[2/2] cxf git commit: Fixing merge

2017-06-16 Thread coheigea 
Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/72c4194a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/72c4194a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/72c4194a

Branch: refs/heads/2.6.x-fixes
Commit: 72c4194a634a40265171b4288927f35dc329c552
Parents: f318ee6
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 10:21:38 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 10:21:38 2017 +0100

--
 .../saml/sso/SAMLSSOResponseValidator.java  |  95 +++---
 .../saml/sso/CombinedValidatorTest.java | 329 ++-
 2 files changed, 305 insertions(+), 119 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/72c4194a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
--
diff --git 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 096468c..0bb1c79 100644
--- 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -36,32 +36,33 @@ import org.opensaml.saml2.core.AuthnStatement;
  * should be validated by the SAMLProtocolResponseValidator first.
  */
 public class SAMLSSOResponseValidator {
-
+
 private static final Logger LOG = 
LogUtils.getL7dLogger(SAMLSSOResponseValidator.class);
-
+
 private String issuerIDP;
 private String assertionConsumerURL;
 private String clientAddress;
 private String requestId;
 private String spIdentifier;
+private boolean enforceResponseSigned;
 private boolean enforceAssertionsSigned = true;
 private boolean enforceKnownIssuer = true;
 private TokenReplayCache replayCache;
-
+
 /**
  * Enforce that Assertions must be signed if the POST binding was used. 
The default is true.
  */
 public void setEnforceAssertionsSigned(boolean enforceAssertionsSigned) {
 this.enforceAssertionsSigned = enforceAssertionsSigned;
 }
-
+
 /**
  * Enforce that the Issuer of the received Response/Assertion is known. 
The default is true.
  */
 public void setEnforceKnownIssuer(boolean enforceKnownIssuer) {
 this.enforceKnownIssuer = enforceKnownIssuer;
 }
-
+
 /**
  * Validate a SAML 2 Protocol Response
  * @param samlResponse
@@ -81,7 +82,7 @@ public class SAMLSSOResponseValidator {
 LOG.fine("The Response must contain at least one Assertion");
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
-
+
 // The Response must contain a Destination that matches the 
assertionConsumerURL if it is
 // signed
 String destination = samlResponse.getDestination();
@@ -90,9 +91,14 @@ public class SAMLSSOResponseValidator {
 LOG.fine("The Response must contain a destination that matches the 
assertion consumer URL");
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
-
+
+if (enforceResponseSigned && !samlResponse.isSigned()) {
+LOG.fine("The Response must be signed!");
+throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
+}
+
 // Validate Assertions
-org.opensaml.saml.saml2.core.Assertion validAssertion = null;
+org.opensaml.saml2.core.Assertion validAssertion = null;
 Date sessionNotOnOrAfter = null;
 for (org.opensaml.saml2.core.Assertion assertion : 
samlResponse.getAssertions()) {
 // Check the Issuer
@@ -101,13 +107,13 @@ public class SAMLSSOResponseValidator {
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
 validateIssuer(assertion.getIssuer());
-
+
 if (enforceAssertionsSigned && postBinding && 
assertion.getSignature() == null) {
 LOG.fine("If the HTTP Post binding is used to deliver the 
Response, "
  + "the enclosed assertions must be signed");
 throw new WSSecurityException(WSSecurityException.FAILURE, 
"invalidSAMLsecurity");
 }
-
+
 // Check for AuthnStatements and validate the Subject accordingly
 if (assertion.getAuthnStatements() != null
 && !assertion.getAuthnStatements().isEmpty()) {
@@

[2/2] cxf git commit: Fixing merge

2016-10-17 Thread coheigea 
Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f91bdce0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f91bdce0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f91bdce0

Branch: refs/heads/3.0.x-fixes
Commit: f91bdce0a219e273c4f6b0e990074cb16ae0ab07
Parents: a493b7f
Author: Colm O hEigeartaigh 
Authored: Mon Oct 17 11:39:58 2016 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 17 11:39:58 2016 +0100

--
 .../cxf/systest/ws/tokens/tls-stax-server.xml   | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f91bdce0/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server.xml
--
diff --git 
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server.xml
 
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server.xml
index 240e83c..4a42010 100644
--- 
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server.xml
+++ 
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server.xml
@@ -29,10 +29,10 @@
 
 
 
-
+
 
 
-
+
 
 
 
@@ -40,10 +40,10 @@
 
 http://www.example.org/contract/DoubleIt; 
id="EncryptedSupportingTokens4" 
address="https://localhost:${testutil.ports.tokens.TLSStaxServer}/DoubleItEncryptedSupporting4;
 serviceName="s:DoubleItService" 
endpointName="s:DoubleItEncryptedSupportingPort4" 
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" 
wsdlLocation="org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl" 
depends-on="tls-settings">
 
-
-
-
-
+
+
+
+
 
 
 
@@ -54,10 +54,10 @@
 
 http://www.example.org/contract/DoubleIt; 
id="EncryptedSupportingTokens5" 
address="https://localhost:${testutil.ports.tokens.TLSStaxServer}/DoubleItEncryptedSupporting5;
 serviceName="s:DoubleItService" 
endpointName="s:DoubleItEncryptedSupportingPort5" 
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" 
wsdlLocation="org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl" 
depends-on="tls-settings">
 
-
-
-
-
+
+
+
+

[2/2] cxf git commit: Fixing merge

2016-01-08 Thread coheigea 
Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cdfe4ba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cdfe4ba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cdfe4ba

Branch: refs/heads/3.0.x-fixes
Commit: 6cdfe4babfd9f8bd066f8d39ed0049001ac2fd0d
Parents: 99276ba
Author: Colm O hEigeartaigh 
Authored: Fri Jan 8 16:53:42 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Jan 8 16:53:42 2016 +

--
 .../https/httpclient/PublicSuffixListParser.java  | 10 +-
 .../https/httpclient/DefaultHostnameVerifierTest.java |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6cdfe4ba/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java
index 5c4df13..2e1c124 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java
@@ -52,8 +52,8 @@ public final class PublicSuffixListParser {
  * @throws java.io.IOException on error while reading from list
  */
 public PublicSuffixList parse(final Reader reader) throws IOException {
-final List rules = new ArrayList<>();
-final List exceptions = new ArrayList<>();
+final List rules = new ArrayList();
+final List exceptions = new ArrayList();
 final BufferedReader r = new BufferedReader(reader);
 
 String line;
@@ -94,7 +94,7 @@ public final class PublicSuffixListParser {
  * @since 4.5
  */
 public List parseByType(final Reader reader) throws 
IOException {
-final List result = new ArrayList<>(2);
+final List result = new 
ArrayList(2);
 
 final BufferedReader r = new BufferedReader(reader);
 
@@ -142,12 +142,12 @@ public final class PublicSuffixListParser {
 
 if (isException) {
 if (exceptions == null) {
-exceptions = new ArrayList<>();
+exceptions = new ArrayList();
 }
 exceptions.add(line);
 } else {
 if (rules == null) {
-rules = new ArrayList<>();
+rules = new ArrayList();
 }
 rules.add(line);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cdfe4ba/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java
--
diff --git 
a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java
 
b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java
index 3ec14d1..b16dbfa 100644
--- 
a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java
+++ 
b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java
@@ -50,7 +50,7 @@ public class DefaultHostnameVerifierTest {
 private DefaultHostnameVerifier implWithPublicSuffixCheck;
 
 @Before
-public void setup() {
+public void setUp() {
 impl = new DefaultHostnameVerifier();
 publicSuffixMatcher = new PublicSuffixMatcher(DomainType.ICANN, 
Arrays.asList("com", "co.jp", "gov.uk"), null);
 implWithPublicSuffixCheck = new 
DefaultHostnameVerifier(publicSuffixMatcher);