You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/23 15:17:32 UTC
svn commit: r1485693 [2/14] - in /cxf/trunk: ./
distribution/src/main/release/samples/sts/src/main/java/demo/wssec/client/
distribution/src/main/release/samples/sts/src/main/java/demo/wssec/server/
distribution/src/main/release/samples/sts/src/main/jav...
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java Thu May 23 13:17:26 2013
@@ -39,20 +39,21 @@ import org.apache.cxf.common.util.Base64
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.rs.security.xml.EncryptionUtils;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDocInfo;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.SAMLUtil;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SamlAssertionValidator;
-import org.apache.ws.security.validate.SignatureTrustValidator;
-import org.apache.ws.security.validate.Validator;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.wss4j.dom.validate.SignatureTrustValidator;
+import org.apache.wss4j.dom.validate.Validator;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.utils.Constants;
@@ -97,14 +98,14 @@ public class SAMLProtocolResponseValidat
if (samlResponse.getStatus() == null
|| samlResponse.getStatus().getStatusCode() == null) {
LOG.fine("Either the SAML Response Status or StatusCode is null");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
if (!SAML2_STATUSCODE_SUCCESS.equals(samlResponse.getStatus().getStatusCode().getValue())) {
LOG.fine(
"SAML Status code of " + samlResponse.getStatus().getStatusCode().getValue()
+ "does not equal " + SAML2_STATUSCODE_SUCCESS
);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
validateResponseAgainstSchemas(samlResponse);
@@ -119,13 +120,13 @@ public class SAMLProtocolResponseValidat
Element decAssertion = decryptAssertion(encryptedDataDOM, sigCrypto, callbackHandler);
- AssertionWrapper wrapper = new AssertionWrapper(decAssertion);
+ SamlAssertionWrapper wrapper = new SamlAssertionWrapper(decAssertion);
samlResponse.getAssertions().add(wrapper.getSaml2());
}
// Validate Assertions
for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
- AssertionWrapper wrapper = new AssertionWrapper(assertion);
+ SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
validateAssertion(wrapper, sigCrypto, callbackHandler, doc);
}
}
@@ -147,7 +148,7 @@ public class SAMLProtocolResponseValidat
|| samlResponse.getStatus().getStatusCode() == null
|| samlResponse.getStatus().getStatusCode().getValue() == null) {
LOG.fine("Either the SAML Response Status or StatusCode is null");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
String statusValue = samlResponse.getStatus().getStatusCode().getValue().getLocalPart();
if (!SAML1_STATUSCODE_SUCCESS.equals(statusValue)) {
@@ -155,7 +156,7 @@ public class SAMLProtocolResponseValidat
"SAML Status code of " + samlResponse.getStatus().getStatusCode().getValue()
+ "does not equal " + SAML1_STATUSCODE_SUCCESS
);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
validateResponseAgainstSchemas(samlResponse);
@@ -163,7 +164,7 @@ public class SAMLProtocolResponseValidat
// Validate Assertions
for (org.opensaml.saml1.core.Assertion assertion : samlResponse.getAssertions()) {
- AssertionWrapper wrapper = new AssertionWrapper(assertion);
+ SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
validateAssertion(
wrapper, sigCrypto, callbackHandler, samlResponse.getDOM().getOwnerDocument()
);
@@ -183,7 +184,7 @@ public class SAMLProtocolResponseValidat
schemaValidators.validate(samlResponse);
} catch (ValidationException e) {
LOG.log(Level.FINE, "Saml Validation error: " + e.getMessage(), e);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -200,7 +201,7 @@ public class SAMLProtocolResponseValidat
schemaValidators.validate(samlResponse);
} catch (ValidationException e) {
LOG.log(Level.FINE, "Saml Validation error: " + e.getMessage(), e);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -250,19 +251,17 @@ public class SAMLProtocolResponseValidat
CallbackHandler callbackHandler
) throws WSSecurityException {
RequestData requestData = new RequestData();
- requestData.setSigCrypto(sigCrypto);
+ requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
- WSDocInfo docInfo = new WSDocInfo(doc);
KeyInfo keyInfo = signature.getKeyInfo();
SAMLKeyInfo samlKeyInfo = null;
try {
samlKeyInfo =
SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), requestData, docInfo,
- requestData.getWssConfig().isWsiBSPCompliant()
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)), sigCrypto
);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, "Error in getting KeyInfo from SAML Response: " + ex.getMessage(), ex);
@@ -270,7 +269,7 @@ public class SAMLProtocolResponseValidat
}
if (samlKeyInfo == null) {
LOG.fine("No KeyInfo supplied in the SAMLResponse signature");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// Validate Signature against profiles
@@ -285,7 +284,7 @@ public class SAMLProtocolResponseValidat
signatureValidator.validate(trustCredential, requestData);
} catch (WSSecurityException e) {
LOG.log(Level.FINE, "Error in validating signature on SAML Response: " + e.getMessage(), e);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -302,7 +301,7 @@ public class SAMLProtocolResponseValidat
validator.validate(signature);
} catch (ValidationException ex) {
LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
BasicX509Credential credential = new BasicX509Credential();
@@ -312,14 +311,14 @@ public class SAMLProtocolResponseValidat
credential.setPublicKey(samlKeyInfo.getPublicKey());
} else {
LOG.fine("Can't get X509Certificate or PublicKey to verify signature");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
SignatureValidator sigValidator = new SignatureValidator(credential);
try {
sigValidator.validate(signature);
} catch (ValidationException ex) {
LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -327,16 +326,16 @@ public class SAMLProtocolResponseValidat
* Validate an internal Assertion
*/
private void validateAssertion(
- AssertionWrapper assertion,
+ SamlAssertionWrapper assertion,
Crypto sigCrypto,
CallbackHandler callbackHandler,
Document doc
) throws WSSecurityException {
Credential credential = new Credential();
- credential.setAssertion(assertion);
+ credential.setSamlAssertion(assertion);
RequestData requestData = new RequestData();
- requestData.setSigCrypto(sigCrypto);
+ requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
@@ -350,11 +349,22 @@ public class SAMLProtocolResponseValidat
// Verify the signature
try {
- assertion.verifySignature(requestData, new WSDocInfo(doc));
+ Signature sig = assertion.getSignature();
+ KeyInfo keyInfo = sig.getKeyInfo();
+ SAMLKeyInfo samlKeyInfo =
+ SAMLUtil.getCredentialDirectlyFromKeyInfo(
+ keyInfo.getDOM(), sigCrypto
+ );
+ assertion.verifySignature(samlKeyInfo);
+
+ assertion.parseHOKSubject(
+ new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)),
+ requestData.getSigVerCrypto(),
+ requestData.getCallbackHandler()
+ );
} catch (WSSecurityException e) {
- e.printStackTrace();
LOG.log(Level.FINE, "Assertion failed signature validation", e);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw e;
}
}
@@ -363,7 +373,7 @@ public class SAMLProtocolResponseValidat
assertionValidator.validate(credential, requestData);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, "Assertion validation failed: " + ex.getMessage(), ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw ex;
}
}
@@ -373,13 +383,13 @@ public class SAMLProtocolResponseValidat
Element encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey", 0);
if (encKeyElement == null) {
LOG.log(Level.FINE, "EncryptedKey element is not available");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
X509Certificate cert = loadCertificate(sigCrypto, encKeyElement);
if (cert == null) {
LOG.fine("X509Certificate cannot be retrieved from EncryptedKey element");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// now start decrypting
@@ -389,12 +399,12 @@ public class SAMLProtocolResponseValidat
Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS, "CipherValue", 0);
if (cipherValue == null) {
LOG.fine("CipherValue element is not available");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
if (callbackHandler == null) {
LOG.fine("A CallbackHandler must be configured to decrypt encrypted Assertions");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
PrivateKey key = null;
@@ -402,7 +412,7 @@ public class SAMLProtocolResponseValidat
key = sigCrypto.getPrivateKey(cert, callbackHandler);
} catch (Exception ex) {
LOG.log(Level.FINE, "Encrypted key can not be decrypted", ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Cipher cipher =
EncryptionUtils.initCipherWithKey(keyEncAlgo, digestAlgo, Cipher.DECRYPT_MODE, key);
@@ -412,10 +422,10 @@ public class SAMLProtocolResponseValidat
decryptedBytes = cipher.doFinal(encryptedBytes);
} catch (Base64Exception ex) {
LOG.log(Level.FINE, "Base64 decoding has failed", ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
} catch (Exception ex) {
LOG.log(Level.FINE, "Encrypted key can not be decrypted", ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
String symKeyAlgo = getEncodingMethodAlgorithm(encryptedDataDOM);
@@ -425,7 +435,7 @@ public class SAMLProtocolResponseValidat
decryptedPayload = decryptPayload(encryptedDataDOM, decryptedBytes, symKeyAlgo);
} catch (Exception ex) {
LOG.log(Level.FINE, "Payload can not be decrypted", ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Document payloadDoc = null;
@@ -435,7 +445,7 @@ public class SAMLProtocolResponseValidat
return payloadDoc.getDocumentElement();
} catch (Exception ex) {
LOG.log(Level.FINE, "Payload document can not be created", ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -456,7 +466,7 @@ public class SAMLProtocolResponseValidat
return SecurityUtils.loadX509Certificate(crypto, certNode);
} catch (Exception ex) {
LOG.log(Level.FINE, "X509Certificate can not be created", ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -466,7 +476,7 @@ public class SAMLProtocolResponseValidat
return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
} catch (Exception ex) {
LOG.log(Level.FINE, "X509Certificate can not be created", ex);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -477,7 +487,7 @@ public class SAMLProtocolResponseValidat
Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
if (encMethod == null) {
LOG.fine("EncryptionMethod element is not available");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
return encMethod.getAttribute("Algorithm");
}
@@ -503,9 +513,7 @@ public class SAMLProtocolResponseValidat
EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key);
return xmlCipher.decryptToByteArray(root);
} catch (XMLEncryptionException ex) {
- throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
- );
+ throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
}
}
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java Thu May 23 13:17:26 2013
@@ -25,9 +25,9 @@ import java.util.logging.Logger;
import org.w3c.dom.Element;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.DOM2Writer;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnStatement;
@@ -79,7 +79,7 @@ public class SAMLSSOResponseValidator {
// The Response must contain at least one Assertion.
if (samlResponse.getAssertions() == null || samlResponse.getAssertions().isEmpty()) {
LOG.fine("The Response must contain at least one Assertion");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// The Response must contain a Destination that matches the assertionConsumerURL if it is
@@ -88,7 +88,7 @@ public class SAMLSSOResponseValidator {
if (samlResponse.isSigned()
&& (destination == null || !destination.equals(assertionConsumerURL))) {
LOG.fine("The Response must contain a destination that matches the assertion consumer URL");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// Validate Assertions
@@ -98,14 +98,14 @@ public class SAMLSSOResponseValidator {
// Check the Issuer
if (assertion.getIssuer() == null) {
LOG.fine("Assertion Issuer must not be null");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
validateIssuer(assertion.getIssuer());
if (enforceAssertionsSigned && postBinding && assertion.getSignature() == null) {
LOG.fine("If the HTTP Post binding is used to deliver the Response, "
+ "the enclosed assertions must be signed");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// Check for AuthnStatements and validate the Subject accordingly
@@ -129,7 +129,7 @@ public class SAMLSSOResponseValidator {
if (!foundValidSubject) {
LOG.fine("The Response did not contain any Authentication Statement that matched "
+ "the Subject Confirmation criteria");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
@@ -153,7 +153,7 @@ public class SAMLSSOResponseValidator {
if (enforceKnownIssuer && !issuerIDP.startsWith(issuer.getValue())) {
LOG.fine("Issuer value: " + issuer.getValue() + " does not match issuer IDP: "
+ issuerIDP);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// Format must be nameid-format-entity
@@ -161,7 +161,7 @@ public class SAMLSSOResponseValidator {
&& !SAML2Constants.NAMEID_FORMAT_ENTITY.equals(issuer.getFormat())) {
LOG.fine("Issuer format is not null and does not equal: "
+ SAML2Constants.NAMEID_FORMAT_ENTITY);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -193,7 +193,7 @@ public class SAMLSSOResponseValidator {
) throws WSSecurityException {
if (subjectConfData == null) {
LOG.fine("Subject Confirmation Data of a Bearer Subject Confirmation is null");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// Recipient must match assertion consumer URL
@@ -201,14 +201,14 @@ public class SAMLSSOResponseValidator {
if (recipient == null || !recipient.equals(assertionConsumerURL)) {
LOG.fine("Recipient " + recipient + " does not match assertion consumer URL "
+ assertionConsumerURL);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// We must have a NotOnOrAfter timestamp
if (subjectConfData.getNotOnOrAfter() == null
|| subjectConfData.getNotOnOrAfter().isBeforeNow()) {
LOG.fine("Subject Conf Data does not contain NotOnOrAfter or it has expired");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// Need to keep bearer assertion IDs based on NotOnOrAfter to detect replay attacks
@@ -220,7 +220,7 @@ public class SAMLSSOResponseValidator {
replayCache.putId(id, ttl / 1000L);
} else {
LOG.fine("Replay attack with token id: " + id);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -229,19 +229,19 @@ public class SAMLSSOResponseValidator {
&& !subjectConfData.getAddress().equals(clientAddress)) {
LOG.fine("Subject Conf Data address " + subjectConfData.getAddress() + " does match"
+ " client address " + clientAddress);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// It must not contain a NotBefore timestamp
if (subjectConfData.getNotBefore() != null) {
LOG.fine("The Subject Conf Data must not contain a NotBefore timestamp");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// InResponseTo must match the AuthnRequest request Id
if (requestId != null && !requestId.equals(subjectConfData.getInResponseTo())) {
LOG.fine("The InResponseTo String does match the original request id " + requestId);
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
@@ -251,13 +251,13 @@ public class SAMLSSOResponseValidator {
) throws WSSecurityException {
if (conditions == null) {
LOG.fine("Conditions are null");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AudienceRestriction> audienceRestrs = conditions.getAudienceRestrictions();
if (!matchSaml2AudienceRestriction(spIdentifier, audienceRestrs)) {
LOG.fine("Assertion does not contain unique subject provider identifier "
+ spIdentifier + " in the audience restriction conditions");
- throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SSOConstants.java Thu May 23 13:17:26 2013
@@ -18,7 +18,7 @@
*/
package org.apache.cxf.rs.security.saml.sso;
-import org.apache.ws.security.WSConstants;
+import org.apache.wss4j.dom.WSConstants;
public final class SSOConstants {
public static final String SAML_REQUEST = "SAMLRequest";
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java Thu May 23 13:17:26 2013
@@ -35,12 +35,11 @@ import org.apache.cxf.jaxrs.ext.MessageC
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.util.DOM2Writer;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.xml.security.x509.BasicX509Credential;
@@ -126,7 +125,7 @@ public class SamlPostBindingFilter exten
cryptoType.setAlias(signatureUser);
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
if (issuerCerts == null) {
- throw new WSSecurityException(
+ throw new Exception(
"No issuer certs were found to sign the request using name: " + signatureUser
);
}
@@ -140,17 +139,12 @@ public class SamlPostBindingFilter exten
LOG.fine("Using Signature algorithm " + sigAlgo);
// Get the password
- WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE)};
+ WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.Usage.SIGNATURE)};
callbackHandler.handle(cb);
String password = cb[0].getPassword();
// Get the private key
- PrivateKey privateKey = null;
- try {
- privateKey = crypto.getPrivateKey(signatureUser, password);
- } catch (Exception ex) {
- throw new WSSecurityException(ex.getMessage(), ex);
- }
+ PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
// Create the signature
Signature signature = OpenSAMLUtil.buildSignature();
@@ -170,7 +164,7 @@ public class SamlPostBindingFilter exten
KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
} catch (org.opensaml.xml.security.SecurityException ex) {
- throw new WSSecurityException(
+ throw new Exception(
"Error generating KeyInfo from signing credential", ex);
}
Modified: cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java Thu May 23 13:17:26 2013
@@ -37,12 +37,11 @@ import org.apache.cxf.common.util.Base64
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.util.Base64;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.xml.security.utils.Base64;
import org.opensaml.saml2.core.AuthnRequest;
public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
@@ -123,7 +122,7 @@ public class SamlRedirectBindingFilter e
cryptoType.setAlias(signatureUser);
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
if (issuerCerts == null) {
- throw new WSSecurityException(
+ throw new Exception(
"No issuer certs were found to sign the request using name: " + signatureUser
);
}
@@ -140,17 +139,12 @@ public class SamlRedirectBindingFilter e
ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, "UTF-8"));
// Get the password
- WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE)};
+ WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.Usage.SIGNATURE)};
callbackHandler.handle(cb);
String password = cb[0].getPassword();
// Get the private key
- PrivateKey privateKey = null;
- try {
- privateKey = crypto.getPrivateKey(signatureUser, password);
- } catch (Exception ex) {
- throw new WSSecurityException(ex.getMessage(), ex);
- }
+ PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
// Sign the request
Signature signature = Signature.getInstance(jceSigAlgo);
Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java Thu May 23 13:17:26 2013
@@ -30,20 +30,20 @@ import javax.xml.parsers.DocumentBuilder
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.saml.ext.SAMLCallback;
-import org.apache.ws.security.saml.ext.bean.ActionBean;
-import org.apache.ws.security.saml.ext.bean.AttributeBean;
-import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
-import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.ActionBean;
+import org.apache.wss4j.common.saml.bean.AttributeBean;
+import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
+import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
+import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.message.WSSecEncryptedKey;
/**
* A base implementation of a Callback Handler for a SAML assertion. By default it creates an
Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java Thu May 23 13:17:26 2013
@@ -29,7 +29,7 @@ import org.w3c.dom.Element;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageImpl;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/KeystorePasswordCallback.java Thu May 23 13:17:26 2013
@@ -26,7 +26,7 @@ import javax.security.auth.callback.Call
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
-import org.apache.ws.security.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
/**
*/
Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java Thu May 23 13:17:26 2013
@@ -24,13 +24,13 @@ import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.saml.ext.SAMLCallback;
-import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.KeyInfoBean;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.opensaml.common.SAMLVersion;
/**
Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java Thu May 23 13:17:26 2013
@@ -30,15 +30,17 @@ import javax.xml.parsers.DocumentBuilder
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
-import org.apache.ws.security.components.crypto.Merlin;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-import org.apache.ws.security.util.Loader;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.dom.WSSConfig;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
@@ -54,6 +56,7 @@ import org.opensaml.xml.signature.Signat
public class SAMLResponseValidatorTest extends org.junit.Assert {
static {
+ WSSConfig.init();
OpenSAMLUtil.initSamlEngine();
}
@@ -79,9 +82,9 @@ public class SAMLResponseValidatorTest e
callbackHandler.setIssuer("http://cxf.apache.org/issuer");
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(callbackHandler);
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
response.getAssertions().add(assertion.getSaml2());
@@ -118,9 +121,9 @@ public class SAMLResponseValidatorTest e
callbackHandler.setIssuer("http://cxf.apache.org/issuer");
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(callbackHandler);
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
response.getAssertions().add(assertion.getSaml2());
@@ -162,9 +165,9 @@ public class SAMLResponseValidatorTest e
callbackHandler.setIssuer("http://cxf.apache.org/issuer");
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(callbackHandler);
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Crypto issuerCrypto = new Merlin();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -220,9 +223,9 @@ public class SAMLResponseValidatorTest e
callbackHandler.setIssuer("http://cxf.apache.org/issuer");
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(callbackHandler);
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Crypto issuerCrypto = new Merlin();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -258,13 +261,14 @@ public class SAMLResponseValidatorTest e
/**
* Sign a SAML Response
+ * @throws Exception
*/
private void signResponse(
Response response,
String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto
- ) throws WSSecurityException {
+ ) throws Exception {
//
// Create the signature
//
@@ -276,7 +280,7 @@ public class SAMLResponseValidatorTest e
cryptoType.setAlias(issuerKeyName);
X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
if (issuerCerts == null) {
- throw new WSSecurityException(
+ throw new Exception(
"No issuer certs were found to sign the SAML Assertion using issuer name: "
+ issuerKeyName);
}
@@ -288,12 +292,7 @@ public class SAMLResponseValidatorTest e
sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
}
- PrivateKey privateKey = null;
- try {
- privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
- } catch (Exception ex) {
- throw new WSSecurityException(ex.getMessage(), ex);
- }
+ PrivateKey privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
signature.setSignatureAlgorithm(sigAlgo);
@@ -310,7 +309,7 @@ public class SAMLResponseValidatorTest e
KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
} catch (org.opensaml.xml.security.SecurityException ex) {
- throw new WSSecurityException(
+ throw new Exception(
"Error generating KeyInfo from signing credential", ex);
}
Modified: cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java (original)
+++ cxf/trunk/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java Thu May 23 13:17:26 2013
@@ -25,13 +25,14 @@ import javax.xml.parsers.DocumentBuilder
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
-import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.ConditionsBean;
+import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
@@ -222,9 +223,9 @@ public class SAMLSSOResponseValidatorTes
conditions.setAudienceURI("http://service.apache.org");
callbackHandler.setConditions(conditions);
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(callbackHandler);
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
response.getAssertions().add(assertion.getSaml2());
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java Thu May 23 13:17:26 2013
@@ -33,9 +33,9 @@ import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
public class CryptoLoader {
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java Thu May 23 13:17:26 2013
@@ -36,10 +36,10 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.xml.security.utils.Constants;
public final class SecurityUtils {
@@ -82,12 +82,12 @@ public final class SecurityUtils {
}
public static X509Certificate[] getCertificates(Crypto crypto, String user)
- throws WSSecurityException {
+ throws Exception {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(user);
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
if (issuerCerts == null || issuerCerts.length == 0) {
- throw new WSSecurityException(
+ throw new Exception(
"No issuer certs were found using issuer name: " + user);
}
return issuerCerts;
@@ -117,7 +117,7 @@ public final class SecurityUtils {
}
public static String getPassword(Message message, String userName,
- int type, Class<?> callingClass) {
+ WSPasswordCallback.Usage type, Class<?> callingClass) {
CallbackHandler handler = getCallbackHandler(message, callingClass);
if (handler == null) {
return null;
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java Thu May 23 13:17:26 2013
@@ -21,18 +21,18 @@ package org.apache.cxf.rs.security.commo
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SignatureTrustValidator;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.SignatureTrustValidator;
public class TrustValidator {
public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey publicKey)
throws WSSecurityException {
SignatureTrustValidator validator = new SignatureTrustValidator();
RequestData data = new RequestData();
- data.setSigCrypto(crypto);
+ data.setSigVerCrypto(crypto);
Credential trustCredential = new Credential();
trustCredential.setPublicKey(publicKey);
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java Thu May 23 13:17:26 2013
@@ -48,20 +48,24 @@ import org.apache.cxf.rs.security.saml.a
import org.apache.cxf.security.SecurityContext;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.validate.Credential;
-import org.apache.ws.security.validate.SamlAssertionValidator;
-import org.apache.ws.security.validate.Validator;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.wss4j.dom.validate.Validator;
import org.apache.xml.security.signature.XMLSignature;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.Signature;
@PreMatching
public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
-
+
private static final Logger LOG =
LogUtils.getL7dLogger(AbstractSamlInHandler.class);
@@ -104,16 +108,16 @@ public abstract class AbstractSamlInHand
validateToken(message, toWrapper(tokenElement));
}
- protected AssertionWrapper toWrapper(Element tokenElement) {
+ protected SamlAssertionWrapper toWrapper(Element tokenElement) {
try {
- return new AssertionWrapper(tokenElement);
+ return new SamlAssertionWrapper(tokenElement);
} catch (Exception ex) {
throwFault("Assertion can not be validated", ex);
}
return null;
}
- protected void validateToken(Message message, AssertionWrapper assertion) {
+ protected void validateToken(Message message, SamlAssertionWrapper assertion) {
try {
RequestData data = new RequestData();
if (assertion.isSigned()) {
@@ -121,7 +125,7 @@ public abstract class AbstractSamlInHand
data.setWssConfig(cfg);
data.setCallbackHandler(SecurityUtils.getCallbackHandler(message, this.getClass()));
try {
- data.setSigCrypto(new CryptoLoader().getCrypto(message,
+ data.setSigVerCrypto(new CryptoLoader().getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES));
} catch (IOException ex) {
@@ -129,14 +133,25 @@ public abstract class AbstractSamlInHand
}
data.setEnableRevocation(MessageUtils.isTrue(
message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
- assertion.verifySignature(data, null);
- assertion.parseHOKSubject(data, null);
+
+ Signature sig = assertion.getSignature();
+ KeyInfo keyInfo = sig.getKeyInfo();
+ SAMLKeyInfo samlKeyInfo =
+ SAMLUtil.getCredentialDirectlyFromKeyInfo(
+ keyInfo.getDOM(), data.getSigVerCrypto()
+ );
+
+ assertion.verifySignature(samlKeyInfo);
+ assertion.parseHOKSubject(
+ new WSSSAMLKeyInfoProcessor(data, null), data.getSigVerCrypto(),
+ data.getCallbackHandler()
+ );
} else if (getTLSCertificates(message) == null) {
throwFault("Assertion must be signed", null);
}
if (samlValidator != null) {
Credential credential = new Credential();
- credential.setAssertion(assertion);
+ credential.setSamlAssertion(assertion);
samlValidator.validate(credential, data);
}
@@ -149,7 +164,7 @@ public abstract class AbstractSamlInHand
}
}
- protected void checkSubjectConfirmationData(Message message, AssertionWrapper assertion) {
+ protected void checkSubjectConfirmationData(Message message, SamlAssertionWrapper assertion) {
Certificate[] tlsCerts = getTLSCertificates(message);
if (!checkHolderOfKey(message, assertion, tlsCerts)) {
throwFault("Holder Of Key claim fails", null);
@@ -162,7 +177,7 @@ public abstract class AbstractSamlInHand
}
}
- protected void setSecurityContext(Message message, AssertionWrapper wrapper) {
+ protected void setSecurityContext(Message message, SamlAssertionWrapper wrapper) {
if (scProvider != null) {
SecurityContext sc = scProvider.getSecurityContext(message, wrapper);
message.put(SecurityContext.class, sc);
@@ -188,7 +203,7 @@ public abstract class AbstractSamlInHand
*/
protected boolean checkSenderVouches(
Message message,
- AssertionWrapper assertionWrapper,
+ SamlAssertionWrapper assertionWrapper,
Certificate[] tlsCerts
) {
//
@@ -231,7 +246,7 @@ public abstract class AbstractSamlInHand
protected boolean checkHolderOfKey(Message message,
- AssertionWrapper assertionWrapper,
+ SamlAssertionWrapper assertionWrapper,
Certificate[] tlsCerts) {
List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
for (String confirmationMethod : confirmationMethods) {
@@ -298,7 +313,7 @@ public abstract class AbstractSamlInHand
return false;
}
- protected boolean checkBearer(AssertionWrapper assertionWrapper, Certificate[] tlsCerts) {
+ protected boolean checkBearer(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts) {
List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
for (String confirmationMethod : confirmationMethods) {
boolean isBearer = isMethodBearer(confirmationMethod);
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java Thu May 23 13:17:26 2013
@@ -27,8 +27,8 @@ import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSSConfig;
public abstract class AbstractSamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
@@ -46,7 +46,7 @@ public abstract class AbstractSamlOutInt
useDeflateEncoding = deflate;
}
- protected AssertionWrapper createAssertion(Message message) throws Fault {
+ protected SamlAssertionWrapper createAssertion(Message message) throws Fault {
return SAMLUtils.createAssertion(message);
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java Thu May 23 13:17:26 2013
@@ -37,10 +37,11 @@ import org.apache.cxf.rs.security.saml.a
import org.apache.cxf.rs.security.saml.assertion.Claims;
import org.apache.cxf.rs.security.saml.assertion.Subject;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.NameID;
@@ -54,7 +55,7 @@ public final class SAMLUtils {
}
- public static Subject getSubject(Message message, AssertionWrapper assertionW) {
+ public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) {
org.opensaml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
Subject subject = new Subject();
NameID nameId = s.getNameID();
@@ -70,7 +71,7 @@ public final class SAMLUtils {
}
- public static Claims getClaims(AssertionWrapper assertionW) {
+ public static Claims getClaims(SamlAssertionWrapper assertionW) {
// Should we just do a simple DOM parsing without even relying on
// OpenSaml
List<Claim> claims = new ArrayList<Claim>();
@@ -91,7 +92,7 @@ public final class SAMLUtils {
return new Claims(claims);
}
- public static AssertionWrapper createAssertion(Message message) throws Fault {
+ public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
CallbackHandler handler = SecurityUtils.getCallbackHandler(
message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
boolean selfSignAssertion =
@@ -101,19 +102,20 @@ public final class SAMLUtils {
return createAssertion(message, handler, selfSignAssertion);
}
- public static AssertionWrapper createAssertion(Message message,
+ public static SamlAssertionWrapper createAssertion(Message message,
CallbackHandler handler) {
return createAssertion(message, handler, true);
}
- public static AssertionWrapper createAssertion(Message message,
+ public static SamlAssertionWrapper createAssertion(Message message,
CallbackHandler handler,
boolean selfSignAssertion) throws Fault {
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(handler);
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(handler, samlCallback);
+
try {
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
if (selfSignAssertion) {
//--- This code will be moved to a common utility class
Crypto crypto = new CryptoLoader().getCrypto(message,
@@ -127,7 +129,7 @@ public final class SAMLUtils {
}
String password =
- SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE,
+ SecurityUtils.getPassword(message, user, WSPasswordCallback.Usage.SIGNATURE,
SAMLUtils.class);
assertion.signAssertion(user, password, crypto, false);
@@ -142,13 +144,14 @@ public final class SAMLUtils {
}
- public static AssertionWrapper createAssertion(CallbackHandler handler,
+ public static SamlAssertionWrapper createAssertion(CallbackHandler handler,
SelfSignInfo info) throws Fault {
- SAMLParms samlParms = new SAMLParms();
- samlParms.setCallbackHandler(handler);
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(handler, samlCallback);
+
try {
- AssertionWrapper assertion = new AssertionWrapper(samlParms);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
assertion.signAssertion(info.getUser(),
info.getPassword(),
info.getCrypto(),
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlEnvelopedOutInterceptor.java Thu May 23 13:17:26 2013
@@ -30,7 +30,7 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.xml.AbstractXmlSecOutInterceptor;
import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor;
import org.apache.cxf.rs.security.xml.XmlSigOutInterceptor;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
public class SamlEnvelopedOutInterceptor extends AbstractXmlSecOutInterceptor {
@@ -71,7 +71,7 @@ public class SamlEnvelopedOutInterceptor
throws Exception {
Element docEl = payloadDoc.getDocumentElement();
- AssertionWrapper assertion = SAMLUtils.createAssertion(message);
+ SamlAssertionWrapper assertion = SAMLUtils.createAssertion(message);
QName rootName = DOMUtils.getElementQName(payloadDoc.getDocumentElement());
if (rootName.equals(envelopeQName)) {
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlFormOutInterceptor.java Thu May 23 13:17:26 2013
@@ -32,7 +32,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageContentsList;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
public class SamlFormOutInterceptor extends AbstractSamlOutInterceptor {
private static final Logger LOG =
@@ -48,9 +48,9 @@ public class SamlFormOutInterceptor exte
try {
Element samlToken =
(Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
- AssertionWrapper assertionWrapper;
+ SamlAssertionWrapper assertionWrapper;
if (samlToken != null) {
- assertionWrapper = new AssertionWrapper(samlToken);
+ assertionWrapper = new SamlAssertionWrapper(samlToken);
} else {
assertionWrapper = createAssertion(message);
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java Thu May 23 13:17:26 2013
@@ -32,7 +32,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
private static final Logger LOG =
@@ -42,9 +42,9 @@ public class SamlHeaderOutInterceptor ex
try {
Element samlToken =
(Element)message.getContextualProperty(SAMLConstants.SAML_TOKEN_ELEMENT);
- AssertionWrapper assertionWrapper;
+ SamlAssertionWrapper assertionWrapper;
if (samlToken != null) {
- assertionWrapper = new AssertionWrapper(samlToken);
+ assertionWrapper = new SamlAssertionWrapper(samlToken);
} else {
assertionWrapper = createAssertion(message);
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java Thu May 23 13:17:26 2013
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.saml.
import org.apache.cxf.message.Message;
import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
public interface SecurityContextProvider {
- SecurityContext getSecurityContext(Message message, AssertionWrapper wrapper);
+ SecurityContext getSecurityContext(Message message, SamlAssertionWrapper wrapper);
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java Thu May 23 13:17:26 2013
@@ -27,7 +27,7 @@ import org.apache.cxf.rs.security.saml.a
import org.apache.cxf.rs.security.saml.assertion.Claims;
import org.apache.cxf.rs.security.saml.assertion.Subject;
import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
public class SecurityContextProviderImpl implements SecurityContextProvider {
@@ -35,7 +35,7 @@ public class SecurityContextProviderImpl
private static final String ROLE_NAMEFORMAT_PROPERTY = "org.apache.cxf.saml.claims.role.nameformat";
public SecurityContext getSecurityContext(Message message,
- AssertionWrapper wrapper) {
+ SamlAssertionWrapper wrapper) {
Claims claims = getClaims(wrapper);
Subject subject = getSubject(message, wrapper, claims);
SecurityContext securityContext = doGetSecurityContext(message, subject, claims);
@@ -46,11 +46,11 @@ public class SecurityContextProviderImpl
return securityContext;
}
- protected Claims getClaims(AssertionWrapper wrapper) {
+ protected Claims getClaims(SamlAssertionWrapper wrapper) {
return SAMLUtils.getClaims(wrapper);
}
- protected Subject getSubject(Message message, AssertionWrapper wrapper, Claims claims) {
+ protected Subject getSubject(Message message, SamlAssertionWrapper wrapper, Claims claims) {
return SAMLUtils.getSubject(message, wrapper);
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java Thu May 23 13:17:26 2013
@@ -42,15 +42,14 @@ import org.apache.cxf.rs.security.common
import org.apache.cxf.rs.security.common.TrustValidator;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.utils.Constants;
-
public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
private EncryptionProperties encProps;
@@ -265,9 +264,7 @@ public abstract class AbstractXmlEncInHa
EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key);
return xmlCipher.decryptToByteArray(root);
} catch (XMLEncryptionException ex) {
- throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
- );
+ throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
}
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java Thu May 23 13:17:26 2013
@@ -35,7 +35,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.ws.security.WSSConfig;
+import org.apache.wss4j.dom.WSSConfig;
public abstract class AbstractXmlSecInHandler {
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java Thu May 23 13:17:26 2013
@@ -40,7 +40,7 @@ import org.apache.cxf.message.MessageCon
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
-import org.apache.ws.security.WSSConfig;
+import org.apache.wss4j.dom.WSSConfig;
public abstract class AbstractXmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java Thu May 23 13:17:26 2013
@@ -36,8 +36,8 @@ import org.apache.cxf.rs.security.common
import org.apache.cxf.rs.security.common.TrustValidator;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.Reference;
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java Thu May 23 13:17:26 2013
@@ -28,8 +28,8 @@ import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -64,11 +64,11 @@ public final class EncryptionUtils {
}
} catch (InvalidKeyException e) {
throw new WSSecurityException(
- WSSecurityException.FAILED_ENCRYPTION, null, null, e
+ WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
);
} catch (InvalidAlgorithmParameterException e) {
throw new WSSecurityException(
- WSSecurityException.FAILED_ENCRYPTION, null, null, e
+ WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
);
}
return cipher;
@@ -94,11 +94,11 @@ public final class EncryptionUtils {
}
} catch (InvalidKeyException e) {
throw new WSSecurityException(
- WSSecurityException.FAILED_ENCRYPTION, null, null, e
+ WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
);
} catch (InvalidAlgorithmParameterException e) {
throw new WSSecurityException(
- WSSecurityException.FAILED_ENCRYPTION, null, null, e
+ WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, e
);
}
return cipher;
@@ -150,9 +150,7 @@ public final class EncryptionUtils {
cipher.init(mode, key);
return cipher;
} catch (XMLEncryptionException ex) {
- throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
- );
+ throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, ex);
}
}