cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [17/18] cxf-fediz git commit: Whitespace cleanup
Date Mon, 13 Feb 2017 11:36:33 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index 076f861..0cb71f5 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -56,9 +56,9 @@ import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS;
 import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS;
 
 public class MetadataWriter {
-    
+
     private static final Logger LOG = LoggerFactory.getLogger(MetadataWriter.class);
-    
+
     private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newInstance();
 
     //CHECKSTYLE:OFF
@@ -77,14 +77,14 @@ public class MetadataWriter {
             String referenceID = IDGenerator.generateID("_");
             writer.writeStartElement("md", "EntityDescriptor", SAML2_METADATA_NS);
             writer.writeAttribute("ID", referenceID);
-            
+
             String serviceURL = protocol.getApplicationServiceURL();
             if (serviceURL == null) {
                 serviceURL = extractFullContextPath(request);
             }
-            
+
             writer.writeAttribute("entityID", serviceURL);
-            
+
             writer.writeNamespace("md", SAML2_METADATA_NS);
             writer.writeNamespace("fed", WS_FEDERATION_NS);
             writer.writeNamespace("wsa", WS_ADDRESSING_NS);
@@ -96,11 +96,11 @@ public class MetadataWriter {
             } else if (protocol instanceof SAMLProtocol) {
                 writeSAMLMetadata(writer, request, config, serviceURL);
             }
-            
+
             writer.writeEndElement(); // EntityDescriptor
 
             writer.writeEndDocument();
-            
+
             streamWriter.flush();
             bout.flush();
             //
@@ -124,7 +124,7 @@ public class MetadataWriter {
                 if (hasSigningKey) {
                     Document doc = DOMUtils.readXml(is);
                     Document result = SignatureUtils.signMetaInfo(
-                        config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(), config.getSigningKey().getKeyPassword(), 
+                        config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(), config.getSigningKey().getKeyPassword(),
                         doc, referenceID);
                     if (result != null) {
                         return result;
@@ -144,7 +144,7 @@ public class MetadataWriter {
     }
 
     private void writeFederationMetadata(
-        XMLStreamWriter writer, 
+        XMLStreamWriter writer,
         FedizContext config,
         String serviceURL
     ) throws XMLStreamException {
@@ -158,7 +158,7 @@ public class MetadataWriter {
 
         writer.writeStartElement("wsa", "Address", WS_ADDRESSING_NS);
         writer.writeCharacters(serviceURL);
-        
+
         writer.writeEndElement(); // Address
         writer.writeEndElement(); // EndpointReference
         writer.writeEndElement(); // ApplicationServiceEndpoint
@@ -214,24 +214,24 @@ public class MetadataWriter {
         writer.writeEndElement(); // PassiveRequestorEndpoint
         writer.writeEndElement(); // RoleDescriptor
     }
-    
+
     private void writeSAMLMetadata(
-        XMLStreamWriter writer, 
+        XMLStreamWriter writer,
         HttpServletRequest request,
         FedizContext config,
         String serviceURL
     ) throws Exception {
-        
+
         SAMLProtocol protocol = (SAMLProtocol)config.getProtocol();
-        
+
         writer.writeStartElement("md", "SPSSODescriptor", SAML2_METADATA_NS);
         writer.writeAttribute("AuthnRequestsSigned", Boolean.toString(protocol.isSignRequest()));
         writer.writeAttribute("WantAssertionsSigned", "true");
         writer.writeAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol");
-        
+
         if (config.getLogoutURL() != null) {
             writer.writeStartElement("md", "SingleLogoutService", SAML2_METADATA_NS);
-            
+
             String logoutURL = config.getLogoutURL();
             if (logoutURL.startsWith("/")) {
                 logoutURL = extractFullContextPath(request).concat(logoutURL.substring(1));
@@ -239,39 +239,39 @@ public class MetadataWriter {
                 logoutURL = extractFullContextPath(request).concat(logoutURL);
             }
             writer.writeAttribute("Location", logoutURL);
-            
+
             writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
             writer.writeEndElement(); // SingleLogoutService
         }
-        
+
         writer.writeStartElement("md", "AssertionConsumerService", SAML2_METADATA_NS);
         writer.writeAttribute("Location", serviceURL);
         writer.writeAttribute("index", "0");
         writer.writeAttribute("isDefault", "true");
         writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
         writer.writeEndElement(); // AssertionConsumerService
-        
+
         if (protocol.getClaimTypesRequested() != null && !protocol.getClaimTypesRequested().isEmpty()) {
             writer.writeStartElement("md", "AttributeConsumingService", SAML2_METADATA_NS);
             writer.writeAttribute("index", "0");
-            
+
             writer.writeStartElement("md", "ServiceName", SAML2_METADATA_NS);
             writer.writeAttribute("xml:lang", "en");
             writer.writeCharacters(config.getName());
             writer.writeEndElement(); // ServiceName
-            
+
             for (Claim claim : protocol.getClaimTypesRequested()) {
                 writer.writeStartElement("md", "RequestedAttribute", SAML2_METADATA_NS);
                 writer.writeAttribute("isRequired", Boolean.toString(claim.isOptional()));
                 writer.writeAttribute("Name", claim.getType());
-                writer.writeAttribute("NameFormat", 
+                writer.writeAttribute("NameFormat",
                                       "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
                 writer.writeEndElement(); // RequestedAttribute
             }
-            
+
             writer.writeEndElement(); // AttributeConsumingService
         }
-        
+
         boolean hasSigningKey = false;
         try {
             if (config.getSigningKey().getCrypto() != null) {
@@ -283,7 +283,7 @@ public class MetadataWriter {
         if (protocol.isSignRequest() && hasSigningKey) {
             writer.writeStartElement("md", "KeyDescriptor", SAML2_METADATA_NS);
             writer.writeAttribute("use", "signing");
-            
+
             writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
             writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
             writer.writeStartElement("ds", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
@@ -294,23 +294,23 @@ public class MetadataWriter {
             if (keyAlias == null || "".equals(keyAlias)) {
                 keyAlias = config.getSigningKey().getCrypto().getDefaultX509Identifier();
             }
-            X509Certificate cert = 
+            X509Certificate cert =
                 CertsUtils.getX509CertificateFromCrypto(config.getSigningKey().getCrypto(), keyAlias);
             if (cert == null) {
                 throw new ProcessingException(
-                    "No signing certs were found to insert into the metadata using name: " 
+                    "No signing certs were found to insert into the metadata using name: "
                         + keyAlias);
             }
             byte data[] = cert.getEncoded();
             String encodedCertificate = Base64.encode(data);
             writer.writeCharacters(encodedCertificate);
-            
+
             writer.writeEndElement(); // X509Certificate
             writer.writeEndElement(); // X509Data
             writer.writeEndElement(); // KeyInfo
             writer.writeEndElement(); // KeyDescriptor
         }
-        
+
         writer.writeEndElement(); // SPSSODescriptor
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
index fa7e49d..cad8c60 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/AbstractFedizProcessor.java
@@ -38,7 +38,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public abstract class AbstractFedizProcessor implements FedizProcessor {
-    
+
     private static final Logger LOG = LoggerFactory.getLogger(AbstractFedizProcessor.class);
 
     protected String resolveIssuer(HttpServletRequest request, FedizContext config) throws IOException,
@@ -74,8 +74,8 @@ public abstract class AbstractFedizProcessor implements FedizProcessor {
         }
         return wtRealm;
     }
-    
-    protected void testForReplayAttack(String tokenId, FedizContext config, Date expires) 
+
+    protected void testForReplayAttack(String tokenId, FedizContext config, Date expires)
         throws ProcessingException {
         // Check whether token already used for signin
         if (tokenId != null && config.isDetectReplayedTokens()) {
@@ -118,5 +118,5 @@ public abstract class AbstractFedizProcessor implements FedizProcessor {
         }
         return result;
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 0066c11..cc03440 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -155,7 +155,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
             }
             el = DOMUtils.getNextElement(el);
         }
-        
+
         if (LOG.isDebugEnabled()) {
             if (rst != null) {
                 LOG.debug("RST: {}", DOM2Writer.nodeToString(rst));
@@ -165,7 +165,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
             }
         }
         LOG.debug("Tokentype: {}", tt);
-        
+
         if (rst == null) {
             LOG.warn("RequestedSecurityToken element not found in wresult");
             throw new ProcessingException(TYPE.BAD_REQUEST);
@@ -209,8 +209,8 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
         }
         testForReplayAttack(validatorResponse.getUniqueTokenId(), config, expires);
         testForMandatoryClaims(((FederationProtocol)config.getProtocol()).getRoleURI(),
-                              ((FederationProtocol)config.getProtocol()).getClaimTypesRequested(), 
-                              validatorResponse.getClaims(), 
+                              ((FederationProtocol)config.getProtocol()).getClaimTypesRequested(),
+                              validatorResponse.getClaims(),
                               validatorResponse.getRoles() != null && !validatorResponse.getRoles().isEmpty());
 
         Date created = validatorResponse.getCreated();
@@ -510,7 +510,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
                 if (logoutRedirectToConstraint == null) {
                     LOG.debug("No regular expression constraint configured for logout. Ignoring wreply parameter");
                 } else {
-                    Matcher matcher = 
+                    Matcher matcher =
                         logoutRedirectToConstraint.matcher(request.getParameter(FederationConstants.PARAM_REPLY));
                     if (matcher.matches()) {
                         logoutRedirectTo = request.getParameter(FederationConstants.PARAM_REPLY);
@@ -520,11 +520,11 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
                     }
                 }
             }
-            
+
             if (logoutRedirectTo == null || logoutRedirectTo.isEmpty()) {
                 logoutRedirectTo = config.getLogoutRedirectTo();
             }
-            
+
             if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
                 if (logoutRedirectTo.startsWith("/")) {
                     logoutRedirectTo = extractFullContextPath(request).concat(logoutRedirectTo.substring(1));
@@ -536,7 +536,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
                 sb.append('&').append(FederationConstants.PARAM_REPLY).append('=');
                 sb.append(URLEncoder.encode(logoutRedirectTo, "UTF-8"));
             }
-            
+
             String signOutQuery = resolveSignOutQuery(request, config);
             LOG.debug("SignIn Query: {}", signOutQuery);
 
@@ -544,7 +544,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
             if (signOutQuery != null && signOutQuery.length() > 0) {
                 sb.append('&').append(signOutQuery);
             }
-            
+
             redirectURL = redirectURL + "?" + sb.toString();
         } catch (Exception ex) {
             LOG.error("Failed to create SignInRequest", ex);
@@ -585,7 +585,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
         }
         return signInQuery;
     }
-    
+
     private String resolveSignOutQuery(HttpServletRequest request, FedizContext config) throws IOException,
         UnsupportedCallbackException, UnsupportedEncodingException {
         Object signOutQueryObj = ((FederationProtocol)config.getProtocol()).getSignOutQuery();
@@ -662,7 +662,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
         LOG.debug("Users home realm will be set to {}", homeRealm);
         return homeRealm;
     }
-    
+
     private String resolveHomeRealm(Object cbh, HttpServletRequest request) {
         if (cbh instanceof CallbackHandler) {
             CallbackHandler hrCBH = (CallbackHandler)cbh;
@@ -716,7 +716,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
         }
         return wReq;
     }
-    
+
     private String resolveReply(HttpServletRequest request, FedizContext config) throws IOException,
         UnsupportedCallbackException {
         Object replyObj = ((FederationProtocol)config.getProtocol()).getReply();
@@ -735,9 +735,9 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
         }
         return reply;
     }
-    
+
     private void testForMandatoryClaims(String roleURI,
-                                        List<org.apache.cxf.fediz.core.config.Claim> requestedClaims, 
+                                        List<org.apache.cxf.fediz.core.config.Claim> requestedClaims,
                                         List<org.apache.cxf.fediz.core.Claim> receivedClaims,
                                         boolean foundRoles
     ) throws ProcessingException {
@@ -752,7 +752,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
                         }
                     }
                     if (!found && foundRoles && roleURI != null && roleURI.equals(requestedClaim.getType())) {
-                        // Maybe the requested claim is a role, which has already been removed 
+                        // Maybe the requested claim is a role, which has already been removed
                         // from the claims collection
                         found = true;
                     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
index 846ebf8..0e7ea7b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessor.java
@@ -32,7 +32,7 @@ public interface FedizProcessor {
     FedizResponse processRequest(
         FedizRequest request, FedizContext config
     ) throws ProcessingException;
-    
+
     RedirectionResponse createSignInRequest(
         HttpServletRequest request, FedizContext config
     ) throws ProcessingException;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
index ebc441e..eb8ecb3 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizProcessorFactory.java
@@ -27,7 +27,7 @@ import org.apache.cxf.fediz.core.config.SAMLProtocol;
  * A Factory to return FedizProcessor instances depending on the Protocol
  */
 public final class FedizProcessorFactory {
-    
+
     private FedizProcessorFactory() {
         // complete
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
index e71c0cb..4b07a57 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizRequest.java
@@ -30,7 +30,7 @@ import org.apache.cxf.fediz.core.RequestState;
 public class FedizRequest implements Serializable {
 
     private static final long serialVersionUID = 1L;
-    
+
     private String action;
     private String responseToken;
     private String freshness;
@@ -88,5 +88,5 @@ public class FedizRequest implements Serializable {
     public void setRequestState(RequestState requestState) {
         this.requestState = requestState;
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
index 255765d..0c0ae33 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FedizResponse.java
@@ -31,7 +31,7 @@ import org.apache.cxf.fediz.core.Claim;
 public class FedizResponse implements Serializable {
 
     private static final long serialVersionUID = 1L;
-    
+
     private String audience;
     private String username;
     private List<String> roles;
@@ -51,7 +51,7 @@ public class FedizResponse implements Serializable {
     private Date tokenExpires;
 
     //CHECKSTYLE:OFF
-    public FedizResponse(String username, String issuer, List<String> roles, List<Claim> claims, String audience, 
+    public FedizResponse(String username, String issuer, List<String> roles, List<Claim> claims, String audience,
         Date created, Date expires, Element token, String uniqueTokenId) {
         this.username = username;
         this.issuer = issuer;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
index 96589a0..91ded34 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/RedirectionResponse.java
@@ -31,23 +31,23 @@ import org.apache.cxf.fediz.core.RequestState;
 public class RedirectionResponse implements Serializable {
 
     private static final long serialVersionUID = 3182350165552249151L;
-    
+
     private String redirectionURL;
     private Map<String, String> headers = new HashMap<>();
     private RequestState requestState;
-    
+
     public String getRedirectionURL() {
         return redirectionURL;
     }
-    
+
     public void setRedirectionURL(String redirectionURL) {
         this.redirectionURL = redirectionURL;
     }
-    
+
     public Map<String, String> getHeaders() {
         return headers;
     }
-    
+
     public void addHeader(String headerName, String headerValue) {
         headers.put(headerName, headerValue);
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 6fb50fa..6233c60 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -69,7 +69,7 @@ import org.slf4j.LoggerFactory;
 public class SAMLProcessorImpl extends AbstractFedizProcessor {
 
     private static final Logger LOG = LoggerFactory.getLogger(SAMLProcessorImpl.class);
-    
+
     static {
         OpenSAMLUtil.initSamlEngine();
     }
@@ -85,25 +85,25 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
     public FedizResponse processRequest(FedizRequest request,
                                              FedizContext config)
         throws ProcessingException {
-        
+
         if (!(config.getProtocol() instanceof SAMLProtocol)) {
             LOG.error("Unsupported protocol");
             throw new IllegalStateException("Unsupported protocol");
         }
-        
+
         if (request.getResponseToken() == null || request.getState() == null) {
             LOG.error("Missing response token or RelayState parameters");
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
-        
+
         return processSignInRequest(request, config);
     }
-    
+
 
     public Document getMetaData(HttpServletRequest request, FedizContext config) throws ProcessingException {
         return new MetadataWriter().getMetaData(request, config);
     }
-    
+
     private RequestState processRelayState(
         String relayState, RequestState requestState
     ) throws ProcessingException {
@@ -117,14 +117,14 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
         }
         return requestState;
     }
-    
+
     protected FedizResponse processSignInRequest(
             FedizRequest request, FedizContext config)
         throws ProcessingException {
         SAMLProtocol protocol = (SAMLProtocol)config.getProtocol();
-        RequestState requestState = 
+        RequestState requestState =
             processRelayState(request.getState(), request.getRequestState());
-        
+
         InputStream tokenStream = null;
         try {
             byte[] deflatedToken = Base64.decode(request.getResponseToken());
@@ -138,7 +138,7 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
         } catch (Base64DecodingException e) {
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
-        
+
         Document doc = null;
         Element el = null;
         try {
@@ -149,9 +149,9 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             LOG.warn("Failed to parse token: " + e.getMessage());
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
-        
+
         LOG.debug("Received response: " + DOM2Writer.nodeToString(el));
-        
+
         XMLObject responseObject = null;
         try {
             responseObject = OpenSAMLUtil.fromDom(el);
@@ -162,31 +162,31 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
         if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
-        
+
         // Validate the Response
         validateSamlResponseProtocol((org.opensaml.saml.saml2.core.Response)responseObject, config);
-        
-        SSOValidatorResponse ssoValidatorResponse = 
-            validateSamlSSOResponse((org.opensaml.saml.saml2.core.Response)responseObject, 
+
+        SSOValidatorResponse ssoValidatorResponse =
+            validateSamlSSOResponse((org.opensaml.saml.saml2.core.Response)responseObject,
                                 request.getRequest(), requestState, config);
-        
+
         // Validate the internal assertion(s)
         TokenValidatorResponse validatorResponse = null;
-        List<Element> assertions = 
+        List<Element> assertions =
             DOMUtils.getChildrenWithName(el, SAMLConstants.SAML20_NS, "Assertion");
-        
+
         if (assertions.isEmpty()) {
             LOG.debug("No Assertion extracted from SAML Response");
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
         Element token = assertions.get(0);
-            
+
         List<TokenValidator> validators = protocol.getTokenValidators();
         for (TokenValidator validator : validators) {
             boolean canHandle = validator.canHandleToken(token);
             if (canHandle) {
                 try {
-                    TokenValidatorRequest validatorRequest = 
+                    TokenValidatorRequest validatorRequest =
                         new TokenValidatorRequest(token, request.getCerts());
                     validatorResponse = validator.validateAndProcessToken(validatorRequest, config);
                 } catch (ProcessingException ex) {
@@ -201,19 +201,19 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                 throw new ProcessingException(TYPE.BAD_REQUEST);
             }
         }
-        
+
         if (validatorResponse == null) {
             LOG.warn("No token validation response was available");
             throw new ProcessingException(TYPE.BAD_REQUEST);
         }
-        
+
         // Check whether token already used for signin
         Date expires = validatorResponse.getExpires();
         if (expires == null) {
             expires = ssoValidatorResponse.getSessionNotOnOrAfter();
         }
         testForReplayAttack(validatorResponse.getUniqueTokenId(), config, expires);
-        
+
         FedizResponse fedResponse = new FedizResponse(
                 validatorResponse.getUsername(), validatorResponse.getIssuer(),
                 validatorResponse.getRoles(), validatorResponse.getClaims(),
@@ -225,10 +225,10 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
 
         return fedResponse;
     }
-    
+
     /**
      * Validate the received SAML Response as per the protocol
-     * @throws ProcessingException 
+     * @throws ProcessingException
      */
     protected void validateSamlResponseProtocol(
         org.opensaml.saml.saml2.core.Response samlResponse,
@@ -242,10 +242,10 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             throw new ProcessingException(TYPE.INVALID_REQUEST);
         }
     }
-    
+
     /**
      * Validate the received SAML Response as per the Web SSO profile
-     * @throws ProcessingException 
+     * @throws ProcessingException
      */
     protected SSOValidatorResponse validateSamlSSOResponse(
         org.opensaml.saml.saml2.core.Response samlResponse,
@@ -258,8 +258,8 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             String requestURL = request.getRequestURL().toString();
             ssoResponseValidator.setAssertionConsumerURL(requestURL);
             ssoResponseValidator.setClientAddress(request.getRemoteAddr());
-            
-            boolean doNotEnforceKnownIssuer = 
+
+            boolean doNotEnforceKnownIssuer =
                 ((SAMLProtocol)config.getProtocol()).isDoNotEnforceKnownIssuer();
             ssoResponseValidator.setEnforceKnownIssuer(!doNotEnforceKnownIssuer);
 
@@ -286,32 +286,32 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                 LOG.error("Unsupported protocol");
                 throw new IllegalStateException("Unsupported protocol");
             }
-            
+
             String issuerURL = resolveIssuer(request, config);
             LOG.info("Issuer url: " + issuerURL);
             if (issuerURL != null && issuerURL.length() > 0) {
                 redirectURL = issuerURL;
             }
-            
-            SAMLPRequestBuilder samlpRequestBuilder = 
+
+            SAMLPRequestBuilder samlpRequestBuilder =
                 ((SAMLProtocol)config.getProtocol()).getSAMLPRequestBuilder();
-            
+
             Document doc = DOMUtils.createDocument();
             doc.appendChild(doc.createElement("root"));
-     
+
             // Create the AuthnRequest
             String requestURL = request.getRequestURL().toString();
             String realm = resolveWTRealm(request, config);
-            AuthnRequest authnRequest = 
+            AuthnRequest authnRequest =
                 samlpRequestBuilder.createAuthnRequest(realm, requestURL);
-            
+
             if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
                 authnRequest.setDestination(redirectURL);
             }
-            
+
             Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
             String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
-            
+
             String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
             RequestState requestState = new RequestState();
             requestState.setTargetAddress(requestURL);
@@ -321,34 +321,34 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             requestState.setWebAppContext(authnRequest.getIssuer().getValue());
             requestState.setState(relayState);
             requestState.setCreatedAt(System.currentTimeMillis());
-            
-            String urlEncodedRequest = 
+
+            String urlEncodedRequest =
                 URLEncoder.encode(authnRequestEncoded, "UTF-8");
-            
+
             StringBuilder sb = new StringBuilder();
             sb.append(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest);
             sb.append("&" + SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
-            
+
             if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
                 String signature = signRequest(config, sb);
                 sb.append("&" + SAMLSSOConstants.SIGNATURE).append('=').append(signature);
             }
-            
+
             RedirectionResponse response = new RedirectionResponse();
             response.addHeader("Cache-Control", "no-cache, no-store");
             response.addHeader("Pragma", "no-cache");
             response.setRequestState(requestState);
-            
+
             redirectURL = redirectURL + "?" + sb.toString();
             response.setRedirectionURL(redirectURL);
-            
+
             return response;
         } catch (Exception ex) {
             LOG.error("Failed to create SignInRequest", ex);
             throw new ProcessingException("Failed to create SignInRequest");
         }
     }
-    
+
     /**
      * Sign a request according to the redirect binding spec for Web SSO
      */
@@ -371,14 +371,14 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             LOG.debug("No signature password available");
             throw new ProcessingException("Failed to Sign Request");
         }
-        
+
         // Get the private key
         PrivateKey privateKey = crypto.getPrivateKey(signatureUser, signaturePassword);
         if (privateKey == null) {
             LOG.debug("No private key available");
             throw new ProcessingException("Failed to Sign Request");
         }
-        
+
         String sigAlgo = WSConstants.RSA_SHA1;
         String jceSigAlgo = "SHA1withRSA";
         LOG.debug("automatic sig algo detection: " + privateKey.getAlgorithm());
@@ -387,22 +387,22 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
             jceSigAlgo = "SHA1withDSA";
         }
         LOG.debug("Using Signature algorithm " + sigAlgo);
-        
+
         // Sign the request
         Signature signature = Signature.getInstance(jceSigAlgo);
         signature.initSign(privateKey);
-       
+
         sb.append("&" + SAMLSSOConstants.SIG_ALG).append('=').append(URLEncoder.encode(sigAlgo, "UTF-8"));
         String requestToSign = sb.toString();
 
         signature.update(requestToSign.getBytes("UTF-8"));
         byte[] signBytes = signature.sign();
-        
+
         String encodedSignature = Base64.encode(signBytes);
-        
+
         return URLEncoder.encode(encodedSignature, "UTF-8");
     }
-    
+
     protected String encodeAuthnRequest(Element authnRequest) throws IOException {
         String requestMessage = DOM2Writer.nodeToString(authnRequest);
 
@@ -412,11 +412,11 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
     }
 
     @Override
-    public RedirectionResponse createSignOutRequest(HttpServletRequest request, 
+    public RedirectionResponse createSignOutRequest(HttpServletRequest request,
                                                     SamlAssertionWrapper token,
                                                     FedizContext config)
         throws ProcessingException {
-        
+
         String redirectURL = null;
         try {
             if (!(config.getProtocol() instanceof SAMLProtocol)) {
@@ -436,52 +436,52 @@ public class SAMLProcessorImpl extends AbstractFedizProcessor {
                 LOG.debug("No issuerLogoutURL or issuer parameter specified for logout");
                 throw new ProcessingException("Failed to create SignOutRequest");
             }
-            
-            SAMLPRequestBuilder samlpRequestBuilder = 
+
+            SAMLPRequestBuilder samlpRequestBuilder =
                 ((SAMLProtocol)config.getProtocol()).getSAMLPRequestBuilder();
-            
+
             Document doc = DOMUtils.createDocument();
             doc.appendChild(doc.createElement("root"));
-     
+
             // Create the LogoutRequest
             String realm = resolveWTRealm(request, config);
             String reason = "urn:oasis:names:tc:SAML:2.0:logout:user";
-            LogoutRequest logoutRequest = 
+            LogoutRequest logoutRequest =
                 samlpRequestBuilder.createLogoutRequest(realm, reason, token);
-            
+
             if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
                 logoutRequest.setDestination(redirectURL);
             }
-            
+
             Element logoutRequestElement = OpenSAMLUtil.toDom(logoutRequest, doc);
             String logoutRequestEncoded = encodeAuthnRequest(logoutRequestElement);
-            
+
             String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
-            
-            String urlEncodedRequest = 
+
+            String urlEncodedRequest =
                 URLEncoder.encode(logoutRequestEncoded, "UTF-8");
 
             StringBuilder sb = new StringBuilder();
             sb.append(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest);
             sb.append("&" + SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
-            
+
             if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
                 String signature = signRequest(config, sb);
                 sb.append("&" + SAMLSSOConstants.SIGNATURE).append('=').append(signature);
             }
-            
+
             RedirectionResponse response = new RedirectionResponse();
             response.addHeader("Cache-Control", "no-cache, no-store");
             response.addHeader("Pragma", "no-cache");
-            
+
             redirectURL = redirectURL + "?" + sb.toString();
             response.setRedirectionURL(redirectURL);
-            
+
             return response;
         } catch (Exception ex) {
             LOG.error("Failed to create SignOutRequest", ex);
             throw new ProcessingException("Failed to create SignOutRequest");
         }
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
index a5757ef..c27f34b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/FedizSignatureTrustValidator.java
@@ -38,25 +38,25 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * This class verifies trust in a signature.. 
+ * This class verifies trust in a signature..
  */
 public class FedizSignatureTrustValidator implements Validator {
-    
+
     private static final Logger LOG = LoggerFactory.getLogger(FedizSignatureTrustValidator.class);
-    
+
     public enum TrustType { CHAIN_TRUST, CHAIN_TRUST_CONSTRAINTS, PEER_TRUST }
-    
+
     /**
      * Defines the kind of trust which is required
      */
     private TrustType signatureTrustType = TrustType.CHAIN_TRUST;
-        
+
     /**
      * a collection of compiled regular expression patterns for the subject DN
      */
     private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
-    
-    
+
+
     /**
      * Set the kind of trust. The default is CHAIN_TRUST.
      */
@@ -74,12 +74,12 @@ public class FedizSignatureTrustValidator implements Validator {
             subjectDNPatterns.addAll(constraints);
         }
     }
-    
+
     /**
      * Validate the credential argument. It must contain either some Certificates or a PublicKey.
-     * 
+     *
      * A Crypto and a CallbackHandler implementation is required to be set.
-     * 
+     *
      * @param credential the Credential to be validated
      * @param data the RequestData associated with the request
      * @throws WSSecurityException on a failed validation
@@ -90,12 +90,12 @@ public class FedizSignatureTrustValidator implements Validator {
                 && credential.getPublicKey() == null)) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
         }
-        
+
         verifyTrust(credential, data);
-        
+
         return credential;
     }
-    
+
     /**
      * Verify trust in the credential.
      * @param credential the Credential to be validated
@@ -113,7 +113,7 @@ public class FedizSignatureTrustValidator implements Validator {
         if (crypto == null) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
         }
-        
+
         if (certs != null && certs.length > 0) {
             validateCertificates(certs);
             verifyTrustInCerts(certs, crypto, data, data.isRevocationEnabled());
@@ -143,7 +143,7 @@ public class FedizSignatureTrustValidator implements Validator {
      * Validate the certificates by checking the validity of each cert
      * @throws WSSecurityException
      */
-    protected void validateCertificates(X509Certificate[] certificates) 
+    protected void validateCertificates(X509Certificate[] certificates)
         throws WSSecurityException {
         try {
             for (int i = 0; i < certificates.length; i++) {
@@ -159,10 +159,10 @@ public class FedizSignatureTrustValidator implements Validator {
             );
         }
     }
-    
+
     /**
      * Evaluate whether the given certificate chain should be trusted.
-     * 
+     *
      * @param certificates the certificate chain that should be validated against the keystore
      * @param crypto A Crypto instance
      * @param data A RequestData instance
@@ -170,13 +170,13 @@ public class FedizSignatureTrustValidator implements Validator {
      * @throws WSSecurityException if the certificate chain is not trusted
      */
     protected void verifyTrustInCerts(
-        X509Certificate[] certificates, 
+        X509Certificate[] certificates,
         Crypto crypto,
         RequestData data,
         boolean enableRevocation
     ) throws WSSecurityException {
         //
-        // Use the validation method from the crypto to check whether the subjects' 
+        // Use the validation method from the crypto to check whether the subjects'
         // certificate was really signed by the issuer stated in the certificate
         //
         crypto.verifyTrust(certificates, enableRevocation, null);
@@ -187,16 +187,16 @@ public class FedizSignatureTrustValidator implements Validator {
             );
         }
     }
-    
+
     /**
      * Validate a public key
      * @throws WSSecurityException
      */
-    protected void validatePublicKey(PublicKey publicKey, Crypto crypto) 
+    protected void validatePublicKey(PublicKey publicKey, Crypto crypto)
         throws WSSecurityException {
         crypto.verifyTrust(publicKey);
     }
-    
+
     /**
      * @return true if the certificate's SubjectDN matches the constraints
      *         defined in the subject DNConstraints; false, otherwise. The
@@ -224,5 +224,5 @@ public class FedizSignatureTrustValidator implements Validator {
 
         return true;
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
index 7f4eb66..a629d8a 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
@@ -67,7 +67,7 @@ import org.slf4j.LoggerFactory;
 public class SAMLTokenValidator implements TokenValidator {
 
     private static final Logger LOG = LoggerFactory.getLogger(SAMLTokenValidator.class);
-    
+
 
     @Override
     public boolean canHandleTokenType(String tokenType) {
@@ -80,12 +80,12 @@ public class SAMLTokenValidator implements TokenValidator {
         String ns = token.getNamespaceURI();
         return WSConstants.SAML2_NS.equals(ns) || WSConstants.SAML_NS.equals(ns);
     }
-    
+
     public TokenValidatorResponse validateAndProcessToken(TokenValidatorRequest request,
             FedizContext config) throws ProcessingException {
 
         Element token = request.getToken();
-        try {          
+        try {
             RequestData requestData = new RequestData();
             WSSConfig wssConfig = WSSConfig.getNewInstance();
             requestData.setWssConfig(wssConfig);
@@ -102,16 +102,16 @@ public class SAMLTokenValidator implements TokenValidator {
             WSDocInfo docInfo = new WSDocInfo(token.getOwnerDocument());
             Signature sig = assertion.getSignature();
             KeyInfo keyInfo = sig.getKeyInfo();
-            SAMLKeyInfo samlKeyInfo = 
+            SAMLKeyInfo samlKeyInfo =
                 org.apache.wss4j.common.saml.SAMLUtil.getCredentialFromKeyInfo(
-                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo), 
+                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo),
                     requestData.getSigVerCrypto()
                 );
             assertion.verifySignature(samlKeyInfo);
-            
+
             // Parse the subject if it exists
             assertion.parseSubject(
-                new WSSSAMLKeyInfoProcessor(requestData, docInfo), requestData.getSigVerCrypto(), 
+                new WSSSAMLKeyInfoProcessor(requestData, docInfo), requestData.getSigVerCrypto(),
                 requestData.getCallbackHandler()
             );
 
@@ -123,10 +123,10 @@ public class SAMLTokenValidator implements TokenValidator {
 
             SamlAssertionValidator trustValidator = new SamlAssertionValidator();
             trustValidator.setFutureTTL(config.getMaximumClockSkew().intValue());
-            
+
             boolean trusted = false;
             String assertionIssuer = assertion.getIssuerString();
-            
+
             List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
             for (TrustedIssuer ti : trustedIssuers) {
                 Pattern subjectConstraint = ti.getCompiledSubject();
@@ -134,14 +134,14 @@ public class SAMLTokenValidator implements TokenValidator {
                 if (subjectConstraint != null) {
                     subjectConstraints.add(subjectConstraint);
                 }
-                
+
                 if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
                     trustValidator.setSubjectConstraints(subjectConstraints);
                     trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
                 } else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
                     trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
                 } else {
-                    throw new IllegalStateException("Unsupported certificate validation method: " 
+                    throw new IllegalStateException("Unsupported certificate validation method: "
                                                     + ti.getCertificateValidationMethod());
                 }
                 try {
@@ -159,7 +159,7 @@ public class SAMLTokenValidator implements TokenValidator {
                     if (trusted) {
                         break;
                     }
-                    
+
                 } catch (Exception ex) {
                     if (LOG.isInfoEnabled()) {
                         LOG.info("Issuer '" + assertionIssuer + "' doesn't match trusted issuer '" + ti.getName()
@@ -167,7 +167,7 @@ public class SAMLTokenValidator implements TokenValidator {
                     }
                 }
             }
-            
+
             if (!trusted) {
                 // Condition already checked in SamlAssertionValidator
                 // Minor performance impact on untrusted and expired tokens
@@ -179,7 +179,7 @@ public class SAMLTokenValidator implements TokenValidator {
                     throw new ProcessingException(TYPE.ISSUER_NOT_TRUSTED);
                 }
             }
-            
+
             // Now check for HolderOfKey requirements
             if (!SAMLUtil.checkHolderOfKey(assertion, request.getCerts())) {
                 LOG.warn("Assertion fails holder-of-key requirements");
@@ -198,9 +198,9 @@ public class SAMLTokenValidator implements TokenValidator {
             } else {
                 claims = Collections.emptyList();
             }
-            
+
             List<String> roles = parseRoles(config, claims);
-            
+
             SAMLTokenPrincipal p = new SAMLTokenPrincipalImpl(assertion);
 
             TokenValidatorResponse response = new TokenValidatorResponse(
@@ -208,7 +208,7 @@ public class SAMLTokenValidator implements TokenValidator {
                     new ClaimCollection(claims), audience);
             response.setExpires(getExpires(assertion));
             response.setCreated(getCreated(assertion));
-            
+
             return response;
 
         } catch (WSSecurityException ex) {
@@ -216,7 +216,7 @@ public class SAMLTokenValidator implements TokenValidator {
             throw new ProcessingException(TYPE.TOKEN_INVALID);
         }
     }
-    
+
     protected List<String> parseRoles(FedizContext config, List<Claim> claims) {
         List<String> roles = null;
         Protocol protocol = config.getProtocol();
@@ -245,7 +245,7 @@ public class SAMLTokenValidator implements TokenValidator {
                 }
             }
         }
-        
+
         return roles;
     }
 
@@ -332,7 +332,7 @@ public class SAMLTokenValidator implements TokenValidator {
                     LOG.debug("parsing attribute: " + attribute.getName());
                 }
                 Claim c = new Claim();
-                // Workaround for CXF-4484 
+                // Workaround for CXF-4484
                 // Value of Attribute Name not fully qualified
                 // if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
                 // but ClaimType value must be fully qualified as Namespace attribute goes away
@@ -344,7 +344,7 @@ public class SAMLTokenValidator implements TokenValidator {
                     c.setClaimType(URI.create(attribute.getName()));
                 }
                 c.setIssuer(assertion.getIssuer().getNameQualifier());
-                
+
                 List<String> valueList = new ArrayList<>();
                 for (XMLObject attributeValue : attribute.getAttributeValues()) {
                     Element attributeValueElement = attributeValue.getDOM();
@@ -392,7 +392,7 @@ public class SAMLTokenValidator implements TokenValidator {
             claimsMap.put(c.getClaimType().toString(), c);
         }
     }
-    
+
     protected List<String> parseRoles(String value, String delim) {
         List<String> roles = new ArrayList<>();
         StringTokenizer st = new StringTokenizer(value, delim);
@@ -429,7 +429,7 @@ public class SAMLTokenValidator implements TokenValidator {
 
     }
 
-    
+
     private Date getExpires(SamlAssertionWrapper assertion) {
         DateTime validTill = null;
         if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
@@ -437,13 +437,13 @@ public class SAMLTokenValidator implements TokenValidator {
         } else {
             validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
         }
-        
+
         if (validTill == null) {
             return null;
         }
         return validTill.toDate();
     }
-    
+
     private Date getCreated(SamlAssertionWrapper assertion) {
         DateTime validFrom = null;
         if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
@@ -451,13 +451,13 @@ public class SAMLTokenValidator implements TokenValidator {
         } else {
             validFrom = assertion.getSaml1().getConditions().getNotBefore();
         }
-        
+
         if (validFrom == null) {
             return null;
         }
         return validFrom.toDate();
     }
-    
+
     /**
      * Check the Conditions of the Assertion.
      */
@@ -473,7 +473,7 @@ public class SAMLTokenValidator implements TokenValidator {
             validFrom = assertion.getSaml1().getConditions().getNotBefore();
             validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
         }
-        
+
         if (validFrom != null) {
             DateTime currentTime = new DateTime();
             currentTime = currentTime.plusSeconds(maxClockSkew);
@@ -489,6 +489,6 @@ public class SAMLTokenValidator implements TokenValidator {
         }
         return true;
     }
-    
+
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
index c534bc8..d7609d9 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLUtil.java
@@ -32,14 +32,14 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
  * Some SAML Utility methods
  */
 public final class SAMLUtil  {
-    
+
     private SAMLUtil() {
         // complete
     }
 
     /**
      * Check the holder-of-key requirements against the received assertion. The subject
-     * credential of the SAML Assertion must match a client certificate credential when 
+     * credential of the SAML Assertion must match a client certificate credential when
      * 2-way TLS is used.
      * @param assertionWrapper the SAML Assertion wrapper object
      * @param tlsCerts The client certificates
@@ -80,7 +80,7 @@ public final class SAMLUtil  {
         //
         // Try to match the TLS certs
         //
-        if (subjectCerts != null && subjectCerts.length > 0 
+        if (subjectCerts != null && subjectCerts.length > 0
             && tlsCerts[0].equals(subjectCerts[0])) {
             return true;
         } else if (subjectPublicKey != null

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
index 1dd6b01..20ede29 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
@@ -36,14 +36,14 @@ import org.apache.wss4j.dom.validate.Credential;
  * constraints.
  */
 public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAssertionValidator {
-    
+
     private TrustType signatureTrustType = TrustType.CHAIN_TRUST;
-        
+
     /**
      * a collection of compiled regular expression patterns for the subject DN
      */
     private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
-    
+
     /**
      * Set a list of Strings corresponding to regular expression constraints on
      * the subject DN of a certificate
@@ -54,7 +54,7 @@ public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAs
             subjectDNPatterns.addAll(constraints);
         }
     }
-    
+
     /**
      * Set the kind of trust. The default is CHAIN_TRUST.
      */
@@ -79,13 +79,13 @@ public class SamlAssertionValidator extends org.apache.wss4j.dom.validate.SamlAs
         SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo();
         credential.setPublicKey(samlKeyInfo.getPublicKey());
         credential.setCertificates(samlKeyInfo.getCerts());
-        
+
         FedizSignatureTrustValidator trustValidator = new FedizSignatureTrustValidator();
         trustValidator.setSignatureTrustType(signatureTrustType);
         trustValidator.setSubjectConstraints(subjectDNPatterns);
-        
+
         return trustValidator.validate(credential, data);
     }
 
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
index eb6a413..696d54c 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/CompressionUtils.java
@@ -27,17 +27,17 @@ import java.util.zip.Inflater;
 
 public final class CompressionUtils {
     private CompressionUtils() {
-        
+
     }
-    public static InputStream inflate(byte[] deflatedToken) 
+    public static InputStream inflate(byte[] deflatedToken)
         throws DataFormatException {
         return inflate(deflatedToken, true);
     }
-    public static InputStream inflate(byte[] deflatedToken, boolean nowrap) 
+    public static InputStream inflate(byte[] deflatedToken, boolean nowrap)
         throws DataFormatException {
         Inflater inflater = new Inflater(nowrap);
         inflater.setInput(deflatedToken);
-        
+
         byte[] input = new byte[deflatedToken.length * 2];
         int inflatedLen = 0;
         int inputLen = 0;
@@ -45,7 +45,7 @@ public final class CompressionUtils {
         while (!inflater.finished()) {
             inputLen = inflater.inflate(input);
             if (!inflater.finished()) {
-                
+
                 if (inputLen == 0) {
                     if (inflater.needsInput()) {
                         throw new DataFormatException("Inflater can not inflate all the token bytes");
@@ -53,7 +53,7 @@ public final class CompressionUtils {
                         break;
                     }
                 }
-                
+
                 inflatedToken = new byte[input.length + inflatedLen];
                 System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
                 inflatedLen += inputLen;
@@ -66,21 +66,21 @@ public final class CompressionUtils {
         }
         return is;
     }
-    
+
     public static byte[] deflate(byte[] tokenBytes) {
         return deflate(tokenBytes, true);
     }
-    
+
     public static byte[] deflate(byte[] tokenBytes, boolean nowrap) {
         Deflater compresser = new Deflater(Deflater.DEFLATED, nowrap);
-        
+
         compresser.setInput(tokenBytes);
         compresser.finish();
-        
+
         byte[] output = new byte[tokenBytes.length * 2];
-        
+
         int compressedDataLength = compresser.deflate(output);
-        
+
         byte[] result = new byte[compressedDataLength];
         System.arraycopy(output, 0, result, 0, compressedDataLength);
         return result;

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
index 3e61592..f34a491 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/DefaultSAMLPRequestBuilder.java
@@ -40,11 +40,11 @@ import org.opensaml.saml.saml2.core.RequestedAuthnContext;
  * Protocol AuthnRequest and LogoutRequest
  */
 public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
-    
+
     private boolean forceAuthn;
     private boolean isPassive;
     private String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
-    
+
     /**
      * Create a SAML 2.0 Protocol AuthnRequest
      */
@@ -54,12 +54,12 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
     ) throws Exception {
         Issuer issuer =
             SamlpRequestComponentBuilder.createIssuer(issuerId);
-        
+
         NameIDPolicy nameIDPolicy =
             SamlpRequestComponentBuilder.createNameIDPolicy(
                 true, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", issuerId
             );
-        
+
         AuthnContextClassRef authnCtxClassRef =
             SamlpRequestComponentBuilder.createAuthnCtxClassRef(
                 "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
@@ -69,19 +69,19 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
                 AuthnContextComparisonTypeEnumeration.EXACT,
                 Collections.singletonList(authnCtxClassRef), null
             );
-        
+
         //CHECKSTYLE:OFF
         return SamlpRequestComponentBuilder.createAuthnRequest(
-                assertionConsumerServiceAddress, 
-                forceAuthn, 
+                assertionConsumerServiceAddress,
+                forceAuthn,
                 isPassive,
-                protocolBinding, 
+                protocolBinding,
                 SAMLVersion.VERSION_20,
-                issuer, 
-                nameIDPolicy, 
+                issuer,
+                nameIDPolicy,
                 authnCtx
         );
-        
+
     }
 
     public boolean isForceAuthn() {
@@ -116,24 +116,24 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
     ) throws Exception {
         Issuer issuer =
             SamlpRequestComponentBuilder.createIssuer(issuerId);
-        
+
         NameID nameID = null;
         List<String> sessionIndices = new ArrayList<>();
-        
+
         if (authenticatedAssertion != null) {
             if (authenticatedAssertion.getSaml2() != null) {
-                org.opensaml.saml.saml2.core.Subject subject = 
+                org.opensaml.saml.saml2.core.Subject subject =
                     authenticatedAssertion.getSaml2().getSubject();
                 if (subject != null && subject.getNameID() != null) {
                     nameID = subject.getNameID();
                 }
             }
-            
+
             if (nameID != null) {
                 nameID.detach();
             }
-            
-            List<AuthnStatement> authnStatements = 
+
+            List<AuthnStatement> authnStatements =
                 authenticatedAssertion.getSaml2().getAuthnStatements();
             if (authnStatements != null && !authnStatements.isEmpty()) {
                 for (AuthnStatement authnStatement : authnStatements) {
@@ -143,7 +143,7 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
                 }
             }
         }
-        
+
         //CHECKSTYLE:OFF
         return SamlpRequestComponentBuilder.createLogoutRequest(
             issuer,
@@ -152,5 +152,5 @@ public class DefaultSAMLPRequestBuilder implements SAMLPRequestBuilder {
             sessionIndices
         );
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
index 597cc0d..4cbc275 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLPRequestBuilder.java
@@ -27,7 +27,7 @@ import org.opensaml.saml.saml2.core.LogoutRequest;
  * This interface defines a methods to create a SAML 2.0 Protocol AuthnRequest and LogoutRequest.
  */
 public interface SAMLPRequestBuilder {
-    
+
     /**
      * Create a SAML 2.0 Protocol AuthnRequest
      */
@@ -35,7 +35,7 @@ public interface SAMLPRequestBuilder {
         String issuerId,
         String assertionConsumerServiceAddress
     ) throws Exception;
-    
+
     /**
      * Create a SAML 2.0 Protocol LogoutRequest
      */

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
index d25ab1d..9f2c038 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java
@@ -49,19 +49,19 @@ import org.slf4j.LoggerFactory;
 
 /**
  * Validate a SAML (1.1 or 2.0) Protocol Response. It validates the Response against the specs,
- * the signature of the Response (if it exists), and any internal Assertion stored in the Response 
+ * the signature of the Response (if it exists), and any internal Assertion stored in the Response
  * - including any signature. It validates the status code of the Response as well.
  */
 public class SAMLProtocolResponseValidator {
-    
-    public static final String SAML2_STATUSCODE_SUCCESS = 
+
+    public static final String SAML2_STATUSCODE_SUCCESS =
         "urn:oasis:names:tc:SAML:2.0:status:Success";
     public static final String SAML1_STATUSCODE_SUCCESS = "Success";
-    
+
     private static final Logger LOG = LoggerFactory.getLogger(SAMLProtocolResponseValidator.class);
-    
+
     // private Validator signatureValidator = new SignatureTrustValidator();
-    
+
     /**
      * Validate a SAML 2 Protocol Response
      * @param samlResponse
@@ -84,10 +84,10 @@ public class SAMLProtocolResponseValidator {
             );
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         validateResponseSignature(samlResponse, config);
     }
-    
+
     /**
      * Validate a SAML 1.1 Protocol Response
      * @param samlResponse
@@ -115,7 +115,7 @@ public class SAMLProtocolResponseValidator {
 
         validateResponseSignature(samlResponse, config);
     }
-    
+
     /**
      * Validate the Response signature (if it exists)
      */
@@ -126,12 +126,12 @@ public class SAMLProtocolResponseValidator {
         if (!samlResponse.isSigned()) {
             return;
         }
-        
+
         validateResponseSignature(
             samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(), config
         );
     }
-    
+
     /**
      * Validate the Response signature (if it exists)
      */
@@ -142,32 +142,32 @@ public class SAMLProtocolResponseValidator {
         if (!samlResponse.isSigned()) {
             return;
         }
-        
+
         validateResponseSignature(
             samlResponse.getSignature(), samlResponse.getDOM().getOwnerDocument(), config
         );
     }
-    
+
     /**
      * Validate the response signature
      */
     private void validateResponseSignature(
-        Signature signature, 
+        Signature signature,
         Document doc,
         FedizContext config
     ) throws WSSecurityException {
         RequestData requestData = new RequestData();
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         requestData.setWssConfig(wssConfig);
-        
+
         SAMLKeyInfo samlKeyInfo = null;
-        
+
         KeyInfo keyInfo = signature.getKeyInfo();
         if (keyInfo != null) {
             try {
-                samlKeyInfo = 
+                samlKeyInfo =
                     SAMLUtil.getCredentialFromKeyInfo(
-                        keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)), 
+                        keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)),
                         requestData.getSigVerCrypto()
                     );
             } catch (WSSecurityException ex) {
@@ -179,7 +179,7 @@ public class SAMLProtocolResponseValidator {
             LOG.debug("No KeyInfo supplied in the SAMLResponse signature");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // Validate Signature against profiles
         validateSignatureAgainstProfiles(signature, samlKeyInfo);
 
@@ -189,9 +189,9 @@ public class SAMLProtocolResponseValidator {
         trustCredential.setCertificates(samlKeyInfo.getCerts());
 
         FedizSignatureTrustValidator trustValidator = new FedizSignatureTrustValidator();
-        
+
         boolean trusted = false;
-        
+
         List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
         for (TrustedIssuer ti : trustedIssuers) {
             Pattern subjectConstraint = ti.getCompiledSubject();
@@ -199,14 +199,14 @@ public class SAMLProtocolResponseValidator {
             if (subjectConstraint != null) {
                 subjectConstraints.add(subjectConstraint);
             }
-            
+
             if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
                 trustValidator.setSubjectConstraints(subjectConstraints);
                 trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
             } else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
                 trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
             } else {
-                throw new IllegalStateException("Unsupported certificate validation method: " 
+                throw new IllegalStateException("Unsupported certificate validation method: "
                                                 + ti.getCertificateValidationMethod());
             }
             try {
@@ -224,24 +224,24 @@ public class SAMLProtocolResponseValidator {
                 if (trusted) {
                     break;
                 }
-                
+
             } catch (Exception ex) {
                 LOG.info("Error in validating signature on SAML Response: " + ex.getMessage(), ex);
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
         }
-        
+
         if (!trusted) {
             LOG.warn("SAML Response is not trusted");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
         }
     }
-    
+
     /**
      * Validate a signature against the profiles
      */
     private void validateSignatureAgainstProfiles(
-        Signature signature, 
+        Signature signature,
         SAMLKeyInfo samlKeyInfo
     ) throws WSSecurityException {
         // Validate Signature against profiles
@@ -269,5 +269,5 @@ public class SAMLProtocolResponseValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
-    
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
index 1365a32..1541b89 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLSSOResponseValidator.java
@@ -37,9 +37,9 @@ import org.slf4j.LoggerFactory;
  * should be validated by the SAMLProtocolResponseValidator first.
  */
 public class SAMLSSOResponseValidator {
-    
+
     private static final Logger LOG = LoggerFactory.getLogger(SAMLSSOResponseValidator.class);
-    
+
     private String issuerIDP;
     private String assertionConsumerURL;
     private String clientAddress;
@@ -49,7 +49,7 @@ public class SAMLSSOResponseValidator {
     private boolean enforceAssertionsSigned = true;
     private boolean enforceKnownIssuer = true;
     private ReplayCache replayCache;
-    
+
     /**
      * Enforce that Assertions contained in the Response must be signed (if the Response itself is not
      * signed). The default is true.
@@ -57,14 +57,14 @@ public class SAMLSSOResponseValidator {
     public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) {
         this.enforceAssertionsSigned = enforceAssertionsSigned;
     }
-    
+
     /**
      * Enforce that the Issuer of the received Response/Assertion is known. The default is true.
      */
     public void setEnforceKnownIssuer(boolean enforceKnownIssuer) {
         this.enforceKnownIssuer = enforceKnownIssuer;
     }
-    
+
     /**
      * Validate a SAML 2 Protocol Response
      * @param samlResponse
@@ -84,7 +84,7 @@ public class SAMLSSOResponseValidator {
             LOG.debug("The Response must contain at least one Assertion");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // The Response must contain a Destination that matches the assertionConsumerURL if it is
         // signed
         String destination = samlResponse.getDestination();
@@ -93,12 +93,12 @@ public class SAMLSSOResponseValidator {
             LOG.debug("The Response must contain a destination that matches the assertion consumer URL");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         if (enforceResponseSigned && !samlResponse.isSigned()) {
             LOG.debug("The Response must be signed!");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // Validate Assertions
         org.opensaml.saml.saml2.core.Assertion validAssertion = null;
         Date sessionNotOnOrAfter = null;
@@ -109,12 +109,12 @@ public class SAMLSSOResponseValidator {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
             validateIssuer(assertion.getIssuer());
-            
+
             if (!samlResponse.isSigned() && enforceAssertionsSigned && assertion.getSignature() == null) {
                 LOG.debug("The enclosed assertions in the SAML Response must be signed");
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
-            
+
             // Check for AuthnStatements and validate the Subject accordingly
             if (assertion.getAuthnStatements() != null
                 && !assertion.getAuthnStatements().isEmpty()) {
@@ -130,27 +130,27 @@ public class SAMLSSOResponseValidator {
                     }
                 }
             }
-            
+
         }
-        
+
         if (validAssertion == null) {
             LOG.debug("The Response did not contain any Authentication Statement that matched "
                      + "the Subject Confirmation criteria");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
         validatorResponse.setResponseId(samlResponse.getID());
         validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
-        
+
         Element assertionElement = validAssertion.getDOM();
         Element clonedAssertionElement = (Element)assertionElement.cloneNode(true);
         validatorResponse.setAssertionElement(clonedAssertionElement);
         validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
-        
+
         return validatorResponse;
     }
-    
+
     /**
      * Validate the Issuer (if it exists)
      */
@@ -158,23 +158,23 @@ public class SAMLSSOResponseValidator {
         if (issuer == null) {
             return;
         }
-        
+
         // Issuer value must match (be contained in) Issuer IDP
         if (enforceKnownIssuer && !issuerIDP.startsWith(issuer.getValue())) {
-            LOG.debug("Issuer value: " + issuer.getValue() + " does not match issuer IDP: " 
+            LOG.debug("Issuer value: " + issuer.getValue() + " does not match issuer IDP: "
                 + issuerIDP);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // Format must be nameid-format-entity
         if (issuer.getFormat() != null
             && !SAML2Constants.NAMEID_FORMAT_ENTITY.equals(issuer.getFormat())) {
-            LOG.debug("Issuer format is not null and does not equal: " 
+            LOG.debug("Issuer format is not null and does not equal: "
                 + SAML2Constants.NAMEID_FORMAT_ENTITY);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
-    
+
     /**
      * Validate the Subject (of an Authentication Statement).
      */
@@ -184,20 +184,20 @@ public class SAMLSSOResponseValidator {
         if (subject.getSubjectConfirmations() == null) {
             return false;
         }
-        
+
         boolean foundBearerSubjectConf = false;
         // We need to find a Bearer Subject Confirmation method
-        for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf 
+        for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf
             : subject.getSubjectConfirmations()) {
             if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
                 foundBearerSubjectConf = true;
                 validateSubjectConfirmation(subjectConf.getSubjectConfirmationData(), id, postBinding);
             }
         }
-        
+
         return foundBearerSubjectConf;
     }
-    
+
     /**
      * Validate a (Bearer) Subject Confirmation
      */
@@ -208,7 +208,7 @@ public class SAMLSSOResponseValidator {
             LOG.debug("Subject Confirmation Data of a Bearer Subject Confirmation is null");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // Recipient must match assertion consumer URL
         String recipient = subjectConfData.getRecipient();
         if (recipient == null || !recipient.equals(assertionConsumerURL)) {
@@ -216,14 +216,14 @@ public class SAMLSSOResponseValidator {
                 + assertionConsumerURL);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // We must have a NotOnOrAfter timestamp
         if (subjectConfData.getNotOnOrAfter() == null
             || subjectConfData.getNotOnOrAfter().isBeforeNow()) {
             LOG.debug("Subject Conf Data does not contain NotOnOrAfter or it has expired");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // Need to keep bearer assertion IDs based on NotOnOrAfter to detect replay attacks
         if (postBinding && replayCache != null) {
             if (replayCache.contains(id)) {
@@ -236,7 +236,7 @@ public class SAMLSSOResponseValidator {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
             }
         }
-        
+
         // Check address
         if (subjectConfData.getAddress() != null
             && !subjectConfData.getAddress().equals(clientAddress)) {
@@ -244,22 +244,22 @@ public class SAMLSSOResponseValidator {
                      + " client address " + clientAddress);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // It must not contain a NotBefore timestamp
         if (subjectConfData.getNotBefore() != null) {
             LOG.debug("The Subject Conf Data must not contain a NotBefore timestamp");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
         // InResponseTo must match the AuthnRequest request Id
         if (requestId != null && !requestId.equals(subjectConfData.getInResponseTo())) {
-            LOG.debug("The InResponseTo String " + subjectConfData.getInResponseTo() 
+            LOG.debug("The InResponseTo String " + subjectConfData.getInResponseTo()
                      + " does match the original request id " + requestId);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        
+
     }
-    
+
     private void validateAudienceRestrictionCondition(
         org.opensaml.saml.saml2.core.Conditions conditions
     ) throws WSSecurityException {
@@ -269,13 +269,13 @@ public class SAMLSSOResponseValidator {
         }
         List<AudienceRestriction> audienceRestrs = conditions.getAudienceRestrictions();
         if (!matchSaml2AudienceRestriction(spIdentifier, audienceRestrs)) {
-            LOG.debug("Assertion does not contain unique subject provider identifier " 
+            LOG.debug("Assertion does not contain unique subject provider identifier "
                      + spIdentifier + " in the audience restriction conditions");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
     }
-    
-    
+
+
     private boolean matchSaml2AudienceRestriction(
         String appliesTo, List<AudienceRestriction> audienceRestrictions
     ) {
@@ -334,11 +334,11 @@ public class SAMLSSOResponseValidator {
     public void setSpIdentifier(String spIdentifier) {
         this.spIdentifier = spIdentifier;
     }
-    
+
     public void setReplayCache(ReplayCache replayCache) {
         this.replayCache = replayCache;
     }
-    
+
     public boolean isEnforceResponseSigned() {
         return enforceResponseSigned;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
index b8b3969..a16be80 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SSOValidatorResponse.java
@@ -38,14 +38,14 @@ public class SSOValidatorResponse {
     public void setAssertion(String assertion) {
         this.assertion = assertion;
     }
-    
+
     public Date getSessionNotOnOrAfter() {
         if (sessionNotOnOrAfter != null) {
             return new Date(sessionNotOnOrAfter.getTime());
         }
         return null;
     }
-    
+
     public void setSessionNotOnOrAfter(Date sessionNotOnOrAfter) {
         if (sessionNotOnOrAfter != null) {
             this.sessionNotOnOrAfter = new Date(sessionNotOnOrAfter.getTime());
@@ -53,15 +53,15 @@ public class SSOValidatorResponse {
             this.sessionNotOnOrAfter = null;
         }
     }
-    
+
     public String getResponseId() {
         return responseId;
     }
-    
+
     public void setResponseId(String responseId) {
         this.responseId = responseId;
     }
-    
+
     public Element getAssertionElement() {
         return assertionElement;
     }


Mime
View raw message