You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2012/04/06 17:18:41 UTC
svn commit: r1310397 [1/2] - in /cxf/branches/2.4.x-fixes:
api/src/main/resources/schemas/wsdl/
distribution/src/main/release/samples/java_first_jaxws/src/test/java/demo/hw/server/
distribution/src/main/release/samples/sts_issue_operation/src/main/java...
Author: dkulp
Date: Fri Apr 6 15:18:38 2012
New Revision: 1310397
URL: http://svn.apache.org/viewvc?rev=1310397&view=rev
Log:
Set svn properties
Modified:
cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd (contents, props changed)
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/java_first_jaxws/src/test/java/demo/hw/server/HelloWorldImplTest.java (props changed)
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt
cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java
cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java (props changed)
cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCacheFactory.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/MemoryReplayCacheFactory.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/ReplayCacheFactory.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorEncryptionTokenBuilder.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorSignatureTokenBuilder.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientEncryptionTokenBuilder.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientSignatureTokenBuilder.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/GCMAlgorithmSuite.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoTokenInterceptorProvider.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorEncryptionToken.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorSignatureToken.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientEncryptionToken.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientSignatureToken.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/resources/cxf-ehcache.xml (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SecurityVerificationOutTest.java (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/encrypted_parts_missing_binding.xml (props changed)
cxf/branches/2.4.x-fixes/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j/signed_parts_missing_binding.xml (props changed)
cxf/branches/2.4.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/provider/InterpretNullAsOnewayProviderTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/uncategorized/src/test/java/org/apache/cxf/systest/beanincreationexception/TestBeanABO.java
cxf/branches/2.4.x-fixes/systests/uncategorized/src/test/java/org/apache/cxf/systest/beanincreationexception/TestBeanABOImpl.java
cxf/branches/2.4.x-fixes/systests/ws-security-examples/ (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/pom.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/common/CommonPasswordCallback.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/common/DoubleItImpl.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/common/DoubleItPortTypeImpl.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/server/Server.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/Server.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/sts/STSServer.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/server/Server.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/server/Server.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/DoubleItLogical.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.properties (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.properties (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/cxfca.properties (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/log4j.properties (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/logging.properties (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/client.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/cxf-symmetric.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/client/client.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server/server.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/server/server.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/server/Server.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/SecurityHeaderCacheInterceptor.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenDerivedTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/server/ServerDerived.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/revocation.properties (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client/client-derived.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/server-derived.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/addr-anon-client.xml
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/addr-anon-server.xml
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/rmwsdl_server.xml
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/RobustServiceAtMostOnceTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAckBase.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAckPersistenceTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAckTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/ServiceInvocationAtMostOnceAckTest.java (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/SlowProcessingSimulator.java (contents, props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/sync-ack-atmostonce-server.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/sync-ack-persistent-server.xml (props changed)
cxf/branches/2.4.x-fixes/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/rm/sync-ack-server.xml (props changed)
Modified: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd (original)
+++ cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd Fri Apr 6 15:18:38 2012
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<xsd:schema targetNamespace="http://ws-i.org/profiles/basic/1.1/xsd"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <xsd:simpleType name="swaRef">
- <xsd:restriction base="xsd:anyURI" />
- </xsd:simpleType>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<xsd:schema targetNamespace="http://ws-i.org/profiles/basic/1.1/xsd"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+ <xsd:simpleType name="swaRef">
+ <xsd:restriction base="xsd:anyURI" />
+ </xsd:simpleType>
</xsd:schema>
\ No newline at end of file
Propchange: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/wsdl/swaref.xsd
------------------------------------------------------------------------------
svn:mime-type = text/xml
Propchange: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/java_first_jaxws/src/test/java/demo/hw/server/HelloWorldImplTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml1TokenProvider.java Fri Apr 6 15:18:38 2012
@@ -1,181 +1,181 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Element;
-import org.apache.cxf.common.logging.LogUtils;
-import org.joda.time.DateTime;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.KeyInfo;
-
-
-public class Saml1TokenProvider implements TokenProvider {
-
- private static final Logger LOG = LogUtils.getL7dLogger(Saml1TokenProvider.class);
- private static final String RESPONSE_TOKENTYPE_SAML1
- = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
-
- public String getResponseTokentype() {
- return RESPONSE_TOKENTYPE_SAML1;
- }
-
- public String getTokenType() {
- return SAMLConstants.SAML1_NS;
- }
-
- public Element createToken(X509Certificate certificate) {
- try {
- org.opensaml.saml1.core.Subject subject = createSubjectSAML1(certificate);
- org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
- return SamlUtils.toDom(samlAssertion).getDocumentElement();
- } catch (Exception e) {
- throw new TokenException("Can't serialize SAML assertion", e);
- }
- }
-
- public Element createToken(String username) {
- try {
- org.opensaml.saml1.core.Subject subject = createSubjectSAML1(username);
- org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
- return SamlUtils.toDom(samlAssertion).getDocumentElement();
- } catch (Exception e) {
- throw new TokenException("Can't serialize SAML assertion", e);
- }
- }
-
- public String getTokenId(Element token) {
- return token
- .getAttribute(org.opensaml.saml1.core.Assertion.ID_ATTRIB_NAME);
- }
-
- private org.opensaml.saml1.core.Subject createSubjectSAML1(String username) {
- org.opensaml.saml1.core.NameIdentifier nameID =
- (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
- .buildObject();
- nameID.setNameIdentifier(username);
- String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
-
- if (format != null) {
- nameID.setFormat(format);
- }
-
- org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
- .buildObject();
- subject.setNameIdentifier(nameID);
-
- String confirmationString = "urn:oasis:names:tc:SAML:1.0:cm:bearer";
-
- if (confirmationString != null) {
-
- org.opensaml.saml1.core.ConfirmationMethod confirmationMethod =
- (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
- .buildObject();
- confirmationMethod.setConfirmationMethod(confirmationString);
-
- org.opensaml.saml1.core.SubjectConfirmation confirmation =
- (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
- .buildObject();
- confirmation.getConfirmationMethods().add(confirmationMethod);
-
- subject.setSubjectConfirmation(confirmation);
- }
- return subject;
- }
-
- private org.opensaml.saml1.core.Subject createSubjectSAML1(
- X509Certificate certificate) throws Exception {
- DefaultBootstrap.bootstrap();
- org.opensaml.saml1.core.NameIdentifier nameID =
- (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
- .buildObject();
- nameID.setNameIdentifier(certificate.getSubjectDN().getName());
- nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
- org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
- .buildObject();
- subject.setNameIdentifier(nameID);
- org.opensaml.saml1.core.ConfirmationMethod confirmationMethod =
- (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
- .buildObject();
- confirmationMethod
- .setConfirmationMethod("Urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
- org.opensaml.saml1.core.SubjectConfirmation confirmation =
- (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
- .buildObject();
- confirmation.getConfirmationMethods().add(confirmationMethod);
- BasicX509Credential keyInfoCredential = new BasicX509Credential();
- keyInfoCredential.setEntityCertificate(certificate);
- X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
- kiFactory.setEmitPublicKeyValue(true);
- KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
- confirmation.setKeyInfo(keyInfo);
- subject.setSubjectConfirmation(confirmation);
- return subject;
- }
-
- private org.opensaml.saml1.core.Assertion createAuthnAssertionSAML1(
- org.opensaml.saml1.core.Subject subject) {
- org.opensaml.saml1.core.AuthenticationStatement authnStatement =
- (new org.opensaml.saml1.core.impl.AuthenticationStatementBuilder())
- .buildObject();
- authnStatement.setSubject(subject);
- // authnStatement.setAuthenticationMethod(strAuthMethod);
-
- DateTime now = new DateTime();
-
- authnStatement.setAuthenticationInstant(now);
-
- org.opensaml.saml1.core.Conditions conditions = (new org.opensaml.saml1.core.impl.ConditionsBuilder())
- .buildObject();
- conditions.setNotBefore(now.minusMillis(3600000));
- conditions.setNotOnOrAfter(now.plusMillis(3600000));
-
- String issuerURL = "http://www.sopera.de/SAML1";
-
- org.opensaml.saml1.core.Assertion assertion = (new org.opensaml.saml1.core.impl.AssertionBuilder())
- .buildObject();
- try {
- SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
- assertion.setID(generator.generateIdentifier());
- } catch (NoSuchAlgorithmException e) {
- LOG.log(Level.WARNING, e.getMessage(), e);
- }
-
- assertion.setIssuer(issuerURL);
- assertion.setIssueInstant(now);
- assertion.setVersion(SAMLVersion.VERSION_11);
-
- assertion.getAuthenticationStatements().add(authnStatement);
- // assertion.getAttributeStatements().add(attrStatement);
- assertion.setConditions(conditions);
-
- return assertion;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.common.logging.LogUtils;
+import org.joda.time.DateTime;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
+
+
+public class Saml1TokenProvider implements TokenProvider {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(Saml1TokenProvider.class);
+ private static final String RESPONSE_TOKENTYPE_SAML1
+ = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+
+ public String getResponseTokentype() {
+ return RESPONSE_TOKENTYPE_SAML1;
+ }
+
+ public String getTokenType() {
+ return SAMLConstants.SAML1_NS;
+ }
+
+ public Element createToken(X509Certificate certificate) {
+ try {
+ org.opensaml.saml1.core.Subject subject = createSubjectSAML1(certificate);
+ org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
+ return SamlUtils.toDom(samlAssertion).getDocumentElement();
+ } catch (Exception e) {
+ throw new TokenException("Can't serialize SAML assertion", e);
+ }
+ }
+
+ public Element createToken(String username) {
+ try {
+ org.opensaml.saml1.core.Subject subject = createSubjectSAML1(username);
+ org.opensaml.saml1.core.Assertion samlAssertion = createAuthnAssertionSAML1(subject);
+ return SamlUtils.toDom(samlAssertion).getDocumentElement();
+ } catch (Exception e) {
+ throw new TokenException("Can't serialize SAML assertion", e);
+ }
+ }
+
+ public String getTokenId(Element token) {
+ return token
+ .getAttribute(org.opensaml.saml1.core.Assertion.ID_ATTRIB_NAME);
+ }
+
+ private org.opensaml.saml1.core.Subject createSubjectSAML1(String username) {
+ org.opensaml.saml1.core.NameIdentifier nameID =
+ (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
+ .buildObject();
+ nameID.setNameIdentifier(username);
+ String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
+
+ if (format != null) {
+ nameID.setFormat(format);
+ }
+
+ org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
+ .buildObject();
+ subject.setNameIdentifier(nameID);
+
+ String confirmationString = "urn:oasis:names:tc:SAML:1.0:cm:bearer";
+
+ if (confirmationString != null) {
+
+ org.opensaml.saml1.core.ConfirmationMethod confirmationMethod =
+ (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
+ .buildObject();
+ confirmationMethod.setConfirmationMethod(confirmationString);
+
+ org.opensaml.saml1.core.SubjectConfirmation confirmation =
+ (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
+ .buildObject();
+ confirmation.getConfirmationMethods().add(confirmationMethod);
+
+ subject.setSubjectConfirmation(confirmation);
+ }
+ return subject;
+ }
+
+ private org.opensaml.saml1.core.Subject createSubjectSAML1(
+ X509Certificate certificate) throws Exception {
+ DefaultBootstrap.bootstrap();
+ org.opensaml.saml1.core.NameIdentifier nameID =
+ (new org.opensaml.saml1.core.impl.NameIdentifierBuilder())
+ .buildObject();
+ nameID.setNameIdentifier(certificate.getSubjectDN().getName());
+ nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
+ org.opensaml.saml1.core.Subject subject = (new org.opensaml.saml1.core.impl.SubjectBuilder())
+ .buildObject();
+ subject.setNameIdentifier(nameID);
+ org.opensaml.saml1.core.ConfirmationMethod confirmationMethod =
+ (new org.opensaml.saml1.core.impl.ConfirmationMethodBuilder())
+ .buildObject();
+ confirmationMethod
+ .setConfirmationMethod("Urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
+ org.opensaml.saml1.core.SubjectConfirmation confirmation =
+ (new org.opensaml.saml1.core.impl.SubjectConfirmationBuilder())
+ .buildObject();
+ confirmation.getConfirmationMethods().add(confirmationMethod);
+ BasicX509Credential keyInfoCredential = new BasicX509Credential();
+ keyInfoCredential.setEntityCertificate(certificate);
+ X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
+ kiFactory.setEmitPublicKeyValue(true);
+ KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
+ confirmation.setKeyInfo(keyInfo);
+ subject.setSubjectConfirmation(confirmation);
+ return subject;
+ }
+
+ private org.opensaml.saml1.core.Assertion createAuthnAssertionSAML1(
+ org.opensaml.saml1.core.Subject subject) {
+ org.opensaml.saml1.core.AuthenticationStatement authnStatement =
+ (new org.opensaml.saml1.core.impl.AuthenticationStatementBuilder())
+ .buildObject();
+ authnStatement.setSubject(subject);
+ // authnStatement.setAuthenticationMethod(strAuthMethod);
+
+ DateTime now = new DateTime();
+
+ authnStatement.setAuthenticationInstant(now);
+
+ org.opensaml.saml1.core.Conditions conditions = (new org.opensaml.saml1.core.impl.ConditionsBuilder())
+ .buildObject();
+ conditions.setNotBefore(now.minusMillis(3600000));
+ conditions.setNotOnOrAfter(now.plusMillis(3600000));
+
+ String issuerURL = "http://www.sopera.de/SAML1";
+
+ org.opensaml.saml1.core.Assertion assertion = (new org.opensaml.saml1.core.impl.AssertionBuilder())
+ .buildObject();
+ try {
+ SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
+ assertion.setID(generator.generateIdentifier());
+ } catch (NoSuchAlgorithmException e) {
+ LOG.log(Level.WARNING, e.getMessage(), e);
+ }
+
+ assertion.setIssuer(issuerURL);
+ assertion.setIssueInstant(now);
+ assertion.setVersion(SAMLVersion.VERSION_11);
+
+ assertion.getAuthenticationStatements().add(authnStatement);
+ // assertion.getAttributeStatements().add(attrStatement);
+ assertion.setConditions(conditions);
+
+ return assertion;
+ }
+
+}
Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/Saml2TokenProvider.java Fri Apr 6 15:18:38 2012
@@ -1,194 +1,194 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.joda.time.DateTime;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.KeyInfoConfirmationDataType;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.impl.AssertionBuilder;
-import org.opensaml.saml2.core.impl.AuthnContextBuilder;
-import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
-import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
-import org.opensaml.saml2.core.impl.ConditionsBuilder;
-import org.opensaml.saml2.core.impl.IssuerBuilder;
-import org.opensaml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder;
-import org.opensaml.saml2.core.impl.NameIDBuilder;
-import org.opensaml.saml2.core.impl.SubjectBuilder;
-import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.KeyInfo;
-
-public class Saml2TokenProvider implements TokenProvider {
-
- private static final String SAML_AUTH_CONTEXT = "ac:classes:X509";
- private static final String RESPONSE_TOKENTYPE_SAML2
- = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
- private static final Logger LOG = LogUtils.getL7dLogger(Saml2TokenProvider.class);
-
- public String getResponseTokentype() {
- return RESPONSE_TOKENTYPE_SAML2;
- }
-
- public String getTokenType() {
- return SAMLConstants.SAML20_NS;
- }
-
- public Element createToken(X509Certificate certificate) {
- try {
- Subject subject = createSubject(certificate);
- Assertion samlAssertion = createAuthnAssertion(subject);
- return SamlUtils.toDom(samlAssertion).getDocumentElement();
- } catch (Exception e) {
- throw new TokenException("Can't serialize SAML assertion", e);
- }
- }
-
- public Element createToken(String username) {
- Subject subject = createSubject(username);
- Assertion samlAssertion = createAuthnAssertion(subject);
-
- try {
- return SamlUtils.toDom(samlAssertion).getDocumentElement();
- } catch (Exception e) {
- throw new TokenException("Can't serialize SAML assertion", e);
- }
- }
-
- public String getTokenId(Element token) {
- return token.getAttribute(Assertion.ID_ATTRIB_NAME);
- }
-
- private Subject createSubject(String username) {
- NameID nameID = (new NameIDBuilder()).buildObject();
- nameID.setValue(username);
- String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
- if (format != null) {
- nameID.setFormat(format);
- }
-
- Subject subject = (new SubjectBuilder()).buildObject();
- subject.setNameID(nameID);
-
- SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
- .buildObject();
- confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
- subject.getSubjectConfirmations().add(confirmation);
- return subject;
- }
-
- private Subject createSubject(X509Certificate certificate) throws Exception {
- DefaultBootstrap.bootstrap();
- NameID nameID = (new NameIDBuilder()).buildObject();
- nameID.setValue(certificate.getSubjectDN().getName());
- String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
- if (format != null) {
- nameID.setFormat(format);
- }
- Subject subject = (new SubjectBuilder()).buildObject();
- subject.setNameID(nameID);
- SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
- .buildObject();
- confirmation.setMethod(SubjectConfirmation.METHOD_HOLDER_OF_KEY);
- KeyInfoConfirmationDataType keyInfoDataType = new KeyInfoConfirmationDataTypeBuilder()
- .buildObject();
- BasicX509Credential keyInfoCredential = new BasicX509Credential();
- keyInfoCredential.setEntityCertificate(certificate);
- keyInfoCredential.setPublicKey(certificate.getPublicKey());
- BasicKeyInfoGeneratorFactory kiFactory = new BasicKeyInfoGeneratorFactory();
- kiFactory.setEmitPublicKeyValue(true);
- KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
- keyInfoDataType.getKeyInfos().add(keyInfo);
- subject.getSubjectConfirmations().add(confirmation);
- subject.getSubjectConfirmations().get(0)
- .setSubjectConfirmationData(keyInfoDataType);
- return subject;
- }
-
- private Assertion createAuthnAssertion(Subject subject) {
- Assertion assertion = createAssertion(subject);
-
- AuthnContextClassRef ref = (new AuthnContextClassRefBuilder())
- .buildObject();
- String authnCtx = SAML_AUTH_CONTEXT;
- if (authnCtx != null) {
- ref.setAuthnContextClassRef(authnCtx);
- }
- AuthnContext authnContext = (new AuthnContextBuilder()).buildObject();
- authnContext.setAuthnContextClassRef(ref);
-
- AuthnStatement authnStatement = (new AuthnStatementBuilder())
- .buildObject();
- authnStatement.setAuthnInstant(new DateTime());
- authnStatement.setAuthnContext(authnContext);
-
- assertion.getStatements().add(authnStatement);
-
- return assertion;
- }
-
- private Assertion createAssertion(Subject subject) {
- Assertion assertion = (new AssertionBuilder()).buildObject();
- try {
- SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
- assertion.setID(generator.generateIdentifier());
- } catch (NoSuchAlgorithmException e) {
- LOG.log(Level.WARNING, e.getMessage(), e);
- }
-
- DateTime now = new DateTime();
- assertion.setIssueInstant(now);
-
- String issuerURL = "http://www.sopera.de/SAML2";
- if (issuerURL != null) {
- Issuer issuer = (new IssuerBuilder()).buildObject();
- issuer.setValue(issuerURL);
- assertion.setIssuer(issuer);
- }
-
- assertion.setSubject(subject);
-
- Conditions conditions = (new ConditionsBuilder()).buildObject();
- conditions.setNotBefore(now.minusMillis(3600000));
- conditions.setNotOnOrAfter(now.plusMillis(3600000));
- assertion.setConditions(conditions);
- return assertion;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.joda.time.DateTime;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.KeyInfoConfirmationDataType;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.impl.AssertionBuilder;
+import org.opensaml.saml2.core.impl.AuthnContextBuilder;
+import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
+import org.opensaml.saml2.core.impl.AuthnStatementBuilder;
+import org.opensaml.saml2.core.impl.ConditionsBuilder;
+import org.opensaml.saml2.core.impl.IssuerBuilder;
+import org.opensaml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder;
+import org.opensaml.saml2.core.impl.NameIDBuilder;
+import org.opensaml.saml2.core.impl.SubjectBuilder;
+import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
+import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.KeyInfo;
+
+public class Saml2TokenProvider implements TokenProvider {
+
+ private static final String SAML_AUTH_CONTEXT = "ac:classes:X509";
+ private static final String RESPONSE_TOKENTYPE_SAML2
+ = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+ private static final Logger LOG = LogUtils.getL7dLogger(Saml2TokenProvider.class);
+
+ public String getResponseTokentype() {
+ return RESPONSE_TOKENTYPE_SAML2;
+ }
+
+ public String getTokenType() {
+ return SAMLConstants.SAML20_NS;
+ }
+
+ public Element createToken(X509Certificate certificate) {
+ try {
+ Subject subject = createSubject(certificate);
+ Assertion samlAssertion = createAuthnAssertion(subject);
+ return SamlUtils.toDom(samlAssertion).getDocumentElement();
+ } catch (Exception e) {
+ throw new TokenException("Can't serialize SAML assertion", e);
+ }
+ }
+
+ public Element createToken(String username) {
+ Subject subject = createSubject(username);
+ Assertion samlAssertion = createAuthnAssertion(subject);
+
+ try {
+ return SamlUtils.toDom(samlAssertion).getDocumentElement();
+ } catch (Exception e) {
+ throw new TokenException("Can't serialize SAML assertion", e);
+ }
+ }
+
+ public String getTokenId(Element token) {
+ return token.getAttribute(Assertion.ID_ATTRIB_NAME);
+ }
+
+ private Subject createSubject(String username) {
+ NameID nameID = (new NameIDBuilder()).buildObject();
+ nameID.setValue(username);
+ String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:transient";
+ if (format != null) {
+ nameID.setFormat(format);
+ }
+
+ Subject subject = (new SubjectBuilder()).buildObject();
+ subject.setNameID(nameID);
+
+ SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
+ .buildObject();
+ confirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
+ subject.getSubjectConfirmations().add(confirmation);
+ return subject;
+ }
+
+ private Subject createSubject(X509Certificate certificate) throws Exception {
+ DefaultBootstrap.bootstrap();
+ NameID nameID = (new NameIDBuilder()).buildObject();
+ nameID.setValue(certificate.getSubjectDN().getName());
+ String format = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
+ if (format != null) {
+ nameID.setFormat(format);
+ }
+ Subject subject = (new SubjectBuilder()).buildObject();
+ subject.setNameID(nameID);
+ SubjectConfirmation confirmation = (new SubjectConfirmationBuilder())
+ .buildObject();
+ confirmation.setMethod(SubjectConfirmation.METHOD_HOLDER_OF_KEY);
+ KeyInfoConfirmationDataType keyInfoDataType = new KeyInfoConfirmationDataTypeBuilder()
+ .buildObject();
+ BasicX509Credential keyInfoCredential = new BasicX509Credential();
+ keyInfoCredential.setEntityCertificate(certificate);
+ keyInfoCredential.setPublicKey(certificate.getPublicKey());
+ BasicKeyInfoGeneratorFactory kiFactory = new BasicKeyInfoGeneratorFactory();
+ kiFactory.setEmitPublicKeyValue(true);
+ KeyInfo keyInfo = kiFactory.newInstance().generate(keyInfoCredential);
+ keyInfoDataType.getKeyInfos().add(keyInfo);
+ subject.getSubjectConfirmations().add(confirmation);
+ subject.getSubjectConfirmations().get(0)
+ .setSubjectConfirmationData(keyInfoDataType);
+ return subject;
+ }
+
+ private Assertion createAuthnAssertion(Subject subject) {
+ Assertion assertion = createAssertion(subject);
+
+ AuthnContextClassRef ref = (new AuthnContextClassRefBuilder())
+ .buildObject();
+ String authnCtx = SAML_AUTH_CONTEXT;
+ if (authnCtx != null) {
+ ref.setAuthnContextClassRef(authnCtx);
+ }
+ AuthnContext authnContext = (new AuthnContextBuilder()).buildObject();
+ authnContext.setAuthnContextClassRef(ref);
+
+ AuthnStatement authnStatement = (new AuthnStatementBuilder())
+ .buildObject();
+ authnStatement.setAuthnInstant(new DateTime());
+ authnStatement.setAuthnContext(authnContext);
+
+ assertion.getStatements().add(authnStatement);
+
+ return assertion;
+ }
+
+ private Assertion createAssertion(Subject subject) {
+ Assertion assertion = (new AssertionBuilder()).buildObject();
+ try {
+ SecureRandomIdentifierGenerator generator = new SecureRandomIdentifierGenerator();
+ assertion.setID(generator.generateIdentifier());
+ } catch (NoSuchAlgorithmException e) {
+ LOG.log(Level.WARNING, e.getMessage(), e);
+ }
+
+ DateTime now = new DateTime();
+ assertion.setIssueInstant(now);
+
+ String issuerURL = "http://www.sopera.de/SAML2";
+ if (issuerURL != null) {
+ Issuer issuer = (new IssuerBuilder()).buildObject();
+ issuer.setValue(issuerURL);
+ assertion.setIssuer(issuer);
+ }
+
+ assertion.setSubject(subject);
+
+ Conditions conditions = (new ConditionsBuilder()).buildObject();
+ conditions.setNotBefore(now.minusMillis(3600000));
+ conditions.setNotOnOrAfter(now.plusMillis(3600000));
+ assertion.setConditions(conditions);
+ return assertion;
+ }
+
+}
Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/SamlUtils.java Fri Apr 6 15:18:38 2012
@@ -1,52 +1,52 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.helpers.DOMUtils;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.ConfigurationException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-
-public final class SamlUtils {
-
- private SamlUtils() {
-
- }
-
- public static Document toDom(XMLObject object) throws MarshallingException,
- ParserConfigurationException, ConfigurationException {
- Document document = DOMUtils.createDocument();
-
- DefaultBootstrap.bootstrap();
-
- Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
- object);
- out.marshall(object, document);
- return document;
- }
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+
+public final class SamlUtils {
+
+ private SamlUtils() {
+
+ }
+
+ public static Document toDom(XMLObject object) throws MarshallingException,
+ ParserConfigurationException, ConfigurationException {
+ Document document = DOMUtils.createDocument();
+
+ DefaultBootstrap.bootstrap();
+
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
+
+}
Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/sts_issue_operation/src/main/java/demo/sts/provider/token/TokenProvider.java Fri Apr 6 15:18:38 2012
@@ -1,37 +1,37 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.sts.provider.token;
-
-import java.security.cert.X509Certificate;
-
-import org.w3c.dom.Element;
-
-public interface TokenProvider {
-
- String getTokenType();
-
- Element createToken(String username);
-
- Element createToken(X509Certificate certificate);
-
- String getTokenId(Element token);
-
- String getResponseTokentype();
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.sts.provider.token;
+
+import java.security.cert.X509Certificate;
+
+import org.w3c.dom.Element;
+
+public interface TokenProvider {
+
+ String getTokenType();
+
+ Element createToken(String username);
+
+ Element createToken(X509Certificate certificate);
+
+ String getTokenId(Element token);
+
+ String getResponseTokentype();
+}
Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/bin/gencerts.sh Fri Apr 6 15:18:38 2012
@@ -1,163 +1,163 @@
-#!/bin/sh
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-#
-#
-# This file uses openssl and keytool to generate 2 chains of 3 certificates
-# CN=Wibble CN=Cherry
-# CN=TheRA
-# CN=TheCA
-# and generates a CRL to revoke the "CN=TheRA" certificate.
-#
-# This file also serves as a specification on what needs to be done to
-# get the underlying CXF to work correctly.
-# For the most part, you need to use only JKS (Java Key Store) formatted
-# keystores and truststores.
-
-
-# Initialize the default openssl DataBase.
-# According to a default /usr/lib/ssl/openssl.cnf file it is ./demoCA
-# Depending on the Openssl version, comment out "crlnumber" in config file.
-# We echo 1345 to start the certificate serial number counter.
-
- rm -rf demoCA
- mkdir -p demoCA/newcerts
- cp /dev/null demoCA/index.txt
- echo "1345" > demoCA/serial
-
-# This file makes sure that the certificate for CN=TheRA can be a Certificate
-# Authority, i.e. can sign the user certificates, e.g. "CN=Wibble".
-
-cat <<EOF > exts
-[x509_extensions]
-basicConstraints=CA:TRUE
-EOF
-
-# Create the CA's keypair and self-signed certificate
-# -x509 means create self-sign cert
-# -keyout means generate keypair
-# -nodes means do not encrypt private key.
-# -set_serial sets the serial number of the certificate
-
- openssl req -verbose -x509 -new -nodes -set_serial 1234 \
- -subj "/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
- -days 7300 -out cacert.pem -keyout caprivkey.pem
-
-# Create the RA's keypair and Certificate Request
-# without -x509, we generate an x509 cert request.
-# -keyout means generate keypair
-# -nodes means do not encrypt private key.
-
- openssl req -verbose -new -nodes \
- -subj "/CN=TheRA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
- -days 7300 -out csrra.pem -keyout raprivkey.pem
-
-# Have the CN=TheCA issue a certificate for the CN=TheRA
-# We need -extfile exts -extenstions x509_extensions to make sure
-# CN=TheRA can be a Certificate Authority.
-
- openssl ca -batch -days 7300 -cert cacert.pem -keyfile caprivkey.pem \
- -in csrra.pem -out ra-ca-cert.pem -extfile exts -extensions x509_extensions
-
-# Create keypairs and Cert Request for a certificate for CN=Wibble and CN=Cherry
-# This procedure must be done in JKS, because we need to use a JKS keystore.
-# The current version of CXF using PCKS12 will not work for a number of
-# internal CXF reasons.
-
- rm -f wibble.jks
-
- keytool -genkey \
- -dname "CN=Wibble, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
- -keystore wibble.jks -storetype jks -storepass password -keypass password
-
- keytool -certreq -keystore wibble.jks -storetype jks -storepass password \
- -keypass password -file csrwibble.pem
-
-
- rm -f cherry.jks
-
- keytool -genkey \
- -dname "CN=Cherry, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
- -keystore cherry.jks -storetype jks -storepass password -keypass password
-
- keytool -certreq -keystore cherry.jks -storetype jks -storepass password \
- -keypass password -file csrcherry.pem
-
-
-# Have the CN=TheRA issue a certificate for CN=Wibble and CN=Cherry via
-# their Certificate Requests.
-
- openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
- -in csrwibble.pem -out wibble-ra-cert.pem
-
- openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
- -in csrcherry.pem -out cherry-ra-cert.pem
-
-
-# Rewrite the certificates in PEM only format. This allows us to concatenate
-# them into chains.
-
- openssl x509 -in cacert.pem -out cacert.pem -outform PEM
- openssl x509 -in ra-ca-cert.pem -out ra-ca-cert.pem -outform PEM
- openssl x509 -in wibble-ra-cert.pem -out wibble-ra-cert.pem -outform PEM
- openssl x509 -in cherry-ra-cert.pem -out cherry-ra-cert.pem -outform PEM
-
-# Create a chain readable by CertificateFactory.getCertificates.
-
- cat wibble-ra-cert.pem ra-ca-cert.pem cacert.pem > wibble.chain
- cat cherry-ra-cert.pem ra-ca-cert.pem cacert.pem > cherry.chain
-
-# Replace the certificate in the Wibble keystore with their respective
-# full chains.
-
- keytool -import -file wibble.chain -keystore wibble.jks -storetype jks \
- -storepass password -keypass password -noprompt
-
- keytool -import -file cherry.chain -keystore cherry.jks -storetype jks \
- -storepass password -keypass password -noprompt
-
-# Revoke the CN=TheRA certificate (happens in the Openssl DB)
-
- openssl ca -verbose -cert cacert.pem -keyfile caprivkey.pem \
- -revoke ra-ca-cert.pem -crl_reason keyCompromise
-
-# Create the CRL from that revocation (from the Openssl DB)
-
- openssl ca -verbose -gencrl -out ca.crl -cert cacert.pem \
- -keyfile caprivkey.pem
-
-# Create the Truststore file containing the CA cert.
-
- rm -f truststore.jks
-
- keytool -import -file cacert.pem -alias TheCA -keystore truststore.jks \
- -storepass password -noprompt
-
-# Uncomment to see what's in the Keystores and CRL
-
- keytool -v -list -keystore wibble.jks -storepass password
-
- keytool -v -list -keystore cherry.jks -storepass password
-
- keytool -v -list -keystore truststore.jks -storepass password
-
- openssl crl -in ca.crl -text -noout
-
-# Get rid of everything but wibble.chain and ra.crl
-#rm -rf *.pem exts demoCA *pk12
+#!/bin/sh
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+#
+# This file uses openssl and keytool to generate 2 chains of 3 certificates
+# CN=Wibble CN=Cherry
+# CN=TheRA
+# CN=TheCA
+# and generates a CRL to revoke the "CN=TheRA" certificate.
+#
+# This file also serves as a specification on what needs to be done to
+# get the underlying CXF to work correctly.
+# For the most part, you need to use only JKS (Java Key Store) formatted
+# keystores and truststores.
+
+
+# Initialize the default openssl DataBase.
+# According to a default /usr/lib/ssl/openssl.cnf file it is ./demoCA
+# Depending on the Openssl version, comment out "crlnumber" in config file.
+# We echo 1345 to start the certificate serial number counter.
+
+ rm -rf demoCA
+ mkdir -p demoCA/newcerts
+ cp /dev/null demoCA/index.txt
+ echo "1345" > demoCA/serial
+
+# This file makes sure that the certificate for CN=TheRA can be a Certificate
+# Authority, i.e. can sign the user certificates, e.g. "CN=Wibble".
+
+cat <<EOF > exts
+[x509_extensions]
+basicConstraints=CA:TRUE
+EOF
+
+# Create the CA's keypair and self-signed certificate
+# -x509 means create self-sign cert
+# -keyout means generate keypair
+# -nodes means do not encrypt private key.
+# -set_serial sets the serial number of the certificate
+
+ openssl req -verbose -x509 -new -nodes -set_serial 1234 \
+ -subj "/CN=TheCA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+ -days 7300 -out cacert.pem -keyout caprivkey.pem
+
+# Create the RA's keypair and Certificate Request
+# without -x509, we generate an x509 cert request.
+# -keyout means generate keypair
+# -nodes means do not encrypt private key.
+
+ openssl req -verbose -new -nodes \
+ -subj "/CN=TheRA/OU=NOT FOR PRODUCTION/O=Apache/ST=NY/C=US" \
+ -days 7300 -out csrra.pem -keyout raprivkey.pem
+
+# Have the CN=TheCA issue a certificate for the CN=TheRA
+# We need -extfile exts -extenstions x509_extensions to make sure
+# CN=TheRA can be a Certificate Authority.
+
+ openssl ca -batch -days 7300 -cert cacert.pem -keyfile caprivkey.pem \
+ -in csrra.pem -out ra-ca-cert.pem -extfile exts -extensions x509_extensions
+
+# Create keypairs and Cert Request for a certificate for CN=Wibble and CN=Cherry
+# This procedure must be done in JKS, because we need to use a JKS keystore.
+# The current version of CXF using PCKS12 will not work for a number of
+# internal CXF reasons.
+
+ rm -f wibble.jks
+
+ keytool -genkey \
+ -dname "CN=Wibble, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+ -keystore wibble.jks -storetype jks -storepass password -keypass password
+
+ keytool -certreq -keystore wibble.jks -storetype jks -storepass password \
+ -keypass password -file csrwibble.pem
+
+
+ rm -f cherry.jks
+
+ keytool -genkey \
+ -dname "CN=Cherry, OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US" \
+ -keystore cherry.jks -storetype jks -storepass password -keypass password
+
+ keytool -certreq -keystore cherry.jks -storetype jks -storepass password \
+ -keypass password -file csrcherry.pem
+
+
+# Have the CN=TheRA issue a certificate for CN=Wibble and CN=Cherry via
+# their Certificate Requests.
+
+ openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+ -in csrwibble.pem -out wibble-ra-cert.pem
+
+ openssl ca -batch -days 7300 -cert ra-ca-cert.pem -keyfile raprivkey.pem \
+ -in csrcherry.pem -out cherry-ra-cert.pem
+
+
+# Rewrite the certificates in PEM only format. This allows us to concatenate
+# them into chains.
+
+ openssl x509 -in cacert.pem -out cacert.pem -outform PEM
+ openssl x509 -in ra-ca-cert.pem -out ra-ca-cert.pem -outform PEM
+ openssl x509 -in wibble-ra-cert.pem -out wibble-ra-cert.pem -outform PEM
+ openssl x509 -in cherry-ra-cert.pem -out cherry-ra-cert.pem -outform PEM
+
+# Create a chain readable by CertificateFactory.getCertificates.
+
+ cat wibble-ra-cert.pem ra-ca-cert.pem cacert.pem > wibble.chain
+ cat cherry-ra-cert.pem ra-ca-cert.pem cacert.pem > cherry.chain
+
+# Replace the certificate in the Wibble keystore with their respective
+# full chains.
+
+ keytool -import -file wibble.chain -keystore wibble.jks -storetype jks \
+ -storepass password -keypass password -noprompt
+
+ keytool -import -file cherry.chain -keystore cherry.jks -storetype jks \
+ -storepass password -keypass password -noprompt
+
+# Revoke the CN=TheRA certificate (happens in the Openssl DB)
+
+ openssl ca -verbose -cert cacert.pem -keyfile caprivkey.pem \
+ -revoke ra-ca-cert.pem -crl_reason keyCompromise
+
+# Create the CRL from that revocation (from the Openssl DB)
+
+ openssl ca -verbose -gencrl -out ca.crl -cert cacert.pem \
+ -keyfile caprivkey.pem
+
+# Create the Truststore file containing the CA cert.
+
+ rm -f truststore.jks
+
+ keytool -import -file cacert.pem -alias TheCA -keystore truststore.jks \
+ -storepass password -noprompt
+
+# Uncomment to see what's in the Keystores and CRL
+
+ keytool -v -list -keystore wibble.jks -storepass password
+
+ keytool -v -list -keystore cherry.jks -storepass password
+
+ keytool -v -list -keystore truststore.jks -storepass password
+
+ openssl crl -in ca.crl -text -noout
+
+# Get rid of everything but wibble.chain and ra.crl
+#rm -rf *.pem exts demoCA *pk12
Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/certs/demoCA/index.txt Fri Apr 6 15:18:38 2012
@@ -1,3 +1,3 @@
-R 290617153708Z 090622153711Z,keyCompromise 1345 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
-V 290617153710Z 1346 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
-V 290617153710Z 1347 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry
+R 290617153708Z 090622153711Z,keyCompromise 1345 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=TheRA
+V 290617153710Z 1346 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Wibble
+V 290617153710Z 1347 unknown /C=US/ST=NY/O=Apache/OU=NOT FOR PRODUCTION/CN=Cherry
Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java (original)
+++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_policy/src/demo/wssec/server/GreeterImpl.java Fri Apr 6 15:18:38 2012
@@ -1,43 +1,43 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package demo.wssec.server;
-
-import java.util.logging.Logger;
-import org.apache.hello_world_soap_http.Greeter;
-
-@javax.jws.WebService(name = "Greeter", serviceName = "SOAPService",
- targetNamespace = "http://apache.org/hello_world_soap_http",
- wsdlLocation = "file:./wsdl/hello_world.wsdl")
-
-public class GreeterImpl implements Greeter {
-
- private static final Logger LOG =
- Logger.getLogger(GreeterImpl.class.getPackage().getName());
-
- /* (non-Javadoc)
- * @see org.objectweb.hello_world_soap_http.Greeter#greetMe(java.lang.String)
- */
- public String greetMe(String me) {
- LOG.info("Executing operation greetMe");
- System.out.println("Executing operation greetMe");
- System.out.println("Message received: " + me + "\n");
- return "Hello " + me;
- }
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.wssec.server;
+
+import java.util.logging.Logger;
+import org.apache.hello_world_soap_http.Greeter;
+
+@javax.jws.WebService(name = "Greeter", serviceName = "SOAPService",
+ targetNamespace = "http://apache.org/hello_world_soap_http",
+ wsdlLocation = "file:./wsdl/hello_world.wsdl")
+
+public class GreeterImpl implements Greeter {
+
+ private static final Logger LOG =
+ Logger.getLogger(GreeterImpl.class.getPackage().getName());
+
+ /* (non-Javadoc)
+ * @see org.objectweb.hello_world_soap_http.Greeter#greetMe(java.lang.String)
+ */
+ public String greetMe(String me) {
+ LOG.info("Executing operation greetMe");
+ System.out.println("Executing operation greetMe");
+ System.out.println("Message received: " + me + "\n");
+ return "Hello " + me;
+ }
+}
Propchange: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java?rev=1310397&r1=1310396&r2=1310397&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HeadersTest.java Fri Apr 6 15:18:38 2012
@@ -1,101 +1,101 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.transport.http;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.easymock.EasyMock;
-import org.easymock.IMocksControl;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- *
- */
-public class HeadersTest extends Assert {
- private IMocksControl control;
-
- @Before
- public void setUp() {
- control = EasyMock.createNiceControl();
- }
-
- @After
- public void tearDown() {
- control.verify();
- }
-
- @Test
- public void setHeadersTest() throws Exception {
- String[] headerNames = {"Content-Type", "authorization", "soapAction"};
- String[] headerValues = {"text/xml", "Basic Zm9vOmJhcg==", "foo"};
- Map<String, List<String>> inmap = new HashMap<String, List<String>>();
- for (int i = 0; i < headerNames.length; i++) {
- inmap.put(headerNames[i], Arrays.asList(headerValues[i]));
- }
-
- HttpServletRequest req = control.createMock(HttpServletRequest.class);
- EasyMock.expect(req.getHeaderNames()).andReturn(Collections.enumeration(inmap.keySet()));
- for (int i = 0; i < headerNames.length; i++) {
- EasyMock.expect(req.getHeaders(headerNames[i])).
- andReturn(Collections.enumeration(inmap.get(headerNames[i])));
- }
- EasyMock.expect(req.getContentType()).andReturn(headerValues[0]).anyTimes();
-
- control.replay();
-
- Message message = new MessageImpl();
- message.put(AbstractHTTPDestination.HTTP_REQUEST, req);
-
- Headers headers = new Headers(message);
- headers.copyFromRequest(req);
-
- Map<String, List<String>> protocolHeaders =
- CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
-
- assertTrue("unexpected size", protocolHeaders.size() == headerNames.length);
-
- assertEquals("unexpected header", protocolHeaders.get("Content-Type").get(0), headerValues[0]);
- assertEquals("unexpected header", protocolHeaders.get("content-type").get(0), headerValues[0]);
- assertEquals("unexpected header", protocolHeaders.get("CONTENT-TYPE").get(0), headerValues[0]);
- assertEquals("unexpected header", protocolHeaders.get("content-TYPE").get(0), headerValues[0]);
-
- assertEquals("unexpected header", protocolHeaders.get("Authorization").get(0), headerValues[1]);
- assertEquals("unexpected header", protocolHeaders.get("authorization").get(0), headerValues[1]);
- assertEquals("unexpected header", protocolHeaders.get("AUTHORIZATION").get(0), headerValues[1]);
- assertEquals("unexpected header", protocolHeaders.get("authoriZATION").get(0), headerValues[1]);
-
- assertEquals("unexpected header", protocolHeaders.get("SOAPAction").get(0), headerValues[2]);
- assertEquals("unexpected header", protocolHeaders.get("soapaction").get(0), headerValues[2]);
- assertEquals("unexpected header", protocolHeaders.get("SOAPACTION").get(0), headerValues[2]);
- assertEquals("unexpected header", protocolHeaders.get("soapAction").get(0), headerValues[2]);
-
- }
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.http;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.easymock.EasyMock;
+import org.easymock.IMocksControl;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class HeadersTest extends Assert {
+ private IMocksControl control;
+
+ @Before
+ public void setUp() {
+ control = EasyMock.createNiceControl();
+ }
+
+ @After
+ public void tearDown() {
+ control.verify();
+ }
+
+ @Test
+ public void setHeadersTest() throws Exception {
+ String[] headerNames = {"Content-Type", "authorization", "soapAction"};
+ String[] headerValues = {"text/xml", "Basic Zm9vOmJhcg==", "foo"};
+ Map<String, List<String>> inmap = new HashMap<String, List<String>>();
+ for (int i = 0; i < headerNames.length; i++) {
+ inmap.put(headerNames[i], Arrays.asList(headerValues[i]));
+ }
+
+ HttpServletRequest req = control.createMock(HttpServletRequest.class);
+ EasyMock.expect(req.getHeaderNames()).andReturn(Collections.enumeration(inmap.keySet()));
+ for (int i = 0; i < headerNames.length; i++) {
+ EasyMock.expect(req.getHeaders(headerNames[i])).
+ andReturn(Collections.enumeration(inmap.get(headerNames[i])));
+ }
+ EasyMock.expect(req.getContentType()).andReturn(headerValues[0]).anyTimes();
+
+ control.replay();
+
+ Message message = new MessageImpl();
+ message.put(AbstractHTTPDestination.HTTP_REQUEST, req);
+
+ Headers headers = new Headers(message);
+ headers.copyFromRequest(req);
+
+ Map<String, List<String>> protocolHeaders =
+ CastUtils.cast((Map)message.get(Message.PROTOCOL_HEADERS));
+
+ assertTrue("unexpected size", protocolHeaders.size() == headerNames.length);
+
+ assertEquals("unexpected header", protocolHeaders.get("Content-Type").get(0), headerValues[0]);
+ assertEquals("unexpected header", protocolHeaders.get("content-type").get(0), headerValues[0]);
+ assertEquals("unexpected header", protocolHeaders.get("CONTENT-TYPE").get(0), headerValues[0]);
+ assertEquals("unexpected header", protocolHeaders.get("content-TYPE").get(0), headerValues[0]);
+
+ assertEquals("unexpected header", protocolHeaders.get("Authorization").get(0), headerValues[1]);
+ assertEquals("unexpected header", protocolHeaders.get("authorization").get(0), headerValues[1]);
+ assertEquals("unexpected header", protocolHeaders.get("AUTHORIZATION").get(0), headerValues[1]);
+ assertEquals("unexpected header", protocolHeaders.get("authoriZATION").get(0), headerValues[1]);
+
+ assertEquals("unexpected header", protocolHeaders.get("SOAPAction").get(0), headerValues[2]);
+ assertEquals("unexpected header", protocolHeaders.get("soapaction").get(0), headerValues[2]);
+ assertEquals("unexpected header", protocolHeaders.get("SOAPACTION").get(0), headerValues[2]);
+ assertEquals("unexpected header", protocolHeaders.get("soapAction").get(0), headerValues[2]);
+
+ }
+}
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCache.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/EHCacheReplayCacheFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/MemoryReplayCacheFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/ReplayCacheFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorEncryptionTokenBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorSignatureTokenBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientEncryptionTokenBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientSignatureTokenBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/GCMAlgorithmSuite.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native