You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/29 15:16:04 UTC
svn commit: r1780804 [10/10] - in
/axis/axis2/java/rampart/branches/RAMPART-252: ./ legal/
modules/distribution/ modules/documentation/
modules/documentation/src/site/resources/download/
modules/documentation/src/site/xdoc/ modules/documentation/src/si...
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java Sun Jan 29 15:16:02 2017
@@ -106,9 +106,26 @@ public class SCTIssuer implements TokenI
SecurityContextToken sct =
new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
- OMElement rstrElem =
- TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
- env.getBody());
+ OMElement rstrElem;
+ if (wstVersion == RahasConstants.VERSION_05_12) {
+ /**
+ * If secure conversation version is http://docs.oasis-open.org/ws-sx/ws-trust/200512
+ * We have to wrap "request security token response" in a "request security token response
+ * collection".
+ * See WS-SecureConversation 1.3 spec's Section 3 - Establishing Security Contexts
+ * for more details.
+ */
+ OMElement requestedSecurityTokenResponseCollection = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(wstVersion, env.getBody());
+ rstrElem =
+ TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ requestedSecurityTokenResponseCollection);
+ } else {
+ rstrElem =
+ TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ env.getBody());
+ }
+
OMElement rstElem =
TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java Sun Jan 29 15:16:02 2017
@@ -27,13 +27,13 @@ import java.io.FileInputStream;
*/
public class TokenCancelerConfig {
- /*
- <parameter name="token-canceler-config">
- <token-canceler-config>
- <proofToken>EncryptedKey</proofToken>
- <cryptoProperties>sctIssuer.properties</cryptoProperties>
- <addRequestedAttachedRef />
- </stoken-canceler-config>
+ /*
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ </stoken-canceler-config>
</parameter>
*/
public final static QName TOKEN_CANCELER_CONFIG = new QName("token-canceler-config");
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java Sun Jan 29 15:16:02 2017
@@ -20,6 +20,7 @@ package org.apache.rahas.impl.util;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
@@ -66,7 +67,7 @@ public class SAML2Utils {
try {
String jaxpProperty = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
- System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+ //System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
Marshaller marshaller = marshallerFactory.getMarshaller(xmlObj);
@@ -101,9 +102,7 @@ public class SAML2Utils {
Element assertionElement = document.getDocumentElement();
DocumentBuilderFactoryImpl.setDOOMRequired(false);
- if (log.isDebugEnabled()) {
- log.debug("DOM element is created successfully from the OpenSAML2 XMLObject");
- }
+ log.debug("DOM element is created successfully from the OpenSAML2 XMLObject");
return assertionElement;
} catch (Exception e) {
@@ -223,7 +222,7 @@ public class SAML2Utils {
// Set the "javax.xml.parsers.DocumentBuilderFactory" system property to make sure the endorsed JAXP
// implementation is picked over the default jaxp impl shipped with the JDK.
String jaxpProperty = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
- System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+ //System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
Marshaller marshaller = marshallerFactory.getMarshaller(KIElem);
@@ -312,6 +311,21 @@ public class SAML2Utils {
}
}
+ /**
+ * Get the subject confirmation method of a SAML 2.0 assertion
+ *
+ * @param assertion SAML 2.0 assertion
+ * @return Subject Confirmation method
+ */
+ public static String getSAML2SubjectConfirmationMethod(Assertion assertion) {
+ String subjectConfirmationMethod = RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK;
+ List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations();
+ if (subjectConfirmations.size() > 0) {
+ subjectConfirmationMethod = subjectConfirmations.get(0).getMethod();
+ }
+ return subjectConfirmationMethod;
+ }
+
}
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java Sun Jan 29 15:16:02 2017
@@ -4,50 +4,61 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.rahas.RahasData;
-import org.opensaml.SAMLAttribute;
-import org.opensaml.saml2.core.Attribute;
+import org.opensaml.common.SAMLObject;
+
+@SuppressWarnings({"UnusedDeclaration"})
public class SAMLAttributeCallback implements SAMLCallback{
-
- private List attributes = null;
- private RahasData data = null;
-
- public SAMLAttributeCallback(RahasData data){
- attributes = new ArrayList();
- this.data = data;
- }
-
- public int getCallbackType(){
- return SAMLCallback.ATTR_CALLBACK;
- }
-
- public void addAttributes(SAMLAttribute attribute){
- attributes.add(attribute);
- }
+
+ private List<SAMLObject> attributes = null;
+ private RahasData data = null;
+
+ public SAMLAttributeCallback(RahasData data){
+ attributes = new ArrayList<SAMLObject>();
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.ATTR_CALLBACK;
+ }
+
+ /**
+ * Add SAML1 attribute.
+ * @param attribute SAML1 attribute
+ */
+ public void addAttributes(org.opensaml.saml1.core.Attribute attribute){
+ attributes.add(attribute);
+ }
/**
* Overloaded method to support SAML2
- * @param attr
+ * @param attribute SAML2 attribute.
*/
- public void addAttributes(Attribute attr){
- attributes.add(attr);
+ public void addAttributes(org.opensaml.saml2.core.Attribute attribute){
+ attributes.add(attribute);
}
/**
* Get the array of SAML2 attributes.
- * @return
+ * @return SAML2 attribute list.
*/
- public Attribute[] getSAML2Attributes(){
- return (Attribute[])attributes.toArray(new Attribute[attributes.size()]);
+ public org.opensaml.saml2.core.Attribute[] getSAML2Attributes(){
+ return (org.opensaml.saml2.core.Attribute[])attributes.toArray
+ (new org.opensaml.saml2.core.Attribute[attributes.size()]);
+ }
+
+ /**
+ * Get SAML2 attribute
+ * @return SAML2 attributes.
+ */
+ public org.opensaml.saml1.core.Attribute[] getAttributes(){
+ return (org.opensaml.saml1.core.Attribute[])attributes.toArray
+ (new org.opensaml.saml1.core.Attribute[attributes.size()]);
+
+ }
+
+ public RahasData getData() {
+ return data;
}
-
- public SAMLAttribute[] getAttributes(){
- return (SAMLAttribute[])attributes.toArray(new SAMLAttribute[attributes.size()]);
-
- }
-
- public RahasData getData() {
- return data;
- }
}
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java Sun Jan 29 15:16:02 2017
@@ -5,21 +5,21 @@ package org.apache.rahas.impl.util;
*
*/
public interface SAMLCallback {
-
- /**
- * Attribute callback
- */
- public static final int ATTR_CALLBACK = 1;
-
- /**
- * Subject name identifier
- */
- public static final int NAME_IDENTIFIER_CALLBACK = 2;
-
- /**
- * Returns the type of callback
- * @return
- */
- int getCallbackType();
+
+ /**
+ * Attribute callback
+ */
+ public static final int ATTR_CALLBACK = 1;
+
+ /**
+ * Subject name identifier
+ */
+ public static final int NAME_IDENTIFIER_CALLBACK = 2;
+
+ /**
+ * Returns the type of callback
+ * @return
+ */
+ int getCallbackType();
}
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java Sun Jan 29 15:16:02 2017
@@ -1,6 +1,6 @@
package org.apache.rahas.impl.util;
-import org.opensaml.SAMLException;
+import org.opensaml.common.SAMLException;
/**
* SAMLCallback Handler enables you to add data to the
@@ -11,18 +11,18 @@ import org.opensaml.SAMLException;
*/
public interface SAMLCallbackHandler {
- /**
- * SAMLCallback object has indicates what kind of data is required.
- * if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK)
- * {
- * SAMLAttributeCallback attrCallback = (SAMLAttributeCallback)callback;
- * \//Retrieve required data from the RahasData inside SAMLAttributeCallback
- * \//Add your SAMLAttributes to the attrCallback here.
- *
- * }
- * @param callback
- * @throws SAMLException
- */
- public void handle(SAMLCallback callback) throws SAMLException;
+ /**
+ * SAMLCallback object has indicates what kind of data is required.
+ * if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK)
+ * {
+ * SAMLAttributeCallback attrCallback = (SAMLAttributeCallback)callback;
+ * \//Retrieve required data from the RahasData inside SAMLAttributeCallback
+ * \//Add your SAMLAttributes to the attrCallback here.
+ *
+ * }
+ * @param callback
+ * @throws SAMLException
+ */
+ public void handle(SAMLCallback callback) throws SAMLException;
}
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java Sun Jan 29 15:16:02 2017
@@ -1,7 +1,7 @@
package org.apache.rahas.impl.util;
import org.apache.rahas.RahasData;
-import org.opensaml.SAMLNameIdentifier;
+import org.opensaml.saml1.core.NameIdentifier;
/**
* This is used retrieve data for the SAMLNameIdentifier.
@@ -11,37 +11,37 @@ import org.opensaml.SAMLNameIdentifier;
*
*/
public class SAMLNameIdentifierCallback implements SAMLCallback{
-
- private SAMLNameIdentifier nameId = null;
- private String userId = null;
- private RahasData data = null;
-
- public SAMLNameIdentifierCallback(RahasData data){
- this.data = data;
- }
-
- public int getCallbackType(){
- return SAMLCallback.NAME_IDENTIFIER_CALLBACK;
- }
-
- public SAMLNameIdentifier getNameId() {
- return nameId;
- }
-
- public void setNameId(SAMLNameIdentifier nameId) {
- this.nameId = nameId;
- }
-
- public void setUserId(String userId) {
- this.userId = userId;
- }
-
- public String getUserId() {
- return userId;
- }
-
- public RahasData getData() {
- return data;
- }
-
+
+ private NameIdentifier nameId = null;
+ private String userId = null;
+ private RahasData data = null;
+
+ public SAMLNameIdentifierCallback(RahasData data){
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.NAME_IDENTIFIER_CALLBACK;
+ }
+
+ public NameIdentifier getNameId() {
+ return nameId;
+ }
+
+ public void setNameId(NameIdentifier nameId) {
+ this.nameId = nameId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public RahasData getData() {
+ return data;
+ }
+
}
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java Sun Jan 29 15:16:02 2017
@@ -1,30 +1,778 @@
package org.apache.rahas.impl.util;
-import org.apache.rahas.impl.SAMLTokenIssuerConfig;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.TokenIssuerUtil;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.Base64;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.saml1.core.*;
+import org.opensaml.ws.wssecurity.KeyIdentifier;
+import org.opensaml.ws.wssecurity.SecurityTokenReference;
+import org.opensaml.ws.wssecurity.WSSecurityConstants;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.encryption.CipherData;
+import org.opensaml.xml.encryption.CipherValue;
+import org.opensaml.xml.encryption.EncryptedKey;
+import org.opensaml.xml.encryption.EncryptionMethod;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.security.SecurityHelper;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.*;
+import org.opensaml.xml.signature.KeyInfo;
+import org.opensaml.xml.signature.X509Data;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import javax.xml.namespace.QName;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.ArrayList;
+import java.util.*;
+/**
+ * Utility class for SAML 1 assertions. Responsible for manipulating all SAML1 specific objects
+ * like Assertion, ConfirmationMethod etc ...
+ */
public class SAMLUtils {
+ private static final Log log = LogFactory.getLog(SAMLUtils.class);
- public static Collection<X509Certificate> getCertChainCollection(X509Certificate[] issuerCerts){
-
- ArrayList<X509Certificate> certCollection = new ArrayList<X509Certificate>();
+ public static Collection<X509Certificate> getCertChainCollection(X509Certificate[] issuerCerts) {
+ ArrayList<X509Certificate> certCollection = new ArrayList<X509Certificate>();
if (issuerCerts == null) {
return certCollection;
} else {
- for (X509Certificate cert : issuerCerts) {
- certCollection.add(cert);
- }
+ Collections.addAll(certCollection, issuerCerts);
}
return certCollection;
+ }
+
+ /**
+ * Builds the requested XMLObject.
+ *
+ * @param objectQName name of the XMLObject
+ * @return the build XMLObject
+ * @throws org.apache.rahas.TrustException If unable to find the appropriate builder.
+ */
+ public static XMLObject buildXMLObject(QName objectQName) throws TrustException {
+ XMLObjectBuilder builder = Configuration.getBuilderFactory().getBuilder(objectQName);
+ if (builder == null) {
+ log.debug("Unable to find OpenSAML builder for object " + objectQName);
+ throw new TrustException("builderNotFound",new Object[]{objectQName});
+ }
+ return builder.buildObject(objectQName.getNamespaceURI(), objectQName.getLocalPart(), objectQName.getPrefix());
+ }
+
+ /**
+ * Builds an assertion from an XML element.
+ * @param assertionElement The XML element.
+ * @return An Assertion object.
+ */
+ public static Assertion buildAssertion(Element assertionElement) {
+
+ return (Assertion) Configuration.getBuilderFactory().
+ getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(assertionElement);
+
+ }
+
+/**
+ * Signs the SAML assertion. The steps to sign SAML assertion is as follows,
+ * <ol>
+ * <li>Get certificate for issuer alias</li>
+ * <li>Extract private key</li>
+ * <li>Create {@link org.opensaml.xml.security.credential.Credential} object</li>
+ * <li>Create {@link org.opensaml.xml.signature.Signature} object</li>
+ * <li>Set Signature object in Assertion</li>
+ * <li>Prepare signing environment - SecurityHelper.prepareSignatureParams</li>
+ * <li>Perform signing action - Signer.signObject</li>
+ * </ol>
+ * @param assertion The assertion to be signed.
+ * @param crypto Certificate and private key data are stored in Crypto object
+ * @param issuerKeyAlias Key alias
+ * @param issuerKeyPassword Key password
+ * @throws TrustException If an error occurred while signing the assertion.
+ */
+ public static void signAssertion(Assertion assertion, Crypto crypto,
+ String issuerKeyAlias, String issuerKeyPassword)
+ throws TrustException {
+
+ X509Certificate[] issuerCerts;
+ try {
+ issuerCerts = crypto
+ .getCertificates(issuerKeyAlias);
+ } catch (WSSecurityException e) {
+ log.debug("Unable to get issuer certificate for issuer alias " + issuerKeyAlias, e);
+ throw new TrustException("issuerCertificateNotFound", new Object[]{issuerKeyAlias}, e);
+ }
+
+ if (issuerCerts == null || issuerCerts.length == 0) {
+ log.debug("Unable to get issuer certificate for issuer alias " + issuerKeyAlias);
+ throw new TrustException("issuerCertificateNotFound", new Object[]{issuerKeyAlias});
+ }
+
+ String signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+
+ PublicKey issuerPublicKey = issuerCerts[0].getPublicKey();
+
+ String publicKeyAlgorithm = issuerPublicKey.getAlgorithm();
+ if (publicKeyAlgorithm.equalsIgnoreCase("DSA")) {
+ signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+
+ PrivateKey issuerPrivateKey;
+ try {
+ issuerPrivateKey = crypto.getPrivateKey(
+ issuerKeyAlias, issuerKeyPassword);
+ } catch (Exception e) {
+ log.debug("Unable to get issuer private key for issuer alias " + issuerKeyAlias);
+ throw new TrustException("issuerPrivateKeyNotFound", new Object[]{issuerKeyAlias});
+ }
+
+ Credential signingCredential = SecurityHelper.getSimpleCredential(issuerPublicKey, issuerPrivateKey);
+
+ Signature signature = (Signature) SAMLUtils.buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
+ signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signature.setSigningCredential(signingCredential);
+ signature.setSignatureAlgorithm(signatureAlgorithm);
+
+ X509Data x509Data = createX509Data(issuerCerts[0]);
+ KeyInfo keyInfo = createKeyInfo(x509Data);
+
+ signature.setKeyInfo(keyInfo);
+ assertion.setSignature(signature);
+
+ try {
+
+ Document document = CommonUtil.getOMDOMDocument();
+
+ Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion, document);
+ } catch (MarshallingException e) {
+ log.debug("Error while marshalling assertion ", e);
+ throw new TrustException("errorMarshallingAssertion", e);
+ }
+
+ try {
+ Signer.signObject(signature);
+ } catch (SignatureException e) {
+ log.debug("Error signing SAML Assertion. An error occurred while signing SAML Assertion with alias "
+ + issuerKeyAlias, e);
+ throw new TrustException("errorSigningAssertion", e);
+ }
+ }
+
+ /**
+ * Get subject confirmation method of the given SAML 1.1 Assertion.
+ * This is used in rampart-core.
+ * @param assertion SAML 1.1 Assertion
+ * @return subject confirmation method
+ */
+ public static String getSAML11SubjectConfirmationMethod(Assertion assertion) {
+ String subjectConfirmationMethod = RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK;
+ // iterate the statements and get the subject confirmation method.
+ List<Statement> statements = assertion.getStatements();
+
+ // TODO check whether there is an efficient method of doing this
+ if (!statements.isEmpty()) {
+ SubjectStatement subjectStatement = (SubjectStatement) statements.get(0);
+ Subject subject = subjectStatement.getSubject();
+
+ if (subject != null) {
+ SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmation();
+
+ if (subjectConfirmation != null) {
+ List<ConfirmationMethod> confirmationMethods = subjectConfirmation.getConfirmationMethods();
+
+ if (!confirmationMethods.isEmpty()) {
+ subjectConfirmationMethod = confirmationMethods.get(0).getConfirmationMethod();
+ }
+ }
+ }
+ }
+
+
+ return subjectConfirmationMethod;
+ }
+
+ /**
+ * Create named identifier.
+ * @param principalName Name of the subject.
+ * @param format Format of the subject, whether it is an email, uid etc ...
+ * @return The NamedIdentifier object.
+ * @throws org.apache.rahas.TrustException If unable to find the builder.
+ */
+ public static NameIdentifier createNamedIdentifier(String principalName, String format) throws TrustException{
+
+ NameIdentifier nameId = (NameIdentifier)SAMLUtils.buildXMLObject(NameIdentifier.DEFAULT_ELEMENT_NAME);
+ nameId.setNameIdentifier(principalName);
+ nameId.setFormat(format);
+
+ return nameId;
+ }
+
+ /**
+ * Creates the subject confirmation method.
+ * Relevant XML element would look like as follows,
+ * <saml:ConfirmationMethod>
+ * urn:oasis:names:tc:SAML:1.0:cm:holder-of-key
+ * </saml:ConfirmationMethod>
+ * @param confirmationMethod Name of the actual confirmation method. Could be
+ * holder-of-key - "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"
+ * sender-vouches - "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"
+ * bearer - TODO
+ * @return Returns the opensaml representation of the ConfirmationMethod.
+ * @throws TrustException If unable to find appropriate XMLObject builder for confirmation QName.
+ */
+ public static ConfirmationMethod createSubjectConfirmationMethod(final String confirmationMethod)
+ throws TrustException {
+ ConfirmationMethod confirmationMethodObject
+ = (ConfirmationMethod)SAMLUtils.buildXMLObject(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
+ confirmationMethodObject.setConfirmationMethod(confirmationMethod);
+
+ return confirmationMethodObject;
+ }
+
+ /**
+ * Creates opensaml SubjectConfirmation representation. The relevant XML would looks as follows,
+ * <saml:SubjectConfirmation>
+ * <saml:ConfirmationMethod>
+ * urn:oasis:names:tc:SAML:1.0:cm:sender-vouches
+ * </saml:ConfirmationMethod>
+ * </saml:SubjectConfirmation>
+ * @param confirmationMethod The subject confirmation method. Bearer, Sender-Vouches or Holder-Of-Key.
+ * @param keyInfoContent The KeyInfo content. According to SPEC (SAML 1.1) this could be null.
+ * @return OpenSAML representation of SubjectConfirmation.
+ * @throws TrustException If unable to find any of the XML builders.
+ */
+ public static SubjectConfirmation createSubjectConfirmation(final String confirmationMethod,
+ KeyInfo keyInfoContent) throws TrustException {
+
+ SubjectConfirmation subjectConfirmation
+ = (SubjectConfirmation)SAMLUtils.buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
+
+ ConfirmationMethod method = SAMLUtils.createSubjectConfirmationMethod(confirmationMethod);
+ subjectConfirmation.getConfirmationMethods().add(method);
+
+ if (keyInfoContent != null) {
+ subjectConfirmation.setKeyInfo(keyInfoContent);
+ }
+
+ return subjectConfirmation;
}
+
+ /**
+ * Creates an opensaml Subject representation. The relevant XML would looks as follows,
+ * <saml:Subject>
+ * <saml:NameIdentifier
+ * NameQualifier="www.example.com"
+ * Format="...">
+ * uid=joe,ou=people,ou=saml-demo,o=baltimore.com
+ * </saml:NameIdentifier>
+ * <saml:SubjectConfirmation>
+ * <saml:ConfirmationMethod>
+ * urn:oasis:names:tc:SAML:1.0:cm:holder-of-key
+ * </saml:ConfirmationMethod>
+ * <ds:KeyInfo>
+ * <ds:KeyValue>...</ds:KeyValue>
+ * </ds:KeyInfo>
+ * </saml:SubjectConfirmation>
+ * </saml:Subject>
+ * @param nameIdentifier Represent the "NameIdentifier" of XML element above.
+ * @param confirmationMethod Represent the bearer, HOK or Sender-Vouches.
+ * @param keyInfoContent Key info information. This could be null.
+ * @return OpenSAML representation of the Subject.
+ * @throws TrustException If a relevant XML builder is unable to find.
+ */
+ public static Subject createSubject(final NameIdentifier nameIdentifier, final String confirmationMethod,
+ KeyInfo keyInfoContent) throws TrustException {
+
+ Subject subject = (Subject)SAMLUtils.buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
+ subject.setNameIdentifier(nameIdentifier);
+
+ SubjectConfirmation subjectConfirmation
+ = SAMLUtils.createSubjectConfirmation(confirmationMethod,keyInfoContent);
+ subject.setSubjectConfirmation(subjectConfirmation);
+
+ return subject;
+ }
+
+ /**
+ * Creates an AuthenticationStatement. The relevant XML element looks as follows,
+ * <AuthenticationStatement
+ * AuthenticationInstant="2003-04-17T00:46:00Z"
+ * AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
+ * <Subject>
+ * <NameIdentifier
+ * Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
+ * scott@example.org</NameIdentifier>
+ * <SubjectConfirmation>
+ * <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod>
+ * </SubjectConfirmation>
+ * </Subject>
+ * <SubjectLocality IPAddress="127.0.0.1"/>
+ * </AuthenticationStatement>
+ * @param subject OpenSAML Subject implementation.
+ * @param authenticationMethod How subject is authenticated ? i.e. by using a password, kerberos, certificate
+ * etc ... The method is defined as a URL in SAML specification.
+ * @param authenticationInstant Time which authentication took place.
+ * @return opensaml AuthenticationStatement object.
+ * @throws org.apache.rahas.TrustException If unable to find the builder.
+ */
+ public static AuthenticationStatement createAuthenticationStatement(Subject subject, String authenticationMethod,
+ DateTime authenticationInstant)
+ throws TrustException {
+
+ AuthenticationStatement authenticationStatement
+ = (AuthenticationStatement)SAMLUtils.buildXMLObject(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
+
+ authenticationStatement.setSubject(subject);
+ authenticationStatement.setAuthenticationMethod(authenticationMethod);
+ authenticationStatement.setAuthenticationInstant(authenticationInstant);
+
+ return authenticationStatement;
+ }
+
+ /**Creates an attribute statement. Sample attribute statement would look like follows,
+ * <saml:AttributeStatement>
+ * <saml:Subject>
+ * <saml:NameIdentifier
+ * NameQualifier="www.example.com"
+ * Format="...">
+ * uid=joe,ou=people,ou=saml-demo,o=baltimore.com
+ * </saml:NameIdentifier>
+ * <saml:SubjectConfirmation>
+ * <saml:ConfirmationMethod>
+ * urn:oasis:names:tc:SAML:1.0:cm:holder-of-key
+ * </saml:ConfirmationMethod>
+ * <ds:KeyInfo>
+ * <ds:KeyValue>...</ds:KeyValue>
+ * </ds:KeyInfo>
+ * </saml:SubjectConfirmation>
+ * </saml:Subject>
+ * <saml:Attribute
+ * AttributeName="MemberLevel"
+ * AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes">
+ * <saml:AttributeValue>gold</saml:AttributeValue>
+ * </saml:Attribute>
+ * <saml:Attribute
+ * AttributeName="E-mail"
+ * AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes">
+ * <saml:AttributeValue>joe@yahoo.com</saml:AttributeValue>
+ * </saml:Attribute>
+ * </saml:AttributeStatement>
+ *
+ * @param subject The OpenSAML representation of the Subject.
+ * @param attributeList List of attribute values to include within the message.
+ * @return OpenSAML representation of AttributeStatement.
+ * @throws org.apache.rahas.TrustException If unable to find the appropriate builder.
+ */
+ public static AttributeStatement createAttributeStatement(Subject subject, List<Attribute> attributeList)
+ throws TrustException {
+
+ AttributeStatement attributeStatement
+ = (AttributeStatement)SAMLUtils.buildXMLObject(AttributeStatement.DEFAULT_ELEMENT_NAME);
+
+ attributeStatement.setSubject(subject);
+ attributeStatement.getAttributes().addAll(attributeList);
+
+ return attributeStatement;
+ }
+
+ /**
+ * Creates Conditions object. Analogous XML element is as follows,
+ * <saml:Conditions>
+ * NotBefore="2002-06-19T16:53:33.173Z"
+ * NotOnOrAfter="2002-06-19T17:08:33.173Z"/>
+ * @param notBefore The validity of the Assertion starts from this value.
+ * @param notOnOrAfter The validity ends from this value.
+ * @return OpenSAML Conditions object.
+ * @throws org.apache.rahas.TrustException If unable to find appropriate builder.
+ */
+ public static Conditions createConditions(DateTime notBefore, DateTime notOnOrAfter) throws TrustException {
+
+ Conditions conditions = (Conditions)SAMLUtils.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
+
+ conditions.setNotBefore(notBefore);
+ conditions.setNotOnOrAfter(notOnOrAfter);
+
+ return conditions;
+ }
+
+ /**
+ * This method creates the final SAML assertion. The final SAML assertion would looks like as follows,
+ * <saml:Assertion AssertionID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc"
+ * IssueInstant="2003-04-17T00:46:02Z"
+ * Issuer=”www.opensaml.org”
+ * MajorVersion="1"
+ * MinorVersion="1"
+ * xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
+ * <saml:Conditions>
+ * NotBefore="2002-06-19T16:53:33.173Z"
+ * NotOnOrAfter="2002-06-19T17:08:33.173Z"/>
+ * <saml:AttributeStatement>
+ * <saml:Subject>
+ * <saml:NameIdentifier
+ * NameQualifier="www.example.com"
+ * Format="...">
+ * uid=joe,ou=people,ou=saml-demo,o=baltimore.com
+ * </saml:NameIdentifier>
+ * <saml:SubjectConfirmation>
+ * <saml:ConfirmationMethod>
+ * urn:oasis:names:tc:SAML:1.0:cm:holder-of-key
+ * </saml:ConfirmationMethod>
+ * <ds:KeyInfo>
+ * <ds:KeyValue>...</ds:KeyValue>
+ * </ds:KeyInfo>
+ * </saml:SubjectConfirmation>
+ * </saml:Subject>
+ * <saml:Attribute
+ * AttributeName="MemberLevel"
+ * AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes">
+ * <saml:AttributeValue>gold</saml:AttributeValue>
+ * </saml:Attribute>
+ * <saml:Attribute
+ * AttributeName="E-mail" AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes">
+ * <saml:AttributeValue>joe@yahoo.com</saml:AttributeValue>
+ * </saml:Attribute>
+ * </saml:AttributeStatement>
+ * <ds:Signature>...</ds:Signature>
+ * </saml:Assertion>
+ * @param issuerName Represents the "Issuer" in Assertion.
+ * @param notBefore The Condition's NotBefore value
+ * @param notOnOrAfter The Condition's NotOnOrAfter value
+ * @param statements Other statements.
+ * @return An opensaml Assertion object.
+ * @throws org.apache.rahas.TrustException If unable to find the appropriate builder.
+ */
+ public static Assertion createAssertion(String issuerName, DateTime notBefore, DateTime notOnOrAfter,
+ List<Statement> statements) throws TrustException {
+
+ Assertion assertion = (Assertion)SAMLUtils.buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
+
+ assertion.setIssuer(issuerName);
+ assertion.setConditions(SAMLUtils.createConditions(notBefore, notOnOrAfter));
+ assertion.getStatements().addAll(statements);
+
+ return assertion;
+ }
+
+ /**
+ * Creates a SAML attribute similar to following,
+ * <saml:Attribute
+ * AttributeName="MemberLevel"
+ * AttributeNamespace="http://www.oasis.open.org/Catalyst2002/attributes">
+ * <saml:AttributeValue>gold</saml:AttributeValue>
+ * </saml:Attribute>
+ * @param name attribute name
+ * @param namespace attribute namespace.
+ * @param value attribute value.
+ * @return OpenSAML representation of the attribute.
+ * @throws org.apache.rahas.TrustException If unable to find the appropriate builder.
+ */
+ public static Attribute createAttribute(String name, String namespace, String value) throws TrustException {
+
+ Attribute attribute = (Attribute)SAMLUtils.buildXMLObject(Attribute.DEFAULT_ELEMENT_NAME);
+
+ attribute.setAttributeName(name);
+ attribute.setAttributeNamespace(namespace);
+
+ XSStringBuilder attributeValueBuilder = (XSStringBuilder)Configuration.getBuilderFactory().
+ getBuilder(XSString.TYPE_NAME);
+
+ XSString stringValue
+ = attributeValueBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+
+ attribute.getAttributeValues().add(stringValue);
+
+ return attribute;
+
+ }
+
+ /**
+ * Creates a KeyInfo object
+ * @return OpenSAML KeyInfo representation.
+ * @throws TrustException If an error occurred while creating KeyInfo.
+ */
+ public static KeyInfo createKeyInfo() throws TrustException {
+
+ return (KeyInfo)SAMLUtils.buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
+ }
+
+ /**
+ * Creates a KeyInfo element given EncryptedKey. The relevant XML would looks as follows,
+ * <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ * <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ * ....
+ * </xenc:EncryptedKey>
+ * </ds:KeyInfo>
+ * @param encryptedKey The OpemSAML representation of encrypted key.
+ * @return The appropriate opensaml representation of the KeyInfo.
+ * @throws org.apache.rahas.TrustException If unable to find the builder.
+ */
+ public static KeyInfo createKeyInfo(EncryptedKey encryptedKey) throws TrustException {
+
+ KeyInfo keyInfo = createKeyInfo();
+ keyInfo.getEncryptedKeys().add(encryptedKey);
+
+ return keyInfo;
+ }
+
+ /**
+ * Creates a KeyInfo element given EncryptedKey. The relevant XML would looks as follows,
+ * <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ * <X509Data xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ * ....
+ * </X509Data>
+ * </ds:KeyInfo>
+ * @param x509Data The OpemSAML representation X509Data
+ * @return The appropriate opensaml representation of the KeyInfo.
+ * @throws org.apache.rahas.TrustException If unable to find the builder.
+ */
+ public static KeyInfo createKeyInfo(X509Data x509Data) throws TrustException {
+
+ KeyInfo keyInfo = createKeyInfo();
+ keyInfo.getX509Datas().add(x509Data);
+
+ return keyInfo;
+ }
+
+ /**
+ * Creates the certificate based KeyInfo object.
+ * @param certificate The public key certificate used to create the KeyInfo object.
+ * @return OpenSAML representation of KeyInfo object.
+ * @throws TrustException If an error occurred while creating the KeyInfo
+ */
+ public static KeyInfo getCertificateBasedKeyInfo(X509Certificate certificate) throws TrustException {
+ X509Data x509Data = SAMLUtils.createX509Data(certificate);
+ return SAMLUtils.createKeyInfo(x509Data);
+ }
+
+
+ /**
+ * This method creates KeyInfo element of an assertion. This is a facade, in which it calls
+ * to other helper methods to create KeyInfo. The TokenIssuer will call this method to
+ * create the KeyInfo.
+ * @param doc An Axiom based DOM Document.
+ * @param data The ephemeral key which we use here need in encrypting the message also. Therefore
+ * we need to save the ephemeral key in RahasData passed here.
+ * @param serviceCert Public key used to encrypt the assertion is extracted from this certificate.
+ * @param keySize Size of the key to be used
+ * @param crypto The relevant private key
+ * @param keyComputation Key computation mechanism.
+ * @return OpenSAML KeyInfo representation.
+ * @throws WSSecurityException We use WSS4J to generate encrypted key. This exception will trigger if an
+ * error occurs while generating the encrypted key.
+ * @throws TrustException If an error occurred while creating KeyInfo object.
+ */
+ public static KeyInfo getSymmetricKeyBasedKeyInfo(Document doc,
+ RahasData data,
+ X509Certificate serviceCert,
+ int keySize,
+ Crypto crypto,
+ int keyComputation) throws WSSecurityException, TrustException {
+
+ byte[] ephemeralKey = TokenIssuerUtil.getSharedSecret(
+ data, keyComputation, keySize);
+
+ WSSecEncryptedKey encryptedKey = getSymmetricKeyBasedKeyInfoContent(doc, ephemeralKey, serviceCert,
+ keySize, crypto);
+
+ // Extract the base64 encoded secret value
+ byte[] tempKey = new byte[keySize / 8];
+ System.arraycopy(encryptedKey.getEphemeralKey(), 0, tempKey,
+ 0, keySize / 8);
+
+
+ data.setEphmeralKey(tempKey);
+
+ EncryptedKey samlEncryptedKey = SAMLUtils.createEncryptedKey(serviceCert, encryptedKey);
+ return SAMLUtils.createKeyInfo(samlEncryptedKey);
+ }
+
+
+
+ static WSSecEncryptedKey getSymmetricKeyBasedKeyInfoContent(Document doc,
+ byte[] ephemeralKey,
+ X509Certificate serviceCert,
+ int keySize,
+ Crypto crypto) throws WSSecurityException,
+ TrustException {
+ // Create the encrypted key
+ WSSecEncryptedKey encryptedKeyBuilder = new WSSecEncryptedKey();
+
+ // Use thumbprint id
+ encryptedKeyBuilder
+ .setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+
+ // SEt the encryption cert
+ encryptedKeyBuilder.setUseThisCert(serviceCert);
+
+ // set keysize
+ encryptedKeyBuilder.setKeySize(keySize);
+
+ encryptedKeyBuilder.setEphemeralKey(ephemeralKey);
+
+ // Set key encryption algo
+ encryptedKeyBuilder
+ .setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
+
+ // Build
+ encryptedKeyBuilder.prepare(doc, crypto);
+
+ return encryptedKeyBuilder;
+ }
+
+ /**
+ * Creates the X509 data element in a SAML issuer token. Should create an element similar to following,
+ * <X509Data xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ * xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ * <X509Certificate>
+ * MIICNTCCAZ6gAwIB...
+ * </X509Certificate>
+ * </X509Data>
+ * @param clientCert Client certificate to be used when generating X509 data
+ * @return SAML X509Data representation.
+ * @throws TrustException If an error occurred while creating X509Data and X509Certificate.
+ */
+ static X509Data createX509Data(X509Certificate clientCert) throws TrustException {
+
+ byte[] clientCertBytes;
+ try {
+ clientCertBytes = clientCert.getEncoded();
+ } catch (CertificateEncodingException e) {
+ log.error("An error occurred while encoding certificate.", e);
+ throw new TrustException("An error occurred while encoding certificate.", e);
+ }
+ String base64Cert = Base64.encode(clientCertBytes);
+
+ org.opensaml.xml.signature.X509Certificate x509Certificate
+ = (org.opensaml.xml.signature.X509Certificate)SAMLUtils.buildXMLObject
+ (org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
+
+ x509Certificate.setValue(base64Cert);
+
+ X509Data x509Data = (X509Data)SAMLUtils.buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
+ x509Data.getX509Certificates().add(x509Certificate);
+
+ return x509Data;
+ }
+
+ /**
+ * This method will created the "EncryptedKey" of a SAML assertion.
+ * An encrypted key would look like as follows,
+ * <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ * xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ * Id="EncKeyId-E5CEA44F9C25F55C4913269595550814">
+ * <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ * <ds:KeyInfo>
+ * <wsse:SecurityTokenReference
+ * xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ * <wsse:KeyIdentifier
+ * EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0
+ * #Base64Binary"
+ * ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">
+ * a/jhNus21KVuoFx65LmkW2O/l10=
+ * </wsse:KeyIdentifier>
+ * </wsse:SecurityTokenReference>
+ * </ds:KeyInfo>
+ * <xenc:CipherData>
+ * <xenc:CipherValue>
+ * dnP0MBHiMLlSmnjJhGFs/I8/z...
+ * </xenc:CipherValue>
+ * </xenc:CipherData>
+ * </xenc:EncryptedKey>
+ * @param certificate Certificate which holds the public key to encrypt ephemeral key.
+ * @param wsSecEncryptedKey WS Security object which contains encrypted ephemeral key.
+ * TODO Passing WSSecEncryptedKey is an overhead. We should be able to create encrypted ephemeral
+ * key without WSS4J
+ * @return OpenSAML EncryptedKey representation.
+ * @throws TrustException If an error occurred while creating EncryptedKey.
+ */
+ static EncryptedKey createEncryptedKey(X509Certificate certificate, WSSecEncryptedKey wsSecEncryptedKey)
+ throws TrustException {
+
+ SecurityTokenReference securityTokenReference
+ = (SecurityTokenReference)SAMLUtils.buildXMLObject(SecurityTokenReference.ELEMENT_NAME);
+
+ KeyIdentifier keyIdentifier = (KeyIdentifier)SAMLUtils.buildXMLObject(KeyIdentifier.ELEMENT_NAME);
+
+ // Encoding type set to http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0
+ // #Base64Binary
+ keyIdentifier.setEncodingType(KeyIdentifier.ENCODING_TYPE_BASE64_BINARY);
+ keyIdentifier.setValueType(WSSecurityConstants.THUMB_PRINT_SHA1);
+ keyIdentifier.setValue(getThumbprintSha1(certificate));
+
+ securityTokenReference.getUnknownXMLObjects().add(keyIdentifier);
+
+ KeyInfo keyInfo = SAMLUtils.createKeyInfo();
+ keyInfo.getXMLObjects().add(securityTokenReference);
+
+ CipherValue cipherValue = (CipherValue)buildXMLObject(CipherValue.DEFAULT_ELEMENT_NAME);
+ cipherValue.setValue(Base64.encode(wsSecEncryptedKey.getEncryptedEphemeralKey()));
+
+ CipherData cipherData = (CipherData)buildXMLObject(CipherData.DEFAULT_ELEMENT_NAME);
+ cipherData.setCipherValue(cipherValue);
+
+ EncryptionMethod encryptionMethod = (EncryptionMethod)buildXMLObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
+ encryptionMethod.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
+
+ EncryptedKey encryptedKey = (EncryptedKey)SAMLUtils.buildXMLObject(EncryptedKey.DEFAULT_ELEMENT_NAME);
+
+ encryptedKey.setID(wsSecEncryptedKey.getId());
+ encryptedKey.setEncryptionMethod(encryptionMethod);
+ encryptedKey.setCipherData(cipherData);
+ encryptedKey.setKeyInfo(keyInfo);
+
+ return encryptedKey;
+
+ }
+
+ private static String getThumbprintSha1(X509Certificate cert) throws TrustException {
+
+ MessageDigest sha;
+ try {
+ sha = MessageDigest.getInstance("SHA-1");
+ } catch (NoSuchAlgorithmException e1) {
+ throw new TrustException("sha1NotFound", e1);
+ }
+ sha.reset();
+ try {
+ sha.update(cert.getEncoded());
+ } catch (CertificateEncodingException e1) {
+ throw new TrustException("certificateEncodingError", e1);
+ }
+ byte[] data = sha.digest();
+
+ return Base64.encode(data);
+ }
+
+ /**
+ * Converts java.util.Date to opensaml DateTime object.
+ * @param date Java util date
+ * @return opensaml specific DateTime object.
+ */
+ public static DateTime convertToDateTime(Date date) {
+ return new DateTime(date);
+ }
+
}
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SignKeyHolder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SignKeyHolder.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SignKeyHolder.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SignKeyHolder.java Sun Jan 29 15:16:02 2017
@@ -39,7 +39,7 @@ public class SignKeyHolder implements X5
private X509Certificate[] issuerCerts = null;
- private PrivateKey issuerPK = null;
+ private PrivateKey issuerPK = null;
public String getSignatureAlgorithm() {
Modified: axis/axis2/java/rampart/branches/RAMPART-252/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/pom.xml?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/pom.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/pom.xml Sun Jan 29 15:16:02 2017
@@ -1,20 +1,41 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>7</version>
+ <version>8</version>
</parent>
+
<groupId>org.apache.rampart</groupId>
+ <modelVersion>4.0.0</modelVersion>
<artifactId>rampart-project</artifactId>
<packaging>pom</packaging>
<description> WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache Axis2 </description>
- <version>SNAPSHOT</version>
+ <version>1.7.0-SNAPSHOT</version>
<name>Apache Rampart</name>
- <url>http://ws.apache.org/rampart</url>
+ <url>http://axis.apache.org/axis2/java/rampart</url>
<licenses>
<license>
@@ -77,37 +98,28 @@
<name>Nandana Mihindukulasooriya</name>
<id>nandana</id>
<email>nandana AT apache.org</email>
- <organization></organization>
+ <organization />
+ </developer>
+ <developer>
+ <name>Thilina Buddhika</name>
+ <id>thilinamb</id>
+ <email>thilinamb AT apache.org</email>
+ <organization>WSO2</organization>
</developer>
</developers>
<scm>
<connection>
- scm:svn:https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
+ scm:svn:http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
</connection>
<developerConnection>
scm:svn:https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
</developerConnection>
- <url>https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</url>
+ <url>http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk</url>
</scm>
<repositories>
-
- <repository>
- <id>wso2-maven2-repository</id>
- <name>WSO2 Maven2 Repository</name>
- <url>http://dist.wso2.org/maven2</url>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>never</updatePolicy>
- <checksumPolicy>fail</checksumPolicy>
- </releases>
- </repository>
-
<repository>
<releases>
<enabled>true</enabled>
@@ -126,37 +138,27 @@
</repositories>
-
- <pluginRepositories>
-
- <pluginRepository>
- <id>snapshot-apache</id>
- <name>Apache Snapshot repository</name>
- <url>http://people.apache.org/repo/m2-snapshot-repository</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </pluginRepository>
-
- <pluginRepository>
- <id>snapshot</id>
- <name>Snapshot repository</name>
- <url>http://snapshots.maven.codehaus.org/maven2</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </pluginRepository>
-
- </pluginRepositories>
-
-
<build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-release-plugin</artifactId>
+ <configuration>
+ <autoVersionSubmodules>true</autoVersionSubmodules>
+ <preparationGoals>clean install</preparationGoals>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <version>1.5.4</version>
+ </plugin>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.10</version>
+ </plugin>
+ </plugins>
+ </pluginManagement>
<plugins>
<plugin>
@@ -205,10 +207,6 @@
<version>${axis2.version}</version>
<scope>compile</scope>
</dependency>
- <dependency>
- <groupId>org.apache.ws.commons.axiom</groupId>
- <artifactId>axiom-dom</artifactId>
- </dependency>
<!-- Other Rampart Dependencies -->
<dependency>
@@ -224,6 +222,10 @@
<artifactId>xalan</artifactId>
<groupId>xalan</groupId>
</exclusion>
+ <!--exclusion>
+ <artifactId>org.opensaml</artifactId>
+ <groupId>opensaml1</groupId>
+ </exclusion-->
</exclusions>
</dependency>
<dependency>
@@ -232,63 +234,47 @@
<version>2.7.1</version>
</dependency>
<dependency>
- <groupId>org.apache.santuario</groupId>
- <artifactId>xmlsec</artifactId>
- <version>${xmlsec.version}</version>
- </dependency>
- <dependency>
- <groupId>opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <version>1.1.406</version>
- </dependency>
- <dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
- <version>2.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-jdk14</artifactId>
- <version>1.5.2</version>
- </dependency>
- <dependency>
- <groupId>commons-lang</groupId>
- <artifactId>commons-lang</artifactId>
- <version>2.3</version>
- </dependency>
-
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>${log4j.version}</version>
- <scope>test</scope>
+ <version>${opensaml.version}</version>
<exclusions>
+ <!-- Don't allow OpenSAML to impose a particular logging implementation -->
<exclusion>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
- </exclusion>
- <exclusion>
- <groupId>javax.jms</groupId>
- <artifactId>jms</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.sun.jdmk</groupId>
- <artifactId>jmxtools</artifactId>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
</exclusion>
<exclusion>
- <groupId>com.sun.jmx</groupId>
- <artifactId>jmxri</artifactId>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
</exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml1</artifactId>
+ <version>1.1</version>
+ <exclusions>
+ <!-- Don't allow OpenSAML to impose a particular logging implementation -->
<exclusion>
- <groupId>oro</groupId>
- <artifactId>oro</artifactId>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
</exclusion>
<exclusion>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <version>${bcprov.jdk15.version}</version>
+ </dependency>
<!-- Junit Dependency -->
<dependency>
@@ -319,41 +305,54 @@
<artifactId>axiom-dom</artifactId>
<version>${axiom.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>1.5.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jcl</artifactId>
+ <version>1.5.5</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.15</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>javax.jms</groupId>
+ <artifactId>jms</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.sun.jdmk</groupId>
+ <artifactId>jmxtools</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.sun.jmx</groupId>
+ <artifactId>jmxri</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>oro</groupId>
+ <artifactId>oro</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
</dependencyManagement>
<profiles>
<profile>
- <id>jdk14</id>
- <activation>
- <activeByDefault>true</activeByDefault>
- <jdk>1.4</jdk>
- </activation>
- <dependencies>
- <dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk14</artifactId>
- <version>${bcprov.jdk14.version}</version>
- </dependency>
- </dependencies>
- </profile>
-
- <profile>
- <id>jdk15</id>
- <activation>
- <jdk>1.5</jdk>
- </activation>
- <dependencies>
- <dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk15</artifactId>
- <version>${bcprov.jdk15.version}</version>
- </dependency>
- </dependencies>
- </profile>
-
- <profile>
- <id>distribution</id>
+ <id>apache-release</id>
<activation>
<property>
<name>release</name>
@@ -363,6 +362,38 @@
<module>modules/documentation</module>
<module>modules/distribution</module>
</modules>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <!-- Override the execution defined in org.apache:apache
+ so that the source-release assembly is not built.
+ We define our own source distribution in modules/distribution. -->
+ <id>source-release-assembly</id>
+ <configuration>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <skipAssembly>true</skipAssembly>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+
+ <profile>
+ <!-- Profile that includes all modules. This is handy when using maven-release-plugin
+ for anything else than doing a release. -->
+ <id>everything</id>
+ <modules>
+ <module>modules/documentation</module>
+ <module>modules/distribution</module>
+ </modules>
</profile>
</profiles>
@@ -377,48 +408,19 @@
</modules>
<properties>
+ <axis2.version>1.7.0-SNAPSHOT</axis2.version>
+ <axiom.version>1.2.13-SNAPSHOT</axiom.version>
- <rampart.version>${pom.version}</rampart.version>
- <rampart.mar.version>SNAPSHOT</rampart.mar.version>
- <rahas.mar.version>SNAPSHOT</rahas.mar.version>
-
- <axis2.version>1.5.3</axis2.version>
- <axiom.version>1.2.10</axiom.version>
-
- <wss4j.version>1.5.10</wss4j.version>
- <xmlsec.version>1.4.2</xmlsec.version>
- <opensaml.version>1.1</opensaml.version>
+ <wss4j.version>1.5.13-SNAPSHOT</wss4j.version>
+ <opensaml.version>2.5.1-1</opensaml.version>
- <bcprov.jdk14.version>140</bcprov.jdk14.version>
<bcprov.jdk15.version>140</bcprov.jdk15.version>
<junit.version>3.8.2</junit.version>
- <log4j.version>1.2.15</log4j.version>
<!-- distribution properties -->
- <dist.dir>rampart-${pom.version}</dist.dir>
+ <dist.dir>rampart-${project.version}</dist.dir>
<failIfNoTests>false</failIfNoTests>
</properties>
-
- <distributionManagement>
- <repository>
- <id>apache-repo</id>
- <name>Maven Central Repository</name>
- <url>
- scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository
- </url>
- </repository>
- <snapshotRepository>
- <id>apache-snapshots</id>
- <name>Apache Development Repository</name>
- <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
- <uniqueVersion>false</uniqueVersion>
- </snapshotRepository>
- <site>
- <id>website</id>
- <url>scpexe://people.apache.org/www/ws.apache.org/rampart</url>
- </site>
- </distributionManagement>
-
</project>
Propchange: axis/axis2/java/rampart/branches/RAMPART-252/pom.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: axis/axis2/java/rampart/branches/RAMPART-252/release-docs/ChangeLog.txt
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/release-docs/ChangeLog.txt?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/release-docs/ChangeLog.txt (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/release-docs/ChangeLog.txt Sun Jan 29 15:16:02 2017
@@ -1,6 +1,27 @@
This file contains a listing of all Jira issues that have been closed
for a given release.
+Release 1.6.0 - 06 Jun 2011
+===========================
+** Bug
+ * [RAMPART-327] - SVN locations mentioned in the developer guide are obsoleted
+ * [RAMPART-326] - Soap faults would not be secured if parameter based configuration is used
+ * [RAMPART-317] - Rampart Trust implementation does not properly handle SAML token with Bearer subject confirmation method
+ * [RAMPART-305] - If Rampart detects a security error a HTML page is send to the client instead of a SOAP fault
+ * [RAMPART-299] - Rampart ignores BootstrapPolicy settings in message exchange with WS-SecureConversation STS
+ * [RAMPART-398] - Client using SymmetricBinding runs slower and slower as more requests are made
+ * [RAMPART-264] - PolicyBasedResultsValidator fails on ContentEncryptedElements and EncryptedElements
+ * [RAMPART-236] - Error in service method is not properly handled for parameter based WS-Security (issue in RampartReceiver??)
+ * [RAMPART-201] - Add alias/certificate used for validating signature
+ * [RAMPART-183] - Rampart not correctly enforcing Signature validity if other security elements exist (ie - Timestamp)
+ * [RAMPART-98] - When the request uses a BEARER keyType, The STSClient tries to retrieve the ProofToken even when the token type is Bearer.
+
+
+** Improvement
+ * [RAMPART-297] - Add support for ContentEncryptedElements Assertion
+ * [RAMPART-321] - Possible improvements to the logging in Rampart
+
+
Release 1.5.1 - 23 Dec 2010
===========================
Modified: axis/axis2/java/rampart/branches/RAMPART-252/release-docs/README.txt
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/release-docs/README.txt?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/release-docs/README.txt (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/release-docs/README.txt Sun Jan 29 15:16:02 2017
@@ -1,5 +1,5 @@
======================================================
-Apache Rampart-1.5.1 build (Dec 23, 2010)
+Apache Rampart-${project.version} build (${buildTimestamp})
http://axis.apache.org/axis2/java/rampart
------------------------------------------------------
@@ -13,30 +13,30 @@ lib - This directory contains all t
release.
-rampart-1.5.1.mar - WS-Security and WS-SecureConversation support for Axis2
-rahas-1.5.1.mar - STS module - to be used to add STS operations to a service
+rampart-${project.version}.mar - WS-Security and WS-SecureConversation support for Axis2
+rahas-${project.version}.mar - STS module - to be used to add STS operations to a service
samples - This contains samples on using Apache Rampart and configuring
different components to carryout different WS-Sec* operations.
README.txt - This file
-build.xml - Setup file to copy all jars to required places
-____________
-Installation
-============
-
-Using Ant
----------
-Run ant script on extracted binary distribution and it will copy the required files to Axis2. You have to set the AXIS2_HOME system variable to point to your Axis2 binary distribution.
-
-Manual Installation
--------------------
-You can copy the required libraries and module files manually. You need copy all the libraries in the lib directory of Rampart binary distribution to Axis2 lib directory and all the module files to in the modules directory of Rampart binary distribution to Axis2 modules directory.
-
-Axis2 lib directory – AXIS2_HOME/lib (Standard binary distribution ) or axis2/WEB-INF/lib (WAR)
-
-Axis2 modules directory – AXIS2_HOME/repository/modules (Standard binary distribution ) or axis2/WEB-INF/modules (WAR)
+build.xml - Setup file to copy all jars to required places
+____________
+Installation
+============
+
+Using Ant
+---------
+Run ant script on extracted binary distribution and it will copy the required files to Axis2. You have to set the AXIS2_HOME system variable to point to your Axis2 binary distribution.
+
+Manual Installation
+-------------------
+You can copy the required libraries and module files manually. You need copy all the libraries in the lib directory of Rampart binary distribution to Axis2 lib directory and all the module files to in the modules directory of Rampart binary distribution to Axis2 modules directory.
+
+Axis2 lib directory – AXIS2_HOME/lib (Standard binary distribution ) or axis2/WEB-INF/lib (WAR)
+
+Axis2 modules directory – AXIS2_HOME/repository/modules (Standard binary distribution ) or axis2/WEB-INF/modules (WAR)
IMPORTANT:
@@ -64,14 +64,18 @@ http://www.bouncycastle.org/latest_relea
lib/security directory as the last line.
security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider
-Test cases written for SAML 2.0 support requires endorsing the JDK's default JAXP
+On older JDKs, the SAML 2.0 support requires endorsing the JDK's default JAXP
implementation with Xerces(http://xerces.apache.org/mirrors.cgi#binary) and
-Xalan(http://xml.apache.org/xalan-j/downloads.html#latest-release). So before building Rampart from the
-source distribution, you need to copy resolver-x.x.x.jar, serializer-x.x.x.jar, xercesImpl-x.x.x.jar
+Xalan(http://xml.apache.org/xalan-j/downloads.html#latest-release). To do that,
+you need to copy resolver-x.x.x.jar, serializer-x.x.x.jar, xercesImpl-x.x.x.jar
and xml-apis-x.x.x.jar from the Xerces binary distribution and xalan-x.x.x.jar from the xalan binary
distribution to the endorsed directory. If you are using Sun JDK, endorsed directory is located at
$JAVA_HOME/jre/lib/endorsed.
+Note that during the build these JARs are added automatically to the boot classpath
+of the JVM running the unit tests. Therefore this is only necessary at runtime, not
+when building Rampart.
+
When Rampart is deployed in a particular application server, please refer to the endorsing mechanism
recommended for that server and endorse the JAXP implementation using the set of jars mentioned above.
Modified: axis/axis2/java/rampart/branches/RAMPART-252/release-docs/release-notes.html
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/release-docs/release-notes.html?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/release-docs/release-notes.html (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/release-docs/release-notes.html Sun Jan 29 15:16:02 2017
@@ -12,30 +12,30 @@
<body>
<h1>Apache Rampart Release Notes</h1>
-<p>This is the 1.5.1 release of Apache Rampart.</p>
+<p>This is the 1.6.0 release of Apache Rampart.</p>
-<p>Apache Rampart 1.5.1 is a toolkit that provides implementations of the WS-Sec*
-specifications for Apache Axis2 1.5.1, based on Apache WSS4J 1.5.10 and
-the Apache AXIOM-DOOM 1.2.10 implementation.</p>
+<p>Apache Rampart 1.6.0 is a toolkit that provides implementations of the WS-Sec*
+specifications for Apache Axis2 1.6.0, based on Apache WSS4J 1.5.11 and
+the Apache AXIOM-DOOM 1.2.11 implementation.</p>
<b>What is in this release</b>
<p>There are two main Apache Axis2 modules provided with this release.</p>
<ul>
-<li>rampart-1.5.1.mar</li>
+<li>rampart-1.6.0.mar</li>
This provides support for WS-Security and WS-SecureConversation features.
-<li>rahas-1.5.1.mar</li>
+<li>rahas-1.6.0.mar</li>
This module provides the necessary components to enable SecurityTokenService
functionality on a service.
</ul>
-<p>Apache Rampart 1.5.1 uses a configuration model based on WS-Policy
+<p>Apache Rampart 1.6.0 uses a configuration model based on WS-Policy
and WS-Security Policy and it is important to note that Apache Rampart 1.0 style
configuration is also available even though being marked as deprecated.
</p>
-<p>Apache Rampart 1.5.1 can be successfully used with the next Apache Sandesha2 1.4
-release targeted towards Apache Axis2 1.5.4 to configure
+<p>Apache Rampart 1.6.0 can be successfully used with the next Apache Sandesha2 1.6.0
+release targeted towards Apache Axis2 1.6.0 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.</p>
<p>
The rampart module was successfully tested for interoperability with other