You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/04/17 14:43:25 UTC
[cxf] 02/02: Picking up recent changes in Santuario/WSS4J
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 58b659b5f96fa386498834f0529ffa475e250d04
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Apr 17 15:43:00 2018 +0100
Picking up recent changes in Santuario/WSS4J
---
parent/pom.xml | 4 ++--
.../org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java | 5 ++---
.../java/org/apache/cxf/ws/security/kerberos/KerberosClient.java | 4 ++--
.../policy/interceptors/KerberosTokenInterceptorProvider.java | 4 ++--
.../apache/cxf/ws/security/policy/interceptors/STSInvoker.java | 6 +++---
.../policy/interceptors/SecureConversationInInterceptor.java | 4 ++--
.../policy/interceptors/SpnegoContextTokenInInterceptor.java | 6 +++---
.../policy/interceptors/SpnegoContextTokenOutInterceptor.java | 4 ++--
.../java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java | 9 ++++-----
.../org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java | 3 +--
.../apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java | 4 ++--
.../apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java | 6 +++---
.../security/wss4j/policyhandlers/SymmetricBindingHandler.java | 4 ++--
.../wss4j/policyvalidators/KerberosTokenPolicyValidator.java | 4 ++--
14 files changed, 32 insertions(+), 35 deletions(-)
diff --git a/parent/pom.xml b/parent/pom.xml
index fb14bb3..d956a2b 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -166,7 +166,7 @@
<cxf.woodstox.core.version>5.0.3</cxf.woodstox.core.version>
<cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version>
<cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
- <cxf.wss4j.version>2.2.1</cxf.wss4j.version>
+ <cxf.wss4j.version>2.2.2-SNAPSHOT</cxf.wss4j.version>
<cxf.xbean.version>3.5</cxf.xbean.version>
<cxf.xerces.version>2.11.0</cxf.xerces.version>
<cxf.xmlbeans.version>2.6.0</cxf.xmlbeans.version>
@@ -209,7 +209,7 @@
<cxf.saaj-impl.bundle.version>1.3.23_2</cxf.saaj-impl.bundle.version>
<cxf.stax-ex.version>1.7.6</cxf.stax-ex.version>
<cxf.wsdl4j.bundle.version>1.6.3_1</cxf.wsdl4j.bundle.version>
- <cxf.xmlsec.bundle.version>2.1.1</cxf.xmlsec.bundle.version>
+ <cxf.xmlsec.bundle.version>2.1.2-SNAPSHOT</cxf.xmlsec.bundle.version>
<cxf.rhino.bundle.version>1.7R2_3</cxf.rhino.bundle.version>
<cxf.xmlresolver.bundle.version>1.2_5</cxf.xmlresolver.bundle.version>
<cxf.xerces.bundle.version>2.11.0_1</cxf.xerces.bundle.version>
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
index 59b9536..c14a5b5 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
@@ -20,7 +20,6 @@ package org.apache.cxf.rs.security.xml;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import java.util.Base64;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
@@ -223,7 +222,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
Document doc = encryptedDataElement.getOwnerDocument();
- String encodedKey = Base64.getMimeEncoder().encodeToString(encryptedKey);
+ String encodedKey = org.apache.xml.security.utils.XMLUtils.encodeToString(encryptedKey);
Element encryptedKeyElement = createEncryptedKeyElement(doc, keyEncAlgo, digestAlgo);
String encKeyId = IDGenerator.generateID("EK-");
encryptedKeyElement.setAttributeNS(null, "Id", encKeyId);
@@ -275,7 +274,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError"
);
}
- Text text = encryptedDataDoc.createTextNode(Base64.getMimeEncoder().encodeToString(data));
+ Text text = encryptedDataDoc.createTextNode(org.apache.xml.security.utils.XMLUtils.encodeToString(data));
Element cert = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Certificate");
cert.appendChild(text);
Element x509Data = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Data");
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
index 1361f7f..aa35a0b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
@@ -19,7 +19,6 @@
package org.apache.cxf.ws.security.kerberos;
-import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -37,6 +36,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
+import org.apache.xml.security.utils.XMLUtils;
import org.ietf.jgss.GSSCredential;
/**
@@ -163,7 +163,7 @@ public class KerberosClient implements Configurable {
token.setKey(secretKey);
token.setSecret(secretKey.getEncoded());
}
- String sha1 = Base64.getMimeEncoder().encodeToString(KeyUtils.generateDigest(bst.getToken()));
+ String sha1 = XMLUtils.encodeToString(KeyUtils.generateDigest(bst.getToken()));
token.setSHA1(sha1);
token.setTokenType(bst.getValueType());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 0492f88..27037da 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.policy.interceptors;
import java.security.Key;
import java.util.Arrays;
-import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Map;
@@ -67,6 +66,7 @@ import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.securityToken.KerberosServiceSecurityToken;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.apache.xml.security.utils.XMLUtils;
/**
*
@@ -268,7 +268,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
byte[] ticket = kerberosToken.getBinaryContent();
try {
- token.setSHA1(Base64.getMimeEncoder().encodeToString(KeyUtils.generateDigest(ticket)));
+ token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(ticket)));
} catch (WSSecurityException e) {
// Just consume this for now as it isn't critical...
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index 874eb4a..ccc7c17 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -22,7 +22,6 @@ package org.apache.cxf.ws.security.policy.interceptors;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.time.ZoneOffset;
-import java.util.Base64;
import java.util.logging.Logger;
import javax.xml.stream.XMLStreamException;
@@ -56,6 +55,7 @@ import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.xml.security.utils.XMLUtils;
/**
* An abstract Invoker used by the Spnego and SecureConversationInInterceptors.
@@ -211,7 +211,7 @@ abstract class STSInvoker implements Invoker {
writer.writeStartElement(prefix, "BinarySecret", namespace);
writer.writeAttribute("Type", namespace + "/Nonce");
- writer.writeCharacters(Base64.getMimeEncoder().encodeToString(secret));
+ writer.writeCharacters(XMLUtils.encodeToString(secret));
writer.writeEndElement();
} else {
byte entropy[] = WSSecurityUtil.generateNonce(keySize / 8);
@@ -226,7 +226,7 @@ abstract class STSInvoker implements Invoker {
writer.writeStartElement(prefix, "Entropy", namespace);
writer.writeStartElement(prefix, "BinarySecret", namespace);
writer.writeAttribute("Type", namespace + "/Nonce");
- writer.writeCharacters(Base64.getMimeEncoder().encodeToString(entropy));
+ writer.writeCharacters(XMLUtils.encodeToString(entropy));
writer.writeEndElement();
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index 79a1a21..3e3ba5c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.policy.interceptors;
import java.time.Instant;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
@@ -78,6 +77,7 @@ import org.apache.wss4j.policy.model.SignedParts;
import org.apache.wss4j.policy.model.Trust10;
import org.apache.wss4j.policy.model.Trust13;
import org.apache.xml.security.stax.impl.util.IDGenerator;
+import org.apache.xml.security.utils.XMLUtils;
class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
@@ -341,7 +341,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
if ("Entropy".equals(localName)) {
Element bs = DOMUtils.getFirstElement(el);
if (bs != null) {
- clientEntropy = Base64.getMimeDecoder().decode(bs.getTextContent());
+ clientEntropy = XMLUtils.decode(bs.getTextContent());
}
} else if ("KeySize".equals(localName)) {
keySize = Integer.parseInt(el.getTextContent());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
index e2d527a..199221e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
@@ -20,7 +20,6 @@
package org.apache.cxf.ws.security.policy.interceptors;
import java.time.Instant;
-import java.util.Base64;
import java.util.Collection;
import javax.security.auth.callback.CallbackHandler;
@@ -62,6 +61,7 @@ import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.policy.SPConstants;
+import org.apache.xml.security.utils.XMLUtils;
class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
@@ -288,7 +288,7 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa
}
String content = DOMUtils.getContent(binaryExchange);
- byte[] decodedContent = Base64.getMimeDecoder().decode(content);
+ byte[] decodedContent = XMLUtils.decode(content);
String jaasContext =
(String)message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
@@ -323,7 +323,7 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa
writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherData", WSS4JConstants.ENC_NS);
writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherValue", WSS4JConstants.ENC_NS);
- writer.writeCharacters(Base64.getMimeEncoder().encodeToString(key));
+ writer.writeCharacters(XMLUtils.encodeToString(key));
writer.writeEndElement();
writer.writeEndElement();
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
index 7d1ff38..f302bfd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
@@ -19,7 +19,6 @@
package org.apache.cxf.ws.security.policy.interceptors;
-import java.util.Base64;
import java.util.Collection;
import javax.security.auth.callback.CallbackHandler;
@@ -43,6 +42,7 @@ import org.apache.wss4j.common.spnego.SpnegoTokenContext;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.Trust10;
import org.apache.wss4j.policy.model.Trust13;
+import org.apache.xml.security.utils.XMLUtils;
class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
SpnegoContextTokenOutInterceptor() {
@@ -135,7 +135,7 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
client.setAddressingNamespace(maps.getNamespaceURI());
}
SecurityToken tok =
- client.requestSecurityToken(s, Base64.getMimeEncoder().encodeToString(spnegoToken.getToken()));
+ client.requestSecurityToken(s, XMLUtils.encodeToString(spnegoToken.getToken()));
byte[] wrappedTok = spnegoToken.unwrapKey(tok.getSecret());
tok.setSecret(wrappedTok);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 259cfc6..6a61736 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -27,7 +27,6 @@ import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZoneOffset;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@@ -949,7 +948,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
requestorEntropy = WSSecurityUtil
.generateNonce(algType.getMaximumSymmetricKeyLength() / 8);
}
- writer.writeCharacters(Base64.getMimeEncoder().encodeToString(requestorEntropy));
+ writer.writeCharacters(org.apache.xml.security.utils.XMLUtils.encodeToString(requestorEntropy));
writer.writeEndElement();
writer.writeEndElement();
@@ -1514,7 +1513,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
if (childQname.equals(new QName(namespace, "BinarySecret"))) {
// First check for the binary secret
String b64Secret = DOMUtils.getContent(child);
- secret = Base64.getMimeDecoder().decode(b64Secret);
+ secret = org.apache.xml.security.utils.XMLUtils.decode(b64Secret);
} else if (childQname.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) {
secret = decryptKey(child);
} else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
@@ -1528,7 +1527,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
serviceEntr = decryptKey(computedKeyChild);
} else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret"))) {
String content = DOMUtils.getContent(computedKeyChild);
- serviceEntr = Base64.getMimeDecoder().decode(content);
+ serviceEntr = org.apache.xml.security.utils.XMLUtils.decode(content);
}
}
@@ -1581,7 +1580,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSS4JConstants.ENC_NS);
if (tmpE != null) {
String content = DOMUtils.getContent(tmpE);
- cipherValue = Base64.getMimeDecoder().decode(content);
+ cipherValue = org.apache.xml.security.utils.XMLUtils.decode(content);
}
}
if (cipherValue == null) {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
index 37d74cb..cd8191f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.trust;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
@@ -186,7 +185,7 @@ public class DefaultSTSTokenCacher implements STSTokenCacher {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] bytes = digest.digest(text.getBytes());
- return Base64.getMimeEncoder().encodeToString(bytes);
+ return org.apache.xml.security.utils.XMLUtils.encodeToString(bytes);
} catch (NoSuchAlgorithmException e) {
// SHA-256 must be supported so not going to happen...
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
index 9c81b53..1516761 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
@@ -20,7 +20,6 @@
package org.apache.cxf.ws.security.wss4j;
import java.io.IOException;
-import java.util.Base64;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -31,6 +30,7 @@ import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.xml.security.utils.XMLUtils;
public class TokenStoreCallbackHandler implements CallbackHandler {
private CallbackHandler internal;
@@ -68,7 +68,7 @@ public class TokenStoreCallbackHandler implements CallbackHandler {
private static String getSHA1(byte[] input) {
try {
byte[] digestBytes = KeyUtils.generateDigest(input);
- return Base64.getMimeEncoder().encodeToString(digestBytes);
+ return XMLUtils.encodeToString(digestBytes);
} catch (WSSecurityException e) {
//REVISIT
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 64fd8b8..dfb1108 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.wss4j;
import java.security.Principal;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
@@ -74,6 +73,7 @@ import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.SupportingTokens;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.XMLUtils;
/**
*
@@ -129,7 +129,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal)principal;
String nonce = null;
if (utPrincipal.getNonce() != null) {
- nonce = Base64.getMimeEncoder().encodeToString(utPrincipal.getNonce());
+ nonce = XMLUtils.encodeToString(utPrincipal.getNonce());
}
subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(),
utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
@@ -245,7 +245,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor {
WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed());
if (ut.getNonce() != null) {
- principal.setNonce(Base64.getMimeDecoder().decode(ut.getNonce()));
+ principal.setNonce(XMLUtils.decode(ut.getNonce()));
}
principal.setPassword(ut.getPassword());
principal.setCreatedTime(ut.getCreated());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index c4a6047..87a6a30 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.time.Instant;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.List;
import java.util.logging.Level;
@@ -83,6 +82,7 @@ import org.apache.wss4j.policy.model.SpnegoContextToken;
import org.apache.wss4j.policy.model.SymmetricBinding;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.X509Token;
+import org.apache.xml.security.utils.XMLUtils;
/**
*
@@ -950,7 +950,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
private static String getSHA1(byte[] input) {
try {
byte[] digestBytes = KeyUtils.generateDigest(input);
- return Base64.getMimeEncoder().encodeToString(digestBytes);
+ return XMLUtils.encodeToString(digestBytes);
} catch (WSSecurityException e) {
//REVISIT
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
index 2013cad..386bdb3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
@@ -20,7 +20,6 @@
package org.apache.cxf.ws.security.wss4j.policyvalidators;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.Collection;
import java.util.List;
@@ -43,6 +42,7 @@ import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.KerberosToken.ApReqTokenType;
+import org.apache.xml.security.utils.XMLUtils;
/**
* Validate a WSSecurityEngineResult corresponding to the processing of a Kerberos Token
@@ -162,7 +162,7 @@ public class KerberosTokenPolicyValidator extends AbstractSecurityPolicyValidato
token.setTokenType(binarySecurityToken.getValueType());
byte[] tokenBytes = binarySecurityToken.getToken();
try {
- token.setSHA1(Base64.getMimeEncoder().encodeToString(KeyUtils.generateDigest(tokenBytes)));
+ token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(tokenBytes)));
} catch (WSSecurityException e) {
// Just consume this for now as it isn't critical...
}
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.