date:20151026

cxf git commit: Revert to 1.6 java target

2015-10-26 Thread asoldano

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 58ceaafe4 -> f181f1e75


Revert to 1.6 java target


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f181f1e7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f181f1e7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f181f1e7

Branch: refs/heads/3.0.x-fixes
Commit: f181f1e75353ea9ed2b02e6edde284b1a2888d32
Parents: 58ceaaf
Author: Alessio Soldano 
Authored: Mon Oct 26 21:26:20 2015 +0100
Committer: Alessio Soldano 
Committed: Mon Oct 26 21:26:20 2015 +0100

--
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f181f1e7/pom.xml
--
diff --git a/pom.xml b/pom.xml
index 9a0ea76..6f4be1a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -509,8 +509,8 @@
 maven-compiler-plugin
 3.3
 
-1.7
-1.7
+1.6
+1.6
 256M
 ${cxf.compiler.fork}
 UTF-8

[1/2] cxf git commit: [CXF-6552] Fixed chained imports of schema; added/fixed a bunch of tests

2015-10-26 Thread asoldano

Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes df052fbb3 -> 7fe047444


[CXF-6552] Fixed chained imports of schema; added/fixed a bunch of tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f465cc5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f465cc5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f465cc5

Branch: refs/heads/2.7.x-fixes
Commit: 9f465cc524d56bbc3963801d1f379d2e28bf946e
Parents: df052fb
Author: Alessio Soldano 
Authored: Fri Aug 21 11:37:20 2015 +0200
Committer: Alessio Soldano 
Committed: Mon Oct 26 22:24:34 2015 +0100

--
 .../apache/cxf/common/util/URIParserUtil.java   |  74 +
 .../org/apache/cxf/frontend/WSDLGetUtils.java   | 105 +++
 .../cxf/systest/jaxws/OASISCatalogTest.java |   2 +-
 .../cxf/systest/schemaimport/SayHiImpl2.java|  64 +++
 .../systest/schemaimport/SchemaImportTest.java  |  33 +-
 .../apache/cxf/systest/schemaimport/Server.java |   3 +
 .../test/resources/wsdl_systest/e/sayHi.wsdl|  63 +++
 .../others/hello_world_bindings_catalog.wsdl|  15 +--
 .../others/hello_world_services_catalog.wsdl|  16 +--
 .../others/hello_world_wsdl_import_catalog.wsdl |  15 +--
 .../cxf/tools/util/URIParserUtilTest.java   |  25 +
 11 files changed, 349 insertions(+), 66 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/9f465cc5/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
--
diff --git a/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java 
b/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
index d03bdf9..158765c 100644
--- a/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
+++ b/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
@@ -300,4 +300,78 @@ public final class URIParserUtil {
 return normalize(arg);
 }
 }
+
+public static String relativize(String base, String toBeRelativized) 
throws URISyntaxException {
+if (base == null || toBeRelativized == null) {
+return null;
+}
+return relativize(new URI(base), new URI(toBeRelativized));
+}
+
+/**
+ * This is a custom implementation for doing what URI.relativize(URI uri) 
should be
+ * doing but is not actually doing when URI roots do not fully match.
+ * See http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6226081
+ *
+ * @param baseURI   The base URI
+ * @param toBeRelativizedURI The URI to be realivized
+ * @return  The string value of the URI you'd expect to 
get as result
+ *  of calling 
baseURI.relativize(toBeRelativizedURI).
+ *  null is returned if the parameters are null or 
are not
+ *  both absolute or not absolute.
+ * @throws URISyntaxException
+ */
+public static String relativize(URI baseURI, URI toBeRelativizedURI) 
throws URISyntaxException {
+if (baseURI == null || toBeRelativizedURI == null) {
+return null;
+}
+if (baseURI.isAbsolute() ^ toBeRelativizedURI.isAbsolute()) {
+return null;
+}
+final String base = baseURI.getSchemeSpecificPart();
+final String toBeRelativized = 
toBeRelativizedURI.getSchemeSpecificPart();
+final int l1 = base.length();
+final int l2 = toBeRelativized.length();
+if (l1 == 0) {
+return toBeRelativized;
+}
+int slashes = 0;
+StringBuilder sb = new StringBuilder();
+boolean differenceFound = false;
+for (int i = 0; i < l1; i++) {
+char c = base.charAt(i);
+if (i < l2) {
+if (!differenceFound && c == toBeRelativized.charAt(i)) {
+sb.append(c);
+} else {
+differenceFound = true;
+if (c == '/') {
+slashes++;
+}
+}
+} else {
+if (c == '/') {
+slashes++;
+}
+}
+}
+String rResolved = new URI(getRoot(sb.toString())).relativize(new 
URI(toBeRelativized)).toString();
+StringBuilder relativizedPath = new StringBuilder();
+for (int i = 0; i < slashes; i++) {
+relativizedPath.append("../");
+}
+relativizedPath.append(rResolved);
+return relativizedPath.toString();
+}
+
+private static String getRoot(String uri) {
+int idx = uri.lastIndexOf('/');
+if (idx == uri.length() - 1) {
+return uri;
+

[2/2] cxf git commit: [CXF-6621] Schema imports are not handled correctly in generated WSDL

2015-10-26 Thread asoldano

[CXF-6621] Schema imports are not handled correctly in generated WSDL

...and XSD files when using catalog rewrites

Fixes these issues:

- import of nested XSDs that lies in different directory tree from WSDL
  files

  example:

  ```
jax-ws-catalog.xml contains:
  http://example.org/uri/; 
rewritePrefix="/xsd/"/>

WSDL structure:
  /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd;
  /xsd/schema.xsd

  ```

- import and access of nested XSDs with equal relative paths when XSDs
  are outside of WSDL directory (previously this was working only when
  XSDs were inside WSDL directory)

  example:

  ```
jax-ws-catalog.xml contains:
  http://example.org/uri/; 
rewritePrefix="/xsd/"/>

WSDL structure:
  /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd;
  /xsd/schema.xsd - imports "d/included.xsd"
  /xsd/d/included.xsd - imports "d/included.xsd"
  /xsd/d/d/included.xsd
  ```

- accessing nested XSD and WSDL under URIs affected by rewrite rules
  which aren't directly used by WSDLs/XSDs

  example:

  ```
jax-ws-catalog.xml contains:
  http://example.org/uri/; 
rewritePrefix="/wsdl/"/>

WSDL structure:
  /wsdl/service.wsdl - imports "./included.wsdl"
  /wsdl/included.wsdl

request for: http://example.org/uri/included.wsdl
  ```

- in some cases imports weren't working when catalog rule rewritePrefix
  was "/path" instead of "classpath:/path" - catalog resolves those two
  into different values


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7fe04744
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7fe04744
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7fe04744

Branch: refs/heads/2.7.x-fixes
Commit: 7fe0474442d1f2394bff3606126030004ba1a6d3
Parents: 9f465cc
Author: Tomas Hofman 
Authored: Thu Oct 1 15:43:37 2015 +0200
Committer: Alessio Soldano 
Committed: Mon Oct 26 22:24:35 2015 +0100

--
 .../org/apache/cxf/frontend/WSDLGetUtils.java   | 214 +++
 .../cxf/systest/jaxws/OASISCatalogTest.java | 131 
 .../main/resources/META-INF/jax-ws-catalog.xml  |   2 +
 .../others/hello_world_messages_catalog.wsdl|  10 +
 .../resources/wsdl/schemas/another-schema.xsd   |  29 +++
 .../wsdl/schemas/d/another-included.xsd |  29 +++
 .../wsdl/schemas/d/d/another-included.xsd   |  27 +++
 .../resources/wsdl/schemas/d/d/included.xsd |  27 +++
 .../main/resources/wsdl/schemas/d/included.xsd  |  29 +++
 .../src/main/resources/wsdl/schemas/schema.xsd  |  29 +++
 10 files changed, 344 insertions(+), 183 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/7fe04744/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
--
diff --git 
a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java 
b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
index b99949f..3202bab 100644
--- a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
+++ b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
@@ -60,6 +60,7 @@ import org.apache.cxf.catalog.OASISCatalogManagerHelper;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.URIParserUtil;
+import org.apache.cxf.common.util.UrlUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.message.Message;
@@ -357,7 +358,8 @@ public class WSDLGetUtils {
 Map done,
 Map doneSchemas,
 String base,
-String docBase) {
+String docBase,
+String parentResolvedLocation) {
 OASISCatalogManager catalogs = 
OASISCatalogManager.getCatalogManager(bus);
 
 Collection imports = 
CastUtils.cast((Collection)def.getImports().values());
@@ -365,7 +367,7 @@ public class WSDLGetUtils {
 List impLst = CastUtils.cast(lst);
 for (Import imp : impLst) {
 String start = imp.getLocationURI();
-String decodedStart = null;
+String decodedStart;
 // Always use the URL decoded version to ensure that we have a
 // canonical representation of the import URL for lookup.
 
@@ -392,13 +394,20 @@ public class WSDLGetUtils {
 //ignore
 }
 if (done.put(decodedStart, imp.getDefinition()) == 
null) {
-

cxf git commit: Recording .gitmergeinfo Changes

2015-10-26 Thread asoldano

Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 7fe047444 -> 6951f4391


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6951f439
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6951f439
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6951f439

Branch: refs/heads/2.7.x-fixes
Commit: 6951f439193bd638412f9fa1e88b167e7198
Parents: 7fe0474
Author: Alessio Soldano 
Authored: Mon Oct 26 23:07:02 2015 +0100
Committer: Alessio Soldano 
Committed: Mon Oct 26 23:07:02 2015 +0100

--
 .gitmergeinfo | 3 +++
 1 file changed, 3 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6951f439/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 4cb39af..beea0dd 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -728,6 +728,7 @@ B 47a0908a8a90a00029e859a21feb9fd4b9512563
 B 47b248a25e4de8f876119fff2c0a3f0dce3bc8de
 B 47b80b935f2fa1f70af71ba58baef4e2d9b226a5
 B 47d9548557c352b7ddf0468c322678b901d20ab9
+B 47fe9b86df867010af31023e7d528cf8859a
 B 48084ffd0625178e758c52ffcf2b695206ef8015
 B 48144f06a9779320b7d8537899b2f3b9ecacdb43
 B 4843806921c665a3a2fecb5826ae2d20ec563ab2
@@ -2263,6 +2264,7 @@ B ed66e7d56758e60c96091b208c81c2f2b26bb61f
 B ed8ac50116f225ad4a71b888b7e4f44c1f81991a
 B edb79aaae7672449bb0a1e3e9c48caa4791694c6
 B edbadd5a9e980694106979e85221714e600f8b7c
+B edcfc3b8f44e0ec495e2477e4c566b6c78765ef3
 B eec9d19c2bd836b28d60ec826f3ed0bd9e67e977
 B eecaebb4b0ea89fc2aa94acb6464f0e913b8b223
 B ef319d587510c92c693abe5d4c7f565ff84a1490
@@ -2282,6 +2284,7 @@ B f1309316e090eae58a2f51e60fd7549e1d002ba0
 B f15115757f1f203c5962b652f3f7e893a71d95e8
 B f1614ea6d66bee3989b3218a3b8559b776357191
 B f16d1694f39d4cc82c874a90c783e49652539f7d
+B f181f1e75353ea9ed2b02e6edde284b1a2888d32
 B f18207332e756d013797ff65a5d8d094d20e51e0
 B f18544e2d66b5e2cd337d0f8091a5dfaa4ff8ec8
 B f18780cf52189338fee6681374f2622856f09330

cxf git commit: Updating WSS4J

2015-10-26 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 81cf207d1 -> beaf69154


Updating WSS4J


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/beaf6915
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/beaf6915
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/beaf6915

Branch: refs/heads/2.7.x-fixes
Commit: beaf691548d2224e1eabebe3877200d701a6db8c
Parents: 81cf207
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 12:34:39 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 12:34:39 2015 +

--
 parent/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/beaf6915/parent/pom.xml
--
diff --git a/parent/pom.xml b/parent/pom.xml
index 1ddb63a..d71fec2 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -158,7 +158,7 @@
 4.4.1
 3.1.4
 1.6.3
-1.6.18
+1.6.19
 2.11.0
 2.6.0
 2.1.0

svn commit: r970284 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html

2015-10-26 Thread buildbot

Author: buildbot
Date: Mon Oct 26 15:47:38 2015
New Revision: 970284

Log:
Production update by buildbot for cxf

Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Mon Oct 26 15:47:38 
2015
@@ -118,15 +118,15 @@ Apache CXF -- JAX-RS JOSE


 /**/
+/*]]>*/
 IntroductionMaven DependenciesJOSE OverviewJWA AlgorithmsJWK KeysJWS SignatureJSON EncryptionJSON Web TokensLinking JWT 
authentications to JWS or JWE contentJOSE JAX-RS Filters
 JWEJWS
 Configuration
-Configuration
 that applies to both encryption and signatureConfiguration that 
applies to signature only
+Configuration
 that applies to both encryption and signatureConfiguration that 
applies to signature onlyConfiguration that 
applies to encryption onlyConfiguration that 
applies to JWT tokens only
 Encrypting JWK 
storesOAuth2 and 
JoseOIDC and 
JoseFuture 
WorkThird-Party 
Alternatives
 IntroductionCXF 3.0.x 
implements https://datatracker.ietf.org/wg/jose/documents/; 
rel="nofollow">JOSE.Maven 
Dependencies
 dependency
@@ -176,7 +176,7 @@ AesWrapKeyDecryptionAlgorithm keyDecrypt
 JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
 String decryptedText = decryption.decrypt(jweContent).getContentText();
 assertEquals(specPlainText, decryptedText);
-CXF ships JWE related classes in https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe;h=71e0e29025252080838168458b3d2e0179a7a0bd;hb=HEAD;>this
 package and offers a support for all of JWA encryption 
algorithms.https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD;>JweEncryptionProvider
 supports encrypting the content, https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD;>JweDecryptionProvider
 - decrypting the content. Encryptors and
  Decryptors for all of JWE algorithms are shipped.JweCompactConsumer 
and JweCompactProducer offer a utility support for creating and validating JWE 
compact serialization and accept keys in a variety of formats(as JWKs, 
JCA representations, created out of band and wrapped in either 
JweEncryptionProvider or JweDecryptionProvider).JweJwtCompactConsumer 
and JweJwtCompactProducer are JweCompactConsumer and JweCompactProducer 
specializations that offer a utility support for encrypting Json Web Tokens in 
a compact format.JweJsonConsumer and JweJsonProducer support JWE JSON 
(full) serialization.JweOutputStream is a specialized output stream that 
can be used in conjunction with JWE JAX-RS filters (see one of the next 
sections)to support the best effort at streaming the content while 
encrypting it. These classes will use https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src
 
/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java;h=918ef5a085c3dc51025e2e9cbba37388f37eb49e;hb=HEAD">JweEncryptionOutput
 optionally returned from JweEncryptionProviderinstead of working with 
the consumer utility classes which deal with the encryption process completely 
in memory.Many more examples will be added here.JSON Web Tokenshttps://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32; 
rel="nofollow">JSON Web Token (JWT) is a collection of claims in JSON 
format. It offers a standard JSON container for representing various properties 
or claims.JWT can be signed and or encrypted, i.e, serve as a JOSE 
signature or encryption input like any other data 
structure.JWT has been primarily used in OAuth2 
applications to represent self-contained access tokens but can also be used in 
other contex
 ts.CXF offers an initial JWT support in https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt;h=ab5e633cd9d81374288c46c7d283df49931cc0d8;hb=HEAD;>this
 package.Linking JWT

cxf git commit: [CXF-6621] Schema imports are not handled correctly in generated WSDL

2015-10-26 Thread asoldano

Repository: cxf
Updated Branches:
  refs/heads/master 7abdac771 -> a602c9df3


[CXF-6621] Schema imports are not handled correctly in generated WSDL

...and XSD files when using catalog rewrites

Fixes these issues:

- import of nested XSDs that lies in different directory tree from WSDL
  files

  example:

  ```
jax-ws-catalog.xml contains:
  http://example.org/uri/; 
rewritePrefix="/xsd/"/>

WSDL structure:
  /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd;
  /xsd/schema.xsd

  ```

- import and access of nested XSDs with equal relative paths when XSDs
  are outside of WSDL directory (previously this was working only when
  XSDs were inside WSDL directory)

  example:

  ```
jax-ws-catalog.xml contains:
  http://example.org/uri/; 
rewritePrefix="/xsd/"/>

WSDL structure:
  /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd;
  /xsd/schema.xsd - imports "d/included.xsd"
  /xsd/d/included.xsd - imports "d/included.xsd"
  /xsd/d/d/included.xsd
  ```

- accessing nested XSD and WSDL under URIs affected by rewrite rules
  which aren't directly used by WSDLs/XSDs

  example:

  ```
jax-ws-catalog.xml contains:
  http://example.org/uri/; 
rewritePrefix="/wsdl/"/>

WSDL structure:
  /wsdl/service.wsdl - imports "./included.wsdl"
  /wsdl/included.wsdl

request for: http://example.org/uri/included.wsdl
  ```

- in some cases imports weren't working when catalog rule rewritePrefix
  was "/path" instead of "classpath:/path" - catalog resolves those two
  into different values


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a602c9df
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a602c9df
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a602c9df

Branch: refs/heads/master
Commit: a602c9df3e2e09855410f0e75af9b108620b7794
Parents: 7abdac7
Author: Tomas Hofman 
Authored: Thu Oct 1 15:43:37 2015 +0200
Committer: Alessio Soldano 
Committed: Mon Oct 26 17:17:44 2015 +0100

--
 .../org/apache/cxf/frontend/WSDLGetUtils.java   | 214 +++
 .../cxf/systest/jaxws/OASISCatalogTest.java | 131 
 .../main/resources/META-INF/jax-ws-catalog.xml  |   2 +
 .../others/hello_world_messages_catalog.wsdl|  10 +
 .../resources/wsdl/schemas/another-schema.xsd   |  29 +++
 .../wsdl/schemas/d/another-included.xsd |  29 +++
 .../wsdl/schemas/d/d/another-included.xsd   |  27 +++
 .../resources/wsdl/schemas/d/d/included.xsd |  27 +++
 .../main/resources/wsdl/schemas/d/included.xsd  |  29 +++
 .../src/main/resources/wsdl/schemas/schema.xsd  |  29 +++
 10 files changed, 344 insertions(+), 183 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a602c9df/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
--
diff --git 
a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java 
b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
index 822233e..c7ffc71 100644
--- a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
+++ b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
@@ -60,6 +60,7 @@ import org.apache.cxf.catalog.OASISCatalogManagerHelper;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.URIParserUtil;
+import org.apache.cxf.common.util.UrlUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.message.Message;
@@ -356,7 +357,8 @@ public class WSDLGetUtils {
 Map done,
 Map doneSchemas,
 String base,
-String docBase) {
+String docBase,
+String parentResolvedLocation) {
 OASISCatalogManager catalogs = 
OASISCatalogManager.getCatalogManager(bus);
 
 Collection imports = 
CastUtils.cast((Collection)def.getImports().values());
@@ -364,7 +366,7 @@ public class WSDLGetUtils {
 List impLst = CastUtils.cast(lst);
 for (Import imp : impLst) {
 String start = imp.getLocationURI();
-String decodedStart = null;
+String decodedStart;
 // Always use the URL decoded version to ensure that we have a
 // canonical representation of the import URL for lookup.
 
@@ -391,13 +393,20 @@ public class WSDLGetUtils {
 //ignore
 }
 if

[5/5] cxf git commit: Fixing problem with retrieving private keys

2015-10-26 Thread coheigea

Fixing problem with retrieving private keys


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/95bf2ad6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/95bf2ad6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/95bf2ad6

Branch: refs/heads/master
Commit: 95bf2ad6c0a4f42ce8c4e44409ccbfe256520a01
Parents: 2f88eea
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 15:08:50 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 16:21:07 2015 +

--
 .../cxf/rs/security/jose/common/KeyManagementUtils.java   | 10 --
 .../org/apache/cxf/rs/security/jose/jwe/JweUtils.java |  1 -
 .../org/apache/cxf/rt/security/crypto/CryptoUtils.java|  4 
 3 files changed, 4 insertions(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/95bf2ad6/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index c491712..9207e65 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -375,16 +375,6 @@ public final class KeyManagementUtils {
 
 try {
 String alias = ks.getCertificateAlias(inCerts.get(0));
-if (alias != null) {
-for (Enumeration e = ks.aliases(); 
e.hasMoreElements();) {
-String currentAlias = e.nextElement();
-X509Certificate[] currentCertArray = 
loadX509CertificateOrChain(ks, currentAlias);
-if (currentCertArray != null) {
-alias = currentAlias;
-break;
-}
-}
-}
 return loadPrivateKey(ks, m, props, keyOper, alias);
 
 } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/95bf2ad6/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 0d2e50d..ad9b137 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -368,7 +368,6 @@ public final class JweUtils {
 SecretKey ctDecryptionKey = null;
 String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
 if (inHeaders != null && 
inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
-//TODO: validate incoming public keys or certificates  
 //TODO: optionally validate inHeaders.getAlgorithm against a 
property in props
 // Supporting loading a private key via a certificate for now
 List chain = 
KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());

http://git-wip-us.apache.org/repos/asf/cxf/blob/95bf2ad6/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
--
diff --git 
a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java 
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
index fdf62a2..0c80fb4 100644
--- 
a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
+++ 
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
@@ -711,6 +711,10 @@ public final class CryptoUtils {
 if (!keyStore.containsAlias(alias)) {
 throw new SecurityException("No alias exists in the keystore 
for: " + alias);
 }
+if (!keyStore.isKeyEntry(alias)) {
+throw new SecurityException("The given alias " + alias 
++ " is not a private key in the 
keystore.");
+}
 KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
 keyStore.getEntry(alias, new 
KeyStore.PasswordProtection(keyPassword));
 return pkEntry.getPrivateKey();

[1/5] cxf git commit: Add support for selecting a key for decryption using the sha-1 hash in the header

2015-10-26 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/master a602c9df3 -> d09c4eafb


Add support for selecting a key for decryption using the sha-1 hash in the 
header


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d09c4eaf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d09c4eaf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d09c4eaf

Branch: refs/heads/master
Commit: d09c4eafbb8d570c2bfd69270726511cee420645
Parents: e51a7bd
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 16:06:58 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 16:21:07 2015 +

--
 .../rs/security/jose/common/KeyManagementUtils.java  |  4 ++--
 .../apache/cxf/rs/security/jose/jwe/JweUtils.java| 15 ++-
 2 files changed, 16 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/d09c4eaf/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 57929c2..3eb4637 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -369,12 +369,12 @@ public final class KeyManagementUtils {
 return props; 
 }
 public static PrivateKey loadPrivateKey(Message m, Properties props, 
-List inCerts, 
+X509Certificate inCert, 
 KeyOperation keyOper) {
 KeyStore ks = loadPersistKeyStore(m, props);
 
 try {
-String alias = ks.getCertificateAlias(inCerts.get(0));
+String alias = ks.getCertificateAlias(inCert);
 return loadPrivateKey(ks, m, props, keyOper, alias);
 
 } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/d09c4eaf/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 4591bc3..e23f605 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -368,11 +368,24 @@ public final class JweUtils {
 // Supporting loading a private key via a certificate for now
 List chain = 
KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
 KeyManagementUtils.validateCertificateChain(props, chain);
+X509Certificate cert = chain == null ? null : chain.get(0);
 PrivateKey privateKey = 
-KeyManagementUtils.loadPrivateKey(m, props, chain, 
KeyOperation.DECRYPT);
+KeyManagementUtils.loadPrivateKey(m, props, cert, 
KeyOperation.DECRYPT);
 contentEncryptionAlgo = 
inHeaders.getContentEncryptionAlgorithm().getJwaName();
 keyDecryptionProvider = 
getPrivateKeyDecryptionProvider(privateKey, 
  
inHeaders.getKeyEncryptionAlgorithm());
+} else if (inHeaders != null && 
inHeaders.getHeader(JoseConstants.HEADER_X509_THUMBPRINT) != null) {
+X509Certificate foundCert = 
+
KeyManagementUtils.getCertificateFromThumbprint(inHeaders.getX509Thumbprint(), 
+
MessageDigestUtils.ALGO_SHA_1,
+m, props);
+if (foundCert != null) {
+PrivateKey privateKey = 
+KeyManagementUtils.loadPrivateKey(m, props, foundCert, 
KeyOperation.DECRYPT);
+contentEncryptionAlgo = 
inHeaders.getContentEncryptionAlgorithm().getJwaName();
+keyDecryptionProvider = 
getPrivateKeyDecryptionProvider(privateKey, 
+ 
inHeaders.getKeyEncryptionAlgorithm());
+}
 } else {
 if

[4/5] cxf git commit: Another change of the "include" properties

2015-10-26 Thread coheigea

Another change of the "include" properties


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e51a7bd7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e51a7bd7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e51a7bd7

Branch: refs/heads/master
Commit: e51a7bd7f3dcc120dbeeebb3e5c306941af64554
Parents: 948fd80
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 15:32:51 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 16:21:07 2015 +

--
 .../rs/security/jose/common/JoseConstants.java  | 32 +++-
 .../cxf/rs/security/jose/jwe/JweUtils.java  | 20 +---
 .../cxf/rs/security/jose/jws/JwsUtils.java  | 20 +---
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java |  7 +++--
 4 files changed, 24 insertions(+), 55 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
index 66c86d9..c05b37d 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
@@ -100,26 +100,6 @@ public final class JoseConstants {
 public static final String RSSEC_KEY_PSWD_PROVIDER = 
"rs.security.key.password.provider";
 
 /**
- * Include the JWK public key (for signature or encryption) in the "jwk" 
header.
- */
-public static final String RSSEC_INCLUDE_PUBLIC_KEY = 
"rs.security.include.public.key";
-
-/**
- * Include the X.509 certificate (for signature or encryption) in the 
"x5c" header.
- */
-public static final String RSSEC_INCLUDE_CERT = "rs.security.include.cert";
-
-/**
- * Include the JWK key id (for signature or encryption) in the "kid" 
header.
- */
-public static final String RSSEC_INCLUDE_KEY_ID = 
"rs.security.include.key.id";
-
-/**
- * Include the X.509 certificate SHA-1 digest (for signature or 
encryption) in the "x5t" header.
- */
-public static final String RSSEC_INCLUDE_CERT_SHA1 = 
"rs.security.include.cert.sha1";
-
-/**
  * Whether to allow using a JWK received in the header for signature 
validation. The default
  * is "false".
  */
@@ -187,26 +167,22 @@ public final class JoseConstants {
 public static final String RSSEC_SIGNATURE_LIST_PROPS = 
"rs.security.signature.list.properties";
 
 /**
- * Include the JWK public key for signature in the "jwk" header. If not 
configured then it
- * falls back to RSSEC_INCLUDE_PUBLIC_KEY.
+ * Include the JWK public key for signature in the "jwk" header. 
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = 
"rs.security.signature.include.public.key";
 
 /**
- * Include the X.509 certificate for signature in the "x5c" header. If not 
configured then it
- * falls back to RSSEC_INCLUDE_CERT.
+ * Include the X.509 certificate for signature in the "x5c" header. 
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT = 
"rs.security.signature.include.cert";
 
 /**
- * Include the JWK key id for signature in the "kid" header. If not 
configured then it
- * falls back to RSSEC_INCLUDE_KEY_ID.
+ * Include the JWK key id for signature in the "kid" header.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = 
"rs.security.signature.include.key.id";
 
 /**
- * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header. If not configured then it
- * falls back to RSSEC_INCLUDE_CERT_SHA1.
+ * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header. 
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = 
"rs.security.signature.include.cert.sha1";
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index ad9b137..4591bc3 100644
---

[2/5] cxf git commit: Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs

2015-10-26 Thread coheigea

Add an "alias" to the password provider so that we can provide passwords for 
multiple aliases/certs


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/948fd800
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/948fd800
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/948fd800

Branch: refs/heads/master
Commit: 948fd8001e710e5c42924324d8dc00cf41aa4ebd
Parents: 95bf2ad
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 15:20:13 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 16:21:07 2015 +

--
 .../apache/cxf/rs/security/jose/common/KeyManagementUtils.java| 2 +-
 .../cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java   | 2 +-
 .../main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java   | 3 ++-
 .../apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java| 2 +-
 .../jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java| 2 +-
 5 files changed, 6 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/948fd800/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 9207e65..57929c2 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -146,7 +146,7 @@ public final class KeyManagementUtils {
 
 String keyPswd = props.getProperty(JoseConstants.RSSEC_KEY_PSWD);
 String theAlias = alias != null ? alias : getKeyId(m, props, 
JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper);
-char[] keyPswdChars = provider != null ? provider.getPassword(props) 
+char[] keyPswdChars = provider != null ? 
provider.getPassword(theAlias, props) 
 : keyPswd != null ? keyPswd.toCharArray() : null;
 return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/948fd800/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
index fc58ee5..86fb0e5 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
@@ -21,5 +21,5 @@ package org.apache.cxf.rs.security.jose.common;
 import java.util.Properties;
 
 public interface PrivateKeyPasswordProvider {
-char[] getPassword(Properties storeProperties); 
+char[] getPassword(String alias, Properties storeProperties); 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/948fd800/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 60d3c83..b45b4bc 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -266,7 +266,8 @@ public final class JwkUtils {
 public static JsonWebKeys loadJwkSet(Properties props, Bus bus, 
PrivateKeyPasswordProvider cb, 
  JwkReaderWriter reader) {
 JweDecryptionProvider decryption = cb != null
-? new AesCbcHmacJweDecryption(new 
PbesHmacAesWrapKeyDecryptionAlgorithm(cb.getPassword(props))) : null;
+? new AesCbcHmacJweDecryption(new 
PbesHmacAesWrapKeyDecryptionAlgorithm(
+cb.getPassword(null, props))) : null;
 return loadJwkSet(props, bus, decryption, reader);
 }
 public static JsonWebKeys loadJwkSet(Properties props, Bus bus, 
JweDecryptionProvider jwe, JwkReaderWriter reader) {

[3/5] cxf git commit: Minor doc update

2015-10-26 Thread coheigea

Minor doc update


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2f88eea2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2f88eea2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2f88eea2

Branch: refs/heads/master
Commit: 2f88eea2ae0d079fe0f8fd9e0c895e6efc54abaa
Parents: a602c9d
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 14:31:59 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 16:21:07 2015 +

--
 .../cxf/rs/security/jose/common/JoseConstants.java  | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/2f88eea2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
index b05fdd6..66c86d9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
@@ -187,22 +187,26 @@ public final class JoseConstants {
 public static final String RSSEC_SIGNATURE_LIST_PROPS = 
"rs.security.signature.list.properties";
 
 /**
- * Include the JWK public key for signature in the "jwk" header.
+ * Include the JWK public key for signature in the "jwk" header. If not 
configured then it
+ * falls back to RSSEC_INCLUDE_PUBLIC_KEY.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = 
"rs.security.signature.include.public.key";
 
 /**
- * Include the X.509 certificate for signature in the "x5c" header.
+ * Include the X.509 certificate for signature in the "x5c" header. If not 
configured then it
+ * falls back to RSSEC_INCLUDE_CERT.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT = 
"rs.security.signature.include.cert";
 
 /**
- * Include the JWK key id for signature in the "kid" header.
+ * Include the JWK key id for signature in the "kid" header. If not 
configured then it
+ * falls back to RSSEC_INCLUDE_KEY_ID.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = 
"rs.security.signature.include.key.id";
 
 /**
- * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header.
+ * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header. If not configured then it
+ * falls back to RSSEC_INCLUDE_CERT_SHA1.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = 
"rs.security.signature.include.cert.sha1";

cxf git commit: Recording .gitmergeinfo Changes

2015-10-26 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes beaf69154 -> df052fbb3


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/df052fbb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/df052fbb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/df052fbb

Branch: refs/heads/2.7.x-fixes
Commit: df052fbb3d0982176dfebf91ab702aae2f5f7a9a
Parents: beaf691
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 17:09:32 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 17:09:32 2015 +

--
 .gitmergeinfo | 6 ++
 1 file changed, 6 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/df052fbb/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index da06621..4cb39af 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -57,6 +57,7 @@ B 04483ebcf4a4f603449fbc89fcaf394ca03f106a
 B 0470e3a044828a96fda7193ff8f3faf3f05b950b
 B 0479e4610d38cf7561ab594bbb6c61049df3dab2
 B 0494f762414f065b8858b7b279e7db9de3660b3f
+B 049a8bd438df760ac2315e43b463811b91959aaa
 B 04a3c603e46f529e9f2a3602168a051db96e1657
 B 04b535bbb4667e43492515718a061553d50644d8
 B 05935e926a50cdd5f3a9db57b2f3772f628b1929
@@ -237,6 +238,7 @@ B 1777dcd70fd82f6c0db18b13b668c37e88b44658
 B 177eb6c202bba2e5f5dd3bd6df70ab5a6bcbfaa2
 B 1797749c7e90d0b486d41d3ec78bb0540e26741d
 B 179c1d418e870de16c60630255cae204c5b50664
+B 179db4aa4090eb244d1aad54e2073f0ade0a6beb
 B 17a6302e91d067c9a9c71b9897299d1ae21dc9eb
 B 17c66755fc2376920f9b20b8e28a8314ec0de0c0
 B 17f221b25e01a9c5824b0005b30e8aee0668fea7
@@ -915,6 +917,7 @@ B 5edc42656ea858bb8eec3ba287caa8b30f7f8d62
 B 5ee6a3da809a30d055b822080c8cbf7daca814b9
 B 5f1a556bda9d4eb50c3dae1de2b0408ae461ea99
 B 5f239df56260353860e34125df728d25b1e0bf4b
+B 5f277db3541b51b1e718a7e9c22bae03ec7befe2
 B 5f321f0a2c77e84381f3489501bf7c0eee91b5a8
 B 5f49a3e06a2745d8bfa554639e8229bd36c8ebf1
 B 5f517813253189b1ee2d57be24e0b1a56a1dfce3
@@ -986,6 +989,7 @@ B 657f7112d1bff18d71c564e147e04e424cd4c8b9
 B 658a15b4a2751d2e291d508a71499c6b2a374fdd
 B 65ad54cb421575b1eaf8cf25de0ae460ed79d07f
 B 65b9eaad9a6845163c03f34faa67d758ceac7536
+B 65c9136f5c8eeb87853f1cf38483b2b920ce3f64
 B 66465468f1e2aa68a32212437f944bc559cffc03
 B 66502264aa200f761182f7e2465794b10a8cad3f
 B 665ca4fc95c3ea73b7a8579916eda4e0c69f45c8
@@ -1084,6 +1088,7 @@ B 709ad76d6e98c3ef731a08365e471bdbd9e5fbe9
 B 70bbd4f40211f8a70cf01c02aaee8b8a13a90ff7
 B 70c1b9276e4a0c95a39595990c7715e4fce76c8e
 B 70cf4945007d05db301dff4b335e3c722d544f48
+B 71048a0f77a2b6314857b6d06d8603cf586921d0
 B 710990c44b052554126495b78c9e3e741d711164
 B 711619f9f578f9ea64549f20cdd7d0f22ed28795
 B 713410ebe462199dccf1b98d6f6c422dd258196b
@@ -2248,6 +2253,7 @@ B ec9805a4792c1bdbf486e4ba18acb91046514e4b
 B ec9df9cd410d00640d8939077f80849727ae46f0
 B eca7b721742ee7272aa7ce3658a97c493ee916dc
 B ecae5ecb2a104dc5eabfe27c704d11914e720cb1
+B ecb9139d11b2378b11427f66df61523743187b3a
 B ecf2fdbe01d938809dcc1f71f3d4cd4de82fa702
 B ecf96252126fe63cbe1038c0ac9f407a53478c31
 B ed0ab4cb9a9b9088eae32cabfbdfe946c17f9eb2

[1/6] cxf git commit: Minor doc update

2015-10-26 Thread coheigea

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes d435640fd -> ecb9139d1


Minor doc update


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/65c9136f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/65c9136f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/65c9136f

Branch: refs/heads/3.0.x-fixes
Commit: 65c9136f5c8eeb87853f1cf38483b2b920ce3f64
Parents: d435640
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 14:31:59 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 17:08:43 2015 +

--
 .../cxf/rs/security/jose/common/JoseConstants.java  | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/65c9136f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
index b05fdd6..66c86d9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
@@ -187,22 +187,26 @@ public final class JoseConstants {
 public static final String RSSEC_SIGNATURE_LIST_PROPS = 
"rs.security.signature.list.properties";
 
 /**
- * Include the JWK public key for signature in the "jwk" header.
+ * Include the JWK public key for signature in the "jwk" header. If not 
configured then it
+ * falls back to RSSEC_INCLUDE_PUBLIC_KEY.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = 
"rs.security.signature.include.public.key";
 
 /**
- * Include the X.509 certificate for signature in the "x5c" header.
+ * Include the X.509 certificate for signature in the "x5c" header. If not 
configured then it
+ * falls back to RSSEC_INCLUDE_CERT.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT = 
"rs.security.signature.include.cert";
 
 /**
- * Include the JWK key id for signature in the "kid" header.
+ * Include the JWK key id for signature in the "kid" header. If not 
configured then it
+ * falls back to RSSEC_INCLUDE_KEY_ID.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = 
"rs.security.signature.include.key.id";
 
 /**
- * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header.
+ * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header. If not configured then it
+ * falls back to RSSEC_INCLUDE_CERT_SHA1.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = 
"rs.security.signature.include.cert.sha1";

[6/6] cxf git commit: Recording .gitmergeinfo Changes

2015-10-26 Thread coheigea

Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ecb9139d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ecb9139d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ecb9139d

Branch: refs/heads/3.0.x-fixes
Commit: ecb9139d11b2378b11427f66df61523743187b3a
Parents: 179db4a
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 17:08:47 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 17:08:47 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/ecb9139d/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index ceac54b..c7e880e 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -684,6 +684,7 @@ M e2225709c37cb289b99db015b3d8ba5b9b317615
 M e2ad037fbc74f42655ac968415fcb4bded87bb38
 M e3f89d3c07f38f2e01c951d7bad8336e090837ae
 M e47e394114d6a3bf06401960618e6bd556a904d7
+M e51a7bd7f3dcc120dbeeebb3e5c306941af64554
 M e5a805853864e291626bdb913448fc4e2409cca0
 M e617a2c5865cf3d11d0d344a23dc2d493ff4809b
 M e681dda5bfd7d68ebf340a459ecf612e8a926290

[2/6] cxf git commit: Fixing problem with retrieving private keys

2015-10-26 Thread coheigea

Fixing problem with retrieving private keys


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5f277db3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5f277db3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5f277db3

Branch: refs/heads/3.0.x-fixes
Commit: 5f277db3541b51b1e718a7e9c22bae03ec7befe2
Parents: 65c9136
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 15:08:50 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 17:08:44 2015 +

--
 .../cxf/rs/security/jose/common/KeyManagementUtils.java   | 10 --
 .../org/apache/cxf/rs/security/jose/jwe/JweUtils.java |  1 -
 .../org/apache/cxf/rt/security/crypto/CryptoUtils.java|  4 
 3 files changed, 4 insertions(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index c491712..9207e65 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -375,16 +375,6 @@ public final class KeyManagementUtils {
 
 try {
 String alias = ks.getCertificateAlias(inCerts.get(0));
-if (alias != null) {
-for (Enumeration e = ks.aliases(); 
e.hasMoreElements();) {
-String currentAlias = e.nextElement();
-X509Certificate[] currentCertArray = 
loadX509CertificateOrChain(ks, currentAlias);
-if (currentCertArray != null) {
-alias = currentAlias;
-break;
-}
-}
-}
 return loadPrivateKey(ks, m, props, keyOper, alias);
 
 } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 0d2e50d..ad9b137 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -368,7 +368,6 @@ public final class JweUtils {
 SecretKey ctDecryptionKey = null;
 String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
 if (inHeaders != null && 
inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
-//TODO: validate incoming public keys or certificates  
 //TODO: optionally validate inHeaders.getAlgorithm against a 
property in props
 // Supporting loading a private key via a certificate for now
 List chain = 
KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
--
diff --git 
a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java 
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
index 4ff2476..7495fee 100644
--- 
a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
+++ 
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
@@ -726,6 +726,10 @@ public final class CryptoUtils {
 if (!keyStore.containsAlias(alias)) {
 throw new SecurityException("No alias exists in the keystore 
for: " + alias);
 }
+if (!keyStore.isKeyEntry(alias)) {
+throw new SecurityException("The given alias " + alias 
++ " is not a private key in the 
keystore.");
+}
 KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
 keyStore.getEntry(alias, new 
KeyStore.PasswordProtection(keyPassword));
 return pkEntry.getPrivateKey();

[4/6] cxf git commit: Another change of the "include" properties

2015-10-26 Thread coheigea

Another change of the "include" properties


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/049a8bd4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/049a8bd4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/049a8bd4

Branch: refs/heads/3.0.x-fixes
Commit: 049a8bd438df760ac2315e43b463811b91959aaa
Parents: 71048a0
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 15:32:51 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 17:08:46 2015 +

--
 .../rs/security/jose/common/JoseConstants.java  | 32 +++-
 .../cxf/rs/security/jose/jwe/JweUtils.java  | 20 +---
 .../cxf/rs/security/jose/jws/JwsUtils.java  | 20 +---
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java |  7 +++--
 4 files changed, 24 insertions(+), 55 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/049a8bd4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
index 66c86d9..c05b37d 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
@@ -100,26 +100,6 @@ public final class JoseConstants {
 public static final String RSSEC_KEY_PSWD_PROVIDER = 
"rs.security.key.password.provider";
 
 /**
- * Include the JWK public key (for signature or encryption) in the "jwk" 
header.
- */
-public static final String RSSEC_INCLUDE_PUBLIC_KEY = 
"rs.security.include.public.key";
-
-/**
- * Include the X.509 certificate (for signature or encryption) in the 
"x5c" header.
- */
-public static final String RSSEC_INCLUDE_CERT = "rs.security.include.cert";
-
-/**
- * Include the JWK key id (for signature or encryption) in the "kid" 
header.
- */
-public static final String RSSEC_INCLUDE_KEY_ID = 
"rs.security.include.key.id";
-
-/**
- * Include the X.509 certificate SHA-1 digest (for signature or 
encryption) in the "x5t" header.
- */
-public static final String RSSEC_INCLUDE_CERT_SHA1 = 
"rs.security.include.cert.sha1";
-
-/**
  * Whether to allow using a JWK received in the header for signature 
validation. The default
  * is "false".
  */
@@ -187,26 +167,22 @@ public final class JoseConstants {
 public static final String RSSEC_SIGNATURE_LIST_PROPS = 
"rs.security.signature.list.properties";
 
 /**
- * Include the JWK public key for signature in the "jwk" header. If not 
configured then it
- * falls back to RSSEC_INCLUDE_PUBLIC_KEY.
+ * Include the JWK public key for signature in the "jwk" header. 
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = 
"rs.security.signature.include.public.key";
 
 /**
- * Include the X.509 certificate for signature in the "x5c" header. If not 
configured then it
- * falls back to RSSEC_INCLUDE_CERT.
+ * Include the X.509 certificate for signature in the "x5c" header. 
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT = 
"rs.security.signature.include.cert";
 
 /**
- * Include the JWK key id for signature in the "kid" header. If not 
configured then it
- * falls back to RSSEC_INCLUDE_KEY_ID.
+ * Include the JWK key id for signature in the "kid" header.
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = 
"rs.security.signature.include.key.id";
 
 /**
- * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header. If not configured then it
- * falls back to RSSEC_INCLUDE_CERT_SHA1.
+ * Include the X.509 certificate SHA-1 digest for signature in the "x5t" 
header. 
  */
 public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = 
"rs.security.signature.include.cert.sha1";
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/049a8bd4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index ad9b137..4591bc3 100644
---

[3/6] cxf git commit: Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs

2015-10-26 Thread coheigea

Add an "alias" to the password provider so that we can provide passwords for 
multiple aliases/certs


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/71048a0f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/71048a0f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/71048a0f

Branch: refs/heads/3.0.x-fixes
Commit: 71048a0f77a2b6314857b6d06d8603cf586921d0
Parents: 5f277db
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 15:20:13 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 17:08:45 2015 +

--
 .../apache/cxf/rs/security/jose/common/KeyManagementUtils.java| 2 +-
 .../cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java   | 2 +-
 .../main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java   | 3 ++-
 .../apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java| 2 +-
 .../jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java| 2 +-
 5 files changed, 6 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/71048a0f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 9207e65..57929c2 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -146,7 +146,7 @@ public final class KeyManagementUtils {
 
 String keyPswd = props.getProperty(JoseConstants.RSSEC_KEY_PSWD);
 String theAlias = alias != null ? alias : getKeyId(m, props, 
JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper);
-char[] keyPswdChars = provider != null ? provider.getPassword(props) 
+char[] keyPswdChars = provider != null ? 
provider.getPassword(theAlias, props) 
 : keyPswd != null ? keyPswd.toCharArray() : null;
 return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/71048a0f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
index fc58ee5..86fb0e5 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java
@@ -21,5 +21,5 @@ package org.apache.cxf.rs.security.jose.common;
 import java.util.Properties;
 
 public interface PrivateKeyPasswordProvider {
-char[] getPassword(Properties storeProperties); 
+char[] getPassword(String alias, Properties storeProperties); 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/71048a0f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 60d3c83..b45b4bc 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -266,7 +266,8 @@ public final class JwkUtils {
 public static JsonWebKeys loadJwkSet(Properties props, Bus bus, 
PrivateKeyPasswordProvider cb, 
  JwkReaderWriter reader) {
 JweDecryptionProvider decryption = cb != null
-? new AesCbcHmacJweDecryption(new 
PbesHmacAesWrapKeyDecryptionAlgorithm(cb.getPassword(props))) : null;
+? new AesCbcHmacJweDecryption(new 
PbesHmacAesWrapKeyDecryptionAlgorithm(
+cb.getPassword(null, props))) : null;
 return loadJwkSet(props, bus, decryption, reader);
 }
 public static JsonWebKeys loadJwkSet(Properties props, Bus bus, 
JweDecryptionProvider jwe, JwkReaderWriter reader) {

[5/6] cxf git commit: Add support for selecting a key for decryption using the sha-1 hash in the header

2015-10-26 Thread coheigea

Add support for selecting a key for decryption using the sha-1 hash in the 
header


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/179db4aa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/179db4aa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/179db4aa

Branch: refs/heads/3.0.x-fixes
Commit: 179db4aa4090eb244d1aad54e2073f0ade0a6beb
Parents: 049a8bd
Author: Colm O hEigeartaigh 
Authored: Mon Oct 26 16:06:58 2015 +
Committer: Colm O hEigeartaigh 
Committed: Mon Oct 26 17:08:47 2015 +

--
 .../rs/security/jose/common/KeyManagementUtils.java  |  4 ++--
 .../apache/cxf/rs/security/jose/jwe/JweUtils.java| 15 ++-
 2 files changed, 16 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/179db4aa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 57929c2..3eb4637 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -369,12 +369,12 @@ public final class KeyManagementUtils {
 return props; 
 }
 public static PrivateKey loadPrivateKey(Message m, Properties props, 
-List inCerts, 
+X509Certificate inCert, 
 KeyOperation keyOper) {
 KeyStore ks = loadPersistKeyStore(m, props);
 
 try {
-String alias = ks.getCertificateAlias(inCerts.get(0));
+String alias = ks.getCertificateAlias(inCert);
 return loadPrivateKey(ks, m, props, keyOper, alias);
 
 } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/179db4aa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 4591bc3..e23f605 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -368,11 +368,24 @@ public final class JweUtils {
 // Supporting loading a private key via a certificate for now
 List chain = 
KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
 KeyManagementUtils.validateCertificateChain(props, chain);
+X509Certificate cert = chain == null ? null : chain.get(0);
 PrivateKey privateKey = 
-KeyManagementUtils.loadPrivateKey(m, props, chain, 
KeyOperation.DECRYPT);
+KeyManagementUtils.loadPrivateKey(m, props, cert, 
KeyOperation.DECRYPT);
 contentEncryptionAlgo = 
inHeaders.getContentEncryptionAlgorithm().getJwaName();
 keyDecryptionProvider = 
getPrivateKeyDecryptionProvider(privateKey, 
  
inHeaders.getKeyEncryptionAlgorithm());
+} else if (inHeaders != null && 
inHeaders.getHeader(JoseConstants.HEADER_X509_THUMBPRINT) != null) {
+X509Certificate foundCert = 
+
KeyManagementUtils.getCertificateFromThumbprint(inHeaders.getX509Thumbprint(), 
+
MessageDigestUtils.ALGO_SHA_1,
+m, props);
+if (foundCert != null) {
+PrivateKey privateKey = 
+KeyManagementUtils.loadPrivateKey(m, props, foundCert, 
KeyOperation.DECRYPT);
+contentEncryptionAlgo = 
inHeaders.getContentEncryptionAlgorithm().getJwaName();
+keyDecryptionProvider = 
getPrivateKeyDecryptionProvider(privateKey, 
+ 
inHeaders.getKeyEncryptionAlgorithm());
+}
 } else {
 if 
(JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
 {
 JsonWebKey jwk =

[1/3] cxf git commit: [CXF-6621] integration of changes from cxf-2.7.x-fixes

2015-10-26 Thread asoldano

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes ecb9139d1 -> 58ceaafe4


[CXF-6621] integration of changes from cxf-2.7.x-fixes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/47fe9b86
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/47fe9b86
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/47fe9b86

Branch: refs/heads/3.0.x-fixes
Commit: 47fe9b86df867010af31023e7d528cf8859a
Parents: edcfc3b
Author: rsearls 
Authored: Mon Oct 26 09:33:47 2015 -0400
Committer: Alessio Soldano 
Committed: Mon Oct 26 18:21:10 2015 +0100

--
 .../apache/cxf/common/util/URIParserUtil.java   |  18 +-
 .../org/apache/cxf/frontend/WSDLGetUtils.java   | 217 +++
 .../cxf/systest/jaxws/OASISCatalogTest.java | 131 +++
 .../systest/schemaimport/SchemaImportTest.java  |   4 +-
 .../main/resources/META-INF/jax-ws-catalog.xml  |   3 +
 .../others/hello_world_messages_catalog.wsdl|  25 ++-
 .../others/hello_world_wsdl_import_catalog.wsdl |   2 +
 .../resources/wsdl/schemas/another-schema.xsd   |  29 +++
 .../wsdl/schemas/d/another-included.xsd |  29 +++
 .../wsdl/schemas/d/d/another-included.xsd   |  27 +++
 .../resources/wsdl/schemas/d/d/included.xsd |  27 +++
 .../main/resources/wsdl/schemas/d/included.xsd  |  29 +++
 .../src/main/resources/wsdl/schemas/schema.xsd  |  29 +++
 .../cxf/tools/util/URIParserUtilTest.java   |  25 +++
 14 files changed, 404 insertions(+), 191 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/47fe9b86/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
--
diff --git a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java 
b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
index 98afa1f..158765c 100644
--- a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
+++ b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
@@ -26,13 +26,23 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.StringTokenizer;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.helpers.JavaUtils;
 
 public final class URIParserUtil {
+private static final Set KEYWORDS = new HashSet(Arrays
+.asList(new String[] {"abstract", "boolean", "break", "byte", "case", 
"catch", "char", "class",
+  "const", "continue", "default", "do", "double", 
"else", "extends", "final",
+  "finally", "float", "for", "goto", "if", 
"implements", "import", "instanceof",
+  "int", "interface", "long", "native", "new", 
"package", "private", "protected",
+  "public", "return", "short", "static", 
"strictfp", "super", "switch",
+  "synchronized", "this", "throw", "throws", 
"transient", "try", "void",
+  "volatile", "while", "true", "false", "null", 
"assert", "enum"}));
 private static final String EXCLUDED_CHARS = "<>\"{}|\\^`";
 private static final String HEX_DIGITS = "0123456789abcdef";
 
@@ -213,7 +223,7 @@ public final class URIParserUtil {
 }
 
 public static boolean containsReservedKeywords(String token) {
-return JavaUtils.isJavaKeyword(token);
+return KEYWORDS.contains(token);
 }
 
 public static String escapeChars(String s) {
@@ -303,8 +313,8 @@ public final class URIParserUtil {
  * doing but is not actually doing when URI roots do not fully match.
  * See http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6226081
  *
- * @param base  The base URI
- * @param toBeRelativized   The URI to be realivized
+ * @param baseURI   The base URI
+ * @param toBeRelativizedURI The URI to be realivized
  * @return  The string value of the URI you'd expect to 
get as result
  *  of calling 
baseURI.relativize(toBeRelativizedURI).
  *  null is returned if the parameters are null or 
are not

http://git-wip-us.apache.org/repos/asf/cxf/blob/47fe9b86/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
--
diff --git 
a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java 
b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java
index f114e47..3202bab 100644
---

[3/3] cxf git commit: Recording .gitmergeinfo Changes

2015-10-26 Thread asoldano

Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/58ceaafe
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/58ceaafe
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/58ceaafe

Branch: refs/heads/3.0.x-fixes
Commit: 58ceaafe46d5d08f2cab23b22607bd46ebdd3882
Parents: 47fe9b8
Author: Alessio Soldano 
Authored: Mon Oct 26 18:22:37 2015 +0100
Committer: Alessio Soldano 
Committed: Mon Oct 26 18:22:37 2015 +0100

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/58ceaafe/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index c7e880e..7479c33 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -318,6 +318,7 @@ B a4222c930f7d69608f826c14e4bc7bc9f670097c
 B a4315cb442fa31960cbd47f11e95e81b4a71441d
 B a5aff3e7a43274b3d47cda706aaf8108bd7a9b07
 B a5f8a4dd4d9ecbfc1f8a1a8e5bcb4af17f561cc5
+B a602c9df3e2e09855410f0e75af9b108620b7794
 B a77c05fcbef3f8a0d963dd196fa1f142a975f6cd
 B a79bb058aaf71e85dcb5c90e7b2f6e4ab8e63cba
 B a7b79ea692add4f9da0f1232e3bfb338099f4147

[2/3] cxf git commit: [CXF-6413] Backport of changes provided in CXF-6552 (tag: cxf-3.1.3)

2015-10-26 Thread asoldano

[CXF-6413] Backport of changes provided in CXF-6552 (tag: cxf-3.1.3)


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/edcfc3b8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/edcfc3b8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/edcfc3b8

Branch: refs/heads/3.0.x-fixes
Commit: edcfc3b8f44e0ec495e2477e4c566b6c78765ef3
Parents: ecb9139
Author: rsearls 
Authored: Thu Oct 15 11:34:55 2015 -0400
Committer: Alessio Soldano 
Committed: Mon Oct 26 18:21:10 2015 +0100

--
 .../apache/cxf/common/util/URIParserUtil.java   | 74 +++
 .../cxf/common/util/URIParserUtilsTest.java | 54 +++
 pom.xml |  4 +-
 .../org/apache/cxf/frontend/WSDLGetUtils.java   | 97 +++-
 .../cxf/rs/security/jose/jwt/JwtUtils.java  | 25 -
 .../cxf/systest/jaxws/OASISCatalogTest.java |  2 +-
 .../cxf/systest/schemaimport/SayHiImpl2.java| 64 +
 .../systest/schemaimport/SchemaImportTest.java  | 33 ++-
 .../apache/cxf/systest/schemaimport/Server.java |  3 +
 .../test/resources/wsdl_systest/e/sayHi.wsdl| 63 +
 .../others/hello_world_bindings_catalog.wsdl|  2 +-
 .../others/hello_world_services_catalog.wsdl|  2 +-
 .../others/hello_world_wsdl_import_catalog.wsdl |  2 +-
 13 files changed, 395 insertions(+), 30 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/edcfc3b8/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
--
diff --git a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java 
b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
index 8372db0..98afa1f 100644
--- a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
+++ b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java
@@ -290,4 +290,78 @@ public final class URIParserUtil {
 return normalize(arg);
 }
 }
+
+public static String relativize(String base, String toBeRelativized) 
throws URISyntaxException {
+if (base == null || toBeRelativized == null) {
+return null;
+}
+return relativize(new URI(base), new URI(toBeRelativized));
+}
+
+/**
+ * This is a custom implementation for doing what URI.relativize(URI uri) 
should be
+ * doing but is not actually doing when URI roots do not fully match.
+ * See http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6226081
+ *
+ * @param base  The base URI
+ * @param toBeRelativized   The URI to be realivized
+ * @return  The string value of the URI you'd expect to 
get as result
+ *  of calling 
baseURI.relativize(toBeRelativizedURI).
+ *  null is returned if the parameters are null or 
are not
+ *  both absolute or not absolute.
+ * @throws URISyntaxException
+ */
+public static String relativize(URI baseURI, URI toBeRelativizedURI) 
throws URISyntaxException {
+if (baseURI == null || toBeRelativizedURI == null) {
+return null;
+}
+if (baseURI.isAbsolute() ^ toBeRelativizedURI.isAbsolute()) {
+return null;
+}
+final String base = baseURI.getSchemeSpecificPart();
+final String toBeRelativized = 
toBeRelativizedURI.getSchemeSpecificPart();
+final int l1 = base.length();
+final int l2 = toBeRelativized.length();
+if (l1 == 0) {
+return toBeRelativized;
+}
+int slashes = 0;
+StringBuilder sb = new StringBuilder();
+boolean differenceFound = false;
+for (int i = 0; i < l1; i++) {
+char c = base.charAt(i);
+if (i < l2) {
+if (!differenceFound && c == toBeRelativized.charAt(i)) {
+sb.append(c);
+} else {
+differenceFound = true;
+if (c == '/') {
+slashes++;
+}
+}
+} else {
+if (c == '/') {
+slashes++;
+}
+}
+}
+String rResolved = new URI(getRoot(sb.toString())).relativize(new 
URI(toBeRelativized)).toString();
+StringBuilder relativizedPath = new StringBuilder();
+for (int i = 0; i < slashes; i++) {
+relativizedPath.append("../");
+}
+relativizedPath.append(rResolved);
+return relativizedPath.toString();
+}
+
+private static String getRoot(String uri) {
+int idx = uri.lastIndexOf('/');
+if (idx == uri.length() - 1) {
+

cxf git commit: Revert to 1.6 java target

[1/2] cxf git commit: [CXF-6552] Fixed chained imports of schema; added/fixed a bunch of tests

[2/2] cxf git commit: [CXF-6621] Schema imports are not handled correctly in generated WSDL

cxf git commit: Recording .gitmergeinfo Changes

cxf git commit: Updating WSS4J

svn commit: r970284 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html

cxf git commit: [CXF-6621] Schema imports are not handled correctly in generated WSDL

[5/5] cxf git commit: Fixing problem with retrieving private keys

[1/5] cxf git commit: Add support for selecting a key for decryption using the sha-1 hash in the header

[4/5] cxf git commit: Another change of the "include" properties

[2/5] cxf git commit: Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs

[3/5] cxf git commit: Minor doc update

cxf git commit: Recording .gitmergeinfo Changes

[1/6] cxf git commit: Minor doc update

[6/6] cxf git commit: Recording .gitmergeinfo Changes

[2/6] cxf git commit: Fixing problem with retrieving private keys

[4/6] cxf git commit: Another change of the "include" properties

[3/6] cxf git commit: Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs

[5/6] cxf git commit: Add support for selecting a key for decryption using the sha-1 hash in the header

[1/3] cxf git commit: [CXF-6621] integration of changes from cxf-2.7.x-fixes

[3/3] cxf git commit: Recording .gitmergeinfo Changes

[2/3] cxf git commit: [CXF-6413] Backport of changes provided in CXF-6552 (tag: cxf-3.1.3)

22 matches

Site Navigation

Mail list logo

Footer information