` will list the entityIDs of SPs which do not
+explicitly list the AES128-CBC algorithm. We expect only SPs that already list algorithms
+which aren't AES128-CBC will show up here.
diff --git a/tests/manual/ukf-meta-243/idp.xml b/tests/manual/ukf-meta-243/idp.xml
new file mode 100644
index 00000000..02bc00e2
--- /dev/null
+++ b/tests/manual/ukf-meta-243/idp.xml
@@ -0,0 +1,83 @@
+
+
+
+
+
+
+
+ MIIDXDCCAkSgAwIBAgIVAKMdq76ICtGOUPeE1oS5vZ2/J8pjMA0GCSqGSIb3DQEB
+ CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
+ MTYwNjAyMTYyNzU4WhcNMzYwNjAyMTYyNzU4WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
+ cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEAp6PVhKcs4wDoMuVSWn73E2L+WgZipw4rAIluvgvdu97zpbjjerbL1OWL
+ Px3BNz6tP+IU8ivXDY8sDDTeGOquxW5E3JZKOvTkPTd+V0dFpX1ogb342w/UMgwd
+ n4wMjLtZQvdJbWhtdxRFdd4YTv2ooeFWmr2Nc1qrBS9As1HdZnD0CvP0R1gxjAij
+ Vu6/Kg4rJcVjOGka3dGKqdCwUfFm0KuEp8GrHkyTdQ1qDwa181FdlNA5qW6djLlj
+ xGuLI9gKOzt1EgCi4RKsRgHEn3RMRx29TMusOAwQTMz/w0PX7B4LnoYxO/Z+njwX
+ GVtc/Vpr9paIBgXn3Dv16DmfmpDt5QIDAQABo38wfTAdBgNVHQ4EFgQUea1/62BW
+ cTima/4+VczPTQQPZjQwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
+ Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
+ cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQA0JLH2MA22gwQMdsK1mI+g
+ Jr2CYIEts7ry3oi6SyD8tTFCmypTKzvKz2s0bOpHvYyTbEDVs9ffCrJUVdvVwHF0
+ sX4YsnJuOKQLr5Sl3YZPvPg7AsOMW+Tn+JL5l2Xnvfz77Ki3FiS4rQH32REFGccl
+ Gs7fJunyxZzB3Jvv9Cly5vfdKGJfyCviDSMWX5W1slUkg1fWUsppZy9Ifiygb+Au
+ IaP69qz6dqVwZJldG3Wn/x5WpI1x7Meax2Wa9bIbqWXCeNfhrhAnL//dbKPfA0EB
+ AlxhhLIxWxf/Um12z22EJyuH3EYWyTlVaGlOcHzg2r1Mn/1LNXpBMVhOPZouksPx
+
+
+
+
+
+
+
+
+ MIIDWzCCAkOgAwIBAgIUOMCC6dkddEwkgPACu9HJ3SaiMjkwDQYJKoZIhvcNAQEL
+ BQAwJzElMCMGA1UEAwwcdGVzdC1pZHAudWtmZWRlcmF0aW9uLm9yZy51azAeFw0x
+ NjA2MDIxNjI3NTZaFw0zNjA2MDIxNjI3NTZaMCcxJTAjBgNVBAMMHHRlc3QtaWRw
+ LnVrZmVkZXJhdGlvbi5vcmcudWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+ AoIBAQCYrePj+6qI0agRWDNXr2N0pvxdBA9fzXUiNkFPv1syUcY40LGtYUvyEyrn
+ VZ9OkvLswTYArvOGwHGGseKy1lDxt/O37hcXTTd6bAg6nIqdD08Y044pMpXfms2n
+ BwUHq/sGUUyIVV+xP00lfyFxwQNRI9D0L4W8OSx0vMoPM4hp+gsZrzTklUgjhRU/
+ 5n5XGSseS9tb60wz4URx306HxuEkZpF7pWhJRAgfeyone9vYMAotXBfxrvssuyYw
+ rabGvfWRIJiXXmLjm2hllAF2Tj25xlzjAwDhLbvKjZZa5afx3EYMYSf53uOGYJG/
+ zGebYZpvKZB+bLjNwaA41LzeskMdAgMBAAGjfzB9MB0GA1UdDgQWBBQUUMcdr4uu
+ bY7bn88mdk67e20UDzBcBgNVHREEVTBTghx0ZXN0LWlkcC51a2ZlZGVyYXRpb24u
+ b3JnLnVrhjNodHRwczovL3Rlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWsvaWRw
+ L3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAJMjdRtSlf9IYMIUqvGQxn/v
+ u8CixcHcimK2WBp/Dv4lAphOTzmF+zF7cB2CMalAcgJnoP4BJNq/7bwDOHDFbpbN
+ cKh4FWRzURChBbZ2Xa1C2vrm0+oPQl8WsChxQgqUPDTleg2k3/PEi2dDymJlu8Cg
+ 0kqWwQ1G0tal6B0lDf+3PKdwdp5LAnB8TUFCTrfuI5DiHOce8r5+AjfkhJsSYu39
+ NpJGsdn/IzQE4RsAFbz1UEb1sz9+vtTFMvC2mr82TcYWC3PDqyHpvqCHAwQqAzQW
+ thDEbFnZ8ckGnGLfkn+Lqt8/A3D85vsoQvvYZ+6UOKzBnl2SeVyGcFykoSoZcGA=
+
+
+
+
+
+
+
+
+ MIIDXDCCAkSgAwIBAgIVAN/3uTodbwagOO8HxJ/wK9pD9F6DMA0GCSqGSIb3DQEB
+ CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
+ MTYwNjAyMTYyNzU3WhcNMzYwNjAyMTYyNzU3WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
+ cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEAl5mKiHP7qGWRM2IkPvh5RuVJaOJkBRFhDdX1FInSYtyPRDxQ6Fl9g5Pt
+ 3C65HA9YVMjhijph50DZJRAroyU17WdaSfTUrqK7LqdVk7rVHRekJIH+J3hh/UVq
+ 2Q0N1tlyBOblR6DA4na3kNYwTZh+jYrp6cbNqyqcvtFLCezDOkNnLbXxSK6vqqJN
+ dRTLUoN6PmRlj5DBZNpOkSGdI32WIhNczUHkBZzHVRlvfF4uQKH+0ASYWpI+WJGs
+ Mrdg1eSkQkKLYo/6LmLj/L4kiJzWEC1V1pod1r54wgMsfFRPeoLC1kYU3Q8OFgX8
+ WdUodwaRtFrpmURBEQgMK1uDLGJhkwIDAQABo38wfTAdBgNVHQ4EFgQUdsJMwfkG
+ pPHTByrcDXj2+cm+G2AwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
+ Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
+ cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQBOVDjHi2Mrj3nDb/pTZ9Lz
+ /OizJNEZ+uklJbX//W9Jr1VE2NND96R/D2T/lvR/rKbXh0HJl7VYLRHkPJPQ6X+T
+ 7TzZW9MKhX6nLzhXdtOZb4AEQn0mpOtZSfpY9eUc13xRw1jGl6y09WVnO/IP/0HX
+ U7uWTDt0jgAC4VR3hpFOevxU3nXu5XLtgBcnASeoeJbNfAr+MhrHCt4nAYFmf/+S
+ MLg/0bPQDCVJ0j4yvSCCFkrWeFEkzqQ2QF/VFSA47VfRDALiMzTpFFgTxyj1p4T7
+ Ycbh0vb/OVKx+DN9cvlWlzf2e2JXGg8/gP7hpwVV6ndskANQ67NUOZ5jXWsK5GnD
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/idp.xml.out b/tests/manual/ukf-meta-243/idp.xml.out
new file mode 100644
index 00000000..02bc00e2
--- /dev/null
+++ b/tests/manual/ukf-meta-243/idp.xml.out
@@ -0,0 +1,83 @@
+
+
+
+
+
+
+
+ MIIDXDCCAkSgAwIBAgIVAKMdq76ICtGOUPeE1oS5vZ2/J8pjMA0GCSqGSIb3DQEB
+ CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
+ MTYwNjAyMTYyNzU4WhcNMzYwNjAyMTYyNzU4WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
+ cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEAp6PVhKcs4wDoMuVSWn73E2L+WgZipw4rAIluvgvdu97zpbjjerbL1OWL
+ Px3BNz6tP+IU8ivXDY8sDDTeGOquxW5E3JZKOvTkPTd+V0dFpX1ogb342w/UMgwd
+ n4wMjLtZQvdJbWhtdxRFdd4YTv2ooeFWmr2Nc1qrBS9As1HdZnD0CvP0R1gxjAij
+ Vu6/Kg4rJcVjOGka3dGKqdCwUfFm0KuEp8GrHkyTdQ1qDwa181FdlNA5qW6djLlj
+ xGuLI9gKOzt1EgCi4RKsRgHEn3RMRx29TMusOAwQTMz/w0PX7B4LnoYxO/Z+njwX
+ GVtc/Vpr9paIBgXn3Dv16DmfmpDt5QIDAQABo38wfTAdBgNVHQ4EFgQUea1/62BW
+ cTima/4+VczPTQQPZjQwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
+ Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
+ cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQA0JLH2MA22gwQMdsK1mI+g
+ Jr2CYIEts7ry3oi6SyD8tTFCmypTKzvKz2s0bOpHvYyTbEDVs9ffCrJUVdvVwHF0
+ sX4YsnJuOKQLr5Sl3YZPvPg7AsOMW+Tn+JL5l2Xnvfz77Ki3FiS4rQH32REFGccl
+ Gs7fJunyxZzB3Jvv9Cly5vfdKGJfyCviDSMWX5W1slUkg1fWUsppZy9Ifiygb+Au
+ IaP69qz6dqVwZJldG3Wn/x5WpI1x7Meax2Wa9bIbqWXCeNfhrhAnL//dbKPfA0EB
+ AlxhhLIxWxf/Um12z22EJyuH3EYWyTlVaGlOcHzg2r1Mn/1LNXpBMVhOPZouksPx
+
+
+
+
+
+
+
+
+ MIIDWzCCAkOgAwIBAgIUOMCC6dkddEwkgPACu9HJ3SaiMjkwDQYJKoZIhvcNAQEL
+ BQAwJzElMCMGA1UEAwwcdGVzdC1pZHAudWtmZWRlcmF0aW9uLm9yZy51azAeFw0x
+ NjA2MDIxNjI3NTZaFw0zNjA2MDIxNjI3NTZaMCcxJTAjBgNVBAMMHHRlc3QtaWRw
+ LnVrZmVkZXJhdGlvbi5vcmcudWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+ AoIBAQCYrePj+6qI0agRWDNXr2N0pvxdBA9fzXUiNkFPv1syUcY40LGtYUvyEyrn
+ VZ9OkvLswTYArvOGwHGGseKy1lDxt/O37hcXTTd6bAg6nIqdD08Y044pMpXfms2n
+ BwUHq/sGUUyIVV+xP00lfyFxwQNRI9D0L4W8OSx0vMoPM4hp+gsZrzTklUgjhRU/
+ 5n5XGSseS9tb60wz4URx306HxuEkZpF7pWhJRAgfeyone9vYMAotXBfxrvssuyYw
+ rabGvfWRIJiXXmLjm2hllAF2Tj25xlzjAwDhLbvKjZZa5afx3EYMYSf53uOGYJG/
+ zGebYZpvKZB+bLjNwaA41LzeskMdAgMBAAGjfzB9MB0GA1UdDgQWBBQUUMcdr4uu
+ bY7bn88mdk67e20UDzBcBgNVHREEVTBTghx0ZXN0LWlkcC51a2ZlZGVyYXRpb24u
+ b3JnLnVrhjNodHRwczovL3Rlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWsvaWRw
+ L3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEBAJMjdRtSlf9IYMIUqvGQxn/v
+ u8CixcHcimK2WBp/Dv4lAphOTzmF+zF7cB2CMalAcgJnoP4BJNq/7bwDOHDFbpbN
+ cKh4FWRzURChBbZ2Xa1C2vrm0+oPQl8WsChxQgqUPDTleg2k3/PEi2dDymJlu8Cg
+ 0kqWwQ1G0tal6B0lDf+3PKdwdp5LAnB8TUFCTrfuI5DiHOce8r5+AjfkhJsSYu39
+ NpJGsdn/IzQE4RsAFbz1UEb1sz9+vtTFMvC2mr82TcYWC3PDqyHpvqCHAwQqAzQW
+ thDEbFnZ8ckGnGLfkn+Lqt8/A3D85vsoQvvYZ+6UOKzBnl2SeVyGcFykoSoZcGA=
+
+
+
+
+
+
+
+
+ MIIDXDCCAkSgAwIBAgIVAN/3uTodbwagOO8HxJ/wK9pD9F6DMA0GCSqGSIb3DQEB
+ CwUAMCcxJTAjBgNVBAMMHHRlc3QtaWRwLnVrZmVkZXJhdGlvbi5vcmcudWswHhcN
+ MTYwNjAyMTYyNzU3WhcNMzYwNjAyMTYyNzU3WjAnMSUwIwYDVQQDDBx0ZXN0LWlk
+ cC51a2ZlZGVyYXRpb24ub3JnLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEAl5mKiHP7qGWRM2IkPvh5RuVJaOJkBRFhDdX1FInSYtyPRDxQ6Fl9g5Pt
+ 3C65HA9YVMjhijph50DZJRAroyU17WdaSfTUrqK7LqdVk7rVHRekJIH+J3hh/UVq
+ 2Q0N1tlyBOblR6DA4na3kNYwTZh+jYrp6cbNqyqcvtFLCezDOkNnLbXxSK6vqqJN
+ dRTLUoN6PmRlj5DBZNpOkSGdI32WIhNczUHkBZzHVRlvfF4uQKH+0ASYWpI+WJGs
+ Mrdg1eSkQkKLYo/6LmLj/L4kiJzWEC1V1pod1r54wgMsfFRPeoLC1kYU3Q8OFgX8
+ WdUodwaRtFrpmURBEQgMK1uDLGJhkwIDAQABo38wfTAdBgNVHQ4EFgQUdsJMwfkG
+ pPHTByrcDXj2+cm+G2AwXAYDVR0RBFUwU4IcdGVzdC1pZHAudWtmZWRlcmF0aW9u
+ Lm9yZy51a4YzaHR0cHM6Ly90ZXN0LWlkcC51a2ZlZGVyYXRpb24ub3JnLnVrL2lk
+ cC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQBOVDjHi2Mrj3nDb/pTZ9Lz
+ /OizJNEZ+uklJbX//W9Jr1VE2NND96R/D2T/lvR/rKbXh0HJl7VYLRHkPJPQ6X+T
+ 7TzZW9MKhX6nLzhXdtOZb4AEQn0mpOtZSfpY9eUc13xRw1jGl6y09WVnO/IP/0HX
+ U7uWTDt0jgAC4VR3hpFOevxU3nXu5XLtgBcnASeoeJbNfAr+MhrHCt4nAYFmf/+S
+ MLg/0bPQDCVJ0j4yvSCCFkrWeFEkzqQ2QF/VFSA47VfRDALiMzTpFFgTxyj1p4T7
+ Ycbh0vb/OVKx+DN9cvlWlzf2e2JXGg8/gP7hpwVV6ndskANQ67NUOZ5jXWsK5GnD
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/listSPsnoAES128-CBC.xsl b/tests/manual/ukf-meta-243/listSPsnoAES128-CBC.xsl
new file mode 100644
index 00000000..c95c2dac
--- /dev/null
+++ b/tests/manual/ukf-meta-243/listSPsnoAES128-CBC.xsl
@@ -0,0 +1,26 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-aes256-gcm.xml b/tests/manual/ukf-meta-243/no-use-aes256-gcm.xml
new file mode 100644
index 00000000..89975220
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-aes256-gcm.xml
@@ -0,0 +1,30 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-aes256-gcm.xml.out b/tests/manual/ukf-meta-243/no-use-aes256-gcm.xml.out
new file mode 100644
index 00000000..89975220
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-aes256-gcm.xml.out
@@ -0,0 +1,30 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-has-encryptionmethod.xml b/tests/manual/ukf-meta-243/no-use-has-encryptionmethod.xml
new file mode 100644
index 00000000..22e60070
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-has-encryptionmethod.xml
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-has-encryptionmethod.xml.out b/tests/manual/ukf-meta-243/no-use-has-encryptionmethod.xml.out
new file mode 100644
index 00000000..22e60070
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-has-encryptionmethod.xml.out
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-no-encryptionmethod.xml b/tests/manual/ukf-meta-243/no-use-no-encryptionmethod.xml
new file mode 100644
index 00000000..d3496601
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-no-encryptionmethod.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-no-encryptionmethod.xml.out b/tests/manual/ukf-meta-243/no-use-no-encryptionmethod.xml.out
new file mode 100644
index 00000000..09324a4f
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-no-encryptionmethod.xml.out
@@ -0,0 +1,30 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-oaep-encryptionmethod.xml b/tests/manual/ukf-meta-243/no-use-oaep-encryptionmethod.xml
new file mode 100644
index 00000000..684376e5
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-oaep-encryptionmethod.xml
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/no-use-oaep-encryptionmethod.xml.out b/tests/manual/ukf-meta-243/no-use-oaep-encryptionmethod.xml.out
new file mode 100644
index 00000000..c8f20b0a
--- /dev/null
+++ b/tests/manual/ukf-meta-243/no-use-oaep-encryptionmethod.xml.out
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/use-encryption-has-encryptionmethod.xml b/tests/manual/ukf-meta-243/use-encryption-has-encryptionmethod.xml
new file mode 100644
index 00000000..7d1d0b51
--- /dev/null
+++ b/tests/manual/ukf-meta-243/use-encryption-has-encryptionmethod.xml
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/use-encryption-has-encryptionmethod.xml.out b/tests/manual/ukf-meta-243/use-encryption-has-encryptionmethod.xml.out
new file mode 100644
index 00000000..7d1d0b51
--- /dev/null
+++ b/tests/manual/ukf-meta-243/use-encryption-has-encryptionmethod.xml.out
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/use-encryption-no-encryptionmethod.xml b/tests/manual/ukf-meta-243/use-encryption-no-encryptionmethod.xml
new file mode 100644
index 00000000..c83f08f2
--- /dev/null
+++ b/tests/manual/ukf-meta-243/use-encryption-no-encryptionmethod.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/use-encryption-no-encryptionmethod.xml.out b/tests/manual/ukf-meta-243/use-encryption-no-encryptionmethod.xml.out
new file mode 100644
index 00000000..1db42f3b
--- /dev/null
+++ b/tests/manual/ukf-meta-243/use-encryption-no-encryptionmethod.xml.out
@@ -0,0 +1,30 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/use-signing.xml b/tests/manual/ukf-meta-243/use-signing.xml
new file mode 100644
index 00000000..118d4512
--- /dev/null
+++ b/tests/manual/ukf-meta-243/use-signing.xml
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-243/use-signing.xml.out b/tests/manual/ukf-meta-243/use-signing.xml.out
new file mode 100644
index 00000000..118d4512
--- /dev/null
+++ b/tests/manual/ukf-meta-243/use-signing.xml.out
@@ -0,0 +1,29 @@
+
+
+
+
+
+
+
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+ BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+ DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+ zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+ NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+ xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+ zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+ mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+ tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+ A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+ iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+ gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+ FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+ gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+ sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-248/AttributeConsumingService-fail.xml b/tests/manual/ukf-meta-248/AttributeConsumingService-fail.xml
new file mode 100644
index 00000000..ff083ea7
--- /dev/null
+++ b/tests/manual/ukf-meta-248/AttributeConsumingService-fail.xml
@@ -0,0 +1,11 @@
+
+
+
+
+ English e-learning
+ 英語e-learning
+ English e-learning
+ 英語e-learning
+
+
+
diff --git a/tests/manual/ukf-meta-248/AttributeConsumingService-pass.xml b/tests/manual/ukf-meta-248/AttributeConsumingService-pass.xml
new file mode 100644
index 00000000..7179cf95
--- /dev/null
+++ b/tests/manual/ukf-meta-248/AttributeConsumingService-pass.xml
@@ -0,0 +1,13 @@
+
+
+
+
+ English e-learning
+ English e-learning
+
+
+ 英語e-learning
+ 英語e-learning
+
+
+
diff --git a/tests/manual/ukf-meta-248/Organization-fail.xml b/tests/manual/ukf-meta-248/Organization-fail.xml
new file mode 100644
index 00000000..d3e3dd6c
--- /dev/null
+++ b/tests/manual/ukf-meta-248/Organization-fail.xml
@@ -0,0 +1,9 @@
+
+
+
+ English e-learning
+ 英語e-learning
+ English e-learning
+ 英語e-learning
+
+
diff --git a/tests/manual/ukf-meta-248/Organization-pass.xml b/tests/manual/ukf-meta-248/Organization-pass.xml
new file mode 100644
index 00000000..8b831170
--- /dev/null
+++ b/tests/manual/ukf-meta-248/Organization-pass.xml
@@ -0,0 +1,11 @@
+
+
+
+ English e-learning
+ English e-learning
+
+
+ 英語e-learning
+ 英語e-learning
+
+
diff --git a/tests/manual/ukf-meta-248/README.md b/tests/manual/ukf-meta-248/README.md
new file mode 100644
index 00000000..7c56fe47
--- /dev/null
+++ b/tests/manual/ukf-meta-248/README.md
@@ -0,0 +1,38 @@
+# Tests for duplicate xml:lang
+
+Ensuring well-formed:
+```
+for i in *xml; do xmllint --noout $i; done
+```
+
+Tests for existing checks:
+```
+xsltproc ../../../mdx/_rules/check_mdui.xsl test.xml
+[ERROR] non-unique lang values on mdui:DisplayName elements
+[ERROR] non-unique lang values on mdui:Description elements
+[ERROR] non-unique lang values on mdui:Keywords elements
+$ xsltproc ../../../mdx/_rules/check_mdrpi.xsl test.xml
+[ERROR] non-unique lang values on mdrpi:RegistrationPolicy elements
+```
+
+New test should fail on md:ServiceName and md:ServiceDescription:
+```
+xsltproc ../../../mdx/_rules/check_saml2_lang.xsl AttributeConsumingService-fail.xml
+[ERROR] non-unique lang values on ServiceName elements
+[ERROR] non-unique lang values on ServiceDescription elements
+```
+
+New test should fail on md:Organization and md:OrganizationDisplayName
+```
+xsltproc ../../../mdx/_rules/check_saml2_lang.xsl Organization-fail.xml
+[ERROR] non-unique lang values on OrganizationName elements
+[ERROR] non-unique lang values on OrganizationDisplayName elements
+```
+
+Should pass on new tests:
+```
+xsltproc ../../../mdx/_rules/check_saml2_lang.xsl AttributeConsumingService-pass.xml
+xsltproc ../../../mdx/_rules/check_saml2_lang.xsl Organization-pass.xml
+```
+
+`test-sp.xml` is a fragment file that is intended to fail on import
diff --git a/tests/manual/ukf-meta-248/test-sp.xml b/tests/manual/ukf-meta-248/test-sp.xml
new file mode 100644
index 00000000..bf428ddb
--- /dev/null
+++ b/tests/manual/ukf-meta-248/test-sp.xml
@@ -0,0 +1,96 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ test-sp
+
+ CN=test-sp
+ MIIC3DCCAcSgAwIBAgIJAN+91XVXF36VMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
+BAMTB3Rlc3Qtc3AwHhcNMTYwNTExMTI0MTA3WhcNMjYwNTA5MTI0MTA3WjASMRAw
+DgYDVQQDEwd0ZXN0LXNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+zSnEqqkjqprYaIIiO3NOMHHMtvu3T4OP3lRFRp3arNgQTu6J54dj4Ljh2R6w2oFf
+NW/SXKYmHQSv9L/wo57PH47QDvHpt/fSrcG5vr5E0GJFBsKLH21ejK2IaRh58m4k
+xTpncRbdLDVntHs0ZOOAzXTyM9kzwNmLHnhkl6MH0q7qiHRsOXUFMJMM8VdEFZ3p
+zGrOjZ36sFysjxwBH+2YYixgJCsmDJJI8/0XCFg9KvgHgtUudru4cO2PgU4MFj9V
+mV+j3vPhZP3GPMNqLBlAqDTKKw6lRIHF2hHGE1zhqU6A3QGRxhkAonPEyGMvYfFT
+tSW5MW2f58B+0+A5nMKqTwIDAQABozUwMzASBgNVHREECzAJggd0ZXN0LXNwMB0G
+A1UdDgQWBBQob//Wa5StNlZteESM3e54WsDovzANBgkqhkiG9w0BAQUFAAOCAQEA
+iaLcK3+i8w7AzYuaDiu0I4kclZoxz1zKHyI4o7s+iTTR5xJrX+d5WRZT4f72RkDS
+gEH4L/f64XUufso8ilt7vCxJOIUAAcZSxHFD/4TvBhNBha9HjzlL11kOr8VNs3OJ
+FQwsV8Or5xr2T1wpcT+JN5sDNbAxx7oz/vthnAdvo98vGMMx1VJcNz7B5irg3B5M
+gegI3kOm1UfZLWxjfae/uX19d8N0r8AFD3Uuw4UX/07LVZmrtvjI5LB+ju/kv8kP
+ENCjwhjjXq7NUW8hgSiqqdMkFA1iH+KMAYtn2xvll1TojluWAwpYjaCjOLyJSBuV
+sIV9aK2TFEhoJD6KkXUNqg==
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ English e-learning
+ 英語e-learning
+ English e-learning
+ 英語e-learning
+
+
+
+
+
diff --git a/tests/manual/ukf-meta-248/test.xml b/tests/manual/ukf-meta-248/test.xml
new file mode 100644
index 00000000..9ae89cb9
--- /dev/null
+++ b/tests/manual/ukf-meta-248/test.xml
@@ -0,0 +1,37 @@
+
+
+
+
+ http://ukfederation.org.uk/doc/mdrps-20130902
+ http://ukfederation.org.uk/doc/mdrps-20130902
+
+
+
+
+
+ First display name
+ Second display name
+ First description
+ Second description
+ wee sleekit
+ cowran tim'rous
+
+
+
+
+ English e-learning
+ 英語e-learning
+
+
+
diff --git a/tests/manual/ukf-meta-258/README.md b/tests/manual/ukf-meta-258/README.md
new file mode 100644
index 00000000..ae988979
--- /dev/null
+++ b/tests/manual/ukf-meta-258/README.md
@@ -0,0 +1,9 @@
+# Generate HTML pages from XML products
+
+## Tests
+
+xsltproc ../../../utilities/orgnamescope.xsl input.xml | diff - scopes.out
+xsltproc ../../../utilities/ua-idp.xsl input.xml | diff - uai.out
+xsltproc ../../../utilities/ua-idp.xsl accented.xml | diff - accented.out
+
+
diff --git a/tests/manual/ukf-meta-258/accented.out b/tests/manual/ukf-meta-258/accented.out
new file mode 100644
index 00000000..a803deed
--- /dev/null
+++ b/tests/manual/ukf-meta-258/accented.out
@@ -0,0 +1,5 @@
+Federation Identity Providers Asserting User Accountability
The following IdPs assert user accountability (in accordance with section six of the UK federation's rules of membership):
+- Båntshire University
+- Rummidgé University
+- Unseen Üniversity
+
diff --git a/tests/manual/ukf-meta-258/accented.xml b/tests/manual/ukf-meta-258/accented.xml
new file mode 100644
index 00000000..895ae657
--- /dev/null
+++ b/tests/manual/ukf-meta-258/accented.xml
@@ -0,0 +1,78 @@
+
+
+
+
+
+
+
+
+
+
+ rummidge.ac.uk
+
+
+
+ Rummidge University
+ Rummidgé University
+
+
+
+
+
+
+
+
+
+ http://refeds.org/category/hide-from-discovery
+
+
+
+
+
+ ankh.unseen.ac.uk
+ morpock.unseen.ac.uk
+ naphill.unseen.ac.uk
+ library.unseen.ac.uk
+ high.energy.magic.unseen.ac.uk
+ unseen.ac.uk
+
+
+
+ Unseen University
+ Unseen Üniversity
+
+
+
+
+
+
+
+
+
+
+ bantshire.ac.uk
+
+
+
+ Bantshire University
+ Båntshire University
+
+
+
+
+
+
+
+
+
+
+ Unseen University
+ Unseen University SP
+
+
+
diff --git a/tests/manual/ukf-meta-258/input.xml b/tests/manual/ukf-meta-258/input.xml
new file mode 100644
index 00000000..4dfebebc
--- /dev/null
+++ b/tests/manual/ukf-meta-258/input.xml
@@ -0,0 +1,78 @@
+
+
+
+
+
+
+
+
+
+
+ rummidge.ac.uk
+
+
+
+ Rummidge University
+ Rummidge University
+
+
+
+
+
+
+
+
+
+ http://refeds.org/category/hide-from-discovery
+
+
+
+
+
+ ankh.unseen.ac.uk
+ morpock.unseen.ac.uk
+ naphill.unseen.ac.uk
+ library.unseen.ac.uk
+ high.energy.magic.unseen.ac.uk
+ unseen.ac.uk
+
+
+
+ Unseen University
+ Unseen University
+
+
+
+
+
+
+
+
+
+
+ bantshire.ac.uk
+
+
+
+ Bantshire University
+ Bantshire University
+
+
+
+
+
+
+
+
+
+
+ Unseen University
+ Unseen University SP
+
+
+
diff --git a/tests/manual/ukf-meta-258/scopes.out b/tests/manual/ukf-meta-258/scopes.out
new file mode 100644
index 00000000..50059457
--- /dev/null
+++ b/tests/manual/ukf-meta-258/scopes.out
@@ -0,0 +1,34 @@
+
diff --git a/tests/manual/ukf-meta-258/uai.out b/tests/manual/ukf-meta-258/uai.out
new file mode 100644
index 00000000..fc216b67
--- /dev/null
+++ b/tests/manual/ukf-meta-258/uai.out
@@ -0,0 +1,5 @@
+Federation Identity Providers Asserting User Accountability
The following IdPs assert user accountability (in accordance with section six of the UK federation's rules of membership):
+- Bantshire University
+- Rummidge University
+- Unseen University
+
diff --git a/tests/manual/ukf-meta-281/README.md b/tests/manual/ukf-meta-281/README.md
new file mode 100644
index 00000000..b1bd1e2d
--- /dev/null
+++ b/tests/manual/ukf-meta-281/README.md
@@ -0,0 +1,9 @@
+# Tests for UK-specific check for R and S
+
+If the entity supports R&S, it must have a RegistrationPolicy
+
+Other checks ensure that the RegistrationPolicy is valid
+
+Run tests like this:
+
+`for i in *.xml; do echo "Test: $i ==="; xsltproc ../../../mdx/uk/check_uk_rands.xsl $i; done`
diff --git a/tests/manual/ukf-meta-281/has-ec-has-policy.xml b/tests/manual/ukf-meta-281/has-ec-has-policy.xml
new file mode 100644
index 00000000..e431bf6a
--- /dev/null
+++ b/tests/manual/ukf-meta-281/has-ec-has-policy.xml
@@ -0,0 +1,18 @@
+
+
+
+
+ http://ukfederation.org.uk/doc/mdrps-20130902
+
+
+
+ http://refeds.org/category/research-and-scholarship
+
+
+
+
diff --git a/tests/manual/ukf-meta-281/has-ec-no-policy.xml b/tests/manual/ukf-meta-281/has-ec-no-policy.xml
new file mode 100644
index 00000000..e1b7218d
--- /dev/null
+++ b/tests/manual/ukf-meta-281/has-ec-no-policy.xml
@@ -0,0 +1,16 @@
+
+
+
+
+
+
+
+ http://refeds.org/category/research-and-scholarship
+
+
+
+
diff --git a/tests/manual/ukf-meta-281/no-ec-has-policy.xml b/tests/manual/ukf-meta-281/no-ec-has-policy.xml
new file mode 100644
index 00000000..c82a2c97
--- /dev/null
+++ b/tests/manual/ukf-meta-281/no-ec-has-policy.xml
@@ -0,0 +1,13 @@
+
+
+
+
+ http://ukfederation.org.uk/doc/mdrps-20130902
+
+
+
diff --git a/tests/manual/ukf-meta-281/no-ec-no-policy.xml b/tests/manual/ukf-meta-281/no-ec-no-policy.xml
new file mode 100644
index 00000000..7d9301f7
--- /dev/null
+++ b/tests/manual/ukf-meta-281/no-ec-no-policy.xml
@@ -0,0 +1,5 @@
+
+
diff --git a/tests/manual/ukf-meta-281/sirtfi-ec-no-policy.xml b/tests/manual/ukf-meta-281/sirtfi-ec-no-policy.xml
new file mode 100644
index 00000000..1bf29ae2
--- /dev/null
+++ b/tests/manual/ukf-meta-281/sirtfi-ec-no-policy.xml
@@ -0,0 +1,18 @@
+
+
+
+
+ http://ukfederation.org.uk/doc/mdrps-20130902
+
+
+
+ https://refeds.org/sirtfi
+
+
+
+
diff --git a/tests/manual/ukf-meta-331/README.md b/tests/manual/ukf-meta-331/README.md
new file mode 100644
index 00000000..995a73d6
--- /dev/null
+++ b/tests/manual/ukf-meta-331/README.md
@@ -0,0 +1,7 @@
+# Tests
+
+There should be no difference detected
+
+cat accented.txt | ../../../utilities/bodge-eacute.pl 2> /dev/null | diff - accented.out
+
+
diff --git a/tests/manual/ukf-meta-331/accented.out b/tests/manual/ukf-meta-331/accented.out
new file mode 100644
index 00000000..94fffac9
--- /dev/null
+++ b/tests/manual/ukf-meta-331/accented.out
@@ -0,0 +1,3 @@
+É
+é
+ü
diff --git a/tests/manual/ukf-meta-331/accented.txt b/tests/manual/ukf-meta-331/accented.txt
new file mode 100644
index 00000000..bf9c0a6f
--- /dev/null
+++ b/tests/manual/ukf-meta-331/accented.txt
@@ -0,0 +1,3 @@
+É
+é
+ü
diff --git a/tools/aggregator-cli-0.9.2/lib/guava-18.0.jar b/tools/aggregator-cli-0.9.2/lib/guava-18.0.jar
deleted file mode 100644
index 8f89e490..00000000
Binary files a/tools/aggregator-cli-0.9.2/lib/guava-18.0.jar and /dev/null differ
diff --git a/tools/aggregator-cli-0.9.2/lib/guava-29.0-jre.jar b/tools/aggregator-cli-0.9.2/lib/guava-29.0-jre.jar
new file mode 100644
index 00000000..e1fc1791
Binary files /dev/null and b/tools/aggregator-cli-0.9.2/lib/guava-29.0-jre.jar differ
diff --git a/tools/lib/istack-commons-runtime-3.0.8.jar b/tools/lib/istack-commons-runtime-3.0.8.jar
new file mode 100644
index 00000000..8f37e950
Binary files /dev/null and b/tools/lib/istack-commons-runtime-3.0.8.jar differ
diff --git a/tools/lib/jakarta.activation-1.2.2.jar b/tools/lib/jakarta.activation-1.2.2.jar
new file mode 100644
index 00000000..bddea495
Binary files /dev/null and b/tools/lib/jakarta.activation-1.2.2.jar differ
diff --git a/tools/lib/jakarta.xml.bind-api-2.3.2.jar b/tools/lib/jakarta.xml.bind-api-2.3.2.jar
new file mode 100644
index 00000000..b16236d5
Binary files /dev/null and b/tools/lib/jakarta.xml.bind-api-2.3.2.jar differ
diff --git a/tools/lib/jaxb-runtime-2.3.2.jar b/tools/lib/jaxb-runtime-2.3.2.jar
new file mode 100644
index 00000000..62f87196
Binary files /dev/null and b/tools/lib/jaxb-runtime-2.3.2.jar differ
diff --git a/tools/mda-logging.xml b/tools/mda-logging.xml
new file mode 100644
index 00000000..e54756db
--- /dev/null
+++ b/tools/mda-logging.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
+ UTF-8
+ %-5level - %msg%n
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tools/ukf-mda/ukf-mda-0.9.10.jar b/tools/ukf-mda/ukf-mda-0.9.10.jar
deleted file mode 100644
index 5cfa44d2..00000000
Binary files a/tools/ukf-mda/ukf-mda-0.9.10.jar and /dev/null differ
diff --git a/tools/ukf-mda/ukf-mda-0.9.11.jar b/tools/ukf-mda/ukf-mda-0.9.11.jar
new file mode 100644
index 00000000..b1d4025a
Binary files /dev/null and b/tools/ukf-mda/ukf-mda-0.9.11.jar differ
diff --git a/tools/xalan/endorsed/resolver-2.9.1.jar b/tools/xalan/endorsed/resolver-2.9.1.jar
deleted file mode 100644
index e535bdc0..00000000
Binary files a/tools/xalan/endorsed/resolver-2.9.1.jar and /dev/null differ
diff --git a/tools/xalan/endorsed/serializer-2.9.1.jar b/tools/xalan/endorsed/serializer-2.9.1.jar
deleted file mode 100644
index de9b007b..00000000
Binary files a/tools/xalan/endorsed/serializer-2.9.1.jar and /dev/null differ
diff --git a/tools/xalan/endorsed/xalan-2.7.1.jar b/tools/xalan/endorsed/xalan-2.7.1.jar
deleted file mode 100644
index 458fa73d..00000000
Binary files a/tools/xalan/endorsed/xalan-2.7.1.jar and /dev/null differ
diff --git a/tools/xalan/endorsed/xercesImpl-2.9.1.jar b/tools/xalan/endorsed/xercesImpl-2.9.1.jar
deleted file mode 100644
index 8f762e1a..00000000
Binary files a/tools/xalan/endorsed/xercesImpl-2.9.1.jar and /dev/null differ
diff --git a/tools/xalan/endorsed/xml-apis-2.9.1.jar b/tools/xalan/endorsed/xml-apis-2.9.1.jar
deleted file mode 100644
index d42c0ea6..00000000
Binary files a/tools/xalan/endorsed/xml-apis-2.9.1.jar and /dev/null differ
diff --git a/tools/endorsed/serializer-2.11.0.jar b/tools/xalan/impl/serializer-2.11.0.jar
similarity index 100%
rename from tools/endorsed/serializer-2.11.0.jar
rename to tools/xalan/impl/serializer-2.11.0.jar
diff --git a/tools/endorsed/xalan-2.7.1.jar b/tools/xalan/impl/xalan-2.7.1.jar
similarity index 100%
rename from tools/endorsed/xalan-2.7.1.jar
rename to tools/xalan/impl/xalan-2.7.1.jar
diff --git a/tools/endorsed/xercesImpl-2.11.0.jar b/tools/xalan/impl/xercesImpl-2.11.0.jar
similarity index 100%
rename from tools/endorsed/xercesImpl-2.11.0.jar
rename to tools/xalan/impl/xercesImpl-2.11.0.jar
diff --git a/tools/endorsed/xml-apis-2.11.0.jar b/tools/xalan/impl/xml-apis-2.11.0.jar
similarity index 100%
rename from tools/endorsed/xml-apis-2.11.0.jar
rename to tools/xalan/impl/xml-apis-2.11.0.jar
diff --git a/tools/endorsed/xml-resolver-1.2.jar b/tools/xalan/impl/xml-resolver-1.2.jar
similarity index 100%
rename from tools/endorsed/xml-resolver-1.2.jar
rename to tools/xalan/impl/xml-resolver-1.2.jar
diff --git a/utilities/bodge-eacute.pl b/utilities/bodge-eacute.pl
new file mode 100755
index 00000000..d89cf3d9
--- /dev/null
+++ b/utilities/bodge-eacute.pl
@@ -0,0 +1,13 @@
+#!/usr/bin/perl -w -p -i
+#
+# É is changed to HTML character entity reference É
+#
+# An awful bodge to fix output of IdPInfoList. Our instance of
+# PMwiki encodes pages in windows-1252 (single byte character encoding),
+# and IdPInfoList includes a file encoded in UTF-8. All is well until
+# we have a 2-byte character in GÉANT.
+#
+binmode(STDOUT, ":encoding(UTF-8)");
+s/É/É/g;
+s/é/é/g;
+s/ü/ü/g;
\ No newline at end of file
diff --git a/utilities/check_embedded.pl b/utilities/check_embedded.pl
index eed5a4df..bd7fdaf4 100755
--- a/utilities/check_embedded.pl
+++ b/utilities/check_embedded.pl
@@ -249,6 +249,9 @@ sub comment {
} elsif (/^\s*Public-Key: \((\d+) bit\)/) { # OpenSSL 1.0
$pubSize = $1;
next;
+ } elsif (/^\s*RSA Public-Key: \((\d+) bit\)/) { # OpenSSL 1.1.1g
+ $pubSize = $1;
+ next;
}
if (/Not After : (.*)$/) {
@@ -327,29 +330,29 @@ sub comment {
# Deal with certificate expiry for CA-issued certificates.
#
if ($issuer ne $subject) {
- if ($days < -$longExpiredDays) {
- my $d = floor(-$days);
- if (defined($expiry_whitelist{$fingerprint})) {
- comment("EXPIRED LONG AGO ($d days; $notAfter)");
- } else {
- error("EXPIRED LONG AGO ($d days; $notAfter)");
- comment("fingerprint $fingerprint");
- }
- } elsif ($days < 0) {
- if (defined($expiry_whitelist{$fingerprint})) {
- comment("EXPIRED ($notAfter)");
- } else {
- error("EXPIRED ($notAfter)");
- comment("fingerprint $fingerprint");
+ if ($days < -$longExpiredDays) {
+ my $d = floor(-$days);
+ if (defined($expiry_whitelist{$fingerprint})) {
+ comment("EXPIRED LONG AGO ($d days; $notAfter)");
+ } else {
+ error("EXPIRED LONG AGO ($d days; $notAfter)");
+ comment("fingerprint $fingerprint");
+ }
+ } elsif ($days < 0) {
+ if (defined($expiry_whitelist{$fingerprint})) {
+ comment("EXPIRED ($notAfter)");
+ } else {
+ error("EXPIRED ($notAfter)");
+ comment("fingerprint $fingerprint");
+ }
+ } elsif ($days < $daysBeforeError) {
+ $days = int($days);
+ error("expires in $days days ($notAfter)");
+ } elsif ($days < $daysBeforeWarning) {
+ $days = int($days);
+ warning("expires in $days days ($notAfter)");
}
- } elsif ($days < $daysBeforeError) {
- $days = int($days);
- error("expires in $days days ($notAfter)");
- } elsif ($days < $daysBeforeWarning) {
- $days = int($days);
- warning("expires in $days days ($notAfter)");
}
- }
#
# Handle public key size.
diff --git a/utilities/contacts-from-sf.sh b/utilities/contacts-from-sf.sh
index 18fb219e..eca73ccc 100755
--- a/utilities/contacts-from-sf.sh
+++ b/utilities/contacts-from-sf.sh
@@ -1,11 +1,13 @@
#!/bin/bash
-# This script processes a Salesforce report "UKfed-contacts-export" which lists all contacts with
-# UK Federation Contact Roles and their corresponding Jisc Organisation ID (ukforg) and Organisation Name
#
-# The current report can be found here https://eu3.salesforce.com/00Ow0000007MXhK, it needs to be exported as a CSV file
-# which ends up as 'reportnnnnnnnnnnnnn.csv'
+# This script processes a Salesforce report which lists all contacts with UK federation
+# contact roles, their corresponding Jisc Organisation ID and Organisation Name.
+#
+# Expects a CSV file with the following format:
+# "Contact: Email","Jisc Organisational ID","Role Name","Account Name"
+# "person1@example.com","127","UK Federation Management Contact","Further College"
+# "person2@example.com","12345","UK Federation Signatory","Unseen University"
#
-# The input to the script is the above CSV file.
#
# The output of the script is as follows;
#
@@ -13,17 +15,13 @@
# * A list of Management Contact email addresses in $MGMTDEST
# * A list of all contact email addresses in $CONTACTDEST
#
-# To use this script please follow the process here;
-#
-# https://repo.infr.ukfederation.org.uk/ukf/ukf-systems/wikis/HOW-to-process-UKfed-contacts-export-report
-#
-# Author: Jon Agland
-#
-SFREPORTNAME="UKfed-contacts-export"
+UKFDATA=../../ukf-data
CSVDEST=../../ukf-data/contacts/sf-contacts.csv
CONTACTDEST=../../ukf-data/contacts/sf-contacts.txt
MGMTDEST=../../ukf-data/contacts/sf-contacts-mc.txt
+TMPFILE=$(mktemp)
+export LC_COLLATE="C.UTF-8"
if [ -z "$1" ]; then
echo "ERROR: No file name supplied"
@@ -35,13 +33,17 @@ if [ ! -f "$1" ]; then
exit 1
fi
-if ! grep -q \"$SFREPORTNAME\" $1; then
- echo "ERROR: this doesn't appear to be the output of $SFREPORTNAME"
- exit 2
-fi
-
cat $1 | awk -F\, '{ print $1 }' | grep @ | sed -e 's/\"//g' | sort -u > $CONTACTDEST
grep "\,\"UK Federation Management Contact\"" $1 | awk -F\, '{ print $1 }' | grep @ | sed -e 's/\"//g' | sort -u > $MGMTDEST
-cp $1 $CSVDEST
+SOURCEDATE=$(date --date="@$(stat $1 --printf=%Y | awk -F\. '{ print $1 }')" +"%d/%m/%Y %H:%M")
+
+
+GITUSER=$(cd $UKFDATA && git config user.name)
+
+cp $1 $TMPFILE
+echo "\"Generated By: $GITUSER $SOURCEDATE\"" >> $TMPFILE
+
+cp $TMPFILE $CSVDEST
+rm $TMPFILE
diff --git a/utilities/githooks/post-receive b/utilities/githooks/post-receive
new file mode 100755
index 00000000..52303df1
--- /dev/null
+++ b/utilities/githooks/post-receive
@@ -0,0 +1,105 @@
+#!/bin/bash
+
+# Git provides the following as part of STDIN when invoking this script:
+read oldrev newrev refname
+
+# Set the location of the git repo and the apache directories to serve content from
+gitdir=/var/git/ukf-products
+apacheaggrdir=/var/www/html/metadata.uou
+apachemdqdir=/var/www/html/mdq.uou/entities
+
+# Set the location of the temporary mdq cache dir
+mdqcachedir=/tmp/mdqcache
+
+# Set the location of JSON discofeed files
+jsontempdir=/tmp
+discofeed=discofeed.json
+discofeedall=discofeed-all.json
+
+# This Git repo has had the latest stuff pushed to it, but it hasn't checked it out yet. So let's do it.
+git --work-tree=$gitdir --git-dir=$gitdir/.git checkout -f
+
+# Make a gzipped version of each aggregate
+echo -n "Gzipping each aggregate... "
+for f in $gitdir/aggregates/*.xml
+do
+ gzip -9 < $f > $f.gz
+done
+echo "Done."
+
+# The JSON files should have been SCPed to /tmp and be sitting there happily.
+echo -n "Gzipping 2 JSON discofeed files..."
+gzip -9 < "${jsontempdir}/$discofeed" > "${jsontempdir}/${discofeed}.gz"
+gzip -9 < "${jsontempdir}/$discofeedall" > "${jsontempdir}/${discofeedall}.gz"
+echo "Done."
+
+# The MDQ cache should have been SCPed to /tmp and be sitting there happily.
+# First, we should untar it.
+echo -n "Untarring mdq cache... "
+rm -rf $mdqcachedir
+mkdir $mdqcachedir
+cd $mdqcachedir
+tar xzf /tmp/mdqcache.tar.gz
+echo "Done."
+
+# Make a gzipped version of each per-entity fragment; also create symlink
+# to the XML file and its .gz version named from the SHA1 hash of the entityId
+echo -n "Gzipping each fragment file, and symlinking to the file and the .gz... "
+cd $mdqcachedir
+for f in $mdqcachedir/*.xml
+do
+
+ # First we're going to figure out some stuff about the request and how it'll
+ # map to other versions of the name
+
+ # Convert the /full/path/and/filename.xml to just filename.xml
+ filename=${f##*/}
+
+ # And then filename.xml to just filename (i.e. the % encoded entityId)
+ entityidpercentencoded=${filename%.*}
+
+ # Un-%encode the entityId
+ entityid=$(echo $entityidpercentencoded | sed "s@+@ @g;s@%@\\\\x@g" | xargs -0 printf "%b")
+
+ # Calculate the sha1 hash of the entityId
+ entityidsha1=$(echo -n $entityid | openssl sha1 | awk '{print $2}')
+
+
+ # Now we're actually going to do something with that!
+
+ # Create the gzipped version of the file
+ gzip -9 < $filename > x_gz-$filename.gz
+
+ # Remove .xml from the filenames
+ mv -f $filename $entityidpercentencoded
+ mv -f x_gz-$filename.gz x_gz-$entityidpercentencoded.gz
+
+ # Create the symlinks to the XML file and the gzipped version
+ ln -s $entityidpercentencoded {sha1}$entityidsha1
+ ln -s x_gz-$entityidpercentencoded.gz x_gz-{sha1}$entityidsha1.gz
+
+done
+echo "Done."
+
+# Get the timestamp of the commit
+mtime=$(git --work-tree=$gitdir --git-dir=$gitdir/.git show $newrev --quiet --pretty=format:%ct)
+
+# Set the timestamp on each of the files to that of the commit
+echo -n "Setting the timestamp on each file to that of the commit... "
+find $gitdir -regextype posix-extended -regex '.*\.(xml|gz)' -exec touch -d @$mtime {} \;
+find $mdqcachedir -exec touch -d @$mtime {} \;
+touch -d @$mtime ${jsontempdir}/$discofeed ${jsontempdir}/${discofeed}.gz ${jsontempdir}/$discofeedall ${jsontempdir}/${discofeedall}.gz
+echo "Done."
+
+# Put files into the correct directory
+echo -n "Rsyncing files to the appropriate apache directory... "
+rsync -at $gitdir/aggregates/*.{xml,gz} $apacheaggrdir
+rsync -at --delete $mdqcachedir/ $apachemdqdir
+rsync -at ${jsontempdir}/$discofeed ${jsontempdir}/${discofeed}.gz ${jsontempdir}/$discofeedall ${jsontempdir}/${discofeedall}.gz $apacheaggrdir
+echo "Done."
+
+# Remove the temporary files
+echo -n "Removing temporary files... "
+find $gitdir -name "*.gz" -exec rm -f {} \;
+rm -rf $mdqcachedir
+echo "Done."
diff --git a/utilities/list_rands_sps.xsl b/utilities/list_rands_sps.xsl
new file mode 100644
index 00000000..da26f507
--- /dev/null
+++ b/utilities/list_rands_sps.xsl
@@ -0,0 +1,147 @@
+
+
+
+
+
+
+
+ <!DOCTYPE html>
+ <html lang="en">
+ <head>
+ <title>
+ List of SPs asserting the Research and Scholarship entity category
+ </title>
+ <meta charset="UTF-8">
+ </head>
+ <body>
+ <h1>
+ List of SPs asserting the Research and Scholarship entity category
+ </h1>
+
+
+
+
+
+ <h2>
+
+
+ </h2>
+
+ <table>
+
+
+ entityID
+
+
+
+
+ registrationAuthority
+
+
+
+
+
+
+ InformationURL
+
+ <a href="
+
+ ">
+
+ </a>
+
+
+
+
+
+ InformationURL
+ No English language version available
+
+
+
+
+
+ Description
+
+
+
+
+
+
+ PrivacyStatementURL
+
+ <a href="
+
+ ">
+
+ </a>
+
+
+
+
+
+ PrivacyStatementURL
+ No English language version available
+
+
+
+
+ </table>
+
+
+
+
+
+
+
+
+
+ <tr>
+
+
+
+
+
+
+
+
+
+
+ </tr>
+
+
+
+
+ <th>
+
+ </th>
+
+
+
+
+
+ <td>
+
+ </td>
+
+
+
+
diff --git a/utilities/memberlist.xsl b/utilities/memberlist.xsl
new file mode 100644
index 00000000..ea8da981
--- /dev/null
+++ b/utilities/memberlist.xsl
@@ -0,0 +1,44 @@
+
+
+
+
+
+
+
+
+ UK federation member organisations ()
+
+
+ | Member Organisation |
|---|
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ (
+
+ )
+
+
+ |
+
+
+
+
+
+
+
diff --git a/utilities/orgnamescope.xsl b/utilities/orgnamescope.xsl
new file mode 100644
index 00000000..fafa63aa
--- /dev/null
+++ b/utilities/orgnamescope.xsl
@@ -0,0 +1,80 @@
+
+
+
+
+
+
+
+
+
+
+ | DisplayName |
+ Organisation Name |
+ entityID |
+ Scopes |
+ Visibility |
+
+
+
+
+
+
|
+ |
+ |
+
+
+ |
+
+
+
+
+
+
+ Scopes
+
+
+
+
+
+
+
+
+ |
+
+ No
+ Yes
+
+ |
+
+
+
+
diff --git a/utilities/stats-generate.sh b/utilities/stats-generate.sh
index 4c6acc13..7017fed2 100755
--- a/utilities/stats-generate.sh
+++ b/utilities/stats-generate.sh
@@ -594,40 +594,7 @@ fi
# CDS stats
# =====
-# How many accesses to .ds.
-cdscount=$(grep -s $apachesearchterm $logslocation/cds/shib-cds1/ssl_access_log* $logslocation/cds/shib-cds2/ssl_access_log* $logslocation/cds/shib-cds3/ssl_access_log* $logslocation/cds/shibcds-ne-01/ssl_access_log* $logslocation/cds/shibcds-ne-02/ssl_access_log* $logslocation/cds/shibcds-we-01/ssl_access_log* $logslocation/cds/shibcds-we-02/ssl_access_log* | grep .ds? | wc -l)
-cdscountfriendly=$(echo $cdscount | awk '{ printf ("%'"'"'d\n", $0) }')
-
-# IPv4 vs IPv6 traffic (don't count these for daily stats)
-if [[ "$timeperiod" != "day" ]]; then
- # Some v6 traffic has traditionally passed through v6v4proxy1/2, so to count v4 we're counting all accesses, minus those from the v4 proxy IP addresses, minus actual v6 addresses
- cdsv4count=$(grep -s $apachesearchterm $logslocation/cds/shib-cds1/ssl_access_log* $logslocation/cds/shib-cds2/ssl_access_log* $logslocation/cds/shib-cds3/ssl_access_log* $logslocation/cds/shibcds-ne-01/ssl_access_log* $logslocation/cds/shibcds-ne-02/ssl_access_log* $logslocation/cds/shibcds-we-01/ssl_access_log* $logslocation/cds/shibcds-we-02/ssl_access_log* | grep .ds? | cut -f 1 -d " " | cut -f 2-9 -d ":" | grep -v 193.63.72.83 | grep -v 194.83.7.211 | grep -v ":" | wc -l)
- cdsv4pc=$(echo "scale=4;($cdsv4count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
- cdsv6count=$(( cdscount - cdsv4count ))
- cdsv6pc=$(echo "scale=4;($cdsv6count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
-
- # Per-server request count
- cds1count=$(grep -s $apachesearchterm $logslocation/cds/shib-cds1/ssl_access_log* | grep .ds? | wc -l)
- cds1pc=$(echo "scale=4;($cds1count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
- cds2count=$(grep -s $apachesearchterm $logslocation/cds/shib-cds2/ssl_access_log* | grep .ds? | wc -l)
- cds2pc=$(echo "scale=4;($cds2count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
- cds3count=$(grep -s $apachesearchterm $logslocation/cds/shib-cds3/ssl_access_log* | grep .ds? | wc -l)
- cds3pc=$(echo "scale=4;($cds3count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
- cdsne01count=$(grep -s $apachesearchterm $logslocation/cds/shibcds-ne-01/ssl_access_log* | grep .ds? | wc -l)
- cdsne01pc=$(echo "scale=4;($cdsne01count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
- cdsne02count=$(grep -s $apachesearchterm $logslocation/cds/shibcds-ne-02/ssl_access_log* | grep .ds? | wc -l)
- cdsne02pc=$(echo "scale=4;($cdsne02count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
- cdswe01count=$(grep -s $apachesearchterm $logslocation/cds/shibcds-we-01/ssl_access_log* | grep .ds? | wc -l)
- cdswe01pc=$(echo "scale=4;($cdswe01count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
- cdswe02count=$(grep -s $apachesearchterm $logslocation/cds/shibcds-we-02/ssl_access_log* | grep .ds? | wc -l)
- cdswe02pc=$(echo "scale=4;($cdswe02count/$cdscount)*100" | bc | awk '{printf "%.1f\n", $0}')
-fi
-
-# How many of these were to the DS (has entityId in the parameters)
-cdsdscount=$(grep -s $apachesearchterm $logslocation/cds/shib-cds1/ssl_access_log* $logslocation/cds/shib-cds2/ssl_access_log* $logslocation/cds/shib-cds3/ssl_access_log* $logslocation/cds/shibcds-ne-01/ssl_access_log* $logslocation/cds/shibcds-ne-02/ssl_access_log* $logslocation/cds/shibcds-we-01/ssl_access_log* $logslocation/cds/shibcds-we-02/ssl_access_log* | grep .ds? | grep entityID | wc -l | awk '{ printf ("%'"'"'d\n", $0) }')
-
-# How many of these were to the WAYF (has shire in the parameters)
-cdswayfcount=$(grep -s $apachesearchterm $logslocation/cds/shib-cds1/ssl_access_log* $logslocation/cds/shib-cds2/ssl_access_log* $logslocation/cds/shib-cds3/ssl_access_log* $logslocation/cds/shibcds-ne-01/ssl_access_log* $logslocation/cds/shibcds-ne-02/ssl_access_log* $logslocation/cds/shibcds-we-01/ssl_access_log* $logslocation/cds/shibcds-we-02/ssl_access_log* | grep .ds? | grep shire | wc -l | awk '{ printf ("%'"'"'d\n", $0) }')
+# ukf-meta issue 338: These have been removed and will be re-implemented in Splunk. See ukf-systems, issue 669
# =====
@@ -727,7 +694,7 @@ if [[ "$timeperiod" == "day" ]]; then
msg+=">-> $mdqcountentityidfriendly ($mdqcountentityidpc%) entityId vs $mdqcountsha1friendly ($mdqcountsha1pc%) sha1 based queries\n"
msg+=">-> $mdqminqueriesperip/$mdqavgqueriesperip/$mdqmaxqueriesperip min/avg/max queries per querying IP\n"
msg+=">-> $mdqcountallentities queries for collection of all entities\n"
- msg+=">*CDS:* $cdscountfriendly requests serviced (DS: $cdsdscount / WAYF: $cdswayfcount).\n"
+ msg+=">*CDS:* These have been removed and will be re-implemented in Splunk. See ukf-systems, issue 669\n"
msg+=">*Wugen:* $wugencount WAYFless URLs generated, $wugennewsubs new subscriptions.\n"
msg+=">*Test IdP:* $testidplogincount logins to $testidpspcount SPs.\n"
msg+=">*Test SP:* $testsplogincount logins from $testspidpcount IdPs.\n"
@@ -778,10 +745,7 @@ else
msg+="$mdqtoptenqueriesbycount\n"
msg+="\n-----\n"
msg+="Central Discovery Service:\n"
- msg+="-> $cdscountfriendly total requests serviced\n"
- msg+="-> IPv4: $cdsv4pc% vs IPv6: $cdsv6pc%\n"
- msg+="-> Server distribution: shibcds-ne-01: $cdsne01pc% shibcds-ne-02: $cdsne02pc% shibcds-we-01: $cdswe01pc% shibcds-we-02: $cdswe02pc% / shib-cds1: $cds1pc% shib-cds2: $cds2pc% shib-cds3: $cds3pc%\n"
- msg+="-> DS: $cdsdscount / WAYF: $cdswayfcount\n"
+ msg+="These stats have been removed and will be re-implemented in Splunk. See ukf-systems, issue 669\n"
msg+="\n-----\n"
msg+="Wugen:\n"
msg+="-> $wugencount WAYFless URLs generated\n"
diff --git a/utilities/stats-sync.sh b/utilities/stats-sync.sh
index 1bf2b579..be55d972 100755
--- a/utilities/stats-sync.sh
+++ b/utilities/stats-sync.sh
@@ -26,18 +26,20 @@ rsync -at --exclude modsec* stats@www-ne-01:/var/log/httpd/* $logslocation/www/w
rsync -at --exclude modsec* stats@www-we-01:/var/log/httpd/* $logslocation/www/www-we-01/
# Logs from Wugen
-rsync -at --exclude modsec* stats@wugen:/var/log/httpd/* $logslocation/wugen/
-rsync -at stats@wugen:/opt/wugen/logs/urlgenerator-* $logslocation/wugen/
-rsync -at stats@wugen:/opt/wugen/logs/wayfless-* $logslocation/wugen/
+rsync -at stats@dockerpub-ne-01:./wugen/wayfless-* $logslocation/wugen/
# Logs from Test IdP
rsync -at --exclude modsec* stats@test-idp:/var/log/httpd/* $logslocation/test-idp/
rsync -at stats@test-idp:/opt/shibboleth-idp/logs/idp-audit* $logslocation/test-idp/
# Logs from Test SP
+#
+# The Test SP has a cronjob to remove logs with PII > 30 days old, we replicate that in this script
+#
rsync -at --exclude modsec* stats@test-sp:/var/log/httpd/* $logslocation/test-sp/
rsync -at stats@test-sp:/var/log/shibboleth/shibd* $logslocation/test-sp/
rsync -at stats@test-sp:/var/log/shibboleth/transaction* $logslocation/test-sp/
+find $logslocation/test-sp/ -type f -mtime +90 -delete
# Exit happily
exit 0
diff --git a/utilities/ua-idp.xsl b/utilities/ua-idp.xsl
new file mode 100644
index 00000000..37559252
--- /dev/null
+++ b/utilities/ua-idp.xsl
@@ -0,0 +1,28 @@
+
+
+
+
+
+
+
+Federation Identity Providers Asserting User Accountability
+
+The following IdPs assert user accountability (in accordance with section six of the UK federation's rules of membership):
+
+
+
+
+