided solely
+for reference purposes pursuant to the terms of this Agreement.  Source
+code may not be redistributed unless expressly provided for in this
+Agreement.
+
+6. Termination for Infringement.  Either party may terminate this Agreement
+immediately should any Software become, or in either party's opinion be
+likely to become, the subject of a claim of infringement of any
+intellectual property right.
+
+For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle,
+Santa Clara, California 95054, U.S.A
+(LFI#114176/Form ID#011801)
diff --git a/trunk/legal/LICENSE.junit b/trunk/legal/LICENSE.junit
new file mode 100644
index 0000000..fbd1e20
--- /dev/null
+++ b/trunk/legal/LICENSE.junit
@@ -0,0 +1,185 @@
+
+IBM Public License Version 1.0 
+THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS IBM PUBLIC 
+LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE 
+PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. 
+1. DEFINITIONS 
+
+"Contribution" means: 
+  a) in the case of International Business Machines Corporation ("IBM"), 
+  the Original Program, and 
+  b) in the case of each Contributor, 
+  i) changes to the Program, and
+  ii) additions to the Program;
+  where such changes and/or additions to the Program originate from and 
+  are distributed by that particular Contributor. A Contribution 
+  'originates' from a Contributor if it was added to the Program by such 
+  Contributor itself or anyone acting on such Contributor's behalf. 
+  Contributions do not include additions to the Program which: (i) are 
+  separate modules of software distributed in conjunction with the Program 
+  under their own license agreement, and (ii) are not derivative works of 
+  the Program.
+"Contributor" means IBM and any other entity that distributes the Program. 
+
+"Licensed Patents " mean patent claims licensable by a Contributor which 
+are necessarily infringed by the use or sale of its Contribution alone or 
+when combined with the Program. 
+"Original Program" means the original version of the software accompanying 
+this Agreement as released by IBM, including source code, object code and 
+documentation, if any. 
+"Program" means the Original Program and Contributions. 
+"Recipient" means anyone who receives the Program under this Agreement, 
+including all Contributors. 
+2. GRANT OF RIGHTS 
+  a) Subject to the terms of this Agreement, each Contributor hereby 
+  grants Recipient a non-exclusive, worldwide, royalty-free copyright 
+  license to reproduce, prepare derivative works of, publicly display, 
+  publicly perform, distribute and sublicense the Contribution of such 
+  Contributor, if any, and such derivative works, in source code and 
+  object code form.
+  b) Subject to the terms of this Agreement, each Contributor hereby 
+  grants Recipient a non-exclusive, worldwide, royalty-free patent license 
+  under Licensed Patents to make, use, sell, offer to sell, import and 
+  otherwise transfer the Contribution of such Contributor, if any, in 
+  source code and object code form. This patent license shall apply to the 
+  combination of the Contribution and the Program if, at the time the 
+  Contribution is added by the Contributor, such addition of the 
+  Contribution causes such combination to be covered by the Licensed 
+  Patents. The patent license shall not apply to any other combinations 
+  which include the Contribution. No hardware per se is licensed 
+  hereunder. 
+  c) Recipient understands that although each Contributor grants the 
+  licenses to its Contributions set forth herein, no assurances are 
+  provided by any Contributor that the Program does not infringe the 
+  patent or other intellectual property rights of any other entity. Each 
+  Contributor disclaims any liability to Recipient for claims brought by 
+  any other entity based on infringement of intellectual property rights 
+  or otherwise. As a condition to exercising the rights and licenses 
+  granted hereunder, each Recipient hereby assumes sole responsibility to 
+  secure any other intellectual property rights needed, if any. For 
+  example, if a third party patent license is required to allow Recipient 
+  to distribute the Program, it is Recipient's responsibility to acquire 
+  that license before distributing the Program.
+  d) Each Contributor represents that to its knowledge it has sufficient 
+  copyright rights in its Contribution, if any, to grant the copyright 
+  license set forth in this Agreement. 
+3. REQUIREMENTS 
+A Contributor may choose to distribute the Program in object code form 
+under its own license agreement, provided that: 
+  a) it complies with the terms and conditions of this Agreement; and
+  b) its license agreement:
+  i) effectively disclaims on behalf of all Contributors all warranties 
+  and conditions, express and implied, including warranties or conditions 
+  of title and non-infringement, and implied warranties or conditions of 
+  merchantability and fitness for a particular purpose; 
+  ii) effectively excludes on behalf of all Contributors all liability for 
+  damages, including direct, indirect, special, incidental and 
+  consequential damages, such as lost profits; 
+  iii) states that any provisions which differ from this Agreement are 
+  offered by that Contributor alone and not by any other party; and
+  iv) states that source code for the Program is available from such 
+  Contributor, and informs licensees how to obtain it in a reasonable 
+  manner on or through a medium customarily used for software exchange.
+When the Program is made available in source code form: 
+  a) it must be made available under this Agreement; and 
+  b) a copy of this Agreement must be included with each copy of the 
+  Program. 
+Each Contributor must include the following in a conspicuous location in 
+the Program: 
+  Copyright © {date here}, International Business Machines Corporation and 
+  others. All Rights Reserved. 
+In addition, each Contributor must identify itself as the originator of 
+its Contribution, if any, in a manner that reasonably allows subsequent 
+Recipients to identify the originator of the Contribution. 
+4. COMMERCIAL DISTRIBUTION 
+Commercial distributors of software may accept certain responsibilities 
+with respect to end users, business partners and the like. While this 
+license is intended to facilitate the commercial use of the Program, the 
+Contributor who includes the Program in a commercial product offering 
+should do so in a manner which does not create potential liability for 
+other Contributors. Therefore, if a Contributor includes the Program in a 
+commercial product offering, such Contributor ("Commercial Contributor") 
+hereby agrees to defend and indemnify every other Contributor 
+("Indemnified Contributor") against any losses, damages and costs 
+(collectively "Losses") arising from claims, lawsuits and other legal 
+actions brought by a third party against the Indemnified Contributor to 
+the extent caused by the acts or omissions of such Commercial Contributor 
+in connection with its distribution of the Program in a commercial product 
+offering. The obligations in this section do not apply to any claims or 
+Losses relating to any actual or alleged intellectual property 
+infringement. In order to qualify, an Indemnified Contributor must: a) 
+promptly notify the Commercial Contributor in writing of such claim, and 
+b) allow the Commercial Contributor to control, and cooperate with the 
+Commercial Contributor in, the defense and any related settlement 
+negotiations. The Indemnified Contributor may participate in any such 
+claim at its own expense. 
+For example, a Contributor might include the Program in a commercial 
+product offering, Product X. That Contributor is then a Commercial 
+Contributor. If that Commercial Contributor then makes performance claims, 
+or offers warranties related to Product X, those performance claims and 
+warranties are such Commercial Contributor's responsibility alone. Under 
+this section, the Commercial Contributor would have to defend claims 
+against the other Contributors related to those performance claims and 
+warranties, and if a court requires any other Contributor to pay any 
+damages as a result, the Commercial Contributor must pay those damages. 
+5. NO WARRANTY 
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED 
+ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER 
+EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR 
+CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A 
+PARTICULAR PURPOSE. Each Recipient is solely responsible for determining 
+the appropriateness of using and distributing the Program and assumes all 
+risks associated with its exercise of rights under this Agreement, 
+including but not limited to the risks and costs of program errors, 
+compliance with applicable laws, damage to or loss of data, programs or 
+equipment, and unavailability or interruption of operations. 
+6. DISCLAIMER OF LIABILITY 
+EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY 
+CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, 
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING 
+WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF 
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION 
+OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF 
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
+7. GENERAL 
+If any provision of this Agreement is invalid or unenforceable under 
+applicable law, it shall not affect the validity or enforceability of the 
+remainder of the terms of this Agreement, and without further action by 
+the parties hereto, such provision shall be reformed to the minimum extent 
+necessary to make such provision valid and enforceable. 
+If Recipient institutes patent litigation against a Contributor with 
+respect to a patent applicable to software (including a cross-claim or 
+counterclaim in a lawsuit), then any patent licenses granted by that 
+Contributor to such Recipient under this Agreement shall terminate as of 
+the date such litigation is filed. In addition, If Recipient institutes 
+patent litigation against any entity (including a cross-claim or 
+counterclaim in a lawsuit) alleging that the Program itself (excluding 
+combinations of the Program with other software or hardware) infringes 
+such Recipient's patent(s), then such Recipient's rights granted under 
+Section 2(b) shall terminate as of the date such litigation is filed. 
+All Recipient's rights under this Agreement shall terminate if it fails to 
+comply with any of the material terms or conditions of this Agreement and 
+does not cure such failure in a reasonable period of time after becoming 
+aware of such noncompliance. If all Recipient's rights under this 
+Agreement terminate, Recipient agrees to cease use and distribution of the 
+Program as soon as reasonably practicable. However, Recipient's 
+obligations under this Agreement and any licenses granted by Recipient 
+relating to the Program shall continue and survive. 
+IBM may publish new versions (including revisions) of this Agreement from 
+time to time. Each new version of the Agreement will be given a 
+distinguishing version number. The Program (including Contributions) may 
+always be distributed subject to the version of the Agreement under which 
+it was received. In addition, after a new version of the Agreement is 
+published, Contributor may elect to distribute the Program (including its 
+Contributions) under the new version. No one other than IBM has the right 
+to modify this Agreement. Except as expressly stated in Sections 2(a) and 
+2(b) above, Recipient receives no rights or licenses to the intellectual 
+property of any Contributor under this Agreement, whether expressly, by 
+implication, estoppel or otherwise. All rights in the Program not 
+expressly granted under this Agreement are reserved. 
+This Agreement is governed by the laws of the State of New York and the 
+intellectual property laws of the United States of America. No party to 
+this Agreement will bring a legal action under this Agreement more than 
+one year after the cause of action arose. Each party waives its rights to 
+a jury trial in any resulting litigation. 
diff --git a/trunk/legal/LICENSE.log4j b/trunk/legal/LICENSE.log4j
new file mode 100644
index 0000000..007db57
--- /dev/null
+++ b/trunk/legal/LICENSE.log4j
@@ -0,0 +1,48 @@
+/*
+ * ============================================================================
+ *                   The Apache Software License, Version 1.1
+ * ============================================================================
+ * 
+ *    Copyright (C) 1999 The Apache Software Foundation. All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ * 
+ * 1. Redistributions of  source code must  retain the above copyright  notice,
+ *    this list of conditions and the following disclaimer.
+ * 
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 
+ * 3. The end-user documentation included with the redistribution, if any, must
+ *    include  the following  acknowledgment:  "This product includes  software
+ *    developed  by the  Apache Software Foundation  (http://www.apache.org/)."
+ *    Alternately, this  acknowledgment may  appear in the software itself,  if
+ *    and wherever such third-party acknowledgments normally appear.
+ * 
+ * 4. The names "log4j" and  "Apache Software Foundation"  must not be used to
+ *    endorse  or promote  products derived  from this  software without  prior
+ *    written permission. For written permission, please contact
+ *    apache@apache.org.
+ * 
+ * 5. Products  derived from this software may not  be called "Apache", nor may
+ *    "Apache" appear  in their name,  without prior written permission  of the
+ *    Apache Software Foundation.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS  FOR A PARTICULAR  PURPOSE ARE  DISCLAIMED.  IN NO  EVENT SHALL  THE
+ * APACHE SOFTWARE  FOUNDATION  OR ITS CONTRIBUTORS  BE LIABLE FOR  ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL  DAMAGES (INCLU-
+ * DING, BUT NOT LIMITED TO, PROCUREMENT  OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR  PROFITS; OR BUSINESS  INTERRUPTION)  HOWEVER CAUSED AND ON
+ * ANY  THEORY OF LIABILITY,  WHETHER  IN CONTRACT,  STRICT LIABILITY,  OR TORT
+ * (INCLUDING  NEGLIGENCE OR  OTHERWISE) ARISING IN  ANY WAY OUT OF THE  USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * This software  consists of voluntary contributions made  by many individuals
+ * on  behalf of the Apache Software  Foundation.  For more  information on the 
+ * Apache Software Foundation, please see <http://www.apache.org/>.
+ *
+ */
diff --git a/trunk/legal/LICENSE.opensaml b/trunk/legal/LICENSE.opensaml
new file mode 100644
index 0000000..becbdf3
--- /dev/null
+++ b/trunk/legal/LICENSE.opensaml
@@ -0,0 +1,47 @@
+The OpenSAML License, Version 1. 
+Copyright (c) 2002 
+University Corporation for Advanced Internet Development, Inc. 
+All rights reserved
+
+
+Redistribution and use in source and binary forms, with or without 
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this 
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, 
+this list of conditions and the following disclaimer in the documentation 
+and/or other materials provided with the distribution, if any, must include 
+the following acknowledgment: "This product includes software developed by 
+the University Corporation for Advanced Internet Development 
+<http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
+may appear in the software itself, if and wherever such third-party 
+acknowledgments normally appear.
+
+Neither the name of OpenSAML nor the names of its contributors, nor 
+Internet2, nor the University Corporation for Advanced Internet Development, 
+Inc., nor UCAID may be used to endorse or promote products derived from this 
+software without specific prior written permission. For written permission, 
+please contact opensaml@opensaml.org
+
+Products derived from this software may not be called OpenSAML, Internet2, 
+UCAID, or the University Corporation for Advanced Internet Development, nor 
+may OpenSAML appear in their name, without prior written permission of the 
+University Corporation for Advanced Internet Development.
+
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
+PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
+OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
+IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
+CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/trunk/legal/LICENSE.security b/trunk/legal/LICENSE.security
new file mode 100644
index 0000000..16b47ec
--- /dev/null
+++ b/trunk/legal/LICENSE.security
@@ -0,0 +1,54 @@
+/*
+ * The Apache Software License, Version 1.1
+ *
+ *
+ * Copyright (c) 2002 The Apache Software Foundation.  All rights 
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:  
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache XML-Security" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written 
+ *    permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ */
diff --git a/trunk/legal/LICENSE.wsdl4j b/trunk/legal/LICENSE.wsdl4j
new file mode 100644
index 0000000..709c2d4
--- /dev/null
+++ b/trunk/legal/LICENSE.wsdl4j
@@ -0,0 +1,91 @@
+Common Public License  
+ 
+ Common Public License Version 0.5 
+ 
+ THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. 
+ 
+ 
+ 1. DEFINITIONS 
+ 
+ "Contribution" means: 
+ 
+ a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and 
+ b) in the case of each subsequent Contributor:
+ i) changes to the Program, and
+ ii) additions to the Program;
+ where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program.
+ 
+ "Contributor" means any person or entity that distributes the Program. 
+ 
+ 
+ "Licensed Patents " mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program. 
+ 
+ 
+ "Program" means the Contributions distributed in accordance with this Agreement. 
+ 
+ 
+ "Recipient" means anyone who receives the Program under this Agreement, including all Contributors. 
+ 
+ 
+ 2. GRANT OF RIGHTS 
+ 
+ a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
+ b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder.
+ c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program.
+ d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement. 
+ 3. REQUIREMENTS 
+ 
+ A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that: 
+ 
+ a) it complies with the terms and conditions of this Agreement; and
+ b) its license agreement:
+ i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose; 
+ ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits; 
+ iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and
+ iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange. 
+ When the Program is made available in source code form: 
+ 
+ a) it must be made available under this Agreement; and 
+ b) a copy of this Agreement must be included with each copy of the Program. 
+ 
+ Contributors may not remove or alter any copyright notices contained within the Program. 
+ 
+ 
+ 
+ Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution. 
+ 
+ 
+ 4. COMMERCIAL DISTRIBUTION 
+ 
+ Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense. 
+ 
+ 
+ For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages. 
+ 
+ 
+ 5. NO WARRANTY 
+ 
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations. 
+ 
+ 
+ 6. DISCLAIMER OF LIABILITY 
+ 
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
+ 
+ 
+ 7. GENERAL 
+ 
+ If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. 
+ 
+ 
+ If Recipient institutes patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to such Recipient under this Agreement shall terminate as of the date such litigation is filed. In addition, If Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed. 
+ 
+ 
+ All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive. 
+ 
+ 
+ Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. IBM is the initial Agreement Steward. IBM may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved. 
+ 
+ 
+ This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation. 
+ 
\ No newline at end of file
diff --git a/trunk/legal/LICENSE.xalan b/trunk/legal/LICENSE.xalan
new file mode 100644
index 0000000..21156a6
--- /dev/null
+++ b/trunk/legal/LICENSE.xalan
@@ -0,0 +1,55 @@
+/*
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 1999 The Apache Software Foundation.  All rights 
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:  
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Xalan" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written 
+ *    permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation and was
+ * originally based on software copyright (c) 1999, Lotus
+ * Development Corporation., http://www.lotus.com.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ */
diff --git a/trunk/legal/LICENSE.xerces b/trunk/legal/LICENSE.xerces
new file mode 100644
index 0000000..b37087c
--- /dev/null
+++ b/trunk/legal/LICENSE.xerces
@@ -0,0 +1,56 @@
+/*
+ * The Apache Software License, Version 1.1
+ *
+ *
+ * Copyright (c) 1999 The Apache Software Foundation.  All rights 
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:  
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Xerces" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written 
+ *    permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation and was
+ * originally based on software copyright (c) 1999, International
+ * Business Machines, Inc., http://www.ibm.com.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ */
diff --git a/trunk/legal/LICENSE.xml-apis b/trunk/legal/LICENSE.xml-apis
new file mode 100644
index 0000000..930145f
--- /dev/null
+++ b/trunk/legal/LICENSE.xml-apis
@@ -0,0 +1,5 @@
+
+xml-apis is covered by The Apache Software License, Version 1.1
+
+FIXME: Put license text in here once it is available at
+       http://cvs.apache.org/viewcvs.cgi/xml-commons/
diff --git a/trunk/lib/addressing-1.0.jar b/trunk/lib/addressing-1.0.jar
new file mode 100644
index 0000000..9cdca98
--- /dev/null
+++ b/trunk/lib/addressing-1.0.jar
Binary files differ
diff --git a/trunk/lib/axis-1.4.jar b/trunk/lib/axis-1.4.jar
new file mode 100644
index 0000000..20b09a5
--- /dev/null
+++ b/trunk/lib/axis-1.4.jar
Binary files differ
diff --git a/trunk/lib/axis-ant-1.4.jar b/trunk/lib/axis-ant-1.4.jar
new file mode 100644
index 0000000..17527ff
--- /dev/null
+++ b/trunk/lib/axis-ant-1.4.jar
Binary files differ
diff --git a/trunk/lib/axis-jaxrpc-1.4.jar b/trunk/lib/axis-jaxrpc-1.4.jar
new file mode 100644
index 0000000..a2c13d9
--- /dev/null
+++ b/trunk/lib/axis-jaxrpc-1.4.jar
Binary files differ
diff --git a/trunk/lib/axis-saaj-1.4.jar b/trunk/lib/axis-saaj-1.4.jar
new file mode 100644
index 0000000..4ea696e
--- /dev/null
+++ b/trunk/lib/axis-saaj-1.4.jar
Binary files differ
diff --git a/trunk/lib/bcprov-jdk14-140.jar b/trunk/lib/bcprov-jdk14-140.jar
new file mode 100644
index 0000000..2bfb790
--- /dev/null
+++ b/trunk/lib/bcprov-jdk14-140.jar
Binary files differ
diff --git a/trunk/lib/commons-codec-1.3.jar b/trunk/lib/commons-codec-1.3.jar
new file mode 100644
index 0000000..957b675
--- /dev/null
+++ b/trunk/lib/commons-codec-1.3.jar
Binary files differ
diff --git a/trunk/lib/commons-discovery-0.2.jar b/trunk/lib/commons-discovery-0.2.jar
new file mode 100644
index 0000000..b885548
--- /dev/null
+++ b/trunk/lib/commons-discovery-0.2.jar
Binary files differ
diff --git a/trunk/lib/commons-logging-1.1.jar b/trunk/lib/commons-logging-1.1.jar
new file mode 100644
index 0000000..2ff9bbd
--- /dev/null
+++ b/trunk/lib/commons-logging-1.1.jar
Binary files differ
diff --git a/trunk/lib/junit-3.8.1.jar b/trunk/lib/junit-3.8.1.jar
new file mode 100644
index 0000000..674d71e
--- /dev/null
+++ b/trunk/lib/junit-3.8.1.jar
Binary files differ
diff --git a/trunk/lib/log4j-1.2.9.jar b/trunk/lib/log4j-1.2.9.jar
new file mode 100644
index 0000000..a6568b0
--- /dev/null
+++ b/trunk/lib/log4j-1.2.9.jar
Binary files differ
diff --git a/trunk/lib/opensaml-1.1.jar b/trunk/lib/opensaml-1.1.jar
new file mode 100644
index 0000000..852f133
--- /dev/null
+++ b/trunk/lib/opensaml-1.1.jar
Binary files differ
diff --git a/trunk/lib/serializer-2.7.1.jar b/trunk/lib/serializer-2.7.1.jar
new file mode 100644
index 0000000..99f98db
--- /dev/null
+++ b/trunk/lib/serializer-2.7.1.jar
Binary files differ
diff --git a/trunk/lib/wsdl4j-1.5.1.jar b/trunk/lib/wsdl4j-1.5.1.jar
new file mode 100644
index 0000000..c6254ee
--- /dev/null
+++ b/trunk/lib/wsdl4j-1.5.1.jar
Binary files differ
diff --git a/trunk/lib/xalan-2.7.1.jar b/trunk/lib/xalan-2.7.1.jar
new file mode 100644
index 0000000..458fa73
--- /dev/null
+++ b/trunk/lib/xalan-2.7.1.jar
Binary files differ
diff --git a/trunk/lib/xmlsec-1.4.2.jar b/trunk/lib/xmlsec-1.4.2.jar
new file mode 100644
index 0000000..6753cec
--- /dev/null
+++ b/trunk/lib/xmlsec-1.4.2.jar
Binary files differ
diff --git a/trunk/maven.xml b/trunk/maven.xml
new file mode 100644
index 0000000..d9a3ba3
--- /dev/null
+++ b/trunk/maven.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- $Revision$ $Date$ -->
+
+<project default="jar"
+    xmlns:j="jelly:core"
+    xmlns:maven="jelly:maven"
+    xmlns:deploy="deploy"
+    xmlns:ant="jelly:ant">
+
+    <path id="test.classpath">
+        <path refid="maven.dependency.classpath"/>
+        <pathelement path="${maven.build.dest}"/>
+        <pathelement path="target/classes"/>
+        <pathelement path="target/test-classes"/>
+    </path>
+
+    <preGoal name="java:compile">
+        <ant:path id="classpath.libraries">
+            <ant:fileset dir="./lib">
+                <ant:include name="**/*.jar"/>
+            </ant:fileset>
+            <ant:pathelement path="${maven.build.dest}"/>
+            <ant:pathelement path="target/classes"/>
+        </ant:path>
+        <maven:addPath id="maven.dependency.classpath" refid="classpath.libraries"/>
+    </preGoal>
+
+    <preGoal name="test:compile">
+        <taskdef resource="axis-tasks.properties" classpathref="maven.dependency.classpath"/>
+
+        <property name="dir.wss4j" value="."/>
+        <property name="dir.interop" value="${dir.wss4j}/interop"/>
+        <property name="dir.interop2" value="${dir.wss4j}/test"/>
+        <property name="dir.work" value="${dir.wss4j}/target/work"/>
+        <property name="server" value="org/apache/ws/axis/oasis/ping"/>
+        <property name="client" value="org/apache/ws/axis/oasis"/>
+
+        <mkdir dir="${dir.work}"/>
+
+        <axis-wsdl2java
+            output="${dir.work}"
+            serverSide="yes"
+            testcase="no"
+            verbose="no"
+            url="${dir.interop}/ping.wsdl">
+            <mapping
+                namespace="http://xmlsoap.org/Ping"
+                package="org.apache.ws.axis.oasis.ping"/>
+        </axis-wsdl2java>
+
+        <copy todir="target/classes" overwrite="yes">
+          <fileset dir="${dir.interop}/${server}">
+            <include name="*.properties"/>
+          </fileset>
+        </copy>
+        <copy todir="${dir.work}/${server}" overwrite="yes">
+          <fileset dir="${dir.interop}/${server}">
+            <include name="*.java"/>
+            <include name="*.wsdd"/>
+          </fileset>
+        </copy>
+        <copy todir="${dir.work}/${client}" overwrite="yes">
+          <fileset dir="${dir.interop}/${client}">
+            <include name="*.java"/>
+            <include name="*.wsdd"/>
+          </fileset>
+        </copy>
+
+        <path id="wss4j.samples.set"
+              location="${basedir}/samples"/>
+        <path id="wss4j.generated.set"
+              location="${basedir}/target/work"/>
+        <maven:addPath id="maven.test.compile.src.set"
+                       refid="wss4j.samples.set"/>
+        <maven:addPath id="maven.test.compile.src.set"
+                       refid="wss4j.generated.set"/>
+    </preGoal>
+
+    <goal name="start-functional-test-http-server">
+        <ant:echo message="Starting http server."/>
+        <ant:java classname="org.apache.axis.transport.http.SimpleAxisServer" fork="true" spawn="yes" dir=".">
+            <ant:classpath refid="test.classpath"/>
+        </ant:java>
+    </goal>
+
+    <preGoal name="test:test">
+        <j:thread>
+          <attainGoal name="start-functional-test-http-server"/>
+        </j:thread>
+
+        <sleep seconds="2"/>
+
+        <path id="deploy.xml.files">
+            <fileset dir="./target/work">
+                <include name="**/deploy.wsdd"/>
+            </fileset>
+        </path>
+
+        <property name="deploy.xml.property" refid="deploy.xml.files"/>
+
+        <java classname="org.apache.axis.utils.Admin" fork="true">
+            <classpath refid="maven.dependency.classpath"/>
+            <arg value="client"/>
+            <arg file="./target/work/org/apache/ws/axis/oasis/Client_deploy.wsdd"/>
+        </java>
+        
+        <java classname="org.apache.axis.client.AdminClient" fork="yes">
+            <classpath refid="maven.dependency.classpath"/>
+            <arg line="${deploy.xml.property}"/>
+        </java>
+    </preGoal>
+
+    <postGoal name="test:test">
+        <echo message="Stopping http server."/>
+
+        <path id="undeploy.xml.files">
+            <fileset dir="./target/work">
+                <include name="**/undeploy.wsdd"/>
+            </fileset>
+        </path>
+
+        <property name="undeploy.xml.property" refid="deploy.xml.files"/>
+
+        <java classname="org.apache.axis.client.AdminClient" fork="yes">
+            <classpath refid="maven.dependency.classpath"/>
+            <arg line="${undeploy.xml.property}"/>
+        </java>
+
+
+        <java classname="org.apache.axis.client.AdminClient" fork="yes">
+            <classpath refid="maven.dependency.classpath"/>
+            <arg line="quit"/>
+        </java>
+    </postGoal>
+
+    <postGoal name="jar">
+        <ant:mkdir dir="${basedir}/target/lib"/>
+    </postGoal>
+    <!--
+    <preGoal name="xdoc:jelly-transform">
+      <attainGoal name="html2xdoc"/>
+    </preGoal>  
+    -->
+</project>
diff --git a/trunk/pom.xml b/trunk/pom.xml
new file mode 100644
index 0000000..abb4d2e
--- /dev/null
+++ b/trunk/pom.xml
@@ -0,0 +1,428 @@
+<?xml version="1.0" encoding="UTF-8"?>

+<project xmlns="http://maven.apache.org/POM/4.0.0"

+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

+    <modelVersion>4.0.0</modelVersion>

+    <groupId>org.apache.ws.security</groupId>

+    <artifactId>wss4j</artifactId>

+    <name>WSS4J</name>

+    <!-- <version>1.5.4</version> -->

+    <version>SNAPSHOT</version>

+    <description>

+        Apache WSS4J is an implementation of the Web Services Security

+        (WS-Security) being developed at OASIS Web Services Security TC.

+        WSS4J is a primarily a Java library that can be used to sign and

+        verify SOAP Messages with WS-Security information. WSS4J will

+        use Apache Axis and Apache XML-Security projects and will be

+        interoperable with JAX-RPC based server/clients and .NET

+        server/clients.

+    </description>

+    <url>http://ws.apache.org/wss4j/</url>

+    <issueManagement>

+        <system>JIRA</system>

+        <url>http://issues.apache.org/jira/browse/WSS</url>

+    </issueManagement>

+    <mailingLists>

+        <mailingList>

+            <name>WSS4J Developer List</name>

+            <subscribe>wss4j-dev-subscribe@ws.apache.org</subscribe>

+            <unsubscribe>

+                wss4j-dev-unsubscribe@ws.apache.org

+            </unsubscribe>

+            <post>wss4j-dev@ws.apache.org</post>

+            <archive>

+                http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/

+            </archive>

+            <otherArchives>

+                <otherArchive>http://www.nabble.com/WSS4J-f2398.html</otherArchive>

+            </otherArchives>

+        </mailingList>

+    </mailingLists>

+    <inceptionYear>2004</inceptionYear>

+    <!-- who the developers are for the project -->

+    <developers>

+        <developer>

+            <name>Davanum Srinivas</name>

+            <id>dims</id>

+            <email>dims@yahoo.com</email>

+            <organization></organization>

+        </developer>

+        <developer>

+            <name>Werner Dittmann</name>

+            <id>werner</id>

+            <email>werner@apache.org</email>

+            <organization></organization>

+        </developer>

+        <developer>

+            <name>Ias</name>

+            <id>ias</id>

+            <email>ias@apache.org</email>

+            <organization></organization>

+        </developer>

+        <developer>

+            <name>Ruchith Fernando</name>

+            <id>ruchithf</id>

+            <email>ruchithf@apache.org</email>

+            <organization></organization>

+        </developer>

+        <developer>

+            <name>Fred Dushin</name>

+            <id>fadushin</id>

+            <email>fadushin@apache.org</email>

+            <organization></organization>

+        </developer>

+        <developer>

+            <name>Colm O hEigeartaigh</name>

+            <id>coheigea</id>

+            <email>coheigea@apache.org</email>

+            <organization></organization>

+        </developer>

+    </developers>

+    <licenses>

+        <license>

+            <name>The Apache Software License, Version 2.0</name>

+            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>

+            <distribution>repo</distribution>

+        </license>

+    </licenses>

+    <scm>

+        <connection>

+            scm:svn:http://svn.apache.org/repos/asf/webservices/wss4j/trunk/

+        </connection>

+        <developerConnection>

+            scm:svn:https://svn.apache.org/repos/asf/webservices/wss4j/trunk/

+        </developerConnection>

+        <url>http://svn.apache.org/viewvc/webservices/wss4j/trunk</url>

+    </scm>

+    <organization>

+        <name>Apache Software Foundation</name>

+        <url>http://www.apache.org/</url>

+    </organization>

+    

+    <build>

+        <sourceDirectory>src</sourceDirectory>

+        <resources>

+            <resource>

+                <directory>src</directory>

+                <includes>

+                    <include>org/**/errors.properties</include>

+                </includes>

+                <filtering>false</filtering>

+            </resource>

+        </resources>

+

+        <plugins>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-antrun-plugin</artifactId>

+                <version>1.2</version>

+                <executions>

+                    <execution>

+                        <id>prepareLicenseFiles</id>

+                        <phase>generate-resources</phase>

+                        <configuration>

+                            <tasks>

+                                <copy

+                                    todir="${project.build.outputDirectory}/META-INF">

+                                    <fileset dir="${basedir}">

+                                        <include name="LICENSE.txt" />

+                                        <include name="NOTICE.txt" />

+                                    </fileset>

+                                </copy>

+                            </tasks>

+                        </configuration>

+                        <goals>

+                            <goal>run</goal>

+                        </goals>

+                    </execution>

+                </executions>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-one-plugin</artifactId>

+                <version>1.2</version>

+                <executions>

+                    <execution>

+                        <goals>

+                            <goal>install-maven-one-repository</goal>

+                            <goal>deploy-maven-one-repository</goal>

+                        </goals>

+                    </execution>

+                </executions>

+                <configuration>

+                    <remoteRepositoryId>apache</remoteRepositoryId>

+                    <remoteRepositoryUrl>

+                        scpexe://people.apache.org/www/people.apache.org/repo/m1-snapshot-repository

+                    </remoteRepositoryUrl>

+                </configuration>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-release-plugin</artifactId>

+                <configuration>

+                    <tagBase>

+                        https://svn.apache.org/repos/asf/webservices/wss4j/tags/

+                    </tagBase>

+                </configuration>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-compiler-plugin</artifactId>

+                <version>2.0.2</version>

+                <configuration>

+                    <source>1.3</source>

+                    <target>1.3</target>

+                </configuration>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-assembly-plugin</artifactId>

+                <version>2.1</version>

+                <configuration>

+                    <descriptors>

+                        <descriptor>assembly/bin.xml</descriptor>

+                        <descriptor>assembly/src.xml</descriptor>

+                    </descriptors>

+                    <tarLongFileMode>gnu</tarLongFileMode>

+                </configuration>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-source-plugin</artifactId>

+                <version>2.0.4</version>

+                <executions>

+                    <execution>

+                        <goals>

+                            <goal>jar</goal>

+                        </goals>

+                    </execution>

+                </executions>

+                <configuration>

+                    <attach>true</attach>

+                </configuration>

+            </plugin>

+        </plugins>

+    </build>

+    

+    <profiles>

+        <profile>

+            <id>release</id>

+            <activation>

+                <property>

+                    <name>release</name>

+                    <value></value>

+                </property>

+            </activation>

+            <build>

+                <plugins>

+                    <plugin>

+                        <groupId>org.apache.maven.plugins</groupId>

+                        <artifactId>maven-javadoc-plugin</artifactId>

+                        <version>2.5</version>

+                        <executions>

+                            <execution>

+                                <goals>

+                                    <goal>jar</goal>

+                                </goals>

+                            </execution>

+                        </executions>

+                        <configuration>

+                            <attach>true</attach>

+                        </configuration>

+                    </plugin>

+                </plugins>

+            </build>

+        </profile>

+        <profile>

+            <id>jdk14</id>

+            <activation>

+                <activeByDefault>true</activeByDefault>

+                <jdk>1.4</jdk>

+            </activation>

+            <dependencies>

+                <dependency>

+                    <groupId>bouncycastle</groupId>

+                    <artifactId>bcprov-jdk14</artifactId>

+                    <version>${bcprov.jdk14.version}</version>

+                </dependency>

+            </dependencies>

+        </profile>

+        <profile>

+            <id>jdk15</id>

+            <activation>

+                <jdk>1.5</jdk>

+            </activation>

+            <dependencies>

+                <dependency>

+                    <groupId>bouncycastle</groupId>

+                    <artifactId>bcprov-jdk15</artifactId>

+                    <version>${bcprov.jdk15.version}</version>

+                </dependency>

+            </dependencies>

+        </profile>

+    </profiles>

+    

+    <properties>

+        <xmlsec.version>1.4.2</xmlsec.version>

+        <opensaml.version>1.1</opensaml.version>

+        <xml.apis.version>1.3.03</xml.apis.version>

+        <bcprov.jdk14.version>140</bcprov.jdk14.version>

+        <bcprov.jdk15.version>140</bcprov.jdk15.version>

+        <commons.logging.version>1.1</commons.logging.version>

+        <xalan.version>2.7.1</xalan.version>

+        <xerces.version>2.8.1</xerces.version>

+        <axis.version>1.4</axis.version>

+        <junit.version>3.8.1</junit.version>

+    </properties>

+    

+    <repositories>

+        <repository>

+            <releases>

+                <enabled>true</enabled>

+                <updatePolicy>always</updatePolicy>

+                <checksumPolicy>warn</checksumPolicy>

+            </releases>

+            <snapshots>

+                <enabled>false</enabled>

+                <updatePolicy>never</updatePolicy>

+                <checksumPolicy>warn</checksumPolicy>

+            </snapshots>

+            <id>apache-ws-snapshots2</id>

+            <name>Apache ws.zones - 2</name>

+            <url>http://ws.zones.apache.org/repository2/</url>

+        </repository>

+    </repositories>

+

+    <dependencies>

+        <dependency>

+            <groupId>commons-logging</groupId>

+            <artifactId>commons-logging</artifactId>

+            <version>${commons.logging.version}</version>

+        </dependency>

+        <dependency>

+            <groupId>org.apache.santuario</groupId>

+            <artifactId>xmlsec</artifactId>

+            <version>${xmlsec.version}</version>

+        </dependency>

+        <dependency>

+            <groupId>opensaml</groupId>

+            <artifactId>opensaml</artifactId>

+            <version>${opensaml.version}</version>

+        </dependency>

+        <dependency>

+            <groupId>org.apache.axis</groupId>

+            <artifactId>axis</artifactId>

+            <version>${axis.version}</version>

+            <scope>provided</scope>

+        </dependency>

+        <dependency>

+            <groupId>org.apache.axis</groupId>

+            <artifactId>axis-ant</artifactId>

+            <version>${axis.version}</version>

+            <scope>provided</scope>

+        </dependency>

+        <dependency>

+            <groupId>org.apache.axis</groupId>

+            <artifactId>axis-jaxrpc</artifactId>

+            <version>${axis.version}</version>

+            <scope>provided</scope>

+        </dependency>

+        <dependency>

+            <groupId>org.apache.axis</groupId>

+            <artifactId>axis-saaj</artifactId>

+            <version>${axis.version}</version>

+            <scope>provided</scope>

+        </dependency>

+        <dependency>

+            <groupId>xalan</groupId>

+            <artifactId>xalan</artifactId>

+            <version>${xalan.version}</version>

+        </dependency>

+        <dependency>

+            <groupId>xerces</groupId>

+            <artifactId>xercesImpl</artifactId>

+            <version>${xerces.version}</version>

+        </dependency>

+        <dependency>

+            <groupId>xml-apis</groupId>

+            <artifactId>xml-apis</artifactId>

+            <version>${xml.apis.version}</version>

+        </dependency>

+        <dependency>

+            <groupId>junit</groupId>

+            <artifactId>junit</artifactId>

+            <version>${junit.version}</version>

+        </dependency>

+    </dependencies>

+

+    <reporting>

+        <plugins>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-project-info-reports-plugin</artifactId>

+                <version>2.1</version>

+                <reportSets>

+                    <reportSet>

+                        <reports>

+                            <report>dependencies</report>

+                            <report>issue-tracking</report>

+                            <report>license</report>

+                            <report>mailing-list</report>

+                            <report>project-team</report>

+                            <report>scm</report>

+                        </reports>

+                    </reportSet>

+                </reportSets>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-javadoc-plugin</artifactId>

+                <version>2.5</version>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-changes-plugin</artifactId>

+                <version>2.0</version>

+                <configuration>

+                    <onlyCurrentVersion>true</onlyCurrentVersion>

+                    <resolutionIds>Any</resolutionIds>

+                    <statusIds>Resolved, Closed</statusIds>

+                    <sortColumnNames>Key</sortColumnNames>

+                </configuration>

+                <reportSets>

+                    <reportSet>

+                        <reports>

+                            <report>jira-report</report>

+                        </reports>

+                    </reportSet>

+                </reportSets>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-dependency-plugin</artifactId>

+                <version>2.0</version>

+            </plugin>

+            <plugin>

+                <groupId>org.apache.maven.plugins</groupId>

+                <artifactId>maven-jxr-plugin</artifactId>

+                <version>2.1</version>

+            </plugin>

+        </plugins>

+    </reporting>

+    

+    <distributionManagement>

+        <repository>

+            <id>apache-repo</id>

+            <name>Maven Central Repository</name>

+            <url>

+                scpexe://people.apache.org/www/people.apache.org/repo/m2-ibiblio-rsync-repository

+            </url>

+        </repository>

+        <site>

+            <id>website</id>

+            <url>

+                scpexe://people.apache.org/www/ws.apache.org/wss4j/

+            </url>

+        </site>

+    </distributionManagement>

+</project>

diff --git a/trunk/project.properties b/trunk/project.properties
new file mode 100644
index 0000000..1b1218c
--- /dev/null
+++ b/trunk/project.properties
@@ -0,0 +1,9 @@
+##
+## $Revision$ $Date$
+##
+
+maven.repo.remote=http://people.apache.org/~dims/maven, http://www.ibiblio.org/maven
+maven.xdoc.date=left
+maven.xdoc.version=${pom.currentVersion}
+maven.junit.fork=true
+#maven.html2xdoc.enabled=true
diff --git a/trunk/project.xml b/trunk/project.xml
new file mode 100644
index 0000000..be6c6ce
--- /dev/null
+++ b/trunk/project.xml
@@ -0,0 +1,209 @@
+<?xml version="1.0"?>
+
+<project>
+
+  <!-- the version of maven's project object model -->
+  <pomVersion>3</pomVersion>
+  
+  <!-- a unique name for this project -->
+  <id>wss4j</id>
+  
+  <!-- a short but descriptive name for the project -->
+  <name>Apache WSS4J</name>
+  
+  <!-- The version of the project under development, e.g.
+       1.1, 1.2, 2.0-SNAPSHOT -->
+  <currentVersion>1.5</currentVersion>
+  
+  <!-- details about the organization that 'owns' the project -->
+  <organization>
+    <name>Apache Web Services</name>
+    <url>http://ws.apache.org/</url>
+    <logo>http://ws.apache.org/images/project-logo.jpg</logo>
+  </organization>
+  
+  <!-- the year the project started -->
+  <inceptionYear>2004</inceptionYear>
+  <package>org.apache.ws</package>
+  <logo></logo>
+  <description>
+    Apache WSS4J is an implementation of the Web Services Security (WS-Security) being developed at 
+    OASIS Web Services Security TC. WSS4J is a primarily a Java library that can be used to sign and 
+    verify SOAP Messages with WS-Security information. WSS4J will use Apache Axis and Apache XML-Security 
+    projects and will be interoperable with JAX-RPC based server/clients and .NET server/clients. 
+  </description>
+  <!-- a short description of what the project does -->
+  <shortDescription>
+    WS-Security implementation for Apache Axis
+  </shortDescription>
+
+  <!-- the project home page -->
+  <url>http://ws.apache.org/wss4j/</url>
+  <issueTrackingUrl>http://issues.apache.org/jira/browse/WSS</issueTrackingUrl>
+  <siteAddress>ws.apache.org</siteAddress>
+  <siteDirectory>/wss4j/</siteDirectory>
+  <distributionSite>www.apache.org</distributionSite>
+  <distributionDirectory>//dyn/closer.cgi/ws/wss4j/</distributionDirectory>
+
+  <!-- the version control repository and http url for online access
+       the connection element has the form:
+       scm:<system>:<system specific connection string> -->
+  <repository>
+    <connection>scm:svn:http://svn.apache.org:repos/asf/webservices:wss4j/trunk</connection>
+    <developerConnection>scm:svn:http://svn.apache.org:repos/asf/webservices:wss4j/trunk</developerConnection>
+    <url>http://svn.apache.org/viewcvs.cgi/webservices/wss4j/trunk?root=Apache-SVN</url>
+  </repository>
+
+  <!-- any mailing lists for the project -->
+    <mailingLists>
+        <mailingList>
+            <name>WSS4J Developer List</name>
+            <subscribe>wss4j-dev-subscribe@ws.apache.org</subscribe>
+            <unsubscribe>wss4j-dev-unsubscribe@ws.apache.org</unsubscribe>
+            <archive>http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/</archive>
+        </mailingList>
+    </mailingLists>
+  
+  <!-- who the developers are for the project -->
+  <developers>
+        <developer>
+            <name>Davanum Srinivas</name>
+            <id>dims</id>
+            <email>dims@yahoo.com</email>
+            <organization></organization>
+        </developer>
+        <developer>
+            <name>Werner Dittmann</name>
+            <id>werner</id>
+            <email>werner@apache.org</email>
+            <organization></organization>
+        </developer>
+        <developer>
+            <name>Ias</name>
+            <id>ias</id>
+            <email>ias@apache.org</email>
+            <organization></organization>
+        </developer>
+        <developer>
+            <name>Ruchith Fernando</name>
+            <id>ruchithf</id>
+            <email>ruchithf@apache.org</email>
+            <organization></organization>
+        </developer>
+  </developers>
+
+    <licenses>
+        <license>
+            <name>The Apache Software License, Version 2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+            <distribution>repo</distribution>
+        </license>
+    </licenses>
+  
+  <!-- build information for the project -->
+  <build>
+    <nagEmailAddress>wss4j-dev@ws.apache.org</nagEmailAddress>
+    <sourceDirectory>src</sourceDirectory>
+    <unitTestSourceDirectory>test</unitTestSourceDirectory>
+
+    <unitTest>
+      <includes>
+        <include>**/*PackageTests*.java</include>
+      </includes>
+      <excludes>
+          <exclude>**/wssec/PackageTests.java</exclude>
+          <exclude>**/interop/PackageTests.java</exclude>
+          <exclude>**/TestScenario7.java</exclude>
+      </excludes>
+    </unitTest>
+
+    <resources>
+      <resource>
+        <directory>src</directory>
+        <includes>
+          <include>**/*.properties</include>
+        </includes>
+      </resource>
+    </resources>
+  </build>
+
+    <!-- ============ -->
+    <!-- Dependencies -->
+    <!-- ============ -->
+
+    <dependencies>
+
+        <!-- Module Dependencies -->
+        <!--
+        <dependency>
+            <groupId>axis</groupId>
+            <artifactId>axis</artifactId>
+            <version>SNAPSHOT</version>
+            <properties>
+                <module>true</module>
+            </properties>
+        </dependency>
+        <dependency>
+            <groupId>axis</groupId>
+            <artifactId>commons-discovery</artifactId>
+            <version>SNAPSHOT</version>
+            <properties>
+                <module>true</module>
+            </properties>
+        </dependency>
+        <dependency>
+            <groupId>axis</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>SNAPSHOT</version>
+            <properties>
+                <module>true</module>
+            </properties>
+        </dependency>
+        <dependency>
+            <groupId>axis</groupId>
+            <artifactId>jaxrpc</artifactId>
+            <version>SNAPSHOT</version>
+            <properties>
+                <module>true</module>
+            </properties>
+        </dependency>
+        <dependency>
+            <groupId>axis</groupId>
+            <artifactId>saaj</artifactId>
+            <version>SNAPSHOT</version>
+            <properties>
+                <module>true</module>
+            </properties>
+        </dependency>
+        <dependency>
+            <groupId>axis</groupId>
+            <artifactId>wsdl4j</artifactId>
+            <version>SNAPSHOT</version>
+            <properties>
+                <module>true</module>
+            </properties>
+        </dependency>
+        -->
+    </dependencies>
+
+    <!-- ======= -->
+    <!-- Reports -->
+    <!-- ======= -->
+
+    <reports>
+        <report>maven-license-plugin</report>
+        <report>maven-checkstyle-plugin</report>
+        <report>maven-pmd-plugin</report>
+        <report>maven-jdepend-plugin</report>
+        <!--<report>maven-changelog-plugin</report> -->
+        <!-- <report>maven-statcvs-plugin</report> -->
+        <!-- <report>maven-file-activity-plugin</report> -->
+        <!-- <report>maven-developer-activity-plugin</report> -->
+        <report>maven-jxr-plugin</report>
+        <report>maven-javadoc-plugin</report>
+        <!-- <report>maven-junit-report-plugin</report> -->
+        <!-- <report>maven-clover-plugin</report> -->
+    </reports>
+    
+</project>
+
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/NStoPkg.properties b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/NStoPkg.properties
new file mode 100644
index 0000000..60245df
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/NStoPkg.properties
@@ -0,0 +1 @@
+uri\:axis_sec=org.apache.ws.axis.samples.wssec.doall.axisSec
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/PWCallback.java b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/PWCallback.java
new file mode 100644
index 0000000..8224512
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/PWCallback.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * @author Werner Dittmann (Werner.Dittmann@siemens.com)
+ */
+
+package org.apache.ws.axis.samples.wssec.doall;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+public class PWCallback implements CallbackHandler {
+
+    /* (non-Javadoc)
+     * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+     */
+    public void handle(Callback[] callbacks)
+        throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WSPasswordCallback) {
+                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+                /*
+                 * here call a function/method to lookup the password for
+                 * the given identifier (e.g. a user name or keystore alias)
+                 * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+                 * for Testing we supply a fixed name here.
+                 */
+                pc.setPassword("security");
+            } else {
+                throw new UnsupportedCallbackException(
+                    callbacks[i],
+                    "Unrecognized Callback");
+            }
+        }
+    }
+}
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/Tester.java b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/Tester.java
new file mode 100644
index 0000000..f446cc2
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/Tester.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.samples.wssec.doall;
+
+import org.apache.axis.utils.Options;
+import org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort;
+import org.apache.ws.axis.samples.wssec.doall.axisSec.SecServiceLocator;
+
+
+public class Tester
+{
+
+    private static final java.lang.String address =
+    "http://localhost:8081/axis/services/SecHttp";
+
+
+    public static void main(String [] args) throws Exception {
+        Options opts = new Options(args);
+
+        /*
+          * Start to prepare service call. Once this is done, several
+          * calls can be made on the port (see below)
+         *
+          * Fist: get the service locator. This implements the functionality
+          * to get a client stub (aka port).
+          */
+        SecServiceLocator service = new SecServiceLocator();
+        /* 
+          * this is a JAX-RPC compliant call. It uses a preconfigured
+          * endpoint address (usually contained in the WSDL). Note the
+          * cast.
+          *
+        SecPort port = (SwaPort)service.getPort(SwaPortType.class);
+         */
+
+        /*
+          * Here we use an Axis specific call that allows to override the
+          * port address (service endpoint address) with an own URL. Comes
+          * in handy for testing.
+          */
+        java.net.URL endpoint;
+            try {
+                endpoint = new java.net.URL(address);
+            }
+            catch (java.net.MalformedURLException e) {
+                throw new javax.xml.rpc.ServiceException(e);
+            }
+
+        SecPort port = (SecPort)service.getSecHttp(endpoint);
+        /*
+          * At this point all preparations are done. Using the port we can
+          * now perform as many calls as necessary.
+          */
+    
+         // perform call
+        String result = port.secSend("AppName");
+        System.out.println(result);
+        
+        if (opts.isFlagSet('t') > 0) {
+            long startTime = System.currentTimeMillis();
+            for (int i = 0; i < 20; i++)
+                port.secSend("AppName");
+            long endTime = System.currentTimeMillis();
+            System.out.println("Time used: " + (endTime - startTime) + "ms");
+        }
+    }
+}
\ No newline at end of file
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecBindingImpl.java b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecBindingImpl.java
new file mode 100644
index 0000000..6e3173a
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecBindingImpl.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * SecBindingImpl.java
+ *
+ * This file was auto-generated from WSDL
+ * by the Apache Axis 1.2dev Oct 27, 2003 (02:34:09 EST) WSDL2Java emitter.
+ */
+
+package org.apache.ws.axis.samples.wssec.doall.axisSec;
+
+public class SecBindingImpl implements org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort{
+    public java.lang.String secSend(java.lang.String applicationName) throws java.rmi.RemoteException {
+        return applicationName;
+    }
+
+}
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecBindingStub.java b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecBindingStub.java
new file mode 100644
index 0000000..554f705
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecBindingStub.java
@@ -0,0 +1,136 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * SecBindingStub.java
+ *
+ * This file was auto-generated from WSDL
+ * by the Apache Axis 1.2dev Oct 27, 2003 (02:34:09 EST) WSDL2Java emitter.
+ */
+
+package org.apache.ws.axis.samples.wssec.doall.axisSec;
+
+public class SecBindingStub extends org.apache.axis.client.Stub implements org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort {
+    private java.util.Vector cachedSerClasses = new java.util.Vector();
+    private java.util.Vector cachedSerQNames = new java.util.Vector();
+    private java.util.Vector cachedSerFactories = new java.util.Vector();
+    private java.util.Vector cachedDeserFactories = new java.util.Vector();
+
+    static org.apache.axis.description.OperationDesc [] _operations;
+
+    static {
+        _operations = new org.apache.axis.description.OperationDesc[1];
+        _initOperationDesc1();
+    }
+
+    private static void _initOperationDesc1(){
+        org.apache.axis.description.OperationDesc oper;
+        oper = new org.apache.axis.description.OperationDesc();
+        oper.setName("secSend");
+        oper.addParameter(new javax.xml.namespace.QName("", "applicationName"), new javax.xml.namespace.QName("http://www.w3.org/2001/XMLSchema", "string"), java.lang.String.class, org.apache.axis.description.ParameterDesc.IN, false, false);
+        oper.setReturnType(new javax.xml.namespace.QName("http://www.w3.org/2001/XMLSchema", "string"));
+        oper.setReturnClass(java.lang.String.class);
+        oper.setReturnQName(new javax.xml.namespace.QName("", "return"));
+        oper.setStyle(org.apache.axis.constants.Style.RPC);
+        oper.setUse(org.apache.axis.constants.Use.LITERAL);
+        _operations[0] = oper;
+
+    }
+
+    public SecBindingStub() throws org.apache.axis.AxisFault {
+         this(null);
+    }
+
+    public SecBindingStub(java.net.URL endpointURL, javax.xml.rpc.Service service) throws org.apache.axis.AxisFault {
+         this(service);
+         super.cachedEndpoint = endpointURL;
+    }
+
+    public SecBindingStub(javax.xml.rpc.Service service) throws org.apache.axis.AxisFault {
+        if (service == null) {
+            super.service = new org.apache.axis.client.Service();
+        } else {
+            super.service = service;
+        }
+    }
+
+    private org.apache.axis.client.Call createCall() throws java.rmi.RemoteException {
+        try {
+            org.apache.axis.client.Call _call =
+                    (org.apache.axis.client.Call) super.service.createCall();
+            if (super.maintainSessionSet) {
+                _call.setMaintainSession(super.maintainSession);
+            }
+            if (super.cachedUsername != null) {
+                _call.setUsername(super.cachedUsername);
+            }
+            if (super.cachedPassword != null) {
+                _call.setPassword(super.cachedPassword);
+            }
+            if (super.cachedEndpoint != null) {
+                _call.setTargetEndpointAddress(super.cachedEndpoint);
+            }
+            if (super.cachedTimeout != null) {
+                _call.setTimeout(super.cachedTimeout);
+            }
+            if (super.cachedPortName != null) {
+                _call.setPortName(super.cachedPortName);
+            }
+            java.util.Enumeration keys = super.cachedProperties.keys();
+            while (keys.hasMoreElements()) {
+                java.lang.String key = (java.lang.String) keys.nextElement();
+                _call.setProperty(key, super.cachedProperties.get(key));
+            }
+            return _call;
+        }
+        catch (java.lang.Throwable t) {
+            throw new org.apache.axis.AxisFault("Failure trying to get the Call object", t);
+        }
+    }
+
+    public java.lang.String secSend(java.lang.String applicationName) throws java.rmi.RemoteException {
+        if (super.cachedEndpoint == null) {
+            throw new org.apache.axis.NoEndPointException();
+        }
+        org.apache.axis.client.Call _call = createCall();
+        _call.setOperation(_operations[0]);
+        _call.setUseSOAPAction(true);
+        _call.setSOAPActionURI("secSend");
+        _call.setEncodingStyle(null);
+        _call.setProperty(org.apache.axis.client.Call.SEND_TYPE_ATTR, Boolean.FALSE);
+        _call.setProperty(org.apache.axis.AxisEngine.PROP_DOMULTIREFS, Boolean.FALSE);
+        _call.setSOAPVersion(org.apache.axis.soap.SOAPConstants.SOAP11_CONSTANTS);
+        _call.setOperationName(new javax.xml.namespace.QName("", "secSend"));
+
+        setRequestHeaders(_call);
+        setAttachments(_call);
+        java.lang.Object _resp = _call.invoke(new java.lang.Object[] {applicationName});
+
+        if (_resp instanceof java.rmi.RemoteException) {
+            throw (java.rmi.RemoteException)_resp;
+        }
+        else {
+            extractAttachments(_call);
+            try {
+                return (java.lang.String) _resp;
+            } catch (java.lang.Exception _exception) {
+                return (java.lang.String) org.apache.axis.utils.JavaUtils.convert(_resp, java.lang.String.class);
+            }
+        }
+    }
+
+}
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecPort.java b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecPort.java
new file mode 100644
index 0000000..c4876be
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecPort.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * SecPort.java
+ *
+ * This file was auto-generated from WSDL
+ * by the Apache Axis 1.2dev Oct 27, 2003 (02:34:09 EST) WSDL2Java emitter.
+ */
+
+package org.apache.ws.axis.samples.wssec.doall.axisSec;
+
+public interface SecPort extends java.rmi.Remote {
+    public java.lang.String secSend(java.lang.String applicationName) throws java.rmi.RemoteException;
+}
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecService.java b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecService.java
new file mode 100644
index 0000000..bf4711b
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecService.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * SecService.java
+ *
+ * This file was auto-generated from WSDL
+ * by the Apache Axis 1.2dev Oct 27, 2003 (02:34:09 EST) WSDL2Java emitter.
+ */
+
+package org.apache.ws.axis.samples.wssec.doall.axisSec;
+
+public interface SecService extends javax.xml.rpc.Service {
+    public java.lang.String getSecHttpAddress();
+
+    public org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort getSecHttp() throws javax.xml.rpc.ServiceException;
+
+    public org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort getSecHttp(java.net.URL portAddress) throws javax.xml.rpc.ServiceException;
+}
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecServiceLocator.java b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecServiceLocator.java
new file mode 100644
index 0000000..a010d90
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/SecServiceLocator.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+/**
+ * SecServiceLocator.java
+ *
+ * This file was auto-generated from WSDL
+ * by the Apache Axis 1.2dev Oct 27, 2003 (02:34:09 EST) WSDL2Java emitter.
+ */
+
+package org.apache.ws.axis.samples.wssec.doall.axisSec;
+
+public class SecServiceLocator extends org.apache.axis.client.Service implements org.apache.ws.axis.samples.wssec.doall.axisSec.SecService {
+
+    // Use to get a proxy class for SecHttp
+    private java.lang.String SecHttp_address = "http://localhost:8081/axis/services/secHttp";
+
+    public java.lang.String getSecHttpAddress() {
+        return SecHttp_address;
+    }
+
+    // The WSDD service name defaults to the port name.
+    private java.lang.String SecHttpWSDDServiceName = "SecHttp";
+
+    public java.lang.String getSecHttpWSDDServiceName() {
+        return SecHttpWSDDServiceName;
+    }
+
+    public void setSecHttpWSDDServiceName(java.lang.String name) {
+        SecHttpWSDDServiceName = name;
+    }
+
+    public org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort getSecHttp() throws javax.xml.rpc.ServiceException {
+       java.net.URL endpoint;
+        try {
+            endpoint = new java.net.URL(SecHttp_address);
+        }
+        catch (java.net.MalformedURLException e) {
+            throw new javax.xml.rpc.ServiceException(e);
+        }
+        return getSecHttp(endpoint);
+    }
+
+    public org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort getSecHttp(java.net.URL portAddress) throws javax.xml.rpc.ServiceException {
+        try {
+            org.apache.ws.axis.samples.wssec.doall.axisSec.SecBindingStub _stub = new org.apache.ws.axis.samples.wssec.doall.axisSec.SecBindingStub(portAddress, this);
+            _stub.setPortName(getSecHttpWSDDServiceName());
+            return _stub;
+        }
+        catch (org.apache.axis.AxisFault e) {
+            return null;
+        }
+    }
+
+    public void setSecHttpEndpointAddress(java.lang.String address) {
+        SecHttp_address = address;
+    }
+
+    /**
+     * For the given interface, get the stub implementation.
+     * If this service has no port for the given interface,
+     * then ServiceException is thrown.
+     */
+    public java.rmi.Remote getPort(Class serviceEndpointInterface) throws javax.xml.rpc.ServiceException {
+        try {
+            if (org.apache.ws.axis.samples.wssec.doall.axisSec.SecPort.class.isAssignableFrom(serviceEndpointInterface)) {
+                org.apache.ws.axis.samples.wssec.doall.axisSec.SecBindingStub _stub = new org.apache.ws.axis.samples.wssec.doall.axisSec.SecBindingStub(new java.net.URL(SecHttp_address), this);
+                _stub.setPortName(getSecHttpWSDDServiceName());
+                return _stub;
+            }
+        }
+        catch (java.lang.Throwable t) {
+            throw new javax.xml.rpc.ServiceException(t);
+        }
+        throw new javax.xml.rpc.ServiceException("There is no stub implementation for the interface:  " + (serviceEndpointInterface == null ? "null" : serviceEndpointInterface.getName()));
+    }
+
+    /**
+     * For the given interface, get the stub implementation.
+     * If this service has no port for the given interface,
+     * then ServiceException is thrown.
+     */
+    public java.rmi.Remote getPort(javax.xml.namespace.QName portName, Class serviceEndpointInterface) throws javax.xml.rpc.ServiceException {
+        if (portName == null) {
+            return getPort(serviceEndpointInterface);
+        }
+        String inputPortName = portName.getLocalPart();
+        if ("SecHttp".equals(inputPortName)) {
+            return getSecHttp();
+        }
+        else  {
+            java.rmi.Remote _stub = getPort(serviceEndpointInterface);
+            ((org.apache.axis.client.Stub) _stub).setPortName(portName);
+            return _stub;
+        }
+    }
+
+    public javax.xml.namespace.QName getServiceName() {
+        return new javax.xml.namespace.QName("uri:axis_sec", "secService");
+    }
+
+    private java.util.HashSet ports = null;
+
+    public java.util.Iterator getPorts() {
+        if (ports == null) {
+            ports = new java.util.HashSet();
+            ports.add(new javax.xml.namespace.QName("SecHttp"));
+        }
+        return ports.iterator();
+    }
+
+    /**
+    * Set the endpoint address for the specified port name.
+    */
+    public void setEndpointAddress(java.lang.String portName, java.lang.String address) throws javax.xml.rpc.ServiceException {
+        if ("SecHttp".equals(portName)) {
+            setSecHttpEndpointAddress(address);
+        }
+        else { // Unknown Port Name
+            throw new javax.xml.rpc.ServiceException(" Cannot set Endpoint Address for Unknown Port" + portName);
+        }
+    }
+
+    /**
+    * Set the endpoint address for the specified port name.
+    */
+    public void setEndpointAddress(javax.xml.namespace.QName portName, java.lang.String address) throws javax.xml.rpc.ServiceException {
+        setEndpointAddress(portName.getLocalPart(), address);
+    }
+
+}
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/deploy.wsdd b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/deploy.wsdd
new file mode 100644
index 0000000..ba16bc1
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/deploy.wsdd
@@ -0,0 +1,27 @@
+<!-- Use this file to deploy some handlers/chains and services      -->
+<!-- Two ways to do this:                                           -->
+<!--   java org.apache.axis.client.AdminClient deploy.wsdd          -->
+<!--      after the axis server is running                          -->
+<!-- or                                                             -->
+<!--   java org.apache.axis.utils.Admin client|server deploy.wsdd   -->
+<!--      from the same directory that the Axis engine runs         -->
+
+<deployment
+    xmlns="http://xml.apache.org/axis/wsdd/"
+    xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+
+  <!-- Services from secService WSDL service -->
+
+  <service name="SecHttp" provider="java:RPC" style="rpc" use="literal">
+      <parameter name="wsdlTargetNamespace" value="uri:axis_sec"/>
+      <parameter name="wsdlServiceElement" value="secService"/>
+      <parameter name="wsdlServicePort" value="SecHttp"/>
+      <parameter name="className" value="org.apache.ws.axis.samples.wssec.doall.axisSec.SecBindingImpl"/>
+      <parameter name="wsdlPortType" value="secPort"/>
+      <operation name="secSend" qname="secSend" returnQName="return" returnType="rtns:string" xmlns:rtns="http://www.w3.org/2001/XMLSchema" >
+        <parameter name="applicationName" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
+      </operation>
+      <parameter name="allowedMethods" value="secSend"/>
+
+  </service>
+</deployment>
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/undeploy.wsdd b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/undeploy.wsdd
new file mode 100644
index 0000000..1886f0c
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/axisSec/undeploy.wsdd
@@ -0,0 +1,15 @@
+<!-- Use this file to undeploy some handlers/chains and services    -->
+<!-- Two ways to do this:                                           -->
+<!--   java org.apache.axis.client.AdminClient undeploy.wsdd        -->
+<!--      after the axis server is running                          -->
+<!-- or                                                             -->
+<!--   java org.apache.axis.utils.Admin client|server undeploy.wsdd -->
+<!--      from the same directory that the Axis engine runs         -->
+
+<undeployment
+    xmlns="http://xml.apache.org/axis/wsdd/">
+
+  <!-- Services from secService WSDL service -->
+
+  <service name="SecHttp"/>
+</undeployment>
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/build.xml b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/build.xml
new file mode 100644
index 0000000..1977623
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/build.xml
@@ -0,0 +1,68 @@
+<project name="Axis_SecDoAll" default="wsdl2java" basedir=".">
+    <description>
+        generate files from WSDL description, also target to deploy
+        the service in a runing Axis (probably in Tomcat or alike)
+    </description>
+
+  <!-- The following setting assumes that all necessary libs (jars)
+    are located in a lib directory directly under wss4j. First set
+    a reference to the wss4j relative to this working directory -->
+  <property name="dir.wss4j" value="../../../../../../../.." />
+  <property name="dir.libs"  value="${dir.wss4j}/lib" />
+
+  <!-- Base directory where to put generated java files -->
+  <property name="WSDLGenFiles" location="${dir.wss4j}/samples" />
+  <!-- where to find the SwA WSDL files -->
+  <property name="WSDLDir" location="${basedir}" />
+
+  <!--
+   Directory of the generated Java files
+  -->
+  <property name="sec" value="org/apache/ws/axis/samples/wssec/doall/axisSec" />
+
+    <path id="classpath.libraries" description=" 3rd party and Axis libs">
+      <fileset dir="${dir.libs}">
+        <include name="**/*.jar"/>
+	<!-- <pathelement path="${java.class.path}"/> -->
+      </fileset>
+    </path>
+  
+  <target name="clientdeploy">
+    <java classname="org.apache.axis.utils.Admin" fork="true">
+      <classpath refid="classpath.libraries" />
+      <arg value="client"/>
+      <arg file="${WSDLDir}/client_deploy.wsdd" />
+    </java>
+  </target>
+
+  <target name="serverdeploy">
+    <java classname="org.apache.axis.client.AdminClient" fork="true">
+      <classpath refid="classpath.libraries" />
+      <arg file="${WSDLDir}/server_deploy.wsdd" />
+    </java>
+  </target>
+
+  <target name="serverundeploy">
+    <java classname="org.apache.axis.client.AdminClient" fork="true">
+      <classpath refid="classpath.libraries" />
+     <arg file="${WSDLGenFiles}/${sec}/undeploy.wsdd" />
+    </java>
+  </target>
+
+  <target name="wsdl2java">
+    <java classname="org.apache.axis.wsdl.WSDL2Java" fork="true">
+      <classpath refid="classpath.libraries" />
+      <arg value="-f" /> 
+      <arg file="${WSDLDir}/NStoPkg.properties" /> 
+      <arg value="-S true" />
+      <arg value="-o" />
+      <arg file="${WSDLGenFiles}" />
+      <arg file="${WSDLDir}/sec.wsdl" />
+    </java>
+  </target>
+
+  <target name="clean"
+        description="clean up" >
+    <delete dir="${WSDLGenFiles}/${sec}"/>
+  </target>
+</project>
\ No newline at end of file
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/client-config.wsdd b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/client-config.wsdd
new file mode 100644
index 0000000..5612729
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/client-config.wsdd
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+ <service name="SecHttp">
+  <requestFlow>
+   <handler name="DoSecuritySender" type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+    <!-- <parameter name="action" value="Signature"/> -->
+	<!-- <parameter name="action" value="Encrypt Signatur"/> -->
+    <parameter name="action" value="Signature Encrypt"/>
+    <!-- <parameter name="action" value="Encrypt"/> -->
+    <parameter name="signaturePropFile" value="crypto.properties" />
+    <!-- <parameter name="encryptionPropFile" value="crypto.properties" /> -->
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
+	<!-- <parameter name="encryptionParts" value="{Content}{http://example.org/paymentv2}CreditCard;{Element}{}UserName" /> -->
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+    <!-- <parameter name="action" value="Signature"/> -->
+	<parameter name="action" value="Encrypt Signature"/>
+    <!-- <parameter name="action" value="Signature Encrypt"/> -->
+    <!-- <parameter name="action" value="Encrypt"/> -->
+    <parameter name="signaturePropFile" value="crypto.properties" />
+    <!-- <parameter name="decryptionPropFile" value="crypto.properties" /> -->
+   </handler>
+  </responseFlow>
+  
+ </service>
+ <transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
+ <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
+ <transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
+</deployment>
\ No newline at end of file
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/client_deploy.wsdd b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/client_deploy.wsdd
new file mode 100644
index 0000000..376b331
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/client_deploy.wsdd
@@ -0,0 +1,34 @@
+<deployment xmlns="http://xml.apache.org/axis/wsdd/"
+            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+
+ <!-- define the service, using the WSDoAllSender security handler in request flow -->
+ <service name="SecHttp">
+  <requestFlow>
+   <handler name="DoSecuritySender" type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+    <!-- <parameter name="action" value="Signature"/> -->
+	<!-- <parameter name="action" value="Encrypt Signatur"/> -->
+    <parameter name="action" value="Signature Encrypt"/>
+    <!-- <parameter name="action" value="Encrypt"/> -->
+    <parameter name="signaturePropFile" value="crypto.properties" />
+    <!-- <parameter name="encryptionPropFile" value="crypto.properties" /> -->
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
+	<!-- <parameter name="encryptionParts" value="{Content}{http://example.org/paymentv2}CreditCard;{Element}{}UserName" /> -->
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+    <!-- <parameter name="action" value="Signature"/> -->
+	<parameter name="action" value="Encrypt Signature"/>
+    <!-- <parameter name="action" value="Signature Encrypt"/> -->
+    <!-- <parameter name="action" value="Encrypt"/> -->
+    <parameter name="signaturePropFile" value="crypto.properties" />
+    <!-- <parameter name="decryptionPropFile" value="crypto.properties" /> -->
+   </handler>
+  </responseFlow>
+ </service>
+
+</deployment>
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/keys/x509.PFX.MSFT b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/keys/x509.PFX.MSFT
new file mode 100644
index 0000000..98be0df
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/keys/x509.PFX.MSFT
Binary files differ
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/log4j.properties b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/log4j.properties
new file mode 100644
index 0000000..62cd524
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/log4j.properties
@@ -0,0 +1,26 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=FATAL, CONSOLE
+# log4j.rootCategory=DEBUG, CONSOLE, LOGFILE
+
+# Set the enterprise logger category to FATAL and its only appender to CONSOLE.
+log4j.logger.org.apache.axis.enterprise=FATAL, CONSOLE
+# log4j.logger.org.apache.axis.i18n.ProjectResourceBundle=INFO
+log4j.logger.org.apache.ws.security.TIME=DEBUG
+# log4j.logger.org.apache.ws.security.message.EnvelopeIdResolver=INFO
+# log4j.logger.org.apache.ws.axis.security.WSDoAllSender=INFO
+# log4j.logger.org.apache.ws.security.WSSecurityEngine=INFO
+# log4j.logger.org.apache.xml.security.encryption.XMLCipher=DEBUG
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=axis.log
+log4j.appender.LOGFILE.Append=true
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/sec.wsdl b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/sec.wsdl
new file mode 100644
index 0000000..b4a2d77
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/sec.wsdl
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="Axis_sec"
+   targetNamespace="uri:axis_sec"
+   xmlns:swa="uri:axis_sec"
+   xmlns="http://schemas.xmlsoap.org/wsdl/"
+   xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
+   xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+   xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+   >
+
+   <message name="SecRequest">
+      <part name="applicationName" type="xsd:string"/>
+   </message>
+
+   <message name="SecResponse">
+      <part name="return" type="xsd:string"/>
+   </message>
+
+   <portType name="secPort">
+      <operation name="secSend">
+         <input message="swa:SecRequest"/>
+	 <output message="swa:SecResponse"/>
+      </operation>
+   </portType>
+
+   <binding name="secBinding" type="swa:secPort">
+     <soap:binding style="rpc" transport= "http://schemas.xmlsoap.org/soap/http"/>
+     <operation name="secSend">
+       <soap:operation soapAction="secSend" />
+	   <input>
+	     <soap:body use="literal" parts="applicationName" />
+	   </input>
+	   <output>
+	    <soap:body use="literal" />
+	   </output>
+     </operation>
+   </binding>
+
+   <service name="secService">
+      <port name="SecHttp" binding="swa:secBinding">
+         <soap:address location="http://localhost:8081/axis/services/secHttp"/>
+      </port>
+   </service>
+</definitions>
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/server-config.wsdd b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/server-config.wsdd
new file mode 100644
index 0000000..7680f9e
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/server-config.wsdd
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+ <globalConfiguration>
+  <parameter name="adminPassword" value="admin"/>
+  <parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
+  <parameter name="sendXsiTypes" value="true"/>
+  <parameter name="sendMultiRefs" value="true"/>
+  <parameter name="sendXMLDeclaration" value="true"/>
+  <requestFlow>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="session"/>
+   </handler>
+   <handler type="java:org.apache.axis.handlers.JWSHandler">
+    <parameter name="scope" value="request"/>
+    <parameter name="extension" value=".jwr"/>
+   </handler>
+  </requestFlow>
+ </globalConfiguration>
+ <handler name="LocalResponder" type="java:org.apache.axis.transport.local.LocalResponder"/>
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="Authenticate" type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
+ <service name="SecHttp" provider="java:RPC" use="literal">
+  <operation name="secSend" qname="secSend" returnQName="return" returnType="xsd:string" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+   <parameter name="applicationName" type="xsd:string"/>
+  </operation>
+  <requestFlow>
+   <handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+    <!-- <parameter name="action" value="Signature"/> -->
+	<!-- <parameter name="action" value="Encrypt Signature"/> -->
+    <parameter name="action" value="Signature Encrypt"/>
+    <!-- <parameter name="action" value="Encrypt"/> -->
+    <parameter name="signaturePropFile" value="crypto.properties" />
+    <!-- <parameter name="decryptionPropFile" value="crypto.properties" /> -->
+   </handler>
+  </requestFlow>
+  <responseFlow>
+   <handler name="DoSecuritySender" type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+    <!-- <parameter name="action" value="Signature"/> -->
+	<parameter name="action" value="Encrypt Signature"/>
+    <!-- <parameter name="action" value="Signature Encrypt"/> -->
+    <!-- <parameter name="action" value="Encrypt"/> -->
+    <parameter name="signaturePropFile" value="crypto.properties" />
+    <!-- <parameter name="encryptionPropFile" value="crypto.properties" /> -->
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
+   </handler>
+  
+  </responseFlow>
+  <parameter name="allowedMethods" value="secSend"/>
+  <parameter name="wsdlPortType" value="secPort"/>
+  <parameter name="className" value="org.apache.ws.axis.samples.wssec.doall.axisSec.SecBindingImpl"/>
+  <parameter name="wsdlServicePort" value="SecHttp"/>
+  <parameter name="wsdlTargetNamespace" value="uri:axis_sec"/>
+  <parameter name="wsdlServiceElement" value="secService"/>
+ </service>
+ <service name="AdminService" provider="java:MSG">
+  <parameter name="allowedMethods" value="AdminService"/>
+  <parameter name="enableRemoteAdmin" value="false"/>
+  <parameter name="className" value="org.apache.axis.utils.Admin"/>
+  <namespace>http://xml.apache.org/axis/wsdd/</namespace>
+ </service>
+ <service name="Version" provider="java:RPC">
+  <parameter name="allowedMethods" value="getVersion"/>
+  <parameter name="className" value="org.apache.axis.Version"/>
+ </service>
+ <transport name="http">
+  <requestFlow>
+   <handler type="URLMapper"/>
+   <handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+  </requestFlow>
+  <parameter name="qs:list" value="org.apache.axis.transport.http.QSListHandler"/>
+  <parameter name="qs:wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
+  <parameter name="qs:method" value="org.apache.axis.transport.http.QSMethodHandler"/>
+ </transport>
+ <transport name="local">
+  <responseFlow>
+   <handler type="LocalResponder"/>
+  </responseFlow>
+ </transport>
+</deployment>
\ No newline at end of file
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/server_deploy.wsdd b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/server_deploy.wsdd
new file mode 100644
index 0000000..405db38
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/server_deploy.wsdd
@@ -0,0 +1,51 @@
+<!-- Use this file to deploy some handlers/chains and services      -->
+<!-- Two ways to do this:                                           -->
+<!--   java org.apache.axis.client.AdminClient deploy.wsdd          -->
+<!--      after the axis server is running                          -->
+<!-- or                                                             -->
+<!--   java org.apache.axis.utils.Admin client|server deploy.wsdd   -->
+<!--      from the same directory that the Axis engine runs         -->
+
+<deployment
+    xmlns="http://xml.apache.org/axis/wsdd/"
+    xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
+
+  <!-- Services from secService WSDL service -->
+
+  <service name="SecHttp" provider="java:RPC" style="rpc" use="literal">
+    <parameter name="wsdlTargetNamespace" value="uri:axis_sec"/>
+    <parameter name="wsdlServiceElement" value="secService"/>
+    <parameter name="wsdlServicePort" value="SecHttp"/>
+    <parameter name="className" value="org.apache.ws.axis.samples.wssec.doall.axisSec.SecBindingImpl"/>
+    <parameter name="wsdlPortType" value="secPort"/>
+    <operation name="secSend" qname="secSend" returnQName="return" returnType="rtns:string" xmlns:rtns="http://www.w3.org/2001/XMLSchema" >
+      <parameter name="applicationName" type="tns:string" xmlns:tns="http://www.w3.org/2001/XMLSchema"/>
+    </operation>
+    <parameter name="allowedMethods" value="secSend"/>
+    <requestFlow>
+      <handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+       <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+       <!-- <parameter name="action" value="Signature"/> -->
+	   <!-- <parameter name="action" value="Encrypt Signature"/> -->
+       <parameter name="action" value="Signature Encrypt"/>
+       <!-- <parameter name="action" value="Encrypt"/> -->
+       <parameter name="signaturePropFile" value="crypto.properties" />
+       <!-- <parameter name="decryptionPropFile" value="crypto.properties" /> -->
+	  </handler>
+ 	</requestFlow>
+  <responseFlow>
+   <handler name="DoSecuritySender" type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    <parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
+    <parameter name="passwordCallbackClass" value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
+    <!-- <parameter name="action" value="Signature"/> -->
+	<parameter name="action" value="Encrypt Signature"/>
+    <!-- <parameter name="action" value="Signature Encrypt"/> -->
+    <!-- <parameter name="action" value="Encrypt"/> -->
+    <parameter name="signaturePropFile" value="crypto.properties" />
+    <!-- <parameter name="encryptionPropFile" value="crypto.properties" /> -->
+    <parameter name="signatureKeyIdentifier" value="DirectReference" />
+    <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
+   </handler>
+  </responseFlow>
+  </service>
+</deployment>
diff --git a/trunk/samples/org/apache/ws/axis/samples/wssec/doall/simplelog.properties b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/simplelog.properties
new file mode 100644
index 0000000..79794d5
--- /dev/null
+++ b/trunk/samples/org/apache/ws/axis/samples/wssec/doall/simplelog.properties
@@ -0,0 +1,2 @@
+org.apache.commons.logging.simplelog.defaultlog=debug
+
diff --git a/trunk/specs/WSS-SAML-TOKEN-PROFILE-1.1-wd-04-change-bars.pdf b/trunk/specs/WSS-SAML-TOKEN-PROFILE-1.1-wd-04-change-bars.pdf
new file mode 100644
index 0000000..0567d6d
--- /dev/null
+++ b/trunk/specs/WSS-SAML-TOKEN-PROFILE-1.1-wd-04-change-bars.pdf
Binary files differ
diff --git a/trunk/specs/WSS-SAML-TOKEN-PROFILE-1.1-wd-04.pdf b/trunk/specs/WSS-SAML-TOKEN-PROFILE-1.1-wd-04.pdf
new file mode 100644
index 0000000..ef05284
--- /dev/null
+++ b/trunk/specs/WSS-SAML-TOKEN-PROFILE-1.1-wd-04.pdf
Binary files differ
diff --git a/trunk/specs/oasis-2005xx-wss-kerberos-token-profile-1.1-CD.pdf b/trunk/specs/oasis-2005xx-wss-kerberos-token-profile-1.1-CD.pdf
new file mode 100644
index 0000000..497fa04
--- /dev/null
+++ b/trunk/specs/oasis-2005xx-wss-kerberos-token-profile-1.1-CD.pdf
Binary files differ
diff --git a/trunk/specs/oasis-2005xx-wss-soap-message-security-diffedfrom10.pdf b/trunk/specs/oasis-2005xx-wss-soap-message-security-diffedfrom10.pdf
new file mode 100644
index 0000000..ed01be6
--- /dev/null
+++ b/trunk/specs/oasis-2005xx-wss-soap-message-security-diffedfrom10.pdf
Binary files differ
diff --git a/trunk/specs/oasis-2005xx-wss-username-token-profile-1.1-CD.pdf b/trunk/specs/oasis-2005xx-wss-username-token-profile-1.1-CD.pdf
new file mode 100644
index 0000000..cf1b9f9
--- /dev/null
+++ b/trunk/specs/oasis-2005xx-wss-username-token-profile-1.1-CD.pdf
Binary files differ
diff --git a/trunk/specs/oasis-2005xx-wss-username-token-profile-diffedfrom10.pdf b/trunk/specs/oasis-2005xx-wss-username-token-profile-diffedfrom10.pdf
new file mode 100644
index 0000000..0220461
--- /dev/null
+++ b/trunk/specs/oasis-2005xx-wss-username-token-profile-diffedfrom10.pdf
Binary files differ
diff --git a/trunk/specs/oasis-2005xx-wss-x509-token-profile-1.1-CD.pdf b/trunk/specs/oasis-2005xx-wss-x509-token-profile-1.1-CD.pdf
new file mode 100644
index 0000000..9b8c878
--- /dev/null
+++ b/trunk/specs/oasis-2005xx-wss-x509-token-profile-1.1-CD.pdf
Binary files differ
diff --git a/trunk/specs/oasis-2005xx-wss-x509-token-profile-diffedfrom10.pdf b/trunk/specs/oasis-2005xx-wss-x509-token-profile-diffedfrom10.pdf
new file mode 100644
index 0000000..342e8db
--- /dev/null
+++ b/trunk/specs/oasis-2005xx-wss-x509-token-profile-diffedfrom10.pdf
Binary files differ
diff --git a/trunk/specs/oasis-wss-rel-token-profile-1.1-draft02-cd.pdf b/trunk/specs/oasis-wss-rel-token-profile-1.1-draft02-cd.pdf
new file mode 100644
index 0000000..8b59a30
--- /dev/null
+++ b/trunk/specs/oasis-wss-rel-token-profile-1.1-draft02-cd.pdf
Binary files differ
diff --git a/trunk/specs/wss-11-interop-draft-01.doc b/trunk/specs/wss-11-interop-draft-01.doc
new file mode 100644
index 0000000..d186e33
--- /dev/null
+++ b/trunk/specs/wss-11-interop-draft-01.doc
Binary files differ
diff --git a/trunk/specs/wss-interop1-draft-06.pdf b/trunk/specs/wss-interop1-draft-06.pdf
new file mode 100644
index 0000000..3fe7d3d
--- /dev/null
+++ b/trunk/specs/wss-interop1-draft-06.pdf
Binary files differ
diff --git a/trunk/specs/wss-interop2-draft-06.pdf b/trunk/specs/wss-interop2-draft-06.pdf
new file mode 100644
index 0000000..875c5d4
--- /dev/null
+++ b/trunk/specs/wss-interop2-draft-06.pdf
Binary files differ
diff --git a/trunk/specs/wss-saml-interop1-draft-12.doc b/trunk/specs/wss-saml-interop1-draft-12.doc
new file mode 100644
index 0000000..40ec340
--- /dev/null
+++ b/trunk/specs/wss-saml-interop1-draft-12.doc
Binary files differ
diff --git a/trunk/specs/wss-saml2-interop-draft-v4.doc b/trunk/specs/wss-saml2-interop-draft-v4.doc
new file mode 100644
index 0000000..64573e2
--- /dev/null
+++ b/trunk/specs/wss-saml2-interop-draft-v4.doc
Binary files differ
diff --git a/trunk/specs/wss-swa-profile-1.1-draft-22.pdf b/trunk/specs/wss-swa-profile-1.1-draft-22.pdf
new file mode 100644
index 0000000..7d69679
--- /dev/null
+++ b/trunk/specs/wss-swa-profile-1.1-draft-22.pdf
Binary files differ
diff --git a/trunk/specs/wss-v1.1-spec-os-SOAPMessageSecurity.pdf b/trunk/specs/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
new file mode 100644
index 0000000..a22598c
--- /dev/null
+++ b/trunk/specs/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
Binary files differ
diff --git a/trunk/src/log4j.properties b/trunk/src/log4j.properties
new file mode 100644
index 0000000..ff934a7
--- /dev/null
+++ b/trunk/src/log4j.properties
@@ -0,0 +1,74 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=FATAL, CONSOLE
+# log4j.rootCategory=DEBUG, LOGFILE
+
+# Set the enterprise logger category to FATAL and its only appender to CONSOLE.
+# log4j.logger.org.apache.axis.enterprise=FATAL, CONSOLE
+# log4j.logger.org.apache.axis.i18n.ProjectResourceBundle=INFO
+# log4j.logger.org.apache.ws.security.TIME=DEBUG
+# log4j.logger.org.apache.ws.security.message.EnvelopeIdResolver=DEBUG
+# log4j.logger.org.apache.ws.security.message.WSEncryptBody=INFO
+# log4j.logger.org.apache.ws.security.message.WSSignEnvelope=DEBUG
+# log4j.logger.org.apache.ws.security.processor.ReferenceListProcessor=DEBUG
+# log4j.logger.org.apache.ws.axis.security.WSDoAllSender=DEBUG
+# log4j.logger.org.apache.ws.axis.security.WSDoAllReceiver=DEBUG
+# log4j.logger.org.apache.ws.security.transform.STRTransform=DEBUG
+# log4j.logger.org.apache.ws.security.WSSecurityEngine=DEBUG
+# log4j.logger.org.apache.ws.security.WSSConfig=DEBUG
+# log4j.logger.org.apache.ws.security.message.token.SecurityTokenReference=DEBUG
+# log4j.logger.org.apache.ws.security.components.crypto.Merlin=DEBUG
+# log4j.logger.org.apache.xml.security.encryption.XMLCipher=DEBUG
+# log4j.logger.org.apache.xml.security.algorithms.SignatureAlgorithm=INFO
+# log4j.logger.org.apache.xml.security.signature.XMLSignature=DEBUG
+# log4j.logger.org.apache.xml.security.Init=INFO
+# log4j.logger.org.apache.axis.encoding.ser.JAFDataHandlerDeserializerFactory=INFO
+# log4j.logger.org.apache.axis.i18n.ProjectResourceBundle=INFO
+# log4j.logger.org.apache.axis.utils.NSStack=INFO
+# log4j.logger.org.apache.axis.encoding.SerializationContextImpl=INFO
+# log4j.logger.org.apache.axis.encoding.DeserializationContextImpl=INFO
+# log4j.logger.org.apache.xml.security.signature.Reference=DEBUG
+# log4j.logger.wssec.TestWSSecurity=DEBUG
+# log4j.logger.wssec.TestWSSecurityNew=DEBUG
+# log4j.logger.wssec.TestWSSecurity1=DEBUG
+# log4j.logger.wssec.TestWSSecurity2=DEBUG
+# log4j.logger.wssec.TestWSSecurityNew2=DEBUG
+# log4j.logger.wssec.TestWSSecurity3=DEBUG
+# log4j.logger.wssec.TestWSSecurity4=DEBUG
+# log4j.logger.wssec.TestWSSecurity5=DEBUG
+# log4j.logger.wssec.TestWSSecurityNew5=DEBUG
+# log4j.logger.wssec.TestWSSecurity6=DEBUG
+# log4j.logger.wssec.TestWSSecurity7=DEBUG
+# log4j.logger.wssec.TestWSSecurity8=DEBUG
+# log4j.logger.wssec.TestWSSecurity9=DEBUG
+# log4j.logger.wssec.TestWSSecurityNew9=DEBUG
+# log4j.logger.wssec.TestWSSecurity10=DEBUG
+# log4j.logger.wssec.TestWSSecurity11=DEBUG
+# log4j.logger.wssec.TestWSSecurity12=DEBUG
+# log4j.logger.wssec.TestWSSecurity13=DEBUG
+# log4j.logger.wssec.TestWSSecurity14=DEBUG
+# log4j.logger.wssec.TestWSSecurityNew15=DEBUG
+# log4j.logger.wssec.TestWSSecurityST1=DEBUG
+# log4j.logger.wssec.TestWSSecurityNewST1=DEBUG
+# log4j.logger.wssec.TestWSSecurityST2=DEBUG
+# log4j.logger.wssec.TestWSSecurityNewST2=DEBUG
+# log4j.logger.wssec.TestWSSecurityST3=DEBUG
+# log4j.logger.wssec.TestWSSecurityNewST3=DEBUG
+# log4j.logger.wssec.TestWSSecuritySOAP12=DEBUG
+# log4j.logger.org.apache.ws.security.handler.WSS4JHandler=DEBUG
+# log4j.logger.org.apache.ws.security.handler.WSHandler=DEBUG
+log4j.logger.policy.WSSPolicyTesterAsymm=DEBUG
+log4j.logger.org.apache.ws.security.policy.parser.WSSPolicyProcessor=ERROR
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=axis.log
+log4j.appender.LOGFILE.Append=true
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
diff --git a/trunk/src/org/apache/ws/axis/security/WSDoAllReceiver.java b/trunk/src/org/apache/ws/axis/security/WSDoAllReceiver.java
new file mode 100644
index 0000000..fc7fa0e
--- /dev/null
+++ b/trunk/src/org/apache/ws/axis/security/WSDoAllReceiver.java
@@ -0,0 +1,367 @@
+/*
+* Copyright  2003-2005 The Apache Software Foundation.
+*
+*  Licensed under the Apache License, Version 2.0 (the "License");
+*  you may not use this file except in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing, software
+*  distributed under the License is distributed on an "AS IS" BASIS,
+*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+*  See the License for the specific language governing permissions and
+*  limitations under the License.
+*
+*/
+
+package org.apache.ws.axis.security;
+
+/**
+ * @author Werner Dittmann (werner@apache.org)
+ *
+ */
+
+import org.apache.axis.AxisFault;
+import org.apache.axis.Message;
+import org.apache.axis.MessageContext;
+import org.apache.axis.SOAPPart;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.axis.security.handler.WSDoAllHandler;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPHeaderElement;
+import java.io.ByteArrayOutputStream;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class WSDoAllReceiver extends WSDoAllHandler {
+
+    protected static Log log = LogFactory.getLog(WSDoAllReceiver.class.getName());
+    private static Log tlog =
+        LogFactory.getLog("org.apache.ws.security.TIME");
+
+    /**
+     * Axis calls invoke to handle a message.
+     * <p/>
+     *
+     * @param msgContext message context.
+     * @throws AxisFault
+     */
+    public void invoke(MessageContext msgContext) throws AxisFault {
+
+        boolean doDebug = log.isDebugEnabled();
+
+        if (doDebug) {
+            log.debug("WSDoAllReceiver: enter invoke() with msg type: "
+                    + msgContext.getCurrentMessage().getMessageType());
+        }
+        long t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0;
+        if (tlog.isDebugEnabled()) {
+            t0 = System.currentTimeMillis();
+        }        
+
+        RequestData reqData = new RequestData();
+        /*
+        * The overall try, just to have a finally at the end to perform some
+        * housekeeping.
+        */
+        try {
+            reqData.setMsgContext(msgContext);
+
+            Vector actions = new Vector();
+            String action = null;
+            if ((action = (String) getOption(WSHandlerConstants.ACTION)) == null) {
+                action = (String) msgContext
+                        .getProperty(WSHandlerConstants.ACTION);
+            }
+            if (action == null) {
+                throw new AxisFault("WSDoAllReceiver: No action defined");
+            }
+            int doAction = WSSecurityUtil.decodeAction(action, actions);
+
+            String actor = (String) getOption(WSHandlerConstants.ACTOR);
+
+            Message sm = msgContext.getCurrentMessage();
+            Document doc = null;
+
+            /**
+             * We did not receive anything...Usually happens when we get a
+             * HTTP 202 message (with no content)
+             */
+            if(sm == null){
+                return;
+            }
+
+            try {
+                doc = sm.getSOAPEnvelope().getAsDocument();
+                if (doDebug) {
+                    log.debug("Received SOAP request: ");
+                    log.debug(org.apache.axis.utils.XMLUtils
+                            .PrettyDocumentToString(doc));
+                }
+            } catch (Exception ex) {
+                if (doDebug) {
+                    log.debug(ex.getMessage(), ex);
+                }
+                throw new AxisFault(
+                        "WSDoAllReceiver: cannot convert into document", ex);
+            }
+            /*
+            * Check if it's a response and if its a fault. Don't process
+            * faults.
+            */
+            String msgType = sm.getMessageType();
+            if (msgType != null && msgType.equals(Message.RESPONSE)) {
+                SOAPConstants soapConstants = WSSecurityUtil
+                        .getSOAPConstants(doc.getDocumentElement());
+                if (WSSecurityUtil.findElement(doc.getDocumentElement(),
+                        "Fault", soapConstants.getEnvelopeURI()) != null) {
+                    return;
+                }
+            }
+
+            /*
+            * To check a UsernameToken or to decrypt an encrypted message we
+            * need a password.
+            */
+            CallbackHandler cbHandler = null;
+            if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
+                cbHandler = getPasswordCB(reqData);
+            }
+
+            /*
+            * Get and check the Signature specific parameters first because
+            * they may be used for encryption too.
+            */
+            doReceiverAction(doAction, reqData);
+            
+            Vector wsResult = null;
+            if (tlog.isDebugEnabled()) {
+                t1 = System.currentTimeMillis();
+            }        
+
+            try {
+                wsResult = secEngine.processSecurityHeader(doc, actor,
+                        cbHandler, reqData.getSigCrypto(), reqData.getDecCrypto());
+            } catch (WSSecurityException ex) {
+                if (doDebug) {
+                    log.debug(ex.getMessage(), ex);
+                }
+                throw new AxisFault(
+                        "WSDoAllReceiver: security processing failed", ex);
+            }
+
+            if (tlog.isDebugEnabled()) {
+                t2 = System.currentTimeMillis();
+            }        
+
+            if (wsResult == null) { // no security header found
+                if (doAction == WSConstants.NO_SECURITY) {
+                    return;
+                } else {
+                    throw new AxisFault(
+                            "WSDoAllReceiver: Request does not contain required Security header");
+                }
+            }
+
+            if (reqData.getWssConfig().isEnableSignatureConfirmation() && msgContext.getPastPivot()) {
+                checkSignatureConfirmation(reqData, wsResult);
+            }
+            /*
+            * save the processed-header flags
+            */
+            ArrayList processedHeaders = new ArrayList();
+            Iterator iterator = sm.getSOAPEnvelope().getHeaders().iterator();
+            while (iterator.hasNext()) {
+                org.apache.axis.message.SOAPHeaderElement tempHeader = (org.apache.axis.message.SOAPHeaderElement) iterator
+                        .next();
+                if (tempHeader.isProcessed()) {
+                    processedHeaders.add(tempHeader.getQName());
+                }
+            }
+
+            /*
+            * If we had some security processing, get the original SOAP part of
+            * Axis' message and replace it with new SOAP part. This new part
+            * may contain decrypted elements.
+            */
+            SOAPPart sPart = (org.apache.axis.SOAPPart) sm.getSOAPPart();
+
+            ByteArrayOutputStream os = new ByteArrayOutputStream();
+            XMLUtils.outputDOM(doc, os, true);
+            sPart.setCurrentMessage(os.toByteArray(), SOAPPart.FORM_BYTES);
+            if (doDebug) {
+                log.debug("Processed received SOAP request");
+                log.debug(org.apache.axis.utils.XMLUtils
+                        .PrettyDocumentToString(doc));
+            }
+            if (tlog.isDebugEnabled()) {
+                t3 = System.currentTimeMillis();
+            }        
+
+            /*
+            * set the original processed-header flags
+            */
+            iterator = processedHeaders.iterator();
+            while (iterator.hasNext()) {
+                QName qname = (QName) iterator.next();
+                Enumeration headersByName = sm.getSOAPEnvelope().getHeadersByName(
+                        qname.getNamespaceURI(), qname.getLocalPart());
+                while (headersByName.hasMoreElements()) {
+                    org.apache.axis.message.SOAPHeaderElement tempHeader =
+                        (org.apache.axis.message.SOAPHeaderElement) headersByName.nextElement();
+                    tempHeader.setProcessed(true);
+                }
+            }
+
+            /*
+            * After setting the new current message, probably modified because
+            * of decryption, we need to locate the security header. That is, we
+            * force Axis (with getSOAPEnvelope()) to parse the string, build
+            * the new header. Then we examine, look up the security header and
+            * set the header as processed.
+            *
+            * Please note: find all header elements that contain the same actor
+            * that was given to processSecurityHeader(). Then check if there is
+            * a security header with this actor.
+            */
+
+            SOAPHeader sHeader = null;
+            try {
+                sHeader = sm.getSOAPEnvelope().getHeader();
+            } catch (Exception ex) {
+                if (doDebug) {
+                    log.debug(ex.getMessage(), ex);
+                }
+                throw new AxisFault(
+                        "WSDoAllReceiver: cannot get SOAP header after security processing",
+                        ex);
+            }
+
+            Iterator headers = sHeader.examineHeaderElements(actor);
+
+            SOAPHeaderElement headerElement = null;
+            while (headers.hasNext()) {
+                org.apache.axis.message.SOAPHeaderElement hE = (org.apache.axis.message.SOAPHeaderElement) headers.next();
+                if (hE.getLocalName().equals(WSConstants.WSSE_LN)
+                        && hE.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+                    headerElement = hE;
+                    break;
+                }
+            }
+            ((org.apache.axis.message.SOAPHeaderElement) headerElement)
+                    .setProcessed(true);
+
+            /*
+            * Now we can check the certificate used to sign the message. In the
+            * following implementation the certificate is only trusted if
+            * either it itself or the certificate of the issuer is installed in
+            * the keystore.
+            *
+            * Note: the method verifyTrust(X509Certificate) allows custom
+            * implementations with other validation algorithms for subclasses.
+            */
+
+            // Extract the signature action result from the action vector
+            WSSecurityEngineResult actionResult = WSSecurityUtil
+                    .fetchActionResult(wsResult, WSConstants.SIGN);
+
+            if (actionResult != null) {
+                X509Certificate returnCert = actionResult.getCertificate();
+
+                if (returnCert != null) {
+                    if (!verifyTrust(returnCert, reqData)) {
+                        throw new AxisFault(
+                                "WSDoAllReceiver: The certificate used for the signature is not trusted");
+                    }
+                }
+            }
+
+            /*
+            * Perform further checks on the timestamp that was transmitted in
+            * the header. In the following implementation the timestamp is
+            * valid if it was created after (now-ttl), where ttl is set on
+            * server side, not by the client.
+            *
+            * Note: the method verifyTimestamp(Timestamp) allows custom
+            * implementations with other validation algorithms for subclasses.
+            */
+
+            // Extract the timestamp action result from the action vector
+            actionResult = WSSecurityUtil.fetchActionResult(wsResult,
+                    WSConstants.TS);
+
+            if (actionResult != null) {
+                Timestamp timestamp = actionResult.getTimestamp();
+
+                if (timestamp != null) {
+                    if (!verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
+                        throw new AxisFault(
+                                "WSDoAllReceiver: The timestamp could not be validated");
+                    }
+                }
+            }
+
+            /*
+            * now check the security actions: do they match, in right order?
+            */
+            if (!checkReceiverResults(wsResult, actions)) {
+                throw new AxisFault(
+                    "WSDoAllReceiver: security processing failed (actions mismatch)");                
+                
+            }
+            /*
+            * All ok up to this point. Now construct and setup the security
+            * result structure. The service may fetch this and check it.
+            */
+            Vector results = null;
+            if ((results = (Vector) msgContext
+                    .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+                results = new Vector();
+                msgContext
+                        .setProperty(WSHandlerConstants.RECV_RESULTS, results);
+            }
+            WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
+            results.add(0, rResult);
+            if (tlog.isDebugEnabled()) {
+                t4 = System.currentTimeMillis();
+                tlog.debug("Receive request: total= " + (t4 - t0) +
+                        " request preparation= " + (t1 - t0) +
+                        " request processing= " + (t2 - t1) +
+                        " request to Axis= " + (t3 - t2) + 
+                        " header, cert verify, timestamp= " + (t4 - t3) +
+                        "\n");                                
+            }        
+
+            if (doDebug) {
+                log.debug("WSDoAllReceiver: exit invoke()");
+            }
+        } catch (WSSecurityException e) {
+            if (doDebug) {
+                log.debug(e.getMessage(), e);
+            }
+            throw new AxisFault(e.getMessage(), e);
+        } finally {
+            reqData.clear();
+            reqData = null;
+        }
+    }
+}
diff --git a/trunk/src/org/apache/ws/axis/security/WSDoAllSender.java b/trunk/src/org/apache/ws/axis/security/WSDoAllSender.java
new file mode 100644
index 0000000..64139f2
--- /dev/null
+++ b/trunk/src/org/apache/ws/axis/security/WSDoAllSender.java
@@ -0,0 +1,229 @@
+/*
+ * Copyright  2003-2005 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.axis.security;
+
+import org.apache.axis.AxisFault;
+import org.apache.axis.Message;
+import org.apache.axis.MessageContext;
+import org.apache.axis.SOAPPart;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.axis.security.handler.WSDoAllHandler;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+
+import java.io.ByteArrayOutputStream;
+import java.io.UnsupportedEncodingException;
+import java.util.Vector;
+
+/**
+ * @author Werner Dittmann (werner@apache.org)
+ */
+public class WSDoAllSender extends WSDoAllHandler {
+
+    protected static Log log = LogFactory.getLog(WSDoAllSender.class.getName());
+    private static Log tlog =
+        LogFactory.getLog("org.apache.ws.security.TIME");
+    
+    /**
+     * Axis calls invoke to handle a message. <p/>
+     *
+     * @param mc message context.
+     * @throws AxisFault
+     */
+    public void invoke(MessageContext mc) throws AxisFault {
+
+        boolean doDebug = log.isDebugEnabled();
+        
+        long t0 = 0, t1 = 0, t2 = 0, t3 = 0;
+        if (tlog.isDebugEnabled()) {
+            t0 = System.currentTimeMillis();
+        }
+
+        if (doDebug && mc.getCurrentMessage() != null
+                && mc.getCurrentMessage().getMessageType() != null) {
+            log.debug("WSDoAllSender: enter invoke() with msg type: "
+                    + mc.getCurrentMessage().getMessageType());
+        }
+
+        RequestData reqData = new RequestData();
+
+        reqData.setMsgContext(mc);
+        /*
+         * The overall try, just to have a finally at the end to perform some
+         * housekeeping.
+         */
+        try {
+            /*
+             * Get the action first.
+             */
+            Vector actions = new Vector();
+            String action = getString(WSHandlerConstants.ACTION, mc);
+            if (action == null) {
+                throw new AxisFault("WSDoAllSender: No action defined");
+            }
+            int doAction = WSSecurityUtil.decodeAction(action, actions);
+            if (doAction == WSConstants.NO_SECURITY) {
+                return;
+            }
+
+            /*
+             * For every action we need a username, so get this now. The
+             * username defined in the deployment descriptor takes precedence.
+             */
+            reqData.setUsername((String) getOption(WSHandlerConstants.USER));
+            if (reqData.getUsername() == null || reqData.getUsername().equals("")) {
+                String username = (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.USER);
+                if (username != null) {
+                    reqData.setUsername(username);
+                } else {
+                    reqData.setUsername(((MessageContext)reqData.getMsgContext()).getUsername());
+                    ((MessageContext)reqData.getMsgContext()).setUsername(null);
+                }
+            }
+            /*
+             * Now we perform some set-up for UsernameToken and Signature
+             * functions. No need to do it for encryption only. Check if
+             * username is available and then get a passowrd.
+             */
+            if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0) {
+                /*
+                 * We need a username - if none throw an AxisFault. For
+                 * encryption there is a specific parameter to get a username.
+                 */
+                if (reqData.getUsername() == null || reqData.getUsername().equals("")) {
+                    throw new AxisFault(
+                    "WSDoAllSender: Empty username for specified action");
+                }
+            }
+            if (doDebug) {
+                log.debug("Action: " + doAction);
+                log.debug("Actor: " + reqData.getActor());
+            }
+            /*
+             * Now get the SOAP part from the request message and convert it
+             * into a Document.
+             *
+             * This forces Axis to serialize the SOAP request into FORM_STRING.
+             * This string is converted into a document.
+             *
+             * During the FORM_STRING serialization Axis performs multi-ref of
+             * complex data types (if requested), generates and inserts
+             * references for attachements and so on. The resulting Document
+             * MUST be the complete and final SOAP request as Axis would send it
+             * over the wire. Therefore this must shall be the last (or only)
+             * handler in a chain.
+             *
+             * Now we can perform our security operations on this request.
+             */
+            Document doc = null;
+            Message message = mc.getCurrentMessage();
+
+            /**
+             * There is nothing to send...Usually happens when the provider needs to
+             * send a HTTP 202 message (with no content)
+             */
+            if(message == null){
+                return;
+            }
+
+            /*
+            * If the message context property conatins a document then this is
+            * a chained handler.
+            */
+            SOAPPart sPart = (org.apache.axis.SOAPPart) message.getSOAPPart();
+            if ((doc = (Document) ((MessageContext)reqData.getMsgContext())
+                    .getProperty(WSHandlerConstants.SND_SECURITY)) == null) {
+                try {
+                    doc = ((org.apache.axis.message.SOAPEnvelope) sPart
+                            .getEnvelope()).getAsDocument();
+                } catch (Exception e) {
+                    throw new AxisFault(
+                            "WSDoAllSender: cannot get SOAP envlope from message"
+                                    + e);
+                }
+            }
+            if (tlog.isDebugEnabled()) {
+                t1 = System.currentTimeMillis();
+            }
+
+            doSenderAction(doAction, doc, reqData, actions, !mc.getPastPivot());
+            
+            if (tlog.isDebugEnabled()) {
+                t2 = System.currentTimeMillis();
+            }
+
+            /*
+             * If required convert the resulting document into a message first.
+             * The outputDOM() method performs the necessary c14n call. After
+             * that we extract it as a string for further processing.
+             *
+             * Set the resulting byte array as the new SOAP message.
+             *
+             * If noSerialization is false, this handler shall be the last (or
+             * only) one in a handler chain. If noSerialization is true, just
+             * set the processed Document in the transfer property. The next
+             * Axis WSS4J handler takes it and performs additional security
+             * processing steps.
+             *
+             */
+            if (reqData.isNoSerialization()) {
+                ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY,
+                        doc);
+            } else {
+                ByteArrayOutputStream os = new ByteArrayOutputStream();
+                XMLUtils.outputDOM(doc, os, true);
+                sPart.setCurrentMessage(os.toByteArray(), SOAPPart.FORM_BYTES);
+                if (doDebug) {
+                    String osStr = null;
+                    try {
+                        osStr = os.toString("UTF-8");
+                    } catch (UnsupportedEncodingException e) {
+                        osStr = os.toString();
+                    }
+                    log.debug("Send request:");
+                    log.debug(osStr);
+                }
+                ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY,
+                        null);
+            }
+            if (tlog.isDebugEnabled()) {
+                t3 = System.currentTimeMillis();
+                tlog.debug("Send request: total= " + (t3 - t0) +
+                        " request preparation= " + (t1 - t0) +
+                        " request processing= " + (t2 - t1) +
+                        " request to Axis= " + (t3 - t2) +
+                        "\n");                
+            }
+
+            if (doDebug) {
+                log.debug("WSDoAllSender: exit invoke()");
+            }
+        } catch (WSSecurityException e) {
+            throw new AxisFault(e.getMessage(), e);
+        } finally {
+            reqData.clear();
+            reqData = null;
+        }
+    }
+}
diff --git a/trunk/src/org/apache/ws/axis/security/handler/WSDoAllHandler.java b/trunk/src/org/apache/ws/axis/security/handler/WSDoAllHandler.java
new file mode 100644
index 0000000..d739bd1
--- /dev/null
+++ b/trunk/src/org/apache/ws/axis/security/handler/WSDoAllHandler.java
@@ -0,0 +1,200 @@
+/*
+* Copyright  2003-2004 The Apache Software Foundation.
+*
+*  Licensed under the Apache License, Version 2.0 (the "License");
+*  you may not use this file except in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing, software
+*  distributed under the License is distributed on an "AS IS" BASIS,
+*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+*  See the License for the specific language governing permissions and
+*  limitations under the License.
+*
+*/
+package org.apache.ws.axis.security.handler;
+
+import org.apache.axis.AxisFault;
+import org.apache.axis.Handler;
+import org.apache.axis.MessageContext;
+import org.apache.axis.components.logger.LogFactory;
+import org.apache.axis.utils.LockableHashtable;
+import org.apache.commons.logging.Log;
+import org.apache.ws.security.handler.WSHandler;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.List;
+
+
+/**
+ * <code>WSDoAllHandler</code> is a utility class which implements simple
+ * property setting/getting behavior, and stubs out a lot of the Handler
+ * methods.  Extend this class to make writing your Handlers easier, and
+ * then override what you need to.
+ */
+public abstract class WSDoAllHandler extends WSHandler implements Handler {
+    private static Log log =
+            LogFactory.getLog(WSDoAllHandler.class.getName());
+
+    protected boolean makeLockable = false;
+    protected Hashtable options;
+    protected String name;
+
+    /**
+     * Should this Handler use a LockableHashtable for options?
+     * Default is 'false'.
+     */
+    protected void setOptionsLockable(boolean makeLockable) {
+        this.makeLockable = makeLockable;
+    }
+
+    protected void initHashtable() {
+        if (makeLockable) {
+            options = new LockableHashtable();
+        } else {
+            options = new Hashtable();
+        }
+    }
+
+    /**
+     * Stubbed-out methods.  Override in your child class to implement
+     * any real behavior.  Note that there is NOT a stub for invoke(), since
+     * we require any Handler derivative to implement that.
+     */
+    public void init() {
+    }
+
+    public void cleanup() {
+    }
+
+    public boolean canHandleBlock(QName qname) {
+        return false;
+    }
+
+    public void onFault(MessageContext msgContext) {
+    }
+
+    /**
+     * Set the given option (name/value) in this handler's bag of options
+     */
+    public void setOption(String name, Object value) {
+        if (options == null) initHashtable();
+        options.put(name, value);
+    }
+
+    /**
+     * Set a default value for the given option:
+     * if the option is not already set, then set it.
+     * if the option is already set, then do not set it.
+     * <p/>
+     * If this is called multiple times, the first with a non-null value
+     * if 'value' will set the default, remaining calls will be ignored.
+     * <p/>
+     * Returns true if value set (by this call), otherwise false;
+     */
+    public boolean setOptionDefault(String name, Object value) {
+        boolean val = (options == null || options.get(name) == null) && value != null;
+        if (val) {
+            setOption(name, value);
+        }
+        return val;
+    }
+
+    /**
+     * Returns the option corresponding to <code>name</code>.
+     *
+     * @param name the non-null name of the option.
+     * @return the option on <code>name</code> if <code>name</code>
+     *  exists; otherwise null.
+     */
+    public Object getOption(String name) {
+        if (name == null) {
+            throw new IllegalArgumentException("name cannot be null");
+        }
+        if (options == null) {
+            return null;
+        }
+        return options.get(name);
+    }
+
+    /**
+     * Return the entire list of options
+     */
+    public Hashtable getOptions() {
+        return (options);
+    }
+
+    public void setOptions(Hashtable opts) {
+        options = opts;
+    }
+
+    /**
+     * Set the name (i.e. registry key) of this Handler
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Return the name (i.e. registry key) for this Handler
+     */
+    public String getName() {
+        return name;
+    }
+
+    public Element getDeploymentData(Document doc) {
+        log.debug("Enter: BasicHandler::getDeploymentData");
+
+        Element root = doc.createElementNS("", "handler");
+
+        root.setAttribute("class", this.getClass().getName());
+        options = this.getOptions();
+        if (options != null) {
+            Enumeration e = options.keys();
+            while (e.hasMoreElements()) {
+                String k = (String) e.nextElement();
+                Object v = options.get(k);
+                Element e1 = doc.createElementNS("", "option");
+                e1.setAttribute("name", k);
+                e1.setAttribute("value", v.toString());
+                root.appendChild(e1);
+            }
+        }
+        log.debug("Exit: WSDoAllHandler::getDeploymentData");
+        return (root);
+    }
+
+    public void generateWSDL(MessageContext msgContext) throws AxisFault {
+    }
+
+    /**
+     * Return a list of QNames which this Handler understands.  By returning
+     * a particular QName here, we are committing to fulfilling any contracts
+     * defined in the specification of the SOAP header with that QName.
+     */
+    public List getUnderstoodHeaders() {
+        return null;
+    }
+
+    public Object getProperty(Object msgContext, String key) {
+        return ((MessageContext)msgContext).getProperty(key);
+    }
+    
+    public void setProperty(Object msgContext, String key, Object value) {
+        ((MessageContext)msgContext).setProperty(key, value);
+    }
+
+    public String getPassword(Object msgContext) {
+        return ((MessageContext)msgContext).getPassword();
+    }
+
+    public void setPassword(Object msgContext, String password) {
+        ((MessageContext)msgContext).setPassword(password);
+    }
+}
diff --git a/trunk/src/org/apache/ws/axis/security/package.html b/trunk/src/org/apache/ws/axis/security/package.html
new file mode 100644
index 0000000..0fd3be2
--- /dev/null
+++ b/trunk/src/org/apache/ws/axis/security/package.html
@@ -0,0 +1,680 @@
+<!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+  -->
+<html>
+<head>
+  <title>Axis handler for WSS4J</title>
+<!--
+
+  @(#)Axis handler for WSS4J 
+
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+-->
+</head>
+<body bgcolor="white">
+
+Provides classes and interfaces that implement WSS4J Axis handlers.
+These handler process SOAP requests according to the OASIS Web Service 
+Security (WSS) specifications.
+<p/>
+The WSS4J Axis handlers <code>WSDoAllSender</code> and <code>WSDoAllReceiver
+</code> control the creation and consumption of secure SOAP requests.
+The handlers work behind the scenes and are usually transparent to Web Service
+(WS) applications. The Axis deployment descriptor files (*.wsdd) may contain all
+necessary information to control the security processing.
+<p/>
+A WS application may also set properties to control the handlers
+and provide default values. If the deployment descriptor sets the same 
+property (parameter) then the deployment descriptor overwrites the application
+defined property.  Thus, deployment settings overwrite application settings 
+to fulfill site specific requirements.
+
+<h3>Prerequisties</h3>
+The WS Security Axis handlers use the WSS4J classes (Web Service Security 
+for Java) to process the SOAP messages. WSS4J in turn uses the Apache XML Security 
+project to handle XML Security according to XML Signature and XML Encryption. 
+
+<ul>
+  <li><a href="http://ws.apache.org/ws-fx/wss4j/index.html">WSS4J</a></li>
+  <li><a href="http://xml.apache.org/security/index.html">XML Security</a></li>
+</ul>
+
+The WSS4J Axis handlers require Axis V1.2 because of some problems in previous
+Axis versions. WSS4J CVS contains the latest Axis libraries. 
+
+<h3>Related Documentation</h3>
+The OASIS WSS specifications define a number of features and it is possible 
+to combine them in several ways. The WSS4J Axis handlers already support 
+a large number of WSS features and their combinations. 
+<a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss">
+Here</a> are the WSS specifications.
+
+<h3>The basics - a simple example that uses <code>UsernameToken</code></h3>
+This chapter gives an overview and some examples how to deploy 
+the WSS4J Axis handlers and how the parameters and their values control the
+handlers. For a better understanding of this chapter the reader shall 
+have a knowledge of the OASIS WSS specifications.
+<p/>
+The {@link org.apache.ws.security.handler.WSHandlerConstants}, 
+{@link org.apache.ws.axis.security.WSDoAllSender}, and 
+{@link org.apache.ws.axis.security.WSDoAllReceiver}
+provide additional and detailed documentation.
+
+<h4>Axis deployment descriptor to insert a <code>UsernameToken</code></h4>
+The following snippet shows a general layout how to deploy a WS Axis handler
+on the client (application) side.
+<pre>
+ &lt;!-- define the service, use the WSDoAllSender security handler in request flow -->
+ &lt;service name="Ping1">
+  &lt;requestFlow>
+   &lt;handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    &lt;parameter name="action" value="UsernameToken"/>
+    &lt;parameter name="user" value="werner"/>
+    &lt;parameter name="passwordType" value="PasswordText" />
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback1"/>
+   &lt;/handler>
+  &lt;/requestFlow>
+  &lt;/service>
+</pre>
+
+This is the standard way to deploy an Axis handler. Axis parses the deployment
+descriptor and provides the parameters and their value to the handler. Each
+service can have its own request and response flow definition, which provides
+a very flexible set-up of the security parameters.
+<p/>
+The above setup inserts the most simple security structure into a SOAP request: 
+the simple <code>UsernameToken</code>. This token includes a username and the 
+according password. Both fields are sent in cleartext, thus it provides no 
+real security.
+<p/>
+
+The parameters and their meanings are:
+<ul>
+<li><code>action</code> defines the security action. The value <code>
+    UsernameToken</code> directs the handler to insert this token into
+    the SOAP request.
+</li>
+<li><code>user</code> specifies the username to include in the token.
+</li>
+<li><code>passwordType</code> is a pecific parameter for the <code>
+    UsernameToken</code> action and defines the encoding of the passowrd.
+    <code>PasswordText</code> specifies to send the password in
+    plain text, <code>PasswordDigest</code> specifies to send the
+    password in digest mode (refer to WSS UsernameToken Profile)
+</li>
+<li><code>passwordCallbackClass</code> contains the name of a class that
+    implements a method to get the user's password. Please refer to the
+    detailed documentation in 
+    {@link org.apache.ws.security.handler.WSHandlerConstants#PW_CALLBACK_CLASS}.
+    </li>
+</ul>
+The WSS4J Axis security handler interprets the parameter values and controls
+the WSS4J modules to generate the following SOAP request:
+<pre>
+&lt;?xml version="1.0" encoding="UTF-8"?>
+&lt;soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  &lt;soapenv:Header>
+    &lt;wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext" 
+      soapenv:mustUnderstand="true">
+      &lt;wsse:UsernameToken>
+        &lt;wsse:Username>werner&lt;/wsse:Username>
+        &lt;wsse:Password Type="wsse:PasswordText">security&lt;/wsse:Password>
+      &lt;/wsse:UsernameToken>
+    &lt;/wsse:Security>
+  &lt;/soapenv:Header>
+  &lt;soapenv:Body>
+    &lt;Ping xmlns="http://xmlsoap.org/Ping">
+      &lt;text>Scenario 1 text&lt;/text>
+      &lt;ticket xmlns:ns1="http://xmlsoap.org/Ping" 
+        xsi:type="ns1:ticketType">scenario1&lt;/ticket>
+    &lt;/Ping>
+  &lt;/soapenv:Body>
+&lt;/soapenv:Envelope>
+</pre>
+This is a pretty print of the real SOAP message.
+
+<h4><a name="pwCallBackClass">The password callback class</a></h4>
+
+The deployment descriptor contains the user name that the handler inserts into
+the <code>UsernameToken</code> but not the password. In general it is not a
+good idea to store sensitive information like a password in cleartext. To
+get the password the WSS4J Axis handler uses a password callback
+technique similar to the JAAS mechansim. The parameter 
+<code>passwordCallbackClass</code> contains the classname of the callback
+class. This class must implement the
+{@link javax.security.auth.callback.CallbackHandler}
+interface. The WSS4J Axis handler gets this class,
+instantiates it, and calls the <code>handle</code> method when it
+needs a password. Refer also to the 
+{@link org.apache.ws.security.handler.WSHandlerConstants#PW_CALLBACK_CLASS
+ parameter} documentation.
+ <p/>
+ The following code snippet shows a simple password callback class:
+ <pre>
+package org.apache.ws.axis.oasis;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+public class PWCallback implements CallbackHandler {
+
+  private static final byte[] key = {
+    (byte)0x31, (byte)0xfd, (byte)0xcb, (byte)0xda,
+    (byte)0xfb, (byte)0xcd, (byte)0x6b, (byte)0xa8,
+    (byte)0xe6, (byte)0x19, (byte)0xa7, (byte)0xbf,
+    (byte)0x51, (byte)0xf7, (byte)0xc7, (byte)0x3e,
+    (byte)0x80, (byte)0xae, (byte)0x98, (byte)0x51,
+    (byte)0xc8, (byte)0x51, (byte)0x34, (byte)0x04,
+  };
+	
+  public void handle(Callback[] callbacks)
+    throws IOException, UnsupportedCallbackException {
+    for (int i = 0; i &lt; callbacks.length; i++) {
+      if (callbacks[i] instanceof WSPasswordCallback) {
+        WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+        /*
+         * here call a function/method to lookup the password for
+         * the given identifier (e.g. a user name or keystore alias)
+         * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+         * for testing we supply a fixed name/fixed key here.
+         */
+        if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+          pc.setKey(key);
+        }
+        else {
+          pc.setPassword("security");
+        }
+      } else {
+        throw new UnsupportedCallbackException(
+          callbacks[i], "Unrecognized Callback");
+      }
+    }
+  }
+}
+</pre>
+The Java {@link javax.security.auth.callback.CallbackHandler callback} handler
+documentation provides a detailed description of the interface and exceptions.
+<p/>
+The WSS4J library uses a specific class to get the required password or key
+informations. The <code>WSSPasswordCallback</code> class implements the
+{@link javax.security.auth.callback.Callback} interface according to the
+JAAS. Depending on it usage this class either carries the required password
+as a Java <code>String </code> or it carries the required key information 
+as a Java <code>byte[]</code> array. Refer to
+{@link org.apache.ws.security.WSPasswordCallback} that contains a
+detailed description of the usage codes.
+<p/>
+The WSS4J Axis handler or the WSS4J modules set the usage code before
+they call <code>handle</code> method. 
+
+<h4>Application sets parameters to insert in <code>UsernameToken</code></h4>
+
+Sometimes it is not feasable or not possible to determine parameters
+and their values during deployment. In this case the application can
+set paramters during runtime. The WSS4J Axis handlers use the Axis
+<code>setProperty</code> method to support this feature.
+<p/>
+The following code snippet shows an example how to use the dynamic setting
+of parameters and their values:
+<pre>
+   ...
+ Service service = new Service();
+ Call call = (Call) service.createCall();
+   ...  
+ call.setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
+ call.setProperty(WSHandlerConstants.USER, "werner");
+   ...
+</pre>
+Use this way if your application dynamically creates a <code>call</code> 
+object. If your application uses stubs generated by Axis' <code>WSDL2Java
+</code> tool, the application uses the following functions:
+<pre>
+    ...
+ PingServiceLocator service = new PingServiceLocator();
+    ...
+ PingPort port = (PingPort) service.getPing1();
+ port._setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
+ port._setProperty(WSHandlerConstants.USER, "werner");
+    ...
+</pre>
+Please note that <code>_setProperty</code> is a Axis specific call.
+
+<h4>The password callback object reference</h4>
+
+In addition to the <a href="#pwCallBackClass">password callback class</a>
+an application may set a password callback object using the <code>
+  setProperty()</code> methods. Only applications (and Axis handlers that
+  preceed the WSS4J Axis handlers in a handler chain) can use this feature.
+  <p/>
+  For example:
+  <pre>
+public class Scenario1 implements CallbackHandler {
+
+  public static void main(String args[]) {
+    ...
+    PingServiceLocator service = new PingServiceLocator();
+    ...
+    PingPort port = (PingPort) service.getPing1();
+    ((org.apache.axis.client.Stub)port)._setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
+    ((org.apache.axis.client.Stub)port._setProperty(WSHandlerConstants.USER, "werner");
+    ((org.apache.axis.client.Stub)port._setProperty(WSHandlerConstants.PW_CALLBACK_REF, this);
+    ...
+  }
+
+  public void handle(Callback[] callbacks) {
+    ...
+  }
+}
+</pre>
+
+<h4>Deployment of the WSS4J Axis <code>WSDoAllReceiver</code> handler</h4>
+
+Similar to the deployment descriptor of the sending handler <code>WSDoAllSender
+</code> a deployment descriptor for the receiving handler exists. For the above
+example the deployment descriptor look like:
+<pre>
+  &lt;requestFlow>
+   &lt;handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="action" value="UsernameToken"/>
+   &lt;/handler>
+  &lt;/requestFlow>
+</pre>
+The receiving WSS4J Axis handler checks if the SOAP request matches the defined
+actions.
+
+<h3>Combining security actions</h3>
+
+Often it is necessary to combine or concatenate several security actions, for 
+example to encrypt parts of a message and sign some other parts. The WSS4J 
+Axis handlers provide easy and simple methods to combine or concatenate
+security actions. 
+<p/>
+This chapter describes simple combinations of actions.
+
+<h4>Combine <code>UsernameToken</code> and <code>Encryption</code></h4>
+
+The WS Interoperability specifications define this use case: 
+<ul>
+  <li>Insert a <code>UsernameToken</code>, use <code>PasswordText</code>
+    to set the password. In addition add a timestamp and a nonce into
+    the <code>UsernameToken</code></li>
+  <li>Encrypt the <code>UsernameToken</code> to protect the information.
+    </li>
+</ul>
+
+The Axis deplyment descriptor for this use case:
+<pre>
+  &lt;requestFlow>
+   &lt;handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    &lt;parameter name="action" value="UsernameToken Encrypt"/>
+    &lt;parameter name="user" value="werner"/>
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="passwordType" value="PasswordText" />
+    &lt;parameter name="addUTElement" value="Nonce Created" />
+    &lt;parameter name="encryptionPropFile" value="crypto.properties" />
+    &lt;parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" />
+    &lt;parameter name="encryptionUser" 
+      value="16c73ab6-b892-458f-abf5-2f875f74882e" />
+    &lt;parameter name="encryptionParts" 
+      value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" />  
+   &lt;/handler>
+  &lt;/requestFlow>  
+</pre>
+
+This descriptor contains some new parameters to control the <code>UsernameToken
+</code> element and its encryption. The new parameters and their meaning are:
+<ul>
+  <li><code>addUTElement</code> - controls if the handler shall insert elements
+    into the <code>UsernameToken</code>. The value is a blank separated list of
+    element names to include. Only <code>Nonce</code> and <code>Created</code> are
+    supported.</li>
+  <li><code>encryptionPropFile</code> - the name of a crypto property file. This
+    file contains parameters and property that control the encryption. Please refer
+    to the
+    {@link org.apache.ws.security.handler.WSHandlerConstants#ENC_PROP_FILE 
+    detailed} description of the cyrpto property file.</li>
+  <li><code>encryptionKeyIdentifier</code> - specifies the format in which the 
+    handler inserts the encryption key into the SOAP request. Please refer
+    to the 
+    {@link org.apache.ws.security.handler.WSHandlerConstants#ENC_KEY_ID 
+    detailed} description.</li>
+  <li><code>encryptionUser</code> - the name or identifier of the user who owns
+    the public key to encrypt the data. Usually this is the name or alias name
+    of the owner's certificate in a keystore.</li>
+  <li><code>encryptionParts</code> - controls which part or parts the handler
+    of the SOAP shall encrypt. If this parameter is not defined, WSS4J encrypts
+    the whole SOAP Body in <code>Content</code> mode. The value of the
+    parameter in this example specifies to encrypt the element <code>
+    UsernameToken</code>, contained in the namespace
+    <code>http://schemas.xmlsoap.org/ws/2002/07/secext</code>. The encryption
+    module uses the <code>Element</code> mode to encrypt the element data.
+    Please refer to the
+    {@link org.apache.ws.security.handler.WSHandlerConstants#ENCRYPTION_PARTS 
+    detailed} description.
+    </li>
+</ul>
+The matching receiver deployment descriptor:
+<pre>
+  &lt;requestFlow>
+   &lt;handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="action" value="UsernameToken Encrypt"/>
+    &lt;parameter name="decryptionPropFile" value="crypto.properties" />
+   &lt;/handler>
+  &lt;/requestFlow>
+</pre>
+The only new parameter here is the <code>decryptionPropFile</code>. This
+parameter defines the crypto property file at the receiver side. The value
+  of the <code>action</code> parameter matches the according value at the
+  sender side. The WSS4J Axis receiver checks if the SOAP request contains
+  the required security data.
+
+<h4>Combine Signature and Encryption</h4>
+
+This is a very common usage of Web Service security. The WSS4J Axis handler
+provides flexible parameter settings that support several ways to use
+the Signature/Encryption combination.
+<p/>
+A WSS4J Axis deployment descriptor for a simple Singature/Encryption of
+SOAP requests:
+<pre>
+&lt;requestFlow>
+  &lt;handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    &lt;parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="action" value="Signature Encrypt"/>
+    &lt;parameter name="signaturePropFile" value="crypto.properties" />
+  &lt;/handler>
+&lt;/requestFlow>
+</pre>
+This simple deployment descriptor signs and encrypts the SOAP Body part.
+The only new parameter, <code>signaturePropFile</code>, specifies the
+name of the signature crypto property file to use. Because no 
+<code>encryptionPropFile</code> is declared the handler also uses the signature
+property file to get the encryption certificate. The same holds true for
+the username. The password callback class must return a password
+to get the user's private key (the keystore is defined in the crypto
+property file) that WSS4J uses to generate the signature. The encryption
+method uses the user's public key to encrypt the dynamically generated
+session key.
+<p/>
+The <code>action</code> parameter defines <code>Signature Encryption</code>.
+Thus the handler first signs, then the encrypts the data.
+Because the deployment descriptor does not contain specific encryption or 
+signature part parameters, WSS4J defaults to the data of the SOAP Body element.
+<p/>
+Also all other parameters use their default setting, such as the format of the
+key identifiers, encryption modifiers, and so on. Please refer to the
+{@link org.apache.ws.security.handler.WSHandlerConstants detailed}
+documentation of the parameters.
+<p/>
+If the WSS4J Axis handler shall perform encryption only, then the
+deployment descriptor must contain the encryption specific parameters. Only
+if sign <b>and</b> encryption is required the encryption method falls back to
+the signature parameters if the encryption specific parameters are not set.
+<p/>
+The matching receiver deployment descriptor is also very simple:
+<pre>
+&lt;requestFlow>
+  &lt;handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="action" value="Signature Encrypt"/>
+    &lt;parameter name="signaturePropFile" value="crypto.properties" />
+  &lt;/handler>
+ &lt;/requestFlow>	
+</pre>
+To reverse the actions, just reverse the action specifiers. The WSS4J
+handler encrypts the SOAP Body first, then signs the encrypted data.
+
+<h3>Signing and encrypting multiple XML elements</h3>
+
+Sometimes it is necessary to sign and/or encrypt several parts of a SOAP
+message. The deployment parameters <code>signatureParts</code> and 
+<code>encryptionParts</code> control which SOAP elements to sign or
+to encrypt. Please refer to the
+{@link org.apache.ws.security.handler.WSHandlerConstants#ENCRYPTION_PARTS 
+detailed} description of these parameters.
+<p/>
+WSS4J signs or encrypts all declared parts using the same keys, that is 
+the signature or encryption data structures directly reference the 
+specified parts as described in the WSS specifications. The receiver
+automatically detects these references and verfies and decrypts the
+data parts. No special settings in the depolyment descriptor is necessary.
+
+<h3>Chaining of WSS4J Axis handlers</h3>
+
+This is a very powerful feature that supports even more flexible signature and
+encryption processing such as signatures with multiple keys (overlapping
+signatures), multiple encryption algorithms, or different SOAP actor (role)
+defintions of the security headers.
+
+<h4>Deployment at the client</h4>
+A deployment descriptor to chain handlers:
+<pre>
+  &lt;requestFlow>
+   &lt;handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    &lt;parameter name="action" value="Signature NoSerialization"/>
+    &lt;parameter name="user" value="firstUser"/>
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="signaturePropFile" value="crypto.properties" />
+    &lt;parameter name="signatureParts" value="{}{http://xmlsoap.org/Ping}ticket" />    
+   &lt;/handler>
+   &lt;handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
+    &lt;parameter name="action" value="Signature"/>
+    &lt;parameter name="user" value="anotherUser"/>
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="signaturePropFile" value="crypto.properties" />
+   &lt;/handler>  
+  &lt;/requestFlow>
+</pre>
+Note the action specifier <code>NoSerialization</code> first handler. 
+In a handler chain of WSS4J handlers every
+but the last handler <i>must</i> have this action specifier. This specifier
+surpresses the very last step of the handler's security processing: the 
+serialization of the processed SOAP request in a XML string (document) that 
+Axis sends to the reveiver. Only the last handler must perform this 
+serialization.
+<p/>
+Every handler specification can have its own set of parameters that define
+the individual values for this handler instance. Thus the deployment
+descriptor can define different crypto property files, different usernames,
+and so on. In the example the first handler signs the <code>ticket</code>
+element and the second handler the SOAP Body (default).
+<p/>
+Parameters set by the application with <code>setProperty</code> are valid for 
+<b>all</b> handler instances in the handler
+chain (<code>setProperty</code> is defined on the SOAP request (call) level).
+As already decribed, deployment settings overrule application settings. Thus it
+is possible to combine various parameter specifications. A special case is the
+definition of the username. If an application sets the username and one
+handler instance in the chain does not have a <code>user</code> parameter 
+in its deployment part, then this one handler instance uses the username set
+bey the application. After the handler copied the username from the username
+property, the handler sets the property's content to <code>null</code>. 
+Handlers that follow in the chain cannot use this username anymore and 
+must have a user (or encryption user) parameter in their deployment part.
+
+<h4>Deployment at the server</h4>
+
+Note: Handler chaining at the receiver side is not yet fully tested.
+<p/>
+Handlers at the receiver can only determine different security headers if their
+SOAP actors are different. The WSS4J handler processes each security structure
+inside one security header. Because the security structures contain most
+information to verify or decrypt the SOAP request this constraint is
+not too much of an issue.
+<p/>
+Only the password call back class and the <code>Crypto</code> implementation
+(as defined in the crypto property file) must be able to handle all possible 
+certificates, users, passwords, and keys that a security header may contain.
+The following deployment descriptor of a receiver shows this.
+<pre>
+  &lt;requestFlow>
+   &lt;handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+    &lt;parameter name="passwordCallbackClass" 
+      value="org.apache.ws.axis.oasis.PWCallback"/>
+    &lt;parameter name="action" value="Signature Signature"/>
+    &lt;parameter name="signaturePropFile" value="crypto.properties" />
+   &lt;/handler>
+  &lt;/requestFlow>
+</pre>
+The client uses two handlers in a chain, each signing a part of the SOAP 
+request but with different certificates. Because the handlers do not 
+specifiy a SOAP actor WSS4J puts both signatures in the security header
+of the default actor. 
+To match the security actions the deployment descriptor of the receiver needs 
+to contain the action declaration <code>Signature Signature</code>. This 
+instructs the WSS4J handler to accept and verify two distinct signatures 
+contained in one security header. Because the signatures use different 
+certificates the <code>Crypto</code> implementation must be able to handle
+these certificates.
+<p/>
+Similar requirements are true for the password callback implementation if the
+sender uses handler chaining and uses different encryption parameters in the
+same security header.
+<p/>
+If it is necessary to have different parameters for the distinct signature or
+decryption data then these should be put in different security headers. The 
+easiest way to do this is to define different <code>actor</code> parameters
+for each handler in a WSS4J handler chain.
+ 
+<h3>Reporting Security results to services/applications</h3>
+The WSS4J <code>WSSecurityEngine</code> processes the security elements inside
+a security header. If something goes wrong, for example a signature 
+verfication fails, then the engine throws a fault. If the security engine
+could perform all operations sucessfully it returns a data structure
+that contains the results of the performed security actions. This data
+structure holds information about the performed action, the usernames or
+identifier in case the security engine performed signature or username token
+processing. Please refer to the
+{@link org.apache.ws.security.WSSecurityEngineResult result} structure.
+<p/>
+The <code>WSDoAllReceiver</code> WSS4J handler takes this structure and
+checks if all required actions were performed. If this check fails, the
+WSS4J handler aborts the SOAP request and throws an Axis SOAP fault.
+Otherwise it creates its own data structure 
+{@link org.apache.ws.security.handler.WSHandlerResult}, copies the
+security results in this structure, and adds the actor name of the
+security header. Then it stores this new data structure in a vector and stores
+this vector in a specific 
+{@link org.apache.ws.security.handler.WSHandlerConstants#RECV_RESULTS property} 
+of the current message context. If WSS4J handlers are
+chained, then every handler in the chain adds its result to the vector. The
+vector contains the results in handler-chain order.
+<p/>
+This code snippet shows how a Axis service can access the security result
+data:
+<pre>
+    public void ping(javax.xml.rpc.holders.StringHolder text,
+        org.apache.ws.axis.oasis.ping.TicketType ticket)
+        throws java.rmi.RemoteException {
+
+        text.value = "Echo " + text.value.trim();
+		
+        // get the message context first
+        MessageContext msgContext = MessageContext.getCurrentContext();
+        Message reqMsg = msgContext.getRequestMessage();
+
+        Vector results = null;
+        // get the result Vector from the property
+        if ((results =
+            (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS))
+             == null) {
+            System.out.println("No security results!!");
+        }
+        System.out.println("Number of results: " + results.size());
+        for (int i = 0; i &lt; results.size(); i++) {
+            WSHandlerResult hResult = (WSHandlerResult)results.get(i);
+            String actor = hResult.getActor();
+            Vector hResults = hResult.getResults();
+            for (int j = 0; j < hResults.size(); j++) {
+              	WSSecurityEngineResult eResult = (WSSecurityEngineResult) hResults.get(j);
+                // Note: an encryption action does not have an associated principal
+    	        // only Signature and UsernameToken actions return a principal
+                if (eResult.getAction() != WSConstants.ENCR) {
+                    System.out.println(eResult.getPrincipal().getName());
+                }
+            }
+        }
+    }
+</pre>
+The principal structure is either a 
+{@link org.apache.ws.security.WSUsernameTokenPrincipal UsernameToken} principal 
+or a {@link java.security.Principal X509Principal}. The 
+princpals contain the names plus other information of the verified username
+token or signature certificate.
+ 
+<h3>Some hints</h3>
+
+<h4>Client</h4>
+At the client side, the WSS4J Axis handler, as all other parts of Axis, run
+in the context of the calling application. Depending on the application,
+the callback classes may perform complex operations, even do some user 
+interaction, to get the password or to access some database to get 
+certificates or keys. There are no timeouts defined at the client side 
+before the SOAP request is put on the wire.
+
+<h4>Server</h4>
+On the server side the WSS4J handler run in the same context as the other part
+of the server, usually some servlet container, such as Tomcat. Also the server
+must be able to handle many requests in a short time. Thus the password 
+callback as well as the <code>Crypto</code> implementation shall be
+as fast as possible. In general, no user interaction is possible at the
+server side to gather passwords. Also at this point of the SOAP request
+processing there are active timeouts, even if they are fairly long.
+
+<h4>Bi-directional SOAP Security</h4>
+WSS4J fully supports bi-directional SOAP security. To enable bi-directional
+support just put <code>WSDoAllSender</code> on the 
+<code>responseFlow</code> at the server and <code>WSDoAllReceiver</code>
+at the response flow of the client thus reversing the roles. Similar to
+the above hints, the server side part (now <code>WSDoAllSender</code>)
+runs in the server context and <code>WSDoAllReceiver</code>
+runs in the application (client) context. There are no Axis timeout
+constraints on the client side after Axis received the response 
+and handed it over to the WSS4J handler.
+
+<h4>Handler chaining</h4>
+Usually WSS4J handlers are chained without any other handler between them in
+the chain. It is, however, possible to do so. In this case the intermediate
+handler <b>must not</b> modify the SOAP Envelope that is contained in the
+Axis message. This could (most probably will) invalidate or destroy any 
+security actions done sofar. Such an intermediate handler may set some 
+properties that may influence the processing of the following WSS4J handler, 
+such as setting a new username, password callback class, and so on.
+
+<!-- Put @see and @since tags down here. -->
+@since WSS4J 1.0
+</body>
+</html>
diff --git a/trunk/src/org/apache/ws/security/CustomTokenPrincipal.java b/trunk/src/org/apache/ws/security/CustomTokenPrincipal.java
new file mode 100644
index 0000000..5901dec
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/CustomTokenPrincipal.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.security;
+
+import org.w3c.dom.Element;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+public class CustomTokenPrincipal implements Principal, Serializable {
+
+
+    private Element tokenElement;
+    private String name;
+    private Object tokenObject;
+    
+    public Object getTokenObject() {
+        return tokenObject;
+    }
+
+    public void setTokenObject(Object tokenObject) {
+        this.tokenObject = tokenObject;
+    }
+
+    public CustomTokenPrincipal(String name) {
+        this.name = name;
+    }
+    
+    public String getName() {
+        return this.name;
+    }
+
+    public Element getTokenElement() {
+        return tokenElement;
+    }
+
+    public void setTokenElement(Element tokenElement) {
+        this.tokenElement = tokenElement;
+    }
+
+}
diff --git a/trunk/src/org/apache/ws/security/SOAP11Constants.java b/trunk/src/org/apache/ws/security/SOAP11Constants.java
new file mode 100644
index 0000000..0650365
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/SOAP11Constants.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.security;
+
+import javax.xml.namespace.QName;
+
+/**
+ * SOAP 1.1 constants
+ *
+ * @author Glen Daniels (gdaniels@apache.org)
+ * @author Andras Avar (andras.avar@nokia.com)
+ */
+public class SOAP11Constants implements SOAPConstants {
+    private static QName headerQName = new QName(WSConstants.URI_SOAP11_ENV,
+            WSConstants.ELEM_HEADER);
+    private static QName bodyQName = new QName(WSConstants.URI_SOAP11_ENV,
+            WSConstants.ELEM_BODY);
+    private static QName roleQName = new QName(WSConstants.URI_SOAP11_ENV,
+            WSConstants.ATTR_ACTOR);
+
+    public String getEnvelopeURI() {
+        return WSConstants.URI_SOAP11_ENV;
+    }
+
+    public QName getHeaderQName() {
+        return headerQName;
+    }
+
+    public QName getBodyQName() {
+        return bodyQName;
+    }
+
+    /**
+     * Obtain the QName for the role attribute (actor/role)
+     */
+    public QName getRoleAttributeQName() {
+        return roleQName;
+    }
+
+    /**
+     * Obtain the "next" role/actor URI
+     */
+    public String getNextRoleURI() {
+        return WSConstants.URI_SOAP11_NEXT_ACTOR;
+    }
+
+    /**
+     * Obtain the MustUnderstand string
+     */
+    public String getMustUnderstand() {
+        return "1";
+    }
+    
+    /**
+     * Obtain the MustUnderstand string
+     * @deprecated use getMustUnderstand() instead
+     */
+    public String getMustunderstand() {
+        return getMustUnderstand();
+    }
+
+}
diff --git a/trunk/src/org/apache/ws/security/SOAP12Constants.java b/trunk/src/org/apache/ws/security/SOAP12Constants.java
new file mode 100644
index 0000000..d589d28
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/SOAP12Constants.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.security;
+
+import javax.xml.namespace.QName;
+
+/**
+ * SOAP 1.2 constants
+ *
+ * @author Glen Daniels (gdaniels@apache.org)
+ * @author Andras Avar (andras.avar@nokia.com)
+ */
+public class SOAP12Constants implements SOAPConstants {
+    private static QName headerQName = new QName(WSConstants.URI_SOAP12_ENV,
+            WSConstants.ELEM_HEADER);
+    private static QName bodyQName = new QName(WSConstants.URI_SOAP12_ENV,
+            WSConstants.ELEM_BODY);
+    private static QName roleQName = new QName(WSConstants.URI_SOAP12_ENV,
+            WSConstants.ATTR_ROLE);
+    
+    // Public constants for SOAP 1.2
+    
+    /**
+     * MessageContext property name for webmethod
+     */
+    public static final String PROP_WEBMETHOD = "soap12.webmethod";
+
+    public String getEnvelopeURI() {
+        return WSConstants.URI_SOAP12_ENV;
+    }
+
+    public QName getHeaderQName() {
+        return headerQName;
+    }
+
+    public QName getBodyQName() {
+        return bodyQName;
+    }
+
+    /**
+     * Obtain the QName for the role attribute (actor/role)
+     */
+    public QName getRoleAttributeQName() {
+        return roleQName;
+    }
+
+    /**
+     * Obtain the "next" role/actor URI
+     */
+    public String getNextRoleURI() {
+        return WSConstants.URI_SOAP12_NEXT_ROLE;
+    }
+
+    /**
+     * Obtain the MustUnderstand string
+     */
+    public String getMustUnderstand() {
+        return "true";
+    }
+    
+    /**
+     * Obtain the MustUnderstand string
+     * @deprecated use getMustUnderstand() instead
+     */
+    public String getMustunderstand() {
+        return getMustUnderstand();
+    }
+
+}
diff --git a/trunk/src/org/apache/ws/security/SOAPConstants.java b/trunk/src/org/apache/ws/security/SOAPConstants.java
new file mode 100644
index 0000000..bf1a0d4
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/SOAPConstants.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.security;
+
+import javax.xml.namespace.QName;
+import java.io.Serializable;
+
+/**
+ * An interface definining SOAP constants.  This allows various parts of the
+ * engine to avoid hardcoding dependence on a particular SOAP version and its
+ * associated URIs, etc.
+ * <p/>
+ * This might be fleshed out later to encapsulate factories for behavioral
+ * objects which act differently depending on the SOAP version, but for now
+ * it just supplies common namespaces + QNames.
+ *
+ * @author Glen Daniels (gdaniels@apache.org)
+ * @author Andras Avar (andras.avar@nokia.com)
+ */
+public interface SOAPConstants extends Serializable {
+    /**
+     * SOAP 1.1 constants - thread-safe and shared
+     */
+    public SOAP11Constants SOAP11_CONSTANTS = new SOAP11Constants();
+    /**
+     * SOAP 1.2 constants - thread-safe and shared
+     */
+    public SOAP12Constants SOAP12_CONSTANTS = new SOAP12Constants();
+
+    /**
+     * Obtain the envelope namespace for this version of SOAP
+     */
+    public String getEnvelopeURI();
+
+    /**
+     * Obtain the QName for the Header element
+     */
+    public QName getHeaderQName();
+
+    /**
+     * Obtain the QName for the Body element
+     */
+    public QName getBodyQName();
+
+    /**
+     * Obtain the QName for the role attribute (actor/role)
+     */
+    public QName getRoleAttributeQName();
+
+    /**
+     * Obtain the "next" role/actor URI
+     */
+    public String getNextRoleURI();
+
+    /**
+     * Obtain the "next" role/actor URI
+     */
+    public String getMustUnderstand();
+    
+    /**
+     * Obtain the "next" role/actor URI
+     * @deprecated use getMustUnderstand() instead
+     */
+    public String getMustunderstand();
+    
+    
+
+}
diff --git a/trunk/src/org/apache/ws/security/WSConstants.java b/trunk/src/org/apache/ws/security/WSConstants.java
new file mode 100644
index 0000000..eccaa9c
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/WSConstants.java
@@ -0,0 +1,490 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.security;
+
+import javax.xml.namespace.QName;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.EncryptionConstants;
+
+/**
+ * Constants in WS-Security spec.
+ */
+public class WSConstants {
+    /*
+     * All the various string and keywords required.
+     * 
+     * At first the WSS namespaces as per WSS specifications
+     */
+    public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+    public static final String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+    public static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+    
+    /*
+     * The base UIRs for the various profiles.
+     */
+    public static final String SOAPMESSAGE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";
+    public static final String SOAPMESSAGE_NS11 = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1";
+    public static final String USERNAMETOKEN_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
+    public static final String X509TOKEN_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";
+    public static final String SAMLTOKEN_NS = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";
+    /*
+     * The Element name (local name) of the security header
+     */
+    public static final String WSSE_LN = "Security";
+
+    /*
+     * The Thumbprint relative URI string (without #)
+     * Combine it with SOAPMESSAGE_NS11, #, to get the full URL
+     */
+    public static final String THUMBPRINT ="ThumbprintSHA1";
+    
+    /*
+     * The SAMLAssertionID relative URI string (without #)
+     */
+    public static final String SAML_ASSERTION_ID = "SAMLAssertionID";
+    
+    /*
+     * The EncryptedKeyToken value type URI used in wsse:Reference 
+     */
+    public static final String ENC_KEY_VALUE_TYPE = "EncryptedKey";
+    
+    /*
+     * The relative URI to be used for encrypted key SHA1 (Without #)
+     * Combine it with SOAPMESSAGE_NS11, #, to get the full URL
+     */
+    public static final String ENC_KEY_SHA1_URI = "EncryptedKeySHA1";
+    
+    /*
+     * The namespace prefixes used. We uses the same prefix convention
+     * as shown in the specifications
+     */
+    public static final String WSSE_PREFIX = "wsse";
+    public static final String WSSE11_PREFIX = "wsse11";
+    public static final String WSU_PREFIX = "wsu";
+    
+    /*
+     * Now the namespaces, local names, and prefixes of XML-SIG and XML-ENC
+     */
+    public static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+    public static final String SIG_PREFIX = "ds";
+    public static final String SIG_LN = "Signature";
+    public static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+    public static final String ENC_PREFIX = "xenc";
+    public static final String ENC_KEY_LN = "EncryptedKey";
+    public static final String ENC_DATA_LN = "EncryptedData";
+    public static final String REF_LIST_LN = "ReferenceList";
+
+    /*
+     * The standard namesace definitions
+     */
+    public static final String XMLNS_NS = "http://www.w3.org/2000/xmlns/";
+    public static final String XML_NS = "http://www.w3.org/XML/1998/namespace";
+    
+    /*
+     * The local names and attribute names used by WSS
+     */
+    public static final String USERNAME_TOKEN_LN = "UsernameToken";
+    public static final String BINARY_TOKEN_LN = "BinarySecurityToken";
+    public static final String TIMESTAMP_TOKEN_LN = "Timestamp";
+    public static final String USERNAME_LN = "Username";
+    public static final String PASSWORD_LN = "Password";
+    public static final String PASSWORD_TYPE_ATTR = "Type";
+    public static final String NONCE_LN = "Nonce";
+    public static final String CREATED_LN = "Created";
+    public static final String EXPIRES_LN = "Expires";
+    public static final String SIGNATURE_CONFIRMATION_LN = "SignatureConfirmation"; 
+    public static final String SALT_LN = "Salt";
+    public static final String ITERATION_LN = "Iteration";
+    
+    /*
+     * The definitions for SAML
+     */
+    public static final String SAML_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
+    public static final String SAMLP_NS = "urn:oasis:names:tc:SAML:1.0:protocol";
+    public static final String ASSERTION_LN = "Assertion";
+    public static final String WSS_SAML_NS = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#";
+    public static final String WSS_SAML_ASSERTION = "SAMLAssertion-1.1";
+
+    //
+    // SOAP-ENV Namespaces
+    //
+    public static final String URI_SOAP11_ENV =
+            "http://schemas.xmlsoap.org/soap/envelope/";
+    public static final String URI_SOAP12_ENV =
+            "http://www.w3.org/2003/05/soap-envelope";
+
+    public static final String[] URIS_SOAP_ENV = {
+        URI_SOAP11_ENV,
+        URI_SOAP12_ENV,
+    };
+
+    // Misc SOAP Namespaces / URIs
+    public static final String URI_SOAP11_NEXT_ACTOR =
+            "http://schemas.xmlsoap.org/soap/actor/next";
+    public static final String URI_SOAP12_NEXT_ROLE =
+            "http://www.w3.org/2003/05/soap-envelope/role/next";
+    public static final String URI_SOAP12_NONE_ROLE =
+            "http://www.w3.org/2003/05/soap-envelope/role/none";
+    public static final String URI_SOAP12_ULTIMATE_ROLE =
+            "http://www.w3.org/2003/05/soap-envelope/role/ultimateReceiver";
+
+    public static final String ELEM_ENVELOPE = "Envelope";
+    public static final String ELEM_HEADER = "Header";
+    public static final String ELEM_BODY = "Body";
+
+    public static final String ATTR_MUST_UNDERSTAND = "mustUnderstand";
+    public static final String ATTR_ACTOR = "actor";
+    public static final String ATTR_ROLE = "role";
+
+    public static final String NULL_NS = "Null";
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSSAddUsernameToken#build(Document, String, String) UserNameToken}
+     * method to use a password digest to send the password information
+     * <p/>
+     * This is a required method as defined by WS Specification, Username token profile.
+     */
+    public static final String PW_DIGEST = "PasswordDigest";
+    /*
+     * The password type URI used in the username token 
+     */
+    public static final String PASSWORD_DIGEST = USERNAMETOKEN_NS + "#PasswordDigest";
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSSAddUsernameToken#build(Document, String, String) UserNameToken}
+     * method to send the password in clear
+     * <p/>
+     * This is a required method as defined by WS Specification, Username token profile.
+     */
+    public static final String PW_TEXT = "PasswordText";
+    /*
+     * The password type URI used in the username token 
+     */
+    public static final String PASSWORD_TEXT = USERNAMETOKEN_NS + "#PasswordText";
+    
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSSAddUsernameToken#build(Document, String, String) UserNameToken}
+     * method to send _no_ password related information. 
+     * <p/>
+     * This is a required method as defined by WS Specification, Username token profile as passwords are optional.
+     * Also see the WS-I documentation for scenario's using this feature in a trust environment.
+     */ 
+    public static final String PW_NONE = "PasswordNone";
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to encrypt the symmetric data encryption key with the RSA algoritm.
+     * <p/>
+     * This is a required method as defined by XML encryption.
+     */
+    public static final String KEYTRANSPORT_RSA15 = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to encrypt the symmetric data encryption key with the RSA algoritm.
+     * <p/>
+     * This is a required method as defined by XML encryption.
+     * <p/>
+     * NOTE: This algorithm is not yet supported by WSS4J
+     */
+    public static final String KEYTRANSPORT_RSAOEP = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to use triple DES as the symmetric algorithm to encrypt data.
+     * <p/>
+     * This is a required method as defined by XML encryption.
+     * The String to use in WSDD file (in accordance to w3c specifications:
+     * <br/>
+     * http://www.w3.org/2001/04/xmlenc#tripledes-cbc
+     */
+    public static final String TRIPLE_DES = EncryptionConstants.ALGO_ID_BLOCKCIPHER_TRIPLEDES;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to use AES with 128 bit key as the symmetric algorithm to encrypt data.
+     * <p/>
+     * This is a required method as defined by XML encryption.
+     * The String to use in WSDD file (in accordance to w3c specifications:
+     * <br/>
+     * http://www.w3.org/2001/04/xmlenc#aes128-cbc
+     */
+    public static final String AES_128 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to use AES with 256 bit key as the symmetric algorithm to encrypt data.
+     * <p/>
+     * This is a required method as defined by XML encryption.
+     * The String to use in WSDD file (in accordance to w3c specifications:
+     * <br/>
+     * http://www.w3.org/2001/04/xmlenc#aes256-cbc
+     */
+    public static final String AES_256 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to use AES with 192 bit key as the symmetric algorithm to encrypt data.
+     * <p/>
+     * This is a optional method as defined by XML encryption.
+     * The String to use in WSDD file (in accordance to w3c specifications:
+     * <br/>
+     * http://www.w3.org/2001/04/xmlenc#aes192-cbc
+     */
+    public static final String AES_192 = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signature}
+     * method to use DSA with SHA1 (DSS) to sign data.
+     * <p/>
+     * This is a required method as defined by XML signature.
+     */
+    public static final String DSA = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signature}
+     * method to use RSA with SHA to sign data.
+     * <p/>
+     * This is a recommended method as defined by XML signature.
+     */
+    public static final String RSA = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
+
+    public static final String C14N_OMIT_COMMENTS = Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS;
+    public static final String C14N_WITH_COMMENTS = Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS;
+    public static final String C14N_EXCL_OMIT_COMMENTS = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
+    public static final String C14N_EXCL_WITH_COMMENTS = Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signing}
+     * method to send the signing certificate as a
+     * <code>BinarySecurityToken</code>.
+     * <p/>
+     * The signing method takes the signing certificate, converts it to a
+     * <code>BinarySecurityToken</code>, puts it in the security header,
+     * and inserts a <code>Reference</code> to the binary security token
+     * into the <code>wsse:SecurityReferenceToken</code>. Thus the whole
+     * signing certificate is transfered to the receiver.
+     * The X509 profile recommends to use {@link #ISSUER_SERIAL} instead
+     * of sending the whole certificate.
+     * <p/>
+     * Please refer to WS Security specification X509 profile, chapter 3.3.2
+     * and to WS Security specification, chapter 7.2
+     * <p/>
+     * Note: only local refernces to BinarySecurityToken are supported
+     */
+    public static final int BST_DIRECT_REFERENCE = 1;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto) signing}
+     * or the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to send the issuer name and the serial number of a
+     * certificate to the receiver.
+     * <p/>
+     * In contrast to {@link #BST_DIRECT_REFERENCE} only the issuer name
+     * and the serial number of the signiung certificate are sent to the
+     * receiver. This reduces the amount of data being sent. The encryption
+     * method uses the public key associated with this certificate to encrypt
+     * the symmetric key used to encrypt data.
+     * <p/>
+     * Please refer to WS Security specification X509 profile, chapter 3.3.3
+     */
+    public static final int ISSUER_SERIAL = 2;
+
+    /**
+     * Sets the {@link org.apache.ws.security.message.WSEncryptBody#build(Document, Crypto) encryption}
+     * method to send the certificate used to encrypt the symmetric key.
+     * <p/>
+     * The encryption method uses the public key associated with this certificate
+     * to encrypr the symmetric key used to encrypt data. The certificate is
+     * converted into a <code>KeyIdentfier</code> token and sent to the receiver.
+     * Thus the complete certificate data is transfered to receiver.
+     * The X509 profile recommends to use {@link #ISSUER_SERIAL} instead
+     * of sending the whole certificate.
+     * <p/>
+     * <p/>
+     * Please refer to WS Security specification X509 profile, chapter 7.3
+     */
+    public static final int X509_KEY_IDENTIFIER = 3;
+    /**
+     * Sets the
+     * {@link org.apache.ws.security.message.WSSignEnvelope#build(Document, Crypto)
+     * signing}
+     * method to send a <code>SubjectKeyIdentifier</code> to identify
+     * the signing certificate.
+     * <p/>
+     * Refer to WS Security specification X509 profile, chapter 3.3.1
+     * This identification token is not yet fully tested by WSS4J. The
+     * WsDoAllSender does not include the X.509 certificate as
+     * <code>BinarySecurityToken</code> in the request message.
+     */
+    public static final int SKI_KEY_IDENTIFIER = 4;
+
+    /**
+     * Embeds a keyinfo/key name into the EncryptedData element.
+     * <p/>
+     * Refer to WS Security specification X509 profile
+     */
+    public static final int EMBEDDED_KEYNAME = 5;
+    /**
+     * Embeds a keyinfo/wsse:SecurityTokenReference into EncryptedData element.
+     */
+    public static final int EMBED_SECURITY_TOKEN_REF = 6;
+    
+    /**
+     * <code>UT_SIGNING</code> is used internally only to set a specific Signature
+     * behavior.
+     * 
+     * The signing token is constructed from values in the UsernameToken according
+     * to WS-Trust specification.
+     */
+    public static final int UT_SIGNING = 7;
+    
+    /**
+     * <code>THUMPRINT_IDENTIFIER</code> is used to set the specific key identifier
+     * ThumbprintSHA1.
+     * 
+     * This identifier uses the SHA-1 digest of a security token to
+     * identify the security token. Please refer to chapter 7.2 of the OASIS WSS 1.1
+     * specification.
+     * 
+     */
+    public static final int THUMBPRINT_IDENTIFIER = 8;
+    
+    /**
+     * <code>CUSTOM_SYMM_SIGNING</code> is used internally only to set a 
+     * specific Signature behavior.
+     * 
+     * The signing key, reference id and value type are set externally. 
+     */
+    public static final int CUSTOM_SYMM_SIGNING = 9;
+    
+    /**
+     * <code>ENCRYPTED_KEY_SHA1_IDENTIFIER</code> is used to set the specific key identifier
+     * ThumbprintSHA1.
+     * 
+     * This identifier uses the SHA-1 digest of a security token to
+     * identify the security token. Please refer to chapter 7.3 of the OASIS WSS 1.1
+     * specification.
+     * 
+     */
+    public static final int ENCRYPTED_KEY_SHA1_IDENTIFIER = 10;
+    
+    
+    public static final String ENCRYPTED_HEADER = "EncryptedHeader";
+
+    /*
+     * The following values are bits that can be combined to for a set.
+     * Be careful when selecting new values.
+     */
+    public static final int NO_SECURITY = 0;
+    public static final int UT = 0x1; // perform UsernameToken
+    public static final int SIGN = 0x2; // Perform Signature
+    public static final int ENCR = 0x4; // Perform Encryption
+
+    /*
+     * Attention: the signed/Unsigned types identify if WSS4J uses
+     * the SAML token for signature, signature key or not. It does
+     * not mean if the token contains an enveloped signature.
+     */
+    public static final int ST_UNSIGNED = 0x8; // perform SAMLToken unsigned
+    public static final int ST_SIGNED = 0x10; // perform SAMLToken signed
+
+    public static final int TS = 0x20; // insert Timestamp
+    public static final int UT_SIGN = 0x40; // perform sinagture with UT secrect key
+    public static final int SC = 0x80;      // this is a SignatureConfirmation
+
+    public static final int NO_SERIALIZE = 0x100;
+    public static final int SERIALIZE = 0x200;
+    public static final int SCT = 0x400; //SecurityContextToken
+    public static final int DKT = 0x800; //DerivedKeyToken
+    public static final int BST = 0x1000; //BinarySecurityToken
+
+    /**
+     * Length of UsernameToken derived key used by .NET WSE to sign a message.
+     */
+    public static final int WSE_DERIVED_KEY_LEN = 16;
+    public static final String LABEL_FOR_DERIVED_KEY = "WS-Security";
+    
+    /**
+     * WS-Trust namespace
+     */
+    public static final String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+    
+    public final static String WSC_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+    
+    //
+    // Fault codes defined in the WSS 1.1 spec under section 12, Error handling
+    //
+    
+    /**
+     * An unsupported token was provided
+     */
+    public static final QName UNSUPPORTED_SECURITY_TOKEN = new QName(WSSE_NS, "UnsupportedSecurityToken");
+    
+    /**
+     * An unsupported signature or encryption algorithm was used
+     */
+    public static final QName UNSUPPORTED_ALGORITHM  = new QName(WSSE_NS, "UnsupportedAlgorithm");
+    
+    /**
+     * An error was discovered processing the <Security> header
+     */
+    public static final QName INVALID_SECURITY = new QName (WSSE_NS, "InvalidSecurity");
+    
+    /**
+     * An invalid security token was provided
+     */
+    public static final QName INVALID_SECURITY_TOKEN = new QName (WSSE_NS, "InvalidSecurityToken");
+    
+    /**
+     * The security token could not be authenticated or authorized
+     */
+    public static final QName FAILED_AUTHENTICATION = new QName (WSSE_NS, "FailedAuthentication");
+    
+    /**
+     * The signature or decryption was invalid
+     */
+    public static final QName FAILED_CHECK = new QName (WSSE_NS, "FailedCheck");
+    
+    /** 
+     * Referenced security token could not be retrieved
+     */
+    public static final QName SECURITY_TOKEN_UNAVAILABLE = new QName (WSSE_NS, "SecurityTokenUnavailable");
+    
+    /** 
+     * The message has expired
+     */
+    public static final QName MESSAGE_EXPIRED = new QName (WSSE_NS, "MessageExpired");
+    
+    /**
+     * Header type in <code>org.apache.ws.security.WSEncryptionPart</code>
+     */
+    public static final int PART_TYPE_HEADER = 1;
+    
+    /**
+     * Body type in <code>org.apache.ws.security.WSEncryptionPart</code>
+     */
+    public static final int PART_TYPE_BODY = 2;
+    
+    /**
+     * Element type in <code>org.apache.ws.security.WSEncryptionPart</code>
+     */
+    public static final int PART_TYPE_ELEMENT = 3;
+    
+}
diff --git a/trunk/src/org/apache/ws/security/WSDataRef.java b/trunk/src/org/apache/ws/security/WSDataRef.java
new file mode 100644
index 0000000..cd103fe
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/WSDataRef.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.security;
+
+/**
+ * WSDataRef stores information about decrypted elements
+ * 
+ * When a processor decrypts an elements it stores information 
+ * about that element in a WSDataRef so these information can 
+ * be used for validation stages 
+ * 
+ */
+
+import javax.xml.namespace.QName;
+
+public class WSDataRef {
+    
+    /**
+     * reference by which the Encrypted Data was referred 
+     */
+    private String dataref;
+    
+    /**
+     * wsu:Id of the decrypted element (if present)
+     */
+    private String wsuId;
+    
+    /**
+     * QName of the decrypted element
+     */
+    private QName name;
+    
+    
+    /**
+     * @param dataref reference by which the Encrypted Data was referred 
+     */
+    public WSDataRef(String dataref) {
+        this.dataref = dataref;
+    }
+    
+    /**
+     * @param dataref reference by which the Encrypted Data was referred 
+     * @param wsuId Id of the decrypted element (if present)
+     */
+    public WSDataRef(String dataref, String wsuId) {
+        this.dataref = dataref;
+        this.wsuId = wsuId;
+    }
+    
+    /**
+     * @param dataref reference by which the Encrypted Data was referred 
+     * @param wsuId Id of the decrypted element (if present)
+     * @param name QName of the decrypted element
+     */
+    public WSDataRef(String dataref, String wsuId, QName name) {
+        this.dataref = dataref;
+        this.wsuId = wsuId;
+        this.name = name;
+    }
+
+    /**
+     * @return the data reference 
+     */
+    public String getDataref() {
+        return dataref;
+    }
+
+    /**
+     * @param dataref reference by which the Encrypted Data was referred 
+     */
+    public void setDataref(String dataref) {
+        this.dataref = dataref;
+    }
+
+    /**
+     * @return Id of the decrypted element (if present)
+     */
+    public String getWsuId() {
+        return wsuId;
+    }
+
+    /**
+     * @param wsuId Id of the decrypted element (if present)
+     */
+    public void setWsuId(String wsuId) {
+        this.wsuId = wsuId;
+    }
+
+    /**
+     * @return QName of the decrypted element
+     */
+    public QName getName() {
+        return name;
+    }
+
+    /**
+     * @param name QName of the decrypted element
+     */
+    public void setName(QName name) {
+        this.name = name;
+    }
+
+}
diff --git a/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java b/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java
new file mode 100644
index 0000000..6d5cf68
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/WSDerivedKeyTokenPrincipal.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+package org.apache.ws.security;
+
+import java.security.Principal;
+
+/**
+ * This class implements the <code>Principal</code> interface and
+ * represents a <code>DerivedKeyToken</code>.
+ * The principal's name will be the <code>wsu:Id</code> valud of the 
+ * <code>DerivedKeyToken</code>
+ * 
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class WSDerivedKeyTokenPrincipal implements Principal {
+
+    private String id;
+    private String nonce;
+    private String label;
+    private int length;
+    private int offset;
+    private String basetokenId;
+    
+    public String getLabel() {
+        return label;
+    }
+
+    public void setLabel(String label) {
+        this.label = label;
+    }
+
+    public int getLength() {
+        return length;
+    }
+
+    public void setLength(int length) {
+        this.length = length;
+    }
+
+    public int getOffset() {
+        return offset;
+    }
+
+    public void setOffset(int offset) {
+        this.offset = offset;
+    }
+
+    public String getNonce() {
+        return nonce;
+    }
+
+    public WSDerivedKeyTokenPrincipal(String id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return id;
+    }
+    
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
+
+    public String getBasetokenId() {
+        return basetokenId;
+    }
+
+    public void setBasetokenId(String basetokenId) {
+        this.basetokenId = basetokenId;
+    }
+
+}
diff --git a/trunk/src/org/apache/ws/security/WSDocInfo.java b/trunk/src/org/apache/ws/security/WSDocInfo.java
new file mode 100644
index 0000000..49d6941
--- /dev/null
+++ b/trunk/src/org/apache/ws/security/WSDocInfo.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright  2003-2004 The Apache Software Foundation.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.apache.ws.security;
+
+/**
+ * WSDocInfo holds information about the document to process. Together
+ * with the WSDocInfoStore it provides a method to store and access document
+ * information about BinarySecurityToken, used Crypto, and others.
+ * </p>
+ * Using the Document's hash a caller can identify a document and get
+ * the stored information that me be necessary to process the document.
+ * The main usage for this is (are) the transformation functions that
+ * are called during Signature/Verification process. 
+ * 
+ * @author Werner Dittmann (Werner.Dittmann@siemens.com)
+ *
+ */
+
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.processor.Processor;
+import org.w3c.dom.Element;
+
+import java.util.Enumeration;
+import java.util.Vector;
+
+public class WSDocInfo {
+    int hash;
+    Crypto crypto = null;
+    Vector bst = null;
+    Element assertion = null;
+    Vector processors = null;
+