cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Upgrading CXF and WSS4J dependencies
Date Wed, 06 May 2015 16:10:51 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 6e38053eb -> feacf96c5


Upgrading CXF and WSS4J dependencies


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/feacf96c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/feacf96c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/feacf96c

Branch: refs/heads/master
Commit: feacf96c5f68a49dcc5e6c7d14214b3bdab4622c
Parents: 6e38053
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed May 6 17:10:28 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed May 6 17:10:28 2015 +0100

----------------------------------------------------------------------
 .../fediz/core/processor/SAMLProcessorImpl.java | 19 ++---
 .../core/saml/FedizSignatureTrustValidator.java |  8 +-
 .../cxf/fediz/core/saml/SAMLTokenValidator.java | 38 +++++-----
 .../fediz/core/saml/SamlAssertionValidator.java |  6 +-
 .../samlsso/DefaultSAMLPRequestBuilder.java     | 22 +++---
 .../fediz/core/samlsso/SAMLPRequestBuilder.java |  4 +-
 .../samlsso/SAMLProtocolResponseValidator.java  | 77 +++++---------------
 .../core/samlsso/SAMLSSOResponseValidator.java  | 23 +++---
 .../samlsso/SamlpRequestComponentBuilder.java   | 31 ++++----
 .../cxf/fediz/core/SAML1CallbackHandler.java    |  5 +-
 .../cxf/fediz/core/SAML2CallbackHandler.java    |  6 +-
 .../samlsso/SAML2PResponseComponentBuilder.java | 21 +++---
 .../cxf/fediz/core/samlsso/SAMLRequestTest.java |  5 +-
 .../samlsso/SAMLResponseConformanceTest.java    |  7 +-
 .../fediz/core/samlsso/SAMLResponseTest.java    |  5 +-
 pom.xml                                         | 15 ++--
 .../service/idp/STSAuthenticationProvider.java  | 12 +--
 .../idp/kerberos/PassThroughKerberosClient.java |  4 +-
 .../TrustedIdpSAMLProtocolHandler.java          | 17 +++--
 .../fediz/service/sts/X509TokenValidator.java   |  5 +-
 .../apache/cxf/fediz/sts/AbstractSTSTest.java   |  4 +-
 .../cxf/fediz/sts/realms/ITCrossRealmTest.java  |  2 +-
 .../samlsso/example/SAML2CallbackHandler.java   |  4 +-
 .../example/SAML2PResponseComponentBuilder.java | 21 +++---
 .../cxf/fediz/samlsso/example/SamlSso.java      |  7 +-
 25 files changed, 169 insertions(+), 199 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index ed6dd31..f93a9ad 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.TokenValidator;
@@ -58,10 +59,10 @@ import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.xml.security.exceptions.Base64DecodingException;
 import org.apache.xml.security.utils.Base64;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.LogoutRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -158,15 +159,15 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             LOG.debug(ex.getMessage(), ex);
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
-        if (!(responseObject instanceof org.opensaml.saml2.core.Response)) {
+        if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
         
         // Validate the Response
-        validateSamlResponseProtocol((org.opensaml.saml2.core.Response)responseObject, config);
+        validateSamlResponseProtocol((org.opensaml.saml.saml2.core.Response)responseObject, config);
         
         SSOValidatorResponse ssoValidatorResponse = 
-            validateSamlSSOResponse((org.opensaml.saml2.core.Response)responseObject, 
+            validateSamlSSOResponse((org.opensaml.saml.saml2.core.Response)responseObject, 
                                 request.getRequest(), requestState, config);
         
         // Validate the internal assertion(s)
@@ -225,7 +226,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
      * @throws ProcessingException 
      */
     protected void validateSamlResponseProtocol(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         FedizContext config
     ) throws ProcessingException {
         try {
@@ -242,7 +243,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
      * @throws ProcessingException 
      */
     protected SSOValidatorResponse validateSamlSSOResponse(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         HttpServletRequest request,
         RequestState requestState,
         FedizContext config

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
index 8c8798f..fd9cd2f 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
@@ -44,12 +44,12 @@ public class FedizSignatureTrustValidator implements Validator {
     
     private static final Logger LOG = LoggerFactory.getLogger(FedizSignatureTrustValidator.class);
     
-    public enum TRUST_TYPE { CHAIN_TRUST, CHAIN_TRUST_CONSTRAINTS, PEER_TRUST }
+    public enum TrustType { CHAIN_TRUST, CHAIN_TRUST_CONSTRAINTS, PEER_TRUST }
     
     /**
      * Defines the kind of trust which is required
      */
-    private TRUST_TYPE signatureTrustType = TRUST_TYPE.CHAIN_TRUST;
+    private TrustType signatureTrustType = TrustType.CHAIN_TRUST;
         
     /**
      * a collection of compiled regular expression patterns for the subject DN
@@ -60,7 +60,7 @@ public class FedizSignatureTrustValidator implements Validator {
     /**
      * Set the kind of trust. The default is CHAIN_TRUST.
      */
-    public void setSignatureTrustType(TRUST_TYPE trustType) {
+    public void setSignatureTrustType(TrustType trustType) {
         this.signatureTrustType = trustType;
     }
 
@@ -117,7 +117,7 @@ public class FedizSignatureTrustValidator implements Validator {
         if (certs != null && certs.length > 0) {
             validateCertificates(certs);
             verifyTrustInCerts(certs, crypto, data, data.isRevocationEnabled());
-            if (signatureTrustType.equals(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS)) {
+            if (signatureTrustType.equals(TrustType.CHAIN_TRUST_CONSTRAINTS)) {
                 if (matches(certs[0])) {
                     return credential;
                 } else {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
index 0432183..0992105 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
@@ -43,7 +43,7 @@ import org.apache.cxf.fediz.core.config.TrustManager;
 import org.apache.cxf.fediz.core.config.TrustedIssuer;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.exception.ProcessingException.TYPE;
-import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TRUST_TYPE;
+import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TrustType;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipal;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
@@ -56,10 +56,10 @@ import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
 import org.apache.wss4j.dom.validate.Credential;
 import org.joda.time.DateTime;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -143,9 +143,9 @@ public class SAMLTokenValidator implements TokenValidator {
                 
                 if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
                     trustValidator.setSubjectConstraints(subjectConstraints);
-                    trustValidator.setSignatureTrustType(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS);
+                    trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
                 } else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
-                    trustValidator.setSignatureTrustType(TRUST_TYPE.PEER_TRUST);
+                    trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
                 } else {
                     throw new IllegalStateException("Unsupported certificate validation method: " 
                                                     + ti.getCertificateValidationMethod());
@@ -254,8 +254,8 @@ public class SAMLTokenValidator implements TokenValidator {
     }
 
     protected List<Claim> parseClaimsInAssertion(
-            org.opensaml.saml1.core.Assertion assertion) {
-        List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = assertion
+            org.opensaml.saml.saml1.core.Assertion assertion) {
+        List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion
                 .getAttributeStatements();
         if (attributeStatements == null || attributeStatements.isEmpty()) {
             LOG.debug("No attribute statements found");
@@ -264,12 +264,12 @@ public class SAMLTokenValidator implements TokenValidator {
         List<Claim> collection = new ArrayList<>();
         Map<String, Claim> claimsMap = new HashMap<>();
 
-        for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
+        for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
             LOG.debug("parsing statement: {}", statement.getElementQName());
 
-            List<org.opensaml.saml1.core.Attribute> attributes = statement
+            List<org.opensaml.saml.saml1.core.Attribute> attributes = statement
                     .getAttributes();
-            for (org.opensaml.saml1.core.Attribute attribute : attributes) {
+            for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
                 LOG.debug("parsing attribute: {}", attribute.getAttributeName());
                 Claim c = new Claim();
                 c.setIssuer(assertion.getIssuer());
@@ -316,8 +316,8 @@ public class SAMLTokenValidator implements TokenValidator {
 
 
     protected List<Claim> parseClaimsInAssertion(
-            org.opensaml.saml2.core.Assertion assertion) {
-        List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = assertion
+            org.opensaml.saml.saml2.core.Assertion assertion) {
+        List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
                 .getAttributeStatements();
         if (attributeStatements == null || attributeStatements.isEmpty()) {
             LOG.debug("No attribute statements found");
@@ -327,11 +327,11 @@ public class SAMLTokenValidator implements TokenValidator {
         List<Claim> collection = new ArrayList<>();
         Map<String, Claim> claimsMap = new HashMap<>();
 
-        for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
+        for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
             LOG.debug("parsing statement: {}", statement.getElementQName());
-            List<org.opensaml.saml2.core.Attribute> attributes = statement
+            List<org.opensaml.saml.saml2.core.Attribute> attributes = statement
                     .getAttributes();
-            for (org.opensaml.saml2.core.Attribute attribute : attributes) {
+            for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
                 if (LOG.isDebugEnabled()) {
                     LOG.debug("parsing attribute: " + attribute.getName());
                 }
@@ -408,7 +408,7 @@ public class SAMLTokenValidator implements TokenValidator {
     }
 
     protected String getAudienceRestriction(
-            org.opensaml.saml1.core.Assertion assertion) {
+            org.opensaml.saml.saml1.core.Assertion assertion) {
         String audience = null;
         try {
             audience = assertion.getConditions()
@@ -421,7 +421,7 @@ public class SAMLTokenValidator implements TokenValidator {
     }
 
     protected String getAudienceRestriction(
-            org.opensaml.saml2.core.Assertion assertion) {
+            org.opensaml.saml.saml2.core.Assertion assertion) {
         String audience = null;
         try {
             audience = assertion.getConditions().getAudienceRestrictions()

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
index be35c7a..1dd6b01 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
@@ -23,7 +23,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.regex.Pattern;
 
-import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TRUST_TYPE;
+import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TrustType;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -37,7 +37,7 @@ import org.apache.wss4j.dom.validate.Credential;
  */
 public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAssertionValidator {
     
-    private TRUST_TYPE signatureTrustType = TRUST_TYPE.CHAIN_TRUST;
+    private TrustType signatureTrustType = TrustType.CHAIN_TRUST;
         
     /**
      * a collection of compiled regular expression patterns for the subject DN
@@ -58,7 +58,7 @@ public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAs
     /**
      * Set the kind of trust. The default is CHAIN_TRUST.
      */
-    public void setSignatureTrustType(TRUST_TYPE trustType) {
+    public void setSignatureTrustType(TrustType trustType) {
         this.signatureTrustType = trustType;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
index 75f04bd..3e61592 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
@@ -24,16 +24,16 @@ import java.util.Collections;
 import java.util.List;
 
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.AuthnStatement;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.LogoutRequest;
+import org.opensaml.saml.saml2.core.NameID;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
 
 /**
  * A default implementation of the SAMLPRequestBuilder interface to create a SAML 2.0
@@ -122,7 +122,7 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
         
         if (authenticatedAssertion != null) {
             if (authenticatedAssertion.getSaml2() != null) {
-                org.opensaml.saml2.core.Subject subject = 
+                org.opensaml.saml.saml2.core.Subject subject = 
                     authenticatedAssertion.getSaml2().getSubject();
                 if (subject != null && subject.getNameID() != null) {
                     nameID = subject.getNameID();

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
index ba7efba..597cc0d 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
@@ -20,8 +20,8 @@
 package org.apache.cxf.fediz.core.samlsso;
 
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.LogoutRequest;
 
 /**
  * This interface defines a methods to create a SAML 2.0 Protocol AuthnRequest and LogoutRequest.

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
index 3bcf807..20d6550 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
@@ -28,7 +28,7 @@ import org.apache.cxf.fediz.core.config.FedizContext;
 import org.apache.cxf.fediz.core.config.TrustManager;
 import org.apache.cxf.fediz.core.config.TrustedIssuer;
 import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator;
-import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TRUST_TYPE;
+import org.apache.cxf.fediz.core.saml.FedizSignatureTrustValidator.TrustType;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SAMLUtil;
@@ -37,13 +37,13 @@ import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
 import org.apache.wss4j.dom.validate.Credential;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureValidator;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.ValidatorSuite;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.security.credential.BasicCredential;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -68,7 +68,7 @@ public class SAMLProtocolResponseValidator {
      * @throws WSSecurityException
      */
     public void validateSamlResponse(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         FedizContext config
     ) throws WSSecurityException {
         // Check the Status Code
@@ -85,7 +85,6 @@ public class SAMLProtocolResponseValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
-        validateResponseAgainstSchemas(samlResponse);
         validateResponseSignature(samlResponse, config);
     }
     
@@ -95,7 +94,7 @@ public class SAMLProtocolResponseValidator {
      * @throws WSSecurityException
      */
     public void validateSamlResponse(
-        org.opensaml.saml1.core.Response samlResponse,
+        org.opensaml.saml.saml1.core.Response samlResponse,
         FedizContext config
     ) throws WSSecurityException {
         // Check the Status Code
@@ -114,49 +113,14 @@ public class SAMLProtocolResponseValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
 
-        validateResponseAgainstSchemas(samlResponse);
         validateResponseSignature(samlResponse, config);
     }
     
     /**
-     * Validate the Response against the schemas
-     */
-    private void validateResponseAgainstSchemas(
-        org.opensaml.saml2.core.Response samlResponse
-    ) throws WSSecurityException {
-        // Validate SAML Response against schemas
-        ValidatorSuite schemaValidators = 
-            org.opensaml.Configuration.getValidatorSuite("saml2-core-schema-validator");
-        try {
-            schemaValidators.validate(samlResponse);
-        } catch (ValidationException e) {
-            LOG.debug("Saml Validation error: " + e.getMessage(), e);
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-    }
-    
-    /**
-     * Validate the Response against the schemas
-     */
-    private void validateResponseAgainstSchemas(
-        org.opensaml.saml1.core.Response samlResponse
-    ) throws WSSecurityException {
-        // Validate SAML Response against schemas
-        ValidatorSuite schemaValidators = 
-            org.opensaml.Configuration.getValidatorSuite("saml1-core-schema-validator");
-        try {
-            schemaValidators.validate(samlResponse);
-        } catch (ValidationException e) {
-            LOG.debug("Saml Validation error: " + e.getMessage(), e);
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-    }
-    
-    /**
      * Validate the Response signature (if it exists)
      */
     private void validateResponseSignature(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         FedizContext config
     ) throws WSSecurityException {
         if (!samlResponse.isSigned()) {
@@ -172,7 +136,7 @@ public class SAMLProtocolResponseValidator {
      * Validate the Response signature (if it exists)
      */
     private void validateResponseSignature(
-        org.opensaml.saml1.core.Response samlResponse,
+        org.opensaml.saml.saml1.core.Response samlResponse,
         FedizContext config
     ) throws WSSecurityException {
         if (!samlResponse.isSigned()) {
@@ -238,9 +202,9 @@ public class SAMLProtocolResponseValidator {
             
             if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
                 trustValidator.setSubjectConstraints(subjectConstraints);
-                trustValidator.setSignatureTrustType(TRUST_TYPE.CHAIN_TRUST_CONSTRAINTS);
+                trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
             } else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
-                trustValidator.setSignatureTrustType(TRUST_TYPE.PEER_TRUST);
+                trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
             } else {
                 throw new IllegalStateException("Unsupported certificate validation method: " 
                                                 + ti.getCertificateValidationMethod());
@@ -284,24 +248,23 @@ public class SAMLProtocolResponseValidator {
         SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
         try {
             validator.validate(signature);
-        } catch (ValidationException ex) {
+        } catch (SignatureException ex) {
             LOG.debug("Error in validating the SAML Signature: " + ex.getMessage(), ex);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
 
-        BasicX509Credential credential = new BasicX509Credential();
+        BasicCredential credential = null;
         if (samlKeyInfo.getCerts() != null) {
-            credential.setEntityCertificate(samlKeyInfo.getCerts()[0]);
+            credential = new BasicX509Credential(samlKeyInfo.getCerts()[0]);
         } else if (samlKeyInfo.getPublicKey() != null) {
-            credential.setPublicKey(samlKeyInfo.getPublicKey());
+            credential = new BasicCredential(samlKeyInfo.getPublicKey());
         } else {
             LOG.debug("Can't get X509Certificate or PublicKey to verify signature");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        SignatureValidator sigValidator = new SignatureValidator(credential);
         try {
-            sigValidator.validate(signature);
-        } catch (ValidationException ex) {
+            SignatureValidator.validate(signature, credential);
+        } catch (SignatureException ex) {
             LOG.debug("Error in validating the SAML Signature: " + ex.getMessage(), ex);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
index 86bb005..7313406 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
@@ -27,9 +27,8 @@ import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.apache.wss4j.common.util.DOM2Writer;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnStatement;
-
+import org.opensaml.saml.saml2.core.AudienceRestriction;
+import org.opensaml.saml.saml2.core.AuthnStatement;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -72,7 +71,7 @@ public class SAMLSSOResponseValidator {
      * @throws WSSecurityException
      */
     public SSOValidatorResponse validateSamlResponse(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         boolean postBinding
     ) throws WSSecurityException {
         // Check the Issuer
@@ -96,7 +95,7 @@ public class SAMLSSOResponseValidator {
         // Validate Assertions
         boolean foundValidSubject = false;
         Date sessionNotOnOrAfter = null;
-        for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
+        for (org.opensaml.saml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
             // Check the Issuer
             if (assertion.getIssuer() == null) {
                 LOG.debug("Assertion Issuer must not be null");
@@ -113,7 +112,7 @@ public class SAMLSSOResponseValidator {
             // Check for AuthnStatements and validate the Subject accordingly
             if (assertion.getAuthnStatements() != null
                 && !assertion.getAuthnStatements().isEmpty()) {
-                org.opensaml.saml2.core.Subject subject = assertion.getSubject();
+                org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
                 if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) {
                     validateAudienceRestrictionCondition(assertion.getConditions());
                     foundValidSubject = true;
@@ -146,7 +145,7 @@ public class SAMLSSOResponseValidator {
     /**
      * Validate the Issuer (if it exists)
      */
-    private void validateIssuer(org.opensaml.saml2.core.Issuer issuer) throws WSSecurityException {
+    private void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer) throws WSSecurityException {
         if (issuer == null) {
             return;
         }
@@ -171,7 +170,7 @@ public class SAMLSSOResponseValidator {
      * Validate the Subject (of an Authentication Statement).
      */
     private boolean validateAuthenticationSubject(
-        org.opensaml.saml2.core.Subject subject, String id, boolean postBinding
+        org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding
     ) throws WSSecurityException {
         if (subject.getSubjectConfirmations() == null) {
             return false;
@@ -179,7 +178,7 @@ public class SAMLSSOResponseValidator {
         
         boolean foundBearerSubjectConf = false;
         // We need to find a Bearer Subject Confirmation method
-        for (org.opensaml.saml2.core.SubjectConfirmation subjectConf 
+        for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf 
             : subject.getSubjectConfirmations()) {
             if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
                 foundBearerSubjectConf = true;
@@ -194,7 +193,7 @@ public class SAMLSSOResponseValidator {
      * Validate a (Bearer) Subject Confirmation
      */
     private void validateSubjectConfirmation(
-        org.opensaml.saml2.core.SubjectConfirmationData subjectConfData, String id, boolean postBinding
+        org.opensaml.saml.saml2.core.SubjectConfirmationData subjectConfData, String id, boolean postBinding
     ) throws WSSecurityException {
         if (subjectConfData == null) {
             LOG.debug("Subject Confirmation Data of a Bearer Subject Confirmation is null");
@@ -253,7 +252,7 @@ public class SAMLSSOResponseValidator {
     }
     
     private void validateAudienceRestrictionCondition(
-        org.opensaml.saml2.core.Conditions conditions
+        org.opensaml.saml.saml2.core.Conditions conditions
     ) throws WSSecurityException {
         if (conditions == null) {
             LOG.debug("Conditions are null");
@@ -275,7 +274,7 @@ public class SAMLSSOResponseValidator {
         if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) {
             for (AudienceRestriction audienceRestriction : audienceRestrictions) {
                 if (audienceRestriction.getAudiences() != null) {
-                    for (org.opensaml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
+                    for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
                         if (appliesTo.equals(audience.getAudienceURI())) {
                             return true;
                         }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
index 883eca2..53d4d83 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SamlpRequestComponentBuilder.java
@@ -24,20 +24,20 @@ import java.util.List;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnContextDeclRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.SessionIndex;
-import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.saml.common.SAMLObjectBuilder;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml.saml2.core.AuthnContextDeclRef;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.LogoutRequest;
+import org.opensaml.saml.saml2.core.NameID;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml.saml2.core.SessionIndex;
 
 /**
 * A set of utility methods to construct SAMLP Request statements
@@ -58,7 +58,8 @@ public final class SamlpRequestComponentBuilder {
     
     private static volatile SAMLObjectBuilder<AuthnContextClassRef> requestedAuthnCtxClassRefBuilder;
     
-    private static volatile XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    private static volatile XMLObjectBuilderFactory builderFactory = 
+        XMLObjectProviderRegistrySupport.getBuilderFactory();
     
     private SamlpRequestComponentBuilder() {
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
index 5e8b3bc..10fb4ce 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
@@ -27,10 +27,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.opensaml.common.SAMLVersion;
-
 
 /**
  * A Callback Handler implementation for a SAML 1.1 assertion. By default it creates an
@@ -59,7 +58,7 @@ public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof SAMLCallback) {
                 SAMLCallback callback = (SAMLCallback) callbacks[i];
-                callback.setSamlVersion(SAMLVersion.VERSION_11);
+                callback.setSamlVersion(Version.SAML_11);
                 callback.setIssuer(issuer);
                 if (conditions != null) {
                     callback.setConditions(conditions);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
index ef2ec02..754d430 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
@@ -27,10 +27,8 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.opensaml.common.SAMLVersion;
-
-
 
 /**
  * A Callback Handler implementation for a SAML 2 assertion. By default it creates an
@@ -59,7 +57,7 @@ public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof SAMLCallback) {
                 SAMLCallback callback = (SAMLCallback) callbacks[i];
-                callback.setSamlVersion(SAMLVersion.VERSION_20);
+                callback.setSamlVersion(Version.SAML_20);
                 callback.setIssuer(issuer);
                 if (conditions != null) {
                     callback.setConditions(conditions);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
index 29f03d2..068bd29 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAML2PResponseComponentBuilder.java
@@ -22,15 +22,15 @@ package org.apache.cxf.fediz.core.samlsso;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.saml.common.SAMLObjectBuilder;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.core.StatusMessage;
 
 /**
 * A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements
@@ -47,7 +47,8 @@ public final class SAML2PResponseComponentBuilder {
     
     private static SAMLObjectBuilder<StatusMessage> statusMessageBuilder;
     
-    private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    private static XMLObjectBuilderFactory builderFactory = 
+        XMLObjectProviderRegistrySupport.getBuilderFactory();
     
     private SAML2PResponseComponentBuilder() {
         

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
index 05c4f7a..d09e7df 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.w3c.dom.Document;
+
 import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.config.FedizConfigurator;
@@ -44,8 +45,8 @@ import org.easymock.EasyMock;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.LogoutRequest;
 
 /**
  * Some tests for creating SAMLRequests using the SAMLProcessorImpl

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
index 1c698c6..3df4cc8 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java
@@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+
 import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.KeystoreCallbackHandler;
 import org.apache.cxf.fediz.core.RequestState;
@@ -67,9 +68,9 @@ import org.joda.time.DateTime;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
 
 import static org.junit.Assert.fail;
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index 8fc10a5..a3b8bcb 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -38,6 +38,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
+
 import org.apache.cxf.fediz.common.STSUtil;
 import org.apache.cxf.fediz.common.SecurityTestUtil;
 import org.apache.cxf.fediz.core.AbstractSAMLCallbackHandler;
@@ -80,8 +81,8 @@ import org.joda.time.DateTimeZone;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
 
 import static org.junit.Assert.fail;
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 4189747..6bbd1d6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -39,10 +39,10 @@
         <apacheds.version>2.0.0-M19</apacheds.version>
         <commons.lang.version>3.3.2</commons.lang.version>
         <commons.logging.version>1.1.3</commons.logging.version>
-        <cxf.version>3.0.4</cxf.version>
-        <cxf.build-utils.version>3.0.0</cxf.build-utils.version>
+        <cxf.version>3.1.0</cxf.version>
+        <cxf.build-utils.version>3.1.0</cxf.build-utils.version>
         <easymock.version>3.3</easymock.version>
-        <ehcache.version>2.8.5</ehcache.version>
+        <ehcache.version>2.9.0</ehcache.version>
         <httpclient.version>4.3.5</httpclient.version>
         <hsqldb.version>1.8.0.10</hsqldb.version>
         <htmlunit.version>2.15</htmlunit.version>
@@ -60,7 +60,7 @@
         <spring.version>3.2.6.RELEASE</spring.version>
         <spring.security.version>3.1.4.RELEASE</spring.security.version>
         <tomcat.version>7.0.54</tomcat.version>
-        <wss4j.version>2.0.3</wss4j.version>
+        <wss4j.version>2.1.0</wss4j.version>
         <xalan.version>2.7.2</xalan.version>
         <bval.version>0.5</bval.version>
 
@@ -454,13 +454,18 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-checkstyle-plugin</artifactId>
-                    <version>2.12.1</version>
+                    <version>2.15</version>
                     <dependencies>
                         <dependency>
                             <groupId>org.apache.cxf.build-utils</groupId>
                             <artifactId>cxf-buildtools</artifactId>
                             <version>${cxf.build-utils.version}</version>
                         </dependency>
+                        <dependency>
+                            <groupId>com.puppycrawl.tools</groupId>
+                            <artifactId>checkstyle</artifactId>
+                            <version>6.4.1</version>
+                        </dependency>
                     </dependencies>
                     <configuration>
                         <encoding>UTF-8</encoding>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
index 846b5e3..dd30a4a 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
@@ -35,7 +35,7 @@ import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.core.xml.XMLObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -182,8 +182,8 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
         this.lifetime = lifetime;
     }
 
-    protected List<Claim> parseClaimsInAssertion(org.opensaml.saml2.core.Assertion assertion) {
-        List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = assertion
+    protected List<Claim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) {
+        List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
         .getAttributeStatements();
         if (attributeStatements == null || attributeStatements.isEmpty()) {
             LOG.debug("No attribute statements found");
@@ -193,11 +193,11 @@ public abstract class STSAuthenticationProvider implements AuthenticationProvide
         List<Claim> collection = new ArrayList<>();
         Map<String, Claim> claimsMap = new HashMap<>();
 
-        for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
+        for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
             LOG.debug("parsing statement: {}", statement.getElementQName());
-            List<org.opensaml.saml2.core.Attribute> attributes = statement
+            List<org.opensaml.saml.saml2.core.Attribute> attributes = statement
             .getAttributes();
-            for (org.opensaml.saml2.core.Attribute attribute : attributes) {
+            for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
                 LOG.debug("parsing attribute: {}", attribute.getName());
                 Claim c = new Claim();
                 // Workaround for CXF-4484 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
index 66d995b..6088bed 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/kerberos/PassThroughKerberosClient.java
@@ -22,10 +22,10 @@ package org.apache.cxf.fediz.service.idp.kerberos;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.ws.security.kerberos.KerberosClient;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.xml.security.utils.Base64;
 
 /**
@@ -53,7 +53,7 @@ public class PassThroughKerberosClient extends KerberosClient {
         securityToken.setToken(bst.getElement());
         securityToken.setWsuId(bst.getID());
         securityToken.setData(bst.getToken());
-        String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));
+        String sha1 = Base64.encode(KeyUtils.generateDigest(bst.getToken()));
         securityToken.setSHA1(sha1);
         securityToken.setTokenType(bst.getValueType());
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index bab707a..b2cfdea 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -42,6 +42,7 @@ import javax.ws.rs.core.UriBuilder;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
@@ -71,8 +72,8 @@ import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.utils.Base64;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.saml.saml2.core.AuthnRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
@@ -195,7 +196,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
                                                                                      SSOConstants.SAML_RESPONSE);
             
             // Read the response + convert to an OpenSAML Response Object
-            org.opensaml.saml2.core.Response samlResponse = 
+            org.opensaml.saml.saml2.core.Response samlResponse = 
                 readSAMLResponse(encodedSAMLResponse, trustedIdp);
             
             Crypto crypto = getCrypto(trustedIdp.getCertificate());
@@ -336,7 +337,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         return CertsUtils.createCrypto(certificate);
     }
     
-    private org.opensaml.saml2.core.Response readSAMLResponse(String samlResponse, TrustedIdp trustedIdp) {
+    private org.opensaml.saml.saml2.core.Response readSAMLResponse(String samlResponse, TrustedIdp trustedIdp) {
         if (StringUtils.isEmpty(samlResponse)) {
             throw ExceptionUtils.toBadRequestException(null, null);
         }
@@ -378,10 +379,10 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
         } catch (WSSecurityException ex) {
             throw ExceptionUtils.toBadRequestException(ex, null);
         }
-        if (!(responseObject instanceof org.opensaml.saml2.core.Response)) {
+        if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
             throw ExceptionUtils.toBadRequestException(null, null);
         }
-        return (org.opensaml.saml2.core.Response)responseObject;
+        return (org.opensaml.saml.saml2.core.Response)responseObject;
 
     }
     
@@ -389,7 +390,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
      * Validate the received SAML Response as per the protocol
      */
     private void validateSamlResponseProtocol(
-        org.opensaml.saml2.core.Response samlResponse, Crypto crypto, TrustedIdp trustedIdp
+        org.opensaml.saml.saml2.core.Response samlResponse, Crypto crypto, TrustedIdp trustedIdp
     ) {
         try {
             SAMLProtocolResponseValidator protocolValidator = new SAMLProtocolResponseValidator();
@@ -407,7 +408,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler
      * Validate the received SAML Response as per the Web SSO profile
      */
     private SSOValidatorResponse validateSamlSSOResponse(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         Idp idp, 
         TrustedIdp trustedIdp,
         RequestContext requestContext

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/X509TokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/X509TokenValidator.java b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/X509TokenValidator.java
index c2bf638..8ce3693 100644
--- a/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/X509TokenValidator.java
+++ b/services/sts/src/main/java/org/apache/cxf/fediz/service/sts/X509TokenValidator.java
@@ -29,6 +29,7 @@ import javax.security.auth.callback.CallbackHandler;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.sts.STSPropertiesMBean;
@@ -41,11 +42,11 @@ import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
 import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.token.BinarySecurity;
+import org.apache.wss4j.common.token.X509Security;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.message.token.BinarySecurity;
-import org.apache.wss4j.dom.message.token.X509Security;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SignatureTrustValidator;
 import org.apache.wss4j.dom.validate.Validator;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
index 832ec35..57ff904 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
@@ -38,9 +38,7 @@ import javax.xml.stream.XMLStreamException;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.xml.sax.SAXException;
-
 import org.apache.cxf.Bus;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.staxutils.StaxUtils;
@@ -57,7 +55,7 @@ import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
 import org.junit.Assert;
-import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.Attribute;
 
 
 public abstract class AbstractSTSTest {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
index 48ff9a6..6187a2c 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
@@ -33,7 +33,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.junit.Assert;
 import org.junit.BeforeClass;
-import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.Attribute;
 
 /**
  * Some unit tests for the CXF STSClient Issue Binding.

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
index cb5bce9..b4c3db4 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2CallbackHandler.java
@@ -35,8 +35,8 @@ import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
 import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.opensaml.common.SAMLVersion;
 
 /**
  * A Callback Handler implementation for a SAML 2 assertion for use by the SAML SSO IdP. By
@@ -85,7 +85,7 @@ public class SAML2CallbackHandler implements CallbackHandler {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof SAMLCallback) {
                 SAMLCallback callback = (SAMLCallback) callbacks[i];
-                callback.setSamlVersion(SAMLVersion.VERSION_20);
+                callback.setSamlVersion(Version.SAML_20);
                 callback.setIssuer(issuer);
                 if (conditions != null) {
                     callback.setConditions(conditions);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
index e53f443..9934dc1 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SAML2PResponseComponentBuilder.java
@@ -22,15 +22,15 @@ package org.apache.cxf.fediz.samlsso.example;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.saml.common.SAMLObjectBuilder;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.core.StatusMessage;
 
 /**
 * A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements
@@ -47,7 +47,8 @@ public final class SAML2PResponseComponentBuilder {
     
     private static SAMLObjectBuilder<StatusMessage> statusMessageBuilder;
     
-    private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    private static XMLObjectBuilderFactory builderFactory = 
+        XMLObjectProviderRegistrySupport.getBuilderFactory();
     
     private SAML2PResponseComponentBuilder() {
         

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/feacf96c/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
index 6df23c1..cf43784 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
@@ -35,7 +35,6 @@ import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
@@ -51,9 +50,9 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
 import org.apache.wss4j.common.util.DOM2Writer;
 import org.joda.time.DateTime;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
 
 /**
  * A mock IdP for SAML SSO. The user is already authenticated via HTTP/BA.


Mime
View raw message