cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1563869 [1/2] - in /cxf/fediz/trunk: ./ examples/wsclientWebapp/webapp/ plugins/core/ plugins/core/src/main/java/org/apache/cxf/fediz/core/ plugins/core/src/main/java/org/apache/cxf/fediz/core/config/ plugins/core/src/main/java/org/apache/...
Date Mon, 03 Feb 2014 13:05:10 GMT
Author: coheigea
Date: Mon Feb  3 13:05:08 2014
New Revision: 1563869

URL: http://svn.apache.org/r1563869
Log:
Upgrading Fediz trunk to use CXF 3.0.0-SNAPSHOT

Modified:
    cxf/fediz/trunk/examples/wsclientWebapp/webapp/pom.xml
    cxf/fediz/trunk/plugins/core/pom.xml
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java
    cxf/fediz/trunk/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
    cxf/fediz/trunk/plugins/spring/pom.xml
    cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
    cxf/fediz/trunk/pom.xml
    cxf/fediz/trunk/services/idp/pom.xml
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ApplicationServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/ClaimServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/IdpServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/RestServiceExceptionMapper.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/rest/TrustedIdpServiceImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/DBLoaderImpl.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPATest.java
    cxf/fediz/trunk/services/idp/src/test/java/org/apache/cxf/fediz/service/idp/util/MetadataWriterTest.java
    cxf/fediz/trunk/services/sts/pom.xml
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/FedizSAMLDelegationHandler.java
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/PasswordCallbackHandler.java
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/UsernamePasswordCallbackHandler.java
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/IdentityMapperImpl.java
    cxf/fediz/trunk/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/realms/SamlRealmCodec.java
    cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/cxf-transport.xml
    cxf/fediz/trunk/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
    cxf/fediz/trunk/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java

Modified: cxf/fediz/trunk/examples/wsclientWebapp/webapp/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webapp/pom.xml?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/examples/wsclientWebapp/webapp/pom.xml (original)
+++ cxf/fediz/trunk/examples/wsclientWebapp/webapp/pom.xml Mon Feb  3 13:05:08 2014
@@ -89,8 +89,20 @@
                     <groupId>org.apache.santuario</groupId>
                 </exclusion>
                 <exclusion>
-                    <artifactId>wss4j</artifactId>
-                    <groupId>org.apache.ws.security</groupId>
+                    <artifactId>wss4j-ws-security-dom</artifactId>
+                    <groupId>org.apache.wss4j</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>wss4j-policy</artifactId>
+                    <groupId>org.apache.wss4j</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>wss4j-ws-security-stax</artifactId>
+                    <groupId>org.apache.wss4j</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>wss4j-ws-security-policy-stax</artifactId>
+                    <groupId>org.apache.wss4j</groupId>
                 </exclusion>
                 <exclusion>
                     <artifactId>ehcache-core</artifactId>

Modified: cxf/fediz/trunk/plugins/core/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/pom.xml?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/pom.xml (original)
+++ cxf/fediz/trunk/plugins/core/pom.xml Mon Feb  3 13:05:08 2014
@@ -39,8 +39,8 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.apache.ws.security</groupId>
-            <artifactId>wss4j</artifactId>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-dom</artifactId>
             <version>${wss4j.version}</version>
             <scope>compile</scope>
         </dependency>

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/EHCacheTokenReplayCache.java Mon Feb  3 13:05:08 2014
@@ -30,7 +30,7 @@ import net.sf.ehcache.config.CacheConfig
 import net.sf.ehcache.config.Configuration;
 import net.sf.ehcache.config.ConfigurationFactory;
 
-import org.apache.ws.security.util.Loader;
+import org.apache.wss4j.common.util.Loader;
 
 /**
  * An in-memory EHCache implementation of the TokenReplayCache interface. 

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/FederationProcessorImpl.java Mon Feb  3 13:05:08 2014
@@ -53,18 +53,19 @@ import org.apache.cxf.fediz.core.spi.Rea
 import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
 import org.apache.cxf.fediz.core.spi.WAuthCallback;
 import org.apache.cxf.fediz.core.util.DOMUtils;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDataRef;
-import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.processor.EncryptedDataProcessor;
-import org.apache.ws.security.processor.Processor;
-import org.apache.ws.security.util.XmlSchemaDateFormat;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDataRef;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.processor.EncryptedDataProcessor;
+import org.apache.wss4j.dom.processor.Processor;
+import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
 import org.joda.time.DateTime;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java Mon Feb  3 13:05:08 2014
@@ -44,13 +44,12 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
 import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
-
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.CertificateStore;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.components.crypto.Merlin;
-import org.apache.ws.security.util.Loader;
+import org.apache.wss4j.common.crypto.CertificateStore;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.Loader;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyManager.java Mon Feb  3 13:05:08 2014
@@ -20,7 +20,7 @@
 package org.apache.cxf.fediz.core.config;
 
 import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Crypto;
 
 public class KeyManager {
     

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java Mon Feb  3 13:05:08 2014
@@ -20,7 +20,7 @@
 package org.apache.cxf.fediz.core.config;
 
 import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Crypto;
 
 public class TrustManager {
     

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java Mon Feb  3 13:05:08 2014
@@ -19,8 +19,6 @@
 
 package org.apache.cxf.fediz.core.metadata;
 
-
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
@@ -42,9 +40,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.core.util.SignatureUtils;
-
-import org.apache.ws.security.util.UUIDGenerator;
-
+import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -76,7 +72,7 @@ public class MetadataWriter {
 
             writer.writeStartDocument();
 
-            String referenceID = "_" + UUIDGenerator.getUUID();
+            String referenceID = IDGenerator.generateID("_");
             writer.writeStartElement("", "EntityDescriptor", SAML2_METADATA_NS);
             writer.writeAttribute("ID", referenceID);
             

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java Mon Feb  3 13:05:08 2014
@@ -44,19 +44,22 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
 import org.apache.cxf.fediz.core.saml.SamlAssertionValidator.TRUST_TYPE;
-
-import org.apache.ws.security.SAMLTokenPrincipal;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.validate.Credential;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
+import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.dom.validate.Credential;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLVersion;
 import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -96,24 +99,33 @@ public class SAMLTokenValidator implemen
             // requestData.setCallbackHandler(new
             // PasswordCallbackHandler(password));
 
-            AssertionWrapper assertion = new AssertionWrapper(token);
+            SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
             if (!assertion.isSigned()) {
                 LOG.warn("Assertion is not signed");
                 throw new ProcessingException(TYPE.TOKEN_NO_SIGNATURE);
             }
             // Verify the signature
             WSDocInfo docInfo = new WSDocInfo(token.getOwnerDocument());
-            assertion.verifySignature(requestData, docInfo);
+            Signature sig = assertion.getSignature();
+            KeyInfo keyInfo = sig.getKeyInfo();
+            SAMLKeyInfo samlKeyInfo = 
+                org.apache.wss4j.common.saml.SAMLUtil.getCredentialFromKeyInfo(
+                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo), 
+                    requestData.getSigVerCrypto()
+                );
+            assertion.verifySignature(samlKeyInfo);
             
-            // Parse the HOK subject if it exists
-            assertion.parseHOKSubject(requestData, docInfo);
+            // Parse the subject if it exists
+            assertion.parseSubject(
+                new WSSSAMLKeyInfoProcessor(requestData, docInfo), requestData.getSigVerCrypto(), 
+                requestData.getCallbackHandler()
+            );
 
             // Now verify trust on the signature
             Credential trustCredential = new Credential();
-            SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo();
             trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
             trustCredential.setCertificates(samlKeyInfo.getCerts());
-            trustCredential.setAssertion(assertion);
+            trustCredential.setSamlAssertion(assertion);
 
             SamlAssertionValidator trustValidator = new SamlAssertionValidator();
             trustValidator.setFutureTTL(config.getMaximumClockSkew().intValue());
@@ -136,7 +148,7 @@ public class SAMLTokenValidator implemen
                 try {
                     for (TrustManager tm: config.getCertificateStores()) {
                         try {
-                            requestData.setSigCrypto(tm.getCrypto());
+                            requestData.setSigVerCrypto(tm.getCrypto());
                             trustValidator.validate(trustCredential, requestData);
                             trusted = true;
                             break;
@@ -190,7 +202,7 @@ public class SAMLTokenValidator implemen
 
             List<String> roles = parseRoles(config, claims);
             
-            SAMLTokenPrincipal p = new SAMLTokenPrincipal(assertion);
+            SAMLTokenPrincipal p = new SAMLTokenPrincipalImpl(assertion);
 
             TokenValidatorResponse response = new TokenValidatorResponse(
                     assertion.getId(), p.getName(), assertionIssuer, roles,
@@ -431,7 +443,7 @@ public class SAMLTokenValidator implemen
     }
 
     
-    private Date getExpires(AssertionWrapper assertion) {
+    private Date getExpires(SamlAssertionWrapper assertion) {
         DateTime validTill = null;
         if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
             validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
@@ -448,7 +460,7 @@ public class SAMLTokenValidator implemen
     /**
      * Check the Conditions of the Assertion.
      */
-    protected boolean isConditionValid(AssertionWrapper assertion, int maxClockSkew) throws WSSecurityException {
+    protected boolean isConditionValid(SamlAssertionWrapper assertion, int maxClockSkew) throws WSSecurityException {
         DateTime validFrom = null;
         DateTime validTill = null;
         if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java Mon Feb  3 13:05:08 2014
@@ -24,9 +24,9 @@ import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 
 /**
  * Some SAML Utility methods
@@ -45,7 +45,7 @@ public final class SAMLUtil  {
      * @param tlsCerts The client certificates
      */
     public static boolean checkHolderOfKey(
-        AssertionWrapper assertionWrapper,
+        SamlAssertionWrapper assertionWrapper,
         Certificate[] tlsCerts
     ) {
         List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java Mon Feb  3 13:05:08 2014
@@ -20,7 +20,6 @@
 package org.apache.cxf.fediz.core.saml;
 
 
-import java.math.BigInteger;
 import java.security.PublicKey;
 import java.security.cert.CertificateExpiredException;
 import java.security.cert.CertificateNotYetValidException;
@@ -32,15 +31,14 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.Validator;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.Validator;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLVersion;
 import org.opensaml.xml.validation.ValidationException;
@@ -120,10 +118,10 @@ public class SamlAssertionValidator impl
      * @throws WSSecurityException on a failed validation
      */
     public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
-        if (credential == null || credential.getAssertion() == null) {
-            throw new WSSecurityException(WSSecurityException.FAILURE, "noCredential");
+        if (credential == null || credential.getSamlAssertion() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
         }
-        AssertionWrapper assertion = credential.getAssertion();
+        SamlAssertionWrapper assertion = credential.getSamlAssertion();
         
         // Check HOK requirements
         String confirmMethod = null;
@@ -134,12 +132,12 @@ public class SamlAssertionValidator impl
         if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) {
             if (assertion.getSubjectKeyInfo() == null) {
                 LOG.debug("There is no Subject KeyInfo to match the holder-of-key subject conf method");
-                throw new WSSecurityException(WSSecurityException.FAILURE, "noKeyInSAMLToken");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKeyInSAMLToken");
             }
             // The assertion must have been signed for HOK
             if (!assertion.isSigned()) {
                 LOG.debug("A holder-of-key assertion must be signed");
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
         }
         
@@ -165,7 +163,7 @@ public class SamlAssertionValidator impl
      * @throws WSSecurityException
      */
     protected Credential verifySignedAssertion(
-        AssertionWrapper assertion,
+        SamlAssertionWrapper assertion,
         RequestData data
     ) throws WSSecurityException {
         Credential credential = new Credential();
@@ -177,41 +175,32 @@ public class SamlAssertionValidator impl
         PublicKey publicKey = credential.getPublicKey();
         Crypto crypto = getCrypto(data);
         if (crypto == null) {
-            throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
         }
         
         if (certs != null && certs.length > 0) {
             validateCertificates(certs);
-            boolean trust = false;
-            boolean enableRevocation = data.isRevocationEnabled();
-            if (certs.length == 1) {
-                trust = verifyTrustInCert(certs[0], crypto, enableRevocation);
-            } else {
-                trust = verifyTrustInCerts(certs, crypto, enableRevocation);
-            }
-            if (trust) {
-                if (signatureTrustType.equals(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS)) {
-                    if (matches(certs[0])) {
-                        return credential;
-                    } else {
-                        throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
-                    }
-                } else {
+            validateCertificates(certs);
+            verifyTrustInCerts(certs, crypto, data, data.isRevocationEnabled());
+            if (signatureTrustType.equals(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS)) {
+                if (matches(certs[0])) {
                     return credential;
+                } else {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
                 }
+            } else {
+                return credential;
             }
         }
         if (publicKey != null) {
-            boolean trust = validatePublicKey(publicKey, crypto);
-            if (trust) {
-                return credential;
-            }
+            validatePublicKey(publicKey, crypto);
+            return credential;
         }
-        throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
+        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
     }
 
     protected Crypto getCrypto(RequestData data) {
-        return data.getSigCrypto();
+        return data.getSigVerCrypto();
     }
 
 
@@ -227,228 +216,56 @@ public class SamlAssertionValidator impl
             }
         } catch (CertificateExpiredException e) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_CHECK, "invalidCert", null, e
+                WSSecurityException.ErrorCode.FAILED_CHECK, "invalidCert", e
             );
         } catch (CertificateNotYetValidException e) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_CHECK, "invalidCert", null, e
+                WSSecurityException.ErrorCode.FAILED_CHECK, "invalidCert", e
             );
         }
     }
     
     /**
-     * Evaluate whether a given certificate should be trusted.
-     * 
-     * Policy used in this implementation:
-     * 1. Search the keystore for the transmitted certificate
-     * 2. Search the keystore for a connection to the transmitted certificate
-     * (that is, search for certificate(s) of the issuer of the transmitted certificate
-     * 3. Verify the trust path for those certificates found because the search for the issuer 
-     * might be fooled by a phony DN (String!)
-     *
-     * @param cert the certificate that should be validated against the keystore
-     * @param crypto A crypto instance to use for trust validation
-     * @param enableRevocation Whether revocation is enabled or not
-     * @return true if the certificate is trusted, false if not
-     * @throws WSSecurityException
-     */
-    protected boolean verifyTrustInCert(
-        X509Certificate cert, 
-        Crypto crypto,
-        boolean enableRevocation
-    ) throws WSSecurityException {
-        String subjectString = cert.getSubjectX500Principal().getName();
-        String issuerString = cert.getIssuerX500Principal().getName();
-        BigInteger issuerSerial = cert.getSerialNumber();
-
-        if (LOG.isDebugEnabled()) {
-            LOG.debug("Transmitted certificate has subject " + subjectString);
-            LOG.debug(
-                "Transmitted certificate has issuer " + issuerString + " (serial " 
-                + issuerSerial + ")"
-            );
-        }
-
-        //
-        // FIRST step - Search the keystore for the transmitted certificate
-        //              If peer trust is enforced then validation fails if
-        //              certificate not found in keystore
-        //
-        boolean isInKeystore = isCertificateInKeyStore(crypto, cert);
-        if (!enableRevocation && isInKeystore) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug(
-                    "Certificate " + subjectString + " found in keystore"
-                );
-            }
-            return true;
-        }
-        if (!isInKeystore && signatureTrustType.equals(TRUST_TYPE.PEER_TRUST)) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug(
-                    "Certificate " + subjectString + " not found in keystore"
-                );
-            }
-            return false;
-        }
-
-        //
-        // SECOND step - Search for the issuer cert (chain) of the transmitted certificate in the 
-        // keystore or the truststore
-        //
-        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SUBJECT_DN);
-        cryptoType.setSubjectDN(issuerString);
-        X509Certificate[] foundCerts = crypto.getX509Certificates(cryptoType);
-
-        // If the certs have not been found, the issuer is not in the keystore/truststore
-        // As a direct result, do not trust the transmitted certificate
-        if (foundCerts == null || foundCerts.length < 1) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug(
-                    "No certs found in keystore for issuer " + issuerString 
-                    + " of certificate for " + subjectString
-                );
-            }
-            return false;
-        }
-
-        //
-        // THIRD step
-        // Check the certificate trust path for the issuer cert chain
-        //
-        if (LOG.isDebugEnabled()) {
-            LOG.debug(
-                "Preparing to validate certificate path for issuer " + issuerString
-            );
-        }
-        //
-        // Form a certificate chain from the transmitted certificate
-        // and the certificate(s) of the issuer from the keystore/truststore
-        //
-        X509Certificate[] x509certs = new X509Certificate[foundCerts.length + 1];
-        x509certs[0] = cert;
-        for (int j = 0; j < foundCerts.length; j++) {
-            x509certs[j + 1] = (X509Certificate)foundCerts[j];
-        }
-
-        //
-        // Use the validation method from the crypto to check whether the subjects' 
-        // certificate was really signed by the issuer stated in the certificate
-        //
-        if (crypto.verifyTrust(x509certs, enableRevocation)) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug(
-                    "Certificate path has been verified for certificate with subject " 
-                     + subjectString
-                );
-            }
-            return true;
-        }
-
-        if (LOG.isDebugEnabled()) {
-            LOG.debug(
-                "Certificate path could not be verified for certificate with subject " 
-                + subjectString
-            );
-        }
-        return false;
-    }
-    
-    /**
-     * Check to see if the certificate argument is in the keystore
-     * @param crypto A Crypto instance to use for trust validation
-     * @param cert The certificate to check
-     * @return true if cert is in the keystore
-     * @throws WSSecurityException
-     */
-    protected boolean isCertificateInKeyStore(
-        Crypto crypto,
-        X509Certificate cert
-    ) throws WSSecurityException {
-        String issuerString = cert.getIssuerX500Principal().getName();
-        BigInteger issuerSerial = cert.getSerialNumber();
-        
-        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
-        cryptoType.setIssuerSerial(issuerString, issuerSerial);
-        X509Certificate[] foundCerts = crypto.getX509Certificates(cryptoType);
-
-        //
-        // If a certificate has been found, the certificates must be compared
-        // to ensure against phony DNs (compare encoded form including signature)
-        //
-        if (foundCerts != null && foundCerts[0] != null && foundCerts[0].equals(cert)) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug(
-                    "Direct trust for certificate with " + cert.getSubjectX500Principal().getName()
-                );
-            }
-            return true;
-        }
-        if (LOG.isDebugEnabled()) {
-            LOG.debug(
-                "No certificate found for subject from issuer with " + issuerString 
-                + " (serial " + issuerSerial + ")"
-            );
-        }
-        return false;
-    }
-    
-    /**
      * Evaluate whether the given certificate chain should be trusted.
      * 
      * @param certificates the certificate chain that should be validated against the keystore
      * @param crypto A Crypto instance
+     * @param data A RequestData instance
      * @param enableRevocation Whether revocation is enabled or not
-     * @return true if the certificate chain is trusted, false if not
-     * @throws WSSecurityException
+     * @throws WSSecurityException if the certificate chain is not trusted
      */
-    protected boolean verifyTrustInCerts(
+    protected void verifyTrustInCerts(
         X509Certificate[] certificates, 
         Crypto crypto,
+        RequestData data,
         boolean enableRevocation
     ) throws WSSecurityException {
-        if (certificates == null || certificates.length < 2) {
-            return false;
-        }
-        
         String subjectString = certificates[0].getSubjectX500Principal().getName();
         //
         // Use the validation method from the crypto to check whether the subjects' 
         // certificate was really signed by the issuer stated in the certificate
         //
-        if (crypto.verifyTrust(certificates, enableRevocation)) {
-            if (LOG.isDebugEnabled()) {
-                LOG.debug(
-                    "Certificate path has been verified for certificate with subject " 
-                    + subjectString
-                );
-            }
-            return true;
-        }
-        
+        crypto.verifyTrust(certificates, enableRevocation);
         if (LOG.isDebugEnabled()) {
             LOG.debug(
-                "Certificate path could not be verified for certificate with subject " 
-                + subjectString
+                "Certificate path has been verified for certificate with subject " + subjectString
             );
         }
-            
-        return false;
     }
     
     /**
      * Validate a public key
      * @throws WSSecurityException
      */
-    protected boolean validatePublicKey(PublicKey publicKey, Crypto crypto) 
+    protected void validatePublicKey(PublicKey publicKey, Crypto crypto) 
         throws WSSecurityException {
-        return crypto.verifyTrust(publicKey);
+        crypto.verifyTrust(publicKey);
     }
     
     /**
      * Check the Conditions of the Assertion.
      */
-    protected void checkConditions(AssertionWrapper assertion) throws WSSecurityException {
+    protected void checkConditions(SamlAssertionWrapper assertion) throws WSSecurityException {
         DateTime validFrom = null;
         DateTime validTill = null;
         if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
@@ -466,20 +283,20 @@ public class SamlAssertionValidator impl
             currentTime = currentTime.plusSeconds(futureTTL);
             if (validFrom.isAfter(currentTime)) {
                 LOG.debug("SAML Token condition (Not Before) not met");
-                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
         }
 
         if (validTill != null && validTill.isBeforeNow()) {
             LOG.debug("SAML Token condition (Not On Or After) not met");
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
     
     /**
      * Validate the assertion against schemas/profiles
      */
-    protected void validateAssertion(AssertionWrapper assertion) throws WSSecurityException {
+    protected void validateAssertion(SamlAssertionWrapper assertion) throws WSSecurityException {
         if (assertion.getSaml1() != null) {
             ValidatorSuite schemaValidators = 
                 org.opensaml.Configuration.getValidatorSuite("saml1-schema-validator");
@@ -491,7 +308,7 @@ public class SamlAssertionValidator impl
             } catch (ValidationException e) {
                 LOG.debug("Saml Validation error: " + e.getMessage(), e);
                 throw new WSSecurityException(
-                    WSSecurityException.FAILURE, "invalidSAMLsecurity", null, e
+                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", null, e
                 );
             }
         } else if (assertion.getSaml2() != null) {
@@ -505,7 +322,7 @@ public class SamlAssertionValidator impl
             } catch (ValidationException e) {
                 LOG.debug("Saml Validation error: " + e.getMessage(), e);
                 throw new WSSecurityException(
-                    WSSecurityException.FAILURE, "invalidSAMLsecurity", null, e
+                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", null, e
                 );
             }
         }

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java Mon Feb  3 13:05:08 2014
@@ -27,13 +27,11 @@ import java.security.cert.CertificateFac
 import java.security.cert.X509Certificate;
 import java.util.Properties;
 
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.CredentialException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.components.crypto.Merlin;
-
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -98,9 +96,6 @@ public final class CertsUtils {
         } catch (IOException ex) {
             LOG.error("Failed to read signing metadata key", ex);
             throw new RuntimeException("Failed to read signing metadata key");
-        } catch (CredentialException ex) {
-            LOG.error("Failed to read signing metadata key", ex);
-            throw new RuntimeException("Failed to read signing metadata key");
         }
         return crypto;
     }

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java Mon Feb  3 13:05:08 2014
@@ -49,8 +49,7 @@ import javax.xml.transform.stream.Stream
 
 import org.w3c.dom.Document;
 
-import org.apache.ws.security.components.crypto.Crypto;
-
+import org.apache.wss4j.common.crypto.Crypto;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/AbstractSAMLCallbackHandler.java Mon Feb  3 13:05:08 2014
@@ -35,21 +35,20 @@ import javax.xml.parsers.DocumentBuilder
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.saml.ext.SAMLCallback;
-import org.apache.ws.security.saml.ext.bean.ActionBean;
-import org.apache.ws.security.saml.ext.bean.AttributeBean;
-import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
-import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
-
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.ActionBean;
+import org.apache.wss4j.common.saml.bean.AttributeBean;
+import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
+import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
+import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.message.WSSecEncryptedKey;
 
 
 /**
@@ -231,7 +230,7 @@ public abstract class AbstractSAMLCallba
                 } else {
                     attributeBean.setQualifiedName("dummy-ns");
                 }
-                attributeBean.setAttributeValues(Collections.singletonList("myvalue"));
+                attributeBean.addAttributeValue("myvalue");
                 attrStateBean.setSamlAttributes(Collections.singletonList(attributeBean));
                 callback.setAttributeStatementData(Collections.singletonList(attrStateBean));
                 return;
@@ -270,14 +269,16 @@ public abstract class AbstractSAMLCallba
                     attributeBean.setNameFormat(this.getAttributeNameFormat());
                 }
                 if (this.multiValueType.equals(MultiValue.MULTI_VALUE)) {
-                    attributeBean.setAttributeValues(roles);
+                    for (String role : roles) {
+                        attributeBean.addAttributeValue(role);
+                    }
                 } else {
                     StringBuffer sb = new StringBuffer();
                     for (String role: roles) {
                         sb.append(role).append(this.roleSeperator);
                     }
                     String value = sb.substring(0, sb.length() - this.roleSeperator.length());
-                    attributeBean.setAttributeValues(Collections.singletonList(value));
+                    attributeBean.addAttributeValue(value);
                 }
                 attributeList.add(attributeBean);
             } else if (this.multiValueType.equals(MultiValue.MULTI_ATTR)) {
@@ -310,7 +311,7 @@ public abstract class AbstractSAMLCallba
                         attributeBean.setQualifiedName(this.roleAttributeName);
                         attributeBean.setNameFormat(this.getAttributeNameFormat());
                     }
-                    attributeBean.setAttributeValues(Collections.singletonList(role));
+                    attributeBean.addAttributeValue(role);
                     attributeList.add(attributeBean);
                 }
             }
@@ -328,7 +329,7 @@ public abstract class AbstractSAMLCallba
                 attributeBean.setQualifiedName(this.countryClaimName);
                 attributeBean.setNameFormat(this.getAttributeNameFormat());
             }
-            attributeBean.setAttributeValues(Collections.singletonList("CH"));
+            attributeBean.addAttributeValue("CH");
             attributeList.add(attributeBean);
             
             //custom claim language
@@ -350,7 +351,7 @@ public abstract class AbstractSAMLCallba
                 attributeBean2.setQualifiedName(this.customClaimName);
                 attributeBean2.setNameFormat(this.getAttributeNameFormat());
             }
-            attributeBean2.setAttributeValues(Collections.singletonList("CH"));
+            attributeBean2.addAttributeValue("CH");
             attributeList.add(attributeBean2);
             
             attrStateBean.setSamlAttributes(attributeList);

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java Mon Feb  3 13:05:08 2014
@@ -53,24 +53,24 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSEncryptionPart;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.message.WSSecEncrypt;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.builder.SAML1Constants;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.WSEncryptionPart;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.message.WSSecEncrypt;
 import org.joda.time.DateTime;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
-import org.opensaml.common.SAMLVersion;
 
 import static org.junit.Assert.fail;
 
@@ -218,9 +218,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -259,9 +259,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);
         
         FederationRequest wfReq = new FederationRequest();
@@ -297,9 +297,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -335,9 +335,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -373,9 +373,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -409,10 +409,10 @@ public class FederationProcessorTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -447,11 +447,10 @@ public class FederationProcessorTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        samlParms.setSAMLVersion(SAMLVersion.VERSION_11);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -488,11 +487,10 @@ public class FederationProcessorTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        samlParms.setSAMLVersion(SAMLVersion.VERSION_11);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_2005_02_MSG);
         FederationRequest wfReq = new FederationRequest();
         wfReq.setWa(FederationConstants.ACTION_SIGNIN);
@@ -528,9 +526,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -567,9 +565,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -610,10 +608,10 @@ public class FederationProcessorTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         String rstr = createSamlToken(assertion, "mystskey", true);
         FederationRequest wfReq = new FederationRequest();
@@ -652,9 +650,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         String rstr = createSamlToken(assertion, "mystskey", false);
         FederationRequest wfReq = new FederationRequest();
@@ -691,9 +689,10 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -736,10 +735,10 @@ public class FederationProcessorTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         String rstr = createSamlToken(assertion, "mystskey", true);
         FederationRequest wfReq = new FederationRequest();
@@ -776,9 +775,9 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         String rstr = createSamlToken(assertion, "mystskey", true);
         FederationRequest wfReq = new FederationRequest();
@@ -819,9 +818,10 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -863,9 +863,10 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -901,9 +902,10 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -941,9 +943,10 @@ public class FederationProcessorTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -978,10 +981,10 @@ public class FederationProcessorTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         String rstr = encryptAndSignToken(assertion);
         
@@ -1024,10 +1027,10 @@ public class FederationProcessorTest {
         cryptoType.setAlias("myclientkey");
         X509Certificate[] certs = clientCrypto.getX509Certificates(cryptoType);
         callbackHandler.setCerts(certs);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
         WSPasswordCallback[] cb = {
             new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE)
@@ -1118,10 +1121,11 @@ public class FederationProcessorTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
         String rstr = createSamlToken(assertion, "mystskey", true, STSUtil.SAMPLE_RSTR_MSG);
         
         FederationRequest wfReq = new FederationRequest();
@@ -1144,7 +1148,7 @@ public class FederationProcessorTest {
     
     
     private String encryptAndSignToken(
-        AssertionWrapper assertion
+        SamlAssertionWrapper assertion
     ) throws Exception {
         
         WSPasswordCallback[] cb = {
@@ -1185,12 +1189,12 @@ public class FederationProcessorTest {
         return DOM2Writer.nodeToString(doc);
     }
     
-    private String createSamlToken(AssertionWrapper assertion, String alias, boolean sign)
+    private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
         throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
         return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
     }
     
-    private String createSamlToken(AssertionWrapper assertion, String alias, boolean sign, String rstr)
+    private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
         throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
         WSPasswordCallback[] cb = {
             new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/KeystoreCallbackHandler.java Mon Feb  3 13:05:08 2014
@@ -27,7 +27,7 @@ import javax.security.auth.callback.Call
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
 
 /**
  * A Callback Handler implementation for the case of finding a password to access a 

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java Mon Feb  3 13:05:08 2014
@@ -24,15 +24,14 @@ import java.io.IOException;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
-import org.apache.ws.security.saml.ext.SAMLCallback;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-import org.apache.ws.security.saml.ext.builder.SAML1Constants;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.opensaml.common.SAMLVersion;
 
 
-
 /**
  * A Callback Handler implementation for a SAML 1.1 assertion. By default it creates an
  * authentication assertion using Sender Vouches.

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java Mon Feb  3 13:05:08 2014
@@ -24,10 +24,10 @@ import java.io.IOException;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
-import org.apache.ws.security.saml.ext.SAMLCallback;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.opensaml.common.SAMLVersion;
 
 

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java (original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAMLTokenValidatorOldTest.java Mon Feb  3 13:05:08 2014
@@ -37,19 +37,19 @@ import org.apache.cxf.fediz.common.STSUt
 import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.config.FederationConfigurator;
 import org.apache.cxf.fediz.core.config.FederationContext;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.builder.SAML1Constants;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.DOM2Writer;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
-import org.opensaml.common.SAMLVersion;
 
 
 // This testcases tests the encoding implemented before CXF-4484
@@ -120,9 +120,10 @@ public class SAMLTokenValidatorOldTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -164,9 +165,10 @@ public class SAMLTokenValidatorOldTest {
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -203,10 +205,11 @@ public class SAMLTokenValidatorOldTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -244,11 +247,11 @@ public class SAMLTokenValidatorOldTest {
         ConditionsBean cp = new ConditionsBean();
         cp.setAudienceURI(TEST_AUDIENCE);
         callbackHandler.setConditions(cp);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(callbackHandler);
-        samlParms.setSAMLVersion(SAMLVersion.VERSION_11);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
         String rstr = createSamlToken(assertion, "mystskey", true);
         
         FederationRequest wfReq = new FederationRequest();
@@ -271,12 +274,12 @@ public class SAMLTokenValidatorOldTest {
     }
     
     
-    private String createSamlToken(AssertionWrapper assertion, String alias, boolean sign)
+    private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
         throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
         return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
     }
     
-    private String createSamlToken(AssertionWrapper assertion, String alias, boolean sign, String rstr)
+    private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
         throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
         WSPasswordCallback[] cb = {
             new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)

Modified: cxf/fediz/trunk/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java (original)
+++ cxf/fediz/trunk/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/web/ThreadLocalCallbackHandler.java Mon Feb  3 13:05:08 2014
@@ -30,7 +30,7 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
 import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.util.DOM2Writer;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

Modified: cxf/fediz/trunk/plugins/spring/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/spring/pom.xml?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/spring/pom.xml (original)
+++ cxf/fediz/trunk/plugins/spring/pom.xml Mon Feb  3 13:05:08 2014
@@ -66,6 +66,11 @@
             <artifactId>slf4j-api</artifactId>
             <version>${slf4j.version}</version>
         </dependency>        
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

Modified: cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java (original)
+++ cxf/fediz/trunk/plugins/tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java Mon Feb  3 13:05:08 2014
@@ -52,7 +52,7 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.util.DOM2Writer;
 
 
 public class FederationAuthenticator extends FormAuthenticator {

Modified: cxf/fediz/trunk/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Mon Feb  3 13:05:08 2014
@@ -34,7 +34,7 @@
     <properties>
         <commons.lang.version>3.0.1</commons.lang.version>
         <commons.logging.version>1.1.1</commons.logging.version>
-        <cxf.version>2.7.7</cxf.version>
+        <cxf.version>3.0.0-SNAPSHOT</cxf.version>
         <cxf.build-utils.version>2.6.0</cxf.build-utils.version>
         <ehcache.version>2.5.1</ehcache.version>
         <httpclient.version>4.2.2</httpclient.version>
@@ -48,7 +48,7 @@
         <spring.version>3.1.4.RELEASE</spring.version>
         <spring.security.version>3.1.4.RELEASE</spring.security.version>
         <tomcat.version>7.0.42</tomcat.version>
-        <wss4j.version>1.6.13</wss4j.version>
+        <wss4j.version>2.0.0-SNAPSHOT</wss4j.version>
 
         <tomcat.url>http://localhost:8080/manager/text</tomcat.url>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -539,6 +539,7 @@
                         <parallel>${fediz.surefire.parallel.mode}</parallel>
                         <systemPropertyVariables>
                             <java.io.tmpdir>${basedir}/target</java.io.tmpdir>
+                            <catalina.base>${basedir}/target</catalina.base>
                             <cxf.useRandomFirstPort>true</cxf.useRandomFirstPort>
                             <org.apache.ws.commons.schema.protectReadOnlyCollections>${fediz.protect-xmlschema-collections}</org.apache.ws.commons.schema.protectReadOnlyCollections>
                             <cxf.validateServiceSchemas>${fediz.validateServices}</cxf.validateServiceSchemas>

Modified: cxf/fediz/trunk/services/idp/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/pom.xml?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/pom.xml (original)
+++ cxf/fediz/trunk/services/idp/pom.xml Mon Feb  3 13:05:08 2014
@@ -131,6 +131,11 @@
 			<artifactId>cxf-rt-ws-policy</artifactId>
 			<version>${cxf.version}</version>
 		</dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-ws-addr</artifactId>
+            <version>${cxf.version}</version>
+        </dependency>		
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java Mon Feb  3 13:05:08 2014
@@ -29,12 +29,10 @@ import javax.servlet.http.HttpServletReq
 import javax.servlet.http.HttpServletResponse;
 
 import org.w3c.dom.Document;
-
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.service.ConfigService;
 import org.apache.cxf.fediz.service.idp.util.MetadataWriter;
-import org.apache.ws.security.util.DOM2Writer;
-
+import org.apache.wss4j.common.util.DOM2Writer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationContext;

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java Mon Feb  3 13:05:08 2014
@@ -28,7 +28,6 @@ import java.util.Map;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
 //import org.apache.cxf.endpoint.Client;
@@ -38,8 +37,8 @@ import org.apache.cxf.fediz.core.ClaimTy
 //import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
 import org.opensaml.xml.XMLObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -117,7 +116,7 @@ public class STSAuthenticationProvider i
             //authorities.add(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"));
             //Not needed because AuthenticatedVoter has been added for SecurityFlowExecutionListener
             if (roleURI != null) {
-                AssertionWrapper assertion = new AssertionWrapper(token.getToken());
+                SamlAssertionWrapper assertion = new SamlAssertionWrapper(token.getToken());
                 List<Claim> claims = parseClaimsInAssertion(assertion.getSaml2());
                 for (Claim c : claims) {
                     if (roleURI.equals(c.getClaimType())) {

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java?rev=1563869&r1=1563868&r2=1563869&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java Mon Feb  3 13:05:08 2014
@@ -44,13 +44,13 @@ import org.apache.cxf.fediz.service.idp.
 import org.apache.cxf.fediz.service.idp.domain.Idp;
 import org.apache.cxf.fediz.service.idp.domain.RequestClaim;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
-import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.webflow.execution.RequestContext;
@@ -245,13 +245,13 @@ public class STSClientAction {
         String rpToken = sts.requestSecurityTokenResponse(wtrealm);
         
         InputStream is = new ByteArrayInputStream(rpToken.getBytes());
-        Document doc = DOMUtils.readXml(is);
+        Document doc = StaxUtils.read(is);
         NodeList nd = doc.getElementsByTagName("saml2:Assertion");
         if (nd.getLength() == 0) {
             nd = doc.getElementsByTagName("saml1:Assertion");
         }
         Element e = (Element) nd.item(0);
-        AssertionWrapper aw = new AssertionWrapper(e);
+        SamlAssertionWrapper aw = new SamlAssertionWrapper(e);
         String id = aw.getId();
 
         LOG.info("[RP_TOKEN=" + id + "] successfully created for realm ["



Mime
View raw message