[1/3] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 16f466dbe - 1798afb80 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/baeea673 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/baeea673 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/baeea673 Branch: refs/heads/2.7.x-fixes Commit: baeea673f2dc70e75b816a6d4beb216c7e8dbe6a Parents: 80cdbd7 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 17:23:41 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 17:23:41 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/baeea673/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 75d91ec..8f66ef3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -2638,6 +2638,7 @@ M f5684767d04676304063edecacf8d72896f1524c M f57a75aa40be9ab959ae1fade89c2803f2a5b45e M f584187d09471f28578854e288a7c7d612ea82bc M f5a82c1c393775334725b9de61b94f492cdd1f2f +M f5b751cc44cde43f9bd776fd1f7504c9b7fc54e3 M f61876836d11eb04b47a647a20e6a1d504e93671 M f678cdd89d1ba6be3b5113743cfa5859806ba99a M f68f775a7b95a268e66ebbc832d1f8a30c9ac240
[3/3] cxf git commit: Fixing merge
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1798afb8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1798afb8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1798afb8
Branch: refs/heads/2.7.x-fixes
Commit: 1798afb80ccc53fd6c76b5352372c5d80f55754d
Parents: baeea67
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 17:26:10 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 17:26:10 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 25 +-
.../apache/cxf/configuration/jsse/SSLUtils.java | 742 ---
.../https/ciphersuites/CipherSuitesTest.java| 418 ---
.../ciphersuites-explicit-client.xml| 37 -
.../https/ciphersuites/ciphersuites-server.xml | 117 ---
5 files changed, 14 insertions(+), 1325 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index 81994f8..4b0bee1 100644
--- a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -452,17 +452,21 @@ public final class SSLUtils {
String[] supportedCipherSuites,
FiltersType filters,
Logger log, boolean exclude) {
-String[] cipherSuites = null;
-if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
-cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-return cipherSuites;
-}
+// First check the include case only. If we have defined explicit
cipherSuite
+// configuration, then just return these. Otherwise see if we have
defined ciphersuites
+// via a system property.
if (!exclude) {
-cipherSuites = getSystemCiphersuites(log);
-if (cipherSuites != null) {
-return cipherSuites;
+if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+return getCiphersFromList(cipherSuitesList, log, exclude);
+} else {
+String[] cipherSuites = getSystemCiphersuites(log);
+if (cipherSuites != null) {
+return cipherSuites;
+}
}
}
+
+// Otherwise check the include/exclude cipherSuiteFilter
configuration
LogUtils.log(log, Level.FINE, CIPHERSUITES_NOT_SET);
if (filters == null) {
LogUtils.log(log, Level.FINE, CIPHERSUITE_FILTERS_NOT_SET);
@@ -502,11 +506,10 @@ public final class SSLUtils {
CIPHERSUITES_EXCLUDED,
excludedCipherSuites);
if (exclude) {
-cipherSuites = getCiphersFromList(excludedCipherSuites, log,
exclude);
+return getCiphersFromList(excludedCipherSuites, log, exclude);
} else {
-cipherSuites = getCiphersFromList(filteredCipherSuites, log,
exclude);
+return getCiphersFromList(filteredCipherSuites, log, exclude);
}
-return cipherSuites;
}
private static String[] getSystemCiphersuites(Logger log) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
deleted file mode 100644
index ebae85d..000
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ /dev/null
@@ -1,742 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * License); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Repository: cxf
Updated Branches:
refs/heads/master dfecaa60e - 99b13f1da
[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99b13f1d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99b13f1d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99b13f1d
Branch: refs/heads/master
Commit: 99b13f1da6998678d2af2e928e04ebad8e121fa3
Parents: dfecaa6
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 17:16:56 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 17:16:56 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 27 --
.../https/ciphersuites/CipherSuitesTest.java| 27 +-
.../ciphersuites-explicit-client.xml| 37
.../https/ciphersuites/ciphersuites-server.xml | 21 +++
4 files changed, 100 insertions(+), 12 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index b656820..1023f31 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -430,17 +430,23 @@ public final class SSLUtils {
String[] supportedCipherSuites,
FiltersType filters,
Logger log, boolean exclude) {
-String[] cipherSuites = null;
-if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
-cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-return cipherSuites;
-}
+
+// First check the include case only. If we have defined explicit
cipherSuite
+// configuration, then just return these. Otherwise see if we have
defined ciphersuites
+// via a system property.
if (!exclude) {
-cipherSuites = getSystemCiphersuites(log);
-if (cipherSuites != null) {
-return cipherSuites;
+if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+return getCiphersFromList(cipherSuitesList, log, exclude);
+} else {
+String[] cipherSuites = getSystemCiphersuites(log);
+if (cipherSuites != null) {
+return cipherSuites;
+}
}
}
+
+// Otherwise check the include/exclude cipherSuiteFilter
configuration
+
LogUtils.log(log, Level.FINE, CIPHERSUITES_NOT_SET);
if (filters == null) {
LogUtils.log(log, Level.FINE, CIPHERSUITE_FILTERS_NOT_SET);
@@ -480,11 +486,10 @@ public final class SSLUtils {
CIPHERSUITES_EXCLUDED,
excludedCipherSuites);
if (exclude) {
-cipherSuites = getCiphersFromList(excludedCipherSuites, log,
exclude);
+return getCiphersFromList(excludedCipherSuites, log, exclude);
} else {
-cipherSuites = getCiphersFromList(filteredCipherSuites, log,
exclude);
+return getCiphersFromList(filteredCipherSuites, log, exclude);
}
-return cipherSuites;
}
private static String[] getSystemCiphersuites(Logger log) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index f37b1f9..3a93002 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -38,6 +38,7 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
static final String PORT = allocatePort(CipherSuitesServer.class);
static final String PORT2 = allocatePort(CipherSuitesServer.class, 2);
static final String PORT3 = allocatePort(CipherSuitesServer.class, 3);
+static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
@BeforeClass
public static void startServers() throws Exception {
@@ -105,6
cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes a3d605568 - f5b751cc4
[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5b751cc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5b751cc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5b751cc
Branch: refs/heads/3.0.x-fixes
Commit: f5b751cc44cde43f9bd776fd1f7504c9b7fc54e3
Parents: a3d6055
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 17:16:56 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 17:17:59 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 27 --
.../https/ciphersuites/CipherSuitesTest.java| 27 +-
.../ciphersuites-explicit-client.xml| 37
.../https/ciphersuites/ciphersuites-server.xml | 21 +++
4 files changed, 100 insertions(+), 12 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5b751cc/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index 534c256..ebae85d 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -454,17 +454,23 @@ public final class SSLUtils {
String[] supportedCipherSuites,
FiltersType filters,
Logger log, boolean exclude) {
-String[] cipherSuites = null;
-if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
-cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-return cipherSuites;
-}
+
+// First check the include case only. If we have defined explicit
cipherSuite
+// configuration, then just return these. Otherwise see if we have
defined ciphersuites
+// via a system property.
if (!exclude) {
-cipherSuites = getSystemCiphersuites(log);
-if (cipherSuites != null) {
-return cipherSuites;
+if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+return getCiphersFromList(cipherSuitesList, log, exclude);
+} else {
+String[] cipherSuites = getSystemCiphersuites(log);
+if (cipherSuites != null) {
+return cipherSuites;
+}
}
}
+
+// Otherwise check the include/exclude cipherSuiteFilter
configuration
+
LogUtils.log(log, Level.FINE, CIPHERSUITES_NOT_SET);
if (filters == null) {
LogUtils.log(log, Level.FINE, CIPHERSUITE_FILTERS_NOT_SET);
@@ -504,11 +510,10 @@ public final class SSLUtils {
CIPHERSUITES_EXCLUDED,
excludedCipherSuites);
if (exclude) {
-cipherSuites = getCiphersFromList(excludedCipherSuites, log,
exclude);
+return getCiphersFromList(excludedCipherSuites, log, exclude);
} else {
-cipherSuites = getCiphersFromList(filteredCipherSuites, log,
exclude);
+return getCiphersFromList(filteredCipherSuites, log, exclude);
}
-return cipherSuites;
}
private static String[] getSystemCiphersuites(Logger log) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5b751cc/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index f37b1f9..3a93002 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -38,6 +38,7 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
static final String PORT = allocatePort(CipherSuitesServer.class);
static final String PORT2 = allocatePort(CipherSuitesServer.class, 2);
static final String PORT3 = allocatePort(CipherSuitesServer.class, 3);
+static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
@BeforeClass
public static void startServers() throws Exception {
[2/3] cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Conflicts:
core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/80cdbd72
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/80cdbd72
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/80cdbd72
Branch: refs/heads/2.7.x-fixes
Commit: 80cdbd72891c028d331bd365398cd8ea2843b1bf
Parents: 16f466d
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 17:16:56 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 17:23:41 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 742 +++
.../https/ciphersuites/CipherSuitesTest.java| 418 +++
.../ciphersuites-explicit-client.xml| 37 +
.../https/ciphersuites/ciphersuites-server.xml | 117 +++
4 files changed, 1314 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/80cdbd72/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
new file mode 100644
index 000..ebae85d
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -0,0 +1,742 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * License); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.configuration.jsse;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.SystemPropertyAction;
+import org.apache.cxf.configuration.security.FiltersType;
+
+
+/**
+ * Holder for utility methods related to manipulating SSL settings, common
+ * to the connection and listener factories (previously duplicated).
+ */
+public final class SSLUtils {
+
+static final String PKCS12_TYPE = PKCS12;
+
+private static final String DEFAULT_KEYSTORE_TYPE = PKCS12;
+private static final String DEFAULT_TRUST_STORE_TYPE = JKS;
+private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = TLSv1;
+private static final String CERTIFICATE_FACTORY_TYPE = X.509;
+
+private static final String HTTPS_CIPHER_SUITES = https.cipherSuites;
+
+private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
+private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
+
+private static final ListString DEFAULT_CIPHERSUITE_FILTERS_INCLUDE =
+Arrays.asList(new String[] {.*});
+/**
+ * By default, exclude NULL, anon, EXPORT, DES ciphersuites
+ */
+private static final ListString DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE =
+Arrays.asList(new String[] {.*_NULL_.*,
+.*_anon_.*,
+.*_EXPORT_.*,
+.*_DES_.*});
+
+private static volatile
cxf git commit: Updates to get the new wss4j stuff installed in OSGi. (may not work yet)
Repository: cxf
Updated Branches:
refs/heads/master 99b13f1da - d1c7f1f6b
Updates to get the new wss4j stuff installed in OSGi. (may not work yet)
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d1c7f1f6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d1c7f1f6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d1c7f1f6
Branch: refs/heads/master
Commit: d1c7f1f6be4ce14bd0e99ec9672d9c1957515f35
Parents: 99b13f1
Author: Daniel Kulp dk...@apache.org
Authored: Fri Mar 13 14:14:32 2015 -0400
Committer: Daniel Kulp dk...@apache.org
Committed: Fri Mar 13 14:14:53 2015 -0400
--
osgi/karaf/features/src/main/resources/features.xml | 1 +
parent/pom.xml | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/d1c7f1f6/osgi/karaf/features/src/main/resources/features.xml
--
diff --git a/osgi/karaf/features/src/main/resources/features.xml
b/osgi/karaf/features/src/main/resources/features.xml
index 74ca7fa..f7052ff 100644
--- a/osgi/karaf/features/src/main/resources/features.xml
+++ b/osgi/karaf/features/src/main/resources/features.xml
@@ -56,6 +56,7 @@
bundle start-level=25
dependency=truemvn:joda-time/joda-time/${cxf.joda.time.version}/bundle
bundle start-level=25
dependency=truemvn:commons-codec/commons-codec/${cxf.commons-codec.version}/bundle
bundle start-level=25
dependency=truemvn:org.apache.santuario/xmlsec/${cxf.xmlsec.bundle.version}/bundle
+bundle start-level=25
dependency=truemvn:com.google.guava/guava/${cxf.guava.version}/bundle
bundle start-level=25
dependency=truemvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.opensaml/${cxf.opensaml.osgi.version}/bundle
bundle
start-level=25mvn:org.jvnet.staxex/stax-ex/${cxf.stax-ex.version}/bundle
bundle
start-level=25mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.saaj-impl/${cxf.saaj-impl.bundle.version}/bundle
http://git-wip-us.apache.org/repos/asf/cxf/blob/d1c7f1f6/parent/pom.xml
--
diff --git a/parent/pom.xml b/parent/pom.xml
index bed6fc1..83a9de6 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -81,6 +81,7 @@
cxf.derby.version10.2.2.0/cxf.derby.version
cxf.ehcache.version2.9.0/cxf.ehcache.version
cxf.fastinfoset.bundle.version1.2.13_1/cxf.fastinfoset.bundle.version
+cxf.guava.version18.0/cxf.guava.version
cxf.hazelcast.version1.9.4/cxf.hazelcast.version
cxf.httpcomponents.asyncclient.version4.0.2/cxf.httpcomponents.asyncclient.version
cxf.httpcomponents.asyncclient.version.range[4.0,4.1)/cxf.httpcomponents.asyncclient.version.range
@@ -106,7 +107,7 @@
cxf.jaxb.impl.version${cxf.jaxb.version}/cxf.jaxb.impl.version
cxf.jaxb.core.version${cxf.jaxb.version}/cxf.jaxb.core.version
cxf.jaxb.xjc.version${cxf.jaxb.version}/cxf.jaxb.xjc.version
-cxf.joda.time.version2.2/cxf.joda.time.version
+cxf.joda.time.version2.7/cxf.joda.time.version
cxf.jdom.version1.0/cxf.jdom.version
cxf.jettison.version1.3.7/cxf.jettison.version
cxf.jetty8.version8.1.15.v20140411/cxf.jetty8.version
@@ -124,7 +125,7 @@
cxf.oauth.bundle.version20100527_1/cxf.oauth.bundle.version
cxf.oauth.version20100527/cxf.oauth.version
cxf.opensaml.version3.1.0/cxf.opensaml.version
-cxf.opensaml.osgi.version3.1.0_1/cxf.opensaml.osgi.version
+cxf.opensaml.osgi.version3.1.0_1-SNAPSHOT/cxf.opensaml.osgi.version
cxf.rhino.version1.7R2/cxf.rhino.version
cxf.servlet-api.grouporg.apache.geronimo.specs/cxf.servlet-api.group
cxf.servlet-api.artifactgeronimo-servlet_3.0_spec/cxf.servlet-api.artifact
cxf git commit: [CXF-6294] - Cannot activate TLSv1.2 cipher suites on client on Java7 - Adding a test
Repository: cxf
Updated Branches:
refs/heads/master d1c7f1f6b - 08f376bdf
[CXF-6294] - Cannot activate TLSv1.2 cipher suites on client on Java7
- Adding a test
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/08f376bd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/08f376bd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/08f376bd
Branch: refs/heads/master
Commit: 08f376bdfd744b99132387076f3fc61167a330ec
Parents: d1c7f1f
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 18:46:23 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 18:46:23 2015 +
--
.../https/SSLSocketFactoryWrapper.java | 17 -
.../https/ciphersuites/CipherSuitesTest.java| 25 -
.../ciphersuites/ciphersuites-client-tlsv12.xml | 37
3 files changed, 70 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/08f376bd/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
--
diff --git
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
index 6f58e4a..4e635f0 100644
---
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
+++
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
@@ -23,7 +23,6 @@ import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
-
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Handler;
@@ -97,19 +96,21 @@ class SSLSocketFactoryWrapper extends SSLSocketFactory {
private Socket enableCipherSuites(Socket s, Object[] logParams) {
SSLSocket socket = (SSLSocket)s;
-if ((socket != null) (ciphers != null)) {
-socket.setEnabledCipherSuites(ciphers);
+if (socket == null) {
+LogUtils.log(LOG, Level.SEVERE,
+ PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET,
+ logParams);
+return socket;
}
-if ((socket != null) (protocol != null)) {
+
+if (protocol != null) {
String p[] = findProtocols(protocol,
socket.getSupportedProtocols());
if (p != null) {
socket.setEnabledProtocols(p);
}
}
-if (socket == null) {
-LogUtils.log(LOG, Level.SEVERE,
- PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET,
- logParams);
+if (ciphers != null) {
+socket.setEnabledCipherSuites(ciphers);
}
return socket;
http://git-wip-us.apache.org/repos/asf/cxf/blob/08f376bd/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 3a93002..a1002e3 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -414,5 +414,28 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
((java.io.Closeable)port).close();
bus.shutdown(true);
}
-
+
+// Both client + server include AES, client enables a TLS v1.2 CipherSuite
+@org.junit.Test
+public void testAESIncludedTLSv12() throws Exception {
+SpringBusFactory bf = new SpringBusFactory();
+URL busFile =
CipherSuitesTest.class.getResource(ciphersuites-client-tlsv12.xml);
+
+Bus bus = bf.createBus(busFile.toString());
+SpringBusFactory.setDefaultBus(bus);
+SpringBusFactory.setThreadDefaultBus(bus);
+
+URL url = SOAPService.WSDL_LOCATION;
+SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+assertNotNull(Service is null, service);
+final Greeter port = service.getHttpsPort();
+assertNotNull(Port is null, port);
+
+updateAddressPort(port, PORT);
+
+assertEquals(port.greetMe(Kitty), Hello Kitty);
+
+((java.io.Closeable)port).close();
+bus.shutdown(true);
+}
}
cxf git commit: Disable test when unlimited security policies are not installed
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes f5b751cc4 - abe4cba67
Disable test when unlimited security policies are not installed
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/abe4cba6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/abe4cba6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/abe4cba6
Branch: refs/heads/3.0.x-fixes
Commit: abe4cba67337556651787d3e14f3ecf472cd7f80
Parents: f5b751c
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 23:14:10 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 23:14:10 2015 +
--
.../https/ciphersuites/CipherSuitesTest.java| 28
1 file changed, 28 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/abe4cba6/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 3a93002..a0cad91 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -21,6 +21,9 @@ package org.apache.cxf.systest.https.ciphersuites;
import java.net.URL;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
@@ -40,6 +43,27 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
static final String PORT3 = allocatePort(CipherSuitesServer.class, 3);
static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
+private static final boolean UNRESTRICTED_POLICIES_INSTALLED;
+static {
+boolean ok = false;
+try {
+byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+SecretKey key192 = new SecretKeySpec(
+new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+AES);
+Cipher c = Cipher.getInstance(AES);
+c.init(Cipher.ENCRYPT_MODE, key192);
+c.doFinal(data);
+ok = true;
+} catch (Exception e) {
+//
+}
+UNRESTRICTED_POLICIES_INSTALLED = ok;
+}
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -109,6 +133,10 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
// Both client + server include a specific AES CipherSuite (not via a
filter)
@org.junit.Test
public void testAESIncludedExplicitly() throws Exception {
+
+if (!UNRESTRICTED_POLICIES_INSTALLED) {
+return;
+}
SpringBusFactory bf = new SpringBusFactory();
URL busFile =
CipherSuitesTest.class.getResource(ciphersuites-explicit-client.xml);
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 1798afb80 - 566787ec5 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/566787ec Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/566787ec Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/566787ec Branch: refs/heads/2.7.x-fixes Commit: 566787ec5cc6b9519e575df6434e212ff384c85a Parents: 1798afb Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 23:18:09 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 23:18:09 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/566787ec/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 8f66ef3..c41ca79 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1279,6 +1279,7 @@ B aab6216c1a32ce7f37792066b4dbbbe9ca04b90e B ab1cd2bba38e4209991bd108158a08036f097b5e B ab5e64e0414bcbe0e8a5c5b8575289db816acccb B ab8818b7c15adb227e9e4bfb7ed4293bffcfa3eb +B abe4cba67337556651787d3e14f3ecf472cd7f80 B abe5b35ec859a2bae12c44bb4a7a8f1a118c6cf6 B abfbb35df11021077417e1ac631ed3315c9b625b B ac2f3f8c4f435ee71f5a7bc27f2d934a24628732
[2/2] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2aa1f7a2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2aa1f7a2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2aa1f7a2 Branch: refs/heads/3.0.x-fixes Commit: 2aa1f7a2f469026f385c1d64b572f1caf4f64b6c Parents: 58f924e Author: Alessio Soldano asold...@redhat.com Authored: Fri Mar 13 08:48:24 2015 +0100 Committer: Alessio Soldano asold...@redhat.com Committed: Fri Mar 13 08:48:24 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2aa1f7a2/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 9a7f1e8..d0ec1cc 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -262,6 +262,7 @@ M bee82ba7d1766b555d965a75b3846ead4686239e M c1c75b039df7bd1ca9f11ff21f16593fed0c8c16 M c34bf7ad6bc55b6584dfd009f49a3f4eb8ececc9 M c55664128b1223667dedacc2011ccd5945d9c8b9 +M c5dbb84ac4e5bf73555e85ae1e65a5065393c602 M c72cac8cbd73d92a9e0264c816176c2a33dcbcf2 M cda58270486b4d394b98a1a1a1d5bfcb366af2c1 M d2dec5b87788b8cb5059d3719cf3dfd7135a1280
[1/2] cxf git commit: [CXF-6295] create Validator instance when a string with class name is provided
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 4d7bae999 - 2aa1f7a2f
[CXF-6295] create Validator instance when a string with class name is provided
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/58f924e9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/58f924e9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/58f924e9
Branch: refs/heads/3.0.x-fixes
Commit: 58f924e9a0957083bcbb97aca5985e6fde2b74f9
Parents: 4d7bae9
Author: Alessio Soldano asold...@redhat.com
Authored: Thu Mar 12 22:57:33 2015 +0100
Committer: Alessio Soldano asold...@redhat.com
Committed: Fri Mar 13 08:46:35 2015 +0100
--
.../wss4j/UsernameTokenInterceptor.java | 29 ++--
1 file changed, 27 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/58f924e9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 96f0ac8..e9e3c52 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -31,6 +31,7 @@ import javax.xml.namespace.QName;
import org.w3c.dom.Element;
import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.CastUtils;
@@ -205,8 +206,7 @@ public class UsernameTokenInterceptor extends
AbstractTokenInterceptor {
return getCallback(message);
}
public Validator getValidator(QName qName) throws
WSSecurityException {
-Object validator =
-
message.getContextualProperty(SecurityConstants.USERNAME_TOKEN_VALIDATOR);
+Object validator =
loadValidator(SecurityConstants.USERNAME_TOKEN_VALIDATOR, message);
if (validator == null) {
return super.getValidator(qName);
}
@@ -236,6 +236,31 @@ public class UsernameTokenInterceptor extends
AbstractTokenInterceptor {
throw WSS4JUtils.createSoapFault(message, message.getVersion(),
ex);
}
}
+
+private Validator loadValidator(String validatorKey, SoapMessage message)
throws WSSecurityException {
+Object o = message.getContextualProperty(validatorKey);
+if (o == null) {
+return null;
+}
+try {
+if (o instanceof Validator) {
+return (Validator)o;
+} else if (o instanceof Class) {
+return (Validator)((Class?)o).newInstance();
+} else if (o instanceof String) {
+return (Validator)ClassLoaderUtils.loadClass(o.toString(),
+
UsernameTokenInterceptor.class)
+ .newInstance();
+} else {
+throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+ Cannot load Validator: +
o);
+}
+} catch (RuntimeException t) {
+throw t;
+} catch (Exception ex) {
+throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+}
+}
protected UsernameTokenPrincipal parseTokenAndCreatePrincipal(Element
tokenElement, boolean bspCompliant)
throws WSSecurityException, Base64DecodingException {
cxf git commit: Corrected groupId for logging
Repository: cxf Updated Branches: refs/heads/master c5dbb84ac - 26762a780 Corrected groupId for logging Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/26762a78 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/26762a78 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/26762a78 Branch: refs/heads/master Commit: 26762a780f4dd498d9304f70072f1bd339223d8a Parents: c5dbb84 Author: Christian Schneider ch...@die-schneider.net Authored: Fri Mar 13 10:53:57 2015 +0100 Committer: Christian Schneider ch...@die-schneider.net Committed: Fri Mar 13 10:56:21 2015 +0100 -- rt/features/logging/pom.xml | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/26762a78/rt/features/logging/pom.xml -- diff --git a/rt/features/logging/pom.xml b/rt/features/logging/pom.xml index 261837f..48f95bd 100644 --- a/rt/features/logging/pom.xml +++ b/rt/features/logging/pom.xml @@ -9,7 +9,6 @@ version3.1.0-SNAPSHOT/version relativePath../../../parent/pom.xml/relativePath /parent -groupIdorg.apache.cxf.ext/groupId artifactIdcxf-rt-features-logging/artifactId packagingbundle/packaging
[05/10] cxf git commit: Minor change
Minor change
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9ae69b3b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9ae69b3b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9ae69b3b
Branch: refs/heads/master
Commit: 9ae69b3b323f48de033f62be9fc2780f11b0c761
Parents: 7737225
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Tue Mar 3 14:31:39 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Tue Mar 3 14:31:39 2015 +
--
.../java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/9ae69b3b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 4e20831..79cb6da 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -26,6 +26,7 @@ import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -541,7 +542,7 @@ public class WSS4JInInterceptor extends
AbstractWSS4JInterceptor {
*/
ListWSHandlerResult results =
CastUtils.cast((List?)msg.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
-results = new ArrayListWSHandlerResult();
+results = new LinkedListWSHandlerResult();
msg.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
[07/10] cxf git commit: More refactoring
More refactoring
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/24e330c8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/24e330c8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/24e330c8
Branch: refs/heads/master
Commit: 24e330c8b6be65c98cd3914f6fe7498e980f4568
Parents: d68f140
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Tue Mar 10 13:24:13 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Tue Mar 10 13:24:13 2015 +
--
.../wss4j/policyhandlers/AbstractBindingBuilder.java | 15 +++
.../policyhandlers/AsymmetricBindingHandler.java | 4 ++--
.../policyhandlers/SymmetricBindingHandler.java | 5 +++--
.../policyhandlers/TransportBindingHandler.java | 6 --
.../ws/security/wss4j/SignatureConfirmationTest.java | 6 +++---
5 files changed, 19 insertions(+), 17 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/24e330c8/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 69a6e88..7dd95af 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -22,6 +22,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
@@ -164,7 +165,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
protected SetWSEncryptionPart encryptedTokensList = new
HashSetWSEncryptionPart();
-protected Listbyte[] signatures = new ArrayListbyte[]();
+protected SetInteger signatures = new HashSet();
protected Element bottomUpElement;
protected Element topDownElement;
@@ -1829,7 +1830,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
ListReference referenceList =
sig.addReferencesToSign(sigParts, secHeader);
sig.computeSignature(referenceList, false, null);
-signatures.add(sig.getSignatureValue());
+addSig(sig.getSignatureValue());
if (isSigProtect) {
WSEncryptionPart part = new
WSEncryptionPart(sig.getId(), Element);
encryptedTokensList.add(part);
@@ -1966,7 +1967,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
//Do signature
dkSign.computeSignature(referenceList, false, null);
-signatures.add(dkSign.getSignatureValue());
+addSig(dkSign.getSignatureValue());
}
private void doSymmSignature(AbstractToken policyToken, SecurityToken tok,
@@ -2032,7 +2033,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
//Do signature
sig.computeSignature(referenceList, false, null);
-signatures.add(sig.getSignatureValue());
+addSig(sig.getSignatureValue());
}
protected void addSupportingTokens(ListWSEncryptionPart sigs) throws
WSSecurityException {
@@ -2241,4 +2242,10 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
}
}
+
+protected void addSig(byte[] val) {
+if (val != null val.length 0) {
+signatures.add(Arrays.hashCode(val));
+}
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/24e330c8/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index fc3aa8b..67d7afe 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -665,7 +665,7 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
[04/10] cxf git commit: Using a new CXFCallbackLookup
Using a new CXFCallbackLookup
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/77372254
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/77372254
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/77372254
Branch: refs/heads/master
Commit: 7737225402d3a7b2e669ee8ecf54de10af686f20
Parents: 80d7128
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Tue Feb 24 16:02:16 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Tue Feb 24 16:02:16 2015 +
--
.../ws/security/wss4j/CXFCallbackLookup.java| 50
.../wss4j/PolicyBasedWSS4JOutInterceptor.java | 27 ++-
.../ws/security/wss4j/WSS4JInInterceptor.java | 5 ++
.../policyhandlers/AbstractBindingBuilder.java | 23 +++--
.../AsymmetricBindingHandler.java | 5 +-
.../policyhandlers/SymmetricBindingHandler.java | 11 +++--
.../policyhandlers/TransportBindingHandler.java | 5 +-
7 files changed, 107 insertions(+), 19 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
new file mode 100644
index 000..be8dbe0
--- /dev/null
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * License); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.wss4j.dom.message.DOMCallbackLookup;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+
+/**
+ * This class uses a DOM-based approach to locate Elements that are referenced
via an Id.
+ */
+public class CXFCallbackLookup extends DOMCallbackLookup {
+
+private Document doc;
+private Element soapBody;
+
+public CXFCallbackLookup(Document doc, Element soapBody) {
+super(doc);
+this.soapBody = soapBody;
+}
+
+/**
+ * Get the SOAP Body
+ */
+@Override
+public Element getSOAPBody() {
+if (soapBody != null) {
+return soapBody;
+}
+return WSSecurityUtil.findBodyElement(doc);
+}
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index 98a6330..54faf7e 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -120,7 +120,6 @@ public class PolicyBasedWSS4JOutInterceptor extends
AbstractPhaseInterceptorSoa
}
private void handleMessageInternal(SoapMessage message) throws Fault {
-CollectionAssertionInfo ais;
SOAPMessage saaj = message.getContent(SOAPMessage.class);
boolean mustUnderstand =
@@ -133,7 +132,7 @@ public class PolicyBasedWSS4JOutInterceptor extends
AbstractPhaseInterceptorSoa
// extract Assertion information
if (aim != null) {
AbstractBinding transport = null;
-ais = getAllAssertionsByLocalname(aim,
SPConstants.TRANSPORT_BINDING);
+CollectionAssertionInfo ais =
getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
transport =
[08/10] cxf git commit: Minor fix
Minor fix
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e548a02f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e548a02f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e548a02f
Branch: refs/heads/master
Commit: e548a02fa04313fd1b6ec5d9ac78c774e8ad935a
Parents: 24e330c
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Wed Mar 11 11:00:07 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Wed Mar 11 11:00:07 2015 +
--
.../cxf/ws/security/wss4j/WSS4JOutInterceptor.java | 11 ++-
1 file changed, 2 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/e548a02f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index ea4fddd..8e1bb5b 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -228,11 +228,7 @@ public class WSS4JOutInterceptor extends
AbstractWSS4JInterceptor {
}
}
-/*
- * Now we perform some set-up for UsernameToken and Signature
- * functions. No need to do it for encryption only. Check if
- * username is available and then get a passowrd.
- */
+// Check to see if we require a username (+ if it's missing)
boolean userNameRequired = false;
for (HandlerAction handlerAction : actions) {
if ((handlerAction.getAction() == WSConstants.SIGN
@@ -246,13 +242,10 @@ public class WSS4JOutInterceptor extends
AbstractWSS4JInterceptor {
}
if (userNameRequired (reqData.getUsername() == null ||
reqData.getUsername().equals())
(String)getOption(WSHandlerConstants.SIGNATURE_USER) == null) {
-/*
- * We need a username - if none throw an SoapFault. For
- * encryption there is a specific parameter to get a
username.
- */
throw new SoapFault(new Message(NO_USERNAME, LOG),
version
.getReceiver());
}
+
if (doDebug) {
LOG.fine(Actor: + reqData.getActor());
}
svn commit: r943666 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot
Date: Fri Mar 13 11:47:17 2015
New Revision: 943666
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 11:47:17
2015
@@ -117,12 +117,12 @@ Apache CXF -- JAX-RS JOSE
!-- Content --
div class=wiki-content
div id=ConfluenceContentp#160;/ppstyle
type=text/css/*![CDATA[*/
-div.rbtoc1421621184755 {padding: 0px;}
-div.rbtoc1421621184755 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1421621184755 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1426247209546 {padding: 0px;}
+div.rbtoc1426247209546 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1426247209546 li {margin-left: 0px;padding-left: 0px;}
-/*]]*//style/pdiv class=toc-macro rbtoc1421621184755
-ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect
href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia
shape=rect href=#JAX-RSJOSE-JoseOverviewJose Overview/a
+/*]]*//style/pdiv class=toc-macro rbtoc1426247209546
+ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect
href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia
shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a
ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect
href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect
href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect
href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect
href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul
/lilia shape=rect href=#JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose
Filters/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and
Jose/a/lilia shape=rect
href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party
Alternatives/a/li/ul
/divh1 id=JAX-RSJOSE-IntroductionIntroduction/h1pCXF 3.0.x
implements a shape=rect class=external-link
href=https://datatracker.ietf.org/wg/jose/documents/;
rel=nofollowJOSE/a./ph1 id=JAX-RSJOSE-MavenDependenciesMaven
Dependencies/h1div class=code panel pdl style=border-width: 1px;div
class=codeContent panelContent pdl
@@ -132,7 +132,7 @@ div.rbtoc1421621184755 li {margin-left:
lt;versiongt;3.1.0lt;/versiongt;
lt;/dependencygt;
]]/script
-/div/divp#160;/ph1 id=JAX-RSJOSE-JoseOverviewJose
Overview/h1h2 id=JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/h2h2
id=JAX-RSJOSE-JWKKeysJWK Keys/h2h2 id=JAX-RSJOSE-JWSSignatureJWS
Signature/h2p#160;/ph2 id=JAX-RSJOSE-JSONEncryptionJSON
Encryption/h2h2 id=JAX-RSJOSE-JSONWebTokensJSON Web
Tokens/h2p#160;/ph1 id=JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose
Filters/h1p#160;/ph1 id=JAX-RSJOSE-OAuth2andJoseOAuth2 and
Jose/h1p#160;/ph1 id=JAX-RSJOSE-Third-PartyAlternativesThird-Party
Alternatives/h1pJose4J. Etc./pp#160;/p/div
+/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE
Overview/h1pJOSE is a set of high quality specifications that specify how
data payloads can be signed and/or encrypted with the cryptographic properties
set in JSON-formatted metadata (headers)./ppNote that not only JSON
documents but also documents in the arbitrary formats can be secured: text,
binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced
OAuth2 applications but is also perfect at securing the regular HTTP web
service communications./pp#160;/ppAt the moment two signature and
encryption output formats are supported: compact and
JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded
JOSE headers (where the cryptographic signature or encryption properties are
set),/ppBase64URL-encoded payload (in the original form if it is signed,
otherwise - encrypted), plus Base64URL-encoded signature of the payload or some
of encryption process input or outpu
t data/ppsuch as an initialization vector, authentication tag,
etc./pp#160;/ppThe JSON (full) format is where all the information
describing a signature or encryption process is presented in a not-compact,
regular JSON document, offering a non-optimized but easier to understand
format./ppThe signature process also supports the detached body mode where
the body to be signed is not included in the actual output - assuming that both
the consumer and producer know how to access the original payload in order
to/ppvalidate the signature./pp#160;/ppThe following subsections
will have the examples with more details./ph2
id=JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/h2h2
id=JAX-RSJOSE-JWKKeysJWK
[03/10] cxf git commit: Picking up some WSS4J trunk changes
Picking up some WSS4J trunk changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/80d7128a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/80d7128a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/80d7128a
Branch: refs/heads/master
Commit: 80d7128a3ba1944a603c73e5e908d86c9bf27648
Parents: 2426a08
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Tue Feb 24 14:40:10 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Tue Feb 24 14:40:10 2015 +
--
.../org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java | 8 +++-
1 file changed, 3 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/80d7128a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index cff4c53..b8c71a7 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -273,13 +273,14 @@ public class WSS4JInInterceptor extends
AbstractWSS4JInterceptor {
||
MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
reqData.setEnableRevocation(enableRevocation);
-Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(),
actor);
+Element elem =
+WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor,
version.getVersion() != 1.1);
ListWSSecurityEngineResult wsResult =
engine.processSecurityHeader(
elem, reqData
);
-if (wsResult != null !wsResult.isEmpty()) { // security header
found
+if (!wsResult.isEmpty()) { // security header found
if (reqData.getWssConfig().isEnableSignatureConfirmation()) {
checkSignatureConfirmation(reqData, wsResult);
}
@@ -294,9 +295,6 @@ public class WSS4JInInterceptor extends
AbstractWSS4JInterceptor {
wsResult, utWithCallbacks
);
} else { // no security header found
-// Create an empty result list to pass into the required
validation
-// methods.
-wsResult = new ArrayListWSSecurityEngineResult();
if (doc.getSOAPPart().getEnvelope().getBody().hasFault()
isRequestor(msg)) {
LOG.warning(The request is a SOAP Fault, but it is not
secured);
// We allow lax action matching here for backwards
compatibility
[02/10] cxf git commit: Applying Opensaml 3.0.x patch
Applying Opensaml 3.0.x patch Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2426a087 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2426a087 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2426a087 Branch: refs/heads/master Commit: 2426a0879b06cf6dea32004af16f96f793d568eb Parents: a79bb05 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Tue Feb 24 11:38:13 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Tue Feb 24 11:38:13 2015 + -- parent/pom.xml | 8 +- pom.xml | 8 ++ .../grants/saml/Saml2BearerGrantHandler.java| 5 +- .../oauth2/saml/SamlOAuthValidator.java | 14 +-- ...AbstractRequestAssertionConsumerHandler.java | 15 ++- .../saml/sso/AbstractServiceProviderFilter.java | 2 +- .../security/saml/sso/AuthnRequestBuilder.java | 2 +- .../saml/sso/DefaultAuthnRequestBuilder.java| 14 +-- .../saml/sso/SAMLProtocolResponseValidator.java | 98 .../saml/sso/SAMLSSOResponseValidator.java | 22 ++--- .../saml/sso/SamlPostBindingFilter.java | 21 ++--- .../saml/sso/SamlRedirectBindingFilter.java | 2 +- .../saml/sso/SamlpRequestComponentBuilder.java | 25 ++--- .../saml/sso/AuthnRequestBuilderTest.java | 14 +-- .../security/saml/sso/SAML2CallbackHandler.java | 4 +- .../sso/SAML2PResponseComponentBuilder.java | 23 ++--- .../saml/sso/SAMLResponseValidatorTest.java | 28 +++--- .../saml/sso/SAMLSSOResponseValidatorTest.java | 24 +++-- .../rs/security/saml/AbstractSamlInHandler.java | 5 +- .../apache/cxf/rs/security/saml/SAMLUtils.java | 4 +- .../rs/security/xml/XmlSecOutInterceptor.java | 2 +- .../rs/security/xml/XmlSigOutInterceptor.java | 4 +- rt/security/pom.xml | 22 + .../apache/cxf/rt/security/saml/SAMLUtils.java | 14 +-- .../AbstractXACMLAuthorizingInterceptor.java| 34 --- .../security/xacml/RequestComponentBuilder.java | 7 +- .../xacml/SamlRequestComponentBuilder.java | 13 +-- .../rt/security/saml/SamlCallbackHandler.java | 6 +- .../apache/cxf/rt/security/xacml/DummyPDP.java | 11 +-- .../security/xacml/XACMLRequestBuilderTest.java | 16 ++-- .../ws/security/wss4j/SamlTokenInterceptor.java | 7 +- .../policyhandlers/AbstractBindingBuilder.java | 10 +- .../AbstractStaxBindingHandler.java | 6 +- .../AsymmetricBindingHandler.java | 6 +- .../policyhandlers/SymmetricBindingHandler.java | 4 +- .../policyhandlers/TransportBindingHandler.java | 6 +- .../DefaultClaimsPolicyValidator.java | 20 ++-- .../IssuedTokenPolicyValidator.java | 2 +- .../SamlTokenPolicyValidator.java | 2 +- .../wss4j/saml/SAML1CallbackHandler.java| 4 +- .../wss4j/saml/SAML2CallbackHandler.java| 4 +- .../apache/cxf/sts/claims/ClaimsManager.java| 24 ++--- .../token/delegation/SAMLDelegationHandler.java | 8 +- .../sts/token/provider/SAMLTokenProvider.java | 2 +- .../sts/token/provider/SamlCallbackHandler.java | 6 +- .../cxf/sts/token/renewer/SAMLTokenRenewer.java | 22 ++--- .../sts/token/validator/SAMLTokenValidator.java | 10 +- .../cxf/sts/common/CustomClaimsHandler.java | 13 +-- .../cxf/sts/token/provider/SAMLClaimsTest.java | 4 +- .../systest/sts/batch/SAMLBatchUnitTest.java| 2 +- .../cxf/systest/sts/claims/ClaimsValidator.java | 23 +++-- .../systest/sts/claims/StaxClaimsValidator.java | 22 ++--- .../sts/realms/DifferentRealmValidator.java | 2 +- .../sts/secure_conv/SCTSAMLTokenProvider.java | 2 +- .../sts/bearer/Saml2CallbackHandler.java| 4 +- .../OnBehalfOfValidator.java| 8 +- .../sts/sendervouches/Saml2CallbackHandler.java | 4 +- .../sts/username_actas/ActAsValidator.java | 9 +- services/xkms/pom.xml | 2 +- .../security/oauth2/SamlCallbackHandler.java| 4 +- .../security/oauth2/SamlCallbackHandler2.java | 4 +- .../security/saml/SamlCallbackHandler.java | 6 +- .../examples/saml/SamlCallbackHandler.java | 4 +- .../systest/ws/saml/CustomSaml2Validator.java | 4 +- .../ws/saml/PolicyDecisionPointMockImpl.java| 12 +-- .../ws/saml/client/SamlCallbackHandler.java | 6 +- .../ws/saml/client/SamlRoleCallbackHandler.java | 6 +- 67 files changed, 379 insertions(+), 372 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index 352244a..ce5d330 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -125,10 +125,8 @@ cxf.netty.version.range[4,5)/cxf.netty.version.range
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes b982cca14 - a3d605568 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8895ef30 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8895ef30 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8895ef30 Branch: refs/heads/3.0.x-fixes Commit: 8895ef30c74133f5da237a89343d88c53fe1338d Parents: b982cca Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 14:20:24 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 14:20:24 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8895ef30/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 0f538de..9f6381b 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -178,6 +178,7 @@ B d68f140c76cf7e390dfce134ea5c5d97f129e65d B d8a6bdbd2c84b3fa0187de935e294d5f66974e46 B d9f624e2eca8affa20243583ace087a8cbba3ac8 B df947cb1ca2b9e375f99e199ec65b1afece1c963 +B dfecaa60ea6082fda8f2959c083ba2f2f7a03112 B e242307ad8bbe53788f3e03e9e2f0ca977d01340 B e548a02fa04313fd1b6ec5d9ac78c774e8ad935a B e8514ea3f5fdf33b19d9ddc0639cc1aaf57e1f62
[2/2] cxf git commit: Adding a TODO
Adding a TODO
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a3d60556
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a3d60556
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a3d60556
Branch: refs/heads/3.0.x-fixes
Commit: a3d605568fb31fd5edf5de844a3aa503f3a91558
Parents: 8895ef3
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 14:21:32 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 14:21:32 2015 +
--
.../java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java | 3 +++
1 file changed, 3 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/a3d60556/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
index fde339c..a86ee61 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
@@ -64,6 +64,9 @@ public final class CryptoCoverageUtil {
*
* @param signedRefs references to the signed content in the message
* @param encryptedRefs references to the encrypted content in the message
+ *
+ * TODO Replace the isSignedEncryptionRef when we pick up WSS4J 2.0.5, and
directly
+ * check the encrypted Element instead of the WSDataRef (as per master
code)
*/
public static void reconcileEncryptedSignedRefs(final
CollectionWSDataRef signedRefs,
final CollectionWSDataRef encryptedRefs) {
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes eb67fb62f - 16f466dbe Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/16f466db Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/16f466db Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/16f466db Branch: refs/heads/2.7.x-fixes Commit: 16f466dbea31b06b88767717d5b69dadc01c0ebe Parents: eb67fb6 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 14:29:52 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 14:29:52 2015 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/16f466db/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index e42dae9..75d91ec 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1032,6 +1032,7 @@ B 885290da4c6f3c8426b1453903cb9308e44eed05 B 885d450243af92377f0d83d90c7a9dae124a4d2d B 887d71995728dbd2365017e17226fa457b5d6847 B 888bfa0ee1fcb1c649b8af7291bad431bb3f9474 +B 8895ef30c74133f5da237a89343d88c53fe1338d B 892913e71e5bed58419c953ca551a3d13bd7b22d B 893263d9f832d052c396d3532784c667c60c5037 B 893c217594426661cc10ef1418e31a8bb18266c7 @@ -1228,6 +1229,7 @@ B a312f2a028a3b085ef4401cc26d930de7ffeeab0 B a33670388cd4314a75bde41d98336446ea073d4e B a34df25e3a78d3a4cf5bb6fa8c51e82e489b614e B a3505225ee53bf7d25b25ac68687976f01347863 +B a3d605568fb31fd5edf5de844a3aa503f3a91558 B a3e071687de318c17e7543a56c773849b5fa1442 B a3f3df042f158b67426700c95a7be09bb764f3a7 B a45ef8e3fc44ceeb92068dca3d4b70d87c0a19ff
svn commit: r943700 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot
Date: Fri Mar 13 14:46:58 2015
New Revision: 943700
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 14:46:58
2015
@@ -32,6 +32,7 @@
link type=text/css rel=stylesheet
href=/resources/highlighter/styles/shThemeCXF.css
script src='/resources/highlighter/scripts/shCore.js'/script
+script src='/resources/highlighter/scripts/shBrushJava.js'/script
script src='/resources/highlighter/scripts/shBrushXml.js'/script
script
SyntaxHighlighter.defaults['toolbar'] = false;
@@ -117,22 +118,46 @@ Apache CXF -- JAX-RS JOSE
!-- Content --
div class=wiki-content
div id=ConfluenceContentp#160;/ppstyle
type=text/css/*![CDATA[*/
-div.rbtoc1426254394846 {padding: 0px;}
-div.rbtoc1426254394846 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1426254394846 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1426257993585 {padding: 0px;}
+div.rbtoc1426257993585 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1426257993585 li {margin-left: 0px;padding-left: 0px;}
-/*]]*//style/pdiv class=toc-macro rbtoc1426254394846
+/*]]*//style/pdiv class=toc-macro rbtoc1426257993585
ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect
href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia
shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a
ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect
href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect
href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect
href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect
href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul
-/lilia shape=rect href=#JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose
Filters/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and
Jose/a/lilia shape=rect
href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party
Alternatives/a/li/ul
+/lilia shape=rect href=#JAX-RSJOSE-JOSEJAX-RSFiltersJOSE JAX-RS
Filters/a/lilia shape=rect
href=#JAX-RSJOSE-ConfigurationConfiguration/a/lilia shape=rect
href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect
href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party
Alternatives/a/li/ul
/divh1 id=JAX-RSJOSE-IntroductionIntroduction/h1pCXF 3.0.x
implements a shape=rect class=external-link
href=https://datatracker.ietf.org/wg/jose/documents/;
rel=nofollowJOSE/a./ph1 id=JAX-RSJOSE-MavenDependenciesMaven
Dependencies/h1div class=code panel pdl style=border-width: 1px;div
class=codeContent panelContent pdl
script class=theme: Default; brush: xml; gutter: false
type=syntaxhighlighter![CDATA[lt;dependencygt;
lt;groupIdgt;org.apache.cxflt;/groupIdgt;
lt;artifactIdgt;cxf-rt-rs-security-joselt;/artifactIdgt;
- lt;versiongt;3.1.0lt;/versiongt;
+ lt;versiongt;3.0.4lt;/versiongt;
lt;/dependencygt;
]]/script
-/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE
Overview/h1pJOSE is a set of high quality specifications that specify how
data payloads can be signed and/or encrypted with the cryptographic properties
set in JSON-formatted metadata (headers)./ppNote that not only JSON
documents but also documents in the arbitrary formats can be secured: text,
binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced
OAuth2 applications but is also perfect at securing the regular HTTP web
service communications./pp#160;/ppAt the moment two signature and
encryption output formats are supported: compact and
JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded
JOSE headers (where the cryptographic signature or encryption properties are
set),/ppBase64URL-encoded payload (in the original form if it is signed,
otherwise - encrypted), plus Base64URL-encoded signature of the payload or some
of encryption process input or outpu
t data/ppsuch as an initialization vector, authentication tag,
etc./pp#160;/ppThe JSON (full) format is where all the information
describing a signature or encryption process is presented in a not-compact,
regular JSON document, offering a non-optimized but easier to understand
format./ppThe signature process also supports the detached body mode where
the body to be signed is not included in the actual output - assuming that both
the consumer and producer know how to access the original payload in order
to/ppvalidate the signature./pp#160;/ppThe following subsections
will have the examples
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 4efcd8bd4 - eb67fb62f Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/eb67fb62 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/eb67fb62 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/eb67fb62 Branch: refs/heads/2.7.x-fixes Commit: eb67fb62fd2cdbbf362e1a9f7f329f0d8ddf21d2 Parents: 4efcd8b Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 11:26:00 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 11:26:00 2015 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/eb67fb62/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index f9ff014..e42dae9 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -480,6 +480,7 @@ B 3c95b4b01da194ba34a2230dd00a2333d820464a B 3cd23910e77dfb21c9622cf96c5118765a79e03c B 3cd24f083d410f2335245a377f961b48341705fa B 3cd2f8f4a1c6786be106b8b1fb23ef62e77dc698 +B 3d1078b0717fec4e52d680bf9922e81f62702d63 B 3d635a7989366b61ce55231c82c8625aa75b8524 B 3d701b59b57942fa0800a54cd46e3f049208da71 B 3d7db466f8a2c5188a5d7038f9fbe8a633679750 @@ -1381,6 +1382,7 @@ B b94129cb0e36f42d5c30eb6fb22e76f0983aa6ea B b941cb80bc4f75ed3b02afa7c22e6847550cedc6 B b94ce41b14661f12e6ee74c07d7771f37d313c0a B b95949f1234d38622fb03373e5ac9b6acc550721 +B b982cca14cc95900e95f9baa4dab4f7e487a31b0 B ba3ffb12d7c745e757c0c585268c5ae95e91afeb B ba64841e79b28db920c3394c99c522dd22b556a2 B ba6e36261f7ceb37eabbc777ab45baf26e5cc2a9
cxf git commit: Removing jdk15 profile from pom
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 3d1078b07 - b982cca14
Removing jdk15 profile from pom
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b982cca1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b982cca1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b982cca1
Branch: refs/heads/3.0.x-fixes
Commit: b982cca14cc95900e95f9baa4dab4f7e487a31b0
Parents: 3d1078b
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 11:25:19 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 11:25:19 2015 +
--
.../src/main/release/samples/sts/pom.xml| 38
1 file changed, 38 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/b982cca1/distribution/src/main/release/samples/sts/pom.xml
--
diff --git a/distribution/src/main/release/samples/sts/pom.xml
b/distribution/src/main/release/samples/sts/pom.xml
index 58b7b42..f81e011 100644
--- a/distribution/src/main/release/samples/sts/pom.xml
+++ b/distribution/src/main/release/samples/sts/pom.xml
@@ -66,44 +66,6 @@
/build
profiles
profile
-idjdk15/id
-activation
-jdk1.5/jdk
-/activation
-build
-plugins
-plugin
-groupIdorg.apache.maven.plugins/groupId
-artifactIdmaven-dependency-plugin/artifactId
-executions
-execution
-idcreate-endorsed-dir/id
-phasevalidate/phase
-goals
-goalcopy/goal
-/goals
-configuration
-artifactItems
-artifactItem
-groupIdxerces/groupId
-artifactIdxercesImpl/artifactId
-
outputDirectory${basedir}/target/endorsed/outputDirectory
-/artifactItem
-artifactItem
-groupIdxml-apis/groupId
-artifactIdxml-apis/artifactId
-version1.3.04/version
-
outputDirectory${basedir}/target/endorsed/outputDirectory
-/artifactItem
-/artifactItems
-/configuration
-/execution
-/executions
-/plugin
-/plugins
-/build
-/profile
-profile
idsts/id
build
defaultGoaltest/defaultGoal
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 2aa1f7a2f - 3d1078b07 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3d1078b0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3d1078b0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3d1078b0 Branch: refs/heads/3.0.x-fixes Commit: 3d1078b0717fec4e52d680bf9922e81f62702d63 Parents: 2aa1f7a Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 11:09:28 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 11:09:28 2015 + -- .gitmergeinfo | 8 1 file changed, 8 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3d1078b0/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index d0ec1cc..0f538de 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -30,6 +30,8 @@ B 1e927cdfaafb2efc8d29184cb5b7b05ce3c3ad7f B 1f02b3d4f2c9d341046ce35222c8f4d7674b10b2 B 2004b1021ce0d0975eb49cae36416863bd8c59bb B 222137cb2ee577e6582a644b7ae73bbc0a75d4d1 +B 2426a0879b06cf6dea32004af16f96f793d568eb +B 24e330c8b6be65c98cd3914f6fe7498e980f4568 B 27c2c25dc3c2c3019543e31afdca7b166911f278 B 28e185b27e8c80cd773cac46d1b9b19529c4fab0 B 29f0620a9a025afcd2057cdf97c7d93caf6c179f @@ -94,12 +96,14 @@ B 71ced4709dedf62264a4bb630aaf4780cb94ce48 B 7456089088a21620ec75dc83fbb4b89ebdfd290e B 74a2e6f2b1d9787cc9b5cff4cc84e43cfccbfe94 B 75c69b27a7688dfac281d4acdcff3b0acc4c8bee +B 7737225402d3a7b2e669ee8ecf54de10af686f20 B 799c5389f754eb588f023b646b8983b50dde00be B 7cd4cf67ba5b8a0ddc36c8008bf096b469408f48 B 7d1f30f76d95f9eddf0bed995120c71bf1a393b3 B 7e318c4fbfae35680965082a491ca842a23ffd8c B 7e95279dd1170f5878687d7eea27f7d7f03a434b B 80014cf0e6fb1ba62ffdb3766acffd2130eef9d6 +B 80d7128a3ba1944a603c73e5e908d86c9bf27648 B 857b55796dc7fc2b302e26d99f84df1712ff9c58 B 85c06fc4d6a642627434785a2d228d3c08d68768 B 85d6e1a63c95088917853436fe1adcce4863ce6c @@ -124,6 +128,7 @@ B 96ed80508cf15f7dc8c2d5a73225a36dbc096ee2 B 970feeed0db20bfe9df5095b6b335146344c222c B 9896b920035a1d1be1aef28a1d1a5eb876445c82 B 99963f9a08c9782b7c661f2b5ff8e9ce95ab3dbe +B 9ae69b3b323f48de033f62be9fc2780f11b0c761 B 9b93ca4bda4ba8abce2e2248059f2ccfd35391b2 B 9dd4194ce6af00377b0e1bdc6b15744fe03e29c9 B 9dfb278c7739b9f4621f43b8146d057e21fafb64 @@ -169,10 +174,12 @@ B d3e9295d3acfe3c970a325bbbafdba83a0d6e83c B d50ffd09c30e606524fb6ed92119d85ccfa13491 B d54a21628143bc15f51cbe5d63fa42c09d0ab8ac B d5b502a60d2934a42e32cb6225224ff75c66aa37 +B d68f140c76cf7e390dfce134ea5c5d97f129e65d B d8a6bdbd2c84b3fa0187de935e294d5f66974e46 B d9f624e2eca8affa20243583ace087a8cbba3ac8 B df947cb1ca2b9e375f99e199ec65b1afece1c963 B e242307ad8bbe53788f3e03e9e2f0ca977d01340 +B e548a02fa04313fd1b6ec5d9ac78c774e8ad935a B e8514ea3f5fdf33b19d9ddc0639cc1aaf57e1f62 B e8b8e2bc1b5afa4ad93294ebe1bd723a5a4a8f64 B ea778c4f38f882dc97d23bd200683fd9d48b4718 @@ -193,6 +200,7 @@ B f97778f0c21a4dc0f083e840e8157fe2f8528d90 B fa37d8722d154bbdec9d2acf4da16a04db0a34f1 B fb94440f6f1d5c7c572b6c0163f275c95073b8ee B fb9d26581c364c62c7343847ebe4136b8c97700f +B fc78cd31869a4e580c4d2a9e7864ae6dae8c311b B fd3471e58e63ee672babc015ed0929f6cd6862dd B fe416234bab8af30f1789c3164ac256af86e3b62 B ff742436a3e177dc61106edf08f2509e727362dd
svn commit: r943707 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot
Date: Fri Mar 13 15:46:50 2015
New Revision: 943707
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 15:46:50
2015
@@ -118,14 +118,16 @@ Apache CXF -- JAX-RS JOSE
!-- Content --
div class=wiki-content
div id=ConfluenceContentp#160;/ppstyle
type=text/css/*![CDATA[*/
-div.rbtoc1426257993585 {padding: 0px;}
-div.rbtoc1426257993585 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1426257993585 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1426261585363 {padding: 0px;}
+div.rbtoc1426261585363 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1426261585363 li {margin-left: 0px;padding-left: 0px;}
-/*]]*//style/pdiv class=toc-macro rbtoc1426257993585
-ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect
href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia
shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a
-ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect
href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect
href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect
href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect
href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul
-/lilia shape=rect href=#JAX-RSJOSE-JOSEJAX-RSFiltersJOSE JAX-RS
Filters/a/lilia shape=rect
href=#JAX-RSJOSE-ConfigurationConfiguration/a/lilia shape=rect
href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect
href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party
Alternatives/a/li/ul
+/*]]*//style/pdiv class=toc-macro rbtoc1426261585363
+ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect
href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia
shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a/lilia
shape=rect href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia
shape=rect href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect
href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect
href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect
href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/lilia shape=rect
href=#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontentLinking JWT
authentications to JWS or JWE content/a/lilia shape=rect
href=#JAX-RSJOSE-JOSEJAX-RSFiltersJOSE JAX-RS Filters/a
+ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-JWEJWE/a/lilia shape=rect
href=#JAX-RSJOSE-JWSJWS/a/li/ul
+/lilia shape=rect href=#JAX-RSJOSE-ConfigurationConfiguration/a
+ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-EncryptingJWKstoresEncrypting JWK stores/a/li/ul
+/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and
Jose/a/lilia shape=rect href=#JAX-RSJOSE-OIDCandJoseOIDC and
Jose/a/lilia shape=rect href=#JAX-RSJOSE-FutureWorkFuture
Work/a/lilia shape=rect
href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party
Alternatives/a/li/ul
/divh1 id=JAX-RSJOSE-IntroductionIntroduction/h1pCXF 3.0.x
implements a shape=rect class=external-link
href=https://datatracker.ietf.org/wg/jose/documents/;
rel=nofollowJOSE/a./ph1 id=JAX-RSJOSE-MavenDependenciesMaven
Dependencies/h1div class=code panel pdl style=border-width: 1px;div
class=codeContent panelContent pdl
script class=theme: Default; brush: xml; gutter: false
type=syntaxhighlighter![CDATA[lt;dependencygt;
lt;groupIdgt;org.apache.cxflt;/groupIdgt;
@@ -133,7 +135,7 @@ div.rbtoc1426257993585 li {margin-left:
lt;versiongt;3.0.4lt;/versiongt;
lt;/dependencygt;
]]/script
-/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE
Overview/h1pJOSE is a set of high quality specifications that specify how
data payloads can be signed and/or encrypted with the cryptographic properties
set in JSON-formatted metadata (headers)./ppNote that not only JSON
documents but also documents in the arbitrary formats can be secured: text,
binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced
OAuth2 applications but is also perfect at securing the regular HTTP web
service communications./pp#160;/ppAt the moment two signature and
encryption output formats are supported: compact and
JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded
JOSE headers (where the cryptographic signature or encryption properties are
set),/ppBase64URL-encoded payload (in the original form if it is signed,
otherwise - encrypted), plus
cxf git commit: Refactoring of the CryptoCoverageChecker stuff
Repository: cxf
Updated Branches:
refs/heads/master e47f87b16 - dfecaa60e
Refactoring of the CryptoCoverageChecker stuff
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dfecaa60
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dfecaa60
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dfecaa60
Branch: refs/heads/master
Commit: dfecaa60ea6082fda8f2959c083ba2f2f7a03112
Parents: e47f87b
Author: Colm O hEigeartaigh cohei...@apache.org
Authored: Fri Mar 13 14:18:18 2015 +
Committer: Colm O hEigeartaigh cohei...@apache.org
Committed: Fri Mar 13 14:18:18 2015 +
--
.../security/wss4j/CryptoCoverageChecker.java | 59 --
.../ws/security/wss4j/CryptoCoverageUtil.java | 63 ++--
.../wss4j/PolicyBasedWSS4JInInterceptor.java| 2 +-
3 files changed, 29 insertions(+), 95 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/dfecaa60/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
--
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
index b5a0d97..9a71a9e 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
@@ -51,7 +51,6 @@ import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
/**
* Utility to enable the checking of WS-Security signature/encryption
@@ -66,12 +65,12 @@ public class CryptoCoverageChecker extends
AbstractSoapInterceptor {
* that must be covered. See {@link #prefixMap}
* for namespace prefixes available.
*/
-protected ListXPathExpression xPaths = new ArrayListXPathExpression();
+protected ListXPathExpression xPaths = new ArrayList();
/**
* Mapping of namespace prefixes to namespace URIs.
*/
-protected MapString, String prefixMap = new HashMapString, String();
+protected MapString, String prefixMap = new HashMap();
private boolean checkFaults = true;
@@ -132,43 +131,33 @@ public class CryptoCoverageChecker extends
AbstractSoapInterceptor {
throw new SoapFault(Error obtaining SOAP document,
Fault.FAULT_CODE_CLIENT);
}
-final CollectionWSDataRef signed = new HashSetWSDataRef();
-final CollectionWSDataRef encrypted = new HashSetWSDataRef();
+final CollectionWSDataRef signed = new HashSet();
+final CollectionWSDataRef encrypted = new HashSet();
ListWSHandlerResult results = CastUtils.cast(
(List?) message.get(WSHandlerConstants.RECV_RESULTS));
-for (final WSHandlerResult wshr : results) {
-final ListWSSecurityEngineResult wsSecurityEngineSignResults =
-WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
WSConstants.SIGN);
-
-final ListWSSecurityEngineResult wsSecurityEngineEncResults =
-WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
WSConstants.ENCR);
-
-for (WSSecurityEngineResult wser : wsSecurityEngineSignResults) {
-
-ListWSDataRef sl = CastUtils.cast((List?) wser
-.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
-if (sl != null) {
-if (sl.size() == 1
- sl.get(0).getName().equals(new
QName(WSConstants.SIG_NS, WSConstants.SIG_LN))) {
-//endorsing the signature so don't include
-break;
-}
-
-for (WSDataRef r : sl) {
-signed.add(r);
+// Get all encrypted and signed references
+for (WSHandlerResult wshr : results) {
+for (WSSecurityEngineResult result : wshr.getResults()) {
+Integer actInt =
(Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
+if (actInt == WSConstants.SIGN) {
+ListWSDataRef sl =
+
CastUtils.cast((List?)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+if (sl != null) {
+if (sl.size() == 1
+ sl.get(0).getName().equals(new
QName(WSConstants.SIG_NS, WSConstants.SIG_LN))) {
+
svn commit: r943695 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot
Date: Fri Mar 13 13:47:00 2015
New Revision: 943695
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 13:47:00
2015
@@ -117,11 +117,11 @@ Apache CXF -- JAX-RS JOSE
!-- Content --
div class=wiki-content
div id=ConfluenceContentp#160;/ppstyle
type=text/css/*![CDATA[*/
-div.rbtoc1426247209546 {padding: 0px;}
-div.rbtoc1426247209546 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1426247209546 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1426254394846 {padding: 0px;}
+div.rbtoc1426254394846 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1426254394846 li {margin-left: 0px;padding-left: 0px;}
-/*]]*//style/pdiv class=toc-macro rbtoc1426247209546
+/*]]*//style/pdiv class=toc-macro rbtoc1426254394846
ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect
href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia
shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a
ul class=toc-indentationlia shape=rect
href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect
href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect
href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect
href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect
href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul
/lilia shape=rect href=#JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose
Filters/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and
Jose/a/lilia shape=rect
href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party
Alternatives/a/li/ul
@@ -132,7 +132,7 @@ div.rbtoc1426247209546 li {margin-left:
lt;versiongt;3.1.0lt;/versiongt;
lt;/dependencygt;
]]/script
-/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE
Overview/h1pJOSE is a set of high quality specifications that specify how
data payloads can be signed and/or encrypted with the cryptographic properties
set in JSON-formatted metadata (headers)./ppNote that not only JSON
documents but also documents in the arbitrary formats can be secured: text,
binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced
OAuth2 applications but is also perfect at securing the regular HTTP web
service communications./pp#160;/ppAt the moment two signature and
encryption output formats are supported: compact and
JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded
JOSE headers (where the cryptographic signature or encryption properties are
set),/ppBase64URL-encoded payload (in the original form if it is signed,
otherwise - encrypted), plus Base64URL-encoded signature of the payload or some
of encryption process input or outpu
t data/ppsuch as an initialization vector, authentication tag,
etc./pp#160;/ppThe JSON (full) format is where all the information
describing a signature or encryption process is presented in a not-compact,
regular JSON document, offering a non-optimized but easier to understand
format./ppThe signature process also supports the detached body mode where
the body to be signed is not included in the actual output - assuming that both
the consumer and producer know how to access the original payload in order
to/ppvalidate the signature./pp#160;/ppThe following subsections
will have the examples with more details./ph2
id=JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/h2h2
id=JAX-RSJOSE-JWKKeysJWK Keys/h2h2 id=JAX-RSJOSE-JWSSignatureJWS
Signature/h2p#160;/ph2 id=JAX-RSJOSE-JSONEncryptionJSON
Encryption/h2h2 id=JAX-RSJOSE-JSONWebTokensJSON Web
Tokens/h2p#160;/ph1 id=JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose
Filters/h1p#1
60;/ph1 id=JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/h1p#160;/ph1
id=JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/h1pJose4J.
Etc./pp#160;/p/div
+/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE
Overview/h1pJOSE is a set of high quality specifications that specify how
data payloads can be signed and/or encrypted with the cryptographic properties
set in JSON-formatted metadata (headers)./ppNote that not only JSON
documents but also documents in the arbitrary formats can be secured: text,
binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced
OAuth2 applications but is also perfect at securing the regular HTTP web
service communications./pp#160;/ppAt the moment two signature and
encryption output formats are supported: compact and
JSON./pp#160;/ppCompact format is a concatenation of
