soap 0.20.0 → 0.24.0

package/lib/security/ClientSSLSecurity.js

@@ -1,65 +1,82 @@
-'use strict';
-
-var fs = require('fs')
-  , https = require('https')
-  , _ = require('lodash');
-
-/**
- * activates SSL for an already existing client
- *
- * @module ClientSSLSecurity
- * @param {Buffer|String}   key
- * @param {Buffer|String}   cert
- * @param {Buffer|String|Array}   [ca]
- * @param {Object}          [defaults]
- * @constructor
- */
-function ClientSSLSecurity(key, cert, ca, defaults) {
-  if (key) {
-    if(Buffer.isBuffer(key)) {
-      this.key = key;
-    } else if (typeof key === 'string') {
-      this.key = fs.readFileSync(key);
-    } else {
-      throw new Error('key should be a buffer or a string!');
-    }
-  }
-
-  if (cert) {
-    if(Buffer.isBuffer(cert)) {
-      this.cert = cert;
-    } else if (typeof cert === 'string') {
-      this.cert = fs.readFileSync(cert);
-    } else {
-      throw new Error('cert should be a buffer or a string!');
-    }
-  }
-
-  if (ca) {
-    if(Buffer.isBuffer(ca) || Array.isArray(ca)) {
-      this.ca = ca;
-    } else if (typeof ca === 'string') {
-      this.ca = fs.readFileSync(ca);
-    } else {
-      defaults = ca;
-      this.ca = null;
-    }
-  }
-
-  this.defaults = {};
-  _.merge(this.defaults, defaults);
-}
-
-ClientSSLSecurity.prototype.toXML = function(headers) {
-  return '';
-};
-
-ClientSSLSecurity.prototype.addOptions = function(options) {
-  options.key = this.key;
-  options.cert = this.cert;
-  options.ca = this.ca;
-  _.merge(options, this.defaults);
-  options.agent = new https.Agent(options);
-};
-
-module.exports = ClientSSLSecurity;
+'use strict';
+
+var fs = require('fs')
+  , https = require('https')
+  , _ = require('lodash');
+
+/**
+ * activates SSL for an already existing client
+ *
+ * @module ClientSSLSecurity
+ * @param {Buffer|String}   key
+ * @param {Buffer|String}   cert
+ * @param {Buffer|String|Array}   [ca]
+ * @param {Object}          [defaults]
+ * @constructor
+ */
+function ClientSSLSecurity(key, cert, ca, defaults) {
+  if (key) {
+    if(Buffer.isBuffer(key)) {
+      this.key = key;
+    } else if (typeof key === 'string') {
+      this.key = fs.readFileSync(key);
+    } else {
+      throw new Error('key should be a buffer or a string!');
+    }
+  }
+
+  if (cert) {
+    if(Buffer.isBuffer(cert)) {
+      this.cert = cert;
+    } else if (typeof cert === 'string') {
+      this.cert = fs.readFileSync(cert);
+    } else {
+      throw new Error('cert should be a buffer or a string!');
+    }
+  }
+
+  if (ca) {
+    if(Buffer.isBuffer(ca) || Array.isArray(ca)) {
+      this.ca = ca;
+    } else if (typeof ca === 'string') {
+      this.ca = fs.readFileSync(ca);
+    } else {
+      defaults = ca;
+      this.ca = null;
+    }
+  }
+
+  this.defaults = {};
+  _.merge(this.defaults, defaults);
+
+  this.agent = null;
+}
+
+ClientSSLSecurity.prototype.toXML = function(headers) {
+  return '';
+};
+
+ClientSSLSecurity.prototype.addOptions = function(options) {
+  var httpsAgent = null;
+
+  options.key = this.key;
+  options.cert = this.cert;
+  options.ca = this.ca;
+  _.merge(options, this.defaults);
+
+  if (!!options.forever) {
+    if (!this.agent) {
+      options.keepAlive = true;
+
+      this.agent = new https.Agent(options);
+    }
+
+    httpsAgent = this.agent;
+  } else {
+    httpsAgent = new https.Agent(options);
+  }
+
+  options.agent = httpsAgent;
+};
+
+module.exports = ClientSSLSecurity;

package/lib/security/ClientSSLSecurityPFX.js

@@ -1,51 +1,51 @@
-'use strict';
-
-var fs = require('fs')
-  , https = require('https')
-  , _ = require('lodash');
-
-/**
- * activates SSL for an already existing client using a PFX cert
- *
- * @module ClientSSLSecurityPFX
- * @param {Buffer|String}   pfx
- * @param {String}   passphrase
- * @constructor
- */
-function ClientSSLSecurityPFX(pfx, passphrase, defaults) {
-  if (typeof passphrase === 'object') {
-    defaults = passphrase;
-  }
-  if (pfx) {
-    if (Buffer.isBuffer(pfx)) {
-      this.pfx = pfx;
-    } else if (typeof pfx === 'string') {
-      this.pfx = fs.readFileSync(pfx);
-    } else {
-      throw new Error('supplied pfx file should be a buffer or a file location');
-    }
-  }
-
-  if (passphrase) {
-    if (typeof passphrase === 'string') {
-      this.passphrase = passphrase;
-    }
-  }
-  this.defaults = {};
-  _.merge(this.defaults, defaults);
-}
-
-ClientSSLSecurityPFX.prototype.toXML = function(headers) {
-  return '';
-};
-
-ClientSSLSecurityPFX.prototype.addOptions = function(options) {
-  options.pfx = this.pfx;
-  if (this.passphrase) {
-    options.passphrase = this.passphrase;
-  }
-  _.merge(options, this.defaults);
-  options.agent = new https.Agent(options);
-};
-
-module.exports = ClientSSLSecurityPFX;
+'use strict';
+
+var fs = require('fs')
+  , https = require('https')
+  , _ = require('lodash');
+
+/**
+ * activates SSL for an already existing client using a PFX cert
+ *
+ * @module ClientSSLSecurityPFX
+ * @param {Buffer|String}   pfx
+ * @param {String}   passphrase
+ * @constructor
+ */
+function ClientSSLSecurityPFX(pfx, passphrase, defaults) {
+  if (typeof passphrase === 'object') {
+    defaults = passphrase;
+  }
+  if (pfx) {
+    if (Buffer.isBuffer(pfx)) {
+      this.pfx = pfx;
+    } else if (typeof pfx === 'string') {
+      this.pfx = fs.readFileSync(pfx);
+    } else {
+      throw new Error('supplied pfx file should be a buffer or a file location');
+    }
+  }
+
+  if (passphrase) {
+    if (typeof passphrase === 'string') {
+      this.passphrase = passphrase;
+    }
+  }
+  this.defaults = {};
+  _.merge(this.defaults, defaults);
+}
+
+ClientSSLSecurityPFX.prototype.toXML = function(headers) {
+  return '';
+};
+
+ClientSSLSecurityPFX.prototype.addOptions = function(options) {
+  options.pfx = this.pfx;
+  if (this.passphrase) {
+    options.passphrase = this.passphrase;
+  }
+  _.merge(options, this.defaults);
+  options.agent = new https.Agent(options);
+};
+
+module.exports = ClientSSLSecurityPFX;

package/lib/security/WSSecurity.js

@@ -1,90 +1,90 @@
-"use strict";
-
-var crypto = require('crypto');
-var passwordDigest = require('../utils').passwordDigest;
-var validPasswordTypes = ['PasswordDigest', 'PasswordText'];
-
-function WSSecurity(username, password, options) {
-  options = options || {};
-  this._username = username;
-  this._password = password;
-  //must account for backward compatibility for passwordType String param as well as object options defaults: passwordType = 'PasswordText', hasTimeStamp = true   
-  if (typeof options === 'string') {
-    this._passwordType = options ? options : 'PasswordText';
-    options = {};
-  } else {
-    this._passwordType = options.passwordType ? options.passwordType : 'PasswordText';
-  }
-
-  if (validPasswordTypes.indexOf(this._passwordType) === -1) {
-    this._passwordType = 'PasswordText';
-  }
-
-  this._hasTimeStamp = options.hasTimeStamp || typeof options.hasTimeStamp === 'boolean' ? !!options.hasTimeStamp : true;
-  /*jshint eqnull:true */
-  if (options.hasNonce != null) {
-    this._hasNonce = !!options.hasNonce;
-  }
-  this._hasTokenCreated = options.hasTokenCreated || typeof options.hasTokenCreated === 'boolean' ? !!options.hasTokenCreated : true;
-  if (options.actor != null) {
-    this._actor = options.actor;
-  }
-  if (options.mustUnderstand != null) {
-    this._mustUnderstand = !!options.mustUnderstand;
-  }
-}
-
-WSSecurity.prototype.toXML = function() {
-  // avoid dependency on date formatting libraries
-  function getDate(d) {
-    function pad(n) {
-      return n < 10 ? '0' + n : n;
-    }
-    return d.getUTCFullYear() + '-'
-      + pad(d.getUTCMonth() + 1) + '-'
-      + pad(d.getUTCDate()) + 'T'
-      + pad(d.getUTCHours()) + ':'
-      + pad(d.getUTCMinutes()) + ':'
-      + pad(d.getUTCSeconds()) + 'Z';
-  }
-  var now = new Date();
-  var created = getDate(now);
-  var timeStampXml = '';
-  if (this._hasTimeStamp) {
-    var expires = getDate( new Date(now.getTime() + (1000 * 600)) );
-    timeStampXml = "<wsu:Timestamp wsu:Id=\"Timestamp-"+created+"\">" +
-      "<wsu:Created>"+created+"</wsu:Created>" +
-      "<wsu:Expires>"+expires+"</wsu:Expires>" +
-      "</wsu:Timestamp>";
-  }
-
-  var password, nonce;
-  if (this._hasNonce || this._passwordType !== 'PasswordText') {
-    // nonce = base64 ( sha1 ( created + random ) )
-    var nHash = crypto.createHash('sha1');
-    nHash.update(created + Math.random());
-    nonce = nHash.digest('base64');
-  }
-  if (this._passwordType === 'PasswordText') {
-    password = "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" + this._password + "</wsse:Password>";
-    if (nonce) {
-      password += "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</wsse:Nonce>";
-    }
-  } else {
-    password = "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">" + passwordDigest(nonce, created, this._password) + "</wsse:Password>" +
-      "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</wsse:Nonce>";
-  }
-
-  return "<wsse:Security " + (this._actor ? "soap:actor=\"" + this._actor + "\" " : "") +
-    (this._mustUnderstand ? "soap:mustUnderstand=\"1\" " : "") +
-    "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
-    timeStampXml +
-    "<wsse:UsernameToken xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" wsu:Id=\"SecurityToken-" + created + "\">" +
-    "<wsse:Username>" + this._username + "</wsse:Username>" +
-    password +
-    (this._hasTokenCreated ? "<wsu:Created>" + created + "</wsu:Created>" : "") +
-    "</wsse:UsernameToken>" +
-    "</wsse:Security>";
-};
-
-module.exports = WSSecurity;
+"use strict";
+
+var crypto = require('crypto');
+var passwordDigest = require('../utils').passwordDigest;
+var validPasswordTypes = ['PasswordDigest', 'PasswordText'];
+
+function WSSecurity(username, password, options) {
+  options = options || {};
+  this._username = username;
+  this._password = password;
+  //must account for backward compatibility for passwordType String param as well as object options defaults: passwordType = 'PasswordText', hasTimeStamp = true   
+  if (typeof options === 'string') {
+    this._passwordType = options ? options : 'PasswordText';
+    options = {};
+  } else {
+    this._passwordType = options.passwordType ? options.passwordType : 'PasswordText';
+  }
+
+  if (validPasswordTypes.indexOf(this._passwordType) === -1) {
+    this._passwordType = 'PasswordText';
+  }
+
+  this._hasTimeStamp = options.hasTimeStamp || typeof options.hasTimeStamp === 'boolean' ? !!options.hasTimeStamp : true;
+  /*jshint eqnull:true */
+  if (options.hasNonce != null) {
+    this._hasNonce = !!options.hasNonce;
+  }
+  this._hasTokenCreated = options.hasTokenCreated || typeof options.hasTokenCreated === 'boolean' ? !!options.hasTokenCreated : true;
+  if (options.actor != null) {
+    this._actor = options.actor;
+  }
+  if (options.mustUnderstand != null) {
+    this._mustUnderstand = !!options.mustUnderstand;
+  }
+}
+
+WSSecurity.prototype.toXML = function() {
+  // avoid dependency on date formatting libraries
+  function getDate(d) {
+    function pad(n) {
+      return n < 10 ? '0' + n : n;
+    }
+    return d.getUTCFullYear() + '-'
+      + pad(d.getUTCMonth() + 1) + '-'
+      + pad(d.getUTCDate()) + 'T'
+      + pad(d.getUTCHours()) + ':'
+      + pad(d.getUTCMinutes()) + ':'
+      + pad(d.getUTCSeconds()) + 'Z';
+  }
+  var now = new Date();
+  var created = getDate(now);
+  var timeStampXml = '';
+  if (this._hasTimeStamp) {
+    var expires = getDate( new Date(now.getTime() + (1000 * 600)) );
+    timeStampXml = "<wsu:Timestamp wsu:Id=\"Timestamp-"+created+"\">" +
+      "<wsu:Created>"+created+"</wsu:Created>" +
+      "<wsu:Expires>"+expires+"</wsu:Expires>" +
+      "</wsu:Timestamp>";
+  }
+
+  var password, nonce;
+  if (this._hasNonce || this._passwordType !== 'PasswordText') {
+    // nonce = base64 ( sha1 ( created + random ) )
+    var nHash = crypto.createHash('sha1');
+    nHash.update(created + Math.random());
+    nonce = nHash.digest('base64');
+  }
+  if (this._passwordType === 'PasswordText') {
+    password = "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" + this._password + "</wsse:Password>";
+    if (nonce) {
+      password += "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</wsse:Nonce>";
+    }
+  } else {
+    password = "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">" + passwordDigest(nonce, created, this._password) + "</wsse:Password>" +
+      "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</wsse:Nonce>";
+  }
+
+  return "<wsse:Security " + (this._actor ? "soap:actor=\"" + this._actor + "\" " : "") +
+    (this._mustUnderstand ? "soap:mustUnderstand=\"1\" " : "") +
+    "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
+    timeStampXml +
+    "<wsse:UsernameToken xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" wsu:Id=\"SecurityToken-" + created + "\">" +
+    "<wsse:Username>" + this._username + "</wsse:Username>" +
+    password +
+    (this._hasTokenCreated ? "<wsu:Created>" + created + "</wsu:Created>" : "") +
+    "</wsse:UsernameToken>" +
+    "</wsse:Security>";
+};
+
+module.exports = WSSecurity;

package/lib/security/WSSecurityCert.js

@@ -1,78 +1,78 @@
-"use strict";
-
-var fs = require('fs');
-var path = require('path');
-var ejs = require('ejs');
-var SignedXml = require('xml-crypto').SignedXml;
-var uuid = require('uuid');
-var wsseSecurityHeaderTemplate = ejs.compile(fs.readFileSync(path.join(__dirname, 'templates', 'wsse-security-header.ejs')).toString());
-var wsseSecurityTokenTemplate = ejs.compile(fs.readFileSync(path.join(__dirname, 'templates', 'wsse-security-token.ejs')).toString());
-
-function addMinutes(date, minutes) {
-  return new Date(date.getTime() + minutes * 60000);
-}
-
-function dateStringForSOAP(date) {
-  return date.getUTCFullYear() + '-' + ('0' + (date.getUTCMonth() + 1)).slice(-2) + '-' +
-    ('0' + date.getUTCDate()).slice(-2) + 'T' + ('0' + date.getUTCHours()).slice(-2) + ":" +
-    ('0' + date.getUTCMinutes()).slice(-2) + ":" + ('0' + date.getUTCSeconds()).slice(-2) + "Z";
-}
-
-function generateCreated() {
-  return dateStringForSOAP(new Date());
-}
-
-function generateExpires() {
-  return dateStringForSOAP(addMinutes(new Date(), 10));
-}
-
-function insertStr(src, dst, pos) {
-  return [dst.slice(0, pos), src, dst.slice(pos)].join('');
-}
-
-function generateId() {
-  return uuid.v4().replace(/-/gm, '');
-}
-
-function WSSecurityCert(privatePEM, publicP12PEM, password) {
-  this.publicP12PEM = publicP12PEM.toString().replace('-----BEGIN CERTIFICATE-----', '').replace('-----END CERTIFICATE-----', '').replace(/(\r\n|\n|\r)/gm, '');
-
-  this.signer = new SignedXml();
-  this.signer.signingKey = {
-    key: privatePEM,
-    passphrase: password
-  };
-  this.x509Id = "x509-" + generateId();
-
-  var _this = this;
-  this.signer.keyInfoProvider = {};
-  this.signer.keyInfoProvider.getKeyInfo = function (key) {
-    return wsseSecurityTokenTemplate({ x509Id: _this.x509Id });
-  };
-}
-
-WSSecurityCert.prototype.postProcess = function (xml, envelopeKey) {
-  this.created = generateCreated();
-  this.expires = generateExpires();
-
-  var secHeader = wsseSecurityHeaderTemplate({
-    binaryToken: this.publicP12PEM,
-    created: this.created,
-    expires: this.expires,
-    id: this.x509Id
-  });
-
-  var xmlWithSec = insertStr(secHeader, xml, xml.indexOf('</soap:Header>'));
-
-  var references = ["http://www.w3.org/2000/09/xmldsig#enveloped-signature",
-    "http://www.w3.org/2001/10/xml-exc-c14n#"];
-
-  this.signer.addReference("//*[name(.)='" + envelopeKey + ":Body']", references);
-  this.signer.addReference("//*[name(.)='wsse:Security']/*[local-name(.)='Timestamp']", references);
-
-  this.signer.computeSignature(xmlWithSec);
-
-  return insertStr(this.signer.getSignatureXml(), xmlWithSec, xmlWithSec.indexOf('</wsse:Security>'));
-};
-
-module.exports = WSSecurityCert;
+"use strict";
+
+var fs = require('fs');
+var path = require('path');
+var ejs = require('ejs');
+var SignedXml = require('xml-crypto').SignedXml;
+var uuid4 = require('uuid/v4');
+var wsseSecurityHeaderTemplate = ejs.compile(fs.readFileSync(path.join(__dirname, 'templates', 'wsse-security-header.ejs')).toString());
+var wsseSecurityTokenTemplate = ejs.compile(fs.readFileSync(path.join(__dirname, 'templates', 'wsse-security-token.ejs')).toString());
+
+function addMinutes(date, minutes) {
+  return new Date(date.getTime() + minutes * 60000);
+}
+
+function dateStringForSOAP(date) {
+  return date.getUTCFullYear() + '-' + ('0' + (date.getUTCMonth() + 1)).slice(-2) + '-' +
+    ('0' + date.getUTCDate()).slice(-2) + 'T' + ('0' + date.getUTCHours()).slice(-2) + ":" +
+    ('0' + date.getUTCMinutes()).slice(-2) + ":" + ('0' + date.getUTCSeconds()).slice(-2) + "Z";
+}
+
+function generateCreated() {
+  return dateStringForSOAP(new Date());
+}
+
+function generateExpires() {
+  return dateStringForSOAP(addMinutes(new Date(), 10));
+}
+
+function insertStr(src, dst, pos) {
+  return [dst.slice(0, pos), src, dst.slice(pos)].join('');
+}
+
+function generateId() {
+  return uuid4().replace(/-/gm, '');
+}
+
+function WSSecurityCert(privatePEM, publicP12PEM, password) {
+  this.publicP12PEM = publicP12PEM.toString().replace('-----BEGIN CERTIFICATE-----', '').replace('-----END CERTIFICATE-----', '').replace(/(\r\n|\n|\r)/gm, '');
+
+  this.signer = new SignedXml();
+  this.signer.signingKey = {
+    key: privatePEM,
+    passphrase: password
+  };
+  this.x509Id = "x509-" + generateId();
+
+  var _this = this;
+  this.signer.keyInfoProvider = {};
+  this.signer.keyInfoProvider.getKeyInfo = function (key) {
+    return wsseSecurityTokenTemplate({ x509Id: _this.x509Id });
+  };
+}
+
+WSSecurityCert.prototype.postProcess = function (xml, envelopeKey) {
+  this.created = generateCreated();
+  this.expires = generateExpires();
+
+  var secHeader = wsseSecurityHeaderTemplate({
+    binaryToken: this.publicP12PEM,
+    created: this.created,
+    expires: this.expires,
+    id: this.x509Id
+  });
+
+  var xmlWithSec = insertStr(secHeader, xml, xml.indexOf('</soap:Header>'));
+
+  var references = ["http://www.w3.org/2000/09/xmldsig#enveloped-signature",
+    "http://www.w3.org/2001/10/xml-exc-c14n#"];
+
+  this.signer.addReference("//*[name(.)='" + envelopeKey + ":Body']", references);
+  this.signer.addReference("//*[name(.)='wsse:Security']/*[local-name(.)='Timestamp']", references);
+
+  this.signer.computeSignature(xmlWithSec);
+
+  return insertStr(this.signer.getSignatureXml(), xmlWithSec, xmlWithSec.indexOf('</wsse:Security>'));
+};
+
+module.exports = WSSecurityCert;

package/lib/security/index.js

@@ -1,10 +1,10 @@
-"use strict";
-
-module.exports = {
-  BasicAuthSecurity: require('./BasicAuthSecurity')
-, ClientSSLSecurity: require('./ClientSSLSecurity')
-, ClientSSLSecurityPFX: require('./ClientSSLSecurityPFX')
-, WSSecurity: require('./WSSecurity')
-, BearerSecurity: require('./BearerSecurity')
-, WSSecurityCert: require('./WSSecurityCert')
-};
+"use strict";
+
+module.exports = {
+  BasicAuthSecurity: require('./BasicAuthSecurity')
+, ClientSSLSecurity: require('./ClientSSLSecurity')
+, ClientSSLSecurityPFX: require('./ClientSSLSecurityPFX')
+, WSSecurity: require('./WSSecurity')
+, BearerSecurity: require('./BearerSecurity')
+, WSSecurityCert: require('./WSSecurityCert')
+};

package/lib/security/templates/wsse-security-header.ejs

@@ -1,12 +1,12 @@
-<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
-               xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-               soap:mustUnderstand="1">
- 	<wsse:BinarySecurityToken   
-               EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
-               ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
-               wsu:Id="<%-id%>"><%-binaryToken%></wsse:BinarySecurityToken>
-    <Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="_1"> 
-    	<Created><%-created%></Created>
-    	<Expires><%-expires%></Expires>
-    </Timestamp>
-</wsse:Security>
+<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+               xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+               soap:mustUnderstand="1">
+ 	<wsse:BinarySecurityToken   
+               EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
+               ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
+               wsu:Id="<%-id%>"><%-binaryToken%></wsse:BinarySecurityToken>
+    <Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="_1"> 
+    	<Created><%-created%></Created>
+    	<Expires><%-expires%></Expires>
+    </Timestamp>
+</wsse:Security>

package/lib/security/templates/wsse-security-token.ejs

@@ -1,3 +1,3 @@
-<wsse:SecurityTokenReference>
-    <wsse:Reference URI="#<%-x509Id%>" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
-</wsse:SecurityTokenReference>
+<wsse:SecurityTokenReference>
+    <wsse:Reference URI="#<%-x509Id%>" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
+</wsse:SecurityTokenReference>