You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by bi...@apache.org on 2020/04/15 16:08:08 UTC
[axis-axis2-java-rampart] branch RAMPART-252 created (now aea8fbb)
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a change to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git.
at aea8fbb Adapt to changes in the WSS4J API.
This branch includes the following new commits:
new a9ff043 Create development branch for RAMPART-252.
new 0455173 RAMPART-252: Commit patch provided by Prabath Siriwardena.
new f20bf07 Merge changes up to r1052171 from trunk.
new 6090351 Merge r1052172 from trunk.
new 1d944fb Merge changes up to r1240267 from trunk.
new b258a53 Merge r1240268 from trunk.
new f505eb5 Merge latest changes from trunk.
new 61111f9 Removing the part of the patch related to SAML processing. The necessary change proposed in WSS-206 has never been applied.
new aea8fbb Adapt to changes in the WSS4J API.
The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[axis-axis2-java-rampart] 08/09: Removing the part of the patch
related to SAML processing. The necessary change proposed in WSS-206 has
never been applied.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 61111f929c51de135888fc0cf2a552902a5a8da9
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 16:35:55 2017 +0000
Removing the part of the patch related to SAML processing. The necessary change proposed in WSS-206 has never been applied.
---
.../rampart/builder/SymmetricBindingBuilder.java | 39 ++--------------------
1 file changed, 3 insertions(+), 36 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index 7cc40d7..acb2b73 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -17,9 +17,6 @@
package org.apache.rampart.builder;
import org.apache.axiom.om.OMElement;
-import org.apache.axiom.om.OMFactory;
-import org.apache.axiom.om.impl.builder.StAXOMBuilder;
-import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -58,8 +55,6 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*;
-import javax.xml.stream.XMLStreamReader;
-
public class SymmetricBindingBuilder extends BindingBuilder {
@@ -538,12 +533,6 @@ public class SymmetricBindingBuilder extends BindingBuilder {
//Encryption
Token encrToken = rpd.getEncryptionToken();
-
- boolean isIssuedToken = false;
- if (encrToken instanceof IssuedToken) {
- isIssuedToken = true;
- }
-
Element encrTokElem = null;
if(sigToken.equals(encrToken)) {
//Use the same token
@@ -666,23 +655,13 @@ public class SymmetricBindingBuilder extends BindingBuilder {
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
// Use key identifier in the KeyInfo in server side
if (!rmd.isInitiator()) {
- if (encrTok instanceof EncryptedKeyToken) {
+ if(encrTok instanceof EncryptedKeyToken) {
// TODO was encr.setUseKeyIdentifier(true); verify
encr.setEncKeyIdDirectId(true);
- encr.setCustomReferenceValue(((EncryptedKeyToken) encrTok).getSHA1());
+ encr.setCustomReferenceValue(((EncryptedKeyToken)encrTok).getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- }
- } else if (isIssuedToken) {
- encr.setUseKeyIdentifier(true);
- encr.setCustomReferenceValue(encrTokId);
- encr.setKeyIdentifierType(WSConstants.SAML_ASSERTION_IDENTIFIER);
- try {
- // RampartUtil.insertSiblingAfter(rmd,this.timestampElement,getLLOMfromOM(encrTok.getToken()));
- } catch (Exception e) {
- log.debug("error while converting SAML issued token to a dom element");
- }
+ }
}
-
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
@@ -714,18 +693,6 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
- private Element getLLOMfromOM(OMElement element) {
- // Get the StAX reader from the created element
- XMLStreamReader llomReader = element.getXMLStreamReader();
- // Create the DOOM OMFactory
- OMFactory doomFactory = DOOMAbstractFactory.getOMFactory();
- // Create the new builder
- StAXOMBuilder doomBuilder = new StAXOMBuilder(doomFactory, llomReader);
- // Get the document element
- OMElement newElem = doomBuilder.getDocumentElement();
- return (Element) newElem;
- }
-
/**
* @param rmd
* @param sigToken
[axis-axis2-java-rampart] 09/09: Adapt to changes in the WSS4J API.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit aea8fbb5423d3d7c2d203de5e04205127354409b
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 16:44:39 2017 +0000
Adapt to changes in the WSS4J API.
---
.../src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index cb33730..52bba58 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -1090,8 +1090,8 @@ public class PolicyBasedResultsValidator implements ExtendedPolicyValidatorCallb
continue;
}
- if (!(algorithmSuite.getEncryption().equals(dataRef.getAlgo()))) {
- throw new RampartException("invalidAlgorithm", new String[]{algorithmSuite.getEncryption(), dataRef.getAlgo()});
+ if (!(algorithmSuite.getEncryption().equals(dataRef.getAlgorithm()))) {
+ throw new RampartException("invalidAlgorithm", new String[]{algorithmSuite.getEncryption(), dataRef.getAlgorithm()});
}
}
}
[axis-axis2-java-rampart] 04/09: Merge r1052172 from trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 609035130e561170310bbfedafa526ba044c430a
Merge: f20bf07 465a881
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 15:06:54 2017 +0000
Merge r1052172 from trunk.
.../rampart/PolicyBasedResultsValidator.java | 46 ++++++++++++++++------
.../java/org/apache/rampart/util/Axis2Util.java | 4 +-
2 files changed, 36 insertions(+), 14 deletions(-)
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 5f4ddff,24db745..f362f26
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@@ -556,44 -554,36 +557,62 @@@ public class PolicyBasedResultsValidato
// Find elements that are signed
Vector actuallySigned = new Vector();
- if (actionResults != null) {
+ if (actionResults != null) {
+
+ AlgorithmSuite suite = rpd.getAlgorithmSuite();
+
for (int j = 0; j < actionResults.length; j++) {
+
WSSecurityEngineResult actionResult = actionResults[j];
+
+ // Validate signature algorithms
+ String sigMethod = null;
+ String canonMethod = null;
+ sigMethod = (String) actionResult.get(WSSecurityEngineResult.TAG_SIGNATURE_METHOD);
+ canonMethod = (String) actionResult
+ .get(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD);
+
+ if (sigMethod == null || canonMethod == null) {
+ throw new RampartException("algorithmNotFound");
+ }
+ // Check whether signature algorithm is correct
+ if (!(sigMethod.equals(suite.getAsymmetricSignature()) || sigMethod.equals(suite
+ .getSymmetricSignature()))) {
+ throw new RampartException("invalidAlgorithm", new String[] {
+ suite.getAsymmetricSignature(), sigMethod });
+ }
+ // Check whether the canonicalization algorithm is correct
+ if (!canonMethod.equals(suite.getInclusiveC14n())) {
+ throw new RampartException("invalidAlgorithm", new String[] {
+ suite.getInclusiveC14n(), canonMethod });
+ }
+
- Set signedIDs = (Set) actionResult
- .get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
- for (Iterator i = signedIDs.iterator(); i.hasNext();) {
- String e = (String) i.next();
-
- Element element = WSSecurityUtil.findElementById(envelope, e,
- WSConstants.WSU_NS);
- actuallySigned.add(element);
+ List wsDataRefs = (List)actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ // if header was encrypted before it was signed, protected
+ // element is 'EncryptedHeader.' the actual element is
+ // first child element
+
+ for (Iterator k = wsDataRefs.iterator(); k.hasNext();) {
+ WSDataRef wsDataRef = (WSDataRef)k.next();
+ Element protectedElement = wsDataRef.getProtectedElement();
+ if (protectedElement.getLocalName().equals("EncryptedHeader")) {
+ NodeList nodeList = protectedElement.getChildNodes();
+ for (int x = 0; x < nodeList.getLength(); x++) {
+ if (nodeList.item(x).getNodeType() == Node.ELEMENT_NODE) {
+ String ns = ((Element)nodeList.item(x)).getNamespaceURI();
+ String ln = ((Element)nodeList.item(x)).getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ break;
+ }
+ }
+ } else {
+ String ns = protectedElement.getNamespaceURI();
+ String ln = protectedElement.getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ }
}
+
}
}
[axis-axis2-java-rampart] 01/09: Create development branch for
RAMPART-252.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit a9ff0435cc08255c29f6477e34130a7dc3330169
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 13:59:55 2017 +0000
Create development branch for RAMPART-252.
[axis-axis2-java-rampart] 06/09: Merge r1240268 from trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit b258a530dd3cd3c6bef1aba7ef0007168c968a48
Merge: 1d944fb c92232d
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 15:45:48 2017 +0000
Merge r1240268 from trunk.
.../ExtendedPolicyValidatorCallbackHandler.java | 24 +
.../rampart/PolicyBasedResultsValidator.java | 694 ++++++++++---------
.../java/org/apache/rampart/RampartConstants.java | 3 +
.../java/org/apache/rampart/RampartEngine.java | 33 +-
.../org/apache/rampart/RampartMessageData.java | 54 +-
.../org/apache/rampart/TokenCallbackHandler.java | 4 +-
.../rampart/builder/AsymmetricBindingBuilder.java | 238 ++++---
.../org/apache/rampart/builder/BindingBuilder.java | 318 +++++----
.../rampart/builder/SymmetricBindingBuilder.java | 152 +++--
.../rampart/builder/TransportBindingBuilder.java | 194 +++---
.../main/java/org/apache/rampart/errors.properties | 3 +
.../rampart/handler/CertificateValidator.java | 45 ++
.../handler/PostDispatchVerificationHandler.java | 4 +-
.../apache/rampart/handler/RampartReceiver.java | 10 +-
.../apache/rampart/handler/WSDoAllReceiver.java | 39 +-
.../org/apache/rampart/handler/WSDoAllSender.java | 27 +-
.../handler/config/InflowConfiguration.java | 21 +
.../handler/config/OutflowConfiguration.java | 21 +
.../apache/rampart/policy/RampartPolicyData.java | 62 +-
.../rampart/policy/model/OptimizePartsConfig.java | 11 +-
.../apache/rampart/saml/SAML1AssertionHandler.java | 12 +-
.../org/apache/rampart/util/MessageOptimizer.java | 25 +-
.../java/org/apache/rampart/util/RampartUtil.java | 750 ++++++++++++---------
.../src/main/java/org/apache/rahas/PWCallback.java | 14 +-
.../main/java/org/apache/rampart/PWCallback.java | 18 +-
.../apache/axis2/oasis/ping/PingPortSkeleton.java | 31 +-
.../axis2/security/InteropScenarioClient.java | 7 +-
.../src/org/apache/axis2/security/PWCallback.java | 10 +-
.../org/apache/axis2/security/Scenario4Test.java | 9 +-
.../org/apache/axis2/security/Scenario5Test.java | 4 +-
.../test/java/org/apache/rampart/RampartTest.java | 4 +-
.../src/test/resources/security/s2a.service.xml | 2 +-
.../test/resources/security/s4.client.axis2.xml | 5 +-
.../src/test/resources/security/s4.service.xml | 5 +-
.../test/resources/security/s5.client.axis2.xml | 4 +-
.../org/apache/rampart/MessageBuilderTestBase.java | 3 +-
.../java/org/apache/rampart/RampartEngineTest.java | 33 +-
.../java/org/apache/rampart/TestCBHandler.java | 44 +-
.../rampart-tests/test-resources/PWCallback.java | 8 +-
.../src/main/java/org/apache/rahas/RahasData.java | 31 +-
.../java/org/apache/rahas/client/STSClient.java | 30 +-
.../main/java/org/apache/rahas/errors.properties | 5 +-
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 19 +-
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 49 +-
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 11 +-
.../org/apache/rahas/impl/SAMLTokenRenewer.java | 11 +-
.../org/apache/rahas/impl/SAMLTokenValidator.java | 6 +-
.../org/apache/rahas/impl/TokenIssuerUtil.java | 13 +-
.../org/apache/rahas/impl/util/CommonUtil.java | 140 ++++
.../org/apache/rahas/impl/util/SAML2Utils.java | 13 +-
.../java/org/apache/rahas/impl/util/SAMLUtils.java | 22 +-
.../apache/rahas/impl/SAML2TokenIssuerTest.java | 73 ++
.../org/apache/rahas/impl/util/SAMLUtilsTest.java | 37 +-
.../java/org/apache/rahas/test/util/TestUtil.java | 61 ++
pom.xml | 22 +-
55 files changed, 2059 insertions(+), 1429 deletions(-)
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 9cd2a2b,774bf38..1eab066
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@@ -556,39 -561,12 +565,37 @@@ public class PolicyBasedResultsValidato
WSSecurityEngineResult[] actionResults = fetchActionResults(results, WSConstants.SIGN);
// Find elements that are signed
- Vector actuallySigned = new Vector();
+ List<QName> actuallySigned = new ArrayList<QName>();
- if (actionResults != null) {
+ if (actionResults != null) {
+
+ AlgorithmSuite suite = rpd.getAlgorithmSuite();
+
- for (int j = 0; j < actionResults.length; j++) {
-
- WSSecurityEngineResult actionResult = actionResults[j];
+ for (WSSecurityEngineResult actionResult : actionResults) {
+ // Validate signature algorithms
+ String sigMethod = null;
+ String canonMethod = null;
+ sigMethod = (String) actionResult.get(WSSecurityEngineResult.TAG_SIGNATURE_METHOD);
+ canonMethod = (String) actionResult
+ .get(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD);
+
+ if (sigMethod == null || canonMethod == null) {
+ throw new RampartException("algorithmNotFound");
+ }
+ // Check whether signature algorithm is correct
+ if (!(sigMethod.equals(suite.getAsymmetricSignature()) || sigMethod.equals(suite
+ .getSymmetricSignature()))) {
+ throw new RampartException("invalidAlgorithm", new String[] {
+ suite.getAsymmetricSignature(), sigMethod });
+ }
+ // Check whether the canonicalization algorithm is correct
+ if (!canonMethod.equals(suite.getInclusiveC14n())) {
+ throw new RampartException("invalidAlgorithm", new String[] {
+ suite.getInclusiveC14n(), canonMethod });
+ }
+
- List wsDataRefs = (List)actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
-
+ List wsDataRefs = (List) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
// if header was encrypted before it was signed, protected
// element is 'EncryptedHeader.' the actual element is
// first child element
@@@ -995,29 -1012,13 +1041,29 @@@
.size()]);
}
+ private void validateEncryptionAlgorithm(ArrayList refList, AlgorithmSuite algorithmSuite) throws RampartException {
+
+ for (int i = 0; i < refList.size(); i++) {
+ WSDataRef dataRef = (WSDataRef) refList.get(i);
+
+ //ArrayList can contain null elements
+ if (dataRef == null) {
+ continue;
+ }
+
+ if (!(algorithmSuite.getEncryption().equals(dataRef.getAlgo()))) {
+ throw new RampartException("invalidAlgorithm", new String[]{algorithmSuite.getEncryption(), dataRef.getAlgo()});
+ }
+ }
+ }
+
private boolean isRefIdPresent(ArrayList refList , QName qname) {
-
- for (int i = 0; i < refList.size() ; i++) {
- WSDataRef dataRef = (WSDataRef)refList.get(i);
-
+
+ for (Object aRefList : refList) {
+ WSDataRef dataRef = (WSDataRef) aRefList;
+
//ArrayList can contain null elements
- if(dataRef == null) {
+ if (dataRef == null) {
continue;
}
//QName of the decrypted element
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index f8678de,acb2b73..7cc40d7
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@@ -56,13 -53,8 +56,10 @@@ import org.w3c.dom.Element
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
- import java.util.Date;
- import java.util.HashMap;
- import java.util.Iterator;
- import java.util.Vector;
+ import java.util.*;
+import javax.xml.stream.XMLStreamReader;
+
public class SymmetricBindingBuilder extends BindingBuilder {
@@@ -667,22 -655,13 +666,23 @@@
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
// Use key identifier in the KeyInfo in server side
if (!rmd.isInitiator()) {
- if(encrTok instanceof EncryptedKeyToken) {
+ if (encrTok instanceof EncryptedKeyToken) {
- encr.setUseKeyIdentifier(true);
+ // TODO was encr.setUseKeyIdentifier(true); verify
+ encr.setEncKeyIdDirectId(true);
- encr.setCustomReferenceValue(((EncryptedKeyToken)encrTok).getSHA1());
+ encr.setCustomReferenceValue(((EncryptedKeyToken) encrTok).getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- }
+ }
+ } else if (isIssuedToken) {
+ encr.setUseKeyIdentifier(true);
+ encr.setCustomReferenceValue(encrTokId);
+ encr.setKeyIdentifierType(WSConstants.SAML_ASSERTION_IDENTIFIER);
+ try {
+ // RampartUtil.insertSiblingAfter(rmd,this.timestampElement,getLLOMfromOM(encrTok.getToken()));
+ } catch (Exception e) {
+ log.debug("error while converting SAML issued token to a dom element");
+ }
}
+
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index f8ac898,8e188b1..65ee52e
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@@ -100,6 -102,5 +102,7 @@@ requiredElementsMissing = Required Elem
repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
invalidIssuerAddress = Invalid value for Issuer
+algorithmNotFound = Couldn't find the algorithm used
+invalidAlgorithm = Algorithm verification failed. Required Algorithm : {0}, Algorithm found {1}
invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
+
[axis-axis2-java-rampart] 03/09: Merge changes up to r1052171 from
trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit f20bf073a374763840ebaf2b09de79ef8b5f0758
Merge: 0455173 3ca0909
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 15:02:12 2017 +0000
Merge changes up to r1052171 from trunk.
modules/distribution/bin.xml | 17 +-
.../documentation/src/site/resources/css/site.css | 535 ++++++++++-----------
.../resources/images/apache-rampart-banner.jpg | Bin 14840 -> 27612 bytes
.../site/resources/images/apache-rampart-logo.jpg | Bin 4906 -> 10154 bytes
.../src/site/resources/images/axis.jpg | Bin 0 -> 13887 bytes
.../src/site/resources/images/axis.png | Bin 0 -> 13745 bytes
.../src/site/resources/images/breadcrumbs-bg.gif | Bin 0 -> 198 bytes
.../src/site/resources/images/h2-bg.gif | Bin 0 -> 202 bytes
.../src/site/resources/images/home-top.gif | Bin 0 -> 804 bytes
.../src/site/resources/images/leftcolumn-bg.gif | Bin 0 -> 523 bytes
.../src/site/resources/images/menu-back.gif | Bin 0 -> 827 bytes
.../src/site/resources/rampart-config.xsd | 27 +-
modules/documentation/src/site/site.xml | 61 ++-
modules/documentation/src/site/xdoc/download.xml | 124 +++--
.../src/site/xdoc/download/1.1/download.xml | 64 +--
.../src/site/xdoc/download/1.2/download.xml | 64 +--
.../src/site/xdoc/download/1.3/download.xml | 64 +--
.../src/site/xdoc/download/1.4/download.cgi | 6 +
.../src/site/xdoc/download/1.4/download.xml | 82 ++++
.../src/site/xdoc/download/1.5.1/download.cgi | 6 +
.../site/xdoc/download/{1.2 => 1.5.1}/download.xml | 235 +++++----
.../src/site/xdoc/download/1.5/download.cgi | 6 +
.../src/site/xdoc/download/1.5/download.xml | 82 ++++
.../src/site/xdoc/rampartconfig-guide.xml | 68 ++-
modules/documentation/src/site/xdoc/svn.xml | 8 +-
.../main/java/org/apache/rampart/NonceCache.java | 25 +-
.../rampart/PolicyBasedResultsValidator.java | 2 +-
.../src/main/java/org/apache/rampart/Rampart.java | 19 +-
.../java/org/apache/rampart/RampartEngine.java | 77 ++-
.../org/apache/rampart/RampartMessageData.java | 13 +-
.../rampart/builder/AsymmetricBindingBuilder.java | 10 +-
.../org/apache/rampart/builder/BindingBuilder.java | 30 +-
.../rampart/builder/TransportBindingBuilder.java | 2 +-
.../main/java/org/apache/rampart/errors.properties | 1 +
.../apache/rampart/handler/RampartReceiver.java | 20 +-
.../org/apache/rampart/handler/WSDoAllSender.java | 2 +-
.../rampart/policy/RampartPolicyBuilder.java | 2 +
.../apache/rampart/policy/RampartPolicyData.java | 10 +
.../policy/builders/RampartConfigBuilder.java | 13 +
.../rampart/policy/model/OptimizePartsConfig.java | 1 +
.../java/org/apache/rampart/util/Axis2Util.java | 8 +-
.../rampart/util/HandlerParameterDecoder.java | 2 +-
.../java/org/apache/rampart/util/RampartUtil.java | 82 +++-
modules/rampart-integration/pom.xml | 50 +-
.../test/java/org/apache/rampart/RampartTest.java | 2 +-
.../src/test/resources/rampart/policy/30.xml | 77 +++
.../src/test/resources/rampart/services-30.xml | 90 ++++
.../secpolicy/model/AbstractSecurityAssertion.java | 4 +-
.../secpolicy/model/SignedEncryptedElements.java | 6 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 10 +
.../ws/secpolicy/model/TransportBinding.java | 18 +
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 4 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy11/builders/SignedPartsBuilder.java | 12 +-
.../builders/SupportingTokensBuilder.java | 4 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 4 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 4 +-
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 4 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy12/builders/SignedPartsBuilder.java | 10 +-
.../builders/SupportingTokensBuilder.java | 4 +-
.../builders/TransportBindingBuilder.java | 3 +
.../secpolicy12/builders/UsernameTokenBuilder.java | 4 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 4 +-
modules/rampart-samples/README.txt | 4 +
modules/rampart-samples/keys/client.jks | Bin 4008 -> 4014 bytes
modules/rampart-samples/keys/service.jks | Bin 2675 -> 2683 bytes
modules/rampart-samples/keys/sts.jks | Bin 2677 -> 2683 bytes
modules/rampart-samples/policy/build.xml | 11 +
modules/rampart-samples/policy/sample06/policy.xml | 3 -
.../rampart-samples/policy/sample06/services.xml | 3 -
.../samples/policy/sample06/MexService.java | 16 +
modules/rampart-samples/policy/sample08/README.txt | 8 +
modules/rampart-samples/policy/sample08/policy.xml | 73 +++
.../rampart-samples/policy/sample08/services.xml | 127 +++++
.../rampart/samples/policy/sample08/Client.java | 94 ++++
.../samples/policy/sample08/PWCBHandler.java | 42 ++
.../samples/policy/sample08/SimpleService.java | 24 +
.../rampart-samples/policy/sample08/sts_policy.xml | 83 ++++
.../org/apache/rahas/SimpleTokenStoreTest.java | 71 ++-
.../org/apache/rampart/MessageBuilderTestBase.java | 37 +-
.../java/org/apache/rampart/NonceCacheTest.java | 14 +
...rtEngineTest.java => PolicyAssertionsTest.java} | 66 +--
.../java/org/apache/rampart/RampartEngineTest.java | 84 +++-
.../policy/rampart-asymm-required-elements-2.xml | 84 ++++
.../policy/rampart-asymm-required-elements.xml | 84 ++++
.../java/org/apache/rahas/EncryptedKeyToken.java | 23 +
.../src/main/java/org/apache/rahas/RahasData.java | 4 +
.../java/org/apache/rahas/SimpleTokenStore.java | 7 +-
.../src/main/java/org/apache/rahas/Token.java | 301 +++++++++---
.../java/org/apache/rahas/client/STSClient.java | 143 +++++-
.../main/java/org/apache/rahas/errors.properties | 1 +
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 9 +-
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 10 +-
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 23 +-
pom.xml | 128 ++---
release-docs/ChangeLog.txt | 69 ++-
release-docs/NOTICE.txt | 15 +-
release-docs/README.txt | 48 +-
release-docs/release-notes.html | 34 +-
102 files changed, 2760 insertions(+), 1081 deletions(-)
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index 2920547,3c4cda5..3ea99a2
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@@ -98,5 -98,4 +98,6 @@@ invalidTransport = Expected transport i
requiredElementsMissing = Required Elements not found in the incoming message : {0}
repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
-invalidIssuerAddress = Invalid value for Issuer
++invalidIssuerAddress = Invalid value for Issuer
+algorithmNotFound = Couldn't find the algorithm used
+invalidAlgorithm = Algorithm verification failed. Required Algorithm : {0}, Algorithm found {1}
[axis-axis2-java-rampart] 02/09: RAMPART-252: Commit patch provided
by Prabath Siriwardena.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 0455173a88c41265e65842259e7757dda9bd0188
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 14:00:51 2017 +0000
RAMPART-252: Commit patch provided by Prabath Siriwardena.
---
.../rampart/PolicyBasedResultsValidator.java | 47 +++++++++++++++++++++-
.../rampart/builder/SymmetricBindingBuilder.java | 39 ++++++++++++++++--
.../main/java/org/apache/rampart/errors.properties | 4 +-
pom.xml | 2 +-
4 files changed, 86 insertions(+), 6 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 4d5aa35..a64e287 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -453,6 +453,8 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
+ //validate the algorithms
+ validateEncryptionAlgorithm(encrRefs, rpd.getAlgorithmSuite());
//Check for encrypted body
if(rpd.isEncryptBody()&& !rpd.isEncryptBodyOptional()) {
@@ -546,6 +548,7 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
throws RampartException {
RampartMessageData rmd = data.getRampartMessageData();
+ RampartPolicyData rpd = rmd.getPolicyData();
Node envelope = rmd.getDocument().getFirstChild();
@@ -553,9 +556,35 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
// Find elements that are signed
Vector actuallySigned = new Vector();
- if (actionResults != null) {
+ if (actionResults != null) {
+
+ AlgorithmSuite suite = rpd.getAlgorithmSuite();
+
for (int j = 0; j < actionResults.length; j++) {
WSSecurityEngineResult actionResult = actionResults[j];
+
+ // Validate signature algorithms
+ String sigMethod = null;
+ String canonMethod = null;
+ sigMethod = (String) actionResult.get(WSSecurityEngineResult.TAG_SIGNATURE_METHOD);
+ canonMethod = (String) actionResult
+ .get(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD);
+
+ if (sigMethod == null || canonMethod == null) {
+ throw new RampartException("algorithmNotFound");
+ }
+ // Check whether signature algorithm is correct
+ if (!(sigMethod.equals(suite.getAsymmetricSignature()) || sigMethod.equals(suite
+ .getSymmetricSignature()))) {
+ throw new RampartException("invalidAlgorithm", new String[] {
+ suite.getAsymmetricSignature(), sigMethod });
+ }
+ // Check whether the canonicalization algorithm is correct
+ if (!canonMethod.equals(suite.getInclusiveC14n())) {
+ throw new RampartException("invalidAlgorithm", new String[] {
+ suite.getInclusiveC14n(), canonMethod });
+ }
+
Set signedIDs = (Set) actionResult
.get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
for (Iterator i = signedIDs.iterator(); i.hasNext();) {
@@ -942,6 +971,22 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
.size()]);
}
+ private void validateEncryptionAlgorithm(ArrayList refList, AlgorithmSuite algorithmSuite) throws RampartException {
+
+ for (int i = 0; i < refList.size(); i++) {
+ WSDataRef dataRef = (WSDataRef) refList.get(i);
+
+ //ArrayList can contain null elements
+ if (dataRef == null) {
+ continue;
+ }
+
+ if (!(algorithmSuite.getEncryption().equals(dataRef.getAlgo()))) {
+ throw new RampartException("invalidAlgorithm", new String[]{algorithmSuite.getEncryption(), dataRef.getAlgo()});
+ }
+ }
+ }
+
private boolean isRefIdPresent(ArrayList refList , QName qname) {
for (int i = 0; i < refList.size() ; i++) {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index abc7e27..4bdd2ed 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -17,6 +17,9 @@
package org.apache.rampart.builder;
import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -58,6 +61,8 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
+import javax.xml.stream.XMLStreamReader;
+
public class SymmetricBindingBuilder extends BindingBuilder {
@@ -538,6 +543,12 @@ public class SymmetricBindingBuilder extends BindingBuilder {
//Encryption
Token encrToken = rpd.getEncryptionToken();
+
+ boolean isIssuedToken = false;
+ if (encrToken instanceof IssuedToken) {
+ isIssuedToken = true;
+ }
+
Element encrTokElem = null;
if(sigToken.equals(encrToken)) {
//Use the same token
@@ -659,12 +670,22 @@ public class SymmetricBindingBuilder extends BindingBuilder {
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
// Use key identifier in the KeyInfo in server side
if (!rmd.isInitiator()) {
- if(encrTok instanceof EncryptedKeyToken) {
+ if (encrTok instanceof EncryptedKeyToken) {
encr.setUseKeyIdentifier(true);
- encr.setCustomReferenceValue(((EncryptedKeyToken)encrTok).getSHA1());
+ encr.setCustomReferenceValue(((EncryptedKeyToken) encrTok).getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
- }
+ }
+ } else if (isIssuedToken) {
+ encr.setUseKeyIdentifier(true);
+ encr.setCustomReferenceValue(encrTokId);
+ encr.setKeyIdentifierType(WSConstants.SAML_ASSERTION_IDENTIFIER);
+ try {
+ // RampartUtil.insertSiblingAfter(rmd,this.timestampElement,getLLOMfromOM(encrTok.getToken()));
+ } catch (Exception e) {
+ log.debug("error while converting SAML issued token to a dom element");
+ }
}
+
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
@@ -696,6 +717,18 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
+ private Element getLLOMfromOM(OMElement element) {
+ // Get the StAX reader from the created element
+ XMLStreamReader llomReader = element.getXMLStreamReader();
+ // Create the DOOM OMFactory
+ OMFactory doomFactory = DOOMAbstractFactory.getOMFactory();
+ // Create the new builder
+ StAXOMBuilder doomBuilder = new StAXOMBuilder(doomFactory, llomReader);
+ // Get the document element
+ OMElement newElem = doomBuilder.getDocumentElement();
+ return (Element) newElem;
+ }
+
/**
* @param rmd
* @param sigToken
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index 28089fb..2920547 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -97,4 +97,6 @@ unexprectedSignature = Unexpected signature
invalidTransport = Expected transport is "https" but incoming transport found : \"{0}\"
requiredElementsMissing = Required Elements not found in the incoming message : {0}
repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
-invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
\ No newline at end of file
+invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
+algorithmNotFound = Couldn't find the algorithm used
+invalidAlgorithm = Algorithm verification failed. Required Algorithm : {0}, Algorithm found {1}
diff --git a/pom.xml b/pom.xml
index cfe800c..ccfc963 100644
--- a/pom.xml
+++ b/pom.xml
@@ -369,7 +369,7 @@
<axis2.version>SNAPSHOT</axis2.version>
<addressing.mar.version>SNAPSHOT</addressing.mar.version>
- <wss4j.version>1.5.8</wss4j.version>
+ <wss4j.version>1.5.9</wss4j.version>
<xmlsec.version>1.4.2</xmlsec.version>
<opensaml.version>1.1</opensaml.version>
[axis-axis2-java-rampart] 05/09: Merge changes up to r1240267 from
trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 1d944fb18fe49ae8d07d98be0b446f3e8499d37d
Merge: 6090351 cd88d0d
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 15:16:02 2017 +0000
Merge changes up to r1240267 from trunk.
build.xml | 21 +
legal/bcprov-LICENSE.txt | 19 +
legal/commons-lang-LICENSE.txt | 202 +++++
...f4j-jdk14-LICENSE.txt => slf4j-jcl-LICENSE.txt} | 0
modules/distribution/bin.xml | 7 +-
modules/distribution/pom.xml | 93 ++-
modules/distribution/src.xml | 11 +-
modules/documentation/pom.xml | 31 +-
.../1.5 => resources/download/1.1}/download.cgi | 0
.../1.5.1 => resources/download/1.2}/download.cgi | 0
.../1.4 => resources/download/1.3}/download.cgi | 0
.../1.3 => resources/download/1.4}/download.cgi | 0
.../1.2 => resources/download/1.5.1}/download.cgi | 0
.../1.1 => resources/download/1.5.2}/download.cgi | 0
.../{xdoc => resources}/download/1.5/download.cgi | 0
.../1.5 => resources/download/1.6.0}/download.cgi | 0
.../1.5 => resources/download/1.6.1}/download.cgi | 0
.../src/site/xdoc/developer-guide.xml | 4 +-
modules/documentation/src/site/xdoc/download.xml | 35 +-
.../src/site/xdoc/download/1.5.1/download.xml | 51 +-
.../xdoc/download/{1.5.1 => 1.5.2}/download.xml | 55 +-
.../xdoc/download/{1.5.1 => 1.6.0}/download.xml | 55 +-
.../xdoc/download/{1.5.1 => 1.6.1}/download.xml | 55 +-
modules/documentation/src/site/xdoc/index.xml | 54 +-
.../src/site/xdoc/rampartconfig-guide.xml | 14 +
modules/documentation/src/site/xdoc/svn.xml | 2 +-
modules/rampart-core/pom.xml | 39 +-
.../java/org/apache/rampart/MessageBuilder.java | 14 +-
.../rampart/PolicyBasedResultsValidator.java | 8 +-
.../java/org/apache/rampart/RampartConstants.java | 3 +-
.../java/org/apache/rampart/RampartEngine.java | 160 ++--
.../java/org/apache/rampart/RampartException.java | 2 +-
.../org/apache/rampart/RampartMessageData.java | 168 ++--
.../org/apache/rampart/TokenCallbackHandler.java | 22 +-
.../rampart/builder/AsymmetricBindingBuilder.java | 33 +-
.../org/apache/rampart/builder/BindingBuilder.java | 78 +-
.../rampart/builder/SymmetricBindingBuilder.java | 82 +-
.../rampart/builder/TransportBindingBuilder.java | 38 +-
.../main/java/org/apache/rampart/errors.properties | 2 +
.../handler/PostDispatchVerificationHandler.java | 1 -
.../org/apache/rampart/handler/RampartSender.java | 17 +-
.../rampart/handler/WSSHandlerConstants.java | 2 +
.../rampart/policy/RampartPolicyBuilder.java | 31 +-
.../apache/rampart/policy/RampartPolicyData.java | 15 +-
.../policy/builders/CryptoConfigBuilder.java | 8 +-
.../policy/builders/OptimizePartsBuilder.java | 2 +-
.../policy/builders/RampartConfigBuilder.java | 2 +-
.../rampart/policy/builders/SSLConfigBuilder.java | 2 +-
.../apache/rampart/policy/model/CryptoConfig.java | 27 +-
.../rampart/policy/model/OptimizePartsConfig.java | 4 +-
.../apache/rampart/policy/model/RampartConfig.java | 3 +
.../org/apache/rampart/policy/model/SSLConfig.java | 3 +
.../apache/rampart/saml/SAML1AssertionHandler.java | 84 ++
.../apache/rampart/saml/SAML2AssertionHandler.java | 111 +++
.../apache/rampart/saml/SAMLAssertionHandler.java | 92 +++
.../rampart/saml/SAMLAssertionHandlerFactory.java | 37 +
.../java/org/apache/rampart/util/Axis2Util.java | 66 +-
.../java/org/apache/rampart/util/RampartUtil.java | 272 +++---
modules/rampart-integration/pom.xml | 918 +++++++++------------
.../rahas/RahasSAML2TokenCertForHoKTest.java | 1 -
.../java/org/apache/rahas/RahasSAML2TokenTest.java | 1 -
...st.java => RahasSAML2TokenUTForBearerTest.java} | 82 +-
.../apache/rahas/RahasSAMLTokenAttributeTest.java | 4 +-
.../apache/rahas/RahasSAMLTokenCertForHoKTest.java | 6 +-
.../rahas/RahasSAMLTokenCertForHoKV1205Test.java | 4 +-
.../java/org/apache/rahas/RahasSAMLTokenTest.java | 5 +-
.../rahas/RahasSAMLTokenUTForBearerTest.java | 59 +-
.../rahas/RahasSAMLTokenUTForBearerV1205Test.java | 4 +-
.../apache/rahas/RahasSAMLTokenUTForHoKTest.java | 4 +-
.../rahas/RahasSAMLTokenUTForHoKV1205Test.java | 4 +-
.../org/apache/rahas/RahasSAMLTokenV1205Test.java | 5 +-
.../java/org/apache/rahas/SAMLDataProvider.java | 36 +-
.../test/java/org/apache/rampart/RampartTest.java | 99 ++-
.../log4j.properties} | 55 +-
.../src/test/resources/rampart/policy/16.xml | 4 +-
.../src/test/resources/rampart/policy/3.xml | 2 +-
.../src/test/resources/rampart/policy/30.xml | 4 +-
.../resources/rampart/policy/{3.xml => 31.xml} | 148 ++--
.../resources/rampart/policy/{30.xml => 32.xml} | 63 +-
.../src/test/resources/rampart/policy/33.xml | 103 +++
.../src/test/resources/rampart/policy/34.xml | 102 +++
.../src/test/resources/rampart/policy/sc-4.xml | 123 +++
.../src/test/resources/rampart/policy/sc-5.xml | 131 +++
.../src/test/resources/rampart/policy/sc-6.xml | 98 +++
.../src/test/resources/rampart/services-16.xml | 4 +-
.../src/test/resources/rampart/services-3.xml | 2 +-
.../src/test/resources/rampart/services-30.xml | 4 +-
.../rampart/{policy/3.xml => services-31.xml} | 184 +++--
.../src/test/resources/rampart/services-32.xml | 128 +++
.../src/test/resources/rampart/services-33.xml | 140 ++++
.../rampart/{services-30.xml => services-34.xml} | 79 +-
.../src/test/resources/rampart/services-sc-4.xml | 177 ++++
.../src/test/resources/rampart/services-sc-5.xml | 186 +++++
.../src/test/resources/rampart/services-sc-6.xml | 154 ++++
modules/rampart-mar/module.xml | 6 +
modules/rampart-mar/pom.xml | 242 +++---
modules/rampart-policy/pom.xml | 31 +-
.../org.apache.neethi.builders.AssertionBuilder | 3 +-
.../java/org/apache/ws/secpolicy/SPConstants.java | 6 +
.../secpolicy/model/AbstractSecurityAssertion.java | 50 +-
.../apache/ws/secpolicy/model/AlgorithmSuite.java | 40 +-
.../ws/secpolicy/model/AsymmetricBinding.java | 44 +-
.../secpolicy/model/ContentEncryptedElements.java | 25 +-
.../apache/ws/secpolicy/model/EncryptionToken.java | 42 +-
.../org/apache/ws/secpolicy/model/HttpsToken.java | 20 +-
.../apache/ws/secpolicy/model/InitiatorToken.java | 20 +-
.../org/apache/ws/secpolicy/model/IssuedToken.java | 50 +-
.../java/org/apache/ws/secpolicy/model/Layout.java | 23 +-
.../apache/ws/secpolicy/model/ProtectionToken.java | 42 +-
.../apache/ws/secpolicy/model/RecipientToken.java | 20 +-
.../ws/secpolicy/model/RequiredElements.java | 25 +-
.../apache/ws/secpolicy/model/RequiredParts.java | 15 +-
.../secpolicy/model/SecureConversationToken.java | 52 +-
.../apache/ws/secpolicy/model/SignatureToken.java | 44 +-
.../secpolicy/model/SignedEncryptedElements.java | 17 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 21 +-
.../apache/ws/secpolicy/model/SupportingToken.java | 23 +-
.../ws/secpolicy/model/SymmetricBinding.java | 40 +-
.../ws/secpolicy/model/TransportBinding.java | 25 +-
.../apache/ws/secpolicy/model/TransportToken.java | 22 +-
.../org/apache/ws/secpolicy/model/Trust10.java | 34 +-
.../org/apache/ws/secpolicy/model/Trust13.java | 41 +-
.../apache/ws/secpolicy/model/UsernameToken.java | 42 +-
.../java/org/apache/ws/secpolicy/model/Wss10.java | 33 +-
.../java/org/apache/ws/secpolicy/model/Wss11.java | 40 +-
.../org/apache/ws/secpolicy/model/X509Token.java | 39 +-
.../builders/AlgorithmSuiteBuilder.java | 2 +-
.../builders/AsymmetricBindingBuilder.java | 2 +-
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 2 +-
.../builders/InitiatorTokenBuilder.java | 2 +-
.../secpolicy11/builders/IssuedTokenBuilder.java | 2 +-
.../ws/secpolicy11/builders/LayoutBuilder.java | 2 +-
.../builders/ProtectionTokenBuilder.java | 2 +-
.../builders/RecipientTokenBuilder.java | 2 +-
.../builders/RequiredElementsBuilder.java | 4 +-
.../builders/SecureConversationTokenBuilder.java | 2 +-
.../builders/SecurityContextTokenBuilder.java | 2 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy11/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 2 +-
.../builders/SymmetricBindingBuilder.java | 2 +-
.../builders/TransportBindingBuilder.java | 2 +-
.../builders/TransportTokenBuilder.java | 10 +-
.../ws/secpolicy11/builders/Trust10Builder.java | 2 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 2 +-
.../ws/secpolicy11/builders/WSS10Builder.java | 2 +-
.../ws/secpolicy11/builders/WSS11Builder.java | 2 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 2 +-
.../builders/AlgorithmSuiteBuilder.java | 2 +-
.../builders/AsymmetricBindingBuilder.java | 2 +-
.../builders/ContentEncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 2 +-
.../ws/secpolicy12/builders/HttpsTokenBuilder.java | 34 +-
.../builders/InitiatorTokenBuilder.java | 2 +-
.../secpolicy12/builders/IssuedTokenBuilder.java | 2 +-
.../ws/secpolicy12/builders/LayoutBuilder.java | 2 +-
.../builders/ProtectionTokenBuilder.java | 2 +-
.../builders/RecipientTokenBuilder.java | 2 +-
.../builders/RequiredElementsBuilder.java | 4 +-
.../secpolicy12/builders/RequiredPartsBuilder.java | 2 +-
.../builders/SecureConversationTokenBuilder.java | 2 +-
.../builders/SecurityContextTokenBuilder.java | 2 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy12/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 2 +-
.../builders/SymmetricBindingBuilder.java | 2 +-
.../builders/TransportBindingBuilder.java | 2 +-
.../builders/TransportTokenBuilder.java | 52 +-
.../ws/secpolicy12/builders/Trust13Builder.java | 2 +-
.../secpolicy12/builders/UsernameTokenBuilder.java | 2 +-
.../ws/secpolicy12/builders/WSS10Builder.java | 2 +-
.../ws/secpolicy12/builders/WSS11Builder.java | 2 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 2 +-
modules/rampart-samples/basic/build.xml | 40 +-
modules/rampart-samples/policy/build.xml | 62 +-
modules/rampart-tests/pom.xml | 45 +-
.../rahas/TokenRequestDispatcherConfigTest.java | 28 +-
.../rampart/AsymmetricBindingBuilderTest.java | 357 ++++----
.../org/apache/rampart/MessageBuilderTestBase.java | 14 +-
.../rampart/SymmetricBindingBuilderTest.java | 233 +++---
.../rampart/TransportBindingBuilderTest.java | 132 ++-
.../rampart/policy/model/RampartPolicyTest.java | 89 +-
.../ws/secpolicy/model/SecpolicyModelTest.java | 82 +-
.../test-resources/log4j.properties} | 55 +-
modules/rampart-trust-mar/module.xml | 17 +-
modules/rampart-trust-mar/pom.xml | 108 +--
modules/rampart-trust/pom.xml | 51 +-
.../java/org/apache/rahas/EncryptedKeyToken.java | 48 +-
.../src/main/java/org/apache/rahas/Rahas.java | 61 ++
.../main/java/org/apache/rahas/RahasConstants.java | 15 +-
.../src/main/java/org/apache/rahas/RahasData.java | 40 +-
.../org/apache/rahas/RampartSAMLBootstrap.java | 102 +++
.../java/org/apache/rahas/STSMessageReceiver.java | 2 +-
.../java/org/apache/rahas/SimpleTokenStore.java | 15 +-
.../src/main/java/org/apache/rahas/Token.java | 54 +-
.../org/apache/rahas/TokenRequestDispatcher.java | 37 +-
.../main/java/org/apache/rahas/TokenStorage.java | 8 +-
.../src/main/java/org/apache/rahas/TrustUtil.java | 145 ++--
.../java/org/apache/rahas/client/STSClient.java | 103 ++-
.../main/java/org/apache/rahas/errors.properties | 12 +-
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 141 ++--
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 774 ++++++++---------
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 123 ++-
.../org/apache/rahas/impl/SAMLTokenRenewer.java | 192 ++---
.../org/apache/rahas/impl/SAMLTokenValidator.java | 292 ++++---
.../main/java/org/apache/rahas/impl/SCTIssuer.java | 23 +-
.../org/apache/rahas/impl/TokenCancelerConfig.java | 14 +-
.../apache/rahas/impl/util/AxiomParserPool.java | 52 ++
.../org/apache/rahas/impl/util/CommonUtil.java | 48 ++
.../org/apache/rahas/impl/util/SAML2Utils.java | 24 +-
.../rahas/impl/util/SAMLAttributeCallback.java | 77 +-
.../org/apache/rahas/impl/util/SAMLCallback.java | 32 +-
.../rahas/impl/util/SAMLCallbackHandler.java | 28 +-
.../impl/util/SAMLNameIdentifierCallback.java | 58 +-
.../java/org/apache/rahas/impl/util/SAMLUtils.java | 768 ++++++++++++++++-
.../org/apache/rahas/impl/util/SignKeyHolder.java | 2 +-
.../org/apache/rahas/impl/util/SAMLUtilsTest.java | 375 +++++++++
.../rampart-trust/src/test/resources/crypto.config | 5 +
.../rampart-trust/src/test/resources/keystore.jks | Bin 0 -> 2191 bytes
pom.xml | 336 ++++----
release-docs/ChangeLog.txt | 21 +
release-docs/README.txt | 48 +-
release-docs/release-notes.html | 18 +-
225 files changed, 7654 insertions(+), 4391 deletions(-)
diff --cc modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index 3ea99a2,cdbbc4a..f8ac898
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@@ -99,5 -100,4 +100,6 @@@ requiredElementsMissing = Required Elem
repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
invalidIssuerAddress = Invalid value for Issuer
-invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
+algorithmNotFound = Couldn't find the algorithm used
+invalidAlgorithm = Algorithm verification failed. Required Algorithm : {0}, Algorithm found {1}
++invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
[axis-axis2-java-rampart] 07/09: Merge latest changes from trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-252
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit f505eb58bd4b003850dd07f82bac8f1732c84889
Merge: b258a53 397cc84
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 15:59:32 2017 +0000
Merge latest changes from trunk.
release-docs/LICENSE.txt => LICENSE | 0
release-docs/NOTICE.txt => NOTICE | 0
release-docs/README.txt => README | 0
apidocs/pom.xml | 117 +++
apidocs/src/main/assembly/apidocs.xml | 32 +
build.xml | 181 ----
code-coverage/pom.xml | 188 ++++
etc/dist.py | 45 +
legal/esapi-LICENSE.txt | 12 +
modules/distribution/bin.xml | 56 +-
modules/distribution/pom.xml | 81 +-
modules/distribution/src.xml | 78 +-
.../distribution/src/main/files}/build.xml | 2 +-
modules/documentation/pom.xml | 52 -
.../src/site/resources/css/maven-base.css | 143 ---
.../src/site/resources/css/maven-theme.css | 129 ---
.../documentation/src/site/resources/css/print.css | 7 -
.../documentation/src/site/resources/css/site.css | 272 ------
.../documentation/src/site/resources/css/style.css | 184 ----
.../src/site/resources/download/1.1/download.cgi | 6 -
.../src/site/resources/download/1.2/download.cgi | 6 -
.../src/site/resources/download/1.3/download.cgi | 6 -
.../src/site/resources/download/1.4/download.cgi | 6 -
.../src/site/resources/download/1.5.1/download.cgi | 6 -
.../src/site/resources/download/1.5.2/download.cgi | 6 -
.../src/site/resources/download/1.5/download.cgi | 6 -
.../src/site/resources/download/1.6.0/download.cgi | 6 -
.../src/site/resources/download/1.6.1/download.cgi | 6 -
.../images/apache-rampart-banner-background.jpg | Bin 373 -> 0 bytes
.../resources/images/apache-rampart-banner.jpg | Bin 27612 -> 0 bytes
.../images/apache-rampart-content-back.jpg | Bin 309 -> 0 bytes
.../site/resources/images/apache-rampart-logo.jpg | Bin 10154 -> 0 bytes
.../images/apache-rampart-menu-bottom.jpg | Bin 381 -> 0 bytes
.../images/apache-rampart-menu-button.gif | Bin 192 -> 0 bytes
.../resources/images/apache-rampart-menu-top.jpg | Bin 633 -> 0 bytes
.../site/resources/images/apache-rampart-menu.jpg | Bin 1221 -> 0 bytes
.../resources/images/apache-rampart-spliter.jpg | Bin 650 -> 0 bytes
.../src/site/resources/images/axis.jpg | Bin 13887 -> 0 bytes
.../src/site/resources/images/axis.png | Bin 13745 -> 0 bytes
.../src/site/resources/images/breadcrumbs-bg.gif | Bin 198 -> 0 bytes
.../src/site/resources/images/external.png | Bin 230 -> 0 bytes
.../src/site/resources/images/h2-bg.gif | Bin 202 -> 0 bytes
.../src/site/resources/images/home-top.gif | Bin 804 -> 0 bytes
.../src/site/resources/images/leftcolumn-bg.gif | Bin 523 -> 0 bytes
.../images/logos/build-by-maven-black.png | Bin 2294 -> 0 bytes
.../images/logos/build-by-maven-white.png | Bin 2260 -> 0 bytes
.../site/resources/images/logos/maven-feather.png | Bin 3330 -> 0 bytes
.../src/site/resources/images/menu-back.gif | Bin 827 -> 0 bytes
modules/documentation/src/site/site.xml | 79 --
modules/documentation/src/site/xdoc/download.xml | 126 ---
.../src/site/xdoc/download/1.1/download.xml | 97 --
.../src/site/xdoc/download/1.2/download.xml | 97 --
.../src/site/xdoc/download/1.3/download.xml | 97 --
.../src/site/xdoc/download/1.4/download.xml | 82 --
.../src/site/xdoc/download/1.5.1/download.xml | 115 ---
.../src/site/xdoc/download/1.5.2/download.xml | 115 ---
.../src/site/xdoc/download/1.5/download.xml | 82 --
.../src/site/xdoc/download/1.6.0/download.xml | 115 ---
.../src/site/xdoc/download/1.6.1/download.xml | 115 ---
modules/documentation/src/site/xdoc/index.xml | 99 --
modules/rampart-core/pom.xml | 79 +-
.../ExtendedPolicyValidatorCallbackHandler.java | 1 -
.../main/java/org/apache/rampart/NonceCache.java | 6 +-
.../rampart/PolicyBasedResultsValidator.java | 69 +-
.../java/org/apache/rampart/RampartEngine.java | 296 ++++--
.../org/apache/rampart/RampartMessageData.java | 109 +--
.../rampart/builder/AsymmetricBindingBuilder.java | 14 +-
.../org/apache/rampart/builder/BindingBuilder.java | 138 ++-
.../rampart/builder/TransportBindingBuilder.java | 80 ++
.../handler/PostDispatchVerificationHandler.java | 9 +-
.../handler/RampartUsernameTokenValidator.java | 71 ++
.../org/apache/rampart/handler/WSDoAllHandler.java | 210 ----
.../apache/rampart/handler/WSDoAllReceiver.java | 388 --------
.../org/apache/rampart/handler/WSDoAllSender.java | 281 ------
.../handler/config/InflowConfiguration.java | 202 ----
.../handler/config/OutflowConfiguration.java | 621 ------------
.../rampart/policy/RampartPolicyBuilder.java | 37 +-
.../apache/rampart/policy/RampartPolicyData.java | 10 +-
.../rampart/policy/SupportingPolicyData.java | 99 +-
.../policy/builders/KerberosConfigBuilder.java | 100 ++
.../policy/builders/RampartConfigBuilder.java | 17 +
.../rampart/policy/model/KerberosConfig.java | 361 +++++++
.../apache/rampart/policy/model/RampartConfig.java | 64 +-
.../java/org/apache/rampart/util/Axis2Util.java | 29 +-
.../rampart/util/HandlerParameterDecoder.java | 292 ------
.../java/org/apache/rampart/util/RampartUtil.java | 149 ++-
.../org.apache.neethi.builders.AssertionBuilder | 3 +-
.../org/apache/rampart/errors.properties | 9 +
.../policy/builders/KerberosConfigBuilderTest.java | 121 +++
.../org/apache/rampart/util/RampartUtilTest.java | 44 +
.../rampart/policy/builders/kerberosConfig.policy | 22 +
.../apache/rampart/util/soap11-invalid-fault.xml | 9 +
.../apache/rampart/util/soap11-security-fault.xml | 10 +
.../apache/rampart/util/soap12-security-fault.xml | 17 +
modules/rampart-integration/pom.xml | 553 +++++------
.../apache/axis2/integration/TestConstants.java | 25 +
.../org/apache/axis2/integration/UtilServer.java | 244 -----
.../axis2/integration/UtilServerBasedTestCase.java | 68 --
.../src/main/java/org/apache/rahas/PWCallback.java | 35 +-
.../src/main/java/org/apache/rahas/TestClient.java | 136 +--
.../src/main/resources/ping/ping.wsdl | 68 --
.../apache/axis2/oasis/ping/PingPortSkeleton.java | 79 --
.../axis2/security/InteropScenarioClient.java | 179 ----
.../src/org/apache/axis2/security/PWCallback.java | 185 ----
.../axis2/security/AddressingMTOMSecurityTest.java | 125 ---
.../org/apache/axis2/security/InteropTestBase.java | 239 -----
.../axis2/security/MTOMOptimizedSecurityTest.java | 119 ---
.../org/apache/axis2/security/Scenario1Test.java | 68 --
.../org/apache/axis2/security/Scenario2Test.java | 105 --
.../org/apache/axis2/security/Scenario2aTest.java | 99 --
.../org/apache/axis2/security/Scenario3Test.java | 119 ---
.../org/apache/axis2/security/Scenario4Test.java | 126 ---
.../org/apache/axis2/security/Scenario5Test.java | 113 ---
.../org/apache/axis2/security/Scenario6Test.java | 114 ---
.../org/apache/axis2/security/Scenario7Test.java | 141 ---
.../rahas/RahasSAML2TokenCertForHoKTest.java | 48 +-
.../java/org/apache/rahas/RahasSAML2TokenTest.java | 39 +-
.../rahas/RahasSAML2TokenUTForBearerTest.java | 33 +-
.../apache/rahas/RahasSAMLTokenAttributeTest.java | 31 +-
.../apache/rahas/RahasSAMLTokenCertForHoKTest.java | 36 +-
.../rahas/RahasSAMLTokenCertForHoKV1205Test.java | 52 +-
.../java/org/apache/rahas/RahasSAMLTokenTest.java | 40 +-
.../rahas/RahasSAMLTokenUTForBearerTest.java | 33 +-
.../rahas/RahasSAMLTokenUTForBearerV1205Test.java | 34 +-
.../apache/rahas/RahasSAMLTokenUTForHoKTest.java | 31 +-
.../rahas/RahasSAMLTokenUTForHoKV1205Test.java | 39 +-
.../org/apache/rahas/RahasSAMLTokenV1205Test.java | 36 +-
.../apache/rampart/KerberosDelegationService.java | 78 ++
.../KerberosDelegationServiceValidator.java | 46 +
.../org/apache/rampart/RampartKerberosTest.java | 296 ++++++
.../test/java/org/apache/rampart/RampartTest.java | 127 ++-
.../org/apache/rampart/util/KerberosServer.java | 207 ++++
.../rampart/util/KerberosTokenDecoderImpl.java | 156 +++
.../src/test/resources/conf/axis2.xml | 53 +-
.../src/test/resources/kerberos/alice.keytab | Bin 0 -> 666 bytes
.../src/test/resources/kerberos/bob.keytab | Bin 0 -> 328 bytes
.../src/test/resources/kerberos/jaas.conf | 49 +
.../src/test/resources/kerberos/krb5.conf.template | 8 +
.../src/test/resources/kerberos/readme | 9 +
.../src/test/resources/kerberos/users.ldif | 60 ++
.../src/test/resources/log4j.properties | 6 +
.../src/test/resources/rahas/1.xml} | 25 +-
.../src/test/resources/rahas/3.xml | 37 +
.../src/test/resources/rahas/issuer.properties | 4 -
.../src/test/resources/rahas/rahas-sec.properties | 5 -
.../src/test/resources/rahas/s1-services.xml | 92 +-
.../src/test/resources/rahas/s3-services.xml | 50 +-
.../src/test/resources/rahas/s5-services.xml | 52 +-
.../src/test/resources/rahas/saml.s1.properties | 9 -
.../src/test/resources/rahas/samlIssuer.properties | 4 -
.../rampart/kerberos/KerberosDelegation.xml | 86 ++
.../kerberos/KerberosOverTransportKeytab.xml | 85 ++
.../rampart/kerberos/KerberosOverTransportPWCB.xml | 88 ++
.../src/test/resources/rampart/policy/35.xml | 76 ++
.../src/test/resources/rampart/services-35.xml | 94 ++
.../resources/security/complete.client.axis2.xml | 133 ---
.../resources/security/complete.service.axis2.xml | 142 ---
.../test/resources/security/complete.service.xml | 31 -
.../test/resources/security/s1.client.axis2.xml | 109 ---
.../test/resources/security/s1.service.axis2.xml | 134 ---
.../src/test/resources/security/s1.service.xml | 15 -
.../test/resources/security/s2.client.axis2.xml | 118 ---
.../test/resources/security/s2.service.axis2.xml | 134 ---
.../src/test/resources/security/s2.service.xml | 16 -
.../test/resources/security/s2a.client.axis2.xml | 116 ---
.../test/resources/security/s2a.service.axis2.xml | 133 ---
.../src/test/resources/security/s2a.service.xml | 16 -
.../test/resources/security/s3.client.axis2.xml | 127 ---
.../test/resources/security/s3.service.axis2.xml | 133 ---
.../src/test/resources/security/s3.service.xml | 31 -
.../test/resources/security/s4.client.axis2.xml | 125 ---
.../test/resources/security/s4.service.axis2.xml | 134 ---
.../src/test/resources/security/s4.service.xml | 31 -
.../test/resources/security/s5.client.axis2.xml | 122 ---
.../test/resources/security/s5.service.axis2.xml | 135 ---
.../src/test/resources/security/s5.service.xml | 16 -
.../test/resources/security/s6.client.axis2.xml | 125 ---
.../test/resources/security/s6.service.axis2.xml | 135 ---
.../src/test/resources/security/s6.service.xml | 29 -
.../test/resources/security/s7.client.axis2.xml | 125 ---
.../test/resources/security/s7.service.axis2.xml | 136 ---
.../src/test/resources/security/s7.service.xml | 31 -
.../test/resources/security/sST1.client.axis2.xml | 109 ---
.../test/resources/security/sST1.service.axis2.xml | 135 ---
.../src/test/resources/security/sST1.service.xml | 14 -
.../src/test/resources/security/sc/s1-services.xml | 84 --
.../src/test/resources/security/sc/s2-services.xml | 64 --
.../src/test/resources/security/sc/s3-services.xml | 66 --
.../src/test/resources/security/sc/s4-services.xml | 67 --
.../resources/security/sc/sctIssuer.properties | 4 -
.../src/test/resources/security/sc/sec.jks | Bin 5467 -> 0 bytes
.../src/test/resources/security/sc/sec.properties | 5 -
.../src/test/resources/security/sc/sts.jks | Bin 4759 -> 0 bytes
.../resources/security/secMtom.client.axis2.xml | 126 ---
.../resources/security/secMtom.service.axis2.xml | 136 ---
.../test/resources/security/secMtom.service.xml | 31 -
modules/rampart-mar/module.xml | 12 -
modules/rampart-mar/pom.xml | 25 +-
modules/rampart-policy/pom.xml | 58 +-
.../java/org/apache/ws/secpolicy/Constants.java | 4 +
.../org/apache/ws/secpolicy/SP11Constants.java | 9 +
.../org/apache/ws/secpolicy/SP12Constants.java | 9 +
.../java/org/apache/ws/secpolicy/SPConstants.java | 5 +-
.../AbstractConfigurableSecurityAssertion.java | 6 +-
.../secpolicy/model/AbstractSecurityAssertion.java | 3 -
.../ws/secpolicy/model/AsymmetricBinding.java | 5 +-
.../secpolicy/model/ContentEncryptedElements.java | 13 +-
.../apache/ws/secpolicy/model/KerberosToken.java | 152 +++
.../ws/secpolicy/model/RequiredElements.java | 10 +-
.../apache/ws/secpolicy/model/RequiredParts.java | 9 +-
.../secpolicy/model/SignedEncryptedElements.java | 12 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 8 +-
.../apache/ws/secpolicy/model/SupportingToken.java | 8 +-
.../ws/secpolicy/model/SymmetricBinding.java | 79 +-
.../ws/secpolicy/model/TransportBinding.java | 11 +-
.../org/apache/ws/secpolicy/model/Trust10.java | 1 -
.../org/apache/ws/secpolicy/model/Trust13.java | 1 -
.../apache/ws/secpolicy/model/UsernameToken.java | 61 +-
.../builders/AlgorithmSuiteBuilder.java | 8 +-
.../builders/AsymmetricBindingBuilder.java | 10 +-
.../builders/EncryptionTokenBuilder.java | 65 ++
.../builders/InitiatorTokenBuilder.java | 8 +-
.../secpolicy11/builders/IssuedTokenBuilder.java | 10 +-
.../secpolicy11/builders/KerberosTokenBuilder.java | 84 ++
.../ws/secpolicy11/builders/LayoutBuilder.java | 10 +-
.../builders/ProtectionTokenBuilder.java | 6 +-
.../builders/RecipientTokenBuilder.java | 10 +-
.../builders/SignatureTokenBuilder.java | 65 ++
.../secpolicy11/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 10 +-
.../builders/SymmetricBindingBuilder.java | 77 +-
.../builders/TransportBindingBuilder.java | 10 +-
.../builders/TransportTokenBuilder.java | 11 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 12 +-
.../ws/secpolicy11/builders/WSS10Builder.java | 10 +-
.../ws/secpolicy11/builders/WSS11Builder.java | 10 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 10 +-
.../builders/AlgorithmSuiteBuilder.java | 10 +-
.../builders/AsymmetricBindingBuilder.java | 10 +-
.../builders/EncryptionTokenBuilder.java | 65 ++
.../ws/secpolicy12/builders/HttpsTokenBuilder.java | 10 +-
.../builders/InitiatorTokenBuilder.java | 8 +-
.../secpolicy12/builders/IssuedTokenBuilder.java | 10 +-
.../secpolicy12/builders/KerberosTokenBuilder.java | 84 ++
.../ws/secpolicy12/builders/LayoutBuilder.java | 10 +-
.../builders/ProtectionTokenBuilder.java | 6 +-
.../builders/RecipientTokenBuilder.java | 8 +-
.../builders/SignatureTokenBuilder.java | 65 ++
.../secpolicy12/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 10 +-
.../builders/SymmetricBindingBuilder.java | 77 +-
.../builders/TransportBindingBuilder.java | 10 +-
.../builders/TransportTokenBuilder.java | 8 +-
.../secpolicy12/builders/UsernameTokenBuilder.java | 8 +-
.../ws/secpolicy12/builders/WSS10Builder.java | 10 +-
.../ws/secpolicy12/builders/WSS11Builder.java | 10 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 10 +-
.../org.apache.neethi.builders.AssertionBuilder | 8 +-
.../apache/ws/secpolicy/KerberosPolicyTest.java | 212 ++++
.../src/test/resources/policy/kerberos-11.xml | 16 +
.../src/test/resources/policy/kerberos-12.xml | 16 +
.../src/test/resources/policy/kerberos-gss-11.xml | 16 +
.../src/test/resources/policy/kerberos-gss-12.xml | 16 +
.../resources/policy/kerberos-gss-keyref-11.xml | 18 +
.../resources/policy/kerberos-gss-keyref-12.xml | 17 +
.../test/resources/policy/kerberos-keyref-11.xml | 17 +
.../test/resources/policy/kerberos-keyref-12.xml | 17 +
modules/rampart-samples/README.txt | 4 +-
modules/rampart-samples/basic/README.txt | 44 -
modules/rampart-samples/basic/build.xml | 265 -----
modules/rampart-samples/basic/sample01/README.txt | 6 -
.../basic/sample01/client.axis2.xml | 455 ---------
.../rampart-samples/basic/sample01/services.xml | 27 -
.../apache/rampart/samples/sample01/Client.java | 62 --
.../rampart/samples/sample01/SimpleService.java | 24 -
modules/rampart-samples/basic/sample02/README.txt | 10 -
.../basic/sample02/client.axis2.xml | 464 ---------
.../rampart-samples/basic/sample02/services.xml | 33 -
.../apache/rampart/samples/sample02/Client.java | 62 --
.../rampart/samples/sample02/PWCBHandler.java | 40 -
.../rampart/samples/sample02/SimpleService.java | 25 -
modules/rampart-samples/basic/sample03/README.txt | 12 -
.../basic/sample03/client.axis2.xml | 465 ---------
.../rampart-samples/basic/sample03/services.xml | 33 -
.../apache/rampart/samples/sample03/Client.java | 62 --
.../rampart/samples/sample03/PWCBHandler.java | 51 -
.../rampart/samples/sample03/SimpleService.java | 36 -
modules/rampart-samples/basic/sample04/README.txt | 7 -
.../basic/sample04/client.axis2.xml | 473 ---------
.../rampart-samples/basic/sample04/services.xml | 44 -
.../apache/rampart/samples/sample04/Client.java | 62 --
.../rampart/samples/sample04/PWCBHandler.java | 43 -
.../rampart/samples/sample04/SimpleService.java | 25 -
modules/rampart-samples/basic/sample05/README.txt | 7 -
.../basic/sample05/client.axis2.xml | 472 ---------
.../rampart-samples/basic/sample05/services.xml | 45 -
.../apache/rampart/samples/sample05/Client.java | 62 --
.../rampart/samples/sample05/PWCBHandler.java | 43 -
.../rampart/samples/sample05/SimpleService.java | 25 -
modules/rampart-samples/basic/sample06/README.txt | 8 -
.../basic/sample06/client.axis2.xml | 478 ---------
.../rampart-samples/basic/sample06/services.xml | 47 -
.../apache/rampart/samples/sample06/Client.java | 62 --
.../rampart/samples/sample06/PWCBHandler.java | 43 -
.../rampart/samples/sample06/SimpleService.java | 25 -
modules/rampart-samples/basic/sample07/README.txt | 8 -
.../basic/sample07/client.axis2.xml | 477 ---------
.../rampart-samples/basic/sample07/services.xml | 46 -
.../apache/rampart/samples/sample07/Client.java | 62 --
.../rampart/samples/sample07/PWCBHandler.java | 43 -
.../rampart/samples/sample07/SimpleService.java | 25 -
modules/rampart-samples/basic/sample08/README.txt | 10 -
.../basic/sample08/client.axis2.xml | 478 ---------
.../rampart-samples/basic/sample08/services.xml | 35 -
.../apache/rampart/samples/sample08/Client.java | 62 --
.../rampart/samples/sample08/PWCBHandler.java | 43 -
.../rampart/samples/sample08/SimpleService.java | 25 -
modules/rampart-samples/basic/sample09/README.txt | 8 -
.../basic/sample09/client.axis2.xml | 476 ---------
.../rampart-samples/basic/sample09/services.xml | 46 -
.../apache/rampart/samples/sample09/Client.java | 62 --
.../rampart/samples/sample09/PWCBHandler.java | 50 -
.../rampart/samples/sample09/SimpleService.java | 25 -
modules/rampart-samples/basic/sample10/README.txt | 8 -
.../basic/sample10/client.axis2.xml | 481 ---------
.../rampart-samples/basic/sample10/services.xml | 47 -
.../apache/rampart/samples/sample10/Client.java | 62 --
.../rampart/samples/sample10/PWCBHandler.java | 43 -
.../rampart/samples/sample10/SimpleService.java | 25 -
modules/rampart-samples/basic/sample11/README.txt | 8 -
.../rampart-samples/basic/sample11/services.xml | 46 -
.../apache/rampart/samples/sample11/Client.java | 98 --
.../rampart/samples/sample11/PWCBHandler.java | 43 -
.../rampart/samples/sample11/SimpleService.java | 25 -
modules/rampart-samples/build.xml | 49 -
modules/rampart-samples/keys/service.jks | Bin 2683 -> 3307 bytes
modules/rampart-samples/policy/build.xml | 50 +-
.../apache/rampart/tomcat/sample/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample01/README.txt | 14 +-
.../rampart-samples/policy/sample01/services.xml | 3 +-
.../rampart/samples/policy/sample01/Client.java | 7 +-
.../samples/policy/sample01/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample02/Client.java | 7 +-
.../samples/policy/sample02/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample03/Client.java | 7 +-
.../samples/policy/sample03/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample04/Client.java | 7 +-
.../samples/policy/sample04/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample05/policy.xml | 2 +-
.../rampart/samples/policy/sample05/Client.java | 18 +-
.../samples/policy/sample05/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample06/policy.xml | 6 +-
.../rampart-samples/policy/sample06/services.xml | 2 +-
.../rampart/samples/policy/sample06/Client.java | 17 +-
.../samples/policy/sample06/MexService.java | 9 +-
.../samples/policy/sample06/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample07/Client.java | 7 +-
.../samples/policy/sample07/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample08/policy.xml | 2 +-
.../rampart/samples/policy/sample08/Client.java | 24 +-
.../samples/policy/sample08/PWCBHandler.java | 2 +-
modules/rampart-samples/pom.xml | 182 ++++
.../src/test/conf}/log4j.properties | 49 +-
.../apache/rampart/samples/runner/Controller.java | 82 ++
.../org/apache/rampart/samples/runner/Logger.java | 38 +
.../org/apache/rampart/samples/runner/Sample.java | 64 ++
.../apache/rampart/samples/runner/SampleTest.java | 49 +
.../rampart/samples/runner/ServerRunner.java | 43 +
.../rampart/samples/runner/ServerWatcher.java | 86 ++
modules/rampart-tests/pom.xml | 28 +-
.../org/apache/rahas/SimpleTokenStoreTest.java | 36 +-
.../rampart/AsymmetricBindingBuilderTest.java | 16 +-
.../org/apache/rampart/MessageBuilderTestBase.java | 18 +-
.../org/apache/rampart/PolicyAssertionsTest.java | 78 ++
.../java/org/apache/rampart/RampartEngineTest.java | 75 +-
.../rampart/SymmetricBindingBuilderTest.java | 11 +-
.../rampart/TransportBindingBuilderTest.java | 8 +-
.../handler/config/InflowConfigurationTest.java | 73 --
.../handler/config/OutflowConfigurationTest.java | 194 ----
.../ws/secpolicy/model/SecpolicyModelTest.java | 19 +-
modules/rampart-tests/test-resources/axis2.xml | 12 +-
.../test-resources/policy-symm-binding-fault1.xml | 64 ++
.../policy/rampart-hashed-password.xml | 18 +
.../policy/rampart-plaintext-password.xml | 14 +
.../test-resources/policy/soapmessage12.xml | 57 ++
modules/rampart-trust-mar/module.xml | 2 +-
modules/rampart-trust-mar/pom.xml | 23 +-
modules/rampart-trust/pom.xml | 83 +-
.../src/main/java/org/apache/rahas/Rahas.java | 6 +-
.../main/java/org/apache/rahas/RahasConstants.java | 2 +
.../src/main/java/org/apache/rahas/RahasData.java | 80 +-
.../java/org/apache/rahas/STSMessageReceiver.java | 10 +-
.../src/main/java/org/apache/rahas/Token.java | 36 +-
.../main/java/org/apache/rahas/TokenIssuer.java | 8 +-
.../apache/rahas/TokenRequestDispatcherConfig.java | 9 +-
.../java/org/apache/rahas/client/STSClient.java | 65 +-
.../apache/rahas/impl/AbstractIssuerConfig.java | 32 +
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 1033 ++++++++++----------
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 126 +--
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 65 +-
.../org/apache/rahas/impl/SAMLTokenRenewer.java | 14 +-
.../org/apache/rahas/impl/SAMLTokenValidator.java | 2 +-
.../main/java/org/apache/rahas/impl/SCTIssuer.java | 12 +-
.../org/apache/rahas/impl/SCTIssuerConfig.java | 7 +-
.../org/apache/rahas/impl/TokenCancelerConfig.java | 7 +-
.../org/apache/rahas/impl/TokenIssuerUtil.java | 6 +-
.../apache/rahas/impl/util/AxiomParserPool.java | 2 +-
.../org/apache/rahas/impl/util/CommonUtil.java | 307 +++++-
.../org/apache/rahas/impl/util/SAML2Utils.java | 150 +--
.../java/org/apache/rahas/impl/util/SAMLUtils.java | 200 +---
.../org/apache/rahas/errors.properties | 7 +-
.../apache/rahas/impl/SAML2TokenIssuerTest.java | 83 +-
.../org/apache/rahas/impl/util/CommonUtilTest.java | 289 ++++++
.../org/apache/rahas/impl/util/SAMLUtilsTest.java | 54 +-
.../apache/rahas/test/util/AbstractTestCase.java | 95 ++
.../rahas/test/util/TestCallbackHandler.java | 45 +
.../rahas/test/util/TestSAMLCallbackHandler.java | 32 +
.../org/apache/rahas/test/util/TestSTSClient.java | 45 +
.../java/org/apache/rahas/test/util/TestUtil.java | 389 +++++++-
.../src/test/resources/log4j.properties | 0
.../src/test/resources/repo/conf}/client.axis2.xml | 874 ++++++++---------
pom.xml | 523 +++++++---
release-docs/ChangeLog.txt | 255 -----
release-docs/release-notes.html | 67 --
src/site/markdown/download.md.vm | 60 ++
src/site/markdown/index.md | 23 +
src/site/markdown/release-notes/1.6.1.md | 7 +
src/site/markdown/release-notes/1.6.2.md | 10 +
src/site/markdown/release-notes/1.6.3.md | 7 +
src/site/markdown/release-notes/1.6.4.md | 7 +
src/site/markdown/release-notes/1.7.0.md | 11 +
src/site/markdown/release-notes/1.8.0.md | 0
src/site/resources/images/apache-rampart-logo.jpg | Bin 0 -> 14742 bytes
.../site/resources/images/logos/asf_logo_wide.png | Bin
.../site/resources/images/message-builder.jpg | Bin
.../site/resources/images/rampart-engine.jpg | Bin
.../site/resources/images/rampart-handlers.jpg | Bin
.../site/resources/images/rampart-trust.jpg | Bin
.../site/resources/images/security-stack.jpg | Bin
.../src => src}/site/resources/rampart-config.xsd | 0
.../site/resources/samples/msgs/creq04.xml | 0
.../site/resources/samples/msgs/cres04.xml | 0
.../site/resources/samples/msgs/req01.xml | 0
.../site/resources/samples/msgs/req02.xml | 0
.../site/resources/samples/msgs/req03.xml | 0
.../site/resources/samples/msgs/req04.xml | 0
.../site/resources/samples/msgs/res01.xml | 0
.../site/resources/samples/msgs/res02.xml | 0
.../site/resources/samples/msgs/res03.xml | 0
.../site/resources/samples/msgs/res04.xml | 0
.../site/resources/samples/msgs/rst04.xml | 0
.../site/resources/samples/msgs/rstr04.xml | 0
.../site/resources/samples/policy/sample01.xml | 0
.../site/resources/samples/policy/sample02.xml | 0
.../site/resources/samples/policy/sample03.xml | 0
.../site/resources/samples/policy/sample04.xml | 0
.../site/resources/samples/policy/sample05.xml | 0
.../site/resources/samples/policy/sample06.xml | 0
src/site/site.xml | 84 ++
.../src => src}/site/xdoc/articles.xml | 0
.../src => src}/site/xdoc/developer-guide.xml | 0
.../src => src}/site/xdoc/quick-start.xml | 2 +-
.../src => src}/site/xdoc/rampartconfig-guide.xml | 0
.../src => src}/site/xdoc/samples.xml | 1 +
.../src => src}/site/xdoc/setting-up-sts.xml | 2 +-
.../src => src}/site/xdoc/siteHowTo.xml | 0
.../src => src}/site/xdoc/specifications.xml | 0
.../documentation/src => src}/site/xdoc/svn.xml | 0
468 files changed, 9685 insertions(+), 21254 deletions(-)
diff --cc modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
index 65ee52e,034b91d..f0cd9f8
--- a/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
@@@ -102,7 -104,12 +104,14 @@@ requiredElementsMissing = Required Elem
repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
invalidIssuerAddress = Invalid value for Issuer
+algorithmNotFound = Couldn't find the algorithm used
+invalidAlgorithm = Algorithm verification failed. Required Algorithm : {0}, Algorithm found {1}
invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
+ invalidUsernameTokenType = Invalid UsernameToken Type.
+ #Rampart Kerberos-specific errors
+ invalidServicePrincipalNameForm = Invalid servicePrincipalNameForm found in Rampart configuration ({0}). The supported service principal name forms are: \"{1}\", \"{2}\".
+ noKerberosConfigDefined = No kerberosConfig policy assertion defined in rampart config.
+ errorInBuildingKereberosToken = Error in building kereberos token.
+ cannotLoadKrbTokenDecoderClass = Cannot load Kerberos token decoder class: {0}
-cannotCreateKrbTokenDecoderInstance = Cannot create instance of Kerberos token decoder : {0}
++cannotCreateKrbTokenDecoderInstance = Cannot create instance of Kerberos token decoder : {0}