[1/3] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 16f466dbe - 1798afb80 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/baeea673 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/baeea673 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/baeea673 Branch: refs/heads/2.7.x-fixes Commit: baeea673f2dc70e75b816a6d4beb216c7e8dbe6a Parents: 80cdbd7 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 17:23:41 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 17:23:41 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/baeea673/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 75d91ec..8f66ef3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -2638,6 +2638,7 @@ M f5684767d04676304063edecacf8d72896f1524c M f57a75aa40be9ab959ae1fade89c2803f2a5b45e M f584187d09471f28578854e288a7c7d612ea82bc M f5a82c1c393775334725b9de61b94f492cdd1f2f +M f5b751cc44cde43f9bd776fd1f7504c9b7fc54e3 M f61876836d11eb04b47a647a20e6a1d504e93671 M f678cdd89d1ba6be3b5113743cfa5859806ba99a M f68f775a7b95a268e66ebbc832d1f8a30c9ac240
[3/3] cxf git commit: Fixing merge
Fixing merge Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1798afb8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1798afb8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1798afb8 Branch: refs/heads/2.7.x-fixes Commit: 1798afb80ccc53fd6c76b5352372c5d80f55754d Parents: baeea67 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 17:26:10 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 17:26:10 2015 + -- .../apache/cxf/configuration/jsse/SSLUtils.java | 25 +- .../apache/cxf/configuration/jsse/SSLUtils.java | 742 --- .../https/ciphersuites/CipherSuitesTest.java| 418 --- .../ciphersuites-explicit-client.xml| 37 - .../https/ciphersuites/ciphersuites-server.xml | 117 --- 5 files changed, 14 insertions(+), 1325 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java -- diff --git a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index 81994f8..4b0bee1 100644 --- a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -452,17 +452,21 @@ public final class SSLUtils { String[] supportedCipherSuites, FiltersType filters, Logger log, boolean exclude) { -String[] cipherSuites = null; -if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { -cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude); -return cipherSuites; -} +// First check the include case only. If we have defined explicit cipherSuite +// configuration, then just return these. Otherwise see if we have defined ciphersuites +// via a system property. if (!exclude) { -cipherSuites = getSystemCiphersuites(log); -if (cipherSuites != null) { -return cipherSuites; +if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { +return getCiphersFromList(cipherSuitesList, log, exclude); +} else { +String[] cipherSuites = getSystemCiphersuites(log); +if (cipherSuites != null) { +return cipherSuites; +} } } + +// Otherwise check the include/exclude cipherSuiteFilter configuration LogUtils.log(log, Level.FINE, CIPHERSUITES_NOT_SET); if (filters == null) { LogUtils.log(log, Level.FINE, CIPHERSUITE_FILTERS_NOT_SET); @@ -502,11 +506,10 @@ public final class SSLUtils { CIPHERSUITES_EXCLUDED, excludedCipherSuites); if (exclude) { -cipherSuites = getCiphersFromList(excludedCipherSuites, log, exclude); +return getCiphersFromList(excludedCipherSuites, log, exclude); } else { -cipherSuites = getCiphersFromList(filteredCipherSuites, log, exclude); +return getCiphersFromList(filteredCipherSuites, log, exclude); } -return cipherSuites; } private static String[] getSystemCiphersuites(Logger log) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java deleted file mode 100644 index ebae85d..000 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ /dev/null @@ -1,742 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * License); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations
cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Repository: cxf Updated Branches: refs/heads/master dfecaa60e - 99b13f1da [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99b13f1d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99b13f1d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99b13f1d Branch: refs/heads/master Commit: 99b13f1da6998678d2af2e928e04ebad8e121fa3 Parents: dfecaa6 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 17:16:56 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 17:16:56 2015 + -- .../apache/cxf/configuration/jsse/SSLUtils.java | 27 -- .../https/ciphersuites/CipherSuitesTest.java| 27 +- .../ciphersuites-explicit-client.xml| 37 .../https/ciphersuites/ciphersuites-server.xml | 21 +++ 4 files changed, 100 insertions(+), 12 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index b656820..1023f31 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -430,17 +430,23 @@ public final class SSLUtils { String[] supportedCipherSuites, FiltersType filters, Logger log, boolean exclude) { -String[] cipherSuites = null; -if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { -cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude); -return cipherSuites; -} + +// First check the include case only. If we have defined explicit cipherSuite +// configuration, then just return these. Otherwise see if we have defined ciphersuites +// via a system property. if (!exclude) { -cipherSuites = getSystemCiphersuites(log); -if (cipherSuites != null) { -return cipherSuites; +if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { +return getCiphersFromList(cipherSuitesList, log, exclude); +} else { +String[] cipherSuites = getSystemCiphersuites(log); +if (cipherSuites != null) { +return cipherSuites; +} } } + +// Otherwise check the include/exclude cipherSuiteFilter configuration + LogUtils.log(log, Level.FINE, CIPHERSUITES_NOT_SET); if (filters == null) { LogUtils.log(log, Level.FINE, CIPHERSUITE_FILTERS_NOT_SET); @@ -480,11 +486,10 @@ public final class SSLUtils { CIPHERSUITES_EXCLUDED, excludedCipherSuites); if (exclude) { -cipherSuites = getCiphersFromList(excludedCipherSuites, log, exclude); +return getCiphersFromList(excludedCipherSuites, log, exclude); } else { -cipherSuites = getCiphersFromList(filteredCipherSuites, log, exclude); +return getCiphersFromList(filteredCipherSuites, log, exclude); } -return cipherSuites; } private static String[] getSystemCiphersuites(Logger log) { http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java -- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java index f37b1f9..3a93002 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java @@ -38,6 +38,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(CipherSuitesServer.class); static final String PORT2 = allocatePort(CipherSuitesServer.class, 2); static final String PORT3 = allocatePort(CipherSuitesServer.class, 3); +static final String PORT4 = allocatePort(CipherSuitesServer.class, 4); @BeforeClass public static void startServers() throws Exception { @@ -105,6
cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes a3d605568 - f5b751cc4 [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5b751cc Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5b751cc Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5b751cc Branch: refs/heads/3.0.x-fixes Commit: f5b751cc44cde43f9bd776fd1f7504c9b7fc54e3 Parents: a3d6055 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 17:16:56 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 17:17:59 2015 + -- .../apache/cxf/configuration/jsse/SSLUtils.java | 27 -- .../https/ciphersuites/CipherSuitesTest.java| 27 +- .../ciphersuites-explicit-client.xml| 37 .../https/ciphersuites/ciphersuites-server.xml | 21 +++ 4 files changed, 100 insertions(+), 12 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f5b751cc/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index 534c256..ebae85d 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -454,17 +454,23 @@ public final class SSLUtils { String[] supportedCipherSuites, FiltersType filters, Logger log, boolean exclude) { -String[] cipherSuites = null; -if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { -cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude); -return cipherSuites; -} + +// First check the include case only. If we have defined explicit cipherSuite +// configuration, then just return these. Otherwise see if we have defined ciphersuites +// via a system property. if (!exclude) { -cipherSuites = getSystemCiphersuites(log); -if (cipherSuites != null) { -return cipherSuites; +if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { +return getCiphersFromList(cipherSuitesList, log, exclude); +} else { +String[] cipherSuites = getSystemCiphersuites(log); +if (cipherSuites != null) { +return cipherSuites; +} } } + +// Otherwise check the include/exclude cipherSuiteFilter configuration + LogUtils.log(log, Level.FINE, CIPHERSUITES_NOT_SET); if (filters == null) { LogUtils.log(log, Level.FINE, CIPHERSUITE_FILTERS_NOT_SET); @@ -504,11 +510,10 @@ public final class SSLUtils { CIPHERSUITES_EXCLUDED, excludedCipherSuites); if (exclude) { -cipherSuites = getCiphersFromList(excludedCipherSuites, log, exclude); +return getCiphersFromList(excludedCipherSuites, log, exclude); } else { -cipherSuites = getCiphersFromList(filteredCipherSuites, log, exclude); +return getCiphersFromList(filteredCipherSuites, log, exclude); } -return cipherSuites; } private static String[] getSystemCiphersuites(Logger log) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f5b751cc/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java -- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java index f37b1f9..3a93002 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java @@ -38,6 +38,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(CipherSuitesServer.class); static final String PORT2 = allocatePort(CipherSuitesServer.class, 2); static final String PORT3 = allocatePort(CipherSuitesServer.class, 3); +static final String PORT4 = allocatePort(CipherSuitesServer.class, 4); @BeforeClass public static void startServers() throws Exception {
[2/3] cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers Conflicts: core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/80cdbd72 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/80cdbd72 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/80cdbd72 Branch: refs/heads/2.7.x-fixes Commit: 80cdbd72891c028d331bd365398cd8ea2843b1bf Parents: 16f466d Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 17:16:56 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 17:23:41 2015 + -- .../apache/cxf/configuration/jsse/SSLUtils.java | 742 +++ .../https/ciphersuites/CipherSuitesTest.java| 418 +++ .../ciphersuites-explicit-client.xml| 37 + .../https/ciphersuites/ciphersuites-server.xml | 117 +++ 4 files changed, 1314 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/80cdbd72/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java new file mode 100644 index 000..ebae85d --- /dev/null +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -0,0 +1,742 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.configuration.jsse; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.DataInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.lang.reflect.Method; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; + +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.common.util.SystemPropertyAction; +import org.apache.cxf.configuration.security.FiltersType; + + +/** + * Holder for utility methods related to manipulating SSL settings, common + * to the connection and listener factories (previously duplicated). + */ +public final class SSLUtils { + +static final String PKCS12_TYPE = PKCS12; + +private static final String DEFAULT_KEYSTORE_TYPE = PKCS12; +private static final String DEFAULT_TRUST_STORE_TYPE = JKS; +private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = TLSv1; +private static final String CERTIFICATE_FACTORY_TYPE = X.509; + +private static final String HTTPS_CIPHER_SUITES = https.cipherSuites; + +private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false; +private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true; + +private static final ListString DEFAULT_CIPHERSUITE_FILTERS_INCLUDE = +Arrays.asList(new String[] {.*}); +/** + * By default, exclude NULL, anon, EXPORT, DES ciphersuites + */ +private static final ListString DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE = +Arrays.asList(new String[] {.*_NULL_.*, +.*_anon_.*, +.*_EXPORT_.*, +.*_DES_.*}); + +private static volatile
cxf git commit: Updates to get the new wss4j stuff installed in OSGi. (may not work yet)
Repository: cxf Updated Branches: refs/heads/master 99b13f1da - d1c7f1f6b Updates to get the new wss4j stuff installed in OSGi. (may not work yet) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d1c7f1f6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d1c7f1f6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d1c7f1f6 Branch: refs/heads/master Commit: d1c7f1f6be4ce14bd0e99ec9672d9c1957515f35 Parents: 99b13f1 Author: Daniel Kulp dk...@apache.org Authored: Fri Mar 13 14:14:32 2015 -0400 Committer: Daniel Kulp dk...@apache.org Committed: Fri Mar 13 14:14:53 2015 -0400 -- osgi/karaf/features/src/main/resources/features.xml | 1 + parent/pom.xml | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d1c7f1f6/osgi/karaf/features/src/main/resources/features.xml -- diff --git a/osgi/karaf/features/src/main/resources/features.xml b/osgi/karaf/features/src/main/resources/features.xml index 74ca7fa..f7052ff 100644 --- a/osgi/karaf/features/src/main/resources/features.xml +++ b/osgi/karaf/features/src/main/resources/features.xml @@ -56,6 +56,7 @@ bundle start-level=25 dependency=truemvn:joda-time/joda-time/${cxf.joda.time.version}/bundle bundle start-level=25 dependency=truemvn:commons-codec/commons-codec/${cxf.commons-codec.version}/bundle bundle start-level=25 dependency=truemvn:org.apache.santuario/xmlsec/${cxf.xmlsec.bundle.version}/bundle +bundle start-level=25 dependency=truemvn:com.google.guava/guava/${cxf.guava.version}/bundle bundle start-level=25 dependency=truemvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.opensaml/${cxf.opensaml.osgi.version}/bundle bundle start-level=25mvn:org.jvnet.staxex/stax-ex/${cxf.stax-ex.version}/bundle bundle start-level=25mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.saaj-impl/${cxf.saaj-impl.bundle.version}/bundle http://git-wip-us.apache.org/repos/asf/cxf/blob/d1c7f1f6/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index bed6fc1..83a9de6 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -81,6 +81,7 @@ cxf.derby.version10.2.2.0/cxf.derby.version cxf.ehcache.version2.9.0/cxf.ehcache.version cxf.fastinfoset.bundle.version1.2.13_1/cxf.fastinfoset.bundle.version +cxf.guava.version18.0/cxf.guava.version cxf.hazelcast.version1.9.4/cxf.hazelcast.version cxf.httpcomponents.asyncclient.version4.0.2/cxf.httpcomponents.asyncclient.version cxf.httpcomponents.asyncclient.version.range[4.0,4.1)/cxf.httpcomponents.asyncclient.version.range @@ -106,7 +107,7 @@ cxf.jaxb.impl.version${cxf.jaxb.version}/cxf.jaxb.impl.version cxf.jaxb.core.version${cxf.jaxb.version}/cxf.jaxb.core.version cxf.jaxb.xjc.version${cxf.jaxb.version}/cxf.jaxb.xjc.version -cxf.joda.time.version2.2/cxf.joda.time.version +cxf.joda.time.version2.7/cxf.joda.time.version cxf.jdom.version1.0/cxf.jdom.version cxf.jettison.version1.3.7/cxf.jettison.version cxf.jetty8.version8.1.15.v20140411/cxf.jetty8.version @@ -124,7 +125,7 @@ cxf.oauth.bundle.version20100527_1/cxf.oauth.bundle.version cxf.oauth.version20100527/cxf.oauth.version cxf.opensaml.version3.1.0/cxf.opensaml.version -cxf.opensaml.osgi.version3.1.0_1/cxf.opensaml.osgi.version +cxf.opensaml.osgi.version3.1.0_1-SNAPSHOT/cxf.opensaml.osgi.version cxf.rhino.version1.7R2/cxf.rhino.version cxf.servlet-api.grouporg.apache.geronimo.specs/cxf.servlet-api.group cxf.servlet-api.artifactgeronimo-servlet_3.0_spec/cxf.servlet-api.artifact
cxf git commit: [CXF-6294] - Cannot activate TLSv1.2 cipher suites on client on Java7 - Adding a test
Repository: cxf Updated Branches: refs/heads/master d1c7f1f6b - 08f376bdf [CXF-6294] - Cannot activate TLSv1.2 cipher suites on client on Java7 - Adding a test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/08f376bd Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/08f376bd Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/08f376bd Branch: refs/heads/master Commit: 08f376bdfd744b99132387076f3fc61167a330ec Parents: d1c7f1f Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 18:46:23 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 18:46:23 2015 + -- .../https/SSLSocketFactoryWrapper.java | 17 - .../https/ciphersuites/CipherSuitesTest.java| 25 - .../ciphersuites/ciphersuites-client-tlsv12.xml | 37 3 files changed, 70 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/08f376bd/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java index 6f58e4a..4e635f0 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java @@ -23,7 +23,6 @@ import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; - import java.util.ArrayList; import java.util.List; import java.util.logging.Handler; @@ -97,19 +96,21 @@ class SSLSocketFactoryWrapper extends SSLSocketFactory { private Socket enableCipherSuites(Socket s, Object[] logParams) { SSLSocket socket = (SSLSocket)s; -if ((socket != null) (ciphers != null)) { -socket.setEnabledCipherSuites(ciphers); +if (socket == null) { +LogUtils.log(LOG, Level.SEVERE, + PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET, + logParams); +return socket; } -if ((socket != null) (protocol != null)) { + +if (protocol != null) { String p[] = findProtocols(protocol, socket.getSupportedProtocols()); if (p != null) { socket.setEnabledProtocols(p); } } -if (socket == null) { -LogUtils.log(LOG, Level.SEVERE, - PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET, - logParams); +if (ciphers != null) { +socket.setEnabledCipherSuites(ciphers); } return socket; http://git-wip-us.apache.org/repos/asf/cxf/blob/08f376bd/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java -- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java index 3a93002..a1002e3 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java @@ -414,5 +414,28 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)port).close(); bus.shutdown(true); } - + +// Both client + server include AES, client enables a TLS v1.2 CipherSuite +@org.junit.Test +public void testAESIncludedTLSv12() throws Exception { +SpringBusFactory bf = new SpringBusFactory(); +URL busFile = CipherSuitesTest.class.getResource(ciphersuites-client-tlsv12.xml); + +Bus bus = bf.createBus(busFile.toString()); +SpringBusFactory.setDefaultBus(bus); +SpringBusFactory.setThreadDefaultBus(bus); + +URL url = SOAPService.WSDL_LOCATION; +SOAPService service = new SOAPService(url, SOAPService.SERVICE); +assertNotNull(Service is null, service); +final Greeter port = service.getHttpsPort(); +assertNotNull(Port is null, port); + +updateAddressPort(port, PORT); + +assertEquals(port.greetMe(Kitty), Hello Kitty); + +((java.io.Closeable)port).close(); +bus.shutdown(true); +} }
cxf git commit: Disable test when unlimited security policies are not installed
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes f5b751cc4 - abe4cba67 Disable test when unlimited security policies are not installed Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/abe4cba6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/abe4cba6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/abe4cba6 Branch: refs/heads/3.0.x-fixes Commit: abe4cba67337556651787d3e14f3ecf472cd7f80 Parents: f5b751c Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 23:14:10 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 23:14:10 2015 + -- .../https/ciphersuites/CipherSuitesTest.java| 28 1 file changed, 28 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/abe4cba6/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java -- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java index 3a93002..a0cad91 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java @@ -21,6 +21,9 @@ package org.apache.cxf.systest.https.ciphersuites; import java.net.URL; +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; import javax.xml.ws.BindingProvider; import org.apache.cxf.Bus; @@ -40,6 +43,27 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase { static final String PORT3 = allocatePort(CipherSuitesServer.class, 3); static final String PORT4 = allocatePort(CipherSuitesServer.class, 4); +private static final boolean UNRESTRICTED_POLICIES_INSTALLED; +static { +boolean ok = false; +try { +byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; + +SecretKey key192 = new SecretKeySpec( +new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, +0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}, +AES); +Cipher c = Cipher.getInstance(AES); +c.init(Cipher.ENCRYPT_MODE, key192); +c.doFinal(data); +ok = true; +} catch (Exception e) { +// +} +UNRESTRICTED_POLICIES_INSTALLED = ok; +} + @BeforeClass public static void startServers() throws Exception { assertTrue( @@ -109,6 +133,10 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase { // Both client + server include a specific AES CipherSuite (not via a filter) @org.junit.Test public void testAESIncludedExplicitly() throws Exception { + +if (!UNRESTRICTED_POLICIES_INSTALLED) { +return; +} SpringBusFactory bf = new SpringBusFactory(); URL busFile = CipherSuitesTest.class.getResource(ciphersuites-explicit-client.xml);
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 1798afb80 - 566787ec5 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/566787ec Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/566787ec Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/566787ec Branch: refs/heads/2.7.x-fixes Commit: 566787ec5cc6b9519e575df6434e212ff384c85a Parents: 1798afb Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 23:18:09 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 23:18:09 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/566787ec/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 8f66ef3..c41ca79 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1279,6 +1279,7 @@ B aab6216c1a32ce7f37792066b4dbbbe9ca04b90e B ab1cd2bba38e4209991bd108158a08036f097b5e B ab5e64e0414bcbe0e8a5c5b8575289db816acccb B ab8818b7c15adb227e9e4bfb7ed4293bffcfa3eb +B abe4cba67337556651787d3e14f3ecf472cd7f80 B abe5b35ec859a2bae12c44bb4a7a8f1a118c6cf6 B abfbb35df11021077417e1ac631ed3315c9b625b B ac2f3f8c4f435ee71f5a7bc27f2d934a24628732
[2/2] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2aa1f7a2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2aa1f7a2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2aa1f7a2 Branch: refs/heads/3.0.x-fixes Commit: 2aa1f7a2f469026f385c1d64b572f1caf4f64b6c Parents: 58f924e Author: Alessio Soldano asold...@redhat.com Authored: Fri Mar 13 08:48:24 2015 +0100 Committer: Alessio Soldano asold...@redhat.com Committed: Fri Mar 13 08:48:24 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2aa1f7a2/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 9a7f1e8..d0ec1cc 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -262,6 +262,7 @@ M bee82ba7d1766b555d965a75b3846ead4686239e M c1c75b039df7bd1ca9f11ff21f16593fed0c8c16 M c34bf7ad6bc55b6584dfd009f49a3f4eb8ececc9 M c55664128b1223667dedacc2011ccd5945d9c8b9 +M c5dbb84ac4e5bf73555e85ae1e65a5065393c602 M c72cac8cbd73d92a9e0264c816176c2a33dcbcf2 M cda58270486b4d394b98a1a1a1d5bfcb366af2c1 M d2dec5b87788b8cb5059d3719cf3dfd7135a1280
[1/2] cxf git commit: [CXF-6295] create Validator instance when a string with class name is provided
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 4d7bae999 - 2aa1f7a2f [CXF-6295] create Validator instance when a string with class name is provided Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/58f924e9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/58f924e9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/58f924e9 Branch: refs/heads/3.0.x-fixes Commit: 58f924e9a0957083bcbb97aca5985e6fde2b74f9 Parents: 4d7bae9 Author: Alessio Soldano asold...@redhat.com Authored: Thu Mar 12 22:57:33 2015 +0100 Committer: Alessio Soldano asold...@redhat.com Committed: Fri Mar 13 08:46:35 2015 +0100 -- .../wss4j/UsernameTokenInterceptor.java | 29 ++-- 1 file changed, 27 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/58f924e9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index 96f0ac8..e9e3c52 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -31,6 +31,7 @@ import javax.xml.namespace.QName; import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.CastUtils; @@ -205,8 +206,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { return getCallback(message); } public Validator getValidator(QName qName) throws WSSecurityException { -Object validator = - message.getContextualProperty(SecurityConstants.USERNAME_TOKEN_VALIDATOR); +Object validator = loadValidator(SecurityConstants.USERNAME_TOKEN_VALIDATOR, message); if (validator == null) { return super.getValidator(qName); } @@ -236,6 +236,31 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex); } } + +private Validator loadValidator(String validatorKey, SoapMessage message) throws WSSecurityException { +Object o = message.getContextualProperty(validatorKey); +if (o == null) { +return null; +} +try { +if (o instanceof Validator) { +return (Validator)o; +} else if (o instanceof Class) { +return (Validator)((Class?)o).newInstance(); +} else if (o instanceof String) { +return (Validator)ClassLoaderUtils.loadClass(o.toString(), + UsernameTokenInterceptor.class) + .newInstance(); +} else { +throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, + Cannot load Validator: + o); +} +} catch (RuntimeException t) { +throw t; +} catch (Exception ex) { +throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); +} +} protected UsernameTokenPrincipal parseTokenAndCreatePrincipal(Element tokenElement, boolean bspCompliant) throws WSSecurityException, Base64DecodingException {
cxf git commit: Corrected groupId for logging
Repository: cxf Updated Branches: refs/heads/master c5dbb84ac - 26762a780 Corrected groupId for logging Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/26762a78 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/26762a78 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/26762a78 Branch: refs/heads/master Commit: 26762a780f4dd498d9304f70072f1bd339223d8a Parents: c5dbb84 Author: Christian Schneider ch...@die-schneider.net Authored: Fri Mar 13 10:53:57 2015 +0100 Committer: Christian Schneider ch...@die-schneider.net Committed: Fri Mar 13 10:56:21 2015 +0100 -- rt/features/logging/pom.xml | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/26762a78/rt/features/logging/pom.xml -- diff --git a/rt/features/logging/pom.xml b/rt/features/logging/pom.xml index 261837f..48f95bd 100644 --- a/rt/features/logging/pom.xml +++ b/rt/features/logging/pom.xml @@ -9,7 +9,6 @@ version3.1.0-SNAPSHOT/version relativePath../../../parent/pom.xml/relativePath /parent -groupIdorg.apache.cxf.ext/groupId artifactIdcxf-rt-features-logging/artifactId packagingbundle/packaging
[05/10] cxf git commit: Minor change
Minor change Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9ae69b3b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9ae69b3b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9ae69b3b Branch: refs/heads/master Commit: 9ae69b3b323f48de033f62be9fc2780f11b0c761 Parents: 7737225 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Tue Mar 3 14:31:39 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Tue Mar 3 14:31:39 2015 + -- .../java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9ae69b3b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index 4e20831..79cb6da 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -26,6 +26,7 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; +import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Set; @@ -541,7 +542,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { */ ListWSHandlerResult results = CastUtils.cast((List?)msg.get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { -results = new ArrayListWSHandlerResult(); +results = new LinkedListWSHandlerResult(); msg.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
[07/10] cxf git commit: More refactoring
More refactoring Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/24e330c8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/24e330c8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/24e330c8 Branch: refs/heads/master Commit: 24e330c8b6be65c98cd3914f6fe7498e980f4568 Parents: d68f140 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Tue Mar 10 13:24:13 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Tue Mar 10 13:24:13 2015 + -- .../wss4j/policyhandlers/AbstractBindingBuilder.java | 15 +++ .../policyhandlers/AsymmetricBindingHandler.java | 4 ++-- .../policyhandlers/SymmetricBindingHandler.java | 5 +++-- .../policyhandlers/TransportBindingHandler.java | 6 -- .../ws/security/wss4j/SignatureConfirmationTest.java | 6 +++--- 5 files changed, 19 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/24e330c8/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 69a6e88..7dd95af 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -22,6 +22,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; import java.net.URL; import java.security.cert.X509Certificate; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.Date; import java.util.HashSet; @@ -164,7 +165,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle protected SetWSEncryptionPart encryptedTokensList = new HashSetWSEncryptionPart(); -protected Listbyte[] signatures = new ArrayListbyte[](); +protected SetInteger signatures = new HashSet(); protected Element bottomUpElement; protected Element topDownElement; @@ -1829,7 +1830,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle ListReference referenceList = sig.addReferencesToSign(sigParts, secHeader); sig.computeSignature(referenceList, false, null); -signatures.add(sig.getSignatureValue()); +addSig(sig.getSignatureValue()); if (isSigProtect) { WSEncryptionPart part = new WSEncryptionPart(sig.getId(), Element); encryptedTokensList.add(part); @@ -1966,7 +1967,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle //Do signature dkSign.computeSignature(referenceList, false, null); -signatures.add(dkSign.getSignatureValue()); +addSig(dkSign.getSignatureValue()); } private void doSymmSignature(AbstractToken policyToken, SecurityToken tok, @@ -2032,7 +2033,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle //Do signature sig.computeSignature(referenceList, false, null); -signatures.add(sig.getSignatureValue()); +addSig(sig.getSignatureValue()); } protected void addSupportingTokens(ListWSEncryptionPart sigs) throws WSSecurityException { @@ -2241,4 +2242,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } } + +protected void addSig(byte[] val) { +if (val != null val.length 0) { +signatures.add(Arrays.hashCode(val)); +} +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/24e330c8/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index fc3aa8b..67d7afe 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -665,7 +665,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
[04/10] cxf git commit: Using a new CXFCallbackLookup
Using a new CXFCallbackLookup Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/77372254 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/77372254 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/77372254 Branch: refs/heads/master Commit: 7737225402d3a7b2e669ee8ecf54de10af686f20 Parents: 80d7128 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Tue Feb 24 16:02:16 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Tue Feb 24 16:02:16 2015 + -- .../ws/security/wss4j/CXFCallbackLookup.java| 50 .../wss4j/PolicyBasedWSS4JOutInterceptor.java | 27 ++- .../ws/security/wss4j/WSS4JInInterceptor.java | 5 ++ .../policyhandlers/AbstractBindingBuilder.java | 23 +++-- .../AsymmetricBindingHandler.java | 5 +- .../policyhandlers/SymmetricBindingHandler.java | 11 +++-- .../policyhandlers/TransportBindingHandler.java | 5 +- 7 files changed, 107 insertions(+), 19 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java new file mode 100644 index 000..be8dbe0 --- /dev/null +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CXFCallbackLookup.java @@ -0,0 +1,50 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import org.apache.wss4j.dom.message.DOMCallbackLookup; +import org.apache.wss4j.dom.util.WSSecurityUtil; + +/** + * This class uses a DOM-based approach to locate Elements that are referenced via an Id. + */ +public class CXFCallbackLookup extends DOMCallbackLookup { + +private Document doc; +private Element soapBody; + +public CXFCallbackLookup(Document doc, Element soapBody) { +super(doc); +this.soapBody = soapBody; +} + +/** + * Get the SOAP Body + */ +@Override +public Element getSOAPBody() { +if (soapBody != null) { +return soapBody; +} +return WSSecurityUtil.findBodyElement(doc); +} +} http://git-wip-us.apache.org/repos/asf/cxf/blob/77372254/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java index 98a6330..54faf7e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java @@ -120,7 +120,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptorSoa } private void handleMessageInternal(SoapMessage message) throws Fault { -CollectionAssertionInfo ais; SOAPMessage saaj = message.getContent(SOAPMessage.class); boolean mustUnderstand = @@ -133,7 +132,7 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptorSoa // extract Assertion information if (aim != null) { AbstractBinding transport = null; -ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING); +CollectionAssertionInfo ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { transport =
[08/10] cxf git commit: Minor fix
Minor fix Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e548a02f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e548a02f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e548a02f Branch: refs/heads/master Commit: e548a02fa04313fd1b6ec5d9ac78c774e8ad935a Parents: 24e330c Author: Colm O hEigeartaigh cohei...@apache.org Authored: Wed Mar 11 11:00:07 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Wed Mar 11 11:00:07 2015 + -- .../cxf/ws/security/wss4j/WSS4JOutInterceptor.java | 11 ++- 1 file changed, 2 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e548a02f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java index ea4fddd..8e1bb5b 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java @@ -228,11 +228,7 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { } } -/* - * Now we perform some set-up for UsernameToken and Signature - * functions. No need to do it for encryption only. Check if - * username is available and then get a passowrd. - */ +// Check to see if we require a username (+ if it's missing) boolean userNameRequired = false; for (HandlerAction handlerAction : actions) { if ((handlerAction.getAction() == WSConstants.SIGN @@ -246,13 +242,10 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { } if (userNameRequired (reqData.getUsername() == null || reqData.getUsername().equals()) (String)getOption(WSHandlerConstants.SIGNATURE_USER) == null) { -/* - * We need a username - if none throw an SoapFault. For - * encryption there is a specific parameter to get a username. - */ throw new SoapFault(new Message(NO_USERNAME, LOG), version .getReceiver()); } + if (doDebug) { LOG.fine(Actor: + reqData.getActor()); }
svn commit: r943666 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot Date: Fri Mar 13 11:47:17 2015 New Revision: 943666 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html == --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 11:47:17 2015 @@ -117,12 +117,12 @@ Apache CXF -- JAX-RS JOSE !-- Content -- div class=wiki-content div id=ConfluenceContentp#160;/ppstyle type=text/css/*![CDATA[*/ -div.rbtoc1421621184755 {padding: 0px;} -div.rbtoc1421621184755 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1421621184755 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1426247209546 {padding: 0px;} +div.rbtoc1426247209546 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1426247209546 li {margin-left: 0px;padding-left: 0px;} -/*]]*//style/pdiv class=toc-macro rbtoc1421621184755 -ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia shape=rect href=#JAX-RSJOSE-JoseOverviewJose Overview/a +/*]]*//style/pdiv class=toc-macro rbtoc1426247209546 +ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul /lilia shape=rect href=#JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose Filters/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/a/li/ul /divh1 id=JAX-RSJOSE-IntroductionIntroduction/h1pCXF 3.0.x implements a shape=rect class=external-link href=https://datatracker.ietf.org/wg/jose/documents/; rel=nofollowJOSE/a./ph1 id=JAX-RSJOSE-MavenDependenciesMaven Dependencies/h1div class=code panel pdl style=border-width: 1px;div class=codeContent panelContent pdl @@ -132,7 +132,7 @@ div.rbtoc1421621184755 li {margin-left: lt;versiongt;3.1.0lt;/versiongt; lt;/dependencygt; ]]/script -/div/divp#160;/ph1 id=JAX-RSJOSE-JoseOverviewJose Overview/h1h2 id=JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/h2h2 id=JAX-RSJOSE-JWKKeysJWK Keys/h2h2 id=JAX-RSJOSE-JWSSignatureJWS Signature/h2p#160;/ph2 id=JAX-RSJOSE-JSONEncryptionJSON Encryption/h2h2 id=JAX-RSJOSE-JSONWebTokensJSON Web Tokens/h2p#160;/ph1 id=JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose Filters/h1p#160;/ph1 id=JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/h1p#160;/ph1 id=JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/h1pJose4J. Etc./pp#160;/p/div +/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE Overview/h1pJOSE is a set of high quality specifications that specify how data payloads can be signed and/or encrypted with the cryptographic properties set in JSON-formatted metadata (headers)./ppNote that not only JSON documents but also documents in the arbitrary formats can be secured: text, binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced OAuth2 applications but is also perfect at securing the regular HTTP web service communications./pp#160;/ppAt the moment two signature and encryption output formats are supported: compact and JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded JOSE headers (where the cryptographic signature or encryption properties are set),/ppBase64URL-encoded payload (in the original form if it is signed, otherwise - encrypted), plus Base64URL-encoded signature of the payload or some of encryption process input or outpu t data/ppsuch as an initialization vector, authentication tag, etc./pp#160;/ppThe JSON (full) format is where all the information describing a signature or encryption process is presented in a not-compact, regular JSON document, offering a non-optimized but easier to understand format./ppThe signature process also supports the detached body mode where the body to be signed is not included in the actual output - assuming that both the consumer and producer know how to access the original payload in order to/ppvalidate the signature./pp#160;/ppThe following subsections will have the examples with more details./ph2 id=JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/h2h2 id=JAX-RSJOSE-JWKKeysJWK
[03/10] cxf git commit: Picking up some WSS4J trunk changes
Picking up some WSS4J trunk changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/80d7128a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/80d7128a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/80d7128a Branch: refs/heads/master Commit: 80d7128a3ba1944a603c73e5e908d86c9bf27648 Parents: 2426a08 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Tue Feb 24 14:40:10 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Tue Feb 24 14:40:10 2015 + -- .../org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/80d7128a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java index cff4c53..b8c71a7 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java @@ -273,13 +273,14 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { || MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION)); reqData.setEnableRevocation(enableRevocation); -Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), actor); +Element elem = +WSSecurityUtil.getSecurityHeader(doc.getSOAPHeader(), actor, version.getVersion() != 1.1); ListWSSecurityEngineResult wsResult = engine.processSecurityHeader( elem, reqData ); -if (wsResult != null !wsResult.isEmpty()) { // security header found +if (!wsResult.isEmpty()) { // security header found if (reqData.getWssConfig().isEnableSignatureConfirmation()) { checkSignatureConfirmation(reqData, wsResult); } @@ -294,9 +295,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor { wsResult, utWithCallbacks ); } else { // no security header found -// Create an empty result list to pass into the required validation -// methods. -wsResult = new ArrayListWSSecurityEngineResult(); if (doc.getSOAPPart().getEnvelope().getBody().hasFault() isRequestor(msg)) { LOG.warning(The request is a SOAP Fault, but it is not secured); // We allow lax action matching here for backwards compatibility
[02/10] cxf git commit: Applying Opensaml 3.0.x patch
Applying Opensaml 3.0.x patch Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2426a087 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2426a087 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2426a087 Branch: refs/heads/master Commit: 2426a0879b06cf6dea32004af16f96f793d568eb Parents: a79bb05 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Tue Feb 24 11:38:13 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Tue Feb 24 11:38:13 2015 + -- parent/pom.xml | 8 +- pom.xml | 8 ++ .../grants/saml/Saml2BearerGrantHandler.java| 5 +- .../oauth2/saml/SamlOAuthValidator.java | 14 +-- ...AbstractRequestAssertionConsumerHandler.java | 15 ++- .../saml/sso/AbstractServiceProviderFilter.java | 2 +- .../security/saml/sso/AuthnRequestBuilder.java | 2 +- .../saml/sso/DefaultAuthnRequestBuilder.java| 14 +-- .../saml/sso/SAMLProtocolResponseValidator.java | 98 .../saml/sso/SAMLSSOResponseValidator.java | 22 ++--- .../saml/sso/SamlPostBindingFilter.java | 21 ++--- .../saml/sso/SamlRedirectBindingFilter.java | 2 +- .../saml/sso/SamlpRequestComponentBuilder.java | 25 ++--- .../saml/sso/AuthnRequestBuilderTest.java | 14 +-- .../security/saml/sso/SAML2CallbackHandler.java | 4 +- .../sso/SAML2PResponseComponentBuilder.java | 23 ++--- .../saml/sso/SAMLResponseValidatorTest.java | 28 +++--- .../saml/sso/SAMLSSOResponseValidatorTest.java | 24 +++-- .../rs/security/saml/AbstractSamlInHandler.java | 5 +- .../apache/cxf/rs/security/saml/SAMLUtils.java | 4 +- .../rs/security/xml/XmlSecOutInterceptor.java | 2 +- .../rs/security/xml/XmlSigOutInterceptor.java | 4 +- rt/security/pom.xml | 22 + .../apache/cxf/rt/security/saml/SAMLUtils.java | 14 +-- .../AbstractXACMLAuthorizingInterceptor.java| 34 --- .../security/xacml/RequestComponentBuilder.java | 7 +- .../xacml/SamlRequestComponentBuilder.java | 13 +-- .../rt/security/saml/SamlCallbackHandler.java | 6 +- .../apache/cxf/rt/security/xacml/DummyPDP.java | 11 +-- .../security/xacml/XACMLRequestBuilderTest.java | 16 ++-- .../ws/security/wss4j/SamlTokenInterceptor.java | 7 +- .../policyhandlers/AbstractBindingBuilder.java | 10 +- .../AbstractStaxBindingHandler.java | 6 +- .../AsymmetricBindingHandler.java | 6 +- .../policyhandlers/SymmetricBindingHandler.java | 4 +- .../policyhandlers/TransportBindingHandler.java | 6 +- .../DefaultClaimsPolicyValidator.java | 20 ++-- .../IssuedTokenPolicyValidator.java | 2 +- .../SamlTokenPolicyValidator.java | 2 +- .../wss4j/saml/SAML1CallbackHandler.java| 4 +- .../wss4j/saml/SAML2CallbackHandler.java| 4 +- .../apache/cxf/sts/claims/ClaimsManager.java| 24 ++--- .../token/delegation/SAMLDelegationHandler.java | 8 +- .../sts/token/provider/SAMLTokenProvider.java | 2 +- .../sts/token/provider/SamlCallbackHandler.java | 6 +- .../cxf/sts/token/renewer/SAMLTokenRenewer.java | 22 ++--- .../sts/token/validator/SAMLTokenValidator.java | 10 +- .../cxf/sts/common/CustomClaimsHandler.java | 13 +-- .../cxf/sts/token/provider/SAMLClaimsTest.java | 4 +- .../systest/sts/batch/SAMLBatchUnitTest.java| 2 +- .../cxf/systest/sts/claims/ClaimsValidator.java | 23 +++-- .../systest/sts/claims/StaxClaimsValidator.java | 22 ++--- .../sts/realms/DifferentRealmValidator.java | 2 +- .../sts/secure_conv/SCTSAMLTokenProvider.java | 2 +- .../sts/bearer/Saml2CallbackHandler.java| 4 +- .../OnBehalfOfValidator.java| 8 +- .../sts/sendervouches/Saml2CallbackHandler.java | 4 +- .../sts/username_actas/ActAsValidator.java | 9 +- services/xkms/pom.xml | 2 +- .../security/oauth2/SamlCallbackHandler.java| 4 +- .../security/oauth2/SamlCallbackHandler2.java | 4 +- .../security/saml/SamlCallbackHandler.java | 6 +- .../examples/saml/SamlCallbackHandler.java | 4 +- .../systest/ws/saml/CustomSaml2Validator.java | 4 +- .../ws/saml/PolicyDecisionPointMockImpl.java| 12 +-- .../ws/saml/client/SamlCallbackHandler.java | 6 +- .../ws/saml/client/SamlRoleCallbackHandler.java | 6 +- 67 files changed, 379 insertions(+), 372 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index 352244a..ce5d330 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -125,10 +125,8 @@ cxf.netty.version.range[4,5)/cxf.netty.version.range
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes b982cca14 - a3d605568 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8895ef30 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8895ef30 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8895ef30 Branch: refs/heads/3.0.x-fixes Commit: 8895ef30c74133f5da237a89343d88c53fe1338d Parents: b982cca Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 14:20:24 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 14:20:24 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8895ef30/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 0f538de..9f6381b 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -178,6 +178,7 @@ B d68f140c76cf7e390dfce134ea5c5d97f129e65d B d8a6bdbd2c84b3fa0187de935e294d5f66974e46 B d9f624e2eca8affa20243583ace087a8cbba3ac8 B df947cb1ca2b9e375f99e199ec65b1afece1c963 +B dfecaa60ea6082fda8f2959c083ba2f2f7a03112 B e242307ad8bbe53788f3e03e9e2f0ca977d01340 B e548a02fa04313fd1b6ec5d9ac78c774e8ad935a B e8514ea3f5fdf33b19d9ddc0639cc1aaf57e1f62
[2/2] cxf git commit: Adding a TODO
Adding a TODO Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a3d60556 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a3d60556 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a3d60556 Branch: refs/heads/3.0.x-fixes Commit: a3d605568fb31fd5edf5de844a3aa503f3a91558 Parents: 8895ef3 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 14:21:32 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 14:21:32 2015 + -- .../java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a3d60556/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java index fde339c..a86ee61 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java @@ -64,6 +64,9 @@ public final class CryptoCoverageUtil { * * @param signedRefs references to the signed content in the message * @param encryptedRefs references to the encrypted content in the message + * + * TODO Replace the isSignedEncryptionRef when we pick up WSS4J 2.0.5, and directly + * check the encrypted Element instead of the WSDataRef (as per master code) */ public static void reconcileEncryptedSignedRefs(final CollectionWSDataRef signedRefs, final CollectionWSDataRef encryptedRefs) {
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes eb67fb62f - 16f466dbe Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/16f466db Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/16f466db Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/16f466db Branch: refs/heads/2.7.x-fixes Commit: 16f466dbea31b06b88767717d5b69dadc01c0ebe Parents: eb67fb6 Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 14:29:52 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 14:29:52 2015 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/16f466db/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index e42dae9..75d91ec 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1032,6 +1032,7 @@ B 885290da4c6f3c8426b1453903cb9308e44eed05 B 885d450243af92377f0d83d90c7a9dae124a4d2d B 887d71995728dbd2365017e17226fa457b5d6847 B 888bfa0ee1fcb1c649b8af7291bad431bb3f9474 +B 8895ef30c74133f5da237a89343d88c53fe1338d B 892913e71e5bed58419c953ca551a3d13bd7b22d B 893263d9f832d052c396d3532784c667c60c5037 B 893c217594426661cc10ef1418e31a8bb18266c7 @@ -1228,6 +1229,7 @@ B a312f2a028a3b085ef4401cc26d930de7ffeeab0 B a33670388cd4314a75bde41d98336446ea073d4e B a34df25e3a78d3a4cf5bb6fa8c51e82e489b614e B a3505225ee53bf7d25b25ac68687976f01347863 +B a3d605568fb31fd5edf5de844a3aa503f3a91558 B a3e071687de318c17e7543a56c773849b5fa1442 B a3f3df042f158b67426700c95a7be09bb764f3a7 B a45ef8e3fc44ceeb92068dca3d4b70d87c0a19ff
svn commit: r943700 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot Date: Fri Mar 13 14:46:58 2015 New Revision: 943700 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html == --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 14:46:58 2015 @@ -32,6 +32,7 @@ link type=text/css rel=stylesheet href=/resources/highlighter/styles/shThemeCXF.css script src='/resources/highlighter/scripts/shCore.js'/script +script src='/resources/highlighter/scripts/shBrushJava.js'/script script src='/resources/highlighter/scripts/shBrushXml.js'/script script SyntaxHighlighter.defaults['toolbar'] = false; @@ -117,22 +118,46 @@ Apache CXF -- JAX-RS JOSE !-- Content -- div class=wiki-content div id=ConfluenceContentp#160;/ppstyle type=text/css/*![CDATA[*/ -div.rbtoc1426254394846 {padding: 0px;} -div.rbtoc1426254394846 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1426254394846 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1426257993585 {padding: 0px;} +div.rbtoc1426257993585 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1426257993585 li {margin-left: 0px;padding-left: 0px;} -/*]]*//style/pdiv class=toc-macro rbtoc1426254394846 +/*]]*//style/pdiv class=toc-macro rbtoc1426257993585 ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul -/lilia shape=rect href=#JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose Filters/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/a/li/ul +/lilia shape=rect href=#JAX-RSJOSE-JOSEJAX-RSFiltersJOSE JAX-RS Filters/a/lilia shape=rect href=#JAX-RSJOSE-ConfigurationConfiguration/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/a/li/ul /divh1 id=JAX-RSJOSE-IntroductionIntroduction/h1pCXF 3.0.x implements a shape=rect class=external-link href=https://datatracker.ietf.org/wg/jose/documents/; rel=nofollowJOSE/a./ph1 id=JAX-RSJOSE-MavenDependenciesMaven Dependencies/h1div class=code panel pdl style=border-width: 1px;div class=codeContent panelContent pdl script class=theme: Default; brush: xml; gutter: false type=syntaxhighlighter![CDATA[lt;dependencygt; lt;groupIdgt;org.apache.cxflt;/groupIdgt; lt;artifactIdgt;cxf-rt-rs-security-joselt;/artifactIdgt; - lt;versiongt;3.1.0lt;/versiongt; + lt;versiongt;3.0.4lt;/versiongt; lt;/dependencygt; ]]/script -/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE Overview/h1pJOSE is a set of high quality specifications that specify how data payloads can be signed and/or encrypted with the cryptographic properties set in JSON-formatted metadata (headers)./ppNote that not only JSON documents but also documents in the arbitrary formats can be secured: text, binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced OAuth2 applications but is also perfect at securing the regular HTTP web service communications./pp#160;/ppAt the moment two signature and encryption output formats are supported: compact and JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded JOSE headers (where the cryptographic signature or encryption properties are set),/ppBase64URL-encoded payload (in the original form if it is signed, otherwise - encrypted), plus Base64URL-encoded signature of the payload or some of encryption process input or outpu t data/ppsuch as an initialization vector, authentication tag, etc./pp#160;/ppThe JSON (full) format is where all the information describing a signature or encryption process is presented in a not-compact, regular JSON document, offering a non-optimized but easier to understand format./ppThe signature process also supports the detached body mode where the body to be signed is not included in the actual output - assuming that both the consumer and producer know how to access the original payload in order to/ppvalidate the signature./pp#160;/ppThe following subsections will have the examples
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 4efcd8bd4 - eb67fb62f Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/eb67fb62 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/eb67fb62 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/eb67fb62 Branch: refs/heads/2.7.x-fixes Commit: eb67fb62fd2cdbbf362e1a9f7f329f0d8ddf21d2 Parents: 4efcd8b Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 11:26:00 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 11:26:00 2015 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/eb67fb62/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index f9ff014..e42dae9 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -480,6 +480,7 @@ B 3c95b4b01da194ba34a2230dd00a2333d820464a B 3cd23910e77dfb21c9622cf96c5118765a79e03c B 3cd24f083d410f2335245a377f961b48341705fa B 3cd2f8f4a1c6786be106b8b1fb23ef62e77dc698 +B 3d1078b0717fec4e52d680bf9922e81f62702d63 B 3d635a7989366b61ce55231c82c8625aa75b8524 B 3d701b59b57942fa0800a54cd46e3f049208da71 B 3d7db466f8a2c5188a5d7038f9fbe8a633679750 @@ -1381,6 +1382,7 @@ B b94129cb0e36f42d5c30eb6fb22e76f0983aa6ea B b941cb80bc4f75ed3b02afa7c22e6847550cedc6 B b94ce41b14661f12e6ee74c07d7771f37d313c0a B b95949f1234d38622fb03373e5ac9b6acc550721 +B b982cca14cc95900e95f9baa4dab4f7e487a31b0 B ba3ffb12d7c745e757c0c585268c5ae95e91afeb B ba64841e79b28db920c3394c99c522dd22b556a2 B ba6e36261f7ceb37eabbc777ab45baf26e5cc2a9
cxf git commit: Removing jdk15 profile from pom
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 3d1078b07 - b982cca14 Removing jdk15 profile from pom Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b982cca1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b982cca1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b982cca1 Branch: refs/heads/3.0.x-fixes Commit: b982cca14cc95900e95f9baa4dab4f7e487a31b0 Parents: 3d1078b Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 11:25:19 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 11:25:19 2015 + -- .../src/main/release/samples/sts/pom.xml| 38 1 file changed, 38 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b982cca1/distribution/src/main/release/samples/sts/pom.xml -- diff --git a/distribution/src/main/release/samples/sts/pom.xml b/distribution/src/main/release/samples/sts/pom.xml index 58b7b42..f81e011 100644 --- a/distribution/src/main/release/samples/sts/pom.xml +++ b/distribution/src/main/release/samples/sts/pom.xml @@ -66,44 +66,6 @@ /build profiles profile -idjdk15/id -activation -jdk1.5/jdk -/activation -build -plugins -plugin -groupIdorg.apache.maven.plugins/groupId -artifactIdmaven-dependency-plugin/artifactId -executions -execution -idcreate-endorsed-dir/id -phasevalidate/phase -goals -goalcopy/goal -/goals -configuration -artifactItems -artifactItem -groupIdxerces/groupId -artifactIdxercesImpl/artifactId - outputDirectory${basedir}/target/endorsed/outputDirectory -/artifactItem -artifactItem -groupIdxml-apis/groupId -artifactIdxml-apis/artifactId -version1.3.04/version - outputDirectory${basedir}/target/endorsed/outputDirectory -/artifactItem -/artifactItems -/configuration -/execution -/executions -/plugin -/plugins -/build -/profile -profile idsts/id build defaultGoaltest/defaultGoal
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 2aa1f7a2f - 3d1078b07 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3d1078b0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3d1078b0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3d1078b0 Branch: refs/heads/3.0.x-fixes Commit: 3d1078b0717fec4e52d680bf9922e81f62702d63 Parents: 2aa1f7a Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 11:09:28 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 11:09:28 2015 + -- .gitmergeinfo | 8 1 file changed, 8 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/3d1078b0/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index d0ec1cc..0f538de 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -30,6 +30,8 @@ B 1e927cdfaafb2efc8d29184cb5b7b05ce3c3ad7f B 1f02b3d4f2c9d341046ce35222c8f4d7674b10b2 B 2004b1021ce0d0975eb49cae36416863bd8c59bb B 222137cb2ee577e6582a644b7ae73bbc0a75d4d1 +B 2426a0879b06cf6dea32004af16f96f793d568eb +B 24e330c8b6be65c98cd3914f6fe7498e980f4568 B 27c2c25dc3c2c3019543e31afdca7b166911f278 B 28e185b27e8c80cd773cac46d1b9b19529c4fab0 B 29f0620a9a025afcd2057cdf97c7d93caf6c179f @@ -94,12 +96,14 @@ B 71ced4709dedf62264a4bb630aaf4780cb94ce48 B 7456089088a21620ec75dc83fbb4b89ebdfd290e B 74a2e6f2b1d9787cc9b5cff4cc84e43cfccbfe94 B 75c69b27a7688dfac281d4acdcff3b0acc4c8bee +B 7737225402d3a7b2e669ee8ecf54de10af686f20 B 799c5389f754eb588f023b646b8983b50dde00be B 7cd4cf67ba5b8a0ddc36c8008bf096b469408f48 B 7d1f30f76d95f9eddf0bed995120c71bf1a393b3 B 7e318c4fbfae35680965082a491ca842a23ffd8c B 7e95279dd1170f5878687d7eea27f7d7f03a434b B 80014cf0e6fb1ba62ffdb3766acffd2130eef9d6 +B 80d7128a3ba1944a603c73e5e908d86c9bf27648 B 857b55796dc7fc2b302e26d99f84df1712ff9c58 B 85c06fc4d6a642627434785a2d228d3c08d68768 B 85d6e1a63c95088917853436fe1adcce4863ce6c @@ -124,6 +128,7 @@ B 96ed80508cf15f7dc8c2d5a73225a36dbc096ee2 B 970feeed0db20bfe9df5095b6b335146344c222c B 9896b920035a1d1be1aef28a1d1a5eb876445c82 B 99963f9a08c9782b7c661f2b5ff8e9ce95ab3dbe +B 9ae69b3b323f48de033f62be9fc2780f11b0c761 B 9b93ca4bda4ba8abce2e2248059f2ccfd35391b2 B 9dd4194ce6af00377b0e1bdc6b15744fe03e29c9 B 9dfb278c7739b9f4621f43b8146d057e21fafb64 @@ -169,10 +174,12 @@ B d3e9295d3acfe3c970a325bbbafdba83a0d6e83c B d50ffd09c30e606524fb6ed92119d85ccfa13491 B d54a21628143bc15f51cbe5d63fa42c09d0ab8ac B d5b502a60d2934a42e32cb6225224ff75c66aa37 +B d68f140c76cf7e390dfce134ea5c5d97f129e65d B d8a6bdbd2c84b3fa0187de935e294d5f66974e46 B d9f624e2eca8affa20243583ace087a8cbba3ac8 B df947cb1ca2b9e375f99e199ec65b1afece1c963 B e242307ad8bbe53788f3e03e9e2f0ca977d01340 +B e548a02fa04313fd1b6ec5d9ac78c774e8ad935a B e8514ea3f5fdf33b19d9ddc0639cc1aaf57e1f62 B e8b8e2bc1b5afa4ad93294ebe1bd723a5a4a8f64 B ea778c4f38f882dc97d23bd200683fd9d48b4718 @@ -193,6 +200,7 @@ B f97778f0c21a4dc0f083e840e8157fe2f8528d90 B fa37d8722d154bbdec9d2acf4da16a04db0a34f1 B fb94440f6f1d5c7c572b6c0163f275c95073b8ee B fb9d26581c364c62c7343847ebe4136b8c97700f +B fc78cd31869a4e580c4d2a9e7864ae6dae8c311b B fd3471e58e63ee672babc015ed0929f6cd6862dd B fe416234bab8af30f1789c3164ac256af86e3b62 B ff742436a3e177dc61106edf08f2509e727362dd
svn commit: r943707 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot Date: Fri Mar 13 15:46:50 2015 New Revision: 943707 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html == --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 15:46:50 2015 @@ -118,14 +118,16 @@ Apache CXF -- JAX-RS JOSE !-- Content -- div class=wiki-content div id=ConfluenceContentp#160;/ppstyle type=text/css/*![CDATA[*/ -div.rbtoc1426257993585 {padding: 0px;} -div.rbtoc1426257993585 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1426257993585 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1426261585363 {padding: 0px;} +div.rbtoc1426261585363 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1426261585363 li {margin-left: 0px;padding-left: 0px;} -/*]]*//style/pdiv class=toc-macro rbtoc1426257993585 -ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a -ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul -/lilia shape=rect href=#JAX-RSJOSE-JOSEJAX-RSFiltersJOSE JAX-RS Filters/a/lilia shape=rect href=#JAX-RSJOSE-ConfigurationConfiguration/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/a/li/ul +/*]]*//style/pdiv class=toc-macro rbtoc1426261585363 +ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a/lilia shape=rect href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/lilia shape=rect href=#JAX-RSJOSE-LinkingJWTauthenticationstoJWSorJWEcontentLinking JWT authentications to JWS or JWE content/a/lilia shape=rect href=#JAX-RSJOSE-JOSEJAX-RSFiltersJOSE JAX-RS Filters/a +ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-JWEJWE/a/lilia shape=rect href=#JAX-RSJOSE-JWSJWS/a/li/ul +/lilia shape=rect href=#JAX-RSJOSE-ConfigurationConfiguration/a +ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-EncryptingJWKstoresEncrypting JWK stores/a/li/ul +/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect href=#JAX-RSJOSE-OIDCandJoseOIDC and Jose/a/lilia shape=rect href=#JAX-RSJOSE-FutureWorkFuture Work/a/lilia shape=rect href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/a/li/ul /divh1 id=JAX-RSJOSE-IntroductionIntroduction/h1pCXF 3.0.x implements a shape=rect class=external-link href=https://datatracker.ietf.org/wg/jose/documents/; rel=nofollowJOSE/a./ph1 id=JAX-RSJOSE-MavenDependenciesMaven Dependencies/h1div class=code panel pdl style=border-width: 1px;div class=codeContent panelContent pdl script class=theme: Default; brush: xml; gutter: false type=syntaxhighlighter![CDATA[lt;dependencygt; lt;groupIdgt;org.apache.cxflt;/groupIdgt; @@ -133,7 +135,7 @@ div.rbtoc1426257993585 li {margin-left: lt;versiongt;3.0.4lt;/versiongt; lt;/dependencygt; ]]/script -/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE Overview/h1pJOSE is a set of high quality specifications that specify how data payloads can be signed and/or encrypted with the cryptographic properties set in JSON-formatted metadata (headers)./ppNote that not only JSON documents but also documents in the arbitrary formats can be secured: text, binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced OAuth2 applications but is also perfect at securing the regular HTTP web service communications./pp#160;/ppAt the moment two signature and encryption output formats are supported: compact and JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded JOSE headers (where the cryptographic signature or encryption properties are set),/ppBase64URL-encoded payload (in the original form if it is signed, otherwise - encrypted), plus
cxf git commit: Refactoring of the CryptoCoverageChecker stuff
Repository: cxf Updated Branches: refs/heads/master e47f87b16 - dfecaa60e Refactoring of the CryptoCoverageChecker stuff Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dfecaa60 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dfecaa60 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dfecaa60 Branch: refs/heads/master Commit: dfecaa60ea6082fda8f2959c083ba2f2f7a03112 Parents: e47f87b Author: Colm O hEigeartaigh cohei...@apache.org Authored: Fri Mar 13 14:18:18 2015 + Committer: Colm O hEigeartaigh cohei...@apache.org Committed: Fri Mar 13 14:18:18 2015 + -- .../security/wss4j/CryptoCoverageChecker.java | 59 -- .../ws/security/wss4j/CryptoCoverageUtil.java | 63 ++-- .../wss4j/PolicyBasedWSS4JInInterceptor.java| 2 +- 3 files changed, 29 insertions(+), 95 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/dfecaa60/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java index b5a0d97..9a71a9e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java @@ -51,7 +51,6 @@ import org.apache.wss4j.dom.WSDataRef; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.handler.WSHandlerConstants; import org.apache.wss4j.dom.handler.WSHandlerResult; -import org.apache.wss4j.dom.util.WSSecurityUtil; /** * Utility to enable the checking of WS-Security signature/encryption @@ -66,12 +65,12 @@ public class CryptoCoverageChecker extends AbstractSoapInterceptor { * that must be covered. See {@link #prefixMap} * for namespace prefixes available. */ -protected ListXPathExpression xPaths = new ArrayListXPathExpression(); +protected ListXPathExpression xPaths = new ArrayList(); /** * Mapping of namespace prefixes to namespace URIs. */ -protected MapString, String prefixMap = new HashMapString, String(); +protected MapString, String prefixMap = new HashMap(); private boolean checkFaults = true; @@ -132,43 +131,33 @@ public class CryptoCoverageChecker extends AbstractSoapInterceptor { throw new SoapFault(Error obtaining SOAP document, Fault.FAULT_CODE_CLIENT); } -final CollectionWSDataRef signed = new HashSetWSDataRef(); -final CollectionWSDataRef encrypted = new HashSetWSDataRef(); +final CollectionWSDataRef signed = new HashSet(); +final CollectionWSDataRef encrypted = new HashSet(); ListWSHandlerResult results = CastUtils.cast( (List?) message.get(WSHandlerConstants.RECV_RESULTS)); -for (final WSHandlerResult wshr : results) { -final ListWSSecurityEngineResult wsSecurityEngineSignResults = -WSSecurityUtil.fetchAllActionResults(wshr.getResults(), WSConstants.SIGN); - -final ListWSSecurityEngineResult wsSecurityEngineEncResults = -WSSecurityUtil.fetchAllActionResults(wshr.getResults(), WSConstants.ENCR); - -for (WSSecurityEngineResult wser : wsSecurityEngineSignResults) { - -ListWSDataRef sl = CastUtils.cast((List?) wser -.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); -if (sl != null) { -if (sl.size() == 1 - sl.get(0).getName().equals(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN))) { -//endorsing the signature so don't include -break; -} - -for (WSDataRef r : sl) { -signed.add(r); +// Get all encrypted and signed references +for (WSHandlerResult wshr : results) { +for (WSSecurityEngineResult result : wshr.getResults()) { +Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); +if (actInt == WSConstants.SIGN) { +ListWSDataRef sl = + CastUtils.cast((List?)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); +if (sl != null) { +if (sl.size() == 1 + sl.get(0).getName().equals(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN))) { +
svn commit: r943695 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot Date: Fri Mar 13 13:47:00 2015 New Revision: 943695 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html == --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 13:47:00 2015 @@ -117,11 +117,11 @@ Apache CXF -- JAX-RS JOSE !-- Content -- div class=wiki-content div id=ConfluenceContentp#160;/ppstyle type=text/css/*![CDATA[*/ -div.rbtoc1426247209546 {padding: 0px;} -div.rbtoc1426247209546 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1426247209546 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1426254394846 {padding: 0px;} +div.rbtoc1426254394846 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1426254394846 li {margin-left: 0px;padding-left: 0px;} -/*]]*//style/pdiv class=toc-macro rbtoc1426247209546 +/*]]*//style/pdiv class=toc-macro rbtoc1426254394846 ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-IntroductionIntroduction/a/lilia shape=rect href=#JAX-RSJOSE-MavenDependenciesMaven Dependencies/a/lilia shape=rect href=#JAX-RSJOSE-JOSEOverviewJOSE Overview/a ul class=toc-indentationlia shape=rect href=#JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/a/lilia shape=rect href=#JAX-RSJOSE-JWKKeysJWK Keys/a/lilia shape=rect href=#JAX-RSJOSE-JWSSignatureJWS Signature/a/lilia shape=rect href=#JAX-RSJOSE-JSONEncryptionJSON Encryption/a/lilia shape=rect href=#JAX-RSJOSE-JSONWebTokensJSON Web Tokens/a/li/ul /lilia shape=rect href=#JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose Filters/a/lilia shape=rect href=#JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/a/lilia shape=rect href=#JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/a/li/ul @@ -132,7 +132,7 @@ div.rbtoc1426247209546 li {margin-left: lt;versiongt;3.1.0lt;/versiongt; lt;/dependencygt; ]]/script -/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE Overview/h1pJOSE is a set of high quality specifications that specify how data payloads can be signed and/or encrypted with the cryptographic properties set in JSON-formatted metadata (headers)./ppNote that not only JSON documents but also documents in the arbitrary formats can be secured: text, binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced OAuth2 applications but is also perfect at securing the regular HTTP web service communications./pp#160;/ppAt the moment two signature and encryption output formats are supported: compact and JSON./pp#160;/ppCompact format is a concatenation of Base64URL-encoded JOSE headers (where the cryptographic signature or encryption properties are set),/ppBase64URL-encoded payload (in the original form if it is signed, otherwise - encrypted), plus Base64URL-encoded signature of the payload or some of encryption process input or outpu t data/ppsuch as an initialization vector, authentication tag, etc./pp#160;/ppThe JSON (full) format is where all the information describing a signature or encryption process is presented in a not-compact, regular JSON document, offering a non-optimized but easier to understand format./ppThe signature process also supports the detached body mode where the body to be signed is not included in the actual output - assuming that both the consumer and producer know how to access the original payload in order to/ppvalidate the signature./pp#160;/ppThe following subsections will have the examples with more details./ph2 id=JAX-RSJOSE-JWAAlgorithmsJWA Algorithms/h2h2 id=JAX-RSJOSE-JWKKeysJWK Keys/h2h2 id=JAX-RSJOSE-JWSSignatureJWS Signature/h2p#160;/ph2 id=JAX-RSJOSE-JSONEncryptionJSON Encryption/h2h2 id=JAX-RSJOSE-JSONWebTokensJSON Web Tokens/h2p#160;/ph1 id=JAX-RSJOSE-JAX-RSJoseFiltersJAX-RS Jose Filters/h1p#1 60;/ph1 id=JAX-RSJOSE-OAuth2andJoseOAuth2 and Jose/h1p#160;/ph1 id=JAX-RSJOSE-Third-PartyAlternativesThird-Party Alternatives/h1pJose4J. Etc./pp#160;/p/div +/div/divp#160;/ph1 id=JAX-RSJOSE-JOSEOverviewJOSE Overview/h1pJOSE is a set of high quality specifications that specify how data payloads can be signed and/or encrypted with the cryptographic properties set in JSON-formatted metadata (headers)./ppNote that not only JSON documents but also documents in the arbitrary formats can be secured: text, binary data, even XML./pp#160;/ppJOSE is a key piece of the advanced OAuth2 applications but is also perfect at securing the regular HTTP web service communications./pp#160;/ppAt the moment two signature and encryption output formats are supported: compact and JSON./pp#160;/ppCompact format is a concatenation of