cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [07/33] cxf git commit: Moving security code to use java.util.Base64
Date Sun, 05 Jun 2016 17:02:35 GMT
Moving security code to use java.util.Base64


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e824784d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e824784d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e824784d

Branch: refs/heads/master-jaxrs-2.1
Commit: e824784db1bda81c68aaa407f471588acea38865
Parents: 847e00f
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue May 31 15:34:00 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue May 31 15:34:26 2016 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/saml/sso/MetadataWriter.java     |  4 ++--
 .../security/saml/sso/SamlRedirectBindingFilter.java |  4 ++--
 .../cxf/rs/security/xml/XmlEncOutInterceptor.java    |  7 +++----
 .../cxf/ws/security/kerberos/KerberosClient.java     |  4 ++--
 .../KerberosTokenInterceptorProvider.java            |  4 ++--
 .../ws/security/policy/interceptors/STSInvoker.java  |  6 +++---
 .../SecureConversationInInterceptor.java             |  4 ++--
 .../SpnegoContextTokenInInterceptor.java             |  6 +++---
 .../SpnegoContextTokenOutInterceptor.java            |  5 +++--
 .../cxf/ws/security/trust/AbstractSTSClient.java     | 10 +++++-----
 .../ws/security/wss4j/TokenStoreCallbackHandler.java |  4 ++--
 .../ws/security/wss4j/UsernameTokenInterceptor.java  |  6 +++---
 .../policyhandlers/SymmetricBindingHandler.java      |  4 ++--
 .../KerberosTokenPolicyValidator.java                |  4 ++--
 .../cxf/sts/claims/LdapGroupClaimsHandler.java       |  2 +-
 .../sts/token/validator/UsernameTokenValidator.java  | 11 +++++------
 .../apache/cxf/sts/operation/IssueSamlUnitTest.java  |  4 ++--
 .../cxf/sts/operation/ValidateX509TokenUnitTest.java |  4 ++--
 .../sts/token/validator/X509TokenValidatorTest.java  |  6 +++---
 .../cxf/systest/sts/batch/SimpleBatchSTSClient.java  | 15 +++++++--------
 .../sts/deployment/CustomBSTTokenValidator.java      |  5 +++--
 21 files changed, 59 insertions(+), 60 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataWriter.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataWriter.java
index d85b9e5..b081bed 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataWriter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataWriter.java
@@ -25,6 +25,7 @@ import java.security.Key;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 
@@ -50,7 +51,6 @@ import org.w3c.dom.Document;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
-import org.apache.xml.security.utils.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -176,7 +176,7 @@ public class MetadataWriter {
 
             // Write the Base-64 encoded certificate
             byte data[] = signingCert.getEncoded();
-            String encodedCertificate = Base64.encode(data);
+            String encodedCertificate = Base64.getMimeEncoder().encodeToString(data);
             writer.writeCharacters(encodedCertificate);
             
             writer.writeEndElement(); // X509Certificate

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
index ebfc7b8..485f6d5 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
@@ -24,6 +24,7 @@ import java.nio.charset.StandardCharsets;
 import java.security.PrivateKey;
 import java.security.Signature;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 import java.util.logging.Level;
 
 import javax.security.auth.callback.CallbackHandler;
@@ -42,7 +43,6 @@ import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.util.DOM2Writer;
-import org.apache.xml.security.utils.Base64;
 import org.opensaml.saml.saml2.core.AuthnRequest;
 
 public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
@@ -159,7 +159,7 @@ public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter
{
         signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
         byte[] signBytes = signature.sign();
         
-        String encodedSignature = Base64.encode(signBytes);
+        String encodedSignature = Base64.getMimeEncoder().encodeToString(signBytes);
         
         ub.queryParam(SSOConstants.SIGNATURE, URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name()));
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
index ad181ef..b3a7db2 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
@@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.xml;
 
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 import java.util.logging.Logger;
 
 import javax.crypto.BadPaddingException;
@@ -34,7 +35,6 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.Text;
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.message.Message;
@@ -51,7 +51,6 @@ import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
-import org.apache.xml.security.utils.Base64;
 import org.apache.xml.security.utils.EncryptionConstants;
 
 public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
@@ -223,7 +222,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor
{
         
         Document doc = encryptedDataElement.getOwnerDocument();
         
-        String encodedKey = Base64Utility.encode(encryptedKey);
+        String encodedKey = Base64.getMimeEncoder().encodeToString(encryptedKey);
         Element encryptedKeyElement = createEncryptedKeyElement(doc, keyEncAlgo, digestAlgo);
         String encKeyId = IDGenerator.generateID("EK-");
         encryptedKeyElement.setAttributeNS(null, "Id", encKeyId);
@@ -275,7 +274,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor
{
                     WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError"
                 );
             }
-            Text text = encryptedDataDoc.createTextNode(Base64.encode(data));
+            Text text = encryptedDataDoc.createTextNode(Base64.getMimeEncoder().encodeToString(data));
             Element cert = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Certificate");
             cert.appendChild(text);
             Element x509Data = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Data");

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
index cce09cb..5c15814 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.ws.security.kerberos;
 
+import java.util.Base64;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -36,7 +37,6 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
-import org.apache.xml.security.utils.Base64;
 import org.ietf.jgss.GSSCredential;
 
 /**
@@ -163,7 +163,7 @@ public class KerberosClient implements Configurable {
             token.setKey(secretKey);
             token.setSecret(secretKey.getEncoded());
         }
-        String sha1 = Base64.encode(KeyUtils.generateDigest(bst.getToken()));
+        String sha1 = Base64.getMimeEncoder().encodeToString(KeyUtils.generateDigest(bst.getToken()));
         token.setSHA1(sha1);
         token.setTokenType(bst.getValueType());
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index fe5e3af..5ff968a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.security.Key;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -66,7 +67,6 @@ import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.wss4j.stax.securityToken.KerberosServiceSecurityToken;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -268,7 +268,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
             
             byte[] ticket = kerberosToken.getBinaryContent();
             try {
-                token.setSHA1(Base64.encode(KeyUtils.generateDigest(ticket)));
+                token.setSHA1(Base64.getMimeEncoder().encodeToString(KeyUtils.generateDigest(ticket)));
             } catch (WSSecurityException e) {
                 // Just consume this for now as it isn't critical...
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index 89422ed..9a9b1e6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
 import java.util.Date;
 import java.util.logging.Logger;
 
@@ -53,7 +54,6 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.message.token.SecurityContextToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * An abstract Invoker used by the Spnego and SecureConversationInInterceptors.
@@ -210,7 +210,7 @@ abstract class STSInvoker implements Invoker {
 
             writer.writeStartElement(prefix, "BinarySecret", namespace);
             writer.writeAttribute("Type", namespace + "/Nonce");
-            writer.writeCharacters(Base64.encode(secret));
+            writer.writeCharacters(Base64.getMimeEncoder().encodeToString(secret));
             writer.writeEndElement();
         } else {
             byte entropy[] = WSSecurityUtil.generateNonce(keySize / 8);
@@ -225,7 +225,7 @@ abstract class STSInvoker implements Invoker {
             writer.writeStartElement(prefix, "Entropy", namespace);
             writer.writeStartElement(prefix, "BinarySecret", namespace);
             writer.writeAttribute("Type", namespace + "/Nonce");
-            writer.writeCharacters(Base64.encode(entropy));
+            writer.writeCharacters(Base64.getMimeEncoder().encodeToString(entropy));
             writer.writeEndElement();
 
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index 5441989..e6bdab0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;
@@ -75,7 +76,6 @@ import org.apache.wss4j.policy.model.SignedParts;
 import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
-import org.apache.xml.security.utils.Base64;
 
 class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
     
@@ -339,7 +339,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
                     if ("Entropy".equals(localName)) {
                         Element bs = DOMUtils.getFirstElement(el);
                         if (bs != null) {
-                            clientEntropy = Base64.decode(bs.getTextContent());
+                            clientEntropy = Base64.getMimeDecoder().decode(bs.getTextContent());
                         }
                     } else if ("KeySize".equals(localName)) {
                         keySize = Integer.parseInt(el.getTextContent());

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
index 7219686..4c2f371 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
+import java.util.Base64;
 import java.util.Collection;
 import java.util.Date;
 
@@ -60,7 +61,6 @@ import org.apache.wss4j.dom.engine.WSSConfig;
 import org.apache.wss4j.dom.message.token.SecurityContextToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SPConstants;
-import org.apache.xml.security.utils.Base64;
 
 class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
     
@@ -287,7 +287,7 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             }
 
             String content = DOMUtils.getContent(binaryExchange);
-            byte[] decodedContent = Base64.decode(content);
+            byte[] decodedContent = Base64.getMimeDecoder().decode(content);
             
             String jaasContext = 
                 (String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
@@ -322,7 +322,7 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherData", WSConstants.ENC_NS);
             writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherValue", WSConstants.ENC_NS);
 
-            writer.writeCharacters(Base64.encode(key));
+            writer.writeCharacters(Base64.getMimeEncoder().encodeToString(key));
             
             writer.writeEndElement();
             writer.writeEndElement();

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
index e99ff08..c4fcaa0 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
+import java.util.Base64;
 import java.util.Collection;
 
 import javax.security.auth.callback.CallbackHandler;
@@ -42,7 +43,6 @@ import org.apache.wss4j.common.spnego.SpnegoTokenContext;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
-import org.apache.xml.security.utils.Base64;
 
 class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMessage>
{
     SpnegoContextTokenOutInterceptor() {
@@ -134,7 +134,8 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                 if (maps != null) {
                     client.setAddressingNamespace(maps.getNamespaceURI());
                 }
-                SecurityToken tok = client.requestSecurityToken(s, Base64.encode(spnegoToken.getToken()));
+                SecurityToken tok = 
+                    client.requestSecurityToken(s, Base64.getMimeEncoder().encodeToString(spnegoToken.getToken()));
                 
                 byte[] wrappedTok = spnegoToken.unwrapKey(tok.getSecret());
                 tok.setSecret(wrappedTok);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 0b6f619..813f1ab 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -25,6 +25,7 @@ import java.net.URL;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -143,7 +144,6 @@ import org.apache.xml.security.exceptions.Base64DecodingException;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
 import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * An abstract class with some functionality to invoke on a SecurityTokenService (STS) via
the
@@ -908,7 +908,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
                 requestorEntropy = WSSecurityUtil
                     .generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
             }
-            writer.writeCharacters(Base64.encode(requestorEntropy));
+            writer.writeCharacters(Base64.getMimeEncoder().encodeToString(requestorEntropy));
 
             writer.writeEndElement();
             writer.writeEndElement();
@@ -1475,7 +1475,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
             if (childQname.equals(new QName(namespace, "BinarySecret"))) {
                 // First check for the binary secret
                 String b64Secret = DOMUtils.getContent(child);
-                secret = Base64.decode(b64Secret);
+                secret = Base64.getMimeDecoder().decode(b64Secret);
             } else if (childQname.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN)))
{
                 secret = decryptKey(child);
             } else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
@@ -1489,7 +1489,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
                         serviceEntr = decryptKey(computedKeyChild);
                     } else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret")))
{
                         String content = DOMUtils.getContent(computedKeyChild);
-                        serviceEntr = Base64.decode(content);
+                        serviceEntr = Base64.getMimeDecoder().decode(content);
                     }
                 }
                 
@@ -1542,7 +1542,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
                     XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
                 if (tmpE != null) {
                     String content = DOMUtils.getContent(tmpE);
-                    cipherValue = Base64.decode(content);
+                    cipherValue = Base64.getMimeDecoder().decode(content);
                 }
             }
             if (cipherValue == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
index 0d7495a..46341de 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.io.IOException;
+import java.util.Base64;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -30,7 +31,6 @@ import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.KeyUtils;
-import org.apache.xml.security.utils.Base64;
 
 public class TokenStoreCallbackHandler implements CallbackHandler {
     private CallbackHandler internal;
@@ -68,7 +68,7 @@ public class TokenStoreCallbackHandler implements CallbackHandler {
     private static String getSHA1(byte[] input) {
         try {
             byte[] digestBytes = KeyUtils.generateDigest(input);
-            return Base64.encode(digestBytes);
+            return Base64.getMimeEncoder().encodeToString(digestBytes);
         } catch (WSSecurityException e) {
             //REVISIT
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index f1cd30c..0660109 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j;
 
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
@@ -70,7 +71,6 @@ import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
 import org.apache.wss4j.policy.model.SupportingTokens;
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -126,7 +126,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
                             UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal)principal;
                             String nonce = null;
                             if (utPrincipal.getNonce() != null) {
-                                nonce = Base64.encode(utPrincipal.getNonce());
+                                nonce = Base64.getMimeEncoder().encodeToString(utPrincipal.getNonce());
                             }
                             subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(),
                                     utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
@@ -236,7 +236,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor
{
         
         WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(),
ut.isHashed());
         if (ut.getNonce() != null) {
-            principal.setNonce(Base64.decode(ut.getNonce()));
+            principal.setNonce(Base64.getMimeDecoder().decode(ut.getNonce()));
         }
         principal.setPassword(ut.getPassword());
         principal.setCreatedTime(ut.getCreated());

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 789b9ff..9d57e0d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Date;
 import java.util.List;
 import java.util.logging.Level;
@@ -78,7 +79,6 @@ import org.apache.wss4j.policy.model.SpnegoContextToken;
 import org.apache.wss4j.policy.model.SymmetricBinding;
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.X509Token;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -941,7 +941,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
     private static String getSHA1(byte[] input) {
         try {
             byte[] digestBytes = KeyUtils.generateDigest(input);
-            return Base64.encode(digestBytes);
+            return Base64.getMimeEncoder().encodeToString(digestBytes);
         } catch (WSSecurityException e) {
             //REVISIT
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
index 0a4a3dd..6d26523 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collection;
 import java.util.List;
 
@@ -42,7 +43,6 @@ import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.KerberosToken;
 import org.apache.wss4j.policy.model.KerberosToken.ApReqTokenType;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * Validate a WSSecurityEngineResult corresponding to the processing of a Kerberos Token
@@ -162,7 +162,7 @@ public class KerberosTokenPolicyValidator extends AbstractSecurityPolicyValidato
         token.setTokenType(binarySecurityToken.getValueType());
         byte[] tokenBytes = binarySecurityToken.getToken();
         try {
-            token.setSHA1(Base64.encode(KeyUtils.generateDigest(tokenBytes)));
+            token.setSHA1(Base64.getMimeEncoder().encodeToString(KeyUtils.generateDigest(tokenBytes)));
         } catch (WSSecurityException e) {
             // Just consume this for now as it isn't critical...
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
index cbe940e..fbbbdd8 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
@@ -250,7 +250,7 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport
{
             && parameters.getAppliesToAddress() != null) {
             scope = getAppliesToScopeMapping().get(parameters.getAppliesToAddress());
             if (LOG.isLoggable(Level.FINE)) {
-                LOG.fine("AppliesTo matchs with scope: " + scope);
+                LOG.fine("AppliesTo matches with scope: " + scope);
             }
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
index cbbd573..2392d60 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/UsernameTokenValidator.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.sts.token.validator;
 
 import java.security.Principal;
+import java.util.Base64;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@@ -57,8 +58,6 @@ import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.Validator;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * This class validates a wsse UsernameToken.
@@ -238,8 +237,6 @@ public class UsernameTokenValidator implements TokenValidator {
             LOG.fine("Username Token successfully validated");
         } catch (WSSecurityException ex) {
             LOG.log(Level.WARNING, "", ex);
-        } catch (Base64DecodingException ex) {
-            LOG.log(Level.WARNING, "", ex);
         }
         
         return response;
@@ -255,13 +252,15 @@ public class UsernameTokenValidator implements TokenValidator {
         String passwordType,
         String nonce,
         String createdTime
-    ) throws Base64DecodingException {
+    ) {
         boolean hashed = false;
         if (WSConstants.PASSWORD_DIGEST.equals(passwordType)) {
             hashed = true;
         }
         WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(username,
hashed);
-        principal.setNonce(Base64.decode(nonce));
+        if (nonce != null) {
+            principal.setNonce(Base64.getMimeDecoder().decode(nonce));
+        }
         principal.setPassword(passwordValue);
         principal.setCreatedTime(createdTime);
         principal.setPasswordType(passwordType);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
index e4fc41d..08da7d3 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
@@ -22,6 +22,7 @@ import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 import java.util.Properties;
@@ -75,7 +76,6 @@ import org.apache.wss4j.dom.handler.RequestData;
 import org.apache.wss4j.dom.message.WSSecEncryptedKey;
 import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * Some unit tests for the issue operation to issue SAML tokens.
@@ -1487,7 +1487,7 @@ public class IssueSamlUnitTest extends org.junit.Assert {
         Element x509Data = doc.createElementNS(WSConstants.SIG_NS, "ds:X509Data");
         x509Data.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:ds", WSConstants.SIG_NS);
         Element x509Cert = doc.createElementNS(WSConstants.SIG_NS, "ds:X509Certificate");
-        Text certText = doc.createTextNode(Base64.encode(certs[0].getEncoded()));
+        Text certText = doc.createTextNode(Base64.getMimeEncoder().encodeToString(certs[0].getEncoded()));
         x509Cert.appendChild(certText);
         x509Data.appendChild(x509Cert);
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateX509TokenUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateX509TokenUnitTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateX509TokenUnitTest.java
index 21c5114..b320465 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateX509TokenUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateX509TokenUnitTest.java
@@ -21,6 +21,7 @@ package org.apache.cxf.sts.operation;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.List;
 import java.util.Properties;
 
@@ -47,7 +48,6 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.principal.CustomTokenPrincipal;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * Some unit tests for the validate operation to validate X.509 tokens.
@@ -247,7 +247,7 @@ public class ValidateX509TokenUnitTest extends org.junit.Assert {
         X509Certificate cert
     ) throws Exception {
         BinarySecurityTokenType binarySecurityToken = new BinarySecurityTokenType();
-        binarySecurityToken.setValue(Base64.encode(cert.getEncoded()));
+        binarySecurityToken.setValue(Base64.getMimeEncoder().encodeToString(cert.getEncoded()));
         binarySecurityToken.setValueType(X509TokenValidator.X509_V3_TYPE);
         binarySecurityToken.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
         JAXBElement<BinarySecurityTokenType> tokenType = 

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java
index 9521e28..70a6c34 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java
@@ -20,6 +20,7 @@ package org.apache.cxf.sts.token.validator;
 
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 import java.util.Properties;
 
 import javax.xml.bind.JAXBElement;
@@ -41,7 +42,6 @@ import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.CustomTokenPrincipal;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.xml.security.utils.Base64;
 
 
 /**
@@ -69,7 +69,7 @@ public class X509TokenValidatorTest extends org.junit.Assert {
         Crypto crypto = validatorParameters.getStsProperties().getSignatureCrypto();
         X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
         assertTrue(certs != null && certs.length > 0);
-        binarySecurityToken.setValue(Base64.encode(certs[0].getEncoded()));
+        binarySecurityToken.setValue(Base64.getMimeEncoder().encodeToString(certs[0].getEncoded()));
         
         ReceivedToken validateTarget = new ReceivedToken(tokenType);
         tokenRequirements.setValidateTarget(validateTarget);
@@ -120,7 +120,7 @@ public class X509TokenValidatorTest extends org.junit.Assert {
         X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
         assertTrue(certs != null && certs.length > 0);
         
-        binarySecurityToken.setValue(Base64.encode(certs[0].getEncoded()));
+        binarySecurityToken.setValue(Base64.getMimeEncoder().encodeToString(certs[0].getEncoded()));
         binarySecurityToken.setValueType(X509TokenValidator.X509_V3_TYPE);
         binarySecurityToken.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
index 5d06446..a04391a 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
@@ -25,6 +25,7 @@ import java.net.URL;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -110,11 +111,9 @@ import org.apache.wss4j.policy.model.AlgorithmSuite;
 import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
-import org.apache.xml.security.exceptions.Base64DecodingException;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
 import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * A primitive STSClient for batch tokens. Note that this contains a number of hacks and
should NOT be
@@ -665,7 +664,7 @@ public class SimpleBatchSTSClient implements Configurable, InterceptorProvider
{
                 requestorEntropy = WSSecurityUtil
                     .generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
             }
-            writer.writeCharacters(Base64.encode(requestorEntropy));
+            writer.writeCharacters(Base64.getMimeEncoder().encodeToString(requestorEntropy));
 
             writer.writeEndElement();
             writer.writeEndElement();
@@ -842,7 +841,7 @@ public class SimpleBatchSTSClient implements Configurable, InterceptorProvider
{
     }
 
     protected SecurityToken createSecurityToken(Element el, byte[] requestorEntropy)
-        throws WSSecurityException, Base64DecodingException {
+        throws WSSecurityException {
 
         if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
             el = DOMUtils.getFirstElement(el);
@@ -899,7 +898,7 @@ public class SimpleBatchSTSClient implements Configurable, InterceptorProvider
{
             if (childQname.equals(new QName(namespace, "BinarySecret"))) {
                 // First check for the binary secret
                 String b64Secret = DOMUtils.getContent(child);
-                secret = Base64.decode(b64Secret);
+                secret = Base64.getMimeDecoder().decode(b64Secret);
             } else if (childQname.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN)))
{
                 secret = decryptKey(child);
             } else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
@@ -913,7 +912,7 @@ public class SimpleBatchSTSClient implements Configurable, InterceptorProvider
{
                         serviceEntr = decryptKey(computedKeyChild);
                     } else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret")))
{
                         String content = DOMUtils.getContent(computedKeyChild);
-                        serviceEntr = Base64.decode(content);
+                        serviceEntr = Base64.getMimeDecoder().decode(content);
                     }
                 }
                 
@@ -945,7 +944,7 @@ public class SimpleBatchSTSClient implements Configurable, InterceptorProvider
{
         return token;
     }
     
-    protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException,
Base64DecodingException {
+    protected byte[] decryptKey(Element child) throws TrustException, WSSecurityException
{
         String encryptionAlgorithm = X509Util.getEncAlgo(child);
         // For the SPNEGO case just return the decoded cipher value and decrypt it later
         if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap"))
{
@@ -958,7 +957,7 @@ public class SimpleBatchSTSClient implements Configurable, InterceptorProvider
{
                     XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
                 if (tmpE != null) {
                     String content = DOMUtils.getContent(tmpE);
-                    cipherValue = Base64.decode(content);
+                    cipherValue = Base64.getMimeDecoder().decode(content);
                 }
             }
             if (cipherValue == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e824784d/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java
index 67f5b57..2210f40 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.systest.sts.deployment;
 
+import java.util.Base64;
+
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
 import org.apache.cxf.sts.token.validator.TokenValidator;
@@ -26,7 +28,6 @@ import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
 import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
 import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
 import org.apache.wss4j.common.principal.CustomTokenPrincipal;
-import org.apache.xml.security.utils.Base64;
 
 
 /**
@@ -61,7 +62,7 @@ public class CustomBSTTokenValidator implements TokenValidator {
         //
         // Do some validation of the token here
         //
-        if (Base64.encode("12345678".getBytes()).equals(binarySecurityToken.getValue()))
{
+        if (Base64.getMimeEncoder().encodeToString("12345678".getBytes()).equals(binarySecurityToken.getValue()))
{
             validateTarget.setState(STATE.VALID);
         }
         response.setPrincipal(new CustomTokenPrincipal("alice"));


Mime
View raw message