This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/wss4j-saml-refactor
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/coheigea/wss4j-saml-refactor
by this push:
new f0c017a7b1 Fixing CXF XML tests
f0c017a7b1 is described below
commit f0c017a7b1a4db71380563301e24ac71b0e70e8c
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Jul 3 09:17:12 2025 +0100
Fixing CXF XML tests
---
.../oauth2/grants/saml/Saml2BearerGrantHandler.java | 18 +++++++++---------
.../saml/sso/SAMLProtocolResponseValidator.java | 20 ++++++++++----------
.../security/saml/sso/SamlSSOAssertionValidator.java | 2 +-
.../saml/sso/AbstractSAMLCallbackHandler.java | 2 +-
.../rs/security/saml/sso/CombinedValidatorTest.java | 2 +-
.../security/saml/sso/SAMLResponseValidatorTest.java | 2 +-
.../cxf/rs/security/common/TrustValidator.java | 6 +++---
.../cxf/rs/security/saml/AbstractSamlInHandler.java | 18 +++++++++---------
8 files changed, 35 insertions(+), 35 deletions(-)
diff --git
a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
index 8da8e1551e..6873f5ebf7 100644
---
a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
+++
b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
@@ -60,13 +60,13 @@ import org.apache.cxf.staxutils.StaxUtils;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSDocInfo;
-import org.apache.wss4j.dom.engine.WSSConfig;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
-import org.apache.wss4j.dom.validate.Validator;
+import org.apache.wss4j.common.dom.WSDocInfo;
+import org.apache.wss4j.common.dom.engine.WSSConfig;
+import org.apache.wss4j.common.dom.RequestData;
+import org.apache.wss4j.common.saml.message.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.common.dom.validate.Credential;
+import org.apache.wss4j.common.saml.validate.SamlAssertionValidator;
+import org.apache.wss4j.common.dom.validate.Validator;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.Signature;
@@ -201,12 +201,12 @@ public class Saml2BearerGrantHandler extends
AbstractGrantHandler {
SAMLKeyInfo samlKeyInfo =
SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data),
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(), data,
data.getSigVerCrypto()
);
assertion.verifySignature(samlKeyInfo);
assertion.parseSubject(
- new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto()
+ new WSSSAMLKeyInfoProcessor(), data, data.getSigVerCrypto()
);
} else if (getTLSCertificates(message) == null) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index aa3c79005e..23123e9e77 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -50,13 +50,13 @@ import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.KeyUtils;
-import org.apache.wss4j.dom.WSDocInfo;
-import org.apache.wss4j.dom.engine.WSSConfig;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.SignatureTrustValidator;
-import org.apache.wss4j.dom.validate.Validator;
+import org.apache.wss4j.common.dom.WSDocInfo;
+import org.apache.wss4j.common.dom.engine.WSSConfig;
+import org.apache.wss4j.common.dom.RequestData;
+import org.apache.wss4j.common.saml.message.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.common.dom.validate.Credential;
+import org.apache.wss4j.common.dom.validate.SignatureTrustValidator;
+import org.apache.wss4j.common.dom.validate.Validator;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.utils.Constants;
@@ -284,7 +284,7 @@ public class SAMLProtocolResponseValidator {
try {
samlKeyInfo =
SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), new
WSSSAMLKeyInfoProcessor(requestData), sigCrypto
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(),
requestData, sigCrypto
);
} catch (WSSecurityException ex) {
LOG.log(Level.FINE, "Error in getting KeyInfo from SAML
Response: " + ex.getMessage(), ex);
@@ -399,7 +399,7 @@ public class SAMLProtocolResponseValidator {
KeyInfo keyInfo = sig.getKeyInfo();
if (keyInfo != null) {
samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), new
WSSSAMLKeyInfoProcessor(requestData), sigCrypto
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(),
requestData, sigCrypto
);
} else if (!keyInfoMustBeAvailable) {
samlKeyInfo = createKeyInfoFromDefaultAlias(sigCrypto);
@@ -413,7 +413,7 @@ public class SAMLProtocolResponseValidator {
assertion.verifySignature(samlKeyInfo);
assertion.parseSubject(
- new WSSSAMLKeyInfoProcessor(requestData),
requestData.getSigVerCrypto()
+ new WSSSAMLKeyInfoProcessor(), requestData,
requestData.getSigVerCrypto()
);
} catch (WSSecurityException e) {
LOG.log(Level.FINE, "Assertion failed signature validation",
e);
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java
index a60ffb5c2f..c4659a51fa 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlSSOAssertionValidator.java
@@ -27,7 +27,7 @@ import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.wss4j.common.saml.validate.SamlAssertionValidator;
/**
* An extension of the WSS4J SamlAssertionValidator. We can weaken the subject
confirmation method requirements a bit
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
index d758ff501c..5931cbf13c 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AbstractSAMLCallbackHandler.java
@@ -47,7 +47,7 @@ import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
import org.apache.wss4j.common.util.KeyUtils;
-import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.common.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
/**
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
index 6006924fed..2fa474bb80 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/CombinedValidatorTest.java
@@ -45,7 +45,7 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.Loader;
-import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Response;
diff --git
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
index 1b4bb80b52..2c80b0d102 100644
---
a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
+++
b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
@@ -45,7 +45,7 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.Loader;
-import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.wss4j.common.dom.engine.WSSConfig;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java
index 25c8acc4aa..55b0da168d 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/TrustValidator.java
@@ -25,9 +25,9 @@ import java.util.regex.Pattern;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.SignatureTrustValidator;
+import org.apache.wss4j.common.dom.RequestData;
+import org.apache.wss4j.common.dom.validate.Credential;
+import org.apache.wss4j.common.dom.validate.SignatureTrustValidator;
public class TrustValidator {
public void validateTrust(Crypto crypto, X509Certificate cert, PublicKey
publicKey)
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index 74144fc3e7..278fbee02b 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -59,13 +59,13 @@ import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSDocInfo;
-import org.apache.wss4j.dom.engine.WSSConfig;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
-import org.apache.wss4j.dom.validate.Validator;
+import org.apache.wss4j.common.dom.WSDocInfo;
+import org.apache.wss4j.common.dom.engine.WSSConfig;
+import org.apache.wss4j.common.dom.RequestData;
+import org.apache.wss4j.common.saml.message.WSSSAMLKeyInfoProcessor;
+import org.apache.wss4j.common.dom.validate.Credential;
+import org.apache.wss4j.common.saml.validate.SamlAssertionValidator;
+import org.apache.wss4j.common.dom.validate.Validator;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.Signature;
@@ -162,7 +162,7 @@ public abstract class AbstractSamlInHandler implements
ContainerRequestFilter {
KeyInfo keyInfo = sig.getKeyInfo();
if (keyInfo != null) {
samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data),
+ keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(), data,
data.getSigVerCrypto()
);
} else if (!keyInfoMustBeAvailable) {
@@ -171,7 +171,7 @@ public abstract class AbstractSamlInHandler implements
ContainerRequestFilter {
assertion.verifySignature(samlKeyInfo);
assertion.parseSubject(
- new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto()
+ new WSSSAMLKeyInfoProcessor(), data, data.getSigVerCrypto()
);
} else if (getTLSCertificates(message) == null) {
throwFault("Assertion must be signed", null);
