Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1310397 [1/2] - in /cxf/branches/2.4.x-fixes:
 api/src/main/resources/schemas/wsdl/
 distribution/src/main/release/samples/java_first_jaxws/src/test/java/demo/hw/server/
 distribution/src/main/release/samples/sts_issue_operation/src/main/java...
Date: Fri, 06 Apr 2012 15:18:41 -0000
To: commits@cxf.apache.org
From: dkulp@apache.org
Message-Id: <20120406151842.2B3742388865@eris.apache.org>

Author: dkulp
Date: Fri Apr  6 15:18:38 2012
New Revision: 1310397

URL: http://svn.apache.org/viewvc?rev=1310397&view=rev
Log:
Set svn properties

Modified:
    cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd   (contents, props changed)
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/java_first_jaxws/src/test/java/demo/hw/server/HelloWorldImplTest.java   (props changed)
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt
    cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java
    cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCacheFactory.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/MemoryReplayCacheFactory.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/ReplayCacheFactory.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorEncryptionTokenBuilder.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorSignatureTokenBuilder.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientEncryptionTokenBuilder.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientSignatureTokenBuilder.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/GCMAlgorithmSuite.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorEncryptionToken.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorSignatureToken.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientEncryptionToken.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientSignatureToken.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/resources/cxf-ehcache.xml   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityVerificationOutTest.java   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/encrypted_parts_missing_binding.xml   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/signed_parts_missing_binding.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/InterpretNullAsOnewayProviderTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/uncategorized/src/test/java/org/apache/cxf/systest/beanincreationexception/TestBeanABO.java
    cxf/branches/2.4.x-fixes/systests/uncategorized/src/test/java/org/apache/cxf/systest/beanincreationexception/TestBeanABOImpl.java
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/pom.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/common/CommonPasswordCallback.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/common/DoubleItImpl.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/common/DoubleItPortTypeImpl.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/server/Server.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/Server.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/sts/STSServer.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/server/Server.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/server/Server.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/DoubleItLogical.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.properties   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.properties   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/cxfca.properties   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/log4j.properties   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/logging.properties   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/client.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/cxf-symmetric.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/client/client.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server/server.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/server/server.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/server/Server.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/SecurityHeaderCacheInterceptor.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenDerivedTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/server/ServerDerived.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/revocation.properties   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client/client-derived.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/server-derived.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/addr-anon-client.xml
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/addr-anon-server.xml
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/rmwsdl_server.xml
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/RobustServiceAtMostOnceTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAckBase.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAckPersistenceTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAckTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAtMostOnceAckTest.java   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/SlowProcessingSimulator.java   (contents, props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/sync-ack-atmostonce-server.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/sync-ack-persistent-server.xml   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/sync-ack-server.xml   (props changed)

Modified: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd (original)
+++ cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd Fri Apr  6 15:18:38 2012
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
- 
-  http://www.apache.org/licenses/LICENSE-2.0
- 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<xsd:schema targetNamespace="http://ws-i.org/profiles/basic/1.1/xsd"
-            xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <xsd:simpleType name="swaRef">
-    <xsd:restriction base="xsd:anyURI" />
-  </xsd:simpleType>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<xsd:schema targetNamespace="http://ws-i.org/profiles/basic/1.1/xsd"
+            xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <xsd:simpleType name="swaRef">
+    <xsd:restriction base="xsd:anyURI" />
+  </xsd:simpleType>
 </xsd:schema>
\ No newline at end of file

Propchange: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Propchange: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/java_first_jaxws/src/test/java/demo/hw/server/HelloWorldImplTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java Fri Apr  6 15:18:38 2012
@@ -1,181 +1,181 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Element;
-import org.apache.cxf.common.logging.LogUtils;
-import org.joda.time.DateTime;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.KeyInfo;
-
-
-public class Saml1TokenProvider implements TokenProvider {
-
-    private static final Logger LOG = LogUtils.getL7dLogger(Saml1TokenProvider.class);
-    private static final String RESPONSE_TOKENTYPE_SAML1 
-        = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
-    
-    public String getResponseTokentype() {
-        return RESPONSE_TOKENTYPE_SAML1;
-    }
-
-    public String getTokenType() {
-        return SAMLConstants.SAML1_NS;
-    }
-
-    public Element createToken(X509Certificate certificate) {
-        try {
-            org.opensaml.saml1.core.Subject subject = createSubjectSAML1(certificate);
-            org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
-            return SamlUtils.toDom(samlAssertion).getDocumentElement();
-        } catch (Exception e) {
-            throw new TokenException("Can't serialize SAML assertion", e);
-        }
-    }
-
-    public Element createToken(String username) {
-        try {
-            org.opensaml.saml1.core.Subject subject = createSubjectSAML1(username);
-            org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
-            return SamlUtils.toDom(samlAssertion).getDocumentElement();
-        } catch (Exception e) {
-            throw new TokenException("Can't serialize SAML assertion", e);
-        }
-    }
-
-    public String getTokenId(Element token) {
-        return token
-                .getAttribute(org.opensaml.saml1.core.Assertion.ID_ATTRIB_NAME);
-    }
-
-    private org.opensaml.saml1.core.Subject createSubjectSAML1(String username) {
-        org.opensaml.saml1.core.NameIdentifier nameID = 
-            (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
-                .buildObject();
-        nameID.setNameIdentifier(username);
-        String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
-
-        if (format != null) {
-            nameID.setFormat(format);
-        }
-
-        org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
-                .buildObject();
-        subject.setNameIdentifier(nameID);
-
-        String confirmationString = "urn:oasis:names:tc:SAML:1.0:cm:bearer";
-
-        if (confirmationString != null) {
-
-            org.opensaml.saml1.core.ConfirmationMethod confirmationMethod = 
-                (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
-                    .buildObject();
-            confirmationMethod.setConfirmationMethod(confirmationString);
-
-            org.opensaml.saml1.core.SubjectConfirmation confirmation = 
-                (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
-                    .buildObject();
-            confirmation.getConfirmationMethods().add(confirmationMethod);
-
-            subject.setSubjectConfirmation(confirmation);
-        }
-        return subject;
-    }
-
-    private org.opensaml.saml1.core.Subject createSubjectSAML1(
-            X509Certificate certificate) throws Exception {
-        DefaultBootstrap.bootstrap();
-        org.opensaml.saml1.core.NameIdentifier nameID = 
-            (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
-                .buildObject();
-        nameID.setNameIdentifier(certificate.getSubjectDN().getName());
-        nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
-        org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
-                .buildObject();
-        subject.setNameIdentifier(nameID);
-        org.opensaml.saml1.core.ConfirmationMethod confirmationMethod = 
-            (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
-                .buildObject();
-        confirmationMethod
-                .setConfirmationMethod("Urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
-        org.opensaml.saml1.core.SubjectConfirmation confirmation = 
-            (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
-                .buildObject();
-        confirmation.getConfirmationMethods().add(confirmationMethod);
-        BasicX509Credential keyInfoCredential = new BasicX509Credential();
-        keyInfoCredential.setEntityCertificate(certificate);
-        X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
-        kiFactory.setEmitPublicKeyValue(true);
-        KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
-        confirmation.setKeyInfo(keyInfo);
-        subject.setSubjectConfirmation(confirmation);
-        return subject;
-    }
-
-    private org.opensaml.saml1.core.Assertion createAuthnAssertionSAML1(
-            org.opensaml.saml1.core.Subject subject) {
-        org.opensaml.saml1.core.AuthenticationStatement authnStatement = 
-            (new org.opensaml.saml1.core.impl.AuthenticationStatementBuilder())
-                .buildObject();
-        authnStatement.setSubject(subject);
-        // authnStatement.setAuthenticationMethod(strAuthMethod);
-
-        DateTime now = new DateTime();
-
-        authnStatement.setAuthenticationInstant(now);
-
-        org.opensaml.saml1.core.Conditions conditions = (new org.opensaml.saml1.core.impl.ConditionsBuilder())
-                .buildObject();
-        conditions.setNotBefore(now.minusMillis(3600000));
-        conditions.setNotOnOrAfter(now.plusMillis(3600000));
-
-        String issuerURL = "http://www.sopera.de/SAML1";
-
-        org.opensaml.saml1.core.Assertion assertion = (new org.opensaml.saml1.core.impl.AssertionBuilder())
-                .buildObject();
-        try {
-            SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
-            assertion.setID(generator.generateIdentifier());
-        } catch (NoSuchAlgorithmException e) {
-            LOG.log(Level.WARNING, e.getMessage(), e);
-        }
-
-        assertion.setIssuer(issuerURL);
-        assertion.setIssueInstant(now);
-        assertion.setVersion(SAMLVersion.VERSION_11);
-
-        assertion.getAuthenticationStatements().add(authnStatement);
-        // assertion.getAttributeStatements().add(attrStatement);
-        assertion.setConditions(conditions);
-
-        return assertion;
-    }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.common.logging.LogUtils;
+import org.joda.time.DateTime;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
+
+
+public class Saml1TokenProvider implements TokenProvider {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(Saml1TokenProvider.class);
+    private static final String RESPONSE_TOKENTYPE_SAML1 
+        = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+    
+    public String getResponseTokentype() {
+        return RESPONSE_TOKENTYPE_SAML1;
+    }
+
+    public String getTokenType() {
+        return SAMLConstants.SAML1_NS;
+    }
+
+    public Element createToken(X509Certificate certificate) {
+        try {
+            org.opensaml.saml1.core.Subject subject = createSubjectSAML1(certificate);
+            org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
+            return SamlUtils.toDom(samlAssertion).getDocumentElement();
+        } catch (Exception e) {
+            throw new TokenException("Can't serialize SAML assertion", e);
+        }
+    }
+
+    public Element createToken(String username) {
+        try {
+            org.opensaml.saml1.core.Subject subject = createSubjectSAML1(username);
+            org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
+            return SamlUtils.toDom(samlAssertion).getDocumentElement();
+        } catch (Exception e) {
+            throw new TokenException("Can't serialize SAML assertion", e);
+        }
+    }
+
+    public String getTokenId(Element token) {
+        return token
+                .getAttribute(org.opensaml.saml1.core.Assertion.ID_ATTRIB_NAME);
+    }
+
+    private org.opensaml.saml1.core.Subject createSubjectSAML1(String username) {
+        org.opensaml.saml1.core.NameIdentifier nameID = 
+            (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
+                .buildObject();
+        nameID.setNameIdentifier(username);
+        String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
+
+        if (format != null) {
+            nameID.setFormat(format);
+        }
+
+        org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
+                .buildObject();
+        subject.setNameIdentifier(nameID);
+
+        String confirmationString = "urn:oasis:names:tc:SAML:1.0:cm:bearer";
+
+        if (confirmationString != null) {
+
+            org.opensaml.saml1.core.ConfirmationMethod confirmationMethod = 
+                (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
+                    .buildObject();
+            confirmationMethod.setConfirmationMethod(confirmationString);
+
+            org.opensaml.saml1.core.SubjectConfirmation confirmation = 
+                (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
+                    .buildObject();
+            confirmation.getConfirmationMethods().add(confirmationMethod);
+
+            subject.setSubjectConfirmation(confirmation);
+        }
+        return subject;
+    }
+
+    private org.opensaml.saml1.core.Subject createSubjectSAML1(
+            X509Certificate certificate) throws Exception {
+        DefaultBootstrap.bootstrap();
+        org.opensaml.saml1.core.NameIdentifier nameID = 
+            (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
+                .buildObject();
+        nameID.setNameIdentifier(certificate.getSubjectDN().getName());
+        nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
+        org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
+                .buildObject();
+        subject.setNameIdentifier(nameID);
+        org.opensaml.saml1.core.ConfirmationMethod confirmationMethod = 
+            (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
+                .buildObject();
+        confirmationMethod
+                .setConfirmationMethod("Urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
+        org.opensaml.saml1.core.SubjectConfirmation confirmation = 
+            (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
+                .buildObject();
+        confirmation.getConfirmationMethods().add(confirmationMethod);
+        BasicX509Credential keyInfoCredential = new BasicX509Credential();
+        keyInfoCredential.setEntityCertificate(certificate);
+        X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
+        kiFactory.setEmitPublicKeyValue(true);
+        KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
+        confirmation.setKeyInfo(keyInfo);
+        subject.setSubjectConfirmation(confirmation);
+        return subject;
+    }
+
+    private org.opensaml.saml1.core.Assertion createAuthnAssertionSAML1(
+            org.opensaml.saml1.core.Subject subject) {
+        org.opensaml.saml1.core.AuthenticationStatement authnStatement = 
+            (new org.opensaml.saml1.core.impl.AuthenticationStatementBuilder())
+                .buildObject();
+        authnStatement.setSubject(subject);
+        // authnStatement.setAuthenticationMethod(strAuthMethod);
+
+        DateTime now = new DateTime();
+
+        authnStatement.setAuthenticationInstant(now);
+
+        org.opensaml.saml1.core.Conditions conditions = (new org.opensaml.saml1.core.impl.ConditionsBuilder())
+                .buildObject();
+        conditions.setNotBefore(now.minusMillis(3600000));
+        conditions.setNotOnOrAfter(now.plusMillis(3600000));
+
+        String issuerURL = "http://www.sopera.de/SAML1";
+
+        org.opensaml.saml1.core.Assertion assertion = (new org.opensaml.saml1.core.impl.AssertionBuilder())
+                .buildObject();
+        try {
+            SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
+            assertion.setID(generator.generateIdentifier());
+        } catch (NoSuchAlgorithmException e) {
+            LOG.log(Level.WARNING, e.getMessage(), e);
+        }
+
+        assertion.setIssuer(issuerURL);
+        assertion.setIssueInstant(now);
+        assertion.setVersion(SAMLVersion.VERSION_11);
+
+        assertion.getAuthenticationStatements().add(authnStatement);
+        // assertion.getAttributeStatements().add(attrStatement);
+        assertion.setConditions(conditions);
+
+        return assertion;
+    }
+
+}

Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java Fri Apr  6 15:18:38 2012
@@ -1,194 +1,194 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.joda.time.DateTime;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.KeyInfoConfirmationDataType;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.impl.AssertionBuilder;
-import org.opensaml.saml2.core.impl.AuthnContextBuilder;
-import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
-import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
-import org.opensaml.saml2.core.impl.ConditionsBuilder;
-import org.opensaml.saml2.core.impl.IssuerBuilder;
-import org.opensaml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder;
-import org.opensaml.saml2.core.impl.NameIDBuilder;
-import org.opensaml.saml2.core.impl.SubjectBuilder;
-import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.KeyInfo;
-
-public class Saml2TokenProvider implements TokenProvider {
-
-    private static final String SAML_AUTH_CONTEXT = "ac:classes:X509";
-    private static final String RESPONSE_TOKENTYPE_SAML2 
-        = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
-    private static final Logger LOG = LogUtils.getL7dLogger(Saml2TokenProvider.class);
-
-    public String getResponseTokentype() {
-        return RESPONSE_TOKENTYPE_SAML2;
-    }
-    
-    public String getTokenType() {
-        return SAMLConstants.SAML20_NS;
-    }
-
-    public Element createToken(X509Certificate certificate) {
-        try {
-            Subject subject = createSubject(certificate);
-            Assertion samlAssertion = createAuthnAssertion(subject);
-            return SamlUtils.toDom(samlAssertion).getDocumentElement();
-        } catch (Exception e) {
-            throw new TokenException("Can't serialize SAML assertion", e);
-        }
-    }
-
-    public Element createToken(String username) {
-        Subject subject = createSubject(username);
-        Assertion samlAssertion = createAuthnAssertion(subject);
-
-        try {
-            return SamlUtils.toDom(samlAssertion).getDocumentElement();
-        } catch (Exception e) {
-            throw new TokenException("Can't serialize SAML assertion", e);
-        }
-    }
-
-    public String getTokenId(Element token) {
-        return token.getAttribute(Assertion.ID_ATTRIB_NAME);
-    }
-
-    private Subject createSubject(String username) {
-        NameID nameID = (new NameIDBuilder()).buildObject();
-        nameID.setValue(username);
-        String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
-        if (format != null) {
-            nameID.setFormat(format);
-        }
-
-        Subject subject = (new SubjectBuilder()).buildObject();
-        subject.setNameID(nameID);
-
-        SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
-                .buildObject();
-        confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
-        subject.getSubjectConfirmations().add(confirmation);
-        return subject;
-    }
-
-    private Subject createSubject(X509Certificate certificate) throws Exception {
-        DefaultBootstrap.bootstrap();
-        NameID nameID = (new NameIDBuilder()).buildObject();
-        nameID.setValue(certificate.getSubjectDN().getName());
-        String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
-        if (format != null) {
-            nameID.setFormat(format);
-        }
-        Subject subject = (new SubjectBuilder()).buildObject();
-        subject.setNameID(nameID);
-        SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
-                .buildObject();
-        confirmation.setMethod(SubjectConfirmation.METHOD_HOLDER_OF_KEY);
-        KeyInfoConfirmationDataType keyInfoDataType = new KeyInfoConfirmationDataTypeBuilder()
-                .buildObject();
-        BasicX509Credential keyInfoCredential = new BasicX509Credential();
-        keyInfoCredential.setEntityCertificate(certificate);
-        keyInfoCredential.setPublicKey(certificate.getPublicKey());
-        BasicKeyInfoGeneratorFactory kiFactory = new BasicKeyInfoGeneratorFactory();
-        kiFactory.setEmitPublicKeyValue(true);
-        KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
-        keyInfoDataType.getKeyInfos().add(keyInfo);
-        subject.getSubjectConfirmations().add(confirmation);
-        subject.getSubjectConfirmations().get(0)
-                .setSubjectConfirmationData(keyInfoDataType);
-        return subject;
-    }
-
-    private Assertion createAuthnAssertion(Subject subject) {
-        Assertion assertion = createAssertion(subject);
-
-        AuthnContextClassRef ref = (new AuthnContextClassRefBuilder())
-                .buildObject();
-        String authnCtx = SAML_AUTH_CONTEXT;
-        if (authnCtx != null) {
-            ref.setAuthnContextClassRef(authnCtx);
-        }
-        AuthnContext authnContext = (new AuthnContextBuilder()).buildObject();
-        authnContext.setAuthnContextClassRef(ref);
-
-        AuthnStatement authnStatement = (new AuthnStatementBuilder())
-                .buildObject();
-        authnStatement.setAuthnInstant(new DateTime());
-        authnStatement.setAuthnContext(authnContext);
-
-        assertion.getStatements().add(authnStatement);
-
-        return assertion;
-    }
-
-    private Assertion createAssertion(Subject subject) {
-        Assertion assertion = (new AssertionBuilder()).buildObject();
-        try {
-            SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
-            assertion.setID(generator.generateIdentifier());
-        } catch (NoSuchAlgorithmException e) {
-            LOG.log(Level.WARNING, e.getMessage(), e);
-        }
-
-        DateTime now = new DateTime();
-        assertion.setIssueInstant(now);
-
-        String issuerURL = "http://www.sopera.de/SAML2";
-        if (issuerURL != null) {
-            Issuer issuer = (new IssuerBuilder()).buildObject();
-            issuer.setValue(issuerURL);
-            assertion.setIssuer(issuer);
-        }
-
-        assertion.setSubject(subject);
-
-        Conditions conditions = (new ConditionsBuilder()).buildObject();
-        conditions.setNotBefore(now.minusMillis(3600000));
-        conditions.setNotOnOrAfter(now.plusMillis(3600000));
-        assertion.setConditions(conditions);
-        return assertion;
-    }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.joda.time.DateTime;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.KeyInfoConfirmationDataType;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.impl.AssertionBuilder;
+import org.opensaml.saml2.core.impl.AuthnContextBuilder;
+import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
+import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
+import org.opensaml.saml2.core.impl.ConditionsBuilder;
+import org.opensaml.saml2.core.impl.IssuerBuilder;
+import org.opensaml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder;
+import org.opensaml.saml2.core.impl.NameIDBuilder;
+import org.opensaml.saml2.core.impl.SubjectBuilder;
+import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
+import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.KeyInfo;
+
+public class Saml2TokenProvider implements TokenProvider {
+
+    private static final String SAML_AUTH_CONTEXT = "ac:classes:X509";
+    private static final String RESPONSE_TOKENTYPE_SAML2 
+        = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+    private static final Logger LOG = LogUtils.getL7dLogger(Saml2TokenProvider.class);
+
+    public String getResponseTokentype() {
+        return RESPONSE_TOKENTYPE_SAML2;
+    }
+    
+    public String getTokenType() {
+        return SAMLConstants.SAML20_NS;
+    }
+
+    public Element createToken(X509Certificate certificate) {
+        try {
+            Subject subject = createSubject(certificate);
+            Assertion samlAssertion = createAuthnAssertion(subject);
+            return SamlUtils.toDom(samlAssertion).getDocumentElement();
+        } catch (Exception e) {
+            throw new TokenException("Can't serialize SAML assertion", e);
+        }
+    }
+
+    public Element createToken(String username) {
+        Subject subject = createSubject(username);
+        Assertion samlAssertion = createAuthnAssertion(subject);
+
+        try {
+            return SamlUtils.toDom(samlAssertion).getDocumentElement();
+        } catch (Exception e) {
+            throw new TokenException("Can't serialize SAML assertion", e);
+        }
+    }
+
+    public String getTokenId(Element token) {
+        return token.getAttribute(Assertion.ID_ATTRIB_NAME);
+    }
+
+    private Subject createSubject(String username) {
+        NameID nameID = (new NameIDBuilder()).buildObject();
+        nameID.setValue(username);
+        String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
+        if (format != null) {
+            nameID.setFormat(format);
+        }
+
+        Subject subject = (new SubjectBuilder()).buildObject();
+        subject.setNameID(nameID);
+
+        SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
+                .buildObject();
+        confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+        subject.getSubjectConfirmations().add(confirmation);
+        return subject;
+    }
+
+    private Subject createSubject(X509Certificate certificate) throws Exception {
+        DefaultBootstrap.bootstrap();
+        NameID nameID = (new NameIDBuilder()).buildObject();
+        nameID.setValue(certificate.getSubjectDN().getName());
+        String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
+        if (format != null) {
+            nameID.setFormat(format);
+        }
+        Subject subject = (new SubjectBuilder()).buildObject();
+        subject.setNameID(nameID);
+        SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
+                .buildObject();
+        confirmation.setMethod(SubjectConfirmation.METHOD_HOLDER_OF_KEY);
+        KeyInfoConfirmationDataType keyInfoDataType = new KeyInfoConfirmationDataTypeBuilder()
+                .buildObject();
+        BasicX509Credential keyInfoCredential = new BasicX509Credential();
+        keyInfoCredential.setEntityCertificate(certificate);
+        keyInfoCredential.setPublicKey(certificate.getPublicKey());
+        BasicKeyInfoGeneratorFactory kiFactory = new BasicKeyInfoGeneratorFactory();
+        kiFactory.setEmitPublicKeyValue(true);
+        KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
+        keyInfoDataType.getKeyInfos().add(keyInfo);
+        subject.getSubjectConfirmations().add(confirmation);
+        subject.getSubjectConfirmations().get(0)
+                .setSubjectConfirmationData(keyInfoDataType);
+        return subject;
+    }
+
+    private Assertion createAuthnAssertion(Subject subject) {
+        Assertion assertion = createAssertion(subject);
+
+        AuthnContextClassRef ref = (new AuthnContextClassRefBuilder())
+                .buildObject();
+        String authnCtx = SAML_AUTH_CONTEXT;
+        if (authnCtx != null) {
+            ref.setAuthnContextClassRef(authnCtx);
+        }
+        AuthnContext authnContext = (new AuthnContextBuilder()).buildObject();
+        authnContext.setAuthnContextClassRef(ref);
+
+        AuthnStatement authnStatement = (new AuthnStatementBuilder())
+                .buildObject();
+        authnStatement.setAuthnInstant(new DateTime());
+        authnStatement.setAuthnContext(authnContext);
+
+        assertion.getStatements().add(authnStatement);
+
+        return assertion;
+    }
+
+    private Assertion createAssertion(Subject subject) {
+        Assertion assertion = (new AssertionBuilder()).buildObject();
+        try {
+            SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
+            assertion.setID(generator.generateIdentifier());
+        } catch (NoSuchAlgorithmException e) {
+            LOG.log(Level.WARNING, e.getMessage(), e);
+        }
+
+        DateTime now = new DateTime();
+        assertion.setIssueInstant(now);
+
+        String issuerURL = "http://www.sopera.de/SAML2";
+        if (issuerURL != null) {
+            Issuer issuer = (new IssuerBuilder()).buildObject();
+            issuer.setValue(issuerURL);
+            assertion.setIssuer(issuer);
+        }
+
+        assertion.setSubject(subject);
+
+        Conditions conditions = (new ConditionsBuilder()).buildObject();
+        conditions.setNotBefore(now.minusMillis(3600000));
+        conditions.setNotOnOrAfter(now.plusMillis(3600000));
+        assertion.setConditions(conditions);
+        return assertion;
+    }
+
+}

Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java Fri Apr  6 15:18:38 2012
@@ -1,52 +1,52 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.helpers.DOMUtils;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.ConfigurationException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-
-public final class SamlUtils {
-
-    private SamlUtils() {
-        
-    }
-    
-    public static Document toDom(XMLObject object) throws MarshallingException,
-            ParserConfigurationException, ConfigurationException {
-        Document document = DOMUtils.createDocument();
-
-        DefaultBootstrap.bootstrap();
-
-        Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
-                object);
-        out.marshall(object, document);
-        return document;
-    }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+
+public final class SamlUtils {
+
+    private SamlUtils() {
+        
+    }
+    
+    public static Document toDom(XMLObject object) throws MarshallingException,
+            ParserConfigurationException, ConfigurationException {
+        Document document = DOMUtils.createDocument();
+
+        DefaultBootstrap.bootstrap();
+
+        Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+                object);
+        out.marshall(object, document);
+        return document;
+    }
+
+}

Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java Fri Apr  6 15:18:38 2012
@@ -1,37 +1,37 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import java.security.cert.X509Certificate;
-
-import org.w3c.dom.Element;
-
-public interface TokenProvider {
-
-    String getTokenType();
-
-    Element createToken(String username);
-
-    Element createToken(X509Certificate certificate);
-
-    String getTokenId(Element token);
-    
-    String getResponseTokentype();
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import java.security.cert.X509Certificate;
+
+import org.w3c.dom.Element;
+
+public interface TokenProvider {
+
+    String getTokenType();
+
+    Element createToken(String username);
+
+    Element createToken(X509Certificate certificate);
+
+    String getTokenId(Element token);
+    
+    String getResponseTokentype();
+}

Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh Fri Apr  6 15:18:38 2012
@@ -1,163 +1,163 @@
-#!/bin/sh
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-#
-#
-# This file uses openssl and keytool to generate 2 chains of 3 certificates 
-# CN=Wibble             CN=Cherry
-#             CN=TheRA
-#             CN=TheCA
-# and generates a CRL to revoke the "CN=TheRA" certificate.
-#
-# This file also serves as a specification on what needs to be done to
-# get the underlying CXF to work correctly.
-# For the most part, you need to use only JKS (Java Key Store) formatted
-# keystores and truststores.
-
-
-# Initialize the default openssl DataBase.
-# According to a default /usr/lib/ssl/openssl.cnf file it is ./demoCA
-# Depending on the Openssl version, comment out "crlnumber" in config file.
-# We echo 1345 to start the certificate serial number counter.
-
-    rm -rf demoCA
-    mkdir -p demoCA/newcerts
-    cp /dev/null demoCA/index.txt
-    echo "1345" > demoCA/serial
-
-# This file makes sure that the certificate for CN=TheRA can be a Certificate
-# Authority, i.e. can sign the user certificates, e.g. "CN=Wibble".
-
-cat <<EOF > exts
-[x509_extensions]
-basicConstraints=CA:TRUE
-EOF
-
-# Create the CA's keypair and self-signed certificate
-#   -x509 means create self-sign cert
-#   -keyout means generate keypair
-#   -nodes means do not encrypt private key.
-#   -set_serial sets the serial number of the certificate
-
-    openssl req -verbose -x509 -new -nodes -set_serial 1234 \
-    -subj "/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
-    -days 7300 -out cacert.pem -keyout caprivkey.pem 
-
-# Create the RA's keypair and Certificate Request
-#    without -x509, we generate an x509 cert request.
-#   -keyout means generate keypair
-#   -nodes means do not encrypt private key.
-
-    openssl req -verbose -new -nodes \
-    -subj "/CN=TheRA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
-    -days 7300 -out csrra.pem -keyout raprivkey.pem 
-
-# Have the CN=TheCA issue a certificate for the CN=TheRA
-# We need -extfile exts -extenstions x509_extensions to make sure 
-# CN=TheRA can be a Certificate Authority.
-
-    openssl ca -batch -days 7300 -cert cacert.pem -keyfile caprivkey.pem \
-    -in csrra.pem -out ra-ca-cert.pem -extfile exts -extensions x509_extensions
-
-# Create keypairs and Cert Request for a certificate for CN=Wibble and CN=Cherry
-# This procedure must be done in JKS, because we need to use a JKS keystore.
-# The current version of CXF using PCKS12 will not work for a number of 
-# internal CXF reasons.
-
-    rm -f wibble.jks
-
-    keytool -genkey \
-    -dname "CN=Wibble, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
-    -keystore wibble.jks -storetype jks -storepass password -keypass password
-
-    keytool -certreq -keystore wibble.jks -storetype jks -storepass password \
-    -keypass password -file csrwibble.pem
-
-
-    rm -f cherry.jks
-
-    keytool -genkey \
-    -dname "CN=Cherry, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
-    -keystore cherry.jks -storetype jks -storepass password -keypass password
-
-    keytool -certreq -keystore cherry.jks -storetype jks -storepass password \
-    -keypass password -file csrcherry.pem
-
-
-# Have the CN=TheRA issue a certificate for CN=Wibble and CN=Cherry via
-# their Certificate Requests.
-
-   openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
-   -in csrwibble.pem -out wibble-ra-cert.pem 
-   
-   openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
-   -in csrcherry.pem -out cherry-ra-cert.pem
-
-
-# Rewrite the certificates in PEM only format. This allows us to concatenate
-# them into chains.
-
-    openssl x509 -in cacert.pem -out cacert.pem -outform PEM
-    openssl x509 -in ra-ca-cert.pem -out ra-ca-cert.pem -outform PEM
-    openssl x509 -in wibble-ra-cert.pem -out wibble-ra-cert.pem -outform PEM
-    openssl x509 -in cherry-ra-cert.pem -out cherry-ra-cert.pem -outform PEM
-
-# Create a chain readable by CertificateFactory.getCertificates.
-
-    cat wibble-ra-cert.pem ra-ca-cert.pem cacert.pem > wibble.chain
-    cat cherry-ra-cert.pem ra-ca-cert.pem cacert.pem > cherry.chain
-
-# Replace the certificate in the Wibble keystore with their respective
-# full chains.
-
-    keytool -import -file wibble.chain -keystore wibble.jks -storetype jks \
-    -storepass password -keypass password -noprompt
-
-    keytool -import -file cherry.chain -keystore cherry.jks -storetype jks \
-    -storepass password -keypass password -noprompt
-
-# Revoke the CN=TheRA certificate (happens in the Openssl DB)
-
-    openssl ca -verbose -cert cacert.pem -keyfile caprivkey.pem \
-    -revoke ra-ca-cert.pem -crl_reason keyCompromise 
-
-# Create the CRL from that revocation (from the Openssl DB)
-
-    openssl ca -verbose -gencrl -out ca.crl -cert cacert.pem \
-    -keyfile caprivkey.pem
-
-# Create the Truststore file containing the CA cert.
-
-    rm -f truststore.jks
-    
-    keytool -import -file cacert.pem -alias TheCA -keystore truststore.jks \
-    -storepass password -noprompt
-
-# Uncomment to see what's in the Keystores and CRL
-
-    keytool -v -list -keystore wibble.jks -storepass password
-    
-    keytool -v -list -keystore cherry.jks -storepass password
-    
-    keytool -v -list -keystore truststore.jks -storepass password
-    
-    openssl crl -in ca.crl -text -noout
-
-# Get rid of everything but wibble.chain and ra.crl
-#rm -rf *.pem exts demoCA *pk12
+#!/bin/sh
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+#
+# This file uses openssl and keytool to generate 2 chains of 3 certificates 
+# CN=Wibble             CN=Cherry
+#             CN=TheRA
+#             CN=TheCA
+# and generates a CRL to revoke the "CN=TheRA" certificate.
+#
+# This file also serves as a specification on what needs to be done to
+# get the underlying CXF to work correctly.
+# For the most part, you need to use only JKS (Java Key Store) formatted
+# keystores and truststores.
+
+
+# Initialize the default openssl DataBase.
+# According to a default /usr/lib/ssl/openssl.cnf file it is ./demoCA
+# Depending on the Openssl version, comment out "crlnumber" in config file.
+# We echo 1345 to start the certificate serial number counter.
+
+    rm -rf demoCA
+    mkdir -p demoCA/newcerts
+    cp /dev/null demoCA/index.txt
+    echo "1345" > demoCA/serial
+
+# This file makes sure that the certificate for CN=TheRA can be a Certificate
+# Authority, i.e. can sign the user certificates, e.g. "CN=Wibble".
+
+cat <<EOF > exts
+[x509_extensions]
+basicConstraints=CA:TRUE
+EOF
+
+# Create the CA's keypair and self-signed certificate
+#   -x509 means create self-sign cert
+#   -keyout means generate keypair
+#   -nodes means do not encrypt private key.
+#   -set_serial sets the serial number of the certificate
+
+    openssl req -verbose -x509 -new -nodes -set_serial 1234 \
+    -subj "/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+    -days 7300 -out cacert.pem -keyout caprivkey.pem 
+
+# Create the RA's keypair and Certificate Request
+#    without -x509, we generate an x509 cert request.
+#   -keyout means generate keypair
+#   -nodes means do not encrypt private key.
+
+    openssl req -verbose -new -nodes \
+    -subj "/CN=TheRA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+    -days 7300 -out csrra.pem -keyout raprivkey.pem 
+
+# Have the CN=TheCA issue a certificate for the CN=TheRA
+# We need -extfile exts -extenstions x509_extensions to make sure 
+# CN=TheRA can be a Certificate Authority.
+
+    openssl ca -batch -days 7300 -cert cacert.pem -keyfile caprivkey.pem \
+    -in csrra.pem -out ra-ca-cert.pem -extfile exts -extensions x509_extensions
+
+# Create keypairs and Cert Request for a certificate for CN=Wibble and CN=Cherry
+# This procedure must be done in JKS, because we need to use a JKS keystore.
+# The current version of CXF using PCKS12 will not work for a number of 
+# internal CXF reasons.
+
+    rm -f wibble.jks
+
+    keytool -genkey \
+    -dname "CN=Wibble, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+    -keystore wibble.jks -storetype jks -storepass password -keypass password
+
+    keytool -certreq -keystore wibble.jks -storetype jks -storepass password \
+    -keypass password -file csrwibble.pem
+
+
+    rm -f cherry.jks
+
+    keytool -genkey \
+    -dname "CN=Cherry, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+    -keystore cherry.jks -storetype jks -storepass password -keypass password
+
+    keytool -certreq -keystore cherry.jks -storetype jks -storepass password \
+    -keypass password -file csrcherry.pem
+
+
+# Have the CN=TheRA issue a certificate for CN=Wibble and CN=Cherry via
+# their Certificate Requests.
+
+   openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+   -in csrwibble.pem -out wibble-ra-cert.pem 
+   
+   openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+   -in csrcherry.pem -out cherry-ra-cert.pem
+
+
+# Rewrite the certificates in PEM only format. This allows us to concatenate
+# them into chains.
+
+    openssl x509 -in cacert.pem -out cacert.pem -outform PEM
+    openssl x509 -in ra-ca-cert.pem -out ra-ca-cert.pem -outform PEM
+    openssl x509 -in wibble-ra-cert.pem -out wibble-ra-cert.pem -outform PEM
+    openssl x509 -in cherry-ra-cert.pem -out cherry-ra-cert.pem -outform PEM
+
+# Create a chain readable by CertificateFactory.getCertificates.
+
+    cat wibble-ra-cert.pem ra-ca-cert.pem cacert.pem > wibble.chain
+    cat cherry-ra-cert.pem ra-ca-cert.pem cacert.pem > cherry.chain
+
+# Replace the certificate in the Wibble keystore with their respective
+# full chains.
+
+    keytool -import -file wibble.chain -keystore wibble.jks -storetype jks \
+    -storepass password -keypass password -noprompt
+
+    keytool -import -file cherry.chain -keystore cherry.jks -storetype jks \
+    -storepass password -keypass password -noprompt
+
+# Revoke the CN=TheRA certificate (happens in the Openssl DB)
+
+    openssl ca -verbose -cert cacert.pem -keyfile caprivkey.pem \
+    -revoke ra-ca-cert.pem -crl_reason keyCompromise 
+
+# Create the CRL from that revocation (from the Openssl DB)
+
+    openssl ca -verbose -gencrl -out ca.crl -cert cacert.pem \
+    -keyfile caprivkey.pem
+
+# Create the Truststore file containing the CA cert.
+
+    rm -f truststore.jks
+    
+    keytool -import -file cacert.pem -alias TheCA -keystore truststore.jks \
+    -storepass password -noprompt
+
+# Uncomment to see what's in the Keystores and CRL
+
+    keytool -v -list -keystore wibble.jks -storepass password
+    
+    keytool -v -list -keystore cherry.jks -storepass password
+    
+    keytool -v -list -keystore truststore.jks -storepass password
+    
+    openssl crl -in ca.crl -text -noout
+
+# Get rid of everything but wibble.chain and ra.crl
+#rm -rf *.pem exts demoCA *pk12

Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt Fri Apr  6 15:18:38 2012
@@ -1,3 +1,3 @@
-R	290617153708Z	090622153711Z,keyCompromise	1345	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
-V	290617153710Z		1346	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
-V	290617153710Z		1347	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry
+R	290617153708Z	090622153711Z,keyCompromise	1345	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
+V	290617153710Z		1346	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
+V	290617153710Z		1347	unknown	/C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry

Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java Fri Apr  6 15:18:38 2012
@@ -1,43 +1,43 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.wssec.server;
-
-import java.util.logging.Logger;
-import org.apache.hello_world_soap_http.Greeter;
-
-@javax.jws.WebService(name = "Greeter", serviceName = "SOAPService", 
-                      targetNamespace = "http://apache.org/hello_world_soap_http", 
-                      wsdlLocation = "file:./wsdl/hello_world.wsdl")
-                  
-public class GreeterImpl implements Greeter {
-
-    private static final Logger LOG = 
-        Logger.getLogger(GreeterImpl.class.getPackage().getName());
-    
-    /* (non-Javadoc)
-     * @see org.objectweb.hello_world_soap_http.Greeter#greetMe(java.lang.String)
-     */
-    public String greetMe(String me) {
-        LOG.info("Executing operation greetMe");
-        System.out.println("Executing operation greetMe");
-        System.out.println("Message received: " + me + "\n");
-        return "Hello " + me;
-    }
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.wssec.server;
+
+import java.util.logging.Logger;
+import org.apache.hello_world_soap_http.Greeter;
+
+@javax.jws.WebService(name = "Greeter", serviceName = "SOAPService", 
+                      targetNamespace = "http://apache.org/hello_world_soap_http", 
+                      wsdlLocation = "file:./wsdl/hello_world.wsdl")
+                  
+public class GreeterImpl implements Greeter {
+
+    private static final Logger LOG = 
+        Logger.getLogger(GreeterImpl.class.getPackage().getName());
+    
+    /* (non-Javadoc)
+     * @see org.objectweb.hello_world_soap_http.Greeter#greetMe(java.lang.String)
+     */
+    public String greetMe(String me) {
+        LOG.info("Executing operation greetMe");
+        System.out.println("Executing operation greetMe");
+        System.out.println("Message received: " + me + "\n");
+        return "Hello " + me;
+    }
+}

Propchange: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java Fri Apr  6 15:18:38 2012
@@ -1,101 +1,101 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.transport.http;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.easymock.EasyMock;
-import org.easymock.IMocksControl;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- *
- */
-public class HeadersTest extends Assert {
-    private IMocksControl control;
-    
-    @Before
-    public void setUp() {
-        control = EasyMock.createNiceControl();
-    }
-    
-    @After
-    public void tearDown() {
-        control.verify();
-    }
-    
-    @Test
-    public void setHeadersTest() throws Exception {
-        String[] headerNames = {"Content-Type", "authorization", "soapAction"};
-        String[] headerValues = {"text/xml", "Basic Zm9vOmJhcg==", "foo"};
-        Map<String, List<String>> inmap = new HashMap<String, List<String>>();
-        for (int i = 0; i < headerNames.length; i++) {
-            inmap.put(headerNames[i], Arrays.asList(headerValues[i]));
-        }
-        
-        HttpServletRequest req = control.createMock(HttpServletRequest.class);
-        EasyMock.expect(req.getHeaderNames()).andReturn(Collections.enumeration(inmap.keySet()));
-        for (int i = 0; i < headerNames.length; i++) {
-            EasyMock.expect(req.getHeaders(headerNames[i])).
-                andReturn(Collections.enumeration(inmap.get(headerNames[i])));
-        }
-        EasyMock.expect(req.getContentType()).andReturn(headerValues[0]).anyTimes();
-        
-        control.replay();
-
-        Message message = new MessageImpl();
-        message.put(AbstractHTTPDestination.HTTP_REQUEST, req);
-        
-        Headers headers = new Headers(message);
-        headers.copyFromRequest(req);
-        
-        Map<String, List<String>> protocolHeaders = 
-            CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
-        
-        assertTrue("unexpected size", protocolHeaders.size() == headerNames.length);
-        
-        assertEquals("unexpected header", protocolHeaders.get("Content-Type").get(0), headerValues[0]);
-        assertEquals("unexpected header", protocolHeaders.get("content-type").get(0), headerValues[0]);
-        assertEquals("unexpected header", protocolHeaders.get("CONTENT-TYPE").get(0), headerValues[0]);
-        assertEquals("unexpected header", protocolHeaders.get("content-TYPE").get(0), headerValues[0]);
-
-        assertEquals("unexpected header", protocolHeaders.get("Authorization").get(0), headerValues[1]);
-        assertEquals("unexpected header", protocolHeaders.get("authorization").get(0), headerValues[1]);
-        assertEquals("unexpected header", protocolHeaders.get("AUTHORIZATION").get(0), headerValues[1]);
-        assertEquals("unexpected header", protocolHeaders.get("authoriZATION").get(0), headerValues[1]);
-        
-        assertEquals("unexpected header", protocolHeaders.get("SOAPAction").get(0), headerValues[2]);
-        assertEquals("unexpected header", protocolHeaders.get("soapaction").get(0), headerValues[2]);
-        assertEquals("unexpected header", protocolHeaders.get("SOAPACTION").get(0), headerValues[2]);
-        assertEquals("unexpected header", protocolHeaders.get("soapAction").get(0), headerValues[2]);
-        
-    }
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.http;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.easymock.EasyMock;
+import org.easymock.IMocksControl;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class HeadersTest extends Assert {
+    private IMocksControl control;
+    
+    @Before
+    public void setUp() {
+        control = EasyMock.createNiceControl();
+    }
+    
+    @After
+    public void tearDown() {
+        control.verify();
+    }
+    
+    @Test
+    public void setHeadersTest() throws Exception {
+        String[] headerNames = {"Content-Type", "authorization", "soapAction"};
+        String[] headerValues = {"text/xml", "Basic Zm9vOmJhcg==", "foo"};
+        Map<String, List<String>> inmap = new HashMap<String, List<String>>();
+        for (int i = 0; i < headerNames.length; i++) {
+            inmap.put(headerNames[i], Arrays.asList(headerValues[i]));
+        }
+        
+        HttpServletRequest req = control.createMock(HttpServletRequest.class);
+        EasyMock.expect(req.getHeaderNames()).andReturn(Collections.enumeration(inmap.keySet()));
+        for (int i = 0; i < headerNames.length; i++) {
+            EasyMock.expect(req.getHeaders(headerNames[i])).
+                andReturn(Collections.enumeration(inmap.get(headerNames[i])));
+        }
+        EasyMock.expect(req.getContentType()).andReturn(headerValues[0]).anyTimes();
+        
+        control.replay();
+
+        Message message = new MessageImpl();
+        message.put(AbstractHTTPDestination.HTTP_REQUEST, req);
+        
+        Headers headers = new Headers(message);
+        headers.copyFromRequest(req);
+        
+        Map<String, List<String>> protocolHeaders = 
+            CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
+        
+        assertTrue("unexpected size", protocolHeaders.size() == headerNames.length);
+        
+        assertEquals("unexpected header", protocolHeaders.get("Content-Type").get(0), headerValues[0]);
+        assertEquals("unexpected header", protocolHeaders.get("content-type").get(0), headerValues[0]);
+        assertEquals("unexpected header", protocolHeaders.get("CONTENT-TYPE").get(0), headerValues[0]);
+        assertEquals("unexpected header", protocolHeaders.get("content-TYPE").get(0), headerValues[0]);
+
+        assertEquals("unexpected header", protocolHeaders.get("Authorization").get(0), headerValues[1]);
+        assertEquals("unexpected header", protocolHeaders.get("authorization").get(0), headerValues[1]);
+        assertEquals("unexpected header", protocolHeaders.get("AUTHORIZATION").get(0), headerValues[1]);
+        assertEquals("unexpected header", protocolHeaders.get("authoriZATION").get(0), headerValues[1]);
+        
+        assertEquals("unexpected header", protocolHeaders.get("SOAPAction").get(0), headerValues[2]);
+        assertEquals("unexpected header", protocolHeaders.get("soapaction").get(0), headerValues[2]);
+        assertEquals("unexpected header", protocolHeaders.get("SOAPACTION").get(0), headerValues[2]);
+        assertEquals("unexpected header", protocolHeaders.get("soapAction").get(0), headerValues[2]);
+        
+    }
+}

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCacheFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/MemoryReplayCacheFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/ReplayCacheFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorEncryptionTokenBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorSignatureTokenBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientEncryptionTokenBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientSignatureTokenBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/GCMAlgorithmSuite.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native