Add CRDetectingStage

Add a stage to allow detecting CR characters in text, so that we can avoid the SSPCPP-684 issue in the Shibboleth SP.

Upgrade to Shibboleth MDA 0.9.0

This release is compatible with the Shibboleth MDA 0.9.0 release, and terminates the 0.9pre development branch.

Classes which now have equivalents in the upstream API have been removed.

Add NamespacesStrippingStage

v0.8.8

Version 0.8.8

Add SAMLStringElementCheckingStage.

v0.8.7

Version 0.8.7.

Implement EntityAttributeAddingStage

Added EntityAttributeAddingStage.

mdui:IPHint bug fix

Fixes a problem which resulted in an array index out of bounds while validating mdui:IPHint values without a CIDR suffix.

Entity Attribute Filtering

Added EntityAttributeFilteringStage and associated matchers.

Minor bug fixes and updates

• Issue #2: duplicate ODN detector should allow setting naming strategy for clashing entity
• Issue #7: duplicate ODN detector can be fooled by inconsistent case
• Issue #9: allow blank lines in blacklist files
• Issue #10: shorten class names on X.509 validators
• Improved error status messages from X509RSAOpenSSLBlacklistValidator.

More X.509 validators

Added more X.509 certificate validators:

• X509CertificateConsistentNameValidator
• X509CertificateRSAExponentValidator
• X509CertificateRSAOpenSSLBlacklistValidator

Validator beans are now identifiable, initializable, destructable components, in the same way that Stages are.

Validation frameworks and RSA key length checking.

There is a lot of internal refactoring in this release. Only two new classes have been introduced:

• X509CertificateValidationStage allows a list of validators to be applied to all X.509 certificates in each item's metadata
• X509CertificateRSAKeyLengthValidator is such a validator, which allows warnings or errors to be placed on items using key lengths below the configured thresholds.