cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1485693 [2/14] - in /cxf/trunk: ./ distribution/src/main/release/samples/sts/src/main/java/demo/wssec/client/ distribution/src/main/release/samples/sts/src/main/java/demo/wssec/server/ distribution/src/main/release/samples/sts/src/main/jav...
Date Thu, 23 May 2013 13:17:32 GMT
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java Thu May 23 13:17:26 2013
@@ -39,20 +39,21 @@ import org.apache.cxf.common.util.Base64
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.rs.security.common.SecurityUtils;
 import org.apache.cxf.rs.security.xml.EncryptionUtils;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.SAMLUtil;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SamlAssertionValidator;
-import org.apache.ws.security.validate.SignatureTrustValidator;
-import org.apache.ws.security.validate.Validator;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.wss4j.dom.validate.SignatureTrustValidator;
+import org.apache.wss4j.dom.validate.Validator;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.utils.Constants;
@@ -97,14 +98,14 @@ public class SAMLProtocolResponseValidat
         if (samlResponse.getStatus() == null
             || samlResponse.getStatus().getStatusCode() == null) {
             LOG.fine("Either the SAML Response Status or StatusCode is null");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         if (!SAML2_STATUSCODE_SUCCESS.equals(samlResponse.getStatus().getStatusCode().getValue())) {
             LOG.fine(
                 "SAML Status code of " + samlResponse.getStatus().getStatusCode().getValue()
                 + "does not equal " + SAML2_STATUSCODE_SUCCESS
             );
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         validateResponseAgainstSchemas(samlResponse);
@@ -119,13 +120,13 @@ public class SAMLProtocolResponseValidat
             
             Element decAssertion = decryptAssertion(encryptedDataDOM, sigCrypto, callbackHandler);
             
-            AssertionWrapper wrapper = new AssertionWrapper(decAssertion);
+            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(decAssertion);
             samlResponse.getAssertions().add(wrapper.getSaml2());
         }
 
         // Validate Assertions
         for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
-            AssertionWrapper wrapper = new AssertionWrapper(assertion);
+            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
             validateAssertion(wrapper, sigCrypto, callbackHandler, doc);
         }
     }
@@ -147,7 +148,7 @@ public class SAMLProtocolResponseValidat
             || samlResponse.getStatus().getStatusCode() == null
             || samlResponse.getStatus().getStatusCode().getValue() == null) {
             LOG.fine("Either the SAML Response Status or StatusCode is null");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         String statusValue = samlResponse.getStatus().getStatusCode().getValue().getLocalPart();
         if (!SAML1_STATUSCODE_SUCCESS.equals(statusValue)) {
@@ -155,7 +156,7 @@ public class SAMLProtocolResponseValidat
                 "SAML Status code of " + samlResponse.getStatus().getStatusCode().getValue()
                 + "does not equal " + SAML1_STATUSCODE_SUCCESS
             );
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
 
         validateResponseAgainstSchemas(samlResponse);
@@ -163,7 +164,7 @@ public class SAMLProtocolResponseValidat
 
         // Validate Assertions
         for (org.opensaml.saml1.core.Assertion assertion : samlResponse.getAssertions()) {
-            AssertionWrapper wrapper = new AssertionWrapper(assertion);
+            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
             validateAssertion(
                 wrapper, sigCrypto, callbackHandler, samlResponse.getDOM().getOwnerDocument()
             );
@@ -183,7 +184,7 @@ public class SAMLProtocolResponseValidat
             schemaValidators.validate(samlResponse);
         } catch (ValidationException e) {
             LOG.log(Level.FINE, "Saml Validation error: " + e.getMessage(), e);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
     
@@ -200,7 +201,7 @@ public class SAMLProtocolResponseValidat
             schemaValidators.validate(samlResponse);
         } catch (ValidationException e) {
             LOG.log(Level.FINE, "Saml Validation error: " + e.getMessage(), e);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
     
@@ -250,19 +251,17 @@ public class SAMLProtocolResponseValidat
         CallbackHandler callbackHandler
     ) throws WSSecurityException {
         RequestData requestData = new RequestData();
-        requestData.setSigCrypto(sigCrypto);
+        requestData.setSigVerCrypto(sigCrypto);
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         requestData.setWssConfig(wssConfig);
         requestData.setCallbackHandler(callbackHandler);
-        WSDocInfo docInfo = new WSDocInfo(doc);
         
         KeyInfo keyInfo = signature.getKeyInfo();
         SAMLKeyInfo samlKeyInfo = null;
         try {
             samlKeyInfo = 
                 SAMLUtil.getCredentialFromKeyInfo(
-                    keyInfo.getDOM(), requestData, docInfo, 
-                    requestData.getWssConfig().isWsiBSPCompliant()
+                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)), sigCrypto
                 );
         } catch (WSSecurityException ex) {
             LOG.log(Level.FINE, "Error in getting KeyInfo from SAML Response: " + ex.getMessage(), ex);
@@ -270,7 +269,7 @@ public class SAMLProtocolResponseValidat
         }
         if (samlKeyInfo == null) {
             LOG.fine("No KeyInfo supplied in the SAMLResponse signature");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // Validate Signature against profiles
@@ -285,7 +284,7 @@ public class SAMLProtocolResponseValidat
             signatureValidator.validate(trustCredential, requestData);
         } catch (WSSecurityException e) {
             LOG.log(Level.FINE, "Error in validating signature on SAML Response: " + e.getMessage(), e);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
     
@@ -302,7 +301,7 @@ public class SAMLProtocolResponseValidat
             validator.validate(signature);
         } catch (ValidationException ex) {
             LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
 
         BasicX509Credential credential = new BasicX509Credential();
@@ -312,14 +311,14 @@ public class SAMLProtocolResponseValidat
             credential.setPublicKey(samlKeyInfo.getPublicKey());
         } else {
             LOG.fine("Can't get X509Certificate or PublicKey to verify signature");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         SignatureValidator sigValidator = new SignatureValidator(credential);
         try {
             sigValidator.validate(signature);
         } catch (ValidationException ex) {
             LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
     
@@ -327,16 +326,16 @@ public class SAMLProtocolResponseValidat
      * Validate an internal Assertion
      */
     private void validateAssertion(
-        AssertionWrapper assertion,
+        SamlAssertionWrapper assertion,
         Crypto sigCrypto,
         CallbackHandler callbackHandler,
         Document doc
     ) throws WSSecurityException {
         Credential credential = new Credential();
-        credential.setAssertion(assertion);
+        credential.setSamlAssertion(assertion);
         
         RequestData requestData = new RequestData();
-        requestData.setSigCrypto(sigCrypto);
+        requestData.setSigVerCrypto(sigCrypto);
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         requestData.setWssConfig(wssConfig);
         requestData.setCallbackHandler(callbackHandler);
@@ -350,11 +349,22 @@ public class SAMLProtocolResponseValidat
             
             // Verify the signature
             try {
-                assertion.verifySignature(requestData, new WSDocInfo(doc));
+                Signature sig = assertion.getSignature();
+                KeyInfo keyInfo = sig.getKeyInfo();
+                SAMLKeyInfo samlKeyInfo = 
+                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
+                        keyInfo.getDOM(), sigCrypto
+                    );
+                assertion.verifySignature(samlKeyInfo);
+                
+                assertion.parseHOKSubject(
+                    new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)),
+                    requestData.getSigVerCrypto(), 
+                    requestData.getCallbackHandler()
+                );
             } catch (WSSecurityException e) {
-                e.printStackTrace();
                 LOG.log(Level.FINE, "Assertion failed signature validation", e);
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw e;
             }
         }
         
@@ -363,7 +373,7 @@ public class SAMLProtocolResponseValidat
             assertionValidator.validate(credential, requestData);
         } catch (WSSecurityException ex) {
             LOG.log(Level.FINE, "Assertion validation failed: " + ex.getMessage(), ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw ex;
         }
     }
     
@@ -373,13 +383,13 @@ public class SAMLProtocolResponseValidat
         Element encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey", 0);
         if (encKeyElement == null) {
             LOG.log(Level.FINE, "EncryptedKey element is not available");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         X509Certificate cert = loadCertificate(sigCrypto, encKeyElement);
         if (cert == null) {
             LOG.fine("X509Certificate cannot be retrieved from EncryptedKey element");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // now start decrypting
@@ -389,12 +399,12 @@ public class SAMLProtocolResponseValidat
         Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS, "CipherValue", 0);
         if (cipherValue == null) {
             LOG.fine("CipherValue element is not available");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
 
         if (callbackHandler == null) {
             LOG.fine("A CallbackHandler must be configured to decrypt encrypted Assertions");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         PrivateKey key = null;
@@ -402,7 +412,7 @@ public class SAMLProtocolResponseValidat
             key = sigCrypto.getPrivateKey(cert, callbackHandler);
         } catch (Exception ex) {
             LOG.log(Level.FINE, "Encrypted key can not be decrypted", ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         Cipher cipher = 
                 EncryptionUtils.initCipherWithKey(keyEncAlgo, digestAlgo, Cipher.DECRYPT_MODE, key);
@@ -412,10 +422,10 @@ public class SAMLProtocolResponseValidat
             decryptedBytes = cipher.doFinal(encryptedBytes);
         } catch (Base64Exception ex) {
             LOG.log(Level.FINE, "Base64 decoding has failed", ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         } catch (Exception ex) {
             LOG.log(Level.FINE, "Encrypted key can not be decrypted", ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         String symKeyAlgo = getEncodingMethodAlgorithm(encryptedDataDOM);
@@ -425,7 +435,7 @@ public class SAMLProtocolResponseValidat
             decryptedPayload = decryptPayload(encryptedDataDOM, decryptedBytes, symKeyAlgo);
         } catch (Exception ex) {
             LOG.log(Level.FINE, "Payload can not be decrypted", ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         Document payloadDoc = null;
@@ -435,7 +445,7 @@ public class SAMLProtocolResponseValidat
             return payloadDoc.getDocumentElement();
         } catch (Exception ex) {
             LOG.log(Level.FINE, "Payload document can not be created", ex);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
         
@@ -456,7 +466,7 @@ public class SAMLProtocolResponseValidat
                 return SecurityUtils.loadX509Certificate(crypto, certNode);
             } catch (Exception ex) {
                 LOG.log(Level.FINE, "X509Certificate can not be created", ex);
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
         }
     
@@ -466,7 +476,7 @@ public class SAMLProtocolResponseValidat
                 return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
             } catch (Exception ex) {
                 LOG.log(Level.FINE, "X509Certificate can not be created", ex);
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
         }
 
@@ -477,7 +487,7 @@ public class SAMLProtocolResponseValidat
         Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
         if (encMethod == null) {
             LOG.fine("EncryptionMethod element is not available");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         return encMethod.getAttribute("Algorithm");
     }
@@ -503,9 +513,7 @@ public class SAMLProtocolResponseValidat
                 EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key);
             return xmlCipher.decryptToByteArray(root);
         } catch (XMLEncryptionException ex) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
-            );
+            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
         }
     }
 

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java Thu May 23 13:17:26 2013
@@ -25,9 +25,9 @@ import java.util.logging.Logger;
 import org.w3c.dom.Element;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.DOM2Writer;
 import org.opensaml.saml2.core.AudienceRestriction;
 import org.opensaml.saml2.core.AuthnStatement;
 
@@ -79,7 +79,7 @@ public class SAMLSSOResponseValidator {
         // The Response must contain at least one Assertion.
         if (samlResponse.getAssertions() == null || samlResponse.getAssertions().isEmpty()) {
             LOG.fine("The Response must contain at least one Assertion");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // The Response must contain a Destination that matches the assertionConsumerURL if it is
@@ -88,7 +88,7 @@ public class SAMLSSOResponseValidator {
         if (samlResponse.isSigned()
             && (destination == null || !destination.equals(assertionConsumerURL))) {
             LOG.fine("The Response must contain a destination that matches the assertion consumer URL");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // Validate Assertions
@@ -98,14 +98,14 @@ public class SAMLSSOResponseValidator {
             // Check the Issuer
             if (assertion.getIssuer() == null) {
                 LOG.fine("Assertion Issuer must not be null");
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
             validateIssuer(assertion.getIssuer());
             
             if (enforceAssertionsSigned && postBinding && assertion.getSignature() == null) {
                 LOG.fine("If the HTTP Post binding is used to deliver the Response, "
                          + "the enclosed assertions must be signed");
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
             
             // Check for AuthnStatements and validate the Subject accordingly
@@ -129,7 +129,7 @@ public class SAMLSSOResponseValidator {
         if (!foundValidSubject) {
             LOG.fine("The Response did not contain any Authentication Statement that matched "
                      + "the Subject Confirmation criteria");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
@@ -153,7 +153,7 @@ public class SAMLSSOResponseValidator {
         if (enforceKnownIssuer && !issuerIDP.startsWith(issuer.getValue())) {
             LOG.fine("Issuer value: " + issuer.getValue() + " does not match issuer IDP: " 
                 + issuerIDP);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // Format must be nameid-format-entity
@@ -161,7 +161,7 @@ public class SAMLSSOResponseValidator {
             && !SAML2Constants.NAMEID_FORMAT_ENTITY.equals(issuer.getFormat())) {
             LOG.fine("Issuer format is not null and does not equal: " 
                 + SAML2Constants.NAMEID_FORMAT_ENTITY);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
     
@@ -193,7 +193,7 @@ public class SAMLSSOResponseValidator {
     ) throws WSSecurityException {
         if (subjectConfData == null) {
             LOG.fine("Subject Confirmation Data of a Bearer Subject Confirmation is null");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // Recipient must match assertion consumer URL
@@ -201,14 +201,14 @@ public class SAMLSSOResponseValidator {
         if (recipient == null || !recipient.equals(assertionConsumerURL)) {
             LOG.fine("Recipient " + recipient + " does not match assertion consumer URL "
                 + assertionConsumerURL);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // We must have a NotOnOrAfter timestamp
         if (subjectConfData.getNotOnOrAfter() == null
             || subjectConfData.getNotOnOrAfter().isBeforeNow()) {
             LOG.fine("Subject Conf Data does not contain NotOnOrAfter or it has expired");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // Need to keep bearer assertion IDs based on NotOnOrAfter to detect replay attacks
@@ -220,7 +220,7 @@ public class SAMLSSOResponseValidator {
                 replayCache.putId(id, ttl / 1000L);
             } else {
                 LOG.fine("Replay attack with token id: " + id);
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
         }
         
@@ -229,19 +229,19 @@ public class SAMLSSOResponseValidator {
             && !subjectConfData.getAddress().equals(clientAddress)) {
             LOG.fine("Subject Conf Data address " + subjectConfData.getAddress() + " does match"
                      + " client address " + clientAddress);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // It must not contain a NotBefore timestamp
         if (subjectConfData.getNotBefore() != null) {
             LOG.fine("The Subject Conf Data must not contain a NotBefore timestamp");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
         // InResponseTo must match the AuthnRequest request Id
         if (requestId != null && !requestId.equals(subjectConfData.getInResponseTo())) {
             LOG.fine("The InResponseTo String does match the original request id " + requestId);
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
     }
@@ -251,13 +251,13 @@ public class SAMLSSOResponseValidator {
     ) throws WSSecurityException {
         if (conditions == null) {
             LOG.fine("Conditions are null");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         List<AudienceRestriction> audienceRestrs = conditions.getAudienceRestrictions();
         if (!matchSaml2AudienceRestriction(spIdentifier, audienceRestrs)) {
             LOG.fine("Assertion does not contain unique subject provider identifier " 
                      + spIdentifier + " in the audience restriction conditions");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
     

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java Thu May 23 13:17:26 2013
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.rs.security.saml.sso;
 
-import org.apache.ws.security.WSConstants;
+import org.apache.wss4j.dom.WSConstants;
 
 public final class SSOConstants {
     public static final String SAML_REQUEST = "SAMLRequest";

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java Thu May 23 13:17:26 2013
@@ -35,12 +35,11 @@ import org.apache.cxf.jaxrs.ext.MessageC
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.util.DOM2Writer;
 import org.opensaml.common.SignableSAMLObject;
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.xml.security.x509.BasicX509Credential;
@@ -126,7 +125,7 @@ public class SamlPostBindingFilter exten
         cryptoType.setAlias(signatureUser);
         X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
         if (issuerCerts == null) {
-            throw new WSSecurityException(
+            throw new Exception(
                 "No issuer certs were found to sign the request using name: " + signatureUser
             );
         }
@@ -140,17 +139,12 @@ public class SamlPostBindingFilter exten
         LOG.fine("Using Signature algorithm " + sigAlgo);
         
         // Get the password
-        WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE)};
+        WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.Usage.SIGNATURE)};
         callbackHandler.handle(cb);
         String password = cb[0].getPassword();
         
         // Get the private key
-        PrivateKey privateKey = null;
-        try {
-            privateKey = crypto.getPrivateKey(signatureUser, password);
-        } catch (Exception ex) {
-            throw new WSSecurityException(ex.getMessage(), ex);
-        }
+        PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
         
         // Create the signature
         Signature signature = OpenSAMLUtil.buildSignature();
@@ -170,7 +164,7 @@ public class SamlPostBindingFilter exten
             KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
             signature.setKeyInfo(keyInfo);
         } catch (org.opensaml.xml.security.SecurityException ex) {
-            throw new WSSecurityException(
+            throw new Exception(
                     "Error generating KeyInfo from signing credential", ex);
         }
         

Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java Thu May 23 13:17:26 2013
@@ -37,12 +37,11 @@ import org.apache.cxf.common.util.Base64
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.util.Base64;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.xml.security.utils.Base64;
 import org.opensaml.saml2.core.AuthnRequest;
 
 public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
@@ -123,7 +122,7 @@ public class SamlRedirectBindingFilter e
         cryptoType.setAlias(signatureUser);
         X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
         if (issuerCerts == null) {
-            throw new WSSecurityException(
+            throw new Exception(
                 "No issuer certs were found to sign the request using name: " + signatureUser
             );
         }
@@ -140,17 +139,12 @@ public class SamlRedirectBindingFilter e
         ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, "UTF-8"));
         
         // Get the password
-        WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE)};
+        WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.Usage.SIGNATURE)};
         callbackHandler.handle(cb);
         String password = cb[0].getPassword();
         
         // Get the private key
-        PrivateKey privateKey = null;
-        try {
-            privateKey = crypto.getPrivateKey(signatureUser, password);
-        } catch (Exception ex) {
-            throw new WSSecurityException(ex.getMessage(), ex);
-        }
+        PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
         
         // Sign the request
         Signature signature = Signature.getInstance(jceSigAlgo);

Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java Thu May 23 13:17:26 2013
@@ -30,20 +30,20 @@ import javax.xml.parsers.DocumentBuilder
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.saml.ext.SAMLCallback;
-import org.apache.ws.security.saml.ext.bean.ActionBean;
-import org.apache.ws.security.saml.ext.bean.AttributeBean;
-import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
-import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.ActionBean;
+import org.apache.wss4j.common.saml.bean.AttributeBean;
+import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
+import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
+import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.message.WSSecEncryptedKey;
 
 /**
  * A base implementation of a Callback Handler for a SAML assertion. By default it creates an

Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java Thu May 23 13:17:26 2013
@@ -29,7 +29,7 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.opensaml.common.SAMLVersion;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;

Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java Thu May 23 13:17:26 2013
@@ -26,7 +26,7 @@ import javax.security.auth.callback.Call
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
 
 /**
  */

Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java Thu May 23 13:17:26 2013
@@ -24,13 +24,13 @@ import java.io.IOException;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.saml.ext.SAMLCallback;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.opensaml.common.SAMLVersion;
 
 /**

Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java Thu May 23 13:17:26 2013
@@ -30,15 +30,17 @@ import javax.xml.parsers.DocumentBuilder
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.components.crypto.Merlin;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-import org.apache.ws.security.util.Loader;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.dom.WSSConfig;
 import org.opensaml.common.SignableSAMLObject;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Status;
@@ -54,6 +56,7 @@ import org.opensaml.xml.signature.Signat
 public class SAMLResponseValidatorTest extends org.junit.Assert {
     
     static {
+        WSSConfig.init();
         OpenSAMLUtil.initSamlEngine();
     }
 
@@ -79,9 +82,9 @@ public class SAMLResponseValidatorTest e
         callbackHandler.setIssuer("http://cxf.apache.org/issuer");
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         response.getAssertions().add(assertion.getSaml2());
         
@@ -118,9 +121,9 @@ public class SAMLResponseValidatorTest e
         callbackHandler.setIssuer("http://cxf.apache.org/issuer");
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         response.getAssertions().add(assertion.getSaml2());
         
@@ -162,9 +165,9 @@ public class SAMLResponseValidatorTest e
         callbackHandler.setIssuer("http://cxf.apache.org/issuer");
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         Crypto issuerCrypto = new Merlin();
         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -220,9 +223,9 @@ public class SAMLResponseValidatorTest e
         callbackHandler.setIssuer("http://cxf.apache.org/issuer");
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         Crypto issuerCrypto = new Merlin();
         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -258,13 +261,14 @@ public class SAMLResponseValidatorTest e
     
     /**
      * Sign a SAML Response
+     * @throws Exception 
      */
     private void signResponse(
         Response response,
         String issuerKeyName,
         String issuerKeyPassword,
         Crypto issuerCrypto
-    ) throws WSSecurityException {
+    ) throws Exception {
         //
         // Create the signature
         //
@@ -276,7 +280,7 @@ public class SAMLResponseValidatorTest e
         cryptoType.setAlias(issuerKeyName);
         X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
         if (issuerCerts == null) {
-            throw new WSSecurityException(
+            throw new Exception(
                     "No issuer certs were found to sign the SAML Assertion using issuer name: "
                             + issuerKeyName);
         }
@@ -288,12 +292,7 @@ public class SAMLResponseValidatorTest e
             sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
         }
         
-        PrivateKey privateKey = null;
-        try {
-            privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
-        } catch (Exception ex) {
-            throw new WSSecurityException(ex.getMessage(), ex);
-        }
+        PrivateKey privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
 
         signature.setSignatureAlgorithm(sigAlgo);
 
@@ -310,7 +309,7 @@ public class SAMLResponseValidatorTest e
             KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
             signature.setKeyInfo(keyInfo);
         } catch (org.opensaml.xml.security.SecurityException ex) {
-            throw new WSSecurityException(
+            throw new Exception(
                     "Error generating KeyInfo from signing credential", ex);
         }
 

Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java Thu May 23 13:17:26 2013
@@ -25,13 +25,14 @@ import javax.xml.parsers.DocumentBuilder
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.joda.time.DateTime;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.Status;
@@ -222,9 +223,9 @@ public class SAMLSSOResponseValidatorTes
         conditions.setAudienceURI("http://service.apache.org");
         callbackHandler.setConditions(conditions);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         response.getAssertions().add(assertion.getSaml2());
         

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java Thu May 23 13:17:26 2013
@@ -33,9 +33,9 @@ import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
 
 public class CryptoLoader {
     

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java Thu May 23 13:17:26 2013
@@ -36,10 +36,10 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.xml.security.utils.Constants;
 
 public final class SecurityUtils {
@@ -82,12 +82,12 @@ public final class SecurityUtils {
     }
     
     public static X509Certificate[] getCertificates(Crypto crypto, String user)
-        throws WSSecurityException {
+        throws Exception {
         CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
         cryptoType.setAlias(user);
         X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
         if (issuerCerts == null || issuerCerts.length == 0) {
-            throw new WSSecurityException(
+            throw new Exception(
                 "No issuer certs were found using issuer name: " + user);
         }
         return issuerCerts;
@@ -117,7 +117,7 @@ public final class SecurityUtils {
     }
     
     public static String getPassword(Message message, String userName, 
-                                     int type, Class<?> callingClass) {
+                                     WSPasswordCallback.Usage type, Class<?> callingClass) {
         CallbackHandler handler = getCallbackHandler(message, callingClass);
         if (handler == null) {
             return null;

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java Thu May 23 13:17:26 2013
@@ -21,18 +21,18 @@ package org.apache.cxf.rs.security.commo
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.SignatureTrustValidator;
 
 public class TrustValidator {
     public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey publicKey) 
         throws WSSecurityException {
         SignatureTrustValidator validator = new SignatureTrustValidator();
         RequestData data = new RequestData();
-        data.setSigCrypto(crypto);
+        data.setSigVerCrypto(crypto);
         
         Credential trustCredential = new Credential();
         trustCredential.setPublicKey(publicKey);

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java Thu May 23 13:17:26 2013
@@ -48,20 +48,24 @@ import org.apache.cxf.rs.security.saml.a
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SamlAssertionValidator;
-import org.apache.ws.security.validate.Validator;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.wss4j.dom.validate.Validator;
 import org.apache.xml.security.signature.XMLSignature;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
 
 @PreMatching
 public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
-
+    
     private static final Logger LOG = 
         LogUtils.getL7dLogger(AbstractSamlInHandler.class);
     
@@ -104,16 +108,16 @@ public abstract class AbstractSamlInHand
         validateToken(message, toWrapper(tokenElement));
     }
     
-    protected AssertionWrapper toWrapper(Element tokenElement) {
+    protected SamlAssertionWrapper toWrapper(Element tokenElement) {
         try {
-            return new AssertionWrapper(tokenElement);
+            return new SamlAssertionWrapper(tokenElement);
         } catch (Exception ex) {
             throwFault("Assertion can not be validated", ex);
         }
         return null;
     }
     
-    protected void validateToken(Message message, AssertionWrapper assertion) {
+    protected void validateToken(Message message, SamlAssertionWrapper assertion) {
         try {
             RequestData data = new RequestData();
             if (assertion.isSigned()) {
@@ -121,7 +125,7 @@ public abstract class AbstractSamlInHand
                 data.setWssConfig(cfg);
                 data.setCallbackHandler(SecurityUtils.getCallbackHandler(message, this.getClass()));
                 try {
-                    data.setSigCrypto(new CryptoLoader().getCrypto(message,
+                    data.setSigVerCrypto(new CryptoLoader().getCrypto(message,
                                                 SecurityConstants.SIGNATURE_CRYPTO,
                                                 SecurityConstants.SIGNATURE_PROPERTIES));
                 } catch (IOException ex) {
@@ -129,14 +133,25 @@ public abstract class AbstractSamlInHand
                 }
                 data.setEnableRevocation(MessageUtils.isTrue(
                     message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
-                assertion.verifySignature(data, null);
-                assertion.parseHOKSubject(data, null);
+                
+                Signature sig = assertion.getSignature();
+                KeyInfo keyInfo = sig.getKeyInfo();
+                SAMLKeyInfo samlKeyInfo = 
+                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
+                        keyInfo.getDOM(), data.getSigVerCrypto()
+                    );
+                
+                assertion.verifySignature(samlKeyInfo);
+                assertion.parseHOKSubject(
+                    new WSSSAMLKeyInfoProcessor(data, null), data.getSigVerCrypto(), 
+                    data.getCallbackHandler()
+                );
             } else if (getTLSCertificates(message) == null) {
                 throwFault("Assertion must be signed", null);
             }
             if (samlValidator != null) {
                 Credential credential = new Credential();
-                credential.setAssertion(assertion);
+                credential.setSamlAssertion(assertion);
                 samlValidator.validate(credential, data);
             }
                 
@@ -149,7 +164,7 @@ public abstract class AbstractSamlInHand
         }
     }
     
-    protected void checkSubjectConfirmationData(Message message, AssertionWrapper assertion) {
+    protected void checkSubjectConfirmationData(Message message, SamlAssertionWrapper assertion) {
         Certificate[] tlsCerts = getTLSCertificates(message);
         if (!checkHolderOfKey(message, assertion, tlsCerts)) {
             throwFault("Holder Of Key claim fails", null);
@@ -162,7 +177,7 @@ public abstract class AbstractSamlInHand
         }
     }
     
-    protected void setSecurityContext(Message message, AssertionWrapper wrapper) {
+    protected void setSecurityContext(Message message, SamlAssertionWrapper wrapper) {
         if (scProvider != null) {
             SecurityContext sc = scProvider.getSecurityContext(message, wrapper);
             message.put(SecurityContext.class, sc);
@@ -188,7 +203,7 @@ public abstract class AbstractSamlInHand
      */
     protected boolean checkSenderVouches(
         Message message,
-        AssertionWrapper assertionWrapper,
+        SamlAssertionWrapper assertionWrapper,
         Certificate[] tlsCerts
     ) {
         //
@@ -231,7 +246,7 @@ public abstract class AbstractSamlInHand
     
     
     protected boolean checkHolderOfKey(Message message,
-                                    AssertionWrapper assertionWrapper,
+                                    SamlAssertionWrapper assertionWrapper,
                                     Certificate[] tlsCerts) {
         List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
         for (String confirmationMethod : confirmationMethods) {
@@ -298,7 +313,7 @@ public abstract class AbstractSamlInHand
         return false;
     }
     
-    protected boolean checkBearer(AssertionWrapper assertionWrapper, Certificate[] tlsCerts) {
+    protected boolean checkBearer(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts) {
         List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
         for (String confirmationMethod : confirmationMethods) {
             boolean isBearer = isMethodBearer(confirmationMethod);

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java Thu May 23 13:17:26 2013
@@ -27,8 +27,8 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSSConfig;
 
 public abstract class AbstractSamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
     
@@ -46,7 +46,7 @@ public abstract class AbstractSamlOutInt
         useDeflateEncoding = deflate;
     }
     
-    protected AssertionWrapper createAssertion(Message message) throws Fault {
+    protected SamlAssertionWrapper createAssertion(Message message) throws Fault {
         return SAMLUtils.createAssertion(message);
         
     }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java Thu May 23 13:17:26 2013
@@ -37,10 +37,11 @@ import org.apache.cxf.rs.security.saml.a
 import org.apache.cxf.rs.security.saml.assertion.Claims;
 import org.apache.cxf.rs.security.saml.assertion.Subject;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.NameID;
@@ -54,7 +55,7 @@ public final class SAMLUtils {
         
     }
     
-    public static Subject getSubject(Message message, AssertionWrapper assertionW) {
+    public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) {
         org.opensaml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
         Subject subject = new Subject();
         NameID nameId = s.getNameID();
@@ -70,7 +71,7 @@ public final class SAMLUtils {
     }
     
     
-    public static Claims getClaims(AssertionWrapper assertionW) {
+    public static Claims getClaims(SamlAssertionWrapper assertionW) {
         // Should we just do a simple DOM parsing without even relying on
         // OpenSaml
         List<Claim> claims = new ArrayList<Claim>();
@@ -91,7 +92,7 @@ public final class SAMLUtils {
         return new Claims(claims);
     }
     
-    public static AssertionWrapper createAssertion(Message message) throws Fault {
+    public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
         CallbackHandler handler = SecurityUtils.getCallbackHandler(
             message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
         boolean selfSignAssertion = 
@@ -101,19 +102,20 @@ public final class SAMLUtils {
         return createAssertion(message, handler, selfSignAssertion);
     }
     
-    public static AssertionWrapper createAssertion(Message message,
+    public static SamlAssertionWrapper createAssertion(Message message,
                                                    CallbackHandler handler) {
         return createAssertion(message, handler, true);
     }
     
-    public static AssertionWrapper createAssertion(Message message,
+    public static SamlAssertionWrapper createAssertion(Message message,
                                                    CallbackHandler handler,
                                                    boolean selfSignAssertion) throws Fault {
             
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(handler);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(handler, samlCallback);
+        
         try {
-            AssertionWrapper assertion = new AssertionWrapper(samlParms);
+            SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
             if (selfSignAssertion) {
                 //--- This code will be moved to a common utility class
                 Crypto crypto = new CryptoLoader().getCrypto(message, 
@@ -127,7 +129,7 @@ public final class SAMLUtils {
                 }
         
                 String password = 
-                    SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, 
+                    SecurityUtils.getPassword(message, user, WSPasswordCallback.Usage.SIGNATURE, 
                             SAMLUtils.class);
                 
                 assertion.signAssertion(user, password, crypto, false);
@@ -142,13 +144,14 @@ public final class SAMLUtils {
         
     }
     
-    public static AssertionWrapper createAssertion(CallbackHandler handler,
+    public static SamlAssertionWrapper createAssertion(CallbackHandler handler,
                                                    SelfSignInfo info) throws Fault {
             
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(handler);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(handler, samlCallback);
+        
         try {
-            AssertionWrapper assertion = new AssertionWrapper(samlParms);
+            SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
             assertion.signAssertion(info.getUser(), 
                                     info.getPassword(), 
                                     info.getCrypto(), 

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java Thu May 23 13:17:26 2013
@@ -30,7 +30,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.xml.AbstractXmlSecOutInterceptor;
 import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor;
 import org.apache.cxf.rs.security.xml.XmlSigOutInterceptor;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 
 
 public class SamlEnvelopedOutInterceptor extends AbstractXmlSecOutInterceptor {
@@ -71,7 +71,7 @@ public class SamlEnvelopedOutInterceptor
         throws Exception {
         
         Element docEl = payloadDoc.getDocumentElement();
-        AssertionWrapper assertion = SAMLUtils.createAssertion(message);
+        SamlAssertionWrapper assertion = SAMLUtils.createAssertion(message);
         
         QName rootName = DOMUtils.getElementQName(payloadDoc.getDocumentElement());
         if (rootName.equals(envelopeQName)) {

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java Thu May 23 13:17:26 2013
@@ -32,7 +32,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageContentsList;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 
 public class SamlFormOutInterceptor extends AbstractSamlOutInterceptor {
     private static final Logger LOG = 
@@ -48,9 +48,9 @@ public class SamlFormOutInterceptor exte
         try {
             Element samlToken = 
                 (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
-            AssertionWrapper assertionWrapper;
+            SamlAssertionWrapper assertionWrapper;
             if (samlToken != null) {
-                assertionWrapper = new AssertionWrapper(samlToken);
+                assertionWrapper = new SamlAssertionWrapper(samlToken);
             } else {
                 assertionWrapper = createAssertion(message);
             }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java Thu May 23 13:17:26 2013
@@ -32,7 +32,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 
 public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
     private static final Logger LOG = 
@@ -42,9 +42,9 @@ public class SamlHeaderOutInterceptor ex
         try {
             Element samlToken = 
                 (Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
-            AssertionWrapper assertionWrapper;
+            SamlAssertionWrapper assertionWrapper;
             if (samlToken != null) {
-                assertionWrapper = new AssertionWrapper(samlToken);
+                assertionWrapper = new SamlAssertionWrapper(samlToken);
             } else {
                 assertionWrapper = createAssertion(message);
             }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java Thu May 23 13:17:26 2013
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.saml.
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 
 public interface SecurityContextProvider {
-    SecurityContext getSecurityContext(Message message, AssertionWrapper wrapper);
+    SecurityContext getSecurityContext(Message message, SamlAssertionWrapper wrapper);
 }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java Thu May 23 13:17:26 2013
@@ -27,7 +27,7 @@ import org.apache.cxf.rs.security.saml.a
 import org.apache.cxf.rs.security.saml.assertion.Claims;
 import org.apache.cxf.rs.security.saml.assertion.Subject;
 import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 
 public class SecurityContextProviderImpl implements SecurityContextProvider {
 
@@ -35,7 +35,7 @@ public class SecurityContextProviderImpl
     private static final String ROLE_NAMEFORMAT_PROPERTY = "org.apache.cxf.saml.claims.role.nameformat";
     
     public SecurityContext getSecurityContext(Message message,
-            AssertionWrapper wrapper) {
+            SamlAssertionWrapper wrapper) {
         Claims claims = getClaims(wrapper);
         Subject subject = getSubject(message, wrapper, claims);
         SecurityContext securityContext = doGetSecurityContext(message, subject, claims);
@@ -46,11 +46,11 @@ public class SecurityContextProviderImpl
         return securityContext;
     }
 
-    protected Claims getClaims(AssertionWrapper wrapper) {
+    protected Claims getClaims(SamlAssertionWrapper wrapper) {
         return SAMLUtils.getClaims(wrapper);
     }
     
-    protected Subject getSubject(Message message, AssertionWrapper wrapper, Claims claims) {
+    protected Subject getSubject(Message message, SamlAssertionWrapper wrapper, Claims claims) {
         return SAMLUtils.getSubject(message, wrapper);
     }
     

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java Thu May 23 13:17:26 2013
@@ -42,15 +42,14 @@ import org.apache.cxf.rs.security.common
 import org.apache.cxf.rs.security.common.TrustValidator;
 import org.apache.cxf.staxutils.W3CDOMStreamReader;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.utils.Constants;
 
-
 public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
     
     private EncryptionProperties encProps;
@@ -265,9 +264,7 @@ public abstract class AbstractXmlEncInHa
                 EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key);
             return xmlCipher.decryptToByteArray(root);
         } catch (XMLEncryptionException ex) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
-            );
+            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
         }
         
     }

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java Thu May 23 13:17:26 2013
@@ -35,7 +35,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.ws.security.WSSConfig;
+import org.apache.wss4j.dom.WSSConfig;
 
 
 public abstract class AbstractXmlSecInHandler {

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java Thu May 23 13:17:26 2013
@@ -40,7 +40,7 @@ import org.apache.cxf.message.MessageCon
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
-import org.apache.ws.security.WSSConfig;
+import org.apache.wss4j.dom.WSSConfig;
 
 
 public abstract class AbstractXmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java Thu May 23 13:17:26 2013
@@ -36,8 +36,8 @@ import org.apache.cxf.rs.security.common
 import org.apache.cxf.rs.security.common.TrustValidator;
 import org.apache.cxf.staxutils.W3CDOMStreamReader;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.signature.Reference;

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java Thu May 23 13:17:26 2013
@@ -28,8 +28,8 @@ import javax.crypto.Cipher;
 import javax.crypto.spec.OAEPParameterSpec;
 import javax.crypto.spec.PSource;
 
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -64,11 +64,11 @@ public final class EncryptionUtils {
             }
         } catch (InvalidKeyException e) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+                WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
             );
         } catch (InvalidAlgorithmParameterException e) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+                WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
             );
         }
         return cipher;
@@ -94,11 +94,11 @@ public final class EncryptionUtils {
             }
         } catch (InvalidKeyException e) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+                WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
             );
         } catch (InvalidAlgorithmParameterException e) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, e
+                WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
             );
         }
         return cipher;
@@ -150,9 +150,7 @@ public final class EncryptionUtils {
             cipher.init(mode, key);
             return cipher;
         } catch (XMLEncryptionException ex) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
-            );
+            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
         }
     }
     



Mime
View raw message