Return-Path: 
 <commits-return-19889-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D43C0969A
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu, 17 May 2012 10:51:59 +0000 (UTC)
Received: (qmail 60736 invoked by uid 500); 17 May 2012 10:51:59 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 60573 invoked by uid 500); 17 May 2012 10:51:57 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 60520 invoked by uid 99); 17 May 2012 10:51:56 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 May 2012 10:51:56 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 May 2012 10:51:54 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id A19CD238890B;
	Thu, 17 May 2012 10:51:34 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1339546 -
 /cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
Date: Thu, 17 May 2012 10:51:34 -0000
To: commits@cxf.apache.org
From: coheigea@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120517105134.A19CD238890B@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: coheigea
Date: Thu May 17 10:51:34 2012
New Revision: 1339546

URL: http://svn.apache.org/viewvc?rev=1339546&view=rev
Log:
Update to how SAML Tokens are renewed

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java?rev=1339546&r1=1339545&r2=1339546&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java Thu May 17 10:51:34 2012
@@ -190,18 +190,19 @@ public class SAMLTokenRenewer implements
             // Validate the Assertion
             validateAssertion(assertion, tokenToRenew, cachedToken, tokenParameters);
             
-            String oldId = createNewId(assertion);
+            AssertionWrapper renewedAssertion = new AssertionWrapper(assertion.getXmlObject());
+            String oldId = createNewId(renewedAssertion);
             // Remove the previous token (now expired) from the cache
             tokenStore.remove(oldId);
             tokenStore.remove(Integer.toString(hash));
             
             // Create new Conditions & sign the Assertion
-            createNewConditions(assertion, tokenParameters);
-            signAssertion(assertion, tokenParameters);
+            createNewConditions(renewedAssertion, tokenParameters);
+            signAssertion(renewedAssertion, tokenParameters);
             
             Document doc = DOMUtils.createDocument();
-            Element token = assertion.toDOM(doc);
-            if (assertion.getSaml1() != null) {
+            Element token = renewedAssertion.toDOM(doc);
+            if (renewedAssertion.getSaml1() != null) {
                 token.setIdAttributeNS(null, "AssertionID", true);
             } else {
                 token.setIdAttributeNS(null, "ID", true);
@@ -210,22 +211,22 @@ public class SAMLTokenRenewer implements
             
             // Cache the token
             storeTokenInCache(
-                tokenStore, assertion, tokenParameters.getPrincipal(), tokenParameters.getRealm()
+                tokenStore, renewedAssertion, tokenParameters.getPrincipal(), tokenParameters.getRealm()
             );
             
             response.setToken(token);
-            response.setTokenId(assertion.getId());
+            response.setTokenId(renewedAssertion.getId());
             
             DateTime validFrom = null;
             DateTime validTill = null;
             long lifetime = 0;
-            if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-                validFrom = assertion.getSaml2().getConditions().getNotBefore();
-                validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
+            if (renewedAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
+                validFrom = renewedAssertion.getSaml2().getConditions().getNotBefore();
+                validTill = renewedAssertion.getSaml2().getConditions().getNotOnOrAfter();
                 lifetime = validTill.getMillis() - validFrom.getMillis();
             } else {
-                validFrom = assertion.getSaml1().getConditions().getNotBefore();
-                validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
+                validFrom = renewedAssertion.getSaml1().getConditions().getNotBefore();
+                validTill = renewedAssertion.getSaml1().getConditions().getNotOnOrAfter();
                 lifetime = validTill.getMillis() - validFrom.getMillis();
             }
             response.setLifetime(lifetime / 1000);