You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/05/23 10:21:35 UTC
[cxf] branch wss4j_2.3.0 updated (c58d059 -> 44e1469)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git.
discard c58d059 Set the SOAP namespace on the streaming policy validation code
discard 6ed1d3a Picking up more derived key changes in WSS4J
discard 4689a11 Picking up derived key changes from WSS4J
discard 18116dc Create salt instead of getting it from WSS4J
discard ac7d439 Picking up changes to symmetricKey in WSSEcEncryptedKey
discard b4b0e47 WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
discard 4420037 Get the encrypted key SHA value directly from WSS4J
add 83ce965 Updating READMEs re. the JCE policy files
add 63a24cc update httpcomponents core and client
add 687dd36 [CXF-7955] Revert "update httpcomponents core and client"
add 6e70d53 [CXF-7956]add NPE guard for jetty and undertow threads configuration in blueprint
add dd49d1c Updating some sample READMEs
add d1470dd CXF-7957: Swagger2Feature Doesn't Work With Swagger Versions Above 1.… (#507)
add 74e7684 Followup on CXF-7957, adding the comment to clarify the changes in Swagger
add ab2013c More details when woodstox is not present and a XMLInputFactory can't be created
add bbb2f6a Merge pull request #508 from rmannibucau/patch-1
add 2424d91 Fix Java 2 security issues
add d70589e Remove unnecessary warning when no provider is specified
add 1487b57 Adding a kerberos + keytab test
add 49f857c Minor changes to last commit
add a5e98a2 Updating the XACML documentation
add 28dfeaa [cxf-core] back PackageUtils.getPackageNameByNameSpaceURI logic from URIParserUtil
add 8edf8f6 [CXF-7967] Ability to skip the garbage collection in wsdl2java
add 6307f63 [CXF-7968] Handle javadoc's operation link for JDK > 1.8
add db7ce85 Some junit assertion optimisations
add 26630e5 Update Fastinfoset version to 1.2.16
add 826c5e3 [CXF-7967] Ability to skip the garbage collection in maven plugins
add 4955ca6 Using assertEquals instead of assertTrue in some of the tests
add f00c45d Cache the class objects for the dynamically loaded providers to avoid repeated (and expensive) class.forName calls
add eb64a65 More PMD work
add 7e11da7 More test assertion cleanup
add 1f973f3 Update Jetty version
add d3b60a4 Finished PMD junit work
add cf3ac55 Append a single char instead of a String
add 3d2185b [CXF-7970]Fix Undertow import range
add 7ce7ab3 Using indexOf with a character when appropriate
add ecb15d9 Updating Spring + Spring security
add 0a51e42 CXF-7969 - NullPointerException in CXF JavaToWS
add 13e1dae Using isEmpty instead of size() == 0 etc.
add c679096 CXF-7973 Add NPE guard for jetty and undertow threads configuration in blueprint (to prevent NPE during karaf-quickstart/../Keycloak-cxf quickstarts)
add b63a8fd Merge pull request #511 from JiriOndrusek/CXF-7973_NPE-guard
add 7a33bd9 Simplifying some boolean expressions
add 91260c6 Updating Commons Codec
add 80e9dfb CXF-7974 Definition of <library ..jaxws-api..> defined in cxf-jaxws causes trouble in jdk11
add cd3741f Merge pull request #512 from JiriOndrusek/CXF-7974_export-in-library
add ef0e6d3 Removing one test and fixing another to work with a HTTPClient upgrade
add 6ae17b0 More PMD character work
add ca8ce28 Invoke default intf methods on client proxy instances - IBM JDK
add 45c2250 Removing highcharts.js and jquery-1.9.0.min.js from the SSE samples, replacing with Charts.js
add a3ef872 Update to Spring Boot 2.1.3.RELEASE
add 82b163f Some PMD changes around operator negation
add f07cdf2 Update to Spring Boot 2.1.3.RELEASE for samples
add bc7d9c0 Configuring the issuer for an OAuth JWT test
add 0385528 Using consistent version of javax.annotation API
add 39af827 Updating Karaf
add b13fdf6 CXF-7976 - Add a setIssuer method
add c7da5a4 xSome PMD work on the systests
add 1f04683 SLF4J update
add 1469574 Downgrading XJC Utils SNAPSHOT
add 37d38c8 Fixing scripts to remove unexpected operator errors
add 6e65688 Fixing the intial errors with the scripts with Java 11. We still need to add the additional jars to the classpath
add 6036059 [CXF-7981]mutual SSL configuration for http-undertow transport not handle want and required for clientAuthentication correctly
add 85e2ffd CXF-7982: Extract common OpenAPI / Swagger scaffolding into dedicated module (to prevent/eliminate duplication)
add 3354fb2 update Swagger-UI version
add c69a0c1 Configure media types in bean for logging intercepters
add 81ca8ae Configure media types in bean for logging intercepters
add e6b7675 Configure media types in bean for logging intercepters
add e380008 Configure media types in bean for logging intercepters
add 1b38b8a Merge pull request #514 from shadrin-nv/master
add dd0b103 Tidying up the previous merge
add b92cca2 Revert "Fixing the intial errors with the scripts with Java 11. We still need to add the additional jars to the classpath"
add f95b4fe [CXF-7984]:UsernameTokenInterceptor doesn't respect contextual property 'allowNamespaceQualifiedPasswordTypes'
add 3edd5a9 Merge branch 'master' of github.com:apache/cxf
add a5c1b13 CXF-7984 - Disallow this by default
add 4324a1f Update release notes for 3.3.1
add 7458fae [maven-release-plugin] prepare release cxf-3.3.1
add af5748a [maven-release-plugin] prepare for next development iteration
add 24e55d3 [CXF-7977]Port XXXX is configured with wrong protocol "https"
add c717e6c upgrade to undertow 2.0.18
add 5707393 add cxf-rt-rs-security-http-signature to parent
add 571be4d Merge pull request #517 from davidkarlsen/fixParent
add ba95fa0 upgrade to undertow 2.0.19
add afc3e52 CXF-7953 re-enable the corba binding and make sure it works with the JDK 11
add 0387d3b [CXF-7953]disable CORBADocLitClientTypeTest under JDK11 for now
add cc512ac [CXF-7971]bin/scripts does't work on Java 11
add b9f1e0f [CXF-7971]follow up polish
add 9bf7601 [CXF-7971]update windows scripts
add f2ff0f6 [CXF-7991] Google+ API is deprecated
add eccb71e [CXF-7992] Use only one instance of each async interceptor per request
add 92a9a03 CXF-7987: SSE buffer size should be configurable
add 65297e7 Catching some exceptions instead of doing instanceof checks
add 9752e78 Removing exclusion that is fixed
add 56f74c1 [cxf-testutils] ServerLauncher: expose only running server ports
add 96297fb [CXF-7971]remove bash specific feature
add df43be5 [CXF-7971]also need to revise wadl2java
add d40d3c7 [CXF-7960]Exception when SOAP service URI contains whitespace
add 498129c Using append instead of string concatentation
add 8185591 [cxf-systests-jaxrs] run test without internet connection
add aff0fe5 CXF-7983: fixed JOSE ClientResponseFilter for No Content response
add 93db1cf [systests] use org.apache.cxf.ext.logging.LoggingFeature
add 35109bd [cxf-systests-jaxrs] use BlockingQueue instead of Thread.sleep
add 38582fb Fixing a few issues with unused ctr parameters
add de3d4bf [cxf-rt-ws-rm] improve test stability
add 40ec1e6 Adding some tests for Jose encrypt before signing
add c6ec2a2 fixing CXF-7980 (#523)
add b86a13a [cxf-systests-jaxrs] reuse AbstractSpringServer
add 21138b4 [cxf-systests-ws-specs] put cxf-rt-ws-policy before wss4j-ws-security-stax to have expected schemas on classpath
add 64f2803 Handle UndeclaredThrowableException/NoSuchFieldException in JDK 12+
add 61982bf [CXF-7953]add those tests can't pass with jacorb in notWorkingJDK11 list
add b381188 Add a test for XmlJavaTypeAdapter that converts to a string
add 34b75cd Adding more HTTP Signature tests and fixing a few minor issues
add 187e7cb Fixing test to make it run offline
add f627e44 Updating Mina
add a5af3ba Removing Vector in a few places
add 4233842 Updating Karaf
add cbe9b58 [cxf-tools-validator] use String.join
add 3190935 Add filters for http signature response
add 5b11f39 HTTP Signature filter cleanup
add 5601ae0 Add the ability to pick specific headers to sign for HTTP Signature
add 99491e0 cxf-core: use String.join
add bb90c27 More PMD work to use single quotes in append
add 1031e06 Updating Tomcat
add 1a1f76c Removing accidentally committed code
add 0ef506e CXF-7989: org.apache.cxf.jaxrs.JAXRSInvoker should handle CompletionException (#526)
add 7a22a84 ManagedComponent: preemptive objectName calculation
add 356e467 Using constants instead of hard-coded value
add 43ba219 Added signature properties for HTTP Signature. Consolidated code between the in / out filters
add d43e6ca Minor reshuffle
add fe211b3 More PMD work
add beba07f Try setting *.data files to binary to see if that will allow some of the test files to not have cr/lf mangling issues
add 9c5e79b Added support for PrivateKeyPasswordProvider for HTTP Signature
add 4790203 Added support for specifying the HTTP Sig signing algorithm via a property.
add f518006 Adding outbound signature properties test
add b6bc48c Make it possible to specify the HTTP Signature key id via a property
add 98eeb6b More PMD work
add 6bf89e9 CXF-7979 - Adding a test-case
add 52f2cc1 CXF-7982: Extract common OpenAPI / Swagger scaffolding into dedicated module (to prevent/eliminate duplication)
add 52856a8 cxf-systests-ws-rm: put cxf-rt-ws-policy before wss4j-ws-security-stax to have expected schemas on classpath
add 02662d7 CXF-8004 - Share security configuration tags between Jose + HTTP Signature
add 2db1206 More PMD work
add ca3f8a5 CXF-8004 - Renaming a HTTP Signature specific configuration tag
add c2d9000 try to skip jaxb when not available in jaxrs
add 6e8816f using ClassLoaderUtils.loadClass to correctly rely on the security manager
add d00ec74 Merge pull request #525 from rmannibucau/ensure-jaxb-is-optional-for-param-handling
add d2f8885 [CXF-7979] Add another test case, document the 3 options to get it to work @ignore it for now as streaming isn't working. :(
add 7a4c717 Skip document event for the streaming security case + re-enable the test in systests/ws-security
add 0ec4c5a Added support for HTTP Signature to specify outbound signature headers via properties.
add 6a4b377 More PMD work
add d34f0fa cxf-testutils: MessageRecorder sync on In/OutMessageRecorder instances
add b51a5c1 cxf-systests-ws-specs: Deque in MAPVerifier
add 3687dd4 Add support for configuring the HTTP Signature in filter via properties
add 0af01b0 More PMD work
add bd528bf [cxf-systests-ws-rm] MessageCallbackOnewayTest: use BlockingQueue
add f702cfb [CXF-8006]X509TokenTest.testAsymmetricIssuerSerialDispatchMessage failed on JDK11&12
add bfdf209 Adding properties test for HTTP Signature
add 007342e Adding conformance tests from the spec
add 91244e8 CXF-8007 - HTTP Signature adds an extra "Signature" component to the Signature header
add 393bd8f More PMD changes
add 032c81e Size some StringBuffers larger when we know they will be more than the default of 16
add ed1c1b1 More PMD work
add 8944815 Make the HTTP Signature filters / interceptors non-final
add 4d01d4a cxf-rt-ws-security: fix PVS-Studio errors/warnings
add 47b9192 cxf-core: fix PVS-Studio errors/warnings
add 558d3a1 Updating HTTP Signature
add 2f193c4 Finished PMD work
add f01c2b2 CXF-7955 - Update HttpComponents client to 4.5.8 and core 4.4.11
add 9d54d3d Fixing test with latest httpsig library
add 960fc61 Putting an underscore before the Signature ID to make it schema compliant
add fd6478b Updating comment
add 1391543 Adding a few more HTTP Sig tests
add 776ffeb add a PrivateKeyProvider
add 5480eb2 fix tests
add 4b4723e cosmetics and fix signature
add 260cfe3 this can be final
add 2157f30 fix test
add cdb1895 Merge pull request #530 from davidkarlsen/feature/privateKeyProvider
add 1159eff cxf-rt-frontend-jaxrs: fix PVS-Studio errors/warnings
add 87d6a27 Removing some unused parameters
add b3a73b3 Adding a policy operation test for WS-Security
add 5578e0b Adding a few more test assertions
add add43c5 Removing unused helper method that doesn't use StaxUtils to parse the wsdl
add 82fafed CXF-7983 - Support 204 for the other client response filters
add 9005703 Adding an (empty) HTTP Digest test
add 0b808a6 Fixing test
add 9d363d1 cxf-rt-rs-security-oauth2: fix 'Potential null dereference' (#534)
add ae7c3dc CXF-8010 - Avoid applying the SAAJInInterceptor to unsecured messages when using WS-SecurityPolicy
add f033e22 cxf-rt-rs-security-jose: fix PVS-Studio errors/warnings
add 9991fa7 Updating Spring Security
add 3c5de45 WSS4J upgrade
add 15982b9 CXF-8009: CXF should not rely on ClassUtils for CGLIB proxy checks (#529)
add a6e9544 add client digest interceptor
add 61605d1 have a default constructor and algo
add 47ee9bd consistent classnaming, use request charset if specified
add 80c949f fix bug in filter, activate filter in test
add 92c5a87 alternative implementation
add 40b9814 Merge pull request #531 from davidkarlsen/feature/digestInterceptor
add 77af6d4 Updating Spring + Spring Boot
add 2344860 Adding HTTP Digest systests
add 3f14492 Added SignatureHeaderUtils tests plus a few updates to the code
add 60b0165 Adding an initial signature + digest test
add 8366b72 Fixing failing test with JDK11
add 7d62e7f Add -npa to code generation to avoid the package-info.java file
add 89b734f add more generic interface which allows to use a sharedKey/Key
add 9bcd7c2 Merge pull request #536 from davidkarlsen/feature/supportSharedKeys
add e69c211 Added tests for SecurityConstants.PASSWORD + fixed a StAX bug
add 4b8cbbe Removing PrivateKeyProvider
add 015456f Deprecate PublicKeyProvider
add 86552aa Making default security provider null
add 2484a8d Adding symmetric signature test
add a64cd05 CXF-8015 - Support "security.signature.password" property to configure a signature password for WS-Security/RS-Security
add 8ad341b Drop @PreMatching - no need for it
add 7ca96dc get rid of pre-matching here too
add 1f3d822 Merge pull request #533 from davidkarlsen/fixValidationPhase
add 1f8fec3 test: "hibernate.hbm2ddl.auto" set to "update" for mem db; unique persistence name
add e3aee23 Updating HTTP Signature test to check for a signed digest properly
add aca3a18 cxf-rt-rs-security-oauth2: check response mediatype (#539)
add 6164978 cxf-systests-ws-rm: tune testOnewayAnonymousAcksSuppressedAsyncExecutor
add c13381d Added Brave tracing test cases for Microprofile Rest client
add 7587c39 [CXF-8011]:Remove commons-lang3 dependency from tools (#537)
add 53fd401 use StandardCharsets.UTF_8
add 4233f91 [CXF-7990]:Fix Infinite loop when service endpoint throws SOAPFaultException (#538)
add 0a0fea0 cxf-rt-transports-jms: stable MessageListenerTest
add 828911c Updating Tomcat
add 7ddc3cc update hibernate.em to 5.4.2.Final
add 83e40c9 cxf-rt-rs-security-oauth2: minor improvements
add 1188522 Updating mina
add f86b91d Commons Lang3 upgrade
add 0936250 Switch to using StringBuilder
add f22b2c4 Added a GET test for HTTP Signature
add f005e86 Some trivial chunking cleanups
add f0b60da CXF-8013 - Adding a test-case
add 67f5bef Prevent NPE when outMessage is null
add b4dfabf CXF-8027 - illegal reflective access operation in EndpointReferenceUtils
add c8d0fb7 Typo
add 886baa3 replace Stack with Deque
add 57f8c55 CXF-8022: Thread hangs using Reactor Flux when Exception is Thrown (#542)
add 427c7d4 CXF-8023: Refactor systest/jaxrs/reactor/* test cases to use StepVerifier
add 9ad086a Update WS-Addressing schema inclusion
add ee0b088 cxf-tools-wadlto-jaxrs: load all schemas for validation (#546)
add ee1491c cxf-systests-tracing: stabilize OpenTracingTracingTest
add 277cb81 handle signing and digest together
add 79506ee fix review comment
add 4622bde fix review comment
add 375e5e1 fix checkstyle
add bb6cb39 fix order of expected vs actual
add 18c663e Merge pull request #540 from davidkarlsen/feature/signingAndDigest
add e6ee675 Fixing HTTP Sig tests
add df89b6d More work on HTTP Signature
add 3d34da3 Updating Karaf
add 265cd8b cxf-rt-rs-security-oauth2L remove unused throws declarations
add 54d812a DoPriv around JAXBContext.newInstance where classloader is not specified
add 47852c8 Remove VerifyDigestInterceptor, and fold the functionality into the signature verification filters
add 67491a0 Change to have a single interceptor for outbound HTTP Signature
add bff521f Making HTTP Sig test less likely to fail
add 4206b97 Fixing signing an empty response for HTTP Signature
add c5f38af Adding another HTTP Signature test
add 098baf4 Fixing some edge-cases for a http signature test
add 873f7aa [CXF-8030] Done some refactoring
add 0ac9c14 Merge pull request #549 from ivy-arus/CXF-8030
add 3905044 Addig a few more unit tests to MessageVerifier
add 5f10291 Removing some duplicate semicolons
add a2c3ac7 [CXF-8029] Add redirect support to URIResolver - Added system property http.autoredirect, defaults to false
add 40edddd Update URIResolver.java
add 0ac8f73 Merge pull request #548 from ivy-arus/CXF-8029
add f89a26c Fixing how requiring default headers works for HTTP Signature
add 3671c30 CXF-7950: Upgrading Apache Johnzon to 1.1.11
add cc0f125 Minor change to make it easier to subclass Endpoint creation
add 3ea48e6 Updating some dependencies
add 70ccfac Fixing build for JDK11
add 7a4335c Making an STS unit test less likely to fail
add af6a95f Upgrading Jetty to latest release
add 0bd8eae If there is no inMessage use the inFaultMessage. Patch applied thanks to Hugo Trippaers
add 083c6fa CXF-7885 - SOAP Action ignored by CXF JMS webservice method invoker
add 2e44ce1 Need to exclude the old version of stax-api that SAAJ impl pulls in on Java11
add 1cc03b9 [CXF-8028] Use ClassValue to cache/record the method/field needed for the SAAJ workarounds to avoid expensive reflection on every element.
add 0650160 CXF-7983: added check for existing, but empty input stream
add c79d8ac CXF-8035 - Checking on null values in HTTP Header for protected JWS header
add d721865 Removing surefire version
add 4fea734 Adding Client Cache tests for JAX-RS
add 7808ae4 CXF-8037 - Apache CXF (AsyncHTTPConduit) ignores system keyStore property
add a5eb0da Update JwtAccessTokenValidator.java
add e2eb6a7 Removed unused import
add 145b7ec Merge pull request #552 from onlinenguyen/patch-1
add 154a72b Fixing issued at time
add ba88087 Update release notes for 3.3.2
add 3c82c9d [maven-release-plugin] prepare release cxf-3.3.2
add 5cf3301 [maven-release-plugin] prepare for next development iteration
add e5ebac1 Back to snapshot for now
add 2be435c Some minor code consolidation
add 08f7177 cxf-rt-rs-security-oauth2: remove unused throws declarations #2
add 23bd1b8 Adding support to configure the cert constaints separator.
add b587b41 Merge pull request #503 from apache/wss-641
add 46b9565 Fix "Apache License, Version 2.0" spelling
add b688cf62 Merge pull request #553 from don-vip/patch-1
add e56a414 Another license switch
add 6d467ad replace Collection::addAll(Arrays.asList(...)) with Collections::addAll
add 208b581 cxf-systests-jaxws: update OASISCatalogTest.readUrl
add f09ae1e Adding an XKMS Register system test
add 5ce20d7 Removed some unused code from XKMS + added some tests
add d1769b7 Removed useless path validation
add bca53bf Removed unused import
add 78fed1f Updating Tomcat
add 12f6355 CXF-8043 - XKMS LdapCertificateRepo searching using DN doesn't work
add 25e5da1 Updating Spring
add 5464908 [CXF-8042]:doPrivileged block doesn't totally work in ProxyClassLoaderCache (#554)
add 7d70dd6 cxf-systests-uncategorized: update wsdl location
add 8c9895c CXF-7953: apply workaround for JDK 9 & 10
add e23579d ProxyClassLoaderCache: add isLoggable check
add 5c4d446 [CXF-8044] Don't set the Compiler-fork setting. It shouldn't be needed and interferes with folks that have it explicitely set to false.
add 6a5ecb6 itests: reuse Karaf version
add 814213d Update maven-compiler-plugin
add 606fc57 Update maven-bundle-plugin
add 2d0c463 examples: update maven plugins; fix ruby sample
add a8a56cb cxf-core: fix Sonar warnings
add ff9031f Updating Spring Reactor version
add 9a2f121 CXF-8021: Upgrade to OpenTracing 0.33
add a4f7ddc [CXF-8045]Disable HTTP TRACE method on CXF http-undertow transport
add d131573 [CXF-8041]Error resolving relative XSD Schema on Tomcat
add b930094 Updating Tika
add 48c48f1 Switch to using https everywhere
add 08a0549 Updating JAckson
add bc1a8f5 MP Rest Client 1.3 Implementation
add 770edd8 Code review comments
add 1d1694a Remove JSONB Provider
add 5cae972 Merge pull request #551 from andymc12/mpRestClient-1.3
add 2e3a749 Merge branch 'master' of github.com:apache/cxf
add f8791ca cxf-rt-rs-client: override WebClient#authorization
add 85b7563 CXF-8046: Resource Listing in CXF 3.3.x does not recognize OpenAPI endpoints
add 5827b0b Fixing the parent POM version (should be 3.3.3-SNAPSHOT)
add 9d0ca57 Updating Swagger2
new ec2a1a5 Get the encrypted key SHA value directly from WSS4J
new 2e0b68e WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
new c0993a7 Picking up changes to symmetricKey in WSSEcEncryptedKey
new 98bd93d Create salt instead of getting it from WSS4J
new b10c87f Picking up derived key changes from WSS4J
new 6179672 Picking up more derived key changes in WSS4J
new 44e1469 Set the SOAP namespace on the streaming policy validation code
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (c58d059)
\
N -- N -- N refs/heads/wss4j_2.3.0 (44e1469)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitattributes | 1 +
benchmark/performance/base/pom.xml | 2 +-
benchmark/performance/soap_http_doc_lit/pom.xml | 2 +-
.../performance/complex_type/client/Client.java | 6 +-
bin/DoMerges.java | 4 +-
core/pom.xml | 9 +-
core/src/main/java/org/apache/cxf/BusFactory.java | 19 +-
.../cxf/attachment/AttachmentDeserializer.java | 2 +-
.../cxf/attachment/AttachmentSerializer.java | 16 +-
.../org/apache/cxf/attachment/AttachmentUtil.java | 10 +-
.../apache/cxf/attachment/ContentDisposition.java | 2 +-
.../cxf/attachment/ImageDataContentHandler.java | 4 +-
.../org/apache/cxf/attachment/LazyDataSource.java | 26 +-
.../cxf/attachment/MimeBodyPartInputStream.java | 4 +-
.../apache/cxf/bus/blueprint/ConfigurerImpl.java | 5 +-
.../bus/blueprint/NamespaceHandlerRegisterer.java | 8 +-
.../org/apache/cxf/bus/extension/Extension.java | 18 +-
.../cxf/bus/extension/ExtensionManagerBus.java | 32 +-
.../apache/cxf/bus/managers/HeaderManagerImpl.java | 5 +-
.../bus/managers/WorkQueueImplMBeanWrapper.java | 46 +-
.../cxf/bus/managers/WorkQueueManagerImpl.java | 2 +-
.../managers/WorkQueueManagerImplMBeanWrapper.java | 25 +-
.../cxf/bus/spring/BusApplicationContext.java | 2 +-
...ontrolledValidationXmlBeanDefinitionReader.java | 6 +-
.../apache/cxf/bus/spring/NamespaceHandler.java | 3 +-
.../java/org/apache/cxf/bus/spring/SpringBus.java | 2 +-
.../cxf/catalog/CatalogXmlSchemaURIResolver.java | 2 +-
.../cxf/common/classloader/ClassLoaderUtils.java | 14 +-
.../cxf/common/injection/ResourceInjector.java | 6 +-
.../apache/cxf/common/jaxb/JAXBContextCache.java | 9 +-
.../java/org/apache/cxf/common/jaxb/JAXBUtils.java | 47 +-
.../common/jaxb/SchemaCollectionContextProxy.java | 28 +-
.../common/logging/AbstractDelegatingLogger.java | 2 +-
.../cxf/common/logging/RegexLoggingFilter.java | 2 +-
.../java/org/apache/cxf/common/util/ASMHelper.java | 6 +-
.../org/apache/cxf/common/util/ClassHelper.java | 64 +-
.../org/apache/cxf/common/util/ClassUnwrapper.java | 23 +-
.../apache/cxf/common/util/CollectionUtils.java | 4 +-
.../java/org/apache/cxf/common/util/Compiler.java | 56 +-
.../org/apache/cxf/common/util/PackageUtils.java | 16 +-
.../org/apache/cxf/common/util/PrimitiveUtils.java | 3 +-
.../cxf/common/util/PropertiesLoaderUtils.java | 8 +-
.../cxf/common/util/ProxyClassLoaderCache.java | 56 +-
.../org/apache/cxf/common/util/ProxyHelper.java | 3 +-
...pClassHelper.java => SpringClassUnwrapper.java} | 42 +-
.../org/apache/cxf/common/util/SpringOsgiUtil.java | 2 +-
.../org/apache/cxf/common/util/StringUtils.java | 12 +-
.../org/apache/cxf/common/util/URIParserUtil.java | 6 +-
.../java/org/apache/cxf/common/util/UrlUtils.java | 6 +-
.../cxf/common/xmlschema/SchemaCollection.java | 2 +-
.../blueprint/AbstractBPBeanDefinitionParser.java | 9 +-
.../apache/cxf/configuration/jsse/SSLUtils.java | 31 +-
.../configuration/jsse/TLSClientParameters.java | 44 +-
.../spring/AbstractBeanDefinitionParser.java | 18 +-
.../cxf/configuration/spring/ConfigurerImpl.java | 12 +-
.../spring/MappingBeanDefinitionParser.java | 3 +-
.../cxf/databinding/AbstractDataBinding.java | 6 +-
.../cxf/databinding/AbstractWrapperHelper.java | 2 +-
.../databinding/source/XMLStreamDataReader.java | 4 +-
.../databinding/source/XMLStreamDataWriter.java | 3 +-
.../cxf/endpoint/AbstractConduitSelector.java | 10 +-
.../java/org/apache/cxf/endpoint/ClientImpl.java | 8 +-
.../org/apache/cxf/endpoint/ManagedEndpoint.java | 11 +-
.../java/org/apache/cxf/endpoint/ServerImpl.java | 6 +-
.../main/java/org/apache/cxf/helpers/DOMUtils.java | 70 +-
.../java/org/apache/cxf/helpers/FileUtils.java | 23 +-
.../main/java/org/apache/cxf/helpers/IOUtils.java | 5 +-
.../java/org/apache/cxf/helpers/JavaUtils.java | 8 +-
.../java/org/apache/cxf/helpers/ServiceUtils.java | 45 +-
.../AbstractInDatabindingInterceptor.java | 5 +-
.../cxf/interceptor/ClientFaultConverter.java | 10 +-
.../cxf/interceptor/LoggingInInterceptor.java | 2 +-
.../org/apache/cxf/interceptor/LoggingMessage.java | 2 +-
.../cxf/interceptor/LoggingOutInterceptor.java | 2 +-
.../interceptor/OneWayProcessorInterceptor.java | 2 +-
.../security/AbstractAuthorizingInInterceptor.java | 2 +-
.../security/DefaultSecurityContext.java | 7 +-
.../OperationInfoAuthorizingInterceptor.java | 2 +-
.../security/SecureAnnotationsInterceptor.java | 18 +-
.../java/org/apache/cxf/io/CachedOutputStream.java | 8 +-
.../main/java/org/apache/cxf/io/CachedWriter.java | 17 +-
.../java/org/apache/cxf/message/MessageImpl.java | 24 +-
.../apache/cxf/phase/PhaseInterceptorChain.java | 6 +-
.../cxf/resource/DefaultResourceManager.java | 5 +-
.../apache/cxf/resource/ExtendedURIResolver.java | 7 +-
.../java/org/apache/cxf/resource/URIResolver.java | 91 +-
.../cxf/service/ServiceModelSchemaValidator.java | 10 +-
.../factory/AnnotationsFactoryBeanListener.java | 6 +-
.../service/factory/SimpleMethodDispatcher.java | 2 +-
.../cxf/service/invoker/AbstractInvoker.java | 5 +-
.../apache/cxf/service/invoker/SessionFactory.java | 2 +-
.../service/model/AbstractMessageContainer.java | 9 +-
.../service/model/AbstractPropertiesHolder.java | 12 +-
.../org/apache/cxf/service/model/BindingInfo.java | 8 +-
.../cxf/service/model/BindingOperationInfo.java | 2 +-
.../apache/cxf/service/model/OperationInfo.java | 2 +-
.../org/apache/cxf/service/model/SchemaInfo.java | 4 +-
.../apache/cxf/service/model/ServiceModelUtil.java | 7 +-
.../cxf/staxutils/CachingXmlEventWriter.java | 9 +-
.../staxutils/DepthRestrictingStreamReader.java | 7 +-
.../cxf/staxutils/OverlayW3CDOMStreamWriter.java | 6 +-
.../cxf/staxutils/PrettyPrintXMLStreamWriter.java | 10 +-
.../staxutils/PropertiesExpandingStreamReader.java | 26 +-
.../java/org/apache/cxf/staxutils/StaxSource.java | 19 +-
.../java/org/apache/cxf/staxutils/StaxUtils.java | 72 +-
.../apache/cxf/staxutils/W3CDOMStreamReader.java | 22 +-
.../apache/cxf/staxutils/W3CDOMStreamWriter.java | 16 +-
.../transform/DelegatingNamespaceContext.java | 15 +-
.../staxutils/transform/OutTransformWriter.java | 8 +-
.../cxf/staxutils/transform/ParsingEvent.java | 2 +-
.../cxf/staxutils/transform/TransformUtils.java | 8 +-
.../staxutils/validation/Stax2ValidationUtils.java | 2 +-
.../apache/cxf/transport/AbstractObservable.java | 2 +-
.../org/apache/cxf/transport/TransportFinder.java | 2 +-
.../apache/cxf/transport/TransportURIResolver.java | 2 +-
.../AbstractBeanValidationInterceptor.java | 2 +-
.../main/java/org/apache/cxf/version/Version.java | 4 +-
.../cxf/workqueue/AutomaticWorkQueueImpl.java | 39 +-
.../cxf/ws/addressing/AddressingProperties.java | 4 +-
.../cxf/ws/addressing/EndpointReferenceUtils.java | 65 +-
.../cxf/attachment/AttachmentDeserializerTest.java | 13 +-
.../apache/cxf/attachment/LazyDataSourceTest.java | 67 ++
.../apache/cxf/bus/extension/ExtensionTest.java | 5 +-
.../extension/TextExtensionFragmentParserTest.java | 5 +-
.../cxf/bus/spring/BusDefinitionParserTest.java | 49 +-
.../cxf/bus/spring/SpringBusFactoryTest.java | 9 +-
.../java/org/apache/cxf/bus/spring/lazyInitBus.xml | 3 +-
.../org/apache/cxf/common/jaxb/JAXBUtilsTest.java | 17 +-
.../cxf/common/security/SimplePrincipalTest.java | 4 +-
.../apache/cxf/common/util/ClassHelperTest.java | 88 +-
.../apache/cxf/common/util/PackageUtilsTest.java | 2 +
.../cxf/common/util/ProxyClassLoaderCacheTest.java | 68 +-
.../configuration/spring/ConfigurerImplTest.java | 15 +-
.../org/apache/cxf/endpoint/EndpointImplTest.java | 18 +-
.../java/org/apache/cxf/helpers/FileUtilsTest.java | 7 +-
.../java/org/apache/cxf/helpers/NameSpaceTest.java | 5 +-
.../org/apache/cxf/helpers/ServiceUtilsTest.java | 6 +-
.../cxf/interceptor/LoggingInInterceptorTest.java | 11 +-
.../security/SecureAnnotationsInterceptorTest.java | 6 +-
.../security/SimpleAuthorizingInterceptorTest.java | 6 +-
.../cxf/phase/PhaseInterceptorChainTest.java | 28 +-
.../cxf/service/invoker/PooledFactoryTest.java | 22 +-
.../PropertiesExpandingStreamReaderTest.java | 8 +-
.../org/apache/cxf/staxutils/StaxUtilsTest.java | 23 +-
.../cxf/staxutils/W3CDOMStreamReaderTest.java | 4 +-
.../staxutils/transform/InTransformReaderTest.java | 37 +-
.../transform/OutTransformWriterTest.java | 32 +-
.../staxutils/transform/TransformTestUtils.java | 6 +-
.../cxf/workqueue/AutomaticWorkQueueTest.java | 2 +-
distribution/javadoc/pom.xml | 4 +-
distribution/manifest/pom.xml | 24 +-
distribution/pom.xml | 24 +-
.../main/appended-resources/META-INF/LICENSE.vm | 2 +-
distribution/src/main/release/bin/idl2wsdl | 16 +-
distribution/src/main/release/bin/idl2wsdl.bat | 15 +-
distribution/src/main/release/bin/inc | 38 +
distribution/src/main/release/bin/java2js | 16 +-
distribution/src/main/release/bin/java2js.bat | 17 +-
distribution/src/main/release/bin/java2ws | 16 +-
distribution/src/main/release/bin/java2ws.bat | 15 +-
distribution/src/main/release/bin/mc | 18 +-
distribution/src/main/release/bin/mc.bat | 14 +-
distribution/src/main/release/bin/wadl2java | 15 +-
distribution/src/main/release/bin/wadl2java.bat | 16 +-
distribution/src/main/release/bin/wsdl2corba | 16 +-
distribution/src/main/release/bin/wsdl2corba.bat | 15 +-
distribution/src/main/release/bin/wsdl2java | 17 +-
distribution/src/main/release/bin/wsdl2java.bat | 16 +-
distribution/src/main/release/bin/wsdl2js | 15 +-
distribution/src/main/release/bin/wsdl2js.bat | 11 +-
distribution/src/main/release/bin/wsdl2service | 16 +-
distribution/src/main/release/bin/wsdl2service.bat | 17 +-
distribution/src/main/release/bin/wsdl2soap | 18 +-
distribution/src/main/release/bin/wsdl2soap.bat | 15 +-
distribution/src/main/release/bin/wsdl2xml | 18 +-
distribution/src/main/release/bin/wsdl2xml.bat | 15 +-
distribution/src/main/release/bin/wsdlvalidator | 17 +-
.../src/main/release/bin/wsdlvalidator.bat | 15 +-
distribution/src/main/release/bin/xsd2wsdl | 17 +-
distribution/src/main/release/bin/xsd2wsdl.bat | 15 +-
distribution/src/main/release/release_notes.txt | 86 +-
.../src/main/release/samples/aegis/pom.xml | 21 +-
.../main/release/samples/aegis_standalone/pom.xml | 4 +-
.../src/main/release/samples/callback/pom.xml | 8 +-
.../samples/clustering/failover_jaxws_osgi/pom.xml | 8 +-
.../samples/clustering/failover_server/pom.xml | 10 +-
.../samples/configuration_interceptor/pom.xml | 8 +-
.../src/main/release/samples/corba/bank/pom.xml | 8 +-
.../samples/corba/bank_ws_addressing/pom.xml | 8 +-
.../main/release/samples/corba/hello_world/pom.xml | 8 +-
.../release/samples/groovy_spring_support/pom.xml | 14 +-
.../main/release/samples/in_jvm_transport/pom.xml | 10 +-
.../main/release/samples/java_first_jaxws/pom.xml | 15 +-
.../samples/java_first_jaxws_factory_bean/pom.xml | 8 +-
.../main/release/samples/java_first_jms/pom.xml | 6 +-
.../main/release/samples/java_first_pojo/pom.xml | 8 +-
.../samples/java_first_spring_support/pom.xml | 14 +-
.../src/main/release/samples/jax_rs/basic/pom.xml | 8 +-
.../release/samples/jax_rs/basic_https/pom.xml | 2 +-
.../main/release/samples/jax_rs/basic_oidc/pom.xml | 12 +-
.../main/release/samples/jax_rs/big_query/pom.xml | 16 +-
.../src/main/webapp/WEB-INF/applicationContext.xml | 2 +-
.../samples/jax_rs/content_negotiation/pom.xml | 10 +-
.../samples/jax_rs/description_openapi_v3/pom.xml | 10 +-
.../jax_rs/description_openapi_v3_osgi/pom.xml | 8 +-
.../jax_rs/description_openapi_v3_spring/pom.xml | 10 +-
.../jax_rs/description_openapi_v3_web/pom.xml | 12 +-
.../samples/jax_rs/description_swagger2/pom.xml | 10 +-
.../jax_rs/description_swagger2_osgi/README.txt | 4 +-
.../jax_rs/description_swagger2_osgi/pom.xml | 8 +-
.../jax_rs/description_swagger2_spring/pom.xml | 10 +-
.../jax_rs/description_swagger2_web/pom.xml | 12 +-
.../release/samples/jax_rs/minimal_osgi/pom.xml | 2 +-
.../src/main/release/samples/jax_rs/odata/pom.xml | 2 +-
.../src/main/release/samples/jax_rs/search/pom.xml | 14 +-
.../src/main/release/samples/jax_rs/spark/pom.xml | 8 +-
.../main/java/demo/jaxrs/server/SparkUtils.java | 2 +-
.../main/java/demo/jaxrs/server/socket/Server.java | 2 +-
.../demo/jaxrs/server/socket/SparkResultJob.java | 2 +-
.../release/samples/jax_rs/spring_boot/pom.xml | 4 +-
.../jax_rs/spring_boot_scan/application/pom.xml | 4 +-
.../samples/jax_rs/spring_boot_scan/client/pom.xml | 2 +-
.../spring_boot_scan/eureka-registry/pom.xml | 2 +-
.../release/samples/jax_rs/spring_security/pom.xml | 8 +-
.../main/release/samples/jax_rs/sse_cdi/pom.xml | 25 +-
.../sse_cdi/src/main/resources/web-ui/index.html | 100 +-
.../resources/web-ui/javascripts/highcharts.js | 270 -----
.../web-ui/javascripts/jquery-1.9.0.min.js | 4 -
.../main/release/samples/jax_rs/sse_client/pom.xml | 24 +-
.../main/release/samples/jax_rs/sse_osgi/pom.xml | 16 +-
.../sse_osgi/src/main/resources/web-ui/index.html | 101 +-
.../resources/web-ui/javascripts/highcharts.js | 270 -----
.../web-ui/javascripts/jquery-1.9.0.min.js | 4 -
.../main/release/samples/jax_rs/sse_spring/pom.xml | 23 +-
.../src/main/resources/web-ui/index.html | 101 +-
.../resources/web-ui/javascripts/highcharts.js | 270 -----
.../web-ui/javascripts/jquery-1.9.0.min.js | 4 -
.../main/release/samples/jax_rs/sse_tomcat/pom.xml | 23 +-
.../src/main/java/demo/jaxrs/sse/StatsServer.java | 4 +-
.../src/main/resources/web-ui/index.html | 100 +-
.../resources/web-ui/javascripts/highcharts.js | 270 -----
.../web-ui/javascripts/jquery-1.9.0.min.js | 4 -
.../release/samples/jax_rs/tracing_brave/pom.xml | 4 +-
.../samples/jax_rs/tracing_brave_osgi/pom.xml | 14 +-
.../samples/jax_rs/tracing_opentracing/pom.xml | 14 +-
.../java/demo/jaxrs/tracing/server/Server.java | 2 +-
.../jax_rs/tracing_opentracing_camel/pom.xml | 18 +-
.../jax_rs/tracing_opentracing_osgi/README.txt | 6 +-
.../jax_rs/tracing_opentracing_osgi/pom.xml | 4 +-
.../main/release/samples/jax_rs/websocket/pom.xml | 12 +-
.../samples/jax_rs/websocket_osgi/README.txt | 26 +-
.../release/samples/jax_rs/websocket_osgi/pom.xml | 2 +-
.../release/samples/jax_rs/websocket_web/pom.xml | 10 +-
.../samples/jax_server_aegis_client/pom.xml | 10 +-
.../src/main/release/samples/jaxws_async/pom.xml | 10 +-
.../samples/jaxws_dispatch_provider/pom.xml | 8 +-
.../main/release/samples/jaxws_handlers/pom.xml | 8 +-
.../main/release/samples/jaxws_spring_boot/pom.xml | 2 +-
.../samples/jaxws_tracing_brave_osgi/pom.xml | 10 +-
.../src/main/release/samples/jms_pubsub/pom.xml | 8 +-
.../src/main/release/samples/jms_queue/pom.xml | 6 +-
.../src/main/release/samples/jms_spec_demo/pom.xml | 6 +-
.../main/release/samples/jms_spring_config/pom.xml | 6 +-
.../samples/js_browser_client_java_first/pom.xml | 10 +-
.../samples/js_browser_client_simple/pom.xml | 10 +-
.../src/main/release/samples/js_client/pom.xml | 10 +-
.../src/main/release/samples/js_provider/pom.xml | 8 +-
distribution/src/main/release/samples/mtom/pom.xml | 8 +-
.../src/main/release/samples/oauth/client/pom.xml | 6 +-
.../src/main/release/samples/oauth/server/pom.xml | 2 +-
.../spring/AuthenticationFailureHandler.java | 4 +-
.../spring/AuthenticationSuccessfullHandler.java | 10 +-
distribution/src/main/release/samples/pom.xml | 35 +-
.../main/release/samples/restful_dispatch/pom.xml | 10 +-
.../release/samples/ruby_spring_support/pom.xml | 15 +-
.../src/main/webapp/WEB-INF/cxf-servlet.xml | 10 +-
.../src/main/release/samples/soap_header/pom.xml | 8 +-
.../src/main/release/samples/sts/README.txt | 16 +-
distribution/src/main/release/samples/sts/pom.xml | 2 +-
.../src/main/release/samples/throttling/pom.xml | 2 +-
.../src/main/release/samples/ws_addressing/pom.xml | 8 +-
.../src/main/release/samples/ws_discovery/pom.xml | 10 +-
.../src/main/release/samples/ws_eventing/pom.xml | 2 +-
.../main/release/samples/ws_notification/pom.xml | 14 +-
.../src/main/release/samples/ws_policy/pom.xml | 8 +-
.../src/main/release/samples/ws_rm/README.txt | 2 +-
.../src/main/release/samples/ws_rm/pom.xml | 10 +-
.../samples/ws_security/sign_enc/README.txt | 16 +-
.../release/samples/ws_security/sign_enc/pom.xml | 16 +-
.../src/main/java/demo/wssec/client/wssec.xml | 12 +-
.../src/main/java/demo/wssec/server/wssec.xml | 12 +-
.../samples/ws_security/sign_enc_policy/README.txt | 16 +-
.../samples/ws_security/sign_enc_policy/pom.xml | 2 +-
.../main/release/samples/ws_security/ut/README.txt | 16 +-
.../main/release/samples/ws_security/ut/pom.xml | 10 +-
.../ws_security/ut/src/main/resources/wssec.xml | 10 +-
.../samples/ws_security/ut_policy/README.txt | 16 +-
.../release/samples/ws_security/ut_policy/pom.xml | 2 +-
.../src/main/release/samples/wsdl_first/README.txt | 2 +-
.../src/main/release/samples/wsdl_first/pom.xml | 18 +-
.../samples/wsdl_first_dynamic_client/pom.xml | 8 +-
.../main/release/samples/wsdl_first_https/pom.xml | 2 +-
.../release/samples/wsdl_first_pure_xml/pom.xml | 8 +-
.../main/release/samples/wsdl_first_rpclit/pom.xml | 8 +-
.../main/release/samples/wsdl_first_soap12/pom.xml | 8 +-
.../release/samples/wsdl_first_xml_wrapped/pom.xml | 8 +-
integration/cdi/pom.xml | 4 +-
.../java/org/apache/cxf/cdi/CdiClassUnwrapper.java | 5 +
.../apache/cxf/cdi/CdiResourceProviderTest.java | 2 +-
integration/jca/pom.xml | 4 +-
.../AbstractManagedConnectionImpl.java | 1 +
.../java/org/apache/cxf/jca/cxf/JCABusFactory.java | 5 +-
.../apache/cxf/jca/outbound/CXFConnectionSpec.java | 14 +-
.../org/apache/cxf/jca/servant/EJBEndpoint.java | 4 +-
.../core/classloader/PlugInClassLoaderTest.java | 8 +-
.../cxf/jca/core/logging/LoggerHelperTest.java | 5 +-
...AssociatedManagedConnectionFactoryImplTest.java | 5 +-
.../cxf/jca/cxf/CXFConnectionRequestInfoTest.java | 19 +-
.../cxf/jca/cxf/ConnectionFactoryImplTest.java | 6 +-
.../jca/cxf/ManagedConnectionFactoryImplTest.java | 3 +-
.../cxf/jca/cxf/ManagedConnectionImplTest.java | 4 +-
.../cxf/jca/cxf/ResourceAdapterImplTest.java | 5 +-
.../handlers/AbstractInvocationHandlerTest.java | 6 +-
.../handlers/InvokingInvocationHandlerTest.java | 7 +-
.../ObjectMethodInvocationHandlerTest.java | 16 +-
integration/pom.xml | 4 +-
integration/spring-boot/autoconfigure/pom.xml | 4 +-
integration/spring-boot/pom.xml | 4 +-
integration/spring-boot/starter-jaxrs/pom.xml | 4 +-
integration/spring-boot/starter-jaxws/pom.xml | 4 +-
integration/tracing/tracing-brave/pom.xml | 4 +-
integration/tracing/tracing-opentracing/pom.xml | 4 +-
.../AbstractOpenTracingClientProvider.java | 24 +-
.../opentracing/AbstractOpenTracingProvider.java | 25 +-
.../tracing/opentracing/OpenTracingContext.java | 10 +-
.../apache/cxf/tracing/opentracing/ScopedSpan.java | 26 +-
maven-plugins/archetypes/cxf-jaxrs-service/pom.xml | 2 +-
.../archetypes/cxf-jaxws-javafirst/pom.xml | 4 +-
.../archetypes/cxf-jaxws-wsdlfirst/pom.xml | 2 +-
maven-plugins/archetypes/pom.xml | 4 +-
maven-plugins/codegen-plugin/pom.xml | 8 +-
.../codegen-plugin/src/it/mark-generated/pom.xml | 2 +-
.../src/it/wsdl-artifact-resolution/pom.xml | 2 +-
.../cxf/maven_plugin/AbstractCodegenMoho.java | 29 +-
.../cxf/maven_plugin/ClassLoaderSwitcher.java | 4 +-
.../org/apache/cxf/maven_plugin/WsdlUtilities.java | 6 +-
.../apache/cxf/maven_plugin/wsdl2java/Option.java | 12 +-
.../cxf/maven_plugin/wsdl2java/WsdlOption.java | 2 +-
.../maven_plugin/wsdl2java/WsdlOptionLoader.java | 7 +-
maven-plugins/corba/pom.xml | 4 +-
maven-plugins/java2swagger-plugin/pom.xml | 14 +-
maven-plugins/java2wadl-plugin/pom.xml | 14 +-
maven-plugins/java2ws-plugin/pom.xml | 6 +-
.../cxf/maven_plugin/ClassLoaderSwitcher.java | 4 +-
.../org/apache/cxf/maven_plugin/Java2WSMojo.java | 15 +-
maven-plugins/pom.xml | 4 +-
maven-plugins/wadl2java-plugin/pom.xml | 8 +-
.../src/it/wsdl-artifact-resolution/pom.xml | 2 +-
.../maven_plugin/common/ClassLoaderSwitcher.java | 4 +-
.../org/apache/cxf/maven_plugin/wadlto/Option.java | 4 +-
.../cxf/maven_plugin/wadlto/OptionLoader.java | 12 +-
.../cxf/maven_plugin/wadlto/WADL2JavaMojo.java | 7 +-
.../apache/cxf/maven_plugin/wadlto/WadlOption.java | 2 +-
maven-plugins/wsdl-validator-plugin/pom.xml | 4 +-
.../apache/cxf/maven_plugin/WSDLValidatorMojo.java | 6 +-
osgi/bundle/compatible/pom.xml | 4 +-
osgi/bundle/pom.xml | 4 +-
osgi/itests-felix/pom.xml | 2 +-
osgi/itests/pom.xml | 2 +-
.../apache/cxf/osgi/itests/CXFOSGiTestSupport.java | 13 +-
.../apache/cxf/osgi/itests/jaxrs/BookStore.java | 2 +-
osgi/karaf/commands/pom.xml | 2 +-
osgi/karaf/features/pom.xml | 2 +-
.../karaf/features/src/main/resources/features.xml | 10 +-
osgi/karaf/pom.xml | 2 +-
osgi/pom.xml | 4 +-
osgi/repository/pom.xml | 2 +-
parent/pom.xml | 142 +--
pom.xml | 38 +-
rt/bindings/coloc/pom.xml | 4 +-
.../org/apache/cxf/binding/coloc/ColocUtil.java | 4 +-
.../binding/coloc/ColocMessageObserverTest.java | 15 +-
.../cxf/binding/coloc/ColocOutInterceptorTest.java | 17 +-
.../apache/cxf/binding/coloc/ColocUtilTest.java | 32 +-
rt/bindings/corba/pom.xml | 8 +-
.../apache/cxf/binding/corba/CorbaDestination.java | 2 +-
.../cxf/binding/corba/CorbaServerConduit.java | 5 +-
.../binding/corba/runtime/CorbaObjectReader.java | 2 +-
.../binding/corba/runtime/CorbaStreamWriter.java | 7 +-
.../types/AbstractNoStartEndEventProducer.java | 5 +-
.../binding/corba/types/CorbaPrimitiveHandler.java | 2 +-
.../binding/corba/types/CorbaStructListener.java | 4 +-
.../binding/corba/types/CorbaUnionListener.java | 2 +-
.../corba/types/ParameterEventProducer.java | 5 +-
.../corba/utils/CorbaObjectReferenceHelper.java | 2 +-
.../apache/cxf/binding/corba/utils/CorbaUtils.java | 4 +-
.../cxf/binding/corba/utils/EprMetaData.java | 2 +-
.../apache/cxf/binding/corba/utils/OrbConfig.java | 2 +-
.../cxf/binding/corba/CorbaBindingFactoryTest.java | 6 +-
.../apache/cxf/binding/corba/CorbaConduitTest.java | 5 +-
.../apache/cxf/binding/corba/CorbaMessageTest.java | 2 +-
.../corba/runtime/CorbaObjectReaderTest.java | 26 +-
.../corba/runtime/CorbaObjectWriterTest.java | 15 +-
.../binding/corba/runtime/CorbaStreamableTest.java | 2 +-
.../binding/corba/types/CorbaAnyHandlerTest.java | 5 +-
.../binding/corba/types/CorbaArrayHandlerTest.java | 7 +-
.../binding/corba/types/CorbaEnumHandlerTest.java | 5 +-
.../binding/corba/types/CorbaFixedHandlerTest.java | 7 +-
.../binding/corba/types/CorbaHandlerUtilsTest.java | 29 +-
.../corba/types/CorbaObjectHandlerTest.java | 7 +-
.../corba/types/CorbaPrimitiveHandlerTest.java | 35 +-
.../corba/types/CorbaSequenceHandlerTest.java | 7 +-
.../corba/types/CorbaStructHandlerTest.java | 11 +-
.../cxf/binding/corba/utils/ContextUtilsTest.java | 6 +-
rt/bindings/pom.xml | 36 +-
rt/bindings/soap/pom.xml | 4 +-
.../org/apache/cxf/binding/soap/SoapMessage.java | 2 +-
.../soap/interceptor/Soap11FaultInInterceptor.java | 2 +-
.../soap/interceptor/SoapActionInInterceptor.java | 7 +
.../soap/jms/interceptor/SoapJMSInInterceptor.java | 13 +-
.../soap/MustUnderstandInterceptorTest.java | 23 +-
.../cxf/binding/soap/saaj/ParseBodyTest.java | 2 +-
.../binding/soap/saaj/SAAJInInterceptorTest.java | 2 +-
rt/bindings/xml/pom.xml | 4 +-
.../interceptor/XMLMessageInInterceptorTest.java | 12 +-
.../interceptor/XMLMessageOutInterceptorTest.java | 5 +-
rt/databinding/aegis/pom.xml | 4 +-
.../org/apache/cxf/aegis/DatabindingException.java | 2 +-
.../java/org/apache/cxf/aegis/type/AegisType.java | 2 +-
.../org/apache/cxf/aegis/type/XMLTypeCreator.java | 10 +-
.../org/apache/cxf/aegis/type/basic/BeanType.java | 10 +-
.../apache/cxf/aegis/type/basic/BeanTypeInfo.java | 10 +-
.../cxf/aegis/type/basic/XMLBeanTypeInfo.java | 2 +-
.../cxf/aegis/type/collection/CollectionType.java | 4 +-
.../apache/cxf/aegis/type/collection/MapType.java | 2 +-
.../cxf/aegis/type/encoded/ArrayTypeInfo.java | 17 +-
.../cxf/aegis/type/encoded/MarshalRegistry.java | 3 +-
.../cxf/aegis/type/encoded/SoapArrayType.java | 2 +-
.../org/apache/cxf/aegis/util/NamespaceHelper.java | 14 +-
.../org/apache/cxf/aegis/util/ServiceUtils.java | 4 +-
.../cxf/aegis/util/stax/JDOMStreamWriter.java | 5 +-
.../cxf/aegis/standalone/StandaloneReadTest.java | 2 +-
.../cxf/aegis/type/basic/DynamicProxyTest.java | 11 +-
.../aegis/type/encoded/AbstractEncodedTest.java | 11 +-
.../cxf/aegis/type/java5/CollectionService.java | 6 +-
.../type/java5/CollectionServiceInterface.java | 4 +-
.../type/java5/map/StudentServiceDocLiteral.java | 2 +-
.../java5/map/StudentServiceDocLiteralImpl.java | 2 +-
.../org/apache/cxf/aegis/xml/stax/ReaderTest.java | 2 +-
rt/databinding/jaxb/pom.xml | 4 +-
.../apache/cxf/jaxb/JAXBContextInitializer.java | 4 +-
.../java/org/apache/cxf/jaxb/JAXBDataBase.java | 2 +-
.../java/org/apache/cxf/jaxb/JAXBDataBinding.java | 3 +-
.../org/apache/cxf/jaxb/JAXBEncoderDecoder.java | 40 +-
.../org/apache/cxf/jaxb/JAXBSchemaInitializer.java | 4 +-
.../org/apache/cxf/jaxb/io/DataReaderImpl.java | 8 +-
.../org/apache/cxf/jaxb/io/DataWriterImpl.java | 10 +-
.../jaxb/DataBindingMarshallerPropertiesTest.java | 6 +-
.../org/apache/cxf/jaxb/JAXBDataBindingTest.java | 5 +-
.../apache/cxf/jaxb/JAXBEncoderDecoderTest.java | 4 +-
rt/databinding/pom.xml | 4 +-
rt/features/clustering/pom.xml | 4 +-
rt/features/logging/pom.xml | 2 +-
.../ext/logging/AbstractLoggingInterceptor.java | 6 +
.../org/apache/cxf/ext/logging/LoggingFeature.java | 48 +-
.../cxf/ext/logging/LoggingInInterceptor.java | 3 +-
.../cxf/ext/logging/LoggingOutInterceptor.java | 5 +-
.../ext/logging/event/DefaultLogEventMapper.java | 27 +-
.../cxf/ext/logging/event/LogMessageFormatter.java | 2 +-
rt/features/metrics/pom.xml | 2 +-
.../metrics/codahale/CodahaleMetricsProvider.java | 2 +-
rt/features/pom.xml | 4 +-
rt/features/throttling/pom.xml | 2 +-
rt/frontend/jaxrs/pom.xml | 4 +-
.../java/org/apache/cxf/jaxrs/JAXRSInvoker.java | 10 +-
.../apache/cxf/jaxrs/JAXRSServiceFactoryBean.java | 10 +-
.../org/apache/cxf/jaxrs/JAXRSServiceImpl.java | 2 +-
.../apache/cxf/jaxrs/ext/MessageContextImpl.java | 1 -
.../cxf/jaxrs/ext/multipart/MultipartBody.java | 32 +-
.../cxf/jaxrs/impl/CacheControlHeaderProvider.java | 2 +-
.../cxf/jaxrs/impl/EntityTagHeaderProvider.java | 2 +-
.../org/apache/cxf/jaxrs/impl/LinkBuilderImpl.java | 14 +-
.../apache/cxf/jaxrs/impl/LinkHeaderProvider.java | 10 +-
.../cxf/jaxrs/impl/MediaTypeHeaderProvider.java | 2 +-
.../cxf/jaxrs/impl/ReaderInterceptorMBR.java | 3 +
.../org/apache/cxf/jaxrs/impl/RequestImpl.java | 2 +-
.../apache/cxf/jaxrs/impl/ResponseBuilderImpl.java | 2 +-
.../org/apache/cxf/jaxrs/impl/ResponseImpl.java | 10 +-
.../apache/cxf/jaxrs/impl/SecurityContextImpl.java | 4 +-
.../org/apache/cxf/jaxrs/impl/UriBuilderImpl.java | 20 +-
.../org/apache/cxf/jaxrs/impl/UriInfoImpl.java | 4 +-
.../cxf/jaxrs/impl/VariantListBuilderImpl.java | 8 +-
.../jaxrs/impl/WebApplicationExceptionMapper.java | 2 +-
.../cxf/jaxrs/interceptor/JAXRSOutInterceptor.java | 4 +-
.../cxf/jaxrs/model/AbstractResourceInfo.java | 11 +-
.../apache/cxf/jaxrs/model/ClassResourceInfo.java | 24 +-
.../jaxrs/model/ClassResourceInfoComparator.java | 2 +-
.../model/OperationResourceInfoComparator.java | 2 +-
.../org/apache/cxf/jaxrs/model/URITemplate.java | 2 +-
.../cxf/jaxrs/model/doc/JavaDocProvider.java | 7 +-
.../cxf/jaxrs/provider/AbstractJAXBProvider.java | 26 +-
.../cxf/jaxrs/provider/DataSourceProvider.java | 6 +-
.../cxf/jaxrs/provider/FormEncodingProvider.java | 7 +-
.../cxf/jaxrs/provider/MultipartProvider.java | 19 +-
.../apache/cxf/jaxrs/provider/ProviderFactory.java | 104 +-
.../jaxrs/provider/RequestDispatcherProvider.java | 2 +-
.../cxf/jaxrs/provider/XSLTJaxbProvider.java | 2 +-
.../jaxrs/servlet/CXFNonSpringJaxrsServlet.java | 2 +-
.../java/org/apache/cxf/jaxrs/utils/FormUtils.java | 2 +-
.../java/org/apache/cxf/jaxrs/utils/HttpUtils.java | 6 +-
.../org/apache/cxf/jaxrs/utils/InjectionUtils.java | 69 +-
.../org/apache/cxf/jaxrs/utils/JAXRSUtils.java | 12 +-
.../org/apache/cxf/jaxrs/utils/ResourceUtils.java | 16 +-
.../cxf/jaxrs/utils/schemas/SchemaHandler.java | 16 +-
.../validation/JAXRSParameterNameProvider.java | 10 +-
.../validation/ValidationExceptionMapper.java | 2 +-
.../test/java/org/apache/cxf/jaxrs/Customer.java | 25 +-
.../cxf/jaxrs/SelectMethodCandidatesTest.java | 119 +--
.../cxf/jaxrs/ext/MessageContextImplTest.java | 20 +-
.../jaxrs/impl/CacheControlHeaderProviderTest.java | 7 +-
.../jaxrs/impl/EntityTagHeaderProviderTest.java | 7 +-
.../cxf/jaxrs/impl/EvaluatePreconditionsTest.java | 15 +-
.../cxf/jaxrs/impl/ReaderInterceptorMBRTest.java | 11 +-
.../cxf/jaxrs/impl/RequestPreprocessorTest.java | 15 +-
.../apache/cxf/jaxrs/impl/ResponseImplTest.java | 27 +-
.../lifecycle/PerRequestResourceProviderTest.java | 18 +-
.../cxf/jaxrs/model/OperationResourceInfoTest.java | 5 +-
.../cxf/jaxrs/model/doc/JavaDocProviderTest.java | 3 +-
.../cxf/jaxrs/provider/BinaryDataProviderTest.java | 20 +-
.../jaxrs/provider/JAXBElementProviderTest.java | 45 +-
.../jaxrs/provider/PrimitiveTextProviderTest.java | 12 +-
.../cxf/jaxrs/provider/ProviderFactoryTest.java | 89 +-
.../cxf/jaxrs/provider/XSLTJaxbProviderTest.java | 17 +-
.../apache/cxf/jaxrs/utils/InjectionUtilsTest.java | 34 +-
.../org/apache/cxf/jaxrs/utils/JAXRSUtilsTest.java | 182 ++--
.../apache/cxf/jaxrs/utils/ResourceUtilsTest.java | 14 +-
rt/frontend/jaxws/pom.xml | 4 +-
.../org/apache/cxf/jaxws/JaxWsClientProxy.java | 8 +-
.../apache/cxf/jaxws/JaxWsServerFactoryBean.java | 5 +-
.../java/org/apache/cxf/jaxws/ServiceImpl.java | 6 +-
.../jaxws/interceptors/HolderOutInterceptor.java | 2 +-
.../interceptors/MessageModeOutInterceptor.java | 3 +-
.../cxf/jaxws/interceptors/SwAOutInterceptor.java | 2 +-
.../jaxws/interceptors/WebFaultOutInterceptor.java | 16 +-
.../http_jaxws_spi/HttpServletRequestAdapter.java | 2 +-
.../apache/cxf/jaxws/ConfiguredEndpointTest.java | 12 +-
.../java/org/apache/cxf/jaxws/JaxWsClientTest.java | 39 +-
.../cxf/jaxws/WrapperClassGeneratorTest.java | 4 +-
.../apache/cxf/jaxws/dispatch/DispatchOpTest.java | 46 +-
.../apache/cxf/jaxws/dispatch/DispatchTest.java | 44 +-
.../cxf/jaxws/handler/HandlerChainBuilderTest.java | 5 +-
.../cxf/jaxws/handler/HandlerChainInvokerTest.java | 10 +-
.../org/apache/cxf/jaxws/holder/HolderTest.java | 14 +-
.../jaxws/provider/ProviderServiceFactoryTest.java | 5 +-
rt/frontend/js/pom.xml | 4 +-
.../org/apache/cxf/js/rhino/ProviderFactory.java | 4 +-
rt/frontend/pom.xml | 4 +-
rt/frontend/simple/pom.xml | 4 +-
.../cxf/endpoint/dynamic/DynamicClientFactory.java | 7 +-
.../java/org/apache/cxf/frontend/WSDLGetUtils.java | 2 +-
.../cxf/service/factory/ServerFactoryTest.java | 6 +-
rt/javascript/javascript-rt/pom.xml | 4 +-
.../cxf/javascript/JavascriptGetInterceptor.java | 6 +-
.../org/apache/cxf/javascript/JavascriptUtils.java | 97 +-
.../org/apache/cxf/javascript/ParticleInfo.java | 2 +-
.../service/ServiceJavascriptBuilder.java | 2 +-
.../javascript/types/SchemaJavascriptBuilder.java | 12 +-
rt/javascript/javascript-tests/pom.xml | 4 +-
.../apache/cxf/javascript/JsHttpRequestTest.java | 11 +-
.../apache/cxf/javascript/JsXMLHttpRequest.java | 5 +-
.../apache/cxf/javascript/QueryHandlerTest.java | 7 +-
.../org/apache/cxf/javascript/fortest/AnyImpl.java | 4 +-
.../apache/cxf/javascript/fortest/TestBean1.java | 8 +-
.../apache/cxf/javascript/fortest/TestBean3.java | 6 +-
rt/javascript/pom.xml | 4 +-
rt/management/pom.xml | 4 +-
.../counters/MessageHandlingTimeRecorder.java | 6 +-
.../management/counters/ResponseTimeCounter.java | 4 +-
.../AbstractMessageResponseTimeInterceptor.java | 20 +-
.../cxf/management/utils/ManagementConsole.java | 4 +-
.../ResponseTimeMessageInInterceptorTest.java | 7 +-
.../cxf/management/jmx/BusRegistrationTest.java | 10 +-
.../cxf/management/jmx/MBServerConnectorTest.java | 7 +-
rt/pom.xml | 4 +-
rt/rs/client/pom.xml | 4 +-
.../apache/cxf/jaxrs/client/AbstractClient.java | 23 +-
.../apache/cxf/jaxrs/client/ClientProperties.java | 6 +-
.../cxf/jaxrs/client/ClientProviderFactory.java | 3 +-
.../apache/cxf/jaxrs/client/ClientProxyImpl.java | 42 +-
.../cxf/jaxrs/client/JAXRSClientFactoryBean.java | 4 +-
.../org/apache/cxf/jaxrs/client/WebClient.java | 27 +-
.../cache/CacheControlClientReaderInterceptor.java | 2 +-
.../jaxrs/client/JAXRSClientFactoryBeanTest.java | 8 +-
.../org/apache/cxf/jaxrs/client/WebClientTest.java | 8 +
.../client/spec/InvocationBuilderImplTest.java | 4 +-
.../pom.xml | 21 +-
.../common/openapi/DefaultApplicationFactory.java | 120 +++
.../common/openapi}/DelegatingServletConfig.java | 12 +-
.../jaxrs/common}/openapi/SwaggerProperties.java | 10 +-
.../common/openapi}/SyntheticServletConfig.java | 12 +-
rt/rs/description-openapi-v3/pom.xml | 9 +-
.../cxf/jaxrs/openapi/DelegatingServletConfig.java | 60 --
.../cxf/jaxrs/openapi/OpenApiCustomizer.java | 4 +-
.../apache/cxf/jaxrs/openapi/OpenApiFeature.java | 53 +-
.../cxf/jaxrs/openapi/ServletConfigProvider.java | 28 +-
.../cxf/jaxrs/openapi/SyntheticServletConfig.java | 60 --
rt/rs/description-swagger-ui/pom.xml | 4 +-
.../jaxrs/swagger/ui/OsgiSwaggerUiResolver.java | 2 +-
rt/rs/description-swagger/pom.xml | 9 +-
.../cxf/jaxrs/swagger/Swagger2Customizer.java | 2 +-
.../apache/cxf/jaxrs/swagger/Swagger2Feature.java | 100 +-
.../openapi/SwaggerToOpenApiConversionFilter.java | 7 +-
.../openapi/SwaggerToOpenApiConversionUtils.java | 2 +-
.../cxf/jaxrs/swagger/parse/SwaggerParseUtils.java | 70 +-
.../jaxrs/swagger/parse/SwaggerParseUtilsTest.java | 6 +
.../swagger2petShopWithNullOperations.json | 742 ++++++++++++++
rt/rs/description/pom.xml | 4 +-
.../apache/cxf/jaxrs/model/wadl/WadlGenerator.java | 70 +-
.../org/apache/cxf/jaxrs/model/wadl/BookStore.java | 2 +-
.../cxf/jaxrs/model/wadl/WadlGeneratorTest.java | 4 +-
rt/rs/extensions/json-basic/pom.xml | 4 +-
rt/rs/extensions/providers/pom.xml | 4 +-
.../cxf/jaxrs/provider/json/JSONProvider.java | 4 +-
.../jaxrs/provider/jsonp/JsonpInInterceptor.java | 2 +-
.../provider/aegis/AegisElementProviderTest.java | 10 +-
.../cxf/jaxrs/provider/json/JSONProviderTest.java | 10 +-
rt/rs/extensions/reactivestreams/pom.xml | 4 +-
.../server/StreamingAsyncSubscriber.java | 43 +-
rt/rs/extensions/reactor/pom.xml | 4 +-
.../jaxrs/reactor/client/ReactorInvokerImpl.java | 7 +-
rt/rs/extensions/rx/pom.xml | 4 +-
rt/rs/extensions/rx2/pom.xml | 4 +-
rt/rs/extensions/search/pom.xml | 10 +-
.../ext/search/AbstractSearchConditionParser.java | 2 +-
.../jaxrs/ext/search/PrimitiveSearchCondition.java | 6 +-
.../apache/cxf/jaxrs/ext/search/SearchUtils.java | 6 +-
.../cxf/jaxrs/ext/search/fiql/FiqlParser.java | 2 +-
.../jaxrs/ext/search/hbase/HBaseQueryVisitor.java | 5 +-
.../search/jpa/AbstractJPATypedQueryVisitor.java | 7 +-
.../jaxrs/ext/search/ldap/LdapQueryVisitor.java | 14 +-
.../ext/search/lucene/LuceneQueryVisitor.java | 7 +-
.../jaxrs/ext/search/sql/SQLPrinterVisitor.java | 24 +-
.../visitor/AbstractSearchConditionVisitor.java | 2 +-
.../cxf/jaxrs/ext/search/fiql/FiqlParserTest.java | 4 +-
.../jpa/AbstractJPATypedQueryVisitorTest.java | 2 +-
.../ext/search/sql/SQLPrinterVisitorTest.java | 9 +-
.../src/test/resources/META-INF/persistence.xml | 4 +-
rt/rs/http-sci/pom.xml | 4 +-
rt/rs/microprofile-client/pom.xml | 9 +-
.../client/CxfTypeSafeClientBuilder.java | 52 +-
.../cxf/microprofile/client/Messages.properties | 5 +-
.../client/MicroProfileClientFactoryBean.java | 21 +-
.../client/MicroProfileClientProviderFactory.java | 6 +
.../client/MicroProfileServiceFactoryBean.java | 39 +-
.../client/cdi/CDIInterceptorWrapperImpl.java | 2 +-
.../microprofile/client/cdi/RestClientBean.java | 164 ++-
.../client/cdi/RestClientExtension.java | 4 +-
.../microprofile/client/config/ConfigFacade.java | 54 +
.../proxy/MPAsyncInvocationInterceptorImpl.java | 2 +-
.../MPAsyncInvocationInterceptorPostAsyncImpl.java | 21 +-
...syncInvocationInterceptorRemoveContextImpl.java | 21 +-
.../client/proxy/MicroProfileClientProxyImpl.java | 31 +-
rt/rs/pom.xml | 5 +-
rt/rs/security/cors/pom.xml | 4 +-
.../cors/CrossOriginResourceSharingFilter.java | 4 +-
rt/rs/security/http-signature/pom.xml | 9 +-
.../httpsignature/HTTPSignatureConstants.java | 59 ++
.../rs/security/httpsignature/MessageSigner.java | 55 +-
.../rs/security/httpsignature/MessageVerifier.java | 108 +-
.../security/httpsignature/SignatureValidator.java | 7 +-
.../httpsignature/TomitribeSignatureCreator.java | 55 +-
.../httpsignature/TomitribeSignatureValidator.java | 26 +-
.../filters/AbstractSignatureInFilter.java | 157 +++
.../filters/AbstractSignatureOutFilter.java | 141 +++
.../filters/CreateSignatureClientFilter.java | 113 ---
.../filters/CreateSignatureFilter.java | 98 --
.../filters/CreateSignatureInterceptor.java | 170 ++++
.../filters/VerifyDigestInterceptor.java | 102 --
.../filters/VerifySignatureClientFilter.java | 54 +
.../filters/VerifySignatureFilter.java | 70 +-
.../httpsignature/provider/KeyProvider.java | 13 +-
.../httpsignature/provider/PublicKeyProvider.java | 3 +-
.../httpsignature/utils/KeyManagementUtils.java | 252 +++++
.../httpsignature/utils/SignatureHeaderUtils.java | 40 +-
.../security/httpsignature/DigestVerifierTest.java | 2 +-
.../httpsignature/MessageVerifierTest.java | 191 +++-
.../security/httpsignature/SpecExamplesTest.java | 168 +++
.../provider/MockSecurityProvider.java | 2 +
.../utils/SignatureHeaderUtilsTest.java | 62 ++
.../src/test/resources/private_key.der | Bin 0 -> 636 bytes
.../http-signature/src/test/resources/public.key | 6 +
.../src/test/resources/public_key.der | Bin 0 -> 162 bytes
rt/rs/security/jcs-parent/jcs/pom.xml | 4 +-
rt/rs/security/jcs-parent/pom.xml | 4 +-
rt/rs/security/jose-parent/jose-jaxrs/pom.xml | 4 +-
.../jose/jaxrs/AbstractJweDecryptingFilter.java | 7 +-
.../jaxrs/AbstractJweJsonDecryptingFilter.java | 7 +-
.../jose/jaxrs/AbstractJweJsonWriterProvider.java | 2 +-
.../cxf/rs/security/jose/jaxrs/JoseJaxrsUtils.java | 20 +-
.../jose/jaxrs/JweClientResponseFilter.java | 16 +-
.../jose/jaxrs/JweContainerRequestFilter.java | 7 +-
.../jose/jaxrs/JweJsonClientResponseFilter.java | 13 +-
.../jose/jaxrs/JweJsonContainerRequestFilter.java | 7 +-
.../jose/jaxrs/JwsClientResponseFilter.java | 17 +-
.../jose/jaxrs/JwsContainerRequestFilter.java | 7 +-
.../jose/jaxrs/JwsJsonClientResponseFilter.java | 14 +-
.../jose/jaxrs/JwsJsonContainerRequestFilter.java | 7 +-
.../jose/jaxrs/JwsJsonWriterInterceptor.java | 2 +-
rt/rs/security/jose-parent/jose/pom.xml | 4 +-
.../cxf/rs/security/jose/common/JoseConstants.java | 66 +-
.../cxf/rs/security/jose/common/JoseUtils.java | 31 +-
.../security/jose/common/KeyManagementUtils.java | 1 +
.../jose/common/PrivateKeyPasswordProvider.java | 6 +-
.../cxf/rs/security/jose/jwa/AlgorithmUtils.java | 83 +-
.../security/jose/jwe/AbstractJweEncryption.java | 2 +-
.../cxf/rs/security/jose/jwe/JweJsonConsumer.java | 4 +-
.../apache/cxf/rs/security/jose/jwe/JweUtils.java | 6 +-
.../apache/cxf/rs/security/jose/jwk/JwkUtils.java | 2 +-
.../cxf/rs/security/jose/jws/JwsJsonProducer.java | 16 +-
.../security/jose/jws/JwsJsonSignatureEntry.java | 16 +-
.../jose/cookbook/JwsJoseCookBookTest.java | 2 +-
.../jose/jws/JwsCompactReaderWriterTest.java | 4 +-
rt/rs/security/jose-parent/pom.xml | 4 +-
rt/rs/security/oauth-parent/oauth/pom.xml | 4 +-
.../rs/security/oauth/client/OAuthClientUtils.java | 2 +-
.../security/oauth/filters/AbstractAuthFilter.java | 4 +-
.../services/AuthorizationRequestHandler.java | 2 +-
.../cxf/rs/security/oauth/utils/OAuthUtils.java | 2 +-
rt/rs/security/oauth-parent/oauth2-saml/pom.xml | 4 +-
rt/rs/security/oauth-parent/oauth2/pom.xml | 11 +-
.../oauth2/client/HttpRequestProperties.java | 1 +
.../security/oauth2/client/OAuthClientUtils.java | 28 +-
.../filters/AccessTokenIntrospectionClient.java | 5 +-
.../oauth2/filters/JwtAccessTokenValidator.java | 5 +-
.../security/oauth2/filters/OAuthScopesFilter.java | 9 +-
.../oauth2/grants/code/JCacheCodeDataProvider.java | 8 +-
.../oauth2/grants/code/JPACodeDataProvider.java | 4 +-
.../oauth2/provider/AbstractOAuthDataProvider.java | 17 +-
.../oauth2/provider/JCacheOAuthDataProvider.java | 16 +-
.../oauth2/provider/JPAOAuthDataProvider.java | 72 +-
.../oauth2/provider/OAuthJSONProvider.java | 71 +-
.../services/AbstractImplicitGrantService.java | 28 +-
.../oauth2/services/AccessTokenService.java | 2 +-
.../services/ImplicitConfidentialGrantService.java | 2 +-
.../services/RedirectionBasedGrantService.java | 4 +-
.../tokens/hawk/HawkAuthorizationScheme.java | 6 +-
.../security/oauth2/tokens/hawk/HmacAlgorithm.java | 11 +-
.../security/oauth2/utils/AuthorizationUtils.java | 14 +-
.../cxf/rs/security/oauth2/utils/OAuthUtils.java | 2 +-
.../utils/crypto/ModelEncryptionSupport.java | 18 +-
.../oauth2/client/OAuthClientUtilsTest.java | 78 ++
.../grants/code/JPACodeDataProviderTest.java | 2 +-
.../provider/AbstractOAuthDataProviderTest.java | 25 +-
.../oauth2/provider/JPAOAuthDataProviderTest.java | 35 +-
.../oauth2/utils/AuthorizationUtilsTest.java | 44 +-
.../rs/security/oauth2/utils/OAuthUtilsTest.java | 2 +-
.../src/test/resources/META-INF/persistence.xml | 4 +-
.../oauth2/grants/code/JPACMTCodeDataProvider.xml | 4 +-
rt/rs/security/oauth-parent/pom.xml | 4 +-
rt/rs/security/pom.xml | 4 +-
rt/rs/security/sso/oidc/pom.xml | 10 +-
.../rs/security/oidc/idp/OidcHybridService.java | 4 +-
.../rs/security/oidc/idp/OidcImplicitService.java | 2 +-
.../security/oidc/idp/JPAOidcUserSubjectTest.java | 2 +-
.../src/test/resources/META-INF/persistence.xml | 4 +-
.../oidc/idp/JPAOidcUserSubjectCMTTest.xml | 2 +-
rt/rs/security/sso/saml/pom.xml | 4 +-
rt/rs/security/xml/pom.xml | 4 +-
.../cxf/rs/security/common/RSSecurityUtils.java | 9 +-
.../org/apache/cxf/rs/security/saml/SAMLUtils.java | 4 +-
.../rs/security/saml/SamlHeaderOutInterceptor.java | 2 +-
.../cxf/rs/security/xml/XmlSecOutInterceptor.java | 6 +-
.../cxf/rs/security/xml/XmlSigOutInterceptor.java | 6 +-
rt/rs/sse/pom.xml | 4 +-
.../cxf/jaxrs/sse/SseEventSinkContextProvider.java | 10 +-
.../org/apache/cxf/jaxrs/sse/SseEventSinkImpl.java | 35 +-
.../cxf/jaxrs/sse/OutboundSseEventImplTest.java | 21 +-
.../jaxrs/sse/SseEventSinkContextProviderTest.java | 127 +++
rt/security-saml/pom.xml | 4 +-
.../saml/xacml2/DefaultXACMLRequestBuilder.java | 11 +-
rt/security/pom.xml | 4 +-
.../apache/cxf/rt/security/SecurityConstants.java | 20 +-
.../org/apache/cxf/rt/security/claims/Claim.java | 8 +-
.../interceptor/ClaimsAuthorizingInterceptor.java | 17 +-
.../rt/security/rs/PrivateKeyPasswordProvider.java | 10 +-
.../cxf/rt/security/rs/RSSecurityConstants.java | 95 ++
.../ClaimsAuthorizingInterceptorTest.java | 2 +-
rt/transports/http-hc/pom.xml | 4 +-
.../http/asyncclient/AsyncHTTPConduit.java | 8 +-
.../http/asyncclient/AsyncHTTPConduitTest.java | 8 +-
rt/transports/http-jetty/pom.xml | 4 +-
.../http_jetty/JettyHTTPServerEngine.java | 4 +-
.../JettyHTTPServerEngineFactoryHolder.java | 20 +-
.../http_jetty/spring/ApplicationContextTest.java | 10 +-
rt/transports/http-netty/netty-client/pom.xml | 4 +-
rt/transports/http-netty/netty-server/pom.xml | 4 +-
.../server/NettyHttpServletPipelineFactory.java | 2 +-
.../server/spring/ApplicationContextTest.java | 9 +-
rt/transports/http-undertow/pom.xml | 4 +-
.../http_undertow/UndertowHTTPHandler.java | 15 +-
.../http_undertow/UndertowHTTPServerEngine.java | 3 +-
.../UndertowHTTPServerEngineFactoryHolder.java | 24 +-
.../http_undertow/UndertowHTTPTestHandler.java | 2 +-
.../spring/ApplicationContextTest.java | 11 +-
rt/transports/http/pom.xml | 4 +-
.../transport/http/AbstractHTTPDestination.java | 4 +-
.../java/org/apache/cxf/transport/http/Cookie.java | 4 +-
.../org/apache/cxf/transport/http/HTTPConduit.java | 6 +-
.../org/apache/cxf/transport/http/Headers.java | 2 +-
.../cxf/transport/http/auth/HttpAuthHeader.java | 10 +-
.../http/policy/impl/ClientPolicyCalculator.java | 2 +-
.../http/policy/impl/ServerPolicyCalculator.java | 2 +-
.../transport/https/HttpsURLConnectionFactory.java | 3 -
.../cxf/transport/servlet/AbstractHTTPServlet.java | 2 +-
.../servlet/ServletContextResourceResolver.java | 5 +-
.../cxf/transport/servlet/ServletDestination.java | 2 +-
.../servicelist/FormattedServiceListWriter.java | 53 +-
.../servicelist/UnformattedServiceListWriter.java | 6 +-
.../http/policy/ClientPolicyCalculatorTest.java | 11 +-
.../policy/HTTPClientAssertionBuilderTest.java | 7 +-
.../policy/HTTPServerAssertionBuilderTest.java | 7 +-
.../http/policy/ServerPolicyCalculatorTest.java | 9 +-
.../cxf/transport/https/CertConstraintsTest.java | 5 +-
.../httpclient/DefaultHostnameVerifierTest.java | 2 +-
.../transport/servlet/ServletControllerTest.java | 4 +-
rt/transports/jms/pom.xml | 4 +-
.../apache/cxf/transport/jms/uri/JMSEndpoint.java | 6 +-
.../apache/cxf/transport/jms/uri/JMSURIParser.java | 2 +-
.../org/apache/cxf/transport/jms/util/JMSUtil.java | 1 +
.../cxf/transport/jms/uri/JMSEndpointTest.java | 2 +-
.../transport/jms/util/MessageListenerTest.java | 106 +-
rt/transports/jms/src/test/resources/jms_test.wsdl | 4 +-
rt/transports/local/pom.xml | 4 +-
rt/transports/pom.xml | 4 +-
rt/transports/udp/pom.xml | 4 +-
rt/transports/websocket/pom.xml | 4 +-
.../websocket/ahc/AhcWebSocketConduit.java | 2 +-
.../atmosphere/DefaultProtocolInterceptor.java | 2 +-
.../websocket/jetty/JettyWebSocketHandler.java | 2 +-
.../jetty/WebSocketVirtualServletRequest.java | 4 +-
.../undertow/WebSocketUndertowServletRequest.java | 4 +-
rt/ws/addr/pom.xml | 4 +-
rt/ws/eventing/pom.xml | 4 +-
rt/ws/mex/pom.xml | 4 +-
rt/ws/policy/pom.xml | 4 +-
.../org/apache/cxf/ws/policy/AssertionInfoMap.java | 2 +-
.../cxf/ws/policy/PolicyAnnotationListener.java | 8 +-
.../org/apache/cxf/ws/policy/PolicyEngineImpl.java | 2 +-
.../java/org/apache/cxf/ws/policy/PolicyUtils.java | 4 +-
.../policy/AssertionBuilderRegistryImplTest.java | 5 +-
.../apache/cxf/ws/policy/AssertionInfoMapTest.java | 5 +-
.../cxf/ws/policy/EndpointPolicyImplTest.java | 2 +-
.../org/apache/cxf/ws/policy/PolicyEngineTest.java | 5 +-
.../EndpointReferenceDomainExpressionTest.java | 13 +-
.../attachment/external/PolicyAttachmentTest.java | 13 +-
.../wsdl11/Wsdl11AttachmentPolicyProviderTest.java | 35 +-
.../ws/policy/builder/jaxb/JaxbAssertionTest.java | 17 +-
rt/ws/pom.xml | 4 +-
rt/ws/rm/pom.xml | 4 +-
.../org/apache/cxf/ws/rm/DestinationSequence.java | 10 +-
.../main/java/org/apache/cxf/ws/rm/RMManager.java | 8 +-
.../main/java/org/apache/cxf/ws/rm/RMUtils.java | 2 +-
.../java/org/apache/cxf/ws/rm/SequenceMonitor.java | 25 +-
.../java/org/apache/cxf/ws/rm/SourceSequence.java | 2 +-
.../cxf/ws/rm/persistence/jdbc/RMTxStore.java | 4 +-
.../apache/cxf/ws/rm/soap/RedeliveryQueueImpl.java | 4 +-
.../cxf/ws/rm/soap/RetransmissionQueueImpl.java | 2 +-
.../cxf/ws/rm/AbstractRMInterceptorTest.java | 8 +-
.../org/apache/cxf/ws/rm/AbstractSequenceTest.java | 7 +-
.../apache/cxf/ws/rm/DestinationSequenceTest.java | 70 +-
.../org/apache/cxf/ws/rm/RMContextUtilsTest.java | 11 +-
.../java/org/apache/cxf/ws/rm/RMEndpointTest.java | 11 +-
.../org/apache/cxf/ws/rm/RMInInterceptorTest.java | 8 +-
.../java/org/apache/cxf/ws/rm/RMManagerTest.java | 6 +-
.../org/apache/cxf/ws/rm/RMOutInterceptorTest.java | 5 +-
.../org/apache/cxf/ws/rm/SourceSequenceTest.java | 36 +-
.../apache/cxf/ws/rm/policy/PolicyUtilsTest.java | 4 +-
.../cxf/ws/rm/soap/RMSoapOutInterceptorTest.java | 6 +-
.../ws/rm/soap/RetransmissionQueueImplTest.java | 16 +-
rt/ws/security/pom.xml | 4 +-
.../KerberosTokenInterceptorProvider.java | 3 +-
.../security/policy/interceptors/STSInvoker.java | 2 +-
.../SecureConversationInInterceptor.java | 5 +-
.../SpnegoContextTokenInInterceptor.java | 2 +-
.../SpnegoContextTokenOutInterceptor.java | 12 +-
.../ws/security/tokenstore/MemoryTokenStore.java | 10 +-
.../cxf/ws/security/trust/STSLoginModule.java | 11 +-
.../cxf/ws/security/trust/STSTokenRetriever.java | 2 +-
.../security/wss4j/AbstractWSS4JInterceptor.java | 10 +
.../wss4j/AbstractWSS4JStaxInterceptor.java | 64 +-
.../security/wss4j/AttachmentCallbackHandler.java | 6 +-
.../cxf/ws/security/wss4j/CryptoCoverageUtil.java | 12 +-
.../wss4j/PolicyBasedWSS4JInInterceptor.java | 83 +-
.../wss4j/PolicyBasedWSS4JStaxInInterceptor.java | 4 +-
.../ws/security/wss4j/SamlTokenInterceptor.java | 9 +-
.../cxf/ws/security/wss4j/StaxSerializer.java | 8 +-
.../security/wss4j/UsernameTokenInterceptor.java | 20 +-
.../cxf/ws/security/wss4j/WSS4JInInterceptor.java | 43 +-
.../policyhandlers/AbstractBindingBuilder.java | 26 +-
.../policyhandlers/AsymmetricBindingHandler.java | 12 +-
.../StaxAsymmetricBindingHandler.java | 7 +-
.../StaxSymmetricBindingHandler.java | 22 +-
.../policyhandlers/TransportBindingHandler.java | 12 +-
.../AbstractSupportingTokenPolicyValidator.java | 28 +-
.../AlgorithmSuitePolicyValidator.java | 2 +-
.../AsymmetricBindingPolicyValidator.java | 14 +-
.../policyvalidators/LayoutPolicyValidator.java | 2 +-
.../RequiredElementsPolicyValidator.java | 20 +-
.../policyvalidators/SamlTokenPolicyValidator.java | 3 +-
.../SecuredElementsPolicyValidator.java | 20 +-
.../SecuredPartsPolicyValidator.java | 14 +-
.../apache/cxf/ws/security/sts/STSClientTest.java | 6 +-
.../security/wss4j/AbstractPolicySecurityTest.java | 12 +-
.../ws/security/wss4j/AbstractSecurityTest.java | 30 +-
.../wss4j/PluggablePolicyValidatorTest.java | 11 +
.../security/wss4j/PolicyBasedWss4JInOutTest.java | 3 +-
.../security/wss4j/SignatureConfirmationTest.java | 6 +-
.../ws/security/wss4j/StaxToDOMRoundTripTest.java | 4 -
.../cxf/ws/security/wss4j/WSS4JFaultCodeTest.java | 7 +-
.../security/wss4j/saml/PolicyBasedSamlTest.java | 13 +
.../ws/security/wss4j/saml/StaxToDOMSamlTest.java | 2 -
rt/ws/transfer/pom.xml | 4 +-
.../transfer/dialect/fragment/FragmentDialect.java | 4 +-
rt/wsdl/pom.xml | 4 +-
.../main/java/org/apache/cxf/wsdl/WSDLHelper.java | 9 -
.../factory/ReflectionServiceFactoryBean.java | 19 +-
.../apache/cxf/wsdl11/ServiceWSDLBuilderTest.java | 4 +-
services/pom.xml | 4 +-
services/sts/pom.xml | 4 +-
services/sts/sts-core/pom.xml | 10 +-
.../apache/cxf/sts/cache/EHCacheIdentityCache.java | 4 +-
.../apache/cxf/sts/cache/MemoryIdentityCache.java | 4 +-
.../sts/cache/MemoryIdentityCacheStatistics.java | 2 +-
.../claims/ClaimsAttributeStatementProvider.java | 4 +-
.../CombinedClaimsAttributeStatementProvider.java | 4 +-
.../cxf/sts/claims/LdapGroupClaimsHandler.java | 2 +-
.../org/apache/cxf/sts/claims/ProcessedClaim.java | 6 +-
.../apache/cxf/sts/claims/mapper/ClaimUtils.java | 4 +-
.../cxf/sts/event/LoggerPatternLayoutLog4J.java | 2 +-
.../cxf/sts/event/LoggerPatternLayoutLogback.java | 2 +-
.../apache/cxf/sts/event/map/MapEventLogger.java | 4 +-
.../sts/token/provider/SymmetricKeyHandler.java | 4 +-
.../cxf/sts/token/realm/RelationshipResolver.java | 2 +-
.../sts/claims/mapper/JexlIssueSamlClaimsTest.java | 2 +-
.../apache/cxf/sts/common/CustomClaimsHandler.java | 2 +-
.../java/org/apache/cxf/sts/common/TestUtils.java | 51 -
.../cxf/sts/operation/IssueEncryptedUnitTest.java | 22 +-
.../cxf/sts/operation/IssueJWTClaimsUnitTest.java | 3 +-
.../sts/operation/IssueJWTOnbehalfofUnitTest.java | 7 +-
.../cxf/sts/operation/IssueJWTRealmUnitTest.java | 9 +-
.../apache/cxf/sts/operation/IssueJWTUnitTest.java | 3 +-
.../cxf/sts/operation/IssueOnbehalfofUnitTest.java | 21 +-
.../apache/cxf/sts/operation/IssueSCTUnitTest.java | 10 +-
.../cxf/sts/operation/IssueSamlClaimsUnitTest.java | 3 +-
.../cxf/sts/operation/IssueSamlRealmUnitTest.java | 14 +-
.../cxf/sts/operation/IssueSamlUnitTest.java | 40 +-
.../apache/cxf/sts/operation/IssueUnitTest.java | 18 +-
.../apache/cxf/sts/operation/ValidateUnitTest.java | 2 +-
.../sts/token/provider/JWTTokenProviderTest.java | 4 +-
.../cxf/sts/token/provider/SAMLClaimsTest.java | 10 +-
.../token/provider/SAMLProviderKeyTypeTest.java | 6 +-
.../sts/token/provider/SAMLProviderRealmTest.java | 36 +-
.../token/renewer/SAMLTokenRenewerRealmTest.java | 5 +-
.../validator/JWTTokenValidatorRealmTest.java | 5 +-
.../sts/token/validator/JWTTokenValidatorTest.java | 3 +-
.../SAMLTokenValidatorCachedRealmTest.java | 3 +-
.../validator/SAMLTokenValidatorRealmTest.java | 5 +-
.../token/validator/SAMLTokenValidatorTest.java | 4 +-
.../cxf/sts/token/validator/SCTValidatorTest.java | 7 +-
services/sts/systests/advanced/pom.xml | 4 +-
.../cxf/systest/sts/batch/SAMLBatchUnitTest.java | 9 +-
.../systest/sts/custom/CustomClaimsHandler.java | 6 +-
.../CustomAttributeStatementProvider.java | 4 +-
.../sts/deployment/CustomClaimsHandler.java | 6 +-
.../cxf/systest/sts/renew/SAMLRenewUnitTest.java | 5 +-
services/sts/systests/basic/pom.xml | 4 +-
.../systest/sts/delegation/SAMLDelegationTest.java | 9 +-
.../sts/deployment/CustomClaimsHandler.java | 6 +-
.../cxf/systest/sts/issueunit/IssueUnitTest.java | 19 +-
services/sts/systests/pom.xml | 4 +-
services/sts/systests/sts-features/pom.xml | 4 +-
services/sts/systests/sts-itests/pom.xml | 4 +-
.../sts/itests/BasicSTSIntegrationTest.java | 14 +-
.../cxf/systest/sts/itests/unit/STSUnitTest.java | 46 +-
services/sts/systests/sts-osgi/pom.xml | 4 +-
services/ws-discovery/pom.xml | 4 +-
services/ws-discovery/ws-discovery-api/pom.xml | 4 +-
.../apache/cxf/ws/discovery/WSDiscoveryClient.java | 4 +-
services/ws-discovery/ws-discovery-service/pom.xml | 4 +-
services/wsn/pom.xml | 4 +-
services/wsn/wsn-api/pom.xml | 4 +-
services/wsn/wsn-core/pom.xml | 4 +-
.../java/org/apache/cxf/wsn/AbstractPublisher.java | 3 +-
.../cxf/wsn/services/JaxwsEndpointManager.java | 14 +-
services/wsn/wsn-osgi/pom.xml | 4 +-
services/xkms/pom.xml | 4 +-
services/xkms/xkms-client/pom.xml | 4 +-
services/xkms/xkms-common/pom.xml | 4 +-
services/xkms/xkms-features/pom.xml | 4 +-
services/xkms/xkms-itests/pom.xml | 4 +-
.../cxf/xkms/itests/BasicIntegrationTest.java | 12 +-
services/xkms/xkms-osgi/pom.xml | 4 +-
services/xkms/xkms-service/pom.xml | 4 +-
services/xkms/xkms-war/pom.xml | 4 +-
services/xkms/xkms-x509-handlers/pom.xml | 4 +-
.../xkms/x509/repo/file/FileCertificateRepo.java | 23 +-
.../org/apache/cxf/xkms/x509/utils/X509Utils.java | 11 -
.../xkms/x509/validator/ValidateRequestParser.java | 2 +-
.../x509/repo/file/FileCertificateRepoTest.java | 80 +-
services/xkms/xkms-x509-repo-ldap/pom.xml | 4 +-
.../xkms/x509/repo/ldap/LdapCertificateRepo.java | 26 +-
.../apache/cxf/xkms/x509/repo/ldap/LdapSearch.java | 4 +-
.../x509/repo/ldap/LDAPCertificateRepoTest.java | 150 ---
.../cxf/xkms/x509/repo/ldap/LDAPSearchTest.java | 51 -
systests/cdi/base/pom.xml | 2 +-
systests/cdi/cdi-owb/cdi-multiple-apps-owb/pom.xml | 4 +-
systests/cdi/cdi-owb/cdi-no-apps-owb/pom.xml | 4 +-
systests/cdi/cdi-owb/cdi-producers-owb/pom.xml | 4 +-
systests/cdi/cdi-owb/pom.xml | 4 +-
.../cdi/cdi-weld/cdi-multiple-apps-weld/pom.xml | 4 +-
systests/cdi/cdi-weld/cdi-no-apps-weld/pom.xml | 4 +-
systests/cdi/cdi-weld/cdi-producers-weld/pom.xml | 4 +-
systests/cdi/cdi-weld/pom.xml | 4 +-
systests/cdi/pom.xml | 4 +-
systests/container-integration/grizzly/pom.xml | 4 +-
systests/container-integration/pom.xml | 4 +-
systests/container-integration/webapp/pom.xml | 2 +-
systests/databinding/pom.xml | 4 +-
.../cxf/systest/aegis/AegisClientServerTest.java | 4 -
.../apache/cxf/systest/aegis/AegisJaxWsImpl.java | 13 +-
.../apache/cxf/systest/aegis/mtom/MtomTest.java | 6 +-
.../cxf/systest/jaxb/model/ExtendedWidget.java | 5 +-
.../org/apache/cxf/systest/jaxb/model/Widget.java | 12 +-
.../apache/cxf/systest/jaxb/service/ErrorData.java | 2 +-
systests/jaxrs/pom.xml | 22 +-
.../cxf/systest/jaxrs/AbstractSpringServer.java | 19 +-
.../apache/cxf/systest/jaxrs/AtomBookServer.java | 46 +-
.../cxf/systest/jaxrs/BookDataBindingServer.java | 46 +-
.../cxf/systest/jaxrs/BookServerProxySpring.java | 46 +-
.../systest/jaxrs/BookServerRequestDispatch.java | 46 +-
.../jaxrs/BookServerResourceCreatedSpring.java | 47 +-
.../BookServerResourceCreatedSpringProviders.java | 48 +-
.../BookServerResourceJacksonSpringProviders.java | 47 +-
.../cxf/systest/jaxrs/BookServerRestSoap.java | 46 +-
.../cxf/systest/jaxrs/BookServerServletFilter.java | 47 +-
.../apache/cxf/systest/jaxrs/BookServerSpring.java | 46 +-
.../org/apache/cxf/systest/jaxrs/BookStore.java | 55 +-
.../java/org/apache/cxf/systest/jaxrs/Chapter.java | 2 +-
.../systest/jaxrs/CustomOutFaultInterceptor.java | 7 +-
.../cxf/systest/jaxrs/GenericBookStoreSpring2.java | 2 +-
.../cxf/systest/jaxrs/GenericRestServiceImpl.java | 13 +-
.../org/apache/cxf/systest/jaxrs/IRestService.java | 6 +-
.../systest/jaxrs/JAXRSClientServerBookTest.java | 184 +++-
...entServerResourceJacksonSpringProviderTest.java | 4 +-
.../jaxrs/JAXRSClientServerSpringBookTest.java | 2 +-
.../jaxrs/JAXRSContinuationsServlet3Test.java | 13 +-
.../cxf/systest/jaxrs/JAXRSLocalTransportTest.java | 5 -
.../cxf/systest/jaxrs/JAXRSMultipartTest.java | 20 +-
.../cxf/systest/jaxrs/JAXRSSoapBookTest.java | 23 +-
.../cxf/systest/jaxrs/JAXRSUriInfoMatchTest.java | 2 +-
.../apache/cxf/systest/jaxrs/JAXRSUriInfoTest.java | 2 +-
.../systest/jaxrs/cors/CrossOriginSimpleTest.java | 10 +-
.../systest/jaxrs/description/Swagger2Server.java | 45 +-
.../jaxrs/description/openapi/OpenApiServer.java | 46 +-
.../jaxrs/failover/AbstractFailoverTest.java | 8 +-
.../cxf/systest/jaxrs/nio/NioBookStoreServer.java | 45 +-
.../jaxrs/reactive/CompletableFutureServer.java | 1 +
.../jaxrs/reactive/CompletableFutureService.java | 70 ++
.../jaxrs/reactive/JAXRSCompletionStageTest.java | 83 ++
.../systest/jaxrs/reactive/MappedException.java} | 22 +-
.../jaxrs/reactive/MappedExceptionMapper.java} | 17 +-
.../cxf/systest/jaxrs/reactor/FluxReactorTest.java | 152 ++-
.../cxf/systest/jaxrs/reactor/FluxService.java | 48 +
.../reactor/IllegalArgumentExceptionMapper.java} | 17 +-
.../cxf/systest/jaxrs/reactor/MonoReactorTest.java | 44 +-
.../cxf/systest/jaxrs/reactor/MonoService.java | 2 +-
.../cxf/systest/jaxrs/reactor/ReactorServer.java | 1 +
.../jaxrs/security/AbstractSpringSecurityTest.java | 49 +-
.../JAXRSJaasConfigurationSecurityTest.java | 3 +-
.../jaxrs/security/JAXRSJaasSecurityTest.java | 3 +-
.../jaxrs/websocket/WebSocketTestClient.java | 2 +-
.../jaxrs/src/test/resources/jaxrs/WEB-INF/web.xml | 5 +-
.../src/test/resources/jaxrs_async/WEB-INF/web.xml | 5 +-
.../src/test/resources/jaxrs_atom/WEB-INF/web.xml | 5 +-
.../src/test/resources/jaxrs_cors/WEB-INF/web.xml | 5 +-
.../resources/jaxrs_databinding/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_dispatch/WEB-INF/web.xml | 5 +-
.../jaxrs_dispatch_simple/WEB-INF/web.xml | 5 +-
.../resources/jaxrs_jaas_security/WEB-INF/web.xml | 5 +-
.../jaxrs_jackson_provider/WEB-INF/web.xml | 5 +-
.../jaxrs_many_destinations/WEB-INF/web.xml | 5 +-
.../src/test/resources/jaxrs_nio/WEB-INF/web.xml | 5 +-
.../resources/jaxrs_non_spring/WEB-INF/web.xml | 5 +-
.../src/test/resources/jaxrs_proxy/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_security/WEB-INF/web.xml | 5 +-
.../resources/jaxrs_security_cglib/WEB-INF/web.xml | 5 +-
.../jaxrs_security_no_annotations/WEB-INF/web.xml | 5 +-
.../jaxrs_simple_security/WEB-INF/web.xml | 5 +-
.../resources/jaxrs_soap_blueprint/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_soap_rest/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_spring/WEB-INF/web.xml | 5 +-
.../jaxrs_spring_providers/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_swagger2/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_unicode/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_uriinfo/WEB-INF/web.xml | 5 +-
.../resources/jaxrs_uriinfo_match/WEB-INF/web.xml | 5 +-
.../test/resources/jaxrs_websocket/WEB-INF/web.xml | 5 +-
.../cxf/systest/jaxrs/failover/cxf-client.xml | 2 -
.../org/apache/cxf/systest/servlet/web-jaxrs.xml | 5 +-
.../resources/servlet_as_filter/WEB-INF/web.xml | 5 +-
systests/jaxws/pom.xml | 4 +-
.../systest/dispatch/DispatchClientServerTest.java | 8 +-
.../org/apache/cxf/systest/jaxws/CXF5061Test.java | 4 -
.../jaxws/{CXF5061Test.java => CXF7990Test.java} | 44 +-
.../cxf/systest/jaxws/ClientServerMiscTest.java | 6 +-
.../jaxws/DocLitWrappedCodeFirstService.java | 3 +-
.../jaxws/DocLitWrappedCodeFirstServiceImpl.java | 6 +-
.../DocLitWrappedCodeFirstServiceMissingOps.java | 4 +-
.../org/apache/cxf/systest/jaxws/EchoService.java} | 12 +-
.../apache/cxf/systest/jaxws/EchoServiceImpl.java | 63 ++
.../cxf/systest/jaxws/JaxWsClientThreadTest.java | 26 +-
.../cxf/systest/jaxws/JaxWsDynamicClientTest.java | 9 -
.../cxf/systest/jaxws/LocatorClientServerTest.java | 2 +-
.../apache/cxf/systest/jaxws/OASISCatalogTest.java | 16 +-
.../cxf/systest/jaxws/RpcLitCodeFirstService.java | 3 +-
.../systest/jaxws/RpcLitCodeFirstServiceImpl.java | 6 +-
.../JavaFirstSchemaValidationTest.java | 6 +-
systests/kerberos/pom.xml | 5 +-
.../common/KerberosClientPasswordCallback.java | 35 +-
.../common/KerberosServicePasswordCallback.java | 21 +-
.../systest/kerberos/common/SecurityTestUtil.java | 2 +-
.../kerberos/jaxrs/kerberos/BookStoreImpl.java | 4 -
.../kerberos/wssec/kerberos/KerberosTokenTest.java | 55 +-
systests/kerberos/src/test/resources/kerberos.jaas | 8 +
.../kerberos/wssec/kerberos/DoubleItKerberos.wsdl | 3 +
.../cxf/systest/kerberos/wssec/kerberos/client.xml | 14 +
.../cxf/systest/kerberos/wssec/kerberos/server.xml | 20 +
systests/ldap/pom.xml | 10 +-
.../cxf/systest/ldap/jaxrs/JAXRSLDAPUserTest.java | 2 +-
.../cxf/systest/ldap/sts/LDAPClaimsTest.java | 10 +-
.../systest/ldap/xkms/LDAPCertificateRepoTest.java | 151 +++
systests/ldap/src/test/resources/ldap.ldif | 5 +
.../org/apache/cxf/systest/ldap/xkms}/cert1.cer | 0
systests/microprofile/client/async/pom.xml | 23 +-
systests/microprofile/client/jaxrs/pom.xml | 47 +-
.../client/ReturnAllOutboundHeadersFilter.java | 2 +-
.../microprofile/client/{jaxrs => tracing}/pom.xml | 102 +-
.../microprofile/rest/client/tracing/Book.java} | 36 +-
.../rest/client/tracing/BookRestClient.java} | 21 +-
.../rest/client/tracing}/BookStore.java | 53 +-
.../client/tracing/brave/BraveTracingTest.java | 190 ++++
.../client/tracing/brave/TestSpanReporter.java | 27 +-
systests/microprofile/client/weld/pom.xml | 4 +-
systests/microprofile/client/weld/testng.xml | 3 +-
systests/microprofile/pom.xml | 74 +-
systests/pom.xml | 4 +-
systests/rs-http-sci/pom.xml | 4 +-
systests/rs-security/pom.xml | 10 +-
.../cxf/systest/jaxrs/security/BookStore.java | 7 +
.../systest/jaxrs/security/SecurityTestUtil.java | 2 +-
.../httpsignature/CustomPublicKeyProvider.java | 37 +-
.../httpsignature/JAXRSHTTPSignatureTest.java | 1072 +++++++++++++++++++-
...ider.java => PrivateKeyProviderTestHelper.java} | 29 +-
.../jose/jwejws/BookServerHTTPHeaders.java} | 33 +-
...java => EncrSignJweContainerRequestFilter.java} | 25 +-
...java => EncrSignJwsContainerRequestFilter.java} | 25 +-
.../security/jose/jwejws/JAXRSJweJwsTest.java | 46 +-
.../security/jose/jwejws/JwsHTTPHeaderTest.java | 268 +++++
.../jwejws/PrivateKeyPasswordProviderImpl.java | 2 +-
.../jose/jwt/PrivateKeyPasswordProviderImpl.java | 2 +-
.../oauth2/common/JCacheOAuthDataProviderImpl.java | 2 +
.../oauth2/grants/AuthorizationGrantTest.java | 2 +
.../oauth2/grants/IntrospectionServiceTest.java | 13 +-
.../saml/CustomSecurityContextProvider.java | 2 +-
.../jaxrs/security/xml/JAXRSXmlSecTest.java | 43 +
.../src/test/resources/META-INF/persistence.xml | 4 +-
.../cxf/systest/jaxrs/oauth/server/WEB-INF/web.xml | 6 +-
.../httpsignature/alice.httpsig.properties | 22 +
.../security/httpsignature/bob.httpsig.properties | 22 +
.../jaxrs/security/httpsignature/client.xml | 11 -
.../jaxrs/security/httpsignature/server.xml | 116 ++-
.../security/jose/jwejws/http-headers-server.xml | 79 ++
.../systest/jaxrs/security/jose/jwejws/server.xml | 17 +
.../oauth2/grants/grants-negative-server-jpa.xml | 2 +-
.../security/oauth2/grants/grants-server-jpa.xml | 2 +-
.../oauth2/grants/introspection-server-jpa.xml | 2 +-
.../jaxrs/security/oauth2/grants/server-jpa.xml | 2 +-
.../security/oidc/oidc-negative-server-jpa.xml | 2 +-
.../jaxrs/security/oidc/oidc-server-jpa.xml | 2 +-
.../jaxrs/security/oidc/userinfo-server-jpa.xml | 2 +-
systests/rs-sse/pom.xml | 4 +-
systests/rs-sse/rs-sse-base/pom.xml | 4 +-
systests/rs-sse/rs-sse-jetty/pom.xml | 4 +-
systests/rs-sse/rs-sse-tomcat/pom.xml | 4 +-
systests/rs-sse/rs-sse-undertow/pom.xml | 4 +-
systests/tracing/pom.xml | 4 +-
.../org/apache/cxf/systest/jaeger/TestSender.java | 14 +-
.../cxf/systest/jaxrs/tracing/BookStore.java | 89 +-
.../opentracing/OpenTracingTracingTest.java | 30 +-
.../jaxws/tracing/opentracing/BookStore.java | 6 +-
.../opentracing/OpenTracingTracingTest.java | 12 +-
systests/transport-jms/pom.xml | 4 +-
.../apache/cxf/systest/jms/TwoWayJMSImplBase.java | 10 +-
.../cxf/systest/jms/action/JMSSoapActionTest.java | 137 +++
.../org/apache/cxf/systest/jms/action/Server.java} | 32 +-
.../SoapActionGreeterImplTwoWayJMS.java} | 13 +-
.../GreeterImplWithContinuationsJMS.java | 4 +-
.../java/org/apache/cxf/systest/jms/gzipBus.xml | 2 +-
.../jms/security/SecurityGreeterImplTwoWayJMS.java | 2 +
.../systest/jms/security/TwoWayJMSImplBase.java | 117 ---
systests/transport-undertow/pom.xml | 4 +-
.../systest/http_undertow/MapIdentityManager.java | 5 +-
.../websocket/WebSocketTestClient.java | 2 +-
systests/transports-ssl3/pom.xml | 4 +-
systests/transports/pom.xml | 4 +-
.../https/ciphersuites/CipherSuitesTest.java | 180 ++--
.../systest/https/clientauth/ClientAuthTest.java | 122 +++
.../systest/https/conduit/HTTPSConduitTest.java | 6 +-
.../HostnameVerificationDeprecatedTest.java | 55 +-
.../https/hostname/HostnameVerificationTest.java | 77 +-
.../cxf/systest/https/trust/TrustManagerTest.java | 53 +
.../systest/servlet/ErrorContextSerletTest.java | 11 +-
systests/uncategorized/pom.xml | 41 +-
.../RespectBindingFeatureClientServerTest.java | 12 +-
.../basicDOCBare/PutLastTradedPriceImpl.java | 2 +-
.../beanincreationexception/TestBeanABOImpl.java | 2 +-
.../apache/cxf/systest/callback/CallbackImpl.java | 2 +-
.../apache/cxf/systest/callback/ServerImpl.java | 4 +-
.../cxf/systest/clustering/GreeterImplA.java | 2 +-
.../cxf/systest/clustering/GreeterImplB.java | 2 +-
.../cxf/systest/clustering/GreeterImplC.java | 2 +-
.../cxf/systest/clustering/GreeterImplD.java | 2 +-
.../cxf/systest/clustering/GreeterImplE.java | 2 +-
.../cxf/systest/coloc/AbstractColocTest.java | 10 +-
.../coloc/AbstractHeaderServiceDocLitTest.java | 13 +-
.../coloc/AbstractHeaderServiceRpcLitTest.java | 22 +-
.../systest/coloc/BaseHeaderTesterDocLitImpl.java | 22 +-
.../systest/coloc/BaseHeaderTesterRpcLitImpl.java | 23 +-
.../cxf/systest/coloc/ColocHeaderDocLitTest.java | 15 +-
.../cxf/systest/coloc/ColocHeaderRpcLitTest.java | 14 +-
.../cxf/systest/coloc/ColocWrappedDocLitTest.java | 11 -
.../org/apache/cxf/systest/corba/CorbaTest.java | 3 +-
.../apache/cxf/systest/corba/CorbaTimeoutTest.java | 6 +-
.../java/org/apache/cxf/systest/corba/Server.java | 15 +-
.../apache/cxf/systest/corba/ServerTimeout.java | 15 +-
.../systest/exception/GenericExceptionTest.java | 2 +-
.../factory_pattern/HttpNumberFactoryImpl.java | 2 +-
.../ManualHttpMulitplexClientServerTest.java | 9 +-
.../factory_pattern/ManualNumberFactoryImpl.java | 2 +-
.../factory_pattern/MultiplexClientServerTest.java | 5 +-
.../MultiplexHttpAddressClientServerTest.java | 5 +-
.../systest/factory_pattern/NumberFactoryImpl.java | 2 +-
.../org/apache/cxf/systest/fault/GreeterImpl.java | 2 +-
.../cxf/systest/interceptor/GreeterImpl.java | 2 +-
.../cxf/systest/lifecycle/LifeCycleTest.java | 2 +-
.../cxf/systest/management/ManagedBusTest.java | 9 +-
.../apache/cxf/systest/mtom/TestMtomJMSImpl.java | 2 +-
.../cxf/systest/nested_callback/CallbackImpl.java | 2 +-
.../cxf/systest/nested_callback/ServerImpl.java | 4 +-
.../outofband/header/OOBHdrServiceImpl.java | 2 +-
.../cxf/systest/outofband/header/Server.java | 2 +-
.../apache/cxf/systest/outofband/header/cxf.xml | 2 +-
.../resolver/JarServiceContractResolver.java | 4 +-
.../apache/cxf/systest/soap/TransformServer.java | 11 +-
.../org/apache/cxf/systest/soap/XSLTServer.java | 11 +-
.../org/apache/cxf/systest/soap12/GreeterImpl.java | 2 +-
.../cxf/systest/soapfault/SOAPFaultImpl.java | 2 +-
.../systest/soapfault/details/GreeterImpl11.java | 10 +-
.../systest/soapfault/details/GreeterImpl12.java | 2 +-
.../apache/cxf/systest/type_substitution/Fuji.java | 4 +-
.../systest/type_test/AbstractTypeTestClient.java | 145 ++-
.../systest/type_test/AbstractTypeTestClient2.java | 35 +-
.../systest/type_test/AbstractTypeTestClient3.java | 4 +-
.../systest/type_test/AbstractTypeTestClient4.java | 14 +-
.../type_test/corba/CORBADocLitClientTypeTest.java | 331 +++---
.../type_test/soap/SOAPDocLitClientTypeTest.java | 8 +-
.../type_test/soap/SOAPDocLitServerImpl.java | 2 +-
.../type_test/soap/SOAPRpcLitClientTypeTest.java | 2 +-
.../type_test/soap/SOAPRpcLitServerImpl.java | 2 +-
.../systest/type_test/xml/XMLClientTypeTest.java | 2 +-
.../cxf/systest/type_test/xml/XMLServerImpl.java | 2 +-
.../org/apache/cxf/systest/soap/client.xml | 15 +-
systests/ws-rm/pom.xml | 10 +-
.../cxf/systest/ws/rm/ManagedEndpointsTest.java | 4 +-
.../systest/ws/rm/MessageCallbackOnewayTest.java | 144 +--
.../org/apache/cxf/systest/ws/rm/SequenceTest.java | 2 +-
.../cxf/systest/ws/rm/SequenceTimeoutTest.java | 11 +-
.../ws/rm/policy/WSRMOptionalPolicyTest.java | 5 +-
.../org/apache/cxf/systest/ws/rm/suppressed.xml | 2 +-
.../apache/cxf/systest/ws/util/MessageFlow.java | 49 +-
systests/ws-security-examples/pom.xml | 4 +-
systests/ws-security/pom.xml | 4 +-
.../apache/cxf/systest/ws/action/ActionTest.java | 9 +-
.../systest/ws/algsuite/AlgorithmSuiteTest.java | 11 +-
.../ws/algsuite/StaxAlgorithmSuiteTest.java | 3 +-
.../ws/common/DoubleItImplContinuation.java | 4 +-
.../cxf/systest/ws/common/SecurityTestUtil.java | 28 -
.../CryptoCoverageCheckerTest.java | 3 +-
.../cxf/systest/ws/fault/ModifiedRequestTest.java | 3 +-
.../org/apache/cxf/systest/ws/gcm/GCMTest.java | 3 +-
.../apache/cxf/systest/ws/httpget/HTTPGetTest.java | 33 +-
.../PasswordPropertiesTest.java} | 98 +-
.../apache/cxf/systest/ws/password/Server.java} | 14 +-
.../ws/policy/JavaFirstPolicyServiceTest.java | 34 +-
.../systest/ws/policy/PolicyAlternativeTest.java | 53 +-
.../ws/policy/operation/PolicyOperationTest.java | 113 +++
.../cxf/systest/ws/policy/operation/Server.java} | 10 +-
.../ws/saml/client/SamlRoleCallbackHandler.java | 6 +-
.../systest/ws/security/SecurityPolicyTest.java | 16 +-
.../systest/ws/security/WSSecurityClientTest.java | 6 +-
.../apache/cxf/systest/ws/swa/SWAActionTest.java | 17 +-
.../apache/cxf/systest/ws/swa/SWAPolicyTest.java | 23 +-
.../cxf/systest/ws/tokens/DoubleItBSTImpl.java | 7 +-
.../cxf/systest/ws/ut/UsernameTokenTest.java | 29 +-
.../cxf/systest/ws/wssec10/WSSecurity10Test.java | 3 +-
.../cxf/systest/ws/wssec10/server/Server.java | 4 +-
.../cxf/systest/ws/wssec10/server/StaxServer.java | 4 +-
.../cxf/systest/ws/wssec11/WSSecurity111Test.java | 11 +-
.../cxf/systest/ws/wssec11/WSSecurity112Test.java | 13 +-
.../cxf/systest/ws/wssec11/WSSecurity11Common.java | 21 -
.../apache/cxf/systest/ws/x509/X509TokenTest.java | 127 ++-
.../org/apache/cxf/systest/ws/xkms/XKMSTest.java | 90 +-
.../cxf/systest/ws/password/DoubleItPassword.wsdl | 194 ++++
.../{xkms/xkms-server.xml => password/server.xml} | 74 +-
.../policy/operation/DoubleItPolicyOperation.wsdl | 101 ++
.../cxf/systest/ws/policy/operation}/client.xml | 11 +-
.../cxf/systest/ws/policy/operation/server.xml} | 28 +-
.../org/apache/cxf/systest/ws/security/client.xml | 2 +-
.../cxf/systest/ws/security/handler/client.xml | 15 +-
.../org/apache/cxf/systest/ws/security/server.xml | 2 +-
.../apache/cxf/systest/ws/security/stax-server.xml | 2 +-
.../cxf/systest/ws/ut/client-remote-wsdl.xml} | 20 +-
.../apache/cxf/systest/ws/x509/DoubleItX509.wsdl | 22 +
.../org/apache/cxf/systest/ws/x509/client.xml | 9 +
.../org/apache/cxf/systest/ws/x509/server.xml | 11 +-
.../org/apache/cxf/systest/ws/x509/stax-server.xml | 9 +
.../org/apache/cxf/systest/ws/xkms/xkms-server.xml | 10 +-
.../org/apache/cxf/systest/ws/xkms/xkmstest.cer | Bin 0 -> 709 bytes
systests/ws-specs/pom.xml | 12 +-
.../systest/ws/addr_disable/WSADisableTest.java | 5 +-
.../WSAResponsesClientServerTest.java | 11 +-
.../cxf/systest/ws/addressing/MAPTestBase.java | 4 +-
.../cxf/systest/ws/addressing/MAPVerifier.java | 24 +-
.../systest/ws/policy/addr-inline-policy-old.xml | 7 +-
.../cxf/systest/ws/policy/addr-inline-policy.xml | 7 +-
.../cxf/systest/ws/policy/rm10wsdl_server.xml | 14 +-
.../cxf/systest/ws/policy/rm12wsdl_server.xml | 13 +-
.../apache/cxf/systest/ws/util/MessageFlow.java | 6 +-
systests/ws-transfer/pom.xml | 4 +-
systests/wsdl_maven/codegen/pom.xml | 2 +-
.../wsdl_maven/codegen/src/it/it-parent/pom.xml | 2 +-
systests/wsdl_maven/java2ws/pom.xml | 20 +-
.../cxf/systests/java2ws/HelloWorldArgs.java} | 19 +-
.../cxf/systests/java2ws/StringWrapper.java} | 15 +-
systests/wsdl_maven/pom.xml | 4 +-
testutils/pom.xml | 4 +-
.../AnonymousComplexTypeImpl.java | 4 +-
.../java/org/apache/cxf/test/TestUtilities.java | 29 +-
.../testutil/common/EmbeddedJMSBrokerLauncher.java | 8 +-
.../apache/cxf/testutil/common/ServerLauncher.java | 123 +--
.../org/apache/cxf/testutil/common/TestUtil.java | 4 +-
.../cxf/testutil/recorders/InMessageRecorder.java | 35 +-
.../cxf/testutil/recorders/MessageRecorder.java | 26 +-
.../cxf/testutil/recorders/OutMessageRecorder.java | 11 +-
testutils/src/main/resources/wsdl/jms_test.wsdl | 39 +
tools/common/pom.xml | 4 +-
.../cxf/tools/common/AbstractCXFToolContainer.java | 8 +-
.../apache/cxf/tools/common/ProcessorTestBase.java | 14 +-
.../main/java/org/apache/cxf/tools/common/Tag.java | 8 +-
.../org/apache/cxf/tools/common/ToolContext.java | 6 +-
.../apache/cxf/tools/common/VelocityWriter.java | 4 +-
.../apache/cxf/tools/common/model/JAnnotation.java | 6 +-
.../cxf/tools/common/model/JAnnotationElement.java | 18 +-
.../cxf/tools/common/model/JavaInterface.java | 12 +-
.../apache/cxf/tools/common/model/JavaMethod.java | 20 +-
.../cxf/tools/common/model/JavaParameter.java | 2 +-
.../apache/cxf/tools/common/model/JavaPort.java | 2 +-
.../apache/cxf/tools/common/model/JavaType.java | 6 +-
.../common/toolspec/parser/CommandLineParser.java | 6 +-
.../cxf/tools/common/toolspec/parser/Option.java | 4 +-
.../common/toolspec/parser/TokenInputStream.java | 2 +-
.../org/apache/cxf/tools/util/ToolsStaxUtils.java | 5 +-
.../java/org/apache/cxf/tools/util/URLFactory.java | 2 +-
.../common/toolspec/AbstractToolContainerTest.java | 4 +-
.../cxf/tools/common/toolspec/ToolSpecTest.java | 5 +-
.../toolspec/parser/CommandLineParserTest.java | 2 +-
.../util/BuiltInTypesJavaMappingUtilTest.java | 4 +-
tools/corba/pom.xml | 4 +-
.../cxf/tools/corba/processors/idl/IDLLexer.java | 6 +-
.../tools/corba/common/ProcessorEnvironment.java | 4 +-
.../tools/corba/common/idltypes/CorbaUtils.java | 12 +-
.../corba/common/idltypes/IdlAnonSequence.java | 4 +-
.../tools/corba/common/idltypes/IdlArrayBase.java | 4 +-
.../corba/common/idltypes/IdlDefnImplBase.java | 4 +-
.../tools/corba/common/idltypes/IdlOperation.java | 6 +-
.../tools/corba/common/idltypes/IdlScopeBase.java | 14 +-
.../corba/common/idltypes/IdlUnionBranch.java | 4 +-
.../idlpreprocessor/IdlPreprocessorReader.java | 7 +-
.../tools/corba/processors/idl/ConstVisitor.java | 2 +-
.../corba/processors/idl/IDLToWSDLProcessor.java | 6 +-
.../corba/processors/idl/ModuleToNSMapper.java | 2 +-
.../corba/processors/idl/PortTypeVisitor.java | 3 +-
.../cxf/tools/corba/processors/idl/Scope.java | 2 +-
.../cxf/tools/corba/processors/idl/TypesUtils.java | 6 +-
.../corba/processors/wsdl/WSDLToCorbaBinding.java | 4 +-
.../corba/processors/wsdl/WSDLToCorbaHelper.java | 8 +-
.../corba/processors/wsdl/WSDLToIDLAction.java | 6 +-
.../tools/corba/utils/FileOutputStreamFactory.java | 6 +-
.../org/apache/cxf/tools/corba/IDLToWSDLTest.java | 2 +-
.../org/apache/cxf/tools/corba/WSDLToIDLTest.java | 4 +-
tools/javato/pom.xml | 4 +-
tools/javato/ws/pom.xml | 4 +-
.../tools/java2js/processor/JavaToJSProcessor.java | 6 +-
.../java2wsdl/generator/wsdl11/BeanGenerator.java | 2 +-
.../processor/internal/jaxws/Wrapper.java | 2 +-
.../fortest/cxf523/Operation0ResponseType.java | 2 +-
.../java2js/processor/JavaToJSProcessorTest.java | 3 -
.../generator/wsdl11/FaultBeanGeneratorTest.java | 19 +-
.../generator/wsdl11/WrapperBeanGeneratorTest.java | 3 -
.../java2wsdl/processor/JavaToProcessorTest.java | 22 +-
tools/pom.xml | 4 +-
tools/validator/pom.xml | 4 +-
.../cxf/tools/validator/AbstractValidator.java | 14 +-
.../tools/validator/internal/SchemaValidator.java | 4 +-
.../tools/validator/internal/ValidationResult.java | 8 +-
.../cxf/tools/validator/internal/model/XDef.java | 4 +-
.../cxf/tools/validator/internal/model/XNode.java | 37 +-
.../validator/internal/WSDL11ValidatorTest.java | 12 +-
tools/wadlto/jaxrs/pom.xml | 4 +-
.../cxf/tools/wadlto/jaxb/CustomizationParser.java | 2 +-
.../cxf/tools/wadlto/jaxrs/JAXRSContainer.java | 8 +-
.../cxf/tools/wadlto/jaxrs/SourceGenerator.java | 172 ++--
.../cxf/tools/wadlto/jaxrs/ValidateWadlTest.java | 26 +-
tools/wadlto/pom.xml | 4 +-
tools/wsdlto/core/pom.xml | 4 +-
.../cxf/tools/wsdlto/WSDLToJavaContainer.java | 41 +-
tools/wsdlto/databinding/jaxb/pom.xml | 4 +-
.../wsdlto/databinding/jaxb/JAXBDataBinding.java | 8 +-
tools/wsdlto/frontend/javascript/pom.xml | 4 +-
.../wsdlto/javascript/JavaScriptContainer.java | 2 +-
.../javascript/WSDLToJavaScriptProcessor.java | 6 +-
tools/wsdlto/frontend/jaxws/pom.xml | 10 +-
.../frontend/jaxws/customization/JAXWSBinding.java | 6 +-
.../frontend/jaxws/generators/FaultGenerator.java | 2 +-
.../frontend/jaxws/generators/SEIGenerator.java | 2 +-
.../processor/internal/OperationProcessor.java | 4 +-
.../processor/internal/ParameterProcessor.java | 6 +-
.../jaxws/processor/internal/ProcessorUtil.java | 2 +-
.../jaxws/processor/internal/ServiceProcessor.java | 28 +-
.../jaxws/wsdl11/JAXWSDefinitionBuilderTest.java | 12 +-
tools/wsdlto/misc/pom.xml | 4 +-
.../misc/processor/AbstractWSDLToProcessor.java | 6 +-
.../tools/misc/processor/XSDToWSDLProcessor.java | 4 +-
.../misc/processor/address/AddressFactory.java | 2 +-
tools/wsdlto/pom.xml | 4 +-
tools/wsdlto/test/pom.xml | 4 +-
.../cxf/tools/wsdlto/AbstractCodeGenTest.java | 4 -
.../apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java | 16 +-
.../cxf/tools/wsdlto/jaxws/JAXWSContainerTest.java | 5 +-
1459 files changed, 15136 insertions(+), 10760 deletions(-)
create mode 100644 .gitattributes
rename core/src/main/java/org/apache/cxf/common/util/{SpringAopClassHelper.java => SpringClassUnwrapper.java} (62%)
create mode 100644 core/src/test/java/org/apache/cxf/attachment/LazyDataSourceTest.java
copy tools/common/src/test/java/org/apache/cxf/tools/util/BuiltInTypesJavaMappingUtilTest.java => core/src/test/java/org/apache/cxf/service/invoker/PooledFactoryTest.java (65%)
create mode 100755 distribution/src/main/release/bin/inc
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_cdi/src/main/resources/web-ui/javascripts/highcharts.js
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_cdi/src/main/resources/web-ui/javascripts/jquery-1.9.0.min.js
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_osgi/src/main/resources/web-ui/javascripts/highcharts.js
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_osgi/src/main/resources/web-ui/javascripts/jquery-1.9.0.min.js
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_spring/src/main/resources/web-ui/javascripts/highcharts.js
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_spring/src/main/resources/web-ui/javascripts/jquery-1.9.0.min.js
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_tomcat/src/main/resources/web-ui/javascripts/highcharts.js
delete mode 100644 distribution/src/main/release/samples/jax_rs/sse_tomcat/src/main/resources/web-ui/javascripts/jquery-1.9.0.min.js
copy systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/httpsignature/CustomSecurityProvider.java => integration/tracing/tracing-opentracing/src/main/java/org/apache/cxf/tracing/opentracing/ScopedSpan.java (63%)
copy systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/AbstractBookStoreSpring.java => rt/frontend/jaxrs/src/test/java/org/apache/cxf/jaxrs/impl/ReaderInterceptorMBRTest.java (75%)
copy rt/rs/{http-sci => description-common-openapi}/pom.xml (78%)
create mode 100644 rt/rs/description-common-openapi/src/main/java/org/apache/cxf/jaxrs/common/openapi/DefaultApplicationFactory.java
rename rt/rs/{description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger => description-common-openapi/src/main/java/org/apache/cxf/jaxrs/common/openapi}/DelegatingServletConfig.java (80%)
rename rt/rs/{description-openapi-v3/src/main/java/org/apache/cxf/jaxrs => description-common-openapi/src/main/java/org/apache/cxf/jaxrs/common}/openapi/SwaggerProperties.java (88%)
rename rt/rs/{description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger => description-common-openapi/src/main/java/org/apache/cxf/jaxrs/common/openapi}/SyntheticServletConfig.java (80%)
delete mode 100644 rt/rs/description-openapi-v3/src/main/java/org/apache/cxf/jaxrs/openapi/DelegatingServletConfig.java
delete mode 100644 rt/rs/description-openapi-v3/src/main/java/org/apache/cxf/jaxrs/openapi/SyntheticServletConfig.java
create mode 100644 rt/rs/description-swagger/src/test/resources/swagger2petShopWithNullOperations.json
copy systests/tracing/src/test/java/org/apache/cxf/systest/jaeger/TestSender.java => rt/rs/microprofile-client/src/main/java/org/apache/cxf/microprofile/client/MicroProfileServiceFactoryBean.java (51%)
create mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/HTTPSignatureConstants.java
create mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/AbstractSignatureInFilter.java
create mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/AbstractSignatureOutFilter.java
delete mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/CreateSignatureClientFilter.java
delete mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/CreateSignatureFilter.java
create mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/CreateSignatureInterceptor.java
delete mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/VerifyDigestInterceptor.java
create mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters/VerifySignatureClientFilter.java
copy core/src/main/java/org/apache/cxf/common/util/ClassUnwrapper.java => rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/provider/KeyProvider.java (72%)
create mode 100644 rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/utils/KeyManagementUtils.java
create mode 100644 rt/rs/security/http-signature/src/test/java/org/apache/cxf/rs/security/httpsignature/SpecExamplesTest.java
create mode 100644 rt/rs/security/http-signature/src/test/java/org/apache/cxf/rs/security/httpsignature/utils/SignatureHeaderUtilsTest.java
create mode 100644 rt/rs/security/http-signature/src/test/resources/private_key.der
create mode 100644 rt/rs/security/http-signature/src/test/resources/public.key
create mode 100644 rt/rs/security/http-signature/src/test/resources/public_key.der
create mode 100644 rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtilsTest.java
create mode 100644 rt/rs/sse/src/test/java/org/apache/cxf/jaxrs/sse/SseEventSinkContextProviderTest.java
copy systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/AbstractBookStoreSpring.java => rt/security/src/main/java/org/apache/cxf/rt/security/rs/PrivateKeyPasswordProvider.java (82%)
create mode 100644 rt/security/src/main/java/org/apache/cxf/rt/security/rs/RSSecurityConstants.java
delete mode 100644 services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/TestUtils.java
delete mode 100644 services/xkms/xkms-x509-repo-ldap/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
delete mode 100644 services/xkms/xkms-x509-repo-ldap/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPSearchTest.java
copy systests/{uncategorized/src/test/java/org/apache/cxf/systest/type_substitution/Fuji.java => jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/reactive/MappedException.java} (67%)
copy systests/{rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/httpsignature/CustomSecurityProvider.java => jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/reactive/MappedExceptionMapper.java} (69%)
rename systests/{rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/httpsignature/CustomSecurityProvider.java => jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/reactor/IllegalArgumentExceptionMapper.java} (68%)
copy systests/jaxws/src/test/java/org/apache/cxf/systest/jaxws/{CXF5061Test.java => CXF7990Test.java} (53%)
copy systests/{jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/AbstractBookStoreSpring.java => jaxws/src/test/java/org/apache/cxf/systest/jaxws/EchoService.java} (74%)
create mode 100644 systests/jaxws/src/test/java/org/apache/cxf/systest/jaxws/EchoServiceImpl.java
create mode 100644 systests/ldap/src/test/java/org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.java
rename {services/xkms/xkms-x509-repo-ldap/src/test/resources => systests/ldap/src/test/resources/org/apache/cxf/systest/ldap/xkms}/cert1.cer (100%)
copy systests/microprofile/client/{jaxrs => tracing}/pom.xml (63%)
copy systests/{rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/PrivateKeyPasswordProviderImpl.java => microprofile/client/tracing/src/test/java/org/apache/cxf/systest/microprofile/rest/client/tracing/Book.java} (60%)
copy systests/{jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/IRestService.java => microprofile/client/tracing/src/test/java/org/apache/cxf/systest/microprofile/rest/client/tracing/BookRestClient.java} (74%)
copy systests/{rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security => microprofile/client/tracing/src/test/java/org/apache/cxf/systest/microprofile/rest/client/tracing}/BookStore.java (50%)
create mode 100644 systests/microprofile/client/tracing/src/test/java/org/apache/cxf/systest/microprofile/rest/client/tracing/brave/BraveTracingTest.java
rename rt/rs/security/http-signature/src/test/java/org/apache/cxf/rs/security/httpsignature/provider/MockPublicKeyProvider.java => systests/microprofile/client/tracing/src/test/java/org/apache/cxf/systest/microprofile/rest/client/tracing/brave/TestSpanReporter.java (61%)
copy systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/httpsignature/{CustomPublicKeyProvider.java => PrivateKeyProviderTestHelper.java} (66%)
copy systests/{uncategorized/src/test/java/org/apache/cxf/systest/corba/Server.java => rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerHTTPHeaders.java} (57%)
copy systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/{PrivateKeyPasswordProviderImpl.java => EncrSignJweContainerRequestFilter.java} (63%)
copy systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/{PrivateKeyPasswordProviderImpl.java => EncrSignJwsContainerRequestFilter.java} (63%)
create mode 100644 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JwsHTTPHeaderTest.java
create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/httpsignature/alice.httpsig.properties
create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/httpsignature/bob.httpsig.properties
create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/http-headers-server.xml
create mode 100644 systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/action/JMSSoapActionTest.java
copy systests/{uncategorized/src/test/java/org/apache/cxf/systest/soap/TransformServer.java => transport-jms/src/test/java/org/apache/cxf/systest/jms/action/Server.java} (63%)
copy systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/{security/SecurityGreeterImplTwoWayJMS.java => action/SoapActionGreeterImplTwoWayJMS.java} (76%)
delete mode 100644 systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/TwoWayJMSImplBase.java
copy systests/ws-security/src/test/java/org/apache/cxf/systest/ws/{xkms/XKMSTest.java => password/PasswordPropertiesTest.java} (57%)
copy systests/{uncategorized/src/test/java/org/apache/cxf/systest/soap/XSLTServer.java => ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java} (79%)
create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/PolicyOperationTest.java
copy systests/{uncategorized/src/test/java/org/apache/cxf/systest/soap/XSLTServer.java => ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/Server.java} (85%)
create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword.wsdl
copy systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/{xkms/xkms-server.xml => password/server.xml} (51%)
create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/DoubleItPolicyOperation.wsdl
copy systests/{uncategorized/src/test/resources/org/apache/cxf/systest/soap => ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation}/client.xml (77%)
copy systests/{rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/httpsignature/client.xml => ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/server.xml} (51%)
copy systests/{uncategorized/src/test/resources/org/apache/cxf/systest/soap/client.xml => ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client-remote-wsdl.xml} (69%)
create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/xkmstest.cer
copy systests/{transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SecurityGreeterImplTwoWayJMS.java => wsdl_maven/java2ws/src/main/java/org/apache/cxf/systests/java2ws/HelloWorldArgs.java} (64%)
rename systests/{jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/AbstractBookStoreSpring.java => wsdl_maven/java2ws/src/main/java/org/apache/cxf/systests/java2ws/StringWrapper.java} (77%)
[cxf] 06/07: Picking up more derived key changes in WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 6179672762de9c177740d9956640e7f5b073b156
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 1 11:20:57 2019 +0000
Picking up more derived key changes in WSS4J
---
.../wss4j/policyhandlers/AbstractBindingBuilder.java | 1 +
.../wss4j/policyhandlers/AsymmetricBindingHandler.java | 12 ++++++++++--
.../wss4j/policyhandlers/SymmetricBindingHandler.java | 18 ++++++++++++++++--
.../wss4j/policyhandlers/TransportBindingHandler.java | 2 ++
4 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index be9b13a..d6529d8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2096,6 +2096,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
addSig(dkSign.getSignatureValue());
+ dkSign.clean();
}
private void doSymmSignature(AbstractToken policyToken, SecurityToken tok,
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 09cd142..3896fa5 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -229,15 +229,18 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encToken != null) {
+ WSSecBase encr = null;
if (encToken.getToken() != null && !enc.isEmpty()) {
if (encToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encToken, enc);
+ encr = doEncryptionDerived(encToken, enc);
} else {
String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
SecretKey symmetricKey = keyGen.generateKey();
- doEncryption(encToken, enc, false, symmetricKey);
+ encr = doEncryption(encToken, enc, false, symmetricKey);
}
+
+ encr.clean();
}
assertTokenWrapper(encToken);
assertToken(encToken.getToken());
@@ -394,6 +397,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (encrBase != null) {
encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey);
+ encrBase.clean();
}
}
@@ -663,6 +667,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
WSSecSignature sig = getSignatureBuilder(sigToken, attached, false);
sig.appendBSTElementToHeader();
+ sig.clean();
}
return;
}
@@ -735,6 +740,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
mainSigId = dkSign.getSignatureId();
}
+ dkSign.clean();
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
@@ -781,6 +787,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
mainSigId = sig.getId();
}
+
+ sig.clean();
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 8a4d5d9..0567126 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -283,6 +283,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
}
+
+ if (encr != null) {
+ encr.clean();
+ }
}
} catch (RuntimeException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -408,8 +412,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty()) {
+ WSSecBase encr = null;
if (encrAbstractTokenWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
+ encr = doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
} else {
byte[] ephemeralKey = encrTok.getSecret();
SecretKey symmetricKey = null;
@@ -420,8 +425,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
symmetricKey = keyGen.generateKey();
}
- doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
+ encr = doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
}
+
+ encr.clean();
}
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
@@ -800,8 +807,11 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
this.mainSigId = dkSign.getSignatureId();
+ dkSign.clean();
return dkSign.getSignatureValue();
}
+
+ dkSign.clean();
return null;
}
@@ -933,8 +943,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
bottomUpElement = sig.getSignatureElement();
this.mainSigId = sig.getId();
+
+ sig.clean();
return sig.getSignatureValue();
}
+
+ sig.clean();
return null;
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 33ae0dd..4be39d2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -404,6 +404,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.appendDKElementToHeader();
dkSig.computeSignature(referenceList, false, null);
+ dkSig.clean();
return dkSig.getSignatureValue();
}
WSSecSignature sig = getSignatureBuilder(token, false, false);
@@ -514,6 +515,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
//Do signature
dkSign.computeSignature(referenceList, false, null);
+ dkSign.clean();
return dkSign.getSignatureValue();
}
[cxf] 07/07: Set the SOAP namespace on the streaming policy
validation code
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 44e146910477765f92912590079586148460d574
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 1 16:34:02 2019 +0000
Set the SOAP namespace on the streaming policy validation code
---
.../apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java | 2 ++
.../cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index d5cd6b6..585e908 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -179,6 +179,8 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
boolean validateSchemas =
MessageUtils.getContextualBoolean(msg, "schema-validation-enabled", false);
securityProperties.setDisableSchemaValidation(!validateSchemas);
+
+ securityProperties.setSoap12(WSSConstants.NS_SOAP12.equals(msg.getVersion().getNamespace()));
}
private Collection<Pattern> convertCertConstraints(String certConstraints, String separator) {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index a455cf8..02b5081 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -55,6 +55,7 @@ import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.stax.OperationPolicy;
import org.apache.wss4j.policy.stax.enforcer.PolicyEnforcer;
import org.apache.wss4j.policy.stax.enforcer.PolicyInputProcessor;
+import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
@@ -426,7 +427,6 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
if (soapAction == null) {
soapAction = "";
}
-
String actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
final Collection<org.apache.cxf.message.Attachment> attachments = msg.getAttachments();
int attachmentCount = 0;
@@ -435,7 +435,8 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
}
return new PolicyEnforcer(operationPolicies, soapAction, isRequestor(msg),
actor, attachmentCount,
- new WSS4JPolicyAsserter(msg.get(AssertionInfoMap.class)));
+ new WSS4JPolicyAsserter(msg.get(AssertionInfoMap.class)),
+ WSSConstants.NS_SOAP12.equals(msg.getVersion().getNamespace()));
}
}
[cxf] 05/07: Picking up derived key changes from WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit b10c87fb2097ffccb989f15de971de1f6627db6a
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jan 31 11:49:53 2019 +0000
Picking up derived key changes from WSS4J
---
.../policyhandlers/AbstractBindingBuilder.java | 8 ++++----
.../policyhandlers/AsymmetricBindingHandler.java | 8 ++++----
.../policyhandlers/SymmetricBindingHandler.java | 24 +++++++++-------------
.../policyhandlers/TransportBindingHandler.java | 10 ++++-----
4 files changed, 23 insertions(+), 27 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index e56ca5d..be9b13a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -2043,7 +2043,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (ref != null) {
ref = cloneElement(ref);
- dkSign.setExternalKey(tok.getSecret(), ref);
+ dkSign.setStrElem(ref);
} else if (!isRequestor() && policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -2054,10 +2054,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
tokenRef.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -2073,7 +2073,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
dkSign.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (isTokenProtection) {
String sigTokId = XMLUtils.getIDFromReference(tok.getId());
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 5806b3e..09cd142 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -597,7 +597,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
setupEncryptedKey(encrToken);
}
- dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setTokenIdentifier(this.encryptedKeyId);
dkEncr.getParts().addAll(encrParts);
dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#"
+ WSS4JConstants.ENC_KEY_VALUE_TYPE);
@@ -606,7 +606,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(this.encryptedKeyValue);
addDerivedKeyElement(dkEncr.getdktElement());
Element refList = dkEncr.encryptForExternalRef(null, encrParts);
@@ -681,7 +681,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkSign.setTokenIdentifier(this.encryptedKeyId);
// Set the algo info
dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getSymmetricSignature());
@@ -699,7 +699,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setAddInclusivePrefixes(includePrefixes);
try {
- dkSign.prepare();
+ dkSign.prepare(this.encryptedKeyValue);
if (abinding.isProtectTokens()) {
assertPolicy(
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index d824e21..8a4d5d9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -452,13 +452,9 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (attached && encrTok.getAttachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getAttachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getAttachedReference()));
} else if (encrTok.getUnattachedReference() != null) {
- dkEncr.setExternalKey(
- encrTok.getSecret(), cloneElement(encrTok.getUnattachedReference())
- );
+ dkEncr.setStrElem(cloneElement(encrTok.getUnattachedReference()));
} else if (!isRequestor() && encrTok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -477,7 +473,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
tokenRef.addTokenType(tokenType);
- dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
+ dkEncr.setStrElem(tokenRef.getElement());
} else {
if (attached) {
String id = encrTok.getWsuId();
@@ -492,10 +488,10 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (id.startsWith("#")) {
id = id.substring(1);
}
- dkEncr.setExternalKey(encrTok.getSecret(), id);
+ dkEncr.setTokenIdentifier(id);
} else {
dkEncr.setTokenIdDirectId(true);
- dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ dkEncr.setTokenIdentifier(encrTok.getId());
}
}
@@ -525,7 +521,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
- dkEncr.prepare();
+ dkEncr.prepare(encrTok.getSecret());
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
addDerivedKeyElement(encrDKTokenElem);
@@ -701,7 +697,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(tok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else if (!isRequestor() && policyToken.getDerivedKeys()
== DerivedKeys.RequireDerivedKeys && tok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
@@ -723,13 +719,13 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
tokenRef.addTokenType(tokenType);
}
- dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ dkSign.setStrElem(tokenRef.getElement());
} else {
if ((!attached && !isRequestor()) || policyToken instanceof SecureConversationToken
|| policyToken instanceof SecurityContextToken) {
dkSign.setTokenIdDirectId(true);
}
- dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ dkSign.setTokenIdentifier(tok.getId());
}
//Set the algo info
@@ -769,7 +765,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
}
- dkSign.prepare();
+ dkSign.prepare(tok.getSecret());
if (sbinding.isProtectTokens()) {
String sigTokId = tok.getId();
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 2759256..33ae0dd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -393,9 +393,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(symmetricKey.getEncoded(), encrKey.getId());
+ dkSig.setTokenIdentifier(encrKey.getId());
- dkSig.prepare();
+ dkSig.prepare(symmetricKey.getEncoded());
dkSig.getParts().addAll(sigParts);
List<Reference> referenceList = dkSig.addReferencesToSign(sigParts);
@@ -488,9 +488,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
}
if (ref != null) {
- dkSign.setExternalKey(secTok.getSecret(), cloneElement(ref));
+ dkSign.setStrElem(cloneElement(ref));
} else {
- dkSign.setExternalKey(secTok.getSecret(), secTok.getId());
+ dkSign.setTokenIdentifier(secTok.getId());
}
if (token instanceof UsernameToken) {
@@ -504,7 +504,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
if (token.getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
- dkSign.prepare();
+ dkSign.prepare(secTok.getSecret());
addDerivedKeyElement(dkSign.getdktElement());
[cxf] 02/07: WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 2e0b68e2f4355ac4014de05624c9f2b03706674b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Jan 28 12:00:06 2019 +0000
WSSecEncryptedKey.getEphemeralKey() is removed in WSS4J
---
.../cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java | 2 +-
.../ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java | 2 +-
.../ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java | 4 ++--
.../ws/security/wss4j/policyhandlers/TransportBindingHandler.java | 2 +-
.../cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java | 6 ------
.../test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java | 2 +-
6 files changed, 6 insertions(+), 12 deletions(-)
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index f5f051c..35d3deb 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
@@ -213,7 +213,7 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUseThisCert(certs[0]);
encrKey.prepare(null);
- ephemeralKey = encrKey.getEphemeralKey();
+ ephemeralKey = encrKey.getSymmetricKey().getEncoded();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index df31bc7..40d6ee4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -806,7 +806,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
// Add the EncryptedKey
this.addEncryptedKeyElement(encrKey.getEncryptedKeyElement());
- encryptedKeyValue = encrKey.getEphemeralKey();
+ encryptedKeyValue = encrKey.getSymmetricKey().getEncoded();
encryptedKeyId = encrKey.getId();
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index cc37da2..e56fc39 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -551,6 +551,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
encr.setCustomReferenceValue(encrTok.getTokenType());
}
encr.setEncKeyId(encrTokId);
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
encr.setEphemeralKey(encrTok.getSecret());
Crypto crypto = getEncryptionCrypto();
if (crypto != null) {
@@ -558,7 +559,6 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
encr.setEncryptSymmKey(false);
- encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
@@ -917,7 +917,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken);
assertTokenWrapper(wrapper);
String id = encrKey.getId();
- byte[] secret = encrKey.getEphemeralKey();
+ byte[] secret = encrKey.getSymmetricKey().getEncoded();
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 3a1b7c4..208d391 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -383,7 +383,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+ dkSig.setExternalKey(encrKey.getSymmetricKey().getEncoded(), encrKey.getId());
dkSig.prepare();
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
index 750aa90..0e54cf2 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
@@ -59,7 +59,6 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
protected X509Certificate[] certs;
protected Statement statement = Statement.AUTHN;
protected CERT_IDENTIFIER certIdentifier = CERT_IDENTIFIER.X509_CERT;
- protected byte[] ephemeralKey;
protected boolean multiValue = true;
public void setConfirmationMethod(String confMethod) {
@@ -78,10 +77,6 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
this.certs = certs;
}
- public byte[] getEphemeralKey() {
- return ephemeralKey;
- }
-
/**
* Note that the SubjectBean parameter should be null for SAML2.0
*/
@@ -176,7 +171,6 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
encrKey.setUseThisCert(certs[0]);
encrKey.prepare(null);
- ephemeralKey = encrKey.getEphemeralKey();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
index 0a31958..4dc76c8 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
@@ -841,7 +841,7 @@ public class IssueSamlUnitTest {
builder.prepare(stsProperties.getSignatureCrypto());
Element encryptedKeyElement = builder.getEncryptedKeyElement();
- byte[] secret = builder.getEphemeralKey();
+ byte[] secret = builder.getSymmetricKey().getEncoded();
EntropyType entropyType = new EntropyType();
entropyType.getAny().add(encryptedKeyElement);
[cxf] 04/07: Create salt instead of getting it from WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 98bd93d4ba8408ee70dc04a62134ad7e41a4c567
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jan 30 10:48:42 2019 +0000
Create salt instead of getting it from WSS4J
---
.../policyhandlers/AbstractBindingBuilder.java | 34 +++++++++++++++-------
.../policyhandlers/SymmetricBindingHandler.java | 30 ++++++++++++-------
.../policyhandlers/TransportBindingHandler.java | 8 +++--
3 files changed, 49 insertions(+), 23 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 5800336..e56ca5d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -103,6 +103,7 @@ import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
@@ -610,19 +611,20 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
protected void handleUsernameTokenSupportingToken(
UsernameToken token, boolean endorse, boolean encryptedToken, List<SupportingToken> ret
) throws WSSecurityException {
- if (endorse) {
- WSSecUsernameToken utBuilder = addDKUsernameToken(token, true);
+ if (endorse && isTokenRequired(token.getIncludeTokenType())) {
+ byte[] salt = UsernameTokenUtil.generateSalt(true);
+ WSSecUsernameToken utBuilder = addDKUsernameToken(token, salt, true);
if (utBuilder != null) {
- utBuilder.prepare();
+ utBuilder.prepare(salt);
addSupportingElement(utBuilder.getUsernameTokenElement());
- ret.add(new SupportingToken(token, utBuilder, null));
+ ret.add(new SupportingToken(token, utBuilder, null, salt));
if (encryptedToken) {
WSEncryptionPart part = new WSEncryptionPart(utBuilder.getId(), "Element");
part.setElement(utBuilder.getUsernameTokenElement());
encryptedTokensList.add(part);
}
}
- } else {
+ } else if (!endorse) {
WSSecUsernameToken utBuilder = addUsernameToken(token);
if (utBuilder != null) {
utBuilder.prepare();
@@ -862,7 +864,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return null;
}
- protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac) {
+ protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, byte[] salt, boolean useMac) {
assertToken(token);
if (!isTokenRequired(token.getIncludeTokenType())) {
return null;
@@ -883,8 +885,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
if (!StringUtils.isEmpty(password)) {
// If the password is available then build the token
utBuilder.setUserInfo(userName, password);
- utBuilder.addDerivedKey(useMac, null, 1000);
- utBuilder.prepare();
+ utBuilder.addDerivedKey(useMac, 1000);
+ utBuilder.prepare(salt);
} else {
unassertPolicy(token, "No password available");
return null;
@@ -1990,8 +1992,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
}
try {
- byte[] secret = utBuilder.getDerivedKey();
+ byte[] secret = utBuilder.getDerivedKey(supportingToken.getSalt());
secToken.setSecret(secret);
+ Arrays.fill(supportingToken.getSalt(), (byte)0);
if (supportingToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
doSymmSignatureDerived(supportingToken.getToken(), secToken, sigParts,
@@ -2355,12 +2358,19 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
private final AbstractToken token;
private final Object tokenImplementation;
private final List<WSEncryptionPart> signedParts;
+ private final byte[] salt;
SupportingToken(AbstractToken token, Object tokenImplementation,
- List<WSEncryptionPart> signedParts) {
+ List<WSEncryptionPart> signedParts) {
+ this(token, tokenImplementation, signedParts, null);
+ }
+
+ SupportingToken(AbstractToken token, Object tokenImplementation,
+ List<WSEncryptionPart> signedParts, byte[] salt) {
this.token = token;
this.tokenImplementation = tokenImplementation;
this.signedParts = signedParts;
+ this.salt = salt;
}
public AbstractToken getToken() {
@@ -2375,6 +2385,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return signedParts;
}
+ public byte[] getSalt() {
+ return salt;
+ }
+
}
protected void addSig(byte[] val) {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index e96cbfe..d824e21 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.time.Instant;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
@@ -55,6 +56,7 @@ import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -989,20 +991,26 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
private String setupUTDerivedKey(UsernameToken sigToken) throws WSSecurityException {
- boolean useMac = hasSignedPartsOrElements();
- WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, useMac);
- String id = usernameToken.getId();
- byte[] secret = usernameToken.getDerivedKey();
+ assertToken(sigToken);
+ if (isTokenRequired(sigToken.getIncludeTokenType())) {
+ boolean useMac = hasSignedPartsOrElements();
+ byte[] salt = UsernameTokenUtil.generateSalt(useMac);
+ WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, salt, useMac);
+ String id = usernameToken.getId();
+ byte[] secret = usernameToken.getDerivedKey(salt);
+ Arrays.fill(salt, (byte)0);
- Instant created = Instant.now();
- Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
- SecurityToken tempTok =
- new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
- tempTok.setSecret(secret);
+ Instant created = Instant.now();
+ Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
+ SecurityToken tempTok =
+ new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
+ tempTok.setSecret(secret);
- tokenStore.add(tempTok);
+ tokenStore.add(tempTok);
- return id;
+ return id;
+ }
+ return null;
}
private SecurityToken getEncryptedKey() {
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 8af27ae..2759256 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.time.Instant;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
@@ -54,6 +55,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.WSSecDKSign;
@@ -334,9 +336,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
addSig(doIssuedTokenSignature(token, wrapper));
} else if (token instanceof UsernameToken) {
// Create a UsernameToken object for derived keys and store the security token
- WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true);
+ byte[] salt = UsernameTokenUtil.generateSalt(true);
+ WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, salt, true);
String id = usernameToken.getId();
- byte[] secret = usernameToken.getDerivedKey();
+ byte[] secret = usernameToken.getDerivedKey(salt);
+ Arrays.fill(salt, (byte)0);
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
[cxf] 03/07: Picking up changes to symmetricKey in WSSEcEncryptedKey
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit c0993a72d677b2094ffeae9a283885171fb3d63e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jan 29 17:11:03 2019 +0000
Picking up changes to symmetricKey in WSSEcEncryptedKey
---
.../saml/sso/AbstractSAMLCallbackHandler.java | 11 +-
.../policyhandlers/AbstractBindingBuilder.java | 7 +-
.../policyhandlers/AsymmetricBindingHandler.java | 256 +++++++++++---------
.../policyhandlers/SymmetricBindingHandler.java | 261 ++++++++++++---------
.../policyhandlers/TransportBindingHandler.java | 12 +-
.../wss4j/saml/AbstractSAMLCallbackHandler.java | 8 +-
.../cxf/sts/operation/AbstractOperation.java | 14 +-
.../sts/token/provider/DefaultSubjectProvider.java | 16 +-
.../cxf/sts/token/provider/TokenProviderUtils.java | 10 +-
.../cxf/sts/operation/IssueSamlUnitTest.java | 10 +-
10 files changed, 358 insertions(+), 247 deletions(-)
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index 35d3deb..e473bdf 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
@@ -23,6 +23,8 @@ import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -43,6 +45,7 @@ import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
import org.joda.time.DateTime;
@@ -212,8 +215,12 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(null);
- ephemeralKey = encrKey.getSymmetricKey().getEncoded();
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ encrKey.prepare(null, symmetricKey);
+ ephemeralKey = symmetricKey.getEncoded();
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 945755a..5800336 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -35,6 +35,7 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.XMLConstants;
import javax.xml.crypto.dsig.Reference;
@@ -1501,7 +1502,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return null;
}
- protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token) throws WSSecurityException {
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token,
+ SecretKey symmetricKey) throws WSSecurityException {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(secHeader);
encrKey.setIdAllocator(wssConfig.getIdAllocator());
encrKey.setCallbackLookup(callbackLookup);
@@ -1522,11 +1524,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
String encrUser = setEncryptionUser(encrKey, token, false, crypto);
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
- encrKey.setSymmetricEncAlgorithm(algType.getEncryption());
encrKey.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
encrKey.setMGFAlgorithm(algType.getMGFAlgo());
- encrKey.prepare(crypto);
+ encrKey.prepare(crypto, symmetricKey);
if (alsoIncludeToken) {
X509Certificate encCert = getEncryptCert(crypto, encrUser);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 40d6ee4..5806b3e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -28,6 +28,8 @@ import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.crypto.dsig.Reference;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -54,6 +56,7 @@ import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -224,12 +227,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
encToken = abinding.getInitiatorToken();
}
}
- doEncryption(encToken, enc, false);
+
if (encToken != null) {
+ if (encToken.getToken() != null && !enc.isEmpty()) {
+ if (encToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ doEncryptionDerived(encToken, enc);
+ } else {
+ String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ SecretKey symmetricKey = keyGen.generateKey();
+ doEncryption(encToken, enc, false, symmetricKey);
+ }
+ }
assertTokenWrapper(encToken);
assertToken(encToken.getToken());
}
-
} catch (Exception e) {
String reason = e.getMessage();
LOG.log(Level.WARNING, "Sign before encryption failed due to : " + reason);
@@ -333,9 +345,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
WSSecBase encrBase = null;
+ SecretKey symmetricKey = null;
if (encryptionToken != null && !encrParts.isEmpty()) {
- encrBase = doEncryption(wrapper, encrParts, true);
- handleEncryptedSignedHeaders(encrParts, sigParts);
+ if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ encrBase = doEncryptionDerived(wrapper, encrParts);
+ } else {
+ String symEncAlgorithm = abinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ try {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ symmetricKey = keyGen.generateKey();
+ encrBase = doEncryption(wrapper, encrParts, true, symmetricKey);
+ } catch (WSSecurityException ex) {
+ LOG.log(Level.FINE, ex.getMessage(), ex);
+ throw new Fault(ex);
+ }
+ }
}
if (!isRequestor()) {
@@ -369,12 +393,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
if (encrBase != null) {
- encryptTokensInSecurityHeader(encryptionToken, encrBase);
+ encryptTokensInSecurityHeader(encryptionToken, encrBase, symmetricKey);
}
}
- private void encryptTokensInSecurityHeader(AbstractToken encryptionToken, WSSecBase encrBase) {
+ private void encryptTokensInSecurityHeader(AbstractToken encryptionToken,
+ WSSecBase encrBase,
+ SecretKey symmetricKey) {
List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
// Check for signature protection
@@ -428,7 +454,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
} else {
this.insertBeforeBottomUp(secondRefList);
}
- ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts);
+ ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts, symmetricKey);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
@@ -439,125 +465,121 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
private WSSecBase doEncryption(AbstractTokenWrapper recToken,
List<WSEncryptionPart> encrParts,
- boolean externalRef) {
- //Do encryption
- if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
- AbstractToken encrToken = recToken.getToken();
- assertPolicy(recToken);
- assertPolicy(encrToken);
- AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
- if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- return doEncryptionDerived(recToken, encrToken, encrParts, algorithmSuite);
- }
- try {
- WSSecEncrypt encr = new WSSecEncrypt(secHeader);
- encr.setEncryptionSerializer(new StaxSerializer());
- encr.setIdAllocator(wssConfig.getIdAllocator());
- encr.setCallbackLookup(callbackLookup);
- encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
- encr.setStoreBytesInAttachment(storeBytesInAttachment);
- encr.setExpandXopInclude(isExpandXopInclude());
- encr.setWsDocInfo(wsDocInfo);
-
- Crypto crypto = getEncryptionCrypto();
-
- SecurityToken securityToken = getSecurityToken();
- if (!isRequestor() && securityToken != null
- && recToken.getToken() instanceof SamlToken) {
- String tokenType = securityToken.getTokenType();
- if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML_NS.equals(tokenType)) {
- encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- encr.setCustomEKTokenId(securityToken.getId());
- } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML2_NS.equals(tokenType)) {
- encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- encr.setCustomEKTokenId(securityToken.getId());
- } else {
- setKeyIdentifierType(encr, encrToken);
- }
+ boolean externalRef,
+ SecretKey symmetricKey) {
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
+ try {
+ WSSecEncrypt encr = new WSSecEncrypt(secHeader);
+ encr.setEncryptionSerializer(new StaxSerializer());
+ encr.setIdAllocator(wssConfig.getIdAllocator());
+ encr.setCallbackLookup(callbackLookup);
+ encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ encr.setStoreBytesInAttachment(storeBytesInAttachment);
+ encr.setExpandXopInclude(isExpandXopInclude());
+ encr.setWsDocInfo(wsDocInfo);
+
+ Crypto crypto = getEncryptionCrypto();
+
+ SecurityToken securityToken = getSecurityToken();
+ if (!isRequestor() && securityToken != null
+ && recToken.getToken() instanceof SamlToken) {
+ String tokenType = securityToken.getTokenType();
+ if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML_NS.equals(tokenType)) {
+ encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ encr.setCustomEKTokenId(securityToken.getId());
+ } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML2_NS.equals(tokenType)) {
+ encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ encr.setCustomEKTokenId(securityToken.getId());
} else {
setKeyIdentifierType(encr, encrToken);
}
- //
- // Using a stored cert is only suitable for the Issued Token case, where
- // we're extracting the cert from a SAML Assertion on the provider side
- //
- if (!isRequestor() && securityToken != null
- && securityToken.getX509Certificate() != null) {
- encr.setUseThisCert(securityToken.getX509Certificate());
- } else if (!isRequestor() && securityToken != null
- && securityToken.getKey() instanceof PublicKey) {
- encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
- encr.setKeyIdentifierType(WSConstants.KEY_VALUE);
- } else {
- setEncryptionUser(encr, encrToken, false, crypto);
- }
- if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
- unassertPolicy(recToken, "Missing security configuration. "
- + "Make sure jaxws:client element is configured "
- + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
- }
- AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
- encr.setSymmetricEncAlgorithm(algType.getEncryption());
- encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
- encr.setMGFAlgorithm(algType.getMGFAlgo());
- encr.setDigestAlgorithm(algType.getEncryptionDigest());
- encr.prepare(crypto);
-
- Element encryptedKeyElement = encr.getEncryptedKeyElement();
- List<Element> attachments = encr.getAttachmentEncryptedDataElements();
- //Encrypt, get hold of the ref list and add it
- if (externalRef) {
- Element refList = encr.encryptForRef(null, encrParts);
- if (refList != null) {
- insertBeforeBottomUp(refList);
- }
- if (attachments != null) {
- for (Element attachment : attachments) {
- this.insertBeforeBottomUp(attachment);
- }
- }
- if (refList != null || (attachments != null && !attachments.isEmpty())) {
- this.addEncryptedKeyElement(encryptedKeyElement);
- }
- } else {
- Element refList = encr.encryptForRef(null, encrParts);
- if (refList != null || (attachments != null && !attachments.isEmpty())) {
- this.addEncryptedKeyElement(encryptedKeyElement);
- }
-
- // Add internal refs
- if (refList != null) {
- encryptedKeyElement.appendChild(refList);
- }
- if (attachments != null) {
- for (Element attachment : attachments) {
- this.addEncryptedKeyElement(attachment);
- }
+ } else {
+ setKeyIdentifierType(encr, encrToken);
+ }
+ //
+ // Using a stored cert is only suitable for the Issued Token case, where
+ // we're extracting the cert from a SAML Assertion on the provider side
+ //
+ if (!isRequestor() && securityToken != null
+ && securityToken.getX509Certificate() != null) {
+ encr.setUseThisCert(securityToken.getX509Certificate());
+ } else if (!isRequestor() && securityToken != null
+ && securityToken.getKey() instanceof PublicKey) {
+ encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
+ encr.setKeyIdentifierType(WSConstants.KEY_VALUE);
+ } else {
+ setEncryptionUser(encr, encrToken, false, crypto);
+ }
+ if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
+ unassertPolicy(recToken, "Missing security configuration. "
+ + "Make sure jaxws:client element is configured "
+ + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
+ }
+ AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
+ AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
+ encr.setSymmetricEncAlgorithm(algType.getEncryption());
+ encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
+ encr.setMGFAlgorithm(algType.getMGFAlgo());
+ encr.setDigestAlgorithm(algType.getEncryptionDigest());
+ encr.prepare(crypto, symmetricKey);
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+ List<Element> attachments = encr.getAttachmentEncryptedDataElements();
+ //Encrypt, get hold of the ref list and add it
+ if (externalRef) {
+ Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
+ if (refList != null) {
+ insertBeforeBottomUp(refList);
+ }
+ if (attachments != null) {
+ for (Element attachment : attachments) {
+ this.insertBeforeBottomUp(attachment);
}
}
+ if (refList != null || (attachments != null && !attachments.isEmpty())) {
+ this.addEncryptedKeyElement(encryptedKeyElement);
+ }
+ } else {
+ Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
+ if (refList != null || (attachments != null && !attachments.isEmpty())) {
+ this.addEncryptedKeyElement(encryptedKeyElement);
+ }
- // Put BST before EncryptedKey element
- if (encr.getBSTTokenId() != null) {
- encr.prependBSTElementToHeader();
+ // Add internal refs
+ if (refList != null) {
+ encryptedKeyElement.appendChild(refList);
+ }
+ if (attachments != null) {
+ for (Element attachment : attachments) {
+ this.addEncryptedKeyElement(attachment);
+ }
}
+ }
- return encr;
- } catch (WSSecurityException e) {
- LOG.log(Level.FINE, e.getMessage(), e);
- unassertPolicy(recToken, e);
+ // Put BST before EncryptedKey element
+ if (encr.getBSTTokenId() != null) {
+ encr.prependBSTElementToHeader();
}
+
+ return encr;
+ } catch (WSSecurityException e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ unassertPolicy(recToken, e);
}
return null;
}
private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
- AbstractToken encrToken,
- List<WSEncryptionPart> encrParts,
- AlgorithmSuite algorithmSuite) {
+ List<WSEncryptionPart> encrParts) {
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
@@ -579,6 +601,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkEncr.getParts().addAll(encrParts);
dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#"
+ WSS4JConstants.ENC_KEY_VALUE_TYPE);
+
+ AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
@@ -797,7 +821,11 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
private void createEncryptedKey(AbstractToken token)
throws WSSecurityException {
//Set up the encrypted key to use
- encrKey = this.getEncryptedKeyBuilder(token);
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption());
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ encrKey = this.getEncryptedKeyBuilder(token, symmetricKey);
Element bstElem = encrKey.getBinarySecurityTokenElement();
if (bstElem != null) {
// If a BST is available then use it
@@ -806,7 +834,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
// Add the EncryptedKey
this.addEncryptedKeyElement(encrKey.getEncryptedKeyElement());
- encryptedKeyValue = encrKey.getSymmetricKey().getEncoded();
+ encryptedKeyValue = symmetricKey.getEncoded();
encryptedKeyId = encrKey.getId();
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index e56fc39..e96cbfe 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -24,6 +24,8 @@ import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.crypto.dsig.Reference;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -206,7 +208,24 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
sigParts.addAll(this.getSignedParts(null));
List<WSEncryptionPart> encrParts = getEncryptedParts();
- WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true);
+
+ WSSecBase encr = null;
+ SecretKey symmetricKey = null;
+ if (encryptionWrapper.getToken() != null && !encrParts.isEmpty()) {
+ if (encryptionWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ encr = doEncryptionDerived(encryptionWrapper, tok, attached, encrParts, true);
+ } else {
+ byte[] ephemeralKey = tok.getSecret();
+ String symEncAlgorithm = sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ if (ephemeralKey != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(symEncAlgorithm, ephemeralKey);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ symmetricKey = keyGen.generateKey();
+ }
+ encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true, symmetricKey);
+ }
+ }
handleEncryptedSignedHeaders(encrParts, sigParts);
if (!isRequestor()) {
@@ -248,18 +267,18 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
secondEncrParts.addAll(encryptedTokensList);
}
- Element secondRefList = null;
+ if (!secondEncrParts.isEmpty()) {
+ Element secondRefList = null;
- if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys
- && !secondEncrParts.isEmpty()) {
- secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null,
- secondEncrParts);
- } else if (!secondEncrParts.isEmpty()) {
- //Encrypt, get hold of the ref list and add it
- secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts);
- }
- if (secondRefList != null) {
- this.addDerivedKeyElement(secondRefList);
+ if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null, secondEncrParts);
+ } else {
+ //Encrypt, get hold of the ref list and add it
+ secondRefList = ((WSSecEncrypt)encr).encryptForRef(null, secondEncrParts, symmetricKey);
+ }
+ if (secondRefList != null) {
+ this.addDerivedKeyElement(secondRefList);
+ }
}
}
}
@@ -385,23 +404,38 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
if (isRequestor()) {
enc.addAll(encryptedTokensList);
}
- doEncryption(encrAbstractTokenWrapper,
- encrTok,
- tokIncluded,
- enc,
- false);
+
+ if (encrAbstractTokenWrapper.getToken() != null && !enc.isEmpty()) {
+ if (encrAbstractTokenWrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ doEncryptionDerived(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false);
+ } else {
+ byte[] ephemeralKey = encrTok.getSecret();
+ SecretKey symmetricKey = null;
+ String symEncAlgorithm = sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption();
+ if (ephemeralKey != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(symEncAlgorithm, ephemeralKey);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgorithm);
+ symmetricKey = keyGen.generateKey();
+ }
+ doEncryption(encrAbstractTokenWrapper, encrTok, tokIncluded, enc, false, symmetricKey);
+ }
+ }
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
throw new Fault(e);
}
}
- private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
+ private WSSecDKEncrypt doEncryptionDerived(AbstractTokenWrapper recToken,
SecurityToken encrTok,
- AbstractToken encrToken,
boolean attached,
List<WSEncryptionPart> encrParts,
boolean atEnd) {
+
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
@@ -506,114 +540,107 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
return null;
}
- private WSSecBase doEncryption(AbstractTokenWrapper recToken,
+ private WSSecEncrypt doEncryption(AbstractTokenWrapper recToken,
SecurityToken encrTok,
boolean attached,
List<WSEncryptionPart> encrParts,
- boolean atEnd) {
- //Do encryption
- if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
- AbstractToken encrToken = recToken.getToken();
- assertPolicy(recToken);
- assertPolicy(encrToken);
- AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
- if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- return doEncryptionDerived(recToken, encrTok, encrToken,
- attached, encrParts, atEnd);
- }
- try {
- WSSecEncrypt encr = new WSSecEncrypt(secHeader);
- encr.setEncryptionSerializer(new StaxSerializer());
- encr.setIdAllocator(wssConfig.getIdAllocator());
- encr.setCallbackLookup(callbackLookup);
- encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
- encr.setStoreBytesInAttachment(storeBytesInAttachment);
- encr.setExpandXopInclude(isExpandXopInclude());
- encr.setWsDocInfo(wsDocInfo);
- String encrTokId = encrTok.getId();
- if (attached) {
- encrTokId = encrTok.getWsuId();
- if (encrTokId == null
- && (encrToken instanceof SecureConversationToken
- || encrToken instanceof SecurityContextToken)) {
- encr.setEncKeyIdDirectId(true);
- encrTokId = encrTok.getId();
- } else if (encrTokId == null) {
- encrTokId = encrTok.getId();
- }
- if (encrTokId.startsWith("#")) {
- encrTokId = encrTokId.substring(1);
- }
- } else {
+ boolean atEnd,
+ SecretKey symmetricKey) {
+ AbstractToken encrToken = recToken.getToken();
+ assertPolicy(recToken);
+ assertPolicy(encrToken);
+ try {
+ WSSecEncrypt encr = new WSSecEncrypt(secHeader);
+ encr.setEncryptionSerializer(new StaxSerializer());
+ encr.setIdAllocator(wssConfig.getIdAllocator());
+ encr.setCallbackLookup(callbackLookup);
+ encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ encr.setStoreBytesInAttachment(storeBytesInAttachment);
+ encr.setExpandXopInclude(isExpandXopInclude());
+ encr.setWsDocInfo(wsDocInfo);
+ String encrTokId = encrTok.getId();
+ if (attached) {
+ encrTokId = encrTok.getWsuId();
+ if (encrTokId == null
+ && (encrToken instanceof SecureConversationToken
+ || encrToken instanceof SecurityContextToken)) {
encr.setEncKeyIdDirectId(true);
+ encrTokId = encrTok.getId();
+ } else if (encrTokId == null) {
+ encrTokId = encrTok.getId();
}
- if (encrTok.getTokenType() != null) {
- encr.setCustomReferenceValue(encrTok.getTokenType());
+ if (encrTokId.startsWith("#")) {
+ encrTokId = encrTokId.substring(1);
}
- encr.setEncKeyId(encrTokId);
- encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
- encr.setEphemeralKey(encrTok.getSecret());
- Crypto crypto = getEncryptionCrypto();
- if (crypto != null) {
- setEncryptionUser(encr, encrToken, false, crypto);
- }
-
- encr.setEncryptSymmKey(false);
- encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
- encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
+ } else {
+ encr.setEncKeyIdDirectId(true);
+ }
+ if (encrTok.getTokenType() != null) {
+ encr.setCustomReferenceValue(encrTok.getTokenType());
+ }
+ encr.setEncKeyId(encrTokId);
+ AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
+ Crypto crypto = getEncryptionCrypto();
+ if (crypto != null) {
+ setEncryptionUser(encr, encrToken, false, crypto);
+ }
- if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken
- || encrToken instanceof SecureConversationToken) {
- //Setting the AttachedReference or the UnattachedReference according to the flag
- Element ref;
- if (attached) {
- ref = encrTok.getAttachedReference();
- } else {
- ref = encrTok.getUnattachedReference();
- }
+ encr.setEncryptSymmKey(false);
+ encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
+ encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
- String tokenType = encrTok.getTokenType();
- if (ref != null) {
- SecurityTokenReference secRef =
- new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
- encr.setSecurityTokenReference(secRef);
- } else if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML_NS.equals(tokenType)) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
- || WSS4JConstants.SAML2_NS.equals(tokenType)) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- } else {
- encr.setCustomReferenceValue(tokenType);
- encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- }
- } else if (encrToken instanceof UsernameToken) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
- } else if (encrToken instanceof KerberosToken && !isRequestor()) {
- encr.setCustomReferenceValue(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
- encr.setEncKeyId(encrTok.getSHA1());
- } else if (!isRequestor() && encrTok.getSHA1() != null) {
- encr.setCustomReferenceValue(encrTok.getSHA1());
- encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken
+ || encrToken instanceof SecureConversationToken) {
+ //Setting the AttachedReference or the UnattachedReference according to the flag
+ Element ref;
+ if (attached) {
+ ref = encrTok.getAttachedReference();
+ } else {
+ ref = encrTok.getUnattachedReference();
}
- encr.prepare(crypto);
-
- if (encr.getBSTTokenId() != null) {
- encr.prependBSTElementToHeader();
+ String tokenType = encrTok.getTokenType();
+ if (ref != null) {
+ SecurityTokenReference secRef =
+ new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
+ encr.setSecurityTokenReference(secRef);
+ } else if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML_NS.equals(tokenType)) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSS4JConstants.SAML2_NS.equals(tokenType)) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else {
+ encr.setCustomReferenceValue(tokenType);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
}
+ } else if (encrToken instanceof UsernameToken) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
+ } else if (encrToken instanceof KerberosToken && !isRequestor()) {
+ encr.setCustomReferenceValue(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
+ encr.setEncKeyId(encrTok.getSHA1());
+ } else if (!isRequestor() && encrTok.getSHA1() != null) {
+ encr.setCustomReferenceValue(encrTok.getSHA1());
+ encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ }
- Element refList = encr.encryptForRef(null, encrParts);
- List<Element> attachments = encr.getAttachmentEncryptedDataElements();
- addAttachmentsForEncryption(atEnd, refList, attachments);
+ encr.prepare(crypto, symmetricKey);
- return encr;
- } catch (WSSecurityException e) {
- LOG.log(Level.FINE, e.getMessage(), e);
- unassertPolicy(recToken, e);
+ if (encr.getBSTTokenId() != null) {
+ encr.prependBSTElementToHeader();
}
+
+ Element refList = encr.encryptForRef(null, encrParts, symmetricKey);
+ List<Element> attachments = encr.getAttachmentEncryptedDataElements();
+ addAttachmentsForEncryption(atEnd, refList, attachments);
+
+ return encr;
+ } catch (WSSecurityException e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ unassertPolicy(recToken, e);
}
return null;
}
@@ -914,10 +941,14 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
}
private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException {
- WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken);
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption());
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(sigToken, symmetricKey);
assertTokenWrapper(wrapper);
String id = encrKey.getId();
- byte[] secret = encrKey.getSymmetricKey().getEncoded();
+ byte[] secret = symmetricKey.getEncoded();
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 208d391..8af27ae 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -25,6 +25,8 @@ import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
@@ -51,6 +53,7 @@ import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.SecurityTokenReference;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.WSSecDKSign;
@@ -357,7 +360,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
- WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(token);
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(algType.getEncryption());
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(token, symmetricKey);
assertPolicy(wrapper);
Element bstElem = encrKey.getBinarySecurityTokenElement();
@@ -380,10 +387,9 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setExpandXopInclude(isExpandXopInclude());
dkSig.setWsDocInfo(wsDocInfo);
- AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
- dkSig.setExternalKey(encrKey.getSymmetricKey().getEncoded(), encrKey.getId());
+ dkSig.setExternalKey(symmetricKey.getEncoded(), encrKey.getId());
dkSig.prepare();
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
index 0e54cf2..158e5f8 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/AbstractSAMLCallbackHandler.java
@@ -23,6 +23,8 @@ import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -40,6 +42,7 @@ import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -170,7 +173,10 @@ public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
encrKey.setUseThisCert(certs[0]);
- encrKey.prepare(null);
+
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+ encrKey.prepare(null, symmetricKey);
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index ba5bb13..0b4b80c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -29,6 +29,8 @@ import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -77,6 +79,7 @@ import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DateUtil;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
@@ -375,10 +378,17 @@ public abstract class AbstractOperation {
WSSecEncryptedKey builder = new WSSecEncryptedKey(doc);
builder.setUserInfo(name);
builder.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
- builder.setEphemeralKey(secret);
builder.setKeyEncAlgo(keyWrapAlgorithm);
- builder.prepare(stsProperties.getEncryptionCrypto());
+ SecretKey symmetricKey = null;
+ if (secret != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(encryptionProperties.getEncryptionAlgorithm(), secret);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(encryptionProperties.getEncryptionAlgorithm());
+ symmetricKey = keyGen.generateKey();
+ }
+
+ builder.prepare(stsProperties.getEncryptionCrypto(), symmetricKey);
return builder.getEncryptedKeyElement();
}
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index d5f2284..c080d4b 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -27,6 +27,8 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.kerberos.KerberosPrincipal;
@@ -55,6 +57,7 @@ import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
/**
@@ -331,11 +334,18 @@ public class DefaultSubjectProvider implements SubjectProvider {
// Create an EncryptedKey
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
encrKey.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
- encrKey.setEphemeralKey(secret);
- encrKey.setSymmetricEncAlgorithm(encryptionProperties.getEncryptionAlgorithm());
encrKey.setUseThisCert(certificate);
encrKey.setKeyEncAlgo(encryptionProperties.getKeyWrapAlgorithm());
- encrKey.prepare(encryptionCrypto);
+
+ SecretKey symmetricKey = null;
+ if (secret != null) {
+ symmetricKey = KeyUtils.prepareSecretKey(encryptionProperties.getEncryptionAlgorithm(), secret);
+ } else {
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(encryptionProperties.getEncryptionAlgorithm());
+ symmetricKey = keyGen.generateKey();
+ }
+
+ encrKey.prepare(encryptionCrypto, symmetricKey);
Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
// Append the EncryptedKey to a KeyInfo element
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
index b4cb1a7..e907da1 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderUtils.java
@@ -25,6 +25,8 @@ import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -43,6 +45,7 @@ import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
@@ -171,8 +174,11 @@ public final class TokenProviderUtils {
WSEncryptionPart encryptionPart = new WSEncryptionPart(id, "Element");
encryptionPart.setElement(element);
- builder.prepare(stsProperties.getEncryptionCrypto());
- builder.encryptForRef(null, Collections.singletonList(encryptionPart));
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(encryptionAlgorithm);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ builder.prepare(stsProperties.getEncryptionCrypto(), symmetricKey);
+ builder.encryptForRef(null, Collections.singletonList(encryptionPart), symmetricKey);
return (Element)frag.getFirstChild();
}
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
index 4dc76c8..ca8f151 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java
@@ -26,6 +26,8 @@ import java.util.Collections;
import java.util.List;
import java.util.Properties;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
@@ -70,6 +72,7 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSConfig;
@@ -839,9 +842,12 @@ public class IssueSamlUnitTest {
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
builder.setKeyEncAlgo(WSS4JConstants.KEYTRANSPORT_RSAOAEP);
- builder.prepare(stsProperties.getSignatureCrypto());
+ KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
+ SecretKey symmetricKey = keyGen.generateKey();
+
+ builder.prepare(stsProperties.getSignatureCrypto(), symmetricKey);
Element encryptedKeyElement = builder.getEncryptedKeyElement();
- byte[] secret = builder.getSymmetricKey().getEncoded();
+ byte[] secret = symmetricKey.getEncoded();
EntropyType entropyType = new EntropyType();
entropyType.getAny().add(encryptedKeyElement);
[cxf] 01/07: Get the encrypted key SHA value directly from WSS4J
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch wss4j_2.3.0
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit ec2a1a52066a11a8518372bb06a63b3153d9c8e4
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jan 25 11:27:40 2019 +0000
Get the encrypted key SHA value directly from WSS4J
---
parent/pom.xml | 4 ++--
.../cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/parent/pom.xml b/parent/pom.xml
index a6da29f..e5e1886 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -180,7 +180,7 @@
<cxf.woodstox.core.version>5.0.3</cxf.woodstox.core.version>
<cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version>
<cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
- <cxf.wss4j.version>2.2.3</cxf.wss4j.version>
+ <cxf.wss4j.version>2.3.0-SNAPSHOT</cxf.wss4j.version>
<cxf.xbean.version>4.13</cxf.xbean.version>
<cxf.xerces.version>2.12.0</cxf.xerces.version>
<cxf.xmlschema.version>2.2.4</cxf.xmlschema.version>
@@ -223,7 +223,7 @@
<cxf.osgi.saaj.version>[1.3,2)</cxf.osgi.saaj.version>
<cxf.stax-ex.version>1.7.6</cxf.stax-ex.version>
<cxf.wsdl4j.bundle.version>1.6.3_1</cxf.wsdl4j.bundle.version>
- <cxf.xmlsec.bundle.version>2.1.3</cxf.xmlsec.bundle.version>
+ <cxf.xmlsec.bundle.version>2.2.0-SNAPSHOT</cxf.xmlsec.bundle.version>
<cxf.rhino.bundle.version>1.7R2_3</cxf.rhino.bundle.version>
<cxf.xmlresolver.bundle.version>1.2_5</cxf.xmlresolver.bundle.version>
<cxf.xerces.bundle.version>2.12.0_1</cxf.xerces.bundle.version>
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 87a6a30..cc37da2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -932,7 +932,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
// Set the SHA1 value of the encrypted key, this is used when the encrypted
// key is referenced via a key identifier of type EncryptedKeySHA1
- tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
+ tempTok.setSHA1(encrKey.getEncryptedKeySHA1());
tokenStore.add(tempTok);
// Create another cache entry with the SHA1 Identifier as the key for easy retrieval