Fix a bunch more warnings
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f0797a55 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f0797a55 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f0797a55 Branch: refs/heads/master Commit: f0797a552381467b1e10cba019c4a556e3734db1 Parents: c6ec599 Author: Daniel Kulp <dk...@apache.org> Authored: Wed Aug 9 18:07:04 2017 -0400 Committer: Daniel Kulp <dk...@apache.org> Committed: Thu Aug 10 11:17:55 2017 -0400 ---------------------------------------------------------------------- .../policy/custom/AlgorithmSuiteBuilder.java | 4 +- .../policy/interceptors/STSInvoker.java | 8 +- .../SecureConversationOutInterceptor.java | 4 +- .../SpnegoContextTokenInInterceptor.java | 12 +-- .../ws/security/tokenstore/SecurityToken.java | 12 +-- .../ws/security/trust/AbstractSTSClient.java | 32 +++--- .../security/trust/DefaultSTSTokenCacher.java | 18 ++-- .../cxf/ws/security/trust/STSLoginModule.java | 4 +- .../wss4j/AbstractTokenInterceptor.java | 11 +- .../wss4j/AbstractWSS4JInterceptor.java | 8 +- .../wss4j/AbstractWSS4JStaxInterceptor.java | 3 +- .../wss4j/AlgorithmSuiteTranslater.java | 10 +- .../wss4j/BinarySecurityTokenInterceptor.java | 5 +- .../security/wss4j/CryptoCoverageChecker.java | 4 +- .../ws/security/wss4j/CryptoCoverageUtil.java | 16 +-- .../ws/security/wss4j/SamlTokenInterceptor.java | 5 +- .../security/wss4j/StaxActionInInterceptor.java | 4 +- .../wss4j/UsernameTokenInterceptor.java | 7 +- .../security/wss4j/WSS4JStaxInInterceptor.java | 3 +- .../policyhandlers/AbstractBindingBuilder.java | 103 ++++++++++--------- .../AbstractStaxBindingHandler.java | 27 ++--- .../AsymmetricBindingHandler.java | 31 +++--- .../StaxAsymmetricBindingHandler.java | 13 +-- .../StaxSymmetricBindingHandler.java | 11 +- .../StaxTransportBindingHandler.java | 5 +- .../policyhandlers/SymmetricBindingHandler.java | 79 +++++++------- .../policyhandlers/TransportBindingHandler.java | 21 ++-- .../AbstractSupportingTokenPolicyValidator.java | 3 +- .../AlgorithmSuitePolicyValidator.java | 7 +- .../IssuedTokenPolicyValidator.java | 9 +- .../X509TokenPolicyValidator.java | 7 +- .../ws/security/wss4j/AbstractSecurityTest.java | 16 +-- .../security/wss4j/DOMToStaxRoundTripTest.java | 14 +-- .../wss4j/StaxCryptoCoverageCheckerTest.java | 22 ++-- .../security/wss4j/StaxRoundTripActionTest.java | 48 ++++----- .../ws/security/wss4j/StaxRoundTripTest.java | 34 +++--- .../StaxToDOMEncryptionIdentifierTest.java | 22 ++-- .../security/wss4j/StaxToDOMRoundTripTest.java | 56 +++++----- .../wss4j/StaxToDOMSignatureIdentifierTest.java | 12 ++- .../wss4j/UserNameTokenAuthorizationTest.java | 7 +- .../ws/security/wss4j/WSS4JFaultCodeTest.java | 8 +- .../cxf/ws/security/wss4j/WSS4JInOutTest.java | 19 ++-- .../security/wss4j/WSS4JOutInterceptorTest.java | 11 +- .../wss4j/saml/AbstractSAMLCallbackHandler.java | 5 +- .../org/apache/cxf/sts/SignatureProperties.java | 3 +- .../ClaimsAttributeStatementProvider.java | 6 +- .../cxf/sts/operation/AbstractOperation.java | 17 +-- .../sts/rest/RESTSecurityTokenServiceImpl.java | 8 +- .../cxf/sts/service/EncryptionProperties.java | 19 ++-- .../token/delegation/SAMLDelegationHandler.java | 4 +- .../ActAsAttributeStatementProvider.java | 4 +- .../DefaultAttributeStatementProvider.java | 6 +- .../token/provider/DefaultSubjectProvider.java | 10 +- .../sts/token/provider/SAMLTokenProvider.java | 10 +- .../sts/token/provider/SamlCallbackHandler.java | 6 +- .../sts/token/provider/SymmetricKeyHandler.java | 14 +-- .../cxf/sts/token/renewer/SAMLTokenRenewer.java | 3 +- .../sts/token/validator/SAMLTokenValidator.java | 4 +- .../token/validator/UsernameTokenValidator.java | 4 +- .../sts/token/validator/X509TokenValidator.java | 5 +- .../claims/mapper/JexlIssueSamlClaimsTest.java | 9 +- .../cxf/sts/common/CustomAttributeProvider.java | 12 +-- .../sts/operation/IssueEncryptedUnitTest.java | 33 +++--- .../sts/operation/IssueJWTClaimsUnitTest.java | 18 ++-- .../operation/IssueJWTOnbehalfofUnitTest.java | 8 +- .../sts/operation/IssueJWTRealmUnitTest.java | 8 +- .../cxf/sts/operation/IssueJWTUnitTest.java | 8 +- .../sts/operation/IssueOnbehalfofUnitTest.java | 60 +++++------ .../cxf/sts/operation/IssueSCTUnitTest.java | 10 +- .../sts/operation/IssueSamlClaimsUnitTest.java | 36 +++---- .../sts/operation/IssueSamlRealmUnitTest.java | 18 ++-- .../cxf/sts/operation/IssueSamlUnitTest.java | 61 +++++------ .../apache/cxf/sts/operation/IssueUnitTest.java | 8 +- .../cxf/sts/operation/RenewSamlUnitTest.java | 10 +- .../ValidateJWTTransformationTest.java | 8 +- .../cxf/sts/operation/ValidateSamlUnitTest.java | 6 +- .../ValidateTokenTransformationUnitTest.java | 22 ++-- .../ValidateUsernameTokenUnitTest.java | 4 +- .../operation/ValidateX509TokenUnitTest.java | 4 +- .../provider/CustomAuthenticationProvider.java | 4 +- .../token/provider/CustomSubjectProvider.java | 6 +- .../token/provider/JWTProviderActAsTest.java | 6 +- .../provider/JWTProviderOnBehalfOfTest.java | 6 +- .../cxf/sts/token/provider/SAMLClaimsTest.java | 30 +++--- .../token/provider/SAMLProviderActAsTest.java | 31 +++--- .../token/provider/SAMLProviderCustomTest.java | 34 +++--- .../token/provider/SAMLProviderKeyTypeTest.java | 84 +++++++-------- .../provider/SAMLProviderLifetimeTest.java | 34 +++--- .../provider/SAMLProviderOnBehalfOfTest.java | 18 ++-- .../token/provider/SAMLProviderRealmTest.java | 18 ++-- .../renewer/SAMLTokenRenewerLifetimeTest.java | 12 +-- .../token/renewer/SAMLTokenRenewerPOPTest.java | 5 +- .../renewer/SAMLTokenRenewerRealmTest.java | 6 +- .../sts/token/renewer/SAMLTokenRenewerTest.java | 16 +-- .../SAMLTokenValidatorCachedRealmTest.java | 6 +- .../validator/SAMLTokenValidatorRealmTest.java | 6 +- .../token/validator/SAMLTokenValidatorTest.java | 26 ++--- .../validator/UsernameTokenValidatorTest.java | 16 +-- .../token/validator/X509TokenValidatorTest.java | 6 +- .../systest/sts/batch/SimpleBatchSTSClient.java | 28 ++--- .../CustomAttributeStatementProvider.java | 6 +- .../CustomUsernameTokenProvider.java | 4 +- .../systest/sts/renew/SAMLRenewUnitTest.java | 14 +-- .../sts/secure_conv/SCTSAMLTokenProvider.java | 10 +- .../sts_sender_vouches/SVSubjectProvider.java | 6 +- .../sts/delegation/SAMLDelegationTest.java | 6 +- .../systest/sts/issueunit/IssueUnitTest.java | 10 +- .../sts/symmetric/SymmetricBindingTest.java | 4 +- .../sts/transport/TransportBindingTest.java | 4 +- .../CryptoCoverageCheckerTest.java | 4 +- .../apache/cxf/systest/ws/fault/FaultTest.java | 4 +- .../systest/ws/fault/ModifiedRequestTest.java | 14 +-- .../ws/gcm/MGF256AlgorithmSuiteLoader.java | 10 +- .../ws/policy/JavaFirstPolicyServiceTest.java | 7 +- .../cxf/systest/ws/saml/SamlTokenTest.java | 4 +- .../cxf/systest/ws/wssc/WSSCUnitTest.java | 2 +- .../cxf/systest/ws/x509/SHA512PolicyLoader.java | 4 +- 117 files changed, 890 insertions(+), 847 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java index d68f133..c69b9a1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteBuilder.java @@ -29,7 +29,7 @@ import org.apache.neethi.AssertionBuilderFactory; import org.apache.neethi.Policy; import org.apache.neethi.builders.AssertionBuilder; import org.apache.wss4j.policy.SP11Constants; -import org.apache.wss4j.policy.SP13Constants; +import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.SPUtils; import org.apache.wss4j.policy.model.AlgorithmSuite; @@ -77,7 +77,7 @@ public class AlgorithmSuiteBuilder implements AssertionBuilder<Element> { @Override public QName[] getKnownElements() { - return new QName[]{SP13Constants.ALGORITHM_SUITE, SP11Constants.ALGORITHM_SUITE}; + return new QName[]{SP12Constants.ALGORITHM_SUITE, SP11Constants.ALGORITHM_SUITE}; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java index e68c61f..7f56164 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java @@ -45,6 +45,7 @@ import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.trust.STSUtils; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.bsp.BSPEnforcer; import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.derivedKey.P_SHA1; @@ -52,7 +53,6 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.token.Reference; import org.apache.wss4j.common.token.SecurityTokenReference; import org.apache.wss4j.common.util.DateUtil; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.message.token.SecurityContextToken; import org.apache.wss4j.dom.util.WSSecurityUtil; @@ -292,12 +292,12 @@ abstract class STSInvoker implements Invoker { String namespace ) throws Exception { writer.writeStartElement(prefix, "Lifetime", namespace); - writer.writeNamespace("wsu", WSConstants.WSU_NS); - writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS); + writer.writeNamespace("wsu", WSS4JConstants.WSU_NS); + writer.writeStartElement("wsu", "Created", WSS4JConstants.WSU_NS); writer.writeCharacters(created.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); - writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS); + writer.writeStartElement("wsu", "Expires", WSS4JConstants.WSU_NS); writer.writeCharacters(expires.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); writer.writeEndElement(); http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java index 452f9bd..6ea42ec 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java @@ -41,7 +41,7 @@ import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils; import org.apache.cxf.ws.security.trust.STSClient; import org.apache.cxf.ws.security.trust.STSUtils; -import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.SecureConversationToken; import org.apache.wss4j.policy.model.Trust10; @@ -197,7 +197,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess String tokenType = tok.getTokenType(); tok.setTokenType(tokenType); if (tokenType == null || "".equals(tokenType)) { - tok.setTokenType(WSConstants.WSC_SCT); + tok.setTokenType(WSS4JConstants.WSC_SCT); } return tok; } catch (RuntimeException e) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java index 21c42d8..e2d527a 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java @@ -56,8 +56,8 @@ import org.apache.neethi.All; import org.apache.neethi.Assertion; import org.apache.neethi.ExactlyOne; import org.apache.neethi.Policy; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.spnego.SpnegoTokenContext; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSConfig; import org.apache.wss4j.dom.message.token.SecurityContextToken; import org.apache.wss4j.dom.util.WSSecurityUtil; @@ -278,7 +278,7 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa throw new Exception("No BinaryExchange element received"); } String encoding = binaryExchange.getAttributeNS(null, "EncodingType"); - if (!WSConstants.BASE64_ENCODING.equals(encoding)) { + if (!WSS4JConstants.BASE64_ENCODING.equals(encoding)) { throw new Exception("Unknown encoding type: " + encoding); } @@ -316,12 +316,12 @@ class SpnegoContextTokenInInterceptor extends AbstractPhaseInterceptor<SoapMessa writer.writeStartElement(prefix, "RequestedProofToken", namespace); // EncryptedKey - writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptedKey", WSConstants.ENC_NS); - writer.writeStartElement(WSConstants.ENC_PREFIX, "EncryptionMethod", WSConstants.ENC_NS); + writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "EncryptedKey", WSS4JConstants.ENC_NS); + writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "EncryptionMethod", WSS4JConstants.ENC_NS); writer.writeAttribute("Algorithm", namespace + "/spnego#GSS_Wrap"); writer.writeEndElement(); - writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherData", WSConstants.ENC_NS); - writer.writeStartElement(WSConstants.ENC_PREFIX, "CipherValue", WSConstants.ENC_NS); + writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherData", WSS4JConstants.ENC_NS); + writer.writeStartElement(WSS4JConstants.ENC_PREFIX, "CipherValue", WSS4JConstants.ENC_NS); writer.writeCharacters(Base64.getMimeEncoder().encodeToString(key)); http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java index eac0b0c..7fa4a4c 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java @@ -39,11 +39,11 @@ import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.security.SecurityContext; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.staxutils.W3CDOMStreamWriter; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.token.Reference; import org.apache.wss4j.common.util.DOM2Writer; import org.apache.wss4j.common.util.XMLUtils; -import org.apache.wss4j.dom.WSConstants; /** @@ -227,14 +227,14 @@ public class SecurityToken implements Serializable { try { Element createdElem = DOMUtils.getFirstChildWithName(lifetimeElem, - WSConstants.WSU_NS, - WSConstants.CREATED_LN); + WSS4JConstants.WSU_NS, + WSS4JConstants.CREATED_LN); this.created = ZonedDateTime.parse(DOMUtils.getContent(createdElem)).toInstant(); Element expiresElem = DOMUtils.getFirstChildWithName(lifetimeElem, - WSConstants.WSU_NS, - WSConstants.EXPIRES_LN); + WSS4JConstants.WSU_NS, + WSS4JConstants.EXPIRES_LN); this.expires = ZonedDateTime.parse(DOMUtils.getContent(expiresElem)).toInstant(); } catch (DateTimeParseException e) { //shouldn't happen @@ -454,7 +454,7 @@ public class SecurityToken implements Serializable { } if ("KeyInfo".equals(child.getLocalName()) - && WSConstants.SIG_NS.equals(child.getNamespaceURI())) { + && WSS4JConstants.SIG_NS.equals(child.getNamespaceURI())) { return DOMUtils.getContent(child); } else if (Reference.TOKEN.getLocalPart().equals(child.getLocalName()) && Reference.TOKEN.getNamespaceURI().equals(child.getNamespaceURI())) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java index 4fc227a..a1ef079 100755 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java @@ -113,6 +113,7 @@ import org.apache.neethi.ExactlyOne; import org.apache.neethi.Policy; import org.apache.neethi.PolicyComponent; import org.apache.neethi.PolicyRegistry; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.CryptoType; @@ -122,7 +123,6 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.token.Reference; import org.apache.wss4j.common.util.DateUtil; import org.apache.wss4j.common.util.XMLUtils; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSDocInfo; import org.apache.wss4j.dom.engine.WSSConfig; import org.apache.wss4j.dom.engine.WSSecurityEngineResult; @@ -985,7 +985,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv W3CDOMStreamWriter writer ) throws XMLStreamException { writer.writeStartElement("wst", "BinaryExchange", namespace); - writer.writeAttribute("EncodingType", WSConstants.BASE64_ENCODING); + writer.writeAttribute("EncodingType", WSS4JConstants.BASE64_ENCODING); writer.writeAttribute("ValueType", namespace + "/spnego"); writer.writeCharacters(binaryExchange); writer.writeEndElement(); @@ -1378,12 +1378,12 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv Instant expires = created.plusSeconds(ttl); writer.writeStartElement("wst", "Lifetime", namespace); - writer.writeNamespace("wsu", WSConstants.WSU_NS); - writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS); + writer.writeNamespace("wsu", WSS4JConstants.WSU_NS); + writer.writeStartElement("wsu", "Created", WSS4JConstants.WSU_NS); writer.writeCharacters(created.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); - writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS); + writer.writeStartElement("wsu", "Expires", WSS4JConstants.WSU_NS); writer.writeCharacters(expires.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true))); writer.writeEndElement(); writer.writeEndElement(); @@ -1501,7 +1501,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv // First check for the binary secret String b64Secret = DOMUtils.getContent(child); secret = Base64.getMimeDecoder().decode(b64Secret); - } else if (childQname.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN))) { + } else if (childQname.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) { secret = decryptKey(child); } else if (childQname.equals(new QName(namespace, "ComputedKey"))) { // Handle the computed key @@ -1510,7 +1510,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv if (computedKeyChild != null) { QName computedKeyChildQName = DOMUtils.getElementQName(computedKeyChild); - if (computedKeyChildQName.equals(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN))) { + if (computedKeyChildQName.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) { serviceEntr = decryptKey(computedKeyChild); } else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret"))) { String content = DOMUtils.getContent(computedKeyChild); @@ -1560,11 +1560,11 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) { // Get the CipherValue Element tmpE = - XMLUtils.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS); + XMLUtils.getDirectChildElement(child, "CipherData", WSS4JConstants.ENC_NS); byte[] cipherValue = null; if (tmpE != null) { tmpE = - XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS); + XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSS4JConstants.ENC_NS); if (tmpE != null) { String content = DOMUtils.getContent(tmpE); cipherValue = Base64.getMimeDecoder().decode(content); @@ -1658,10 +1658,10 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv String id = null; if (rst != null) { QName elName = DOMUtils.getElementQName(rst); - if (elName.equals(new QName(WSConstants.SAML_NS, "Assertion")) + if (elName.equals(new QName(WSS4JConstants.SAML_NS, "Assertion")) && rst.hasAttributeNS(null, "AssertionID")) { id = rst.getAttributeNS(null, "AssertionID"); - } else if (elName.equals(new QName(WSConstants.SAML2_NS, "Assertion")) + } else if (elName.equals(new QName(WSS4JConstants.SAML2_NS, "Assertion")) && rst.hasAttributeNS(null, "ID")) { id = rst.getAttributeNS(null, "ID"); } @@ -1676,13 +1676,13 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv id = this.getIDFromSTR(rur); } if ((id == null || "".equals(id)) && rst != null) { - id = rst.getAttributeNS(WSConstants.WSU_NS, "Id"); + id = rst.getAttributeNS(WSS4JConstants.WSU_NS, "Id"); if (id == null || "".equals(id)) { QName elName = DOMUtils.getElementQName(rst); - if (elName.equals(new QName(WSConstants.SAML2_NS, "EncryptedAssertion"))) { + if (elName.equals(new QName(WSS4JConstants.SAML2_NS, "EncryptedAssertion"))) { Element child = DOMUtils.getFirstElement(rst); if (child != null) { - id = child.getAttributeNS(WSConstants.WSU_NS, "Id"); + id = child.getAttributeNS(WSS4JConstants.WSU_NS, "Id"); } } } @@ -1696,8 +1696,8 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv return null; } QName elName = DOMUtils.getElementQName(child); - if (elName.equals(new QName(WSConstants.SIG_NS, "KeyInfo")) - || elName.equals(new QName(WSConstants.WSSE_NS, "KeyIdentifier"))) { + if (elName.equals(new QName(WSS4JConstants.SIG_NS, "KeyInfo")) + || elName.equals(new QName(WSS4JConstants.WSSE_NS, "KeyIdentifier"))) { return DOMUtils.getContent(child); } else if (elName.equals(Reference.TOKEN)) { return child.getAttributeNS(null, "URI"); http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java index 4ef4ab4..37d74cb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/DefaultSTSTokenCacher.java @@ -33,10 +33,10 @@ import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.util.XMLUtils; -import org.apache.wss4j.dom.WSConstants; public class DefaultSTSTokenCacher implements STSTokenCacher { @@ -140,7 +140,7 @@ public class DefaultSTSTokenCacher implements STSTokenCacher { private static boolean isOneTimeUse(SecurityToken issuedToken) { Element token = issuedToken.getToken(); if (token != null && "Assertion".equals(token.getLocalName()) - && WSConstants.SAML2_NS.equals(token.getNamespaceURI())) { + && WSS4JConstants.SAML2_NS.equals(token.getNamespaceURI())) { try { SamlAssertionWrapper assertion = new SamlAssertionWrapper(token); @@ -161,26 +161,26 @@ public class DefaultSTSTokenCacher implements STSTokenCacher { if (token != null) { // For SAML tokens get the ID/AssertionID if ("Assertion".equals(token.getLocalName()) - && WSConstants.SAML2_NS.equals(token.getNamespaceURI())) { + && WSS4JConstants.SAML2_NS.equals(token.getNamespaceURI())) { return token.getAttributeNS(null, "ID"); } else if ("Assertion".equals(token.getLocalName()) - && WSConstants.SAML_NS.equals(token.getNamespaceURI())) { + && WSS4JConstants.SAML_NS.equals(token.getNamespaceURI())) { return token.getAttributeNS(null, "AssertionID"); } // For UsernameTokens get the username - if (WSConstants.USERNAME_TOKEN_LN.equals(token.getLocalName()) - && WSConstants.WSSE_NS.equals(token.getNamespaceURI())) { + if (WSS4JConstants.USERNAME_TOKEN_LN.equals(token.getLocalName()) + && WSS4JConstants.WSSE_NS.equals(token.getNamespaceURI())) { Element usernameElement = - XMLUtils.getDirectChildElement(token, WSConstants.USERNAME_LN, WSConstants.WSSE_NS); + XMLUtils.getDirectChildElement(token, WSS4JConstants.USERNAME_LN, WSS4JConstants.WSSE_NS); if (usernameElement != null) { return XMLUtils.getElementText(usernameElement); } } // For BinarySecurityTokens take the hash of the value - if (WSConstants.BINARY_TOKEN_LN.equals(token.getLocalName()) - && WSConstants.WSSE_NS.equals(token.getNamespaceURI())) { + if (WSS4JConstants.BINARY_TOKEN_LN.equals(token.getLocalName()) + && WSS4JConstants.WSSE_NS.equals(token.getNamespaceURI())) { String text = XMLUtils.getElementText(token); if (text != null && !"".equals(text)) { try { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java index 5357f35..ce00a9f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java @@ -61,9 +61,9 @@ import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory; import org.apache.cxf.ws.security.trust.claims.RoleClaimsCallbackHandler; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.util.Loader; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.message.token.UsernameToken; import org.apache.wss4j.dom.validate.Credential; @@ -347,7 +347,7 @@ public class STSLoginModule implements LoginModule { Document doc = DOMUtils.createDocument(); UsernameToken token = new UsernameToken(false, doc, - WSConstants.PASSWORD_TEXT); + WSS4JConstants.PASSWORD_TEXT); token.setName(username); token.setPassword(password); return token; http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java index d957db0..3176e43 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java @@ -49,6 +49,7 @@ import org.apache.cxf.ws.policy.PolicyException; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.TokenStore; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.policy.SPConstants; @@ -154,8 +155,8 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor { for (Header h : message.getHeaders()) { QName n = h.getName(); if (n.getLocalPart().equals("Security") - && (n.getNamespaceURI().equals(WSConstants.WSSE_NS) - || n.getNamespaceURI().equals(WSConstants.WSSE11_NS))) { + && (n.getNamespaceURI().equals(WSS4JConstants.WSSE_NS) + || n.getNamespaceURI().equals(WSS4JConstants.WSSE11_NS))) { return h; } } @@ -163,9 +164,9 @@ public abstract class AbstractTokenInterceptor extends AbstractSoapInterceptor { return null; } Document doc = DOMUtils.createDocument(); - Element el = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Security"); - el.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsse", WSConstants.WSSE_NS); - SoapHeader sh = new SoapHeader(new QName(WSConstants.WSSE_NS, "Security"), el); + Element el = doc.createElementNS(WSS4JConstants.WSSE_NS, "wsse:Security"); + el.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns:wsse", WSS4JConstants.WSSE_NS); + SoapHeader sh = new SoapHeader(new QName(WSS4JConstants.WSSE_NS, "Security"), el); sh.setMustUnderstand(true); message.getHeaders().add(sh); return sh; http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java index 0d57a9a..e222faa 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java @@ -36,10 +36,10 @@ import org.apache.cxf.phase.PhaseInterceptor; import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.ConfigurationConstants; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.PasswordEncryptor; import org.apache.wss4j.common.ext.WSSecurityException; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.dom.handler.WSHandler; @@ -49,9 +49,9 @@ public abstract class AbstractWSS4JInterceptor extends WSHandler implements Soap private static final Set<QName> HEADERS = new HashSet<>(); static { - HEADERS.add(new QName(WSConstants.WSSE_NS, "Security")); - HEADERS.add(new QName(WSConstants.ENC_NS, "EncryptedData")); - HEADERS.add(new QName(WSConstants.WSSE11_NS, "EncryptedHeader")); + HEADERS.add(new QName(WSS4JConstants.WSSE_NS, "Security")); + HEADERS.add(new QName(WSS4JConstants.ENC_NS, "EncryptedData")); + HEADERS.add(new QName(WSS4JConstants.WSSE11_NS, "EncryptedHeader")); } private Map<String, Object> properties = new ConcurrentHashMap<>(); http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java index 68f2ec9..f9c8bd2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java @@ -59,6 +59,7 @@ import org.apache.wss4j.common.util.Loader; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.ext.WSSSecurityProperties; import org.apache.wss4j.stax.setup.ConfigurationConverter; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, PhaseInterceptor<SoapMessage> { @@ -68,7 +69,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, static { HEADERS.add(new QName(WSSConstants.NS_WSSE10, "Security")); - HEADERS.add(new QName(WSSConstants.NS_XMLENC, "EncryptedData")); + HEADERS.add(new QName(XMLSecurityConstants.NS_XMLENC, "EncryptedData")); HEADERS.add(new QName(WSSConstants.NS_WSSE11, "EncryptedHeader")); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java index a56c980..595d419 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java @@ -26,9 +26,9 @@ import java.util.List; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.policy.PolicyUtils; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.crypto.AlgorithmSuite; import org.apache.wss4j.common.ext.WSSecurityException; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.handler.RequestData; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractBinding; @@ -132,10 +132,10 @@ public final class AlgorithmSuiteTranslater { algorithmSuite.addTransformAlgorithm(cxfAlgorithmSuite.getC14n().getValue()); algorithmSuite.addTransformAlgorithm(SPConstants.STRT10); - algorithmSuite.addTransformAlgorithm(WSConstants.C14N_EXCL_OMIT_COMMENTS); - algorithmSuite.addTransformAlgorithm(WSConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE); - algorithmSuite.addTransformAlgorithm(WSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS); - algorithmSuite.addTransformAlgorithm(WSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS); + algorithmSuite.addTransformAlgorithm(WSS4JConstants.C14N_EXCL_OMIT_COMMENTS); + algorithmSuite.addTransformAlgorithm(WSS4JConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE); + algorithmSuite.addTransformAlgorithm(WSS4JConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS); + algorithmSuite.addTransformAlgorithm(WSS4JConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS); algorithmSuite.addDerivedKeyAlgorithm(SPConstants.P_SHA1); algorithmSuite.addDerivedKeyAlgorithm(SPConstants.P_SHA1_L128); http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java index 3b3542e..3664da1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java @@ -35,6 +35,7 @@ import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSDocInfo; @@ -65,8 +66,8 @@ public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor { Element el = (Element)h.getObject(); Element child = DOMUtils.getFirstElement(el); while (child != null) { - if (WSConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) - && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) { + if (WSS4JConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) + && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) { try { List<WSSecurityEngineResult> bstResults = processToken(child, message); if (bstResults != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java index 9ca26a8..ed6a90c 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java @@ -46,6 +46,7 @@ import org.apache.cxf.interceptor.Fault; import org.apache.cxf.phase.Phase; import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope; import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSDataRef; @@ -148,7 +149,8 @@ public class CryptoCoverageChecker extends AbstractSoapInterceptor { CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (sl != null) { if (sl.size() == 1 - && sl.get(0).getName().equals(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN))) { + && sl.get(0).getName().equals(new QName(WSS4JConstants.SIG_NS, + WSS4JConstants.SIG_LN))) { //endorsing the signature so don't include continue; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java index eedc7e8..d91df20 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java @@ -35,8 +35,8 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.helpers.MapNamespaceContext; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.ext.WSSecurityException; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSDataRef; @@ -73,11 +73,11 @@ public final class CryptoCoverageUtil { Element protectedElement = signedRef.getProtectedElement(); if (protectedElement != null && ("EncryptedData".equals(protectedElement.getLocalName()) - && WSConstants.ENC_NS.equals(protectedElement.getNamespaceURI()) - || WSConstants.ENCRYPTED_HEADER.equals(protectedElement.getLocalName()) - && WSConstants.WSSE11_NS.equals(protectedElement.getNamespaceURI()) - || WSConstants.ENCRYPED_ASSERTION_LN.equals(protectedElement.getLocalName()) - && WSConstants.SAML2_NS.equals(protectedElement.getNamespaceURI()))) { + && WSS4JConstants.ENC_NS.equals(protectedElement.getNamespaceURI()) + || WSS4JConstants.ENCRYPTED_HEADER.equals(protectedElement.getLocalName()) + && WSS4JConstants.WSSE11_NS.equals(protectedElement.getNamespaceURI()) + || WSS4JConstants.ENCRYPED_ASSERTION_LN.equals(protectedElement.getLocalName()) + && WSS4JConstants.SAML2_NS.equals(protectedElement.getNamespaceURI()))) { for (WSDataRef encryptedRef : encryptedRefs) { if (protectedElement == encryptedRef.getEncryptedElement()) { @@ -140,9 +140,9 @@ public final class CryptoCoverageUtil { ) throws WSSecurityException { String requiredTransform = null; if (type == CoverageType.SIGNED && scope == CoverageScope.CONTENT) { - requiredTransform = WSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS; + requiredTransform = WSS4JConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS; } else if (type == CoverageType.SIGNED) { - requiredTransform = WSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS; + requiredTransform = WSS4JConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS; } if (attachments != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java index c2cd5ed..dd8506e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java @@ -46,6 +46,7 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.PolicyUtils; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.PasswordEncryptor; @@ -89,8 +90,8 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor { Element child = DOMUtils.getFirstElement(el); while (child != null) { if ("Assertion".equals(child.getLocalName()) - && (WSConstants.SAML_NS.equals(child.getNamespaceURI()) - || WSConstants.SAML2_NS.equals(child.getNamespaceURI()))) { + && (WSS4JConstants.SAML_NS.equals(child.getNamespaceURI()) + || WSS4JConstants.SAML2_NS.equals(child.getNamespaceURI()))) { try { List<WSSecurityEngineResult> samlResults = processToken(child, message); if (samlResults != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java index 01f25f6..a5005a5 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java @@ -91,7 +91,7 @@ public class StaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessag requiredEvent = WSSecurityEventConstants.TIMESTAMP; } else if (WSSConstants.USERNAMETOKEN.equals(action)) { requiredEvent = WSSecurityEventConstants.USERNAME_TOKEN; - } else if (WSSConstants.SIGNATURE.equals(action)) { + } else if (XMLSecurityConstants.SIGNATURE.equals(action)) { requiredEvent = WSSecurityEventConstants.SignatureValue; } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) { @@ -106,7 +106,7 @@ public class StaxActionInInterceptor extends AbstractPhaseInterceptor<SoapMessag throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex); } - if (WSSConstants.ENCRYPT.equals(action)) { + if (XMLSecurityConstants.ENCRYPT.equals(action)) { boolean foundEncryptionPart = isEventInResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList); if (!foundEncryptionPart) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index e41bea7..36f8f60 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -49,6 +49,7 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.PolicyUtils; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.bsp.BSPEnforcer; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.ext.WSPasswordCallback; @@ -94,7 +95,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { Element child = DOMUtils.getFirstElement(el); while (child != null) { if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) - && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) { + && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) { try { boolean bspCompliant = isWsiBSPCompliant(message); Principal principal = null; @@ -428,9 +429,9 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { utBuilder.setIdAllocator(wssConfig.getIdAllocator()); utBuilder.setWsTimeSource(wssConfig.getCurrentTime()); if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) { - utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST); + utBuilder.setPasswordType(WSS4JConstants.PASSWORD_DIGEST); } else { - utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT); + utBuilder.setPasswordType(WSS4JConstants.PASSWORD_TEXT); } if (token.isCreated()) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java index 73879fe..94f9544 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java @@ -59,6 +59,7 @@ import org.apache.wss4j.stax.setup.InboundWSSec; import org.apache.wss4j.stax.setup.WSSec; import org.apache.wss4j.stax.validate.Validator; import org.apache.xml.security.exceptions.XMLSecurityException; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent; import org.apache.xml.security.stax.securityEvent.SecurityEvent; import org.apache.xml.security.stax.securityEvent.SecurityEventListener; @@ -347,7 +348,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor { } validator = loadValidator(SecurityConstants.SIGNATURE_TOKEN_VALIDATOR, message); if (validator != null) { - properties.addValidator(WSSConstants.TAG_dsig_Signature, validator); + properties.addValidator(XMLSecurityConstants.TAG_dsig_Signature, validator); } validator = loadValidator(SecurityConstants.TIMESTAMP_TOKEN_VALIDATOR, message); if (validator != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 724d8aa..ce484d0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -83,6 +83,7 @@ import org.apache.cxf.wsdl.WSDLConstants; import org.apache.neethi.Assertion; import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.WSEncryptionPart; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.bsp.BSPEnforcer; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; @@ -564,16 +565,16 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle sig.setStoreBytesInAttachment(storeBytesInAttachment); String tokenType = secToken.getTokenType(); - if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); - } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML2_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); + if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); + } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML2_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE); } else if (tokenType != null) { sig.setCustomTokenValueType(tokenType); } else { - sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); } sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); @@ -668,8 +669,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle WSSecSignature tempSig = (WSSecSignature) tempTok; SecurityTokenReference secRef = tempSig.getSecurityTokenReference(); - if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType()) - || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) { + if (WSS4JConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType()) + || WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) { Element secRefElement = cloneElement(secRef.getElement()); addSupportingElement(secRefElement); @@ -712,13 +713,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } else if (tempTok instanceof WSSecurityTokenHolder) { SecurityToken token = ((WSSecurityTokenHolder)tempTok).getToken(); String tokenType = token.getTokenType(); - if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML_NS.equals(tokenType) - || WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML2_NS.equals(tokenType)) { + if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML_NS.equals(tokenType) + || WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML2_NS.equals(tokenType)) { Document doc = token.getToken().getOwnerDocument(); - boolean saml1 = WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML_NS.equals(tokenType); + boolean saml1 = WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML_NS.equals(tokenType); String id = token.getId(); if (id == null || "".equals(id)) { if (saml1) { @@ -778,21 +779,21 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle new org.apache.wss4j.common.token.Reference(doc); ref.setURI("#" + id); if (saml1) { - ref.setValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); - secRefSaml.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); + ref.setValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); + secRefSaml.addTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else { - secRefSaml.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); + secRefSaml.addTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } secRefSaml.setReference(ref); } else { - Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier"); + Element keyId = doc.createElementNS(WSS4JConstants.WSSE_NS, "wsse:KeyIdentifier"); String valueType = null; if (saml1) { - valueType = WSConstants.WSS_SAML_KI_VALUE_TYPE; - secRefSaml.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); + valueType = WSS4JConstants.WSS_SAML_KI_VALUE_TYPE; + secRefSaml.addTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else { - valueType = WSConstants.WSS_SAML2_KI_VALUE_TYPE; - secRefSaml.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); + valueType = WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE; + secRefSaml.addTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } keyId.setAttributeNS( null, "ValueType", valueType @@ -830,9 +831,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle if (password != null) { // If the password is available then build the token if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) { - utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST); + utBuilder.setPasswordType(WSS4JConstants.PASSWORD_DIGEST); } else { - utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT); + utBuilder.setPasswordType(WSS4JConstants.PASSWORD_TEXT); } utBuilder.setUserInfo(userName, password); } else { @@ -907,10 +908,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle String localname = tokenElement.getLocalName(); SamlTokenType tokenType = token.getSamlTokenType(); if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) - && WSConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname)) { + && WSS4JConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname)) { return new SamlAssertionWrapper(tokenElement); } else if (tokenType == SamlTokenType.WssSamlV20Token11 - && WSConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname)) { + && WSS4JConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname)) { return new SamlAssertionWrapper(tokenElement); } } @@ -974,9 +975,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } SecurityToken secToken = new SecurityToken(id); if (assertion.getSaml2() != null) { - secToken.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); + secToken.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } else { - secToken.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); + secToken.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } secToken.setToken(assertion.getElement()); getTokenStore().add(secToken); @@ -987,15 +988,15 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle String id = null; if (samlToken != null) { QName elName = DOMUtils.getElementQName(samlToken); - if (elName.equals(new QName(WSConstants.SAML_NS, "Assertion")) + if (elName.equals(new QName(WSS4JConstants.SAML_NS, "Assertion")) && samlToken.hasAttributeNS(null, "AssertionID")) { id = samlToken.getAttributeNS(null, "AssertionID"); - } else if (elName.equals(new QName(WSConstants.SAML2_NS, "Assertion")) + } else if (elName.equals(new QName(WSS4JConstants.SAML2_NS, "Assertion")) && samlToken.hasAttributeNS(null, "ID")) { id = samlToken.getAttributeNS(null, "ID"); } if (id == null) { - id = samlToken.getAttributeNS(WSConstants.WSU_NS, "Id"); + id = samlToken.getAttributeNS(WSS4JConstants.WSU_NS, "Id"); } } return id; @@ -1772,13 +1773,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } else { int type = attached ? WSConstants.CUSTOM_SYMM_SIGNING : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT; - if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); + if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); - } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML2_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); + } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML2_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE); sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); } else { sig.setCustomTokenValueType(tokenType); @@ -2007,7 +2008,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle = new SecurityTokenReference(doc); if (tok.getSHA1() != null) { tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1()); - tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); + tokenRef.addTokenType(WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE); } dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement()); @@ -2022,10 +2023,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8); if (tok.getSHA1() != null) { //Set the value type of the reference - dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#" - + WSConstants.ENC_KEY_VALUE_TYPE); + dkSign.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + + WSS4JConstants.ENC_KEY_VALUE_TYPE); } else if (policyToken instanceof UsernameToken) { - dkSign.setCustomValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); + dkSign.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); } dkSign.prepare(); @@ -2072,7 +2073,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle if (isRequestor()) { // TODO Add support for SAML2 here sig.setCustomTokenValueType( - WSConstants.SOAPMESSAGE_NS11 + "#" + WSConstants.ENC_KEY_VALUE_TYPE + WSS4JConstants.SOAPMESSAGE_NS11 + "#" + WSS4JConstants.ENC_KEY_VALUE_TYPE ); sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } else { @@ -2083,18 +2084,18 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } else { String tokenType = tok.getTokenType(); - if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); - } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML2_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); + if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); + } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML2_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE); } else if (tokenType != null) { sig.setCustomTokenValueType(tokenType); } else if (policyToken instanceof UsernameToken) { - sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); + sig.setCustomTokenValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE); } else { - sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); + sig.setCustomTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); } sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java index fa6859f..0860627 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java @@ -48,6 +48,7 @@ import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SAMLCallback; @@ -55,7 +56,6 @@ import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.SubjectBean; import org.apache.wss4j.common.saml.bean.Version; import org.apache.wss4j.common.util.KeyUtils; -import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.SPConstants.IncludeTokenType; import org.apache.wss4j.policy.model.AbstractBinding; @@ -94,6 +94,7 @@ import org.apache.xml.security.exceptions.XMLSecurityException; import org.apache.xml.security.stax.ext.OutboundSecurityContext; import org.apache.xml.security.stax.ext.SecurePart; import org.apache.xml.security.stax.ext.SecurePart.Modifier; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken; import org.apache.xml.security.stax.securityEvent.SecurityEvent; import org.apache.xml.security.stax.securityEvent.SecurityEventConstants; @@ -245,11 +246,11 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa kerberosSecurityTokenProvider.getId()); if (encrypting) { - outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, + outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, kerberosSecurityTokenProvider.getId()); } if (endorsing) { - outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, + outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, kerberosSecurityTokenProvider.getId()); } @@ -350,7 +351,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa samlCallback.setAssertionElement(el); samlCallback.setSubject(subjectBean); - if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) { + if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) { samlCallback.setSamlVersion(Version.SAML_11); } else { samlCallback.setSamlVersion(Version.SAML_20); @@ -363,7 +364,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa properties.setSamlCallbackHandler(callbackHandler); QName qname = WSSConstants.TAG_SAML2_ASSERTION; - if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) { + if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) { qname = WSSConstants.TAG_SAML_ASSERTION; } @@ -450,9 +451,9 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa outboundSecurityContext.registerSecurityTokenProvider( encryptedKeySecurityTokenProvider.getId(), encryptedKeySecurityTokenProvider); - outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, + outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, encryptedKeySecurityTokenProvider.getId()); - outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, + outboundSecurityContext.put(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, encryptedKeySecurityTokenProvider.getId()); outboundSecurityContext.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN, encryptedKeySecurityTokenProvider.getId()); @@ -679,7 +680,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa new SecurePart(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN, Modifier.Element); encryptedTokensList.add(part); } - ret.put(token, new SecurePart(WSSConstants.TAG_dsig_Signature, Modifier.Element)); + ret.put(token, new SecurePart(XMLSecurityConstants.TAG_dsig_Signature, Modifier.Element)); } else if (token instanceof SamlToken) { SecurePart securePart = addSamlToken((SamlToken)token, signed, endorse); if (securePart != null) { @@ -990,8 +991,8 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa if (properties.getActions() != null) { List<WSSConstants.Action> actionList = properties.getActions(); if (actionList.contains(WSSConstants.SAML_TOKEN_SIGNED) - && actionList.contains(WSSConstants.SIGNATURE)) { - actionList.remove(WSSConstants.SIGNATURE); + && actionList.contains(XMLSecurityConstants.SIGNATURE)) { + actionList.remove(XMLSecurityConstants.SIGNATURE); } } } @@ -1001,9 +1002,9 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa if (properties.getActions() != null) { List<WSSConstants.Action> actionList = properties.getActions(); boolean sigConf = actionList.contains(WSSConstants.SIGNATURE_CONFIRMATION); - if (sigConf && actionList.contains(WSSConstants.SIGNATURE)) { + if (sigConf && actionList.contains(XMLSecurityConstants.SIGNATURE)) { actionList.remove(WSSConstants.SIGNATURE_CONFIRMATION); - actionList.add(actionList.indexOf(WSSConstants.SIGNATURE) + 1, + actionList.add(actionList.indexOf(XMLSecurityConstants.SIGNATURE) + 1, WSSConstants.SIGNATURE_CONFIRMATION); } else if (sigConf && actionList.contains(WSSConstants.SIGNATURE_WITH_DERIVED_KEY)) { actionList.remove(WSSConstants.SIGNATURE_CONFIRMATION); @@ -1029,7 +1030,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa protected void putCustomTokenAfterSignature() { if (properties.getActions() != null) { List<WSSConstants.Action> actionList = properties.getActions(); - if ((actionList.contains(WSSConstants.SIGNATURE) + if ((actionList.contains(XMLSecurityConstants.SIGNATURE) || actionList.contains(WSSConstants.SIGNATURE_WITH_DERIVED_KEY) || actionList.contains(WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN)) && actionList.contains(WSSConstants.CUSTOM_TOKEN)) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 2c678f8..824cc59 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -48,6 +48,7 @@ import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler; import org.apache.cxf.ws.security.wss4j.StaxSerializer; import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.WSEncryptionPart; +import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.derivedKey.ConversationConstants; import org.apache.wss4j.common.ext.WSSecurityException; @@ -422,8 +423,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { try { // Encrypt, get hold of the ref list and add it Element secondRefList = saaj.getSOAPPart() - .createElementNS(WSConstants.ENC_NS, - WSConstants.ENC_PREFIX + ":ReferenceList"); + .createElementNS(WSS4JConstants.ENC_NS, + WSS4JConstants.ENC_PREFIX + ":ReferenceList"); if (lastEncryptedKeyElement != null) { insertAfter(secondRefList, lastEncryptedKeyElement); } else { @@ -466,14 +467,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (!isRequestor() && securityToken != null && recToken.getToken() instanceof SamlToken) { String tokenType = securityToken.getTokenType(); - if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML_NS.equals(tokenType)) { - encr.setCustomEKTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); + if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML_NS.equals(tokenType)) { + encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE); encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); encr.setCustomEKTokenId(securityToken.getId()); - } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML2_NS.equals(tokenType)) { - encr.setCustomEKTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); + } else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) + || WSS4JConstants.SAML2_NS.equals(tokenType)) { + encr.setCustomEKTokenValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE); encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); encr.setCustomEKTokenId(securityToken.getId()); } else { @@ -577,8 +578,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId); dkEncr.getParts().addAll(encrParts); - dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#" - + WSConstants.ENC_KEY_VALUE_TYPE); + dkEncr.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + + WSS4JConstants.ENC_KEY_VALUE_TYPE); AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType(); dkEncr.setSymmetricEncAlgorithm(algType.getEncryption()); dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8); @@ -665,8 +666,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { AlgorithmSuiteType algType = abinding.getAlgorithmSuite().getAlgorithmSuiteType(); dkSign.setDigestAlgorithm(algType.getDigest()); dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8); - dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#" - + WSConstants.ENC_KEY_VALUE_TYPE); + dkSign.setCustomValueType(WSS4JConstants.SOAPMESSAGE_NS11 + "#" + + WSS4JConstants.ENC_KEY_VALUE_TYPE); boolean includePrefixes = MessageUtils.getContextualBoolean( @@ -682,7 +683,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS)); if (bstElement != null) { WSEncryptionPart bstPart = - new WSEncryptionPart(bstElement.getAttributeNS(WSConstants.WSU_NS, "Id")); + new WSEncryptionPart(bstElement.getAttributeNS(WSS4JConstants.WSU_NS, "Id")); bstPart.setElement(bstElement); sigParts.add(bstPart); } else { @@ -829,9 +830,9 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { SamlAssertionWrapper samlAssertion = (SamlAssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION); if (samlAssertion.getSamlVersion() == SAMLVersion.VERSION_20) { - tempTok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE); + tempTok.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } else { - tempTok.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); + tempTok.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } message.put(SecurityConstants.TOKEN, tempTok); http://git-wip-us.apache.org/repos/asf/cxf/blob/f0797a55/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java index f138a1a..c738a2a 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java @@ -58,6 +58,7 @@ import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.stax.ext.OutboundSecurityContext; import org.apache.xml.security.stax.ext.SecurePart; import org.apache.xml.security.stax.ext.SecurePart.Modifier; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; /** * @@ -134,7 +135,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { if (sigTok != null) { storeSecurityToken(initiatorToken, sigTok); - outboundSecurityContext.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION); + outboundSecurityContext.remove(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION); } // Set up CallbackHandler which wraps the configured Handler @@ -187,7 +188,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { //Check for signature protection if (abinding.isEncryptSignature()) { SecurePart part = - new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element); + new SecurePart(new QName(XMLSecurityConstants.NS_DSIG, "Signature"), Modifier.Element); enc.add(part); if (signatureConfirmationAdded) { SecurePart securePart = @@ -261,7 +262,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { if (sigTok != null) { storeSecurityToken(initiatorToken, sigTok); - outboundSecurityContext.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION); + outboundSecurityContext.remove(XMLSecurityConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION); } // Set up CallbackHandler which wraps the configured Handler @@ -299,7 +300,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { //Check for signature protection if (abinding.isEncryptSignature()) { SecurePart part = - new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element); + new SecurePart(new QName(XMLSecurityConstants.NS_DSIG, "Signature"), Modifier.Element); encrParts.add(part); if (signatureConfirmationAdded) { SecurePart securePart = @@ -356,7 +357,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { // Action WSSSecurityProperties properties = getProperties(); - WSSConstants.Action actionToPerform = WSSConstants.ENCRYPT; + WSSConstants.Action actionToPerform = XMLSecurityConstants.ENCRYPT; if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { actionToPerform = WSSConstants.ENCRYPT_WITH_DERIVED_KEY; } @@ -414,7 +415,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { // Action WSSSecurityProperties properties = getProperties(); - WSSConstants.Action actionToPerform = WSSConstants.SIGNATURE; + WSSConstants.Action actionToPerform = XMLSecurityConstants.SIGNATURE; if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { actionToPerform = WSSConstants.SIGNATURE_WITH_DERIVED_KEY; }