Return-Path: <commits-return-46787-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id EF851200CC2
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  5 Jul 2017 12:31:23 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id EE272162E66; Wed,  5 Jul 2017 10:31:23 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 3E327162E65
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  5 Jul 2017 12:31:23 +0200 (CEST)
Received: (qmail 76548 invoked by uid 500); 5 Jul 2017 10:31:22 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 76539 invoked by uid 99); 5 Jul 2017 10:31:22 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Jul 2017 10:31:22 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 566FCDFC34; Wed,  5 Jul 2017 10:31:22 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <98aff53c31cf4bfe9da76892112787d2@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Instantiate the SAML Response signature validator
 directly
Date: Wed,  5 Jul 2017 10:31:22 +0000 (UTC)
archived-at: Wed, 05 Jul 2017 10:31:24 -0000

Repository: cxf
Updated Branches:
  refs/heads/master 0c307b673 -> 0287f7d3a


Instantiate the SAML Response signature validator directly


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0287f7d3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0287f7d3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0287f7d3

Branch: refs/heads/master
Commit: 0287f7d3a30908cdde0ca30f470f2103dab26a7c
Parents: 0c307b6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jul 5 11:31:07 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jul 5 11:31:07 2017 +0100

----------------------------------------------------------------------
 .../rs/security/saml/sso/SAMLProtocolResponseValidator.java   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0287f7d3/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 49607dc..94d369d 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -65,7 +65,8 @@ import org.opensaml.xmlsec.encryption.EncryptedData;
 import org.opensaml.xmlsec.signature.KeyInfo;
 import org.opensaml.xmlsec.signature.Signature;
 import org.opensaml.xmlsec.signature.support.SignatureException;
-import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.opensaml.xmlsec.signature.support.SignatureValidationProvider;
+import org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl;
 
 /**
  * Validate a SAML (1.1 or 2.0) Protocol Response. It validates the Response against the specs,
@@ -337,7 +338,9 @@ public class SAMLProtocolResponseValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         try {
-            SignatureValidator.validate(signature, credential);
+            SignatureValidationProvider responseSignatureValidator =
+                new ApacheSantuarioSignatureValidationProviderImpl();
+            responseSignatureValidator.validate(signature, credential);
         } catch (SignatureException ex) {
             LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");