From d00f7459f63288e4683d4c961cc2d09fb07e9384 Mon Sep 17 00:00:00 2001 From: Colm O hEigeartaigh Date: Mon, 16 Oct 2023 16:16:39 +0100 Subject: [PATCH] Updating to WSS4J 4.0.0 --- parent/pom.xml | 2 +- .../cxf/rs/security/oauth2/saml/SamlOAuthValidator.java | 2 +- .../rs/security/saml/sso/SAMLSSOResponseValidator.java | 2 +- .../security/saml/sso/SamlpRequestComponentBuilder.java | 2 +- .../rs/security/saml/sso/SAMLResponseValidatorTest.java | 8 ++++++-- .../security/saml/xacml2/DefaultXACMLRequestBuilder.java | 2 +- .../security/saml/xacml2/RequestComponentBuilderTest.java | 2 +- .../cxf/sts/token/delegation/SAMLDelegationHandler.java | 4 ++-- .../apache/cxf/sts/token/renewer/SAMLTokenRenewer.java | 4 ++-- 9 files changed, 16 insertions(+), 12 deletions(-) diff --git a/parent/pom.xml b/parent/pom.xml index a0a06aa3f78..73acc3ca2b9 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -235,7 +235,7 @@ 6.5.1 4.2.1 1.6.3 - 3.0.1 + 4.0.0-SNAPSHOT 2.3.1 3.8.11.Final 2.1 diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java index 9da501b2d07..27ccf9ebfb7 100644 --- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java +++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java @@ -98,7 +98,7 @@ private void validateAudience(Message message, Conditions cs) { for (AudienceRestriction ar : restrictions) { List audiences = ar.getAudiences(); for (Audience a : audiences) { - if (absoluteAddress.equals(a.getAudienceURI())) { + if (absoluteAddress.equals(a.getURI())) { return; } } diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java index dbc9b32d04a..85c0e0ede96 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java @@ -295,7 +295,7 @@ private boolean matchSaml2AudienceRestriction( if (audienceRestriction.getAudiences() != null) { boolean matchFound = false; for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) { - if (appliesTo.equals(audience.getAudienceURI())) { + if (appliesTo.equals(audience.getURI())) { matchFound = true; oneMatchFound = true; break; diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java index 415aedb3bec..9e9bbad53d5 100644 --- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java @@ -192,7 +192,7 @@ public static AuthnContextClassRef createAuthnCtxClassRef( builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); } AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject(); - authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue); + authnCtxClassRef.setURI(authnCtxClassRefValue); return authnCtxClassRef; } diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java index 52e90f32dd0..1b4bb80b52b 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java @@ -286,7 +286,9 @@ public void testResponseModifiedSignedAssertion() throws Exception { DOMUtils.findAllElementsByTagNameNS(policyElement, SAMLConstants.SAML20_NS, "Assertion"); assertNotNull(assertions); assertTrue(assertions.size() == 1); - assertions.get(0).setAttributeNS(null, "newattr", "http://apache.org"); + Thread.sleep(1000L); + Instant issueInstant = Instant.now(); + assertions.get(0).setAttributeNS(null, "IssueInstant", issueInstant.toString()); Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement); @@ -395,7 +397,9 @@ public void testModifiedSignedResponse() throws Exception { doc.appendChild(policyElement); assertNotNull(policyElement); - policyElement.setAttributeNS(null, "newattr", "http://apache.org"); + Thread.sleep(1000L); + Instant issueInstant = Instant.now(); + policyElement.setAttributeNS(null, "IssueInstant", issueInstant.toString()); Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement); diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java index bf03f55c794..75a345ec104 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java @@ -27,7 +27,7 @@ import javax.xml.namespace.QName; -import net.shibboleth.utilities.java.support.xml.DOMTypeSupport; +import net.shibboleth.shared.xml.DOMTypeSupport; import org.apache.cxf.message.Message; import org.apache.cxf.rt.security.saml.xacml.CXFMessageParser; import org.apache.cxf.rt.security.saml.xacml.XACMLConstants; diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java index de3f660ad1a..3c100181000 100644 --- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java +++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java @@ -31,7 +31,7 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; -import net.shibboleth.utilities.java.support.xml.DOMTypeSupport; +import net.shibboleth.shared.xml.DOMTypeSupport; import org.apache.cxf.rt.security.saml.xacml.XACMLConstants; import org.apache.wss4j.common.saml.OpenSAMLUtil; import org.opensaml.xacml.ctx.ActionType; diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java index 796b3013b0d..d377361389f 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java @@ -124,14 +124,14 @@ protected List getAudienceRestrictions(SamlAssertionWrapper assertion) { for (AudienceRestrictionCondition restriction : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) { for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) { - addresses.add(audience.getUri()); + addresses.add(audience.getURI()); } } } else if (assertion.getSaml2() != null) { for (org.opensaml.saml.saml2.core.AudienceRestriction restriction : assertion.getSaml2().getConditions().getAudienceRestrictions()) { for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) { - addresses.add(audience.getAudienceURI()); + addresses.add(audience.getURI()); } } } diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java index 7a7d740f1c1..d7d0d3cdfa5 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java @@ -390,7 +390,7 @@ private boolean matchSaml1AudienceRestriction( for (AudienceRestrictionCondition restrCondition : restrConditions) { if (restrCondition.getAudiences() != null) { for (Audience audience : restrCondition.getAudiences()) { - if (appliesTo.equals(audience.getUri())) { + if (appliesTo.equals(audience.getURI())) { return true; } } @@ -409,7 +409,7 @@ private boolean matchSaml2AudienceRestriction( for (AudienceRestriction audienceRestriction : audienceRestrictions) { if (audienceRestriction.getAudiences() != null) { for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) { - if (appliesTo.equals(audience.getAudienceURI())) { + if (appliesTo.equals(audience.getURI())) { return true; } }