[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/750b01a6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/750b01a6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/750b01a6

Branch: refs/heads/3.0.x-fixes
Commit: 750b01a6ef16614c0c388537bff2503353831e7e
Parents: aa00a2d
Author: Colm O hEigeartaigh 
Authored: Wed Apr 5 13:20:22 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Apr 5 13:20:22 2017 +0100

--
 .../IssuedTokenInterceptorProvider.java |  73 ++-
 .../security/trust/DefaultSTSTokenCacher.java   | 210 ---
 2 files changed, 67 insertions(+), 216 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/750b01a6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index a27493a..e2c09b2 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -31,7 +33,11 @@ import java.util.logging.Logger;
 
 import javax.xml.namespace.QName;
 
+import org.w3c.dom.CDATASection;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
@@ -59,6 +65,7 @@ import 
org.apache.cxf.ws.security.wss4j.policyvalidators.IssuedTokenPolicyValida
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -71,6 +78,7 @@ import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
+import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -312,19 +320,72 @@ public class IssuedTokenInterceptorProvider extends 
AbstractPolicyInterceptorPro
 return null;
 }
 
-private String getIdFromToken(Element token) {
+// Get an id from the token that is unique to that token
+private static String getIdFromToken(Element token) {
 if (token != null) {
-// Try to find the "Id" on the token.
-if (token.hasAttributeNS(WSConstants.WSU_NS, "Id")) {
-return token.getAttributeNS(WSConstants.WSU_NS, "Id");
-} else if (token.hasAttributeNS(null, "ID")) {
+// For SAML tokens get the ID/AssertionID
+if ("Assertion".equals(token.getLocalName())
+&& 
WSConstants.SAML2_NS.equals(token.getNamespaceURI())) {
 return token.getAttributeNS(null, "ID");
-} else if (token.hasAttributeNS(null, "AssertionID")) {
+} else if ("Assertion".equals(token.getLocalName())
+&& 
WSConstants.SAML_NS.equals(token.getNamespaceURI())) {
 return token.getAttributeNS(null, "AssertionID");
 }
+
+// For UsernameTokens get the username
+if (WSConstants.USERNAME_TOKEN_LN.equals(token.getLocalName())
+&& 
WSConstants.WSSE_NS.equals(token.getNamespaceURI())) {
+Element usernameElement =
+XMLUtils.getDirectChildElement(token, 
WSConstants.USERNAME_LN, WSConstants.WSSE_NS);
+if (usernameElement != null) {
+return getElementText(usernameElement);
+}
+}
+
+// For BinarySecurityTokens take the hash of the value
+if (WSConstants.BINARY_TOKEN_LN.equals(token.getLocalName())
+&& 
WSConstants.WSSE_NS.equals(token.getNamespaceURI())) {
+String text = getElementText(token);
+i

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b16f63b2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b16f63b2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b16f63b2

Branch: refs/heads/3.1.x-fixes
Commit: b16f63b29a864f3687932f9e664088b79f3c40e9
Parents: 4bca17b
Author: Colm O hEigeartaigh 
Authored: Wed Apr 5 12:49:57 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Apr 5 12:49:57 2017 +0100

--
 .../org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/b16f63b2/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
index c2699fc..972a9fd 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.trust;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -38,6 +37,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
+import org.apache.xml.security.utils.Base64;
 
 public class DefaultSTSTokenCacher implements STSTokenCacher {
 
@@ -197,7 +197,7 @@ public class DefaultSTSTokenCacher implements 
STSTokenCacher {
 try {
 MessageDigest digest = 
MessageDigest.getInstance("SHA-256");
 byte[] bytes = digest.digest(text.getBytes());
-return Base64.getMimeEncoder().encodeToString(bytes);
+return Base64.encode(bytes);
 } catch (NoSuchAlgorithmException e) {
 // SHA-256 must be supported so not going to happen...
 }

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/595c43e2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/595c43e2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/595c43e2

Branch: refs/heads/3.0.x-fixes
Commit: 595c43e2131e3b0d483faa821417450ab4701c1f
Parents: 4766131
Author: Colm O hEigeartaigh 
Authored: Tue Sep 6 11:15:14 2016 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Sep 6 11:15:14 2016 +0100

--
 ...AbstractRequestAssertionConsumerHandler.java | 36 
 1 file changed, 36 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/595c43e2/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
--
diff --git 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index f5c8aae..cbfeab5 100644
--- 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++ 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -70,12 +70,7 @@ public abstract class 
AbstractRequestAssertionConsumerHandler extends AbstractSS
 private TokenReplayCache replayCache;
 
 private MessageContext messageContext;
-<<< HEAD
-===
-private String applicationURL;
-private boolean parseApplicationURLFromRelayState;
 private String assertionConsumerServiceAddress;
->>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service 
can not validate SAML response behind reverse proxy
 
 @Context 
 public void setMessageContext(MessageContext mc) {
@@ -362,40 +357,9 @@ public abstract class 
AbstractRequestAssertionConsumerHandler extends AbstractSS
 public void setEnforceResponseSigned(boolean enforceResponseSigned) {
 this.enforceResponseSigned = enforceResponseSigned;
 }
-<<< HEAD
-===
-
-public String getApplicationURL() {
-return applicationURL;
-}
-
-/**
- * Set the Application URL to forward to, for the unsolicited IdP case.
- * @param applicationURL
- */
-public void setApplicationURL(String applicationURL) {
-this.applicationURL = applicationURL;
-}
-
-public boolean isParseApplicationURLFromRelayState() {
-return parseApplicationURLFromRelayState;
-}
-
-/**
- * Whether to parse the application URL to forward to from the RelayState, 
for the unsolicted IdP case.
- * @param parseApplicationURLFromRelayState
- */
-public void setParseApplicationURLFromRelayState(boolean 
parseApplicationURLFromRelayState) {
-this.parseApplicationURLFromRelayState = 
parseApplicationURLFromRelayState;
-}
-
-public String getAssertionConsumerServiceAddress() {
-return assertionConsumerServiceAddress;
-}
 
 public void setAssertionConsumerServiceAddress(String 
assertionConsumerServiceAddress) {
 this.assertionConsumerServiceAddress = assertionConsumerServiceAddress;
 }
 
->>> dac029e... CXF-7039 - JAX-RS Security SAML web SSO consumer service 
can not validate SAML response behind reverse proxy
 }

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bf3e0eb2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bf3e0eb2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bf3e0eb2

Branch: refs/heads/3.0.x-fixes
Commit: bf3e0eb2d682e4625fbf3f0a57d59d6f5805363d
Parents: f9e78fc
Author: Colm O hEigeartaigh 
Authored: Tue Jan 26 17:11:07 2016 +
Committer: Colm O hEigeartaigh 
Committed: Tue Jan 26 17:11:07 2016 +

--
 .../security/oauth2/grants/AuthorizationGrantNegativeTest.java   | 1 +
 .../jaxrs/security/oauth2/grants/AuthorizationGrantTest.java | 4 
 2 files changed, 1 insertion(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/bf3e0eb2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index 3bf0457..271e2e3 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -457,6 +457,7 @@ public class AuthorizationGrantNegativeTest extends 
AbstractBusClientServerTestB
 }
 
 @org.junit.Test
+@org.junit.Ignore
 public void testAuthorizationCodeGrantWithUnknownAudience() throws 
Exception {
 URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/bf3e0eb2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index abdd55e..3de3041 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -349,10 +349,6 @@ public class AuthorizationGrantTest extends 
AbstractBusClientServerTestBase {
 assertNotNull(accessToken.getTokenKey());
 assertNotNull(accessToken.getRefreshToken());
 }
-<<< HEAD
 */
 
-===
-  
->>> dacc6f8... Adding some audience system tests
 }

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b1fc5e49
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b1fc5e49
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b1fc5e49

Branch: refs/heads/3.0.x-fixes
Commit: b1fc5e49b0f1aa90e529ec473591e6ed735c44da
Parents: 808558f
Author: Colm O hEigeartaigh 
Authored: Thu Dec 10 17:07:07 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 10 17:07:07 2015 +

--
 .../rs/security/oidc/idp/IdTokenResponseFilter.java| 13 ++---
 .../apache/cxf/rs/security/oidc/utils/OidcUtils.java   |  1 +
 2 files changed, 3 insertions(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/b1fc5e49/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 8f2ef01..2f4e371 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -33,21 +33,12 @@ public class IdTokenResponseFilter extends 
AbstractOAuthServerJoseJwtProducer im
 private String issuer;
 @Override
 public void process(ClientAccessToken ct, ServerAccessToken st) {
-<<< HEAD
-// This may also be done directly inside a data provider code creating 
the server token
-===
 // Only add an IdToken if the client has the "openid" scope
 if (ct.getApprovedScope() == null || 
!ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) {
 return;
 }
-String idToken = getProcessedIdToken(st);
-if (idToken != null) {
-ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);
-} 
-
-}
-private String getProcessedIdToken(ServerAccessToken st) {
->>> dc1a867... Only issue an IdToken if the client has the correct scope 
(for OpenId)
+
+// This may also be done directly inside a data provider code creating 
the server token
 if (userInfoProvider != null) {
 IdToken token = 
 userInfoProvider.getIdToken(st.getClient().getClientId(), 
st.getSubject(), st.getScopes());

http://git-wip-us.apache.org/repos/asf/cxf/blob/b1fc5e49/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 7ced717..7aa06a1 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -33,6 +33,7 @@ import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
 
 public final class OidcUtils {
 public static final String ID_TOKEN = "id_token";
+public static final String OPENID_SCOPE = "openid";
 public static final String OIDC_SCOPE = "oidc";
 public static final String PROFILE_SCOPE = "profile";
 public static final String EMAIL_SCOPE = "email";

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/191fbf01
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/191fbf01
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/191fbf01

Branch: refs/heads/3.0.x-fixes
Commit: 191fbf01488c1bff9603a1196f65aaa859ee3178
Parents: e474a7b
Author: Colm O hEigeartaigh 
Authored: Mon Oct 12 17:26:49 2015 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 12 17:26:49 2015 +0100

--
 .../cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java   | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/191fbf01/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
--
diff --git 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 3c68633..1cc56c46 100644
--- 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -45,11 +45,8 @@ public class JwtAuthenticationFilter extends 
AbstractJoseJwtConsumer implements
 private static final String DEFAULT_AUTH_SCHEME = "JWT";
 private String expectedAuthScheme = DEFAULT_AUTH_SCHEME;
 private int clockOffset;
-<<< HEAD
 private int ttl;
-===
 private String roleClaim;
->>> d2d8f6d... Allow role processing from JWT tokens
 
 @Override
 public void filter(ContainerRequestContext requestContext) throws 
IOException {
@@ -97,7 +94,6 @@ public class JwtAuthenticationFilter extends 
AbstractJoseJwtConsumer implements
 public void setClockOffset(int clockOffset) {
 this.clockOffset = clockOffset;
 }
-<<< HEAD
 
 public int getTtl() {
 return ttl;
@@ -105,7 +101,7 @@ public class JwtAuthenticationFilter extends 
AbstractJoseJwtConsumer implements
 
 public void setTtl(int ttl) {
 this.ttl = ttl;
-===
+}
 
 public String getRoleClaim() {
 return roleClaim;
@@ -113,6 +109,5 @@ public class JwtAuthenticationFilter extends 
AbstractJoseJwtConsumer implements
 
 public void setRoleClaim(String roleClaim) {
 this.roleClaim = roleClaim;
->>> d2d8f6d... Allow role processing from JWT tokens
 }
 }

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f129e0b7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f129e0b7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f129e0b7

Branch: refs/heads/3.0.x-fixes
Commit: f129e0b783cd426ff5836944ed23303bdcac5ce6
Parents: a5474c5
Author: Colm O hEigeartaigh 
Authored: Fri Sep 25 11:47:48 2015 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Sep 25 11:47:48 2015 +0100

--
 .../cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f129e0b7/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 27ac84b..ec0086a 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -658,7 +658,7 @@ public class PolicyBasedWSS4JInInterceptor extends 
WSS4JInInterceptor {
 
(String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
 if (asymSignatureAlgorithm != null || symSignatureAlgorithm != 
null) {
 Collection algorithmSuites = 
-PolicyUtils.getAllAssertionsByLocalname(aim, 
SPConstants.ALGORITHM_SUITE);
+getAllAssertionsByLocalname(aim, 
SPConstants.ALGORITHM_SUITE);
 if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
 for (AssertionInfo algorithmSuite : algorithmSuites) {
 AlgorithmSuite algSuite = 
(AlgorithmSuite)algorithmSuite.getAssertion();

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fea7b4dc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fea7b4dc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fea7b4dc

Branch: refs/heads/3.0.x-fixes
Commit: fea7b4dc8fbace5264a7cc6b448cbbbc969ab2b7
Parents: 8cc16fc
Author: Colm O hEigeartaigh 
Authored: Mon Sep 7 16:41:11 2015 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Sep 7 16:41:11 2015 +0100

--
 .../org/apache/cxf/ws/security/SecurityConstants.java  | 10 ++
 .../security/wss4j/PolicyBasedWSS4JOutInterceptor.java | 13 +
 .../org/apache/cxf/systest/ws/x509/client.xml  |  4 ++--
 .../org/apache/cxf/systest/ws/x509/server.xml  |  4 ++--
 .../org/apache/cxf/systest/ws/x509/stax-server.xml |  4 ++--
 5 files changed, 13 insertions(+), 22 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/fea7b4dc/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index ae8b26b..9b797bd 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -671,18 +671,12 @@ public final class SecurityConstants {
 TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, 
SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND,
 ASYMMETRIC_SIGNATURE_ALGORITHM, PASSWORD_ENCRYPTOR_INSTANCE, 
ENABLE_SAML_ONE_TIME_USE_CACHE,
 SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY, 
RETURN_SECURITY_ERROR,
-<<< HEAD
 CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, 
PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
 DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, 
 KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, 
STS_TOKEN_IMMINENT_EXPIRY_VALUE,
 KERBEROS_REQUEST_CREDENTIAL_DELEGATION, 
ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
-AUDIENCE_RESTRICTION_VALIDATION, STORE_BYTES_IN_ATTACHMENT, 
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
-===
-CACHE_IDENTIFIER, DELEGATED_CREDENTIAL, 
KERBEROS_USE_CREDENTIAL_DELEGATION, 
-KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, 
KERBEROS_REQUEST_CREDENTIAL_DELEGATION, 
-POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, 
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM,
-SYMMETRIC_SIGNATURE_ALGORITHM
->>> 5fbe7b4... [CXF-6582] - Support newer symmetric signature algorithms 
with WS-SecurityPolicy
+AUDIENCE_RESTRICTION_VALIDATION, STORE_BYTES_IN_ATTACHMENT,
+USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, 
SYMMETRIC_SIGNATURE_ALGORITHM
 }));
 ALL_PROPERTIES = Collections.unmodifiableSet(s);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/fea7b4dc/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index a603c4e..99eea8e 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -168,7 +168,6 @@ public class PolicyBasedWSS4JOutInterceptor extends 
AbstractPhaseInterceptor>> 5fbe7b4... [CXF-6582] - Support newer symmetric signature algorithms 
with WS-SecurityPolicy
+String symSignatureAlgorithm = 
+
(String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+if (symSignatureAlgorithm != null && 
transport.getAlgorithmSuite() != null) {
+
transport.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+}
 
 if (transport instanceof TransportBinding) {
 new TransportBindingHandler(config, 
(TransportBinding)transport, saaj,

http://git-wip-us.apache.org/repos/asf/cxf/blob/fea7b4dc/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
--
diff --git 
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
 
b/systests/ws-security/src/test/resources/org/apache/cxf/s

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/986cae31
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/986cae31
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/986cae31

Branch: refs/heads/2.7.x-fixes
Commit: 986cae31ac3532fcdbd375a7bdd1fc7fb5477dd7
Parents: 7e6f1e0
Author: Colm O hEigeartaigh 
Authored: Fri Aug 21 17:01:27 2015 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Aug 21 17:01:27 2015 +0100

--
 .../cxf/sts/cache/AbstractIdentityCache.java| 147 ---
 .../cxf/sts/cache/EHCacheIdentityCache.java |  10 ++
 .../cxf/sts/cache/MemoryIdentityCache.java  |  10 ++
 3 files changed, 20 insertions(+), 147 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/986cae31/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/AbstractIdentityCache.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/AbstractIdentityCache.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/AbstractIdentityCache.java
deleted file mode 100644
index d98d161..000
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/AbstractIdentityCache.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.cache;
-
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.management.ManagedComponent;
-import org.apache.cxf.sts.IdentityMapper;
-import org.apache.wss4j.common.principal.CustomTokenPrincipal;
-
-public abstract class AbstractIdentityCache implements IdentityCache, 
IdentityMapper, ManagedComponent {
-
-private static final Logger LOG = 
LogUtils.getL7dLogger(AbstractIdentityCache.class);
-
-private final IdentityMapper identityMapper;
-private final Bus bus;
-private MemoryIdentityCacheStatistics statistics;
-
-public AbstractIdentityCache(IdentityMapper identityMapper) {
-this(null, identityMapper);
-}
-
-public AbstractIdentityCache(Bus bus, IdentityMapper identityMapper) {
-this.identityMapper = identityMapper;
-this.bus = bus;
-}
-
-public Principal mapPrincipal(String sourceRealm,
-Principal sourcePrincipal, String targetRealm) {
-
-Principal targetPrincipal = null;
-Map identities = this.get(sourcePrincipal.getName(), 
sourceRealm);
-if (identities != null) {
-if (LOG.isLoggable(Level.FINE)) {
-LOG.fine("Identities found for '" + sourcePrincipal.getName() 
+ "@" + sourceRealm + "'");
-}
-// Identities object found for key sourceUser@sourceRealm
-String targetUser = identities.get(targetRealm);
-if (targetUser == null) {
-getStatistics().increaseCacheMiss();
-if (LOG.isLoggable(Level.FINE)) {
-LOG.fine("No mapping found for realm " + targetRealm + " 
of user '"
- + sourcePrincipal.getName() + "@" + sourceRealm + 
"'");
-}
-// User identity of target realm not cached yet
-targetPrincipal = this.identityMapper.mapPrincipal(
-sourceRealm, sourcePrincipal, targetRealm);
-
-if (targetPrincipal == null || targetPrincipal.getName() == 
null) {
-if (LOG.isLoggable(Level.FINE)) {
-LOG.fine("Failed to map user '" + 
sourcePrincipal.getName()
-+ "' [" + sourceRealm + "] to realm '"
-+ targetRealm + "'");
-}
-return null;
-}
-
-// Add the identity fo

[4/4] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5988f473
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5988f473
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5988f473

Branch: refs/heads/2.7.x-fixes
Commit: 5988f47316feb71692d98f372e7c4992fa0ca4af
Parents: fdaf2f3
Author: Colm O hEigeartaigh 
Authored: Thu Jul 30 21:59:25 2015 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jul 30 21:59:25 2015 +0100

--
 .../saml/sso/SAMLSSOResponseValidator.java  | 11 +
 .../saml/sso/CombinedValidatorTest.java | 48 ++--
 2 files changed, 27 insertions(+), 32 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5988f473/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
--
diff --git 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index 65fe7b5..2d864a5 100644
--- 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -134,17 +134,10 @@ public class SAMLSSOResponseValidator {
 SSOValidatorResponse validatorResponse = new SSOValidatorResponse();
 validatorResponse.setResponseId(samlResponse.getID());
 validatorResponse.setSessionNotOnOrAfter(sessionNotOnOrAfter);
-// the assumption for now is that SAMLResponse will contain only a 
single assertion
-<<< HEAD
-Element assertionElement = 
samlResponse.getAssertions().get(0).getDOM();
-
validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
-===
+
 Element assertionElement = validAssertion.getDOM();
-Element clonedAssertionElement = 
(Element)assertionElement.cloneNode(true);
-validatorResponse.setAssertionElement(clonedAssertionElement);
-
validatorResponse.setAssertion(DOM2Writer.nodeToString(clonedAssertionElement));
+
validatorResponse.setAssertion(DOM2Writer.nodeToString(assertionElement.cloneNode(true)));
 
->>> 1c2a530... Adding SAML SSO tests.
 return validatorResponse;
 }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/5988f473/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
--
diff --git 
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
 
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
index 5893af8..7b9a9c1 100644
--- 
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
+++ 
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.rs.security.saml.sso;
 
 import java.io.InputStream;
+import java.io.StringReader;
 import java.security.KeyStore;
 import java.util.Collections;
 
@@ -28,20 +29,19 @@ import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.Merlin;
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.apache.wss4j.common.saml.SAMLCallback;
-import org.apache.wss4j.common.saml.SAMLUtil;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
-import org.apache.wss4j.common.saml.bean.ConditionsBean;
-import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.apache.wss4j.common.util.Loader;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.Merlin;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.saml.ext.bean.AudienceRestrictionBean;
+import org.apache.ws.security.saml.ext.bean.ConditionsBean;
+import org.apache.ws.security.saml.ext.bean.SubjectConfirmationDataBean;
+import org.apache.ws.security.saml.ext.bui